diff --git a/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch b/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch
new file mode 100644
index 0000000..b2167f3
--- /dev/null
+++ b/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch
@@ -0,0 +1,112 @@
+From 6c240f1d7c3e348af0aa95d5dfba08e95601fcc8 Mon Sep 17 00:00:00 2001
+From: Cathy Avery <cavery@redhat.com>
+Date: Fri, 15 Nov 2019 14:49:07 +0100
+Subject: [PATCH 2/3] End VGAuth impersonation in the
+
+RH-Author: Cathy Avery <cavery@redhat.com>
+Message-id: <20191115144908.7669-3-cavery@redhat.com>
+Patchwork-id: 92390
+O-Subject: [RHEL7.7.z open-vm-tools PATCH 2/3] End VGAuth impersonation in the case of error.
+Bugzilla: 1772825
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+
+commit 7b874f37f970aab2adddb063a8363594f47abf70
+Author: Oliver Kurth <okurth@vmware.com>
+Date: Tue Sep 4 15:40:58 2018 -0700
+
+ End VGAuth impersonation in the case of error.
+
+ * In GuestAuthPasswordAuthenticateImpersonate():
+ When VGAuth_UserHandleAccessToken fails, unimpersonation is not
+ being done. This can cause issues. Fixed it.
+
+ * In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues:
+ The 'newHandle' is not being freed which causes a memory leak.
+ When VGAuth_UserHandleAccessToken fails, unimpersonation is not
+ being done.
+
+Signed-off-by: Cathy Avery <cavery@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ services/plugins/vix/vixTools.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
+index 7ed9f43..3d327e4 100644
+--- a/services/plugins/vix/vixTools.c
++++ b/services/plugins/vix/vixTools.c
+@@ -11392,6 +11392,7 @@ GuestAuthPasswordAuthenticateImpersonate(
+ VGAuthError vgErr;
+ VGAuthUserHandle *newHandle = NULL;
+ VGAuthExtraParams extraParams[1];
++ Bool impersonated = FALSE;
+
+ extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
+ extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
+@@ -11427,6 +11428,8 @@ GuestAuthPasswordAuthenticateImpersonate(
+ goto done;
+ }
+
++ impersonated = TRUE;
++
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+@@ -11446,6 +11449,10 @@ done:
+ Util_ZeroFreeString(password);
+
+ if (VIX_OK != err) {
++ if (impersonated) {
++ vgErr = VGAuth_EndImpersonation(ctx);
++ ASSERT(vgErr == VGAUTH_E_OK);
++ }
+ VGAuth_UserHandleFree(newHandle);
+ newHandle = NULL;
+ }
+@@ -11480,12 +11487,13 @@ GuestAuthSAMLAuthenticateAndImpersonate(
+ {
+ #if SUPPORT_VGAUTH
+ VixError err;
+- char *token;
+- char *username;
++ char *token = NULL;
++ char *username = NULL;
+ VGAuthContext *ctx = NULL;
+ VGAuthError vgErr;
+ VGAuthUserHandle *newHandle = NULL;
+ VGAuthExtraParams extraParams[1];
++ Bool impersonated = FALSE;
+
+ extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
+ extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
+@@ -11577,6 +11585,8 @@ impersonate:
+ goto done;
+ }
+
++ impersonated = TRUE;
++
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+@@ -11592,6 +11602,17 @@ impersonate:
+ err = VIX_OK;
+
+ done:
++ Util_ZeroFreeString(token);
++ Util_ZeroFreeString(username);
++
++ if (VIX_OK != err) {
++ if (impersonated) {
++ vgErr = VGAuth_EndImpersonation(ctx);
++ ASSERT(vgErr == VGAUTH_E_OK);
++ }
++ VGAuth_UserHandleFree(newHandle);
++ newHandle = NULL;
++ }
+
+ return err;
+ #else
+--
+1.8.3.1
+
diff --git a/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch b/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch
new file mode 100644
index 0000000..a7a0e64
--- /dev/null
+++ b/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch
@@ -0,0 +1,84 @@
+From e2d98f99494ce748bd0e77d9bc1f52663936faa1 Mon Sep 17 00:00:00 2001
+From: Cathy Avery <cavery@redhat.com>
+Date: Fri, 15 Nov 2019 14:49:08 +0100
+Subject: [PATCH 3/3] Fix leaks in ListAliases and
+
+RH-Author: Cathy Avery <cavery@redhat.com>
+Message-id: <20191115144908.7669-4-cavery@redhat.com>
+Patchwork-id: 92389
+O-Subject: [RHEL7.7.z open-vm-tools PATCH 3/3] Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel)
+Bugzilla: 1772825
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+
+commit 26b9edbeb79d1c67b9ae73a0c97c48999c1fb503 (origin/stable-10.3.10-vix-memory-leaks)
+Author: Oliver Kurth <okurth@vmware.com>
+Date: Wed Oct 2 17:48:35 2019 -0700
+
+ Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel)
+
+Signed-off-by: Cathy Avery <cavery@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ services/plugins/vix/vixTools.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
+index 3d327e4..a30ef6b 100644
+--- a/services/plugins/vix/vixTools.c
++++ b/services/plugins/vix/vixTools.c
+@@ -9463,7 +9463,6 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
+ char *endDestPtr;
+ char *tmpBuf = NULL;
+ char *tmpBuf2 = NULL;
+- char *recordBuf;
+ size_t recordSize;
+ char *escapedStr = NULL;
+ char *escapedStr2 = NULL;
+@@ -9522,6 +9521,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
+ destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s",
+ VIX_XML_ESCAPED_TAG);
+ for (i = 0; i < num; i++) {
++ char *recordBuf = NULL;
++
+ escapedStr = VixToolsEscapeXMLString(uaList[i].pemCert);
+ if (escapedStr == NULL) {
+ err = VIX_E_OUT_OF_MEMORY;
+@@ -9592,6 +9593,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
+ Log("%s: ListAuth list results too large, truncating", __FUNCTION__);
+ goto abort;
+ }
++ free(recordBuf);
++ recordBuf = NULL;
+ }
+
+ *result = resultBuffer;
+@@ -9659,7 +9662,6 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
+ char *endDestPtr;
+ char *tmpBuf = NULL;
+ char *tmpBuf2 = NULL;
+- char *recordBuf;
+ char *escapedStr = NULL;
+ char *escapedStr2 = NULL;
+ size_t recordSize;
+@@ -9712,6 +9714,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
+ destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s",
+ VIX_XML_ESCAPED_TAG);
+ for (i = 0; i < num; i++) {
++ char *recordBuf = NULL;
++
+ escapedStr = VixToolsEscapeXMLString(maList[i].pemCert);
+ if (escapedStr == NULL) {
+ err = VIX_E_OUT_OF_MEMORY;
+@@ -9780,6 +9784,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
+ Log("%s: ListMapped results too large, truncating", __FUNCTION__);
+ goto abort;
+ }
++ free(recordBuf);
++ recordBuf = NULL;
+ }
+
+ *result = resultBuffer;
+--
+1.8.3.1
+
diff --git a/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch
new file mode 100644
index 0000000..3578e65
--- /dev/null
+++ b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch
@@ -0,0 +1,102 @@
+From 4e5eb0a6c6996229f4daf3c23398cf62b910637d Mon Sep 17 00:00:00 2001
+From: Cathy Avery <cavery@redhat.com>
+Date: Fri, 15 Nov 2019 14:49:06 +0100
+Subject: [PATCH 1/3] Fix memory leaks in 'vix' tools
+
+RH-Author: Cathy Avery <cavery@redhat.com>
+Message-id: <20191115144908.7669-2-cavery@redhat.com>
+Patchwork-id: 92388
+O-Subject: [RHEL7.7.z open-vm-tools PATCH 1/3] Fix memory leaks in 'vix' tools plugin.
+Bugzilla: 1772825
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+
+commit 015db4c06a8be65eb96cf62421e8b5366993452f
+Author: Oliver Kurth <okurth@vmware.com>
+Date: Wed Aug 29 13:29:45 2018 -0700
+
+ Fix memory leaks in 'vix' tools plugin.
+
+ * vix plugin retrieves the power script file paths from the
+ config file but doesn't free them and this causes a memory leak.
+ Fixed the code to free the filepaths.
+
+ * In GuestAuthPasswordAuthenticateImpersonate function, the VGAuth
+ handle is not freed when the impersonation fails. Fixed the
+ code to call VGAuth_UserHandleFree in the error path.
+
+ Note: I executed one guest operation with wrong credentials.
+ Every failure leaks 75 bytes of memory. (in Centos 64-bit VM)
+
+ * Fixed another minor issue in the code. At couple of places in
+ the code, replaced 'err' with 'vgErr' for storing the return value
+ of VGAuth_UserHandleAccessToken.
+
+Signed-off-by: Cathy Avery <cavery@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ services/plugins/vix/vixTools.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
+index 7997fee..7ed9f43 100644
+--- a/services/plugins/vix/vixTools.c
++++ b/services/plugins/vix/vixTools.c
+@@ -2438,10 +2438,10 @@ VixTools_GetToolsPropertiesImpl(GKeyFile *confDictRef, // IN
+ char *guestName;
+ int osFamily;
+ char *packageList = NULL;
+- const char *powerOffScript = NULL;
+- const char *powerOnScript = NULL;
+- const char *resumeScript = NULL;
+- const char *suspendScript = NULL;
++ char *powerOffScript = NULL;
++ char *powerOnScript = NULL;
++ char *resumeScript = NULL;
++ char *suspendScript = NULL;
+ char *osName = NULL;
+ char *osNameFull = NULL;
+ Bool foundHostName;
+@@ -2642,6 +2642,10 @@ abort:
+ free(tempDir);
+ free(osName);
+ free(osNameFull);
++ free(suspendScript);
++ free(resumeScript);
++ free(powerOnScript);
++ free(powerOffScript);
+ #else
+ /*
+ * FreeBSD. We do not require all the properties above.
+@@ -11425,7 +11429,7 @@ GuestAuthPasswordAuthenticateImpersonate(
+
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+ if (VGAUTH_FAILED(vgErr)) {
+ err = VixToolsTranslateVGAuthError(vgErr);
+ goto done;
+@@ -11441,6 +11445,10 @@ done:
+ free(username);
+ Util_ZeroFreeString(password);
+
++ if (VIX_OK != err) {
++ VGAuth_UserHandleFree(newHandle);
++ newHandle = NULL;
++ }
+ return err;
+ #else
+ return VIX_E_NOT_SUPPORTED;
+@@ -11571,7 +11579,7 @@ impersonate:
+
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+ if (VGAUTH_FAILED(vgErr)) {
+ err = VixToolsTranslateVGAuthError(vgErr);
+ goto done;
+--
+1.8.3.1
+
diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec
index 73fb75e..4d60b0a 100644
--- a/SPECS/open-vm-tools.spec
+++ b/SPECS/open-vm-tools.spec
@@ -28,7 +28,7 @@
Name: open-vm-tools
Version: %{toolsversion}
-Release: 2%{?dist}
+Release: 2%{?dist}.1
Summary: Open Virtual Machine Tools for virtual machines hosted on VMware
Group: Applications/System
License: GPLv2
@@ -37,12 +37,18 @@ Source0: https://github.com/vmware/%{name}/releases/download/stable-%{v
Source1: %{toolsdaemon}-init.service
Source2: %{toolsdaemon}.service
Source3: %{vgauthdaemon}.service
-ExclusiveArch: x86_64 %{ix86}
+ExclusiveArch: x86_64
Patch0002: 0002-Update-cloud-init-handling.patch
Patch0003: 0003-hgfsPlugin-crash-fix.patch
# For bz#1678576 - [ESXi][RHEL7.6] Several files lost Full RELRO
Patch4: ovt-Fix-RELRO-flag.patch
+# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z]
+Patch5: ovt-Fix-memory-leaks-in-vix-tools.patch
+# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z]
+Patch6: ovt-End-VGAuth-impersonation-in-the.patch
+# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z]
+Patch7: ovt-Fix-leaks-in-ListAliases-and.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -141,6 +147,9 @@ machines.
%patch0002 -p1
%patch0003 -p1
%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
%build
# Required for regenerating configure script when
@@ -329,6 +338,13 @@ fi
%{_bindir}/vmware-vgauth-smoketest
%changelog
+* Tue Dec 03 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.0-2.el7_7.1
+- ovt-Fix-memory-leaks-in-vix-tools.patch [bz#1772825]
+- ovt-End-VGAuth-impersonation-in-the.patch [bz#1772825]
+- ovt-Fix-leaks-in-ListAliases-and.patch [bz#1772825]
+- Resolves: bz#1772825
+ ([ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z])
+
* Wed Mar 13 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.0-2.el7
- ovt-Enable-cloud-init-by-default-to-change-the-systemd-u.patch [bz#1662278]
- ovt-Fix-RELRO-flag.patch [bz#1678576]