Merge branch 'master'

2025-05-09 01:01:11 +08:00 · 2018-10-23 10:39:20 +01:00 · 2018-10-23 10:39:20 +01:00 · 35dea07dcd
commit 35dea07dcd
parent e5eb03b2e6 07d59d20e2
29 changed files with 442 additions and 103 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -11,7 +11,7 @@ project(mosquitto)
 cmake_minimum_required(VERSION 2.8)
 # Only for version 3 and up. cmake_policy(SET CMP0042 NEW)

-set (VERSION 1.5.2)
+set (VERSION 1.5.3)

 add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -32,9 +32,9 @@ Foundation IP policy.
 Please read the [Eclipse Foundation policy on accepting contributions via Git](http://wiki.eclipse.org/Development_Resources/Contributing_via_Git).

 1. Sign the [Eclipse ECA](http://www.eclipse.org/legal/ECA.php)
-  1. Register for an Eclipse Foundation User ID. You can register [here](https://dev.eclipse.org/site_login/createaccount.php).
-  2. Log into the [Projects Portal](https://projects.eclipse.org/), and click on the '[Eclipse ECA](https://projects.eclipse.org/user/sign/eca)' link.
-2. Go to your [account settings](https://dev.eclipse.org/site_login/myaccount.php#open_tab_accountsettings) and add your GitHub username to your account.
+    1. Register for an Eclipse Foundation User ID. You can register [here](https://accounts.eclipse.org/user/register).
+    2. Log into the [Accounts Portal](https://accounts.eclipse.org/), and click on the '[Eclipse Contributor Agreement](https://accounts.eclipse.org/user/eca)' link.
+2. Go to your [account settings](https://accounts.eclipse.org/user/edit) and add your GitHub username to your account.
 3. Make sure that you _sign-off_ your Git commits in the following format:
  ``` Signed-off-by: John Smith <johnsmith@nowhere.com> ``` This is usually at the bottom of the commit message. You can automate this by adding the '-s' flag when you make the commits. e.g.   ```git commit -s -m "Adding a cool feature"```
 4. Ensure that the email address that you make your commits with is the same one you used to sign up to the Eclipse Foundation website with.
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,9 +1,24 @@
-1.5.3 - 201810xx
+1.5.3 - 20180925
 ================

+Security:
+- Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
+  begins with $, but is not $SYS, then an assert that should be unreachable is
+  triggered and Mosquitto will exit.
+
 Broker:
 - Elevate log level to warning for situation when socket limit is hit.
 - Remove requirement to use `user root` in snap package config files.
+- Fix retained messages not sent by bridges on outgoing topics at the first
+  connection. Closes #701.
+- Documentation fixes. Closes #520, #600.
+- Fix duplicate clients being added to by_id hash before the old client was
+  removed. Closes #645.
+- Fix Windows version not starting if include_dir did not contain any files.
+  Closes #566.
+
+Build:
+- Various fixes to ease building.


 1.5.2 - 20180919
--- a/client/Makefile
+++ b/client/Makefile
@ -7,10 +7,10 @@ SHARED_DEP:=../lib/libmosquitto.so.${SOVERSION}
 endif

 ifeq ($(WITH_SHARED_LIBRARIES),yes)
-	ALL_DEPS:= mosquitto_pub mosquitto_sub
+ALL_DEPS:= mosquitto_pub mosquitto_sub
 else
 ifeq ($(WITH_STATIC_LIBRARIES),yes)
-	ALL_DEPS:= static_pub static_sub
+ALL_DEPS:= static_pub static_sub
 endif
 endif

--- a/config.h
+++ b/config.h
@ -1,10 +1,19 @@
 #ifndef CONFIG_H
 /* ============================================================
- * Control compile time options.
- * ============================================================
- *
- * Compile time options have moved to config.mk.
- */
+ * Platform options
+ * ============================================================ */
+
+#ifdef __APPLE__
+#  define __DARWIN_C_SOURCE
+#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__SYMBIAN32__) || defined(__QNX__)
+#  define _XOPEN_SOURCE 700
+#  define __BSD_VISIBLE 1
+#  define HAVE_NETINET_IN_H
+#else
+#  define _XOPEN_SOURCE 700
+#  define _DEFAULT_SOURCE 1
+#  define _POSIX_C_SOURCE 200809L
+#endif


 /* ============================================================
@ -27,16 +36,4 @@
 #define uthash_malloc(sz) mosquitto__malloc(sz)
 #define uthash_free(ptr,sz) mosquitto__free(ptr)

-#ifdef __APPLE__
-#  define __DARWIN_C_SOURCE
-#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__SYMBIAN32__) || defined(__QNX__)
-#  define _XOPEN_SOURCE 700
-#  define __BSD_VISIBLE 1
-#  define HAVE_NETINET_IN_H
-#else
-#  define _XOPEN_SOURCE 700
-#  define _DEFAULT_SOURCE 1
-#  define _POSIX_C_SOURCE 200809L
-#endif
-
 #endif
--- a/config.mk
+++ b/config.mk
@ -105,7 +105,7 @@ WITH_BUNDLED_DEPS:=yes

 # Also bump lib/mosquitto.h, CMakeLists.txt,
 # installer/mosquitto.nsi, installer/mosquitto64.nsi
-VERSION=1.5.2
+VERSION=1.5.3

 # Client library SO version. Bump if incompatible API/ABI changes are made.
 SOVERSION=1
@ -281,9 +281,11 @@ ifeq ($(WITH_WEBSOCKETS),static)
 endif

 INSTALL?=install
-prefix=/usr/local
-mandir=${prefix}/share/man
-localedir=${prefix}/share/locale
+prefix?=/usr/local
+incdir?=${prefix}/include
+libdir?=${prefix}/lib${LIB_SUFFIX}
+localedir?=${prefix}/share/locale
+mandir?=${prefix}/share/man
 STRIP?=strip

 ifeq ($(WITH_STRIP),yes)
--- a/installer/mosquitto.nsi
+++ b/installer/mosquitto.nsi
@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'

 Name "Eclipse Mosquitto"
-!define VERSION 1.5.2
+!define VERSION 1.5.3
 OutFile "mosquitto-${VERSION}-install-windows-x86.exe"

 InstallDir "$PROGRAMFILES\mosquitto"
--- a/installer/mosquitto64.nsi
+++ b/installer/mosquitto64.nsi
@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'

 Name "Eclipse Mosquitto"
-!define VERSION 1.5.2
+!define VERSION 1.5.3
 OutFile "mosquitto-${VERSION}-install-windows-x64.exe"

 !include "x64.nsh"
--- a/lib/Makefile
+++ b/lib/Makefile
@ -54,30 +54,28 @@ ifeq ($(WITH_SHARED_LIBRARIES),yes)
 endif

 install : all
-	$(INSTALL) -d "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/"
-
+	$(INSTALL) -d "${DESTDIR}${libdir}/"
 ifeq ($(WITH_SHARED_LIBRARIES),yes)
-	$(INSTALL) ${STRIP_OPTS} libmosquitto.so.${SOVERSION} "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION}"
-	ln -sf libmosquitto.so.${SOVERSION} "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so"
+	$(INSTALL) ${STRIP_OPTS} libmosquitto.so.${SOVERSION} "${DESTDIR}${libdir}/libmosquitto.so.${SOVERSION}"
+	ln -sf libmosquitto.so.${SOVERSION} "${DESTDIR}${libdir}/libmosquitto.so"
 endif
 ifeq ($(WITH_STATIC_LIBRARIES),yes)
-	$(INSTALL) libmosquitto.a "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.a"
-	${CROSS_COMPILE}${STRIP} -g --strip-unneeded "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.a"
+	$(INSTALL) ${STRIP_OPTS} libmosquitto.a "${DESTDIR}${libdir}/libmosquitto.a"
 endif
-	$(INSTALL) -d "${DESTDIR}${prefix}/include/"
-	$(INSTALL) mosquitto.h "${DESTDIR}${prefix}/include/mosquitto.h"
-	$(INSTALL) -d "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig"
-	$(INSTALL) -m644 ../libmosquitto.pc.in "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig/libmosquitto.pc"
-	sed -i -e "s#@CMAKE_INSTALL_PREFIX@#$(prefix)#" -e "s#@VERSION@#$(VERSION)#" "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig/libmosquitto.pc"
+	$(INSTALL) -d "${DESTDIR}${incdir}/"
+	$(INSTALL) mosquitto.h "${DESTDIR}${incdir}/mosquitto.h"
+	$(INSTALL) -d "${DESTDIR}${libdir}/pkgconfig"
+	$(INSTALL) -m644 ../libmosquitto.pc.in "${DESTDIR}${libdir}/pkgconfig/libmosquitto.pc"
+	sed -i -e "s#@CMAKE_INSTALL_PREFIX@#${prefix}#" -e "s#@VERSION@#${VERSION}#" "${DESTDIR}${libdir}/pkgconfig/libmosquitto.pc"
 ifeq ($(WITH_SHARED_LIBRARIES),yes)
 	$(MAKE) -C cpp install
 endif

 uninstall :
-	-rm -f "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION}"
-	-rm -f "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so"
-	-rm -f "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.a"
-	-rm -f "${DESTDIR}${prefix}/include/mosquitto.h"
+	-rm -f "${DESTDIR}${libdir}/libmosquitto.so.${SOVERSION}"
+	-rm -f "${DESTDIR}${libdir}/libmosquitto.so"
+	-rm -f "${DESTDIR}${libdir}/libmosquitto.a"
+	-rm -f "${DESTDIR}${incdir}/mosquitto.h"

 reallyclean : clean

--- a/lib/cpp/Makefile
+++ b/lib/cpp/Makefile
@ -15,24 +15,24 @@ endif
 all : ${ALL_DEPS}

 install : all
-	$(INSTALL) -d "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/"
-	$(INSTALL) ${STRIP_OPTS} libmosquittopp.so.${SOVERSION} "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so.${SOVERSION}"
-	ln -sf libmosquittopp.so.${SOVERSION} "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so"
+	$(INSTALL) -d "${DESTDIR}${libdir}/"
+	$(INSTALL) ${STRIP_OPTS} libmosquittopp.so.${SOVERSION} "${DESTDIR}${libdir}/libmosquittopp.so.${SOVERSION}"
+	ln -sf libmosquittopp.so.${SOVERSION} "${DESTDIR}${libdir}/libmosquittopp.so"
 ifeq ($(WITH_STATIC_LIBRARIES),yes)
-	$(INSTALL) libmosquittopp.a "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.a"
-	${CROSS_COMPILE}${STRIP} -g --strip-unneeded "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.a"
+	$(INSTALL) libmosquittopp.a "${DESTDIR}${libdir}/libmosquittopp.a"
+	${CROSS_COMPILE}${STRIP} -g --strip-unneeded "${DESTDIR}${libdir}/libmosquittopp.a"
 endif
-	$(INSTALL) -d "${DESTDIR}${prefix}/include/"
-	$(INSTALL) mosquittopp.h "${DESTDIR}${prefix}/include/mosquittopp.h"
-	$(INSTALL) -d "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig"
-	$(INSTALL) -m644 ../../libmosquittopp.pc.in "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig/libmosquittopp.pc"
-	sed -i -e "s#@CMAKE_INSTALL_PREFIX@#$(prefix)#" -e "s#@VERSION@#$(VERSION)#" "${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/pkgconfig/libmosquittopp.pc"
+	$(INSTALL) -d "${DESTDIR}${incdir}/"
+	$(INSTALL) mosquittopp.h "${DESTDIR}${incdir}/mosquittopp.h"
+	$(INSTALL) -d "${DESTDIR}${libdir}/pkgconfig/"
+	$(INSTALL) -m644 ../../libmosquittopp.pc.in "${DESTDIR}${libdir}/pkgconfig/libmosquittopp.pc"
+	sed -i -e "s#@CMAKE_INSTALL_PREFIX@#${prefix}#" -e "s#@VERSION@#${VERSION}#" "${DESTDIR}${libdir}/pkgconfig/libmosquittopp.pc"

 uninstall :
-	-rm -f "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so.${SOVERSION}"
-	-rm -f "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so"
-	-rm -f "${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.a"
-	-rm -f "${DESTDIR}${prefix}/include/mosquittopp.h"
+	-rm -f "${DESTDIR}${libdir}/libmosquittopp.so.${SOVERSION}"
+	-rm -f "${DESTDIR}${libdir}/libmosquittopp.so"
+	-rm -f "${DESTDIR}${libdir}/libmosquittopp.a"
+	-rm -f "${DESTDIR}${incdir}/mosquittopp.h"

 clean :
 	-rm -f *.o libmosquittopp.so.${SOVERSION} libmosquittopp.a
--- a/lib/mosquitto.h
+++ b/lib/mosquitto.h
@ -47,7 +47,7 @@ extern "C" {

 #define LIBMOSQUITTO_MAJOR 1
 #define LIBMOSQUITTO_MINOR 5
-#define LIBMOSQUITTO_REVISION 2
+#define LIBMOSQUITTO_REVISION 3
 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
 #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)

--- a/lib/mosquitto_internal.h
+++ b/lib/mosquitto_internal.h
@ -208,6 +208,8 @@ struct mosquitto {
 #endif
 	bool clean_session;
 #ifdef WITH_BROKER
+	char *old_id; /* for when a duplicate client connects, but we still want to
+					 know what the id was */
 	bool is_dropping;
 	bool is_bridge;
 	struct mosquitto__bridge *bridge;
--- a/man/mosquitto.conf.5.xml
+++ b/man/mosquitto.conf.5.xml
@ -195,6 +195,17 @@
 					<para>Reloaded on reload signal.</para>
 				</listitem>
 			</varlistentry>
+			<varlistentry>
+				<term><option>allow_zero_length_clientid</option> [ true | false ]</term>
+				<listitem>
+					<para>MQTT 3.1.1 allows clients to connect with a zero
+						length client id and have the broker generate a client
+						id for them. Use this option to allow/disallow this
+						behaviour. Defaults to true.</para>
+					<para>See also the <option>auto_id_prefix</option> option.</para>
+					<para>Reloaded on reload signal.</para>
+				</listitem>
+			</varlistentry>
 			<varlistentry>
 				<term><option>auth_opt_*</option> <replaceable>value</replaceable></term>
 				<listitem>
@ -244,6 +255,17 @@
 					<para>Not currently reloaded on reload signal.</para>
 				</listitem>
 			</varlistentry>
+			<varlistentry>
+				<term><option>auto_id_prefix</option> <replaceable>prefix</replaceable></term>
+				<listitem>
+					<para>If <option>allow_zero_length_clientid</option> is
+						<replaceable>true</replaceable>, this option allows you
+						to set a string that will be prefixed to the
+						automatically generated client ids to aid visibility in
+						logs. Defaults to no prefix.</para>
+					<para>Reloaded on reload signal.</para>
+				</listitem>
+			</varlistentry>
 			<varlistentry>
 				<term><option>autosave_interval</option> <replaceable>seconds</replaceable></term>
 				<listitem>
@ -763,7 +785,7 @@
 							client connected to a listener with mount point
 							<replaceable>example</replaceable> can only see
 							messages that are published in the topic hierarchy
-							<replaceable>example</replaceable> and above.</para>
+							<replaceable>example</replaceable> and below.</para>
 						<para>Not reloaded on reload signal.</para>
 					</listitem>
 				</varlistentry>
--- a/set-version.sh
+++ b/set-version.sh
@ -2,7 +2,7 @@

 MAJOR=1
 MINOR=5
-REVISION=2
+REVISION=3

 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk

--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@ -1,5 +1,5 @@
 name: mosquitto
-version: 1.5.2
+version: 1.5.3-1
 summary: Eclipse Mosquitto MQTT broker
 description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
    protocol.
@ -26,6 +26,9 @@ apps:
    command: usr/bin/mosquitto_sub
    plugs: [network]

+  passwd:
+    command: usr/bin/mosquitto_passwd
+

 parts:
  script:
@ -63,10 +66,14 @@ parts:
      - usr/sbin/mosquitto
      - usr/bin/mosquitto_pub
      - usr/bin/mosquitto_sub
+      - usr/bin/mosquitto_passwd
      - usr/lib/libmosquitto.so*
      - lib/*-linux-gnu/libcrypto.so*
      - lib/*-linux-gnu/libssl.so*
      - lib/*-linux-gnu/libuuid.so*
+      - usr/include/mosquitto.h
+      - usr/include/mosquitto_broker.h
+      - usr/include/mosquitto_plugin.h

  lws:
    plugin: cmake
--- a/src/bridge.c
+++ b/src/bridge.c
@ -145,6 +145,9 @@ int bridge__connect_step1(struct mosquitto_db *db, struct mosquitto *context)
 		if(context->bridge->topics[i].direction == bd_out || context->bridge->topics[i].direction == bd_both){
 			log__printf(NULL, MOSQ_LOG_DEBUG, "Bridge %s doing local SUBSCRIBE on topic %s", context->id, context->bridge->topics[i].local_topic);
 			if(sub__add(db, context, context->bridge->topics[i].local_topic, context->bridge->topics[i].qos, &db->subs)) return 1;
+			sub__retain_queue(db, context,
+					context->bridge->topics[i].local_topic,
+					context->bridge->topics[i].qos);
 		}
 	}

@ -308,6 +311,9 @@ int bridge__connect(struct mosquitto_db *db, struct mosquitto *context)
 		if(context->bridge->topics[i].direction == bd_out || context->bridge->topics[i].direction == bd_both){
 			log__printf(NULL, MOSQ_LOG_DEBUG, "Bridge %s doing local SUBSCRIBE on topic %s", context->id, context->bridge->topics[i].local_topic);
 			if(sub__add(db, context, context->bridge->topics[i].local_topic, context->bridge->topics[i].qos, &db->subs)) return 1;
+			sub__retain_queue(db, context,
+					context->bridge->topics[i].local_topic,
+					context->bridge->topics[i].qos);
 		}
 	}

--- a/src/conf.c
+++ b/src/conf.c
@ -1208,8 +1208,8 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
 						snprintf(dirpath, MAX_PATH, "%s\\*.conf", token);
 						fh = FindFirstFile(dirpath, &find_data);
 						if(fh == INVALID_HANDLE_VALUE){
-							log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to open include_dir '%s'.", token);
-							return 1;
+							/* No files found */
+							continue;
 						}

 						do{
--- a/src/context.c
+++ b/src/context.c
@ -161,6 +161,10 @@ void context__cleanup(struct mosquitto_db *db, struct mosquitto *context, bool d
 		mosquitto__free(context->id);
 		context->id = NULL;
 	}
+	if(context->old_id){
+		mosquitto__free(context->old_id);
+		context->old_id = NULL;
+	}
 	packet__cleanup(&(context->in_packet));
 	if(context->current_out_packet){
 		packet__cleanup(context->current_out_packet);
--- a/src/loop.c
+++ b/src/loop.c
@ -638,12 +638,17 @@ void do_disconnect(struct mosquitto_db *db, struct mosquitto *context)
 			context->sock = INVALID_SOCKET;
 			context->pollfd_index = -1;
 		}
+		HASH_DELETE(hh_id, db->contexts_by_id, context);
+		context->old_id = context->id;
+		context->id = NULL;
 	}else
 #endif
 	{
 		if(db->config->connection_messages == true){
 			if(context->id){
 				id = context->id;
+			}else if(context->old_id){
+				id = context->old_id;
 			}else{
 				id = "<unknown>";
 			}
--- a/src/subs.c
+++ b/src/subs.c
@ -459,7 +459,15 @@ int sub__add(struct mosquitto_db *db, struct mosquitto *context, const char *sub
 	if(sub__topic_tokenise(sub, &tokens)) return 1;

 	HASH_FIND(hh, *root, UHPA_ACCESS_TOPIC(tokens), tokens->topic_len, subhier);
-	assert(subhier);
+	if(!subhier){
+		subhier = sub__add_hier_entry(NULL, root, UHPA_ACCESS_TOPIC(tokens), tokens->topic_len);
+		if(!subhier){
+			sub__topic_tokens_free(tokens);
+			log__printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory.");
+			return MOSQ_ERR_NOMEM;
+		}
+
+	}
 	rc = sub__add_recurse(db, context, qos, subhier, tokens);

 	sub__topic_tokens_free(tokens);
@ -481,8 +489,9 @@ int sub__remove(struct mosquitto_db *db, struct mosquitto *context, const char *
 	if(sub__topic_tokenise(sub, &tokens)) return 1;

 	HASH_FIND(hh, root, UHPA_ACCESS_TOPIC(tokens), tokens->topic_len, subhier);
-	assert(subhier);
-	rc = sub__remove_recurse(db, context, subhier, tokens);
+	if(subhier){
+		rc = sub__remove_recurse(db, context, subhier, tokens);
+	}

 	sub__topic_tokens_free(tokens);

@ -507,14 +516,15 @@ int sub__messages_queue(struct mosquitto_db *db, const char *source_id, const ch
 	(*stored)->ref_count++;

 	HASH_FIND(hh, db->subs, UHPA_ACCESS_TOPIC(tokens), tokens->topic_len, subhier);
-	assert(subhier);
-	if(retain){
-		/* We have a message that needs to be retained, so ensure that the subscription
-		 * tree for its topic exists.
-		 */
-		sub__add_recurse(db, NULL, 0, subhier, tokens);
+	if(subhier){
+		if(retain){
+			/* We have a message that needs to be retained, so ensure that the subscription
+			 * tree for its topic exists.
+			 */
+			sub__add_recurse(db, NULL, 0, subhier, tokens);
+		}
+		sub__search(db, subhier, tokens, source_id, topic, qos, retain, *stored, true);
 	}
-	sub__search(db, subhier, tokens, source_id, topic, qos, retain, *stored, true);
 	sub__topic_tokens_free(tokens);

 	/* Remove our reference and free if needed. */
@ -611,23 +621,25 @@ void sub__tree_print(struct mosquitto__subhier *root, int level)
 	struct mosquitto__subleaf *leaf;

 	HASH_ITER(hh, root, branch, branch_tmp){
-	for(i=0; i<(level+2)*2; i++){
-		printf(" ");
-	}
-	printf("%s", UHPA_ACCESS_TOPIC(branch));
-	leaf = branch->subs;
-	while(leaf){
-		if(leaf->context){
-			printf(" (%s, %d)", leaf->context->id, leaf->qos);
-		}else{
-			printf(" (%s, %d)", "", leaf->qos);
+	if(level > -1){
+		for(i=0; i<(level+2)*2; i++){
+			printf(" ");
 		}
-		leaf = leaf->next;
+		printf("%s", UHPA_ACCESS_TOPIC(branch));
+		leaf = branch->subs;
+		while(leaf){
+			if(leaf->context){
+				printf(" (%s, %d)", leaf->context->id, leaf->qos);
+			}else{
+				printf(" (%s, %d)", "", leaf->qos);
+			}
+			leaf = leaf->next;
+		}
+		if(branch->retained){
+			printf(" (r)");
+		}
+		printf("\n");
 	}
-	if(branch->retained){
-		printf(" (r)");
-	}
-	printf("\n");

 		sub__tree_print(branch->children, level+1);
 	}
@ -715,9 +727,10 @@ int sub__retain_queue(struct mosquitto_db *db, struct mosquitto *context, const
 	if(sub__topic_tokenise(sub, &tokens)) return 1;

 	HASH_FIND(hh, db->subs, UHPA_ACCESS_TOPIC(tokens), tokens->topic_len, subhier);
-	assert(subhier);

-	retain__search(db, subhier, tokens, context, sub, sub_qos, 0);
+	if(subhier){
+		retain__search(db, subhier, tokens, context, sub, sub_qos, 0);
+	}
 	while(tokens){
 		tail = tokens->next;
 		UHPA_FREE_TOPIC(tokens);
--- a/test/broker/03-publish-dollar.py
+++ b/test/broker/03-publish-dollar.py
@ -0,0 +1,40 @@
+#!/usr/bin/env python
+
+# Test whether a PUBLISH to a topic starting with $ succeeds
+
+import inspect, os, sys
+# From http://stackoverflow.com/questions/279237/python-import-a-module-from-a-folder
+cmd_subfolder = os.path.realpath(os.path.abspath(os.path.join(os.path.split(inspect.getfile( inspect.currentframe() ))[0],"..")))
+if cmd_subfolder not in sys.path:
+    sys.path.insert(0, cmd_subfolder)
+
+import mosq_test
+
+rc = 1
+mid = 19
+keepalive = 60
+connect_packet = mosq_test.gen_connect("pub-dollar-test", keepalive=keepalive)
+connack_packet = mosq_test.gen_connack(rc=0)
+
+publish_packet = mosq_test.gen_publish("$test/test", qos=1, mid=mid, payload="message")
+puback_packet = mosq_test.gen_puback(mid)
+
+port = mosq_test.get_port()
+broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port)
+
+try:
+    sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
+    mosq_test.do_send_receive(sock, publish_packet, puback_packet, "puback")
+
+    rc = 0
+
+    sock.close()
+finally:
+    broker.terminate()
+    broker.wait()
+    (stdo, stde) = broker.communicate()
+    if rc:
+        print(stde)
+
+exit(rc)
+
--- a/test/broker/Makefile
+++ b/test/broker/Makefile
@ -62,6 +62,7 @@ endif
 	./03-pattern-matching.py
 	#./03-publish-qos1-queued-bytes.py
 	./03-publish-invalid-utf8.py
+	./03-publish-dollar.py

 04 :
 	./04-retain-qos0.py
--- a/test/broker/ptest.py
+++ b/test/broker/ptest.py
@ -44,6 +44,7 @@ tests = [
    (1, './03-pattern-matching.py'),
    #(1, './03-publish-qos1-queued-bytes.py'),
    (1, './03-publish-invalid-utf8.py'),
+    (1, './03-publish-dollar.py'),

    (1, './04-retain-qos0.py'),
    (1, './04-retain-qos0-fresh.py'),
--- a/www/pages/download.md
+++ b/www/pages/download.md
@ -11,8 +11,8 @@

 # Source

-* [mosquitto-1.5.2.tar.gz](http://mosquitto.org/files/source/mosquitto-1.5.2.tar.gz) (319kB) ([GPG signature](http://mosquitto.org/files/source/mosquitto-1.5.1.tar.gz.asc))
-* [mosquitto-1.5.2.tar.gz](http://www.eclipse.org/downloads/download.php?file=/mosquitto/source/mosquitto-1.5.2.tar.gz) (via Eclipse)
+* [mosquitto-1.5.3.tar.gz](http://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz) (319kB) ([GPG signature](http://mosquitto.org/files/source/mosquitto-1.5.3.tar.gz.asc))
+* [mosquitto-1.5.3.tar.gz](http://www.eclipse.org/downloads/download.php?file=/mosquitto/source/mosquitto-1.5.3.tar.gz) (via Eclipse)
 * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)

 Older downloads are available at [http://mosquitto.org/files/](../files/)
@ -25,10 +25,8 @@ distributions.

 ## Windows

-* [mosquitto-1.5.2-install-windows-x64.exe](http://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win64/mosquitto-1.5.2-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
-* [mosquitto-1.5.2-install-windows-x32.exe](http://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win32/mosquitto-1.5.2-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)
-
-You will also need to install Win64 OpenSSL v1.1.0 Light or Win32OpenSSL v1.1.0 Light from [slproweb.com](http://slproweb.com/products/Win32OpenSSL.html)
+* [mosquitto-1.5.3-install-windows-x64.exe](http://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win64/mosquitto-1.5.3-install-windows-x64.exe) (~360 kB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
+* [mosquitto-1.5.3-install-windows-x32.exe](http://www.eclipse.org/downloads/download.php?file=/mosquitto/binary/win32/mosquitto-1.5.3-install-windows-x86.exe) (~360 kB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)

 See also readme-windows.txt after installing.

--- a/www/pages/security.md
+++ b/www/pages/security.md
@ -19,6 +19,15 @@ follow the steps on [Eclipse Security] page to report it.
 Listed with most recent first. Further information on security related issues
 can be found in the [security category].

+* September 2018: [CVE-2018-12543] affecting versions **1.5** to **1.5.2**
+  inclusive, fixed in **1.5.3**.
+* April 2018: [CVE-2017-7655] affecting versions **1.0** to **1.4.15**
+  inclusive, fixed in **1.5**.
+* April 2018: [CVE-2017-7654] affecting versions **1.0** to **1.4.15**
+  inclusive, fixed in **1.5**.
+  [security-advisory-cve-2017-7653-cve-2017-7654].
+* April 2018: [CVE-2017-7653] affecting versions **1.0** to **1.4.15**
+  inclusive, fixed in **1.5**.
 * February 2018: [CVE-2017-7651] affecting versions **0.15** to **1.4.14**
  inclusive, fixed in **1.4.15**. More details at
  [security-advisory-cve-2017-7651-cve-2017-7652].
@ -33,12 +42,19 @@ can be found in the [security category].
  [security-advisory-cve-2017-7650].


+[security-advisory-cve-2018-12543]: /2018/09/security-advisory-cve-2018-12543/
 [security-advisory-cve-2017-7651-cve-2017-7652]: /2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
-[CVE-2017-7651]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651
-[CVE-2017-7652]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
-[Eclipse Security]: https://www.eclipse.org/security/
-[CVE-2017-7650]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650
 [security-advisory-cve-2017-7650]: /2017/05/security-advisory-cve-2017-7650/
-[CVE-2017-9868]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9868
 [security-advisory-cve-2017-9868]: /2017/06/security-advisory-cve-2017-9868/
+
+[Eclipse Security]: https://www.eclipse.org/security/
 [security category]: /blog/categories/security/
+
+[CVE-2018-12543]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12543
+[CVE-2017-9868]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9868
+[CVE-2017-7655]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
+[CVE-2017-7654]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
+[CVE-2017-7653]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
+[CVE-2017-7652]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
+[CVE-2017-7651]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651
+[CVE-2017-7650]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650
--- a/www/posts/2018/08/updated-debian-repository-backend.md
+++ b/www/posts/2018/08/updated-debian-repository-backend.md
@ -0,0 +1,26 @@
+<!--
+.. title: Updated Debian Repository Backend
+.. slug: updated-debian-repository-backend
+.. date: 2018-08-08 23:00:43 UTC+01:00
+.. tags: Packaging
+.. category: 
+.. link: 
+.. description: 
+.. type: text
+-->
+
+The backend software for administering the Debian repository at
+https://repo.mosquitto.org/ has been migrated from `reprepro` to `aptly`. This
+has the benefit of allowing multiple versions of a package to remain in the
+repository.
+
+For mosquitto, this now means that old versions of the Debian packages will
+remain available even after newer versions are published, and so you can depend
+on a particular version. The recommendation is always to use the latest version
+of course.
+
+This change should be transparent to all current users, but there is the
+possibility that something is different between the two repository tools. If
+you do find a problem, please let us know.
+
+The repository now has builds for versions 1.4.15 and 1.5.
--- a/www/posts/2018/08/version-151-released.md
+++ b/www/posts/2018/08/version-151-released.md
@ -0,0 +1,87 @@
+<!--
+.. title: Version 1.5.1 released
+.. slug: version-151-released
+.. date: 2018-08-16 17:01:08 UTC+01:00
+.. tags: Releases
+.. category: 
+.. link: 
+.. description: 
+.. type: text
+-->
+
+This is a bugfix release.
+
+# Packaging changes
+
+* The snap package now has support for websockets included.
+* The Windows packages have changed.
+    - Support for Windows XP was dropped in Mosquitto 1.5, so the need for the
+	  Cygwin build has gone, and this has been dropped.
+    - There are now 64-bit and 32-bit native packages.
+    - Websockets support is included.
+    - Threading support is not included in libmosquitto to simplify installation,
+	  alternative solutions are being looked into for the future.
+    - The only external dependency is now OpenSSL.
+
+# Version 1.5.1 changes
+
+## Broker
+- Fix plugin cleanup function not being called on exit of the broker. Closes
+  [#900].
+- Print more OpenSSL errors when loading certificates/keys fail.
+- Use `AF_UNSPEC` etc. instead of `PF_UNSPEC` to comply with POSIX. Closes
+  [#863].
+- Remove use of `AI_ADDRCONFIG`, which means the broker can be used on systems
+  where only the loopback interface is defined. Closes [#869], Closes [#901].
+- Fix IPv6 addresses not being able to be used as bridge addresses.
+  Closes [#886].
+- All clients now time out if they exceed their keepalive\*1.5, rather than
+  just reach it. This was inconsistent in two places.
+- Fix segfault on startup if bridge CA certificates could not be read.
+  Closes [#851].
+- Fix problem opening listeners on Pi caused by unsigned char being default.
+  Found via [#849].
+- ACL patterns that do not contain either `%c` or `%u` now produce a warning in
+  the log. Closes [#209].
+- Fix bridge publishing failing when `per_listener_settings` was true. Closes
+  [#860].
+- Fix `use_identity_as_username true` not working. Closes [#833].
+- Fix UNSUBACK messages not being logged. Closes [#903].
+- Fix possible endian issue when reading the `memory_limit` option.
+- Fix building for libwebsockets < 1.6.
+- Fix accessor functions for username and client id when used in plugin auth
+  check.
+
+## Library
+- Fix some places where return codes were incorrect, including to the
+  `on_disconnect()` callback. This has resulted in two new error codes,
+  `MOSQ_ERR_KEEPALIVE` and `MOSQ_ERR_LOOKUP`.
+- Fix connection problems when `mosquitto_loop_start()` was called before
+  `mosquitto_connect_async()`. Closes [#848].
+
+## Clients
+- When compiled using `WITH_TLS=no`, the default port was incorrectly being set
+  to -1. This has been fixed.
+- Fix compiling on Mac OS X <10.12. Closes `#813` and `#240`.
+
+## Build
+- Fixes for building on NetBSD. Closes `#258`.
+- Fixes for building on FreeBSD.
+- Add support for compiling with static libwebsockets library.
+
+
+[#209]: https://github.com/eclipse/mosquitto/issues/209
+[#240]: https://github.com/eclipse/mosquitto/issues/240
+[#258]: https://github.com/eclipse/mosquitto/issues/258
+[#813]: https://github.com/eclipse/mosquitto/issues/813
+[#833]: https://github.com/eclipse/mosquitto/issues/833
+[#848]: https://github.com/eclipse/mosquitto/issues/848
+[#849]: https://github.com/eclipse/mosquitto/issues/849
+[#851]: https://github.com/eclipse/mosquitto/issues/851
+[#860]: https://github.com/eclipse/mosquitto/issues/860
+[#863]: https://github.com/eclipse/mosquitto/issues/863
+[#869]: https://github.com/eclipse/mosquitto/issues/869
+[#886]: https://github.com/eclipse/mosquitto/issues/886
+[#900]: https://github.com/eclipse/mosquitto/issues/900
+[#901]: https://github.com/eclipse/mosquitto/issues/901
+[#903]: https://github.com/eclipse/mosquitto/issues/903
--- a/www/posts/2018/09/security-advisory-cve-2018-12543.md
+++ b/www/posts/2018/09/security-advisory-cve-2018-12543.md
@ -0,0 +1,59 @@
+<!--
+.. title: Security advisory: CVE-2018-12543
+.. slug: security-advisory-cve-2018-12543
+.. date: 2018-09-27 10:36:19 UTC+01:00
+.. tags: Security,Releases
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+Mosquitto 1.5.3 has been released to address a security vulnerability. It also
+includes other bug fixes.
+
+# CVE-2018-12543
+
+A vulnerability exists in Mosquitto versions 1.5 to 1.5.2 inclusive, known as
+[CVE-2018-12543].
+
+If a message received by the broker has a topic that begins with `$`, but that
+does not begin `$SYS`, an assert is triggered that should otherwise not be
+accessible, causing Mosquitto to exit.
+
+The issue is fixed in Mosquitto 1.5.3. Patches for older versions are
+available at <https://mosquitto.org/files/cve/2018-12543>
+
+The fix addresses the problem by reverting a commit that intended to remove
+some unused checks, but also stopped part of the topic hierarchy being created.
+
+# Version 1.5.3 Changes
+
+The complete list of fixes addressed in version 1.5.3 is:
+
+## Security
+
+* Fix [CVE-2018-12543]. If a message is sent to Mosquitto with a topic that
+  begins with `$`, but is not `$SYS`, then an assert that should be unreachable
+  is triggered and Mosquitto will exit.
+
+## Broker
+* Elevate log level to warning for situation when socket limit is hit.
+* Remove requirement to use `user root` in snap package config files.
+* Fix retained messages not sent by bridges on outgoing topics at the first
+  connection. Closes [#701].
+* Documentation fixes. Closes [#520], [#600].
+* Fix duplicate clients being added to by_id hash before the old client was
+  removed. Closes [#645].
+* Fix Windows version not starting if `include_dir` did not contain any files.
+  Closes [#566].
+
+## Build
+* Various fixes to ease building.
+
+[CVE-2018-12543]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12543
+[#520]: https://github.com/eclipse/mosquitto/issues/520
+[#566]: https://github.com/eclipse/mosquitto/issues/566
+[#600]: https://github.com/eclipse/mosquitto/issues/600
+[#645]: https://github.com/eclipse/mosquitto/issues/645
+[#701]: https://github.com/eclipse/mosquitto/issues/701
--- a/www/posts/2018/09/version-152-released.md
+++ b/www/posts/2018/09/version-152-released.md
@ -0,0 +1,40 @@
+<!--
+.. title: Version 1.5.2 released
+.. slug: version-152-released
+.. date: 2018-09-19 18:18:36 UTC+01:00
+.. tags: Releases
+.. category: 
+.. link: 
+.. description: 
+.. type: text
+-->
+
+This is a bugfix release.
+
+# Version 1.5.2 changes
+
+## Broker
+- Fix build when using `WITH_ADNS=yes`.
+- Fix incorrect call to setsockopt() for `TCP_NODELAY`. Closes [#941].
+- Fix excessive CPU usage when the number of sockets exceeds the system limit.
+  Closes [#948].
+- Fix for bridge connections when using `WITH_ADNS=yes`.
+- Fix `round_robin false` behaviour. Closes [#481].
+- Fix segfault on HUP when bridges and security options are configured.
+  Closes [#965].
+
+## Library
+- Fix situation where username and password is used with SOCKS5 proxy. Closes
+  [#927].
+- Fix SOCKS5 behaviour when passing IP addresses. Closes [#927].
+
+## Build
+- Make it easier to build without bundled uthash.h using `WITH_BUNDLED_DEPS=no`.
+- Fix build with OPENSSL_NO_ENGINE. Closes [#932].
+
+[#481]: https://github.com/eclipse/mosquitto/issues/481
+[#927]: https://github.com/eclipse/mosquitto/issues/927
+[#932]: https://github.com/eclipse/mosquitto/issues/932
+[#941]: https://github.com/eclipse/mosquitto/issues/941
+[#948]: https://github.com/eclipse/mosquitto/issues/948
+[#965]: https://github.com/eclipse/mosquitto/issues/965