Dnsmasq: undefined symbol?
Since 2.1.5 my dnsmasq daemon no longer appears to be working, the web interface reports it as down and when I try to launch it manually from the CLI I get:
/libexec/ld-elf.so.1: Undefined symbol "nettle_secp_384r1" referenced from COPY relocation in /usr/local/sbin/dnsmasq
I've searched for this kind of bug and found https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=190149. However, the solution seems to be to rebuild dnsmasq so that the undefined symbol is fixed. Since pfsense is running on an Alix computer board, I'd rather not do any building etc. Also, the bug seems to be for freebsd 10.1 while pfsense is still on 8.3; so I'm a bit confused why I'm suffering from this issue. The bug seems to be related to DNSSEC support in dnsmasq (which I'm not using at the moment). Also note that nettle is actually installed on my box
Any suggestions? Where might I find a package that ships a working dnsmasq? Is this safe to try: http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.3-release/All/dnsmasq-2.60%2C1.tbz ? What else can I try?
Some more info:
uname -a on my pfsense box:
FreeBSD gatekeeper 8.3-RELEASE-p16 FreeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:29:45 EDT 2014 root@pf2_1_1_i386.pfsense.org:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_wrap_vga.8.i386 i386
Some info about the dnsmsaq binary (can't run –version or anything because of the undefined reference):
[2.1.5-RELEASE][admin@gatekeeper]/root(26): file /usr/local/sbin/dnsmasq
/usr/local/sbin/dnsmasq: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), for FreeBSD 8.3, stripped
[2.1.5-RELEASE][admin@gatekeeper]/root(27): ls -al /usr/local/sbin/dnsmasq
-r-xr-xr-x 1 root wheel 277104 Aug 25 14:30 /usr/local/sbin/dnsmasq
cmb last edited by
The stock release ships a working dnsmasq. I'm guessing you were pkg_adding other things and did something to stomp on dnsmasq somehow. pkg_delete anything you installed, and re-upgrade to 2.1.5 (via System>Firmware, Manual update) should work around that. If you were messing around with pkg_add, it's probably best to backup your config, reinstall, and restore the config.
pkg_add'ing something that somehow replaced dnsmasq sounds likely.
Could you post the md5 hash of the dnsmasq binary on a working box? Just so I can compare with mine:
[2.1.5-RELEASE][admin@gatekeeper]/usr/local/sbin(3): md5 dnsmasq
MD5 (dnsmasq) = 5109310985f872c568df989b4f2e8b50
The md5 hash of the dnsmasq provided by http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.3-release/All/dnsmasq-2.60%2C1.tbz is equal to 7040c0cf6415b5549aabac800506a5c6.
I'd rather avoid upgrading, so if I would prefer using the binary from the 8.3 freebsd archive. It seems to be working, but I'd like to double check the hash to be sure I'm not missing anything.
Thanks for your reply!
As far as adding packages go, this is what pkg_info lists:
ca_root_nss-3.14.3 The root certificate bundle from the Mozilla Project
gettext-0.18.1.1_1 GNU gettext package
gmp-5.1.1 A free library for arbitrary precision arithmetic
gnutls-2.12.23_1 GNU Transport Layer Security library
libgpg-error-1.11 Common error values for all GnuPG components
libiconv-1.14_1 A character set conversion library
libtasn1-2.14 ASN.1 structure parser library
nettle-2.6 Low-level cryptographic library
p11-kit-0.16.3 Library for loading and enumerating of PKCS#11 modules
pkgconf-0.9.1_2 Utility to help to configure compiler and linker flags
screen-4.0.3_14 A multi-screen window manager
sixxs-aiccu-20070115_3 SixXS IPv6 TIC+ tunnel broker heartbeat client
Nothing suspicious, but it doesn't show what installing these packages might have done behind the scenes.
Just to post a follow-up, the dnsmasq from the 8.3 package has been working as expected for over a week now. Thanks again.