[Rpm-maint] Announcing POPT upstream reboot and 1.18 release candidate (DRAFT)

Panu Matilainen pmatilai at redhat.com
Fri May 29 08:17:52 UTC 2020


At the time of the rpm.org upstream reboot back in 2006 [1], the idea 
was to split out popt from the rpm codebase and then ... something. Only 
we were too busy dealing with rpm itself and popt got left behind. The 
last popt release is from 2010 and about a year ago it's download site 
dropped off the net. People have been prodding us about this for some 
time now, popt being a mandatory dependency of rpm but also used by 
several other prominent OSS projects such as Samba, SSSD and Gnome. So 
after heroic efforts of Neal Gompa to convert the rusty old CVS (anybody 
still remember *that* horror?) repo into a nice shiny git repo, here goes.

 From now on, popt will be maintained under the rpm-software-management 
umbrella at https://github.com/rpm-software-management/popt where bugs 
can be reported and pull-requests submitted, with release tarball on 
ftp.rpm.org.

To accompany the launch there's also a new 1.18 release in the pipeline:

     http://ftp.rpm.org/releases/testing/popt-1.18-rc1.tar.gz [2]

Much like with rpm itself back in the day, this first release is all 
about collecting existing fixes and cleaning up the codebase, starting 
with the last widely used 1.16 release as the basis. There are no new 
features in this release or in the immediate plans, time will tell where 
this all will lead.

There will be a release notes page for the final release, but for now 
the executive summary of changes is:
- fix an ugly and ancient security issue with popt failing to drop 
privileges on alias exec from a SUID/SGID program
- perform rudimentary sanity checks when reading in popt config files
- collect accumulated misc fixes from distros etc
- dust off ten years worth of autotools sediment
- reorganize and clean up the source tree for clarity
- remove the obnoxious splint annotations from the sources

1.18-rc1 is supposed to be ABI and API compatible with 1.16, and unless 
something unexpected happens, will be released as 1.18 final within a 
month or so. If you can, give it a spin and let us know.

On behalf of the rpm-team,

	- Panu -

[1] http://lists.rpm.org/pipermail/rpm-announce/2006-December/000005.html
[2] SHA256: 2ba1769489e6eddb6b2969d4de5e8fc855fb668c411d8bc002042c14708e682c



More information about the Rpm-maint mailing list