Today I see the following:
I uninstalled dev-libs/openssl-0.9.8s-r1 because there is
a GLSA (201110-01 / openssl) against it.
But acroread-9.4.2 wants the installation of
openssl-0.9.8s-r1:
> # emerge -uDpvtN world
These are the packages that would be merged, in reverse
order:
Calculating dependencies... done!
[nomerge ] app-text/acroread-9.4.2 USE="cups ldap
nsplugin -minimal" LINGUAS="de en -fr -ja" [ebuild NS
] dev-libs/openssl-0.9.8s-r1 [1.0.0f-r1] USE="gmp sse2
zlib -bindist -kerberos -test" 0 kB
Total: 1 package (1 in new slot), Size of downloads: 0 kB
The last stable openssl is already installed:
> # eix -I openssl
[I] dev-libs/openssl
Available versions:
(0.9.8) 0.9.8r ~0.9.8s 0.9.8s-r1
(0) 1.0.0d 1.0.0e ~1.0.0e-r1 ~1.0.0f 1.0.0f-r1
{bindist gmp kerberos rfc3779 sse2 static-libs test
zlib}
Installed versions: 1.0.0f-r1(07:52:58 PM
01/16/2012)(gmp sse2 zlib -bindist -kerberos -rfc3779
-static-libs -test)
Homepage: http://www.openssl.org/
Description:
As far as I know acroread is not unmasked in this
installation, nor is openssl
> # grep -i acro /etc/portage/*
> # grep -i ssl /etc/portage/*
shows nothing, so acroread and ssl is «stable».
For now I just uninstalled acroread to prevent the
installation of a buggy openssl version, but this seems
wrong for a mostly stable installation...
Any hints how to proceed? Is there any danger to have an
old (and apparently buggy) openssl lib installed in parallel
with the recent one?
Urs
