Update CVE details and bump version number.
This commit is contained in:
parent
05458eb35d
commit
1b5c900e77
@ -11,7 +11,7 @@ project(mosquitto)
|
||||
cmake_minimum_required(VERSION 2.8)
|
||||
# Only for version 3 and up. cmake_policy(SET CMP0042 NEW)
|
||||
|
||||
set (VERSION 1.5.5)
|
||||
set (VERSION 1.5.6)
|
||||
|
||||
add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
1.5.6 - 201901xx
|
||||
1.5.6 - 20190206
|
||||
================
|
||||
|
||||
Security:
|
||||
- CVE-2018-xxxxx: If Mosquitto is configured to use a password file for
|
||||
- CVE-2018-12551: If Mosquitto is configured to use a password file for
|
||||
authentication, any malformed data in the password file will be treated as
|
||||
valid. This typically means that the malformed data becomes a username and no
|
||||
password. If this occurs, clients can circumvent authentication and get access
|
||||
@ -11,13 +11,13 @@ Security:
|
||||
unaffected. Users who have only used the mosquitto_passwd utility to create
|
||||
and modify their password files are unaffected by this vulnerability.
|
||||
Affects version 1.0 to 1.5.5 inclusive.
|
||||
- CVE-2018-xxxxx: If an ACL file is empty, or has only blank lines or
|
||||
- CVE-2018-12550: If an ACL file is empty, or has only blank lines or
|
||||
comments, then mosquitto treats the ACL file as not being defined, which
|
||||
means that no topic access is denied. Although denying access to all topics
|
||||
is not a useful configuration, this behaviour is unexpected and could lead
|
||||
to access being incorrectly granted in some circumstances. This is now
|
||||
fixed. Affects versions 1.0 to 1.5.5 inclusive.
|
||||
- Fix CVE-2018-12546. If a client publishes a retained message to a topic that
|
||||
- CVE-2018-12546. If a client publishes a retained message to a topic that
|
||||
they have access to, and then their access to that topic is revoked, the
|
||||
retained message will still be delivered to future subscribers. This
|
||||
behaviour may be undesirable in some applications, so a configuration option
|
||||
|
@ -105,7 +105,7 @@ WITH_BUNDLED_DEPS:=yes
|
||||
|
||||
# Also bump lib/mosquitto.h, CMakeLists.txt,
|
||||
# installer/mosquitto.nsi, installer/mosquitto64.nsi
|
||||
VERSION=1.5.5
|
||||
VERSION=1.5.6
|
||||
|
||||
# Client library SO version. Bump if incompatible API/ABI changes are made.
|
||||
SOVERSION=1
|
||||
|
@ -9,7 +9,7 @@
|
||||
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
|
||||
|
||||
Name "Eclipse Mosquitto"
|
||||
!define VERSION 1.5.5
|
||||
!define VERSION 1.5.6
|
||||
OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
|
||||
|
||||
InstallDir "$PROGRAMFILES\mosquitto"
|
||||
|
@ -9,7 +9,7 @@
|
||||
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
|
||||
|
||||
Name "Eclipse Mosquitto"
|
||||
!define VERSION 1.5.5
|
||||
!define VERSION 1.5.6
|
||||
OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
|
||||
|
||||
!include "x64.nsh"
|
||||
|
@ -47,7 +47,7 @@ extern "C" {
|
||||
|
||||
#define LIBMOSQUITTO_MAJOR 1
|
||||
#define LIBMOSQUITTO_MINOR 5
|
||||
#define LIBMOSQUITTO_REVISION 5
|
||||
#define LIBMOSQUITTO_REVISION 6
|
||||
/* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
|
||||
#define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
MAJOR=1
|
||||
MINOR=5
|
||||
REVISION=5
|
||||
REVISION=6
|
||||
|
||||
sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
name: mosquitto
|
||||
version: 1.5.5
|
||||
version: 1.5.6
|
||||
summary: Eclipse Mosquitto MQTT broker
|
||||
description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
|
||||
protocol.
|
||||
|
Loading…
Reference in New Issue
Block a user