kumquat-buildroot/package/mosquitto/mosquitto.mk
Peter Korsgaard 9e9dee2534 mosquitto: security bump to version 1.4.12
Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set
their username/client id to ‘#’ or ‘+’.  This allows locally or remotely
connected clients to access MQTT topics that they do have the rights to.
The same issue may be present in third party authentication/access control
plugins for Mosquitto.

For more details, see:
https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/

Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now
upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-30 08:58:28 +02:00

106 lines
2.7 KiB
Makefile

################################################################################
#
# mosquitto
#
################################################################################
MOSQUITTO_VERSION = 1.4.12
MOSQUITTO_SITE = http://mosquitto.org/files/source
MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10
MOSQUITTO_INSTALL_STAGING = YES
MOSQUITTO_MAKE_OPTS = \
UNAME=Linux \
STRIP=true \
prefix=/usr \
WITH_WRAP=no \
WITH_DOCS=no
# adns uses getaddrinfo_a
ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
MOSQUITTO_MAKE_OPTS += WITH_ADNS=yes
else
MOSQUITTO_MAKE_OPTS += WITH_ADNS=no
endif
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
MOSQUITTO_MAKE_OPTS += WITH_THREADING=yes
else
MOSQUITTO_MAKE_OPTS += WITH_THREADING=no
endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
MOSQUITTO_DEPENDENCIES += openssl
MOSQUITTO_MAKE_OPTS += WITH_TLS=yes
else
MOSQUITTO_MAKE_OPTS += WITH_TLS=no
endif
ifeq ($(BR2_PACKAGE_C_ARES),y)
MOSQUITTO_DEPENDENCIES += c-ares
MOSQUITTO_MAKE_OPTS += WITH_SRV=yes
else
MOSQUITTO_MAKE_OPTS += WITH_SRV=no
endif
ifeq ($(BR2_PACKAGE_UTIL_LINUX_LIBUUID),y)
MOSQUITTO_DEPENDENCIES += util-linux
MOSQUITTO_MAKE_OPTS += WITH_UUID=yes
else
MOSQUITTO_MAKE_OPTS += WITH_UUID=no
endif
ifeq ($(BR2_PACKAGE_LIBWEBSOCKETS),y)
MOSQUITTO_DEPENDENCIES += libwebsockets
MOSQUITTO_MAKE_OPTS += WITH_WEBSOCKETS=yes
else
MOSQUITTO_MAKE_OPTS += WITH_WEBSOCKETS=no
endif
# C++ support is only used to create a wrapper library
ifneq ($(BR2_INSTALL_LIBSTDCPP),y)
define MOSQUITTO_DISABLE_CPP
$(SED) '/-C cpp/d' $(@D)/lib/Makefile
endef
MOSQUITTO_POST_PATCH_HOOKS += MOSQUITTO_DISABLE_CPP
endif
define MOSQUITTO_BUILD_CMDS
$(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS) \
$(MOSQUITTO_MAKE_OPTS)
endef
define MOSQUITTO_INSTALL_STAGING_CMDS
$(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS) \
$(MOSQUITTO_MAKE_OPTS) DESTDIR=$(STAGING_DIR) install
endef
define MOSQUITTO_INSTALL_TARGET_CMDS
$(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS) \
$(MOSQUITTO_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install
rm -f $(TARGET_DIR)/etc/mosquitto/*.example
$(INSTALL) -D -m 0644 $(@D)/mosquitto.conf \
$(TARGET_DIR)/etc/mosquitto/mosquitto.conf
endef
define MOSQUITTO_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/mosquitto/S50mosquitto \
$(TARGET_DIR)/etc/init.d/S50mosquitto
endef
define MOSQUITTO_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 package/mosquitto/mosquitto.service \
$(TARGET_DIR)/usr/lib/systemd/system/mosquitto.service
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
ln -fs ../../../../usr/lib/systemd/system/mosquitto.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/mosquitto.service
endef
define MOSQUITTO_USERS
mosquitto -1 nogroup -1 * - - - Mosquitto user
endef
$(eval $(generic-package))