rpm: alpha vs numeric

Wed Nov 12 09:41:09 UTC 2003

On Wed, Nov 12, 2003 at 12:20:26AM +0100, Martin Stricker wrote:
> > >   In those old versions, whenever rpm compared a number to a
> > > letter, or letter to letter,

It only concerns comparing letters and numbers, not letters and letters.

> > > it would trigger the "two way upgrade"
> > > problem which is bad.  Additionally rpm-4.0.4 had *some* deadlock
> > > issues that are probably gone in the upgrade version. (Do testing.)
> 
> What does "two way upgrade" mean? Is this something that could hit me
> while installing errata or additional software, or does it require more
> complex situations to show up?

rpm version before January 2003 (so including RH7.3 and RH8.0) had the
asymmetric triggering bug, which means that

			   a < 1 and 1 < a

This occured only in comparing segments of different types
(alpha-segments vs numeric-segments).

As background: rpm splits versions, releases (and since a few releases
even epochs!) into segments that are then compared segmentwise, e.g.

     foo-1.2.3.a37 is segmented as "1" "2" "3" "a" "37"
     and
     foo-1.2alpha5 is segmented as "1" "2" "alpha" "5"

the third segment pair ("3" and "alpha") would have caused this bug to
trigger on rpm older than 10 months.

Is it critical? If it is triggered, yes. Is an rpm upgrade required?
If the crafted packages (and specifications!!!) are made by people
aware of this problem, no.

Best practice:
o Version your rpms, so that this bug is not triggered. Therefore a
  sane versioning scheme not jumping back and forth from alpha to
  numeric segments is unevitable. See also the lengthy thread about it
  with the disttags for the RH family finally recommended as

		    rh7.3 < rh8.0 < rh9 < rhfc1

o Upgrade your rpms nevertheless to a newer version without
  this bug. I know rpm 4.1.1 onwards have this bug fixed. I don't know
  about 4.0.5 (latest semi-official rpm for RH7.3 available at
  rpm.org).

About upgrading RH7.3's rpm 4.0.x to 4.2.x: I think this can be best
answered by consulting Jeff Johnson, maintainer of rpm upstream and in
Red Hat/Fedora. There will be reasons that there have been no official
Red Hat errata for rpm, and I hope in the near future that these will
be ironed out.

Meanwhile I have no problems using rpm 4.2 on any of RH
7.3,8.0,9. Anyone else on this list using them? Please pick a spare
machine and test them, otherwise the whole rpm
to-upgrade-or-not-to-upgrade will remain an academic example. ;)

	http://atrpms.physik.fu-berlin.de/name/rpm/
	http://atrpms.physik.fu-berlin.de/name/apt/
	http://atrpms.physik.fu-berlin.de/name/yum/

-- 
Axel.Thimm at physik.fu-berlin.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20031112/f425701e/attachment.sig>