mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-30 10:38:37 +00:00
Code Issues Releases Activity

net/mosquitto: Update to 2.0.10 and solve NULL pointer dereference

Browse Source 
d5ecd9f5aa/ChangeLog.txt

This release fixes a DoS vulnerability:

 - If an authenticated client connected with MQTT v5 sent a malformed
   CONNACK message to the broker a NULL pointer dereference occurred,
   most likely resulting in a segfault.

Other changes since 2.0.8:

 - Set `receive-maximum` to not exceed the `-C` message count in
   mosquitto_sub and mosquitto_rr, to avoid potentially lost messages.

 - Fix TLS-PSK mode not working with port 8883.

 - Fix possible socket leak. This would occur if a client was using
   `mosquitto_loop_start()`, then if the connection failed due to
   the remote server being inaccessible they called `mosquitto_loop_stop(,
   true)` and recreated the mosquitto object.

 - If an empty or invalid CA file was provided to the client library
   for verifying the remote broker, then the initial connection
   would fail but subsequent connections would succeed without
   verifying the remote broker certificate.

 - If an empty or invalid CA file was provided to the broker for
   verifying the remote broker for an outgoing bridge connection
   then the initial connection would fail but subsequent connections
   would succeed without verifying the remote broker certificate.

 - Fix encrypted bridge connections incorrectly connecting when
   `bridge_cafile` is empty or invalid.

 - Fix `tls_version` behaviour not matching documentation.

 - Fix messages to `$` prefixed topics being rejected.

 - Fix QoS 0 messages not being delivered when max_queued_bytes was
   configured.

 - Fix bridge increasing backoff calculation.

 - Improve handling of invalid combinations of listener address and
   bind interface configurations.

 - Fix `max_keepalive` option not applying to clients connecting
   with keepalive

 - Fix encrypted connections incorrectly connecting when the CA
   file passed to `mosquitto_tls_set()` is empty or invalid.  set
   to 0.

PR:		255229
Reported by:	Daniel Engberg
Approved by:	joe@thrallingpenguin.com (maintainer)
MFH:		2021Q3
Security:	cc553d79-e1f0-4b94-89f2-bacad42ee826
This commit is contained in:
Craig Leres 2021-07-24 14:14:01 -07:00
parent f13b5d22b2
commit e220d6ed93
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/mosquitto/Makefile
View File

@ -1,9 +1,9 @@
# Created by: Joseph Benden <joe@thrallingpenguin.com>
PORTNAME= mosquitto
PORTVERSION= 2.0.8
PORTVERSION= 2.0.10
CATEGORIES= net
MASTER_SITES= http://mosquitto.org/files/source/
MASTER_SITES= https://mosquitto.org/files/source/
MAINTAINER= joe@thrallingpenguin.com
COMMENT= Open source MQTT broker

6
net/mosquitto/distinfo
View File

@ -1,3 +1,3 @@
TIMESTAMP = 1615114358
SHA256 (mosquitto-2.0.8.tar.gz) = b15da8fc4edcb91d554e1259e220ea0173ef639ceaa4b465e06feb7e125b84bf
SIZE (mosquitto-2.0.8.tar.gz) = 756636
TIMESTAMP = 1627146562
SHA256 (mosquitto-2.0.10.tar.gz) = 0188f7b21b91d6d80e992b8d6116ba851468b3bd154030e8a003ed28fb6f4a44
SIZE (mosquitto-2.0.10.tar.gz) = 759106