Today I see the following:

I uninstalled dev-libs/openssl-0.9.8s-r1 because there is
a GLSA (201110-01 / openssl) against it.

But acroread-9.4.2 wants the installation of
openssl-0.9.8s-r1:

> # emerge -uDpvtN world

These are the packages that would be merged, in reverse
order:

Calculating dependencies... done!
[nomerge       ] app-text/acroread-9.4.2  USE="cups ldap
nsplugin -minimal" LINGUAS="de en -fr -ja" [ebuild  NS
]  dev-libs/openssl-0.9.8s-r1 [1.0.0f-r1] USE="gmp sse2
zlib -bindist -kerberos -test" 0 kB

Total: 1 package (1 in new slot), Size of downloads: 0 kB

The last stable openssl is already installed:
> # eix -I openssl
[I] dev-libs/openssl
     Available versions:  
        (0.9.8) 0.9.8r ~0.9.8s 0.9.8s-r1
        (0)     1.0.0d 1.0.0e ~1.0.0e-r1 ~1.0.0f 1.0.0f-r1
        {bindist gmp kerberos rfc3779 sse2 static-libs test
zlib}
     Installed versions:  1.0.0f-r1(07:52:58 PM 
01/16/2012)(gmp sse2 zlib -bindist -kerberos -rfc3779
-static-libs -test)
     Homepage:            http://www.openssl.org/
     Description:    

As far as I know acroread is not unmasked in this
installation, nor is openssl 
> # grep -i acro /etc/portage/*
> # grep -i ssl /etc/portage/*
shows nothing, so acroread and ssl is «stable».

For now I just uninstalled acroread to prevent the
installation of a buggy openssl version, but this seems
wrong for a mostly stable installation...

Any hints how to proceed? Is there any danger to have an
old (and apparently buggy) openssl lib installed in parallel
with the recent one? 

Urs






Reply via email to