GNU bug report logs -
#28256
[PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379].
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Sun, 27 Aug 2017 21:29:02 UTC
Severity: normal
Tags: patch
Done: Efraim Flashner <efraim <at> flashner.co.il>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field.
(libgcrypt-1.7.9): New variable.
---
gnu/packages/gnupg.scm | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index fd850c046..a039e530f 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -82,6 +82,7 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
+ (replacement libgcrypt-1.7.9)
(version "1.7.8")
(source (origin
(method url-fetch)
@@ -115,6 +116,19 @@ generation.")
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/libgcrypt")))))
+;; Fixes CVE-2017-0379
+(define libgcrypt-1.7.9
+ (package
+ (inherit libgcrypt)
+ (version "1.7.9")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0frpm4zxqr905ihp37wn8sfz1hir6390z0d2gmjc69hi7iqbpsdz"))))))
+
(define-public libassuan
(package
(name "libassuan")
--
2.14.1
This bug report was last modified 7 years and 255 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.