From 77eb1b24e85c3414cd71b281952ea2e3f0098f35 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 29 2019 16:41:58 +0000 Subject: import memcached-1.4.15-10.el7_3.1 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6773184 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/memcached-1.4.15.tar.gz diff --git a/.memcached.metadata b/.memcached.metadata new file mode 100644 index 0000000..e763f90 --- /dev/null +++ b/.memcached.metadata @@ -0,0 +1 @@ +12ec84011f408846250a462ab9e8e967a2e8cbbc SOURCES/memcached-1.4.15.tar.gz diff --git a/SOURCES/memcached-CVE-2011-4971.patch b/SOURCES/memcached-CVE-2011-4971.patch new file mode 100644 index 0000000..ec69ae9 --- /dev/null +++ b/SOURCES/memcached-CVE-2011-4971.patch @@ -0,0 +1,53 @@ +commit 6695ccbc525c36d693aaa3e8337b36aa0c784424 +Author: Huzaifa Sidhpurwala +Date: Sun Dec 8 17:33:15 2013 -0800 + + Fix segfault on specially crafted packet. + +diff --git a/memcached.c b/memcached.c +index b6ed7c9..f3b9939 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -3872,6 +3872,16 @@ static void drive_machine(conn *c) { + complete_nread(c); + break; + } ++ ++ /* Check if rbytes < 0, to prevent crash */ ++ if (c->rlbytes < 0) { ++ if (settings.verbose) { ++ fprintf(stderr, "Invalid rlbytes to read: len %d\n", c->rlbytes); ++ } ++ conn_set_state(c, conn_closing); ++ break; ++ } ++ + /* first check if we have leftovers in the conn_read buffer */ + if (c->rbytes > 0) { + int tocopy = c->rbytes > c->rlbytes ? c->rlbytes : c->rbytes; +diff --git a/t/issue_192.t b/t/issue_192.t +new file mode 100644 +index 0000000..c58e206 +--- /dev/null ++++ b/t/issue_192.t +@@ -0,0 +1,20 @@ ++#!/usr/bin/perl ++ ++use strict; ++use Test::More tests => 2; ++use FindBin qw($Bin); ++use lib "$Bin/lib"; ++use MemcachedTest; ++ ++my $server = new_memcached(); ++my $sock = $server->sock; ++ ++ok($server->new_sock, "opened new socket"); ++ ++print $sock "\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; ++ ++sleep 0.5; ++ok($server->new_sock, "failed to open new socket"); ++ ++ ++ diff --git a/SOURCES/memcached-CVE-2013-0179_7290_7291.patch b/SOURCES/memcached-CVE-2013-0179_7290_7291.patch new file mode 100644 index 0000000..e02366d --- /dev/null +++ b/SOURCES/memcached-CVE-2013-0179_7290_7291.patch @@ -0,0 +1,77 @@ +commit 0f605245cf3f37c2efe4e225237ad17256ea2a34 +Author: Jeremy Sowden +Date: Wed Jan 9 15:43:41 2013 +0000 + + Fix buffer-overrun when logging key to delete in binary protocol. + +diff --git a/memcached.c b/memcached.c +index 3a79fba..f7a140c 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -2190,7 +2190,12 @@ static void process_bin_delete(conn *c) { + assert(c != NULL); + + if (settings.verbose > 1) { +- fprintf(stderr, "Deleting %s\n", key); ++ int ii; ++ fprintf(stderr, "Deleting "); ++ for (ii = 0; ii < nkey; ++ii) { ++ fprintf(stderr, "%c", key[ii]); ++ } ++ fprintf(stderr, "\n"); + } + + if (settings.detail_enabled) { +commit fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760 +Author: dormando +Date: Fri Dec 20 13:25:43 2013 -0800 + + fix potential unbounded key prints + + item key isn't necessarily null terminated. user submitted a patch for one, + this clears two more. + +diff --git a/items.c b/items.c +index d70400c..65b1a24 100644 +--- a/items.c ++++ b/items.c +@@ -537,12 +537,16 @@ item *do_item_get(const char *key, const size_t nkey, const uint32_t hv) { + int was_found = 0; + + if (settings.verbose > 2) { ++ int ii; + if (it == NULL) { +- fprintf(stderr, "> NOT FOUND %s", key); ++ fprintf(stderr, "> NOT FOUND "); + } else { +- fprintf(stderr, "> FOUND KEY %s", ITEM_key(it)); ++ fprintf(stderr, "> FOUND KEY "); + was_found++; + } ++ for (ii = 0; ii < nkey; ++ii) { ++ fprintf(stderr, "%c", key[ii]); ++ } + } + + if (it != NULL) { +diff --git a/memcached.c b/memcached.c +index f7a140c..6486ff2 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -2856,8 +2856,14 @@ static inline void process_get_command(conn *c, token_t *tokens, size_t ntokens, + } + + +- if (settings.verbose > 1) +- fprintf(stderr, ">%d sending key %s\n", c->sfd, ITEM_key(it)); ++ if (settings.verbose > 1) { ++ int ii; ++ fprintf(stderr, ">%d sending key ", c->sfd); ++ for (ii = 0; ii < it->nkey; ++ii) { ++ fprintf(stderr, "%c", key[ii]); ++ } ++ fprintf(stderr, "\n"); ++ } + + /* item_get() has incremented it->refcount for us */ + pthread_mutex_lock(&c->thread->stats.mutex); diff --git a/SOURCES/memcached-CVE-2013-7239.patch b/SOURCES/memcached-CVE-2013-7239.patch new file mode 100644 index 0000000..6ee947e --- /dev/null +++ b/SOURCES/memcached-CVE-2013-7239.patch @@ -0,0 +1,131 @@ +commit 87c1cf0f20be20608d3becf854e9cf0910f4ad32 +Author: 伊藤洋也 +Date: Fri Dec 20 18:49:54 2013 +0000 + + explicitly record sasl auth states + + It was previously possible to bypass authentication due to implicit + state management. Now we explicitly consider ourselves + unauthenticated on any new connections and authentication attempts. + + bug316 + + Signed-off-by: Dustin Sallings + +diff --git a/memcached.c b/memcached.c +index f129865..3a79fba 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -457,6 +457,7 @@ conn *conn_new(const int sfd, enum conn_states init_state, + c->iovused = 0; + c->msgcurr = 0; + c->msgused = 0; ++ c->authenticated = false; + + c->write_and_go = init_state; + c->write_and_free = 0; +@@ -1637,6 +1638,8 @@ static void init_sasl_conn(conn *c) { + if (!settings.sasl) + return; + ++ c->authenticated = false; ++ + if (!c->sasl_conn) { + int result=sasl_server_new("memcached", + NULL, +@@ -1771,6 +1774,7 @@ static void process_bin_complete_sasl_auth(conn *c) { + + switch(result) { + case SASL_OK: ++ c->authenticated = true; + write_bin_response(c, "Authenticated", 0, 0, strlen("Authenticated")); + pthread_mutex_lock(&c->thread->stats.mutex); + c->thread->stats.auth_cmds++; +@@ -1807,11 +1811,7 @@ static bool authenticated(conn *c) { + rv = true; + break; + default: +- if (c->sasl_conn) { +- const void *uname = NULL; +- sasl_getprop(c->sasl_conn, SASL_USERNAME, &uname); +- rv = uname != NULL; +- } ++ rv = c->authenticated; + } + + if (settings.verbose > 1) { +diff --git a/memcached.h b/memcached.h +index 45b3213..7c212d5 100644 +--- a/memcached.h ++++ b/memcached.h +@@ -376,6 +376,7 @@ typedef struct conn conn; + struct conn { + int sfd; + sasl_conn_t *sasl_conn; ++ bool authenticated; + enum conn_states state; + enum bin_substates substate; + struct event event; +diff --git a/t/binary-sasl.t b/t/binary-sasl.t +index 69a05c2..85ef069 100755 +--- a/t/binary-sasl.t ++++ b/t/binary-sasl.t +@@ -13,7 +13,7 @@ use Test::More; + + if (supports_sasl()) { + if ($ENV{'RUN_SASL_TESTS'}) { +- plan tests => 25; ++ plan tests => 33; + } else { + plan skip_all => 'Skipping SASL tests'; + exit 0; +@@ -229,6 +229,38 @@ $check->('x','somevalue'); + } + $empty->('x'); + ++{ ++ my $mc = MC::Client->new; ++ ++ # Attempt bad authentication. ++ is ($mc->authenticate('testuser', 'wrongpassword'), 0x20, "bad auth"); ++ ++ # This should fail because $mc is not authenticated ++ my ($status, $val)= $mc->set('x', "somevalue"); ++ ok($status, "this fails to authenticate"); ++ cmp_ok($status,'==',ERR_AUTH_ERROR, "error code matches"); ++} ++$empty->('x', 'somevalue'); ++ ++{ ++ my $mc = MC::Client->new; ++ ++ # Attempt bad authentication. ++ is ($mc->authenticate('testuser', 'wrongpassword'), 0x20, "bad auth"); ++ ++ # Mix an authenticated connection and an unauthenticated connection to ++ # confirm c->authenticated is not shared among connections ++ my $mc2 = MC::Client->new; ++ is ($mc2->authenticate('testuser', 'testpass'), 0, "authenticated"); ++ my ($status, $val)= $mc2->set('x', "somevalue"); ++ ok(! $status); ++ ++ # This should fail because $mc is not authenticated ++ ($status, $val)= $mc->set('x', "somevalue"); ++ ok($status, "this fails to authenticate"); ++ cmp_ok($status,'==',ERR_AUTH_ERROR, "error code matches"); ++} ++ + # check the SASL stats, make sure they track things correctly + # note: the enabled or not is presence checked in stats.t + +@@ -241,8 +273,8 @@ $empty->('x'); + + { + my %stats = $mc->stats(''); +- is ($stats{'auth_cmds'}, 2, "auth commands counted"); +- is ($stats{'auth_errors'}, 1, "auth errors correct"); ++ is ($stats{'auth_cmds'}, 5, "auth commands counted"); ++ is ($stats{'auth_errors'}, 3, "auth errors correct"); + } + + diff --git a/SOURCES/memcached-CVE-2016-8704_8705_8706.patch b/SOURCES/memcached-CVE-2016-8704_8705_8706.patch new file mode 100644 index 0000000..88ee3b2 --- /dev/null +++ b/SOURCES/memcached-CVE-2016-8704_8705_8706.patch @@ -0,0 +1,35 @@ +diff -up memcached-1.4.15/items.c.CVE-2016-8704_8705_8706 memcached-1.4.15/items.c +--- memcached-1.4.15/items.c.CVE-2016-8704_8705_8706 2016-11-07 11:14:13.099196427 +0100 ++++ memcached-1.4.15/items.c 2016-11-07 11:14:13.104196443 +0100 +@@ -91,6 +91,9 @@ item *do_item_alloc(char *key, const siz + uint8_t nsuffix; + item *it = NULL; + char suffix[40]; ++ if (nbytes < 2 || nkey < 0) ++ return 0; ++ + size_t ntotal = item_make_header(nkey + 1, flags, nbytes, suffix, &nsuffix); + if (settings.use_cas) { + ntotal += sizeof(uint64_t); +diff -up memcached-1.4.15/memcached.c.CVE-2016-8704_8705_8706 memcached-1.4.15/memcached.c +--- memcached-1.4.15/memcached.c.CVE-2016-8704_8705_8706 2016-11-07 11:14:13.103196439 +0100 ++++ memcached-1.4.15/memcached.c 2016-11-07 11:14:13.105196446 +0100 +@@ -1790,10 +1790,16 @@ static bool authenticated(conn *c) { + static void dispatch_bin_command(conn *c) { + int protocol_error = 0; + +- int extlen = c->binary_header.request.extlen; +- int keylen = c->binary_header.request.keylen; ++ uint8_t extlen = c->binary_header.request.extlen; ++ uint16_t keylen = c->binary_header.request.keylen; + uint32_t bodylen = c->binary_header.request.bodylen; + ++ if (keylen > bodylen || keylen + extlen > bodylen) { ++ write_bin_error(c, PROTOCOL_BINARY_RESPONSE_UNKNOWN_COMMAND, 0); ++ c->write_and_go = conn_closing; ++ return; ++ } ++ + if (settings.sasl && !authenticated(c)) { + write_bin_error(c, PROTOCOL_BINARY_RESPONSE_AUTH_ERROR, 0); + c->write_and_go = conn_closing; diff --git a/SOURCES/memcached-ipv6.patch b/SOURCES/memcached-ipv6.patch new file mode 100644 index 0000000..bd4040d --- /dev/null +++ b/SOURCES/memcached-ipv6.patch @@ -0,0 +1,58 @@ +commit 4baa578f2b7552ed44482b32fb18dc4bbb53f538 +Author: githublvv +Date: Fri Jan 9 18:15:36 2015 -0500 + + Fix for 310: memcached unable to bind to an ipv6 address + + URL: https://code.google.com/p/memcached/issues/detail?id=310 + +diff --git a/memcached.c b/memcached.c +index 154b15a..1181966 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -4614,15 +4614,40 @@ static int server_sockets(int port, enum network_transport transport, + p != NULL; + p = strtok_r(NULL, ";,", &b)) { + int the_port = port; ++ ++ char *h = NULL; ++ if (*p == '[') { ++ // expecting it to be an IPv6 address enclosed in [] ++ // i.e. RFC3986 style recommended by RFC5952 ++ char *e = strchr(p, ']'); ++ if (e == NULL) { ++ fprintf(stderr, "Invalid IPV6 address: \"%s\"", p); ++ return 1; ++ } ++ h = ++p; // skip the opening '[' ++ *e = '\0'; ++ p = ++e; // skip the closing ']' ++ } ++ + char *s = strchr(p, ':'); + if (s != NULL) { +- *s = '\0'; +- ++s; +- if (!safe_strtol(s, &the_port)) { +- fprintf(stderr, "Invalid port number: \"%s\"", s); +- return 1; ++ // If no more semicolons - attempt to treat as port number. ++ // Otherwise the only valid option is an unenclosed IPv6 without port, until ++ // of course there was an RFC3986 IPv6 address previously specified - ++ // in such a case there is no good option, will just send it to fail as port number. ++ if (strchr(s + 1, ':') == NULL || h != NULL) { ++ *s = '\0'; ++ ++s; ++ if (!safe_strtol(s, &the_port)) { ++ fprintf(stderr, "Invalid port number: \"%s\"", s); ++ return 1; ++ } + } + } ++ ++ if (h != NULL) ++ p = h; ++ + if (strcmp(p, "*") == 0) { + p = NULL; + } diff --git a/SOURCES/memcached-manpages.patch b/SOURCES/memcached-manpages.patch new file mode 100644 index 0000000..e54c2d4 --- /dev/null +++ b/SOURCES/memcached-manpages.patch @@ -0,0 +1,141 @@ +From 8cf9b071c77f1f305f4bae795166da8e7daab179 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Tue, 2 Jul 2013 13:54:04 +0200 +Subject: [PATCH 1/2] describe -b and -S options in man page + +--- + doc/memcached.1 | 7 +++++++ + memcached.c | 2 +- + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/doc/memcached.1 b/doc/memcached.1 +index b6f633d..7e72e2e 100644 +--- a/doc/memcached.1 ++++ b/doc/memcached.1 +@@ -119,6 +119,9 @@ could reduce the number of TLB misses and improve the performance. In order to + get large pages from the OS, memcached will allocate the total item-cache in + one large chunk. Only available if supported on your OS. + .TP ++.B \-b ++Set the backlog queue limit to connections. The default is 1024. ++.TP + .B \-B + Specify the binding protocol to use. By default, the server will + autonegotiate client connections. By using this option, you can +@@ -131,6 +134,10 @@ minimum is 1k, max is 128m. Adjusting this value changes the item size limit. + Beware that this also increases the number of slabs (use -v to view), and the + overal memory usage of memcached. + .TP ++.B \-S ++Turn on SASL authentication. This option is only meaningful if memcached was ++compiled with SASL support enabled. ++.TP + .B \-o + Comma separated list of extended or experimental options. See -h or wiki for + up to date list. +diff --git a/memcached.c b/memcached.c +index 35f6f4d..dc8b770 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -4498,7 +4498,7 @@ static void usage(void) { + " requests process for a given connection to prevent \n" + " starvation (default: 20)\n"); + printf("-C Disable use of CAS\n"); +- printf("-b Set the backlog queue limit (default: 1024)\n"); ++ printf("-b Set the backlog queue limit (default: 1024)\n"); + printf("-B Binding protocol - one of ascii, binary, or auto (default)\n"); + printf("-I Override the size of each slab page. Adjusts max item size\n" + " (default: 1mb, min: 1k, max: 128m)\n"); +-- +1.8.1.4 + +From 6f9f9fe20d4b591c5b392660460fdd0e9cf2ca58 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Tue, 2 Jul 2013 17:15:03 +0200 +Subject: [PATCH 2/2] add man page for memcached-tool + +--- + scripts/memcached-tool.1 | 71 ++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 71 insertions(+) + create mode 100644 scripts/memcached-tool.1 + +diff --git a/scripts/memcached-tool.1 b/scripts/memcached-tool.1 +new file mode 100644 +index 0000000..6bb021b +--- /dev/null ++++ b/scripts/memcached-tool.1 +@@ -0,0 +1,71 @@ ++.TH MEMCACHED-TOOL 1 "Jul 2, 2013" ++.SH NAME ++memcached-tool \- stats and management tool for memcached ++ ++.SH SYNOPSIS ++.B memcached-tool ++.RI < host [: port "] | " /path/to/socket "> [" mode ] ++ ++.SH DESCRIPTION ++.B memcached-tool ++is a Perl script used to print statistics from a running memcached instance. ++The first parameter specifies the address of the daemon either by a hostname, ++optionally followed by the port number (the default is 11211), or a path to ++UNIX domain socket. The second parameter specifies the mode in which the tool ++should run. ++ ++.SH MODES ++.TP ++.B display ++Print slab class statistics. This is the default mode if no mode is specified. ++The printed columns are: ++.RS ++.TP ++.B # ++Number of the slab class. ++.TP ++.B Item_Size ++The amount of space each chunk uses. One item uses one chunk of the ++appropriate size. ++.TP ++.B Max_age ++Age of the oldest item in the LRU. ++.TP ++.B Pages ++Total number of pages allocated to the slab class. ++.TP ++.B Count ++Number of items presently stored in this class. Expired items are not ++automatically excluded. ++.TP ++.B Full? ++Yes if there are no free chunks at the end of the last allocated page. ++.TP ++.B Evicted ++Number of times an item had to be evicted from the LRU before it expired. ++.TP ++.B Evict_Time ++Seconds since the last access for the most recent item evicted from this ++class. ++.TP ++.B OOM ++Number of times the underlying slab class was unable to store a new item. ++.RE ++ ++.TP ++.B stats ++Print general-purpose statistics of the daemon. Each line contains the name of ++the statistic and its value. ++.TP ++.B dump ++Make a partial dump of the cache written in the add statements of the ++memcached protocol. ++ ++.SH SEE ALSO ++.BR memcached (1), ++.br ++.B http://www.memcached.org ++ ++.SH AUTHOR ++The memcached-tool script was written by Brad Fitzpatrick ++.B +-- +1.8.1.4 + diff --git a/SOURCES/memcached.service b/SOURCES/memcached.service new file mode 100644 index 0000000..ee5198d --- /dev/null +++ b/SOURCES/memcached.service @@ -0,0 +1,12 @@ +[Unit] +Description=Memcached +Before=httpd.service +After=network.target + +[Service] +Type=simple +EnvironmentFile=-/etc/sysconfig/memcached +ExecStart=/usr/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/memcached.spec b/SPECS/memcached.spec new file mode 100644 index 0000000..d721c0d --- /dev/null +++ b/SPECS/memcached.spec @@ -0,0 +1,337 @@ +%define username memcached +%define groupname memcached +%bcond_without sasl + +Name: memcached +Version: 1.4.15 +Release: 10%{?dist}.1 +Epoch: 0 +Summary: High Performance, Distributed Memory Object Cache + +Group: System Environment/Daemons +License: BSD +URL: http://www.memcached.org/ +Source0: http://memcached.googlecode.com/files/%{name}-%{version}.tar.gz + +# custom unit file +Source1: memcached.service + +# Patches +Patch001: memcached-manpages.patch +Patch002: memcached-CVE-2011-4971.patch +Patch003: memcached-CVE-2013-0179_7290_7291.patch +Patch004: memcached-CVE-2013-7239.patch +Patch005: memcached-ipv6.patch +Patch006: memcached-CVE-2016-8704_8705_8706.patch + +# Fixes + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: libevent-devel +BuildRequires: perl(Test::More), perl(Test::Harness) +BuildRequires: systemd-units +%{?with_sasl:BuildRequires: cyrus-sasl-devel} +# For test suite +%{?with_sasl:BuildRequires: cyrus-sasl-md5 cyrus-sasl-plain} + +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +# For triggerun +Requires(post): systemd-sysv +Requires(pre): shadow-utils + + +# as of 3.5.5-4 selinux has memcache included +Obsoletes: memcached-selinux + +%description +memcached is a high-performance, distributed memory object caching +system, generic in nature, but intended for use in speeding up dynamic +web applications by alleviating database load. + +%package devel +Summary: Files needed for development using memcached protocol +Group: Development/Libraries +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description devel +Install memcached-devel if you are developing C/C++ applications that require +access to the memcached binary include files. + +%prep +%setup -q +%patch001 -p1 -b .manpages +%patch002 -p1 -b .CVE-2011-4971 +%patch003 -p1 -b .CVE-2013-0179_7290_7291 +%patch004 -p1 -b .CVE-2013-7239 +%patch005 -p1 -b .ipv6 +%patch006 -p1 -b .CVE-2016-8704_8705_8706 + +%build +# compile with full RELRO +export CFLAGS="%{optflags} -pie -fpie" +export LDFLAGS="-Wl,-z,relro,-z,now" + +%configure \ + %{?with_sasl: --enable-sasl} + +sed -i 's/-Werror/ /' Makefile +make %{?_smp_mflags} + +%check +# whitespace tests fail locally on fedpkg systems now that they use git +rm -f t/whitespace.t + +# Parts of the test suite only succeed as non-root. +if [ `id -u` -ne 0 ]; then + # remove failing test that doesn't work in + # build systems + rm -f t/daemonize.t +fi +RUN_SASL_TESTS=1 make test + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} INSTALL="%{__install} -p" +# remove memcached-debug +rm -f %{buildroot}/%{_bindir}/memcached-debug + +# Perl script for monitoring memcached +install -Dp -m0755 scripts/memcached-tool %{buildroot}%{_bindir}/memcached-tool +install -Dp -m0644 scripts/memcached-tool.1 \ + %{buildroot}%{_mandir}/man1/memcached-tool.1 + +# Unit file +install -Dp -m0644 %{SOURCE1} %{buildroot}%{_unitdir}/memcached.service + +# Default configs +mkdir -p %{buildroot}/%{_sysconfdir}/sysconfig +cat <%{buildroot}/%{_sysconfdir}/sysconfig/%{name} +PORT="11211" +USER="%{username}" +MAXCONN="1024" +CACHESIZE="64" +OPTIONS="" +EOF + +# Constant timestamp on the config file. +touch -r %{SOURCE1} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} + +%clean +rm -rf %{buildroot} + + +%pre +getent group %{groupname} >/dev/null || groupadd -r %{groupname} +getent passwd %{username} >/dev/null || \ +useradd -r -g %{groupname} -d /run/memcached \ + -s /sbin/nologin -c "Memcached daemon" %{username} +exit 0 + + +%post +%systemd_post memcached.service + + +%preun +%systemd_preun memcached.service + + +%postun +%systemd_postun_with_restart memcached.service + +%triggerun -- memcached < 0:1.4.13-2 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply memcached +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save memcached >/dev/null 2>&1 ||: + +# Run these because the SysV package being removed won't do them +/sbin/chkconfig --del memcached >/dev/null 2>&1 || : +/bin/systemctl try-restart memcached.service >/dev/null 2>&1 || : + + +%files +%defattr(-,root,root,-) +%doc AUTHORS ChangeLog COPYING NEWS README.md doc/CONTRIBUTORS doc/*.txt +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%{_bindir}/memcached-tool +%{_bindir}/memcached +%{_mandir}/man1/memcached-tool.1* +%{_mandir}/man1/memcached.1* +%{_unitdir}/memcached.service + + +%files devel +%defattr(-,root,root,0755) +%{_includedir}/memcached/* + +%changelog +* Mon Nov 07 2016 Miroslav Lichvar - 0:1.4.15-10.el7_3.1 +- fix vulnerabilities allowing remote code execution (CVE-2016-8704, + CVE-2016-8705, CVE-2016-8706) + +* Tue Mar 08 2016 Miroslav Lichvar - 0:1.4.15-10 +- fix binding to IPv6 address (#1298603) +- enable SASL support (#1263696) +- don't allow authentication with bad SASL credentials (CVE-2013-7239) + +* Fri Jan 24 2014 Daniel Mach - 01.4.15-9 +- Mass rebuild 2014-01-24 + +* Tue Jan 14 2014 Miroslav Lichvar - 0:1.4.15-8 +- fix unbound key printing (CVE-2013-0179, CVE-2013-7290, CVE-2013-7291) + +* Fri Dec 27 2013 Daniel Mach - 01.4.15-7 +- Mass rebuild 2013-12-27 + +* Thu Dec 12 2013 Miroslav Lichvar - 0:1.4.15-6 +- fix segfault on specially crafted packet (#988739, CVE-2011-4971) + +* Mon Jul 08 2013 Miroslav Lichvar - 0:1.4.15-5 +- update memcached man page +- add memcached-tool man page +- buildrequire systemd-units + +* Thu Feb 14 2013 Fedora Release Engineering - 0:1.4.15-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Dec 20 2012 Miroslav Lichvar - 0:1.4.15-3 +- compile with full RELRO + +* Tue Nov 20 2012 Joe Orton - 0:1.4.15-2 +- BR perl(Test::Harness) + +* Tue Nov 20 2012 Joe Orton - 0:1.4.15-1 +- update to 1.4.15 (#782395) +- switch to simple systemd service (#878198) +- use systemd scriptlet macros (Václav Pavlín, #850204) + +* Fri Jul 20 2012 Fedora Release Engineering - 0:1.4.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri May 04 2012 Jon Ciesla - 0:1.4.13-2 +- Migrate to systemd, 783112. + +* Tue Feb 7 2012 Paul Lindner - 0:1.4.13-1 +- Upgrade to memcached 1.4.13 +- http://code.google.com/p/memcached/wiki/ReleaseNotes1413 +- http://code.google.com/p/memcached/wiki/ReleaseNotes1412 +- http://code.google.com/p/memcached/wiki/ReleaseNotes1411 + +* Fri Jan 13 2012 Fedora Release Engineering - 0:1.4.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Nov 9 2011 Paul Lindner - 0:1.4.10-1 +- Upgrade to memcached 1.4.10 (http://code.google.com/p/memcached/wiki/ReleaseNotes1410) + +* Tue Aug 16 2011 Paul Lindner - 0:1.4.7-1 +- Upgrade to memcached 1.4.7 (http://code.google.com/p/memcached/wiki/ReleaseNotes147) +- Fix some rpmlint errors/warnings. + +* Tue Aug 2 2011 Paul Lindner - 0:1.4.6-1 +- Upgrade to memcached-1.4.6 + +* Wed Feb 16 2011 Joe Orton - 0:1.4.5-7 +- fix build + +* Mon Feb 14 2011 Paul Lindner - 0:1.4.5-6 +- Rebuild for updated libevent + +* Tue Feb 08 2011 Fedora Release Engineering - 0:1.4.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Nov 28 2010 Paul Lindner - 0:1.4.5-4 +- Add code to deal with /var/run/memcached on tmpfs + +* Wed Sep 8 2010 Paul Lindner - 0:1.4.5-3 +- Apply patch from memcached issue #60, solves Bugzilla 631051 + +* Wed May 26 2010 Joe Orton - 0:1.4.5-2 +- LSB compliance fixes for init script +- don't run the test suite as root +- ensure a constant timestamp on the sysconfig file + +* Sun Apr 4 2010 Paul Lindner - 0:1.4.5-1 +- Upgrade to upstream memcached-1.4.5 (http://code.google.com/p/memcached/wiki/ReleaseNotes145) + +* Wed Jan 20 2010 Paul Lindner - 0:1.4.4-2 +- Remove SELinux policies fixes Bugzilla 557073 + +* Sat Nov 28 2009 Paul Lindner - 0:1.4.4-1 +- Upgraded to upstream memcached-1.4.4 (http://code.google.com/p/memcached/wiki/ReleaseNotes144) +- Add explicit Epoch to fix issue with broken devel dependencies (resolves 542001) + +* Thu Nov 12 2009 Paul Lindner - 1.4.3-1 +- Add explicit require on memcached for memcached-devel (resolves 537046) +- enable-threads option no longer needed +- Update web site address + +* Wed Nov 11 2009 Paul Lindner - 1.4.3-1 +- Upgrade to memcached-1.4.3 + +* Mon Oct 12 2009 Paul Lindner - 1.4.2-1 +- Upgrade to memcached-1.4.2 +- Addresses CVE-2009-2415 + +* Sat Aug 29 2009 Paul Lindner - 1.4.1-1 +- Upgrade to 1.4.1 +- http://code.google.com/p/memcached/wiki/ReleaseNotes141 + +* Wed Apr 29 2009 Paul Lindner - 1.2.8-1 +- Upgrade to memcached-1.2.8 +- Addresses CVE-2009-1255 + +* Wed Feb 25 2009 Fedora Release Engineering - 1.2.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jul 29 2008 Paul Lindner - 1.2.6-1 +- Upgrade to memcached-1.2.6 + +* Tue Mar 4 2008 Paul Lindner - 1.2.5-1 +- Upgrade to memcached-1.2.5 + +* Tue Feb 19 2008 Fedora Release Engineering - 1.2.4-4 +- Autorebuild for GCC 4.3 + +* Sun Jan 27 2008 Paul Lindner - 1.2.4-3 +- Adjust libevent dependencies + +* Sat Dec 22 2007 Paul Lindner - 1.2.4-2 +- Upgrade to memcached-1.2.4 + +* Fri Sep 07 2007 Konstantin Ryabitsev - 1.2.3-8 +- Add selinux policies +- Create our own system user + +* Mon Aug 6 2007 Paul Lindner - 1.2.3-7 +- Fix problem with -P and -d flag combo on x86_64 +- Fix init script for FC-6 + +* Fri Jul 13 2007 Paul Lindner - 1.2.3-4 +- Remove test that fails in fedora build system on ppc64 + +* Sat Jul 7 2007 root - 1.2.3-2 +- Upgrade to 1.2.3 upstream +- Adjust make install to preserve man page timestamp +- Conform with LSB init scripts standards, add force-reload + +* Wed Jul 4 2007 Paul Lindner - 1.2.2-5 +- Use /var/run/memcached/ directory to hold PID file + +* Sat May 12 2007 Paul Lindner - 1.2.2-4 +- Remove tabs from spec file, rpmlint reports no more errors + +* Thu May 10 2007 Paul Lindner - 1.2.2-3 +- Enable build-time regression tests +- add dependency on initscripts +- remove memcached-debug (not needed in dist) +- above suggestions from Bernard Johnson + +* Mon May 7 2007 Paul Lindner - 1.2.2-2 +- Tidyness improvements suggested by Ruben Kerkhof in bugzilla #238994 + +* Fri May 4 2007 Paul Lindner - 1.2.2-1 +- Initial spec file created via rpmdev-newspec