[Rpm-announce] RPM 4.10.2 released!

Panu Matilainen pmatilai at redhat.com
Mon Dec 10 10:31:50 UTC 2012

We're pleased to announce the availability of RPM release 4.10.2.

The most important thing here is a security fix to a regression 
introduced in rpm 4.10.0 which can let packages with unparseable 
signature past the checks in some cases due to missing error code: it 
would emit "skipping package with unverifiable signature" message but 
proceed nevertheless.

The rest is just run-of-the-mill bug- and minor regression fixes.

Download instructions and more detailed information are available at


I should also point out that some early birds spotted the unannounced 
4.10.2 tarball on rpm.org over the weekend. Luckily so, because that 
version had a missing include causing it to be unbuildable without 
SELinux support. Normally this would've required 4.10.2.brownpaperbag 
version but as the release hadn't been announced yet I just went ahead 
and replaced the tarball and SHA on the release notes page. The SHA1 of 
the correct rpm-4.10.2.tar.bz2 tarball is 
2455aa402823b34cdc3ee04e85accdffb70c5cb3, if you got something else just 
burn it and pretend it never existed...

Because of the above there's also a slight mixup in the git tags which I 
had unfortunately already pushed on Friday: rpm-4.10.2-release is the 
real tag, rpm-4.10.2 is the buggy one.

On behalf of the rpm-team,

     - Panu -

More information about the Rpm-announce mailing list