Drop CVE 2017-9868 patch as that is now upstream.
1.4.14 is a bugfix release, fixing significant websocket performance /
correctness issues.
Use HTTPS for the download as the server uses HSTS, thus saving a redirect.
While we're at it, add hashes for the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e51d69a3b (mosquitto: specify that hash is taken from upstream)
changed the .hash description header, but the upstream hash only applies
to the tarball, not the patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-9868: In Mosquitto through 1.4.12, mosquitto.db (aka the
persistence file) is world readable, which allows local users to obtain
sensitive MQTT topic information.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set
their username/client id to ‘#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT topics that they do have the rights to.
The same issue may be present in third party authentication/access control
plugins for Mosquitto.
For more details, see:
https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now
upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
WITH_ADNS option has been added in version 1.4.11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- This version requires a patch (sent upstream) to remove -lanl from
all Linux builds as this library is only needed for adns support
- sha512 must be computed locally as eclipse.org does not give it for
this version
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The _gp link issue has been fixed in CS nios2 2015.11.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This includes a fix for a security related bug related to the listener
mount_point feature. The bug allows a client that is restricted to a
mount_point to publish messages outside this hierarchy using the last will
and testament feature.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See the conclusion about external toolchains during the Buildroot
meeting [1]:
"In the future, we stick to a single external toolchain version. The
Kconfig symbol should not encode the version (avoid legacy handling)"
[1] http://elinux.org/index.php?title=Buildroot:DeveloperDaysELCE2015#Report
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mosquitto triggers the infamous _gp issue with the NIOS 2 toolchains,
so let's not allow mosquitto in such situations.
Fixes:
http://autobuild.buildroot.net/results/b853369452115b0c6f32c6c960af2dbdf71a74af/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package was added after the last iteration of the non-ipv6
toolchain removal, so adjust it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
