From e492a61cd856a2a113a0af8244f5c7c960099c7e Mon Sep 17 00:00:00 2001 From: Vinod Kumar Date: Fri, 28 Sep 2018 01:29:38 +0530 Subject: [PATCH 01/58] return MOSQ_ERR_INVAL if config has invalid boolean value Signed-off-by: Vinod Kumar --- src/conf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/conf.c b/src/conf.c index 27a7bacd0f..fac25a61f2 100644 --- a/src/conf.c +++ b/src/conf.c @@ -2126,6 +2126,7 @@ static int conf__parse_bool(char **token, const char *name, bool *value, char *s *value = true; }else{ log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid %s value (%s).", name, *token); + return MOSQ_ERR_INVAL; } }else{ log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty %s value in configuration.", name); From 3be1badef0a4bf5bbdc55fc24b881f5296a16342 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 2 Oct 2018 23:54:24 +0100 Subject: [PATCH 02/58] Include mosquitto_passwd in snap. --- snap/snapcraft.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c7569010ed..3f36dcb4af 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -26,6 +26,9 @@ apps: command: usr/bin/mosquitto_sub plugs: [network] + passwd: + command: usr/bin/mosquitto_passwd + parts: script: From 1690f760e408cfa454388fe028f7be7c4703b958 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 2 Oct 2018 23:56:19 +0100 Subject: [PATCH 03/58] Add header files to snap. --- snap/snapcraft.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3f36dcb4af..5f59fcfa41 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -70,6 +70,9 @@ parts: - lib/*-linux-gnu/libcrypto.so* - lib/*-linux-gnu/libssl.so* - lib/*-linux-gnu/libuuid.so* + - usr/include/mosquitto.h + - usr/include/mosquitto_broker.h + - usr/include/mosquitto_plugin.h lws: plugin: cmake From f6c19b773a245da1265c846ee74a46496412040c Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 2 Oct 2018 23:58:11 +0100 Subject: [PATCH 04/58] Bump snap version. --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5f59fcfa41..e5bb7125c4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: mosquitto -version: 1.5.3 +version: 1.5.3-1 summary: Eclipse Mosquitto MQTT broker description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT protocol. From 07d59d20e25b228bb3500ad93a6bd2fb167b752d Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 3 Oct 2018 08:11:46 +0100 Subject: [PATCH 05/58] Add missing line. --- snap/snapcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e5bb7125c4..f3a6d1cfb4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -66,6 +66,7 @@ parts: - usr/sbin/mosquitto - usr/bin/mosquitto_pub - usr/bin/mosquitto_sub + - usr/bin/mosquitto_passwd - usr/lib/libmosquitto.so* - lib/*-linux-gnu/libcrypto.so* - lib/*-linux-gnu/libssl.so* From e5eb03b2e63260463a9df70a30e0f57a606f2292 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 7 Oct 2018 00:56:42 +0100 Subject: [PATCH 06/58] Allow building without shared library. --- client/Makefile | 20 ++++++++++++++++---- config.mk | 8 +++++++- lib/Makefile | 13 ++++++++++++- 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/client/Makefile b/client/Makefile index 844bc6e0c2..57acbdf925 100644 --- a/client/Makefile +++ b/client/Makefile @@ -2,7 +2,19 @@ include ../config.mk .PHONY: all install uninstall reallyclean clean static static_pub static_sub -all : mosquitto_pub mosquitto_sub +ifeq ($(WITH_SHARED_LIBRARIES),yes) +SHARED_DEP:=../lib/libmosquitto.so.${SOVERSION} +endif + +ifeq ($(WITH_SHARED_LIBRARIES),yes) + ALL_DEPS:= mosquitto_pub mosquitto_sub +else +ifeq ($(WITH_STATIC_LIBRARIES),yes) + ALL_DEPS:= static_pub static_sub +endif +endif + +all : ${ALL_DEPS} static : static_pub static_sub # This makes mosquitto_pub/sub versions that are statically linked with @@ -20,13 +32,13 @@ mosquitto_pub : pub_client.o client_shared.o mosquitto_sub : sub_client.o sub_client_output.o client_shared.o ${CROSS_COMPILE}${CC} $^ -o $@ ${CLIENT_LDFLAGS} -pub_client.o : pub_client.c ../lib/libmosquitto.so.${SOVERSION} +pub_client.o : pub_client.c ${SHARED_DEP} ${CROSS_COMPILE}${CC} -c $< -o $@ ${CLIENT_CFLAGS} -sub_client.o : sub_client.c ../lib/libmosquitto.so.${SOVERSION} +sub_client.o : sub_client.c ${SHARED_DEP} ${CROSS_COMPILE}${CC} -c $< -o $@ ${CLIENT_CFLAGS} -sub_client_output.o : sub_client_output.c ../lib/libmosquitto.so.${SOVERSION} +sub_client_output.o : sub_client_output.c ${SHARED_DEP} ${CROSS_COMPILE}${CC} -c $< -o $@ ${CLIENT_CFLAGS} client_shared.o : client_shared.c client_shared.h diff --git a/config.mk b/config.mk index 3e877ccfb3..9871ff051f 100644 --- a/config.mk +++ b/config.mk @@ -86,6 +86,9 @@ WITH_STRIP:=no # Build static libraries WITH_STATIC_LIBRARIES:=no +# Build shared libraries +WITH_SHARED_LIBRARIES:=yes + # Build with async dns lookup support for bridges (temporary). Requires glibc. #WITH_ADNS:=yes @@ -146,7 +149,10 @@ ifeq ($(UNAME),Linux) LIB_LIBS:=$(LIB_LIBS) -lrt endif -CLIENT_LDFLAGS:=$(LDFLAGS) -L../lib ../lib/libmosquitto.so.${SOVERSION} +CLIENT_LDFLAGS:=$(LDFLAGS) -L../lib +ifeq ($(WITH_SHARED_LIBRARIES),yes) + CLIENT_LDFLAGS:=${CLIENT_LDFLAGS} ../lib/libmosquitto.so.${SOVERSION} +endif ifeq ($(UNAME),SunOS) ifeq ($(CC),cc) diff --git a/lib/Makefile b/lib/Makefile index 3a293a8aee..06577152e1 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -38,19 +38,28 @@ MOSQ_OBJS=mosquitto.o \ util_mosq.o \ will_mosq.o -ALL_DEPS=libmosquitto.so.${SOVERSION} +ALL_DEPS:= + +ifeq ($(WITH_SHARED_LIBRARIES),yes) + ALL_DEPS+=libmosquitto.so.${SOVERSION} +endif ifeq ($(WITH_STATIC_LIBRARIES),yes) ALL_DEPS+=libmosquitto.a endif all : ${ALL_DEPS} +ifeq ($(WITH_SHARED_LIBRARIES),yes) $(MAKE) -C cpp +endif install : all $(INSTALL) -d "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/" + +ifeq ($(WITH_SHARED_LIBRARIES),yes) $(INSTALL) ${STRIP_OPTS} libmosquitto.so.${SOVERSION} "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION}" ln -sf libmosquitto.so.${SOVERSION} "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so" +endif ifeq ($(WITH_STATIC_LIBRARIES),yes) $(INSTALL) libmosquitto.a "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.a" ${CROSS_COMPILE}${STRIP} -g --strip-unneeded "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.a" @@ -60,7 +69,9 @@ endif $(INSTALL) -d "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig" $(INSTALL) -m644 ../libmosquitto.pc.in "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig/libmosquitto.pc" sed -i -e "s#@CMAKE_INSTALL_PREFIX@#$(prefix)#" -e "s#@VERSION@#$(VERSION)#" "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig/libmosquitto.pc" +ifeq ($(WITH_SHARED_LIBRARIES),yes) $(MAKE) -C cpp install +endif uninstall : -rm -f "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION}" From 0a9ee5b4cf2664188b491a196ee4dbede36b0e89 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 23 Oct 2018 10:46:55 +0100 Subject: [PATCH 07/58] Fix memory leak when reconnecting with TLS errors. Fix memory leak that occurred if mosquitto_reconnect() was used when TLS errors were present. Closes #592. Thanks to smartdabao and aaronovz1. --- ChangeLog.txt | 8 ++++++++ lib/net_mosq.c | 3 +++ 2 files changed, 11 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index 18c5514d2b..50f02d9cda 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,11 @@ +1.5.4 - 201810xx +================ + +Library: +- Fix memory leak that occurred if mosquitto_reconnect() was used when TLS +errors were present. Closes #592. + + 1.5.3 - 20180925 ================ diff --git a/lib/net_mosq.c b/lib/net_mosq.c index 5494abaea7..4efda3d2f8 100644 --- a/lib/net_mosq.c +++ b/lib/net_mosq.c @@ -596,6 +596,9 @@ int net__socket_connect_step3(struct mosquitto *mosq, const char *host, uint16_t if(rc) return rc; if(mosq->ssl_ctx){ + if(mosq->ssl){ + SSL_free(mosq->ssl); + } mosq->ssl = SSL_new(mosq->ssl_ctx); if(!mosq->ssl){ COMPAT_CLOSE(mosq->sock); From 976edc616506200b8759edc5c32074578f74142d Mon Sep 17 00:00:00 2001 From: Jonathan Hanson Date: Wed, 22 Aug 2018 19:35:46 -0700 Subject: [PATCH 08/58] Add a new dockerfile and associated files, to build from a source tarball, instead of installing a built and published Alpine APK package. Signed-off-by: Jonathan Hanson --- docker/from_dist/Dockerfile | 70 +++++++++++++++++++++++++++ docker/from_dist/README.md | 47 ++++++++++++++++++ docker/from_dist/docker-entrypoint.sh | 4 ++ 3 files changed, 121 insertions(+) create mode 100644 docker/from_dist/Dockerfile create mode 100644 docker/from_dist/README.md create mode 100755 docker/from_dist/docker-entrypoint.sh diff --git a/docker/from_dist/Dockerfile b/docker/from_dist/Dockerfile new file mode 100644 index 0000000000..3b36963deb --- /dev/null +++ b/docker/from_dist/Dockerfile @@ -0,0 +1,70 @@ +FROM alpine:latest AS build + +# A released dist version, like "1.2.3" +ARG VERSION +RUN test -n "${VERSION}" + +RUN apk --no-cache add \ + build-base \ + libressl-dev \ + c-ares-dev \ + curl \ + util-linux-dev \ + libwebsockets-dev \ + libxslt \ + python2 + +# This build procedure is based on: +# https://github.com/alpinelinux/aports/blob/master/main/mosquitto/APKBUILD +# +# If this step fails, double check the version build-arg and make sure its +# a valid published tarball at https://mosquitto.org/files/source/ +RUN mkdir -p /build /install && \ + curl -SL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz \ + | tar --strip=1 -xzC /build && \ + make -C /build \ + WITH_MEMORY_TRACKING=no \ + WITH_WEBSOCKETS=yes \ + WITH_SRV=yes \ + WITH_TLS_PSK=no \ + WITH_ADNS=no \ + prefix=/usr \ + binary && \ + make -C /build \ + prefix=/usr \ + DESTDIR="/install" \ + install && \ + mv /install/etc/mosquitto/mosquitto.conf.example /install/etc/mosquitto/mosquitto.conf && \ + sed -i -e 's/#log_dest stderr/log_dest syslog/' /install/etc/mosquitto/mosquitto.conf + + +# Single-layer image for the mosquitto distribution +FROM alpine:latest +LABEL maintainer="Jonathan Hanson " +LABEL description="Eclipse Mosquitto MQTT Broker" + +# Install the run-time dependencies +RUN apk --no-cache add \ + busybox \ + libcrypto1.0 \ + libssl1.0 \ + libuuid \ + libwebsockets \ + musl + +# Copy over the built install from the earlier image layer +COPY --from=build /install / + +# Set up the mosquitto directories and the mosquitto user +RUN addgroup -S mosquitto 2>/dev/null && \ + adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \ + chown -R mosquitto:mosquitto /mosquitto + +VOLUME ["/mosquitto/config", "/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/from_dist/README.md b/docker/from_dist/README.md new file mode 100644 index 0000000000..421cb91d90 --- /dev/null +++ b/docker/from_dist/README.md @@ -0,0 +1,47 @@ +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. + +## Mount Points +Three docker volumes have been created in the image to be used for configuration, persistent storage and logs. +``` +/mosquitto/config +/mosquitto/data +/mosquitto/log +``` + +## Configuration +When creating a container from the image, the default configuration values are used. +To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` +``` +docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +Configuration can be changed to: + +* persist data to `/mosquitto/data` +* log to `/mosquitto/log/mosquitto.log` + +i.e. add the following to `mosquitto.conf`: +``` +persistence true +persistence_location /mosquitto/data/ + +log_dest file /mosquitto/log/mosquitto.log +``` + +**Note**: For any volume used, the data will be persistent between containers. + +## Build +Build and tag the docker image for a specific version: +``` +docker build -t eclipse-mosquitto: --build-arg VERSION="" . +``` + +## Run +Run a container using the new image: +``` +docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf -v /mosquitto/data -v /mosquitto/log eclipse-mosquitto: +``` +:boom: if the mosquitto configuration (mosquitto.conf) was modified +to use non-default ports, the docker run command will need to be updated +to expose the ports that have been configured. diff --git a/docker/from_dist/docker-entrypoint.sh b/docker/from_dist/docker-entrypoint.sh new file mode 100755 index 0000000000..b381ac5775 --- /dev/null +++ b/docker/from_dist/docker-entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/ash +set -e + +exec "$@" From 7f1419e4de981f5cc38aa3a9684369b1de27ba46 Mon Sep 17 00:00:00 2001 From: majekw Date: Mon, 8 Oct 2018 00:16:38 +0200 Subject: [PATCH 09/58] Fix mosquitto_pub -l if compiled using cmake. Since dde005ef92190dffd1bab0ddbfcfd8c5dbe17bc8 mosquito_pub is throwing error that 'threading support has not been compiled' when compiled using cmake. It looks like WITH_THREADING flag is not set at top level Makefile and used only in lib/ directory, so library is correctly compiled with threading. But for client this flag is undefined, so it gives error on '-l' option. This commit moves part related to WITH_THREADING flag out of lib/CMakeLists.txt to top levele CMakeLists.txt, so it could be accessible to all subdirectories. Signed-off-by: Marek Wodzinski --- CMakeLists.txt | 24 ++++++++++++++++++++++++ ChangeLog.txt | 3 +++ client/CMakeLists.txt | 2 +- lib/CMakeLists.txt | 24 ------------------------ 4 files changed, 28 insertions(+), 25 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d9a86362bd..5e55f119cf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -73,6 +73,30 @@ endif (${WITH_SOCKS} STREQUAL ON) option(WITH_SRV "Include SRV lookup support?" OFF) +option(WITH_THREADING "Include client library threading support?" ON) +if (${WITH_THREADING} STREQUAL ON) + add_definitions("-DWITH_THREADING") + if (WIN32) + if (CMAKE_CL_64) + set (PTHREAD_LIBRARIES C:\\pthreads\\Pre-built.2\\lib\\x64\\pthreadVC2.lib) + else (CMAKE_CL_64) + set (PTHREAD_LIBRARIES C:\\pthreads\\Pre-built.2\\lib\\x86\\pthreadVC2.lib) + endif (CMAKE_CL_64) + set (PTHREAD_INCLUDE_DIR C:\\pthreads\\Pre-built.2\\include) + else (WIN32) + find_library(LIBPTHREAD pthread) + if (LIBPTHREAD) + set (PTHREAD_LIBRARIES pthread) + else (LIBPTHREAD) + set (PTHREAD_LIBRARIES "") + endif() + set (PTHREAD_INCLUDE_DIR "") + endif (WIN32) +else (${WITH_THREADING} STREQUAL ON) + set (PTHREAD_LIBRARIES "") + set (PTHREAD_INCLUDE_DIR "") +endif (${WITH_THREADING} STREQUAL ON) + option(DOCUMENTATION "Build documentation?" ON) # ======================================== diff --git a/ChangeLog.txt b/ChangeLog.txt index 50f02d9cda..bfb4a856b0 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -5,6 +5,9 @@ Library: - Fix memory leak that occurred if mosquitto_reconnect() was used when TLS errors were present. Closes #592. +Build: +- Fix clients not being compiled with threading support when using CMake. + Closes #983. 1.5.3 - 20180925 ================ diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index a6b2c01891..a34198d551 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -1,5 +1,5 @@ include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/lib - ${STDBOOL_H_PATH} ${STDINT_H_PATH}) + ${STDBOOL_H_PATH} ${STDINT_H_PATH} ${PTHREAD_INCLUDE_DIR}) link_directories(${mosquitto_BINARY_DIR}/lib) set(shared_src client_shared.c client_shared.h) diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index d537e776d7..c92571aa55 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -2,30 +2,6 @@ option(WITH_STATIC_LIBRARIES "Build static versions of the libmosquitto/pp libra option(WITH_PIC "Build the static library with PIC (Position Independent Code) enabled archives?" OFF) add_subdirectory(cpp) -option(WITH_THREADING "Include client library threading support?" ON) -if (${WITH_THREADING} STREQUAL ON) - add_definitions("-DWITH_THREADING") - if (WIN32) - if (CMAKE_CL_64) - set (PTHREAD_LIBRARIES C:\\pthreads\\Pre-built.2\\lib\\x64\\pthreadVC2.lib) - else (CMAKE_CL_64) - set (PTHREAD_LIBRARIES C:\\pthreads\\Pre-built.2\\lib\\x86\\pthreadVC2.lib) - endif (CMAKE_CL_64) - set (PTHREAD_INCLUDE_DIR C:\\pthreads\\Pre-built.2\\include) - else (WIN32) - find_library(LIBPTHREAD pthread) - if (LIBPTHREAD) - set (PTHREAD_LIBRARIES pthread) - else (LIBPTHREAD) - set (PTHREAD_LIBRARIES "") - endif() - set (PTHREAD_INCLUDE_DIR "") - endif (WIN32) -else (${WITH_THREADING} STREQUAL ON) - set (PTHREAD_LIBRARIES "") - set (PTHREAD_INCLUDE_DIR "") -endif (${WITH_THREADING} STREQUAL ON) - include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/lib ${STDBOOL_H_PATH} ${STDINT_H_PATH} ${OPENSSL_INCLUDE_DIR} ${PTHREAD_INCLUDE_DIR}) From d60b9d4e5d93f6b32a788db875b737de5bc56554 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 24 Oct 2018 12:30:16 +0100 Subject: [PATCH 10/58] Rewrite docker files for 1.5 support. Builds from source. Carries out security checks on downloads. --- docker/1.4.10/Dockerfile | 13 ---- docker/1.4.10/README.md | 49 ------------- docker/1.4.10/docker-entrypoint.sh | 5 -- docker/1.4.14/Dockerfile | 13 ---- docker/1.4.4/Dockerfile | 13 ---- docker/1.4.4/README.md | 49 ------------- docker/1.4.8/Dockerfile | 13 ---- docker/1.4.8/README.md | 49 ------------- docker/1.4.8/docker-entrypoint.sh | 5 -- docker/1.5/Dockerfile | 69 ++++++++++++++++++ docker/1.5/README.md | 40 +++++++++++ docker/{1.4.14 => 1.5}/docker-entrypoint.sh | 3 +- docker/README.md | 17 ++++- docker/generic/Dockerfile | 70 +++++++++++++++++++ docker/{1.4.14 => generic}/README.md | 28 ++++---- .../{1.4.4 => generic}/docker-entrypoint.sh | 3 +- 16 files changed, 210 insertions(+), 229 deletions(-) delete mode 100644 docker/1.4.10/Dockerfile delete mode 100644 docker/1.4.10/README.md delete mode 100755 docker/1.4.10/docker-entrypoint.sh delete mode 100644 docker/1.4.14/Dockerfile delete mode 100644 docker/1.4.4/Dockerfile delete mode 100644 docker/1.4.4/README.md delete mode 100644 docker/1.4.8/Dockerfile delete mode 100644 docker/1.4.8/README.md delete mode 100755 docker/1.4.8/docker-entrypoint.sh create mode 100644 docker/1.5/Dockerfile create mode 100644 docker/1.5/README.md rename docker/{1.4.14 => 1.5}/docker-entrypoint.sh (96%) create mode 100644 docker/generic/Dockerfile rename docker/{1.4.14 => generic}/README.md (51%) rename docker/{1.4.4 => generic}/docker-entrypoint.sh (96%) diff --git a/docker/1.4.10/Dockerfile b/docker/1.4.10/Dockerfile deleted file mode 100644 index 3101650b9f..0000000000 --- a/docker/1.4.10/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM alpine:3.5 -MAINTAINER David Audet - -LABEL Description="Eclipse Mosquitto MQTT Broker" - -RUN apk --no-cache add mosquitto=1.4.10-r2 && \ - mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ - cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \ - chown -R mosquitto:mosquitto /mosquitto - -COPY docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.4.10/README.md b/docker/1.4.10/README.md deleted file mode 100644 index 98bb150dfe..0000000000 --- a/docker/1.4.10/README.md +++ /dev/null @@ -1,49 +0,0 @@ -#Eclipse Mosquitto v1.4.10 Docker Image - -##Mount Points - -Three mount points have been created in the image to be used for configuration, persistent storage and logs. -``` -/mosquitto/config -/mosquitto/data -/mosquitto/log -``` - - -##Configuration - -When running the image, the default configuration values are used. -To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto:1.4.10 -``` - -Configuration can be changed to: - -* persist data to `/mosquitto/data` -* log to `/mosquitto/log/mosquitto.log` - -i.e. add the following to `mosquitto.conf`: -``` -persistence true -persistence_location /mosquitto/data/ - -log_dest file /mosquitto/log/mosquitto.log -``` - -**Note**: If a volume is used, the data will persist between containers. - -##Build -Build the image: -``` -docker build -t eclipse-mosquitto:1.4.10 . -``` - -##Run -Run a container using the new image: -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf -v /mosquitto/data -v /mosquitto/log eclipse-mosquitto:1.4.10 -``` -:boom: if the mosquitto configuration (mosquitto.conf) was modified -to use non-default ports, the docker run command will need to be updated -to expose the ports that have been configured. diff --git a/docker/1.4.10/docker-entrypoint.sh b/docker/1.4.10/docker-entrypoint.sh deleted file mode 100755 index 1a9fc8d05f..0000000000 --- a/docker/1.4.10/docker-entrypoint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/ash - -set -e -exec "$@" - diff --git a/docker/1.4.14/Dockerfile b/docker/1.4.14/Dockerfile deleted file mode 100644 index 359cde1b48..0000000000 --- a/docker/1.4.14/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM alpine:edge -MAINTAINER David Audet - -LABEL Description="Eclipse Mosquitto MQTT Broker" - -RUN apk --no-cache add mosquitto=1.4.14-r0 && \ - mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ - cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \ - chown -R mosquitto:mosquitto /mosquitto - -COPY docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.4.4/Dockerfile b/docker/1.4.4/Dockerfile deleted file mode 100644 index bd757e3b4a..0000000000 --- a/docker/1.4.4/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM alpine:3.3 -MAINTAINER David Audet - -LABEL Description="Eclipse Mosquitto MQTT Broker" - -RUN apk --no-cache add mosquitto=1.4.4-r0 && \ - mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ - cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \ - chown -R mosquitto:mosquitto /mosquitto - -COPY docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.4.4/README.md b/docker/1.4.4/README.md deleted file mode 100644 index 4f01fee9ed..0000000000 --- a/docker/1.4.4/README.md +++ /dev/null @@ -1,49 +0,0 @@ -#Eclipse Mosquitto v1.4.4 Docker Image - -##Mount Points - -Three mount points have been created in the image to be used for configuration, persistent storage and logs. -``` -/mosquitto/config -/mosquitto/data -/mosquitto/log -``` - - -##Configuration - -When running the image, the default configuration values are used. -To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto:1.4.4 -``` - -Configuration can be changed to: - -* persist data to `/mosquitto/data` -* log to `/mosquitto/log/mosquitto.log` - -i.e. add the following to `mosquitto.conf`: -``` -persistence true -persistence_location /mosquitto/data/ - -log_dest file /mosquitto/log/mosquitto.log -``` - -**Note**: If a volume is used, the data will persist between containers. - -##Build -Build the image: -``` -docker build -t eclipse-mosquitto:1.4.4 . -``` - -##Run -Run a container using the new image: -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf -v /mosquitto/data -v /mosquitto/log eclipse-mosquitto:1.4.4 -``` -:boom: if the mosquitto configuration (mosquitto.conf) was modified -to use non-default ports, the docker run command will need to be updated -to expose the ports that have been configured. \ No newline at end of file diff --git a/docker/1.4.8/Dockerfile b/docker/1.4.8/Dockerfile deleted file mode 100644 index a9027a7895..0000000000 --- a/docker/1.4.8/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM alpine:3.4 -MAINTAINER David Audet - -LABEL Description="Eclipse Mosquitto MQTT Broker" - -RUN apk --no-cache add mosquitto=1.4.8-r2 && \ - mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ - cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \ - chown -R mosquitto:mosquitto /mosquitto - -COPY docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.4.8/README.md b/docker/1.4.8/README.md deleted file mode 100644 index d78f517fb2..0000000000 --- a/docker/1.4.8/README.md +++ /dev/null @@ -1,49 +0,0 @@ -#Eclipse Mosquitto v1.4.8 Docker Image - -##Mount Points - -Three mount points have been created in the image to be used for configuration, persistent storage and logs. -``` -/mosquitto/config -/mosquitto/data -/mosquitto/log -``` - - -##Configuration - -When running the image, the default configuration values are used. -To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto:1.4.8 -``` - -Configuration can be changed to: - -* persist data to `/mosquitto/data` -* log to `/mosquitto/log/mosquitto.log` - -i.e. add the following to `mosquitto.conf`: -``` -persistence true -persistence_location /mosquitto/data/ - -log_dest file /mosquitto/log/mosquitto.log -``` - -**Note**: If a volume is used, the data will persist between containers. - -##Build -Build the image: -``` -docker build -t eclipse-mosquitto:1.4.8 . -``` - -##Run -Run a container using the new image: -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf -v /mosquitto/data -v /mosquitto/log eclipse-mosquitto:1.4.8 -``` -:boom: if the mosquitto configuration (mosquitto.conf) was modified -to use non-default ports, the docker run command will need to be updated -to expose the ports that have been configured. diff --git a/docker/1.4.8/docker-entrypoint.sh b/docker/1.4.8/docker-entrypoint.sh deleted file mode 100755 index 1a9fc8d05f..0000000000 --- a/docker/1.4.8/docker-entrypoint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/ash - -set -e -exec "$@" - diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile new file mode 100644 index 0000000000..510683095c --- /dev/null +++ b/docker/1.5/Dockerfile @@ -0,0 +1,69 @@ +FROM alpine:3.8 + +LABEL maintainer="Roger Light " \ + description="Eclipse Mosquitto MQTT Broker" + +ENV VERSION=1.5.3 \ + DOWNLOAD_SHA256=3081a998d303a883b1cd064009beabc88aa9159e26f5258a4ae6007160491d10 \ + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 + +RUN set -x && \ + apk --no-cache add --virtual build-deps \ + build-base \ + curl \ + gnupg \ + libressl-dev \ + libwebsockets-dev \ + util-linux-dev && \ + curl -fSL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -o /tmp/mosq.tar.gz && \ + echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ + curl -fSL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -o /tmp/mosq.tar.gz.asc && \ + export GNUPGHOME="$(mktemp -d)" && \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ + gpgconf --kill all && \ + rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ + mkdir -p /build && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build && \ + rm /tmp/mosq.tar.gz && \ + make -C /build -j "$(nproc)" \ + WITH_ADNS=no \ + WITH_DOCS=no \ + WITH_MEMORY_TRACKING=no \ + WITH_SHARED_LIBRARIES=no \ + WITH_SRV=no \ + WITH_STRIP=yes \ + WITH_TLS_PSK=no \ + WITH_WEBSOCKETS=yes \ + prefix=/usr \ + binary && \ + addgroup -S mosquitto 2>/dev/null && \ + adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + install -d /usr/sbin/ && \ + install -s -m755 /build/src/mosquitto /usr/sbin/mosquitto && \ + install -m644 /build/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + sed -i -e 's/#log_dest stderr/log_dest syslog/' /mosquitto/config/mosquitto.conf && \ + chown -R mosquitto:mosquitto /mosquitto && \ + apk del build-deps && \ + apk --no-cache add \ + libuuid \ + libwebsockets && \ + rm -rf /build /etc/apk /lib/apk + +VOLUME ["/mosquitto/config", "/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.5/README.md b/docker/1.5/README.md new file mode 100644 index 0000000000..1cbb4a7378 --- /dev/null +++ b/docker/1.5/README.md @@ -0,0 +1,40 @@ +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. + +## Mount Points +Three docker volumes have been created in the image to be used for configuration, persistent storage and logs. +``` +/mosquitto/config +/mosquitto/data +/mosquitto/log +``` + +## Configuration +When creating a container from the image, the default configuration values are used. +To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` +``` +docker run -it -p 1883:1883 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +:boom: if the mosquitto configuration (mosquitto.conf) was modified +to use non-default ports, the docker run command will need to be updated +to expose the ports that have been configured, for example: + +``` +docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +Configuration can be changed to: + +* persist data to `/mosquitto/data` +* log to `/mosquitto/log/mosquitto.log` + +i.e. add the following to `mosquitto.conf`: +``` +persistence true +persistence_location /mosquitto/data/ + +log_dest file /mosquitto/log/mosquitto.log +``` + +**Note**: For any volume used, the data will be persistent between containers. diff --git a/docker/1.4.14/docker-entrypoint.sh b/docker/1.5/docker-entrypoint.sh similarity index 96% rename from docker/1.4.14/docker-entrypoint.sh rename to docker/1.5/docker-entrypoint.sh index 1a9fc8d05f..b381ac5775 100755 --- a/docker/1.4.14/docker-entrypoint.sh +++ b/docker/1.5/docker-entrypoint.sh @@ -1,5 +1,4 @@ #!/bin/ash - set -e -exec "$@" +exec "$@" diff --git a/docker/README.md b/docker/README.md index 6fe5506c99..6b8e3501f3 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,4 +1,19 @@ # Docker Images -This directory contains the required files to build Mosquitto Docker images. +This directory contains Docker files for Mosquitto. + +The `1.4` and `1.5` directories contain the latest version of Mosquitto for +those releases, and provide the basis of the official images. + +`1.4.12` is the version using Alpine packaged Mosquitto, which will be removed +at the next minor release. + +The `generic` directory contains a generic Dockerfile that can be used to build +arbitrary versions of Mosquitto based on the released tarballs as follows: + +``` +cd generic +docker build -t eclipse-mosquitto:1.5.1 --build-arg VERSION="1.5.1" . +docker run --rm -it eclipse-mosquitto:1.5.1 +``` diff --git a/docker/generic/Dockerfile b/docker/generic/Dockerfile new file mode 100644 index 0000000000..51c1d18154 --- /dev/null +++ b/docker/generic/Dockerfile @@ -0,0 +1,70 @@ +FROM alpine:latest AS build + +# A released dist version, like "1.2.3" +ARG VERSION +RUN test -n "${VERSION}" + +RUN apk --no-cache add \ + build-base \ + libressl-dev \ + c-ares-dev \ + curl \ + util-linux-dev \ + libwebsockets-dev \ + libxslt \ + python2 + +# This build procedure is based on: +# https://github.com/alpinelinux/aports/blob/master/main/mosquitto/APKBUILD +# +# If this step fails, double check the version build-arg and make sure its +# a valid published tarball at https://mosquitto.org/files/source/ +RUN mkdir -p /build /install && \ + curl -SL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz \ + | tar --strip=1 -xzC /build && \ + make -C /build \ + WITH_MEMORY_TRACKING=no \ + WITH_WEBSOCKETS=yes \ + WITH_SRV=yes \ + WITH_TLS_PSK=no \ + WITH_ADNS=no \ + prefix=/usr \ + binary && \ + make -C /build \ + prefix=/usr \ + DESTDIR="/install" \ + install && \ + mv /install/etc/mosquitto/mosquitto.conf.example /install/etc/mosquitto/mosquitto.conf && \ + sed -i -e 's/#log_dest stderr/log_dest syslog/' /install/etc/mosquitto/mosquitto.conf + + +# Single-layer image for the mosquitto distribution +FROM alpine:latest +LABEL maintainer="Jonathan Hanson " \ + description="Eclipse Mosquitto MQTT Broker" + +# Install the run-time dependencies +RUN apk --no-cache add \ + busybox \ + libcrypto1.0 \ + libssl1.0 \ + libuuid \ + libwebsockets \ + musl + +# Copy over the built install from the earlier image layer +COPY --from=build /install / + +# Set up the mosquitto directories and the mosquitto user +RUN addgroup -S mosquitto 2>/dev/null && \ + adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \ + chown -R mosquitto:mosquitto /mosquitto + +VOLUME ["/mosquitto/config", "/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.4.14/README.md b/docker/generic/README.md similarity index 51% rename from docker/1.4.14/README.md rename to docker/generic/README.md index 206f8d3139..421cb91d90 100644 --- a/docker/1.4.14/README.md +++ b/docker/generic/README.md @@ -1,21 +1,19 @@ -#Eclipse Mosquitto v1.4.14 Docker Image +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. -##Mount Points - -Three mount points have been created in the image to be used for configuration, persistent storage and logs. +## Mount Points +Three docker volumes have been created in the image to be used for configuration, persistent storage and logs. ``` /mosquitto/config /mosquitto/data /mosquitto/log ``` - -##Configuration - -When running the image, the default configuration values are used. +## Configuration +When creating a container from the image, the default configuration values are used. To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` ``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto:1.4.14 +docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: ``` Configuration can be changed to: @@ -31,18 +29,18 @@ persistence_location /mosquitto/data/ log_dest file /mosquitto/log/mosquitto.log ``` -**Note**: If a volume is used, the data will persist between containers. +**Note**: For any volume used, the data will be persistent between containers. -##Build -Build the image: +## Build +Build and tag the docker image for a specific version: ``` -docker build -t eclipse-mosquitto:1.4.14 . +docker build -t eclipse-mosquitto: --build-arg VERSION="" . ``` -##Run +## Run Run a container using the new image: ``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf -v /mosquitto/data -v /mosquitto/log eclipse-mosquitto:1.4.14 +docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf -v /mosquitto/data -v /mosquitto/log eclipse-mosquitto: ``` :boom: if the mosquitto configuration (mosquitto.conf) was modified to use non-default ports, the docker run command will need to be updated diff --git a/docker/1.4.4/docker-entrypoint.sh b/docker/generic/docker-entrypoint.sh similarity index 96% rename from docker/1.4.4/docker-entrypoint.sh rename to docker/generic/docker-entrypoint.sh index 1a9fc8d05f..b381ac5775 100755 --- a/docker/1.4.4/docker-entrypoint.sh +++ b/docker/generic/docker-entrypoint.sh @@ -1,5 +1,4 @@ #!/bin/ash - set -e -exec "$@" +exec "$@" From 064d94581c6eb59213b837b64bc4d0e45fa2164d Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Fri, 26 Oct 2018 07:31:22 +0100 Subject: [PATCH 11/58] Remove renamed files, fix readme. --- docker/README.md | 4 +- docker/from_dist/Dockerfile | 70 --------------------------- docker/from_dist/README.md | 47 ------------------ docker/from_dist/docker-entrypoint.sh | 4 -- 4 files changed, 2 insertions(+), 123 deletions(-) delete mode 100644 docker/from_dist/Dockerfile delete mode 100644 docker/from_dist/README.md delete mode 100755 docker/from_dist/docker-entrypoint.sh diff --git a/docker/README.md b/docker/README.md index 6b8e3501f3..06db82b1f1 100644 --- a/docker/README.md +++ b/docker/README.md @@ -2,8 +2,8 @@ This directory contains Docker files for Mosquitto. -The `1.4` and `1.5` directories contain the latest version of Mosquitto for -those releases, and provide the basis of the official images. +The `1.5` directory contains the latest version of Mosquitto for +that series, and provide the basis of the official image. `1.4.12` is the version using Alpine packaged Mosquitto, which will be removed at the next minor release. diff --git a/docker/from_dist/Dockerfile b/docker/from_dist/Dockerfile deleted file mode 100644 index 3b36963deb..0000000000 --- a/docker/from_dist/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM alpine:latest AS build - -# A released dist version, like "1.2.3" -ARG VERSION -RUN test -n "${VERSION}" - -RUN apk --no-cache add \ - build-base \ - libressl-dev \ - c-ares-dev \ - curl \ - util-linux-dev \ - libwebsockets-dev \ - libxslt \ - python2 - -# This build procedure is based on: -# https://github.com/alpinelinux/aports/blob/master/main/mosquitto/APKBUILD -# -# If this step fails, double check the version build-arg and make sure its -# a valid published tarball at https://mosquitto.org/files/source/ -RUN mkdir -p /build /install && \ - curl -SL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz \ - | tar --strip=1 -xzC /build && \ - make -C /build \ - WITH_MEMORY_TRACKING=no \ - WITH_WEBSOCKETS=yes \ - WITH_SRV=yes \ - WITH_TLS_PSK=no \ - WITH_ADNS=no \ - prefix=/usr \ - binary && \ - make -C /build \ - prefix=/usr \ - DESTDIR="/install" \ - install && \ - mv /install/etc/mosquitto/mosquitto.conf.example /install/etc/mosquitto/mosquitto.conf && \ - sed -i -e 's/#log_dest stderr/log_dest syslog/' /install/etc/mosquitto/mosquitto.conf - - -# Single-layer image for the mosquitto distribution -FROM alpine:latest -LABEL maintainer="Jonathan Hanson " -LABEL description="Eclipse Mosquitto MQTT Broker" - -# Install the run-time dependencies -RUN apk --no-cache add \ - busybox \ - libcrypto1.0 \ - libssl1.0 \ - libuuid \ - libwebsockets \ - musl - -# Copy over the built install from the earlier image layer -COPY --from=build /install / - -# Set up the mosquitto directories and the mosquitto user -RUN addgroup -S mosquitto 2>/dev/null && \ - adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ - mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ - cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \ - chown -R mosquitto:mosquitto /mosquitto - -VOLUME ["/mosquitto/config", "/mosquitto/data", "/mosquitto/log"] - -# Set up the entry point script and default command -COPY docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/from_dist/README.md b/docker/from_dist/README.md deleted file mode 100644 index 421cb91d90..0000000000 --- a/docker/from_dist/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# Eclipse Mosquitto Docker Image -Containers built with this Dockerfile build as source from published tarballs. - -## Mount Points -Three docker volumes have been created in the image to be used for configuration, persistent storage and logs. -``` -/mosquitto/config -/mosquitto/data -/mosquitto/log -``` - -## Configuration -When creating a container from the image, the default configuration values are used. -To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: -``` - -Configuration can be changed to: - -* persist data to `/mosquitto/data` -* log to `/mosquitto/log/mosquitto.log` - -i.e. add the following to `mosquitto.conf`: -``` -persistence true -persistence_location /mosquitto/data/ - -log_dest file /mosquitto/log/mosquitto.log -``` - -**Note**: For any volume used, the data will be persistent between containers. - -## Build -Build and tag the docker image for a specific version: -``` -docker build -t eclipse-mosquitto: --build-arg VERSION="" . -``` - -## Run -Run a container using the new image: -``` -docker run -it -p 1883:1883 -p 9001:9001 -v :/mosquitto/config/mosquitto.conf -v /mosquitto/data -v /mosquitto/log eclipse-mosquitto: -``` -:boom: if the mosquitto configuration (mosquitto.conf) was modified -to use non-default ports, the docker run command will need to be updated -to expose the ports that have been configured. diff --git a/docker/from_dist/docker-entrypoint.sh b/docker/from_dist/docker-entrypoint.sh deleted file mode 100755 index b381ac5775..0000000000 --- a/docker/from_dist/docker-entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/ash -set -e - -exec "$@" From 26e57661826f7dd3d965a5f8fea928d785a68b5b Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Fri, 26 Oct 2018 07:31:44 +0100 Subject: [PATCH 12/58] Docker volume/mount point fixes per review. https://github.com/docker-library/official-images/pull/4987#issuecomment-433185843 --- docker/1.5/Dockerfile | 2 +- docker/1.5/README.md | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 510683095c..6efa55624c 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -61,7 +61,7 @@ RUN set -x && \ libwebsockets && \ rm -rf /build /etc/apk /lib/apk -VOLUME ["/mosquitto/config", "/mosquitto/data", "/mosquitto/log"] +VOLUME ["/mosquitto/data", "/mosquitto/log"] # Set up the entry point script and default command COPY docker-entrypoint.sh / diff --git a/docker/1.5/README.md b/docker/1.5/README.md index 1cbb4a7378..6a8c17949c 100644 --- a/docker/1.5/README.md +++ b/docker/1.5/README.md @@ -2,9 +2,13 @@ Containers built with this Dockerfile build as source from published tarballs. ## Mount Points -Three docker volumes have been created in the image to be used for configuration, persistent storage and logs. +A docker mount point has been created in the image to be used for configuration. ``` /mosquitto/config +``` + +Two docker volumes have been created in the image to be used for persistent storage and logs. +``` /mosquitto/data /mosquitto/log ``` From 1853bfc678c255367e7c2c2f138da7bf47054117 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sat, 27 Oct 2018 08:14:57 +0100 Subject: [PATCH 13/58] Docker fixes as per review. https://github.com/docker-library/official-images/pull/4987#issuecomment-433570818 Revert to stderr logging. Use wget instead of curl. Don't redownload libuuid or libwebsockets. --- docker/1.5/Dockerfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 6efa55624c..ef5418ca3c 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -10,14 +10,13 @@ ENV VERSION=1.5.3 \ RUN set -x && \ apk --no-cache add --virtual build-deps \ build-base \ - curl \ gnupg \ libressl-dev \ libwebsockets-dev \ util-linux-dev && \ - curl -fSL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -o /tmp/mosq.tar.gz && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ - curl -fSL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -o /tmp/mosq.tar.gz.asc && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ @@ -53,12 +52,11 @@ RUN set -x && \ install -d /usr/sbin/ && \ install -s -m755 /build/src/mosquitto /usr/sbin/mosquitto && \ install -m644 /build/mosquitto.conf /mosquitto/config/mosquitto.conf && \ - sed -i -e 's/#log_dest stderr/log_dest syslog/' /mosquitto/config/mosquitto.conf && \ chown -R mosquitto:mosquitto /mosquitto && \ - apk del build-deps && \ apk --no-cache add \ libuuid \ libwebsockets && \ + apk del build-deps && \ rm -rf /build /etc/apk /lib/apk VOLUME ["/mosquitto/data", "/mosquitto/log"] From d5aaeee1fb048ce97311064f7f12daaea3a2f847 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Mon, 29 Oct 2018 16:27:04 +0000 Subject: [PATCH 14/58] Use https for all downloads. --- www/pages/download.md | 42 +++++++++++++++++++++--------------------- www/pages/index.html | 8 ++++---- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/www/pages/download.md b/www/pages/download.md index 51c1b90c42..9249f84bed 100644 --- a/www/pages/download.md +++ b/www/pages/download.md @@ -11,11 +11,11 @@ # Source -* [mosquitto-1.5.3.tar.gz](http://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz) (319kB) ([GPG signature](http://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz.asc)) -* [mosquitto-1.5.3.tar.gz](http://www.eclipse.org/downloads/download.php?file=/mosquitto/source/mosquitto-1.5.3.tar.gz) (via Eclipse) +* [mosquitto-1.5.3.tar.gz](https://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz.asc)) +* [mosquitto-1.5.3.tar.gz](https://www.eclipse.org/downloads/download.php?file=/mosquitto/source/mosquitto-1.5.3.tar.gz) (via Eclipse) * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com) -Older downloads are available at [http://mosquitto.org/files/](../files/) +Older downloads are available at [https://mosquitto.org/files/](../files/) # Binary Installation @@ -25,14 +25,14 @@ distributions. ## Windows -* [mosquitto-1.5.3-install-windows-x64.exe](http://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win64/mosquitto-1.5.3-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017) -* [mosquitto-1.5.3-install-windows-x32.exe](http://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win32/mosquitto-1.5.3-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017) +* [mosquitto-1.5.3-install-windows-x64.exe](https://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win64/mosquitto-1.5.3-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017) +* [mosquitto-1.5.3-install-windows-x32.exe](https://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win32/mosquitto-1.5.3-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017) See also readme-windows.txt after installing. ## Mac Mosquitto can be installed from the homebrew project. See -[brew.sh](http://brew.sh/) and then use `brew install mosquitto` +[brew.sh](https://brew.sh/) and then use `brew install mosquitto` ## Linux distributions with snap support @@ -42,14 +42,14 @@ Mosquitto can be installed from the homebrew project. See Download the repository config file for your CentOS version from below and copy it to /etc/yum.repos.d/ You'll now be able to install and keep mosquitto up to date using the normal package management tools. The available packages are: mosquitto, mosquitto-clients, libmosquitto1, libmosquitto-devel, libmosquittopp1, libmosquittopp-devel, python-mosquitto. -* [CentOS 7](http://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-7/home:oojah:mqtt.repo) -* [CentOS 6](http://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-6/home:oojah:mqtt.repo) +* [CentOS 7](https://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-7/home:oojah:mqtt.repo) +* [CentOS 6](https://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-6/home:oojah:mqtt.repo) ## Debian * Mosquitto is now in Debian proper. There will be a short delay between a new release and it appearing in Debian as part of the normal Debian procedures. * There are also Debian repositories provided by the mosquitto project, as - described at + described at ## openSUSE Download the repository config file for your openSUSE version from below and @@ -58,14 +58,14 @@ up to date using the normal package management tools. The available packages are: mosquitto, mosquitto-clients, libmosquitto1, libmosquitto-devel, libmosquittopp1, libmosquittopp-devel, python-mosquitto. -* [openSUSE 13.2]http://download.opensuse.org/repositories/home:/oojah:/mqtt/openSUSE_13.2/home:oojah:mqtt.repo) -* [openSUSE 13.1]http://download.opensuse.org/repositories/home:/oojah:/mqtt/openSUSE_13.1/home:oojah:mqtt.repo) +* [openSUSE 13.2](https://download.opensuse.org/repositories/home:/oojah:/mqtt/openSUSE_13.2/home:oojah:mqtt.repo) +* [openSUSE 13.1](https://download.opensuse.org/repositories/home:/oojah:/mqtt/openSUSE_13.1/home:oojah:mqtt.repo) ## Raspberry Pi Mosquitto is available through the main repository. There are also Debian repositories provided by the mosquitto project, as -described at +described at ## Redhat Enterprise Linux Download the repository config file for your RHEL version from below and copy @@ -73,23 +73,23 @@ it to /etc/yum.repos.d/ You'll now be able to install and keep mosquitto up to date using the normal package management tools. The available packages are: mosquitto, mosquitto-clients, libmosquitto1, libmosquitto-devel, libmosquittopp1, libmosquittopp-devel, python-mosquitto. -* [RHEL 7](http://download.opensuse.org/repositories/home:/oojah:/mqtt/RedHat_RHEL-7/home:oojah:mqtt.repo) -* [RHEL 6](http://download.opensuse.org/repositories/home:/oojah:/mqtt/RedHat_RHEL-6/home:oojah:mqtt.repo) +* [RHEL 7](https://download.opensuse.org/repositories/home:/oojah:/mqtt/RedHat_RHEL-7/home:oojah:mqtt.repo) +* [RHEL 6](https://download.opensuse.org/repositories/home:/oojah:/mqtt/RedHat_RHEL-6/home:oojah:mqtt.repo) ## SUSE Linux Enterprise Server Add the appropriate repository to your package config from the list below, then install mosquitto from your normal package management tools. -* [SLE 15](http://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_15/) -* [SLE 12 SP3](http://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP3/) -* [SLE 12 SP2](http://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP2/) -* [SLE 12 SP1](http://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP1/) -* [SLE 12](http://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_123/) +* [SLE 15](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_15/) +* [SLE 12 SP3](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP3/) +* [SLE 12 SP2](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP2/) +* [SLE 12 SP1](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP1/) +* [SLE 12](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_123/) ## Ubuntu Mosquitto is available in the Ubuntu repositories so you can install as with any other package. If you are on an earlier version of Ubuntu or want a more recent version of mosquitto, add the [mosquitto-dev -PPA](http://launchpad.net/%7Emosquitto-dev/+archive/mosquitto-ppa/) to your +PPA](https://launchpad.net/%7Emosquitto-dev/+archive/mosquitto-ppa/) to your repositories list - see the link for details. mosquitto can then be installed from your package manager. @@ -106,7 +106,7 @@ Mosquitto is now available from Fedora directly. Use `yum install mosquitto`, or search for "mosquitto" to find the related packages. ## FreeBSD -Mosquitto is available for FreeBSD: http://www.freshports.org/net/mosquitto/ +Mosquitto is available for FreeBSD: https://www.freshports.org/net/mosquitto/ ## Gentoo Use `emerge mosquitto` diff --git a/www/pages/index.html b/www/pages/index.html index d31fb9a29f..e269d72c67 100644 --- a/www/pages/index.html +++ b/www/pages/index.html @@ -26,9 +26,9 @@ implementing MQTT clients, and the very popular mosquitto_pub and mosquitto_sub command line MQTT clients.

-

Mosquitto is part of the Eclipse +

Mosquitto is part of the Eclipse Foundation and is an iot.eclipse.org project.

+ href="https://iot.eclipse.org/">iot.eclipse.org project.

@@ -52,10 +52,10 @@

Test

You can have your own instance of Mosquitto running in minutes, but to make testing even easier, the Mosquitto Project runs a test server at test.mosquitto.org where + href="https://test.mosquitto.org/">test.mosquitto.org where you can test your clients in a variety of ways: plain MQTT, MQTT over TLS, MQTT over TLS (with client certificate, + href="https://test.mosquitto.org/ssl/">client certificate, MQTT over WebSockets and MQTT over WebSockets with TLS.

platforms.

From da2879c33b6baf00b8b50a38da8d7f176cd85afa Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sat, 3 Nov 2018 08:45:27 +0000 Subject: [PATCH 15/58] Docker fixes. - Don't remove apk database, closes #1011. - Install mosquitto_passwd, closes #1009. --- docker/1.5/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index ef5418ca3c..83c76d9f82 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -51,13 +51,14 @@ RUN set -x && \ mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ install -d /usr/sbin/ && \ install -s -m755 /build/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/src/mosquitto_passwd /usr/bin/mosquitto_passwd && \ install -m644 /build/mosquitto.conf /mosquitto/config/mosquitto.conf && \ chown -R mosquitto:mosquitto /mosquitto && \ apk --no-cache add \ libuuid \ libwebsockets && \ apk del build-deps && \ - rm -rf /build /etc/apk /lib/apk + rm -rf /build VOLUME ["/mosquitto/data", "/mosquitto/log"] From 93f9e965a8404b1ccdecf673e360d904a2c40dcd Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 6 Nov 2018 22:59:57 +0000 Subject: [PATCH 16/58] Only remove context from hash if there is a client id. This should never happen, but just in case. --- src/loop.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/loop.c b/src/loop.c index 9714720976..002fb24ff3 100644 --- a/src/loop.c +++ b/src/loop.c @@ -638,9 +638,11 @@ void do_disconnect(struct mosquitto_db *db, struct mosquitto *context) context->sock = INVALID_SOCKET; context->pollfd_index = -1; } - HASH_DELETE(hh_id, db->contexts_by_id, context); - context->old_id = context->id; - context->id = NULL; + if(context->id){ + HASH_DELETE(hh_id, db->contexts_by_id, context); + context->old_id = context->id; + context->id = NULL; + } }else #endif { From c26892244c3d77a45347d3865b977d89aa6d22a2 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 4 Nov 2018 07:33:09 +0000 Subject: [PATCH 17/58] Test x509 generation script requires no interaction now. --- test/ssl/gen.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/test/ssl/gen.sh b/test/ssl/gen.sh index 7a49631caa..a52159c1e4 100755 --- a/test/ssl/gen.sh +++ b/test/ssl/gen.sh @@ -31,42 +31,42 @@ openssl req -new -x509 -days 3650 -key test-fake-root-ca.key -out test-fake-root # An intermediate CA, signed by the root CA, used to sign server/client csrs. openssl genrsa -out test-signing-ca.key 1024 openssl req -out test-signing-ca.csr -key test-signing-ca.key -new -config openssl.cnf -subj "${BASESUBJ}/CN=Signing CA/" -openssl ca -config openssl.cnf -name CA_root -extensions v3_ca -out test-signing-ca.crt -infiles test-signing-ca.csr +openssl ca -batch -config openssl.cnf -name CA_root -extensions v3_ca -out test-signing-ca.crt -infiles test-signing-ca.csr # An alternative intermediate CA, signed by the root CA, not used to sign anything. openssl genrsa -out test-alt-ca.key 1024 openssl req -out test-alt-ca.csr -key test-alt-ca.key -new -config openssl.cnf -subj "${BASESUBJ}/CN=Alternative Signing CA/" -openssl ca -config openssl.cnf -name CA_root -extensions v3_ca -out test-alt-ca.crt -infiles test-alt-ca.csr +openssl ca -batch -config openssl.cnf -name CA_root -extensions v3_ca -out test-alt-ca.crt -infiles test-alt-ca.csr # Valid server key and certificate. openssl genrsa -out server.key 1024 openssl req -new -key server.key -out server.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=localhost/" -openssl ca -config openssl.cnf -name CA_signing -out server.crt -infiles server.csr +openssl ca -batch -config openssl.cnf -name CA_signing -out server.crt -infiles server.csr # Expired server certificate, based on the above server key. openssl req -new -days 1 -key server.key -out server-expired.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=localhost/" -openssl ca -config openssl.cnf -name CA_signing -days 1 -startdate 120820000000Z -enddate 120821000000Z -out server-expired.crt -infiles server-expired.csr +openssl ca -batch -config openssl.cnf -name CA_signing -days 1 -startdate 120820000000Z -enddate 120821000000Z -out server-expired.crt -infiles server-expired.csr # Valid client key and certificate. openssl genrsa -out client.key 1024 openssl req -new -key client.key -out client.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client/" -openssl ca -config openssl.cnf -name CA_signing -out client.crt -infiles client.csr +openssl ca -batch -config openssl.cnf -name CA_signing -out client.crt -infiles client.csr # Expired client certificate, based on the above client key. openssl req -new -days 1 -key client.key -out client-expired.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client expired/" -openssl ca -config openssl.cnf -name CA_signing -days 1 -startdate 120820000000Z -enddate 120821000000Z -out client-expired.crt -infiles client-expired.csr +openssl ca -batch -config openssl.cnf -name CA_signing -days 1 -startdate 120820000000Z -enddate 120821000000Z -out client-expired.crt -infiles client-expired.csr # Revoked client certificate, based on a new client key. openssl genrsa -out client-revoked.key 1024 openssl req -new -days 1 -key client-revoked.key -out client-revoked.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client revoked/" -openssl ca -config openssl.cnf -name CA_signing -out client-revoked.crt -infiles client-revoked.csr -openssl ca -config openssl.cnf -name CA_signing -revoke client-revoked.crt -openssl ca -config openssl.cnf -name CA_signing -gencrl -out crl.pem +openssl ca -batch -config openssl.cnf -name CA_signing -out client-revoked.crt -infiles client-revoked.csr +openssl ca -batch -config openssl.cnf -name CA_signing -revoke client-revoked.crt +openssl ca -batch -config openssl.cnf -name CA_signing -gencrl -out crl.pem # Valid client key and certificate, encrypted (use "password" as password) -openssl genrsa -des3 -out client-encrypted.key 1024 -openssl req -new -key client-encrypted.key -out client-encrypted.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client encrypted/" -openssl ca -config openssl.cnf -name CA_signing -out client-encrypted.crt -infiles client-encrypted.csr +openssl genrsa -des3 -out client-encrypted.key -passout pass:password 1024 +openssl req -new -key client-encrypted.key -out client-encrypted.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client encrypted/" -passin pass:password +openssl ca -batch -config openssl.cnf -name CA_signing -out client-encrypted.crt -infiles client-encrypted.csr cat test-signing-ca.crt test-root-ca.crt > all-ca.crt #mkdir certs From eff8fab1b4175c9fbd75ebbcee020d9de66f91d7 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 4 Nov 2018 22:26:59 +0000 Subject: [PATCH 18/58] Only process network errors for clients that have nothing to read. Closes #7. --- ChangeLog.txt | 6 ++++++ src/loop.c | 11 ++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index bfb4a856b0..1dfe7edf9d 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,12 @@ 1.5.4 - 201810xx ================ +Broker: +- Process all pending messages even when a client has disconnected. This means + a client that send a PUBLISH then DISCONNECT quickly, then disconnects will + have its DISCONNECT message processed properly and so no Will will be sent. + Closes #7. + Library: - Fix memory leak that occurred if mosquitto_reconnect() was used when TLS errors were present. Closes #592. diff --git a/src/loop.c b/src/loop.c index 002fb24ff3..c0de5433f0 100644 --- a/src/loop.c +++ b/src/loop.c @@ -813,14 +813,15 @@ static void loop_handle_reads_writes(struct mosquitto_db *db, struct pollfd *pol continue; } }while(SSL_DATA_PENDING(context)); - } + }else{ #ifdef WITH_EPOLL - if(events & (EPOLLERR | EPOLLHUP)){ + if(events & (EPOLLERR | EPOLLHUP)){ #else - if(context->pollfd_index >= 0 && pollfds[context->pollfd_index].revents & (POLLERR | POLLNVAL | POLLHUP)){ + if(context->pollfd_index >= 0 && pollfds[context->pollfd_index].revents & (POLLERR | POLLNVAL | POLLHUP)){ #endif - do_disconnect(db, context); - continue; + do_disconnect(db, context); + continue; + } } } } From e86b27a2da04a2fd7a800258789c2ab8b9e69139 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20Tacza=C5=82a?= Date: Tue, 2 Oct 2018 13:06:36 +0200 Subject: [PATCH 19/58] Adding support for QNX7.0.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Id01e2880aa5cadc0e93a46b95fe675e1938051fa Signed-off-by: Bartosz Taczała --- client/CMakeLists.txt | 6 ++++++ lib/socks_mosq.c | 3 +++ src/CMakeLists.txt | 17 +++++++++-------- src/conf_includedir.c | 2 +- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index a34198d551..660bf1ac6a 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -11,8 +11,14 @@ endif (${WITH_SRV} STREQUAL ON) add_executable(mosquitto_pub pub_client.c ${shared_src}) add_executable(mosquitto_sub sub_client.c sub_client_output.c ${shared_src}) + target_link_libraries(mosquitto_pub libmosquitto) target_link_libraries(mosquitto_sub libmosquitto) +if (QNX) + target_link_libraries(mosquitto_pub socket) + target_link_libraries(mosquitto_sub socket) +endif() + install(TARGETS mosquitto_pub RUNTIME DESTINATION "${BINDIR}" LIBRARY DESTINATION "${LIBDIR}") install(TARGETS mosquitto_sub RUNTIME DESTINATION "${BINDIR}" LIBRARY DESTINATION "${LIBDIR}") diff --git a/lib/socks_mosq.c b/lib/socks_mosq.c index f8f006a401..ffb895a7c2 100644 --- a/lib/socks_mosq.c +++ b/lib/socks_mosq.c @@ -21,6 +21,9 @@ and the Eclipse Distribution License is available at #include #ifdef WIN32 # include +#elif __QNX__ +# include +# include #else # include #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index dab82a481e..187d0aac6f 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -126,17 +126,18 @@ if (HAVE_GETADDRINFO_A) endif (HAVE_GETADDRINFO_A) - if (UNIX) if (APPLE) set (MOSQ_LIBS ${MOSQ_LIBS} dl m) - else (APPLE) - set (MOSQ_LIBS ${MOSQ_LIBS} dl m) - find_library(LIBRT rt) - if (LIBRT) - set (MOSQ_LIBS ${MOSQ_LIBS} rt) - endif (LIBRT) - endif (APPLE) + elseif(QNX) + set(MOSQ_LIBS ${MOSQ_LIBS} m socket) + else(APPLE) + set (MOSQ_LIBS ${MOSQ_LIBS} dl m) + find_library(LIBRT rt) + if (LIBRT) + set (MOSQ_LIBS ${MOSQ_LIBS} rt) + endif (LIBRT) + endif (APPLE) endif (UNIX) if (WIN32) diff --git a/src/conf_includedir.c b/src/conf_includedir.c index 43da9a1645..783a404863 100644 --- a/src/conf_includedir.c +++ b/src/conf_includedir.c @@ -36,7 +36,7 @@ and the Eclipse Distribution License is available at # include #endif -#if !defined(WIN32) && !defined(__CYGWIN__) +#if !defined(WIN32) && !defined(__CYGWIN__) && !defined(__QNX__) # include #endif From 80f3bc4812145c13c024262ef1f4b84fed9408f9 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Fri, 24 Aug 2018 16:38:42 +0200 Subject: [PATCH 20/58] _GNU_SOURCE needed for EAI_INPROGRESS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Define of _GNU_SOURCE is needed to be able to use EAI_INPROGRESS in loop.c. This patch fixes a build error loop.c:334:17: error: ‘EAI_INPROGRESS’ undeclared (first use in this function) if(rc == EAI_INPROGRESS){ occuring with a glibc-2.27-based buildroot toolchain for sparc64 Target: sparc64-buildroot-linux-gnu [...] gcc version 6.4.0 (Buildroot 2018.05) Source: http://autobuild.buildroot.org/toolchains/tarballs/br-sparc64-full-2018.05.tar.bz2 Signed-off-by: Bernd Kuhls --- config.h | 1 + 1 file changed, 1 insertion(+) diff --git a/config.h b/config.h index 5e76e89999..97ac6be998 100644 --- a/config.h +++ b/config.h @@ -15,6 +15,7 @@ # define _POSIX_C_SOURCE 200809L #endif +#define _GNU_SOURCE /* ============================================================ * Compatibility defines From a4a523656879083b5de5130e43564d5d509a362a Mon Sep 17 00:00:00 2001 From: Abilio Marques Date: Tue, 6 Nov 2018 21:15:13 +0100 Subject: [PATCH 21/58] fix bug where bridge doesn't honor restart_timeout setting Signed-off-by: Abilio Marques --- src/loop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/loop.c b/src/loop.c index c0de5433f0..c049c8ef49 100644 --- a/src/loop.c +++ b/src/loop.c @@ -422,8 +422,8 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li #else { rc = bridge__connect(db, context); + context->bridge->restart_t = 0; if(rc == MOSQ_ERR_SUCCESS){ - context->bridge->restart_t = 0; if(context->bridge->round_robin == false && context->bridge->cur_address != 0){ context->bridge->primary_retry = now + 5; } From d7bcec4878f2201d93a60c4f9e03badfb2cbc62e Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 10:03:34 +0000 Subject: [PATCH 22/58] Don't disconnect clients when a plugin denies SUBSCRIBE. Thanks to Ibrahim Koujar. Bug: https://github.com/eclipse/mosquitto/issues/1016 --- ChangeLog.txt | 2 + src/handle_subscribe.c | 6 +- test/broker/09-plugin-auth-acl-sub-denied.py | 58 ++++++++++++++++++++ test/broker/Makefile | 1 + test/broker/c/Makefile | 15 ++++- test/broker/c/auth_plugin_acl_sub_denied.c | 49 +++++++++++++++++ test/broker/ptest.py | 1 + 7 files changed, 128 insertions(+), 4 deletions(-) create mode 100755 test/broker/09-plugin-auth-acl-sub-denied.py create mode 100644 test/broker/c/auth_plugin_acl_sub_denied.c diff --git a/ChangeLog.txt b/ChangeLog.txt index 1dfe7edf9d..bc3f0991c5 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -33,6 +33,8 @@ Broker: removed. Closes #645. - Fix Windows version not starting if include_dir did not contain any files. Closes #566. +- When an authentication plugin denied access to a SUBSCRIBE, the client would + be disconnected incorrectly. This has been fixed. Closes #1016. Build: - Various fixes to ease building. diff --git a/src/handle_subscribe.c b/src/handle_subscribe.c index 3b2e2591f1..8f59435152 100644 --- a/src/handle_subscribe.c +++ b/src/handle_subscribe.c @@ -112,8 +112,8 @@ int handle__subscribe(struct mosquitto_db *db, struct mosquitto *context) log__printf(NULL, MOSQ_LOG_DEBUG, "\t%s (QoS %d)", sub, qos); if(context->protocol == mosq_p_mqtt311){ - rc = mosquitto_acl_check(db, context, sub, 0, NULL, qos, false, MOSQ_ACL_SUBSCRIBE); - switch(rc){ + rc2 = mosquitto_acl_check(db, context, sub, 0, NULL, qos, false, MOSQ_ACL_SUBSCRIBE); + switch(rc2){ case MOSQ_ERR_SUCCESS: break; case MOSQ_ERR_ACL_DENIED: @@ -121,7 +121,7 @@ int handle__subscribe(struct mosquitto_db *db, struct mosquitto *context) break; default: mosquitto__free(sub); - return rc; + return rc2; } } diff --git a/test/broker/09-plugin-auth-acl-sub-denied.py b/test/broker/09-plugin-auth-acl-sub-denied.py new file mode 100755 index 0000000000..83726653a3 --- /dev/null +++ b/test/broker/09-plugin-auth-acl-sub-denied.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +# Test topic subscription. All SUBSCRIBE requests are denied. Check this +# produces the correct response, and check the client isn't disconnected (ref: +# issue #1016). + +import inspect, os, sys +# From http://stackoverflow.com/questions/279237/python-import-a-module-from-a-folder +cmd_subfolder = os.path.realpath(os.path.abspath(os.path.join(os.path.split(inspect.getfile( inspect.currentframe() ))[0],".."))) +if cmd_subfolder not in sys.path: + sys.path.insert(0, cmd_subfolder) + +import mosq_test + +def write_config(filename, port): + with open(filename, 'w') as f: + f.write("port %d\n" % (port)) + f.write("auth_plugin c/auth_plugin_acl_sub_denied.so\n") + f.write("allow_anonymous false\n") + +port = mosq_test.get_port() +conf_file = os.path.basename(__file__).replace('.py', '.conf') +write_config(conf_file, port) + +rc = 1 +keepalive = 10 +connect_packet = mosq_test.gen_connect("sub-denied-test", keepalive=keepalive, username="denied") +connack_packet = mosq_test.gen_connack(rc=0) + +mid = 53 +subscribe_packet = mosq_test.gen_subscribe(mid, "qos0/test", 0) +suback_packet = mosq_test.gen_suback(mid, 128) + +mid_pub = 54 +publish_packet = mosq_test.gen_publish("topic", qos=1, payload="test", mid=mid_pub) +puback_packet = mosq_test.gen_puback(mid_pub) + +broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) + +try: + sock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=20, port=port) + mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback") + + mosq_test.do_send_receive(sock, publish_packet, puback_packet, "puback") + + rc = 0 + + sock.close() +finally: + os.remove(conf_file) + broker.terminate() + broker.wait() + (stdo, stde) = broker.communicate() + if rc: + print(stde) + + +exit(rc) diff --git a/test/broker/Makefile b/test/broker/Makefile index 0b4fee0848..c70f1f7d67 100644 --- a/test/broker/Makefile +++ b/test/broker/Makefile @@ -116,6 +116,7 @@ endif ./09-plugin-auth-unpwd-success.py ./09-plugin-auth-unpwd-fail.py ./09-plugin-auth-acl-sub.py + ./09-plugin-auth-acl-sub-denied.py ./09-plugin-auth-v2-unpwd-success.py ./09-plugin-auth-v2-unpwd-fail.py ./09-plugin-auth-defer-unpwd-success.py diff --git a/test/broker/c/Makefile b/test/broker/c/Makefile index f60f9d5fab..0ce1776834 100644 --- a/test/broker/c/Makefile +++ b/test/broker/c/Makefile @@ -2,7 +2,17 @@ CFLAGS=-I../../../lib -I../../../src -Wall -Werror -all : auth_plugin.so auth_plugin_pwd.so auth_plugin_acl.so auth_plugin_v2.so auth_plugin_msg_params.so auth_plugin_context_params.so 08 +PLUGINS= \ + auth_plugin.so \ + auth_plugin_pwd.so \ + auth_plugin_acl.so \ + auth_plugin_v2.so \ + auth_plugin_msg_params.so \ + auth_plugin_context_params.so \ + auth_plugin_acl_sub_denied.so + + +all : ${PLUGINS} 08 08 : 08-tls-psk-pub.test 08-tls-psk-bridge.test @@ -24,6 +34,9 @@ auth_plugin_context_params.so : auth_plugin_context_params.c auth_plugin_msg_params.so : auth_plugin_msg_params.c $(CC) ${CFLAGS} -fPIC -shared $^ -o $@ +auth_plugin_acl_sub_denied.so : auth_plugin_acl_sub_denied.c + $(CC) ${CFLAGS} -fPIC -shared $^ -o $@ + 08-tls-psk-pub.test : 08-tls-psk-pub.c $(CC) ${CFLAGS} $^ -o $@ ../../../lib/libmosquitto.so.1 diff --git a/test/broker/c/auth_plugin_acl_sub_denied.c b/test/broker/c/auth_plugin_acl_sub_denied.c new file mode 100644 index 0000000000..4c5a26fab5 --- /dev/null +++ b/test/broker/c/auth_plugin_acl_sub_denied.c @@ -0,0 +1,49 @@ +#include +#include +#include +#include +#include + +int mosquitto_auth_plugin_version(void) +{ + return MOSQ_AUTH_PLUGIN_VERSION; +} + +int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_opt *auth_opts, int auth_opt_count) +{ + return MOSQ_ERR_SUCCESS; +} + +int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count) +{ + return MOSQ_ERR_SUCCESS; +} + +int mosquitto_auth_security_init(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload) +{ + return MOSQ_ERR_SUCCESS; +} + +int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload) +{ + return MOSQ_ERR_SUCCESS; +} + +int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, const struct mosquitto_acl_msg *msg) +{ + if(access == MOSQ_ACL_SUBSCRIBE){ + return MOSQ_ERR_ACL_DENIED; + }else{ + return MOSQ_ERR_SUCCESS; + } +} + +int mosquitto_auth_unpwd_check(void *user_data, const struct mosquitto *client, const char *username, const char *password) +{ + return MOSQ_ERR_SUCCESS; +} + +int mosquitto_auth_psk_key_get(void *user_data, const struct mosquitto *client, const char *hint, const char *identity, char *key, int max_key_len) +{ + return MOSQ_ERR_AUTH; +} diff --git a/test/broker/ptest.py b/test/broker/ptest.py index 27b0df6d77..f39049e1b8 100755 --- a/test/broker/ptest.py +++ b/test/broker/ptest.py @@ -88,6 +88,7 @@ (1, './09-plugin-auth-unpwd-success.py'), (1, './09-plugin-auth-unpwd-fail.py'), (1, './09-plugin-auth-acl-sub.py'), + (1, './09-plugin-auth-acl-sub-denied.py'), (1, './09-plugin-auth-v2-unpwd-success.py'), (1, './09-plugin-auth-v2-unpwd-fail.py'), (1, './09-plugin-auth-defer-unpwd-success.py'), From 0368a8c01d2726c81624b1b08a096c307dbb45ab Mon Sep 17 00:00:00 2001 From: Iblis Lin Date: Sun, 30 Sep 2018 21:22:59 +0800 Subject: [PATCH 23/58] add socket headers for FreeBSD Signed-off-by: Iblis Lin --- lib/socks_mosq.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/socks_mosq.c b/lib/socks_mosq.c index ffb895a7c2..e7d597f7f1 100644 --- a/lib/socks_mosq.c +++ b/lib/socks_mosq.c @@ -27,6 +27,10 @@ and the Eclipse Distribution License is available at #else # include #endif +#ifdef __FreeBSD__ +# include +# include +#endif #include "mosquitto_internal.h" #include "memory_mosq.h" From 15821171471ea8ff440d6fec2529a5f00d68afa0 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 14:13:14 +0000 Subject: [PATCH 24/58] Build own libwebsockets in Docker image. --- docker/1.5/Dockerfile | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 83c76d9f82..5295ab6aac 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -5,15 +5,34 @@ LABEL maintainer="Roger Light " \ ENV VERSION=1.5.3 \ DOWNLOAD_SHA256=3081a998d303a883b1cd064009beabc88aa9159e26f5258a4ae6007160491d10 \ - GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ + LWS_VERSION=2.4.2 RUN set -x && \ apk --no-cache add --virtual build-deps \ build-base \ + cmake \ gnupg \ libressl-dev \ - libwebsockets-dev \ util-linux-dev && \ + wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ + mkdir -p /build/lws && \ + tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \ + rm /tmp/lws.tar.gz && \ + cd /build/lws && \ + cmake . \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLWS_IPV6=ON \ + -DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \ + -DLWS_WITHOUT_CLIENT=ON \ + -DLWS_WITHOUT_EXTENSIONS=ON \ + -DLWS_WITHOUT_TESTAPPS=ON \ + -DLWS_WITH_SHARED=OFF \ + -DLWS_WITH_ZIP_FOPS=OFF \ + -DLWS_WITH_ZLIB=OFF && \ + make -j "$(nproc)" && \ + rm -rf /root/.cmake && \ wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ @@ -32,10 +51,12 @@ RUN set -x && \ gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ gpgconf --kill all && \ rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ - mkdir -p /build && \ - tar --strip=1 -xf /tmp/mosq.tar.gz -C /build && \ + mkdir -p /build/mosq && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ rm /tmp/mosq.tar.gz && \ - make -C /build -j "$(nproc)" \ + make -C /build/mosq -j "$(nproc)" \ + CFLAGS="-Wall -O2 -I/build/lws/include -flto" \ + LDFLAGS="-L/build/lws/lib -flto" \ WITH_ADNS=no \ WITH_DOCS=no \ WITH_MEMORY_TRACKING=no \ @@ -50,13 +71,12 @@ RUN set -x && \ adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ install -d /usr/sbin/ && \ - install -s -m755 /build/src/mosquitto /usr/sbin/mosquitto && \ - install -s -m755 /build/src/mosquitto_passwd /usr/bin/mosquitto_passwd && \ - install -m644 /build/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/mosq/src/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ chown -R mosquitto:mosquitto /mosquitto && \ apk --no-cache add \ - libuuid \ - libwebsockets && \ + libuuid && \ apk del build-deps && \ rm -rf /build From feb303a91942cb87871927e7e3f87d3266135841 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 14:16:14 +0000 Subject: [PATCH 25/58] Fix whitespace in Dockerfile. --- docker/1.5/Dockerfile | 96 +++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 5295ab6aac..092b9d617e 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -1,20 +1,20 @@ FROM alpine:3.8 LABEL maintainer="Roger Light " \ - description="Eclipse Mosquitto MQTT Broker" + description="Eclipse Mosquitto MQTT Broker" ENV VERSION=1.5.3 \ - DOWNLOAD_SHA256=3081a998d303a883b1cd064009beabc88aa9159e26f5258a4ae6007160491d10 \ - GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ - LWS_VERSION=2.4.2 + DOWNLOAD_SHA256=3081a998d303a883b1cd064009beabc88aa9159e26f5258a4ae6007160491d10 \ + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ + LWS_VERSION=2.4.2 RUN set -x && \ - apk --no-cache add --virtual build-deps \ - build-base \ - cmake \ - gnupg \ - libressl-dev \ - util-linux-dev && \ + apk --no-cache add --virtual build-deps \ + build-base \ + cmake \ + gnupg \ + libressl-dev \ + util-linux-dev && \ wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ mkdir -p /build/lws && \ tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \ @@ -34,51 +34,51 @@ RUN set -x && \ make -j "$(nproc)" && \ rm -rf /root/.cmake && \ wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ - echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ + echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ - export GNUPGHOME="$(mktemp -d)" && \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ - gpgconf --kill all && \ - rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ - mkdir -p /build/mosq && \ - tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ - rm /tmp/mosq.tar.gz && \ + export GNUPGHOME="$(mktemp -d)" && \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ + gpgconf --kill all && \ + rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ + mkdir -p /build/mosq && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ + rm /tmp/mosq.tar.gz && \ make -C /build/mosq -j "$(nproc)" \ CFLAGS="-Wall -O2 -I/build/lws/include -flto" \ LDFLAGS="-L/build/lws/lib -flto" \ - WITH_ADNS=no \ - WITH_DOCS=no \ - WITH_MEMORY_TRACKING=no \ - WITH_SHARED_LIBRARIES=no \ - WITH_SRV=no \ - WITH_STRIP=yes \ - WITH_TLS_PSK=no \ - WITH_WEBSOCKETS=yes \ - prefix=/usr \ - binary && \ - addgroup -S mosquitto 2>/dev/null && \ + WITH_ADNS=no \ + WITH_DOCS=no \ + WITH_MEMORY_TRACKING=no \ + WITH_SHARED_LIBRARIES=no \ + WITH_SRV=no \ + WITH_STRIP=yes \ + WITH_TLS_PSK=no \ + WITH_WEBSOCKETS=yes \ + prefix=/usr \ + binary && \ + addgroup -S mosquitto 2>/dev/null && \ adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ - install -d /usr/sbin/ && \ - install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ - install -s -m755 /build/mosq/src/mosquitto_passwd /usr/bin/mosquitto_passwd && \ - install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + install -d /usr/sbin/ && \ + install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/mosq/src/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ chown -R mosquitto:mosquitto /mosquitto && \ - apk --no-cache add \ - libuuid && \ - apk del build-deps && \ - rm -rf /build + apk --no-cache add \ + libuuid && \ + apk del build-deps && \ + rm -rf /build VOLUME ["/mosquitto/data", "/mosquitto/log"] From 9f7577aab6c1e2cb9a854218b4dc4b9573909701 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 17:23:43 +0000 Subject: [PATCH 26/58] $SYS/broker/clients/disconnected should never be negative. Closes #287. Thanks to Lovisa Johansson. Bug: https://github.com/eclipse/mosquitto/issues/287 --- ChangeLog.txt | 2 ++ src/sys_tree.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index bc3f0991c5..9da3ca9798 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -6,6 +6,7 @@ Broker: a client that send a PUBLISH then DISCONNECT quickly, then disconnects will have its DISCONNECT message processed properly and so no Will will be sent. Closes #7. +- $SYS/broker/clients/disconnected should never be negative. Closes #287. Library: - Fix memory leak that occurred if mosquitto_reconnect() was used when TLS @@ -15,6 +16,7 @@ Build: - Fix clients not being compiled with threading support when using CMake. Closes #983. + 1.5.3 - 20180925 ================ diff --git a/src/sys_tree.c b/src/sys_tree.c index ebece86b97..65800fcf54 100644 --- a/src/sys_tree.c +++ b/src/sys_tree.c @@ -60,8 +60,8 @@ static void sys_tree__update_clients(struct mosquitto_db *db, char *buf) static unsigned int client_count = -1; static int clients_expired = -1; static unsigned int client_max = 0; - static unsigned int disconnected_count = -1; - static unsigned int connected_count = -1; + static int disconnected_count = -1; + static int connected_count = -1; unsigned int count_total, count_by_sock; @@ -82,6 +82,13 @@ static void sys_tree__update_clients(struct mosquitto_db *db, char *buf) if(disconnected_count != count_total-count_by_sock){ disconnected_count = count_total-count_by_sock; + if(disconnected_count < 0){ + /* If a client has connected but not sent a CONNECT at this point, + * then it is possible that count_by_sock will be bigger than + * count_total, causing a negative number. This situation should + * not last for long, so just cap at zero and ignore. */ + disconnected_count = 0; + } snprintf(buf, BUFLEN, "%d", disconnected_count); db__messages_easy_queue(db, NULL, "$SYS/broker/clients/inactive", SYS_TREE_QOS, strlen(buf), buf, 1); db__messages_easy_queue(db, NULL, "$SYS/broker/clients/disconnected", SYS_TREE_QOS, strlen(buf), buf, 1); From 34c752a0d066037048ae4fe8718bc3101db4a74c Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 17:29:39 +0000 Subject: [PATCH 27/58] Give better error message if a client sends a password without a username. Closes #1015. Thanks to TabascoEye. --- ChangeLog.txt | 2 ++ src/handle_connect.c | 1 + 2 files changed, 3 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index 9da3ca9798..c52b8e0d6e 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -7,6 +7,8 @@ Broker: have its DISCONNECT message processed properly and so no Will will be sent. Closes #7. - $SYS/broker/clients/disconnected should never be negative. Closes #287. +- Give better error message if a client sends a password without a username. + Closes #1015. Library: - Fix memory leak that occurred if mosquitto_reconnect() was used when TLS diff --git a/src/handle_connect.c b/src/handle_connect.c index 8796445675..fd60addfe5 100644 --- a/src/handle_connect.c +++ b/src/handle_connect.c @@ -395,6 +395,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context) if(context->protocol == mosq_p_mqtt311){ if(password_flag){ /* username_flag == 0 && password_flag == 1 is forbidden */ + log__printf(NULL, MOSQ_LOG_ERR, "Protocol error from %s: password without username, closing connection.", client_id); rc = MOSQ_ERR_PROTOCOL; goto handle_connect_error; } From ba67e1ffe539f817e82b7ad3499722d78876e50e Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 17:43:21 +0000 Subject: [PATCH 28/58] Don't use gnu-specific strerror_r. --- client/client_shared.c | 6 +++++- src/mosquitto.c | 20 ++++++++++---------- src/net.c | 6 ++---- src/persist.c | 24 ++++++++++++------------ 4 files changed, 29 insertions(+), 27 deletions(-) diff --git a/client/client_shared.c b/client/client_shared.c index d5d3725629..2788b7ce51 100644 --- a/client/client_shared.c +++ b/client/client_shared.c @@ -974,7 +974,11 @@ int client_id_generate(struct mosq_config *cfg, const char *id_base) int client_connect(struct mosquitto *mosq, struct mosq_config *cfg) { +#ifndef WIN32 + char *err; +#else char err[1024]; +#endif int rc; int port; @@ -1008,7 +1012,7 @@ int client_connect(struct mosquitto *mosq, struct mosq_config *cfg) if(!cfg->quiet){ if(rc == MOSQ_ERR_ERRNO){ #ifndef WIN32 - strerror_r(errno, err, 1024); + err = strerror(errno); #else FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, errno, 0, (LPTSTR)&err, 1024, NULL); #endif diff --git a/src/mosquitto.c b/src/mosquitto.c index eb90260ca7..768d5c102e 100644 --- a/src/mosquitto.c +++ b/src/mosquitto.c @@ -91,7 +91,7 @@ int drop_privileges(struct mosquitto__config *config, bool temporary) { #if !defined(__CYGWIN__) && !defined(WIN32) struct passwd *pwd; - char err[256]; + char *err; int rc; const char *snap = getenv("SNAP_NAME"); @@ -108,7 +108,7 @@ int drop_privileges(struct mosquitto__config *config, bool temporary) return 1; } if(initgroups(config->user, pwd->pw_gid) == -1){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error setting groups whilst dropping privileges: %s.", err); return 1; } @@ -118,7 +118,7 @@ int drop_privileges(struct mosquitto__config *config, bool temporary) rc = setgid(pwd->pw_gid); } if(rc == -1){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst dropping privileges: %s.", err); return 1; } @@ -128,7 +128,7 @@ int drop_privileges(struct mosquitto__config *config, bool temporary) rc = setuid(pwd->pw_uid); } if(rc == -1){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst dropping privileges: %s.", err); return 1; } @@ -144,19 +144,19 @@ int drop_privileges(struct mosquitto__config *config, bool temporary) int restore_privileges(void) { #if !defined(__CYGWIN__) && !defined(WIN32) - char err[256]; + char *err; int rc; if(getuid() == 0){ rc = setegid(0); if(rc == -1){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst restoring privileges: %s.", err); return 1; } rc = seteuid(0); if(rc == -1){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst restoring privileges: %s.", err); return 1; } @@ -169,12 +169,12 @@ int restore_privileges(void) void mosquitto__daemonise(void) { #ifndef WIN32 - char err[256]; + char *err; pid_t pid; pid = fork(); if(pid < 0){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error in fork: %s", err); exit(1); } @@ -182,7 +182,7 @@ void mosquitto__daemonise(void) exit(0); } if(setsid() < 0){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error in setsid: %s", err); exit(1); } diff --git a/src/net.c b/src/net.c index 780a5f0bc0..08f2b824fa 100644 --- a/src/net.c +++ b/src/net.c @@ -81,18 +81,16 @@ void net__broker_cleanup(void) static void net__print_error(int log, const char *format_str) { -#ifdef WIN32 char *buf; +#ifdef WIN32 FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, WSAGetLastError(), LANG_NEUTRAL, &buf, 0, NULL); log__printf(NULL, log, format_str, buf); LocalFree(buf); #else - char buf[256]; - - strerror_r(errno, buf, 256); + buf = strerror(errno); log__printf(NULL, log, format_str, buf); #endif } diff --git a/src/persist.c b/src/persist.c index 7a93f98427..b83327c340 100644 --- a/src/persist.c +++ b/src/persist.c @@ -356,7 +356,7 @@ int persist__backup(struct mosquitto_db *db, bool shutdown) uint32_t i32temp; uint16_t i16temp; uint8_t i8temp; - char err[256]; + char *err; char *outfile = NULL; int len; @@ -477,7 +477,7 @@ int persist__backup(struct mosquitto_db *db, bool shutdown) return rc; error: mosquitto__free(outfile); - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error: %s.", err); if(db_fptr) fclose(db_fptr); return 1; @@ -596,7 +596,7 @@ static int persist__client_msg_chunk_restore(struct mosquitto_db *db, FILE *db_f uint8_t qos, retain, direction, state, dup; char *client_id = NULL; int rc; - char err[256]; + char *err; read_e(db_fptr, &i16temp, sizeof(uint16_t)); slen = ntohs(i16temp); @@ -631,7 +631,7 @@ static int persist__client_msg_chunk_restore(struct mosquitto_db *db, FILE *db_f return rc; error: - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error: %s.", err); fclose(db_fptr); mosquitto__free(client_id); @@ -650,7 +650,7 @@ static int persist__msg_store_chunk_restore(struct mosquitto_db *db, FILE *db_fp int rc = 0; struct mosquitto_msg_store *stored = NULL; struct mosquitto_msg_store_load *load; - char err[256]; + char *err; payload.ptr = NULL; @@ -734,7 +734,7 @@ static int persist__msg_store_chunk_restore(struct mosquitto_db *db, FILE *db_fp return rc; } error: - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error: %s.", err); fclose(db_fptr); mosquitto__free(source_id); @@ -747,10 +747,10 @@ static int persist__retain_chunk_restore(struct mosquitto_db *db, FILE *db_fptr) { dbid_t i64temp, store_id; struct mosquitto_msg_store_load *load; - char err[256]; + char *err; if(fread(&i64temp, sizeof(dbid_t), 1, db_fptr) != 1){ - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error: %s.", err); fclose(db_fptr); return 1; @@ -773,7 +773,7 @@ static int persist__sub_chunk_restore(struct mosquitto_db *db, FILE *db_fptr) char *client_id; char *topic; int rc = 0; - char err[256]; + char *err; read_e(db_fptr, &i16temp, sizeof(uint16_t)); slen = ntohs(i16temp); @@ -807,7 +807,7 @@ static int persist__sub_chunk_restore(struct mosquitto_db *db, FILE *db_fptr) return rc; error: - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error: %s.", err); fclose(db_fptr); return 1; @@ -824,7 +824,7 @@ int persist__restore(struct mosquitto_db *db) uint16_t i16temp, chunk; uint8_t i8temp; ssize_t rlen; - char err[256]; + char *err; struct mosquitto_msg_store_load *load, *load_tmp; assert(db); @@ -919,7 +919,7 @@ int persist__restore(struct mosquitto_db *db) } return rc; error: - strerror_r(errno, err, 256); + err = strerror(errno); log__printf(NULL, MOSQ_LOG_ERR, "Error: %s.", err); if(fptr) fclose(fptr); return 1; From b803b40a225d00dd2c2a7130bd748629863bfa2f Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 18:32:17 +0000 Subject: [PATCH 29/58] Update changelog. --- ChangeLog.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index c52b8e0d6e..138af7980c 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -9,6 +9,9 @@ Broker: - $SYS/broker/clients/disconnected should never be negative. Closes #287. - Give better error message if a client sends a password without a username. Closes #1015. +- Fix bridge not honoring restart_timeout. Closes #1019. +- Don't disconnect a client if an auth plugin denies access to SUBSCRIBE. + Closes #1016. Library: - Fix memory leak that occurred if mosquitto_reconnect() was used when TLS @@ -17,6 +20,10 @@ errors were present. Closes #592. Build: - Fix clients not being compiled with threading support when using CMake. Closes #983. +- Header fixes for FreeBSD. Closes #977. +- Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage. + Closes #862 and #933. +- Fix builds on QNX 7.0.0. Closes #1018. 1.5.3 - 20180925 From 71b8c4d892da64336272b4420e0e5775acea8b49 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 7 Nov 2018 21:08:10 +0000 Subject: [PATCH 30/58] Fix TLS connections when using an external event loop. Affects the use of mosquitto_loop_read() and mosquitto_write(). Closes #990. --- ChangeLog.txt | 4 +++- lib/loop.c | 26 ++++++++++++-------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 138af7980c..cf94b1c06d 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -15,7 +15,9 @@ Broker: Library: - Fix memory leak that occurred if mosquitto_reconnect() was used when TLS -errors were present. Closes #592. + errors were present. Closes #592. +- Fix TLS connections when using an external event loop with + mosquitto_loop_read() and mosquitto_write(). Closes #990. Build: - Fix clients not being compiled with threading support when using CMake. diff --git a/lib/loop.c b/lib/loop.c index 0725d227d0..23e60825e0 100644 --- a/lib/loop.c +++ b/lib/loop.c @@ -147,20 +147,12 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets) }else{ if(mosq->sock != INVALID_SOCKET){ if(FD_ISSET(mosq->sock, &readfds)){ -#ifdef WITH_TLS - if(mosq->want_connect){ - rc = net__socket_connect_tls(mosq); - if(rc) return rc; - }else -#endif - { - do{ - rc = mosquitto_loop_read(mosq, max_packets); - if(rc || mosq->sock == INVALID_SOCKET){ - return rc; - } - }while(SSL_DATA_PENDING(mosq)); - } + do{ + rc = mosquitto_loop_read(mosq, max_packets); + if(rc || mosq->sock == INVALID_SOCKET){ + return rc; + } + }while(SSL_DATA_PENDING(mosq)); } if(mosq->sockpairR != INVALID_SOCKET && FD_ISSET(mosq->sockpairR, &readfds)){ #ifndef WIN32 @@ -354,6 +346,12 @@ int mosquitto_loop_read(struct mosquitto *mosq, int max_packets) int i; if(max_packets < 1) return MOSQ_ERR_INVAL; +#ifdef WITH_TLS + if(mosq->want_connect){ + return net__socket_connect_tls(mosq); + } +#endif + pthread_mutex_lock(&mosq->out_message_mutex); max_packets = mosq->out_queue_len; pthread_mutex_unlock(&mosq->out_message_mutex); From b54e379fbad10ff54b57da3d062ca6bf14065d96 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Thu, 8 Nov 2018 12:10:28 +0000 Subject: [PATCH 31/58] Fix websockets listeners not verifying client certs. When using a TLS enabled websockets listener with "require_certificate" enabled, the mosquitto broker does not correctly verify client certificates. This is now fixed. All other security measures operate as expected, and in particular non-websockets listeners are not affected by this. Closes #996. Thanks to creising. --- ChangeLog.txt | 8 +++++++- src/websockets.c | 8 ++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index cf94b1c06d..cc35d767be 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,12 @@ -1.5.4 - 201810xx +1.5.4 - 20181108 ================ +Security: +- When using a TLS enabled websockets listener with "require_certificate" + enabled, the mosquitto broker does not correctly verify client certificates. + This is now fixed. All other security measures operate as expected, and in + particular non-websockets listeners are not affected by this. Closes #996. + Broker: - Process all pending messages even when a client has disconnected. This means a client that send a PUBLISH then DISCONNECT quickly, then disconnects will diff --git a/src/websockets.c b/src/websockets.c index 1ab02a9b1c..bf2804b8d2 100644 --- a/src/websockets.c +++ b/src/websockets.c @@ -665,6 +665,14 @@ static int callback_http(struct libwebsocket_context *context, } break; +#ifdef WITH_TLS + case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION: + if(!len || (SSL_get_verify_result((SSL*)in) != X509_V_OK)){ + return 1; + } + break; +#endif + default: return 0; } From e81db23ce49b021dd307d8db86af083cb8d57227 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Thu, 8 Nov 2018 12:12:27 +0000 Subject: [PATCH 32/58] Bump version number. --- CMakeLists.txt | 2 +- config.mk | 2 +- installer/mosquitto.nsi | 2 +- installer/mosquitto64.nsi | 2 +- lib/mosquitto.h | 2 +- set-version.sh | 2 +- snap/snapcraft.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5e55f119cf..161696daf4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -11,7 +11,7 @@ project(mosquitto) cmake_minimum_required(VERSION 2.8) # Only for version 3 and up. cmake_policy(SET CMP0042 NEW) -set (VERSION 1.5.3) +set (VERSION 1.5.4) add_definitions (-DCMAKE -DVERSION=\"${VERSION}\") diff --git a/config.mk b/config.mk index 87fb14587d..d591cd499c 100644 --- a/config.mk +++ b/config.mk @@ -105,7 +105,7 @@ WITH_BUNDLED_DEPS:=yes # Also bump lib/mosquitto.h, CMakeLists.txt, # installer/mosquitto.nsi, installer/mosquitto64.nsi -VERSION=1.5.3 +VERSION=1.5.4 # Client library SO version. Bump if incompatible API/ABI changes are made. SOVERSION=1 diff --git a/installer/mosquitto.nsi b/installer/mosquitto.nsi index b97f6f3a33..34143f8523 100644 --- a/installer/mosquitto.nsi +++ b/installer/mosquitto.nsi @@ -9,7 +9,7 @@ !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' Name "Eclipse Mosquitto" -!define VERSION 1.5.3 +!define VERSION 1.5.4 OutFile "mosquitto-${VERSION}-install-windows-x86.exe" InstallDir "$PROGRAMFILES\mosquitto" diff --git a/installer/mosquitto64.nsi b/installer/mosquitto64.nsi index 59acea1a10..097f4521a4 100644 --- a/installer/mosquitto64.nsi +++ b/installer/mosquitto64.nsi @@ -9,7 +9,7 @@ !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' Name "Eclipse Mosquitto" -!define VERSION 1.5.3 +!define VERSION 1.5.4 OutFile "mosquitto-${VERSION}-install-windows-x64.exe" !include "x64.nsh" diff --git a/lib/mosquitto.h b/lib/mosquitto.h index 3d15666d07..b3600b2c1b 100644 --- a/lib/mosquitto.h +++ b/lib/mosquitto.h @@ -47,7 +47,7 @@ extern "C" { #define LIBMOSQUITTO_MAJOR 1 #define LIBMOSQUITTO_MINOR 5 -#define LIBMOSQUITTO_REVISION 3 +#define LIBMOSQUITTO_REVISION 4 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */ #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION) diff --git a/set-version.sh b/set-version.sh index 522dfa1d39..549581892d 100755 --- a/set-version.sh +++ b/set-version.sh @@ -2,7 +2,7 @@ MAJOR=1 MINOR=5 -REVISION=3 +REVISION=4 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f3a6d1cfb4..fa1127ed55 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: mosquitto -version: 1.5.3-1 +version: 1.5.4 summary: Eclipse Mosquitto MQTT broker description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT protocol. From b2fda04e1cfa7d44fa78ca39c1060164c96b1124 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Thu, 8 Nov 2018 17:14:43 +0000 Subject: [PATCH 33/58] Update website for 1.5.4. --- www/pages/download.md | 54 ++++----------------- www/pages/security.md | 4 +- www/posts/2018/11/version-154-released.md | 59 +++++++++++++++++++++++ 3 files changed, 72 insertions(+), 45 deletions(-) create mode 100644 www/posts/2018/11/version-154-released.md diff --git a/www/pages/download.md b/www/pages/download.md index 9249f84bed..2a9b54e027 100644 --- a/www/pages/download.md +++ b/www/pages/download.md @@ -11,8 +11,8 @@ # Source -* [mosquitto-1.5.3.tar.gz](https://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz.asc)) -* [mosquitto-1.5.3.tar.gz](https://www.eclipse.org/downloads/download.php?file=/mosquitto/source/mosquitto-1.5.3.tar.gz) (via Eclipse) +* [mosquitto-1.5.4.tar.gz](https://mosquitto.org/files/source/mosquitto-1.5.4.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.5.4.tar.gz.asc)) +* [mosquitto-1.5.4.tar.gz](https://www.eclipse.org/downloads/download.php?file=/mosquitto/source/mosquitto-1.5.4.tar.gz) (via Eclipse) * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com) Older downloads are available at [https://mosquitto.org/files/](../files/) @@ -25,8 +25,8 @@ distributions. ## Windows -* [mosquitto-1.5.3-install-windows-x64.exe](https://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win64/mosquitto-1.5.3-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017) -* [mosquitto-1.5.3-install-windows-x32.exe](https://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win32/mosquitto-1.5.3-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017) +* [mosquitto-1.5.4-install-windows-x64.exe](https://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win64/mosquitto-1.5.4-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017) +* [mosquitto-1.5.4-install-windows-x32.exe](https://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win32/mosquitto-1.5.4-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017) See also readme-windows.txt after installing. @@ -51,16 +51,6 @@ The available packages are: mosquitto, mosquitto-clients, libmosquitto1, libmosq * There are also Debian repositories provided by the mosquitto project, as described at -## openSUSE -Download the repository config file for your openSUSE version from below and -copy it to /etc/zypp/repos.d/ You'll now be able to install and keep mosquitto -up to date using the normal package management tools. - -The available packages are: mosquitto, mosquitto-clients, libmosquitto1, libmosquitto-devel, libmosquittopp1, libmosquittopp-devel, python-mosquitto. - -* [openSUSE 13.2](https://download.opensuse.org/repositories/home:/oojah:/mqtt/openSUSE_13.2/home:oojah:mqtt.repo) -* [openSUSE 13.1](https://download.opensuse.org/repositories/home:/oojah:/mqtt/openSUSE_13.1/home:oojah:mqtt.repo) - ## Raspberry Pi Mosquitto is available through the main repository. @@ -76,15 +66,6 @@ The available packages are: mosquitto, mosquitto-clients, libmosquitto1, libmosq * [RHEL 7](https://download.opensuse.org/repositories/home:/oojah:/mqtt/RedHat_RHEL-7/home:oojah:mqtt.repo) * [RHEL 6](https://download.opensuse.org/repositories/home:/oojah:/mqtt/RedHat_RHEL-6/home:oojah:mqtt.repo) -## SUSE Linux Enterprise Server -Add the appropriate repository to your package config from the list below, then install mosquitto from your normal package management tools. - -* [SLE 15](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_15/) -* [SLE 12 SP3](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP3/) -* [SLE 12 SP2](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP2/) -* [SLE 12 SP1](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_12_SP1/) -* [SLE 12](https://download.opensuse.org/repositories/home:/oojah:/mqtt/SLE_123/) - ## Ubuntu Mosquitto is available in the Ubuntu repositories so you can install as with any other package. If you are on an earlier version of Ubuntu or want a more @@ -98,24 +79,9 @@ from your package manager. # Other packages known to exist -## Arch Linux -* Mosquitto can be found in the community repository. - -## Fedora -Mosquitto is now available from Fedora directly. Use `yum install mosquitto`, -or search for "mosquitto" to find the related packages. - -## FreeBSD -Mosquitto is available for FreeBSD: https://www.freshports.org/net/mosquitto/ - -## Gentoo -Use `emerge mosquitto` - -## OpenWrt -If you're using a trunk snapshot use `opkg update; opkg install mosquitto` - -Karl Palsson maintains a set of feeds that may be more up to date than the -current OpenWrt version: - -* https://github.com/remakeelectric/owrt_pub_feeds - +* Arch Linux +* Fedora +* FreeBSD +* Gentoo +* OpenWrt +* OpenSUSE diff --git a/www/pages/security.md b/www/pages/security.md index c31eb3006f..7696dca90f 100644 --- a/www/pages/security.md +++ b/www/pages/security.md @@ -19,6 +19,8 @@ follow the steps on [Eclipse Security] page to report it. Listed with most recent first. Further information on security related issues can be found in the [security category]. +* November 2018: No CVE assigned. Affecting versions **1.4** to **1.5.3** + inclusive, fixed in **1.5.4**. More details at [version-154-released]. * September 2018: [CVE-2018-12543] affecting versions **1.5** to **1.5.2** inclusive, fixed in **1.5.3**. * April 2018: [CVE-2017-7655] affecting versions **1.0** to **1.4.15** @@ -41,7 +43,7 @@ can be found in the [security category]. inclusive, fixed in **1.4.12**. More details at [security-advisory-cve-2017-7650]. - +[version-154-released]: /2018/11/version-154-released/ [security-advisory-cve-2018-12543]: /2018/09/security-advisory-cve-2018-12543/ [security-advisory-cve-2017-7651-cve-2017-7652]: /2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ [security-advisory-cve-2017-7650]: /2017/05/security-advisory-cve-2017-7650/ diff --git a/www/posts/2018/11/version-154-released.md b/www/posts/2018/11/version-154-released.md new file mode 100644 index 0000000000..7d0c9dd544 --- /dev/null +++ b/www/posts/2018/11/version-154-released.md @@ -0,0 +1,59 @@ + + +This is a bugfix and security release. + +# Version 1.5.4 changes + +## Security +- When using a TLS enabled websockets listener with `require_certificate` + enabled, the mosquitto broker does not correctly verify client certificates. + This is now fixed. All other security measures operate as expected, and in + particular non-websockets listeners are not affected by this. Closes [#996]. + +## Broker +- Process all pending messages even when a client has disconnected. This means + a client that send a PUBLISH then DISCONNECT quickly, then disconnects will + have its DISCONNECT message processed properly and so no Will will be sent. + Closes [#7]. +- $SYS/broker/clients/disconnected should never be negative. Closes [#287]. +- Give better error message if a client sends a password without a username. + Closes [#1015]. +- Fix bridge not honoring `restart_timeout`. Closes [#1019]. +- Don't disconnect a client if an auth plugin denies access to SUBSCRIBE. + Closes [#1016]. + +## Library +- Fix memory leak that occurred if `mosquitto_reconnect()` was used when TLS + errors were present. Closes [#592]. +- Fix TLS connections when using an external event loop with + `mosquitto_loop_read()` and `mosquitto_write()`. Closes [#990]. + +## Build +- Fix clients not being compiled with threading support when using CMake. + Closes [#983]. +- Header fixes for FreeBSD. Closes [#977]. +- Use `_GNU_SOURCE` to fix build errors in websockets and getaddrinfo usage. + Closes [#862] and [#933]. +- Fix builds on QNX 7.0.0. Closes [#1018]. + +[#7]: https://github.com/eclipse/mosquitto/issues/7 +[#287]: https://github.com/eclipse/mosquitto/issues/287 +[#592]: https://github.com/eclipse/mosquitto/issues/592 +[#933]: https://github.com/eclipse/mosquitto/issues/933 +[#977]: https://github.com/eclipse/mosquitto/issues/977 +[#983]: https://github.com/eclipse/mosquitto/issues/983 +[#990]: https://github.com/eclipse/mosquitto/issues/990 +[#996]: https://github.com/eclipse/mosquitto/issues/996 +[#1015]: https://github.com/eclipse/mosquitto/issues/1015 +[#1016]: https://github.com/eclipse/mosquitto/issues/1016 +[#1018]: https://github.com/eclipse/mosquitto/issues/1018 +[#1019]: https://github.com/eclipse/mosquitto/issues/1019 From 8960b1fe29a745cd0ed14ab914833f01adaa5c24 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Thu, 8 Nov 2018 21:14:09 +0000 Subject: [PATCH 34/58] Update 1.5 docker image. --- docker/1.5/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 092b9d617e..0f480effb3 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3.8 LABEL maintainer="Roger Light " \ description="Eclipse Mosquitto MQTT Broker" -ENV VERSION=1.5.3 \ - DOWNLOAD_SHA256=3081a998d303a883b1cd064009beabc88aa9159e26f5258a4ae6007160491d10 \ +ENV VERSION=1.5.4 \ + DOWNLOAD_SHA256=5fd7f3454fd6d286645d032bc07f44a1c8583cec02ef2422c9eb32e0a89a9b2f \ GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ LWS_VERSION=2.4.2 From 9464e3fe190818bf6e0ae9dcb56a9020b1f303f7 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 20 Nov 2018 10:15:34 +0000 Subject: [PATCH 35/58] Guard against possible null client id. --- src/persist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/persist.c b/src/persist.c index b83327c340..3299356d17 100644 --- a/src/persist.c +++ b/src/persist.c @@ -287,7 +287,7 @@ static int persist__subs_retain_write(struct mosquitto_db *db, FILE *db_fptr, st sub = node->subs; while(sub){ - if(sub->context->clean_session == false){ + if(sub->context->clean_session == false && sub->context->id){ length = htonl(2+strlen(sub->context->id) + 2+strlen(thistopic) + sizeof(uint8_t)); i16temp = htons(DB_CHUNK_SUB); From 44135bc680927761573c4ac52b39e912f341b1b2 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Thu, 29 Nov 2018 22:54:25 +0000 Subject: [PATCH 36/58] Web: Roadmap and MQTT 5 updates. --- www/README.md | 3 ++ www/conf.py | 1 + www/pages/roadmap.md | 81 +++++++++++++++++++++++++++++ www/posts/2018/11/mqtt5-progress.md | 59 +++++++++++++++++++++ 4 files changed, 144 insertions(+) create mode 100644 www/README.md create mode 100644 www/pages/roadmap.md create mode 100644 www/posts/2018/11/mqtt5-progress.md diff --git a/www/README.md b/www/README.md new file mode 100644 index 0000000000..923f54bfec --- /dev/null +++ b/www/README.md @@ -0,0 +1,3 @@ +This is the mosquitto website, it can be built with `nikola`: + +`nikola build` \ No newline at end of file diff --git a/www/conf.py b/www/conf.py index b41452372a..7b5f4ded55 100644 --- a/www/conf.py +++ b/www/conf.py @@ -87,6 +87,7 @@ #("/sponsoring/", "Sponsoring"), ( ( + ("/roadmap/", "Roadmap"), ("/api/", "API"), ("/man/libmosquitto-3.html", "libmosquitto"), ("/man/mosquitto-8.html", "mosquitto"), diff --git a/www/pages/roadmap.md b/www/pages/roadmap.md new file mode 100644 index 0000000000..7e607cf7f0 --- /dev/null +++ b/www/pages/roadmap.md @@ -0,0 +1,81 @@ + + +# Roadmap + +## Version 1.6 + +The next minor release. The focus of this release is on providing support for +version 5 of the MQTT protocol. + +This release will provide a feature complete implementation, but does not +represent the final interface for all features. In particular, functions are +being added to libmosquitto to provide support for MQTT 5 features, but these +will be consolidated with the API changes planned for version 2.0. + +### Deprecation notices + +#### libmosquittopp + +libmosquittopp, the C++ wrapper around libmosquitto is now deprecated and will +be removed in the next major release (2.0). The wrapper came about by an +external request and at the time it was created there were no other C++ +solutions for MQTT. This has changed in the past years and this wrapper +provides no benefit over true C++ libraries or using the pure C libmosquitto. + +#### libmosquitto API changes + +The Mosquitto project has maintained API and ABI compatibility in libmosquitto +since version 1.0, and has dealt with the introduction of new specification +features by adding new functions which duplicate the behaviour of existing +functions, but with additional arguments to support the new features. +Particularly with regards to adding support for MQTT version 5, this has lead +to a proliferation of functions which offer small variations on a theme. + +The libmosquitto functions listed below (which includes some new functions +included in 1.6) are going to be updated for version 2.0. Functions not listed +here should still be considered at risk of being updated. + +* mosquitto\_will\_set +* mosquitto\_connect\* +* mosquitto\_reconnect\* +* mosquitto\_disconnect +* mosquitto\_publish\* +* mosquitto\_subscribe\* +* mosquitto\_unsubscribe\* +* mosquitto\_loop\* +* mosquitto\_\*\_callback\_set +* All callbacks +* mosquitto\_\*\_topic\_check\* + + +## Version 2.0 + +This is the next major release and includes breaking changes. Other features +planned include: + +## Disk persistence improvements + +A new disk persistence interface will be created to allow persistence to occur +immediately, rather than periodically. This will allow queued messages for +disconnected clients to be removed from memory, and reduce the periodic pause +caused when writing the persistence file. + +## Breaking changes + +### libmosquitto + +The libmosquitto API is being consolidated to better support the new MQTT 5 +features whilst reducing the number of function variants. + +### libmosquittopp + +The C++ wrapper around libmosquitto will be removed in this release. diff --git a/www/posts/2018/11/mqtt5-progress.md b/www/posts/2018/11/mqtt5-progress.md new file mode 100644 index 0000000000..2b27e82172 --- /dev/null +++ b/www/posts/2018/11/mqtt5-progress.md @@ -0,0 +1,59 @@ + + +Development of support for MQTT 5 is ongoing and making good progress, but has +been substantially delayed due to other non-Mosquitto work having to take +priority. + +It is possible to test the current state of MQTT 5 support by using the `mqtt5` +branch of the [repository]. Please note that this is very much a work in +progress, so parts are incomplete and interfaces may yet change. The client +library in particular has had to have an increase in functions available in +order to provide the features needed whilst providing backwards compatibility. +Part of the plan for the 2.0 release, which will follow after 1.6, is to +consolidate the libmosquitto API with breaking changes. There are more details +on the [roadmap]. + +Current features include: + +* Support for all incoming and outgoing packets, although not everything is + processed. +* Support for sending and receiving all properties, with not all properties + processed. +* Client support for setting properties +* Request/response support (client cannot process incoming correlation data) +* Retain availability +* Message expiry interval support +* Server support for assigned client identifiers +* Payload format indicator support +* Content-type support +* Basic topic alias support from client to broker +* Lots of new tests + +Both `mosquitto_pub` and `mosquitto_sub` support setting properties on the +command line, for example: + +``` +mosquitto_sub -t topic -v -D connect session-expiry-interval 60 -D connect user-property key value -D subscribe user-property sub-key sub-value +``` + +``` +mosquitto_pub -t topic -m '{"key":"value"}' -D publish content-type "application/json" +``` + +``` +./sensor_read.sh | mosquitto_pub -t topic -l -D publish topic-alias 1 +``` + +Further updates will be posted when more features are available. + +[repository]: https://github.com/eclipse/mosquitto/tree/mqtt5 +[roadmap]: https://mosquitto.org/roadmap/ \ No newline at end of file From 34293d07c1739d45588f30dacd4b3badd93efc54 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 4 Dec 2018 09:24:04 +0000 Subject: [PATCH 37/58] Always print leading zeros in mosquitto_sub when output format is hex. Closes #1066. Thanks to skiizo. Bug: https://github.com/eclipse/mosquitto/issues/1066 --- ChangeLog.txt | 8 ++++++++ client/sub_client_output.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index cc35d767be..d6942a0d71 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,11 @@ +1.5.5 - 201812xx +================ + +Client: +- Always print leading zeros in mosquitto_sub when output format is hex. + Closes #1066. + + 1.5.4 - 20181108 ================ diff --git a/client/sub_client_output.c b/client/sub_client_output.c index ab3f5e963a..4aeb8c3966 100644 --- a/client/sub_client_output.c +++ b/client/sub_client_output.c @@ -85,11 +85,11 @@ static void write_payload(const unsigned char *payload, int payloadlen, int hex) (void)fwrite(payload, 1, payloadlen, stdout); }else if(hex == 1){ for(i=0; i Date: Tue, 4 Dec 2018 10:51:41 +0000 Subject: [PATCH 38/58] Tidy up unused Windows installer pages. --- installer/mosquitto.nsi | 36 +++++------------------------------- installer/mosquitto64.nsi | 36 +++++------------------------------- 2 files changed, 10 insertions(+), 62 deletions(-) diff --git a/installer/mosquitto.nsi b/installer/mosquitto.nsi index 34143f8523..d7db79b825 100644 --- a/installer/mosquitto.nsi +++ b/installer/mosquitto.nsi @@ -18,8 +18,7 @@ InstallDir "$PROGRAMFILES\mosquitto" ; Installer pages !insertmacro MUI_PAGE_WELCOME -Page custom DependencyPage -!insertmacro MUI_PAGE_COMPONENTS +;!insertmacro MUI_PAGE_COMPONENTS !insertmacro MUI_PAGE_DIRECTORY !insertmacro MUI_PAGE_INSTFILES !insertmacro MUI_PAGE_FINISH @@ -55,8 +54,8 @@ Section "Files" SecInstall File "..\readme.md" File "..\readme-windows.txt" ;File "C:\pthreads\Pre-built.2\dll\x86\pthreadVC2.dll" - ;File "C:\OpenSSL-Win32\bin\libssl_1-1.dll" - ;File "C:\OpenSSL-Win32\bin\libcrypto_1-1.dll" + File "C:\OpenSSL-Win32\bin\libssl-1_1.dll" + File "C:\OpenSSL-Win32\bin\libcrypto-1_1.dll" File "..\edl-v10" File "..\epl-v10" @@ -96,8 +95,8 @@ Section "Uninstall" Delete "$INSTDIR\readme.txt" Delete "$INSTDIR\readme-windows.txt" ;Delete "$INSTDIR\pthreadVC2.dll" - ;Delete "$INSTDIR\libssl_1-1.dll" - ;Delete "$INSTDIR\libcrypto_1-1.dll" + Delete "$INSTDIR\libssl-1_1.dll" + Delete "$INSTDIR\libcrypto-1_1.dll" Delete "$INSTDIR\edl-v10" Delete "$INSTDIR\epl-v10" @@ -120,28 +119,3 @@ LangString DESC_SecInstall ${LANG_ENGLISH} "The main installation." !insertmacro MUI_DESCRIPTION_TEXT ${SecInstall} $(DESC_SecInstall) !insertmacro MUI_FUNCTION_DESCRIPTION_END -Var Dialog -Var OSSLLink -Var PTHLink - -Function DependencyPage - nsDialogs::Create 1018 - Pop $Dialog - - ${If} $Dialog == error - Abort - ${EndIf} - - ${NSD_CreateLabel} 0 0 100% 12u "OpenSSL - install 'Win32 OpenSSL v1.1.0* Light' then copy libssl_1-1.dll and libcrypto_1-1.dll to the mosquitto directory" - ${NSD_CreateLink} 13u 13u 100% 12u "http://slproweb.com/products/Win32OpenSSL.html" - Pop $OSSLLink - ${NSD_OnClick} $OSSLLink OnClick_OSSL - - !insertmacro MUI_HEADER_TEXT_PAGE "Dependencies" "This page lists packages that must be installed if not already present" - nsDialogs::Show -FunctionEnd - -Function OnClick_OSSL - Pop $0 - ExecShell "open" "http://slproweb.com/products/Win32OpenSSL.html" -FunctionEnd diff --git a/installer/mosquitto64.nsi b/installer/mosquitto64.nsi index 097f4521a4..7ae8dccd0c 100644 --- a/installer/mosquitto64.nsi +++ b/installer/mosquitto64.nsi @@ -19,8 +19,7 @@ InstallDir "$PROGRAMFILES64\mosquitto" ; Installer pages !insertmacro MUI_PAGE_WELCOME -Page custom DependencyPage -!insertmacro MUI_PAGE_COMPONENTS +;!insertmacro MUI_PAGE_COMPONENTS !insertmacro MUI_PAGE_DIRECTORY !insertmacro MUI_PAGE_INSTFILES !insertmacro MUI_PAGE_FINISH @@ -56,8 +55,8 @@ Section "Files" SecInstall File "..\readme.md" File "..\readme-windows.txt" ;File "C:\pthreads\Pre-built.2\dll\x64\pthreadVC2.dll" - ;File "C:\OpenSSL-Win64\bin\libssl_1-1-x64.dll" - ;File "C:\OpenSSL-Win64\bin\libcrypto_1-1-x64.dll" + File "C:\OpenSSL-Win64\bin\libssl-1_1-x64.dll" + File "C:\OpenSSL-Win64\bin\libcrypto-1_1-x64.dll" File "..\edl-v10" File "..\epl-v10" @@ -97,8 +96,8 @@ Section "Uninstall" Delete "$INSTDIR\readme.txt" Delete "$INSTDIR\readme-windows.txt" ;Delete "$INSTDIR\pthreadVC2.dll" - ;Delete "$INSTDIR\libssl_1-1-x64.dll" - ;Delete "$INSTDIR\libcrypto_1-1-x64.dll" + Delete "$INSTDIR\libssl-1_1-x64.dll" + Delete "$INSTDIR\libcrypto-1_1-x64.dll" Delete "$INSTDIR\edl-v10" Delete "$INSTDIR\epl-v10" @@ -121,28 +120,3 @@ LangString DESC_SecInstall ${LANG_ENGLISH} "The main installation." !insertmacro MUI_DESCRIPTION_TEXT ${SecInstall} $(DESC_SecInstall) !insertmacro MUI_FUNCTION_DESCRIPTION_END -Var Dialog -Var OSSLLink -Var PTHLink - -Function DependencyPage - nsDialogs::Create 1018 - Pop $Dialog - - ${If} $Dialog == error - Abort - ${EndIf} - - ${NSD_CreateLabel} 0 0 100% 12u "OpenSSL - install 'Win64 OpenSSL v1.1.0* Light' then copy libssl_1-1-x64.dll and libcrypto_1-1-x64.dll to the mosquitto directory" - ${NSD_CreateLink} 13u 13u 100% 12u "http://slproweb.com/products/Win32OpenSSL.html" - Pop $OSSLLink - ${NSD_OnClick} $OSSLLink OnClick_OSSL - - !insertmacro MUI_HEADER_TEXT_PAGE "Dependencies" "This page lists packages that must be installed if not already present" - nsDialogs::Show -FunctionEnd - -Function OnClick_OSSL - Pop $0 - ExecShell "open" "http://slproweb.com/products/Win32OpenSSL.html" -FunctionEnd From 8509dde34253093d8f77f46b5806fd32e6e663d8 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 20 Nov 2018 11:30:44 +0000 Subject: [PATCH 39/58] Make docker uid/gid explicit. Closes #1034. Thanks to Daniele Sluijters. --- docker/1.5/Dockerfile | 4 ++-- docker/1.5/README.md | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 0f480effb3..5661fb35b5 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -67,8 +67,8 @@ RUN set -x && \ WITH_WEBSOCKETS=yes \ prefix=/usr \ binary && \ - addgroup -S mosquitto 2>/dev/null && \ - adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + addgroup -S -g 1883 mosquitto 2>/dev/null && \ + adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ install -d /usr/sbin/ && \ install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ diff --git a/docker/1.5/README.md b/docker/1.5/README.md index 6a8c17949c..27b05904c9 100644 --- a/docker/1.5/README.md +++ b/docker/1.5/README.md @@ -13,6 +13,11 @@ Two docker volumes have been created in the image to be used for persistent stor /mosquitto/log ``` +## User/Group + +The image runs mosqutto under the mosquitto user and group, which are created +with a uid and gid of 1883. + ## Configuration When creating a container from the image, the default configuration values are used. To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` From d29dac087d42f6a2ac744c446845fe58ca55a683 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 20 Nov 2018 12:23:27 +0000 Subject: [PATCH 40/58] Add socket_domain option. --- ChangeLog.txt | 6 ++++++ man/mosquitto.conf.5.xml | 21 +++++++++++++++++++++ src/conf.c | 18 ++++++++++++++++++ src/mosquitto_broker_internal.h | 1 + src/net.c | 6 +++++- src/websockets.c | 3 +++ 6 files changed, 54 insertions(+), 1 deletion(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index d6942a0d71..cfe54fc21d 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,12 @@ 1.5.5 - 201812xx ================ +Broker: +- Add `socket_domain` option to allow listeners to disable IPv6 support. + This is required to work around a problem in libwebsockets that means + sockets only listen on IPv6 by default if IPv6 support is compiled in. + Closes #1004. + Client: - Always print leading zeros in mosquitto_sub when output format is hex. Closes #1066. diff --git a/man/mosquitto.conf.5.xml b/man/mosquitto.conf.5.xml index a6bf0c99a2..d5dcc50b65 100644 --- a/man/mosquitto.conf.5.xml +++ b/man/mosquitto.conf.5.xml @@ -813,6 +813,27 @@ Not reloaded on reload signal. + + [ ipv4 | ipv6 ] + + By default, a listener will attempt to listen on + all supported IP protocol versions. If you do not + have an IPv4 or IPv6 interface you may wish to + disable support for either of those protocol + versions. In particular, note that due to the + limitations of the websockets library, it will only + ever attempt to open IPv6 sockets if IPv6 support + is compiled in, and so will fail if IPv6 is not + available. + Set to to force the + listener to only use IPv4, or set to + to force the listener to only + use IPv6. If you want support for both IPv4 and + IPv6, then do not use the + option. + Not reloaded on reload signal. + + [ true | false ] diff --git a/src/conf.c b/src/conf.c index 0b1d79cfe9..c6bd897cb9 100644 --- a/src/conf.c +++ b/src/conf.c @@ -446,6 +446,7 @@ int config__parse_args(struct mosquitto_db *db, struct mosquitto__config *config || config->default_listener.max_connections != -1 || config->default_listener.mount_point || config->default_listener.protocol != mp_mqtt + || config->default_listener.socket_domain || config->default_listener.security_options.password_file || config->default_listener.security_options.psk_file || config->default_listener.security_options.auth_plugin_config_count @@ -476,6 +477,7 @@ int config__parse_args(struct mosquitto_db *db, struct mosquitto__config *config } config->listeners[config->listener_count-1].max_connections = config->default_listener.max_connections; config->listeners[config->listener_count-1].protocol = config->default_listener.protocol; + config->listeners[config->listener_count-1].socket_domain = config->default_listener.socket_domain; config->listeners[config->listener_count-1].client_count = 0; config->listeners[config->listener_count-1].socks = NULL; config->listeners[config->listener_count-1].sock_count = 0; @@ -1773,6 +1775,22 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct #else log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available."); #endif + }else if(!strcmp(token, "socket_domain")){ + if(reload) continue; // Listeners not valid for reloading. + token = strtok_r(NULL, " ", &saveptr); + if(token){ + if(!strcmp(token, "ipv4")){ + cur_listener->socket_domain = AF_INET; + }else if(!strcmp(token, "ipv6")){ + cur_listener->socket_domain = AF_INET6; + }else{ + log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid socket_domain value \"%s\" in configuration.", token); + return MOSQ_ERR_INVAL; + } + }else{ + log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty socket_domain value in configuration."); + return MOSQ_ERR_INVAL; + } }else if(!strcmp(token, "store_clean_interval")){ log__printf(NULL, MOSQ_LOG_WARNING, "Warning: store_clean_interval is no longer needed."); }else if(!strcmp(token, "sys_interval")){ diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h index 67a2924cbb..bd6ad13655 100644 --- a/src/mosquitto_broker_internal.h +++ b/src/mosquitto_broker_internal.h @@ -218,6 +218,7 @@ struct mosquitto__listener { int sock_count; int client_count; enum mosquitto_protocol protocol; + int socket_domain; bool use_username_as_clientid; #ifdef WITH_TLS char *cafile; diff --git a/src/net.c b/src/net.c index 08f2b824fa..21f5ec6893 100644 --- a/src/net.c +++ b/src/net.c @@ -391,7 +391,11 @@ int net__socket_listen(struct mosquitto__listener *listener) snprintf(service, 10, "%d", listener->port); memset(&hints, 0, sizeof(struct addrinfo)); - hints.ai_family = AF_UNSPEC; + if(listener->socket_domain){ + hints.ai_family = listener->socket_domain; + }else{ + hints.ai_family = AF_UNSPEC; + } hints.ai_flags = AI_PASSIVE; hints.ai_socktype = SOCK_STREAM; diff --git a/src/websockets.c b/src/websockets.c index bf2804b8d2..a57330aabe 100644 --- a/src/websockets.c +++ b/src/websockets.c @@ -729,6 +729,9 @@ struct libwebsocket_context *mosq_websockets_init(struct mosquitto__listener *li #if LWS_LIBRARY_VERSION_MAJOR>1 info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; #endif + if(listener->socket_domain == AF_INET){ + info.options |= LWS_SERVER_OPTION_DISABLE_IPV6; + } user = mosquitto__calloc(1, sizeof(struct libws_mqtt_hack)); if(!user){ From e169f1c7c2d190c5dadd1f7d7e5d7c874d58ad1b Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 4 Dec 2018 12:39:00 +0000 Subject: [PATCH 41/58] When using ADNS, don't ask for all network protocols when connecting. This can lead to confusing "Protocol not supported" errors if the network is down, because UDP sockets are provided. Thanks to jsaak. Closes #1062. Bug: https://github.com/eclipse/mosquitto/issues/1062 --- ChangeLog.txt | 3 +++ lib/net_mosq.c | 23 +++++++++++++++++++++-- src/context.c | 7 +++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index cfe54fc21d..953a2b3cd7 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -6,6 +6,9 @@ Broker: This is required to work around a problem in libwebsockets that means sockets only listen on IPv6 by default if IPv6 support is compiled in. Closes #1004. +- When using ADNS, don't ask for all network protocols when connecting, + because this can lead to confusing "Protocol not supported" errors if the + network is down. Closes #1062. Client: - Always print leading zeros in mosquitto_sub when output format is hex. diff --git a/lib/net_mosq.c b/lib/net_mosq.c index 4efda3d2f8..f2bb628bc1 100644 --- a/lib/net_mosq.c +++ b/lib/net_mosq.c @@ -208,21 +208,39 @@ int net__try_connect_step1(struct mosquitto *mosq, const char *host) { int s; void *sevp = NULL; + struct addrinfo *hints; if(mosq->adns){ + gai_cancel(mosq->adns); + mosquitto__free((struct addrinfo *)mosq->adns->ar_request); mosquitto__free(mosq->adns); } mosq->adns = mosquitto__calloc(1, sizeof(struct gaicb)); if(!mosq->adns){ return MOSQ_ERR_NOMEM; } + + hints = mosquitto__calloc(1, sizeof(struct addrinfo)); + if(!hints){ + mosquitto__free(mosq->adns); + mosq->adns = NULL; + return MOSQ_ERR_NOMEM; + } + + hints->ai_family = AF_UNSPEC; + hints->ai_socktype = SOCK_STREAM; + mosq->adns->ar_name = host; + mosq->adns->ar_request = hints; s = getaddrinfo_a(GAI_NOWAIT, &mosq->adns, 1, sevp); if(s){ errno = s; - mosquitto__free(mosq->adns); - mosq->adns = NULL; + if(mosq->adns){ + mosquitto__free((struct addrinfo *)mosq->adns->ar_request); + mosquitto__free(mosq->adns); + mosq->adns = NULL; + } return MOSQ_ERR_EAI; } @@ -278,6 +296,7 @@ int net__try_connect_step2(struct mosquitto *mosq, uint16_t port, mosq_sock_t *s freeaddrinfo(mosq->adns->ar_result); mosq->adns->ar_result = NULL; + mosquitto__free((struct addrinfo *)mosq->adns->ar_request); mosquitto__free(mosq->adns); mosq->adns = NULL; diff --git a/src/context.c b/src/context.c index 1d3ae1633e..e8cbfdfc45 100644 --- a/src/context.c +++ b/src/context.c @@ -197,6 +197,13 @@ void context__cleanup(struct mosquitto_db *db, struct mosquitto *context, bool d context->queued_msgs = NULL; context->last_queued_msg = NULL; } +#if defined(WITH_BROKER) && defined(__GLIBC__) && defined(WITH_ADNS) + if(context->adns){ + gai_cancel(context->adns); + mosquitto__free((struct addrinfo *)context->adns->ar_request); + mosquitto__free(context->adns); + } +#endif if(do_free){ mosquitto__free(context); } From 5d02f5815181aae427949641e3a612c3e4daa01b Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 4 Dec 2018 17:19:31 +0000 Subject: [PATCH 42/58] Fix reconnect delay backoff behaviour. Closes #1027. Thanks to Harm Verhagen. Bug: https://github.com/eclipse/mosquitto/issues/1027 --- ChangeLog.txt | 3 +++ lib/loop.c | 8 ++++++-- lib/options.c | 2 ++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 953a2b3cd7..969c6c2a3e 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -10,6 +10,9 @@ Broker: because this can lead to confusing "Protocol not supported" errors if the network is down. Closes #1062. +Library: +- Fix reconnect delay backoff behaviour. Closes #1027. + Client: - Always print leading zeros in mosquitto_sub when output format is hex. Closes #1066. diff --git a/lib/loop.c b/lib/loop.c index 23e60825e0..349ee5dc4b 100644 --- a/lib/loop.c +++ b/lib/loop.c @@ -245,8 +245,12 @@ int mosquitto_loop_forever(struct mosquitto *mosq, int timeout, int max_packets) }else{ pthread_mutex_unlock(&mosq->state_mutex); - if(mosq->reconnect_delay > 0 && mosq->reconnect_exponential_backoff){ - reconnect_delay = mosq->reconnect_delay*reconnects*reconnects; + if(mosq->reconnect_delay_max > mosq->reconnect_delay){ + if(mosq->reconnect_exponential_backoff){ + reconnect_delay = mosq->reconnect_delay*(reconnects+1)*(reconnects+1); + }else{ + reconnect_delay = mosq->reconnect_delay*(reconnects+1); + } }else{ reconnect_delay = mosq->reconnect_delay; } diff --git a/lib/options.c b/lib/options.c index dd9f718099..00951a6877 100644 --- a/lib/options.c +++ b/lib/options.c @@ -76,6 +76,8 @@ int mosquitto_reconnect_delay_set(struct mosquitto *mosq, unsigned int reconnect { if(!mosq) return MOSQ_ERR_INVAL; + if(reconnect_delay == 0) reconnect_delay = 1; + mosq->reconnect_delay = reconnect_delay; mosq->reconnect_delay_max = reconnect_delay_max; mosq->reconnect_exponential_backoff = reconnect_exponential_backoff; From 464b12f3d6e3949fd5b1d28560489315c603f5a2 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 4 Dec 2018 20:45:15 +0000 Subject: [PATCH 43/58] Fix outgoing retained messages not being sent by bridges. This now happens on initial connection, after CONNACK is processed, before it was happening (and being dropped) before the connection was made. Closes #1040. Thanks to giover. Bug: https://github.com/eclipse/mosquitto/issues/1040 --- ChangeLog.txt | 2 ++ src/bridge.c | 10 ---------- src/handle_connack.c | 9 +++++++++ 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 969c6c2a3e..f79c5277f5 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -9,6 +9,8 @@ Broker: - When using ADNS, don't ask for all network protocols when connecting, because this can lead to confusing "Protocol not supported" errors if the network is down. Closes #1062. +- Fix outgoing retained messages not being sent by bridges on initial + connection. Closes #1040. Library: - Fix reconnect delay backoff behaviour. Closes #1027. diff --git a/src/bridge.c b/src/bridge.c index a3f2ed7dd5..e35cacced3 100644 --- a/src/bridge.c +++ b/src/bridge.c @@ -141,16 +141,6 @@ int bridge__connect_step1(struct mosquitto_db *db, struct mosquitto *context) */ sub__clean_session(db, context); - for(i=0; ibridge->topic_count; i++){ - if(context->bridge->topics[i].direction == bd_out || context->bridge->topics[i].direction == bd_both){ - log__printf(NULL, MOSQ_LOG_DEBUG, "Bridge %s doing local SUBSCRIBE on topic %s", context->id, context->bridge->topics[i].local_topic); - if(sub__add(db, context, context->bridge->topics[i].local_topic, context->bridge->topics[i].qos, &db->subs)) return 1; - sub__retain_queue(db, context, - context->bridge->topics[i].local_topic, - context->bridge->topics[i].qos); - } - } - if(context->bridge->notifications){ if(context->bridge->notification_topic){ if(!context->bridge->initial_notification_done){ diff --git a/src/handle_connack.c b/src/handle_connack.c index 52e78e4f2c..9e16e4d4fe 100644 --- a/src/handle_connack.c +++ b/src/handle_connack.c @@ -90,6 +90,15 @@ int handle__connack(struct mosquitto_db *db, struct mosquitto *context) } } } + for(i=0; ibridge->topic_count; i++){ + if(context->bridge->topics[i].direction == bd_out || context->bridge->topics[i].direction == bd_both){ + log__printf(NULL, MOSQ_LOG_DEBUG, "Bridge %s doing local SUBSCRIBE on topic %s", context->id, context->bridge->topics[i].local_topic); + if(sub__add(db, context, context->bridge->topics[i].local_topic, context->bridge->topics[i].qos, &db->subs)) return 1; + sub__retain_queue(db, context, + context->bridge->topics[i].local_topic, + context->bridge->topics[i].qos); + } + } } context->state = mosq_cs_connected; return MOSQ_ERR_SUCCESS; From c9ed2708f644206c3d8f32b3384c514afcb2f323 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 4 Dec 2018 20:51:25 +0000 Subject: [PATCH 44/58] Don't reload auth_opt_ options on reload. This matches the behaviour of the other plugin options. Closes #1068. Thanks to Jason McFadyen. Bug: https://github.com/eclipse/mosquitto/issues/1068 --- ChangeLog.txt | 2 ++ src/conf.c | 1 + 2 files changed, 3 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index f79c5277f5..e80a1d40f2 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -11,6 +11,8 @@ Broker: network is down. Closes #1062. - Fix outgoing retained messages not being sent by bridges on initial connection. Closes #1040. +- Don't reload auth_opt_ options on reload, to match the behaviour of the + other plugin options. Closes #1068. Library: - Fix reconnect delay backoff behaviour. Closes #1027. diff --git a/src/conf.c b/src/conf.c index c6bd897cb9..67e172b00a 100644 --- a/src/conf.c +++ b/src/conf.c @@ -818,6 +818,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct conf__set_cur_security_options(config, cur_listener, &cur_security_options); if(conf__parse_bool(&token, "allow_zero_length_clientid", &cur_security_options->allow_zero_length_clientid, saveptr)) return MOSQ_ERR_INVAL; }else if(!strncmp(token, "auth_opt_", 9)){ + if(reload) continue; // Auth plugin not currently valid for reloading. if(!cur_auth_plugin_config){ log__printf(NULL, MOSQ_LOG_ERR, "Error: An auth_opt_ option exists in the config file without an auth_plugin."); return MOSQ_ERR_INVAL; From 919333567ce6e8a2a8ec81764ebc8798e71ef349 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 4 Dec 2018 22:48:56 +0000 Subject: [PATCH 45/58] Add home interface support to snap, for users that need it. --- snap/snapcraft.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index fa1127ed55..0b31af92ec 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -16,11 +16,11 @@ apps: command: launcher.sh daemon: simple restart-condition: always - plugs: [network, network-bind] + plugs: [home, network, network-bind] pub: command: usr/bin/mosquitto_pub - plugs: [network] + plugs: [home, network] sub: command: usr/bin/mosquitto_sub @@ -28,6 +28,7 @@ apps: passwd: command: usr/bin/mosquitto_passwd + plugs: [home] parts: From 3a871828ac0b8ca7a0316d1d43ead85070feda3b Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 5 Dec 2018 11:25:41 +0000 Subject: [PATCH 46/58] Print message on error when installing as a Windows service. --- ChangeLog.txt | 1 + src/service.c | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index e80a1d40f2..ec08285591 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -13,6 +13,7 @@ Broker: connection. Closes #1040. - Don't reload auth_opt_ options on reload, to match the behaviour of the other plugin options. Closes #1068. +- Print message on error when installing/uninstalling as a Windows service. Library: - Fix reconnect delay backoff behaviour. Closes #1027. diff --git a/src/service.c b/src/service.c index 11b4b018a8..c0fdc68a2c 100644 --- a/src/service.c +++ b/src/service.c @@ -27,6 +27,18 @@ SERVICE_STATUS_HANDLE service_handle = 0; static SERVICE_STATUS service_status; int main(int argc, char *argv[]); +static void print_error(void) +{ + char *buf; + + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, + NULL, GetLastError(), LANG_NEUTRAL, &buf, 0, NULL); + + fprintf(stderr, "Error: %s\n", buf); + LocalFree(buf); +} + + /* Service control callback */ void __stdcall service_handler(DWORD fdwControl) { @@ -112,8 +124,12 @@ void service_install(void) svc_desc.lpDescription = "MQTT v3.1.1 broker"; ChangeServiceConfig2(svc_handle, SERVICE_CONFIG_DESCRIPTION, &svc_desc); CloseServiceHandle(svc_handle); + }else{ + print_error(); } CloseServiceHandle(sc_manager); + } else { + print_error(); } } @@ -132,8 +148,12 @@ void service_uninstall(void) } } CloseServiceHandle(svc_handle); + }else{ + print_error(); } CloseServiceHandle(sc_manager); + }else{ + print_error(); } } From d07864939a62b98fb1facd5db9b30d9a4d0bcad5 Mon Sep 17 00:00:00 2001 From: Tamaki Nishino Date: Tue, 13 Nov 2018 22:09:18 +0900 Subject: [PATCH 47/58] Check SSL_DATA_PENDING in mosquitto_loop_read() Signed-off-by: Tamaki Nishino --- lib/loop.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/lib/loop.c b/lib/loop.c index 349ee5dc4b..b8fd2c5764 100644 --- a/lib/loop.c +++ b/lib/loop.c @@ -147,12 +147,10 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets) }else{ if(mosq->sock != INVALID_SOCKET){ if(FD_ISSET(mosq->sock, &readfds)){ - do{ - rc = mosquitto_loop_read(mosq, max_packets); - if(rc || mosq->sock == INVALID_SOCKET){ - return rc; - } - }while(SSL_DATA_PENDING(mosq)); + rc = mosquitto_loop_read(mosq, max_packets); + if(rc || mosq->sock == INVALID_SOCKET){ + return rc; + } } if(mosq->sockpairR != INVALID_SOCKET && FD_ISSET(mosq->sockpairR, &readfds)){ #ifndef WIN32 @@ -368,7 +366,7 @@ int mosquitto_loop_read(struct mosquitto *mosq, int max_packets) /* Queue len here tells us how many messages are awaiting processing and * have QoS > 0. We should try to deal with that many in this loop in order * to keep up. */ - for(i=0; isocks5_host){ rc = socks5__read(mosq); From ead440e47d3dcb56ebe5773def6b2a3cef35754a Mon Sep 17 00:00:00 2001 From: Abilio Marques Date: Sat, 10 Nov 2018 11:34:01 +0100 Subject: [PATCH 48/58] bridge: fix issue where keepalive_interval gets added to restart_timeout using ADNS Signed-off-by: Abilio Marques --- src/loop.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/loop.c b/src/loop.c index c049c8ef49..6773185a89 100644 --- a/src/loop.c +++ b/src/loop.c @@ -408,6 +408,10 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li context->bridge->restart_t = 0; } }else{ +#ifdef WITH_EPOLL + /* clean any events triggered in previous connection */ + context->events = 0; +#endif rc = bridge__connect_step1(db, context); if(rc){ context->bridge->cur_address++; From 73c46174f8135c5d4a5bf2592552c78d2d240d5e Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Thu, 6 Dec 2018 10:45:57 +0000 Subject: [PATCH 49/58] Don't call on_disconnect() twice if keepalive tests fail. Closes #1067. Thanks to xingchen02. Bug: https://github.com/eclipse/mosquitto/issues/1067 --- ChangeLog.txt | 1 + lib/loop.c | 26 +------------------------- lib/util_mosq.c | 9 ++++++--- lib/util_mosq.h | 4 ++-- 4 files changed, 10 insertions(+), 30 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index ec08285591..c3a6c60a17 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -17,6 +17,7 @@ Broker: Library: - Fix reconnect delay backoff behaviour. Closes #1027. +- Don't call on_disconnect() twice if keepalive tests fail. Closes #1067. Client: - Always print leading zeros in mosquitto_sub when output format is hex. diff --git a/lib/loop.c b/lib/loop.c index b8fd2c5764..4b27775226 100644 --- a/lib/loop.c +++ b/lib/loop.c @@ -292,31 +292,7 @@ int mosquitto_loop_misc(struct mosquitto *mosq) if(!mosq) return MOSQ_ERR_INVAL; if(mosq->sock == INVALID_SOCKET) return MOSQ_ERR_NO_CONN; - mosquitto__check_keepalive(mosq); - now = mosquitto_time(); - - if(mosq->ping_t && now - mosq->ping_t >= mosq->keepalive){ - /* mosq->ping_t != 0 means we are waiting for a pingresp. - * This hasn't happened in the keepalive time so we should disconnect. - */ - net__socket_close(mosq); - pthread_mutex_lock(&mosq->state_mutex); - if(mosq->state == mosq_cs_disconnecting){ - rc = MOSQ_ERR_SUCCESS; - }else{ - rc = MOSQ_ERR_KEEPALIVE; - } - pthread_mutex_unlock(&mosq->state_mutex); - pthread_mutex_lock(&mosq->callback_mutex); - if(mosq->on_disconnect){ - mosq->in_callback = true; - mosq->on_disconnect(mosq, mosq->userdata, rc); - mosq->in_callback = false; - } - pthread_mutex_unlock(&mosq->callback_mutex); - return MOSQ_ERR_CONN_LOST; - } - return MOSQ_ERR_SUCCESS; + return mosquitto__check_keepalive(mosq); } diff --git a/lib/util_mosq.c b/lib/util_mosq.c index 56d8cb0564..405cb3900b 100644 --- a/lib/util_mosq.c +++ b/lib/util_mosq.c @@ -46,9 +46,9 @@ and the Eclipse Distribution License is available at #endif #ifdef WITH_BROKER -void mosquitto__check_keepalive(struct mosquitto_db *db, struct mosquitto *mosq) +int mosquitto__check_keepalive(struct mosquitto_db *db, struct mosquitto *mosq) #else -void mosquitto__check_keepalive(struct mosquitto *mosq) +int mosquitto__check_keepalive(struct mosquitto *mosq) #endif { time_t next_msg_out; @@ -67,7 +67,7 @@ void mosquitto__check_keepalive(struct mosquitto *mosq) log__printf(NULL, MOSQ_LOG_NOTICE, "Bridge connection %s has exceeded idle timeout, disconnecting.", mosq->id); net__socket_close(db, mosq); - return; + return MOSQ_ERR_SUCCESS; } #endif pthread_mutex_lock(&mosq->msgtime_mutex); @@ -108,9 +108,12 @@ void mosquitto__check_keepalive(struct mosquitto *mosq) mosq->in_callback = false; } pthread_mutex_unlock(&mosq->callback_mutex); + + return rc; #endif } } + return MOSQ_ERR_SUCCESS; } uint16_t mosquitto__mid_generate(struct mosquitto *mosq) diff --git a/lib/util_mosq.h b/lib/util_mosq.h index 0e65dd9889..8e601a0ffd 100644 --- a/lib/util_mosq.h +++ b/lib/util_mosq.h @@ -26,9 +26,9 @@ and the Eclipse Distribution License is available at #endif #ifdef WITH_BROKER -void mosquitto__check_keepalive(struct mosquitto_db *db, struct mosquitto *mosq); +int mosquitto__check_keepalive(struct mosquitto_db *db, struct mosquitto *mosq); #else -void mosquitto__check_keepalive(struct mosquitto *mosq); +int mosquitto__check_keepalive(struct mosquitto *mosq); #endif uint16_t mosquitto__mid_generate(struct mosquitto *mosq); FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read); From 1a6f8d3c28e313900ba1434502f4541602580f16 Mon Sep 17 00:00:00 2001 From: Jelle van der Waa Date: Mon, 12 Nov 2018 22:22:36 +0100 Subject: [PATCH 50/58] src: ASN1_STRING_data is deprecated in OpenSSL 1.1 ASN1_STRING_get0_data replaces ASN1_STRING_data in OpenSSL 1.1 therefore add an #ifdef for backwards compatibility. Signed-off-by: Jelle van der Waa --- src/handle_connect.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/handle_connect.c b/src/handle_connect.c index fd60addfe5..2d300fc072 100644 --- a/src/handle_connect.c +++ b/src/handle_connect.c @@ -457,7 +457,11 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context) rc = 1; goto handle_connect_error; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L context->username = mosquitto__strdup((char *) ASN1_STRING_data(name_asn1)); +#else + context->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1)); +#endif if(!context->username){ send__connack(context, 0, CONNACK_REFUSED_SERVER_UNAVAILABLE); rc = MOSQ_ERR_NOMEM; From 9097577b49b7fdcf45d30975976dd93808ccc0c4 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 9 Dec 2018 09:45:14 +0000 Subject: [PATCH 51/58] Fix acl_file being ignore for default listener if with per_listener_settings Close #1073. Thanks to Jef Driesen. Bug: https://github.com/eclipse/mosquitto/issues/1073 --- ChangeLog.txt | 5 +++++ src/conf.c | 1 + 2 files changed, 6 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index c3a6c60a17..6287bce2e6 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,11 @@ 1.5.5 - 201812xx ================ +Security: +- If `per_listener_settings` is set to true, then the `acl_file` setting was + ignored for the "default listener" only. This has been fixed. This does not + affect any listeners defined with the `listener` option. Closes #1073. + Broker: - Add `socket_domain` option to allow listeners to disable IPv6 support. This is required to work around a problem in libwebsockets that means diff --git a/src/conf.c b/src/conf.c index 67e172b00a..87294680a2 100644 --- a/src/conf.c +++ b/src/conf.c @@ -497,6 +497,7 @@ int config__parse_args(struct mosquitto_db *db, struct mosquitto__config *config config->listeners[config->listener_count-1].use_identity_as_username = config->default_listener.use_identity_as_username; config->listeners[config->listener_count-1].use_subject_as_username = config->default_listener.use_subject_as_username; #endif + config->listeners[config->listener_count-1].security_options.acl_file = config->default_listener.security_options.acl_file; config->listeners[config->listener_count-1].security_options.password_file = config->default_listener.security_options.password_file; config->listeners[config->listener_count-1].security_options.psk_file = config->default_listener.security_options.psk_file; config->listeners[config->listener_count-1].security_options.auth_plugin_configs = config->default_listener.security_options.auth_plugin_configs; From a00dd29af88965c47240f4f841f7bbedddae430c Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 9 Dec 2018 13:40:38 +0000 Subject: [PATCH 52/58] Fix building where TLS-PSK is not available. Closes #68. --- ChangeLog.txt | 3 +++ client/client_shared.c | 10 +++++----- client/client_shared.h | 2 +- client/pub_client.c | 4 ++-- client/sub_client.c | 4 ++-- config.h | 8 ++++++++ lib/net_mosq.c | 4 ++-- lib/options.c | 2 +- lib/util_mosq.c | 2 +- lib/util_mosq.h | 2 +- src/bridge.c | 2 +- src/conf.c | 20 ++++++++++---------- src/handle_connect.c | 8 ++++---- src/mosquitto_broker_internal.h | 2 +- src/net.c | 6 +++--- 15 files changed, 45 insertions(+), 34 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 6287bce2e6..b36c1d965f 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -28,6 +28,9 @@ Client: - Always print leading zeros in mosquitto_sub when output format is hex. Closes #1066. +Build: +- Fix building where TLS-PSK is not available. Closes #68. + 1.5.4 - 20181108 ================ diff --git a/client/client_shared.c b/client/client_shared.c index 2788b7ce51..8f993dc98d 100644 --- a/client/client_shared.c +++ b/client/client_shared.c @@ -151,7 +151,7 @@ void client_config_cleanup(struct mosq_config *cfg) free(cfg->keyfile); free(cfg->ciphers); free(cfg->tls_version); -# ifdef WITH_TLS_PSK +# ifdef FINAL_WITH_TLS_PSK free(cfg->psk); free(cfg->psk_identity); # endif @@ -309,7 +309,7 @@ int client_config_load(struct mosq_config *cfg, int pub_or_sub, int argc, char * return 1; } #endif -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if((cfg->cafile || cfg->capath) && cfg->psk){ if(!cfg->quiet) fprintf(stderr, "Error: Only one of --psk or --cafile/--capath may be used at once.\n"); return 1; @@ -673,7 +673,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c i++; } #endif -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK }else if(!strcmp(argv[i], "--psk")){ if(i==argc-1){ fprintf(stderr, "Error: --psk argument given but no key specified.\n\n"); @@ -912,7 +912,7 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg) mosquitto_lib_cleanup(); return 1; } -# ifdef WITH_TLS_PSK +# ifdef FINAL_WITH_TLS_PSK if(cfg->psk && mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){ if(!cfg->quiet) fprintf(stderr, "Error: Problem setting TLS-PSK options.\n"); mosquitto_lib_cleanup(); @@ -985,7 +985,7 @@ int client_connect(struct mosquitto *mosq, struct mosq_config *cfg) if(cfg->port < 0){ #ifdef WITH_TLS if(cfg->cafile || cfg->capath -# ifdef WITH_TLS_PSK +# ifdef FINAL_WITH_TLS_PSK || cfg->psk # endif ){ diff --git a/client/client_shared.h b/client/client_shared.h index f1ce6f3132..aee823a69a 100644 --- a/client/client_shared.h +++ b/client/client_shared.h @@ -66,7 +66,7 @@ struct mosq_config { char *ciphers; bool insecure; char *tls_version; -# ifdef WITH_TLS_PSK +# ifdef FINAL_WITH_TLS_PSK char *psk; char *psk_identity; # endif diff --git a/client/pub_client.c b/client/pub_client.c index 8c729b8766..49ca48c2f6 100644 --- a/client/pub_client.c +++ b/client/pub_client.c @@ -223,7 +223,7 @@ void print_usage(void) #ifdef WITH_TLS printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n"); printf(" [--ciphers ciphers] [--insecure]]\n"); -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n"); #endif #endif @@ -280,7 +280,7 @@ void print_usage(void) printf(" hostname. Using this option means that you cannot be sure that the\n"); printf(" remote host is the server you wish to connect to and so is insecure.\n"); printf(" Do not use this option in a production environment.\n"); -# ifdef WITH_TLS_PSK +# ifdef FINAL_WITH_TLS_PSK printf(" --psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.\n"); printf(" --psk-identity : client identity string for TLS-PSK mode.\n"); # endif diff --git a/client/sub_client.c b/client/sub_client.c index 3d91ed0f2e..607f258cb6 100644 --- a/client/sub_client.c +++ b/client/sub_client.c @@ -155,7 +155,7 @@ void print_usage(void) #ifdef WITH_TLS printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n"); printf(" [--ciphers ciphers] [--insecure]]\n"); -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n"); #endif #endif @@ -218,7 +218,7 @@ void print_usage(void) printf(" hostname. Using this option means that you cannot be sure that the\n"); printf(" remote host is the server you wish to connect to and so is insecure.\n"); printf(" Do not use this option in a production environment.\n"); -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK printf(" --psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.\n"); printf(" --psk-identity : client identity string for TLS-PSK mode.\n"); #endif diff --git a/config.h b/config.h index 97ac6be998..3c7770594e 100644 --- a/config.h +++ b/config.h @@ -37,4 +37,12 @@ #define uthash_malloc(sz) mosquitto__malloc(sz) #define uthash_free(ptr,sz) mosquitto__free(ptr) + +#ifdef WITH_TLS +# include +# if defined(WITH_TLS_PSK) && !defined(OPENSSL_NO_PSK) +# define FINAL_WITH_TLS_PSK +# endif +#endif + #endif diff --git a/lib/net_mosq.c b/lib/net_mosq.c index f2bb628bc1..09a26042dc 100644 --- a/lib/net_mosq.c +++ b/lib/net_mosq.c @@ -183,7 +183,7 @@ int net__socket_close(struct mosquitto *mosq) } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) @@ -594,7 +594,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq) return MOSQ_ERR_TLS; } } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK }else if(mosq->tls_psk){ SSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback); #endif diff --git a/lib/options.c b/lib/options.c index 00951a6877..b4b8ac849c 100644 --- a/lib/options.c +++ b/lib/options.c @@ -223,7 +223,7 @@ int mosquitto_tls_insecure_set(struct mosquitto *mosq, bool value) int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers) { -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(!mosq || !psk || !identity) return MOSQ_ERR_INVAL; /* Check for hex only digits */ diff --git a/lib/util_mosq.c b/lib/util_mosq.c index 405cb3900b..d98bbde448 100644 --- a/lib/util_mosq.c +++ b/lib/util_mosq.c @@ -349,7 +349,7 @@ int mosquitto_topic_matches_sub2(const char *sub, size_t sublen, const char *top return MOSQ_ERR_SUCCESS; } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len) { BIGNUM *bn = NULL; diff --git a/lib/util_mosq.h b/lib/util_mosq.h index 8e601a0ffd..d94661e7aa 100644 --- a/lib/util_mosq.h +++ b/lib/util_mosq.h @@ -33,7 +33,7 @@ int mosquitto__check_keepalive(struct mosquitto *mosq); uint16_t mosquitto__mid_generate(struct mosquitto *mosq); FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read); -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len); #endif diff --git a/src/bridge.c b/src/bridge.c index e35cacced3..6e4b94fa6c 100644 --- a/src/bridge.c +++ b/src/bridge.c @@ -82,7 +82,7 @@ int bridge__new(struct mosquitto_db *db, struct mosquitto__bridge *bridge) new_context->tls_cert_reqs = SSL_VERIFY_PEER; new_context->tls_version = new_context->bridge->tls_version; new_context->tls_insecure = new_context->bridge->tls_insecure; -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK new_context->tls_psk_identity = new_context->bridge->tls_psk_identity; new_context->tls_psk = new_context->bridge->tls_psk; #endif diff --git a/src/conf.c b/src/conf.c index 87294680a2..0968d326cc 100644 --- a/src/conf.c +++ b/src/conf.c @@ -341,7 +341,7 @@ void config__cleanup(struct mosquitto__config *config) #ifdef WITH_TLS mosquitto__free(config->bridges[i].tls_version); mosquitto__free(config->bridges[i].tls_cafile); -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK mosquitto__free(config->bridges[i].tls_psk_identity); mosquitto__free(config->bridges[i].tls_psk); #endif @@ -687,7 +687,7 @@ int config__read(struct mosquitto_db *db, struct mosquitto__config *config, bool log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); return MOSQ_ERR_INVAL; } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(config->bridges[i].tls_psk && !config->bridges[i].tls_psk_identity){ log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration: missing bridge_identity.\n"); return MOSQ_ERR_INVAL; @@ -921,7 +921,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); return MOSQ_ERR_INVAL; } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); return MOSQ_ERR_INVAL; @@ -938,7 +938,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); return MOSQ_ERR_INVAL; } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); return MOSQ_ERR_INVAL; @@ -955,7 +955,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); return MOSQ_ERR_INVAL; } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); return MOSQ_ERR_INVAL; @@ -966,7 +966,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge and/or TLS support not available."); #endif }else if(!strcmp(token, "bridge_identity")){ -#if defined(WITH_BRIDGE) && defined(WITH_TLS_PSK) +#if defined(WITH_BRIDGE) && defined(FINAL_WITH_TLS_PSK) if(reload) continue; // FIXME if(!cur_bridge){ log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); @@ -1001,7 +1001,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); return MOSQ_ERR_INVAL; } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); return MOSQ_ERR_INVAL; @@ -1036,7 +1036,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available."); #endif }else if(!strcmp(token, "bridge_psk")){ -#if defined(WITH_BRIDGE) && defined(WITH_TLS_PSK) +#if defined(WITH_BRIDGE) && defined(FINAL_WITH_TLS_PSK) if(reload) continue; // FIXME if(!cur_bridge){ log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); @@ -1692,7 +1692,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty protocol value in configuration."); } }else if(!strcmp(token, "psk_file")){ -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK conf__set_cur_security_options(config, cur_listener, &cur_security_options); if(reload){ mosquitto__free(cur_security_options->psk_file); @@ -1703,7 +1703,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS/TLS-PSK support not available."); #endif }else if(!strcmp(token, "psk_hint")){ -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(reload) continue; // Listeners not valid for reloading. if(conf__parse_string(&token, "psk_hint", &cur_listener->psk_hint, saveptr)) return MOSQ_ERR_INVAL; #else diff --git a/src/handle_connect.c b/src/handle_connect.c index 2d300fc072..b9b0fefd8e 100644 --- a/src/handle_connect.c +++ b/src/handle_connect.c @@ -420,7 +420,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context) rc = 1; goto handle_connect_error; } -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK if(context->listener->psk_hint){ /* Client should have provided an identity to get this far. */ if(!context->username){ @@ -429,7 +429,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context) goto handle_connect_error; } }else{ -#endif /* WITH_TLS_PSK */ +#endif /* FINAL_WITH_TLS_PSK */ client_cert = SSL_get_peer_certificate(context->ssl); if(!client_cert){ send__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD); @@ -496,9 +496,9 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context) } X509_free(client_cert); client_cert = NULL; -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK } -#endif /* WITH_TLS_PSK */ +#endif /* FINAL_WITH_TLS_PSK */ }else{ #endif /* WITH_TLS */ if(username_flag){ diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h index bd6ad13655..bf13eebb56 100644 --- a/src/mosquitto_broker_internal.h +++ b/src/mosquitto_broker_internal.h @@ -463,7 +463,7 @@ struct mosquitto__bridge{ char *tls_certfile; char *tls_keyfile; char *tls_version; -# ifdef WITH_TLS_PSK +# ifdef FINAL_WITH_TLS_PSK char *tls_psk_identity; char *tls_psk; # endif diff --git a/src/net.c b/src/net.c index 21f5ec6893..10f88dbeda 100644 --- a/src/net.c +++ b/src/net.c @@ -247,7 +247,7 @@ static int client_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx) } #endif -#ifdef WITH_TLS_PSK +#ifdef FINAL_WITH_TLS_PSK static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) { struct mosquitto_db *db; @@ -520,7 +520,7 @@ int net__socket_listen(struct mosquitto__listener *listener) X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK); } -# ifdef WITH_TLS_PSK +# ifdef FINAL_WITH_TLS_PSK }else if(listener->psk_hint){ if(tls_ex_index_context == -1){ tls_ex_index_context = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL); @@ -543,7 +543,7 @@ int net__socket_listen(struct mosquitto__listener *listener) return 1; } } -# endif /* WITH_TLS_PSK */ +# endif /* FINAL_WITH_TLS_PSK */ } #endif /* WITH_TLS */ return 0; From 89f3d7bb3f4f478d40bed65bc913d873b86ecdd5 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 9 Dec 2018 14:03:01 +0000 Subject: [PATCH 53/58] Don't print connect/disconnect messages when connection_messages false. Closes #772. Closes #613. Closes #537. Thanks to Christopher Maynard, Brandon Arrendondo, and qubeck. --- ChangeLog.txt | 2 ++ src/loop.c | 8 ++++++-- src/net.c | 26 +++++++++++++++++--------- src/websockets.c | 4 +++- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index b36c1d965f..e7cb78864a 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -19,6 +19,8 @@ Broker: - Don't reload auth_opt_ options on reload, to match the behaviour of the other plugin options. Closes #1068. - Print message on error when installing/uninstalling as a Windows service. +- All non-error connect/disconnect messages are controlled by the + `connection_messages` option. Closes #772. Closes #613. Closes #537. Library: - Fix reconnect delay backoff behaviour. Closes #1027. diff --git a/src/loop.c b/src/loop.c index 6773185a89..8d08474917 100644 --- a/src/loop.c +++ b/src/loop.c @@ -87,7 +87,9 @@ static void temp__expire_websockets_clients(struct mosquitto_db *db) }else{ id = ""; } - log__printf(NULL, MOSQ_LOG_NOTICE, "Client %s has exceeded timeout, disconnecting.", id); + if(db->config->connection_messages == true){ + log__printf(NULL, MOSQ_LOG_NOTICE, "Client %s has exceeded timeout, disconnecting.", id); + } } /* Client has exceeded keepalive*1.5 */ do_disconnect(db, context); @@ -666,7 +668,9 @@ void do_disconnect(struct mosquitto_db *db, struct mosquitto *context) } #ifdef WITH_EPOLL if (context->sock != INVALID_SOCKET && epoll_ctl(db->epollfd, EPOLL_CTL_DEL, context->sock, &ev) == -1) { - log__printf(NULL, MOSQ_LOG_DEBUG, "Error in epoll disconnecting: %s", strerror(errno)); + if(db->config->connection_messages == true){ + log__printf(NULL, MOSQ_LOG_DEBUG, "Error in epoll disconnecting: %s", strerror(errno)); + } } #endif context__disconnect(db, context); diff --git a/src/net.c b/src/net.c index 10f88dbeda..937f6ce14e 100644 --- a/src/net.c +++ b/src/net.c @@ -152,8 +152,10 @@ int net__socket_accept(struct mosquitto_db *db, mosq_sock_t listensock) fromhost(&wrap_req); if(!hosts_access(&wrap_req)){ /* Access is denied */ - if(!net__socket_get_address(new_sock, address, 1024)){ - log__printf(NULL, MOSQ_LOG_NOTICE, "Client connection from %s denied access by tcpd.", address); + if(db->config->connection_messages == true){ + if(!net__socket_get_address(new_sock, address, 1024)){ + log__printf(NULL, MOSQ_LOG_NOTICE, "Client connection from %s denied access by tcpd.", address); + } } COMPAT_CLOSE(new_sock); return -1; @@ -187,7 +189,9 @@ int net__socket_accept(struct mosquitto_db *db, mosq_sock_t listensock) } if(new_context->listener->max_connections > 0 && new_context->listener->client_count > new_context->listener->max_connections){ - log__printf(NULL, MOSQ_LOG_NOTICE, "Client connection from %s denied: max_connections exceeded.", new_context->address); + if(db->config->connection_messages == true){ + log__printf(NULL, MOSQ_LOG_NOTICE, "Client connection from %s denied: max_connections exceeded.", new_context->address); + } context__cleanup(db, new_context, true); return -1; } @@ -217,12 +221,14 @@ int net__socket_accept(struct mosquitto_db *db, mosq_sock_t listensock) }else if(rc == SSL_ERROR_WANT_WRITE){ new_context->want_write = true; }else{ - e = ERR_get_error(); - while(e){ - log__printf(NULL, MOSQ_LOG_NOTICE, - "Client connection from %s failed: %s.", - new_context->address, ERR_error_string(e, ebuf)); + if(db->config->connection_messages == true){ e = ERR_get_error(); + while(e){ + log__printf(NULL, MOSQ_LOG_NOTICE, + "Client connection from %s failed: %s.", + new_context->address, ERR_error_string(e, ebuf)); + e = ERR_get_error(); + } } context__cleanup(db, new_context, true); return -1; @@ -234,7 +240,9 @@ int net__socket_accept(struct mosquitto_db *db, mosq_sock_t listensock) } #endif - log__printf(NULL, MOSQ_LOG_NOTICE, "New connection from %s on port %d.", new_context->address, new_context->listener->port); + if(db->config->connection_messages == true){ + log__printf(NULL, MOSQ_LOG_NOTICE, "New connection from %s on port %d.", new_context->address, new_context->listener->port); + } return new_sock; } diff --git a/src/websockets.c b/src/websockets.c index a57330aabe..6ac446f610 100644 --- a/src/websockets.c +++ b/src/websockets.c @@ -229,7 +229,9 @@ static int callback_mqtt(struct libwebsocket_context *context, return -1; } if(mosq->listener->max_connections > 0 && mosq->listener->client_count > mosq->listener->max_connections){ - log__printf(NULL, MOSQ_LOG_NOTICE, "Client connection from %s denied: max_connections exceeded.", mosq->address); + if(db->config->connection_messages == true){ + log__printf(NULL, MOSQ_LOG_NOTICE, "Client connection from %s denied: max_connections exceeded.", mosq->address); + } mosquitto__free(mosq); u->mosq = NULL; return -1; From afe011866c5625144c3ff0169b7a1db8a134ff57 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 9 Dec 2018 21:51:42 +0000 Subject: [PATCH 54/58] Remove unused variables. --- lib/loop.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/loop.c b/lib/loop.c index 4b27775226..e4a985eb3e 100644 --- a/lib/loop.c +++ b/lib/loop.c @@ -286,9 +286,6 @@ int mosquitto_loop_forever(struct mosquitto *mosq, int timeout, int max_packets) int mosquitto_loop_misc(struct mosquitto *mosq) { - time_t now; - int rc; - if(!mosq) return MOSQ_ERR_INVAL; if(mosq->sock == INVALID_SOCKET) return MOSQ_ERR_NO_CONN; From a8ca5c83af5757b14e7046b2ce3f3ea674ff65c1 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sun, 9 Dec 2018 22:54:21 +0000 Subject: [PATCH 55/58] Bump version. --- CMakeLists.txt | 2 +- ChangeLog.txt | 2 +- config.mk | 2 +- installer/mosquitto.nsi | 2 +- installer/mosquitto64.nsi | 2 +- lib/mosquitto.h | 2 +- set-version.sh | 2 +- snap/snapcraft.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 161696daf4..265c106d9c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -11,7 +11,7 @@ project(mosquitto) cmake_minimum_required(VERSION 2.8) # Only for version 3 and up. cmake_policy(SET CMP0042 NEW) -set (VERSION 1.5.4) +set (VERSION 1.5.5) add_definitions (-DCMAKE -DVERSION=\"${VERSION}\") diff --git a/ChangeLog.txt b/ChangeLog.txt index e7cb78864a..d7682e4069 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,4 +1,4 @@ -1.5.5 - 201812xx +1.5.5 - 20181211 ================ Security: diff --git a/config.mk b/config.mk index d591cd499c..0ee3fa4459 100644 --- a/config.mk +++ b/config.mk @@ -105,7 +105,7 @@ WITH_BUNDLED_DEPS:=yes # Also bump lib/mosquitto.h, CMakeLists.txt, # installer/mosquitto.nsi, installer/mosquitto64.nsi -VERSION=1.5.4 +VERSION=1.5.5 # Client library SO version. Bump if incompatible API/ABI changes are made. SOVERSION=1 diff --git a/installer/mosquitto.nsi b/installer/mosquitto.nsi index d7db79b825..0574e0b10e 100644 --- a/installer/mosquitto.nsi +++ b/installer/mosquitto.nsi @@ -9,7 +9,7 @@ !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' Name "Eclipse Mosquitto" -!define VERSION 1.5.4 +!define VERSION 1.5.5 OutFile "mosquitto-${VERSION}-install-windows-x86.exe" InstallDir "$PROGRAMFILES\mosquitto" diff --git a/installer/mosquitto64.nsi b/installer/mosquitto64.nsi index 7ae8dccd0c..5e9706c4b5 100644 --- a/installer/mosquitto64.nsi +++ b/installer/mosquitto64.nsi @@ -9,7 +9,7 @@ !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"' Name "Eclipse Mosquitto" -!define VERSION 1.5.4 +!define VERSION 1.5.5 OutFile "mosquitto-${VERSION}-install-windows-x64.exe" !include "x64.nsh" diff --git a/lib/mosquitto.h b/lib/mosquitto.h index b3600b2c1b..57a22ec341 100644 --- a/lib/mosquitto.h +++ b/lib/mosquitto.h @@ -47,7 +47,7 @@ extern "C" { #define LIBMOSQUITTO_MAJOR 1 #define LIBMOSQUITTO_MINOR 5 -#define LIBMOSQUITTO_REVISION 4 +#define LIBMOSQUITTO_REVISION 5 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */ #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION) diff --git a/set-version.sh b/set-version.sh index 549581892d..ec105f6bdb 100755 --- a/set-version.sh +++ b/set-version.sh @@ -2,7 +2,7 @@ MAJOR=1 MINOR=5 -REVISION=4 +REVISION=5 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index fa1127ed55..b337fe0be4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: mosquitto -version: 1.5.4 +version: 1.5.5 summary: Eclipse Mosquitto MQTT broker description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT protocol. From 66dfa573946425661626e2f574ef125ab01b01f5 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 11 Dec 2018 11:14:15 +0000 Subject: [PATCH 56/58] Don't use home interface until it is not auto connected. --- snap/snapcraft.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 0c0dec007c..b337fe0be4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -16,11 +16,11 @@ apps: command: launcher.sh daemon: simple restart-condition: always - plugs: [home, network, network-bind] + plugs: [network, network-bind] pub: command: usr/bin/mosquitto_pub - plugs: [home, network] + plugs: [network] sub: command: usr/bin/mosquitto_sub @@ -28,7 +28,6 @@ apps: passwd: command: usr/bin/mosquitto_passwd - plugs: [home] parts: From a0a37d385db4421d7151f1fe969a7b00d4516c24 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 11 Dec 2018 13:23:29 +0000 Subject: [PATCH 57/58] Update docker for 1.5.5. --- docker/1.5/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 5661fb35b5..2c9b15c67f 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3.8 LABEL maintainer="Roger Light " \ description="Eclipse Mosquitto MQTT Broker" -ENV VERSION=1.5.4 \ - DOWNLOAD_SHA256=5fd7f3454fd6d286645d032bc07f44a1c8583cec02ef2422c9eb32e0a89a9b2f \ +ENV VERSION=1.5.5 \ + DOWNLOAD_SHA256=fcdb47e340864c545146681af7253399cc292e41775afd76400fda5b0d23d668 \ GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ LWS_VERSION=2.4.2 From 84c5d90f5ccb1a4f7d975bddd0f28655ddfeb2be Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 11 Dec 2018 16:07:18 +0000 Subject: [PATCH 58/58] Website update for 1.5.5. --- www/pages/download.md | 2 +- www/pages/security.md | 3 ++ www/posts/2018/12/version-155-released.md | 60 +++++++++++++++++++++++ 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 www/posts/2018/12/version-155-released.md diff --git a/www/pages/download.md b/www/pages/download.md index 2a9b54e027..2aceb0a53a 100644 --- a/www/pages/download.md +++ b/www/pages/download.md @@ -11,7 +11,7 @@ # Source -* [mosquitto-1.5.4.tar.gz](https://mosquitto.org/files/source/mosquitto-1.5.4.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.5.4.tar.gz.asc)) +* [mosquitto-1.5.5.tar.gz](https://mosquitto.org/files/source/mosquitto-1.5.5.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.5.5.tar.gz.asc)) * [mosquitto-1.5.4.tar.gz](https://www.eclipse.org/downloads/download.php?file=/mosquitto/source/mosquitto-1.5.4.tar.gz) (via Eclipse) * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com) diff --git a/www/pages/security.md b/www/pages/security.md index 7696dca90f..43618a25a3 100644 --- a/www/pages/security.md +++ b/www/pages/security.md @@ -19,6 +19,8 @@ follow the steps on [Eclipse Security] page to report it. Listed with most recent first. Further information on security related issues can be found in the [security category]. +* December 2018: No CVE assigned. Affecting versions **1.5** to **1.5.4** + inclusive, fixed in **1.5.5.**. More details at [version-155-released]. * November 2018: No CVE assigned. Affecting versions **1.4** to **1.5.3** inclusive, fixed in **1.5.4**. More details at [version-154-released]. * September 2018: [CVE-2018-12543] affecting versions **1.5** to **1.5.2** @@ -43,6 +45,7 @@ can be found in the [security category]. inclusive, fixed in **1.4.12**. More details at [security-advisory-cve-2017-7650]. +[version-155-released]: /2018/11/version-155-released/ [version-154-released]: /2018/11/version-154-released/ [security-advisory-cve-2018-12543]: /2018/09/security-advisory-cve-2018-12543/ [security-advisory-cve-2017-7651-cve-2017-7652]: /2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ diff --git a/www/posts/2018/12/version-155-released.md b/www/posts/2018/12/version-155-released.md new file mode 100644 index 0000000000..ca01171581 --- /dev/null +++ b/www/posts/2018/12/version-155-released.md @@ -0,0 +1,60 @@ + + +This is a bugfix and security release. + +# Version 1.5.5 changes + +## Security +- If `per_listener_settings` is set to true, then the `acl_file` setting was + ignored for the "default listener" only. This has been fixed. This does not + affect any listeners defined with the `listener` option. Closes [#1073]. + +## Broker +- Add `socket_domain` option to allow listeners to disable IPv6 support. + This is required to work around a problem in libwebsockets that means + sockets only listen on IPv6 by default if IPv6 support is compiled in. + Closes [#1004]. +- When using ADNS, don't ask for all network protocols when connecting, + because this can lead to confusing "Protocol not supported" errors if the + network is down. Closes [#1062]. +- Fix outgoing retained messages not being sent by bridges on initial + connection. Closes [#1040]. +- Don't reload `auth_opt_` options on reload, to match the behaviour of the + other plugin options. Closes [#1068]. +- Print message on error when installing/uninstalling as a Windows service. +- All non-error connect/disconnect messages are controlled by the + `connection_messages` option. Closes [#772]. Closes [#613]. Closes [#537]. + +## Library +- Fix reconnect delay backoff behaviour. Closes [#1027]. +- Don't call `on_disconnect()` twice if keepalive tests fail. Closes [#1067]. + +## Client +- Always print leading zeros in `mosquitto_sub` when output format is hex. + Closes [#1066]. + +## Build +- Fix building where TLS-PSK is not available. Closes [#68]. + + +[#68]: https://github.com/eclipse/mosquitto/issues/68 +[#537]: https://github.com/eclipse/mosquitto/issues/537 +[#613]: https://github.com/eclipse/mosquitto/issues/613 +[#772]: https://github.com/eclipse/mosquitto/issues/772 +[#1004]: https://github.com/eclipse/mosquitto/issues/1004 +[#1027]: https://github.com/eclipse/mosquitto/issues/1027 +[#1040]: https://github.com/eclipse/mosquitto/issues/1040 +[#1062]: https://github.com/eclipse/mosquitto/issues/1062 +[#1066]: https://github.com/eclipse/mosquitto/issues/1066 +[#1067]: https://github.com/eclipse/mosquitto/issues/1067 +[#1068]: https://github.com/eclipse/mosquitto/issues/1068 +[#1073]: https://github.com/eclipse/mosquitto/issues/1073