Package: libstrongswan Version: 4.6.4-1 Severity: serious User: [email protected] Usertags: edos-file-overwrite
Architecture: amd64
Distribution: squeeze->sid (partial) upgrade
Hi,
automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:
Selecting previously deselected package strongswan-ikev2.
Unpacking strongswan-ikev2 (from .../strongswan-ikev2_4.4.1-5.2_amd64.deb) ...
Setting up strongswan-ikev2 (4.4.1-5.2) ...
Preparing to replace libstrongswan 4.4.1-5.2 (using
.../libstrongswan_4.6.4-5_amd64.deb) ...
Unpacking replacement libstrongswan ...
dpkg: error processing
/var/cache/apt/archives/libstrongswan_4.6.4-5_amd64.deb (--unpack):
trying to overwrite '/usr/lib/ipsec/plugins/libstrongswan-attr-sql.so',
which is also in package strongswan-ikev2 4.4.1-5.2
This is a serious bug as it makes installation/upgrade fail, and
violates sections 7.6.1 and 10.1 of the policy.
As this problem can be demonstrated during partial upgrades from squeeze
to sid (but not within squeeze or sid itself), this indicates a
missing or insufficiently versioned Replaces+Breaks relationship.
But since this particular upgrade ordering is not forbidden by any
dependency relationship, it is possible that apt (or $PACKAGE_MANAGER)
will use this erroneus path on squeeze->sid upgrades.
Here is a list of files that are known to be shared by both packages
(according to the Contents files for squeeze and sid on amd64, which
may be slightly out of sync):
usr/lib/ipsec/plugins/libstrongswan-attr-sql.so
usr/lib/ipsec/plugins/libstrongswan-attr.so
usr/lib/ipsec/plugins/libstrongswan-curl.so
usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so
usr/lib/ipsec/plugins/libstrongswan-ldap.so
The plugins were moved around recently:
strongswan (4.6.4-1) experimental; urgency=low
- move ldap, curl, kernel-netlink and attr* plugins to libstrongswan,
since they are used by pluto too. closes: #611846
The following relationships are currently defined:
Package: libstrongswan
Conflicts: strongswan (<< 4.2.12-1)
Breaks: n/a
Replaces: n/a
The following relationships should be added for a clean takeover of
these files
(http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces):
Package: libstrongswan
Breaks: strongswan-ikev2 (<< 4.6.4)
Replaces: strongswan-ikev2 (<< 4.6.4)
Cheers,
Andreas
PS: for more information about the detection of file overwrite errors
of this kind see http://edos.debian.net/file-overwrites/.
strongswan-ikev2=4.4.1-5.2_libstrongswan=4.6.4-5.log.gz
Description: GNU Zip compressed data
