RPM Release Notes

Download information

Summary of changes from RPM 4.13.0

Security fixes

  • Fix several out of bounds reads in the OpenPGP parser (GH:148, GH:149, GH:151)
  • Fix handling of OpenPGP reserved tag (should be rejected)
  • Fix various crashes from malformed packages with invalid tags (GH:133, GH:135, GH:136, GH:138 and GH:139)

General bugfixes

  • Fix %transfiletriggerpostun nondeterministic behavior (RhBug:1284645)
  • Fix rpmdb cleanup on signal (regression introduced in 4.13.0)

Package building

  • Fix debuginfo GDB index generation (RhBug:1410907, regression introduced in 4.13.0)
  • Fix malformed packages being generated around 4GB size boundary (RhBug:1405570, regression introduced in 4.12.0)
  • Fix special %doc/%license directory inheriting default file permissions (RhBug:1399798, regression introduced in 4.13.0)

Build process

  • Fix API documentation generation with Doxygen >= 1.8.8 (GH:131)