forked from eclipse-mosquitto/mosquitto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog.txt
2477 lines (2123 loc) · 102 KB
/
ChangeLog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1.6.12 - 2020-08-19
===================
Security:
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed. Closes #1793.
Broker:
- Build warning fixes when building with WITH_BRIDGE=no and WITH_TLS=no.
Clients:
- All clients exit with an error exit code on CONNACK failure. Closes #1778.
- Don't busy loop with `mosquitto_pub -l` on a slow connection.
1.5.10 - 2020-08-19
===================
Security:
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed. Closes #1793.
1.6.11 - 2020-08-11
===================
Security:
- On Windows the Mosquitto service was being installed without appropriate
path quoting, this has been fixed.
Broker:
- Fix usage message only mentioning v3.1.1. Closes #1713.
- Fix broker refusing to start if only websockets listeners were defined.
Closes #1740.
- Change systemd unit files to create /var/log/mosquitto before starting.
Closes #821.
- Don't quit with an error if opening the log file isn't possible.
Closes #821.
- Fix bridge topic remapping when using "" as the topic. Closes #1749.
- Fix messages being queued for disconnected bridges when clean start was
set to true. Closes #1729.
- Fix `autosave_interval` not being triggered by messages being delivered.
Closes #1726.
- Fix websockets clients sometimes not being disconnected promptly.
Closes #1718.
- Fix "slow" file based logging by switching to line based buffering.
Closes #1689. Closes #1741.
- Log protocol error message where appropriate from a bad UNSUBSCRIBE, rather
than the generic "socket error".
- Don't try to start DLT logging if DLT unavailable, to avoid a long delay
when shutting down the broker. Closes #1735.
- Fix potential memory leaks. Closes #1773. Closes #1774.
- Fix clients not receiving messages after a previous client with the same
client ID and positive will delay interval quit. Closes #1752.
- Fix overly broad HAVE_PTHREAD_CANCEL compile guard. Closes #1547.
Client library:
- Improved documentation around connect callback return codes. Close #1730.
- Fix `mosquitto_publish*()` no longer returning `MOSQ_ERR_NO_CONN` when not
connected. Closes #1725.
- `mosquitto_loop_start()` now sets a thread name on Linux, FreeBSD, NetBSD,
and OpenBSD. Closes #1777.
- Fix `mosquitto_loop_stop()` not stopping on Windows. Closes #1748. Closes #117.
1.6.10 - 2020-05-25
===================
Broker:
- Report invalid bridge prefix+pattern combinations at config parsing time
rather than letting the bridge fail later. Issue #1635.
- Fix `mosquitto_passwd -b` not updating passwords for existing users
correctly. Creating a new user with `-b` worked without problem.
Closes #1664.
- Fix memory leak when connecting clients rejected.
- Don't disconnect clients that are already disconnected. This prevents the
session expiry being extended on SIGHUP. Closes #1521.
- Fix support for openssl 3.0.
- Fix check when loading persistence file of a different version than the
native version. Closes #1684.
- Fix possible assert crash associated with bridge reconnecting when compiled
without epoll support. Closes #1700.
Client library:
- Don't treat an unexpected PUBACK, PUBREL, or PUBCOMP as a fatal error.
Issue #1629.
- Fix support for openssl 3.0.
- Fix memory leaks from multiple calls to
`mosquitto_lib_init()`/`mosquitto_lib_cleanup()`. Closes #1691.
- Fix documentation on return code of `mosquitto_lib_init()` for Windows.
Closes #1690.
Clients:
- Fix mosquitto_sub %j or %J not working on Windows. Closes #1674.
Build:
- Various fixes for building with <C99 support. Closes #1622.
- Fix use of sed on BSD. Closes #1614.
1.6.9 - 20200227
================
Broker:
- Fix session expiry with very large expiry intervals. Closes #1525.
- Check ACL patterns for validity when loading. Closes #1539.
- Use presence of password file as indicator for whether username checks
should take place, not whether usernames are defined in the password file.
Closes #1545.
- Strip whitespace from end of config file string options. Closes #1566.
- Satisfy valgrind when exiting on error due to not being able to open a
listening socket, by calling freeaddrinfo. Closes #1565.
- Fix config->user not being freed on exit. Closes #1564.
- Fix trailing whitespace not being trimmed on acl users. Closes #1539.
- Fix `bind_interface` not working for the default listener. Closes #1533.
- Improve password file parsing in the broker and mosqitto_passwd. Closes #1584.
- Print OpenSSL errors in more situations, like when loading certificates
fails. Closes #1552.
- Fix `mosquitto_client_protocol() returning incorrect values.
Client library:
- Set minimum keepalive argument to `mosquitto_connect*()` to be 5 seconds.
Closes #1550.
- Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL if the
topic contains a wildcard. Closes #1589.
Clients:
- Fix `--remove-retained` not obeying the `-T` option for filtering out
topics. Closes #1585.
- Default behaviour for v5 clients using `-c` is now to use infinite length
sessions, as with v3 clients. Closes #1546.
1.6.8 - 20191128
================
Broker:
- Various fixes for `allow_zero_length_clientid` config, where this option was
not being set correctly. Closes #1429.
- Fix incorrect memory tracking causing problems with memory_limit option.
Closes #1437.
- Fix subscription topics being limited to 200 characters instead of 200
hierarchy levels. Closes #1441.
- Only a single CRL could be loaded at once. This has been fixed.
Closes #1442.
- Fix problems with reloading config when `per_listener_settings` was true.
Closes #1459.
- Fix retained messages with an expiry interval not being expired after being
restored from persistence. Closes #1464.
- Fix messages with an expiry interval being sent without an expiry interval
property just before they were expired. Closes #1464.
- Fix TLS Websockets clients not receiving messages after taking over a
previous connection. Closes #1489.
- Fix MQTT 3.1.1 clients using clean session false, or MQTT 5.0 clients using
session-expiry-interval set to infinity never expiring, even when the global
`persistent_client_expiration` option was set. Closes #1494.
Client library:
- Fix publish properties not being passed to on_message_v5 callback for QoS 2
messages. Closes #1432.
- Fix documentation issues in mosquitto.h. Closes #1478.
- Document `mosquitto_connect_srv()`. Closes #1499.
Clients:
- Fix duplicate cfg definition in rr_client. Closes #1453.
- Fix `mosquitto_pub -l` hang when stdin stream ends. Closes #1448.
- Fix `mosquitto_pub -l` not sending the final line of stdin if it does not
end with a new line. Closes #1473.
- Make documentation for `mosquitto_pub -l` match reality - blank lines are
sent as empty messages. Closes #1474.
- Free memory in `mosquitto_sub` when quiting without having made a successful
connection. Closes #1513.
Build:
- Added `CLIENT_STATIC_LDADD` to makefile builds to allow more libraries to be
linked when compiling the clients with a static libmosquitto, as required
for e.g. openssl on some systems.
Installer:
- Fix mosquitto_rr.exe not being included in Windows installers. Closes #1463.
1.6.7 - 20190925
================
Broker:
- Add workaround for working with libwebsockets 3.2.0.
- Fix potential crash when reloading config. Closes #1424, #1425.
Client library:
- Don't use `/` in autogenerated client ids, to avoid confusing with topics.
- Fix `mosquitto_max_inflight_messages_set()` and `mosquitto_int_option(...,
MOSQ_OPT_*_MAX, ...)` behaviour. Closes #1417.
- Fix regression on use of `mosquitto_connect_async()` not working.
Closes #1415 and #1422.
Clients:
- mosquitto_sub: Fix `-E` incorrectly not working unless `-d` was also
specified. Closes #1418.
- Updated documentation around automatic client ids.
1.6.6 - 20190917
================
Security:
- Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
Closes #1412.
Broker:
- Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
Closes #1412.
- mosquitto_passwd now returns 1 when attempting to update a user that does
not exist. Closes #1414.
1.6.5 - 20190912
================
Broker:
- Fix v5 DISCONNECT packets with remaining length == 2 being treated as a
protocol error. Closes #1367.
- Fix support for libwebsockets 3.x.
- Fix slow websockets performance when sending large messages. Closes #1390.
- Fix bridges potentially not connecting on Windows. Closes #478.
- Fix clients authorised using `use_identity_as_username` or
`use_subject_as_username` being disconnected on SIGHUP. Closes #1402.
- Improve error messages in some situations when clients disconnect. Reduces
the number of "Socket error on client X, disconnecting" messages.
- Fix Will for v5 clients not being sent if will delay interval was greater
than the session expiry interval. Closes #1401.
- Fix CRL file not being reloaded on HUP. Closes #35.
- Fix repeated "Error in poll" messages on Windows when only websockets
listeners are defined. Closes #1391.
Client library:
- Fix reconnect backoff for the situation where connections are dropped rather
than refused. Closes #737.
- Fix missing locks on `mosq->state`. Closes #1374.
Documentation:
- Improve details on global/per listener options in the mosquitto.conf man page.
Closes #274.
- Clarify behaviour when clients exceed the `message_size_limit`. Closes #448.
- Improve documentation for `max_inflight_bytes`, `max_inflight_messages`,
and `max_queued_messages`.
Build:
- Fix missing function warnings on NetBSD.
- Fix WITH_STATIC_LIBRARIES using CMake on Windows. Closes #1369.
- Guard ssize_t definition on Windows. Closes #522.
1.6.4 - 20190801
================
Broker:
- Fix persistent clients being incorrectly expired on Raspberry Pis.
Closes #1272.
- Windows: Allow other applications access to the log file when running.
Closes #515.
- Fix incoming QoS 2 messages being blocked when `max_inflight_messages` was
set to 1. Closes #1332.
- Fix incoming messages not being removed for a client if the topic being
published to does not have any subscribers. Closes #1322.
Client library:
- Fix MQTT v5 subscription options being incorrectly set for MQTT v3
subscriptions. Closes #1353.
- Make behaviour of `mosquitto_connect_async()` consistent with
`mosquitto_connect()` when connecting to a non-existent server.
Closes #1345.
- `mosquitto_string_option(mosq, MOSQ_OPT_TLS_KEYFORM, ...)` was incorrectly
returning `MOSQ_ERR_INVAL` with valid input. This has been fixed.
Closes #1360.
- on_connect callback is now called with the correct v5 reason code if a v5
client connects to a v3.x broker and is sent a CONNACK with the
"unacceptable protocol version" connack reason code.
- Fix memory leak when setting v5 properties in mosquitto_connect_v5().
- Fix properties not being sent on QoS>0 PUBLISH messages.
Clients:
- mosquitto_pub: fix error codes not being returned when mosquitto_pub exits.
Closes #1354.
- All clients: improve error messages when connecting to a v3.x broker when in
v5 mode. Closes #1344.
Other:
- Various documentation fixes.
1.6.3 - 20190618
================
Broker:
- Fix detection of incoming v3.1/v3.1.1 bridges. Closes #1263.
- Fix default max_topic_alias listener config not being copied to the in-use
listener when compiled without TLS support.
- Fix random number generation if compiling using `WITH_TLS=no` and on Linux
with glibc >= 2.25. Without this fix, no random numbers would be generated
for e.g. on broker client id generation, and so clients connecting expecting
this feature would be unable to connect.
- Fix compilation problem related to `getrandom()` on non-glibc systems.
- Fix Will message for a persistent client incorrectly being sent when the
client reconnects after a clean disconnect. Closes #1273.
- Fix Will message for a persistent client not being sent on disconnect.
Closes #1273.
- Improve documentation around the upgrading of persistence files. Closes
#1276.
- Add 'extern "C"' on mosquitto_broker.h and mosquitto_plugin.h for C++ plugin
writing. Closes #1290.
- Fix persistent Websockets clients not receiving messages after they
reconnect, having sent DISCONNECT on a previous session. Closes #1227.
- Disable TLS renegotiation. Client initiated renegotiation is considered to
be a potential attack vector against servers. Closes #1257.
- Fix incorrect shared subscription topic '$shared'.
- Fix zero length client ids being rejected for MQTT v5 clients with clean
start set to true.
- Fix MQTT v5 overlapping subscription behaviour. Clients now receive message
from all matching subscriptions rather than the first one encountered, which
ensures the maximum QoS requirement is met.
- Fix incoming/outgoing quota problems for QoS>0.
- Remove obsolete `store_clean_interval` from documentation.
- Fix v4 authentication plugin never calling psk_key_get.
Client library:
- Fix typo causing build error on Windows when building without TLS support.
Closes #1264.
Clients:
- Fix -L url parsing when `/topic` part is missing.
- Stop some error messages being printed even when `--quiet` was used.
Closes #1284.
- Fix mosquitto_pub exiting with error code 0 when an error occurred.
Closes #1285.
- Fix mosquitto_pub not using the `-c` option. Closes #1273.
- Fix MQTT v5 clients not being able to specify a password without a username.
Closes #1274.
- Fix `mosquitto_pub -l` not handling network failures. Closes #1152.
- Fix `mosquitto_pub -l` not handling zero length input. Closes #1302.
- Fix double free on exit in mosquitto_pub. Closes #1280.
Documentation:
- Remove references to Python binding and C++ wrapper in libmosquitto man
page. Closes #1266.
Build:
- CLIENT_LDFLAGS now uses LDFLAGS. Closes #1294.
1.6.2 - 20190430
================
Broker:
- Fix memory access after free, leading to possible crash, when v5 client with
Will message disconnects, where the Will message has as its first property
one of `content-type`, `correlation-data`, `payload-format-indicator`, or
`response-topic`. Closes #1244.
- Fix build for WITH_TLS=no. Closes #1250.
- Fix Will message not allowing user-property properties.
- Fix broker originated messages (e.g. $SYS/broker/version) not being
published when `check_retain_source` set to true. Closes #1245.
- Fix $SYS/broker/version being incorrectly expired after 60 seconds.
Closes #1245.
Library:
- Fix crash after client has been unable to connect to a broker. This occurs
when the client is exiting and is part of the final library cleanup routine.
Closes #1246.
Clients:
- Fix -L url parsing. Closes #1248.
1.6.1 - 20190426
================
Broker:
- Document `memory_limit` option.
Clients:
- Fix compilation on non glibc systems due to missing sys/time.h header.
Build:
- Add `make check` target and document testing procedure. Closes #1230.
- Document bundled dependencies and how to disable. Closes #1231.
- Split CFLAGS and CPPFLAGS, and LDFLAGS and LDADD/LIBADD.
- test/unit now respects CPPFLAGS and LDFLAGS. Closes #1232.
- Don't call ldconfig in CMake scripts. Closes #1048.
- Use CMAKE_INSTALL_* variables when installing in CMake. Closes #1049.
1.6 - 20190417
==============
Broker features:
- Add support for MQTT v5
- Add support for OCSP stapling.
- Add support for ALPN on bridge TLS connections. Closes #924.
- Add support for Automotive DLT logging.
- Add TLS Engine support.
- Persistence file read/write performance improvements.
- General performance improvements.
- Add max_keepalive option, to allow a maximum keepalive value to be set for
MQTT v5 clients only.
- Add `bind_interface` option which allows a listener to be bound to a
specific network interface, in a similar fashion to the `bind_address` option.
Linux only.
- Add improved bridge restart interval based on Decorrelated Jitter.
- Add `dhparamfile` option, to allow DH parameters to be loaded for Ephemeral
DH support
- Disallow writing to $ topics where appropriate.
- Fix mosquitto_passwd crashing on corrupt password file. Closes #1207.
- Add explicit support for TLS v1.3.
- Drop support for TLS v1.0.
- Improved general support for broker generated client ids. Removed libuuid
dependency.
- auto_id_prefix now defaults to 'auto-'.
- QoS 1 and 2 flow control improvements.
Client library features:
- Add support for MQTT v5
- Add mosquitto_subscribe_multiple() for sending subscriptions to multiple
topics in one command.
- Add TLS Engine support.
- Add explicit support for TLS v1.3.
- Drop support for TLS v1.0.
- QoS 1 and 2 flow control improvements.
Client features:
- Add support for MQTT v5
- Add mosquitto_rr client, which can be used for "request-response" messaging,
by sending a request message and awaiting a response.
- Add TLS Engine support.
- Add support for ALPN on TLS connections. Closes #924.
- Add -D option for all clients to specify MQTT v5 properties.
- Add -E to mosquitto_sub, which causes it to exit immediately after having
its subscriptions acknowledged. Use with -c to create a durable client
session without requiring a message to be received.
- Add --remove-retained to mosquitto_sub, which can be used to clear retained
messages on a broker.
- Add --repeat and --repeat-delay to mosquitto_pub, which can be used to
repeat single message publishes at a regular interval.
- -V now accepts `5, `311`, `31`, as well as `mqttv5` etc.
- Add explicit support for TLS v1.3.
- Drop support for TLS v1.0.
Broker fixes:
- Improve error reporting when creating listeners.
- Fix build on SmartOS due to missing IPV6_V6ONLY. Closes #1212.
Client library fixes
- Add missing `mosquitto_userdata()` function.
Client fixes:
- mosquitto_pub wouldn't always publish all messages when using `-l` and
QoS>0. This has been fixed.
- mosquitto_sub was incorrectly encoding special characters when using %j
output format. Closes #1220.
1.5.8 - 20190228
================
Broker:
- Fix clients being disconnected when ACLs are in use. This only affects the
case where a client connects using a username, and the anonymous ACL list is
defined but specific user ACLs are not defined. Closes #1162.
- Make error messages for missing config file clearer.
- Fix some Coverity Scan reported errors that could occur when the broker was
already failing to start.
- Fix broken mosquitto_passwd on FreeBSD. Closes #1032.
- Fix delayed bridge local subscriptions causing missing messages.
Closes #1174.
Library:
- Use higher resolution timer for random initialisation of client id
generation. Closes #1177.
- Fix some Coverity Scan reported errors that could occur when the library was
already quitting.
1.5.7 - 20190213
================
Broker:
- Fix build failure when using WITH_ADNS=yes
- Ensure that an error occurs if `per_listener_settings true` is given after
other security options. Closes #1149.
- Fix include_dir not sorting config files before loading. This was partially
fixed in 1.5 previously.
- Improve documentation around the `include_dir` option. Closes #1154.
- Fix case where old unreferenced msg_store messages were being saved to the
persistence file, bloating its size unnecessarily. Closes #389.
Library:
- Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for
invalid subscriptions like `topic/#abc`. This only affects the return value,
not the match/no match result, which was already correct.
Build:
- Don't require C99 compiler.
- Add rewritten build test script and remove some build warnings.
1.5.6 - 20190206
================
Security:
- CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and no
password. If this occurs, clients can circumvent authentication and get access
to the broker by using the malformed username. In particular, a blank line
will be treated as a valid empty username. Other security measures are
unaffected. Users who have only used the mosquitto_passwd utility to create
and modify their password files are unaffected by this vulnerability.
Affects version 1.0 to 1.5.5 inclusive.
- CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all topics
is not a useful configuration, this behaviour is unexpected and could lead
to access being incorrectly granted in some circumstances. This is now
fixed. Affects versions 1.0 to 1.5.5 inclusive.
- CVE-2018-12546. If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration option
`check_retain_source` has been introduced to enforce checking of the
retained message source on publish.
Broker:
- Fixed comment handling for config options that have optional arguments.
- Improved documentation around bridge topic remapping.
- Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
- Fix spaces not being allowed in the bridge remote_username option. Closes
#1131.
- Allow broker to always restart on Windows when using `log_dest file`. Closes
#1080.
- Fix Will not being sent for Websockets clients. Closes #1143.
- Windows: Fix possible crash when client disconnects. Closes #1137.
- Fixed durable clients being unable to receive messages when offline, when
per_listener_settings was set to true. Closes #1081.
- Add log message for the case where a client is disconnected for sending a
topic with invalid UTF-8. Closes #1144.
Library:
- Fix TLS connections not working over SOCKS.
- Don't clear SSL context when TLS connection is closed, meaning if a user
provided an external SSL_CTX they have less chance of leaking references.
Build:
- Fix comparison of boolean values in CMake build. Closes #1101.
- Fix compilation when openssl deprecated APIs are not available.
Closes #1094.
- Man pages can now be built on any system. Closes #1139.
1.5.5 - 20181211
================
Security:
- If `per_listener_settings` is set to true, then the `acl_file` setting was
ignored for the "default listener" only. This has been fixed. This does not
affect any listeners defined with the `listener` option. Closes #1073.
This is now tracked as CVE-2018-20145.
Broker:
- Add `socket_domain` option to allow listeners to disable IPv6 support.
This is required to work around a problem in libwebsockets that means
sockets only listen on IPv6 by default if IPv6 support is compiled in.
Closes #1004.
- When using ADNS, don't ask for all network protocols when connecting,
because this can lead to confusing "Protocol not supported" errors if the
network is down. Closes #1062.
- Fix outgoing retained messages not being sent by bridges on initial
connection. Closes #1040.
- Don't reload auth_opt_ options on reload, to match the behaviour of the
other plugin options. Closes #1068.
- Print message on error when installing/uninstalling as a Windows service.
- All non-error connect/disconnect messages are controlled by the
`connection_messages` option. Closes #772. Closes #613. Closes #537.
Library:
- Fix reconnect delay backoff behaviour. Closes #1027.
- Don't call on_disconnect() twice if keepalive tests fail. Closes #1067.
Client:
- Always print leading zeros in mosquitto_sub when output format is hex.
Closes #1066.
Build:
- Fix building where TLS-PSK is not available. Closes #68.
1.5.4 - 20181108
================
Security:
- When using a TLS enabled websockets listener with "require_certificate"
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed. All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this. Closes #996.
Broker:
- Process all pending messages even when a client has disconnected. This means
a client that send a PUBLISH then DISCONNECT quickly, then disconnects will
have its DISCONNECT message processed properly and so no Will will be sent.
Closes #7.
- $SYS/broker/clients/disconnected should never be negative. Closes #287.
- Give better error message if a client sends a password without a username.
Closes #1015.
- Fix bridge not honoring restart_timeout. Closes #1019.
- Don't disconnect a client if an auth plugin denies access to SUBSCRIBE.
Closes #1016.
Library:
- Fix memory leak that occurred if mosquitto_reconnect() was used when TLS
errors were present. Closes #592.
- Fix TLS connections when using an external event loop with
mosquitto_loop_read() and mosquitto_write(). Closes #990.
Build:
- Fix clients not being compiled with threading support when using CMake.
Closes #983.
- Header fixes for FreeBSD. Closes #977.
- Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage.
Closes #862 and #933.
- Fix builds on QNX 7.0.0. Closes #1018.
1.5.3 - 20180925
================
Security:
- Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
begins with $, but is not $SYS, then an assert that should be unreachable is
triggered and Mosquitto will exit.
Broker:
- Elevate log level to warning for situation when socket limit is hit.
- Remove requirement to use `user root` in snap package config files.
- Fix retained messages not sent by bridges on outgoing topics at the first
connection. Closes #701.
- Documentation fixes. Closes #520, #600.
- Fix duplicate clients being added to by_id hash before the old client was
removed. Closes #645.
- Fix Windows version not starting if include_dir did not contain any files.
Closes #566.
- When an authentication plugin denied access to a SUBSCRIBE, the client would
be disconnected incorrectly. This has been fixed. Closes #1016.
Build:
- Various fixes to ease building.
1.5.2 - 20180919
================
Broker:
- Fix build when using WITH_ADNS=yes.
- Fix incorrect call to setsockopt() for TCP_NODELAY. Closes #941.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
Closes #948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes #481.
- Fix segfault on HUP when bridges and security options are configured.
Closes #965.
Library:
- Fix situation where username and password is used with SOCKS5 proxy. Closes
#927.
- Fix SOCKS5 behaviour when passing IP addresses. Closes #927.
Build:
- Make it easier to build without bundled uthash.h using "WITH_BUNDLED_DEPS=no".
- Fix build with OPENSSL_NO_ENGINE. Closes #932.
1.5.1 - 20180816
================
Broker:
- Fix plugin cleanup function not being called on exit of the broker.
Closes #900.
- Print more OpenSSL errors when loading certificates/keys fail.
- Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. Closes #863.
- Remove use of AI_ADDRCONFIG, which means the broker can be used on systems
where only the loopback interface is defined. Closes #869, Closes #901.
- Fix IPv6 addresses not being able to be used as bridge addresses.
Closes #886.
- All clients now time out if they exceed their keepalive*1.5, rather than
just reach it. This was inconsistent in two places.
- Fix segfault on startup if bridge CA certificates could not be read.
Closes #851.
- Fix problem opening listeners on Pi caused by unsigned char being default.
Found via #849.
- ACL patterns that do not contain either %c or %u now produce a warning in
the log. Closes #209.
- Fix bridge publishing failing when per_listener_settings was true. Closes
#860.
- Fix `use_identity_as_username true` not working. Closes #833.
- Fix UNSUBACK messages not being logged. Closes #903.
- Fix possible endian issue when reading the `memory_limit` option.
- Fix building for libwebsockets < 1.6.
- Fix accessor functions for username and client id when used in plugin auth
check.
Library:
- Fix some places where return codes were incorrect, including to the
on_disconnect() callback. This has resulted in two new error codes,
MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP.
- Fix connection problems when mosquitto_loop_start() was called before
mosquitto_connect_async(). Closes #848.
Clients:
- When compiled using WITH_TLS=no, the default port was incorrectly being set
to -1. This has been fixed.
- Fix compiling on Mac OS X <10.12. Closes #813 and #240.
Build:
- Fixes for building on NetBSD. Closes #258.
- Fixes for building on FreeBSD.
- Add support for compiling with static libwebsockets library.
1.5 - 20180502
==============
Security:
- Fix memory leak that could be caused by a malicious CONNECT packet. This
does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker)
Broker features:
- Add per_listener_settings to allow authentication and access control to be
per listener.
- Add limited support for reloading listener settings. This allows settings
for an already defined listener to be reloaded, but port numbers must not be
changed.
- Add ability to deny access to SUBSCRIBE messages as well as the current
read/write accesses. Currently for auth plugins only.
- Reduce calls to malloc through the use of UHPA.
- Outgoing messages with QoS>1 are no longer retried after a timeout period.
Messages will be retried when a client reconnects. This change in behaviour
can be justified by considering when the timeout may have occurred.
* If a connection is unreliable and has dropped, but without one end
noticing, the messages will be retried on reconnection. Sending
additional PUBLISH or PUBREL would not have changed anything.
* If a client is overloaded/unable to respond/has a slow connection then
sending additional PUBLISH or PUBREL would not help the client catch
up. Once the backlog has cleared the client will respond. If it is not
able to catch up, sending additional duplicates would not help either.
- Add use_subject_as_username option for certificate based client
authentication to use the entire certificate subject as a username, rather
than just the CN. Closes #469467.
- Change sys tree printing output. This format shouldn't be relied upon and
may change at any time. Closes #470246.
- Minimum supported libwebsockets version is now 1.3.
- Add systemd startup notification and services. Closes #471053.
- Reduce unnecessary malloc and memcpy when receiving a message and storing
it. Closes #470258.
- Support for Windows XP has been dropped.
- Bridge connections now default to using MQTT v3.1.1.
- mosquitto_db_dump tool can now output some stats on clients.
- Perform utf-8 validation on incoming will, subscription and unsubscription
topics.
- new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored)
- new $SYS/broker/store/messages/bytes
- max_queued_bytes feature to limit queues by real size rather than
than just message count. Closes Eclipse #452919 or Github #100
- Add support for bridges to be configured to only send notifications to the
local broker.
- Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on
client sockets. Closes #433.
- The behaviour of allow_anonymous has changed. In the old behaviour, the
default if not set was to allow anonymous access. The new behaviour is to
default is to allow anonymous access unless another security option is set.
For example, if password_file is set and allow_anonymous is not set, then
anonymous access will be denied. It is still possible to allow anonymous
access by setting it explicitly.
Broker fixes:
- Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665.
- Produce an error if two bridges share the same local_clientid.
- Miscellaneous fixes on Windows.
- queue_qos0_messages was not observing max_queued_** limits
- When using the include_dir configuration option sort the files
alphabetically before loading them. Closes #17.
- IPv6 is no longer disabled for websockets listeners.
- Remove all build timestamp information including $SYS/broker/timestamp.
Close #651.
- Correctly handle incoming strings that contain a NULL byte. Closes #693.
- Use constant time memcmp for password comparisons.
- Fix incorrect PSK key being used if it had leading zeroes.
- Fix memory leak if a client provided a username/password for a listener with
use_identity_as_username configured.
- Fix use_identity_as_username not working on websockets clients.
- Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
a websockets client. Closes #490.
- Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
- Lines in the config file are no longer limited to 1024 characters long.
Closes #652.
- Fix $SYS counters of messages and bytes sent when message is sent over
a Websockets. Closes #250.
- Fix upgrade_outgoing_qos for retained message. Closes #534.
- Fix CONNACK message not being sent for unauthorised connect on websockets.
Closes #8.
- Maximum connections on Windows increased to 2048.
- When a client with an in-use client-id connects, if the old client has a
will, send the will message. Closes #26.
- Fix parsing of configuration options that end with a space. Closes #804.
Client library features:
- Outgoing messages with QoS>1 are no longer retried after a timeout period.
Messages will be retried when a client reconnects.
- DNS-SRV support is now disabled by default.
- Add mosquitto_subscribe_simple() This is a helper function to make
retrieving messages from a broker very straightforward. Examples of its use
are in examples/subscribe_simple.
- Add mosquitto_subscribe_callback() This is a helper function to make
processing messages from a broker very straightforward. An example of its use
is in examples/subscribe_simple.
- Connections now default to using MQTT v3.1.1.
- Add mosquitto_validate_utf8() to check whether a string is valid UTF-8
according to the UTF-8 spec and to the additional restrictions imposed by
the MQTT spec.
- Topic inputs are checked for UTF-8 validity.
- Add mosquitto_userdata function to allow retrieving the client userdata
member variable. Closes #111.
- Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and
mosquitto_topic_matches_sub2() which are identical to the similarly named
functions but also take length arguments.
- Add mosquitto_connect_with_flags_callback_set(), which allows a second
connect callback to be used which also exposes the connect flags parameter.
Closes #738 and #128.
- Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used
instead of the one generated by libmosquitto. This allows greater control
over what options can be set. Closes #715.
- Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have
the default libmosquitto SSL_CTX configuration applied to the user provided
SSL_CTX. Closes #567.
Client library fixes:
- Fix incorrect PSK key being used if it had leading zeroes.
- Initialise "result" variable as soon as possible in
mosquitto_topic_matches_sub. Closes #654.
- No need to close socket again if setting non-blocking failed. Closes #649.
- Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
foo/+/#. Closes #670.
- SNI host support added.
Client features:
- Add -F to mosquitto_sub to allow the user to choose the output format.
- Add -U to mosquitto_sub for unsubscribing from topics.
- Add -c (clean session) to mosquitto_pub.
- Add --retained-only to mosquitto_sub to exit after receiving all retained
messages.
- Add -W to allow mosquitto_sub to stop processing incoming messages after a
timeout.
- Connections now default to using MQTT v3.1.1.
- Default to using port 8883 when using TLS.
- mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the
connection was refused.
Client fixes:
- Correctly handle empty files with "mosquitto_pub -l". Closes #676.
Build:
- Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip
executables and shared libraries when installing.
- Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will
build and install static versions of the client libraries.
- Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
- Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are
no longer supported by openssl.
Documentation:
- Replace mentions of deprecated 'c_rehash' with 'openssl rehash'.
1.4.15 - 20180228
=================
Security:
- Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more
file descriptors, then opening the configuration file will fail and security
settings will be set back to their default values.
- Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by
setting "remaining length" to be a large value. This is now mitigated by
limiting the size of remaining length to valid values. A "memory_limit"
configuration option has also been added to allow the overall memory used by
the broker to be limited.
Broker:
- Use constant time memcmp for password comparisons.
- Fix incorrect PSK key being used if it had leading zeroes.
- Fix memory leak if a client provided a username/password for a listener with
use_identity_as_username configured.
- Fix use_identity_as_username not working on websockets clients.
- Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
a websockets client. Closes #490.
- Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
- Lines in the config file are no longer limited to 1024 characters long.
Closes #652.
- Fix $SYS counters of messages and bytes sent when message is sent over
a Websockets. Closes #250.
- Fix upgrade_outgoing_qos for retained message. Closes #534.
- Fix CONNACK message not being sent for unauthorised connect on websockets.
Closes #8.
Client library:
- Fix incorrect PSK key being used if it had leading zeroes.
- Initialise "result" variable as soon as possible in
mosquitto_topic_matches_sub. Closes #654.
- No need to close socket again if setting non-blocking failed. Closes #649.
- Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
foo/+/#. Closes #670.
Clients:
- Correctly handle empty files with "mosquitto_pub -l". Closes #676.
Build:
- Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
1.4.14 - 20170710
=================
Broker:
- Fix regression from 1.4.13 where persistence data was not being saved.
1.4.13 - 20170627
=================
Security:
- Fix CVE-2017-9868. The persistence file was readable by all local users,
potentially allowing sensitive information to be leaked.
This can also be fixed administratively, by restricting access to the
directory in which the persistence file is stored.
Broker:
- Fix for poor websockets performance.
- Fix lazy bridges not timing out for idle_timeout. Closes #417.
- Fix problems with large retained messages over websockets. Closes #427.
- Set persistence file to only be readable by owner, except on Windows. Closes
#468.
- Fix CONNECT check for reserved=0, as per MQTT v3.1.1 check MQTT-3.1.2-3.
- When the broker stop, wills for any connected clients are now "sent". Closes
#477.
- Auth plugins can be configured to disable the check for +# in
usernames/client ids with the auth_plugin_deny_special_chars option.
Partially closes #462.
- Restrictions for CVE-2017-7650 have been relaxed - '/' is allowed in
usernames/client ids. Remainder of fix for #462.
Clients:
- Don't use / in auto-generated client ids.
1.4.12 - 20170528
=================
Security:
- Fix CVE-2017-7650, which allows clients with username or client id set to
'#' or '+' to bypass pattern based ACLs or third party plugins. The fix
denies message sending or receiving of messages for clients with a '#' or
'+' in their username or client id and if the message is subject to a
pattern ACL check or plugin check.
Patches for other versions are available at
https://mosquitto.org/files/cve/2017-7650/
Broker:
- Fix mosquitto.db from becoming corrupted due to client messages being
persisted with no stored message. Closes #424.
- Fix bridge not restarting properly. Closes #428.
- Fix unitialized memory in gets_quiet on Windows. Closes #426.
- Fix building with WITH_ADNS=no for systems that don't use glibc. Closes
#415.
- Fixes to readme.md.
- Fix deprecation warning for OpenSSL 1.1. PR #416.
- Don't segfault on duplicate bridge names. Closes #446.
- Fix CVE-2017-7650.
1.4.11 - 20170220
=================
Broker:
- Fix crash when "lazy" type bridge attempts to reconnect. Closes #259.