stunnel/stunnel-5-sample.patch

diff -urNp stunnel-5.00-patched/tools/stunnel.conf-sample.in stunnel-5.00-current/tools/stunnel.conf-sample.in
--- stunnel-5.00-patched/tools/stunnel.conf-sample.in	2014-03-07 14:04:50.015418514 -0500
+++ stunnel-5.00-current/tools/stunnel.conf-sample.in	2014-03-07 14:06:45.501516446 -0500
@@ -9,7 +9,7 @@
 
 ; A copy of some devices and system files is needed within the chroot jail
 ; Chroot conflicts with configuration file reload and many other features
-chroot = @prefix@/var/lib/stunnel/
+chroot = @localstatedir@/run/stunnel/
 ; Chroot jail can be escaped if setuid option is not used
 setuid = nobody
 setgid = @DEFAULT_GROUP@
@@ -26,8 +26,8 @@ pid = /stunnel.pid
 ; **************************************************************************
 
 ; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/stunnel/mail.pem
+;key = @sysconfdir@/stunnel/mail.pem
 
 ; Authentication stuff needs to be configured to prevent MITM attacks
 ; It is not enabled by default!
@@ -36,12 +36,13 @@ cert = @prefix@/etc/stunnel/mail.pem
 ; CApath is located inside chroot jail
 ;CApath = /certs
 ; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
 ; Don't forget to c_rehash CRLpath
 ; CRLpath is located inside chroot jail
 ;CRLpath = /crls
 ; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
 
 ; Disable support for insecure SSLv2 protocol
 options = NO_SSLv2
New upstream realease 5.00 - Updated local patches. - Fix for CVE-2014-0016 - Fixed changelog date errors - Fixes rhbz #1006819 2014-03-07 19:24:19 +00:00			`diff -urNp stunnel-5.00-patched/tools/stunnel.conf-sample.in stunnel-5.00-current/tools/stunnel.conf-sample.in`
			`--- stunnel-5.00-patched/tools/stunnel.conf-sample.in 2014-03-07 14:04:50.015418514 -0500`
			`+++ stunnel-5.00-current/tools/stunnel.conf-sample.in 2014-03-07 14:06:45.501516446 -0500`
New upstream realease 4.50 Updated local patches 2012-01-03 15:52:20 +00:00			`@@ -9,7 +9,7 @@`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00
New upstream realease 4.41 Updated local patches to match the new release 2011-08-01 22:02:19 +00:00			`; A copy of some devices and system files is needed within the chroot jail`
			`; Chroot conflicts with configuration file reload and many other features`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`-chroot = @prefix@/var/lib/stunnel/`
			`+chroot = @localstatedir@/run/stunnel/`
New upstream realease 4.41 Updated local patches to match the new release 2011-08-01 22:02:19 +00:00			`; Chroot jail can be escaped if setuid option is not used`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`setuid = nobody`
			`setgid = @DEFAULT_GROUP@`
New upstream realease 4.50 Updated local patches 2012-01-03 15:52:20 +00:00			`@@ -26,8 +26,8 @@ pid = /stunnel.pid`
			`; **************************************************************************`
New upstream realease 4.41 Updated local patches to match the new release 2011-08-01 22:02:19 +00:00
			`; Certificate/key is needed in server mode and optional in client mode`
			`-cert = @prefix@/etc/stunnel/mail.pem`
			`-;key = @prefix@/etc/stunnel/mail.pem`
			`+cert = @sysconfdir@/stunnel/mail.pem`
			`+;key = @sysconfdir@/stunnel/mail.pem`

			`; Authentication stuff needs to be configured to prevent MITM attacks`
			`; It is not enabled by default!`
New upstream realease 4.50 Updated local patches 2012-01-03 15:52:20 +00:00			`@@ -36,12 +36,13 @@ cert = @prefix@/etc/stunnel/mail.pem`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`; CApath is located inside chroot jail`
			`;CApath = /certs`
New upstream realease 4.37 Updated local patches to match the new release 2011-06-28 17:17:30 +00:00			`; It's often easier to use CAfile`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`-;CAfile = @prefix@/etc/stunnel/certs.pem`
			`+;CAfile = @sysconfdir@/stunnel/certs.pem`
			`+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt`
New upstream realease 4.37 Updated local patches to match the new release 2011-06-28 17:17:30 +00:00			`; Don't forget to c_rehash CRLpath`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`; CRLpath is located inside chroot jail`
			`;CRLpath = /crls`
New upstream realease 4.37 Updated local patches to match the new release 2011-06-28 17:17:30 +00:00			`; Alternatively CRLfile can be used`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`-;CRLfile = @prefix@/etc/stunnel/crls.pem`
			`+;CRLfile = @sysconfdir@/stunnel/crls.pem`

New upstream realease 4.41 Updated local patches to match the new release 2011-08-01 22:02:19 +00:00			`; Disable support for insecure SSLv2 protocol`
			`options = NO_SSLv2`