Unfortunately this was marked as spam, so I didn't see it.
The attached patch will deny the use of listener bind addresses for
websockets listeners. I also note that using a more recent version of
libwebsockets does not display the same problem.
Regards,
Roger
On Sun, 26 Feb 2023 at 19:39, Helm
This will be fixed soon, I would like to include an autopkgtest in the
package, otherwise this would have been updated already.
On Fri, 9 Apr 2021 at 20:27, Salvatore Bonaccorso wrote:
>
> Source: mosquitto
> Version: 2.0.9-1
> Severity: grave
> Tags: security upstream
> Justification: user secur
The systemd unit file should recreate the folder each time the service
is started. It uses /var/run/mosquitto instead of /run/mosquitto, but
that should work through the /var/run symlink.
Does this definitely not work for you?
On Wed, 24 Feb 2021 at 01:15, Alexandre Detiste
wrote:
>
> Package: m
On Wed, 10 Feb 2021 at 16:49, László Böszörményi (GCS) wrote:
> It was always a hack, few people used it and generated way too many messages.
It's a straightforward interface to indicate to the application when a
socket needs read/write. lws might not like it, but it's simple and it
works fine.
Sorry, I forgot to say that from my point of view this is an RC level
bug for mosquitto, even if it isn't one for libwebsockets itself.
The external poll feature has been part of libwebsockets since the
beginning, and that's what Mosquitto uses. Relatively recently the
developer decided he didn't like that anymore and is going to remove
it, but has disabled it for now.
I've asked about it and was told that he didn't want to suppor
Package: libwebsockets
Severity: important
Dear Maintainer,
The libwebsockets support in Mosquitto requires the external poll
support, but this is not enabled in libwebsockets by default. Please
consider enabling it by adding LWS_WITH_EXTERNAL_POLL to the rules file.
Thank you. The more recent systemd unit files already include the HUP
command. I have changed the logrotate command to use invoke-rc.d as
per your suggestion. I have done this for the new 1.6.6 upload I've
just sent to mentors. In terms of updating stable, I haven't had much
luck with that in the p
What version are you using? The version in testing has a systemd unit.
On Tue, 5 Mar 2019 at 18:45, Tollef Fog Heen wrote:
>
> Source: mosquitto
> Severity: wishlist
>
> It would be useful if mosquitto provided a systemd unit, I suggest
> something like:
>
> [Unit]
> Description=mosquitto MQTT v3
Hi Andreas,
Thanks for taking the time to look at it - there are a number of
changes in the 1.5 series of mosquitto which remove the need for the
majority of the patches. I've got an updated package but because there
were a few changes I wanted to give it a bit more of a test and simply
hadn't got
Julien
>
> On Sat, Feb 10, 2018 at 11:13:06 +, Roger Light wrote:
>
>> Thanks for taking a look at this.
>>
>> The application only creates this file and log files, so I don't
>> believe it should have any other impact.
>>
>> Regards,
>>
>&g
Roger A. Light wrote:
>
>> +Description: Fix for CVE-207-9868.
>> +Author: Roger Light
>> +Forwarded: not-needed
>> +Origin: upstream,
>> https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch
>> +--- a/src/pe
The updated package I have prepared is in the git repository at:
https://github.com/ralight/libwebsockets-debian
I can provide a debdiff if you would like.
Thanks,
Roger
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact li
Hi Eriberto,
>>> 3. Is normal this issue?
> I got this message in a clean jail and in cowbuilder/pbuilder. Please,
> try in cowbuilder:
Ok, I did get these in normal building (tried it in cowbuilder as
well). I've checked and they're not important. There won't be any
trace dumps in the next rele
Hi Eriberto,
> 1. Update d/copyright. The current copyright for Troy is 2003-2013.
Oh yes, I missed that.
> 2. I found:
>
> # This product includes software developed by the OpenSSL Project for use in
> # the OpenSSL Toolkit. (http://www.openssl.org/)
> # This product includes cryptographic soft
Hi Eriberto,
> 1. You need to put all changes in d/changelog. You can use your VCS to check
> it.
Ok, I have done this.
> 2. In d/changelog, you should use urgency=medium, not high.
Fixed.
> 3. The cowbuilder builds the package. However, when building the
> package in a new Sid environment (n
Hi Eriberto,
Thanks for taking the time to start a review.
> 1. Update the Standards-Version from 3.9.4 to 3.9.5.
Done
> 2. d/copyright: please, update the years (include 2014, because I
> found it in your upstream code).
Done.
> 3. d/docs: The final user doesn't compiles codes. So, send comp
but would prefer the latest release to be considered.
* Package name: mosquitto
Version : 1.3.2-1
Upstream Author : Roger Light
* URL : http://mosquitto.org/
* License : BSD-3-clause
Section : net
It builds those binary packages:
libmosquitto-
Source: mosquitto
Version: 1.2.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
If an end user uses mosquitto with an authentication plugin, and the
plugin returns an application error when making an authentication check
(such as if a database was unavailable), then mo
This is caused by a hardcoded test value that is different on hurd. It
will be fixed in the next upload.
On Mon, Sep 30, 2013 at 2:42 PM, Niels Thykier wrote:
> Package: mosquitto
> Version: 1.2.1-1
> Severity: important
> User: debian-h...@lists.debian.org
> Usertags: hurd
>
> Hi,
>
> mosquitto
Hi Vincent,
Thanks for taking the time to carry out a review.
> - debian/control: the dependency of libmosquitto-dev is quite odd. Why
>not (= ${binary:Version})? I understand that you avoid to upgrade the
>binary package if there is only packaging changes, but sometimes,
>packaging
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "mosquitto"
* Package name: mosquitto
Version : 1.2-1
Upstream Author : Roger Light
* URL : http://mosquitto.org/
* License : BSD-3-clause
I have now fixed the changes, including an upstream release for some
of the fixes:
* Package name: mosquitto
Version : 1.1.3-1
Upstream Author : Roger Light
* URL : http://mosquitto.org/
* License : BSD-3-clause
Section : net
It builds those
Thanks for the detailed review - in particular for the information on
python-all. I have fixed the majority of the errors but not yet
re-uploaded because I am still deciding what to do about
mosquitto_passwd
> What happened to python-mosquitto's Depends?
They are unneeded now that python-mosquitt
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "mosquitto" for uploading to
experimental only.
* Package name: mosquitto
Version : 1.1.2-1
Upstream Author : Roger Light
* URL : http://mos
Hi David,
> Thanks, the three RC-bug fixes are pretty straightforward, but the DEP-3
> headers don't contain an Applied-Upstream field. Since you seem involved
> upstream, are those fixes not applied upstream because of a rewrite of
> those parts in the current code? If not, could you please point
Hi,
On Sat, Dec 29, 2012 at 3:59 AM, David Prévot wrote:
> doesn't seem in line with the current freeze policy [0], Rule #1: “do
> not make changes to the package that are not related to fixing the bugs
> in question […] this implies *not* […] Changing debhelper compat version”
I agree, that sh
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my package "mosquitto"
* Package name: mosquitto
Version : 0.15-2
Upstream Author : Roger Light
* URL : http://mosquitto.org/
* License : 3 clause BSD
> It appears that Josef is no longer active
He replied to my email fairly promptly so I'm sure he'll do so with
this as well.
>. I was just the
> sponsor/helper here, so I don't know the status of upstream etc. very
> well. At one point, these libraries had a reverse dependency into
> GNOME, bu
Hi Ansgar,
I've spoken with Josef Spillner, the old GGZ project lead and we both
agree that the best course of action is for the GGZ packages to be
removed from Debian. It's not fair to leave the maintenance in the
hands of the distributors.
Cheers,
Roger
--
To UNSUBSCRIBE, email to debian-b
30 matches
Mail list logo