Package: rabbitmq-server / 3.8.9-3+deb11u1

Metadata

Package Version Patches format
rabbitmq-server 3.8.9-3+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
lets use python3 not python binary.patch | (download)

deps/amqp10_common/codegen.py | 2 1 + 1 - 0 !
deps/amqp10_common/development.post.mk | 2 1 + 1 - 0 !
deps/rabbit_common/codegen.py | 2 1 + 1 - 0 !
deps/rabbit_common/development.post.mk | 2 1 + 1 - 0 !
deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py | 2 1 + 1 - 0 !
deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/start.sh | 4 2 + 2 - 0 !
deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py | 2 1 + 1 - 0 !
deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py | 2 1 + 1 - 0 !
deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py | 2 1 + 1 - 0 !
deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py | 2 1 + 1 - 0 !
10 files changed, 11 insertions(+), 11 deletions(-)

 using /usr/bin/python3, not just python
rabbitmq dist.mk.patch | (download)

deps/rabbit_common/mk/rabbitmq-dist.mk | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 make 4.3 compatibility change
Upstream_PR2965_fixing_rabbitmqctl_parsing | (download)

deps/rabbit/src/rabbit_disk_monitor.erl | 4 3 + 1 - 0 !
deps/rabbitmq_cli/lib/rabbitmq/cli/core/memory.ex | 6 6 + 0 - 0 !
2 files changed, 9 insertions(+), 1 deletion(-)

 fix incorrect parsing of vm_memory_high_watermark
 Upstream bug:
 https://github.com/rabbitmq/rabbitmq-server/issues/2964
CVE 2023 46118_1_Reduce_default_HTTP_API_request_body_size_limit_to_10_MiB.patch | (download)

deps/rabbitmq_management/Makefile | 3 2 + 1 - 0 !
deps/rabbitmq_management/priv/schema/rabbitmq_management.schema | 16 16 + 0 - 0 !
2 files changed, 18 insertions(+), 1 deletion(-)

 cve-2023-46118 (1/2): reduce default http api request body size limit to 10 mib
 per discussion with the team.
 .
 It should be enough to accomodate a definition file with about
 100K queues.
CVE 2023 46118_2_Introduce_HTTP_request_body_limit_for_definition_uploads.patch | (download)

deps/rabbitmq_management/include/rabbit_mgmt.hrl | 2 2 + 0 - 0 !
deps/rabbitmq_management/priv/schema/rabbitmq_management.schema | 17 17 + 0 - 0 !
deps/rabbitmq_management/src/rabbit_mgmt_util.erl | 24 18 + 6 - 0 !
deps/rabbitmq_management/src/rabbit_mgmt_wm_definitions.erl | 11 9 + 2 - 0 !
4 files changed, 46 insertions(+), 8 deletions(-)

 cve-2023-46118 (2/2): introduce http request body limit for definition uploads
 The default is 20 MiB, which is enough to upload
 a definition file with 200K queues, a few virtual host
 and a few users. In other words, it should accomodate
 a lot of environments.