RPM 4.18.0 Release Notes
- Source: rpm-4.18.0.tar.bz2
- SHA256SUM: 2a17152d7187ab30edf2c2fb586463bdf6388de7b5837480955659e5e9054554
Summary of changes from RPM 4.17.x
General bugfixes and enhancements
- Add a new Sequoia-based OpenPGP backend (#1978)
- Documentation updates
- Lua extensions, examples
- Typos, grammar, clarifications, presentation improvements
- Bring install-order documentation to this millenium
- Drop some misleadingly outdated docs
- Translation updates
Command line
- Fix
--restore
to properly honor file states and all (#965)
- Fix
--setperms
processing recorded symlinks (RhBug:1900662)
- Fix
rpmkeys
return code on I/O errors
- Fix
--showrc
to return an error code on broken rc and macro files (#1796)
- Fix mismatch between
rpmspec -q --srpm
and rpmbuild -bs
architecture
(#1116)
- Fix
--short-circuit
for (dynamic) buildrequires checking
- Fix
-q/--query
option not visible in --help
(#1473)
- Fix query arguments containing
^
not working (#2104)
- Fix various dark corners in rpm2cpio.sh (RhBug:2115206)
- Add downgrade (
--oldpackage
) support to --freshen
(#652)
- Add
--path
query for support for stateless file information (RhBug:1940895)
- Add
rpmlua
command for running rpm’s embedded Lua interpreter standalone,
with command history and support for iLua
- Add
--shell
option for interactive macro shell to rpmspec
- Add
--justdb
counterpart --nodb
option and matching API flag
- Add
-bd
, -td
and -rd
switches to rpmbuild
for checking build
dependencies
- Add available database backends to
--showrc
output
Transactions
- Fix intermediate symlinks not verified (CVE-2021-35939)
- Fix unowned directories created unsafely
- Fix spurious
%transfiletriggerpostun
execution (RhBug:2023311)
- Fix
%_minimize_writes
regression (in 4.15.0)
- Fix possible priority inversion in ordering code wrt weak dependencies
with qualifiers
- Fix ctrl-c during transaction killing scriptlets (regression in 4.17.0)
- Fix excluded and non-installed files getting considered in file conflicts
calculation
- Fix uncontrolled sqlite WAL growth during large transactions
- Fix
%posttrans
argument on upgrade
Package building
Spec
- Fix mismatch between package name and provides/obsoletes rules (#1694)
- Fix
check-buildroot
not stopping on errors with grep
>= 3.5 (#1968)
- Fix build summary confusingly mixing warnings and errors (#793)
- Fix
%patch 1
applying patches 0 and 1
- Fix package build tree not getting removed on successful build
- Fix .gemspec from
%setup
not getting removed on %clean
- Fix
%setup
and %patch
not getting expanded in rpmspec –parse (#2048)
- Fix missing quotes on %sources and %patches (#1445)
- Add new
SourceLicense
tag for specifying a source license different from
the binary license (#2079)
- Add new
%conf
spec section for build configuration (#1086)
- Add
%bcond
macro as a nicer way of defining build conditionals (#941)
- Add an optional “override clock” from
SOURCE_DATE_EPOCH
environment
to support deterministic timestamps inside OS images
- Add support for qualifiers (eg
pre
, post
…) for weak dependencies
- Add support for zstd long distance matching compression (
L<n>
io flag)
- Add warning if
%source_date_epoch_from_changelog set
but changelog missing
- Add new
rpmuncompress
cli tool which handles extraction of sources and
uncompress of patches in %setup
and %patch
pseudomacros.
- Add new informational
UpstreamReleases
and TranslationURL
tags
- Add parsed and expanded spec to src.rpm header as
Spec
tag
- Make
%{buildsubdir}
settable outside %setup
- Deprecate implicit “%patch number zero” syntax
Macros
- Fix individual patch application via
%autopatch
(#1766)
- Fix consistency issues in macro expansion for builtin macros
- Fix
%{define name body}
syntax in specs
- Fix non-parametric built-in macros (regression in 4.17.0)
- Fix short-circuiting of version strings in expressions (#1883)
- Add
%{shescape:...}
macro for single quoting and escapes for the shell
- Add optional argument for the
%verbose
macro
- Add support for multiple arguments in
%{quote}
- Add support for Lua functions in expressions (eg
%[lua:string.reverse("hello")]
)
- Drop arbitrary macro name minimum length limit (RhBug:1994223)
- Protect automatic macros from being redefined and undefined
Buildroot policies
- Fix handling of filenames with spaces in
brp-compress
- Fix Guile object files getting stripped (#1765)
- Fix
brp-strip-comment-note
running only serially
- Fix
brp-remove-la-files
sometimes removing non-libtool files
- Fix unwanted network access in check-rpaths helper script (RhBug:2079600)
Generators
- Fix OCaml generators to ignore cmxs files
- Add a provides generator for rpm macros
Signatures and keys
- Fix signature check result on valid header signature but unverifiable payload
- Fix subkey binding signatures not checked on PGP public keys (CVE-2021-3521)
- Fix Ed25519 signature verification with libgcrypt
- Fix subkeys not capable of signing accepted for verification (#1911)
- Fix signing of packages unusual filenames
- Fix subkey binding timestamp used for main gpg-pubkey (#2004)
- Add support for –import in fs keyring
- Add support for linting keys on import (Sequoia backend only)
Plugins
- Fix IMA causing install failure on filesystems without xattr support
- Add file descriptor argument to file-prepare hook
- Revert file-pre, file-prepare and file-post hook execution to their
pre-4.17.0 positions
Python bindings
- Fix ancient Python ts.check() argument order regression (#1871, in 4.8.0)
- Add bindings for
rpmfilesFSignature()
and rpmfilesVSignature()
(.imasig
and .veritysig
properties in rpm.file
objects)
- Drop experimental and internal
_build
method from from the spec bindings
Lua interface
- Fix relocation info not available in Lua scriptlets (#1531)
- Fix scriptlet arguments passed as numbers again (regression in 4.17.0)
- Fix off-by-one in
rpm.call()
- Fix newline behavior in interactive mode
- Fix
rpm.next_file()
to be usable only inside scriptlets with input
- Fix rpm.vercmp() error message on second argument (#2165)
- Add
rpm.splitargs()
and rpm.unsplitargs()
functions for macro argument
processing
- Add auto-print of
return
ed values from macros
- Drop defunct and unused
rex
extension
API changes
Added APIs
rpmtsAddRestoreElement()
, rpmRestore()
for --restore
rreallocn()
, similar to glibc’s reallocarray()
rpmhex()
for hex-enconding binary data
Changed APIs
- Fix database open hijacking normal signal handling
- Fix
rpmfiSetFX()
return code to be meaningful
- Fix pgpPubkeyFingerprint() to do something meaningful again
- Add new PGP-independent set of hash algorithm symbols (#1899)
- Various generic crypto APIs moved from
rpmpgp.h
to rpmcrypto.h
header
- Disable and obsolete
rpmfiSetDX()
, rpmfiInitD()
and rpmfiNextD()
Removed APIs
Internal improvements and cleanups
- Fix IMA signature lengths assumed constant (#1833, RhBug:2018937)
- Fix various leaks and other findings from static analyzers
- Fix various correctness and safety issues in the OpenPGP parser
- Fix rpmdb cookie in FIPS mode by changing it to SHA256
- Fix pgpDigParams to be properly opaque
- Fix rpmio stats spew in stderr (#1987)
- Fix changelog parsing affecting caller timezone state (#1821)
- Add an artificial limit of 1M to header array sizes
- Add support for loongarch64 architecture
- Add
ARCHSUFFIX
extension tag
- Optimize C source file classification
- Drop support for undocumented keyid based import over the net
- Various code cleanups to macro engine and Lua extensions
- Refactor file and directory operations to use fd-based APIs throughout
(CVE-2021-35938)
- Various fixes and cleanups to hardlink handling
- Physically separate public and private headers in the codebase
Build process
- Require POSIX.1-2008 level operating system for the
openat()
family
of APIs
- Fix Doxygen deprecation warnings
- Fix
UID_0_USER
and UID_0_GROUP
values when /etc/passwd
not present
(#1838)
- Fix out of tree build regression wrt man page generation (#1851)
- Fix stat64 build on Apple Big Sur (#1752)
- Fix build on armhf and mipsel
- Fix db backend default as per availability
- Fix signing tests assuming gpg default to sha256 hash algo
- Fix test-suite relying on deprecated distutils
- Fix warnings from autotools >= 2.70 (#1785)
- Fix
make ci
in a VPATH build
- Add option to disable libelf dependency (
--enable/--disable-libelf
)
- Add multiple new test-cases
- Update minimum required gettext version to 0.19.8
- Update CI to Fedora 36
Compatibility notes