Revisions of mosquitto
Martin Hauke (mnhauke)
accepted
request 733245
from
Martin Hauke (mnhauke)
(revision 28)
- Update to version 1.6.7 Broker: * Add workaround for working with libwebsockets 3.2.0. * Fix potential crash when reloading config. Client library: * Don't use `/` in autogenerated client ids, to avoid confusing with topics. * Fix `mosquitto_max_inflight_messages_set()` and `mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...)` behaviour. * Fix regression on use of `mosquitto_connect_async()` not working. Clients: * mosquitto_sub: Fix `-E` incorrectly not working unless `-d` was also specified. * Updated documentation around automatic client ids.
buildservice-autocommit
accepted
request 732378
from
Martin Hauke (mnhauke)
(revision 27)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 732372
from
Martin Hauke (mnhauke)
(revision 26)
Update to version 1.6.5 to fix CVE-2019-11778 and CVE-2019-11779
buildservice-autocommit
accepted
request 714580
from
Martin Hauke (mnhauke)
(revision 25)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 714541
from
Antoine Belvire (1Antoine1)
(revision 24)
- Remove SuSEfirewall2 service since SuSEfirewall2 has been replaced by firewalld (which already provides a mqtt service). See also https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html.
buildservice-autocommit
accepted
request 706055
from
Factory Maintainer (factory-maintainer)
(revision 23)
baserev update by copy to link target
Marcus Rueckert (darix)
accepted
request 695487
from
Martin Hauke (mnhauke)
(revision 22)
- Update to version 1.6.0 Broker features * Add support for MQTT v5 * Add support for OCSP stapling. * Add support for ALPN on bridge TLS connections. * Add support for Automotive DLT logging. * Add TLS Engine support. * Persistence file read/write performance improvements. * General performance improvements. * Add max_keepalive option, to allow a maximum keepalive value to be set for MQTT v5 clients only. * Add bind_interface option which allows a listener to be bound to a specific network interface, in a similar fashion to the bind_address option. Linux only. * Add improved bridge restart interval based on Decorrelated Jitter. * Add dhparamfile option, to allow DH parameters to be loaded for Ephemeral DH support * Disallow writing to $ topics where appropriate. * Add explicit support for TLS v1.3. * Drop support for TLS v1.0. * Improved general support for broker generated client ids. Removed libuuid dependency. * auto_id_prefix now defaults to 'auto-'. * QoS 1 and 2 flow control improvements. Client library features * Add support for MQTT v5 * Add mosquitto_subscribe_multiple() for sending subscriptions to multiple topics in one command. * Add TLS Engine support. * Add explicit support for TLS v1.3.
Marcus Rueckert (darix)
accepted
request 680305
from
Martin Hauke (mnhauke)
(revision 21)
- Update to version 1.5.8 Broker: * Fix clients being disconnected when ACLs are in use. This only affects the case where a client connects using a username, and the anonymous ACL list is defined but specific user ACLs are not defined. * Fix delayed bridge local subscriptions causing missing messages. Library: * Use higher resolution timer for random initialisation of client id generation. * Fix some Coverity Scan reported errors that could occur when the library was already quitting.
buildservice-autocommit
accepted
request 679569
from
Factory Maintainer (factory-maintainer)
(revision 20)
baserev update by copy to link target
Marcus Rueckert (darix)
accepted
request 677198
from
Martin Hauke (mnhauke)
(revision 19)
- Use HTTPS for all URLs - Verify source signature
Marcus Rueckert (darix)
accepted
request 674913
from
Martin Hauke (mnhauke)
(revision 18)
- Update to version 1.5.7 Broker: - Ensure that an error occurs if `per_listener_settings true` is given after other security options. - Fix case where old unreferenced msg_store messages were being saved to the persistence file, bloating its size unnecessarily. Library: - Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for invalid subscriptions like `topic/#abc`. This only affects the return value, not the match/no match result, which was already correct. - Update to version 1.5.6 Security: * Fix CVE-2018-12551 (bsc#1125021): If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. * Fix CVE-2018-12550 (bsc#1125021): If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. This
Marcus Rueckert (darix)
accepted
request 658974
from
Martin Hauke (mnhauke)
(revision 17)
- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536) - Update to version 1.5.5 Security: * If `per_listener_settings` is set to true, then the `acl_file` setting was ignored for the "default listener" only. This has been fixed. This does not affect any listeners defined with the `listener` option. Broker: * Add `socket_domain` option to allow listeners to disable IPv6 support. This is required to work around a problem in libwebsockets that means sockets only listen on IPv6 by default if IPv6 support is compiled in. * When using ADNS, don't ask for all network protocols when connecting, because this can lead to confusing "Protocol not supported" errors if the network is down. * Fix outgoing retained messages not being sent by bridges on initial connection. * Don't reload auth_opt_ options on reload, to match the behaviour of the other plugin options. * Print message on error when installing/uninstalling as a Windows service. * All non-error connect/disconnect messages are controlled by the `connection_messages` option. Library: * Fix reconnect delay backoff behaviour. * Don't call on_disconnect() twice if keepalive tests fail. Client: * Always print leading zeros in mosquitto_sub when output format is hex. Build: * Fix building where TLS-PSK is not available. - Update to version 1.5.4 Security: * When using a TLS enabled websockets listener with "require_certificate"
buildservice-autocommit
accepted
request 644869
from
Marcus Rueckert (darix)
(revision 16)
baserev update by copy to link target
Marcus Rueckert (darix)
accepted
request 644721
from
Martin Hauke (mnhauke)
(revision 15)
- Update to version 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate log level to warning for situation when socket limit is hit. * Fix retained messages not sent by bridges on outgoing topics at the first connection. * Fix duplicate clients being added to by_id hash before the old client was removed. - Update to version 1.5.2 Broker: * Fix incorrect call to setsockopt() for TCP_NODELAY. * Fix excessive CPU usage when the number of sockets exceeds the system limit. * Fix round_robin false behaviour. * Fix segfault on HUP when bridges and security options are configured. Library: * Fix situation where username and password is used with SOCKS5 proxy. * Fix SOCKS5 behaviour when passing IP addresses.
buildservice-autocommit
accepted
request 631606
from
Factory Maintainer (factory-maintainer)
(revision 14)
baserev update by copy to link target
Marcus Rueckert (darix)
accepted
request 630414
from
Martin Hauke (mnhauke)
(revision 13)
- Update to version 1.5.1 Broker: * Fix plugin cleanup function not being called on exit of the broker. * Print more OpenSSL errors when loading certificates/keys fail. * Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. * Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined. * Fix IPv6 addresses not being able to be used as bridge addresses. * All clients now time out if they exceed their keepalive*1.5, rather than just reach it. This was inconsistent in two places. * Fix segfault on startup if bridge CA certificates could not be read. * Fix problem opening listeners on Pi caused by unsigned char being default. * ACL patterns that do not contain either %c or %u now produce a warning in the log. * Fix bridge publishing failing when per_listener_settings was true. * Fix `use_identity_as_username true` not working. * Fix UNSUBACK messages not being logged. * Fix possible endian issue when reading the `memory_limit` option. * Fix building for libwebsockets < 1.6. * Fix accessor functions for username and client id when used in plugin auth check. Library: * Fix some places where return codes were incorrect, including to the on_disconnect() callback. This has resulted in two new error codes, MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP. * Fix connection problems when mosquitto_loop_start() was called before mosquitto_connect_async(). Clients:
buildservice-autocommit
accepted
request 605073
from
Marcus Rueckert (darix)
(revision 12)
baserev update by copy to link target
Marcus Rueckert (darix)
accepted
request 604393
from
Martin Hauke (mnhauke)
(revision 11)
- Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3.
buildservice-autocommit
accepted
request 582184
from
Martin Hauke (mnhauke)
(revision 10)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 581738
from
Martin Hauke (mnhauke)
(revision 9)
- Update to version 1.4.15 Security: * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more file descriptors, then opening the configuration file will fail and security settings will be set back to their default values. * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by setting "remaining length" to be a large value. This is now mitigated by limiting the size of remaining length to valid values. A "memory_limit" configuration option has also been added to allow the overall memory used by the broker to be limited. Broker: * Use constant time memcmp for password comparisons. * Fix incorrect PSK key being used if it had leading zeroes. * Fix memory leak if a client provided a username/password for a listener with use_identity_as_username configured. * Fix use_identity_as_username not working on websockets clients. * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on a websockets client. Closes #490. * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. * Lines in the config file are no longer limited to 1024 characters long. Closes #652. * Fix $SYS counters of messages and bytes sent when message is sent over a Websockets. Closes #250. * Fix upgrade_outgoing_qos for retained message. Closes #534. * Fix CONNACK message not being sent for unauthorised connect on websockets. Closes #8. Client library: * Fix incorrect PSK key being used if it had leading zeroes.
Displaying revisions 41 - 60 of 68