diff --git a/getrandom-syscall-fallback.patch b/getrandom-syscall-fallback.patch
deleted file mode 100644
index 9374007..0000000
--- a/getrandom-syscall-fallback.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Index: mbedtls-1.3.10/library/entropy_poll.c
-===================================================================
---- mbedtls-1.3.10.orig/library/entropy_poll.c
-+++ mbedtls-1.3.10/library/entropy_poll.c
-@@ -81,40 +81,35 @@ int platform_entropy_poll( void *data, u
- #include <sys/syscall.h>
- #if defined(SYS_getrandom)
- #define HAVE_GETRANDOM
--static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
-+static ssize_t getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
- {
-     return( syscall( SYS_getrandom, buf, buflen, flags ) );
- }
- #endif /* SYS_getrandom */
- #endif /* __linux__ */
- 
--#if defined(HAVE_GETRANDOM)
--
-+#include <stdio.h>
- #include <errno.h>
- 
- int platform_entropy_poll( void *data,
-                            unsigned char *output, size_t len, size_t *olen )
- {
--    int ret;
-+    FILE *file;
-+    size_t ret;
-     ((void) data);
- 
--    if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
--        return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
--
--    *olen = ret;
--    return( 0 );
--}
--
--#else /* HAVE_GETRANDOM */
-+#if defined(HAVE_GETRANDOM)
-+    ssize_t sysret;
- 
--#include <stdio.h>
-+    if( ( sysret = getrandom_wrapper( output, len, 0 ) ) >= 0 )
-+    {
-+	*olen = sysret;
-+	return( 0 );
-+    }
-+    if (sysret < 0 && errno != ENOSYS)
-+        return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
- 
--int platform_entropy_poll( void *data,
--                           unsigned char *output, size_t len, size_t *olen )
--{
--    FILE *file;
--    size_t ret;
--    ((void) data);
-+#endif /* HAVE_GETRANDOM */
- 
-     *olen = 0;
- 
-@@ -134,7 +129,6 @@ int platform_entropy_poll( void *data,
- 
-     return( 0 );
- }
--#endif /* HAVE_GETRANDOM */
- #endif /* _WIN32 && !EFIX64 && !EFI32 */
- #endif /* !POLARSSL_NO_PLATFORM_ENTROPY */
- 
diff --git a/mbedtls-1.3.10-gpl.tgz b/mbedtls-1.3.10-gpl.tgz
deleted file mode 100644
index 1ea4d14..0000000
--- a/mbedtls-1.3.10-gpl.tgz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:746fd88e0c6623691fc56c4eed52e40a57b2da0ac80f6dd8995094aa6adb407e
-size 1709888
diff --git a/mbedtls-1.3.11-gpl.tgz b/mbedtls-1.3.11-gpl.tgz
new file mode 100644
index 0000000..94d8901
--- /dev/null
+++ b/mbedtls-1.3.11-gpl.tgz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:67a593027b6a442a4fa5b6c224c4ac8cdae5be721f5a28a11d34f10dcda441cb
+size 1731809
diff --git a/mbedtls.changes b/mbedtls.changes
index da8f973..8ad4695 100644
--- a/mbedtls.changes
+++ b/mbedtls.changes
@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Mon Jun 15 22:19:07 UTC 2015 - fisiu@opensuse.org
+
+- Update to 1.3.11:
+  * Remove bias in mpi_gen_prime (contributed by Pascal Junod).
+  * Remove potential sources of timing variations (some contributed by Pascal
+    Junod).
+  * Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
+  * Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
+  * compat-1.2.h and openssl.h are deprecated.
+  * ssl_set_own_cert() no longer calls pk_check_pair() since the performance
+    impact was bad for some users (this was introduced in 1.3.10).
+  * Move from SHA-1 to SHA-256 in example programs using signatures (suggested
+    by Thorsten Mühlfelder).
+  * Remove dependency on sscanf() in X.509 parsing modules.
+  * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
+  * Fix bug in entropy.c when THREADING_C is also enabled that caused
+    entropy_free() to crash (thanks to Rafał Przywara).
+  * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than once
+    on the same context.
+  * Fix bug in ssl_mail_client when password is longer that username (found by
+    Bruno Pape).
+  * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
+    (detected by Clang's 3.6 UBSan).
+  * mpi_size() and mpi_msb() would segfault when called on an mpi that is
+    initialized but not set (found by pravic).
+  * Fix detection of support for getrandom() on Linux (reported by syzzer) by
+    doing it at runtime (using uname) rather that compile time.
+  * Fix handling of symlinks by "make install" (found by Gaël PORTAY).
+  * Fix potential NULL pointer dereference (not trigerrable remotely) when
+    ssl_write() is called before the handshake is finished (introduced in
+    1.3.10) (first reported by Martin Blumenstingl).
+  * Fix bug in pk_parse_key() that caused some valid private EC keys to be
+    rejected.
+  * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
+  * Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
+  * Fix hardclock() (only used in the benchmarking program) with some versions
+    of mingw64 (found by kxjhlele).
+  * Fix potential unintended sign extension in asn1_get_len() on 64-bit
+    platforms.
+  * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
+  * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
+    POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced in
+    1.3.10).
+  * Add missing extern "C" guard in aesni.h (reported by amir zamani).
+  * Add missing dependency on SHA-256 in some x509 programs (reported by
+    Gergely Budai).
+  * Fix bug related to ssl_set_curves(): the client didn't check that the curve
+    picked by the server was actually allowed.
+- Drop getrandom-syscall-fallback.patch: fixed upstream.
+
 -------------------------------------------------------------------
 Wed Apr  1 11:05:55 UTC 2015 - schwab@suse.de
 
@@ -82,9 +133,9 @@ Mon Nov  3 12:25:24 UTC 2014 - fisiu@opensuse.org
     CVE-2014-8628.
   * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x.
   * Ciphersuites using RSA-PSK key exchange now require TLS 1.x.
-  * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits RSA 
+  * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits RSA
     keys.
-  * X.509 certificates with more than one AttributeTypeAndValue per 
+  * X.509 certificates with more than one AttributeTypeAndValue per
     RelativeDistinguishedName are not accepted any more.
 - Build with POLARSSL_THREADING_PTHREAD: fix boo#903671.
 
diff --git a/mbedtls.spec b/mbedtls.spec
index e75e7df..760f79e 100644
--- a/mbedtls.spec
+++ b/mbedtls.spec
@@ -16,16 +16,15 @@
 #
 
 
-%define lib_name lib%{name}8
+%define lib_name lib%{name}9
 Name:           mbedtls
-Version:        1.3.10
+Version:        1.3.11
 Release:        0
 Summary:        Open Source embedded SSL/TLS cryptographic library
 License:        GPL-2.0+
 Group:          Development/Libraries/C and C++
 Url:            https://tls.mbed.org
 Source:         https://tls.mbed.org/download/%{name}-%{version}-gpl.tgz
-Patch:          getrandom-syscall-fallback.patch
 BuildRequires:  cmake
 BuildRequires:  pkg-config
 BuildRequires:  zlib-devel
@@ -55,7 +54,6 @@ A portable, easy to use, readable and flexible SSL library.
 
 %prep
 %setup -q
-%patch -p1
 sed -i 's|//\(#define POLARSSL_THREADING_C\)|\1|' include/polarssl/config.h
 sed -i 's|//\(#define POLARSSL_THREADING_PTHREAD\)|\1|' include/polarssl/config.h