diff options
author | Peter Pentchev <roam@ringlet.net> | 2015-04-27 10:43:42 +0300 |
---|---|---|
committer | Peter Pentchev <roam@ringlet.net> | 2015-05-15 11:37:55 +0300 |
commit | 9421f2b9a5433da38f87081c95d42330cedba2de (patch) | |
tree | b42769db612fe3ecf286ea7a8a3aad50dcb771ca /debian/patches | |
parent | 98e80de20a2a7de85098235eafa71947a76bfbda (diff) |
Rework the patches a bit.
Update the description of the 01-fix-paths patch.
Move the tools/script.sh modification from 01-fix-paths to
02-rename-binary and change "stunnel" to "stunnel4".
Drop the 08-client-example patch, it was actually applied upstream
and we added the same chunk of text a second time :/
Drop the 11-no-rle-compression patch, the OpenSSL bug has been fixed
somewhere in the 1.x release timeframe.
Discussed with: upstream
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/01-fix-paths.patch | 17 | ||||
-rw-r--r-- | debian/patches/02-rename-binary.patch | 13 | ||||
-rw-r--r-- | debian/patches/08-client-example.patch | 26 | ||||
-rw-r--r-- | debian/patches/11-no-rle-compression.patch | 30 | ||||
-rw-r--r-- | debian/patches/series | 2 |
5 files changed, 15 insertions, 73 deletions
diff --git a/debian/patches/01-fix-paths.patch b/debian/patches/01-fix-paths.patch index 25761c7..4af8037 100644 --- a/debian/patches/01-fix-paths.patch +++ b/debian/patches/01-fix-paths.patch @@ -1,11 +1,11 @@ Description: Update the installation directories. - Do several path fixups, removing unneeded @prefix@s and changing - binaries install location from sbin to bin, to comply with the FHS + Change @prefix@/... to @localstatedir@ or @sysconfdir@ as appropriate + to comply with the FHS Forwarded: not-needed Author: Paolo Molaro <lupus@debian.org> Author: Julien Lemoine <speedblue@debian.org> Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> -Last-Update: 2014-10-16 +Last-Update: 2015-04-26 --- a/tools/stunnel.conf-sample.in +++ b/tools/stunnel.conf-sample.in @@ -55,14 +55,3 @@ Last-Update: 2014-10-16 ; Enable support for the insecure SSLv2 protocol ;options = -NO_SSLv2 ---- a/tools/script.sh -+++ b/tools/script.sh -@@ -2,7 +2,7 @@ - - REMOTE_HOST="www.mirt.net:443" - echo "client script connecting $REMOTE_HOST" --/usr/local/bin/stunnel -fd 10 \ -+/usr/bin/stunnel -fd 10 \ - 11<&0 <<EOT 10<&0 0<&11 11<&- - client=yes - connect=$REMOTE_HOST diff --git a/debian/patches/02-rename-binary.patch b/debian/patches/02-rename-binary.patch index 5bef3b8..bba248d 100644 --- a/debian/patches/02-rename-binary.patch +++ b/debian/patches/02-rename-binary.patch @@ -2,7 +2,7 @@ Description: Change references to the binary from stunnel to stunnel4 Forwarded: not-needed Author: Julien Lemoine <speedblue@debian.org> Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> -Last-Update: 2014-10-16 +Last-Update: 2015-04-27 --- a/src/stunnel3.in +++ b/src/stunnel3.in @@ -123,3 +123,14 @@ Last-Update: 2014-10-16 exit 0 fi +--- a/tools/script.sh ++++ b/tools/script.sh +@@ -2,7 +2,7 @@ + + REMOTE_HOST="www.mirt.net:443" + echo "client script connecting $REMOTE_HOST" +-/usr/local/bin/stunnel -fd 10 \ ++/usr/bin/stunnel4 -fd 10 \ + 11<&0 <<EOT 10<&0 0<&11 11<&- + client=yes + connect=$REMOTE_HOST diff --git a/debian/patches/08-client-example.patch b/debian/patches/08-client-example.patch deleted file mode 100644 index 7e2e9ce..0000000 --- a/debian/patches/08-client-example.patch +++ /dev/null @@ -1,26 +0,0 @@ -Description: Add a client config example to stunnel4(8). -Author: Peter Pentchev <roam@ringlet.net> -Forwarded: not-yet -Bug-Debian: http://bugs.debian.org/644398 -Last-Update: 2014-10-16 - ---- a/doc/stunnel.8 -+++ b/doc/stunnel.8 -@@ -929,6 +929,17 @@ - \& connect = servername:993 - .Ve - .PP -+In order to let your local e-mail client connect to a \s-1SSL\s0-enabled -+\fIimapd\fR service on another server, configure the e-mail client to connect to -+localhost on port 119 and use: -+.PP -+.Vb 4 -+\& [imap] -+\& client = yes -+\& accept = 143 -+\& connect = servername:993 -+.Ve -+.PP - If you want to provide tunneling to your \fIpppd\fR daemon on port 2020, - use something like: - .PP diff --git a/debian/patches/11-no-rle-compression.patch b/debian/patches/11-no-rle-compression.patch deleted file mode 100644 index a309f4d..0000000 --- a/debian/patches/11-no-rle-compression.patch +++ /dev/null @@ -1,30 +0,0 @@ -Description: Disable RLE compression. - It is not really implemented in OpenSSL (there is no code that actually - compresses any data, just code that copies it unmodified), and it has - bit-rotted ever since OpenSSL 0.9.6d - it does not handle the empty - fragments introduced to mitigate some attacks against CBC mode. -Forwarded: no -Author: Peter Pentchev <roam@ringlet.net> -Bug-Debian: http://bugs.debian.org/744350 -Last-Update: 2014-10-16 - ---- a/src/options.c -+++ b/src/options.c -@@ -429,7 +429,16 @@ - else if(!strcasecmp(arg, "zlib")) - return "zlib compression is disabled in the Debian package of OpenSSL"; - else if(!strcasecmp(arg, "rle")) -- new_global_options.compression=COMP_RLE; -+ /** -+ * OpenSSL RLE compression has never really been properly -+ * implemented. The routines that are in place are -+ * non-functional for two reasons: -+ * - they do not really compress anything, just copy the data -+ * - they do not handle the empty (zero-length) fragment added -+ * in OpenSSL 0.9.6d, so the first attempt to send data over -+ * the SSL connection fails and aborts the connection -+ */ -+ return "RLE compression is not implemented in OpenSSL"; - else - return "Specified compression type is not available"; - return NULL; /* OK */ diff --git a/debian/patches/series b/debian/patches/series index 901d540..4fad95d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,9 +2,7 @@ 02-rename-binary.patch 03-runas-user.patch 05-logrotate-warning-in-sample-conf.patch -08-client-example.patch 10-no-zlib-compression.patch -11-no-rle-compression.patch 12-restore-pidfile-default.patch 14-lsb-init-functions.patch 15-upstream-systemd-libs.patch |