[AUTO-CHERRYPICK] Patched CVE-2023-46316 for `traceroute` - branch main. (#6701)

Co-authored-by: Sumynwa <sumsharma@microsoft.com>

SPECS/traceroute/traceroute.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "traceroute-2.1.0.tar.gz": "3669d22a34d3f38ed50caba18cd525ba55c5c00d5465f2d20d7472e5d81603b6"
+  "traceroute-2.1.3.tar.gz": "05ebc7aba28a9100f9bbae54ceecbf75c82ccf46bdfce8b5d64806459a7e0412"
  }
 }

SPECS/traceroute/traceroute.spec

@@ -1,29 +1,25 @@
-Name:           traceroute
 Summary:        Traces the route taken by packets over an IPv4/IPv6 network
-Version:        2.1.0
-Release:        7%{?dist}
+Name:           traceroute
+Version:        2.1.3
+Release:        1%{?dist}
 License:        GPLv2+
-Group:          Applications/Internet
-Url:            http://traceroute.sourceforge.net
-Source0:        http://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-%{version}/traceroute-%{version}.tar.gz
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
-
+Group:          Applications/Internet
+URL:            https://traceroute.sourceforge.net
+Source0:        http://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-%{version}/traceroute-%{version}.tar.gz
 
 %description
 The traceroute utility displays the route used by IP packets on their
 way to a specified network (or Internet) host.
 
 %prep
-%setup -q
-
+%autosetup -p1
 
 %build
 make %{?_smp_mflags} CFLAGS="%{optflags}" LDFLAGS=""
 
 %install
-rm -rf %{buildroot}
-
 install -d %{buildroot}/bin
 install -m755 traceroute/traceroute %{buildroot}/bin
 pushd %{buildroot}/bin
@@ -33,7 +29,7 @@ install -d %{buildroot}%{_bindir}
 install -m755 wrappers/tcptraceroute %{buildroot}%{_bindir}
 
 install -d %{buildroot}%{_mandir}/man8
-install -p -m644 traceroute/traceroute.8 $RPM_BUILD_ROOT%{_mandir}/man8
+install -p -m644 traceroute/traceroute.8 %{buildroot}%{_mandir}/man8
 pushd %{buildroot}%{_mandir}/man8
 ln -s traceroute.8 tcptraceroute.8
 popd
@@ -41,13 +37,15 @@ popd
 %files
 %defattr(-,root,root,-)
 %license COPYING
-%doc COPYING README TODO CREDITS
+%doc README TODO CREDITS
 /bin/*
 %{_bindir}/*
 %{_mandir}/*/*
 
-
 %changelog
+* Mon Nov 06 2023 Sumedh Sharma <sumsharma@microsoft.com> - 2.1.3-1
+- Bump version to fix CVE-2023-46316
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 2.1.0-7
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
@@ -60,13 +58,18 @@ popd
 
 *   Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.1.0-4
 -   Initial CBL-Mariner import from Photon (license: Apache2).
+
 *   Fri Nov 30 2018 Ashwin H <ashwinh@vmware.com> 2.1.0-3
 -   Remove traceroute6 softlink as iputils provides traceroute6
+
 *   Tue Apr 25 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.1.0-2
 -   Ensure non empty debuginfo
+
 *   Tue Mar 28 2017 Xiaolin Li <xiaolinl@vmware.com> 2.1.0-1
 -   Updated to version 2.1.0.
+
 *   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.0.22-2
 -   GA - Bump release of all rpms
+
 *   Fri Feb 26 2016 Anish Swaminathan <anishs@vmware.com>  2.0.22-1
 -   Initial version

cgmanifest.json

@@ -28827,8 +28827,8 @@
         "type": "other",
         "other": {
           "name": "traceroute",
-          "version": "2.1.0",
-          "downloadUrl": "http://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-2.1.0/traceroute-2.1.0.tar.gz"
+          "version": "2.1.3",
+          "downloadUrl": "http://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-2.1.3/traceroute-2.1.3.tar.gz"
         }
       }
     },