Control: reopen -1 On Wed, Jan 31, 2024 at 10:12:03AM +0000, Debian Bug Tracking System wrote: > #1061966: file loss due to combining time64 + /usr-move > > It has been closed by Debian FTP Masters <ftpmas...@ftp-master.debian.org> > (reply to Steve Langasek <vor...@debian.org>).
I fear this is not fixed. > /usr/lib/x86_64-linux-gnu/libaudit.so.1 and This is fixed. > /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0 have been moved from This not. > libaudit1 to libaudit1t64 in this upload and these files have formerly > been installed below /lib in bookworm. Hence, we are creating exactly > the problem that the file move moratorium was meant to prevent. > > /usr/lib/x86_64-linux-gnu/libauparse.so.0 and This is fixed. > /usr/lib/x86_64-linux-gnu/libauparse.so.0.0.0 likewise move from This not. > libauparse0 to libauparse0t64 and create the same problem. > > DEP17 classifies this a P1 and proposed mitigations M7 and M8. In this > case, I recommend not exercising Conflicts (M7), because they are known > to be unreliable and libaudit1 is part of the the essential set (login > depends on it). Instead, their respective preinst script should create > protective diversions > > dpkg-divert --package libaudit1t64 --no-rename --divert > /lib/x86_64-linux-gnu/libaudit.so.1.usr-is-merged > /lib/x86_64-linux-gnu/libaudit.so.1 > > for each of the affected files with their aliased location. In this case > - since we cannot use Conflicts - we cannot get rid of these diversions > in postinst. We already have Breaks: libaudit1 (<< ...), but that allows > concurrent unpack and hence still allows for the file loss scenario. The > diversions should be cleaned up in forky's postinst. > > I appreciate another upload of audit to experimental to verify the > mitigation. Helmut
