Accepting request 924936 from network:messaging:mqtt

OBS-URL: https://build.opensuse.org/request/show/924936
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mosquitto?expand=0&rev=24

mosquitto-2.0.11.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7b36a7198bce85cf31b132f5c6ee36dcf5dadf86fb768501eb1e11ce95d4f78a
-size 760325

mosquitto-2.0.11.tar.gz.sig

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmDAtecACgkQd5si37Pn
-F7dDVw/7BzIhxXWhS34tt5BtAoLvrcPMoBXtOn8YTlYmuY8bqCcsFoj7zNx8rlXb
-/8HBVDwphYGHNvuSPPBmUZ+vp1ODK75fhyjba9n7ALC9VRNFiSh0ffTVYXoz58Mx
-0nf9foTSVD3s73JhA+9qoZq0PjOekrZieOyKQzrNbjNys58IjT++wP4xLTGusmU6
-+kLHT9p6vflnWB09f4G6yDYkzPb6hoc5qzWFva0wbr7SLzJEbsmLps0dYZAFa7SH
-kUpnYfegEcNQz3y0drx7R3jox4J0+oH8Jm5+BNKtpTyZfMNpXMlcbSx7t1oL7ynS
-tAoDdL/81xljsG5I/qHSXIMi3ZsNxgE63fiKEjjLpba0crIdoK6m+Uhq2lyl8k1y
-flsuL98AE+W/hUnBLyNKpor2FZb23uQN/jsEZ2akW2RgoR4Wcv8oowNP0DDOV/ee
-KbBQ+Qj24t1EreiYULCm0bzv7W+0i1/zK/XpxPQXNS6UFeowV1t32XQnVbxWZdmm
-5RrbnjN0bFbGV57t06Tjf+P7RHnjunsw0ydgLHwrJI06+I0Qa+2zhMFPozhA8t2y
-H1/0h2xW4jAvHfvhPv0QdapbqJVpN3EvKpihT5RfsT9H0/ShiClqPJVLFT977xF3
-HlDVjmoFytVcBaAjQ1kOKEf4qZXxMAXfzb34EmOQf8El9+va+ps=
-=I/jf
------END PGP SIGNATURE-----

mosquitto-2.0.12.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:31cf0065cb431d6f4e57a5f4d56663e839c9d177362eff89582d7cfde191c933
+size 783859

mosquitto-2.0.12.tar.gz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmEulDIACgkQd5si37Pn
+F7cJvA//UNSoMaisrPFdGpwG0vsaqJhWIXfAYvq9ICBcc0Sf7TqJ17CJ2Gz/89ii
+qy0av5FIE/+t4K4i8KAlHFNVvHdCf4Qgod+yeplXNR0szYdziC75fDhOzoV88oyj
+QF0Qq+652FZxAqSx+V7PdW3nYRW58TjPXE+DlKPG9hk0vMEPZYxiMAJE6jdlLxKP
+1X7UI0q+R+R+z5/nKtoF++G8rOfHWvunGMsPBPVVKHvLWHyCgA/t+ajbMtThPt9t
+raRV47lzUaZ582soPv5pn4qyBd3+4+mhvd5gdZe/DRWFluht73SjU/M5VkgeO23y
+RhR9KZWzlYpH1LZg9ujpM3Cv1kLYDbr8RIRUYKPfgd5PbZ3KIzEl2lkAm9bZFw2j
+LmfzXEToNWy70zwvoCiA2OMZi3uBMSrhk9NMIoKIFISCaX6eqPy0xOF49asIe7SK
+WlI3VDrgKGU+YGcfnacNhaqiUURkmp4v0tEKrNBvm7c6tR+jRQ23C3YR4BJWkA+W
+vHdsFfFi8tzUeA6xhuZRXCC5wy9LfHvLQarJWKZjjM0vAWz7cx0kIS3W3klJT880
+vjD3IwyQh2ktjSAml5XFVkxVun1/tF92eWS/s3c2fOE7Jv9hDVKPIQmvFXN3k9CY
+LzSW+Bg7bTcCD6KLtygmiR3666atkQ13ugIdLFrvCHu3l/4d5d0=
+=PNLS
+-----END PGP SIGNATURE-----

mosquitto.changes

@@ -4,6 +4,81 @@ Wed Oct  6 14:18:36 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
 - Added hardening to systemd service(s) (bsc#1181400). Modified:
   * mosquitto.service
 
+-------------------------------------------------------------------
+Wed Sep  1 19:18:24 UTC 2021 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 2.0.12
+  * Includes security fixes for
+    CVE-2021-34434 (bsc#1190048) and CVE-2020-13849 (bsc#1190101)
+  Security :
+  * An MQTT v5 client connecting with a large number of
+    user-property properties could cause excessive CPU usage,
+    leading to a loss of performance and possible denial of
+    service. This has been fixed.
+  * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1
+    connections.  These clients are now rejected if their keepalive
+    value exceeds max_keepalive. This option allows CVE-2020-13849,
+    which is for the MQTT v3.1.1 protocol itself rather than an
+    implementation, to be addressed.
+  * Using certain listener related configuration options e.g.
+    `cafile`, that apply to the default listener without defining
+    any listener would cause a remotely accessible listener to be
+    opened that was not confined to the local machine but did have
+    anonymous access enabled, contrary to the documentation.
+    This has been fixed. Closes #2283.
+  * CVE-2021-34434: If a plugin had granted ACL subscription access
+    to a durable/non-clean-session client, then removed that
+    access,the client would keep its existing subscription. This
+    has been fixed.
+  * Incoming QoS 2 messages that had not completed the QoS flow
+    were not being checked for ACL access when a clean
+    session=False client was reconnecting.  This has been fixed.
+  Broker:
+  * Fix possible out of bounds memory reads when reading a
+    corrupt/crafted configuration file. Unless your configuration
+    file is writable by untrusted users this is not a risk.
+  * Fix `max_connections` option not being correctly counted.
+  * Fix TLS certificates and TLS-PSK not being able to be
+    configured at the same time.
+  * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly
+    configured.
+  * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1
+    connections.  These clients are now rejected if their keepalive
+    value exceeds max_keepalive.
+  * Fix broker not quiting if e.g. the `password_file` is specified
+    as a directory. Closes #2241.
+  * Fix listener mount_point not being removed on outgoing messages.
+  * Strict protocol compliance fixes, plus test suite.
+  * Fix $share subscriptions not being recovered for durable
+    clients that reconnect.
+  * Update plugin configuration documentation. Closes #2286.
+  Client library:
+  * If a client uses TLS-PSK then force the default cipher list to
+    use "PSK" ciphers only. This means that a client connecting to
+    a broker configured with x509 certificates only will now fail.
+    Prior to this, the client would connect successfully without#
+    verifying certificates, because they were not configured.
+  * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly
+    configured.
+  * Threaded mode is deconfigured when the mosquitto_loop_start()
+    thread ends, which allows mosquitto_loop_start() to be called
+    again.
+  * Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL.
+  * Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in
+    use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were
+    set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default
+    value of true.
+  Apps:
+  * Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not
+    working.
+  Clients:
+  * Document TLS certificate behaviour when using `-p 8883`.
+  Build:
+  * Fix installation using WITH_TLS=no. Closes #2281.
+  * Fix builds with libressl 3.4.0. Closes #2198.
+  * Remove some unnecessary code guards related to libressl.
+  * Fix printf format build warning on MIPS. Closes #2271.
+
 -------------------------------------------------------------------
 Wed Jun  9 19:10:49 UTC 2021 - Martin Hauke <mardnh@gmx.de>
 

mosquitto.spec

@@ -20,7 +20,7 @@
 %define c_lib   libmosquitto1
 %define cpp_lib libmosquittopp1
 Name:           mosquitto
-Version:        2.0.11
+Version:        2.0.12
 Release:        0
 Summary:        A MQTT v3.1/v3.1.1 Broker
 License:        EPL-1.0