Community maintained packages for difos.
bbc2e68ede
This is a bugfix and security release. CVE-2018-12551: If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. => Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. CVE-2018-12550: If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. CVE-2018-12546. If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option `check_retain_source` has been introduced to enforce checking of the retained message source on publish. Plus the following bugfixes: * wills not sent to websocket clients * spaces now allowed in bridge usernames * durable clients not receiving offline messages with per_listener_settings==true * compilation with openssl without deprecated apis * TLS working over SOCKS * better comment handling in config files Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1 Signed-off-by: Karl Palsson <karlp@etactica.com> |
||
|---|---|---|
| .circleci | ||
| .github | ||
| .keys | ||
| admin | ||
| devel | ||
| fonts/dejavu-fonts-ttf | ||
| ipv6/tayga | ||
| kernel | ||
| lang | ||
| libs | ||
| multimedia | ||
| net | ||
| sound | ||
| utils | ||
| .travis.yml | ||
| .travis_do.sh | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
OpenWrt packages feed
Description
This is the OpenWrt "packages"-feed containing community-maintained build scripts, options and patches for applications, modules and libraries used within OpenWrt.
Installation of pre-built packages is handled directly by the opkg utility within your running OpenWrt system or by using the OpenWrt SDK on a build system.
Usage
This repository is intended to be layered on-top of an OpenWrt buildroot. If you do not have an OpenWrt buildroot installed, see the documentation at: OpenWrt Buildroot – Installation on the OpenWrt support site.
This feed is enabled by default. To install all its package definitions, run:
./scripts/feeds update packages
./scripts/feeds install -a -p packages
License
See LICENSE file.
Package Guidelines
See CONTRIBUTING.md file.