guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Add NTP source URL and apply security update


From: Ludovic Courtès
Subject: Re: Add NTP source URL and apply security update
Date: Sat, 04 Jun 2016 23:59:00 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> Our NTP package definition fetches source from the HTTP-only URL 
> http://archive.ntp.org/.
>
> This redirects to an HTTPS URL, https://www.eecis.udel.edu.
>
> Then, the whole things fails because GnuTLS is not available. So, patch
> 1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.
>
> udel.edu is the University of Delaware, where the NTP inventor David
> Mills is a professor emeritus:
> https://www.eecis.udel.edu/~mills/ntp.html
>
> Your thoughts?

Sure, sounds good.

> From 0440497ceab2d45df9f94b452a1e2b95e7752f2b Mon Sep 17 00:00:00 2001
> Message-Id: <address@hidden>
> From: Leo Famulari <address@hidden>
> Date: Fri, 3 Jun 2016 16:56:44 -0400
> Subject: [PATCH 1/2] gnu: ntp: Add HTTPS URL.
>
> This works around an HTTP -> HTTPS redirection.
>
> * gnu/packages/ntp.scm (ntp)[source]: Add HTTPS URL.

OK.

> +         (uri (list (string-append
> +                         "http://archive.ntp.org/ntp4/ntp-";
> +                         (version-major+minor version)
> +                         "/ntp-" version ".tar.gz")
> +                       (string-append
                          ^
Misaligned!  :-)

> From: Leo Famulari <address@hidden>
> Date: Fri, 3 Jun 2016 16:57:29 -0400
> Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
>  4955, 4956, 4957}].
>
> * gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.

OK.

Thank you!

Ludo’.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]