------------------------------------------------------------------- Mon May 29 20:19:58 UTC 2017 - mardnh@gmx.de - Update to 1.4.12 * Security: - Fix CVE-2017-7650, which allows clients with username or client id set to '#' or '+' to bypass pattern based ACLs or third party plugins. The fix denies message sending or receiving of messages for clients with a '#' or '+' in their username or client id and if the message is subject to a pattern ACL check or plugin check. * Broker: - Fix mosquitto.db from becoming corrupted due to client messages being persisted with no stored message. Closes #424. - Fix bridge not restarting properly. Closes #428. - Fix unitialized memory in gets_quiet on Windows. Closes #426. - Fix building with WITH_ADNS=no for systems that don't use glibc. Closes #415. - Fixes to readme.md. - Fix deprecation warning for OpenSSL 1.1. PR #416. - Don't segfault on duplicate bridge names. Closes #446. - Fix CVE-2017-7650. ------------------------------------------------------------------- Sun Mar 19 20:27:12 UTC 2017 - mrueckert@suse.de - update to 1.4.11 - Broker: - Fix crash when "lazy" type bridge attempts to reconnect. Closes #259. - maximum_connections now applies to websockets listeners. Closes #271. - Allow bridges to use TLS with IPv6. - Don't error on zero length persistence files. Closes #316. - For http only websockets clients, close files served over http in all cases when the client disconnects. Closes #354. - Fix error message when websockets http_dir directory does not exist. - Improve password utility error message. Closes #379. - Clients: - Use of --ciphers no longer requires you to also pass --tls-version. Closes #380. - Client library: - Clients can now use TLS with IPv6. - Fix potential socket leakage when reconnecting. Closes #304. - Fix potential negative timeout being passed to pselect. Closes #329. - update 1.4.10 - Broker: - Fix TLS operation with websockets listeners and libwebsockts 2.x. Closes #186. - Don't disconnect client on HUP before reading the pending data. Closes #7. - Fix some $SYS messages being incorrectly persisted. Closes #191. - Support OpenSSL 1.1.0. - Call fsync after persisting data to ensure it is correctly written. Closes #189. - Fix persistence saving of subscription QoS on big-endian machines. - Fix will retained flag handling on Windows. Closes #222. - Broker now displays an error if it is unable to open the log file. Closes #234. - Client library: - Support OpenSSL 1.1.0. - Fixed the C++ library not allowing SOCKS support to be used. Closes #198. - Fix memory leak when verifying a server certificate with a subjectAltName section. Closes #237. - Build: - Don't attempt to install docs when WITH_DOCS=no. Closes #184. ------------------------------------------------------------------- Tue Jun 28 00:28:53 UTC 2016 - mrueckert@suse.de - update to 1.4.9 - Broker: - Ensure websockets clients that previously connected with clean session set to false have their queued messages delivered immediately on reconnecting. Closes #476314. - Reconnecting client with clean session set to false doesn't start with mid=1 again. - Will topic isn't truncated by one byte when using a mount_point any more. - Network errors are printed correctly on Windows. - Fix incorrect $SYS heap memory reporting when using ACLs. - Bridge config parameters couldn't contain a space, this has been fixed. Closes #150. - Fix saving of persistence messages that start with a '/'. Closes #151. - Fix reconnecting for bridges that use TLS on Windows. Closes #154. - Broker and bridges can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57. - Fix websockets listeners not being able to bind to an IP address. Closes #170. - mosquitto_passwd utility now correctly deals with unknown command line arguments in all cases. Closes #169. - Fix publishing of $SYS/broker/clients/maximum - Fix order of #includes in lib/send_mosq.c to ensure struct mosquitto doesn't differ between source files when websockets is being used. Closes #180. - Fix possible rare crash when writing out persistence file and a client has incomplete messages inflight that it has been denied the right to publish. - Client library: - Fix the case where a message received just before the keepalive timer expired would cause the client to miss the keepalive timer. - Return value of pthread_create is now checked. - _mosquitto_destroy should not cancel threads that weren't created by libmosquitto. Closes #166. - Clients can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57. - Fix mosquitto_topic_matches_sub() reporting matches on some invalid subscriptions. - Clients: - Handle some unchecked malloc() calls. Closes #1. - Build: - Fix string quoting in CMakeLists.txt. Closes #4. - Fix building on Visual Studio 2015. Closes #136. ------------------------------------------------------------------- Mon Mar 28 01:26:44 UTC 2016 - mrueckert@suse.de - update to 1.4.8 - Broker: - Wills published by clients connected to a listener with mount_point defined now correctly obey the mount point. This was a potential security risk because it allowed clients to publish messages outside of their restricted mount point. This is only affects brokers where the mount_point option is in use. Closes #487178. - Fix detection of broken connections on Windows. Closes #485143. - Close stdin etc. when daemonised. Closes #485589. - Fix incorrect detection of FreeBSD and OpenBSD. Closes #485131. - Client library: - mosq->want_write should be cleared immediately before a call to SSL_write, to allow clients using mosquitto_want_write() to get accurate results. ------------------------------------------------------------------- Thu Feb 11 01:00:18 UTC 2016 - mrueckert@suse.de - update to 1.4.7 - Broker: - Fix support for libwebsockets 1.22. - changes from 1.4.6 - Broker: - Add support for libwebsockets 1.6. - Client library: - Fix _mosquitto_socketpair() on Windows, reducing the chance of delays when publishing. Closes #483979. - Clients: - Fix "mosquitto_pub -l" stripping the final character on a line. Closes #483981. ------------------------------------------------------------------- Wed Dec 9 17:11:00 UTC 2015 - mrueckert@suse.de - enable websocket supports ------------------------------------------------------------------- Wed Dec 9 17:00:02 UTC 2015 - mrueckert@suse.de - enabled tcp wrapper support ------------------------------------------------------------------- Wed Dec 9 16:04:49 UTC 2015 - mrueckert@suse.de - pass the config file in the service file. it does not load it otherwise. ------------------------------------------------------------------- Mon Dec 7 17:05:42 UTC 2015 - mrueckert@suse.de - update to 1.4.5 - Broker - Fix possible memory leak if bridge using SSL attempts to connect to a host that is not up. - Free unused topic tree elements (fix in 1.4.3 was incomplete). Closes #468987. - Clients - “mosquitto_pub -l” now no longer limited to 1024 byte lines. Closes #478917. ------------------------------------------------------------------- Fri Nov 6 22:46:19 UTC 2015 - mrueckert@suse.de - update to 1.4.4 - Broker: - Don't leak sockets when outgoing bridge with multiple addresses cannot connect. Closes #477571. - Fix cross compiling of websockets. Closes #475807. - Fix memory free related crashes on openwrt. Closes #475707. - Fix excessive calls to message retry check. ------------------------------------------------------------------- Thu Sep 10 15:21:38 UTC 2015 - mrueckert@suse.de - update to 1.4.3 - Broker - Fix incorrect bridge notification on initial connection. Closes #467096. - Build fixes for OpenBSD. - Fix incorrect behaviour for autosave_interval, most noticable for autosave_interval=1. Closes #465438. - Fix handling of outgoing QoS>0 messages for bridges that could not be sent because the bridge connection was down. - Free unused topic tree elements. Closes #468987. - Fix some potential memory leaks. Closes #470253. - Fix potential crash on libwebsockets error. - Client library - Add missing error strings to mosquitto_strerror. - Handle fragmented TLS packets without a delay. Closes #470660. - Fix incorrect loop timeout being chosen when using threaded - interface and keepalive = 0. Closes #471334. - Increment inflight messages count correctly. Closes #474935. - Clients - Report error string on connection failure rather than error code. ------------------------------------------------------------------- Fri May 8 14:59:17 UTC 2015 - mrueckert@suse.de - update to 1.4.2 Broker: - Fix bridge prefixes only working for the first outgoing message. Closes #464437. - Fix incorrect bridge connection notifications on local broker. - Fix persistent db writing on Windows. Closes #464779. - ACLs are now checked before sending a will message. - Fix possible crash when using bridges on Windows. Closes #465384. - Fix parsing of auth_opt_ arguments with extra spaces/tabs. - Broker will return CONNACK rc=5 when a username/password is not authorised. This was being incorrectly set as rc=4. - Fix handling of payload lengths>4096 with websockets. Client library: - Inflight message count wasn't being decreased for outgoing messages using QoS 2, meaning that only up to 20 QoS 2 messages could be sent. This has been fixed. Closes #464436. - Fix CMake dependencies for C++ wrapper building. Closes #463884. - Fix possibility of select() being called with a socket that is >FD_SETSIZE. This is a fix for #464632 that will be followed >up by removing the select() call in a future version. - Fix calls to mosquitto_connect*_async() not completing. ------------------------------------------------------------------- Fri May 1 22:28:20 UTC 2015 - mrueckert@suse.de - added mosquitto-1.4.1_apparmor.patch to make the profile work in newer apparmor ------------------------------------------------------------------- Fri May 1 22:06:15 UTC 2015 - mrueckert@suse.de - merge a few things from the other packages - create dir structure in the config dir + readmes - splitout the client - provide the splitted devel package names - install the apparmor profile - install firewall config ------------------------------------------------------------------- Fri May 1 20:34:01 UTC 2015 - mrueckert@suse.de - initial package