Bump version, update www and changelog.
This commit is contained in:
parent
3e094991c4
commit
9883652dde
@ -11,7 +11,7 @@ project(mosquitto)
|
|||||||
cmake_minimum_required(VERSION 2.8)
|
cmake_minimum_required(VERSION 2.8)
|
||||||
# Only for version 3 and up. cmake_policy(SET CMP0042 NEW)
|
# Only for version 3 and up. cmake_policy(SET CMP0042 NEW)
|
||||||
|
|
||||||
set (VERSION 1.6.5)
|
set (VERSION 1.6.6)
|
||||||
|
|
||||||
add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")
|
add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")
|
||||||
|
|
||||||
|
@ -1,6 +1,10 @@
|
|||||||
1.6.6 - 20190915
|
1.6.6 - 20190917
|
||||||
================
|
================
|
||||||
|
|
||||||
|
Security:
|
||||||
|
- Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
|
||||||
|
Closes #1412.
|
||||||
|
|
||||||
Broker:
|
Broker:
|
||||||
- Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
|
- Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
|
||||||
Closes #1412.
|
Closes #1412.
|
||||||
|
@ -104,7 +104,7 @@ WITH_COVERAGE:=no
|
|||||||
|
|
||||||
# Also bump lib/mosquitto.h, CMakeLists.txt,
|
# Also bump lib/mosquitto.h, CMakeLists.txt,
|
||||||
# installer/mosquitto.nsi, installer/mosquitto64.nsi
|
# installer/mosquitto.nsi, installer/mosquitto64.nsi
|
||||||
VERSION=1.6.5
|
VERSION=1.6.6
|
||||||
|
|
||||||
# Client library SO version. Bump if incompatible API/ABI changes are made.
|
# Client library SO version. Bump if incompatible API/ABI changes are made.
|
||||||
SOVERSION=1
|
SOVERSION=1
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
|
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
|
||||||
|
|
||||||
Name "Eclipse Mosquitto"
|
Name "Eclipse Mosquitto"
|
||||||
!define VERSION 1.6.5
|
!define VERSION 1.6.6
|
||||||
OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
|
OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
|
||||||
|
|
||||||
InstallDir "$PROGRAMFILES\mosquitto"
|
InstallDir "$PROGRAMFILES\mosquitto"
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
|
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
|
||||||
|
|
||||||
Name "Eclipse Mosquitto"
|
Name "Eclipse Mosquitto"
|
||||||
!define VERSION 1.6.5
|
!define VERSION 1.6.6
|
||||||
OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
|
OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
|
||||||
|
|
||||||
!include "x64.nsh"
|
!include "x64.nsh"
|
||||||
|
@ -48,7 +48,7 @@ extern "C" {
|
|||||||
|
|
||||||
#define LIBMOSQUITTO_MAJOR 1
|
#define LIBMOSQUITTO_MAJOR 1
|
||||||
#define LIBMOSQUITTO_MINOR 6
|
#define LIBMOSQUITTO_MINOR 6
|
||||||
#define LIBMOSQUITTO_REVISION 5
|
#define LIBMOSQUITTO_REVISION 6
|
||||||
/* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
|
/* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
|
||||||
#define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)
|
#define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
MAJOR=1
|
MAJOR=1
|
||||||
MINOR=6
|
MINOR=6
|
||||||
REVISION=5
|
REVISION=6
|
||||||
|
|
||||||
sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk
|
sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
name: mosquitto
|
name: mosquitto
|
||||||
version: 1.6.5
|
version: 1.6.6
|
||||||
summary: Eclipse Mosquitto MQTT broker
|
summary: Eclipse Mosquitto MQTT broker
|
||||||
description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
|
description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
|
||||||
protocol.
|
protocol.
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
<!--
|
<!--
|
||||||
.. title: Download
|
.. title: Download
|
||||||
.. slug: download
|
.. slug: download
|
||||||
.. date: 2019-09-12 15:12:00 UTC+1
|
.. date: 2019-09-17 16:12:00 UTC+1
|
||||||
.. tags: tag
|
.. tags: tag
|
||||||
.. category: category
|
.. category: category
|
||||||
.. link: link
|
.. link: link
|
||||||
@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
# Source
|
# Source
|
||||||
|
|
||||||
* [mosquitto-1.6.5.tar.gz](https://mosquitto.org/files/source/mosquitto-1.6.5.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.6.5.tar.gz.asc))
|
* [mosquitto-1.6.6.tar.gz](https://mosquitto.org/files/source/mosquitto-1.6.6.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.6.6.tar.gz.asc))
|
||||||
* [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)
|
* [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)
|
||||||
|
|
||||||
Older downloads are available at [https://mosquitto.org/files/](../files/)
|
Older downloads are available at [https://mosquitto.org/files/](../files/)
|
||||||
@ -24,8 +24,8 @@ distributions.
|
|||||||
|
|
||||||
## Windows
|
## Windows
|
||||||
|
|
||||||
* [mosquitto-1.6.5-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.6.5-install-windows-x64.exe) (~1.4 MB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
|
* [mosquitto-1.6.6-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.6.6-install-windows-x64.exe) (~1.4 MB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
|
||||||
* [mosquitto-1.6.5-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.6.2-install-windows-x86.exe) (~1.4 MB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)
|
* [mosquitto-1.6.6-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.6.6-install-windows-x86.exe) (~1.4 MB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)
|
||||||
|
|
||||||
See also readme-windows.txt after installing.
|
See also readme-windows.txt after installing.
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<!--
|
<!--
|
||||||
.. title: Version 1.6.5 released
|
.. title: Version 1.6.5 released
|
||||||
.. slug: version-1-6-4-released
|
.. slug: version-1-6-5-released
|
||||||
.. date: 2019-09-12 15:00:00 UTC+1
|
.. date: 2019-09-12 15:00:00 UTC+1
|
||||||
.. tags: Releases
|
.. tags: Releases
|
||||||
.. category:
|
.. category:
|
||||||
|
59
www/posts/2019/09/version-1-6-6-released.md
Normal file
59
www/posts/2019/09/version-1-6-6-released.md
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
<!--
|
||||||
|
.. title: Security advisory: CVE-2018-12543
|
||||||
|
.. slug: security-advisory-cve-2018-12543
|
||||||
|
.. date: 2018-09-27 10:36:19 UTC+01:00
|
||||||
|
.. tags: Security,Releases
|
||||||
|
.. category:
|
||||||
|
.. link:
|
||||||
|
.. description:
|
||||||
|
.. type: text
|
||||||
|
-->
|
||||||
|
|
||||||
|
Mosquitto 1.6.6 and 1.5.9 have been released to address two security vulnerabilities.
|
||||||
|
|
||||||
|
Titles and links will be updated once the CVE numbers are assigned.
|
||||||
|
|
||||||
|
# CVE-xxxx-xxxxx
|
||||||
|
|
||||||
|
A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.
|
||||||
|
|
||||||
|
If a client sends a SUBSCRIBE packet containing a topic that consists of
|
||||||
|
approximately 65400 or more '/' characters, i.e. the topic hierarchy separator,
|
||||||
|
then a stack overflow will occur.
|
||||||
|
|
||||||
|
The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions are
|
||||||
|
available at <https://mosquitto.org/files/cve/2019-hier>
|
||||||
|
|
||||||
|
The fix addresses the problem by restricting the allowed number of topic
|
||||||
|
hierarchy levels to 200. An alternative fix is to increase the size of the
|
||||||
|
stack by a small amount.
|
||||||
|
|
||||||
|
# CVE-yyyy-yyyyy
|
||||||
|
|
||||||
|
A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive.
|
||||||
|
|
||||||
|
If an MQTT v5 client connects to Mosquitto, sets a last will and testament,
|
||||||
|
sets a will delay interval, sets a session expiry interval, and the will delay
|
||||||
|
interval is set longer than the session expiry interval, then a use after free
|
||||||
|
error occurs, which has the potential to cause a crash in some situations.
|
||||||
|
|
||||||
|
The issue is fixed in Mosquitto 1.6.5. Patches for older versions are available
|
||||||
|
at <https://mosquitto.org/files/cve/2019-will-delay>
|
||||||
|
|
||||||
|
# Version 1.6.6 Changes
|
||||||
|
|
||||||
|
The complete list of fixes addressed in version 1.6.6 is:
|
||||||
|
|
||||||
|
## Security
|
||||||
|
|
||||||
|
* Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
|
||||||
|
Closes [#1412].
|
||||||
|
|
||||||
|
## Broker
|
||||||
|
* Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
|
||||||
|
Closes [#1412].
|
||||||
|
* `mosquitto_passwd` now returns 1 when attempting to update a user that does
|
||||||
|
not exist. Closes [#1414].
|
||||||
|
|
||||||
|
[#1412]: https://github.com/eclipse/mosquitto/issues/1412
|
||||||
|
[#1414]: https://github.com/eclipse/mosquitto/issues/1414
|
Loading…
Reference in New Issue
Block a user