squidclamav: Never use IPv6.
authorStefan Schantl <stefan.schantl@ipfire.org>
Sun, 7 Jul 2013 08:26:30 +0000 (10:26 +0200)
committerStefan Schantl <stefan.schantl@ipfire.org>
Sun, 7 Jul 2013 08:26:30 +0000 (10:26 +0200)
Squidclamav uses curl to resolve all kind of addresses which the system allow.
If the remote address is an IPv6 address, squidclamav hangs forever.

Nico Prenzel has found a solution to force the usage of IPv4 to prevent from this
issue.

Fixes #10376.

lfs/squidclamav
src/patches/squidclamav-5.11-dont_use_ipv6.patch [new file with mode: 0644]

index 37c3ef268a48110cd1431de1c91ac1a9cada7d7c..79bf5d010ddb1ed2c7f1cf117d651b1035d94432 100644 (file)
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = squidclamav
-PAK_VER    = 16
+PAK_VER    = 17
 
 DEPS       = "clamav"
 
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
        cd $(DIR_APP) && ./configure --prefix=/usr
        cd $(DIR_APP) && make install
        install -v -m 755  $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch
new file mode 100644 (file)
index 0000000..4588962
--- /dev/null
@@ -0,0 +1,13 @@
+diff -Nur a/src/squidclamav.c b/src/squidclamav.c
+--- a/src/squidclamav.c        2012-10-29 09:46:06.000000000 +0100
++++ b/src/squidclamav.c        2013-07-06 19:10:56.375292374 +0200
+@@ -413,6 +413,9 @@
+         /* Suppress error: SSL certificate problem, verify that the CA cert is OK */
+         curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0);
+         curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0);
++
++        /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */
++        curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
+       }
+    }
+   /* create a squidguard child process and setup pipes */