From 08cba8cca4375d3dda5ad2cabdd2485eac6338bf Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Tue, 29 Aug 2017 23:30:43 +0300
Subject: gnu: libgcrypt: Fix CVE-2017-0379.

* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field.
(libgcrypt/fixed): New variable.
---
 gnu/packages/gnupg.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'gnu')

diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index c442ce8aed..d6f0722f6e 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -81,6 +81,7 @@ (define-public libgpg-error
 
 (define-public libgcrypt
   (package
+    (replacement libgcrypt/fixed)
     (name "libgcrypt")
     (version "1.7.8")
     (source (origin
@@ -115,6 +116,18 @@ (define-public libgcrypt
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
+(define libgcrypt/fixed
+  (package
+    (inherit libgcrypt)
+    (version "1.8.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s"))))))
+
 (define-public libassuan
   (package
     (name "libassuan")
-- 
cgit v1.2.3