gnu: libgcrypt: Replace with 1.7.3 [fixes CVE-2016-6316].

* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. (libgcrypt-1.7.3): New variable.
2016-08-17 19:10:16 -04:00 · 2016-08-17 19:10:16 -04:00 · 67f5adbae6
parent 90e20240e3
commit 67f5adbae6
1 changed files with 14 additions and 0 deletions
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@ -74,6 +74,7 @@ (define-public libgpg-error
 (define-public libgcrypt
  (package
    (name "libgcrypt")
+    (replacement libgcrypt-1.7.3)
    (version "1.7.0")
    (source (origin
             (method url-fetch)
@ -107,6 +108,19 @@ (define-public libgcrypt
    (properties '((ftp-server . "ftp.gnupg.org")
                  (ftp-directory . "/gcrypt/libgcrypt")))))

+(define-public libgcrypt-1.7.3
+  (package
+    (inherit libgcrypt)
+    (source
+     (let ((version "1.7.3"))
+       (origin
+         (method url-fetch)
+         (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                             version ".tar.bz2"))
+         (sha256
+          (base32
+           "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x")))))))
+
 (define-public libgcrypt-1.5
  (package (inherit libgcrypt)
    (replacement libgcrypt-1.5.6)