Package: dpkg
Version: 1.16.10
Severity: important
Tags: security
Each Debian install uses a varying set of OS files to support the OS. On
a typical install, these OS files may claim from 50 to 150 K paths. The
set of dpkg-owned paths varies when a new package is installed. Of
course, a path dpkg wants to use for a new OS file may already be in use.
At least on this system, dpkg quietly overwrites pre-existing files
using paths conflicting with newly claimed paths. I am neither asked how
to procede nor even warned that non-OS files were overwritten. Worst -
overwritten files are apparently lost; I don't see any location where
they would have been moved.
I can reproduce trivially:
# echo 'dpkg test' > /usr/bin/ab; LANG=C dpkg -i
/var/cache/apt/archives/apache2-utils_2.2.22-13_i386.deb
Selecting previously unselected package apache2-utils.
(Reading database ... 160513 files and directories currently installed.)
Unpacking apache2-utils (from .../apache2-utils_2.2.22-13_i386.deb) ...
Setting up apache2-utils (2.2.22-13) ...
Processing triggers for man-db ...
A bug causing this symptom was already reported in #21188. The ticket is
unclear, but that instance had presumably been fixed.
Oddly enough, dpkg can't overwrite files installing a new package if the
existing files are already owned by dpkg in another package. dpkg has a
check for that particular case, but not for the general case.
--- System information. ---
Architecture: i386
Kernel: Linux 3.8-trunk-amd64
Debian Release: 7.0
990 testing security.debian.org
990 testing debian.mirror.iweb.ca
500 unstable debian.mirror.iweb.ca
1 experimental debian.mirror.iweb.ca
--- Package information. ---
Package's Depends field is empty.
Package's Recommends field is empty.
Suggests (Version) | Installed
=======================-+-===========
apt | 0.9.7.8
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
