clamwin / clamav

ClamWin clamav with additional patches
GNU General Public License v2.0
51 stars 16 forks source link

clamwin fork's "0.103.2" is actually 0.103.1; missing UUID in HTTP UserAgent causing freshclam failures #6

Closed micahsnyder closed 3 years ago

micahsnyder commented 3 years ago

A couple of users were complaining that ClamWin 0.103.2 can't update. ClamAV 0.103.2 carries a new randomly generated UUID in the HTTP UserAgent. ClamAV's CDN checks for it and will reject database downloads that lack the UUID.

I took a look at the commit history for this repo and realized that the "0.103.2" branch is actually 0.103.1 + the commit which bumps the version # to 0.103.2. It looks like the rest of the 0.103.2 commits are missing.

sherpya commented 3 years ago

this is very strange in the history I have git rebase clamav/dev/0.103.2 as always? do I need to pick another branch for reference?

sherpya commented 3 years ago

@micahsnyder I've downloaded the tarbal and made a diff, I've found a lot of differences, I suspect I'm rebasing against the wrong version

sherpya commented 3 years ago

bb84d9e192e2c2f830e9985b1913db030bc23bd6 actually is dev/0.103.2

sherpya commented 3 years ago

Ok I'll rebase against tags

sherpya commented 3 years ago

@micahsnyder I've made a new release, when 0.103.3 will officially released?

micahsnyder commented 3 years ago

By the time of the 0.103.2 release, dev/0.103.2 should have had all the commits. Most of the work was done on a private sec/dev/0.103.2 branch, which was merged into dev/0.103.2 on release day, which was in turn merged to the rel/0.103 release branch where it was tagged. For a long time we left the old dev branches around after they'd been merged. More recently, we agreed to delete merged dev branches, which is why they don't exist anymore. Perhaps because of the internal/external git repository set-up it was never synced to the public repository before we deleted the merged dev/0.103.2 branch. In any case, I'm sorry for the confusion.

The rel/0.103 release branch will have the latest release, but using the tags is the most accurate option.

We're targeting June 21st for 0.103.3.

As a heads up, we're planning to stop using a dev/* branch for feature version development after 0.104 and will just use main instead. That is to say that after we merge dev/0.104 to master, the plan is to create a main branch off of master and delete master.🔸 We will continue to use dev/x.y.z branches for patch (hotfix) development.

Our current strategy looks like this: image

And after 0.104, our branching strategy will look like this:

image

🔸main is GitHub's new default branch name for new repositories, so I decided to make a change to match that while we make the change to stop using dev/* for feature development.

micahsnyder commented 3 years ago

For what it's worth - we're going to start using GitHub directly soon, and only use our internal repository as a fork for working on security fixes. As of a couple weeks ago, I finished updating our QA test infrastructure so it'll work with internal and external repositories. Now we just need to switch over. There are about a dozen internal PR's that we need to merge or migrate to the public repo to make the switch. I'm hoping to do it very soon.

sherpya commented 3 years ago

@micahsnyder looks like cloudflare blocks ClamWin user agent and not the missing uuid, I've a Linux installation with 0.103.1 and updates without problem

finchy commented 3 years ago

Try now

sherpya commented 3 years ago

Try now

nevermind, we already rebased from tag, reverted the user agent, and pushed the update