From 0876ac639d848853c98da0c6d3744b20a0d458e0 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 28 2020 09:32:13 +0000
Subject: import memcached-1.5.9-3.el8


---

diff --git a/SOURCES/memcached-CVE-2019-11596.patch b/SOURCES/memcached-CVE-2019-11596.patch
new file mode 100644
index 0000000..b30eb32
--- /dev/null
+++ b/SOURCES/memcached-CVE-2019-11596.patch
@@ -0,0 +1,22 @@
+diff --git a/memcached.c b/memcached.c
+index 4a04427..cf4e0f0 100644
+--- a/memcached.c
++++ b/memcached.c
+@@ -4510,7 +4510,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+                 out_string(c, "OK");
+             }
+         }
+-    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
++    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (strcmp(tokens[2].value, "flat") == 0) {
+             settings.lru_segmented = false;
+@@ -4521,7 +4521,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+         } else {
+             out_string(c, "ERROR");
+         }
+-    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
++    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (!safe_strtol(tokens[2].value, &ttl)) {
+             out_string(c, "ERROR");
diff --git a/SPECS/memcached.spec b/SPECS/memcached.spec
index 5f28329..b762d1f 100644
--- a/SPECS/memcached.spec
+++ b/SPECS/memcached.spec
@@ -6,7 +6,7 @@
 
 Name:           memcached
 Version:        1.5.9
-Release:        2%{?dist}
+Release:        3%{?dist}
 Epoch:          0
 Summary:        High Performance, Distributed Memory Object Cache
 
@@ -19,6 +19,7 @@ Source1:        memcached.sysconfig
 Patch1:         memcached-unit.patch
 Patch2:         memcached-vaend.patch
 Patch3:         memcached-lrutest.patch
+Patch4:         memcached-CVE-2019-11596.patch
 
 BuildRequires:  gcc libevent-devel systemd
 BuildRequires:  perl-generators
@@ -48,6 +49,9 @@ access to the memcached binary include files.
 %patch1 -p1 -b .unit
 %patch2 -p1 -b .vaend
 %patch3 -p1 -b .lrutest
+# #1709408 - CVE-2019-11596
+# memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service
+%patch4 -p1 -b .lru_segfault
 
 %build
 # compile with full RELRO
@@ -127,6 +131,10 @@ exit 0
 %{_includedir}/memcached/*
 
 %changelog
+* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.9-3
+- fix null-pointer dereference in "lru mode" and "lru temp_ttl" (#1709408)
+- CVE-2019-11596
+
 * Fri Feb 08 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.9-2
 - fix lru-maintainer test (#1671666)