Accepting request 1109310 from Virtualization:VMware

OBS-URL: https://build.opensuse.org/request/show/1109310 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/open-vm-tools?expand=0&rev=115
2023-09-08 19:14:55 +00:00 · 2023-09-08 19:14:55 +00:00 · 2701acbd13
commit 2701acbd13
parent bc3cca1bcd da0d25dcbe
9 changed files with 60 additions and 419 deletions
--- a/0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
+++ b/0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
@ -1,162 +0,0 @@
-From 50d7dc0102751808823640321ec1da5d34811978 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Wed, 3 May 2023 00:48:14 +0200
-Subject: [PATCH 1/2] build: put -l specifiers into LIBADD, not LDFLAGS
-References: https://github.com/vmware/open-vm-tools/pull/664
-
-Linking order matters.
-LDFLAGS is the *totally* *wrong* place for -l.
-Replace by LDLIBS / xxx_LDADD / xxx_LIBADD.
---
- open-vm-tools/libDeployPkg/Makefile.am                   | 3 +--
- open-vm-tools/libappmonitor/Makefile.am                  | 6 ++----
- open-vm-tools/libguestStoreClient/Makefile.am            | 2 +-
- open-vm-tools/libguestlib/Makefile.am                    | 6 ++----
- open-vm-tools/libhgfs/Makefile.am                        | 2 +-
- open-vm-tools/libvmtools/Makefile.am                     | 2 +-
- open-vm-tools/services/plugins/containerInfo/Makefile.am | 6 +++---
- open-vm-tools/tests/testVmblock/Makefile.am              | 4 ++--
- open-vm-tools/vgauth/lib/Makefile.am                     | 2 +-
- 9 files changed, 14 insertions(+), 19 deletions(-)
-
-diff --git a/open-vm-tools/libDeployPkg/Makefile.am b/open-vm-tools/libDeployPkg/Makefile.am
-index 15728126..5f080744 100644
--- a/open-vm-tools/libDeployPkg/Makefile.am
-+++ b/open-vm-tools/libDeployPkg/Makefile.am
-@@ -36,10 +36,9 @@ libDeployPkg_la_SOURCES += processPosix.c
- libDeployPkg_la_SOURCES += linuxDeploymentUtilities.c
- libDeployPkg_la_SOURCES += linuxDeploymentUtilities.h
- 
-libDeployPkg_la_LDFLAGS =
- # We require GCC, so we're fine passing compiler-specific flags.
- # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
-libDeployPkg_la_LDFLAGS += -Wl,-lc
-+libDeployPkg_la_LIBADD += -lc
- 
- libDeployPkg_includedir = $(includedir)/libDeployPkg
- 
-diff --git a/open-vm-tools/libappmonitor/Makefile.am b/open-vm-tools/libappmonitor/Makefile.am
-index 2681eb79..be6b6a30 100644
--- a/open-vm-tools/libappmonitor/Makefile.am
-+++ b/open-vm-tools/libappmonitor/Makefile.am
-@@ -48,12 +48,10 @@ libappmonitor_la_SOURCES += $(libappmonitor_rpcchanneldir)/vsockChannel.c
- libappmonitor_la_SOURCES += $(libappmonitor_rpcchanneldir)/simpleSocket.c
- endif
- 
-libappmonitor_la_LDFLAGS =
-libappmonitor_la_LDFLAGS += -Wl,-ldl
-libappmonitor_la_LDFLAGS += -Wl,-lrt
-+libappmonitor_la_LIBADD += -ldl -lrt
- # We require GCC, so we're fine passing compiler-specific flags.
- # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
-libappmonitor_la_LDFLAGS += -Wl,-lc
-+libappmonitor_la_LIBADD += -lc
- 
- libappmonitor_includedir = $(includedir)/libappmonitor
- 
-diff --git a/open-vm-tools/libguestStoreClient/Makefile.am b/open-vm-tools/libguestStoreClient/Makefile.am
-index adf69309..2dee8e7b 100644
--- a/open-vm-tools/libguestStoreClient/Makefile.am
-+++ b/open-vm-tools/libguestStoreClient/Makefile.am
-@@ -33,4 +33,4 @@ libguestStoreClient_la_LDFLAGS =
- libguestStoreClient_la_LDFLAGS += -Wl,-z,defs
- # Needed for OS's that don't link shared libraries against libc by
- #default, e.g. FreeBSD
-libguestStoreClient_la_LDFLAGS += -Wl,-lc
-+libguestStoreClient_la_LIBADD += -lc
-diff --git a/open-vm-tools/libguestlib/Makefile.am b/open-vm-tools/libguestlib/Makefile.am
-index d2cfb80a..5175b442 100644
--- a/open-vm-tools/libguestlib/Makefile.am
-+++ b/open-vm-tools/libguestlib/Makefile.am
-@@ -50,12 +50,10 @@ libguestlib_la_SOURCES += $(libguestlib_rpcchanneldir)/vsockChannel.c
- libguestlib_la_SOURCES += $(libguestlib_rpcchanneldir)/simpleSocket.c
- endif
- 
-libguestlib_la_LDFLAGS =
-libguestlib_la_LDFLAGS += -Wl,-ldl
-libguestlib_la_LDFLAGS += -Wl,-lrt
-+libguestlib_la_LIBADD += -ldl -lrt
- # We require GCC, so we're fine passing compiler-specific flags.
- # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
-libguestlib_la_LDFLAGS += -Wl,-lc
-+libguestlib_la_LIBADD += -lc
- 
- libguestlib_includedir = $(includedir)/vmGuestLib
- 
-diff --git a/open-vm-tools/libhgfs/Makefile.am b/open-vm-tools/libhgfs/Makefile.am
-index 76091452..c388da75 100644
--- a/open-vm-tools/libhgfs/Makefile.am
-+++ b/open-vm-tools/libhgfs/Makefile.am
-@@ -41,5 +41,5 @@ libhgfs_la_LDFLAGS =
- libhgfs_la_LDFLAGS += -Wl,-z,defs
- # Needed for OS's that don't link shared libraries against libc by
- #default, e.g. FreeBSD
-libhgfs_la_LDFLAGS += -Wl,-lc
-+libhgfs_la_LIBADD += -lc
- 
-diff --git a/open-vm-tools/libvmtools/Makefile.am b/open-vm-tools/libvmtools/Makefile.am
-index 6da97362..a2f9a241 100644
--- a/open-vm-tools/libvmtools/Makefile.am
-+++ b/open-vm-tools/libvmtools/Makefile.am
-@@ -89,5 +89,5 @@ libvmtools_la_LDFLAGS =
- libvmtools_la_LDFLAGS += -Wl,-z,defs
- # Needed for OS's that don't link shared libraries against libc by
- #default, e.g. FreeBSD
-libvmtools_la_LDFLAGS += -Wl,-lc
-+libvmtools_la_LIBADD += -lc
- 
-diff --git a/open-vm-tools/services/plugins/containerInfo/Makefile.am b/open-vm-tools/services/plugins/containerInfo/Makefile.am
-index 488e35aa..10b4dfae 100644
--- a/open-vm-tools/services/plugins/containerInfo/Makefile.am
-+++ b/open-vm-tools/services/plugins/containerInfo/Makefile.am
-@@ -36,7 +36,7 @@ libcontainerInfo_la_SOURCES += containerInfoInt.h
- libcontainerInfo_la_SOURCES += containerInfo.c
- 
- libcontainerInfo_la_SOURCES += containerInfo_docker.c
-libcontainerInfo_la_LDFLAGS += -lcurl
-+libcontainerInfo_la_LIBADD += -lcurl
- libcontainerInfo_la_CPPFLAGS += @CURL_CPPFLAGS@
- libcontainerInfo_la_LIBADD += ../../../lib/jsmn/libJsmn.la
- 
-@@ -61,8 +61,8 @@ libcontainerInfo_la_SOURCES += containers.grpc.pb.cc
- libcontainerInfo_la_SOURCES += containerInfo_grpc.cc
- 
- libcontainerInfo_la_CPPFLAGS += @GRPC_CPPFLAGS@
-libcontainerInfo_la_LDFLAGS += -lprotobuf
-libcontainerInfo_la_LDFLAGS += -lgrpc++
-+libcontainerInfo_la_LIBADD += -lprotobuf
-+libcontainerInfo_la_LIBADD += -lgrpc++
- 
- tasks.grpc.pb.cc containers.grpc.pb.cc: %.grpc.pb.cc : %.proto %.pb.cc
- 	$(PROTOC) -I. -I$(GOGO_PROTOPATH) \
-diff --git a/open-vm-tools/tests/testVmblock/Makefile.am b/open-vm-tools/tests/testVmblock/Makefile.am
-index 1fd469d5..ae6c79fe 100644
--- a/open-vm-tools/tests/testVmblock/Makefile.am
-+++ b/open-vm-tools/tests/testVmblock/Makefile.am
-@@ -29,8 +29,8 @@ AM_CFLAGS =
- AM_CFLAGS += -DVMX86_DEVEL
- AM_CFLAGS += -DVMX86_DEBUG
- 
-AM_LDFLAGS =
-AM_LDFLAGS += -lpthread
-+LDLIBS =
-+LDLIBS += -lpthread
- 
- vmware_testvmblock_fuse_CFLAGS = $(AM_CFLAGS) -Dvmblock_fuse
- vmware_testvmblock_fuse_SOURCES = vmblocktest.c
-diff --git a/open-vm-tools/vgauth/lib/Makefile.am b/open-vm-tools/vgauth/lib/Makefile.am
-index bce97aac..88944f19 100644
--- a/open-vm-tools/vgauth/lib/Makefile.am
-+++ b/open-vm-tools/vgauth/lib/Makefile.am
-@@ -59,7 +59,7 @@ libvgauth_la_LDFLAGS =
- libvgauth_la_LDFLAGS += -Wl,-z,defs
- # Needed for OS's that don't link shared libraries against libc by
- #default, e.g. FreeBSD
-libvgauth_la_LDFLAGS += -Wl,-lc
-+libvgauth_la_LIBADD += -lc
- 
- # Message catalogs.
- install-data-hook:
-- 
-2.40.1
-
--- a/0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
+++ b/0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
@ -1,49 +0,0 @@
-From 7f97b8ac1df51da902c2db05e488e52bb3068149 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Wed, 3 May 2023 00:48:56 +0200
-Subject: [PATCH 2/2] build: use grpc++ pkgconfig to retrieve flags/libraries
-References: https://github.com/vmware/open-vm-tools/pull/664
-
-When a .pc file exists, it should be used. Fixes obvious linking problems like
-
-ld: .libs/libcontainerInfo_la-containers.grpc.pb.o: in function `grpc::ByteBuffer::~ByteBuffer()':
-/usr/include/grpcpp/support/byte_buffer.h:99: undefined reference to `grpc_byte_buffer_destroy'
-collect2: error: ld returned 1 exit status
-make[4]: *** [Makefile:649: libcontainerInfo.la] Error 1
---
- open-vm-tools/configure.ac                               | 2 ++
- open-vm-tools/services/plugins/containerInfo/Makefile.am | 4 ++--
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac
-index 5f9a1937..fd8c2db0 100644
--- a/open-vm-tools/configure.ac
-+++ b/open-vm-tools/configure.ac
-@@ -723,6 +723,8 @@ AC_DEFUN([AC_VMW_CONTAINERINFO_MSG],[
-                       [],
-                       [AC_VMW_CONTAINERINFO_MSG(["grpc++ >= 1.3.2"])])
- 
-+PKG_CHECK_MODULES([grpcxx], [grpc++ >= 1.3.2])
-+
- #
- # proto files needed by containerd grpc client.
- #
-diff --git a/open-vm-tools/services/plugins/containerInfo/Makefile.am b/open-vm-tools/services/plugins/containerInfo/Makefile.am
-index 10b4dfae..74d9c8f0 100644
--- a/open-vm-tools/services/plugins/containerInfo/Makefile.am
-+++ b/open-vm-tools/services/plugins/containerInfo/Makefile.am
-@@ -60,9 +60,9 @@ libcontainerInfo_la_SOURCES += containers.grpc.pb.h
- libcontainerInfo_la_SOURCES += containers.grpc.pb.cc
- libcontainerInfo_la_SOURCES += containerInfo_grpc.cc
- 
-libcontainerInfo_la_CPPFLAGS += @GRPC_CPPFLAGS@
-+libcontainerInfo_la_CPPFLAGS += ${grpcxx_CFLAGS}
- libcontainerInfo_la_LIBADD += -lprotobuf
-libcontainerInfo_la_LIBADD += -lgrpc++
-+libcontainerInfo_la_LIBADD += ${grpcxx_LIBS}
- 
- tasks.grpc.pb.cc containers.grpc.pb.cc: %.grpc.pb.cc : %.proto %.pb.cc
- 	$(PROTOC) -I. -I$(GOGO_PROTOPATH) \
-- 
-2.40.1
-
--- a/2023-20867-Remove-some-dead-code.patch
+++ b/2023-20867-Remove-some-dead-code.patch
@ -1,156 +0,0 @@
-From 3028cdd4c0b2461b904cbe5a5868c8e591aa0941 Mon Sep 17 00:00:00 2001
-From: John Wolfe <jwolfe@vmware.com>
-Date: Mon, 8 May 2023 19:04:57 -0700
-Subject: [PATCH] Remove some dead code.
-
-Address CVE-2023-20867.
-Remove some authentication types which were deprecated long
-ago and are no longer in use. These are dead code.
---
- open-vm-tools/services/plugins/vix/vixTools.c | 102 --------------------------
- 1 file changed, 102 deletions(-)
-
-diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
-index 9f376a7..85c5ba7 100644
--- a/open-vm-tools/services/plugins/vix/vixTools.c
-+++ b/open-vm-tools/services/plugins/vix/vixTools.c
-@@ -254,8 +254,6 @@ char *gImpersonatedUsername = NULL;
- #define  VIX_TOOLS_CONFIG_API_AUTHENTICATION          "Authentication"
- #define  VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS             "InfrastructureAgents"
- 
-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT  TRUE
-
- /*
-  * The switch that controls all APIs
-  */
-@@ -730,9 +728,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
- 
- void GuestAuthUnimpersonate();
- 
-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
-                                                     const char *typeName);
-
- #if SUPPORT_VGAUTH
- 
- VGAuthError TheVGAuthContext(VGAuthContext **ctx);
-@@ -8013,29 +8008,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg,   // IN
-                                           userToken);
-       break;
-    }
-   case VIX_USER_CREDENTIAL_ROOT:
-   {
-      if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
-          !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
-                                            VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
-          /*
-           * Don't accept hashed shared secret if disabled.
-           */
-          g_message("%s: Requested authentication type has been disabled.\n",
-                    __FUNCTION__);
-          err = VIX_E_GUEST_AUTHTYPE_DISABLED;
-          goto done;
-      }
-   }
-   // fall through
-
-   case VIX_USER_CREDENTIAL_CONSOLE_USER:
-      err = VixToolsImpersonateUserImplEx(NULL,
-                                          credentialType,
-                                          NULL,
-                                          loadUserProfile,
-                                          userToken);
-      break;
-    case VIX_USER_CREDENTIAL_NAME_PASSWORD:
-    case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
-    case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
-@@ -8205,36 +8177,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr,         // IN
-       }
- 
-       /*
-       * If the VMX asks to be root, then we allow them.
-       * The VMX will make sure that only it will pass this value in,
-       * and only when the VM and host are configured to allow this.
-       */
-      if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
-            && (thisProcessRunsAsRoot)) {
-         *userToken = PROCESS_CREATOR_USER_TOKEN;
-
-         gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
-         err = VIX_OK;
-         goto quit;
-      }
-
-      /*
-       * If the VMX asks to be root, then we allow them.
-       * The VMX will make sure that only it will pass this value in,
-       * and only when the VM and host are configured to allow this.
-       *
-       * XXX This has been deprecated XXX
-       */
-      if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
-            && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
-         *userToken = PROCESS_CREATOR_USER_TOKEN;
-
-         gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
-         err = VIX_OK;
-         goto quit;
-      }
-
-      /*
-        * If the VMX asks us to run commands in the context of the current
-        * user, make sure that the user who requested the command is the
-        * same as the current user.
-@@ -10917,50 +10859,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode,                          // IN
- /*
-  *-----------------------------------------------------------------------------
-  *
- * VixToolsCheckIfAuthenticationTypeEnabled --
- *
- *    Checks to see if a given authentication type has been
- *    disabled via the tools configuration.
- *
- * Return value:
- *    TRUE if enabled, FALSE otherwise.
- *
- * Side effects:
- *    None
- *
- *-----------------------------------------------------------------------------
- */
-
-static Bool
-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,     // IN
-                                         const char *typeName)      // IN
-{
-   char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
-   gboolean disabled;
-
-   Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
-                VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
-                typeName);
-
-   ASSERT(confDictRef != NULL);
-
-   /*
-    * XXX Skip doing the strcmp() to verify the auth type since we only
-    * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
-    * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
-    */
-   disabled = VMTools_ConfigGetBoolean(confDictRef,
-                                       VIX_TOOLS_CONFIG_API_GROUPNAME,
-                                       authnDisabledName,
-                                       VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
-
-   return !disabled;
-}
-
-
-/*
- *-----------------------------------------------------------------------------
- *
-  * VixTools_ProcessVixCommand --
-  *
-  *
-- 
-2.6.2
-
--- a/CVE-20230-20900.patch
+++ b/CVE-20230-20900.patch
@ -1,34 +0,0 @@
-From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001
-From: John Wolfe <jwolfe@vmware.com>
-Date: Fri, 18 Aug 2023 11:23:53 -0700
-Subject: [PATCH] Address CVE-2023-20900
-
-VGAuth: Allow only X509 certs to verify the SAML token signature.
-
---
- open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
-index f5541a9..0b2a945 100644
--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
-+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
-@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
-     */
-    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
-    if (bRet == FALSE) {
-      g_warning("failed to register ID\n");
-+      g_warning("Failed to register ID\n");
-+      goto done;
-+   }
-+
-+   /* Use only X509 certs to validate the signature */
-+   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
-+                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
-+      g_warning("Failed to limit allowed key data\n");
-       goto done;
-    }
- 
-- 
-2.6.2
-
--- a/4
+++ b/4
@ -2,9 +2,9 @@
  <service name="tar_scm" mode="disabled">
    <param name="scm">git</param>
    <param name="url">https://github.com/vmware/open-vm-tools.git</param>
-    <param name="revision">stable-12.2.0</param>
+    <param name="revision">stable-12.3.0</param>
    <param name="filename">open-vm-tools</param>
-    <param name="versionformat">12.2.0</param>
+    <param name="versionformat">12.3.0</param>
  </service>
  <service name="recompress" mode="disabled">
    <param name="file">*.tar</param>
--- a/open-vm-tools-12.2.0.tar.xz
+++ b/open-vm-tools-12.2.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ef22adf11d16a8bc675d1c73c190d178e791ee247d6cabfe78df9c56c9fae8c0
-size 1801020
--- a/open-vm-tools-12.3.0.tar.xz
+++ b/open-vm-tools-12.3.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:034abbf1dbf34425789a94cc9de2551f0ef57b799712a9a610366c25c2a07ba3
+size 1808920
--- a/open-vm-tools.changes
+++ b/open-vm-tools.changes
@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Wed Sep  6 15:52:41 UTC 2023 - Kirk Allan <kallan@suse.com>
+
+- Update to 12.3.0 (build 22234872) (boo#1214850)
+  - There are no new features in the open-vm-tools 12.3.0 release. This is
+    primarily a maintenance release that addresses a few critical problems,
+    including:
+    - This release integrates CVE-2023-20900 without the need for a patch.
+      For more information on this vulnerability and its impact on VMware
+      products, see
+      https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
+    - A tools.conf configuration setting is available to temporaily direct
+      Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
+      of ignoring file systems already frozen.
+    - Building of the VMware Guest Authentication Service (VGAuth) using
+      "xml-security-c" and "xerces-c" is being deprecated.
+    - A number of Coverity reported issues have been addressed.
+    - A number of GitHub issues and pull requests have been handled.
+      Please see the Resolves Issues section of the Release Notes.
+    - For issues resolved in this release, see the Resolved Issues section
+      of the Release Notes.
+  - For complete details, see:
+    https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
+  - Release Notes are available at
+    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
+  - The granular changes that have gone into the 12.3.0 release are in the
+    ChangeLog at
+    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
+
+- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
+
+- jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
+
+- Drop patch now contained in 12.3.0:
+  + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
+  + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
+  + 2023-20867-Remove-some-dead-code.patch
+  + CVE-20230-20900.patch
+
 -------------------------------------------------------------------
 Mon Aug 28 15:10:27 UTC 2023 - Kirk Allan <kallan@suse.com>

--- a/open-vm-tools.spec
+++ b/open-vm-tools.spec
@ -38,7 +38,7 @@
 %define with_X 1

 Name:           open-vm-tools
-Version:        12.2.0
+Version:        12.3.0
 Release:        0
 Summary:        Open Virtual Machine Tools
 License:        BSD-3-Clause AND GPL-2.0-only AND LGPL-2.1-only
@ -69,7 +69,7 @@ BuildRequires:  pam-devel
 BuildRequires:  pcre-devel
 BuildRequires:  procps-devel
 BuildRequires:  update-desktop-files
-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 BuildRequires:  containerd-devel
 BuildRequires:  grpc-devel
 BuildRequires:  libcurl-devel
@ -106,7 +106,11 @@ BuildRequires:  pkgconfig(libudev)
 %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 0120300
 BuildRequires:  libxml2-devel
 BuildRequires:  pkgconfig(xmlsec1)
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 0150400
+Requires:       libxmlsec1-openssl1 >= 1.2.37
+%else
 Requires:       libxmlsec1-openssl1 >= 1.2.28
+%endif
 %define         arg_xmlsec1 --enable-xmlsec1
 %else
 # Leap 42.1 and 42.2 supports xmlsec1 and libxmlsec1-openssl1 but 12 SP1 and
@ -153,10 +157,6 @@ Obsoletes:      open-vm-tools-deploypkg <= 10.0.5
 Supplements:    modalias(pci:v000015ADd*sv*sd*bc*sc*i*)
 ExclusiveArch:  %ix86 x86_64 aarch64
 #Upstream patches
-Patch2:         0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
-Patch3:         0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
-Patch4:         2023-20867-Remove-some-dead-code.patch
-Patch5:         CVE-20230-20900.patch

 #SUSE specific patches
 Patch0:         pam-vmtoolsd.patch
@ -243,7 +243,7 @@ Requires:       libvmtools0 = %{version}
 Those are the development headers for libvmtools. They are needed
 if you intend to create own plugins for vmtoolsd.

-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 %package        containerinfo
 Summary:        Container Info Plugin
 Group:          System Environment/Libraries
@ -259,10 +259,6 @@ This package interfaces with the container runtime to retrieve a list of contain
 # fix for an rpmlint warning regarding wrong line feeds
 sed -i -e "s/\r//" README
 #Upstream patches
-%patch2 -p2
-%patch3 -p2
-%patch4 -p2
-%patch5 -p2

 #SUSE specific patches
 %patch0 -p2
@ -318,6 +314,10 @@ make
 %install
 %make_install

+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
+mkdir -p  %buildroot%_modulesloaddir
+echo vmw_vsock_vmci_transport > %buildroot%_modulesloaddir/vmw_vsock_vmci_transport.conf
+%endif
 mkdir -p  %{buildroot}%{_sbindir}

 # Remove exec bit from config files
@ -457,7 +457,7 @@ systemctl try-restart vmtoolsd.service || :

 %postun -n libvmtools0 -p /sbin/ldconfig

-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 %post containerinfo
 systemctl try-restart vmtoolsd.service || :

@ -466,6 +466,9 @@ systemctl try-restart vmtoolsd.service || :
 %endif

 %files
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
+%_modulesloaddir/vmw_vsock_vmci_transport.conf
+%endif
 %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 0120300
 %license COPYING
 %doc AUTHORS ChangeLog NEWS README
@ -590,7 +593,7 @@ systemctl try-restart vmtoolsd.service || :
 %{_includedir}/libDeployPkg
 %{_libdir}/pkgconfig/libDeployPkg.pc

-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 %files containerinfo
 %{_libdir}/%{name}/plugins/vmsvc/libcontainerInfo.so
 %endif