diff --git a/.gitignore b/.gitignore index 0983b54..e711d06 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ /open-vm-tools-11.3.5-18557794.tar.gz /open-vm-tools-12.0.0-19345655.tar.gz /open-vm-tools-12.0.5-19716617.tar.gz +/open-vm-tools-12.1.0-20219665.tar.gz diff --git a/1205-Properly-check-authorization-on-incoming-guestOps-re.patch b/1205-Properly-check-authorization-on-incoming-guestOps-re.patch deleted file mode 100644 index cce189d..0000000 --- a/1205-Properly-check-authorization-on-incoming-guestOps-re.patch +++ /dev/null @@ -1,36 +0,0 @@ -From be635a7eaf7bd19177b7002aa2c793c78be77ecc Mon Sep 17 00:00:00 2001 -From: John Wolfe -Date: Wed, 10 Aug 2022 07:20:28 -0700 -Subject: [PATCH] Properly check authorization on incoming guestOps requests - -Fix public pipe request checks. Only a SessionRequest type should -be accepted on the public pipe. ---- - open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c -index db7159e..c4f85b0 100644 ---- a/vgauth/serviceImpl/proto.c -+++ b/vgauth/serviceImpl/proto.c -@@ -1,5 +1,5 @@ - /********************************************************* -- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved. -+ * Copyright (c) 2011-2016,2019-2022 VMware, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published -@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn, - VGAuthError err; - gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn); - -+ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) { -+ return VGAUTH_E_PERMISSION_DENIED; -+ } -+ - switch (req->reqType) { - /* - * This comes over the public connection; alwsys let it through. --- -2.6.2 - diff --git a/open-vm-tools.spec b/open-vm-tools.spec index 247fb61..3947fa1 100644 --- a/open-vm-tools.spec +++ b/open-vm-tools.spec @@ -19,9 +19,9 @@ ################################################################################ %global _hardened_build 1 -%global majorversion 12.0 -%global minorversion 5 -%global toolsbuild 19716617 +%global majorversion 12.1 +%global minorversion 0 +%global toolsbuild 20219665 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -32,7 +32,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 3%{?dist} +Release: 1%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware License: GPLv2 URL: https://github.com/vmware/%{name} @@ -52,7 +52,7 @@ ExclusiveArch: %{ix86} x86_64 aarch64 %endif # Patches -Patch1: 1205-Properly-check-authorization-on-incoming-guestOps-re.patch +#Patch1: .patch BuildRequires: autoconf BuildRequires: automake @@ -420,7 +420,14 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog -* Sun Sept 4 2022 John Wolfe - 12.0.5-3 +* Thu Sep 8 2022 John Wolfe - 12.1.0-1 +- Package new upstream version open-vm-tools-12.1.0-20219665. + . fix for CVE-2022-31676 - a local privilege escalation vulnerability. + . address a number of Coverity reported issues. +- Remove patch 1205-Properly-check-authorization-on-incoming-guestOps-re.patch + as no longer needed. + +* Sun Sep 4 2022 John Wolfe - 12.0.5-3 - Add patch 1205-Properly-check-authorization-on-incoming-guestOps-re.patch to fix CVE-2022-31676 in open-vm-tools 12.0.5 tracked in PR 120976. - Correct build requirements - replace systemd-rpm-macros with systemd_udev. diff --git a/sources b/sources index d2fc5cd..592998d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (open-vm-tools-12.0.5-19716617.tar.gz) = d0e842a33e423cb07f86c2c7c9b3d2e7bca85c49c922d14529a72db322931b3baedad386bffc1bb500bb4fe8b572529f3c63fc823732405849edb6344b405714 +SHA512 (open-vm-tools-12.1.0-20219665.tar.gz) = 00cd71a5fc25d854d0043b2ddfb7f759e3b3138acb9f33f7452641d7520e46bfa39ff784bde6c711de6e8aec24309720532100d7a8588fb1bebaa378b9566a2a