Debian Package Tracker

general

source: mosquitto (main)
version: 1.5.7-1
maintainer: Roger A. Light [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.3.4-2+deb8u1
old-sec: 1.3.4-2+deb8u3
stable: 1.4.10-3+deb9u4
stable-sec: 1.4.10-3+deb9u4
testing: 1.5.7-1
unstable: 1.5.7-1

versioned links

1.3.4-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.4-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.10-3+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmosquitto-dev
libmosquitto1 (1 bugs: 0, 1, 0, 0)
libmosquittopp-dev
libmosquittopp1
mosquitto (3 bugs: 0, 3, 0, 0)
mosquitto-clients
mosquitto-dev

action needed

A new upstream version is available: 1.6.2 high

A new upstream version 1.6.2 is available, you should consider packaging it.

Created: 2019-03-01 Last update: 2019-06-18 22:36

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-05-13 Last update: 2019-06-18 23:20

Depends on packages which need a new maintainer normal

The packages that mosquitto depends on which need a new maintainer are:

lsb (#924519)
- Depends: lsb-base

Created: 2019-03-13 Last update: 2019-06-18 21:32

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.5.8-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 2eeb01ce8c014076a279ad83865102ea84b717a9
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Apr 25 14:47:57 2019 +0100

    Update Debian official packaging for 1.5.8.

commit 2c954b8f03f26c350c0645e4feebe3dc5e1de683
Merge: 46c67366 ae309b33
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Apr 25 14:46:19 2019 +0100

    Merge tag 'v1.5.8' into debian

commit 46c673664f3b41e66fa4921b4b2f2902460e57fd
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Apr 25 14:46:06 2019 +0100

    Update Debian official packaging for 1.5.7.

commit 580fb8bd6355dc9d1f6cd8e0b0f187a83af7af5c
Merge: a8c0e5a2 a2d4535d
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Apr 25 14:44:43 2019 +0100

    Merge tag 'v1.5.7'
    
    Conflicts:
            CMakeLists.txt
            ChangeLog.txt
            config.mk
            installer/mosquitto.nsi
            installer/mosquitto64.nsi
            lib/mosquitto.h
            set-version.sh
            snap/snapcraft.yaml
            src/persist.c

commit a8c0e5a255a906524f05bc5bd50f9bd072f0e78b
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Apr 25 14:41:20 2019 +0100

    Update Debian official packaging for 1.5.6.

commit b5b9f0f6b6d20adce14c88bbb304078c4bfd909d
Merge: 6ccc7f1e 570a3731
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Apr 25 14:39:47 2019 +0100

    Merge tag 'v1.5.6' into debian

commit 570a373134d5c81342bb43a15b2dbfa4d941bfea
Merge: 19fbbd87 240e87c8
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Feb 6 15:54:12 2019 +0000

    Merge branch 'fixes'

commit 240e87c823af4075ea0f391ee801c93619d208fe
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Feb 6 15:44:53 2019 +0000

    Update CVE details and bump version number.

commit dd1246f2f661c741a14764e6f33f2e81164cdc70
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Feb 6 13:42:49 2019 +0000

    Fix some unused variable warnings.

commit 51159ff19ee3985aafc43d874a168928d6e1327e
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Feb 6 12:23:27 2019 +0000

    Fix cmake client build with TLS.

commit afbeff3369253ce5212ff9f1cf06b731d4bc40ee
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Feb 6 12:22:29 2019 +0000

    Fix socks build when using cmake.

commit 50011b18426ec76e7da7397d290a3cad6fac9c52
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Feb 6 09:10:05 2019 +0000

    Log message for disconnecting a client with invalid UTF-8 topic.
    
    Closes #1144. Thanks to Kris Mattheus.

commit d81b7e2b84bf41f64f23588edb7859df984ed0a1
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Feb 3 22:26:10 2019 +0000

    Fixed durable clients being unable to receive messages when offline.
    
    This occurred when per_listener_settings was set to true.
    
    Closes #1081. Thanks to dwin-wangjt.

commit 9751cccf0de920cfbca5604b3c8b54c1af254745
Author: Roger A. Light <roger@atchoo.org>
Date:   Sat Feb 2 22:39:47 2019 +0000

    Windows: Fix possible crash when client disconnects.
    
    Closes #1137. Thanks to Kris Mattheus.

commit 0beeee189e5678bb3bdead3edaeec9d858507455
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Feb 3 22:01:33 2019 +0000

    Fix Will not being sent for Websockets clients.
    
    Closes #1143. Thanks to salcedo.

commit 927c2aafe870a75bbd1db0e70be67079fd4d5d08
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Feb 3 20:46:23 2019 +0000

    Allow broker to always restart on Windows when using `log_dest file`.
    
    Closes #1080. Thanks to lcouz.

commit 5df00f66b4eeac99c068898e03ff141ec27709ca
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Feb 3 20:36:44 2019 +0000

    Fix spaces not being allowed in the bridge remote_username option.
    
    Closes #1131. Thanks to beville.

commit 3854993d3306211aa4e939a44b4e4381af579644
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Feb 3 08:26:00 2019 +0000

    Man page can now be built on any system.
    
    Closes #1139. Huge thanks to Chris Mayo.

commit 276c1a62e06fcc669c5edebfa3da524282ef09c0
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Feb 3 08:07:32 2019 +0000

    Improve documentation of use_identity_as_username.
    
    Closes #1134. Thanks to Adrian P.

commit cbd5306aecf22c9833fd7352a41e951e19abe05b
Author: Roger Light <roger@atchoo.org>
Date:   Thu Jan 31 21:50:42 2019 +0000

    Fix and tests for CVE-2018-12546.

commit 5820b9e4e73b3770721f8bf0a4b3d337f55941da
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Jan 30 15:29:20 2019 +0000

    Fix and tests for security bug #541870.

commit 3559b66ade2e07422305e216ca909dadf1e07012
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Jan 30 15:01:34 2019 +0000

    Fix and tests for security bug #543401.

commit cecf8f838fdbc4630a5bead8f5b3588bcacb49ea
Author: Steven Lawrance <stl@koffein.net>
Date:   Wed Jan 30 15:22:30 2019 +0100

    Include sys/socket.h for AF_INET definition
    
    Without this, mosquitto doesn't build on FreeBSD with websockets enabled
    
    Signed-off-by: Steven Lawrance <stl@koffein.net>

commit 9dd8d1e054249c6c8202dc8847317f565d1cdd51
Author: Roger Light <roger@atchoo.org>
Date:   Wed Jan 23 11:44:19 2019 +0000

    Handle mismatched handshakes properly.
    
    For example, a QoS1 PUBLISH with QoS2 reply.

commit d085216d71e324c1d67a688caaff402e381227b0
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Jan 22 23:04:55 2019 +0000

    Make table more consistent with preceding documentation.

commit 18a37ce4bca5e062aacdfcad512bbc21ebd8293f
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Jan 22 09:51:20 2019 +0000

    Improve bridge remapping documentation.

commit 01cc4dd696564ba869d558081d31e2a0d91fac3d
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Jan 15 14:23:01 2019 +0000

    Update changelog for previous PR.
    
    Thanks to Matthias Stone.

commit 4ddf00dec38e9364d0de43bb73d49c1e968ab750
Author: Matthias Stone <matthias@bellstone.ca>
Date:   Wed Dec 12 17:44:18 2018 -0700

    Don't clear SSL context when TLS connection is closed.
    
    Previous behaviour would clear the external SSL_CTX provided by
    MOSQ_OPT_SSL_CTX. This required the user to reset the SSL_CTX every
    disconnect, and trust that they were not leaking references.
    
    Recreating the SSL context for every connection is not necessary, and the
    SSL context is freed in mosquitto_destroy, which is sufficient.
    
    Signed-off-by: Matthias Stone <matthias@bellstone.ca>

commit f49aeffd8c723988a995cb68d909d56bae35e8b4
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Jan 15 13:21:12 2019 +0000

    Fix TLS connections not working over SOCKS.
    
    Thanks to Mark Oeltjenbruns.

commit b2e63f49f72f4a4321678d850843960f029bfec3
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Jan 15 12:37:45 2019 +0000

    Update changelog

commit 80d77983d303cd6ad07b6a5135e987ad0ab65cc8
Author: Vinod Kumar <kumar003vinod@gmail.com>
Date:   Thu Dec 27 14:04:12 2018 +0530

    ignore inline comments while parsing optional config params
    
    Signed-off-by: Vinod Kumar <kumar003vinod@gmail.com>

commit e7e69eadb712d45a3319be05938ae9cd39062f4c
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Jan 10 17:44:46 2019 +0000

    Fix compilation when openssl deprecated APIs are not available.
    
    Closes #1094. Thanks to Rosen Penev.

commit 8fce26134b0d993df47174d6620ea21d54bff4e0
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Jan 10 15:51:34 2019 +0000

    Fix comparison of boolean values in CMake build.
    
    Closes #1101. Thanks to Mojca Miklavec and Andrew L. Moore.

commit ddb64c15f319ffaaae08c59b7faea13c6b306698
Merge: 75bbc311 19fbbd87
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Jan 10 10:22:04 2019 +0000

    Merge branch 'master' into fixes

commit 75bbc3113001b5a3b61a29769dcb98370748a7e4
Author: Maksym Ruchko <mruchko@advantech-bb.com>
Date:   Fri Jan 4 10:39:30 2019 +0000

    Fixed threaded enum lost in merges
    
    Change was part of the original commit e8185ddaa74234c2c37aa529e711cddfc7cede91
    "[166] Don't cancel external threads."
    and then lost during code reorganizing and subsequent merge,
    commits 970ba58da63b2790607585edcc364b7ada614e3b 81cb7ab547b37edcdf9e22e2ab93cbe260bb924b
    
    Signed-off-by: Maksym Ruchko <mruchko@advantech-bb.com>

commit 6ccc7f1e35dbfbed8e43a353b3d2a0d5883d436c
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Dec 11 16:39:15 2018 +0000

    Update for 1.5.5.

commit d36e47a8a6d4cde6f2c39eba84fd794ecb704edb
Merge: 9a2219af 84c5d90f
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Dec 11 16:37:23 2018 +0000

    Merge branch 'master' into debian

commit 9a2219af9768deac7cd553530e4b7e8d2eebbdc8
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Nov 29 14:07:26 2018 +0000

    Add pkg-config dep and attribute patch.

commit 04f8ee7660169087a8673b782896d36395f820af
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Nov 27 07:43:07 2018 +0000

    Fix missing "shell".

commit 54b685ef662e100f399161d1b70046322db7047b
Author: Roger A. Light <roger@atchoo.org>
Date:   Mon Nov 26 23:29:15 2018 +0000

    Fix #877346.

commit 06695cf21c73a9c528a10fae84d762fbdecf0108
Merge: 735c9653 8960b1fe
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Nov 25 17:30:41 2018 +0000

    Merge branch 'master' into debian

commit 735c96533361ccf13adae093a41bfba212ce717e
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Nov 25 17:10:24 2018 +0000

    Fix #914593

commit 73228b160e90b7b30a9fd853da7551fce778f7e0
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Nov 25 17:08:55 2018 +0000

    Fix #914525.

commit dd7da0203b9c1efd6c333d8abb27d2334c46d307
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Nov 13 16:21:09 2018 +0000

    Add mosquitto.init back in advice of DD.

commit 5243bb5830f706e249ab494e6508ea04b7bce450
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Nov 13 11:50:41 2018 +0000

    Add upstream/metadata.

commit 4550623a0a73fc3bd6bd7576c6d7bacd6ab50b1c
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Nov 13 11:33:47 2018 +0000

    Minor lintian fixes.

commit 18c69bbc753de16b035a5562f596ed0653472c43
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Nov 13 11:33:27 2018 +0000

    Bump dh compat to 11.

commit a68ddfc93558c10476c50835421fbd0f9b41619b
Author: Roger A. Light <roger@atchoo.org>
Date:   Sun Oct 28 07:35:01 2018 +0000

    Extensive debian package update to 1.5.4.

commit 54322a3df5e6b9c0f2bff6689f16330383667ec1
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 16:26:02 2018 +0100

    Bump version number, add CVE details.

commit 84a356e25e37b5a6071341139883f108e62b5bdd
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 16:14:57 2018 +0100

    Fix Windows version not starting if include_dir did not contain any files.
    
    Closes #566.
    
    Thanks to marleau.

commit 23e336290fa9af6d3885695ec4efc81f71d4c6b0
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 14:32:43 2018 +0100

    Add allow_zero_length_clientid, auto_id_prefix documentation.
    
    Closes #600.

commit 443d34a9734d5ab4785caee03f0755b6e7fbf07d
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 13:52:14 2018 +0100

    Fix incorrect hash usage with duplicate clients.
    
    Fix duplicate clients being added to by_id hash before the old client
    was removed.
    
    Closes #645.

commit c978fd50fe57537d01960f8997cd10cdf62c1c4b
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 12:54:22 2018 +0100

    Minor documentation fix. Closes #520.

commit 0e95612fe5daaf04415030f18946fe1563f4ee25
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 11:39:58 2018 +0100

    Fix retained msgs not sent by bridges.
    
    This occurred when a bridge connected for the first time and so made a
    local subscription for outgoing topics.
    
    Closes #701.

commit 016fcc2372ddd1b10cb2465741ef668da7649cee
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 09:25:56 2018 +0100

    Add test for $test publishing bug.

commit c0196547ae5d075bbab4f19e5f09ddf26953b4e2
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 16:12:00 2018 +0100

    Various build improvements to help packaging.

commit 7900c2c353ce707874283d58e0c9a528408a07f5
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 15:02:15 2018 +0100

    Revert "Remove some test that was always true"
    
    This reverts commit 6fc7cadb63477a438f56745872a2046ed7026fc4.

commit 11c79db2496a808653a820c2cd9a6e594285615c
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 14:25:02 2018 +0100

    Better attempt at fixing mac travis.

commit 26bbcf5586cf807e157f8248fdbb7a4869091337
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 25 12:11:03 2018 +0100

    Attempt to fix Mac build on travis.

commit eebd22a83c2f5c1bc6346213199011b72566c94c
Author: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Date:   Tue Sep 25 06:43:40 2018 +0200

    fix signal handler on win32
    
    The signal handler thread on win32 did listen to 4 HANDLEs,
    of which only 3 were initialized.
    The result was 1 thread eating 100% cpu.
    This commit reduces the HANDLE array storage.
    
    Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>

commit 41c93565d5dc053ed953a314a1285453a8ed3b39
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 12:05:02 2018 +0100

    Remove requirement to use `user root` in snap package config files.

commit fee71d6df128684b6384aec896a2fc449b9dfdfc
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 12:00:51 2018 +0100

    Elevate log level to warning for situation when socket limit is hit.

commit c5b675fa634611099271ab77b77d80512f1cacae
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 10:25:27 2018 +0100

    Fix build on Windows.

commit 36c4cecd48de7a515242bf399d782ca49d88cc12
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 15:25:28 2018 +0100

    Add fixed CVE information.

commit e649d93191aeca7af3f04041996b9e117c0da771
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 14:00:55 2018 +0100

    Add missing posts.

commit 20efb3326792e9bd1e248496a83b65cf909d3e22
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 10:04:35 2018 +0100

    Download page update.

commit 404394fda78ce7d1c2eeafd1116cd9ec1df5ead9
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 09:35:01 2018 +0100

    Update website config.

commit b5b25220c868cf005bdaad73db03a65aa8242078
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Aug 8 22:43:14 2018 +0100

    Add website.

commit 1eff425949edf7560eac6ceba506c2c9799f3a10
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Sep 20 08:34:33 2018 +0100

    Snap build fix.
    
    https://forum.snapcraft.io/t/errors-when-building-via-launchpad/7448

commit 41d91053972c458d86ea8c871c0e1212b88b1c5e
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Sep 19 18:09:43 2018 +0100

    Bump version number.

commit 4fdcbad93f37b2522cb29197f6598ed4a28d2ea3
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Sep 19 17:52:23 2018 +0100

    Fix segfault on HUP when bridges and security options are configured.
    
    Closes #849. Closes #965. Thanks to Wolfgand Hottgenroth and Dustin Sallings.

commit 906cca4f21fc87bc2f1b30c277425dac03df6410
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Sep 19 14:40:22 2018 +0100

    Fix "round_robin false" behaviour.
    
    Closes #481.

commit 921171286d10cf3d7da842e5045d1128c68018c5
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Sep 19 13:01:13 2018 +0100

    Close spare sock at exit.

commit b98fe5e28ee98f010485dbc428e87a55af6c3825
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Sep 19 12:55:08 2018 +0100

    Fix for bridge connections when using WITH_ADNS=yes.

commit ff04f66423cd8a45d118f3962375d4918a937bc1
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Sep 19 12:27:24 2018 +0100

    Add link to tls asciicast.
    
    Closes #968.

commit 7d4c2a0ff37a7754d33462de95036ed9d68b8e0d
Author: Michael Heimpold <michael.heimpold@i2se.com>
Date:   Tue Sep 4 01:13:06 2018 +0200

    Install pkg-config files also for non-CMake builds
    
    At the moment, pkg-config hint files are only installed when CMake is
    used as build system. However, it is very convenient for programs using
    libmosquitto to have these files always in place, so let's add it
    here, too.
    
    Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>

commit e88cabc30679887d32dbf3ea6799b746a5e6279e
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 18 15:03:16 2018 +0100

    Changelog entry for #932.

commit 46b824139f13a820cfd0f3811b7f4481d3451bdb
Author: Fredrik Fornwall <fredrik@fornwall.net>
Date:   Fri Aug 24 11:45:51 2018 +0200

    Fix build with OPENSSL_NO_ENGINE
    
    Signed-off-by: Fredrik Fornwall <fredrik@fornwall.net>

commit e331c8a725f475123407ae51409d3b0c60681448
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 18 14:56:47 2018 +0100

    Update changelog and fixes to #927 PR.

commit 434f34911e4faf1e5300a2df36b30e68d7f1ec92
Author: yzhivik <yuriy.zhyvytsya@gmail.com>
Date:   Fri Aug 31 10:59:40 2018 +0300

    fix SOCKS5 username and password set
    
    fix SOCKS5 request wrt IP4/IP6/FQDN
    
    Signed-off-by: yzhivik <yuriy.zhyvytsya@gmail.com>

commit 5610dd7af4cca92df8f8fff4aeb6189146dec93e
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 18 12:08:49 2018 +0100

    Better implementation of #948.

commit 24bd31f2a083a72af02ac4e8db3f093343e95ce7
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 18 11:54:58 2018 +0100

    Fix excessive CPU usage when the number of sockets exceeds the system limit.
    
    Closes #948. Thanks to wiebeytec.

commit b81b2287d7e00aa4a66566471d9fbd76cf49af56
Author: Roger A. Light <roger@atchoo.org>
Date:   Tue Sep 18 11:53:11 2018 +0100

    Update expired test certs.

commit 1605a4f294c6f67098b1bc5c3ed8e97cb257b9d3
Author: Roger A. Light <roger@atchoo.org>
Date:   Sat Sep 8 10:24:12 2018 +0100

    Make it easier to build without bundled uthash.h.
    
    Use "make WITH_BUNDLED_DEPS=no".

commit ebdfe0e6f5e2a2f1ca33d0ea0dbf154764987013
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 30 21:01:04 2018 +0100

    Fix incorrect call to setsockopt() for TCP_NODELAY.
    
    Closes #941. Thanks to rfalke.
    
    Signed-off-by: Roger A. Light <roger@atchoo.org>

commit 135ff1dd2e580c9e2497db0acf993ed1e8a8c37e
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 30 20:44:17 2018 +0100

    Fix build when using WITH_ADNS=yes.

commit be8b3b0fae67b82734dadec062fb9fc3cc99f272
Author: Roger A. Light <roger@atchoo.org>
Date:   Wed Aug 29 10:07:33 2018 +0100

    Enable ADNS for the snap.

commit b5832eb6b8c009f3c561a40a2ddabc007930b5f5
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 23:23:56 2018 +0100

    Add missing test.

commit a6c52cf5af60913f7d571395f17be23150d9c14c
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 22:52:04 2018 +0100

    Add websockets support to snap.

commit afbb0f66914200c90dad9e0332701d493d1b02ad
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 17:01:08 2018 +0100

    Bump version number.
    
    Signed-off-by: Roger A. Light <roger@atchoo.org>

commit 63bfcb224e7da5149f31daf41fe58f5fd0287266
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 17:00:00 2018 +0100

    Fix accessor functions for username and client id when used in plugin auth check.

commit becbff406bea7034f17623c6203e605eed11dce3
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 14:16:07 2018 +0100

    Include snapcraft.yaml in snap.

commit 5e365a2597414fb2e5965595e5b1cb2b1617244b
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 14:15:58 2018 +0100

    Documentation fixes.

commit 63f98f3c55382fb2dda83503ddd9331fa89596bd
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 13:26:58 2018 +0100

    Fix for building on Windows with static lws.

commit 92d360e8a488ebdd96fc334864721a6bd4c099cf
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 13:24:07 2018 +0100

    Installer and readme updates.

commit 6fade4bc3d076052c568badc5d0316c65503a312
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 11:33:06 2018 +0100

    Revert incorrect change.

commit fd19a6f0f0a96cc5dcd3ccdf976ecfdc2b6c518b
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 11:28:26 2018 +0100

    Add support for compiling with static libwebsockets library.

commit 0caae2a6ea287647b404e0e44d969d170a04ae45
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 11:16:16 2018 +0100

    Build fix for Windows.

commit 4ee1dba1f93ecc5413a7119cc4e9ac21919e0234
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 11:14:51 2018 +0100

    Consistent use of config.h across the project.

commit 9bbd2f7022fd4738c36d675d36bdfc2df8213fd7
Author: Roger A. Light <roger@atchoo.org>
Date:   Thu Aug 16 11:06:58 2018 +0100

    Return error in mosquitto_pub -l if compiled without threading.

Created: 2017-12-03 Last update: 2019-06-18 12:31

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-03-13 Last update: 2019-03-13 05:43

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2018-12551: When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.
CVE-2017-7655: In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
CVE-2018-12546: In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.
CVE-2018-12550: When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

Please fix them.

Created: 2019-02-08 Last update: 2019-04-27 14:11

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2017-7655: In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.

Please fix it.

Created: 2019-03-29 Last update: 2019-04-27 14:11

testing migrations

This package will soon be part of the auto-libwebsockets transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-03-03] mosquitto 1.5.7-1 MIGRATED to testing (Debian testing watch)
[2019-02-21] Accepted mosquitto 1.5.7-1 (source) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2019-02-20] mosquitto 1.5.6-1 MIGRATED to testing (Debian testing watch)
[2019-02-18] Accepted mosquitto 1.4.10-3+deb9u4 (source) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2019-02-18] Accepted mosquitto 1.4.10-3+deb9u3 (source) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2019-02-17] Accepted mosquitto 1.4.10-3+deb9u4 (source) into stable->embargoed, stable (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2019-02-12] Accepted mosquitto 1.5.6-1 (source) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2019-02-10] Accepted mosquitto 1.4.10-3+deb9u3 (source) into stable->embargoed, stable (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2018-12-28] mosquitto 1.5.5-1.1 MIGRATED to testing (Debian testing watch)
[2018-12-22] Accepted mosquitto 1.5.5-1.1 (source) into unstable (Andreas Henriksson)
[2018-12-13] Accepted mosquitto 1.5.5-1 (source amd64 all) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2018-11-29] mosquitto 1.5.4-1 MIGRATED to testing (Debian testing watch)
[2018-11-23] Accepted mosquitto 1.5.4-1 (source) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2018-10-27] Accepted mosquitto 1.4.10-3+deb9u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Thorsten Alteholz)
[2018-10-25] Accepted mosquitto 1.4.10-3+deb9u2 (source amd64 all) into stable->embargoed, stable (Thorsten Alteholz)
[2018-09-28] Accepted mosquitto 1.3.4-2+deb8u3 (source amd64 all) into oldstable (Thorsten Alteholz)
[2018-06-29] Accepted mosquitto 1.3.4-2+deb8u2 (source amd64 all) into oldstable (Thorsten Alteholz)
[2018-04-19] mosquitto 1.4.15-2 MIGRATED to testing (Debian testing watch)
[2018-04-08] Accepted mosquitto 1.4.15-2 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2018-04-01] Accepted mosquitto 0.15-2+deb7u3 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2018-04-01] Accepted mosquitto 0.15-2+deb7u3 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2018-03-03] mosquitto 1.4.15-1 MIGRATED to testing (Debian testing watch)
[2018-03-01] Accepted mosquitto 1.4.15-1 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2018-02-14] Accepted mosquitto 1.4.10-3+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Gianfranco Costamagna)
[2018-01-01] mosquitto 1.4.14-2 MIGRATED to testing (Debian testing watch)
[2017-12-27] Accepted mosquitto 1.4.14-2 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2017-12-24] Accepted mosquitto 1.4.14-1 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2017-10-26] Accepted mosquitto 0.15-2+deb7u2 (source amd64 all) into oldoldstable (Roger A. Light) (signed by: Raphaël Hertzog)
[2017-06-11] Accepted mosquitto 1.3.4-2+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2017-06-01] mosquitto 1.4.10-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.5.7-1
3 bugs