Hello community,
here is the log from the commit of package mosquitto for openSUSE:Factory
checked in at 2018-05-15 10:09:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mosquitto (Old)
and /work/SRC/openSUSE:Factory/.mosquitto.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mosquitto"
Tue May 15 10:09:41 2018 rev:5 rq:605073 version:1.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2018-03-04
12:52:40.003453739 +0100
+++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2018-05-15
10:31:51.455591579 +0200
@@ -1,0 +2,158 @@
+Thu May 3 18:47:04 UTC 2018 - mar...@gmx.de
+
+- Update to version 1.5
+ Security:
+ * Fix memory leak that could be caused by a malicious CONNECT packet. This
+ does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker)
+
+ Broker features:
+ * Add per_listener_settings to allow authentication and access control to be
+ per listener.
+ * Add limited support for reloading listener settings. This allows settings
+ for an already defined listener to be reloaded, but port numbers must not
be
+ changed.
+ * Add ability to deny access to SUBSCRIBE messages as well as the current
+ read/write accesses. Currently for auth plugins only.
+ * Reduce calls to malloc through the use of UHPA.
+ * Outgoing messages with QoS>1 are no longer retried after a timeout period.
+ Messages will be retried when a client reconnects. This change in
behaviour
+ can be justified by considering when the timeout may have occurred.
+ + If a connection is unreliable and has dropped, but without one end
+ noticing, the messages will be retried on reconnection. Sending
+ additional PUBLISH or PUBREL would not have changed anything.
+ + If a client is overloaded/unable to respond/has a slow connection then
+ sending additional PUBLISH or PUBREL would not help the client catch
+ up. Once the backlog has cleared the client will respond. If it is not
+ able to catch up, sending additional duplicates would not help either.
+ * Add use_subject_as_username option for certificate based client
+ authentication to use the entire certificate subject as a username, rather
+ than just the CN. Closes #469467.
+ * Change sys tree printing output. This format shouldn't be relied upon and
+ may change at any time. Closes #470246.
+ * Minimum supported libwebsockets version is now 1.3.
+ * Add systemd startup notification and services. Closes #471053.
+ * Reduce unnecessary malloc and memcpy when receiving a message and storing
+ it. Closes #470258.
+ * Support for Windows XP has been dropped.
+ * Bridge connections now default to using MQTT v3.1.1.
+ * mosquitto_db_dump tool can now output some stats on clients.
+ * Perform utf-8 validation on incoming will, subscription and unsubscription
+ topics.
+ * new $SYS/broker/store/messages/count (deprecates
$SYS/broker/messages/stored)
+ * new $SYS/broker/store/messages/bytes
+ * max_queued_bytes feature to limit queues by real size rather than
+ than just message count. Closes Eclipse #452919 or Github #100
+ * Add support for bridges to be configured to only send notifications to the
+ local broker.
+ * Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on
+ client sockets. Closes #433.
+ * The behaviour of allow_anonymous has changed. In the old behaviour, the
+ default if not set was to allow anonymous access. The new behaviour is to
+ default is to allow anonymous access unless another security option is set.
+ For example, if password_file is set and allow_anonymous is not set, then
+ anonymous access will be denied. It is still possible to allow anonymous
+ access by setting it explicitly.
+ Broker fixes:
+ * Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665.
+ * Produce an error if two bridges share the same local_clientid.
+ * Miscellaneous fixes on Windows.
+ * queue_qos0_messages was not observing max_queued_** limits
+ * When using the include_dir configuration option sort the files
+ alphabetically before loading them. Closes #17.
+ * IPv6 is no longer disabled for websockets listeners.
+ * Remove all build timestamp information including $SYS/broker/timestamp.
+ Close #651.
+ * Correctly handle incoming strings that contain a NULL byte. Closes #693.
+ * Use constant time memcmp for password comparisons.
+ * Fix incorrect PSK key being used if it had leading zeroes.
+ * Fix memory leak if a client provided a username/password for a listener
with
+ use_identity_as_username configured.
+ * Fix use_identity_as_username not working on websockets clients.
+ * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
+ a websockets client. Closes #490.
+ * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
+ * Lines in the config file are no longer limited to 1024 characters long.
+ Closes #652.
+ * Fix $SYS counters of messages and bytes sent when message is sent over
+ a Websockets. Closes #250.
+ * Fix upgrade_outgoing_qos for retained message. Closes #534.
+ * Fix CONNACK message not being sent for unauthorised connect on websockets.
+ Closes #8.
+ * Maximum connections on Windows increased to 2048.
+ * When a client with an in-use client-id connects, if the old client has a
+ will, send the will message. Closes #26.
+ * Fix parsing of configuration options that end with a space. Closes #804.
+
+ Client library features:
+ * Outgoing messages with QoS>1 are no longer retried after a timeout period.
+ Messages will be retried when a client reconnects.
+ * DNS-SRV support is now disabled by default.
+ * Add mosquitto_subscribe_simple() This is a helper function to make
+ retrieving messages from a broker very straightforward. Examples of its use
+ are in examples/subscribe_simple.
+ * Add mosquitto_subscribe_callback() This is a helper function to make
+ processing messages from a broker very straightforward. An example of its
use
+ is in examples/subscribe_simple.
+ * Connections now default to using MQTT v3.1.1.
+ * Add mosquitto_validate_utf8() to check whether a string is valid UTF-8
+ according to the UTF-8 spec and to the additional restrictions imposed by
+ the MQTT spec.
+ * Topic inputs are checked for UTF-8 validity.
+ * Add mosquitto_userdata function to allow retrieving the client userdata
+ member variable. Closes #111.
+ * Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and
+ mosquitto_topic_matches_sub2() which are identical to the similarly named
+ functions but also take length arguments.
+ * Add mosquitto_connect_with_flags_callback_set(), which allows a second
+ connect callback to be used which also exposes the connect flags parameter.
+ Closes #738 and #128.
+ * Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used
+ instead of the one generated by libmosquitto. This allows greater control
+ over what options can be set. Closes #715.
+ * Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have
+ the default libmosquitto SSL_CTX configuration applied to the user provided
+ SSL_CTX. Closes #567.
+
+ Client library fixes:
+ * Fix incorrect PSK key being used if it had leading zeroes.
+ * Initialise "result" variable as soon as possible in
+ mosquitto_topic_matches_sub. Closes #654.
+ * No need to close socket again if setting non-blocking failed. Closes #649.
+ * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
+ foo/+/#. Closes #670.
+ * SNI host support added.
+
+ Client features:
+ * Add -F to mosquitto_sub to allow the user to choose the output format.
+ * Add -U to mosquitto_sub for unsubscribing from topics.
+ * Add -c (clean session) to mosquitto_pub.
+ * Add --retained-only to mosquitto_sub to exit after receiving all retained
+ messages.
+ * Add -W to allow mosquitto_sub to stop processing incoming messages after a
+ timeout.
+ * Connections now default to using MQTT v3.1.1.
+ * Default to using port 8883 when using TLS.
+ * mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the
+ connection was refused.
+
+ Client fixes:
+ * Correctly handle empty files with "mosquitto_pub -l". Closes #676.
+
+ Build:
+ * Add WITH_STRIP option (defaulting to "no") that when set to "yes" will
strip
+ executables and shared libraries when installing.
+ * Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will
+ build and install static versions of the client libraries.
+ * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
+ * Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are
+ no longer supported by openssl.
+
+ Documentation:
+ * Replace mentions of deprecated 'c_rehash' with 'openssl rehash'.
+
+- Remove patch:
+ * mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch (not longer needed)
+- Support for tcp-wrapper is broken atm, disable for now
+
+
+-------------------------------------------------------------------
@@ -45 +202,0 @@
-
Old:
----
mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch
mosquitto-1.4.15.tar.gz
New:
----
mosquitto-1.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mosquitto.spec ++++++
--- /var/tmp/diff_new_pack.nHd7Ig/_old 2018-05-15 10:31:52.383557495 +0200
+++ /var/tmp/diff_new_pack.nHd7Ig/_new 2018-05-15 10:31:52.383557495 +0200
@@ -16,20 +16,23 @@
#
+%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
+%define home %{_localstatedir}/lib/%{name}
+%define c_lib libmosquitto1
+%define cpp_lib libmosquittopp1
%if 0%{?suse_version} > 1230 || 0%{?rhel_version} > 600 || 0%{?centos_version}
> 600 || 0%{?fedora_version} >= 20 ||
0%{?el7}%{?fc20}%{?fc21}%{?fc22}%{?fc23}%{?fc24}%{?fc25}
%bcond_without systemd
%else
%bcond_with systemd
%endif
%bcond_without websockets
-
Name: mosquitto
-Version: 1.4.15
+Version: 1.5
Release: 0
Summary: A MQTT v3.1/v3.1.1 Broker
License: EPL-1.0
Group: Productivity/Networking/Other
-Url: http://mosquitto.org/
+URL: http://mosquitto.org/
Source: http://mosquitto.org/files/source/mosquitto-%{version}.tar.gz
Source1: mosquitto.service
Source2: mosquitto.fw
@@ -37,28 +40,20 @@
Source5: README-ca_certificates
Source6: README-certs
Patch0: mosquitto-1.4.1_apparmor.patch
-# PATCH-FIX-UPSTREAM mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch -- Make the
build reproducible
-Patch1: mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: libcares-devel
BuildRequires: libuuid-devel
+BuildRequires: openssl-devel >= 1.0.0
+BuildRequires: tcpd-devel
+Requires(pre): shadow
%if %{with websockets}
BuildRequires: libwebsockets-devel
%endif
-BuildRequires: openssl-devel >= 1.0.0
-BuildRequires: tcpd-devel
%if %{with systemd}
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%endif
-Requires(pre): shadow
-
-%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
-%define home /var/lib/%{name}
-%define c_lib libmosquitto1
-%define cpp_lib libmosquittopp1
%description
Mosquitto is a message broker that implements the
@@ -71,7 +66,6 @@
monitoring and automation with his twittering house and twittering ferry.
%package -n %{c_lib}
-
Summary: Shared C Library for %{name}
Group: Development/Libraries/C and C++
@@ -82,9 +76,7 @@
This package holds the shared C library.
-
%package -n %{cpp_lib}
-
Summary: Shared C++ Library for %{name}
Group: Development/Libraries/C and C++
@@ -96,12 +88,12 @@
This package holds the shared C++ library.
%package devel
+Summary: Development files for %{name}
+Group: Development/Libraries/C and C++
Requires: %{c_lib} = %{version}
Requires: %{cpp_lib} = %{version}
Provides: libmosquitto-devel = %{version}-%{release}
Provides: libmosquittopp-devel = %{version}-%{release}
-Summary: Development files for %{name}
-Group: Development/Libraries/C and C++
%description devel
Mosquitto is a message broker that implements the
@@ -111,7 +103,6 @@
This package holds the development files.
%package clients
-
Summary: Client for Mosquitto
Group: Productivity/Networking/Other
@@ -130,7 +121,6 @@
%prep
%setup -q
%patch0 -p1
-%patch1
find misc -type f -exec chmod a-x "{}" "+"
%build
@@ -138,31 +128,31 @@
%if %{with websockets}
-DWITH_WEBSOCKETS=ON \
%endif
- -DUSE_LIBWRAP=ON
+ -DUSE_LIBWRAP=OFF
make
%install
%cmake_install
%if %{with systemd}
-install -D -m 0644 %{S:1} \
+install -D -m 0644 %{SOURCE1} \
%{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%endif
install -Dd -m 0750 %{buildroot}%{home}
chmod -R o= %{buildroot}%{_sysconfdir}/%{name}/
%if 0%{?suse_version}
-install -D -m 644 %{S:2}
%{buildroot}%{_fwdefdir}/mosquitto
-install -D -m 644 security/mosquitto.apparmor
%{buildroot}/etc/apparmor.d/usr.sbin.mosquitto
-install -D -m 755 -d
%{buildroot}/etc/apparmor.d/local/
-echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" >
%{buildroot}/etc/apparmor.d/local/usr.sbin.mosquitto
-%endif
-install -D -m 644 %{S:4} %{buildroot}/etc/mosquitto/conf.d/README
-install -D -m 644 %{S:5} %{buildroot}/etc/mosquitto/ca_certificates/README
-install -D -m 644 %{S:6} %{buildroot}/etc/mosquitto/certs/README
+install -D -m 644 %{SOURCE2}
%{buildroot}%{_fwdefdir}/mosquitto
+install -D -m 644 security/mosquitto.apparmor
%{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.mosquitto
+install -D -m 755 -d
%{buildroot}%{_sysconfdir}/apparmor.d/local/
+echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" >
%{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto
+%endif
+install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/mosquitto/conf.d/README
+install -D -m 644 %{SOURCE5}
%{buildroot}%{_sysconfdir}/mosquitto/ca_certificates/README
+install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/mosquitto/certs/README
%pre
-getent group %{name} || /usr/sbin/groupadd -r %{name}
-getent passwd %{name} || /usr/sbin/useradd -g %{name} -s /bin/false -r -c
"%{name}" -d %{home} %{name}
+getent group %{name} || %{_sbindir}/groupadd -r %{name}
+getent passwd %{name} || %{_sbindir}/useradd -g %{name} -s /bin/false -r -c
"%{name}" -d %{home} %{name}
# START BIG SYSTEMD
%if %{with systemd}
%if 0%{?suse_version}
@@ -200,7 +190,8 @@
%files
%defattr(-,root,root)
-%doc edl-v10 epl-v10 LICENSE.txt
+%license LICENSE.txt
+%doc edl-v10 epl-v10
%doc CONTRIBUTING.md ChangeLog.txt readme.md *.html *.example
%doc examples/ logo/ security/ misc/
%config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/mosquitto/
@@ -219,16 +210,17 @@
%endif
%dir %attr(-,%{name},%{name}) %{home}
%if 0%{?suse_version}
-%dir /etc/apparmor.d/
-%dir /etc/apparmor.d/local/
-%config /etc/apparmor.d/usr.sbin.mosquitto
-%config(noreplace) /etc/apparmor.d/local/usr.sbin.mosquitto
+%dir %{_sysconfdir}/apparmor.d/
+%dir %{_sysconfdir}/apparmor.d/local/
+%config %{_sysconfdir}/apparmor.d/usr.sbin.mosquitto
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto
%config(noreplace) %{_fwdefdir}/mosquitto
%endif
%files clients
%defattr(-,root,root,-)
-%doc edl-v10 epl-v10 LICENSE.txt
+%license LICENSE.txt
+%doc edl-v10 epl-v10
%{_bindir}/mosquitto_pub
%{_bindir}/mosquitto_sub
%{_mandir}/man1/mosquitto_pub.1%{ext_man}
@@ -236,12 +228,14 @@
%files -n %{c_lib}
%defattr(-,root,root)
-%doc edl-v10 epl-v10 LICENSE.txt
+%license LICENSE.txt
+%doc edl-v10 epl-v10
%{_libdir}/libmosquitto.so.*
%files -n %{cpp_lib}
%defattr(-,root,root)
-%doc edl-v10 epl-v10 LICENSE.txt
+%license LICENSE.txt
+%doc edl-v10 epl-v10
%{_libdir}/libmosquittopp.so.*
%files devel
@@ -249,8 +243,11 @@
%{_libdir}/libmosquitto.so
%{_libdir}/libmosquittopp.so
%{_includedir}/mosquitto.h
+%{_includedir}/mosquitto_broker.h
%{_includedir}/mosquitto_plugin.h
%{_includedir}/mosquittopp.h
%{_mandir}/man3/libmosquitto.3%{ext_man}
+%{_libdir}/pkgconfig/libmosquitto.pc
+%{_libdir}/pkgconfig/libmosquittopp.pc
%changelog
++++++ mosquitto-1.4.15.tar.gz -> mosquitto-1.5.tar.gz ++++++
++++ 39612 lines of diff (skipped)
