From: Stefan Schantl Date: Sun, 7 Jul 2013 08:26:30 +0000 (+0200) Subject: squidclamav: Never use IPv6. X-Git-Tag: v2.13-core71~7^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ced384b719877abfe0c78d9345a645f4531e38a;p=people%2Fms%2Fipfire-2.x.git squidclamav: Never use IPv6. Squidclamav uses curl to resolve all kind of addresses which the system allow. If the remote address is an IPv6 address, squidclamav hangs forever. Nico Prenzel has found a solution to force the usage of IPv4 to prevent from this issue. Fixes #10376. --- diff --git a/lfs/squidclamav b/lfs/squidclamav index 37c3ef268a..79bf5d010d 100644 --- a/lfs/squidclamav +++ b/lfs/squidclamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = squidclamav -PAK_VER = 16 +PAK_VER = 17 DEPS = "clamav" @@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make install install -v -m 755 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch new file mode 100644 index 0000000000..45889625fd --- /dev/null +++ b/src/patches/squidclamav-5.11-dont_use_ipv6.patch @@ -0,0 +1,13 @@ +diff -Nur a/src/squidclamav.c b/src/squidclamav.c +--- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 ++++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200 +@@ -413,6 +413,9 @@ + /* Suppress error: SSL certificate problem, verify that the CA cert is OK */ + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0); + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0); ++ ++ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */ ++ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); + } + } + /* create a squidguard child process and setup pipes */