On Mon, Apr 02 2018, Björn Ketelaars <[email protected]> wrote: > On Mon 02/04/2018 17:45, Jeremie Courreges-Anglas wrote: >> On Mon, Apr 02 2018, Björn Ketelaars <[email protected]> wrote: >> > Please find enclosed a diff for bringing mbedtls to 2.8.0, which fixes >> > various security issues. See >> > https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog >> > >> > Bumped minor of mbedcrypto as symbols have been added. >> > >> > make test runs successfully. net/openvpn,mbedtls builds, and tests ok. >> >> Tests ok on amd64 and sparc64; a single test fails on arm with both >> 2.7.0 and 2.8.0. >> >> 45/60 Test #45: mpi-suite ........................***Failed 0.98 sec >> Start 46: pem-suite >> >> > Comments/OK? >> >> ok jca@ for -current. >> >> Not sure yet what would be the best way to handle -stable, the minor >> bump should be harmless afaik (no need to rebuild all consumers); else >> we could backport the security fix(es) only. > > sqlports indicates that net/openvpn,mbedtls is the only consumer of > mbedtls, which seems to work with 2.8.0 without rebuilding (lightly > tested on amd64). > > I think committing this update to 6.3-stable is less error-prone.
I tried to look in upstream's repo what fixes would be needed, and got lost doing so, as usual... Anyway, I agree with you, ok jca@ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
