As of April 16 2014, the latest upstream version of stunnel is 5.01. The version in OpenWRT's package repository is 4.33. (Here's a handy website to track upstream vs. OpenWRT versions of packages.)
Separating these two versions are many bugfixes and 2 CVEs: CVE-2013-1762 CVE-2014-0016
Running software with known vulnerabilities is a bad idea (citation needed). Therefore I compiled the latest version of stunnel for my router.
You can grab the Makefile and other package definition files here.
Put the stunnel directory somewhere under the packages/ directory under your openwrt buildroot and execute
make packages/path/to/stunnel/compileIf all goes well, you should see the compiled package under bin/.
I compiled this successfully against the latest trunk buildroot; here's the binary package for target ar71xx, and it seems to run fine on my Netgear WNDRMACv2.
Compared to version 4.33 in OpenWRT feeds, the following are changed for 5.01:
libpthread is added. The compiled binary somehow depends on libpthread, even though during ./configure the option --with-threads=fork is specified. I'm not sure whether this is proper behavior, but haven't investigated further.stunnel.conf to match that in the new version.stunnel.init to remove checking for stunnel.pem on start and generating certificate and keys if that file doesn't exist. I like putting my certificates elsewhere, and the key generator didn't even work anyways.In the compiled binary package, the default stunnel.conf file has a line setgid = nobody. This group does not exist on my OpenWRT installation; the proper group should be nogroup. IIRC the same applies to the official 4.33 binary package.
The files linked in the Download and Compile section are released under GPLv2.
I am not responsible for any possible loss/consequences of using these instructions and files. Use at your own risk.