FS#66581 - [freerdp] remove mbedtls from depends
Attached to Project:
Community Packages
Opened by tinywrkb (tinywrkb) - Thursday, 07 May 2020, 18:44 GMT
Last edited by David Runge (dvzrv) - Friday, 08 May 2020, 11:58 GMT
Opened by tinywrkb (tinywrkb) - Thursday, 07 May 2020, 18:44 GMT
Last edited by David Runge (dvzrv) - Friday, 08 May 2020, 11:58 GMT
|
Details
freerdp already depends on openssl as a crypto lib.
mbedtls is a community package which often is out-of-date for long periods like today, 23 days and counting with an existing CVE-2020-10932. openssl on the other hand is a core package so it's much more maintained and frequently updated. According to freerdp's dev: * There's no added benefit of building against mbedtls when openssl already enabled. * mbedtls is less supported than openssl, specifically the server related parts. * The generated executable has no command flag for selecting which crypto backend to use at runtime, so from a user perspective, it makes no sense of building against both and pulling them both as runtime depends. Please remove mbedtls from depends. |
This task depends upon
Closed by David Runge (dvzrv)
Friday, 08 May 2020, 11:58 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with freerdp 2:2.1.0-1
Friday, 08 May 2020, 11:58 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with freerdp 2:2.1.0-1