mosquitto: update to 1.6.3

Fixes multiple issues, primarily of interest to OpenWrt:
* getrandom issues with and without TLS and glibc
See https://github.com/openwrt/packages/issues/9005 and
https://github.com/openwrt/packages/pull/9243

Many many many other fixes related to mqttv5/v3.1.1 interactions and
mqtt5 support options.

Full changelog at: https://mosquitto.org/blog/2019/06/version-1-6-3-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>

diff --git a/net/mosquitto/Makefile b/net/mosquitto/Makefile
index 1cd2e92e4eea035d7c7c5c8c6e17271f212e46b5..37ee7198e4658c6f90f3499d346a40504d65cd12 100644 (file)
--- a/net/mosquitto/Makefile
+++ b/net/mosquitto/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mosquitto
-PKG_VERSION:=1.6.2
+PKG_VERSION:=1.6.3
 PKG_RELEASE:=1
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE.txt
@@ -17,7 +17,7 @@ PKG_CPE_ID:=cpe:/a:eclipse:mosquitto
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://mosquitto.org/files/source/
-PKG_HASH:=33499e78dfa0ca1cb488fd196fde940a66305bdfd44ba763ce2001db2569a08b
+PKG_HASH:=9ef5cc75f4fe31d7bf50654ddf4728ad9e1ae2e5609a4b42ecbbcb4a209ed17e
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 
 include $(INCLUDE_DIR)/package.mk

diff --git a/net/mosquitto/patches/901-fix-openssl-ui.patch b/net/mosquitto/patches/901-fix-openssl-ui.patch
deleted file mode 100644 (file)
index cfef42d..0000000
--- a/net/mosquitto/patches/901-fix-openssl-ui.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/lib/net_mosq.c b/lib/net_mosq.c
-index 745b170..bdcaa19 100644
---- a/lib/net_mosq.c
-+++ b/lib/net_mosq.c
-@@ -50,6 +50,7 @@ Contributors:
- #include <openssl/conf.h>
- #include <openssl/engine.h>
- #include <openssl/err.h>
-+#include <openssl/ui.h>
- #include <tls_mosq.h>
- #endif
- 

diff --git a/net/mosquitto/patches/902-fix-engine-guards.patch b/net/mosquitto/patches/902-fix-engine-guards.patch
deleted file mode 100644 (file)
index 48b3c42..0000000
--- a/net/mosquitto/patches/902-fix-engine-guards.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-diff --git a/lib/net_mosq.c b/lib/net_mosq.c
-index bdcaa19..f207e32 100644
---- a/lib/net_mosq.c
-+++ b/lib/net_mosq.c
-@@ -141,7 +141,9 @@ int net__init(void)
-                       | OPENSSL_INIT_ADD_ALL_DIGESTS \
-                       | OPENSSL_INIT_LOAD_CONFIG, NULL);
- #  endif
-+#if !defined(OPENSSL_NO_ENGINE)
-       ENGINE_load_builtin_engines();
-+#endif
-       setup_ui_method();
-       if(tls_ex_index_mosq == -1){
-               tls_ex_index_mosq = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
-@@ -599,6 +601,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
-                       SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
- #endif
- 
-+#if !defined(OPENSSL_NO_ENGINE)
-               if(mosq->tls_engine){
-                       engine = ENGINE_by_id(mosq->tls_engine);
-                       if(!engine){
-@@ -615,12 +618,15 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
-                       ENGINE_set_default(engine, ENGINE_METHOD_ALL);
-                       ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */
-               }
-+#endif
- 
-               if(mosq->tls_ciphers){
-                       ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers);
-                       if(ret == 0){
-                               log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers);
-+#if !defined(OPENSSL_NO_ENGINE)
-                               ENGINE_FINISH(engine);
-+#endif
-                               COMPAT_CLOSE(mosq->sock);
-                               mosq->sock = INVALID_SOCKET;
-                               net__print_ssl_error(mosq);
-@@ -647,7 +653,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
-                                       log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check capath \"%s\".", mosq->tls_capath);
-                               }
- #endif
-+#if !defined(OPENSSL_NO_ENGINE)
-                               ENGINE_FINISH(engine);
-+#endif
-                               COMPAT_CLOSE(mosq->sock);
-                               mosq->sock = INVALID_SOCKET;
-                               net__print_ssl_error(mosq);
-@@ -672,7 +680,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
- #else
-                                       log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile);
- #endif
-+#if !defined(OPENSSL_NO_ENGINE)
-                                       ENGINE_FINISH(engine);
-+#endif
-                                       COMPAT_CLOSE(mosq->sock);
-                                       mosq->sock = INVALID_SOCKET;
-                                       net__print_ssl_error(mosq);
-@@ -681,6 +691,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
-                       }
-                       if(mosq->tls_keyfile){
-                               if(mosq->tls_keyform == mosq_k_engine){
-+#if !defined(OPENSSL_NO_ENGINE)
-                                       UI_METHOD *ui_method = net__get_ui_method();
-                                       if(mosq->tls_engine_kpass_sha1){
-                                               if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
-@@ -714,6 +725,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
-                                               net__print_ssl_error(mosq);
-                                               return MOSQ_ERR_TLS;
-                                       }
-+#endif
-                               }else{
-                                       ret = SSL_CTX_use_PrivateKey_file(mosq->ssl_ctx, mosq->tls_keyfile, SSL_FILETYPE_PEM);
-                                       if(ret != 1){
-@@ -722,7 +734,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
- #else
-                                               log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile);
- #endif
-+#if !defined(OPENSSL_NO_ENGINE)
-                                               ENGINE_FINISH(engine);
-+#endif
-                                               COMPAT_CLOSE(mosq->sock);
-                                               mosq->sock = INVALID_SOCKET;
-                                               net__print_ssl_error(mosq);
-@@ -732,7 +746,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
-                               ret = SSL_CTX_check_private_key(mosq->ssl_ctx);
-                               if(ret != 1){
-                                       log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent.");
-+#if !defined(OPENSSL_NO_ENGINE)
-                                       ENGINE_FINISH(engine);
-+#endif
-                                       COMPAT_CLOSE(mosq->sock);
-                                       mosq->sock = INVALID_SOCKET;
-                                       net__print_ssl_error(mosq);
-diff --git a/lib/options.c b/lib/options.c
-index 005b781..6dc4262 100644
---- a/lib/options.c
-+++ b/lib/options.c
-@@ -255,6 +255,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons
-       switch(option){
-               case MOSQ_OPT_TLS_ENGINE:
- #ifdef WITH_TLS
-+#    if !defined(OPENSSL_NO_ENGINE)
-                       eng = ENGINE_by_id(value);
-                       if(!eng){
-                               return MOSQ_ERR_INVAL;
-@@ -265,6 +266,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons
-                               return MOSQ_ERR_NOMEM;
-                       }
-                       return MOSQ_ERR_SUCCESS;
-+#endif
- #else
-                       return MOSQ_ERR_NOT_SUPPORTED;
- #endif
-diff --git a/src/net.c b/src/net.c
-index 74b4ee8..495f8b2 100644
---- a/src/net.c
-+++ b/src/net.c
-@@ -534,6 +534,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                               return 1;
-                       }
-                       if(listener->tls_engine){
-+#if !defined(OPENSSL_NO_ENGINE)
-                               engine = ENGINE_by_id(listener->tls_engine);
-                               if(!engine){
-                                       log__printf(NULL, MOSQ_LOG_ERR, "Error loading %s engine\n", listener->tls_engine);
-@@ -548,6 +549,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                               }
-                               ENGINE_set_default(engine, ENGINE_METHOD_ALL);
-                               ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */
-+#endif
-                       }
-                       /* FIXME user data? */
-                       if(listener->require_certificate){
-@@ -560,10 +562,13 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                               log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server certificate \"%s\". Check certfile.", listener->certfile);
-                               net__print_error(MOSQ_LOG_ERR, "Error: %s");
-                               COMPAT_CLOSE(sock);
-+#if !defined(OPENSSL_NO_ENGINE)
-                               ENGINE_FINISH(engine);
-+#endif
-                               return 1;
-                       }
-                       if(listener->tls_keyform == mosq_k_engine){
-+#if !defined(OPENSSL_NO_ENGINE)
-                               UI_METHOD *ui_method = net__get_ui_method();
-                               if(listener->tls_engine_kpass_sha1){
-                                       if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
-@@ -593,13 +598,16 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                                       ENGINE_FINISH(engine);
-                                       return 1;
-                               }
-+#endif
-                       }else{
-                               rc = SSL_CTX_use_PrivateKey_file(listener->ssl_ctx, listener->keyfile, SSL_FILETYPE_PEM);
-                               if(rc != 1){
-                                       log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server key file \"%s\". Check keyfile.", listener->keyfile);
-                                       net__print_error(MOSQ_LOG_ERR, "Error: %s");
-                                       COMPAT_CLOSE(sock);
-+#if !defined(OPENSSL_NO_ENGINE)
-                                       ENGINE_FINISH(engine);
-+#endif
-                                       return 1;
-                               }
-                       }
-@@ -608,7 +616,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                               log__printf(NULL, MOSQ_LOG_ERR, "Error: Server certificate/key are inconsistent.");
-                               net__print_error(MOSQ_LOG_ERR, "Error: %s");
-                               COMPAT_CLOSE(sock);
-+#if !defined(OPENSSL_NO_ENGINE)
-                               ENGINE_FINISH(engine);
-+#endif
-                               return 1;
-                       }
-                       /* Load CRLs if they exist. */
-@@ -618,7 +628,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                                       log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to obtain TLS store.");
-                                       net__print_error(MOSQ_LOG_ERR, "Error: %s");
-                                       COMPAT_CLOSE(sock);
-+#if !defined(OPENSSL_NO_ENGINE)
-                                       ENGINE_FINISH(engine);
-+#endif
-                                       return 1;
-                               }
-                               lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
-@@ -627,7 +639,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                                       log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load certificate revocation file \"%s\". Check crlfile.", listener->crlfile);
-                                       net__print_error(MOSQ_LOG_ERR, "Error: %s");
-                                       COMPAT_CLOSE(sock);
-+#if !defined(OPENSSL_NO_ENGINE)
-                                       ENGINE_FINISH(engine);
-+#endif
-                                       return 1;
-                               }
-                               X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
-@@ -644,7 +658,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
- 
-                       if(mosquitto__tls_server_ctx(listener)){
-                               COMPAT_CLOSE(sock);
-+#if !defined(OPENSSL_NO_ENGINE)
-                               ENGINE_FINISH(engine);
-+#endif
-                               return 1;
-                       }
-                       SSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback);
-@@ -654,7 +670,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
-                                       log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to set TLS PSK hint.");
-                                       net__print_error(MOSQ_LOG_ERR, "Error: %s");
-                                       COMPAT_CLOSE(sock);
-+#if !defined(OPENSSL_NO_ENGINE)
-                                       ENGINE_FINISH(engine);
-+#endif
-                                       return 1;
-                               }
-                       }