https://bugzilla.redhat.com/show_bug.cgi?id=2154347 Neal Gompa <ngompa13(a)gmail.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ngompa13(a)gmail.com Doc Type|--- |If docs needed, set a value --- Comment #1 from Neal Gompa <ngompa13(a)gmail.com&gt; --- Why are we doing this instead of upgrading the main one? Did you try to see if this is necessary? -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2154347

https://bugzilla.redhat.com/show_bug.cgi?id=2154347 --- Comment #2 from Benson Muite <benson_muite(a)emailplus.org&gt; --- The two versions seem to be currently maintained and updated: https://github.com/Mbed-TLS/mbedtls/releases It is unclear how many packages would break if only version 3 is available. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2154347

https://bugzilla.redhat.com/show_bug.cgi?id=2154347 --- Comment #4 from Neal Gompa <ngompa13(a)gmail.com&gt; --- Well, we should try in a COPR then, right? There aren't a lot of packages that link to mbedtls in Fedora: [root@94bd36f45bc2 /]# dnf repoquery --whatrequires mbedtls --qf "%{SOURCERPM}" Last metadata expiration check: 0:08:48 ago on Thu Dec 22 13:03:39 2022. dislocker-0.7.3-8.fc37.src.rpm dolphin-emu-5.0.16380-7.fc38.src.rpm freeopcua-0-36.20220717.bd13aee.fc38.src.rpm gauche-0.9.11-3.fc37.src.rpm godot-3.4.5-1.fc37.src.rpm haxe-4.2.5-3.fc37.src.rpm imhex-1.25.0-1.fc38.src.rpm julia-1.8.2-2.fc38.src.rpm lighttpd-1.4.67-1.fc38.src.rpm mbedtls-2.28.1-1.fc38.src.rpm nekovm-2.3.0-10.fc38.src.rpm openrgb-0.8-2.fc38.src.rpm retroarch-1.14.0-1.fc38.src.rpm secvarctl-0.3-4.fc37.src.rpm -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2154347

https://bugzilla.redhat.com/show_bug.cgi?id=2154347 Bill Roberts <bill.roberts(a)arm.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|nobody(a)fedoraproject.org |bill.roberts(a)arm.com CC| |bill.roberts(a)arm.com --- Comment #8 from Bill Roberts <bill.roberts(a)arm.com&gt; --- So, We can't just update the old mbedtls package as we need to do a side-by-side transition as mbedtls 3.6 (current LTS) is NOT compatible at an API and ABI layer with the older mbedtls 2.28.x LTS versions. Another, rather unfortunate thing, is that upstream only follows semantic versioning guidelines with respect to API and break ABI at whim. Additionally, they historically miss soname updates. Ie they may break ABI, and not bump major soversion. With all of this in mind, it means they they could create a 3.7 LTS whenever, and to move to that LTS would also be an API and ABI breaking change. With all of this in mind, I propose that we create an mbedtls-3.6 package, which will provide the updates for that LTS branch. As they move to the next LTS version, we can do mbedtls-3.7. We namespace out the include directories, shared libraries, cmake snippets, docs, etc. This way older versions of mbedtls can be installed side by side with newer versions. So I am in favor of going to mbedtls-3.6 package name to give us the most flexibility with a challenging versioning scheme adopted by upstream. I am proposing the following: SRPM: https://github.com/billatarm/mbedtls3.6/releases/download/3.6.0-b0/mbedtl... SPEC: https://github.com/billatarm/mbedtls3.6/blob/3.6.0-b0/mbedtls3.6.spec -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2154347 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...

https://bugzilla.redhat.com/show_bug.cgi?id=2154347 --- Comment #10 from Bill Roberts <bill.roberts(a)arm.com&gt; --- (In reply to Benson Muite from comment #9) Done: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2282603 -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2154347 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...