6 changed files with 631 additions and 306 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/open-vm-tools-12.3.5-22544099.tar.gz
+SOURCES/open-vm-tools-12.5.0-24276846.tar.gz
--- a/.open-vm-tools.metadata
+++ b/.open-vm-tools.metadata
@ -1 +1 @@
-84ec127c620c46f6cddb5e38ce556a31244a967d SOURCES/open-vm-tools-12.3.5-22544099.tar.gz
+3bcbcf751b273cb9b3984484ad70b14a2efddb6f SOURCES/open-vm-tools-12.5.0-24276846.tar.gz
--- a/SOURCES/0000-open-vm-tools-cve-2025-22247.patch
+++ b/SOURCES/0000-open-vm-tools-cve-2025-22247.patch
@ -0,0 +1,374 @@
+From 7874e572b5aac5a418551dc5e3935c1e74bf6f1f Mon Sep 17 00:00:00 2001
+From: John Wolfe <john.wolfe@broadcom.com>
+Date: Mon, 5 May 2025 15:58:03 -0700
+Subject: [PATCH] Validate user names and file paths
+
+Prevent usage of illegal characters in user names and file paths.
+Also, disallow unexpected symlinks in file paths.
+
+This patch contains changes to common source files not applicable
+to open-vm-tools.
+
+All files being updated should be consider to have the copyright to
+be updated to:
+
+ * Copyright (c) XXXX-2025 Broadcom. All Rights Reserved.
+ * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+
+The 2025 Broadcom copyright information update is not part of this
+patch set to allow the patch to be easily applied to previous
+open-vm-tools source releases.
+---
+ open-vm-tools/vgauth/common/VGAuthUtil.c      | 33 +++++++++
+ open-vm-tools/vgauth/common/VGAuthUtil.h      |  2 +
+ open-vm-tools/vgauth/common/prefs.h           |  3 +
+ open-vm-tools/vgauth/common/usercheck.c       | 23 +++++-
+ open-vm-tools/vgauth/serviceImpl/alias.c      | 74 ++++++++++++++++++-
+ open-vm-tools/vgauth/serviceImpl/service.c    | 27 +++++++
+ open-vm-tools/vgauth/serviceImpl/serviceInt.h |  1 +
+ 7 files changed, 160 insertions(+), 3 deletions(-)
+
+diff --git a/open-vm-tools/vgauth/common/VGAuthUtil.c b/open-vm-tools/vgauth/common/VGAuthUtil.c
+index 76383c462..9c2adb8d0 100644
+--- a/open-vm-tools/vgauth/common/VGAuthUtil.c
+++ b/open-vm-tools/vgauth/common/VGAuthUtil.c
+@@ -309,3 +309,36 @@ Util_Assert(const char *cond,
+ #endif
+    g_assert(0);
+ }
+
+
+/*
+ ******************************************************************************
+ * Util_Utf8CaseCmp --                                                   */ /**
+ *
+ * Case insensitive comparison for utf8 strings which can have non-ascii
+ * characters.
+ *
+ * @param[in]  str1      Null terminated utf8 string.
+ * @param[in]  str2      Null terminated utf8 string.
+ *
+ ******************************************************************************
+ */
+
+int
+Util_Utf8CaseCmp(const gchar *str1,
+                 const gchar *str2)
+{
+   int ret;
+   gchar *str1Case;
+   gchar *str2Case;
+
+   str1Case = g_utf8_casefold(str1, -1);
+   str2Case = g_utf8_casefold(str2, -1);
+
+   ret = g_strcmp0(str1Case, str2Case);
+
+   g_free(str1Case);
+   g_free(str2Case);
+
+   return ret;
+}
+diff --git a/open-vm-tools/vgauth/common/VGAuthUtil.h b/open-vm-tools/vgauth/common/VGAuthUtil.h
+index f7f3aa216..ef32a91da 100644
+--- a/open-vm-tools/vgauth/common/VGAuthUtil.h
+++ b/open-vm-tools/vgauth/common/VGAuthUtil.h
+@@ -105,4 +105,6 @@ gboolean Util_CheckExpiration(const GTimeVal *start, unsigned int duration);
+
+ void Util_Assert(const char *cond, const char *file, int lineNum);
+
+int Util_Utf8CaseCmp(const gchar *str1, const gchar *str2);
+
+ #endif
+diff --git a/open-vm-tools/vgauth/common/prefs.h b/open-vm-tools/vgauth/common/prefs.h
+index 6c58f3f4b..3299eb26c 100644
+--- a/open-vm-tools/vgauth/common/prefs.h
+++ b/open-vm-tools/vgauth/common/prefs.h
+@@ -167,6 +167,9 @@ msgCatalog = /etc/vmware-tools/vgauth/messages
+ /** Where the localized version of the messages were installed. */
+ #define VGAUTH_PREF_LOCALIZATION_DIR        "msgCatalog"
+
+/** If symlinks or junctions are allowed in alias store file path */
+#define VGAUTH_PREF_ALLOW_SYMLINKS  "allowSymlinks"
+
+ /*
+  * Pref values
+  */
+diff --git a/open-vm-tools/vgauth/common/usercheck.c b/open-vm-tools/vgauth/common/usercheck.c
+index 3beede2e8..340aa0411 100644
+--- a/open-vm-tools/vgauth/common/usercheck.c
+++ b/open-vm-tools/vgauth/common/usercheck.c
+@@ -78,6 +78,8 @@
+  * Solaris as well, but that path is untested.
+  */
+
+#define MAX_USER_NAME_LEN 256
+
+ /*
+  * A single retry works for the LDAP case, but try more often in case NIS
+  * or something else has a related issue.  Note that a bad username/uid won't
+@@ -354,12 +356,29 @@ Usercheck_UsernameIsLegal(const gchar *userName)
+     * restricted list for local usernames.
+     */
+    size_t len;
+-   char *illegalChars = "<>/";
+   size_t i = 0;
+   int backSlashCnt = 0;
+   /*
+    * As user names are used to generate its alias store file name/path, it
+    * should not contain path traversal characters ('/' and '\').
+    */
+   char *illegalChars = "<>/\\";
+
+    len = strlen(userName);
+-   if (strcspn(userName, illegalChars) != len) {
+   if (len > MAX_USER_NAME_LEN) {
+       return FALSE;
+    }
+
+   while ((i += strcspn(userName + i, illegalChars)) < len) {
+      /*
+       * One backward slash is allowed for domain\username separator.
+       */
+      if (userName[i] != '\\' || ++backSlashCnt > 1) {
+         return FALSE;
+      }
+      ++i;
+   }
+
+    return TRUE;
+ }
+
+diff --git a/open-vm-tools/vgauth/serviceImpl/alias.c b/open-vm-tools/vgauth/serviceImpl/alias.c
+index 4e170202c..c7040ebff 100644
+--- a/open-vm-tools/vgauth/serviceImpl/alias.c
+++ b/open-vm-tools/vgauth/serviceImpl/alias.c
+@@ -41,6 +41,7 @@
+ #include "certverify.h"
+ #include "VGAuthProto.h"
+ #include "vmxlog.h"
+#include "VGAuthUtil.h"
+
+ // puts the identity store in an easy to find place
+ #undef WIN_TEST_MODE
+@@ -66,6 +67,7 @@
+ #define ALIASSTORE_FILE_PREFIX   "user-"
+ #define ALIASSTORE_FILE_SUFFIX   ".xml"
+
+static gboolean allowSymlinks = FALSE;
+ static gchar *aliasStoreRootDir = DEFAULT_ALIASSTORE_ROOT_DIR;
+
+ #ifdef _WIN32
+@@ -252,6 +254,12 @@ mapping file layout:
+
+  */
+
+#ifdef _WIN32
+#define ISPATHSEP(c)  ((c) == '\\' || (c) == '/')
+#else
+#define ISPATHSEP(c)  ((c) == '/')
+#endif
+
+
+ /*
+  ******************************************************************************
+@@ -466,6 +474,7 @@ ServiceLoadFileContentsWin(const gchar *fileName,
+    gunichar2 *fileNameW = NULL;
+    BOOL ok;
+    DWORD bytesRead;
+   gchar *realPath = NULL;
+
+    *fileSize = 0;
+    *contents = NULL;
+@@ -622,6 +631,22 @@ ServiceLoadFileContentsWin(const gchar *fileName,
+       goto done;
+    }
+
+   if (!allowSymlinks) {
+      /*
+       * Check if fileName is real path.
+       */
+      if ((realPath = ServiceFileGetPathByHandle(hFile)) == NULL) {
+         err = VGAUTH_E_FAIL;
+         goto done;
+      }
+      if (Util_Utf8CaseCmp(realPath, fileName) != 0) {
+         Warning("%s: Real path (%s) is not same as file path (%s)\n",
+                 __FUNCTION__, realPath, fileName);
+         err = VGAUTH_E_FAIL;
+         goto done;
+      }
+   }
+
+    /*
+     * Now finally read the contents.
+     */
+@@ -650,6 +675,7 @@ done:
+       CloseHandle(hFile);
+    }
+    g_free(fileNameW);
+   g_free(realPath);
+
+    return err;
+ }
+@@ -672,6 +698,7 @@ ServiceLoadFileContentsPosix(const gchar *fileName,
+    gchar *buf;
+    gchar *bp;
+    int fd = -1;
+   gchar realPath[PATH_MAX] = { 0 };
+
+    *fileSize = 0;
+    *contents = NULL;
+@@ -817,6 +844,23 @@ ServiceLoadFileContentsPosix(const gchar *fileName,
+       goto done;
+    }
+
+   if (!allowSymlinks) {
+      /*
+       * Check if fileName is real path.
+       */
+      if (realpath(fileName, realPath) == NULL) {
+         Warning("%s: realpath() failed. errno (%d)\n", __FUNCTION__, errno);
+         err = VGAUTH_E_FAIL;
+         goto done;
+      }
+      if (g_strcmp0(realPath, fileName) != 0) {
+         Warning("%s: Real path (%s) is not same as file path (%s)\n",
+                 __FUNCTION__, realPath, fileName);
+         err = VGAUTH_E_FAIL;
+         goto done;
+      }
+   }
+
+    /*
+     * All confidence checks passed; read the bits.
+     */
+@@ -2803,8 +2847,13 @@ ServiceAliasRemoveAlias(const gchar *reqUserName,
+
+    /*
+     * We don't verify the user exists in a Remove operation, to allow
+-    * cleanup of deleted user's stores.
+    * cleanup of deleted user's stores, but we do check whether the
+    * user name is legal or not.
+     */
+   if (!Usercheck_UsernameIsLegal(userName)) {
+      Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName);
+      return VGAUTH_E_FAIL;
+   }
+
+    if (!CertVerify_IsWellFormedPEMCert(pemCert)) {
+       return VGAUTH_E_INVALID_CERTIFICATE;
+@@ -3036,6 +3085,16 @@ ServiceAliasQueryAliases(const gchar *userName,
+    }
+ #endif
+
+   /*
+    * We don't verify the user exists in a Query operation to allow
+    * cleaning up after a deleted user, but we do check whether the
+    * user name is legal or not.
+    */
+   if (!Usercheck_UsernameIsLegal(userName)) {
+      Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName);
+      return VGAUTH_E_FAIL;
+   }
+
+    err = AliasLoadAliases(userName, num, aList);
+    if (VGAUTH_E_OK != err) {
+       Warning("%s: failed to load Aliases for '%s'\n", __FUNCTION__, userName);
+@@ -3294,6 +3353,7 @@ ServiceAliasInitAliasStore(void)
+    VGAuthError err = VGAUTH_E_OK;
+    gboolean saveBadDir = FALSE;
+    char *defaultDir = NULL;
+   size_t len;
+
+ #ifdef _WIN32
+    {
+@@ -3324,6 +3384,10 @@ ServiceAliasInitAliasStore(void)
+    defaultDir = g_strdup(DEFAULT_ALIASSTORE_ROOT_DIR);
+ #endif
+
+   allowSymlinks = Pref_GetBool(gPrefs,
+                                VGAUTH_PREF_ALLOW_SYMLINKS,
+                                VGAUTH_PREF_GROUP_NAME_SERVICE,
+                                FALSE);
+    /*
+     * Find the alias store directory.  This allows an installer to put
+     * it somewhere else if necessary.
+@@ -3337,6 +3401,14 @@ ServiceAliasInitAliasStore(void)
+                                       VGAUTH_PREF_GROUP_NAME_SERVICE,
+                                       defaultDir);
+
+   /*
+    * Remove the trailing separator if any from aliasStoreRootDir path.
+    */
+   len = strlen(aliasStoreRootDir);
+   if (ISPATHSEP(aliasStoreRootDir[len - 1])) {
+      aliasStoreRootDir[len - 1] = '\0';
+   }
+
+    Log("Using '%s' for alias store root directory\n", aliasStoreRootDir);
+
+    g_free(defaultDir);
+diff --git a/open-vm-tools/vgauth/serviceImpl/service.c b/open-vm-tools/vgauth/serviceImpl/service.c
+index d4716526c..e053ed0fa 100644
+--- a/open-vm-tools/vgauth/serviceImpl/service.c
+++ b/open-vm-tools/vgauth/serviceImpl/service.c
+@@ -28,6 +28,7 @@
+ #include "VGAuthUtil.h"
+ #ifdef _WIN32
+ #include "winUtil.h"
+#include <glib.h>
+ #endif
+
+ static ServiceStartListeningForIOFunc startListeningIOFunc = NULL;
+@@ -283,9 +284,35 @@ static gchar *
+ ServiceUserNameToPipeName(const char *userName)
+ {
+    gchar *escapedName = ServiceEncodeUserName(userName);
+#ifdef _WIN32
+   /*
+    * Adding below pragma only in windows to suppress the compile time warning
+    * about unavailability of g_uuid_string_random() since compiler flag
+    * GLIB_VERSION_MAX_ALLOWED is defined to GLIB_VERSION_2_34.
+    * TODO: Remove below pragma when GLIB_VERSION_MAX_ALLOWED is bumped up to
+    * or greater than GLIB_VERSION_2_52.
+    */
+#pragma warning(suppress : 4996)
+   gchar *uuidStr = g_uuid_string_random();
+   /*
+    * Add a unique suffix to avoid a name collision with an existing named pipe
+    * created by someone else (intentionally or by accident).
+    * This is not needed for Linux; name collisions on sockets are already
+    * avoided there since (1) file system paths to VGAuthService sockets are in
+    * a directory that is writable only by root and (2) VGAuthService unlinks a
+    * socket path before binding it to a newly created socket.
+    */
+   gchar *pipeName = g_strdup_printf("%s-%s-%s",
+                                     SERVICE_PUBLIC_PIPE_NAME,
+                                     escapedName,
+                                     uuidStr);
+
+   g_free(uuidStr);
+#else
+    gchar *pipeName = g_strdup_printf("%s-%s",
+                                      SERVICE_PUBLIC_PIPE_NAME,
+                                      escapedName);
+#endif
+
+    g_free(escapedName);
+    return pipeName;
+diff --git a/open-vm-tools/vgauth/serviceImpl/serviceInt.h b/open-vm-tools/vgauth/serviceImpl/serviceInt.h
+index 5f420192b..f4f88547d 100644
+--- a/open-vm-tools/vgauth/serviceImpl/serviceInt.h
+++ b/open-vm-tools/vgauth/serviceImpl/serviceInt.h
+@@ -441,6 +441,7 @@ VGAuthError ServiceFileVerifyAdminGroupOwnedByHandle(const HANDLE hFile);
+ VGAuthError ServiceFileVerifyEveryoneReadableByHandle(const HANDLE hFile);
+ VGAuthError ServiceFileVerifyUserAccessByHandle(const HANDLE hFile,
+                                                 const char *userName);
+gchar *ServiceFileGetPathByHandle(HANDLE hFile);
+ #else
+ VGAuthError ServiceFileVerifyFileOwnerAndPerms(const char *fileName,
+                                                const char *userName,
+--
+2.43.5
+
--- a/SOURCES/ovt-SDMP-Service-Discovery-Plugin.patch
+++ b/SOURCES/ovt-SDMP-Service-Discovery-Plugin.patch
@ -1,133 +0,0 @@
-From 68384f6ab79233817b5bf3370f0a46ee20a7f7e8 Mon Sep 17 00:00:00 2001
-From: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Wed, 1 Oct 2025 10:49:34 +0200
-Subject: [PATCH] SDMP: Service Discovery Plugin
-
-RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-MergeRequest: 56: SDMP: Service Discovery Plugin
-RH-Jira: RHEL-117388
-RH-Acked-by: roverflow <None>
-RH-Acked-by: Maxim Levitsky <None>
-RH-Acked-by: Ani Sinha <anisinha@redhat.com>
-RH-Commit: [1/1] b8e63c398b7615bbbd86ae3b4539717e4fff74b1
-
-JIRA: https://issues.redhat.com/browse/RHEL-117388
-CVE: CVE-2025-41244
-
-commit 7ed196cf01f8acd09011815a605b6733894b8aab
-Author: Kruti Pendharkar <kp025370@broadcom.com>
-Date:   Mon Sep 29 01:02:40 2025 -0700
-
-    Address CVE-2025-41244
-     - Disable (default) the execution of the SDMP get-versions.sh script.
-
-    With the Linux SDMP get-versions.sh script disabled, version information
-    of installed services will not be made available to VMware Aria
-
-RHEL-only: used
-https://github.com/vmware/open-vm-tools/blob/CVE-2025-41244.patch/CVE-2025-41244-1230-1235-SDMP.patch
-patch for 12.3 version.
-
-Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
- .../serviceDiscovery/serviceDiscovery.c       | 34 ++++++++++++++++---
- 1 file changed, 30 insertions(+), 4 deletions(-)
-
-diff --git a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-index 103cf14e..2f65294b 100644
--- a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-+++ b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
-@@ -115,6 +115,12 @@ static gchar* scriptInstallDir = NULL;
-  */
- #define SERVICE_DISCOVERY_RPC_WAIT_TIME 100
- 
-+/*
-+ * Defines the configuration to enable/disable version obtaining logic
-+ */
-+#define CONFNAME_SERVICEDISCOVERY_VERSION_CHECK "version-check-enabled"
-+#define SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK FALSE
-+
- /*
-  * Defines the configuration to cache data in gdp plugin
-  */
-@@ -1239,23 +1245,27 @@ ServiceDiscoveryServerShutdown(gpointer src,
-  *
-  * Construct final paths of the scripts that will be used for execution.
-  *
-+ * @param[in] versionCheckEnabled  TRUE to include the SERVICE_DISCOVERY_KEY_VERSIONS
-+ *                                 entry; FALSE to skip it (derived from config).
-+ *
-  *****************************************************************************
-  */
- 
- static void
-ConstructScriptPaths(void)
-+ConstructScriptPaths(Bool versionCheckEnabled)
- {
-    int i;
- #if !defined(OPEN_VM_TOOLS)
-    gchar *toolsInstallDir;
- #endif
-+   int insertIndex = 0;
- 
-    if (gFullPaths != NULL) {
-       return;
-    }
- 
-    gFullPaths = g_array_sized_new(FALSE, TRUE, sizeof(KeyNameValue),
-                                  ARRAYSIZE(gKeyScripts));
-+                                  ARRAYSIZE(gKeyScripts) - (versionCheckEnabled ? 0u : 1u));
-    if (scriptInstallDir == NULL) {
- #if defined(OPEN_VM_TOOLS)
-       scriptInstallDir = Util_SafeStrdup(VMTOOLS_SERVICE_DISCOVERY_SCRIPTS);
-@@ -1267,6 +1277,15 @@ ConstructScriptPaths(void)
- #endif
-    }
-    for (i = 0; i < ARRAYSIZE(gKeyScripts); ++i) {
-+      /*
-+       * Skip adding if:
-+       * 1. Version check is disabled, AND
-+       * 2. The keyName matches SERVICE_DISCOVERY_KEY_VERSIONS
-+       */
-+      if (!versionCheckEnabled &&
-+         g_strcmp0(gKeyScripts[i].keyName, SERVICE_DISCOVERY_KEY_VERSIONS) == 0) {
-+         continue;
-+      }
-       KeyNameValue tmp;
-       tmp.keyName = g_strdup_printf("%s", gKeyScripts[i].keyName);
- #if defined(_WIN32)
-@@ -1274,7 +1293,8 @@ ConstructScriptPaths(void)
- #else
-       tmp.val = g_strdup_printf("%s%s%s", scriptInstallDir, DIRSEPS, gKeyScripts[i].val);
- #endif
-      g_array_insert_val(gFullPaths, i, tmp);
-+      g_array_insert_val(gFullPaths, insertIndex, tmp);
-+      insertIndex++;
-    }
- }
- 
-@@ -1340,14 +1360,20 @@ ToolsOnLoad(ToolsAppCtx *ctx)
-          }
-       };
-       gboolean disabled;
-+      Bool versionCheckEnabled;
- 
-       regData.regs = VMTools_WrapArray(regs,
-                                        sizeof *regs,
-                                        ARRAYSIZE(regs));
-+      versionCheckEnabled = VMTools_ConfigGetBoolean(
-+         ctx->config,
-+         CONFGROUPNAME_SERVICEDISCOVERY,
-+         CONFNAME_SERVICEDISCOVERY_VERSION_CHECK,
-+         SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK);
-       /*
-        * Append scripts execution command line
-        */
-      ConstructScriptPaths();
-+      ConstructScriptPaths(versionCheckEnabled);
- 
-       disabled =
-          VMTools_ConfigGetBoolean(ctx->config,
-- 
-2.47.3
-
--- a/SOURCES/vmtoolsd.service
+++ b/SOURCES/vmtoolsd.service
@ -4,8 +4,6 @@ Documentation=https://github.com/vmware/open-vm-tools
 ConditionVirtualization=vmware
 Requires=vgauthd.service
 After=vgauthd.service
-DefaultDependencies=no
-Before=cloud-init-local.service
 StartLimitIntervalSec=30
 StartLimitBurst=3

--- a/SPECS/open-vm-tools.spec
+++ b/SPECS/open-vm-tools.spec
@ -18,10 +18,9 @@
 ### Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 ################################################################################

-%global _hardened_build 1
-%global majorversion    12.3
-%global minorversion    5
-%global toolsbuild      22544099
+%global majorversion    12.5
+%global minorversion    0
+%global toolsbuild      24276846
 %global toolsversion    %{majorversion}.%{minorversion}
 %global toolsdaemon     vmtoolsd
 %global vgauthdaemon    vgauthd
@ -32,7 +31,7 @@

 Name:             open-vm-tools
 Version:          %{toolsversion}
-Release:          2%{?dist}.1
+Release:          1%{?dist}.alma.1
 Summary:          Open Virtual Machine Tools for virtual machines hosted on VMware
 License:          GPLv2
 URL:              https://github.com/vmware/%{name}
@ -44,16 +43,16 @@ Source3:          run-vmblock\x2dfuse.mount
 Source4:          open-vm-tools.conf
 Source5:          vmtoolsd.pam

-
 %if 0%{?rhel} >= 7
-ExclusiveArch:    x86_64
+ExclusiveArch:    x86_64 aarch64
 %else
 ExclusiveArch:    %{ix86} x86_64 aarch64
 %endif

-# Patch0: name.patch
-# For RHEL-117388 - [CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-8.10.z]
-Patch1: ovt-SDMP-Service-Discovery-Plugin.patch
+# Patches
+#Patch0:           <patch-name0>.patch
+# https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch
+Patch0: 0000-open-vm-tools-cve-2025-22247.patch

 BuildRequires:    autoconf
 BuildRequires:    automake
@ -62,7 +61,12 @@ BuildRequires:    make
 BuildRequires:    gcc-c++
 BuildRequires:    doxygen
 # Fuse is optional and enables vmblock-fuse
+# Switching Fedora to use fuse3.   Red Hat to switch on their own schedule.
+%if 0%{?fedora} || 0%{?rhel} > 8
+BuildRequires:    fuse3-devel
+%else
 BuildRequires:    fuse-devel
+%endif
 BuildRequires:    glib2-devel >= 2.14.0
 BuildRequires:    libicu-devel
 BuildRequires:    libmspack-devel
@ -97,7 +101,11 @@ BuildRequires:    systemd
 %endif

 Requires:         coreutils
+%if 0%{?fedora} || 0%{?rhel} > 8
+Requires:         fuse3
+%else
 Requires:         fuse
+%endif
 Requires:         iproute
 Requires:         grep
 Requires:         pciutils
@ -108,6 +116,8 @@ Requires:         util-linux
 Requires:         which
 # xmlsec1-openssl needs to be added explicitly
 Requires:         xmlsec1-openssl
+# DeployPkg pluggin require dbus-uuidgen
+Requires:         dbus-tools

 # open-vm-tools >= 10.0.0 do not require open-vm-tools-deploypkg provided by
 # VMware. That functionality is now available as part of open-vm-tools package
@ -412,199 +422,275 @@ fi
 %{_bindir}/vmware-vgauth-smoketest

 %changelog
-* Tue Oct 07 2025 Miroslav Rezanina <mrezanin@redhat.com> - 12.3.5-2.el8.1
- ovt-SDMP-Service-Discovery-Plugin.patch [RHEL-117388]
- Resolves: RHEL-117388
-  ([CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-8.10.z])
+* Thu Jun 12 2025 Jonathan Wright <jonathan@almalinux.org> - 12.5.0-1.alma.1
+- Fix CVE-2025-22247, VMSA-2025-0007

-* Wed Dec 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.3.5-2
- ovt-Restart-tools-on-failure.patch [RHEL-17683]
- Resolves: RHEL-17683
-  (Add Restart=on-failure to vmtoolsd.service [rhel-8])
+* Tue Dec 03 2024 Miroslav Rezanina <mrezanin@redhat.com> - 12.5.0-1
+- Rebase to 12.5.0 [RHEL-63096]
+- Resolves: RHEL-63096
+  ([ESXi][RHEL9] open-vm-tools version 12.5.0 has been released - please rebase)
+
+* Thu Sep 12 2024 Miroslav Rezanina <mrezanin@redhat.com> - 12.4.5-1
+- Rebase to 12.4.5 [RHEL-45547]
+- Resolves: RHEL-45547
+  ([ESXi][RHEL9] open-vm-tools version 12.4.5 has been released - please rebase)
+
+* Mon May 20 2024 Miroslav Rezanina <mrezanin@redhat.com> - 12.4.0-2
+- ovt-Require-dbus-tools.patch [RHEL-35543]
+- Resolves: RHEL-35543
+  ([ESXi][open-vm-tools]The open-vm-tools should depend on dbus-tools)
+
+* Thu Apr 18 2024 Miroslav Rezanina <mrezanin@redhat.com> - 12.4.0-1
+- Rebase to 12.4.0 [RHEL-30341
+- Resolves: RHEL-30341
+  ([ESXi][RHEL9]open-vm-tools version 12.4.0 has been released - please rebase)
+
+* Mon Dec 04 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.3.5-2
+- ovt-Restart-tools-on-failure.patch [RHEL-15346]
+- Resolves: RHEL-15346
+  (Add Restart=on-failure to vmtoolsd.service)

 * Thu Nov 09 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.3.5-1
- Rebase to 12.3.5 [RHEL-15059]
- Fix CVE-2023-34058 [RHEL-14649]
- Fix CVE-2023-34059 [RHEL-14683]
- Resolves: RHEL-15059
-  ([ESXi][RHEL8]open-vm-tools version 12.3.5 has been released - please rebase)
- Resolves: RHEL-14649
-  (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-8.10.0])
- Resolves: RHEL-14683
-  (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-8.10.0])
+- Rebase to 12.3.5-1 [RHEL-15058]
+- Fixed CVE-2023-34058 [RHEL-14653]
+- Fixed CVE-2023-34059 [RHEL-14687]
+- Resolves: RHEL-15058
+  ([ESXi][RHEL9]open-vm-tools version 12.3.5 has been released - please rebase)
+- Resolves: RHEL-14653
+  (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-9.4.0])
+- Resolves: RHEL-14687
+  (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-9.4.0])

-* Wed Sep 27 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.5-4
- ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-7012]
- Resolves: RHEL-7012
-  ([RHEL8.10][ESXi]Latest version of open-vm-tools breaks VM backups)
+* Fri Sep 22 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-3
+- ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-2446]
+- Resolves: RHEL-2446
+  ([RHEL9.3][ESXi]Latest version of open-vm-tools breaks VM backups)

-* Wed Sep 20 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-3
- Rebuild CVE-2023-20900 for 8.10
- Resolves: RHEL-4584
-  (CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-8.10.0])
+* Fri Sep 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-2
+- ovt-VGAuth-Allow-only-X509-certs-to-verify-the-SAML-toke.patch [bz#2236544]
+- Resolves: bz#2236544
+  (CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-9])

-* Tue Jul 11 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-1
- Rebase to open-vm-tools 12.2.5 [bz#2214861]
- Resolves: bz#2214861
-  ([ESXi][RHEL8]open-vm-tools version 12.2.5 has been released - please rebase)
- Resolves: bz#2216415
-  ([ESXi][RHEL8] URL in service unit files are started from http instead of https)
+* Mon Jul 10 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-1
+- Rebaer to open-vm-tools 12.2.5
+- Resolves: bz#2214862
+  ([ESXi][RHEL9]open-vm-tools version 12.2.5 has been released - please rebase)

-* Wed Jun 28 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.0-3
- ovt-Remove-some-dead-code.patch [bz#2215563]
- Resolves: bz#2215563
-  ([CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [rhel-8])
+* Tue Jun 27 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.0-3
+- ovt-Remove-some-dead-code.patch [bz#2215566]
+- Resolves: bz#2215566
+  ([CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [rhel-br-9])
+
+* Tue Jun 20 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.0-2
+- ovt-Use-https-instead-of-http-for-documentation-links.patch [bz#2208160]
+- Resolves: bz#2208160
+  ([ESXi][RHEL9] URL in service unit files are started from http instead of https)

 * Wed May 03 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.0-1
- Rebase to open-vm-tools 12.2.0 [bz#2177068]
- Resolves: bz#2177068
-  ([ESXi][RHEL8]open-vm-tools version 12.2.0 has been released - please rebase)
+- Rebase to open-vm-tools 12.2.0 [bz#2177086]
+- Resolves: bz#2177086
+  ([ESXi][RHEL9]open-vm-tools version 12.2.0 has been released - please rebase)

-* Fri Dec 09 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.5-1
- Rebase to open-vm-tools 12.1.5 [bz#2150188]
- Resolves: bz#2150188
-  (ESXi][RHEL8]Open-vm-tools release 12.1.5 has been released - please rebase)
+* Fri Dec 09 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.1.5-1
+- Rebase to open-vm-tools 12.1.5 [bz#2150190]
+- Resolves: bz#2150190
+  ([ESXi][RHEL9]Open-vm-tools release 12.1.5 has been released - please rebase)

-* Tue Sep 13 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.0-1
- Rebase to open-vm-tools 12.1.0
- Resolves: bz#2121196
-  ([ESXi][RHEL8]Open-vm-tools release 12.1.0 has been released - please rebase)
-
-* Tue Sep 06 2022 Jon Maloy <jmaloy@redhat.com> - 12.0.5-2
- ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119284]
- Resolves: bz#2119284
-  (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.7.0])
+* Fri Sep 09 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.1.0-1
+- Rebase to open-mv-tools 12.1.0 [bz#2121203]
+- Resolves: bz#2121203
+  ([ESXi][RHEL9]Open-vm-tools release 12.1.0 has been released - please rebase)

 * Tue Jun 07 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.0.5-1
- Rebase to open-vm-tools 12.0.5 [bz#2090273]
- Resolves: bz#2090273
-  ([ESXi][RHEL8]Open-vm-tools release 12.0.5 has been released - please rebase)
+- Rebase to open-vm-tools 12.0.5 [bz#2090275]
+- Resolves: bz#2090275
+  ([ESXi][RHEL9]Open-vm-tools release 12.0.5 has been released - please rebase)

 * Thu Apr 28 2022 Miroslav Rezanina <mrezanin@redhat.com> - 12.0.0-1
- Rebase to open-vm-tools 12.0.0 [bz#2061189]
- Resolves: bz#2061189
-  ([ESXi][RHEL8]Open-vm-tools release 12.0.0 has been released - please rebase)
+- Rebase to 12.0.0 [bz#2061193]
+- Resolves: bz#2061193
+  ([ESXi][RHEL9]Open-vm-tools release 12.0.0 has been released - please rebase)

-* Mon Oct 18 2021 Miroslav Rezanian <mrezanin@redhat.com> - 11.3.5-1
- Rebase to open-vm-tools 11.3.5 [bz#2008244]
- Resolves: bz#2008244
-  ([ESXi][RHEL8]Open-vm-tools release 11.3.5 has been released - please rebase)
+* Fri Oct 15 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.3.5-1
+- Rebase to 11.3.5 [bz#2008243]
+- Resolves: bz#2008243
+  ([ESXi][RHEL9]Open-vm-tools release 11.3.5 has been released - please rebase)

-* Thu Sep 23 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.3.0-1.el8
- Rebase to open-vm-tools 11.3.0 [bz#1974468]
- Resolves: bz#1974468
-  ([ESXi][RHEL8]Open-vm-tools release 11.3.0 has been released - please rebase)
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.3.0-2
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Thu Apr 29 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-2.el8
- ovt-Fix-a-memory-leak-reported-by-a-partner-from-their-C.patch [bz#1935807]
- Resolves: bz#1935807
-  ([ESXi][RHEL-8.5][open-vm-tools] Coverity detected an important defect in open-vm-tools-11.2.5 rebase)
+* Wed Jul 21 2021 Miroslav Rezanina <rezanin@redhat.com> - 11.3.0-1
+- Rebase to 11.3.0 [bz#1974471]
+- Resolves: bz#1974471
+  ([ESXi][RHEL9]Open-vm-tools release 11.3.0 has been released - please update for RHEL 9.0)

-* Tue Mar 02 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-1.el8
- Rebase to 11.2.5 [bz#1916561]
-  ([ESXi][RHEL8.5]Open-vm-tools update release 11.2.5 has been released)
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 11.2.5-5
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065

-* Tue Dec 01 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.0-2.el8
- ovt-Fix-memory-leaks.patch [bz#1896804]
- Resolves: bz#1896804
-  ([ESXi][open-vm-tools] Coverity detected important defects in open-vm-tools-11.2.0 rebase)
+* Tue May 11 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-4
+- ovt-Fix-a-memory-leak-reported-by-a-partner-from-their-C.patch [bz#1954040]
+- Resolves: bz#1954040
+  ([ESXi][RHEL9.0][open-vm-tools] Coverity detected an important defect in open-vm-tools-11.2.5 rebase)

-* Tue Nov 10 2020 Miroslav Rezanina <mrezanin@redaht.com> - 11.2.0-1.el8
- Rebase to 11.2.0 [bz#1890831]
- Resolves: bz#1890831
-  ([ESXi][RHEL8]Rebase open-vm-tools to 11.2.0 for 8.4)
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 11.2.5-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Wed Sep 30 2020 Miroslav Rezanina <mrezanin@redaht.com> - 11.1.5-1.el8
- Rebase to 11.1.5 [bz#1870781]
- Resolves: bz#1870781
-  ([ESXi][RHEL8]Rebase open-vm-tools to 11.1.5 for 8.4)
+* Fri Apr 09 2021 Miroslav Rezanina <mrezanin@redhat.com> - 11.2.5-2.el9
+- ovt-Fixes-necessary-to-build-open-vm-tools-with-newer-gt.patch [bz#1936382]
+- ovt-Update-spec-file-for-correct-build.patch [bz#1936382]
+- Resolves: bz#1936382
+  ([ESXi][RHEL-9][FTBS] open-vm-tools not working with newer gtk libraries)

-* Thu Jul 02 2020 Miroslav Rezanina <mrezanin@redaht.com> - 11.1.0-2.el8
- Remove net-tools dependency [bz#1849459]
- Resolves: bz#1849459
-  ([ESXi][RHEL8]Incorporate SDMP related fixes and removal of net-tools dependency)
+* Fri Jan 15 2021 Ravindra Kumar <ravindrakumar@vmware.com> - 11.2.5-1
+- Package new upstream version open-vm-tools-11.2.5-17337674.
+- libdnet dependency was removed in open-vm-tools 11.0.0. So,
+  removed the stale BuildRequires for libdnet.

-* Tue May 26 2020 Mirosalv Rezanina <mrezanin@redhat.com> - 11.1.0-1.el8
- Rebase to 11.1.0 [bz#1806677]
- Added open-vm-tools-sdmp package [bz#1833157)
- Resolves: bz#1806677
-  ([ESXi][RHEL8]Rebase open-vm-tools to 11.1.0 for RHEL 8.3)
- Resolves: bz#1833157
-  ([ESXi][RHEL8]Add new open-vm-tools-sdmp package for RHEL 8.3)
+* Thu Jan 14 2021 Richard W.M. Jones <rjones@redhat.com> - 11.2.0-2
+- Bump and rebuild against libdnet 1.14 (RHBZ#1915838).

-* Tue Apr 21 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.5-3.el8
- ovt-Fix-a-trivial-memory-leak-in-namespacetool.c.patch [bz#1811729]
- ovt-Update-copyright-to-reflect-previous-change.patch [bz#1811729]
- ovt-add-appinfo-plugin.patch [bz#1809751]
- Resolves: bz#1809751
-  ([ESXi][RHEL8.2.1]open-vm-tools add appinfo plugin patch)
- Resolves: bz#1811729
-  ([ESXi][RHEL8.2.1]open-vm-tools coverity scan issue)
+* Fri Nov 06 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.2.0-1
+- Package new upstream version open-vm-tools-11.2.0-16938113.

-* Wed Apr 08 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.5-1.el8
- Rebase to 11.0.5 (bz#1798285)
- Resolves: bz#1798285
-  ([ESXi][RHEL8.2.1]Rebase open-vm-tools to 11.0.5 for 8.2.1)
+* Fri Oct 30 2020 Jeff Law <law@redhat.com> - 11.1.5-2
+- Fix incorrect volatile exposed by gcc-11

-* Tue Feb 18 2020 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.0-4.el8
- ovt-Rectify-a-log-spew-in-vmsvc-logging-vmware-vmsvc-roo.patch [bz#1800812]
- Resolves: bz#1800812
-  ([ESXi][RHEL8]Log spew "[ warning] [guestinfo] GuestInfoGetDiskDevice: Missing disk device name)
+* Tue Sep 08 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.1.5-1
+- Package new upstream version open-vm-tools-11.1.5-16724464.
+- Removed gcc10-warning.patch and sdmp-fixes.patch (no longer needed).

-* Thu Dec 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.0-3.el8
- ovt-Address-Coverity-issues-reported-in-bora-lib-file-fi.patch [bz#1769881]
- ovt-Fix-a-potential-NULL-pointer-dereference-in-the-vmba.patch [bz#1769881]
- ovt-Address-two-Coverity-reported-issues-in-hostinfoPosi.patch [bz#1769881]
- ovt-Fix-a-resource-leak-issue-in-deployPkg.patch [bz#1769881]
- Resolves: bz#1769881
-  ([ESXi][RHEL8.2]Important issues found by covscan in "open-vm-tools-11.0.0-2.el8" package)
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

-* Mon Oct 14 2019 Miroslav Rezanina <mrezanin@redhat.com> - 11.0.0-1.el8
- Rebase to 11.0.0 [bz#1754658]
- Resolves: bz#1754658
-  (Rebase open-vm-tools to 11.0 for 8.2.0)
- Resolves: bz#1760891
-  (Need to backport some severe memory leak fixes from upstream)
+* Thu Jul 09 2020 Merlin Mathesius <mmathesi@redhat.com> - 11.1.0-3
+- Conditional fixes to build for ELN

-* Thu Aug 01 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.10-3.el8
- ovt-End-VGAuth-impersonation-in-the-case-of-error.patch [bz#1602648]
- ovt-Fix-memory-leak-in-GetFormattedCommandLine-function-.patch [bz#1602648]
- ovt-Fix-a-leak-if-VGAuth-setup-fails.-Coverity-issue.patch [bz#1602648]
- ovt-Fix-minor-leak-in-FileRotateByRenumber-Coverity-scan.patch [bz#1602648]
- ovt-Fix-memory-leak-in-SNEBuildHash-function.patch [bz#1602648]
- ovt-Fix-Coverity-reported-issues-in-i18n.c-code-VMTools-.patch [bz#1602648]
- ovt-Fix-a-memory-leak-in-the-unicode-library.patch [bz#1602648]
- ovt-Fix-a-trivial-Coverity-reported-memory-leak-in-vgaut.patch [bz#1602648]
- ovt-Fixes-for-few-leaks-and-improved-error-handling.patch [bz#1602648]
- ovt-Fix-Coverity-reported-double-memory-free-errors.patch [bz#1602648]
- ovt-Fix-a-trivial-Coverity-reported-memory-leak.patch [bz#1602648]
- ovt-Fix-RH-Covscan-Coverity-reported-memory-leaks-in-too.patch [bz#1602648]
- ovt-Fix-Using-uninitialized-value-issue-reported-by-Cove.patch [bz#1602648]
- ovt-copyPasteCompatX11.c-code-generating-unnecessary-Cov.patch [bz#1602648]
- ovt-Fix-a-Coverity-issue-reported-in-vgauth-serviceImpl-.patch [bz#1602648]
- ovt-Fix-two-coverity-issues-reported-by-a-customer.patch [bz#1602648]
- Resolves: bz#1602648
-  ([ESXi][RHEL8]Please review important issues found by covscan in "open-vm-tools-10.2.5-2.el8+7" package)
+* Sun Jun 21 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.1.0-2
+- Added sdmp-fixes.patch from upstream to remove net-tools dependency
+  and couple of important fixes

-* Tue Jun 04 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.10-2
- Rebase to 10.3.10 [bz#1702784]
- Resolves: bz#1702784
-  (Rebase open-vm-tools to 10.3.10)
+* Mon May 25 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.1.0-1
+- Package new upstream version open-vm-tools-11.1.0-16036546.
+- Added new open-vm-tools-sdmp package.
+- Workaround for vm-support script path is no longer needed.
+- Added missing dependencies for vm-support script.
+- Updated gcc10-warning.patch.
+- Removed gcc9-static-inline.patch and diskinfo-log-spew.patch that
+  are no longer needed.

-* Tue Jan 08 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.0-2.el8
- ovt-Enable-cloud-init-by-default-to-change-the-systemd-u.patch [bz#1660713]
- Resolves: bz#1660713
-  ([ESXi][RHEL8.0]Enable cloud-init by default to change the systemd unit file vmtoolsd.service)
+* Sun May 17 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-4
+- Updated PAM configuration file to follow configured authn scheme.

-* Tue Oct 16 2018 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.0-1
- Rebase to 10.3.0 [bz#1626578]
- Resolves: bz#1626578
-  ([ESXi][RHEL8]Rebase open-vm-tools to 10.3.0)
+* Tue Mar 24 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-3
+- Use /sbin/ldconfig on older than Fedora 28 and RHEL 8 platforms.

-* Mon May 14 2018 Miroslav Rezanina <mrezanin@redhat.com> - 10.2.5-2
- Updated RHEL version
- Resolves: bz#1527233
-  ([ESXi][RHEL7.5]Rebase open-vm-tools to 10.2.5)
+* Fri Feb 07 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-2
+- Added patch diskinfo-log-spew.patch.
+
+* Tue Feb 04 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.5-1
+- Package new upstream version open-vm-tools-11.0.5-15389592.
+- Removed vix-memleak.patch which is no longer needed.
+
+* Tue Feb 04 2020 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-6
+- Added gcc10-warning.patch for fixing compilation issues.
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.0.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Oct 09 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-4
+- Fixes for drag-n-drop that needs vmblock-fuse mount.
+- Added run-vmblock\x2dfuse.mount service unit for vmblock-fuse mount.
+- Added open-vm-tools.conf for loading Fuse.
+
+* Wed Oct 09 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-3
+- Cleanup GuestProxy certs from /etc/vmware-tools/GuestProxyData if needed.
+- Cleanup vmtoolsd-init service symlinks.
+
+* Wed Oct 02 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-2
+- vmtoolsd-init.service is no longer needed for 11.0.0, removed it.
+
+* Wed Oct 02 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 11.0.0-1
+- Package new upstream version open-vm-tools-11.0.0-14549434.
+- Added gcc9-static-inline.patch for gcc9 warnings.
+- Added vix-memleak.patch for a memory leak.
+- Removed gcc9-warnings.patch which is no longer needed.
+- Removed vmware-guestproxycerttool as it is no longer available upstream.
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 10.3.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Mar 16 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.10-1
+- Package new upstream version open-vm-tools-10.3.10-12406962.
+- Removed quiescing-combined.patch which is no longer needed.
+
+* Wed Feb 13 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.5-2
+- Combine all gcc9 warning patches into one single gcc9-warnings.patch.
+
+* Tue Feb 12 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.5-1
+- Package new upstream version open-vm-tools-10.3.5-10430147.
+- Removed cloud-init.patch which is no longer needed.
+- Removed hgfsPlugin-crash.patch which is no longer needed.
+- Removed linuxDeploymentUtils-strncat.patch which is no longer needed.
+- Added quiescing-combined.patch for quiesced snapshot fixes.
+- Updated hgfsServer-aligned.patch for open-vm-tools-10.3.5.
+
+* Tue Feb 12 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-8
+- Updated *-aligned.patch files with more tweaks.
+- Filed a regression in readdir operation in dir-aligned.patch.
+
+* Sun Feb 03 2019 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-7
+- Added hgfsServer-aligned.patch for "address-of-packed-member" error.
+- Added hgfsmounter-aligned.patch for "address-of-packed-member" error.
+- Added util-misc-format.patch for "format-overflow" error.
+- Added linuxDeploymentUtils-strncat.patch for "stringop-truncation" error.
+- Added filesystem-aligned.patch for "address-of-packed-member" error.
+- Added file-aligned.patch for "address-of-packed-member" error.
+- Added fsutil-aligned.patch for "address-of-packed-member" error.
+- Added dir-aligned.patch for "address-of-packed-member" error.
+- Added link-aligned.patch for "address-of-packed-member" error.
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 10.3.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Oct 01 2018 Simone Caronni <negativo17@gmail.com> - 10.3.0-5
+- Update SPEC file to match packaging guidelines.
+- Re-add ldconfig scriptlets. They expand to nothing in Fedora 28+, but they
+  are still required for Fedora 27. These can be removed when Fedora 27 is EOL.
+
+* Fri Aug 10 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-4
+- Fixed few bugs related to vmtoolsd-init.service.
+
+* Tue Aug 07 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-3
+- Implement the https://pagure.io/packaging-committee/issue/506 guideline.
+- Added vmtoolsd-init.service per the guideline.
+- Replaced the certificate cleanup with "vmware-guestproxycerttool -e".
+
+* Mon Aug 06 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-2
+- Added hgfsPlugin-crash.patch for vmtoolsd crash (RHBZ#1612470).
+
+* Thu Aug 02 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.3.0-1
+- Package new upstream version open-vm-tools-10.3.0-8931395.
+- Updated cloud-init.patch for 10.3.0.
+- Removed use-tirpc.patch which is no longer needed.
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 10.2.5-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jul 11 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.2.5-6
+- Added cloud-init.patch to detect cloud-init correctly.
+- Added cleanup for /etc/vmware-tools directory on uninstall.
+
+* Tue Jul 10 2018 Pete Walter <pwalter@fedoraproject.org> - 10.2.5-5
+- Rebuild for ICU 62
+
+* Thu Jul 05 2018 Richard W.M. Jones <rjones@redhat.com> - 10.2.5-4
+- Remove ldconfig
+  https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/SU3LJVDZ7LUSJGZR5MS72BMRAFP3PQQL/
+
+* Tue May 15 2018 Pete Walter <pwalter@fedoraproject.org> - 10.2.5-3
+- Rebuild for ICU 61.1

 * Wed May 09 2018 Ravindra Kumar <ravindrakumar@vmware.com> - 10.2.5-2
 - Use tirpc for Fedora 28 onwards.