From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Tcpdump security update
Date: Mon, 30 Jan 2017 15:03:02 -0500
Message-ID: <20170130200302.GA27562@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="UHN/qo2QbUvPLonB"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50045)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cYIAP-0006Kr-Np
	for guix-devel@gnu.org; Mon, 30 Jan 2017 15:03:11 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cYIAL-0001P4-RT
	for guix-devel@gnu.org; Mon, 30 Jan 2017 15:03:09 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:41846)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1cYIAL-0001On-AJ
	for guix-devel@gnu.org; Mon, 30 Jan 2017 15:03:05 -0500
Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148])
	by mail.messagingengine.com (Postfix) with ESMTPA id 9CE0324594
	for <guix-devel@gnu.org>; Mon, 30 Jan 2017 15:03:02 -0500 (EST)
Content-Disposition: inline
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org


--UHN/qo2QbUvPLonB
Content-Type: multipart/mixed; boundary="envbJBWh7q8WU6mo"
Content-Disposition: inline


--envbJBWh7q8WU6mo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I communicated with the tcpdump team and verified that the Debian
tarball provides the same data (same SHA256 hash) as what's provided
directly by upstream. But the upstream link is still considered private
so I'm using the Debian source URL as a courtesy.

The Debian security advisory is here:

https://www.debian.org/security/2017/dsa-3775

--envbJBWh7q8WU6mo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="0001-gnu-tcpdump-Update-to-4.9.0-security-fixes.patch"
Content-Transfer-Encoding: quoted-printable

=46rom 06b23b7747dedf6fc2386b3fc86bc459999ffa88 Mon Sep 17 00:00:00 2001
=46rom: Leo Famulari <leo@famulari.name>
Date: Mon, 30 Jan 2017 14:50:23 -0500
Subject: [PATCH] gnu: tcpdump: Update to 4.9.0 [security fixes].

Fixes CVE-2016-{7922,7923,7924,7925,7926,7927,7928,7929,7930,7931,7932,7933
7934,7935,7936,7937,7938,7939,7940,7973,7974,7975,7983,7984,7985,7986,7992,=
7993,
8574,8575} and CVE-2017-{5202,5203,5204,5205,5341,5342,5482,5483,5484,5485,
5486}.

* gnu/packages/admin.scm (tcpdump): Update to 4.9.0.
[source]: Add alternate URL.
---
 gnu/packages/admin.scm | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 12aa9e70a..cf229f1d3 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -633,14 +633,18 @@ network statistics collection, security monitoring, n=
etwork debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.7.4")
+    (version "4.9.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
-                                  version ".tar.gz"))
+                (uri
+                  (list
+                    (string-append "http://http.debian.net/debian/pool/mai=
n/t/"
+                                    name "/" name "_" version ".orig.tar.g=
z")
+                    (string-append "http://www.tcpdump.org/release/tcpdump=
-"
+                                   version ".tar.gz")))
               (sha256
                (base32
-                "1byr8w6grk08fsq0444jmcz9ar89lq9nf4mjq2cny0w9k8k21rbb"))))
+                "0pjsxsy8l71i813sa934cwf1ryp9xbr7nxwsvnzavjdirchq3sga"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
--=20
2.11.0


--envbJBWh7q8WU6mo--

--UHN/qo2QbUvPLonB
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAliPm/YACgkQJkb6MLrK
fwhpqBAAsXfReKMWZKWc5UpBXca7Qam7xfrN5GEqdMmMqJYPJvFRm6W0J0x36xTc
HHih2eb0FsA44KTHNC9m3MPSqbN4mW7IhUzDZkpBMnOIPxSwZa4qu5oa50es4bLd
QCMzRa6yDBPMXCOsmjNhD/R7We4pF7vBnEtYHlblFu/H2UZaRXUscz6w0Vl/zBbA
+0+00Ss5+b1ovyzZCqVdQsbZ4MqxB7xpyvoju557ZtwYBDF398tznL0hc24KKFrX
j8LAT/ffMf+TzopuuWc2smsP29npggNbmrgvZPLs8f0ojxMDcwylYXJnztopyH78
q7Z/Jsdu0eahnsCb2xRWPGsR3TGlVzSyevOjEmi39XLXAuI7JnD0wmtz2iZCn0/R
dMG3k9e10qReu5F4k94SCvO6FXdBiMACpx/fDgspvMZdu9kkS/+H+3QpytRlRvSX
QOFTSIy96LMkTPOf4Io/OYYmog8UTHRR3gMqVTk8sqoh79i2BBCkrXzSLKq/f7W6
2rKztDjPWr8avveq+TMBTSqxNt3VXTOL1QfOTsDnMpBvnbb2JAUg2x17Aolva8Xg
xDOyJenWBPtsraWM1FJtafxkfWFxAZHPNRRywK+H9ktczojqbiTwG+GbPUlb5esz
zV1Jq6dhkR5se4CFX0O6MYCDdnmfiXbRBGu7fuFq8L7ZGlZmBic=
=waS8
-----END PGP SIGNATURE-----

--UHN/qo2QbUvPLonB--