* [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10
@ 2017-03-22 21:03 Bernd Kuhls
2017-03-22 21:44 ` Thomas Petazzoni
2017-03-31 6:54 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2017-03-22 21:03 UTC (permalink / raw)
To: buildroot
Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due
to an HSTS policy" during download.
For details about the bugs fixed see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.kb.cert.org/vuls/id/633847
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/ntp/ntp.hash | 6 +++---
package/ntp/ntp.mk | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index c6838d812..d8b7083c4 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,4 +1,4 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p9.tar.gz.md5
-md5 857452b05f5f2e033786f77ade1974ed ntp-4.2.8p9.tar.gz
+# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p10.tar.gz.md5
+md5 745384ed0dedb3f66b33fe84d66466f9 ntp-4.2.8p10.tar.gz
# Calculated based on the hash above
-sha256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72 ntp-4.2.8p9.tar.gz
+sha256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f ntp-4.2.8p10.tar.gz
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index edbf1c86b..b6eb1b186 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,8 +5,8 @@
################################################################################
NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p9
-NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p10
+NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent openssl $(if $(BR2_PACKAGE_BUSYBOX),busybox)
NTP_LICENSE = ntp license
NTP_LICENSE_FILES = COPYRIGHT
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10
2017-03-22 21:03 [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10 Bernd Kuhls
@ 2017-03-22 21:44 ` Thomas Petazzoni
2017-03-31 6:54 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2017-03-22 21:44 UTC (permalink / raw)
To: buildroot
Hello,
On Wed, 22 Mar 2017 22:03:13 +0100, Bernd Kuhls wrote:
> Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due
> to an HSTS policy" during download.
>
> For details about the bugs fixed see:
> http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
> http://www.kb.cert.org/vuls/id/633847
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> package/ntp/ntp.hash | 6 +++---
> package/ntp/ntp.mk | 4 ++--
> 2 files changed, 5 insertions(+), 5 deletions(-)
Applied to master, thanks. Peter: we want this in the LTS branch.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10
2017-03-22 21:03 [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10 Bernd Kuhls
2017-03-22 21:44 ` Thomas Petazzoni
@ 2017-03-31 6:54 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-03-31 6:54 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due
> to an HSTS policy" during download.
> For details about the bugs fixed see:
> http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
> http://www.kb.cert.org/vuls/id/633847
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-03-31 6:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-22 21:03 [Buildroot] [PATCH 1/1] package/ntp: security bump to 4.2.8p10 Bernd Kuhls
2017-03-22 21:44 ` Thomas Petazzoni
2017-03-31 6:54 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.