Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2018-03-04 12:51:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mosquitto" Sun Mar 4 12:51:57 2018 rev:4 rq:582184 version:1.4.15 Changes: -------- --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2017-10-09 19:40:50.323051990 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2018-03-04 12:52:40.003453739 +0100 @@ -1,0 +2,45 @@ +Thu Mar 1 14:37:54 UTC 2018 - mar...@gmx.de + +- Update to version 1.4.15 + Security: + * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more + file descriptors, then opening the configuration file will fail and security + settings will be set back to their default values. + * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by + setting "remaining length" to be a large value. This is now mitigated by + limiting the size of remaining length to valid values. A "memory_limit" + configuration option has also been added to allow the overall memory used by + the broker to be limited. + + Broker: + * Use constant time memcmp for password comparisons. + * Fix incorrect PSK key being used if it had leading zeroes. + * Fix memory leak if a client provided a username/password for a listener with + use_identity_as_username configured. + * Fix use_identity_as_username not working on websockets clients. + * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on + a websockets client. Closes #490. + * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. + * Lines in the config file are no longer limited to 1024 characters long. + Closes #652. + * Fix $SYS counters of messages and bytes sent when message is sent over + a Websockets. Closes #250. + * Fix upgrade_outgoing_qos for retained message. Closes #534. + * Fix CONNACK message not being sent for unauthorised connect on websockets. + Closes #8. + + Client library: + * Fix incorrect PSK key being used if it had leading zeroes. + * Initialise "result" variable as soon as possible in + mosquitto_topic_matches_sub. Closes #654. + * No need to close socket again if setting non-blocking failed. Closes #649. + * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against + foo/+/#. Closes #670. + + Clients: + * Correctly handle empty files with "mosquitto_pub -l". Closes #676. + + Build: + * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. + +------------------------------------------------------------------- Old: ---- mosquitto-1.4.14.tar.gz New: ---- mosquitto-1.4.15.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mosquitto.spec ++++++ --- /var/tmp/diff_new_pack.lwriaj/_old 2018-03-04 12:52:40.791425026 +0100 +++ /var/tmp/diff_new_pack.lwriaj/_new 2018-03-04 12:52:40.791425026 +0100 @@ -1,7 +1,7 @@ # # spec file for package mosquitto # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %bcond_without websockets Name: mosquitto -Version: 1.4.14 +Version: 1.4.15 Release: 0 Summary: A MQTT v3.1/v3.1.1 Broker License: EPL-1.0 ++++++ mosquitto-1.4.14.tar.gz -> mosquitto-1.4.15.tar.gz ++++++ ++++ 2588 lines of diff (skipped)