Bump version number, update webpage.

7 years ago · bb72cf9088
parent 8350956a08
commit bb72cf9088
11 changed files with 136 additions and 11 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -11,7 +11,7 @@ project(mosquitto)
 cmake_minimum_required(VERSION 2.8)
 # Only for version 3 and up. cmake_policy(SET CMP0042 NEW)

-set (VERSION 1.5.6)
+set (VERSION 1.5.7)

 add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")

--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,4 +1,4 @@
-1.5.7 - 201902xx
+1.5.7 - 20190213
 ================

 Broker:
--- a/config.mk
+++ b/config.mk
@ -105,7 +105,7 @@ WITH_BUNDLED_DEPS:=yes

 # Also bump lib/mosquitto.h, CMakeLists.txt,
 # installer/mosquitto.nsi, installer/mosquitto64.nsi
-VERSION=1.5.6
+VERSION=1.5.7

 # Client library SO version. Bump if incompatible API/ABI changes are made.
 SOVERSION=1
--- a/installer/mosquitto.nsi
+++ b/installer/mosquitto.nsi
@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'

 Name "Eclipse Mosquitto"
-!define VERSION 1.5.6
+!define VERSION 1.5.7
 OutFile "mosquitto-${VERSION}-install-windows-x86.exe"

 InstallDir "$PROGRAMFILES\mosquitto"
--- a/installer/mosquitto64.nsi
+++ b/installer/mosquitto64.nsi
@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'

 Name "Eclipse Mosquitto"
-!define VERSION 1.5.6
+!define VERSION 1.5.7
 OutFile "mosquitto-${VERSION}-install-windows-x64.exe"

 !include "x64.nsh"
--- a/lib/mosquitto.h
+++ b/lib/mosquitto.h
@ -47,7 +47,7 @@ extern "C" {

 #define LIBMOSQUITTO_MAJOR 1
 #define LIBMOSQUITTO_MINOR 5
-#define LIBMOSQUITTO_REVISION 6
+#define LIBMOSQUITTO_REVISION 7
 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
 #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)

--- a/set-version.sh
+++ b/set-version.sh
@ -2,7 +2,7 @@

 MAJOR=1
 MINOR=5
-REVISION=6
+REVISION=7

 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk

--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@ -1,5 +1,5 @@
 name: mosquitto
-version: 1.5.6
+version: 1.5.7
 summary: Eclipse Mosquitto MQTT broker
 description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
    protocol.
--- a/www/pages/download.md
+++ b/www/pages/download.md
@ -11,7 +11,7 @@

 # Source

-* [mosquitto-1.5.5.tar.gz](https://mosquitto.org/files/source/mosquitto-1.5.5.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.5.5.tar.gz.asc))
+* [mosquitto-1.5.7.tar.gz](https://mosquitto.org/files/source/mosquitto-1.5.7.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.5.7.tar.gz.asc))
 * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)

 Older downloads are available at [https://mosquitto.org/files/](../files/)
@ -24,8 +24,8 @@ distributions.

 ## Windows

-* [mosquitto-1.5.5-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.5.5-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
-* [mosquitto-1.5.5-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.5.5-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)
+* [mosquitto-1.5.6-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.5.6-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
+* [mosquitto-1.5.6-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.5.6-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)

 See also readme-windows.txt after installing.

--- a/www/posts/2019/02/version-1-5-6-released.md
+++ b/www/posts/2019/02/version-1-5-6-released.md
@ -0,0 +1,89 @@
+<!--
+.. title: Version 1.5.6 released
+.. slug: version-1-5-6-released
+.. date: 2019-02-08 13:00:00 UTC
+.. tags: Security,Releases
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+Mosquitto 1.5.6 has been released to address three potential security vulnerabilities.
+
+# CVE-2018-12551
+
+If Mosquitto is configured to use a password file for authentication, any
+malformed data in the password file will be treated as valid. This typically
+means that the malformed data becomes a username and no password. If this
+occurs, clients can circumvent authentication and get access to the broker by
+using the malformed username. In particular, a blank line will be treated as a
+valid empty username. Other security measures are unaffected. **Users who have
+only used the `mosquitto_passwd` utility to create and modify their password
+files are unaffected by this vulnerability**. Affects version 1.0 to 1.5.5
+inclusive.
+
+Patches for older versions are available at <https://mosquitto.org/files/cve/2018-12551>
+
+# CVE-2018-12550
+
+If an ACL file is empty, or has only blank lines or comments, then mosquitto
+treats the ACL file as not being defined, which means that no topic access is
+denied. Although denying access to all topics is not a useful configuration,
+this behaviour is unexpected and could lead to access being incorrectly granted
+in some circumstances. Affects versions 1.0 to 1.5.5 inclusive.
+
+Patches for older versions are available at <https://mosquitto.org/files/cve/2018-12550>
+
+# CVE-2018-12546
+
+If a client publishes a retained message to a topic that they have access to,
+and then their access to that topic is revoked, the retained message will still
+be delivered to future subscribers. This behaviour may be undesirable in some
+applications, so a configuration option `check_retain_source` has been
+introduced to enforce checking of the retained message source on publish.  
+
+Patches for older versions are available at <https://mosquitto.org/files/cve/2018-12546>
+
+# Version 1.5.6 Changes
+
+The list of other fixes addressed in version 1.5.6 is:
+
+## Broker
+
+- Fixed comment handling for config options that have optional arguments.
+- Improved documentation around bridge topic remapping.
+- Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
+- Fix spaces not being allowed in the bridge `remote_username option`. Closes
+  [#1131].
+- Allow broker to always restart on Windows when using `log_dest file`. Closes
+  [#1080].
+- Fix Will not being sent for Websockets clients. Closes [#1143].
+- Windows: Fix possible crash when client disconnects. Closes [#1137].
+- Fixed durable clients being unable to receive messages when offline, when
+  `per_listener_settings` was set to true. Closes [#1081].
+- Add log message for the case where a client is disconnected for sending a
+  topic with invalid UTF-8. Closes [#1144].
+
+## Library
+
+- Fix TLS connections not working over SOCKS.
+- Don't clear SSL context when TLS connection is closed, meaning if a user
+  provided an external SSL_CTX they have less chance of leaking references.
+
+## Build
+
+- Fix comparison of boolean values in CMake build. Closes [#1101].
+- Fix compilation when openssl deprecated APIs are not available.
+  Closes [#1094].
+- Man pages can now be built on any system. Closes [#1139].
+
+[#1080]: https://github.com/eclipse/mosquitto/issues/1080
+[#1081]: https://github.com/eclipse/mosquitto/issues/1081
+[#1094]: https://github.com/eclipse/mosquitto/issues/1094
+[#1101]: https://github.com/eclipse/mosquitto/issues/1101
+[#1131]: https://github.com/eclipse/mosquitto/issues/1131
+[#1137]: https://github.com/eclipse/mosquitto/issues/1137
+[#1139]: https://github.com/eclipse/mosquitto/issues/1139
+[#1143]: https://github.com/eclipse/mosquitto/issues/1143
+[#1144]: https://github.com/eclipse/mosquitto/issues/1144
--- a/www/posts/2019/02/version-1-5-7-released.md
+++ b/www/posts/2019/02/version-1-5-7-released.md
@ -0,0 +1,36 @@
+<!--
+.. title: Version 1.5.7 released
+.. slug: version-1-5-7-released
+.. date: 2019-02-13 23:50:00 UTC
+.. tags: Releases
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+This is a bugfix release.
+
+## Broker
+- Fix build failure when using `WITH_ADNS=yes`
+- Ensure that an error occurs if `per_listener_settings true` is given after
+  other security options. Closes [#1149].
+- Fix `include_dir` not sorting config files before loading. This was partially
+  fixed in 1.5 previously.
+- Improve documentation around the `include_dir` option. Closes [#1154].
+- Fix case where old unreferenced msg_store messages were being saved to the
+  persistence file, bloating its size unnecessarily. Closes [#389].
+
+## Library
+- Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for
+  invalid subscriptions like `topic/#abc`. This only affects the return value,
+  not the match/no match result, which was already correct.
+
+## Build
+- Don't require C99 compiler.
+- Add rewritten build test script and remove some build warnings.
+
+
+[#389]: https://github.com/eclipse/mosquitto/issues/389
+[#1149]: https://github.com/eclipse/mosquitto/issues/1149
+[#1154]: https://github.com/eclipse/mosquitto/issues/1154