Keep STATUS in HEAD up to date.

[openssl.git] / STATUS

diff --git a/STATUS b/STATUS
index 69b3ca90238941a69e0245ca002119da4c4fc9cb..946d98b758c3a65130134fc79490c3f8d1e0fab1 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,12 +1,20 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/06/16 11:33:59 $
+  ______________                           $Date: 2002/12/05 23:01:17 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
-    o  OpenSSL 0.9.7-beta1: Released on June 16th, 2002
-    o  OpenSSL 0.9.7-beta1: Released on June  1st, 2002
+    o  OpenSSL 0.9.7-beta5: Released on December  5th, 2002
+    o  OpenSSL 0.9.7-beta4: Released on November 19th, 2002
+       Debian GNU/Linux (kernel version 2.4.19, gcc 2.95.4)    - PASSED
+    o  OpenSSL 0.9.7-beta3: Released on July     30th, 2002
+    o  OpenSSL 0.9.7-beta2: Released on June     16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June      1st, 2002
+    o  OpenSSL 0.9.6h: Released on December   5th, 2002
+    o  OpenSSL 0.9.6g: Released on August     9th, 2002
+    o  OpenSSL 0.9.6f: Released on August     8th, 2002
+    o  OpenSSL 0.9.6e: Released on July      30th, 2002
     o  OpenSSL 0.9.6d: Released on May        9th, 2002
     o  OpenSSL 0.9.6c: Released on December  21st, 2001
     o  OpenSSL 0.9.6b: Released on July       9th, 2001
@@ -27,6 +35,18 @@
     o BN_mod_mul verification fails for mips3-sgi-irix
       unless configured with no-asm
 
+    o [2002-11-21]
+      PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
+      be optimized away in modern compilers.  This is definitely not good
+      and needs to be fixed immediately.  The formula to use is presented
+      in:
+
+      http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0
+
+      The problem report that mentions this is:
+
+      https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343
+
   AVAILABLE PATCHES
 
     o 
@@ -54,6 +74,9 @@
 
   NEEDS PATCH
 
+    o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
+       handle ECCdraft cipher suites correctly.
+
     o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
 
     o  "OpenSSL STATUS" is never up-to-date.