Rework the patches a bit.

Update the description of the 01-fix-paths patch.

Move the tools/script.sh modification from 01-fix-paths to
02-rename-binary and change "stunnel" to "stunnel4".

Drop the 08-client-example patch, it was actually applied upstream
and we added the same chunk of text a second time :/

Drop the 11-no-rle-compression patch, the OpenSSL bug has been fixed
somewhere in the 1.x release timeframe.

Discussed with:		upstream

5 files changed, 15 insertions, 73 deletions

diff --git a/debian/patches/01-fix-paths.patch b/debian/patches/01-fix-paths.patch
index 25761c7..4af8037 100644
--- a/debian/patches/01-fix-paths.patch
+++ b/debian/patches/01-fix-paths.patch
@@ -1,11 +1,11 @@
 Description: Update the installation directories.
-  Do several path fixups, removing unneeded @prefix@s and changing
-  binaries install location from sbin to bin, to comply with the FHS
+ Change @prefix@/... to @localstatedir@ or @sysconfdir@ as appropriate
+ to comply with the FHS
 Forwarded: not-needed
 Author: Paolo Molaro <lupus@debian.org>
 Author: Julien Lemoine <speedblue@debian.org>
 Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
-Last-Update: 2014-10-16
+Last-Update: 2015-04-26
 
 --- a/tools/stunnel.conf-sample.in
 +++ b/tools/stunnel.conf-sample.in
@@ -55,14 +55,3 @@ Last-Update: 2014-10-16
  
  ; Enable support for the insecure SSLv2 protocol
  ;options = -NO_SSLv2
---- a/tools/script.sh
-+++ b/tools/script.sh
-@@ -2,7 +2,7 @@
- 
- REMOTE_HOST="www.mirt.net:443"
- echo "client script connecting $REMOTE_HOST"
--/usr/local/bin/stunnel -fd 10 \
-+/usr/bin/stunnel -fd 10 \
-     11<&0 <<EOT 10<&0 0<&11 11<&-
- client=yes
- connect=$REMOTE_HOST
diff --git a/debian/patches/02-rename-binary.patch b/debian/patches/02-rename-binary.patch
index 5bef3b8..bba248d 100644
--- a/debian/patches/02-rename-binary.patch
+++ b/debian/patches/02-rename-binary.patch
@@ -2,7 +2,7 @@ Description: Change references to the binary from stunnel to stunnel4
 Forwarded: not-needed
 Author: Julien Lemoine <speedblue@debian.org>
 Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
-Last-Update: 2014-10-16
+Last-Update: 2015-04-27
 
 --- a/src/stunnel3.in
 +++ b/src/stunnel3.in
@@ -123,3 +123,14 @@ Last-Update: 2014-10-16
    exit 0
  fi
  
+--- a/tools/script.sh
++++ b/tools/script.sh
+@@ -2,7 +2,7 @@
+ 
+ REMOTE_HOST="www.mirt.net:443"
+ echo "client script connecting $REMOTE_HOST"
+-/usr/local/bin/stunnel -fd 10 \
++/usr/bin/stunnel4 -fd 10 \
+     11<&0 <<EOT 10<&0 0<&11 11<&-
+ client=yes
+ connect=$REMOTE_HOST
diff --git a/debian/patches/08-client-example.patch b/debian/patches/08-client-example.patch
deleted file mode 100644
index 7e2e9ce..0000000
--- a/debian/patches/08-client-example.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: Add a client config example to stunnel4(8).
-Author: Peter Pentchev <roam@ringlet.net>
-Forwarded: not-yet
-Bug-Debian: http://bugs.debian.org/644398
-Last-Update: 2014-10-16
-
---- a/doc/stunnel.8
-+++ b/doc/stunnel.8
-@@ -929,6 +929,17 @@
- \&    connect = servername:993
- .Ve
- .PP
-+In order to let your local e-mail client connect to a \s-1SSL\s0-enabled
-+\fIimapd\fR service on another server, configure the e-mail client to connect to
-+localhost on port 119 and use:
-+.PP
-+.Vb 4
-+\&    [imap]
-+\&    client = yes
-+\&    accept = 143
-+\&    connect = servername:993
-+.Ve
-+.PP
- If you want to provide tunneling to your \fIpppd\fR daemon on port 2020,
- use something like:
- .PP
diff --git a/debian/patches/11-no-rle-compression.patch b/debian/patches/11-no-rle-compression.patch
deleted file mode 100644
index a309f4d..0000000
--- a/debian/patches/11-no-rle-compression.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Description: Disable RLE compression.
- It is not really implemented in OpenSSL (there is no code that actually
- compresses any data, just code that copies it unmodified), and it has
- bit-rotted ever since OpenSSL 0.9.6d - it does not handle the empty
- fragments introduced to mitigate some attacks against CBC mode.
-Forwarded: no
-Author: Peter Pentchev <roam@ringlet.net>
-Bug-Debian: http://bugs.debian.org/744350
-Last-Update: 2014-10-16
-
---- a/src/options.c
-+++ b/src/options.c
-@@ -429,7 +429,16 @@
-         else if(!strcasecmp(arg, "zlib"))
-             return "zlib compression is disabled in the Debian package of OpenSSL";
-         else if(!strcasecmp(arg, "rle"))
--            new_global_options.compression=COMP_RLE;
-+            /**
-+             * OpenSSL RLE compression has never really been properly
-+             * implemented.  The routines that are in place are
-+             * non-functional for two reasons:
-+             * - they do not really compress anything, just copy the data
-+             * - they do not handle the empty (zero-length) fragment added
-+             *   in OpenSSL 0.9.6d, so the first attempt to send data over
-+             *   the SSL connection fails and aborts the connection
-+             */
-+            return "RLE compression is not implemented in OpenSSL";
-         else
-             return "Specified compression type is not available";
-         return NULL; /* OK */
diff --git a/debian/patches/series b/debian/patches/series
index 901d540..4fad95d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,9 +2,7 @@
 02-rename-binary.patch
 03-runas-user.patch
 05-logrotate-warning-in-sample-conf.patch
-08-client-example.patch
 10-no-zlib-compression.patch
-11-no-rle-compression.patch
 12-restore-pidfile-default.patch
 14-lsb-init-functions.patch
 15-upstream-systemd-libs.patch