https://bugzilla.mindrot.org/show_bug.cgi?id=3604
Bug ID: 3604 Summary: Building OpenSSH fails with zlib1.3 installed Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Build system Assignee: unassigned-b...@mindrot.org Reporter: fab...@wenks.ch Running on macOS 13.5 (Ventura) with MacPorts, but based on the version check this may affect all OS versions as soon as zlib 1.3 is installed. I did the upgrades with 'port upgrade outdated', zlib 1.2.13_0 -> 1.3_0 and OpenSSH 9.3p2_0 -> 9.4p1_0 and the update of zlib was done before openssh: # port installed | grep '^ zlib' zlib @1.2.13_0 requested_variants='' platform='darwin 22' archs='x86_64' date='2023-07-21T19:42:11+0200' zlib @1.3_0 (active) requested_variants='' platform='darwin 22' archs='x86_64' date='2023-08-18T18:40:38+0200' Building OpenSSH 9.4p1_0 failed with this error: checking for deflate in -lz... yes checking for possibly buggy zlib... yes configure: error: *** zlib too old - check config.log *** Your reported zlib version has known security problems. It's possible your vendor has fixed these problems without changing the version number. If you are sure this is the case, you can disable the check by running "./configure --without-zlib-version-check". If you are in doubt, upgrade zlib to version 1.2.3 or greater. See http://www.gzip.org/zlib/ for details. More relevant details out of the config.log: This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by OpenSSH configure Portable, which was generated by GNU Autoconf 2.71. Invocation command line was $ ./configure --prefix=/opt/local --with-ssl-dir=/opt/local --sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-md5-passwords --with-pid-dir=/opt/local/var/run --with-pam --mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5 --with-libedit --with-pie --with-xauth=/opt/local/bin/xauth --with-ldns --with-audit=bsm --with-keychain=apple [...] configure:10755: checking for zlib configure:10763: result: yes configure:10768: checking for zlib.h configure:10768: /opt/local/bin/clang-mp-15 -c -pipe -Os -isysroot/Applications/ Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.s dk -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointe r-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memacc ess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-inst ead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used -regs=used -fno-builtin-memset -fstack-protector-strong -I/opt/local/include -I/ opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__ -D__APPL E_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__ -isysroot/Applications/Xcode.app/Co ntents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk conftest. c >&5 configure:10768: $? = 0 configure:10768: result: yes [...] configure:10809: result: yes configure:10871: checking for possibly buggy zlib configure:10911: /opt/local/bin/clang-mp-15 -o conftest -pipe -Os -isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used -fno-builtin-memset -fstack-protector-strong -I/opt/local/include -I/opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__ -D__APPLE_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__ -isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk -L/opt/local/lib -L/opt/local/lib -Wl,-headerpad_max_install_names -Wl,-search_paths_first -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk -arch x86_64 -fstack-protector-strong conftest.c -lz >&5 configure:10911: $? = 0 configure:10911: ./conftest configure:10911: $? = 1 configure: program exited with status 1 configure: failed program was: | /* confdefs.h */ | #define PACKAGE_NAME "OpenSSH" | #define PACKAGE_TARNAME "openssh" | #define PACKAGE_VERSION "Portable" | #define PACKAGE_STRING "OpenSSH Portable" | #define PACKAGE_BUGREPORT "openssh-unix-...@mindrot.org" [...] | #define HAVE_BASENAME 1 | #define WITH_ZLIB 1 | #define HAVE_LIBZ 1 | /* end confdefs.h. */ | | #include <stdio.h> | #include <stdlib.h> | #include <zlib.h> | | int | main (void) | { | | int a=0, b=0, c=0, d=0, n, v; | n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); | if (n != 3 && n != 4) | exit(1); | v = a*1000000 + b*10000 + c*100 + d; | fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); | | /* 1.1.4 is OK */ | if (a == 1 && b == 1 && c >= 4) | exit(0); | | /* 1.2.3 and up are OK */ | if (v >= 1020300) | exit(0); | | exit(2); | | ; | return 0; | } configure:10916: result: yes configure:10919: error: *** zlib too old - check config.log *** Your reported zlib version has known security problems. It's possible your vendor has fixed these problems without changing the version number. If you are sure this is the case, you can disable the check by running "./configure --without-zlib-version-check". If you are in doubt, upgrade zlib to version 1.2.3 or greater. See http://www.gzip.org/zlib/ for details. Bugreport at MacPorts: https://trac.macports.org/ticket/67986 -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs