[Rpm-maint] RPM 4.13.0-alpha released

Lubos Kardos lkardos at redhat.com
Tue Aug 4 13:49:02 UTC 2015


There was a problem with rpm tests after applying those patches. We
will examine this problem and we will probably include these patches
in beta release.

Lubos

----- Original Message -----
> From: "Thierry Vignaud" <thierry.vignaud at gmail.com>
> To: "Florian Festi" <ffesti at redhat.com>
> Cc: rpm-maint at lists.rpm.org
> Sent: Monday, August 3, 2015 12:19:29 PM
> Subject: Re: [Rpm-maint] RPM 4.13.0-alpha released
> 
> On 30 July 2015 at 12:18, Thierry Vignaud <thierry.vignaud at gmail.com> wrote:
> > rpm-4.13 is stricter about multiple (classic package) triggers:
> > "error: line 320: Trigger fired by the same package is already defined
> > in spec file: %triggerpostun -- initscripts < 8.88-5"
> >
> > This is caused by this which worked fine until now:
> >
> > %triggerpostun -- initscripts <= 4.72
> > (...)
> >
> > %triggerpostun -- initscripts <= 8.38-2
> > (...)
> >
> > Here I can safely kill very old triggers.
> > But there's obviously real cases where we might want to have two
> > similar triggers, only differing by the version that trigger it.
> > (eg: fixing a 1st issue when upgrading to distro N to N+2, and fixing
> > another one when upgrading from distro N+1 to N+2)
> >
> > This is due to this commit:
> > http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3ae1c414f69a0eddbfecd4341dd27c7a5e90e12a
> >
> > This is breaking existing packages
> > Why imposing this limit?
> > Why would it be OK for file triggers but not for package triggers?
> > Do we really want to enforce at rpm level the fact that some distro
> > only support upgrading from version N to version N+1?
> >
> > I suggest we revert that commit (& adjust
> > http://rpm.org/wiki/Releases/4.13.0)
> > WDYT?
> 
> Also, is there any reason why the following security patches are not
> yet integrated?
> 
> http://pkgs.fedoraproject.org/cgit/rpm.git/tree/rpm.spec?id=977533abf2b72d3828a1bcd7b596f418f8cbd27b#n67
> 
> # Fix race condidition where unchecked data is exposed in the file system
> Patch308: rpm-4.12.0.x-CVE-2013-6435.patch
> # Add check against malicious CPIO file name size
> Patch309: rpm-4.12.0.x-CVE-2014-8118.patch
> 
> See you
> _______________________________________________
> Rpm-maint mailing list
> Rpm-maint at lists.rpm.org
> http://lists.rpm.org/mailman/listinfo/rpm-maint
> 


More information about the Rpm-maint mailing list