Skip to content

Commit

Permalink
mosquitto: Update to 2.0.5
Browse files Browse the repository at this point in the history
pkgsrc changes:
---------------
  * The PID file does not need to be written in a dedicated subdirectory
    and it can be written in ${VARBASE}/run directly instead.
  * The configuration parameters which need to be tuned in mosquitto.conf
    can be uncommented and set in according with pkgsrc variables.

upstream changes:
-----------------
2.0.5 - 2021-01-11
==================

Broker:
- Fix `auth_method` not being provided to the extended auth plugin event.
  Closes #1975.
- Fix large packets not being completely published to slow clients.
  Closes #1977.
- Fix bridge connection not relinquishing POLLOUT after messages are sent.
  Closes #1979.
- Fix apparmor incorrectly denying access to
  /var/lib/mosquitto/mosquitto.db.new. Closes #1978.
- Fix potential intermittent initial bridge connections when using poll().
- Fix `bind_interface` option. Closes #1999.
- Fix invalid behaviour in dynsec plugin if a group or client is deleted
  before a role that was attached to the group or client is deleted.
  Closes #1998.
- Improve logging in dynsec addGroupRole command. Closes #2005.
- Improve logging in dynsec addGroupClient command. Closes #2008.

Client library:
- Improve documentation around the `_v5()` and non-v5 functions, e.g.
  `mosquitto_publish()` and `mosquitto_publish_v5().

Build:
- `install` Makefile target should depend on `all`, not `mosquitto`, to ensure
  that man pages are always built. Closes #1989.
- Fixes for lots of minor build warnings highlighted by Visual Studio.

Apps:
- Disallow control characters in mosquitto_passwd usernames.
- Fix incorrect description in mosquitto_ctrl man page. Closes #1995.
- Fix `mosquitto_ctrl dynsec getGroup` not showing roles. Closes #1997.


2.0.4 - 2020-12-22
==================

Broker:
- Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2
  messages. Closes #1968.
- mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not
  reset the bind address option if called with bind_address == NULL.
- Fix dynamic security configuration possibly not being reloaded on Windows
  only. Closes #1962.
- Add more log messages for dynsec load/save error conditions.
- Fix websockets connections blocking non-websockets connections on Windows.
  Closes #1934.

Build:
- Fix man pages not being built when using CMake. Closes #1969.


2.0.3 - 2020-12-17
==================

Security:
- Running mosquitto_passwd with the following arguments only
  `mosquitto_passwd -b password_file username password` would cause the
  username to be used as the password.

Broker:
- Fix excessive CPU use on non-Linux systems when the open file limit is set
  high. Closes #1947.
- Fix LWT not being sent on client takeover when the existing session wasn't
  being continued. Closes #1946.
- Fix bridges possibly not completing connections when WITH_ADNS is in use.
  Closes #1960.
- Fix QoS 0 messages not being delivered if max_queued_messages was set to 0.
  Closes #1956.
- Fix local bridges being disconnected on SIGHUP. Closes #1942.
- Fix slow initial bridge connections for WITH_ADNS=no.
- Fix persistence_location not appending a '/'.

Clients:
- Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful
  connection is not made. Closes #1957.

Apps:
- Fix `mosquitto_passwd -b` using username as password (not if `-c` is also
  used). Closes #1949.

Build:
- Fix `install` target when using WITH_CJSON=no. Closes #1938.
- Fix `generic` docker build. Closes #1945.


2.0.2 - 2020-12-10
==================

Broker:
- Fix build regression for WITH_WEBSOCKETS=yes on non-Linux systems.


2.0.1 - 2020-12-10
==================

Broker:
- Fix websockets connections on Windows blocking subsequent connections.
  Closes #1934.
- Fix DH group not being set for TLS connections, which meant ciphers using
  DHE couldn't be used. Closes #1925. Closes #1476.
- Fix websockets listeners not causing the main loop not to wake up.
  Closes #1936.

Client library:
- Fix DH group not being set for TLS connections, which meant ciphers using
  DHE couldn't be used. Closes #1925. Closes #1476.

Apps:
- Fix `mosquitto_passwd -U`

Build:
- Fix cjson include paths.
- Fix build using WITH_TLS=no when the openssl headers aren't available.
- Distribute cmake/ and snap/ directories in tar.


2.0.0 - 2020-12-03
==================

Breaking changes:
- When the Mosquitto broker is run without configuring any listeners it will
  now bind to the loopback interfaces 127.0.0.1 and/or ::1. This means that
  only connections from the local host will be possible.

  Running the broker as `mosquitto` or `mosquitto -p 1883` will bind to the
  loopback interface.

  Running the broker with a configuration file with no listeners configured
  will bind to the loopback interface with port 1883.

  Running the broker with a listener defined will bind by default to `0.0.0.0`
  / `::` and so will be accessible from any interface. It is still possible to
  bind to a specific address/interface.

  If the broker is run as `mosquitto -c mosquitto.conf -p 1884`, and a
  listener is defined in the configuration file, then the port defined on the
  command line will be IGNORED, and no listener configured for it.
- All listeners now default to `allow_anonymous false` unless explicitly set
  to true in the configuration file. This means that when configuring a
  listener the user must either configure an authentication and access control
  method, or set `allow_anonymous true`. When the broker is run without a
  configured listener, and so binds to the loopback interface, anonymous
  connections are allowed.
- If Mosquitto is run on as root on a unix like system, it will attempt to
  drop privileges as soon as the configuration file has been read. This is in
  contrast to the previous behaviour where elevated privileges were only
  dropped after listeners had been started (and hence TLS certificates loaded)
  and logging had been started. The change means that clients will never be
  able to connect to the broker when it is running as root, unless the user
  explicitly sets it to run as root, which is not advised. It also means that
  all locations that the broker needs to access must be available to the
  unprivileged user. In particular those people using TLS certificates from
  Lets Encrypt will need to do something to allow Mosquitto to access
  those certificates. An example deploy renewal hook script to help with this
  is at `misc/letsencrypt/mosquitto-copy.sh`.
  The user that Mosquitto will change to are the one provided in the
  configuration, `mosquitto`, or `nobody`, in order of availability.
- The `pid_file` option will now always attempt to write a pid file,
  regardless of whether the `-d` argument is used when running the broker.
- The `tls_version` option now defines the *minimum* TLS protocol version to
  be used, rather than the exact version. Closes #1258.
- The `max_queued_messages` option has been increased from 100 to 1000 by
  default, and now also applies to QoS 0 messages, when a client is connected.
- The mosquitto_sub, mosquitto_pub, and mosquitto_rr clients will now load
  OS provided CA certificates by default if `-L mqtts://...` is used, or if
  the port is set to 8883 and no other CA certificates are loaded.
- Minimum support libwebsockets version is now 2.4.0
- The license has changed from "EPL-1.0 OR EDL-1.0" to "EPL-2.0 OR EDL-1.0".

Broker features:
- New plugin interface which is more flexible, easier to develop for and
  easier to extend.
- New dynamic security plugin, which allows clients, groups, and roles to be
  defined and updated as the broker is running.
- Performance improvements, particularly for higher numbers of clients.
- When running as root, if dropping privileges to the "mosquitto" user fails,
  then try "nobody" instead. This reduces the burden on users installing
  Mosquitto themselves.
- Add support for Unix domain socket listeners.
- Add `bridge_outgoing_retain` option, to allow outgoing messages from a
  bridge to have the retain bit completely disabled, which is useful when
  bridging to e.g. Amazon or Google.
- Add support for MQTT v5 bridges to handle the "retain-available" property
  being false.
- Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting
  to a v3.x only broker.
- DLT logging is now configurable at runtime with `log_dest dlt`.
  Closes #1735.
- Add `mosquitto_broker_publish()` and `mosquitto_broker_publish_copy()`
  functions, which can be used by plugins to publish messages.
- Add `mosquitto_client_protocol_version()` function which can be used by
  plugins to determine which version of MQTT a client has connected with.
- Add `mosquitto_kick_client_by_clientid()` and `mosquitto_kick_client_by_username()`
  functions, which can be used by plugins to disconnect clients.
- Add support for handling $CONTROL/ topics in plugins.
- Add support for PBKDF2-SHA512 password hashing.
- Enabling certificate based TLS encryption is now through certfile and
  keyfile, not capath or cafile.
- Added support for controlling UNSUBSCRIBE calls in v5 plugin ACL checks.
- Add "deny" acl type. Closes #1611.
- The broker now sends the receive-maximum property for MQTT v5 CONNACKs.
- Add the `bridge_max_packet_size` option. Closes #265.
- Add the `bridge_bind_address` option. Closes #1311.
- TLS certificates for the server are now reloaded on SIGHUP.
- Default for max_queued_messages has been changed to 1000.
- Add `ciphers_tls1.3` option, to allow setting TLS v1.3 ciphersuites.
  Closes #1825.
- Bridges now obey MQTT v5 server-keepalive.
- Add bridge support for the MQTT v5 maximum-qos property.
- Log client port on new connections. Closes #1911.

Broker fixes:
- Send DISCONNECT with `malformed-packet` reason code on invalid PUBLISH,
  SUBSCRIBE, and UNSUBSCRIBE packets.
- Document that X509_free() must be called after using
  mosquitto_client_certificate(). Closes #1842.
- Fix listener not being reassociated with client when reloading a persistence
  file and `per_listener_settings true` is set and the client did not set a
  username. Closes #1891.
- Fix bridge sock not being removed from sock hash on error. Closes #1897.
- mosquitto_password now forbids the : character. Closes #1833.
- Fix `log_timestamp_format` not applying to `log_dest topic`. Closes #1862.
- Fix crash on Windows if loading a plugin fails. Closes #1866.
- Fix file logging on Windows. Closes #1880.
- Report an error if the config file is set to a directory. Closes #1814.
- Fix bridges incorrectly setting Wills to manage remote notifications when
  `notifications_local_only` was set true. Closes #1902.

Client library features:
- Client no longer generates random client ids for v3.1.1 clients, these are
  now expected to be generated on the broker. This matches the behaviour for
  v5 clients. Closes #291.
- Add support for connecting to brokers through Unix domain sockets.
- Add `mosquitto_property_identifier()`, for retrieving the identifier integer
  for a property.
- Add `mosquitto_property_identifier_to_string()` for converting a property
  identifier integer to the corresponding property name string.
- Add `mosquitto_property_next()` to retrieve the next property in a list, for
  iterating over property lists.
- mosquitto_pub now handles the MQTT v5 retain-available property by never
  setting the retain bit.
- Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client
  sockets. Closes #1526.
- Add `mosquitto_ssl_get()` to allow clients to access their SSL structure and
  perform additional verification.
- Add MOSQ_OPT_BIND_ADDRESS to allow setting of a bind address independently
  of the `mosquitto_connect*()` call.
- Add `MOSQ_OPT_TLS_USE_OS_CERTS` option, to instruct the client to load and
  trust OS provided CA certificates for use with TLS connections.

Client library fixes:
- Fix send quota being incorrecly reset on reconnect. Closes #1822.
- Don't use logging until log mutex is initialised. Closes #1819.
- Fix missing mach/mach_time.h header on OS X. Closes #1831.
- Fix connect properties not being sent when the client automatically
  reconnects. Closes #1846.

Client features:
- Add timeout return code (27) for `mosquitto_sub -W <secs>` and
  `mosquitto_rr -W <secs>`. Closes #275.
- Add support for connecting to brokers through Unix domain sockets with the
  `--unix` argument.
- Use cJSON library for producing JSON output, where available. Closes #1222.
- Add support for outputting MQTT v5 property information to mosquitto_sub/rr
  JSON output. Closes #1416.
- Add `--pretty` option to mosquitto_sub/rr for formatted/unformatted JSON
  output.
- Add support for v5 property printing to mosquitto_sub/rr in non-JSON mode.
  Closes #1416.
- Add `--nodelay` to all clients to allow them to use the MOSQ_OPT_TCP_NODELAY
  option.
- Add `-x` to all clients to all the session-expiry-interval property to be
  easily set for MQTT v5 clients.
- Add `--random-filter` to mosquitto_sub, to allow only a certain proportion
  of received messages to be printed.
- mosquitto_sub %j and %J timestamps are now in a ISO 8601 compatible format.
- mosquitto_sub now supports extra format specifiers for field width and
  precision for some parameters.
- Add `--version` for all clients.
- All clients now load OS provided CA certificates if used with `-L
  mqtts://...`, or if port is set to 8883 and no other CA certificates are
  used. Closes #1824.
- Add the `--tls-use-os-certs` option to all clients.

Client fixes:
- mosquitto_sub will now exit if all subscriptions were denied.
- mosquitto_pub now sends 0 length files without an error when using `-f`.
- Fix description of `-e` and `-t` arguments in mosquitto_rr. Closes #1881.
- mosquitto_sub will now quit with an error if the %U option is used on
  Windows, rather than just quitting. Closes #1908.
  • Loading branch information
triaxx committed Jan 28, 2021
1 parent 4844a43 commit 14af0ee
Show file tree
Hide file tree
Showing 7 changed files with 66 additions and 47 deletions.
9 changes: 2 additions & 7 deletions net/mosquitto/Makefile
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
# $NetBSD: Makefile,v 1.13 2020/09/28 18:56:03 tm Exp $
# $NetBSD: Makefile,v 1.14 2021/01/28 19:46:23 triaxx Exp $

VERSION= 1.6.12
PKGREVISION= 1
DISTNAME= mosquitto-${VERSION}
DISTNAME= mosquitto-2.0.5
CATEGORIES= net
MASTER_SITES= https://mosquitto.org/files/source/

#MAINTAINER= amoibos@gmail.com
MAINTAINER= gdt@NetBSD.org
HOMEPAGE= https://mosquitto.org/
COMMENT= Open Source MQTT broker
Expand All @@ -28,8 +25,6 @@ MOSQUITTO_GROUP= mosquitto
PKG_USERS= ${MOSQUITTO_USER}:${MOSQUITTO_GROUP}
PKG_GROUPS= ${MOSQUITTO_GROUP}

# \todo The example file is vast and arguably should not be installed.
# However, we need to set a few things to make automatic startup work.
CONF_FILES= ${PREFIX}/share/examples/mosquitto/mosquitto.conf \
${PKG_SYSCONFDIR}/mosquitto.conf

Expand Down
5 changes: 4 additions & 1 deletion net/mosquitto/PLIST
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.1 2019/07/20 23:09:27 gdt Exp $
@comment $NetBSD: PLIST,v 1.2 2021/01/28 19:46:23 triaxx Exp $
bin/mosquitto_passwd
bin/mosquitto_pub
bin/mosquitto_rr
Expand All @@ -7,6 +7,7 @@ include/mosquitto.h
include/mosquitto_broker.h
include/mosquitto_plugin.h
include/mosquittopp.h
include/mqtt_protocol.h
lib/libmosquitto.so
lib/libmosquitto.so.1
lib/libmosquitto.so.${PKGVERSION}
Expand All @@ -15,6 +16,8 @@ lib/libmosquittopp.so.1
lib/libmosquittopp.so.${PKGVERSION}
lib/pkgconfig/libmosquitto.pc
lib/pkgconfig/libmosquittopp.pc
man/man1/mosquitto_ctrl.1
man/man1/mosquitto_ctrl_dynsec.1
man/man1/mosquitto_passwd.1
man/man1/mosquitto_pub.1
man/man1/mosquitto_rr.1
Expand Down
15 changes: 8 additions & 7 deletions net/mosquitto/distinfo
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
$NetBSD: distinfo,v 1.11 2020/08/19 23:33:38 gdt Exp $
$NetBSD: distinfo,v 1.12 2021/01/28 19:46:23 triaxx Exp $

SHA1 (mosquitto-1.6.12.tar.gz) = b8c047985a33f3c2e9855079030f91d6eed00c47
RMD160 (mosquitto-1.6.12.tar.gz) = 3d0121c4d3ce8c388b5dc344b7e3153f6d5f783d
SHA512 (mosquitto-1.6.12.tar.gz) = 68cd2e4aa14254c0332ad78eac1f885e0e4e9f2332540d3778b8c7df096db7618b8467b5bb25f70ddc3306d01dd36eb9a9e2bf2738da77e196c7a1ccaed869d2
Size (mosquitto-1.6.12.tar.gz) = 618718 bytes
SHA1 (patch-lib_CMakeLists.txt) = cddb8803a759820c8059028f924b56c22689ee54
SHA1 (mosquitto-2.0.5.tar.gz) = 86400e68344642f2b491de0f7abdbc7e92c54f0d
RMD160 (mosquitto-2.0.5.tar.gz) = e35daa0a27ced4f950756b672444de0cf6517896
SHA512 (mosquitto-2.0.5.tar.gz) = 760ace6f820cf0132775e31035caad126a64a988bd8d5faa78069eda8441973d98120a5b36d35d935f116c5d3f1adeecd0ea672f804382fa10e6d9e61a087233
Size (mosquitto-2.0.5.tar.gz) = 753064 bytes
SHA1 (patch-lib_CMakeLists.txt) = 81981f812dc38572e727a9a5dfb427b80476702d
SHA1 (patch-lib_net__mosq.c) = a38294cdfea98f2da0879ea93373c5f04aebdb20
SHA1 (patch-mosquitto.conf) = ca82a8a1bdc59d5e6f4121d8474693245b923789
SHA1 (patch-misc_letsencrypt_mosquitto-copy.sh) = a4d601b71f68d3f9e62d923d21c58f26558eb551
SHA1 (patch-mosquitto.conf) = ddd2cba5d98f5b9b00fd808d839ba328591ba29f
SHA1 (patch-src_CMakeLists.txt) = 76a3c560929aabce943b25bf9d2cefa173b792b0
12 changes: 2 additions & 10 deletions net/mosquitto/files/mosquitto.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
# $NetBSD: mosquitto.sh,v 1.1 2019/07/20 23:09:27 gdt Exp $
# $NetBSD: mosquitto.sh,v 1.2 2021/01/28 19:46:24 triaxx Exp $
#
# PROVIDE: mosquitto
# REQUIRE: DAEMON
Expand All @@ -10,21 +10,13 @@
name="mosquitto"
rcvar=$name
command="@PREFIX@/sbin/${name}"
piddir="/var/run/${name}"
pidfile="${piddir}/${name}.pid"
pidfile="/var/run/${name}.pid"
config="@PKG_SYSCONFDIR@/${name}.conf"

command_args="-d -c $config"

start_precmd="mosquitto_precmd"
test_cmd="mosquitto_test"
extra_commands=""

mosquitto_precmd()
{
mkdir -p ${piddir}
chown @MOSQUITTO_USER@ ${piddir}
}

load_rc_config $name
run_rc_command "$1"
14 changes: 7 additions & 7 deletions net/mosquitto/patches/patch-lib_CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
$NetBSD: patch-lib_CMakeLists.txt,v 1.1 2019/07/20 23:09:27 gdt Exp $
$NetBSD: patch-lib_CMakeLists.txt,v 1.2 2021/01/28 19:46:24 triaxx Exp $

On NetBSD, do not include librt.
\todo Why? All other "UNIX" does, except Mac.
\todo Consider filing upstream.

--- lib/CMakeLists.txt.orig 2018-09-04 16:57:17.000000000 +0000
--- lib/CMakeLists.txt.orig 2021-01-11 16:49:40.000000000 +0000
+++ lib/CMakeLists.txt
@@ -73,12 +73,12 @@ set(C_SRC
@@ -61,12 +61,12 @@ set(C_SRC

set (LIBRARIES ${OPENSSL_LIBRARIES} ${PTHREAD_LIBRARIES})

-if (UNIX AND NOT APPLE)
+if (UNIX AND NOT APPLE AND NOT ${CMAKE_SYSTEM_NAME} MATCHES "NetBSD")
-if (UNIX AND NOT APPLE AND NOT ANDROID)
+if (UNIX AND NOT APPLE AND NOT ANDROID AND NOT ${CMAKE_SYSTEM_NAME} MATCHES "NetBSD")
find_library(LIBRT rt)
if (LIBRT)
set (LIBRARIES ${LIBRARIES} rt)
endif (LIBRT)
-endif (UNIX AND NOT APPLE)
+endif (UNIX AND NOT APPLE AND NOT ${CMAKE_SYSTEM_NAME} MATCHES "NetBSD")
-endif (UNIX AND NOT APPLE AND NOT ANDROID)
+endif (UNIX AND NOT APPLE AND NOT ANDROID AND NOT ${CMAKE_SYSTEM_NAME} MATCHES "NetBSD")

if (WIN32)
set (LIBRARIES ${LIBRARIES} ws2_32)
15 changes: 15 additions & 0 deletions net/mosquitto/patches/patch-misc_letsencrypt_mosquitto-copy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
$NetBSD: patch-misc_letsencrypt_mosquitto-copy.sh,v 1.1 2021/01/28 19:46:24 triaxx Exp $

Fix shell portability problem.

--- misc/letsencrypt/mosquitto-copy.sh.orig 2021-01-11 16:49:40.000000000 +0000
+++ misc/letsencrypt/mosquitto-copy.sh
@@ -12,7 +12,7 @@
# Place this script in /etc/letsencrypt/renewal-hooks/deploy/ and make it
# executable after editing it to your needs.

-if [ ${RENEWED_DOMAINS} == "my-mosquitto-domain" ]; then
+if [ ${RENEWED_DOMAINS} = "my-mosquitto-domain" ]; then
# Copy new certificate to Mosquitto directory
cp ${RENEWED_LINEAGE}/fullchain.pem /etc/mosquitto/certs/server.pem
cp ${RENEWED_LINEAGE}/privkey.pem /etc/mosquitto/certs/server.key
43 changes: 28 additions & 15 deletions net/mosquitto/patches/patch-mosquitto.conf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
$NetBSD: patch-mosquitto.conf,v 1.2 2020/04/16 15:19:11 jperkin Exp $
$NetBSD: patch-mosquitto.conf,v 1.3 2021/01/28 19:46:24 triaxx Exp $

Log to syslog, instead of (perhaps) not logging.

Expand All @@ -7,19 +7,32 @@ Log to syslog, instead of (perhaps) not logging.
\todo Think about pidfile; because this can be run in various modes
that seems like it should perhaps be command-line, not config.

--- mosquitto.conf.orig 2019-06-18 11:45:59.000000000 +0000
--- mosquitto.conf.orig 2021-01-11 16:49:40.000000000 +0000
+++ mosquitto.conf
@@ -986,3 +986,13 @@
# given multiple times, all of the files from the first instance will be
# processed before the next instance. See the man page for examples.
#include_dir
+
+### PKGSRC ADJUSTMENTS FOR TRADITIONAL UNIX NORMS
+
+pid_file @VARBASE@/run/mosquitto/mosquitto.pid
+
+log_dest syslog
+
@@ -148,7 +148,7 @@
# This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
# being run automatically on boot with an init script and
# start-stop-daemon or similar.
-#pid_file
+pid_file @VARBASE@/run/mosquitto.pid

# Set to true to queue messages with QoS 0 when a persistent client is
# disconnected. These messages are included in the limit imposed by
@@ -340,7 +340,7 @@
# certificate files must have ".crt" as the file ending and you must run
# "openssl rehash <path to capath>" each time you add/remove a certificate.
#cafile
-#capath
+capath @SSLCERTS@
+
+### LOCAL CONFIGURATION


# If require_certificate is true, you may set use_identity_as_username to true
@@ -448,7 +448,7 @@
# Note that if the broker is running as a Windows service it will default to
# "log_dest none" and neither stdout nor stderr logging is available.
# Use "log_dest none" if you wish to disable logging.
-#log_dest stderr
+log_dest syslog

# Types of messages to log. Use multiple log_type lines for logging
# multiple types of messages.

0 comments on commit 14af0ee

Please sign in to comment.