gnu: tcpdump: Update to 4.9.0 [security fixes].

Fixes CVE-2016-{7922,7923,7924,7925,7926,7927,7928,7929,7930,7931,7932,7933
7934,7935,7936,7937,7938,7939,7940,7973,7974,7975,7983,7984,7985,7986,7992,7993,
8574,8575} and CVE-2017-{5202,5203,5204,5205,5341,5342,5482,5483,5484,5485,
5486}.

* gnu/packages/admin.scm (tcpdump): Update to 4.9.0.
[source]: Add alternate URL and set the file-name.

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 12aa9e7..96aecec 100644 (file)
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -633,14 +633,24 @@ network statistics collection, security monitoring, network debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.7.4")
+    (version "4.9.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
-                                  version ".tar.gz"))
+              ;; We use this Debian URL while the upstream URL is still
+              ;; officially private. This is the result of a botched
+              ;; coordinated release of tcpdump 4.9.0. I verified with
+              ;; the tcpdump maintainers that the upstream URL provides
+              ;; the same data as this Debian URL.
+              (uri
+                (list
+                  (string-append "http://http.debian.net/debian/pool/main/t/"
+                                  name "/" name "_" version ".orig.tar.gz")
+                  (string-append "http://www.tcpdump.org/release/tcpdump-"
+                                 version ".tar.gz")))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1byr8w6grk08fsq0444jmcz9ar89lq9nf4mjq2cny0w9k8k21rbb"))))
+                "0pjsxsy8l71i813sa934cwf1ryp9xbr7nxwsvnzavjdirchq3sga"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))