[Bug 1991] openssl version checking needs updating
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 30 19:09:45 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=1991
--- Comment #10 from Darren Tucker <dtucker at zip.com.au> 2012-03-30 19:09:45 EST ---
(In reply to comment #9)
> Note that beta versions on the same fix release (1.0.z should be ABI
> compatible. Only when the major or minor release changes there should
> be ABI breakers (that is when x or y in x.y.z changes).
You'd hope so, however from the CHANGES file in openssl 1.0.1 under
"Changes between 1.0.0h and 1.0.1" (a "fix" release, in openssl's
parlance) shows, amongst other things:
*) Functions FIPS_mode_set() and FIPS_mode() which call the
underlying
FIPS modules versions.
[Steve Henson]
*) [...] This enables the following EC_METHODs:
EC_GFp_nistp224_method()
EC_GFp_nistp256_method()
EC_GFp_nistp521_method()
so, new functions introduced in "fix" releases. Given this, we are yet
to be convinced that "fix" releases both are forward and backward ABI
compatible.
> Also as the patch level (the letter after version) changes there should
> be strictly only bugfixes, these should be even forward-backwards
> compatible.
Patch level is covered by the 0xff0 mask in both cases.
> So for the after 1.0 versions I'd suggest the version_mask to be
> ~0xfffffL
That'd allow development and release versions to mix too. For now
we're only considering release versions.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list