* [bug#28256] [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379].
@ 2017-08-27 21:28 Leo Famulari
2017-08-28 19:35 ` Marius Bakke
0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2017-08-27 21:28 UTC (permalink / raw)
To: 28256
* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field.
(libgcrypt-1.7.9): New variable.
---
gnu/packages/gnupg.scm | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index fd850c046..a039e530f 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -82,6 +82,7 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
+ (replacement libgcrypt-1.7.9)
(version "1.7.8")
(source (origin
(method url-fetch)
@@ -115,6 +116,19 @@ generation.")
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/libgcrypt")))))
+;; Fixes CVE-2017-0379
+(define libgcrypt-1.7.9
+ (package
+ (inherit libgcrypt)
+ (version "1.7.9")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0frpm4zxqr905ihp37wn8sfz1hir6390z0d2gmjc69hi7iqbpsdz"))))))
+
(define-public libassuan
(package
(name "libassuan")
--
2.14.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-08-28 19:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-27 21:28 [bug#28256] [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379] Leo Famulari
2017-08-28 19:35 ` Marius Bakke
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).