Accepting request 883684 from home:mnhauke

- Update to version 2.0.10 Security: * CVE-2021-28166: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault. This will be updated with the CVE number when it is assigned. Affects versions 2.0.0 to 2.0.9 inclusive. Broker: * Don't over write new receive-maximum if a v5 client connects and takes over an old session. * Fix CVE-2021-28166. Closes #2163. Clients: * Set `receive-maximum` to not exceed the `-C` message count in mosquitto_sub and mosquitto_rr, to avoid potentially lost messages. * Fix TLS-PSK mode not working with port 8883. Client library: * Fix possible socket leak. This would occur if a client was using `mosquitto_loop_start()`, then if the connection failed due to the remote server being inaccessible they called `mosquitto_loop_stop(, true)` and recreated the mosquitto object. Build: * A variety of minor build related fixes, like functions not having previous declarations. OBS-URL: https://build.opensuse.org/request/show/883684 OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=53
2021-04-07 22:25:40 +00:00 · 2021-04-07 22:25:40 +00:00 · ad0fe15447
commit ad0fe15447
parent 7839c64447
7 changed files with 70 additions and 40 deletions
--- a/fix-undefined-symbols-in-plugins.patch
+++ b/fix-undefined-symbols-in-plugins.patch
@ -1,20 +1,20 @@
-Index: mosquitto-2.0.8/plugins/auth-by-ip/CMakeLists.txt
-===================================================================
--- mosquitto-2.0.8.orig/plugins/auth-by-ip/CMakeLists.txt
-+++ mosquitto-2.0.8/plugins/auth-by-ip/CMakeLists.txt
+diff --git a/plugins/auth-by-ip/CMakeLists.txt b/plugins/auth-by-ip/CMakeLists.txt
+index 45260bd..e5e25d8 100644
+--- a/plugins/auth-by-ip/CMakeLists.txt
+++ b/plugins/auth-by-ip/CMakeLists.txt
@@ -1,7 +1,7 @@
 include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include
- 			${STDBOOL_H_PATH} ${STDINT_H_PATH})
+ 			${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH})
 
 -add_library(mosquitto_auth_by_ip SHARED mosquitto_auth_by_ip.c)
 +add_library(mosquitto_auth_by_ip MODULE mosquitto_auth_by_ip.c)
 set_target_properties(mosquitto_auth_by_ip PROPERTIES
 	POSITION_INDEPENDENT_CODE 1
 )
-Index: mosquitto-2.0.8/plugins/dynamic-security/CMakeLists.txt
-===================================================================
--- mosquitto-2.0.8.orig/plugins/dynamic-security/CMakeLists.txt
-+++ mosquitto-2.0.8/plugins/dynamic-security/CMakeLists.txt
+diff --git a/plugins/dynamic-security/CMakeLists.txt b/plugins/dynamic-security/CMakeLists.txt
+index 213ea03..0e02518 100644
+--- a/plugins/dynamic-security/CMakeLists.txt
+++ b/plugins/dynamic-security/CMakeLists.txt
@@ -12,7 +12,7 @@ if (CJSON_FOUND AND WITH_TLS)
 	include_directories(${CLIENT_INC})
 	link_directories(${CLIENT_DIR} ${mosquitto_SOURCE_DIR})
@ -24,25 +24,25 @@ Index: mosquitto-2.0.8/plugins/dynamic-security/CMakeLists.txt
 		acl.c
 		auth.c
 		clients.c
-Index: mosquitto-2.0.8/plugins/message-timestamp/CMakeLists.txt
-===================================================================
--- mosquitto-2.0.8.orig/plugins/message-timestamp/CMakeLists.txt
-+++ mosquitto-2.0.8/plugins/message-timestamp/CMakeLists.txt
+diff --git a/plugins/message-timestamp/CMakeLists.txt b/plugins/message-timestamp/CMakeLists.txt
+index e53a4bc..d28cb1d 100644
+--- a/plugins/message-timestamp/CMakeLists.txt
+++ b/plugins/message-timestamp/CMakeLists.txt
@@ -1,7 +1,7 @@
 include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include
- 			${STDBOOL_H_PATH} ${STDINT_H_PATH})
+ 			${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH})
 
 -add_library(mosquitto_message_timestamp SHARED mosquitto_message_timestamp.c)
 +add_library(mosquitto_message_timestamp MODULE mosquitto_message_timestamp.c)
 set_target_properties(mosquitto_message_timestamp PROPERTIES
 	POSITION_INDEPENDENT_CODE 1
 )
-Index: mosquitto-2.0.8/plugins/payload-modification/CMakeLists.txt
-===================================================================
--- mosquitto-2.0.8.orig/plugins/payload-modification/CMakeLists.txt
-+++ mosquitto-2.0.8/plugins/payload-modification/CMakeLists.txt
-@@ -2,7 +2,7 @@ include_directories(${mosquitto_SOURCE_D
- 			${STDBOOL_H_PATH} ${STDINT_H_PATH})
+diff --git a/plugins/payload-modification/CMakeLists.txt b/plugins/payload-modification/CMakeLists.txt
+index a449291..e77c870 100644
+--- a/plugins/payload-modification/CMakeLists.txt
+++ b/plugins/payload-modification/CMakeLists.txt
+@@ -2,7 +2,7 @@ include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include
+ 			${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH})
 link_directories(${mosquitto_SOURCE_DIR})
 
 -add_library(mosquitto_payload_modification SHARED mosquitto_payload_modification.c)
--- a/mosquitto-2.0.10.tar.gz
+++ b/mosquitto-2.0.10.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0188f7b21b91d6d80e992b8d6116ba851468b3bd154030e8a003ed28fb6f4a44
+size 759106
--- a/mosquitto-2.0.10.tar.gz.sig
+++ b/mosquitto-2.0.10.tar.gz.sig
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmBoSz8ACgkQd5si37Pn
+F7exyQ//Q9UXpuHS7aywypHcHKAdTm3Eu/unQhlMojbLD7K97uy/ROP2qt4B5QpY
+ckj7uhzYPuno/dGOE+uU8HR+RQ2bpJJ84VbI+t6SI1RFJImPyNnkDYuLPO+L1PWs
+OlITozi6W4HpwwY6sCXxJujXGE8tTQzfE3FIMYg7KrKFRpx34wYFRzQVWJ/FkDkJ
+ZeJnwJ/ZTbNOc1fMJFfSx2+Xx1Yppk28HFshKmEZlFzJiaXQi8jx1XFJ5ySsA18/
+6uLTExy9tz/vPHz1tR18VNSYy/Ix7TNEdmfFg62rkMm5BbQlCR0Yx0sRYaCtxafN
+fW1L9DYM8D9TBRNg4LKUXAJjZwnwqMqXdt9n2h4jG/DHoCsPuimi+gVnwVwHOENt
+B5UcuxdqDq6zfSSQx8Y9XLFJ4BZYtojJFqzHoq/dmKsOwi+LbuJPali6FiX+nl9K
+Qxt5etp6rfgIfv+2FD0g+gg2E8wLOm/m2qEC0mBMGEMtqnyshel3Pyh3PUeMsP5u
+HhIbLDP2GJ7qcGoz63BUpXx8enlgqLxEXFptwTsFb0NvlwHH81gySUStcZwcz9rH
+4q+EfmEV1gFeaNV1ceFvvt33stEaYzZRYBT/sSUJ0/CewGkOfdA7f8gzgetvbLN4
+Vw4wMHtLPNiaA0EFXaLc+RLu+5ZoJ4AiV0HxXeR5+jLuJwrcD0c=
+=34DU
+-----END PGP SIGNATURE-----
--- a/mosquitto-2.0.9.tar.gz
+++ b/mosquitto-2.0.9.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1b8553ef64a1cf5e4f4cfbe098330ae612adccd3d37f35b2db6f6fab501b01d4
-size 757878
--- a/mosquitto-2.0.9.tar.gz.sig
+++ b/mosquitto-2.0.9.tar.gz.sig
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmBKm6EACgkQd5si37Pn
-F7dmgQ//XpvIqRaP3xEjYHHonQh/vAJziXSsC2GjyY7lGK8S5Ab0ft7EPjhEQBoF
-UU1CRHJcdVpY8Xaw8c7lihWrxSl+wY9tKwlqOA2I4gMKBU2iKlcGeah1G35ncnZV
-35RqaKr/5Cx5W4e80jqcCJ75/JBIXpYLH5lDZaOT2z3644HjOsnWzVPO6Ht2rsYT
-99N0/Wobl3cRZTuqv7R2qOasg5OriY/aUn3RBdJm1pBbX2qHN/altBwkdyqaxScf
-QmkSdjBdvHCkQRn0spNRnECPWsmVIGQ3YO9HPGdxu0+vA3PLm8fFnvytWOC0W5fv
-our4OJqvvTmYTh1+ZhCqlzraR1g8jkH/ExAHwBxJ8wDZGGobtfg4Eq4cwXMYVNa5
-jxILPn/BVEbYAmi9IQqBaapr6vbRPpJVDuX8613rEcJ9Npd8EPPPy0uJEqd7nAEi
-mYHsMcS6cch4mbiFcy9FE0rUkOpVZrthOpCv7jMPoIpM1fc7Q4ev3/fhjmFDSSOH
-RNn+nZQux9GNJXnCcyCGIj/AFW0wm0+kiw7MsaDnlxXyovekrNQ2aXfqCOahhBzv
-goVNRrTQCRcWuGWgUI2Vr728mLgwPbsszotwbvX5Gxv5VOJTU1DAtQAr4J4w/Sd1
-+lgcxziT77nyCXzdjB9OgpR/xXe0BgKzDpdVMIHqmTOzfxNwIVI=
-=aRYG
-----END PGP SIGNATURE-----
--- a/mosquitto.changes
+++ b/mosquitto.changes
@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Apr  6 18:58:02 UTC 2021 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 2.0.10
+  Security:
+  * CVE-2021-28166: If an authenticated client connected with
+    MQTT v5 sent a malformed CONNACK message to the broker a NULL
+    pointer dereference occurred, most likely resulting in a
+    segfault. This will be updated with the CVE number when it is
+    assigned.
+    Affects versions 2.0.0 to 2.0.9 inclusive.
+  Broker:
+  * Don't over write new receive-maximum if a v5 client connects
+    and takes over an old session.
+  * Fix CVE-2021-28166. Closes #2163.
+  Clients:
+  * Set `receive-maximum` to not exceed the `-C` message count in
+    mosquitto_sub and mosquitto_rr, to avoid potentially lost
+    messages.
+  * Fix TLS-PSK mode not working with port 8883.
+  Client library:
+  * Fix possible socket leak. This would occur if a client was
+    using `mosquitto_loop_start()`, then if the connection failed
+    due to the remote server being inaccessible they called
+    `mosquitto_loop_stop(, true)` and recreated the mosquitto
+    object.
+  Build:
+  * A variety of minor build related fixes, like functions not
+    having previous declarations.
+
 -------------------------------------------------------------------
 Fri Mar 12 14:13:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>

--- a/mosquitto.spec
+++ b/mosquitto.spec
@ -20,7 +20,7 @@
 %define c_lib   libmosquitto1
 %define cpp_lib libmosquittopp1
 Name:           mosquitto
-Version:        2.0.9
+Version:        2.0.10
 Release:        0
 Summary:        A MQTT v3.1/v3.1.1 Broker
 License:        EPL-1.0