[Bug 3604] New: Building OpenSSH fails with zlib1.3 installed
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Aug 19 04:03:30 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3604
Bug ID: 3604
Summary: Building OpenSSH fails with zlib1.3 installed
Product: Portable OpenSSH
Version: 9.4p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Build system
Assignee: unassigned-bugs at mindrot.org
Reporter: fabian at wenks.ch
Running on macOS 13.5 (Ventura) with MacPorts, but based on the version
check this may affect all OS versions as soon as zlib 1.3 is installed.
I did the upgrades with 'port upgrade outdated', zlib 1.2.13_0 -> 1.3_0
and OpenSSH 9.3p2_0 -> 9.4p1_0 and the update of zlib was done before
openssh:
# port installed | grep '^ zlib'
zlib @1.2.13_0 requested_variants='' platform='darwin 22'
archs='x86_64' date='2023-07-21T19:42:11+0200'
zlib @1.3_0 (active) requested_variants='' platform='darwin 22'
archs='x86_64' date='2023-08-18T18:40:38+0200'
Building OpenSSH 9.4p1_0 failed with this error:
checking for deflate in -lz... yes
checking for possibly buggy zlib... yes
configure: error: *** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible
your
vendor has fixed these problems without changing the version number.
If you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
If you are in doubt, upgrade zlib to version 1.2.3 or greater.
See http://www.gzip.org/zlib/ for details.
More relevant details out of the config.log:
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenSSH configure Portable, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ ./configure --prefix=/opt/local --with-ssl-dir=/opt/local
--sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty
--with-md5-passwords --with-pid-dir=/opt/local/var/run --with-pam
--mandir=/opt/local/share/man --with-zlib=/opt/local
--without-kerberos5 --with-libedit --with-pie
--with-xauth=/opt/local/bin/xauth --with-ldns --with-audit=bsm
--with-keychain=apple
[...]
configure:10755: checking for zlib
configure:10763: result: yes
configure:10768: checking for zlib.h
configure:10768: /opt/local/bin/clang-mp-15 -c -pipe -Os
-isysroot/Applications/
Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.s
dk -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall
-Wpointe
r-arith -Wuninitialized -Wsign-compare -Wformat-security
-Wsizeof-pointer-memacc
ess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation
-Wbitwise-inst
ead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv
-fzero-call-used
-regs=used -fno-builtin-memset -fstack-protector-strong
-I/opt/local/include -I/
opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__
-D__APPL
E_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__
-isysroot/Applications/Xcode.app/Co
ntents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
conftest.
c >&5
configure:10768: $? = 0
configure:10768: result: yes
[...]
configure:10809: result: yes
configure:10871: checking for possibly buggy zlib
configure:10911: /opt/local/bin/clang-mp-15 -o conftest -pipe -Os
-isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
-arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result
-Wmisleading-indentation -Wbitwise-instead-of-logical
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv
-fzero-call-used-regs=used -fno-builtin-memset -fstack-protector-strong
-I/opt/local/include -I/opt/local/include -DBROKEN_STRNVIS=1
-D__APPLE_SANDBOX_NAMED_EXTERNAL__ -D__APPLE_API_STRICT_CONFORMANCE
-D__APPLE_LAUNCHD__
-isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
-L/opt/local/lib -L/opt/local/lib -Wl,-headerpad_max_install_names
-Wl,-search_paths_first
-Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
-arch x86_64 -fstack-protector-strong conftest.c -lz >&5
configure:10911: $? = 0
configure:10911: ./conftest
configure:10911: $? = 1
configure: program exited with status 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "OpenSSH"
| #define PACKAGE_TARNAME "openssh"
| #define PACKAGE_VERSION "Portable"
| #define PACKAGE_STRING "OpenSSH Portable"
| #define PACKAGE_BUGREPORT "openssh-unix-dev at mindrot.org"
[...]
| #define HAVE_BASENAME 1
| #define WITH_ZLIB 1
| #define HAVE_LIBZ 1
| /* end confdefs.h. */
|
| #include <stdio.h>
| #include <stdlib.h>
| #include <zlib.h>
|
| int
| main (void)
| {
|
| int a=0, b=0, c=0, d=0, n, v;
| n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
| if (n != 3 && n != 4)
| exit(1);
| v = a*1000000 + b*10000 + c*100 + d;
| fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION,
v);
|
| /* 1.1.4 is OK */
| if (a == 1 && b == 1 && c >= 4)
| exit(0);
|
| /* 1.2.3 and up are OK */
| if (v >= 1020300)
| exit(0);
|
| exit(2);
|
| ;
| return 0;
| }
configure:10916: result: yes
configure:10919: error: *** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible
your
vendor has fixed these problems without changing the version number.
If you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
If you are in doubt, upgrade zlib to version 1.2.3 or greater.
See http://www.gzip.org/zlib/ for details.
Bugreport at MacPorts: https://trac.macports.org/ticket/67986
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list