1.195.  rpm

on 64-bit multilib systems, verifying all packages on the system led to a large number of files being listed which only differed in timestamp values. With this update, timestamp differences on multilib systems are now filtered so that verifying all packages (using the "rpm -Va" command) on both 32-bit and 64-bit systems results in relevant and useful information for system administrators. (BZ#426672 , BZ#472151)

verification using the "--root [directory]" option could give false warnings on file ownership due to using the system's user and group database instead of the alternate root. RPM now performs verification using actual chrooted environment to ensure the correct user database is used. (BZ#434150)

in some upgrade scenarios YUM would trigger a massive memory fragmentation in librpm, causing it to use immoderate amounts of memory. RPM now uses a better allocation algorithm to avoid excessive fragmentation. In addition, a separate flawed algorithm caused initial installation to take much longer than it should have. These fixes result in a better-performing RPM overall. (BZ#435475)

the "rpmbuild" utility silently applied patches that no longer exactly match the source code, which could cause packaging of unwanted backup files or even result in subtle bugs in the software itself. An opt-in mechanism to enable a stricter mode of patching on a per-spec basis has been introduced to help packagers notice these cases early in the package-building process. (BZ#471005)

on 64-bit multilib systems, RPM permitted installation of packages for incompatible architectures. RPM now validates package architecture compatibility on all platforms. (BZ#472065)

an extra "/" character in source file paths could have caused RPM version 4.4.2.3 to abort builds on packages that were previously able to be built during the debug-information extraction stage. This update reverts the error to a warning to let such packages continue to build. (BZ#482903)

RPM incorrectly calculated the fingerprint of some GPG public keys, causing false "key not present" errors on package signature-checking. This update includes a fix to correct the fingerprint calculation in these cases. (BZ#493777)

recent RPM versions could fail to verify a valid RSA signature on a package due to different padding behavior of the low-level cryptography library now used. RPM now performs the additional zero-padding itself when necessary, thus allowing RSA signatures to be correctly verified. (BZ#502791)

RPM output an invalid Japanese error message when run in a Japanese locale. The error message translation has been corrected. (BZ#387321)