main/memcached: upgrade to 1.5.7

2025-08-05 13:27:09 +02:00 · 2018-03-29 22:39:32 +03:00 · 2018-03-29 22:39:32 +03:00 · 42c12ba900
commit 42c12ba900
parent de33eb1777
2 changed files with 2 additions and 113 deletions
--- a/main/memcached/APKBUILD
+++ b/main/memcached/APKBUILD
@ -1,7 +1,7 @@
 # Contributor: Jeff Bilyk <jbilyk@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=memcached
-pkgver=1.5.6
+pkgver=1.5.7
 pkgrel=0
 pkgdesc="Distributed memory object caching system"
 url="http://memcached.org/"
@ -12,7 +12,6 @@ makedepends="$depends_dev cyrus-sasl-dev libevent-dev libseccomp-dev linux-heade
 install="$pkgname.pre-install"
 subpackages="$pkgname-dev $pkgname-doc"
 source="https://www.memcached.org/files/${pkgname}-${pkgver}.tar.gz
-	$pkgname.seccomp-musl.patch
 	$pkgname.confd
 	$pkgname.initd"
 builddir="$srcdir/$pkgname-$pkgver"
@ -51,7 +50,6 @@ package() {
 		"$pkgdir/etc/conf.d/$pkgname"
 }

-sha512sums="b8bb3b69358a476c6f11f42e89565dd0261cba3f1eaa6b0999dba7c2cb2d7c5e9ca24dedc6b7fd46ec78e40e52d66fe4694ebafd6bbd4557d25d66757d9024a4  memcached-1.5.6.tar.gz
-a84c0a22cf722b88462635cfec77892b3cff58dec880e89706c1797b56d5b924ad26e57db25e563d35d466d760b3c48ea9818cfc97269997e1ed701a2db3d0f4  memcached.seccomp-musl.patch
+sha512sums="b20a6b0c79007904146c83c119c17e6af47b8c4d9993c316fe2557fade66a1bf14839fe8fdc371a52a7ab558433048a6d9386962647221743ed0908b277003fc  memcached-1.5.7.tar.gz
 31bd788433b8021ed332f86d291e7f03222ae234520e52ba673b581d5da2adf5656e8f73e8b985df73258dea9b2a1b8ef36195163fe47a92fda59825deedfed4  memcached.confd
 9615769b14175a25b50c9871b48c0635b5397ebe45231b43ee29a603eceb7b16bfc5ac744017b89b19082209c09597b3038a03ed0d5d9b45c60454d5b2717a55  memcached.initd"
--- a/main/memcached/memcached.seccomp-musl.patch
+++ b/main/memcached/memcached.seccomp-musl.patch
@ -1,109 +0,0 @@
-From 35bc9e35d960f96d7fc099ba49fc9a365f9700f0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= <viraptor@gmail.com>
-Date: Wed, 28 Feb 2018 22:18:29 +1100
-Subject: [PATCH] Support seccomp on musl
-X-Patch-URL: https://patch-diff.githubusercontent.com/raw/memcached/memcached/pull/349.patch
-
-Musl-based distributions like Alpine didn't work with seccomp profile
-enabled. This was due to musl using different syscalls than glibc under
-the cover.
-
- writev/readv and epoll_pwait have been allowed
- specific ioctl has been allowed to enableprinting the error/exit
-  message
- brk has been allowed at runtime
- worker writes to stderr have been allowed (this was also broken on
-  glibc)
---
- linux_priv.c | 20 +++++++++++++++++++-
- 1 file changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/linux_priv.c b/linux_priv.c
-index 04155dd60..f1ea406af 100644
--- a/linux_priv.c
-+++ b/linux_priv.c
-@@ -2,6 +2,7 @@
- #include <seccomp.h>
- #include <errno.h>
- #include <stdlib.h>
-+#include <sys/ioctl.h>
- #include "memcached.h"
- 
- // In the future when the system is more tested this could be switched
-@@ -16,21 +17,27 @@ void drop_privileges(void) {
- 
-     int rc = 0;
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sigreturn), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_wait), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_pwait), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fstat), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(shmctl), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(brk), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TIOCGWINSZ));
- 
- #ifdef MEMCACHED_DEBUG
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(lseek), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0);
-@@ -57,10 +64,13 @@ void drop_worker_privileges(void) {
- 
-     int rc = 0;
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sigreturn), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_wait), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_pwait), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpeername), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
-@@ -70,6 +80,8 @@ void drop_worker_privileges(void) {
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mremap), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(recvfrom), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(brk), 0);
-+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TIOCGWINSZ));
- 
-     // for spawning the LRU crawler
-     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone), 0);
-@@ -83,9 +95,9 @@ void drop_worker_privileges(void) {
- 
-     if (settings.shutdown_command) {
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(tgkill), 0);
-+        rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(tkill), 0);
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fstat), 0);
-        rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0);
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0);
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(gettid), 0);
-     }
-@@ -95,8 +107,14 @@ void drop_worker_privileges(void) {
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 0);
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(lseek), 0);
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
-+        rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 0);
-     } else {
-+        // stdout
-         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_EQ, 1));
-+        rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 1, SCMP_A0(SCMP_CMP_EQ, 1));
-+        // stderr
-+        rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_EQ, 2));
-+        rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 1, SCMP_A0(SCMP_CMP_EQ, 2));
-     }
- 
-     if (rc != 0) {