From 08cba8cca4375d3dda5ad2cabdd2485eac6338bf Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 29 Aug 2017 23:30:43 +0300 Subject: gnu: libgcrypt: Fix CVE-2017-0379. * gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. (libgcrypt/fixed): New variable. --- gnu/packages/gnupg.scm | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index c442ce8aed..d6f0722f6e 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -81,6 +81,7 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package + (replacement libgcrypt/fixed) (name "libgcrypt") (version "1.7.8") (source (origin @@ -115,6 +116,18 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) +(define libgcrypt/fixed + (package + (inherit libgcrypt) + (version "1.8.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" + version ".tar.bz2")) + (sha256 + (base32 + "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s")))))) + (define-public libassuan (package (name "libassuan") -- cgit v1.2.3