package/ntp: security bump to 4.2.8p10

Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due
to an HSTS policy" during download.

For details about the bugs fixed see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.kb.cert.org/vuls/id/633847

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index c6838d812fdb89aed56c0082638d7ccf95e647e7..d8b7083c47be9acde12e22a31d0292bb4427090a 100644 (file)
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,4 +1,4 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p9.tar.gz.md5
-md5    857452b05f5f2e033786f77ade1974ed        ntp-4.2.8p9.tar.gz
+# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p10.tar.gz.md5
+md5 745384ed0dedb3f66b33fe84d66466f9  ntp-4.2.8p10.tar.gz
 # Calculated based on the hash above
-sha256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72        ntp-4.2.8p9.tar.gz
+sha256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f  ntp-4.2.8p10.tar.gz

diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index edbf1c86b6d6dfbd00eacef706a45aa1d7012b63..b6eb1b186339e23eb02c5298a7fbacfa1002dacf 100644 (file)
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,8 +5,8 @@
 ################################################################################
 
 NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p9
-NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p10
+NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
 NTP_DEPENDENCIES = host-pkgconf libevent openssl $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 NTP_LICENSE = ntp license
 NTP_LICENSE_FILES = COPYRIGHT