From 2d54da65ab7e0b32e9f535a1464ff22c2741b6c9e42757ba533d1fcf57c04f43 Mon Sep 17 00:00:00 2001
From: Martin Hauke <mardnh@gmx.de>
Date: Sat, 3 Mar 2018 10:49:39 +0000
Subject: [PATCH] Accepting request 581738 from home:mnhauke

- Update to version 1.4.15
  Security:
  * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more
    file descriptors, then opening the configuration file will fail and security
    settings will be set back to their default values.
  * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by
    setting "remaining length" to be a large value. This is now mitigated by
    limiting the size of remaining length to valid values. A "memory_limit"
    configuration option has also been added to allow the overall memory used by
    the broker to be limited.

  Broker:
  * Use constant time memcmp for password comparisons.
  * Fix incorrect PSK key being used if it had leading zeroes.
  * Fix memory leak if a client provided a username/password for a listener with
    use_identity_as_username configured.
  * Fix use_identity_as_username not working on websockets clients.
  * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
    a websockets client. Closes #490.
  * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
  * Lines in the config file are no longer limited to 1024 characters long.
    Closes #652.
  * Fix $SYS counters of messages and bytes sent when message is sent over
    a Websockets. Closes #250.
  * Fix upgrade_outgoing_qos for retained message. Closes #534.
  * Fix CONNACK message not being sent for unauthorised connect on websockets.
    Closes #8.

  Client library:
  * Fix incorrect PSK key being used if it had leading zeroes.

OBS-URL: https://build.opensuse.org/request/show/581738
OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=9
---
 mosquitto-1.4.14.tar.gz |  3 ---
 mosquitto-1.4.15.tar.gz |  3 +++
 mosquitto.changes       | 45 +++++++++++++++++++++++++++++++++++++++++
 mosquitto.spec          |  4 ++--
 4 files changed, 50 insertions(+), 5 deletions(-)
 delete mode 100644 mosquitto-1.4.14.tar.gz
 create mode 100644 mosquitto-1.4.15.tar.gz

diff --git a/mosquitto-1.4.14.tar.gz b/mosquitto-1.4.14.tar.gz
deleted file mode 100644
index 5fb5c26..0000000
--- a/mosquitto-1.4.14.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:156b1fa731d12baad4b8b22f7b6a8af50ba881fc711b81e9919ec103cf2942d1
-size 365596
diff --git a/mosquitto-1.4.15.tar.gz b/mosquitto-1.4.15.tar.gz
new file mode 100644
index 0000000..919e8e0
--- /dev/null
+++ b/mosquitto-1.4.15.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83
+size 368961
diff --git a/mosquitto.changes b/mosquitto.changes
index cfa8ab9..d8a3dc0 100644
--- a/mosquitto.changes
+++ b/mosquitto.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Thu Mar  1 14:37:54 UTC 2018 - mardnh@gmx.de
+
+- Update to version 1.4.15
+  Security:
+  * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more
+    file descriptors, then opening the configuration file will fail and security
+    settings will be set back to their default values.
+  * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by
+    setting "remaining length" to be a large value. This is now mitigated by
+    limiting the size of remaining length to valid values. A "memory_limit"
+    configuration option has also been added to allow the overall memory used by
+    the broker to be limited.
+  
+  Broker:
+  * Use constant time memcmp for password comparisons.
+  * Fix incorrect PSK key being used if it had leading zeroes.
+  * Fix memory leak if a client provided a username/password for a listener with
+    use_identity_as_username configured.
+  * Fix use_identity_as_username not working on websockets clients.
+  * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
+    a websockets client. Closes #490.
+  * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
+  * Lines in the config file are no longer limited to 1024 characters long.
+    Closes #652.
+  * Fix $SYS counters of messages and bytes sent when message is sent over
+    a Websockets. Closes #250.
+  * Fix upgrade_outgoing_qos for retained message. Closes #534.
+  * Fix CONNACK message not being sent for unauthorised connect on websockets.
+    Closes #8.
+  
+  Client library:
+  * Fix incorrect PSK key being used if it had leading zeroes.
+  * Initialise "result" variable as soon as possible in
+    mosquitto_topic_matches_sub. Closes #654.
+  * No need to close socket again if setting non-blocking failed. Closes #649.
+  * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
+    foo/+/#. Closes #670.
+  
+  Clients:
+  * Correctly handle empty files with "mosquitto_pub -l". Closes #676.
+  
+  Build:
+  * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
+
 -------------------------------------------------------------------
 Mon Oct  2 10:57:39 UTC 2017 - mardnh@gmx.de
 
diff --git a/mosquitto.spec b/mosquitto.spec
index 6e650c0..c5ab06e 100644
--- a/mosquitto.spec
+++ b/mosquitto.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package mosquitto
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 %bcond_without  websockets
 
 Name:           mosquitto
-Version:        1.4.14
+Version:        1.4.15
 Release:        0
 Summary:        A MQTT v3.1/v3.1.1 Broker
 License:        EPL-1.0