This update for mosquitto fixes the following issues:

- update to 2.0.23 (boo#1258671)
  * Fix handling of disconnected sessions for `per_listener_settings
    true`
  * Check return values of openssl *_get_ex_data() and
    *_set_ex_data() to prevent possible crash. This could occur only
    in extremely unlikely situations
  * Check return value of openssl ASN1_string_[get0_]data()
    functions for NULL. This prevents a crash in case of incorrect
    certificate handling in openssl
  * Fix potential crash on startup if a malicious/corrupt
    persistence file from mosquitto 1.5 or earlier is loaded
  * Limit auto_id_prefix to 50 characters

- Update to version 2.0.22
  Broker
  * Bridge: Fix idle_timeout never occurring for lazy bridges.
  * Fix case where max_queued_messages = 0 was not treated as
    unlimited.
  * Fix --version exit code and output.
  * Fix crash on receiving a $CONTROL message over a bridge, if
    per_listener_settings is set true and the bridge is carrying
    out topic remapping.
  * Fix incorrect reference clock being selected on startup on
    Linux. Closes #3238.
  * Fix reporting of client disconnections being incorrectly
    attributed to "out of memory".
  * Fix compilation when using WITH_OLD_KEEPALIVE.
  * Fix problems with secure websockets.
  * Fix crash on exit when using WITH_EPOLL=no.
  * Fix clients being incorrectly expired when they have
    keepalive == max_keepalive. Closes #3226, #3286.
  Dynamic security plugin
  * Fix mismatch memory free when saving config which caused
    memory tracking to be incorrect.
  Client library
  * Fix C++ symbols being removed when compiled with link time
    optimisation.
  * TLS error handling was incorrectly setting a protocol error
    for non-TLS errors. This would cause the mosquitto_loop_start()
    thread to exit if no broker was available on the first
    connection attempt. This has been fixed. Closes #3258.
  * Fix linker errors on some architectures using cmake.