Revisions of mosquitto
buildservice-autocommit
accepted
request 1135794
from
Dirk Mueller (dirkmueller)
(revision 5)
Dirk Mueller (dirkmueller)
(revision 5)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 4)
- update to 2.0.18 (bsc#1214918, CVE-2023-28366, bsc#1215865,
CVE-2023-0809, bsc#1215864, CVE-2023-3592):
* Fix crash on subscribe under certain unlikely conditions.
* Fix mosquitto_rr not honouring `-R`. Closes #2893.
* Fix `max_queued_messages 0` stopping clients from receiving
messages.
* Fix `max_inflight_messages` not being set correctly.
* Fix `mosquitto_passwd -U` backup file creation.
* CVE-2023-28366: Fix memory leak in broker when clients send
multiple QoS 2 messages with the same message ID, but then
never respond to the PUBREC commands.
* CVE-2023-0809: Fix excessive memory being allocated based on
malicious initial packets that are not CONNECT packets.
* CVE-2023-3592: Fix memory leak when clients send v5 CONNECT
packets with a will message that contains invalid property
types.
* Broker will now reject Will messages that attempt to publish
to $CONTROL/.
* Broker now validates usernames provided in a TLS certificate
or TLS-PSK identity are valid UTF-8.
* Fix potential crash when loading invalid persistence file.
* Library will no longer allow single level wildcard
certificates, e.g. *.com
* Fix $SYS messages being expired after 60 seconds and hence
unchanged values disappearing.
* Fix some retained topic memory not being cleared immediately
after used.
* Fix error handling related to the `bind_interface` option.
* Fix std* files not being redirected when daemonising, when
built with assertions removed.
buildservice-autocommit
accepted
request 998717
from
Dirk Mueller (dirkmueller)
(revision 3)
Dirk Mueller (dirkmueller)
(revision 3)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 2)
- update to 2.0.15:
* Deleting the group configured as the anonymous group in the Dynamic Security
plugin, would leave a dangling pointer that could lead to a single crash.
This is considered a minor issue - only administrative users should have
access to dynsec, the impact on availability is one-off, and there is no
associated loss of data. It is now forbidden to delete the group configured
as the anonymous group.
* Fix memory leak when a plugin modifies the topic of a message in
MOSQ_EVT_MESSAGE.
* Fix bridge `restart_timeout` not being honoured.
* Fix potential memory leaks if a plugin modifies the message in the
MOSQ_EVT_MESSAGE event.
* Fix unused flags in CONNECT command being forced to be 0, which is not
required for MQTT v3.1. Closes #2522.
* Improve documentation of `persistent_client_expiration` option.
Closes #2404.
* Add clients to session expiry check list when restarting and reloading from
persistence. Closes #2546.
* Fix bridges not sending failure notification messages to the local broker if
the remote bridge connection fails. Closes #2467. Closes #1488.
* Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448.
* Fix incorrect return code being sent in DISCONNECT when a client session is
taken over. Closes #2607.
* Fix confusing "out of memory" error when a client is kicked in the dynamic
security plugin. Closes #2525.
* Fix confusing error message when dynamic security config file was a
directory. Closes #2520.
* Fix bridge queued messages not being persisted when local_cleansession is
set to false and cleansession is set to true. Closes #2604.
* Dynamic security: Fix modifyClient and modifyGroup commands to not modify
Dirk Mueller (dirkmueller)
committed
(revision 1)
Displaying all 5 revisions
