From 4680a69d2b2d62c8e4713d2a3094d9a00e11ee1d4599f832003af5f2fb597d0d Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Wed, 21 Jan 2015 16:18:31 +0000
Subject: [PATCH 1/2] - update to 3.4.3:    * prevent XSS attack in table key
 names (since 2.4.0)      (CVE-2015-0862)    * prevent XSS attack in policy
 names (since 3.4.0)       (CVE-2015-0862)    * prevent XSS attack in client
 details in the connections list       (CVE-2015-0862)    * prevent XSS attack
 in user names in the vhosts list or the vhost names       in the user list
 (since 2.4.0)       (CVE-2015-0862)    * prevent XSS attack in the cluster
 name (since 3.3.0)       (CVE-2015-0862)    * prevent /api/* from returning
 text/html error messages which could       act as an XSS vector (since 2.1.0)
    * fix response-splitting vulnerability in /api/downloads (since 2.1.0)   
 * do not trust X-Forwarded-For header when enforcing 'loopback_users'     
 (CVE-2014-9494)    * disable SSLv3 by default to prevent the POODLE attack   
 * see https://www.rabbitmq.com/release-notes/README-3.4.3.txt    * see
 https://www.rabbitmq.com/release-notes/README-3.4.2.txt    * see
 https://www.rabbitmq.com/release-notes/README-3.4.1.txt    * see
 https://www.rabbitmq.com/release-notes/README-3.4.0.txt

OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=53
---
 rabbitmq-server-3.3.5.tar.gz |  3 ---
 rabbitmq-server-3.4.3.tar.gz |  3 +++
 rabbitmq-server.changes      | 27 +++++++++++++++++++++++++++
 rabbitmq-server.spec         |  4 ++--
 4 files changed, 32 insertions(+), 5 deletions(-)
 delete mode 100644 rabbitmq-server-3.3.5.tar.gz
 create mode 100644 rabbitmq-server-3.4.3.tar.gz

diff --git a/rabbitmq-server-3.3.5.tar.gz b/rabbitmq-server-3.3.5.tar.gz
deleted file mode 100644
index e1f2352..0000000
--- a/rabbitmq-server-3.3.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7a6bf8af684b2087a1c534ffcd2db1b7c15b137a38bb9f00dfdf0227f69d70c2
-size 3648221
diff --git a/rabbitmq-server-3.4.3.tar.gz b/rabbitmq-server-3.4.3.tar.gz
new file mode 100644
index 0000000..2ea0865
--- /dev/null
+++ b/rabbitmq-server-3.4.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a6cb2d68f99054c87cc7daa2d3857f85a2adfc582f6ab8538f2605031751b5d5
+size 3656510
diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes
index 3fb4d4b..9bd2a53 100644
--- a/rabbitmq-server.changes
+++ b/rabbitmq-server.changes
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Wed Jan 21 16:12:13 UTC 2015 - dmueller@suse.com
+
+- update to 3.4.3:
+   * prevent XSS attack in table key names (since 2.4.0)
+     (CVE-2015-0862)
+   * prevent XSS attack in policy names (since 3.4.0)
+      (CVE-2015-0862)
+   * prevent XSS attack in client details in the connections list
+      (CVE-2015-0862)
+   * prevent XSS attack in user names in the vhosts list or the vhost names
+      in the user list (since 2.4.0)
+      (CVE-2015-0862)
+   * prevent XSS attack in the cluster name (since 3.3.0)
+      (CVE-2015-0862)
+   * prevent /api/* from returning text/html error messages which could
+      act as an XSS vector (since 2.1.0)
+   * fix response-splitting vulnerability in /api/downloads (since 2.1.0)
+   * do not trust X-Forwarded-For header when enforcing 'loopback_users' 
+     (CVE-2014-9494)
+   * disable SSLv3 by default to prevent the POODLE attack
+
+   * see https://www.rabbitmq.com/release-notes/README-3.4.3.txt
+   * see https://www.rabbitmq.com/release-notes/README-3.4.2.txt
+   * see https://www.rabbitmq.com/release-notes/README-3.4.1.txt
+   * see https://www.rabbitmq.com/release-notes/README-3.4.0.txt
+
 -------------------------------------------------------------------
 Mon Nov 24 11:52:42 UTC 2014 - dmueller@suse.com
 
diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec
index 294069c..f967b6b 100644
--- a/rabbitmq-server.spec
+++ b/rabbitmq-server.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package rabbitmq-server
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 %endif
 
 Name:           rabbitmq-server
-Version:        3.3.5
+Version:        3.4.3
 Release:        0
 Summary:        The RabbitMQ Server
 License:        MPL-1.1

From f4e66b66f57d93f06375d7f62eb550b5bb64e5ee632cf532d9df6ee828b03596 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Wed, 21 Jan 2015 16:50:54 +0000
Subject: [PATCH 2/2] OBS-URL:
 https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=54

---
 rabbitmq-server.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec
index f967b6b..34142ff 100644
--- a/rabbitmq-server.spec
+++ b/rabbitmq-server.spec
@@ -197,7 +197,7 @@ systemd-tmpfiles --create --clean /usr/lib/tmpfiles.d/rabbitmq-server.conf
 %if 0%{?have_systemd}
 %service_del_preun %{name}.service
 %else
-%stop_on_removal rabbitmq-server || :
+%stop_on_removal rabbitmq-server
 %endif
 
 %postun