Subject: CVS commit: pkgsrc/net/rabbitmq
From: Filip Hajny
Date: 2016-03-07 14:14:24
Message id: 20160307131424.1D567FBB7@cvs.NetBSD.org

Log Message:
Update net/rabbitmq to 3.6.1

RabbitMQ 3.6.1 is a maintenance release that includes a fix for
CVE-2015-8786, a vulnerability in RabbitMQ management plugin.

Server
- Purging a lazy queue could result in an exception
- Ensure epmd is running before starting RabbitMQ node on Windows
- Channel error could make broker unreachable
- (Automatic) deletion of an auto-delete queue could lead
  to blocked channels
- During (from scratch) queue sync, queue master node didn't respect
  mirror alarm state. With large data sets this could drive mirror
  node out of memory.
- Changing password for users with non-standard (think broker
  configuration) password hashing function, for example, those migrated
  from 3.5.x releases, didn't update effective hashing function.
- Heavy and/or prolonged rabbitmqctl use could exhaust Erlang VM atom table
- "Min masters" queue master location strategy could result in an error.
- Fixed a race condition in pause_minority handling mode.
- Significantly reduce possibility of a race condition when an exchange
  is deleted and immediately re-declared, e.g. by a federation link.
- amq.rabbitmq.log messages now have information about originating
  node in message headers
- scripts/rabbitmq-env now works with GNU sed 4.2.2
- Exceptions in VM memory use calculator no longer affect broker startup
- Direct Reply-to capability is now advertised to clients
- Paths with non-ASCII characters on Windows are now handled
- Configurable number of TCP connection acceptors
- rabbitmqctl cluster_status now includes cluster-wide resource alarm status
- Windows installer no longer jumps over installation log
- Improved rabbitmqctl reset error messages
- More unsigned field data types are supported.

Federation Plugin
- Significantly reduce possibility of a race condition when an exchange
  is deleted and immediately re-declared, e.g. by a federation link

Management plugin
- CVE-2015-8786: user-provided query parameters lengths_age and
  lengths_incr had no validation and could be used to exhaust server
  resources.
- Password hashing function is now included in exported definitions
- Internet Explorer (9+) compatibility restored
- Internet Explorer 11 compatibility fixes
- When policy fails to be created with invalid paramaters a sensible
  error message will be displayed.

Federation Management plugin
- Federation link form now includes more settings (that are exchange-
  and queue-federation specific)

Files:
RevisionActionfile
1.25modifypkgsrc/net/rabbitmq/Makefile
1.21modifypkgsrc/net/rabbitmq/PLIST
1.29modifypkgsrc/net/rabbitmq/distinfo