diff options
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/curl.scm | 13 | ||||
| -rw-r--r-- | gnu/packages/patches/curl-7.77-tls-priority-string.patch | 98 |
3 files changed, 5 insertions, 107 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 3952795c3b..8a2afe408b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -981,7 +981,6 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/curl-use-ssl-cert-env.patch \ - %D%/packages/patches/curl-7.77-tls-priority-string.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-CVE-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-ac-try-run-fix.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 4c90c7b301..6d2f36397f 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -57,16 +57,15 @@ (define-public curl (package (name "curl") - (version "7.77.0") + (version "7.79.1") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) (sha256 (base32 - "0jsrc97vbghvljic997r9nypc9qqddcil2lzvv032br8ahn5hr0g")) - (patches (search-patches "curl-use-ssl-cert-env.patch" - "curl-7.77-tls-priority-string.patch")))) + "129n9hi7rbg3s112chyadhp4y27ppb5i65n12wm77aw2255zf1h6")) + (patches (search-patches "curl-use-ssl-cert-env.patch")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -112,8 +111,7 @@ ;; Do not save the configure options to avoid unnecessary references. (substitute* "curl-config.in" (("@CONFIGURE_OPTIONS@") - "\"not available\"")) - #t)) + "\"not available\"")))) (add-after 'install 'move-man3-pages (lambda* (#:key outputs #:allow-other-keys) @@ -122,8 +120,7 @@ (doc (assoc-ref outputs "doc"))) (mkdir-p (string-append doc "/share/man")) (rename-file (string-append out "/share/man/man3") - (string-append doc "/share/man/man3")) - #t))) + (string-append doc "/share/man/man3"))))) (replace 'check (lambda* (#:key tests? #:allow-other-keys) (substitute* "tests/runtests.pl" diff --git a/gnu/packages/patches/curl-7.77-tls-priority-string.patch b/gnu/packages/patches/curl-7.77-tls-priority-string.patch deleted file mode 100644 index bf1bfa8aaa..0000000000 --- a/gnu/packages/patches/curl-7.77-tls-priority-string.patch +++ /dev/null @@ -1,98 +0,0 @@ -cURL 7.77.0 would use a bogus TLS priority string favoring older TLS -protocol versions, which in turn would prevent access to bitbucket.org: - - https://issues.guix.gnu.org/49035 - https://github.com/curl/curl/pull/7278 - -This patch fixes it. -From <https://github.com/curl/curl/pull/7278/commits/b98f79f6ecdb708c67f9a0cec56ce48952a54556>. - -From b98f79f6ecdb708c67f9a0cec56ce48952a54556 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Fri, 18 Jun 2021 14:54:07 +0200 -Subject: [PATCH] gnutls: set the prefer ciphers in correct order - -Reported-by: civodul on github -Assisted-by: Nikos Mavrogiannopoulos -Fixes #7277 ---- - lib/vtls/gtls.c | 30 +++++++++++++----------------- - 1 file changed, 13 insertions(+), 17 deletions(-) - -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index d9bc5611e8f9..da2af64955c3 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -330,6 +330,9 @@ set_ssl_version_min_max(struct Curl_easy *data, - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; - } - } -+ else if(ssl_version_max == CURL_SSLVERSION_MAX_DEFAULT) { -+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; -+ } - - switch(ssl_version | ssl_version_max) { - case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0: -@@ -338,11 +341,11 @@ set_ssl_version_min_max(struct Curl_easy *data, - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.0:+VERS-TLS1.1"; -+ "+VERS-TLS1.1:+VERS-TLS1.0"; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2"; -+ "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0"; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -@@ -350,7 +353,7 @@ set_ssl_version_min_max(struct Curl_easy *data, - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.1:+VERS-TLS1.2"; -+ "+VERS-TLS1.2:+VERS-TLS1.1"; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -@@ -360,25 +363,17 @@ set_ssl_version_min_max(struct Curl_easy *data, - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.3"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT: -- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2" -- ":+VERS-TLS1.3"; -+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_3: -+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT: -+ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_3: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.1:+VERS-TLS1.2" -- ":+VERS-TLS1.3"; -+ "+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT: -+ case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_3: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.2" -- ":+VERS-TLS1.3"; -+ "+VERS-TLS1.3:+VERS-TLS1.2"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT: -- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.2" -- ":+VERS-TLS1.3"; - return CURLE_OK; - } - -@@ -608,6 +603,7 @@ gtls_connect_step1(struct Curl_easy *data, - } - else { - #endif -+ infof(data, "GnuTLS ciphers: %s\n", prioritylist); - rc = gnutls_priority_set_direct(session, prioritylist, &err); - #ifdef HAVE_GNUTLS_SRP - } |