net/mosquitto: Update to 2.1.0

Tested to run on NetBSD 9 amd64, and to build on various NetBSD 9/10
i386, amd64 earvm7, aarch64.


2.1.0 - 2026-01-29
==================

# Broker

## Deprecations
- The acl_file option is deprecated in favour of the acl-file plugin, which is
  the same code but moved into a plugin. The acl_file option will be removed
  in 3.0.
- The password_file option is deprecated in favour of the password-file plugin,
  which is the same code but moved into a plugin. The password_file option will
  be removed in 3.0.
- The per_listener_settings option is deprecated in favour of the new listener
  specific options. The per_listener_settings option will be removed in 3.0.

## Behaviour changes

- max_packet_size now defaults to 2,000,000 bytes instead of the 256MB MQTT
  limit. If you are using payloads that will result in a packet larger than
  this, you need to manually set the option to a value that suits your
  application.
- acl_file and password_file will produce an error on invalid input when
  reloading the config, causing the broker to quit.

## Protocol related
- Add support for broker created topic aliases. Topics are allocated on a
  first come first serve basis.
- Add support for bridges to allow remote brokers to create topic aliases when
  running in MQTT v5 mode.
- Enforce receive maximum on MQTT v5.
- Return protocol error if a client attemps to subscribe to a shared
  subscription and also sets no-local.
- Protocol version numbers reported in the log when a client connects now
  match the MQTT protocol version numbers, not internal Mosquitto values.
- Send DISCONNECT With session-takeover return code to MQTT v5 clients when a
  client connects with the same client id. Closes #2340.
- The `allow_duplicate_messages` now defaults to `true`.
- Add `accept_protocol_versions` option to allow limiting which MQTT protocol
  versions are allowed for a particular listener.

## TLS related
- Add `--tls-keylog` option which can be used to generate a file that can be
  used by wireshark to decrypt TLS traffic for debugging purposes. Closes #1818.
- Add `disable_client_cert_date_checks` option to allow expired client
  certificate to be considered valid.
- Add `bridge_tls_use_os_certs` option to allow bridges to be easily configured
  to trust default CA certificates. Closes #2473.
- Remove support for TLS v1.1 (clients only - it remains available in the
  broker but is now undocumented)
- Use openssl provided function for x509 certificate hostname verification,
  rather than own function.

## Bridge related
- Add `bridge_receive_maximum` option for MQTT v5.0 bridges.
- Add `bridge_session_expiry_interval` option for MQTT v5.0 bridges.
- Bridge reconnection backoff improvements.

## Transport related
- Add the `websockets_origin` option to allow optional enforcement of origin
  when a connection attempts an upgrade to WebSockets.
- Add built-in websockets support that doesn't use libwebsockets. This is the
  preferred websockets implementation.
- Add support for X-Forwarded-For header for built in websockets.
- Add suport for PROXY protocol v1 and v2.

## Platform specific
- Increase maximum connection count on Windows from 2048 to 8192 where
  supported. Closes #2122.
- Allow multiple instances of mosquitto to run as services on Windows. See
  README-windows.txt.
- Add kqueue support.
- Add support for systemd watchdog.

## General
- Report on what compile time options are enabled. Closes #2193.
- Performance: reduce memory allocations when sending packets.
- Log protocol version and ciphers that a client negotiates when connecting.
- Password salts are now 64 bytes long.
- Add the `global_plugin` option, which gives global plugin loaded regardless
  of `per_listener_settings`.
- Add `global_max_clients` option to allow limiting client sessions globally
  on the broker.
- Add `global_max_connections` option to allow limiting client connections globally
  on the broker.
- Improve idle performance. The broker now calculates when the next event of
  interest is, and uses that as the timeout for e.g. `epoll_wait()`. This can
  reduce the number of process wakeups by 100x on an idle broker.
- Add more efficient keepalive check.
- Add support for sending the SIGRTMIN signal to trigger log rotation.
  Closes #2337.
- Add `--test-config` option which can be used to test a configuration file
  before trying to use it in a live broker. Closes #2521.
- Add support for PUID/PGID environment variables for setting the user/group
  to drop privileges to. Closes #2441.
- Report persistence stats when starting.
- $SYS updates are now aligned to `sys_interval` seconds, meaning that if set
  to 10, for example, updates will be sent at times matching x0 seconds.
  Previously update intervals were aligned to the time the broker was started.
- Add `log_dest android` for logging to the Android logd daemon.
- Fix some retained topic memory not being cleared immediately after used.
- Add -q option to allow logging to be disabled at the command line.
- Log message if a client attempts to connect with TLS to a non-TLS listener.
- Add `listener_allow_anonymous` option.
- Add `listener_auto_id_prefix` option.
- Allow seconds when defining `persistent_client_expiration`.

## Plugin interface
- Add `mosquitto_topic_matches_sub_with_pattern()`, which can match against
  subscriptions with `%c` and `%u` patterns for client id / username
  substitution.
- Add support for modifying outgoing messages using `MOSQ_EVT_MESSAGE_OUT`.
- Add `mosquitto_client()` function for retrieving a client struct if that
  client is connected.
- Add `MOSQ_ERR_PLUGIN_IGNORE` to allow plugins to register basic auth or acl
  check callbacks, but still act as though they are not registered. A plugin
  that wanted to act as a blocklist for certain usernames, but wasn't carrying
  out authentication could return `MOSQ_ERR_PLUGIN_IGNORE` for usernames not on
  its blocklist. If no other plugins were configured, the client would be
  authenticated. Using `MOSQ_ERR_PLUGIN_DEFER` instead would mean the clients
  would be denied if no other plugins were configured.
- Add `mosquitto_client_port()` function for plugins.
- Add `MOSQ_EVT_CONNECT`, to allow plugins to know when a client has
  successfully authenticated to the broker.
- Add connection-state example plugin to demonstrate `MOSQ_EVT_CONNECT`.
- Add `MOSQ_EVT_CLIENT_OFFLINE`, to allow plugins to know when a client with a
  non-zero session expiry interval has gone offline.
- Plugins on non-Windows platforms now no longer make their symbols globally
  available, which means they are self contained.
- Add support for delayed basic authentication in plugins.
- Plugins using the `MOSQ_EVT_MESSAGE_WRITE` callback can now return
  `MOSQ_ERR_QUOTA_EXCEEDED` to have the message be rejected. MQTT v5 clients
  using QoS 1 or 2 will receive the quota-exceeded reason code in the
  corresponding PUBACK/PUBREC.
- `MOSQ_EVT_TICK` is now passed to plugins when `per_listener_settings` is true.
- Add `mosquitto_sub_matches_acl()`, which can match one topic filter (a
  subscription) against another topic filter (an ACL).
- Registration of the `MOSQ_EVT_CONTROL` plugin event is now handled globally
  across the broker, so only a single plugin can register for a given $CONTROL
  topic.
- Add `mosquitto_plugin_set_info()` to allow plugins to tell the broker their
  name and version.
- Add builtin $CONTROL/broker/v1 control topic with the `listPlugins`
  command. This is disabled by default, but can be enabled with the
  `enable_control_api` option.
- Plugins no longer need to define `mosquitto_plugin_cleanup()` if they do not
  need to do any of their own cleanup. Callbacks will be unregistered
  automatically.
- Add `mosquitto_set_clientid()` to allow plugins to force a client id for a
  client.
- Add `MOSQ_EVT_SUBSCRIBE` and `MOSQ_EVT_UNSUBSCRIBE` events that are called when
  subscribe/unsubscribes actually succeed. Allow modifying topic and qos.
- Add `mosquitto_persistence_location()` for plugins to use to find a valid
  location for storing persistent data.
- Plugins can now use the `next_s` and `next_ms` members of the tick event data
  struct to set a minimum interval that the broker will wait before calling the
  tick callback again.
- MOSQ_EVT_ACL_CHECK event is now passed message properties where possible.

# Plugins
- Add acl-file plugin.
- Add password-file plugin.
- Add persist-sqlite plugin.
- Add sparkplug-aware plugin.

# Dynamic security plugin
- Add ability to deny wildcard subscriptions for a role to the dynsec plugin.
- The dynamic security plugin now only kicks clients at the start of the next
  network loop, to give chance for PUBACK/PUBREC to be sent. Closes #2474.
- The dynamic security plugin now reports client connections in getClient and
  listClients.
- The dynamic security plugin now generates an initial configuration if none
  is present, including a set of default roles.
- The dynamic security plugin now supports `%c` and `%u` patterns for
  substituting client id and username respectively, in all ACLs except for
  subscribeLiteral and unsubscribeLiteral.
- The dynamic security plugin now supports multiple ways to initialise the
  first configuration file.

# Client library
- Add `MOSQ_OPT_DISABLE_SOCKETPAIR` to allow the disabling of the socketpair
  feature that allows the network thread to be woken from select() by another
  thread when e.g.  `mosquitto_publish()` is called. This reduces the number of
  sockets used by each client by two.
- Add `on_pre_connect()` callback to allow clients to update
  username/password/TLS parameters before an automatic reconnection.
- Callbacks no longer block other callbacks, and can be set from within a
  callback. Closes #2127.
- Add support for MQTT v5 broker to client topic aliases.
- Add `mosquitto_topic_matches_sub_with_pattern()`, which can match against
  subscriptions with `%c` and `%u` patterns for client id / username
  substitution.
- Add `mosquitto_sub_matches_acl()`, which can match one topic filter (a
  subscription) against another topic filter (an ACL).
- Add `mosquitto_sub_matches_acl_with_pattern()`, which can match one topic
  filter (a subscription) against another topic filter (an ACL), with `%c` and
  `%u` patterns for client id / username substitution.
- Performance: reduce memory allocations when sending packets.
- Reintroduce threading support for Windows. Closes #1509.
- `mosquitto_subscribe*()` now returns `MOSQ_ERR_INVAL` if an empty string is
  passed as a topic filter.
- `mosquitto_unsubscribe*()` now returns `MOSQ_ERR_INVAL` if an empty string is
  passed as a topic filter.
- Add websockets support.
- `mosquitto_property_read_binary/string/string_pair` will now set the
  name/value parameter to NULL if the binary/string is empty. This aligns the
  behaviour with other property functions. Closes #2648.
- Add `mosquitto_unsubscribe2_v5_callback_set`, which provides a callback that
  gives access to reason codes for each of the unsubscription requests.
- Add `mosquitto_property_remove`, for removing properties from property
  lists.
- Add `on_ext_auth()` callback to allow handling MQTT v5 extended authentication.
- Add `mosquitto_ext_auth_continue()` function to continue an MQTT v5 extended
  authentication.
- Remove support for TLS v1.1.
- Use openssl provided function for x509 certificate hostname verification,
  rather than own function.

# Clients

## General
- Add `-W` timeout support to Windows.
- The `--insecure` option now disables all server certificate verification.
- Add websockets support.
- Using `-x` now sets the clients to use MQTT v5.0.
- Fix parsing of IPv6 addresses in socks proxy urls.
- Add `--tls-keylog` option which can be used to generate a file that can be
  used by wireshark to decrypt TLS traffic for debugging purposes.
- Remove support for TLS v1.1.

## mosquitto_rr
- Fix `-f` and `-s` options in mosquitto_rr.
- Add `--latency` option to mosquitto_rr, for printing the request/response
  latency.
- Add `--retain-handling` option.

## mosquitto_sub
- Fix incorrect output formatting in mosquitto_sub when using field widths
  with `%x` and `%X` for printing the payload in hex.
- Add float printing option to mosquitto_sub.
- mosquitto_sub payload hex output can now be split by fixed field length.
- Add `--message-rate` option to mosquitto_sub, for printing the count of
  messages received each second.
- Add `--retain-handling` option.

# Apps

## mosquitto_signal
- Add `mosquitto_signal` for helping send signals to mosquitto on Windows.

## mosquitto_ctrl
- Add interactive shell mode to mosquitto_ctrl.
- Add support for `listPlugins` to mosquitto_ctrl.
- Allow mosquitto_ctrl dynsec module to update passwords in files rather than
  having to connect to a broker.

## mosquitto_passwd
- Print messages in mosquitto_passwd when adding/updating passwords.
  Closes #2544.
- When creating a new file with `-c`, setting the output filename to a dash `-`
  will output the result to stdout.

## mosquitto_db_dump
- Add `--json` output mode do mosquitto_db_dump.

# Build
- Increased CMake minimal required version to 3.14, which is required for the
  preinstalled SQLite3 find module.
- Add an CMake option `WITH_LTO` to enable/disable link time optimization.
- Set C99 as the explicit, rather than implicit, build standard.
- cJSON is now a required dependency.
- Refactored headers for easier discovery.
- Support for openssl < 3.0 removed.

Author: gdt

net/mosquitto/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.43 2025/07/12 12:56:07 gdt Exp $
+# $NetBSD: Makefile,v 1.44 2026/01/30 01:07:56 gdt Exp $
 
-DISTNAME=	mosquitto-2.0.22
+DISTNAME=	mosquitto-2.1.0
 CATEGORIES=	net
 MASTER_SITES=	https://mosquitto.org/files/source/
 
@@ -9,24 +9,28 @@ HOMEPAGE=	https://mosquitto.org/
 COMMENT=	Open Source MQTT broker
 LICENSE=	epl-v1.0
 
-TOOL_DEPENDS+=	libxslt-[0-9]*:../../textproc/libxslt
-TOOL_DEPENDS+=	docbook-xsl-[0-9]*:../../textproc/docbook-xsl
-
-USE_LANGUAGES+=	c c++
+USE_LANGUAGES+=		c c++
+# Upstream does not document required compiler versions in
+# README_compiling.md, but CMakeLists.txt says c99 and c++17
+USE_CC_FEATURES=	c99
+USE_CXX_FEATURES=	c++17
 
 # \todo File a bug upstream.
-LDFLAGS.SunOS+=	-lsocket -lnsl
+LDFLAGS.SunOS+=		-lsocket -lnsl
 
-CMAKE_CONFIGURE_ARGS+=	-DCMAKE_INSTALL_SYSCONFDIR=${PREFIX}/share/examples
-CMAKE_CONFIGURE_ARGS+=	-DWITH_PLUGINS=NO
+USE_TOOLS+=		pkg-config
+
+# \todo Consider WITH_DOCS=no.
+TOOL_DEPENDS+=	libxslt-[0-9]*:../../textproc/libxslt
+TOOL_DEPENDS+=	docbook-xsl-[0-9]*:../../textproc/docbook-xsl
 
 MOSQUITTO_USER=		mosquitto
 MOSQUITTO_GROUP=	mosquitto
 
 PKG_USERS=	${MOSQUITTO_USER}:${MOSQUITTO_GROUP}
 PKG_GROUPS=	${MOSQUITTO_GROUP}
 
-CONF_FILES=	${PREFIX}/share/examples/mosquitto/mosquitto.conf \
+CONF_FILES=	${PREFIX}/share/examples/mosquitto/mosquitto.conf.example \
 		${PKG_SYSCONFDIR}/mosquitto.conf
 
 SUBST_CLASSES+=		paths
@@ -43,27 +47,34 @@ FILES_SUBST+=	PKG_SYSCONFDIR=${PKG_SYSCONFDIR}
 FILES_SUBST+=	VARBASE=${VARBASE}
 
 BUILD_DEFS+=	VARBASE
+
 PTHREAD_AUTO_VARS=	yes
 .include "../../mk/pthread.buildlink3.mk"
 
-# Upstream documents that "unix" should use make, but Mac cmake.
-# After asking and receiving no guidance, choose to always use cmake.
-# https://github.com/eclipse/mosquitto/issues/1041
+# As of 2.1.0, cmake is the recommended build system.
 .include "../../devel/cmake/build.mk"
 
-# mosquitto's build system is very troubled, and the tests do not
-# currently work.
-#   https://github.com/eclipse/mosquitto/issues/1242
-#   https://github.com/eclipse/mosquitto/issues/1330
-#
-# \todo invoke "gmake test" in tests/ subdir instead of at top level
-# \todo pass in CPPFLAGS/LDFLAGS to test invocation
-TEST_TARGET=	test
-.include "../../devel/cunit/buildlink3.mk"
+CMAKE_CONFIGURE_ARGS+=	-DWITH_BUNDLED_DEPS=no
+
+# Somehow, even with WITH_EDITLINE=no, adding this finds it, causing build failures.
+# # upstream cmake fails to find libedit.pc
+# CMAKE_CONFIGURE_ARGS+=	-DEDITLINE_DIR=${BUILDLINK_PREFIX.editline}
+# CMAKE_CONFIGURE_ARGS+=	-DEDITLINE_INCLUDE_DIR=${BUILDLINK_PREFIX.editline}/${BUILDLINK_INCDIRS.editline}
+
+# Upstream editline cmakery cannot handle editline's readline compat as installed natively.
+CMAKE_CONFIGURE_ARGS+=	-DWITH_EDITLINE=no
+
+CMAKE_CONFIGURE_ARGS+=	-DCMAKE_INSTALL_SYSCONFDIR=${PREFIX}/share/examples
 
 .include "options.mk"
-.include "../../devel/libuuid/buildlink3.mk"
-.include "../../devel/uthash/buildlink3.mk"
+
+# Same order as README-compiling.md
+.include "../../textproc/cJSON/buildlink3.mk"
 .include "../../net/libcares/buildlink3.mk"
+.include "../../devel/editline/buildlink3.mk"
+.include "../../www/libmicrohttpd/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
+# pthreads included above
+.include "../../databases/sqlite3/buildlink3.mk"
+.include "../../devel/uthash/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

net/mosquitto/PLIST

@@ -1,34 +1,78 @@
-@comment $NetBSD: PLIST,v 1.2 2021/01/28 19:46:23 triaxx Exp $
+@comment $NetBSD: PLIST,v 1.3 2026/01/30 01:07:56 gdt Exp $
+bin/mosquitto_ctrl
+bin/mosquitto_db_dump
 bin/mosquitto_passwd
 bin/mosquitto_pub
 bin/mosquitto_rr
+bin/mosquitto_signal
 bin/mosquitto_sub
 include/mosquitto.h
+include/mosquitto/broker.h
+include/mosquitto/broker_control.h
+include/mosquitto/broker_plugin.h
+include/mosquitto/defs.h
+include/mosquitto/libcommon.h
+include/mosquitto/libcommon_base64.h
+include/mosquitto/libcommon_cjson.h
+include/mosquitto/libcommon_file.h
+include/mosquitto/libcommon_memory.h
+include/mosquitto/libcommon_password.h
+include/mosquitto/libcommon_properties.h
+include/mosquitto/libcommon_random.h
+include/mosquitto/libcommon_string.h
+include/mosquitto/libcommon_time.h
+include/mosquitto/libcommon_topic.h
+include/mosquitto/libcommon_utf8.h
+include/mosquitto/libmosquitto.h
+include/mosquitto/libmosquitto_auth.h
+include/mosquitto/libmosquitto_callbacks.h
+include/mosquitto/libmosquitto_connect.h
+include/mosquitto/libmosquitto_create_delete.h
+include/mosquitto/libmosquitto_helpers.h
+include/mosquitto/libmosquitto_loop.h
+include/mosquitto/libmosquitto_message.h
+include/mosquitto/libmosquitto_options.h
+include/mosquitto/libmosquitto_publish.h
+include/mosquitto/libmosquitto_socks.h
+include/mosquitto/libmosquitto_subscribe.h
+include/mosquitto/libmosquitto_tls.h
+include/mosquitto/libmosquitto_unsubscribe.h
+include/mosquitto/libmosquitto_will.h
+include/mosquitto/libmosquittopp.h
+include/mosquitto/mqtt_protocol.h
 include/mosquitto_broker.h
 include/mosquitto_plugin.h
 include/mosquittopp.h
 include/mqtt_protocol.h
 lib/libmosquitto.so
 lib/libmosquitto.so.1
-lib/libmosquitto.so.${PKGVERSION}
+lib/libmosquitto.so.2.1.0
 lib/libmosquittopp.so
 lib/libmosquittopp.so.1
-lib/libmosquittopp.so.${PKGVERSION}
+lib/libmosquittopp.so.2.1.0
+lib/mosquitto_acl_file.so
+lib/mosquitto_dynamic_security.so
+lib/mosquitto_password_file.so
+lib/mosquitto_persist_sqlite.so
+lib/mosquitto_sparkplug_aware.so
 lib/pkgconfig/libmosquitto.pc
 lib/pkgconfig/libmosquittopp.pc
 man/man1/mosquitto_ctrl.1
 man/man1/mosquitto_ctrl_dynsec.1
+man/man1/mosquitto_ctrl_shell.1
 man/man1/mosquitto_passwd.1
 man/man1/mosquitto_pub.1
 man/man1/mosquitto_rr.1
+man/man1/mosquitto_signal.1
 man/man1/mosquitto_sub.1
 man/man3/libmosquitto.3
 man/man5/mosquitto.conf.5
 man/man7/mosquitto-tls.7
+man/man7/mosquitto.7
 man/man7/mqtt.7
 man/man8/mosquitto.8
 sbin/mosquitto
 share/examples/mosquitto/aclfile.example
-share/examples/mosquitto/mosquitto.conf
+share/examples/mosquitto/mosquitto.conf.example
 share/examples/mosquitto/pskfile.example
 share/examples/mosquitto/pwfile.example

net/mosquitto/distinfo

@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.39 2025/07/12 12:56:07 gdt Exp $
+$NetBSD: distinfo,v 1.40 2026/01/30 01:07:56 gdt Exp $
 
-BLAKE2s (mosquitto-2.0.22.tar.gz) = 2769b4d2538943c378d5674996f5e40558f7b263be588837a9b0c3d5bad96944
-SHA512 (mosquitto-2.0.22.tar.gz) = 5aae399b308d8262a758a72064c613bfd6930e1a54f34939e30454d988c65c9d7c4c139ed70a016baa1264a0100a0c842c00e843ffe3ef83f90be440403e7482
-Size (mosquitto-2.0.22.tar.gz) = 805967 bytes
-SHA1 (patch-lib_CMakeLists.txt) = 8aefb1ddc43c3bd1edb16d0453edaf8c264eb76c
-SHA1 (patch-mosquitto.conf) = ac304038543f8cd84f06a748c3e538f32186f942
-SHA1 (patch-src_CMakeLists.txt) = ad906a507fcd39ac4fdcf98afde75ff715101698
+BLAKE2s (mosquitto-2.1.0.tar.gz) = 8f2a76789d735ed295793641625d3ee2575166b9cab35ac1822ab6db976ffcad
+SHA512 (mosquitto-2.1.0.tar.gz) = 5c5d4e0900a7087c10e30d12dd7ca72009b9acc0c28831d70e3d1730af15cbab7d7606306bd04989b161f7b46db9b6dfc36deb28918cfb44089ad65626f3ed14
+Size (mosquitto-2.1.0.tar.gz) = 2879905 bytes
+SHA1 (patch-mosquitto.conf) = 2de20afc7f932aacae0d771b80d5ab7d6687e997
+SHA1 (patch-src_CMakeLists.txt) = 34414a0886fadb0335e9716f0948124ec84d20b2

net/mosquitto/options.mk

@@ -1,17 +1,28 @@
-# $NetBSD: options.mk,v 1.3 2024/10/13 14:13:22 gdt Exp $
+# $NetBSD: options.mk,v 1.4 2026/01/30 01:07:56 gdt Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.mosquitto
-PKG_SUPPORTED_OPTIONS=	websockets
-PKG_SUGGESTED_OPTIONS=	websockets
+PKG_SUPPORTED_OPTIONS=	tests
+PKG_SUGGESTED_OPTIONS=	tests
 
 .include "../../mk/bsd.options.mk"
 
-# \todo With websockets, mosquitto's build system throws warnings that
-# performance will be terrible.  Figure out if this is correct or not
-# and fix or file bugs as appropriate.
-.if !empty(PKG_OPTIONS:Mwebsockets)
-CMAKE_CONFIGURE_ARGS+=	-DWITH_WEBSOCKETS=yes
-.include "../../www/libwebsockets/buildlink3.mk"
+.if !empty(PKG_OPTIONS:Mtests)
+CMAKE_CONFIGURE_ARGS+=	-DWITH_TESTS=ON
+
+DEPENDS+=		microsocks-[0-9]*:../../net/microsocks
+.include "../../devel/cunit/buildlink3.mk"
+.include "../../devel/googletest/buildlink3.mk"
+
+# find work/mosquitto-2.1.0rc1/ -name \*.py|xargs egrep python3|awk -F: '{print $1}' | sed -e s,work/mosquitto-2.1.0rc1/,,|sort|while read f; do echo "REPLACE_PYTHON+=    $f"; done > replace-python.mk
+.include "replace-python.mk"
+.include "../../lang/python/application.mk"
+
+TEST_TARGET=		test
+
+retest-verbose:
+	cd ${WRKSRC}/${CMAKE_BUILD_DIR} && ctest --rerun-failed --output-on-failure
 .else
-CMAKE_CONFIGURE_ARGS+=	-DWITH_WEBSOCKETS=no
+CMAKE_CONFIGURE_ARGS+=	-DWITH_TESTS=OFF
+
+TEST_TARGET=		failtest
 .endif

net/mosquitto/patches/patch-lib_CMakeLists.txt

@@ -1,13 +1,7 @@
-$NetBSD: patch-mosquitto.conf,v 1.8 2025/03/08 13:59:13 gdt Exp $
+$NetBSD: patch-mosquitto.conf,v 1.9 2026/01/30 01:07:56 gdt Exp $
 
 Align pid_file to pkgsrc norms.
 
-Provide a dir for capath, but do not set it.  (In mosquitto, having a
-key/cert for the server is linked to having a CA, and to treating
-clients with a certificate from a known CA as authorized.  This is
-complicated, and not about pkgsrc, and this change does not intend to
-step into the situation.)
-
 Log to syslog, instead of (perhaps) not logging.
 
 --- mosquitto.conf.orig	2025-03-06 16:25:31.000000000 +0000
@@ -21,15 +15,6 @@ Log to syslog, instead of (perhaps) not logging.
 
  # Set to true to queue messages with QoS 0 when a persistent client is
  # disconnected. These messages are included in the limit imposed by
-@@ -361,7 +361,7 @@
- # "openssl rehash <path to capath>" each time you add/remove a certificate.
- # capath is not supported for websockets.
- #cafile
--#capath
-+#capath @SSLCERTS@
- 
- 
- # If require_certificate is true, you may set use_identity_as_username to true
 @@ -469,7 +469,7 @@
  # Note that if the broker is running as a Windows service it will default to
  # "log_dest none" and neither stdout nor stderr logging is available.

net/mosquitto/patches/patch-mosquitto.conf

@@ -1,19 +1,16 @@
-$NetBSD: patch-src_CMakeLists.txt,v 1.8 2024/10/14 21:51:21 gdt Exp $
+$NetBSD: patch-src_CMakeLists.txt,v 1.9 2026/01/30 01:07:56 gdt Exp $
 
 The first hunk removes linker args on SunOS, for no apparent reason.
+
 \todo Explain and file a bug upstream; this should not be a pkgsrc change.
 
---- src/CMakeLists.txt.orig	2020-08-19 13:55:03.000000000 +0000
+--- src/CMakeLists.txt.orig	2026-01-19 00:00:46.000000000 +0000
 +++ src/CMakeLists.txt
-@@ -213,9 +213,9 @@ target_link_libraries(mosquitto ${MOSQ_L
- if (UNIX)
- 	if (APPLE)
- 		set_target_properties(mosquitto PROPERTIES LINK_FLAGS "-Wl,-exported_symbols_list -Wl,${mosquitto_SOURCE_DIR}/src/linker-macosx.syms")
--	else (APPLE)
-+	elseif (NOT CMAKE_SYSTEM_NAME STREQUAL SunOS)
- 		set_target_properties(mosquitto PROPERTIES LINK_FLAGS "-Wl,-dynamic-list=${mosquitto_SOURCE_DIR}/src/linker.syms")
--	endif (APPLE)
-+	endif ()
- endif (UNIX)
- 
- install(TARGETS mosquitto RUNTIME DESTINATION "${CMAKE_INSTALL_SBINDIR}")
+@@ -310,6 +310,7 @@ if(UNIX)
+ 			LINK_FLAGS "-Wl,-exported_symbols_list -Wl,${mosquitto_SOURCE_DIR}/src/linker-macosx.syms"
+ 		)
+ 	elseif (${CMAKE_SYSTEM_NAME} MATCHES "AIX")
++	elseif (${CMAKE_SYSTEM_NAME} MATCHES "SunOS")
+ 	else()
+ 		set_target_properties(mosquitto PROPERTIES
+ 			LINK_FLAGS "-Wl,-dynamic-list=${mosquitto_SOURCE_DIR}/src/linker.syms"