diff --git a/.gitignore b/.gitignore index 37bb939..7e4186b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/open-vm-tools-11.3.5-18557794.tar.gz +SOURCES/open-vm-tools-12.0.5-19716617.tar.gz diff --git a/.open-vm-tools.metadata b/.open-vm-tools.metadata index e208044..1a5a185 100644 --- a/.open-vm-tools.metadata +++ b/.open-vm-tools.metadata @@ -1 +1 @@ -f6990193579d96a04bfec6f09e93e0164deef71e SOURCES/open-vm-tools-11.3.5-18557794.tar.gz +dcdc35708fae2e3e3192fec7e6a93c7b5c0e3c4c SOURCES/open-vm-tools-12.0.5-19716617.tar.gz diff --git a/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch b/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch index 450beb9..fa1d479 100644 --- a/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch +++ b/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch @@ -1,14 +1,15 @@ -From 033aaf84f7d4802120aa63d3de7f126e2a790a0d Mon Sep 17 00:00:00 2001 +From 36bbeb1a40aeefc803e63e4ba4b2a4fd011e6d19 Mon Sep 17 00:00:00 2001 From: Cathy Avery Date: Mon, 29 Aug 2022 12:50:45 -0400 Subject: [PATCH] Properly check authorization on incoming guestOps requests. RH-Author: Cathy Avery -RH-MergeRequest: 13: Properly check authorization on incoming guestOps requests. -RH-Bugzilla: 2119285 +RH-MergeRequest: 8: Properly check authorization on incoming guestOps requests. +RH-Bugzilla: 2119286 RH-Acked-by: Mohamed Gamal Morsy RH-Acked-by: Miroslav Rezanina -RH-Commit: [1/1] 7c92651ede82ff9431eaaf7a24889d50ad77e7e3 +RH-Acked-by: Vitaly Kuznetsov +RH-Commit: [1/1] 6a5114b10648885d5b7e9423f87ca41ecf041b7e Tested: Tested by QE Upstream Status: origin/master diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec index 8105099..8a8d19e 100644 --- a/SPECS/open-vm-tools.spec +++ b/SPECS/open-vm-tools.spec @@ -19,9 +19,9 @@ ################################################################################ %global _hardened_build 1 -%global majorversion 11.3 +%global majorversion 12.0 %global minorversion 5 -%global toolsbuild 18557794 +%global toolsbuild 19716617 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -32,7 +32,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 1%{?dist}.1 +Release: 2%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware License: GPLv2 URL: https://github.com/vmware/%{name} @@ -51,7 +51,7 @@ ExclusiveArch: x86_64 aarch64 ExclusiveArch: %{ix86} x86_64 aarch64 %endif -# For bz#2119285 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.0.0.z] +# For bz#2119286 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.1.0] Patch1: ovt-Properly-check-authorization-on-incoming-guestOps-re.patch # Source-git patches @@ -146,6 +146,15 @@ This package contains only the user-space programs and utility scripts of %{name} that are essential for performing service discovery in VMware virtual machines by vRealize Operations Service Discovery Management Pack. +%package salt-minion +Summary: Script file to install/uninstall salt-minion +Group: System Environment/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release}, systemd, curl, coreutils, gawk, grep +ExclusiveArch: x86_64 + +%description salt-minion +This package contains a script to setup Salt Minion on VMware virtual machines. + %package devel Summary: Development libraries for Open Virtual Machine Tools Requires: %{name}%{?_isa} = %{version}-%{release} @@ -175,6 +184,9 @@ autoreconf -vif --enable-xmlsec1 \ --enable-resolutionkms \ --enable-servicediscovery \ +%ifarch x86_64 + --enable-salt-minion \ +%endif %if 0%{?fedora} || 0%{?rhel} >= 8 --with-tirpc \ --without-gtk2 \ @@ -349,6 +361,7 @@ fi %{_libdir}/%{name}/plugins/common/*.so %dir %{_libdir}/%{name}/plugins/vmsvc %{_libdir}/%{name}/plugins/vmsvc/libappInfo.so +%{_libdir}/%{name}/plugins/vmsvc/libcomponentMgr.so %{_libdir}/%{name}/plugins/vmsvc/libdeployPkgPlugin.so %{_libdir}/%{name}/plugins/vmsvc/libgdp.so %{_libdir}/%{name}/plugins/vmsvc/libguestInfo.so @@ -377,6 +390,13 @@ fi %{_libdir}/%{name}/plugins/vmsvc/libserviceDiscovery.so %{_libdir}/%{name}/serviceDiscovery +%ifarch x86_64 +%files salt-minion +%dir %{_libdir}/%{name}/componentMgr/ +%dir %{_libdir}/%{name}/componentMgr/saltMinion/ +%{_libdir}/%{name}/componentMgr/saltMinion/svtminion.sh +%endif + %files devel %doc docs/api/build/* %exclude %{_includedir}/libDeployPkg/ @@ -393,10 +413,20 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog -* Thu Sep 01 2022 Miroslav Rezanina - 11.3.5-1.el9_0.1 -- ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119285] -- Resolves: bz#2119285 - (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.0.0.z]) +* Tue Sep 06 2022 Miroslav Rezanina - 12.0.5-2 +- ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119286] +- Resolves: bz#2119286 + (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.1.0]) + +* Tue Jun 07 2022 Miroslav Rezanina - 12.0.5-1 +- Rebase to open-vm-tools 12.0.5 [bz#2090275] +- Resolves: bz#2090275 + ([ESXi][RHEL9]Open-vm-tools release 12.0.5 has been released - please rebase) + +* Thu Apr 28 2022 Miroslav Rezanina - 12.0.0-1 +- Rebase to 12.0.0 [bz#2061193] +- Resolves: bz#2061193 + ([ESXi][RHEL9]Open-vm-tools release 12.0.0 has been released - please rebase) * Fri Oct 15 2021 Miroslav Rezanina - 11.3.5-1 - Rebase to 11.3.5 [bz#2008243]