From e233899b301d87137533fd5bf76748d3fa799500 Mon Sep 17 00:00:00 2001 From: boyang Date: Fri, 7 Nov 2025 11:56:49 +0800 Subject: [PATCH] * Mon Nov 03 2025 Bo Yang - 13.0.5-1 - Rebase to 13.0.5 [RHEL-118504] - Resolves: RHEL-118504 ([ESXi][RHEL10] open-vm-tools version 13.0.5 has been released - please rebase) --- .gitignore | 1 + open-vm-tools.spec | 15 ++-- ovt-Address-CVE-2025-41244.patch | 136 ------------------------------- sources | 2 +- 4 files changed, 10 insertions(+), 144 deletions(-) delete mode 100644 ovt-Address-CVE-2025-41244.patch diff --git a/.gitignore b/.gitignore index e071273..d32c24d 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,4 @@ /open-vm-tools-12.4.5-23787635.tar.gz /open-vm-tools-12.5.0-24276846.tar.gz /open-vm-tools-13.0.0-24696409.tar.gz +/open-vm-tools-13.0.5-24915695.tar.gz diff --git a/open-vm-tools.spec b/open-vm-tools.spec index 265c275..7ba5a75 100644 --- a/open-vm-tools.spec +++ b/open-vm-tools.spec @@ -19,8 +19,8 @@ ################################################################################ %global majorversion 13.0 -%global minorversion 0 -%global toolsbuild 24696409 +%global minorversion 5 +%global toolsbuild 24915695 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -31,7 +31,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 2%{?dist} +Release: 1%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware %if 0%{?bundle_gtkmm3} # atkmm: LGPL-2.1-or-later @@ -80,10 +80,6 @@ ExclusiveArch: %{ix86} x86_64 aarch64 #Patch0: .patch # For RHEL-99781 - Cloud-init receives TERM signal from PID 1 in the middle of running user data [rhel-10] Patch1: ovt-Handle-new-cloud-init-error-code-and-status.patch -# For RHEL-117382 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-10.2] -Patch2: ovt-Address-CVE-2025-41244.patch -# Fix build when compiling with -std=c23 (GCC 15) -#Patch1: https://github.com/vmware/open-vm-tools/pull/751.patch BuildRequires: autoconf BuildRequires: automake @@ -628,6 +624,11 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog +* Mon Nov 03 2025 Bo Yang - 13.0.5-1 +- Rebase to 13.0.5 [RHEL-118504] +- Resolves: RHEL-118504 + ([ESXi][RHEL10] open-vm-tools version 13.0.5 has been released - please rebase) + * Mon Oct 06 2025 Miroslav Rezanina - 13.0.0-2 - ovt-Handle-new-cloud-init-error-code-and-status.patch [RHEL-99781] - ovt-Address-CVE-2025-41244.patch [RHEL-117382] diff --git a/ovt-Address-CVE-2025-41244.patch b/ovt-Address-CVE-2025-41244.patch deleted file mode 100644 index c0b6c77..0000000 --- a/ovt-Address-CVE-2025-41244.patch +++ /dev/null @@ -1,136 +0,0 @@ -From f5f0a81af7f6b2681818a4b679e701c6624f148e Mon Sep 17 00:00:00 2001 -From: Vitaly Kuznetsov -Date: Wed, 1 Oct 2025 10:00:09 +0200 -Subject: [PATCH 2/2] Address CVE-2025-41244 - -RH-Author: Vitaly Kuznetsov -RH-MergeRequest: 13: Address CVE-2025-41244 -RH-Jira: RHEL-117382 -RH-Acked-by: roverflow -RH-Acked-by: Maxim Levitsky -RH-Acked-by: Ani Sinha -RH-Commit: [1/1] 24479069095a468673d67a3f332fc69337abf400 (vkuznets/open-vm-tools) - -JIRA: https://issues.redhat.com/browse/RHEL-117382 -CVE: CVE-2025-41244 - -commit 3ab0685c1cf7981c84898d546a73d6db6dcd3823 -Author: Kruti Pendharkar -Date: Mon Sep 29 23:03:43 2025 -0700 - - Address CVE-2025-41244 - - Disable (default) the execution of the SDMP get-versions.sh script. - - With the Linux SDMP get-versions.sh script disabled, version information - of installed services will not be made available to VMware Aria - -Signed-off-by: Vitaly Kuznetsov ---- - .../serviceDiscovery/serviceDiscovery.c | 36 ++++++++++++++++--- - 1 file changed, 31 insertions(+), 5 deletions(-) - -diff --git a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c -index 0da598f1..5e9772e9 100644 ---- a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c -+++ b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c -@@ -1,5 +1,5 @@ - /********************************************************* -- * Copyright (c) 2020-2024 Broadcom. All Rights Reserved. -+ * Copyright (c) 2020-2025 Broadcom. All Rights Reserved. - * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - * - * This program is free software; you can redistribute it and/or modify it -@@ -122,6 +122,12 @@ static gchar* scriptInstallDir = NULL; - #define CONFNAME_SERVICEDISCOVERY_CACHEDATA "cache-data" - #define SERVICE_DISCOVERY_CONF_DEFAULT_CACHEDATA TRUE - -+/* -+ * Defines the configuration to enable/disable version obtaining logic -+ */ -+#define CONFNAME_SERVICEDISCOVERY_VERSION_CHECK "version-check-enabled" -+#define SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK FALSE -+ - /* - * Define the configuration to require at least one subscriber subscribed for - * the gdp message. -@@ -1265,23 +1271,27 @@ ServiceDiscoveryServerShutdown(gpointer src, - * - * Construct final paths of the scripts that will be used for execution. - * -+ * @param[in] versionCheckEnabled TRUE to include the SERVICE_DISCOVERY_KEY_VERSIONS -+ * entry; FALSE to skip it (derived from config). -+ * - ***************************************************************************** - */ - - static void --ConstructScriptPaths(void) -+ConstructScriptPaths(Bool versionCheckEnabled) - { - int i; - #if !defined(OPEN_VM_TOOLS) - gchar *toolsInstallDir; - #endif -+ int insertIndex = 0; - - if (gFullPaths != NULL) { - return; - } - - gFullPaths = g_array_sized_new(FALSE, TRUE, sizeof(KeyNameValue), -- ARRAYSIZE(gKeyScripts)); -+ ARRAYSIZE(gKeyScripts) - (versionCheckEnabled ? 0u : 1u)); - if (scriptInstallDir == NULL) { - #if defined(OPEN_VM_TOOLS) - scriptInstallDir = Util_SafeStrdup(VMTOOLS_SERVICE_DISCOVERY_SCRIPTS); -@@ -1293,6 +1303,15 @@ ConstructScriptPaths(void) - #endif - } - for (i = 0; i < ARRAYSIZE(gKeyScripts); ++i) { -+ /* -+ * Skip adding if: -+ * 1. Version check is disabled, AND -+ * 2. The keyName matches SERVICE_DISCOVERY_KEY_VERSIONS -+ */ -+ if (!versionCheckEnabled && -+ g_strcmp0(gKeyScripts[i].keyName, SERVICE_DISCOVERY_KEY_VERSIONS) == 0) { -+ continue; -+ } - KeyNameValue tmp; - tmp.keyName = g_strdup_printf("%s", gKeyScripts[i].keyName); - #if defined(_WIN32) -@@ -1300,7 +1319,8 @@ ConstructScriptPaths(void) - #else - tmp.val = g_strdup_printf("%s%s%s", scriptInstallDir, DIRSEPS, gKeyScripts[i].val); - #endif -- g_array_insert_val(gFullPaths, i, tmp); -+ g_array_insert_val(gFullPaths, insertIndex, tmp); -+ insertIndex++; - } - } - -@@ -1366,14 +1386,20 @@ ToolsOnLoad(ToolsAppCtx *ctx) - } - }; - gboolean disabled; -+ Bool versionCheckEnabled; - - regData.regs = VMTools_WrapArray(regs, - sizeof *regs, - ARRAYSIZE(regs)); -+ versionCheckEnabled = VMTools_ConfigGetBoolean( -+ ctx->config, -+ CONFGROUPNAME_SERVICEDISCOVERY, -+ CONFNAME_SERVICEDISCOVERY_VERSION_CHECK, -+ SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK); - /* - * Append scripts execution command line - */ -- ConstructScriptPaths(); -+ ConstructScriptPaths(versionCheckEnabled); - - disabled = - VMTools_ConfigGetBoolean(ctx->config, --- -2.47.3 - diff --git a/sources b/sources index 8be0329..787fc1c 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (open-vm-tools-13.0.0-24696409.tar.gz) = eacb304f3c00d901ea2afffb09bb26be25b6b10df1de4f1818e7ce07a8c05b5e243c8fbe00a5fbf2680ad5b42727315f5c3fb9af818658ffc2b9425d3f34c37e +SHA512 (open-vm-tools-13.0.5-24915695.tar.gz) = e8a0c823e8430e3df0873f8031704536e73bec21d4cd37c37a37053fe2a5116ae1d2fdfa05eae95910c22238c967acc96f6603e1dd8289f2ca926507040c757a SHA512 (atkmm-2.28.4-2.el10.src.rpm) = 55953c3221c228433e720b28517c1d23faba1091eb5d81be6522c096b7cf42828eaefe1c330aa2ca0b058188cf4ddd8549463d5817949a5a31efead72097d04e SHA512 (cairomm-1.14.5-5.el10.src.rpm) = 2d036e83c63dd29a1933542de2274d74b4e63100d90dfd559eabdd00333ac4dd1ca25d810f5180c1c1afd71cd985376e7700beaff4f385132200c75633bfc980 SHA512 (glibmm2.4-2.66.6-5.el10.src.rpm) = 78cd5d54f1ef9faf2be75f22550b5ec60b55f6c4345df91db95889762f606a0649905077934527b98ba325212bb460a19deadef9eea15bb0c50915e560621d4c