pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
mosquitto: Update to 1.5.6
Module Name: pkgsrc-wip
Committed By: Greg Troxel <gdt%lexort.com@localhost>
Pushed By: gdt
Date: Mon Feb 11 20:06:13 2019 -0500
Changeset: 3540d667ae9355bee2febf5d6b9906ecf94d21e9
Modified Files:
mosquitto/Makefile
mosquitto/distinfo
Log Message:
mosquitto: Update to 1.5.6
1.5.6 - 20190206
================
Security:
- CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and no
password. If this occurs, clients can circumvent authentication and get access
to the broker by using the malformed username. In particular, a blank line
will be treated as a valid empty username. Other security measures are
unaffected. Users who have only used the mosquitto_passwd utility to create
and modify their password files are unaffected by this vulnerability.
Affects version 1.0 to 1.5.5 inclusive.
- CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all topics
is not a useful configuration, this behaviour is unexpected and could lead
to access being incorrectly granted in some circumstances. This is now
fixed. Affects versions 1.0 to 1.5.5 inclusive.
- CVE-2018-12546. If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration option
`check_retain_source` has been introduced to enforce checking of the
retained message source on publish.
Broker:
- Fixed comment handling for config options that have optional arguments.
- Improved documentation around bridge topic remapping.
- Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
- Fix spaces not being allowed in the bridge remote_username option. Closes
#1131.
- Allow broker to always restart on Windows when using `log_dest file`. Closes
#1080.
- Fix Will not being sent for Websockets clients. Closes #1143.
- Windows: Fix possible crash when client disconnects. Closes #1137.
- Fixed durable clients being unable to receive messages when offline, when
per_listener_settings was set to true. Closes #1081.
- Add log message for the case where a client is disconnected for sending a
topic with invalid UTF-8. Closes #1144.
Library:
- Fix TLS connections not working over SOCKS.
- Don't clear SSL context when TLS connection is closed, meaning if a user
provided an external SSL_CTX they have less chance of leaking references.
Build:
- Fix comparison of boolean values in CMake build. Closes #1101.
- Fix compilation when openssl deprecated APIs are not available.
Closes #1094.
- Man pages can now be built on any system. Closes #1139.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=3540d667ae9355bee2febf5d6b9906ecf94d21e9
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
mosquitto/Makefile | 2 +-
mosquitto/distinfo | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diffs:
diff --git a/mosquitto/Makefile b/mosquitto/Makefile
index f5fb4b5365..b109cfcc07 100644
--- a/mosquitto/Makefile
+++ b/mosquitto/Makefile
@@ -1,6 +1,6 @@
# $NetBSD$
-VERSION= 1.5.5
+VERSION= 1.5.6
DISTNAME= mosquitto-${VERSION}
CATEGORIES= net
MASTER_SITES= https://mosquitto.org/files/source/
diff --git a/mosquitto/distinfo b/mosquitto/distinfo
index 565c516b30..4737a61e67 100644
--- a/mosquitto/distinfo
+++ b/mosquitto/distinfo
@@ -1,9 +1,9 @@
$NetBSD$
-SHA1 (mosquitto-1.5.5.tar.gz) = 1034e120b85b280d2d82b1ad42b280802999ee1e
-RMD160 (mosquitto-1.5.5.tar.gz) = 7c04ab09553a3514c0ff6411ba289ed3a971c757
-SHA512 (mosquitto-1.5.5.tar.gz) = 4984a8c3a48450ae87dfca9ea825433332c22a5c1b214b7c6d134789675431ba1bcebaceea2fe32c5d32c91ec47b9ded7b61c0c2caf6551f10e4f8dc455a5351
-Size (mosquitto-1.5.5.tar.gz) = 431998 bytes
+SHA1 (mosquitto-1.5.6.tar.gz) = df99f3b9d5afcb1f13f622e07b4b9f516c26689a
+RMD160 (mosquitto-1.5.6.tar.gz) = c4ddcd7388e5a19410421a2149292f3eb130b40e
+SHA512 (mosquitto-1.5.6.tar.gz) = 99bd935f93ae25f0c7992870780cce4748b35ffd58fd0d39e20ee69f34c28d3eac289cf0c7dec078dbdced3bda12da4569d4b5e84ebdaa5514640f331ca3238b
+Size (mosquitto-1.5.6.tar.gz) = 439402 bytes
SHA1 (patch-CMakeLists.txt) = 34891235466aca2becd6072183298b8949a0a356
SHA1 (patch-lib_CMakeLists.txt) = 9ab510e09f5099e595129b8bacf1a348b0868271
SHA1 (patch-mosquitto.conf) = faa7e77c30a58105bd678d510f1f545345f6ce0b
Home |
Main Index |
Thread Index |
Old Index