... and the patch.
From 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001
From: Leo Famulari <l...@famulari.name>
Date: Fri, 2 Sep 2016 02:11:49 -0400
Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and
CVE-2016-{6261,6263}].
* gnu/packages/libidn.scm (libidn)[replacement]: New field.
(libidn-1.33): New variable.
---
gnu/packages/libidn.scm | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 053565c..432c1fe 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -27,6 +27,7 @@
(define-public libidn
(package
(name "libidn")
+ (replacement libidn-1.33)
(version "1.32")
(source (origin
(method url-fetch)
@@ -45,3 +46,16 @@ names. It includes native C, C# and Java libraries.")
;; the command line tool is gpl3+.
(license (list gpl2+ gpl3+ lgpl3+ fdl1.3+))
(home-page "http://www.gnu.org/software/libidn/";)))
+
+(define libidn-1.33
+ (package
+ (inherit libidn)
+ (source
+ (let ((version "1.33"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/libidn/libidn-" version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))))))
--
2.9.3
signature.asc
Description: PGP signature
