From b128fafa87cb41a07d4056ad596419ed1da3892c11cae3f22f2f9dae2146b73d Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@noreply.src.opensuse.org>
Date: Mon, 23 Feb 2026 10:13:08 +0100
Subject: [PATCH] Update submodules from pool/mosquitto#2 and create
 patchinfo.20260223091213884795.93181000773252/_patchinfo

---
 mosquitto                                     |  2 +-
 .../_patchinfo                                | 88 +++++++++++++++++++
 2 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 patchinfo.20260223091213884795.93181000773252/_patchinfo

diff --git a/mosquitto b/mosquitto
index fd40b6c..64e47e8 160000
--- a/mosquitto
+++ b/mosquitto
@@ -1 +1 @@
-Subproject commit fd40b6c60a248d05c9bef62c9597fcea5d0dbe9e50d30f70e9ddb20c05502af0
+Subproject commit 64e47e8efe9642f31bc3cb1ddc86458769d855b8eff4edf79df5781f44216857
diff --git a/patchinfo.20260223091213884795.93181000773252/_patchinfo b/patchinfo.20260223091213884795.93181000773252/_patchinfo
new file mode 100644
index 0000000..bdb14e3
--- /dev/null
+++ b/patchinfo.20260223091213884795.93181000773252/_patchinfo
@@ -0,0 +1,88 @@
+<patchinfo>
+  <issue tracker="bnc" id="1258671">Mosquitto versions &gt; 2.0.11 and &lt; 2.0.23 have a data loss bug</issue>
+  <issue tracker="cve" id="2024-3935">VUL-0: CVE-2024-3935: mosquitto: double free and subsequent crash when running under bridge mode and processing remote connections</issue>
+  <issue tracker="bnc" id="1232636">VUL-0: CVE-2024-10525: mosquitto: out-of-bounds memory access when acting in an on_subscribe callback for a crafted SUBACK packet with no reason codes</issue>
+  <issue tracker="bnc" id="1232635">VUL-0: CVE-2024-3935: mosquitto: double free and subsequent crash when running under bridge mode and processing remote connections</issue>
+  <issue tracker="cve" id="2024-10525">VUL-0: CVE-2024-10525: mosquitto: out-of-bounds memory access when acting in an on_subscribe callback for a crafted SUBACK packet with no reason codes</issue>
+  <packager>AndreasStieger</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for mosquitto</summary>
+  <description>This update for mosquitto fixes the following issues:
+
+Changes in mosquitto:
+
+- update to 2.0.23 (boo#1258671)
+  * Fix handling of disconnected sessions for `per_listener_settings
+    true`
+  * Check return values of openssl *_get_ex_data() and
+    *_set_ex_data() to prevent possible crash. This could occur only
+    in extremely unlikely situations
+  * Check return value of openssl ASN1_string_[get0_]data()
+    functions for NULL. This prevents a crash in case of incorrect
+    certificate handling in openssl
+  * Fix potential crash on startup if a malicious/corrupt
+    persistence file from mosquitto 1.5 or earlier is loaded
+  * Limit auto_id_prefix to 50 characters
+
+- Update to version 2.0.22
+  Broker
+  * Bridge: Fix idle_timeout never occurring for lazy bridges.
+  * Fix case where max_queued_messages = 0 was not treated as
+    unlimited.
+  * Fix --version exit code and output.
+  * Fix crash on receiving a $CONTROL message over a bridge, if
+    per_listener_settings is set true and the bridge is carrying
+    out topic remapping.
+  * Fix incorrect reference clock being selected on startup on
+    Linux. Closes #3238.
+  * Fix reporting of client disconnections being incorrectly
+    attributed to "out of memory".
+  * Fix compilation when using WITH_OLD_KEEPALIVE.
+  * Fix problems with secure websockets.
+  * Fix crash on exit when using WITH_EPOLL=no.
+  * Fix clients being incorrectly expired when they have
+    keepalive == max_keepalive. Closes #3226, #3286.
+  Dynamic security plugin
+  * Fix mismatch memory free when saving config which caused
+    memory tracking to be incorrect.
+  Client library
+  * Fix C++ symbols being removed when compiled with link time
+    optimisation.
+  * TLS error handling was incorrectly setting a protocol error
+    for non-TLS errors. This would cause the mosquitto_loop_start()
+    thread to exit if no broker was available on the first
+    connection attempt. This has been fixed. Closes #3258.
+  * Fix linker errors on some architectures using cmake.
+
+- Update to version 2.0.21
+  Broker
+  * Fix clients sending a RESERVED packet not being quickly
+    disconnected.
+  * Fix bind_interface producing an error when used with an
+    interface that has an IPv6 link-local address and no other
+    IPv6 addresses.
+  * Fix mismatched wrapped/unwrapped memory alloc/free in
+    properties.
+  * Fix allow_anonymous false not being applied in local only mode.
+  * Add retain_expiry_interval option to fix expired retained
+    message not being removed from memory if they are not
+    subscribed to.
+  * Produce an error if invalid combinations of
+    cafile/capath/certfile/keyfile are used.
+  * Backport keepalive checking from develop to fix problems in
+    current implementation.
+  Client library
+  * Fix potential deadlock in mosquitto_sub if -W is used.
+  Apps
+  * mosquitto_ctrl dynsec now also allows -i to specify a clientid
+    as well as -c. This matches the documentation which states -i.
+  Tests
+  * Fix 08-ssl-connect-cert-auth-expired and
+    08-ssl-connect-cert-auth-revoked tests when under load.
+
+- systemd service: Wait till the network got setup to avoid
+  startup failure.
+</description>
+  <package>mosquitto</package>
+</patchinfo>
-- 
2.51.1