Compare commits
No commits in common. "c8" and "a9" have entirely different histories.
|
@ -0,0 +1,255 @@
|
|||
From 1bfe23d728b74e08f4f65cd9b0093ca73937003a Mon Sep 17 00:00:00 2001
|
||||
From: Katy Feng <fkaty@vmware.com>
|
||||
Date: Tue, 17 Oct 2023 15:24:48 -0700
|
||||
Subject: [PATCH] Don't accept tokens with unrelated certs
|
||||
|
||||
If a SAML token has a cert that's not a part of a chain,
|
||||
fail the token as invalid.
|
||||
---
|
||||
open-vm-tools/vgauth/common/certverify.c | 147 +++++++++++++++++-
|
||||
open-vm-tools/vgauth/common/certverify.h | 6 +-
|
||||
open-vm-tools/vgauth/common/prefs.h | 4 +-
|
||||
.../vgauth/serviceImpl/saml-xmlsec1.c | 14 ++
|
||||
4 files changed, 168 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/open-vm-tools/vgauth/common/certverify.c b/open-vm-tools/vgauth/common/certverify.c
|
||||
index 0ed78edb0..845f59b91 100644
|
||||
--- a/open-vm-tools/vgauth/common/certverify.c
|
||||
+++ b/open-vm-tools/vgauth/common/certverify.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*********************************************************
|
||||
- * Copyright (C) 2011-2016, 2018-2019, 2021-2022 VMware, Inc. All rights reserved.
|
||||
+ * Copyright (c) 2011-2016, 2018-2019, 2021-2023 VMware, Inc. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Lesser General Public License as published
|
||||
@@ -914,3 +914,148 @@ done:
|
||||
|
||||
return err;
|
||||
}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
+ * Finds a cert with a subject (if checkSubj is set) or issuer (if
|
||||
+ * checkSUbj is unset), matching 'val' in the list
|
||||
+ * of certs. Returns a match or NULL.
|
||||
+ */
|
||||
+
|
||||
+static X509 *
|
||||
+FindCert(GList *cList,
|
||||
+ X509_NAME *val,
|
||||
+ int checkSubj)
|
||||
+{
|
||||
+ GList *l;
|
||||
+ X509 *c;
|
||||
+ X509_NAME *v;
|
||||
+
|
||||
+ l = cList;
|
||||
+ while (l != NULL) {
|
||||
+ c = (X509 *) l->data;
|
||||
+ if (checkSubj) {
|
||||
+ v = X509_get_subject_name(c);
|
||||
+ } else {
|
||||
+ v = X509_get_issuer_name(c);
|
||||
+ }
|
||||
+ if (X509_NAME_cmp(val, v) == 0) {
|
||||
+ return c;
|
||||
+ }
|
||||
+ l = l->next;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
+ ******************************************************************************
|
||||
+ * CertVerify_CheckForUnrelatedCerts -- */ /**
|
||||
+ *
|
||||
+ * Looks over a list of certs. If it finds that they are not all
|
||||
+ * part of the same chain, returns failure.
|
||||
+ *
|
||||
+ * @param[in] numCerts The number of certs in the chain.
|
||||
+ * @param[in] pemCerts The chain of certificates to verify.
|
||||
+ *
|
||||
+ * @return VGAUTH_E_OK on success, VGAUTH_E_FAIL if unrelated certs are found.
|
||||
+ *
|
||||
+ ******************************************************************************
|
||||
+ */
|
||||
+
|
||||
+VGAuthError
|
||||
+CertVerify_CheckForUnrelatedCerts(int numCerts,
|
||||
+ const char **pemCerts)
|
||||
+{
|
||||
+ VGAuthError err = VGAUTH_E_FAIL;
|
||||
+ int chainLen = 0;
|
||||
+ int i;
|
||||
+ X509 **certs = NULL;
|
||||
+ GList *rawList = NULL;
|
||||
+ X509 *baseCert;
|
||||
+ X509 *curCert;
|
||||
+ X509_NAME *subject;
|
||||
+ X509_NAME *issuer;
|
||||
+
|
||||
+ /* common single cert case; nothing to do */
|
||||
+ if (numCerts == 1) {
|
||||
+ return VGAUTH_E_OK;
|
||||
+ }
|
||||
+
|
||||
+ /* convert all PEM to X509 objects */
|
||||
+ certs = g_malloc0(numCerts * sizeof(X509 *));
|
||||
+ for (i = 0; i < numCerts; i++) {
|
||||
+ certs[i] = CertStringToX509(pemCerts[i]);
|
||||
+ if (NULL == certs[i]) {
|
||||
+ g_warning("%s: failed to convert cert to X509\n", __FUNCTION__);
|
||||
+ goto done;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* choose the cert to start the chain. shouldn't matter which */
|
||||
+ baseCert = certs[0];
|
||||
+
|
||||
+ /* put the rest into a list */
|
||||
+ for (i = 1; i < numCerts; i++) {
|
||||
+ rawList = g_list_append(rawList, certs[i]);
|
||||
+ }
|
||||
+
|
||||
+ /* now chase down to a leaf, looking for certs the baseCert issued */
|
||||
+ subject = X509_get_subject_name(baseCert);
|
||||
+ while ((curCert = FindCert(rawList, subject, 0)) != NULL) {
|
||||
+ /* pull it from the list */
|
||||
+ rawList = g_list_remove(rawList, curCert);
|
||||
+ /* set up the next find */
|
||||
+ subject = X509_get_subject_name(curCert);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * walk up to the root cert, by finding a cert where the
|
||||
+ * issuer equals the subject of the current
|
||||
+ */
|
||||
+ issuer = X509_get_issuer_name(baseCert);
|
||||
+ while ((curCert = FindCert(rawList, issuer, 1)) != NULL) {
|
||||
+ /* pull it from the list */
|
||||
+ rawList = g_list_remove(rawList, curCert);
|
||||
+ /* set up the next find */
|
||||
+ issuer = X509_get_issuer_name(curCert);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * At this point, anything on the list should be certs that are not part
|
||||
+ * of the chain that includes the original 'baseCert'.
|
||||
+ *
|
||||
+ * For a valid token, the list should be empty.
|
||||
+ */
|
||||
+ chainLen = g_list_length(rawList);
|
||||
+ if (chainLen != 0 ) {
|
||||
+ GList *l;
|
||||
+
|
||||
+ g_warning("%s: %d unrelated certs found in list\n",
|
||||
+ __FUNCTION__, chainLen);
|
||||
+
|
||||
+ /* debug helper */
|
||||
+ l = rawList;
|
||||
+ while (l != NULL) {
|
||||
+ X509* c = (X509 *) l->data;
|
||||
+ char *s = X509_NAME_oneline(X509_get_subject_name(c), NULL, 0);
|
||||
+
|
||||
+ g_debug("%s: unrelated cert subject: %s\n", __FUNCTION__, s);
|
||||
+ free(s);
|
||||
+ l = l->next;
|
||||
+ }
|
||||
+
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ g_debug("%s: Success! no unrelated certs found\n", __FUNCTION__);
|
||||
+ err = VGAUTH_E_OK;
|
||||
+
|
||||
+done:
|
||||
+ g_list_free(rawList);
|
||||
+ for (i = 0; i < numCerts; i++) {
|
||||
+ X509_free(certs[i]);
|
||||
+ }
|
||||
+ g_free(certs);
|
||||
+ return err;
|
||||
+}
|
||||
diff --git a/open-vm-tools/vgauth/common/certverify.h b/open-vm-tools/vgauth/common/certverify.h
|
||||
index d7c6410b6..89ec97a10 100644
|
||||
--- a/open-vm-tools/vgauth/common/certverify.h
|
||||
+++ b/open-vm-tools/vgauth/common/certverify.h
|
||||
@@ -1,5 +1,5 @@
|
||||
/*********************************************************
|
||||
- * Copyright (C) 2011-2016, 2020 VMware, Inc. All rights reserved.
|
||||
+ * Copyright (C) 2011-2016, 2020, 2023 VMware, Inc. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Lesser General Public License as published
|
||||
@@ -67,6 +67,10 @@ VGAuthError CertVerify_CheckSignatureUsingCert(VGAuthHashAlg hash,
|
||||
size_t signatureLen,
|
||||
const unsigned char *signature);
|
||||
|
||||
+
|
||||
+VGAuthError CertVerify_CheckForUnrelatedCerts(int numCerts,
|
||||
+ const char **pemCerts);
|
||||
+
|
||||
gchar * CertVerify_StripPEMCert(const gchar *pemCert);
|
||||
|
||||
gchar * CertVerify_CertToX509String(const gchar *pemCert);
|
||||
diff --git a/open-vm-tools/vgauth/common/prefs.h b/open-vm-tools/vgauth/common/prefs.h
|
||||
index ff116928c..6c58f3f4b 100644
|
||||
--- a/open-vm-tools/vgauth/common/prefs.h
|
||||
+++ b/open-vm-tools/vgauth/common/prefs.h
|
||||
@@ -1,5 +1,5 @@
|
||||
/*********************************************************
|
||||
- * Copyright (C) 2011-2019 VMware, Inc. All rights reserved.
|
||||
+ * Copyright (C) 2011-2019,2023 VMware, Inc. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Lesser General Public License as published
|
||||
@@ -136,6 +136,8 @@ msgCatalog = /etc/vmware-tools/vgauth/messages
|
||||
#define VGAUTH_PREF_ALIASSTORE_DIR "aliasStoreDir"
|
||||
/** The number of seconds slack allowed in either direction in SAML token date checks. */
|
||||
#define VGAUTH_PREF_CLOCK_SKEW_SECS "clockSkewAdjustment"
|
||||
+/** If unrelated certificates are allowed in a SAML token */
|
||||
+#define VGAUTH_PREF_ALLOW_UNRELATED_CERTS "allowUnrelatedCerts"
|
||||
|
||||
/** Ticket group name. */
|
||||
#define VGAUTH_PREF_GROUP_NAME_TICKET "ticket"
|
||||
diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
|
||||
index 14cba1b5b..57e931626 100644
|
||||
--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
|
||||
+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
|
||||
@@ -49,6 +49,7 @@
|
||||
#include "vmxlog.h"
|
||||
|
||||
static int gClockSkewAdjustment = VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS;
|
||||
+static gboolean gAllowUnrelatedCerts = FALSE;
|
||||
static xmlSchemaPtr gParsedSchemas = NULL;
|
||||
static xmlSchemaValidCtxtPtr gSchemaValidateCtx = NULL;
|
||||
|
||||
@@ -369,6 +370,10 @@ LoadPrefs(void)
|
||||
VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS);
|
||||
Log("%s: Allowing %d of clock skew for SAML date validation\n",
|
||||
__FUNCTION__, gClockSkewAdjustment);
|
||||
+ gAllowUnrelatedCerts = Pref_GetBool(gPrefs,
|
||||
+ VGAUTH_PREF_ALLOW_UNRELATED_CERTS,
|
||||
+ VGAUTH_PREF_GROUP_NAME_SERVICE,
|
||||
+ FALSE);
|
||||
}
|
||||
|
||||
|
||||
@@ -1589,6 +1594,15 @@ SAML_VerifyBearerTokenAndChain(const char *xmlText,
|
||||
return VGAUTH_E_AUTHENTICATION_DENIED;
|
||||
}
|
||||
|
||||
+ if (!gAllowUnrelatedCerts) {
|
||||
+ err = CertVerify_CheckForUnrelatedCerts(num, (const char **) certChain);
|
||||
+ if (err != VGAUTH_E_OK) {
|
||||
+ VMXLog_Log(VMXLOG_LEVEL_WARNING,
|
||||
+ "Unrelated certs found in SAML token, failing\n");
|
||||
+ return VGAUTH_E_AUTHENTICATION_DENIED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
subj.type = SUBJECT_TYPE_NAMED;
|
||||
subj.name = *subjNameOut;
|
||||
err = ServiceVerifyAndCheckTrustCertChainForSubject(num,
|
|
@ -0,0 +1,196 @@
|
|||
From 63f7c79c4aecb14d37cc4ce9da509419e31d394f Mon Sep 17 00:00:00 2001
|
||||
From: Katy Feng <fkaty@vmware.com>
|
||||
Date: Tue, 17 Oct 2023 15:24:48 -0700
|
||||
Subject: [PATCH] File descriptor vulnerability in the open-vm-tools
|
||||
vmware-user-suid-wrapperx on Linux
|
||||
|
||||
Moving the privilege drop logic (dropping privilege to the real uid and
|
||||
gid of the process for the vmusr service) from suidWrapper to vmtoolsd code.
|
||||
Now the vmtoolsd is not executed with dropped privileges (started as setuid
|
||||
program) and the dumpable attribute of the process is not reset.
|
||||
The unprivileged user will not have access to the privileged file descriptors
|
||||
in the vmtoolsd vmusr process.
|
||||
Also, setting the FD_CLOEXEC flag for both uinputFd and blockFd preventing
|
||||
the file descriptors being inherited any further from the vmtoolsd.
|
||||
---
|
||||
open-vm-tools/services/vmtoolsd/mainPosix.c | 78 ++++++++++++++++++-
|
||||
open-vm-tools/vmware-user-suid-wrapper/main.c | 28 +------
|
||||
2 files changed, 81 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/open-vm-tools/services/vmtoolsd/mainPosix.c b/open-vm-tools/services/vmtoolsd/mainPosix.c
|
||||
index fd2667cd5..6c52156bc 100644
|
||||
--- a/open-vm-tools/services/vmtoolsd/mainPosix.c
|
||||
+++ b/open-vm-tools/services/vmtoolsd/mainPosix.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*********************************************************
|
||||
- * Copyright (C) 2008-2020,2022 VMware, Inc. All rights reserved.
|
||||
+ * Copyright (c) 2008-2020,2022-2023 VMware, Inc. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Lesser General Public License as published
|
||||
@@ -28,10 +28,12 @@
|
||||
#include <signal.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
+#include <fcntl.h>
|
||||
#include <glib/gstdio.h>
|
||||
#include "file.h"
|
||||
#include "guestApp.h"
|
||||
#include "hostinfo.h"
|
||||
+#include "su.h"
|
||||
#include "system.h"
|
||||
#include "unicode.h"
|
||||
#include "util.h"
|
||||
@@ -154,6 +156,59 @@ ToolsCoreWorkAroundLoop(ToolsServiceState *state,
|
||||
}
|
||||
|
||||
|
||||
+/**
|
||||
+ * Tools function to set close-on-exec flg for the fd.
|
||||
+ *
|
||||
+ * @param[in] fd open file descriptor.
|
||||
+ *
|
||||
+ * @return TRUE on success, FALSE otherwise.
|
||||
+ */
|
||||
+
|
||||
+static gboolean
|
||||
+ToolsSetCloexecFlag(int fd)
|
||||
+{
|
||||
+ int flags;
|
||||
+
|
||||
+ if (fd == -1) {
|
||||
+ /* fd is not present, no need to manipulate */
|
||||
+ return TRUE;
|
||||
+ }
|
||||
+
|
||||
+ flags = fcntl(fd, F_GETFD, 0);
|
||||
+ if (flags < 0) {
|
||||
+ g_printerr("Couldn't get the flags set for fd %d, error %u.", fd, errno);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+ flags |= FD_CLOEXEC;
|
||||
+ if (fcntl(fd, F_SETFD, flags) < 0) {
|
||||
+ g_printerr("Couldn't set close-on-exec for fd %d, error %u.", fd, errno);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ return TRUE;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/**
|
||||
+ * Tools function to close the fds.
|
||||
+ */
|
||||
+
|
||||
+static void
|
||||
+ToolsCloseFds(void)
|
||||
+{
|
||||
+ if (gState.ctx.blockFD != -1) {
|
||||
+ close(gState.ctx.blockFD);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * uinputFD will be available only for wayland.
|
||||
+ */
|
||||
+ if (gState.ctx.uinputFD != -1) {
|
||||
+ close(gState.ctx.uinputFD);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
* Tools daemon entry function.
|
||||
*
|
||||
@@ -210,6 +265,27 @@ main(int argc,
|
||||
g_free(argvCopy);
|
||||
argvCopy = NULL;
|
||||
|
||||
+ /*
|
||||
+ * Drops privilege to the real uid and gid of the process
|
||||
+ * for the "vmusr" service.
|
||||
+ */
|
||||
+ if (TOOLS_IS_USER_SERVICE(&gState)) {
|
||||
+ uid_t uid = getuid();
|
||||
+ gid_t gid = getgid();
|
||||
+
|
||||
+ if ((Id_SetREUid(uid, uid) != 0) ||
|
||||
+ (Id_SetREGid(gid, gid) != 0)) {
|
||||
+ g_printerr("could not drop privileges: %s", strerror(errno));
|
||||
+ ToolsCloseFds();
|
||||
+ goto exit;
|
||||
+ }
|
||||
+ if (!ToolsSetCloexecFlag(gState.ctx.blockFD) ||
|
||||
+ !ToolsSetCloexecFlag(gState.ctx.uinputFD)) {
|
||||
+ ToolsCloseFds();
|
||||
+ goto exit;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (gState.pidFile != NULL) {
|
||||
/*
|
||||
* If argv[0] is not an absolute path, make it so; all other path
|
||||
diff --git a/open-vm-tools/vmware-user-suid-wrapper/main.c b/open-vm-tools/vmware-user-suid-wrapper/main.c
|
||||
index e9d7e5084..73ae9b9bb 100644
|
||||
--- a/open-vm-tools/vmware-user-suid-wrapper/main.c
|
||||
+++ b/open-vm-tools/vmware-user-suid-wrapper/main.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*********************************************************
|
||||
- * Copyright (C) 2007-2018 VMware, Inc. All rights reserved.
|
||||
+ * Copyright (C) 2007-2018,2023 VMware, Inc. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Lesser General Public License as published
|
||||
@@ -156,8 +156,7 @@ MaskSignals(void)
|
||||
*
|
||||
* Obtains the library directory from the Tools locations database, then
|
||||
* opens a file descriptor (while still root) to add and remove blocks,
|
||||
- * drops privilege to the real uid of this process, and finally starts
|
||||
- * vmware-user.
|
||||
+ * and finally starts vmware-user.
|
||||
*
|
||||
* Results:
|
||||
* Parent: TRUE on success, FALSE on failure.
|
||||
@@ -173,8 +172,6 @@ static Bool
|
||||
StartVMwareUser(char *const envp[])
|
||||
{
|
||||
pid_t pid;
|
||||
- uid_t uid;
|
||||
- gid_t gid;
|
||||
int blockFd = -1;
|
||||
char blockFdStr[8];
|
||||
int uinputFd = -1;
|
||||
@@ -191,8 +188,8 @@ StartVMwareUser(char *const envp[])
|
||||
}
|
||||
|
||||
/*
|
||||
- * Now create a child process, obtain a file descriptor as root, downgrade
|
||||
- * privilege, and run vmware-user.
|
||||
+ * Now create a child process, obtain a file descriptor as root and
|
||||
+ * run vmware-user.
|
||||
*/
|
||||
pid = fork();
|
||||
if (pid == -1) {
|
||||
@@ -229,23 +226,6 @@ StartVMwareUser(char *const envp[])
|
||||
}
|
||||
}
|
||||
|
||||
- uid = getuid();
|
||||
- gid = getgid();
|
||||
-
|
||||
- if ((setreuid(uid, uid) != 0) ||
|
||||
- (setregid(gid, gid) != 0)) {
|
||||
- Error("could not drop privileges: %s\n", strerror(errno));
|
||||
- if (blockFd != -1) {
|
||||
- close(blockFd);
|
||||
- }
|
||||
- if (useWayland) {
|
||||
- if (uinputFd != -1) {
|
||||
- close(uinputFd);
|
||||
- }
|
||||
- }
|
||||
- return FALSE;
|
||||
- }
|
||||
-
|
||||
/*
|
||||
* Since vmware-user provides features that don't depend on vmblock, we
|
||||
* invoke vmware-user even if we couldn't obtain a file descriptor or we
|
|
@ -0,0 +1,206 @@
|
|||
From 9d458c53a7a656d4d1ba3a28d090cce82ac4af0e Mon Sep 17 00:00:00 2001
|
||||
From: Katy Feng <fkaty@vmware.com>
|
||||
Date: Tue, 17 Jan 2023 19:08:33 -0800
|
||||
Subject: [PATCH] Track Linux filesystem id (FSID) for quiesced (frozen)
|
||||
filesystems
|
||||
|
||||
Tracking the filesystem FSID along with each file descriptor (FD)
|
||||
as the ioctl FIFREEZE is done. An EBUSY could be seen because of
|
||||
an attempt to freeze the same superblock more than once depending
|
||||
on the OS configuration (e.g. usage of bind mounts). An EBUSY could
|
||||
also mean another process has locked or frozen that filesystem.
|
||||
|
||||
When an EBUSY is received, the filesyste FSID is checked against the
|
||||
list of filesystems that have already be quiesced. If not previously
|
||||
seen, a warning that the filesystem is controlled by another process
|
||||
is logged and the quiesced snapshot request will be rejected.
|
||||
---
|
||||
.../lib/syncDriver/syncDriverLinux.c | 112 +++++++++++++++---
|
||||
1 file changed, 96 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/open-vm-tools/lib/syncDriver/syncDriverLinux.c b/open-vm-tools/lib/syncDriver/syncDriverLinux.c
|
||||
index eef65a2eb..6d9a35687 100644
|
||||
--- a/open-vm-tools/lib/syncDriver/syncDriverLinux.c
|
||||
+++ b/open-vm-tools/lib/syncDriver/syncDriverLinux.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*********************************************************
|
||||
- * Copyright (C) 2011-2018 VMware, Inc. All rights reserved.
|
||||
+ * Copyright (C) 2011-2018, 2023 VMware, Inc. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Lesser General Public License as published
|
||||
@@ -32,6 +32,7 @@
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
+#include <sys/statfs.h>
|
||||
#include "debug.h"
|
||||
#include "dynbuf.h"
|
||||
#include "syncDriverInt.h"
|
||||
@@ -43,12 +44,53 @@
|
||||
#endif
|
||||
|
||||
|
||||
+
|
||||
+typedef struct LinuxFsInfo {
|
||||
+ int fd;
|
||||
+ fsid_t fsid;
|
||||
+} LinuxFsInfo;
|
||||
+
|
||||
typedef struct LinuxDriver {
|
||||
SyncHandle driver;
|
||||
size_t fdCnt;
|
||||
- int *fds;
|
||||
+ LinuxFsInfo *fds;
|
||||
} LinuxDriver;
|
||||
|
||||
+static
|
||||
+const fsid_t MISSING_FSID = {};
|
||||
+
|
||||
+
|
||||
+/*
|
||||
+ *******************************************************************************
|
||||
+ * LinuxFiFsIdMatch --
|
||||
+ *
|
||||
+ * Check the collection of filesystems previously frozen for the specific
|
||||
+ * FSID.
|
||||
+ *
|
||||
+ * @param[in] fds List of LinuxFsInfo data for filesystems previously
|
||||
+ * frozen.
|
||||
+ * @param[in] count Number of fds in the list.
|
||||
+ * @param[in] nfsid The Filesystem ID of interest.
|
||||
+ *
|
||||
+ * @return TRUE if the FSID matches one previously processed. Otherwise FALSE
|
||||
+ *
|
||||
+ *******************************************************************************
|
||||
+ */
|
||||
+
|
||||
+static Bool
|
||||
+LinuxFiFsIdMatch(const LinuxFsInfo *fds,
|
||||
+ const size_t count,
|
||||
+ const fsid_t *nfsid) {
|
||||
+ size_t i;
|
||||
+
|
||||
+ for (i = 0; i < count; i++) {
|
||||
+ if (fds[i].fsid.__val[0] == nfsid->__val[0] &&
|
||||
+ fds[i].fsid.__val[1] == nfsid->__val[1]) {
|
||||
+ return TRUE;
|
||||
+ }
|
||||
+ }
|
||||
+ return FALSE;
|
||||
+}
|
||||
|
||||
/*
|
||||
*******************************************************************************
|
||||
@@ -75,9 +117,11 @@ LinuxFiThaw(const SyncDriverHandle handle)
|
||||
* Thaw in the reverse order of freeze
|
||||
*/
|
||||
for (i = sync->fdCnt; i > 0; i--) {
|
||||
- Debug(LGPFX "Thawing fd=%d.\n", sync->fds[i-1]);
|
||||
- if (ioctl(sync->fds[i-1], FITHAW) == -1) {
|
||||
- Debug(LGPFX "Thaw failed for fd=%d.\n", sync->fds[i-1]);
|
||||
+ int fd = sync->fds[i-1].fd;
|
||||
+
|
||||
+ Debug(LGPFX "Thawing fd=%d.\n", fd);
|
||||
+ if (ioctl(fd, FITHAW) == -1) {
|
||||
+ Debug(LGPFX "Thaw failed for fd=%d.\n", fd);
|
||||
err = SD_ERROR;
|
||||
}
|
||||
}
|
||||
@@ -108,8 +152,10 @@ LinuxFiClose(SyncDriverHandle handle)
|
||||
* Close in the reverse order of open
|
||||
*/
|
||||
for (i = sync->fdCnt; i > 0; i--) {
|
||||
- Debug(LGPFX "Closing fd=%d.\n", sync->fds[i-1]);
|
||||
- close(sync->fds[i-1]);
|
||||
+ int fd = sync->fds[i-1].fd;
|
||||
+
|
||||
+ Debug(LGPFX "Closing fd=%d.\n", fd);
|
||||
+ close(fd);
|
||||
}
|
||||
free(sync->fds);
|
||||
free(sync);
|
||||
@@ -196,8 +242,11 @@ LinuxDriver_Freeze(const GSList *paths,
|
||||
*/
|
||||
while (paths != NULL) {
|
||||
int fd;
|
||||
+ LinuxFsInfo fsInfo;
|
||||
struct stat sbuf;
|
||||
+ struct statfs fsbuf;
|
||||
const char *path = paths->data;
|
||||
+
|
||||
Debug(LGPFX "opening path '%s'.\n", path);
|
||||
paths = g_slist_next(paths);
|
||||
fd = open(path, O_RDONLY);
|
||||
@@ -258,23 +307,53 @@ LinuxDriver_Freeze(const GSList *paths,
|
||||
continue;
|
||||
}
|
||||
|
||||
+ if (fstatfs(fd, &fsbuf) == 0) {
|
||||
+ fsInfo.fsid = fsbuf.f_fsid;
|
||||
+ } else {
|
||||
+ Debug(LGPFX "failed to get file system id for path '%s'.\n", path);
|
||||
+ fsInfo.fsid = MISSING_FSID;
|
||||
+ }
|
||||
Debug(LGPFX "freezing path '%s' (fd=%d).\n", path, fd);
|
||||
if (ioctl(fd, FIFREEZE) == -1) {
|
||||
int ioctlerr = errno;
|
||||
+
|
||||
+ close(fd);
|
||||
+ Debug(LGPFX "freeze on '%s' returned: %d (%s)\n",
|
||||
+ path, ioctlerr, strerror(ioctlerr));
|
||||
+ /*
|
||||
+ * Previously, an EBUSY error was ignored, assuming that we may try
|
||||
+ * to freeze the same superblock more than once depending on the
|
||||
+ * OS configuration (e.g., usage of bind mounts).
|
||||
+ * Using the filesystem Id to check if this is a filesystem that we
|
||||
+ * have seen previously and will ignore this FD only if that is
|
||||
+ * the case. Log a warning otherwise since the quiesced snapshot
|
||||
+ * attempt will fail.
|
||||
+ */
|
||||
+ if (ioctlerr == EBUSY) {
|
||||
+ if (LinuxFiFsIdMatch(DynBuf_Get(&fds),
|
||||
+ DynBuf_GetSize(&fds),
|
||||
+ &fsInfo.fsid)) {
|
||||
+ /*
|
||||
+ * We have previous knowledge of this file system by another
|
||||
+ * mount point. Safe to ignore.
|
||||
+ */
|
||||
+ Debug(LGPFX "skipping path '%s' - previously frozen", path);
|
||||
+ continue;
|
||||
+ }
|
||||
+ /*
|
||||
+ * It appears that this FS has been locked or frozen by another
|
||||
+ * process. We cannot proceed with the quiesced snapshot request.
|
||||
+ */
|
||||
+ Warning(LGPFX "'%s' appears locked or frozen by another process. "
|
||||
+ "Cannot complete the quiesced snapshot request.\n", path);
|
||||
+ }
|
||||
/*
|
||||
* If the ioctl does not exist, Linux will return ENOTTY. If it's not
|
||||
* supported on the device, we get EOPNOTSUPP. Ignore the latter,
|
||||
* since freezing does not make sense for all fs types, and some
|
||||
* Linux fs drivers may not have been hooked up in the running kernel.
|
||||
- *
|
||||
- * Also ignore EBUSY since we may try to freeze the same superblock
|
||||
- * more than once depending on the OS configuration (e.g., usage of
|
||||
- * bind mounts).
|
||||
*/
|
||||
- close(fd);
|
||||
- Debug(LGPFX "freeze on '%s' returned: %d (%s)\n",
|
||||
- path, ioctlerr, strerror(ioctlerr));
|
||||
- if (ioctlerr != EBUSY && ioctlerr != EOPNOTSUPP) {
|
||||
+ if (ioctlerr != EOPNOTSUPP) {
|
||||
Debug(LGPFX "failed to freeze '%s': %d (%s)\n",
|
||||
path, ioctlerr, strerror(ioctlerr));
|
||||
err = first && ioctlerr == ENOTTY ? SD_UNAVAILABLE : SD_ERROR;
|
||||
@@ -282,7 +361,8 @@ LinuxDriver_Freeze(const GSList *paths,
|
||||
}
|
||||
} else {
|
||||
Debug(LGPFX "successfully froze '%s' (fd=%d).\n", path, fd);
|
||||
- if (!DynBuf_Append(&fds, &fd, sizeof fd)) {
|
||||
+ fsInfo.fd = fd;
|
||||
+ if (!DynBuf_Append(&fds, &fsInfo, sizeof fsInfo)) {
|
||||
if (ioctl(fd, FITHAW) == -1) {
|
||||
Warning(LGPFX "failed to thaw '%s': %d (%s)\n",
|
||||
path, errno, strerror(errno));
|
|
@ -1,13 +1,15 @@
|
|||
From 4fb21bd75fd5a4eceed67a8050436b47750ca716 Mon Sep 17 00:00:00 2001
|
||||
From 6b783bb35d6c860c809ad4e05ef9f5bf5ad81bcc Mon Sep 17 00:00:00 2001
|
||||
From: Katy Feng <fkaty@vmware.com>
|
||||
Date: Tue, 22 Aug 2023 11:11:42 -0700
|
||||
Subject: [PATCH] Provide alternate method to allow (expected) pre-frozen
|
||||
filesystems
|
||||
|
||||
RH-Author: Ani Sinha <None>
|
||||
RH-MergeRequest: 30: Provide alternate method to allow (expected) pre-frozen filesystems when taking a quiesced snapshot.
|
||||
RH-Jira: RHEL-7012
|
||||
RH-Commit: [1/1] 07570fcdc1fd697d54268e530fc64162eb2a0bdb
|
||||
RH-MergeRequest: 5: Provide alternate method to allow (expected) pre-frozen filesystems when taking a quiesced snapshot.
|
||||
RH-Jira: RHEL-2446
|
||||
RH-Acked-by: Cathy Avery <cavery@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/1] 02bb68525844635819d1f4745e606d7ae8519c6d (anisinha/centos-open-vm-tools)
|
||||
|
||||
Effective with open-vm-tools 12.2.0, Linux quiesced snapshots will fail if
|
||||
any filesystem(s) have been prefrozen by other than the vmtoolsd process.
|
||||
|
@ -420,5 +422,5 @@ index e5a03a9c..f238cb59 100644
|
|||
# operation. Scripts are executed from the scripts directory along with the
|
||||
# legacy scripts.
|
||||
--
|
||||
2.37.3
|
||||
2.39.3
|
||||
|
||||
|
|
|
@ -0,0 +1,169 @@
|
|||
From 8d2f9bdeafbdca395c22bc051c508d967b178ff4 Mon Sep 17 00:00:00 2001
|
||||
From: John Wolfe <jwolfe@vmware.com>
|
||||
Date: Mon, 8 May 2023 19:04:57 -0700
|
||||
Subject: [PATCH] Remove some dead code.
|
||||
|
||||
RH-Author: Ani Sinha <None>
|
||||
RH-MergeRequest: 4: Remove some dead code.
|
||||
RH-Bugzilla: 2215566
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/1] 4601ac4b341378b23d3afe8a9089c369061b45a5 (anisinha/centos-open-vm-tools)
|
||||
|
||||
Address CVE-2023-20867.
|
||||
Remove some authentication types which were deprecated long
|
||||
ago and are no longer in use. These are dead code.
|
||||
|
||||
Cherry-picked from
|
||||
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch
|
||||
|
||||
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
||||
Signed-off-by: Kevin Lyons <kevin.x.lyons@oracle.com>
|
||||
Reviewed-by: Alex Burmashev <alexander.burmashev@oracle.com>
|
||||
---
|
||||
open-vm-tools/services/plugins/vix/vixTools.c | 102 ------------------
|
||||
1 file changed, 102 deletions(-)
|
||||
|
||||
diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
|
||||
index 9f376a72..85c5ba74 100644
|
||||
--- a/open-vm-tools/services/plugins/vix/vixTools.c
|
||||
+++ b/open-vm-tools/services/plugins/vix/vixTools.c
|
||||
@@ -254,8 +254,6 @@ char *gImpersonatedUsername = NULL;
|
||||
#define VIX_TOOLS_CONFIG_API_AUTHENTICATION "Authentication"
|
||||
#define VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS "InfrastructureAgents"
|
||||
|
||||
-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT TRUE
|
||||
-
|
||||
/*
|
||||
* The switch that controls all APIs
|
||||
*/
|
||||
@@ -730,9 +728,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
|
||||
|
||||
void GuestAuthUnimpersonate();
|
||||
|
||||
-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
|
||||
- const char *typeName);
|
||||
-
|
||||
#if SUPPORT_VGAUTH
|
||||
|
||||
VGAuthError TheVGAuthContext(VGAuthContext **ctx);
|
||||
@@ -8013,29 +8008,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg, // IN
|
||||
userToken);
|
||||
break;
|
||||
}
|
||||
- case VIX_USER_CREDENTIAL_ROOT:
|
||||
- {
|
||||
- if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
|
||||
- !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
|
||||
- VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
|
||||
- /*
|
||||
- * Don't accept hashed shared secret if disabled.
|
||||
- */
|
||||
- g_message("%s: Requested authentication type has been disabled.\n",
|
||||
- __FUNCTION__);
|
||||
- err = VIX_E_GUEST_AUTHTYPE_DISABLED;
|
||||
- goto done;
|
||||
- }
|
||||
- }
|
||||
- // fall through
|
||||
-
|
||||
- case VIX_USER_CREDENTIAL_CONSOLE_USER:
|
||||
- err = VixToolsImpersonateUserImplEx(NULL,
|
||||
- credentialType,
|
||||
- NULL,
|
||||
- loadUserProfile,
|
||||
- userToken);
|
||||
- break;
|
||||
case VIX_USER_CREDENTIAL_NAME_PASSWORD:
|
||||
case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
|
||||
case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
|
||||
@@ -8204,36 +8176,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr, // IN
|
||||
}
|
||||
}
|
||||
|
||||
- /*
|
||||
- * If the VMX asks to be root, then we allow them.
|
||||
- * The VMX will make sure that only it will pass this value in,
|
||||
- * and only when the VM and host are configured to allow this.
|
||||
- */
|
||||
- if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
|
||||
- && (thisProcessRunsAsRoot)) {
|
||||
- *userToken = PROCESS_CREATOR_USER_TOKEN;
|
||||
-
|
||||
- gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
|
||||
- err = VIX_OK;
|
||||
- goto quit;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * If the VMX asks to be root, then we allow them.
|
||||
- * The VMX will make sure that only it will pass this value in,
|
||||
- * and only when the VM and host are configured to allow this.
|
||||
- *
|
||||
- * XXX This has been deprecated XXX
|
||||
- */
|
||||
- if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
|
||||
- && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
|
||||
- *userToken = PROCESS_CREATOR_USER_TOKEN;
|
||||
-
|
||||
- gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
|
||||
- err = VIX_OK;
|
||||
- goto quit;
|
||||
- }
|
||||
-
|
||||
/*
|
||||
* If the VMX asks us to run commands in the context of the current
|
||||
* user, make sure that the user who requested the command is the
|
||||
@@ -10914,50 +10856,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode, // IN
|
||||
}
|
||||
|
||||
|
||||
-/*
|
||||
- *-----------------------------------------------------------------------------
|
||||
- *
|
||||
- * VixToolsCheckIfAuthenticationTypeEnabled --
|
||||
- *
|
||||
- * Checks to see if a given authentication type has been
|
||||
- * disabled via the tools configuration.
|
||||
- *
|
||||
- * Return value:
|
||||
- * TRUE if enabled, FALSE otherwise.
|
||||
- *
|
||||
- * Side effects:
|
||||
- * None
|
||||
- *
|
||||
- *-----------------------------------------------------------------------------
|
||||
- */
|
||||
-
|
||||
-static Bool
|
||||
-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, // IN
|
||||
- const char *typeName) // IN
|
||||
-{
|
||||
- char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
|
||||
- gboolean disabled;
|
||||
-
|
||||
- Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
|
||||
- VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
|
||||
- typeName);
|
||||
-
|
||||
- ASSERT(confDictRef != NULL);
|
||||
-
|
||||
- /*
|
||||
- * XXX Skip doing the strcmp() to verify the auth type since we only
|
||||
- * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
|
||||
- * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
|
||||
- */
|
||||
- disabled = VMTools_ConfigGetBoolean(confDictRef,
|
||||
- VIX_TOOLS_CONFIG_API_GROUPNAME,
|
||||
- authnDisabledName,
|
||||
- VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
|
||||
-
|
||||
- return !disabled;
|
||||
-}
|
||||
-
|
||||
-
|
||||
/*
|
||||
*-----------------------------------------------------------------------------
|
||||
*
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
From a839cb975d58968237bd871b1fb4cbe191af085b Mon Sep 17 00:00:00 2001
|
||||
From 2dc6f33e455c7d0dceb2d444632b35806613c510 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
Date: Thu, 7 Sep 2023 02:27:50 -0400
|
||||
Subject: [PATCH] VGAuth: Allow only X509 certs to verify the SAML token
|
||||
signature.
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Bugzilla: 2236543
|
||||
RH-Bugzilla: 2236544
|
||||
RH-CVE: CVE-2023-20900
|
||||
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
@ -35,4 +35,3 @@ index f5541a9a..0b2a945b 100644
|
|||
|
||||
--
|
||||
2.39.3
|
||||
|
||||
|
|
|
@ -4,8 +4,6 @@ Documentation=https://github.com/vmware/open-vm-tools
|
|||
ConditionVirtualization=vmware
|
||||
Requires=vgauthd.service
|
||||
After=vgauthd.service
|
||||
DefaultDependencies=no
|
||||
Before=cloud-init-local.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/vmtoolsd
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
Name: open-vm-tools
|
||||
Version: %{toolsversion}
|
||||
Release: 3%{?dist}
|
||||
Release: 3%{?dist}.2.alma.1
|
||||
Summary: Open Virtual Machine Tools for virtual machines hosted on VMware
|
||||
License: GPLv2
|
||||
URL: https://github.com/vmware/%{name}
|
||||
|
@ -46,17 +46,23 @@ Source5: vmtoolsd.pam
|
|||
|
||||
|
||||
%if 0%{?rhel} >= 7
|
||||
ExclusiveArch: x86_64
|
||||
ExclusiveArch: x86_64 aarch64
|
||||
%else
|
||||
ExclusiveArch: %{ix86} x86_64 aarch64
|
||||
%endif
|
||||
|
||||
# Patch0: name.patch
|
||||
# For RHEL-4584 - CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-8.10.0]
|
||||
#Patch0: name.patch
|
||||
# For bz#2236544 - CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-9]
|
||||
Patch1: ovt-VGAuth-Allow-only-X509-certs-to-verify-the-SAML-toke.patch
|
||||
# For RHEL-7012 - [RHEL8.10][ESXi]Latest version of open-vm-tools breaks VM backups
|
||||
# For RHEL-2446 - [RHEL9.3][ESXi]Latest version of open-vm-tools breaks VM backups
|
||||
Patch2: ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch
|
||||
|
||||
# Patches were taken from:
|
||||
# https://github.com/vmware/open-vm-tools/commit/1bfe23d728b74e08f4f65cd9b0093ca73937003a
|
||||
Patch3: Dont-accept-tokens-with-unrelated-certs.patch
|
||||
# https://github.com/vmware/open-vm-tools/commit/63f7c79c4aecb14d37cc4ce9da509419e31d394f
|
||||
Patch4: File-descriptor-vulnerability-in-the-open-vm-tools.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
|
@ -414,178 +420,241 @@ fi
|
|||
%{_bindir}/vmware-vgauth-smoketest
|
||||
|
||||
%changelog
|
||||
* Wed Sep 27 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.5-3
|
||||
- ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-7012]
|
||||
- Resolves: RHEL-7012
|
||||
([RHEL8.10][ESXi]Latest version of open-vm-tools breaks VM backups)
|
||||
* Thu Nov 16 2023 Eduard Abdullin <eabdullin@almalinux.org> - 12.2.5-3.2.alma.1
|
||||
- File descriptor vulnerability in the open-vm-tools
|
||||
vmware-user-suid-wrapperx on Linux
|
||||
- Don't accept tokens with unrelated certs
|
||||
|
||||
* Wed Sep 20 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-2
|
||||
- Rebuild CVE-2023-20900 for 8.10
|
||||
- Resolves: RHEL-4584
|
||||
(CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-8.10.0])
|
||||
* Fri Sep 22 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-3
|
||||
- ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-2446]
|
||||
- Resolves: RHEL-2446
|
||||
([RHEL9.3][ESXi]Latest version of open-vm-tools breaks VM backups)
|
||||
|
||||
* Tue Jul 11 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-1
|
||||
- Rebase to open-vm-tools 12.2.5 [bz#2214861]
|
||||
- Resolves: bz#2214861
|
||||
([ESXi][RHEL8]open-vm-tools version 12.2.5 has been released - please rebase)
|
||||
- Resolves: bz#2216415
|
||||
([ESXi][RHEL8] URL in service unit files are started from http instead of https)
|
||||
* Fri Sep 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-2
|
||||
- ovt-VGAuth-Allow-only-X509-certs-to-verify-the-SAML-toke.patch [bz#2236544]
|
||||
- Resolves: bz#2236544
|
||||
(CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-9])
|
||||
|
||||
* Wed Jun 28 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.0-3
|
||||
- ovt-Remove-some-dead-code.patch [bz#2215563]
|
||||
- Resolves: bz#2215563
|
||||
([CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [rhel-8])
|
||||
* Mon Jul 10 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-1
|
||||
- Rebaer to open-vm-tools 12.2.5
|
||||
- Resolves: bz#2214862
|
||||
([ESXi][RHEL9]open-vm-tools version 12.2.5 has been released - please rebase)
|
||||
|
||||
* Tue Jun 27 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.0-3
|
||||
- ovt-Remove-some-dead-code.patch [bz#2215566]
|
||||
- Resolves: bz#2215566
|
||||
([CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [rhel-br-9])
|
||||
|
||||
* Tue Jun 20 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.0-2
|
||||
- ovt-Use-https-instead-of-http-for-documentation-links.patch [bz#2208160]
|
||||
- Resolves: bz#2208160
|
||||
([ESXi][RHEL9] URL in service unit files are started from http instead of https)
|
||||
|
||||
* Wed May 03 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.0-1
|
||||
- Rebase to open-vm-tools 12.2.0 [bz#2177068]
|
||||
- Resolves: bz#2177068
|
||||
([ESXi][RHEL8]open-vm-tools version 12.2.0 has been released - please rebase)
|
||||
- Rebase to open-vm-tools 12.2.0 [bz#2177086]
|
||||
- Resolves: bz#2177086
|
||||
([ESXi][RHEL9]open-vm-tools version 12.2.0 has been released - please rebase)
|
||||
|
||||
* Fri Dec 09 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.5-1
|
||||
- Rebase to open-vm-tools 12.1.5 [bz#2150188]
|
||||
- Resolves: bz#2150188
|
||||
(ESXi][RHEL8]Open-vm-tools release 12.1.5 has been released - please rebase)
|
||||
* Fri Dec 09 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.1.5-1
|
||||
- Rebase to open-vm-tools 12.1.5 [bz#2150190]
|
||||
- Resolves: bz#2150190
|
||||
([ESXi][RHEL9]Open-vm-tools release 12.1.5 has been released - please rebase)
|
||||
|
||||
* Tue Sep 13 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.0-1
|
||||
- Rebase to open-vm-tools 12.1.0
|
||||
- Resolves: bz#2121196
|
||||
([ESXi][RHEL8]Open-vm-tools release 12.1.0 has been released - please rebase)
|
||||
|
||||
* Tue Sep 06 2022 Jon Maloy <jmaloy@redhat.com> - 12.0.5-2
|
||||
- ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119284]
|
||||
- Resolves: bz#2119284
|
||||
(CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.7.0])
|
||||
* Fri Sep 09 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.1.0-1
|
||||
- Rebase to open-mv-tools 12.1.0 [bz#2121203]
|
||||
- Resolves: bz#2121203
|
||||
([ESXi][RHEL9]Open-vm-tools release 12.1.0 has been released - please rebase)
|
||||
|
||||
* Tue Jun 07 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.0.5-1
|
||||
- Rebase to open-vm-tools 12.0.5 [bz#2090273]
|
||||
- Resolves: bz#2090273
|
||||
([ESXi][RHEL8]Open-vm-tools release 12.0.5 has been released - please rebase)
|
||||
- Rebase to open-vm-tools 12.0.5 [bz#2090275]
|
||||
- Resolves: bz#2090275
|
||||
([ESXi][RHEL9]Open-vm-tools release 12.0.5 has been released - please rebase)
|
||||
|
||||
* Thu Apr 28 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.0.0-1
|
||||
- Rebase to open-vm-tools 12.0.0 [bz#2061189]
|
||||
- Resolves: bz#2061189
|
||||
([ESXi][RHEL8]Open-vm-tools release 12.0.0 has been released - please rebase)
|
||||
- Rebase to 12.0.0 [bz#2061193]
|
||||
- Resolves: bz#2061193
|
||||
([ESXi][RHEL9]Open-vm-tools release 12.0.0 has been released - please rebase)
|
||||
|
||||
* Mon Oct 18 2021 Miroslav Rezanian <mrezanin@redhat.com> - 11.3.5-1
|
||||
- Rebase to open-vm-tools 11.3.5 [bz#2008244]
|
||||
- Resolves: bz#2008244
|
||||
([ESXi][RHEL8]Open-vm-tools release 11.3.5 has been released - please rebase)
|
||||
* Fri Oct 15 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.3.5-1
|
||||
- Rebase to 11.3.5 [bz#2008243]
|
||||
- Resolves: bz#2008243
|
||||
([ESXi][RHEL9]Open-vm-tools release 11.3.5 has been released - please rebase)
|
||||
|
||||
* Thu Sep 23 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.3.0-1.el8
|
||||
- Rebase to open-vm-tools 11.3.0 [bz#1974468]
|
||||
- Resolves: bz#1974468
|
||||
([ESXi][RHEL8]Open-vm-tools release 11.3.0 has been released - please rebase)
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.3.0-2
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Thu Apr 29 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-2.el8
|
||||
- ovt-Fix-a-memory-leak-reported-by-a-partner-from-their-C.patch [bz#1935807]
|
||||
- Resolves: bz#1935807
|
||||
([ESXi][RHEL-8.5][open-vm-tools] Coverity detected an important defect in open-vm-tools-11.2.5 rebase)
|
||||
* Wed Jul 21 2021 Miroslav Rezanina <rezanin@redhat.com> - 11.3.0-1
|
||||
- Rebase to 11.3.0 [bz#1974471]
|
||||
- Resolves: bz#1974471
|
||||
([ESXi][RHEL9]Open-vm-tools release 11.3.0 has been released - please update for RHEL 9.0)
|
||||
|
||||
* Tue Mar 02 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-1.el8
|
||||
- Rebase to 11.2.5 [bz#1916561]
|
||||
([ESXi][RHEL8.5]Open-vm-tools update release 11.2.5 has been released)
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 11.2.5-5
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
||||
* Tue Dec 01 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.0-2.el8
|
||||
- ovt-Fix-memory-leaks.patch [bz#1896804]
|
||||
- Resolves: bz#1896804
|
||||
([ESXi][open-vm-tools] Coverity detected important defects in open-vm-tools-11.2.0 rebase)
|
||||
* Tue May 11 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-4
|
||||
- ovt-Fix-a-memory-leak-reported-by-a-partner-from-their-C.patch [bz#1954040]
|
||||
- Resolves: bz#1954040
|
||||
([ESXi][RHEL9.0][open-vm-tools] Coverity detected an important defect in open-vm-tools-11.2.5 rebase)
|
||||
|
||||
* Tue Nov 10 2020 Miroslav Rezanina <mrezanin@redaht.com> - 11.2.0-1.el8
|
||||
- Rebase to 11.2.0 [bz#1890831]
|
||||
- Resolves: bz#1890831
|
||||
([ESXi][RHEL8]Rebase open-vm-tools to 11.2.0 for 8.4)
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 11.2.5-3
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Wed Sep 30 2020 Miroslav Rezanina <mrezanin@redaht.com> - 11.1.5-1.el8
|
||||
- Rebase to 11.1.5 [bz#1870781]
|
||||
- Resolves: bz#1870781
|
||||
([ESXi][RHEL8]Rebase open-vm-tools to 11.1.5 for 8.4)
|
||||
* Fri Apr 09 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-2.el9
|
||||
- ovt-Fixes-necessary-to-build-open-vm-tools-with-newer-gt.patch [bz#1936382]
|
||||
- ovt-Update-spec-file-for-correct-build.patch [bz#1936382]
|
||||
- Resolves: bz#1936382
|
||||
([ESXi][RHEL-9][FTBS] open-vm-tools not working with newer gtk libraries)
|
||||
|
||||
* Thu Jul 02 2020 Miroslav Rezanina <mrezanin@redaht.com> - 11.1.0-2.el8
|
||||
- Remove net-tools dependency [bz#1849459]
|
||||
- Resolves: bz#1849459
|
||||
([ESXi][RHEL8]Incorporate SDMP related fixes and removal of net-tools dependency)
|
||||
* Fri Jan 15 2021 Ravindra Kumar <ravindrakumar@vmware.com> - 11.2.5-1
|
||||
- Package new upstream version open-vm-tools-11.2.5-17337674.
|
||||
- libdnet dependency was removed in open-vm-tools 11.0.0. So,
|
||||
removed the stale BuildRequires for libdnet.
|
||||
|
||||
* Tue May 26 2020 Mirosalv Rezanina <mrezanin@redhat.com> - 11.1.0-1.el8
|
||||
- Rebase to 11.1.0 [bz#1806677]
|
||||
- Added open-vm-tools-sdmp package [bz#1833157)
|
||||
- Resolves: bz#1806677
|
||||
([ESXi][RHEL8]Rebase open-vm-tools to 11.1.0 for RHEL 8.3)
|
||||
- Resolves: bz#1833157
|
||||
([ESXi][RHEL8]Add new open-vm-tools-sdmp package for RHEL 8.3)
|
||||
* Thu Jan 14 2021 Richard W.M. Jones <rjones@redhat.com> - 11.2.0-2
|
||||
- Bump and rebuild against libdnet 1.14 (RHBZ#1915838).
|
||||
|
||||
* Tue Apr 21 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.5-3.el8
|
||||
- ovt-Fix-a-trivial-memory-leak-in-namespacetool.c.patch [bz#1811729]
|
||||
- ovt-Update-copyright-to-reflect-previous-change.patch [bz#1811729]
|
||||
- ovt-add-appinfo-plugin.patch [bz#1809751]
|
||||
- Resolves: bz#1809751
|
||||
([ESXi][RHEL8.2.1]open-vm-tools add appinfo plugin patch)
|
||||
- Resolves: bz#1811729
|
||||
([ESXi][RHEL8.2.1]open-vm-tools coverity scan issue)
|
||||
* Fri Nov 06 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.2.0-1
|
||||
- Package new upstream version open-vm-tools-11.2.0-16938113.
|
||||
|
||||
* Wed Apr 08 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.5-1.el8
|
||||
- Rebase to 11.0.5 (bz#1798285)
|
||||
- Resolves: bz#1798285
|
||||
([ESXi][RHEL8.2.1]Rebase open-vm-tools to 11.0.5 for 8.2.1)
|
||||
* Fri Oct 30 2020 Jeff Law <law@redhat.com> - 11.1.5-2
|
||||
- Fix incorrect volatile exposed by gcc-11
|
||||
|
||||
* Tue Feb 18 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.0-4.el8
|
||||
- ovt-Rectify-a-log-spew-in-vmsvc-logging-vmware-vmsvc-roo.patch [bz#1800812]
|
||||
- Resolves: bz#1800812
|
||||
([ESXi][RHEL8]Log spew "[ warning] [guestinfo] GuestInfoGetDiskDevice: Missing disk device name)
|
||||
* Tue Sep 08 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.1.5-1
|
||||
- Package new upstream version open-vm-tools-11.1.5-16724464.
|
||||
- Removed gcc10-warning.patch and sdmp-fixes.patch (no longer needed).
|
||||
|
||||
* Thu Dec 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.0-3.el8
|
||||
- ovt-Address-Coverity-issues-reported-in-bora-lib-file-fi.patch [bz#1769881]
|
||||
- ovt-Fix-a-potential-NULL-pointer-dereference-in-the-vmba.patch [bz#1769881]
|
||||
- ovt-Address-two-Coverity-reported-issues-in-hostinfoPosi.patch [bz#1769881]
|
||||
- ovt-Fix-a-resource-leak-issue-in-deployPkg.patch [bz#1769881]
|
||||
- Resolves: bz#1769881
|
||||
([ESXi][RHEL8.2]Important issues found by covscan in "open-vm-tools-11.0.0-2.el8" package)
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.1.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Oct 14 2019 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.0-1.el8
|
||||
- Rebase to 11.0.0 [bz#1754658]
|
||||
- Resolves: bz#1754658
|
||||
(Rebase open-vm-tools to 11.0 for 8.2.0)
|
||||
- Resolves: bz#1760891
|
||||
(Need to backport some severe memory leak fixes from upstream)
|
||||
* Thu Jul 09 2020 Merlin Mathesius <mmathesi@redhat.com> - 11.1.0-3
|
||||
- Conditional fixes to build for ELN
|
||||
|
||||
* Thu Aug 01 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.10-3.el8
|
||||
- ovt-End-VGAuth-impersonation-in-the-case-of-error.patch [bz#1602648]
|
||||
- ovt-Fix-memory-leak-in-GetFormattedCommandLine-function-.patch [bz#1602648]
|
||||
- ovt-Fix-a-leak-if-VGAuth-setup-fails.-Coverity-issue.patch [bz#1602648]
|
||||
- ovt-Fix-minor-leak-in-FileRotateByRenumber-Coverity-scan.patch [bz#1602648]
|
||||
- ovt-Fix-memory-leak-in-SNEBuildHash-function.patch [bz#1602648]
|
||||
- ovt-Fix-Coverity-reported-issues-in-i18n.c-code-VMTools-.patch [bz#1602648]
|
||||
- ovt-Fix-a-memory-leak-in-the-unicode-library.patch [bz#1602648]
|
||||
- ovt-Fix-a-trivial-Coverity-reported-memory-leak-in-vgaut.patch [bz#1602648]
|
||||
- ovt-Fixes-for-few-leaks-and-improved-error-handling.patch [bz#1602648]
|
||||
- ovt-Fix-Coverity-reported-double-memory-free-errors.patch [bz#1602648]
|
||||
- ovt-Fix-a-trivial-Coverity-reported-memory-leak.patch [bz#1602648]
|
||||
- ovt-Fix-RH-Covscan-Coverity-reported-memory-leaks-in-too.patch [bz#1602648]
|
||||
- ovt-Fix-Using-uninitialized-value-issue-reported-by-Cove.patch [bz#1602648]
|
||||
- ovt-copyPasteCompatX11.c-code-generating-unnecessary-Cov.patch [bz#1602648]
|
||||
- ovt-Fix-a-Coverity-issue-reported-in-vgauth-serviceImpl-.patch [bz#1602648]
|
||||
- ovt-Fix-two-coverity-issues-reported-by-a-customer.patch [bz#1602648]
|
||||
- Resolves: bz#1602648
|
||||
([ESXi][RHEL8]Please review important issues found by covscan in "open-vm-tools-10.2.5-2.el8+7" package)
|
||||
* Sun Jun 21 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.1.0-2
|
||||
- Added sdmp-fixes.patch from upstream to remove net-tools dependency
|
||||
and couple of important fixes
|
||||
|
||||
* Tue Jun 04 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.10-2
|
||||
- Rebase to 10.3.10 [bz#1702784]
|
||||
- Resolves: bz#1702784
|
||||
(Rebase open-vm-tools to 10.3.10)
|
||||
* Mon May 25 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.1.0-1
|
||||
- Package new upstream version open-vm-tools-11.1.0-16036546.
|
||||
- Added new open-vm-tools-sdmp package.
|
||||
- Workaround for vm-support script path is no longer needed.
|
||||
- Added missing dependencies for vm-support script.
|
||||
- Updated gcc10-warning.patch.
|
||||
- Removed gcc9-static-inline.patch and diskinfo-log-spew.patch that
|
||||
are no longer needed.
|
||||
|
||||
* Tue Jan 08 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.0-2.el8
|
||||
- ovt-Enable-cloud-init-by-default-to-change-the-systemd-u.patch [bz#1660713]
|
||||
- Resolves: bz#1660713
|
||||
([ESXi][RHEL8.0]Enable cloud-init by default to change the systemd unit file vmtoolsd.service)
|
||||
* Sun May 17 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-4
|
||||
- Updated PAM configuration file to follow configured authn scheme.
|
||||
|
||||
* Tue Oct 16 2018 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.0-1
|
||||
- Rebase to 10.3.0 [bz#1626578]
|
||||
- Resolves: bz#1626578
|
||||
([ESXi][RHEL8]Rebase open-vm-tools to 10.3.0)
|
||||
* Tue Mar 24 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-3
|
||||
- Use /sbin/ldconfig on older than Fedora 28 and RHEL 8 platforms.
|
||||
|
||||
* Mon May 14 2018 Miroslav Rezanina <mrezanin@redhat.com> - 10.2.5-2
|
||||
- Updated RHEL version
|
||||
- Resolves: bz#1527233
|
||||
([ESXi][RHEL7.5]Rebase open-vm-tools to 10.2.5)
|
||||
* Fri Feb 07 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-2
|
||||
- Added patch diskinfo-log-spew.patch.
|
||||
|
||||
* Tue Feb 04 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-1
|
||||
- Package new upstream version open-vm-tools-11.0.5-15389592.
|
||||
- Removed vix-memleak.patch which is no longer needed.
|
||||
|
||||
* Tue Feb 04 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-6
|
||||
- Added gcc10-warning.patch for fixing compilation issues.
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.0.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Oct 09 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-4
|
||||
- Fixes for drag-n-drop that needs vmblock-fuse mount.
|
||||
- Added run-vmblock\x2dfuse.mount service unit for vmblock-fuse mount.
|
||||
- Added open-vm-tools.conf for loading Fuse.
|
||||
|
||||
* Wed Oct 09 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-3
|
||||
- Cleanup GuestProxy certs from /etc/vmware-tools/GuestProxyData if needed.
|
||||
- Cleanup vmtoolsd-init service symlinks.
|
||||
|
||||
* Wed Oct 02 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-2
|
||||
- vmtoolsd-init.service is no longer needed for 11.0.0, removed it.
|
||||
|
||||
* Wed Oct 02 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-1
|
||||
- Package new upstream version open-vm-tools-11.0.0-14549434.
|
||||
- Added gcc9-static-inline.patch for gcc9 warnings.
|
||||
- Added vix-memleak.patch for a memory leak.
|
||||
- Removed gcc9-warnings.patch which is no longer needed.
|
||||
- Removed vmware-guestproxycerttool as it is no longer available upstream.
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 10.3.10-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Sat Mar 16 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.10-1
|
||||
- Package new upstream version open-vm-tools-10.3.10-12406962.
|
||||
- Removed quiescing-combined.patch which is no longer needed.
|
||||
|
||||
* Wed Feb 13 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.5-2
|
||||
- Combine all gcc9 warning patches into one single gcc9-warnings.patch.
|
||||
|
||||
* Tue Feb 12 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.5-1
|
||||
- Package new upstream version open-vm-tools-10.3.5-10430147.
|
||||
- Removed cloud-init.patch which is no longer needed.
|
||||
- Removed hgfsPlugin-crash.patch which is no longer needed.
|
||||
- Removed linuxDeploymentUtils-strncat.patch which is no longer needed.
|
||||
- Added quiescing-combined.patch for quiesced snapshot fixes.
|
||||
- Updated hgfsServer-aligned.patch for open-vm-tools-10.3.5.
|
||||
|
||||
* Tue Feb 12 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-8
|
||||
- Updated *-aligned.patch files with more tweaks.
|
||||
- Filed a regression in readdir operation in dir-aligned.patch.
|
||||
|
||||
* Sun Feb 03 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-7
|
||||
- Added hgfsServer-aligned.patch for "address-of-packed-member" error.
|
||||
- Added hgfsmounter-aligned.patch for "address-of-packed-member" error.
|
||||
- Added util-misc-format.patch for "format-overflow" error.
|
||||
- Added linuxDeploymentUtils-strncat.patch for "stringop-truncation" error.
|
||||
- Added filesystem-aligned.patch for "address-of-packed-member" error.
|
||||
- Added file-aligned.patch for "address-of-packed-member" error.
|
||||
- Added fsutil-aligned.patch for "address-of-packed-member" error.
|
||||
- Added dir-aligned.patch for "address-of-packed-member" error.
|
||||
- Added link-aligned.patch for "address-of-packed-member" error.
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 10.3.0-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Oct 01 2018 Simone Caronni <negativo17@gmail.com> - 10.3.0-5
|
||||
- Update SPEC file to match packaging guidelines.
|
||||
- Re-add ldconfig scriptlets. They expand to nothing in Fedora 28+, but they
|
||||
are still required for Fedora 27. These can be removed when Fedora 27 is EOL.
|
||||
|
||||
* Fri Aug 10 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-4
|
||||
- Fixed few bugs related to vmtoolsd-init.service.
|
||||
|
||||
* Tue Aug 07 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-3
|
||||
- Implement the https://pagure.io/packaging-committee/issue/506 guideline.
|
||||
- Added vmtoolsd-init.service per the guideline.
|
||||
- Replaced the certificate cleanup with "vmware-guestproxycerttool -e".
|
||||
|
||||
* Mon Aug 06 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-2
|
||||
- Added hgfsPlugin-crash.patch for vmtoolsd crash (RHBZ#1612470).
|
||||
|
||||
* Thu Aug 02 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-1
|
||||
- Package new upstream version open-vm-tools-10.3.0-8931395.
|
||||
- Updated cloud-init.patch for 10.3.0.
|
||||
- Removed use-tirpc.patch which is no longer needed.
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 10.2.5-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Jul 11 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.2.5-6
|
||||
- Added cloud-init.patch to detect cloud-init correctly.
|
||||
- Added cleanup for /etc/vmware-tools directory on uninstall.
|
||||
|
||||
* Tue Jul 10 2018 Pete Walter <pwalter@fedoraproject.org> - 10.2.5-5
|
||||
- Rebuild for ICU 62
|
||||
|
||||
* Thu Jul 05 2018 Richard W.M. Jones <rjones@redhat.com> - 10.2.5-4
|
||||
- Remove ldconfig
|
||||
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/SU3LJVDZ7LUSJGZR5MS72BMRAFP3PQQL/
|
||||
|
||||
* Tue May 15 2018 Pete Walter <pwalter@fedoraproject.org> - 10.2.5-3
|
||||
- Rebuild for ICU 61.1
|
||||
|
||||
* Wed May 09 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.2.5-2
|
||||
- Use tirpc for Fedora 28 onwards.
|
||||
|
|
Loading…
Reference in New Issue