!13 fix CVE-2023-46316

From: @XWwalker Reviewed-by: @robertxw Signed-off-by: @robertxw
2023-10-30 12:02:33 +00:00 · 2023-10-30 12:02:33 +00:00 · b6724c3783
commit b6724c3783
parent 0877e5980a 0e0677d4b7
2 changed files with 77 additions and 1 deletions
--- a/backport-CVE-2023-46316.patch
+++ b/backport-CVE-2023-46316.patch
@ -0,0 +1,68 @@
+Author: Dmitry Butskoy  <Dmitry@Butskoy.name>
+Description:
+ Fix command line parsing in wrappers.
+
+Conflict:NA
+Reference:https://udomain.dl.sourceforge.net/project/traceroute/traceroute/traceroute-2.1.3/traceroute-2.1.3.tar.gz 
+
+---
+ wrappers/tcptraceroute    | 2 +-
+ wrappers/tracepath        | 2 +-
+ wrappers/traceproto       | 2 +-
+ wrappers/traceroute-nanog | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/wrappers/tcptraceroute b/wrappers/tcptraceroute
+index b4fc810..9063886 100755
+--- a/wrappers/tcptraceroute
+++ b/wrappers/tcptraceroute
+@@ -26,7 +26,7 @@ usage () {
+ }
+ 
+ 
+-PARSED=`getopt 'hvdnNi:l:f:Fm:p:q:w:s:t:SAE' "$@"`
+PARSED=`getopt -- 'hvdnNi:l:f:Fm:p:q:w:s:t:SAE' "$@"`
+ [ $? != 0 ] && exit 2
+ 
+ eval set -- "$PARSED"
+diff --git a/wrappers/tracepath b/wrappers/tracepath
+index 987b998..448f031 100755
+--- a/wrappers/tracepath
+++ b/wrappers/tracepath
+@@ -25,7 +25,7 @@ usage () {
+ }
+ 
+ 
+-PARSED=`getopt 'hnbl:' "$@"`
+PARSED=`getopt -- 'hnbl:' "$@"`
+ [ $? != 0 ] && exit 2
+ 
+ eval set -- "$PARSED"
+diff --git a/wrappers/traceproto b/wrappers/traceproto
+index 988fdc5..5dfd9a7 100755
+--- a/wrappers/traceproto
+++ b/wrappers/traceproto
+@@ -38,7 +38,7 @@ warning () {
+ }
+  
+ 
+-PARSED=`getopt 'cCTfAhvRp:d:D:s:S:m:M:w:W:a:P:F:k:I:H:i:o:t:' "$@"`
+PARSED=`getopt -- 'cCTfAhvRp:d:D:s:S:m:M:w:W:a:P:F:k:I:H:i:o:t:' "$@"`
+ [ $? != 0 ] && exit 2
+ 
+ eval set -- "$PARSED"
+diff --git a/wrappers/traceroute-nanog b/wrappers/traceroute-nanog
+index 29fd2a4..aac4c83 100755
+--- a/wrappers/traceroute-nanog
+++ b/wrappers/traceroute-nanog
+@@ -31,7 +31,7 @@ warning () {
+ }
+  
+ 
+-PARSED=`getopt 'adnruvAMOPQU$w:S:m:p:q:g:t:s:I:f:T:' "$@"`
+PARSED=`getopt -- 'adnruvAMOPQU$w:S:m:p:q:g:t:s:I:f:T:' "$@"`
+ [ $? != 0 ] && {
+     usage
+     exit 2
+-- 
+2.27.0
--- a/traceroute.spec
+++ b/traceroute.spec
@ -1,12 +1,14 @@
 Name:               traceroute
 Epoch:              3
 Version:            2.1.2
-Release:            1
+Release:            2
 Summary:            A new modern implementation of traceroute(8) utility for Linux systems
 License:            GPL-2.0-or-later
 URL:                http://traceroute.sourceforge.net/
 Source0:            https://udomain.dl.sourceforge.net/project/traceroute/traceroute/traceroute-2.1.2/traceroute-2.1.2.tar.gz

+Patch0:             backport-CVE-2023-46316.patch
+
 Provides:           tcptraceroute = 1.5-1
 Obsoletes:          tcptraceroute < 1.5-1

@ -45,6 +47,12 @@ ln -s traceroute.8 $RPM_BUILD_ROOT%{_mandir}/man8/tcptraceroute.8
 %{_mandir}/*/*

 %changelog
+* Mon Oct 30 2023 xingwei <xingwei14@h-partners.com> - 3:2.1.2-2
+- Type:CVE
+- CVE:CVE-2023-46316
+- SUG:NA
+- DESC:fix CVE-2023-46316
+
 * Jul Sat 22 2023 Xingwei <xingwei14@h-partners.com> - 3:2.1.2-1
 - Type:requirement
 - Id:NA