Commit 886901e
committed
security/stunnel: Update to 5.77
Changelog:
### Version 5.77, 2026.02.17, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.5.
* Bugfixes
- Avoid attempting to fetch OCSP stapling for PSK-only
configuration sections.
* Features
- Merged applicable patches from Fedora and Debian:
- Use SOURCE_DATE_EPOCH for reproducible builds.
- Skip the OpenSSL version check when AUTOPKGTEST_TMP is set.
- Enable PrivateTmp in the stunnel.service template.
- Clarify the manual page for the "curves" option.
- Log client IP addresses on TLS errors.
### Version 5.76, 2025.10.18, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.4.
- Service-level multivalued options now override (rather than
append to) global defaults, preventing unintended configurations.
* Bugfixes
- Fixed enabling/disabling of the default fips=yes property.
- Missing OCSP stapling is no longer logged as an error.
- Fixed a crash when a PIN was required due to the PKCS#11
CKA_ALWAYS_AUTHENTICATE attribute.
* Features
- Quantum-resistant hybrid key agreement X25519+ML-KEM-768
(X25519MLKEM768) used by default with OpenSSL 3.5+ and TLS 1.3.
- Multiple cert sources are supported, allowing a certificate to
be fetched from a provider while loading the chain from a file.
- Android build switched to a 16 KB page size.1 parent fa0d716 commit 886901e
2 files changed
Lines changed: 6 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | | - | |
4 | | - | |
5 | | - | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
0 commit comments