273486 – emulators/open-vm-tools: update to open-vm-tools 12.3.0

Bug 273486 - emulators/open-vm-tools: update to open-vm-tools 12.3.0

Summary: emulators/open-vm-tools: update to open-vm-tools 12.3.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Renato Botelho

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-08-31 23:36 UTC by John Wolfe
Modified:	2023-09-20 11:30 UTC (History)
CC List:	5 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (garga)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Wolfe 2023-08-31 23:36:40 UTC

Comment 1 John Wolfe 2023-08-31 23:47:49 UTC

open-vm-tools 12.3.0 was released on Aug. 31, 2023.

Also affects project (?) Also affects distribution/package
Edit
Bug Description

There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including:

This release resolves CVE-2023-20900. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html.

A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen.

Building of the VMware Guest Authentication Service (VGAuth) using "xml-security-c" and "xerces-c" is being deprecated.

A number of Coverity reported issues have been addressed.

A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes.

For issues resolved in this release, see the Resolved Issues section of the Release Notes.

For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0

Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md

The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog

Note: the security advisories in 12.2.5 and 12.3.0 would not apply to FreeBSD since you currently do not build the VGAuth service,

Comment 2 Mina Galić freebsd_triage

2023-09-01 18:07:48 UTC

if this is addressing a CVE, does it need a vuln xml entry?

Comment 3 John Wolfe 2023-09-01 18:13:19 UTC

(In reply to Mina Galić from comment #2)

The CVE addresses a vulnerabilty in the VM Guest Authorization service (VGAuth) which FreeBSD open-vm-tools does not (currently) build.

There is no CVE issue(s) with FreeBSD's open-vm-tools releases.

Comment 4 commit-hook freebsd_committer

2023-09-20 11:28:49 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=babca63af439530c5aabbdb41942fe5003d9571f

commit babca63af439530c5aabbdb41942fe5003d9571f
Author:     Renato Botelho <garga@FreeBSD.org>
AuthorDate: 2023-09-20 11:26:33 +0000
Commit:     Renato Botelho <garga@FreeBSD.org>
CommitDate: 2023-09-20 11:27:58 +0000

    emulators/open-vm-tools: Update to 12.3.0

    PR:             273486
    Reported by:    John Wolfe <jwolfe@vmware.com>
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 emulators/open-vm-tools/Makefile | 3 +--
 emulators/open-vm-tools/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)