Merge branch 'fixes' into mqtt5

CMakeLists.txt

@@ -11,7 +11,7 @@ project(mosquitto)
 cmake_minimum_required(VERSION 2.8)
 # Only for version 3 and up. cmake_policy(SET CMP0042 NEW)
 
-set (VERSION 1.5.5)
+set (VERSION 1.5.6)
 
 add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")
 
@@ -51,7 +51,7 @@ option(WITH_TLS_PSK
  "Include TLS-PSK support (requires WITH_TLS)?" ON)
 option(WITH_EC
  "Include Elliptic Curve support (requires WITH_TLS)?" ON)
-if (${WITH_TLS} STREQUAL ON)
+if (WITH_TLS)
  find_package(OpenSSL REQUIRED)
  add_definitions("-DWITH_TLS")
 
@@ -62,19 +62,19 @@ if (${WITH_TLS} STREQUAL ON)
  if (${WITH_EC} STREQUAL ON)
  add_definitions("-DWITH_EC")
  endif (${WITH_EC} STREQUAL ON)
-else (${WITH_TLS} STREQUAL ON)
+else (WITH_TLS)
  set (OPENSSL_INCLUDE_DIR "")
-endif (${WITH_TLS} STREQUAL ON)
+endif (WITH_TLS)
 
 option(WITH_SOCKS "Include SOCKS5 support?" ON)
-if (${WITH_SOCKS} STREQUAL ON)
+if (WITH_SOCKS)
  add_definitions("-DWITH_SOCKS")
-endif (${WITH_SOCKS} STREQUAL ON)
+endif (WITH_SOCKS)
 
 option(WITH_SRV "Include SRV lookup support?" OFF)
 
 option(WITH_THREADING "Include client library threading support?" ON)
-if (${WITH_THREADING} STREQUAL ON)
+if (WITH_THREADING)
  add_definitions("-DWITH_THREADING")
  if (WIN32)
  if (CMAKE_CL_64)
@@ -92,10 +92,10 @@ if (${WITH_THREADING} STREQUAL ON)
  endif()
  set (PTHREAD_INCLUDE_DIR "")
  endif (WIN32)
-else (${WITH_THREADING} STREQUAL ON)
+else (WITH_THREADING)
  set (PTHREAD_LIBRARIES "")
  set (PTHREAD_INCLUDE_DIR "")
-endif (${WITH_THREADING} STREQUAL ON)
+endif (WITH_THREADING)
 
 option(DOCUMENTATION "Build documentation?" ON)
 
@@ -106,9 +106,9 @@ option(DOCUMENTATION "Build documentation?" ON)
 add_subdirectory(lib)
 add_subdirectory(client)
 add_subdirectory(src)
-if (${DOCUMENTATION} STREQUAL ON)
+if (DOCUMENTATION)
  add_subdirectory(man)
-endif (${DOCUMENTATION} STREQUAL ON)
+endif (DOCUMENTATION)
 
 # ========================================
 # Install config file

ChangeLog.txt

@@ -23,13 +23,86 @@ Client fixes:
  QoS>0. This has been fixed.
 
 
+1.5.7 - 201902xx
+================
+
+Broker:
+- Fix build failure when using WITH_ADNS=yes
+- Ensure that an error occurs if `per_listener_settings true` is given after
+ other security options. Closes #1149.
+- Fix include_dir not sorting config files before loading. This was partially
+ fixed in 1.5 previously.
+
+Library:
+- Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for
+ invalid subscriptions like `topic/#abc`. This only affects the return value,
+ not the match/no match result, which was already correct.
+
+Build:
+- Don't require C99 compiler.
+
+
+1.5.6 - 20190206
+================
+
+Security:
+- CVE-2018-12551: If Mosquitto is configured to use a password file for
+ authentication, any malformed data in the password file will be treated as
+ valid. This typically means that the malformed data becomes a username and no
+ password. If this occurs, clients can circumvent authentication and get access
+ to the broker by using the malformed username. In particular, a blank line
+ will be treated as a valid empty username. Other security measures are
+ unaffected. Users who have only used the mosquitto_passwd utility to create
+ and modify their password files are unaffected by this vulnerability.
+ Affects version 1.0 to 1.5.5 inclusive.
+- CVE-2018-12550: If an ACL file is empty, or has only blank lines or
+ comments, then mosquitto treats the ACL file as not being defined, which
+ means that no topic access is denied. Although denying access to all topics
+ is not a useful configuration, this behaviour is unexpected and could lead
+ to access being incorrectly granted in some circumstances. This is now
+ fixed. Affects versions 1.0 to 1.5.5 inclusive.
+- CVE-2018-12546. If a client publishes a retained message to a topic that
+ they have access to, and then their access to that topic is revoked, the
+ retained message will still be delivered to future subscribers. This
+ behaviour may be undesirable in some applications, so a configuration option
+ `check_retain_source` has been introduced to enforce checking of the
+ retained message source on publish.
+
+Broker:
+- Fixed comment handling for config options that have optional arguments.
+- Improved documentation around bridge topic remapping.
+- Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
+- Fix spaces not being allowed in the bridge remote_username option. Closes
+ #1131.
+- Allow broker to always restart on Windows when using `log_dest file`. Closes
+ #1080.
+- Fix Will not being sent for Websockets clients. Closes #1143.
+- Windows: Fix possible crash when client disconnects. Closes #1137.
+- Fixed durable clients being unable to receive messages when offline, when
+ per_listener_settings was set to true. Closes #1081.
+- Add log message for the case where a client is disconnected for sending a
+ topic with invalid UTF-8. Closes #1144.
+
+Library:
+- Fix TLS connections not working over SOCKS.
+- Don't clear SSL context when TLS connection is closed, meaning if a user
+ provided an external SSL_CTX they have less chance of leaking references.
+
+Build:
+- Fix comparison of boolean values in CMake build. Closes #1101.
+- Fix compilation when openssl deprecated APIs are not available.
+ Closes #1094.
+- Man pages can now be built on any system. Closes #1139.
+
+
 1.5.5 - 20181211
 ================
 
 Security:
 - If `per_listener_settings` is set to true, then the `acl_file` setting was
  ignored for the "default listener" only. This has been fixed. This does not
  affect any listeners defined with the `listener` option. Closes #1073.
+ This is now tracked as CVE-2018-20145.
 
 Broker:
 - Add `socket_domain` option to allow listeners to disable IPv6 support.

client/CMakeLists.txt

@@ -1,12 +1,13 @@
 include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/lib
- ${STDBOOL_H_PATH} ${STDINT_H_PATH} ${PTHREAD_INCLUDE_DIR})
+ ${STDBOOL_H_PATH} ${STDINT_H_PATH} ${PTHREAD_INCLUDE_DIR}
+ ${OPENSSL_INCLUDE_DIR})
 link_directories(${mosquitto_BINARY_DIR}/lib)
 
 set(shared_src client_shared.c client_shared.h client_props.c)
 
-if (${WITH_SRV} STREQUAL ON)
+if (WITH_SRV)
  add_definitions("-DWITH_SRV")
-endif (${WITH_SRV} STREQUAL ON)
+endif (WITH_SRV)
 
 add_executable(mosquitto_pub pub_client.c pub_shared.c ${shared_src})
 add_executable(mosquitto_sub sub_client.c sub_client_output.c ${shared_src})

client/Makefile

@@ -20,10 +20,10 @@ static : static_pub static_sub
  # This makes mosquitto_pub/sub versions that are statically linked with
  # libmosquitto only.
 
-static_pub : pub_client.o pub_shared.o client_shared.o ../lib/libmosquitto.a
+static_pub : pub_client.o pub_shared.o client_props.o client_shared.o ../lib/libmosquitto.a
  ${CROSS_COMPILE}${CC} $^ -o mosquitto_pub ${CLIENT_LDFLAGS} -lssl -lcrypto -lpthread
 
-static_sub : sub_client.o sub_client_output.o client_shared.o ../lib/libmosquitto.a
+static_sub : sub_client.o sub_client_output.o client_props.o client_shared.o ../lib/libmosquitto.a
  ${CROSS_COMPILE}${CC} $^ -o mosquitto_sub ${CLIENT_LDFLAGS} -lssl -lcrypto -lpthread
 
 mosquitto_pub : pub_client.o pub_shared.o client_shared.o client_props.o

client/client_shared.c

@@ -35,7 +35,9 @@ and the Eclipse Distribution License is available at
 #include <mqtt_protocol.h>
 #include "client_shared.h"
 
+#ifdef WITH_SOCKS
 static int mosquitto__parse_socks_url(struct mosq_config *cfg, char *url);
+#endif
 static int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, char *argv[]);
 
 
@@ -945,7 +947,9 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c
 
 int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
 {
+#ifdef WITH_SOCKS
  int rc;
+#endif
 
  mosquitto_int_option(mosq, MOSQ_OPT_PROTOCOL_VERSION, cfg->protocol_version);
 

config.mk

@@ -104,13 +104,13 @@ WITH_COVERAGE:=no
 
 # Also bump lib/mosquitto.h, CMakeLists.txt,
 # installer/mosquitto.nsi, installer/mosquitto64.nsi
-VERSION=1.5.5
+VERSION=1.5.6
 
 # Client library SO version. Bump if incompatible API/ABI changes are made.
 SOVERSION=1
 
 # Man page generation requires xsltproc and docbook-xsl
-XSLTPROC=xsltproc
+XSLTPROC=xsltproc --nonet
 # For html generation
 DB_HTML_XSL=man/html.xsl
 

docker/1.5/Dockerfile

@@ -3,8 +3,8 @@ FROM alpine:3.8
 LABEL maintainer="Roger Light <[email protected]>" \
  description="Eclipse Mosquitto MQTT Broker"
 
-ENV VERSION=1.5.5 \
- DOWNLOAD_SHA256=fcdb47e340864c545146681af7253399cc292e41775afd76400fda5b0d23d668 \
+ENV VERSION=1.5.6 \
+ DOWNLOAD_SHA256=d5bdc13cc668350026376d57fc14de10aaee029f6840707677637d15e0751a40 \
  GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \
  LWS_VERSION=2.4.2
 

installer/mosquitto.nsi

@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 1.5.5
+!define VERSION 1.5.6
 OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
 
 InstallDir "$PROGRAMFILES\mosquitto"

installer/mosquitto64.nsi

@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 1.5.5
+!define VERSION 1.5.6
 OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
 
 !include "x64.nsh"

lib/CMakeLists.txt

@@ -63,7 +63,7 @@ if (WIN32)
  set (LIBRARIES ${LIBRARIES} ws2_32)
 endif (WIN32)
 
-if (${WITH_SRV} STREQUAL ON)
+if (WITH_SRV)
  # Simple detect c-ares
  find_path(ARES_HEADER ares.h)
  if (ARES_HEADER)
@@ -72,7 +72,7 @@ if (${WITH_SRV} STREQUAL ON)
  else (ARES_HEADER)
  message(WARNING "c-ares library not found.")
  endif (ARES_HEADER)
-endif (${WITH_SRV} STREQUAL ON)
+endif (WITH_SRV)
 
 add_library(libmosquitto SHARED ${C_SRC})
 set_target_properties(libmosquitto PROPERTIES
@@ -89,13 +89,13 @@ set_target_properties(libmosquitto PROPERTIES
 
 install(TARGETS libmosquitto RUNTIME DESTINATION "${BINDIR}" LIBRARY DESTINATION "${LIBDIR}")
 
-if (${WITH_STATIC_LIBRARIES} STREQUAL ON)
+if (WITH_STATIC_LIBRARIES)
  add_library(libmosquitto_static STATIC ${C_SRC})
- if (${WITH_PIC} STREQUAL ON)
+ if (WITH_PIC)
  set_target_properties(libmosquitto_static PROPERTIES
  POSITION_INDEPENDENT_CODE 1
  )
- endif (${WITH_PIC} STREQUAL ON)
+ endif (WITH_PIC)
 
  target_link_libraries(libmosquitto_static ${LIBRARIES})
 
@@ -106,7 +106,7 @@ if (${WITH_STATIC_LIBRARIES} STREQUAL ON)
 
  target_compile_definitions(libmosquitto_static PUBLIC "LIBMOSQUITTO_STATIC")
  install(TARGETS libmosquitto_static RUNTIME DESTINATION "${BINDIR}" ARCHIVE DESTINATION "${LIBDIR}")
-endif (${WITH_STATIC_LIBRARIES} STREQUAL ON)
+endif (WITH_STATIC_LIBRARIES)
 
 install(FILES mosquitto.h DESTINATION "${INCLUDEDIR}")
 

lib/cpp/CMakeLists.txt

@@ -15,16 +15,16 @@ set_target_properties(mosquittopp PROPERTIES
 )
 install(TARGETS mosquittopp RUNTIME DESTINATION "${BINDIR}" LIBRARY DESTINATION "${LIBDIR}")
 
-if (${WITH_STATIC_LIBRARIES} STREQUAL ON)
+if (WITH_STATIC_LIBRARIES)
  add_library(mosquittopp_static STATIC
  ${C_SRC}
  ${CPP_SRC}
  )
- if (${WITH_PIC} STREQUAL ON)
+ if (WITH_PIC)
  set_target_properties(mosquittopp_static PROPERTIES
  POSITION_INDEPENDENT_CODE 1
  )
- endif (${WITH_PIC} STREQUAL ON)
+ endif (WITH_PIC)
 
  target_link_libraries(mosquittopp_static ${LIBRARIES})
 
@@ -35,7 +35,7 @@ if (${WITH_STATIC_LIBRARIES} STREQUAL ON)
 
  target_compile_definitions(mosquittopp_static PUBLIC "LIBMOSQUITTO_STATIC")
  install(TARGETS mosquittopp_static RUNTIME DESTINATION "${BINDIR}" ARCHIVE DESTINATION "${LIBDIR}")
-endif (${WITH_STATIC_LIBRARIES} STREQUAL ON)
+endif (WITH_STATIC_LIBRARIES)
 
 install(FILES mosquittopp.h DESTINATION "${INCLUDEDIR}")
 

lib/handle_pubackcomp.c

@@ -46,10 +46,12 @@ int handle__pubackcomp(struct mosquitto *mosq, const char *type)
  uint16_t mid;
  int rc;
  mosquitto_property *properties = NULL;
+ int qos;
 
  assert(mosq);
  rc = packet__read_uint16(&mosq->in_packet, &mid);
  if(rc) return rc;
+ qos = type[3] == 'A'?1:2; /* pubAck or pubComp */
  if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
  if(mosq->protocol == mosq_p_mqtt5 && mosq->in_packet.remaining_length > 2){
@@ -69,7 +71,7 @@ int handle__pubackcomp(struct mosquitto *mosq, const char *type)
  mosquitto_property_free_all(&properties);
 
  if(mid){
- rc = db__message_delete(db, mosq, mid, mosq_md_out);
+ rc = db__message_delete(db, mosq, mid, mosq_md_out, mosq_ms_wait_for_pubcomp, qos);
  if(rc == MOSQ_ERR_NOT_FOUND){
  log__printf(mosq, MOSQ_LOG_WARNING, "Warning: Received %s from %s for an unknown packet identifier %d.", type, mosq->id, mid);
  return MOSQ_ERR_SUCCESS;
@@ -80,7 +82,10 @@ int handle__pubackcomp(struct mosquitto *mosq, const char *type)
 #else
  log__printf(mosq, MOSQ_LOG_DEBUG, "Client %s received %s (Mid: %d)", mosq->id, type, mid);
 
- if(!message__delete(mosq, mid, mosq_md_out)){
+ rc = message__delete(mosq, mid, mosq_md_out, qos);
+ if(rc){
+ return rc;
+ }else{
  /* Only inform the client the message has been sent once. */
  pthread_mutex_lock(&mosq->callback_mutex);
  if(mosq->on_publish){

lib/handle_pubrec.c

@@ -63,17 +63,17 @@ int handle__pubrec(struct mosquitto_db *db, struct mosquitto *mosq)
  log__printf(NULL, MOSQ_LOG_DEBUG, "Received PUBREC from %s (Mid: %d)", mosq->id, mid);
 
  if(reason_code < 0x80){
- rc = db__message_update(mosq, mid, mosq_md_out, mosq_ms_wait_for_pubcomp);
+ rc = db__message_update(mosq, mid, mosq_md_out, mosq_ms_wait_for_pubcomp, 2);
  }else{
- return db__message_delete(db, mosq, mid, mosq_md_out);
+ return db__message_delete(db, mosq, mid, mosq_md_out, mosq_ms_wait_for_pubrec, 2);
  }
 #else
  log__printf(mosq, MOSQ_LOG_DEBUG, "Client %s received PUBREC (Mid: %d)", mosq->id, mid);
 
  if(reason_code < 0x80){
- rc = message__out_update(mosq, mid, mosq_ms_wait_for_pubcomp);
+ rc = message__out_update(mosq, mid, mosq_ms_wait_for_pubcomp, 2);
  }else{
- if(!message__delete(mosq, mid, mosq_md_out)){
+ if(!message__delete(mosq, mid, mosq_md_out, 2)){
  /* Only inform the client the message has been sent once. */
  pthread_mutex_lock(&mosq->callback_mutex);
  if(mosq->on_publish_v5){