yum info ngtcp2-crypto-gnutls Updating and loading repositories: Repositories loaded. Installed packages Name : ngtcp2-crypto-gnutls Epoch : 0 Version : 1.21.0 Release : 1.fc43 Architecture : aarch64 Installed size : 67.5 KiB Source : ngtcp2-1.21.0-1.fc43.src.rpm From repository : updates Summary : The ngtcp2 GnuTLS crypto provider URL : https://github.com/ngtcp2/ngtcp2 License : MIT Description : "Call it TCP/2. One More Time." RFC9000 QUIC protocol. : : GnuTLS library provider. Vendor : Fedora Project ------------ rpm -q ngtcp2-crypto-gnutls ngtcp2-crypto-gnutls-1.21.0-1.fc43.aarch64 ------------ # dnf system-upgrade download --releasever=44 Updating and loading repositories: Fedora 44 openh264 (From Cisco) - aarch64 100% | 3.5 KiB/s | 4.1 KiB | 00m01s Fedora 44 - aarch64 - Updates 100% | 10.9 KiB/s | 16.5 KiB | 00m02s Repositories loaded. Failed to resolve the transaction: Problem: installed package ngtcp2-crypto-gnutls-1.21.0-1.fc43.aarch64 requires ngtcp2(aarch-64) = 1.21.0-1.fc43, but none of the providers can be installed - ngtcp2-1.21.0-1.fc43.aarch64 does not belong to a distupgrade repository - problem with installed package Reproducible: Always Steps to Reproduce: 1.have a fresh f43 on aarch 2.dnf upgrade --refresh 3.dnf system-upgrade download --releasever=44 Actual Results: dnf system-upgrade download --releasever=44 Updating and loading repositories: Fedora 44 openh264 (From Cisco) - aarch64 100% | 3.5 KiB/s | 4.1 KiB | 00m01s Fedora 44 - aarch64 - Updates 100% | 10.9 KiB/s | 16.5 KiB | 00m02s Repositories loaded. Failed to resolve the transaction: Problem: installed package ngtcp2-crypto-gnutls-1.21.0-1.fc43.aarch64 requires ngtcp2(aarch-64) = 1.21.0-1.fc43, but none of the providers can be installed - ngtcp2-1.21.0-1.fc43.aarch64 does not belong to a distupgrade repository - problem with installed package
Proposed as a Blocker for 44-final by Fedora user psklenar using the blocker tracking app because: I can't upgrade fedora 43 aarch64 due to missing requires.
I think this is caused by last release not yet in f44 updates repo. https://bodhi.fedoraproject.org/updates/FEDORA-2026-ae00d11fac But it is already stable in f43, from which you upgrade. That causes downgrade in fact. Will this get fixed when "dnf upgrade --enablerepo=updates-testing --releasever=44" is used first? ngtcp2 update for f44 needs more karma, I cannot push it yet.
What was the starting point for this test? By policy upgrade issues are only blockers if they occur when upgrading from a clean install of one of the release-blocking package sets. If you started from a non-release-blocking edition/spin, or this is a package that wasn't installed by default but was one you added later, it can't be a blocker. "For each one of the release-blocking package sets, it must be possible to successfully complete a direct upgrade from a fully updated, clean default installation of each of the last two stable Fedora releases with that package set installed."
BTW, the behavior is a bit odd, as I'd *expect* dnf would just downgrade both ngtcp2 and ngtcp2-crypto-gnutls to the current F44 stable version (1.19.0-1.fc44). Possibly something else is installed that needs ngtcp2-crypto-gnutls 1.21.0 and for some reason dnf doesn't think it can resolve things by syncing everything to current F44 stable state?
ngtcp2 is dependency of unbound-libs. That is required by gnutls-dane. Primary dependency of ngtcp2 is samba-client-libs. I did not know also libcurl depends on it since f44.
@adam: about adding blocker to this: I have clean install with server variant and ngtcp2-crypto-gnutls is installed - also samba-client-libs which requires it. But I cant find which particular package from groups @core or @standard requires 'ngtcp2-crypto-gnutls' or 'samba-client-libs' , maybe weak deps @petr: dnf system-upgrade download --releasever=44 --enablerepo=updates-testing it solves this issue => adding karma+1 to https://bodhi.fedoraproject.org/updates/FEDORA-2026-ae00d11fac
so this is probably not a bug, as ngtcp2-1.21.0-1.fc44 haven't landed in 'updates' repo , right?
well, it's a 'bug' in the sense that we should make sure ngtcp2-1.21.0-1.fc44 lands ASAP to solve it. Oddly, though, openQA isn't seeing this? e.g. we have https://openqa.fedoraproject.org/tests/4500909# from today's Fedora 44 compose, Server upgrade test from F43 to F44 on aarch64, worked fine. The logs show it downgraded the ngtcp2 packages: Mar 26 04:50:36 localhost dnf5[645]: ngtcp2 aarch64 1.19.0-2.fc44 fedora 341.0 KiB Mar 26 04:50:36 localhost dnf5[645]: replacing ngtcp2 aarch64 1.21.0-1.fc43 updates 341.2 KiB Mar 26 04:50:36 localhost dnf5[645]: ngtcp2-crypto-gnutls aarch64 1.19.0-2.fc44 fedora 67.4 KiB Mar 26 04:50:36 localhost dnf5[645]: replacing ngtcp2-crypto-gnutls aarch64 1.21.0-1.fc43 updates 67.5 KiB Mar 26 04:50:36 localhost dnf5[645]: ngtcp2-crypto-ossl aarch64 1.19.0-2.fc44 fedora 67.4 KiB Mar 26 04:50:36 localhost dnf5[645]: replacing ngtcp2-crypto-ossl aarch64 1.21.0-1.fc43 updates 67.6 KiB which is what I'd expect to happen. The test runs "dnf -y --best --releasever=44 system-upgrade download".
Similar problem manifests on x86_64 with the `net-snmp-libs` package. I am not doing anything unexpected, I just download and install the official Fedora DVD 43 iso, update the system and try to upgrade to F44. When my starting point is the official Fedora Netinst 43 ISO, I do not have any problems. https://bugzilla.redhat.com/show_bug.cgi?id=2452216
AGREED Delayed Decision Discussed at the 2026-03-30 (blocker / freeze exception) review meeting: In theory, we'd like to clarify why Petr's testing and openQA got different results, but in practice, we suspect this is now fixed anyway because the update is now stable. So we'll just ask Petr to re-test and expect the result to be "it's fine now" and the bug to be closed. https://meetbot-raw.fedoraproject.org//blocker-review_matrix_fedoraproject-org/2026-03-30/f44-blocker-review.2026-03-30-16.00.log.txt