From 03439df66fc2699b22e5786b33324e5432cfe8cf Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Wed, 13 Jun 2018 22:28:48 +0300
Subject: gnu: libgcrypt: Fix CVE-2018-0495.

* gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field.
(libgcrypt/fixed): New package.
---
 gnu/packages/gnupg.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index ecd280f6db..6a0defb46f 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -108,6 +108,7 @@ Daemon and possibly more in the future.")
 
 (define-public libgcrypt
   (package
+    (replacement libgcrypt/fixed)
     (name "libgcrypt")
     (version "1.8.2")
     (source (origin
@@ -142,6 +143,19 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
+(define libgcrypt/fixed
+  (package
+    (inherit libgcrypt)
+    (name "libgcrypt")
+    (version "1.8.3")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36"))))))
+
 (define-public libassuan
   (package
     (name "libassuan")
-- 
cgit v1.2.3