From 9e9dee25346f861f3276a4c2ab21c98b8caf88a7 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Mon, 29 May 2017 23:19:59 +0200 Subject: [PATCH] mosquitto: security bump to version 1.4.12 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their username/client id to ‘#’ or ‘+’. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. For more details, see: https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/ Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now upstream. Signed-off-by: Peter Korsgaard --- ...-Remove-lanl-when-WITH_ADNS-is-unset.patch | 32 ------------------- package/mosquitto/mosquitto.hash | 2 +- package/mosquitto/mosquitto.mk | 2 +- 3 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch diff --git a/package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch b/package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch deleted file mode 100644 index f9b1b273d1..0000000000 --- a/package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0de640dd834b6c01c4904e11d51f3a1406c89469 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Mon, 3 Apr 2017 20:34:07 +0200 -Subject: [PATCH] Remove -lanl when WITH_ADNS is unset - -Do not add -lanl to BROKER_LIBS for all Linux builds. -Indeed, -lanl is only needed for getaddrinfo_a which is only used in -_mosquitto_try_connect_step1 when WITH_ADNS is set - -Signed-off-by: Fabrice Fontaine ---- - config.mk | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/config.mk b/config.mk -index 6e369c2..44639d2 100644 ---- a/config.mk -+++ b/config.mk -@@ -159,10 +159,6 @@ ifeq ($(UNAME),QNX) - LIB_LIBS:=$(LIB_LIBS) -lsocket - endif - --ifeq ($(UNAME),Linux) -- BROKER_LIBS:=$(BROKER_LIBS) -lanl --endif -- - ifeq ($(WITH_WRAP),yes) - BROKER_LIBS:=$(BROKER_LIBS) -lwrap - BROKER_CFLAGS:=$(BROKER_CFLAGS) -DWITH_WRAP --- -2.5.0 - diff --git a/package/mosquitto/mosquitto.hash b/package/mosquitto/mosquitto.hash index 5514c2118d..6c102ebaa5 100644 --- a/package/mosquitto/mosquitto.hash +++ b/package/mosquitto/mosquitto.hash @@ -1,2 +1,2 @@ # Locally computed: -sha512 c05ca8679b9a6f540868f4ccf701257fcabc114d5450ac0bbbe80b91bb7cd4fc52668773e945506760c7a5bd8a494e0a56100714112e5d2713d57bfab8951587 mosquitto-1.4.11.tar.gz +sha512 75e6105498869ab13265df7a0bea6052c014d59d0c0efb61162d8257d34c0153fce32130e84c28e99fd494f374949aac5e01c19f7439c2eea575b52ef1179c3c mosquitto-1.4.12.tar.gz diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk index 9ffd149a75..a9eb5b02f3 100644 --- a/package/mosquitto/mosquitto.mk +++ b/package/mosquitto/mosquitto.mk @@ -4,7 +4,7 @@ # ################################################################################ -MOSQUITTO_VERSION = 1.4.11 +MOSQUITTO_VERSION = 1.4.12 MOSQUITTO_SITE = http://mosquitto.org/files/source MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0 MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10 -- 2.30.2