Manje iyatholakala inguqulo entsha yokuvuselela dne- "cURL 7.71.0", lapho begxile ekuxazululeni izimbungulu ezimbili ezinkulu evumela ukufinyelela kwamaphasiwedi kanye nokukwazi ukubhala ngaphezulu amafayela. Kungakho isimemo sokuvuselelwa enguqulweni entsha senziwa.
Kulabo abangazi le nsiza, kufanele bakwazi lokho isebenza ukwamukela nokuthumela idatha ngenethiwekhi, Inikeza amandla okwenza kalula isicelo ngokusetha amapharamitha afana nekhukhi, i-user_agent, i-referer, nanoma iyiphi enye inhloko.
ukoma isekela i-HTTP, i-HTTPS, i-HTTP / 2.0, i-HTTP / 3, i-SMTP, i-IMAP, i-POP3, i-Telnet, i-FTP, i-LDAP, i-RTSP, i-RTMP, nezinye izivumelwano zenethiwekhi. Ngasikhathi sinye, kukhishwe isibuyekezo esifanayo kulabhulali ye-libcurl, enikezela nge-API ukusebenzisa yonke imisebenzi ye-curl ezinhlelweni ngezilimi ezinjenge-C, Perl, PHP, Python.
Izinguquko ezinkulu ku-cURL 7.71.0
Le nguqulo entsha iyisibuyekezo futhi njengoba kushiwo ekuqaleni iza ukuxazulula amaphutha amabili, okulandelayo:
- Ukuba sengozini kwe-CVE-2020-8177- Lokhu kuvumela umhlaseli ukuthi abhale ngaphezulu ifayili lasendaweni kusistimu lapho ethola iseva yokuhlasela elawulwayo. Inkinga ibonakala kuphela lapho izinketho ze- "-J" ("–remote-header-name") kanye ne- "-i" ("–head") zisetshenziswa ngasikhathi sinye.
Okukhethwa kukho "-J" ikuvumela ukuthi ugcine ifayili ngegama elicacisiwe kusihloko se- "Content-Disposition". SSengivele nginefayela elinegama elifanayo, uhlelo i-curl imvamisa iyenqaba ukubhala ngaphezulu, kepha uma inketho "-I" ukhona, i-logic yephuliwe futhi ibhalwe ngaphezulu ifayela (ukuqinisekiswa kwenziwa esigabeni sokwamukela umzimba, kepha ngenketho "-i" izihloko ze-HTTP ziphuma kuqala futhi zibe nesikhathi sokuqhubeka ngaphambi kokucubungula umzimba wokuphendula). Izihloko ze-HTTP kuphela ezibhalelwe ifayela.
- Ukuba sengozini kwe-CVE-2020-8169: lokhu kungadala ukuvuza kuseva ye-DNS yamanye amaphasiwedi ukufinyelela isiza (i-Basic, Digest, NTLM, njll.).
Uma usebenzisa uhlamvu lwe - "@" kuphasiwedi, esetshenziswa futhi njengesinqamuli sephasiwedi ku-URL, lapho kuqondiswa kabusha ukuhanjiswa kwe-HTTP, i-curl izothumela ingxenye yephasiwedi ngemuva kohlamvu "@" kanye nesizinda ukunquma igama.
Isibonelo, uma ucacisa iphasiwedi "passw @ passw" negama lomsebenzisi "umsebenzisi", i-curl izokhiqiza i-URL "https: // user: passw @ passw @ example.com / path" esikhundleni se- "https: user: passw" % 40passw@example.com/path "bese uthumela isicelo sokuxazulula umsingathi" pasww@example.com "esikhundleni se-" example.com ".
Inkinga izibonakalisa lapho inika amandla ukusekelwa kwabaqondisi be-HTTP Isihlobo (sikhutshaziwe nge-CURLOPT_FOLLOWLOCATION).
Endabeni yokusebenzisa i-DNS yendabuko, umhlinzeki we-DNS nomhlaseli bangathola imininingwane mayelana nengxenye ye-password, engavimba ithrafikhi yenethiwekhi yokuhamba (noma ngabe isicelo sokuqala senziwe nge-HTTPS, njengoba ithrafikhi ye-DNS ingafihliwe). Uma usebenzisa i-DNS ngaphezulu kwe-HTTPS (DoH), ukuvuza kunqunyelwe kwisitatimende se-DoH.
Ekugcineni, olunye ushintsho oludidiyelwe kunguqulo entsha ukwengeza inketho "- yokuzama-wonke-amaphutha" yemizamo ephindaphindwayo yokwenza imisebenzi lapho kwenzeka iphutha.
Ungayifaka kanjani i-cURL ku-Linux?
Okwalabo abanentshisekelo yokukwazi ukufaka le nguqulo entsha ye-cURL Bangakwenza ngokulanda ikhodi yomthombo bese beyihlanganisa.
Ukwenza lokhu, into yokuqala esizoyenza ukulanda iphakheji yakamuva ye-cURL ngosizo lwe-terminal, kuyo ake sithayiphe:
wget https://curl.haxx.se/download/curl-7.71.0.tar.xz
Ngemuva kwalokho, sizovula iphakheji elandiwe nge:
tar -xzvf curl-7.71.0.tar.xz
Sifaka ifolda esanda kudalwa nge:
cd curl-7.71.0
Sifaka njengezimpande nge:
sudo su
Futhi sithayipha okulandelayo:
./configure --prefix=/usr \ --disable-static \ --enable-threaded-resolver \ --with-ca-path=/etc/ssl/certs &&
make make install && rm -rf docs/examples/.deps &&
find docs \( -name Makefile\* -o -name \*.1 -o -name \*.3 \) -exec rm {} \; &&
install -v -d -m755 /usr/share/doc/curl-7.71.0 && cp -v -R docs/* /usr/share/doc/curl-7.71.0
Ekugcineni singabheka inguqulo nge:
curl --version
Uma ufuna ukwazi kabanzi ngayo, ungaxhumana isixhumanisi esilandelayo.