From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal@2rosenthals.com HELO [192.168.100.22]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 11710200 for gnuports@2rosenthals.com; Fri, 03 Jan 2025 23:48:27 -0500 Subject: Re: [GNU Ports] cURL vulnerabilities To: GNU Ports for eCS Mailing List References: <3adea6bc-e344-47bd-8970-3a6bcbc6f9a0@smedley.id.au> Organization: Rosenthal & Rosenthal, LLC Message-ID: <6778BD99.3090808@2rosenthals.com> Date: Fri, 3 Jan 2025 23:48:25 -0500 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, Dave... On 01/03/25 07:14 pm, Dave Yeo wrote: > On 01/03/25 01:32 PM, Lewis G Rosenthal wrote: >> A little more on my build problem: >> >> On 01/03/25 04:07 pm, Lewis G Rosenthal wrote: >>> On 01/03/25 03:49 pm, Paul Smedley wrote: >>>> Hey again, >>>> >>>> On 4/1/25 07:17, Lewis G Rosenthal wrote: >>>>> Hi... >>>>> >>>>> On 01/03/25 03:21 pm, Paul Smedley wrote: >>>>>> Hi Again, >>>>>> >>>>>> On 4/1/25 06:38, Paul Smedley wrote: >>>>>>> Hey Lewis, >>>>>>> >>>>>>> On 4/1/25 04:24, Lewis G Rosenthal wrote: >>>>>>>> Trying to build 8.11.1 (latest), I didn't get very far (nothing >>>>>>>> useful). Before I dive into it, I was just wondering if anyone >>>>>>>> else had had any greater success. 7.75.0 seems quite outdated for >>>>>>>> something with security implications. >>>>>>>> >>>>>>> I got configure to run, let's see if I get a curl.exe >>>>>>> >>>>>> Untested.... https://smedley.id.au/tmp/curl-8.11.1-os2-20250104.zip >>>>>> >>>>> >>>>> :-D >>>>> >>>>> Somehow, every time I ask a question here, someone actually does the >>>>> work for me. The upside is I get what I want, but the downside is >>>>> that my own skills don't get any better. LOL >>>>> >>>>> Thanks, Paul. I'll give this a whirl right now and see what we get. >>>>> >>>> If you prefer... https://smedley.id.au/curl-8.11.1-os2-20250104b.zip >>>> has a curl4.dll rather than being statically linked, so should be >>>> able to be used with other apps. >>>> >>> >>> Hmmm... Neither package seems to have an exe, however. >>> >>>> What issues were you having building it? >>>> >>> >>> Perhaps the setup is not what I'm getting. Seeing configure.ac in the >>> root of the source tree, I ran autoconf, first. This got me: >>> >>> # autoconf >>> configure.ac:24: error: possibly undefined macro: dnl >>> If this token and others are legitimate, please use >>> m4_pattern_allow. >>> See the Autoconf documentation. >> >> I thought that dnl was a built-in M4 macro. > > dnl is usually used as a comment delimiter, eg > dnl this is a comment. > Right, but dnl (discard new line) is an m4 macro. Anyway, running more autotools, I seem to have resolved that one. As I suspected, it is my ignorance of autotools which bit me. >> >> I have: >> >> autoconf-2.69-6.oc00.noarch >> autoconf-archive-2019.01.06-1.oc00.noarch >> m4-1.4.18-1.oc00.pentium4 >> >> I don't know enough about M4 to know how to get it to show me what it >> has in the way of macros. Is 1.4.18 too old (2016)? >> >>> configure.ac:43: error: possibly undefined macro: AM_MAINTAINER_MODE >>> configure.ac:47: error: possibly undefined macro: AM_CONDITIONAL >>> configure.ac:73: error: possibly undefined macro: AC_MSG_ERROR >>> configure.ac:97: error: possibly undefined macro: AC_MSG_RESULT >>> configure.ac:617: error: possibly undefined macro: AM_COND_IF >>> configure.ac:677: error: possibly undefined macro: AC_DEFINE >>> >>> Not taking the time to research any of that, I forged ahead, now that >>> I had a configure script, I forged ahead, without any options: >>> >>> # ./configure >>> ./configure: 2743: ./configure: XC_OVR_ZZ50: not found >>> ./configure: 2744: ./configure: XC_OVR_ZZ60: not found >> >> zz50-xc-ovr.m4 and zz60-xc-ovr.m4 are present in the m4 directory. Path >> issue? That would seem odd, but I haven't closely examined configure to >> see if perhaps that is in error. >> >>> ./configure: 2745: ./configure: CURL_OVERRIDE_AUTOCONF: not found >>> ./configure: 2753: ./configure: AM_MAINTAINER_MODE: not found >>> ./configure: 2756: ./configure: CURL_CHECK_OPTION_DEBUG: not found >>> ./configure: 2757: ./configure: Syntax error: word unexpected >>> (expecting ")") >>> >> >> The syntax error seems to tell me that something prior to this is being >> misinterpreted (no wonder). So, again, I suspect it's my build setup >> which is lacking. >> > > Try autoreconf -fis or --force --install --symlink. The -s,--symlink is > optional. I find it easier then running all the other auto tools stuff and > it usually works. > Thanks for the tip! I'll see about merging Silvan's patches and give that a whirl. -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------