diff --git a/SOURCES/ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch b/SOURCES/ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch
new file mode 100644
index 0000000..523267b
--- /dev/null
+++ b/SOURCES/ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch
@@ -0,0 +1,106 @@
+From 44f00e9dc569e7ec89251b415e156df0cb59ea07 Mon Sep 17 00:00:00 2001
+From: Cathy Avery <cavery@redhat.com>
+Date: Tue, 19 Nov 2019 14:16:05 +0100
+Subject: [PATCH 2/3] End VGAuth impersonation in the case of error.
+
+RH-Author: Cathy Avery <cavery@redhat.com>
+Message-id: <20191119141606.5322-3-cavery@redhat.com>
+Patchwork-id: 92512
+O-Subject: [RHEL8.1.z open-vm-tools PATCH 2/3] End VGAuth impersonation in the case of error.
+Bugzilla: 1773903
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+commit 7b874f37f970aab2adddb063a8363594f47abf70
+Author: Oliver Kurth <okurth@vmware.com>
+Date: Tue Sep 4 15:40:58 2018 -0700
+
+ End VGAuth impersonation in the case of error.
+
+ * In GuestAuthPasswordAuthenticateImpersonate():
+ When VGAuth_UserHandleAccessToken fails, unimpersonation is not
+ being done. This can cause issues. Fixed it.
+
+ * In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues:
+ The 'newHandle' is not being freed which causes a memory leak.
+ When VGAuth_UserHandleAccessToken fails, unimpersonation is not
+ being done.
+
+Signed-off-by: Cathy Avery <cavery@redhat.com>
+
+Conflicts: There was previously a parital port of this patch
+commit 65f14ca791ac6636ad7d8a3d59941e52a5e3188c of coverity fixes only.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ services/plugins/vix/vixTools.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
+index 2d60b86..7df91de 100644
+--- a/services/plugins/vix/vixTools.c
++++ b/services/plugins/vix/vixTools.c
+@@ -11552,6 +11552,7 @@ GuestAuthPasswordAuthenticateImpersonate(
+ VGAuthError vgErr;
+ VGAuthUserHandle *newHandle = NULL;
+ VGAuthExtraParams extraParams[1];
++ Bool impersonated = FALSE;
+
+ extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
+ extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
+@@ -11587,6 +11588,8 @@ GuestAuthPasswordAuthenticateImpersonate(
+ goto done;
+ }
+
++ impersonated = TRUE;
++
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+@@ -11606,6 +11609,10 @@ done:
+ Util_ZeroFreeString(password);
+
+ if (VIX_OK != err) {
++ if (impersonated) {
++ vgErr = VGAuth_EndImpersonation(ctx);
++ ASSERT(vgErr == VGAUTH_E_OK);
++ }
+ VGAuth_UserHandleFree(newHandle);
+ newHandle = NULL;
+ }
+@@ -11646,6 +11653,7 @@ GuestAuthSAMLAuthenticateAndImpersonate(
+ VGAuthError vgErr;
+ VGAuthUserHandle *newHandle = NULL;
+ VGAuthExtraParams extraParams[1];
++ Bool impersonated = FALSE;
+
+ extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
+ extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
+@@ -11737,6 +11745,8 @@ impersonate:
+ goto done;
+ }
+
++ impersonated = TRUE;
++
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+@@ -11755,6 +11765,15 @@ done:
+ Util_ZeroFreeString(token);
+ Util_ZeroFreeString(username);
+
++ if (VIX_OK != err) {
++ if (impersonated) {
++ vgErr = VGAuth_EndImpersonation(ctx);
++ ASSERT(vgErr == VGAUTH_E_OK);
++ }
++ VGAuth_UserHandleFree(newHandle);
++ newHandle = NULL;
++ }
++
+ return err;
+ #else
+ return VIX_E_NOT_SUPPORTED;
+--
+1.8.3.1
+
diff --git a/SOURCES/ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch b/SOURCES/ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch
new file mode 100644
index 0000000..b0e7325
--- /dev/null
+++ b/SOURCES/ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch
@@ -0,0 +1,87 @@
+From 54da2ccfa99000a62f22820a3702331bbd131077 Mon Sep 17 00:00:00 2001
+From: Cathy Avery <cavery@redhat.com>
+Date: Tue, 19 Nov 2019 14:16:06 +0100
+Subject: [PATCH 3/3] Fix leaks in ListAliases and ListMappedAliases
+ (9bc72f0b09702754b429115658a85223cb3058bd from devel)
+
+RH-Author: Cathy Avery <cavery@redhat.com>
+Message-id: <20191119141606.5322-4-cavery@redhat.com>
+Patchwork-id: 92513
+O-Subject: [RHEL8.1.z open-vm-tools PATCH 3/3] Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel)
+Bugzilla: 1773903
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+commit 26b9edbeb79d1c67b9ae73a0c97c48999c1fb503 (origin/stable-10.3.10-vix-memory-leaks)
+Author: Oliver Kurth <okurth@vmware.com>
+Date: Wed Oct 2 17:48:35 2019 -0700
+
+ Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel)
+
+Signed-off-by: Cathy Avery <cavery@redhat.com>
+
+Conflicts: Previous coverity patch commit d477b6e21915d5099018f4fc4b60f257bb593d72
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ services/plugins/vix/vixTools.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
+index 7df91de..2b9dede 100644
+--- a/services/plugins/vix/vixTools.c
++++ b/services/plugins/vix/vixTools.c
+@@ -9620,7 +9620,6 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
+ char *destPtr;
+ char *endDestPtr;
+ char *tmpBuf = NULL;
+- char *recordBuf;
+ size_t recordSize;
+ char *escapedStr = NULL;
+ char *escapedStr2 = NULL;
+@@ -9679,6 +9678,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
+ destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s",
+ VIX_XML_ESCAPED_TAG);
+ for (i = 0; i < num; i++) {
++ char *recordBuf = NULL;
++
+ escapedStr = VixToolsEscapeXMLString(uaList[i].pemCert);
+ if (escapedStr == NULL) {
+ err = VIX_E_OUT_OF_MEMORY;
+@@ -9752,6 +9753,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN
+ Log("%s: ListAuth list results too large, truncating", __FUNCTION__);
+ goto abort;
+ }
++ free(recordBuf);
++ recordBuf = NULL;
+ }
+
+ *result = resultBuffer;
+@@ -9817,7 +9820,6 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
+ char *destPtr;
+ char *endDestPtr;
+ char *tmpBuf = NULL;
+- char *recordBuf;
+ char *escapedStr = NULL;
+ char *escapedStr2 = NULL;
+ size_t recordSize;
+@@ -9870,6 +9872,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
+ destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s",
+ VIX_XML_ESCAPED_TAG);
+ for (i = 0; i < num; i++) {
++ char *recordBuf = NULL;
++
+ escapedStr = VixToolsEscapeXMLString(maList[i].pemCert);
+ if (escapedStr == NULL) {
+ err = VIX_E_OUT_OF_MEMORY;
+@@ -9941,6 +9945,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN
+ Log("%s: ListMapped results too large, truncating", __FUNCTION__);
+ goto abort;
+ }
++ free(recordBuf);
++ recordBuf = NULL;
+ }
+
+ *result = resultBuffer;
+--
+1.8.3.1
+
diff --git a/SOURCES/ovt-Fix-memory-leaks-in-vix-tools-plugin.patch b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools-plugin.patch
new file mode 100644
index 0000000..b7537c0
--- /dev/null
+++ b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools-plugin.patch
@@ -0,0 +1,102 @@
+From af8a6eab2759aafeffc5ae47aed33492eb092b51 Mon Sep 17 00:00:00 2001
+From: Cathy Avery <cavery@redhat.com>
+Date: Tue, 19 Nov 2019 14:16:04 +0100
+Subject: [PATCH 1/3] Fix memory leaks in 'vix' tools plugin.
+
+RH-Author: Cathy Avery <cavery@redhat.com>
+Message-id: <20191119141606.5322-2-cavery@redhat.com>
+Patchwork-id: 92511
+O-Subject: [RHEL8.1.z open-vm-tools PATCH 1/3] Fix memory leaks in 'vix' tools plugin.
+Bugzilla: 1773903
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+commit 015db4c06a8be65eb96cf62421e8b5366993452f
+Author: Oliver Kurth <okurth@vmware.com>
+Date: Wed Aug 29 13:29:45 2018 -0700
+
+ Fix memory leaks in 'vix' tools plugin.
+
+ * vix plugin retrieves the power script file paths from the
+ config file but doesn't free them and this causes a memory leak.
+ Fixed the code to free the filepaths.
+
+ * In GuestAuthPasswordAuthenticateImpersonate function, the VGAuth
+ handle is not freed when the impersonation fails. Fixed the
+ code to call VGAuth_UserHandleFree in the error path.
+
+ Note: I executed one guest operation with wrong credentials.
+ Every failure leaks 75 bytes of memory. (in Centos 64-bit VM)
+
+ * Fixed another minor issue in the code. At couple of places in
+ the code, replaced 'err' with 'vgErr' for storing the return value
+ of VGAuth_UserHandleAccessToken.
+
+Signed-off-by: Cathy Avery <cavery@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ services/plugins/vix/vixTools.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
+index ef26742..2d60b86 100644
+--- a/services/plugins/vix/vixTools.c
++++ b/services/plugins/vix/vixTools.c
+@@ -2522,10 +2522,10 @@ VixTools_GetToolsPropertiesImpl(GKeyFile *confDictRef, // IN
+ char *guestName;
+ int osFamily;
+ char *packageList = NULL;
+- const char *powerOffScript = NULL;
+- const char *powerOnScript = NULL;
+- const char *resumeScript = NULL;
+- const char *suspendScript = NULL;
++ char *powerOffScript = NULL;
++ char *powerOnScript = NULL;
++ char *resumeScript = NULL;
++ char *suspendScript = NULL;
+ char *osName = NULL;
+ char *osNameFull = NULL;
+ Bool foundHostName;
+@@ -2726,6 +2726,10 @@ abort:
+ free(tempDir);
+ free(osName);
+ free(osNameFull);
++ free(suspendScript);
++ free(resumeScript);
++ free(powerOnScript);
++ free(powerOffScript);
+ #else
+ /*
+ * FreeBSD. We do not require all the properties above.
+@@ -11585,7 +11589,7 @@ GuestAuthPasswordAuthenticateImpersonate(
+
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+ if (VGAUTH_FAILED(vgErr)) {
+ err = VixToolsTranslateVGAuthError(vgErr);
+ goto done;
+@@ -11601,6 +11605,10 @@ done:
+ free(username);
+ Util_ZeroFreeString(password);
+
++ if (VIX_OK != err) {
++ VGAuth_UserHandleFree(newHandle);
++ newHandle = NULL;
++ }
+ return err;
+ #else
+ return VIX_E_NOT_SUPPORTED;
+@@ -11731,7 +11739,7 @@ impersonate:
+
+ #ifdef _WIN32
+ // this is making a copy of the token, be sure to close it
+- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
+ if (VGAUTH_FAILED(vgErr)) {
+ err = VixToolsTranslateVGAuthError(vgErr);
+ goto done;
+--
+1.8.3.1
+
diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec
index 7696902..6ae80f5 100644
--- a/SPECS/open-vm-tools.spec
+++ b/SPECS/open-vm-tools.spec
@@ -28,7 +28,7 @@
Name: open-vm-tools
Version: %{toolsversion}
-Release: 3%{?dist}
+Release: 3%{?dist}.1
Summary: Open Virtual Machine Tools for virtual machines hosted on VMware
Group: Applications/System
License: GPLv2
@@ -71,6 +71,12 @@ Patch15: ovt-copyPasteCompatX11.c-code-generating-unnecessary-Cov.patch
Patch16: ovt-Fix-a-Coverity-issue-reported-in-vgauth-serviceImpl-.patch
# For bz#1602648 - [ESXi][RHEL8]Please review important issues found by covscan in "open-vm-tools-10.2.5-2.el8+7" package
Patch17: ovt-Fix-two-coverity-issues-reported-by-a-customer.patch
+# For bz#1773903 - [ESXi][RHEL8.0]Need to backport some severe memory leak fixes from upstream [rhel-8.1.0.z]
+Patch18: ovt-Fix-memory-leaks-in-vix-tools-plugin.patch
+# For bz#1773903 - [ESXi][RHEL8.0]Need to backport some severe memory leak fixes from upstream [rhel-8.1.0.z]
+Patch19: ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch
+# For bz#1773903 - [ESXi][RHEL8.0]Need to backport some severe memory leak fixes from upstream [rhel-8.1.0.z]
+Patch20: ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -179,6 +185,9 @@ machines.
%patch15 -p1
%patch16 -p1
%patch17 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
%build
# Required for regenerating configure script when
@@ -349,6 +358,13 @@ fi
%{_bindir}/vmware-vgauth-smoketest
%changelog
+* Fri Nov 22 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.10-3.el8_1_0.1
+- ovt-Fix-memory-leaks-in-vix-tools-plugin.patch [bz#1773903]
+- ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch [bz#1773903]
+- ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch [bz#1773903]
+- Resolves: bz#1773903
+ ([ESXi][RHEL8.0]Need to backport some severe memory leak fixes from upstream [rhel-8.1.0.z])
+
* Thu Aug 01 2019 Miroslav Rezanina <mrezanin@redhat.com> - 10.3.10-3
- ovt-End-VGAuth-impersonation-in-the-case-of-error.patch [bz#1602648]
- ovt-Fix-memory-leak-in-GetFormattedCommandLine-function-.patch [bz#1602648]