Add NTP source URL and apply security update

Fri, 03 Jun 2016 14:16:29 -0700 

Our NTP package definition fetches source from the HTTP-only URL 
http://archive.ntp.org/.

This redirects to an HTTPS URL, https://www.eecis.udel.edu.

Then, the whole things fails because GnuTLS is not available. So, patch
1/2 adds the eecis.udel.edu URL so that GnuTLS is provided.

udel.edu is the University of Delaware, where the NTP inventor David
Mills is a professor emeritus:
https://www.eecis.udel.edu/~mills/ntp.html

Your thoughts?

>From 0440497ceab2d45df9f94b452a1e2b95e7752f2b Mon Sep 17 00:00:00 2001
Message-Id: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git....@famulari.name>
From: Leo Famulari <l...@famulari.name>
Date: Fri, 3 Jun 2016 16:56:44 -0400
Subject: [PATCH 1/2] gnu: ntp: Add HTTPS URL.

This works around an HTTP -> HTTPS redirection.

* gnu/packages/ntp.scm (ntp)[source]: Add HTTPS URL.
---
 gnu/packages/ntp.scm | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 4ae2545..8b4f53d 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -42,10 +42,14 @@
    (version "4.2.8p7")
    (source (origin
 	    (method url-fetch)
-	    (uri (string-append
-                  "http://archive.ntp.org/ntp4/ntp-";
-                  (version-major+minor version)
-                  "/ntp-" version ".tar.gz"))
+	    (uri (list (string-append
+                         "http://archive.ntp.org/ntp4/ntp-";
+                         (version-major+minor version)
+                         "/ntp-" version ".tar.gz")
+                       (string-append
+                         "https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-";
+                         (version-major+minor version)
+                         "/ntp-" version ".tar.gz")))
 	    (sha256
 	     (base32
               "1p100856h17nb0kpnppy70nja57hbcc95h7shhxvw6mhl030rll1"))
-- 
2.8.3


>From 3ebd31e67b997fb4a9900263b3a03ef1c1c19294 Mon Sep 17 00:00:00 2001
Message-Id: <3ebd31e67b997fb4a9900263b3a03ef1c1c19294.1464988535.git....@famulari.name>
In-Reply-To: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git....@famulari.name>
References: <0440497ceab2d45df9f94b452a1e2b95e7752f2b.1464988535.git....@famulari.name>
From: Leo Famulari <l...@famulari.name>
Date: Fri, 3 Jun 2016 16:57:29 -0400
Subject: [PATCH 2/2] gnu: ntp: Update to 4.2.8p8 [fixes CVE-2016-{4953, 4954,
 4955, 4956, 4957}].

* gnu/packages/ntp.scm (ntp): Update to 4.2.8p8.
---
 gnu/packages/ntp.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 8b4f53d..bb8bffc 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -39,7 +39,7 @@
 (define-public ntp
   (package
    (name "ntp")
-   (version "4.2.8p7")
+   (version "4.2.8p8")
    (source (origin
 	    (method url-fetch)
 	    (uri (list (string-append
@@ -52,7 +52,7 @@
                          "/ntp-" version ".tar.gz")))
 	    (sha256
 	     (base32
-              "1p100856h17nb0kpnppy70nja57hbcc95h7shhxvw6mhl030rll1"))
+              "1vlpgd0dk2wkpmmf869sfxi8f46sfnmjgk51vl8n6vj5y2sx1cra"))
             (modules '((guix build utils)))
             (snippet
              '(begin
-- 
2.8.3

Reply via email to