gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and CVE-2016-{6261,6263}].

* gnu/packages/libidn.scm (libidn)[replacement]: New field. (libidn-1.33): New variable.
2016-09-02 02:11:49 -04:00 · 2016-09-02 02:11:49 -04:00 · d058708e86
parent 135ba811c6
commit d058708e86
1 changed files with 14 additions and 0 deletions
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@ -27,6 +27,7 @@
 (define-public libidn
  (package
   (name "libidn")
+   (replacement libidn-1.33)
   (version "1.32")
   (source (origin
            (method url-fetch)
@ -45,3 +46,16 @@ names.  It includes native C, C# and Java libraries.")
   ;; the command line tool is gpl3+.
   (license (list gpl2+ gpl3+ lgpl3+ fdl1.3+))
   (home-page "http://www.gnu.org/software/libidn/")))
+
+(define libidn-1.33
+  (package
+    (inherit libidn)
+    (source
+      (let ((version "1.33"))
+        (origin
+          (method url-fetch)
+          (uri (string-append "mirror://gnu/libidn/libidn-" version
+                              ".tar.gz"))
+          (sha256
+           (base32
+            "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))))))