diff --git a/.gitignore b/.gitignore index 7e4186b..d478b40 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/open-vm-tools-12.0.5-19716617.tar.gz +SOURCES/open-vm-tools-12.1.5-20735119.tar.gz diff --git a/.open-vm-tools.metadata b/.open-vm-tools.metadata index 1a5a185..378fafe 100644 --- a/.open-vm-tools.metadata +++ b/.open-vm-tools.metadata @@ -1 +1 @@ -dcdc35708fae2e3e3192fec7e6a93c7b5c0e3c4c SOURCES/open-vm-tools-12.0.5-19716617.tar.gz +92cfc4bc23f3f4392a0e925d639aeac37c4aafb5 SOURCES/open-vm-tools-12.1.5-20735119.tar.gz diff --git a/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch b/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch deleted file mode 100644 index b4e9ae8..0000000 --- a/SOURCES/ovt-Properly-check-authorization-on-incoming-guestOps-re.patch +++ /dev/null @@ -1,57 +0,0 @@ -From c8e1e5c668ead319b7a91a3a3d7decb114c5daef Mon Sep 17 00:00:00 2001 -From: Cathy Avery -Date: Mon, 29 Aug 2022 12:50:45 -0400 -Subject: [PATCH] Properly check authorization on incoming guestOps requests. - -RH-Author: Cathy Avery -RH-MergeRequest: 12: Properly check authorization on incoming guestOps requests. -RH-Bugzilla: 2119284 -RH-Acked-by: Mohamed Gamal Morsy -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Vitaly Kuznetsov -RH-Commit: [1/1] d2f10cdcba9d606492f371790c3a0be5b8ce965c -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2119284 -Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=47492094 -Tested: Tested by QE -Upstream Status: origin/master -Conflicts: None - - commit 70a74758bfe0042c27f15ce590fb21a2bc54d745 - Author: John Wolfe - Date: Sun Aug 21 07:56:49 2022 -0700 - - Properly check authorization on incoming guestOps requests. - - Fix public pipe request checks. Only a SessionRequest type should - be accepted on the public pipe. - -Signed-off-by: Cathy Avery ---- - open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c -index db7159ee..6c672601 100644 ---- a/open-vm-tools/vgauth/serviceImpl/proto.c -+++ b/open-vm-tools/vgauth/serviceImpl/proto.c -@@ -1,5 +1,5 @@ - /********************************************************* -- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved. -+ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published -@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn, - VGAuthError err; - gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn); - -+ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) { -+ return VGAUTH_E_PERMISSION_DENIED; -+ } -+ - switch (req->reqType) { - /* - * This comes over the public connection; alwsys let it through. --- -2.35.3 - diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec index 21aa3ad..1cfa405 100644 --- a/SPECS/open-vm-tools.spec +++ b/SPECS/open-vm-tools.spec @@ -19,9 +19,9 @@ ################################################################################ %global _hardened_build 1 -%global majorversion 12.0 +%global majorversion 12.1 %global minorversion 5 -%global toolsbuild 19716617 +%global toolsbuild 20735119 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -32,7 +32,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 2%{?dist} +Release: 1%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware License: GPLv2 URL: https://github.com/vmware/%{name} @@ -44,8 +44,6 @@ Source3: run-vmblock\x2dfuse.mount Source4: open-vm-tools.conf Source5: vmtoolsd.pam -# For bz#2119284 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.7.0] -Patch1: ovt-Properly-check-authorization-on-incoming-guestOps-re.patch %if 0%{?rhel} >= 7 ExclusiveArch: x86_64 @@ -53,6 +51,7 @@ ExclusiveArch: x86_64 ExclusiveArch: %{ix86} x86_64 aarch64 %endif +#Patch0: name.patch BuildRequires: autoconf BuildRequires: automake @@ -411,6 +410,16 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog +* Fri Dec 09 2022 Miroslav Rezanina 12.1.5-1 +- Rebase to open-vm-tools 12.1.5 [bz#2150188] +- Resolves: bz#2150188 + (ESXi][RHEL8]Open-vm-tools release 12.1.5 has been released - please rebase) + +* Tue Sep 13 2022 Miroslav Rezanina 12.1.0-1 +- Rebase to open-vm-tools 12.1.0 +- Resolves: bz#2121196 + ([ESXi][RHEL8]Open-vm-tools release 12.1.0 has been released - please rebase) + * Tue Sep 06 2022 Jon Maloy - 12.0.5-2 - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119284] - Resolves: bz#2119284