From a179712ff1ab588bfec15545d4450e75bddb50b573bc3adf26bb9ffe1c052170 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 16:44:34 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main memcached revision b4eb8cbe4c5f0f381a4c07fae0bcf242 --- .gitattributes | 23 + harden_memcached.service.patch | 18 + memcached-1.6.23.tar.gz | 3 + memcached-rpmlintrc | 1 + memcached.changes | 1052 ++++++++++++++++++++++++++++++++ memcached.service | 23 + memcached.spec | 167 +++++ memcached.sysconfig | 31 + system-user-memcached.conf | 2 + 9 files changed, 1320 insertions(+) create mode 100644 .gitattributes create mode 100644 harden_memcached.service.patch create mode 100644 memcached-1.6.23.tar.gz create mode 100644 memcached-rpmlintrc create mode 100644 memcached.changes create mode 100644 memcached.service create mode 100644 memcached.spec create mode 100644 memcached.sysconfig create mode 100644 system-user-memcached.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/harden_memcached.service.patch b/harden_memcached.service.patch new file mode 100644 index 0000000..f39a3db --- /dev/null +++ b/harden_memcached.service.patch @@ -0,0 +1,18 @@ +Index: memcached-1.6.9/scripts/memcached.service +=================================================================== +--- memcached-1.6.9.orig/scripts/memcached.service ++++ memcached-1.6.9/scripts/memcached.service +@@ -41,6 +41,13 @@ CapabilityBoundingSet=CAP_SETGID CAP_SET + # Restricts the set of socket address families accessible to the processes + # of this unit. Protects against vulnerabilities such as CVE-2016-8655 + RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectHome=true ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelLogs=true ++# end of automatic additions + + + # Some security features are not in the older versions of systemd used by diff --git a/memcached-1.6.23.tar.gz b/memcached-1.6.23.tar.gz new file mode 100644 index 0000000..fdc7889 --- /dev/null +++ b/memcached-1.6.23.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:85b0334904f440296a685ccfda75f0f4517bf8922ab8efa6d0c4b3c92c354d4c +size 1166511 diff --git a/memcached-rpmlintrc b/memcached-rpmlintrc new file mode 100644 index 0000000..50df8e5 --- /dev/null +++ b/memcached-rpmlintrc @@ -0,0 +1 @@ +addFilter("incoherent-init-script-name") diff --git a/memcached.changes b/memcached.changes new file mode 100644 index 0000000..bab4106 --- /dev/null +++ b/memcached.changes @@ -0,0 +1,1052 @@ +------------------------------------------------------------------- +Mon Jan 29 14:22:08 UTC 2024 - Dirk Müller + +- update to 1.6.23: + * https://github.com/memcached/memcached/wiki/ReleaseNotes1623 + +------------------------------------------------------------------- +Mon Nov 13 11:40:34 UTC 2023 - pgajdos@suse.com + +- version update to 1.6.22 + * core: fix incr/decr/ma failing in some conditions + * extstore: fix item loss during page defrag + * Note that counts for track_sizes are best effort + * core: fix build on BSD + * core: speedup for async IO handling + * core: don't ignore sighup in daemonize mode + * proxy: add label to proxy backend error logs + * proxy: if a ustat label is "", skip printing + * proxy: fix ms ignoring T flag for mcp.internal + * proxy: fix ms parsing error + * proxy: fix backend cleanup when using worker IO + * proxy: fix response code in the event of dead backend + * proxy: fix race condition in first load + * proxy: fix off-by-one if \r is missing + * proxy: update backends if conncount changes + * proxy: io submission queue opt + * proxy: io return optimization + * proxy: fix for dropping -O2 from lua compile + * proxy: fix buffer overflow with multiget syntax + * proxy: fix flaky test in t/proxylimits.t +- fixes [bsc#1216700] (CVE-2023-46853) +- fixes [bsc#1216699] (CVE-2023-46852) + +------------------------------------------------------------------- +Mon Jun 26 13:26:48 UTC 2023 - pgajdos@suse.com + +- version update to 1.6.21 + * build: avoid disting build artifacts from vendor/* + * extstore: fix data bugs on high overwrite key + * proxy: fixes for memory tracking + * meta: fix ms c flag reflecting s flag + * extstore: fail to start if given no disk space + * extstore: Handle incorrect units gracefully + * proxy: mcp.internal() support ascii multiget + * proxy: fix segfault for reqs with too few tokens + * proxy: fix per-worker-thread backend mode batching + * proxy: fix meta set M flag for mcp.internal() + * proxy: add await tests in proxyunits.t + * proxy: add response API tests in proxyunits.t + +------------------------------------------------------------------- +Mon May 29 19:43:39 UTC 2023 - Dirk Müller + +- update to 1.6.20: + * extstore: increase aggressiveness of flush thread + * proxy: improve unit test coverage + * proxy: random small fixes + * proxy: return 'readvalidate' on be read timeout + * proxy: don't print null ustats from "stats proxy" + * proxy: use connect timeout during retries + * proxy: fix flaky test in proxyconfig.t + * check for sys/auxv.h + * proxy: send CLIENT_ERROR when proper + * proxy: print lua error message on reload failure + * proxy: rip out io_uring code (to be re-added later) + * proxy: overhaul backend error handling: surface error messages + to clients + * proxy: fix reversal of pipelined backend queries + * proxy: add request and buffer memory limits + * proxy: restrict functions for lua config vs route + * proxy: fix bug ignoring -R setting for proxy reqs + * proxy: add conntimeout error + * proxy: add memory accounting tracking + +------------------------------------------------------------------- +Tue Mar 14 09:10:57 UTC 2023 - Dirk Müller + +- update to 1.6.19: + * crawler: add lru_crawler mgdump command + * replace 2&>1 by 2>&1 in rpm spec file + * log: fix race condition while incrementing log entries dropped + * Add new pkg-config dependencies to dockerfiles + * Document missing flags of Meta Arithmetic + * configure.ac: add --enable-werror + * proxy: reduce noise for dead backends + * proxy: more await unit tests + * proxy: fix trailingdata error with ascii multiget misses + * crawler: don't hold lock while writing to network + * proxy: redo libevent handling code (speedup/fixes) + * proxy: fix "missingend" error on reading responses + * proxy: add read buffer data to backend error messages + * proxy: fix partial responses on backend timeouts + * proxy: disallow overriding mn command + * tests: timedrun SIGHUP pass-thru + * proxy: new integration tests. + * proxy: fix mismatched responses after bad write + * proxy: fix stats deadlock caused by await code + * proxy: clean logic around lua yielding + * core: remove *c from some response code + * core: simplify background IO API + * core: remove *conn object from cache commands + +------------------------------------------------------------------- +Sun Jan 15 21:30:23 UTC 2023 - Dirk Müller + +- update to 1.6.18: + * Mostly fixes and improvements to proxy mode. + * Meta protocol has some adjusments: extra spaces were + being returned in a few instances + * see https://github.com/memcached/memcached/wiki/ReleaseNotes1618 + +------------------------------------------------------------------- +Mon Oct 3 10:30:22 UTC 2022 - Dirk Müller + +- remove sysv init case +- move memcache binary to %{_bindir} like on Debian and RHEL like + distributions + +------------------------------------------------------------------- +Mon Sep 5 13:13:33 UTC 2022 - Dirk Müller + +- update to 1.6.17: + * release TLS read and write buffers when idle + * Find perl via /usr/bin/env instead of directly + * Mac M1 build update. detects arm64 crc32 h/w support. + * DTrace build fix on Mac + * core: fix strncat warning + * configure.ac: use pkg-config to retrieve openssl + * proxy: fix missing md5.h from tarball dist + * docs: don't rebuild binprot XML anymore + * Do memory bound check for some C string operations + * proxy: allow mcp.pool to ignore a nil second arg + * Improve Slab Automove behavior + * proxy: allow booleans in pool structure + * proxy: backend object cache was broken + * log: fix obscure crashes due to size_t promotion + * Fix race leads to deadlock during shutdown (sigterm/sigusr1) + * proxy: req:flag_token("F", "Freplacement") + * New Features + * sock ip filtering tagging support for FBSD/OBSD + * MacOS drop privileges support + * core: make large item storage more reliable + * extstore: make defaults more aggressive + +------------------------------------------------------------------- +Wed Aug 17 19:11:29 UTC 2022 - Dirk Müller + +- update to 1.6.16: + * proxy: add req:flag_token("F") + * proxy: mcp.response code and rline API + * proxy: add r:has_flag(), fix r:token() length + * proxy: mcp.request() improvements + * proxy: mcplib_request_token() doesn't delimit the final token in a request + * tls: Disable TLS re-negotiation from SSL context + * Fix undefined behavior and warning with clang + * proxy: fix the hashstring size for evcache ketama + * core: Fix FTBFS with GCC 12 on ppc64el + * proxy: fix race crash from io obj use-after-free + * proxy: fix mcp.await() when using extended args + * proxy: add missing errno.h include to proxy.h + * proxy: fix potential corruption on partial write + * proxy: rework backend buffer handling to fix protocol desync bug + * tests: skip whitespace on vendor/* + * tls: Add switch to opt-in to kernel TLS on OpenSSL 3.0.0+ + * core: checks port number at start time + * Add a command to dump keys for memcached-tool + * proxy: 'proxyreqs' does not work unless 'proxyuser' also provided + * proxy: replace proxycmds stream with proxyreqs + * proxy: mcp.log_req* API interface + +------------------------------------------------------------------- +Tue Apr 19 14:34:55 UTC 2022 - Dirk Müller + +- update to 1.6.15: + * proxy: Fix buffer overflow and prevent recv() of 0 byte + * proxy: allow await() to be called recursively + * proxy: mcp.request(cmd, [val | resp]) + * proxy: hacky method of supporting noreply/quiet + * proxy: add ring_hash builtin + * proxy: fix logger entry memory corruption + * storage: parameterize the compaction thread sleep + * proxy: pull chunks into individual c files + * proxy: documentation updates + * proxy: "stats settings" for proxy + * proxy: await improvements + * proxy: trivial support for SO_KEEPALIVE on backend + * mcmc: upstream update for SO_KEEPALIVE + * proxy: fix crash on stats proxy sans user stats + * proxy: enable backend_total stat + * proxy: track in-flight requests + * proxy: add some basic logging for backend errors + * proxy: logging improvements + lua mcp.log() + * proxy: add stats for commands seen + +------------------------------------------------------------------- +Sun Feb 20 22:06:44 UTC 2022 - Dirk Müller + +- update to 1.6.14: + * tests: workaround for t/watcher.t race + * restart: fix typo in error message + * Extend extbuf in try_read_command_binary function + * tests: repair race in maxconns.t test + * Fix integer overflow in hashsize calculation causing hang on huge hash tables + * meta: add "proxy tokens" P, L which are ignored + * core: fix large pages detection on redhat distros + * Fix error message on conflicting ports while using '-l' + +------------------------------------------------------------------- +Sat Jan 22 12:06:25 UTC 2022 - Dirk Müller + +- update to 1.6.13: + * core: make object cache LIFO + * meta: protocol.txt updates for CAS return + * meta: fix meta delete + * meta: fix CAS ('c') return values + * core: fix use-after-free for text multigets + * Replace OPENSSL_VERSION_NUMBER check with defined(TLS1_3_VERSION) check for TLS v1.3 compatibility + * Fix full unit test suite under test_tls + * Track store errors in thread stats + * Fix for failing tests on OS X + * extstore: avoid looping IO queues on submission + * tests: maxconns test when extstore enabled + * core: remove cdefs include from queue.h + +------------------------------------------------------------------- +Sun Nov 28 17:22:19 UTC 2021 - Sarah Kriesch + +- update to 1.6.12: + * add queue.h in archive + * Expose number of currently active watchers in stats + * Configurable minimum supported TLS protocol version + * core: fix hang bug in extstore + * thread: use eventfd for worker notify if available + * thread: per-worker-thread connection event queues + * core: cache.c cleanups, use queue.h freelist + * core: add queue.h to replace handrolled queues. + * logger: simplify logging code + * logger: avoid polling without watchers + * Implement LOG_CONNEVENTS watcher flag for connection state transitions + * Report item sizes for fetch, mutation, and eviction watchers + * Fix typos in doc/code comments (tem->item, etc) + * "watch connevents" will show realtime log entries about client connect/ + disconnect events. + * Fix minor severity heap buffer overflow reading --auth-file + * stats_prefix.c: Check for NDEBUG before using total_written variable + * Add settings stat for shutdown_command enabled + * [docker] Add user and expose the memcached port + * meta: remove EXPERIMENTAL mark + doc fixes + * meta: response code OK -> HD + * meta: fix metaset syntax + * meta: repairs to mset command + * hash: add XXH3 to list of hash algorithms. + * fix arm64 crc32 on old glibc/gcc. + * extstore: fix crash on 'stats extstore' + * seccomp: extend allowed rules for extended usage + * The total number of UDP datagrams required for the message is calculated + incorrectly. + * meta: allow base64'ed binary keys with 'b' flag + * small improvements to readme + * Added debugtime command for test suite + * The meta protocol can now transmit binary encoded keys by encoding the + key in base64 and sending a 'b' flag with the command + +------------------------------------------------------------------- +Wed Oct 6 12:01:19 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_memcached.service.patch + Modified: + * memcached.service + +------------------------------------------------------------------- +Fri Jun 4 13:18:29 UTC 2021 - Callum Farmer + +- Change to using systemd-sysusers + +------------------------------------------------------------------- +Thu Nov 26 18:44:34 UTC 2020 - Dirk Mueller + +- update to 1.6.9: + * arm64: Re-add arm crc32c hw acceleration for extstore + * restart mode: expose memory_file path in stats settings + * 'shutdown graceful' command for raising SIGUSR1 + * Introduce NAPI ID based worker thread selection (see doc/napi_ids.txt) + * item crawler hash table walk mode + * bugfixes + +------------------------------------------------------------------- +Tue Oct 13 10:08:57 UTC 2020 - Jan Engelhardt + +- Trim history lesson from description. +- Do not suppress errors from useradd. +- Reduce hard dependency on systemd. + +------------------------------------------------------------------- +Mon Sep 28 20:29:25 UTC 2020 - Dirk Mueller + +- update to 1.6.7: + * Dockerfile - allow override of config opts + * Improve page balancing when writes are bursty + * main: split binary protocol into proto_bin.c + * main: split text protocol into proto_text.c + * add openssl errors to SSL certificate loading error messages + * skip setting the resource limits in debug builds + * Use signal function instead of sigignore + * fixing the basic tls test so it exits correctly when fails + * net: remove most response obj cache related code + * net: carve response buffers from read buffers + * Do not join lru and slab maintainer threads if they do not exist + * Restore SAN entries in testing TLS certificates + * Changed code using strtol to use safe_strtol wrapper + * Fix TCP failure under OS X. +- drop use-signal-function-instead-of-sigignore.patch (upstream) + +------------------------------------------------------------------- +Tue Sep 1 19:24:14 UTC 2020 - Callum Farmer + +- Add use-signal-function-instead-of-sigignore.patch: sigignore + causes deprecation errors(gh#memcached/memcached#691) + +------------------------------------------------------------------- +Sat Jun 6 05:37:41 UTC 2020 - Andreas Stieger + +- update to 1.6.6: + * Fix crash on shutdown when handling signals with TLS enabled + * Disable aarch64 hw crc32 function for now + * Pull in BigEndian-compatible crc32c + * minimum libevent version is 2.x + +------------------------------------------------------------------- +Mon Apr 13 19:08:36 UTC 2020 - Marcus Rueckert + +- update to version 1.6.5 + https://github.com/memcached/memcached/wiki/ReleaseNotes165 +- drop link_sasl.patch issue is fixed +- dropped 635.patch and 634.patch: in 1.6.5 release + +------------------------------------------------------------------- +Mon Apr 13 12:00:31 UTC 2020 - Marcus Rueckert + +- update to version 1.6.4 + https://github.com/memcached/memcached/wiki/ReleaseNotes163 + https://github.com/memcached/memcached/wiki/ReleaseNotes164 +- drop patches as they are included in the update: + https://github.com/memcached/memcached/pull/634 + https://github.com/memcached/memcached/pull/635 +- added link_sasl.patch: it seems libsasl2 wasnt linked which lead + to undefined references + +------------------------------------------------------------------- +Wed Apr 1 23:59:38 UTC 2020 - Marcus Rueckert + +- disable extstore also on ppc(64) + +------------------------------------------------------------------- +Wed Apr 1 23:26:11 UTC 2020 - Marcus Rueckert + +- apply patch from https://github.com/memcached/memcached/pull/634 + fix building with LTO and also building with -fno-common. + (634.patch) + +------------------------------------------------------------------- +Thu Mar 26 01:22:59 UTC 2020 - Marcus Rueckert + +- apply patch from https://github.com/memcached/memcached/pull/635 + to fix crashes we saw during the testsuite (635.patch) +- disable extstore on s390 for now as there are known bugs on that + platform + +------------------------------------------------------------------- +Tue Mar 24 21:27:33 UTC 2020 - Marcus Rueckert + +- limit tls support to 15 and above + +------------------------------------------------------------------- +Tue Mar 24 21:20:51 UTC 2020 - Marcus Rueckert + +- disable lto until the 2 settings structs are resolved + +------------------------------------------------------------------- +Tue Mar 24 20:54:55 UTC 2020 - Marcus Rueckert + +- update to version 1.6.2 (boo# 1167522) CVE-2020-10931 + https://github.com/memcached/memcached/wiki/ReleaseNotes162 + https://github.com/memcached/memcached/wiki/ReleaseNotes161 + https://github.com/memcached/memcached/wiki/ReleaseNotes160 + https://github.com/memcached/memcached/wiki/ReleaseNotes1522 + https://github.com/memcached/memcached/wiki/ReleaseNotes1521 + https://github.com/memcached/memcached/wiki/ReleaseNotes1520 + https://github.com/memcached/memcached/wiki/ReleaseNotes1519 + https://github.com/memcached/memcached/wiki/ReleaseNotes1518 +- dropped all patches after reviewing with upstream: + memcached-1.4.5.dif + memcached-autofoo.patch + memcached-use-endian_h.patch +- enable TLS support (new BR: openssl-devel perl-IO-Socket-SSL + perl-Net-SSLeay) + +------------------------------------------------------------------- +Tue Sep 3 09:53:22 UTC 2019 - pgajdos@suse.com + +- version update to 1.5.17 + * bugfixes + fix strncpy call in stats conns to avoid ASAN violation + extstore: fix indentation + add error handling when calling dup function + add unlock when item_cachedump malloc failed + extstore: emulate pread(v) for macOS + fix off-by-one in logger to allow CAS commands to be logged. + use strdup for explicitly configured slab sizes + move mem_requested from slabs.c to items.c (internal cleanup) + * new features + add server address to the "stats conns" output + log client connection id with fetchers and mutations + Add a handler for seccomp crashes +- version update to 1.5.16 + * bugfixes + When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them. +- version update to 1.5.15 + * bugfixes + Speed up incr/decr by replacing snprintf. + Use correct buffer size for internal URI encoding. + change some links from http to https + Fix small memory leak in testapp.c. + free window_global in slab_automove_extstore.c + remove inline_ascii_response option + -Y [filename] for ascii authentication mode + fix: idle-timeout wasn't compatible with binprot + * features + -Y [authfile] enables an authentication mode for ASCII protocol. +- modified patches + % memcached-autofoo.patch (refreshed) + +------------------------------------------------------------------- +Thu May 2 10:05:14 UTC 2019 - pgajdos@suse.com + +- version update to 1.5.14 + * update -h output for -I (max item size) + * fix segfault in "lru" command + * fix compile error on centos7 + * extstore: error adjusting page_size after ext_path + * extstore: fix segfault if page_count is too high. + * close delete + incr item survival race bug + * memcached-tool dump fix loss of exp value + * Fix "qw" in "MemcachedTest.pm" so wait_ext_flush is exported properly + * Experimental TLS support. + * Basic implementation of TLS for memcached. + * Improve Get And Touch documentation + * fix INCR/DECR refcount leak for invalid items +- modified patches + % memcached-autofoo.patch (refreshed) + +------------------------------------------------------------------- +Wed Oct 17 11:51:19 UTC 2018 - Nicolas Bock + +- Version bump to 1.5.11: + * extstore: balance IO thread queues +- Drop memcached-fix_test.patch that is present now upstream + +------------------------------------------------------------------- +Wed Oct 3 11:52:39 UTC 2018 - Guillaume GARDET + +- Add patch to fix aarch64, ppc64* and s390x tests: + * memcached-fix_test.patch + +------------------------------------------------------------------- +Fri Aug 17 15:15:38 UTC 2018 - nicolas.bock@suse.com + +- Fix linter errors regarding COPYING + +------------------------------------------------------------------- +Mon Aug 13 09:43:51 UTC 2018 - astieger@suse.com + +- update to 1.5.10: + * disruptive change in extstore: -o ext_page_count= is deprecated + and no longer works. To specify size: -o ext_path=/d/m/e:500G + extstore figures out the page count based on your desired page + size. M|G|T|P supported. + * extstore: Add basic JBOD support: ext_path can be specified + multiple times for striping onto simimar devices + * fix alignment issues on some ARM platforms for chunked items + +------------------------------------------------------------------- +Sun Jul 8 22:57:20 UTC 2018 - alexander_naumov@opensuse.org + +- Update to 1.5.9: + * Bugfix release. + * Important note: if using --enable-seccomp, privilege dropping + is no longer on by default. The feature is experimental and many + users are reporting hard to diagnose problems on varied platforms. + * Seccomp is now marked EXPERIMENTAL, and must be explicitly + enabled by adding -o drop_privileges. Once we're more confident + with the usability of the feature, it will be enabled in -o modern, + like any other new change. You should only use it if you are + willing to carefully test it, especially if you're a vendor or + distribution. + * Also important is a crash fix in extstore when using the ASCII + protocol, large items, and running low on memory. + +------------------------------------------------------------------- +Fri Jul 6 08:52:40 UTC 2018 - astieger@suse.com + +- update to 1.5.8: + * Bugfixes for seccomp and extstore + * Extstore platform portability has been greatly improved for ARM + and 32bit systems +- includes changes from 1.5.7: + * Fix alignment issues for 64bit ARM processors + * Fix seccomp portability + * Fix refcount leak with extstore while using binary touch commands + +------------------------------------------------------------------- +Wed Apr 18 12:21:14 UTC 2018 - pgajdos@suse.com + +- turn on the testsuite again, it seems to pass server side, + too + +------------------------------------------------------------------- +Thu Apr 5 00:15:11 UTC 2018 - sflees@suse.de + +- Home directory shouldn't be world readable bsc#1077718 +- Mention that this stream isn't affected by bsc#1085209, + CVE-2018-1000127 to make the checker bots happy. + +------------------------------------------------------------------- +Fri Mar 9 08:55:34 UTC 2018 - dmueller@suse.com + +- update to 1.5.6 (bsc#1083903, CVE-2018-1000115): + * This update disables UDP by default to reduce DDoS amplification + attacks + * see https://github.com/memcached/memcached/wiki/ReleaseNotes156 + * see https://github.com/memcached/memcached/wiki/ReleaseNotes155 + * see https://github.com/memcached/memcached/wiki/ReleaseNotes154 + * see https://github.com/memcached/memcached/wiki/ReleaseNotes153 + * see https://github.com/memcached/memcached/wiki/ReleaseNotes152 + * see https://github.com/memcached/memcached/wiki/ReleaseNotes151 + * see https://github.com/memcached/memcached/wiki/ReleaseNotes150 + +------------------------------------------------------------------- +Thu Nov 23 13:46:21 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Fri Sep 1 13:54:33 UTC 2017 - tbechtold@suse.com + +- update to 1.4.39: + https://github.com/memcached/memcached/wiki/ReleaseNotes1439 + (bsc#1056865) (CVE-2017-9951) + https://github.com/memcached/memcached/wiki/ReleaseNotes1438 + https://github.com/memcached/memcached/wiki/ReleaseNotes1437 + https://github.com/memcached/memcached/wiki/ReleaseNotes1436 + https://github.com/memcached/memcached/wiki/ReleaseNotes1435 + https://github.com/memcached/memcached/wiki/ReleaseNotes1434 + +------------------------------------------------------------------- +Thu Mar 23 13:49:44 UTC 2017 - mchandras@suse.de + +- Use the MEMCACHED_USER variable from the /etc/sysconfig/memcached + file to determine the user for the memcached process instead of + hardcoding it in the service file. + +------------------------------------------------------------------- +Mon Nov 7 17:18:21 UTC 2016 - mrueckert@suse.de + +- update to 1.4.33 + https://github.com/memcached/memcached/wiki/ReleaseNotes1433 + https://github.com/memcached/memcached/wiki/ReleaseNotes1432 + https://github.com/memcached/memcached/wiki/ReleaseNotes1431 + https://github.com/memcached/memcached/wiki/ReleaseNotes1430 + https://github.com/memcached/memcached/wiki/ReleaseNotes1429 + https://github.com/memcached/memcached/wiki/ReleaseNotes1428 + https://github.com/memcached/memcached/wiki/ReleaseNotes1427 + https://github.com/memcached/memcached/wiki/ReleaseNotes1426 + + (bsc #1007871) (CVE-2016-8704) + (bsc #1007870) (CVE-2016-8705) + (bsc #1007869) (CVE-2016-8706) +- refreshed patches to apply cleanly again: + memcached-1.4.5.dif + memcached-autofoo.patch + memcached-use-endian_h.patch + +------------------------------------------------------------------- +Tue Dec 1 16:52:51 UTC 2015 - p.drouand@gmail.com + +- Update to version 1.4.25: + * Please read the news at + https://github.com/memcached/memcached/wiki/ReleaseNotes1425 +- Update memcached-autofoo.patch + +------------------------------------------------------------------- +Mon Jun 15 16:24:31 UTC 2015 - mrueckert@suse.de + +- fix comment in the sysconfig file + +------------------------------------------------------------------- +Sun Feb 22 20:47:12 UTC 2015 - mpluskal@suse.com + +- Cleanup spec file + * using spec-cleaner + * remove unnecessary %defines +- Create new package (devel) +- Install either init script or unit file +- Refresh dependencies +- Update to 1.4.22 + * gatkq: return key in response + * Handle SIGTERM the same as SIGINT + * Fix off-by-one causing segfault in lru_crawler + * Fix potential corruption for incr/decr of 0b items + * Fix issue #369 - uninitialized stats_lock + * issue#370 : slab re-balance is not thread-safe in function + do_item_get + * Fix potential corruption in hash table expansion + * use item lock instead of global lock when hash expanding + * fix hang when lru crawler started from commandline + * rename thread_init to avoid runtime failure on AIX + * Support -V (version option) +- Changes for 1.4.21 + * makefile cleanups + * Avoid OOM errors when locked items stuck in tail + +------------------------------------------------------------------- +Sun Nov 09 19:11:00 UTC 2014 - Led + +- fix bashisms in pre script + +------------------------------------------------------------------- +Mon Jun 23 20:18:46 UTC 2014 - andreas.stieger@gmx.de + +- fix source URL + +------------------------------------------------------------------- +Mon Jun 16 17:01:07 UTC 2014 - mrueckert@suse.de + +- disable testsuite. passes with chroot build but fails on server + side build + +------------------------------------------------------------------- +Mon Jun 16 16:27:47 UTC 2014 - mrueckert@suse.de + +- Bumping to latest version to include all fixes for: + bnc#858677 CVE-2013-7290 + bnc#858676 CVE-2013-7291 + bnc#857188 CVE-2013-7239 + bnc#817781 CVE-2011-4971 + bnc#798458 CVE-2013-0179 +- update to 1.4.20 + - Fix a race condition causing new connections to appear closed, + causing an inifinte loop. +- additional changes from 1.4.19 + - Fix endianness detection during configure. + - Fixes a performance regression with binary protocol (up to + 20%) + - Fix rare segfault in incr/decr. + - disable tail_repair_time by default. + - Likely not needed anymore, and can rarely cause bugs. + - use the right hashpower for the item_locks table. Small perf + improvement. + - Fix crash for LRU crawler while using lock elision (haswell+ + processors) +- additional changes from 1.4.18 + - Fixes + - fix LRU contention for first minute of uptime + - This made some synthetic benchmarks look awful. + - Make hash table algorithm selectable + - Don't lose item_size_max units in command line + - Add a "stats conns" command to show the states of open + connections. + - Allow caller-specific error text in binary protocol + - Stop returning ASCII error messages to binary clients + - Fix reference leak in binary protocol "get" and "touch" + handlers + - Fix reference leak in process_get_command() + - New Features + - New "stats conns" command, which will show you what currently + open connections are up to, how idle they've been, etc. + - The jenkins hash was getting a little long in the tooth, and + we might want to add specific hash algorithms for different + platforms in the future. This makes it selectable in some + sense. We've initially added murmur3 hash to the lineup and + that seems to run a tiny bit faster in some tests. -o + hash_algorithm=murmur3 + - A new background thread emerges! Currently experimental, so + the syntax might change. If you run into bugs please let us + know (though it's been testing fine in torture tests so far). +- additional changes from 1.4.17 + - Fixes + - Fix potential segfault in incr/decr routine. + - Fix potential unbounded key prints (leading to crashes in + logging code) + - Fix bug which allowed invalid SASL credentials to + authenticate. + - Fix udp mode when listening on ipv6 addresses. + - Fix for incorrect length of initial value set via binary + increment protocol. + - New Features + - Add linux accept4() support. Removes one syscall for each new + tcp connection + - scripts/memcached-tool gets "settings" and "sizes" commands. + - Add parameter (-F) to disable flush_all. Useful if you never + want to be able to run a full cache flush on production + instances. +- additional changes from 1.4.16 + - Fixes + - Builds on OS X Mavericks (with clang) + - Add statistics for allocation failures + - Issue 294 : Check for allocation failure + - Make tail leak expiry time configurable (-o + tail_repair_time=60) + - Fix segfault on specially crafted packet. + - Close connection on update_event error while parsing new + commands + - Don't truncate maxbytes stat from 'stats settings' + - Add the "shutdown" command to the server. This allows for + better + - automation + - fix enable-sasl-pwdb + - New Features + Adjusting tail repair time: -o tail_repair_time=60 (in seconds) +- dropped memcached-1.4.x_delete_verbose_mode_dos.patch: + included upstream +- freshed memcached-autofoo.patch + +------------------------------------------------------------------- +Tue Jan 15 11:44:05 UTC 2013 - mrueckert@suse.de + +- added memcached-1.4.x_delete_verbose_mode_dos.patch (bnc#798458) + DoS when printing out keys to be deleted in verbose mode + Upstream bug 306 (CVE-2013-0179) + +------------------------------------------------------------------- +Tue Nov 20 07:51:02 UTC 2012 - dimstar@opensuse.org + +- Fix useradd invocation: -o is useless without -u and newer + versions of pwdutils/shadowutils fail on this now. + +------------------------------------------------------------------- +Wed Nov 7 20:47:22 UTC 2012 - chris@computersalat.de + +- update to version 1.4.15 + * Add some mild thread documentation + * README.md was missing from dist tarball + * Issue 286 : --disable-coverage drops "-pthread" option + * Reduce odds of getting OOM errors in some odd cases +- rebase use-endian_h, autofoo patch and 1.4.5.dif +- fix build <= 1140 + * export LIBEVENT_CFLAGS and LIBEVENT_LIBS so we dont need + pkgconfig check for libevent on <= 1140 + +------------------------------------------------------------------- +Wed Nov 7 19:58:59 UTC 2012 - mrueckert@suse.de + +- fix build on older distros + - memcached-autofoo.patch: removed no-dist-gzip dist-xz + - added new conditional to guard all the systemd stuff and + guarded the general bcond_without with an suse_version > 12.2 + - export LIBEVENT_CFLAGS and LIBEVENT_LIBS so we dont need + pkgconfig check for libevent on sles11 + - use makeinstall instead of make_install + +------------------------------------------------------------------- +Tue Aug 14 02:50:12 UTC 2012 - crrodriguez@opensuse.org + +- Update to version 1.4.14 +* Avoid race condition in test during pid creation by blind retrying +* Fixed issue with invalid binary protocol touch command expiration time + +- If the test suite fails, package must fail build. + +- Use byteswapping macros from endian.h and not some ad-hoc/slow + function. + +- Add systemd units. + +------------------------------------------------------------------- +Tue Apr 3 00:54:39 UTC 2012 - tabraham@novell.com + +- removed fix-strict-aliasing.patch deprecated by this release + +- Update to version 1.4.13 + * Fix inline issue with older compilers (gcc 4.2.2) + * Better detection of sasl_callback_ft + +- Changes from version 1.4.12 + Fixes: + * fix glitch with flush_all (exptime) + * Skip SASL tests unless RUN_SASL_TESTS is defined. + * Look around for saslpasswd2 (typically not in the user's path). + * build fix: Define sasl_callback_ft on older versions of sasl. + * fix segfault when sending a zero byte command + * fix warning in UDP test + * properly detect GCC atomics + * tests: loop on short binary packet reads + * fix slabs_reassign tests on 32bit hosts + +- Changes from version 1.4.11 + Fixes: + * bug237 : Don't compute incorrect argc for timedrun + * fix 'age' stat for stats items + * binary deletes were not ticking stats counters + * Fix a race condition from 1.4.10 on item_remove + * close some idiotic race conditions + * initial slab automover + * slab reassignment + * clean do_item_get logic a bit. fix race. + * clean up the do_item_alloc logic + * shorten lock for item allocation more + * Fix to build with cyrus sasl 2.1.25 + New features: + * Slab page reassignment and bug fixes over 1.4.10. + +- Changes from version 1.4.10 + Fixes: + * Disable issue 140 's test. + * Push cache_lock deeper into item_alloc + * Use item partitioned lock for as much as possible + * Remove the depth search from item_alloc + * Move hash calls outside of cache_lock + * Use spinlocks for main cache lock + * Remove uncommon branch from asciiprot hot path + * Allow all tests to run as root + New features: + * tested improvements in speed between 3 and 6 worker + threads (-t 3 to -t 6) More than 6 reduced speed + +- Changes from version 1.4.9 + * Add a systemd service file + * Fix some minor typos in the protocol doc + * Issue 224 - check retval of main event loop + * Fix -c so maxconns can be raised above default. + +- Changes from version 1.4.8 + Fixes: + * Fix to write correct pid from start-memcached + * Fix to enable LRU when using binary protocol + * Upgrade stats items counters to 64bit + * Add new stats expired_unfetched, evicted_unfetched + * Allow setting initial size of the hash table + * Expose stats for the internal hash table + * bug220 : incr would sometimes return the previous item's CAS + * Fixed bug on multi get processing + * Experimental maxconns_fast option + * Add an ASCII touch command + * Add binary GATK/GATKQ + * Backport binary TOUCH/GAT/GATQ commands + * Issue 221 : Increment treats leading spaces as 0 + * Fix compile error on OS X + New features: + * touch commands + * fast connection limit handling + * internal hash table + * expored_unfetched, evicted_unfetched + +- Changes from version 1.4.7 + Fixes: + * Use a monotonically increasing timer + * Immediately expire items when given a negative expiration time + * fix memcached-tool to print about all slabs + * Properly daemonize memcached for debian + * Don't permanently close UDP listeners on error + * Allow memcached-init to start multiple instances (not recommended) + * Issue 214 : Search for network libraries before searching for libevent + * Issue 213 : Search for clock_gettime in librt + * Issue 115 : accont for CAS in item_size_ok + * Fix incredibly slim race for maxconns handler. Should no longer hang ever + * Issue 183 - Reclaim items dead by flush_all + * Issue 200 : Don't fire dtrace probe as the last thing in a function + New features: + * monotonic clock + +- Changes from version 1.4.6 + * Gcc on Solaris sparc wants -R and not -rpath + * Issue 121 : Set the runtime path when --with-libevent is used + * Fix autogen failure when unable to find supported command. + * fix race crash for accepting new connections + * fix incr/decr race conditions for binary prot + * fix incr/decr race conditions for ASCII prot + * Compile fix (-Werror=unused-but-set-variable warnings) + * Bind each UDP socket to an a single worker thread in multiport env + * Add support for using multiple ports + * Issue 154 : pid file out of sync (created before socket binding) + * Issue 163 : Buggy mem_requested values + * Fix cross compilation issues in configure + * Issue 140 - Fix age for items stats + * Issue 131 - ChangeLog is outdated + * Issue 155 : bind to multiple interface + * Issue 161 incorrect allocation in cache_create + * Fix type-punning issues exposed with GCC 4.5.1 + * Simplify stats aggregation code + * Reverse backward expected/actual params in test + * Issue 152 : Fix error message from mget + * Refuse to start if we detect libevent 1.12 + * Fix compilation issue on Solaris 9 wrt isspace() macro - Resolves + issue 111 + New features: + * multiple port binding + +------------------------------------------------------------------- +Fri May 27 12:41:52 UTC 2011 - coolo@novell.com + +- follow fedora's lead and remove Werror + +------------------------------------------------------------------- +Thu May 6 12:03:59 UTC 2010 - freitag@novell.com + +- update to version 1.4.5: +This is a maintenance release with some build fixes, doc fixes, and one new stat. +Fixes: + * Properly detect CPU alignment on ARM. bug100 + * Remove 1MB assertion. bug 119 + * More automake versions supported. + * Compiler warning fixes for OpenBSD. + * potential buffer overflow in vperror + * Report errors opening pidfiles using vperror +New Features:: + * New stat: reclaimed + * sasl_pwdb for more simple auth deployments + +------------------------------------------------------------------- +Fri Jun 5 03:19:40 CEST 2009 - mrueckert@suse.de + +- update to version 1.2.8: + - make -b command actually work + - *critical bugfix*. In 1.2.7 under multithreaded mode, memcached + would never restart accepting connections after hitting the + maximum connection limit. + - remove 'stats maps' command, as it is a potential information + leak, usable if versions prior to 1.2.8 ever have buffer + overflows discovered. (bnc#501656) CVE-2009-1494 +- additional changes from version 1.2.7 + - reset new stats with 'stats reset' + - Slew of new tests. (misc, mostly Dustin Sallings) + - Minor bug fixes. (misc, mostly Dustin Sallings, some Dormando) + (see git history for full list) + - -b command for setting the tcp listen backlog (Chris Goffinet) + - Workaround for a more major bug that very rarely makes + memcached stop allowing new data to be set. (Dormando) + - Print why a key was expired in -vv mode (Dormando) + - cmd_flush stat (Dormando) + - listen_disabled_num stat for determining if you've hit the + maxconns limit (Dormando) + - Display error status on listen failures (Dormando) + - Remove managed instance code. Incomplete/etc. (Dormando) + - Handle broken IPV6 stacks better (Brian Aker) + - Generate warnings on setsockopt() failures (Brian Aker) + - Fix some indentation issues (Brian Aker) + - UDP/TCP can be disabled by setting their port to zero (Brian + Aker) + - Zero out libevent thread structures before use (Ricky Zhou) + - New stat: Last accessed time for last evicted item per slab + class. (Dormando) + - Use a dedicated socket accept thread (Facebook) + - Add -R option. Limit the number of requests processed by a + connection at once. Prevents starving other threads if bulk + loading. (Facebook) + +------------------------------------------------------------------- +Fri Nov 28 16:05:33 CET 2008 - ro@suse.de + +- ignore test suite results for the moment + (will not work without networking support in build environment) + +------------------------------------------------------------------- +Tue Sep 16 18:25:33 CEST 2008 - mrueckert@suse.de + +- require libevent-devel on 11.1 or newer + +------------------------------------------------------------------- +Sat Sep 6 18:25:44 CEST 2008 - mrueckert@suse.de + +- Update to version 1.2.6: + Major crash fixes, DTrace support, minor updates. If you have + stability issues with any previous release, please upgrade to + this one. + +------------------------------------------------------------------- +Mon May 19 17:10:34 CEST 2008 - mrueckert@suse.de + +- Update to version 1.2.5: + Minor bugfixes, build support for opensolaris, ipv6 support, + "noreply" mode for many commands, largepage support for solaris. + Made out of memory errors more clear and added eviction/OOM + tracking per slab class. + +------------------------------------------------------------------- +Tue Jan 29 18:52:05 CET 2008 - mrueckert@suse.de + +- Update to version 1.2.4: + Many bug and platform fixes since 1.2.2. New threading support + for stat queries. New commands 'append', 'prepend', 'gets', and + 'cas'. + +------------------------------------------------------------------- +Sat Aug 4 07:43:52 CEST 2007 - mrueckert@suse.de + +- fixed a few rpmlint warnings + +------------------------------------------------------------------- +Sat May 26 11:25:32 CEST 2007 - mrueckert@suse.de + +- Update to version 1.2.2: + Memcached can be configured to support multithreading. Big code + cleanup with performance improvements. Memcached now collects + eviction and per-object-type statistics. +- synced with memcached-unstable + +------------------------------------------------------------------- +Tue Dec 5 23:06:59 CET 2006 - mrueckert@suse.de + +- Update to version 1.2.1: + o mainly fixes a stability issue reported on the mailinglist + o a few optimization fixes +- removed autoreconf -fi for now +- build debuginfo + +------------------------------------------------------------------- +Wed Nov 15 16:18:18 CET 2006 - mrueckert@suse.de + +- added Conflicts: memcached-unstable + +------------------------------------------------------------------- +Sun Nov 12 18:54:14 CET 2006 - lmuelle@suse.de + +- Fix typo in sysconfig file. + +------------------------------------------------------------------- +Sun Sep 10 12:00:00 CET 2006 - mrueckert@suse.de + +- Update to version 1.1.13: + o test suite (make test) + o better libevent detection + o 64 bit support (passes test suite at least now) + o off-by-one errors in expirations fixed + o bug fixes + o start of "vbuckets" project. instead of clients hashing + a key onto a memcached instance, they map onto one of + 16k or so virtual bucket numbers, each bucket of which + is owned by an instance and w/ a particular generation number. + no client or tracker exists yet, but low-level stuff is there. + +------------------------------------------------------------------- +Wed Jan 25 21:38:14 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Aug 18 15:59:43 CEST 2005 - mrueckert@suse.de + +- Initial package with version 1.1.12 + diff --git a/memcached.service b/memcached.service new file mode 100644 index 0000000..4b0fcc6 --- /dev/null +++ b/memcached.service @@ -0,0 +1,23 @@ +[Unit] +Description=memcached daemon +After=network.target + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +EnvironmentFile=/etc/sysconfig/memcached +ExecStart=/usr/bin/memcached -u $MEMCACHED_USER $MEMCACHED_PARAMS + +[Install] +WantedBy=multi-user.target diff --git a/memcached.spec b/memcached.spec new file mode 100644 index 0000000..34e9ce3 --- /dev/null +++ b/memcached.spec @@ -0,0 +1,167 @@ +# +# spec file for package memcached +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%if 0%{?suse_version} > 1500 +%bcond_without tls +%else +%bcond_with tls +%endif +Name: memcached +Version: 1.6.23 +Release: 0 +Summary: A high-performance, distributed memory object caching system +License: BSD-3-Clause +Group: Productivity/Networking/Other +URL: https://memcached.org/ +Source: https://www.memcached.org/files/%{name}-%{version}.tar.gz +Source2: %{name}.sysconfig +Source3: memcached-rpmlintrc +Source4: memcached.service +Source5: system-user-memcached.conf +Patch0: harden_memcached.service.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: cyrus-sasl-devel +BuildRequires: libevent-devel >= 2.0 +BuildRequires: libtool +BuildRequires: pkgconfig +Requires(pre): %fillup_prereq +Conflicts: memcached-unstable +%if %{with tls} +BuildRequires: openssl-devel >= 1.1.0 +BuildRequires: perl +BuildRequires: perl-IO-Socket-SSL +BuildRequires: perl-Net-SSLeay +%endif +%if 0%{?suse_version} >= 1500 +BuildRequires: sysuser-tools +%sysusers_requires +%else +Requires(pre): %{_sbindir}/groupadd +Requires(pre): %{_sbindir}/useradd +%endif +%if 0%{?suse_version} > 1210 +BuildRequires: systemd-rpm-macros +%{?systemd_ordering} +%else +Requires(pre): %insserv_prereq +%endif + +%description +Memcached is a high-performance, distributed memory object caching +system, generic in nature, but intended for use in speeding up dynamic +web applications by alleviating database load. + +%package devel +Summary: Files needed for development using memcached protocol +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} + +%description devel +Memcached is a high-performance, distributed memory object caching +system, generic in nature, but intended for use in speeding up dynamic +web applications by alleviating database load. + +This package contains development files + +%prep +%setup -q +%patch0 -p1 + +%build +autoreconf -fi +%configure \ +%if %{with tls} + --enable-tls \ +%endif + --enable-sasl \ + --enable-sasl-pwdb \ + --enable-seccomp \ + --disable-coverage \ + %ifarch s390 s390x ppc ppc64 + --disable-extstore + %endif + +%make_build +%if 0%{?suse_version} >= 1500 +%sysusers_generate_pre %{SOURCE5} memcached system-user-memcached.conf +%endif + +%install +%make_install +install -D -m 0755 scripts/memcached-tool %{buildroot}%{_bindir}/memcached-tool +install -Dd -m 0751 %{buildroot}%{_localstatedir}/lib/%{name} +install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.%{name} +install -d -m 755 %{buildroot}%{_sbindir} +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service +%if 0%{?suse_version} >= 1500 +mkdir -p %{buildroot}%{_sysusersdir} +install -m 0644 %{SOURCE5} %{buildroot}%{_sysusersdir}/ +%endif + +%check +%make_build test + +%if 0%{?suse_version} >= 1500 +%pre -f memcached.pre +%else + +%pre +getent group %{name} >/dev/null || \ + %{_sbindir}/groupadd -r %{name} +getent passwd %{name} >/dev/null || \ + %{_sbindir}/useradd -g %{name} -s /bin/false -r \ + -c "user for %{name}" -d %{_localstatedir}/lib/%{name} %{name} +%endif +%service_add_pre %{name}.service + +%post +%service_add_post %{name}.service +%fillup_only %{name} + +%preun +%service_del_preun %{name}.service + +%postun +%service_del_postun %{name}.service + +%files +%doc AUTHORS ChangeLog NEWS +%license COPYING +%{_bindir}/%{name} +%{_bindir}/memcached-tool +%{_sbindir}/rc%{name} +%{_mandir}/man1/%{name}.* +%{_unitdir}/%{name}.service +%{_fillupdir}/sysconfig.%{name} +%dir %attr(751,root,root) %{_localstatedir}/lib/%{name} +%if 0%{?suse_version} >= 1500 +%{_sysusersdir}/system-user-memcached.conf +%endif + +%files devel +%doc AUTHORS ChangeLog NEWS doc/*.txt +%license COPYING +%{_includedir}/%{name} + +%changelog diff --git a/memcached.sysconfig b/memcached.sysconfig new file mode 100644 index 0000000..ddcd72f --- /dev/null +++ b/memcached.sysconfig @@ -0,0 +1,31 @@ +## Path: Network/WWW/Memcached +## Description: start parameters for memcached. +## Type: string +## Default: "-l 127.0.0.1" +## Config: memcached +# +# start parameters for memcached. +# +# see man 1 memcached for more +# +MEMCACHED_PARAMS="-l 127.0.0.1" + +## Path: Network/WWW/Memcached +## Description: username memcached should run as +## Type: string +## Default: "memcached" +## Config: memcached +# +# username memcached should run as +# +MEMCACHED_USER="memcached" + +## Path: Network/WWW/Memcached +## Description: group memcached should be run as +## Type: string +## Default: "memcached" +## Config: memcached +# +# group memcached should be run as +# +MEMCACHED_GROUP="memcached" diff --git a/system-user-memcached.conf b/system-user-memcached.conf new file mode 100644 index 0000000..b221743 --- /dev/null +++ b/system-user-memcached.conf @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u memcached - "user for memcached" /var/lib/memcached -