Upgrade libcurl
Posted: Sat Jun 30, 2018 6:17 am
Hello!
PureBasic 5.62 for Windows comes with the libcurl.lib (version 7.42.1, released on April 2015).
But.. This version has 37 known vulnerabilities, including:
https://curl.haxx.se/docs/vuln-7.42.1.html
At this time that I'm writing, the version 7.60.0 is the most secure version to use (https://curl.haxx.se/docs/vulnerabilities.html).
I wish to see this lib updated on PureBasic. Is possible to update?
Note: As workaround, I'm trying to use the lib from the https://curl.haxx.se/download.html, but I'm getting some POLINK errors
PureBasic 5.62 for Windows comes with the libcurl.lib (version 7.42.1, released on April 2015).
But.. This version has 37 known vulnerabilities, including:
We can find others known vulnerabilities with this version (7.42.1) on cURL site:• HTTP authentication leak in redirects
• URL globbing out of bounds read
• write-out out of buffer read
• invalid URL parsing with '#'
• curl escape and unescape integer overflows
• Incorrect reuse of client certificates
• TLS session resumption client cert bypass
• Re-using connections with wrong client cert
• use of connection struct after free
• Windows DLL hijacking
• lingering HTTP credentials in connection re-use
• and others...
https://curl.haxx.se/docs/vuln-7.42.1.html
At this time that I'm writing, the version 7.60.0 is the most secure version to use (https://curl.haxx.se/docs/vulnerabilities.html).
I wish to see this lib updated on PureBasic. Is possible to update?
Note: As workaround, I'm trying to use the lib from the https://curl.haxx.se/download.html, but I'm getting some POLINK errors
POLINK: error: Unresolved external symbol [...]
