From 5ced384b719877abfe0c78d9345a645f4531e38a Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sun, 7 Jul 2013 10:26:30 +0200 Subject: [PATCH] squidclamav: Never use IPv6. Squidclamav uses curl to resolve all kind of addresses which the system allow. If the remote address is an IPv6 address, squidclamav hangs forever. Nico Prenzel has found a solution to force the usage of IPv4 to prevent from this issue. Fixes #10376. --- lfs/squidclamav | 3 ++- src/patches/squidclamav-5.11-dont_use_ipv6.patch | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 src/patches/squidclamav-5.11-dont_use_ipv6.patch diff --git a/lfs/squidclamav b/lfs/squidclamav index 37c3ef268a..79bf5d010d 100644 --- a/lfs/squidclamav +++ b/lfs/squidclamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = squidclamav -PAK_VER = 16 +PAK_VER = 17 DEPS = "clamav" @@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make install install -v -m 755 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch new file mode 100644 index 0000000000..45889625fd --- /dev/null +++ b/src/patches/squidclamav-5.11-dont_use_ipv6.patch @@ -0,0 +1,13 @@ +diff -Nur a/src/squidclamav.c b/src/squidclamav.c +--- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 ++++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200 +@@ -413,6 +413,9 @@ + /* Suppress error: SSL certificate problem, verify that the CA cert is OK */ + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0); + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0); ++ ++ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */ ++ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); + } + } + /* create a squidguard child process and setup pipes */ -- 2.39.5