diff --git a/.gitignore b/.gitignore index 37bb939..7e4186b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/open-vm-tools-11.3.5-18557794.tar.gz +SOURCES/open-vm-tools-12.0.5-19716617.tar.gz diff --git a/.open-vm-tools.metadata b/.open-vm-tools.metadata index e208044..1a5a185 100644 --- a/.open-vm-tools.metadata +++ b/.open-vm-tools.metadata @@ -1 +1 @@ -f6990193579d96a04bfec6f09e93e0164deef71e SOURCES/open-vm-tools-11.3.5-18557794.tar.gz +dcdc35708fae2e3e3192fec7e6a93c7b5c0e3c4c SOURCES/open-vm-tools-12.0.5-19716617.tar.gz diff --git a/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch b/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch index 9eca918..b4e9ae8 100644 --- a/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch +++ b/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch @@ -1,17 +1,17 @@ -From 78c066aa4912d8ccea958dffc39a73667c9979c6 Mon Sep 17 00:00:00 2001 +From c8e1e5c668ead319b7a91a3a3d7decb114c5daef Mon Sep 17 00:00:00 2001 From: Cathy Avery Date: Mon, 29 Aug 2022 12:50:45 -0400 Subject: [PATCH] Properly check authorization on incoming guestOps requests. RH-Author: Cathy Avery -RH-MergeRequest: 11: Properly check authorization on incoming guestOps requests. -RH-Bugzilla: 2119283 +RH-MergeRequest: 12: Properly check authorization on incoming guestOps requests. +RH-Bugzilla: 2119284 RH-Acked-by: Mohamed Gamal Morsy RH-Acked-by: Miroslav Rezanina RH-Acked-by: Vitaly Kuznetsov -RH-Commit: [1/1] 546959f6b3546cc19ff844041ff363ea46793d6c -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2119283 -Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=47491717 +RH-Commit: [1/1] d2f10cdcba9d606492f371790c3a0be5b8ce965c +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2119284 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=47492094 Tested: Tested by QE Upstream Status: origin/master Conflicts: None @@ -27,7 +27,7 @@ Conflicts: None Signed-off-by: Cathy Avery --- - vgauth/serviceImpl/proto.c | 6 +++++- + open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec index 9edd5e6..21aa3ad 100644 --- a/SPECS/open-vm-tools.spec +++ b/SPECS/open-vm-tools.spec @@ -19,9 +19,9 @@ ################################################################################ %global _hardened_build 1 -%global majorversion 11.3 +%global majorversion 12.0 %global minorversion 5 -%global toolsbuild 18557794 +%global toolsbuild 19716617 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -32,7 +32,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 1%{?dist}.1 +Release: 2%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware License: GPLv2 URL: https://github.com/vmware/%{name} @@ -44,7 +44,7 @@ Source3: run-vmblock\x2dfuse.mount Source4: open-vm-tools.conf Source5: vmtoolsd.pam -# For bz#2119283 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.6.0.z] +# For bz#2119284 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.7.0] Patch1: ovt-Properly-check-authorization-on-incoming-guestOps-re.patch %if 0%{?rhel} >= 7 @@ -144,6 +144,15 @@ This package contains only the user-space programs and utility scripts of %{name} that are essential for performing service discovery in VMware virtual machines by vRealize Operations Service Discovery Management Pack. +%package salt-minion +Summary: Script file to install/uninstall salt-minion +Group: System Environment/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release}, systemd, curl, coreutils, gawk, grep +ExclusiveArch: x86_64 + +%description salt-minion +This package contains a script to setup Salt Minion on VMware virtual machines. + %package devel Summary: Development libraries for Open Virtual Machine Tools Requires: %{name}%{?_isa} = %{version}-%{release} @@ -173,6 +182,9 @@ autoreconf -vif --enable-xmlsec1 \ --enable-resolutionkms \ --enable-servicediscovery \ +%ifarch x86_64 + --enable-salt-minion \ +%endif %if 0%{?fedora} || 0%{?rhel} >= 8 --with-tirpc \ --without-gtk2 \ @@ -347,6 +359,7 @@ fi %{_libdir}/%{name}/plugins/common/*.so %dir %{_libdir}/%{name}/plugins/vmsvc %{_libdir}/%{name}/plugins/vmsvc/libappInfo.so +%{_libdir}/%{name}/plugins/vmsvc/libcomponentMgr.so %{_libdir}/%{name}/plugins/vmsvc/libdeployPkgPlugin.so %{_libdir}/%{name}/plugins/vmsvc/libgdp.so %{_libdir}/%{name}/plugins/vmsvc/libguestInfo.so @@ -375,6 +388,13 @@ fi %{_libdir}/%{name}/plugins/vmsvc/libserviceDiscovery.so %{_libdir}/%{name}/serviceDiscovery +%ifarch x86_64 +%files salt-minion +%dir %{_libdir}/%{name}/componentMgr/ +%dir %{_libdir}/%{name}/componentMgr/saltMinion/ +%{_libdir}/%{name}/componentMgr/saltMinion/svtminion.sh +%endif + %files devel %doc docs/api/build/* %exclude %{_includedir}/libDeployPkg/ @@ -391,12 +411,22 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog -* Fri Sep 02 2022 Jon Maloy - 11.3.5-1.el8_6.1 -- ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119283] -- Resolves: bz#2119283 - (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.6.0.z]) - -* Mon Oct 18 2021 Miroslav Rezanian - 11.3.5-1.el9 +* Tue Sep 06 2022 Jon Maloy - 12.0.5-2 +- ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119284] +- Resolves: bz#2119284 + (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.7.0]) + +* Tue Jun 07 2022 Miroslav Rezanina - 12.0.5-1 +- Rebase to open-vm-tools 12.0.5 [bz#2090273] +- Resolves: bz#2090273 + ([ESXi][RHEL8]Open-vm-tools release 12.0.5 has been released - please rebase) + +* Thu Apr 28 2022 Miroslav Rezanina - 12.0.0-1 +- Rebase to open-vm-tools 12.0.0 [bz#2061189] +- Resolves: bz#2061189 + ([ESXi][RHEL8]Open-vm-tools release 12.0.0 has been released - please rebase) + +* Mon Oct 18 2021 Miroslav Rezanian - 11.3.5-1 - Rebase to open-vm-tools 11.3.5 [bz#2008244] - Resolves: bz#2008244 ([ESXi][RHEL8]Open-vm-tools release 11.3.5 has been released - please rebase)