gnu: libgcrypt@1.5: Replace with 1.5.6 [fixes CVE-2016-6316].

* gnu/packages/gnupg.scm (libgcrypt-1.5)[replacement]: New field. (libgcrypt-1.5.6): New variable.
author: Mark H Weaver <mhw@netris.org> 2016-08-17 19:07:03 -0400
committer: Mark H Weaver <mhw@netris.org> 2016-08-17 19:24:48 -0400
commit: 90e20240e38f41c42cd34e432e825e2410992b20 (patch)
tree: d6c738e3c29a131ad6bcb83af524f4dc282039da
parent: 2557131496ed0bf5d4cef79bd2d05fe8eeef58b3 (diff)
download: guix-90e20240e38f41c42cd34e432e825e2410992b20.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index c411973fea..ae741962e4 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -109,6 +109,7 @@ generation.")
 
 (define-public libgcrypt-1.5
   (package (inherit libgcrypt)
+    (replacement libgcrypt-1.5.6)
     (version "1.5.4")
     (source
      (origin
@@ -119,6 +120,19 @@ generation.")
        (base32
         "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m"))))))
 
+(define-public libgcrypt-1.5.6
+  (package
+    (inherit libgcrypt-1.5)
+    (source
+     (let ((version "1.5.6"))
+       (origin
+         (method url-fetch)
+         (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                             version ".tar.bz2"))
+         (sha256
+          (base32
+           "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
+
 (define-public libassuan
   (package
     (name "libassuan")
author	Mark H Weaver <mhw@netris.org>	2016-08-17 19:07:03 -0400
committer	Mark H Weaver <mhw@netris.org>	2016-08-17 19:24:48 -0400
commit	90e20240e38f41c42cd34e432e825e2410992b20 (patch)
tree	d6c738e3c29a131ad6bcb83af524f4dc282039da
parent	2557131496ed0bf5d4cef79bd2d05fe8eeef58b3 (diff)
download	guix-90e20240e38f41c42cd34e432e825e2410992b20.tar.gz