GNU bug report logs - #28256
[PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sun, 27 Aug 2017 21:29:02 UTC

Severity: normal

Tags: patch

Done: Efraim Flashner <efraim <at> flashner.co.il>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 28256 in the body.
You can then email your comments to 28256 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#28256; Package guix-patches. (Sun, 27 Aug 2017 21:29:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sun, 27 Aug 2017 21:29:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes
 CVE-2017-0379].
Date: Sun, 27 Aug 2017 17:28:17 -0400

* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field.
(libgcrypt-1.7.9): New variable.
---
 gnu/packages/gnupg.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index fd850c046..a039e530f 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -82,6 +82,7 @@ Daemon and possibly more in the future.")
 (define-public libgcrypt
   (package
     (name "libgcrypt")
+    (replacement libgcrypt-1.7.9)
     (version "1.7.8")
     (source (origin
              (method url-fetch)
@@ -115,6 +116,19 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
+;; Fixes CVE-2017-0379
+(define libgcrypt-1.7.9
+  (package
+    (inherit libgcrypt)
+    (version "1.7.9")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "0frpm4zxqr905ihp37wn8sfz1hir6390z0d2gmjc69hi7iqbpsdz"))))))
+
 (define-public libassuan
   (package
     (name "libassuan")
-- 
2.14.1
Information forwarded to guix-patches <at> gnu.org:
bug#28256; Package guix-patches. (Mon, 28 Aug 2017 19:36:05 GMT) Full text and rfc822 format available.

Message #8 received at 28256 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Leo Famulari <leo <at> famulari.name>, 28256 <at> debbugs.gnu.org
Subject: Re: [bug#28256] [PATCH] gnu: libgcrypt: Replace with libgcrypt
 1.7.9	[fixes CVE-2017-0379].
Date: Mon, 28 Aug 2017 21:35:22 +0200

[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:

> * gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field.
> (libgcrypt-1.7.9): New variable.

LGTM.

[signature.asc (application/pgp-signature, inline)]
bug closed, send any further explanations to 28256 <at> debbugs.gnu.org and Leo Famulari <leo <at> famulari.name> Request was from Efraim Flashner <efraim <at> flashner.co.il> to control <at> debbugs.gnu.org. (Wed, 06 Sep 2017 16:08:03 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 05 Oct 2017 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 7 years and 254 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.