RPM 4.14.2-rc2 Release Notes (DRAFT)

Download information

Summary of changes from RPM 4.14.1

Security

  • Revised fix for CVE-2017-7500 that actually works

General bugfixes and enhancements

  • Fix bogus warnings from –setperms/–setugids on %ghost and %missingok files
  • Fix/improve inode and disk-space calculation on hardlinked files
  • Fix %autosetup -S git on sources already containing a git repository (#239)
  • Add support for enforcing signature policy and payload verification step to transactions, –noverify option to skip (configurable via %_pkgverify_level none/digest/signature/all macro)
  • Add –setcaps to restore file capabilities
  • Add –restore to restore all file permissions in one go
  • Add query selectors –whatobsoletes and –whatconflicts
  • Add :humansi and :hmaniec query formatters for human readable output (#375)
  • Documentation updates + typo fixes (RhBug:1553898, …)

Package building

  • Fix DistTag not getting defined from the %disttag macro (#406)
  • Fix macro end detection if the first char of a macro line is ‘}’ (#401)
  • Fix unhelpful error on invalid source files (#238)
  • Fix debuginfo generation with file >= 5.33 (RhBug:1581224)
  • Fix debugedit crashing on invalid index (RhBug:1543912)
  • Fix debugedit generating invalid string pointers
  • Fix type mismatch calculating new line program offset in debugedit
  • Fix perl generator creating dependencies on invalid module names (RhBug:1539344)
  • Add option to opt-out from Python bytecompilation out side of lib dir
  • Add support for RISC-V relocation in debugedit
  • Add macros for consistent build root policy disable/override ability

API

  • Fix rpmErase() exit code to resemble that of rpmInstall()
  • Fix rpmKeyringVerifySig() handling of missing keyring
  • Add rpmtsVfyFlags() and rpmtsVfyLevel() for controlling package verification flags and active policy of a transaction set
  • Add RPMPROB_VERIFY and RPMPROB_FILTER_VERIFY for identifying and controlling package verify problem objects
  • Add RPMCALLBACK_VERIFY_START, RPMCALLBACK_VERIFY_PROGRESS and RPMCALLBACK_VERIFY_STOP callback events, emitted as the first thing in rpmtsRun() unless pkgverify is disabled
  • Add RPMVSF_MASK_* symbols as aliases to replace “internal” RPMVSF* symbols

Internal improvements

  • Fix a leak and a race in rpmdb open/close handling (#359)
  • Fix several leaks in the ndb backend
  • Fix a leak in gpg-pubkey header generation
  • Fix potential division by zero in prelink detection (#420)
  • Fix invalid size on RPM_BIN_TYPE data with HEADERIMPORT_FAST (#398)
  • Fix misleading error on non-tty output (#355)
  • Fix progress bar going crazy on packages with invalid size (RhBug:1478051)
  • Fix several (mostly minor) resource leaks across the codebase
  • Fix rpmkeys not properly honoring rpm configuration
  • Add header tag type validation prior import (#242, #414)
  • Remove controversial user/group duplicate detection from verify
  • Optimize setting FD_CLOEXEC on all open files (#444, RhBug:1537564)
  • Optimize brp-python-bytecompile
  • Loads of refactoring to support package verification policies

Python bindings

  • Fix addSign() and delSign() argument parsing (RhBug:1558126)
  • Fix export of vsflags by using non-internal RPMVSF_MASK_* names (#440)
  • Add ts.get/setVfyFlags() and ts.get/setVfyLevel() for controlling package verification flags and policy of a transaction set
  • Add symbols RPMSIG_(NONE|DIGEST|SIGNATURE|VERIFIABLE)_TYPE for use with package verification policy level
  • Add symbols RPMPROB_VERIFY and RPMPROB_FILTER_VERIFY (see API section)
  • Add RPMCALLBACK_VERIFY_START, RPMCALLBACK_VERIFY_PROGRESS and RPMCALLBACK_VERIFY_STOP symbols (see API section)

Build process

  • Fix test-suite when coreutils multicall binary is used
  • Fix unnecessary hard dependency on python macro helper (#387)
  • Fix gpg 1 used as a fallback on test-suite, it wont work
  • Add configure switch to disable systemd-inhibit plugin
  • Add numerous test-cases