I guess the dashboard is only picking up incremental differences, then, so the four missing symbols is just for 1.0.1u to 1.0.2 (no letter); any symbols that were added to both 1.0.1 and 1.0.2 letter releases (e.g., for CVE fixes) would show up as "removed" since they weren't in the initial 1.0.2 release.
I guess the tool needs more investigation than the quickest look... -Ben On 01/27/2017 02:43 PM, Michel wrote: > Hi, > SRP_VBASE_get1_by_user() was ADDED to 1.0.2g 1 march 2016 [CVE-2016-0798]. > I remember it very well ! > ;-) > > Michel > > -----Message d'origine----- > De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de > Salz, Rich via openssl-dev > Envoyé : vendredi 27 janvier 2017 19:49 > À : Kaduk, Ben; openssl-dev@openssl.org > Objet : Re: [openssl-dev] [openssl/openssl] ABI compatibility > 1.0.0-->1.0.1-->1.0.2 > > The tool looks good, but either you didn't find the right link, or it's got > bugs. Of the four symbols you found, ASN1_STRING_clear_free(), > SRP_user_pwd_free(), and SRP_VBASE_get1_by_user() all exist; only > ENGINE_load_rsax() was removed. >
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
