diff --git a/.gitignore b/.gitignore index 8a2e58d..c32c619 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/open-vm-tools-10.3.0-8931395.tar.gz +SOURCES/open-vm-tools-10.3.10-12406962.tar.gz diff --git a/.open-vm-tools.metadata b/.open-vm-tools.metadata index 8e6b47c..55389fd 100644 --- a/.open-vm-tools.metadata +++ b/.open-vm-tools.metadata @@ -1 +1 @@ -236d8159882ab2663043232a59f84eba144d0345 SOURCES/open-vm-tools-10.3.0-8931395.tar.gz +4f5fcf3f098aaddd3da24caa772575505e286ed7 SOURCES/open-vm-tools-10.3.10-12406962.tar.gz diff --git a/SOURCES/0002-Fix-RELRO-flag.patch b/SOURCES/0002-Fix-RELRO-flag.patch new file mode 100644 index 0000000..429f493 --- /dev/null +++ b/SOURCES/0002-Fix-RELRO-flag.patch @@ -0,0 +1,110 @@ +From 7c204ac55d3e4e86b7ebaf3e83b18da565e2a384 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Fri, 1 Mar 2019 09:46:11 +0100 +Subject: Fix RELRO flag + +RH-Author: Miroslav Rezanina +Message-id: <1551433571-31547-1-git-send-email-mrezanin@redhat.com> +Patchwork-id: 84750 +O-Subject: [RHEL-7.7 open-vm-tools PATCH] Fix RELRO flag +Bugzilla: 1678576 +RH-Acked-by: Cathy Avery +RH-Acked-by: Richard Jones + +From: Miroslav Rezanina + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1678576 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20410856 +Upstream: n/a + +rpmdiff for 10.3.0 based open-vm-tools reports partial RELRO on several binaries. +This patch ensure proper hardening is used and files have full RELRO flag. + +Signed-off-by: Miroslav Rezanina +Signed-off-by: Miroslav Rezanina +--- + open-vm-tools/configure.ac | 2 +- + open-vm-tools/libDeployPkg/Makefile.am | 2 +- + open-vm-tools/libguestlib/Makefile.am | 2 +- + open-vm-tools/libhgfs/Makefile.am | 2 +- + open-vm-tools/libvmtools/Makefile.am | 2 +- + open-vm-tools/vgauth/lib/Makefile.am | 2 +- + 6 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index fe671ce..eaff8c9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1523,7 +1523,7 @@ VMTOOLS_LIBS="$BUILDDIR/libvmtools/libvmtools.la $GLIB2_LIBS" + VMTOOLS_CPPFLAGS="-DVMTOOLS_USE_GLIB $GLIB2_CPPFLAGS" + + PLUGIN_CPPFLAGS="$VMTOOLS_CPPFLAGS $PLUGIN_CPPFLAGS" +-PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version" ++PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version -Wl,-z,relro,-z,now" + + # Installation directories for core services plugins. + TEST_PLUGIN_INSTALLDIR=$datadir/open-vm-tools/tests +diff --git a/libDeployPkg/Makefile.am b/libDeployPkg/Makefile.am +index b4d5c9d..f4e8f8b 100644 +--- a/libDeployPkg/Makefile.am ++++ b/libDeployPkg/Makefile.am +@@ -39,7 +39,7 @@ libDeployPkg_la_SOURCES += linuxDeploymentUtilities.h + libDeployPkg_la_LDFLAGS = + # We require GCC, so we're fine passing compiler-specific flags. + # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD +-libDeployPkg_la_LDFLAGS += -Wl,-lc ++libDeployPkg_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now + + libDeployPkg_includedir = $(includedir)/libDeployPkg + +diff --git a/libguestlib/Makefile.am b/libguestlib/Makefile.am +index 5181409..a21a3ff 100644 +--- a/libguestlib/Makefile.am ++++ b/libguestlib/Makefile.am +@@ -32,7 +32,7 @@ libguestlib_la_SOURCES += vmGuestLib.c + libguestlib_la_LDFLAGS = + # We require GCC, so we're fine passing compiler-specific flags. + # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD +-libguestlib_la_LDFLAGS += -Wl,-lc ++libguestlib_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now + + libguestlib_includedir = $(includedir)/vmGuestLib + +diff --git a/libhgfs/Makefile.am b/libhgfs/Makefile.am +index 7609145..50573ee 100644 +--- a/libhgfs/Makefile.am ++++ b/libhgfs/Makefile.am +@@ -41,5 +41,5 @@ libhgfs_la_LDFLAGS = + libhgfs_la_LDFLAGS += -Wl,-z,defs + # Needed for OS's that don't link shared libraries against libc by + #default, e.g. FreeBSD +-libhgfs_la_LDFLAGS += -Wl,-lc ++libhgfs_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now + +diff --git a/libvmtools/Makefile.am b/libvmtools/Makefile.am +index 1971942..6a4ca74 100644 +--- a/libvmtools/Makefile.am ++++ b/libvmtools/Makefile.am +@@ -91,5 +91,5 @@ libvmtools_la_LDFLAGS = + libvmtools_la_LDFLAGS += -Wl,-z,defs + # Needed for OS's that don't link shared libraries against libc by + #default, e.g. FreeBSD +-libvmtools_la_LDFLAGS += -Wl,-lc ++libvmtools_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now + +diff --git a/vgauth/lib/Makefile.am b/vgauth/lib/Makefile.am +index bce97aa..6c0c265 100644 +--- a/vgauth/lib/Makefile.am ++++ b/vgauth/lib/Makefile.am +@@ -59,7 +59,7 @@ libvgauth_la_LDFLAGS = + libvgauth_la_LDFLAGS += -Wl,-z,defs + # Needed for OS's that don't link shared libraries against libc by + #default, e.g. FreeBSD +-libvgauth_la_LDFLAGS += -Wl,-lc ++libvgauth_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now + + # Message catalogs. + install-data-hook: +-- +1.8.3.1 + diff --git a/SOURCES/0002-Update-cloud-init-handling.patch b/SOURCES/0002-Update-cloud-init-handling.patch deleted file mode 100644 index 59ce6dc..0000000 --- a/SOURCES/0002-Update-cloud-init-handling.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 266e578b8480d520ecb694bd1f9dfaf88c1febc7 Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Tue, 16 Oct 2018 07:20:56 +0200 -Subject: Update cloud-init handling - -This update of cloud-init changes for 10.3.0. ---- - open-vm-tools/libDeployPkg/linuxDeployment.c | 57 ++++++++++++++-------- - .../libDeployPkg/linuxDeploymentUtilities.c | 3 +- - 2 files changed, 38 insertions(+), 22 deletions(-) - -diff --git a/libDeployPkg/linuxDeployment.c b/libDeployPkg/linuxDeployment.c -index 996f184..34c8b95 100644 ---- a/libDeployPkg/linuxDeployment.c -+++ b/libDeployPkg/linuxDeployment.c -@@ -139,7 +139,7 @@ static bool CopyFileToDirectory(const char* srcPath, const char* destPath, - const char* fileName); - static DeployPkgStatus Deploy(const char* pkgName); - static char** GetFormattedCommandLine(const char* command); --int ForkExecAndWaitCommand(const char* command); -+int ForkExecAndWaitCommand(const char* command, bool ignoreStdErr); - static void SetDeployError(const char* format, ...); - static const char* GetDeployError(void); - static void NoLogging(int level, const char* fmtstr, ...); -@@ -920,7 +920,7 @@ CloudInitSetup(const char *tmpDirPath) - "/bin/mkdir -p %s", cloudInitTmpDirPath); - command[sizeof(command) - 1] = '\0'; - -- forkExecResult = ForkExecAndWaitCommand(command); -+ forkExecResult = ForkExecAndWaitCommand(command, false); - if (forkExecResult != 0) { - SetDeployError("Error creating %s dir: %s", - cloudInitTmpDirPath, -@@ -937,7 +937,7 @@ CloudInitSetup(const char *tmpDirPath) - "/usr/bin/test -f %s/nics.txt", tmpDirPath); - command[sizeof(command) - 1] = '\0'; - -- forkExecResult = ForkExecAndWaitCommand(command); -+ forkExecResult = ForkExecAndWaitCommand(command, false); - - /* - * /usr/bin/test -f returns 0 if the file exists -@@ -946,7 +946,7 @@ CloudInitSetup(const char *tmpDirPath) - */ - if (forkExecResult == 0) { - sLog(log_info, "nics.txt file exists. Copying.."); -- if(!CopyFileToDirectory(tmpDirPath, cloudInitTmpDirPath, "nics.txt")) { -+ if (!CopyFileToDirectory(tmpDirPath, cloudInitTmpDirPath, "nics.txt")) { - goto done; - } - } -@@ -973,7 +973,7 @@ CloudInitSetup(const char *tmpDirPath) - } - - sLog(log_info, "Copying main configuration file cust.cfg"); -- if(!CopyFileToDirectory(tmpDirPath, cloudInitTmpDirPath, "cust.cfg")) { -+ if (!CopyFileToDirectory(tmpDirPath, cloudInitTmpDirPath, "cust.cfg")) { - goto done; - } - -@@ -992,7 +992,7 @@ done: - "/bin/rm -rf %s", - cloudInitTmpDirPath); - command[sizeof(command) - 1] = '\0'; -- ForkExecAndWaitCommand(command); -+ ForkExecAndWaitCommand(command, false); - } - sLog(log_error, "Setting generic error status in vmx. \n"); - SetCustomizationStatusInVmx(TOOLSDEPLOYPKG_RUNNING, -@@ -1016,7 +1016,7 @@ CopyFileToDirectory(const char* srcPath, const char* destPath, - snprintf(command, sizeof(command), "/bin/cp %s/%s %s/%s.tmp", srcPath, - fileName, destPath, fileName); - command[sizeof(command) - 1] = '\0'; -- forkExecResult = ForkExecAndWaitCommand(command); -+ forkExecResult = ForkExecAndWaitCommand(command, false); - if (forkExecResult != 0) { - SetDeployError("Error while copying file %s: %s", fileName, - strerror(errno)); -@@ -1026,7 +1026,7 @@ CopyFileToDirectory(const char* srcPath, const char* destPath, - fileName, destPath, fileName); - command[sizeof(command) - 1] = '\0'; - -- forkExecResult = ForkExecAndWaitCommand(command); -+ forkExecResult = ForkExecAndWaitCommand(command, false); - if (forkExecResult != 0) { - SetDeployError("Error while renaming temp file %s: %s", fileName, - strerror(errno)); -@@ -1090,7 +1090,7 @@ UseCloudInitWorkflow(const char* dirPath) - sLog(log_info, "cust.cfg is found in '%s' directory.", dirPath); - } - -- forkExecResult = ForkExecAndWaitCommand(cloudInitCommand); -+ forkExecResult = ForkExecAndWaitCommand(cloudInitCommand, true); - if (forkExecResult != 0) { - sLog(log_info, "cloud-init is not installed"); - free(cfgFullPath); -@@ -1194,7 +1194,7 @@ Deploy(const char* packageName) - deployPkgStatus = CloudInitSetup(tmpDirPath); - } else { - sLog(log_info, "Executing traditional GOSC workflow"); -- deploymentResult = ForkExecAndWaitCommand(command); -+ deploymentResult = ForkExecAndWaitCommand(command, false); - free(command); - - if (deploymentResult != CUST_SUCCESS) { -@@ -1260,7 +1260,7 @@ Deploy(const char* packageName) - strcat(cleanupCommand, tmpDirPath); - - sLog(log_info, "Launching cleanup. \n"); -- if (ForkExecAndWaitCommand(cleanupCommand) != 0) { -+ if (ForkExecAndWaitCommand(cleanupCommand, false) != 0) { - sLog(log_warning, "Error while clean up tmp directory %s: (%s)", - tmpDirPath, strerror (errno)); - } -@@ -1289,7 +1289,7 @@ Deploy(const char* packageName) - int rebootComandResult = 0; - do { - sLog(log_info, "Rebooting\n"); -- rebootComandResult = ForkExecAndWaitCommand("/sbin/telinit 6"); -+ rebootComandResult = ForkExecAndWaitCommand("/sbin/telinit 6", false); - sleep(1); - } while (rebootComandResult == 0); - sLog(log_error, "telinit returned error %d\n", rebootComandResult); -@@ -1499,12 +1499,13 @@ GetFormattedCommandLine(const char* command) - * Fork off the command and wait for it to finish. Classical Linux/Unix - * fork-and-exec. - * -- * @param [IN] command Command to execute -+ * @param [IN] command Command to execute -+ * @param [IN] ignoreStdErr If we ignore stderr when cmd's return code is 0 - * @return Return code from the process (or -1) - * - **/ - int --ForkExecAndWaitCommand(const char* command) -+ForkExecAndWaitCommand(const char* command, bool ignoreStdErr) - { - ProcessHandle hp; - int retval; -@@ -1522,14 +1523,30 @@ ForkExecAndWaitCommand(const char* command) - - Process_RunToComplete(hp, 100); - sLog(log_info, "Customization command output: %s\n", Process_GetStdout(hp)); -- -- if(Process_GetExitCode(hp) == 0 && strlen(Process_GetStderr(hp)) > 0) { -- // Assume command failed if it wrote to stderr, even if exitCode is 0 -- sLog(log_error, "Customization command failed: %s\n", Process_GetStderr(hp)); -- retval = -1; -+ retval = Process_GetExitCode(hp); -+ -+ if (retval == 0) { -+ if (strlen(Process_GetStderr(hp)) > 0) { -+ if (!ignoreStdErr) { -+ // Assume command failed if it wrote to stderr, even if exitCode is 0 -+ sLog(log_error, -+ "Customization command failed with stderr: %s\n", -+ Process_GetStderr(hp)); -+ retval = -1; -+ } else { -+ // If we choose to ignore stderr, we do not return -1 when return -+ // code is 0. e.g, PR2148977, "cloud-init -v" will return 0 -+ // even there is output in stderr -+ sLog(log_info, "Ignoring stderr output: %s\n", Process_GetStderr(hp)); -+ } -+ } - } else { -- retval = Process_GetExitCode(hp); -+ sLog(log_error, -+ "Customization command failed with exitcode: %d, stderr: %s\n", -+ retval, -+ Process_GetStderr(hp)); - } -+ - Process_Destroy(hp); - return retval; - } -diff --git a/libDeployPkg/linuxDeploymentUtilities.c b/libDeployPkg/linuxDeploymentUtilities.c -index 83f942d..93e1b0a 100644 ---- a/libDeployPkg/linuxDeploymentUtilities.c -+++ b/libDeployPkg/linuxDeploymentUtilities.c -@@ -1,5 +1,5 @@ - /********************************************************* -- * Copyright (C) 2016-2017 VMware, Inc. All rights reserved. -+ * Copyright (C) 2016-2018 VMware, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published -@@ -24,7 +24,6 @@ - #include - #include "linuxDeploymentUtilities.h" - --extern int ForkExecAndWaitCommand(const char* command); - extern LogFunction sLog; - - /** --- -1.8.3.1 - diff --git a/SOURCES/0003-hgfsPlugin-crash-fix.patch b/SOURCES/0003-hgfsPlugin-crash-fix.patch deleted file mode 100644 index e5d2af1..0000000 --- a/SOURCES/0003-hgfsPlugin-crash-fix.patch +++ /dev/null @@ -1,30 +0,0 @@ -From d415faf0c4aaad8d8ea7b5ffeb225965e30a4628 Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Tue, 16 Oct 2018 07:22:40 +0200 -Subject: hgfsPlugin crash fix - ---- - open-vm-tools/services/plugins/hgfsServer/hgfsPlugin.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/services/plugins/hgfsServer/hgfsPlugin.c b/services/plugins/hgfsServer/hgfsPlugin.c -index c5ef872..129fa75 100644 ---- a/services/plugins/hgfsServer/hgfsPlugin.c -+++ b/services/plugins/hgfsServer/hgfsPlugin.c -@@ -1090,6 +1090,13 @@ ToolsOnLoad(ToolsAppCtx *ctx) - } - - /* -+ * If not running in a VMware VM, return NULL to disable the plugin. -+ */ -+ if (!ctx->isVMware) { -+ return NULL; -+ } -+ -+ /* - * Check for VM is running in a hosted environment and if so initialize - * the Shared Folders HGFS client redirector. - */ --- -1.8.3.1 - diff --git a/SOURCES/ovt-End-VGAuth-impersonation-in-the-case-of-error.patch b/SOURCES/ovt-End-VGAuth-impersonation-in-the-case-of-error.patch new file mode 100644 index 0000000..826ab29 --- /dev/null +++ b/SOURCES/ovt-End-VGAuth-impersonation-in-the-case-of-error.patch @@ -0,0 +1,112 @@ +From b80da5a181c50c3aae682166f8f39b2cf3fdec80 Mon Sep 17 00:00:00 2001 +From: Cathy Avery +Date: Fri, 25 Oct 2019 15:34:04 +0200 +Subject: [PATCH 2/3] End VGAuth impersonation in the case of error. + +RH-Author: Cathy Avery +Message-id: <20191025153405.10241-3-cavery@redhat.com> +Patchwork-id: 91966 +O-Subject: [RHEL7.8 open-vm-tools PATCH v2 2/3] End VGAuth impersonation in the case of error. +Bugzilla: 1760625 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Miroslav Rezanina + +commit 7b874f37f970aab2adddb063a8363594f47abf70 +Author: Oliver Kurth +Date: Tue Sep 4 15:40:58 2018 -0700 + + End VGAuth impersonation in the case of error. + + * In GuestAuthPasswordAuthenticateImpersonate(): + When VGAuth_UserHandleAccessToken fails, unimpersonation is not + being done. This can cause issues. Fixed it. + + * In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues: + The 'newHandle' is not being freed which causes a memory leak. + When VGAuth_UserHandleAccessToken fails, unimpersonation is not + being done. + +Signed-off-by: Cathy Avery +Signed-off-by: Miroslav Rezanina +--- + services/plugins/vix/vixTools.c | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c +index 4436944..00b40b1 100644 +--- a/services/plugins/vix/vixTools.c ++++ b/services/plugins/vix/vixTools.c +@@ -11550,6 +11550,7 @@ GuestAuthPasswordAuthenticateImpersonate( + VGAuthError vgErr; + VGAuthUserHandle *newHandle = NULL; + VGAuthExtraParams extraParams[1]; ++ Bool impersonated = FALSE; + + extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; + extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE; +@@ -11585,6 +11586,8 @@ GuestAuthPasswordAuthenticateImpersonate( + goto done; + } + ++ impersonated = TRUE; ++ + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it + vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); +@@ -11604,6 +11607,10 @@ done: + Util_ZeroFreeString(password); + + if (VIX_OK != err) { ++ if (impersonated) { ++ vgErr = VGAuth_EndImpersonation(ctx); ++ ASSERT(vgErr == VGAUTH_E_OK); ++ } + VGAuth_UserHandleFree(newHandle); + newHandle = NULL; + } +@@ -11638,12 +11645,13 @@ GuestAuthSAMLAuthenticateAndImpersonate( + { + #if SUPPORT_VGAUTH + VixError err; +- char *token; +- char *username; ++ char *token = NULL; ++ char *username = NULL; + VGAuthContext *ctx = NULL; + VGAuthError vgErr; + VGAuthUserHandle *newHandle = NULL; + VGAuthExtraParams extraParams[1]; ++ Bool impersonated = FALSE; + + extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; + extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE; +@@ -11735,6 +11743,8 @@ impersonate: + goto done; + } + ++ impersonated = TRUE; ++ + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it + vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); +@@ -11750,6 +11760,17 @@ impersonate: + err = VIX_OK; + + done: ++ Util_ZeroFreeString(token); ++ Util_ZeroFreeString(username); ++ ++ if (VIX_OK != err) { ++ if (impersonated) { ++ vgErr = VGAuth_EndImpersonation(ctx); ++ ASSERT(vgErr == VGAUTH_E_OK); ++ } ++ VGAuth_UserHandleFree(newHandle); ++ newHandle = NULL; ++ } + + return err; + #else +-- +1.8.3.1 + diff --git a/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch b/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch deleted file mode 100644 index b2167f3..0000000 --- a/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 6c240f1d7c3e348af0aa95d5dfba08e95601fcc8 Mon Sep 17 00:00:00 2001 -From: Cathy Avery -Date: Fri, 15 Nov 2019 14:49:07 +0100 -Subject: [PATCH 2/3] End VGAuth impersonation in the - -RH-Author: Cathy Avery -Message-id: <20191115144908.7669-3-cavery@redhat.com> -Patchwork-id: 92390 -O-Subject: [RHEL7.7.z open-vm-tools PATCH 2/3] End VGAuth impersonation in the case of error. -Bugzilla: 1772825 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Eduardo Otubo - -commit 7b874f37f970aab2adddb063a8363594f47abf70 -Author: Oliver Kurth -Date: Tue Sep 4 15:40:58 2018 -0700 - - End VGAuth impersonation in the case of error. - - * In GuestAuthPasswordAuthenticateImpersonate(): - When VGAuth_UserHandleAccessToken fails, unimpersonation is not - being done. This can cause issues. Fixed it. - - * In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues: - The 'newHandle' is not being freed which causes a memory leak. - When VGAuth_UserHandleAccessToken fails, unimpersonation is not - being done. - -Signed-off-by: Cathy Avery -Signed-off-by: Miroslav Rezanina ---- - services/plugins/vix/vixTools.c | 25 +++++++++++++++++++++++-- - 1 file changed, 23 insertions(+), 2 deletions(-) - -diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c -index 7ed9f43..3d327e4 100644 ---- a/services/plugins/vix/vixTools.c -+++ b/services/plugins/vix/vixTools.c -@@ -11392,6 +11392,7 @@ GuestAuthPasswordAuthenticateImpersonate( - VGAuthError vgErr; - VGAuthUserHandle *newHandle = NULL; - VGAuthExtraParams extraParams[1]; -+ Bool impersonated = FALSE; - - extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; - extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE; -@@ -11427,6 +11428,8 @@ GuestAuthPasswordAuthenticateImpersonate( - goto done; - } - -+ impersonated = TRUE; -+ - #ifdef _WIN32 - // this is making a copy of the token, be sure to close it - vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); -@@ -11446,6 +11449,10 @@ done: - Util_ZeroFreeString(password); - - if (VIX_OK != err) { -+ if (impersonated) { -+ vgErr = VGAuth_EndImpersonation(ctx); -+ ASSERT(vgErr == VGAUTH_E_OK); -+ } - VGAuth_UserHandleFree(newHandle); - newHandle = NULL; - } -@@ -11480,12 +11487,13 @@ GuestAuthSAMLAuthenticateAndImpersonate( - { - #if SUPPORT_VGAUTH - VixError err; -- char *token; -- char *username; -+ char *token = NULL; -+ char *username = NULL; - VGAuthContext *ctx = NULL; - VGAuthError vgErr; - VGAuthUserHandle *newHandle = NULL; - VGAuthExtraParams extraParams[1]; -+ Bool impersonated = FALSE; - - extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; - extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE; -@@ -11577,6 +11585,8 @@ impersonate: - goto done; - } - -+ impersonated = TRUE; -+ - #ifdef _WIN32 - // this is making a copy of the token, be sure to close it - vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); -@@ -11592,6 +11602,17 @@ impersonate: - err = VIX_OK; - - done: -+ Util_ZeroFreeString(token); -+ Util_ZeroFreeString(username); -+ -+ if (VIX_OK != err) { -+ if (impersonated) { -+ vgErr = VGAuth_EndImpersonation(ctx); -+ ASSERT(vgErr == VGAUTH_E_OK); -+ } -+ VGAuth_UserHandleFree(newHandle); -+ newHandle = NULL; -+ } - - return err; - #else --- -1.8.3.1 - diff --git a/SOURCES/ovt-Fix-RELRO-flag.patch b/SOURCES/ovt-Fix-RELRO-flag.patch deleted file mode 100644 index 8f47973..0000000 --- a/SOURCES/ovt-Fix-RELRO-flag.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 0e4b153006ee5a88e1a60ff8e13b954bc88692ff Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Fri, 1 Mar 2019 09:46:11 +0100 -Subject: [PATCH 2/2] Fix RELRO flag - -RH-Author: Miroslav Rezanina -Message-id: <1551433571-31547-1-git-send-email-mrezanin@redhat.com> -Patchwork-id: 84750 -O-Subject: [RHEL-7.7 open-vm-tools PATCH] Fix RELRO flag -Bugzilla: 1678576 -RH-Acked-by: Cathy Avery -RH-Acked-by: Richard Jones - -From: Miroslav Rezanina - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1678576 -Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20410856 -Upstream: n/a - -rpmdiff for 10.3.0 based open-vm-tools reports partial RELRO on several binaries. -This patch ensure proper hardening is used and files have full RELRO flag. - -Signed-off-by: Miroslav Rezanina -Signed-off-by: Miroslav Rezanina ---- - configure.ac | 2 +- - libDeployPkg/Makefile.am | 2 +- - libguestlib/Makefile.am | 2 +- - libhgfs/Makefile.am | 2 +- - libvmtools/Makefile.am | 2 +- - vgauth/lib/Makefile.am | 2 +- - 6 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 72dc4ff..82e2bc6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1526,7 +1526,7 @@ VMTOOLS_LIBS="$BUILDDIR/libvmtools/libvmtools.la $GLIB2_LIBS" - VMTOOLS_CPPFLAGS="-DVMTOOLS_USE_GLIB $GLIB2_CPPFLAGS" - - PLUGIN_CPPFLAGS="$VMTOOLS_CPPFLAGS $PLUGIN_CPPFLAGS" --PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version" -+PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version -Wl,-z,relro,-z,now" - - # Installation directories for core services plugins. - TEST_PLUGIN_INSTALLDIR=$datadir/open-vm-tools/tests -diff --git a/libDeployPkg/Makefile.am b/libDeployPkg/Makefile.am -index b4d5c9d..f4e8f8b 100644 ---- a/libDeployPkg/Makefile.am -+++ b/libDeployPkg/Makefile.am -@@ -39,7 +39,7 @@ libDeployPkg_la_SOURCES += linuxDeploymentUtilities.h - libDeployPkg_la_LDFLAGS = - # We require GCC, so we're fine passing compiler-specific flags. - # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD --libDeployPkg_la_LDFLAGS += -Wl,-lc -+libDeployPkg_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now - - libDeployPkg_includedir = $(includedir)/libDeployPkg - -diff --git a/libguestlib/Makefile.am b/libguestlib/Makefile.am -index 5181409..a21a3ff 100644 ---- a/libguestlib/Makefile.am -+++ b/libguestlib/Makefile.am -@@ -32,7 +32,7 @@ libguestlib_la_SOURCES += vmGuestLib.c - libguestlib_la_LDFLAGS = - # We require GCC, so we're fine passing compiler-specific flags. - # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD --libguestlib_la_LDFLAGS += -Wl,-lc -+libguestlib_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now - - libguestlib_includedir = $(includedir)/vmGuestLib - -diff --git a/libhgfs/Makefile.am b/libhgfs/Makefile.am -index 7609145..50573ee 100644 ---- a/libhgfs/Makefile.am -+++ b/libhgfs/Makefile.am -@@ -41,5 +41,5 @@ libhgfs_la_LDFLAGS = - libhgfs_la_LDFLAGS += -Wl,-z,defs - # Needed for OS's that don't link shared libraries against libc by - #default, e.g. FreeBSD --libhgfs_la_LDFLAGS += -Wl,-lc -+libhgfs_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now - -diff --git a/libvmtools/Makefile.am b/libvmtools/Makefile.am -index 1971942..6a4ca74 100644 ---- a/libvmtools/Makefile.am -+++ b/libvmtools/Makefile.am -@@ -91,5 +91,5 @@ libvmtools_la_LDFLAGS = - libvmtools_la_LDFLAGS += -Wl,-z,defs - # Needed for OS's that don't link shared libraries against libc by - #default, e.g. FreeBSD --libvmtools_la_LDFLAGS += -Wl,-lc -+libvmtools_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now - -diff --git a/vgauth/lib/Makefile.am b/vgauth/lib/Makefile.am -index bce97aa..6c0c265 100644 ---- a/vgauth/lib/Makefile.am -+++ b/vgauth/lib/Makefile.am -@@ -59,7 +59,7 @@ libvgauth_la_LDFLAGS = - libvgauth_la_LDFLAGS += -Wl,-z,defs - # Needed for OS's that don't link shared libraries against libc by - #default, e.g. FreeBSD --libvgauth_la_LDFLAGS += -Wl,-lc -+libvgauth_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now - - # Message catalogs. - install-data-hook: --- -1.8.3.1 - diff --git a/SOURCES/ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch b/SOURCES/ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch new file mode 100644 index 0000000..a4aa8e1 --- /dev/null +++ b/SOURCES/ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch @@ -0,0 +1,85 @@ +From 57a9cb6cb1f74f13af6a348443ed098927818760 Mon Sep 17 00:00:00 2001 +From: Cathy Avery +Date: Fri, 25 Oct 2019 15:34:05 +0200 +Subject: [PATCH 3/3] Fix leaks in ListAliases and ListMappedAliases + (9bc72f0b09702754b429115658a85223cb3058bd from devel) + +RH-Author: Cathy Avery +Message-id: <20191025153405.10241-4-cavery@redhat.com> +Patchwork-id: 91968 +O-Subject: [RHEL7.8 open-vm-tools PATCH v2 3/3] Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel) +Bugzilla: 1760625 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Miroslav Rezanina + +commit 26b9edbeb79d1c67b9ae73a0c97c48999c1fb503 (origin/stable-10.3.10-vix-memory-leaks) +Author: Oliver Kurth +Date: Wed Oct 2 17:48:35 2019 -0700 + + Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel) + +Signed-off-by: Cathy Avery +Signed-off-by: Miroslav Rezanina +--- + services/plugins/vix/vixTools.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c +index 00b40b1..b0bd4d0 100644 +--- a/services/plugins/vix/vixTools.c ++++ b/services/plugins/vix/vixTools.c +@@ -9621,7 +9621,6 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN + char *endDestPtr; + char *tmpBuf = NULL; + char *tmpBuf2 = NULL; +- char *recordBuf; + size_t recordSize; + char *escapedStr = NULL; + char *escapedStr2 = NULL; +@@ -9680,6 +9679,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN + destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s", + VIX_XML_ESCAPED_TAG); + for (i = 0; i < num; i++) { ++ char *recordBuf = NULL; ++ + escapedStr = VixToolsEscapeXMLString(uaList[i].pemCert); + if (escapedStr == NULL) { + err = VIX_E_OUT_OF_MEMORY; +@@ -9750,6 +9751,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN + Log("%s: ListAuth list results too large, truncating", __FUNCTION__); + goto abort; + } ++ free(recordBuf); ++ recordBuf = NULL; + } + + *result = resultBuffer; +@@ -9817,7 +9820,6 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN + char *endDestPtr; + char *tmpBuf = NULL; + char *tmpBuf2 = NULL; +- char *recordBuf; + char *escapedStr = NULL; + char *escapedStr2 = NULL; + size_t recordSize; +@@ -9870,6 +9872,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN + destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s", + VIX_XML_ESCAPED_TAG); + for (i = 0; i < num; i++) { ++ char *recordBuf = NULL; ++ + escapedStr = VixToolsEscapeXMLString(maList[i].pemCert); + if (escapedStr == NULL) { + err = VIX_E_OUT_OF_MEMORY; +@@ -9938,6 +9942,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN + Log("%s: ListMapped results too large, truncating", __FUNCTION__); + goto abort; + } ++ free(recordBuf); ++ recordBuf = NULL; + } + + *result = resultBuffer; +-- +1.8.3.1 + diff --git a/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch b/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch deleted file mode 100644 index a7a0e64..0000000 --- a/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch +++ /dev/null @@ -1,84 +0,0 @@ -From e2d98f99494ce748bd0e77d9bc1f52663936faa1 Mon Sep 17 00:00:00 2001 -From: Cathy Avery -Date: Fri, 15 Nov 2019 14:49:08 +0100 -Subject: [PATCH 3/3] Fix leaks in ListAliases and - -RH-Author: Cathy Avery -Message-id: <20191115144908.7669-4-cavery@redhat.com> -Patchwork-id: 92389 -O-Subject: [RHEL7.7.z open-vm-tools PATCH 3/3] Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel) -Bugzilla: 1772825 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Eduardo Otubo - -commit 26b9edbeb79d1c67b9ae73a0c97c48999c1fb503 (origin/stable-10.3.10-vix-memory-leaks) -Author: Oliver Kurth -Date: Wed Oct 2 17:48:35 2019 -0700 - - Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel) - -Signed-off-by: Cathy Avery -Signed-off-by: Miroslav Rezanina ---- - services/plugins/vix/vixTools.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c -index 3d327e4..a30ef6b 100644 ---- a/services/plugins/vix/vixTools.c -+++ b/services/plugins/vix/vixTools.c -@@ -9463,7 +9463,6 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN - char *endDestPtr; - char *tmpBuf = NULL; - char *tmpBuf2 = NULL; -- char *recordBuf; - size_t recordSize; - char *escapedStr = NULL; - char *escapedStr2 = NULL; -@@ -9522,6 +9521,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN - destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s", - VIX_XML_ESCAPED_TAG); - for (i = 0; i < num; i++) { -+ char *recordBuf = NULL; -+ - escapedStr = VixToolsEscapeXMLString(uaList[i].pemCert); - if (escapedStr == NULL) { - err = VIX_E_OUT_OF_MEMORY; -@@ -9592,6 +9593,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN - Log("%s: ListAuth list results too large, truncating", __FUNCTION__); - goto abort; - } -+ free(recordBuf); -+ recordBuf = NULL; - } - - *result = resultBuffer; -@@ -9659,7 +9662,6 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN - char *endDestPtr; - char *tmpBuf = NULL; - char *tmpBuf2 = NULL; -- char *recordBuf; - char *escapedStr = NULL; - char *escapedStr2 = NULL; - size_t recordSize; -@@ -9712,6 +9714,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN - destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s", - VIX_XML_ESCAPED_TAG); - for (i = 0; i < num; i++) { -+ char *recordBuf = NULL; -+ - escapedStr = VixToolsEscapeXMLString(maList[i].pemCert); - if (escapedStr == NULL) { - err = VIX_E_OUT_OF_MEMORY; -@@ -9780,6 +9784,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN - Log("%s: ListMapped results too large, truncating", __FUNCTION__); - goto abort; - } -+ free(recordBuf); -+ recordBuf = NULL; - } - - *result = resultBuffer; --- -1.8.3.1 - diff --git a/SOURCES/ovt-Fix-memory-leaks-in-vix-tools-plugin.patch b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools-plugin.patch new file mode 100644 index 0000000..8eedfd7 --- /dev/null +++ b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools-plugin.patch @@ -0,0 +1,102 @@ +From 01a8304a6c9a93f14ad1c32e15dd2edfd50c8586 Mon Sep 17 00:00:00 2001 +From: Cathy Avery +Date: Fri, 25 Oct 2019 15:34:03 +0200 +Subject: [PATCH 1/3] Fix memory leaks in 'vix' tools plugin. + +RH-Author: Cathy Avery +Message-id: <20191025153405.10241-2-cavery@redhat.com> +Patchwork-id: 91969 +O-Subject: [RHEL7.8 open-vm-tools PATCH v2 1/3] Fix memory leaks in 'vix' tools plugin. +Bugzilla: 1760625 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Miroslav Rezanina + +commit 015db4c06a8be65eb96cf62421e8b5366993452f +Author: Oliver Kurth +Date: Wed Aug 29 13:29:45 2018 -0700 + + Fix memory leaks in 'vix' tools plugin. + + * vix plugin retrieves the power script file paths from the + config file but doesn't free them and this causes a memory leak. + Fixed the code to free the filepaths. + + * In GuestAuthPasswordAuthenticateImpersonate function, the VGAuth + handle is not freed when the impersonation fails. Fixed the + code to call VGAuth_UserHandleFree in the error path. + + Note: I executed one guest operation with wrong credentials. + Every failure leaks 75 bytes of memory. (in Centos 64-bit VM) + + * Fixed another minor issue in the code. At couple of places in + the code, replaced 'err' with 'vgErr' for storing the return value + of VGAuth_UserHandleAccessToken. + +Signed-off-by: Cathy Avery +Signed-off-by: Miroslav Rezanina +--- + services/plugins/vix/vixTools.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c +index 55b1f0a..4436944 100644 +--- a/services/plugins/vix/vixTools.c ++++ b/services/plugins/vix/vixTools.c +@@ -2522,10 +2522,10 @@ VixTools_GetToolsPropertiesImpl(GKeyFile *confDictRef, // IN + char *guestName; + int osFamily; + char *packageList = NULL; +- const char *powerOffScript = NULL; +- const char *powerOnScript = NULL; +- const char *resumeScript = NULL; +- const char *suspendScript = NULL; ++ char *powerOffScript = NULL; ++ char *powerOnScript = NULL; ++ char *resumeScript = NULL; ++ char *suspendScript = NULL; + char *osName = NULL; + char *osNameFull = NULL; + Bool foundHostName; +@@ -2726,6 +2726,10 @@ abort: + free(tempDir); + free(osName); + free(osNameFull); ++ free(suspendScript); ++ free(resumeScript); ++ free(powerOnScript); ++ free(powerOffScript); + #else + /* + * FreeBSD. We do not require all the properties above. +@@ -11583,7 +11587,7 @@ GuestAuthPasswordAuthenticateImpersonate( + + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it +- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); ++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); + if (VGAUTH_FAILED(vgErr)) { + err = VixToolsTranslateVGAuthError(vgErr); + goto done; +@@ -11599,6 +11603,10 @@ done: + free(username); + Util_ZeroFreeString(password); + ++ if (VIX_OK != err) { ++ VGAuth_UserHandleFree(newHandle); ++ newHandle = NULL; ++ } + return err; + #else + return VIX_E_NOT_SUPPORTED; +@@ -11729,7 +11737,7 @@ impersonate: + + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it +- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); ++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); + if (VGAUTH_FAILED(vgErr)) { + err = VixToolsTranslateVGAuthError(vgErr); + goto done; +-- +1.8.3.1 + diff --git a/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch deleted file mode 100644 index 3578e65..0000000 --- a/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 4e5eb0a6c6996229f4daf3c23398cf62b910637d Mon Sep 17 00:00:00 2001 -From: Cathy Avery -Date: Fri, 15 Nov 2019 14:49:06 +0100 -Subject: [PATCH 1/3] Fix memory leaks in 'vix' tools - -RH-Author: Cathy Avery -Message-id: <20191115144908.7669-2-cavery@redhat.com> -Patchwork-id: 92388 -O-Subject: [RHEL7.7.z open-vm-tools PATCH 1/3] Fix memory leaks in 'vix' tools plugin. -Bugzilla: 1772825 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Eduardo Otubo - -commit 015db4c06a8be65eb96cf62421e8b5366993452f -Author: Oliver Kurth -Date: Wed Aug 29 13:29:45 2018 -0700 - - Fix memory leaks in 'vix' tools plugin. - - * vix plugin retrieves the power script file paths from the - config file but doesn't free them and this causes a memory leak. - Fixed the code to free the filepaths. - - * In GuestAuthPasswordAuthenticateImpersonate function, the VGAuth - handle is not freed when the impersonation fails. Fixed the - code to call VGAuth_UserHandleFree in the error path. - - Note: I executed one guest operation with wrong credentials. - Every failure leaks 75 bytes of memory. (in Centos 64-bit VM) - - * Fixed another minor issue in the code. At couple of places in - the code, replaced 'err' with 'vgErr' for storing the return value - of VGAuth_UserHandleAccessToken. - -Signed-off-by: Cathy Avery -Signed-off-by: Miroslav Rezanina ---- - services/plugins/vix/vixTools.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c -index 7997fee..7ed9f43 100644 ---- a/services/plugins/vix/vixTools.c -+++ b/services/plugins/vix/vixTools.c -@@ -2438,10 +2438,10 @@ VixTools_GetToolsPropertiesImpl(GKeyFile *confDictRef, // IN - char *guestName; - int osFamily; - char *packageList = NULL; -- const char *powerOffScript = NULL; -- const char *powerOnScript = NULL; -- const char *resumeScript = NULL; -- const char *suspendScript = NULL; -+ char *powerOffScript = NULL; -+ char *powerOnScript = NULL; -+ char *resumeScript = NULL; -+ char *suspendScript = NULL; - char *osName = NULL; - char *osNameFull = NULL; - Bool foundHostName; -@@ -2642,6 +2642,10 @@ abort: - free(tempDir); - free(osName); - free(osNameFull); -+ free(suspendScript); -+ free(resumeScript); -+ free(powerOnScript); -+ free(powerOffScript); - #else - /* - * FreeBSD. We do not require all the properties above. -@@ -11425,7 +11429,7 @@ GuestAuthPasswordAuthenticateImpersonate( - - #ifdef _WIN32 - // this is making a copy of the token, be sure to close it -- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); -+ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); - if (VGAUTH_FAILED(vgErr)) { - err = VixToolsTranslateVGAuthError(vgErr); - goto done; -@@ -11441,6 +11445,10 @@ done: - free(username); - Util_ZeroFreeString(password); - -+ if (VIX_OK != err) { -+ VGAuth_UserHandleFree(newHandle); -+ newHandle = NULL; -+ } - return err; - #else - return VIX_E_NOT_SUPPORTED; -@@ -11571,7 +11579,7 @@ impersonate: - - #ifdef _WIN32 - // this is making a copy of the token, be sure to close it -- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); -+ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); - if (VGAUTH_FAILED(vgErr)) { - err = VixToolsTranslateVGAuthError(vgErr); - goto done; --- -1.8.3.1 - diff --git a/SOURCES/vmtoolsd.service b/SOURCES/vmtoolsd.service index 773040d..051bc32 100644 --- a/SOURCES/vmtoolsd.service +++ b/SOURCES/vmtoolsd.service @@ -2,15 +2,19 @@ Description=Service for virtual machines hosted on VMware Documentation=http://github.com/vmware/open-vm-tools ConditionVirtualization=vmware +Requires=vmtoolsd-init.service Requires=vgauthd.service +After=vmtoolsd-init.service After=vgauthd.service DefaultDependencies=no Before=cloud-init-local.service + [Service] ExecStart=/usr/bin/vmtoolsd TimeoutStopSec=5 [Install] WantedBy=multi-user.target +Also=vmtoolsd-init.service Also=vgauthd.service diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec index 4310ad5..55ca978 100644 --- a/SPECS/open-vm-tools.spec +++ b/SPECS/open-vm-tools.spec @@ -20,15 +20,15 @@ %global _hardened_build 1 %global majorversion 10.3 -%global minorversion 0 -%global toolsbuild 8931395 +%global minorversion 10 +%global toolsbuild 12406962 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd Name: open-vm-tools Version: %{toolsversion} -Release: 2%{?dist}.1 +Release: 2%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware Group: Applications/System License: GPLv2 @@ -37,18 +37,15 @@ Source0: https://github.com/vmware/%{name}/releases/download/stable-%{v Source1: %{toolsdaemon}-init.service Source2: %{toolsdaemon}.service Source3: %{vgauthdaemon}.service -ExclusiveArch: x86_64 %{ix86} - -Patch0002: 0002-Update-cloud-init-handling.patch -Patch0003: 0003-hgfsPlugin-crash-fix.patch -# For bz#1678576 - [ESXi][RHEL7.6] Several files lost Full RELRO -Patch4: ovt-Fix-RELRO-flag.patch -# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z] -Patch5: ovt-Fix-memory-leaks-in-vix-tools.patch -# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z] -Patch6: ovt-End-VGAuth-impersonation-in-the.patch -# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z] -Patch7: ovt-Fix-leaks-in-ListAliases-and.patch +ExclusiveArch: x86_64 + +Patch0002: 0002-Fix-RELRO-flag.patch +# For bz#1760625 - [ESXi][RHEL7.8]Need to backport some severe memory leak fixes from upstream +Patch3: ovt-Fix-memory-leaks-in-vix-tools-plugin.patch +# For bz#1760625 - [ESXi][RHEL7.8]Need to backport some severe memory leak fixes from upstream +Patch4: ovt-End-VGAuth-impersonation-in-the-case-of-error.patch +# For bz#1760625 - [ESXi][RHEL7.8]Need to backport some severe memory leak fixes from upstream +Patch5: ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch BuildRequires: autoconf BuildRequires: automake @@ -145,11 +142,9 @@ machines. %setup -q -n %{name}-%{version}-%{toolsbuild} %patch0002 -p1 -%patch0003 -p1 +%patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 -%patch7 -p1 %build # Required for regenerating configure script when @@ -338,14 +333,19 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog -* Tue Dec 03 2019 Miroslav Rezanina - 10.3.0-2.el7_7.1 -- ovt-Fix-memory-leaks-in-vix-tools.patch [bz#1772825] -- ovt-End-VGAuth-impersonation-in-the.patch [bz#1772825] -- ovt-Fix-leaks-in-ListAliases-and.patch [bz#1772825] -- Resolves: bz#1772825 - ([ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z]) - -* Wed Mar 13 2019 Miroslav Rezanina - 10.3.0-2.el7 +* Mon Nov 04 2019 Miroslav Rezanina - 10.3.10-2.el7 +- ovt-Fix-memory-leaks-in-vix-tools-plugin.patch [bz#1760625] +- ovt-End-VGAuth-impersonation-in-the-case-of-error.patch [bz#1760625] +- ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch [bz#1760625] +- Resolves: bz#1760625 + ([ESXi][RHEL7.8]Need to backport some severe memory leak fixes from upstream) + +* Thu Aug 22 2019 Miroslav Rezanina - 10.3.10-1 +- Rebase to 10.3.10 [bz#1725187] +- Resolves: bz#1725187 + ([ESXi][RHEL7.8 ]Rebase open-vm-tools to 10.3.10) + +* Wed Mar 13 2019 Miroslav Rezanina - 10.3.0-2 - ovt-Enable-cloud-init-by-default-to-change-the-systemd-u.patch [bz#1662278] - ovt-Fix-RELRO-flag.patch [bz#1678576] - Resolves: bz#1662278 @@ -363,11 +363,6 @@ fi - Resolves: bz#1601559 ([ESXi][RHEL7.6] Include new open-vm-tools patches for cloud-init to work with python-2) -* Mon May 14 2018 Miroslav Rezanina - 10.2.5-2 -- Updated RHEL version -- Resolves: bz#1527233 - ([ESXi][RHEL7.5]Rebase open-vm-tools to 10.2.5) - * Wed May 09 2018 Ravindra Kumar - 10.2.5-2 - Use tirpc for Fedora 28 onwards.