CVS commit: pkgsrc/net/rabbitmq

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/rabbitmq
From: "Filip Hajny" <fhajny%netbsd.org@localhost>
Date: Mon, 7 Mar 2016 13:14:24 +0000

Module Name:    pkgsrc
Committed By:   fhajny
Date:           Mon Mar  7 13:14:24 UTC 2016

Modified Files:
        pkgsrc/net/rabbitmq: Makefile PLIST distinfo

Log Message:
Update net/rabbitmq to 3.6.1

RabbitMQ 3.6.1 is a maintenance release that includes a fix for
CVE-2015-8786, a vulnerability in RabbitMQ management plugin.

Server
- Purging a lazy queue could result in an exception
- Ensure epmd is running before starting RabbitMQ node on Windows
- Channel error could make broker unreachable
- (Automatic) deletion of an auto-delete queue could lead
  to blocked channels
- During (from scratch) queue sync, queue master node didn't respect
  mirror alarm state. With large data sets this could drive mirror
  node out of memory.
- Changing password for users with non-standard (think broker
  configuration) password hashing function, for example, those migrated
  from 3.5.x releases, didn't update effective hashing function.
- Heavy and/or prolonged rabbitmqctl use could exhaust Erlang VM atom table
- "Min masters" queue master location strategy could result in an error.
- Fixed a race condition in pause_minority handling mode.
- Significantly reduce possibility of a race condition when an exchange
  is deleted and immediately re-declared, e.g. by a federation link.
- amq.rabbitmq.log messages now have information about originating
  node in message headers
- scripts/rabbitmq-env now works with GNU sed 4.2.2
- Exceptions in VM memory use calculator no longer affect broker startup
- Direct Reply-to capability is now advertised to clients
- Paths with non-ASCII characters on Windows are now handled
- Configurable number of TCP connection acceptors
- rabbitmqctl cluster_status now includes cluster-wide resource alarm status
- Windows installer no longer jumps over installation log
- Improved rabbitmqctl reset error messages
- More unsigned field data types are supported.

Federation Plugin
- Significantly reduce possibility of a race condition when an exchange
  is deleted and immediately re-declared, e.g. by a federation link

Management plugin
- CVE-2015-8786: user-provided query parameters lengths_age and
  lengths_incr had no validation and could be used to exhaust server
  resources.
- Password hashing function is now included in exported definitions
- Internet Explorer (9+) compatibility restored
- Internet Explorer 11 compatibility fixes
- When policy fails to be created with invalid paramaters a sensible
  error message will be displayed.

Federation Management plugin
- Federation link form now includes more settings (that are exchange-
  and queue-federation specific)


To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/rabbitmq/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/rabbitmq/PLIST
cvs rdiff -u -r1.28 -r1.29 pkgsrc/net/rabbitmq/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/ham
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/ham
Indexes:

Home | Main Index | Thread Index | Old Index