pool/mosquitto
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 658974 from home:mnhauke

Browse Source 
- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536)
- Update to version 1.5.5
  Security:
  * If `per_listener_settings` is set to true, then the `acl_file` setting was
    ignored for the "default listener" only. This has been fixed. This does not
    affect any listeners defined with the `listener` option.
  Broker:
  * Add `socket_domain` option to allow listeners to disable IPv6 support.
    This is required to work around a problem in libwebsockets that means
    sockets only listen on IPv6 by default if IPv6 support is compiled in.
  * When using ADNS, don't ask for all network protocols when connecting,
    because this can lead to confusing "Protocol not supported" errors if the
    network is down.
  * Fix outgoing retained messages not being sent by bridges on initial
    connection.
  * Don't reload auth_opt_ options on reload, to match the behaviour of the
    other plugin options.
  * Print message on error when installing/uninstalling as a Windows service.
  * All non-error connect/disconnect messages are controlled by the
    `connection_messages` option.
  Library:
  * Fix reconnect delay backoff behaviour.
  * Don't call on_disconnect() twice if keepalive tests fail.
  Client:
  * Always print leading zeros in mosquitto_sub when output format is hex.
  Build:
  * Fix building where TLS-PSK is not available.
- Update to version 1.5.4
  Security:
  * When using a TLS enabled websockets listener with "require_certificate"

OBS-URL: https://build.opensuse.org/request/show/658974
OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=17
This commit is contained in:
Marcus Rückert 2019-01-08 20:22:44 +00:00 committed by Git OBS Bridge
parent 2984b78499
commit 22abd8ba72
4 changed files with 58 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mosquitto-1.5.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3081a998d303a883b1cd064009beabc88aa9159e26f5258a4ae6007160491d10
size 425844

3
mosquitto-1.5.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fcdb47e340864c545146681af7253399cc292e41775afd76400fda5b0d23d668
size 431998

54
mosquitto.changes
View File

@ -1,3 +1,57 @@
-------------------------------------------------------------------
Mon Dec 17 20:15:50 UTC 2018 - mardnh@gmx.de
- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536)
- Update to version 1.5.5
Security:
* If `per_listener_settings` is set to true, then the `acl_file` setting was
ignored for the "default listener" only. This has been fixed. This does not
affect any listeners defined with the `listener` option.
Broker:
* Add `socket_domain` option to allow listeners to disable IPv6 support.
This is required to work around a problem in libwebsockets that means
sockets only listen on IPv6 by default if IPv6 support is compiled in.
* When using ADNS, don't ask for all network protocols when connecting,
because this can lead to confusing "Protocol not supported" errors if the
network is down.
* Fix outgoing retained messages not being sent by bridges on initial
connection.
* Don't reload auth_opt_ options on reload, to match the behaviour of the
other plugin options.
* Print message on error when installing/uninstalling as a Windows service.
* All non-error connect/disconnect messages are controlled by the
`connection_messages` option.
Library:
* Fix reconnect delay backoff behaviour.
* Don't call on_disconnect() twice if keepalive tests fail.
Client:
* Always print leading zeros in mosquitto_sub when output format is hex.
Build:
* Fix building where TLS-PSK is not available.
- Update to version 1.5.4
Security:
* When using a TLS enabled websockets listener with "require_certificate"
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed. All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this.
Broker:
* Process all pending messages even when a client has disconnected. This means
a client that send a PUBLISH then DISCONNECT quickly, then disconnects will
have its DISCONNECT message processed properly and so no Will will be sent.
* $SYS/broker/clients/disconnected should never be negative.
* Give better error message if a client sends a password without a username.
* Fix bridge not honoring restart_timeout.
* Don't disconnect a client if an auth plugin denies access to SUBSCRIBE.
Library:
* Fix memory leak that occurred if mosquitto_reconnect() was used when TLS
errors were present.
* Fix TLS connections when using an external event loop with
mosquitto_loop_read() and mosquitto_write().
Build:
* Fix clients not being compiled with threading support when using CMake.
* Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage.
-------------------------------------------------------------------
Thu Oct 25 18:06:26 UTC 2018 - mardnh@gmx.de

2
mosquitto.spec
View File

@ -27,7 +27,7 @@
%endif
%bcond_without websockets
Name: mosquitto
Version: 1.5.3
Version: 1.5.5
Release: 0
Summary: A MQTT v3.1/v3.1.1 Broker
License: EPL-1.0