stunnel/stunnel-5-sample.patch

diff -urNp stunnel-5.08/tools/stunnel.conf-sample.in stunnel-5.08-patched/tools/stunnel.conf-sample.in
--- stunnel-5.08/tools/stunnel.conf-sample.in	2014-11-01 09:48:17.000000000 -0400
+++ stunnel-5.08-patched/tools/stunnel.conf-sample.in	2014-11-23 01:09:28.393727451 -0500
@@ -10,7 +10,7 @@
 ; A copy of some devices and system files is needed within the chroot jail
 ; Chroot conflicts with configuration file reload and many other features
 ; Remember also to update the logrotate configuration.
-;chroot = @prefix@/var/lib/stunnel/
+;chroot = @localstatedir@/run/stunnel/
 ; Chroot jail can be escaped if setuid option is not used
 ;setuid = nobody
 ;setgid = @DEFAULT_GROUP@
@@ -27,8 +27,8 @@
 ; **************************************************************************
 
 ; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/stunnel/mail.pem
+;key = @sysconfdir@/stunnel/mail.pem
 
 ; Authentication stuff needs to be configured to prevent MITM attacks
 ; It is not enabled by default!
@@ -37,12 +37,13 @@ cert = @prefix@/etc/stunnel/mail.pem
 ; CApath is located inside chroot jail
 ;CApath = /certs
 ; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
 ; Don't forget to c_rehash CRLpath
 ; CRLpath is located inside chroot jail
 ;CRLpath = /crls
 ; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
 
 ; Enable support for the insecure SSLv2 protocol
 ;options = -NO_SSLv2
1163349: New upstream beta release 5.08b6 - Fixed incorrect reporting of fips status in configure.ac at compile time - Fixed default OpenSSL directory issue by using with-ssl - Updates local patches - 1155977: Fixes man page issues 2014-11-23 06:51:28 +00:00			`diff -urNp stunnel-5.08/tools/stunnel.conf-sample.in stunnel-5.08-patched/tools/stunnel.conf-sample.in`
			`--- stunnel-5.08/tools/stunnel.conf-sample.in 2014-11-01 09:48:17.000000000 -0400`
			`+++ stunnel-5.08-patched/tools/stunnel.conf-sample.in 2014-11-23 01:09:28.393727451 -0500`
New upstream release 5.07 2014-11-04 19:35:00 +00:00			`@@ -10,7 +10,7 @@`
New upstream realease 4.41 Updated local patches to match the new release 2011-08-01 22:02:19 +00:00			`; A copy of some devices and system files is needed within the chroot jail`
			`; Chroot conflicts with configuration file reload and many other features`
New upstream release 5.07 2014-11-04 19:35:00 +00:00			`; Remember also to update the logrotate configuration.`
rhbz#1108818: New upstream realease 5.02 - Updated local patches - The rhbz#530950 is tested and seems to work. STRLEN has been no longer allocated statically since 4.36 version. So it is possible that this bz might have got fixed around 4.36 release. - Fixes rpmlint errors 2014-07-14 18:39:31 +00:00			`-;chroot = @prefix@/var/lib/stunnel/`
			`+;chroot = @localstatedir@/run/stunnel/`
New upstream realease 4.41 Updated local patches to match the new release 2011-08-01 22:02:19 +00:00			`; Chroot jail can be escaped if setuid option is not used`
New upstream release 5.07 2014-11-04 19:35:00 +00:00			`;setuid = nobody`
			`;setgid = @DEFAULT_GROUP@`
			`@@ -27,8 +27,8 @@`
New upstream realease 4.50 Updated local patches 2012-01-03 15:52:20 +00:00			`; **************************************************************************`
New upstream realease 4.41 Updated local patches to match the new release 2011-08-01 22:02:19 +00:00
			`; Certificate/key is needed in server mode and optional in client mode`
			`-cert = @prefix@/etc/stunnel/mail.pem`
			`-;key = @prefix@/etc/stunnel/mail.pem`
			`+cert = @sysconfdir@/stunnel/mail.pem`
			`+;key = @sysconfdir@/stunnel/mail.pem`

			`; Authentication stuff needs to be configured to prevent MITM attacks`
			`; It is not enabled by default!`
New upstream release 5.07 2014-11-04 19:35:00 +00:00			`@@ -37,12 +37,13 @@ cert = @prefix@/etc/stunnel/mail.pem`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`; CApath is located inside chroot jail`
			`;CApath = /certs`
New upstream realease 4.37 Updated local patches to match the new release 2011-06-28 17:17:30 +00:00			`; It's often easier to use CAfile`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`-;CAfile = @prefix@/etc/stunnel/certs.pem`
			`+;CAfile = @sysconfdir@/stunnel/certs.pem`
			`+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt`
New upstream realease 4.37 Updated local patches to match the new release 2011-06-28 17:17:30 +00:00			`; Don't forget to c_rehash CRLpath`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`; CRLpath is located inside chroot jail`
			`;CRLpath = /crls`
New upstream realease 4.37 Updated local patches to match the new release 2011-06-28 17:17:30 +00:00			`; Alternatively CRLfile can be used`
- New upstream realease 4.30 - Updated authpriv and sample patches for the new release 2010-01-26 20:15:10 +00:00			`-;CRLfile = @prefix@/etc/stunnel/crls.pem`
			`+;CRLfile = @sysconfdir@/stunnel/crls.pem`

New upstream release 5.06 - Addresses Poodle security issue 2014-10-17 17:13:29 +00:00			`; Enable support for the insecure SSLv2 protocol`
			`;options = -NO_SSLv2`