I tell a slight lie. I have libreswan-3.21-1.el7.centos.x86_64. I did not realise you'd separated the repos, but the same comments apply. rpm -qR libreswan-3.21-1.el7.centos.x86_64 does not appear to have any version requirements for libunbound.so.2 or libevent-2.0.so.5. I' not sure even where to find the el7.centos packages on the download site. Presumably the repos are looking somewhere else. I'll have to dig further.

On 10/08/2017 21:35, Nick Howitt wrote:
Sorry, but I did not build the files. Libreswan came down automatically from the Libreswan repo last night with a nightly "yum update". Looking in https://download.libreswan.org/binaries/rhel/7/x86_64/ there are no unbound/unbound-devel packages. Presumably also there is no requirement in the libreswan rpm for unbound >= 1.5.0 either as that would have stopped it from installing.

On 10/08/2017 21:27, Paul Wouters wrote:

On Thu, 10 Aug 2017, Nick Howitt wrote:

Presumably then this would be a non-standard centos7/el7 version of unbound? I normally just use their pre-compiled rpm
packages and have never compiled any myself. I currently have v1.4.20-28.el7. I thought in the past when we needed
non-standard versions of the rpm's they were compiled into the libreswan repo.

Support for that was added in 1.5.0. If you are on rhel/centos then the
version is not good enough. There is rhbz#1251440 to request a rebase
for RHEL-7.5. You can find updated unbound packages meanwhile in our
repository on download.libreswan.org/binaries/rhel/7/

The reason it compiled must have been because USE_UNBOUND_EVENT_H_COPY
is set to true per default and so you got the newer include file
while having on older library. The reason for this is that due to
a bug in upstream unbound, they did not install unbound-event.h
even if they compiled in support for libevent into the library. So
we have to ship our own version of the include file for now while
distro's catch up and properly ship unbound-event.h.

It's unfortunate that this lead to your upgrade state where unbound
is not good enough. We did however upgrade our shipped spec files
to require unbound >= 1.5.0, so I assume you build from your own
spec file where this was not updated, or else it should have failed
to build, or when using our binary repo on download.libreswan.org
for rhel/epel, it would have dragged in a newer unbound as well.


Swan mailing list

Swan mailing list

Reply via email to