From db64a57b00127bb9ccb1775ea5c6782e3aa1a782 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Wed, 18 Oct 2023 19:49:58 +0800
Subject: [PATCH] Fix CVE-2023-5632

---
 backport-CVE-2023-5632.patch | 30 ++++++++++++++++++++++++++++++
 mosquitto.spec               |  6 +++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-5632.patch

diff --git a/backport-CVE-2023-5632.patch b/backport-CVE-2023-5632.patch
new file mode 100644
index 0000000..d607ca2
--- /dev/null
+++ b/backport-CVE-2023-5632.patch
@@ -0,0 +1,30 @@
+From 18bad1ff32435e523d7507e9b2ce0010124a8f2d Mon Sep 17 00:00:00 2001
+From: Przemek Zygmunt <p.zygmunt@acsoftware.pl>
+Date: Wed, 27 Jan 2021 18:29:50 +0100
+Subject: [PATCH] Unconditionally adding an event to the epoll causes 100% CPU
+ usage. This happens when the connection to the server is established and the
+ client has not sent any data yet.
+
+Signed-off-by: Przemek Zygmunt <p.zygmunt@acsoftware.pl>
+---
+ lib/packet_mosq.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/packet_mosq.c b/lib/packet_mosq.c
+index ad2a3aae..84f93cb8 100644
+--- a/lib/packet_mosq.c
++++ b/lib/packet_mosq.c
+@@ -216,7 +216,9 @@ int packet__write(struct mosquitto *mosq)
+ 	if(mosq->sock == INVALID_SOCKET) return MOSQ_ERR_NO_CONN;
+ 
+ #ifdef WITH_BROKER
+-	mux__add_out(mosq);
++	if (mosq->current_out_packet) {
++	   mux__add_out(mosq);
++	}
+ #endif
+ 
+ 	pthread_mutex_lock(&mosq->current_out_packet_mutex);
+-- 
+2.41.0.windows.3
+
diff --git a/mosquitto.spec b/mosquitto.spec
index d258d0c..0627c8d 100644
--- a/mosquitto.spec
+++ b/mosquitto.spec
@@ -1,6 +1,6 @@
 Name:                mosquitto
 Version:             1.6.15
-Release:             6
+Release:             7
 Summary:             Open Source MQTT v3.1/v3.1.1 Broker
 License:             BSD
 URL:                 http://mosquitto.org/
@@ -9,6 +9,7 @@ Patch0001:           add-usage-output.patch
 Patch0002:           fix-usage-exit-code.patch
 Patch0003:	     CVE-2021-41039.patch
 Patch0004:           CVE-2021-34432.patch
+Patch0005:           backport-CVE-2023-5632.patch
 BuildRequires:       c-ares-devel gcc-c++ libuuid-devel libwebsockets-devel openssl-devel
 BuildRequires:       systemd-devel
 BuildRequires:       make
@@ -92,6 +93,9 @@ exit 0
 %{_mandir}/man3/*.3.*
 
 %changelog
+* Wed Oct 18 2023 liningjie <liningjie@xfusion.com> - 1.6.15-7
+- Fix CVE-2023-5632
+
 * Thu Feb 24 2022 yaoxin <yaoxin30@huawei.com> - 1.6.15-6
 - Fix CVE-2021-34432 and modify the CVE-2021-41039.patch.
 
-- 
Gitee