Bug#1058937: Conflicts with libnfsidmap{2,-regex} involving aliased file locations)

[Ben Hutchings]

Control: user helm...@debian.org
Control: usertag -1 dep17p1

According to the classification in DEP-17
 this is problem type P1.

libnfsidmap1 includes mitigation M7 (Conflicts with the other packages)
since version 1:2.5.4-1~exp2, but although this usually avoids P1 we
now know that this is not always the case.

Ben.

-- 
Ben Hutchings
Absolutum obsoletum. (If it works, it's out of date.) - Stafford Beer



signature.asc
Description: This is a digitally signed message part

Bug#1058937: Conflicts with libnfsidmap{2,-regex} involving aliased file locations

[Ben Hutchings]

Package: libnfsidmap1
Version: 1:2.5.4-1~exp1
Severity: serious

As receently disvovered by Helmut Grohne, a conflict between binary
packages does not ensure that the files of one will be removed before
the files of the other are installed.  This can result in file loss
when the conflict involves aliased filenames rather than exactly the
same filenames.

This specific scenario exists when installing libnfsidmap1 as a
replacement for libnfsidmap{2,-regex} packages.  I was able to
reproduce it with the following sequence of commands in a minimal
bullseye amd64 chroot:

# apt -y install usrmerge
# apt -y install libnfsidmap{2,-regex}
# sed -i 's/bullseye/bookworm/' /etc/apt/sources.list
# apt update
# apt -d -y install libnfsidmap1
# (cd /var/cache/apt/archives && \
   dpkg -i libc{6,-bin}_2.36-9+deb12u3_amd64.deb \
   libsasl2-{2,modules-db}_2.1.28+dfsg-10_amd64.deb \
   libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb \
   libgnutls30_3.7.9-2_amd64.deb libldap-2.5-0_2.5.13+dfsg-5_amd64.deb)
# dpkg -i /var/cache/apt/archives/libnfsidmap1_1%3a2.6.2-4_amd64.deb

Ben.