Opened 14 months ago
Last modified 14 months ago
#67986 closed defect
Building OpenSSH fails with zlib1.3 installed — at Initial Version
| Reported by: | fabianwenk (Fabian Wenk) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | ||
| Port: | artkiver |
Description
During port upgrade OpenSSH failed during config with this error (it is build from source because I have activated the ldns variant):
checking for deflate in -lz... yes checking for possibly buggy zlib... yes configure: error: *** zlib too old - check config.log *** Your reported zlib version has known security problems. It's possible your vendor has fixed these problems without changing the version number. If you are sure this is the case, you can disable the check by running "./configure --without-zlib-version-check". If you are in doubt, upgrade zlib to version 1.2.3 or greater. See http://www.gzip.org/zlib/ for details. Command failed: cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1" && ./configure --prefix=/opt/local --with-ssl-dir=/opt/local --sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-md5-passwords --with-pid-dir=/opt/local/var/run --with-pam --mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5 --with-libedit --with-pie --with-xauth=/opt/local/bin/xauth --with-ldns --with-audit=bsm --with-keychain=apple Exit code: 1 Error: Failed to configure openssh: consult /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1/config.log Error: Failed to configure openssh: configure failure: command execution failed Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/main.log for details. Error: Follow https://guide.macports.org/#project.tickets if you believe there is a bug.
I did the upgrades with 'port upgrade outdated', zlib 1.2.13_0 -> 1.3_0 and OpenSSH 9.3p2_0 -> 9.4p1_0 and the update of zlib was done before openssh:
# port installed | grep '^ zlib' zlib @1.2.13_0 requested_variants='' platform='darwin 22' archs='x86_64' date='2023-07-21T19:42:11+0200' zlib @1.3_0 (active) requested_variants='' platform='darwin 22' archs='x86_64' date='2023-08-18T18:40:38+0200'
relevant parts out of /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1/config.log:
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenSSH configure Portable, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ ./configure --prefix=/opt/local --with-ssl-dir=/opt/local --sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-md5-passwords --with-pid-dir=/opt/local/var/run --with-pam --mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5 --with-libedit --with-pie --with-xauth=/opt/local/bin/xauth --with-ldns --with-audit=bsm --with-keychain=apple
[...]
configure:10755: checking for zlib
configure:10763: result: yes
configure:10768: checking for zlib.h
configure:10768: /opt/local/bin/clang-mp-15 -c -pipe -Os -isysroot/Applications/
Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.s
dk -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointe
r-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memacc
ess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-inst
ead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used
-regs=used -fno-builtin-memset -fstack-protector-strong -I/opt/local/include -I/
opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__ -D__APPL
E_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__ -isysroot/Applications/Xcode.app/Co
ntents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk conftest.
c >&5
configure:10768: $? = 0
configure:10768: result: yes
[...]
configure:10809: result: yes
configure:10871: checking for possibly buggy zlib
configure:10911: /opt/local/bin/clang-mp-15 -o conftest -pipe -Os -isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used -fno-builtin-memset -fstack-protector-strong -I/opt/local/include -I/opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__ -D__APPLE_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__ -isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk -L/opt/local/lib -L/opt/local/lib -Wl,-headerpad_max_install_names -Wl,-search_paths_first -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk -arch x86_64 -fstack-protector-strong conftest.c -lz >&5
configure:10911: $? = 0
configure:10911: ./conftest
configure:10911: $? = 1
configure: program exited with status 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "OpenSSH"
| #define PACKAGE_TARNAME "openssh"
| #define PACKAGE_VERSION "Portable"
| #define PACKAGE_STRING "OpenSSH Portable"
| #define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org"
[...]
| #define HAVE_BASENAME 1
| #define WITH_ZLIB 1
| #define HAVE_LIBZ 1
| /* end confdefs.h. */
|
| #include <stdio.h>
| #include <stdlib.h>
| #include <zlib.h>
|
| int
| main (void)
| {
|
| int a=0, b=0, c=0, d=0, n, v;
| n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
| if (n != 3 && n != 4)
| exit(1);
| v = a*1000000 + b*10000 + c*100 + d;
| fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
|
| /* 1.1.4 is OK */
| if (a == 1 && b == 1 && c >= 4)
| exit(0);
|
| /* 1.2.3 and up are OK */
| if (v >= 1020300)
| exit(0);
|
| exit(2);
|
| ;
| return 0;
| }
configure:10916: result: yes
configure:10919: error: *** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible your
vendor has fixed these problems without changing the version number. If you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
If you are in doubt, upgrade zlib to version 1.2.3 or greater.
See http://www.gzip.org/zlib/ for details.
Doing a 'port activate zlib @1.2.13_0' and then doing the 'port update openssh' could configure and build OpenSSH. And even after 'port activate zlib @1.3_0' the OpenSSH cli tools still work.
PS: Will also create a ticket at OpenSSH and cross-reference it.
Note: See
TracTickets for help on using
tickets.