2025-11-27 13:19:05 +01:00
7 changed files with 63 additions and 20 deletions
--- a/tcpreplay-4.4.4.tar.xz
+++ b/tcpreplay-4.4.4.tar.xz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3ff9753cc43bb15e77832cee657e3030dbcdd957fa247e6abacc605689e24051
-size 748344
--- a/tcpreplay-4.4.4.tar.xz.asc
+++ b/tcpreplay-4.4.4.tar.xz.asc
@@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQFKBAABCgA0FiEEhOT6IVyTSn2X3HbV6eIUl5O94X4FAmSGDcIWHHRjcHJlcGxh
-eUBhcHBuZXRhLmNvbQAKCRDp4hSXk73hfkScB/kBMmRAe/4PSAzX6olgFxcG2A2q
-zqVi3UZrpdHROZ80Bar9ZFOYTSovJihW8VuH4+TyF/wUJjC0Lj/6tcULeRTL2eU6
-Qpkez+EpdSi/pa+p+gkix8YdMEqhI5Vydejf5wuA1GGwnnBwxAHKl9ctUeKRId4M
-3XtYA3P9kuu/cohSmj9G5eu8RT2gxVpihOPrWQQAKhzLOSH9fy8ypnKbaXNbyEdE
-zc0l2RKdFRn1FKMdCnYDZzTH93XSKdI6mIGijd4/KWdVk19RW8nwG9k3uHWzCjsg
-exsXHTa8JyOInug8w8uFAm2A5V0sRGLJ5zS2rn9a68EBcBotIQ/tygsbJyTz
-=MGgL
-----END PGP SIGNATURE-----
--- a/tcpreplay-4.5.2.tar.xz
+++ b/tcpreplay-4.5.2.tar.xz
--- a/tcpreplay-4.5.2.tar.xz.asc
+++ b/tcpreplay-4.5.2.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFKBAABCgA0FiEEhOT6IVyTSn2X3HbV6eIUl5O94X4FAmiucVgWHHRjcHJlcGxh
+eUBhcHBuZXRhLmNvbQAKCRDp4hSXk73hfmrCB/44WWbB9m0lG/QvVqGcfxG5f/kW
+RsLrEyKwpesQXHQHOgQFJWUxhkx9BEWwxGpWRlw0yJtSZ3+MueGncxPgWJ4zw+TP
+Pr+gByphN3Nz3ul+WFFg03AX8Mvx5uPpTgdCVZIOuAvE68a0QfGjAedFCrLVhoj8
+AZ3KtWkbkD+JT1M2kwq1/jF5FCa6PFidUQRhC6HsuxcnuRaa1mRQSDsMjNxeJPVS
+oU0tDSjdLQeNgCXEZqn13txdl+cO54KEnZ0ekuKCPQrIbblHE3VKhZcM9FIHYg4b
+LKcO70sDcv9A2uOCBosY6RN7QPF97QngtwfU9qweFtSyMFUDj3H7Dxgsf5FJ
+=tn7q
+-----END PGP SIGNATURE-----
--- a/tcpreplay-CVE-2025-8746.patch
+++ b/tcpreplay-CVE-2025-8746.patch
@@ -0,0 +1,14 @@
+Index: tcpreplay-4.5.1/libopts/save.c
+===================================================================
+--- tcpreplay-4.5.1.orig/libopts/save.c
+++ tcpreplay-4.5.1/libopts/save.c
+@@ -495,6 +495,9 @@ remove_settings(tOptions * opts, char co
+     char *       text = text_mmap(fname, PROT_READ|PROT_WRITE, MAP_PRIVATE, &map_info);
+     char *       scan = text;
+ 
+    if (TEXT_MMAP_FAILED_ADDR(text))
+      goto leave;
+
+     for (;;) {
+         char * next = scan = strstr(scan, zCfgProg);
+         if (scan == NULL)
--- a/tcpreplay.changes
+++ b/tcpreplay.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Thu Nov 13 00:28:00 UTC 2025 - Michal Kubecek <mkubecek@suse.cz>
+
+- update to 4.5.2:
+  * features added since 4.4.4
+    - fix/recalculate header checksum for ipv6-frag
+    - IPv6 frag checksum support
+    - AF_XDP socket support
+    - tcpreplay -w (write into a pcap file)
+    - tcpreplay --fixhdrlen
+    - --include and --exclude options
+    - SLL2 support
+    - Haiku support
+  * security fixes reported for 4.4.4 fixed in 4.5.2
+    - CVE-2023-4256  / bsc#1218249
+    - CVE-2023-43279 / bsc#1221324
+    - CVE-2024-3024  / bsc#1222131 (likely)
+    - CVE-2024-22654 / bsc#1243845
+    - CVE-2025-9157  / bsc#1248322
+    - CVE-2025-9384  / bsc#1248595
+    - CVE-2025-9385  / bsc#1248596
+    - CVE-2025-9386  / bsc#1248597
+    - CVE-2025-9649  / bsc#1248964
+    - CVE-2025-51006 / bsc#1250356
+  - see https://github.com/appneta/tcpreplay/compare/v4.4.4...v4.5.2
+    for full changelog
+- security fix for CVE-2025-8746 / bsc#1247919
+  * tcpreplay-CVE-2025-8746.patch
+- drop SLE11 build workaround (not needed in Leap package)
+
 -------------------------------------------------------------------
 Tue Jul 11 16:31:05 UTC 2023 - Martin Hauke <mardnh@gmx.de>

--- a/tcpreplay.spec
+++ b/tcpreplay.spec
@@ -17,7 +17,7 @@


 Name:           tcpreplay
-Version:        4.4.4
+Version:        4.5.2
 Release:        0
 Summary:        Network analysis and testing tools
 License:        GPL-3.0-only
@@ -26,17 +26,14 @@ URL:            https://tcpreplay.appneta.com/
 Source0:        https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.xz
 Source1:        https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.xz.asc
 Source2:        %{name}.keyring
+# CVE-2025-8746 [bsc#1247917], improper input validation and memory bounds checking when processing certain malformed configuration files
+Patch0:         tcpreplay-CVE-2025-8746.patch
 BuildRequires:  dbus-1-devel
 BuildRequires:  libdnet-devel
 BuildRequires:  libpcap-devel
 BuildRequires:  tcpdump
 Requires:       tcpdump
-%if 0%{?suse_version} >= 1130
 BuildRequires:  libnl3-devel
-%else
-# only needed for suse_version < 1130 (i.e. SLE11)
-BuildRequires:  xz
-%endif

 %description
 Tcpreplay is a suite of utilities for editing and replaying
@@ -47,8 +44,10 @@ supports switches, routers and IP Flow/NetFlow appliances.

 %prep
 %setup -q
+%patch -P 0 -p1

 %build
+export CFLAGS="%{optflags} -std=gnu11"
 %configure \
  --enable-dynamic-link
 %make_build