Archive for 'Releases'

Version 1.3.2 released

This is a security and bugfix release.

Security

A bug in the way that mosquitto handles authentication plugins has been identified. When using a plugin for authentication purposes, if the plugin returns MOSQ_ERR_UNKNOWN when making an authentication check, as might happen if a database was unavailable for example, then mosquitto incorrectly treats this as a successful authentication. This has the potential for unauthorised clients to access the running mosquitto broker and gain access to information to which they are not authorised. This is an important update for users of authentication plugins in mosquitto.

Broker

  • Don’t allow access to clients when authenticating if a security plugin returns an application error. Fixes bug #1340782.
  • Ensure that bridges verify certificates by default when using TLS.
  • Fix possible crash when using pattern ACLs that do not include a %u and clients that connect without a username.
  • Fix subscriptions being deleted when clients subscribed to a topic beginning with a $ but that is not $SYS.
  • When a durable client reconnects, its queued messages are now checked against ACLs in case of a change in username/ACL state since it last connected.
  • Anonymous clients are no longer accidently disconnected from the broker after a SIGHUP.
  • Fix bug #1324411, which could have had unexpected consequences for delayed messages in rare circumstances.

Client library

  • Fix topic matching edge case.
  • Fix callback deadlocks after calling mosquitto_disconnect(), when using the threaded interfaces. Closes bug #1313725.
  • Fix SRV support when building with CMake.

General

  • Use $(STRIP) for stripping binaries when installing, to allow easier cross compilation.

Version 1.3.1 released

This is a bugfix release:

Broker

  • Prevent possible crash on client reconnect. Closes bug #1294108.
  • Don’t accept zero length unsubscription strings (MQTT v3.1.1 fix)
  • Don’t accept QoS 3 (MQTT v3.1.1 fix)
  • Don’t disconnect clients immediately on HUP to give chance for all data to be read.
  • Reject invalid un/subscriptions e.g. foo/+bar #/bar.
  • Take more care not to disconnect clients that are sending large messages.

Client library

  • Fix socketpair code on the Mac.
  • Fix compilation for WITH_THREADING=no.
  • Break out of select() when calling mosquitto_loop_stop().
  • Reject invalid un/subscriptions e.g. foo/+bar #/bar.

Clients

  • Fix keepalive value on mosquitto_pub.
  • Fix possibility of mosquitto_pub not exiting after sending messages when using -l.

Version 1.3 released

This is a feature and bugfix release. It is the final release, with the possible exception of bugfixes, outside of the Eclipse mosquitto project. The main reason for this release is to bring support for the current MQTT v3.1.1 draft ahead (just) of the MQTT interoperability testing day.

Broker

  • The broker no longer ignores the auth_plugin_init() return value.
  • Accept SSLv2/SSLv3 HELLOs when using TLSv1, whilst keeping SSLv2 and SSLv3 disabled. This increases client compatibility without sacrificing security.
  • The $SYS tree can now be disabled at runtime as well as at compile time.
  • When remapping bridged topics, only check for matches when the message direction is correct. This allows two identical topics to be remapped differently for both in and out.
  • Change “$SYS/broker/heap/current size” to “$SYS/broker/heap/current” for easier parsing.
  • Change “$SYS/broker/heap/maximum size” to “$SYS/broker/heap/maximum” for easier parsing.
  • Topics are no longer normalised from e.g a///topic to a/topic. This matches the behaviour as clarified by the Oasis MQTT spec. This will lead to unexpected behaviour if you were using topics of this form.
  • Log when outgoing messages for a client begin to drop off the end of the queue.
  • Bridge clients are recognised as bridges even after reloading from persistence.
  • Basic support for MQTT v3.1.1. This does not include being able to bridge to an MQTT v3.1.1 broker.
  • Username is displayed in log if present when a client connects.
  • Support for 0 length client ids (v3.1.1 only) that result in automatically generated client ids on the broker (see option allow_zero_length_clientid).
  • Ability to set the prefix of automatically generated client ids (see option auto_id_prefix).
  • Add support for TLS session resumption.
  • When using TLS, the server now chooses the cipher to use when negotiating with the client.
  • Weak TLS ciphers are now disabled by default.

Client library

  • Fix support for Python 2.6, 3.0, 3.1.
  • Add support for un/subscribing to multiple topics at once in un/subscribe().
  • Clients now close their socket after sending DISCONNECT.
  • Python client now contains its version number.
  • C library mosquitto_want_write() now supports TLS clients.
  • Fix possible memory leak in C/C++ library when communicating with a broker that doesn’t follow the spec.
  • Return strerror() through mosquitto_strerror() to make error printing easier.
  • Topics are no longer normalised from e.g a///topic to a/topic. This matches the behaviour as clarified by the Oasis MQTT spec. This will lead to unexpected behaviour if you were using topics of this form.
  • Add support for SRV lookups.
  • Break out of select() on publish(), subscribe() etc. when using the threaded interface. Fixes bug #1270062.
  • Handle incoming and outgoing messages separately. Fixes bug #1263172.
  • Don’t terminate threads on mosquitto_destroy() when a client is not using the threaded interface but does use their own thread. Fixes bug #1291473.

Clients

  • Add –ciphers to allow specifying which TLS ciphers to support.
  • Add support for SRV lookups.
  • Add -N to sub client to suppress printing of EOL after the payload.
  • Add -T to sub client to suppress printing of a topic hierarchy.

Version 1.2.2 released

This is a bugfix release:

Broker

  • Fix compliance with max_inflight_messages when a non-clean session client reconnects. Closes one of the issues on bug #1237389.

Client library

  • Fix incorrect inflight message accounting, which caused messages to go unsent. Partial fix for bug #1237351.
  • Fix potential memory corruption when sending QoS>0 messages at a high rate using the threaded interface. Further fix for #1237351.
  • Fix incorrect delay scaling when exponential_backoff=true in mosquitto_reconnect_delay_set().
  • Some pep8 fixes for Python.

Version 1.2.1 released

This is a bugfix release.

Broker:

  • The broker no longer ignores the auth_plugin_init() return value. Closes  bug #1215084.
  • Use RTLD_GLOBAL when opening authentication plugins on posix systems. Fixes resolving of symbols in libraries used by authentication plugins.
  • Add/fix some config documentation.
  • Fix ACLs for topics with $SYS.
  • Clients loaded from the persistence file on startup were not being added to the client hash, causing subtle problems when the client reconnected, including ACLs failing. This has been fixed.
  • Add note to mosquitto-tls man page stating that certificates need to be unique. Closes bug #1221285.
  • Fix incorrect retained message delivery when using wildcard subs in some circumstances. Fixes bug #1226040.

Client library

  • Fix support for Python 2.6, 3.0, 3.1.
  • Fix TLS subjectAltName verification and segfaults.
  • Handle EAGAIN in Python on Windows. Closes bug #1220004.
  • Fix compilation when using WITH_TLS=no.
  • Don’t fail reconnecting in Python when broker is temporarily unavailable.

Version 1.2 released

This is a (long overdue) feature release.

There is a potential gotcha when upgrading to this release because the default version of TLS used has changed from 1.0 to 1.2. Python does not yet have support for TLS>1.0 so Python clients will be unable to communicate with brokers using the default TLS settings.

The source is available for download at http://mosquitto.org/download and binaries will become available in the near future.

Broker

  • Replace O(n) username lookup on CONNECT with a roughly O(1) hashtable version.
  • It is now possible to disable $SYS at compile time.
  • Add dropped publish messages to load tree in $SYS. Closes bug #1183318.
  • Add support for logging SUBSCRIBE/UNSUBSCRIBE events.
  • Add “log_dest file” logging support.
  • Auth plugin ACL check function now passes the client id as well as username and password.
  • The queue_qos0_messages option wasn’t working correctly, this has now been fixed. Closes bug #1125200.
  • Don’t drop all messages for disconnected durable clients when max_queued_messages=0.
  • Add support for “log_type all”.
  • Add support for “-v” option on the command line to provide the equivalent of”log_type all” without needing a config file.
  • Add the “upgrade_outgoing_qos” option, a non-standard feature.
  • Persistence data is now written to a temporary file which is atomically renamed on completion, so a crash during writing will not produce a corrupt file.
  • mosquitto.conf is now installed as mosquitto.conf.example
  • Configuration file errors are now reported with filename and line number.
  • The broker now uses a monotonic clock if available, to avoid changes in time causing client disconnections or message retries.
  • Clean session and keepalive status are now display the log when a client connects.
  • Add support for TLSv1.2 and TLSv1.1.
  • Clients that connect with zero length will topics are now rejected.
  • Add the ability to set a maximum allowed PUBLISH payload size.
  • Fix an ACL with topic “#” incorrectly granting access to $SYS.
  • Fix retained messages incorrectly being set on wildcard topics, leading to duplicate retained messages being sent on subscription. Closes bug #1116233.
  • Don’t discard listener values when no “port” option given. Closes bug #1131406.
  • Client password check was always failing when security was being reapplied after a config reload. This meant that all clients were being disconnected. This has been fixed.
  • Fix build when WITH_TLS=no. Closes bug #1174971.
  • Fix single outgoing packets not being sent in a timely fashion if they were not sent in one call to write(). Closes bug #1176796.
  • Fix remapping of messages for clients connected to a listener with mount_point set. Closes bug #1180765.
  • Fix duplicate retained messages being sent for some wildcard patterns.
  • If a client connects with a will topic to which they do not have write access, they are now disconnected with CONNACK “not authorised”.
  • Fix retained messages on topic foo being incorrectly delivered to subscriptions of /#
  • Fix handling of SSL errors on SSL_accept().
  • Fix handling of QoS 2 messages on client reconnect.
  • Drop privileges now sets supplementary groups correctly.
  • Fix load reporting interval (is now 60s).
  • Be strict with malformed PUBLISH packets – clients are now disconnected rather than the packet discarded. This goes inline with future OASIS spec changes and makes other changes more straightforward.
  • Process incoming messages denied by ACL properly so that clients don’t keep resending them.
  • Add support for round_robin bridge option.
  • Add bridge support for verifying remote server certificate subject against the remote hostname.
  • Fix problem with out of order calls to free() when restarting a lazy bridge.
  • The broker now attempts to resolve bind_address and bridge addresses immediately when parsing the config file in order to detect invalid hosts.
  • Bridges now set their notification state before attempting to connect, so if they fail to connect the state can still be seen.
  • Fix bridge notification payload length – no need to send a null byte.
  • mosquitto_passwd utility now reports errors more clearly.
  • Fix “mosquitto_passwd -U”.

 

Client library

  • Add support for TLSv1.2 and TLSv1.1, except for on the Python module.
  • Add support for verifying remote server certificate subject against the remote hostname.
  • Add mosquitto_reconnect_async() support and make asynchronous connections truely asynchronous rather than simply deferred. DNS lookups are still blocking, so asynchronous connections require an IP address instead of hostname.
  • Allow control of reconnection timeouts in mosquitto_loop_forever() and after mosquitto_loop_start() by using mosquitto_reconnect_delay_set().
  • Fix building on Android NDK.
  • Re-raise unhandled errors in Python so as not to provide confusing error messages later on.
  • Python module supports IPv6 connections.
  • mosquitto_sub_topic_tokenise() was behaving incorrectly if the last topic hierarchy had only a single character. This has been fixed. Closes bug #1163348.
  • Fix possible crash after disconnects when using the threaded interface with TLS.
  • Allow build/install without Python. Closes bug #1174972.
  • Add support for binding connection to a local interface.
  • Implement maximum inflight messages handling.
  • Fix Python client not handling will_payload==None.
  • Fix potential memory leak when setting username/password.
  • Fix handling of QoS 2 messages on reconnect.
  • Improve handling of mosquitto_disconnect() with threaded mode.

Clients

  • Add support for TLSv1.2 and TLSv1.1.
  • Sub client can now suppress printing of messages with the retain bit set.
  • Add support for binding connection to a local interface.
  • Implement maximum inflight messages handling for the pub client.

 

The Paho project recently made a new Javascript client available: http://git.eclipse.org/c/paho/org.eclipse.paho.mqtt.javascript.git/

The mosquitto Javascript client, mosquitto.js, is neither as functional nor as well written as the Paho client, so is being deprecated. If you are using mosquitto.js I strongly recommend that you look to the Paho client for the future. I will be carrying out minor bug fixes but no other development will take place.

There are no plans to remove the existing files.

Version 1.1.2 released

This is a bugfix release.

Client library

  • Fix tls_cert_reqs not being set to SSL_VERIFY_PEER by default. This meant
    that clients were not verifying the server certificate when connecting over
    TLS. This affects the C, C++ and Python libraries.

Source and binaries are available on the downloads page.

Version 1.1 released

This is a feature and bugfix release.

Broker

  • Add $SYS/broker/messages/dropped
  • Add $SYS/broker/clients/expired
  • Replace $SYS/broker/+/per second/+ with moving average versions published at $SYS/broker/load/#
  • Add $SYS/broker/load/sockets/+ and $SYS/broker/load/connections/+
  • Documentation on password file format has been fixed.
  • Disable SSL compression. This reduces memory usage significantly and removes the possibility of CRIME type attacks.
  • Enable SSL_MODE_RELEASE_BUFFERS mode to reduce SSL memory usage further.
  • Add allow_duplicate_messages option.
  • ACL files can now have comment lines with # as the first character.
  • Display message on startup about which config is being loaded.
  • Fix max_inflight_messages and max_queued_messages not being applied.
  • Fix documentation error in mosquitto.conf.
  • Ensure that QoS 2 queued messages are sent out in a timely manner.
  • Local bridges now act on clean_session correctly.
  • Local bridges with clean_session==false now remove unused subscriptions on broker restart.
  • The $SYS/broker/heap/# messages now no longer include “bytes” as part of the string for ease of use.

Client library

  • Free memory used by OpenSSL in mosquitto_lib_cleanup() where possible.
  • Change WebSocket subprotocol name to mqttv3.1 to make future changes easier and for compatibility with other implementations.
  • mosquitto_loop_read() and mosquitto_loop_write() now handle errors themselves rather than having mosquitto_loop() handle their errors. This makes using them in a separate event loop more straightforward.
  • Add mosquitto_loop_forever() / loop_forever() function call to make simple clients easier.
  • Disable SSL compression. This reduces memory usage significantly and removes the possibility of CRIME type attacks.
  • Enable SSL_MODE_RELEASE_BUFFERS mode to reduce SSL memory usage further.
  • mosquitto_tls_set() will now return an error or raise an exception immediately if the CA certificate or client certificate/key cannot be accessed.
  • Fix potential memory leaks on connection failures.
  • Don’t produce return error from mosquitto_loop() if a system call is interrupted. This prevents disconnects/reconnects in threaded mode and simplifies non-threaded client handling.
  • Ignore SIGPIPE to prevent unnecessary client quits in threaded mode.
  • Fix document error for mosquitto_message_retry_set().
  • Fix mosquitto_topic_matches_sub() for subscriptions with + as the final character. Fixes bug #1085797.
  • Rename all “obj” parameters to “userdata” for consistency with other libraries.
  • Reset errno before network read/write to ensure EAGAIN isn’t mistakenly returned.
  • The message queue length is now tracked and used to determine the maximum number of packets to process at once. This removes the need for the max_packets parameter which is now unused.
  • Fix incorrect error value in Python error_string() function. Fixes bug #1086777.
  • Reset last message in/out timer in Python module when we send a PINGREQ. Fixes too-early disconnects.

Clients

  • Clients now display their own version number and library version number in their help messages.
  • Fix “mosquitto_pub -l -q 2″ disconnecting before all messages were transmitted.
  • Fix potential out-of-bounds array access with client ids. Fixes bug #1083182.

Other

  • mosquitto_passwd can now convert password files with plain text files to hashed versions.

Version 1.0.5 released

This is a bugfix release.

Broker

  • Fix crash when the broker has use_identity_as_username set to true but a client connects without a certificate.
  • mosquitto_passwd should only be installed if WITH_TLS=yes.

Library

  • Use symbolic errno values rather than numbers in Python module to avoid cross platform issues (incorrect errno on Mac OS).

Other

  • Build script fixes for FreeBSD.