pool/mosquitto
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 508416 from home:mnhauke

Browse Source 
- Update to 1.4.13
  * Security:
    - Fix CVE-2017-9868. The persistence file was readable
      by all local users, potentially allowing sensitive
      information to be leaked.
      This can also be fixed administratively, by restricting
      access to the directory in which the persistence file
      is stored.
  
  * Broker:
    - Fix for poor websockets performance.
    - Fix lazy bridges not timing out for idle_timeout.
    - Fix problems with large retained messages over websockets.
    - Set persistence file to only be readable by owner,
      except on Windows.
    - Fix CONNECT check for reserved=0, as per MQTT v3.1.1
      check MQTT-3.1.2-3.
    - When the broker stop, wills for any connected clients
      are now "sent".
    - Auth plugins can be configured to disable the check for +# in
      usernames/client ids with the auth_plugin_deny_special_chars
      option.  Partially closes #462.
    - Restrictions for CVE-2017-7650 have been relaxed - '/' is
      allowed in usernames/client ids. Remainder of fix for #462.
  
  Clients:
    - Don't use / in auto-generated client ids.

OBS-URL: https://build.opensuse.org/request/show/508416
OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=2
This commit is contained in:
Martin Hauke 2017-07-22 11:19:42 +00:00 committed by Git OBS Bridge
parent 51aac92ba6
commit 5895de181a
4 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mosquitto-1.4.12.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b12e2353f92cb76882ce7b7bddfea022b461b38cbe6e7fb7c969d0daeb379cf7
size 362721

3
mosquitto-1.4.13.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:df9dfc2ac6d9fe0aa7b179a7dd1379416aba9b00f0c1d60a0be0deba894dec6c
size 365579

31
mosquitto.changes
View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Wed Jul 5 20:35:17 UTC 2017 - mardnh@gmx.de
- Update to 1.4.13
* Security:
- Fix CVE-2017-9868. The persistence file was readable
by all local users, potentially allowing sensitive
information to be leaked.
This can also be fixed administratively, by restricting
access to the directory in which the persistence file
is stored.
* Broker:
- Fix for poor websockets performance.
- Fix lazy bridges not timing out for idle_timeout.
- Fix problems with large retained messages over websockets.
- Set persistence file to only be readable by owner,
except on Windows.
- Fix CONNECT check for reserved=0, as per MQTT v3.1.1
check MQTT-3.1.2-3.
- When the broker stop, wills for any connected clients
are now "sent".
- Auth plugins can be configured to disable the check for +# in
usernames/client ids with the auth_plugin_deny_special_chars
option. Partially closes #462.
- Restrictions for CVE-2017-7650 have been relaxed - '/' is
allowed in usernames/client ids. Remainder of fix for #462.
Clients:
- Don't use / in auto-generated client ids.
-------------------------------------------------------------------
Mon May 29 20:19:58 UTC 2017 - mardnh@gmx.de

2
mosquitto.spec
View File

@ -23,7 +23,7 @@
%bcond_without websockets
Name: mosquitto
Version: 1.4.12
Version: 1.4.13
Release: 0
License: EPL-1.0
Summary: An Open Source MQTT v3.1/v3.1.1 Broker