diff options
author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2021-10-27 13:42:25 -0400 |
---|---|---|
committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2021-11-11 12:18:22 -0500 |
commit | a248421cbdd27730f436c76aefe322b3091d88b6 (patch) | |
tree | f4e3f8751447dcb405ec6a31bf52dc219117be64 /gnu/packages/patches | |
parent | e976789754c0af63aef4acea18971c9f41ed2826 (diff) |
gnu: curl: Update to 7.79.1.
* gnu/packages/curl.scm (curl): Update to 7.79.1. Delete trailing #t.
[origin]: Remove the upstream curl-7.77-tls-priority-string.patch patch.
* gnu/packages/patches/curl-7.77-tls-priority-string.patch: Delete it.
* gnu/local.mk (dist_patch_DATA): De-register it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/curl-7.77-tls-priority-string.patch | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/gnu/packages/patches/curl-7.77-tls-priority-string.patch b/gnu/packages/patches/curl-7.77-tls-priority-string.patch deleted file mode 100644 index bf1bfa8aaa..0000000000 --- a/gnu/packages/patches/curl-7.77-tls-priority-string.patch +++ /dev/null @@ -1,98 +0,0 @@ -cURL 7.77.0 would use a bogus TLS priority string favoring older TLS -protocol versions, which in turn would prevent access to bitbucket.org: - - https://issues.guix.gnu.org/49035 - https://github.com/curl/curl/pull/7278 - -This patch fixes it. -From <https://github.com/curl/curl/pull/7278/commits/b98f79f6ecdb708c67f9a0cec56ce48952a54556>. - -From b98f79f6ecdb708c67f9a0cec56ce48952a54556 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Fri, 18 Jun 2021 14:54:07 +0200 -Subject: [PATCH] gnutls: set the prefer ciphers in correct order - -Reported-by: civodul on github -Assisted-by: Nikos Mavrogiannopoulos -Fixes #7277 ---- - lib/vtls/gtls.c | 30 +++++++++++++----------------- - 1 file changed, 13 insertions(+), 17 deletions(-) - -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index d9bc5611e8f9..da2af64955c3 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -330,6 +330,9 @@ set_ssl_version_min_max(struct Curl_easy *data, - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; - } - } -+ else if(ssl_version_max == CURL_SSLVERSION_MAX_DEFAULT) { -+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; -+ } - - switch(ssl_version | ssl_version_max) { - case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0: -@@ -338,11 +341,11 @@ set_ssl_version_min_max(struct Curl_easy *data, - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.0:+VERS-TLS1.1"; -+ "+VERS-TLS1.1:+VERS-TLS1.0"; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2"; -+ "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0"; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -@@ -350,7 +353,7 @@ set_ssl_version_min_max(struct Curl_easy *data, - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.1:+VERS-TLS1.2"; -+ "+VERS-TLS1.2:+VERS-TLS1.1"; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -@@ -360,25 +363,17 @@ set_ssl_version_min_max(struct Curl_easy *data, - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.3"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT: -- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2" -- ":+VERS-TLS1.3"; -+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_3: -+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT: -+ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_3: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.1:+VERS-TLS1.2" -- ":+VERS-TLS1.3"; -+ "+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT: -+ case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_3: - *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.2" -- ":+VERS-TLS1.3"; -+ "+VERS-TLS1.3:+VERS-TLS1.2"; - return CURLE_OK; -- case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT: -- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" -- "+VERS-TLS1.2" -- ":+VERS-TLS1.3"; - return CURLE_OK; - } - -@@ -608,6 +603,7 @@ gtls_connect_step1(struct Curl_easy *data, - } - else { - #endif -+ infof(data, "GnuTLS ciphers: %s\n", prioritylist); - rc = gnutls_priority_set_direct(session, prioritylist, &err); - #ifdef HAVE_GNUTLS_SRP - } |