~sergiodj/ubuntu/+source/memcached:sasl-configuration-wrong-path-bug1878721-eoan

Branch merges

Propose for merging

Merged into ubuntu/+source/memcached:ubuntu/eoan-devel at revision e56ed463b1bfea92341bce22a4407f2d25c02366

Bryce Harrington (community): Approve on 2020-06-04

Anders Kaseorg (community): Approve on 2020-05-28

Canonical Server Core Reviewers: Pending requested 2020-05-28

Diff: 144 lines (+122/-0)

3 files modified

debian/changelog (+18/-0)
debian/patches/fix-bug-where-sasl-will-load-config-the-wrong-path.patch (+103/-0)
debian/patches/series (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

e56ed46... by Sergio Durigan Junior on 2020-05-27

Update changelog for 1.5.10-0ubuntu3.1.

b6e9815... by Sergio Durigan Junior on 2020-05-26

  * d/p/fix-bug-where-sasl-will-load-config-the-wrong-path.patch:
    Fix the path from which SASL configuration is loaded. (LP: #1878721)
    The bug happened because sasl expects memcached to provide a
    path (i.e., a directory, not a filename) where the sasl
    configuration file(s) is (are). However, memcached was passing
    the filename (/etc/sasl2/memcached.conf) to sasl, which was
    interpreting it as a directory, and looking for a configuration
    file inside it (i.e., /etc/sasl2/memcached.conf/memcached.conf).
    Users could workaround this bug by creating a directory named
    /etc/sasl2/memcached.conf/, and putting the configuration file
    inside it. This patch not only fixes this bug (by passing the
    right directory, /etc/sasl2/, to sasl) but also supports the
    workaround described above.

4237c67... by Leonidas S. Barbosa on 2019-09-05

Import patches-unapplied version 1.5.10-0ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6c2370a59028ead999ac7bd177ec57938d3a9368

New changelog entries:
  * SECURITY UPDATE: stack-based buffer over-read
    - debian/patches/CVE-2019-15026.patch: fix strncpy call to
      avoid ASAN violation in memcached.c.
    - CVE-2019-15026

6c2370a... by Marc Deslauriers on 2019-04-30

Import patches-unapplied version 1.5.10-0ubuntu2 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6977a63dd4f9ed9672373d946f40b82052885069

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted lru messages
    - debian/patches/CVE-2019-11596.patch: fix off by one in token count in
      memcached.c.
    - CVE-2019-11596

6977a63... by Robie Basak on 2018-08-13

Import patches-unapplied version 1.5.10-0ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 9ba771d1da47c3e845509007747f1ce9a3cae1f4

9ba771d... by Robie Basak on 2018-08-20

Tweak changelog following review feedback

05743dd... by Robie Basak on 2018-08-13

update-maintainer

1021c03... by Robie Basak on 2018-08-13

Changelog for 1.5.10-0ubuntu1

e6be475... by Robie Basak on 2018-08-13

Update to new upstream 1.5.10

95243ae... by Guillaume Delacour on 2018-03-06

Import patches-unapplied version 1.5.6-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f1a7050c2631d74876509f87ddd6f017cdb6ac13

New changelog entries:
  * New upstream release
    + Fix CVE-2018-1000115 (UDP is no more enabled by default)
    + Update debian/patches/02_service_wrapper.patch
    + Update debian/tests/client.pl to verify that UDP is disabled by default
  * Remove generated debian/memcached.service
  * Bumped policy version to 4.1.3