ubuntu/+source/memcached:ubuntu/raring-security

Last commit made on 2014-01-13
Get this branch:
git clone -b ubuntu/raring-security https://git.launchpad.net/ubuntu/+source/memcached
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/raring-security
Repository:
lp:ubuntu/+source/memcached

Recent commits

4deb9f7... by Marc Deslauriers on 2014-01-07

Import patches-unapplied version 1.4.14-0ubuntu1.13.04.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: ca632b4b0c85d8923329771721b20da48613628c

New changelog entries:
  * SECURITY UPDATE: denial of service via large body length
    - debian/patches/CVE-2011-4971.patch: check length in memcached.c,
      added test to t/issue_192.t.
    - CVE-2011-4971
  * SECURITY UPDATE: denial of service when using -vv
    - debian/patches/CVE-2013-0179.patch: properly format key in items.c,
      memcached.c.
    - CVE-2013-0179
  * SECURITY UPDATE: SASL authentication bypass
    - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
      states in memcached.*, added test to t/binary-sasl.t.
    - CVE-2013-7239

ca632b4... by Clint Byrum on 2012-08-23

Import patches-unapplied version 1.4.14-0ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: d1ad4f9ff798ad61150bc4ec6d415bc4f01dd4b4

New changelog entries:
  * New upstream release.
  * d/p/60_fix_racey_test.patch: Dropped, applied upstream.

d1ad4f9... by Clint Byrum on 2012-07-31

Import patches-unapplied version 1.4.13-0.1ubuntu3 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: bc23b25a1ba4e16949d0a36388a1766fd35aa355

New changelog entries:
  * d/p/start-memcached-fix-hash.patch: Change regex to make sure
    inline comments can function per feedback from upstream. Passing
    "#" to arguments now requires escaping with \.

bc23b25... by Clint Byrum on 2012-07-29

Import patches-unapplied version 1.4.13-0.1ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 95198c4673499ed11a768ade6d10b30e8f21f2af

New changelog entries:
  * d/p/start-memcached-fix-hash.patch: Apply patch to allow passing
    # as a value for memcached options such as -D to use # as a prefix
    delimiter for stats collection. (LP: #1005821)

95198c4... by James Page on 2012-05-28

Import patches-unapplied version 1.4.13-0.1ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 25969917432ee26dcf6fc4436cdacd34807faebb

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Run as 'memcache' user instead of nobody.
    - Depend on adduser for preinst/postrm.
    - Create user in postinst.
    - d/rules: run test suite on build.
    - d/patches/50_fix_racey_test.patch: Cherry picked patch from
      upstream bug tracker which endeavours to avoid the race condition.
      Thanks to Clint Byrum for this fix.
    - d/patches/50_add_init_retry.patch: Dropped - superceeded by Debian
      patch.

2596991... by Arno Töll <email address hidden> on 2012-05-08

Import patches-unapplied version 1.4.13-0.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5578f8d3aad80717a27ee4f07cb60a2ff25338dc

New changelog entries:
   * Non-maintainer upload.
     + Include changes of my previous NMU (filed as #641770 back then)
   * Package new upstream release
     + this fixes "Please package upstream version 1.4.13" (Closes: #667746)
     + enable support for SASL authentication in debian/rules and add
       build-dependencies accordingly (Closes: #616148)
     + Include support for "-o maxconns_fast" which causes clients not to block
       for a long time on busy servers
   * Build package with hardened build flags. Thanks to Moritz Muehlenhoff for
     providing a patch. Moreover, add a build-dependency for dpkg-dev (>=
     1.15.7) for people considering to make a backport on very old systems
     (Closes: #655134)
   * Update patches:
     + 03_fix_ftbfs4hurd.patch: Refresh hunk offsets, leave changes untouched
     + Drop 04_fix_double_fork_in_start-memcached.patch: applied upstream
     + Apply patch supplied by Clint Byrum as 04_add_init_retry.patch which
       causes start-stop-daemon to wait up to 5 seconds upon termination of
       memached (Closes: #659300)

5578f8d... by Arno Töll <email address hidden> on 2011-09-15

Import patches-unapplied version 1.4.7-0.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4ec5630479059e2678fdc72658750b3a36164de

New changelog entries:
  * Non-maintainer upload.
  * Refresh patches, keep all changed hunks except some changes in
    `01_init_script_additions.patch' untouched.
  * New upstream release. Closes:
    - "FTBFS: memcached.c:1023:16: error: dereferencing type-punned
      pointer will break strict-aliasing rules" (Closes: #618096)
    - "ftbfs with gcc-4.6 -Werror" (Closes: #625397)
    - "FTBFS with libevent 2.0 in experimental" This is actually a duplicate
      of #625397 above (Closes: #632764)
    - Fix "please package new upstream release" (Closes: #641059)
  * Fix "Fix FTBFS on hurd-i386" add proposed patch as
    `03_fix_ftbfs4hurd.patch'. Thanks Svante Signell (Closes: #637695)
  * Fix "initscript on restart ignore $ENABLE_MEMCACHED" Add a sanity check
    to the init script (Closes: #636496)
  * Fix "debian/watch doesn't work" Replace the watch file to match the new
    Google Code layout (taken from the sinntp package) (Closes: #641520)
  * Add `04_fix_double_fork_in_start-memcached.patch'. This patch causes the
    start-memcached script to correctly write its PIDFILE, which, in turn,
    allows the init script correct operations. This also fixes "status
    operation on init.d not working correctly (needs to pass $PIDFILE to
    status_of_proc)", however add the $PIDFILE argument additionally none-
    theless as suggested (Closes: #622281)

d4ec563... by David Martínez Moreno on 2010-05-12

Import patches-unapplied version 1.4.5-1 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 3956e901542830717d5f0aa6cb3d3f117cae4413

New changelog entries:
  * New upstream release. Main changes since 1.4.2 are:
    New features:
    - Support for SASL authentication.
    - New script damemtop - a memcached top.
    - Slab optimizations.
    - New stats, for reclaimed memory and SASL events.
    Bugs fixed:
    - Malicious input can crash server (CVE-2010-1152). Closes: #579913.
    - Fixed several problems with slab handling and growth.
    - Provide better error reporting.
    - Fix get stats accounting.
    - Fixed backwards compatibility with delete 0.
    - Documentation fixes.
    - Various build fixes, among others, fixed FTBFS with gcc-4.5 (closes:
      #565033).
  * Refreshed and renamed 01_init_script_compliant_with_LSB.patch.
  * Fixed lintian warnings by adding $remote_fs to init.d script.
  * Removed non-existent document (doc/memory_management.txt).
  * debian/control: Bumped Standards-Version to 3.8.4 (no changes).
  *

3956e90... by David Martínez Moreno on 2009-10-16

Import patches-unapplied version 1.4.2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9d3ed15a4202788275993b06fc2d2dc727b5ba5a

New changelog entries:
  * New upstream release, primarily bugfixes, some of them critical, hence
    the urgency:
    - Reject keys larger than 250 bytes in the binary protocol.
    - Bounds checking on stats cachedump.
    - Binary protocol set+cas wasn't returning a new cas ID.
    - Binary quitq didn't actually close the connection
    - Slab boundary checking cleanup (bad logic in unreachable code)
    - Get hit memory optimizations
    - Disallow -t options that cause the server to not work
    - Killed off incomplete slab rebalance feature.
  * debian/patches:
    - 01_init_script_compliant_with_LSB.patch: Remade as upstream applied a
      whitespace cleanup script that broke the patch.
    - 02_manpage_additions.patch: Added missing parameters to the memcached
      manpage.
  * Removed TODO from debian/docs.

9d3ed15... by David Martínez Moreno on 2009-09-18

Import patches-unapplied version 1.4.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 00a5cba9bc64864a154160d33e2e3c73852365a7

New changelog entries:
  * New upstream release (closes: #545883):
    - Finally addressed CVE-2009-2415: heap-based buffer overflow in length
      processing (closes: #540379).
    - Boundary condition during pipelined decoding caused crash.
    - Bad initialization during buffer realloc.
    - Buffer overrun in stats_prefix_find.
    - Other fixes and cleanups.
  * Changed the default start to yes in /etc/init.d/memcached as well.
  * debian/watch updated with new format and URL in code.google.com. Thanks,
    Monty Taylor.
  * Added get-orig-source target, thanks to Monty Taylor.
  * debian/control:
    - Upgraded Standards-Version to 3.8.3 (no changes).
    - Added Suggests: libmemcached.
    - Bumped debhelper dependency and debian/compat to 6.
    - Added Depends on quilt 0.46-7 in order to use dh_quilt_* helpers.
  * debian/rules: Added dh_quilt_* helpers.
  * Added direct patches to source as quilt patches.
  * debian/README.source: Created such file to shut up lintian pedantic.