aa8a7c3428
- update to 2.0.18 (bsc#1214918, CVE-2023-28366, bsc#1215865,
CVE-2023-0809, bsc#1215864, CVE-2023-3592):
* Fix crash on subscribe under certain unlikely conditions.
* Fix mosquitto_rr not honouring `-R`. Closes #2893.
* Fix `max_queued_messages 0` stopping clients from receiving
messages.
* Fix `max_inflight_messages` not being set correctly.
* Fix `mosquitto_passwd -U` backup file creation.
* CVE-2023-28366: Fix memory leak in broker when clients send
multiple QoS 2 messages with the same message ID, but then
never respond to the PUBREC commands.
* CVE-2023-0809: Fix excessive memory being allocated based on
malicious initial packets that are not CONNECT packets.
* CVE-2023-3592: Fix memory leak when clients send v5 CONNECT
packets with a will message that contains invalid property
types.
* Broker will now reject Will messages that attempt to publish
to $CONTROL/.
* Broker now validates usernames provided in a TLS certificate
or TLS-PSK identity are valid UTF-8.
* Fix potential crash when loading invalid persistence file.
* Library will no longer allow single level wildcard
certificates, e.g. *.com
* Fix $SYS messages being expired after 60 seconds and hence
unchanged values disappearing.
* Fix some retained topic memory not being cleared immediately
after used.
* Fix error handling related to the `bind_interface` option.
* Fix std* files not being redirected when daemonising, when
built with assertions removed.
OBS-URL: https://build.opensuse.org/request/show/1135794
OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=63
17 lines
833 B
Standard ML
17 lines
833 B
Standard ML
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmUIwT4ACgkQd5si37Pn
|
|
F7cZfBAAp/pcUhCv3fguP2xroaQV1HC1Wl7KfEplF9cAkFnW893xgnSDo0qj8Mo2
|
|
/DRekji8vZyoI3V2+S7QNFnbSjCsqfgnVSopHHOpm5xLWZ3xaQwo6FSfmgDEstIA
|
|
YP5YoAbaTI69MbIqE1YqWISx/v0azc8T4zVQI8fMIew3GU8yg1ajaGJRH6kpskdg
|
|
hzrxE97ET4pPEwEo1wVI/lx2QKXXMfDjhge97UH0XendlOJwpUdDVqFprKBctsKE
|
|
9zUGAdN6UvTkCBJs2kFfqmNA2ivrbaUQs3v8Hn3cizNMOV+tbm4AGhBJ+jZAgx4d
|
|
fp87+Pj4eiSs0o01gVsIUO4aQzwL2VM+ZNcRJHp/UZPEsaKlg6oS+nCceJg4N14V
|
|
ue6HHc56RULQ/MFTLmK1uHtp6mWGi9Gqj/nIBh7je/uI+DzMUUpboYazjhH7pkhz
|
|
KIQ07tDV/HJOKVupRc80qXp6z4mIlVH9eFvCWu6r1nRB053zv4Axvi/Br+Hygqe4
|
|
0N/nxWFhl//xredL5eeh3U651WCjcgFazsboHqlDh/+aRMbAfPl22CoKr+4U5W5t
|
|
ThvlrHpYekUvbd1WEJSM+DiiDzB4gfSRB91npQlbtbTOlZpfzeUt+QNSbAFIKWBF
|
|
QPFCdddTFnDHd5bFFPjGqUdIzWbf9bSYn8QeNdcIRCkQLlmEZas=
|
|
=Ucew
|
|
-----END PGP SIGNATURE-----
|