Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2021-04-08 21:32:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mosquitto" Thu Apr 8 21:32:20 2021 rev:21 rq:883701 version:2.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2021-03-30 21:46:28.938715139 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.2401/mosquitto.changes 2021-04-08 21:32:29.463828561 +0200 @@ -1,0 +2,30 @@ +Tue Apr 6 18:58:02 UTC 2021 - Martin Hauke <[email protected]> + +- Update to version 2.0.10 + Security: + * CVE-2021-28166: If an authenticated client connected with + MQTT v5 sent a malformed CONNACK message to the broker a NULL + pointer dereference occurred, most likely resulting in a + segfault. This will be updated with the CVE number when it is + assigned. + Affects versions 2.0.0 to 2.0.9 inclusive. + Broker: + * Don't over write new receive-maximum if a v5 client connects + and takes over an old session. + * Fix CVE-2021-28166. Closes #2163. + Clients: + * Set `receive-maximum` to not exceed the `-C` message count in + mosquitto_sub and mosquitto_rr, to avoid potentially lost + messages. + * Fix TLS-PSK mode not working with port 8883. + Client library: + * Fix possible socket leak. This would occur if a client was + using `mosquitto_loop_start()`, then if the connection failed + due to the remote server being inaccessible they called + `mosquitto_loop_stop(, true)` and recreated the mosquitto + object. + Build: + * A variety of minor build related fixes, like functions not + having previous declarations. + +------------------------------------------------------------------- Old: ---- mosquitto-2.0.9.tar.gz mosquitto-2.0.9.tar.gz.sig New: ---- mosquitto-2.0.10.tar.gz mosquitto-2.0.10.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mosquitto.spec ++++++ --- /var/tmp/diff_new_pack.nqQc4a/_old 2021-04-08 21:32:30.079829237 +0200 +++ /var/tmp/diff_new_pack.nqQc4a/_new 2021-04-08 21:32:30.083829241 +0200 @@ -20,7 +20,7 @@ %define c_lib libmosquitto1 %define cpp_lib libmosquittopp1 Name: mosquitto -Version: 2.0.9 +Version: 2.0.10 Release: 0 Summary: A MQTT v3.1/v3.1.1 Broker License: EPL-1.0 ++++++ fix-undefined-symbols-in-plugins.patch ++++++ --- /var/tmp/diff_new_pack.nqQc4a/_old 2021-04-08 21:32:30.147829311 +0200 +++ /var/tmp/diff_new_pack.nqQc4a/_new 2021-04-08 21:32:30.151829316 +0200 @@ -1,20 +1,20 @@ -Index: mosquitto-2.0.8/plugins/auth-by-ip/CMakeLists.txt -=================================================================== ---- mosquitto-2.0.8.orig/plugins/auth-by-ip/CMakeLists.txt -+++ mosquitto-2.0.8/plugins/auth-by-ip/CMakeLists.txt +diff --git a/plugins/auth-by-ip/CMakeLists.txt b/plugins/auth-by-ip/CMakeLists.txt +index 45260bd..e5e25d8 100644 +--- a/plugins/auth-by-ip/CMakeLists.txt ++++ b/plugins/auth-by-ip/CMakeLists.txt @@ -1,7 +1,7 @@ include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include - ${STDBOOL_H_PATH} ${STDINT_H_PATH}) + ${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH}) -add_library(mosquitto_auth_by_ip SHARED mosquitto_auth_by_ip.c) +add_library(mosquitto_auth_by_ip MODULE mosquitto_auth_by_ip.c) set_target_properties(mosquitto_auth_by_ip PROPERTIES POSITION_INDEPENDENT_CODE 1 ) -Index: mosquitto-2.0.8/plugins/dynamic-security/CMakeLists.txt -=================================================================== ---- mosquitto-2.0.8.orig/plugins/dynamic-security/CMakeLists.txt -+++ mosquitto-2.0.8/plugins/dynamic-security/CMakeLists.txt +diff --git a/plugins/dynamic-security/CMakeLists.txt b/plugins/dynamic-security/CMakeLists.txt +index 213ea03..0e02518 100644 +--- a/plugins/dynamic-security/CMakeLists.txt ++++ b/plugins/dynamic-security/CMakeLists.txt @@ -12,7 +12,7 @@ if (CJSON_FOUND AND WITH_TLS) include_directories(${CLIENT_INC}) link_directories(${CLIENT_DIR} ${mosquitto_SOURCE_DIR}) @@ -24,25 +24,25 @@ acl.c auth.c clients.c -Index: mosquitto-2.0.8/plugins/message-timestamp/CMakeLists.txt -=================================================================== ---- mosquitto-2.0.8.orig/plugins/message-timestamp/CMakeLists.txt -+++ mosquitto-2.0.8/plugins/message-timestamp/CMakeLists.txt +diff --git a/plugins/message-timestamp/CMakeLists.txt b/plugins/message-timestamp/CMakeLists.txt +index e53a4bc..d28cb1d 100644 +--- a/plugins/message-timestamp/CMakeLists.txt ++++ b/plugins/message-timestamp/CMakeLists.txt @@ -1,7 +1,7 @@ include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include - ${STDBOOL_H_PATH} ${STDINT_H_PATH}) + ${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH}) -add_library(mosquitto_message_timestamp SHARED mosquitto_message_timestamp.c) +add_library(mosquitto_message_timestamp MODULE mosquitto_message_timestamp.c) set_target_properties(mosquitto_message_timestamp PROPERTIES POSITION_INDEPENDENT_CODE 1 ) -Index: mosquitto-2.0.8/plugins/payload-modification/CMakeLists.txt -=================================================================== ---- mosquitto-2.0.8.orig/plugins/payload-modification/CMakeLists.txt -+++ mosquitto-2.0.8/plugins/payload-modification/CMakeLists.txt -@@ -2,7 +2,7 @@ include_directories(${mosquitto_SOURCE_D - ${STDBOOL_H_PATH} ${STDINT_H_PATH}) +diff --git a/plugins/payload-modification/CMakeLists.txt b/plugins/payload-modification/CMakeLists.txt +index a449291..e77c870 100644 +--- a/plugins/payload-modification/CMakeLists.txt ++++ b/plugins/payload-modification/CMakeLists.txt +@@ -2,7 +2,7 @@ include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include + ${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH}) link_directories(${mosquitto_SOURCE_DIR}) -add_library(mosquitto_payload_modification SHARED mosquitto_payload_modification.c) ++++++ mosquitto-2.0.9.tar.gz -> mosquitto-2.0.10.tar.gz ++++++ ++++ 2155 lines of diff (skipped)
