diff --git a/mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch b/mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch deleted file mode 100644 index 75f2936..0000000 --- a/mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up ./CMakeLists.txt.orig ./CMakeLists.txt ---- ./CMakeLists.txt.orig 2017-03-19 13:11:32.426142255 +0100 -+++ ./CMakeLists.txt 2017-03-19 13:15:02.626150970 +0100 -@@ -17,8 +17,13 @@ if (WIN32) - execute_process(COMMAND cmd /c echo %DATE% %TIME% OUTPUT_VARIABLE TIMESTAMP - OUTPUT_STRIP_TRAILING_WHITESPACE) - else (WIN32) -- execute_process(COMMAND date "+%F %T%z" OUTPUT_VARIABLE TIMESTAMP -+ if(DEFINED ENV{SOURCE_DATE_EPOCH}) -+ execute_process(COMMAND date -d "@$ENV{SOURCE_DATE_EPOCH}" "+%F %T%z" OUTPUT_VARIABLE TIMESTAMP - OUTPUT_STRIP_TRAILING_WHITESPACE) -+ else() -+ execute_process(COMMAND date "+%F %T%z" OUTPUT_VARIABLE TIMESTAMP -+ OUTPUT_STRIP_TRAILING_WHITESPACE) -+ endif() - endif (WIN32) - - add_definitions (-DCMAKE -DVERSION=\"${VERSION}\" -DTIMESTAMP=\"${TIMESTAMP}\") diff --git a/mosquitto-1.4.15.tar.gz b/mosquitto-1.4.15.tar.gz deleted file mode 100644 index 919e8e0..0000000 --- a/mosquitto-1.4.15.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83 -size 368961 diff --git a/mosquitto-1.5.tar.gz b/mosquitto-1.5.tar.gz new file mode 100644 index 0000000..2dca082 --- /dev/null +++ b/mosquitto-1.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:80c9606a906c736fe582b67bdfb650ee45239fea058fe34927f81277d3486e21 +size 419614 diff --git a/mosquitto.changes b/mosquitto.changes index d8a3dc0..f6b5ba8 100644 --- a/mosquitto.changes +++ b/mosquitto.changes @@ -1,3 +1,161 @@ +------------------------------------------------------------------- +Thu May 3 18:47:04 UTC 2018 - mardnh@gmx.de + +- Update to version 1.5 + Security: + * Fix memory leak that could be caused by a malicious CONNECT packet. This + does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) + + Broker features: + * Add per_listener_settings to allow authentication and access control to be + per listener. + * Add limited support for reloading listener settings. This allows settings + for an already defined listener to be reloaded, but port numbers must not be + changed. + * Add ability to deny access to SUBSCRIBE messages as well as the current + read/write accesses. Currently for auth plugins only. + * Reduce calls to malloc through the use of UHPA. + * Outgoing messages with QoS>1 are no longer retried after a timeout period. + Messages will be retried when a client reconnects. This change in behaviour + can be justified by considering when the timeout may have occurred. + + If a connection is unreliable and has dropped, but without one end + noticing, the messages will be retried on reconnection. Sending + additional PUBLISH or PUBREL would not have changed anything. + + If a client is overloaded/unable to respond/has a slow connection then + sending additional PUBLISH or PUBREL would not help the client catch + up. Once the backlog has cleared the client will respond. If it is not + able to catch up, sending additional duplicates would not help either. + * Add use_subject_as_username option for certificate based client + authentication to use the entire certificate subject as a username, rather + than just the CN. Closes #469467. + * Change sys tree printing output. This format shouldn't be relied upon and + may change at any time. Closes #470246. + * Minimum supported libwebsockets version is now 1.3. + * Add systemd startup notification and services. Closes #471053. + * Reduce unnecessary malloc and memcpy when receiving a message and storing + it. Closes #470258. + * Support for Windows XP has been dropped. + * Bridge connections now default to using MQTT v3.1.1. + * mosquitto_db_dump tool can now output some stats on clients. + * Perform utf-8 validation on incoming will, subscription and unsubscription + topics. + * new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored) + * new $SYS/broker/store/messages/bytes + * max_queued_bytes feature to limit queues by real size rather than + than just message count. Closes Eclipse #452919 or Github #100 + * Add support for bridges to be configured to only send notifications to the + local broker. + * Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on + client sockets. Closes #433. + * The behaviour of allow_anonymous has changed. In the old behaviour, the + default if not set was to allow anonymous access. The new behaviour is to + default is to allow anonymous access unless another security option is set. + For example, if password_file is set and allow_anonymous is not set, then + anonymous access will be denied. It is still possible to allow anonymous + access by setting it explicitly. + Broker fixes: + * Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665. + * Produce an error if two bridges share the same local_clientid. + * Miscellaneous fixes on Windows. + * queue_qos0_messages was not observing max_queued_** limits + * When using the include_dir configuration option sort the files + alphabetically before loading them. Closes #17. + * IPv6 is no longer disabled for websockets listeners. + * Remove all build timestamp information including $SYS/broker/timestamp. + Close #651. + * Correctly handle incoming strings that contain a NULL byte. Closes #693. + * Use constant time memcmp for password comparisons. + * Fix incorrect PSK key being used if it had leading zeroes. + * Fix memory leak if a client provided a username/password for a listener with + use_identity_as_username configured. + * Fix use_identity_as_username not working on websockets clients. + * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on + a websockets client. Closes #490. + * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. + * Lines in the config file are no longer limited to 1024 characters long. + Closes #652. + * Fix $SYS counters of messages and bytes sent when message is sent over + a Websockets. Closes #250. + * Fix upgrade_outgoing_qos for retained message. Closes #534. + * Fix CONNACK message not being sent for unauthorised connect on websockets. + Closes #8. + * Maximum connections on Windows increased to 2048. + * When a client with an in-use client-id connects, if the old client has a + will, send the will message. Closes #26. + * Fix parsing of configuration options that end with a space. Closes #804. + + Client library features: + * Outgoing messages with QoS>1 are no longer retried after a timeout period. + Messages will be retried when a client reconnects. + * DNS-SRV support is now disabled by default. + * Add mosquitto_subscribe_simple() This is a helper function to make + retrieving messages from a broker very straightforward. Examples of its use + are in examples/subscribe_simple. + * Add mosquitto_subscribe_callback() This is a helper function to make + processing messages from a broker very straightforward. An example of its use + is in examples/subscribe_simple. + * Connections now default to using MQTT v3.1.1. + * Add mosquitto_validate_utf8() to check whether a string is valid UTF-8 + according to the UTF-8 spec and to the additional restrictions imposed by + the MQTT spec. + * Topic inputs are checked for UTF-8 validity. + * Add mosquitto_userdata function to allow retrieving the client userdata + member variable. Closes #111. + * Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and + mosquitto_topic_matches_sub2() which are identical to the similarly named + functions but also take length arguments. + * Add mosquitto_connect_with_flags_callback_set(), which allows a second + connect callback to be used which also exposes the connect flags parameter. + Closes #738 and #128. + * Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used + instead of the one generated by libmosquitto. This allows greater control + over what options can be set. Closes #715. + * Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have + the default libmosquitto SSL_CTX configuration applied to the user provided + SSL_CTX. Closes #567. + + Client library fixes: + * Fix incorrect PSK key being used if it had leading zeroes. + * Initialise "result" variable as soon as possible in + mosquitto_topic_matches_sub. Closes #654. + * No need to close socket again if setting non-blocking failed. Closes #649. + * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against + foo/+/#. Closes #670. + * SNI host support added. + + Client features: + * Add -F to mosquitto_sub to allow the user to choose the output format. + * Add -U to mosquitto_sub for unsubscribing from topics. + * Add -c (clean session) to mosquitto_pub. + * Add --retained-only to mosquitto_sub to exit after receiving all retained + messages. + * Add -W to allow mosquitto_sub to stop processing incoming messages after a + timeout. + * Connections now default to using MQTT v3.1.1. + * Default to using port 8883 when using TLS. + * mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the + connection was refused. + + Client fixes: + * Correctly handle empty files with "mosquitto_pub -l". Closes #676. + + Build: + * Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip + executables and shared libraries when installing. + * Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will + build and install static versions of the client libraries. + * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. + * Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are + no longer supported by openssl. + + Documentation: + * Replace mentions of deprecated 'c_rehash' with 'openssl rehash'. + +- Remove patch: + * mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch (not longer needed) +- Support for tcp-wrapper is broken atm, disable for now + + ------------------------------------------------------------------- Thu Mar 1 14:37:54 UTC 2018 - mardnh@gmx.de @@ -42,7 +200,6 @@ Thu Mar 1 14:37:54 UTC 2018 - mardnh@gmx.de Build: * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. - ------------------------------------------------------------------- Mon Oct 2 10:57:39 UTC 2017 - mardnh@gmx.de diff --git a/mosquitto.spec b/mosquitto.spec index c5ab06e..d8ca72c 100644 --- a/mosquitto.spec +++ b/mosquitto.spec @@ -16,20 +16,23 @@ # +%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services +%define home %{_localstatedir}/lib/%{name} +%define c_lib libmosquitto1 +%define cpp_lib libmosquittopp1 %if 0%{?suse_version} > 1230 || 0%{?rhel_version} > 600 || 0%{?centos_version} > 600 || 0%{?fedora_version} >= 20 || 0%{?el7}%{?fc20}%{?fc21}%{?fc22}%{?fc23}%{?fc24}%{?fc25} %bcond_without systemd %else %bcond_with systemd %endif %bcond_without websockets - Name: mosquitto -Version: 1.4.15 +Version: 1.5 Release: 0 Summary: A MQTT v3.1/v3.1.1 Broker License: EPL-1.0 Group: Productivity/Networking/Other -Url: http://mosquitto.org/ +URL: http://mosquitto.org/ Source: http://mosquitto.org/files/source/mosquitto-%{version}.tar.gz Source1: mosquitto.service Source2: mosquitto.fw @@ -37,28 +40,20 @@ Source4: README-conf-d Source5: README-ca_certificates Source6: README-certs Patch0: mosquitto-1.4.1_apparmor.patch -# PATCH-FIX-UPSTREAM mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch -- Make the build reproducible -Patch1: mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libcares-devel BuildRequires: libuuid-devel +BuildRequires: openssl-devel >= 1.0.0 +BuildRequires: tcpd-devel +Requires(pre): shadow %if %{with websockets} BuildRequires: libwebsockets-devel %endif -BuildRequires: openssl-devel >= 1.0.0 -BuildRequires: tcpd-devel %if %{with systemd} BuildRequires: pkgconfig(systemd) %{?systemd_requires} %endif -Requires(pre): shadow - -%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services -%define home /var/lib/%{name} -%define c_lib libmosquitto1 -%define cpp_lib libmosquittopp1 %description Mosquitto is a message broker that implements the @@ -71,7 +66,6 @@ that Andy Stanford-Clark (one of the originators of MQTT) has done in home monitoring and automation with his twittering house and twittering ferry. %package -n %{c_lib} - Summary: Shared C Library for %{name} Group: Development/Libraries/C and C++ @@ -82,9 +76,7 @@ lightweight method of carrying out messaging using a publish/subscribe model. This package holds the shared C library. - %package -n %{cpp_lib} - Summary: Shared C++ Library for %{name} Group: Development/Libraries/C and C++ @@ -96,12 +88,12 @@ lightweight method of carrying out messaging using a publish/subscribe model. This package holds the shared C++ library. %package devel +Summary: Development files for %{name} +Group: Development/Libraries/C and C++ Requires: %{c_lib} = %{version} Requires: %{cpp_lib} = %{version} Provides: libmosquitto-devel = %{version}-%{release} Provides: libmosquittopp-devel = %{version}-%{release} -Summary: Development files for %{name} -Group: Development/Libraries/C and C++ %description devel Mosquitto is a message broker that implements the @@ -111,7 +103,6 @@ lightweight method of carrying out messaging using a publish/subscribe model. This package holds the development files. %package clients - Summary: Client for Mosquitto Group: Productivity/Networking/Other @@ -130,7 +121,6 @@ Client for Mosquitto. %prep %setup -q %patch0 -p1 -%patch1 find misc -type f -exec chmod a-x "{}" "+" %build @@ -138,31 +128,31 @@ find misc -type f -exec chmod a-x "{}" "+" %if %{with websockets} -DWITH_WEBSOCKETS=ON \ %endif - -DUSE_LIBWRAP=ON + -DUSE_LIBWRAP=OFF make %install %cmake_install %if %{with systemd} -install -D -m 0644 %{S:1} \ +install -D -m 0644 %{SOURCE1} \ %{buildroot}%{_unitdir}/%{name}.service ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %endif install -Dd -m 0750 %{buildroot}%{home} chmod -R o= %{buildroot}%{_sysconfdir}/%{name}/ %if 0%{?suse_version} -install -D -m 644 %{S:2} %{buildroot}%{_fwdefdir}/mosquitto -install -D -m 644 security/mosquitto.apparmor %{buildroot}/etc/apparmor.d/usr.sbin.mosquitto -install -D -m 755 -d %{buildroot}/etc/apparmor.d/local/ -echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" > %{buildroot}/etc/apparmor.d/local/usr.sbin.mosquitto +install -D -m 644 %{SOURCE2} %{buildroot}%{_fwdefdir}/mosquitto +install -D -m 644 security/mosquitto.apparmor %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.mosquitto +install -D -m 755 -d %{buildroot}%{_sysconfdir}/apparmor.d/local/ +echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto %endif -install -D -m 644 %{S:4} %{buildroot}/etc/mosquitto/conf.d/README -install -D -m 644 %{S:5} %{buildroot}/etc/mosquitto/ca_certificates/README -install -D -m 644 %{S:6} %{buildroot}/etc/mosquitto/certs/README +install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/mosquitto/conf.d/README +install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/mosquitto/ca_certificates/README +install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/mosquitto/certs/README %pre -getent group %{name} || /usr/sbin/groupadd -r %{name} -getent passwd %{name} || /usr/sbin/useradd -g %{name} -s /bin/false -r -c "%{name}" -d %{home} %{name} +getent group %{name} || %{_sbindir}/groupadd -r %{name} +getent passwd %{name} || %{_sbindir}/useradd -g %{name} -s /bin/false -r -c "%{name}" -d %{home} %{name} # START BIG SYSTEMD %if %{with systemd} %if 0%{?suse_version} @@ -200,7 +190,8 @@ getent passwd %{name} || /usr/sbin/useradd -g %{name} -s /bin/false -r -c "%{nam %files %defattr(-,root,root) -%doc edl-v10 epl-v10 LICENSE.txt +%license LICENSE.txt +%doc edl-v10 epl-v10 %doc CONTRIBUTING.md ChangeLog.txt readme.md *.html *.example %doc examples/ logo/ security/ misc/ %config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/mosquitto/ @@ -219,16 +210,17 @@ getent passwd %{name} || /usr/sbin/useradd -g %{name} -s /bin/false -r -c "%{nam %endif %dir %attr(-,%{name},%{name}) %{home} %if 0%{?suse_version} -%dir /etc/apparmor.d/ -%dir /etc/apparmor.d/local/ -%config /etc/apparmor.d/usr.sbin.mosquitto -%config(noreplace) /etc/apparmor.d/local/usr.sbin.mosquitto +%dir %{_sysconfdir}/apparmor.d/ +%dir %{_sysconfdir}/apparmor.d/local/ +%config %{_sysconfdir}/apparmor.d/usr.sbin.mosquitto +%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto %config(noreplace) %{_fwdefdir}/mosquitto %endif %files clients %defattr(-,root,root,-) -%doc edl-v10 epl-v10 LICENSE.txt +%license LICENSE.txt +%doc edl-v10 epl-v10 %{_bindir}/mosquitto_pub %{_bindir}/mosquitto_sub %{_mandir}/man1/mosquitto_pub.1%{ext_man} @@ -236,12 +228,14 @@ getent passwd %{name} || /usr/sbin/useradd -g %{name} -s /bin/false -r -c "%{nam %files -n %{c_lib} %defattr(-,root,root) -%doc edl-v10 epl-v10 LICENSE.txt +%license LICENSE.txt +%doc edl-v10 epl-v10 %{_libdir}/libmosquitto.so.* %files -n %{cpp_lib} %defattr(-,root,root) -%doc edl-v10 epl-v10 LICENSE.txt +%license LICENSE.txt +%doc edl-v10 epl-v10 %{_libdir}/libmosquittopp.so.* %files devel @@ -249,8 +243,11 @@ getent passwd %{name} || /usr/sbin/useradd -g %{name} -s /bin/false -r -c "%{nam %{_libdir}/libmosquitto.so %{_libdir}/libmosquittopp.so %{_includedir}/mosquitto.h +%{_includedir}/mosquitto_broker.h %{_includedir}/mosquitto_plugin.h %{_includedir}/mosquittopp.h %{_mandir}/man3/libmosquitto.3%{ext_man} +%{_libdir}/pkgconfig/libmosquitto.pc +%{_libdir}/pkgconfig/libmosquittopp.pc %changelog