diff --git a/.gitignore b/.gitignore index 2b8e988..a51e0f9 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/open-vm-tools-12.2.5-21855600.tar.gz +SOURCES/open-vm-tools-12.3.5-22544099.tar.gz diff --git a/.open-vm-tools.metadata b/.open-vm-tools.metadata index eab5035..55c896c 100644 --- a/.open-vm-tools.metadata +++ b/.open-vm-tools.metadata @@ -1 +1 @@ -6bc6e77418cc4a039063a7ca40859535b9bbb339 SOURCES/open-vm-tools-12.2.5-21855600.tar.gz +84ec127c620c46f6cddb5e38ce556a31244a967d SOURCES/open-vm-tools-12.3.5-22544099.tar.gz diff --git a/SOURCES/vmtoolsd.service b/SOURCES/vmtoolsd.service index 1cb6e00..7454f90 100644 --- a/SOURCES/vmtoolsd.service +++ b/SOURCES/vmtoolsd.service @@ -4,10 +4,13 @@ Documentation=https://github.com/vmware/open-vm-tools ConditionVirtualization=vmware Requires=vgauthd.service After=vgauthd.service +StartLimitIntervalSec=30 +StartLimitBurst=3 [Service] ExecStart=/usr/bin/vmtoolsd TimeoutStopSec=5 +Restart=on-failure [Install] WantedBy=multi-user.target diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec index c86d8dc..24d7126 100644 --- a/SPECS/open-vm-tools.spec +++ b/SPECS/open-vm-tools.spec @@ -18,10 +18,9 @@ ### Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ################################################################################ -%global _hardened_build 1 -%global majorversion 12.2 +%global majorversion 12.3 %global minorversion 5 -%global toolsbuild 21855600 +%global toolsbuild 22544099 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -32,7 +31,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware License: GPLv2 URL: https://github.com/vmware/%{name} @@ -44,14 +43,14 @@ Source3: run-vmblock\x2dfuse.mount Source4: open-vm-tools.conf Source5: vmtoolsd.pam - %if 0%{?rhel} >= 7 ExclusiveArch: x86_64 aarch64 %else ExclusiveArch: %{ix86} x86_64 aarch64 %endif -#Patch0: name.patch +# Patches +#Patch0: .patch BuildRequires: autoconf BuildRequires: automake @@ -60,7 +59,12 @@ BuildRequires: make BuildRequires: gcc-c++ BuildRequires: doxygen # Fuse is optional and enables vmblock-fuse +# Switching Fedora to use fuse3. Red Hat to switch on their own schedule. +%if 0%{?fedora} || 0%{?rhel} > 8 +BuildRequires: fuse3-devel +%else BuildRequires: fuse-devel +%endif BuildRequires: glib2-devel >= 2.14.0 BuildRequires: libicu-devel BuildRequires: libmspack-devel @@ -87,7 +91,7 @@ BuildRequires: gtk3-devel >= 3.10.0 BuildRequires: gtkmm30-devel >= 3.10.0 BuildRequires: libtirpc-devel BuildRequires: rpcgen -BuildRequires: systemd-rpm-macros +BuildRequires: systemd-udev %else BuildRequires: gtk2-devel >= 2.4.0 BuildRequires: gtkmm24-devel @@ -95,7 +99,11 @@ BuildRequires: systemd %endif Requires: coreutils +%if 0%{?fedora} || 0%{?rhel} > 8 +Requires: fuse3 +%else Requires: fuse +%endif Requires: iproute Requires: grep Requires: pciutils @@ -408,7 +416,34 @@ fi %files test %{_bindir}/vmware-vgauth-smoketest + %changelog +* Mon Dec 04 2023 Miroslav Rezanina - 12.3.5-2 +- ovt-Restart-tools-on-failure.patch [RHEL-15346] +- Resolves: RHEL-15346 + (Add Restart=on-failure to vmtoolsd.service) + +* Thu Nov 09 2023 Miroslav Rezanina - 12.3.5-1 +- Rebase to 12.3.5-1 [RHEL-15058] +- Fixed CVE-2023-34058 [RHEL-14653] +- Fixed CVE-2023-34059 [RHEL-14687] +- Resolves: RHEL-15058 + ([ESXi][RHEL9]open-vm-tools version 12.3.5 has been released - please rebase) +- Resolves: RHEL-14653 + (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-9.4.0]) +- Resolves: RHEL-14687 + (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-9.4.0]) + +* Fri Sep 22 2023 Miroslav Rezanina - 12.2.5-3 +- ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-2446] +- Resolves: RHEL-2446 + ([RHEL9.3][ESXi]Latest version of open-vm-tools breaks VM backups) + +* Fri Sep 08 2023 Miroslav Rezanina - 12.2.5-2 +- ovt-VGAuth-Allow-only-X509-certs-to-verify-the-SAML-toke.patch [bz#2236544] +- Resolves: bz#2236544 + (CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-9]) + * Mon Jul 10 2023 Miroslav Rezanina - 12.2.5-1 - Rebaer to open-vm-tools 12.2.5 - Resolves: bz#2214862