From 92ad8e5dbfd5c6fd1ea715e7f5863d3f002ed099 Mon Sep 17 00:00:00 2001
From: eabdullin <eabdullin@almalinux.org>
Date: Tue, 11 Nov 2025 13:35:27 +0300
Subject: [PATCH] Import CS

---
 .gitignore                               |  2 +-
 .open-vm-tools.metadata                  |  2 +-
 SOURCES/ovt-Address-CVE-2025-41244.patch | 39 ++++++++++++------------
 SPECS/open-vm-tools.spec                 | 21 ++++++++-----
 4 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/.gitignore b/.gitignore
index a15d477..f3058ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/open-vm-tools-12.5.0-24276846.tar.gz
+SOURCES/open-vm-tools-13.0.0-24696409.tar.gz
diff --git a/.open-vm-tools.metadata b/.open-vm-tools.metadata
index 0ee25d9..1ba3140 100644
--- a/.open-vm-tools.metadata
+++ b/.open-vm-tools.metadata
@@ -1 +1 @@
-3bcbcf751b273cb9b3984484ad70b14a2efddb6f SOURCES/open-vm-tools-12.5.0-24276846.tar.gz
+fdef371bd0797e484eb421b760940d7b19d58291 SOURCES/open-vm-tools-13.0.0-24696409.tar.gz
diff --git a/SOURCES/ovt-Address-CVE-2025-41244.patch b/SOURCES/ovt-Address-CVE-2025-41244.patch
index 5c6e696..359011c 100644
--- a/SOURCES/ovt-Address-CVE-2025-41244.patch
+++ b/SOURCES/ovt-Address-CVE-2025-41244.patch
@@ -1,22 +1,22 @@
-From 9b630e7b77cb9c7b2bbd9dc69c98c4f9f9afbe12 Mon Sep 17 00:00:00 2001
+From 15ab6365a98ed2c8615e2637c49858283d371ee5 Mon Sep 17 00:00:00 2001
 From: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Wed, 1 Oct 2025 13:33:46 +0200
+Date: Wed, 1 Oct 2025 10:05:39 +0200
 Subject: [PATCH] Address CVE-2025-41244
 
 RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-MergeRequest: 59: Address CVE-2025-41244
-RH-Jira: RHEL-117390
+RH-MergeRequest: 14: Address CVE-2025-41244
+RH-Jira: RHEL-117392
 RH-Acked-by: roverflow <None>
 RH-Acked-by: Maxim Levitsky <None>
 RH-Acked-by: Ani Sinha <anisinha@redhat.com>
-RH-Commit: [1/1] 0379935def0c0159e1a72a10309052bcb75d2cdd
+RH-Commit: [1/1] 3016e4f66aea79f5153ba837741f674994987ff6 (vkuznets/open-vm-tools)
 
-JIRA: https://issues.redhat.com/browse/RHEL-117390
+JIRA: https://issues.redhat.com/browse/RHEL-117392
 CVE: CVE-2025-41244
 
-commit 7ed196cf01f8acd09011815a605b6733894b8aab
+commit 3ab0685c1cf7981c84898d546a73d6db6dcd3823
 Author: Kruti Pendharkar <kp025370@broadcom.com>
-Date:   Mon Sep 29 01:02:40 2025 -0700
+Date:   Mon Sep 29 23:03:43 2025 -0700
 
     Address CVE-2025-41244
      - Disable (default) the execution of the SDMP get-versions.sh script.
@@ -26,22 +26,21 @@ Date:   Mon Sep 29 01:02:40 2025 -0700
 
 Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
 ---
- .../serviceDiscovery/serviceDiscovery.c       | 37 ++++++++++++++++---
- 1 file changed, 32 insertions(+), 5 deletions(-)
+ .../serviceDiscovery/serviceDiscovery.c       | 36 ++++++++++++++++---
+ 1 file changed, 31 insertions(+), 5 deletions(-)
 
 diff --git a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-index e35f1c00..bf4edd5c 100644
+index 0da598f1..5e9772e9 100644
 --- a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
 +++ b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-@@ -1,5 +1,6 @@
+@@ -1,5 +1,5 @@
  /*********************************************************
-- * Copyright (c) 2020-2021,2023 VMware, Inc. All rights reserved.
+- * Copyright (c) 2020-2024 Broadcom. All Rights Reserved.
 + * Copyright (c) 2020-2025 Broadcom. All Rights Reserved.
-+ * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+  * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
   *
   * This program is free software; you can redistribute it and/or modify it
-  * under the terms of the GNU Lesser General Public License as published
-@@ -121,6 +122,12 @@ static gchar* scriptInstallDir = NULL;
+@@ -122,6 +122,12 @@ static gchar* scriptInstallDir = NULL;
  #define CONFNAME_SERVICEDISCOVERY_CACHEDATA "cache-data"
  #define SERVICE_DISCOVERY_CONF_DEFAULT_CACHEDATA TRUE
  
@@ -54,7 +53,7 @@ index e35f1c00..bf4edd5c 100644
  /*
   * Define the configuration to require at least one subscriber subscribed for
   * the gdp message.
-@@ -1260,23 +1267,27 @@ ServiceDiscoveryServerShutdown(gpointer src,
+@@ -1265,23 +1271,27 @@ ServiceDiscoveryServerShutdown(gpointer src,
   *
   * Construct final paths of the scripts that will be used for execution.
   *
@@ -84,7 +83,7 @@ index e35f1c00..bf4edd5c 100644
     if (scriptInstallDir == NULL) {
  #if defined(OPEN_VM_TOOLS)
        scriptInstallDir = Util_SafeStrdup(VMTOOLS_SERVICE_DISCOVERY_SCRIPTS);
-@@ -1288,6 +1299,15 @@ ConstructScriptPaths(void)
+@@ -1293,6 +1303,15 @@ ConstructScriptPaths(void)
  #endif
     }
     for (i = 0; i < ARRAYSIZE(gKeyScripts); ++i) {
@@ -100,7 +99,7 @@ index e35f1c00..bf4edd5c 100644
        KeyNameValue tmp;
        tmp.keyName = g_strdup_printf("%s", gKeyScripts[i].keyName);
  #if defined(_WIN32)
-@@ -1295,7 +1315,8 @@ ConstructScriptPaths(void)
+@@ -1300,7 +1319,8 @@ ConstructScriptPaths(void)
  #else
        tmp.val = g_strdup_printf("%s%s%s", scriptInstallDir, DIRSEPS, gKeyScripts[i].val);
  #endif
@@ -110,7 +109,7 @@ index e35f1c00..bf4edd5c 100644
     }
  }
  
-@@ -1361,14 +1382,20 @@ ToolsOnLoad(ToolsAppCtx *ctx)
+@@ -1366,14 +1386,20 @@ ToolsOnLoad(ToolsAppCtx *ctx)
           }
        };
        gboolean disabled;
diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec
index 1ab3a17..11f5aec 100644
--- a/SPECS/open-vm-tools.spec
+++ b/SPECS/open-vm-tools.spec
@@ -18,9 +18,9 @@
 ### Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 ################################################################################
 
-%global majorversion    12.5
+%global majorversion    13.0
 %global minorversion    0
-%global toolsbuild      24276846
+%global toolsbuild      24696409
 %global toolsversion    %{majorversion}.%{minorversion}
 %global toolsdaemon     vmtoolsd
 %global vgauthdaemon    vgauthd
@@ -31,7 +31,7 @@
 
 Name:             open-vm-tools
 Version:          %{toolsversion}
-Release:          1%{?dist}.2
+Release:          2%{?dist}
 Summary:          Open Virtual Machine Tools for virtual machines hosted on VMware
 License:          GPLv2
 URL:              https://github.com/vmware/%{name}
@@ -51,7 +51,7 @@ ExclusiveArch:    %{ix86} x86_64 aarch64
 
 # Patches
 #Patch0:           <patch-name0>.patch
-# For RHEL-117390 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-9.6.z]
+# For RHEL-117392 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-9.8]
 Patch1: ovt-Address-CVE-2025-41244.patch
 
 BuildRequires:    autoconf
@@ -422,11 +422,16 @@ fi
 %{_bindir}/vmware-vgauth-smoketest
 
 %changelog
-* Mon Oct 06 2025 Miroslav Rezanina <mrezanin@redhat.com> - 12.5.0-1.el9_6.2
-- ovt-Address-CVE-2025-41244.patch [RHEL-117390]
-- Resolves: RHEL-117390
-  ([CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-9.6.z])
+* Mon Oct 06 2025 Miroslav Rezanina <mrezanin@redhat.com> - 13.0.0-2
+- ovt-Address-CVE-2025-41244.patch [RHEL-117392]
+- Resolves: RHEL-117392
+  ([CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-9.8])
 
+* Fri Jul 25 2025 Lili Du <ldu@redhat.com> - 13.0.0-1
+- Rebase to 13.0.0 [RHEL-99158]
+- Resolves: RHEL-99158 
+  ([ESXi][RHEL9] open-vm-tools version 13.0.0 has been released - please rebase)
+  
 * Tue Dec 03 2024 Miroslav Rezanina <mrezanin@redhat.com> - 12.5.0-1
 - Rebase to 12.5.0 [RHEL-63096]
 - Resolves: RHEL-63096