Merge rabbitmq-server from Debian unstable for oracular
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rabbitmq-server (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Upstream: tbd
Debian: 3.10.8-3 3.12.1-1
Ubuntu: 3.12.1-1ubuntu1
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.
If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https:/
### New Debian Changes ###
rabbitmq-server (3.10.8-3) unstable; urgency=high
* CVE-2023-46118: Denial of Service by publishing large messages over the
HTTP API. Applied upstream patches that introduce a limit of 10MB:
- Reduce_
- Introduce_
(Closes: #1056723).
-- Thomas Goirand <email address hidden> Mon, 27 Nov 2023 08:31:07 +0100
rabbitmq-server (3.10.8-2) unstable; urgency=medium
* Cleans better (Closes: #1046813).
-- Thomas Goirand <email address hidden> Thu, 24 Aug 2023 11:50:05 +0200
rabbitmq-server (3.10.8-1.1) unstable; urgency=medium
* Non-maintainer upload.
* No source change upload to rebuild with debhelper 13.10.
-- Michael Biebl <email address hidden> Sat, 15 Oct 2022 12:42:19 +0200
rabbitmq-server (3.10.8-1) unstable; urgency=medium
* New upstream release:
- Fix FTBFS with Erlang 25.
* lets-use-
upstream.
* Add OOMScoreAdjust=-500 to the .service file.
-- Thomas Goirand <email address hidden> Wed, 28 Sep 2022 15:40:58 +0200
rabbitmq-server (3.9.13-1) unstable; urgency=medium
* New upstream release.
* Do not install rabbitmq-
-- Thomas Goirand <email address hidden> Wed, 23 Feb 2022 09:12:34 +0100
rabbitmq-server (3.9.8-6) unstable; urgency=medium
* Use grep -q when checking for Erglang cookie.
-- Thomas Goirand <email address hidden> Thu, 27 Jan 2022 23:32:11 +0100
rabbitmq-server (3.9.8-5) unstable; urgency=medium
* Detect if /var/lib/
regenerate and restart rabbitmq it in such case.
-- Thomas Goirand <email address hidden> Thu, 27 Jan 2022 14:14:56 +0100
rabbitmq-server (3.9.8-4) unstable; urgency=medium
* Use umask when creating the .erlang.cookie to avoid race condition where
the file could be read.
-- Thomas Goirand <email address hidden> Mon, 24 Jan 2022 13:24:50 +0100
rabbitmq-server (3.9.8-3) unstable; urgency=medium
* Use OpenSSL to generate the default .erlang.cookie.
* Set rabbitmq-
* Add a debian/
it's been pointed out that upstream doc isn't good enough to explain what
is necessar for it (Closes: #924768).
-- Thomas Goirand <email address hidden> Fri, 14 Jan 2022 10:05:34 +0100
rabbitmq-server (3.9.8-2) unstable; urgency=medium
* Finished removing the $LANG wrapper (Closes: #947872).
* Do not mv /etc/rabbitmq/
anymore (Closes: #943699).
-- Thomas Goirand <email address hidden> Tue, 28 Dec 2021 19:08:01 +0100
rabbitmq-server (3.9.8-1) unstable; urgency=medium
* New upstream release.
* d/control: Bump Standards-Version to 4.6.0, no changes.
-- James Page <email address hidden> Tue, 02 Nov 2021 16:52:40 +0000
rabbitmq-server (3.9.4-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Add a superficial autopkgtest.
It just tests that the service is active after installation. This is not
great test coverage, but it will at least stop new erlang versions from
migrating before rabbitmq-server is fixed to work with it.
* debian/changelog: add missing Closes: tag in the previous upload.
I have just closed the actual bug via a separate control email.
-- Antonio Terceiro <email address hidden> Sat, 25 Sep 2021 06:38:37 -0300
rabbitmq-server (3.9.4-1.1) unstable; urgency=medium
* Non-maintainer upload.
### Old Ubuntu Delta ###
rabbitmq-server (3.12.1-1ubuntu1) noble; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/
for definition uploads and Reduce default HTTP API request body size limit
to 10 MiB in deps/rabbitmq_
priv/
src/
- CVE-2023-46118
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 22 Nov 2023 16:07:37 -0300
Changed in rabbitmq-server (Ubuntu): | |
milestone: | none → ubuntu-24.07 |
Right now there is nothing to do since we up to date with Debian.
If we want to update it, we will need to either wait to see if Debian updates during OO development, or pull from upstream which does publish deb files.