From 90e20240e38f41c42cd34e432e825e2410992b20 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 17 Aug 2016 19:07:03 -0400 Subject: [PATCH] gnu: libgcrypt@1.5: Replace with 1.5.6 [fixes CVE-2016-6316]. * gnu/packages/gnupg.scm (libgcrypt-1.5)[replacement]: New field. (libgcrypt-1.5.6): New variable. --- gnu/packages/gnupg.scm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index c411973fea..ae741962e4 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -109,6 +109,7 @@ generation.") (define-public libgcrypt-1.5 (package (inherit libgcrypt) + (replacement libgcrypt-1.5.6) (version "1.5.4") (source (origin @@ -119,6 +120,19 @@ generation.") (base32 "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m")))))) +(define-public libgcrypt-1.5.6 + (package + (inherit libgcrypt-1.5) + (source + (let ((version "1.5.6")) + (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" + version ".tar.bz2")) + (sha256 + (base32 + "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))) + (define-public libassuan (package (name "libassuan")