From 2984b784991cb26e64e800999083b9de00736bdfc8de545693ca23e618b3d7f9 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Fri, 26 Oct 2018 13:35:58 +0000 Subject: [PATCH] Accepting request 644721 from home:mnhauke - Update to version 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate log level to warning for situation when socket limit is hit. * Fix retained messages not sent by bridges on outgoing topics at the first connection. * Fix duplicate clients being added to by_id hash before the old client was removed. - Update to version 1.5.2 Broker: * Fix incorrect call to setsockopt() for TCP_NODELAY. * Fix excessive CPU usage when the number of sockets exceeds the system limit. * Fix round_robin false behaviour. * Fix segfault on HUP when bridges and security options are configured. Library: * Fix situation where username and password is used with SOCKS5 proxy. * Fix SOCKS5 behaviour when passing IP addresses. OBS-URL: https://build.opensuse.org/request/show/644721 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=15 --- mosquitto-1.5.1.tar.gz | 3 --- mosquitto-1.5.3.tar.gz | 3 +++ mosquitto.changes | 25 +++++++++++++++++++++++++ mosquitto.spec | 2 +- 4 files changed, 29 insertions(+), 4 deletions(-) delete mode 100644 mosquitto-1.5.1.tar.gz create mode 100644 mosquitto-1.5.3.tar.gz diff --git a/mosquitto-1.5.1.tar.gz b/mosquitto-1.5.1.tar.gz deleted file mode 100644 index 5fefb20..0000000 --- a/mosquitto-1.5.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8557bc7ae34dfaf32a0fb56d2491b7a7f731269c88337227233013502df4d5b0 -size 430066 diff --git a/mosquitto-1.5.3.tar.gz b/mosquitto-1.5.3.tar.gz new file mode 100644 index 0000000..27fe02c --- /dev/null +++ b/mosquitto-1.5.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3081a998d303a883b1cd064009beabc88aa9159e26f5258a4ae6007160491d10 +size 425844 diff --git a/mosquitto.changes b/mosquitto.changes index c73114b..89010bf 100644 --- a/mosquitto.changes +++ b/mosquitto.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Oct 25 18:06:26 UTC 2018 - mardnh@gmx.de + +- Update to version 1.5.3 + Security: + * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that + begins with $, but is not $SYS, then an assert that should be unreachable is + triggered and Mosquitto will exit. + Broker: + * Elevate log level to warning for situation when socket limit is hit. + * Fix retained messages not sent by bridges on outgoing topics at the first + connection. + * Fix duplicate clients being added to by_id hash before the old client was + removed. + +- Update to version 1.5.2 + Broker: + * Fix incorrect call to setsockopt() for TCP_NODELAY. + * Fix excessive CPU usage when the number of sockets exceeds the system limit. + * Fix round_robin false behaviour. + * Fix segfault on HUP when bridges and security options are configured. + Library: + * Fix situation where username and password is used with SOCKS5 proxy. + * Fix SOCKS5 behaviour when passing IP addresses. + ------------------------------------------------------------------- Sun Aug 19 16:38:42 UTC 2018 - mardnh@gmx.de diff --git a/mosquitto.spec b/mosquitto.spec index a915761..fd33a63 100644 --- a/mosquitto.spec +++ b/mosquitto.spec @@ -27,7 +27,7 @@ %endif %bcond_without websockets Name: mosquitto -Version: 1.5.1 +Version: 1.5.3 Release: 0 Summary: A MQTT v3.1/v3.1.1 Broker License: EPL-1.0