diff -Nru stunnel4-5.30/debian/changelog stunnel4-5.30/debian/changelog
--- stunnel4-5.30/debian/changelog	2016-01-31 07:40:24.000000000 -0600
+++ stunnel4-5.30/debian/changelog	2017-08-30 17:31:43.000000000 -0500
@@ -1,3 +1,11 @@
+stunnel4 (3:5.30-1ubuntu0.1) xenial; urgency=medium
+
+  * Backport fix for TLS session leak introduced in stunnel4 5.27 from
+    stunnel4 5.33: "Fixed a memory leak in the TLS session caching code
+    (thx to Richard Kraemer)" (LP: #1655153).
+
+ -- Scott Emmons <lscotte@gmail.com>  Wed, 30 Aug 2017 22:31:43 +0000
+
 stunnel4 (3:5.30-1) unstable; urgency=medium
 
   * New upstream release:
diff -Nru stunnel4-5.30/debian/control stunnel4-5.30/debian/control
--- stunnel4-5.30/debian/control	2015-11-19 10:36:01.000000000 -0600
+++ stunnel4-5.30/debian/control	2017-08-30 17:31:43.000000000 -0500
@@ -3,7 +3,8 @@
 Priority: optional
 Build-Depends: debhelper (>= 9), libssl-dev,
  openssl, libsystemd-dev [linux-any], libwrap0-dev, sdf, dh-autoreconf
-Maintainer: Peter Pentchev <roam@ringlet.net>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Peter Pentchev <roam@ringlet.net>
 Uploaders: Laszlo Boszormenyi (GCS) <gcs@debian.org>
 Standards-Version: 3.9.6
 Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/stunnel.git
diff -Nru stunnel4-5.30/debian/patches/30-fix-tls-session-leak.patch stunnel4-5.30/debian/patches/30-fix-tls-session-leak.patch
--- stunnel4-5.30/debian/patches/30-fix-tls-session-leak.patch	1969-12-31 18:00:00.000000000 -0600
+++ stunnel4-5.30/debian/patches/30-fix-tls-session-leak.patch	2017-08-30 17:31:43.000000000 -0500
@@ -0,0 +1,25 @@
+Description: Fix TLS session leak
+ Backport fix for TLS session leak introduced in stunnel4 5.27 from stunnel4
+ 5.33: "Fixed a memory leak in the TLS session caching code (thx to Richard
+ Kraemer). Before stunnel 5.27 this leak only emerged with sessiond enabled."
+ Note there is no individual commit from origin with the fix; this fix was
+ cherry picked from source for the 5.33 version.
+Author: Scott Emmons <lscotte@gmail.com>
+Origin: backport
+Bug: https://www.stunnel.org/pipermail/stunnel-users/2016-June/005552.html
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864391
+Applied-Upstream: commit:414f2b12ac0f6153ff51684ab36da0aec39b8364
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: stunnel4-5.30/src/ctx.c
+===================================================================
+--- stunnel4-5.30.orig/src/ctx.c
++++ stunnel4-5.30/src/ctx.c
+@@ -734,6 +734,7 @@ NOEXPORT void sess_remove_cb(SSL_CTX *ct
+     opt=SSL_CTX_get_ex_data(ctx, index_opt);
+     if(opt->option.sessiond)
+         cache_remove(ctx, sess);
++    SSL_SESSION_free(sess);
+ }
+ 
+ /**************************************** sessiond functionality */
diff -Nru stunnel4-5.30/debian/patches/series stunnel4-5.30/debian/patches/series
--- stunnel4-5.30/debian/patches/series	2015-12-03 16:28:57.000000000 -0600
+++ stunnel4-5.30/debian/patches/series	2017-08-30 17:31:43.000000000 -0500
@@ -4,3 +4,4 @@
 10-no-zlib-compression.patch
 12-restore-pidfile-default.patch
 21-author-tests.patch
+30-fix-tls-session-leak.patch