--- memcached-1.4.14.orig/debian/NEWS +++ memcached-1.4.14/debian/NEWS @@ -0,0 +1,7 @@ +memcached (1.4.14-0ubuntu9.2) xenial; urgency=medium + + * memcached is now configured to disable its UDP port by default, to + prevent its use as a DDoS amplifier. To re-enable UDP service, add + '-U 11211' to /etc/memcached.conf and restart the memcahced service. + + -- Steve Beattie Mon, 05 Mar 2018 02:12:01 -0800 --- memcached-1.4.14.orig/debian/README.Debian +++ memcached-1.4.14/debian/README.Debian @@ -0,0 +1,14 @@ +Memcached has two logical uses in this package, a system daemon that can be run +from the standard /etc/init.d/ interface, or one that can be run from userland +from a the command line such as + /usr/bin/memcached -d + +The former has been setup to run through the start-memcached script, reading in +the configuration from /etc/memcached.conf. The start-memcached script ignores +certain parameters as discussed in the configuration file itself. + +The latter is the binary as provided by Danga, and reads in options from the +command line, ignoring the Debian-specific configuration file entirely. + + --Jay Bonci + jaybonci@debian.org --- memcached-1.4.14.orig/debian/README.source +++ memcached-1.4.14/debian/README.source @@ -0,0 +1,4 @@ +This package uses quilt for patch management. Refer to /usr/share/doc/quilt/README.source +from the package 'quilt' for more information about this system. + + -- David Martínez Moreno Fri, 18 Sep 2009 02:43:54 +0200 --- memcached-1.4.14.orig/debian/changelog +++ memcached-1.4.14/debian/changelog @@ -0,0 +1,499 @@ +memcached (1.4.14-0ubuntu9.3) trusty-security; urgency=medium + + * SECURITY UPDATE: Integer Overflow in items.c:item_free() + - debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount + on get in memcached.c. + - CVE-2018-1000127 + + -- Marc Deslauriers Mon, 19 Mar 2018 10:15:57 -0400 + +memcached (1.4.14-0ubuntu9.2) trusty-security; urgency=medium + + * SECURITY UPDATE: denial of service due to integer overflow + - debian/patches/CVE-2017-9951.patch: check for integer overflow on + key requests + - CVE-2017-9951 + * SECURITY UPDATE: disable listening on UDP port by default due to + use in DDoS amplification attacks + - debian/patches/disable-udp-by-default.patch: disable UDP port by + default. (LP: #1752831) + - debian/NEWS: add explanation and document how to re-enable UDP if + necessary. + - CVE-2018-1000115 + + -- Steve Beattie Mon, 05 Mar 2018 02:10:59 -0800 + +memcached (1.4.14-0ubuntu9.1) trusty-security; urgency=medium + + * SECURITY UPDATE: multiple integer overflow vulnerabilities + - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c, + properly handle lengths in memcached.c. + - CVE-2016-8704 + - CVE-2016-8705 + - CVE-2016-8706 + + -- Marc Deslauriers Wed, 02 Nov 2016 08:17:58 -0400 + +memcached (1.4.14-0ubuntu9) trusty; urgency=low + + * SECURITY UPDATE: denial of service via large body length + - debian/patches/CVE-2011-4971.patch: check length in memcached.c, + added test to t/issue_192.t. + - CVE-2011-4971 + * SECURITY UPDATE: denial of service when using -vv + - debian/patches/CVE-2013-0179.patch: properly format key in items.c, + memcached.c. + - CVE-2013-0179 + * SECURITY UPDATE: SASL authentication bypass + - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth + states in memcached.*, added test to t/binary-sasl.t. + - CVE-2013-7239 + * debian/memcached.postinst: don't create home directory so we don't end + up with /nonexistent. Thanks to Dustin Lundquist for patch. + (LP: #1255328) + + -- Marc Deslauriers Mon, 13 Jan 2014 15:48:48 -0500 + +memcached (1.4.14-0ubuntu8) trusty; urgency=low + + * Revert unnecessary deltas added to patches compared to Debian. + * Revert use of dh-autoreconf and patch configure manually to + match configure.ac, as this package despises modern autotools. + + -- Adam Conrad Thu, 14 Nov 2013 23:16:44 +0000 + +memcached (1.4.14-0ubuntu7) trusty; urgency=low + + * debian/rules: Fix the previous fixes a little harder, so they work. + + -- Adam Conrad Thu, 14 Nov 2013 22:49:46 +0000 + +memcached (1.4.14-0ubuntu6) trusty; urgency=low + + * debian/rules: Shuffle things around so that dh_autoreconf is always + run before dh_quilt_patch. Fixes FTBFS with dpkg-buildpackage -B. + + -- Barry Warsaw Thu, 14 Nov 2013 17:05:29 -0500 + +memcached (1.4.14-0ubuntu5) trusty; urgency=low + + * debian/control: added lsb-release, dh-autoreconf to build depends + * debian/rules: run autoreconf + * debian/patches/fix-distribution.patch: added patch to show + distribution on version + + -- Yolanda Robla Wed, 13 Nov 2013 13:50:59 +0100 + +memcached (1.4.14-0ubuntu4) saucy; urgency=low + + * Move dh_quilt_apply into configure step so that config.{sub,guess} + patches get applied before running configure. (LP: #1218114) + + -- dann frazier Thu, 29 Aug 2013 20:28:20 -0400 + +memcached (1.4.14-0ubuntu3) saucy; urgency=low + + * Update config.{guess,sub} for Aarch64. + + -- Matthias Klose Tue, 13 Aug 2013 13:52:58 +0200 + +memcached (1.4.14-0ubuntu2) saucy; urgency=low + + * debian/tests: Add autopkgtest. + + -- Yolanda Mon, 27 May 2013 11:27:24 +0200 + +memcached (1.4.14-0ubuntu1) quantal; urgency=low + + * New upstream release. + * d/p/60_fix_racey_test.patch: Dropped, applied upstream. + + -- Clint Byrum Thu, 23 Aug 2012 13:52:39 -0700 + +memcached (1.4.13-0.1ubuntu3) quantal; urgency=low + + * d/p/start-memcached-fix-hash.patch: Change regex to make sure + inline comments can function per feedback from upstream. Passing + "#" to arguments now requires escaping with \. + + -- Clint Byrum Tue, 31 Jul 2012 14:40:31 -0700 + +memcached (1.4.13-0.1ubuntu2) quantal; urgency=low + + * d/p/start-memcached-fix-hash.patch: Apply patch to allow passing + # as a value for memcached options such as -D to use # as a prefix + delimiter for stats collection. (LP: #1005821) + + -- Clint Byrum Sun, 29 Jul 2012 00:14:09 -0700 + +memcached (1.4.13-0.1ubuntu1) quantal; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Run as 'memcache' user instead of nobody. + - Depend on adduser for preinst/postrm. + - Create user in postinst. + - d/rules: run test suite on build. + - d/patches/50_fix_racey_test.patch: Cherry picked patch from + upstream bug tracker which endeavours to avoid the race condition. + Thanks to Clint Byrum for this fix. + - d/patches/50_add_init_retry.patch: Dropped - superceeded by Debian + patch. + + -- James Page Mon, 28 May 2012 15:21:53 +0100 + +memcached (1.4.13-0.1) unstable; urgency=low + + * Non-maintainer upload. + + Include changes of my previous NMU (filed as #641770 back then) + * Package new upstream release + + this fixes "Please package upstream version 1.4.13" (Closes: #667746) + + enable support for SASL authentication in debian/rules and add + build-dependencies accordingly (Closes: #616148) + + Include support for "-o maxconns_fast" which causes clients not to block + for a long time on busy servers + * Build package with hardened build flags. Thanks to Moritz Muehlenhoff for + providing a patch. Moreover, add a build-dependency for dpkg-dev (>= + 1.15.7) for people considering to make a backport on very old systems + (Closes: #655134) + * Update patches: + + 03_fix_ftbfs4hurd.patch: Refresh hunk offsets, leave changes untouched + + Drop 04_fix_double_fork_in_start-memcached.patch: applied upstream + + Apply patch supplied by Clint Byrum as 04_add_init_retry.patch which + causes start-stop-daemon to wait up to 5 seconds upon termination of + memached (Closes: #659300) + + -- Arno Töll Tue, 08 May 2012 19:24:27 +0200 + +memcached (1.4.13-0ubuntu2) precise; urgency=low + + * Fix FTBFS due to racey test case: + - d/patches/50_fix_racey_test.patch: Cherry picked patch from + upstream bug tracker which endeavours to avoid the race condition. + Thanks to Clint Byrum for this fix. + + -- James Page Wed, 04 Apr 2012 17:21:16 +0100 + +memcached (1.4.13-0ubuntu1) precise; urgency=low + + * New upstream release. + * Refreshed patches + * d/p/50_add_init_retry.patch: use --retry to wait up to 5 seconds + for memcached to die. (LP: #795673) + * d/rules: run test suite on build (LP: #586632) + + -- Clint Byrum Thu, 09 Feb 2012 15:35:15 -0800 + +memcached (1.4.11-0ubuntu1) precise; urgency=low + + * New upstream release + - Fix race condition issue introduced in 1.4.10 + - Multiple other bug fixes + - Initial (beta - API may change) implementation of slab reassingment + + -- Scott Kitterman Sun, 22 Jan 2012 14:12:32 -0500 + +memcached (1.4.10-0ubuntu1) precise; urgency=low + + * New upstream release + - Multiple bug fixes + - General work on performance improvement + - Improvements in speed between 3 and 6 worker threads + + -- Scott Kitterman Tue, 20 Dec 2011 11:10:01 -0500 + +memcached (1.4.9-0ubuntu1) precise; urgency=low + + * New upstream release + - Drop debian/patches/04_fix_double_fork_in_start-memcached.patch since + it is included in this release + + -- Scott Kitterman Tue, 18 Oct 2011 11:16:01 -0400 + +memcached (1.4.7-0.1ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + - Run as 'memcache' user instead of nobody (LP #599461) + - Depend on adduser for preinst/postrm + - Create user in postinst + + -- Scott Kitterman Wed, 05 Oct 2011 13:27:39 -0500 + +memcached (1.4.7-0.1) unstable; urgency=low + + * Non-maintainer upload. + * Refresh patches, keep all changed hunks except some changes in + `01_init_script_additions.patch' untouched. + * New upstream release. Closes: + - "FTBFS: memcached.c:1023:16: error: dereferencing type-punned + pointer will break strict-aliasing rules" (Closes: #618096) + - "ftbfs with gcc-4.6 -Werror" (Closes: #625397) + - "FTBFS with libevent 2.0 in experimental" This is actually a duplicate + of #625397 above (Closes: #632764) + - Fix "please package new upstream release" (Closes: #641059) + * Fix "Fix FTBFS on hurd-i386" add proposed patch as + `03_fix_ftbfs4hurd.patch'. Thanks Svante Signell (Closes: #637695) + * Fix "initscript on restart ignore $ENABLE_MEMCACHED" Add a sanity check + to the init script (Closes: #636496) + * Fix "debian/watch doesn't work" Replace the watch file to match the new + Google Code layout (taken from the sinntp package) (Closes: #641520) + * Add `04_fix_double_fork_in_start-memcached.patch'. This patch causes the + start-memcached script to correctly write its PIDFILE, which, in turn, + allows the init script correct operations. This also fixes "status + operation on init.d not working correctly (needs to pass $PIDFILE to + status_of_proc)", however add the $PIDFILE argument additionally none- + theless as suggested (Closes: #622281) + + -- Arno Töll Thu, 15 Sep 2011 12:43:27 +0200 + +memcached (1.4.5-1ubuntu3) oneiric; urgency=low + + * Fix build failure with GCC 4.6 (LP: #829468). + + -- Colin Watson Mon, 22 Aug 2011 14:30:56 +0100 + +memcached (1.4.5-1ubuntu2) natty; urgency=low + + * Cherry-pick patch from upstream to fix FTBFS with gcc 4.5 (LP: #687984) + - Add 03_fix_ftbfs_gcc_45.patch + + -- Felix Geyer Fri, 10 Dec 2010 16:23:30 +0100 + +memcached (1.4.5-1ubuntu1) maverick; urgency=low + + * Run as 'memcache' user instead of nobody (LP: #599461) + * depend on adduser for preinst/postrm + * create user in postinst + + -- Clint Byrum Tue, 29 Jun 2010 06:37:17 -0700 + +memcached (1.4.5-1) unstable; urgency=high + + * New upstream release. Main changes since 1.4.2 are: + New features: + - Support for SASL authentication. + - New script damemtop - a memcached top. + - Slab optimizations. + - New stats, for reclaimed memory and SASL events. + Bugs fixed: + - Malicious input can crash server (CVE-2010-1152). Closes: #579913. + - Fixed several problems with slab handling and growth. + - Provide better error reporting. + - Fix get stats accounting. + - Fixed backwards compatibility with delete 0. + - Documentation fixes. + - Various build fixes, among others, fixed FTBFS with gcc-4.5 (closes: + #565033). + * Refreshed and renamed 01_init_script_compliant_with_LSB.patch. + * Fixed lintian warnings by adding $remote_fs to init.d script. + * Removed non-existent document (doc/memory_management.txt). + * debian/control: Bumped Standards-Version to 3.8.4 (no changes). + * + + -- David Martínez Moreno Wed, 12 May 2010 11:41:22 +0200 + +memcached (1.4.2-1) unstable; urgency=medium + + * New upstream release, primarily bugfixes, some of them critical, hence + the urgency: + - Reject keys larger than 250 bytes in the binary protocol. + - Bounds checking on stats cachedump. + - Binary protocol set+cas wasn't returning a new cas ID. + - Binary quitq didn't actually close the connection + - Slab boundary checking cleanup (bad logic in unreachable code) + - Get hit memory optimizations + - Disallow -t options that cause the server to not work + - Killed off incomplete slab rebalance feature. + * debian/patches: + - 01_init_script_compliant_with_LSB.patch: Remade as upstream applied a + whitespace cleanup script that broke the patch. + - 02_manpage_additions.patch: Added missing parameters to the memcached + manpage. + * Removed TODO from debian/docs. + + -- David Martínez Moreno Fri, 16 Oct 2009 15:09:43 +0200 + +memcached (1.4.1-1) unstable; urgency=high + + * New upstream release (closes: #545883): + - Finally addressed CVE-2009-2415: heap-based buffer overflow in length + processing (closes: #540379). + - Boundary condition during pipelined decoding caused crash. + - Bad initialization during buffer realloc. + - Buffer overrun in stats_prefix_find. + - Other fixes and cleanups. + * Changed the default start to yes in /etc/init.d/memcached as well. + * debian/watch updated with new format and URL in code.google.com. Thanks, + Monty Taylor. + * Added get-orig-source target, thanks to Monty Taylor. + * debian/control: + - Upgraded Standards-Version to 3.8.3 (no changes). + - Added Suggests: libmemcached. + - Bumped debhelper dependency and debian/compat to 6. + - Added Depends on quilt 0.46-7 in order to use dh_quilt_* helpers. + * debian/rules: Added dh_quilt_* helpers. + * Added direct patches to source as quilt patches. + * debian/README.source: Created such file to shut up lintian pedantic. + + -- David Martínez Moreno Fri, 18 Sep 2009 02:43:54 +0200 + +memcached (1.4.0-1) unstable; urgency=low + + * New upstream release (closes: #484301, #537239): + - New binary protocol, supporting CAS (compare-and-swap). + - Non-threaded version is no longer possible, you just choose to run 1 + thread to have similar behaviour. + - Lots of performance bottlenecks fixed (connection starvation, + contention, disabling of CAS, locks for hash table expansion...). + - Lots of new stats. Main change is that stats now are per-slab where + possible. + - Code cleanup, lots of bugs fixed, added tests, enhanced documentation. + + -- David Martínez Moreno Sat, 01 Aug 2009 23:26:45 +0200 + +memcached (1.2.8-2) unstable; urgency=low + + * After some thinking, probably making memcached starting by default is the + right thing to do (closes: #536524). + * Added status support to init.d script (closes: #528689). Thanks, Peter! + * debian/control: Added dependency on lsb-base (>= 3.2-13). + + -- David Martínez Moreno Sat, 11 Jul 2009 00:29:51 +0200 + +memcached (1.2.8-1) unstable; urgency=high + + * New upstream release, urgency=high because of two critical bugs prior + to this release: + - In 1.2.7 under multithreaded mode, memcached would never restart + accepting connections after hitting the maximum connection limit. + - Remove 'stats maps' command, as it is a potential information leak, + usable if versions prior to 1.2.8 ever have buffer overflows discovered + (CVE-2009-1494). Closes: #526554. + - Make -b command (setting the TCP listen backlog) actually work. + * debian/rules: Removed obsolete --disable-static. + + -- David Martínez Moreno Sat, 02 May 2009 19:15:49 +0200 + +memcached (1.2.7-1) unstable; urgency=low + + * New upstream release, released on 4/3/2009. + - New statistics. + - Added -R option. Limit the number of requests processed by a connection + at once. Prevents starving other threads if bulk loading. + - Added -b command for setting the tcp listen backlog. + - Many minor bugfixes. + + -- David Martínez Moreno Sat, 02 May 2009 18:13:39 +0200 + +memcached (1.2.6-1) unstable; urgency=low + + * New upstream release (closes: #505037). Released on 29/7/2008. + - Major crash fixes. + - DTrace support. + - Minor updates. + * debian/memcached.postrm: Now /var/log/memcached.log is removed on purge. + Thanks, jidanni! (closes: #447288). + + -- David Martínez Moreno Sat, 28 Feb 2009 09:43:24 +0000 + +memcached (1.2.5-1) unstable; urgency=low + + * New upstream release, released on 3/2/2008: + - Minor bugfixes. + - Added support for Opensolaris. + - IPv6 support. + - "noreply" mode for many commands. + - Made "out of memory· errors more clear. + - Added eviction/OOM tracking per slab class. + + -- David Martínez Moreno Fri, 27 Feb 2009 10:48:14 +0000 + +memcached (1.2.4-1) unstable; urgency=low + + * New upstream release (closes: #454699). Released on 6/12/2007: + - Many bug and platform fixes since 1.2.2. + - New threading support for stat queries. + - New commands 'append', 'prepend', 'gets', and 'cas'. + - Updates to the manpage (closes: #441067). + - Now memcached has a flag -a to restrict the socket to a group (closes: + #446606). + * debian/rules: Added memcached-tool to the set of installed scripts. + Thanks, Cyril! (closes: #512400). + + -- David Martínez Moreno Thu, 26 Feb 2009 12:07:03 +0000 + +memcached (1.2.3-1) unstable; urgency=low + + * Take over memcached package. + * New upstream release. Mostly a documentation and warning fixing release. + This one was released on 6/7/2007. + * Added an /etc/default/memcached, thanks to Mark Ferlatte (closes: + #467356). + * debian/rules: Added --enable-threads to configure. It's amazing how this + could be missing from mainstream packages in Debian. + * debian/control: + - Put myself as Maintainer. + - Added Homepage field. + - Bumped Standards-Version to 3.8.0. + - Added ${misc:Depends} to Depends line. + * debian/copyright: Added a lot of information. + * debian/memcached.post{inst,rm}: Added set -e in order to catch errors. + + -- David Martínez Moreno Thu, 26 Feb 2009 09:51:46 +0000 + +memcached (1.2.2-1) unstable; urgency=low + + * New upstream release + + -- Jay Bonci Fri, 29 Jun 2007 10:18:03 -0400 + +memcached (1.2.1-1) unstable; urgency=low + + * New upstream release (Closes: #405054) + * Fix to logfile output so logrotate will work (Closes: #417941) + * Listen in on localhost by default (Closes: #383660) + * Default configuration suggests nobody by default (Closes: #391351) + * Bumped policy version to 3.7.2.2 (No other changes) + + -- Jay Bonci Wed, 02 May 2007 11:35:42 -0400 + +memcached (1.1.12-1) unstable; urgency=low + + * New upstream version + * Updates watchfile so uupdate will work + + -- Jay Bonci Mon, 11 Apr 2005 11:54:39 -0400 + +memcached (1.1.11-3) unstable; urgency=low + + * Rebuild against non-broken libevent + + -- Jay Bonci Fri, 18 Feb 2005 09:11:55 -0500 + +memcached (1.1.11-2) unstable; urgency=low + + * Adds debian/watch file so uscan will work + * Added additional paragraph to debian/control (Closes: #262069) + + -- Jay Bonci Wed, 27 Oct 2004 13:49:22 -0400 + +memcached (1.1.11-1) unstable; urgency=low + + * New upstream version + * Fix silly typo that kept daemon from running as www-data (Closes: #239854) + - Thanks to Karaszi Istvan for the report + * Fix to reopen fds as the logfile, adds logfile support (Closes: #243522) + + -- Jay Bonci Wed, 5 May 2004 17:25:25 -0400 + +memcached (1.1.10-1) unstable; urgency=low + + * New upstream version + + -- Jay Bonci Wed, 31 Dec 2003 10:01:27 -0500 + +memcached (1.1.9-1) unstable; urgency=low + + * Initial Release (Closes: #206268). + + -- Jay Bonci Wed, 15 Oct 2003 15:53:51 -0400 + --- memcached-1.4.14.orig/debian/compat +++ memcached-1.4.14/debian/compat @@ -0,0 +1 @@ +6 --- memcached-1.4.14.orig/debian/control +++ memcached-1.4.14/debian/control @@ -0,0 +1,30 @@ +Source: memcached +Section: web +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: David Martínez Moreno +Build-Depends: debhelper (>= 6), libevent-dev, quilt (>= 0.46-7), libsasl2-dev, + dpkg-dev (>= 1.15.7), lsb-release +Homepage: http://www.danga.com/memcached/ +Standards-Version: 3.8.4 +XS-Testsuite: autopkgtest + +Package: memcached +Architecture: any +Depends: ${shlibs:Depends}, perl, ${misc:Depends}, lsb-base (>= 3.2-13) + , adduser +Suggests: libcache-memcached-perl, libmemcached +Description: A high-performance memory object caching system + Danga Interactive developed memcached to enhance the speed of LiveJournal.com, + a site which was already doing 20 million+ dynamic page views per day for 1 + million users with a bunch of webservers and a bunch of database servers. + memcached dropped the database load to almost nothing, yielding faster page + load times for users, better resource utilization, and faster access to the + databases on a memcache miss. + . + memcached optimizes specific high-load serving applications that are designed + to take advantage of its versatile no-locking memory access system. Clients + are available in several different programming languages, to suit the needs + of the specific application. Traditionally this has been used in mod_perl + apps to avoid storing large chunks of data in Apache memory, and to share + this burden across several machines. --- memcached-1.4.14.orig/debian/copyright +++ memcached-1.4.14/debian/copyright @@ -0,0 +1,58 @@ +This package was debianized by Jay Bonci on +Wed, 15 Oct 2003 15:53:51 -0400. + +It was downloaded from http://www.danga.com/memcached + +Upstream authors: Brad Fitzpatrick and Danga Interactive + +Copyright: + +memcached is (C) Danga Interactive 2003-2007 + +This product includes software developed by Niels Provos (libevent). + +libevent is copyright 2000-2003 Niels Provos +All rights reserved. + +autotools code is Copyright (C) 1992-2007 Free Software Foundation, Inc. + + +License: + +The memcached server is licensed under the BSD-style license. The full text of +that license may be found on a Debian GNU/Linux system in: + +/usr/share/common-licenses/BSD + +autotools code is licensed under GNU Public License. You may find a copy of this +license in a Debian GNU/Linux system in: + +/usr/share/common-licenses/GPL + + +For libevent: + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Niels Provos. +4. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --- memcached-1.4.14.orig/debian/docs +++ memcached-1.4.14/debian/docs @@ -0,0 +1,2 @@ +NEWS +doc/protocol.txt --- memcached-1.4.14.orig/debian/memcached.conf +++ memcached-1.4.14/debian/memcached.conf @@ -0,0 +1,47 @@ +# memcached default config file +# 2003 - Jay Bonci +# This configuration file is read by the start-memcached script provided as +# part of the Debian GNU/Linux distribution. + +# Run memcached as a daemon. This command is implied, and is not needed for the +# daemon to run. See the README.Debian that comes with this package for more +# information. +-d + +# Log memcached's output to /var/log/memcached +logfile /var/log/memcached.log + +# Be verbose +# -v + +# Be even more verbose (print client commands as well) +# -vv + +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +-m 64 + +# Default connection port is 11211 +-p 11211 + +# Run the daemon as root. The start-memcached will default to running as root if no +# -u command is present in this config file +-u memcache + +# Specify which IP address to listen on. The default is to listen on all IP addresses +# This parameter is one of the only security measures that memcached has, so make sure +# it's listening on a firewalled interface. +-l 127.0.0.1 + +# Limit the number of simultaneous incoming connections. The daemon default is 1024 +# -c 1024 + +# Lock down all paged memory. Consult with the README and homepage before you do this +# -k + +# Return error when memory is exhausted (rather than removing items) +# -M + +# Maximize core file limit +# -r --- memcached-1.4.14.orig/debian/memcached.default +++ memcached-1.4.14/debian/memcached.default @@ -0,0 +1,2 @@ +# Set this to no to disable memcached. +ENABLE_MEMCACHED=yes --- memcached-1.4.14.orig/debian/memcached.dirs +++ memcached-1.4.14/debian/memcached.dirs @@ -0,0 +1,4 @@ +etc/ +usr/share/doc/memcached +usr/share/memcached/scripts +usr/bin --- memcached-1.4.14.orig/debian/memcached.manpages +++ memcached-1.4.14/debian/memcached.manpages @@ -0,0 +1 @@ +doc/memcached.1 --- memcached-1.4.14.orig/debian/memcached.postinst +++ memcached-1.4.14/debian/memcached.postinst @@ -0,0 +1,46 @@ +#!/bin/sh + +set -e + +GROUP="memcache" +USER="memcache" +DATADIR="/nonexistent" + +# shamelessly copied from debian gearman-job-server package... + +case "$1" in +configure) + # creating memcache group if it isn't already there + if ! getent group $GROUP >/dev/null ; then + # Adding system group + addgroup --system $GROUP >/dev/null + fi + + # creating memcache user if it isn't already there + if ! getent passwd $USER >/dev/null ; then + # Adding system user + adduser \ + --system \ + --disabled-login \ + --no-create-home \ + --ingroup $GROUP \ + --home $DATADIR \ + --gecos "Memcached" \ + --shell /bin/false \ + $USER >/dev/null + fi + + # Remove leftover directory. Can be removed in 14.10. (LP: #1255328) + if dpkg --compare-versions "$2" lt-nl "1.4.14-0ubuntu9" ; then + rm -rf $DATADIR + fi + + if [ ! -e /etc/memcached.conf ] + then + mkdir -p /etc + cp /usr/share/memcached/memcached.conf.default /etc/memcached.conf + fi + ;; +esac + +#DEBHELPER# --- memcached-1.4.14.orig/debian/memcached.postrm +++ memcached-1.4.14/debian/memcached.postrm @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +USER=memcache +GROUP=memcache + +if [ "$1" = "purge" ] + then + rm -f /etc/memcached.conf + rm -f /var/log/memcached.log + + deluser --system $USER || true + delgroup --system --only-if-empty $GROUP || true +fi + + rm -f /var/run/memcached.pid + +#DEBHELPER# --- memcached-1.4.14.orig/debian/patches/01_init_script_additions.patch +++ memcached-1.4.14/debian/patches/01_init_script_additions.patch @@ -0,0 +1,120 @@ +--- a/scripts/memcached-init ++++ b/scripts/memcached-init +@@ -1,14 +1,14 @@ + #! /bin/bash +-### BEGIN INIT INFO +-# Provides: memcached +-# Required-Start: $syslog +-# Required-Stop: $syslog +-# Should-Start: $local_fs +-# Should-Stop: $local_fs +-# Default-Start: 2 3 4 5 +-# Default-Stop: 0 1 6 +-# Short-Description: memcached - Memory caching daemon +-# Description: memcached - Memory caching daemon ++### BEGIN INIT INFO ++# Provides: memcached ++# Required-Start: $remote_fs $syslog ++# Required-Stop: $remote_fs $syslog ++# Should-Start: $local_fs ++# Should-Stop: $local_fs ++# Default-Start: 2 3 4 5 ++# Default-Stop: 0 1 6 ++# Short-Description: Start memcached daemon ++# Description: Start up memcached, a high-performance memory caching daemon + ### END INIT INFO + + # Usage: +@@ -35,6 +35,13 @@ + + set -e + ++. /lib/lsb/init-functions ++ ++# Edit /etc/default/memcached to change this. ++ENABLE_MEMCACHED=no ++test -r /etc/default/memcached && . /etc/default/memcached ++ ++ + FILES=(/etc/memcached_*.conf) + # check for alternative config schema + if [ -r "${FILES[0]}" ]; then +@@ -74,37 +81,47 @@ + PIDFILE="/var/run/${NAME}.pid" + + case "$1" in +- start) +- echo -n "Starting $DESC: " +- start-stop-daemon --start --quiet --exec "$DAEMONBOOTSTRAP" -- /etc/${NAME}.conf $PIDFILE +- echo "$NAME." +- ;; +- stop) +- echo -n "Stopping $DESC: " +- start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON +- echo "$NAME." +- rm -f $PIDFILE +- ;; +- +- restart|force-reload) +- # +- # If the "reload" option is implemented, move the "force-reload" +- # option to the "reload" entry above. If not, "force-reload" is +- # just the same as "restart". +- # +- echo -n "Restarting $DESC: " +- start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE +- rm -f $PIDFILE +- sleep 1 +- start-stop-daemon --start --quiet --exec "$DAEMONBOOTSTRAP" -- /etc/${NAME}.conf $PIDFILE +- echo "$NAME." +- ;; +- *) +- N=/etc/init.d/$NAME +- # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 +- echo "Usage: $N {start|stop|restart|force-reload}" >&2 +- exit 1 +- ;; ++ start) ++ echo -n "Starting $DESC: " ++ if [ $ENABLE_MEMCACHED = yes ]; then ++ start-stop-daemon --start --quiet --exec "$DAEMONBOOTSTRAP" -- /etc/${NAME}.conf $PIDFILE ++ echo "$NAME." ++ else ++ echo "$NAME disabled in /etc/default/memcached." ++ fi ++ ;; ++ stop) ++ echo -n "Stopping $DESC: " ++ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON ++ echo "$NAME." ++ rm -f $PIDFILE ++ ;; ++ ++ restart|force-reload) ++ # ++ # If the "reload" option is implemented, move the "force-reload" ++ # option to the "reload" entry above. If not, "force-reload" is ++ # just the same as "restart". ++ # ++ echo -n "Restarting $DESC: " ++ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE ++ rm -f $PIDFILE ++ if [ $ENABLE_MEMCACHED = yes ]; then ++ sleep 1 ++ start-stop-daemon --start --quiet --exec "$DAEMONBOOTSTRAP" -- /etc/${NAME}.conf $PIDFILE ++ echo "$NAME." ++ else ++ echo "$NAME disabled in /etc/default/memcached." ++ fi ++ ;; ++ status) ++ status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? ++ ;; ++ *) ++ N=/etc/init.d/$NAME ++ echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 ++ exit 1 ++ ;; + esac + done; + --- memcached-1.4.14.orig/debian/patches/02_manpage_additions.patch +++ memcached-1.4.14/debian/patches/02_manpage_additions.patch @@ -0,0 +1,56 @@ +--- a/doc/memcached.1 ++++ b/doc/memcached.1 +@@ -1,4 +1,4 @@ +-.TH MEMCACHED 1 "April 11, 2005" ++.TH MEMCACHED 1 "October 16, 2009" + .SH NAME + memcached \- high-performance memory object caching system + .SH SYNOPSIS +@@ -95,29 +95,39 @@ + Be even more verbose; same as \-v but also print client commands and + responses. + .TP ++.B \-vvv ++Be extremely verbose; same of the above and also print internal state transitions. ++.TP + .B \-i + Print memcached and libevent licenses. + .TP ++.B \-I ++Override the size of each slab page in bytes. In mundane words, it adjusts the ++maximum item size that memcached will accept. You can use the suffixes \fBK\fR and ++\fBM\fR to specify the size as well, so use 2000000 or 2000K or 2M if you want a ++maximum size of 2 MB per object. It is not recommended to raise this limit above ++1 MB due just to performance reasons. The default value is 1 MB. ++.TP + .B \-P + Print pidfile to , only used under \-d option. + .TP + .B \-t +-Number of threads to use to process incoming requests. This option is only +-meaningful if memcached was compiled with thread support enabled. It is ++Number of threads to use to process incoming requests. It is + typically not useful to set this higher than the number of CPU cores on the +-memcached server. The default is 4. ++memcached server. Setting a high number (64 or more) of worker ++threads is not recommended. The default is 4. + .TP + .B \-D +-Use as the delimiter between key prefixes and IDs. This is used for +-per-prefix stats reporting. The default is ":" (colon). If this option is ++Use as the delimiter between key prefixes and IDs. This is used for ++per-prefix stats reporting. The default is ":" (colon). If this option is + specified, stats collection is turned on automatically; if not, then it may + be turned on by sending the "stats detail on" command to the server. + .TP + .B \-L +-Try to use large memory pages (if available). Increasing the memory page size +-could reduce the number of TLB misses and improve the performance. In order to ++Try to use large memory pages (if available). Increasing the memory page size ++could reduce the number of TLB misses and improve the performance. In order to + get large pages from the OS, memcached will allocate the total item-cache in +-one large chunk. Only available if supported on your OS. ++one large chunk. Only available if supported on your OS. + .TP + .B \-B + Specify the binding protocol to use. By default, the server will --- memcached-1.4.14.orig/debian/patches/03_fix_ftbfs4hurd.patch +++ memcached-1.4.14/debian/patches/03_fix_ftbfs4hurd.patch @@ -0,0 +1,48 @@ +Description: Replace unconditional use of PATH_MAX + The patch below fixes an unconditional use of PATH_MAX which causes the + GNU/Hurd platform to fail to build from source the memcached package. +Forwarded: no +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637695 +Author: Svante Signell +Reviewed-by: Arno Töll +Last-Update: 2011-09-15 + +Index: memcached/memcached.c +=================================================================== +--- memcached.orig/memcached.c 2012-02-09 13:52:15.242054000 -0800 ++++ memcached/memcached.c 2012-02-09 13:53:59.891412592 -0800 +@@ -49,7 +49,7 @@ + + /* FreeBSD 4.x doesn't have IOV_MAX exposed. */ + #ifndef IOV_MAX +-#if defined(__FreeBSD__) || defined(__APPLE__) ++#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__GNU__) + # define IOV_MAX 1024 + #endif + #endif +@@ -5161,12 +5161,15 @@ + /* create the listening socket, bind it, and init */ + if (settings.socketpath == NULL) { + const char *portnumber_filename = getenv("MEMCACHED_PORT_FILENAME"); +- char temp_portnumber_filename[PATH_MAX]; ++ char *temp_portnumber_filename = NULL; ++ size_t len; + FILE *portnumber_file = NULL; + + if (portnumber_filename != NULL) { ++ len = strlen(portnumber_filename)+4+1; ++ temp_portnumber_filename = malloc(len); + snprintf(temp_portnumber_filename, +- sizeof(temp_portnumber_filename), ++ len, + "%s.lck", portnumber_filename); + + portnumber_file = fopen(temp_portnumber_filename, "a"); +@@ -5201,6 +5204,7 @@ + if (portnumber_file) { + fclose(portnumber_file); + rename(temp_portnumber_filename, portnumber_filename); ++ free(temp_portnumber_filename); + } + } + --- memcached-1.4.14.orig/debian/patches/04_add_init_retry.patch +++ memcached-1.4.14/debian/patches/04_add_init_retry.patch @@ -0,0 +1,31 @@ +Author: Clint Byrum +Description: Uses --retry to wait up to 5 seconds for the killed process to die. +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/memcached/+bug/795673 +Bug: http://code.google.com/p/memcached/issues/detail?id=250 +Forwarded: yes, http://code.google.com/p/memcached/issues/detail?id=250 + +Index: memcached/scripts/memcached-init +=================================================================== +--- memcached.orig/scripts/memcached-init 2012-02-09 15:07:20.834152608 -0800 ++++ memcached/scripts/memcached-init 2012-02-09 15:22:44.424307457 -0800 +@@ -92,7 +92,7 @@ + ;; + stop) + echo -n "Stopping $DESC: " +- start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON ++ start-stop-daemon --stop --quiet --oknodo --retry 5 --pidfile $PIDFILE --exec $DAEMON + echo "$NAME." + rm -f $PIDFILE + ;; +@@ -104,10 +104,9 @@ + # just the same as "restart". + # + echo -n "Restarting $DESC: " +- start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE ++ start-stop-daemon --stop --quiet --oknodo --retry 5 --pidfile $PIDFILE + rm -f $PIDFILE + if [ $ENABLE_MEMCACHED = yes ]; then +- sleep 1 + start-stop-daemon --start --quiet --exec "$DAEMONBOOTSTRAP" -- /etc/${NAME}.conf $PIDFILE + echo "$NAME." + else --- memcached-1.4.14.orig/debian/patches/CVE-2011-4971.patch +++ memcached-1.4.14/debian/patches/CVE-2011-4971.patch @@ -0,0 +1,57 @@ +From 6695ccbc525c36d693aaa3e8337b36aa0c784424 Mon Sep 17 00:00:00 2001 +From: Huzaifa Sidhpurwala +Date: Sun, 8 Dec 2013 17:33:15 -0800 +Subject: [PATCH] Fix segfault on specially crafted packet. + +--- + memcached.c | 10 ++++++++++ + t/issue_192.t | 20 ++++++++++++++++++++ + 2 files changed, 30 insertions(+) + create mode 100644 t/issue_192.t + +Index: memcached-1.4.14/memcached.c +=================================================================== +--- memcached-1.4.14.orig/memcached.c 2014-01-07 09:02:58.075387492 -0500 ++++ memcached-1.4.14/memcached.c 2014-01-07 09:02:58.067387492 -0500 +@@ -3864,6 +3864,16 @@ + complete_nread(c); + break; + } ++ ++ /* Check if rbytes < 0, to prevent crash */ ++ if (c->rlbytes < 0) { ++ if (settings.verbose) { ++ fprintf(stderr, "Invalid rlbytes to read: len %d\n", c->rlbytes); ++ } ++ conn_set_state(c, conn_closing); ++ break; ++ } ++ + /* first check if we have leftovers in the conn_read buffer */ + if (c->rbytes > 0) { + int tocopy = c->rbytes > c->rlbytes ? c->rlbytes : c->rbytes; +Index: memcached-1.4.14/t/issue_192.t +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ memcached-1.4.14/t/issue_192.t 2014-01-07 09:02:58.067387492 -0500 +@@ -0,0 +1,20 @@ ++#!/usr/bin/perl ++ ++use strict; ++use Test::More tests => 2; ++use FindBin qw($Bin); ++use lib "$Bin/lib"; ++use MemcachedTest; ++ ++my $server = new_memcached(); ++my $sock = $server->sock; ++ ++ok($server->new_sock, "opened new socket"); ++ ++print $sock "\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; ++ ++sleep 0.5; ++ok($server->new_sock, "failed to open new socket"); ++ ++ ++ --- memcached-1.4.14.orig/debian/patches/CVE-2013-0179.patch +++ memcached-1.4.14/debian/patches/CVE-2013-0179.patch @@ -0,0 +1,64 @@ +Description: fix denial of service when using -vv +Origin: upstream, https://github.com/memcached/memcached/commit/0f605245cf3f37c2efe4e225237ad17256ea2a34 +Origin: upstream, https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760 +Bug: https://code.google.com/p/memcached/issues/detail?id=306 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698231 + +Index: memcached-1.4.14/items.c +=================================================================== +--- memcached-1.4.14.orig/items.c 2012-07-30 16:23:37.000000000 -0400 ++++ memcached-1.4.14/items.c 2014-01-07 09:03:37.307388543 -0500 +@@ -509,12 +509,16 @@ + int was_found = 0; + + if (settings.verbose > 2) { ++ int ii; + if (it == NULL) { +- fprintf(stderr, "> NOT FOUND %s", key); ++ fprintf(stderr, "> NOT FOUND "); + } else { +- fprintf(stderr, "> FOUND KEY %s", ITEM_key(it)); ++ fprintf(stderr, "> FOUND KEY "); + was_found++; + } ++ for (ii = 0; ii < nkey; ++ii) { ++ fprintf(stderr, "%c", key[ii]); ++ } + } + + if (it != NULL) { +Index: memcached-1.4.14/memcached.c +=================================================================== +--- memcached-1.4.14.orig/memcached.c 2014-01-07 09:03:03.619387641 -0500 ++++ memcached-1.4.14/memcached.c 2014-01-07 09:03:37.311388543 -0500 +@@ -2149,7 +2149,12 @@ + assert(c != NULL); + + if (settings.verbose > 1) { +- fprintf(stderr, "Deleting %s\n", key); ++ int ii; ++ fprintf(stderr, "Deleting "); ++ for (ii = 0; ii < nkey; ++ii) { ++ fprintf(stderr, "%c", key[ii]); ++ } ++ fprintf(stderr, "\n"); + } + + if (settings.detail_enabled) { +@@ -2800,8 +2805,14 @@ + } + + +- if (settings.verbose > 1) +- fprintf(stderr, ">%d sending key %s\n", c->sfd, ITEM_key(it)); ++ if (settings.verbose > 1) { ++ int ii; ++ fprintf(stderr, ">%d sending key ", c->sfd); ++ for (ii = 0; ii < it->nkey; ++ii) { ++ fprintf(stderr, "%c", key[ii]); ++ } ++ fprintf(stderr, "\n"); ++ } + + /* item_get() has incremented it->refcount for us */ + pthread_mutex_lock(&c->thread->stats.mutex); --- memcached-1.4.14.orig/debian/patches/CVE-2013-7239.patch +++ memcached-1.4.14/debian/patches/CVE-2013-7239.patch @@ -0,0 +1,135 @@ +From 87c1cf0f20be20608d3becf854e9cf0910f4ad32 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E4=BC=8A=E8=97=A4=E6=B4=8B=E4=B9=9F?= +Date: Fri, 20 Dec 2013 18:49:54 +0000 +Subject: [PATCH] explicitly record sasl auth states + +It was previously possible to bypass authentication due to implicit +state management. Now we explicitly consider ourselves +unauthenticated on any new connections and authentication attempts. + +bug316 + +Signed-off-by: Dustin Sallings +--- + memcached.c | 10 +++++----- + memcached.h | 1 + + t/binary-sasl.t | 38 +++++++++++++++++++++++++++++++++++--- + 3 files changed, 41 insertions(+), 8 deletions(-) + +Index: memcached-1.4.14/memcached.c +=================================================================== +--- memcached-1.4.14.orig/memcached.c 2014-01-07 09:03:58.719389116 -0500 ++++ memcached-1.4.14/memcached.c 2014-01-07 09:03:58.715389116 -0500 +@@ -442,6 +442,7 @@ + c->iovused = 0; + c->msgcurr = 0; + c->msgused = 0; ++ c->authenticated = false; + + c->write_and_go = init_state; + c->write_and_free = 0; +@@ -1602,6 +1603,8 @@ + if (!settings.sasl) + return; + ++ c->authenticated = false; ++ + if (!c->sasl_conn) { + int result=sasl_server_new("memcached", + NULL, +@@ -1736,6 +1739,7 @@ + + switch(result) { + case SASL_OK: ++ c->authenticated = true; + write_bin_response(c, "Authenticated", 0, 0, strlen("Authenticated")); + pthread_mutex_lock(&c->thread->stats.mutex); + c->thread->stats.auth_cmds++; +@@ -1772,11 +1776,7 @@ + rv = true; + break; + default: +- if (c->sasl_conn) { +- const void *uname = NULL; +- sasl_getprop(c->sasl_conn, SASL_USERNAME, &uname); +- rv = uname != NULL; +- } ++ rv = c->authenticated; + } + + if (settings.verbose > 1) { +Index: memcached-1.4.14/memcached.h +=================================================================== +--- memcached-1.4.14.orig/memcached.h 2014-01-07 09:03:58.719389116 -0500 ++++ memcached-1.4.14/memcached.h 2014-01-07 09:03:58.719389116 -0500 +@@ -366,6 +366,7 @@ + struct conn { + int sfd; + sasl_conn_t *sasl_conn; ++ bool authenticated; + enum conn_states state; + enum bin_substates substate; + struct event event; +Index: memcached-1.4.14/t/binary-sasl.t +=================================================================== +--- memcached-1.4.14.orig/t/binary-sasl.t 2014-01-07 09:03:58.719389116 -0500 ++++ memcached-1.4.14/t/binary-sasl.t 2014-01-07 09:03:58.719389116 -0500 +@@ -13,7 +13,7 @@ + + if (supports_sasl()) { + if ($ENV{'RUN_SASL_TESTS'}) { +- plan tests => 25; ++ plan tests => 33; + } else { + plan skip_all => 'Skipping SASL tests'; + exit 0; +@@ -229,6 +229,38 @@ + } + $empty->('x'); + ++{ ++ my $mc = MC::Client->new; ++ ++ # Attempt bad authentication. ++ is ($mc->authenticate('testuser', 'wrongpassword'), 0x20, "bad auth"); ++ ++ # This should fail because $mc is not authenticated ++ my ($status, $val)= $mc->set('x', "somevalue"); ++ ok($status, "this fails to authenticate"); ++ cmp_ok($status,'==',ERR_AUTH_ERROR, "error code matches"); ++} ++$empty->('x', 'somevalue'); ++ ++{ ++ my $mc = MC::Client->new; ++ ++ # Attempt bad authentication. ++ is ($mc->authenticate('testuser', 'wrongpassword'), 0x20, "bad auth"); ++ ++ # Mix an authenticated connection and an unauthenticated connection to ++ # confirm c->authenticated is not shared among connections ++ my $mc2 = MC::Client->new; ++ is ($mc2->authenticate('testuser', 'testpass'), 0, "authenticated"); ++ my ($status, $val)= $mc2->set('x', "somevalue"); ++ ok(! $status); ++ ++ # This should fail because $mc is not authenticated ++ ($status, $val)= $mc->set('x', "somevalue"); ++ ok($status, "this fails to authenticate"); ++ cmp_ok($status,'==',ERR_AUTH_ERROR, "error code matches"); ++} ++ + # check the SASL stats, make sure they track things correctly + # note: the enabled or not is presence checked in stats.t + +@@ -241,8 +273,8 @@ + + { + my %stats = $mc->stats(''); +- is ($stats{'auth_cmds'}, 2, "auth commands counted"); +- is ($stats{'auth_errors'}, 1, "auth errors correct"); ++ is ($stats{'auth_cmds'}, 5, "auth commands counted"); ++ is ($stats{'auth_errors'}, 3, "auth errors correct"); + } + + --- memcached-1.4.14.orig/debian/patches/CVE-2016-870x.patch +++ memcached-1.4.14/debian/patches/CVE-2016-870x.patch @@ -0,0 +1,49 @@ +Backport of: + +From bd578fc34b96abe0f8d99c1409814a09f51ee71c Mon Sep 17 00:00:00 2001 +From: dormando +Date: Wed, 12 Oct 2016 13:50:47 -0700 +Subject: [PATCH] CVE reported by cisco talos + +--- + items.c | 3 +++ + memcached.c | 10 ++++++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +Index: memcached-1.4.14/items.c +=================================================================== +--- memcached-1.4.14.orig/items.c 2016-11-02 08:23:10.222613609 -0400 ++++ memcached-1.4.14/items.c 2016-11-02 08:23:10.222613609 -0400 +@@ -89,6 +89,9 @@ + uint8_t nsuffix; + item *it = NULL; + char suffix[40]; ++ if (nbytes < 2 || nkey < 0) ++ return 0; ++ + size_t ntotal = item_make_header(nkey + 1, flags, nbytes, suffix, &nsuffix); + if (settings.use_cas) { + ntotal += sizeof(uint64_t); +Index: memcached-1.4.14/memcached.c +=================================================================== +--- memcached-1.4.14.orig/memcached.c 2016-11-02 08:23:10.222613609 -0400 ++++ memcached-1.4.14/memcached.c 2016-11-02 08:23:33.854831949 -0400 +@@ -1790,10 +1790,16 @@ + static void dispatch_bin_command(conn *c) { + int protocol_error = 0; + +- int extlen = c->binary_header.request.extlen; +- int keylen = c->binary_header.request.keylen; ++ uint8_t extlen = c->binary_header.request.extlen; ++ uint16_t keylen = c->binary_header.request.keylen; + uint32_t bodylen = c->binary_header.request.bodylen; + ++ if (keylen > bodylen || keylen + extlen > bodylen) { ++ write_bin_error(c, PROTOCOL_BINARY_RESPONSE_UNKNOWN_COMMAND, 0); ++ c->write_and_go = conn_closing; ++ return; ++ } ++ + if (settings.sasl && !authenticated(c)) { + write_bin_error(c, PROTOCOL_BINARY_RESPONSE_AUTH_ERROR, 0); + c->write_and_go = conn_closing; --- memcached-1.4.14.orig/debian/patches/CVE-2017-9951.patch +++ memcached-1.4.14/debian/patches/CVE-2017-9951.patch @@ -0,0 +1,36 @@ +From 328629445c71e6c17074f6e9e0e3ef585b58f167 Mon Sep 17 00:00:00 2001 +From: dormando +Date: Tue, 4 Jul 2017 00:32:39 -0700 +Subject: [PATCH] sanity check + +--- + items.c | 2 ++ + memcached.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/items.c b/items.c +index 637e5e745..83a2ea37d 100644 +--- a/items.c ++++ b/items.c +@@ -368,6 +368,8 @@ void item_free(item *it) { + bool item_size_ok(const size_t nkey, const int flags, const int nbytes) { + char prefix[40]; + uint8_t nsuffix; ++ if (nbytes < 2) ++ return false; + + size_t ntotal = item_make_header(nkey + 1, flags, nbytes, + prefix, &nsuffix); +diff --git a/memcached.c b/memcached.c +index 0f0335795..a89df965d 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -4967,7 +4967,7 @@ static void drive_machine(conn *c) { + + case conn_swallow: + /* we are reading sbytes and throwing them away */ +- if (c->sbytes == 0) { ++ if (c->sbytes <= 0) { + conn_set_state(c, conn_new_cmd); + break; + } --- memcached-1.4.14.orig/debian/patches/CVE-2018-1000127.patch +++ memcached-1.4.14/debian/patches/CVE-2018-1000127.patch @@ -0,0 +1,49 @@ +backport of: + +From a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00 Mon Sep 17 00:00:00 2001 +From: dormando +Date: Sun, 21 May 2017 21:49:54 -0700 +Subject: [PATCH] Don't overflow item refcount on get + +Counts as a miss if the refcount is too high. ASCII multigets are the only +time refcounts can be held for so long. + +doing a dirty read of refcount. is aligned. + +trying to avoid adding an extra refcount branch for all calls of item_get due +to performance. might be able to move it in there after logging refactoring +simplifies some of the branches. +--- + memcached.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +Index: memcached-1.4.14/memcached.c +=================================================================== +--- memcached-1.4.14.orig/memcached.c 2018-03-19 10:15:46.911917127 -0400 ++++ memcached-1.4.14/memcached.c 2018-03-19 10:15:46.911917127 -0400 +@@ -2715,6 +2715,16 @@ static void process_stat(conn *c, token_ + } + } + ++#define IT_REFCOUNT_LIMIT 60000 ++static inline item* limited_get(char *key, size_t nkey) { ++ item *it = item_get(key, nkey); ++ if (it && it->refcount > IT_REFCOUNT_LIMIT) { ++ item_remove(it); ++ it = NULL; ++ } ++ return it; ++} ++ + /* ntokens is overwritten here... shrug.. */ + static inline void process_get_command(conn *c, token_t *tokens, size_t ntokens, bool return_cas) { + char *key; +@@ -2736,7 +2746,7 @@ static inline void process_get_command(c + return; + } + +- it = item_get(key, nkey); ++ it = limited_get(key, nkey); + if (settings.detail_enabled) { + stats_prefix_record_get(key, nkey, NULL != it); + } --- memcached-1.4.14.orig/debian/patches/config-updates.diff +++ memcached-1.4.14/debian/patches/config-updates.diff @@ -0,0 +1,1506 @@ +Index: b/config.guess +=================================================================== +--- a/config.guess ++++ b/config.guess +@@ -1,14 +1,12 @@ + #! /bin/sh + # Attempt to guess a canonical system name. +-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +-# Free Software Foundation, Inc. ++# Copyright 1992-2013 Free Software Foundation, Inc. + +-timestamp='2009-06-10' ++timestamp='2013-06-10' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 2 of the License, or ++# the Free Software Foundation; either version 3 of the License, or + # (at your option) any later version. + # + # This program is distributed in the hope that it will be useful, but +@@ -17,26 +15,22 @@ + # General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see . + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a + # configuration script generated by Autoconf, you may include it under +-# the same distribution terms that you use for the rest of that program. +- +- +-# Originally written by Per Bothner . +-# Please send patches to . Submit a context +-# diff and a properly formatted ChangeLog entry. ++# the same distribution terms that you use for the rest of that ++# program. This Exception is an additional permission under section 7 ++# of the GNU General Public License, version 3 ("GPLv3"). + # +-# This script attempts to guess a canonical system name similar to +-# config.sub. If it succeeds, it prints the system name on stdout, and +-# exits with 0. Otherwise, it exits with 1. ++# Originally written by Per Bothner. + # +-# The plan is that this can be called by configure scripts if you +-# don't specify an explicit build system type. ++# You can get the latest version of this script from: ++# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD ++# ++# Please send patches with a ChangeLog entry to config-patches@gnu.org. ++ + + me=`echo "$0" | sed -e 's,.*/,,'` + +@@ -56,8 +50,7 @@ + GNU config.guess ($timestamp) + + Originally written by Per Bothner. +-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +-2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. ++Copyright 1992-2013 Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -139,12 +132,33 @@ + UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown + UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + ++case "${UNAME_SYSTEM}" in ++Linux|GNU|GNU/*) ++ # If the system lacks a compiler, then just pick glibc. ++ # We could probably try harder. ++ LIBC=gnu ++ ++ eval $set_cc_for_build ++ cat <<-EOF > $dummy.c ++ #include ++ #if defined(__UCLIBC__) ++ LIBC=uclibc ++ #elif defined(__dietlibc__) ++ LIBC=dietlibc ++ #else ++ LIBC=gnu ++ #endif ++ EOF ++ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` ++ ;; ++esac ++ + # Note: order is significant - the case branches are not exclusive. + + case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or +- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward +@@ -180,7 +194,7 @@ + fi + ;; + *) +- os=netbsd ++ os=netbsd + ;; + esac + # The OS release +@@ -201,6 +215,10 @@ + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; ++ *:Bitrig:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} ++ exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} +@@ -223,7 +241,7 @@ + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) +- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ++ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on +@@ -269,7 +287,10 @@ + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` +- exit ;; ++ # Reset EXIT trap before exiting to avoid spurious non-zero exit code. ++ exitcode=$? ++ trap '' 0 ++ exit $exitcode ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead +@@ -295,12 +316,12 @@ + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) +- echo powerpc-ibm-os400 ++ echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; +- arm:riscos:*:*|arm:RISCOS:*:*) ++ arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) +@@ -333,6 +354,9 @@ + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; ++ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) ++ echo i386-pc-auroraux${UNAME_RELEASE} ++ exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" +@@ -391,23 +415,23 @@ + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) +- echo m68k-atari-mint${UNAME_RELEASE} ++ echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} +- exit ;; ++ exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) +- echo m68k-atari-mint${UNAME_RELEASE} ++ echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) +- echo m68k-milan-mint${UNAME_RELEASE} +- exit ;; ++ echo m68k-milan-mint${UNAME_RELEASE} ++ exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) +- echo m68k-hades-mint${UNAME_RELEASE} +- exit ;; ++ echo m68k-hades-mint${UNAME_RELEASE} ++ exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) +- echo m68k-unknown-mint${UNAME_RELEASE} +- exit ;; ++ echo m68k-unknown-mint${UNAME_RELEASE} ++ exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; +@@ -477,8 +501,8 @@ + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) +- # DG/UX returns AViiON for all architectures +- UNAME_PROCESSOR=`/usr/bin/uname -p` ++ # DG/UX returns AViiON for all architectures ++ UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ +@@ -491,7 +515,7 @@ + else + echo i586-dg-dgux${UNAME_RELEASE} + fi +- exit ;; ++ exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; +@@ -548,7 +572,7 @@ + echo rs6000-ibm-aix3.2 + fi + exit ;; +- *:AIX:*:[456]) ++ *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 +@@ -591,52 +615,52 @@ + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` +- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` +- case "${sc_cpu_version}" in +- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 +- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 +- 532) # CPU_PA_RISC2_0 +- case "${sc_kernel_bits}" in +- 32) HP_ARCH="hppa2.0n" ;; +- 64) HP_ARCH="hppa2.0w" ;; ++ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` ++ case "${sc_cpu_version}" in ++ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 ++ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 ++ 532) # CPU_PA_RISC2_0 ++ case "${sc_kernel_bits}" in ++ 32) HP_ARCH="hppa2.0n" ;; ++ 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 +- esac ;; +- esac ++ esac ;; ++ esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build +- sed 's/^ //' << EOF >$dummy.c ++ sed 's/^ //' << EOF >$dummy.c ++ ++ #define _HPUX_SOURCE ++ #include ++ #include ++ ++ int main () ++ { ++ #if defined(_SC_KERNEL_BITS) ++ long bits = sysconf(_SC_KERNEL_BITS); ++ #endif ++ long cpu = sysconf (_SC_CPU_VERSION); + +- #define _HPUX_SOURCE +- #include +- #include +- +- int main () +- { +- #if defined(_SC_KERNEL_BITS) +- long bits = sysconf(_SC_KERNEL_BITS); +- #endif +- long cpu = sysconf (_SC_CPU_VERSION); +- +- switch (cpu) +- { +- case CPU_PA_RISC1_0: puts ("hppa1.0"); break; +- case CPU_PA_RISC1_1: puts ("hppa1.1"); break; +- case CPU_PA_RISC2_0: +- #if defined(_SC_KERNEL_BITS) +- switch (bits) +- { +- case 64: puts ("hppa2.0w"); break; +- case 32: puts ("hppa2.0n"); break; +- default: puts ("hppa2.0"); break; +- } break; +- #else /* !defined(_SC_KERNEL_BITS) */ +- puts ("hppa2.0"); break; +- #endif +- default: puts ("hppa1.0"); break; +- } +- exit (0); +- } ++ switch (cpu) ++ { ++ case CPU_PA_RISC1_0: puts ("hppa1.0"); break; ++ case CPU_PA_RISC1_1: puts ("hppa1.1"); break; ++ case CPU_PA_RISC2_0: ++ #if defined(_SC_KERNEL_BITS) ++ switch (bits) ++ { ++ case 64: puts ("hppa2.0w"); break; ++ case 32: puts ("hppa2.0n"); break; ++ default: puts ("hppa2.0"); break; ++ } break; ++ #else /* !defined(_SC_KERNEL_BITS) */ ++ puts ("hppa2.0"); break; ++ #endif ++ default: puts ("hppa1.0"); break; ++ } ++ exit (0); ++ } + EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa +@@ -727,22 +751,22 @@ + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd +- exit ;; ++ exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi +- exit ;; ++ exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd +- exit ;; ++ exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd +- exit ;; ++ exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd +- exit ;; ++ exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; +@@ -766,14 +790,14 @@ + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` +- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` +- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` +- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" +- exit ;; ++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` ++ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` ++ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" ++ exit ;; + 5000:UNIX_System_V:4.*:*) +- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` +- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` +- echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" ++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` ++ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` ++ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} +@@ -785,34 +809,39 @@ + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) +- case ${UNAME_MACHINE} in +- pc98) +- echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ UNAME_PROCESSOR=`/usr/bin/uname -p` ++ case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) +- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; ++ *:MINGW64*:*) ++ echo ${UNAME_MACHINE}-pc-mingw64 ++ exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; ++ i*:MSYS*:*) ++ echo ${UNAME_MACHINE}-pc-msys ++ exit ;; + i*:windows32*:*) +- # uname -m includes "-pc" on this system. +- echo ${UNAME_MACHINE}-mingw32 ++ # uname -m includes "-pc" on this system. ++ echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; +- *:Interix*:[3456]*) +- case ${UNAME_MACHINE} in ++ *:Interix*:*) ++ case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; +- EM64T | authenticamd | genuineintel) ++ authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) +@@ -845,45 +874,81 @@ + exit ;; + *:GNU:*:*) + # the GNU system +- echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` ++ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland +- echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu ++ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; ++ aarch64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} ++ exit ;; ++ aarch64_be:Linux:*:*) ++ UNAME_MACHINE=aarch64_be ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} ++ exit ;; ++ alpha:Linux:*:*) ++ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in ++ EV5) UNAME_MACHINE=alphaev5 ;; ++ EV56) UNAME_MACHINE=alphaev56 ;; ++ PCA56) UNAME_MACHINE=alphapca56 ;; ++ PCA57) UNAME_MACHINE=alphapca56 ;; ++ EV6) UNAME_MACHINE=alphaev6 ;; ++ EV67) UNAME_MACHINE=alphaev67 ;; ++ EV68*) UNAME_MACHINE=alphaev68 ;; ++ esac ++ objdump --private-headers /bin/sh | grep -q ld.so.1 ++ if test "$?" = 0 ; then LIBC="gnulibc1" ; fi ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} ++ exit ;; ++ arc:Linux:*:* | arceb:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} ++ exit ;; + arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + else +- echo ${UNAME_MACHINE}-unknown-linux-gnueabi ++ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ ++ | grep -q __ARM_PCS_VFP ++ then ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi ++ else ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf ++ fi + fi + exit ;; + avr32*:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + cris:Linux:*:*) +- echo cris-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-${LIBC} + exit ;; + crisv32:Linux:*:*) +- echo crisv32-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-${LIBC} + exit ;; + frv:Linux:*:*) +- echo frv-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} ++ exit ;; ++ hexagon:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} ++ exit ;; ++ i*86:Linux:*:*) ++ echo ${UNAME_MACHINE}-pc-linux-${LIBC} + exit ;; + ia64:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m32r*:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m68*:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + eval $set_cc_for_build +@@ -901,123 +966,65 @@ + #endif + #endif + EOF +- eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' +- /^CPU/{ +- s: ::g +- p +- }'`" +- test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ++ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` ++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + ;; +- or32:Linux:*:*) +- echo or32-unknown-linux-gnu +- exit ;; +- ppc:Linux:*:*) +- echo powerpc-unknown-linux-gnu ++ or1k:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; +- ppc64:Linux:*:*) +- echo powerpc64-unknown-linux-gnu +- exit ;; +- alpha:Linux:*:*) +- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in +- EV5) UNAME_MACHINE=alphaev5 ;; +- EV56) UNAME_MACHINE=alphaev56 ;; +- PCA56) UNAME_MACHINE=alphapca56 ;; +- PCA57) UNAME_MACHINE=alphapca56 ;; +- EV6) UNAME_MACHINE=alphaev6 ;; +- EV67) UNAME_MACHINE=alphaev67 ;; +- EV68*) UNAME_MACHINE=alphaev68 ;; +- esac +- objdump --private-headers /bin/sh | grep -q ld.so.1 +- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi +- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ++ or32:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + padre:Linux:*:*) +- echo sparc-unknown-linux-gnu ++ echo sparc-unknown-linux-${LIBC} ++ exit ;; ++ parisc64:Linux:*:* | hppa64:Linux:*:*) ++ echo hppa64-unknown-linux-${LIBC} + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in +- PA7*) echo hppa1.1-unknown-linux-gnu ;; +- PA8*) echo hppa2.0-unknown-linux-gnu ;; +- *) echo hppa-unknown-linux-gnu ;; ++ PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; ++ PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; ++ *) echo hppa-unknown-linux-${LIBC} ;; + esac + exit ;; +- parisc64:Linux:*:* | hppa64:Linux:*:*) +- echo hppa64-unknown-linux-gnu ++ ppc64:Linux:*:*) ++ echo powerpc64-unknown-linux-${LIBC} ++ exit ;; ++ ppc:Linux:*:*) ++ echo powerpc-unknown-linux-${LIBC} ++ exit ;; ++ ppc64le:Linux:*:*) ++ echo powerpc64le-unknown-linux-${LIBC} ++ exit ;; ++ ppcle:Linux:*:*) ++ echo powerpcle-unknown-linux-${LIBC} + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) +- echo ${UNAME_MACHINE}-ibm-linux ++ echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + exit ;; + sh64*:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sh*:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} ++ exit ;; ++ tile*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + vax:Linux:*:*) +- echo ${UNAME_MACHINE}-dec-linux-gnu ++ echo ${UNAME_MACHINE}-dec-linux-${LIBC} + exit ;; + x86_64:Linux:*:*) +- echo x86_64-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + xtensa*:Linux:*:*) +- echo ${UNAME_MACHINE}-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; +- i*86:Linux:*:*) +- # The BFD linker knows what the default object file format is, so +- # first see if it will tell us. cd to the root directory to prevent +- # problems with other programs or directories called `ld' in the path. +- # Set LC_ALL=C to ensure ld outputs messages in English. +- ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ +- | sed -ne '/supported targets:/!d +- s/[ ][ ]*/ /g +- s/.*supported targets: *// +- s/ .*// +- p'` +- case "$ld_supported_targets" in +- elf32-i386) +- TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" +- ;; +- esac +- # Determine whether the default compiler is a.out or elf +- eval $set_cc_for_build +- sed 's/^ //' << EOF >$dummy.c +- #include +- #ifdef __ELF__ +- # ifdef __GLIBC__ +- # if __GLIBC__ >= 2 +- LIBC=gnu +- # else +- LIBC=gnulibc1 +- # endif +- # else +- LIBC=gnulibc1 +- # endif +- #else +- #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) +- LIBC=gnu +- #else +- LIBC=gnuaout +- #endif +- #endif +- #ifdef __dietlibc__ +- LIBC=dietlibc +- #endif +-EOF +- eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' +- /^LIBC/{ +- s: ::g +- p +- }'`" +- test x"${LIBC}" != x && { +- echo "${UNAME_MACHINE}-pc-linux-${LIBC}" +- exit +- } +- test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } +- ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both +@@ -1025,11 +1032,11 @@ + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) +- # Unixware is an offshoot of SVR4, but it has its own version +- # number series starting with 2... +- # I am not positive that other SVR4 systems won't match this, ++ # Unixware is an offshoot of SVR4, but it has its own version ++ # number series starting with 2... ++ # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. +- # Use sysv4.2uw... so that sysv4* matches it. ++ # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) +@@ -1061,7 +1068,7 @@ + fi + exit ;; + i*86:*:5:[678]*) +- # UnixWare 7.x, OpenUNIX and OpenServer 6. ++ # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; +@@ -1089,13 +1096,13 @@ + exit ;; + pc:*:*:*) + # Left here for compatibility: +- # uname -m prints for DJGPP always 'pc', but it prints nothing about +- # the processor, so we play safe by assuming i586. ++ # uname -m prints for DJGPP always 'pc', but it prints nothing about ++ # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp +- exit ;; ++ exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; +@@ -1130,8 +1137,8 @@ + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) +- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ +- && { echo i486-ncr-sysv4; exit; } ;; ++ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ ++ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ +@@ -1174,10 +1181,10 @@ + echo ns32k-sni-sysv + fi + exit ;; +- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort +- # says +- echo i586-unisys-sysv4 +- exit ;; ++ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort ++ # says ++ echo i586-unisys-sysv4 ++ exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm +@@ -1203,11 +1210,11 @@ + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then +- echo mips-nec-sysv${UNAME_RELEASE} ++ echo mips-nec-sysv${UNAME_RELEASE} + else +- echo mips-unknown-sysv${UNAME_RELEASE} ++ echo mips-unknown-sysv${UNAME_RELEASE} + fi +- exit ;; ++ exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; +@@ -1220,6 +1227,9 @@ + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; ++ x86_64:Haiku:*:*) ++ echo x86_64-unknown-haiku ++ exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; +@@ -1246,9 +1256,21 @@ + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown +- case $UNAME_PROCESSOR in +- unknown) UNAME_PROCESSOR=powerpc ;; +- esac ++ eval $set_cc_for_build ++ if test "$UNAME_PROCESSOR" = unknown ; then ++ UNAME_PROCESSOR=powerpc ++ fi ++ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then ++ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ ++ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ ++ grep IS_64BIT_ARCH >/dev/null ++ then ++ case $UNAME_PROCESSOR in ++ i386) UNAME_PROCESSOR=x86_64 ;; ++ powerpc) UNAME_PROCESSOR=powerpc64 ;; ++ esac ++ fi ++ fi + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) +@@ -1262,7 +1284,10 @@ + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; +- NSE-?:NONSTOP_KERNEL:*:*) ++ NEO-?:NONSTOP_KERNEL:*:*) ++ echo neo-tandem-nsk${UNAME_RELEASE} ++ exit ;; ++ NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) +@@ -1307,13 +1332,13 @@ + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) +- echo mips-sei-seiux${UNAME_RELEASE} ++ echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) +- UNAME_MACHINE=`(uname -p) 2>/dev/null` ++ UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; +@@ -1331,11 +1356,11 @@ + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; ++ x86_64:VMkernel:*:*) ++ echo ${UNAME_MACHINE}-unknown-esx ++ exit ;; + esac + +-#echo '(No uname command or uname output not recognized.)' 1>&2 +-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 +- + eval $set_cc_for_build + cat >$dummy.c < + printf ("m68k-sony-newsos%s\n", + #ifdef NEWSOS4 +- "4" ++ "4" + #else +- "" ++ "" + #endif +- ); exit (0); ++ ); exit (0); + #endif + #endif + +Index: b/config.sub +=================================================================== +--- a/config.sub ++++ b/config.sub +@@ -1,44 +1,40 @@ + #! /bin/sh + # Configuration validation subroutine script. +-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +-# Free Software Foundation, Inc. +- +-timestamp='2009-06-11' +- +-# This file is (in principle) common to ALL GNU software. +-# The presence of a machine in this file suggests that SOME GNU software +-# can handle that machine. It does not imply ALL GNU software can. +-# +-# This file is free software; you can redistribute it and/or modify +-# it under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 2 of the License, or ++# Copyright 1992-2013 Free Software Foundation, Inc. ++ ++timestamp='2013-08-10' ++ ++# This file is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3 of the License, or + # (at your option) any later version. + # +-# This program is distributed in the hope that it will be useful, +-# but WITHOUT ANY WARRANTY; without even the implied warranty of +-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-# GNU General Public License for more details. ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see . + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a + # configuration script generated by Autoconf, you may include it under +-# the same distribution terms that you use for the rest of that program. ++# the same distribution terms that you use for the rest of that ++# program. This Exception is an additional permission under section 7 ++# of the GNU General Public License, version 3 ("GPLv3"). + + +-# Please send patches to . Submit a context +-# diff and a properly formatted ChangeLog entry. ++# Please send patches with a ChangeLog entry to config-patches@gnu.org. + # + # Configuration subroutine to validate and canonicalize a configuration type. + # Supply the specified configuration type as an argument. + # If it is invalid, we print an error message on stderr and exit with code 1. + # Otherwise, we print the canonical config type on stdout and succeed. + ++# You can get the latest version of this script from: ++# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD ++ + # This file is supposed to be the same for all GNU packages + # and recognize all the CPU types, system types and aliases + # that are meaningful with *any* GNU software. +@@ -72,8 +68,7 @@ + version="\ + GNU config.sub ($timestamp) + +-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +-2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. ++Copyright 1992-2013 Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -120,13 +115,18 @@ + # Here we must recognize all the valid KERNEL-OS combinations. + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + case $maybe_os in +- nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ +- uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ ++ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ ++ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ ++ knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; ++ android-linux) ++ os=-linux-android ++ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ++ ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] +@@ -149,12 +149,12 @@ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ +- -apple | -axis | -knuth | -cray) ++ -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; +- -bluegene*) +- os=-cnk ++ -bluegene*) ++ os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= +@@ -170,10 +170,10 @@ + os=-chorusos + basic_machine=$1 + ;; +- -chorusrdb) +- os=-chorusrdb ++ -chorusrdb) ++ os=-chorusrdb + basic_machine=$1 +- ;; ++ ;; + -hiux*) + os=-hiuxwe2 + ;; +@@ -218,6 +218,12 @@ + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; ++ -lynx*178) ++ os=-lynxos178 ++ ;; ++ -lynx*5) ++ os=-lynxos5 ++ ;; + -lynx*) + os=-lynxos + ;; +@@ -242,20 +248,27 @@ + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ +- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ ++ | arc | arceb \ ++ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ ++ | avr | avr32 \ ++ | be32 | be64 \ + | bfin \ +- | c4x | clipper \ ++ | c4x | c8051 | clipper \ + | d10v | d30v | dlx | dsp16xx \ ++ | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ ++ | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ ++ | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ +- | maxq | mb | microblaze | mcore | mep | metag \ ++ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ +@@ -273,32 +286,45 @@ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ ++ | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ +- | nios | nios2 \ ++ | nds32 | nds32le | nds32be \ ++ | nios | nios2 | nios2eb | nios2el \ + | ns16k | ns32k \ +- | or32 \ ++ | open8 \ ++ | or1k | or32 \ + | pdp10 | pdp11 | pj | pjl \ +- | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ ++ | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ ++ | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ +- | spu | strongarm \ +- | tahoe | thumb | tic4x | tic80 | tron \ +- | v850 | v850e \ ++ | spu \ ++ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ ++ | ubicom32 \ ++ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ +- | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ ++ | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; +- m6811 | m68hc11 | m6812 | m68hc12) +- # Motorola 68HC11/12. ++ c54x) ++ basic_machine=tic54x-unknown ++ ;; ++ c55x) ++ basic_machine=tic55x-unknown ++ ;; ++ c6x) ++ basic_machine=tic6x-unknown ++ ;; ++ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; +@@ -308,6 +334,21 @@ + basic_machine=mt-unknown + ;; + ++ strongarm | thumb | xscale) ++ basic_machine=arm-unknown ++ ;; ++ xgate) ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; ++ xscaleeb) ++ basic_machine=armeb-unknown ++ ;; ++ ++ xscaleel) ++ basic_machine=armel-unknown ++ ;; ++ + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. +@@ -322,25 +363,30 @@ + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ ++ | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ +- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ ++ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ ++ | be32-* | be64-* \ + | bfin-* | bs2000-* \ +- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ +- | clipper-* | craynv-* | cydra-* \ ++ | c[123]* | c30-* | [cjt]90-* | c4x-* \ ++ | c8051-* | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ ++ | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ ++ | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ ++ | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ +@@ -358,28 +404,34 @@ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ ++ | mipsr5900-* | mipsr5900el-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ +- | nios-* | nios2-* \ ++ | nds32-* | nds32le-* | nds32be-* \ ++ | nios-* | nios2-* | nios2eb-* | nios2el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ ++ | open8-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ +- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ ++ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ +- | romp-* | rs6000-* \ ++ | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ +- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ +- | tahoe-* | thumb-* \ +- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ ++ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ ++ | tahoe-* \ ++ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ ++ | tile*-* \ + | tron-* \ +- | v850-* | v850e-* | vax-* \ ++ | ubicom32-* \ ++ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ ++ | vax-* \ + | we32k-* \ +- | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ ++ | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) +@@ -404,7 +456,7 @@ + basic_machine=a29k-amd + os=-udi + ;; +- abacus) ++ abacus) + basic_machine=abacus-unknown + ;; + adobe68k) +@@ -474,11 +526,20 @@ + basic_machine=powerpc-ibm + os=-cnk + ;; ++ c54x-*) ++ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ c55x-*) ++ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ c6x-*) ++ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; +- cegcc) ++ cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; +@@ -510,7 +571,7 @@ + basic_machine=craynv-cray + os=-unicosmp + ;; +- cr16) ++ cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; +@@ -668,7 +729,6 @@ + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +-# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 +@@ -726,8 +786,15 @@ + basic_machine=ns32k-utek + os=-sysv + ;; ++ microblaze*) ++ basic_machine=microblaze-xilinx ++ ;; ++ mingw64) ++ basic_machine=x86_64-pc ++ os=-mingw64 ++ ;; + mingw32) +- basic_machine=i386-pc ++ basic_machine=i686-pc + os=-mingw32 + ;; + mingw32ce) +@@ -762,10 +829,18 @@ + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; ++ msys) ++ basic_machine=i686-pc ++ os=-msys ++ ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; ++ nacl) ++ basic_machine=le32-unknown ++ os=-nacl ++ ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 +@@ -830,6 +905,12 @@ + np1) + basic_machine=np1-gould + ;; ++ neo-tandem) ++ basic_machine=neo-tandem ++ ;; ++ nse-tandem) ++ basic_machine=nse-tandem ++ ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; +@@ -912,9 +993,10 @@ + ;; + power) basic_machine=power-ibm + ;; +- ppc) basic_machine=powerpc-unknown ++ ppc | ppcbe) basic_machine=powerpc-unknown + ;; +- ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ppc-* | ppcbe-*) ++ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown +@@ -939,7 +1021,11 @@ + basic_machine=i586-unknown + os=-pw32 + ;; +- rdos) ++ rdos | rdos64) ++ basic_machine=x86_64-pc ++ os=-rdos ++ ;; ++ rdos32) + basic_machine=i386-pc + os=-rdos + ;; +@@ -1008,6 +1094,9 @@ + basic_machine=i860-stratus + os=-sysv4 + ;; ++ strongarm-* | thumb-*) ++ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; + sun2) + basic_machine=m68000-sun + ;; +@@ -1064,20 +1153,8 @@ + basic_machine=t90-cray + os=-unicos + ;; +- tic54x | c54x*) +- basic_machine=tic54x-unknown +- os=-coff +- ;; +- tic55x | c55x*) +- basic_machine=tic55x-unknown +- os=-coff +- ;; +- tic6x | c6x*) +- basic_machine=tic6x-unknown +- os=-coff +- ;; + tile*) +- basic_machine=tile-unknown ++ basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) +@@ -1147,6 +1224,9 @@ + xps | xps100) + basic_machine=xps100-honeywell + ;; ++ xscale-* | xscalee[bl]-*) ++ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` ++ ;; + ymp) + basic_machine=ymp-cray + os=-unicos +@@ -1244,9 +1324,12 @@ + if [ x"$os" != x"" ] + then + case $os in +- # First match some system type aliases +- # that might get confused with valid system types. ++ # First match some system type aliases ++ # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. ++ -auroraux) ++ os=-auroraux ++ ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; +@@ -1268,21 +1351,22 @@ + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ +- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ +- | -kopensolaris* \ ++ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ ++ | -sym* | -kopensolaris* | -plan9* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ +- | -openbsd* | -solidbsd* \ ++ | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ +- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ +- | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ ++ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ ++ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ ++ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ +@@ -1290,7 +1374,7 @@ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ +- | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) ++ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) +@@ -1329,7 +1413,7 @@ + -opened*) + os=-openedition + ;; +- -os400*) ++ -os400*) + os=-os400 + ;; + -wince*) +@@ -1378,7 +1462,7 @@ + -sinix*) + os=-sysv4 + ;; +- -tpf*) ++ -tpf*) + os=-tpf + ;; + -triton*) +@@ -1414,15 +1498,14 @@ + -aros*) + os=-aros + ;; +- -kaos*) +- os=-kaos +- ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; ++ -nacl*) ++ ;; + -none) + ;; + *) +@@ -1445,10 +1528,10 @@ + # system, and we'll never get to this point. + + case $basic_machine in +- score-*) ++ score-*) + os=-elf + ;; +- spu-*) ++ spu-*) + os=-elf + ;; + *-acorn) +@@ -1460,8 +1543,23 @@ + arm*-semi) + os=-aout + ;; +- c4x-* | tic4x-*) +- os=-coff ++ c4x-* | tic4x-*) ++ os=-coff ++ ;; ++ c8051-*) ++ os=-elf ++ ;; ++ hexagon-*) ++ os=-elf ++ ;; ++ tic54x-*) ++ os=-coff ++ ;; ++ tic55x-*) ++ os=-coff ++ ;; ++ tic6x-*) ++ os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) +@@ -1481,14 +1579,11 @@ + ;; + m68000-sun) + os=-sunos3 +- # This also exists in the configure program, but was not the +- # default. +- # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; +- mep-*) ++ mep-*) + os=-elf + ;; + mips*-cisco) +@@ -1497,6 +1592,9 @@ + mips*-*) + os=-elf + ;; ++ or1k-*) ++ os=-elf ++ ;; + or32-*) + os=-coff + ;; +@@ -1515,7 +1613,7 @@ + *-ibm) + os=-aix + ;; +- *-knuth) ++ *-knuth) + os=-mmixware + ;; + *-wec) --- memcached-1.4.14.orig/debian/patches/disable-udp-by-default.patch +++ memcached-1.4.14/debian/patches/disable-udp-by-default.patch @@ -0,0 +1,65 @@ +From dbb7a8af90054bf4ef51f5814ef7ceb17d83d974 Mon Sep 17 00:00:00 2001 +From: dormando +Date: Tue, 27 Feb 2018 10:50:45 -0800 +Subject: [PATCH] disable UDP port by default + +As reported, UDP amplification attacks have started to use insecure +internet-exposed memcached instances. UDP used to be a lot more popular as a +transport for memcached many years ago, but I'm not aware of many recent +users. + +Ten years ago, the TCP connection overhead from many clients was relatively +high (dozens or hundreds per client server), but these days many clients are +batched, or user fewer processes, or simply anre't worried about it. + +While changing the default to listen on localhost only would also help, the +true culprit is UDP. There are many more use cases for using memcached over +the network than there are for using the UDP protocol. +--- + memcached.c | 6 ++---- + t/issue_67.t | 4 ++-- + 2 files changed, 4 insertions(+), 6 deletions(-) + +Index: b/memcached.c +=================================================================== +--- a/memcached.c ++++ b/memcached.c +@@ -205,7 +205,7 @@ static void settings_init(void) { + settings.use_cas = true; + settings.access = 0700; + settings.port = 11211; +- settings.udpport = 11211; ++ settings.udpport = 0; + /* By default this string should be NULL for getaddrinfo() */ + settings.inter = NULL; + settings.maxbytes = 64 * 1024 * 1024; /* default is 64MB */ +@@ -6204,9 +6204,7 @@ int main (int argc, char **argv) { + } + } + +- if (tcp_specified && !udp_specified) { +- settings.udpport = settings.port; +- } else if (udp_specified && !tcp_specified) { ++ if (udp_specified && settings.udpport != 0 && !tcp_specified) { + settings.port = settings.udpport; + } + +Index: b/t/issue_67.t +=================================================================== +--- a/t/issue_67.t ++++ b/t/issue_67.t +@@ -73,12 +73,12 @@ sub when { + + # Disabling the defaults since it conflicts with a running instance. + # when('no arguments', '', 11211, 11211); +-when('specifying tcp port', '-p 11212', 11212, 11212); ++when('specifying tcp port', '-p 11212', 11212, -1); + when('specifying udp port', '-U 11222', 11222, 11222); + when('specifying tcp ephemeral port', '-p -1', 0, 0); + when('specifying udp ephemeral port', '-U -1', 0, 0); + when('tcp port disabled', '-p 0', -1, -1); +-when('udp port disabled', '-U 0', -1, -1); ++when('udp port disabled', '-U 0', 11211, -1); + when('specifying tcp and udp ports', '-p 11232 -U 11233', 11232, 11233); + when('specifying tcp and disabling udp', '-p 11242 -U 0', 11242, -1); + when('specifying udp and disabling tcp', '-p -1 -U 11252', 0, 11252); --- memcached-1.4.14.orig/debian/patches/fix-distribution.patch +++ memcached-1.4.14/debian/patches/fix-distribution.patch @@ -0,0 +1,71 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -554,4 +554,13 @@ + fi + + AC_CONFIG_FILES(Makefile doc/Makefile) ++ ++# define distribution ++if test -x /usr/bin/lsb_release && lsb_release -si; then ++ MEMCACHED_DISTRIBUTION=" ($(lsb_release -si))" ++else ++ MEMCACHED_DISTRIBUTION="" ++fi ++AC_DEFINE_UNQUOTED(MEMCACHED_DISTRIBUTION, "$MEMCACHED_DISTRIBUTION", Memcached distribution) ++ + AC_OUTPUT +--- a/memcached.c ++++ b/memcached.c +@@ -2536,7 +2536,8 @@ + APPEND_STAT("pid", "%lu", (long)pid); + APPEND_STAT("uptime", "%u", now); + APPEND_STAT("time", "%ld", now + (long)process_started); +- APPEND_STAT("version", "%s", VERSION); ++ append_stat("version", add_stats, c, "%s%s", VERSION, ++ MEMCACHED_DISTRIBUTION); + APPEND_STAT("libevent", "%s", event_get_version()); + APPEND_STAT("pointer_size", "%d", (int)(8 * sizeof(void *))); + +@@ -3325,7 +3326,7 @@ + + } else if (ntokens == 2 && (strcmp(tokens[COMMAND_TOKEN].value, "version") == 0)) { + +- out_string(c, "VERSION " VERSION); ++ out_string(c, "VERSION " VERSION MEMCACHED_DISTRIBUTION); + + } else if (ntokens == 2 && (strcmp(tokens[COMMAND_TOKEN].value, "quit") == 0)) { + +--- a/configure ++++ b/configure +@@ -6277,6 +6277,19 @@ + + ac_config_files="$ac_config_files Makefile doc/Makefile" + ++ ++# define distribution ++if test -x /usr/bin/lsb_release && lsb_release -si; then ++ MEMCACHED_DISTRIBUTION=" ($(lsb_release -si))" ++else ++ MEMCACHED_DISTRIBUTION="" ++fi ++ ++cat >>confdefs.h <<_ACEOF ++#define MEMCACHED_DISTRIBUTION "$MEMCACHED_DISTRIBUTION" ++_ACEOF ++ ++ + cat >confcache <<\_ACEOF + # This file is a shell script that caches the results of configure + # tests run on this system so they can be shared between configure +--- a/config.h.in 2012-07-30 21:57:04.000000000 +0100 ++++ b/config.h.in 2013-11-14 23:42:59.266402946 +0000 +@@ -87,6 +87,9 @@ + /* Define to 1 if the system has the type `_Bool'. */ + #undef HAVE__BOOL + ++/* Memcached distribution */ ++#undef MEMCACHED_DISTRIBUTION ++ + /* Machine need alignment */ + #undef NEED_ALIGN + --- memcached-1.4.14.orig/debian/patches/series +++ memcached-1.4.14/debian/patches/series @@ -0,0 +1,14 @@ +01_init_script_additions.patch +02_manpage_additions.patch +03_fix_ftbfs4hurd.patch +04_add_init_retry.patch +start-memcached-fix-hash.patch +config-updates.diff +fix-distribution.patch +CVE-2011-4971.patch +CVE-2013-0179.patch +CVE-2013-7239.patch +CVE-2016-870x.patch +CVE-2017-9951.patch +disable-udp-by-default.patch +CVE-2018-1000127.patch --- memcached-1.4.14.orig/debian/patches/start-memcached-fix-hash.patch +++ memcached-1.4.14/debian/patches/start-memcached-fix-hash.patch @@ -0,0 +1,20 @@ +Author: kamil.swiatkowski@gmail.com +Description: fixes using # in /etc/memcached.conf as a value for options + Second version of patch, now allows inline comments +Bug: http://code.google.com/p/memcached/issues/detail?id=283 +Bug-Ubuntu: http://pad.lv/1005821 +Forwarded: yes + +Index: memcached/scripts/start-memcached +=================================================================== +--- memcached.orig/scripts/start-memcached 2012-02-09 13:50:50.000000000 -0800 ++++ memcached/scripts/start-memcached 2012-07-31 14:36:14.056875541 -0700 +@@ -62,7 +62,7 @@ + foreach my $line (<$etchandle>) + { + $line ||= ""; +- $line =~ s/\#.*//g; ++ $line =~ s/(? /dev/null; then + echo "OK" +else + echo "ERROR: ${DAEMON} IS NOT RUNNING" + exit 1 +fi --- memcached-1.4.14.orig/debian/watch +++ memcached-1.4.14/debian/watch @@ -0,0 +1,5 @@ +version=3 +opts=\ +downloadurlmangle=s|.*[?]name=(.*?)&.*|http://memcached.googlecode.com/files/$1|,\ +filenamemangle=s|[^/]+[?]name=(.*?)&.*|$1| \ +http://code.google.com/p/memcached/downloads/detail[?]name=memcached-([0-9.]+).tar.gz&.*