Revisions of mosquitto
buildservice-autocommit
accepted
request 1161178
from
Martin Hauke (mnhauke)
(revision 68)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 1160094
from
Dirk Stoecker (dstoecker)
(revision 67)
- Add Reload action to service Mosquitto reacts to HUP with a reload, so it should be used in the service file
buildservice-autocommit
accepted
request 1144953
from
Martin Hauke (mnhauke)
(revision 66)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 1143876
from
Arjen de Korte (adkorte)
(revision 65)
- Use sysuser-tools to generate mosquitto user
buildservice-autocommit
accepted
request 1136027
from
Martin Hauke (mnhauke)
(revision 64)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 1135794
from
Dirk Mueller (dirkmueller)
(revision 63)
- update to 2.0.18 (bsc#1214918, CVE-2023-28366, bsc#1215865, CVE-2023-0809, bsc#1215864, CVE-2023-3592): * Fix crash on subscribe under certain unlikely conditions. * Fix mosquitto_rr not honouring `-R`. Closes #2893. * Fix `max_queued_messages 0` stopping clients from receiving messages. * Fix `max_inflight_messages` not being set correctly. * Fix `mosquitto_passwd -U` backup file creation. * CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Broker will now reject Will messages that attempt to publish to $CONTROL/. * Broker now validates usernames provided in a TLS certificate or TLS-PSK identity are valid UTF-8. * Fix potential crash when loading invalid persistence file. * Library will no longer allow single level wildcard certificates, e.g. *.com * Fix $SYS messages being expired after 60 seconds and hence unchanged values disappearing. * Fix some retained topic memory not being cleared immediately after used. * Fix error handling related to the `bind_interface` option. * Fix std* files not being redirected when daemonising, when built with assertions removed.
buildservice-autocommit
accepted
request 1001462
from
Martin Hauke (mnhauke)
(revision 62)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 998717
from
Dirk Mueller (dirkmueller)
(revision 61)
- update to 2.0.15: * Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group. * Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. * Fix bridge `restart_timeout` not being honoured. * Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event. * Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522. * Improve documentation of `persistent_client_expiration` option. Closes #2404. * Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546. * Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488. * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. * Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607. * Fix confusing "out of memory" error when a client is kicked in the dynamic security plugin. Closes #2525. * Fix confusing error message when dynamic security config file was a directory. Closes #2520. * Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604. * Dynamic security: Fix modifyClient and modifyGroup commands to not modify
Martin Hauke (mnhauke)
accepted
request 932348
from
Martin Hauke (mnhauke)
(revision 60)
- Update to version 2.0.14 Broker: * Fix bridge not respecting receive-maximum when reconnecting with MQTT v5. Client library: * Fix mosquitto_topic_matches_sub2() not using the length parameters. * Fix incorrect subscribe_callback in mosquittopp.h.
Martin Hauke (mnhauke)
accepted
request 928017
from
Martin Hauke (mnhauke)
(revision 59)
- Update to version 2.0.13 Broker: * Fix `max_keepalive` option not being able to be set to 0. * Fix LWT messages not being delivered if `per_listener_settings` was set to true. * Various fixes around inflight quota management. * Fix problem parsing config files with Windows line endings. * Don't send retained messages when a shared subscription is made * Fix client id not showing in log on failed connections, where possible. * Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication. * Fix mosquitto_plugin.h not including mosquitto_broker.h. Client library: * Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` to avoid closing invalid sockets in `mosquitto_destroy()` on error. Clients: - Fix date format in mosquitto_sub output.
Martin Hauke (mnhauke)
accepted
request 917167
from
Martin Hauke (mnhauke)
(revision 58)
- Update to version 2.0.12 * Includes security fixes for CVE-2021-34434 (bsc#1190048) and CVE-2020-13849 (bsc#1190101) Security : * An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed. * Using certain listener related configuration options e.g. `cafile`, that apply to the default listener without defining any listener would cause a remotely accessible listener to be opened that was not confined to the local machine but did have anonymous access enabled, contrary to the documentation. This has been fixed. Closes #2283. * CVE-2021-34434: If a plugin had granted ACL subscription access to a durable/non-clean-session client, then removed that access,the client would keep its existing subscription. This has been fixed. * Incoming QoS 2 messages that had not completed the QoS flow were not being checked for ACL access when a clean session=False client was reconnecting. This has been fixed. Broker: * Fix possible out of bounds memory reads when reading a corrupt/crafted configuration file. Unless your configuration file is writable by untrusted users this is not a risk.
Martin Hauke (mnhauke)
accepted
request 923725
from
Johannes Segitz (jsegitz)
(revision 57)
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
buildservice-autocommit
accepted
request 898992
from
Marcus Rueckert (darix)
(revision 56)
baserev update by copy to link target
Marcus Rueckert (darix)
accepted
request 898869
from
Martin Hauke (mnhauke)
(revision 55)
- Update to version 2.0.11 Security: * If a MQTT v5 client connects with a crafted CONNECT packet a memory leak will occur. This has been fixed. Broker: * Fix possible crash having just upgraded from 1.6 if `per_listener_settings true` is set, and a SIGHUP is sent to the broker before a client has reconnected to the broker. * Fix bridge not reconnectng if the first reconnection attempt fails. * Improve QoS 0 outgoing packet queueing. * Fix QoS 0 messages not being queued when `queue_qos0_messages` was enabled. Clients: * If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect that the pipe has closed and disconnect. * Fix `mosquitto_pub -l` quitting if a message publication is attempted when the broker is temporarily unavailable. - Remove not longer needed patch: * fix-undefined-symbols-in-plugins.patch (fixed upstream)
buildservice-autocommit
accepted
request 883701
from
Martin Hauke (mnhauke)
(revision 54)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 883684
from
Martin Hauke (mnhauke)
(revision 53)
- Update to version 2.0.10 Security: * CVE-2021-28166: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault. This will be updated with the CVE number when it is assigned. Affects versions 2.0.0 to 2.0.9 inclusive. Broker: * Don't over write new receive-maximum if a v5 client connects and takes over an old session. * Fix CVE-2021-28166. Closes #2163. Clients: * Set `receive-maximum` to not exceed the `-C` message count in mosquitto_sub and mosquitto_rr, to avoid potentially lost messages. * Fix TLS-PSK mode not working with port 8883. Client library: * Fix possible socket leak. This would occur if a client was using `mosquitto_loop_start()`, then if the connection failed due to the remote server being inaccessible they called `mosquitto_loop_stop(, true)` and recreated the mosquitto object. Build: * A variety of minor build related fixes, like functions not having previous declarations.
buildservice-autocommit
accepted
request 879920
from
Martin Hauke (mnhauke)
(revision 52)
baserev update by copy to link target
Martin Hauke (mnhauke)
accepted
request 878570
from
Martin Hauke (mnhauke)
(revision 51)
- Build with support for tcp-wrapper (-DUSE_LIBWRAP=ON) - Update to version 2.0.9 Security: * If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initialx connection would fail but subsequent connections would succeed without verifying the remote broker certificate. * If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Broker: * Fix encrypted bridge connections incorrectly connecting when `bridge_cafile` is empty or invalid. * Fix `tls_version` behaviour not matching documentation. It was setting the exact TLS version to use, not the minimium TLS version to use. * Fix messages to `$` prefixed topics being rejected. * Fix QoS 0 messages not being delivered when max_queued_bytes was configured. * Fix bridge increasing backoff calculation. * Improve handling of invalid combinations of listener address and bind interface configurations. * Fix `max_keepalive` option not applying to clients connecting with keepalive set to 0. Client library: * Fix encrypted connections incorrectly connecting when the CA file passed to `mosquitto_tls_set()` is empty or invalid. * Fix connections retrying very rapidly in some situations.
Marcus Rueckert (darix)
committed
(revision 50)
- Convert some of the BuildRequires from package names to pkgconfig(): libcares, libcjson, libwebsockets - Fix linking of modules: - Add fix-undefined-symbols-in-plugins.patch - revert old workaround of settings -DCMAKE_SHARED_LINKER_FLAGS= - Update mosquitto-1.6.8-config.patch: Set a short profilename for a cleaner ps aufxZ output - Refreshed mosquitto-1.6.8-config.patch to apply cleanly again
Marcus Rueckert (darix)
accepted
request 875783
from
Martin Hauke (mnhauke)
(revision 49)
- Update to version 2.0.8 Broker: * Fix incorrect datatypes in `struct mosquitto_evt_tick`. This changes the size and offset of two of the members of this struct, and changes the size of the struct. This is an ABI break, but is considered to be acceptable because plugins should never be allocating their own instance of this struct, and currently none of the struct members are used for anything, so a plugin should not be accessing them. It would also be safe to read/write from the existing struct parameters. * Give compile time warning if libwebsockets compiled without external poll support. Client library: * Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL on topic == NULL. Clients: * Fix possible loss of data in `mosquitto_pub -l` when sending multiple long lines.
Displaying revisions 1 - 20 of 68