diff --git a/CVE-2021-34432.patch b/CVE-2021-34432.patch deleted file mode 100644 index e212460c91506bef1065635d123499dc8aec1279..0000000000000000000000000000000000000000 --- a/CVE-2021-34432.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 Mon Sep 17 00:00:00 2001 -From: "Roger A. Light" -Date: Tue, 9 Feb 2021 14:09:53 +0000 -Subject: [PATCH] Fix mosquitto_{pub|sub}_topic_check() function returns. - -The would not return MOSQ_ERR_INVAL on topic == NULL. ---- - ChangeLog.txt | 5 +++++ - lib/util_topic.c | 19 ++++++++++++++++--- - 2 files changed, 21 insertions(+), 3 deletions(-) - -diff --git a/lib/util_topic.c b/lib/util_topic.c -index fc24f0d1c..62b531127 100644 ---- a/lib/util_topic.c -+++ b/lib/util_topic.c -@@ -54,6 +54,11 @@ int mosquitto_pub_topic_check(const char *str) - #ifdef WITH_BROKER - int hier_count = 0; - #endif -+ -+ if(str == NULL){ -+ return MOSQ_ERR_INVAL; -+ } -+ - while(str && str[0]){ - if(str[0] == '+' || str[0] == '#'){ - return MOSQ_ERR_INVAL; -@@ -81,7 +86,9 @@ int mosquitto_pub_topic_check2(const char *str, size_t len) - int hier_count = 0; - #endif - -- if(len > 65535) return MOSQ_ERR_INVAL; -+ if(str == NULL || len > 65535){ -+ return MOSQ_ERR_INVAL; -+ } - - for(i=0; i 65535) return MOSQ_ERR_INVAL; -+ if(str == NULL || len > 65535){ -+ return MOSQ_ERR_INVAL; -+ } - - for(i=0; i -Date: Tue, 10 Aug 2021 20:48:21 +0100 -Subject: [PATCH] Fix CONNECT performance with many user-properties. - ---- - lib/property_mosq.c | 14 ++++----- - test/broker/01-connect-575314.py | 49 ++++++++++++++++++++++++++++++++ - test/broker/Makefile | 1 + - test/broker/test.py | 1 + - 4 files changed, 58 insertions(+), 7 deletions(-) - create mode 100755 test/broker/01-connect-575314.py - -diff --git a/lib/property_mosq.c b/lib/property_mosq.c -index 859e28b..6eccdbd 100644 ---- a/lib/property_mosq.c -+++ b/lib/property_mosq.c -@@ -878,14 +878,14 @@ int mosquitto_property_check_all(int command, const mosquitto_property *properti - if(rc) return rc; - - /* Check for duplicates */ -- tail = p->next; -- while(tail){ -- if(p->identifier == tail->identifier -- && p->identifier != MQTT_PROP_USER_PROPERTY){ -- -- return MOSQ_ERR_DUPLICATE_PROPERTY; -+ if(p->identifier != MQTT_PROP_USER_PROPERTY){ -+ tail = p->next; -+ while(tail){ -+ if(p->identifier == tail->identifier){ -+ return MOSQ_ERR_DUPLICATE_PROPERTY; -+ } -+ tail = tail->next; - } -- tail = tail->next; - } - - p = p->next; -diff --git a/test/broker/01-connect-575314.py b/test/broker/01-connect-575314.py -new file mode 100755 -index 0000000..4a8f314 ---- /dev/null -+++ b/test/broker/01-connect-575314.py -@@ -0,0 +1,49 @@ -+#!/usr/bin/env python3 -+ -+# Check for performance of processing user-property on CONNECT -+ -+from mosq_test_helper import * -+ -+def do_test(): -+ rc = 1 -+ props = mqtt5_props.gen_string_pair_prop(mqtt5_props.PROP_USER_PROPERTY, "key", "value") -+ for i in range(0, 20000): -+ props += mqtt5_props.gen_string_pair_prop(mqtt5_props.PROP_USER_PROPERTY, "key", "value") -+ connect_packet_slow = mosq_test.gen_connect("connect-user-property", proto_ver=5, properties=props) -+ connect_packet_fast = mosq_test.gen_connect("a"*65000, proto_ver=5) -+ connack_packet = mosq_test.gen_connack(rc=0, proto_ver=5) -+ -+ port = mosq_test.get_port() -+ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port) -+ -+ try: -+ t_start = time.monotonic() -+ sock = mosq_test.do_client_connect(connect_packet_slow, connack_packet, port=port) -+ t_stop = time.monotonic() -+ sock.close() -+ -+ t_diff_slow = t_stop - t_start -+ -+ t_start = time.monotonic() -+ sock = mosq_test.do_client_connect(connect_packet_fast, connack_packet, port=port) -+ t_stop = time.monotonic() -+ sock.close() -+ -+ t_diff_fast = t_stop - t_start -+ # 20 is chosen as a factor that works in plain mode and running under -+ # valgrind. The slow performance manifests as a factor of >100. Fast is <10. -+ if t_diff_slow / t_diff_fast < 20: -+ rc = 0 -+ except mosq_test.TestError: -+ pass -+ finally: -+ broker.terminate() -+ broker.wait() -+ (stdo, stde) = broker.communicate() -+ if rc: -+ print(stde.decode('utf-8')) -+ exit(rc) -+ -+ -+do_test() -+exit(0) -diff --git a/test/broker/Makefile b/test/broker/Makefile -index fa889ce..f560b6e 100644 ---- a/test/broker/Makefile -+++ b/test/broker/Makefile -@@ -20,6 +20,7 @@ ptest : test-compile - test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 - - 01 : -+ ./01-connect-575314.py - ./01-connect-anon-denied.py - ./01-connect-bad-packet.py - ./01-connect-disconnect-v5.py -diff --git a/test/broker/test.py b/test/broker/test.py -index 9a22262..6703f4b 100755 ---- a/test/broker/test.py -+++ b/test/broker/test.py -@@ -5,6 +5,7 @@ import ptest - - tests = [ - #(ports required, 'path'), -+ (1, './01-connect-575314.py'), - (1, './01-connect-anon-denied.py'), - (1, './01-connect-bad-packet.py'), - (1, './01-connect-disconnect-v5.py'), --- -2.30.0 - diff --git a/add-usage-output.patch b/add-usage-output.patch index 4eb171b0dbc3112520723fa60aed23b78a826774..8114e2b0135bd5d87952d60e5bffa366e49a2796 100644 --- a/add-usage-output.patch +++ b/add-usage-output.patch @@ -11,7 +11,7 @@ diff --git a/src/conf.c b/src/conf.c index 9d31ad9..ed989d5 100644 --- a/src/conf.c +++ b/src/conf.c -@@ -358,12 +358,12 @@ static void print_usage(void) +@@ -360,12 +360,12 @@ static void print_usage(void) printf("mosquitto version %s\n\n", VERSION); printf("mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker.\n\n"); printf("Usage: mosquitto [-c config_file] [-d] [-h] [-p port]\n\n"); diff --git a/fix-usage-exit-code.patch b/fix-usage-exit-code.patch index 2f0c8a6f92e286a453a23fd4835af6c1db5428b9..6a3e5153c1d99289af943f4fea95e99d3225c9ee 100644 --- a/fix-usage-exit-code.patch +++ b/fix-usage-exit-code.patch @@ -1,6 +1,6 @@ -From 55ff763724f71e84ead9b0352506653dbb1c8d69 Mon Sep 17 00:00:00 2001 +From 97cef5c831be58770f4a298023d358bd225601d4 Mon Sep 17 00:00:00 2001 From: lingsheng -Date: Thu, 30 Sep 2021 15:31:46 +0800 +Date: Wed, 10 May 2023 15:02:00 +0800 Subject: [PATCH] fix usage exit code --- @@ -10,10 +10,10 @@ Subject: [PATCH] fix usage exit code 3 files changed, 11 insertions(+) diff --git a/client/pub_client.c b/client/pub_client.c -index 59162a2..4ad2fb3 100644 +index 7822e27..7e2d910 100644 --- a/client/pub_client.c +++ b/client/pub_client.c -@@ -491,6 +491,10 @@ int main(int argc, char *argv[]) +@@ -526,6 +526,10 @@ int main(int argc, char *argv[]) if(rc == 2){ /* --help */ print_usage(); @@ -21,38 +21,38 @@ index 59162a2..4ad2fb3 100644 + client_config_cleanup(&cfg); + pub_shared_cleanup(); + return 0; + }else if(rc == 3){ + print_version(); }else{ - fprintf(stderr, "\nUse 'mosquitto_pub --help' to see usage.\n"); - } diff --git a/client/rr_client.c b/client/rr_client.c -index dec9468..180d3b8 100644 +index e74536f..fc90803 100644 --- a/client/rr_client.c +++ b/client/rr_client.c -@@ -267,6 +267,9 @@ int main(int argc, char *argv[]) +@@ -316,6 +316,9 @@ int main(int argc, char *argv[]) if(rc == 2){ /* --help */ print_usage(); + mosquitto_lib_cleanup(); + client_config_cleanup(&cfg); + return 0; - }else{ - fprintf(stderr, "\nUse 'mosquitto_rr --help' to see usage.\n"); - } + }else if(rc == 3){ + /* --version */ + print_version(); diff --git a/client/sub_client.c b/client/sub_client.c -index fb26638..5f4ac5f 100644 +index 4ff3bf9..80f778f 100644 --- a/client/sub_client.c +++ b/client/sub_client.c -@@ -294,6 +294,10 @@ int main(int argc, char *argv[]) +@@ -331,6 +331,10 @@ int main(int argc, char *argv[]) if(rc == 2){ /* --help */ print_usage(); -+ mosquitto_destroy(mosq); ++ mosquitto_destroy(g_mosq); + mosquitto_lib_cleanup(); + client_config_cleanup(&cfg); + return 0; - }else{ - fprintf(stderr, "\nUse 'mosquitto_sub --help' to see usage.\n"); - } + }else if(rc == 3){ + /* --version */ + print_version(); -- -2.23.0 +2.33.0 diff --git a/mosquitto-1.6.15.tar.gz b/mosquitto-1.6.15.tar.gz deleted file mode 100644 index 9fb87b51a7f5bcc2e14a0ae6889cdbfb9ebb09a6..0000000000000000000000000000000000000000 Binary files a/mosquitto-1.6.15.tar.gz and /dev/null differ diff --git a/mosquitto-2.0.15.tar.gz b/mosquitto-2.0.15.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..5c5ad33652d9a45a013d51e3850b927c70ed4df3 Binary files /dev/null and b/mosquitto-2.0.15.tar.gz differ diff --git a/mosquitto.spec b/mosquitto.spec index 954ee180602f3ddbe0cfb67edcdf3832b165389c..0de3d734b755ed2502e7646317421bbc10406dd5 100644 --- a/mosquitto.spec +++ b/mosquitto.spec @@ -1,16 +1,14 @@ Name: mosquitto -Version: 1.6.15 -Release: 7 +Version: 2.0.15 +Release: 1 Summary: Open Source MQTT v3.1/v3.1.1 Broker License: EPL-1.0 URL: http://mosquitto.org/ Source0: http://mosquitto.org/files/source/%{name}-%{version}.tar.gz Patch0001: add-usage-output.patch Patch0002: fix-usage-exit-code.patch -Patch0003: CVE-2021-41039.patch -Patch0004: CVE-2021-34432.patch BuildRequires: c-ares-devel gcc-c++ libuuid-devel libwebsockets-devel openssl-devel -BuildRequires: systemd-devel +BuildRequires: systemd-devel cjson-devel BuildRequires: make Provides: bundled(uthash) Requires(pre): shadow-utils @@ -72,7 +70,7 @@ exit 0 %files %license LICENSE.txt -%doc ChangeLog.txt CONTRIBUTING.md readme.md +%doc ChangeLog.txt CONTRIBUTING.md README.md %{_bindir}/* %{_sbindir}/* %{_libdir}/*.so.* @@ -92,6 +90,9 @@ exit 0 %{_mandir}/man3/*.3.* %changelog +* Wed May 10 2023 Ge Wang - 2.0.15-1 +- Update to version 2.0.15 + * Mon May 9 2022 caodongxia - 1.6.15-7 - License compliance rectification