271986 – emulators/open-vm-tools: update to 12.2.5

Bug 271986 - emulators/open-vm-tools: update to 12.2.5

Summary: emulators/open-vm-tools: update to 12.2.5

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Renato Botelho

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-13 23:39 UTC by John Wolfe
Modified:	2023-06-20 11:10 UTC (History)
CC List:	4 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (garga)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Wolfe 2023-06-13 23:39:45 UTC

open-vm-tools 12.2.5 was released on June 13, 2023.

There are no new features in the open-vm-tools 12.2.5 release. This is primarily a maintenance release that addresses a single critical problem:

  *  Address CVE-2023-20867 announced in https://www.vmware.com/security/advisories/VMSA-2023-0013.html

For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5

Release Notes are available at: https://github.com/vmware/open-vm-tools/blob/stable-12.2.5/ReleaseNotes.md

The granular changes that have gone into the 12.2.5 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-12.2.5/open-vm-tools/ChangeLog

Patches applicable to previous open-vm-tools releases are available at https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch

Since FreeBSD typically does not build the vgauth service, the current open-vm-tools and open-vm-tools-nox11 are not affected by CVE-2023-20867.  However you may want to update to 12.2.5 for FreeBSD customers that may enable the vgauth service when building from /usr/ports.

Comment 1 commit-hook freebsd_committer

2023-06-20 11:09:37 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d65114f3cfb416ddfc8b32c3e9b5c621c0be96ab

commit d65114f3cfb416ddfc8b32c3e9b5c621c0be96ab
Author:     Renato Botelho <garga@FreeBSD.org>
AuthorDate: 2023-06-20 11:07:20 +0000
Commit:     Renato Botelho <garga@FreeBSD.org>
CommitDate: 2023-06-20 11:08:53 +0000

    emulators/open-vm-tools: Update to 12.2.5

    PR:             271986
    Reported by:    John Wolfe <jwolfe@vmware.com>
    Security:       CVE-2023-20867
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 emulators/open-vm-tools/Makefile | 4 ++--
 emulators/open-vm-tools/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comment 2 commit-hook freebsd_committer

2023-06-20 11:09:38 UTC

A commit in branch 2023Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=017883b9e8a7e721b5b5f4131deb760528dd7bdf

commit 017883b9e8a7e721b5b5f4131deb760528dd7bdf
Author:     Renato Botelho <garga@FreeBSD.org>
AuthorDate: 2023-06-20 11:07:20 +0000
Commit:     Renato Botelho <garga@FreeBSD.org>
CommitDate: 2023-06-20 11:09:23 +0000

    emulators/open-vm-tools: Update to 12.2.5

    PR:             271986
    Reported by:    John Wolfe <jwolfe@vmware.com>
    Security:       CVE-2023-20867
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

    (cherry picked from commit d65114f3cfb416ddfc8b32c3e9b5c621c0be96ab)

 emulators/open-vm-tools/Makefile | 4 ++--
 emulators/open-vm-tools/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)