VSI OpenVMS Forum

I was wondering if VSI plans to issue a update to the curl package to address the security vulnerabilities in curl (CVE-2023-38545 & CVE-2023-38546) which were announced this week?

I haven't seen a reply to this come through so, for anyone that is interested, you are welcome to my build of Curl 8.4.0 until VSI releases one. It is available at https://theberrymans.com/php_kits/curl-8_4_0.zip (I really need to rename that directory).

A couple of notes:
1. This kit includes LDAP support so the VSI LDAP kit (either 2.5 or 2.6) needs to be installed.
2. If you are not already aware, you can place a file called cert.pem containing certificates for all of the CAs that you trust in SSL3$CERTS: and any program that calls X509_STORE_set_default_paths() will automatically load them. I use the same ones that Mozilla uses, which can be downloaded from http://curl.haxx.se/docs/caextract.html

Example: curl -O https://vmssoftware.com/docs/VSI_X86V921_RN.pdf

$ curl -V
curl 8.4.0 (OpenVMS x86_64) libcurl/8.4.0 OpenSSL/3.0.10 zlib/1.2.12 libidn2/2.3.4 libssh2/1.11.0 nghttp2/1.57.0 OpenLDAP/2.6.6
Release-Date: 2023-10-11
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL threadsafe TLS-SRP UnixSockets

Hello Mark (long time, no type),

I realize this is not the correct area to be asking this question, but have you published a port of mariadb-5.5 for OpenVMS x86-64 ?

(IIRC, you previously told me why going above version 5 on OpenVMS was not possible at this time)