openSUSE-SU-2026:20260-1

Описание

This update for mosquitto fixes the following issues:

Changes in mosquitto:

• update to 2.0.23 (boo#1258671)

  • Fix handling of disconnected sessions for per_listener_settings true
  • Check return values of openssl *_get_ex_data() and *_set_ex_data() to prevent possible crash. This could occur only in extremely unlikely situations
  • Check return value of openssl ASN1_string_[get0_]data() functions for NULL. This prevents a crash in case of incorrect certificate handling in openssl
  • Fix potential crash on startup if a malicious/corrupt persistence file from mosquitto 1.5 or earlier is loaded
  • Limit auto_id_prefix to 50 characters

• Update to version 2.0.22 Broker

  • Bridge: Fix idle_timeout never occurring for lazy bridges.
  • Fix case where max_queued_messages = 0 was not treated as unlimited.
  • Fix --version exit code and output.
  • Fix crash on receiving a $CONTROL message over a bridge, if per_listener_settings is set true and the bridge is carrying out topic remapping.
  • Fix incorrect reference clock being selected on startup on Linux. Closes #3238.
  • Fix reporting of client disconnections being incorrectly attributed to "out of memory".
  • Fix compilation when using WITH_OLD_KEEPALIVE.
  • Fix problems with secure websockets.
  • Fix crash on exit when using WITH_EPOLL=no.
  • Fix clients being incorrectly expired when they have keepalive == max_keepalive. Closes #3226, #3286. Dynamic security plugin
  • Fix mismatch memory free when saving config which caused memory tracking to be incorrect. Client library
  • Fix C++ symbols being removed when compiled with link time optimisation.
  • TLS error handling was incorrectly setting a protocol error for non-TLS errors. This would cause the mosquitto_loop_start() thread to exit if no broker was available on the first connection attempt. This has been fixed. Closes #3258.
  • Fix linker errors on some architectures using cmake.

• Update to version 2.0.21 Broker

  • Fix clients sending a RESERVED packet not being quickly disconnected.
  • Fix bind_interface producing an error when used with an interface that has an IPv6 link-local address and no other IPv6 addresses.
  • Fix mismatched wrapped/unwrapped memory alloc/free in properties.
  • Fix allow_anonymous false not being applied in local only mode.
  • Add retain_expiry_interval option to fix expired retained message not being removed from memory if they are not subscribed to.
  • Produce an error if invalid combinations of cafile/capath/certfile/keyfile are used.
  • Backport keepalive checking from develop to fix problems in current implementation. Client library
  • Fix potential deadlock in mosquitto_sub if -W is used. Apps
  • mosquitto_ctrl dynsec now also allows -i to specify a clientid as well as -c. This matches the documentation which states -i. Tests
  • Fix 08-ssl-connect-cert-auth-expired and 08-ssl-connect-cert-auth-revoked tests when under load.

• systemd service: Wait till the network got setup to avoid startup failure.