[Rpm-maint] RPM 4.13.0 rc2 released

Panu Matilainen pmatilai at redhat.com
Thu Oct 20 13:32:08 UTC 2016

After couple of weeks of headache from trying to sort this out somehow, 
here comes 4.13.0 rc2.

As explained earlier [1], in order to get the release train back on 
track, pronto, this is mostly just a collection of backports that 
distros have actually been running in the meanwhile rather than 
considering all the commits in master by importance as I'd normally do. 
Plus a few patches based on the feedback I got here. And some security 
fixes. Yeah, those. Some of 'em have barely hatched and have little real 
world exposure, but can't be helped. If we'll need rc3 then we'll have 
rc3, it's not the end of the world. Just bleeping annoying. But on with 
the show.

In this slot it normally says go to rpm.org release page for details but 
rpm.org Trac is not letting me in. I'll be damned before I let that 
aging s***box (soap! it says soap!) prevent me from doing this release 
and doing so right now. So we'll do it the old-fashiened way then:

The tarball is at http://rpm.org/releases/testing/rpm-4.13.0-rc2.tar.bz2
and the SHA1SUM is 58dfe53cceb49d76315492d25efa8231b5fcf1fb.

Here's the full list of changes since rc1:
- Add "-O" to %make_build
- Fix not chrooting transaction file triggers
- Fix rpmi.at testcase by checking actual datadir and docdir used.
- tests: Do not pass real pathnames to fakechroot commands
- tests: Do not pass real pathnames to fakechroot commands
- Fix rpmrichOpStr to use the new syntax
- Fix reading a memory right after the end of an allocated area.
- Add support for various types of dependencies to rpmdeps tool
- fix %autopatch when patch do not exist
- Permit scriptlet exec context setting to fail in non-enforcing modes
- Warn if epoch is not unsigned integer (rhbz:1251453)
- Make terminating build if version format is wrong configurable
- Ignore SIGPIPE signals during execucton of scriptlets (rhbz:1264198)
- Fix SIGSEGV in case of old unsupported gpg keys (rhbz:1277464)
- Fix crash when parsing corrupted RPM file (rhbz:1273360)
- Set up portable definitions to support μClibc and MUSL
- Fix fstat64 conditional and definition typo
- Fix next_brace_sub() to return NULL if braces don't match.
- Remove size limit when expanding macros
- Add possibility to disable file triggers.
- Remove option --priority for file triggers, leave option -P
- Rename expandMacrosU to rpmExpandMacros
- rpmExpandMacros() is modified to be able to return more return codes
- Sanity check that there is at least one tag in header region
- Add support for %missingok as a standalone file attribute
- Fix recursive calling of rpmdeps tool (rhbz:1297557)
- Fix %autosetup to not cause errors during run of rpmspec tool
- Fix memory leak in file triggers
- Also block idle and sleep in the systemd-inhibit plugin
- Add support for MIPS release 6 - Add mips32 mips64 mipsel and mipseb 
- Use pkg->dpaths during dependency generation instead of buildRoot + 
- Use %_build_cpu instead of noarch when evaluating ExcludeArch and 
- Fix memory leaks in rpmGetSubkeys() and pgpPrtParamsSubkeys()
- Add posix.redirect2null
- Fix non-working combination of %lang and %doc directive (rhbz:1254483)
- Use fuzz settings for %autopatch/%autosetup
- Misleading indentation fixes (GCC6)
- Fix index generation of rich dependencies with an else part
- Make creating index records consistent for rich and rich-weak deps
- Add enahance dependency forgotten in the recent commit [1]
- Add %{_default_patch_flags} to %__patch which is used in %autosetup
- Enable --no-backup-if-mismatch by default in %patch macro (rhbz:884755)
- Fix reading rpmtd behind its size in formatValue() (rhbz:1316896)
- Fix sigsegv in stringFormat() (rhbz:1316903)
- Make sure getNEVRA always sets td.data
- Filter unversioned deps if corresponding versioned deps exist 
- Use armv7hl isa for all armhfp (armv7h*l) arches (#1326871)
- Fix signing with non-ASCII uid keys (rhbz:1243963)
- Fix off-by-one error
- fix segfault when calling with args==NULL
- Add support for _buildhost macro for setting the build host manually.
- Add find-debuginfo.sh -m minisymtab support.
- Add dwz debuginfo compression support.
- Add sepdebugcrcfix to fixup old style gnu_debuglink CRC checksum.
- Fix preun scriptlet failure not aborting rpm erase
- RISCV 64-bit (riscv64) support.
- rpmrc: Convert uname.machine == "riscv" to "riscv32"/"riscv64"/"riscv128".
- Fix overflow in cpio filename by limiting the allowed length to 4kB
- rpmdb.c: avoid double free in rpmdbClose, rpmdbMatchIterator, ...
- rpmdb.c: (rpmdbCheckTerminate) return non-zero on subsequent runs
- Create files with with 000 permissions to avoid leaking yet unchecked data
- Remove leftover include of <selinux/flask.h>
- Fix mini-symtab in find-debuginfo.sh for arches with function descriptors.
- find-debuginfo.sh: Don't copy extra sections into .gnu_debugdata.
- rpm2archive: return 0 on success instead of stop iteration
- Revised fix for CVE-2013-6435
- Bring CREDITS to this millenium
- Verify data is within range and does not overlap in headerVerifyInfo()
- Avoid going past header data area when validating SHA1 header digest
- Revert "Add macro _vsflags_query_rpmdb"
- Preparing for rpm 4.13.0-rc2

Please test and report any anomalies. From rc2 to final only regression 
fixes will be allowed. Unless of course something really strange comes 
up, you never know. Or I forgot something absolutely vital. THAT would 
not count as a strange incident though.

[1] http://lists.rpm.org/pipermail/rpm-maint/2016-October/004595.html &

P.S. We'll try to figure out what to do with rpm.org and its content in 
the next few months, and things might be a bit muddy before they get 
better. Try to bear with us.

P.P.S. It's good to be back :)

	- Panu -

More information about the Rpm-maint mailing list