[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Add NTP source URL and apply security update
From: |
Ludovic Courtès |
Subject: |
Re: Add NTP source URL and apply security update |
Date: |
Sat, 04 Jun 2016 23:59:00 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> Our NTP package definition fetches source from the HTTP-only URL
> http://archive.ntp.org/.
>
> This redirects to an HTTPS URL, https://www.eecis.udel.edu.
>
> Then, the whole things fails because GnuTLS is not available. So, patch
> 1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.
>
> udel.edu is the University of Delaware, where the NTP inventor David
> Mills is a professor emeritus:
> https://www.eecis.udel.edu/~mills/ntp.html
>
> Your thoughts?
Sure, sounds good.
> From 0440497ceab2d45df9f94b452a1e2b95e7752f2b Mon Sep 17 00:00:00 2001
> Message-Id: <address@hidden>
> From: Leo Famulari <address@hidden>
> Date: Fri, 3 Jun 2016 16:56:44 -0400
> Subject: [PATCH 1/2] gnu: ntp: Add HTTPS URL.
>
> This works around an HTTP -> HTTPS redirection.
>
> * gnu/packages/ntp.scm (ntp)[source]: Add HTTPS URL.
OK.
> + (uri (list (string-append
> + "http://archive.ntp.org/ntp4/ntp-"
> + (version-major+minor version)
> + "/ntp-" version ".tar.gz")
> + (string-append
^
Misaligned! :-)
> From: Leo Famulari <address@hidden>
> Date: Fri, 3 Jun 2016 16:57:29 -0400
> Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
> 4955, 4956, 4957}].
>
> * gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.
OK.
Thank you!
Ludo’.