gnu: libgcrypt: Fix CVE-2018-0495.

* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. (libgcrypt/fixed): New package.
2018-06-13 22:28:48 +03:00 · 2018-06-13 22:28:48 +03:00 · 03439df66f
parent 85d79a79e4
commit 03439df66f
1 changed files with 14 additions and 0 deletions
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@ -108,6 +108,7 @@ Daemon and possibly more in the future.")

 (define-public libgcrypt
  (package
+    (replacement libgcrypt/fixed)
    (name "libgcrypt")
    (version "1.8.2")
    (source (origin
@ -142,6 +143,19 @@ generation.")
    (properties '((ftp-server . "ftp.gnupg.org")
                  (ftp-directory . "/gcrypt/libgcrypt")))))

+(define libgcrypt/fixed
+  (package
+    (inherit libgcrypt)
+    (name "libgcrypt")
+    (version "1.8.3")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36"))))))
+
 (define-public libassuan
  (package
    (name "libassuan")