This update for rpm fixes the following issues: - Changed default package verification level to "none" to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb"s glue code - Added support for enforcing signature policy and payload verification step to transactions - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity - CVE-2021-20271: A flaw was found in RPM"s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability - CVE-2021-20266: A flaw was found in RPM"s hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.