From 8ab6c3cc0774e49b1d7de67210fcab60a1667de86a167281576d65ab1b7e82ed Mon Sep 17 00:00:00 2001 From: Martin Hauke Date: Sat, 22 Aug 2020 10:02:10 +0000 Subject: [PATCH] Accepting request 827943 from home:mnhauke - Update to version 1.6.12 Security: * In some circumstances, Mosquitto could leak memory when handling PUBLISH messages. This is limited to incoming QoS 2 messages, and is related to the combination of the broker having persistence enabled, a clean session=false client, which was connected prior to the broker restarting, then has reconnected and has now sent messages at a sufficiently high rate that the incoming queue at the broker has filled up and hence messages are being dropped. This is more likely to have an effect where max_queued_messages is a small value. This has now been fixed. Closes #1793. Broker: * Build warning fixes when building with WITH_BRIDGE=no and WITH_TLS=no. Clients: * All clients exit with an error exit code on CONNACK failure. * Don't busy loop with `mosquitto_pub -l` on a slow connection. OBS-URL: https://build.opensuse.org/request/show/827943 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=44 --- mosquitto-1.6.11.tar.gz | 3 --- mosquitto-1.6.11.tar.gz.sig | 16 ---------------- mosquitto-1.6.12.tar.gz | 3 +++ mosquitto-1.6.12.tar.gz.sig | 16 ++++++++++++++++ mosquitto.changes | 22 ++++++++++++++++++++++ mosquitto.spec | 2 +- 6 files changed, 42 insertions(+), 20 deletions(-) delete mode 100644 mosquitto-1.6.11.tar.gz delete mode 100644 mosquitto-1.6.11.tar.gz.sig create mode 100644 mosquitto-1.6.12.tar.gz create mode 100644 mosquitto-1.6.12.tar.gz.sig diff --git a/mosquitto-1.6.11.tar.gz b/mosquitto-1.6.11.tar.gz deleted file mode 100644 index f45319c..0000000 --- a/mosquitto-1.6.11.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b02d8f1368c40d5779ee125c37daf9003608eb47d7fbb04c5b938c76c1230a1f -size 610563 diff --git a/mosquitto-1.6.11.tar.gz.sig b/mosquitto-1.6.11.tar.gz.sig deleted file mode 100644 index 3fd7e65..0000000 --- a/mosquitto-1.6.11.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAl8yfm8ACgkQd5si37Pn -F7eyzBAAkkjoqV9nv4GvBPJP06ZP7ZSY4ZfBpvlgc3d9iQzWqtGY01di4fpy1Idh -WQmPrCzr/SjYo2USgeiHOpzeiqTSGpqsyMI4zm92NKvbeg1JX0XLuXfnGuFhIkmw -GX5SYeMINue1xywGCIZALvj4Ma+gZvn33Xk918Wb3j33fiqjaT9HtrkfhinjzxE3 -IYpaflfFjKqA+BEbSVKKCbytutxPsfuQWWPK7Y99HQxgUdyMcEceKpfWsPD+gb9r -TXxLx05JU35K3S4IB78hxBVRnN7GujVO/rVcyjx8p4fYwQVPcUPqIGl80/T5BCvm -+/5CD3fWacL0xHbO9pKAErrxyD5uU1eAlNEdQykTMkfbh8O4b/zIaXSFykB/orex -M6MOxFgkrNm8kHxAjB59TgNmfnEfUKOL+fvVRA9/9t3GpUcijie2Or8boIWQTYWG -e1itd+sfmswIn1Lt4yu7W9CKsT/8J0j5EZ1sscnFGFzuH+ZhpNhGtbSTzg7TPgHx -2+YAOpu9ddp8sq8gc3DYoZfWM5ByqZxcuX4f67LyW+D/g2nyjXjDWRh9aYfa2aJ0 -MKh2z7we903T4yQjmPMN2JPawR8qkEAZ8sWLEhuFE5S5+0oIR0KZMDz2O5A8KqLL -BecV6/RpYkFARnxxh6xAHj9QgvV5NUtWo1aVopVItBTLyCMXOdk= -=LoX4 ------END PGP SIGNATURE----- diff --git a/mosquitto-1.6.12.tar.gz b/mosquitto-1.6.12.tar.gz new file mode 100644 index 0000000..80aeb56 --- /dev/null +++ b/mosquitto-1.6.12.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:548d73d19fb787dd0530334e398fd256ef3a581181678488a741a995c4f007fb +size 618718 diff --git a/mosquitto-1.6.12.tar.gz.sig b/mosquitto-1.6.12.tar.gz.sig new file mode 100644 index 0000000..81ba193 --- /dev/null +++ b/mosquitto-1.6.12.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAl89LzcACgkQd5si37Pn +F7c/dRAAzKrJj+h9F5p0XEksAwxH5R8IDxASRLBgPE94zSEtQuBxhQHfH81FAT8a +An7i0DAM2hig9nyv8iqVY10SCaSsxqiD3EhY4VGytEIcsQB56LXyrr+YKAWgEIB7 +876X4ZwDUKQzb75mkY8907oFR87yTfLwyy0QrjtJygzKhkVD6sm0BSA7wghmQg3R +26FC3thoV2gLnlTIQA/8s7ZOJRwRyybOt05A4AMmblP6wH/B8bbAKMzruxGj6YVv +Y373k162rkHmYdy3g5DBlQLrUa6C3qcW6wYvmKe8kBMzNlSK0QnqPWoOGOkJ+Q/U +w+iDRdwx1rHgxzzWon93Ipu1muMJgLzy96P/WCEoKmoOXnSe++Z6Hxxe9mktbhPY +cR8O046deQUiF1oRw6sQxkcerj9ZcAekoBOZ3AfMEOZ4huKqI79EkCtYCrrBFxXu +ZXX32hobwMxrOxcKtKSDWODWhrg9y8tFZzPVX9QlAkkhjdG+xgwQhOpjUGTvwykY +wD+U+Nn2r/1lkcGdMXkzYBCCZAEDQ387yIF3QRFPDHDOtgEIcMwx90R3C+6ktSFw +g4L7xb49x39xHtW1zPhQ+tP/JMfRWpjTy0xaK6fQiuyB7AcCJuEKict95g8JsyoC +WYHpyu3yM7thrjT5cQ9wU2JqVS3IZIyt6GPm5vln5uxZUb94T+I= +=kMWd +-----END PGP SIGNATURE----- diff --git a/mosquitto.changes b/mosquitto.changes index 6272c11..6b4e684 100644 --- a/mosquitto.changes +++ b/mosquitto.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Wed Aug 19 19:29:23 UTC 2020 - Martin Hauke + +- Update to version 1.6.12 + Security: + * In some circumstances, Mosquitto could leak memory when + handling PUBLISH messages. This is limited to incoming QoS 2 + messages, and is related to the combination of the broker + having persistence enabled, a clean session=false client, + which was connected prior to the broker restarting, then has + reconnected and has now sent messages at a sufficiently high + rate that the incoming queue at the broker has filled up and + hence messages are being dropped. This is more likely to have + an effect where max_queued_messages is a small value. + This has now been fixed. Closes #1793. + Broker: + * Build warning fixes when building with WITH_BRIDGE=no and + WITH_TLS=no. + Clients: + * All clients exit with an error exit code on CONNACK failure. + * Don't busy loop with `mosquitto_pub -l` on a slow connection. + ------------------------------------------------------------------- Tue Aug 11 16:05:16 UTC 2020 - Martin Hauke diff --git a/mosquitto.spec b/mosquitto.spec index 8a30158..18cceca 100644 --- a/mosquitto.spec +++ b/mosquitto.spec @@ -20,7 +20,7 @@ %define c_lib libmosquitto1 %define cpp_lib libmosquittopp1 Name: mosquitto -Version: 1.6.11 +Version: 1.6.12 Release: 0 Summary: A MQTT v3.1/v3.1.1 Broker License: EPL-1.0