diff --git a/mosquitto-2.0.11.tar.gz b/mosquitto-2.0.11.tar.gz deleted file mode 100644 index 9dbaea7..0000000 --- a/mosquitto-2.0.11.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7b36a7198bce85cf31b132f5c6ee36dcf5dadf86fb768501eb1e11ce95d4f78a -size 760325 diff --git a/mosquitto-2.0.11.tar.gz.sig b/mosquitto-2.0.11.tar.gz.sig deleted file mode 100644 index 8ddf562..0000000 --- a/mosquitto-2.0.11.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmDAtecACgkQd5si37Pn -F7dDVw/7BzIhxXWhS34tt5BtAoLvrcPMoBXtOn8YTlYmuY8bqCcsFoj7zNx8rlXb -/8HBVDwphYGHNvuSPPBmUZ+vp1ODK75fhyjba9n7ALC9VRNFiSh0ffTVYXoz58Mx -0nf9foTSVD3s73JhA+9qoZq0PjOekrZieOyKQzrNbjNys58IjT++wP4xLTGusmU6 -+kLHT9p6vflnWB09f4G6yDYkzPb6hoc5qzWFva0wbr7SLzJEbsmLps0dYZAFa7SH -kUpnYfegEcNQz3y0drx7R3jox4J0+oH8Jm5+BNKtpTyZfMNpXMlcbSx7t1oL7ynS -tAoDdL/81xljsG5I/qHSXIMi3ZsNxgE63fiKEjjLpba0crIdoK6m+Uhq2lyl8k1y -flsuL98AE+W/hUnBLyNKpor2FZb23uQN/jsEZ2akW2RgoR4Wcv8oowNP0DDOV/ee -KbBQ+Qj24t1EreiYULCm0bzv7W+0i1/zK/XpxPQXNS6UFeowV1t32XQnVbxWZdmm -5RrbnjN0bFbGV57t06Tjf+P7RHnjunsw0ydgLHwrJI06+I0Qa+2zhMFPozhA8t2y -H1/0h2xW4jAvHfvhPv0QdapbqJVpN3EvKpihT5RfsT9H0/ShiClqPJVLFT977xF3 -HlDVjmoFytVcBaAjQ1kOKEf4qZXxMAXfzb34EmOQf8El9+va+ps= -=I/jf ------END PGP SIGNATURE----- diff --git a/mosquitto-2.0.12.tar.gz b/mosquitto-2.0.12.tar.gz new file mode 100644 index 0000000..2feead5 --- /dev/null +++ b/mosquitto-2.0.12.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:31cf0065cb431d6f4e57a5f4d56663e839c9d177362eff89582d7cfde191c933 +size 783859 diff --git a/mosquitto-2.0.12.tar.gz.sig b/mosquitto-2.0.12.tar.gz.sig new file mode 100644 index 0000000..d9acb8c --- /dev/null +++ b/mosquitto-2.0.12.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmEulDIACgkQd5si37Pn +F7cJvA//UNSoMaisrPFdGpwG0vsaqJhWIXfAYvq9ICBcc0Sf7TqJ17CJ2Gz/89ii +qy0av5FIE/+t4K4i8KAlHFNVvHdCf4Qgod+yeplXNR0szYdziC75fDhOzoV88oyj +QF0Qq+652FZxAqSx+V7PdW3nYRW58TjPXE+DlKPG9hk0vMEPZYxiMAJE6jdlLxKP +1X7UI0q+R+R+z5/nKtoF++G8rOfHWvunGMsPBPVVKHvLWHyCgA/t+ajbMtThPt9t +raRV47lzUaZ582soPv5pn4qyBd3+4+mhvd5gdZe/DRWFluht73SjU/M5VkgeO23y +RhR9KZWzlYpH1LZg9ujpM3Cv1kLYDbr8RIRUYKPfgd5PbZ3KIzEl2lkAm9bZFw2j +LmfzXEToNWy70zwvoCiA2OMZi3uBMSrhk9NMIoKIFISCaX6eqPy0xOF49asIe7SK +WlI3VDrgKGU+YGcfnacNhaqiUURkmp4v0tEKrNBvm7c6tR+jRQ23C3YR4BJWkA+W +vHdsFfFi8tzUeA6xhuZRXCC5wy9LfHvLQarJWKZjjM0vAWz7cx0kIS3W3klJT880 +vjD3IwyQh2ktjSAml5XFVkxVun1/tF92eWS/s3c2fOE7Jv9hDVKPIQmvFXN3k9CY +LzSW+Bg7bTcCD6KLtygmiR3666atkQ13ugIdLFrvCHu3l/4d5d0= +=PNLS +-----END PGP SIGNATURE----- diff --git a/mosquitto.changes b/mosquitto.changes index 567b722..d91804e 100644 --- a/mosquitto.changes +++ b/mosquitto.changes @@ -4,6 +4,81 @@ Wed Oct 6 14:18:36 UTC 2021 - Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified: * mosquitto.service +------------------------------------------------------------------- +Wed Sep 1 19:18:24 UTC 2021 - Martin Hauke + +- Update to version 2.0.12 + * Includes security fixes for + CVE-2021-34434 (bsc#1190048) and CVE-2020-13849 (bsc#1190101) + Security : + * An MQTT v5 client connecting with a large number of + user-property properties could cause excessive CPU usage, + leading to a loss of performance and possible denial of + service. This has been fixed. + * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 + connections. These clients are now rejected if their keepalive + value exceeds max_keepalive. This option allows CVE-2020-13849, + which is for the MQTT v3.1.1 protocol itself rather than an + implementation, to be addressed. + * Using certain listener related configuration options e.g. + `cafile`, that apply to the default listener without defining + any listener would cause a remotely accessible listener to be + opened that was not confined to the local machine but did have + anonymous access enabled, contrary to the documentation. + This has been fixed. Closes #2283. + * CVE-2021-34434: If a plugin had granted ACL subscription access + to a durable/non-clean-session client, then removed that + access,the client would keep its existing subscription. This + has been fixed. + * Incoming QoS 2 messages that had not completed the QoS flow + were not being checked for ACL access when a clean + session=False client was reconnecting. This has been fixed. + Broker: + * Fix possible out of bounds memory reads when reading a + corrupt/crafted configuration file. Unless your configuration + file is writable by untrusted users this is not a risk. + * Fix `max_connections` option not being correctly counted. + * Fix TLS certificates and TLS-PSK not being able to be + configured at the same time. + * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly + configured. + * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 + connections. These clients are now rejected if their keepalive + value exceeds max_keepalive. + * Fix broker not quiting if e.g. the `password_file` is specified + as a directory. Closes #2241. + * Fix listener mount_point not being removed on outgoing messages. + * Strict protocol compliance fixes, plus test suite. + * Fix $share subscriptions not being recovered for durable + clients that reconnect. + * Update plugin configuration documentation. Closes #2286. + Client library: + * If a client uses TLS-PSK then force the default cipher list to + use "PSK" ciphers only. This means that a client connecting to + a broker configured with x509 certificates only will now fail. + Prior to this, the client would connect successfully without# + verifying certificates, because they were not configured. + * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly + configured. + * Threaded mode is deconfigured when the mosquitto_loop_start() + thread ends, which allows mosquitto_loop_start() to be called + again. + * Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. + * Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in + use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were + set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default + value of true. + Apps: + * Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not + working. + Clients: + * Document TLS certificate behaviour when using `-p 8883`. + Build: + * Fix installation using WITH_TLS=no. Closes #2281. + * Fix builds with libressl 3.4.0. Closes #2198. + * Remove some unnecessary code guards related to libressl. + * Fix printf format build warning on MIPS. Closes #2271. + ------------------------------------------------------------------- Wed Jun 9 19:10:49 UTC 2021 - Martin Hauke diff --git a/mosquitto.spec b/mosquitto.spec index a53ce04..42bb6e1 100644 --- a/mosquitto.spec +++ b/mosquitto.spec @@ -20,7 +20,7 @@ %define c_lib libmosquitto1 %define cpp_lib libmosquittopp1 Name: mosquitto -Version: 2.0.11 +Version: 2.0.12 Release: 0 Summary: A MQTT v3.1/v3.1.1 Broker License: EPL-1.0