On 30 July 2015 at 12:18, Thierry Vignaud <thierry.vign...@gmail.com> wrote: > rpm-4.13 is stricter about multiple (classic package) triggers: > "error: line 320: Trigger fired by the same package is already defined > in spec file: %triggerpostun -- initscripts < 8.88-5" > > This is caused by this which worked fine until now: > > %triggerpostun -- initscripts <= 4.72 > (...) > > %triggerpostun -- initscripts <= 8.38-2 > (...) > > Here I can safely kill very old triggers. > But there's obviously real cases where we might want to have two > similar triggers, only differing by the version that trigger it. > (eg: fixing a 1st issue when upgrading to distro N to N+2, and fixing > another one when upgrading from distro N+1 to N+2) > > This is due to this commit: > http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3ae1c414f69a0eddbfecd4341dd27c7a5e90e12a > > This is breaking existing packages > Why imposing this limit? > Why would it be OK for file triggers but not for package triggers? > Do we really want to enforce at rpm level the fact that some distro > only support upgrading from version N to version N+1? > > I suggest we revert that commit (& adjust http://rpm.org/wiki/Releases/4.13.0) > WDYT?
Also, is there any reason why the following security patches are not yet integrated? http://pkgs.fedoraproject.org/cgit/rpm.git/tree/rpm.spec?id=977533abf2b72d3828a1bcd7b596f418f8cbd27b#n67 # Fix race condidition where unchecked data is exposed in the file system Patch308: rpm-4.12.0.x-CVE-2013-6435.patch # Add check against malicious CPIO file name size Patch309: rpm-4.12.0.x-CVE-2014-8118.patch See you _______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
