From: Leo Famulari Date: Mon, 30 Jan 2017 19:50:23 +0000 (-0500) Subject: gnu: tcpdump: Update to 4.9.0 [security fixes]. X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/commitdiff_plain/af7d72b16c7652e9ddc3c441017de5c9bb9205f2 gnu: tcpdump: Update to 4.9.0 [security fixes]. Fixes CVE-2016-{7922,7923,7924,7925,7926,7927,7928,7929,7930,7931,7932,7933 7934,7935,7936,7937,7938,7939,7940,7973,7974,7975,7983,7984,7985,7986,7992,7993, 8574,8575} and CVE-2017-{5202,5203,5204,5205,5341,5342,5482,5483,5484,5485, 5486}. * gnu/packages/admin.scm (tcpdump): Update to 4.9.0. [source]: Add alternate URL and set the file-name. --- diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 12aa9e70a7..96aececbbf 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -633,14 +633,24 @@ network statistics collection, security monitoring, network debugging, etc.") (define-public tcpdump (package (name "tcpdump") - (version "4.7.4") + (version "4.9.0") (source (origin (method url-fetch) - (uri (string-append "http://www.tcpdump.org/release/tcpdump-" - version ".tar.gz")) + ;; We use this Debian URL while the upstream URL is still + ;; officially private. This is the result of a botched + ;; coordinated release of tcpdump 4.9.0. I verified with + ;; the tcpdump maintainers that the upstream URL provides + ;; the same data as this Debian URL. + (uri + (list + (string-append "http://http.debian.net/debian/pool/main/t/" + name "/" name "_" version ".orig.tar.gz") + (string-append "http://www.tcpdump.org/release/tcpdump-" + version ".tar.gz"))) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1byr8w6grk08fsq0444jmcz9ar89lq9nf4mjq2cny0w9k8k21rbb")))) + "0pjsxsy8l71i813sa934cwf1ryp9xbr7nxwsvnzavjdirchq3sga")))) (build-system gnu-build-system) (inputs `(("libpcap" ,libpcap) ("openssl" ,openssl)))