import open-vm-tools-12.1.5-1.el8

2023-05-16 06:03:40 +00:00 · 2023-05-16 06:03:40 +00:00 · fd0e66a463
parent 0337d945d0
commit fd0e66a463
4 changed files with 16 additions and 64 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/open-vm-tools-12.0.5-19716617.tar.gz
+SOURCES/open-vm-tools-12.1.5-20735119.tar.gz
--- a/.open-vm-tools.metadata
+++ b/.open-vm-tools.metadata
@ -1 +1 @@
-dcdc35708fae2e3e3192fec7e6a93c7b5c0e3c4c SOURCES/open-vm-tools-12.0.5-19716617.tar.gz
+92cfc4bc23f3f4392a0e925d639aeac37c4aafb5 SOURCES/open-vm-tools-12.1.5-20735119.tar.gz
--- a/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch
+++ b/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch
@ -1,57 +0,0 @@
-From c8e1e5c668ead319b7a91a3a3d7decb114c5daef Mon Sep 17 00:00:00 2001
-From: Cathy Avery <cavery@redhat.com>
-Date: Mon, 29 Aug 2022 12:50:45 -0400
-Subject: [PATCH] Properly check authorization on incoming guestOps requests.
-
-RH-Author: Cathy Avery <cavery@redhat.com>
-RH-MergeRequest: 12: Properly check authorization on incoming guestOps requests.
-RH-Bugzilla: 2119284
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Commit: [1/1] d2f10cdcba9d606492f371790c3a0be5b8ce965c
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2119284
-Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=47492094
-Tested: Tested by QE
-Upstream Status: origin/master
-Conflicts: None
-
-    commit 70a74758bfe0042c27f15ce590fb21a2bc54d745
-    Author: John Wolfe <jwolfe@vmware.com>
-    Date:   Sun Aug 21 07:56:49 2022 -0700
-
-    Properly check authorization on incoming guestOps requests.
-
-    Fix public pipe request checks.  Only a SessionRequest type should
-    be accepted on the public pipe.
-
-Signed-off-by: Cathy Avery <cavery@redhat.com>
---
- open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c
-index db7159ee..6c672601 100644
--- a/open-vm-tools/vgauth/serviceImpl/proto.c
-+++ b/open-vm-tools/vgauth/serviceImpl/proto.c
-@@ -1,5 +1,5 @@
- /*********************************************************
- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved.
-+ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved.
-  *
-  * This program is free software; you can redistribute it and/or modify it
-  * under the terms of the GNU Lesser General Public License as published
-@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn,
-    VGAuthError err;
-    gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn);
- 
-+   if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) {
-+      return VGAUTH_E_PERMISSION_DENIED;
-+   }
-+
-    switch (req->reqType) {
-       /*
-        * This comes over the public connection; alwsys let it through.
-- 
-2.35.3
-
--- a/SPECS/open-vm-tools.spec
+++ b/SPECS/open-vm-tools.spec
@ -19,9 +19,9 @@
 ################################################################################

 %global _hardened_build 1
-%global majorversion    12.0
+%global majorversion    12.1
 %global minorversion    5
-%global toolsbuild      19716617
+%global toolsbuild      20735119
 %global toolsversion    %{majorversion}.%{minorversion}
 %global toolsdaemon     vmtoolsd
 %global vgauthdaemon    vgauthd
@ -32,7 +32,7 @@

 Name:             open-vm-tools
 Version:          %{toolsversion}
-Release:          2%{?dist}
+Release:          1%{?dist}
 Summary:          Open Virtual Machine Tools for virtual machines hosted on VMware
 License:          GPLv2
 URL:              https://github.com/vmware/%{name}
@ -44,8 +44,6 @@ Source3:          run-vmblock\x2dfuse.mount
 Source4:          open-vm-tools.conf
 Source5:          vmtoolsd.pam

-# For bz#2119284 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.7.0]
-Patch1: ovt-Properly-check-authorization-on-incoming-guestOps-re.patch

 %if 0%{?rhel} >= 7
 ExclusiveArch:    x86_64
@ -53,6 +51,7 @@ ExclusiveArch:    x86_64
 ExclusiveArch:    %{ix86} x86_64 aarch64
 %endif

+#Patch0: name.patch

 BuildRequires:    autoconf
 BuildRequires:    automake
@ -411,6 +410,16 @@ fi
 %{_bindir}/vmware-vgauth-smoketest

 %changelog
+* Fri Dec 09 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.5-1
+- Rebase to open-vm-tools 12.1.5 [bz#2150188]
+- Resolves: bz#2150188
+  (ESXi][RHEL8]Open-vm-tools release 12.1.5 has been released - please rebase)
+
+* Tue Sep 13 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.0-1
+- Rebase to open-vm-tools 12.1.0
+- Resolves: bz#2121196
+  ([ESXi][RHEL8]Open-vm-tools release 12.1.0 has been released - please rebase)
+
 * Tue Sep 06 2022 Jon Maloy <jmaloy@redhat.com> - 12.0.5-2
 - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119284]
 - Resolves: bz#2119284