[Rpm-maint] [Rpm-announce] RPM 4.14.0 release candidate 2 is out
Thierry Vignaud
thierry.vignaud at gmail.com
Mon Oct 2 11:05:23 UTC 2017
On 2 October 2017 at 12:34, Panu Matilainen <pmatilai at redhat.com> wrote:
> On 10/02/2017 12:20 PM, Thierry Vignaud wrote:
>>
>> On 28 September 2017 at 16:06, Panu Matilainen <pmatilai at redhat.com>
>> wrote:
>>>
>>>
>>> There aren't that many changes since rc1, but enough to warrant a second
>>> release candidate instead of going for final. The important ones being:
>>>
>>> - Fix a bug of file triggers failing on some packages (MgBug:18797, in
>>> 4.13.x already)
>>> - Fix a regression on 32bit architectures on generation of packages over
>>> 2GB
>>> in size (RhBug:1492587)
>>> - Fix rpm following arbitrary directory symlinks on installation
>>> (CVE-2017-7500)
>>> - Fix rpm following symlinks on file creation (CVE-2017-7501)
>>> - Adjust verification to match the new directory symlink rule
>>> - Forbid 'if' richops in 'or' context and 'unless' richops in 'and'
>>> context
>>>
>>> As usual, the details + download info at:
>>>
>>> http://rpm.org/wiki/Releases/4.14.0
>>>
>>> Oh and release notes changed to use SHA256 instead of SHA1 for the source
>>> checksum. Guess it's about time.
>>
>>
>> perl-RPM4's testsuite seems to have caught a regression:
>> Simulating several simulate rpm -bi in a row now fails with:
>> error: Wrong number of entries for tag Filemodes: 2 found but 1 expected.
>>
>> As a workaround, we've to reload the spec file between 2 tests:
>>
>> http://svnweb.mageia.org/packages/cauldron/perl-RPM4/current/SOURCES/reload-spec-file-before-builds.patch?revision=1143572&view=markup
>>
>> I've attached the output of erl t/04spec.t with & w/o this patch
>>
>
> Wild guess: debuginfo link creation.
>
> Does setting %_build_id_links to "none" or "alldebug" make the issue go
> away?
None of that fixes it
More information about the Rpm-maint
mailing list