Ubuntu
memcached package

memcached.service is less secure by default

Bug #1755460 reported by Robie Basak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Memcached Mirror
New
Unknown
memcached (Debian)
Fix Released
Unknown
memcached (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Upstream regressed systemd sandboxing in memcached 1.5.6 by commenting out '##safer##'-prefixed lines and expecting packaging to uncomment them when using a newer version of systemd that supports these lines (which we already do).

I have reported this upstream in https://github.com/memcached/memcached/issues/359

In the meantime, we need to patch these comments back out (re-enabling the lines). Christian Ehrhardt also suggested to me that it would be a good idea to make sure that no '##safer##' get through in case upstream add any more through a check in debian/rules.

I'm creating this bug to document what's going on so that I can link to this from this workaround in the packaging. We should be able to drop this workaround as soon as this is resolved upstream.

Related branches

~racb/ubuntu/+source/memcached:upstream-bump-1.5.6
Christian Ehrhardt  (community): Approve
Canonical Server: Pending requested
Diff: 1554 lines (+515/-267)
28 files modified
assoc.c (+8/-20)
assoc.h (+1/-0)
configure (+10/-10)
crawler.c (+7/-5)
crawler.h (+4/-1)
debian/changelog (+10/-0)
debian/patches/02_service_wrapper.patch (+6/-8)
debian/patches/restore-systemd-sandboxing (+61/-0)
debian/patches/series (+1/-1)
debian/rules (+2/-0)
dev/null (+0/-64)
doc/Makefile (+3/-3)
items.c (+6/-1)
items.h (+1/-0)
memcached.c (+28/-9)
memcached.spec (+101/-27)
memcached_dtrace.d (+2/-6)
scripts/memcached-automove-extstore (+25/-30)
scripts/memcached.service (+46/-34)
scripts/memcached.sysconfig (+10/-0)
scripts/memcached@.service (+89/-0)
slab_automove_extstore.c (+65/-35)
slabs.c (+8/-3)
t/issue_67.t (+2/-2)
thread.c (+11/-0)
timedrun.c (+5/-5)
trace.h (+2/-2)
version.m4 (+1/-1)
Bug Watch Updater (bug-watch-updater)
Changed in memcached:
status: Unknown → New
Robie Basak (racb)
Changed in memcached (Ubuntu):
status: Triaged → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in memcached (Debian):
status: Unknown → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.5.6-0ubuntu1

---------------
memcached (1.5.6-0ubuntu1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1753839).
  * d/p/disable-udp-by-default.patch: drop (now upstream).
  * d/p/02_service_wrapper.patch: refresh to remove fuzz.
  * d/p/restore-systemd-sandboxing: restore sandboxing in memcached.service
    removed by upstream in 1.5.6 to avoid feature regression (LP: #1755460).

 -- Robie Basak <email address hidden> Tue, 13 Mar 2018 09:59:06 +0000

Changed in memcached (Ubuntu):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in memcached (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.