From 449a1825eaaebe695a2ccafda0662e2a22e9d996ae34d8a44be1a5b24ba39c76 Mon Sep 17 00:00:00 2001 From: Martin Hauke Date: Thu, 3 Oct 2024 12:25:44 +0000 Subject: [PATCH] - Update to version 2.0.19 Security: * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Broker: * Fix assert failure when loading a persistence file that contains subscriptions with no client id. * Fix local bridges being incorrectly expired when persistent_client_expiration is in use. * Fix use of CLOCK_BOOTTIME for getting time. * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Client library: * Fix some error codes being converted to string as "unknown". * Clear SSL error state to avoid spurious error reporting. * Fix "payload format invalid" not being allowed as a PUBREC reason code. * Don't allow SUBACK with missing reason codes. OBS-URL: https://build.opensuse.org/package/show/network:messaging:mqtt/mosquitto?expand=0&rev=69 --- .gitattributes | 23 + .gitignore | 1 + README-ca_certificates | 1 + README-certs | 3 + README-conf-d | 2 + mosquitto-1.4.1_apparmor.patch | 26 + mosquitto-1.6.8-config.patch | 10 + mosquitto-2.0.18.tar.gz | 3 + mosquitto-2.0.18.tar.gz.sig | 16 + mosquitto-2.0.19.tar.gz | 3 + mosquitto-2.0.19.tar.gz.sig | 16 + mosquitto-user.conf | 2 + mosquitto.changes | 1699 ++++++++++++++++++++++++++++++++ mosquitto.keyring | 191 ++++ mosquitto.service | 26 + mosquitto.spec | 213 ++++ 16 files changed, 2235 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README-ca_certificates create mode 100644 README-certs create mode 100644 README-conf-d create mode 100644 mosquitto-1.4.1_apparmor.patch create mode 100644 mosquitto-1.6.8-config.patch create mode 100644 mosquitto-2.0.18.tar.gz create mode 100644 mosquitto-2.0.18.tar.gz.sig create mode 100644 mosquitto-2.0.19.tar.gz create mode 100644 mosquitto-2.0.19.tar.gz.sig create mode 100644 mosquitto-user.conf create mode 100644 mosquitto.changes create mode 100644 mosquitto.keyring create mode 100644 mosquitto.service create mode 100644 mosquitto.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README-ca_certificates b/README-ca_certificates new file mode 100644 index 0000000..1b4f7ca --- /dev/null +++ b/README-ca_certificates @@ -0,0 +1 @@ +Place your SSL/TLS Certificate Authority certificates in this directory. diff --git a/README-certs b/README-certs new file mode 100644 index 0000000..1844985 --- /dev/null +++ b/README-certs @@ -0,0 +1,3 @@ +Place your SSL/TLS server keys and certificates in this directory. + +This directory should only be readable by the mosquitto user. diff --git a/README-conf-d b/README-conf-d new file mode 100644 index 0000000..38df73a --- /dev/null +++ b/README-conf-d @@ -0,0 +1,2 @@ +Any files placed in this directory that have a .conf ending will be loaded as +config files by the broker. Use this to make your local config. diff --git a/mosquitto-1.4.1_apparmor.patch b/mosquitto-1.4.1_apparmor.patch new file mode 100644 index 0000000..a495c87 --- /dev/null +++ b/mosquitto-1.4.1_apparmor.patch @@ -0,0 +1,26 @@ +Index: mosquitto-2.0.8/security/mosquitto.apparmor +=================================================================== +--- mosquitto-2.0.8.orig/security/mosquitto.apparmor ++++ mosquitto-2.0.8/security/mosquitto.apparmor +@@ -1,4 +1,6 @@ +-/usr/sbin/mosquitto { ++#include ++ ++profile mosquitto /usr/sbin/mosquitto { + #include + #include + +@@ -6,6 +8,7 @@ + /etc/mosquitto/mosquitto.conf r, + /etc/mosquitto/ca_certificates/* r, + /etc/mosquitto/certs/* r, ++ /etc/mosquitto/conf.d/ r, + /etc/mosquitto/conf.d/* r, + /var/lib/mosquitto/ r, + /var/lib/mosquitto/mosquitto.db rwk, +@@ -25,4 +28,5 @@ + /lib{,32,64}/libwrap.so* rm, + /etc/hosts.allow r, + /etc/hosts.deny r, ++ #include + } diff --git a/mosquitto-1.6.8-config.patch b/mosquitto-1.6.8-config.patch new file mode 100644 index 0000000..4e23976 --- /dev/null +++ b/mosquitto-1.6.8-config.patch @@ -0,0 +1,10 @@ +Index: mosquitto-2.0.8/mosquitto.conf +=================================================================== +--- mosquitto-2.0.8.orig/mosquitto.conf ++++ mosquitto-2.0.8/mosquitto.conf +@@ -871,4 +871,4 @@ + # alphabetical order, with capital letters ordered first. If this option is + # given multiple times, all of the files from the first instance will be + # processed before the next instance. See the man page for examples. +-#include_dir ++include_dir /etc/mosquitto/conf.d diff --git a/mosquitto-2.0.18.tar.gz b/mosquitto-2.0.18.tar.gz new file mode 100644 index 0000000..b0dd44a --- /dev/null +++ b/mosquitto-2.0.18.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d665fe7d0032881b1371a47f34169ee4edab67903b2cd2b4c083822823f4448a +size 796351 diff --git a/mosquitto-2.0.18.tar.gz.sig b/mosquitto-2.0.18.tar.gz.sig new file mode 100644 index 0000000..d31de76 --- /dev/null +++ b/mosquitto-2.0.18.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmUIwT4ACgkQd5si37Pn +F7cZfBAAp/pcUhCv3fguP2xroaQV1HC1Wl7KfEplF9cAkFnW893xgnSDo0qj8Mo2 +/DRekji8vZyoI3V2+S7QNFnbSjCsqfgnVSopHHOpm5xLWZ3xaQwo6FSfmgDEstIA +YP5YoAbaTI69MbIqE1YqWISx/v0azc8T4zVQI8fMIew3GU8yg1ajaGJRH6kpskdg +hzrxE97ET4pPEwEo1wVI/lx2QKXXMfDjhge97UH0XendlOJwpUdDVqFprKBctsKE +9zUGAdN6UvTkCBJs2kFfqmNA2ivrbaUQs3v8Hn3cizNMOV+tbm4AGhBJ+jZAgx4d +fp87+Pj4eiSs0o01gVsIUO4aQzwL2VM+ZNcRJHp/UZPEsaKlg6oS+nCceJg4N14V +ue6HHc56RULQ/MFTLmK1uHtp6mWGi9Gqj/nIBh7je/uI+DzMUUpboYazjhH7pkhz +KIQ07tDV/HJOKVupRc80qXp6z4mIlVH9eFvCWu6r1nRB053zv4Axvi/Br+Hygqe4 +0N/nxWFhl//xredL5eeh3U651WCjcgFazsboHqlDh/+aRMbAfPl22CoKr+4U5W5t +ThvlrHpYekUvbd1WEJSM+DiiDzB4gfSRB91npQlbtbTOlZpfzeUt+QNSbAFIKWBF +QPFCdddTFnDHd5bFFPjGqUdIzWbf9bSYn8QeNdcIRCkQLlmEZas= +=Ucew +-----END PGP SIGNATURE----- diff --git a/mosquitto-2.0.19.tar.gz b/mosquitto-2.0.19.tar.gz new file mode 100644 index 0000000..3cd7296 --- /dev/null +++ b/mosquitto-2.0.19.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:33af3637f119a61c509c01d2f8f6cc3d8be76f49e850132f2860af142abf82a9 +size 799267 diff --git a/mosquitto-2.0.19.tar.gz.sig b/mosquitto-2.0.19.tar.gz.sig new file mode 100644 index 0000000..7cc7fa5 --- /dev/null +++ b/mosquitto-2.0.19.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEoNbuodyuSaY1o7Lwd5si37PnF7cFAmb9G9UACgkQd5si37Pn +F7eXRBAAtGEkG2KC7oL0t//gvSCh2diDSTegd+TIZ0ctBErsDjj0PNLg9OKotIBh +bgPLJQWQDfMmEpT5nslU/DckFjKmabakY7oMDtiUSYjCcQUEITvbb7pgQxTDenAh +Ewe5PiKEmwf/9d/ggQdS/SgZ3ijLaw/ZdzpY+57A6OwcTCkdNDj2x4he+qK6jtsE +ab/TCahFiNUdFtTG2P5UR8NRgKsY3N3DzhQU5df19RDR2yf3VWwo1uSdRCImaoC2 +7cmLy3Z/CCKvK2rwVoShh4aVROtaHYfxlKGJG46ABxdFIfVg73inS/8n9wZPJz6u +sFzFo22eQprjxrUiJ8nihF3ZgKvLER9c2RpvXrEWx3gsu5PbJnnt9zfFIaiqnN87 +1zabxnvrFse+lFz92hv+5rh0SDfoYhrbvoonGxyzuoEdgN3dDypKx115aDw3Issu +dgs4gmw0WZQ9HsNOTqd4QVvfrPCim6RQXEPHLQY9AYufRvRrWa6JcovvIjlf0zm1 +zEUD8nwcv893FtqWawXWIqP3MUFLdBoNDPLWqAgP9i1rP6JzVGkVTh0Dgfc/UsuI +84GbdDFCQdUpXjIE8hK94oWiFrU3mDnttd/p4gw7cB7zgowTVcuEYIHthdo2/wOO +cazRCEIaE9tyv9ezs3ojQV5tJCiR+EoTJZT1OTez48B/XCTbRno= +=oe// +-----END PGP SIGNATURE----- diff --git a/mosquitto-user.conf b/mosquitto-user.conf new file mode 100644 index 0000000..08e688c --- /dev/null +++ b/mosquitto-user.conf @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u mosquitto - "MQTT Broker" /var/lib/mosquitto - diff --git a/mosquitto.changes b/mosquitto.changes new file mode 100644 index 0000000..1272f9f --- /dev/null +++ b/mosquitto.changes @@ -0,0 +1,1699 @@ +------------------------------------------------------------------- +Thu Oct 3 12:22:10 UTC 2024 - Martin Hauke + +- Update to version 2.0.19 + Security: + * Fix mismatched subscribe/unsubscribe with normal/shared topics. + * Fix crash on bridge using remapped topic being sent a crafted + packet. + Broker: + * Fix assert failure when loading a persistence file that + contains subscriptions with no client id. + * Fix local bridges being incorrectly expired when + persistent_client_expiration is in use. + * Fix use of CLOCK_BOOTTIME for getting time. + * Fix mismatched subscribe/unsubscribe with normal/shared topics. + * Fix crash on bridge using remapped topic being sent a crafted + packet. + Client library: + * Fix some error codes being converted to string as "unknown". + * Clear SSL error state to avoid spurious error reporting. + * Fix "payload format invalid" not being allowed as a PUBREC + reason code. + * Don't allow SUBACK with missing reason codes. + +------------------------------------------------------------------- +Thu Mar 21 12:20:58 UTC 2024 - Dirk Stoecker + +- Add Reload action to service + +------------------------------------------------------------------- +Sat Feb 3 19:15:47 UTC 2024 - Arjen de Korte + +- Use sysuser-tools to generate mosquitto user + +------------------------------------------------------------------- +Sat Dec 30 21:03:04 UTC 2023 - Dirk Müller + +- update to 2.0.18 (bsc#1214918, CVE-2023-28366, bsc#1215865, + CVE-2023-0809, bsc#1215864, CVE-2023-3592): + * Fix crash on subscribe under certain unlikely conditions. + * Fix mosquitto_rr not honouring `-R`. Closes #2893. + * Fix `max_queued_messages 0` stopping clients from receiving + messages. + * Fix `max_inflight_messages` not being set correctly. + * Fix `mosquitto_passwd -U` backup file creation. + * CVE-2023-28366: Fix memory leak in broker when clients send + multiple QoS 2 messages with the same message ID, but then + never respond to the PUBREC commands. + * CVE-2023-0809: Fix excessive memory being allocated based on + malicious initial packets that are not CONNECT packets. + * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT + packets with a will message that contains invalid property + types. + * Broker will now reject Will messages that attempt to publish + to $CONTROL/. + * Broker now validates usernames provided in a TLS certificate + or TLS-PSK identity are valid UTF-8. + * Fix potential crash when loading invalid persistence file. + * Library will no longer allow single level wildcard + certificates, e.g. *.com + * Fix $SYS messages being expired after 60 seconds and hence + unchanged values disappearing. + * Fix some retained topic memory not being cleared immediately + after used. + * Fix error handling related to the `bind_interface` option. + * Fix std* files not being redirected when daemonising, when + built with assertions removed. + * Fix default settings incorrectly allowing TLS v1.1. + * Use line buffered mode for stdout. + * Fix bridges with non-matching cleansession/local_cleansession + being expired on start after restoring from persistence + * Fix connections being limited to 2048 on Windows. The limit + is now 8192, where supported. + * Broker will log warnings if sensitive files are world + readable/writable, or if the owner/group is not the same as + the user/group the broker is running as. In future versions + the broker will refuse to open these files. + * mosquitto_memcmp_const is now more constant time. + * Only register with DLT if DLT logging is enabled. + * Fix any possible case where a json string might be + incorrectly loaded. This could have caused a crash if a + textname or textdescription field of a role was not a string, + when loading the dynsec config from file only. + * Dynsec plugin will not allow duplicate clients/groups/roles + when loading config from file, which matches the behaviour + for when creating them. + * Fix heap overflow when reading corrupt config with "log_dest + file". + * Use CLOCK_BOOTTIME when available, to keep track of time. + This solves the problem of the client OS sleeping and the + client hence not being able to calculate the actual time for + keepalive purposes. + * Fix default settings incorrectly allowing TLS v1.1. Closes + * Fix high CPU use on slow TLS connect. + * Fix incorrect topic-alias property value in mosquitto_sub + json output. + * Fix confusing message on TLS certificate verification. + * mosquitto_passwd uses mkstemp() for backup files. + * `mosquitto_ctrl dynsec init` will refuse to overwrite an + existing file, without a race-condition. + +------------------------------------------------------------------- +Mon Aug 22 21:15:33 UTC 2022 - Dirk Müller + +- update to 2.0.15: + * Deleting the group configured as the anonymous group in the Dynamic Security + plugin, would leave a dangling pointer that could lead to a single crash. + This is considered a minor issue - only administrative users should have + access to dynsec, the impact on availability is one-off, and there is no + associated loss of data. It is now forbidden to delete the group configured + as the anonymous group. + * Fix memory leak when a plugin modifies the topic of a message in + MOSQ_EVT_MESSAGE. + * Fix bridge `restart_timeout` not being honoured. + * Fix potential memory leaks if a plugin modifies the message in the + MOSQ_EVT_MESSAGE event. + * Fix unused flags in CONNECT command being forced to be 0, which is not + required for MQTT v3.1. Closes #2522. + * Improve documentation of `persistent_client_expiration` option. + Closes #2404. + * Add clients to session expiry check list when restarting and reloading from + persistence. Closes #2546. + * Fix bridges not sending failure notification messages to the local broker if + the remote bridge connection fails. Closes #2467. Closes #1488. + * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. + * Fix incorrect return code being sent in DISCONNECT when a client session is + taken over. Closes #2607. + * Fix confusing "out of memory" error when a client is kicked in the dynamic + security plugin. Closes #2525. + * Fix confusing error message when dynamic security config file was a + directory. Closes #2520. + * Fix bridge queued messages not being persisted when local_cleansession is + set to false and cleansession is set to true. Closes #2604. + * Dynamic security: Fix modifyClient and modifyGroup commands to not modify + the client/group if a new group/client being added is not valid. + * Dynamic security: Fix the plugin being able to be loaded twice. Currently + only a single plugin can interact with a unique $CONTROL topic. Using + multiple instances of the plugin would produce duplicate entries in the + config file. Closes #2601. Closes #2470. + * Fix case where expired messages were causing queued messages not to be + delivered. Closes #2609. + * Fix websockets not passing on the X-Forwarded-For header. + * Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl + ctx not being initialised until starting to connect. Closes #2537. + * Fix incorrect use of SSL_connect. Closes #2594. + * Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564. + * Add documentation of struct mosquitto_message to header. Closes #2561. + * Fix documentation omission around mosquitto_reinitialise. Closes #2489. + * Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with + MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463. + * Fix failure to close thread in some situations. Closes #2545. + * Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting. + * Fix `-o` not working in `mosquitto_ctrl`, and typo in related documentation. + +------------------------------------------------------------------- +Thu Nov 18 21:02:34 UTC 2021 - Martin Hauke + +- Update to version 2.0.14 + Broker: + * Fix bridge not respecting receive-maximum when reconnecting + with MQTT v5. + Client library: + * Fix mosquitto_topic_matches_sub2() not using the length + parameters. + * Fix incorrect subscribe_callback in mosquittopp.h. + +------------------------------------------------------------------- +Thu Oct 28 18:35:12 UTC 2021 - Martin Hauke + +- Update to version 2.0.13 + Broker: + * Fix `max_keepalive` option not being able to be set to 0. + * Fix LWT messages not being delivered if `per_listener_settings` + was set to true. + * Various fixes around inflight quota management. + * Fix problem parsing config files with Windows line endings. + * Don't send retained messages when a shared subscription is made + * Fix client id not showing in log on failed connections, where + possible. + * Fix broker sending duplicate CONNACK on failed MQTT v5 + reauthentication. + * Fix mosquitto_plugin.h not including mosquitto_broker.h. + Client library: + * Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` + to avoid closing invalid sockets in `mosquitto_destroy()` on + error. + Clients: + - Fix date format in mosquitto_sub output. + +------------------------------------------------------------------- +Wed Oct 6 14:18:36 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * mosquitto.service + +------------------------------------------------------------------- +Wed Sep 1 19:18:24 UTC 2021 - Martin Hauke + +- Update to version 2.0.12 + * Includes security fixes for + CVE-2021-34434 (bsc#1190048) and CVE-2020-13849 (bsc#1190101) + Security : + * An MQTT v5 client connecting with a large number of + user-property properties could cause excessive CPU usage, + leading to a loss of performance and possible denial of + service. This has been fixed. + * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 + connections. These clients are now rejected if their keepalive + value exceeds max_keepalive. This option allows CVE-2020-13849, + which is for the MQTT v3.1.1 protocol itself rather than an + implementation, to be addressed. + * Using certain listener related configuration options e.g. + `cafile`, that apply to the default listener without defining + any listener would cause a remotely accessible listener to be + opened that was not confined to the local machine but did have + anonymous access enabled, contrary to the documentation. + This has been fixed. Closes #2283. + * CVE-2021-34434: If a plugin had granted ACL subscription access + to a durable/non-clean-session client, then removed that + access,the client would keep its existing subscription. This + has been fixed. + * Incoming QoS 2 messages that had not completed the QoS flow + were not being checked for ACL access when a clean + session=False client was reconnecting. This has been fixed. + Broker: + * Fix possible out of bounds memory reads when reading a + corrupt/crafted configuration file. Unless your configuration + file is writable by untrusted users this is not a risk. + * Fix `max_connections` option not being correctly counted. + * Fix TLS certificates and TLS-PSK not being able to be + configured at the same time. + * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly + configured. + * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 + connections. These clients are now rejected if their keepalive + value exceeds max_keepalive. + * Fix broker not quiting if e.g. the `password_file` is specified + as a directory. Closes #2241. + * Fix listener mount_point not being removed on outgoing messages. + * Strict protocol compliance fixes, plus test suite. + * Fix $share subscriptions not being recovered for durable + clients that reconnect. + * Update plugin configuration documentation. Closes #2286. + Client library: + * If a client uses TLS-PSK then force the default cipher list to + use "PSK" ciphers only. This means that a client connecting to + a broker configured with x509 certificates only will now fail. + Prior to this, the client would connect successfully without# + verifying certificates, because they were not configured. + * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly + configured. + * Threaded mode is deconfigured when the mosquitto_loop_start() + thread ends, which allows mosquitto_loop_start() to be called + again. + * Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. + * Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in + use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were + set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default + value of true. + Apps: + * Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not + working. + Clients: + * Document TLS certificate behaviour when using `-p 8883`. + Build: + * Fix installation using WITH_TLS=no. Closes #2281. + * Fix builds with libressl 3.4.0. Closes #2198. + * Remove some unnecessary code guards related to libressl. + * Fix printf format build warning on MIPS. Closes #2271. + +------------------------------------------------------------------- +Wed Jun 9 19:10:49 UTC 2021 - Martin Hauke + +- Update to version 2.0.11 + Security: + * If a MQTT v5 client connects with a crafted CONNECT packet a + memory leak will occur. This has been fixed. + Broker: + * Fix possible crash having just upgraded from 1.6 if + `per_listener_settings true` is set, and a SIGHUP is sent to + the broker before a client has reconnected to the broker. + * Fix bridge not reconnectng if the first reconnection attempt + fails. + * Improve QoS 0 outgoing packet queueing. + * Fix QoS 0 messages not being queued when `queue_qos0_messages` + was enabled. + Clients: + * If sending mosquitto_sub output to a pipe, mosquitto_sub will + now detect that the pipe has closed and disconnect. + * Fix `mosquitto_pub -l` quitting if a message publication is + attempted when the broker is temporarily unavailable. +- Remove not longer needed patch: + * fix-undefined-symbols-in-plugins.patch (fixed upstream) + +------------------------------------------------------------------- +Tue Apr 6 18:58:02 UTC 2021 - Martin Hauke + +- Update to version 2.0.10 + Security: + * CVE-2021-28166: If an authenticated client connected with + MQTT v5 sent a malformed CONNACK message to the broker a NULL + pointer dereference occurred, most likely resulting in a + segfault. This will be updated with the CVE number when it is + assigned. + Affects versions 2.0.0 to 2.0.9 inclusive. + Broker: + * Don't over write new receive-maximum if a v5 client connects + and takes over an old session. + * Fix CVE-2021-28166. Closes #2163. + Clients: + * Set `receive-maximum` to not exceed the `-C` message count in + mosquitto_sub and mosquitto_rr, to avoid potentially lost + messages. + * Fix TLS-PSK mode not working with port 8883. + Client library: + * Fix possible socket leak. This would occur if a client was + using `mosquitto_loop_start()`, then if the connection failed + due to the remote server being inaccessible they called + `mosquitto_loop_stop(, true)` and recreated the mosquitto + object. + Build: + * A variety of minor build related fixes, like functions not + having previous declarations. + +------------------------------------------------------------------- +Fri Mar 12 14:13:54 UTC 2021 - Martin Hauke + +- Build with support for tcp-wrapper (-DUSE_LIBWRAP=ON) +- Update to version 2.0.9 + Security: + * If an empty or invalid CA file was provided to the client + library for verifying the remote broker, then the initialx + connection would fail but subsequent connections would succeed + without verifying the remote broker certificate. + * If an empty or invalid CA file was provided to the broker for + verifying the remote broker for an outgoing bridge connection + then the initial connection would fail but subsequent + connections would succeed without verifying the + remote broker certificate. + Broker: + * Fix encrypted bridge connections incorrectly connecting when + `bridge_cafile` is empty or invalid. + * Fix `tls_version` behaviour not matching documentation. It was + setting the exact TLS version to use, not the minimium TLS + version to use. + * Fix messages to `$` prefixed topics being rejected. + * Fix QoS 0 messages not being delivered when max_queued_bytes + was configured. + * Fix bridge increasing backoff calculation. + * Improve handling of invalid combinations of listener address + and bind interface configurations. + * Fix `max_keepalive` option not applying to clients connecting + with keepalive set to 0. + Client library: + * Fix encrypted connections incorrectly connecting when the CA + file passed to `mosquitto_tls_set()` is empty or invalid. + * Fix connections retrying very rapidly in some situations. + Build: + * Fix cmake epoll detection. + +------------------------------------------------------------------- +Thu Mar 11 12:27:06 UTC 2021 - Marcus Rueckert + +- Convert some of the BuildRequires from package names to + pkgconfig(): libcares, libcjson, libwebsockets + +------------------------------------------------------------------- +Thu Mar 11 12:25:55 UTC 2021 - Marcus Rueckert + +- Fix linking of modules: + - Add fix-undefined-symbols-in-plugins.patch + - revert old workaround of settings -DCMAKE_SHARED_LINKER_FLAGS= + +------------------------------------------------------------------- +Thu Mar 11 12:22:47 UTC 2021 - Marcus Rueckert + +- Update mosquitto-1.6.8-config.patch: + Set a short profilename for a cleaner ps aufxZ output +- Refreshed mosquitto-1.6.8-config.patch to apply cleanly again + +------------------------------------------------------------------- +Sun Feb 28 12:56:09 UTC 2021 - Martin Hauke + +- Update to version 2.0.8 + Broker: + * Fix incorrect datatypes in `struct mosquitto_evt_tick`. This + changes the size and offset of two of the members of this + struct, and changes the size of the struct. This is an ABI + break, but is considered to be acceptable because plugins + should never be allocating their own instance of this struct, + and currently none of the struct members are used for anything, + so a plugin should not be accessing them. It would also be + safe to read/write from the existing struct parameters. + * Give compile time warning if libwebsockets compiled without + external poll support. + Client library: + * Fix mosquitto_{pub|sub}_topic_check() functions not returning + MOSQ_ERR_INVAL on topic == NULL. + Clients: + * Fix possible loss of data in `mosquitto_pub -l` when sending + multiple long lines. + +------------------------------------------------------------------- +Sat Feb 6 21:36:22 UTC 2021 - Martin Hauke + +- Update to version 2.0.7 + Broker: + * Fix some minor memory leaks on exit only. + * Fix possible memory leak on connect. + * Fix openssl engine not being able to load private key. + Clients: + * Fix config files truncating options after the first space. + Build: + - Fix man page building to not absolutely require xsltproc when + using CMake. +- Update to version 2.0.6 + Broker: + * Fix calculation of remaining length parameter for websockets + clients that send fragmented packets. + Broker: + * Fix potential duplicate Will messages being sent when a will + delay interval has been set. + * Fix message expiry interval property not being honoured in + `mosquitto_broker_publish` and `mosquitto_broker_publish_copy`. + * Fix websockets listeners with TLS not responding. + * Improve logging in obscure cases when a client disconnects. + * Fix reloading of listeners where multiple listeners have been + defined with the same port but different bind addresses. + * Fix `message_size_limit` not applying to the Will payload. + * The error topic-alias-invalid was being sent if an MQTT v5 + client published a message with empty topic and topic alias + set, but the topic alias hadn't already been configured on + the broker. This has been fixed to send a protocol error, as + per section 3.3.4 of the specification. + * Note in the man pages that SIGHUP reloads TLS certificates. + Apps: + * Allow command line arguments to override config file options in + mosquitto_ctrl. + * mosquitto_ctrl: produce an error when requesting a new password + if both attempts do not match. + +------------------------------------------------------------------- +Tue Jan 12 07:45:11 UTC 2021 - Martin Hauke + +- Update to version 2.0.5 + Broker: + * Fix "auth_method" not being provided to the extended auth + plugin event. + * Fix large packets not being completely published to slow + clients. + * Fix bridge connection not relinquishing POLLOUT after messages + are sent. + * Fix apparmor incorrectly denying access to + /var/lib/mosquitto/mosquitto.db.new. + * Fix potential intermittent initial bridge connections when + using poll(). + * Fix "bind_interface" option. + * Fix invalid behaviour in dynsec plugin if a group or client is + deleted before a role that was attached to the group or client + is deleted. + * Improve logging in dynsec addGroupRole/addGroupClient commands. + Client library: + * Improve documentation around the "_v5()" and non-v5 functions, + e.g. `mosquitto_publish()` and `mosquitto_publish_v5(). + Build: + * "install" Makefile target should depend on "all", not + "mosquitto", to ensure that man pages are always built. + Apps: + * Disallow control characters in mosquitto_passwd usernames. + * Fix incorrect description in mosquitto_ctrl man page. + * Fix `mosquitto_ctrl dynsec getGroup` not showing roles. + +------------------------------------------------------------------- +Wed Dec 23 17:12:17 UTC 2020 - Martin Hauke + +- Update to version 2.0.4 + Broker: + * Fix $SYS/broker/publish/messages/+ counters not being updated + for QoS 1, 2 messages. + * mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() + should not reset the bind address option if called with + bind_address == NULL. + * Add more log messages for dynsec load/save error conditions. + Build: + * Fix man pages not being built when using CMake. +- Update to version 2.0.3 + Security: + * Running mosquitto_passwd with the following arguments only + `mosquitto_passwd -b password_file username password` would + cause the username to be used as the password. + Broker: + * Fix LWT not being sent on client takeover when the existing + session wasn't being continued. + * Fix bridges possibly not completing connections when WITH_ADNS + is in use. + * Fix QoS 0 messages not being delivered if max_queued_messages + was set to 0. + * Fix local bridges being disconnected on SIGHUP. + * Fix slow initial bridge connections for WITH_ADNS=no. + * Fix persistence_location not appending a '/'. + Clients: + * Fix mosquitto_sub being unable to terminate with Ctrl-C if a + successful connection is not made. + Apps: + * Fix `mosquitto_passwd -b` using username as password (not if + `-c` is also used). + Build: + * Fix `install` target when using WITH_CJSON=no. + +------------------------------------------------------------------- +Sat Dec 12 22:03:09 UTC 2020 - Martin Hauke + +- Update to version 2.0.2 + Broker: + * Fix DH group not being set for TLS connections, which meant + ciphers using DHE couldn't be used. + * Fix websockets listeners not causing the main loop not to + wake up. + Client library: + * Fix DH group not being set for TLS connections, which meant + ciphers using DHE couldn't be used. + Apps: + * Fix "mosquitto_passwd -U" + Build: + - Fix cjson include paths. + - Fix build using WITH_TLS=no when the openssl headers aren't + available. + - Distribute cmake/ and snap/ directories in tar. +- Drop patch: + * mosquitto-fix-cmake-cjson-detection.patch + +------------------------------------------------------------------- +Sat Dec 5 17:02:00 UTC 2020 - Martin Hauke + +- Update to version 2.0.0 + !!! Mosquitto 2.0 introduces a number of changes to the + behaviour of the broker. See the following document for details + https://mosquitto.org/documentation/migrating-to-2-0/ + Noteworthy changes + * Mosquitto is now more secure by default and requires users to + take an active decision in how they configure security on + their broker, instead of possibly relying on the older very + permissive behaviour, as well as dropping privileged access + more quickly + * A new plugin interface has been introduced which goes beyond + the existing authentication and access control plugin + interface to offer more plugin capabilities + * A new plugin has been introduced to provide client, group, + and role based authentication and access control. + * The broker performance has been improved, particularly for + higher numbers of clients + * A new utility, mosquitto_ctrl has been added for controlling + aspects of a running broker. + * Bridges now support MQTT v5. + * The mosquitto command line clients have received a variety + of small improvements. mosquitto_sub can now format its + output in fixed column widths, for example, and filter its + output randomly so you can keep an eye on the overall + behaviour of a topic without having to see every message, + for example. +- Add patch: + * mosquitto-fix-cmake-cjson-detection.patch + +------------------------------------------------------------------- +Wed Aug 19 19:29:23 UTC 2020 - Martin Hauke + +- Update to version 1.6.12 + Security: + * In some circumstances, Mosquitto could leak memory when + handling PUBLISH messages. This is limited to incoming QoS 2 + messages, and is related to the combination of the broker + having persistence enabled, a clean session=false client, + which was connected prior to the broker restarting, then has + reconnected and has now sent messages at a sufficiently high + rate that the incoming queue at the broker has filled up and + hence messages are being dropped. This is more likely to have + an effect where max_queued_messages is a small value. + This has now been fixed. Closes #1793. + Broker: + * Build warning fixes when building with WITH_BRIDGE=no and + WITH_TLS=no. + Clients: + * All clients exit with an error exit code on CONNACK failure. + * Don't busy loop with `mosquitto_pub -l` on a slow connection. + +------------------------------------------------------------------- +Tue Aug 11 16:05:16 UTC 2020 - Martin Hauke + +- Update to version 1.6.11 + Broker: + * Fix usage message only mentioning v3.1.1. + * Fix broker refusing to start if only websockets listeners + were defined. + * Change systemd unit files to create /var/log/mosquitto before + starting. + * Don't quit with an error if opening the log file isn't + possible. + * Fix bridge topic remapping when using "" as the topic. + * Fix messages being queued for disconnected bridges when clean + start was set to true. + * Fix `autosave_interval` not being triggered by messages being + delivered. + * Fix websockets clients sometimes not being disconnected + promptly. + * Fix "slow" file based logging by switching to line based + buffering. + * Log protocol error message where appropriate from a bad + UNSUBSCRIBE, rather than the generic "socket error". + * Don't try to start DLT logging if DLT unavailable, to avoid a + long delay when shutting down the broker. + * Fix potential memory leaks. + * Fix clients not receiving messages after a previous client + with the same client ID and positive will delay interval quit. + * Fix overly broad HAVE_PTHREAD_CANCEL compile guard. + Client library: + * Improved documentation around connect callback return codes. + * Fix `mosquitto_publish*()` no longer returning + `MOSQ_ERR_NO_CONN` when not connected. + * `mosquitto_loop_start()` now sets a thread name on Linux + +------------------------------------------------------------------- +Sun Aug 2 18:14:23 UTC 2020 - Martin Hauke + +- Lets always build with support for systemd and websockets and + drop all the related ifdef's. +- Run spec-cleaner. + +------------------------------------------------------------------- +Wed Jul 29 20:15:21 UTC 2020 - Martin Hauke + +- Fix for the apparmor profile to properly allow reading files + from /etc/mosquitto/conf.d/ + +------------------------------------------------------------------- +Tue May 26 06:36:17 UTC 2020 - Martin Hauke + +- Update to version 1.6.10 + Broker: + * Report invalid bridge prefix+pattern combinations at config + parsing time rather than letting the bridge fail later. + * Fix `mosquitto_passwd -b` not updating passwords for existing + users correctly. Creating a new user with `-b` worked without + problem. + * Fix memory leak when connecting clients rejected. + * Don't disconnect clients that are already disconnected. This + prevents the session expiry being extended on SIGHUP. + * Fix support for openssl 3.0. + * Fix check when loading persistence file of a different version + than the native version. + * Fix possible assert crash associated with bridge reconnecting + when compiled without epoll support. + Client library: + * Don't treat an unexpected PUBACK, PUBREL, or PUBCOMP as a + fatal error. + * Fix support for openssl 3.0. + * Fix memory leaks from multiple calls to + `mosquitto_lib_init()`/`mosquitto_lib_cleanup()`. + * Fix documentation on return code of `mosquitto_lib_init()` + for Windows. + Clients: + * Fix mosquitto_sub %j or %J not working on Windows. + Build: + * Various fixes for building with + +- Update to version 1.6.9 + Broker: + * Fix session expiry with very large expiry intervals. + * Check ACL patterns for validity when loading. + * Use presence of password file as indicator for whether username + checks should take place, not whether usernames are defined in + the password file. + * Strip whitespace from end of config file string options. + * Satisfy valgrind when exiting on error due to not being able + to open a listening socket, by calling freeaddrinfo. + * Fix config->user not being freed on exit. + * Fix trailing whitespace not being trimmed on acl users. + * Fix `bind_interface` not working for the default listener. + * Improve password file parsing in the broker and mosqitto_passwd. + * Print OpenSSL errors in more situations, like when loading + certificates fails. + * Fix `mosquitto_client_protocol() returning incorrect values. + Client library: + * Set minimum keepalive argument to `mosquitto_connect*()` to be + 5 seconds. + * Fix `mosquitto_topic_matches_sub()` not returning + MOSQ_ERR_INVAL if the topic contains a wildcard. + Clients: + * Fix `--remove-retained` not obeying the `-T` option for + filtering out topics. + * Default behaviour for v5 clients using `-c` is now to use + infinite length sessions, as with v3 clients. + +------------------------------------------------------------------- +Wed Jan 22 22:03:28 UTC 2020 - James Oakley + +- Update apparmor profile to allow open of /etc/mosquitto/conf.d +- Update default config to include files under /etc/mosquitto/conf.d + per the README in the directory +- Add patch: + * mosquitto-1.6.8-config.patch + +------------------------------------------------------------------- +Fri Nov 29 18:34:49 UTC 2019 - Martin Hauke + +- Update to version 1.6.8 + Broker: + * Various fixes for `allow_zero_length_clientid` config, where + this option was not being set correctly. + * Fix incorrect memory tracking causing problems with + memory_limit option. + * Fix subscription topics being limited to 200 characters instead + of 200 hierarchy levels. + * Only a single CRL could be loaded at once. This has been fixed. + * Fix problems with reloading config when `per_listener_settings` + was true. + * Fix retained messages with an expiry interval not being expired + after being restored from persistence. + * Fix messages with an expiry interval being sent without an + expiry interval property just before they were expired. + * Fix TLS Websockets clients not receiving messages after taking + over a previous connection. + * Fix MQTT 3.1.1 clients using clean session false, or MQTT 5.0 + clients using session-expiry-interval set to infinity never + expiring, even when the global `persistent_client_expiration` + option was set. + Client library: + * Fix publish properties not being passed to on_message_v5 + callback for QoS 2 messages. + * Fix documentation issues in mosquitto.h. + * Document `mosquitto_connect_srv()`. + Clients: + * Fix duplicate cfg definition in rr_client. + * Fix `mosquitto_pub -l` hang when stdin stream ends. + * Fix `mosquitto_pub -l` not sending the final line of stdin if + it does not end with a new line. + * Make documentation for `mosquitto_pub -l` match reality - blank + lines are sent as empty messages. + * Free memory in `mosquitto_sub` when quiting without having made + a successful connection. +- Drop patch: + * mosquitto-fix-pkgconf-path.patch (fixed upstream) + +------------------------------------------------------------------- +Wed Sep 25 20:42:16 UTC 2019 - Martin Hauke + +- Update to version 1.6.7 + Broker: + * Add workaround for working with libwebsockets 3.2.0. + * Fix potential crash when reloading config. + Client library: + * Don't use `/` in autogenerated client ids, to avoid confusing + with topics. + * Fix `mosquitto_max_inflight_messages_set()` and + `mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...)` behaviour. + * Fix regression on use of `mosquitto_connect_async()` not working. + Clients: + * mosquitto_sub: Fix `-E` incorrectly not working unless `-d` was + also specified. + * Updated documentation around automatic client ids. + +------------------------------------------------------------------- +Sat Sep 21 14:38:08 UTC 2019 - Martin Hauke + +- Update to version 1.6.5 + Fix CVE-2019-11779: + * In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT + client sends a SUBSCRIBE packet containing a topic that consists + of approximately 65400 or more '/' characters, i.e. the topic + hierarchy separator, then a stack overflow will occur. + Broker: + * Fix v5 DISCONNECT packets with remaining length == 2 being + treated as a protocol error. + * Fix support for libwebsockets 3.x. + * Fix slow websockets performance when sending large messages. + * Fix clients authorised using `use_identity_as_username` or + `use_subject_as_username` being disconnected on SIGHUP. + * Improve error messages in some situations when clients disconnect. + Reduces the number of "Socket error on client X, disconnecting" + messages. + * Fix Will for v5 clients not being sent if will delay interval was + greater than the session expiry interval. + * Fix CRL file not being reloaded on HUP. + Client library: + * Fix reconnect backoff for the situation where connections are + dropped rather than refused. + * Fix missing locks on `mosq->state`. + +- Update to version 1.6.4 + Fix CVE-2019-11778: + * If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 + to 1.6.4 inclusive, sets a last will and testament, sets a will + delay interval, sets a session expiry interval, and the will delay + interval is set longer than the session expiry interval, then a + use after free error occurs, which has the potential to cause a + crash in some situations. + Broker: + * Fix incoming QoS 2 messages being blocked when + `max_inflight_messages` was set to 1. + * Fix incoming messages not being removed for a client if the topic + being published to does not have any subscribers. + Client library: + * Fix MQTT v5 subscription options being incorrectly set for + MQTT v3 subscriptions. + * Make behaviour of `mosquitto_connect_async()` consistent with + `mosquitto_connect()` when connecting to a non-existent server. + * `mosquitto_string_option(mosq, MOSQ_OPT_TLS_KEYFORM, ...)` was + incorrectly returning `MOSQ_ERR_INVAL` with valid input. This has + been fixed. + * on_connect callback is now called with the correct v5 reason code + if a v5 client connects to a v3.x broker and is sent a CONNACK with + the "unacceptable protocol version" connack reason code. + * Fix memory leak when setting v5 properties in mosquitto_connect_v5(). + * Fix properties not being sent on QoS>0 PUBLISH messages. + Clients: + * mosquitto_pub: fix error codes not being returned when + mosquitto_pub exits. + * All clients: improve error messages when connecting to a v3.x broker + when in v5 mode. + Other: + - Various documentation fixes. + +- Update to version 1.6.3 + Broker: + * Fix detection of incoming v3.1/v3.1.1 bridges. + * Fix default max_topic_alias listener config not being copied to + the in-use listener when compiled without TLS support. + * Fix random number generation if compiling using `WITH_TLS=no` and + on Linux with glibc >= 2.25. Without this fix, no random numbers + would be generated for e.g. on broker client id generation, and so + clients connecting expecting this feature would be unable to connect. + * Fix compilation problem related to `getrandom()` on non-glibc systems. + * Fix Will message for a persistent client incorrectly being sent when the + client reconnects after a clean disconnect. + - Fix Will message for a persistent client not being sent on disconnect. + * Improve documentation around the upgrading of persistence files. + * Add 'extern "C"' on mosquitto_broker.h and mosquitto_plugin.h for + C++ plugin writing. + * Fix persistent Websockets clients not receiving messages after they + reconnect, having sent DISCONNECT on a previous session + * Disable TLS renegotiation. Client initiated renegotiation is considered to + be a potential attack vector against servers. + * Fix incorrect shared subscription topic '$shared'. + * Fix zero length client ids being rejected for MQTT v5 clients with clean + start set to true. + * Fix MQTT v5 overlapping subscription behaviour. Clients now receive message + from all matching subscriptions rather than the first one encountered, which + ensures the maximum QoS requirement is met. + * Fix incoming/outgoing quota problems for QoS>0. + * Remove obsolete `store_clean_interval` from documentation. + * Fix v4 authentication plugin never calling psk_key_get. + Clients: + * Fix -L url parsing when `/topic` part is missing. + * Stop some error messages being printed even when `--quiet` was used. + * Fix mosquitto_pub exiting with error code 0 when an error occurred. + * Fix mosquitto_pub not using the `-c` option. + * Fix MQTT v5 clients not being able to specify a password without a + username. + * Fix `mosquitto_pub -l` not handling network failures. + * Fix `mosquitto_pub -l` not handling zero length input. + * Fix double free on exit in mosquitto_pub. + +- Update to version 1.6.2 + Broker: + * Fix memory access after free, leading to possible crash, when v5 + client with Will message disconnects, where the Will message has + as its first property one of `content-type`, `correlation-data`, + `payload-format-indicator`, or `response-topic`. + * Fix Will message not allowing user-property properties. + * Fix broker originated messages (e.g. $SYS/broker/version) not being + published when `check_retain_source` set to true. + * Fix $SYS/broker/version being incorrectly expired after 60 seconds. + Library: + * Fix crash after client has been unable to connect to a broker. This + occurs when the client is exiting and is part of the final library + cleanup routine. + Clients: + - Fix -L url parsing. + +- Update to version 1.6.1 + Broker: + * Document `memory_limit` option. + Clients: + * Fix compilation on non glibc systems due to missing sys/time.h + header. + +- Add patch: + * mosquitto-fix-pkgconf-path.patch + +------------------------------------------------------------------- +Thu Jul 11 05:41:41 UTC 2019 - Antoine Belvire + +- Remove SuSEfirewall2 service since SuSEfirewall2 has been + replaced by firewalld (which already provides a mqtt service). + +------------------------------------------------------------------- +Thu Apr 18 08:47:30 UTC 2019 - Martin Hauke + +- Update to version 1.6.0 + Broker features + * Add support for MQTT v5 + * Add support for OCSP stapling. + * Add support for ALPN on bridge TLS connections. + * Add support for Automotive DLT logging. + * Add TLS Engine support. + * Persistence file read/write performance improvements. + * General performance improvements. + * Add max_keepalive option, to allow a maximum keepalive value to + be set for MQTT v5 clients only. + * Add bind_interface option which allows a listener to be bound to + a specific network interface, in a similar fashion to the + bind_address option. Linux only. + * Add improved bridge restart interval based on Decorrelated Jitter. + * Add dhparamfile option, to allow DH parameters to be loaded for + Ephemeral DH support + * Disallow writing to $ topics where appropriate. + * Add explicit support for TLS v1.3. + * Drop support for TLS v1.0. + * Improved general support for broker generated client ids. + Removed libuuid dependency. + * auto_id_prefix now defaults to 'auto-'. + * QoS 1 and 2 flow control improvements. + Client library features + * Add support for MQTT v5 + * Add mosquitto_subscribe_multiple() for sending subscriptions to + multiple topics in one command. + * Add TLS Engine support. + * Add explicit support for TLS v1.3. + * Drop support for TLS v1.0. + * QoS 1 and 2 flow control improvements. + Client features + * Add support for MQTT v5 + * Add mosquitto_rr client, which can be used for "request-response" + messaging, by sending a request message and awaiting a response. + * Add TLS Engine support. + * Add support for ALPN on TLS connections. + * Add -D option for all clients to specify MQTT v5 properties. + * Add -E to mosquitto_sub, which causes it to exit immediately after + having its subscriptions acknowledged. Use with -c to create a + durable client session without requiring a message to be received. + * Add --remove-retained to mosquitto_sub, which can be used to clear + retained messages on a broker. + * Add --repeat and --repeat-delay to mosquitto_pub, which can be + used to repeat single message publishes at a regular interval. + * -V now accepts 5, 311, 31, as well as mqttv5 etc. + * Add explicit support for TLS v1.3. + * Drop support for TLS v1.0. + Broker fixes + * Improve error reporting when creating listeners. + * Fix mosquitto_passwd crashing on corrupt password file. + * Fix build on SmartOS due to missing IPV6_V6ONLY. + Client library fixes + * Add missing mosquitto_userdata() function. + Client fixes + * mosquitto_pub wouldn't always publish all messages when using -l + and QoS>0. This has been fixed. + * mosquitto_sub was incorrectly encoding special characters when + using %j output format. + +------------------------------------------------------------------- +Thu Feb 28 23:09:37 UTC 2019 - Martin Hauke + +- Update to version 1.5.8 + Broker: + * Fix clients being disconnected when ACLs are in use. This only + affects the case where a client connects using a username, and + the anonymous ACL list is defined but specific user ACLs are + not defined. + * Fix delayed bridge local subscriptions causing missing messages. + Library: + * Use higher resolution timer for random initialisation of client + id generation. + * Fix some Coverity Scan reported errors that could occur when the + library was already quitting. + +------------------------------------------------------------------- +Mon Feb 18 19:58:45 UTC 2019 - Martin Hauke + +- Use HTTPS for all URLs +- Verify source signature + +------------------------------------------------------------------- +Thu Feb 14 09:51:33 UTC 2019 - Martin Hauke + +- Update to version 1.5.7 + Broker: + - Ensure that an error occurs if `per_listener_settings true` is + given after other security options. + - Fix case where old unreferenced msg_store messages were being + saved to the persistence file, bloating its size unnecessarily. + Library: + - Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL + for invalid subscriptions like `topic/#abc`. This only affects + the return value, not the match/no match result, which was + already correct. + +------------------------------------------------------------------- +Wed Feb 13 21:14:36 UTC 2019 - Martin Hauke + +- Update to version 1.5.6 + Security: + * Fix CVE-2018-12551 (bsc#1125021): If Mosquitto is configured to + use a password file for authentication, any malformed data in + the password file will be treated as valid. This typically means + that the malformed data becomes a username and no password. + If this occurs, clients can circumvent authentication and get + access to the broker by using the malformed username. In + particular, a blank line will be treated as a valid empty username. + Other security measures are unaffected. Users who have only used + the mosquitto_passwd utility to create and modify their password + files are unaffected by this vulnerability. + * Fix CVE-2018-12550 (bsc#1125021): If an ACL file is empty, or + has only blank lines or comments, then mosquitto treats the ACL + file as not being defined, which means that no topic access is + denied. Although denying access to all topics is not a useful + configuration, this behaviour is unexpected and could lead + to access being incorrectly granted in some circumstances. This + is now fixed. + * Fix CVE-2018-12546 (bsc#1125019): If a client publishes a retained + message to a topic that they have access to, and then their access + to that topic is revoked, the retained message will still be + delivered to future subscribers. This behaviour may be undesirable + in some applications, so a configuration option `check_retain_source` + has been introduced to enforce checking of the retained message + source on publish. + Broker: + * Fixed comment handling for config options that have optional + arguments. + * Improved documentation around bridge topic remapping. + * Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 + reply) properly. + * Fix spaces not being allowed in the bridge remote_username + option. + * Allow broker to always restart on Windows when using + `log_dest file`. + * Fix Will not being sent for Websockets clients. + * Windows: Fix possible crash when client disconnects. + * Fixed durable clients being unable to receive messages when + offline, when per_listener_settings was set to true. + * Add log message for the case where a client is disconnected for + sending a topic with invalid UTF-8. + Library: + * Fix TLS connections not working over SOCKS. + * Don't clear SSL context when TLS connection is closed, meaning + if a user provided an external SSL_CTX they have less chance of + leaking references. + +------------------------------------------------------------------- +Mon Dec 17 20:15:50 UTC 2018 - mardnh@gmx.de + +- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536) +- Update to version 1.5.5 + Security: + * If `per_listener_settings` is set to true, then the `acl_file` setting was + ignored for the "default listener" only. This has been fixed. This does not + affect any listeners defined with the `listener` option. + Broker: + * Add `socket_domain` option to allow listeners to disable IPv6 support. + This is required to work around a problem in libwebsockets that means + sockets only listen on IPv6 by default if IPv6 support is compiled in. + * When using ADNS, don't ask for all network protocols when connecting, + because this can lead to confusing "Protocol not supported" errors if the + network is down. + * Fix outgoing retained messages not being sent by bridges on initial + connection. + * Don't reload auth_opt_ options on reload, to match the behaviour of the + other plugin options. + * Print message on error when installing/uninstalling as a Windows service. + * All non-error connect/disconnect messages are controlled by the + `connection_messages` option. + Library: + * Fix reconnect delay backoff behaviour. + * Don't call on_disconnect() twice if keepalive tests fail. + Client: + * Always print leading zeros in mosquitto_sub when output format is hex. + Build: + * Fix building where TLS-PSK is not available. + +- Update to version 1.5.4 + Security: + * When using a TLS enabled websockets listener with "require_certificate" + enabled, the mosquitto broker does not correctly verify client certificates. + This is now fixed. All other security measures operate as expected, and in + particular non-websockets listeners are not affected by this. + Broker: + * Process all pending messages even when a client has disconnected. This means + a client that send a PUBLISH then DISCONNECT quickly, then disconnects will + have its DISCONNECT message processed properly and so no Will will be sent. + * $SYS/broker/clients/disconnected should never be negative. + * Give better error message if a client sends a password without a username. + * Fix bridge not honoring restart_timeout. + * Don't disconnect a client if an auth plugin denies access to SUBSCRIBE. + Library: + * Fix memory leak that occurred if mosquitto_reconnect() was used when TLS + errors were present. + * Fix TLS connections when using an external event loop with + mosquitto_loop_read() and mosquitto_write(). + Build: + * Fix clients not being compiled with threading support when using CMake. + * Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage. + +------------------------------------------------------------------- +Thu Oct 25 18:06:26 UTC 2018 - mardnh@gmx.de + +- Update to version 1.5.3 + Security: + * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that + begins with $, but is not $SYS, then an assert that should be unreachable is + triggered and Mosquitto will exit. + Broker: + * Elevate log level to warning for situation when socket limit is hit. + * Fix retained messages not sent by bridges on outgoing topics at the first + connection. + * Fix duplicate clients being added to by_id hash before the old client was + removed. + +- Update to version 1.5.2 + Broker: + * Fix incorrect call to setsockopt() for TCP_NODELAY. + * Fix excessive CPU usage when the number of sockets exceeds the system limit. + * Fix round_robin false behaviour. + * Fix segfault on HUP when bridges and security options are configured. + Library: + * Fix situation where username and password is used with SOCKS5 proxy. + * Fix SOCKS5 behaviour when passing IP addresses. + +------------------------------------------------------------------- +Sun Aug 19 16:38:42 UTC 2018 - mardnh@gmx.de + +- Update to version 1.5.1 + Broker: + * Fix plugin cleanup function not being called on exit of the broker. + * Print more OpenSSL errors when loading certificates/keys fail. + * Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. + * Remove use of AI_ADDRCONFIG, which means the broker can be used on systems + where only the loopback interface is defined. + * Fix IPv6 addresses not being able to be used as bridge addresses. + * All clients now time out if they exceed their keepalive*1.5, rather than + just reach it. This was inconsistent in two places. + * Fix segfault on startup if bridge CA certificates could not be read. + * Fix problem opening listeners on Pi caused by unsigned char being default. + * ACL patterns that do not contain either %c or %u now produce a warning in + the log. + * Fix bridge publishing failing when per_listener_settings was true. + * Fix `use_identity_as_username true` not working. + * Fix UNSUBACK messages not being logged. + * Fix possible endian issue when reading the `memory_limit` option. + * Fix building for libwebsockets < 1.6. + * Fix accessor functions for username and client id when used in plugin auth + check. + + Library: + * Fix some places where return codes were incorrect, including to the + on_disconnect() callback. This has resulted in two new error codes, + MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP. + * Fix connection problems when mosquitto_loop_start() was called before + mosquitto_connect_async(). + + Clients: + * When compiled using WITH_TLS=no, the default port was incorrectly being set + to -1. This has been fixed. + * Fix compiling on Mac OS X <10.12. + + Build: + * Fixes for building on NetBSD. + * Fixes for building on FreeBSD. + * Add support for compiling with static libwebsockets library. + +------------------------------------------------------------------- +Thu May 3 18:47:04 UTC 2018 - mardnh@gmx.de + +- Update to version 1.5 + Security: + * Fix memory leak that could be caused by a malicious CONNECT packet. This + does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) + + Broker features: + * Add per_listener_settings to allow authentication and access control to be + per listener. + * Add limited support for reloading listener settings. This allows settings + for an already defined listener to be reloaded, but port numbers must not be + changed. + * Add ability to deny access to SUBSCRIBE messages as well as the current + read/write accesses. Currently for auth plugins only. + * Reduce calls to malloc through the use of UHPA. + * Outgoing messages with QoS>1 are no longer retried after a timeout period. + Messages will be retried when a client reconnects. This change in behaviour + can be justified by considering when the timeout may have occurred. + + If a connection is unreliable and has dropped, but without one end + noticing, the messages will be retried on reconnection. Sending + additional PUBLISH or PUBREL would not have changed anything. + + If a client is overloaded/unable to respond/has a slow connection then + sending additional PUBLISH or PUBREL would not help the client catch + up. Once the backlog has cleared the client will respond. If it is not + able to catch up, sending additional duplicates would not help either. + * Add use_subject_as_username option for certificate based client + authentication to use the entire certificate subject as a username, rather + than just the CN. Closes #469467. + * Change sys tree printing output. This format shouldn't be relied upon and + may change at any time. Closes #470246. + * Minimum supported libwebsockets version is now 1.3. + * Add systemd startup notification and services. Closes #471053. + * Reduce unnecessary malloc and memcpy when receiving a message and storing + it. Closes #470258. + * Support for Windows XP has been dropped. + * Bridge connections now default to using MQTT v3.1.1. + * mosquitto_db_dump tool can now output some stats on clients. + * Perform utf-8 validation on incoming will, subscription and unsubscription + topics. + * new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored) + * new $SYS/broker/store/messages/bytes + * max_queued_bytes feature to limit queues by real size rather than + than just message count. Closes Eclipse #452919 or Github #100 + * Add support for bridges to be configured to only send notifications to the + local broker. + * Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on + client sockets. Closes #433. + * The behaviour of allow_anonymous has changed. In the old behaviour, the + default if not set was to allow anonymous access. The new behaviour is to + default is to allow anonymous access unless another security option is set. + For example, if password_file is set and allow_anonymous is not set, then + anonymous access will be denied. It is still possible to allow anonymous + access by setting it explicitly. + Broker fixes: + * Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665. + * Produce an error if two bridges share the same local_clientid. + * Miscellaneous fixes on Windows. + * queue_qos0_messages was not observing max_queued_** limits + * When using the include_dir configuration option sort the files + alphabetically before loading them. Closes #17. + * IPv6 is no longer disabled for websockets listeners. + * Remove all build timestamp information including $SYS/broker/timestamp. + Close #651. + * Correctly handle incoming strings that contain a NULL byte. Closes #693. + * Use constant time memcmp for password comparisons. + * Fix incorrect PSK key being used if it had leading zeroes. + * Fix memory leak if a client provided a username/password for a listener with + use_identity_as_username configured. + * Fix use_identity_as_username not working on websockets clients. + * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on + a websockets client. Closes #490. + * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. + * Lines in the config file are no longer limited to 1024 characters long. + Closes #652. + * Fix $SYS counters of messages and bytes sent when message is sent over + a Websockets. Closes #250. + * Fix upgrade_outgoing_qos for retained message. Closes #534. + * Fix CONNACK message not being sent for unauthorised connect on websockets. + Closes #8. + * Maximum connections on Windows increased to 2048. + * When a client with an in-use client-id connects, if the old client has a + will, send the will message. Closes #26. + * Fix parsing of configuration options that end with a space. Closes #804. + + Client library features: + * Outgoing messages with QoS>1 are no longer retried after a timeout period. + Messages will be retried when a client reconnects. + * DNS-SRV support is now disabled by default. + * Add mosquitto_subscribe_simple() This is a helper function to make + retrieving messages from a broker very straightforward. Examples of its use + are in examples/subscribe_simple. + * Add mosquitto_subscribe_callback() This is a helper function to make + processing messages from a broker very straightforward. An example of its use + is in examples/subscribe_simple. + * Connections now default to using MQTT v3.1.1. + * Add mosquitto_validate_utf8() to check whether a string is valid UTF-8 + according to the UTF-8 spec and to the additional restrictions imposed by + the MQTT spec. + * Topic inputs are checked for UTF-8 validity. + * Add mosquitto_userdata function to allow retrieving the client userdata + member variable. Closes #111. + * Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and + mosquitto_topic_matches_sub2() which are identical to the similarly named + functions but also take length arguments. + * Add mosquitto_connect_with_flags_callback_set(), which allows a second + connect callback to be used which also exposes the connect flags parameter. + Closes #738 and #128. + * Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used + instead of the one generated by libmosquitto. This allows greater control + over what options can be set. Closes #715. + * Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have + the default libmosquitto SSL_CTX configuration applied to the user provided + SSL_CTX. Closes #567. + + Client library fixes: + * Fix incorrect PSK key being used if it had leading zeroes. + * Initialise "result" variable as soon as possible in + mosquitto_topic_matches_sub. Closes #654. + * No need to close socket again if setting non-blocking failed. Closes #649. + * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against + foo/+/#. Closes #670. + * SNI host support added. + + Client features: + * Add -F to mosquitto_sub to allow the user to choose the output format. + * Add -U to mosquitto_sub for unsubscribing from topics. + * Add -c (clean session) to mosquitto_pub. + * Add --retained-only to mosquitto_sub to exit after receiving all retained + messages. + * Add -W to allow mosquitto_sub to stop processing incoming messages after a + timeout. + * Connections now default to using MQTT v3.1.1. + * Default to using port 8883 when using TLS. + * mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the + connection was refused. + + Client fixes: + * Correctly handle empty files with "mosquitto_pub -l". Closes #676. + + Build: + * Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip + executables and shared libraries when installing. + * Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will + build and install static versions of the client libraries. + * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. + * Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are + no longer supported by openssl. + + Documentation: + * Replace mentions of deprecated 'c_rehash' with 'openssl rehash'. + +- Remove patch: + * mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch (not longer needed) +- Support for tcp-wrapper is broken atm, disable for now + + +------------------------------------------------------------------- +Thu Mar 1 14:37:54 UTC 2018 - mardnh@gmx.de + +- Update to version 1.4.15 + Security: + * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more + file descriptors, then opening the configuration file will fail and security + settings will be set back to their default values. + * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by + setting "remaining length" to be a large value. This is now mitigated by + limiting the size of remaining length to valid values. A "memory_limit" + configuration option has also been added to allow the overall memory used by + the broker to be limited. + + Broker: + * Use constant time memcmp for password comparisons. + * Fix incorrect PSK key being used if it had leading zeroes. + * Fix memory leak if a client provided a username/password for a listener with + use_identity_as_username configured. + * Fix use_identity_as_username not working on websockets clients. + * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on + a websockets client. Closes #490. + * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. + * Lines in the config file are no longer limited to 1024 characters long. + Closes #652. + * Fix $SYS counters of messages and bytes sent when message is sent over + a Websockets. Closes #250. + * Fix upgrade_outgoing_qos for retained message. Closes #534. + * Fix CONNACK message not being sent for unauthorised connect on websockets. + Closes #8. + + Client library: + * Fix incorrect PSK key being used if it had leading zeroes. + * Initialise "result" variable as soon as possible in + mosquitto_topic_matches_sub. Closes #654. + * No need to close socket again if setting non-blocking failed. Closes #649. + * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against + foo/+/#. Closes #670. + + Clients: + * Correctly handle empty files with "mosquitto_pub -l". Closes #676. + + Build: + * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. +------------------------------------------------------------------- +Mon Oct 2 10:57:39 UTC 2017 - mardnh@gmx.de + +- Update to 1.4.14 + * Broker: + - Fix regression from 1.4.13 where persistence data was not + being saved. + +------------------------------------------------------------------- +Thu Sep 7 12:13:21 UTC 2017 - jengelh@inai.de + +- Fix incorrect RPM groups. +- Remove repeated license declaration from description. + Trim package descriptions for size. +- Errors from user creation must not be ignored. + +------------------------------------------------------------------- +Fri Jul 7 18:33:53 UTC 2017 - antoine.belvire@opensuse.org + +- Add mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch: Determine build + timestamp from latest revision of .changes file in order to make + the build reproducible and avoid useless republishing. + +------------------------------------------------------------------- +Wed Jul 5 20:35:17 UTC 2017 - mardnh@gmx.de + +- Update to 1.4.13 + * Security: + - Fix CVE-2017-9868. The persistence file was readable + by all local users, potentially allowing sensitive + information to be leaked. + This can also be fixed administratively, by restricting + access to the directory in which the persistence file + is stored. + + * Broker: + - Fix for poor websockets performance. + - Fix lazy bridges not timing out for idle_timeout. + - Fix problems with large retained messages over websockets. + - Set persistence file to only be readable by owner, + except on Windows. + - Fix CONNECT check for reserved=0, as per MQTT v3.1.1 + check MQTT-3.1.2-3. + - When the broker stop, wills for any connected clients + are now "sent". + - Auth plugins can be configured to disable the check for +# in + usernames/client ids with the auth_plugin_deny_special_chars + option. Partially closes #462. + - Restrictions for CVE-2017-7650 have been relaxed - '/' is + allowed in usernames/client ids. Remainder of fix for #462. + + Clients: + - Don't use / in auto-generated client ids. + +------------------------------------------------------------------- +Mon May 29 20:19:58 UTC 2017 - mardnh@gmx.de + +- Update to 1.4.12 + * Security: + - Fix CVE-2017-7650, which allows clients with username or + client id set to '#' or '+' to bypass pattern based ACLs or + third party plugins. The fix denies message sending or + receiving of messages for clients with a '#' or '+' in their + username or client id and if the message is subject to a + pattern ACL check or plugin check. + * Broker: + - Fix mosquitto.db from becoming corrupted due to client + messages being + persisted with no stored message. Closes #424. + - Fix bridge not restarting properly. Closes #428. + - Fix unitialized memory in gets_quiet on Windows. Closes #426. + - Fix building with WITH_ADNS=no for systems that don't use + glibc. Closes #415. + - Fixes to readme.md. + - Fix deprecation warning for OpenSSL 1.1. PR #416. + - Don't segfault on duplicate bridge names. Closes #446. + - Fix CVE-2017-7650. + +------------------------------------------------------------------- +Sun Mar 19 20:27:12 UTC 2017 - mrueckert@suse.de + +- update to 1.4.11 + - Broker: + - Fix crash when "lazy" type bridge attempts to reconnect. + Closes #259. + - maximum_connections now applies to websockets listeners. + Closes #271. + - Allow bridges to use TLS with IPv6. + - Don't error on zero length persistence files. Closes #316. + - For http only websockets clients, close files served over + http in all cases when the client disconnects. Closes #354. + - Fix error message when websockets http_dir directory does not + exist. + - Improve password utility error message. Closes #379. + - Clients: + - Use of --ciphers no longer requires you to also pass + --tls-version. Closes #380. + - Client library: + - Clients can now use TLS with IPv6. + - Fix potential socket leakage when reconnecting. Closes #304. + - Fix potential negative timeout being passed to pselect. + Closes #329. +- update 1.4.10 + - Broker: + - Fix TLS operation with websockets listeners and libwebsockts + 2.x. Closes #186. + - Don't disconnect client on HUP before reading the pending + data. Closes #7. + - Fix some $SYS messages being incorrectly persisted. Closes + #191. + - Support OpenSSL 1.1.0. + - Call fsync after persisting data to ensure it is correctly + written. Closes #189. + - Fix persistence saving of subscription QoS on big-endian + machines. + - Fix will retained flag handling on Windows. Closes #222. + - Broker now displays an error if it is unable to open the log + file. Closes #234. + - Client library: + - Support OpenSSL 1.1.0. + - Fixed the C++ library not allowing SOCKS support to be used. + Closes #198. + - Fix memory leak when verifying a server certificate with a + subjectAltName section. Closes #237. + - Build: + - Don't attempt to install docs when WITH_DOCS=no. Closes #184. + +------------------------------------------------------------------- +Tue Jun 28 00:28:53 UTC 2016 - mrueckert@suse.de + +- update to 1.4.9 + - Broker: + - Ensure websockets clients that previously connected with + clean session set to false have their queued messages + delivered immediately on reconnecting. Closes #476314. + - Reconnecting client with clean session set to false doesn't + start with mid=1 again. + - Will topic isn't truncated by one byte when using a + mount_point any more. + - Network errors are printed correctly on Windows. + - Fix incorrect $SYS heap memory reporting when using ACLs. + - Bridge config parameters couldn't contain a space, this has + been fixed. Closes #150. + - Fix saving of persistence messages that start with a '/'. + Closes #151. + - Fix reconnecting for bridges that use TLS on Windows. Closes + #154. + - Broker and bridges can now cope with unknown incoming PUBACK, + PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57. + - Fix websockets listeners not being able to bind to an IP + address. Closes #170. + - mosquitto_passwd utility now correctly deals with unknown + command line arguments in all cases. Closes #169. + - Fix publishing of $SYS/broker/clients/maximum + - Fix order of #includes in lib/send_mosq.c to ensure struct + mosquitto doesn't differ between source files when websockets + is being used. Closes #180. + - Fix possible rare crash when writing out persistence file and + a client has incomplete messages inflight that it has been + denied the right to publish. + - Client library: + - Fix the case where a message received just before the + keepalive timer expired would cause the client to miss the + keepalive timer. + - Return value of pthread_create is now checked. + - _mosquitto_destroy should not cancel threads that weren't + created by libmosquitto. Closes #166. + - Clients can now cope with unknown incoming PUBACK, PUBREC, + PUBREL, PUBCOMP without disconnecting. Closes #57. + - Fix mosquitto_topic_matches_sub() reporting matches on some + invalid subscriptions. + - Clients: + - Handle some unchecked malloc() calls. Closes #1. + - Build: + - Fix string quoting in CMakeLists.txt. Closes #4. + - Fix building on Visual Studio 2015. Closes #136. + +------------------------------------------------------------------- +Mon Mar 28 01:26:44 UTC 2016 - mrueckert@suse.de + +- update to 1.4.8 + - Broker: + - Wills published by clients connected to a listener with + mount_point defined now correctly obey the mount point. This + was a potential security risk because it allowed clients to + publish messages outside of their restricted mount point. + This is only affects brokers where the mount_point option is + in use. Closes #487178. + - Fix detection of broken connections on Windows. + Closes #485143. + - Close stdin etc. when daemonised. Closes #485589. + - Fix incorrect detection of FreeBSD and OpenBSD. + Closes #485131. + - Client library: + - mosq->want_write should be cleared immediately before a call + to SSL_write, to allow clients using mosquitto_want_write() + to get accurate results. + +------------------------------------------------------------------- +Thu Feb 11 01:00:18 UTC 2016 - mrueckert@suse.de + +- update to 1.4.7 + - Broker: + - Fix support for libwebsockets 1.22. +- changes from 1.4.6 + - Broker: + - Add support for libwebsockets 1.6. + - Client library: + - Fix _mosquitto_socketpair() on Windows, reducing the chance + of delays when publishing. Closes #483979. + - Clients: + - Fix "mosquitto_pub -l" stripping the final character on a + line. Closes #483981. + +------------------------------------------------------------------- +Wed Dec 9 17:11:00 UTC 2015 - mrueckert@suse.de + +- enable websocket supports + +------------------------------------------------------------------- +Wed Dec 9 17:00:02 UTC 2015 - mrueckert@suse.de + +- enabled tcp wrapper support + +------------------------------------------------------------------- +Wed Dec 9 16:04:49 UTC 2015 - mrueckert@suse.de + +- pass the config file in the service file. it does not load it + otherwise. + +------------------------------------------------------------------- +Mon Dec 7 17:05:42 UTC 2015 - mrueckert@suse.de + +- update to 1.4.5 + - Broker + - Fix possible memory leak if bridge using SSL attempts to + connect to a host that is not up. + - Free unused topic tree elements (fix in 1.4.3 was + incomplete). Closes #468987. + - Clients + - “mosquitto_pub -l” now no longer limited to 1024 byte lines. + Closes #478917. + +------------------------------------------------------------------- +Fri Nov 6 22:46:19 UTC 2015 - mrueckert@suse.de + +- update to 1.4.4 + - Broker: + - Don't leak sockets when outgoing bridge with multiple + addresses cannot connect. Closes #477571. + - Fix cross compiling of websockets. Closes #475807. + - Fix memory free related crashes on openwrt. Closes #475707. + - Fix excessive calls to message retry check. + +------------------------------------------------------------------- +Thu Sep 10 15:21:38 UTC 2015 - mrueckert@suse.de + +- update to 1.4.3 + - Broker + - Fix incorrect bridge notification on initial connection. + Closes #467096. + - Build fixes for OpenBSD. + - Fix incorrect behaviour for autosave_interval, most noticable + for autosave_interval=1. Closes #465438. + - Fix handling of outgoing QoS>0 messages for bridges that + could not be sent because the bridge connection was down. + - Free unused topic tree elements. Closes #468987. + - Fix some potential memory leaks. Closes #470253. + - Fix potential crash on libwebsockets error. + - Client library + - Add missing error strings to mosquitto_strerror. + - Handle fragmented TLS packets without a delay. Closes + #470660. + - Fix incorrect loop timeout being chosen when using threaded + - interface and keepalive = 0. Closes #471334. + - Increment inflight messages count correctly. Closes #474935. + - Clients + - Report error string on connection failure rather than error + code. + +------------------------------------------------------------------- +Fri May 8 14:59:17 UTC 2015 - mrueckert@suse.de + +- update to 1.4.2 + Broker: + - Fix bridge prefixes only working for the first outgoing + message. Closes #464437. + - Fix incorrect bridge connection notifications on local broker. + - Fix persistent db writing on Windows. Closes #464779. + - ACLs are now checked before sending a will message. + - Fix possible crash when using bridges on Windows. Closes + #465384. + - Fix parsing of auth_opt_ arguments with extra spaces/tabs. + - Broker will return CONNACK rc=5 when a username/password is not + authorised. This was being incorrectly set as rc=4. + - Fix handling of payload lengths>4096 with websockets. + Client library: + - Inflight message count wasn't being decreased for outgoing + messages using QoS 2, meaning that only up to 20 QoS 2 messages + could be sent. This has been fixed. Closes #464436. + - Fix CMake dependencies for C++ wrapper building. Closes + #463884. + - Fix possibility of select() being called with a socket that is + >FD_SETSIZE. This is a fix for #464632 that will be followed + >up by removing the select() call in a future version. + - Fix calls to mosquitto_connect*_async() not completing. + +------------------------------------------------------------------- +Fri May 1 22:28:20 UTC 2015 - mrueckert@suse.de + +- added mosquitto-1.4.1_apparmor.patch to make the profile work in + newer apparmor + +------------------------------------------------------------------- +Fri May 1 22:06:15 UTC 2015 - mrueckert@suse.de + +- merge a few things from the other packages + - create dir structure in the config dir + readmes + - splitout the client + - provide the splitted devel package names + - install the apparmor profile + - install firewall config + +------------------------------------------------------------------- +Fri May 1 20:34:01 UTC 2015 - mrueckert@suse.de + +- initial package diff --git a/mosquitto.keyring b/mosquitto.keyring new file mode 100644 index 0000000..36d949f --- /dev/null +++ b/mosquitto.keyring @@ -0,0 +1,191 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBEoEgPwBEADeSeoLB59SoxrakvdK1WjGQZAbNXUgWhr9k0b08lpjwHhDFxZz +GalY/9IZ5C9WDzw8+DDvm7gD4vy1O5Q3peZ8qtQ1cD1H8MaM0Vzzz8fnXqWV2oww +sH7VH+ISKUZODCD76EG8JgUpWRO+TgfMylKWkuJC8BudSYUB5sdTyrcJ3n1PbbtJ +kZomIICIaoPR3VR5ySML4qe1as7PypxF3BnzgcmSKhByLNQcKyy35Lx86JnZvTm8 +FUcCsp+FgSMCubrvF4nhyJppUAbGoohyiULmfJAVHI01XQcqmQKim02nN88HQgKU +6FDbvgPMvCSDH9wCAHghPrccYGfAhaWC9/lkVAXo5NnJC7JdXi/l/VlXhZUwsAqc +pQFj7nJHliZLalrNe9MDdnRnBw5jGx+iRQ6n5a/uNH/ykPbgQKMzWF0O3tAGmqEl +zfLd46bFr09QNzs2HfBNygUhyKYO8VSLfl+WEsLT1pcpmWQuGNUsrrF1hT/UtAr0 +WTQw2pc2BQV1R/d7lGhAfB3VxtHjI2XIRHEPVJ2+r5bkc4GxVVw6l81AOhzUsoS9 +Bv+3SnRc5c7guR4ck/CgElXCw/xy9BcqyXN0fQtiMRmL33zo2ZE4ZNJeFsmFERUz +E+fHNfJrBHnVVboE6p/TX8dzIEKbYYGllInQVSQcoAv+Qm2/a19WidUQ8QARAQAB +tCFSb2dlciBBLiBMaWdodCA8cm9nZXJAYXRjaG9vLm9yZz6IRgQQEQIABgUCS96l +pwAKCRBhGkhEuMJTwdVYAJoD4voyORSCjlz32RPCMiE7ru4iJACeJweng6lCjBrg +T93OSCI/59FLKyKIRgQQEQIABgUCS+dHZwAKCRC6bhqXQ3UZAxAIAJ0VvKnKqeGm +ZpNdJwK/6Kdzfd0K6wCgrX0vJPcp7ZFLQpHeCB0yt+O7zr6IRgQQEQIABgUCS/ZX ++gAKCRAgmbZMvxVJCw4NAJ4z1YF3InURoqE/ZBHWCPvICqtWewCg30QxvdLz0nYf +/elPCss1nZIWOa+IRgQTEQgABgUCSgTUVQAKCRC88Em0D7n+z8RfAJ9Ie7JMWStp +eYck6Ay8IbQHyJLJCwCdEzfdkmpK4a1sIk32fc/5ss3NtjuJAhwEEAECAAYFAkvd +9U0ACgkQddvLEIxoAM4PVA/9FIyp7o/goX6GIf49jBrnUFZacWssL7Cs798PBy68 +hGbP10wZiKH5yc6ofuZOdEHzWVKvKuMja/Jo6eQJtmXwmXAwV0grQ0e/Lmadpswu +ojUA8tawch5xe/0f47FAmoGmNrL/yi8bpv2tBV/DFKWSg1BAbHM3BoH0qLSwvdL0 +zOPCWWvX1pkANbWUueREjzc/xNnkwEUFsO2+ol19YQmZe7rKpo5pa53DhPqvWuol +2z5TXc8YbDNOP4T2rqpdwZjbYpHduttNIzK4h8HsAp4QF3u2e2sbro3Uhx0uRp2d +/7y3x6hflHK2U6t1yGA5uC5yYT1KaXkFZQTth2kPoEk9Bb1MImnPiqmQeW6g8r/m +sMq+d/DcOO0KjTkuqhsIN0Xx6W75toXhEjplj2pes8+6lSQnTznd9Kj5GeziWUdY +hYmrpS/OJIDl0pKzJM0N6PnhBILMl8vbrpX8Zsbn/ipk8xIb1ck8X1hjg92RJPwP +Oy204yzpgK1xXXch8wKPwTSn8QleEndwrGxpBEbTrVaquYNy+lWuXs0RENJEy6EW +nebhF3ycGV2vvXLOOlAVE3upgLvNugKhT9qGPxqr/r+FmCfSx05LpX3bUvz0OLmS +6JhU/pnZGYrEa8pWY78Mbb3BMpIcwgYzPr+SzbLaOpOy4PyGUOAIM+oEcKrSr458 +/nqJAhwEEAEIAAYFAkvfG7QACgkQYum3VLFyNpIY5xAAlNai3YFtzxU7WjdITuVF +rOSH2xJlWAzdbZ+7ijSuPzeBmHI+fYFxfkv276sh+A4K9QV1tdJn9cZAiH4cSuRd +nCGdWFnPh+bAgsEjuLyt8U/OzvSOmbMT9g10iYiuR+qZNEde/NHUOTUWvgQcwATb +8sREx4bxgdrtB503DVs5WeOg8MpVJwp66xHtzxCRWj/6urvnqkmicIDeR2nMc/D9 +yJWP90wxBeZoJGqiqcCeCWknQeBj7Qijr0JtYs/If1g9fwj4vSXBctZb49xT/Kj/ +hwBnSWro8dQVz0iU1vxfGhxkRTQwXWfqiA6XFJPYKLdvN4wU/3xP3jEy7rLyyQaI +Ocx9K7F/UUn/C7TOOq47PEXeLGPp4DR12pPCurmWqcZQlB+GpVKP1W6c+1WGUmhR +vOKx5KJBj8IdFcOG0Y0OK4+2xaEq4aZOPg+tdjoULu38AW2yzHW6vzE9toZXMRXt +oPmbs5i+MCvOGp1HJkSnkVIdFS1Wnp1boQ3ZC+eCF2tScI8Ulbj99LlodipomHeI +xvo3DJcra9zV1KGGWCwU9hkLWugrcyWJPX1masdx2S7Y6dIurDV+M8PcNOY7nYbS +T2qwnnS7dGeQbV17RzNeeppfSwYCfwY9qmLZthkC1keFi/AoRIpIwGiQ/7RA9/4w +dKIBMaTKuqlgNUgc9+QcXvyJAjYEEwEIACAFAkoEgPwCGwMGCwkIBwMCBBUCCAME +FgIDAQIeAQIXgAAKCRB3myLfs+cXt6dzD/0TCL+PEVkmLqHGfa0/4gEb0Tl08iY9 +NbJSKUTxKfQ2mgr4/sf+E2jmfhGCNqGVNDPn5aXtrrsXKl7odKKrecfnytELCCGx +gDWiEauieYN54Q0WquNV3bLNDc4l3lYdWMvG8JNMJ0qYI/S6J4JYbILnQLiIjST/ +PCxnwnxQR/BP3VCa1nPQSAHoj3qyns28xMgdiAby4niq4iuFjl9e3DnCC97CeKtQ +FK9z4nG2+xQMro5JfWEmKPTsAokVUxk90iU7wYKmb/t0kMDKkLGXN0XYECwp6/Ju +w1v4xTm4khiSADSiQbfhmQh1ytFr+7Ba+dOxxOL7/2BorapV5PXMXGh18rRZxZN9 +S0XnXJu+/WXw5x2ZF/aZHk1PWodsfae9JTCVXw1kalY00qKtO6qj7MRaYJxnib46 +Prsv/rrz5JmCDsLJyhHS0GPxqVooA1toFyXl0yOGLzYVuFQbrRo1+KUzqNKv6tzS +tQlP9OZnnHmJWBOFzAd/vy/tJmVbs0uziOcjnir7VvHpqrnKPHvcYagkKf3BH78D +NziSx5a+8OukI/VsjTMQDsmNlG7s4uciNiCmQBQy92XgTYPQAGmA3itTA4mxiPhK +d6p2ftAcg9rlpnVrs4AC1roQQRRhcmUktvoKk1mIQvhH5da4q5t6J+UQbYrKdLzV +eobcA+eTImjeookCOgQTAQgAJAIbAwIeAQIXgAULCQgHAwUVCgkICwUWAgMBAAUC +SgSiaAIZAQAKCRB3myLfs+cXt6A/D/9ESZ7DQVvjnAJUUEnIscv7SopBf8H2iRpz +1+53eti0tM+Z4HTg4v60xvf+05MlvIIXasMu+MTUiuozB50MBj9swpI8nVFDk1Fr +RaNcYvGRUE6om4TwTqoY4usvr8NK7u/OirzHNwrFtYNGCLNJO4pD1AcQao8TxEM7 +JieRvIYfCyG06EZuGkF5fnmDGch84+JOjTh/6IXrUxuiaRfF2XKUycSMSoa4XT2M +pvijZTbOEL+l7vcA0YgCl/1lEeZRu3yN25iBp9+yPrgULD6qNOd/rxyH5COAMcV4 +LI7gHF5U6BgIOJp+nv8JKTzUrUM35IWf0qNtx57hAZ0i/YeYZMHnvpcEFsnps6DF +jK5fWfDiblrtxcp/R2kKKYpAb9pSraF4Z0PYoqzfRuo95plG5wUBmesvGB8C9qPZ +5MTKcmdJihUHZk1izuoJ76gy2nySRKXNrT3Uj2usFUUAQMatGy0k44S0cnxCHg1P +7Jb/IqambsPJZg4mVHlqH70byeOOUzywUfBY11ttaA7rM80L9WS2ItzRoJ67XTUz +drLX5F7FPZurWkUEpT/gMZF0Ti9URFiAd6OQNU/jGaXyPUkDoDOTiKTj+ZD60PLF +CwknPR50iVNXAfxfh3Aun3XAlqOkVBBVA3+0yTIYeeuutx+yuLjhRG8PB2W862wD +E96KmeJq+4kCQAQTAQoAKgIbAwIeAQIXgAIZAQULCQgHAwUVCgkICwUWAgMBAAUC +Vc0OjAUJD4r0jQAKCRB3myLfs+cXtzdFD/9NX2mnT5QCayWvcad2BHUomytG+I/M +Yo0ymlrOFrYzDTJ0U7rQ6FOTmY5u0zZehfQG8hlUGOZxXBBye18Jy6ro7j7mM+7v +cZAA/m80r/k4HYZDnUeZN36BC8KUp9xz/443dF940dxpBhmhQcsqZyDF3Ou3ErJN +Uxsq19y05jMaQ1UKaSU3tCKI1sA1vWq9w+PqqE6TXlbIR2+nZN+AFIgMl4zaTsd/ +FqkO6NDQlaEwqhaSMkVgUiOAhKc8byVaWcE2l/ljjmnJGshj7S6h4b5wqpag9ecr +d7hxop6qNAgeoRd1sDeZmhHHCSRJbrRZP+fkNF7ypRNlOfGdeCc4KMizar+BOb4A +38l+rm0OUO5IPD0fiimns+F3HyJqJGp17webnonhXxkvckC3XRDCMfYktxqUGKK0 +beFwVjuH3tP8TS99WXA+PpL/iDiSRYmgliGljbavce1dTFcTVDJMG8Gbw5ZEsXij +MCmNS7HgzHDAtKBAscGpBBxt2je6qJHgWwQavCTIAjR/S8QqKQgWw3VqmyGWLArP +Zqmf4DkM4pSZ6ZNkGd0E+ew2rnb4Uy+HSK3UTqLtST1ymUZ87AIP2GdG401VJLd+ +CVCchXwswDz2TY/MD6gmG57Fn94nUQY9DiGJi6nIZt+NfsY5UWHWxJd1A0wbm6XY +wJJfe6KoXV8znYkCQAQTAQoAKgIbAwIeAQIXgAIZAQULCQgHAwUVCgkICwUWAgMB +AAUCWph3nQUJFFZdngAKCRB3myLfs+cXt15KD/0eEytQHlha2VFO52doDA6K5NKa +GvJeR3hnTwHErhYBxjpspmsMk95UyYhlJRLD3dE9eJ1RRJzOY6Oamf/gy3Z55zZk +Pp1oLW+UVyOJkA4CZ8AExucLUMabrKWoUm6TUEvFLZ1sIkBLGeBdqzZUPXeXK6U7 +EvSNLtsOtVxQ+SMeYvG/18Co2YAFiT8UXyQuFQwWi+Acm2U2stIyl9fu3hyENTM6 +IkMXB3fNZgj+qmt5egUK/3EIaerh1+qv1dnQGiiVDHtqrLdY1150OHhwvBU4Jx7S +ePW09DzZzDiuyc3mbuxm+zEBYknQq4tpnSqQXkxy4svdfbPobiZOAK0/vB1PlvJD +1qqBCZzVGks62H9TETKUPuqRQqODbsCVhJn2RkoGjDDC4zeDiGzef7Nx97DsLzUs +E+VA2f2kBFYg0jdjyLNZVF1Qmu1FF3QfQheGKtSLk6TaHJ1st92rBK526di4kXx4 +UXaehefZYgAI8uxZ0/YXuAorQscadCDQxNNTfI9vSARW4TTiMJ75H+X4eoqRqLVi +EUnz0C6uzcchxUhsqEazjVM4bf4ButaOblNUUL2pCCoGCwjRx5O4gyYHbesd9qnx +Qb2dGQILRBlqni7rTBdpEy53rWUOOH1vR+qwB74FBNVCURVu6ST231EGPWGN+s7N +lUEwG8DDKg41aGygnLQlUm9nZXIgQS4gTGlnaHQgPHJvZ2VybGlnaHRAZ21haWwu +Y29tPohGBBARAgAGBQJL3qWnAAoJEGEaSES4wlPBPakAn2kOBc6KqnVOdjJVzjeq +8MGVVaQkAJ0ef9qh5PlG/96EbS+ukps57NpyMIhGBBARAgAGBQJL50dtAAoJELpu +GpdDdRkDUEwAnAhbpmIFVWIUXgcULKfEqnzWQ2sDAKCOJT8eIachZ1ZbqssEHf48 +zy2XYohGBBARAgAGBQJL9lf6AAoJECCZtky/FUkLzLYAoNkaCYTUbl4t0+2N6jzy +hSbUHrrnAJ442RYVKxgWTFxLb0XLJtIF+bKhy4hGBBMRCAAGBQJKBNRXAAoJELzw +SbQPuf7PboAAoJmInnVLgGno8Xraa66mrza0Q/AhAJoCEKjv+G5Vm9Au2ckmpA95 +2HT+xIkCHAQQAQIABgUCS931TQAKCRB128sQjGgAzh6gD/9NG+CelK+9ss5CBtyL +Zz4VZ6jWz5QeAkUT7RSG/xVOQHz7TKrRdxDVtmvqUMW39pjblvLywe3jzlgV5oNc +To3nfa16uO3Ca1VtRR5Az5nLPdp8kB8ZDrcjPpcElXp+wGKBe8j8LC3jWmSxbPgt +NGwPMFKIEIliH9thR00LrvsF9Ltmde4JC8vGNsF7YnHtWCy0vYI9DjHhUUNc2de6 +8O8eYHFYzjqJZ4+Z6c7XWU9hqDIfSsS5gPO201wC/CeRHPKINv8CU58PNcYQ7LFq +u/QGjD63+L/rAuLpUjlNRcPrvOUgK/nBjfT3diqrzpKSXAHCFBWAoIr17RJvNEn1 +h3PiPbDUgV5qd0EJIMlKdESlR8c/OoChW1ZFf3JX0+zrQBdQtpJbLoH/xaXokqET +lgbaUTzbMdOD2cjTB+ODV5thECOjx8LXrxbq/Ub5Wfzozo5GDNvh5PemoAOm3wlj +JfRsbQXQQS6PEFaejgJiXUn2D1z8ebDTnONUWV85/8TsPYumtVpKyerpim+0lwfU +wjWlRquDEXrssUzc49WqH6znP5wpD9yiT5BDJyOLf1uOI6mvqniAeTBXfccKEFDX +Tl9DbpM8qYD4gIcBkMGt9iVXvSEfaFEsWJiSxiW8oGAIWzq2EPBQQ3dVpCajivrq +pjkZBDFX4oz/qMB8GXzg57Y6+YkCHAQQAQgABgUCS98btAAKCRBi6bdUsXI2kmFZ +EACk8qJT+O+rBO3behvvXoCv0j6Y2WQMW5TGpJFO1oubKxqg93MMxNtE3kAg674t +eS89O4EWRpCpfqGzaJ8NIHA2PSSdYvDDM6NZZItpjkQhU/0+xZW4gVrCx2VV4+EL +X8EstmtB13Cxj3Va+lrk2uXNHegNg0yzEEPxDIRVQ9d80n15FlXTqzLj6DGs+KJ8 +bYfG84hHH5vDD4ASFiKV2qtntCprIvaUm019kDFvRpaRlHmi5h6qpWw+RuIbwMEz +ylXbfijcdfj2DLXUMpGptn4ubO4n+Kbyu8h1bryNtSkT3sJH9Iz8XJDacLslClVV +iZDMWXZ3DtNhMlxz3O8AxTA2M+ehJSUCUtsExet4zPRyTpe8TwuzGDT6PLZ4KRJm +f6drPWB89Jk478vkMI3IXYkHFAuy7L2GfimUBxm60NrCW38UqF0PZViuW8wfJ0jY +OBXBheNTlNQWKIs+yvgHwesPHZJUikuFaluFSEtM/IEswJAa/Xq85j3GTyCsfOaL +sGRI/gPRvgutZULGebwYZZ8AFRRCBeja1b4zCIs/GEhaDezEkEh9erDHaUP22yam +Rz+OP/hi3PPE8zL6BS48RN9AhkbtFD5eZG+hU0+15XrXoUxqxuetbi7gY51nay5w +2t1Hr99HbqQuT/K/P4X0xHy+6PaVHiK0/syAcidN1GQ0SYkCNgQTAQgAIAUCSgSi +AQIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEHebIt+z5xe3OtUQAJ/Rhzc8 +AFxslMecs657LExsFn9BRoENzEQsZap8AYscZ0ZsXfSZWETh8haYn5tUREbsv3nD +izNgNguwIxOx47FDOxg8yPoNWT3T1lz6Bnh/sSJbTx8obL1wzL7oKYKc+N1vZ/lv +HgFY1o6eqk09NsqE62WOpN/f6urtVd4nbZ9evceIzfomwE4vOI1owsurn5hehCRZ +Q0/0T8Q2PIAnFQhUcmIuGRHpaVtr8GXPw8kpB0+KZQ8JUK5YBMx4h5nsVNcd7bbo +ABVPHgzz+sGj+1GHOJfU4vm1MNWSFyi1drawtNXJLZheAZhG7qWfrhiAipAuKTre +DFehFkzQ/nkymhakoRDtKGmMXW15GfZtQ9oPeHmr3sgfDwkRuKvbaTsPJnrkIS9R +pGXxezHuZoNXUIqthmGkr8yRMf4JSLxSfFM/o3BP0CFL6jH5I9Xflhtr/BRqUYHG +kHgXtpLjz+1o5HrEmZ9pV4Nt7hCI5r5NfF6qy3TfJkondVGolxFGQtVRlngF7bZl +gat5oiR2UH8XDwQ7tx1NYn3HPB27x2nK938No9NNyjbnMqyY1X/YgdTjuaKUSYjX +PZoExjD1z6lTVj0lR1TDYfp9Y/7G9v2PBGutiphMHITneMY2SV7CcCPEMhVVEz/N +Usu/I8e9A9gcHyELK43Dv9/VrSJg4cewujyJiQI9BBMBCgAnAhsDAh4BAheABQsJ +CAcDBRUKCQgLBRYCAwEABQJVzQ6OBQkPivSNAAoJEHebIt+z5xe310cQAJQgH0c2 +o1Rakt6vKldeJ6p7hKjxOvYoVFs809KjnVTAovk9JBKswyCKibkRGqM6zNFwv8T7 +YlOxHyegiKgveaOTtBlAZUgRnhz0EGZw/dvP1TbBwroQQv7QPImKBjbNAjvyUgk6 +a6PNafWGCLW+u7YFXYR0KCwYAf+w4d/cRlwtnU4sSU/+u5DKZ4vnpOe4TFl78JJR +vlNrd+HjI/+D7Ney+ub9XMWyoJcQmVjggT/WpNIFi5Yl1nVc8nPt+5rk7JUJHW0Y +oswjFAQ1IgDfcmLmUD3lPR0MZob1UdkJhMDqZJhsy6+F4ya08uh3l38HgVGf8eX4 +0kA4eVDJuk3C7RYLeUhtZZMlVaLUQhULwZxSZSj9kTwPIGmTqAqAONkzZ7zs4ZGV +Eq58up6XPK9PwZBSUTMouWc640XS6aVubW3ahLYkjtquqRHdcPCg2yRg//36YGiK +nwxcEFb0ZxoMgv0pEPBW4/unRuXQ/aOf1i2OeJRbuTf9JoYflcrEFT1tVZnE5r/M +p0E2StZDhc3J+/Hmb2Pqc4DQ15t7F5BV8TGC6LX6BDWT00iM4b4zlaVEPxFcDxtz +SHLM90dldL1UB5p3a5AzpehWoo544QZD2LfFtEi/EEplflqo+g6SVFsYzYHfCrPt +HQT4rRIL2FTOoC53at78gaqlVqRAnGTESGKGiQI9BBMBCgAnAhsDAh4BAheABQsJ +CAcDBRUKCQgLBRYCAwEABQJamHefBQkUVl2eAAoJEHebIt+z5xe30vIQAJAp1zFG +OMSHrdBJK7DPp5r7BsRhPq4RCos1CtToHj2nSKW2vKBy/HZEmuYRHzaKb9a4PtNT +h2ChKRflDJAz1VlrRw3BRecXwlZqJCjBVlN3vJMgMqlJAwJo2SsXXPU14votNiEY +X6isxSkQAMfh0/QRcOdllPeA9lWzM0GMMRAi32NE5vtrrr9Jc/gMOxFPn8NhqfLr +Amnl/PrZmh7DxZA/mDBlZiH+OtIlUTYOskKWrP98/2TZSAnLTSAIFcyRTne9YPAL +tdTcB3aUEtP3c8YBx/PJ0aefk6eLRApH4/5rAB0flEJ9ZartebWL338vaaak0A6i +oJ4CJG8hz48yrd55Tct/g0I8IxPWERx8KDNAEvLrBwFFdz3oizFhpvhuYHvLya8R +bujnZCvvy62bMXJdalyc+TuGWJwQUyWlJfycbj56he/qQ/PxVxVNV6xHbzpGXW5q ++pRgqfK96/nYt15ymmVF8TVGRrmHAnTLsnTPX02Ftmm9J5PZmKWNV7JUVA78eOBq +AoTpRCK7O/4v5qNQGFIA8jwEbXxPsUbB1n9V+zKvTCel+1juh1Ng9X/pyVxbbmxQ +OhDX5hU4dvbaEaKRbUidfQovcyCixJUpvoE29qnEcsFpyodKBWiEI1pkdTYVUpgY +xIO50WQ5UxEkSH1iD0jr2ptGF/p0o8X0xkpvuQQNBEoEoqoQEADHBHhonZDqOZYn +P3JHyDlzA2wzBdQfvNBrk3cUheIis5qWfloh11gCAt3KQKSx3zyMAFeTYjFH7qZh +ILOZs0WxB/Yas1oo1eZjtTp/CANUaYas8jIwoeZYqCbh4+/1I4G8hYxA1PtKraCA +NN34fHniYCu7wzx7TeTNDmpa1xkhFESV0kocCq2cmDo57VrXXsmRGVs60vZvAYs7 +pn5KKfXZQyzuM8cB6JVnFaoKAzISY5w532nfroIlBqv4M3aVi/bVFFmuN+Qgzyd6 +o0/S3VoBg/eRJ8Z2Yc0Hvc22Fy+ACGS1deQXjTGsBvrtbhh4yyv6vIfNTVobkUpO +p2ZTJDxBrrhqMN/vFXCgkeu1TZSbBoEO0mmHrgytmIzQaLrzv3CE/zREARYCUwQn +AypKems2Vx4dgliSyBhVra+bBqbbX8HxPbsUIJzbTO8BpTkNzgvnd8CRZlsqoUwd +3mFknvVvHkWYQSQDgZwi080L7FvvPdOMZwKnSlzsZ1x2IzvB4SFQBpzeGX/+G81E +Bt+CUYIaNKMY6Qb+fqeMT5i0sheDZv5LOPdm727KtmstoznGtNAFVFeL+nH/N85t +KdT4o75OLMpqMO+SwYRMVlJXS6ZFGXFts7DCeXn/ikjulyu/AvgF9g+Vuv7WtP+D +zJmqQa1RwptPiqm96KEpPIecW+YGhwADBQ//W9lSsAkX/01XXTHPkx/futWDM936 +srIFbx7PT72FsCTPuShNt8UK+635vK6Ny3FAqcMZ57NvQO61DoVHg66/ofx8nZxc +sLSd6SwvsxmSLcn6d4nLQQC4ggaLfY//4Knns+VrS/KBssFc3W8JChAmzYCYa4zX +eVfzKiEFCaWIJGIoF4xpFPE6wnrDahVZ2CjCkr9uWjLt+NZ4F15pHMojycJw7Kfg +BF0HaRO17PTlwrhSjeXfAr1AKbgxW/MpyVudo2VG67wqyTb4+otavYKRN7f7hZ7k +1BF9/HAItAQh4OguU0iXeTSvUpo5qGNr4sGzdL8zDudodg14a58gju+bg+j7Ems8 +FvgrltgOdzF1/JTiCQaX1d1kDfIbQ7eeSdH99hcn1GDNfL0Y1VAzxgz3BjXrcpF7 +OwHLHZbm/w3DuSxBPpnOaj0lfmgxDfQ0p6+E1KugiFZekoqbNupQ/XRLVdItzIgj +MwSoJYvvlzhpsoVc9ES/kZOIlhUHVhmX9iJ+Qk8rIjL05Ka009e5wRIdb2W8KVfw +AtQ7Hl0S2u4KYU5mf3zuKCXxC69Uf/dG3E4eajVDdMbACgc34ukBMevJvE+3k47d +6ribnx82uw12fbA/2FI3XRpBEsX2OvrE4ktcxnRnvZHYKQMTpZ82FS+7lmWRBYvq +yibjPCfrmMdKx/WJAiUEGAEKAA8CGwwFAlqYd/IFCRRWPEYACgkQd5si37PnF7d8 +ow//aMRMJkOolabGnwjQ0Oz0ZDkU3lOBFqz6dfEITjtXHNDezFxbanBZCXmbEGAy +CjkfEnmhRJXURD6Pjg26bc853CZV0sHCeA7dkA8BohmRQxVIcQ6D1SRS3mIJMSMV +GdCkM4o78RShSRbLWYRjktHwOptjEnzo44K3XXHrO6UTBl3K9rb6ewqfJXg3jHyS +qVWXsZ/yf+BVCs8T/VCt7iX0uFqicuO7K6BrytU6KuFGJAqzTKh9xsGBRzo1a4Ca +OxIfmvK/HS+xVTKJWDgtfajgSpoaPD/YJviTYp4UuCp5l1UmlvL3NJvYR+1feWrq +p0WoeWlTBm+ZCyVHwLU0XIyewT82Gz+EdFXuLdkGxqucGnC8RTQafIT3Z3L20/Zm +MYFp/J1teB9pG6Lesl0Ly6/Ie9KrtNzXHTkTSTTzaBVCQR0XHhwb17itu90LaQFx +1/hkz6N84H8dYLU3QveKLJdYcOQML2yUqe/g0thdQ9JQ+Gaaf3j172dPuOqp8k1U +W/K5Ni1fGuQC2hNwRLH3ifStpf31fwTCAileZ7nq9BeYmdUNGJqhqQ9qt42nsTNi +s18v9UJUZIHkL1bcheJQVpLNga7rjPbeRdarL+n/VPfBzQTG/knhsPtlH3LHhb6O +I03vVu0JtEM/DtiH+hxqxX6JCiabtTrZEEDtu439+zWsP8I= +=LpUw +-----END PGP PUBLIC KEY BLOCK----- diff --git a/mosquitto.service b/mosquitto.service new file mode 100644 index 0000000..e520498 --- /dev/null +++ b/mosquitto.service @@ -0,0 +1,26 @@ +[Unit] +Description=Mosquitto MQTT v3.1/v3.1.1 Broker +Documentation=man:mosquitto.conf(5) man:mosquitto(8) + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=simple +User=mosquitto +Group=mosquitto +ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/mosquitto.spec b/mosquitto.spec new file mode 100644 index 0000000..b45a3bf --- /dev/null +++ b/mosquitto.spec @@ -0,0 +1,213 @@ +# +# spec file for package mosquitto +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define home %{_localstatedir}/lib/%{name} +%define c_lib libmosquitto1 +%define cpp_lib libmosquittopp1 +Name: mosquitto +Version: 2.0.19 +Release: 0 +Summary: A MQTT v3.1/v3.1.1 Broker +License: EPL-1.0 +Group: Productivity/Networking/Other +URL: https://mosquitto.org/ +Source: https://mosquitto.org/files/source/mosquitto-%{version}.tar.gz +Source1: mosquitto.service +Source2: %{name}-user.conf +Source4: README-conf-d +Source5: README-ca_certificates +Source6: README-certs +Source98: https://mosquitto.org/files/source/mosquitto-%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.sig +Source99: %{name}.keyring +Patch0: mosquitto-1.4.1_apparmor.patch +Patch1: mosquitto-1.6.8-config.patch +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: libxslt-tools +BuildRequires: openssl-devel >= 1.0.0 +BuildRequires: pkgconfig +BuildRequires: sysuser-tools +BuildRequires: tcpd-devel +BuildRequires: uthash-devel +BuildRequires: pkgconfig(libcares) +BuildRequires: pkgconfig(libcjson) +BuildRequires: pkgconfig(libwebsockets) +%sysusers_requires +%{?systemd_ordering} + +%description +Mosquitto is a message broker that implements the +MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a +lightweight method of carrying out messaging using a publish/subscribe model. +This makes it suitable for "machine to machine" messaging such as with low +power sensors or mobile devices such as phones, embedded computers or +microcontrollers like the Arduino. A good example of this is all of the work +that Andy Stanford-Clark (one of the originators of MQTT) has done in home +monitoring and automation with his twittering house and twittering ferry. + +%package -n %{c_lib} +Summary: Shared C Library for %{name} +Group: Development/Libraries/C and C++ + +%description -n %{c_lib} +Mosquitto is a message broker that implements the +MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a +lightweight method of carrying out messaging using a publish/subscribe model. + +This package holds the shared C library. + +%package -n %{cpp_lib} +Summary: Shared C++ Library for %{name} +Group: Development/Libraries/C and C++ + +%description -n %{cpp_lib} +Mosquitto is a message broker that implements the +MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a +lightweight method of carrying out messaging using a publish/subscribe model. + +This package holds the shared C++ library. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries/C and C++ +Requires: %{c_lib} = %{version} +Requires: %{cpp_lib} = %{version} +Provides: libmosquitto-devel = %{version}-%{release} +Provides: libmosquittopp-devel = %{version}-%{release} + +%description devel +Mosquitto is a message broker that implements the +MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a +lightweight method of carrying out messaging using a publish/subscribe model. + +This package holds the development files. + +%package clients +Summary: Client for Mosquitto +Group: Productivity/Networking/Other + +%description clients +Mosquitto is a message broker that implements the +MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a +lightweight method of carrying out messaging using a publish/subscribe model. +This makes it suitable for "machine to machine" messaging such as with low +power sensors or mobile devices such as phones, embedded computers or +microcontrollers like the Arduino. A good example of this is all of the work +that Andy Stanford-Clark (one of the originators of MQTT) has done in home +monitoring and automation with his twittering house and twittering ferry. + +Client for Mosquitto. + +%prep +%autosetup -p1 +find misc -type f -exec chmod a-x "{}" "+" + +%build +%sysusers_generate_pre %{SOURCE2} %{name} %{name}-user.conf +%cmake \ + -DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir} \ + -DWITH_WEBSOCKETS=ON \ + -DUSE_LIBWRAP=ON +%make_build + +%install +%cmake_install +install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +install -Dd -m 0750 %{buildroot}%{home} +chmod -R o= %{buildroot}%{_sysconfdir}/%{name}/ +install -D -m 644 security/mosquitto.apparmor %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.mosquitto +install -D -m 755 -d %{buildroot}%{_sysconfdir}/apparmor.d/local/ +echo "# Site-specific additions and overrides for 'usr.sbin.mosquitto'" > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto +install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/mosquitto/conf.d/README +install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/mosquitto/ca_certificates/README +install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/mosquitto/certs/README +install -D -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}-user.conf + +%pre -f %{name}.pre +%service_add_pre %{name}.service + +%preun +%service_del_preun %{name}.service + +%post +%service_add_post %{name}.service + +%postun +%service_del_postun %{name}.service + +%post -n %{c_lib} -p /sbin/ldconfig +%postun -n %{c_lib} -p /sbin/ldconfig +%post -n %{cpp_lib} -p /sbin/ldconfig +%postun -n %{cpp_lib} -p /sbin/ldconfig + +%files +%license edl-v10 epl-v20 LICENSE.txt +%doc CONTRIBUTING.md ChangeLog.txt *.html *.example +%doc examples/ logo/ security/ misc/ +%config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/mosquitto/ +%{_bindir}/mosquitto_passwd +%{_bindir}/mosquitto_ctrl +#%%{_bindir}/mosquitto_ctrl_dynsec +%{_sbindir}/mosquitto +%{_mandir}/man1/mosquitto_ctrl.1%{?ext_man} +%{_mandir}/man1/mosquitto_ctrl_dynsec.1%{?ext_man} +%{_mandir}/man1/mosquitto_passwd.1%{?ext_man} +%{_mandir}/man5/mosquitto.conf.5%{?ext_man} +%{_mandir}/man7/mosquitto-tls.7%{?ext_man} +%{_mandir}/man7/mqtt.7%{?ext_man} +%{_mandir}/man8/mosquitto.8%{?ext_man} +%{_unitdir}/%{name}.service +%{_sbindir}/rc%{name} +%{_libdir}/mosquitto_dynamic_security.so +%{_sysusersdir}/%{name}-user.conf +%dir %attr(-,%{name},%{name}) %{home} +%dir %{_sysconfdir}/apparmor.d/ +%dir %{_sysconfdir}/apparmor.d/local/ +%config %{_sysconfdir}/apparmor.d/usr.sbin.mosquitto +%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.mosquitto + +%files clients +%license edl-v10 epl-v20 LICENSE.txt +%{_bindir}/mosquitto_pub +%{_bindir}/mosquitto_sub +%{_bindir}/mosquitto_rr +%{_mandir}/man1/mosquitto_pub.1%{?ext_man} +%{_mandir}/man1/mosquitto_sub.1%{?ext_man} +%{_mandir}/man1/mosquitto_rr.1%{?ext_man} + +%files -n %{c_lib} +%license edl-v10 epl-v20 LICENSE.txt +%{_libdir}/libmosquitto.so.* + +%files -n %{cpp_lib} +%license edl-v10 epl-v20 LICENSE.txt +%{_libdir}/libmosquittopp.so.* + +%files devel +%{_libdir}/libmosquitto.so +%{_libdir}/libmosquittopp.so +%{_includedir}/mosquitto.h +%{_includedir}/mosquitto_*.h +%{_includedir}/mosquittopp.h +%{_includedir}/mqtt_protocol.h +%{_mandir}/man3/libmosquitto.3%{?ext_man} +%{_libdir}/pkgconfig/libmosquitto.pc +%{_libdir}/pkgconfig/libmosquittopp.pc + +%changelog