rpms/open-vm-tools
7
0
Fork 1
Code Issues Pull Requests Releases Activity

* Mon Nov 03 2025 Bo Yang <boyang@redhat.com> - 13.0.5-1

Browse Source 
- Rebase to 13.0.5 [RHEL-118504]
- Resolves: RHEL-118504
  ([ESXi][RHEL10] open-vm-tools version 13.0.5 has been released - please rebase)
This commit is contained in:
boyang 2025-11-07 11:56:49 +08:00
parent 81173af145
commit e233899b30
4 changed files with 10 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -40,3 +40,4 @@
/open-vm-tools-12.4.5-23787635.tar.gz
/open-vm-tools-12.5.0-24276846.tar.gz
/open-vm-tools-13.0.0-24696409.tar.gz
/open-vm-tools-13.0.5-24915695.tar.gz

15
open-vm-tools.spec
View File

@ -19,8 +19,8 @@
################################################################################
%global majorversion 13.0
%global minorversion 0
%global toolsbuild 24696409
%global minorversion 5
%global toolsbuild 24915695
%global toolsversion %{majorversion}.%{minorversion}
%global toolsdaemon vmtoolsd
%global vgauthdaemon vgauthd
@ -31,7 +31,7 @@
Name: open-vm-tools
Version: %{toolsversion}
Release: 2%{?dist}
Release: 1%{?dist}
Summary: Open Virtual Machine Tools for virtual machines hosted on VMware
%if 0%{?bundle_gtkmm3}
# atkmm: LGPL-2.1-or-later
@ -80,10 +80,6 @@ ExclusiveArch: %{ix86} x86_64 aarch64
#Patch0: <patch-name0>.patch
# For RHEL-99781 - Cloud-init receives TERM signal from PID 1 in the middle of running user data [rhel-10]
Patch1: ovt-Handle-new-cloud-init-error-code-and-status.patch
# For RHEL-117382 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-10.2]
Patch2: ovt-Address-CVE-2025-41244.patch
# Fix build when compiling with -std=c23 (GCC 15)
#Patch1: https://github.com/vmware/open-vm-tools/pull/751.patch
BuildRequires: autoconf
BuildRequires: automake
@ -628,6 +624,11 @@ fi
%{_bindir}/vmware-vgauth-smoketest
%changelog
* Mon Nov 03 2025 Bo Yang <boyang@redhat.com> - 13.0.5-1
- Rebase to 13.0.5 [RHEL-118504]
- Resolves: RHEL-118504
([ESXi][RHEL10] open-vm-tools version 13.0.5 has been released - please rebase)
* Mon Oct 06 2025 Miroslav Rezanina <mrezanin@redhat.com> - 13.0.0-2
- ovt-Handle-new-cloud-init-error-code-and-status.patch [RHEL-99781]
- ovt-Address-CVE-2025-41244.patch [RHEL-117382]

136
ovt-Address-CVE-2025-41244.patch
View File

@ -1,136 +0,0 @@
From f5f0a81af7f6b2681818a4b679e701c6624f148e Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Wed, 1 Oct 2025 10:00:09 +0200
Subject: [PATCH 2/2] Address CVE-2025-41244
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-MergeRequest: 13: Address CVE-2025-41244
RH-Jira: RHEL-117382
RH-Acked-by: roverflow <None>
RH-Acked-by: Maxim Levitsky <None>
RH-Acked-by: Ani Sinha <anisinha@redhat.com>
RH-Commit: [1/1] 24479069095a468673d67a3f332fc69337abf400 (vkuznets/open-vm-tools)
JIRA: https://issues.redhat.com/browse/RHEL-117382
CVE: CVE-2025-41244
commit 3ab0685c1cf7981c84898d546a73d6db6dcd3823
Author: Kruti Pendharkar <kp025370@broadcom.com>
Date: Mon Sep 29 23:03:43 2025 -0700
Address CVE-2025-41244
- Disable (default) the execution of the SDMP get-versions.sh script.
With the Linux SDMP get-versions.sh script disabled, version information
of installed services will not be made available to VMware Aria
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
.../serviceDiscovery/serviceDiscovery.c | 36 ++++++++++++++++---
1 file changed, 31 insertions(+), 5 deletions(-)
diff --git a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
index 0da598f1..5e9772e9 100644
--- a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
+++ b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
@@ -1,5 +1,5 @@
/*********************************************************
- * Copyright (c) 2020-2024 Broadcom. All Rights Reserved.
+ * Copyright (c) 2020-2025 Broadcom. All Rights Reserved.
* The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
*
* This program is free software; you can redistribute it and/or modify it
@@ -122,6 +122,12 @@ static gchar* scriptInstallDir = NULL;
#define CONFNAME_SERVICEDISCOVERY_CACHEDATA "cache-data"
#define SERVICE_DISCOVERY_CONF_DEFAULT_CACHEDATA TRUE
+/*
+ * Defines the configuration to enable/disable version obtaining logic
+ */
+#define CONFNAME_SERVICEDISCOVERY_VERSION_CHECK "version-check-enabled"
+#define SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK FALSE
+
/*
* Define the configuration to require at least one subscriber subscribed for
* the gdp message.
@@ -1265,23 +1271,27 @@ ServiceDiscoveryServerShutdown(gpointer src,
*
* Construct final paths of the scripts that will be used for execution.
*
+ * @param[in] versionCheckEnabled TRUE to include the SERVICE_DISCOVERY_KEY_VERSIONS
+ * entry; FALSE to skip it (derived from config).
+ *
*****************************************************************************
*/
static void
-ConstructScriptPaths(void)
+ConstructScriptPaths(Bool versionCheckEnabled)
{
int i;
#if !defined(OPEN_VM_TOOLS)
gchar *toolsInstallDir;
#endif
+ int insertIndex = 0;
if (gFullPaths != NULL) {
return;
}
gFullPaths = g_array_sized_new(FALSE, TRUE, sizeof(KeyNameValue),
- ARRAYSIZE(gKeyScripts));
+ ARRAYSIZE(gKeyScripts) - (versionCheckEnabled ? 0u : 1u));
if (scriptInstallDir == NULL) {
#if defined(OPEN_VM_TOOLS)
scriptInstallDir = Util_SafeStrdup(VMTOOLS_SERVICE_DISCOVERY_SCRIPTS);
@@ -1293,6 +1303,15 @@ ConstructScriptPaths(void)
#endif
}
for (i = 0; i < ARRAYSIZE(gKeyScripts); ++i) {
+ /*
+ * Skip adding if:
+ * 1. Version check is disabled, AND
+ * 2. The keyName matches SERVICE_DISCOVERY_KEY_VERSIONS
+ */
+ if (!versionCheckEnabled &&
+ g_strcmp0(gKeyScripts[i].keyName, SERVICE_DISCOVERY_KEY_VERSIONS) == 0) {
+ continue;
+ }
KeyNameValue tmp;
tmp.keyName = g_strdup_printf("%s", gKeyScripts[i].keyName);
#if defined(_WIN32)
@@ -1300,7 +1319,8 @@ ConstructScriptPaths(void)
#else
tmp.val = g_strdup_printf("%s%s%s", scriptInstallDir, DIRSEPS, gKeyScripts[i].val);
#endif
- g_array_insert_val(gFullPaths, i, tmp);
+ g_array_insert_val(gFullPaths, insertIndex, tmp);
+ insertIndex++;
}
}
@@ -1366,14 +1386,20 @@ ToolsOnLoad(ToolsAppCtx *ctx)
}
};
gboolean disabled;
+ Bool versionCheckEnabled;
regData.regs = VMTools_WrapArray(regs,
sizeof *regs,
ARRAYSIZE(regs));
+ versionCheckEnabled = VMTools_ConfigGetBoolean(
+ ctx->config,
+ CONFGROUPNAME_SERVICEDISCOVERY,
+ CONFNAME_SERVICEDISCOVERY_VERSION_CHECK,
+ SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK);
/*
* Append scripts execution command line
*/
- ConstructScriptPaths();
+ ConstructScriptPaths(versionCheckEnabled);
disabled =
VMTools_ConfigGetBoolean(ctx->config,
--
2.47.3

2
sources
View File

@ -1,4 +1,4 @@
SHA512 (open-vm-tools-13.0.0-24696409.tar.gz) = eacb304f3c00d901ea2afffb09bb26be25b6b10df1de4f1818e7ce07a8c05b5e243c8fbe00a5fbf2680ad5b42727315f5c3fb9af818658ffc2b9425d3f34c37e
SHA512 (open-vm-tools-13.0.5-24915695.tar.gz) = e8a0c823e8430e3df0873f8031704536e73bec21d4cd37c37a37053fe2a5116ae1d2fdfa05eae95910c22238c967acc96f6603e1dd8289f2ca926507040c757a
SHA512 (atkmm-2.28.4-2.el10.src.rpm) = 55953c3221c228433e720b28517c1d23faba1091eb5d81be6522c096b7cf42828eaefe1c330aa2ca0b058188cf4ddd8549463d5817949a5a31efead72097d04e
SHA512 (cairomm-1.14.5-5.el10.src.rpm) = 2d036e83c63dd29a1933542de2274d74b4e63100d90dfd559eabdd00333ac4dd1ca25d810f5180c1c1afd71cd985376e7700beaff4f385132200c75633bfc980
SHA512 (glibmm2.4-2.66.6-5.el10.src.rpm) = 78cd5d54f1ef9faf2be75f22550b5ec60b55f6c4345df91db95889762f606a0649905077934527b98ba325212bb460a19deadef9eea15bb0c50915e560621d4c