From 08ab75d88b3e2f3a1038715695c334407bffb154 Mon Sep 17 00:00:00 2001 From: Karl Palsson Date: Tue, 18 Jun 2019 16:05:27 +0000 Subject: [PATCH] mosquitto: update to 1.6.3 Fixes multiple issues, primarily of interest to OpenWrt: * getrandom issues with and without TLS and glibc See https://github.com/openwrt/packages/issues/9005 and https://github.com/openwrt/packages/pull/9243 Many many many other fixes related to mqttv5/v3.1.1 interactions and mqtt5 support options. Full changelog at: https://mosquitto.org/blog/2019/06/version-1-6-3-released/ Signed-off-by: Karl Palsson --- net/mosquitto/Makefile | 4 +- .../patches/901-fix-openssl-ui.patch | 12 - .../patches/902-fix-engine-guards.patch | 215 ------------------ 3 files changed, 2 insertions(+), 229 deletions(-) delete mode 100644 net/mosquitto/patches/901-fix-openssl-ui.patch delete mode 100644 net/mosquitto/patches/902-fix-engine-guards.patch diff --git a/net/mosquitto/Makefile b/net/mosquitto/Makefile index 1cd2e92e4..37ee7198e 100644 --- a/net/mosquitto/Makefile +++ b/net/mosquitto/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mosquitto -PKG_VERSION:=1.6.2 +PKG_VERSION:=1.6.3 PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.txt @@ -17,7 +17,7 @@ PKG_CPE_ID:=cpe:/a:eclipse:mosquitto PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://mosquitto.org/files/source/ -PKG_HASH:=33499e78dfa0ca1cb488fd196fde940a66305bdfd44ba763ce2001db2569a08b +PKG_HASH:=9ef5cc75f4fe31d7bf50654ddf4728ad9e1ae2e5609a4b42ecbbcb4a209ed17e PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk diff --git a/net/mosquitto/patches/901-fix-openssl-ui.patch b/net/mosquitto/patches/901-fix-openssl-ui.patch deleted file mode 100644 index cfef42d4c..000000000 --- a/net/mosquitto/patches/901-fix-openssl-ui.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/lib/net_mosq.c b/lib/net_mosq.c -index 745b170..bdcaa19 100644 ---- a/lib/net_mosq.c -+++ b/lib/net_mosq.c -@@ -50,6 +50,7 @@ Contributors: - #include - #include - #include -+#include - #include - #endif - diff --git a/net/mosquitto/patches/902-fix-engine-guards.patch b/net/mosquitto/patches/902-fix-engine-guards.patch deleted file mode 100644 index 48b3c4279..000000000 --- a/net/mosquitto/patches/902-fix-engine-guards.patch +++ /dev/null @@ -1,215 +0,0 @@ -diff --git a/lib/net_mosq.c b/lib/net_mosq.c -index bdcaa19..f207e32 100644 ---- a/lib/net_mosq.c -+++ b/lib/net_mosq.c -@@ -141,7 +141,9 @@ int net__init(void) - | OPENSSL_INIT_ADD_ALL_DIGESTS \ - | OPENSSL_INIT_LOAD_CONFIG, NULL); - # endif -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_load_builtin_engines(); -+#endif - setup_ui_method(); - if(tls_ex_index_mosq == -1){ - tls_ex_index_mosq = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL); -@@ -599,6 +601,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS); - #endif - -+#if !defined(OPENSSL_NO_ENGINE) - if(mosq->tls_engine){ - engine = ENGINE_by_id(mosq->tls_engine); - if(!engine){ -@@ -615,12 +618,15 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - ENGINE_set_default(engine, ENGINE_METHOD_ALL); - ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */ - } -+#endif - - if(mosq->tls_ciphers){ - ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers); - if(ret == 0){ - log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - COMPAT_CLOSE(mosq->sock); - mosq->sock = INVALID_SOCKET; - net__print_ssl_error(mosq); -@@ -647,7 +653,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check capath \"%s\".", mosq->tls_capath); - } - #endif -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - COMPAT_CLOSE(mosq->sock); - mosq->sock = INVALID_SOCKET; - net__print_ssl_error(mosq); -@@ -672,7 +680,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - #else - log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile); - #endif -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - COMPAT_CLOSE(mosq->sock); - mosq->sock = INVALID_SOCKET; - net__print_ssl_error(mosq); -@@ -681,6 +691,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - } - if(mosq->tls_keyfile){ - if(mosq->tls_keyform == mosq_k_engine){ -+#if !defined(OPENSSL_NO_ENGINE) - UI_METHOD *ui_method = net__get_ui_method(); - if(mosq->tls_engine_kpass_sha1){ - if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){ -@@ -714,6 +725,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - net__print_ssl_error(mosq); - return MOSQ_ERR_TLS; - } -+#endif - }else{ - ret = SSL_CTX_use_PrivateKey_file(mosq->ssl_ctx, mosq->tls_keyfile, SSL_FILETYPE_PEM); - if(ret != 1){ -@@ -722,7 +734,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - #else - log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile); - #endif -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - COMPAT_CLOSE(mosq->sock); - mosq->sock = INVALID_SOCKET; - net__print_ssl_error(mosq); -@@ -732,7 +746,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) - ret = SSL_CTX_check_private_key(mosq->ssl_ctx); - if(ret != 1){ - log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent."); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - COMPAT_CLOSE(mosq->sock); - mosq->sock = INVALID_SOCKET; - net__print_ssl_error(mosq); -diff --git a/lib/options.c b/lib/options.c -index 005b781..6dc4262 100644 ---- a/lib/options.c -+++ b/lib/options.c -@@ -255,6 +255,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons - switch(option){ - case MOSQ_OPT_TLS_ENGINE: - #ifdef WITH_TLS -+# if !defined(OPENSSL_NO_ENGINE) - eng = ENGINE_by_id(value); - if(!eng){ - return MOSQ_ERR_INVAL; -@@ -265,6 +266,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons - return MOSQ_ERR_NOMEM; - } - return MOSQ_ERR_SUCCESS; -+#endif - #else - return MOSQ_ERR_NOT_SUPPORTED; - #endif -diff --git a/src/net.c b/src/net.c -index 74b4ee8..495f8b2 100644 ---- a/src/net.c -+++ b/src/net.c -@@ -534,6 +534,7 @@ int net__socket_listen(struct mosquitto__listener *listener) - return 1; - } - if(listener->tls_engine){ -+#if !defined(OPENSSL_NO_ENGINE) - engine = ENGINE_by_id(listener->tls_engine); - if(!engine){ - log__printf(NULL, MOSQ_LOG_ERR, "Error loading %s engine\n", listener->tls_engine); -@@ -548,6 +549,7 @@ int net__socket_listen(struct mosquitto__listener *listener) - } - ENGINE_set_default(engine, ENGINE_METHOD_ALL); - ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */ -+#endif - } - /* FIXME user data? */ - if(listener->require_certificate){ -@@ -560,10 +562,13 @@ int net__socket_listen(struct mosquitto__listener *listener) - log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server certificate \"%s\". Check certfile.", listener->certfile); - net__print_error(MOSQ_LOG_ERR, "Error: %s"); - COMPAT_CLOSE(sock); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - return 1; - } - if(listener->tls_keyform == mosq_k_engine){ -+#if !defined(OPENSSL_NO_ENGINE) - UI_METHOD *ui_method = net__get_ui_method(); - if(listener->tls_engine_kpass_sha1){ - if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){ -@@ -593,13 +598,16 @@ int net__socket_listen(struct mosquitto__listener *listener) - ENGINE_FINISH(engine); - return 1; - } -+#endif - }else{ - rc = SSL_CTX_use_PrivateKey_file(listener->ssl_ctx, listener->keyfile, SSL_FILETYPE_PEM); - if(rc != 1){ - log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server key file \"%s\". Check keyfile.", listener->keyfile); - net__print_error(MOSQ_LOG_ERR, "Error: %s"); - COMPAT_CLOSE(sock); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - return 1; - } - } -@@ -608,7 +616,9 @@ int net__socket_listen(struct mosquitto__listener *listener) - log__printf(NULL, MOSQ_LOG_ERR, "Error: Server certificate/key are inconsistent."); - net__print_error(MOSQ_LOG_ERR, "Error: %s"); - COMPAT_CLOSE(sock); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - return 1; - } - /* Load CRLs if they exist. */ -@@ -618,7 +628,9 @@ int net__socket_listen(struct mosquitto__listener *listener) - log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to obtain TLS store."); - net__print_error(MOSQ_LOG_ERR, "Error: %s"); - COMPAT_CLOSE(sock); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - return 1; - } - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); -@@ -627,7 +639,9 @@ int net__socket_listen(struct mosquitto__listener *listener) - log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load certificate revocation file \"%s\". Check crlfile.", listener->crlfile); - net__print_error(MOSQ_LOG_ERR, "Error: %s"); - COMPAT_CLOSE(sock); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - return 1; - } - X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK); -@@ -644,7 +658,9 @@ int net__socket_listen(struct mosquitto__listener *listener) - - if(mosquitto__tls_server_ctx(listener)){ - COMPAT_CLOSE(sock); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - return 1; - } - SSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback); -@@ -654,7 +670,9 @@ int net__socket_listen(struct mosquitto__listener *listener) - log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to set TLS PSK hint."); - net__print_error(MOSQ_LOG_ERR, "Error: %s"); - COMPAT_CLOSE(sock); -+#if !defined(OPENSSL_NO_ENGINE) - ENGINE_FINISH(engine); -+#endif - return 1; - } - }