import CS traceroute-2.1.0-8.el8

2024-03-27 20:36:50 +00:00 · 2024-03-27 20:36:50 +00:00 · 3c1dc72317
commit 3c1dc72317
parent e8393d2ebf
2 changed files with 78 additions and 2 deletions
--- a/SOURCES/001-traceroute-CVE-2023-46316.patch
+++ b/SOURCES/001-traceroute-CVE-2023-46316.patch
@ -0,0 +1,68 @@
+From 9a605da8a6c72f0f52f505f38adb3133b7e726f8 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Mon, 30 Oct 2023 12:55:43 +0100
+Subject: [PATCH] Fix command line parsing in wrappers
+
+Resolves: CVE-2023-46316
+---
+ wrappers/tcptraceroute    | 2 +-
+ wrappers/tracepath        | 2 +-
+ wrappers/traceproto       | 2 +-
+ wrappers/traceroute-nanog | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/wrappers/tcptraceroute b/wrappers/tcptraceroute
+index b4fc810..9063886 100755
+--- a/wrappers/tcptraceroute
+++ b/wrappers/tcptraceroute
+@@ -26,7 +26,7 @@ usage () {
+ }
+ 
+ 
+-PARSED=`getopt 'hvdnNi:l:f:Fm:p:q:w:s:t:SAE' "$@"`
+PARSED=`getopt -- 'hvdnNi:l:f:Fm:p:q:w:s:t:SAE' "$@"`
+ [ $? != 0 ] && exit 2
+ 
+ eval set -- "$PARSED"
+diff --git a/wrappers/tracepath b/wrappers/tracepath
+index 987b998..448f031 100755
+--- a/wrappers/tracepath
+++ b/wrappers/tracepath
+@@ -25,7 +25,7 @@ usage () {
+ }
+ 
+ 
+-PARSED=`getopt 'hnbl:' "$@"`
+PARSED=`getopt -- 'hnbl:' "$@"`
+ [ $? != 0 ] && exit 2
+ 
+ eval set -- "$PARSED"
+diff --git a/wrappers/traceproto b/wrappers/traceproto
+index 988fdc5..5dfd9a7 100755
+--- a/wrappers/traceproto
+++ b/wrappers/traceproto
+@@ -38,7 +38,7 @@ warning () {
+ }
+  
+ 
+-PARSED=`getopt 'cCTfAhvRp:d:D:s:S:m:M:w:W:a:P:F:k:I:H:i:o:t:' "$@"`
+PARSED=`getopt -- 'cCTfAhvRp:d:D:s:S:m:M:w:W:a:P:F:k:I:H:i:o:t:' "$@"`
+ [ $? != 0 ] && exit 2
+ 
+ eval set -- "$PARSED"
+diff --git a/wrappers/traceroute-nanog b/wrappers/traceroute-nanog
+index 29fd2a4..aac4c83 100755
+--- a/wrappers/traceroute-nanog
+++ b/wrappers/traceroute-nanog
+@@ -31,7 +31,7 @@ warning () {
+ }
+  
+ 
+-PARSED=`getopt 'adnruvAMOPQU$w:S:m:p:q:g:t:s:I:f:T:' "$@"`
+PARSED=`getopt -- 'adnruvAMOPQU$w:S:m:p:q:g:t:s:I:f:T:' "$@"`
+ [ $? != 0 ] && {
+     usage
+     exit 2
+-- 
+2.41.0
+
--- a/SPECS/traceroute.spec
+++ b/SPECS/traceroute.spec
@ -2,12 +2,14 @@ Summary: Traces the route taken by packets over an IPv4/IPv6 network
 Name: traceroute
 Epoch: 3
 Version: 2.1.0
-Release: 6%{?dist}
+Release: 8%{?dist}
 Group: Applications/Internet
 License: GPLv2+
 URL:  http://traceroute.sourceforge.net
 Source0: http://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-%{version}/traceroute-%{version}.tar.gz

+Patch001: 001-traceroute-CVE-2023-46316.patch
+
 Provides: tcptraceroute = 1.5-1
 Obsoletes: tcptraceroute < 1.5-1

@ -25,7 +27,7 @@ problems.


 %prep
-%setup -q
+%autosetup -p1


 %build
@ -59,6 +61,12 @@ popd


 %changelog
+* Mon Nov 27 2023 Jan Macku <jamacku@redhat.com> - 3:2.1.0-8
+- add gating.yaml
+
+* Mon Oct 30 2023 Jan Macku <jamacku@redhat.com> - 3:2.1.0-7
+- fix improper command line parsing (CVE-2023-46316)
+
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3:2.1.0-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild