[Buildroot] [PATCH v3 1/1] package/mosquitto: security bump to v1.6.12

Titouan Christophe titouan.christophe at railnova.eu
Sat Aug 29 13:06:10 UTC 2020


Mosquitto 1.6.11 is a bugfix release, read the whole announcement on
http://mosquitto.org/blog/2020/08/version-1-6-11-released/

Mosquitto 1.6.12 is a security and bugfix release, read
http://mosquitto.org/blog/2020/08/version-1-6-12-released/

>From the 1.6.11 changelog of the client library:
mosquitto_loop_start() now sets a thread name on Linux, FreeBSD, NetBSD,
and OpenBSD. Closes #1777.
This is done with pthread_setname_np; so mosquitto now requires
BR2_TOOLCHAIN_HAS_THREADS_NPTL when built with threading support.

2 reverse dependencies use the threaded API, but they already
depend on BR2_TOOLCHAIN_HAS_THREADS_NPTL:
* domoticz [1] (we add a comment for mosquitto)
* shairport-sync [2]

[1] https://github.com/domoticz/domoticz/blob/2020.1/main/mosquitto_helper.cpp#L344
[2] https://github.com/mikebrady/shairport-sync/blob/3.3.6/mqtt.c#L227-L229

Signed-off-by: Titouan Christophe <titouan.christophe at railnova.eu>
---
Changes v1->v2:
* Conditionally depend on BR2_TOOLCHAIN_HAS_THREADS_NPTL
* Add patch to support building on platforms without pthread

Changes v2->v3:
* Bump to newer version 1.6.12
* Drop patch that was released upstream
* Don't add custom option BR2_PACKAGE_MOSQUITTO_WITH_THREADING
---
 package/domoticz/Config.in       | 2 +-
 package/mosquitto/mosquitto.hash | 4 ++--
 package/mosquitto/mosquitto.mk   | 5 +++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package/domoticz/Config.in b/package/domoticz/Config.in
index a2ad9f1b07..c6b2834d9d 100644
--- a/package/domoticz/Config.in
+++ b/package/domoticz/Config.in
@@ -2,7 +2,7 @@ config BR2_PACKAGE_DOMOTICZ
 	bool "domoticz"
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # sleep_for
 	# pthread_condattr_setclock
-	depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL
+	depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL # mosquitto
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on BR2_USE_WCHAR
 	depends on BR2_PACKAGE_LUA_5_3
diff --git a/package/mosquitto/mosquitto.hash b/package/mosquitto/mosquitto.hash
index 482962490e..13f0c8de23 100644
--- a/package/mosquitto/mosquitto.hash
+++ b/package/mosquitto/mosquitto.hash
@@ -1,6 +1,6 @@
 # Locally calculated after checking gpg signature
-# from https://mosquitto.org/files/source/mosquitto-1.6.10.tar.gz.asc
-sha256  92d1807717f0f6d57d1ac1207ffdb952e8377e916c7b0bb4718f745239774232  mosquitto-1.6.10.tar.gz
+# from https://mosquitto.org/files/source/mosquitto-1.6.12.tar.gz.asc
+sha256  548d73d19fb787dd0530334e398fd256ef3a581181678488a741a995c4f007fb  mosquitto-1.6.12.tar.gz
 
 # License files
 sha256  cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc1  LICENSE.txt
diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk
index cdd515e1a4..5734dd45c5 100644
--- a/package/mosquitto/mosquitto.mk
+++ b/package/mosquitto/mosquitto.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MOSQUITTO_VERSION = 1.6.10
+MOSQUITTO_VERSION = 1.6.12
 MOSQUITTO_SITE = https://mosquitto.org/files/source
 MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
 MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10
@@ -41,7 +41,8 @@ else
 MOSQUITTO_MAKE_OPTS += WITH_ADNS=no
 endif
 
-ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
+# threaded API uses pthread_setname_np
+ifeq ($(BR2_TOOLCHAIN_HAS_THREADS_NPTL),y)
 MOSQUITTO_MAKE_OPTS += WITH_THREADING=yes
 else
 MOSQUITTO_MAKE_OPTS += WITH_THREADING=no
-- 
2.25.3



More information about the buildroot mailing list