[Rpm-maint] Planning for rpm 4.13.0 (-rc2)

Panu Matilainen pmatilai at laiskiainen.org
Fri Oct 14 13:33:00 UTC 2016

Hey folks,

Time to get rpm 4.13.0 out of the door. But in order to do that, we'll 
need to cut -rc2 first, there's just too much change to jump right into 

The idea is to get -rc2 out next week (ie by Oct 21st at latest). If all 
goes well we'll just rename that to -final in a few weeks time, if all 
goes to hell we'll just have another -rc. Which I really, really dont 
want to happen. So what I've planned for -rc2 is this rather 
conservative cherry-picks from git master on top of the 4.13.x branch:

d20b7d2 Fix rpmrichOpStr to use the new syntax
54f24ec Fix reading a memory right after the end of an allocated area.
7a84b45 Add support for various types of dependencies to rpmdeps tool
73ea59e fix %autopatch when patch do not exist
0d214a1 Permit scriptlet exec context setting to fail in non-enforcing modes
f5bab7c Warn if epoch is not unsigned integer (rhbz:1251453)
5e94633 Make terminating build if version format is wrong configurable
90d8cc1 Ignore SIGPIPE signals during execucton of scriptlets (rhbz:1264198)
2dd0693 Fix SIGSEGV in case of old unsupported gpg keys (rhbz:1277464)
9c36ca4 Fix crash when parsing corrupted RPM file (rhbz:1273360)
1af568a Fix next_brace_sub() to return NULL if braces don't match.
61838b0 Remove size limit when expanding macros
a0f2d94 Add possibility to disable file triggers.
5e4c16f Remove option --priority for file triggers, leave option -P
aee8446 Rename expandMacrosU to rpmExpandMacros
ddf9ec7 rpmExpandMacros() is modified to be able to return more return codes
8e847d5 Sanity check that there is at least one tag in header region
9aff39d Fix not chrooting transaction file triggers
8efe51e Add support for %missingok as a standalone file attribute
33158b3 Fix recursive calling of rpmdeps tool (rhbz:1297557)
231a721 Fix %autosetup to not cause errors during run of rpmspec tool
6e23e20 Fix memory leak in file triggers
448db68 Add RPMCALLBACK_ELEM_PROGRESS callback type
83219d0 Also block idle and sleep in the systemd-inhibit plugin
cd02e06 Add support for MIPS release 6 - Add mips32 mips64 mipsel and 
mipseb macros
2166133 Use pkg->dpaths during dependency generation instead of 
buildRoot + filename
d53499d Use %_build_cpu instead of noarch when evaluating ExcludeArch 
and ExclusiveArch
cc61141 Fix memory leaks in rpmGetSubkeys() and pgpPrtParamsSubkeys()
19fe0d9 Add posix.redirect2null
877d5b1 Fix non-working combination of %lang and %doc directive 
50905f4 Use fuzz settings for %autopatch/%autosetup
dddc6e7 Misleading indentation fixes (GCC6)
4695533 Fix index generation of rich dependencies with an else part
9c1e995 Make creating index records consistent for rich and rich-weak deps
e297b51 Add enahance dependency forgotten in the recent commit [1]
66a6082 Add %{_default_patch_flags} to %__patch which is used in %autosetup
69ed95e Enable --no-backup-if-mismatch by default in %patch macro 
b722cf8 Fix reading rpmtd behind its size in formatValue() (rhbz:1316896)
cddf43a Fix sigsegv in stringFormat() (rhbz:1316903)
b4f0e7e Make sure getNEVRA always sets td.data
6ac793b Filter unversioned deps if corresponding versioned deps exist 
5d5dd56 Use armv7hl isa for all armhfp (armv7h*l) arches (#1326871)
258e306 Fix signing with non-ASCII uid keys (rhbz:1243963)
0964912 Fix off-by-one error
1aeddbc fix segfault when calling with args==NULL
4ec7c39 Add sepdebugcrcfix to fixup old style gnu_debuglink CRC checksum.
6b3b435 Add dwz debuginfo compression support.
b33a41d Add find-debuginfo.sh -m minisymtab support.
cf56793 rpmrc: Convert uname.machine == "riscv" to 
d9d47e0 RISCV 64-bit (riscv64) support.
f255c6b Fix overflow in cpio filename by limiting the allowed length to 4kB
e41550e Fix misleading-indentation in rpmplugins.c
7e26e2b Create files with with 000 permissions to avoid leaking yet 
unchecked data
a6e662f rpm2archive: return 0 on success instead of stop iteration
bd76111 find-debuginfo.sh: Don't copy extra sections into .gnu_debugdata.
6e7c6d1 Revised fix for CVE-2013-6435

If that seems somewhat strange selection, that's because ... well, I 
agree it is. To minimize the risk of breaking anything, this is almost 
exactly what has been included in Fedora and Mageia rpm during the past 
year. Which means its reasonably tried and true code, which is exactly 
what we want to get the thing out of the door, fast.

I know there's a huge pile of other important fixes and enhancements in 
git master waiting for an outlet. The idea is to get 4.13.0 out as soon 
as we can reasonably can, just to break the current logjam. And then 
immediately start looking forward to both new major release and 
backporting more goodies to 4.13.x in the meanwhile. Think on the order 
of three months max to 4.13.1.

Anyway, the list above is not set in stone, otherwise there'd be little 
point in posting it here. If you think something absolutely critical is 
missing from that list, or that something should not be there, now is 
the time to speak up.

	- Panu -

P.S. Yes, I'm back at rpm work, officially started this Monday. Lest 
anybody have funny ideas: this was set in motion out of my own will well 
before the recent "crisis" reported on lwn.net, although the timing of 
that was quite a coincindence. But as they say, old flames die hard ;)

More information about the Rpm-maint mailing list