squidclamav: Never use IPv6.

Squidclamav uses curl to resolve all kind of addresses which the system allow.
If the remote address is an IPv6 address, squidclamav hangs forever.

Nico Prenzel has found a solution to force the usage of IPv4 to prevent from this
issue.

Fixes #10376.

diff --git a/lfs/squidclamav b/lfs/squidclamav
index 37c3ef268a48110cd1431de1c91ac1a9cada7d7c..79bf5d010ddb1ed2c7f1cf117d651b1035d94432 100644 (file)
--- a/lfs/squidclamav
+++ b/lfs/squidclamav
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = squidclamav
-PAK_VER    = 16
+PAK_VER    = 17
 
 DEPS       = "clamav"
 
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
        cd $(DIR_APP) && ./configure --prefix=/usr
        cd $(DIR_APP) && make install
        install -v -m 755  $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf

diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch
new file mode 100644 (file)
index 0000000..4588962
--- /dev/null
+++ b/src/patches/squidclamav-5.11-dont_use_ipv6.patch
@@ -0,0 +1,13 @@
+diff -Nur a/src/squidclamav.c b/src/squidclamav.c
+--- a/src/squidclamav.c        2012-10-29 09:46:06.000000000 +0100
++++ b/src/squidclamav.c        2013-07-06 19:10:56.375292374 +0200
+@@ -413,6 +413,9 @@
+         /* Suppress error: SSL certificate problem, verify that the CA cert is OK */
+         curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0);
+         curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0);
++
++        /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */
++        curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
+       }
+    }
+   /* create a squidguard child process and setup pipes */