Please merge with latest upstream from Debian

Bug #1462747 reported by Guillaume Delacour on 2015-06-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
memcached (Ubuntu)

Bug Description


The Ubuntu archive is still sticked on 1.4.14-0u9 while Debian has 1.4.24-1, i think it could be great if Ubuntu use the last version available in Debian.

Daniel Holbach (dholbach) wrote :

Can you please review which of our changes were already applied in Debian? Syncing would effectively mean dropping all our changes. Ubuntu currently has the following changes applied on top of Debian's 1.4.14:

  * SECURITY UPDATE: denial of service via large body length
    - debian/patches/CVE-2011-4971.patch: check length in memcached.c,
      added test to t/issue_192.t.
    - CVE-2011-4971
  * SECURITY UPDATE: denial of service when using -vv
    - debian/patches/CVE-2013-0179.patch: properly format key in items.c,
    - CVE-2013-0179
  * SECURITY UPDATE: SASL authentication bypass
    - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
      states in memcached.*, added test to t/binary-sasl.t.
    - CVE-2013-7239
  * debian/memcached.postinst: don't create home directory so we don't end
    up with /nonexistent. Thanks to Dustin Lundquist for patch.
    (LP: #1255328)
  * Revert unnecessary deltas added to patches compared to Debian.
  * Revert use of dh-autoreconf and patch configure manually to
    match, as this package despises modern autotools.
  * debian/rules: Fix the previous fixes a little harder, so they work.
  * debian/rules: Shuffle things around so that dh_autoreconf is always
    run before dh_quilt_patch. Fixes FTBFS with dpkg-buildpackage -B.
  * debian/control: added lsb-release, dh-autoreconf to build depends
  * debian/rules: run autoreconf
  * debian/patches/fix-distribution.patch: added patch to show
    distribution on version
  * Move dh_quilt_apply into configure step so that config.{sub,guess}
    patches get applied before running configure. (LP: #1218114)
  * Update config.{guess,sub} for Aarch64.
  * debian/tests: Add autopkgtest.
  * d/p/60_fix_racey_test.patch: Dropped, applied upstream.
  * d/p/start-memcached-fix-hash.patch: Change regex to make sure
    inline comments can function per feedback from upstream. Passing
    "#" to arguments now requires escaping with \.
  * d/p/start-memcached-fix-hash.patch: Apply patch to allow passing
    # as a value for memcached options such as -D to use # as a prefix
    delimiter for stats collection. (LP: #1005821)
    - Run as 'memcache' user instead of nobody.
    - Depend on adduser for preinst/postrm.
    - Create user in postinst.
    - d/rules: run test suite on build.
    - d/patches/50_fix_racey_test.patch: Cherry picked patch from
      upstream bug tracker which endeavours to avoid the race condition.
      Thanks to Clint Byrum for this fix.
    - d/patches/50_add_init_retry.patch: Dropped - superceeded by Debian

Changed in memcached (Ubuntu):
status: New → Incomplete
Daniel Holbach (dholbach) wrote :

There's a lack of answer, so I'll unsubscribe the 'ubuntu-sponsors' team for now. Please resubscribe once there's something new to be reviewed.

Robie Basak (racb) wrote :

Probably not suitable for sync but it is a valid bug in that memcached needs updating in Ubuntu, so let's track that.

summary: - Please sync with 1.4.24 Debian sid package
+ Please merge with latest upstream from Debian
Changed in memcached (Ubuntu):
status: Incomplete → Triaged
importance: Undecided → Wishlist
tags: added: upgrade-software-version
Guillaume Delacour (gui-iroqwa) wrote :

All changes are included in 1.4.20-1 unless:
- debian/patches/fix-distribution.patch: specific to Ubuntu i guess
- second version of d/p/start-memcached-fix-hash.patch to use # in /etc/memcached.conf (LP: #1005821)

I've to push 1.4.20-2 to include this last fix and after that, the package can be synced.

Guillaume Delacour (gui-iroqwa) wrote :

memcached 1.4.24-2 has been uploaded the 2015-07-23 with all Ubuntu fixes. Consider double check and sync.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.24-2ubuntu1

memcached (1.4.24-2ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes: (LP: #1462747)
    - debian/patches/fix-distribution.patch: added patch to show
      distribution on version (updated to make merging easier)

memcached (1.4.24-2) unstable; urgency=medium

  * Refresh 06_eol_comment_handling.patch and debian/systemd-memcached-wrapper
    to handle "\#" value for -D flag
  * debian/rules: remove package generated memcached.init file

memcached (1.4.24-1) unstable; urgency=medium

  * New upstream release, refresh 07_disable_tests.patch
  * debian/control: Remove XS-Testsuite as dpkg now recognize this header
  * debian/tests: test the daemon by creating, getting, and flushing keys

memcached (1.4.21-1.1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Guillaume Delacour ]
  * Provide systemd perl wrapper to load /etc/memcached.conf settings, thanks
    Christos Trochalakis (Closes: #774087)

memcached (1.4.21-1) unstable; urgency=medium

  * New upstream release
  * Use autotools-dev instead of dh_autoreconf, backup upstream files updated
  * Patching no more needed
  * Don't run t/whitespace.t as .git in packaging report false positive

memcached (1.4.20-1) unstable; urgency=medium

  * New upstream release: (Closes: #733588)
    - Includes fix for CVE-2013-7291 (Closes: #735314)
    - Fix build for arm64 port (Closes: #761027, #721203)
  * Add myself to Uploaders
  * Provide scripts/damemtop, scripts/mc_slab_mover
  * README is now
  * Suggests perl modules used by the new scripts
  * Packaging updates:
    - Switch to debhelper 9 and use source format 3.0
    - remove dpkg-dev and quilt Build-Deps,
    - add adduser dependency
    - use all hardening options
    - remove unnecessary debian/README.source
    - update debian/copyring to use the machine-readable format
  * Bumped policy version to 3.9.6 (no changes needed)
  * Use dedicated memcache user instead of nobody, thanks Clint Byrum
    (Closes: #587797)
  * Use DEP-8 to test the package, thanks Yolanda Robla (Closes: #710015)
  * Update description to remove "A" article and change Homepage
  * Handle end of line comments in memcached.conf (Closes: #683144)
  * Update debian/watch to track (github has old 1.6.0-beta1)
  * Update upstream manpage to add missing options (Closes: #685800)
  * Add Vcs-{Git,Browser}
  * Provide systemd support.
  * Provide the status for several instances in scripts/memcached-init, if
    the script is used. (Closes: #709163, LP: #1177398)

  [ Ana Beatriz Guerrero Lopez ]
  * As discussed with David by IRC, sponsor the package with Guillaume
  * Add the stanza "XS-Testsuite: autopkgtest" in debian/control
  * Acknowledge old NMUs from Arno Töll. (Closes: #641770, #672125)

 -- Marc Deslauriers <email address hidden> Tue, 18 Aug 2015 08:52:11 -0400

Changed in memcached (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers