Bug#457027: debian-builder script tries to remove all packages in the system if started without arguments

Tue, 18 Dec 2007 23:45:27 -0800 

Package: debian-builder
Version: 1.7
Severity: grave
Tags: patch
Justification: causes non-serious data loss


The script uses %INSTALLED hash table to track the packages which was
installed on the system when script was started. Problem is, it fills this
table only when buildPackage() function called. When no argument 
given, this function is not called, and %INSTALLED table is not filled,
but tidySystem() function always called on script termination,
and it does not check if %INSTALLED were initialized or not.
It then executes a command to remove packages what exist in curent system,
but not in %INSTALLED table, which is all packages in the system in this case.
This can be easily fixed, but in general, removing packages without user
confirmation is a very bad idea - debian-helper intended to be run with
root privileges, and therefore even a little bug can be the cause of
system rendered unusable.

patch:

--- debian-builder.orig 2007-12-19 11:52:39.000000000 +0500
+++ debian-builder      2007-12-19 12:03:29.000000000 +0500
@@ -637,6 +637,9 @@
 
 sub tidySystem
 {
+    if( not scalar(%INSTALLED) ) {
+       return;
+    }
     my %NEW = getInstalledPackages();
     my @removals;
     foreach my $package ( sort keys %NEW )



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23ct (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages debian-builder depends on:
ii  build-essential               11.3       informational list of build-essent
ii  devscripts                    2.10.9     Scripts to make the life of a Debi
ii  dpkg-dev                      1.14.7     package building tools for Debian
ii  perl                          5.8.8-11   Larry Wall's Practical Extraction 
ii  perl-modules                  5.8.8-11   Core Perl modules

debian-builder recommends no packages.

-- debconf-show failed

--- debian-builder.orig 2007-12-19 11:52:39.000000000 +0500
+++ debian-builder      2007-12-19 12:03:29.000000000 +0500
@@ -637,6 +637,9 @@
 
 sub tidySystem
 {
+    if( not scalar(%INSTALLED) ) {
+       return;
+    }
     my %NEW = getInstalledPackages();
     my @removals;
     foreach my $package ( sort keys %NEW )

Reply via email to