| 1 |
the openssl project has started a new trend in keeping minor versions ABI |
| 2 |
compatible. in the past, 0.9.7 and 0.9.8 had different SONAMEs (because they |
| 3 |
diff ABIs). but now with 1.0.1, the minor/patch versions should have the same |
| 4 |
SONAME and ABI. |
| 5 |
|
| 6 |
however, the new 1.0.1 ebuilds have been masked so far because this breaks a |
| 7 |
long standing assumption in some packages -- they do runtime checks on the |
| 8 |
version string returned by the library and mask + compare to the compiled |
| 9 |
version string from the headers. if they don't match, they prematurely abort. |
| 10 |
openssh and neon are the only ones i've noticed so far, and i've grepped the |
| 11 |
source trees of a few more packages. |
| 12 |
|
| 13 |
considering we've had proper SONAME distinction to keep different ABIs from |
| 14 |
being used w/out recompiling+relinking, these checks are pretty useless. as |
| 15 |
such, i've updated openssh and neon to remove those checks. but if you have |
| 16 |
an older version and install 1.0.1, you'll trigger these errors. so i've |
| 17 |
[temporarily] added a blocker in the new openssl ebuild against the older |
| 18 |
versions to keep people from completely blowing up (i.e. no longer able to ssh |
| 19 |
in to their box). once things have stabilized for a while, i'll drop said |
| 20 |
blockers since there isn't any problems with compiling & running against the |
| 21 |
same openssl version. |
| 22 |
|
| 23 |
if people come across or know of any other such packages, please file a bug and |
| 24 |
mark it a blocker of Bug 412661. |
| 25 |
|
| 26 |
once the current security issue stabilizes, i'll be moving 1.0.1a into ~arch. |
| 27 |
-mike |
Archives