- Rebase to 12.3.5 [RHEL-15059] - Fix CVE-2023-34058 [RHEL-14649] - Fix CVE-2023-34059 [RHEL-14683] - Resolves: RHEL-15059 ([ESXi][RHEL8]open-vm-tools version 12.3.5 has been released - please rebase) - Resolves: RHEL-14649 (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-8.10.0]) - Resolves: RHEL-14683 (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-8.10.0])

2023-11-09 05:48:05 -05:00 · 2023-11-09 05:48:05 -05:00 · 27cc27c440
commit 27cc27c440
parent 8fa39b6fc3
3 changed files with 17 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@ SOURCES/open-vm-tools-12.1.5-20735119.tar.gz
 /open-vm-tools-12.1.5-20735119.tar.gz
 /open-vm-tools-12.2.0-21223074.tar.gz
 /open-vm-tools-12.2.5-21855600.tar.gz
+/open-vm-tools-12.3.5-22544099.tar.gz
--- a/open-vm-tools.spec
+++ b/open-vm-tools.spec
@ -19,9 +19,9 @@
 ################################################################################

 %global _hardened_build 1
-%global majorversion    12.2
+%global majorversion    12.3
 %global minorversion    5
-%global toolsbuild      21855600
+%global toolsbuild      22544099
 %global toolsversion    %{majorversion}.%{minorversion}
 %global toolsdaemon     vmtoolsd
 %global vgauthdaemon    vgauthd
@ -32,7 +32,7 @@

 Name:             open-vm-tools
 Version:          %{toolsversion}
-Release:          4%{?dist}
+Release:          1%{?dist}.mrezanin202311091136
 Summary:          Open Virtual Machine Tools for virtual machines hosted on VMware
 License:          GPLv2
 URL:              https://github.com/vmware/%{name}
@ -52,10 +52,6 @@ ExclusiveArch:    %{ix86} x86_64 aarch64
 %endif

 # Patch0: name.patch
-# For RHEL-4584 - CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-8.10.0]
-Patch1: ovt-VGAuth-Allow-only-X509-certs-to-verify-the-SAML-toke.patch
-# For RHEL-7012 - [RHEL8.10][ESXi]Latest version of open-vm-tools breaks VM backups
-Patch2: ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch

 BuildRequires:    autoconf
 BuildRequires:    automake
@ -91,7 +87,7 @@ BuildRequires:    gtk3-devel >= 3.10.0
 BuildRequires:    gtkmm30-devel >= 3.10.0
 BuildRequires:    libtirpc-devel
 BuildRequires:    rpcgen
-BuildRequires:    systemd-rpm-macros
+BuildRequires:    systemd-udev
 %else
 BuildRequires:    gtk2-devel >= 2.4.0
 BuildRequires:    gtkmm24-devel
@ -414,6 +410,17 @@ fi
 %{_bindir}/vmware-vgauth-smoketest

 %changelog
+* Thu Nov 09 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.3.5-1
+- Rebase to 12.3.5 [RHEL-15059]
+- Fix CVE-2023-34058 [RHEL-14649]
+- Fix CVE-2023-34059 [RHEL-14683]
+- Resolves: RHEL-15059
+  ([ESXi][RHEL8]open-vm-tools version 12.3.5 has been released - please rebase)
+- Resolves: RHEL-14649
+  (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-8.10.0])
+- Resolves: RHEL-14683
+  (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-8.10.0])
+
 * Wed Sep 27 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.5-4
 - ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-7012]
 - Resolves: RHEL-7012
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (open-vm-tools-12.2.5-21855600.tar.gz) = 72db3b88f61624d26e8ff7e37e4fc52ecd0bec0b6f076d935870c03312321c5e0b406d05eae7012872734a50626ed760dff2cf872e26ec18ebf200aff5ed12ef
+SHA512 (open-vm-tools-12.3.5-22544099.tar.gz) = 7a81d929ea4871b8af0af0fa3dc62a821ac4286235255103f1bcf014e3b04b5bbbfa178a9328a16d67cfd595c4ce726dc9e195adbe21ec5c68a4d1abb1561ff6