Security fixes
* Fix several out of bounds reads in the OpenPGP parser
* Fix handling of OpenPGP reserved tag (should be rejected)
* Fix various crashes from malformed packages with invalid tags
General bugfixes
* Fix %transfiletriggerpostun nondeterministic behavior
* Fix rpmdb cleanup on signal (regression introduced in 4.13.0)
Package building
* Fix debuginfo GDB index generation (regression introduced in 4.13.0)
* Fix malformed packages being generated around 4GB size boundary (regression introduced in 4.12.0)
* Fix special %doc/%license directory inheriting default file permissions (regression introduced in 4.13.0)
Build process
* Fix API documentation generation with Doxygen >= 1.8.8
Problems found locating distfiles:
Package colorls: missing distfile ls.tar.gz
Package molden: missing distfile molden-4.6/molden4.6.tar.gz
Package softmaker-office-demo: missing distfile ofl06trial.tgz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Changelog:
Summary of changes from RPM 4.12.0
Package building
Fix RPMTAG_ARCHIVESIZE / RPMTAG_LONGARCHIVESIZE generation (RhBug:1142949)
Reduce double separator in dependency EVR error into a warning (RhBug:1065563)
Build process
Add testcase for RhBug:1142949
Summary of changes from RPM 4.11.2
General bugfixes and enhancements
New --nopretrans and --noposttrans disabler switches (previously tied to --nopre/--nopost)
New --noplugins switch to disable all plugins
New --reinstall mode which can handle changing file policies (RhBug:966715)
New --exportdb and --importdb switches in rpmdb(8)
New --recommends, --suggests, --supplements and --enhances query aliases for querying weak dependencies
New optional payload format to support large (> 4GB) files within packages (ticket #41)
New rpm2archive utility for converting rpm payload to tar archives
Fix curl globbing being enabled on remote retrieval (RhBug:1076277)
Fix $1 argument to %pretrans, %posttrans and %verifyscript to behave like all other scripts
Fix mixed binary + source rpm installation progress (RhBug:984724)
Fix file actions sometimes carrying state across multiple rpmtsRun() calls (RhBug:1076552)
Fix duplicate usernames causing false positives on verification (ticket #872)
Fix ordering to prefer self-provides on ordering when appropriate (RhBug:1111349)
Fix a double-free on unpadded signature header
Add support for "new" architectures:
m68k (again)
Sparc Niagara (detection)
ARM v6 and v7 (hardware FPU detection)
Documentation, translation updates
Package building
New warnings on invalid / dubious spec constructs:
Detect multiple %files sections per package
Detect empty %files -f manifest files
Detect multiple %changelog sections per spec
Detect duplicate Group, Summary, Description, Distribution, Vendor, License and Packager tags per package (ticket #27)
Add support for specifying weak dependencies (Recommends, Suggests, Supplements and Enhances) tags in spec
Add support for automatic generation of weak dependencies (RhBug:1117912)
New %{load:<path>} macro to load custom macro files (from eg spec)
New %_smp_ncpus_max macro to configure CPU limit for parallel builds (related to RhBug:669638)
New %make_build macro for hiding parallel-build magic from specs (ticket #115)
New %_rundir macro for referring to /run (formerly /var/run) directory
New %__gpg_reserved_space macro allows preallocating space for signatures which allows very fast package signing
Add support for detecting and warning on macro scoping violations (RhBug:552944) when %trace is active
Add support for %autosetup -S git_am variant (RhBug:???)
Fix parametrized macros eating newlines (RhBug:1045723)
Fix around macro scoping problems in %autosetup (RhBug:???)
Fix ELF soname dependencies getting generated for non-library DSO's too (RhBug:???)
Fix garbage sonames sometimes getting added as dependencies (ticket #158)
Fix various issues in dependency generator
Fix libtool dependency generation with libtool >= 2.4.2 version
Fix external dependency generator to use the same generators as internal one by default
Fix crash on missing name-argument to %package (RhBug:1123722)
Fix non-canonical path usage for matching in debugedit (RhBug:1077148)
Fix PPC ABI change in default configuration (RhBug:1085127)
Removed features
Remove support for %_noPayloadPrefix (rpm < 3.0.5 compatibility)
Remove experimental support for "collections", added in 4.9.0
API changes
New rpmtxnBegin() and rpmtxnEnd() to permit clients to control transaction locking
New rpmtsImportHeader() to permit importing "detached" headers into rpmdb
New rpmtsAddReinstallElement() function for reinstalling packages
New rpmdbIndexIteratorNextTd() provides a nicer iterator interface to rpmdb indexes
New file info set iterator functions: rpmfiFLinks(), rpmfiFindFN(), rpmfiStat()...
New file info set iterator functions for accessing original paths from relocated packages: rpmfiOFN(), rpmfiOBN(), rpmfiODN(), rpmfiFindOFN()
New archive API on top of file info iterators: (FIXME: describe...)
New "rpmfiles" object + related API for random access to file info sets
Many new file info set iteration modes (FIXME: describe...)
New rpmteFiles() to return transaction element file info set, to be used instead of rpmteFI()
New rpmdsTagF(), rpmdsTagEVR(), rpmdsD(), rpmdsPutToHeader(), rpmdsTi(), rpmdsTagTi() and rpmdsSinglePoolTix() methods to rpmds objects
Internal improvements and cleanups
Lots of cleanups all over the codebase
Former "file state manager" eliminated and rewritten
"Package state manager" largely eliminated
File IO subsystem sanity & improvements
Berkeley DB dependencies isolated to backend code
File info sets are finally properly opaque
Handle trigger indexes within rpmds objects
Partial thread-safety by added locks/mutexes (FIXME: describe...)
Configuration and macros
Logging
Keyrings and keys
...
Fix symlink timestamp on install on systems which support it
Fix problematic license on internal mergesort() implementation (removed)
Fix rpm dependency on libselinux (moved to a plugin)
Fix installation to always use header, not payload metadata
Fix global macro state side-effects from rpmInstallSourcePackage()
Fix oversized stack allocation on verify (RhBug:1106594)
Fix buffer overflows on malformed macro define/undefine (RhBug:1087000)
Optimize package generation and signing considerably
Optimize file requires processing
Optimize installed dependency processing
Plugins
A new plugin system, internal-only for now (FIXME: describe...)
Plugins included in this release:
systemd_inhibit plugin - preventing shutdown while transaction is in progress (RhBug:1109927)
selinux plugin - basic SELinux support, previously in librpm directly
syslog - example plugin for logging rpm activity to syslog
Python bindings
Database index iteration returns proper types for non-strings
New rpm.fi methods: FLinks(), FindFN(), OFN()...
New fi.FLinks() method added
New rpm.files object + related API for random access to file info sets
New rpm.archive object + related API for manipulating package payloads
New te.Files() method added
New addReinstall() method in transaction set objects (related to RhBug:966715, RhBug:1071854...)
New rpm.strpool object for utilizing shared string pool with eg rpm.fi and rpm.ds objects
New rpm.header_magic constant exported
Fix several Python 3 compatibility issues (RhBug:1064758
Fix build- and sign-module initialization (RhBug:1064758)
Fix sign-module missing module methods
Fix incompatible module name usage (foomodule.so vs foo.so)
Fix misc Python 2 vs 3 API difference issues
... FIXME:this list is very incomplete
Lua interface
New rpm.load() function for loading macro files
Build process
New test-cases for various issues
Fix dist tarballs to use PAX format to overcome UID/GID limitations
Fix in-tree python binding build with setup.py (related to RhBug:531543)
Fix librpmsign library to follow same versioning as other rpm libraries for consistency's sake
Summary of changes from RPM 4.11.1
General bugfixes and enhancements
Fix removed symlinks affecting fingerprinting (RhBug:???)
Fix bogus dependency check errors from installed packages with self-obsoletes and -conflicts
Fix bogus header growth on export in some circumstances, such as install (RhBug:953719)
Fix byteorder for 64bit tags on big-endian systems (RhBug:1012946)
Fix signature generation using RPMSIGTAG_LONGSIZE when not needed (RhBug:1012595)
Fix segfault executing a -p <lua> scriptlet without a body (RhBug:1004062)
Fix failure to install relocated package with unowned directories (RhBug:1001553)
Fix scriptlets in relocatable packages not always executing with $RPM_INSTALL_PREFIX* defined (RhBug:979443)
Fix RPMTAG_NOSOURCE and RPMTAG_NOPATCH tags defined as non-arrays (RhBug:991329)
Fix a possible loophole in file triplet sanity-checking
Fix name service initialization where passwd and group service differs from host (ticket #157)
Add support for ppc64le architecture
Package building
Fix double-free on %caps() wildcard %files entry (RhBug:956190)
Fix sub-package names not getting sanity-checked (RhBug:1039520)
Fix invalid separators in EVR passing sanity checking
Fix some invalid characters in dependency range operators passing sanity checking
Fix autogenerated dependencies bypassing sanity-checking (related to RhBug:503846)
Fix python libdirs in non-root prefix not getting bytecompiled (RhBug:868332)
Fix (remove) bogus __find_requires|provides macro definitions in macros.perl (RhBug:1043149)
Fix (really) debugedit choking on .debug_gdb_scripts section (SuseBug:818502)
Fix %autosetup git patch application to handle file additions (RhBug:1059285)
Add automatic generation for appdata() and application() provides
Add support for (quoted) whitespace in automatically generated dependencies (RhBug:503846)
Python bindings
Fix mode and flags not honored when reopening a file descriptor as rpm.fd
Fix RPMFILE_ICON and RPMFILE_SPECFILE constants missing
Fix rpm.dsSingle() swapped arguments (regession introduced in rpm 4.8.0)
Fix Python 3 compatibility issues in rpm.TransactionSet class
Fix module import succeeding on rpm initialization failure
Add .open() class-method to rpm.fd
Add open-mode and -flags to rpm.fd as properties
Add support for reopening an rpm.fd file descriptor
Add accessor for spec %check section
Add bindings for rpm stringpool
Add support for shared stringpool with rpm.fi and rpm.ds objects (optional pool argument to constructor)
Internal improvements and cleanups
Fix minor memory leak in %files parsing
Fix rpmstrPoolRehash() missing last id
Fix string pool artifacts (unreliable rpmstrPoolNumStr(), empty strings showing up on rehash etc) caused by dummy entries
Fix unnecessary /proc dependency if getauxval(3) is available
Fix various minor issues in beecrypt crypto backend
Fix possible mishandling of handing environment open on EACCESS and EROFS returns
Optimize / cleanup %attr() and %defattr() string storage
Optimize dependency set management in file classifier
Optimize MPI length validation
Optimize beecrypt crypto backend
Build process
Add upport 7za and 7z as alternatives to 7-zip
Fix an include portability issue
Add several new test-cases
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
* Add -fno-stack-protector to CFLAGS to fix link error for SunOS.
* Patch configure.ac and regenerate the related stuff.
* Buildlink sysutils/file for libmagic.
* Detect dirfd, setprogname and htonll in configure script.
* Create PLIST for NetBSD and SunOS.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
library dependencies, e.g. libiconv.so. Set BROKEN_GETTEXT_DETECTION=yes
to force LIBS to include -lintl and the right depenendent libraries
to work around this bug. This is acceptable since every executable
in misc/rpm is linked to -lintl anyway. This fixes PR pkg/33708.
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).