Bug#726742: proftpd-mod-geoip: postrm deletes mod_geoip.so on upgrades

Andreas Beckmann anbe at debian.org
Fri Oct 18 15:30:24 UTC 2013 

Package: proftpd-mod-geoip
Version: 0.3-1
Severity: serious
Tags: wheezy

reinstalling proftpd-mod-geoip in wheezy deletes mod_geoip.so:

# apt-get install --reinstall proftpd-mod-geoip
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0 B/26.1 kB of archives.
After this operation, 0 B of additional disk space will be used.
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76, <> line 1.)
debconf: falling back to frontend: Readline
(Reading database ... 13945 files and directories currently installed.)
Preparing to replace proftpd-mod-geoip 0.3-1+b1 (using .../proftpd-mod-geoip_0.3-1+b1_amd64.deb) ...
Unpacking replacement proftpd-mod-geoip ...
Deleting mod_geoip..
Setting up proftpd-mod-geoip (0.3-1+b1) ...

this would be fatal in case of a security update, as the same
happens on upgrades (here wheezy-> jessie, #699647)

[...]
  Preparing to replace proftpd-mod-geoip 0.3-1+b1 (using .../proftpd-mod-geoip_1.3.5~rc3-2.1_amd64.deb) ...
  Unpacking replacement proftpd-mod-geoip ...
  Deleting mod_geoip..
  Preparing to replace proftpd-basic 1.3.4a-4+nmu1 (using .../proftpd-basic_1.3.5~rc3-2.1_amd64.deb) ...
  invoke-rc.d: policy-rc.d denied execution of stop.
  Unpacking replacement proftpd-basic ...
[...]
  Setting up proftpd-basic (1.3.5~rc3-2.1) ...
  Installing new version of config file /etc/proftpd/dhparams.pem ...
  Installing new version of config file /etc/init.d/proftpd ...
  invoke-rc.d: policy-rc.d denied execution of start.
  Setting up proftpd-mod-geoip (1.3.5~rc3-2.1) ...
[...]

This is caused by a braindead postrm script:

	#!/bin/sh

	set -e

	if [ -d /usr/lib/proftpd ]; then
        	echo "Deleting mod_geoip.."
        	rm -f /usr/lib/proftpd/mod_geoip.so
	fi

I have no clue what the intention is here ... but doing this
unconditionally is really bad as is also is executed in the
  old-postrm upgrade <newversion>
case, and that is after the new package has been unpacked.


The only solution I see to properly fix (i.e. delete) this, is

* remove the postrm script from the package (it's useless anyway)
* add a preinst script that checks whether the old buggy postrm exists
  and delete it *before* the new package gets unpacked


Andreas

More information about the Pkg-proftpd-maintainers mailing list