* Tue Nov 06 2025 Lili Du <ldu@redhat.com> - 13.0.5-1

- Rebase to 13.0.5 [RHEL-118505] - Resolves: RHEL-118505 ([ESXi][RHEL9] open-vm-tools version 13.0.5 has been released - please rebase)
2025-11-06 15:54:29 +08:00 · 2025-11-06 15:54:29 +08:00 · 0af1f38ea2
commit 0af1f38ea2
parent 0b544f0f71
4 changed files with 10 additions and 143 deletions
--- a/.gitignore
+++ b/.gitignore
@ -29,3 +29,4 @@
 /open-vm-tools-12.2.0-21223074.tar.gz
 /open-vm-tools-12.2.5-21855600.tar.gz
 /open-vm-tools-12.4.0-23259341.tar.gz
+/open-vm-tools-13.0.5-24915695.tar.gz
--- a/open-vm-tools.spec
+++ b/open-vm-tools.spec
@ -17,10 +17,9 @@
 ### along with this program; if not, write to the Free Software
 ### Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 ################################################################################
-
 %global majorversion    13.0
-%global minorversion    0
-%global toolsbuild      24696409
+%global minorversion    5
+%global toolsbuild      24915695
 %global toolsversion    %{majorversion}.%{minorversion}
 %global toolsdaemon     vmtoolsd
 %global vgauthdaemon    vgauthd
@ -31,7 +30,7 @@

 Name:             open-vm-tools
 Version:          %{toolsversion}
-Release:          2%{?dist}
+Release:          1%{?dist}
 Summary:          Open Virtual Machine Tools for virtual machines hosted on VMware
 License:          GPLv2
 URL:              https://github.com/vmware/%{name}
@ -51,8 +50,6 @@ ExclusiveArch:    %{ix86} x86_64 aarch64

 # Patches
 #Patch0:           <patch-name0>.patch
-# For RHEL-117392 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-9.8]
-Patch1: ovt-Address-CVE-2025-41244.patch

 BuildRequires:    autoconf
 BuildRequires:    automake
@ -422,6 +419,11 @@ fi
 %{_bindir}/vmware-vgauth-smoketest

 %changelog
+* Tue Nov 06 2025 Lili Du <ldu@redhat.com> - 13.0.5-1
+- Rebase to 13.0.5 [RHEL-118505]
+- Resolves: RHEL-118505
+  ([ESXi][RHEL9] open-vm-tools version 13.0.5 has been released - please rebase)
+
 * Mon Oct 06 2025 Miroslav Rezanina <mrezanin@redhat.com> - 13.0.0-2
 - ovt-Address-CVE-2025-41244.patch [RHEL-117392]
 - Resolves: RHEL-117392
--- a/ovt-Address-CVE-2025-41244.patch
+++ b/ovt-Address-CVE-2025-41244.patch
@ -1,136 +0,0 @@
-From 15ab6365a98ed2c8615e2637c49858283d371ee5 Mon Sep 17 00:00:00 2001
-From: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Wed, 1 Oct 2025 10:05:39 +0200
-Subject: [PATCH] Address CVE-2025-41244
-
-RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-MergeRequest: 14: Address CVE-2025-41244
-RH-Jira: RHEL-117392
-RH-Acked-by: roverflow <None>
-RH-Acked-by: Maxim Levitsky <None>
-RH-Acked-by: Ani Sinha <anisinha@redhat.com>
-RH-Commit: [1/1] 3016e4f66aea79f5153ba837741f674994987ff6 (vkuznets/open-vm-tools)
-
-JIRA: https://issues.redhat.com/browse/RHEL-117392
-CVE: CVE-2025-41244
-
-commit 3ab0685c1cf7981c84898d546a73d6db6dcd3823
-Author: Kruti Pendharkar <kp025370@broadcom.com>
-Date:   Mon Sep 29 23:03:43 2025 -0700
-
-    Address CVE-2025-41244
-     - Disable (default) the execution of the SDMP get-versions.sh script.
-
-    With the Linux SDMP get-versions.sh script disabled, version information
-    of installed services will not be made available to VMware Aria
-
-Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
- .../serviceDiscovery/serviceDiscovery.c       | 36 ++++++++++++++++---
- 1 file changed, 31 insertions(+), 5 deletions(-)
-
-diff --git a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-index 0da598f1..5e9772e9 100644
--- a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-+++ b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-@@ -1,5 +1,5 @@
- /*********************************************************
- * Copyright (c) 2020-2024 Broadcom. All Rights Reserved.
-+ * Copyright (c) 2020-2025 Broadcom. All Rights Reserved.
-  * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
-  *
-  * This program is free software; you can redistribute it and/or modify it
-@@ -122,6 +122,12 @@ static gchar* scriptInstallDir = NULL;
- #define CONFNAME_SERVICEDISCOVERY_CACHEDATA "cache-data"
- #define SERVICE_DISCOVERY_CONF_DEFAULT_CACHEDATA TRUE
- 
-+/*
-+ * Defines the configuration to enable/disable version obtaining logic
-+ */
-+#define CONFNAME_SERVICEDISCOVERY_VERSION_CHECK "version-check-enabled"
-+#define SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK FALSE
-+
- /*
-  * Define the configuration to require at least one subscriber subscribed for
-  * the gdp message.
-@@ -1265,23 +1271,27 @@ ServiceDiscoveryServerShutdown(gpointer src,
-  *
-  * Construct final paths of the scripts that will be used for execution.
-  *
-+ * @param[in] versionCheckEnabled  TRUE to include the SERVICE_DISCOVERY_KEY_VERSIONS
-+ *                                 entry; FALSE to skip it (derived from config).
-+ *
-  *****************************************************************************
-  */
- 
- static void
-ConstructScriptPaths(void)
-+ConstructScriptPaths(Bool versionCheckEnabled)
- {
-    int i;
- #if !defined(OPEN_VM_TOOLS)
-    gchar *toolsInstallDir;
- #endif
-+   int insertIndex = 0;
- 
-    if (gFullPaths != NULL) {
-       return;
-    }
- 
-    gFullPaths = g_array_sized_new(FALSE, TRUE, sizeof(KeyNameValue),
-                                  ARRAYSIZE(gKeyScripts));
-+                                  ARRAYSIZE(gKeyScripts) - (versionCheckEnabled ? 0u : 1u));
-    if (scriptInstallDir == NULL) {
- #if defined(OPEN_VM_TOOLS)
-       scriptInstallDir = Util_SafeStrdup(VMTOOLS_SERVICE_DISCOVERY_SCRIPTS);
-@@ -1293,6 +1303,15 @@ ConstructScriptPaths(void)
- #endif
-    }
-    for (i = 0; i < ARRAYSIZE(gKeyScripts); ++i) {
-+      /*
-+       * Skip adding if:
-+       * 1. Version check is disabled, AND
-+       * 2. The keyName matches SERVICE_DISCOVERY_KEY_VERSIONS
-+       */
-+      if (!versionCheckEnabled &&
-+         g_strcmp0(gKeyScripts[i].keyName, SERVICE_DISCOVERY_KEY_VERSIONS) == 0) {
-+         continue;
-+      }
-       KeyNameValue tmp;
-       tmp.keyName = g_strdup_printf("%s", gKeyScripts[i].keyName);
- #if defined(_WIN32)
-@@ -1300,7 +1319,8 @@ ConstructScriptPaths(void)
- #else
-       tmp.val = g_strdup_printf("%s%s%s", scriptInstallDir, DIRSEPS, gKeyScripts[i].val);
- #endif
-      g_array_insert_val(gFullPaths, i, tmp);
-+      g_array_insert_val(gFullPaths, insertIndex, tmp);
-+      insertIndex++;
-    }
- }
- 
-@@ -1366,14 +1386,20 @@ ToolsOnLoad(ToolsAppCtx *ctx)
-          }
-       };
-       gboolean disabled;
-+      Bool versionCheckEnabled;
- 
-       regData.regs = VMTools_WrapArray(regs,
-                                        sizeof *regs,
-                                        ARRAYSIZE(regs));
-+      versionCheckEnabled = VMTools_ConfigGetBoolean(
-+         ctx->config,
-+         CONFGROUPNAME_SERVICEDISCOVERY,
-+         CONFNAME_SERVICEDISCOVERY_VERSION_CHECK,
-+         SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK);
-       /*
-        * Append scripts execution command line
-        */
-      ConstructScriptPaths();
-+      ConstructScriptPaths(versionCheckEnabled);
- 
-       disabled =
-          VMTools_ConfigGetBoolean(ctx->config,
-- 
-2.47.3
-
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (open-vm-tools-13.0.0-24696409.tar.gz) = eacb304f3c00d901ea2afffb09bb26be25b6b10df1de4f1818e7ce07a8c05b5e243c8fbe00a5fbf2680ad5b42727315f5c3fb9af818658ffc2b9425d3f34c37e
+SHA512 (open-vm-tools-13.0.5-24915695.tar.gz) = e8a0c823e8430e3df0873f8031704536e73bec21d4cd37c37a37053fe2a5116ae1d2fdfa05eae95910c22238c967acc96f6603e1dd8289f2ca926507040c757a