diff --git a/pkgs/tools/networking/tcpdump/default.nix b/pkgs/tools/networking/tcpdump/default.nix index 69893f0a832..8dba4b373a3 100644 --- a/pkgs/tools/networking/tcpdump/default.nix +++ b/pkgs/tools/networking/tcpdump/default.nix @@ -1,36 +1,22 @@ -{ stdenv, fetchFromGitHub, fetchpatch, libpcap, enableStatic ? false +{ stdenv, fetchurl, fetchpatch, libpcap, enableStatic ? false , hostPlatform }: stdenv.mkDerivation rec { name = "tcpdump-${version}"; - version = "4.9.1"; + version = "4.9.2"; - src = fetchFromGitHub rec { - owner = "the-tcpdump-group"; - repo = "tcpdump"; - rev = "${repo}-${version}"; - sha256 = "1vzrvn1q7x28h18yskqc390y357pzpg5xd3pzzj4xz3llnvsr64p"; + # leaked embargoed security update + src = fetchurl { + url = "https://src.fedoraproject.org/lookaside/pkgs/tcpdump/tcpdump-4.9.2.tar.gz/sha512/e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b/tcpdump-4.9.2.tar.gz"; + sha256 = "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr"; }; - - patches = [ - (fetchpatch { - url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11541.patch"; - sha256 = "1lqg4lbyddnv75wpj0rs2sxz4lb3d1vp8n385i27mrpcxw9qaxia"; - }) - (fetchpatch { - url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11542.patch"; - sha256 = "0vqgmw9i5vr3d4siyrh8mw60jdmp5r66rbjxfmbnwhlfjf4bwxz4"; - }) - (fetchpatch { - url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-CVE-2017-11543.patch"; - sha256 = "1vk9ncpx0qjja8l69xw5kkvgy9fkcii2n98diazv1yndln2cs26l"; - }) - (fetchpatch { - url = "http://www.tcpdump.org/pre-4.9.2/PUBLISHED-OpenSSL-1.1-segfault.patch"; - sha256 = "0mw0jdj5nyg4sviqj7wxwf2492b2bdqmjrvf1k34ak417xfcvy1d"; - }) - ]; + # src = fetchFromGitHub rec { + # owner = "the-tcpdump-group"; + # repo = "tcpdump"; + # rev = "${repo}-${version}"; + # sha256 = "1vzrvn1q7x28h18yskqc390y357pzpg5xd3pzzj4xz3llnvsr64p"; + # }; buildInputs = [ libpcap ];