FEDORA-EPEL-2019-1c8bc2bf57 created by pbrobinson 2 months ago for Fedora EPEL 7
stable

1.6.7

Broker:

  • Add workaround for working with libwebsockets 3.2.0.
  • Fix potential crash when reloading config.

Client library:

  • Don't use / in autogenerated client ids, to avoid confusing with topics.
  • Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour.
  • Fix regression on use of mosquitto_connect_async() not working.

Clients:

  • mosquitto_sub: Fix -E incorrectly not working unless -d was also specified.
  • Updated documentation around automatic client ids.

1.6.6

Security: CVE-2019-11779 Restrict topic hierarchy to 200 levels to prevent possible stack overflow.

Broker:

  • Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
  • mosquitto_passwd now returns 1 when attempting to update a user that does not exist.

1.6.5

Broker:

  • Fix v5 DISCONNECT packets with remaining length == 2 being treated as a protocol error.
  • Fix support for libwebsockets 3.x.
  • Fix slow websockets performance when sending large messages.
  • Fix bridges potentially not connecting on Windows.
  • Fix clients authorised using use_identity_as_username or use_subject_as_username being disconnected on SIGHUP.
  • Improve error messages in some situations when clients disconnect. Reduces the number of "Socket error on client X, disconnecting" messages.
  • Fix Will for v5 clients not being sent if will delay interval was greater than the session expiry interval.
  • Fix CRL file not being reloaded on HUP.
  • Fix repeated "Error in poll" messages on Windows when only websockets listeners are defined.

Client library:

  • Fix reconnect backoff for the situation where connections are dropped rather than refused.
  • Fix missing locks on mosq->state.

Documentation:

  • Improve details on global/per listener options in the mosquitto.conf man page.
  • Clarify behaviour when clients exceed the message_size_limit.
  • Improve documentation for max_inflight_bytes, max_inflight_messages, and max_queued_messages.
This update has been submitted for testing by pbrobinson. 2 months ago
This update's test gating status has been changed to 'waiting'. 2 months ago
This update's test gating status has been changed to 'ignored'. 2 months ago
pbrobinson edited this update. 2 months ago
This update has been pushed to testing. 2 months ago
This update can be pushed to stable now if the maintainer wishes a month ago
This update has been submitted for stable by bodhi. a month ago
This update has been pushed to stable. a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
a month ago
modified
2 months ago
BZ#1753846 CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow
0
0
BZ#1753848 CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow [epel-7]
0
0

Automated Test Results