gnu: libgcrypt: Replace with 1.7.3 [fixes CVE-2016-6316].

* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field.
(libgcrypt-1.7.3): New variable.
This commit is contained in:
Mark H Weaver 2016-08-17 19:10:16 -04:00
parent 90e20240e3
commit 67f5adbae6
No known key found for this signature in database
GPG key ID: 7CEF29847562C516

View file

@ -74,6 +74,7 @@ (define-public libgpg-error
(define-public libgcrypt
(package
(name "libgcrypt")
(replacement libgcrypt-1.7.3)
(version "1.7.0")
(source (origin
(method url-fetch)
@ -107,6 +108,19 @@ (define-public libgcrypt
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/libgcrypt")))))
(define-public libgcrypt-1.7.3
(package
(inherit libgcrypt)
(source
(let ((version "1.7.3"))
(origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
"0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x")))))))
(define-public libgcrypt-1.5
(package (inherit libgcrypt)
(replacement libgcrypt-1.5.6)