!58 [sync] PR-56: move mosquitto_dynamic_security into main package

From: @openeuler-sync-bot 
Reviewed-by: @wk333 
Signed-off-by: @wk333

CVE-2021-34432.patch

@@ -1,62 +0,0 @@
-From 9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 Mon Sep 17 00:00:00 2001
-From: "Roger A. Light" <roger@atchoo.org>
-Date: Tue, 9 Feb 2021 14:09:53 +0000
-Subject: [PATCH] Fix mosquitto_{pub|sub}_topic_check() function returns.
-
-The would not return MOSQ_ERR_INVAL on topic == NULL.
----
- ChangeLog.txt    |  5 +++++
- lib/util_topic.c | 19 ++++++++++++++++---
- 2 files changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/lib/util_topic.c b/lib/util_topic.c
-index fc24f0d1c..62b531127 100644
---- a/lib/util_topic.c
-+++ b/lib/util_topic.c
-@@ -54,6 +54,11 @@ int mosquitto_pub_topic_check(const char *str)
- #ifdef WITH_BROKER
- 	int hier_count = 0;
- #endif
-+
-+	if(str == NULL){
-+		return MOSQ_ERR_INVAL;
-+	}
-+
- 	while(str && str[0]){
- 		if(str[0] == '+' || str[0] == '#'){
- 			return MOSQ_ERR_INVAL;
-@@ -81,7 +86,9 @@ int mosquitto_pub_topic_check2(const char *str, size_t len)
- 	int hier_count = 0;
- #endif
- 
--	if(len > 65535) return MOSQ_ERR_INVAL;
-+	if(str == NULL || len > 65535){
-+		return MOSQ_ERR_INVAL;
-+	}
- 
- 	for(i=0; i<len; i++){
- 		if(str[i] == '+' || str[i] == '#'){
-@@ -115,7 +122,11 @@ int mosquitto_sub_topic_check(const char *str)
- 	int hier_count = 0;
- #endif
- 
--	while(str && str[0]){
-+	if(str == NULL){
-+		return MOSQ_ERR_INVAL;
-+	}
-+
-+	while(str[0]){
- 		if(str[0] == '+'){
- 			if((c != '\0' && c != '/') || (str[1] != '\0' && str[1] != '/')){
- 				return MOSQ_ERR_INVAL;
-@@ -150,7 +161,9 @@ int mosquitto_sub_topic_check2(const char *str, size_t len)
- 	int hier_count = 0;
- #endif
- 
--	if(len > 65535) return MOSQ_ERR_INVAL;
-+	if(str == NULL || len > 65535){
-+		return MOSQ_ERR_INVAL;
-+	}
- 
- 	for(i=0; i<len; i++){
- 		if(str[i] == '+'){

CVE-2021-41039.patch

@@ -1,121 +0,0 @@
-From 1eb3d438f7cb658a1aa52ea5d7ff8b721fd4f0cc Mon Sep 17 00:00:00 2001
-From: "Roger A. Light" <roger@atchoo.org>
-Date: Tue, 10 Aug 2021 20:48:21 +0100
-Subject: [PATCH] Fix CONNECT performance with many user-properties.
-
----
- lib/property_mosq.c              | 14 ++++-----
- test/broker/01-connect-575314.py | 49 ++++++++++++++++++++++++++++++++
- test/broker/Makefile             |  1 +
- test/broker/test.py              |  1 +
- 4 files changed, 58 insertions(+), 7 deletions(-)
- create mode 100755 test/broker/01-connect-575314.py
-
-diff --git a/lib/property_mosq.c b/lib/property_mosq.c
-index 859e28b..6eccdbd 100644
---- a/lib/property_mosq.c
-+++ b/lib/property_mosq.c
-@@ -878,14 +878,14 @@ int mosquitto_property_check_all(int command, const mosquitto_property *properti
- 		if(rc) return rc;
- 
- 		/* Check for duplicates */
--		tail = p->next;
--		while(tail){
--			if(p->identifier == tail->identifier
--					&& p->identifier != MQTT_PROP_USER_PROPERTY){
--
--				return MOSQ_ERR_DUPLICATE_PROPERTY;
-+		if(p->identifier != MQTT_PROP_USER_PROPERTY){
-+			tail = p->next;
-+			while(tail){
-+				if(p->identifier == tail->identifier){
-+					return MOSQ_ERR_DUPLICATE_PROPERTY;
-+				}
-+				tail = tail->next;
- 			}
--			tail = tail->next;
- 		}
- 
- 		p = p->next;
-diff --git a/test/broker/01-connect-575314.py b/test/broker/01-connect-575314.py
-new file mode 100755
-index 0000000..4a8f314
---- /dev/null
-+++ b/test/broker/01-connect-575314.py
-@@ -0,0 +1,49 @@
-+#!/usr/bin/env python3
-+
-+# Check for performance of processing user-property on CONNECT
-+
-+from mosq_test_helper import *
-+
-+def do_test():
-+    rc = 1
-+    props = mqtt5_props.gen_string_pair_prop(mqtt5_props.PROP_USER_PROPERTY, "key", "value")
-+    for i in range(0, 20000):
-+        props += mqtt5_props.gen_string_pair_prop(mqtt5_props.PROP_USER_PROPERTY, "key", "value")
-+    connect_packet_slow = mosq_test.gen_connect("connect-user-property", proto_ver=5, properties=props)
-+    connect_packet_fast = mosq_test.gen_connect("a"*65000, proto_ver=5)
-+    connack_packet = mosq_test.gen_connack(rc=0, proto_ver=5)
-+
-+    port = mosq_test.get_port()
-+    broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port)
-+
-+    try:
-+        t_start = time.monotonic()
-+        sock = mosq_test.do_client_connect(connect_packet_slow, connack_packet, port=port)
-+        t_stop = time.monotonic()
-+        sock.close()
-+
-+        t_diff_slow = t_stop - t_start
-+
-+        t_start = time.monotonic()
-+        sock = mosq_test.do_client_connect(connect_packet_fast, connack_packet, port=port)
-+        t_stop = time.monotonic()
-+        sock.close()
-+
-+        t_diff_fast = t_stop - t_start
-+        # 20 is chosen as a factor that works in plain mode and running under
-+        # valgrind. The slow performance manifests as a factor of >100. Fast is <10.
-+        if t_diff_slow / t_diff_fast < 20:
-+            rc = 0
-+    except mosq_test.TestError:
-+        pass
-+    finally:
-+        broker.terminate()
-+        broker.wait()
-+        (stdo, stde) = broker.communicate()
-+        if rc:
-+            print(stde.decode('utf-8'))
-+            exit(rc)
-+
-+
-+do_test()
-+exit(0)
-diff --git a/test/broker/Makefile b/test/broker/Makefile
-index fa889ce..f560b6e 100644
---- a/test/broker/Makefile
-+++ b/test/broker/Makefile
-@@ -20,6 +20,7 @@ ptest : test-compile
- test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12
- 
- 01 :
-+	./01-connect-575314.py
- 	./01-connect-anon-denied.py
- 	./01-connect-bad-packet.py
- 	./01-connect-disconnect-v5.py
-diff --git a/test/broker/test.py b/test/broker/test.py
-index 9a22262..6703f4b 100755
---- a/test/broker/test.py
-+++ b/test/broker/test.py
-@@ -5,6 +5,7 @@ import ptest
- 
- tests = [
-     #(ports required, 'path'),
-+    (1, './01-connect-575314.py'),
-     (1, './01-connect-anon-denied.py'),
-     (1, './01-connect-bad-packet.py'),
-     (1, './01-connect-disconnect-v5.py'),
--- 
-2.30.0
-

add-usage-output.patch

@@ -11,7 +11,7 @@ diff --git a/src/conf.c b/src/conf.c
 index 9d31ad9..ed989d5 100644
 --- a/src/conf.c
 +++ b/src/conf.c
-@@ -358,12 +358,12 @@ static void print_usage(void)
+@@ -360,12 +360,12 @@ static void print_usage(void)
  	printf("mosquitto version %s\n\n", VERSION);
  	printf("mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker.\n\n");
  	printf("Usage: mosquitto [-c config_file] [-d] [-h] [-p port]\n\n");

fix-usage-exit-code.patch

@@ -1,6 +1,6 @@
-From 55ff763724f71e84ead9b0352506653dbb1c8d69 Mon Sep 17 00:00:00 2001
+From 97cef5c831be58770f4a298023d358bd225601d4 Mon Sep 17 00:00:00 2001
 From: lingsheng <lingsheng@huawei.com>
-Date: Thu, 30 Sep 2021 15:31:46 +0800
+Date: Wed, 10 May 2023 15:02:00 +0800
 Subject: [PATCH] fix usage exit code
 
 ---
@@ -10,10 +10,10 @@ Subject: [PATCH] fix usage exit code
  3 files changed, 11 insertions(+)
 
 diff --git a/client/pub_client.c b/client/pub_client.c
-index 59162a2..4ad2fb3 100644
+index 7822e27..7e2d910 100644
 --- a/client/pub_client.c
 +++ b/client/pub_client.c
-@@ -491,6 +491,10 @@ int main(int argc, char *argv[])
+@@ -526,6 +526,10 @@ int main(int argc, char *argv[])
  		if(rc == 2){
  			/* --help */
  			print_usage();
@@ -21,38 +21,38 @@ index 59162a2..4ad2fb3 100644
 +			client_config_cleanup(&cfg);
 +			pub_shared_cleanup();
 +			return 0;
+ 		}else if(rc == 3){
+ 			print_version();
  		}else{
- 			fprintf(stderr, "\nUse 'mosquitto_pub --help' to see usage.\n");
- 		}
 diff --git a/client/rr_client.c b/client/rr_client.c
-index dec9468..180d3b8 100644
+index e74536f..fc90803 100644
 --- a/client/rr_client.c
 +++ b/client/rr_client.c
-@@ -267,6 +267,9 @@ int main(int argc, char *argv[])
+@@ -316,6 +316,9 @@ int main(int argc, char *argv[])
  		if(rc == 2){
  			/* --help */
  			print_usage();
 +			mosquitto_lib_cleanup();
 +			client_config_cleanup(&cfg);
 +			return 0;
- 		}else{
- 			fprintf(stderr, "\nUse 'mosquitto_rr --help' to see usage.\n");
- 		}
+ 		}else if(rc == 3){
+ 			/* --version */
+ 			print_version();
 diff --git a/client/sub_client.c b/client/sub_client.c
-index fb26638..5f4ac5f 100644
+index 4ff3bf9..80f778f 100644
 --- a/client/sub_client.c
 +++ b/client/sub_client.c
-@@ -294,6 +294,10 @@ int main(int argc, char *argv[])
+@@ -331,6 +331,10 @@ int main(int argc, char *argv[])
  		if(rc == 2){
  			/* --help */
  			print_usage();
-+			mosquitto_destroy(mosq);
++			mosquitto_destroy(g_mosq);
 +			mosquitto_lib_cleanup();
 +			client_config_cleanup(&cfg);
 +			return 0;
- 		}else{
- 			fprintf(stderr, "\nUse 'mosquitto_sub --help' to see usage.\n");
- 		}
+ 		}else if(rc == 3){
+ 			/* --version */
+ 			print_version();
 -- 
-2.23.0
+2.33.0
 

mosquitto.spec

@@ -1,22 +1,19 @@
 Name:                mosquitto
-Version:             1.6.15
-Release:             6
+Version:             2.0.20
+Release:             2
 Summary:             Open Source MQTT v3.1/v3.1.1 Broker
-License:             BSD
-URL:                 http://mosquitto.org/
-Source0:             http://mosquitto.org/files/source/%{name}-%{version}.tar.gz
+License:             EPL-1.0
+URL:                 https://mosquitto.org/
+Source0:             https://mosquitto.org/files/source/%{name}-%{version}.tar.gz
 Patch0001:           add-usage-output.patch
 Patch0002:           fix-usage-exit-code.patch
-Patch0003:	     CVE-2021-41039.patch
-Patch0004:           CVE-2021-34432.patch
 BuildRequires:       c-ares-devel gcc-c++ libuuid-devel libwebsockets-devel openssl-devel
-BuildRequires:       systemd-devel
-BuildRequires:       make
+BuildRequires:       systemd-devel cjson-devel
+BuildRequires:       cmake libxslt
 Provides:            bundled(uthash)
 Requires(pre):       shadow-utils
-Requires(post):      systemd
-Requires(preun):     systemd
-Requires(postun):    systemd
+Conflicts:           mosquitto-devel < 2.0.20-2
+%{?systemd_requires}
 %description
 Mosquitto is an open source message broker that implements the MQ Telemetry
 Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method
@@ -33,24 +30,23 @@ Development headers and libraries for %{name}
 
 %prep
 %autosetup -p1
-sed -i "s|prefix?=/usr/local|prefix?=/usr|" config.mk
 sed -i "s|(INSTALL) -s|(INSTALL)|g" lib/Makefile src/Makefile client/Makefile
+sed -i "s/websockets_shared/websockets/" src/CMakeLists.txt
 
 %build
-export CFLAGS="%{optflags}"
-export LDFLAGS="%{optflags} %{__global_ldflags} -Wl,--as-needed"
-make all %{?_smp_mflags} WITH_WEBSOCKETS=yes WITH_SYSTEMD=yes
+%cmake -B %{__cmake_builddir} \
+    -DCMAKE_INSTALL_LIBDIR=%{_libdir} \
+    -DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir} \
+    -DWITH_WEBSOCKETS=ON \
+    -DWITH_SYSTEMD=ON \
+    -DWITH_SRV=ON \
+    -DWITH_TLS=ON
+%__cmake --build "%{__cmake_builddir}"
 
 %install
-%if "%{_lib}" == "lib64"
-export LIB_SUFFIX=64
-%endif
-%make_install
+DESTDIR="%{buildroot}" %__cmake --install "%{__cmake_builddir}"
 mkdir -p %{buildroot}%{_unitdir}
 install -p -m 0644 service/systemd/%{name}.service.notify %{buildroot}%{_unitdir}/%{name}.service
-mv %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.example %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
-
-%check
 
 %pre
 getent group %{name} >/dev/null || groupadd -r %{name}
@@ -61,37 +57,63 @@ exit 0
 
 %post
 %systemd_post %{name}.service
-/sbin/ldconfig
 
 %preun
 %systemd_preun %{name}.service
 
 %postun
 %systemd_postun_with_restart %{name}.service
-/sbin/ldconfig
 
 %files
 %license LICENSE.txt
-%doc ChangeLog.txt CONTRIBUTING.md readme.md
+%doc ChangeLog.txt CONTRIBUTING.md README.md
 %{_bindir}/*
 %{_sbindir}/*
 %{_libdir}/*.so.*
+%{_libdir}/mosquitto_dynamic_security.so
 %dir %{_sysconfdir}/%{name}
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %config%{_sysconfdir}/%{name}/*.example
 %{_unitdir}/%{name}.service
-%{_mandir}/man1/*.1.*
-%{_mandir}/man5/*.5.*
-%{_mandir}/man7/*.7.*
-%{_mandir}/man8/*.8.*
+%{_mandir}/man*/%{name}*
+%{_mandir}/man7/mqtt.7.*
 
 %files devel
 %{_includedir}/*.h
-%{_libdir}/*.so
+%{_libdir}/libmosquitto*.so
 %{_libdir}/pkgconfig/*.pc
 %{_mandir}/man3/*.3.*
 
 %changelog
+* Tue Nov 12 2024 Funda Wang <fundawang@yeah.net> - 2.0.20-2
+- move mosquitto_dynamic_security into main package
+
+* Mon Nov 04 2024 yaoxin <yao_xin001@hoperun.com> - 2.0.20-1
+- Update to 2.0.20
+  * Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". Closes #3128.
+  * Open files with appropriate access on Windows. Closes #3119.
+  * Don't allow invalid response topic values.
+  * Fix some strict protocol compliance issues. Closes #3052.
+  * Fix cmake build on OS X. Closes #3125.
+  * Fix build on NetBSD
+  * Fix mismatched subscribe/unsubscribe with normal/shared topics.
+  * Fix crash on bridge using remapped topic being sent a crafted packet.
+  * Don't allow SUBACK with missing reason codes in client library.
+  * Fix crash on subscribe under certain unlikely conditions. Closes #2885. Closes #2881.
+  * Fix mosquitto_rr not honouring -R. Closes #2893.
+  * Fix max_queued_messages 0 stopping clients from receiving messages. Closes #2879.
+  * Fix max_inflight_messages not being set correctly. Closes #2876.
+  * Fix mosquitto_passwd -U backup file creation. Closes #2873.
+
+* Wed Sep 13 2023 yaoxin <yao_xin001@hoperun.com> - 2.0.16-1
+- Update to 2.0.16 for fix CVE-2021-34431,CVE-2023-28366 and CVE-2023-3592
+
+* Wed May 10 2023 Ge Wang <wang__ge@126.com> - 2.0.15-1
+- Update to version 2.0.15
+
+* Mon May 9 2022 caodongxia <caodongxia@h-partners.com> - 1.6.15-7
+- License compliance rectification
+
 * Thu Feb 24 2022 yaoxin <yaoxin30@huawei.com> - 1.6.15-6
 - Fix CVE-2021-34432 and modify the CVE-2021-41039.patch.
 
@@ -104,7 +126,7 @@ exit 0
 * Thu Sep 30 2021 lingsheng <lingsheng@huawei.com> - 1.6.15-3
 - add usage output
 
-* Tue Sep 24 2021 zhengyaohui <zhengyaohui1@huawei.com> - 1.6.15-2
+* Fri Sep 24 2021 zhengyaohui <zhengyaohui1@huawei.com> - 1.6.15-2
 - add buildrequires make
 
 * Tue Sep 7 2021 zhengyaohui <zhengyaohui1@huawei.com> - 1.6.15-1