[Rpm-announce] RPM 4.10.2 released!
pmatilai at redhat.com
Mon Dec 10 10:31:50 UTC 2012
We're pleased to announce the availability of RPM release 4.10.2.
The most important thing here is a security fix to a regression
introduced in rpm 4.10.0 which can let packages with unparseable
signature past the checks in some cases due to missing error code: it
would emit "skipping package with unverifiable signature" message but
The rest is just run-of-the-mill bug- and minor regression fixes.
Download instructions and more detailed information are available at
I should also point out that some early birds spotted the unannounced
4.10.2 tarball on rpm.org over the weekend. Luckily so, because that
version had a missing include causing it to be unbuildable without
SELinux support. Normally this would've required 4.10.2.brownpaperbag
version but as the release hadn't been announced yet I just went ahead
and replaced the tarball and SHA on the release notes page. The SHA1 of
the correct rpm-4.10.2.tar.bz2 tarball is
2455aa402823b34cdc3ee04e85accdffb70c5cb3, if you got something else just
burn it and pretend it never existed...
Because of the above there's also a slight mixup in the git tags which I
had unfortunately already pushed on Friday: rpm-4.10.2-release is the
real tag, rpm-4.10.2 is the buggy one.
On behalf of the rpm-team,
- Panu -
More information about the Rpm-announce