group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #34494
[Bug 1860217] Re: dpkg-reconfigure clamav-daemon in infinite loop
This bug was fixed in the package clamav - 0.102.2+dfsg-0ubuntu0.16.04.1
---------------
clamav (0.102.2+dfsg-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 0.102.2 to fix security issue (CVE-2020-3123)
- debian/patches/*: synced patches with 0.102.2+dfsg-1.
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 113.
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Tue, 11 Feb 2020
08:45:45 -0500
** Changed in: clamav (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-3123
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1860217
Title:
dpkg-reconfigure clamav-daemon in infinite loop
Status in clamav package in Ubuntu:
Fix Released
Status in clamav source package in Xenial:
Fix Released
Status in clamav source package in Bionic:
Fix Committed
Status in clamav source package in Eoan:
Fix Committed
Status in clamav source package in Focal:
Fix Released
Bug description:
[Impact]
There appears to be another issue with
> dpkg-reconfigure clamav-daemon
Like in #1792051, the command ends up in an infinite loop, just that
this time it happens between 'Log file for clamav-daemon' and 'Do you
want to enable log rotation?', with one more step between also
included in the loop.
Purged and reinstalled the package with no effect.
Effected package: clamav-daemon 0.102.1+dfsg-0ubuntu0.19.10.2 (arm64)
EDIT: I was able to reproduce the error on a different system (also
0.102.1+dfsg-0ubuntu0.19.10.2, just amd64 instead)
[Test Case]
(1)
Here's how to reproduce:
* Deploy Bionic
* Install clamav clamav-daemon
(As a debug exercise and confirmation of the infinite loop in action,
with the use of "export DEBCONF_DEBUG='.*'" one can confirm it.)
* Perform:
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true dpkg-reconfigure clamav-daemon
Make sure it completes fine and doesn't enter an infinite loop.
---
(2)
Run "dpkg-reconfigure clamav-daemon", make sure all of the debconf
prompts that are supposed to be there are actually reachable,
including the one modified by this SRU "LogTime"[0] and
"LogRotate"[1].
[0]- Do you want to log time information with each message?
[1]- Do you want to enable log rotation?
Here's a test where I intentionally reconfigure the package and set
both LogTime and LogRotate from 'yes' (true) to 'No' (False).
# egrep "LogRotate|LogTime" /etc/clamav/clamd.conf
LogRotate true
LogTime true
# dpkg-reconfigure clamav-daemon
Replacing config file /etc/clamav/clamd.conf with new version
Disabling old logrotate script for clamav-daemon
# egrep "LogRotate|LogTime" /etc/clamav/clamd.conf
LogRotate false
LogTime false
[Regression Potential]
Right now, the impact is limited to the reconfiguration of the
package. This is a consequence of the removal of ScanOnAcces (701f0e8e
Remove ScanOnAccess).
It's been proven to be working well pre-SRU.
If a regression is found, it will likely remain limited to the package
reconfiguration.
I added another verification to address vorlon's concern found in
comment #16. See section (2) in [Test Case].
[Other infos]
* Debian upstream bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950296
* Debian upstream (salsa):
https://salsa.debian.org/clamav-team/clamav/commit/089b6136e95dd34b3ac8a4d0753bffb48c48ebdb
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1860217/+subscriptions