This is a security and bug fix release.
Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes#2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes#2760.
Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)
Signed-off-by: Karl Palsson <karlp@tweak.au>
Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
Recent versions of mosquitto have added a lot more fine grained control
of various options. Add UCI support for all of them, and fix a couple
of things that were configured as per listener, that are actually global
settings.
Signed-off-by: Karl Palsson <karlp@etactica.com>
From mosquitto 2.x, port became optional and deprecated in the config,
and it was recommended that listeners be used instead. Drop the hard
requirement in our config conversion script.
Reported in: https://github.com/openwrt/packages/issues/15506
Signed-off-by: <karlp@etactica.com>
Security release. From the changelog:
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed. Closes
https://github.com/eclipse/mosquitto/issues/1793
Changelog: https://mosquitto.org/blog/2020/08/version-1-6-12-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
Adds support for acl_plugin, and acl_opt_* options.
acl_opt_* requires some care as it relies on the internal behaviour of
cfg_load setting environment variables in a certain form. However,
given that _all_ of the cfg_load infrastructure relies on that, we can
be pretty sure that it won't change in a way that will hurt us.
Originally reported as: https://github.com/openwrt/packages/pull/7434
Signed-off-by: Karl Palsson <karlp@etactica.com>
Full changelog at https://github.com/eclipse/mosquitto/blob/v1.5.3/ChangeLog.txt
Primary change:
CVE fix for CVE-2018-12543 - prevent crash on topics that begin with $
but are not $SYS
Selected other fixes relevant to OpenWrt since 1.5.1:
- Fix retained messages not sent by bridges on outgoing topics at the first
connection. Closes#701.
- Fix duplicate clients being added to by_id hash before the old client was
removed. Closes#645.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
Closes#948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes#481.
- Fix segfault on HUP when bridges and security options are configured.
Closes#965.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Install the .pc files to staging directory to help other packages
to find the libraries.
Since the build does not use CMake, we need to manually install the
files and replace two variables using sed.
Filed upstream as https://github.com/eclipse/mosquitto/pull/950
Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>
Tested-by: Karl Palsson <karlp@etactica.com>
Bugfix release. Full changelog at:
https://mosquitto.org/blog/2018/08/version-151-released/
Of most interest to OpenWrt:
* Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined.
* Fix IPv6 addresses not being able to be used as bridge addresses.
* Fix problem opening listeners on Pi caused by unsigned char being default.
* Fix segfault on startup if bridge CA certificates could not be read.
* Fix possible endian issue when reading the memory_limit option.
* library and client bugfixes including: https://github.com/openwrt/packages/issues/6765
Signed-off-by: Karl Palsson <karlp@etactica.com>
Remove build timestamp. Using currently proposed upstream patch.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Karl Palsson <karlp@etactica.com>
Can't use DEPENDS:= +libname when libname is now a virtual package.
Switch to plain DEPENDS:= libname.
Fixes Github issue 4751
Signed-off-by: Karl Palsson <karlp@etactica.com>
On some environments, connecting to localhost was resolving to ::1,
which didn't match the bind to the explicit 127.0.0.1.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Added many more UCI config options, particularly for bridge connections
The recently introduced username/password options for bridges are kept,
even though they have been deprecated upstream for a while. In keeping
with this, while support is kept in UCI, the generated mosquitto.conf
file will always generate the "modern" remote_username/remote_password
options preferred by mosquitto instead.
Likewise for bridge clientid and remote_clientid options.
Signed-off-by: Karl Palsson <karlp@etactica.com>
