diff --git a/.gitignore b/.gitignore
index 738593b..d669152 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ tcpdump-4.1.1.tar.gz
 /ppi.h
 /tcpdump-4.2.1.tar.gz
 /tcpdump-4.3.0.tar.gz
+/tcpdump-4.4.0.tar.gz
diff --git a/sources b/sources
index 99422db..286ae1d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-a3fe4d30ac85ff5467c889ff46b7e1e8  tcpdump-4.3.0.tar.gz
+6f75aabcffd012f73bd7c331bb5d8232  tcpdump-4.4.0.tar.gz
 e329cbeb7e589f132d92c3447c477190  tcpslice-1.2a3.tar.gz
diff --git a/tcpdump-4.2.1-eperm.patch b/tcpdump-4.2.1-eperm.patch
deleted file mode 100644
index 431edef..0000000
--- a/tcpdump-4.2.1-eperm.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-diff -up tcpdump-4.2.1/tcpdump.1.in.eperm tcpdump-4.2.1/tcpdump.1.in
---- tcpdump-4.2.1/tcpdump.1.in.eperm	2012-05-16 15:46:55.009494388 +0200
-+++ tcpdump-4.2.1/tcpdump.1.in	2012-05-16 15:47:16.860299598 +0200
-@@ -214,6 +214,9 @@ have the name specified with the
- flag, with a number after it, starting at 1 and continuing upward.
- The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
- not 1,048,576 bytes).
-+
-+Note that when used with \fB\-Z\fR option (enabled by default), privileges
-+are dropped before opening first savefile.
- .TP
- .B \-d
- Dump the compiled packet-matching code in a human readable form to
-@@ -650,7 +653,9 @@ but before opening any savefiles for out
- and the group ID to the primary group of
- .IR user .
- .IP
--This behavior can also be enabled by default at compile time.
-+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
-+be disabled by \fB\-Z root\fR.
-+
- .IP "\fI expression\fP"
- .RS
- selects which packets will be dumped.
-diff -up tcpdump-4.2.1/tcpdump.c.eperm tcpdump-4.2.1/tcpdump.c
---- tcpdump-4.2.1/tcpdump.c.eperm	2012-05-16 15:46:28.321732801 +0200
-+++ tcpdump-4.2.1/tcpdump.c	2012-05-16 15:46:42.642604795 +0200
-@@ -1289,9 +1289,27 @@ main(int argc, char **argv)
- 	 * Switching to the -Z user ID only after opening the first
- 	 * savefile doesn't handle the general case.
- 	 */
--	if (getuid() == 0 || geteuid() == 0) {
--		if (username || chroot_dir)
--			droproot(username, chroot_dir);
-+
-+	/* If user is running tcpdump as root and wants to write to the savefile,
-+	 * we will check if -C is set and if it is, we will drop root
-+	 * privileges right away and consequent call to	pcap_dump_open()
-+	 * will most likely fail for the first file. If -C flag is not set we
-+	 * will create file as root then change ownership of file to proper
-+	 * user(default tcpdump) and drop root privileges.
-+	 */
-+	int chown_flag = 0;
-+	if (WFileName && (getuid() == 0 || geteuid() == 0)) {
-+		if (Cflag != 0) {
-+			if (username || chroot_dir)
-+				droproot(username, chroot_dir);
-+		} else {
-+			chown_flag = 1;
-+		}
-+	} else {
-+		if (getuid() == 0 || geteuid() == 0) {
-+			if (username || chroot_dir)
-+				droproot(username, chroot_dir);
-+		}
- 	}
- #endif /* WIN32 */
- 
-@@ -1312,6 +1330,40 @@ main(int argc, char **argv)
- 		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
- 
- 		p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
-+		
-+		/* Change ownership of file and drop root privileges */
-+		if (chown_flag) {
-+			struct passwd pwd;
-+			struct passwd *p_pwd;
-+			char *username_buf;
-+			long initlen;
-+			size_t len;
-+
-+			initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
-+			if (initlen == -1) {
-+				len = 1024;
-+			} else {
-+				len = (size_t) initlen;
-+			}
-+
-+			username_buf = (char *) malloc(len * sizeof(char));
-+			if (username_buf == NULL) {
-+				error("malloc of username_buf");
-+			}
-+
-+			getpwnam_r(username, &pwd, username_buf, len, &p_pwd);
-+			if (p_pwd == NULL) {
-+				error("Couldn't find user '%s'", username);
-+			}
-+
-+			chown(dumpinfo.CurrentFileName, pwd.pw_uid, pwd.pw_gid);
-+
-+			if (username || chroot_dir)
-+				droproot(username, chroot_dir);
-+							
-+			free(username_buf);
-+		}
-+
- 		if (p == NULL)
- 			error("%s", pcap_geterr(pd));
- 		if (Cflag != 0 || Gflag != 0) {
diff --git a/tcpdump-4.4.0-eperm.patch b/tcpdump-4.4.0-eperm.patch
new file mode 100644
index 0000000..e96dbbe
--- /dev/null
+++ b/tcpdump-4.4.0-eperm.patch
@@ -0,0 +1,77 @@
+diff -up tcpdump-4.4.0/tcpdump.1.in.eperm tcpdump-4.4.0/tcpdump.1.in
+--- tcpdump-4.4.0/tcpdump.1.in.eperm	2013-05-06 13:24:27.832436506 +0200
++++ tcpdump-4.4.0/tcpdump.1.in	2013-05-06 13:24:27.839436511 +0200
+@@ -221,6 +221,9 @@ have the name specified with the
+ flag, with a number after it, starting at 1 and continuing upward.
+ The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
+ not 1,048,576 bytes).
++
++Note that when used with \fB\-Z\fR option (enabled by default), privileges
++are dropped before opening first savefile.
+ .TP
+ .B \-d
+ Dump the compiled packet-matching code in a human readable form to
+@@ -720,7 +723,9 @@ but before opening any savefiles for out
+ and the group ID to the primary group of
+ .IR user .
+ .IP
+-This behavior can also be enabled by default at compile time.
++This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
++be disabled by \fB\-Z root\fR.
++
+ .IP "\fI expression\fP"
+ .RS
+ selects which packets will be dumped.
+diff -up tcpdump-4.4.0/tcpdump.c.eperm tcpdump-4.4.0/tcpdump.c
+--- tcpdump-4.4.0/tcpdump.c.eperm	2013-03-24 22:49:18.000000000 +0100
++++ tcpdump-4.4.0/tcpdump.c	2013-05-06 13:28:40.929602618 +0200
+@@ -1426,11 +1426,24 @@ main(int argc, char **argv)
+ 	}
+ #endif /* HAVE_CAP_NG_H */
+ 
+-	if (getuid() == 0 || geteuid() == 0) {
+-		if (username || chroot_dir)
++	/* If user is running tcpdump as root and wants to write to the savefile,
++	 * we will check if -C is set and if it is, we will drop root
++	 * privileges right away and consequent call to	pcap_dump_open()
++	 * will most likely fail for the first file. If -C flag is not set we
++	 * will create file as root then change ownership of file to proper
++	 * user(default tcpdump) and drop root privileges.
++	 */
++	int chown_flag = 0;
++
++	if (WFileName && (getuid() == 0 || geteuid() == 0))
++		if (Cflag && (username || chroot_dir))
++			droproot(username, chroot_dir);
++                else 
++			chown_flag = 1;
++	else
++		if ((getuid() == 0 || geteuid() == 0) && (username || chroot_dir))
+ 			droproot(username, chroot_dir);
+ 
+-	}
+ #endif /* WIN32 */
+ 
+ 	if (pcap_setfilter(pd, &fcode) < 0)
+@@ -1450,6 +1463,21 @@ main(int argc, char **argv)
+ 		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
+ 
+ 		p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
++
++		/* Change ownership of file and drop root privileges */
++		if (chown_flag) {
++			struct passwd *pwd;
++
++			pwd = getpwnam(username);
++			if (!pwd)
++				error("Couldn't find user '%s'", username);
++
++			if (chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0)
++				error("Couldn't change ownership of savefile");
++
++			if (username || chroot_dir)
++				droproot(username, chroot_dir);
++		}
+ #ifdef HAVE_CAP_NG_H
+         /* Give up capabilities, clear Effective set */
+         capng_clear(CAPNG_EFFECTIVE);
diff --git a/tcpdump.spec b/tcpdump.spec
index 3cbaff2..e45114b 100644
--- a/tcpdump.spec
+++ b/tcpdump.spec
@@ -1,12 +1,12 @@
 Summary: A network traffic monitoring tool
 Name: tcpdump
 Epoch: 14
-Version: 4.3.0
-Release: 3%{?dist}
+Version: 4.4.0
+Release: 1%{?dist}
 License: BSD with advertising
 URL: http://www.tcpdump.org
 Group: Applications/Internet
-Requires(pre): shadow-utils 
+Requires(pre): shadow-utils
 BuildRequires: openssl-devel libpcap-devel
 BuildRequires: automake sharutils
 
@@ -16,7 +16,7 @@ Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz
 Patch1: tcpdump-4.0.0-portnumbers.patch
 Patch2: tcpdump-4.0.0-icmp6msec.patch
 Patch3: tcpdump-3.9.8-gethostby.patch
-Patch4: tcpdump-4.2.1-eperm.patch
+Patch4: tcpdump-4.4.0-eperm.patch
 Patch5: tcpslice-1.2a3-time.patch
 Patch6: tcpslice-CVS.20010207-bpf.patch
 Patch7: tcpslice-1.2a3-dateformat.patch
@@ -95,6 +95,9 @@ exit 0
 %{_mandir}/man8/tcpdump.8*
 
 %changelog
+* Thu Jun 06 2013 Michal Sekletar <msekleta@redhat.com> - 14:4.4.0-1
+- update to 4.4.0
+
 * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:4.3.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
@@ -122,7 +125,7 @@ exit 0
 - dropped unnecessary patches
 
 * Wed Aug 24 2011 Michal Sekletar <msekleta@redhat.com> - 14:4.1.1-3
-- Fix manpage (#663739) 
+- Fix manpage (#663739)
 - Fix improper handling of bad date format in tcpslice (#684005)
 - Spec file clean up
 
@@ -276,7 +279,7 @@ exit 0
 - fix for CAN-2005-1267 - BGP DoS, #159209
 
 * Thu Apr 28 2005 Martin Stransky <stransky@redhat.com> - 14:3.8.2-12
-- fix for CAN-2005-1280 Multiple DoS issues in tcpdump 
+- fix for CAN-2005-1280 Multiple DoS issues in tcpdump
   (CAN-2005-1279 CAN-2005-1278), #156041
 
 * Mon Mar 7 2005 Martin Stransky <stransky@redhat.com>
@@ -287,7 +290,7 @@ exit 0
 - support for files larger than 2GB (#147840)
 
 * Fri Feb 11 2005 Ivana Varekova <varekova@redhat.com> - 14:3.8.2-9
-- added arpsnmp options to specify sender and recipient 
+- added arpsnmp options to specify sender and recipient
   and corrected arpwatch and arpsnmp man pages (#70386)
 
 * Thu Feb 10 2005 Ivana Varekova <varekova@redhat.com> - 14:3.8.2-8
@@ -578,7 +581,7 @@ exit 0
 - added arpsnmp to package (#3258).
 - arp2ethers written for different of awk (#4326).
 
-* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
 - auto rebuild in the new build environment (release 10)
 
 * Fri Mar 19 1999 Jeff Johnson <jbj@redhat.com>
@@ -609,7 +612,7 @@ exit 0
 
 * Tue Oct 21 1997 Erik Troan <ewt@redhat.com>
 - updated to release 3.4a5
-- uses a buildroot and %%attr 
+- uses a buildroot and %%attr
 
 * Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
 - built against glibc