the openssl project has started a new trend in keeping minor versions ABI
compatible. in the past, 0.9.7 and 0.9.8 had different SONAMEs (because they
diff ABIs). but now with 1.0.1, the minor/patch versions should have the same
SONAME and ABI.
however, the new 1.0.1 ebuilds have been masked so far because this breaks a
long standing assumption in some packages -- they do runtime checks on the
version string returned by the library and mask + compare to the compiled
version string from the headers. if they don't match, they prematurely abort.
openssh and neon are the only ones i've noticed so far, and i've grepped the
source trees of a few more packages.
considering we've had proper SONAME distinction to keep different ABIs from
being used w/out recompiling+relinking, these checks are pretty useless. as
such, i've updated openssh and neon to remove those checks. but if you have
an older version and install 1.0.1, you'll trigger these errors. so i've
[temporarily] added a blocker in the new openssl ebuild against the older
versions to keep people from completely blowing up (i.e. no longer able to ssh
in to their box). once things have stabilized for a while, i'll drop said
blockers since there isn't any problems with compiling & running against the
same openssl version.
if people come across or know of any other such packages, please file a bug and
mark it a blocker of Bug 412661.
once the current security issue stabilizes, i'll be moving 1.0.1a into ~arch.