memcached.service is less secure by default

Bug #1755460 reported by Robie Basak on 2018-03-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Memcached Mirror
New
Unknown
memcached (Debian)
Confirmed
Unknown
memcached (Ubuntu)
Medium
Unassigned

Bug Description

Upstream regressed systemd sandboxing in memcached 1.5.6 by commenting out '##safer##'-prefixed lines and expecting packaging to uncomment them when using a newer version of systemd that supports these lines (which we already do).

I have reported this upstream in https://github.com/memcached/memcached/issues/359

In the meantime, we need to patch these comments back out (re-enabling the lines). Christian Ehrhardt also suggested to me that it would be a good idea to make sure that no '##safer##' get through in case upstream add any more through a check in debian/rules.

I'm creating this bug to document what's going on so that I can link to this from this workaround in the packaging. We should be able to drop this workaround as soon as this is resolved upstream.

Related branches

Changed in memcached:
status: Unknown → New
Robie Basak (racb) on 2018-03-14
Changed in memcached (Ubuntu):
status: Triaged → Fix Committed
Changed in memcached (Debian):
status: Unknown → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.5.6-0ubuntu1

---------------
memcached (1.5.6-0ubuntu1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1753839).
  * d/p/disable-udp-by-default.patch: drop (now upstream).
  * d/p/02_service_wrapper.patch: refresh to remove fuzz.
  * d/p/restore-systemd-sandboxing: restore sandboxing in memcached.service
    removed by upstream in 1.5.6 to avoid feature regression (LP: #1755460).

 -- Robie Basak <email address hidden> Tue, 13 Mar 2018 09:59:06 +0000

Changed in memcached (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.