* Add NTP source URL and apply security update
@ 2016-06-03 21:15 Leo Famulari
2016-06-04 21:59 ` Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2016-06-03 21:15 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 445 bytes --]
Our NTP package definition fetches source from the HTTP-only URL
http://archive.ntp.org/.
This redirects to an HTTPS URL, https://www.eecis.udel.edu.
Then, the whole things fails because GnuTLS is not available. So, patch
1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.
udel.edu is the University of Delaware, where the NTP inventor David
Mills is a professor emeritus:
https://www.eecis.udel.edu/~mills/ntp.html
Your thoughts?
[-- Attachment #2: 0001-gnu-ntp-Add-HTTPS-URL.patch --]
[-- Type: text/x-diff, Size: 1428 bytes --]
From 0440497ceab2d45df9f94b452a1e2b95e7752f2b Mon Sep 17 00:00:00 2001
Message-Id: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
From: Leo Famulari <leo@famulari.name>
Date: Fri, 3 Jun 2016 16:56:44 -0400
Subject: [PATCH 1/2] gnu: ntp: Add HTTPS URL.
This works around an HTTP -> HTTPS redirection.
* gnu/packages/ntp.scm (ntp)[source]: Add HTTPS URL.
---
gnu/packages/ntp.scm | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 4ae2545..8b4f53d 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -42,10 +42,14 @@
(version "4.2.8p7")
(source (origin
(method url-fetch)
- (uri (string-append
- "http://archive.ntp.org/ntp4/ntp-"
- (version-major+minor version)
- "/ntp-" version ".tar.gz"))
+ (uri (list (string-append
+ "http://archive.ntp.org/ntp4/ntp-"
+ (version-major+minor version)
+ "/ntp-" version ".tar.gz")
+ (string-append
+ "https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-"
+ (version-major+minor version)
+ "/ntp-" version ".tar.gz")))
(sha256
(base32
"1p100856h17nb0kpnppy70nja57hbcc95h7shhxvw6mhl030rll1"))
--
2.8.3
[-- Attachment #3: 0002-gnu-ntp-Update-to-4.2.8p8-fixes-CVE-2016-4953-4954-4.patch --]
[-- Type: text/x-diff, Size: 1325 bytes --]
From 3ebd31e67b997fb4a9900263b3a03ef1c1c19294 Mon Sep 17 00:00:00 2001
Message-Id: <3ebd31e67b997fb4a9900263b3a03ef1c1c19294.1464988535.git.leo@famulari.name>
In-Reply-To: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
References: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
From: Leo Famulari <leo@famulari.name>
Date: Fri, 3 Jun 2016 16:57:29 -0400
Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
4955, 4956, 4957}].
* gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.
---
gnu/packages/ntp.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 8b4f53d..bb8bffc 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -39,7 +39,7 @@
(define-public ntp
(package
(name "ntp")
- (version "4.2.8p7")
+ (version "4.2.8p8")
(source (origin
(method url-fetch)
(uri (list (string-append
@@ -52,7 +52,7 @@
"/ntp-" version ".tar.gz")))
(sha256
(base32
- "1p100856h17nb0kpnppy70nja57hbcc95h7shhxvw6mhl030rll1"))
+ "1vlpgd0dk2wkpmmf869sfxi8f46sfnmjgk51vl8n6vj5y2sx1cra"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.8.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: Add NTP source URL and apply security update
2016-06-03 21:15 Add NTP source URL and apply security update Leo Famulari
@ 2016-06-04 21:59 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2016-06-04 21:59 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> Our NTP package definition fetches source from the HTTP-only URL
> http://archive.ntp.org/.
>
> This redirects to an HTTPS URL, https://www.eecis.udel.edu.
>
> Then, the whole things fails because GnuTLS is not available. So, patch
> 1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.
>
> udel.edu is the University of Delaware, where the NTP inventor David
> Mills is a professor emeritus:
> https://www.eecis.udel.edu/~mills/ntp.html
>
> Your thoughts?
Sure, sounds good.
> From 0440497ceab2d45df9f94b452a1e2b95e7752f2b Mon Sep 17 00:00:00 2001
> Message-Id: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git.leo@famulari.name>
> From: Leo Famulari <leo@famulari.name>
> Date: Fri, 3 Jun 2016 16:56:44 -0400
> Subject: [PATCH 1/2] gnu: ntp: Add HTTPS URL.
>
> This works around an HTTP -> HTTPS redirection.
>
> * gnu/packages/ntp.scm (ntp)[source]: Add HTTPS URL.
OK.
> + (uri (list (string-append
> + "http://archive.ntp.org/ntp4/ntp-"
> + (version-major+minor version)
> + "/ntp-" version ".tar.gz")
> + (string-append
^
Misaligned! :-)
> From: Leo Famulari <leo@famulari.name>
> Date: Fri, 3 Jun 2016 16:57:29 -0400
> Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
> 4955, 4956, 4957}].
>
> * gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.
OK.
Thank you!
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-04 21:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-03 21:15 Add NTP source URL and apply security update Leo Famulari
2016-06-04 21:59 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).