EAPI magicians can probably tell you more but long story short, EAPI<5 ebuilds can randomly satisfy ${MULTILIB_USEDEP} deps. This results in two big issues: 1. random old ebuilds can pretend to be multilib when they're not, effectively breaking other multilib ebuilds, 2. repoman won't complain when you stabilize multilib ebuild with unstable deps, and then emerge will want to downgrade to EAPI<5 version to 'satisfy' deps on stable. Since so far there's no good solution for this, we've decided to go the hard way and require every multilib dependency to have >= operator and version matching either first ebuild of continuous EAPI=5 ebuilds or continuous multilib ebuilds. In other words, instead of: dev-foo/bar[${MULTILIB_USEDEP}] you use: >=dev-foo/bar-${BAR_PV}[${MULTILIB_USEDEP}] where ${BAR_PV} is chosen so that either: a) all ebuilds >= ${BAR_PV} are EAPI=5 or newer, b) all ebuilds >= ${BAR_PV} are multilib.
Ah, the script to fix dependencies lives at: https://bitbucket.org/mgorny/multilib-dep-fixor/src It's pretty limited but it should handle most of the wrongdoings.
Could someone who knows please check whether comment #19 in bug #471300 might be related to this bug? https://bugs.gentoo.org/show_bug.cgi?id=471300#c19
This appears to break the ability to downgrade to openssl-1.0.0r (unaffected by non-disclosed vulnerability present in all versions of 1.0.1). Any way to resolve this cleanly?
I think you are hitting bug 467774
