From: Stefan Schantl Date: Sun, 7 Jul 2013 08:26:30 +0000 (+0200) Subject: squidclamav: Never use IPv6. X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=5ced384b719877abfe0c78d9345a645f4531e38a squidclamav: Never use IPv6. Squidclamav uses curl to resolve all kind of addresses which the system allow. If the remote address is an IPv6 address, squidclamav hangs forever. Nico Prenzel has found a solution to force the usage of IPv4 to prevent from this issue. Fixes #10376. --- diff --git a/lfs/squidclamav b/lfs/squidclamav index 37c3ef268..79bf5d010 100644 --- a/lfs/squidclamav +++ b/lfs/squidclamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = squidclamav -PAK_VER = 16 +PAK_VER = 17 DEPS = "clamav" @@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make install install -v -m 755 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch new file mode 100644 index 000000000..45889625f --- /dev/null +++ b/src/patches/squidclamav-5.11-dont_use_ipv6.patch @@ -0,0 +1,13 @@ +diff -Nur a/src/squidclamav.c b/src/squidclamav.c +--- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 ++++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200 +@@ -413,6 +413,9 @@ + /* Suppress error: SSL certificate problem, verify that the CA cert is OK */ + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0); + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0); ++ ++ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */ ++ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); + } + } + /* create a squidguard child process and setup pipes */