Accepting request 1109309 from home:kallan:branches:Virtualization:VMware

- Update to 12.3.0 (build 22234872) (boo#1214850) - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900 without the need for a patch. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. - A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen. - Building of the VMware Guest Authentication Service (VGAuth) using "xml-security-c" and "xerces-c" is being deprecated. - A number of Coverity reported issues have been addressed. - A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes. - For issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 - Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md - The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog - Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests - jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. - Drop patch now contained in 12.3.0: + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch OBS-URL: https://build.opensuse.org/request/show/1109309 OBS-URL: https://build.opensuse.org/package/show/Virtualization:VMware/open-vm-tools?expand=0&rev=442
2023-09-06 17:14:23 +00:00 · 2023-09-06 17:14:23 +00:00 · da0d25dcbe
commit da0d25dcbe
parent 79ad92f6bb
9 changed files with 60 additions and 419 deletions
--- a/0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
+++ b/0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
@ -1,162 +0,0 @@
 From 50d7dc0102751808823640321ec1da5d34811978 Mon Sep 17 00:00:00 2001
 From: Jan Engelhardt <jengelh@inai.de>
 Date: Wed, 3 May 2023 00:48:14 +0200
 Subject: [PATCH 1/2] build: put -l specifiers into LIBADD, not LDFLAGS
 References: https://github.com/vmware/open-vm-tools/pull/664
 Linking order matters.
 LDFLAGS is the *totally* *wrong* place for -l.
 Replace by LDLIBS / xxx_LDADD / xxx_LIBADD.
 ---
 open-vm-tools/libDeployPkg/Makefile.am                   | 3 +--
 open-vm-tools/libappmonitor/Makefile.am                  | 6 ++----
 open-vm-tools/libguestStoreClient/Makefile.am            | 2 +-
 open-vm-tools/libguestlib/Makefile.am                    | 6 ++----
 open-vm-tools/libhgfs/Makefile.am                        | 2 +-
 open-vm-tools/libvmtools/Makefile.am                     | 2 +-
 open-vm-tools/services/plugins/containerInfo/Makefile.am | 6 +++---
 open-vm-tools/tests/testVmblock/Makefile.am              | 4 ++--
 open-vm-tools/vgauth/lib/Makefile.am                     | 2 +-
 9 files changed, 14 insertions(+), 19 deletions(-)
 diff --git a/open-vm-tools/libDeployPkg/Makefile.am b/open-vm-tools/libDeployPkg/Makefile.am
 index 15728126..5f080744 100644
 --- a/open-vm-tools/libDeployPkg/Makefile.am
 +++ b/open-vm-tools/libDeployPkg/Makefile.am
@@ -36,10 +36,9 @@ libDeployPkg_la_SOURCES += processPosix.c
 libDeployPkg_la_SOURCES += linuxDeploymentUtilities.c
 libDeployPkg_la_SOURCES += linuxDeploymentUtilities.h
 -libDeployPkg_la_LDFLAGS =
 # We require GCC, so we're fine passing compiler-specific flags.
 # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
 -libDeployPkg_la_LDFLAGS += -Wl,-lc
 +libDeployPkg_la_LIBADD += -lc
 libDeployPkg_includedir = $(includedir)/libDeployPkg
 diff --git a/open-vm-tools/libappmonitor/Makefile.am b/open-vm-tools/libappmonitor/Makefile.am
 index 2681eb79..be6b6a30 100644
 --- a/open-vm-tools/libappmonitor/Makefile.am
 +++ b/open-vm-tools/libappmonitor/Makefile.am
@@ -48,12 +48,10 @@ libappmonitor_la_SOURCES += $(libappmonitor_rpcchanneldir)/vsockChannel.c
 libappmonitor_la_SOURCES += $(libappmonitor_rpcchanneldir)/simpleSocket.c
 endif
 -libappmonitor_la_LDFLAGS =
 -libappmonitor_la_LDFLAGS += -Wl,-ldl
 -libappmonitor_la_LDFLAGS += -Wl,-lrt
 +libappmonitor_la_LIBADD += -ldl -lrt
 # We require GCC, so we're fine passing compiler-specific flags.
 # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
 -libappmonitor_la_LDFLAGS += -Wl,-lc
 +libappmonitor_la_LIBADD += -lc
 libappmonitor_includedir = $(includedir)/libappmonitor
 diff --git a/open-vm-tools/libguestStoreClient/Makefile.am b/open-vm-tools/libguestStoreClient/Makefile.am
 index adf69309..2dee8e7b 100644
 --- a/open-vm-tools/libguestStoreClient/Makefile.am
 +++ b/open-vm-tools/libguestStoreClient/Makefile.am
@@ -33,4 +33,4 @@ libguestStoreClient_la_LDFLAGS =
 libguestStoreClient_la_LDFLAGS += -Wl,-z,defs
 # Needed for OS's that don't link shared libraries against libc by
 #default, e.g. FreeBSD
 -libguestStoreClient_la_LDFLAGS += -Wl,-lc
 +libguestStoreClient_la_LIBADD += -lc
 diff --git a/open-vm-tools/libguestlib/Makefile.am b/open-vm-tools/libguestlib/Makefile.am
 index d2cfb80a..5175b442 100644
 --- a/open-vm-tools/libguestlib/Makefile.am
 +++ b/open-vm-tools/libguestlib/Makefile.am
@@ -50,12 +50,10 @@ libguestlib_la_SOURCES += $(libguestlib_rpcchanneldir)/vsockChannel.c
 libguestlib_la_SOURCES += $(libguestlib_rpcchanneldir)/simpleSocket.c
 endif
 -libguestlib_la_LDFLAGS =
 -libguestlib_la_LDFLAGS += -Wl,-ldl
 -libguestlib_la_LDFLAGS += -Wl,-lrt
 +libguestlib_la_LIBADD += -ldl -lrt
 # We require GCC, so we're fine passing compiler-specific flags.
 # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
 -libguestlib_la_LDFLAGS += -Wl,-lc
 +libguestlib_la_LIBADD += -lc
 libguestlib_includedir = $(includedir)/vmGuestLib
 diff --git a/open-vm-tools/libhgfs/Makefile.am b/open-vm-tools/libhgfs/Makefile.am
 index 76091452..c388da75 100644
 --- a/open-vm-tools/libhgfs/Makefile.am
 +++ b/open-vm-tools/libhgfs/Makefile.am
@@ -41,5 +41,5 @@ libhgfs_la_LDFLAGS =
 libhgfs_la_LDFLAGS += -Wl,-z,defs
 # Needed for OS's that don't link shared libraries against libc by
 #default, e.g. FreeBSD
 -libhgfs_la_LDFLAGS += -Wl,-lc
 +libhgfs_la_LIBADD += -lc
 diff --git a/open-vm-tools/libvmtools/Makefile.am b/open-vm-tools/libvmtools/Makefile.am
 index 6da97362..a2f9a241 100644
 --- a/open-vm-tools/libvmtools/Makefile.am
 +++ b/open-vm-tools/libvmtools/Makefile.am
@@ -89,5 +89,5 @@ libvmtools_la_LDFLAGS =
 libvmtools_la_LDFLAGS += -Wl,-z,defs
 # Needed for OS's that don't link shared libraries against libc by
 #default, e.g. FreeBSD
 -libvmtools_la_LDFLAGS += -Wl,-lc
 +libvmtools_la_LIBADD += -lc
 diff --git a/open-vm-tools/services/plugins/containerInfo/Makefile.am b/open-vm-tools/services/plugins/containerInfo/Makefile.am
 index 488e35aa..10b4dfae 100644
 --- a/open-vm-tools/services/plugins/containerInfo/Makefile.am
 +++ b/open-vm-tools/services/plugins/containerInfo/Makefile.am
@@ -36,7 +36,7 @@ libcontainerInfo_la_SOURCES += containerInfoInt.h
 libcontainerInfo_la_SOURCES += containerInfo.c
 libcontainerInfo_la_SOURCES += containerInfo_docker.c
 -libcontainerInfo_la_LDFLAGS += -lcurl
 +libcontainerInfo_la_LIBADD += -lcurl
 libcontainerInfo_la_CPPFLAGS += @CURL_CPPFLAGS@
 libcontainerInfo_la_LIBADD += ../../../lib/jsmn/libJsmn.la
@@ -61,8 +61,8 @@ libcontainerInfo_la_SOURCES += containers.grpc.pb.cc
 libcontainerInfo_la_SOURCES += containerInfo_grpc.cc
 libcontainerInfo_la_CPPFLAGS += @GRPC_CPPFLAGS@
 -libcontainerInfo_la_LDFLAGS += -lprotobuf
 -libcontainerInfo_la_LDFLAGS += -lgrpc++
 +libcontainerInfo_la_LIBADD += -lprotobuf
 +libcontainerInfo_la_LIBADD += -lgrpc++
 tasks.grpc.pb.cc containers.grpc.pb.cc: %.grpc.pb.cc : %.proto %.pb.cc
 	$(PROTOC) -I. -I$(GOGO_PROTOPATH) \
 diff --git a/open-vm-tools/tests/testVmblock/Makefile.am b/open-vm-tools/tests/testVmblock/Makefile.am
 index 1fd469d5..ae6c79fe 100644
 --- a/open-vm-tools/tests/testVmblock/Makefile.am
 +++ b/open-vm-tools/tests/testVmblock/Makefile.am
@@ -29,8 +29,8 @@ AM_CFLAGS =
 AM_CFLAGS += -DVMX86_DEVEL
 AM_CFLAGS += -DVMX86_DEBUG
 -AM_LDFLAGS =
 -AM_LDFLAGS += -lpthread
 +LDLIBS =
 +LDLIBS += -lpthread
 vmware_testvmblock_fuse_CFLAGS = $(AM_CFLAGS) -Dvmblock_fuse
 vmware_testvmblock_fuse_SOURCES = vmblocktest.c
 diff --git a/open-vm-tools/vgauth/lib/Makefile.am b/open-vm-tools/vgauth/lib/Makefile.am
 index bce97aac..88944f19 100644
 --- a/open-vm-tools/vgauth/lib/Makefile.am
 +++ b/open-vm-tools/vgauth/lib/Makefile.am
@@ -59,7 +59,7 @@ libvgauth_la_LDFLAGS =
 libvgauth_la_LDFLAGS += -Wl,-z,defs
 # Needed for OS's that don't link shared libraries against libc by
 #default, e.g. FreeBSD
 -libvgauth_la_LDFLAGS += -Wl,-lc
 +libvgauth_la_LIBADD += -lc
 # Message catalogs.
 install-data-hook:
 -- 
 2.40.1
--- a/0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
+++ b/0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
@ -1,49 +0,0 @@
 From 7f97b8ac1df51da902c2db05e488e52bb3068149 Mon Sep 17 00:00:00 2001
 From: Jan Engelhardt <jengelh@inai.de>
 Date: Wed, 3 May 2023 00:48:56 +0200
 Subject: [PATCH 2/2] build: use grpc++ pkgconfig to retrieve flags/libraries
 References: https://github.com/vmware/open-vm-tools/pull/664
 When a .pc file exists, it should be used. Fixes obvious linking problems like
 ld: .libs/libcontainerInfo_la-containers.grpc.pb.o: in function `grpc::ByteBuffer::~ByteBuffer()':
 /usr/include/grpcpp/support/byte_buffer.h:99: undefined reference to `grpc_byte_buffer_destroy'
 collect2: error: ld returned 1 exit status
 make[4]: *** [Makefile:649: libcontainerInfo.la] Error 1
 ---
 open-vm-tools/configure.ac                               | 2 ++
 open-vm-tools/services/plugins/containerInfo/Makefile.am | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)
 diff --git a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac
 index 5f9a1937..fd8c2db0 100644
 --- a/open-vm-tools/configure.ac
 +++ b/open-vm-tools/configure.ac
@@ -723,6 +723,8 @@ AC_DEFUN([AC_VMW_CONTAINERINFO_MSG],[
                       [],
                       [AC_VMW_CONTAINERINFO_MSG(["grpc++ >= 1.3.2"])])
 +PKG_CHECK_MODULES([grpcxx], [grpc++ >= 1.3.2])
 +
 #
 # proto files needed by containerd grpc client.
 #
 diff --git a/open-vm-tools/services/plugins/containerInfo/Makefile.am b/open-vm-tools/services/plugins/containerInfo/Makefile.am
 index 10b4dfae..74d9c8f0 100644
 --- a/open-vm-tools/services/plugins/containerInfo/Makefile.am
 +++ b/open-vm-tools/services/plugins/containerInfo/Makefile.am
@@ -60,9 +60,9 @@ libcontainerInfo_la_SOURCES += containers.grpc.pb.h
 libcontainerInfo_la_SOURCES += containers.grpc.pb.cc
 libcontainerInfo_la_SOURCES += containerInfo_grpc.cc
 -libcontainerInfo_la_CPPFLAGS += @GRPC_CPPFLAGS@
 +libcontainerInfo_la_CPPFLAGS += ${grpcxx_CFLAGS}
 libcontainerInfo_la_LIBADD += -lprotobuf
 -libcontainerInfo_la_LIBADD += -lgrpc++
 +libcontainerInfo_la_LIBADD += ${grpcxx_LIBS}
 tasks.grpc.pb.cc containers.grpc.pb.cc: %.grpc.pb.cc : %.proto %.pb.cc
 	$(PROTOC) -I. -I$(GOGO_PROTOPATH) \
 -- 
 2.40.1
--- a/2023-20867-Remove-some-dead-code.patch
+++ b/2023-20867-Remove-some-dead-code.patch
@ -1,156 +0,0 @@
 From 3028cdd4c0b2461b904cbe5a5868c8e591aa0941 Mon Sep 17 00:00:00 2001
 From: John Wolfe <jwolfe@vmware.com>
 Date: Mon, 8 May 2023 19:04:57 -0700
 Subject: [PATCH] Remove some dead code.
 Address CVE-2023-20867.
 Remove some authentication types which were deprecated long
 ago and are no longer in use. These are dead code.
 ---
 open-vm-tools/services/plugins/vix/vixTools.c | 102 --------------------------
 1 file changed, 102 deletions(-)
 diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
 index 9f376a7..85c5ba7 100644
 --- a/open-vm-tools/services/plugins/vix/vixTools.c
 +++ b/open-vm-tools/services/plugins/vix/vixTools.c
@@ -254,8 +254,6 @@ char *gImpersonatedUsername = NULL;
 #define  VIX_TOOLS_CONFIG_API_AUTHENTICATION          "Authentication"
 #define  VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS             "InfrastructureAgents"
 -#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT  TRUE
 -
 /*
  * The switch that controls all APIs
  */
@@ -730,9 +728,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
 void GuestAuthUnimpersonate();
 -static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
 -                                                     const char *typeName);
 -
 #if SUPPORT_VGAUTH
 VGAuthError TheVGAuthContext(VGAuthContext **ctx);
@@ -8013,29 +8008,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg,   // IN
                                           userToken);
       break;
    }
 -   case VIX_USER_CREDENTIAL_ROOT:
 -   {
 -      if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
 -          !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
 -                                            VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
 -          /*
 -           * Don't accept hashed shared secret if disabled.
 -           */
 -          g_message("%s: Requested authentication type has been disabled.\n",
 -                    __FUNCTION__);
 -          err = VIX_E_GUEST_AUTHTYPE_DISABLED;
 -          goto done;
 -      }
 -   }
 -   // fall through
 -
 -   case VIX_USER_CREDENTIAL_CONSOLE_USER:
 -      err = VixToolsImpersonateUserImplEx(NULL,
 -                                          credentialType,
 -                                          NULL,
 -                                          loadUserProfile,
 -                                          userToken);
 -      break;
    case VIX_USER_CREDENTIAL_NAME_PASSWORD:
    case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
    case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
@@ -8205,36 +8177,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr,         // IN
       }
       /*
 -       * If the VMX asks to be root, then we allow them.
 -       * The VMX will make sure that only it will pass this value in,
 -       * and only when the VM and host are configured to allow this.
 -       */
 -      if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
 -            && (thisProcessRunsAsRoot)) {
 -         *userToken = PROCESS_CREATOR_USER_TOKEN;
 -
 -         gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
 -         err = VIX_OK;
 -         goto quit;
 -      }
 -
 -      /*
 -       * If the VMX asks to be root, then we allow them.
 -       * The VMX will make sure that only it will pass this value in,
 -       * and only when the VM and host are configured to allow this.
 -       *
 -       * XXX This has been deprecated XXX
 -       */
 -      if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
 -            && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
 -         *userToken = PROCESS_CREATOR_USER_TOKEN;
 -
 -         gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
 -         err = VIX_OK;
 -         goto quit;
 -      }
 -
 -      /*
        * If the VMX asks us to run commands in the context of the current
        * user, make sure that the user who requested the command is the
        * same as the current user.
@@ -10917,50 +10859,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode,                          // IN
 /*
  *-----------------------------------------------------------------------------
  *
 - * VixToolsCheckIfAuthenticationTypeEnabled --
 - *
 - *    Checks to see if a given authentication type has been
 - *    disabled via the tools configuration.
 - *
 - * Return value:
 - *    TRUE if enabled, FALSE otherwise.
 - *
 - * Side effects:
 - *    None
 - *
 - *-----------------------------------------------------------------------------
 - */
 -
 -static Bool
 -VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,     // IN
 -                                         const char *typeName)      // IN
 -{
 -   char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
 -   gboolean disabled;
 -
 -   Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
 -                VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
 -                typeName);
 -
 -   ASSERT(confDictRef != NULL);
 -
 -   /*
 -    * XXX Skip doing the strcmp() to verify the auth type since we only
 -    * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
 -    * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
 -    */
 -   disabled = VMTools_ConfigGetBoolean(confDictRef,
 -                                       VIX_TOOLS_CONFIG_API_GROUPNAME,
 -                                       authnDisabledName,
 -                                       VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
 -
 -   return !disabled;
 -}
 -
 -
 -/*
 - *-----------------------------------------------------------------------------
 - *
  * VixTools_ProcessVixCommand --
  *
  *
 -- 
 2.6.2
--- a/CVE-20230-20900.patch
+++ b/CVE-20230-20900.patch
@ -1,34 +0,0 @@
 From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001
 From: John Wolfe <jwolfe@vmware.com>
 Date: Fri, 18 Aug 2023 11:23:53 -0700
 Subject: [PATCH] Address CVE-2023-20900
 VGAuth: Allow only X509 certs to verify the SAML token signature.
 ---
 open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
 diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
 index f5541a9..0b2a945 100644
 --- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
 +++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
     */
    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
    if (bRet == FALSE) {
 -      g_warning("failed to register ID\n");
 +      g_warning("Failed to register ID\n");
 +      goto done;
 +   }
 +
 +   /* Use only X509 certs to validate the signature */
 +   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
 +                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
 +      g_warning("Failed to limit allowed key data\n");
       goto done;
    }
 -- 
 2.6.2
--- a/4
+++ b/4
@ -2,9 +2,9 @@
  <service name="tar_scm" mode="disabled">
    <param name="scm">git</param>
    <param name="url">https://github.com/vmware/open-vm-tools.git</param>
-    <param name="revision">stable-12.2.0</param>
+    <param name="revision">stable-12.3.0</param>
    <param name="filename">open-vm-tools</param>
-    <param name="versionformat">12.2.0</param>
+    <param name="versionformat">12.3.0</param>
  </service>
  <service name="recompress" mode="disabled">
    <param name="file">*.tar</param>
--- a/open-vm-tools-12.2.0.tar.xz
+++ b/open-vm-tools-12.2.0.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ef22adf11d16a8bc675d1c73c190d178e791ee247d6cabfe78df9c56c9fae8c0
 size 1801020
--- a/open-vm-tools-12.3.0.tar.xz
+++ b/open-vm-tools-12.3.0.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:034abbf1dbf34425789a94cc9de2551f0ef57b799712a9a610366c25c2a07ba3
 size 1808920
--- a/open-vm-tools.changes
+++ b/open-vm-tools.changes
@ -1,3 +1,42 @@
 -------------------------------------------------------------------
 Wed Sep  6 15:52:41 UTC 2023 - Kirk Allan <kallan@suse.com>
 - Update to 12.3.0 (build 22234872) (boo#1214850)
  - There are no new features in the open-vm-tools 12.3.0 release. This is
    primarily a maintenance release that addresses a few critical problems,
    including:
    - This release integrates CVE-2023-20900 without the need for a patch.
      For more information on this vulnerability and its impact on VMware
      products, see
      https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
    - A tools.conf configuration setting is available to temporaily direct
      Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
      of ignoring file systems already frozen.
    - Building of the VMware Guest Authentication Service (VGAuth) using
      "xml-security-c" and "xerces-c" is being deprecated.
    - A number of Coverity reported issues have been addressed.
    - A number of GitHub issues and pull requests have been handled.
      Please see the Resolves Issues section of the Release Notes.
    - For issues resolved in this release, see the Resolved Issues section
      of the Release Notes.
  - For complete details, see:
    https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
  - Release Notes are available at
    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
  - The granular changes that have gone into the 12.3.0 release are in the
    ChangeLog at
    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
 - Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
 - jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
 - Drop patch now contained in 12.3.0:
  + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
  + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
  + 2023-20867-Remove-some-dead-code.patch
  + CVE-20230-20900.patch
 -------------------------------------------------------------------
 Mon Aug 28 15:10:27 UTC 2023 - Kirk Allan <kallan@suse.com>
--- a/open-vm-tools.spec
+++ b/open-vm-tools.spec
@ -38,7 +38,7 @@
 %define with_X 1
 Name:           open-vm-tools
-Version:        12.2.0
+Version:        12.3.0
 Release:        0
 Summary:        Open Virtual Machine Tools
 License:        BSD-3-Clause AND GPL-2.0-only AND LGPL-2.1-only
@ -69,7 +69,7 @@ BuildRequires:  pam-devel
 BuildRequires:  pcre-devel
 BuildRequires:  procps-devel
 BuildRequires:  update-desktop-files
-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 BuildRequires:  containerd-devel
 BuildRequires:  grpc-devel
 BuildRequires:  libcurl-devel
@ -106,7 +106,11 @@ BuildRequires:  pkgconfig(libudev)
 %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 0120300
 BuildRequires:  libxml2-devel
 BuildRequires:  pkgconfig(xmlsec1)
 %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 0150400
 Requires:       libxmlsec1-openssl1 >= 1.2.37
 %else
 Requires:       libxmlsec1-openssl1 >= 1.2.28
 %endif
 %define         arg_xmlsec1 --enable-xmlsec1
 %else
 # Leap 42.1 and 42.2 supports xmlsec1 and libxmlsec1-openssl1 but 12 SP1 and
@ -153,10 +157,6 @@ Obsoletes:      open-vm-tools-deploypkg <= 10.0.5
 Supplements:    modalias(pci:v000015ADd*sv*sd*bc*sc*i*)
 ExclusiveArch:  %ix86 x86_64 aarch64
 #Upstream patches
 Patch2:         0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
 Patch3:         0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
 Patch4:         2023-20867-Remove-some-dead-code.patch
 Patch5:         CVE-20230-20900.patch
 #SUSE specific patches
 Patch0:         pam-vmtoolsd.patch
@ -243,7 +243,7 @@ Requires:       libvmtools0 = %{version}
 Those are the development headers for libvmtools. They are needed
 if you intend to create own plugins for vmtoolsd.
-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 %package        containerinfo
 Summary:        Container Info Plugin
 Group:          System Environment/Libraries
@ -259,10 +259,6 @@ This package interfaces with the container runtime to retrieve a list of contain
 # fix for an rpmlint warning regarding wrong line feeds
 sed -i -e "s/\r//" README
 #Upstream patches
 %patch2 -p2
 %patch3 -p2
 %patch4 -p2
 %patch5 -p2
 #SUSE specific patches
 %patch0 -p2
@ -318,6 +314,10 @@ make
 %install
 %make_install
 %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 mkdir -p  %buildroot%_modulesloaddir
 echo vmw_vsock_vmci_transport > %buildroot%_modulesloaddir/vmw_vsock_vmci_transport.conf
 %endif
 mkdir -p  %{buildroot}%{_sbindir}
 # Remove exec bit from config files
@ -457,7 +457,7 @@ systemctl try-restart vmtoolsd.service || :
 %postun -n libvmtools0 -p /sbin/ldconfig
-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 %post containerinfo
 systemctl try-restart vmtoolsd.service || :
@ -466,6 +466,9 @@ systemctl try-restart vmtoolsd.service || :
 %endif
 %files
 %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 %_modulesloaddir/vmw_vsock_vmci_transport.conf
 %endif
 %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 0120300
 %license COPYING
 %doc AUTHORS ChangeLog NEWS README
@ -590,7 +593,7 @@ systemctl try-restart vmtoolsd.service || :
 %{_includedir}/libDeployPkg
 %{_libdir}/pkgconfig/libDeployPkg.pc
-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
 %files containerinfo
 %{_libdir}/%{name}/plugins/vmsvc/libcontainerInfo.so
 %endif