From Fedora Project Wiki
(Add releng ticket, polish, submit to wrangler)
(Announcing the Change proposal)
Line 11: Line 11:


== Current status ==
== Current status ==
[[Category:ChangeReadyForWrangler]]
[[Category:ChangeAnnounced]]
[[Category:SystemWideChange]]
[[Category:SystemWideChange]]


Line 22: Line 22:
ON_QA -> change is fully code complete
ON_QA -> change is fully code complete
-->
-->
* [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/VRF6MT6BIXCEODH73KPD3PXIPHCDLALO/ devel thread]
* FESCo issue: <will be assigned by the Wrangler>
* FESCo issue: <will be assigned by the Wrangler>
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: <will be assigned by the Wrangler>

Revision as of 16:20, 7 April 2022

RPM 4.18

Summary

Update RPM to the 4.18 release.

Owner

Current status

  • Targeted release: Fedora Linux 37
  • Last updated: 2022-04-07
  • devel thread
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

RPM 4.18 contains various improvements over previous versions, but in particular this release addresses a whole class of symlink handling related security issues, some with CVE's, from 2021. Other notable improvements include

  • A more intuitive conditional builds macro %bcond
  • A more robust and secure --restore functionality
  • Long-standing %patch quirks fixed
  • Weak dependencies accept qualifiers like meta and pre now
  • New interactive shell for working with macros (rpmspec --shell) and embedded Lua (rpmlua)
  • New %conf spec section for build configuration
  • New rpmuncompress cli tool simplifies unpacking multiple sources
  • Numerous macro improvements and fixes
  • Numerous OpenPGP parser correctness and security fixes


Benefit to Fedora

The main benefits of this release are increased security and packaging experience improvements, see above for details.

Scope

  • Proposal owners:
    • Rebase RPM
    • Assist with dealing with incompatibilities
  • Other developers:
    • Test new release, report issues and bugs
  • Policies and guidelines: N/A (not needed for this Change). Utilizing new rpm features is subject to packaging guidelines but othe
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives: N/A (no relation to current objectives)

Upgrade/compatibility impact

There are no noteworthy compatibility issues with this release.

How To Test

Rpm receives a thorough and constant testing via every single package build, system installs and updates. New features can be tested specifically as per their documentation.

User Experience

There are no major differences in the normal user experience.

Dependencies

  • No new dependencies are introduced in this release
  • Other changes are known to be affected
  • Library soname will not change so no rebuilds are required

Contingency Plan

  • Contingency mechanism: Revert back to RPM 4.17
  • Contingency deadline: Beta freeze
  • Blocks release? No

Documentation

Work-in-progress release notes at https://rpm.org/wiki/Releases/4.18.0 and reference manual at https://github.com/rpm-software-management/rpm/blob/master/doc/manual/index.md

Release Notes

https://rpm.org/wiki/Releases/4.18.0