Accepting request 282244 from network:messaging:amqp

- update to 3.4.3:
   * prevent XSS attack in table key names (since 2.4.0)
     (CVE-2015-0862)
   * prevent XSS attack in policy names (since 3.4.0)
      (CVE-2015-0862)
   * prevent XSS attack in client details in the connections list
      (CVE-2015-0862)
   * prevent XSS attack in user names in the vhosts list or the vhost names
      in the user list (since 2.4.0)
      (CVE-2015-0862)
   * prevent XSS attack in the cluster name (since 3.3.0)
      (CVE-2015-0862)
   * prevent /api/* from returning text/html error messages which could
      act as an XSS vector (since 2.1.0)
   * fix response-splitting vulnerability in /api/downloads (since 2.1.0)
   * do not trust X-Forwarded-For header when enforcing 'loopback_users' 
     (CVE-2014-9494)
   * disable SSLv3 by default to prevent the POODLE attack
   * see https://www.rabbitmq.com/release-notes/README-3.4.3.txt
   * see https://www.rabbitmq.com/release-notes/README-3.4.2.txt
   * see https://www.rabbitmq.com/release-notes/README-3.4.1.txt
   * see https://www.rabbitmq.com/release-notes/README-3.4.0.txt

OBS-URL: https://build.opensuse.org/request/show/282244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rabbitmq-server?expand=0&rev=25

rabbitmq-server-3.3.5.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7a6bf8af684b2087a1c534ffcd2db1b7c15b137a38bb9f00dfdf0227f69d70c2
-size 3648221

rabbitmq-server-3.4.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a6cb2d68f99054c87cc7daa2d3857f85a2adfc582f6ab8538f2605031751b5d5
+size 3656510

rabbitmq-server.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Wed Jan 21 16:12:13 UTC 2015 - dmueller@suse.com
+
+- update to 3.4.3:
+   * prevent XSS attack in table key names (since 2.4.0)
+     (CVE-2015-0862)
+   * prevent XSS attack in policy names (since 3.4.0)
+      (CVE-2015-0862)
+   * prevent XSS attack in client details in the connections list
+      (CVE-2015-0862)
+   * prevent XSS attack in user names in the vhosts list or the vhost names
+      in the user list (since 2.4.0)
+      (CVE-2015-0862)
+   * prevent XSS attack in the cluster name (since 3.3.0)
+      (CVE-2015-0862)
+   * prevent /api/* from returning text/html error messages which could
+      act as an XSS vector (since 2.1.0)
+   * fix response-splitting vulnerability in /api/downloads (since 2.1.0)
+   * do not trust X-Forwarded-For header when enforcing 'loopback_users' 
+     (CVE-2014-9494)
+   * disable SSLv3 by default to prevent the POODLE attack
+
+   * see https://www.rabbitmq.com/release-notes/README-3.4.3.txt
+   * see https://www.rabbitmq.com/release-notes/README-3.4.2.txt
+   * see https://www.rabbitmq.com/release-notes/README-3.4.1.txt
+   * see https://www.rabbitmq.com/release-notes/README-3.4.0.txt
+
 -------------------------------------------------------------------
 Mon Nov 24 11:52:42 UTC 2014 - dmueller@suse.com
 

rabbitmq-server.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package rabbitmq-server
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 %endif
 
 Name:           rabbitmq-server
-Version:        3.3.5
+Version:        3.4.3
 Release:        0
 Summary:        The RabbitMQ Server
 License:        MPL-1.1
@@ -197,7 +197,7 @@ systemd-tmpfiles --create --clean /usr/lib/tmpfiles.d/rabbitmq-server.conf
 %if 0%{?have_systemd}
 %service_del_preun %{name}.service
 %else
-%stop_on_removal rabbitmq-server || :
+%stop_on_removal rabbitmq-server
 %endif
 
 %postun