From 60cc1edc75a0806bf547ca8d956865d81b833756 Mon Sep 17 00:00:00 2001 From: Karl Palsson Date: Thu, 1 Mar 2018 11:05:03 +0000 Subject: [PATCH] mosquitto: bump to 1.4.15 for CVE fixes See https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ for full details. patch for reproducible builds had to be rebuilt based on upstream change. Signed-off-by: Karl Palsson --- net/mosquitto/Makefile | 4 +- .../patches/100-remove-build-timestamps.patch | 46 +++++++++++-------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/net/mosquitto/Makefile b/net/mosquitto/Makefile index 6670570144..2713f5dd12 100644 --- a/net/mosquitto/Makefile +++ b/net/mosquitto/Makefile @@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mosquitto -PKG_VERSION:=1.4.14 +PKG_VERSION:=1.4.15 PKG_RELEASE:=3 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.txt PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://mosquitto.org/files/source/ -PKG_HASH:=156b1fa731d12baad4b8b22f7b6a8af50ba881fc711b81e9919ec103cf2942d1 +PKG_HASH:=7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk diff --git a/net/mosquitto/patches/100-remove-build-timestamps.patch b/net/mosquitto/patches/100-remove-build-timestamps.patch index c5a923f454..7dadcf7387 100644 --- a/net/mosquitto/patches/100-remove-build-timestamps.patch +++ b/net/mosquitto/patches/100-remove-build-timestamps.patch @@ -1,23 +1,29 @@ -From ebfccff8735ca0f8b6c9e8d06f2d3efe916affaf Mon Sep 17 00:00:00 2001 -From: Alexander Couzens -Date: Sun, 10 Dec 2017 01:23:29 +0100 -Subject: [PATCH] fix reproducible builds by removing build timestamp - -Build timestamps prevents reproducible builds. [0] - -[0] https://reproducible-builds.org/docs/timestamps/ - -Signed-off-by: Alexander Couzens ---- - src/conf.c | 2 +- - src/mosquitto.c | 4 +--- - 2 files changed, 2 insertions(+), 4 deletions(-) - +diff --git a/config.mk b/config.mk +index bfaa208..2a3e2bf 100644 +--- a/config.mk ++++ b/config.mk +@@ -87,7 +87,6 @@ WITH_SOCKS:=yes + # Also bump lib/mosquitto.h, CMakeLists.txt, + # installer/mosquitto.nsi, installer/mosquitto-cygwin.nsi + VERSION=1.4.15 +-TIMESTAMP:=$(shell date "+%F %T%z") + + # Client library SO version. Bump if incompatible API/ABI changes are made. + SOVERSION=1 +@@ -115,7 +114,7 @@ LIB_CFLAGS:=${CFLAGS} ${CPPFLAGS} -I. -I.. -I../lib + LIB_CXXFLAGS:=$(LIB_CFLAGS) ${CPPFLAGS} + LIB_LDFLAGS:=${LDFLAGS} + +-BROKER_CFLAGS:=${LIB_CFLAGS} ${CPPFLAGS} -DVERSION="\"${VERSION}\"" -DTIMESTAMP="\"${TIMESTAMP}\"" -DWITH_BROKER ++BROKER_CFLAGS:=${LIB_CFLAGS} ${CPPFLAGS} -DVERSION="\"${VERSION}\"" -DWITH_BROKER + CLIENT_CFLAGS:=${CFLAGS} ${CPPFLAGS} -I../lib -DVERSION="\"${VERSION}\"" + + ifneq ($(or $(findstring $(UNAME),FreeBSD), $(findstring $(UNAME),OpenBSD)),) diff --git a/src/conf.c b/src/conf.c -index a3e233de..e8162031 100644 +index 25d80a6..9ab0599 100644 --- a/src/conf.c +++ b/src/conf.c -@@ -309,7 +309,7 @@ void mqtt3_config_cleanup(struct mqtt3_config *config) +@@ -338,7 +338,7 @@ void mqtt3_config_cleanup(struct mqtt3_config *config) static void print_usage(void) { @@ -27,7 +33,7 @@ index a3e233de..e8162031 100644 printf("Usage: mosquitto [-c config_file] [-d] [-h] [-p port]\n\n"); printf(" -c : specify the broker config file.\n"); diff --git a/src/mosquitto.c b/src/mosquitto.c -index b28150ce..dcf3a72a 100644 +index 22b6372..b581f45 100644 --- a/src/mosquitto.c +++ b/src/mosquitto.c @@ -291,7 +291,7 @@ int main(int argc, char *argv[]) @@ -36,8 +42,8 @@ index b28150ce..dcf3a72a 100644 } - _mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "mosquitto version %s (build date %s) starting", VERSION, TIMESTAMP); + _mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "mosquitto version %s starting", VERSION); - if(config.config_file){ - _mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "Config loaded from %s.", config.config_file); + if(int_db.config_file){ + _mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "Config loaded from %s.", int_db.config_file); }else{ @@ -308,8 +308,6 @@ int main(int argc, char *argv[]) /* Set static $SYS messages */ -- 2.30.2