Package: open-vm-tools / 2:9.4.6-1770165-8

Metadata

Package Version Patches format
open-vm-tools 2:9.4.6-1770165-8 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian/d_alias_fix | (download)

modules/linux/vmhgfs/inode.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

---
upstream/3a9f229_Harden HostinfoOSData against PATH attacks | (download)

lib/misc/hostinfoPosix.c | 23 19 + 4 - 0 !
1 file changed, 19 insertions(+), 4 deletions(-)

 [patch] harden hostinfoosdata against $path attacks.

We are doing a popen("lsb_release... ") when attempting to
determine host details in hostinfoPosix.c. Using popen means that
$PATH is walked when looking for the lsb_release binary, and that
may give an attacker the ability to run a malicious version of
lsb_release.

This change does two things,

a) Hard code the path to lsb_release. I've searched around
   the web and I believe the path is always "/usr/bin/lsb_release"
   so let's not leave this up to chance.

b) Stop running HostinfoGetCmdOutput with elevated privileges. Drop
   to non-root when possible. If someone sneaks in a new call to
   HostinfoGetCmdOutput and doesn't use a full path, then we will
   hopefully avoid a firedrill. I'm only applying this to Linux
   because the Fusion build barfed when I tried to compile with
   without the vmx86_linux.

I think either (a) or (b) would be enough but I'm doing both,
because each individually is correct. Also note that in the blog
post by Tavis Ormandy calls out doing (a) as not enough,
   http://blog.cmpxchg8b.com/2013/08/security-debianisms.html
His example uses a bash feature that allows functions to be
exported. I haven't been able to get that to work on my Ubuntu
machine.

To test I'm manually run Linux WS and Fusion and verified that
the logs look correct.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>

upstream/54780b8_Debian guys want to play with FreeBSD kernels and Linux userland | (download)

configure.ac | 10 7 + 3 - 0 !
1 file changed, 7 insertions(+), 3 deletions(-)

 [patch] debian guys want to play with freebsd kernels and linux
 userland, let's recognize such systems when configuring.

This change was contributed to OVT by Robin Elfrink.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>

from_fedora/sizeof_argument.patch | (download)

lib/syncDriver/syncDriverPosix.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

---
from_arch/0001 Remove unused DEPRECATED macro.patch | (download)

lib/include/vm_assert.h | 10 0 + 10 - 0 !
1 file changed, 10 deletions(-)

 [patch 1/5] remove unused deprecated macro


from_arch/0002 Conditionally define g_info macro.patch | (download)

lib/include/vmware/tools/log.h | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 2/5] conditionally define g_info macro

* Some versions of GLib define this macro.

from_arch/0003 Add kuid_t kgid_t compatibility layer.patch | (download)

modules/linux/vmhgfs/filesystem.c | 20 14 + 6 - 0 !
modules/linux/vmhgfs/fsutil.c | 118 102 + 16 - 0 !
modules/linux/vmhgfs/fsutil.h | 5 3 + 2 - 0 !
modules/linux/vmhgfs/inode.c | 18 14 + 4 - 0 !
modules/linux/vmhgfs/module.h | 14 12 + 2 - 0 !
5 files changed, 145 insertions(+), 30 deletions(-)

 [patch 3/5] add kuid_t/kgid_t compatibility layer


from_arch/0004 Use new link helpers.patch | (download)

modules/linux/vmhgfs/link.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 [patch 4/5] use new link helpers

* vfs_follow_link was removed in 3.12.
* vfs_readlink was removed in 3.15.

from_arch/0005 Update hgfs file operations for newer kernels.patch | (download)

modules/linux/vmhgfs/file.c | 210 194 + 16 - 0 !
modules/linux/vmhgfs/filesystem.c | 103 4 + 99 - 0 !
modules/linux/vmhgfs/fsutil.c | 743 628 + 115 - 0 !
modules/linux/vmhgfs/fsutil.h | 2 2 + 0 - 0 !
modules/linux/vmhgfs/inode.c | 66 59 + 7 - 0 !
modules/linux/vmhgfs/link.c | 57 53 + 4 - 0 !
modules/linux/vmhgfs/module.h | 7 7 + 0 - 0 !
modules/linux/vmhgfs/page.c | 862 788 + 74 - 0 !
8 files changed, 1735 insertions(+), 315 deletions(-)

 [patch 5/5] update hgfs file operations for newer kernels

* Keep track of write back pages so concurrent file validations do not
  invalidate the cache.
* Handle file flush operations.

from_arch/0006 Fix vmxnet module on kernels 3.16.patch | (download)

modules/linux/shared/compat_netdevice.h | 4 4 + 0 - 0 !
modules/linux/vmxnet/vmxnet.c | 13 8 + 5 - 0 !
2 files changed, 12 insertions(+), 5 deletions(-)

 [patch 10/11] fix vmxnet module on kernels >= 3.16

* Add compat check for ethtool_ops in net_device struct.
* SET_ETHTOOL_OPS is no longer defined, but can be manually.

from_arch/0007 Fix vmhgfs module on kernels 3.16.patch | (download)

modules/linux/vmhgfs/file.c | 16 12 + 4 - 0 !
1 file changed, 12 insertions(+), 4 deletions(-)

 [patch 11/11] fix vmhgfs module on kernels >= 3.16

* Use read_iter/write_iter file operations on kernels >= 3.16.
* Do not set aio_read/aio_write on kernels >= 3.16.

from_arch/0008 Fix segfault in vmhgfs.patch | (download)

modules/linux/shared/compat_fs.h | 3 2 + 1 - 0 !
modules/linux/vmhgfs/file.c | 23 12 + 11 - 0 !
2 files changed, 14 insertions(+), 12 deletions(-)

 [patch 12/12] fix segfault in vmhgfs

* Need to use sync read/write but also set the read_iter/write_iter
  operations.

debian/0001 kvers.patch | (download)

modules/linux/vmblock/Makefile | 2 1 + 1 - 0 !
modules/linux/vmci/Makefile | 2 1 + 1 - 0 !
modules/linux/vmhgfs/Makefile | 2 1 + 1 - 0 !
modules/linux/vmsync/Makefile | 2 1 + 1 - 0 !
modules/linux/vmxnet/Makefile | 2 1 + 1 - 0 !
modules/linux/vsock/Makefile | 2 1 + 1 - 0 !
6 files changed, 6 insertions(+), 6 deletions(-)

 replacing uname call with kvers, overwriting seemed not to work.


debian/fix_debian_verison_recognition | (download)

lib/include/guest_os.h | 2 1 + 1 - 0 !
lib/include/guest_os_tables.h | 4 2 + 2 - 0 !
lib/misc/hostinfoPosix.c | 38 37 + 1 - 0 !
3 files changed, 40 insertions(+), 4 deletions(-)

---
debian/pam use common auth account | (download)

scripts/linux/pam.d/vmtoolsd | 9 2 + 7 - 0 !
1 file changed, 2 insertions(+), 7 deletions(-)

---
debian/max_nic_count | (download)

lib/guestRpc/nicinfo.x | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
debian/fix CVE 2014 4199 | (download)

scripts/common/vm-support | 59 28 + 31 - 0 !
1 file changed, 28 insertions(+), 31 deletions(-)

---