summaryrefslogtreecommitdiffstats
path: root/package/mosquitto
Commit message (Collapse)AuthorAgeFilesLines
* package/mosquitto: bump version to 1.5.8Peter Korsgaard2019-03-252-2/+2
| | | | | | | | | | | Bugfix release, fixing a number of issues discovered post-1.5.7 https://mosquitto.org/blog/2019/02/version-1-5-8-released/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 24cc2eaa335a34633b71a7db7c972ab64b5e7739) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: bump to version 1.5.7Peter Korsgaard2019-02-144-64/+2
| | | | | | | | Bugfix release, fixing a number of issues discovered post-1.5.6. Drop patches as they are now included upstream. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: security bump to version 1.5.6Peter Korsgaard2019-02-104-2/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2018-12551: If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. Affects version 1.0 to 1.5.5 inclusive. CVE-2018-12550: If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. Affects versions 1.0 to 1.5.5 inclusive. CVE-2018-12546: If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option check_retain_source has been introduced to enforce checking of the retained message source on publish. Add two upstream post-1.5.6 patches to fix a build error in the bridge code when ADNS is enabled and when building with older toolchains not defaulting to C99 mode. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: fix commentsPeter Korsgaard2019-02-081-4/+4
| | | | | | | | The toplevel mosquitto comment should go after the sub options to ensure they get indented, and the broker comment should be hidden if mosquitto isn't enabled. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: security bump to version 1.5.5Peter Korsgaard2018-12-212-2/+2
| | | | | | | | | | | | >From the release notes: If per_listener_settings is set to true, then the acl_file setting was ignored for the "default listener" only. This has been fixed. This does not affect any listeners defined with the listener option. https://mosquitto.org/blog/2018/12/version-155-released/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: make broker optionalTitouan Christophe2018-12-152-7/+21
| | | | | | | | | | | | | | | | | | | | | The mosquitto package provides both the MQTT client library and a broker, and the latter may be not needed (when connecting to a remote broker). It should be therefore possible to not install and start it on the target Also remove the dependency on BR2_TOOLCHAIN_HAS_SYNC_4, as it does not seem to be needed. Verified with: * br-m68k-68040-full.config [OK] * br-sparc-uclibc.config [OK] The original issue adding the dependency in commit 874d0784bb23d (package/mosquito: needs sync_4) unfortunately refers to autobuilder results that are no longer available. Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu> [Peter: extend commit message, fix comment line, remove indentation in .mk] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: security bump to version 1.5.4Peter Korsgaard2018-11-093-48/+2
| | | | | | | | | | | | | | | | >From the announcement: When using a TLS enabled websockets listener with require_certificate enabled, the mosquitto broker does not correctly verify client certificates. This is now fixed. All other security measures operate as expected, and in particular non-websockets listeners are not affected by this. https://mosquitto.org/blog/2018/11/version-154-released/ Drop patch 0001, now applied upstream: https://github.com/eclipse/mosquitto/pull/933 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: security bump to version 1.5.3Fabrice Fontaine2018-09-302-2/+2
| | | | | | | | | Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: bump version to 1.5.1Bernd Kuhls2018-08-245-187/+48
| | | | | | | | Removed patch 0001, applied upstream. Replaced patch 0002 with a more generic solution as patch 0001. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* mosquitto: fix build with some glibcFabrice Fontaine2018-06-191-0/+34
| | | | | | | | | | Add patch to define _GNU_SOURCE before using S_IF{DIR,REG} Fixes: - http://autobuild.buildroot.net/results/7dcfb6ca9d14a5cd6872590065549356f1ab42a0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: bump to version 1.5Fabrice Fontaine2018-06-134-51/+153
| | | | | | | | - Remove patch (already in version) - Add patch to fix crash (retrieved from upstream) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* mosquitto: unbreak build with websockets and !libopensslPeter Korsgaard2018-03-031-0/+49
| | | | | | | Fixes: http://autobuild.buildroot.net/results/d69/d693f3e3f1c73ccf54ac7076623e436355a9d901/b Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: security bump to version 1.4.15Peter Korsgaard2018-03-012-3/+3
| | | | | | | | | | | | | | | | Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT packet which causes large amounts of memory use in the broker. If multiple clients do this, an out of memory situation can occur and the system may become unresponsive or the broker will be killed by the operating system. The fix addresses the problem by limiting the permissible size for CONNECT packet, and by adding a memory_limit configuration option that allows the broker to self limit the amount of memory it uses. The hash of new tarball is not (yet) available through download.php, so use a locally calculated hash. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: supports only the real OpenSSL, not LibreSSLThomas Petazzoni2017-10-211-2/+2
| | | | | | | mosquitto will not build with LibreSSL without patches, so let's support only OpenSSL. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* mosquitto: bump version to 1.4.14Peter Korsgaard2017-07-112-8/+9
| | | | | | | | | | | | | Drop CVE 2017-9868 patch as that is now upstream. 1.4.14 is a bugfix release, fixing significant websocket performance / correctness issues. Use HTTPS for the download as the server uses HSTS, thus saving a redirect. While we're at it, add hashes for the license files. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: clarify that patch hash is locally calculatedPeter Korsgaard2017-07-021-0/+1
| | | | | | | | Commit e51d69a3b (mosquitto: specify that hash is taken from upstream) changed the .hash description header, but the upstream hash only applies to the tarball, not the patch. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: specify that hash is taken from upstreamVicente Olivert Riera2017-07-011-1/+1
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* mosquitto: add upstream security fixPeter Korsgaard2017-06-282-0/+3
| | | | | | | | Fixes CVE-2017-9868: In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: security bump to version 1.4.12Peter Korsgaard2017-05-303-34/+2
| | | | | | | | | | | | | | | | Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their username/client id to ‘#’ or ‘+’. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. For more details, see: https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/ Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now upstream. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: enable WITH_ADNS for glibc buildsFabrice Fontaine2017-04-081-0/+7
| | | | | | | WITH_ADNS option has been added in version 1.4.11 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: bump to version 1.4.11Fabrice Fontaine2017-04-083-3/+35
| | | | | | | | | | - This version requires a patch (sent upstream) to remove -lanl from all Linux builds as this library is only needed for adns support - sha512 must be computed locally as eclipse.org does not give it for this version Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: use SPDX short identifier for EPL licenseRahul Bedarkar2017-04-011-1/+1
| | | | | Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/mosquito: needs sync_4Yann E. MORIN2017-02-191-0/+2
| | | | | | | | | | | | | Fixes: http://autobuild.buildroot.org/results/2bc/2bc84ba2d1167018e2d48e5183ead22b6425dcf5/ http://autobuild.buildroot.org/results/445/445f377ae70397b5f675f541977900e8986b79a4/ http://autobuild.buildroot.org/results/57e/57e6984427f8c5d906a93884cc461b8f93cf5ce0/ ... [Peter: also add dependency to mosquitto comment] Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: bump to version 1.4.10Peter Korsgaard2016-08-302-3/+3
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: bump to version 1.4.9Peter Korsgaard2016-06-082-3/+3
| | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: remove _gp issue workaround for Codesourcery nios2 toolchainRomain Naour2016-03-051-3/+0
| | | | | | | The _gp link issue has been fixed in CS nios2 2015.11. Signed-off-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* mosquitto: security bump to version 1.4.8Peter Korsgaard2016-02-172-2/+2
| | | | | | | | | This includes a fix for a security related bug related to the listener mount_point feature. The bug allows a client that is restricted to a mount_point to publish messages outside this hierarchy using the last will and testament feature. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: bump to version 1.4.7Peter Korsgaard2016-01-302-2/+2
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* toolchain-external: CodeSourcery NIOSII: support only one versionRomain Naour2015-12-181-4/+2
| | | | | | | | | | | | | | See the conclusion about external toolchains during the Buildroot meeting [1]: "In the future, we stick to a single external toolchain version. The Kconfig symbol should not encode the version (avoid legacy handling)" [1] http://elinux.org/index.php?title=Buildroot:DeveloperDaysELCE2015#Report Signed-off-by: Romain Naour <romain.naour@openwide.fr> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* mosquitto: bump to version 1.4.5Peter Korsgaard2015-11-132-2/+2
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: systemd supportGabe Evans2015-11-022-0/+18
| | | | | Signed-off-by: Gabe Evans <gabe@hashrabbit.co> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: Replace 'echo -n' by 'printf'Maxime Hadjinlian2015-10-041-2/+2
| | | | | | | | | | | | 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: bump to version 1.4.4Peter Korsgaard2015-09-282-2/+2
| | | | | | | | | [Thomas: tweak commit title as suggested by Vicente.] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* mosquitto: bump versionPeter Korsgaard2015-08-202-2/+2
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Merge branch 'next'Peter Korsgaard2015-06-012-2/+2
|\ | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * mosquitto: bump versionPeter Korsgaard2015-05-082-2/+2
| | | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* | mosquitto: disable with broken NIOS 2 toolchainsThomas Petazzoni2015-05-161-0/+5
|/ | | | | | | | | | | | mosquitto triggers the infamous _gp issue with the NIOS 2 toolchains, so let's not allow mosquitto in such situations. Fixes: http://autobuild.buildroot.net/results/b853369452115b0c6f32c6c960af2dbdf71a74af/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: remove ipv6 dependsGustavo Zacarias2015-04-231-3/+2
| | | | | | | | | The package was added after the last iteration of the non-ipv6 toolchain removal, so adjust it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: add mosquittoPeter Korsgaard2015-04-214-0/+146
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud