From patchwork Tue Apr  6 11:16:13 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Titouan Christophe <titouanchristophe@gmail.com>
X-Patchwork-Id: 1462745
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=htDHE2CD;
	dkim-atps=neutral
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4FF4jN6clwz9sRK
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Tue,  6 Apr 2021 21:16:40 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id 836B78497E;
	Tue,  6 Apr 2021 11:16:38 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
	by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id BdxLPWMLooDR; Tue,  6 Apr 2021 11:16:37 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by smtp1.osuosl.org (Postfix) with ESMTP id C964F848BC;
	Tue,  6 Apr 2021 11:16:36 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by ash.osuosl.org (Postfix) with ESMTP id BF1731BF3A8
 for <buildroot@lists.busybox.net>; Tue,  6 Apr 2021 11:16:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id AD17E40F1D
 for <buildroot@lists.busybox.net>; Tue,  6 Apr 2021 11:16:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp4.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id EDzIr_f94bd5 for <buildroot@lists.busybox.net>;
 Tue,  6 Apr 2021 11:16:34 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com
 [IPv6:2a00:1450:4864:20::52e])
 by smtp4.osuosl.org (Postfix) with ESMTPS id 3402540F19
 for <buildroot@buildroot.org>; Tue,  6 Apr 2021 11:16:34 +0000 (UTC)
Received: by mail-ed1-x52e.google.com with SMTP id k8so8653838edn.6
 for <buildroot@buildroot.org>; Tue, 06 Apr 2021 04:16:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=p0bXekRdzS2mle/uTF3Bfel7Tusn+j/tpSLYW6FhmsQ=;
 b=htDHE2CDSIZqLmWg3i8mtuUrEWyg0lSwOp6XmcYgQQgObHyMBYymIr44gQ+7qpIyAM
 gjLMfnwR4Fy9RB8f7+qumEJUnU5O15OvY/CnEVi78cxhPUgXjltJwDksfXZanvxIH+n1
 oxLAweNASfCYrijzPELZgpSKMy/QfI38H2TtQBBX/lrrCB6NOW1fBDw1vdtYZNBgxs1a
 7ZF052MfGbZI729/nm0x8ff9UEZA19tvrFJA77Q2Xuj4wRymPmwZcwRBkBS4FbjtwUaO
 C2aiVeirmackDMH2FkSiX40iYJQ3RYvupH00NlSpGmhsbFTiCj8HCtO+HB/T2MD+xlwd
 0A/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=p0bXekRdzS2mle/uTF3Bfel7Tusn+j/tpSLYW6FhmsQ=;
 b=ZO2AoOQ2JPHSk54i1eWXMLC8D3IWUJ0c8SZU5yib83/a+GScd7KStZtglveBYvUINj
 Df9WaqiSMKf67dUrB9SJfMdLiIxPthhRiLEkAYvoJlhcCVxMmOWTlvMnh5bS/+VFh80p
 AhnZLu+tQEZcLPywKz9Q4pB5W/lyHL9WuxdR4anwhR3Zz0Q/gQbNVQRT9v4SMpy63mzq
 H4OhGUMjLumbHIuvq9FHSNIkB6WTf6lBVx3c/7Bt0fRuvoHCht9IW3ClaM9qWZCxZYM0
 LPazRbfgT+AKzL5Nzhx93WoDDsqjhxQzuqkb/vMWnHyhwbJHIgRODZai6v/AndvkbAhv
 8d9g==
X-Gm-Message-State: AOAM531sHdYgRupDj0GjP0NcvCTNzYS0DHleA7XZkOQrGL2iLYdzIWak
 9PnllUsDEYMPDs8EDiVUIN9v3Q90oFc=
X-Google-Smtp-Source: 
 ABdhPJzS4oV9czhSfMxgUXT9U1jzZSs5zggSTt8d1GZrDxp1vB2i/HbyizXbNs/kxNjzIfi3kZVpig==
X-Received: by 2002:a05:6402:354b:: with SMTP id
 f11mr36892949edd.361.1617707792538;
 Tue, 06 Apr 2021 04:16:32 -0700 (PDT)
Received: from localhost.localdomain
 ([2a02:a03f:63d3:7700:5fb9:2a66:a7a8:378f])
 by smtp.gmail.com with ESMTPSA id ka11sm2709432ejb.43.2021.04.06.04.16.31
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 06 Apr 2021 04:16:32 -0700 (PDT)
From: Titouan Christophe <titouanchristophe@gmail.com>
To: buildroot@buildroot.org
Date: Tue,  6 Apr 2021 13:16:13 +0200
Message-Id: <20210406111613.253507-1-titouanchristophe@gmail.com>
X-Mailer: git-send-email 2.25.3
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/mosquitto: security bump to v2.0.10
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Titouan Christophe <titouanchristophe@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix release.

CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred, most likely
resulting in a segfault. This will be updated with the CVE number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.

See the announcement: https://mosquitto.org/blog/2021/04/version-2-0-10-released/

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
 package/mosquitto/mosquitto.hash | 4 ++--
 package/mosquitto/mosquitto.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/mosquitto/mosquitto.hash b/package/mosquitto/mosquitto.hash
index e2c5181223..aa052979ff 100644
--- a/package/mosquitto/mosquitto.hash
+++ b/package/mosquitto/mosquitto.hash
@@ -1,6 +1,6 @@
 # Locally calculated after checking gpg signature
-# from https://mosquitto.org/files/source/mosquitto-2.0.9.tar.gz.asc
-sha256  1b8553ef64a1cf5e4f4cfbe098330ae612adccd3d37f35b2db6f6fab501b01d4  mosquitto-2.0.9.tar.gz
+# from https://mosquitto.org/files/source/mosquitto-2.0.10.tar.gz.asc
+sha256  0188f7b21b91d6d80e992b8d6116ba851468b3bd154030e8a003ed28fb6f4a44  mosquitto-2.0.10.tar.gz
 
 # License files
 sha256  d3c4ccace4e5d3cc89d34cf2a0bc85b8596bfc0a32b815d0d77f9b7c41b5350c  LICENSE.txt
diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk
index d1699ab860..7820e8fea5 100644
--- a/package/mosquitto/mosquitto.mk
+++ b/package/mosquitto/mosquitto.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MOSQUITTO_VERSION = 2.0.9
+MOSQUITTO_VERSION = 2.0.10
 MOSQUITTO_SITE = https://mosquitto.org/files/source
 MOSQUITTO_LICENSE = EPL-2.0 or EDLv1.0
 MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v20 edl-v10