From 762778b36e4f4827162ff8b58992a794eb1404b7 Mon Sep 17 00:00:00 2001 From: Karl Palsson Date: Thu, 2 May 2019 12:27:09 +0000 Subject: [PATCH] mosquitto: major upgrade to 1.6.x Major new release of mosquitto. This release rolls up the initial 1.6.0 release, plus the subsequent build/bug fixes of 1.6.1 and 1.6.2. Original upstream changelogs: https://mosquitto.org/blog/2019/04/version-1-6-released/ https://mosquitto.org/blog/2019/04/version-1-6-1-released/ https://mosquitto.org/blog/2019/04/version-1-6-2-released/ Major features of interest: * MQTTv5 support * performance improvements * ALPN support * OCSP staping support * OpenSSL Engine support * TLSv1.0 support dropped Currently adds two patches to continue supporting OpenSSL engine support being disabled, and a missing header include. These are both tracked upstream and are expected to be dropped in a subsequent release. Signed-off-by: Karl Palsson --- net/mosquitto/Makefile | 6 +- .../patches/901-fix-openssl-ui.patch | 12 + .../patches/902-fix-engine-guards.patch | 215 ++++++++++++++++++ 3 files changed, 230 insertions(+), 3 deletions(-) create mode 100644 net/mosquitto/patches/901-fix-openssl-ui.patch create mode 100644 net/mosquitto/patches/902-fix-engine-guards.patch diff --git a/net/mosquitto/Makefile b/net/mosquitto/Makefile index 59323d68f..1cd2e92e4 100644 --- a/net/mosquitto/Makefile +++ b/net/mosquitto/Makefile @@ -9,15 +9,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mosquitto -PKG_VERSION:=1.5.8 -PKG_RELEASE:=2 +PKG_VERSION:=1.6.2 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.txt PKG_CPE_ID:=cpe:/a:eclipse:mosquitto PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://mosquitto.org/files/source/ -PKG_HASH:=78d7e70c3794dc3a1d484b4f2f8d3addebe9c2da3f5a1cebe557f7d13beb0da4 +PKG_HASH:=33499e78dfa0ca1cb488fd196fde940a66305bdfd44ba763ce2001db2569a08b PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk diff --git a/net/mosquitto/patches/901-fix-openssl-ui.patch b/net/mosquitto/patches/901-fix-openssl-ui.patch new file mode 100644 index 000000000..cfef42d4c --- /dev/null +++ b/net/mosquitto/patches/901-fix-openssl-ui.patch @@ -0,0 +1,12 @@ +diff --git a/lib/net_mosq.c b/lib/net_mosq.c +index 745b170..bdcaa19 100644 +--- a/lib/net_mosq.c ++++ b/lib/net_mosq.c +@@ -50,6 +50,7 @@ Contributors: + #include + #include + #include ++#include + #include + #endif + diff --git a/net/mosquitto/patches/902-fix-engine-guards.patch b/net/mosquitto/patches/902-fix-engine-guards.patch new file mode 100644 index 000000000..48b3c4279 --- /dev/null +++ b/net/mosquitto/patches/902-fix-engine-guards.patch @@ -0,0 +1,215 @@ +diff --git a/lib/net_mosq.c b/lib/net_mosq.c +index bdcaa19..f207e32 100644 +--- a/lib/net_mosq.c ++++ b/lib/net_mosq.c +@@ -141,7 +141,9 @@ int net__init(void) + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL); + # endif ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_load_builtin_engines(); ++#endif + setup_ui_method(); + if(tls_ex_index_mosq == -1){ + tls_ex_index_mosq = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL); +@@ -599,6 +601,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS); + #endif + ++#if !defined(OPENSSL_NO_ENGINE) + if(mosq->tls_engine){ + engine = ENGINE_by_id(mosq->tls_engine); + if(!engine){ +@@ -615,12 +618,15 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + ENGINE_set_default(engine, ENGINE_METHOD_ALL); + ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */ + } ++#endif + + if(mosq->tls_ciphers){ + ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers); + if(ret == 0){ + log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + COMPAT_CLOSE(mosq->sock); + mosq->sock = INVALID_SOCKET; + net__print_ssl_error(mosq); +@@ -647,7 +653,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check capath \"%s\".", mosq->tls_capath); + } + #endif ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + COMPAT_CLOSE(mosq->sock); + mosq->sock = INVALID_SOCKET; + net__print_ssl_error(mosq); +@@ -672,7 +680,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + #else + log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile); + #endif ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + COMPAT_CLOSE(mosq->sock); + mosq->sock = INVALID_SOCKET; + net__print_ssl_error(mosq); +@@ -681,6 +691,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + } + if(mosq->tls_keyfile){ + if(mosq->tls_keyform == mosq_k_engine){ ++#if !defined(OPENSSL_NO_ENGINE) + UI_METHOD *ui_method = net__get_ui_method(); + if(mosq->tls_engine_kpass_sha1){ + if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){ +@@ -714,6 +725,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + net__print_ssl_error(mosq); + return MOSQ_ERR_TLS; + } ++#endif + }else{ + ret = SSL_CTX_use_PrivateKey_file(mosq->ssl_ctx, mosq->tls_keyfile, SSL_FILETYPE_PEM); + if(ret != 1){ +@@ -722,7 +734,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + #else + log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile); + #endif ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + COMPAT_CLOSE(mosq->sock); + mosq->sock = INVALID_SOCKET; + net__print_ssl_error(mosq); +@@ -732,7 +746,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) + ret = SSL_CTX_check_private_key(mosq->ssl_ctx); + if(ret != 1){ + log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent."); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + COMPAT_CLOSE(mosq->sock); + mosq->sock = INVALID_SOCKET; + net__print_ssl_error(mosq); +diff --git a/lib/options.c b/lib/options.c +index 005b781..6dc4262 100644 +--- a/lib/options.c ++++ b/lib/options.c +@@ -255,6 +255,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons + switch(option){ + case MOSQ_OPT_TLS_ENGINE: + #ifdef WITH_TLS ++# if !defined(OPENSSL_NO_ENGINE) + eng = ENGINE_by_id(value); + if(!eng){ + return MOSQ_ERR_INVAL; +@@ -265,6 +266,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons + return MOSQ_ERR_NOMEM; + } + return MOSQ_ERR_SUCCESS; ++#endif + #else + return MOSQ_ERR_NOT_SUPPORTED; + #endif +diff --git a/src/net.c b/src/net.c +index 74b4ee8..495f8b2 100644 +--- a/src/net.c ++++ b/src/net.c +@@ -534,6 +534,7 @@ int net__socket_listen(struct mosquitto__listener *listener) + return 1; + } + if(listener->tls_engine){ ++#if !defined(OPENSSL_NO_ENGINE) + engine = ENGINE_by_id(listener->tls_engine); + if(!engine){ + log__printf(NULL, MOSQ_LOG_ERR, "Error loading %s engine\n", listener->tls_engine); +@@ -548,6 +549,7 @@ int net__socket_listen(struct mosquitto__listener *listener) + } + ENGINE_set_default(engine, ENGINE_METHOD_ALL); + ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */ ++#endif + } + /* FIXME user data? */ + if(listener->require_certificate){ +@@ -560,10 +562,13 @@ int net__socket_listen(struct mosquitto__listener *listener) + log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server certificate \"%s\". Check certfile.", listener->certfile); + net__print_error(MOSQ_LOG_ERR, "Error: %s"); + COMPAT_CLOSE(sock); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + return 1; + } + if(listener->tls_keyform == mosq_k_engine){ ++#if !defined(OPENSSL_NO_ENGINE) + UI_METHOD *ui_method = net__get_ui_method(); + if(listener->tls_engine_kpass_sha1){ + if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){ +@@ -593,13 +598,16 @@ int net__socket_listen(struct mosquitto__listener *listener) + ENGINE_FINISH(engine); + return 1; + } ++#endif + }else{ + rc = SSL_CTX_use_PrivateKey_file(listener->ssl_ctx, listener->keyfile, SSL_FILETYPE_PEM); + if(rc != 1){ + log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server key file \"%s\". Check keyfile.", listener->keyfile); + net__print_error(MOSQ_LOG_ERR, "Error: %s"); + COMPAT_CLOSE(sock); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + return 1; + } + } +@@ -608,7 +616,9 @@ int net__socket_listen(struct mosquitto__listener *listener) + log__printf(NULL, MOSQ_LOG_ERR, "Error: Server certificate/key are inconsistent."); + net__print_error(MOSQ_LOG_ERR, "Error: %s"); + COMPAT_CLOSE(sock); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + return 1; + } + /* Load CRLs if they exist. */ +@@ -618,7 +628,9 @@ int net__socket_listen(struct mosquitto__listener *listener) + log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to obtain TLS store."); + net__print_error(MOSQ_LOG_ERR, "Error: %s"); + COMPAT_CLOSE(sock); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + return 1; + } + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); +@@ -627,7 +639,9 @@ int net__socket_listen(struct mosquitto__listener *listener) + log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load certificate revocation file \"%s\". Check crlfile.", listener->crlfile); + net__print_error(MOSQ_LOG_ERR, "Error: %s"); + COMPAT_CLOSE(sock); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + return 1; + } + X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK); +@@ -644,7 +658,9 @@ int net__socket_listen(struct mosquitto__listener *listener) + + if(mosquitto__tls_server_ctx(listener)){ + COMPAT_CLOSE(sock); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + return 1; + } + SSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback); +@@ -654,7 +670,9 @@ int net__socket_listen(struct mosquitto__listener *listener) + log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to set TLS PSK hint."); + net__print_error(MOSQ_LOG_ERR, "Error: %s"); + COMPAT_CLOSE(sock); ++#if !defined(OPENSSL_NO_ENGINE) + ENGINE_FINISH(engine); ++#endif + return 1; + } + }