Bug#142916: dpkg: can install a blatantly corrupt package
Package: dpkg
Version: 1.9.20
Severity: important
$ ar -x kernel-image-2.4.18-lsm_601_i386.deb
ar: kernel-image-2.4.18-lsm_601_i386.deb is not a valid archive
This package is corrupted by a few K. It installs without reporting any
errors, lilo gets run and installs an appropriate boot map, then at boot time
LILO reports a CRC error because the vmlinuz file is truncated!
This is wrong, even ar can tell it's a corrupt package, and dpkg should do
further checks and catch an error from gzip if it's CRC doesn't match!
This is a serious error, it can result in data loss when the files that are
installed don't match the correct contents of the package.
-- System Information
Debian Release: 3.0
Kernel Version: Linux ivanova 2.4.18rc1-lsm #1 Thu Feb 14 19:41:55 EST 2002 i686 unknown
Versions of the packages dpkg depends on:
ii libc6 2.2.5-3 GNU C Library: Shared libraries and Timezone
ii libncurses5 5.2.20020112a- Shared libraries for terminal handling
ii libstdc++2.10- 2.95.4-1 The GNU stdc++ library
--
To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: