From Fedora Project Wiki
(Rpm 4.18 change initial draft)
 
(Add releng ticket, polish, submit to wrangler)
Line 11: Line 11:


== Current status ==
== Current status ==
[[Category:ChangePageIncomplete]]
[[Category:ChangeReadyForWrangler]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- The Wrangler announces the Change to the devel-announce list and changes the category to Category:ChangeAnnounced (no action required) -->
<!-- After review, the Wrangler will move your page to Category:ChangeReadyForFesco... if it still needs more work it will move back to Category:ChangePageIncomplete-->
 
 
[[Category:SystemWideChange]]
[[Category:SystemWideChange]]


Line 35: Line 29:


RPM 4.18 contains various improvements over previous versions, but in particular this release addresses a whole class of symlink handling related security issues, some with CVE's, from 2021. Other notable improvements include
RPM 4.18 contains various improvements over previous versions, but in particular this release addresses a whole class of symlink handling related security issues, some with CVE's, from 2021. Other notable improvements include
* A more intuitive conditional builds macro %bcond
* A more intuitive conditional builds macro `%bcond`
* A more robust and secure `--restore` functionality
* A more robust and secure `--restore` functionality
* Long-standing `%patch` quirks fixed
* Long-standing `%patch` quirks fixed
Line 57: Line 51:
** Test new release, report issues and bugs
** Test new release, report issues and bugs


* Release engineering: [https://pagure.io/releng/issues #Releng issue number] <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Release engineering: [https://pagure.io/releng/issue/10742 #10742]
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.
The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->


* Policies and guidelines: N/A (not needed for this Change). Utilizing new rpm features is subject to packaging guidelines but othe
* Policies and guidelines: N/A (not needed for this Change). Utilizing new rpm features is subject to packaging guidelines but othe


* Trademark approval: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: no relation to current objectives
* Alignment with Objectives: N/A (no relation to current objectives)


== Upgrade/compatibility impact ==
== Upgrade/compatibility impact ==
Line 89: Line 81:


== Release Notes ==
== Release Notes ==
<!-- The Fedora Release Notes inform end-users about what is new in the release.  Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ -->
https://rpm.org/wiki/Releases/4.18.0
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns.  If there are any such changes involved in this change, indicate them here.  A link to upstream documentation will often satisfy this need.  This information forms the basis of the release notes edited by the documentation team and shipped with the release.  
 
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze.  
-->

Revision as of 06:43, 7 April 2022

RPM 4.18

Summary

Update RPM to the 4.18 release.

Owner

Current status

  • Targeted release: Fedora Linux 37
  • Last updated: 2022-04-07
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

RPM 4.18 contains various improvements over previous versions, but in particular this release addresses a whole class of symlink handling related security issues, some with CVE's, from 2021. Other notable improvements include

  • A more intuitive conditional builds macro %bcond
  • A more robust and secure --restore functionality
  • Long-standing %patch quirks fixed
  • Weak dependencies accept qualifiers like meta and pre now
  • New interactive shell for working with macros (rpmspec --shell) and embedded Lua (rpmlua)
  • New %conf spec section for build configuration
  • New rpmuncompress cli tool simplifies unpacking multiple sources
  • Numerous macro improvements and fixes
  • Numerous OpenPGP parser correctness and security fixes


Benefit to Fedora

The main benefits of this release are increased security and packaging experience improvements, see above for details.

Scope

  • Proposal owners:
    • Rebase RPM
    • Assist with dealing with incompatibilities
  • Other developers:
    • Test new release, report issues and bugs
  • Policies and guidelines: N/A (not needed for this Change). Utilizing new rpm features is subject to packaging guidelines but othe
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives: N/A (no relation to current objectives)

Upgrade/compatibility impact

There are no noteworthy compatibility issues with this release.

How To Test

Rpm receives a thorough and constant testing via every single package build, system installs and updates. New features can be tested specifically as per their documentation.

User Experience

There are no major differences in the normal user experience.

Dependencies

  • No new dependencies are introduced in this release
  • Other changes are known to be affected
  • Library soname will not change so no rebuilds are required

Contingency Plan

  • Contingency mechanism: Revert back to RPM 4.17
  • Contingency deadline: Beta freeze
  • Blocks release? No

Documentation

Work-in-progress release notes at https://rpm.org/wiki/Releases/4.18.0 and reference manual at https://github.com/rpm-software-management/rpm/blob/master/doc/manual/index.md

Release Notes

https://rpm.org/wiki/Releases/4.18.0