[openssl-dev] [openssl/openssl] ABI compatibility 1.0.0-->1.0.1-->1.0.2
Benjamin Kaduk
bkaduk at akamai.com
Fri Jan 27 21:17:48 UTC 2017
I guess the dashboard is only picking up incremental differences, then,
so the four missing symbols is just for 1.0.1u to 1.0.2 (no letter); any
symbols that were added to both 1.0.1 and 1.0.2 letter releases (e.g.,
for CVE fixes) would show up as "removed" since they weren't in the
initial 1.0.2 release.
I guess the tool needs more investigation than the quickest look...
-Ben
On 01/27/2017 02:43 PM, Michel wrote:
> Hi,
> SRP_VBASE_get1_by_user() was ADDED to 1.0.2g 1 march 2016 [CVE-2016-0798].
> I remember it very well !
> ;-)
>
> Michel
>
> -----Message d'origine-----
> De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de
> Salz, Rich via openssl-dev
> Envoyé : vendredi 27 janvier 2017 19:49
> À : Kaduk, Ben; openssl-dev at openssl.org
> Objet : Re: [openssl-dev] [openssl/openssl] ABI compatibility
> 1.0.0-->1.0.1-->1.0.2
>
> The tool looks good, but either you didn't find the right link, or it's got
> bugs. Of the four symbols you found, ASN1_STRING_clear_free(),
> SRP_user_pwd_free(), and SRP_VBASE_get1_by_user() all exist; only
> ENGINE_load_rsax() was removed.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170127/9454902a/attachment.html>
More information about the openssl-dev
mailing list