From 2497b50309ce05781a9692d66b9a7a8601e62ccb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Adam=20Go=C5=82=C4=99biowski?= Date: Fri, 1 Jul 2011 23:33:30 +0000 Subject: [PATCH] - updated to 4.38 Changed files: stunnel-config.patch -> 1.8 stunnel-libwrap_srv_name_log.patch -> 1.7 stunnel.spec -> 1.120 --- stunnel-config.patch | 27 ++++++++++++--------------- stunnel-libwrap_srv_name_log.patch | 2 +- stunnel.spec | 4 ++-- 3 files changed, 15 insertions(+), 18 deletions(-) diff --git a/stunnel-config.patch b/stunnel-config.patch index 3e4fb4c..0fdbb76 100644 --- a/stunnel-config.patch +++ b/stunnel-config.patch @@ -1,19 +1,16 @@ diff -ur stunnel-4.30/tools/stunnel.conf-sample.in stunnel-4.30.new/tools/stunnel.conf-sample.in --- stunnel-4.30/tools/stunnel.conf-sample.in 2010-01-18 14:17:49.000000000 +0100 +++ stunnel-4.30.new/tools/stunnel.conf-sample.in 2010-01-21 15:17:41.173740613 +0100 -@@ -4,19 +4,19 @@ - ; please read the manual and make sure you understand them - - ; certificate/key is needed in server mode and optional in client mode +@@ -5,16 +5,16 @@ + ; Certificate/key is needed in server mode and optional in client mode + ; The default certificate is provided only for testing and should not + ; be used in a production environment -cert = @prefix@/etc/stunnel/mail.pem -;key = @prefix@/etc/stunnel/mail.pem +cert = /etc/stunnel/mail.pem +;key = /etc/stunnel/mail.pem - ; protocol version (all, SSLv2, SSLv3, TLSv1) - sslVersion = SSLv3 - - ; security enhancements for UNIX systems - comment them out on Win32 + ; Security enhancements for UNIX systems - comment them out on Win32 ; for chroot a copy of some devices and files is needed within the jail -chroot = @prefix@/var/lib/stunnel/ -setuid = nobody @@ -25,22 +22,22 @@ diff -ur stunnel-4.30/tools/stunnel.conf-sample.in stunnel-4.30.new/tools/stunne -pid = /stunnel.pid +pid = /var/run/stunnel/stunnel.pid - ; performance tunings - socket = l:TCP_NODELAY=1 -@@ -33,12 +33,12 @@ + ; Disable support for insecure SSLv2 protocol + options = NO_SSLv2 +@@ -29,12 +29,12 @@ ; CApath is located inside chroot jail ;CApath = /certs - ; it's often easier to use CAfile + ; It's often easier to use CAfile -;CAfile = @prefix@/etc/stunnel/certs.pem +CAfile = /etc/stunnel/certs.pem - ; don't forget to c_rehash CRLpath + ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls - ; alternatively CRLfile can be used + ; Alternatively CRLfile can be used -;CRLfile = @prefix@/etc/stunnel/crls.pem +CRLfile = /etc/stunnel/crls.pem - ; debugging stuff (may useful for troubleshooting) + ; Debugging stuff (may useful for troubleshooting) ;debug = 7 @@ -49,17 +49,17 @@ diff --git a/stunnel-libwrap_srv_name_log.patch b/stunnel-libwrap_srv_name_log.patch index be0dee2..8e49b81 100644 --- a/stunnel-libwrap_srv_name_log.patch +++ b/stunnel-libwrap_srv_name_log.patch @@ -8,6 +8,6 @@ - c->accepted_address, user); + s_log(LOG_WARNING, "Connection to service %s from %s REFUSED by IDENT (user %s)", + c->opt->servname, c->accepted_address, user); + str_free(line); longjmp(c->err, 1); } - s_log(LOG_INFO, "IDENT authentication passed"); diff --git a/stunnel.spec b/stunnel.spec index ebbb946..e6fb911 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,12 +1,12 @@ Summary: Universal SSL tunnel Summary(pl.UTF-8): Uniwersalne narzędzie do bezpiecznego tunelowania Name: stunnel -Version: 4.36 +Version: 4.38 Release: 1 License: GPL v2+ with OpenSSL exception Group: Networking/Daemons Source0: ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz -# Source0-md5: 600a09b03798424842b24548ca1e4235 +# Source0-md5: de5c0478303da746f946d9c112fa7f4b Source1: %{name}.init Source2: %{name}.sysconfig Source3: %{name}.inet -- 2.44.0