[Rpm-maint] RPM 4.13.0-alpha released
thierry.vignaud at gmail.com
Mon Aug 3 10:19:29 UTC 2015
On 30 July 2015 at 12:18, Thierry Vignaud <thierry.vignaud at gmail.com> wrote:
> rpm-4.13 is stricter about multiple (classic package) triggers:
> "error: line 320: Trigger fired by the same package is already defined
> in spec file: %triggerpostun -- initscripts < 8.88-5"
> This is caused by this which worked fine until now:
> %triggerpostun -- initscripts <= 4.72
> %triggerpostun -- initscripts <= 8.38-2
> Here I can safely kill very old triggers.
> But there's obviously real cases where we might want to have two
> similar triggers, only differing by the version that trigger it.
> (eg: fixing a 1st issue when upgrading to distro N to N+2, and fixing
> another one when upgrading from distro N+1 to N+2)
> This is due to this commit:
> This is breaking existing packages
> Why imposing this limit?
> Why would it be OK for file triggers but not for package triggers?
> Do we really want to enforce at rpm level the fact that some distro
> only support upgrading from version N to version N+1?
> I suggest we revert that commit (& adjust http://rpm.org/wiki/Releases/4.13.0)
Also, is there any reason why the following security patches are not
# Fix race condidition where unchecked data is exposed in the file system
# Add check against malicious CPIO file name size
More information about the Rpm-maint