mosquitto: bump to 1.4.15 for CVE fixes

See https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ for full details. patch for reproducible builds had to be rebuilt based on upstream change. Signed-off-by: Karl Palsson <karlp@etactica.com>
2018-03-01 11:05:03 +00:00 · 2018-03-01 11:05:03 +00:00 · 60cc1edc75
parent 8214106013
commit 60cc1edc75
2 changed files with 28 additions and 22 deletions
--- a/net/mosquitto/Makefile
+++ b/net/mosquitto/Makefile
@ -9,14 +9,14 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=mosquitto
-PKG_VERSION:=1.4.14
+PKG_VERSION:=1.4.15
 PKG_RELEASE:=3
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE.txt
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://mosquitto.org/files/source/
-PKG_HASH:=156b1fa731d12baad4b8b22f7b6a8af50ba881fc711b81e9919ec103cf2942d1
+PKG_HASH:=7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 include $(INCLUDE_DIR)/package.mk
--- a/net/mosquitto/patches/100-remove-build-timestamps.patch
+++ b/net/mosquitto/patches/100-remove-build-timestamps.patch
@ -1,23 +1,29 @@
-From ebfccff8735ca0f8b6c9e8d06f2d3efe916affaf Mon Sep 17 00:00:00 2001
+diff --git a/config.mk b/config.mk
-From: Alexander Couzens <lynxis@fe80.eu>
+index bfaa208..2a3e2bf 100644
-Date: Sun, 10 Dec 2017 01:23:29 +0100
+--- a/config.mk
-Subject: [PATCH] fix reproducible builds by removing build timestamp
+++ b/config.mk
-
+@@ -87,7 +87,6 @@ WITH_SOCKS:=yes
-Build timestamps prevents reproducible builds. [0]
+ # Also bump lib/mosquitto.h, CMakeLists.txt,
-
+ # installer/mosquitto.nsi, installer/mosquitto-cygwin.nsi
-[0] https://reproducible-builds.org/docs/timestamps/
+ VERSION=1.4.15
-
+-TIMESTAMP:=$(shell date "+%F %T%z")
-Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
+ 
---
+ # Client library SO version. Bump if incompatible API/ABI changes are made.
- src/conf.c      | 2 +-
+ SOVERSION=1
- src/mosquitto.c | 4 +---
+@@ -115,7 +114,7 @@ LIB_CFLAGS:=${CFLAGS} ${CPPFLAGS} -I. -I.. -I../lib
- 2 files changed, 2 insertions(+), 4 deletions(-)
+ LIB_CXXFLAGS:=$(LIB_CFLAGS) ${CPPFLAGS}
-
+ LIB_LDFLAGS:=${LDFLAGS}
 -BROKER_CFLAGS:=${LIB_CFLAGS} ${CPPFLAGS} -DVERSION="\"${VERSION}\"" -DTIMESTAMP="\"${TIMESTAMP}\"" -DWITH_BROKER
 +BROKER_CFLAGS:=${LIB_CFLAGS} ${CPPFLAGS} -DVERSION="\"${VERSION}\"" -DWITH_BROKER
 CLIENT_CFLAGS:=${CFLAGS} ${CPPFLAGS} -I../lib -DVERSION="\"${VERSION}\""
 ifneq ($(or $(findstring $(UNAME),FreeBSD), $(findstring $(UNAME),OpenBSD)),)
 diff --git a/src/conf.c b/src/conf.c
-index a3e233de..e8162031 100644
+index 25d80a6..9ab0599 100644
 --- a/src/conf.c
 +++ b/src/conf.c
-@@ -309,7 +309,7 @@ void mqtt3_config_cleanup(struct mqtt3_config *config)
+@@ -338,7 +338,7 @@ void mqtt3_config_cleanup(struct mqtt3_config *config)
 static void print_usage(void)
 {
@ -27,7 +33,7 @@ index a3e233de..e8162031 100644
 	printf("Usage: mosquitto [-c config_file] [-d] [-h] [-p port]\n\n");
 	printf(" -c : specify the broker config file.\n");
 diff --git a/src/mosquitto.c b/src/mosquitto.c
-index b28150ce..dcf3a72a 100644
+index 22b6372..b581f45 100644
 --- a/src/mosquitto.c
 +++ b/src/mosquitto.c
@@ -291,7 +291,7 @@ int main(int argc, char *argv[])
@ -36,8 +42,8 @@ index b28150ce..dcf3a72a 100644
 	}
 -	_mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "mosquitto version %s (build date %s) starting", VERSION, TIMESTAMP);
 +	_mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "mosquitto version %s starting", VERSION);
- 	if(config.config_file){
+ 	if(int_db.config_file){
- 		_mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "Config loaded from %s.", config.config_file);
+ 		_mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "Config loaded from %s.", int_db.config_file);
 	}else{
@@ -308,8 +308,6 @@ int main(int argc, char *argv[])
 		/* Set static $SYS messages */