pool/open-vm-tools
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

merge into: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
...
pull from: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

2 Commits
factory ... slfo-main

Author SHA256 Message Date
kirkallan
bedcc5b6cd Update to open-vm-tools 13.0.5 (boo#1250692). Also, contains fix for CVE-2025-41244 (bsc#125037). 2025-10-02 08:35:42 -06:00
kirkallan
997c5ee58a Fix bsc#1250373 (CVE-2025-41244) - VUL-0: contains a local privilege escalation vulnerability. 2025-09-24 09:17:43 -06:00
7 changed files with 48 additions and 179 deletions
Expand all files Collapse all files

169
0001-GOSC-Update-Guest-OS-Customization-to-utilize-system.patch
View File

@@ -1,169 +0,0 @@
From ea918ed50bed323eb78c7dba805250983aa4d7d4 Mon Sep 17 00:00:00 2001
From: John Wolfe <john.wolfe@broadcom.com>
Date: Sat, 19 Apr 2025 09:04:47 -0700
Subject: [PATCH] [GOSC] Update Guest OS Customization to utilize systemd
system init
Currently the "telinit 6" command is used to reboot a Linux VM
following Guest OS Customization. As the classic Linux init system,
SysVinit, is deprecated in favor of a newer init system, systemd,
the telinit command may not be available on the base Linux OS.
This change adds support to Guest OS Customization for the systemd init
system. If the modern init system, systemd, is available, then a
"systemctl reboot" command will be used to trigger reboot. Otherwise,
the "telinit 6" command will be used assuming the traditional init
system, SysVinit, is still available.
---
open-vm-tools/libDeployPkg/linuxDeployment.c | 90 ++++++++------------
1 file changed, 35 insertions(+), 55 deletions(-)
diff --git a/open-vm-tools/libDeployPkg/linuxDeployment.c b/open-vm-tools/libDeployPkg/linuxDeployment.c
index d31d52927..0ce973c81 100644
--- a/open-vm-tools/libDeployPkg/linuxDeployment.c
+++ b/open-vm-tools/libDeployPkg/linuxDeployment.c
@@ -121,6 +121,9 @@ static const char* VARRUNDIR = "/var/run";
static const char* VARRUNIMCDIR = "/var/run/vmware-imc";
#endif
static const char* TMPDIR = "/tmp";
+static const char* USRBINSYSTEMCTL = "/usr/bin/systemctl";
+static const char* BINSYSTEMCTL = "/bin/systemctl";
+static const char* SBINTELINIT = "/sbin/telinit";
// Possible return codes from perl script
static const int CUST_SUCCESS = 0;
@@ -196,7 +199,6 @@ static Bool CopyFileIfExist(const char* sourcePath,
static void GetCloudinitVersion(const char* versionOutput,
int* major,
int* minor);
-static Bool IsTelinitASoftlinkToSystemctl(void);
/*
* Globals
@@ -1673,28 +1675,43 @@ Deploy(const char* packageName)
sLog(log_error, "Failed to fork: '%s'.", strerror(errno));
} else if (pid == 0) {
// We're in the child
+ char rebootCommand[1024];
int rebootCommandResult;
+ bool isSystemd = false;
bool isRebooting = false;
- // Retry reboot until telinit 6 succeeds to workaround PR 2716292 where
- // telinit is a soft(symbolic) link to systemctl and it could exit
- // abnormally due to systemd sends SIGTERM
- bool retryReboot = IsTelinitASoftlinkToSystemctl();
+ // PR 3438671, using different command to reboot modern systemd linux
+ // or traditional SysVinit linux
+ // Repeatedly try to reboot to workaround PR 2716292 on modern systemd
+ // linux where systemctl reboot could exit abnormally due to systemd
+ // sends SIGTERM
+ // Repeatedly try to reboot to workaround PR 530641 on traditional
+ // SysVinit linux where telinit 6 is overwritten by a telinit 2
+ if (access(USRBINSYSTEMCTL, X_OK) == 0) {
+ isSystemd = true;
+ Str_Snprintf(rebootCommand, sizeof(rebootCommand), "%s reboot",
+ USRBINSYSTEMCTL);
+ } else if (access(BINSYSTEMCTL, X_OK) == 0) {
+ isSystemd = true;
+ Str_Snprintf(rebootCommand, sizeof(rebootCommand), "%s reboot",
+ BINSYSTEMCTL);
+ } else {
+ Str_Snprintf(rebootCommand, sizeof(rebootCommand), "%s 6",
+ SBINTELINIT);
+ }
sLog(log_info, "Trigger reboot.");
- // Repeatedly try to reboot to workaround PR 530641 where
- // telinit 6 is overwritten by a telinit 2
do {
if (isRebooting) {
sLog(log_info, "Rebooting.");
}
rebootCommandResult =
- ForkExecAndWaitCommand("/sbin/telinit 6", true, NULL, 0);
+ ForkExecAndWaitCommand(rebootCommand, true, NULL, 0);
isRebooting = (rebootCommandResult == 0) ? true : isRebooting;
sleep(1);
- } while (rebootCommandResult == 0 || (retryReboot && !isRebooting));
+ } while (rebootCommandResult == 0 || (isSystemd && !isRebooting));
if (!isRebooting) {
sLog(log_error,
- "Failed to reboot, reboot command returned error %d.",
- rebootCommandResult);
+ "Failed to reboot, reboot command %s returned error %d.",
+ rebootCommand, rebootCommandResult);
exit (127);
} else {
sLog(log_info, "Reboot has been triggered.");
@@ -1954,8 +1971,11 @@ ForkExecAndWaitCommand(const char* command,
char** args = GetFormattedCommandLine(command);
const char* processStdOut;
Bool isPerlCommand = (strcmp(args[0], "/usr/bin/perl") == 0) ? true : false;
- Bool isTelinitCommand =
- (strcmp(args[0], "/sbin/telinit") == 0) ? true : false;
+ Bool isRebootCommand =
+ (Str_Strncmp(command, "/usr/bin/systemctl reboot", strlen(command)) ||
+ Str_Strncmp(command, "/bin/systemctl reboot", strlen(command)) ||
+ Str_Strncmp(command, "/sbin/telinit 6", strlen(command))) ?
+ true : false;
sLog(log_debug, "Command to exec : '%s'.", args[0]);
Process_Create(&hp, args, sLog);
@@ -2011,9 +2031,9 @@ ForkExecAndWaitCommand(const char* command,
}
}
} else {
- if (isTelinitCommand) {
+ if (isRebootCommand) {
sLog(log_info,
- "Telinit command failed with exitcode: %d, stderr: '%s'.",
+ "Reboot command failed with exitcode: %d, stderr: '%s'.",
retval,
Process_GetStderr(hp));
} else {
@@ -2207,43 +2227,3 @@ GetCloudinitVersion(const char* version, int* major, int* minor)
}
sLog(log_info, "Cloud-init version major: %d, minor: %d", *major, *minor);
}
-
-/**
- *
- * Check if "telinit" command is a soft(symbolic) link to "systemctl" command
- *
- * The fullpath of "systemctl" command could be:
- * /bin/systemctl
- * or
- * /usr/bin/systemctl
- *
- * @returns TRUE if "telinit" command is a soft link to "systemctl" command
- * FALSE if "telinit" command is not a soft link to "systemctl" command
- *
- **/
-static Bool
-IsTelinitASoftlinkToSystemctl(void)
-{
- static const char systemctlBinPath[] = "/bin/systemctl";
- static const char readlinkCommand[] = "/bin/readlink /sbin/telinit";
- char readlinkCommandOutput[256];
- int forkExecResult;
-
- forkExecResult = ForkExecAndWaitCommand(readlinkCommand,
- true,
- readlinkCommandOutput,
- sizeof(readlinkCommandOutput));
- if (forkExecResult != 0) {
- sLog(log_debug, "readlink command result = %d.", forkExecResult);
- return FALSE;
- }
-
- if (strstr(readlinkCommandOutput, systemctlBinPath) != NULL) {
- sLog(log_debug, "/sbin/telinit is a soft link to systemctl");
- return TRUE;
- } else {
- sLog(log_debug, "/sbin/telinit is not a soft link to systemctl");
- }
-
- return FALSE;
-}
--
2.43.5

2
_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/vmware/open-vm-tools.git</param>
<param name="scm">git</param>
<param name="revision">stable-13.0.0</param>
<param name="revision">stable-13.0.5</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">stable-(.*)</param>
</service>

BIN
open-vm-tools-13.0.0.obscpio LFS
View File

Binary file not shown.

BIN
open-vm-tools-13.0.5.obscpio LFS Normal file
View File

Binary file not shown.

40
open-vm-tools.changes
View File

@@ -1,3 +1,43 @@
-------------------------------------------------------------------
Wed Oct 1 14:53:20 UTC 2025 - Kirk Allan <kallan@suse.com>
- Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692):
Please refer to the Release Notes at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md.
The granular changes that have gone into the open-vm-tools 13.0.5 release
are in the ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog.
There are no new features in the open-vm-tools 13.0.5 release. This is
primarily a maintenance release that addresses a security issue.
This release resolves and includes the patch for CVE-2025-41244. For more
information on this vulnerability and its impact on Broadcom products,
see VMSA-2025-0015.
A patch to address CVE-2025-41244 on earlier open-vm-tools releases is
provided to the Linux community at CVE-2025-41244.patch.
A minor enhancement has been made for Guest OS Customization. The
DeployPkg plugin has been updated to use "systemctl reboot", if available.
For a more complete list of issues addressed in this release, see the
What's New and Resolved Issues section of the Release Notes.
- Drop patch now contained in 13.0.5:
0001-GOSC-Update-Guest-OS-Customization-to-utilize-system.patch
CVE-2025-41244-1240-1300-SDMP.patch
-------------------------------------------------------------------
Tue Sep 23 21:36:31 UTC 2025 - Kirk Allan <kallan@suse.com>
- Fix (bsc#1250373 (CVE-2025-41244) - VUL-0: contains a local privilege
escalation vulnerability.
+ Add patch:
- CVE-2025-41244-1240-1300-SDMP.patch
-------------------------------------------------------------------
Fri Jun 20 20:59:21 UTC 2025 - Kirk Allan <kallan@suse.com>

6
open-vm-tools.obsinfo
View File

@@ -1,4 +1,4 @@
name: open-vm-tools
version: 13.0.0
mtime: 1750305918
commit: 3c28b6f4d9af2df2027a9df9c82e2f0196bd8bf7
version: 13.0.5
mtime: 1759214741
commit: fbc80ffbd226b4a61bb8ea1c9a682b5c7614e3fd

4
open-vm-tools.spec
View File

@@ -38,7 +38,7 @@
%define with_X 1
Name: open-vm-tools
Version: 13.0.0
Version: 13.0.5
Release: 0
Summary: Open Virtual Machine Tools
License: BSD-3-Clause AND GPL-2.0-only AND LGPL-2.1-only
@@ -159,7 +159,6 @@ Obsoletes: open-vm-tools-deploypkg <= 10.0.5
Supplements: modalias(pci:v000015ADd*sv*sd*bc*sc*i*)
ExclusiveArch: %ix86 x86_64 aarch64
#Upstream patches
Patch2: 0001-GOSC-Update-Guest-OS-Customization-to-utilize-system.patch
#SUSE specific patches
Patch0: pam-vmtoolsd.patch
@@ -262,7 +261,6 @@ This package interfaces with the container runtime to retrieve a list of contain
# fix for an rpmlint warning regarding wrong line feeds
sed -i -e "s/\r//" README
#Upstream patches
%patch -P 2 -p2
#SUSE specific patches
%patch -P 0 -p2