diff --git a/.gitignore b/.gitignore
index 119ae7b..34fa0fb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/memcached-1.5.9.tar.gz
+SOURCES/memcached-1.5.16.tar.gz
diff --git a/.memcached.metadata b/.memcached.metadata
index 7a89b52..7e4aeb0 100644
--- a/.memcached.metadata
+++ b/.memcached.metadata
@@ -1 +1 @@
-7d3807ed240597444c97e11b0f61d16964feff1c SOURCES/memcached-1.5.9.tar.gz
+06a9661638cb20232d0ccea088f52ca10b959968 SOURCES/memcached-1.5.16.tar.gz
diff --git a/SOURCES/memcached-CVE-2019-11596.patch b/SOURCES/memcached-CVE-2019-11596.patch
deleted file mode 100644
index b30eb32..0000000
--- a/SOURCES/memcached-CVE-2019-11596.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/memcached.c b/memcached.c
-index 4a04427..cf4e0f0 100644
---- a/memcached.c
-+++ b/memcached.c
-@@ -4510,7 +4510,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
- out_string(c, "OK");
- }
- }
-- } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
-+ } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
- settings.lru_maintainer_thread) {
- if (strcmp(tokens[2].value, "flat") == 0) {
- settings.lru_segmented = false;
-@@ -4521,7 +4521,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
- } else {
- out_string(c, "ERROR");
- }
-- } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
-+ } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
- settings.lru_maintainer_thread) {
- if (!safe_strtol(tokens[2].value, &ttl)) {
- out_string(c, "ERROR");
diff --git a/SOURCES/memcached-free-tls-cntxt.patch b/SOURCES/memcached-free-tls-cntxt.patch
new file mode 100644
index 0000000..53c586d
--- /dev/null
+++ b/SOURCES/memcached-free-tls-cntxt.patch
@@ -0,0 +1,42 @@
+commit 06d06ff9477780d82ef3a1851525e3bc2aa4280f
+Author: dormando <dormando@rydia.net>
+Date: Fri Sep 20 12:39:30 2019 -0700
+
+ TLS: fix leak of SSL context on accept failure
+
+ frees said context. Don't use SSL_Shutdown as connection was not
+ established.
+
+ also fixes potential leak if dispatch_conn_new fails; but that
+ shouldn't be possible for most systems. requires either a malloc
+ failure or event_add() failure.
+
+diff --git a/memcached.c b/memcached.c
+index e8c0da4..1be6583 100644
+--- a/memcached.c
++++ b/memcached.c
+@@ -5805,6 +5805,7 @@ static void drive_machine(conn *c) {
+ if (settings.verbose) {
+ fprintf(stderr, "SSL connection failed with error code : %d : %s\n", err, strerror(errno));
+ }
++ SSL_free(ssl);
+ close(sfd);
+ break;
+ }
+diff --git a/thread.c b/thread.c
+index f3a08ad..eaec647 100644
+--- a/thread.c
++++ b/thread.c
+@@ -500,6 +500,12 @@ static void thread_libevent_process(int fd, short which, void *arg) {
+ fprintf(stderr, "Can't listen for events on fd %d\n",
+ item->sfd);
+ }
++#ifdef TLS
++ if (item->ssl) {
++ SSL_shutdown(item->ssl);
++ SSL_free(item->ssl);
++ }
++#endif
+ close(item->sfd);
+ }
+ } else {
diff --git a/SOURCES/memcached-lrutest.patch b/SOURCES/memcached-lrutest.patch
deleted file mode 100644
index f6e54a7..0000000
--- a/SOURCES/memcached-lrutest.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-commit 2a381829b2418018506a3dde4bf125a1348726f2
-Author: dormando <dormando@rydia.net>
-Date: Fri Aug 10 15:31:22 2018 -0700
-
- t/lru-maintainer.t: check for WARM item earlier
-
- item might get pushed back out as we keep doing work. also use the move
- counter instead of static number, in case of timing goofups pushing the warm
- item back out.
-
-diff --git a/t/lru-maintainer.t b/t/lru-maintainer.t
-index 04fa76a..93091af 100644
---- a/t/lru-maintainer.t
-+++ b/t/lru-maintainer.t
-@@ -68,6 +68,8 @@ for (my $key = 0; $key < 100; $key++) {
- }
- last;
- }
-+ $stats = mem_stats($sock, "items");
-+ isnt($stats->{"items:31:moves_to_warm"}, 0, "our canary moved to warm");
- }
- print $sock "set key$key 0 0 66560\r\n$value\r\n";
- is(scalar <$sock>, "STORED\r\n", "stored key$key");
-@@ -76,8 +78,6 @@ for (my $key = 0; $key < 100; $key++) {
- {
- my $stats = mem_stats($sock);
- isnt($stats->{evictions}, 0, "some evictions happened");
-- my $istats = mem_stats($sock, "items");
-- isnt($istats->{"items:31:number_warm"}, 0, "our canary moved to warm");
- use Data::Dumper qw/Dumper/;
- }
-
diff --git a/SOURCES/memcached-vaend.patch b/SOURCES/memcached-vaend.patch
deleted file mode 100644
index 850f8bc..0000000
--- a/SOURCES/memcached-vaend.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-commit 8c629d398914b5669d9b719d2d271dfe7b453221
-Author: Miroslav Lichvar <mlichvar@redhat.com>
-Date: Tue Jul 10 17:23:04 2018 +0200
-
- add missing va_end() call to logger_log()
-
-diff --git a/logger.c b/logger.c
-index ba0c62e..1322d7d 100644
---- a/logger.c
-+++ b/logger.c
-@@ -752,6 +752,7 @@ enum logger_ret_type logger_log(logger *l, const enum log_entry_type event, cons
- rel_time_t sttl = va_arg(ap, rel_time_t);
- uint8_t sclsid = va_arg(ap, int);
- _logger_log_item_store(e, status, comm, skey, snkey, sttl, sclsid);
-+ va_end(ap);
- break;
- }
-
diff --git a/SPECS/memcached.spec b/SPECS/memcached.spec
index b762d1f..7876e7f 100644
--- a/SPECS/memcached.spec
+++ b/SPECS/memcached.spec
@@ -1,12 +1,13 @@
%define username memcached
%define groupname memcached
%bcond_without sasl
+%bcond_without tls
%bcond_with seccomp
%bcond_with tests
Name: memcached
-Version: 1.5.9
-Release: 3%{?dist}
+Version: 1.5.16
+Release: 1%{?dist}
Epoch: 0
Summary: High Performance, Distributed Memory Object Cache
@@ -17,15 +18,14 @@ Source0: https://www.memcached.org/files/%{name}-%{version}.tar.gz
Source1: memcached.sysconfig
Patch1: memcached-unit.patch
-Patch2: memcached-vaend.patch
-Patch3: memcached-lrutest.patch
-Patch4: memcached-CVE-2019-11596.patch
+Patch2: memcached-free-tls-cntxt.patch
BuildRequires: gcc libevent-devel systemd
BuildRequires: perl-generators
BuildRequires: perl(Test::More), perl(Test::Harness)
%{?with_sasl:BuildRequires: cyrus-sasl-devel}
%{?with_seccomp:BuildRequires: libseccomp-devel}
+%{?with_tls:BuildRequires: openssl-devel}
Requires(pre): shadow-utils
%{?systemd_requires}
@@ -47,11 +47,7 @@ access to the memcached binary include files.
%prep
%setup -q
%patch1 -p1 -b .unit
-%patch2 -p1 -b .vaend
-%patch3 -p1 -b .lrutest
-# #1709408 - CVE-2019-11596
-# memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service
-%patch4 -p1 -b .lru_segfault
+%patch2 -p1 -b .tls-cntxt
%build
# compile with full RELRO
@@ -60,8 +56,8 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
%configure \
%{?with_sasl: --enable-sasl} \
- %{?with_seccomp: --enable-seccomp}
-
+ %{?with_seccomp: --enable-seccomp} \
+ %{?with_tls: --enable-tls}
make %{?_smp_mflags}
%check
@@ -131,6 +127,9 @@ exit 0
%{_includedir}/memcached/*
%changelog
+* Mon Mar 30 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.16-1
+- Rebase to version 1.5.16 (#1809536)
+
* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.9-3
- fix null-pointer dereference in "lru mode" and "lru temp_ttl" (#1709408)
- CVE-2019-11596