From 64e47e8efe9642f31bc3cb1ddc86458769d855b8eff4edf79df5781f44216857 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 22 Feb 2026 20:07:41 +0100
Subject: [PATCH] update to 2.0.23 boo#1258671

---
 mosquitto-2.0.20.tar.gz     |  3 --
 mosquitto-2.0.20.tar.gz.sig | 16 -------
 mosquitto-2.0.23.tar.gz     |  3 ++
 mosquitto-2.0.23.tar.gz.sig | 16 +++++++
 mosquitto.changes           | 86 ++++++++++++++++++++++++++++++++++++-
 mosquitto.service           |  1 +
 mosquitto.spec              | 12 +++---
 7 files changed, 111 insertions(+), 26 deletions(-)
 delete mode 100644 mosquitto-2.0.20.tar.gz
 delete mode 100644 mosquitto-2.0.20.tar.gz.sig
 create mode 100644 mosquitto-2.0.23.tar.gz
 create mode 100644 mosquitto-2.0.23.tar.gz.sig

diff --git a/mosquitto-2.0.20.tar.gz b/mosquitto-2.0.20.tar.gz
deleted file mode 100644
index 64c06f8..0000000
--- a/mosquitto-2.0.20.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ebd07d89d2a446a7f74100ad51272e4a8bf300b61634a7812e19f068f2759de8
-size 799972
diff --git a/mosquitto-2.0.20.tar.gz.sig b/mosquitto-2.0.20.tar.gz.sig
deleted file mode 100644
index 1514fa7..0000000
--- a/mosquitto-2.0.20.tar.gz.sig
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmcQEyoACgkQd5si37Pn
-F7fc9A/9FCsxYzmotWVwomE35CkqvhN+L2MR//3/7v+VrJTxrvmONDsP6JFg5QxQ
-LZalkFlDGc9hAU/53UEEO17+i6ZQQFwbgr0VD6m2rbGhTW/8zjtIQ1oCHFfk/slo
-/pgIVKrTiop+Nz9K17QlvHPgdxzvELhRX3fEMfNAuMEmvjtG4diL4I7YZkiLrabZ
-fR4SlOvzGH+vtraKQdguE2bRLyJu6wJ/FjZSmqTaolJcgH65ySvaJegY6mF/dwn0
-EcI9qizcHwxEYZKrGLdtogd7/IxasbTZCy57ufltNNnKWLO/FKbyWW4SlIiJFkVw
-9qN2Qp0d+l1Jks8PYuHRyyzlyDbYQkDZRVpSIULBt55nNJueuzqrXfWGkyuby61B
-pPRY4ZWtT6YQfZfN8Imxerg/OGbOxB0DuYZJjQVeJZrbxkIGAPDVwllztgvVwAID
-PtU2760HNDGxpVrNJt6QKnzGDWEspeaMUt+H4nk1K1PKpXKJue6s/0Y9vzD6Xt+R
-pwNVyOoTd5ObBURUSqM99EhcTVKoSTr3P6Ncbupfao5WoQcSanyshNp15+hzHOCV
-iP8RfYZH4ufBtEOwPtLblxpAp/hy4s5CBkz8uSdkxEAF+Njz8mMBRIv6aNzc3rJp
-x2UowVhDhhUJe+Fl9LcmmV4ZDzpsqOiRY05haQWk2WN8kZpI/BM=
-=OaGg
------END PGP SIGNATURE-----
diff --git a/mosquitto-2.0.23.tar.gz b/mosquitto-2.0.23.tar.gz
new file mode 100644
index 0000000..3dbdc64
--- /dev/null
+++ b/mosquitto-2.0.23.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:47d66fc98d9f8714bdc700dfe690dbe80c9fbe93c00a21b04dc61d00e1667b34
+size 819856
diff --git a/mosquitto-2.0.23.tar.gz.sig b/mosquitto-2.0.23.tar.gz.sig
new file mode 100644
index 0000000..f5b2b50
--- /dev/null
+++ b/mosquitto-2.0.23.tar.gz.sig
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAml7zdsACgkQd5si37Pn
+F7fipw/9EDrXc4kFM5sDUxk82FrzOKj0wLKsxg/qpUagElLqndardcOl/IVxGXQc
+NX0KfQ2laDIiGi2kUN7n/AgRyKYwznnYfTFCCzLITlhJtJ1lMAavEx3kT+v/2ezc
+xzzSUZy8triZShof+PFxDojqM7m9DZPSf4zuolBVxwFJnSUipLBxHeGqJzyFZza1
+UhAmObB8FwIi8oJszAgjuc0wzU4yOp6ttI565w6h/5lHiRDPh757ooJdSW4lQmEC
+6LSVO50/qXK4ah/dl7ppJVRK6VFcWt3rmPYOpw2ZH8NtKE2VABfYY8Tsfn7sfUTC
+6Isfl7ySIGFyuRya8CDta+N3JIV9PeI5WoGK5+n0fLNBhuQW6jeU0Qum231jQ2En
+mC7VcDK/7IMR/L092try8f2cNk7kQVe2a3fX4W9qHNKdnkELdS2J/vl90AZ05pd5
+fxenICsoOWme8Xk5Z+akPE7rY6hmVQFCIH8cAG8zrQhi6uCY2dWUeJIZGFIVx1SA
+xCxvDUnzwyGG0D5B/7vG7IJVhuG6I7RKnJif6AhhwC98Ew5LC9arX/+v3V2rmhcE
+ll1+Ed06Z3yccr+geujA9wFr8B9KJKYI0k7xLAzV0wBjlzuZU09U/TE7w2h7ibuB
+qo6xZABmNn95Mvp5c+s1N5OQF3CO4yr+L+mVtyXPQAiYMKjmwZ4=
+=zyu7
+-----END PGP SIGNATURE-----
diff --git a/mosquitto.changes b/mosquitto.changes
index a4c019c..c3029a5 100644
--- a/mosquitto.changes
+++ b/mosquitto.changes
@@ -1,3 +1,87 @@
+-------------------------------------------------------------------
+Sat Feb 21 11:09:25 UTC 2026 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 2.0.23 (boo#1258671)
+  * Fix handling of disconnected sessions for `per_listener_settings
+    true`
+  * Check return values of openssl *_get_ex_data() and
+    *_set_ex_data() to prevent possible crash. This could occur only
+    in extremely unlikely situations
+  * Check return value of openssl ASN1_string_[get0_]data()
+    functions for NULL. This prevents a crash in case of incorrect
+    certificate handling in openssl
+  * Fix potential crash on startup if a malicious/corrupt
+    persistence file from mosquitto 1.5 or earlier is loaded
+  * Limit auto_id_prefix to 50 characters
+
+-------------------------------------------------------------------
+Mon Jul 14 12:28:00 UTC 2025 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 2.0.22
+  Broker
+  * Bridge: Fix idle_timeout never occurring for lazy bridges.
+  * Fix case where max_queued_messages = 0 was not treated as
+    unlimited.
+  * Fix --version exit code and output.
+  * Fix crash on receiving a $CONTROL message over a bridge, if
+    per_listener_settings is set true and the bridge is carrying
+    out topic remapping.
+  * Fix incorrect reference clock being selected on startup on
+    Linux. Closes #3238.
+  * Fix reporting of client disconnections being incorrectly
+    attributed to "out of memory".
+  * Fix compilation when using WITH_OLD_KEEPALIVE.
+  * Fix problems with secure websockets.
+  * Fix crash on exit when using WITH_EPOLL=no.
+  * Fix clients being incorrectly expired when they have
+    keepalive == max_keepalive. Closes #3226, #3286.
+  Dynamic security plugin
+  * Fix mismatch memory free when saving config which caused
+    memory tracking to be incorrect.
+  Client library
+  * Fix C++ symbols being removed when compiled with link time
+    optimisation.
+  * TLS error handling was incorrectly setting a protocol error
+    for non-TLS errors. This would cause the mosquitto_loop_start()
+    thread to exit if no broker was available on the first
+    connection attempt. This has been fixed. Closes #3258.
+  * Fix linker errors on some architectures using cmake.
+
+-------------------------------------------------------------------
+Thu Mar  6 20:46:07 UTC 2025 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 2.0.21
+  Broker
+  * Fix clients sending a RESERVED packet not being quickly
+    disconnected.
+  * Fix bind_interface producing an error when used with an
+    interface that has an IPv6 link-local address and no other
+    IPv6 addresses.
+  * Fix mismatched wrapped/unwrapped memory alloc/free in
+    properties.
+  * Fix allow_anonymous false not being applied in local only mode.
+  * Add retain_expiry_interval option to fix expired retained
+    message not being removed from memory if they are not
+    subscribed to.
+  * Produce an error if invalid combinations of
+    cafile/capath/certfile/keyfile are used.
+  * Backport keepalive checking from develop to fix problems in
+    current implementation.
+  Client library
+  * Fix potential deadlock in mosquitto_sub if -W is used.
+  Apps
+  * mosquitto_ctrl dynsec now also allows -i to specify a clientid
+    as well as -c. This matches the documentation which states -i.
+  Tests
+  * Fix 08-ssl-connect-cert-auth-expired and
+    08-ssl-connect-cert-auth-revoked tests when under load.
+
+-------------------------------------------------------------------
+Fri Nov  8 16:32:01 UTC 2024 - Adrian Schröter <adrian@suse.de>
+
+- systemd service: Wait till the network got setup to avoid
+  startup failure.
+
 -------------------------------------------------------------------
 Sat Oct 19 08:56:14 UTC 2024 - Martin Hauke <mardnh@gmx.de>
 
@@ -11,7 +95,7 @@ Sat Oct 19 08:56:14 UTC 2024 - Martin Hauke <mardnh@gmx.de>
 -------------------------------------------------------------------
 Thu Oct  3 12:22:10 UTC 2024 - Martin Hauke <mardnh@gmx.de>
 
-- Update to version 2.0.19
+- Update to version 2.0.19 (CVE-2024-3935 bsc#1232635, CVE-2024-10525 bsc#1232636):
   Security:
   * Fix mismatched subscribe/unsubscribe with normal/shared topics.
   * Fix crash on bridge using remapped topic being sent a crafted
diff --git a/mosquitto.service b/mosquitto.service
index e520498..8417563 100644
--- a/mosquitto.service
+++ b/mosquitto.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Mosquitto MQTT v3.1/v3.1.1 Broker
 Documentation=man:mosquitto.conf(5) man:mosquitto(8)
+After=network-online.target nss-lookup.target
 
 [Service]
 # added automatically, for details please see
diff --git a/mosquitto.spec b/mosquitto.spec
index 08d8ca0..55a22db 100644
--- a/mosquitto.spec
+++ b/mosquitto.spec
@@ -1,7 +1,8 @@
 #
 # spec file for package mosquitto
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +21,7 @@
 %define c_lib   libmosquitto1
 %define cpp_lib libmosquittopp1
 Name:           mosquitto
-Version:        2.0.20
+Version:        2.0.23
 Release:        0
 Summary:        A MQTT v3.1/v3.1.1 Broker
 License:        EPL-1.0
@@ -151,10 +152,8 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}-user.conf
 %postun
 %service_del_postun %{name}.service
 
-%post -n %{c_lib} -p /sbin/ldconfig
-%postun -n %{c_lib} -p /sbin/ldconfig
-%post -n %{cpp_lib} -p /sbin/ldconfig
-%postun -n %{cpp_lib} -p /sbin/ldconfig
+%ldconfig_scriptlets -n %{c_lib}
+%ldconfig_scriptlets -n %{cpp_lib}
 
 %files
 %license edl-v10 epl-v20 LICENSE.txt
@@ -200,6 +199,7 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}-user.conf
 %{_libdir}/libmosquittopp.so.*
 
 %files devel
+%license edl-v10 epl-v20 LICENSE.txt
 %{_libdir}/libmosquitto.so
 %{_libdir}/libmosquittopp.so
 %{_includedir}/mosquitto.h
-- 
2.51.1