summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2022-10-16 02:00:00 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2022-10-16 02:00:00 +0200
commit033cbd11a837dbc7602799f15d691221653e1996 (patch)
treeb9e1741c1050e8662255c3e5a2fef81801dd75c4 /gnu
parent7fdbd37e12ea214ecfcb685343f5e05182b7f3b5 (diff)
downloadguix-033cbd11a837dbc7602799f15d691221653e1996.tar.gz
gnu: libksba: Graft to 1.6.2 [fixes CVE-2022-3515].
* gnu/packages/gnupg.scm (libksba/fixed): New variable.
(libksba): Use it as grafted replacement.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/gnupg.scm13
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index f9f39d6116..ce9ef48796 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -224,6 +224,7 @@ provided.")
   (package
     (name "libksba")
     (version "1.6.0")
+    (replacement libksba/fixed)
     (source
      (origin
       (method url-fetch)
@@ -253,6 +254,18 @@ specifications are building blocks of S/MIME and TLS.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libksba")))))
 
+(define libksba/fixed
+  (package
+    (inherit libksba)
+    (version "1.6.2")
+        (source
+     (origin
+      (method url-fetch)
+      (uri (string-append
+            "mirror://gnupg/libksba/libksba-" version ".tar.bz2"))
+      (sha256
+       (base32 "0wf9j9hlzvgn0vz6zg3fvcmpdr62v8bz1kzsvzdbs4lqqp51rq7w"))))))
+
 (define-public npth
   (package
     (name "npth")