[Rpm-announce] RPM 4.14.0 release candidate 2 is out
Panu Matilainen
pmatilai at redhat.com
Thu Sep 28 14:06:00 UTC 2017
There aren't that many changes since rc1, but enough to warrant a second
release candidate instead of going for final. The important ones being:
- Fix a bug of file triggers failing on some packages (MgBug:18797, in
4.13.x already)
- Fix a regression on 32bit architectures on generation of packages over
2GB in size (RhBug:1492587)
- Fix rpm following arbitrary directory symlinks on installation
(CVE-2017-7500)
- Fix rpm following symlinks on file creation (CVE-2017-7501)
- Adjust verification to match the new directory symlink rule
- Forbid 'if' richops in 'or' context and 'unless' richops in 'and' context
As usual, the details + download info at:
http://rpm.org/wiki/Releases/4.14.0
Oh and release notes changed to use SHA256 instead of SHA1 for the
source checksum. Guess it's about time.
On behalf of the rpm-team,
- Panu -
More information about the Rpm-announce
mailing list