mosquitto: add upstream security fix
Fixes CVE-2017-9868: In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
6da327adb2
commit
e51d69a3b1
@ -1,2 +1,3 @@
|
|||||||
# Locally computed:
|
# Locally computed:
|
||||||
sha512 75e6105498869ab13265df7a0bea6052c014d59d0c0efb61162d8257d34c0153fce32130e84c28e99fd494f374949aac5e01c19f7439c2eea575b52ef1179c3c mosquitto-1.4.12.tar.gz
|
sha512 75e6105498869ab13265df7a0bea6052c014d59d0c0efb61162d8257d34c0153fce32130e84c28e99fd494f374949aac5e01c19f7439c2eea575b52ef1179c3c mosquitto-1.4.12.tar.gz
|
||||||
|
sha256 06abd1206e548ac2378dd96f5434cb3e40ed77cecb6a9c37fbabab0b0f1360e5 mosquitto-1.4.x_cve-2017-9868.patch
|
||||||
|
@ -9,6 +9,8 @@ MOSQUITTO_SITE = http://mosquitto.org/files/source
|
|||||||
MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
|
MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
|
||||||
MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10
|
MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10
|
||||||
MOSQUITTO_INSTALL_STAGING = YES
|
MOSQUITTO_INSTALL_STAGING = YES
|
||||||
|
MOSQUITTO_PATCH = \
|
||||||
|
https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch
|
||||||
|
|
||||||
MOSQUITTO_MAKE_OPTS = \
|
MOSQUITTO_MAKE_OPTS = \
|
||||||
UNAME=Linux \
|
UNAME=Linux \
|
||||||
|
Loading…
Reference in New Issue
Block a user