Your message dated Thu, 18 May 2017 03:18:40 +0000 with message-id <[email protected]> and subject line Bug#837051: fixed in dpkg 1.18.24 has caused the Debian Bug report #837051, regarding dpkg-divert breaks package upgrade with moved conffile to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 837051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837051 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: dpkg Version: 1.17.27 Severity: normal Dear Maintainer, During a dist-upgrade of python2.7 dpkg aborted the installation of the new package libpython2.7-minimal as it claims a conffile was still owned by the old package while being moved to the new package. The conffile was locally diverted by me: - python2.7-minimal 2.7.3-6 has /etc/python2.7/sitecustomize.py - With 2.7.4-2 the conffile was moved to the new package libpython2.7-minimal_2.7.9-2 - dpkg aborts because of: > Unpacking libpython2.7-minimal:amd64 (from > libpython2.7-minimal_2.7.9-2_amd64.deb) ... > dpkg: error processing libpython2.7-minimal_2.7.9-2_amd64.deb (--install): > trying to overwrite '/etc/python2.7/sitecustomize.py', which is also in > package python2.7-minimal 2.7.9-2 $ apt-cache show libpython2.7-minimal Package: libpython2.7-minimal Replaces: libpython2.7-stdlib (<< 2.7.8-7), python2.7 (<< 2.7.4-2), python2.7-minimal (<< 2.7.3-10) $ dpkg -s python2.7-minimal Package: python2.7-minimal Version: 2.7.9-2 Config-Version: 2.7.3-6.7.201608291252 $ dpkg-query -W -f '${Package}\n${Version}\n${Config-Version}\n${Conffiles}\n\n' python2.7-minimal libpython2.7-minimal libpython2.7-minimal python2.7-minimal 2.7.9-2 2.7.3-6.7.201608291252 /etc/python2.7/sitecustomize.py d6b276695157bde06a56ba1b2bc53670 obsolete # dpkg-divert --list /etc/python2.7/sitecustomize.py local diversion of /etc/python2.7/sitecustomize.py to /etc/python2.7/sitecustomize.py.debian If I undo my local divert, the new package can be installed without problems: Maybe related: #363524 Problem diverting conffile #595112 dpkg-maintscript-helper: new helper for moving a conffile between packages #672945 dpkg should support moving a conffile between packages As the conffile is moved from python2.7-minimal to libpython2.7-minimal, python2.7-minimal does not use "dpkg-maintscript-helper rm_conffile". Yes, I know <https://www.debian.org/doc/debian-policy/ap-pkg-diversions.html>: > Do not attempt to divert a conffile, as dpkg does not handle it well. I would have expected dpkg-divert to not having such subtile side effects. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dpkg depends on: ii libbz2-1.0 1.0.6-7+b3 ii libc6 2.19-18+deb8u4 ii liblzma5 5.1.1alpha+20120614-2+b3 ii libselinux1 2.3-2 ii tar 1.27.1-2+b1 ii zlib1g 1:1.2.8.dfsg-2+b1 dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 1.0.9.8.3 -- no debconf information
--- End Message ---
--- Begin Message ---Source: dpkg Source-Version: 1.18.24 We believe that the bug you reported is fixed in the latest version of dpkg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guillem Jover <[email protected]> (supplier of updated dpkg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 17 May 2017 13:16:25 +0200 Source: dpkg Binary: dpkg libdpkg-dev dpkg-dev libdpkg-perl dselect Architecture: source Version: 1.18.24 Distribution: unstable Urgency: medium Maintainer: Dpkg Developers <[email protected]> Changed-By: Guillem Jover <[email protected]> Description: dpkg - Debian package management system dpkg-dev - Debian package development tools dselect - Debian package management front-end libdpkg-dev - Debian package management static library libdpkg-perl - Dpkg perl modules Closes: 813454 824742 837051 850834 857449 858004 860238 860979 861217 Changes: dpkg (1.18.24) unstable; urgency=medium . [ Guillem Jover ] * Add missing symbols to the libdpkg map file. * Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order when scanning symbols/shlibs files. This was causing generation of bogus dependencies when multiple packages provide the same SONAME on different directories. Regression introduced in dpkg 1.18.17. Closes: #860979 * Make dpkg-maintscript-helper print all unowned files from a directory when printing the error message, to ease debugging those problems after the fact. Closes: #813454, #860238 Based on a patch by Bastien ROUCARIÈS <[email protected]>. * Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so that successive runs with different versions and equivalent build types do not generate multiple .buildinfo entries to be uploaded, which is similar to what dpkg-gencontrol is doing for .deb files. * Fix conffile takeover handling during unpack in dpkg on --root or on diversions. Closes: #837051, #858004 * Fix digest inference for shared conffiles, causing bogus takeover unpack errors. Regression introduced in dpkg 1.16.9. Closes: #861217 * Improve tar entry metadata parsing in dpkg: - Do not parse device numbers for non block nor char tar entry objects. - Make the existing octal parser more robust, by checking for the expected format of leading zeros or spaces, followed by any ASCII octal characters (0-7), followed by zero or more space or NULs. - Add support for base-256 encoded numeric fields, to support large values, for UID/GID, device number, size and even signed timestamps. This is necessary not only to be able to store larger values, but to cover packages that can already be generated by dpkg-deb, given that it uses the system GNU tar when building. Closes: #850834 * Architecture support: - Add support for ARM64 ILP32. Closes: #824742 Thanks to Wookey <[email protected]>. * Perl modules: - Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu. Thanks to Adam Conrad <[email protected]>. - Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES. - Ignore by default debian/files.new and debian/files for all source formats in Dpkg::Source::Package, because these are generated files with well known pathnames, part of the public interface, and with dpkg-genbuildinfo always injecting .buildinfo entries into debian/files, this meant this could disrupt previous workflows based on not cleaning the source tree. * Documentation: - Many spelling fixes. Thanks to Josh Soref <[email protected]>. - Do not include mispellings in changelogs, as that makes detecting them more difficult. * Build system: - Use libexec variable for auxiliary internal programs, and set it to /usr/lib on Debian and derivatives. - Check that the detected tar is a GNU tar. - Check that the detected patch is a GNU patch, so that we get a directory traversal resistant patch implementation. This fixes CVE-2017-8283 by delegating those checks to patch(1), so that we trap blank-indented diff hunks trying to escape from the source tree. * Test suite: - Add a test case for blank-indented patches which were the cause for CVE-2017-8283. - Handle files with non-zero sizes in c-tarextract libdpkg test code. . [ Updated programs translations ] * Catalan (Guillem Jover). * Czech (Miroslav Kure). . [ Updated dselect translations ] * Catalan (Guillem Jover). . [ Updated scripts translations ] * Catalan (Guillem Jover). . [ Updated man pages translations ] * German (Helge Kreutzmann, David Rabel). Closes: #857449 * Spanish (Javier Fernández-Sanguino). Checksums-Sha1: 50bb679a90095d6466345db327426649f9f0ec1f 2032 dpkg_1.18.24.dsc 155fe5c91728bdf82756674d5aa85e4ff2e3eac6 4530444 dpkg_1.18.24.tar.xz f6485a48925083c714615accf84668e58e3b8aa0 7371 dpkg_1.18.24_amd64.buildinfo Checksums-Sha256: 9f1560a0d237ec570f98f8aacfd1cbdd372371cce40e4c7ee4a31315b0c40823 2032 dpkg_1.18.24.dsc d853081d3e06bfd46a227056e591f094e42e78fa8a5793b0093bad30b710d7b4 4530444 dpkg_1.18.24.tar.xz d7e7756b4ddf7db4f9df0612c019c795cd9715e0fe84783cf2763baa559bb362 7371 dpkg_1.18.24_amd64.buildinfo Files: fcc066dbc043e32b1238567052ff437d 2032 admin required dpkg_1.18.24.dsc 02e8af8faf1e689228da806c3e8c6882 4530444 admin required dpkg_1.18.24.tar.xz 6c5714c7ea0701f57165e8b888e818cd 7371 admin required dpkg_1.18.24_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAlkdC5QACgkQuXK/PqSu V6OmURAA5Htm0CZ3KiH1rfBX8l7E+Zzp10vHhryH+V29uKjnTebxFxqO295x2+ku Os4DH1ShnO77ALU04d5HXfd9zLisxzycXl4nEkio3zsgX87v2jlxpM/HQJswl3qh FH1rs8fxGbxLN8deu8poJobFLFSsEtD5QQOL/iDNRhq8aWUjtiGZ5jpy8t0v9vi+ I7eHFtP6GJL+5l8kxH6GPBmxSiP4RPeVADfVFnhnw+DPbtuJuC3oBk/pDRDVi7dZ 94qQLqhQZ/3sbBORI72TM81/FeDiTsLfl9zXGF36BUbR20O8gG/+nE5zjevIAYBo 9GshCY1ZKX+Uk3uOULTHQaH2UJ4mZVjoyByHmwPkAlj5ZNntL8iYG899Sa2F+OTT iRgPyD+BU9pI0iXUrd8bKiZgtKG7Byk/jj8d2Uftgkl9IQ0Q1t4OdTbLEuM1AESf IjF6MCf9aWo38GBf7h1ubAGgo5NFYeftjMjFBjQu5NUDzQeYW4zUc7Oljw9qmLYF qVSAfDOxwPcEjbC2gxKGqGyD3o7xA418kA+A0TiRFe/LRJ7bh3lGEDYqXDtq8Kkh dPkXYPA4MToRRGLxvk3gsgZTdu3UTnJDFEF3vWG4TXhHVhiVP8mMf52he00Xqmot KtuzHZ98yBd/LlXdeXP9AS01bXfjuSopsLZwrRg6kCQ0IpM/dtE= =Abdj -----END PGP SIGNATURE-----
--- End Message ---
