Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package stunnel for openSUSE:Factory checked in at 2025-11-06 18:15:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/stunnel (Old) and /work/SRC/openSUSE:Factory/.stunnel.new.1980 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "stunnel" Thu Nov 6 18:15:45 2025 rev:47 rq:1316049 version:5.76 Changes: -------- --- /work/SRC/openSUSE:Factory/stunnel/stunnel.changes 2025-06-04 20:29:07.414400321 +0200 +++ /work/SRC/openSUSE:Factory/.stunnel.new.1980/stunnel.changes 2025-11-06 18:19:12.034652700 +0100 @@ -1,0 +2,20 @@ +Thu Nov 6 14:11:20 UTC 2025 - Pedro Monreal <[email protected]> + +- Update to 5.76: + * Security bugfixes: + - Service-level multivalued options now override (rather than + append to) global defaults, preventing unintended configurations. + * Bugfixes: + - Fixed enabling/disabling of the default fips=yes property. + - Missing OCSP stapling is no longer logged as an error. + - Fixed a crash when a PIN was required due to the PKCS#11 + CKA_ALWAYS_AUTHENTICATE attribute. + * Features: + - Quantum-resistant hybrid key agreement X25519+ML-KEM-768 + (X25519MLKEM768) used by default with OpenSSL 3.5+ and TLS 1.3. + - Multiple cert sources are supported, allowing a certificate to + be fetched from a provider while loading the chain from a file. + - Android build switched to a 16 KB page size. + * Rebase stunnel-5.69-system-ciphers.patch + +------------------------------------------------------------------- Old: ---- stunnel-5.75.tar.gz stunnel-5.75.tar.gz.asc New: ---- stunnel-5.76.tar.gz stunnel-5.76.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ stunnel.spec ++++++ --- /var/tmp/diff_new_pack.XyncH3/_old 2025-11-06 18:19:12.598676550 +0100 +++ /var/tmp/diff_new_pack.XyncH3/_new 2025-11-06 18:19:12.602676718 +0100 @@ -1,7 +1,7 @@ # # spec file for package stunnel # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: stunnel -Version: 5.75 +Version: 5.76 Release: 0 Summary: Universal TLS Tunnel License: GPL-2.0-or-later ++++++ stunnel-5.69-system-ciphers.patch ++++++ --- /var/tmp/diff_new_pack.XyncH3/_old 2025-11-06 18:19:12.650678748 +0100 +++ /var/tmp/diff_new_pack.XyncH3/_new 2025-11-06 18:19:12.654678917 +0100 @@ -16,23 +16,21 @@ src/options.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -diff --git a/src/options.c b/src/options.c -index 6e4a18b..4d31815 100644 ---- a/src/options.c -+++ b/src/options.c -@@ -321,9 +321,9 @@ static const char *option_not_found= +Index: stunnel-5.76/src/options.c +=================================================================== +--- stunnel-5.76.orig/src/options.c ++++ stunnel-5.76/src/options.c +@@ -332,10 +332,10 @@ static const char *option_not_found= "Specified option name is not valid here"; static const char *stunnel_cipher_list= - "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK"; + "PROFILE=SYSTEM"; + #ifdef USE_FIPS static const char *fips_cipher_list= - "FIPS:!DH:!kDHEPSK"; + "PROFILE=SYSTEM"; + #endif /* USE_FIPS */ #ifndef OPENSSL_NO_TLS1_3 - static const char *stunnel_ciphersuites= --- -2.39.2 - ++++++ stunnel-5.75.tar.gz -> stunnel-5.76.tar.gz ++++++ ++++ 3516 lines of diff (skipped)
