[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#142916: dpkg: can install a blatantly corrupt package

Package: dpkg
Version: 1.9.20
Severity: important

$ ar -x kernel-image-2.4.18-lsm_601_i386.deb
ar: kernel-image-2.4.18-lsm_601_i386.deb is not a valid archive

This package is corrupted by a few K.  It installs without reporting any
errors, lilo gets run and installs an appropriate boot map, then at boot time
LILO reports a CRC error because the vmlinuz file is truncated!

This is wrong, even ar can tell it's a corrupt package, and dpkg should do
further checks and catch an error from gzip if it's CRC doesn't match!

This is a serious error, it can result in data loss when the files that are
installed don't match the correct contents of the package.

-- System Information
Debian Release: 3.0
Kernel Version: Linux ivanova 2.4.18rc1-lsm #1 Thu Feb 14 19:41:55 EST 2002 i686 unknown

Versions of the packages dpkg depends on:
ii  libc6          2.2.5-3        GNU C Library: Shared libraries and Timezone
ii  libncurses5    5.2.20020112a- Shared libraries for terminal handling
ii  libstdc++2.10- 2.95.4-1       The GNU stdc++ library

To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: