[MacPorts] #67986: Building OpenSSH fails with zlib1.3 installed
MacPorts
noreply at macports.org
Fri Aug 18 18:05:45 UTC 2023
#67986: Building OpenSSH fails with zlib1.3 installed
-------------------------+--------------------
Reporter: fabianwenk | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: |
-------------------------+--------------------
Description changed by fabianwenk:
Old description:
> During port upgrade OpenSSH failed during config with this error (it is
> build from source because I have activated the ldns variant):
>
> {{{
> checking for deflate in -lz... yes
> checking for possibly buggy zlib... yes
> configure: error: *** zlib too old - check config.log ***
> Your reported zlib version has known security problems. It's possible
> your
> vendor has fixed these problems without changing the version number. If
> you
> are sure this is the case, you can disable the check by running
> "./configure --without-zlib-version-check".
> If you are in doubt, upgrade zlib to version 1.2.3 or greater.
> See http://www.gzip.org/zlib/ for details.
> Command failed: cd
> "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1"
> && ./configure --prefix=/opt/local --with-ssl-dir=/opt/local
> --sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-
> md5-passwords --with-pid-dir=/opt/local/var/run --with-pam
> --mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5
> --with-libedit --with-pie --with-xauth=/opt/local/bin/xauth --with-ldns
> --with-audit=bsm --with-keychain=apple
> Exit code: 1
> Error: Failed to configure openssh: consult
> /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1/config.log
> Error: Failed to configure openssh: configure failure: command execution
> failed
> Error: See
> /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/main.log
> for details.
> Error: Follow https://guide.macports.org/#project.tickets if you believe
> there
> is a bug.
> }}}
>
> I did the upgrades with 'port upgrade outdated', zlib 1.2.13_0 -> 1.3_0
> and OpenSSH 9.3p2_0 -> 9.4p1_0 and the update of zlib was done before
> openssh:
> {{{
> # port installed | grep '^ zlib'
> zlib @1.2.13_0 requested_variants='' platform='darwin 22'
> archs='x86_64' date='2023-07-21T19:42:11+0200'
> zlib @1.3_0 (active) requested_variants='' platform='darwin 22'
> archs='x86_64' date='2023-08-18T18:40:38+0200'
> }}}
>
> relevant parts out of
> /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1/config.log:
>
> {{{
> This file contains any messages produced by compilers while
> running configure, to aid debugging if configure makes a mistake.
>
> It was created by OpenSSH configure Portable, which was
> generated by GNU Autoconf 2.71. Invocation command line was
>
> $ ./configure --prefix=/opt/local --with-ssl-dir=/opt/local
> --sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-
> md5-passwords --with-pid-dir=/opt/local/var/run --with-pam
> --mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5
> --with-libedit --with-pie --with-xauth=/opt/local/bin/xauth --with-ldns
> --with-audit=bsm --with-keychain=apple
>
> [...]
>
> configure:10755: checking for zlib
> configure:10763: result: yes
> configure:10768: checking for zlib.h
> configure:10768: /opt/local/bin/clang-mp-15 -c -pipe -Os
> -isysroot/Applications/
> Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.s
> dk -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall
> -Wpointe
> r-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-
> pointer-memacc
> ess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation
> -Wbitwise-inst
> ead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-
> call-used
> -regs=used -fno-builtin-memset -fstack-protector-strong
> -I/opt/local/include -I/
> opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__
> -D__APPL
> E_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__
> -isysroot/Applications/Xcode.app/Co
> ntents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
> conftest.
> c >&5
> configure:10768: $? = 0
> configure:10768: result: yes
>
> [...]
>
> configure:10809: result: yes
> configure:10871: checking for possibly buggy zlib
> configure:10911: /opt/local/bin/clang-mp-15 -o conftest -pipe -Os
> -isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
> -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall
> -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security
> -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result
> -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-
> aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used -fno-
> builtin-memset -fstack-protector-strong -I/opt/local/include
> -I/opt/local/include -DBROKEN_STRNVIS=1
> -D__APPLE_SANDBOX_NAMED_EXTERNAL__ -D__APPLE_API_STRICT_CONFORMANCE
> -D__APPLE_LAUNCHD__
> -isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
> -L/opt/local/lib -L/opt/local/lib -Wl,-headerpad_max_install_names
> -Wl,-search_paths_first
> -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
> -arch x86_64 -fstack-protector-strong conftest.c -lz >&5
> configure:10911: $? = 0
> configure:10911: ./conftest
> configure:10911: $? = 1
> configure: program exited with status 1
> configure: failed program was:
> | /* confdefs.h */
> | #define PACKAGE_NAME "OpenSSH"
> | #define PACKAGE_TARNAME "openssh"
> | #define PACKAGE_VERSION "Portable"
> | #define PACKAGE_STRING "OpenSSH Portable"
> | #define PACKAGE_BUGREPORT "openssh-unix-dev at mindrot.org"
>
> [...]
>
> | #define HAVE_BASENAME 1
> | #define WITH_ZLIB 1
> | #define HAVE_LIBZ 1
> | /* end confdefs.h. */
> |
> | #include <stdio.h>
> | #include <stdlib.h>
> | #include <zlib.h>
> |
> | int
> | main (void)
> | {
> |
> | int a=0, b=0, c=0, d=0, n, v;
> | n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
> | if (n != 3 && n != 4)
> | exit(1);
> | v = a*1000000 + b*10000 + c*100 + d;
> | fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
> |
> | /* 1.1.4 is OK */
> | if (a == 1 && b == 1 && c >= 4)
> | exit(0);
> |
> | /* 1.2.3 and up are OK */
> | if (v >= 1020300)
> | exit(0);
> |
> | exit(2);
> |
> | ;
> | return 0;
> | }
> configure:10916: result: yes
> configure:10919: error: *** zlib too old - check config.log ***
> Your reported zlib version has known security problems. It's possible
> your
> vendor has fixed these problems without changing the version number. If
> you
> are sure this is the case, you can disable the check by running
> "./configure --without-zlib-version-check".
> If you are in doubt, upgrade zlib to version 1.2.3 or greater.
> See http://www.gzip.org/zlib/ for details.
> }}}
>
> Doing a 'port activate zlib @1.2.13_0' and then doing the 'port update
> openssh' could configure and build OpenSSH. And even after 'port activate
> zlib @1.3_0' the OpenSSH cli tools still work.
>
> PS: Will also create a ticket at OpenSSH and cross-reference it.
New description:
During port upgrade OpenSSH failed during config with this error (it is
build from source because I have activated the ldns variant):
{{{
checking for deflate in -lz... yes
checking for possibly buggy zlib... yes
configure: error: *** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible
your
vendor has fixed these problems without changing the version number. If
you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
If you are in doubt, upgrade zlib to version 1.2.3 or greater.
See http://www.gzip.org/zlib/ for details.
Command failed: cd
"/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1"
&& ./configure --prefix=/opt/local --with-ssl-dir=/opt/local
--sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-
md5-passwords --with-pid-dir=/opt/local/var/run --with-pam
--mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5
--with-libedit --with-pie --with-xauth=/opt/local/bin/xauth --with-ldns
--with-audit=bsm --with-keychain=apple
Exit code: 1
Error: Failed to configure openssh: consult
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1/config.log
Error: Failed to configure openssh: configure failure: command execution
failed
Error: See
/opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/main.log
for details.
Error: Follow https://guide.macports.org/#project.tickets if you believe
there
is a bug.
}}}
I did the upgrades with 'port upgrade outdated', zlib 1.2.13_0 -> 1.3_0
and OpenSSH 9.3p2_0 -> 9.4p1_0 and the update of zlib was done before
openssh:
{{{
# port installed | grep '^ zlib'
zlib @1.2.13_0 requested_variants='' platform='darwin 22' archs='x86_64'
date='2023-07-21T19:42:11+0200'
zlib @1.3_0 (active) requested_variants='' platform='darwin 22'
archs='x86_64' date='2023-08-18T18:40:38+0200'
}}}
relevant parts out of
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.4p1/config.log:
{{{
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenSSH configure Portable, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ ./configure --prefix=/opt/local --with-ssl-dir=/opt/local
--sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-
md5-passwords --with-pid-dir=/opt/local/var/run --with-pam
--mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5
--with-libedit --with-pie --with-xauth=/opt/local/bin/xauth --with-ldns
--with-audit=bsm --with-keychain=apple
[...]
configure:10755: checking for zlib
configure:10763: result: yes
configure:10768: checking for zlib.h
configure:10768: /opt/local/bin/clang-mp-15 -c -pipe -Os
-isysroot/Applications/
Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.s
dk -arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall
-Wpointe
r-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-
memacc
ess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation
-Wbitwise-inst
ead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-
call-used
-regs=used -fno-builtin-memset -fstack-protector-strong
-I/opt/local/include -I/
opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__
-D__APPL
E_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__
-isysroot/Applications/Xcode.app/Co
ntents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
conftest.
c >&5
configure:10768: $? = 0
configure:10768: result: yes
[...]
configure:10809: result: yes
configure:10871: checking for possibly buggy zlib
configure:10911: /opt/local/bin/clang-mp-15 -o conftest -pipe -Os
-isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
-arch x86_64 -pipe -Wunknown-warning-option -Qunused-arguments -Wall
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-
pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-
indentation -Wbitwise-instead-of-logical -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used -fno-builtin-memset
-fstack-protector-strong -I/opt/local/include -I/opt/local/include
-DBROKEN_STRNVIS=1 -D__APPLE_SANDBOX_NAMED_EXTERNAL__
-D__APPLE_API_STRICT_CONFORMANCE -D__APPLE_LAUNCHD__
-isysroot/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
-L/opt/local/lib -L/opt/local/lib -Wl,-headerpad_max_install_names
-Wl,-search_paths_first
-Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.sdk
-arch x86_64 -fstack-protector-strong conftest.c -lz >&5
configure:10911: $? = 0
configure:10911: ./conftest
configure:10911: $? = 1
configure: program exited with status 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "OpenSSH"
| #define PACKAGE_TARNAME "openssh"
| #define PACKAGE_VERSION "Portable"
| #define PACKAGE_STRING "OpenSSH Portable"
| #define PACKAGE_BUGREPORT "openssh-unix-dev at mindrot.org"
[...]
| #define HAVE_BASENAME 1
| #define WITH_ZLIB 1
| #define HAVE_LIBZ 1
| /* end confdefs.h. */
|
| #include <stdio.h>
| #include <stdlib.h>
| #include <zlib.h>
|
| int
| main (void)
| {
|
| int a=0, b=0, c=0, d=0, n, v;
| n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
| if (n != 3 && n != 4)
| exit(1);
| v = a*1000000 + b*10000 + c*100 + d;
| fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
|
| /* 1.1.4 is OK */
| if (a == 1 && b == 1 && c >= 4)
| exit(0);
|
| /* 1.2.3 and up are OK */
| if (v >= 1020300)
| exit(0);
|
| exit(2);
|
| ;
| return 0;
| }
configure:10916: result: yes
configure:10919: error: *** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible
your
vendor has fixed these problems without changing the version number. If
you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
If you are in doubt, upgrade zlib to version 1.2.3 or greater.
See http://www.gzip.org/zlib/ for details.
}}}
Doing a 'port activate zlib @1.2.13_0' and then doing the 'port update
openssh' could configure and build OpenSSH. And even after 'port activate
zlib @1.3_0' the OpenSSH cli tools still work.
Bugreport at OpenSSH: https://bugzilla.mindrot.org/show_bug.cgi?id=3604
--
--
Ticket URL: <https://trac.macports.org/ticket/67986#comment:1>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list