FEDORA-EPEL-2019-1c8bc2bf57 created by pbrobinson 11 months ago for Fedora EPEL 7
stable

1.6.7

Broker:

  • Add workaround for working with libwebsockets 3.2.0.
  • Fix potential crash when reloading config.

Client library:

  • Don't use / in autogenerated client ids, to avoid confusing with topics.
  • Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour.
  • Fix regression on use of mosquitto_connect_async() not working.

Clients:

  • mosquitto_sub: Fix -E incorrectly not working unless -d was also specified.
  • Updated documentation around automatic client ids.

1.6.6

Security: * CVE-2019-11779 * Restrict topic hierarchy to 200 levels to prevent possible stack overflow.

Broker:

  • Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
  • mosquitto_passwd now returns 1 when attempting to update a user that does not exist.

1.6.5

Broker:

  • Fix v5 DISCONNECT packets with remaining length == 2 being treated as a protocol error.
  • Fix support for libwebsockets 3.x.
  • Fix slow websockets performance when sending large messages.
  • Fix bridges potentially not connecting on Windows.
  • Fix clients authorised using use_identity_as_username or use_subject_as_username being disconnected on SIGHUP.
  • Improve error messages in some situations when clients disconnect. Reduces the number of "Socket error on client X, disconnecting" messages.
  • Fix Will for v5 clients not being sent if will delay interval was greater than the session expiry interval.
  • Fix CRL file not being reloaded on HUP.
  • Fix repeated "Error in poll" messages on Windows when only websockets listeners are defined.

Client library:

  • Fix reconnect backoff for the situation where connections are dropped rather than refused.
  • Fix missing locks on mosq->state.

Documentation:

  • Improve details on global/per listener options in the mosquitto.conf man page.
  • Clarify behaviour when clients exceed the message_size_limit.
  • Improve documentation for max_inflight_bytes, max_inflight_messages, and max_queued_messages.

This update has been submitted for testing by pbrobinson.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'ignored'.

11 months ago

pbrobinson edited this update.

11 months ago

This update has been pushed to testing.

11 months ago

This update can be pushed to stable now if the maintainer wishes

10 months ago

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
11 months ago
in testing
11 months ago
in stable
10 months ago
modified
11 months ago
BZ#1753846 CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow
0
0
BZ#1753848 CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow [epel-7]
0
0

Automated Test Results