1 |
the openssl project has started a new trend in keeping minor versions ABI |
2 |
compatible. in the past, 0.9.7 and 0.9.8 had different SONAMEs (because they |
3 |
diff ABIs). but now with 1.0.1, the minor/patch versions should have the same |
4 |
SONAME and ABI. |
5 |
|
6 |
however, the new 1.0.1 ebuilds have been masked so far because this breaks a |
7 |
long standing assumption in some packages -- they do runtime checks on the |
8 |
version string returned by the library and mask + compare to the compiled |
9 |
version string from the headers. if they don't match, they prematurely abort. |
10 |
openssh and neon are the only ones i've noticed so far, and i've grepped the |
11 |
source trees of a few more packages. |
12 |
|
13 |
considering we've had proper SONAME distinction to keep different ABIs from |
14 |
being used w/out recompiling+relinking, these checks are pretty useless. as |
15 |
such, i've updated openssh and neon to remove those checks. but if you have |
16 |
an older version and install 1.0.1, you'll trigger these errors. so i've |
17 |
[temporarily] added a blocker in the new openssl ebuild against the older |
18 |
versions to keep people from completely blowing up (i.e. no longer able to ssh |
19 |
in to their box). once things have stabilized for a while, i'll drop said |
20 |
blockers since there isn't any problems with compiling & running against the |
21 |
same openssl version. |
22 |
|
23 |
if people come across or know of any other such packages, please file a bug and |
24 |
mark it a blocker of Bug 412661. |
25 |
|
26 |
once the current security issue stabilizes, i'll be moving 1.0.1a into ~arch. |
27 |
-mike |