[Rpm-maint] Planning for rpm 4.13.0 (-rc2)

Neal Gompa ngompa13 at gmail.com
Fri Oct 14 22:34:29 UTC 2016

On Fri, Oct 14, 2016 at 9:33 AM, Panu Matilainen
<pmatilai at laiskiainen.org> wrote:
> Hey folks,
> Time to get rpm 4.13.0 out of the door. But in order to do that, we'll need
> to cut -rc2 first, there's just too much change to jump right into final.
> The idea is to get -rc2 out next week (ie by Oct 21st at latest). If all
> goes well we'll just rename that to -final in a few weeks time, if all goes
> to hell we'll just have another -rc. Which I really, really dont want to
> happen. So what I've planned for -rc2 is this rather conservative
> cherry-picks from git master on top of the 4.13.x branch:
> d20b7d2 Fix rpmrichOpStr to use the new syntax
> 54f24ec Fix reading a memory right after the end of an allocated area.
> 7a84b45 Add support for various types of dependencies to rpmdeps tool
> 73ea59e fix %autopatch when patch do not exist
> 0d214a1 Permit scriptlet exec context setting to fail in non-enforcing modes
> f5bab7c Warn if epoch is not unsigned integer (rhbz:1251453)
> 5e94633 Make terminating build if version format is wrong configurable
> 90d8cc1 Ignore SIGPIPE signals during execucton of scriptlets (rhbz:1264198)
> 2dd0693 Fix SIGSEGV in case of old unsupported gpg keys (rhbz:1277464)
> 9c36ca4 Fix crash when parsing corrupted RPM file (rhbz:1273360)
> 1af568a Fix next_brace_sub() to return NULL if braces don't match.
> 61838b0 Remove size limit when expanding macros
> a0f2d94 Add possibility to disable file triggers.
> 5e4c16f Remove option --priority for file triggers, leave option -P
> aee8446 Rename expandMacrosU to rpmExpandMacros
> ddf9ec7 rpmExpandMacros() is modified to be able to return more return codes
> 8e847d5 Sanity check that there is at least one tag in header region
> 9aff39d Fix not chrooting transaction file triggers
> 8efe51e Add support for %missingok as a standalone file attribute
> 33158b3 Fix recursive calling of rpmdeps tool (rhbz:1297557)
> 231a721 Fix %autosetup to not cause errors during run of rpmspec tool
> 6e23e20 Fix memory leak in file triggers
> 448db68 Add RPMCALLBACK_ELEM_PROGRESS callback type
> 83219d0 Also block idle and sleep in the systemd-inhibit plugin
> cd02e06 Add support for MIPS release 6 - Add mips32 mips64 mipsel and mipseb
> macros
> 2166133 Use pkg->dpaths during dependency generation instead of buildRoot +
> filename
> d53499d Use %_build_cpu instead of noarch when evaluating ExcludeArch and
> ExclusiveArch
> cc61141 Fix memory leaks in rpmGetSubkeys() and pgpPrtParamsSubkeys()
> 19fe0d9 Add posix.redirect2null
> 877d5b1 Fix non-working combination of %lang and %doc directive
> (rhbz:1254483)
> 50905f4 Use fuzz settings for %autopatch/%autosetup
> dddc6e7 Misleading indentation fixes (GCC6)
> 4695533 Fix index generation of rich dependencies with an else part
> 9c1e995 Make creating index records consistent for rich and rich-weak deps
> e297b51 Add enahance dependency forgotten in the recent commit [1]
> 66a6082 Add %{_default_patch_flags} to %__patch which is used in %autosetup
> 69ed95e Enable --no-backup-if-mismatch by default in %patch macro
> (rhbz:884755)
> b722cf8 Fix reading rpmtd behind its size in formatValue() (rhbz:1316896)
> cddf43a Fix sigsegv in stringFormat() (rhbz:1316903)
> b4f0e7e Make sure getNEVRA always sets td.data
> 6ac793b Filter unversioned deps if corresponding versioned deps exist
> (rhbz:678605)
> 5d5dd56 Use armv7hl isa for all armhfp (armv7h*l) arches (#1326871)
> 258e306 Fix signing with non-ASCII uid keys (rhbz:1243963)
> 0964912 Fix off-by-one error
> 1aeddbc fix segfault when calling with args==NULL
> 4ec7c39 Add sepdebugcrcfix to fixup old style gnu_debuglink CRC checksum.
> 6b3b435 Add dwz debuginfo compression support.
> b33a41d Add find-debuginfo.sh -m minisymtab support.
> cf56793 rpmrc: Convert uname.machine == "riscv" to
> "riscv32"/"riscv64"/"riscv128".
> d9d47e0 RISCV 64-bit (riscv64) support.
> f255c6b Fix overflow in cpio filename by limiting the allowed length to 4kB
> e41550e Fix misleading-indentation in rpmplugins.c
> 7e26e2b Create files with with 000 permissions to avoid leaking yet
> unchecked data
> a6e662f rpm2archive: return 0 on success instead of stop iteration
> bd76111 find-debuginfo.sh: Don't copy extra sections into .gnu_debugdata.
> 6e7c6d1 Revised fix for CVE-2013-6435
> If that seems somewhat strange selection, that's because ... well, I agree
> it is. To minimize the risk of breaking anything, this is almost exactly
> what has been included in Fedora and Mageia rpm during the past year. Which
> means its reasonably tried and true code, which is exactly what we want to
> get the thing out of the door, fast.
> I know there's a huge pile of other important fixes and enhancements in git
> master waiting for an outlet. The idea is to get 4.13.0 out as soon as we
> can reasonably can, just to break the current logjam. And then immediately
> start looking forward to both new major release and backporting more goodies
> to 4.13.x in the meanwhile. Think on the order of three months max to
> 4.13.1.
> Anyway, the list above is not set in stone, otherwise there'd be little
> point in posting it here. If you think something absolutely critical is
> missing from that list, or that something should not be there, now is the
> time to speak up.

In general, I'm happy with this list. However, I have a couple of requests:

I work as a maintainer for rpm for Unity Linux (an rpm based distro
using musl libc), I'd like to see the following commits added to
4.13-rc2 to support it properly (oldest first):
4f7c802 Set up portable definitions to support μClibc and MUSL
ff3e57c Fix fstat64 conditional and definition typo

These have been used in Unity Linux's rpm for almost a year as a
squashed patch:

I'd also like to see the following commits added in general, because
it fixes issues with building rpm that I've discovered over time
(oldest first):
aa4c0d4 digest_beecrypt: Use correct header locations
c67aece Properly support BeeCrypt option in build system
3ad7495 Fix pkgconfig reference to Lua in Libs.private

I don't think the above commits would be too difficult to include into

真実はいつも一つ!/ Always, there's only one truth!

More information about the Rpm-maint mailing list