1716 lines
76 KiB
Plaintext
1716 lines
76 KiB
Plaintext
|
-------------------------------------------------------------------
|
||
|
Fri Nov 8 16:32:01 UTC 2024 - Adrian Schröter <adrian@suse.de>
|
||
|
|
||
|
- systemd service: Wait till the network got setup to avoid
|
||
|
startup failure.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Oct 19 08:56:14 UTC 2024 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.20
|
||
|
Broker:
|
||
|
- Fix QoS 1 / QoS 2 publish incorrectly returning
|
||
|
"no subscribers".
|
||
|
- Don't allow invalid response topic values.
|
||
|
- Fix some strict protocol compliance issues.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Oct 3 12:22:10 UTC 2024 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.19
|
||
|
Security:
|
||
|
* Fix mismatched subscribe/unsubscribe with normal/shared topics.
|
||
|
* Fix crash on bridge using remapped topic being sent a crafted
|
||
|
packet.
|
||
|
Broker:
|
||
|
* Fix assert failure when loading a persistence file that
|
||
|
contains subscriptions with no client id.
|
||
|
* Fix local bridges being incorrectly expired when
|
||
|
persistent_client_expiration is in use.
|
||
|
* Fix use of CLOCK_BOOTTIME for getting time.
|
||
|
* Fix mismatched subscribe/unsubscribe with normal/shared topics.
|
||
|
* Fix crash on bridge using remapped topic being sent a crafted
|
||
|
packet.
|
||
|
Client library:
|
||
|
* Fix some error codes being converted to string as "unknown".
|
||
|
* Clear SSL error state to avoid spurious error reporting.
|
||
|
* Fix "payload format invalid" not being allowed as a PUBREC
|
||
|
reason code.
|
||
|
* Don't allow SUBACK with missing reason codes.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Mar 21 12:20:58 UTC 2024 - Dirk Stoecker <opensuse@dstoecker.de>
|
||
|
|
||
|
- Add Reload action to service
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Feb 3 19:15:47 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
|
||
|
- Use sysuser-tools to generate mosquitto user
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Dec 30 21:03:04 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
|
||
|
- update to 2.0.18 (bsc#1214918, CVE-2023-28366, bsc#1215865,
|
||
|
CVE-2023-0809, bsc#1215864, CVE-2023-3592):
|
||
|
* Fix crash on subscribe under certain unlikely conditions.
|
||
|
* Fix mosquitto_rr not honouring `-R`. Closes #2893.
|
||
|
* Fix `max_queued_messages 0` stopping clients from receiving
|
||
|
messages.
|
||
|
* Fix `max_inflight_messages` not being set correctly.
|
||
|
* Fix `mosquitto_passwd -U` backup file creation.
|
||
|
* CVE-2023-28366: Fix memory leak in broker when clients send
|
||
|
multiple QoS 2 messages with the same message ID, but then
|
||
|
never respond to the PUBREC commands.
|
||
|
* CVE-2023-0809: Fix excessive memory being allocated based on
|
||
|
malicious initial packets that are not CONNECT packets.
|
||
|
* CVE-2023-3592: Fix memory leak when clients send v5 CONNECT
|
||
|
packets with a will message that contains invalid property
|
||
|
types.
|
||
|
* Broker will now reject Will messages that attempt to publish
|
||
|
to $CONTROL/.
|
||
|
* Broker now validates usernames provided in a TLS certificate
|
||
|
or TLS-PSK identity are valid UTF-8.
|
||
|
* Fix potential crash when loading invalid persistence file.
|
||
|
* Library will no longer allow single level wildcard
|
||
|
certificates, e.g. *.com
|
||
|
* Fix $SYS messages being expired after 60 seconds and hence
|
||
|
unchanged values disappearing.
|
||
|
* Fix some retained topic memory not being cleared immediately
|
||
|
after used.
|
||
|
* Fix error handling related to the `bind_interface` option.
|
||
|
* Fix std* files not being redirected when daemonising, when
|
||
|
built with assertions removed.
|
||
|
* Fix default settings incorrectly allowing TLS v1.1.
|
||
|
* Use line buffered mode for stdout.
|
||
|
* Fix bridges with non-matching cleansession/local_cleansession
|
||
|
being expired on start after restoring from persistence
|
||
|
* Fix connections being limited to 2048 on Windows. The limit
|
||
|
is now 8192, where supported.
|
||
|
* Broker will log warnings if sensitive files are world
|
||
|
readable/writable, or if the owner/group is not the same as
|
||
|
the user/group the broker is running as. In future versions
|
||
|
the broker will refuse to open these files.
|
||
|
* mosquitto_memcmp_const is now more constant time.
|
||
|
* Only register with DLT if DLT logging is enabled.
|
||
|
* Fix any possible case where a json string might be
|
||
|
incorrectly loaded. This could have caused a crash if a
|
||
|
textname or textdescription field of a role was not a string,
|
||
|
when loading the dynsec config from file only.
|
||
|
* Dynsec plugin will not allow duplicate clients/groups/roles
|
||
|
when loading config from file, which matches the behaviour
|
||
|
for when creating them.
|
||
|
* Fix heap overflow when reading corrupt config with "log_dest
|
||
|
file".
|
||
|
* Use CLOCK_BOOTTIME when available, to keep track of time.
|
||
|
This solves the problem of the client OS sleeping and the
|
||
|
client hence not being able to calculate the actual time for
|
||
|
keepalive purposes.
|
||
|
* Fix default settings incorrectly allowing TLS v1.1. Closes
|
||
|
* Fix high CPU use on slow TLS connect.
|
||
|
* Fix incorrect topic-alias property value in mosquitto_sub
|
||
|
json output.
|
||
|
* Fix confusing message on TLS certificate verification.
|
||
|
* mosquitto_passwd uses mkstemp() for backup files.
|
||
|
* `mosquitto_ctrl dynsec init` will refuse to overwrite an
|
||
|
existing file, without a race-condition.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Mon Aug 22 21:15:33 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||
|
|
||
|
- update to 2.0.15:
|
||
|
* Deleting the group configured as the anonymous group in the Dynamic Security
|
||
|
plugin, would leave a dangling pointer that could lead to a single crash.
|
||
|
This is considered a minor issue - only administrative users should have
|
||
|
access to dynsec, the impact on availability is one-off, and there is no
|
||
|
associated loss of data. It is now forbidden to delete the group configured
|
||
|
as the anonymous group.
|
||
|
* Fix memory leak when a plugin modifies the topic of a message in
|
||
|
MOSQ_EVT_MESSAGE.
|
||
|
* Fix bridge `restart_timeout` not being honoured.
|
||
|
* Fix potential memory leaks if a plugin modifies the message in the
|
||
|
MOSQ_EVT_MESSAGE event.
|
||
|
* Fix unused flags in CONNECT command being forced to be 0, which is not
|
||
|
required for MQTT v3.1. Closes #2522.
|
||
|
* Improve documentation of `persistent_client_expiration` option.
|
||
|
Closes #2404.
|
||
|
* Add clients to session expiry check list when restarting and reloading from
|
||
|
persistence. Closes #2546.
|
||
|
* Fix bridges not sending failure notification messages to the local broker if
|
||
|
the remote bridge connection fails. Closes #2467. Closes #1488.
|
||
|
* Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448.
|
||
|
* Fix incorrect return code being sent in DISCONNECT when a client session is
|
||
|
taken over. Closes #2607.
|
||
|
* Fix confusing "out of memory" error when a client is kicked in the dynamic
|
||
|
security plugin. Closes #2525.
|
||
|
* Fix confusing error message when dynamic security config file was a
|
||
|
directory. Closes #2520.
|
||
|
* Fix bridge queued messages not being persisted when local_cleansession is
|
||
|
set to false and cleansession is set to true. Closes #2604.
|
||
|
* Dynamic security: Fix modifyClient and modifyGroup commands to not modify
|
||
|
the client/group if a new group/client being added is not valid.
|
||
|
* Dynamic security: Fix the plugin being able to be loaded twice. Currently
|
||
|
only a single plugin can interact with a unique $CONTROL topic. Using
|
||
|
multiple instances of the plugin would produce duplicate entries in the
|
||
|
config file. Closes #2601. Closes #2470.
|
||
|
* Fix case where expired messages were causing queued messages not to be
|
||
|
delivered. Closes #2609.
|
||
|
* Fix websockets not passing on the X-Forwarded-For header.
|
||
|
* Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl
|
||
|
ctx not being initialised until starting to connect. Closes #2537.
|
||
|
* Fix incorrect use of SSL_connect. Closes #2594.
|
||
|
* Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564.
|
||
|
* Add documentation of struct mosquitto_message to header. Closes #2561.
|
||
|
* Fix documentation omission around mosquitto_reinitialise. Closes #2489.
|
||
|
* Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with
|
||
|
MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463.
|
||
|
* Fix failure to close thread in some situations. Closes #2545.
|
||
|
* Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting.
|
||
|
* Fix `-o` not working in `mosquitto_ctrl`, and typo in related documentation.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Nov 18 21:02:34 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.14
|
||
|
Broker:
|
||
|
* Fix bridge not respecting receive-maximum when reconnecting
|
||
|
with MQTT v5.
|
||
|
Client library:
|
||
|
* Fix mosquitto_topic_matches_sub2() not using the length
|
||
|
parameters.
|
||
|
* Fix incorrect subscribe_callback in mosquittopp.h.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Oct 28 18:35:12 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.13
|
||
|
Broker:
|
||
|
* Fix `max_keepalive` option not being able to be set to 0.
|
||
|
* Fix LWT messages not being delivered if `per_listener_settings`
|
||
|
was set to true.
|
||
|
* Various fixes around inflight quota management.
|
||
|
* Fix problem parsing config files with Windows line endings.
|
||
|
* Don't send retained messages when a shared subscription is made
|
||
|
* Fix client id not showing in log on failed connections, where
|
||
|
possible.
|
||
|
* Fix broker sending duplicate CONNACK on failed MQTT v5
|
||
|
reauthentication.
|
||
|
* Fix mosquitto_plugin.h not including mosquitto_broker.h.
|
||
|
Client library:
|
||
|
* Initialise sockpairR/W to invalid in `mosquitto_reinitialise()`
|
||
|
to avoid closing invalid sockets in `mosquitto_destroy()` on
|
||
|
error.
|
||
|
Clients:
|
||
|
- Fix date format in mosquitto_sub output.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Oct 6 14:18:36 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||
|
|
||
|
- Added hardening to systemd service(s) (bsc#1181400). Modified:
|
||
|
* mosquitto.service
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Sep 1 19:18:24 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.12
|
||
|
* Includes security fixes for
|
||
|
CVE-2021-34434 (bsc#1190048) and CVE-2020-13849 (bsc#1190101)
|
||
|
Security :
|
||
|
* An MQTT v5 client connecting with a large number of
|
||
|
user-property properties could cause excessive CPU usage,
|
||
|
leading to a loss of performance and possible denial of
|
||
|
service. This has been fixed.
|
||
|
* Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1
|
||
|
connections. These clients are now rejected if their keepalive
|
||
|
value exceeds max_keepalive. This option allows CVE-2020-13849,
|
||
|
which is for the MQTT v3.1.1 protocol itself rather than an
|
||
|
implementation, to be addressed.
|
||
|
* Using certain listener related configuration options e.g.
|
||
|
`cafile`, that apply to the default listener without defining
|
||
|
any listener would cause a remotely accessible listener to be
|
||
|
opened that was not confined to the local machine but did have
|
||
|
anonymous access enabled, contrary to the documentation.
|
||
|
This has been fixed. Closes #2283.
|
||
|
* CVE-2021-34434: If a plugin had granted ACL subscription access
|
||
|
to a durable/non-clean-session client, then removed that
|
||
|
access,the client would keep its existing subscription. This
|
||
|
has been fixed.
|
||
|
* Incoming QoS 2 messages that had not completed the QoS flow
|
||
|
were not being checked for ACL access when a clean
|
||
|
session=False client was reconnecting. This has been fixed.
|
||
|
Broker:
|
||
|
* Fix possible out of bounds memory reads when reading a
|
||
|
corrupt/crafted configuration file. Unless your configuration
|
||
|
file is writable by untrusted users this is not a risk.
|
||
|
* Fix `max_connections` option not being correctly counted.
|
||
|
* Fix TLS certificates and TLS-PSK not being able to be
|
||
|
configured at the same time.
|
||
|
* Disable TLS v1.3 when using TLS-PSK, because it isn't correctly
|
||
|
configured.
|
||
|
* Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1
|
||
|
connections. These clients are now rejected if their keepalive
|
||
|
value exceeds max_keepalive.
|
||
|
* Fix broker not quiting if e.g. the `password_file` is specified
|
||
|
as a directory. Closes #2241.
|
||
|
* Fix listener mount_point not being removed on outgoing messages.
|
||
|
* Strict protocol compliance fixes, plus test suite.
|
||
|
* Fix $share subscriptions not being recovered for durable
|
||
|
clients that reconnect.
|
||
|
* Update plugin configuration documentation. Closes #2286.
|
||
|
Client library:
|
||
|
* If a client uses TLS-PSK then force the default cipher list to
|
||
|
use "PSK" ciphers only. This means that a client connecting to
|
||
|
a broker configured with x509 certificates only will now fail.
|
||
|
Prior to this, the client would connect successfully without#
|
||
|
verifying certificates, because they were not configured.
|
||
|
* Disable TLS v1.3 when using TLS-PSK, because it isn't correctly
|
||
|
configured.
|
||
|
* Threaded mode is deconfigured when the mosquitto_loop_start()
|
||
|
thread ends, which allows mosquitto_loop_start() to be called
|
||
|
again.
|
||
|
* Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL.
|
||
|
* Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in
|
||
|
use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were
|
||
|
set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default
|
||
|
value of true.
|
||
|
Apps:
|
||
|
* Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not
|
||
|
working.
|
||
|
Clients:
|
||
|
* Document TLS certificate behaviour when using `-p 8883`.
|
||
|
Build:
|
||
|
* Fix installation using WITH_TLS=no. Closes #2281.
|
||
|
* Fix builds with libressl 3.4.0. Closes #2198.
|
||
|
* Remove some unnecessary code guards related to libressl.
|
||
|
* Fix printf format build warning on MIPS. Closes #2271.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Jun 9 19:10:49 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.11
|
||
|
Security:
|
||
|
* If a MQTT v5 client connects with a crafted CONNECT packet a
|
||
|
memory leak will occur. This has been fixed.
|
||
|
Broker:
|
||
|
* Fix possible crash having just upgraded from 1.6 if
|
||
|
`per_listener_settings true` is set, and a SIGHUP is sent to
|
||
|
the broker before a client has reconnected to the broker.
|
||
|
* Fix bridge not reconnectng if the first reconnection attempt
|
||
|
fails.
|
||
|
* Improve QoS 0 outgoing packet queueing.
|
||
|
* Fix QoS 0 messages not being queued when `queue_qos0_messages`
|
||
|
was enabled.
|
||
|
Clients:
|
||
|
* If sending mosquitto_sub output to a pipe, mosquitto_sub will
|
||
|
now detect that the pipe has closed and disconnect.
|
||
|
* Fix `mosquitto_pub -l` quitting if a message publication is
|
||
|
attempted when the broker is temporarily unavailable.
|
||
|
- Remove not longer needed patch:
|
||
|
* fix-undefined-symbols-in-plugins.patch (fixed upstream)
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Tue Apr 6 18:58:02 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.10
|
||
|
Security:
|
||
|
* CVE-2021-28166: If an authenticated client connected with
|
||
|
MQTT v5 sent a malformed CONNACK message to the broker a NULL
|
||
|
pointer dereference occurred, most likely resulting in a
|
||
|
segfault. This will be updated with the CVE number when it is
|
||
|
assigned.
|
||
|
Affects versions 2.0.0 to 2.0.9 inclusive.
|
||
|
Broker:
|
||
|
* Don't over write new receive-maximum if a v5 client connects
|
||
|
and takes over an old session.
|
||
|
* Fix CVE-2021-28166. Closes #2163.
|
||
|
Clients:
|
||
|
* Set `receive-maximum` to not exceed the `-C` message count in
|
||
|
mosquitto_sub and mosquitto_rr, to avoid potentially lost
|
||
|
messages.
|
||
|
* Fix TLS-PSK mode not working with port 8883.
|
||
|
Client library:
|
||
|
* Fix possible socket leak. This would occur if a client was
|
||
|
using `mosquitto_loop_start()`, then if the connection failed
|
||
|
due to the remote server being inaccessible they called
|
||
|
`mosquitto_loop_stop(, true)` and recreated the mosquitto
|
||
|
object.
|
||
|
Build:
|
||
|
* A variety of minor build related fixes, like functions not
|
||
|
having previous declarations.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri Mar 12 14:13:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Build with support for tcp-wrapper (-DUSE_LIBWRAP=ON)
|
||
|
- Update to version 2.0.9
|
||
|
Security:
|
||
|
* If an empty or invalid CA file was provided to the client
|
||
|
library for verifying the remote broker, then the initialx
|
||
|
connection would fail but subsequent connections would succeed
|
||
|
without verifying the remote broker certificate.
|
||
|
* If an empty or invalid CA file was provided to the broker for
|
||
|
verifying the remote broker for an outgoing bridge connection
|
||
|
then the initial connection would fail but subsequent
|
||
|
connections would succeed without verifying the
|
||
|
remote broker certificate.
|
||
|
Broker:
|
||
|
* Fix encrypted bridge connections incorrectly connecting when
|
||
|
`bridge_cafile` is empty or invalid.
|
||
|
* Fix `tls_version` behaviour not matching documentation. It was
|
||
|
setting the exact TLS version to use, not the minimium TLS
|
||
|
version to use.
|
||
|
* Fix messages to `$` prefixed topics being rejected.
|
||
|
* Fix QoS 0 messages not being delivered when max_queued_bytes
|
||
|
was configured.
|
||
|
* Fix bridge increasing backoff calculation.
|
||
|
* Improve handling of invalid combinations of listener address
|
||
|
and bind interface configurations.
|
||
|
* Fix `max_keepalive` option not applying to clients connecting
|
||
|
with keepalive set to 0.
|
||
|
Client library:
|
||
|
* Fix encrypted connections incorrectly connecting when the CA
|
||
|
file passed to `mosquitto_tls_set()` is empty or invalid.
|
||
|
* Fix connections retrying very rapidly in some situations.
|
||
|
Build:
|
||
|
* Fix cmake epoll detection.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Mar 11 12:27:06 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
||
|
|
||
|
- Convert some of the BuildRequires from package names to
|
||
|
pkgconfig(): libcares, libcjson, libwebsockets
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Mar 11 12:25:55 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
||
|
|
||
|
- Fix linking of modules:
|
||
|
- Add fix-undefined-symbols-in-plugins.patch
|
||
|
- revert old workaround of settings -DCMAKE_SHARED_LINKER_FLAGS=
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Mar 11 12:22:47 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
||
|
|
||
|
- Update mosquitto-1.6.8-config.patch:
|
||
|
Set a short profilename for a cleaner ps aufxZ output
|
||
|
- Refreshed mosquitto-1.6.8-config.patch to apply cleanly again
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Feb 28 12:56:09 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.8
|
||
|
Broker:
|
||
|
* Fix incorrect datatypes in `struct mosquitto_evt_tick`. This
|
||
|
changes the size and offset of two of the members of this
|
||
|
struct, and changes the size of the struct. This is an ABI
|
||
|
break, but is considered to be acceptable because plugins
|
||
|
should never be allocating their own instance of this struct,
|
||
|
and currently none of the struct members are used for anything,
|
||
|
so a plugin should not be accessing them. It would also be
|
||
|
safe to read/write from the existing struct parameters.
|
||
|
* Give compile time warning if libwebsockets compiled without
|
||
|
external poll support.
|
||
|
Client library:
|
||
|
* Fix mosquitto_{pub|sub}_topic_check() functions not returning
|
||
|
MOSQ_ERR_INVAL on topic == NULL.
|
||
|
Clients:
|
||
|
* Fix possible loss of data in `mosquitto_pub -l` when sending
|
||
|
multiple long lines.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Feb 6 21:36:22 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.7
|
||
|
Broker:
|
||
|
* Fix some minor memory leaks on exit only.
|
||
|
* Fix possible memory leak on connect.
|
||
|
* Fix openssl engine not being able to load private key.
|
||
|
Clients:
|
||
|
* Fix config files truncating options after the first space.
|
||
|
Build:
|
||
|
- Fix man page building to not absolutely require xsltproc when
|
||
|
using CMake.
|
||
|
- Update to version 2.0.6
|
||
|
Broker:
|
||
|
* Fix calculation of remaining length parameter for websockets
|
||
|
clients that send fragmented packets.
|
||
|
Broker:
|
||
|
* Fix potential duplicate Will messages being sent when a will
|
||
|
delay interval has been set.
|
||
|
* Fix message expiry interval property not being honoured in
|
||
|
`mosquitto_broker_publish` and `mosquitto_broker_publish_copy`.
|
||
|
* Fix websockets listeners with TLS not responding.
|
||
|
* Improve logging in obscure cases when a client disconnects.
|
||
|
* Fix reloading of listeners where multiple listeners have been
|
||
|
defined with the same port but different bind addresses.
|
||
|
* Fix `message_size_limit` not applying to the Will payload.
|
||
|
* The error topic-alias-invalid was being sent if an MQTT v5
|
||
|
client published a message with empty topic and topic alias
|
||
|
set, but the topic alias hadn't already been configured on
|
||
|
the broker. This has been fixed to send a protocol error, as
|
||
|
per section 3.3.4 of the specification.
|
||
|
* Note in the man pages that SIGHUP reloads TLS certificates.
|
||
|
Apps:
|
||
|
* Allow command line arguments to override config file options in
|
||
|
mosquitto_ctrl.
|
||
|
* mosquitto_ctrl: produce an error when requesting a new password
|
||
|
if both attempts do not match.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Tue Jan 12 07:45:11 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.5
|
||
|
Broker:
|
||
|
* Fix "auth_method" not being provided to the extended auth
|
||
|
plugin event.
|
||
|
* Fix large packets not being completely published to slow
|
||
|
clients.
|
||
|
* Fix bridge connection not relinquishing POLLOUT after messages
|
||
|
are sent.
|
||
|
* Fix apparmor incorrectly denying access to
|
||
|
/var/lib/mosquitto/mosquitto.db.new.
|
||
|
* Fix potential intermittent initial bridge connections when
|
||
|
using poll().
|
||
|
* Fix "bind_interface" option.
|
||
|
* Fix invalid behaviour in dynsec plugin if a group or client is
|
||
|
deleted before a role that was attached to the group or client
|
||
|
is deleted.
|
||
|
* Improve logging in dynsec addGroupRole/addGroupClient commands.
|
||
|
Client library:
|
||
|
* Improve documentation around the "_v5()" and non-v5 functions,
|
||
|
e.g. `mosquitto_publish()` and `mosquitto_publish_v5().
|
||
|
Build:
|
||
|
* "install" Makefile target should depend on "all", not
|
||
|
"mosquitto", to ensure that man pages are always built.
|
||
|
Apps:
|
||
|
* Disallow control characters in mosquitto_passwd usernames.
|
||
|
* Fix incorrect description in mosquitto_ctrl man page.
|
||
|
* Fix `mosquitto_ctrl dynsec getGroup` not showing roles.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Dec 23 17:12:17 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.4
|
||
|
Broker:
|
||
|
* Fix $SYS/broker/publish/messages/+ counters not being updated
|
||
|
for QoS 1, 2 messages.
|
||
|
* mosquitto_connect_bind_async() and mosquitto_connect_bind_v5()
|
||
|
should not reset the bind address option if called with
|
||
|
bind_address == NULL.
|
||
|
* Add more log messages for dynsec load/save error conditions.
|
||
|
Build:
|
||
|
* Fix man pages not being built when using CMake.
|
||
|
- Update to version 2.0.3
|
||
|
Security:
|
||
|
* Running mosquitto_passwd with the following arguments only
|
||
|
`mosquitto_passwd -b password_file username password` would
|
||
|
cause the username to be used as the password.
|
||
|
Broker:
|
||
|
* Fix LWT not being sent on client takeover when the existing
|
||
|
session wasn't being continued.
|
||
|
* Fix bridges possibly not completing connections when WITH_ADNS
|
||
|
is in use.
|
||
|
* Fix QoS 0 messages not being delivered if max_queued_messages
|
||
|
was set to 0.
|
||
|
* Fix local bridges being disconnected on SIGHUP.
|
||
|
* Fix slow initial bridge connections for WITH_ADNS=no.
|
||
|
* Fix persistence_location not appending a '/'.
|
||
|
Clients:
|
||
|
* Fix mosquitto_sub being unable to terminate with Ctrl-C if a
|
||
|
successful connection is not made.
|
||
|
Apps:
|
||
|
* Fix `mosquitto_passwd -b` using username as password (not if
|
||
|
`-c` is also used).
|
||
|
Build:
|
||
|
* Fix `install` target when using WITH_CJSON=no.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Dec 12 22:03:09 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.2
|
||
|
Broker:
|
||
|
* Fix DH group not being set for TLS connections, which meant
|
||
|
ciphers using DHE couldn't be used.
|
||
|
* Fix websockets listeners not causing the main loop not to
|
||
|
wake up.
|
||
|
Client library:
|
||
|
* Fix DH group not being set for TLS connections, which meant
|
||
|
ciphers using DHE couldn't be used.
|
||
|
Apps:
|
||
|
* Fix "mosquitto_passwd -U"
|
||
|
Build:
|
||
|
- Fix cjson include paths.
|
||
|
- Fix build using WITH_TLS=no when the openssl headers aren't
|
||
|
available.
|
||
|
- Distribute cmake/ and snap/ directories in tar.
|
||
|
- Drop patch:
|
||
|
* mosquitto-fix-cmake-cjson-detection.patch
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Dec 5 17:02:00 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 2.0.0
|
||
|
!!! Mosquitto 2.0 introduces a number of changes to the
|
||
|
behaviour of the broker. See the following document for details
|
||
|
https://mosquitto.org/documentation/migrating-to-2-0/
|
||
|
Noteworthy changes
|
||
|
* Mosquitto is now more secure by default and requires users to
|
||
|
take an active decision in how they configure security on
|
||
|
their broker, instead of possibly relying on the older very
|
||
|
permissive behaviour, as well as dropping privileged access
|
||
|
more quickly
|
||
|
* A new plugin interface has been introduced which goes beyond
|
||
|
the existing authentication and access control plugin
|
||
|
interface to offer more plugin capabilities
|
||
|
* A new plugin has been introduced to provide client, group,
|
||
|
and role based authentication and access control.
|
||
|
* The broker performance has been improved, particularly for
|
||
|
higher numbers of clients
|
||
|
* A new utility, mosquitto_ctrl has been added for controlling
|
||
|
aspects of a running broker.
|
||
|
* Bridges now support MQTT v5.
|
||
|
* The mosquitto command line clients have received a variety
|
||
|
of small improvements. mosquitto_sub can now format its
|
||
|
output in fixed column widths, for example, and filter its
|
||
|
output randomly so you can keep an eye on the overall
|
||
|
behaviour of a topic without having to see every message,
|
||
|
for example.
|
||
|
- Add patch:
|
||
|
* mosquitto-fix-cmake-cjson-detection.patch
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Aug 19 19:29:23 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.12
|
||
|
Security:
|
||
|
* In some circumstances, Mosquitto could leak memory when
|
||
|
handling PUBLISH messages. This is limited to incoming QoS 2
|
||
|
messages, and is related to the combination of the broker
|
||
|
having persistence enabled, a clean session=false client,
|
||
|
which was connected prior to the broker restarting, then has
|
||
|
reconnected and has now sent messages at a sufficiently high
|
||
|
rate that the incoming queue at the broker has filled up and
|
||
|
hence messages are being dropped. This is more likely to have
|
||
|
an effect where max_queued_messages is a small value.
|
||
|
This has now been fixed. Closes #1793.
|
||
|
Broker:
|
||
|
* Build warning fixes when building with WITH_BRIDGE=no and
|
||
|
WITH_TLS=no.
|
||
|
Clients:
|
||
|
* All clients exit with an error exit code on CONNACK failure.
|
||
|
* Don't busy loop with `mosquitto_pub -l` on a slow connection.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Tue Aug 11 16:05:16 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.11
|
||
|
Broker:
|
||
|
* Fix usage message only mentioning v3.1.1.
|
||
|
* Fix broker refusing to start if only websockets listeners
|
||
|
were defined.
|
||
|
* Change systemd unit files to create /var/log/mosquitto before
|
||
|
starting.
|
||
|
* Don't quit with an error if opening the log file isn't
|
||
|
possible.
|
||
|
* Fix bridge topic remapping when using "" as the topic.
|
||
|
* Fix messages being queued for disconnected bridges when clean
|
||
|
start was set to true.
|
||
|
* Fix `autosave_interval` not being triggered by messages being
|
||
|
delivered.
|
||
|
* Fix websockets clients sometimes not being disconnected
|
||
|
promptly.
|
||
|
* Fix "slow" file based logging by switching to line based
|
||
|
buffering.
|
||
|
* Log protocol error message where appropriate from a bad
|
||
|
UNSUBSCRIBE, rather than the generic "socket error".
|
||
|
* Don't try to start DLT logging if DLT unavailable, to avoid a
|
||
|
long delay when shutting down the broker.
|
||
|
* Fix potential memory leaks.
|
||
|
* Fix clients not receiving messages after a previous client
|
||
|
with the same client ID and positive will delay interval quit.
|
||
|
* Fix overly broad HAVE_PTHREAD_CANCEL compile guard.
|
||
|
Client library:
|
||
|
* Improved documentation around connect callback return codes.
|
||
|
* Fix `mosquitto_publish*()` no longer returning
|
||
|
`MOSQ_ERR_NO_CONN` when not connected.
|
||
|
* `mosquitto_loop_start()` now sets a thread name on Linux
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Aug 2 18:14:23 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Lets always build with support for systemd and websockets and
|
||
|
drop all the related ifdef's.
|
||
|
- Run spec-cleaner.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Jul 29 20:15:21 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Fix for the apparmor profile to properly allow reading files
|
||
|
from /etc/mosquitto/conf.d/
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Tue May 26 06:36:17 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.10
|
||
|
Broker:
|
||
|
* Report invalid bridge prefix+pattern combinations at config
|
||
|
parsing time rather than letting the bridge fail later.
|
||
|
* Fix `mosquitto_passwd -b` not updating passwords for existing
|
||
|
users correctly. Creating a new user with `-b` worked without
|
||
|
problem.
|
||
|
* Fix memory leak when connecting clients rejected.
|
||
|
* Don't disconnect clients that are already disconnected. This
|
||
|
prevents the session expiry being extended on SIGHUP.
|
||
|
* Fix support for openssl 3.0.
|
||
|
* Fix check when loading persistence file of a different version
|
||
|
than the native version.
|
||
|
* Fix possible assert crash associated with bridge reconnecting
|
||
|
when compiled without epoll support.
|
||
|
Client library:
|
||
|
* Don't treat an unexpected PUBACK, PUBREL, or PUBCOMP as a
|
||
|
fatal error.
|
||
|
* Fix support for openssl 3.0.
|
||
|
* Fix memory leaks from multiple calls to
|
||
|
`mosquitto_lib_init()`/`mosquitto_lib_cleanup()`.
|
||
|
* Fix documentation on return code of `mosquitto_lib_init()`
|
||
|
for Windows.
|
||
|
Clients:
|
||
|
* Fix mosquitto_sub %j or %J not working on Windows.
|
||
|
Build:
|
||
|
* Various fixes for building with <C99 support.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Mar 1 09:34:15 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.9
|
||
|
Broker:
|
||
|
* Fix session expiry with very large expiry intervals.
|
||
|
* Check ACL patterns for validity when loading.
|
||
|
* Use presence of password file as indicator for whether username
|
||
|
checks should take place, not whether usernames are defined in
|
||
|
the password file.
|
||
|
* Strip whitespace from end of config file string options.
|
||
|
* Satisfy valgrind when exiting on error due to not being able
|
||
|
to open a listening socket, by calling freeaddrinfo.
|
||
|
* Fix config->user not being freed on exit.
|
||
|
* Fix trailing whitespace not being trimmed on acl users.
|
||
|
* Fix `bind_interface` not working for the default listener.
|
||
|
* Improve password file parsing in the broker and mosqitto_passwd.
|
||
|
* Print OpenSSL errors in more situations, like when loading
|
||
|
certificates fails.
|
||
|
* Fix `mosquitto_client_protocol() returning incorrect values.
|
||
|
Client library:
|
||
|
* Set minimum keepalive argument to `mosquitto_connect*()` to be
|
||
|
5 seconds.
|
||
|
* Fix `mosquitto_topic_matches_sub()` not returning
|
||
|
MOSQ_ERR_INVAL if the topic contains a wildcard.
|
||
|
Clients:
|
||
|
* Fix `--remove-retained` not obeying the `-T` option for
|
||
|
filtering out topics.
|
||
|
* Default behaviour for v5 clients using `-c` is now to use
|
||
|
infinite length sessions, as with v3 clients.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Jan 22 22:03:28 UTC 2020 - James Oakley <jfunk@funktronics.ca>
|
||
|
|
||
|
- Update apparmor profile to allow open of /etc/mosquitto/conf.d
|
||
|
- Update default config to include files under /etc/mosquitto/conf.d
|
||
|
per the README in the directory
|
||
|
- Add patch:
|
||
|
* mosquitto-1.6.8-config.patch
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri Nov 29 18:34:49 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.8
|
||
|
Broker:
|
||
|
* Various fixes for `allow_zero_length_clientid` config, where
|
||
|
this option was not being set correctly.
|
||
|
* Fix incorrect memory tracking causing problems with
|
||
|
memory_limit option.
|
||
|
* Fix subscription topics being limited to 200 characters instead
|
||
|
of 200 hierarchy levels.
|
||
|
* Only a single CRL could be loaded at once. This has been fixed.
|
||
|
* Fix problems with reloading config when `per_listener_settings`
|
||
|
was true.
|
||
|
* Fix retained messages with an expiry interval not being expired
|
||
|
after being restored from persistence.
|
||
|
* Fix messages with an expiry interval being sent without an
|
||
|
expiry interval property just before they were expired.
|
||
|
* Fix TLS Websockets clients not receiving messages after taking
|
||
|
over a previous connection.
|
||
|
* Fix MQTT 3.1.1 clients using clean session false, or MQTT 5.0
|
||
|
clients using session-expiry-interval set to infinity never
|
||
|
expiring, even when the global `persistent_client_expiration`
|
||
|
option was set.
|
||
|
Client library:
|
||
|
* Fix publish properties not being passed to on_message_v5
|
||
|
callback for QoS 2 messages.
|
||
|
* Fix documentation issues in mosquitto.h.
|
||
|
* Document `mosquitto_connect_srv()`.
|
||
|
Clients:
|
||
|
* Fix duplicate cfg definition in rr_client.
|
||
|
* Fix `mosquitto_pub -l` hang when stdin stream ends.
|
||
|
* Fix `mosquitto_pub -l` not sending the final line of stdin if
|
||
|
it does not end with a new line.
|
||
|
* Make documentation for `mosquitto_pub -l` match reality - blank
|
||
|
lines are sent as empty messages.
|
||
|
* Free memory in `mosquitto_sub` when quiting without having made
|
||
|
a successful connection.
|
||
|
- Drop patch:
|
||
|
* mosquitto-fix-pkgconf-path.patch (fixed upstream)
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Sep 25 20:42:16 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.7
|
||
|
Broker:
|
||
|
* Add workaround for working with libwebsockets 3.2.0.
|
||
|
* Fix potential crash when reloading config.
|
||
|
Client library:
|
||
|
* Don't use `/` in autogenerated client ids, to avoid confusing
|
||
|
with topics.
|
||
|
* Fix `mosquitto_max_inflight_messages_set()` and
|
||
|
`mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...)` behaviour.
|
||
|
* Fix regression on use of `mosquitto_connect_async()` not working.
|
||
|
Clients:
|
||
|
* mosquitto_sub: Fix `-E` incorrectly not working unless `-d` was
|
||
|
also specified.
|
||
|
* Updated documentation around automatic client ids.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sat Sep 21 14:38:08 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.5
|
||
|
Fix CVE-2019-11779:
|
||
|
* In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT
|
||
|
client sends a SUBSCRIBE packet containing a topic that consists
|
||
|
of approximately 65400 or more '/' characters, i.e. the topic
|
||
|
hierarchy separator, then a stack overflow will occur.
|
||
|
Broker:
|
||
|
* Fix v5 DISCONNECT packets with remaining length == 2 being
|
||
|
treated as a protocol error.
|
||
|
* Fix support for libwebsockets 3.x.
|
||
|
* Fix slow websockets performance when sending large messages.
|
||
|
* Fix clients authorised using `use_identity_as_username` or
|
||
|
`use_subject_as_username` being disconnected on SIGHUP.
|
||
|
* Improve error messages in some situations when clients disconnect.
|
||
|
Reduces the number of "Socket error on client X, disconnecting"
|
||
|
messages.
|
||
|
* Fix Will for v5 clients not being sent if will delay interval was
|
||
|
greater than the session expiry interval.
|
||
|
* Fix CRL file not being reloaded on HUP.
|
||
|
Client library:
|
||
|
* Fix reconnect backoff for the situation where connections are
|
||
|
dropped rather than refused.
|
||
|
* Fix missing locks on `mosq->state`.
|
||
|
|
||
|
- Update to version 1.6.4
|
||
|
Fix CVE-2019-11778:
|
||
|
* If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0
|
||
|
to 1.6.4 inclusive, sets a last will and testament, sets a will
|
||
|
delay interval, sets a session expiry interval, and the will delay
|
||
|
interval is set longer than the session expiry interval, then a
|
||
|
use after free error occurs, which has the potential to cause a
|
||
|
crash in some situations.
|
||
|
Broker:
|
||
|
* Fix incoming QoS 2 messages being blocked when
|
||
|
`max_inflight_messages` was set to 1.
|
||
|
* Fix incoming messages not being removed for a client if the topic
|
||
|
being published to does not have any subscribers.
|
||
|
Client library:
|
||
|
* Fix MQTT v5 subscription options being incorrectly set for
|
||
|
MQTT v3 subscriptions.
|
||
|
* Make behaviour of `mosquitto_connect_async()` consistent with
|
||
|
`mosquitto_connect()` when connecting to a non-existent server.
|
||
|
* `mosquitto_string_option(mosq, MOSQ_OPT_TLS_KEYFORM, ...)` was
|
||
|
incorrectly returning `MOSQ_ERR_INVAL` with valid input. This has
|
||
|
been fixed.
|
||
|
* on_connect callback is now called with the correct v5 reason code
|
||
|
if a v5 client connects to a v3.x broker and is sent a CONNACK with
|
||
|
the "unacceptable protocol version" connack reason code.
|
||
|
* Fix memory leak when setting v5 properties in mosquitto_connect_v5().
|
||
|
* Fix properties not being sent on QoS>0 PUBLISH messages.
|
||
|
Clients:
|
||
|
* mosquitto_pub: fix error codes not being returned when
|
||
|
mosquitto_pub exits.
|
||
|
* All clients: improve error messages when connecting to a v3.x broker
|
||
|
when in v5 mode.
|
||
|
Other:
|
||
|
- Various documentation fixes.
|
||
|
|
||
|
- Update to version 1.6.3
|
||
|
Broker:
|
||
|
* Fix detection of incoming v3.1/v3.1.1 bridges.
|
||
|
* Fix default max_topic_alias listener config not being copied to
|
||
|
the in-use listener when compiled without TLS support.
|
||
|
* Fix random number generation if compiling using `WITH_TLS=no` and
|
||
|
on Linux with glibc >= 2.25. Without this fix, no random numbers
|
||
|
would be generated for e.g. on broker client id generation, and so
|
||
|
clients connecting expecting this feature would be unable to connect.
|
||
|
* Fix compilation problem related to `getrandom()` on non-glibc systems.
|
||
|
* Fix Will message for a persistent client incorrectly being sent when the
|
||
|
client reconnects after a clean disconnect.
|
||
|
- Fix Will message for a persistent client not being sent on disconnect.
|
||
|
* Improve documentation around the upgrading of persistence files.
|
||
|
* Add 'extern "C"' on mosquitto_broker.h and mosquitto_plugin.h for
|
||
|
C++ plugin writing.
|
||
|
* Fix persistent Websockets clients not receiving messages after they
|
||
|
reconnect, having sent DISCONNECT on a previous session
|
||
|
* Disable TLS renegotiation. Client initiated renegotiation is considered to
|
||
|
be a potential attack vector against servers.
|
||
|
* Fix incorrect shared subscription topic '$shared'.
|
||
|
* Fix zero length client ids being rejected for MQTT v5 clients with clean
|
||
|
start set to true.
|
||
|
* Fix MQTT v5 overlapping subscription behaviour. Clients now receive message
|
||
|
from all matching subscriptions rather than the first one encountered, which
|
||
|
ensures the maximum QoS requirement is met.
|
||
|
* Fix incoming/outgoing quota problems for QoS>0.
|
||
|
* Remove obsolete `store_clean_interval` from documentation.
|
||
|
* Fix v4 authentication plugin never calling psk_key_get.
|
||
|
Clients:
|
||
|
* Fix -L url parsing when `/topic` part is missing.
|
||
|
* Stop some error messages being printed even when `--quiet` was used.
|
||
|
* Fix mosquitto_pub exiting with error code 0 when an error occurred.
|
||
|
* Fix mosquitto_pub not using the `-c` option.
|
||
|
* Fix MQTT v5 clients not being able to specify a password without a
|
||
|
username.
|
||
|
* Fix `mosquitto_pub -l` not handling network failures.
|
||
|
* Fix `mosquitto_pub -l` not handling zero length input.
|
||
|
* Fix double free on exit in mosquitto_pub.
|
||
|
|
||
|
- Update to version 1.6.2
|
||
|
Broker:
|
||
|
* Fix memory access after free, leading to possible crash, when v5
|
||
|
client with Will message disconnects, where the Will message has
|
||
|
as its first property one of `content-type`, `correlation-data`,
|
||
|
`payload-format-indicator`, or `response-topic`.
|
||
|
* Fix Will message not allowing user-property properties.
|
||
|
* Fix broker originated messages (e.g. $SYS/broker/version) not being
|
||
|
published when `check_retain_source` set to true.
|
||
|
* Fix $SYS/broker/version being incorrectly expired after 60 seconds.
|
||
|
Library:
|
||
|
* Fix crash after client has been unable to connect to a broker. This
|
||
|
occurs when the client is exiting and is part of the final library
|
||
|
cleanup routine.
|
||
|
Clients:
|
||
|
- Fix -L url parsing.
|
||
|
|
||
|
- Update to version 1.6.1
|
||
|
Broker:
|
||
|
* Document `memory_limit` option.
|
||
|
Clients:
|
||
|
* Fix compilation on non glibc systems due to missing sys/time.h
|
||
|
header.
|
||
|
|
||
|
- Add patch:
|
||
|
* mosquitto-fix-pkgconf-path.patch
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Jul 11 05:41:41 UTC 2019 - Antoine Belvire <antoine.belvire@opensuse.org>
|
||
|
|
||
|
- Remove SuSEfirewall2 service since SuSEfirewall2 has been
|
||
|
replaced by firewalld (which already provides a mqtt service).
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Apr 18 08:47:30 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.6.0
|
||
|
Broker features
|
||
|
* Add support for MQTT v5
|
||
|
* Add support for OCSP stapling.
|
||
|
* Add support for ALPN on bridge TLS connections.
|
||
|
* Add support for Automotive DLT logging.
|
||
|
* Add TLS Engine support.
|
||
|
* Persistence file read/write performance improvements.
|
||
|
* General performance improvements.
|
||
|
* Add max_keepalive option, to allow a maximum keepalive value to
|
||
|
be set for MQTT v5 clients only.
|
||
|
* Add bind_interface option which allows a listener to be bound to
|
||
|
a specific network interface, in a similar fashion to the
|
||
|
bind_address option. Linux only.
|
||
|
* Add improved bridge restart interval based on Decorrelated Jitter.
|
||
|
* Add dhparamfile option, to allow DH parameters to be loaded for
|
||
|
Ephemeral DH support
|
||
|
* Disallow writing to $ topics where appropriate.
|
||
|
* Add explicit support for TLS v1.3.
|
||
|
* Drop support for TLS v1.0.
|
||
|
* Improved general support for broker generated client ids.
|
||
|
Removed libuuid dependency.
|
||
|
* auto_id_prefix now defaults to 'auto-'.
|
||
|
* QoS 1 and 2 flow control improvements.
|
||
|
Client library features
|
||
|
* Add support for MQTT v5
|
||
|
* Add mosquitto_subscribe_multiple() for sending subscriptions to
|
||
|
multiple topics in one command.
|
||
|
* Add TLS Engine support.
|
||
|
* Add explicit support for TLS v1.3.
|
||
|
* Drop support for TLS v1.0.
|
||
|
* QoS 1 and 2 flow control improvements.
|
||
|
Client features
|
||
|
* Add support for MQTT v5
|
||
|
* Add mosquitto_rr client, which can be used for "request-response"
|
||
|
messaging, by sending a request message and awaiting a response.
|
||
|
* Add TLS Engine support.
|
||
|
* Add support for ALPN on TLS connections.
|
||
|
* Add -D option for all clients to specify MQTT v5 properties.
|
||
|
* Add -E to mosquitto_sub, which causes it to exit immediately after
|
||
|
having its subscriptions acknowledged. Use with -c to create a
|
||
|
durable client session without requiring a message to be received.
|
||
|
* Add --remove-retained to mosquitto_sub, which can be used to clear
|
||
|
retained messages on a broker.
|
||
|
* Add --repeat and --repeat-delay to mosquitto_pub, which can be
|
||
|
used to repeat single message publishes at a regular interval.
|
||
|
* -V now accepts 5, 311, 31, as well as mqttv5 etc.
|
||
|
* Add explicit support for TLS v1.3.
|
||
|
* Drop support for TLS v1.0.
|
||
|
Broker fixes
|
||
|
* Improve error reporting when creating listeners.
|
||
|
* Fix mosquitto_passwd crashing on corrupt password file.
|
||
|
* Fix build on SmartOS due to missing IPV6_V6ONLY.
|
||
|
Client library fixes
|
||
|
* Add missing mosquitto_userdata() function.
|
||
|
Client fixes
|
||
|
* mosquitto_pub wouldn't always publish all messages when using -l
|
||
|
and QoS>0. This has been fixed.
|
||
|
* mosquitto_sub was incorrectly encoding special characters when
|
||
|
using %j output format.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Feb 28 23:09:37 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.5.8
|
||
|
Broker:
|
||
|
* Fix clients being disconnected when ACLs are in use. This only
|
||
|
affects the case where a client connects using a username, and
|
||
|
the anonymous ACL list is defined but specific user ACLs are
|
||
|
not defined.
|
||
|
* Fix delayed bridge local subscriptions causing missing messages.
|
||
|
Library:
|
||
|
* Use higher resolution timer for random initialisation of client
|
||
|
id generation.
|
||
|
* Fix some Coverity Scan reported errors that could occur when the
|
||
|
library was already quitting.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Mon Feb 18 19:58:45 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Use HTTPS for all URLs
|
||
|
- Verify source signature
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Feb 14 09:51:33 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.5.7
|
||
|
Broker:
|
||
|
- Ensure that an error occurs if `per_listener_settings true` is
|
||
|
given after other security options.
|
||
|
- Fix case where old unreferenced msg_store messages were being
|
||
|
saved to the persistence file, bloating its size unnecessarily.
|
||
|
Library:
|
||
|
- Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL
|
||
|
for invalid subscriptions like `topic/#abc`. This only affects
|
||
|
the return value, not the match/no match result, which was
|
||
|
already correct.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Feb 13 21:14:36 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
||
|
|
||
|
- Update to version 1.5.6
|
||
|
Security:
|
||
|
* Fix CVE-2018-12551 (bsc#1125021): If Mosquitto is configured to
|
||
|
use a password file for authentication, any malformed data in
|
||
|
the password file will be treated as valid. This typically means
|
||
|
that the malformed data becomes a username and no password.
|
||
|
If this occurs, clients can circumvent authentication and get
|
||
|
access to the broker by using the malformed username. In
|
||
|
particular, a blank line will be treated as a valid empty username.
|
||
|
Other security measures are unaffected. Users who have only used
|
||
|
the mosquitto_passwd utility to create and modify their password
|
||
|
files are unaffected by this vulnerability.
|
||
|
* Fix CVE-2018-12550 (bsc#1125021): If an ACL file is empty, or
|
||
|
has only blank lines or comments, then mosquitto treats the ACL
|
||
|
file as not being defined, which means that no topic access is
|
||
|
denied. Although denying access to all topics is not a useful
|
||
|
configuration, this behaviour is unexpected and could lead
|
||
|
to access being incorrectly granted in some circumstances. This
|
||
|
is now fixed.
|
||
|
* Fix CVE-2018-12546 (bsc#1125019): If a client publishes a retained
|
||
|
message to a topic that they have access to, and then their access
|
||
|
to that topic is revoked, the retained message will still be
|
||
|
delivered to future subscribers. This behaviour may be undesirable
|
||
|
in some applications, so a configuration option `check_retain_source`
|
||
|
has been introduced to enforce checking of the retained message
|
||
|
source on publish.
|
||
|
Broker:
|
||
|
* Fixed comment handling for config options that have optional
|
||
|
arguments.
|
||
|
* Improved documentation around bridge topic remapping.
|
||
|
* Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2
|
||
|
reply) properly.
|
||
|
* Fix spaces not being allowed in the bridge remote_username
|
||
|
option.
|
||
|
* Allow broker to always restart on Windows when using
|
||
|
`log_dest file`.
|
||
|
* Fix Will not being sent for Websockets clients.
|
||
|
* Windows: Fix possible crash when client disconnects.
|
||
|
* Fixed durable clients being unable to receive messages when
|
||
|
offline, when per_listener_settings was set to true.
|
||
|
* Add log message for the case where a client is disconnected for
|
||
|
sending a topic with invalid UTF-8.
|
||
|
Library:
|
||
|
* Fix TLS connections not working over SOCKS.
|
||
|
* Don't clear SSL context when TLS connection is closed, meaning
|
||
|
if a user provided an external SSL_CTX they have less chance of
|
||
|
leaking references.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Mon Dec 17 20:15:50 UTC 2018 - mardnh@gmx.de
|
||
|
|
||
|
- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536)
|
||
|
- Update to version 1.5.5
|
||
|
Security:
|
||
|
* If `per_listener_settings` is set to true, then the `acl_file` setting was
|
||
|
ignored for the "default listener" only. This has been fixed. This does not
|
||
|
affect any listeners defined with the `listener` option.
|
||
|
Broker:
|
||
|
* Add `socket_domain` option to allow listeners to disable IPv6 support.
|
||
|
This is required to work around a problem in libwebsockets that means
|
||
|
sockets only listen on IPv6 by default if IPv6 support is compiled in.
|
||
|
* When using ADNS, don't ask for all network protocols when connecting,
|
||
|
because this can lead to confusing "Protocol not supported" errors if the
|
||
|
network is down.
|
||
|
* Fix outgoing retained messages not being sent by bridges on initial
|
||
|
connection.
|
||
|
* Don't reload auth_opt_ options on reload, to match the behaviour of the
|
||
|
other plugin options.
|
||
|
* Print message on error when installing/uninstalling as a Windows service.
|
||
|
* All non-error connect/disconnect messages are controlled by the
|
||
|
`connection_messages` option.
|
||
|
Library:
|
||
|
* Fix reconnect delay backoff behaviour.
|
||
|
* Don't call on_disconnect() twice if keepalive tests fail.
|
||
|
Client:
|
||
|
* Always print leading zeros in mosquitto_sub when output format is hex.
|
||
|
Build:
|
||
|
* Fix building where TLS-PSK is not available.
|
||
|
|
||
|
- Update to version 1.5.4
|
||
|
Security:
|
||
|
* When using a TLS enabled websockets listener with "require_certificate"
|
||
|
enabled, the mosquitto broker does not correctly verify client certificates.
|
||
|
This is now fixed. All other security measures operate as expected, and in
|
||
|
particular non-websockets listeners are not affected by this.
|
||
|
Broker:
|
||
|
* Process all pending messages even when a client has disconnected. This means
|
||
|
a client that send a PUBLISH then DISCONNECT quickly, then disconnects will
|
||
|
have its DISCONNECT message processed properly and so no Will will be sent.
|
||
|
* $SYS/broker/clients/disconnected should never be negative.
|
||
|
* Give better error message if a client sends a password without a username.
|
||
|
* Fix bridge not honoring restart_timeout.
|
||
|
* Don't disconnect a client if an auth plugin denies access to SUBSCRIBE.
|
||
|
Library:
|
||
|
* Fix memory leak that occurred if mosquitto_reconnect() was used when TLS
|
||
|
errors were present.
|
||
|
* Fix TLS connections when using an external event loop with
|
||
|
mosquitto_loop_read() and mosquitto_write().
|
||
|
Build:
|
||
|
* Fix clients not being compiled with threading support when using CMake.
|
||
|
* Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Oct 25 18:06:26 UTC 2018 - mardnh@gmx.de
|
||
|
|
||
|
- Update to version 1.5.3
|
||
|
Security:
|
||
|
* Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
|
||
|
begins with $, but is not $SYS, then an assert that should be unreachable is
|
||
|
triggered and Mosquitto will exit.
|
||
|
Broker:
|
||
|
* Elevate log level to warning for situation when socket limit is hit.
|
||
|
* Fix retained messages not sent by bridges on outgoing topics at the first
|
||
|
connection.
|
||
|
* Fix duplicate clients being added to by_id hash before the old client was
|
||
|
removed.
|
||
|
|
||
|
- Update to version 1.5.2
|
||
|
Broker:
|
||
|
* Fix incorrect call to setsockopt() for TCP_NODELAY.
|
||
|
* Fix excessive CPU usage when the number of sockets exceeds the system limit.
|
||
|
* Fix round_robin false behaviour.
|
||
|
* Fix segfault on HUP when bridges and security options are configured.
|
||
|
Library:
|
||
|
* Fix situation where username and password is used with SOCKS5 proxy.
|
||
|
* Fix SOCKS5 behaviour when passing IP addresses.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Aug 19 16:38:42 UTC 2018 - mardnh@gmx.de
|
||
|
|
||
|
- Update to version 1.5.1
|
||
|
Broker:
|
||
|
* Fix plugin cleanup function not being called on exit of the broker.
|
||
|
* Print more OpenSSL errors when loading certificates/keys fail.
|
||
|
* Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX.
|
||
|
* Remove use of AI_ADDRCONFIG, which means the broker can be used on systems
|
||
|
where only the loopback interface is defined.
|
||
|
* Fix IPv6 addresses not being able to be used as bridge addresses.
|
||
|
* All clients now time out if they exceed their keepalive*1.5, rather than
|
||
|
just reach it. This was inconsistent in two places.
|
||
|
* Fix segfault on startup if bridge CA certificates could not be read.
|
||
|
* Fix problem opening listeners on Pi caused by unsigned char being default.
|
||
|
* ACL patterns that do not contain either %c or %u now produce a warning in
|
||
|
the log.
|
||
|
* Fix bridge publishing failing when per_listener_settings was true.
|
||
|
* Fix `use_identity_as_username true` not working.
|
||
|
* Fix UNSUBACK messages not being logged.
|
||
|
* Fix possible endian issue when reading the `memory_limit` option.
|
||
|
* Fix building for libwebsockets < 1.6.
|
||
|
* Fix accessor functions for username and client id when used in plugin auth
|
||
|
check.
|
||
|
|
||
|
Library:
|
||
|
* Fix some places where return codes were incorrect, including to the
|
||
|
on_disconnect() callback. This has resulted in two new error codes,
|
||
|
MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP.
|
||
|
* Fix connection problems when mosquitto_loop_start() was called before
|
||
|
mosquitto_connect_async().
|
||
|
|
||
|
Clients:
|
||
|
* When compiled using WITH_TLS=no, the default port was incorrectly being set
|
||
|
to -1. This has been fixed.
|
||
|
* Fix compiling on Mac OS X <10.12.
|
||
|
|
||
|
Build:
|
||
|
* Fixes for building on NetBSD.
|
||
|
* Fixes for building on FreeBSD.
|
||
|
* Add support for compiling with static libwebsockets library.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu May 3 18:47:04 UTC 2018 - mardnh@gmx.de
|
||
|
|
||
|
- Update to version 1.5
|
||
|
Security:
|
||
|
* Fix memory leak that could be caused by a malicious CONNECT packet. This
|
||
|
does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker)
|
||
|
|
||
|
Broker features:
|
||
|
* Add per_listener_settings to allow authentication and access control to be
|
||
|
per listener.
|
||
|
* Add limited support for reloading listener settings. This allows settings
|
||
|
for an already defined listener to be reloaded, but port numbers must not be
|
||
|
changed.
|
||
|
* Add ability to deny access to SUBSCRIBE messages as well as the current
|
||
|
read/write accesses. Currently for auth plugins only.
|
||
|
* Reduce calls to malloc through the use of UHPA.
|
||
|
* Outgoing messages with QoS>1 are no longer retried after a timeout period.
|
||
|
Messages will be retried when a client reconnects. This change in behaviour
|
||
|
can be justified by considering when the timeout may have occurred.
|
||
|
+ If a connection is unreliable and has dropped, but without one end
|
||
|
noticing, the messages will be retried on reconnection. Sending
|
||
|
additional PUBLISH or PUBREL would not have changed anything.
|
||
|
+ If a client is overloaded/unable to respond/has a slow connection then
|
||
|
sending additional PUBLISH or PUBREL would not help the client catch
|
||
|
up. Once the backlog has cleared the client will respond. If it is not
|
||
|
able to catch up, sending additional duplicates would not help either.
|
||
|
* Add use_subject_as_username option for certificate based client
|
||
|
authentication to use the entire certificate subject as a username, rather
|
||
|
than just the CN. Closes #469467.
|
||
|
* Change sys tree printing output. This format shouldn't be relied upon and
|
||
|
may change at any time. Closes #470246.
|
||
|
* Minimum supported libwebsockets version is now 1.3.
|
||
|
* Add systemd startup notification and services. Closes #471053.
|
||
|
* Reduce unnecessary malloc and memcpy when receiving a message and storing
|
||
|
it. Closes #470258.
|
||
|
* Support for Windows XP has been dropped.
|
||
|
* Bridge connections now default to using MQTT v3.1.1.
|
||
|
* mosquitto_db_dump tool can now output some stats on clients.
|
||
|
* Perform utf-8 validation on incoming will, subscription and unsubscription
|
||
|
topics.
|
||
|
* new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored)
|
||
|
* new $SYS/broker/store/messages/bytes
|
||
|
* max_queued_bytes feature to limit queues by real size rather than
|
||
|
than just message count. Closes Eclipse #452919 or Github #100
|
||
|
* Add support for bridges to be configured to only send notifications to the
|
||
|
local broker.
|
||
|
* Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on
|
||
|
client sockets. Closes #433.
|
||
|
* The behaviour of allow_anonymous has changed. In the old behaviour, the
|
||
|
default if not set was to allow anonymous access. The new behaviour is to
|
||
|
default is to allow anonymous access unless another security option is set.
|
||
|
For example, if password_file is set and allow_anonymous is not set, then
|
||
|
anonymous access will be denied. It is still possible to allow anonymous
|
||
|
access by setting it explicitly.
|
||
|
Broker fixes:
|
||
|
* Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665.
|
||
|
* Produce an error if two bridges share the same local_clientid.
|
||
|
* Miscellaneous fixes on Windows.
|
||
|
* queue_qos0_messages was not observing max_queued_** limits
|
||
|
* When using the include_dir configuration option sort the files
|
||
|
alphabetically before loading them. Closes #17.
|
||
|
* IPv6 is no longer disabled for websockets listeners.
|
||
|
* Remove all build timestamp information including $SYS/broker/timestamp.
|
||
|
Close #651.
|
||
|
* Correctly handle incoming strings that contain a NULL byte. Closes #693.
|
||
|
* Use constant time memcmp for password comparisons.
|
||
|
* Fix incorrect PSK key being used if it had leading zeroes.
|
||
|
* Fix memory leak if a client provided a username/password for a listener with
|
||
|
use_identity_as_username configured.
|
||
|
* Fix use_identity_as_username not working on websockets clients.
|
||
|
* Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
|
||
|
a websockets client. Closes #490.
|
||
|
* Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
|
||
|
* Lines in the config file are no longer limited to 1024 characters long.
|
||
|
Closes #652.
|
||
|
* Fix $SYS counters of messages and bytes sent when message is sent over
|
||
|
a Websockets. Closes #250.
|
||
|
* Fix upgrade_outgoing_qos for retained message. Closes #534.
|
||
|
* Fix CONNACK message not being sent for unauthorised connect on websockets.
|
||
|
Closes #8.
|
||
|
* Maximum connections on Windows increased to 2048.
|
||
|
* When a client with an in-use client-id connects, if the old client has a
|
||
|
will, send the will message. Closes #26.
|
||
|
* Fix parsing of configuration options that end with a space. Closes #804.
|
||
|
|
||
|
Client library features:
|
||
|
* Outgoing messages with QoS>1 are no longer retried after a timeout period.
|
||
|
Messages will be retried when a client reconnects.
|
||
|
* DNS-SRV support is now disabled by default.
|
||
|
* Add mosquitto_subscribe_simple() This is a helper function to make
|
||
|
retrieving messages from a broker very straightforward. Examples of its use
|
||
|
are in examples/subscribe_simple.
|
||
|
* Add mosquitto_subscribe_callback() This is a helper function to make
|
||
|
processing messages from a broker very straightforward. An example of its use
|
||
|
is in examples/subscribe_simple.
|
||
|
* Connections now default to using MQTT v3.1.1.
|
||
|
* Add mosquitto_validate_utf8() to check whether a string is valid UTF-8
|
||
|
according to the UTF-8 spec and to the additional restrictions imposed by
|
||
|
the MQTT spec.
|
||
|
* Topic inputs are checked for UTF-8 validity.
|
||
|
* Add mosquitto_userdata function to allow retrieving the client userdata
|
||
|
member variable. Closes #111.
|
||
|
* Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and
|
||
|
mosquitto_topic_matches_sub2() which are identical to the similarly named
|
||
|
functions but also take length arguments.
|
||
|
* Add mosquitto_connect_with_flags_callback_set(), which allows a second
|
||
|
connect callback to be used which also exposes the connect flags parameter.
|
||
|
Closes #738 and #128.
|
||
|
* Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used
|
||
|
instead of the one generated by libmosquitto. This allows greater control
|
||
|
over what options can be set. Closes #715.
|
||
|
* Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have
|
||
|
the default libmosquitto SSL_CTX configuration applied to the user provided
|
||
|
SSL_CTX. Closes #567.
|
||
|
|
||
|
Client library fixes:
|
||
|
* Fix incorrect PSK key being used if it had leading zeroes.
|
||
|
* Initialise "result" variable as soon as possible in
|
||
|
mosquitto_topic_matches_sub. Closes #654.
|
||
|
* No need to close socket again if setting non-blocking failed. Closes #649.
|
||
|
* Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
|
||
|
foo/+/#. Closes #670.
|
||
|
* SNI host support added.
|
||
|
|
||
|
Client features:
|
||
|
* Add -F to mosquitto_sub to allow the user to choose the output format.
|
||
|
* Add -U to mosquitto_sub for unsubscribing from topics.
|
||
|
* Add -c (clean session) to mosquitto_pub.
|
||
|
* Add --retained-only to mosquitto_sub to exit after receiving all retained
|
||
|
messages.
|
||
|
* Add -W to allow mosquitto_sub to stop processing incoming messages after a
|
||
|
timeout.
|
||
|
* Connections now default to using MQTT v3.1.1.
|
||
|
* Default to using port 8883 when using TLS.
|
||
|
* mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the
|
||
|
connection was refused.
|
||
|
|
||
|
Client fixes:
|
||
|
* Correctly handle empty files with "mosquitto_pub -l". Closes #676.
|
||
|
|
||
|
Build:
|
||
|
* Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip
|
||
|
executables and shared libraries when installing.
|
||
|
* Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will
|
||
|
build and install static versions of the client libraries.
|
||
|
* Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
|
||
|
* Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are
|
||
|
no longer supported by openssl.
|
||
|
|
||
|
Documentation:
|
||
|
* Replace mentions of deprecated 'c_rehash' with 'openssl rehash'.
|
||
|
|
||
|
- Remove patch:
|
||
|
* mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch (not longer needed)
|
||
|
- Support for tcp-wrapper is broken atm, disable for now
|
||
|
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Mar 1 14:37:54 UTC 2018 - mardnh@gmx.de
|
||
|
|
||
|
- Update to version 1.4.15
|
||
|
Security:
|
||
|
* Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more
|
||
|
file descriptors, then opening the configuration file will fail and security
|
||
|
settings will be set back to their default values.
|
||
|
* Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by
|
||
|
setting "remaining length" to be a large value. This is now mitigated by
|
||
|
limiting the size of remaining length to valid values. A "memory_limit"
|
||
|
configuration option has also been added to allow the overall memory used by
|
||
|
the broker to be limited.
|
||
|
|
||
|
Broker:
|
||
|
* Use constant time memcmp for password comparisons.
|
||
|
* Fix incorrect PSK key being used if it had leading zeroes.
|
||
|
* Fix memory leak if a client provided a username/password for a listener with
|
||
|
use_identity_as_username configured.
|
||
|
* Fix use_identity_as_username not working on websockets clients.
|
||
|
* Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
|
||
|
a websockets client. Closes #490.
|
||
|
* Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
|
||
|
* Lines in the config file are no longer limited to 1024 characters long.
|
||
|
Closes #652.
|
||
|
* Fix $SYS counters of messages and bytes sent when message is sent over
|
||
|
a Websockets. Closes #250.
|
||
|
* Fix upgrade_outgoing_qos for retained message. Closes #534.
|
||
|
* Fix CONNACK message not being sent for unauthorised connect on websockets.
|
||
|
Closes #8.
|
||
|
|
||
|
Client library:
|
||
|
* Fix incorrect PSK key being used if it had leading zeroes.
|
||
|
* Initialise "result" variable as soon as possible in
|
||
|
mosquitto_topic_matches_sub. Closes #654.
|
||
|
* No need to close socket again if setting non-blocking failed. Closes #649.
|
||
|
* Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
|
||
|
foo/+/#. Closes #670.
|
||
|
|
||
|
Clients:
|
||
|
* Correctly handle empty files with "mosquitto_pub -l". Closes #676.
|
||
|
|
||
|
Build:
|
||
|
* Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
|
||
|
-------------------------------------------------------------------
|
||
|
Mon Oct 2 10:57:39 UTC 2017 - mardnh@gmx.de
|
||
|
|
||
|
- Update to 1.4.14
|
||
|
* Broker:
|
||
|
- Fix regression from 1.4.13 where persistence data was not
|
||
|
being saved.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Sep 7 12:13:21 UTC 2017 - jengelh@inai.de
|
||
|
|
||
|
- Fix incorrect RPM groups.
|
||
|
- Remove repeated license declaration from description.
|
||
|
Trim package descriptions for size.
|
||
|
- Errors from user creation must not be ignored.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri Jul 7 18:33:53 UTC 2017 - antoine.belvire@opensuse.org
|
||
|
|
||
|
- Add mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch: Determine build
|
||
|
timestamp from latest revision of .changes file in order to make
|
||
|
the build reproducible and avoid useless republishing.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Jul 5 20:35:17 UTC 2017 - mardnh@gmx.de
|
||
|
|
||
|
- Update to 1.4.13
|
||
|
* Security:
|
||
|
- Fix CVE-2017-9868. The persistence file was readable
|
||
|
by all local users, potentially allowing sensitive
|
||
|
information to be leaked.
|
||
|
This can also be fixed administratively, by restricting
|
||
|
access to the directory in which the persistence file
|
||
|
is stored.
|
||
|
|
||
|
* Broker:
|
||
|
- Fix for poor websockets performance.
|
||
|
- Fix lazy bridges not timing out for idle_timeout.
|
||
|
- Fix problems with large retained messages over websockets.
|
||
|
- Set persistence file to only be readable by owner,
|
||
|
except on Windows.
|
||
|
- Fix CONNECT check for reserved=0, as per MQTT v3.1.1
|
||
|
check MQTT-3.1.2-3.
|
||
|
- When the broker stop, wills for any connected clients
|
||
|
are now "sent".
|
||
|
- Auth plugins can be configured to disable the check for +# in
|
||
|
usernames/client ids with the auth_plugin_deny_special_chars
|
||
|
option. Partially closes #462.
|
||
|
- Restrictions for CVE-2017-7650 have been relaxed - '/' is
|
||
|
allowed in usernames/client ids. Remainder of fix for #462.
|
||
|
|
||
|
Clients:
|
||
|
- Don't use / in auto-generated client ids.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Mon May 29 20:19:58 UTC 2017 - mardnh@gmx.de
|
||
|
|
||
|
- Update to 1.4.12
|
||
|
* Security:
|
||
|
- Fix CVE-2017-7650, which allows clients with username or
|
||
|
client id set to '#' or '+' to bypass pattern based ACLs or
|
||
|
third party plugins. The fix denies message sending or
|
||
|
receiving of messages for clients with a '#' or '+' in their
|
||
|
username or client id and if the message is subject to a
|
||
|
pattern ACL check or plugin check.
|
||
|
* Broker:
|
||
|
- Fix mosquitto.db from becoming corrupted due to client
|
||
|
messages being
|
||
|
persisted with no stored message. Closes #424.
|
||
|
- Fix bridge not restarting properly. Closes #428.
|
||
|
- Fix unitialized memory in gets_quiet on Windows. Closes #426.
|
||
|
- Fix building with WITH_ADNS=no for systems that don't use
|
||
|
glibc. Closes #415.
|
||
|
- Fixes to readme.md.
|
||
|
- Fix deprecation warning for OpenSSL 1.1. PR #416.
|
||
|
- Don't segfault on duplicate bridge names. Closes #446.
|
||
|
- Fix CVE-2017-7650.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Sun Mar 19 20:27:12 UTC 2017 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.11
|
||
|
- Broker:
|
||
|
- Fix crash when "lazy" type bridge attempts to reconnect.
|
||
|
Closes #259.
|
||
|
- maximum_connections now applies to websockets listeners.
|
||
|
Closes #271.
|
||
|
- Allow bridges to use TLS with IPv6.
|
||
|
- Don't error on zero length persistence files. Closes #316.
|
||
|
- For http only websockets clients, close files served over
|
||
|
http in all cases when the client disconnects. Closes #354.
|
||
|
- Fix error message when websockets http_dir directory does not
|
||
|
exist.
|
||
|
- Improve password utility error message. Closes #379.
|
||
|
- Clients:
|
||
|
- Use of --ciphers no longer requires you to also pass
|
||
|
--tls-version. Closes #380.
|
||
|
- Client library:
|
||
|
- Clients can now use TLS with IPv6.
|
||
|
- Fix potential socket leakage when reconnecting. Closes #304.
|
||
|
- Fix potential negative timeout being passed to pselect.
|
||
|
Closes #329.
|
||
|
- update 1.4.10
|
||
|
- Broker:
|
||
|
- Fix TLS operation with websockets listeners and libwebsockts
|
||
|
2.x. Closes #186.
|
||
|
- Don't disconnect client on HUP before reading the pending
|
||
|
data. Closes #7.
|
||
|
- Fix some $SYS messages being incorrectly persisted. Closes
|
||
|
#191.
|
||
|
- Support OpenSSL 1.1.0.
|
||
|
- Call fsync after persisting data to ensure it is correctly
|
||
|
written. Closes #189.
|
||
|
- Fix persistence saving of subscription QoS on big-endian
|
||
|
machines.
|
||
|
- Fix will retained flag handling on Windows. Closes #222.
|
||
|
- Broker now displays an error if it is unable to open the log
|
||
|
file. Closes #234.
|
||
|
- Client library:
|
||
|
- Support OpenSSL 1.1.0.
|
||
|
- Fixed the C++ library not allowing SOCKS support to be used.
|
||
|
Closes #198.
|
||
|
- Fix memory leak when verifying a server certificate with a
|
||
|
subjectAltName section. Closes #237.
|
||
|
- Build:
|
||
|
- Don't attempt to install docs when WITH_DOCS=no. Closes #184.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Tue Jun 28 00:28:53 UTC 2016 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.9
|
||
|
- Broker:
|
||
|
- Ensure websockets clients that previously connected with
|
||
|
clean session set to false have their queued messages
|
||
|
delivered immediately on reconnecting. Closes #476314.
|
||
|
- Reconnecting client with clean session set to false doesn't
|
||
|
start with mid=1 again.
|
||
|
- Will topic isn't truncated by one byte when using a
|
||
|
mount_point any more.
|
||
|
- Network errors are printed correctly on Windows.
|
||
|
- Fix incorrect $SYS heap memory reporting when using ACLs.
|
||
|
- Bridge config parameters couldn't contain a space, this has
|
||
|
been fixed. Closes #150.
|
||
|
- Fix saving of persistence messages that start with a '/'.
|
||
|
Closes #151.
|
||
|
- Fix reconnecting for bridges that use TLS on Windows. Closes
|
||
|
#154.
|
||
|
- Broker and bridges can now cope with unknown incoming PUBACK,
|
||
|
PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57.
|
||
|
- Fix websockets listeners not being able to bind to an IP
|
||
|
address. Closes #170.
|
||
|
- mosquitto_passwd utility now correctly deals with unknown
|
||
|
command line arguments in all cases. Closes #169.
|
||
|
- Fix publishing of $SYS/broker/clients/maximum
|
||
|
- Fix order of #includes in lib/send_mosq.c to ensure struct
|
||
|
mosquitto doesn't differ between source files when websockets
|
||
|
is being used. Closes #180.
|
||
|
- Fix possible rare crash when writing out persistence file and
|
||
|
a client has incomplete messages inflight that it has been
|
||
|
denied the right to publish.
|
||
|
- Client library:
|
||
|
- Fix the case where a message received just before the
|
||
|
keepalive timer expired would cause the client to miss the
|
||
|
keepalive timer.
|
||
|
- Return value of pthread_create is now checked.
|
||
|
- _mosquitto_destroy should not cancel threads that weren't
|
||
|
created by libmosquitto. Closes #166.
|
||
|
- Clients can now cope with unknown incoming PUBACK, PUBREC,
|
||
|
PUBREL, PUBCOMP without disconnecting. Closes #57.
|
||
|
- Fix mosquitto_topic_matches_sub() reporting matches on some
|
||
|
invalid subscriptions.
|
||
|
- Clients:
|
||
|
- Handle some unchecked malloc() calls. Closes #1.
|
||
|
- Build:
|
||
|
- Fix string quoting in CMakeLists.txt. Closes #4.
|
||
|
- Fix building on Visual Studio 2015. Closes #136.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Mon Mar 28 01:26:44 UTC 2016 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.8
|
||
|
- Broker:
|
||
|
- Wills published by clients connected to a listener with
|
||
|
mount_point defined now correctly obey the mount point. This
|
||
|
was a potential security risk because it allowed clients to
|
||
|
publish messages outside of their restricted mount point.
|
||
|
This is only affects brokers where the mount_point option is
|
||
|
in use. Closes #487178.
|
||
|
- Fix detection of broken connections on Windows.
|
||
|
Closes #485143.
|
||
|
- Close stdin etc. when daemonised. Closes #485589.
|
||
|
- Fix incorrect detection of FreeBSD and OpenBSD.
|
||
|
Closes #485131.
|
||
|
- Client library:
|
||
|
- mosq->want_write should be cleared immediately before a call
|
||
|
to SSL_write, to allow clients using mosquitto_want_write()
|
||
|
to get accurate results.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Feb 11 01:00:18 UTC 2016 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.7
|
||
|
- Broker:
|
||
|
- Fix support for libwebsockets 1.22.
|
||
|
- changes from 1.4.6
|
||
|
- Broker:
|
||
|
- Add support for libwebsockets 1.6.
|
||
|
- Client library:
|
||
|
- Fix _mosquitto_socketpair() on Windows, reducing the chance
|
||
|
of delays when publishing. Closes #483979.
|
||
|
- Clients:
|
||
|
- Fix "mosquitto_pub -l" stripping the final character on a
|
||
|
line. Closes #483981.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Dec 9 17:11:00 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- enable websocket supports
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Dec 9 17:00:02 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- enabled tcp wrapper support
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Wed Dec 9 16:04:49 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- pass the config file in the service file. it does not load it
|
||
|
otherwise.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Mon Dec 7 17:05:42 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.5
|
||
|
- Broker
|
||
|
- Fix possible memory leak if bridge using SSL attempts to
|
||
|
connect to a host that is not up.
|
||
|
- Free unused topic tree elements (fix in 1.4.3 was
|
||
|
incomplete). Closes #468987.
|
||
|
- Clients
|
||
|
- “mosquitto_pub -l” now no longer limited to 1024 byte lines.
|
||
|
Closes #478917.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri Nov 6 22:46:19 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.4
|
||
|
- Broker:
|
||
|
- Don't leak sockets when outgoing bridge with multiple
|
||
|
addresses cannot connect. Closes #477571.
|
||
|
- Fix cross compiling of websockets. Closes #475807.
|
||
|
- Fix memory free related crashes on openwrt. Closes #475707.
|
||
|
- Fix excessive calls to message retry check.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Thu Sep 10 15:21:38 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.3
|
||
|
- Broker
|
||
|
- Fix incorrect bridge notification on initial connection.
|
||
|
Closes #467096.
|
||
|
- Build fixes for OpenBSD.
|
||
|
- Fix incorrect behaviour for autosave_interval, most noticable
|
||
|
for autosave_interval=1. Closes #465438.
|
||
|
- Fix handling of outgoing QoS>0 messages for bridges that
|
||
|
could not be sent because the bridge connection was down.
|
||
|
- Free unused topic tree elements. Closes #468987.
|
||
|
- Fix some potential memory leaks. Closes #470253.
|
||
|
- Fix potential crash on libwebsockets error.
|
||
|
- Client library
|
||
|
- Add missing error strings to mosquitto_strerror.
|
||
|
- Handle fragmented TLS packets without a delay. Closes
|
||
|
#470660.
|
||
|
- Fix incorrect loop timeout being chosen when using threaded
|
||
|
- interface and keepalive = 0. Closes #471334.
|
||
|
- Increment inflight messages count correctly. Closes #474935.
|
||
|
- Clients
|
||
|
- Report error string on connection failure rather than error
|
||
|
code.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri May 8 14:59:17 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- update to 1.4.2
|
||
|
Broker:
|
||
|
- Fix bridge prefixes only working for the first outgoing
|
||
|
message. Closes #464437.
|
||
|
- Fix incorrect bridge connection notifications on local broker.
|
||
|
- Fix persistent db writing on Windows. Closes #464779.
|
||
|
- ACLs are now checked before sending a will message.
|
||
|
- Fix possible crash when using bridges on Windows. Closes
|
||
|
#465384.
|
||
|
- Fix parsing of auth_opt_ arguments with extra spaces/tabs.
|
||
|
- Broker will return CONNACK rc=5 when a username/password is not
|
||
|
authorised. This was being incorrectly set as rc=4.
|
||
|
- Fix handling of payload lengths>4096 with websockets.
|
||
|
Client library:
|
||
|
- Inflight message count wasn't being decreased for outgoing
|
||
|
messages using QoS 2, meaning that only up to 20 QoS 2 messages
|
||
|
could be sent. This has been fixed. Closes #464436.
|
||
|
- Fix CMake dependencies for C++ wrapper building. Closes
|
||
|
#463884.
|
||
|
- Fix possibility of select() being called with a socket that is
|
||
|
>FD_SETSIZE. This is a fix for #464632 that will be followed
|
||
|
>up by removing the select() call in a future version.
|
||
|
- Fix calls to mosquitto_connect*_async() not completing.
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri May 1 22:28:20 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- added mosquitto-1.4.1_apparmor.patch to make the profile work in
|
||
|
newer apparmor
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri May 1 22:06:15 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- merge a few things from the other packages
|
||
|
- create dir structure in the config dir + readmes
|
||
|
- splitout the client
|
||
|
- provide the splitted devel package names
|
||
|
- install the apparmor profile
|
||
|
- install firewall config
|
||
|
|
||
|
-------------------------------------------------------------------
|
||
|
Fri May 1 20:34:01 UTC 2015 - mrueckert@suse.de
|
||
|
|
||
|
- initial package
|