Package: libnfsidmap1
Version: 1:2.5.4-1~exp1
Severity: serious
As receently disvovered by Helmut Grohne, a conflict between binary
packages does not ensure that the files of one will be removed before
the files of the other are installed. This can result in file loss
when the conflict involves aliased filenames rather than exactly the
same filenames.
This specific scenario exists when installing libnfsidmap1 as a
replacement for libnfsidmap{2,-regex} packages. I was able to
reproduce it with the following sequence of commands in a minimal
bullseye amd64 chroot:
# apt -y install usrmerge
# apt -y install libnfsidmap{2,-regex}
# sed -i 's/bullseye/bookworm/' /etc/apt/sources.list
# apt update
# apt -d -y install libnfsidmap1
# (cd /var/cache/apt/archives && \
dpkg -i libc{6,-bin}_2.36-9+deb12u3_amd64.deb \
libsasl2-{2,modules-db}_2.1.28+dfsg-10_amd64.deb \
libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb \
libgnutls30_3.7.9-2_amd64.deb libldap-2.5-0_2.5.13+dfsg-5_amd64.deb)
# dpkg -i /var/cache/apt/archives/libnfsidmap1_1%3a2.6.2-4_amd64.deb
Ben.
