mosquitto/mosquitto.spec

254 lines
8.1 KiB
RPMSpec
Raw Normal View History

#
# spec file for package mosquitto
#
Accepting request 581738 from home:mnhauke - Update to version 1.4.15 Security: * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more file descriptors, then opening the configuration file will fail and security settings will be set back to their default values. * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by setting "remaining length" to be a large value. This is now mitigated by limiting the size of remaining length to valid values. A "memory_limit" configuration option has also been added to allow the overall memory used by the broker to be limited. Broker: * Use constant time memcmp for password comparisons. * Fix incorrect PSK key being used if it had leading zeroes. * Fix memory leak if a client provided a username/password for a listener with use_identity_as_username configured. * Fix use_identity_as_username not working on websockets clients. * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on a websockets client. Closes #490. * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. * Lines in the config file are no longer limited to 1024 characters long. Closes #652. * Fix $SYS counters of messages and bytes sent when message is sent over a Websockets. Closes #250. * Fix upgrade_outgoing_qos for retained message. Closes #534. * Fix CONNACK message not being sent for unauthorised connect on websockets. Closes #8. Client library: * Fix incorrect PSK key being used if it had leading zeroes. OBS-URL: https://build.opensuse.org/request/show/581738 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=9
2018-03-03 11:49:39 +01:00
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define home %{_localstatedir}/lib/%{name}
%define c_lib libmosquitto1
%define cpp_lib libmosquittopp1
%if 0%{?suse_version} > 1230 || 0%{?rhel_version} > 600 || 0%{?centos_version} > 600 || 0%{?fedora_version} >= 20 || 0%{?el7}%{?fc20}%{?fc21}%{?fc22}%{?fc23}%{?fc24}%{?fc25}
%bcond_without systemd
%else
%bcond_with systemd
%endif
%bcond_without websockets
Name: mosquitto
Accepting request 658974 from home:mnhauke - FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536) - Update to version 1.5.5 Security: * If `per_listener_settings` is set to true, then the `acl_file` setting was ignored for the "default listener" only. This has been fixed. This does not affect any listeners defined with the `listener` option. Broker: * Add `socket_domain` option to allow listeners to disable IPv6 support. This is required to work around a problem in libwebsockets that means sockets only listen on IPv6 by default if IPv6 support is compiled in. * When using ADNS, don't ask for all network protocols when connecting, because this can lead to confusing "Protocol not supported" errors if the network is down. * Fix outgoing retained messages not being sent by bridges on initial connection. * Don't reload auth_opt_ options on reload, to match the behaviour of the other plugin options. * Print message on error when installing/uninstalling as a Windows service. * All non-error connect/disconnect messages are controlled by the `connection_messages` option. Library: * Fix reconnect delay backoff behaviour. * Don't call on_disconnect() twice if keepalive tests fail. Client: * Always print leading zeros in mosquitto_sub when output format is hex. Build: * Fix building where TLS-PSK is not available. - Update to version 1.5.4 Security: * When using a TLS enabled websockets listener with "require_certificate" OBS-URL: https://build.opensuse.org/request/show/658974 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=17
2019-01-08 21:22:44 +01:00
Version: 1.5.5
Release: 0
Summary: A MQTT v3.1/v3.1.1 Broker
License: EPL-1.0
Group: Productivity/Networking/Other
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
URL: http://mosquitto.org/
Source: http://mosquitto.org/files/source/mosquitto-%{version}.tar.gz
Source1: mosquitto.service
Source2: mosquitto.fw
Source4: README-conf-d
Source5: README-ca_certificates
Source6: README-certs
Patch0: mosquitto-1.4.1_apparmor.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: libcares-devel
BuildRequires: libuuid-devel
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
BuildRequires: openssl-devel >= 1.0.0
BuildRequires: tcpd-devel
Requires(pre): shadow
%if %{with websockets}
BuildRequires: libwebsockets-devel
%endif
%if %{with systemd}
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%endif
%description
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This makes it suitable for "machine to machine" messaging such as with low
power sensors or mobile devices such as phones, embedded computers or
microcontrollers like the Arduino. A good example of this is all of the work
that Andy Stanford-Clark (one of the originators of MQTT) has done in home
monitoring and automation with his twittering house and twittering ferry.
%package -n %{c_lib}
Summary: Shared C Library for %{name}
Group: Development/Libraries/C and C++
%description -n %{c_lib}
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This package holds the shared C library.
%package -n %{cpp_lib}
Summary: Shared C++ Library for %{name}
Group: Development/Libraries/C and C++
%description -n %{cpp_lib}
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This package holds the shared C++ library.
%package devel
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
Summary: Development files for %{name}
Group: Development/Libraries/C and C++
Requires: %{c_lib} = %{version}
Requires: %{cpp_lib} = %{version}
Provides: libmosquitto-devel = %{version}-%{release}
Provides: libmosquittopp-devel = %{version}-%{release}
%description devel
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This package holds the development files.
%package clients
Summary: Client for Mosquitto
Group: Productivity/Networking/Other
%description clients
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This makes it suitable for "machine to machine" messaging such as with low
power sensors or mobile devices such as phones, embedded computers or
microcontrollers like the Arduino. A good example of this is all of the work
that Andy Stanford-Clark (one of the originators of MQTT) has done in home
monitoring and automation with his twittering house and twittering ferry.
Client for Mosquitto.
%prep
%setup -q
%patch0 -p1
find misc -type f -exec chmod a-x "{}" "+"
%build
%cmake \
%if %{with websockets}
-DWITH_WEBSOCKETS=ON \
%endif
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
-DUSE_LIBWRAP=OFF
make
%install
%cmake_install
%if %{with systemd}
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
install -D -m 0644 %{SOURCE1} \
%{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%endif
install -Dd -m 0750 %{buildroot}%{home}
chmod -R o= %{buildroot}%{_sysconfdir}/%{name}/
%if 0%{?suse_version}
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
install -D -m 644 %{SOURCE2} %{buildroot}%{_fwdefdir}/mosquitto
install -D -m 644 security/mosquitto.apparmor %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.mosquitto
install -D -m 755 -d %{buildroot}%{_sysconfdir}/apparmor.d/local/
echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto
%endif
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/mosquitto/conf.d/README
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/mosquitto/ca_certificates/README
install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/mosquitto/certs/README
%pre
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
getent group %{name} || %{_sbindir}/groupadd -r %{name}
getent passwd %{name} || %{_sbindir}/useradd -g %{name} -s /bin/false -r -c "%{name}" -d %{home} %{name}
# START BIG SYSTEMD
%if %{with systemd}
%if 0%{?suse_version}
%service_add_pre %{name}.service
%endif
%preun
%if 0%{?suse_version}
%service_del_preun %{name}.service
%else
%systemd_preun %{name}.service
%endif
%post
%if 0%{?suse_version}
%service_add_post %{name}.service
%else
%systemd_post %{name}.service
%endif
%postun
%if 0%{?suse_version}
%service_del_postun %{name}.service
%else
%systemd_postun_with_restart %{name}.service
%endif
%endif
# /END BIG SYSTEMD
%post -n %{c_lib} -p /sbin/ldconfig
%postun -n %{c_lib} -p /sbin/ldconfig
%post -n %{cpp_lib} -p /sbin/ldconfig
%postun -n %{cpp_lib} -p /sbin/ldconfig
%files
%defattr(-,root,root)
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%license LICENSE.txt
%doc edl-v10 epl-v10
%doc CONTRIBUTING.md ChangeLog.txt readme.md *.html *.example
%doc examples/ logo/ security/ misc/
%config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/mosquitto/
%{_bindir}/mosquitto_passwd
%{_sbindir}/mosquitto
%{_mandir}/man1/mosquitto_passwd.1%{ext_man}
%{_mandir}/man5/mosquitto.conf.5%{ext_man}
%{_mandir}/man7/mosquitto-tls.7%{ext_man}
%{_mandir}/man7/mqtt.7%{ext_man}
%{_mandir}/man8/mosquitto.8%{ext_man}
%if %{with systemd}
%{_unitdir}/%{name}.service
%if 0%{?suse_version}
%{_sbindir}/rc%{name}
%endif
%endif
%dir %attr(-,%{name},%{name}) %{home}
%if 0%{?suse_version}
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%dir %{_sysconfdir}/apparmor.d/
%dir %{_sysconfdir}/apparmor.d/local/
%config %{_sysconfdir}/apparmor.d/usr.sbin.mosquitto
%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto
%config(noreplace) %{_fwdefdir}/mosquitto
%endif
%files clients
%defattr(-,root,root,-)
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%license LICENSE.txt
%doc edl-v10 epl-v10
%{_bindir}/mosquitto_pub
%{_bindir}/mosquitto_sub
%{_mandir}/man1/mosquitto_pub.1%{ext_man}
%{_mandir}/man1/mosquitto_sub.1%{ext_man}
%files -n %{c_lib}
%defattr(-,root,root)
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%license LICENSE.txt
%doc edl-v10 epl-v10
%{_libdir}/libmosquitto.so.*
%files -n %{cpp_lib}
%defattr(-,root,root)
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%license LICENSE.txt
%doc edl-v10 epl-v10
%{_libdir}/libmosquittopp.so.*
%files devel
%defattr(-,root,root)
%{_libdir}/libmosquitto.so
%{_libdir}/libmosquittopp.so
%{_includedir}/mosquitto.h
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%{_includedir}/mosquitto_broker.h
%{_includedir}/mosquitto_plugin.h
%{_includedir}/mosquittopp.h
%{_mandir}/man3/libmosquitto.3%{ext_man}
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%{_libdir}/pkgconfig/libmosquitto.pc
%{_libdir}/pkgconfig/libmosquittopp.pc
%changelog