RHEA-2015:0805 - Product Enhancement Advisory

Topic

Red Hat Enterprise MRG Messaging 3.1 packages that include a number of bug fixes and enhancements are now available for Red Hat Enterprise Linux 6.

Description

Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating
Messaging, Realtime, and Grid functionality. It offers increased performance,
reliability, interoperability, and faster computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors.

MRG Messaging includes AMQP messaging broker; AMQP client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

These updated packages for Red Hat Enterprise Linux 6 include numerous bug fixes and enhancements for the Messaging component of MRG. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise MRG Messaging 3.1 Release Notes document for information on the most significant of these changes:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_MRG/3/html/3.1_MRG_Messaging_Release_Notes/index.html

Users of the Messaging capabilities of Red Hat Enterprise MRG 3.1, which is layered on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise MRG Messaging 3 x86_64
• Red Hat Enterprise MRG Messaging 3 i386

Fixes

• BZ - 648690 - "qpid-route route map " with ACL gives "unauthorized-access"
• BZ - 693721 - Session names longer than 256 bytes cause errors when encoding session management objects
• BZ - 726695 - Unable to create bindings on already existing broker objects using addressing
• BZ - 728196 - Provide more descriptive error text when SASL config. file is malformed
• BZ - 747314 - [RFE] Authentication error displayed for qpid is not meaningful
• BZ - 796273 - Priority ring queue lets lower-priority message displace higher-priority
• BZ - 852067 - Qpid python client unable to receive last message from the queue
• BZ - 883866 - [RFE]: Access control for QMF functionality should be improved
• BZ - 915333 - Java client raises javax.jms.JMSException instead of InvalidDestinationException in BasicMessageProducer.send() method
• BZ - 916975 - Journal can not manage enqueues matching two bindings from headers exchange to the same queue
• BZ - 929169 - Closing a topic consumer should delete its exclusive auto-delete queue
• BZ - 959448 - Report error when encountering unrecognized connection option
• BZ - 974940 - Python client unexpected exception after ACL denial
• BZ - 977869 - Producing to many queues locks I/O threads for new connections
• BZ - 984424 - qpid-config does not throws correct exception when binding nonexisting exchange
• BZ - 985869 - Do not make durable subscriptions auto-delete by default
• BZ - 985870 - [RFE]: Add configurable time-delayed auto-delete for durable subscriptions
• BZ - 991146 - C++ Broker with durable queues/exchanges fails to restart - Out of bounds
• BZ - 995496 - [Windows C++ client] An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full
• BZ - 1002605 - Trace queue deletion statistics show msgDepth:0 everytime
• BZ - 1002952 - session statistics Tx* not updated any time
• BZ - 1003661 - User ID is not passed to ACL when DIGEST-MD5 is used while creating link
• BZ - 1017743 - Posibility to disable the SSL hostname verification in C++ Linux clients
• BZ - 1024685 - Creating a queue with invalid settings results in no queue but only its management object exists
• BZ - 1028289 - Broker reports EXTERNAL mech. not supported if CN is empty.
• BZ - 1038586 - Python client SSL authentication passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not given
• BZ - 1049833 - [RFE]: Allowing users to connect only from selected IP addresses
• BZ - 1049870 - Broker recovers auto-delete queues and discards their auto-delete bit
• BZ - 1059786 - [amqp1.0] missing first-acquirer property support
• BZ - 1065872 - Topic subscriptions should not ignore auto-delete x-declare flag
• BZ - 1066271 - Example application "csharp.map.receiver" with three arguments fails
• BZ - 1066372 - ACL to take default broker values instead of 0 for queue create parameters
• BZ - 1070874 - Exchange is not created when dynamic flag is used
• BZ - 1070901 - invalid reply-to conversion from 1.0 to 0.10
• BZ - 1073796 - [amqp1.0] delete-on-close policy do not work for producers of exchanges
• BZ - 1078936 - "csharp.example.server" cannot read connection options
• BZ - 1080165 - [qpid] Changing system time might cause heartbeat-enabled connections to drop
• BZ - 1080480 - qpid-config does not support int arguments
• BZ - 1082026 - 'unknown object' thrown where 'object exists' is expected
• BZ - 1082027 - Missing domain info when listing incoming/outgoing links
• BZ - 1084621 - Missing information about HA queue replication.
• BZ - 1086816 - When the node name starts with '#' character the node shall be created
• BZ - 1087852 - Org.Apache.Qpid.Messaging.Message.SetContentObject(object) method cannot set Dictionary<> or Collection<> types as message content
• BZ - 1089652 - [RFE]: Configuration option for linear store to delete the used journal files instead of recycling them.
• BZ - 1093996 - Purging TTL expired messages blocks all other timers, causing connection drops
• BZ - 1096744 - Increased memory requirements of MRG-M 3.0, as compared to 2.3
• BZ - 1101533 - QMF opcode _query_request bypasses any ACL authorisation
• BZ - 1109873 - "qpid-stat -c does not show clients names connected from Windows
• BZ - 1113197 - Linux clients do not report "mech" information to the broker.
• BZ - 1115969 - qpid c++ AMQP1.0 client weird authentication failed message error Caught exception in state: 3 with event: 1: Failed to authenticate
• BZ - 1116746 - amqp1.0 authentication hang with jbossamq
• BZ - 1126525 - [AMQP 1.0] Can't read content endoding property
• BZ - 1133204 - MICG: obsolete qpid.queue_event_generation option
• BZ - 1145386 - HA broker abort in TXN soak test
• BZ - 1147977 - Session.nextReceiver() with IMMEDIATE duration does not raise exception when connection is closed
• BZ - 1152589 - Incorrect footnote related to reliability options
• BZ - 1160154 - C++ and .NET clients on Windows do not support AMQP 1.0 protocol
• BZ - 1160232 - [regression] broker sometimes forgets to send connection heartbeats
• BZ - 1178829 - Qpid python client hangs when message with routing key longer than 255 is sent (mutual recursion)
• BZ - 1179341 - queue_event_generation option clean-up desired
• BZ - 1179609 - ring queue disables LVQ
• BZ - 1184124 - TypeError on qpid.auto_delete_timeout assertion
• BZ - 1186693 - [amqp1.0] Abort after uncaught UnknownExchangeTypeException
• BZ - 1187636 - Session detach is not detected by the client application
• BZ - 1202376 - [amqp1.0] asserting legacy-amqp-topic-binding on xml exchange node does not fail

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal