Accepting request 1286574 from network:messaging:amqp

OBS-URL: https://build.opensuse.org/request/show/1286574
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rabbitmq-server?expand=0&rev=95

fix-CVE-2025-30219.patch

@@ -0,0 +1,23 @@
+From b0cdbf3d25c486934d1673044809a6d0bb5e1503 Mon Sep 17 00:00:00 2001
+From: Michael Klishin <michael@clojurewerkz.org>
+Date: Fri, 25 Oct 2024 22:14:41 -0400
+Subject: [PATCH] Use fmt_string in this error message
+
+(cherry picked from commit 8ad8d3197ec0a233d1427479f9e88879cfda5ea4)
+---
+ deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs b/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
+index fdbbe1b8e025..6276f10d8771 100644
+--- a/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
++++ b/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
+@@ -27,7 +27,7 @@
+         if (vhosts[i].cluster_state[vhost_status_node] != 'running') {
+ %>
+ <p class="warning">
+-  Virtual host <b><%= vhosts[i].name %></b> experienced an error on node <b><%= vhost_status_node %></b> and may be inaccessible
++  Virtual host <b><%= fmt_string(vhosts[i].name) %></b> experienced an error on node <b><%= fmt_string(vhost_status_node) %></b> and may be inaccessible
+ </p>
+ <% }}} %>
+ </div>

rabbitmq-server.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Apr 30 07:31:55 UTC 2025 - Simon Lees <sflees@suse.de>
+
+- Correctly escape hostname that could lead to xss attack
+  (bsc#1240071, CVE-2025-30219)
+  * fix-CVE-2025-30219.patch 
+
+-------------------------------------------------------------------
+Thu Apr 24 02:53:26 UTC 2025 - Simon Lees <sflees@suse.de>
+
+- Force non parallel build, this has been the cause of some
+  intermittent build failures.
+
 -------------------------------------------------------------------
 Wed Feb 19 16:07:28 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
 

rabbitmq-server.spec

@@ -54,6 +54,7 @@ Source6:        rabbitmq-server.service
 Source7:        https://raw.githubusercontent.com/rabbitmq/rabbitmq-packaging/v%{version}/RPMS/Fedora/rabbitmq-server.tmpfiles
 Source8:        README.SUSE
 Patch0:         rabbitmq-server-allow-elixir-1.18.patch
+Patch1:         fix-CVE-2025-30219.patch
 BuildRequires:  elixir
 # https://www.rabbitmq.com/which-erlang.html
 BuildRequires:  erlang >= 25.0
@@ -141,7 +142,7 @@ cp %{SOURCE8} .
 # Make elixir happy with Unicode
 export LANG=en_US.UTF-8
 export PYTHON=%{_bindir}/python3
-make all %{_make_args} %{?_smp_mflags}
+make all %{_make_args} -j1
 
 %install
 # Make elixir happy with Unicode