From 8de5281ae78772474dbf231da6cd02e6101e86a3 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 4 Dec 2025 08:34:05 +0000 Subject: [PATCH] Revert OL modifications --- ...in-vmware-udev-rule-for-scsi-devices.patch | 25 ------- add-vmware-udev-rule-for-scsi-devices.patch | 31 -------- fix-vmware-udev-rule-for-scsi-devices.patch | 27 ------- open-vm-tools.spec | 28 ++----- ovt-Address-CVE-2025-41244.patch | 15 ++-- ...new-cloud-init-error-code-and-status.patch | 74 ------------------- 6 files changed, 14 insertions(+), 186 deletions(-) delete mode 100644 1003-fix-spaces-in-vmware-udev-rule-for-scsi-devices.patch delete mode 100644 add-vmware-udev-rule-for-scsi-devices.patch delete mode 100644 fix-vmware-udev-rule-for-scsi-devices.patch delete mode 100644 ovt-Handle-new-cloud-init-error-code-and-status.patch diff --git a/1003-fix-spaces-in-vmware-udev-rule-for-scsi-devices.patch b/1003-fix-spaces-in-vmware-udev-rule-for-scsi-devices.patch deleted file mode 100644 index 40bd903..0000000 --- a/1003-fix-spaces-in-vmware-udev-rule-for-scsi-devices.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c1bd2508943a462acdde8dd0914a36e9fd5b50c6 Mon Sep 17 00:00:00 2001 -From: Ashish Samant -Date: Mon, 15 Aug 2016 15:59:23 -0400 -Subject: [PATCH] fix spaces in vmware udev rule for scsi devices - -Orabug: 24461968 - -Signed-off-by: Ashish Samant - -patch forward ported to ol9 -Signed-off-by: Darren Archibald ---- - 99-vmware-scsi-timeout.rules | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a//open-vm-tools-11.0.0-1454943499-vmware-scsi-timeout.rules b/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -index 598d57a..e3729c0 100644 ---- a/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -+++ b/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -@@ -1 +1 @@ --ACTION=="add", SUBSYSTEMS=="scsi", ATTRS{vendor}=="VMware ", ATTRS{model}=="Virtual disk ", RUN+="/bin/sh -c 'echo 180 > /sys$DEVPATH/timeout'" -+ACTION=="add", SUBSYSTEMS=="scsi", ATTRS{vendor}=="VMware ", ATTRS{model}=="Virtual disk ", RUN+="/bin/sh -c 'echo 180 > /sys$DEVPATH/timeout'" --- -1.8.3.1 - diff --git a/add-vmware-udev-rule-for-scsi-devices.patch b/add-vmware-udev-rule-for-scsi-devices.patch deleted file mode 100644 index 5839e41..0000000 --- a/add-vmware-udev-rule-for-scsi-devices.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ce9da81c7fef3b30f458d191542c8e1029ada361 Mon Sep 17 00:00:00 2001 -From: Ashish Samant -Date: Fri, 16 Oct 2015 17:02:29 -0700 -Subject: [PATCH] add-vmware-udev-rule-for-scsi-devices - -Increase timeout for scsi devices on VMWare guests. - -Orabug: 21819156 - -Signed-off-by : Ashish Samant -Reviewed-by : Todd Vierling - -patch forward ported to ol9 -Signed-off-by: Darren Archibald ---- - 99-vmware-scsi-timeout.rules | 3 +++ - 1 file changed, 3 insertions(+) - create mode 100644 99-vmware-scsi-timeout.rules - -diff --git a/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules b/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -new file mode 100644 -index 0000000..1f12d0b ---- /dev/null -+++ b/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -@@ -0,0 +1,3 @@ -+ACTION=="add", SUBSYSTEMS=="scsi", ATTRS{vendor}=="VMware ", -+ATTRS{model}=="Virtual disk ", RUN+="/bin/sh -c 'echo 180 -+>/sys$DEVPATH/timeout'" --- -1.8.3.2 - diff --git a/fix-vmware-udev-rule-for-scsi-devices.patch b/fix-vmware-udev-rule-for-scsi-devices.patch deleted file mode 100644 index 5ba9c78..0000000 --- a/fix-vmware-udev-rule-for-scsi-devices.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 629c5112b52bfe8f157879cfd1290d351e624e8e Mon Sep 17 00:00:00 2001 -From: Ashish Samant -Date: Wed, 24 Feb 2016 11:45:50 -0500 -Subject: [PATCH] fix-vmware-udev-rule-for-scsi-devices - -Orabug: 22815019 - -Signed-off-by: Ashish Samant - -patch forward ported to ol9 -Signed-off-by: Darren Archibald ---- - 99-vmware-scsi-timeout.rules | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules b/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -index 1f12d0b..598d57a 100644 ---- a/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -+++ b/open-vm-tools-11.0.0-14549434/99-vmware-scsi-timeout.rules -@@ -1,3 +1 @@ --ACTION=="add", SUBSYSTEMS=="scsi", ATTRS{vendor}=="VMware ", --ATTRS{model}=="Virtual disk ", RUN+="/bin/sh -c 'echo 180 -->/sys$DEVPATH/timeout'" -+ACTION=="add", SUBSYSTEMS=="scsi", ATTRS{vendor}=="VMware ", ATTRS{model}=="Virtual disk ", RUN+="/bin/sh -c 'echo 180 > /sys$DEVPATH/timeout'" --- -1.8.3.1 - diff --git a/open-vm-tools.spec b/open-vm-tools.spec index 238a707..7ee1ef2 100644 --- a/open-vm-tools.spec +++ b/open-vm-tools.spec @@ -31,7 +31,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 1.0.1%{?dist}.1 +Release: 1%{?dist}.1 Summary: Open Virtual Machine Tools for virtual machines hosted on VMware %if 0%{?bundle_gtkmm3} # atkmm: LGPL-2.1-or-later @@ -69,10 +69,6 @@ Source104: https://kojihub.stream.rdu2.redhat.com/kojifiles/vol/koji02/pa Source105: https://kojihub.stream.rdu2.redhat.com/kojifiles/vol/koji02/packages/pangomm/2.46.4/2.el10/src/pangomm-2.46.4-2.el10.src.rpm Source106: https://kojihub.stream.rdu2.redhat.com/kojifiles/vol/koji02/packages/gtkmm3.0/3.24.8/6.el10/src/gtkmm3.0-3.24.8-6.el10.src.rpm %endif -# Oracle patches -Patch1001: add-vmware-udev-rule-for-scsi-devices.patch -Patch1002: fix-vmware-udev-rule-for-scsi-devices.patch -Patch1003: 1003-fix-spaces-in-vmware-udev-rule-for-scsi-devices.patch %if 0%{?rhel} >= 7 ExclusiveArch: x86_64 aarch64 @@ -82,10 +78,8 @@ ExclusiveArch: %{ix86} x86_64 aarch64 # Patches #Patch0: .patch -# For RHEL-99781 - Cloud-init receives TERM signal from PID 1 in the middle of running user data [rhel-10] -Patch1: ovt-Handle-new-cloud-init-error-code-and-status.patch -# For RHEL-117382 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-10.2] -Patch2: ovt-Address-CVE-2025-41244.patch +# For RHEL-117383 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-10.1] +Patch1: ovt-Address-CVE-2025-41244.patch # Fix build when compiling with -std=c23 (GCC 15) #Patch1: https://github.com/vmware/open-vm-tools/pull/751.patch @@ -632,18 +626,10 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog -* Tue Oct 21 2025 EL Errata - 13.0.0-1.0.1 -- Fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] -- Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] -- Increase timeout for scsi devices on VMWare guests by adding a udev rule. [Orabug: 21819156] - -* Mon Oct 06 2025 Miroslav Rezanina - 13.0.0-1.1 -- ovt-Handle-new-cloud-init-error-code-and-status.patch [RHEL-99781] -- ovt-Address-CVE-2025-41244.patch [RHEL-117382] -- Resolves: RHEL-99781 - (Cloud-init receives TERM signal from PID 1 in the middle of running user data [rhel-10]) -- Resolves: RHEL-117382 - ([CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-10.2]) +* Fri Oct 03 2025 Miroslav Rezanina - 13.0.0-1.el10_1.1 +- ovt-Address-CVE-2025-41244.patch [RHEL-117383] +- Resolves: RHEL-117383 + ([CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-10.1]) * Thu Jul 24 2025 Bo Yang - 13.0.0-1 - Rebase to 13.0.0 [RHEL-99156] diff --git a/ovt-Address-CVE-2025-41244.patch b/ovt-Address-CVE-2025-41244.patch index c0b6c77..8198aab 100644 --- a/ovt-Address-CVE-2025-41244.patch +++ b/ovt-Address-CVE-2025-41244.patch @@ -1,17 +1,16 @@ -From f5f0a81af7f6b2681818a4b679e701c6624f148e Mon Sep 17 00:00:00 2001 +From b70be389f607d0b1928363f8bc964df697fc7ccd Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov -Date: Wed, 1 Oct 2025 10:00:09 +0200 -Subject: [PATCH 2/2] Address CVE-2025-41244 +Date: Wed, 1 Oct 2025 10:56:52 +0200 +Subject: [PATCH] Address CVE-2025-41244 RH-Author: Vitaly Kuznetsov -RH-MergeRequest: 13: Address CVE-2025-41244 -RH-Jira: RHEL-117382 +RH-MergeRequest: 57: Address CVE-2025-41244 +RH-Jira: RHEL-117383 RH-Acked-by: roverflow RH-Acked-by: Maxim Levitsky -RH-Acked-by: Ani Sinha -RH-Commit: [1/1] 24479069095a468673d67a3f332fc69337abf400 (vkuznets/open-vm-tools) +RH-Commit: [1/1] c7db20207e2f45a7fabcc3d634b6e32197215526 -JIRA: https://issues.redhat.com/browse/RHEL-117382 +JIRA: https://issues.redhat.com/browse/RHEL-117383 CVE: CVE-2025-41244 commit 3ab0685c1cf7981c84898d546a73d6db6dcd3823 diff --git a/ovt-Handle-new-cloud-init-error-code-and-status.patch b/ovt-Handle-new-cloud-init-error-code-and-status.patch deleted file mode 100644 index 5473c0b..0000000 --- a/ovt-Handle-new-cloud-init-error-code-and-status.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 6c4130754b183c929b5092bab516c6391974ddcb Mon Sep 17 00:00:00 2001 -From: Pengpeng Sun -Date: Wed, 27 Aug 2025 14:19:58 +0800 -Subject: [PATCH 1/2] Handle new cloud-init error code and status - -RH-Author: Ani Sinha -RH-MergeRequest: 12: Handle new cloud-init error code and status -RH-Jira: RHEL-99781 -RH-Acked-by: xiachen -RH-Acked-by: Miroslav Rezanina -RH-Commit: [1/1] 40a705507363b9e508fcc50250d51c8eca7e81a3 (anisinha/centos-open-vm-tools) - - - A new error code [1] was introduced in cloud-init v23.4, RedHat team reported -that our OVT code shall handle this new error code properly, see -https://github.com/vmware/open-vm-tools/issues/768. -This change follows the backwards-compatible way in -https://cloudinit.readthedocs.io/en/latest/explanation/return_codes.html -to check that the return code is not equal to 1. - - - Running status has been changed from "not run" to "not started" in -cloud-init v24.1, see details in -https://github.com/canonical/cloud-init/commit/d175170aedc1398b85ac767573b8773a5a2e7c6f. -This change adds "not started" match to CLOUDINIT_STATUS_NOT_RUN. - -This patch was sent by John Wolfe over email and has been pushed upstream here: -https://github.com/vmware/open-vm-tools/blob/Handle-new-cloud-init-error-code.patch/ - -Addresses open-vm-tools issue https://github.com/vmware/open-vm-tools/issues/768 - -This change has been tested internally by Amy Chen and is seen to fix the -original issue. - -1. https://cloudinit.readthedocs.io/en/latest/explanation/failure_states.html#error-codes - -Signed-off-by: Ani Sinha ---- - open-vm-tools/libDeployPkg/linuxDeployment.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/open-vm-tools/libDeployPkg/linuxDeployment.c b/open-vm-tools/libDeployPkg/linuxDeployment.c -index 44cac8ef..82e83957 100644 ---- a/open-vm-tools/libDeployPkg/linuxDeployment.c -+++ b/open-vm-tools/libDeployPkg/linuxDeployment.c -@@ -1313,6 +1313,7 @@ static CLOUDINIT_STATUS_CODE - GetCloudinitStatus() { - // Cloud-init execution status messages - static const char* NOT_RUN = "not run"; -+ static const char* NOT_STARTED = "not started"; - static const char* RUNNING = "running"; - static const char* DONE = "done"; - static const char* ERROR = "error"; -@@ -1326,13 +1327,16 @@ GetCloudinitStatus() { - false, - cloudinitStatusCmdOutput, - MAX_LENGTH_CLOUDINIT_STATUS); -- if (forkExecResult != 0) { -- sLog(log_info, "Unable to get cloud-init status."); -- return CLOUDINIT_STATUS_UNKNOWN; -+ if (forkExecResult == 1) { -+ sLog(log_info, "Cloud-init experienced unrecoverable error."); -+ return CLOUDINIT_STATUS_ERROR; - } else { - if (strstr(cloudinitStatusCmdOutput, NOT_RUN) != NULL) { - sLog(log_info, "Cloud-init status is '%s'.", NOT_RUN); - return CLOUDINIT_STATUS_NOT_RUN; -+ } else if (strstr(cloudinitStatusCmdOutput, NOT_STARTED) != NULL) { -+ sLog(log_info, "Cloud-init status is '%s'.", NOT_STARTED); -+ return CLOUDINIT_STATUS_NOT_RUN; - } else if (strstr(cloudinitStatusCmdOutput, RUNNING) != NULL) { - sLog(log_info, "Cloud-init status is '%s'.", RUNNING); - return CLOUDINIT_STATUS_RUNNING; --- -2.47.3 -