From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Add NTP source URL and apply security update
Date: Fri, 3 Jun 2016 17:15:46 -0400
Message-ID: <20160603211546.GA3164@jasmine>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="J/dobhs11T7y2rNN"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54716)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1b8wRs-0001sF-NH
	for guix-devel@gnu.org; Fri, 03 Jun 2016 17:16:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1b8wRn-0003kO-LS
	for guix-devel@gnu.org; Fri, 03 Jun 2016 17:16:07 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:48554)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1b8wRm-0003ew-AK
	for guix-devel@gnu.org; Fri, 03 Jun 2016 17:16:03 -0400
Received: from localhost (unknown [172.56.12.81])
	by mail.messagingengine.com (Postfix) with ESMTPA id 86DCFCCD94
	for <guix-devel@gnu.org>; Fri,  3 Jun 2016 17:15:52 -0400 (EDT)
Content-Disposition: inline
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org


--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Our NTP package definition fetches source from the HTTP-only URL 
http://archive.ntp.org/.

This redirects to an HTTPS URL, https://www.eecis.udel.edu.

Then, the whole things fails because GnuTLS is not available. So, patch
1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.

udel.edu is the University of Delaware, where the NTP inventor David
Mills is a professor emeritus:
https://www.eecis.udel.edu/~mills/ntp.html

Your thoughts?

--J/dobhs11T7y2rNN
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="0001-gnu-ntp-Add-HTTPS-URL.patch"

>From 0440497ceab2d45df9f94b452a1e2b95e7752f2b Mon Sep 17 00:00:00 2001
Message-Id: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
From: Leo Famulari <leo@famulari.name>
Date: Fri, 3 Jun 2016 16:56:44 -0400
Subject: [PATCH 1/2] gnu: ntp: Add HTTPS URL.

This works around an HTTP -> HTTPS redirection.

* gnu/packages/ntp.scm (ntp)[source]: Add HTTPS URL.
---
 gnu/packages/ntp.scm | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 4ae2545..8b4f53d 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -42,10 +42,14 @@
    (version "4.2.8p7")
    (source (origin
 	    (method url-fetch)
-	    (uri (string-append
-                  "http://archive.ntp.org/ntp4/ntp-"
-                  (version-major+minor version)
-                  "/ntp-" version ".tar.gz"))
+	    (uri (list (string-append
+                         "http://archive.ntp.org/ntp4/ntp-"
+                         (version-major+minor version)
+                         "/ntp-" version ".tar.gz")
+                       (string-append
+                         "https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-"
+                         (version-major+minor version)
+                         "/ntp-" version ".tar.gz")))
 	    (sha256
 	     (base32
               "1p100856h17nb0kpnppy70nja57hbcc95h7shhxvw6mhl030rll1"))
-- 
2.8.3


--J/dobhs11T7y2rNN
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="0002-gnu-ntp-Update-to-4.2.8p8-fixes-CVE-2016-4953-4954-4.patch"

>From 3ebd31e67b997fb4a9900263b3a03ef1c1c19294 Mon Sep 17 00:00:00 2001
Message-Id: <3ebd31e67b997fb4a9900263b3a03ef1c1c19294.1464988535.git.leo@famulari.name>
In-Reply-To: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
References: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
From: Leo Famulari <leo@famulari.name>
Date: Fri, 3 Jun 2016 16:57:29 -0400
Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
 4955, 4956, 4957}].

* gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.
---
 gnu/packages/ntp.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 8b4f53d..bb8bffc 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -39,7 +39,7 @@
 (define-public ntp
   (package
    (name "ntp")
-   (version "4.2.8p7")
+   (version "4.2.8p8")
    (source (origin
 	    (method url-fetch)
 	    (uri (list (string-append
@@ -52,7 +52,7 @@
                          "/ntp-" version ".tar.gz")))
 	    (sha256
 	     (base32
-              "1p100856h17nb0kpnppy70nja57hbcc95h7shhxvw6mhl030rll1"))
+              "1vlpgd0dk2wkpmmf869sfxi8f46sfnmjgk51vl8n6vj5y2sx1cra"))
             (modules '((guix build utils)))
             (snippet
              '(begin
-- 
2.8.3


--J/dobhs11T7y2rNN--