is the curl on the DA customBuild or OS?

taker18

taker18

Verified User
Joined
Oct 18, 2021
Messages
141
Location
USA
HI every One I have issue with curl error 28 it casued by one single website that eefect all the sites after thatand getting that rest API error 28 : however so I am trying also trying to update curl with

sudo dnf update curl
Click to expand...
the output
Last metadata expiration check: 2:18:46 ago on Fri 13 Sep 2024 11:39:03 PM CDT.
Dependencies resolved.
Nothing to do.
Complete!
Click to expand...

My current is

curl --version
curl 7.76.1 (x86_64-redhat-linux-gnu) libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0
Release-Date: 2021-04-14
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets
Click to expand...

after searching in many threads, sounds like we need to migrate the curl first
bertvandepoel

Thread 'Switching curl from CB to OS version'

Like many of you, we have several DirectAdmin installations that historically used the curl version supplied by CustomBuild. This has, since curl was pulled from CustomBuild, resulted in a lot of messages like "cURL 7.84.0 to OS update is available.". With the upcoming very serious security issue in curl (see
https://twitter.com/x/status/1709103920914526525
and https://github.com/curl/curl/discussions/12026 ), we are worried that the custombuild curl and libcurl are still being used on our DirectAdmin installations and that PHP is still build against them. We've therefore been looking into how we could...

I am not sure if its good idea or not, let me know if i need to migrate first or just update.



any help regarding upgrade curl is appreciate it
 
Currently, it's using from OS.


In the part, DA have support custombuild for this package, but causing too many problem on difference OS
 
Ohm J said:
In the part, DA have support Custom Build for this package, but causing too many problem on difference OS
Click to expand...
sounds like a tricky problem also among the Wordpress community, I see your point.
I would like to update, have you ever got any issue in updating to The latest stable version of curl for Linux is 8.10.0, Which was released on September 11, 2024.
My current is:
curl 7.76.1 (x86_64-redhat-linux-gnu) Release-Date: 2021-04-14

I wonder if there is a reason to keep it on this old version, which I am not aware of. I want to make sure before the update.

Thank you
 
Yeah, in the old days, I doing something like this too, but somehow too new version could cause other package compiler fail.

If I remember, I only see PHP fail too build. In now I don't know which package could cause similar problem. so beaware this when you manual install CURL.
 
taker18 said:
My current is:
curl 7.76.1 (x86_64-redhat-linux-gnu) Release-Date: 2021-04-14
Click to expand...
Redhat/CentOS/AlmaLinux/Rocky Linux all backport security patches to their RPM packages but keep same version number, so you can't judge it via the reported version number i.e. list curl RPM change log to inspect backports/updates

AlmaLinux 9's curl YUM package was last updated June 6, 2024 for security fix for CVE-2024-2398 and they updated for security fixes March 6,, 2024 and October 10, 2023.

Code: 
rpm -q --changelog curl | head -n11

* Thu Jun 06 2024 Jacek Migacz <[email protected]> - 7.76.1-29.el9_4.1
- provide common cleanup method for push headers (CVE-2024-2398)

* Wed Mar 06 2024 Jacek Migacz <[email protected]> - 7.76.1-29
- rebuild for 9.4 GA

* Tue Oct 10 2023 Jacek Migacz <[email protected]> - 7.76.1-28
- return error if hostname too long for remote resolve (CVE-2023-38545)
- fix cookie injection with none file (CVE-2023-38546)
- cap SFTP packet size sent (RHEL-14697)
- lowercase the domain names before PSL checks (CVE-2023-46218)

So you might not need to update curl outside of YUM repo provided version.

Only reason to update curl outside for me is if you want to add HTTP/3 QUIC and zstd HTTP content encoding support. For that I build my own AlmaLinux/Rocky Linux EL8/EL9 custom curl RPM and dependencies that install besides system curl so they do not conflict :)

i.e. my custom curl HTTP/3 QUIC RPMs and private curl YUM repo :D

Code: 
yum list curl-* --disablerepo=* --enablerepo=curl-http3 | tr -s ' ' | column -t
Last                      metadata        expiration   check:  0:00:47  ago  on  Thu  Sep  12  14:57:58  2024.
Installed                 Packages                                                                       
curl-brotli.x86_64        1:1.1.0-1.el9   @curl-http3                                                   
curl-c-ares.x86_64        1:1.30-1.el9    @curl-http3                                                   
curl-jansson.x86_64       1:2.14-1.el9    @curl-http3                                                   
curl-kerberos.x86_64      1:1.21.3-1.el9  @curl-http3                                                   
curl-libidn2.x86_64       1:2.3.7-1.el9   @curl-http3                                                   
curl-libldap.x86_64       1:2.6.8-1.el9   @curl-http3                                                   
curl-libpcre2.x86_64      1:10.44-1.el9   @curl-http3                                                   
curl-libpsl.x86_64        1:0.21.5-1.el9  @curl-http3                                                   
curl-libssh2.x86_64       1:1.11.0-1.el9  @curl-http3                                                   
curl-libunistring.x86_64  1:1.2-1.el9     @curl-http3                                                   
curl-nghttp2.x86_64       1:1.62.1-1.el9  @curl-http3                                                   
curl-nghttp3.x86_64       1:1.5.0-1.el9   @curl-http3                                                   
curl-ngtcp2.x86_64        1:1.7.0-1.el9   @curl-http3                                                   
curl-quictls.x86_64       1:8.10.0-1.el9  @curl-http3                                                   
curl-zlib.x86_64          1:1.2.13-1.el9  @curl-http3                                                   
curl-zstd.x86_64          1:1.5.6-1.el9   @curl-http3

custom curl with HTTP/3 QUIC and zstd etc

Code: 
curl -V
curl 8.10.0 (x86_64-pc-linux-gnu) libcurl/8.10.0 quictls/3.1.7 zlib/1.2.13 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.62.1 ngtcp2/1.7.0 nghttp3/1.5.0 OpenLDAP/2.6.8
Release-Date: 2024-09-12
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd

with custom curl with HTTP/3 QUIC support

Code: 
curl -I --http3 https://www.cloudflare.com
HTTP/3 200
date: Sat, 14 Sep 2024 18:45:33 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: geolocation=(), camera=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-gww-loc: EN-US
x-pgs-loc: EN-US
x-rm: GW
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=O7FmtUx437dcNs4kcUkn8yvYilD_7iInl5IF7Y32pyU-1726339533-1.0.1.1-NwZg0LdO.y_RIEqkUfxVP35qn__U0qloXAxUkb0gJgBrdrrnd__4JhIW3YvIJ4ByLmTE9NAfdEOKWoW3G9dccYiKdqYS6rskcwVZtKVsLYE; path=/; expires=Sat, 14-Sep-24 19:15:33 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zYSXU8lHq%2Fwh7bxK8SyLzKbhf96UQSQO8k2WPP%2BiTFpUu%2BoMYG9NP5tpq2en2SqdPvAcU8Yc73Qz8T4rdXOKWVW4bdaZx8%2BZurfBfS8IyJHNZ9D36nr8NbqrVhKJ70JvrC9jlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c3288e5e93408fe-LAX
alt-svc: h3=":443"; ma=86400

compared to AlmaLinux 9 system curl

Code: 
curl -V
curl 7.76.1 (x86_64-redhat-linux-gnu) libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0
Release-Date: 2021-04-14
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets
 
You must log in or register to reply here.
Back
Top