On Mon 02/04/2018 17:45, Jeremie Courreges-Anglas wrote: > On Mon, Apr 02 2018, Björn Ketelaars <[email protected]> wrote: > > Please find enclosed a diff for bringing mbedtls to 2.8.0, which fixes > > various security issues. See > > https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog > > > > Bumped minor of mbedcrypto as symbols have been added. > > > > make test runs successfully. net/openvpn,mbedtls builds, and tests ok. > > Tests ok on amd64 and sparc64; a single test fails on arm with both > 2.7.0 and 2.8.0. > > 45/60 Test #45: mpi-suite ........................***Failed 0.98 sec > Start 46: pem-suite > > > Comments/OK? > > ok jca@ for -current. > > Not sure yet what would be the best way to handle -stable, the minor > bump should be harmless afaik (no need to rebuild all consumers); else > we could backport the security fix(es) only.
sqlports indicates that net/openvpn,mbedtls is the only consumer of mbedtls, which seems to work with 2.8.0 without rebuilding (lightly tested on amd64). I think committing this update to 6.3-stable is less error-prone.
