From d058708e86dab50579d3147e3ee2c6fcc03e63c9 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 2 Sep 2016 02:11:49 -0400
Subject: gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and
 CVE-2016-{6261,6263}].

* gnu/packages/libidn.scm (libidn)[replacement]: New field.
(libidn-1.33): New variable.
---
 gnu/packages/libidn.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'gnu')

diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 053565c909..432c1fe675 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -27,6 +27,7 @@
 (define-public libidn
   (package
    (name "libidn")
+   (replacement libidn-1.33)
    (version "1.32")
    (source (origin
             (method url-fetch)
@@ -45,3 +46,16 @@ names.  It includes native C, C# and Java libraries.")
    ;; the command line tool is gpl3+.
    (license (list gpl2+ gpl3+ lgpl3+ fdl1.3+))
    (home-page "http://www.gnu.org/software/libidn/")))
+
+(define libidn-1.33
+  (package
+    (inherit libidn)
+    (source
+      (let ((version "1.33"))
+        (origin
+          (method url-fetch)
+          (uri (string-append "mirror://gnu/libidn/libidn-" version
+                              ".tar.gz"))
+          (sha256
+           (base32
+            "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))))))
-- 
cgit v1.2.3