diff mbox

Add NTP source URL and apply security update

Message ID 20160603211546.GA3164@jasmine
State New
Headers show

Commit Message

Leo Famulari June 3, 2016, 9:15 p.m. UTC
Our NTP package definition fetches source from the HTTP-only URL 
http://archive.ntp.org/.

This redirects to an HTTPS URL, https://www.eecis.udel.edu.

Then, the whole things fails because GnuTLS is not available. So, patch
1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.

udel.edu is the University of Delaware, where the NTP inventor David
Mills is a professor emeritus:
https://www.eecis.udel.edu/~mills/ntp.html

Your thoughts?

Comments

Ludovic Courtès June 4, 2016, 9:59 p.m. UTC | #1
Leo Famulari <leo@famulari.name> skribis:

> Our NTP package definition fetches source from the HTTP-only URL 
> http://archive.ntp.org/.
>
> This redirects to an HTTPS URL, https://www.eecis.udel.edu.
>
> Then, the whole things fails because GnuTLS is not available. So, patch
> 1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.
>
> udel.edu is the University of Delaware, where the NTP inventor David
> Mills is a professor emeritus:
> https://www.eecis.udel.edu/~mills/ntp.html
>
> Your thoughts?

Sure, sounds good.

> From 0440497ceab2d45df9f94b452a1e2b95e7752f2b Mon Sep 17 00:00:00 2001
> Message-Id: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
> From: Leo Famulari <leo@famulari.name>
> Date: Fri, 3 Jun 2016 16:56:44 -0400
> Subject: [PATCH 1/2] gnu: ntp: Add HTTPS URL.
>
> This works around an HTTP -> HTTPS redirection.
>
> * gnu/packages/ntp.scm (ntp)[source]: Add HTTPS URL.

OK.

> +	    (uri (list (string-append
> +                         "http://archive.ntp.org/ntp4/ntp-"
> +                         (version-major+minor version)
> +                         "/ntp-" version ".tar.gz")
> +                       (string-append
                          ^
Misaligned!  :-)

> From: Leo Famulari <leo@famulari.name>
> Date: Fri, 3 Jun 2016 16:57:29 -0400
> Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
>  4955, 4956, 4957}].
>
> * gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.

OK.

Thank you!

Ludo’.
diff mbox

Patch

From 3ebd31e67b997fb4a9900263b3a03ef1c1c19294 Mon Sep 17 00:00:00 2001
Message-Id: <3ebd31e67b997fb4a9900263b3a03ef1c1c19294.1464988535.git.leo@famulari.name>
In-Reply-To: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
References: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
From: Leo Famulari <leo@famulari.name>
Date: Fri, 3 Jun 2016 16:57:29 -0400
Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
 4955, 4956, 4957}].

* gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.
---
 gnu/packages/ntp.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 8b4f53d..bb8bffc 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -39,7 +39,7 @@ 
 (define-public ntp
   (package
    (name "ntp")
-   (version "4.2.8p7")
+   (version "4.2.8p8")
    (source (origin
 	    (method url-fetch)
 	    (uri (list (string-append
@@ -52,7 +52,7 @@ 
                          "/ntp-" version ".tar.gz")))
 	    (sha256
 	     (base32
-              "1p100856h17nb0kpnppy70nja57hbcc95h7shhxvw6mhl030rll1"))
+              "1vlpgd0dk2wkpmmf869sfxi8f46sfnmjgk51vl8n6vj5y2sx1cra"))
             (modules '((guix build utils)))
             (snippet
              '(begin
-- 
2.8.3