From dfbf87aa17e387d4375a83bc74cde28e6a7b0ab9 Mon Sep 17 00:00:00 2001
From: Karl Palsson <karlp@tweak.au>
Date: Thu, 17 Aug 2023 21:59:08 +0000
Subject: [PATCH] net/mosquitto: bump to 2.0.17

This is a security and bug fix release.

Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
  messages with the same message ID, but then never respond to the PUBREC
  commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
  initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
  will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
  identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com

Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
  on start after restoring from persistence. Closes #2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
  problem of the client OS sleeping and the client hence not being able to
  calculate the actual time for keepalive purposes. Closes #2760.

Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)

Signed-off-by: Karl Palsson <karlp@tweak.au>
---
 net/mosquitto/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/mosquitto/Makefile b/net/mosquitto/Makefile
index 00ee21a8b0..56568f42bb 100644
--- a/net/mosquitto/Makefile
+++ b/net/mosquitto/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mosquitto
-PKG_VERSION:=2.0.15
+PKG_VERSION:=2.0.17
 PKG_RELEASE:=1
 PKG_LICENSE:=EPL-2.0
 PKG_LICENSE_FILES:=LICENSE.txt
@@ -17,7 +17,7 @@ PKG_CPE_ID:=cpe:/a:eclipse:mosquitto
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://mosquitto.org/files/source/
-PKG_HASH:=4735b1d32e3f91c7a8896741d88a3022e89730a1ee897946decfa0df27039ac6
+PKG_HASH:=3be7a911236567c1a9fbe25baf3e3167004ba4a0c151a448ef1f7fc077dba52f
 
 include $(INCLUDE_DIR)/package.mk
 
-- 
2.30.2