nettle_hashes is a table that is exported through dynamic linkage. When doing readelf -a against dnsmasq linked against libnettle-3.2 I noticed missmatch in the array size readelf -a /usr/sbin/dnsmasq /usr/lib64/libnettle.so.6.3 | grep nettle_hashes 000000662d00 00c600000005 R_X86_64_COPY 0000000000662d00 nettle_hashes + 0 198: 0000000000662d00 80 OBJECT GLOBAL DEFAULT 24 nettle_hashes@NETTLE_6 (3) 395: 0000000000662d00 80 OBJECT GLOBAL DEFAULT 24 nettle_hashes@@NETTLE_6 205: 0000000000238800 112 OBJECT GLOBAL DEFAULT 19 nettle_hashes@@NETTLE_6 nettle_hashes is copied by relocation 000000662d00 00c600000005 R_X86_64_COPY 0000000000662d00 nettle_hashes + 0 to dnsmasq bss section and the copy is being truncated, as the allocated size is only 80 for symbol of size 112, this leads to crash when resolving certain names using dnssec In my assessment (and several other opinions) the nettle-3.2 is not ABI compatible with nettle-3.3 and will cause buggy behaviour. Reproducible: Always
Hi, Thank you for the report, I see you report this to multiple downstreams instead of reporting this to upstream[1] where it can be actually solved, as the so version should either be changed or the incompatibility fixed. Can you please take this to upstream? Alon [1] https://www.lysator.liu.se/~nisse/nettle/
(In reply to Alon Bar-Lev from comment #1) > Hi, > Thank you for the report, I see you report this to multiple downstreams > instead of reporting this to upstream[1] where it can be actually solved, as > the so version should either be changed or the incompatibility fixed. > Can you please take this to upstream? > Alon > > [1] https://www.lysator.liu.se/~nisse/nettle/ Upstream has also been notified, not sure they will touch existing releases though, would you consider subslotting with gentoo suffix, like -r1 unreasonable?
(In reply to emil karlson from comment #2) > (In reply to Alon Bar-Lev from comment #1) > > Hi, > > Thank you for the report, I see you report this to multiple downstreams > > instead of reporting this to upstream[1] where it can be actually solved, as > > the so version should either be changed or the incompatibility fixed. > > Can you please take this to upstream? > > Alon > > > > [1] https://www.lysator.liu.se/~nisse/nettle/ > > Upstream has also been notified, not sure they will touch existing releases > though, would you consider subslotting with gentoo suffix, like -r1 > unreasonable? As this is switch from stable for non stable, I rather wait to know what upstream solution is, either fix or change so version, then we follow.
In case anyone wonders it's the mechanics of how exactly ABI floats for arrays WRT their stat sizes: http://trofi.github.io/posts/195-dynamic-linking-ABI-is-hard.html
I pinged upstream twice and got no answer, bumped subslot to 6.1 for now.
No reply from upstream, subslot should provide the workaround.