Product SiteDocumentation Site

1.195.  rpm

1.195.1.  RHBA-2009:1371: bug fix update

Updated rpm packages that resolve several issues are now available.
The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.
These updated rpm packages provide fixes for the following bugs:
  • on 64-bit multilib systems, verifying all packages on the system led to a large number of files being listed which only differed in timestamp values. With this update, timestamp differences on multilib systems are now filtered so that verifying all packages (using the "rpm -Va" command) on both 32-bit and 64-bit systems results in relevant and useful information for system administrators. (BZ#426672 , BZ#472151)
  • verification using the "--root [directory]" option could give false warnings on file ownership due to using the system's user and group database instead of the alternate root. RPM now performs verification using actual chrooted environment to ensure the correct user database is used. (BZ#434150)
  • in some upgrade scenarios YUM would trigger a massive memory fragmentation in librpm, causing it to use immoderate amounts of memory. RPM now uses a better allocation algorithm to avoid excessive fragmentation. In addition, a separate flawed algorithm caused initial installation to take much longer than it should have. These fixes result in a better-performing RPM overall. (BZ#435475)
  • the "rpmbuild" utility silently applied patches that no longer exactly match the source code, which could cause packaging of unwanted backup files or even result in subtle bugs in the software itself. An opt-in mechanism to enable a stricter mode of patching on a per-spec basis has been introduced to help packagers notice these cases early in the package-building process. (BZ#471005)
  • on 64-bit multilib systems, RPM permitted installation of packages for incompatible architectures. RPM now validates package architecture compatibility on all platforms. (BZ#472065)
  • an extra "/" character in source file paths could have caused RPM version 4.4.2.3 to abort builds on packages that were previously able to be built during the debug-information extraction stage. This update reverts the error to a warning to let such packages continue to build. (BZ#482903)
  • RPM incorrectly calculated the fingerprint of some GPG public keys, causing false "key not present" errors on package signature-checking. This update includes a fix to correct the fingerprint calculation in these cases. (BZ#493777)
  • recent RPM versions could fail to verify a valid RSA signature on a package due to different padding behavior of the low-level cryptography library now used. RPM now performs the additional zero-padding itself when necessary, thus allowing RSA signatures to be correctly verified. (BZ#502791)
  • RPM output an invalid Japanese error message when run in a Japanese locale. The error message translation has been corrected. (BZ#387321)
All users of rpm are advised to upgrade to these updated packages, which resolve these issues.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.