On 29/10/15 10:37, Paul Wouters wrote: > You can change the spec and disable DNSSEC so you don't need unbound, > but you might still need a newer NSS version. The one from rhel6 is good > enough and should be a drop in upgrade (when rebuilding on rhel5)
Thanks Paul. RHEL 6 uses: nss-3.19.1-3 Where as RHEL 5 uses: nss-3.19.1-1 Not sure if the '-3' Release is so different. Changelogs show that since the rebase to 3.19.1 there are two bug fixes in the CentOS 6 version: * Sat Jun 13 2015 Kai Engert <[email protected]> - 3.19.1-3 - Additional NULL initialization. * Fri Jun 12 2015 Kai Engert <[email protected]> - 3.19.1-2 - Updated the patch to keep old cipher suite order - Resolves: Bug 1224449 I ran a quick rpm -Uvh on the CentOS 6 versions on my CentOS 5 install but it depends on many missing libraries (including rpmlib): # rpm -Uvh --nosignature nss-3.19.1-3.el6_6.i686.rpm error: Failed dependencies: libfreebl3.so is needed by nss-3.19.1-3.el6_6.i686 libnssdbm3.so is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so(NSSUTIL_3.12) is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so(NSSUTIL_3.12.3) is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so(NSSUTIL_3.12.5) is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so(NSSUTIL_3.13) is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so(NSSUTIL_3.14) is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so(NSSUTIL_3.15) is needed by nss-3.19.1-3.el6_6.i686 libnssutil3.so(NSSUTIL_3.17.1) is needed by nss-3.19.1-3.el6_6.i686 libsoftokn3.so is needed by nss-3.19.1-3.el6_6.i686 nss-softokn(x86-32) >= 3.14.3-22 is needed by nss-3.19.1-3.el6_6.i686 nss-system-init is needed by nss-3.19.1-3.el6_6.i686 nss-util >= 3.19.1 is needed by nss-3.19.1-3.el6_6.i686 rpmlib(FileDigests) <= 4.6.0-1 is needed by nss-3.19.1-3.el6_6.i686 rpmlib(PayloadIsXz) <= 5.2-1 is needed by nss-3.19.1-3.el6_6.i686 curl < 7.19.7-26.el6 conflicts with nss-3.19.1-3.el6_6.i686 libnssutil3.so is needed by (installed) pkinit-nss-0.7.6-1.el5.i386 libnssutil3.so is needed by (installed) hmaccalc-0.9.6-4.el5.i386 libnssutil3.so is needed by (installed) pam_pkcs11-0.5.3-26.el5.i386 libnssutil3.so is needed by (installed) rpm-libs-4.4.2.3-36.el5_11.i386 libnssutil3.so is needed by (installed) rpm-4.4.2.3-36.el5_11.i386 libnssutil3.so is needed by (installed) rpm-python-4.4.2.3-36.el5_11.i386 libnssutil3.so is needed by (installed) nss-tools-3.19.1-1.el5_11.i386 libnssutil3.so is needed by (installed) libreswan-3.0-1.i386 libnssutil3.so(NSSUTIL_3.12) is needed by (installed) nss-tools-3.19.1-1.el5_11.i386 libnssutil3.so(NSSUTIL_3.12.7) is needed by (installed) nss-tools-3.19.1-1.el5_11.i386 libnssutil3.so(NSSUTIL_3.15) is needed by (installed) nss-tools-3.19.1-1.el5_11.i386 nss = 3.19.1-1.el5_11 is needed by (installed) nss-tools-3.19.1-1.el5_11.i386 I guess there's a little more work involved with getting that installed so I'll run with the stock CentOS 5 nss for now. > > The bogus signature is probably my personal signature instead of the > libreswan signature. > > I'll try and put up a new version for rhel5 with all related packages > Thanks again, Paul. -- Tom Robinson IT Manager/System Administrator MoTeC Pty Ltd 121 Merrindale Drive Croydon South 3136 Victoria Australia T: +61 3 9761 5050 F: +61 3 9761 5051 E: [email protected]
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
