Conary 2.0.45 is a maintenance release.

• The standalone Conary repository server now prints a message if it fails to import the Conary REST api.
• Added the restore command, which restores file ownership to troves from which they were removed (because of a remove operation or --replace-files).
• The addGitSnapshot action now accepts a branch= argument. (CNY-2368)

• Fetching path hashes from a changeset now uses absolute trove info when available (which it is for any recent enough server), instead of merging differential trove info with database trove info, which significantly speeds up update planning.
• Database operations now use the TRUNCATE command where available, which may speed up some repository queries.
• An internal API used for emulating repository access by certain roles previously did not function when given a specific set of roles; this has been corrected.

• A consistent exception is now raised when bad XML-RPC data is fed into conary's parser on systems without the sgmlop package installed. (CNY-3180)
• An error in handling queries for labels sharing the host name component has been fixed. (CNY-3187)

conary-policy 1.0.24 is a maintenance release.

• Libraries (ELF files containing DT_SONAME entries, not symbolic links) with file names ending in .so (instead of .so.something) are now tagged as shared libraries. (CNP-175)
• TagLocale no longer looks at files in %(debuglibdir)s or %(debugsrcdir)s, since it would only complain about them and ignore them anyway. (CNP-177)

Conary 2.0.44 is a maintenance release.

• Conary can now be configured with a set of certificate authorities (trustedCerts) against which all secure repository access will be validated. (CNY-2735)
• Conary now logs the starting, output, and error exit codes of trove scripts to the /var/log/conary file. (CNY-3150)
• The "conary updateall" command now honors the --just-db option. (CNY-3167)
• The EULA_Conary.txt file has been renamed to EULA_Conary_Dual_License.txt in order to highlight the contents of the beginning of the file, which describe a choice of license terms. The contents of the file are not changed, and the licenses under which Conary may be used are not changed. (CNY-3168)
• The SetModes build action now takes an optional allowNoMatch keyword argument, that causes a warning to be printed instead of failing the build when the target file does not exist. (CNY-3171)

• Added removeInvalidRollbacks() to client API. (CNY-2933)
• The conary.lib.mainhandler.MainHandler.main() method now sets sys.excepthook only if the setSysExcepthook method variable is True (as it is by default), allowing subclasses to take responsibility for setting sys.excepthook differently. (CNY-3170)

• An internal function used to install files no longer leaks a file descriptor on error. (CNY-3152)
• Unknown errors while retrieving PGP keys for archive verification are now gracefully handled. (CNY-3120)
• The cvc refresh command now ignores negative cache entries. (CNY-3157)
• The cvc sign command properly handles keys specified by key ID, in addition to fingerprints. (CNY-3139)
• The conary updateall --items command now honors --labels, --full-versions and --flavors flags. (CNY-3138)
• The --lsprof option now writes out profiling information even if an exception occurs, for both the conary and cvc commands.
• Dependency numbers in temporary dependency checking tables no longer overlap dependency numbers in the persistent database.
• Dependencies with multiple flags previously were not marked as satisfied during dependency resolution passes, forcing extra work on subsequent passes.
• Local rollbacks previously failed to restore contents when a file's metadata changed but the contents stayed the same.
• Generating local rollbacks previously failed for non-root users when the file was unreadable due to permissions.
• The ccs2tar script uses tarfile.open() in a way that is compatible with both python 2.4 and 2.6 (CNY-3160)
• Brace expansion produces results similar to bash. (CNY-3158)
• Trove searches with invalid (non-ASCII) input no longer cause a crash on PostgreSQL-backed repositories. (CNY-3165)
• Flavor processing in depSetFreeze previously did not properly handle return codes from depFreezeRaw, which could lead to a segmentation fault. (CNY-3166)
• Path normalization no longer produces erroneous double-slash entries in /etc/ld.so.conf. (CNY-3142)
• Accessing a server through a Conary proxy that injects entitlements now correctly forces the use of SSL. (CNY-3176)

• Update handling now looks for preerase trove scripts in the local database instead of instantiating full troves from the database and looking in those troves.
• Dependency tables for removed troves are no longer dropped and rebuilt during each iteration of dependency solving; they are now incrementally built during subsequent iterations.
• Dependency ordering code now looks in the local database for trove references instead of instantiating troves to get that information.
• Code which decides what referenced troves need to be erased when collections are erased now:
  • looks in the local database for trove references instead of instantiating troves to get that information
  • batches reference checks, pin checks, and presence checks across troves instead of checking those for each trove individually
• Fast-pathed code which matches old troves with new troves for the case where only a single old trove and a single new trove with a given name exist.
• Graph calculations for dependency ordering now only occur when the results are needed instead of for every pass through the dependency resolver.
• Reworked rdiff to not download a full changeset from the repository. It now downloads only the config (text) files and diffs them on the client. This allows it to show diffs for changes across repositories and yields a nice speedup. (CNY-3039)
• Reworked "conary remove" functionality to generate a changeset for the file remove and commit that through the normal update path.
• During dependency checks for new troves, no longer include every trove which requires a given dependency in the SQL tables. Instead, include that dependency only once and expand the matched requirements when we order troves (which is the only time it matters).
• Added simple caching of path hashes from the database to improve performance of large system updates.

rMake 1.0.29 is a maintenance release.

• Jobs are now properly marked as failed after an abrupt server restart. (RMK-976)
• New files are now much less likely to be marked as config files when they are really binary files. (RMK-973)
• The Conary client resolveDependencies() method return value is now treated in a way that is compatible with older and newer versions of Conary; without this change, rMake will not work with Conary 2.0.44 and later.
• A race condition that could occur when two authenticated XML-RPC requests came in at the same time has been corrected. (RMK-935)
• A race condition that could occur when two flavors with the exact same build requirements (including flavors) are built at the same time (normally part of the same build job) has been resolved. (RMK-980)

rPA 3.1.3 is a maintenance release.

• Fixed a bug in readSchedule, which could cause the UpdateTroves plugin to become unusable if the schedule for automatic update checks was changed or disabled. (RAA-900)
• If allow_json is unspecified on a function without a template, the log message noting this now only appears in the DEBUG loglevel. (RAA-1555)
• The logged in user's name in the upper right corner of the page now links to the Change Password plugin rather than User Management, as User Management could be disabled or inaccessible to the user (RAA-1602)
• Pressing F12 in the Reboot and Shutdown confirmation screens in rapa-console no longer confirms the action. (RAA-1624)
• When the backup archive creation process fails, more specific errors are now sent back to the user. (RAA-1708)
• Calls to XML-RPC functions will now advance the Wizard when appropriate. (RAA-1710)
• getBackupMetadata now unmounts the backup location before returning. (RAA-1711)
• Network locations are no longer bind mounted when a mount already exists. Among other benefits, this prevents the backup plugin from improperly validating incorrect user credentials for a backup location (RAA-1712)
• raadb is no longer created as world-readable. (RAA-1714)
• rapa-console no longer raises errors when network interfaces are not yet configured. (RAA-1715)
• When a DatabaseLocked error occurs, the "lock journal" is now logged, showing a stack trace to the point where the lock is being held. (RAA-1717)
• Fixed a bug which could cause backups to fail if a temporary file was removed after being added to the backup file list. (RAA-1718)
• Several possible exceptions in plugins which use "callBackend" are now handled more gracefully. (RAA-1719)
• Fixed a bug which could cause the raa-service to die due to an unhandled exception in the listener thread. (RAA-1721)
• The backup encryption feature relies on PyCrypto which may provide a faulty SHA-256 implementation; this feature now uses a module provided by Conary which consistently matches the previous behavior even on platforms with a correct SHA-256 implementation. (RAA-1723)

• A new authorization predicate called LocalhostOK has been added, which allows a process on localhost to make a call without authenticating, while still requiring authenticate for remote calls (RAA-1701)