the openssl project has started a new trend in keeping minor versions ABI compatible. in the past, 0.9.7 and 0.9.8 had different SONAMEs (because they diff ABIs). but now with 1.0.1, the minor/patch versions should have the same SONAME and ABI.
however, the new 1.0.1 ebuilds have been masked so far because this breaks a long standing assumption in some packages -- they do runtime checks on the version string returned by the library and mask + compare to the compiled version string from the headers. if they don't match, they prematurely abort. openssh and neon are the only ones i've noticed so far, and i've grepped the source trees of a few more packages. considering we've had proper SONAME distinction to keep different ABIs from being used w/out recompiling+relinking, these checks are pretty useless. as such, i've updated openssh and neon to remove those checks. but if you have an older version and install 1.0.1, you'll trigger these errors. so i've [temporarily] added a blocker in the new openssl ebuild against the older versions to keep people from completely blowing up (i.e. no longer able to ssh in to their box). once things have stabilized for a while, i'll drop said blockers since there isn't any problems with compiling & running against the same openssl version. if people come across or know of any other such packages, please file a bug and mark it a blocker of Bug 412661. once the current security issue stabilizes, i'll be moving 1.0.1a into ~arch. -mike
signature.asc
Description: This is a digitally signed message part.
