CURL 7.86.0

./build update_versions should do the things.
Code:
[root@vps custombuild]# ./build update_versions
Updating cURL
Removing file: /usr/local/bin/curl...
Removing file: /usr/local/bin/curl-config...
....
Package libcurl-devel-7.29.0-59.el7_9.1.x86_64 already installed and latest version

That's that. My VPS had cURL 7.85 running last week.

Now an almost 10 year old version of cURL. We're being carried backwards!
 
That's the way Directadmin goes since the recent.

One have always options:

- complain
- find a solution

If a solution is needed, then it can be an own RPM repository with a custom curl version. Or a custom script to build cURL from sources.
 
I am in for the solution! But, for me it feels tricky to do custom stuff on a production server for something what wasn't a problem till this weekend. So, if somebody could help me through the steps how to update cURL from 7.29.0 upwards, I am more than happy :-)
 
Curl is not listed anymore in that command and you cannot build curl anymore with CustomBuild.

What does curl -V show?
$ curl -V
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets
 
I am in for the solution! But, for me it feels tricky to do custom stuff on a production server for something what wasn't a problem till this weekend. So, if somebody could help me through the steps how to update cURL from 7.29.0 upwards, I am more than happy :)

There is two options in this case:

- a custom installation under /usr/local/. My concern here is that DirectAdmin/Custombuild might see a custom installation of curl and remove it.
- a custom installation under system paths, i.e. overwrite existing one installed from a OS repository. My concern here is that it might break OS.

So testing is required for the both cases.
 
- complain
I don't think that will help anymore. Lot of people can't find or create a fix themselves either.

It's very pity that DA stops the support of the custombuild curl, because even on a fully modern up to date OS like Alma Linux 8.7 the curl version will be 7.61 which is way lower than the current 7.85 version present. :(

Maybe a better solution was to add curl to the yum exclusion list and build via custombuild by default, since it's DA using curl for FTP traffic instead of ncftpput like before.
Maybe curl is better/safer, but in that case, one should not use vulnerable versions, which do apply when using the OS versions, even modern OS versions.

I'm not quite happy with this either.
 
I wonder, what specific features are you missing in cURL when you use it from OS repository? Sure, I could find a change-log, but it does not give clues on your use cases.
 
Ah yes, haven't thought of that. I was thinking Windows alike (only new app version contains new fixes). Forgot about the OS specific updates for a minute.
Thank you for bringing me back on track.

And maybe the TLS, but if I remember correctly DA changed a check for that. Hopefully that will be updated OS independently too.

In that case there's nothing to worry about anymore indeed.
 
I kept seeing the message to downgrade cURL to the OS version, oops now I'm stuck with 7.29 :oops: (CentOS7 server). Did I make this server much more vulnerable now?

I'm not sure what the next step is to keep cURL up to date? Did you find a solution @toktokcity or anyone?
 
This results in curl 7.29.0 etc, but I understand the idea now. Thanks again.
 
Last edited:
Took awhile, but I found one feature missing in 7.29.0 --> HTTP2

Not having HTTP2 breaks APNS, Apple Push Notifications.

nghttp2 is not yum installed and required for this.

I'm not versed in building software, and cURL seems to be a challenge.

Please supply ideas for how to install a newer version of cURL if you have one.
 
Please supply ideas for how to install a newer version of cURL if you have one.
1. upgrade your OS to 8.x
2. manual install (can be messy)
3. Stick with DA 1644 (I have stopped the upgrade (to DA 1.645) for the only Centos 7 server we had, only because of the outdated cURL in OS)
4. still hate the decision of DA staff to drop cURL support in CB !
 
Thanks for the choices!

1. upgrade your OS to 8.x
2. manual install (can be messy)
3. Stick with DA 1644 (I have stopped the upgrade (to DA 1.645) for the only Centos 7 server we had, only because of the outdated cURL in OS)
4. still hate the decision of DA staff to drop cURL support in CB !
3. I wish that I had been able to stop the DA upgrade. Server on Centos 7 also. Don't like being forced into AlmaLinux 8. Especially not hastily.

2. I am looking into the manual build and install, but want to be careful and wishing to see the possible consequences.

Does anyone know of a way to go back to DA 1.644 ?
 
Back
Top