gnu: libgcrypt: Fix CVE-2017-0379.

* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. (libgcrypt/fixed): New variable.
2017-08-29 23:30:43 +03:00 · 2017-08-29 23:30:43 +03:00 · 08cba8cca4
commit 08cba8cca4
parent 0ae32da8d6
1 changed files with 13 additions and 0 deletions
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@ -81,6 +81,7 @@ Daemon and possibly more in the future.")

 (define-public libgcrypt
  (package
+    (replacement libgcrypt/fixed)
    (name "libgcrypt")
    (version "1.7.8")
    (source (origin
@ -115,6 +116,18 @@ generation.")
    (properties '((ftp-server . "ftp.gnupg.org")
                  (ftp-directory . "/gcrypt/libgcrypt")))))

+(define libgcrypt/fixed
+  (package
+    (inherit libgcrypt)
+    (version "1.8.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s"))))))
+
 (define-public libassuan
  (package
    (name "libassuan")