Description of problem: If you install dnsmasq on a system without a fully up to date nettle rpm then you get an error. ``` [root@localhost ~]# dnf install dnsmasq ... Installed: dnsmasq.x86_64 2.78-2.fc27 Complete! [root@localhost ~]# dnsmasq --version dnsmasq: relocation error: dnsmasq: symbol nettle_get_hashes, version NETTLE_6 not defined in file libnettle.so.6 with link time reference [root@localhost ~]# rpm -q nettle dnsmasq nettle-3.3-5.fc27.x86_64 dnsmasq-2.78-2.fc27.x86_64 ``` It might be a good idea to require a minimum version of nettle to not hit this problem.
I am just looking arround, and I have something to say. dnsmasq buildrequires nettle-devel, and nettle-devel requires nettle. after dnsmasq finish compiling, rpm see that's dnsmasq is linked with libnettle.so.6 and add a requires libnettle.so.6()(64bit), so my opinion here is -> rpm should see who owns libnettle.so.6 -> rpm -qf /usr/lib64/libnettle.so.6 nettle-3.4-1.fc27.x86_64 in my opinion rpm should add nettle-3.4-1.fc27.x86_64 into requires. what do you think about ?
(In reply to Itamar Reis Peixoto from comment #1) > what do you think about ? I honestly don't know. Just figured I would report what I found. Maybe nettle made a breaking change in the middle of a release?
No, it should not. RPM will try to find any package that provides libnettle.so.6 library. You can try "rpm -q --requires dnsmasq" command to see what packages are required. And then "dnf repoquery --whatprovides 'libnettle.so.6()(64bit)'" to search what can provide this library. RPM can work this out correctly. This trouble is about nettle_hashes symbol. Failure in dnsmasq is that it uses array directly. It changed to using function nettle_get_hashes@NETTLE_6 automatically with a newer build. It changed from referencing original array to function returning only start pointer. That is a good thing, because the array is not good for dynamic linking. Problem is that version of library should have been raised with that change. Because old library still provides exactly the same library as more recent one. But it is not backward compatible. Dnsmasq without change it its code had different dependencies with more recent nettle after recent build. $ dnf repoquery --provides nettle-3.4-1.fc27.x86_64 | grep nettle Last metadata expiration check: 0:35:30 ago on Mon 26 Feb 2018 04:22:49 PM CET. libnettle.so.6()(64bit) libnettle.so.6(NETTLE_6)(64bit) nettle = 3.4-1.fc27 nettle(x86-64) = 3.4-1.fc27 $ LANG=en_US.UTF-8 dnf repoquery --provides nettle-3.3-5.fc27.x86_64 | grep nettle Last metadata expiration check: 0:36:11 ago on Mon 26 Feb 2018 04:22:49 PM CET. libnettle.so.6()(64bit) libnettle.so.6(NETTLE_6)(64bit) nettle = 3.3-5.fc27 nettle(x86-64) = 3.3-5.fc27 This is why will RPM allow you to install older version, which in fact cannot satisfy dependencies. I will update dnsmasq to always use explicitly nettle_get_hashes and require nettle >= 3.4, since which this function is available. I think failure is on nettle build.
Patch posted to upstream http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/012020.html
*** Bug 1556888 has been marked as a duplicate of this bug. ***
Created attachment 1408497 [details] patch fixing unintended usage of nettle_get_hash
Proposed fix is at: https://src.fedoraproject.org/fork/pemensik/rpms/dnsmasq/branch/rhbz1548060 Waiting on upstream opinion to prevent future conflicts.
(In reply to Petr Menšík from comment #7) > Proposed fix is at: > > https://src.fedoraproject.org/fork/pemensik/rpms/dnsmasq/branch/rhbz1548060 > > Waiting on upstream opinion to prevent future conflicts. I am not sure whetherthey will be able to workaround issue which is in nettle itself. https://bugzilla.redhat.com/show_bug.cgi?id=1556890
(In reply to Lukas Slebodnik from comment #8) > I am not sure whetherthey will be able to workaround issue which is in > nettle itself. > https://bugzilla.redhat.com/show_bug.cgi?id=1556890 By the way I already filled similar bug #1549190 to nettle, but yours is better documented.
dnsmasq-2.79-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a4d0ee124
dnsmasq-2.79-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb556fd888
dnsmasq-2.79-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a4d0ee124
dnsmasq-2.79-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb556fd888
dnsmasq-2.79-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
dnsmasq-2.79-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.