aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCraig Leres <leres@FreeBSD.org>2021-07-24 21:14:01 +0000
committerCraig Leres <leres@FreeBSD.org>2021-07-24 21:14:01 +0000
commite220d6ed93a7e736c1972c8a864737641d818067 (patch)
treed3d3fbb8bb90ec61ac9789311a24a3efeb54172d
parentf13b5d22b29ca4f4ff832968e97cdbf617263f96 (diff)
downloadports-e220d6ed93a7e736c1972c8a864737641d818067.tar.gz
ports-e220d6ed93a7e736c1972c8a864737641d818067.zip
net/mosquitto: Update to 2.0.10 and solve NULL pointer dereference
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt This release fixes a DoS vulnerability: - If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault. Other changes since 2.0.8: - Set `receive-maximum` to not exceed the `-C` message count in mosquitto_sub and mosquitto_rr, to avoid potentially lost messages. - Fix TLS-PSK mode not working with port 8883. - Fix possible socket leak. This would occur if a client was using `mosquitto_loop_start()`, then if the connection failed due to the remote server being inaccessible they called `mosquitto_loop_stop(, true)` and recreated the mosquitto object. - If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. - If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. - Fix encrypted bridge connections incorrectly connecting when `bridge_cafile` is empty or invalid. - Fix `tls_version` behaviour not matching documentation. - Fix messages to `$` prefixed topics being rejected. - Fix QoS 0 messages not being delivered when max_queued_bytes was configured. - Fix bridge increasing backoff calculation. - Improve handling of invalid combinations of listener address and bind interface configurations. - Fix `max_keepalive` option not applying to clients connecting with keepalive - Fix encrypted connections incorrectly connecting when the CA file passed to `mosquitto_tls_set()` is empty or invalid. set to 0. PR: 255229 Reported by: Daniel Engberg Approved by: joe@thrallingpenguin.com (maintainer) MFH: 2021Q3 Security: cc553d79-e1f0-4b94-89f2-bacad42ee826
-rw-r--r--net/mosquitto/Makefile4
-rw-r--r--net/mosquitto/distinfo6
2 files changed, 5 insertions, 5 deletions
diff --git a/net/mosquitto/Makefile b/net/mosquitto/Makefile
index 3aeb8c355b46..740405a39144 100644
--- a/net/mosquitto/Makefile
+++ b/net/mosquitto/Makefile
@@ -1,9 +1,9 @@
# Created by: Joseph Benden <joe@thrallingpenguin.com>
PORTNAME= mosquitto
-PORTVERSION= 2.0.8
+PORTVERSION= 2.0.10
CATEGORIES= net
-MASTER_SITES= http://mosquitto.org/files/source/
+MASTER_SITES= https://mosquitto.org/files/source/
MAINTAINER= joe@thrallingpenguin.com
COMMENT= Open source MQTT broker
diff --git a/net/mosquitto/distinfo b/net/mosquitto/distinfo
index 3a80f21e8a5f..fec3d35813f8 100644
--- a/net/mosquitto/distinfo
+++ b/net/mosquitto/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1615114358
-SHA256 (mosquitto-2.0.8.tar.gz) = b15da8fc4edcb91d554e1259e220ea0173ef639ceaa4b465e06feb7e125b84bf
-SIZE (mosquitto-2.0.8.tar.gz) = 756636
+TIMESTAMP = 1627146562
+SHA256 (mosquitto-2.0.10.tar.gz) = 0188f7b21b91d6d80e992b8d6116ba851468b3bd154030e8a003ed28fb6f4a44
+SIZE (mosquitto-2.0.10.tar.gz) = 759106