From 27cc27c440673b10de397fcae7f756d2a9e9cbb8 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Thu, 9 Nov 2023 05:48:05 -0500 Subject: [PATCH] - Rebase to 12.3.5 [RHEL-15059] - Fix CVE-2023-34058 [RHEL-14649] - Fix CVE-2023-34059 [RHEL-14683] - Resolves: RHEL-15059 ([ESXi][RHEL8]open-vm-tools version 12.3.5 has been released - please rebase) - Resolves: RHEL-14649 (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-8.10.0]) - Resolves: RHEL-14683 (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-8.10.0]) --- .gitignore | 1 + open-vm-tools.spec | 23 +++++++++++++++-------- sources | 2 +- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index cb85765..06f13b4 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ SOURCES/open-vm-tools-12.1.5-20735119.tar.gz /open-vm-tools-12.1.5-20735119.tar.gz /open-vm-tools-12.2.0-21223074.tar.gz /open-vm-tools-12.2.5-21855600.tar.gz +/open-vm-tools-12.3.5-22544099.tar.gz diff --git a/open-vm-tools.spec b/open-vm-tools.spec index 9a7f0d4..0fcc7fc 100644 --- a/open-vm-tools.spec +++ b/open-vm-tools.spec @@ -19,9 +19,9 @@ ################################################################################ %global _hardened_build 1 -%global majorversion 12.2 +%global majorversion 12.3 %global minorversion 5 -%global toolsbuild 21855600 +%global toolsbuild 22544099 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -32,7 +32,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 4%{?dist} +Release: 1%{?dist}.mrezanin202311091136 Summary: Open Virtual Machine Tools for virtual machines hosted on VMware License: GPLv2 URL: https://github.com/vmware/%{name} @@ -52,10 +52,6 @@ ExclusiveArch: %{ix86} x86_64 aarch64 %endif # Patch0: name.patch -# For RHEL-4584 - CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-8.10.0] -Patch1: ovt-VGAuth-Allow-only-X509-certs-to-verify-the-SAML-toke.patch -# For RHEL-7012 - [RHEL8.10][ESXi]Latest version of open-vm-tools breaks VM backups -Patch2: ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch BuildRequires: autoconf BuildRequires: automake @@ -91,7 +87,7 @@ BuildRequires: gtk3-devel >= 3.10.0 BuildRequires: gtkmm30-devel >= 3.10.0 BuildRequires: libtirpc-devel BuildRequires: rpcgen -BuildRequires: systemd-rpm-macros +BuildRequires: systemd-udev %else BuildRequires: gtk2-devel >= 2.4.0 BuildRequires: gtkmm24-devel @@ -414,6 +410,17 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog +* Thu Nov 09 2023 Miroslav Rezanina - 12.3.5-1 +- Rebase to 12.3.5 [RHEL-15059] +- Fix CVE-2023-34058 [RHEL-14649] +- Fix CVE-2023-34059 [RHEL-14683] +- Resolves: RHEL-15059 + ([ESXi][RHEL8]open-vm-tools version 12.3.5 has been released - please rebase) +- Resolves: RHEL-14649 + (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-8.10.0]) +- Resolves: RHEL-14683 + (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-8.10.0]) + * Wed Sep 27 2023 Jon Maloy - 12.2.5-4 - ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-7012] - Resolves: RHEL-7012 diff --git a/sources b/sources index f9368fe..0a2671d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (open-vm-tools-12.2.5-21855600.tar.gz) = 72db3b88f61624d26e8ff7e37e4fc52ecd0bec0b6f076d935870c03312321c5e0b406d05eae7012872734a50626ed760dff2cf872e26ec18ebf200aff5ed12ef +SHA512 (open-vm-tools-12.3.5-22544099.tar.gz) = 7a81d929ea4871b8af0af0fa3dc62a821ac4286235255103f1bcf014e3b04b5bbbfa178a9328a16d67cfd595c4ce726dc9e195adbe21ec5c68a4d1abb1561ff6