diff --git a/tcpdump/tcpdump.patch b/tcpdump/tcpdump.patch
new file mode 100644
index 0000000000..25ff28d30a
--- /dev/null
+++ b/tcpdump/tcpdump.patch
@@ -0,0 +1,91 @@
+
+    tcpdump patch patrix; thl@dev.de.cw.com
+
+                  tcpdump   371 371 372 381
+                  OpenPKG   120 121 130 20020822
+                            --- --- --- ---
+  CAN-2002-0380 nfs      y   n   n   n   see past OpenPKG-SA-2003.014-tcpdump
+  CAN-2002-1350 bgp      y   n   n   n   see past OpenPKG-SA-2003.014-tcpdump
+  CAN-2003-0108 isakmp   y   n   n   n   see past OpenPKG-SA-2003.014-tcpdump
+                depth    y   y   y   n   (*)
+  CAN-2003-0989 isakmp   y   y   y   n   updates CAN-2003-0108-isakmp
+  CAN-2003-1029 l2tp     y   y   n   n
+  CAN-2004-0055 radius   y   y   y   y
+  CAN-2004-0057 isakmp   y   y   y   y
+
+  (*) the vendor code fix for CAN-2003-0108 had two other unrelated code
+      changes piggybacked. We removed the cosmetics (constify) and
+      extracted an enhancement (depth).
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 (radius)
+    The print_attr_string function in print-radius.c for tcpdump 3.8.1
+    and earlier allows remote attackers to cause a denial of service
+    (segmentation fault) via a RADIUS attribute with a large length
+    value.
+
+Index: print-radius.c
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-radius.c,v
+retrieving revision 1.23
+retrieving revision 1.24
+diff -u -d -u -d -r1.23 -r1.24
+--- print-radius.c.CAN-2004-0055	15 Dec 2003 13:52:15 -0000	1.23
++++ print-radius.c	7 Jan 2004 08:00:52 -0000	1.24
+@@ -476,7 +476,7 @@
+         break;
+    }
+ 
+-   for (i=0; i < length ; i++, data++)
++   for (i=0; *data && i < length ; i++, data++)
+        printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
+ 
+    return;
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057 (isakmp)
+    The rawprint function in the ISAKMP decoding routines
+    (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote
+    attackers to cause a denial of service (segmentation fault) via
+    malformed ISAKMP packets that cause invalid "len" or "loc" values to
+    be used in a loop, a different vulnerability than CAN-2003-0989.
+
+Index: print-isakmp.c
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-isakmp.c,v
+retrieving revision 1.41
+retrieving revision 1.42
+diff -u -d -u -d -r1.41 -r1.42
+--- print-isakmp.c.CAN-2004-0057	20 Dec 2003 10:03:19 -0000	1.41
++++ print-isakmp.c	7 Jan 2004 08:00:51 -0000	1.42
+@@ -327,9 +327,13 @@
+ 	static u_char *p;
+ 	size_t i;
+ 
++	TCHECK2(*loc, len);
++	
+ 	p = (u_char *)loc;
+ 	for (i = 0; i < len; i++)
+ 		printf("%02x", p[i] & 0xff);
++trunc:
++   return;
+ }
+ 
+ struct attrmap {
+@@ -1111,6 +1115,8 @@
+ 	cp = (const u_char *)ext;
+ 
+ 	while (np) {
++		TCHECK2(*ext, sizeof(e));
++		
+ 		safememcpy(&e, ext, sizeof(e));
+ 
+ 		if (ep < (u_char *)ext + ntohs(e.len)) {
+@@ -1136,6 +1142,8 @@
+ 		ext = (struct isakmp_gen *)cp;
+ 	}
+ 	return cp;
++trunc:
++	return NULL;
+ }
+ 
+ static char *
+
diff --git a/tcpdump/tcpdump.spec b/tcpdump/tcpdump.spec
index b628bc4cdb..35d5a03b8a 100644
--- a/tcpdump/tcpdump.spec
+++ b/tcpdump/tcpdump.spec
@@ -33,10 +33,11 @@ Distribution: OpenPKG [BASE]
 Group:        Network
 License:      GPL
 Version:      3.8.1
-Release:      20040108
+Release:      20040116
 
 #   list of sources
 Source0:      http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz
+Patch0:       tcpdump.patch
 
 #   build information
 Prefix:       %{l_prefix}
@@ -55,6 +56,7 @@ AutoReqProv:  no
 
 %prep
     %setup -q
+    %patch -p0
     %{l_shtool} subst -e 's;des_;DES_;g' configure
 
 %build