rpm-5.4.16 snapshot

Jeff Johnson n3npq at mac.com
Wed Apr 20 14:38:59 CEST 2016 

There is a final snapshot release of rpm-5.4.16 now available at

	http://rpm5.org/files/rpm/rpm-5.4/SNAPSHOT/rpm-5.4.16-0.20160420.src.rpm

Unless I screwed something at the last minute, this SRPM will be released as rpm-5.4.16
later this week.

Since the last snapshot, there are several important changes

    1) colorized rpm error messages.

    2) *.rpm package reading has been hardened using american fuzzy lop on the command
                rpm -qp --nomanifest minimal*.rpm
    and all issues have been fixed. The current run has survived 400M forks.


    3) configure options to enable link time optimization (-flto) and run-time
    checking (-fsanitize=address et al) have been added.

73 de Jeff

On Mar 15, 2016, at 4:50 PM, Jeff Johnson wrote:

> There is a snapshot release of rpm-5.4.16 now available at
> 
>        http://rpm5.org/files/rpm/rpm-5.4/SNAPSHOT/rpm-5.4.16-0.20160315.src.rpm
> 
> This is the first SRPM built by itself that is headed for release
> in the next few weeks that is being provided as a public reference
> point for integration and portability testing.
> 
> See the included INSTALL document for the build pre-requisite versions used.
> 
> From a distro POV, please note the following changes that are included
> in the snapshot that will (at least) need to be considered when upgrading:
> 
>        1) (recommended) rpm-5.4.16 uses BLAKE2bp for file digests.
>          BLAKe2bp is a 256bit digest that is faster than SHA256 (and MD5)
>          that will improve installation speeds.
> 
>          Details are here:
>                https://blake2.net
> 
>        2) (recommended) rpm-5.4.16 uses libtomcrypt (rather than BeeCrypt).
>          LibTomCrypt has support for ECDSA and is used by recent python and
>          the linux kernel (iirc).
> 
>          Details are here:
>                https://github.com/libtom/libtomcrypt
> 
>        3) (recommended) rpm-5.4.16 uses db-6.1.23 (not 6.1.26) with
>          DB_MULTIVERSION and DB_TXN_SNAPSHOT.
>          DB_TXN_SNAPSHOT avoids deadlocks with copy-on-write rather than
>          locking semantics.
> 
>          The change is necessary to support nested transactional commits
>          in rpm like
>                command transaction
>                   package transaction
>                      install transaction
>                      erase transaction
>          without deadlocking on trigger lookups.
> 
>          Details about DB_MULTIVERSION and DB_TXN_SNAPSHOT can be found
>          in the Oracle Berkeley DB documentation here:
>                http://docs.oracle.com/cd/E17076_04/html/index.html
> 
> As always, rpm can be configured to use any of ~120 digests, any of
>        BeeCrypt
>        NSS
>        Openssl
>        Libgcrypt
>        LibTomCrypt
> and (most likely, unchecked) any version of Berkeley DB back to db-4.6.x.
> 
> Bug reports are requested at
>        https://launchpad.net/rpm
> 
> Patches and discussion are requested at
>        <rpm-devel at rpm5.org>
> 
> Enjoy!
> 
> 73 de Jeff
>

More information about the pld-devel-en mailing list