Gentoo Archives: gentoo-dev

From: Mike Frysinger <vapier@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] openssl-1.0.1* moving to unstable
Date: Thu, 19 Apr 2012 18:18:22
Message-Id: 201204191418.27984.vapier@gentoo.org
the openssl project has started a new trend in keeping minor versions ABI 
compatible.  in the past, 0.9.7 and 0.9.8 had different SONAMEs (because they 
diff ABIs).  but now with 1.0.1, the minor/patch versions should have the same 
SONAME and ABI.

however, the new 1.0.1 ebuilds have been masked so far because this breaks a 
long standing assumption in some packages -- they do runtime checks on the 
version string returned by the library and mask + compare to the compiled 
version string from the headers.  if they don't match, they prematurely abort.  
openssh and neon are the only ones i've noticed so far, and i've grepped the 
source trees of a few more packages.

considering we've had proper SONAME distinction to keep different ABIs from 
being used w/out recompiling+relinking, these checks are pretty useless.  as 
such, i've updated openssh and neon to remove those checks.  but if you have 
an older version and install 1.0.1, you'll trigger these errors.  so i've 
[temporarily] added a blocker in the new openssl ebuild against the older 
versions to keep people from completely blowing up (i.e. no longer able to ssh 
in to their box).  once things have stabilized for a while, i'll drop said 
blockers since there isn't any problems with compiling & running against the 
same openssl version.

if people come across or know of any other such packages, please file a bug and 
mark it a blocker of Bug 412661.

once the current security issue stabilizes, i'll be moving 1.0.1a into ~arch.
-mike

Attachments

File name MIME type
signature.asc application/pgp-signature