d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bump version, update www and changelog.

Browse Source
This commit is contained in:
Roger A. Light 2019-09-17 16:31:22 +01:00
parent 3e094991c4
commit 9883652dde
11 changed files with 76 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -11,7 +11,7 @@ project(mosquitto)
cmake_minimum_required(VERSION 2.8) cmake_minimum_required(VERSION 2.8)
# Only for version 3 and up. cmake_policy(SET CMP0042 NEW) # Only for version 3 and up. cmake_policy(SET CMP0042 NEW)
set (VERSION 1.6.5) set (VERSION 1.6.6)
add_definitions (-DCMAKE -DVERSION=\"${VERSION}\") add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")

6
ChangeLog.txt
View File

@ -1,6 +1,10 @@
1.6.6 - 20190915 1.6.6 - 20190917
================ ================
Security:
- Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
Closes #1412.
Broker: Broker:
- Restrict topic hierarchy to 200 levels to prevent possible stack overflow. - Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
Closes #1412. Closes #1412.

2
config.mk
View File

@ -104,7 +104,7 @@ WITH_COVERAGE:=no
# Also bump lib/mosquitto.h, CMakeLists.txt, # Also bump lib/mosquitto.h, CMakeLists.txt,
# installer/mosquitto.nsi, installer/mosquitto64.nsi # installer/mosquitto.nsi, installer/mosquitto64.nsi
VERSION=1.6.5 VERSION=1.6.6
# Client library SO version. Bump if incompatible API/ABI changes are made. # Client library SO version. Bump if incompatible API/ABI changes are made.
SOVERSION=1 SOVERSION=1

2
installer/mosquitto.nsi
View File

@ -9,7 +9,7 @@
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
Name "Eclipse Mosquitto" Name "Eclipse Mosquitto"
!define VERSION 1.6.5 !define VERSION 1.6.6
OutFile "mosquitto-${VERSION}-install-windows-x86.exe" OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
InstallDir "$PROGRAMFILES\mosquitto" InstallDir "$PROGRAMFILES\mosquitto"

2
installer/mosquitto64.nsi
View File

@ -9,7 +9,7 @@
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
Name "Eclipse Mosquitto" Name "Eclipse Mosquitto"
!define VERSION 1.6.5 !define VERSION 1.6.6
OutFile "mosquitto-${VERSION}-install-windows-x64.exe" OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
!include "x64.nsh" !include "x64.nsh"

2
lib/mosquitto.h
View File

@ -48,7 +48,7 @@ extern "C" {
#define LIBMOSQUITTO_MAJOR 1 #define LIBMOSQUITTO_MAJOR 1
#define LIBMOSQUITTO_MINOR 6 #define LIBMOSQUITTO_MINOR 6
#define LIBMOSQUITTO_REVISION 5 #define LIBMOSQUITTO_REVISION 6
/* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */ /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
#define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION) #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)

2
set-version.sh
View File

@ -2,7 +2,7 @@
MAJOR=1 MAJOR=1
MINOR=6 MINOR=6
REVISION=5 REVISION=6
sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk

2
snap/snapcraft.yaml
View File

@ -1,5 +1,5 @@
name: mosquitto name: mosquitto
version: 1.6.5 version: 1.6.6
summary: Eclipse Mosquitto MQTT broker summary: Eclipse Mosquitto MQTT broker
description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
protocol. protocol.

8
www/pages/download.md
View File

@ -1,7 +1,7 @@
<!-- <!--
.. title: Download .. title: Download
.. slug: download .. slug: download
.. date: 2019-09-12 15:12:00 UTC+1 .. date: 2019-09-17 16:12:00 UTC+1
.. tags: tag .. tags: tag
.. category: category .. category: category
.. link: link .. link: link
@ -11,7 +11,7 @@
# Source # Source
* [mosquitto-1.6.5.tar.gz](https://mosquitto.org/files/source/mosquitto-1.6.5.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.6.5.tar.gz.asc)) * [mosquitto-1.6.6.tar.gz](https://mosquitto.org/files/source/mosquitto-1.6.6.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.6.6.tar.gz.asc))
* [Git source code repository](https://github.com/eclipse/mosquitto) (github.com) * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)
Older downloads are available at [https://mosquitto.org/files/](../files/) Older downloads are available at [https://mosquitto.org/files/](../files/)
@ -24,8 +24,8 @@ distributions.
## Windows ## Windows
* [mosquitto-1.6.5-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.6.5-install-windows-x64.exe) (~1.4 MB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017) * [mosquitto-1.6.6-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.6.6-install-windows-x64.exe) (~1.4 MB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
* [mosquitto-1.6.5-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.6.2-install-windows-x86.exe) (~1.4 MB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017) * [mosquitto-1.6.6-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.6.6-install-windows-x86.exe) (~1.4 MB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)
See also readme-windows.txt after installing. See also readme-windows.txt after installing.

2
www/posts/2019/09/version-1-6-5-released.md
View File

@ -1,6 +1,6 @@
<!-- <!--
.. title: Version 1.6.5 released .. title: Version 1.6.5 released
.. slug: version-1-6-4-released .. slug: version-1-6-5-released
.. date: 2019-09-12 15:00:00 UTC+1 .. date: 2019-09-12 15:00:00 UTC+1
.. tags: Releases .. tags: Releases
.. category: .. category:

59
www/posts/2019/09/version-1-6-6-released.md Normal file
View File

@ -0,0 +1,59 @@
<!--
.. title: Security advisory: CVE-2018-12543
.. slug: security-advisory-cve-2018-12543
.. date: 2018-09-27 10:36:19 UTC+01:00
.. tags: Security,Releases
.. category:
.. link:
.. description:
.. type: text
-->
Mosquitto 1.6.6 and 1.5.9 have been released to address two security vulnerabilities.
Titles and links will be updated once the CVE numbers are assigned.
# CVE-xxxx-xxxxx
A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.
If a client sends a SUBSCRIBE packet containing a topic that consists of
approximately 65400 or more '/' characters, i.e. the topic hierarchy separator,
then a stack overflow will occur.
The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions are
available at <https://mosquitto.org/files/cve/2019-hier>
The fix addresses the problem by restricting the allowed number of topic
hierarchy levels to 200. An alternative fix is to increase the size of the
stack by a small amount.
# CVE-yyyy-yyyyy
A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive.
If an MQTT v5 client connects to Mosquitto, sets a last will and testament,
sets a will delay interval, sets a session expiry interval, and the will delay
interval is set longer than the session expiry interval, then a use after free
error occurs, which has the potential to cause a crash in some situations.
The issue is fixed in Mosquitto 1.6.5. Patches for older versions are available
at <https://mosquitto.org/files/cve/2019-will-delay>
# Version 1.6.6 Changes
The complete list of fixes addressed in version 1.6.6 is:
## Security
* Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
Closes [#1412].
## Broker
* Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
Closes [#1412].
* `mosquitto_passwd` now returns 1 when attempting to update a user that does
not exist. Closes [#1414].
[#1412]: https://github.com/eclipse/mosquitto/issues/1412
[#1414]: https://github.com/eclipse/mosquitto/issues/1414