[sylpheed:34520] Re: 3.1/Win32 and curl.exe

Gisle Vanem gvanem at broadpark.no
Wed Apr 6 05:50:30 JST 2011


"Gene Goldenfeld" <genegold at fastmail.fm> wrote:

>  Last night, Secunia PSI showed curl.exe, a file used by Sylpheed and
> another program I have, as "insecure."  Sylpheed's version is 7.19.4.0
> and the new one is 7.21.4.0.  I downloaded and copied it over. Today,
> Sylpheed opened alright, but several seconds later there was an error
> box, "curl.exe - unable to locate component. libssl32.dll not found.
> Reinstall the application.."  Repeated it just to be sure. The odd thing
> is that libssl32.dll is not in the Sylpheed 3.1.0/Win32 package, as far
> as I can tell, and bringing it in just creates another curl.exe error
> message: "HMAC_clean up could not be located in the dynamic library
> libeay32.dll." I've gone back to 7.19.4.0 for now (with the
> libssl32.dll I downloaded still there). Ironically, a PSI scan
> afterward didn't find curl.exe 7.19.4 insecure, tho I wonder if it's
> just a matter of time before it does.  

No, I've been using/building/contributing to curl and libcurl for years.
There aren't any backdoors or malware in it (if that what you insinuate).
What does Secunia PSI mean by "insecure"? I think this is a case of a false
positive, but hard to tell w/o any more info.

If your curl is outdated that isn't the fault of the curl/libcurl developer, but
rather you or the ones packaging the Sylpeed distro. 

The problem with the missing "HMAC_clean()" is just the "DLL hell" problem.
You need to update both curl *and* the OpenSSL libs (libssl32.dll and libeay32.dll)
to current version (1.1.0 I think). I have libcurl, curl and OpenSSL installed here (in 
fact I build these myself regularly... I don't trust software I cannot build myself :-))

I checked with "depends curl.exe"; It doesn't import anything resembling
"HMAC_clean" from libeay32.dll. I also checked the latest OpenSSL sources;
there isn't any function called "HMAC_clean()".

--gv



More information about the Sylpheed mailing list