Overview Repositories Revisions Requests Users Attributes Meta

Revisions of mosquitto

Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 73) 
- Update to version 2.0.18
  Broker:
  * Fix crash on subscribe under certain unlikely conditions.
  Clients:
  * Fix mosquitto_rr not honouring `-R`.
- Update to version 2.0.17
  Broker:
  * Fix `max_queued_messages 0` stopping clients from receiving
    messages.
  * Fix `max_inflight_messages` not being set correctly.
  Apps:
  * Fix `mosquitto_passwd -U` backup file creation.
- Update to version 2.0.16
  Security:
  * CVE-2023-28366: Fix memory leak in broker when clients send
    multiple QoS 2 messages with the same message ID, but then
    never respond to the PUBREC commands.
  * CVE-2023-0809: Fix excessive memory being allocated based on
    malicious initial packets that are not CONNECT packets.
  * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT
    packets with a will message that contains invalid property
    types.
  * Broker will now reject Will messages that attempt to publish
    to $CONTROL/.
  * Broker now validates usernames provided in a TLS certificate or
    TLS-PSK identity are valid UTF-8.
  * Fix potential crash when loading invalid persistence file.
  * Library will no longer allow single level wildcard
    certificates, e.g. *.com
  Broker:
buildservice-autocommit accepted request 932348 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 72) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 71) 
- Update to version 2.0.14
  Broker:
  * Fix bridge not respecting receive-maximum when reconnecting
    with MQTT v5.
  Client library:
  * Fix mosquitto_topic_matches_sub2() not using the length
    parameters.
  * Fix incorrect subscribe_callback in mosquittopp.h.
buildservice-autocommit accepted request 928017 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 70) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 69) 
- Update to version 2.0.13
  Broker:
  * Fix `max_keepalive` option not being able to be set to 0.
  * Fix LWT messages not being delivered if `per_listener_settings`
    was set to true.
  * Various fixes around inflight quota management.
  * Fix problem parsing config files with Windows line endings.
  * Don't send retained messages when a shared subscription is made
  * Fix client id not showing in log on failed connections, where
    possible.
  * Fix broker sending duplicate CONNACK on failed MQTT v5
    reauthentication.
  * Fix mosquitto_plugin.h not including mosquitto_broker.h.
  Client library:
  * Initialise sockpairR/W to invalid in `mosquitto_reinitialise()`
    to avoid closing invalid sockets in `mosquitto_destroy()` on
    error.
  Clients:
  - Fix date format in mosquitto_sub output.
buildservice-autocommit accepted request 917167 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 68) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 67) 
  * Includes security fixes for
    CVE-2021-34434 (bsc#1190048) and CVE-2020-13849 (bsc#1190101)
  Security :
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 66) 
- Update to version 2.0.12
  Security:
  * An MQTT v5 client connecting with a large number of
    user-property properties could cause excessive CPU usage,
    leading to a loss of performance and possible denial of
    service. This has been fixed.
  * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1
    connections.  These clients are now rejected if their keepalive
    value exceeds max_keepalive. This option allows CVE-2020-13849,
    which is for the MQTT v3.1.1 protocol itself rather than an
    implementation, to be addressed.
  * Using certain listener related configuration options e.g.
    `cafile`, that apply to the default listener without defining
    any listener would cause a remotely accessible listener to be
    opened that was not confined to the local machine but did have
    anonymous access enabled, contrary to the documentation.
    This has been fixed. Closes #2283.
  * CVE-2021-34434: If a plugin had granted ACL subscription access
    to a durable/non-clean-session client, then removed that
    access,the client would keep its existing subscription. This
    has been fixed.
  * Incoming QoS 2 messages that had not completed the QoS flow
    were not being checked for ACL access when a clean
    session=False client was reconnecting.  This has been fixed.
  Broker:
  * Fix possible out of bounds memory reads when reading a
    corrupt/crafted configuration file. Unless your configuration
    file is writable by untrusted users this is not a risk.
  * Fix `max_connections` option not being correctly counted.
  * Fix TLS certificates and TLS-PSK not being able to be
buildservice-autocommit accepted request 898869 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 65) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 64) 
- Update to version 2.0.11
  Security:
  * If a MQTT v5 client connects with a crafted CONNECT packet a
    memory leak will occur. This has been fixed.
  Broker:
  * Fix possible crash having just upgraded from 1.6 if
    `per_listener_settings true` is set, and a SIGHUP is sent to
    the broker before a client has reconnected to the broker.
  * Fix bridge not reconnectng if the first reconnection attempt
    fails.
  * Improve QoS 0 outgoing packet queueing.
  * Fix QoS 0 messages not being queued when `queue_qos0_messages`
    was enabled.
  Clients:
  * If sending mosquitto_sub output to a pipe, mosquitto_sub will
    now detect that the pipe has closed and disconnect.
  * Fix `mosquitto_pub -l` quitting if a message publication is
    attempted when the broker is temporarily unavailable.
- Remove not longer needed patch:
  * fix-undefined-symbols-in-plugins.patch (fixed upstream)
buildservice-autocommit accepted request 883684 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 63) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 62)
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 61) 
  * CVE-2021-28166: If an authenticated client connected with
  * Fix CVE-2021-28166. Closes #2163.
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 60) 
- Update to version 2.0.10
  Security:
  * CVE-xxxx-xxxx: If an authenticated client connected with
    MQTT v5 sent a malformed CONNACK message to the broker a NULL
    pointer dereference occurred, most likely resulting in a
    segfault. This will be updated with the CVE number when it is
    assigned.
    Affects versions 2.0.0 to 2.0.9 inclusive.
  Broker:
  * Don't over write new receive-maximum if a v5 client connects
    and takes over an old session.
  * Fix CVE-xxxx-xxxx. Closes #2163.
  Clients:
  * Set `receive-maximum` to not exceed the `-C` message count in
    mosquitto_sub and mosquitto_rr, to avoid potentially lost
    messages.
  * Fix TLS-PSK mode not working with port 8883.
  Client library:
  * Fix possible socket leak. This would occur if a client was
    using `mosquitto_loop_start()`, then if the connection failed
    due to the remote server being inaccessible they called
    `mosquitto_loop_stop(, true)` and recreated the mosquitto
    object.
  Build:
  * A variety of minor build related fixes, like functions not
    having previous declarations.
buildservice-autocommit accepted request 878570 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 59) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 58) 
- Build with support for tcp-wrapper (-DUSE_LIBWRAP=ON)
- Update to version 2.0.9
  Security:
  * If an empty or invalid CA file was provided to the client
    library for verifying the remote broker, then the initialx
    connection would fail but subsequent connections would succeed
     without verifying the remote broker certificate.
  * If an empty or invalid CA file was provided to the broker for
    verifying the remote broker for an outgoing bridge connection
    then the initial connection would fail but subsequent
    connections would succeed without verifying the
    remote broker certificate.
  Broker:
  * Fix encrypted bridge connections incorrectly connecting when
    `bridge_cafile` is empty or invalid.
  * Fix `tls_version` behaviour not matching documentation. It was
    setting the exact TLS version to use, not the minimium TLS
    version to use.
  * Fix messages to `$` prefixed topics being rejected.
  * Fix QoS 0 messages not being delivered when max_queued_bytes
    was configured.
  * Fix bridge increasing backoff calculation.
  * Improve handling of invalid combinations of listener address
    and bind interface configurations.
  * Fix `max_keepalive` option not applying to clients connecting
    with keepalive set to 0.
  Client library:
  * Fix encrypted connections incorrectly connecting when the CA
    file passed to `mosquitto_tls_set()` is empty or invalid.
  * Fix connections retrying very rapidly in some situations.
buildservice-autocommit accepted request 875783 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 57) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 56) 
- Update to version 2.0.8
  Broker:
  * Fix incorrect datatypes in `struct mosquitto_evt_tick`. This
    changes the size and offset of two of the members of this
    struct, and changes the size of the struct. This is an ABI
    break, but is considered to be acceptable because plugins
    should never be allocating their own instance of this struct,
    and currently none of the struct members are used for anything,
    so a plugin should not be accessing them. It would also be
    safe to read/write from the existing struct parameters.
  * Give compile time warning if libwebsockets compiled without
    external poll support.
  Client library:
  * Fix mosquitto_{pub|sub}_topic_check() functions not returning
    MOSQ_ERR_INVAL on topic == NULL.
  Clients:
  * Fix possible loss of data in `mosquitto_pub -l` when sending
    multiple long lines.
buildservice-autocommit accepted request 870017 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 55) 
auto commit by copy to link target
Martin Hauke's avatar Martin Hauke (mnhauke) committed (revision 54) 
- Update to version 2.0.7
  Broker:
  * Fix some minor memory leaks on exit only.
  * Fix possible memory leak on connect.
  * Fix openssl engine not being able to load private key.
  Clients:
  * Fix config files truncating options after the first space.
  Build:
  - Fix man page building to not absolutely require xsltproc when
    using CMake.
- Update to version 2.0.6
  Broker:
  * Fix calculation of remaining length parameter for websockets
    clients that send fragmented packets.
  Broker:
  * Fix potential duplicate Will messages being sent when a will
    delay interval has been set.
  * Fix message expiry interval property not being honoured in
    `mosquitto_broker_publish` and `mosquitto_broker_publish_copy`.
  * Fix websockets listeners with TLS not responding.
  * Improve logging in obscure cases when a client disconnects.
  * Fix reloading of listeners where multiple listeners have been
    defined with the same port but different bind addresses.
  * Fix `message_size_limit` not applying to the Will payload.
  * The error topic-alias-invalid was being sent if an MQTT v5
    client published a message with empty topic and topic alias
    set, but the topic alias hadn't already been configured on
    the broker. This has been fixed to send a protocol error, as
    per section 3.3.4 of the specification.
  * Note in the man pages that SIGHUP reloads TLS certificates.
Displaying revisions 1 - 20 of 73
openSUSE Build Service is sponsored by
Places