commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2020-08-24 15:10:40 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.3399 (New) Package is "mosquitto" Mon Aug 24 15:10:40 2020 rev:19 rq:828659 version:1.6.12 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2020-08-12 10:39:56.716393918 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.3399/mosquitto.changes 2020-08-24 15:12:39.166673275 +0200 @@ -1,0 +2,22 @@ +Wed Aug 19 19:29:23 UTC 2020 - Martin Hauke + +- Update to version 1.6.12 + Security: + * In some circumstances, Mosquitto could leak memory when +handling PUBLISH messages. This is limited to incoming QoS 2 +messages, and is related to the combination of the broker +having persistence enabled, a clean session=false client, +which was connected prior to the broker restarting, then has +reconnected and has now sent messages at a sufficiently high +rate that the incoming queue at the broker has filled up and +hence messages are being dropped. This is more likely to have +an effect where max_queued_messages is a small value. +This has now been fixed. Closes #1793. + Broker: + * Build warning fixes when building with WITH_BRIDGE=no and +WITH_TLS=no. + Clients: + * All clients exit with an error exit code on CONNACK failure. + * Don't busy loop with `mosquitto_pub -l` on a slow connection. + +--- Old: mosquitto-1.6.11.tar.gz mosquitto-1.6.11.tar.gz.sig New: mosquitto-1.6.12.tar.gz mosquitto-1.6.12.tar.gz.sig Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.386Y5o/_old 2020-08-24 15:12:41.062674199 +0200 +++ /var/tmp/diff_new_pack.386Y5o/_new 2020-08-24 15:12:41.062674199 +0200 @@ -20,7 +20,7 @@ %define c_lib libmosquitto1 %define cpp_lib libmosquittopp1 Name: mosquitto -Version:1.6.11 +Version:1.6.12 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 ++ mosquitto-1.6.11.tar.gz -> mosquitto-1.6.12.tar.gz ++ 2326 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2020-08-12 10:37:24 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.3399 (New) Package is "mosquitto" Wed Aug 12 10:37:24 2020 rev:18 rq:825875 version:1.6.11 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2020-08-10 15:02:07.328131128 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.3399/mosquitto.changes 2020-08-12 10:39:56.716393918 +0200 @@ -1,0 +2,35 @@ +Tue Aug 11 16:05:16 UTC 2020 - Martin Hauke + +- Update to version 1.6.11 + Broker: + * Fix usage message only mentioning v3.1.1. + * Fix broker refusing to start if only websockets listeners +were defined. + * Change systemd unit files to create /var/log/mosquitto before +starting. + * Don't quit with an error if opening the log file isn't +possible. + * Fix bridge topic remapping when using "" as the topic. + * Fix messages being queued for disconnected bridges when clean +start was set to true. + * Fix `autosave_interval` not being triggered by messages being +delivered. + * Fix websockets clients sometimes not being disconnected +promptly. + * Fix "slow" file based logging by switching to line based +buffering. + * Log protocol error message where appropriate from a bad +UNSUBSCRIBE, rather than the generic "socket error". + * Don't try to start DLT logging if DLT unavailable, to avoid a +long delay when shutting down the broker. + * Fix potential memory leaks. + * Fix clients not receiving messages after a previous client +with the same client ID and positive will delay interval quit. + * Fix overly broad HAVE_PTHREAD_CANCEL compile guard. + Client library: + * Improved documentation around connect callback return codes. + * Fix `mosquitto_publish*()` no longer returning +`MOSQ_ERR_NO_CONN` when not connected. + * `mosquitto_loop_start()` now sets a thread name on Linux + +--- Old: mosquitto-1.6.10.tar.gz mosquitto-1.6.10.tar.gz.sig New: mosquitto-1.6.11.tar.gz mosquitto-1.6.11.tar.gz.sig Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.wiyl7l/_old 2020-08-12 10:39:59.656395377 +0200 +++ /var/tmp/diff_new_pack.wiyl7l/_new 2020-08-12 10:39:59.660395379 +0200 @@ -20,7 +20,7 @@ %define c_lib libmosquitto1 %define cpp_lib libmosquittopp1 Name: mosquitto -Version:1.6.10 +Version:1.6.11 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 ++ mosquitto-1.6.10.tar.gz -> mosquitto-1.6.11.tar.gz ++ 2319 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2020-08-10 15:00:43 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.3399 (New) Package is "mosquitto" Mon Aug 10 15:00:43 2020 rev:17 rq:825183 version:1.6.10 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2020-06-02 14:42:13.224200636 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.3399/mosquitto.changes 2020-08-10 15:02:07.328131128 +0200 @@ -1,0 +2,13 @@ +Sun Aug 2 18:14:23 UTC 2020 - Martin Hauke + +- Lets always build with support for systemd and websockets and + drop all the related ifdef's. +- Run spec-cleaner. + +--- +Wed Jul 29 20:15:21 UTC 2020 - Martin Hauke + +- Fix for the apparmor profile to properly allow reading files + from /etc/mosquitto/conf.d/ + +--- Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.LXhfHO/_old 2020-08-10 15:02:11.528133345 +0200 +++ /var/tmp/diff_new_pack.LXhfHO/_new 2020-08-10 15:02:11.532133347 +0200 @@ -19,12 +19,6 @@ %define home%{_localstatedir}/lib/%{name} %define c_lib libmosquitto1 %define cpp_lib libmosquittopp1 -%if 0%{?suse_version} > 1230 || 0%{?rhel_version} > 600 || 0%{?centos_version} > 600 || 0%{?fedora_version} >= 20 || 0%{?el7}%{?fc20}%{?fc21}%{?fc22}%{?fc23}%{?fc24}%{?fc25} -%bcond_without systemd -%else -%bcond_with systemd -%endif -%bcond_without websockets Name: mosquitto Version:1.6.10 Release:0 @@ -44,17 +38,12 @@ BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libcares-devel +BuildRequires: libwebsockets-devel BuildRequires: openssl-devel >= 1.0.0 BuildRequires: tcpd-devel BuildRequires: uthash-devel Requires(pre): shadow -%if %{with websockets} -BuildRequires: libwebsockets-devel -%endif -%if %{with systemd} -BuildRequires: pkgconfig(systemd) -%{?systemd_requires} -%endif +%{?systemd_ordering} %description Mosquitto is a message broker that implements the @@ -127,27 +116,20 @@ %build %cmake \ - -DCMAKE_INSTALL_SYSCONFDIR=/etc \ - %if %{with websockets} + -DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir} \ -DWITH_WEBSOCKETS=ON \ - %endif -DUSE_LIBWRAP=OFF -make +%make_build %install %cmake_install -%if %{with systemd} -install -D -m 0644 %{SOURCE1} \ - %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} -%endif install -Dd -m 0750 %{buildroot}%{home} chmod -R o= %{buildroot}%{_sysconfdir}/%{name}/ -%if 0%{?suse_version} install -D -m 644 security/mosquitto.apparmor %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.mosquitto install -D -m 755 -d %{buildroot}%{_sysconfdir}/apparmor.d/local/ echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto -%endif install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/mosquitto/conf.d/README install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/mosquitto/ca_certificates/README install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/mosquitto/certs/README @@ -155,43 +137,24 @@ %pre getent group %{name} || %{_sbindir}/groupadd -r %{name} getent passwd %{name} || %{_sbindir}/useradd -g %{name} -s /bin/false -r -c "%{name}" -d %{home} %{name} -# START BIG SYSTEMD -%if %{with systemd} -%if 0%{?suse_version} + %service_add_pre %{name}.service -%endif %preun -%if 0%{?suse_version} %service_del_preun %{name}.service -%else -%systemd_preun %{name}.service -%endif %post -%if 0%{?suse_version} %service_add_post %{name}.service -%else -%systemd_post %{name}.service -%endif %postun -%if 0%{?suse_version} %service_del_postun %{name}.service -%else -%systemd_postun_with_restart %{name}.service -%endif -%endif -# /END BIG SYSTEMD %post -n %{c_lib} -p /sbin/ldconfig %postun -n %{c_lib} -p /sbin/ldconfig - %post -n %{cpp_lib} -p /sbin/ldconfig %postun -n %{cpp_lib} -p /sbin/ldconfig %files -%defattr(-,root,root) %license LICENSE.txt %doc edl-v10 epl-v10 %doc CONTRIBUTING.md ChangeLog.txt readme.md *.html *.example @@ -199,57 +162,47 @@ %config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/mosquitto/ %{_bindir}/mosquitto_passwd %{_sbindir}/mosquitto -%{_mandir}/man1/mosquitto_passwd.1%{ext_man} -%{_mandir}/man5/mosquitto.conf.5%{ext_man} -%{_mandir}/man7/mosquitto-tls.7%{ext_man} -%{_mandir}/man7/mqtt.7%{ext_man} -%{_mandir}/man8/mosquitto.8%{ext_man} -%if %{with
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2020-06-02 14:41:22 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.3606 (New) Package is "mosquitto" Tue Jun 2 14:41:22 2020 rev:16 rq:810719 version:1.6.10 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2020-03-01 21:28:49.428655176 +0100 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.3606/mosquitto.changes 2020-06-02 14:42:13.224200636 +0200 @@ -1,0 +2,31 @@ +Tue May 26 06:36:17 UTC 2020 - Martin Hauke + +- Update to version 1.6.10 + Broker: + * Report invalid bridge prefix+pattern combinations at config +parsing time rather than letting the bridge fail later. + * Fix `mosquitto_passwd -b` not updating passwords for existing +users correctly. Creating a new user with `-b` worked without +problem. + * Fix memory leak when connecting clients rejected. + * Don't disconnect clients that are already disconnected. This +prevents the session expiry being extended on SIGHUP. + * Fix support for openssl 3.0. + * Fix check when loading persistence file of a different version +than the native version. + * Fix possible assert crash associated with bridge reconnecting +when compiled without epoll support. + Client library: + * Don't treat an unexpected PUBACK, PUBREL, or PUBCOMP as a +fatal error. + * Fix support for openssl 3.0. + * Fix memory leaks from multiple calls to +`mosquitto_lib_init()`/`mosquitto_lib_cleanup()`. + * Fix documentation on return code of `mosquitto_lib_init()` +for Windows. + Clients: + * Fix mosquitto_sub %j or %J not working on Windows. + Build: + * Various fixes for building with mosquitto-1.6.10.tar.gz ++ 3852 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2020-03-01 21:28:20 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.26092 (New) Package is "mosquitto" Sun Mar 1 21:28:20 2020 rev:15 rq:780688 version:1.6.9 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2020-01-24 13:13:26.081487805 +0100 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.26092/mosquitto.changes 2020-03-01 21:28:49.428655176 +0100 @@ -1,0 +2,31 @@ +Sun Mar 1 09:34:15 UTC 2020 - Martin Hauke + +- Update to version 1.6.9 + Broker: + * Fix session expiry with very large expiry intervals. + * Check ACL patterns for validity when loading. + * Use presence of password file as indicator for whether username +checks should take place, not whether usernames are defined in +the password file. + * Strip whitespace from end of config file string options. + * Satisfy valgrind when exiting on error due to not being able +to open a listening socket, by calling freeaddrinfo. + * Fix config->user not being freed on exit. + * Fix trailing whitespace not being trimmed on acl users. + * Fix `bind_interface` not working for the default listener. + * Improve password file parsing in the broker and mosqitto_passwd. + * Print OpenSSL errors in more situations, like when loading +certificates fails. + * Fix `mosquitto_client_protocol() returning incorrect values. + Client library: + * Set minimum keepalive argument to `mosquitto_connect*()` to be +5 seconds. + * Fix `mosquitto_topic_matches_sub()` not returning +MOSQ_ERR_INVAL if the topic contains a wildcard. + Clients: + * Fix `--remove-retained` not obeying the `-T` option for +filtering out topics. + * Default behaviour for v5 clients using `-c` is now to use +infinite length sessions, as with v3 clients. + +--- Old: mosquitto-1.6.8.tar.gz mosquitto-1.6.8.tar.gz.sig New: mosquitto-1.6.9.tar.gz mosquitto-1.6.9.tar.gz.sig Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.PeO4vP/_old 2020-03-01 21:28:50.116656574 +0100 +++ /var/tmp/diff_new_pack.PeO4vP/_new 2020-03-01 21:28:50.116656574 +0100 @@ -1,7 +1,7 @@ # # spec file for package mosquitto # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %endif %bcond_without websockets Name: mosquitto -Version:1.6.8 +Version:1.6.9 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 @@ -44,9 +44,9 @@ BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libcares-devel -#BuildRequires: libuuid-devel BuildRequires: openssl-devel >= 1.0.0 BuildRequires: tcpd-devel +BuildRequires: uthash-devel Requires(pre): shadow %if %{with websockets} BuildRequires: libwebsockets-devel ++ mosquitto-1.6.8.tar.gz -> mosquitto-1.6.9.tar.gz ++ 6758 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2020-01-24 13:12:28 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.26092 (New) Package is "mosquitto" Fri Jan 24 13:12:28 2020 rev:14 rq:766709 version:1.6.8 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2019-12-02 11:33:20.990504352 +0100 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.26092/mosquitto.changes 2020-01-24 13:13:26.081487805 +0100 @@ -1,0 +2,9 @@ +Wed Jan 22 22:03:28 UTC 2020 - James Oakley + +- Update apparmor profile to allow open of /etc/mosquitto/conf.d +- Update default config to include files under /etc/mosquitto/conf.d + per the README in the directory +- Add patch: + * mosquitto-1.6.8-config.patch + +--- New: mosquitto-1.6.8-config.patch Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.YrWE42/_old 2020-01-24 13:13:27.361488319 +0100 +++ /var/tmp/diff_new_pack.YrWE42/_new 2020-01-24 13:13:27.361488319 +0100 @@ -1,7 +1,7 @@ # # spec file for package mosquitto # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,6 +40,7 @@ Source5:README-ca_certificates Source6:README-certs Patch0: mosquitto-1.4.1_apparmor.patch +Patch1: mosquitto-1.6.8-config.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libcares-devel @@ -121,6 +122,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 find misc -type f -exec chmod a-x "{}" "+" %build ++ mosquitto-1.4.1_apparmor.patch ++ --- /var/tmp/diff_new_pack.YrWE42/_old 2020-01-24 13:13:27.409488338 +0100 +++ /var/tmp/diff_new_pack.YrWE42/_new 2020-01-24 13:13:27.409488338 +0100 @@ -1,14 +1,20 @@ -Index: mosquitto-1.4.1/security/mosquitto.apparmor -=== mosquitto-1.4.1.orig/security/mosquitto.apparmor -+++ mosquitto-1.4.1/security/mosquitto.apparmor +--- a/security/mosquitto.apparmor b/security/mosquitto.apparmor @@ -1,3 +1,5 @@ +#include + /usr/sbin/mosquitto { #include #include -@@ -24,4 +26,5 @@ +@@ -6,6 +8,7 @@ + /etc/mosquitto/mosquitto.conf r, + /etc/mosquitto/ca_certificates/* r, + /etc/mosquitto/certs/* r, ++ /etc/mosquitto/conf.d r, + /etc/mosquitto/conf.d/* r, + /var/lib/mosquitto/ r, + /var/lib/mosquitto/mosquitto.db rwk, +@@ -24,4 +27,5 @@ /lib{,32,64}/libwrap.so* rm, /etc/hosts.allow r, /etc/hosts.deny r, ++ mosquitto-1.6.8-config.patch ++ --- mosquitto-1.6.8.orig/mosquitto.conf +++ mosquitto-1.6.8/mosquitto.conf @@ -985,4 +985,4 @@ # alphabetical order, with capital letters ordered first. If this option is # given multiple times, all of the files from the first instance will be # processed before the next instance. See the man page for examples. -#include_dir +include_dir /etc/mosquitto/conf.d
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2019-12-02 11:30:12 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.4691 (New) Package is "mosquitto" Mon Dec 2 11:30:12 2019 rev:13 rq:752520 version:1.6.8 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2019-09-26 20:41:31.826494973 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.4691/mosquitto.changes 2019-12-02 11:33:20.990504352 +0100 @@ -1,0 +2,41 @@ +Fri Nov 29 18:34:49 UTC 2019 - Martin Hauke + +- Update to version 1.6.8 + Broker: + * Various fixes for `allow_zero_length_clientid` config, where +this option was not being set correctly. + * Fix incorrect memory tracking causing problems with +memory_limit option. + * Fix subscription topics being limited to 200 characters instead +of 200 hierarchy levels. + * Only a single CRL could be loaded at once. This has been fixed. + * Fix problems with reloading config when `per_listener_settings` +was true. + * Fix retained messages with an expiry interval not being expired +after being restored from persistence. + * Fix messages with an expiry interval being sent without an +expiry interval property just before they were expired. + * Fix TLS Websockets clients not receiving messages after taking +over a previous connection. + * Fix MQTT 3.1.1 clients using clean session false, or MQTT 5.0 +clients using session-expiry-interval set to infinity never +expiring, even when the global `persistent_client_expiration` +option was set. + Client library: + * Fix publish properties not being passed to on_message_v5 +callback for QoS 2 messages. + * Fix documentation issues in mosquitto.h. + * Document `mosquitto_connect_srv()`. + Clients: + * Fix duplicate cfg definition in rr_client. + * Fix `mosquitto_pub -l` hang when stdin stream ends. + * Fix `mosquitto_pub -l` not sending the final line of stdin if +it does not end with a new line. + * Make documentation for `mosquitto_pub -l` match reality - blank +lines are sent as empty messages. + * Free memory in `mosquitto_sub` when quiting without having made +a successful connection. +- Drop patch: + * mosquitto-fix-pkgconf-path.patch (fixed upstream) + +--- Old: mosquitto-1.6.7.tar.gz mosquitto-1.6.7.tar.gz.sig mosquitto-fix-pkgconf-path.patch New: mosquitto-1.6.8.tar.gz mosquitto-1.6.8.tar.gz.sig Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.7dtqzu/_old 2019-12-02 11:33:21.850503954 +0100 +++ /var/tmp/diff_new_pack.7dtqzu/_new 2019-12-02 11:33:21.850503954 +0100 @@ -26,7 +26,7 @@ %endif %bcond_without websockets Name: mosquitto -Version:1.6.7 +Version:1.6.8 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 @@ -40,7 +40,6 @@ Source5:README-ca_certificates Source6:README-certs Patch0: mosquitto-1.4.1_apparmor.patch -Patch1: mosquitto-fix-pkgconf-path.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libcares-devel @@ -122,7 +121,6 @@ %prep %setup -q %patch0 -p1 -%patch1 -p1 find misc -type f -exec chmod a-x "{}" "+" %build ++ mosquitto-1.6.7.tar.gz -> mosquitto-1.6.8.tar.gz ++ 3374 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2019-09-26 20:41:27 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.2352 (New) Package is "mosquitto" Thu Sep 26 20:41:27 2019 rev:12 rq:733249 version:1.6.7 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2019-09-23 12:39:42.765587304 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.2352/mosquitto.changes 2019-09-26 20:41:31.826494973 +0200 @@ -1,0 +2,18 @@ +Wed Sep 25 20:42:16 UTC 2019 - Martin Hauke + +- Update to version 1.6.7 + Broker: + * Add workaround for working with libwebsockets 3.2.0. + * Fix potential crash when reloading config. + Client library: + * Don't use `/` in autogenerated client ids, to avoid confusing +with topics. + * Fix `mosquitto_max_inflight_messages_set()` and +`mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...)` behaviour. + * Fix regression on use of `mosquitto_connect_async()` not working. + Clients: + * mosquitto_sub: Fix `-E` incorrectly not working unless `-d` was +also specified. + * Updated documentation around automatic client ids. + +--- Old: mosquitto-1.6.5.tar.gz mosquitto-1.6.5.tar.gz.sig New: mosquitto-1.6.7.tar.gz mosquitto-1.6.7.tar.gz.sig Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.ti3yHP/_old 2019-09-26 20:41:32.574492975 +0200 +++ /var/tmp/diff_new_pack.ti3yHP/_new 2019-09-26 20:41:32.578492964 +0200 @@ -26,7 +26,7 @@ %endif %bcond_without websockets Name: mosquitto -Version:1.6.5 +Version:1.6.7 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 ++ mosquitto-1.6.5.tar.gz -> mosquitto-1.6.7.tar.gz ++ 2183 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2019-09-23 12:39:09 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.7948 (New) Package is "mosquitto" Mon Sep 23 12:39:09 2019 rev:11 rq:732378 version:1.6.5 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2019-07-18 15:19:42.180151743 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.7948/mosquitto.changes 2019-09-23 12:39:42.765587304 +0200 @@ -1,0 +2,128 @@ +Sat Sep 21 14:38:08 UTC 2019 - Martin Hauke + +- Update to version 1.6.5 + Fix CVE-2019-11779: + * In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT +client sends a SUBSCRIBE packet containing a topic that consists +of approximately 65400 or more '/' characters, i.e. the topic +hierarchy separator, then a stack overflow will occur. + Broker: + * Fix v5 DISCONNECT packets with remaining length == 2 being +treated as a protocol error. + * Fix support for libwebsockets 3.x. + * Fix slow websockets performance when sending large messages. + * Fix clients authorised using `use_identity_as_username` or +`use_subject_as_username` being disconnected on SIGHUP. + * Improve error messages in some situations when clients disconnect. +Reduces the number of "Socket error on client X, disconnecting" +messages. + * Fix Will for v5 clients not being sent if will delay interval was +greater than the session expiry interval. + * Fix CRL file not being reloaded on HUP. + Client library: + * Fix reconnect backoff for the situation where connections are +dropped rather than refused. + * Fix missing locks on `mosq->state`. + +- Update to version 1.6.4 + Fix CVE-2019-11778: + * If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 +to 1.6.4 inclusive, sets a last will and testament, sets a will +delay interval, sets a session expiry interval, and the will delay +interval is set longer than the session expiry interval, then a +use after free error occurs, which has the potential to cause a +crash in some situations. + Broker: + * Fix incoming QoS 2 messages being blocked when +`max_inflight_messages` was set to 1. + * Fix incoming messages not being removed for a client if the topic +being published to does not have any subscribers. + Client library: + * Fix MQTT v5 subscription options being incorrectly set for +MQTT v3 subscriptions. + * Make behaviour of `mosquitto_connect_async()` consistent with +`mosquitto_connect()` when connecting to a non-existent server. + * `mosquitto_string_option(mosq, MOSQ_OPT_TLS_KEYFORM, ...)` was +incorrectly returning `MOSQ_ERR_INVAL` with valid input. This has +been fixed. + * on_connect callback is now called with the correct v5 reason code +if a v5 client connects to a v3.x broker and is sent a CONNACK with +the "unacceptable protocol version" connack reason code. + * Fix memory leak when setting v5 properties in mosquitto_connect_v5(). + * Fix properties not being sent on QoS>0 PUBLISH messages. + Clients: + * mosquitto_pub: fix error codes not being returned when +mosquitto_pub exits. + * All clients: improve error messages when connecting to a v3.x broker +when in v5 mode. + Other: + - Various documentation fixes. + +- Update to version 1.6.3 + Broker: + * Fix detection of incoming v3.1/v3.1.1 bridges. + * Fix default max_topic_alias listener config not being copied to +the in-use listener when compiled without TLS support. + * Fix random number generation if compiling using `WITH_TLS=no` and +on Linux with glibc >= 2.25. Without this fix, no random numbers +would be generated for e.g. on broker client id generation, and so +clients connecting expecting this feature would be unable to connect. + * Fix compilation problem related to `getrandom()` on non-glibc systems. + * Fix Will message for a persistent client incorrectly being sent when the +client reconnects after a clean disconnect. + - Fix Will message for a persistent client not being sent on disconnect. + * Improve documentation around the upgrading of persistence files. + * Add 'extern "C"' on mosquitto_broker.h and mosquitto_plugin.h for +C++ plugin writing. + * Fix persistent Websockets clients not receiving messages after they +reconnect, having sent DISCONNECT on a previous session + * Disable TLS renegotiation. Client initiated renegotiation is considered to +be a potential attack vector against servers. + * Fix incorrect shared subscription topic '$shared'. + * Fix zero length client ids being rejected for MQTT v5 clients with clean +start set to true. + * Fix MQTT v5 overlapping subscription behaviour. Clients now
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2019-06-19 21:02:04 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.4811 (New) Package is "mosquitto" Wed Jun 19 21:02:04 2019 rev:9 rq:706055 version:1.6.0 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2019-02-27 17:29:30.827312928 +0100 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.4811/mosquitto.changes 2019-06-19 21:02:06.102173825 +0200 @@ -1,0 +2,80 @@ +Thu Apr 18 08:47:30 UTC 2019 - Martin Hauke + +- Update to version 1.6.0 + Broker features + * Add support for MQTT v5 + * Add support for OCSP stapling. + * Add support for ALPN on bridge TLS connections. + * Add support for Automotive DLT logging. + * Add TLS Engine support. + * Persistence file read/write performance improvements. + * General performance improvements. + * Add max_keepalive option, to allow a maximum keepalive value to +be set for MQTT v5 clients only. + * Add bind_interface option which allows a listener to be bound to +a specific network interface, in a similar fashion to the +bind_address option. Linux only. + * Add improved bridge restart interval based on Decorrelated Jitter. + * Add dhparamfile option, to allow DH parameters to be loaded for +Ephemeral DH support + * Disallow writing to $ topics where appropriate. + * Add explicit support for TLS v1.3. + * Drop support for TLS v1.0. + * Improved general support for broker generated client ids. +Removed libuuid dependency. + * auto_id_prefix now defaults to 'auto-'. + * QoS 1 and 2 flow control improvements. + Client library features + * Add support for MQTT v5 + * Add mosquitto_subscribe_multiple() for sending subscriptions to +multiple topics in one command. + * Add TLS Engine support. + * Add explicit support for TLS v1.3. + * Drop support for TLS v1.0. + * QoS 1 and 2 flow control improvements. + Client features + * Add support for MQTT v5 + * Add mosquitto_rr client, which can be used for "request-response" +messaging, by sending a request message and awaiting a response. + * Add TLS Engine support. + * Add support for ALPN on TLS connections. + * Add -D option for all clients to specify MQTT v5 properties. + * Add -E to mosquitto_sub, which causes it to exit immediately after +having its subscriptions acknowledged. Use with -c to create a +durable client session without requiring a message to be received. + * Add --remove-retained to mosquitto_sub, which can be used to clear +retained messages on a broker. + * Add --repeat and --repeat-delay to mosquitto_pub, which can be +used to repeat single message publishes at a regular interval. + * -V now accepts 5, 311, 31, as well as mqttv5 etc. + * Add explicit support for TLS v1.3. + * Drop support for TLS v1.0. + Broker fixes + * Improve error reporting when creating listeners. + * Fix mosquitto_passwd crashing on corrupt password file. + * Fix build on SmartOS due to missing IPV6_V6ONLY. + Client library fixes + * Add missing mosquitto_userdata() function. + Client fixes + * mosquitto_pub wouldn't always publish all messages when using -l +and QoS>0. This has been fixed. + * mosquitto_sub was incorrectly encoding special characters when +using %j output format. + +--- +Thu Feb 28 23:09:37 UTC 2019 - Martin Hauke + +- Update to version 1.5.8 + Broker: + * Fix clients being disconnected when ACLs are in use. This only +affects the case where a client connects using a username, and +the anonymous ACL list is defined but specific user ACLs are +not defined. + * Fix delayed bridge local subscriptions causing missing messages. + Library: + * Use higher resolution timer for random initialisation of client +id generation. + * Fix some Coverity Scan reported errors that could occur when the +library was already quitting. + +--- Old: mosquitto-1.5.7.tar.gz mosquitto-1.5.7.tar.gz.sig New: mosquitto-1.6.0.tar.gz mosquitto-1.6.0.tar.gz.sig Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.Ony9Az/_old 2019-06-19 21:02:06.974174558 +0200 +++ /var/tmp/diff_new_pack.Ony9Az/_new 2019-06-19 21:02:06.978174561 +0200 @@ -27,7 +27,7 @@ %endif %bcond_without websockets Name: mosquitto -Version:1.5.7 +Version:1.6.0 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 @@ -45,7 +45,7 @@ BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires:
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2019-02-27 17:29:26 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new.28833 (New) Package is "mosquitto" Wed Feb 27 17:29:26 2019 rev:8 rq:679569 version:1.5.7 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2018-10-29 14:58:32.681987555 +0100 +++ /work/SRC/openSUSE:Factory/.mosquitto.new.28833/mosquitto.changes 2019-02-27 17:29:30.827312928 +0100 @@ -1,0 +2,126 @@ +Mon Feb 18 19:58:45 UTC 2019 - Martin Hauke + +- Use HTTPS for all URLs +- Verify source signature + +--- +Thu Feb 14 09:51:33 UTC 2019 - Martin Hauke + +- Update to version 1.5.7 + Broker: + - Ensure that an error occurs if `per_listener_settings true` is +given after other security options. + - Fix case where old unreferenced msg_store messages were being +saved to the persistence file, bloating its size unnecessarily. + Library: + - Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL +for invalid subscriptions like `topic/#abc`. This only affects +the return value, not the match/no match result, which was +already correct. + +--- +Wed Feb 13 21:14:36 UTC 2019 - Martin Hauke + +- Update to version 1.5.6 + Security: + * Fix CVE-2018-12551 (bsc#1125021): If Mosquitto is configured to +use a password file for authentication, any malformed data in +the password file will be treated as valid. This typically means +that the malformed data becomes a username and no password. +If this occurs, clients can circumvent authentication and get +access to the broker by using the malformed username. In +particular, a blank line will be treated as a valid empty username. +Other security measures are unaffected. Users who have only used +the mosquitto_passwd utility to create and modify their password +files are unaffected by this vulnerability. + * Fix CVE-2018-12550 (bsc#1125021): If an ACL file is empty, or +has only blank lines or comments, then mosquitto treats the ACL +file as not being defined, which means that no topic access is +denied. Although denying access to all topics is not a useful +configuration, this behaviour is unexpected and could lead +to access being incorrectly granted in some circumstances. This +is now fixed. + * Fix CVE-2018-12546 (bsc#1125019): If a client publishes a retained +message to a topic that they have access to, and then their access +to that topic is revoked, the retained message will still be +delivered to future subscribers. This behaviour may be undesirable +in some applications, so a configuration option `check_retain_source` +has been introduced to enforce checking of the retained message +source on publish. + Broker: + * Fixed comment handling for config options that have optional +arguments. + * Improved documentation around bridge topic remapping. + * Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 +reply) properly. + * Fix spaces not being allowed in the bridge remote_username +option. + * Allow broker to always restart on Windows when using +`log_dest file`. + * Fix Will not being sent for Websockets clients. + * Windows: Fix possible crash when client disconnects. + * Fixed durable clients being unable to receive messages when +offline, when per_listener_settings was set to true. + * Add log message for the case where a client is disconnected for +sending a topic with invalid UTF-8. + Library: + * Fix TLS connections not working over SOCKS. + * Don't clear SSL context when TLS connection is closed, meaning +if a user provided an external SSL_CTX they have less chance of +leaking references. + +--- +Mon Dec 17 20:15:50 UTC 2018 - mar...@gmx.de + +- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536) +- Update to version 1.5.5 + Security: + * If `per_listener_settings` is set to true, then the `acl_file` setting was +ignored for the "default listener" only. This has been fixed. This does not +affect any listeners defined with the `listener` option. + Broker: + * Add `socket_domain` option to allow listeners to disable IPv6 support. +This is required to work around a problem in libwebsockets that means +sockets only listen on IPv6 by default if IPv6 support is compiled in. + * When using ADNS, don't ask for all network protocols when connecting, +because this can lead to confusing "Protocol not supported" errors if the +network is down. + * Fix outgoing retained
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2018-10-29 14:21:54 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new (New) Package is "mosquitto" Mon Oct 29 14:21:54 2018 rev:7 rq:644869 version:1.5.3 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2018-08-27 12:59:53.372851562 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2018-10-29 14:58:32.681987555 +0100 @@ -1,0 +2,25 @@ +Thu Oct 25 18:06:26 UTC 2018 - mar...@gmx.de + +- Update to version 1.5.3 + Security: + * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that +begins with $, but is not $SYS, then an assert that should be unreachable is +triggered and Mosquitto will exit. + Broker: + * Elevate log level to warning for situation when socket limit is hit. + * Fix retained messages not sent by bridges on outgoing topics at the first +connection. + * Fix duplicate clients being added to by_id hash before the old client was +removed. + +- Update to version 1.5.2 + Broker: + * Fix incorrect call to setsockopt() for TCP_NODELAY. + * Fix excessive CPU usage when the number of sockets exceeds the system limit. + * Fix round_robin false behaviour. + * Fix segfault on HUP when bridges and security options are configured. + Library: + * Fix situation where username and password is used with SOCKS5 proxy. + * Fix SOCKS5 behaviour when passing IP addresses. + +--- Old: mosquitto-1.5.1.tar.gz New: mosquitto-1.5.3.tar.gz Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.d5z6Uf/_old 2018-10-29 14:58:33.529988969 +0100 +++ /var/tmp/diff_new_pack.d5z6Uf/_new 2018-10-29 14:58:33.533988976 +0100 @@ -27,7 +27,7 @@ %endif %bcond_without websockets Name: mosquitto -Version:1.5.1 +Version:1.5.3 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 ++ mosquitto-1.5.1.tar.gz -> mosquitto-1.5.3.tar.gz ++ 4801 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2018-08-27 12:59:52 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new (New) Package is "mosquitto" Mon Aug 27 12:59:52 2018 rev:6 rq:631606 version:1.5.1 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2018-05-15 10:31:51.455591579 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2018-08-27 12:59:53.372851562 +0200 @@ -1,0 +2,42 @@ +Sun Aug 19 16:38:42 UTC 2018 - mar...@gmx.de + +- Update to version 1.5.1 + Broker: + * Fix plugin cleanup function not being called on exit of the broker. + * Print more OpenSSL errors when loading certificates/keys fail. + * Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. + * Remove use of AI_ADDRCONFIG, which means the broker can be used on systems +where only the loopback interface is defined. + * Fix IPv6 addresses not being able to be used as bridge addresses. + * All clients now time out if they exceed their keepalive*1.5, rather than +just reach it. This was inconsistent in two places. + * Fix segfault on startup if bridge CA certificates could not be read. + * Fix problem opening listeners on Pi caused by unsigned char being default. + * ACL patterns that do not contain either %c or %u now produce a warning in +the log. + * Fix bridge publishing failing when per_listener_settings was true. + * Fix `use_identity_as_username true` not working. + * Fix UNSUBACK messages not being logged. + * Fix possible endian issue when reading the `memory_limit` option. + * Fix building for libwebsockets < 1.6. + * Fix accessor functions for username and client id when used in plugin auth +check. + + Library: + * Fix some places where return codes were incorrect, including to the +on_disconnect() callback. This has resulted in two new error codes, +MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP. + * Fix connection problems when mosquitto_loop_start() was called before +mosquitto_connect_async(). + + Clients: + * When compiled using WITH_TLS=no, the default port was incorrectly being set +to -1. This has been fixed. + * Fix compiling on Mac OS X <10.12. + + Build: + * Fixes for building on NetBSD. + * Fixes for building on FreeBSD. + * Add support for compiling with static libwebsockets library. + +--- Old: mosquitto-1.5.tar.gz New: mosquitto-1.5.1.tar.gz Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.MvvegQ/_old 2018-08-27 12:59:54.892853220 +0200 +++ /var/tmp/diff_new_pack.MvvegQ/_new 2018-08-27 12:59:54.908853238 +0200 @@ -27,7 +27,7 @@ %endif %bcond_without websockets Name: mosquitto -Version:1.5 +Version:1.5.1 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 ++ mosquitto-1.5.tar.gz -> mosquitto-1.5.1.tar.gz ++ 5187 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2018-05-15 10:09:41 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new (New) Package is "mosquitto" Tue May 15 10:09:41 2018 rev:5 rq:605073 version:1.5 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2018-03-04 12:52:40.003453739 +0100 +++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2018-05-15 10:31:51.455591579 +0200 @@ -1,0 +2,158 @@ +Thu May 3 18:47:04 UTC 2018 - mar...@gmx.de + +- Update to version 1.5 + Security: + * Fix memory leak that could be caused by a malicious CONNECT packet. This +does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) + + Broker features: + * Add per_listener_settings to allow authentication and access control to be +per listener. + * Add limited support for reloading listener settings. This allows settings +for an already defined listener to be reloaded, but port numbers must not be +changed. + * Add ability to deny access to SUBSCRIBE messages as well as the current +read/write accesses. Currently for auth plugins only. + * Reduce calls to malloc through the use of UHPA. + * Outgoing messages with QoS>1 are no longer retried after a timeout period. +Messages will be retried when a client reconnects. This change in behaviour +can be justified by considering when the timeout may have occurred. ++ If a connection is unreliable and has dropped, but without one end + noticing, the messages will be retried on reconnection. Sending + additional PUBLISH or PUBREL would not have changed anything. ++ If a client is overloaded/unable to respond/has a slow connection then + sending additional PUBLISH or PUBREL would not help the client catch + up. Once the backlog has cleared the client will respond. If it is not + able to catch up, sending additional duplicates would not help either. + * Add use_subject_as_username option for certificate based client +authentication to use the entire certificate subject as a username, rather +than just the CN. Closes #469467. + * Change sys tree printing output. This format shouldn't be relied upon and +may change at any time. Closes #470246. + * Minimum supported libwebsockets version is now 1.3. + * Add systemd startup notification and services. Closes #471053. + * Reduce unnecessary malloc and memcpy when receiving a message and storing +it. Closes #470258. + * Support for Windows XP has been dropped. + * Bridge connections now default to using MQTT v3.1.1. + * mosquitto_db_dump tool can now output some stats on clients. + * Perform utf-8 validation on incoming will, subscription and unsubscription +topics. + * new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored) + * new $SYS/broker/store/messages/bytes + * max_queued_bytes feature to limit queues by real size rather than +than just message count. Closes Eclipse #452919 or Github #100 + * Add support for bridges to be configured to only send notifications to the +local broker. + * Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on +client sockets. Closes #433. + * The behaviour of allow_anonymous has changed. In the old behaviour, the +default if not set was to allow anonymous access. The new behaviour is to +default is to allow anonymous access unless another security option is set. +For example, if password_file is set and allow_anonymous is not set, then +anonymous access will be denied. It is still possible to allow anonymous +access by setting it explicitly. + Broker fixes: + * Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665. + * Produce an error if two bridges share the same local_clientid. + * Miscellaneous fixes on Windows. + * queue_qos0_messages was not observing max_queued_** limits + * When using the include_dir configuration option sort the files +alphabetically before loading them. Closes #17. + * IPv6 is no longer disabled for websockets listeners. + * Remove all build timestamp information including $SYS/broker/timestamp. +Close #651. + * Correctly handle incoming strings that contain a NULL byte. Closes #693. + * Use constant time memcmp for password comparisons. + * Fix incorrect PSK key being used if it had leading zeroes. + * Fix memory leak if a client provided a username/password for a listener with +use_identity_as_username configured. + * Fix use_identity_as_username not working on websockets clients. + * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on +a websockets client. Closes #490. + * Fix 08-ssl-bridge.py test when using async
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2018-03-04 12:51:57 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new (New) Package is "mosquitto" Sun Mar 4 12:51:57 2018 rev:4 rq:582184 version:1.4.15 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2017-10-09 19:40:50.323051990 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2018-03-04 12:52:40.003453739 +0100 @@ -1,0 +2,45 @@ +Thu Mar 1 14:37:54 UTC 2018 - mar...@gmx.de + +- Update to version 1.4.15 + Security: + * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more +file descriptors, then opening the configuration file will fail and security +settings will be set back to their default values. + * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by +setting "remaining length" to be a large value. This is now mitigated by +limiting the size of remaining length to valid values. A "memory_limit" +configuration option has also been added to allow the overall memory used by +the broker to be limited. + + Broker: + * Use constant time memcmp for password comparisons. + * Fix incorrect PSK key being used if it had leading zeroes. + * Fix memory leak if a client provided a username/password for a listener with +use_identity_as_username configured. + * Fix use_identity_as_username not working on websockets clients. + * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on +a websockets client. Closes #490. + * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. + * Lines in the config file are no longer limited to 1024 characters long. +Closes #652. + * Fix $SYS counters of messages and bytes sent when message is sent over +a Websockets. Closes #250. + * Fix upgrade_outgoing_qos for retained message. Closes #534. + * Fix CONNACK message not being sent for unauthorised connect on websockets. +Closes #8. + + Client library: + * Fix incorrect PSK key being used if it had leading zeroes. + * Initialise "result" variable as soon as possible in +mosquitto_topic_matches_sub. Closes #654. + * No need to close socket again if setting non-blocking failed. Closes #649. + * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against +foo/+/#. Closes #670. + + Clients: + * Correctly handle empty files with "mosquitto_pub -l". Closes #676. + + Build: + * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. + +--- Old: mosquitto-1.4.14.tar.gz New: mosquitto-1.4.15.tar.gz Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.lwriaj/_old 2018-03-04 12:52:40.791425026 +0100 +++ /var/tmp/diff_new_pack.lwriaj/_new 2018-03-04 12:52:40.791425026 +0100 @@ -1,7 +1,7 @@ # # spec file for package mosquitto # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %bcond_without websockets Name: mosquitto -Version:1.4.14 +Version:1.4.15 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 ++ mosquitto-1.4.14.tar.gz -> mosquitto-1.4.15.tar.gz ++ 2588 lines of diff (skipped)
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2017-10-09 19:40:44 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new (New) Package is "mosquitto" Mon Oct 9 19:40:44 2017 rev:3 rq:530404 version:1.4.14 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2017-09-12 19:53:48.504461451 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2017-10-09 19:40:50.323051990 +0200 @@ -1,0 +2,8 @@ +Mon Oct 2 10:57:39 UTC 2017 - mar...@gmx.de + +- Update to 1.4.14 + * Broker: + - Fix regression from 1.4.13 where persistence data was not + being saved. + +--- Old: mosquitto-1.4.13.tar.gz New: mosquitto-1.4.14.tar.gz Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.aqvlS4/_old 2017-10-09 19:40:51.427003469 +0200 +++ /var/tmp/diff_new_pack.aqvlS4/_new 2017-10-09 19:40:51.431003293 +0200 @@ -24,7 +24,7 @@ %bcond_without websockets Name: mosquitto -Version:1.4.13 +Version:1.4.14 Release:0 Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 ++ mosquitto-1.4.13.tar.gz -> mosquitto-1.4.14.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mosquitto-1.4.13/CMakeLists.txt new/mosquitto-1.4.14/CMakeLists.txt --- old/mosquitto-1.4.13/CMakeLists.txt 2017-06-27 23:53:58.0 +0200 +++ new/mosquitto-1.4.14/CMakeLists.txt 2017-07-11 00:46:01.0 +0200 @@ -11,7 +11,7 @@ cmake_minimum_required(VERSION 2.8) # Only for version 3 and up. cmake_policy(SET CMP0042 NEW) -set (VERSION 1.4.13) +set (VERSION 1.4.14) if (WIN32) execute_process(COMMAND cmd /c echo %DATE% %TIME% OUTPUT_VARIABLE TIMESTAMP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mosquitto-1.4.13/ChangeLog.txt new/mosquitto-1.4.14/ChangeLog.txt --- old/mosquitto-1.4.13/ChangeLog.txt 2017-06-27 23:53:58.0 +0200 +++ new/mosquitto-1.4.14/ChangeLog.txt 2017-07-11 00:46:01.0 +0200 @@ -1,3 +1,10 @@ +1.4.14 - 20170710 += + +Broker: +- Fix regression from 1.4.13 where persistence data was not being saved. + + 1.4.13 - 20170627 = diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mosquitto-1.4.13/config.mk new/mosquitto-1.4.14/config.mk --- old/mosquitto-1.4.13/config.mk 2017-06-27 23:53:58.0 +0200 +++ new/mosquitto-1.4.14/config.mk 2017-07-11 00:46:01.0 +0200 @@ -86,7 +86,7 @@ # Also bump lib/mosquitto.h, CMakeLists.txt, # installer/mosquitto.nsi, installer/mosquitto-cygwin.nsi -VERSION=1.4.13 +VERSION=1.4.14 TIMESTAMP:=$(shell date "+%F %T%z") # Client library SO version. Bump if incompatible API/ABI changes are made. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mosquitto-1.4.13/installer/mosquitto-cygwin.nsi new/mosquitto-1.4.14/installer/mosquitto-cygwin.nsi --- old/mosquitto-1.4.13/installer/mosquitto-cygwin.nsi 2017-06-27 23:53:58.0 +0200 +++ new/mosquitto-1.4.14/installer/mosquitto-cygwin.nsi 2017-07-11 00:46:01.0 +0200 @@ -7,7 +7,7 @@ !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' Name "mosquitto" -!define VERSION 1.4.13 +!define VERSION 1.4.14 OutFile "mosquitto-${VERSION}-install-cygwin.exe" InstallDir "$PROGRAMFILES\mosquitto" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mosquitto-1.4.13/installer/mosquitto.nsi new/mosquitto-1.4.14/installer/mosquitto.nsi --- old/mosquitto-1.4.13/installer/mosquitto.nsi2017-06-27 23:53:58.0 +0200 +++ new/mosquitto-1.4.14/installer/mosquitto.nsi2017-07-11 00:46:01.0 +0200 @@ -9,7 +9,7 @@ !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' Name "mosquitto" -!define VERSION 1.4.13 +!define VERSION 1.4.14 OutFile "mosquitto-${VERSION}-install-win32.exe" InstallDir "$PROGRAMFILES\mosquitto" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mosquitto-1.4.13/lib/mosquitto.h new/mosquitto-1.4.14/lib/mosquitto.h --- old/mosquitto-1.4.13/lib/mosquitto.h2017-06-27 23:53:58.0 +0200 +++ new/mosquitto-1.4.14/lib/mosquitto.h2017-07-11 00:46:01.0 +0200 @@ -45,7 +45,7 @@ #define LIBMOSQUITTO_MAJOR 1 #define LIBMOSQUITTO_MINOR 4 -#define LIBMOSQUITTO_REVISION 13 +#define LIBMOSQUITTO_REVISION 14 /*
commit mosquitto for openSUSE:Factory
Hello community, here is the log from the commit of package mosquitto for openSUSE:Factory checked in at 2017-09-12 19:53:46 Comparing /work/SRC/openSUSE:Factory/mosquitto (Old) and /work/SRC/openSUSE:Factory/.mosquitto.new (New) Package is "mosquitto" Tue Sep 12 19:53:46 2017 rev:2 rq:522108 version:1.4.13 Changes: --- /work/SRC/openSUSE:Factory/mosquitto/mosquitto.changes 2017-08-28 16:17:21.969115101 +0200 +++ /work/SRC/openSUSE:Factory/.mosquitto.new/mosquitto.changes 2017-09-12 19:53:48.504461451 +0200 @@ -1,0 +2,8 @@ +Thu Sep 7 12:13:21 UTC 2017 - jeng...@inai.de + +- Fix incorrect RPM groups. +- Remove repeated license declaration from description. + Trim package descriptions for size. +- Errors from user creation must not be ignored. + +--- Other differences: -- ++ mosquitto.spec ++ --- /var/tmp/diff_new_pack.WY9nhs/_old 2017-09-12 19:53:49.092378786 +0200 +++ /var/tmp/diff_new_pack.WY9nhs/_new 2017-09-12 19:53:49.092378786 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %if 0%{?suse_version} > 1230 || 0%{?rhel_version} > 600 || 0%{?centos_version} > 600 || 0%{?fedora_version} >= 20 || 0%{?el7}%{?fc20}%{?fc21}%{?fc22}%{?fc23}%{?fc24}%{?fc25} %bcond_without systemd %else @@ -25,10 +26,10 @@ Name: mosquitto Version:1.4.13 Release:0 +Summary:A MQTT v3.1/v3.1.1 Broker License:EPL-1.0 -Summary:An Open Source MQTT v3.1/v3.1.1 Broker +Group: Productivity/Networking/Other Url:http://mosquitto.org/ -Group: System/Daemons Source: http://mosquitto.org/files/source/mosquitto-%{version}.tar.gz Source1:mosquitto.service Source2:mosquitto.fw @@ -52,6 +53,7 @@ BuildRequires: pkgconfig(systemd) %{?systemd_requires} %endif +Requires(pre): shadow %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services %define home/var/lib/%{name} @@ -59,7 +61,7 @@ %define cpp_lib libmosquittopp1 %description -Mosquitto is an open source (BSD licensed) message broker that implements the +Mosquitto is a message broker that implements the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low @@ -69,63 +71,52 @@ monitoring and automation with his twittering house and twittering ferry. %package -n %{c_lib} -Group: Development/Libraries/C and C++ Summary:Shared C Library for %{name} +Group: Development/Libraries/C and C++ + %description -n %{c_lib} -Mosquitto is an open source (BSD licensed) message broker that implements the +Mosquitto is a message broker that implements the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. -This makes it suitable for "machine to machine" messaging such as with low -power sensors or mobile devices such as phones, embedded computers or -microcontrollers like the Arduino. A good example of this is all of the work -that Andy Stanford-Clark (one of the originators of MQTT) has done in home -monitoring and automation with his twittering house and twittering ferry. This package holds the shared C library. %package -n %{cpp_lib} -Group: Development/Libraries/C and C++ Summary:Shared C++ Library for %{name} +Group: Development/Libraries/C and C++ + %description -n %{cpp_lib} -Mosquitto is an open source (BSD licensed) message broker that implements the +Mosquitto is a message broker that implements the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. -This makes it suitable for "machine to machine" messaging such as with low -power sensors or mobile devices such as phones, embedded computers or -microcontrollers like the Arduino. A good example of this is all of the work -that Andy Stanford-Clark (one of the originators of MQTT) has done in home -monitoring and automation with his twittering house and twittering ferry. This package holds the shared C++ library. %package devel -Group: Development/Libraries/C and C++ Requires: %{c_lib} = %{version} Requires: %{cpp_lib} = %{version} Provides: libmosquitto-devel = %{version}-%{release} Provides: libmosquittopp-devel = %{version}-%{release} -Summary:Development files %{name} +Summary:Development files for %{name} +Group: