Paho-mqtt 2.0.0 breaking changes for ospd-openvas and notus-scanner

Just wasted a lot of time debugging the breaking changes introduced with the paho-mqtt pypi package in version 2.0.0. Use v 1.6.1
The changes happened while I was testing minor updates of install scripts (Community Edition Installation scriptsGitHub - martinboller/gse: Bash script installing the latest version of Greenbone Community Edition the artist formerly known as OpenVAS. Greenbone Community Edition is the world’s most used open source vulnerability management solution.) so one system worked the other didn’t which confused me (at least that’s my excuse and I’m sticking to it).

Details:

  • Forcing installation of paho-mqtt 1.6.1 as 2.0.0 appear to break ospd-openvas and notus-scanner
  • With 2.0.0 the following breakage happen

Traceback (most recent call last):
File “/opt/gvm/gvmpy/lib/python3.11/site-packages/paho/mqtt/client.py”, line 874, in del
self._reset_sockets()
File “/opt/gvm/gvmpy/lib/python3.11/site-packages/paho/mqtt/client.py”, line 1133, in _reset_sockets
self._sock_close()
File “/opt/gvm/gvmpy/lib/python3.11/site-packages/paho/mqtt/client.py”, line 1119, in _sock_close
if not self._sock:
^^^^^^^^^^
AttributeError: ‘MQTTClient’ object has no attribute ‘_sock’

This probably would be better placed into the issue trackers below to notify the team working on these components that a new version of a 3rdparty component is introducing backwards compatibility problems:

4 Likes