From f877c13dcde49830facbead3d8bc831ccbe121d3 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 28 Mar 2024 11:57:19 +0000 Subject: [PATCH] import CS traceroute-2.1.0-18.el9 --- SOURCES/002-traceroute-CVE-2023-46316.patch | 68 +++++++++++++++++++++ SPECS/traceroute.spec | 13 ++-- 2 files changed, 77 insertions(+), 4 deletions(-) create mode 100644 SOURCES/002-traceroute-CVE-2023-46316.patch diff --git a/SOURCES/002-traceroute-CVE-2023-46316.patch b/SOURCES/002-traceroute-CVE-2023-46316.patch new file mode 100644 index 0000000..0c25298 --- /dev/null +++ b/SOURCES/002-traceroute-CVE-2023-46316.patch @@ -0,0 +1,68 @@ +From 9a605da8a6c72f0f52f505f38adb3133b7e726f8 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 30 Oct 2023 12:55:43 +0100 +Subject: [PATCH] Fix command line parsing in wrappers + +Resolves: CVE-2023-46316 +--- + wrappers/tcptraceroute | 2 +- + wrappers/tracepath | 2 +- + wrappers/traceproto | 2 +- + wrappers/traceroute-nanog | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/wrappers/tcptraceroute b/wrappers/tcptraceroute +index b4fc810..9063886 100755 +--- a/wrappers/tcptraceroute ++++ b/wrappers/tcptraceroute +@@ -26,7 +26,7 @@ usage () { + } + + +-PARSED=`getopt 'hvdnNi:l:f:Fm:p:q:w:s:t:SAE' "$@"` ++PARSED=`getopt -- 'hvdnNi:l:f:Fm:p:q:w:s:t:SAE' "$@"` + [ $? != 0 ] && exit 2 + + eval set -- "$PARSED" +diff --git a/wrappers/tracepath b/wrappers/tracepath +index 987b998..448f031 100755 +--- a/wrappers/tracepath ++++ b/wrappers/tracepath +@@ -25,7 +25,7 @@ usage () { + } + + +-PARSED=`getopt 'hnbl:' "$@"` ++PARSED=`getopt -- 'hnbl:' "$@"` + [ $? != 0 ] && exit 2 + + eval set -- "$PARSED" +diff --git a/wrappers/traceproto b/wrappers/traceproto +index 988fdc5..5dfd9a7 100755 +--- a/wrappers/traceproto ++++ b/wrappers/traceproto +@@ -38,7 +38,7 @@ warning () { + } + + +-PARSED=`getopt 'cCTfAhvRp:d:D:s:S:m:M:w:W:a:P:F:k:I:H:i:o:t:' "$@"` ++PARSED=`getopt -- 'cCTfAhvRp:d:D:s:S:m:M:w:W:a:P:F:k:I:H:i:o:t:' "$@"` + [ $? != 0 ] && exit 2 + + eval set -- "$PARSED" +diff --git a/wrappers/traceroute-nanog b/wrappers/traceroute-nanog +index 29fd2a4..aac4c83 100755 +--- a/wrappers/traceroute-nanog ++++ b/wrappers/traceroute-nanog +@@ -31,7 +31,7 @@ warning () { + } + + +-PARSED=`getopt 'adnruvAMOPQU$w:S:m:p:q:g:t:s:I:f:T:' "$@"` ++PARSED=`getopt -- 'adnruvAMOPQU$w:S:m:p:q:g:t:s:I:f:T:' "$@"` + [ $? != 0 ] && { + usage + exit 2 +-- +2.41.0 + diff --git a/SPECS/traceroute.spec b/SPECS/traceroute.spec index aee7c39..18eb8c8 100644 --- a/SPECS/traceroute.spec +++ b/SPECS/traceroute.spec @@ -2,12 +2,13 @@ Summary: Traces the route taken by packets over an IPv4/IPv6 network Name: traceroute Epoch: 3 Version: 2.1.0 -Release: 16%{?dist} +Release: 18%{?dist} License: GPLv2+ URL: http://traceroute.sourceforge.net Source0: https://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-%{version}/traceroute-%{version}.tar.gz Patch001: 001-review-of-CWE-170-CWE-772.patch +Patch002: 002-traceroute-CVE-2023-46316.patch Provides: tcptraceroute = 1.5-1 Obsoletes: tcptraceroute < 1.5-1 @@ -29,9 +30,7 @@ problems. %prep -%setup -q - -%patch001 -p1 +%autosetup -p1 %build @@ -55,6 +54,12 @@ ln -s traceroute.8 $RPM_BUILD_ROOT%{_mandir}/man8/tcptraceroute.8 %changelog +* Mon Nov 27 2023 Jan Macku - 3:2.1.0-18 +- add gating.yaml + +* Mon Oct 30 2023 Jan Macku - 3:2.1.0-17 +- fix improper command line parsing (CVE-2023-46316) + * Tue Aug 10 2021 Mohan Boddu - 3:2.1.0-16 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688