File memcached.changes of Package memcached.11124

-------------------------------------------------------------------
Tue Sep  3 14:16:17 UTC 2019 - pgajdos@suse.com

- security update
- run the testsuite
- added patches
  CVE-2019-15026 [bsc#1149110]
  + memcached-CVE-2019-15026.patch
  fails because of fix-upstream-disable-udp-default.patch
  + memcached-issue_67.t.patch
  new version of the test (from 1.5.17)
  + memcached-lru-maintainer.t.patch

-------------------------------------------------------------------
Thu May  2 12:00:23 UTC 2019 - pgajdos@suse.com

- security update
- added patches
  CVE-2019-11596 [bsc#1133817]
  + memcached-CVE-2019-11596.patch

-------------------------------------------------------------------
Tue Apr  9 13:54:33 UTC 2018 - sflees@suse.de

- Disable UDP by default
  * fix-upstream-disable-udp-default.patch
  * (bsc#1083903) (CVE-2018-1000115)
- Home directory shouldn't be world readable bsc#1077718

-------------------------------------------------------------------
Fri Sep  1 13:54:33 UTC 2017 - tbechtold@suse.com

- update to 1.4.39:
  https://github.com/memcached/memcached/wiki/ReleaseNotes1439
  (bsc#1056865) (CVE-2017-9951)
  https://github.com/memcached/memcached/wiki/ReleaseNotes1438
  https://github.com/memcached/memcached/wiki/ReleaseNotes1437
  https://github.com/memcached/memcached/wiki/ReleaseNotes1436
  https://github.com/memcached/memcached/wiki/ReleaseNotes1435
  https://github.com/memcached/memcached/wiki/ReleaseNotes1434

-------------------------------------------------------------------
Thu Mar 23 13:49:44 UTC 2017 - mchandras@suse.de

- Use the MEMCACHED_USER variable from the /etc/sysconfig/memcached
  file to determine the user for the memcached process instead of
  hardcoding it in the service file.

-------------------------------------------------------------------
Mon Nov  7 17:18:21 UTC 2016 - mrueckert@suse.de

- update to 1.4.33
  https://github.com/memcached/memcached/wiki/ReleaseNotes1433
  https://github.com/memcached/memcached/wiki/ReleaseNotes1432
  https://github.com/memcached/memcached/wiki/ReleaseNotes1431
  https://github.com/memcached/memcached/wiki/ReleaseNotes1430
  https://github.com/memcached/memcached/wiki/ReleaseNotes1429
  https://github.com/memcached/memcached/wiki/ReleaseNotes1428
  https://github.com/memcached/memcached/wiki/ReleaseNotes1427
  https://github.com/memcached/memcached/wiki/ReleaseNotes1426

  (bsc #1007871) (CVE-2016-8704)
  (bsc #1007870) (CVE-2016-8705)
  (bsc #1007869) (CVE-2016-8706)
- refreshed patches to apply cleanly again:
  memcached-1.4.5.dif
  memcached-autofoo.patch
  memcached-use-endian_h.patch

-------------------------------------------------------------------
Tue Dec  1 16:52:51 UTC 2015 - p.drouand@gmail.com

- Update to version 1.4.25:
  * Please read the news at 
    https://github.com/memcached/memcached/wiki/ReleaseNotes1425
- Update memcached-autofoo.patch

-------------------------------------------------------------------
Mon Jun 15 16:24:31 UTC 2015 - mrueckert@suse.de

- fix comment in the sysconfig file

-------------------------------------------------------------------
Sun Feb 22 20:47:12 UTC 2015 - mpluskal@suse.com

- Cleanup spec file
  * using spec-cleaner
  * remove unnecessary %defines
- Create new package (devel)
- Install either init script or unit file
- Refresh dependencies
- Update to 1.4.22
  * gatkq: return key in response
  * Handle SIGTERM the same as SIGINT
  * Fix off-by-one causing segfault in lru_crawler
  * Fix potential corruption for incr/decr of 0b items
  * Fix  issue #369  - uninitialized stats_lock
  * issue#370 : slab re-balance is not thread-safe in function 
    do_item_get
  * Fix potential corruption in hash table expansion
  * use item lock instead of global lock when hash expanding
  * fix hang when lru crawler started from commandline
  * rename thread_init to avoid runtime failure on AIX
  * Support -V (version option)
- Changes for 1.4.21
  * makefile cleanups
  * Avoid OOM errors when locked items stuck in tail

-------------------------------------------------------------------
Sun Nov 09 19:11:00 UTC 2014 - Led <ledest@gmail.com>

- fix bashisms in pre script

-------------------------------------------------------------------
Mon Jun 23 20:18:46 UTC 2014 - andreas.stieger@gmx.de

- fix source URL

-------------------------------------------------------------------
Mon Jun 16 17:01:07 UTC 2014 - mrueckert@suse.de

- disable testsuite. passes with chroot build but fails on server
  side build

-------------------------------------------------------------------
Mon Jun 16 16:27:47 UTC 2014 - mrueckert@suse.de

- Bumping to latest version to include all fixes for:
  bnc#858677 CVE-2013-7290
  bnc#858676 CVE-2013-7291
  bnc#857188 CVE-2013-7239
  bnc#817781 CVE-2011-4971
  bnc#798458 CVE-2013-0179
- update to 1.4.20 
  - Fix a race condition causing new connections to appear closed,
    causing an inifinte loop.
- additional changes from 1.4.19
  - Fix endianness detection during configure.
    - Fixes a performance regression with binary protocol (up to
      20%)
  - Fix rare segfault in incr/decr.
  - disable tail_repair_time by default.
    - Likely not needed anymore, and can rarely cause bugs.
  - use the right hashpower for the item_locks table. Small perf
    improvement.
  - Fix crash for LRU crawler while using lock elision (haswell+
    processors)
- additional changes from 1.4.18
  - Fixes
    - fix LRU contention for first minute of uptime
      - This made some synthetic benchmarks look awful.
    - Make hash table algorithm selectable
    - Don't lose item_size_max units in command line
    - Add a "stats conns" command to show the states of open
      connections.
    - Allow caller-specific error text in binary protocol
    - Stop returning ASCII error messages to binary clients
    - Fix reference leak in binary protocol "get" and "touch"
      handlers
    - Fix reference leak in process_get_command()
  - New Features
    - New "stats conns" command, which will show you what currently
      open connections are up to, how idle they've been, etc.
    - The jenkins hash was getting a little long in the tooth, and
      we might want to add specific hash algorithms for different
      platforms in the future. This makes it selectable in some
      sense. We've initially added murmur3 hash to the lineup and
      that seems to run a tiny bit faster in some tests. -o
      hash_algorithm=murmur3
    - A new background thread emerges! Currently experimental, so
      the syntax might change. If you run into bugs please let us
      know (though it's been testing fine in torture tests so far).
- additional changes from 1.4.17
  - Fixes
    - Fix potential segfault in incr/decr routine.
    - Fix potential unbounded key prints (leading to crashes in
      logging code)
    - Fix bug which allowed invalid SASL credentials to
      authenticate.
    - Fix udp mode when listening on ipv6 addresses.
    - Fix for incorrect length of initial value set via binary
      increment protocol.
  - New Features
    - Add linux accept4() support. Removes one syscall for each new
      tcp connection
    - scripts/memcached-tool gets "settings" and "sizes" commands.
    - Add parameter (-F) to disable flush_all. Useful if you never
      want to be able to run a full cache flush on production
      instances.
- additional changes from 1.4.16
  - Fixes
    - Builds on OS X Mavericks (with clang)
    - Add statistics for allocation failures
    - Issue 294 : Check for allocation failure
    - Make tail leak expiry time configurable (-o
      tail_repair_time=60)
    - Fix segfault on specially crafted packet.
    - Close connection on update_event error while parsing new
      commands
    - Don't truncate maxbytes stat from 'stats settings'
    - Add the "shutdown" command to the server. This allows for
      better
    - automation
    - fix enable-sasl-pwdb
  - New Features
    Adjusting tail repair time: -o tail_repair_time=60 (in seconds)
- dropped memcached-1.4.x_delete_verbose_mode_dos.patch:
  included upstream
- freshed memcached-autofoo.patch 

-------------------------------------------------------------------
Tue Jan 15 11:44:05 UTC 2013 - mrueckert@suse.de

- added memcached-1.4.x_delete_verbose_mode_dos.patch (bnc#798458)
  DoS when printing out keys to be deleted in verbose mode
  Upstream bug 306 (CVE-2013-0179)

-------------------------------------------------------------------
Tue Nov 20 07:51:02 UTC 2012 - dimstar@opensuse.org

- Fix useradd invocation: -o is useless without -u and newer
  versions of pwdutils/shadowutils fail on this now.

-------------------------------------------------------------------
Wed Nov  7 20:47:22 UTC 2012 - chris@computersalat.de

- update to version 1.4.15
  * Add some mild thread documentation
  * README.md was missing from dist tarball
  * Issue 286 : --disable-coverage drops "-pthread" option
  * Reduce odds of getting OOM errors in some odd cases 
- rebase use-endian_h, autofoo patch and 1.4.5.dif
- fix build <= 1140
  * export LIBEVENT_CFLAGS and LIBEVENT_LIBS so we dont need
    pkgconfig check for libevent on <= 1140

-------------------------------------------------------------------
Wed Nov  7 19:58:59 UTC 2012 - mrueckert@suse.de

- fix build on older distros
  - memcached-autofoo.patch: removed no-dist-gzip dist-xz
  - added new conditional to guard all the systemd stuff and
    guarded the general bcond_without with an suse_version > 12.2
  - export LIBEVENT_CFLAGS and LIBEVENT_LIBS so we dont need
    pkgconfig check for libevent on sles11
  - use makeinstall instead of make_install

-------------------------------------------------------------------
Tue Aug 14 02:50:12 UTC 2012 - crrodriguez@opensuse.org

- Update to version 1.4.14 
* Avoid race condition in test during pid creation by blind retrying
* Fixed issue with invalid binary protocol touch command expiration time

- If the test suite fails, package must fail build.

- Use byteswapping macros from endian.h and not some ad-hoc/slow
 function.

- Add systemd units.

-------------------------------------------------------------------
Tue Apr  3 00:54:39 UTC 2012 - tabraham@novell.com

- removed fix-strict-aliasing.patch deprecated by this release

- Update to version 1.4.13
    * Fix inline issue with older compilers (gcc 4.2.2)
    * Better detection of sasl_callback_ft 

- Changes from version 1.4.12
    Fixes:
    * fix glitch with flush_all (exptime)
    * Skip SASL tests unless RUN_SASL_TESTS is defined.
    * Look around for saslpasswd2 (typically not in the user's path).
    * build fix: Define sasl_callback_ft on older versions of sasl.
    * fix segfault when sending a zero byte command
    * fix warning in UDP test
    * properly detect GCC atomics
    * tests: loop on short binary packet reads
    * fix slabs_reassign tests on 32bit hosts 

- Changes from version 1.4.11
    Fixes:
    * bug237 : Don't compute incorrect argc for timedrun
    * fix 'age' stat for stats items
    * binary deletes were not ticking stats counters
    * Fix a race condition from 1.4.10 on item_remove
    * close some idiotic race conditions
    * initial slab automover
    * slab reassignment
    * clean do_item_get logic a bit. fix race.
    * clean up the do_item_alloc logic
    * shorten lock for item allocation more
    * Fix to build with cyrus sasl 2.1.25 
    New features:
    * Slab page reassignment and bug fixes over 1.4.10. 

- Changes from version 1.4.10
    Fixes:
    * Disable  issue 140 's test.
    * Push cache_lock deeper into item_alloc
    * Use item partitioned lock for as much as possible
    * Remove the depth search from item_alloc
    * Move hash calls outside of cache_lock
    * Use spinlocks for main cache lock
    * Remove uncommon branch from asciiprot hot path
    * Allow all tests to run as root 
    New features:
    * tested improvements in speed between 3 and 6 worker
      threads (-t 3 to -t 6) More than 6 reduced speed

- Changes from version 1.4.9
    * Add a systemd service file
    * Fix some minor typos in the protocol doc
    * Issue 224  - check retval of main event loop
    * Fix -c so maxconns can be raised above default. 

- Changes from version 1.4.8
    Fixes:
    * Fix to write correct pid from start-memcached
    * Fix to enable LRU when using binary protocol
    * Upgrade stats items counters to 64bit
    * Add new stats expired_unfetched, evicted_unfetched
    * Allow setting initial size of the hash table
    * Expose stats for the internal hash table
    * bug220 : incr would sometimes return the previous item's CAS
    * Fixed bug on multi get processing
    * Experimental maxconns_fast option
    * Add an ASCII touch command
    * Add binary GATK/GATKQ
    * Backport binary TOUCH/GAT/GATQ commands
    * Issue 221 : Increment treats leading spaces as 0
    * Fix compile error on OS X 
    New features:
    * touch commands
    * fast connection limit handling
    * internal hash table
    * expored_unfetched, evicted_unfetched

- Changes from version 1.4.7
    Fixes:
    * Use a monotonically increasing timer
    * Immediately expire items when given a negative expiration time
    * fix memcached-tool to print about all slabs
    * Properly daemonize memcached for debian
    * Don't permanently close UDP listeners on error
    * Allow memcached-init to start multiple instances (not recommended)
    * Issue 214 : Search for network libraries before searching for libevent
    * Issue 213 : Search for clock_gettime in librt
    * Issue 115 : accont for CAS in item_size_ok
    * Fix incredibly slim race for maxconns handler. Should no longer hang ever
    * Issue 183  - Reclaim items dead by flush_all
    * Issue 200 : Don't fire dtrace probe as the last thing in a function 
    New features:
    * monotonic clock

- Changes from version 1.4.6
    * Gcc on Solaris sparc wants -R and not -rpath
    * Issue 121 : Set the runtime path when --with-libevent is used
    * Fix autogen failure when unable to find supported command.
    * fix race crash for accepting new connections
    * fix incr/decr race conditions for binary prot
    * fix incr/decr race conditions for ASCII prot
    * Compile fix (-Werror=unused-but-set-variable warnings)
    * Bind each UDP socket to an a single worker thread in multiport env
    * Add support for using multiple ports
    * Issue 154 : pid file out of sync (created before socket binding)
    * Issue 163 : Buggy mem_requested values
    * Fix cross compilation issues in configure
    * Issue 140  - Fix age for items stats
    * Issue 131  - ChangeLog is outdated
    * Issue 155 : bind to multiple interface
    * Issue 161  incorrect allocation in cache_create
    * Fix type-punning issues exposed with GCC 4.5.1
    * Simplify stats aggregation code
    * Reverse backward expected/actual params in test
    * Issue 152 : Fix error message from mget
    * Refuse to start if we detect libevent 1.12
    * Fix compilation issue on Solaris 9 wrt isspace() macro - Resolves  
      issue 111  
    New features:
    * multiple port binding

-------------------------------------------------------------------
Fri May 27 12:41:52 UTC 2011 - coolo@novell.com

- follow fedora's lead and remove Werror

-------------------------------------------------------------------
Thu May  6 12:03:59 UTC 2010 - freitag@novell.com

- update to version 1.4.5:
This is a maintenance release with some build fixes, doc fixes, and one new stat. 
Fixes:
    * Properly detect CPU alignment on ARM.  bug100 
    * Remove 1MB assertion.  bug 119 
    * More automake versions supported.
    * Compiler warning fixes for OpenBSD.
    * potential buffer overflow in vperror
    * Report errors opening pidfiles using vperror 
New Features::
    * New stat: reclaimed
    * sasl_pwdb for more simple auth deployments 

-------------------------------------------------------------------
Fri Jun  5 03:19:40 CEST 2009 - mrueckert@suse.de

- update to version 1.2.8:
  - make -b command actually work
  - *critical bugfix*. In 1.2.7 under multithreaded mode, memcached
    would never restart accepting connections after hitting the
    maximum connection limit.
  - remove 'stats maps' command, as it is a potential information
    leak, usable if versions prior to 1.2.8 ever have buffer
    overflows discovered. (bnc#501656) CVE-2009-1494
- additional changes from version 1.2.7
  - reset new stats with 'stats reset'
  - Slew of new tests. (misc, mostly Dustin Sallings)
  - Minor bug fixes. (misc, mostly Dustin Sallings, some Dormando)
    (see git history for full list)
  - -b command for setting the tcp listen backlog (Chris Goffinet)
  - Workaround for a more major bug that very rarely makes
    memcached stop allowing new data to be set. (Dormando)
  - Print why a key was expired in -vv mode (Dormando)
  - cmd_flush stat (Dormando)
  - listen_disabled_num stat for determining if you've hit the
    maxconns limit (Dormando)
  - Display error status on listen failures (Dormando)
  - Remove managed instance code. Incomplete/etc. (Dormando)
  - Handle broken IPV6 stacks better (Brian Aker)
  - Generate warnings on setsockopt() failures (Brian Aker)
  - Fix some indentation issues (Brian Aker)
  - UDP/TCP can be disabled by setting their port to zero (Brian
    Aker)
  - Zero out libevent thread structures before use (Ricky Zhou)
  - New stat: Last accessed time for last evicted item per slab
    class.  (Dormando)
  - Use a dedicated socket accept thread (Facebook)
  - Add -R option. Limit the number of requests processed by a
    connection at once. Prevents starving other threads if bulk
    loading. (Facebook)

-------------------------------------------------------------------
Fri Nov 28 16:05:33 CET 2008 - ro@suse.de

- ignore test suite results for the moment
  (will not work without networking support in build environment) 

-------------------------------------------------------------------
Tue Sep 16 18:25:33 CEST 2008 - mrueckert@suse.de

- require libevent-devel on 11.1 or newer

-------------------------------------------------------------------
Sat Sep  6 18:25:44 CEST 2008 - mrueckert@suse.de

- Update to version 1.2.6:
  Major crash fixes, DTrace support, minor updates. If you have
  stability issues with any previous release, please upgrade to
  this one.

-------------------------------------------------------------------
Mon May 19 17:10:34 CEST 2008 - mrueckert@suse.de

- Update to version 1.2.5:
  Minor bugfixes, build support for opensolaris, ipv6 support,
  "noreply" mode for many commands, largepage support for solaris.
  Made out of memory errors more clear and added eviction/OOM
  tracking per slab class.

-------------------------------------------------------------------
Tue Jan 29 18:52:05 CET 2008 - mrueckert@suse.de

- Update to version 1.2.4:
  Many bug and platform fixes since 1.2.2. New threading support
  for stat queries. New commands 'append', 'prepend', 'gets', and
  'cas'.

-------------------------------------------------------------------
Sat Aug  4 07:43:52 CEST 2007 - mrueckert@suse.de

- fixed a few rpmlint warnings

-------------------------------------------------------------------
Sat May 26 11:25:32 CEST 2007 - mrueckert@suse.de

- Update to version 1.2.2:
  Memcached can be configured to support multithreading. Big code
  cleanup with performance improvements. Memcached now collects
  eviction and per-object-type statistics.
- synced with memcached-unstable

-------------------------------------------------------------------
Tue Dec  5 23:06:59 CET 2006 - mrueckert@suse.de

- Update to version 1.2.1:
  o mainly fixes a stability issue reported on the mailinglist
  o a few optimization fixes
- removed autoreconf -fi for now
- build debuginfo

-------------------------------------------------------------------
Wed Nov 15 16:18:18 CET 2006 - mrueckert@suse.de

- added Conflicts: memcached-unstable

-------------------------------------------------------------------
Sun Nov 12 18:54:14 CET 2006 - lmuelle@suse.de

- Fix typo in sysconfig file.

-------------------------------------------------------------------
Sun Sep 10 12:00:00 CET 2006 - mrueckert@suse.de

- Update to version 1.1.13:
  o test suite (make test)
  o better libevent detection
  o 64 bit support (passes test suite at least now)
  o off-by-one errors in expirations fixed
  o bug fixes
  o start of "vbuckets" project.  instead of clients hashing
    a key onto a memcached instance, they map onto one of
    16k or so virtual bucket numbers, each bucket of which
    is owned by an instance and w/ a particular generation number.
    no client or tracker exists yet, but low-level stuff is there.

-------------------------------------------------------------------
Wed Jan 25 21:38:14 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Thu Aug 18 15:59:43 CEST 2005 - mrueckert@suse.de

- Initial package with version 1.1.12