Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rabbitmq-server for openSUSE:Factory
checked in at 2025-08-04 15:25:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rabbitmq-server (Old)
and /work/SRC/openSUSE:Factory/.rabbitmq-server.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rabbitmq-server"
Mon Aug 4 15:25:22 2025 rev:96 rq:1297397 version:3.13.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/rabbitmq-server/rabbitmq-server.changes
2025-06-18 16:03:45.583062772 +0200
+++
/work/SRC/openSUSE:Factory/.rabbitmq-server.new.1085/rabbitmq-server.changes
2025-08-04 15:26:26.738083839 +0200
@@ -1,0 +2,12 @@
+Thu Jul 31 06:06:04 UTC 2025 - Simon Lees <[email protected]>
+
+- RabbitMQ Node can log Basic Auth header from an HTTP request
+ (bsc#1245105, CVE-2025-50200)
+ * fix-CVE-2025-50200.patch
+- bad logrotate configuration allows potential escalation from
+ rabbitmq to root, /var/log/rabbitmq ownership is now 750
+ (bsc#1246091)
+- Make build reproducable
+ * feature-suse-reproducable-build.patch
+
+-------------------------------------------------------------------
New:
----
feature-suse-reproducable-build.patch
fix-CVE-2025-50200.patch
----------(New B)----------
New:- Make build reproducable
* feature-suse-reproducable-build.patch
New: (bsc#1245105, CVE-2025-50200)
* fix-CVE-2025-50200.patch
- bad logrotate configuration allows potential escalation from
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rabbitmq-server.spec ++++++
--- /var/tmp/diff_new_pack.eVrfQT/_old 2025-08-04 15:26:27.874131560 +0200
+++ /var/tmp/diff_new_pack.eVrfQT/_new 2025-08-04 15:26:27.874131560 +0200
@@ -53,8 +53,10 @@
Source6: rabbitmq-server.service
Source7:
https://raw.githubusercontent.com/rabbitmq/rabbitmq-packaging/v%{version}/RPMS/Fedora/rabbitmq-server.tmpfiles
Source8: README.SUSE
-Patch0: rabbitmq-server-allow-elixir-1.18.patch
-Patch1: fix-CVE-2025-30219.patch
+Patch0: feature-suse-reproducable-build.patch
+Patch1: rabbitmq-server-allow-elixir-1.18.patch
+Patch2: fix-CVE-2025-30219.patch
+Patch3: fix-CVE-2025-50200.patch
BuildRequires: elixir
# https://www.rabbitmq.com/which-erlang.html
BuildRequires: erlang >= 25.0
@@ -235,7 +237,7 @@
#
%attr(0755, rabbitmq, rabbitmq) %dir %{_localstatedir}/lib/rabbitmq
%attr(0750, rabbitmq, rabbitmq) %dir %{_localstatedir}/lib/rabbitmq/mnesia
-%attr(0755, rabbitmq, rabbitmq) %dir %{_localstatedir}/log/rabbitmq
+%attr(0750, rabbitmq, rabbitmq) %dir %{_localstatedir}/log/rabbitmq
#
%{_sbindir}/rabbitmq-plugins
%{_sbindir}/rabbitmq-server
++++++ feature-suse-reproducable-build.patch ++++++
Index: rabbitmq-server-3.13.7/erlang.mk
===================================================================
--- rabbitmq-server-3.13.7.orig/erlang.mk
+++ rabbitmq-server-3.13.7/erlang.mk
@@ -66,7 +66,7 @@ export ERLANG_MK_TMP
# "erl" command.
-ERL = erl +A1 -noinput -boot no_dot_erlang
+ERL = erl +A1 -noinput -boot no_dot_erlang -enable-deterministic-build
# Platform detection.
++++++ fix-CVE-2025-50200.patch ++++++
>From ab095675a98991a5f5b25cd7671ad4658a7642c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <[email protected]>
Date: Tue, 25 Mar 2025 12:33:00 +0100
Subject: [PATCH] Fix Cowboy crashes caused by double reply
Issue introduced in 383ddb16341.
---
.../src/rabbit_mgmt_util.erl | 17 +++++++++++++
.../src/rabbit_mgmt_wm_exchange_publish.erl | 25 ++++++-------------
.../src/rabbit_mgmt_wm_queue_actions.erl | 24 ++++++------------
.../src/rabbit_mgmt_wm_queue_get.erl | 24 ++++++------------
4 files changed, 41 insertions(+), 49 deletions(-)
Index: rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_util.erl
===================================================================
---
rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_util.erl
+++ rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_util.erl
@@ -51,6 +51,8 @@
-export([disable_stats/1, enable_queue_totals/1]).
+-export([set_resp_not_found/2]).
+
-import(rabbit_misc, [pget/2]).
-include("rabbit_mgmt.hrl").
@@ -1145,3 +1147,18 @@ catch_no_such_user_or_vhost(Fun, Replace
%% error is thrown when the request is out of range
sublist(List, S, L) when is_integer(L), L >= 0 ->
lists:sublist(lists:nthtail(S-1, List), L).
+
+-spec set_resp_not_found(binary(), cowboy_req:req()) -> cowboy_req:req().
+set_resp_not_found(NotFoundBin, ReqData) ->
+ ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
+ not_found ->
+ <<"vhost_not_found">>;
+ _ ->
+ NotFoundBin
+ end,
+ ReqData1 = cowboy_req:set_resp_header(
+ <<"content-type">>, <<"application/json">>, ReqData),
+ cowboy_req:set_resp_body(rabbit_json:encode(#{
+ <<"error">> => <<"not_found">>,
+ <<"reason">> => ErrorMessage
+ }), ReqData1).
Index:
rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_exchange_publish.erl
===================================================================
---
rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_wm_exchange_publish.erl
+++
rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_exchange_publish.erl
@@ -29,11 +29,14 @@ allowed_methods(ReqData, Context) ->
content_types_provided(ReqData, Context) ->
{rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
-resource_exists(ReqData, Context) ->
- {case rabbit_mgmt_wm_exchange:exchange(ReqData) of
- not_found -> raise_not_found(ReqData, Context);
- _ -> true
- end, ReqData, Context}.
+resource_exists(ReqData0, Context) ->
+ case rabbit_mgmt_wm_exchange:exchange(ReqData0) of
+ not_found ->
+ ReqData1 =
rabbit_mgmt_util:set_resp_not_found(<<"exchange_not_found">>, ReqData0),
+ {false, ReqData1, Context};
+ _ ->
+ {true, ReqData0, Context}
+ end.
allow_missing_post(ReqData, Context) ->
{false, ReqData, Context}.
@@ -104,18 +107,6 @@ bad({{coordinator_unavailable, _}, _}, R
is_authorized(ReqData, Context) ->
rabbit_mgmt_util:is_authorized_vhost(ReqData, Context).
-raise_not_found(ReqData, Context) ->
- ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
- not_found ->
- "vhost_not_found";
- _ ->
- "exchange_not_found"
- end,
- rabbit_mgmt_util:not_found(
- rabbit_data_coercion:to_binary(ErrorMessage),
- ReqData,
- Context).
-
%%--------------------------------------------------------------------
decode(Payload, <<"string">>) -> Payload;
Index:
rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_actions.erl
===================================================================
---
rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_actions.erl
+++
rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_actions.erl
@@ -26,11 +26,14 @@ variances(Req, Context) ->
allowed_methods(ReqData, Context) ->
{[<<"POST">>, <<"OPTIONS">>], ReqData, Context}.
-resource_exists(ReqData, Context) ->
- {case rabbit_mgmt_wm_queue:queue(ReqData) of
- not_found -> raise_not_found(ReqData, Context);
- _ -> true
- end, ReqData, Context}.
+resource_exists(ReqData0, Context) ->
+ case rabbit_mgmt_wm_queue:queue(ReqData0) of
+ not_found ->
+ ReqData1 =
rabbit_mgmt_util:set_resp_not_found(<<"queue_not_found">>, ReqData0),
+ {false, ReqData1, Context};
+ _ ->
+ {true, ReqData0, Context}
+ end.
allow_missing_post(ReqData, Context) ->
{false, ReqData, Context}.
@@ -55,17 +58,6 @@ do_it(ReqData0, Context) ->
is_authorized(ReqData, Context) ->
rabbit_mgmt_util:is_authorized_admin(ReqData, Context).
-raise_not_found(ReqData, Context) ->
- ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
- not_found ->
- "vhost_not_found";
- _ ->
- "queue_not_found"
- end,
- rabbit_mgmt_util:not_found(
- rabbit_data_coercion:to_binary(ErrorMessage),
- ReqData,
- Context).
%%--------------------------------------------------------------------
action(<<"sync">>, Q, ReqData, Context) when ?is_amqqueue(Q) ->
Index:
rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_get.erl
===================================================================
---
rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_get.erl
+++
rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_get.erl
@@ -29,11 +29,14 @@ allowed_methods(ReqData, Context) ->
content_types_provided(ReqData, Context) ->
{rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
-resource_exists(ReqData, Context) ->
- {case rabbit_mgmt_wm_queue:queue(ReqData) of
- not_found -> raise_not_found(ReqData, Context);
- _ -> true
- end, ReqData, Context}.
+resource_exists(ReqData0, Context) ->
+ case rabbit_mgmt_wm_queue:queue(ReqData0) of
+ not_found ->
+ ReqData1 =
rabbit_mgmt_util:set_resp_not_found(<<"queue_not_found">>, ReqData0),
+ {false, ReqData1, Context};
+ _ ->
+ {true, ReqData0, Context}
+ end.
allow_missing_post(ReqData, Context) ->
{false, ReqData, Context}.
@@ -152,17 +155,6 @@ basic_get(Ch, Q, AckMode, Enc, Trunc) ->
is_authorized(ReqData, Context) ->
rabbit_mgmt_util:is_authorized_vhost(ReqData, Context).
-raise_not_found(ReqData, Context) ->
- ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
- not_found ->
- "vhost_not_found";
- _ ->
- "queue_not_found"
- end,
- rabbit_mgmt_util:not_found(
- rabbit_data_coercion:to_binary(ErrorMessage),
- ReqData,
- Context).
%%--------------------------------------------------------------------
maybe_truncate(Payload, none) -> Payload;
