From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal@2rosenthals.com HELO [192.168.100.22]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 11700619 for gnuports@2rosenthals.com; Fri, 03 Jan 2025 16:08:04 -0500 Subject: Re: [GNU Ports] cURL vulnerabilities To: GNU Ports for eCS Mailing List References: <3adea6bc-e344-47bd-8970-3a6bcbc6f9a0@smedley.id.au> Organization: Rosenthal & Rosenthal, LLC Message-ID: <67785183.6030705@2rosenthals.com> Date: Fri, 3 Jan 2025 16:07:15 -0500 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 01/03/25 03:49 pm, Paul Smedley wrote: > Hey again, > > On 4/1/25 07:17, Lewis G Rosenthal wrote: >> Hi... >> >> On 01/03/25 03:21 pm, Paul Smedley wrote: >>> Hi Again, >>> >>> On 4/1/25 06:38, Paul Smedley wrote: >>>> Hey Lewis, >>>> >>>> On 4/1/25 04:24, Lewis G Rosenthal wrote: >>>>> Trying to build 8.11.1 (latest), I didn't get very far (nothing >>>>> useful). Before I dive into it, I was just wondering if anyone else >>>>> had had any greater success. 7.75.0 seems quite outdated for something >>>>> with security implications. >>>>> >>>> I got configure to run, let's see if I get a curl.exe >>>> >>> Untested.... https://smedley.id.au/tmp/curl-8.11.1-os2-20250104.zip >>> >> >> :-D >> >> Somehow, every time I ask a question here, someone actually does the work >> for me. The upside is I get what I want, but the downside is that my own >> skills don't get any better. LOL >> >> Thanks, Paul. I'll give this a whirl right now and see what we get. >> > If you prefer... https://smedley.id.au/curl-8.11.1-os2-20250104b.zip has a > curl4.dll rather than being statically linked, so should be able to be > used with other apps. > Hmmm... Neither package seems to have an exe, however. > What issues were you having building it? > Perhaps the setup is not what I'm getting. Seeing configure.ac in the root of the source tree, I ran autoconf, first. This got me: # autoconf configure.ac:24: error: possibly undefined macro: dnl If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. configure.ac:43: error: possibly undefined macro: AM_MAINTAINER_MODE configure.ac:47: error: possibly undefined macro: AM_CONDITIONAL configure.ac:73: error: possibly undefined macro: AC_MSG_ERROR configure.ac:97: error: possibly undefined macro: AC_MSG_RESULT configure.ac:617: error: possibly undefined macro: AM_COND_IF configure.ac:677: error: possibly undefined macro: AC_DEFINE Not taking the time to research any of that, I forged ahead, now that I had a configure script, I forged ahead, without any options: # ./configure ./configure: 2743: ./configure: XC_OVR_ZZ50: not found ./configure: 2744: ./configure: XC_OVR_ZZ60: not found ./configure: 2745: ./configure: CURL_OVERRIDE_AUTOCONF: not found ./configure: 2753: ./configure: AM_MAINTAINER_MODE: not found ./configure: 2756: ./configure: CURL_CHECK_OPTION_DEBUG: not found ./configure: 2757: ./configure: Syntax error: word unexpected (expecting ")") At that point, I figured I'd ask if there was a newer build available. :-) I guess I could disable some stuff to get this working. I just haven't taken the time to look any further (yet). -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------