Files moved around in clamav without appropriate Breaks/Replaces, causing upgrade failures

Bug #1532608 reported by Andreu Correa Casablanca on 2016-01-10
30
This bug affects 3 people
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
High
Christian Ehrhardt 
Xenial
Undecided
Unassigned

Bug Description

[Impact]

 * Upgrades can fail due to file collisions since SRUs that bumped the
   version in trusty. Due to that the formerly breaks/replaces no more
   applies correctly.

[Test Case]

 * The following upgrade paths leads to an error without the fix (ok to be
   run in a container)
   # install trusty
   $ apt install clamav-daemon
   # upgrade to Xenial repo
   $ apt update && apt upgrade

[Regression Potential]

 * Since we "just" bump the breaks/replaces this should be fairly safe.
   The only case that comes to my mind is when old custom versions with
   odd versions were installed, but even then it either does just trigger
   the same issues. OTOH most likely even in that rare (and unsupported
   case) they should be fine.

[Other Info]

 * n/a

---

This bug appeared updating from Ubuntu 14.04 to Ubuntu 15.04

ProblemType: Package
DistroRelease: Ubuntu 15.04
Package: clamav-daemon 0.98.7+dfsg-0ubuntu0.15.04.1
ProcVersionSignature: Ubuntu 3.19.0-43.49-generic 3.19.8-ckt10
Uname: Linux 3.19.0-43-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.8
Architecture: amd64
Date: Sun Jan 10 21:18:16 2016
DuplicateSignature: package:clamav-daemon:0.98.7+dfsg-0ubuntu0.15.04.1:intentando sobreescribir `/usr/share/man/man5/clamd.conf.5.gz', que está también en el paquete clamav-base 0.98.7+dfsg-0ubuntu0.14.04.1
ErrorMessage: intentando sobreescribir `/usr/share/man/man5/clamd.conf.5.gz', que está también en el paquete clamav-base 0.98.7+dfsg-0ubuntu0.14.04.1
InstallationDate: Installed on 2015-07-25 (168 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-3.19.0-43-generic root=UUID=b406f381-7240-484e-88db-5b321e59568d ro quiet splash vt.handoff=7
RelatedPackageVersions:
 dpkg 1.17.25ubuntu1.1
 apt 1.0.9.7ubuntu4.2
SourcePackage: clamav
Title: package clamav-daemon 0.98.7+dfsg-0ubuntu0.15.04.1 failed to install/upgrade: intentando sobreescribir `/usr/share/man/man5/clamd.conf.5.gz', que está también en el paquete clamav-base 0.98.7+dfsg-0ubuntu0.14.04.1
UpgradeStatus: Upgraded to vivid on 2016-01-10 (0 days ago)

tags: removed: need-duplicate-check

Looks like this has happened because trusty-updates/security have a newer upstream version to which the Breaks/Replaces applies but isn't declared as a result of this happening after the package version that declares the Breaks/Replaces, IYSWIM.

summary: - package clamav-daemon 0.98.7+dfsg-0ubuntu0.15.04.1 failed to
- install/upgrade: intentando sobreescribir
- `/usr/share/man/man5/clamd.conf.5.gz', que está también en el paquete
- clamav-base 0.98.7+dfsg-0ubuntu0.14.04.1
+ Files moved from clamav-base to clamav-daemon without appropriate
+ Breaks/Replaces, causing upgrade failures
Changed in clamav (Ubuntu):
status: New → Triaged
importance: Undecided → High
Robie Basak (racb) wrote :

Be sure to check the duplicates, which include some other movements that appear to also be missing appropriate Breaks/Replaces.

summary: - Files moved from clamav-base to clamav-daemon without appropriate
- Breaks/Replaces, causing upgrade failures
+ Files moved around in clamav without appropriate Breaks/Replaces,
+ causing upgrade failures
Robie Basak (racb) on 2017-02-13
tags: added: server-next

Repro for the case with:
# install trusty
$ apt install clamav-daemon
upgrade to Xenial repo
$ apt update && apt upgrade

Issues seen on:
clamav-base 0.98.7+dfsg-0ubuntu0.14.04.1 -> clamav-daemon:0.98.7+dfsg-0ubuntu0.15.04.1
clamav-base 0.99.2+addedllvm-0ubuntu0.14.04.1 -> clamav-daemon 0.99.2+dfsg-0ubuntu0.16.04.1

Even in current 0.99.2+addedllvm-0ubuntu0.14.04.2 the file that shown up in all of those is still in clamav-base.

The problem here is that that the trusty version was bumped above those released with 16.04 and therefore the old breaks/replaces isn't correctly applying anymore.

Unless this is bumped that way again (should not I hope) we can rely on being before "0.99.2+dfsg-0ubuntu0.16.04.1" - since those both are bumped by SRUs only on the last level.
This will make is break/conflict with the version Xenial provided on release, but
1. the later 16.04.2+ releases had the new already
2. it isn't breaking anyone, but fixing the upgrade issue for others

Later releases are on 0.99.2+dfsg-6... and 0.99.3... so all safe.
That means we need to change the
<< 0.99+dfsg-1ubuntu1
to
<< 0.99.2+dfsg-0ubuntu0.16.04.1~

I have a proposal to implement those changed deps, soon up for review ...

Changed in clamav (Ubuntu):
assignee: nobody → ChristianEhrhardt (paelzer)
status: Triaged → In Progress
description: updated

MP done, added SRu Template uploaded for SRU review

Hello Andreu, or anyone else affected,

Accepted clamav into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-0ubuntu0.16.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in clamav (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed verification-needed-xenial

I did the test as outlined but into xenial-proposed and it worked fine now.
=> verified

Note that due to the builder outage by meltdown avoidance, this still needs builds on some architectures to be fully ready to migrate into -updates.

[...]
Preparing to unpack .../libclamav7_0.99.2+dfsg-0ubuntu0.16.04.3_amd64.deb ...
Unpacking libclamav7 (0.99.2+dfsg-0ubuntu0.16.04.3) over (0.99.2+addedllvm-0ubuntu0.14.04.2) ...
Preparing to unpack .../clamav-base_0.99.2+dfsg-0ubuntu0.16.04.3_all.deb ...
Unpacking clamav-base (0.99.2+dfsg-0ubuntu0.16.04.3) over (0.99.2+addedllvm-0ubuntu0.14.04.2) ...
Preparing to unpack .../clamav-daemon_0.99.2+dfsg-0ubuntu0.16.04.3_amd64.deb ...
 * Stopping ClamAV daemon clamd [ OK ]
Unpacking clamav-daemon (0.99.2+dfsg-0ubuntu0.16.04.3) over (0.99.2+addedllvm-0ubuntu0.14.04.2) ...
Preparing to unpack .../clamav-freshclam_0.99.2+dfsg-0ubuntu0.16.04.3_amd64.deb ...
 * Stopping ClamAV virus database updater freshclam [ OK ]
Unpacking clamav-freshclam (0.99.2+dfsg-0ubuntu0.16.04.3) over (0.99.2+addedllvm-0ubuntu0.14.04.2) ...
Preparing to unpack .../curl_7.47.0-1ubuntu2.5_amd64.deb ...
Unpacking curl (7.47.0-1ubuntu2.5) over (7.35.0-1ubuntu2.13) ...
Preparing to unpack .../libcurl3_7.47.0-1ubuntu2.5_amd64.deb ...
Unpacking libcurl3:amd64 (7.47.0-1ubuntu2.5) over (7.35.0-1ubuntu2.13) ...
Preparing to unpack .../clamav_0.99.2+dfsg-0ubuntu0.16.04.3_amd64.deb ...
Unpacking clamav (0.99.2+dfsg-0ubuntu0.16.04.3) over (0.99.2+addedllvm-0ubuntu0.14.04.2) ...
Selecting previously unselected package clamdscan.
Preparing to unpack .../clamdscan_0.99.2+dfsg-0ubuntu0.16.04.3_amd64.deb ...
Unpacking clamdscan (0.99.2+dfsg-0ubuntu0.16.04.3) ...
[...]
Setting up libclamav7 (0.99.2+dfsg-0ubuntu0.16.04.3) ...
Setting up clamav-base (0.99.2+dfsg-0ubuntu0.16.04.3) ...
Setting up clamav-freshclam (0.99.2+dfsg-0ubuntu0.16.04.3) ...
Installing new version of config file /etc/init.d/clamav-freshclam ...
Replacing config file /etc/logrotate.d/clamav-freshclam with new version
Replacing config file /etc/clamav/freshclam.conf with new version
 * Starting ClamAV virus database updater freshclam [ OK ]
Setting up clamav-daemon (0.99.2+dfsg-0ubuntu0.16.04.3) ...
Installing new version of config file /etc/apparmor.d/usr.sbin.clamd ...
Installing new version of config file /etc/init.d/clamav-daemon ...
Replacing config file /etc/clamav/clamd.conf with new version
Replacing config file /etc/logrotate.d/clamav-daemon with new version
 * Starting ClamAV daemon clamdSetting up curl (7.47.0-1ubuntu2.5) ...
Setting up libcurl3:amd64 (7.47.0-1ubuntu2.5) ...
Setting up clamav (0.99.2+dfsg-0ubuntu0.16.04.3) ...
Setting up clamdscan (0.99.2+dfsg-0ubuntu0.16.04.3) ...
[...]

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.99.2+dfsg-0ubuntu0.16.04.3

---------------
clamav (0.99.2+dfsg-0ubuntu0.16.04.3) xenial; urgency=medium

  * d/control: bump break/replaces dependencies to respect major trusty
    version upgrades (LP: #1532608)

 -- Christian Ehrhardt <email address hidden> Mon, 15 Jan 2018 13:24:57 +0100

Changed in clamav (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for clamav has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Changed in clamav (Ubuntu):
status: In Progress → New

Since all upgrades will go through LTS->LTS paths at least that should be good now in general.
I don't see a need to fix other ubuntu releases (I might miss some).

So instead of "In Progress → New" I'll set Fix Released.

@Andreas - if I miss why this needs a change in other versions please explain why.

Changed in clamav (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers