X-Original-To: alpine-aports@mail.alpinelinux.org
Delivered-To: alpine-aports@mail.alpinelinux.org
Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1])
	by mail.alpinelinux.org (Postfix) with ESMTP id 7F4E9DC178B
	for <alpine-aports@mail.alpinelinux.org>; Sun, 29 Nov 2015 21:46:26 +0000 (UTC)
Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 7CB75DC009C
	for <alpine-aports@lists.alpinelinux.org>; Sun, 29 Nov 2015 21:46:20 +0000 (UTC)
Received: by wmvv187 with SMTP id v187so131347739wmv.1
        for <alpine-aports@lists.alpinelinux.org>; Sun, 29 Nov 2015 13:46:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=kampka-net.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id;
        bh=UrBhTKHWeEjx7r2r2wqHblpGjvcrBQu1BWEBt1WDiJE=;
        b=N/vkri1AsUFZ7AkFYpeXGVyq2j5bdATTSPVcH2xCpfBPZQXL3EfIF1yJSwA++gixZc
         ldu/zDGaeQuCAEr5+N4iVSO01uBQFwluFbM1hnz4Zpt0zPaA43h8289iIJtuFf7lwCia
         y+c3A/GwAIskD5x/MezjtMRppm/DNuLNhq8CQQgFUR5ccNJcK3qFR3fdJlRhkoplS4R8
         aeGIruW6b3CgEvPde5c7DXA7WLjtqh92Dl8yFqyM0EESZoO0yl5jdtmj/hMxWOzSRdU1
         j9+UmGkyX/xe92g3cea+v4KWVk253jN2wuA2RksSBSing2ICb+b3L8TVnLoibThL4GVY
         ECPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=UrBhTKHWeEjx7r2r2wqHblpGjvcrBQu1BWEBt1WDiJE=;
        b=WgNLIdPtuB7oN5J5iLNmQd1RcpxOQrPUWxhpqrL5VTaZLdBfbVFkk/EYqOjLwcJswg
         jRXlG0evtCg43D5/rtzCx8eBnSUOwflYGkRi/7GjzIJAzEyLUS5C+pBipvJ12bIf9OZu
         JiUdTBgQu4Lkao66X/C48tiorIufobocgdeoMh2aoIkZ70Um/WJPiwG51aVpw3ytiBb0
         YIejWNsTIOPnCpLDHmA17zADu+jfwKaVrrvw5o8dsdlw07SKOSRaR0KP6FXVs7DZ9iaB
         plm/y57zwDFxxe+9ISHTAgfPN1keVjkbyWtfp7QrcBqwQYYj+EwkMSKidbqyaNoNJO/W
         BSwQ==
X-Gm-Message-State: ALoCoQl0YIStOovUjZa3IsUtxKDaoSaMY18gmnxLyBeVAhTDoxw97iezCiayYKLYxdVRCP8iaUEY
X-Received: by 10.194.238.231 with SMTP id vn7mr72557007wjc.109.1448833578749;
        Sun, 29 Nov 2015 13:46:18 -0800 (PST)
Received: from localhost (pD9579EF6.dip0.t-ipconnect.de. [217.87.158.246])
        by smtp.gmail.com with ESMTPSA id h189sm18461130wme.1.2015.11.29.13.46.17
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 29 Nov 2015 13:46:17 -0800 (PST)
From: Christian Kampka <christian@kampka.net>
To: alpine-aports@lists.alpinelinux.org
Cc: Christian Kampka <christian@kampka.net>
Subject: [alpine-aports] [PATCH] main/memcached: new upstream version 1.4.25
Date: Sun, 29 Nov 2015 22:46:15 +0100
Message-Id: <1448833575-8891-1-git-send-email-christian@kampka.net>
X-Mailer: git-send-email 2.6.2
X-Virus-Scanned: ClamAV using ClamSMTP
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

Also remove CVE-2011-4971.patch as it has been fixed upstream in 1.4.16
---
 main/memcached/APKBUILD            | 12 ++++------
 main/memcached/CVE-2011-4971.patch | 47 --------------------------------------
 2 files changed, 4 insertions(+), 55 deletions(-)
 delete mode 100644 main/memcached/CVE-2011-4971.patch

diff --git a/main/memcached/APKBUILD b/main/memcached/APKBUILD
index c89e4c3..6b655d5 100644
--- a/main/memcached/APKBUILD
+++ b/main/memcached/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Jeff Bilyk <jbilyk@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=memcached
-pkgver=1.4.24
+pkgver=1.4.25
 pkgrel=0
 pkgdesc="Distributed memory object caching system"
 url="http://memcached.org"
@@ -13,7 +13,6 @@ makedepends="$depends_dev"
 install="$pkgname.pre-install"
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://www.memcached.org/files/memcached-$pkgver.tar.gz
-	CVE-2011-4971.patch
 	musl-includes.patch
 	$pkgname.confd
 	$pkgname.initd"
@@ -49,18 +48,15 @@ package() {
 		"$pkgdir/etc/conf.d/$pkgname" || return 1
 }
 
-md5sums="4d6e8c90e2068580526c7579dd7f37f6  memcached-1.4.24.tar.gz
-e73c5651b37f54020bea00a4318cef2e  CVE-2011-4971.patch
+md5sums="55ca94e02639365fef3eac2b3f96de7c  memcached-1.4.25.tar.gz
 4b2e8c5e3ad147ed514ad7fcf1b2222a  musl-includes.patch
 a7aa37e91d4237448124b79bd99a2649  memcached.confd
 220c0331832edcef6a72601143d3172d  memcached.initd"
-sha256sums="08a426c504ecf64633151eec1058584754d2f54e62e5ed2d6808559401617e55  memcached-1.4.24.tar.gz
-0dbb2a8425e051f21a4f767055b82b6294ecf1d22082aeb24f6688bbc9870aed  CVE-2011-4971.patch
+sha256sums="f058437b3c224d321919a9a6bb4e3eedb2312ed718c0caf087ff2f04ab795dda  memcached-1.4.25.tar.gz
 1b1df3a3b70469722a89135b361cf2c2a4b9835d3c9f3029aa73342fd4619cf5  musl-includes.patch
 c8f03585eeeb0e0acf4e8bb3c0f7062c2c7da5f89e763cf91a856bec4991a2c7  memcached.confd
 da8a0e9a580d2df053941f01ce430aa5b678270891b481c710758b81fb4d831c  memcached.initd"
-sha512sums="446676ae7b21d8d9246f38d3df06b167ea93a853f88ac70ae3a99b1a85a4de3d452ee266e77fac599660b9bc6e785bc89224f46e16ff6e216476d50e4706b9f6  memcached-1.4.24.tar.gz
-a1f6ece8e3b07509aadbd24c3420cb4400a47c6f046282243a6e295d041ff8f84ff2de86e657cb233199259cca63360e03b173a5abff0d67789eef91847be5eb  CVE-2011-4971.patch
+sha512sums="e037c3bbb68c4077f814f855663501af418ce3b1f8bc20f8e7eba3249aea378e55b3291457952fa4511779ec3702496fdaab5799edae7d59bc64eb6fd54ee14e  memcached-1.4.25.tar.gz
 80c8719c254bc8b8d3d4256e9850c17f5e9ee9a76787b2d0fd7c6bb7780ee132257ff65d8397dc023216b3f541050295c4e1d7e675b12ab6dcc50d07c5e067b3  musl-includes.patch
 31bd788433b8021ed332f86d291e7f03222ae234520e52ba673b581d5da2adf5656e8f73e8b985df73258dea9b2a1b8ef36195163fe47a92fda59825deedfed4  memcached.confd
 9615769b14175a25b50c9871b48c0635b5397ebe45231b43ee29a603eceb7b16bfc5ac744017b89b19082209c09597b3038a03ed0d5d9b45c60454d5b2717a55  memcached.initd"
diff --git a/main/memcached/CVE-2011-4971.patch b/main/memcached/CVE-2011-4971.patch
deleted file mode 100644
index fc02be8..0000000
--- a/main/memcached/CVE-2011-4971.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Issue 192: Crash when sending specially crafted packet
-Author: Christos Tsantilas <christos@chtsanti.net>
-
-This is an unsigned to signed integers conversion problem.
-Inside the following functions:
- process_bin_sasl_auth
- process_bin_complete_sasl_auth
- process_bin_update
- process_bin_append_prepend
-
-there is the following or a similar statement:
- int vlen = c->binary_header.request.bodylen - nkey;
-
-The c->binary_header.request.bodylen is an unsigned int which if it is bigger
-than the INT_MAX and converted to a signed int will result to a negative number
-causing segfaults to memcached.
-The c->binary_header.request.bodylen is the request body length defined by
-the client request. Random bytes sent to the memcached may interpeted
-as a normal request with huge body data.
-This patch just add a check and reject requests which report huge body data.
-
-
---- memcached-1.4.15.orig/memcached.c	2012-09-03 21:23:23.000000000 +0300
-+++ memcached-1.4.15/memcached.c	2013-11-26 14:22:28.206370577 +0200
-@@ -3446,6 +3446,22 @@
-                 return -1;
-             }
- 
-+            /*
-+              issue #192:
-+              c->binary_header.request.bodylen is an unsigned int but it is
-+              used in many places as a signed int.  
-+              Add a check here to avoid bad integer type conversions which
-+              may cause crashes to memcached.
-+            */
-+            if (c->binary_header.request.bodylen > INT_MAX) {
-+                if (settings.verbose) {
-+                    fprintf(stderr, "Invalid request body length:  %u\n",
-+                            c->binary_header.request.bodylen);
-+                }
-+                conn_set_state(c, conn_closing);
-+                return -1;
-+            }
-+
-             c->msgcurr = 0;
-             c->msgused = 0;
-             c->iovused = 0;
-- 
2.6.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---