Trang chủ Khám phá Trợ giúp
Đăng nhập
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Các tập tin
Browse Source

mosquitto: security bump to version 1.4.12

Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set
their username/client id to ‘#’ or ‘+’.  This allows locally or remotely
connected clients to access MQTT topics that they do have the rights to.
The same issue may be present in third party authentication/access control
plugins for Mosquitto.

For more details, see:
https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/

Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now
upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard 8 năm trước cách đây
mục cha
27e0626e99
commit
9e9dee2534
3 tập tin đã thay đổi với 2 bổ sung34 xóa
Split View Hiển thị tình trạng sai khác
  1. 0 32
      package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch
  2. 1 1
      package/mosquitto/mosquitto.hash
  3. 1 1
      package/mosquitto/mosquitto.mk

+ 0 - 32
package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch
Xem Tập Tin 

@@ -1,32 +0,0 @@
 
-From 0de640dd834b6c01c4904e11d51f3a1406c89469 Mon Sep 17 00:00:00 2001
 
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
-Date: Mon, 3 Apr 2017 20:34:07 +0200
 
-Subject: [PATCH] Remove -lanl when WITH_ADNS is unset
 
-
 
-Do not add -lanl to BROKER_LIBS for all Linux builds.
 
-Indeed, -lanl is only needed for getaddrinfo_a which is only used in
 
-_mosquitto_try_connect_step1 when WITH_ADNS is set
 
-
 
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
----
 
- config.mk | 4 ----
 
- 1 file changed, 4 deletions(-)
 
-
 
-diff --git a/config.mk b/config.mk
 
-index 6e369c2..44639d2 100644
 
---- a/config.mk
 
-+++ b/config.mk
 
-@@ -159,10 +159,6 @@ ifeq ($(UNAME),QNX)
 
- 	LIB_LIBS:=$(LIB_LIBS) -lsocket
 
- endif
 
- 
--ifeq ($(UNAME),Linux)
 
--	BROKER_LIBS:=$(BROKER_LIBS) -lanl
 
--endif
 
--
 
- ifeq ($(WITH_WRAP),yes)
 
- 	BROKER_LIBS:=$(BROKER_LIBS) -lwrap
 
- 	BROKER_CFLAGS:=$(BROKER_CFLAGS) -DWITH_WRAP
 
--- 
-2.5.0
 
-

+ 1 - 1
package/mosquitto/mosquitto.hash
Xem Tập Tin 

@@ -1,2 +1,2 @@
 
 # Locally computed:
 
-sha512  c05ca8679b9a6f540868f4ccf701257fcabc114d5450ac0bbbe80b91bb7cd4fc52668773e945506760c7a5bd8a494e0a56100714112e5d2713d57bfab8951587  mosquitto-1.4.11.tar.gz
 
+sha512  75e6105498869ab13265df7a0bea6052c014d59d0c0efb61162d8257d34c0153fce32130e84c28e99fd494f374949aac5e01c19f7439c2eea575b52ef1179c3c  mosquitto-1.4.12.tar.gz

+ 1 - 1
package/mosquitto/mosquitto.mk
Xem Tập Tin 

@@ -4,7 +4,7 @@
 
 #
 
 ################################################################################
 
 
-MOSQUITTO_VERSION = 1.4.11
 
+MOSQUITTO_VERSION = 1.4.12
 
 MOSQUITTO_SITE = http://mosquitto.org/files/source
 
 MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
 
 MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10