import memcached-1.5.16-1.el8

2020-05-14 22:31:20 +00:00 · 2020-05-14 22:31:20 +00:00 · bd0a35f40d
commit bd0a35f40d
parent 90b5e54269
7 changed files with 55 additions and 86 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/memcached-1.5.9.tar.gz
+SOURCES/memcached-1.5.16.tar.gz
--- a/.memcached.metadata
+++ b/.memcached.metadata
@ -1 +1 @@
-7d3807ed240597444c97e11b0f61d16964feff1c SOURCES/memcached-1.5.9.tar.gz
+06a9661638cb20232d0ccea088f52ca10b959968 SOURCES/memcached-1.5.16.tar.gz
--- a/SOURCES/memcached-CVE-2019-11596.patch
+++ b/SOURCES/memcached-CVE-2019-11596.patch
@ -1,22 +0,0 @@
-diff --git a/memcached.c b/memcached.c
-index 4a04427..cf4e0f0 100644
--- a/memcached.c
-+++ b/memcached.c
-@@ -4510,7 +4510,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
-                 out_string(c, "OK");
-             }
-         }
-    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
-+    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
-                settings.lru_maintainer_thread) {
-         if (strcmp(tokens[2].value, "flat") == 0) {
-             settings.lru_segmented = false;
-@@ -4521,7 +4521,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
-         } else {
-             out_string(c, "ERROR");
-         }
-    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
-+    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
-                settings.lru_maintainer_thread) {
-         if (!safe_strtol(tokens[2].value, &ttl)) {
-             out_string(c, "ERROR");
--- a/SOURCES/memcached-free-tls-cntxt.patch
+++ b/SOURCES/memcached-free-tls-cntxt.patch
@ -0,0 +1,42 @@
+commit 06d06ff9477780d82ef3a1851525e3bc2aa4280f
+Author: dormando <dormando@rydia.net>
+Date:   Fri Sep 20 12:39:30 2019 -0700
+
+    TLS: fix leak of SSL context on accept failure
+    
+    frees said context. Don't use SSL_Shutdown as connection was not
+    established.
+    
+    also fixes potential leak if dispatch_conn_new fails; but that
+    shouldn't be possible for most systems. requires either a malloc
+    failure or event_add() failure.
+
+diff --git a/memcached.c b/memcached.c
+index e8c0da4..1be6583 100644
+--- a/memcached.c
+++ b/memcached.c
+@@ -5805,6 +5805,7 @@ static void drive_machine(conn *c) {
+                             if (settings.verbose) {
+                                 fprintf(stderr, "SSL connection failed with error code : %d : %s\n", err, strerror(errno));
+                             }
+                            SSL_free(ssl);
+                             close(sfd);
+                             break;
+                         }
+diff --git a/thread.c b/thread.c
+index f3a08ad..eaec647 100644
+--- a/thread.c
+++ b/thread.c
+@@ -500,6 +500,12 @@ static void thread_libevent_process(int fd, short which, void *arg) {
+                             fprintf(stderr, "Can't listen for events on fd %d\n",
+                                 item->sfd);
+                         }
+#ifdef TLS
+                        if (item->ssl) {
+                            SSL_shutdown(item->ssl);
+                            SSL_free(item->ssl);
+                        }
+#endif
+                         close(item->sfd);
+                     }
+                 } else {
--- a/SOURCES/memcached-lrutest.patch
+++ b/SOURCES/memcached-lrutest.patch
@ -1,32 +0,0 @@
-commit 2a381829b2418018506a3dde4bf125a1348726f2
-Author: dormando <dormando@rydia.net>
-Date:   Fri Aug 10 15:31:22 2018 -0700
-
-    t/lru-maintainer.t: check for WARM item earlier
-    
-    item might get pushed back out as we keep doing work. also use the move
-    counter instead of static number, in case of timing goofups pushing the warm
-    item back out.
-
-diff --git a/t/lru-maintainer.t b/t/lru-maintainer.t
-index 04fa76a..93091af 100644
--- a/t/lru-maintainer.t
-+++ b/t/lru-maintainer.t
-@@ -68,6 +68,8 @@ for (my $key = 0; $key < 100; $key++) {
-             }
-             last;
-         }
-+        $stats = mem_stats($sock, "items");
-+        isnt($stats->{"items:31:moves_to_warm"}, 0, "our canary moved to warm");
-     }
-     print $sock "set key$key 0 0 66560\r\n$value\r\n";
-     is(scalar <$sock>, "STORED\r\n", "stored key$key");
-@@ -76,8 +78,6 @@ for (my $key = 0; $key < 100; $key++) {
- {
-     my $stats = mem_stats($sock);
-     isnt($stats->{evictions}, 0, "some evictions happened");
-    my $istats = mem_stats($sock, "items");
-    isnt($istats->{"items:31:number_warm"}, 0, "our canary moved to warm");
-     use Data::Dumper qw/Dumper/;
- }
- 
--- a/SOURCES/memcached-vaend.patch
+++ b/SOURCES/memcached-vaend.patch
@ -1,18 +0,0 @@
-commit 8c629d398914b5669d9b719d2d271dfe7b453221
-Author: Miroslav Lichvar <mlichvar@redhat.com>
-Date:   Tue Jul 10 17:23:04 2018 +0200
-
-    add missing va_end() call to logger_log()
-
-diff --git a/logger.c b/logger.c
-index ba0c62e..1322d7d 100644
--- a/logger.c
-+++ b/logger.c
-@@ -752,6 +752,7 @@ enum logger_ret_type logger_log(logger *l, const enum log_entry_type event, cons
-             rel_time_t sttl = va_arg(ap, rel_time_t);
-             uint8_t sclsid = va_arg(ap, int);
-             _logger_log_item_store(e, status, comm, skey, snkey, sttl, sclsid);
-+            va_end(ap);
-             break;
-     }
- 
--- a/SPECS/memcached.spec
+++ b/SPECS/memcached.spec
@ -1,12 +1,13 @@
 %define username   memcached
 %define groupname  memcached
 %bcond_without sasl
+%bcond_without tls
 %bcond_with seccomp
 %bcond_with tests

 Name:           memcached
-Version:        1.5.9
-Release:        3%{?dist}
+Version:        1.5.16
+Release:        1%{?dist}
 Epoch:          0
 Summary:        High Performance, Distributed Memory Object Cache

@ -17,15 +18,14 @@ Source0:        https://www.memcached.org/files/%{name}-%{version}.tar.gz
 Source1:        memcached.sysconfig

 Patch1:         memcached-unit.patch
-Patch2:         memcached-vaend.patch
-Patch3:         memcached-lrutest.patch
-Patch4:         memcached-CVE-2019-11596.patch
+Patch2:         memcached-free-tls-cntxt.patch

 BuildRequires:  gcc libevent-devel systemd
 BuildRequires:  perl-generators
 BuildRequires:  perl(Test::More), perl(Test::Harness)
 %{?with_sasl:BuildRequires: cyrus-sasl-devel}
 %{?with_seccomp:BuildRequires: libseccomp-devel}
+%{?with_tls:BuildRequires: openssl-devel}

 Requires(pre):  shadow-utils
 %{?systemd_requires}
@ -47,11 +47,7 @@ access to the memcached binary include files.
 %prep
 %setup -q
 %patch1 -p1 -b .unit
-%patch2 -p1 -b .vaend
-%patch3 -p1 -b .lrutest
-# #1709408 - CVE-2019-11596
-# memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service
-%patch4 -p1 -b .lru_segfault
+%patch2 -p1 -b .tls-cntxt

 %build
 # compile with full RELRO
@ -60,8 +56,8 @@ export LDFLAGS="-Wl,-z,relro,-z,now"

 %configure \
  %{?with_sasl: --enable-sasl} \
-  %{?with_seccomp: --enable-seccomp}
-
+  %{?with_seccomp: --enable-seccomp} \
+  %{?with_tls: --enable-tls}
 make %{?_smp_mflags}

 %check
@ -131,6 +127,9 @@ exit 0
 %{_includedir}/memcached/*

 %changelog
+* Mon Mar 30 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.16-1
+- Rebase to version 1.5.16 (#1809536)
+
 * Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.9-3
 - fix null-pointer dereference in "lru mode" and "lru temp_ttl" (#1709408)
 - CVE-2019-11596