gnu: curl: Update to 7.79.1.
* gnu/packages/curl.scm (curl): Update to 7.79.1. Delete trailing #t. [origin]: Remove the upstream curl-7.77-tls-priority-string.patch patch. * gnu/packages/patches/curl-7.77-tls-priority-string.patch: Delete it. * gnu/local.mk (dist_patch_DATA): De-register it.master
parent
e976789754
commit
a248421cbd
|
@ -981,7 +981,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/clucene-contribs-lib.patch \
|
%D%/packages/patches/clucene-contribs-lib.patch \
|
||||||
%D%/packages/patches/cube-nocheck.patch \
|
%D%/packages/patches/cube-nocheck.patch \
|
||||||
%D%/packages/patches/curl-use-ssl-cert-env.patch \
|
%D%/packages/patches/curl-use-ssl-cert-env.patch \
|
||||||
%D%/packages/patches/curl-7.77-tls-priority-string.patch \
|
|
||||||
%D%/packages/patches/cursynth-wave-rand.patch \
|
%D%/packages/patches/cursynth-wave-rand.patch \
|
||||||
%D%/packages/patches/cvs-CVE-2017-12836.patch \
|
%D%/packages/patches/cvs-CVE-2017-12836.patch \
|
||||||
%D%/packages/patches/cyrus-sasl-ac-try-run-fix.patch \
|
%D%/packages/patches/cyrus-sasl-ac-try-run-fix.patch \
|
||||||
|
|
|
@ -57,16 +57,15 @@
|
||||||
(define-public curl
|
(define-public curl
|
||||||
(package
|
(package
|
||||||
(name "curl")
|
(name "curl")
|
||||||
(version "7.77.0")
|
(version "7.79.1")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "https://curl.haxx.se/download/curl-"
|
(uri (string-append "https://curl.haxx.se/download/curl-"
|
||||||
version ".tar.xz"))
|
version ".tar.xz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0jsrc97vbghvljic997r9nypc9qqddcil2lzvv032br8ahn5hr0g"))
|
"129n9hi7rbg3s112chyadhp4y27ppb5i65n12wm77aw2255zf1h6"))
|
||||||
(patches (search-patches "curl-use-ssl-cert-env.patch"
|
(patches (search-patches "curl-use-ssl-cert-env.patch"))))
|
||||||
"curl-7.77-tls-priority-string.patch"))))
|
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(outputs '("out"
|
(outputs '("out"
|
||||||
"doc")) ;1.2 MiB of man3 pages
|
"doc")) ;1.2 MiB of man3 pages
|
||||||
|
@ -112,8 +111,7 @@
|
||||||
;; Do not save the configure options to avoid unnecessary references.
|
;; Do not save the configure options to avoid unnecessary references.
|
||||||
(substitute* "curl-config.in"
|
(substitute* "curl-config.in"
|
||||||
(("@CONFIGURE_OPTIONS@")
|
(("@CONFIGURE_OPTIONS@")
|
||||||
"\"not available\""))
|
"\"not available\""))))
|
||||||
#t))
|
|
||||||
(add-after
|
(add-after
|
||||||
'install 'move-man3-pages
|
'install 'move-man3-pages
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
(lambda* (#:key outputs #:allow-other-keys)
|
||||||
|
@ -122,8 +120,7 @@
|
||||||
(doc (assoc-ref outputs "doc")))
|
(doc (assoc-ref outputs "doc")))
|
||||||
(mkdir-p (string-append doc "/share/man"))
|
(mkdir-p (string-append doc "/share/man"))
|
||||||
(rename-file (string-append out "/share/man/man3")
|
(rename-file (string-append out "/share/man/man3")
|
||||||
(string-append doc "/share/man/man3"))
|
(string-append doc "/share/man/man3")))))
|
||||||
#t)))
|
|
||||||
(replace 'check
|
(replace 'check
|
||||||
(lambda* (#:key tests? #:allow-other-keys)
|
(lambda* (#:key tests? #:allow-other-keys)
|
||||||
(substitute* "tests/runtests.pl"
|
(substitute* "tests/runtests.pl"
|
||||||
|
|
|
@ -1,98 +0,0 @@
|
||||||
cURL 7.77.0 would use a bogus TLS priority string favoring older TLS
|
|
||||||
protocol versions, which in turn would prevent access to bitbucket.org:
|
|
||||||
|
|
||||||
https://issues.guix.gnu.org/49035
|
|
||||||
https://github.com/curl/curl/pull/7278
|
|
||||||
|
|
||||||
This patch fixes it.
|
|
||||||
From <https://github.com/curl/curl/pull/7278/commits/b98f79f6ecdb708c67f9a0cec56ce48952a54556>.
|
|
||||||
|
|
||||||
From b98f79f6ecdb708c67f9a0cec56ce48952a54556 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Stenberg <daniel@haxx.se>
|
|
||||||
Date: Fri, 18 Jun 2021 14:54:07 +0200
|
|
||||||
Subject: [PATCH] gnutls: set the prefer ciphers in correct order
|
|
||||||
|
|
||||||
Reported-by: civodul on github
|
|
||||||
Assisted-by: Nikos Mavrogiannopoulos
|
|
||||||
Fixes #7277
|
|
||||||
---
|
|
||||||
lib/vtls/gtls.c | 30 +++++++++++++-----------------
|
|
||||||
1 file changed, 13 insertions(+), 17 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
|
|
||||||
index d9bc5611e8f9..da2af64955c3 100644
|
|
||||||
--- a/lib/vtls/gtls.c
|
|
||||||
+++ b/lib/vtls/gtls.c
|
|
||||||
@@ -330,6 +330,9 @@ set_ssl_version_min_max(struct Curl_easy *data,
|
|
||||||
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ else if(ssl_version_max == CURL_SSLVERSION_MAX_DEFAULT) {
|
|
||||||
+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
switch(ssl_version | ssl_version_max) {
|
|
||||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0:
|
|
||||||
@@ -338,11 +341,11 @@ set_ssl_version_min_max(struct Curl_easy *data,
|
|
||||||
return CURLE_OK;
|
|
||||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
- "+VERS-TLS1.0:+VERS-TLS1.1";
|
|
||||||
+ "+VERS-TLS1.1:+VERS-TLS1.0";
|
|
||||||
return CURLE_OK;
|
|
||||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2";
|
|
||||||
+ "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
|
|
||||||
return CURLE_OK;
|
|
||||||
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
@@ -350,7 +353,7 @@ set_ssl_version_min_max(struct Curl_easy *data,
|
|
||||||
return CURLE_OK;
|
|
||||||
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
- "+VERS-TLS1.1:+VERS-TLS1.2";
|
|
||||||
+ "+VERS-TLS1.2:+VERS-TLS1.1";
|
|
||||||
return CURLE_OK;
|
|
||||||
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
@@ -360,25 +363,17 @@ set_ssl_version_min_max(struct Curl_easy *data,
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
"+VERS-TLS1.3";
|
|
||||||
return CURLE_OK;
|
|
||||||
- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
|
|
||||||
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2"
|
|
||||||
- ":+VERS-TLS1.3";
|
|
||||||
+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_3:
|
|
||||||
+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0";
|
|
||||||
return CURLE_OK;
|
|
||||||
- case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
|
|
||||||
+ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_3:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
- "+VERS-TLS1.1:+VERS-TLS1.2"
|
|
||||||
- ":+VERS-TLS1.3";
|
|
||||||
+ "+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1";
|
|
||||||
return CURLE_OK;
|
|
||||||
- case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
|
|
||||||
+ case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_3:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
- "+VERS-TLS1.2"
|
|
||||||
- ":+VERS-TLS1.3";
|
|
||||||
+ "+VERS-TLS1.3:+VERS-TLS1.2";
|
|
||||||
return CURLE_OK;
|
|
||||||
- case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT:
|
|
||||||
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
|
||||||
- "+VERS-TLS1.2"
|
|
||||||
- ":+VERS-TLS1.3";
|
|
||||||
return CURLE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -608,6 +603,7 @@ gtls_connect_step1(struct Curl_easy *data,
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
#endif
|
|
||||||
+ infof(data, "GnuTLS ciphers: %s\n", prioritylist);
|
|
||||||
rc = gnutls_priority_set_direct(session, prioritylist, &err);
|
|
||||||
#ifdef HAVE_GNUTLS_SRP
|
|
||||||
}
|
|
Reference in New Issue