mosquitto/mosquitto.spec

214 lines
7.5 KiB
RPMSpec
Raw Normal View History

#
# spec file for package mosquitto
#
Accepting request 998717 from home:dirkmueller:Factory - update to 2.0.15: * Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group. * Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. * Fix bridge `restart_timeout` not being honoured. * Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event. * Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522. * Improve documentation of `persistent_client_expiration` option. Closes #2404. * Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546. * Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488. * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. * Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607. * Fix confusing "out of memory" error when a client is kicked in the dynamic security plugin. Closes #2525. * Fix confusing error message when dynamic security config file was a directory. Closes #2520. * Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604. * Dynamic security: Fix modifyClient and modifyGroup commands to not modify OBS-URL: https://build.opensuse.org/request/show/998717 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=61
2022-09-06 14:17:07 +02:00
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
Accepting request 674913 from home:mnhauke - Update to version 1.5.7 Broker: - Ensure that an error occurs if `per_listener_settings true` is given after other security options. - Fix case where old unreferenced msg_store messages were being saved to the persistence file, bloating its size unnecessarily. Library: - Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for invalid subscriptions like `topic/#abc`. This only affects the return value, not the match/no match result, which was already correct. - Update to version 1.5.6 Security: * Fix CVE-2018-12551 (bsc#1125021): If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. * Fix CVE-2018-12550 (bsc#1125021): If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. This OBS-URL: https://build.opensuse.org/request/show/674913 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=18
2019-02-14 16:33:56 +01:00
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%define home %{_localstatedir}/lib/%{name}
%define c_lib libmosquitto1
%define cpp_lib libmosquittopp1
Name: mosquitto
Accepting request 998717 from home:dirkmueller:Factory - update to 2.0.15: * Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group. * Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. * Fix bridge `restart_timeout` not being honoured. * Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event. * Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522. * Improve documentation of `persistent_client_expiration` option. Closes #2404. * Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546. * Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488. * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. * Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607. * Fix confusing "out of memory" error when a client is kicked in the dynamic security plugin. Closes #2525. * Fix confusing error message when dynamic security config file was a directory. Closes #2520. * Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604. * Dynamic security: Fix modifyClient and modifyGroup commands to not modify OBS-URL: https://build.opensuse.org/request/show/998717 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=61
2022-09-06 14:17:07 +02:00
Version: 2.0.15
Release: 0
Summary: A MQTT v3.1/v3.1.1 Broker
License: EPL-1.0
Group: Productivity/Networking/Other
URL: https://mosquitto.org/
Source: https://mosquitto.org/files/source/mosquitto-%{version}.tar.gz
Source1: mosquitto.service
Source4: README-conf-d
Source5: README-ca_certificates
Source6: README-certs
Source98: https://mosquitto.org/files/source/mosquitto-%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.sig
Source99: %{name}.keyring
Patch0: mosquitto-1.4.1_apparmor.patch
Patch1: mosquitto-1.6.8-config.patch
BuildRequires: cmake
BuildRequires: gcc-c++
Accepting request 870017 from home:mnhauke - Update to version 2.0.7 Broker: * Fix some minor memory leaks on exit only. * Fix possible memory leak on connect. * Fix openssl engine not being able to load private key. Clients: * Fix config files truncating options after the first space. Build: - Fix man page building to not absolutely require xsltproc when using CMake. - Update to version 2.0.6 Broker: * Fix calculation of remaining length parameter for websockets clients that send fragmented packets. Broker: * Fix potential duplicate Will messages being sent when a will delay interval has been set. * Fix message expiry interval property not being honoured in `mosquitto_broker_publish` and `mosquitto_broker_publish_copy`. * Fix websockets listeners with TLS not responding. * Improve logging in obscure cases when a client disconnects. * Fix reloading of listeners where multiple listeners have been defined with the same port but different bind addresses. * Fix `message_size_limit` not applying to the Will payload. * The error topic-alias-invalid was being sent if an MQTT v5 client published a message with empty topic and topic alias set, but the topic alias hadn't already been configured on the broker. This has been fixed to send a protocol error, as per section 3.3.4 of the specification. * Note in the man pages that SIGHUP reloads TLS certificates. OBS-URL: https://build.opensuse.org/request/show/870017 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=48
2021-02-07 21:09:41 +01:00
BuildRequires: libxslt-tools
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
BuildRequires: openssl-devel >= 1.0.0
BuildRequires: pkgconfig
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
BuildRequires: tcpd-devel
BuildRequires: uthash-devel
BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libcjson)
BuildRequires: pkgconfig(libwebsockets)
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
Requires(pre): shadow
%{?systemd_ordering}
%description
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This makes it suitable for "machine to machine" messaging such as with low
power sensors or mobile devices such as phones, embedded computers or
microcontrollers like the Arduino. A good example of this is all of the work
that Andy Stanford-Clark (one of the originators of MQTT) has done in home
monitoring and automation with his twittering house and twittering ferry.
%package -n %{c_lib}
Summary: Shared C Library for %{name}
Group: Development/Libraries/C and C++
%description -n %{c_lib}
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This package holds the shared C library.
%package -n %{cpp_lib}
Summary: Shared C++ Library for %{name}
Group: Development/Libraries/C and C++
%description -n %{cpp_lib}
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This package holds the shared C++ library.
%package devel
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
Summary: Development files for %{name}
Group: Development/Libraries/C and C++
Requires: %{c_lib} = %{version}
Requires: %{cpp_lib} = %{version}
Provides: libmosquitto-devel = %{version}-%{release}
Provides: libmosquittopp-devel = %{version}-%{release}
%description devel
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This package holds the development files.
%package clients
Summary: Client for Mosquitto
Group: Productivity/Networking/Other
%description clients
Mosquitto is a message broker that implements the
MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This makes it suitable for "machine to machine" messaging such as with low
power sensors or mobile devices such as phones, embedded computers or
microcontrollers like the Arduino. A good example of this is all of the work
that Andy Stanford-Clark (one of the originators of MQTT) has done in home
monitoring and automation with his twittering house and twittering ferry.
Client for Mosquitto.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
find misc -type f -exec chmod a-x "{}" "+"
%build
%cmake \
-DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir} \
-DWITH_WEBSOCKETS=ON \
Accepting request 878570 from home:mnhauke - Build with support for tcp-wrapper (-DUSE_LIBWRAP=ON) - Update to version 2.0.9 Security: * If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initialx connection would fail but subsequent connections would succeed without verifying the remote broker certificate. * If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Broker: * Fix encrypted bridge connections incorrectly connecting when `bridge_cafile` is empty or invalid. * Fix `tls_version` behaviour not matching documentation. It was setting the exact TLS version to use, not the minimium TLS version to use. * Fix messages to `$` prefixed topics being rejected. * Fix QoS 0 messages not being delivered when max_queued_bytes was configured. * Fix bridge increasing backoff calculation. * Improve handling of invalid combinations of listener address and bind interface configurations. * Fix `max_keepalive` option not applying to clients connecting with keepalive set to 0. Client library: * Fix encrypted connections incorrectly connecting when the CA file passed to `mosquitto_tls_set()` is empty or invalid. * Fix connections retrying very rapidly in some situations. OBS-URL: https://build.opensuse.org/request/show/878570 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=51
2021-03-18 16:27:14 +01:00
-DUSE_LIBWRAP=ON
%make_build
%install
%cmake_install
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
install -Dd -m 0750 %{buildroot}%{home}
chmod -R o= %{buildroot}%{_sysconfdir}/%{name}/
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
install -D -m 644 security/mosquitto.apparmor %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.mosquitto
install -D -m 755 -d %{buildroot}%{_sysconfdir}/apparmor.d/local/
echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto
install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/mosquitto/conf.d/README
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/mosquitto/ca_certificates/README
install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/mosquitto/certs/README
%pre
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
getent group %{name} || %{_sbindir}/groupadd -r %{name}
getent passwd %{name} || %{_sbindir}/useradd -g %{name} -s /bin/false -r -c "%{name}" -d %{home} %{name}
%service_add_pre %{name}.service
%preun
%service_del_preun %{name}.service
%post
%service_add_post %{name}.service
%postun
%service_del_postun %{name}.service
%post -n %{c_lib} -p /sbin/ldconfig
%postun -n %{c_lib} -p /sbin/ldconfig
%post -n %{cpp_lib} -p /sbin/ldconfig
%postun -n %{cpp_lib} -p /sbin/ldconfig
%files
%license edl-v10 epl-v20 LICENSE.txt
%doc CONTRIBUTING.md ChangeLog.txt *.html *.example
%doc examples/ logo/ security/ misc/
%config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/mosquitto/
%{_bindir}/mosquitto_passwd
%{_bindir}/mosquitto_ctrl
#%%{_bindir}/mosquitto_ctrl_dynsec
%{_sbindir}/mosquitto
%{_mandir}/man1/mosquitto_ctrl.1%{?ext_man}
%{_mandir}/man1/mosquitto_ctrl_dynsec.1%{?ext_man}
%{_mandir}/man1/mosquitto_passwd.1%{?ext_man}
%{_mandir}/man5/mosquitto.conf.5%{?ext_man}
%{_mandir}/man7/mosquitto-tls.7%{?ext_man}
%{_mandir}/man7/mqtt.7%{?ext_man}
%{_mandir}/man8/mosquitto.8%{?ext_man}
%{_unitdir}/%{name}.service
%{_sbindir}/rc%{name}
%{_libdir}/mosquitto_dynamic_security.so
%dir %attr(-,%{name},%{name}) %{home}
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%dir %{_sysconfdir}/apparmor.d/
%dir %{_sysconfdir}/apparmor.d/local/
%config %{_sysconfdir}/apparmor.d/usr.sbin.mosquitto
%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto
%files clients
%license edl-v10 epl-v20 LICENSE.txt
%{_bindir}/mosquitto_pub
%{_bindir}/mosquitto_sub
%{_bindir}/mosquitto_rr
%{_mandir}/man1/mosquitto_pub.1%{?ext_man}
%{_mandir}/man1/mosquitto_sub.1%{?ext_man}
%{_mandir}/man1/mosquitto_rr.1%{?ext_man}
%files -n %{c_lib}
%license edl-v10 epl-v20 LICENSE.txt
%{_libdir}/libmosquitto.so.*
%files -n %{cpp_lib}
%license edl-v10 epl-v20 LICENSE.txt
%{_libdir}/libmosquittopp.so.*
%files devel
%{_libdir}/libmosquitto.so
%{_libdir}/libmosquittopp.so
%{_includedir}/mosquitto.h
%{_includedir}/mosquitto_*.h
%{_includedir}/mosquittopp.h
%{_includedir}/mqtt_protocol.h
%{_mandir}/man3/libmosquitto.3%{?ext_man}
Accepting request 604393 from home:mnhauke - Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. OBS-URL: https://build.opensuse.org/request/show/604393 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=11
2018-05-07 12:48:14 +02:00
%{_libdir}/pkgconfig/libmosquitto.pc
%{_libdir}/pkgconfig/libmosquittopp.pc
%changelog