RPM Release Notes

Download information

  • rpm- source
  • SHA256SUM: 2f3e2c07c354d16f2305ddd93ed030c8403d59b272f2fb6722445b091ff14194

Summary of changes from RPM

Security fixes

  • Restrict following symlinks to directories by ownership (CVE-2017-7500), apply same rules on verification
  • Don’t follow symlinks on file creation (CVE-2017-7501)

General bugfixes

  • Fix file triggers failing to match on some packages (MgBug:18797)
  • Fix Ftell() past 2GB on 32bit architectures (RhBug:1492587)
  • Fix failure to install old packages with zero-length files (RhBug:1352222, regression introduced in rpm 4.12.x)
  • Fix segfault on non-string type passed to :shescape and :expand formats
  • Fix unknown signature tags not being ignored (RhBug:1480407)
  • Fallback to DB_PRIVATE on readonly DB_VERSION_MISMATCH (RhBug:1465809)
  • Limit automatic fallback to DB_PRIVATE to read-only operations

Package building

  • Fix invalid memory access in %trace mode

Python bindings

  • Fix spec object reference counting (#114)
  • Fix rpmsign module build with setup.py

Build process

  • Fix testsuite with newer NSS versions which require /dev/urandom
  • Fix dwz test to work with newer versions of libmagic
  • Fix symlink tests for the new CVE-2017-7500 behavior