---
- branch: MAIN
  date: Mon Mar  7 13:14:24 UTC 2016
  files:
  - new: '1.25'
    old: '1.24'
    path: pkgsrc/net/rabbitmq/Makefile
    pathrev: pkgsrc/net/rabbitmq/Makefile@1.25
    type: modified
  - new: '1.21'
    old: '1.20'
    path: pkgsrc/net/rabbitmq/PLIST
    pathrev: pkgsrc/net/rabbitmq/PLIST@1.21
    type: modified
  - new: '1.29'
    old: '1.28'
    path: pkgsrc/net/rabbitmq/distinfo
    pathrev: pkgsrc/net/rabbitmq/distinfo@1.29
    type: modified
  id: 20160307T131424Z.1e2e3ca0440c1129fe10d15711311c5ce02de80c
  log: |
    Update net/rabbitmq to 3.6.1

    RabbitMQ 3.6.1 is a maintenance release that includes a fix for
    CVE-2015-8786, a vulnerability in RabbitMQ management plugin.

    Server
    - Purging a lazy queue could result in an exception
    - Ensure epmd is running before starting RabbitMQ node on Windows
    - Channel error could make broker unreachable
    - (Automatic) deletion of an auto-delete queue could lead
      to blocked channels
    - During (from scratch) queue sync, queue master node didn't respect
      mirror alarm state. With large data sets this could drive mirror
      node out of memory.
    - Changing password for users with non-standard (think broker
      configuration) password hashing function, for example, those migrated
      from 3.5.x releases, didn't update effective hashing function.
    - Heavy and/or prolonged rabbitmqctl use could exhaust Erlang VM atom table
    - "Min masters" queue master location strategy could result in an error.
    - Fixed a race condition in pause_minority handling mode.
    - Significantly reduce possibility of a race condition when an exchange
      is deleted and immediately re-declared, e.g. by a federation link.
    - amq.rabbitmq.log messages now have information about originating
      node in message headers
    - scripts/rabbitmq-env now works with GNU sed 4.2.2
    - Exceptions in VM memory use calculator no longer affect broker startup
    - Direct Reply-to capability is now advertised to clients
    - Paths with non-ASCII characters on Windows are now handled
    - Configurable number of TCP connection acceptors
    - rabbitmqctl cluster_status now includes cluster-wide resource alarm status
    - Windows installer no longer jumps over installation log
    - Improved rabbitmqctl reset error messages
    - More unsigned field data types are supported.

    Federation Plugin
    - Significantly reduce possibility of a race condition when an exchange
      is deleted and immediately re-declared, e.g. by a federation link

    Management plugin
    - CVE-2015-8786: user-provided query parameters lengths_age and
      lengths_incr had no validation and could be used to exhaust server
      resources.
    - Password hashing function is now included in exported definitions
    - Internet Explorer (9+) compatibility restored
    - Internet Explorer 11 compatibility fixes
    - When policy fails to be created with invalid paramaters a sensible
      error message will be displayed.

    Federation Management plugin
    - Federation link form now includes more settings (that are exchange-
      and queue-federation specific)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/rabbitmq'
  unixtime: '1457356464'
  user: fhajny