Bug#588077: /usr/bin/dpkg-divert: --add --rename should not rename a file currently owned by --package

[Andreas Beckmann]

Package: dpkg
Version: 1.15.7.2
Severity: important
File: /usr/bin/dpkg-divert
Tags: patch

Hi,

dpkg-divert --add --rename incorrectly renames an existing file that is
owned by the package given with --package. For example see the following
commands:

# dpkg -S /usr/bin/users
coreutils: /usr/bin/users
# ls -la /usr/bin/users*
-rwxr-xr-x 1 root root 28368 Apr 28 04:05 /usr/bin/users
# dpkg-divert --add --rename --package coreutils --divert 
/usr/bin/users.diverted /usr/bin/users
Adding `diversion of /usr/bin/users to /usr/bin/users.diverted by coreutils'
# ls -la /usr/bin/users*
-rwxr-xr-x 1 root root 28368 Apr 28 04:05 /usr/bin/users.diverted

Oops, that should not have happened!


A patch that adds a check for the owning package of the to be renamed
file is attached.


Andreas

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (800, 'testing'), (800, 'stable'), (600, 'unstable'), (130, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-0-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dpkg depends on:
ii  coreutils         8.5-1                  GNU core utilities
ii  libbz2-1.0        1.0.5-4                high-quality block-sorting file co
ii  libc6             2.11.1-3               Embedded GNU C Library: Shared lib
ii  libselinux1       2.0.94-1               SELinux runtime shared libraries
ii  xz-utils          4.999.9beta+20100527-1 XZ-format compression utilities
ii  zlib1g            1:1.2.3.4.dfsg-3       compression library - runtime

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt                           0.7.25.3   Advanced front-end for dpkg

-- no debconf information

--- dpkg-divert 2010-05-30 13:21:36.000000000 +0200
+++ dpkg-divert.mine    2010-07-04 18:41:01.088037663 +0200
@@ -182,6 +182,7 @@
     push(@package,$package);
     printf(_g("Adding \`%s'")."\n", infon($#contest)) if $verbose > 0;
     checkrename($file, $divertto);
+    checkowner($file, $package);
     save();
     dorename($file, $divertto);
     exit(0);
@@ -303,6 +304,24 @@
     }
 }
 
+sub checkowner {
+    return unless $dorename;
+    my ($file,$package) = @_;
+    # the $file has alredy been checked to a) exist and b) not being diverted
+    # now check if it is owned by $package and prevent renaming in that case
+    if (open (DPKG, "dpkg -S $file |")) {
+        my $owner = <DPKG>;
+        if ($owner =~ /^([^:]+):/) {
+            if ($1 eq $package) {
+                $dorename = ! $dorename;
+            }
+        }
+        close DPKG;
+    } else {
+        # error handling ?
+    }
+}
+
 sub rename_mv($$)
 {
     return (rename($_[0], $_[1]) || (system(("mv", $_[0], $_[1])) == 0));