Bug#142916: dpkg: can install a blatantly corrupt package

To: submit@bugs.debian.org
Subject: Bug#142916: dpkg: can install a blatantly corrupt package
From: <russell@coker.com.au>
Date: Mon, 15 Apr 2002 10:34:39 +1000 (EST)
Message-id: <[🔎] 20020415003439.B0386FB3A@ivanova.coker.com.au>
Reply-to: <russell@coker.com.au>, 142916@bugs.debian.org

Package: dpkg
Version: 1.9.20
Severity: important

$ ar -x kernel-image-2.4.18-lsm_601_i386.deb
ar: kernel-image-2.4.18-lsm_601_i386.deb is not a valid archive

This package is corrupted by a few K.  It installs without reporting any
errors, lilo gets run and installs an appropriate boot map, then at boot time
LILO reports a CRC error because the vmlinuz file is truncated!

This is wrong, even ar can tell it's a corrupt package, and dpkg should do
further checks and catch an error from gzip if it's CRC doesn't match!

This is a serious error, it can result in data loss when the files that are
installed don't match the correct contents of the package.

-- System Information
Debian Release: 3.0
Kernel Version: Linux ivanova 2.4.18rc1-lsm #1 Thu Feb 14 19:41:55 EST 2002 i686 unknown

Versions of the packages dpkg depends on:
ii  libc6          2.2.5-3        GNU C Library: Shared libraries and Timezone
ii  libncurses5    5.2.20020112a- Shared libraries for terminal handling
ii  libstdc++2.10- 2.95.4-1       The GNU stdc++ library


-- 
To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Bug#142792: dpkg man page typo
Next by Date: Processed: dpkg: update-alternatives: --removeall <name>, --set <name> <prog>
Previous by thread: Bug#142792: dpkg man page typo
Next by thread: Processed: dpkg: update-alternatives: --removeall <name>, --set <name> <prog>
Index(es):
- Date
- Thread