From: Bernd Kuhls <bernd.kuhls@t-online.de>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10
Date: Wed, 22 Mar 2017 22:03:13 +0100 [thread overview]
Message-ID: <20170322210313.10299-1-bernd.kuhls@t-online.de> (raw)
Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due
to an HSTS policy" during download.
For details about the bugs fixed see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.kb.cert.org/vuls/id/633847
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/ntp/ntp.hash | 6 +++---
package/ntp/ntp.mk | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index c6838d812..d8b7083c4 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,4 +1,4 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p9.tar.gz.md5
-md5 857452b05f5f2e033786f77ade1974ed ntp-4.2.8p9.tar.gz
+# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p10.tar.gz.md5
+md5 745384ed0dedb3f66b33fe84d66466f9 ntp-4.2.8p10.tar.gz
# Calculated based on the hash above
-sha256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72 ntp-4.2.8p9.tar.gz
+sha256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f ntp-4.2.8p10.tar.gz
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index edbf1c86b..b6eb1b186 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,8 +5,8 @@
################################################################################
NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p9
-NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p10
+NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent openssl $(if $(BR2_PACKAGE_BUSYBOX),busybox)
NTP_LICENSE = ntp license
NTP_LICENSE_FILES = COPYRIGHT
--
2.11.0
next reply other threads:[~2017-03-22 21:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-22 21:03 Bernd Kuhls [this message]
2017-03-22 21:44 ` [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10 Thomas Petazzoni
2017-03-31 6:54 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170322210313.10299-1-bernd.kuhls@t-online.de \
--to=bernd.kuhls@t-online.de \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.