| Age | Commit message (Collapse) | Author |
|---|
|
Did not find hints upstream but musl build turned painless!
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Manually refresh 0002-fix-fail-to-enable-bluetooth.patch - it did not apply
2.2.1
Bugs fixed
Hard dependency of DBusService on NetworkManager
2.2
New features
Disconnect items in applet menu (plugin)
Desktop notifications on connect / disconnect (plugin)
Notifications with battery level for connecting devices (applet plugin)
Stop discovery and retry connection for broken adapter drivers
Auto-connect settings for supported services
Changes
Drop blueman-report
Drop blueman-assistant
Raise minimum Python version to 3.6
Raise GTK+ 3 version to 3.22
Raise minimum BlueZ version to 5.48
Allow opening device menus via keyboard (Shift+F10 or menu key)
Add Ctrl+Q and Ctrl+W accelerators for closing blueman-manager
Allow cancelling device connection attempts
Improved passkey handling (fixed padding, highlighting, single notifitication)
Hide devices with no name
Bugs fixed
Fix disconnecting NMDevice
Exceptions from asynchronous DBus calls (getting picked up by tools like Apport or ABRT)
DiscvManager plugin showed its icon unreliably
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Add libparse-yapp-perl to RDEPENDS for pidl.
Fixes:
$ pidl
Can't locate Parse/Yapp/Driver.pm in @INC (you may need to install the Parse::Yapp::Driver module)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The shebang in pidl points to wrong location:
$ pidl
-sh: /usr/bin/pidl: /buildarea/build/tmp-glibc/hosttools/env: bad interpreter: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
We're not living in a perfect world so avoid build failures like:
ERROR: samba-4.14.5-r0 do_package_qa: QA Issue: samba-pidl contains perllocal.pod (/usr/lib/perl5/5.34.0/x86_64-linux/perllocal.pod), should not be installed [perllocalpod]
ERROR: samba-4.14.5-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Error Message:
Problem: conflicting requests
- nothing provides samba-pidl needed by samba-client-4.14.5-r0.aarch64
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refresh the following patch:
configure.in-disable-tirpc-checking-for-fedora.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
-License-Update: notice.html does not exist in this version, use NOTICE.md to
check.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changelog:
https://www.samba.org/samba/history/samba-4.14.5.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This fails on cross-compilation for musl and clang.
Fixes configure error:
Checking whether fcntl supports setting/geting hints: UNKNOWN
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Changes since 4.4.2 (Bug Fixes)
Corrected a buffer overwrite possible when parsing hexadecimal
literals with more than 1024 octets. Reported by Jon Franklin from Dell,
and also by Pawel Wieczorkiewicz from Amazon Web Services.
[Gitlab #182]
CVE: CVE-2021-25217
See: https://downloads.isc.org/isc/dhcp/4.4.2-P1/dhcp-4.4.2-P1-RELNOTES
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Disable backtrace in bundled bind to fix build error for qemuarm on
musl.
Fixes:
bind/bind-9.11.32/lib/isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Update the bundled bind from 9.11.14 to 9.11.32.
Fixes build error on qemuarmv5:
stats.c: In function 'setcounter':
stats.c:300:36: error: 'val' undeclared (first use in this function); did you mean 'value'?
300 | stats->counters[counter] = val;
| ^~~
| value
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Refresh musl patch to avoid fuzz
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Zang Ruochen <zangrc.fnst@fujitsu.com>
|
|
0001-dbus-Remove-unused-variabes.patch
0002-Makefile-Exclude-.h-files-from-target-rule.patch
Removed since these are included in 0.102.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
There are some options are deprecated in smb.conf.
Refer to
https://salsa.debian.org/samba-team/samba/-/blob/master/debian/smb.conf
to update it.
* Remove the deprecated "syslog only" and "syslog" global options and
replace them with the "logging" statement.
* Remove wins support and wins server comments since WINS protocol is
outdated.
* Improve idmap config
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The 4.10.x is EOL: https://wiki.samba.org/index.php/Samba_Release_Planning
Upgrade to latest 4.14.x.
Remove PACKAGECONFIG[gnutls] since the gnutls is now the mandatory
requirement for samba. See:
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Mandatory
Refresh patches:
16-do-not-check-xsltproc-manpages.patch
20-do-not-import-target-module-while-cross-compile.patch
21-add-config-option-without-valgrind.patch
0001-Add-options-to-configure-the-use-of-libbsd.patch
dnsserver-4.7.0.patch
iconv-4.7.0.patch
0001-samba-fix-musl-lib-without-innetgr.patch
Drop patches:
0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch
0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch
0001-waf-add-support-of-cross_compile.patch
0002-util_sec.c-Move-__thread-variable-to-global-scope.patch
CVE-2020-14318.patch
CVE-2020-14383.patch
glibc_only.patch
smb_conf-4.7.0.patch
Add new patches:
0007-wscript_configure_system_gnutls-disable-check-gnutls.patch
0008-source3-wscript-disable-check-fcntl-F_OWNER_EX.patch
source3-wscript-disable-check-fcntl-RW_HINTS.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Disable the options by default, as we use different compilers there are
more warnings to handle then upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The bundled libtool files are arcane and do not work in OE cross build
environment, resulting in creating wrong entried in DT_NEEDED section
as well as emitting build paths into rpaths into ELF files, therefore
copy the OE provided libtool files to fix this issue
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
vendored version of bind is quite old which does not have all newer
architecture info like riscv in gnu-config files captured in the bind
tarball, therefore update these files before configuring bundled bind
Fixes build on rv32/rv64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Yi Zhao <yi.zhao@windriver.com>
|
|
The current default dhcp server kea in oe-core doesn't provide
dhcp-relay tool. Add a recipe to provide dhcrelay which is from dhcp.
This patch is picked up from dhcp recipe with some tweaks. In order to
fix the build dependency, we use bundled bind instead of external bind.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Remove all upstream patches
Rename patch 0003 -> 0001
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Header-only C++14 library that gives you an embedded HTTP server.
Signed-off-by: Stefan Wiehler <stefan.wiehler@missinglinkelectronics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixed build issue
lowlevel-linux-link-state.c:(.text+0x450): undefined reference to `pthread_create'
clang-12: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This commit brings the version of ufw up to 0.36 since version 0.33
had some problems:
* The setup.py calls sed to replace some variables in the source
code with the correct paths. However, this is done using a hardcoded
path and conflicts with distutils
* The python shebang was not properly corrected in setup.py, leading
to a script that only run if there is a python symlink to python2 or
python3
The first issue is addressed by the bump in version, while the second
one is fixed in patch 0003 of the recipe.
Also, the new version provides examples for systemd service and
sysvinit scripts to autostart ufw. These are added into the recipe
now.
Signed-off-by: Silcet <camorga1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
this is another option for reproducibility which can be used by
compilers, and here consider processing it as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
[meta-openembedded ticket #327] --
https://github.com/openembedded/meta-openembedded/issues/327
The python version in the shebang at the begining of the ufw script
should be the same one as the version the setup.py script was called
with.
The fix in patch "setup-only-make-one-reference-to-env.patch"
depends on sys.executable returning "/usr/bin/env pythonX". However,
it returns "/usr/bin/pythonX". Using sys.version_info we can get the
major version of the python used to called the script and append
that to the shebang line so it works as intended.
Signed-off-by: Silcet <camorga1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
License-Change: Update copyright years change to Staysail Systems, Inc
https://github.com/nanomsg/nng/commit/ee0b44406d2b658886760ea08c0af12781ab7e3a#diff-d0ed4cc3fb70489fe51c7e0ac180cba2a7472124f9f9e9ae67b01a37fbd580b7
In contrast to 1.2.5, this recipe also builds and packages the nngcat
tool.
Signed-off-by: Reto Schneider <reto.schneider@husqvarnagroup.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
changelog
* 79b1a99 Fixed comment.
* b2ec203 Fixed carry propagation bug in m64 impl for P-256.
* dda1f8a Harmonized behaviour when point length is invalid.
* acc70b1 Typo fix in comment.
* 946f5ba Added discard of unread appdata on explicit close.
* 252dba9 Fixed carry propagation bug in P-256 'm62' implementation (found by Auke Zeilstra; consequences unclear, possibly some invalid curve attacks in static ECDH contexts).
* 15b3af7 Typo fix in comment.
* 69807a3 Fixed typo in comment.
* fb4296c Fixed some errors in comments.
* 4b60464 Fixed small display bug in debug tool.
* b715b43 Fixed buffer overflow in private key decoding (wrong buffer length used in size check).
* 2893441 Fixed a spurious warning on some compilers.
* e4edfb8 Added support for getrandom()/getentropy(), and a fix for the RDRAND bug on AMD CPU (family 22).
* 924921d Fixed mishandling of UTF-8 codepoints in the FDF0..FEDF range (these were unduly rejected when extracting names from certificates, thereby preventing use of the extra presentation forms of Arabic).
* 9721b3e Fixed efficiency pre-test on RSA prime generation (no security issue, but RSA key generation with pubexp 5, 7 or 11 may be slightly more efficient).
* ecdf897 Normalize use of BR_DOXYGEN_IGNORE.
* c1bb535 Small workaround for CompCert compatibility.
* 87a796d Fixed computing of intermediate buffer size for maximum-size RSA keys.
* 6433cc2 Added detection for MIPS64 with n32 ABI.
* 001d094 Some small performance improvements on 32-bit architectures.
* 08eb078 Fixed fd leak in test code.
* d5acc4f Made m64 implementations of elliptic curves the default (when available).
* f0ddbc3 Added new 64-bit implementations of Curve25519 and P-256.
* b2a08e9 Made ec_c25519_m62 implementation the default on supported architectures.
* 52a69fe Fixed endianness in Curve25519 implementation (no consequence on security). Also added new Curve25519 code for 64-bit platforms.
* fd98320 Cosmetic fix (value did not conform to its announced bit length, but this did not have bad consequences since br_i31_decode_mod() is lenient on that).
* 431629d Changed speed benchmark for i31 to a 521-bit modulus.
* c6ffcd2 Fixed warning on GCC 4.6 to 4.9 (macro redefinition).
* 420f50c Added stand-alone RSA/PSS implementation.
* 966078b Added SHAKE implementation.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
It calls openssl's commands 'dhparam' and 'pkcs12' in script bootstrap.
These commands are configurable based on configure options 'no-dh' and
'no-des', and may not be provided by openssl. So check existence of
these commands. If not, abort running of script bootstrap.
1. https://github.com/openssl/openssl/blob/master/apps/build.info#L37
2. https://github.com/openssl/openssl/blob/master/apps/build.info#L22
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upgrade to release 1.30.2:
- 0004-fix_reallocarray_check.patch removed because the current
version of nm already includes boths malloc.h and stdlib.h
- musl/0002-Fix-build-with-musl.patch removed because the commit
c50da167bc of nm solves the build issue with musl
- musl/0001-Fix-build-with-musl-systemd-specific.patch modified
to avoid conflicts when applied to current version of nm
- musl/0003-Fix-build-with-musl-systemd-specific.patch renamed
to musl/0002-Fix-build-with-musl-systemd-specific.patch and
modified to avoid conflicts when applied to current version of nm
Signed-off-by: Vinicius Aquino <voa.aquino@gmail.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Recent upgrade introduced:
| ERROR: networkmanager-openvpn-1.8.14-r0 do_package: QA Issue: networkmanager-openvpn: Files/directories were installed but not shipped in any package:
| /usr/share/metainfo
| /usr/share/metainfo/network-manager-openvpn.metainfo.xml
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Drop one patch at the issue is already fixed in new version
(307678b268 Fix rlm_python3 build)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
2.0.8 - 2021-02-25
==================
Broker:
- Fix incorrect datatypes in `struct mosquitto_evt_tick`. This changes the
size and offset of two of the members of this struct, and changes the size
of the struct. This is an ABI break, but is considered to be acceptable
because plugins should never be allocating their own instance of this
struct, and currently none of the struct members are used for anything, so a
plugin should not be accessing them. It would also be safe to read/write
from the existing struct parameters.
- Give compile time warning if libwebsockets compiled without external poll
support. Closes #2060.
- Fix memory tracking not being available on FreeBSD or macOS. Closes #2096.
Client library:
- Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL
on topic == NULL.
Clients:
- Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
lines. Closes #2078.
Build:
- Provide a mechanism for Docker users to run a broker that doesn't use
authentication, without having to provide their own configuration file.
Closes #2040.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM
Correct the checksums where they were wrong
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
- drop patch install-protocol.patch: upstream
- add new cjson and dlt-daemon dependencies
- update copyright and license
- add build of manpages optionally via PACKAGECONFIG
- also install the new mosquitto_ctrl and mosquitto_dynamic_security.so tools
2.0.7 - 2021-02-04
==================
Broker:
- Fix exporting of executable symbols on BSD when building via makefile.
- Fix some minor memory leaks on exit only.
- Fix possible memory leak on connect. Closes #2057.
- Fix openssl engine not being able to load private key. Closes #2066.
Clients:
- Fix config files truncating options after the first space. Closes #2059.
Build:
- Fix man page building to not absolutely require xsltproc when using CMake.
This now handles the case where we are building from the released tar, or
building from git if xsltproc is available, or building from git if xsltproc
is not available.
1.6.13 - 2021-02-04
===================
Broker:
- Fix crash on Windows if loading a plugin fails. Closes #1866.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes #1925. Closes #1476.
- Fix local bridges being disconnected on SIGHUP. Closes #1942.
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
messages. Closes #1968.
- Fix listener not being reassociated with client when reloading a persistence
file and `per_listener_settings true` is set and the client did not set a
username. Closes #1891.
- Fix file logging on Windows. Closes #1880.
- Fix bridge sock not being removed from sock hash on error. Closes #1897.
Client library:
- Fix build on Mac Big Sur. Closes #1905.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes #1925. Closes #1476.
Clients:
- mosquitto_sub will now quit with an error if the %U option is used on
Windows, rather than just quitting. Closes #1908.
- Fix config files truncating options after the first space. Closes #2059.
Apps:
- Perform stricter parsing of input username in mosquitto_passwd. Closes
#570126 (Eclipse bugzilla).
Build:
- Enable epoll support in CMake builds.
2.0.6 - 2021-01-28
==================
Broker:
- Fix calculation of remaining length parameter for websockets clients that
send fragmented packets. Closes #1974.
Broker:
- Fix potential duplicate Will messages being sent when a will delay interval
has been set.
- Fix message expiry interval property not being honoured in
`mosquitto_broker_publish` and `mosquitto_broker_publish_copy`.
- Fix websockets listeners with TLS not responding. Closes #2020.
- Add notes that libsystemd-dev or similar is needed if building with systemd
support. Closes #2019.
- Improve logging in obscure cases when a client disconnects. Closes #2017.
- Fix reloading of listeners where multiple listeners have been defined with
the same port but different bind addresses. Closes #2029.
- Fix `message_size_limit` not applying to the Will payload. Closes #2022.
- The error topic-alias-invalid was being sent if an MQTT v5 client published
a message with empty topic and topic alias set, but the topic alias hadn't
already been configured on the broker. This has been fixed to send a
protocol error, as per section 3.3.4 of the specification.
- Note in the man pages that SIGHUP reloads TLS certificates. Closes #2037.
- Fix bridges not always connecting on Windows. Closes #2043.
Apps:
- Allow command line arguments to override config file options in
mosquitto_ctrl. Closes #2010.
- mosquitto_ctrl: produce an error when requesting a new password if both
attempts do not match. Closes #2011.
Build:
- Fix cmake builds using `WITH_CJSON=no` not working if cJSON not found.
Closes #2026.
Other:
- The SPDX identifiers for EDL-1.0 have been changed to BSD-3-Clause as per
The Eclipse legal documentation generator. The licenses are identical.
2.0.5 - 2021-01-11
==================
Broker:
- Fix `auth_method` not being provided to the extended auth plugin event.
Closes #1975.
- Fix large packets not being completely published to slow clients.
Closes #1977.
- Fix bridge connection not relinquishing POLLOUT after messages are sent.
Closes #1979.
- Fix apparmor incorrectly denying access to
/var/lib/mosquitto/mosquitto.db.new. Closes #1978.
- Fix potential intermittent initial bridge connections when using poll().
- Fix `bind_interface` option. Closes #1999.
- Fix invalid behaviour in dynsec plugin if a group or client is deleted
before a role that was attached to the group or client is deleted.
Closes #1998.
- Improve logging in dynsec addGroupRole command. Closes #2005.
- Improve logging in dynsec addGroupClient command. Closes #2008.
Client library:
- Improve documentation around the `_v5()` and non-v5 functions, e.g.
`mosquitto_publish()` and `mosquitto_publish_v5().
Build:
- `install` Makefile target should depend on `all`, not `mosquitto`, to ensure
that man pages are always built. Closes #1989.
- Fixes for lots of minor build warnings highlighted by Visual Studio.
Apps:
- Disallow control characters in mosquitto_passwd usernames.
- Fix incorrect description in mosquitto_ctrl man page. Closes #1995.
- Fix `mosquitto_ctrl dynsec getGroup` not showing roles. Closes #1997.
2.0.4 - 2020-12-22
==================
Broker:
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
messages. Closes #1968.
- mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not
reset the bind address option if called with bind_address == NULL.
- Fix dynamic security configuration possibly not being reloaded on Windows
only. Closes #1962.
- Add more log messages for dynsec load/save error conditions.
- Fix websockets connections blocking non-websockets connections on Windows.
Closes #1934.
Build:
- Fix man pages not being built when using CMake. Closes #1969.
2.0.3 - 2020-12-17
==================
Security:
- Running mosquitto_passwd with the following arguments only
`mosquitto_passwd -b password_file username password` would cause the
username to be used as the password.
Broker:
- Fix excessive CPU use on non-Linux systems when the open file limit is set
high. Closes #1947.
- Fix LWT not being sent on client takeover when the existing session wasn't
being continued. Closes #1946.
- Fix bridges possibly not completing connections when WITH_ADNS is in use.
Closes #1960.
- Fix QoS 0 messages not being delivered if max_queued_messages was set to 0.
Closes #1956.
- Fix local bridges being disconnected on SIGHUP. Closes #1942.
- Fix slow initial bridge connections for WITH_ADNS=no.
- Fix persistence_location not appending a '/'.
Clients:
- Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful
connection is not made. Closes #1957.
Apps:
- Fix `mosquitto_passwd -b` using username as password (not if `-c` is also
used). Closes #1949.
Build:
- Fix `install` target when using WITH_CJSON=no. Closes #1938.
- Fix `generic` docker build. Closes #1945.
2.0.2 - 2020-12-10
==================
Broker:
- Fix build regression for WITH_WEBSOCKETS=yes on non-Linux systems.
2.0.1 - 2020-12-10
==================
Broker:
- Fix websockets connections on Windows blocking subsequent connections.
Closes #1934.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes #1925. Closes #1476.
- Fix websockets listeners not causing the main loop not to wake up.
Closes #1936.
Client library:
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes #1925. Closes #1476.
Apps:
- Fix `mosquitto_passwd -U`
Build:
- Fix cjson include paths.
- Fix build using WITH_TLS=no when the openssl headers aren't available.
- Distribute cmake/ and snap/ directories in tar.
2.0.0 - 2020-12-03
==================
Breaking changes:
- When the Mosquitto broker is run without configuring any listeners it will
now bind to the loopback interfaces 127.0.0.1 and/or ::1. This means that
only connections from the local host will be possible.
Running the broker as `mosquitto` or `mosquitto -p 1883` will bind to the
loopback interface.
Running the broker with a configuration file with no listeners configured
will bind to the loopback interface with port 1883.
Running the broker with a listener defined will bind by default to `0.0.0.0`
/ `::` and so will be accessible from any interface. It is still possible to
bind to a specific address/interface.
If the broker is run as `mosquitto -c mosquitto.conf -p 1884`, and a
listener is defined in the configuration file, then the port defined on the
command line will be IGNORED, and no listener configured for it.
- All listeners now default to `allow_anonymous false` unless explicitly set
to true in the configuration file. This means that when configuring a
listener the user must either configure an authentication and access control
method, or set `allow_anonymous true`. When the broker is run without a
configured listener, and so binds to the loopback interface, anonymous
connections are allowed.
- If Mosquitto is run on as root on a unix like system, it will attempt to
drop privileges as soon as the configuration file has been read. This is in
contrast to the previous behaviour where elevated privileges were only
dropped after listeners had been started (and hence TLS certificates loaded)
and logging had been started. The change means that clients will never be
able to connect to the broker when it is running as root, unless the user
explicitly sets it to run as root, which is not advised. It also means that
all locations that the broker needs to access must be available to the
unprivileged user. In particular those people using TLS certificates from
Lets Encrypt will need to do something to allow Mosquitto to access
those certificates. An example deploy renewal hook script to help with this
is at `misc/letsencrypt/mosquitto-copy.sh`.
The user that Mosquitto will change to are the one provided in the
configuration, `mosquitto`, or `nobody`, in order of availability.
- The `pid_file` option will now always attempt to write a pid file,
regardless of whether the `-d` argument is used when running the broker.
- The `tls_version` option now defines the *minimum* TLS protocol version to
be used, rather than the exact version. Closes #1258.
- The `max_queued_messages` option has been increased from 100 to 1000 by
default, and now also applies to QoS 0 messages, when a client is connected.
- The mosquitto_sub, mosquitto_pub, and mosquitto_rr clients will now load
OS provided CA certificates by default if `-L mqtts://...` is used, or if
the port is set to 8883 and no other CA certificates are loaded.
- Minimum support libwebsockets version is now 2.4.0
- The license has changed from "EPL-1.0 OR EDL-1.0" to "EPL-2.0 OR EDL-1.0".
Broker features:
- New plugin interface which is more flexible, easier to develop for and
easier to extend.
- New dynamic security plugin, which allows clients, groups, and roles to be
defined and updated as the broker is running.
- Performance improvements, particularly for higher numbers of clients.
- When running as root, if dropping privileges to the "mosquitto" user fails,
then try "nobody" instead. This reduces the burden on users installing
Mosquitto themselves.
- Add support for Unix domain socket listeners.
- Add `bridge_outgoing_retain` option, to allow outgoing messages from a
bridge to have the retain bit completely disabled, which is useful when
bridging to e.g. Amazon or Google.
- Add support for MQTT v5 bridges to handle the "retain-available" property
being false.
- Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting
to a v3.x only broker.
- DLT logging is now configurable at runtime with `log_dest dlt`.
Closes #1735.
- Add `mosquitto_broker_publish()` and `mosquitto_broker_publish_copy()`
functions, which can be used by plugins to publish messages.
- Add `mosquitto_client_protocol_version()` function which can be used by
plugins to determine which version of MQTT a client has connected with.
- Add `mosquitto_kick_client_by_clientid()` and `mosquitto_kick_client_by_username()`
functions, which can be used by plugins to disconnect clients.
- Add support for handling $CONTROL/ topics in plugins.
- Add support for PBKDF2-SHA512 password hashing.
- Enabling certificate based TLS encryption is now through certfile and
keyfile, not capath or cafile.
- Added support for controlling UNSUBSCRIBE calls in v5 plugin ACL checks.
- Add "deny" acl type. Closes #1611.
- The broker now sends the receive-maximum property for MQTT v5 CONNACKs.
- Add the `bridge_max_packet_size` option. Closes #265.
- Add the `bridge_bind_address` option. Closes #1311.
- TLS certificates for the server are now reloaded on SIGHUP.
- Default for max_queued_messages has been changed to 1000.
- Add `ciphers_tls1.3` option, to allow setting TLS v1.3 ciphersuites.
Closes #1825.
- Bridges now obey MQTT v5 server-keepalive.
- Add bridge support for the MQTT v5 maximum-qos property.
- Log client port on new connections. Closes #1911.
Broker fixes:
- Send DISCONNECT with `malformed-packet` reason code on invalid PUBLISH,
SUBSCRIBE, and UNSUBSCRIBE packets.
- Document that X509_free() must be called after using
mosquitto_client_certificate(). Closes #1842.
- Fix listener not being reassociated with client when reloading a persistence
file and `per_listener_settings true` is set and the client did not set a
username. Closes #1891.
- Fix bridge sock not being removed from sock hash on error. Closes #1897.
- mosquitto_password now forbids the : character. Closes #1833.
- Fix `log_timestamp_format` not applying to `log_dest topic`. Closes #1862.
- Fix crash on Windows if loading a plugin fails. Closes #1866.
- Fix file logging on Windows. Closes #1880.
- Report an error if the config file is set to a directory. Closes #1814.
- Fix bridges incorrectly setting Wills to manage remote notifications when
`notifications_local_only` was set true. Closes #1902.
Client library features:
- Client no longer generates random client ids for v3.1.1 clients, these are
now expected to be generated on the broker. This matches the behaviour for
v5 clients. Closes #291.
- Add support for connecting to brokers through Unix domain sockets.
- Add `mosquitto_property_identifier()`, for retrieving the identifier integer
for a property.
- Add `mosquitto_property_identifier_to_string()` for converting a property
identifier integer to the corresponding property name string.
- Add `mosquitto_property_next()` to retrieve the next property in a list, for
iterating over property lists.
- mosquitto_pub now handles the MQTT v5 retain-available property by never
setting the retain bit.
- Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client
sockets. Closes #1526.
- Add `mosquitto_ssl_get()` to allow clients to access their SSL structure and
perform additional verification.
- Add MOSQ_OPT_BIND_ADDRESS to allow setting of a bind address independently
of the `mosquitto_connect*()` call.
- Add `MOSQ_OPT_TLS_USE_OS_CERTS` option, to instruct the client to load and
trust OS provided CA certificates for use with TLS connections.
Client library fixes:
- Fix send quota being incorrecly reset on reconnect. Closes #1822.
- Don't use logging until log mutex is initialised. Closes #1819.
- Fix missing mach/mach_time.h header on OS X. Closes #1831.
- Fix connect properties not being sent when the client automatically
reconnects. Closes #1846.
Client features:
- Add timeout return code (27) for `mosquitto_sub -W <secs>` and
`mosquitto_rr -W <secs>`. Closes #275.
- Add support for connecting to brokers through Unix domain sockets with the
`--unix` argument.
- Use cJSON library for producing JSON output, where available. Closes #1222.
- Add support for outputting MQTT v5 property information to mosquitto_sub/rr
JSON output. Closes #1416.
- Add `--pretty` option to mosquitto_sub/rr for formatted/unformatted JSON
output.
- Add support for v5 property printing to mosquitto_sub/rr in non-JSON mode.
Closes #1416.
- Add `--nodelay` to all clients to allow them to use the MOSQ_OPT_TCP_NODELAY
option.
- Add `-x` to all clients to all the session-expiry-interval property to be
easily set for MQTT v5 clients.
- Add `--random-filter` to mosquitto_sub, to allow only a certain proportion
of received messages to be printed.
- mosquitto_sub %j and %J timestamps are now in a ISO 8601 compatible format.
- mosquitto_sub now supports extra format specifiers for field width and
precision for some parameters.
- Add `--version` for all clients.
- All clients now load OS provided CA certificates if used with `-L
mqtts://...`, or if port is set to 8883 and no other CA certificates are
used. Closes #1824.
- Add the `--tls-use-os-certs` option to all clients.
Client fixes:
- mosquitto_sub will now exit if all subscriptions were denied.
- mosquitto_pub now sends 0 length files without an error when using `-f`.
- Fix description of `-e` and `-t` arguments in mosquitto_rr. Closes #1881.
- mosquitto_sub will now quit with an error if the %U option is used on
Windows, rather than just quitting. Closes #1908.
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <gianfranco.costamagna@abinsula.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
While using autoconf 2.71, the AM_MISSING_PROG caused unexpected error:
...
configure.ac: error: required file 'missing' not found
...
Since these tools were explicitly added by autotools bbclass,
remove the testing to workaround the error with autoconf 2.7
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Removed upstreamed patches.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
Andreas Müller
Yi Zhao
Persian Prince
wangmy
zangrc
Sekine Shigeki
Khem Raj
Romain Naour
Stefan Wiehler
Silcet
Reto Schneider
Kai Kang
Vinicius Aquino
Mingli Yu
zhengruoqin
zangrc
Gianfranco
Oleksandr Kravchuk
Hongxu Jia