Compare commits

...

No commits in common. "c8" and "c9" have entirely different histories.
c8 ... c9

19 changed files with 192 additions and 700 deletions

3
.gitignore vendored
View File

@ -1 +1,2 @@
SOURCES/memcached-1.5.22.tar.gz
SOURCES/memcached-1.6.9.tar.gz
SOURCES/memcached-selinux-1.0.2.tar.gz

View File

@ -1 +1,2 @@
3fe5d3929130e860efcfde18d4d396a29db006b7 SOURCES/memcached-1.5.22.tar.gz
42ae062094fdf083cfe7b21ff377c781011c2be1 SOURCES/memcached-1.6.9.tar.gz
6b2885a8c455aea6bca7d52b71ee1f6b6a75d4eb SOURCES/memcached-selinux-1.0.2.tar.gz

View File

@ -1,23 +0,0 @@
commit d5b1c3f5f8abc2f51ed493e5a41826d510f95cbb
Author: dormando <dormando@rydia.net>
Date: Fri Mar 6 00:36:39 2020 -0800
fix: all new connections were counted as rejected
from an earlier patch from a static analyzer... :(
diff --git a/memcached.c b/memcached.c
index b560b32..ed3fc7d 100644
--- a/memcached.c
+++ b/memcached.c
@@ -6668,7 +6668,9 @@ static void drive_machine(conn *c) {
if (settings.maxconns_fast) {
STATS_LOCK();
reject = stats_state.curr_conns + stats_state.reserved_fds >= settings.maxconns - 1;
- stats.rejected_conns++;
+ if (reject) {
+ stats.rejected_conns++;
+ }
STATS_UNLOCK();
} else {
reject = false;

View File

@ -1,39 +0,0 @@
commit 48c2d30efef24270ea94fa133945b8ecd3a015e3
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Wed May 20 15:28:10 2020 +0200
Do not join lru and slab maintainer threads if they do not exist
If no_modern option was supplied then these threads did not run
but memcached still attempted to join them, which resulted in a
segfault.
resolve #685
diff --git a/thread.c b/thread.c
index f162d26..abbfca1 100644
--- a/thread.c
+++ b/thread.c
@@ -226,12 +226,16 @@ void stop_threads(void) {
stop_item_crawler_thread(CRAWLER_WAIT);
if (settings.verbose > 0)
fprintf(stderr, "stopped lru crawler\n");
- stop_lru_maintainer_thread();
- if (settings.verbose > 0)
- fprintf(stderr, "stopped maintainer\n");
- stop_slab_maintenance_thread();
- if (settings.verbose > 0)
- fprintf(stderr, "stopped slab mover\n");
+ if (settings.lru_maintainer_thread) {
+ stop_lru_maintainer_thread();
+ if (settings.verbose > 0)
+ fprintf(stderr, "stopped maintainer\n");
+ }
+ if (settings.slab_reassign) {
+ stop_slab_maintenance_thread();
+ if (settings.verbose > 0)
+ fprintf(stderr, "stopped slab mover\n");
+ }
logger_stop();
if (settings.verbose > 0)
fprintf(stderr, "stopped logger thread\n");

View File

@ -1,26 +0,0 @@
commit dfb7eb468f06dbcb9abca68c0ff3a89eb3bf80de
Author: dormando <dormando@rydia.net>
Date: Thu Mar 26 12:51:27 2020 -0700
fix startup segfault for low conns + idle thread
< 100 connection limit plus idle_timeout feature caused a fault. Set a
minimum sleep instead.
diff --git a/memcached.c b/memcached.c
index dd52dd0..6bfa131 100644
--- a/memcached.c
+++ b/memcached.c
@@ -341,7 +341,11 @@ static void *conn_timeout_thread(void *arg) {
char buf[TIMEOUT_MSG_SIZE];
rel_time_t oldest_last_cmd;
int sleep_time;
- useconds_t timeslice = 1000000 / (max_fds / CONNS_PER_SLICE);
+ int sleep_slice = max_fds / CONNS_PER_SLICE;
+ if (sleep_slice == 0)
+ sleep_slice = CONNS_PER_SLICE;
+
+ useconds_t timeslice = 1000000 / sleep_slice;
while(do_run_conn_timeout_thread) {
if (settings.verbose > 2)

View File

@ -1,19 +0,0 @@
commit 7e0270468aa4da5c82826c3c903442b8d6a670c4
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Mon May 18 15:23:12 2020 +0200
crash fix: errstr wasn't initialized in metaget
diff --git a/memcached.c b/memcached.c
index 3010236..2af1738 100644
--- a/memcached.c
+++ b/memcached.c
@@ -4434,7 +4434,7 @@ static void process_mget_command(conn *c, token_t *tokens, const size_t ntokens)
bool item_created = false;
bool won_token = false;
bool ttl_set = false;
- char *errstr;
+ char *errstr = "CLIENT_ERROR bad command line format";
assert(c != NULL);

View File

@ -1,30 +0,0 @@
commit fa40655b49cc73194acc0e2410930f3e9a8322a7
Author: dormando <dormando@rydia.net>
Date: Thu Mar 26 11:59:22 2020 -0700
restart: fix corrupted restart in some scenarios
If the mmap file is reused but the memory isn't supposed to be reused,
pages are thrown into the global page pool. Normally when pages are
released into the pool the header of the page is zero'ed so the
restart_check() code will know to place it back into the global pool.
When restarting multiple times the slabs_prefill() part of the startup
code was missing this zero'ing step, so the _next_ time restart happens
properly restart_check() could attempt to recover that memory.
diff --git a/slabs.c b/slabs.c
index 56b5840..ca8a8f2 100644
--- a/slabs.c
+++ b/slabs.c
@@ -299,6 +299,10 @@ void slabs_prefill_global(void) {
while (mem_malloced < mem_limit
&& (ptr = memory_allocate(len)) != NULL) {
grow_slab_list(0);
+ // Ensure the front header is zero'd to avoid confusing restart code.
+ // It's probably good enough to cast it and just zero slabs_clsid, but
+ // this is extra paranoid.
+ memset(ptr, 0, sizeof(item));
p->slab_list[p->slabs++] = ptr;
}
mem_limit_reached = true;

View File

@ -1,13 +0,0 @@
diff --git a/slabs.c b/slabs.c
index 047d45a..577304d 100644
--- a/slabs.c
+++ b/slabs.c
@@ -456,6 +456,8 @@ static void do_slabs_free_chunked(item *it, const size_t size) {
it->prev = 0;
// header object's original classid is stored in chunk.
p = &slabclass[chunk->orig_clsid];
+ // original class id needs to be set on free memory.
+ it->slabs_clsid = chunk->orig_clsid;
if (chunk->next) {
chunk = chunk->next;
chunk->prev = 0;

View File

@ -1,26 +0,0 @@
commit 0d4901071c74f9c3b63162ef5887a5c5b981f385
Author: David Carlier <devnexen@gmail.com>
Date: Sat Feb 22 01:24:54 2020 +0000
restart: fix potential double free
diff --git a/restart.c b/restart.c
index 92a7295..9a83d3a 100644
--- a/restart.c
+++ b/restart.c
@@ -148,6 +148,7 @@ enum restart_get_kv_ret restart_get_kv(void *ctx, char **key, char **val) {
// have to re-assign it into the structure anyway.
if (c->line != NULL) {
free(c->line);
+ c->line = NULL;
}
if (getline(&line, &len, c->f) != -1) {
@@ -198,6 +199,7 @@ enum restart_get_kv_ret restart_get_kv(void *ctx, char **key, char **val) {
} else {
// FIXME: proper error chain.
fprintf(stderr, "[restart] invalid metadata line:\n\n%s\n", line);
+ free(line);
return RESTART_BADLINE;
}
} else {

View File

@ -1,97 +0,0 @@
commit e360e34b1fd2cd69c3a08bfb7fa4fe75281b942a
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Tue May 19 08:42:12 2020 +0200
restart: fix rare segfault on shutdown
diff --git a/memcached.c b/memcached.c
index d769b4a..ac03b93 100644
--- a/memcached.c
+++ b/memcached.c
@@ -1009,6 +1009,18 @@ static void conn_shrink(conn *c) {
}
}
+// Since some connections might be off on side threads and some are managed as
+// listeners we need to walk through them all from a central point.
+// Must be called with all worker threads hung or in the process of closing.
+void conn_close_all(void) {
+ int i;
+ for (i = 0; i < max_fds; i++) {
+ if (conns[i] && conns[i]->state != conn_closed) {
+ conn_close(conns[i]);
+ }
+ }
+}
+
/**
* Convert a state name to a human readable form.
*/
@@ -9860,13 +9872,6 @@ int main (int argc, char **argv) {
}
stop_threads();
- int i;
- // FIXME: make a function callable from threads.c
- for (i = 0; i < max_fds; i++) {
- if (conns[i] && conns[i]->state != conn_closed) {
- conn_close(conns[i]);
- }
- }
if (memory_file != NULL && stop_main_loop == GRACE_STOP) {
restart_mmap_close();
}
diff --git a/memcached.h b/memcached.h
index 6b1fe4a..bc2b395 100644
--- a/memcached.h
+++ b/memcached.h
@@ -814,9 +814,8 @@ enum delta_result_type add_delta(conn *c, const char *key,
const int64_t delta, char *buf,
uint64_t *cas);
void accept_new_conns(const bool do_accept);
-conn *conn_from_freelist(void);
-bool conn_add_to_freelist(conn *c);
void conn_close_idle(conn *c);
+void conn_close_all(void);
item *item_alloc(char *key, size_t nkey, int flags, rel_time_t exptime, int nbytes);
#define DO_UPDATE true
#define DONT_UPDATE false
diff --git a/thread.c b/thread.c
index 7cba01e..6e19a2e 100644
--- a/thread.c
+++ b/thread.c
@@ -205,6 +205,7 @@ void stop_threads(void) {
if (settings.verbose > 0)
fprintf(stderr, "asking workers to stop\n");
buf[0] = 's';
+ pthread_mutex_lock(&worker_hang_lock);
pthread_mutex_lock(&init_lock);
init_count = 0;
for (i = 0; i < settings.num_threads; i++) {
@@ -216,6 +217,8 @@ void stop_threads(void) {
wait_for_thread_registration(settings.num_threads);
pthread_mutex_unlock(&init_lock);
+ // All of the workers are hung but haven't done cleanup yet.
+
if (settings.verbose > 0)
fprintf(stderr, "asking background threads to stop\n");
@@ -237,6 +240,17 @@ void stop_threads(void) {
if (settings.verbose > 0)
fprintf(stderr, "stopped idle timeout thread\n");
+ // Close all connections then let the workers finally exit.
+ if (settings.verbose > 0)
+ fprintf(stderr, "closing connections\n");
+ conn_close_all();
+ pthread_mutex_unlock(&worker_hang_lock);
+ if (settings.verbose > 0)
+ fprintf(stderr, "reaping worker threads\n");
+ for (i = 0; i < settings.num_threads; i++) {
+ pthread_join(threads[i].thread_id, NULL);
+ }
+
if (settings.verbose > 0)
fprintf(stderr, "all background threads stopped\n");

View File

@ -1,62 +0,0 @@
commit 6207330c2705fdb5f02de13b99a0d994f7c4f14a
Author: Zheng Gu <zhenggu@cisco.com>
Date: Fri Nov 22 22:34:16 2019 +0800
fix bug where sasl will load config the wrong path
/etc/sasl2/memcached.conf/memcached.conf instead of
/etc/sasl2/memcached.conf
diff --git a/sasl_defs.c b/sasl_defs.c
index c60d1bf..370f947 100644
--- a/sasl_defs.c
+++ b/sasl_defs.c
@@ -16,6 +16,23 @@ const char * const locations[] = {
"/etc/sasl2/memcached.conf",
NULL
};
+
+/* If the element of locations is file, locations_dir_path stores the
+ * directory path of these elements */
+const char *const locations_dir_path[] = {
+ "/etc/sasl",
+ "/etc/sasl2",
+ NULL
+};
+
+/* If the element of locations is directory, locations_file_path stores
+ * the actual configue file which used by sasl, when GETCONFPATH is
+ * enabled */
+const char *const locations_file_path[] = {
+ "/etc/sasl/memcached.conf/memcached.conf",
+ "/etc/sasl2/memcached.conf/memcached.conf",
+ NULL
+};
#endif
#ifndef HAVE_SASL_CALLBACK_FT
@@ -88,12 +105,24 @@ static int sasl_getconf(void *context, const char **path)
*path = getenv("SASL_CONF_PATH");
if (*path == NULL) {
+#if defined(HAVE_SASL_CB_GETCONF)
for (int i = 0; locations[i] != NULL; ++i) {
if (access(locations[i], F_OK) == 0) {
*path = locations[i];
break;
}
}
+#elif defined(HAVE_SASL_CB_GETCONFPATH)
+ for (int i = 0; locations[i] != NULL; ++i) {
+ if (access(locations_file_path[i], F_OK) == 0) {
+ *path = locations[i];
+ break;
+ } else if (access(locations[i], F_OK) == 0) {
+ *path = locations_dir_path[i];
+ break;
+ }
+ }
+#endif
}
if (settings.verbose) {

View File

@ -1,84 +0,0 @@
commit 8bbf383316f1bb16e45b05ad6e2ba9def88ba420
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Mon May 18 14:57:39 2020 +0200
improve sig_handler function
diff --git a/memcached.c b/memcached.c
index 3916a8c..2547305 100644
--- a/memcached.c
+++ b/memcached.c
@@ -189,7 +189,7 @@ static enum transmit_result transmit(conn *c);
* can block the listener via a condition.
*/
static volatile bool allow_new_conns = true;
-static bool stop_main_loop = false;
+static int stop_main_loop = NOT_STOP;
static struct event maxconnsevent;
static void maxconns_handler(const int fd, const short which, void *arg) {
struct timeval t = {.tv_sec = 0, .tv_usec = 10000};
@@ -7850,8 +7850,8 @@ static void remove_pidfile(const char *pid_file) {
}
static void sig_handler(const int sig) {
+ stop_main_loop = EXIT_NORMALLY;
printf("Signal handled: %s.\n", strsignal(sig));
- exit(EXIT_SUCCESS);
}
static void sighup_handler(const int sig) {
@@ -7860,7 +7860,7 @@ static void sighup_handler(const int sig) {
static void sig_usrhandler(const int sig) {
printf("Graceful shutdown signal handled: %s.\n", strsignal(sig));
- stop_main_loop = true;
+ stop_main_loop = GRACE_STOP;
}
#ifndef HAVE_SIGIGNORE
@@ -9839,7 +9839,18 @@ int main (int argc, char **argv) {
}
}
- fprintf(stderr, "Gracefully stopping\n");
+ switch (stop_main_loop) {
+ case GRACE_STOP:
+ fprintf(stderr, "Gracefully stopping\n");
+ break;
+ case EXIT_NORMALLY:
+ fprintf(stderr, "Exiting normally\n");
+ break;
+ default:
+ fprintf(stderr, "Exiting on error\n");
+ break;
+ }
+
stop_threads();
int i;
// FIXME: make a function callable from threads.c
@@ -9848,7 +9859,7 @@ int main (int argc, char **argv) {
conn_close(conns[i]);
}
}
- if (memory_file != NULL) {
+ if (memory_file != NULL && stop_main_loop == GRACE_STOP) {
restart_mmap_close();
}
diff --git a/memcached.h b/memcached.h
index 77f52aa..795ea8f 100644
--- a/memcached.h
+++ b/memcached.h
@@ -236,6 +236,12 @@ enum pause_thread_types {
RESUME_WORKER_THREADS
};
+enum stop_reasons {
+ NOT_STOP,
+ GRACE_STOP,
+ EXIT_NORMALLY
+};
+
#define IS_TCP(x) (x == tcp_transport)
#define IS_UDP(x) (x == udp_transport)

View File

@ -1,83 +0,0 @@
commit 3b78790b2575daf0e8b3c2822a7e160273df20bd
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Tue May 19 08:35:29 2020 +0200
Include ssl errors in the stats
diff --git a/doc/protocol.txt b/doc/protocol.txt
index abe70b2..55479b7 100644
--- a/doc/protocol.txt
+++ b/doc/protocol.txt
@@ -1509,6 +1509,23 @@ The value of the "state" stat may be one of the following:
| | sending back multiple lines of response data). |
|----------------+-----------------------------------------------------------|
+TLS statistics
+--------------
+
+TLS is a compile-time opt-in feature available in versions 1.5.13 and later.
+When compiled with TLS support and TLS termination is enabled at runtime, the
+following additional statistics are available via the "stats" command.
+
+|--------------------------------+----------+--------------------------------|
+| Name | Type | Meaning |
+|--------------------------------+----------+--------------------------------|
+| ssl_handshake_errors | 64u | Number of times the server has |
+| | | encountered an OpenSSL error |
+| | | during handshake (SSL_accept). |
+| time_since_server_cert_refresh | 32u | Number of seconds that have |
+| | | elapsed since the last time |
+| | | certs were reloaded from disk. |
+|--------------------------------+----------+--------------------------------|
Other commands
diff --git a/memcached.c b/memcached.c
index d81a71f..d769b4a 100644
--- a/memcached.c
+++ b/memcached.c
@@ -3428,6 +3428,7 @@ static void server_stats(ADD_STAT add_stats, conn *c) {
#endif
#ifdef TLS
if (settings.ssl_enabled) {
+ APPEND_STAT("ssl_handshake_errors", "%llu", (unsigned long long)stats.ssl_handshake_errors);
APPEND_STAT("time_since_server_cert_refresh", "%u", now - settings.ssl_last_cert_refresh_time);
}
#endif
@@ -6779,6 +6780,9 @@ static void drive_machine(conn *c) {
}
SSL_free(ssl);
close(sfd);
+ STATS_LOCK();
+ stats.ssl_handshake_errors++;
+ STATS_UNLOCK();
break;
}
}
diff --git a/memcached.h b/memcached.h
index 795ea8f..6b1fe4a 100644
--- a/memcached.h
+++ b/memcached.h
@@ -357,6 +357,9 @@ struct stats {
uint64_t extstore_compact_lost; /* items lost because they were locked */
uint64_t extstore_compact_rescues; /* items re-written during compaction */
uint64_t extstore_compact_skipped; /* unhit items skipped during compaction */
+#endif
+#ifdef TLS
+ uint64_t ssl_handshake_errors; /* TLS failures at accept/handshake time */
#endif
struct timeval maxconns_entered; /* last time maxconns entered */
};
diff --git a/t/stats.t b/t/stats.t
index 028a60a..f1dcd54 100755
--- a/t/stats.t
+++ b/t/stats.t
@@ -26,7 +26,7 @@ my $stats = mem_stats($sock);
# Test number of keys
if (MemcachedTest::enabled_tls_testing()) {
# when TLS is enabled, stats contains time_since_server_cert_refresh
- is(scalar(keys(%$stats)), 72, "expected count of stats values");
+ is(scalar(keys(%$stats)), 73, "expected count of stats values");
} else {
is(scalar(keys(%$stats)), 71, "expected count of stats values");
}

View File

@ -1,94 +0,0 @@
commit 026ca5390c4ee5e3674e3c8fcb7e5b4a940e7725
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Thu Jun 4 19:17:57 2020 +0200
Update test_stats_prefix_dump
- the test was failing on big endian architectures
diff --git a/testapp.c b/testapp.c
index b670708..5a758b4 100644
--- a/testapp.c
+++ b/testapp.c
@@ -322,38 +322,45 @@ static enum test_return test_stats_prefix_record_set(void) {
static enum test_return test_stats_prefix_dump(void) {
int hashval = hash("abc", 3) % PREFIX_HASH_SIZE;
char tmp[500];
- char *expected;
+ char *buf;
+ const char *expected;
int keynum;
int length;
stats_prefix_clear();
- assert(strcmp("END\r\n", stats_prefix_dump(&length)) == 0);
+ assert(strcmp("END\r\n", (buf = stats_prefix_dump(&length))) == 0);
assert(5 == length);
stats_prefix_record_set("abc:123", 7);
+ free(buf);
expected = "PREFIX abc get 0 hit 0 set 1 del 0\r\nEND\r\n";
- assert(strcmp(expected, stats_prefix_dump(&length)) == 0);
+ assert(strcmp(expected, (buf = stats_prefix_dump(&length))) == 0);
assert(strlen(expected) == length);
stats_prefix_record_get("abc:123", 7, false);
+ free(buf);
expected = "PREFIX abc get 1 hit 0 set 1 del 0\r\nEND\r\n";
- assert(strcmp(expected, stats_prefix_dump(&length)) == 0);
+ assert(strcmp(expected, (buf = stats_prefix_dump(&length))) == 0);
assert(strlen(expected) == length);
stats_prefix_record_get("abc:123", 7, true);
+ free(buf);
expected = "PREFIX abc get 2 hit 1 set 1 del 0\r\nEND\r\n";
- assert(strcmp(expected, stats_prefix_dump(&length)) == 0);
+ assert(strcmp(expected, (buf = stats_prefix_dump(&length))) == 0);
assert(strlen(expected) == length);
stats_prefix_record_delete("abc:123", 7);
+ free(buf);
expected = "PREFIX abc get 2 hit 1 set 1 del 1\r\nEND\r\n";
- assert(strcmp(expected, stats_prefix_dump(&length)) == 0);
+ assert(strcmp(expected, (buf = stats_prefix_dump(&length))) == 0);
assert(strlen(expected) == length);
- /* The order of results might change if we switch hash functions. */
stats_prefix_record_delete("def:123", 7);
- expected = "PREFIX abc get 2 hit 1 set 1 del 1\r\n"
- "PREFIX def get 0 hit 0 set 0 del 1\r\n"
- "END\r\n";
- assert(strcmp(expected, stats_prefix_dump(&length)) == 0);
- assert(strlen(expected) == length);
+ free(buf);
+ /* NOTE: Prefixes can be dumped in any order, so we verify that
+ each expected line is present in the string. */
+ buf = stats_prefix_dump(&length);
+ assert(strstr(buf, "PREFIX abc get 2 hit 1 set 1 del 1\r\n") != NULL);
+ assert(strstr(buf, "PREFIX def get 0 hit 0 set 0 del 1\r\n") != NULL);
+ assert(strstr(buf, "END\r\n") != NULL);
+ free(buf);
/* Find a key that hashes to the same bucket as "abc" */
bool found_match = false;
@@ -367,13 +374,16 @@ static enum test_return test_stats_prefix_dump(void) {
}
assert(found_match);
stats_prefix_record_set(tmp, strlen(tmp));
- snprintf(tmp, sizeof(tmp),
- "PREFIX %d get 0 hit 0 set 1 del 0\r\n"
- "PREFIX abc get 2 hit 1 set 1 del 1\r\n"
- "PREFIX def get 0 hit 0 set 0 del 1\r\n"
- "END\r\n", keynum);
- assert(strcmp(tmp, stats_prefix_dump(&length)) == 0);
- assert(strlen(tmp) == length);
+ buf = stats_prefix_dump(&length);
+ assert(strstr(buf, "PREFIX abc get 2 hit 1 set 1 del 1\r\n") != NULL);
+ assert(strstr(buf, "PREFIX def get 0 hit 0 set 0 del 1\r\n") != NULL);
+ assert(strstr(buf, "END\r\n") != NULL);
+ snprintf(tmp, sizeof(tmp), "PREFIX %d get 0 hit 0 set 1 del 0\r\n", keynum);
+ assert(strstr(buf, tmp) != NULL);
+ free(buf);
+
+ /* Marking the end of these tests */
+ stats_prefix_clear();
return TEST_PASS;
}

View File

@ -1,25 +0,0 @@
commit 79140c7033519cdbcc9d59f08425ddda0a79bff7
Author: dormando <dormando@rydia.net>
Date: Mon Mar 23 14:40:34 2020 -0700
tls: fix refresh_certs crash when disabled
segfaults server if refresh_certs command is run with TLS compiled in
but not enabled.
diff --git a/tls.c b/tls.c
index c440a7e..ae1cb4d 100644
--- a/tls.c
+++ b/tls.c
@@ -94,6 +94,11 @@ static bool load_server_certificates(char **errmsg) {
*errmsg = NULL;
return false;
}
+ if (settings.ssl_ctx == NULL) {
+ snprintf(error_msg, errmax, "Error TLS not enabled\r\n");
+ *errmsg = error_msg;
+ return false;
+ }
SSL_LOCK();
if (!SSL_CTX_use_certificate_chain_file(settings.ssl_ctx,
settings.ssl_chain_cert)) {

View File

@ -1,22 +0,0 @@
commit aac7d69207fa08c0114625fbfb35a11d88a0cace
Author: dormando <dormando@rydia.net>
Date: Mon Mar 16 19:46:12 2020 -0700
tls: handle accept errors properly
0 return from accept is also an error. pointed out by @tharanga on
review.
diff --git a/memcached.c b/memcached.c
index be93474..b9ce8b1 100644
--- a/memcached.c
+++ b/memcached.c
@@ -7021,7 +7021,7 @@ static void drive_machine(conn *c) {
}
SSL_set_fd(ssl, sfd);
int ret = SSL_accept(ssl);
- if (ret < 0) {
+ if (ret <= 0) {
int err = SSL_get_error(ssl, ret);
if (err == SSL_ERROR_SYSCALL || err == SSL_ERROR_SSL) {
if (settings.verbose) {

View File

@ -1,8 +1,7 @@
diff --git a/scripts/memcached.service b/scripts/memcached.service
index 88a4b8a..a328a9a 100644
--- a/scripts/memcached.service
+++ b/scripts/memcached.service
@@ -11,6 +11,7 @@
diff -up memcached-1.4.28/scripts/memcached.service.unit memcached-1.4.28/scripts/memcached.service
--- memcached-1.4.28/scripts/memcached.service.unit 2016-07-02 03:14:25.000000000 +0200
+++ memcached-1.4.28/scripts/memcached.service 2016-07-12 13:54:54.275782170 +0200
@@ -9,6 +9,7 @@
[Unit]
Description=memcached daemon

1
SOURCES/memcached.conf Normal file
View File

@ -0,0 +1 @@
u memcached - "memcached daemon" -

View File

@ -1,47 +1,46 @@
%define username memcached
%define groupname memcached
%bcond_without sasl
%bcond_without tls
%bcond_with seccomp
%bcond_without tls
%bcond_with tests
%global selinuxtype targeted
%global selinuxmoduletype contrib
%global selinuxmodulename memcached
%global selinuxmodulever 1.0.2
%global selinuxmoduledir %{selinuxmodulename}-selinux-%{selinuxmodulever}
Name: memcached
Version: 1.5.22
Release: 2%{?dist}
Version: 1.6.9
Release: 7%{?dist}
Epoch: 0
Summary: High Performance, Distributed Memory Object Cache
Group: System Environment/Daemons
License: BSD
URL: https://www.memcached.org/
Source0: https://www.memcached.org/files/%{name}-%{version}.tar.gz
Source1: memcached.sysconfig
# SELinux policy sources: https://pagure.io/memcached-selinux/tree/master
Source2: https://releases.pagure.org/memcached-selinux/memcached-selinux-1.0.2.tar.gz
Source3: memcached.conf
Patch1: memcached-unit.patch
# patches which fix severe known issues found until version 1.6.6
Patch2: memcached-restart-corrupted.patch
Patch3: memcached-fix-rejconn-counting.patch
Patch4: memcached-low-conns-segfault.patch
Patch5: memcached-metaget-errstr-init.patch
Patch6: memcached-sasl-config.patch
Patch7: memcached-sig-handler.patch
Patch8: memcached-tls-crt-refresh-crash.patch
Patch9: memcached-tls-hand-errs.patch
Patch10: memcached-stats.patch
Patch11: memcached-restart-shutdown-segfault.patch
Patch12: memcached-restart-del-items-fail.patch
Patch13: memcached-restart-double-free.patch
Patch14: memcached-issue685.patch
Patch15: memcached-test-cache-dump.patch
BuildRequires: make
BuildRequires: gcc libevent-devel systemd
BuildRequires: perl-generators
BuildRequires: perl(Test::More), perl(Test::Harness)
%{?with_sasl:BuildRequires: cyrus-sasl-devel}
%{?with_seccomp:BuildRequires: libseccomp-devel}
%{?with_tls:BuildRequires: openssl-devel}
BuildRequires: systemd-rpm-macros
Requires(pre): shadow-utils
# Rich dependency syntax - require selinux policy subpackage
# when selinux-policy-targeted is installed
# This ensures that the selinux subpackage is not installed when not needed
# (e.g. inside a container)
Requires: (%{name}-selinux if selinux-policy-targeted)
%{?systemd_requires}
%description
@ -51,27 +50,40 @@ web applications by alleviating database load.
%package devel
Summary: Files needed for development using memcached protocol
Group: Development/Libraries
Requires: %{name} = %{epoch}:%{version}-%{release}
%description devel
Install memcached-devel if you are developing C/C++ applications that require
access to the memcached binary include files.
%package selinux
Summary: Selinux policy module
License: GPLv2
BuildRequires: selinux-policy
%{?selinux_requires}
%description selinux
Install memcached-selinux to ensure your system contains the latest SELinux policy
optimised for use with this version of memcached.
%prep
%autosetup -p1
# Unpack memcached sources into memcached-X.X.X directory
# and SELinux policy sources into memcached-selinux-X.X
%setup -q -b 2
%patch1 -p1 -b .unit
%build
# compile with full RELRO
export CFLAGS="%{optflags} -pie -fpie"
export LDFLAGS="-Wl,-z,relro,-z,now"
%configure \
%{?with_sasl: --enable-sasl} \
%{?with_sasl: --enable-sasl --enable-sasl-pwdb} \
%{?with_seccomp: --enable-seccomp} \
%{?with_tls: --enable-tls}
make %{?_smp_mflags}
pushd ../%{selinuxmoduledir}
make
popd
%check
# tests are disabled by default as they are unreliable on build systems
%{!?with_tests: exit 0}
@ -104,18 +116,29 @@ install -Dp -m0644 scripts/memcached.service \
# Default configs
install -Dp -m0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
# install SELinux policy module
pushd ../%{selinuxmoduledir}
install -d %{buildroot}%{_datadir}/selinux/packages
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{selinuxmoduletype}
# Not installing memcached.if - interface file from selinux-policy-devel will be used
# see. "Independant product policy" documentation for more details
install -m 0644 %{selinuxmodulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
popd
install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/memcached.conf
%pre
getent group %{groupname} >/dev/null || groupadd -r %{groupname}
getent passwd %{username} >/dev/null || \
useradd -r -g %{groupname} -d /run/memcached \
-s /sbin/nologin -c "Memcached daemon" %{username}
exit 0
%sysusers_create_compat %{SOURCE3}
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post
%systemd_post memcached.service
%post selinux
# install selinux policy module with priority 200 to override the default policy
%selinux_modules_install -s %{selinuxtype} -p 200 %{_datadir}/selinux/packages/%{selinuxmodulename}.pp.bz2 &> /dev/null
%preun
%systemd_preun memcached.service
@ -124,6 +147,13 @@ exit 0
%postun
%systemd_postun_with_restart memcached.service
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} -p 200 %{selinuxmodulename}
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype} &> /dev/null
%files
%doc AUTHORS ChangeLog COPYING NEWS README.md doc/CONTRIBUTORS doc/*.txt
@ -133,37 +163,140 @@ exit 0
%{_mandir}/man1/memcached-tool.1*
%{_mandir}/man1/memcached.1*
%{_unitdir}/memcached.service
%{_sysusersdir}/memcached.conf
%files devel
%{_includedir}/memcached/*
%files selinux
%attr(0644,root,root) %{_datadir}/selinux/packages/%{selinuxmodulename}.pp.bz2
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{selinuxmodulename}
%license ../%{selinuxmoduledir}/COPYING
%changelog
* Thu Jun 04 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.22-2
- Update testing (#1809536)
* Wed Jun 15 2022 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.9-7
- Use systemd-users
- Resolves: rhbz#2095432
* Mon May 18 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.22-1
- Rebase to version 1.5.22 (#1809536)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0:1.6.9-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Mar 30 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.16-1
- Rebase to version 1.5.16 (#1809536)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0:1.6.9-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.9-3
- fix null-pointer dereference in "lru mode" and "lru temp_ttl" (#1709408)
- CVE-2019-11596
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0:1.6.9-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Feb 08 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.9-2
- fix lru-maintainer test (#1671666)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.6.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Aug 08 2018 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.9-1
- update to 1.5.9 (#1613690)
* Mon Jan 25 2021 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.9-2
- Enable sasl pwdb (#1909724)
* Wed Aug 01 2018 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.7-3
- disable tests in check stage by default (#1610006)
* Tue Nov 24 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.9-1
- Update to 1.6.9
* Tue Jul 24 2018 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.7-2
- add missing va_end() call (#1602616)
- enable tests in check stage again
* Thu Oct 29 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.8-1
- Update to 1.6.8
* Tue Sep 15 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.7-2
- Rebuilt with libevent-2.1.12
* Mon Sep 07 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.7-1
- Update to 1.6.7
* Tue Aug 04 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.6-4
- Resolve FTBFS (#1863678)
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.6.6-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.6.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 18 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.6-1
- Update to 1.6.6
* Wed Apr 22 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.5-1
- Update to 1.6.5
* Mon Apr 06 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.3-2
- Fix undefined behaviour on build with -D_FORTIFY_SOURCE=2
- Found by tstellar@redhat.com
* Sun Mar 29 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.3-1
- Update to 1.6.3
* Tue Mar 24 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.2-1
- Update to 1.6.2
* Thu Mar 19 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.6.1-1
- Update to 1.6.1
* Wed Mar 04 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.22-2
- Enable TLS by default
* Fri Feb 07 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.22-1
- update to 1.5.22
* Thu Jan 30 2020 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.21-1
- update to 1.5.21
- make memcached gcc 10 compliant
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.5.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Nov 25 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.20-1
- update to 1.5.20
* Sun Sep 22 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.18-1
- update to 1.5.18
* Tue Sep 03 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.17-1
- update to 1.5.17
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.5.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon May 27 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.16-1
- update to 1.5.16
* Wed May 22 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.15-1
- update to 1.5.15
* Mon May 06 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.14-1
- update to 1.5.14 (CVE-2019-11596)
* Tue Apr 16 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.13-1
- update to 1.5.13
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.5.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Aug 30 2018 Vit Mojzis <vmojzis@redhat.com> - 0:1.5.10-2
- selinux: Update to 1.0.2
- selinux: Use license file from memcached-selinux tar
- add "Requires" for selinux subpackage
* Mon Aug 13 2018 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.10-1
- update to 1.5.10
- add conditional for running tests in check stage
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.5.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 09 2018 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.9-1
- update to 1.5.9
* Tue Jun 05 2018 Vit Mojzis <vmojzis@redhat.com> - 0:1.5.8-2
- add "selinux" subpackage containing SELinux policy module
* Fri May 25 2018 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.8-1
- update to 1.5.8
- use system CFLAGS and LDFLAGS
* Thu Mar 29 2018 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.7-1
- update to 1.5.7