Ossama Othman wrote: > Hi Mitch, > > > Could you please post the version(s) you have and which mirror you > > got it from? > > Sure! chsh and chfn were also in debhelper! I got debhelper using > dselect/apt. Here is all the info you requested: > > % cat /etc/apt/sources.list > deb http://http.us.debian.org/debian unstable main contrib non-free > deb http://non-us.debian.org/debian-non-US unstable non-US > > % dpkg -l debhelper > ii debhelper 1.2.28 helper programs for debian/rules > > % dpkg --listfiles debhelper | grep /usr/bin/ > /usr/bin/dh_builddeb > /usr/bin/dh_clean > /usr/bin/dh_compress > /usr/bin/dh_du > /usr/bin/dh_fixperms > /usr/bin/dh_gencontrol > /usr/bin/dh_installchangelogs > /usr/bin/dh_installcron > /usr/bin/dh_installdeb > /usr/bin/dh_installdebfiles > /usr/bin/dh_installdirs > /usr/bin/dh_installdocs > /usr/bin/dh_installexamples > /usr/bin/dh_installinit > /usr/bin/dh_installmanpages > /usr/bin/dh_installmenu > /usr/bin/dh_makeshlibs > /usr/bin/dh_md5sums > /usr/bin/dh_movefiles > /usr/bin/dh_shlibdeps > /usr/bin/dh_strip > /usr/bin/dh_suidregister > /usr/bin/dh_testdir > /usr/bin/dh_testroot > /usr/bin/dh_testversion > /usr/bin/dh_undocumented > /usr/bin/dh_debstd > /usr/bin/dh_installemacsen > /usr/bin/dh_installwm > /usr/bin/dh_link > /usr/bin/dh_listpackages > /usr/bin/passwd > /usr/bin/chsh > /usr/bin/chfn > > Okay, I think we can be pretty sure the last three entries don't belong > there. What do you think is the problem? Well, I got the deb and source and dsc from the mirror you pointed out, and it _does_ have these files as symlinks in them pointing to sysdb-wrapper. It doesn't look like a trojan (this weeks hot topic) because his pgp sig matches the md5sum of the tarfile, and the tarfile reproduces the symlinks in the resulting deb. So, I would just treat it as a bug. Please file a critical bug report against this package, or let me know if you don't and I will file it. I would downgrade your debhelper to 1.2.27 and reinstall the passwd package. Thanks for finding this bug. -Mitch
Attachment:
pgpgotnppsyrC.pgp
Description: PGP signature