stunnel: Update to version 5.78
Commit Message
- Update from version 5.72 to 5.78
- No change to rootfile
- Changelog
5.78
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.6.
* Bugfixes
- Fixed WIN32 transfer() loop errors with OOB TCP.
- Fixed a memory leak introduced in version 5.73.
- Build fix for systems without timegm()
(thanks to Jose A. Diaz and Shubham Gupta).
- Fixed a startup crash when both global (default)
and service-level lists of values are configured
for an option.
* Features
- Support for zstd and brotli compression with OpenSSL 3.2
and TLS 1.2 or older.
- WIN32 OpenSSL build with zlib and zstd support.
- Support for new "options" parameter values.
- Less bloated errors on an invalid configuration file.
- Documentation updated from Pod to Pandoc Markdown.
- Removed support for OpenSSL versions older than 0.9.8.
The final update for the OpenSSL 0.9.7 branch
(0.9.7m) was issed on 23 Feb 2007.
5.77
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.5.
* Bugfixes
- Avoid attempting to fetch OCSP stapling for PSK-only
configuration sections.
* Features
- Merged applicable patches from Fedora and Debian:
- Use SOURCE_DATE_EPOCH for reproducible builds.
- Skip the OpenSSL version check when AUTOPKGTEST_TMP is set.
- Enable PrivateTmp in the stunnel.service template.
- Clarify the manual page for the "curves" option.
- Log client IP addresses on TLS errors.
5.76
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.4.
- Service-level multivalued options now override (rather than
append to) global defaults, preventing unintended configurations.
* Bugfixes
- Fixed enabling/disabling of the default fips=yes property.
- Missing OCSP stapling is no longer logged as an error.
- Fixed a crash when a PIN was required due to the PKCS#11
CKA_ALWAYS_AUTHENTICATE attribute.
* Features
- Quantum-resistant hybrid key agreement X25519+ML-KEM-768
(X25519MLKEM768) used by default with OpenSSL 3.5+ and TLS 1.3.
- Multiple cert sources are supported, allowing a certificate to
be fetched from a provider while loading the chain from a file.
- Android build switched to a 16 KB page size.
5.75
* Security bugfixes
- OpenSSL DLLs updated to version 3.4.1.
- OpenSSL FIPS Provider updated to version 3.1.2.
* Bugfixes
- Fixed infinite loop triggered by OCSP URL parsing errors
(thanks to Richard Könning for reporting).
- Fixed OPENSSL_NO_OCSP build issues
(thanks to Dmitry Mostovoy for reporting).
- Fixed default curve selection in FIPS mode with OpenSSL 3.4+.
- Fixed tests with modern Python versions.
- Fixed tests with multiple OpenSSL versions installed.
* Features
- Added provider URI support for "cert" and "key" options.
- Added new "CAstore" service-level option (OpenSSL 3.0+).
- Added "provider" (OpenSSL 3.0+), "providerParameter"
(OpenSSL 3.5+), and "setEnv" global options.
- Key file/URI path added to passphrase prompt on Unix.
- PKCS#11 provider installed on Windows.
5.74
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
5.73
* Security bugfixes
- OpenSSL DLLs updated to version 3.3.2.
- OpenSSL FIPS Provider updated to version 3.0.9.
* Bugfixes
- Fixed a memory leak while reloading stunnel.conf
sections with "client=yes" and "delay=no".
- Fixed TIMEOUTocsp with values greater than 4.
- Fix the IPv6 test on a non-IPv6 machine.
* Features
- HELO replaced with EHLO in the post-STARTTLS SMTP
protocol negotiation (thanks to Peter Pentchev).
- OCSP stapling fetches moved away from server threads.
- Improved client-side session resumption.
- Added support for the mimalloc allocator.
- Check for protocolHost moved to configuration file
processing for the client-side CONNECT protocol.
- Clarified some confusing OpenSSL's certificate
verification error messages.
- stunnel.nsi updated for Debian 13 and Fedora.
- Improved NetBSD compatibility.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/stunnel | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 5.72
+VER = 5.78
SUMMARY = Universal TLS Tunnel
THISAPP = stunnel-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = stunnel
-PAK_VER = 13
+PAK_VER = 14
DEPS =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2b4c6400cf25522592e237f35700f81c0092a827526155cb02f503a9b3af50242aea63c3b5389a62d002d6a2ec9e852f80cc9c48318f23d3f9d12ff42cbe5978
+$(DL_FILE)_BLAKE2 = 44538336d9f7075ebead1ae85c8c8609b54041565d076370b988b1c157a0a44533c03e1602cf3b055fab6a5ef0ce223a20a8fc0d7d1a59942bfde098db422442
install : $(TARGET)