Yanzu akwai sabon tsarin sabuntawa dda kuma "cURL 7.71.0", a cikin abin da suka mai da hankali kan warware manyan ƙwaro biyu wannan yana ba da damar samun kalmomin shiga da kuma ikon sake rubuta fayiloli. Abin da ya sa ake yin gayyatar haɓakawa zuwa sabon sigar.
Ga wadanda basu sani ba wannan mai amfani, ya kamata su san hakan yayi aiki don karɓa da aika bayanai akan hanyar sadarwa, Yana bayar da ikon ƙirƙirar buƙata ta sassauƙa ta hanyar saita sigogi kamar su kuki, mai amfani da adireshi, da kuma kowane taken.
curl yana tallafawa HTTP, HTTPS, HTTP / 2.0, HTTP / 3, SMTP, IMAP, POP3, Telnet, FTP, LDAP, RTSP, RTMP, da sauran ladabi na hanyar sadarwa. A lokaci guda, an sake sabuntawa ta daidaici zuwa ɗakin karatu na libcurl, wanda ke ba da API don amfani da duk ayyukan curl a cikin shirye-shirye a cikin yare kamar C, Perl, PHP, Python.
Babban canje-canje a cikin CURL 7.71.0
Wannan sabon sigar shine sabuntawa kuma kamar yadda aka ambata a farkon ya zo don magance kwari biyu, waɗanda sune masu zuwa:
- Ularfafawa CVE-2020-8177- Wannan yana bawa mai kawo hari damar sake rubuta fayil na gida akan tsarin yayin shiga uwar garken kai harin da aka sarrafa. Matsalar tana bayyana ne kawai yayin da aka yi amfani da zaɓuɓɓukan "-J" ("-remote-header-name") da "-i" ("- -head") a lokaci guda.
Zaɓin "-J" yana baka damar adana fayil din tare da takamaiman sunan a cikin taken "Yarda da Abinda ke ciki". Sna riga na wanzu fayil mai suna iri ɗaya, shirin curl kullum ya ƙi sake rubutawa, amma idan zaɓi "-I" yana nan, an ɓata dabarun tabbatarwa kuma an sake rubuta su fayil din (ana yin tabbaci a matakin karbar jikin, amma tare da zabin "-i" sai shugabannin HTTP su fara fita kuma suna da lokacin dagewa kafin aiwatar da jikin masu amsawa). Kawai taken HTTP ne aka rubuta zuwa fayil din.
- CVE-2020-8169 yanayin rauni: wannan na iya haifar da yoyo a cikin sabar DNS na wasu kalmomin shiga don samun damar shafin (Basic, Digest, NTLM, da sauransu).
Lokacin amfani da harafin "@" a cikin kalmar sirri, wanda kuma ana amfani dashi azaman mai ƙayyade kalmar shiga a cikin URL ɗin, lokacin da aka kunna turawar HTTP, curl zai aika wani ɓangare na kalmar sirri bayan harafin "@" tare da yankin don tantancewa suna.
Misali, idan ka sanya kalmar wucewa "passw @ passw" da sunan mai amfani "mai amfani", curl zai samar da adireshin "https: // user: passw @ passw @ example.com / path" maimakon "https: mai amfani: passw % 40passw@example.com/path "kuma aika buƙata don warware mai masaukin" pasww@example.com "maimakon" example.com ".
Matsalar tana bayyana kanta yayin ba da tallafi ga masu sauya hanyar HTTP Dangi (an kashe ta cikin CURLOPT_FOLLOWLOCATION).
Game da amfani da gargajiyar DNS, mai ba da sabis na DNS da maharin za su iya samun bayanai game da wani ɓangare na kalmar sirri, wanda zai iya dakatar da zirga-zirgar hanyar sadarwar hanyar wucewa (ko da kuwa an yi ainihin neman a kan HTTPS, saboda ba a ɓoye ɓoyayyen DNS ba). Lokacin amfani da DNS akan HTTPS (DoH), zubowar an iyakance ga bayanin DoH.
Aƙarshe, wani canje-canjen da aka shigar cikin sabon sigar shine ƙari na zaɓin "-ryry-all-kurakurai" don maimaita yunƙurin aiwatar da ayyuka lokacin da kuskure ya auku.
Yadda ake girka CURL akan Linux?
Ga waɗanda suke da sha'awar iya shigar da wannan sabon sigar na cURL Zasu iya yin hakan ta hanyar saukar da lambar tushe da harhada shi.
Don yin wannan, abu na farko da zamuyi shine zazzage sabon kunshin curl tare da taimakon m, a ciki bari mu rubuta:
wget https://curl.haxx.se/download/curl-7.71.0.tar.xz
Bayan haka, zamu cire kunshin da aka zazzage tare da:
tar -xzvf curl-7.71.0.tar.xz
Mun shigar da sabuwar fayil da aka kirkira tare da:
cd curl-7.71.0
Mun shiga cikin tushe tare da:
sudo su
Kuma mun rubuta wadannan:
./configure --prefix=/usr \ --disable-static \ --enable-threaded-resolver \ --with-ca-path=/etc/ssl/certs &&
make make install && rm -rf docs/examples/.deps &&
find docs \( -name Makefile\* -o -name \*.1 -o -name \*.3 \) -exec rm {} \; &&
install -v -d -m755 /usr/share/doc/curl-7.71.0 && cp -v -R docs/* /usr/share/doc/curl-7.71.0
A ƙarshe zamu iya bincika sigar tare da:
curl --version
Idan kana son karin bayani game da shi, zaka iya tuntuba mahada mai zuwa.