Package new upstream version of open-vm-tools-12.3.0-22234872.

Fix for CVE-2023-20900 - a SAML token signature bypass vulnerability.
  Fix for CVE-2023-20867 - an Authentication Bypass vulnerability.
  Linux quiesced snapshots have been updated to avoid intermittent hangs
    of the vmtoolsd process.
    File systems prefrozen by custom quiescing scripts must be listed on the
      "excludedFileSystems" setting in the "vmbackup" section of the tools.conf
      file.
    A tools.conf configuration setting is available to temporaily direct
      Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
      of ignoring file systems already frozen.
  A number of Coverity reported issues have been addressed.
  A number of GitHub issues and pull requests have been handled.
This commit is contained in:
John Wolfe 2023-09-09 18:21:07 -04:00
parent a743e01c5f
commit 9f988ddef0
3 changed files with 21 additions and 5 deletions

1
.gitignore vendored
View File

@ -26,3 +26,4 @@
/open-vm-tools-12.0.5-19716617.tar.gz
/open-vm-tools-12.1.0-20219665.tar.gz
/open-vm-tools-12.1.5-20735119.tar.gz
/open-vm-tools-12.3.0-22234872.tar.gz

View File

@ -19,9 +19,9 @@
################################################################################
%global _hardened_build 1
%global majorversion 12.1
%global minorversion 5
%global toolsbuild 20735119
%global majorversion 12.3
%global minorversion 0
%global toolsbuild 22234872
%global toolsversion %{majorversion}.%{minorversion}
%global toolsdaemon vmtoolsd
%global vgauthdaemon vgauthd
@ -32,7 +32,7 @@
Name: open-vm-tools
Version: %{toolsversion}
Release: 4%{?dist}
Release: 1%{?dist}
Summary: Open Virtual Machine Tools for virtual machines hosted on VMware
License: GPL-2.0 AND W3C AND LGPL-2.1 AND ICU AND ISC AND MIT
URL: https://github.com/vmware/%{name}
@ -420,6 +420,21 @@ fi
%{_bindir}/vmware-vgauth-smoketest
%changelog
* Sat Sep 9 2023 John Wolfe <jwolfe@vmware.com> - 12.3.0-1
- Package new upstream version of open-vm-tools-12.3.0-22234872.
- Fix for CVE-2023-20900 - a SAML token signature bypass vulnerability.
- Fix for CVE-2023-20867 - an Authentication Bypass vulnerability.
- Linux quiesced snapshots have been updated to avoid intermittent hangs
of the vmtoolsd process.
- File systems prefrozen by custom quiescing scripts must be listed on the
"excludedFileSystems" setting in the "vmbackup" section of the tools.conf
file.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 12.1.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

View File

@ -1 +1 @@
SHA512 (open-vm-tools-12.1.5-20735119.tar.gz) = d85fec73a58cb1c9b2956aff886825b9d47d00dc6d0d8a3d2ecdfac3fa982c27463b9cc2f42bf3dd18fe542b30f751850e8051e270c547e897f06a4e1c12d639
SHA512 (open-vm-tools-12.3.0-22234872.tar.gz) = 942be3c225d5724e236959dc0d422358b99d2844ed8f1c2d2ca06ea5959c12b1a5ac4fa47ee48c27d1c1291f6d783d1cf87303bf64b8117fd96f226ae4d632e5