Import from AlmaLinux stable repository

.gitignore

@@ -1 +1 @@
-SOURCES/open-vm-tools-12.0.5-19716617.tar.gz
+SOURCES/open-vm-tools-12.3.5-22544099.tar.gz

.open-vm-tools.metadata

@@ -1 +0,0 @@
-dcdc35708fae2e3e3192fec7e6a93c7b5c0e3c4c SOURCES/open-vm-tools-12.0.5-19716617.tar.gz

SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch

@@ -1,57 +0,0 @@
-From c8e1e5c668ead319b7a91a3a3d7decb114c5daef Mon Sep 17 00:00:00 2001
-From: Cathy Avery <cavery@redhat.com>
-Date: Mon, 29 Aug 2022 12:50:45 -0400
-Subject: [PATCH] Properly check authorization on incoming guestOps requests.
-
-RH-Author: Cathy Avery <cavery@redhat.com>
-RH-MergeRequest: 12: Properly check authorization on incoming guestOps requests.
-RH-Bugzilla: 2119284
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Commit: [1/1] d2f10cdcba9d606492f371790c3a0be5b8ce965c
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2119284
-Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=47492094
-Tested: Tested by QE
-Upstream Status: origin/master
-Conflicts: None
-
-    commit 70a74758bfe0042c27f15ce590fb21a2bc54d745
-    Author: John Wolfe <jwolfe@vmware.com>
-    Date:   Sun Aug 21 07:56:49 2022 -0700
-
-    Properly check authorization on incoming guestOps requests.
-
-    Fix public pipe request checks.  Only a SessionRequest type should
-    be accepted on the public pipe.
-
-Signed-off-by: Cathy Avery <cavery@redhat.com>
----
- open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c
-index db7159ee..6c672601 100644
---- a/open-vm-tools/vgauth/serviceImpl/proto.c
-+++ b/open-vm-tools/vgauth/serviceImpl/proto.c
-@@ -1,5 +1,5 @@
- /*********************************************************
-- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved.
-+ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved.
-  *
-  * This program is free software; you can redistribute it and/or modify it
-  * under the terms of the GNU Lesser General Public License as published
-@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn,
-    VGAuthError err;
-    gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn);
- 
-+   if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) {
-+      return VGAUTH_E_PERMISSION_DENIED;
-+   }
-+
-    switch (req->reqType) {
-       /*
-        * This comes over the public connection; alwsys let it through.
--- 
-2.35.3
-

SOURCES/vgauthd.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=VGAuth Service for open-vm-tools
-Documentation=http://github.com/vmware/open-vm-tools
+Documentation=https://github.com/vmware/open-vm-tools
 ConditionVirtualization=vmware
 PartOf=vmtoolsd.service
 

SOURCES/vmtoolsd.service

@@ -1,15 +1,18 @@
 [Unit]
 Description=Service for virtual machines hosted on VMware
-Documentation=http://github.com/vmware/open-vm-tools
+Documentation=https://github.com/vmware/open-vm-tools
 ConditionVirtualization=vmware
 Requires=vgauthd.service
 After=vgauthd.service
 DefaultDependencies=no
 Before=cloud-init-local.service
+StartLimitIntervalSec=30
+StartLimitBurst=3
 
 [Service]
 ExecStart=/usr/bin/vmtoolsd
 TimeoutStopSec=5
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target

SPECS/open-vm-tools.spec

@@ -1,5 +1,5 @@
 ################################################################################
-### Copyright 2013-2021 VMware, Inc.  All rights reserved.
+### Copyright 2013-2023 VMware, Inc.  All rights reserved.
 ###
 ### RPM SPEC file for building open-vm-tools packages.
 ###
@@ -19,9 +19,9 @@
 ################################################################################
 
 %global _hardened_build 1
-%global majorversion    12.0
+%global majorversion    12.3
 %global minorversion    5
-%global toolsbuild      19716617
+%global toolsbuild      22544099
 %global toolsversion    %{majorversion}.%{minorversion}
 %global toolsdaemon     vmtoolsd
 %global vgauthdaemon    vgauthd
@@ -44,8 +44,6 @@ Source3:          run-vmblock\x2dfuse.mount
 Source4:          open-vm-tools.conf
 Source5:          vmtoolsd.pam
 
-# For bz#2119284 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.7.0]
-Patch1: ovt-Properly-check-authorization-on-incoming-guestOps-re.patch
 
 %if 0%{?rhel} >= 7
 ExclusiveArch:    x86_64
@@ -53,6 +51,7 @@ ExclusiveArch:    x86_64
 ExclusiveArch:    %{ix86} x86_64 aarch64
 %endif
 
+# Patch0: name.patch
 
 BuildRequires:    autoconf
 BuildRequires:    automake
@@ -88,7 +87,7 @@ BuildRequires:    gtk3-devel >= 3.10.0
 BuildRequires:    gtkmm30-devel >= 3.10.0
 BuildRequires:    libtirpc-devel
 BuildRequires:    rpcgen
-BuildRequires:    systemd-rpm-macros
+BuildRequires:    systemd-udev
 %else
 BuildRequires:    gtk2-devel >= 2.4.0
 BuildRequires:    gtkmm24-devel
@@ -411,6 +410,59 @@ fi
 %{_bindir}/vmware-vgauth-smoketest
 
 %changelog
+* Wed Dec 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.3.5-2
+- ovt-Restart-tools-on-failure.patch [RHEL-17683]
+- Resolves: RHEL-17683
+  (Add Restart=on-failure to vmtoolsd.service [rhel-8])
+
+* Thu Nov 09 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.3.5-1
+- Rebase to 12.3.5 [RHEL-15059]
+- Fix CVE-2023-34058 [RHEL-14649]
+- Fix CVE-2023-34059 [RHEL-14683]
+- Resolves: RHEL-15059
+  ([ESXi][RHEL8]open-vm-tools version 12.3.5 has been released - please rebase)
+- Resolves: RHEL-14649
+  (CVE-2023-34058 open-vm-tools: SAML token signature bypass [rhel-8.10.0])
+- Resolves: RHEL-14683
+  (CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper [rhel-8.10.0])
+
+* Wed Sep 27 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.5-4
+- ovt-Provide-alternate-method-to-allow-expected-pre-froze.patch [RHEL-7012]
+- Resolves: RHEL-7012
+  ([RHEL8.10][ESXi]Latest version of open-vm-tools breaks VM backups)
+
+* Wed Sep 20 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-3
+- Rebuild CVE-2023-20900 for 8.10
+- Resolves: RHEL-4584
+  (CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-8.10.0])
+
+* Tue Jul 11 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.5-1
+- Rebase to open-vm-tools 12.2.5 [bz#2214861]
+- Resolves: bz#2214861
+  ([ESXi][RHEL8]open-vm-tools version 12.2.5 has been released - please rebase)
+- Resolves: bz#2216415
+  ([ESXi][RHEL8] URL in service unit files are started from http instead of https)
+
+* Wed Jun 28 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.0-3
+- ovt-Remove-some-dead-code.patch [bz#2215563]
+- Resolves: bz#2215563
+  ([CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [rhel-8])
+
+* Wed May 03 2023 Miroslav Rezanina <mrezanin@redhat.com> - 12.2.0-1
+- Rebase to open-vm-tools 12.2.0 [bz#2177068]
+- Resolves: bz#2177068
+  ([ESXi][RHEL8]open-vm-tools version 12.2.0 has been released - please rebase)
+
+* Fri Dec 09 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.5-1
+- Rebase to open-vm-tools 12.1.5 [bz#2150188]
+- Resolves: bz#2150188
+  (ESXi][RHEL8]Open-vm-tools release 12.1.5 has been released - please rebase)
+
+* Tue Sep 13 2022 Miroslav Rezanina <mrezanin@redhat.com> 12.1.0-1
+- Rebase to open-vm-tools 12.1.0
+- Resolves: bz#2121196
+  ([ESXi][RHEL8]Open-vm-tools release 12.1.0 has been released - please rebase)
+
 * Tue Sep 06 2022 Jon Maloy <jmaloy@redhat.com> - 12.0.5-2
 - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119284]
 - Resolves: bz#2119284