[Pkg-sysvinit-devel] Bug#386649: sysvinit: Dangerous instructions in NEWS.Debian, removes packages

Adrian Irving-Beer wisq-deb at wisq.net
Sat Sep 9 04:19:28 UTC 2006 

Package: sysvinit
Version: 2.86.ds1-18
Severity: critical
Justification: breaks unrelated software

The NEWS.Debian has these instructions on how to fix the broken init.d
links caused by bug #386500:

    for p in `dpkg -S /etc/init.d/*|cut -d: -f1|sort -u`; do
      apt-get --reinstall install -y $p
    done

This fails to check if a package has been removed but not purged -- hence
its init.d script exists, but the package is no longer on the system.

In my case, it attempted to reinstall "xfs-xtt", which (due to
conflicting with the current version of X) effectively attempted to
remove every single X-based package on my system (270 packages).
Because of the "-y", no prompt is issued; many packages were removed
before I realised what was going on and aborted it.

(Please let me know if this is the correct severity, BTW.  The
instructions may break unrelated packages, but the software / package
itself does not, and only some users will experience this.  I was
hesitant to report it at "critical", but deemed it better to risk
crying wolf than to understate the issue.)

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)

Versions of packages sysvinit depends on:
ii  initscripts                  2.86.ds1-18 Scripts for initializing and shutt
ii  libc6                        2.3.6.ds1-4 GNU C Library: Shared libraries
ii  libselinux1                  1.30.27-2   SELinux shared libraries
ii  libsepol1                    1.12.26-1   Security Enhanced Linux policy lib
ii  sysv-rc                      2.86.ds1-18 System-V-like runlevel change mech

sysvinit recommends no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-sysvinit-devel/attachments/20060909/502513d5/attachment.pgp

More information about the Pkg-sysvinit-devel mailing list