OpenSSL STATUS Last modified at
- ______________ $Date: 2002/11/19 09:34:34 $
+ ______________ $Date: 2002/12/05 23:01:17 $
DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development...
+ o OpenSSL 0.9.7-beta5: Released on December 5th, 2002
o OpenSSL 0.9.7-beta4: Released on November 19th, 2002
- o OpenSSL 0.9.7-beta3: Released on July 30th, 2002
- o OpenSSL 0.9.7-beta2: Released on June 16th, 2002
- o OpenSSL 0.9.7-beta1: Released on June 1st, 2002
+ Debian GNU/Linux (kernel version 2.4.19, gcc 2.95.4) - PASSED
+ o OpenSSL 0.9.7-beta3: Released on July 30th, 2002
+ o OpenSSL 0.9.7-beta2: Released on June 16th, 2002
+ o OpenSSL 0.9.7-beta1: Released on June 1st, 2002
+ o OpenSSL 0.9.6h: Released on December 5th, 2002
o OpenSSL 0.9.6g: Released on August 9th, 2002
o OpenSSL 0.9.6f: Released on August 8th, 2002
o OpenSSL 0.9.6e: Released on July 30th, 2002
o BN_mod_mul verification fails for mips3-sgi-irix
unless configured with no-asm
+ o [2002-11-21]
+ PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
+ be optimized away in modern compilers. This is definitely not good
+ and needs to be fixed immediately. The formula to use is presented
+ in:
+
+ http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0
+
+ The problem report that mentions this is:
+
+ https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343
+
AVAILABLE PATCHES
o
projects / openssl.git / blobdiff