Unfortunately this was marked as spam, so I didn't see it.
The attached patch will deny the use of listener bind addresses for
websockets listeners. I also note that using a more recent version of
libwebsockets does not display the same problem.
Regards,
Roger
On Sun, 26 Feb 2023 at 19:39,
This will be fixed soon, I would like to include an autopkgtest in the
package, otherwise this would have been updated already.
On Fri, 9 Apr 2021 at 20:27, Salvatore Bonaccorso wrote:
>
> Source: mosquitto
> Version: 2.0.9-1
> Severity: grave
> Tags: security upstream
> Justification: user
The systemd unit file should recreate the folder each time the service
is started. It uses /var/run/mosquitto instead of /run/mosquitto, but
that should work through the /var/run symlink.
Does this definitely not work for you?
On Wed, 24 Feb 2021 at 01:15, Alexandre Detiste
wrote:
>
> Package:
On Wed, 10 Feb 2021 at 16:49, László Böszörményi (GCS) wrote:
> It was always a hack, few people used it and generated way too many messages.
It's a straightforward interface to indicate to the application when a
socket needs read/write. lws might not like it, but it's simple and it
works fine.
Sorry, I forgot to say that from my point of view this is an RC level
bug for mosquitto, even if it isn't one for libwebsockets itself.
The external poll feature has been part of libwebsockets since the
beginning, and that's what Mosquitto uses. Relatively recently the
developer decided he didn't like that anymore and is going to remove
it, but has disabled it for now.
I've asked about it and was told that he didn't want to
Package: libwebsockets
Severity: important
Dear Maintainer,
The libwebsockets support in Mosquitto requires the external poll
support, but this is not enabled in libwebsockets by default. Please
consider enabling it by adding LWS_WITH_EXTERNAL_POLL to the rules file.
Thank you. The more recent systemd unit files already include the HUP
command. I have changed the logrotate command to use invoke-rc.d as
per your suggestion. I have done this for the new 1.6.6 upload I've
just sent to mentors. In terms of updating stable, I haven't had much
luck with that in the
What version are you using? The version in testing has a systemd unit.
On Tue, 5 Mar 2019 at 18:45, Tollef Fog Heen wrote:
>
> Source: mosquitto
> Severity: wishlist
>
> It would be useful if mosquitto provided a systemd unit, I suggest
> something like:
>
> [Unit]
> Description=mosquitto MQTT
Hi Andreas,
Thanks for taking the time to look at it - there are a number of
changes in the 1.5 series of mosquitto which remove the need for the
majority of the patches. I've got an updated package but because there
were a few changes I wanted to give it a bit more of a test and simply
hadn't
t;
> Cheers,
> Julien
>
> On Sat, Feb 10, 2018 at 11:13:06 +, Roger Light wrote:
>
>> Thanks for taking a look at this.
>>
>> The application only creates this file and log files, so I don't
>> believe it should have any other impact.
>>
>> Re
017 at 23:47:34 +, Roger A. Light wrote:
>
>> +Description: Fix for CVE-207-9868.
>> +Author: Roger Light <ro...@atchoo.org>
>> +Forwarded: not-needed
>> +Origin: upstream,
>> https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868
The updated package I have prepared is in the git repository at:
https://github.com/ralight/libwebsockets-debian
I can provide a debdiff if you would like.
Thanks,
Roger
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Hi Eriberto,
3. Is normal this issue?
I got this message in a clean jail and in cowbuilder/pbuilder. Please,
try in cowbuilder:
Ok, I did get these in normal building (tried it in cowbuilder as
well). I've checked and they're not important. There won't be any
trace dumps in the next release.
Hi Eriberto,
1. Update d/copyright. The current copyright for Troy is 2003-2013.
Oh yes, I missed that.
2. I found:
# This product includes software developed by the OpenSSL Project for use in
# the OpenSSL Toolkit. (http://www.openssl.org/)
# This product includes cryptographic software
Hi Eriberto,
1. You need to put all changes in d/changelog. You can use your VCS to check
it.
Ok, I have done this.
2. In d/changelog, you should use urgency=medium, not high.
Fixed.
3. The cowbuilder builds the package. However, when building the
package in a new Sid environment (new,
Hi Eriberto,
Thanks for taking the time to start a review.
1. Update the Standards-Version from 3.9.4 to 3.9.5.
Done
2. d/copyright: please, update the years (include 2014, because I
found it in your upstream code).
Done.
3. d/docs: The final user doesn't compiles codes. So, send
Source: mosquitto
Version: 1.2.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
If an end user uses mosquitto with an authentication plugin, and the
plugin returns an application error when making an authentication check
(such as if a database was unavailable), then
prefer the latest release to be considered.
* Package name: mosquitto
Version : 1.3.2-1
Upstream Author : Roger Light ro...@atchoo.org
* URL : http://mosquitto.org/
* License : BSD-3-clause
Section : net
It builds those binary packages:
libmosquitto
This is caused by a hardcoded test value that is different on hurd. It
will be fixed in the next upload.
On Mon, Sep 30, 2013 at 2:42 PM, Niels Thykier ni...@thykier.net wrote:
Package: mosquitto
Version: 1.2.1-1
Severity: important
User: debian-h...@lists.debian.org
Usertags: hurd
Hi,
Hi Vincent,
Thanks for taking the time to carry out a review.
- debian/control: the dependency of libmosquitto-dev is quite odd. Why
not (= ${binary:Version})? I understand that you avoid to upgrade the
binary package if there is only packaging changes, but sometimes,
packaging
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package mosquitto
* Package name: mosquitto
Version : 1.2-1
Upstream Author : Roger Light ro...@atchoo.org
* URL : http://mosquitto.org/
* License : BSD-3-clause
I have now fixed the changes, including an upstream release for some
of the fixes:
* Package name: mosquitto
Version : 1.1.3-1
Upstream Author : Roger Light ro...@atchoo.org
* URL : http://mosquitto.org/
* License : BSD-3-clause
Section : net
Thanks for the detailed review - in particular for the information on
python-all. I have fixed the majority of the errors but not yet
re-uploaded because I am still deciding what to do about
mosquitto_passwd
What happened to python-mosquitto's Depends?
They are unneeded now that
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package mosquitto for uploading to
experimental only.
* Package name: mosquitto
Version : 1.1.2-1
Upstream Author : Roger Light ro...@atchoo.org
* URL : http
Hi,
On Sat, Dec 29, 2012 at 3:59 AM, David Prévot taf...@debian.org wrote:
doesn't seem in line with the current freeze policy [0], Rule #1: “do
not make changes to the package that are not related to fixing the bugs
in question […] this implies *not* […] Changing debhelper compat version”
I
Hi David,
Thanks, the three RC-bug fixes are pretty straightforward, but the DEP-3
headers don't contain an Applied-Upstream field. Since you seem involved
upstream, are those fixes not applied upstream because of a rewrite of
those parts in the current code? If not, could you please point to
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my package mosquitto
* Package name: mosquitto
Version : 0.15-2
Upstream Author : Roger Light ro...@atchoo.org
* URL : http://mosquitto.org/
* License : 3 clause
It appears that Josef is no longer active
He replied to my email fairly promptly so I'm sure he'll do so with
this as well.
. I was just the
sponsor/helper here, so I don't know the status of upstream etc. very
well. At one point, these libraries had a reverse dependency into
GNOME, but I
Hi Ansgar,
I've spoken with Josef Spillner, the old GGZ project lead and we both
agree that the best course of action is for the GGZ packages to be
removed from Debian. It's not fair to leave the maintenance in the
hands of the distributors.
Cheers,
Roger
--
To UNSUBSCRIBE, email to
30 matches
Mail list logo
