From 03439df66fc2699b22e5786b33324e5432cfe8cf Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 13 Jun 2018 22:28:48 +0300 Subject: [PATCH] gnu: libgcrypt: Fix CVE-2018-0495. * gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. (libgcrypt/fixed): New package. --- gnu/packages/gnupg.scm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index ecd280f6db..6a0defb46f 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -108,6 +108,7 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package + (replacement libgcrypt/fixed) (name "libgcrypt") (version "1.8.2") (source (origin @@ -142,6 +143,19 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) +(define libgcrypt/fixed + (package + (inherit libgcrypt) + (name "libgcrypt") + (version "1.8.3") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" + version ".tar.bz2")) + (sha256 + (base32 + "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36")))))) + (define-public libassuan (package (name "libassuan")