https://bugzilla.redhat.com/show_bug.cgi?id=1087237
Bug ID: 1087237
Summary: erlang-sext-1.2 is available
Product: Fedora
Version: rawhide
Component: erlang-sext
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 1.2
Current version/release in Fedora Rawhide: 1.1-2.fc20
URL: https://github.com/uwiger/sext/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1248842
Bug ID: 1248842
Summary: erlang-neotoma-1.7.3 is available
Product: Fedora
Version: rawhide
Component: erlang-neotoma
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 1.7.3
Current version/release in rawhide: 1.7.2-1.fc22
URL: https://github.com/seancribbs/neotoma
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1240487
Bug ID: 1240487
Summary: erl segfault on fedora-23-i686 (autoconf testsuite)
Product: Fedora
Version: rawhide
Component: erlang
Assignee: lemenkov(a)gmail.com
Reporter: praiskup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de, s(a)shk.io
We observe autoconf FTBFS on rawhide (testsuite failures). One of the
testsuite failures is related to Erlang & autoconf, but it appears only on
i686. I tried to cut related testcase out into segfault-i686.tar.gz
reproducer:
$ tar -xf segfault-i686.tar.gz
$ cd segfault-i686
$ make && make run
erlc -b beam my_testsuite.erl
cd lib && ./compile
erl -pa ./lib -s my_testsuite test
Erlang/OTP 17 [erts-6.3] [source] [smp:4:4] [async-threads:10] [hipe]
[kernel-poll:false]
Eshell V6.3 (abort with ^G)
1> All 3 tests passed.
Makefile:6: recipe for target 'run' failed
make: *** [run] Segmentation fault (core dumped)
The segfault ^^ breaks autoconf testsuite, but I'm not able to diagnose
properly. Any help appreciated, let me know if you need some other info.
FTBFS:
https://kojipkgs.fedoraproject.org//work/tasks/7404/10217404/build.log
Pavel
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027729
Bug ID: 1027729
Summary: erlang-folsom-0.8.0 is available
Product: Fedora
Version: rawhide
Component: erlang-folsom
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 0.8.0
Current version/release in Fedora Rawhide: 0.7.4-2.fc20
URL: https://github.com/boundary/folsom/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1179216
Bug ID: 1179216
Summary: Utilize system-wide crypto-policies
Product: Fedora
Version: 21
Component: ejabberd
Assignee: lemenkov(a)gmail.com
Reporter: nmavrogi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org
Please convert to use the system's crypto policy for SSL and TLS:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies
If this program is compiled against gnutls, change the default priority string
to be "@SYSTEM" or to use gnutls_set_default_priority().
If this program is compiled against openssl, and there is no default cipher
list specified, you don't need to modify it. Otherwise replace the default
cipher list with "PROFILE=SYSTEM".
In both cases please verify that the application uses the system's crypto
policies.
If the package is already using the system-wide crypto policies, or it does not
use SSL or TLS, no action is required, the bug can simply be closed.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1204119
Bug ID: 1204119
Summary: ejabberd-15.03 is available
Product: Fedora
Version: rawhide
Component: ejabberd
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org
Latest upstream release: 15.03
Current version/release in rawhide: 14.07-6.fc22
URL: https://github.com/processone/ejabberd
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1239092
Bug ID: 1239092
Summary: erlang-mustache-v0.1.1 is available
Product: Fedora
Version: rawhide
Component: erlang-mustache
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: v0.1.1
Current version/release in rawhide: 0.1.0-9.fc23
URL: https://github.com/mojombo/mustache.erl
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027728
Bug ID: 1027728
Summary: erlang-bear-0.8.0 is available
Product: Fedora
Version: rawhide
Component: erlang-bear
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 0.8.0
Current version/release in Fedora Rawhide: 0.1.3-2.fc20
URL: https://github.com/boundary/bear/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1221824
Bug ID: 1221824
Summary: erlang-17.5 is available
Product: Fedora
Version: rawhide
Component: erlang
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de, s(a)shk.io
Latest upstream release: 17.5
Current version/release in rawhide: 17.4-2.fc23
URL: http://www.erlang.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1188678
Bug ID: 1188678
Summary: erlang-17.4.1 is available
Product: Fedora
Version: rawhide
Component: erlang
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de, s(a)shk.io
Latest upstream release: 17.4.1
Current version/release in Fedora Rawhide: 17.4-1.fc22
URL: https://api.github.com/repos/erlang/otp/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1118610
Bug ID: 1118610
Summary: erlang-rebar-2.5.0 is available
Product: Fedora
Version: rawhide
Component: erlang-rebar
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
s(a)shk.io
Latest upstream release: 2.5.0
Current version/release in Fedora Rawhide: 2.1.0-0.8.fc21
URL: https://api.github.com/repos/rebar/rebar/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1077925
Bug ID: 1077925
Summary: Use system double-conversion instead of bundled one
Product: Fedora
Version: rawhide
Component: erlang-jiffy
Assignee: filip(a)andresovi.net
Reporter: ville.skytta(a)iki.fi
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, filip(a)andresovi.net,
lkundrak(a)v3.sk
https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
'git am'able fix attached, build tested only. Let me know if you'd
like me to push and build this for devel.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1184159
Bug ID: 1184159
Summary: ejabberd: XMPP resource consumption denial of service
when using application-layer compression (XEP-0138)
[fedora-all]
Product: Fedora
Version: 21
Component: ejabberd
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: lemenkov(a)gmail.com
Reporter: vdanen(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org
Blocks: 1084850
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1084850
[Bug 1084850] XMPP resource consumption denial of service when using
application-layer compression (XEP-0138)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1234265
Bug ID: 1234265
Summary: needs updates to build with new js and ebloom packages
Product: Fedora
Version: rawhide
Component: erlang-riak_kv
Assignee: lemenkov(a)gmail.com
Reporter: mjuszkie(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Created attachment 1041652
--> https://bugzilla.redhat.com/attachment.cgi?id=1041652&action=edit
spec+patches
Description of problem:
erlang-js got updated to 1.3.0
erlang-ebloom is at 2.0.0
but erlang-riak_kv still wants older versions
Version-Release number of selected component (if applicable):
1.3.2-4
How reproducible:
always
Steps to Reproduce:
1. do a build
Actual results:
Dependency not available: erlang_js-1.2.2 ({git,
"git://github.com/basho/erlang_js",
{tag,"1.2.2"}})
Dependency not available: ebloom-1.1.2 ({git,"git://github.com/basho/ebloom",
{tag,"1.1.2"}})
ERROR: compile failed while processing /builddir/build/BUILD/riak_kv-1.3.2:
rebar_abort
Expected results:
package builds
Additional info:
10176104 build (rawhide, erlang-riak_kv-1.3.2-5.fc23.src.rpm): open
(buildvm-13.phx2.fedoraproject.org)
10176105 buildArch (erlang-riak_kv-1.3.2-5.fc23.src.rpm, armv7hl): open
(arm04-builder06.arm.fedoraproject.org)
10176107 buildArch (erlang-riak_kv-1.3.2-5.fc23.src.rpm, i686): open
(buildhw-11.phx2.fedoraproject.org)
10176106 buildArch (erlang-riak_kv-1.3.2-5.fc23.src.rpm, x86_64): open
(buildvm-16.phx2.fedoraproject.org)
10176106 buildArch (erlang-riak_kv-1.3.2-5.fc23.src.rpm, x86_64): open
(buildvm-16.phx2.fedoraproject.org) -> closed
0 free 3 open 1 done 0 failed
10176107 buildArch (erlang-riak_kv-1.3.2-5.fc23.src.rpm, i686): open
(buildhw-11.phx2.fedoraproject.org) -> closed
0 free 2 open 2 done 0 failed
10176105 buildArch (erlang-riak_kv-1.3.2-5.fc23.src.rpm, armv7hl): open
(arm04-builder06.arm.fedoraproject.org) -> closed
0 free 1 open 3 done 0 failed
10176104 build (rawhide, erlang-riak_kv-1.3.2-5.fc23.src.rpm): open
(buildvm-13.phx2.fedoraproject.org) -> closed
0 free 0 open 4 done 0 failed
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1211394
Bug ID: 1211394
Summary: rabbitmq-server package should install sample config
files
Product: Fedora EPEL
Version: epel7
Component: rabbitmq-server
Keywords: EasyFix, ZStream
Severity: low
Priority: low
Assignee: lemenkov(a)gmail.com
Reporter: apevec(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: afazekas(a)redhat.com, apevec(a)redhat.com,
dyocum(a)redhat.com, erlang(a)lists.fedoraproject.org,
extras-qa(a)fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lars(a)redhat.com,
lemenkov(a)gmail.com, lhh(a)redhat.com,
rhos-flags(a)redhat.com, rjones(a)redhat.com,
rohara(a)redhat.com, s(a)shk.io, sgordon(a)redhat.com,
yeylon(a)redhat.com
Depends On: 1160810
+++ This bug was initially created as a clone of Bug #1160810 +++
+++ This bug was initially created as a clone of Bug #1134956 +++
The rabbitmq-server package does not install any configuration into
/etc/rabbitmq/rabbitmq.config or /etc/rabbitmq/rabbitmq-env.conf. Having the
package install sample versions of these files would provide people with a
model of what they should look like and may ease the process for people moving
from qpid to rabbitmq (by providing and obvious location in which, e.g., to
place credentials if they would like to use a non-default username/password).
--- Additional comment from Attila Fazekas on 2014-10-13 06:17:37 EDT ---
The 3.1.5 tarball (and the hg tag) does not contains an example config file,
but the >=3.2.0 does.
Using the the sample from the >=3.2.0 would be also helpful.
--- Additional comment from Dan Yocum on 2014-10-13 08:23:39 EDT ---
The example config file has unsupported/unpackaged features which I removed in
the second attachment I included. Use the 2nd attachment as the first one had
a typo (a trailing comma after a config stanza which made erlang puke).
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1160810
[Bug 1160810] rabbitmq-server package should install sample config files
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1185517
Bug ID: 1185517
Summary: rabbitmq-server: RabbitMQ: /api/... XSS vulnerability
[epel-all]
Product: Fedora EPEL
Version: el6
Component: rabbitmq-server
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: lemenkov(a)gmail.com
Reporter: kseifried(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lemenkov(a)gmail.com,
rjones(a)redhat.com, s(a)shk.io
Blocks: 1185514
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1185514
[Bug 1185514] RabbitMQ: /api/... XSS vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1185516
Bug ID: 1185516
Summary: rabbitmq-server: RabbitMQ: /api/... XSS vulnerability
[fedora-all]
Product: Fedora
Version: 21
Component: rabbitmq-server
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: lemenkov(a)gmail.com
Reporter: kseifried(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, rjones(a)redhat.com, s(a)shk.io
Blocks: 1185514
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1185514
[Bug 1185514] RabbitMQ: /api/... XSS vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1183690
Bug ID: 1183690
Summary: rabbitmq logrotate script attempts to use legacy
service commands
Product: Fedora
Version: 21
Component: rabbitmq-server
Assignee: lemenkov(a)gmail.com
Reporter: lars(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, rjones(a)redhat.com, s(a)shk.io
Description of problem:
The rabbitmq-server package installs /etc/logrotate.d/rabbitmq-server with the
following:
postrotate
/sbin/service rabbitmq-server rotate-logs > /dev/null
endscript
That hasn't work since systemd was introduced, and results in the error:
/etc/cron.daily/logrotate:
The service command supports only basic LSB actions (start, stop, restart,
try-restart, reload, force-reload, status). For other actions, please try to
use systemctl.
error: error running shared postrotate script for '/var/log/rabbitmq/*.log '
Version-Release number of selected component (if applicable):
rabbitmq-server-3.1.5-10.fc21.noarch
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1174872
Bug ID: 1174872
Summary: rabbitmq-server: insufficient 'X-Forwarded-For' header
validation
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: abaron(a)redhat.com, aortega(a)redhat.com,
apevec(a)redhat.com, ayoung(a)redhat.com,
chrisw(a)redhat.com, dallan(a)redhat.com,
erlang(a)lists.fedoraproject.org, gkotton(a)redhat.com,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lemenkov(a)gmail.com, lhh(a)redhat.com,
lpeer(a)redhat.com, markmc(a)redhat.com,
pmyers(a)redhat.com, rbryant(a)redhat.com,
rjones(a)redhat.com, s(a)shk.io, sclewis(a)redhat.com,
yeylon(a)redhat.com
In RabbitMQ, the 'loopback_users' configuration directive allows to specify a
list of users that are only permitted to connect to the broker via localhost.
It was found that the RabbitMQ's management plug-in did not sufficiently
validate the 'X-Forwarded-For' header when determining the remote address. A
remote attacker able to send a specially crafted 'X-Forwarded-For' header to
RabbitMQ could use this flaw to connect to the broker as if they were a
localhost user. Note that the attacker must know valid user credentials in
order to connect to the broker.
Upstream patches:
http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11ahttp://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
References:
https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyMhttp://www.rabbitmq.com/release-notes/README-3.4.0.txt
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1104843
Bug ID: 1104843
Summary: rabbitmqctl doesn't work
Product: Fedora
Version: 20
Component: rabbitmq-server
Severity: high
Priority: urgent
Assignee: hubert.plociniczak(a)gmail.com
Reporter: jeckersb(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: apevec(a)redhat.com, erlang(a)lists.fedoraproject.org,
fdinitto(a)redhat.com, hubert.plociniczak(a)gmail.com,
jeckersb(a)redhat.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, rjones(a)redhat.com, s(a)shk.io
Depends On: 1104193
Blocks: 1083890
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1104193
[Bug 1104193] rabbitmqctl doesn't work
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1197421
Bug ID: 1197421
Summary: Logrotate needs to use systemctl
Product: Fedora EPEL
Version: epel7
Component: rabbitmq-server
Severity: medium
Assignee: lemenkov(a)gmail.com
Reporter: bwong(a)fastmail.fm
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lemenkov(a)gmail.com,
rjones(a)redhat.com, s(a)shk.io
Description of problem:
The package rabbitmq-server-3.3.5-4.el7.noarch installs a logrotate
configuration file that uses /sbin/service. Log rotation does not run
successfully because the postrotate parameter needs to be updated.
The message received from logrotate (via cron):
/etc/cron.hourly/logrotate:
The service command supports only basic LSB actions (start, stop, restart,
try-restart, reload, force-reload, status). For other actions, please try to
use systemctl.
error: error running shared postrotate script for '/var/log/rabbitmq/*.log '
Version-Release number of selected component (if applicable):
rabbitmq-server-3.3.5-4.el7.noarch
How reproducible:
Consistently
Steps to Reproduce:
1. Install rabbitmq-server.
2. View logrotate configuration file /etc/logrotate.d/rabbitmq-server
3.
Actual results:
All I can confirm is the error message from logrotate, whether the rabbitmq
logs actually get rotated, I cannot say for sure at this time.
Expected results:
A working postrotate command
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1148444
Bug ID: 1148444
Summary: logrotation fails
Product: Fedora EPEL
Version: epel7
Component: rabbitmq-server
Assignee: lemenkov(a)gmail.com
Reporter: Jan.van.Eldik(a)cern.ch
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lemenkov(a)gmail.com,
rjones(a)redhat.com, s(a)shk.io
Description of problem:
Logrotation fails 100% because of old-style post-rotate command
Version-Release number of selected component (if applicable):
rabbitmq-server-3.1.5-7.el7.noarch
How reproducible:
100%
Steps to Reproduce:
[root@jcentos7-01 tmp]# logrotate -f /etc/logrotate.conf
The service command supports only basic LSB actions (start, stop, restart,
try-restart, reload, force-reload, status). For other actions, please try to
use systemctl.
error: error running shared postrotate script for '/var/log/rabbitmq/*.log '
[root@jcentos7-01 tmp]# cat /etc/logrotate.d/rabbitmq-server
/var/log/rabbitmq/*.log {
weekly
missingok
rotate 20
compress
delaycompress
notifempty
sharedscripts
postrotate
/sbin/service rabbitmq-server rotate-logs > /dev/null
endscript
}
[root@jcentos7-01 tmp]# /sbin/service rabbitmq-server rotate-logs > /dev/null
The service command supports only basic LSB actions (start, stop, restart,
try-restart, reload, force-reload, status). For other actions, please try to
use systemctl.
[root@jcentos7-01 tmp]# echo $?
2
--
You are receiving this mail because:
You are on the CC list for the bug.