Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package open-vm-tools for openSUSE:Factory checked in at 2025-05-15 16:59:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/open-vm-tools (Old) and /work/SRC/openSUSE:Factory/.open-vm-tools.new.30101 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "open-vm-tools" Thu May 15 16:59:39 2025 rev:133 rq:1277231 version:12.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/open-vm-tools/open-vm-tools.changes 2025-05-07 19:15:52.213715181 +0200 +++ /work/SRC/openSUSE:Factory/.open-vm-tools.new.30101/open-vm-tools.changes 2025-05-15 17:00:00.974778212 +0200 @@ -1,0 +2,11 @@ +Tue May 13 04:34:57 UTC 2025 - Johannes Kastl <opensuse_buildserv...@ojkastl.de> + +- update to 12.5.2 (bsc#1243106): + https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md + https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog + This release resolves CVE-2025-22247. For more information on this + vulnerability and its impact on Broadcom products, see + VMSA-2025-0007 + https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683 + +------------------------------------------------------------------- Old: ---- open-vm-tools-12.5.0.obscpio New: ---- open-vm-tools-12.5.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ open-vm-tools.spec ++++++ --- /var/tmp/diff_new_pack.0s34Di/_old 2025-05-15 17:00:02.078824528 +0200 +++ /var/tmp/diff_new_pack.0s34Di/_new 2025-05-15 17:00:02.082824696 +0200 @@ -38,7 +38,7 @@ %define with_X 1 Name: open-vm-tools -Version: 12.5.0 +Version: 12.5.2 Release: 0 Summary: Open Virtual Machine Tools License: BSD-3-Clause AND GPL-2.0-only AND LGPL-2.1-only ++++++ _service ++++++ --- /var/tmp/diff_new_pack.0s34Di/_old 2025-05-15 17:00:02.122826374 +0200 +++ /var/tmp/diff_new_pack.0s34Di/_new 2025-05-15 17:00:02.122826374 +0200 @@ -2,9 +2,8 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/vmware/open-vm-tools.git</param> <param name="scm">git</param> - <param name="revision">stable-12.5.0</param> + <param name="revision">12.5.2</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="versionrewrite-pattern">stable-(.*)</param> </service> <service name="set_version" mode="manual"> </service> ++++++ open-vm-tools-12.5.0.obscpio -> open-vm-tools-12.5.2.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/ReleaseNotes.md new/open-vm-tools-12.5.2/ReleaseNotes.md --- old/open-vm-tools-12.5.0/ReleaseNotes.md 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/ReleaseNotes.md 2025-05-12 22:07:33.000000000 +0200 @@ -1,8 +1,8 @@ -# open-vm-tools 12.5.0 Release Notes +# open-vm-tools 12.5.2 Release Notes -Updated on: 8 October 2024 +Updated on: 12 May 2025 -open-vm-tools | 8 OCTOBER 2024 | Build 24276846 +open-vm-tools | 12 MAY 2025 | Build 24697584 Check back for additions and updates to these release notes. @@ -21,15 +21,17 @@ ## <a id="whatsnew" name="whatsnew"></a>What's New -* Please see the [Resolved Issues](#resolvedissues) and [Known Issues](#knownissues) sections below. +* This release resolves [CVE-2025-22247](https://www.cve.org/CVERecord?id=CVE-2025-22247). For more information on this vulnerability and its impact on Broadcom products, see [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) -* A complete list of the granular changes in the open-vm-tools 12.5.0 release is available at: + A patch to address CVE-2025-22247 on earlier open-vm-tools releases is provided to the Linux community at [CVE-2025-22247.patch](https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch). - [open-vm-tools ChangeLog](https://github.com/vmware/open-vm-tools/blob/stable-12.5.0/open-vm-tools/ChangeLog) +* A complete list of the granular changes in the open-vm-tools 12.5.2 release is available at: + + [open-vm-tools ChangeLog](https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog) ## <a id="i18n" name="i18n"></a>Internationalization -open-vm-tools 12.5.0 is available in the following languages: +open-vm-tools 12.5.2 is available in the following languages: * English * French @@ -67,19 +69,15 @@ ## <a id="interop" name="interop"></a>Interoperability Matrix -The [VMware Product Interoperability Matrix](http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php) provides details about the compatibility of current and earlier versions of VMware Products. +The [VMware Product Interoperability Matrix](https://interopmatrix.broadcom.com/Interoperability) provides details about the compatibility of current and earlier versions of VMware Products. ## <a id="resolvedissues" name ="resolvedissues"></a> Resolved Issues -* **The following github.com/vmware/open-vm-tools pull request has been addressed.** - - * Revise settings for vmware-user.desktop - - [Pull request #668](https://github.com/vmware/open-vm-tools/pull/668) +* **This release resolves CVE-2025-22247.** -* **Accomodate newer releases of libxml2 and xmlsec1.** + * For more information on this vulnerability and its impact on Broadcom products, see [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) - The configure.ac and VGAuth code updated to avoid deprecated functions and build options based on OSS product version. + * A patch to address CVE-2025-22247 on earlier open-vm-tools releases is provided to the Linux community at [CVE-2025-22247.patch](https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch). ## <a id="knownissues" name="knownissues"></a>Known Issues diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/ChangeLog new/open-vm-tools-12.5.2/open-vm-tools/ChangeLog --- old/open-vm-tools-12.5.0/open-vm-tools/ChangeLog 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/ChangeLog 2025-05-12 22:07:33.000000000 +0200 @@ -1,3 +1,52 @@ +commit 4ba99fabfecd7a54d3ebdb9d144f9ed6ec7faf22 +Author: John Wolfe <john.wo...@broadcom.com> +Date: Mon May 12 13:00:43 2025 -0700 + + Update the ReleaseNotes.md for the 12.5.2 open-vm-tools release. + +commit d466ae89716856b2a4295ce622f1887a25575f25 +Author: John Wolfe <john.wo...@broadcom.com> +Date: Sun May 11 09:17:41 2025 -0700 + + Prepare for the open-vm-tools 12.5.2 release. + + - Update the tools version in the configure.ac. + - Update the build numbers in the buldNumber.h. + +commit f6e10ad22796353a8ed3bed876cdc41d7acc2fc0 +Author: John Wolfe <john.wo...@broadcom.com> +Date: Fri May 9 11:51:44 2025 -0700 + + Set the open-vm-tools product version for a 12.5.2 patch release + +commit 6331ea0150b98316b3f41b4cdcff52ae9fc7d791 +Author: John Wolfe <john.wo...@broadcom.com> +Date: Mon May 5 15:58:03 2025 -0700 + + Validate user names and file paths + + Prevent usage of illegal characters in user names and file paths. + Also, disallow unexpected symlinks in file paths. + + This patch contains changes to common source files not applicable + to open-vm-tools. + + All files being updated should be consider to have the copyright to + be updated to: + + * Copyright (c) XXXX-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + + The 2025 Broadcom copyright information update is not part of this + patch set to allow the patch to be easily applied to previous + open-vm-tools source releases. + +commit f2ca37ef3510543172657b82493d1eceefa9a134 +Author: Kruti <kpendhar...@vmware.com> +Date: Thu Oct 10 08:05:07 2024 -0700 + + Update ChangeLog with the open-vm-tools 12.5.0 release marker. + commit 05afe0ae703d6027325059876528fe3b04fdf386 Author: Kruti <kpendhar...@vmware.com> Date: Thu Oct 10 06:12:07 2024 -0700 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/configure.ac new/open-vm-tools-12.5.2/open-vm-tools/configure.ac --- old/open-vm-tools-12.5.0/open-vm-tools/configure.ac 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/configure.ac 2025-05-12 22:07:33.000000000 +0200 @@ -36,10 +36,10 @@ ### Initialization ### -TOOLS_VERSION="12.5.0" +TOOLS_VERSION="12.5.2" AC_INIT( [open-vm-tools], - [12.5.0], + [12.5.2], [open-vm-tools-de...@lists.sourceforge.net]) # In order to make this configure script auto-detect situations where diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/lib/include/buildNumber.h new/open-vm-tools-12.5.2/open-vm-tools/lib/include/buildNumber.h --- old/open-vm-tools-12.5.0/open-vm-tools/lib/include/buildNumber.h 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/lib/include/buildNumber.h 2025-05-12 22:07:33.000000000 +0200 @@ -1,12 +1,12 @@ #define BUILD_NUMBER \ - "build-24276846" + "build-24697584" #define BUILD_NUMBER_NUMERIC \ - 24276846 + 24697584 #define BUILD_NUMBER_NUMERIC_STRING \ - "24276846" + "24697584" #define PRODUCT_BUILD_NUMBER \ - "product-build-51152" + "product-build-52591" #define PRODUCT_BUILD_NUMBER_NUMERIC \ - 51152 + 52591 #define PRODUCT_BUILD_NUMBER_NUMERIC_STRING \ - "51152" + "52591" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/lib/include/vm_tools_version.h new/open-vm-tools-12.5.2/open-vm-tools/lib/include/vm_tools_version.h --- old/open-vm-tools-12.5.0/open-vm-tools/lib/include/vm_tools_version.h 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/lib/include/vm_tools_version.h 2025-05-12 22:07:33.000000000 +0200 @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (c) 1998-2024 Broadcom. All rights reserved. + * Copyright (c) 1998-2025 Broadcom. All Rights Reserved. * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it @@ -1787,15 +1787,30 @@ #define TOOLS_VERSION_SOCKET_WRENCH_UPDATE1_V_BASE 5 #ifndef RC_INVOKED -#define TOOLS_VERSION_NEXT TOOLS_VERSION_TO_UINT(TOOLS_VERSION_NEXT_V) +#define TOOLS_VERSION_PLIERS_RELEASE TOOLS_VERSION_TO_UINT(TOOLS_VERSION_PLIERS_RELEASE_V) #endif /* RC_INVOKED */ -#define TOOLS_VERSION_NEXT_V_MJR 12 -#define TOOLS_VERSION_NEXT_V_MNR 5 -#define TOOLS_VERSION_NEXT_V_BASE 0 - -#define TOOLS_VERSION_CURRENT TOOLS_VERSION_NEXT -#define TOOLS_VERSION_CURRENT_STR TOOLS_VERSION_TO_STR(TOOLS_VERSION_NEXT) -#define TOOLS_VERSION_CURRENT_CSV TOOLS_VERSION_TO_CSV(TOOLS_VERSION_NEXT) +#define TOOLS_VERSION_PLIERS_RELEASE_V_MJR 12 +#define TOOLS_VERSION_PLIERS_RELEASE_V_MNR 5 +#define TOOLS_VERSION_PLIERS_RELEASE_V_BASE 0 + +#ifndef RC_INVOKED +#define TOOLS_VERSION_PLIERS_PATCH1 TOOLS_VERSION_TO_UINT(TOOLS_VERSION_PLIERS_PATCH1_V) +#endif /* RC_INVOKED */ +#define TOOLS_VERSION_PLIERS_PATCH1_V_MJR 12 +#define TOOLS_VERSION_PLIERS_PATCH1_V_MNR 5 +#define TOOLS_VERSION_PLIERS_PATCH1_V_BASE 1 + + +#ifndef RC_INVOKED +#define TOOLS_VERSION_PLIERS_PATCH2 TOOLS_VERSION_TO_UINT(TOOLS_VERSION_PLIERS_PATCH2_V) +#endif /* RC_INVOKED */ +#define TOOLS_VERSION_PLIERS_PATCH2_V_MJR 12 +#define TOOLS_VERSION_PLIERS_PATCH2_V_MNR 5 +#define TOOLS_VERSION_PLIERS_PATCH2_V_BASE 2 + +#define TOOLS_VERSION_CURRENT TOOLS_VERSION_PLIERS_PATCH2 +#define TOOLS_VERSION_CURRENT_STR TOOLS_VERSION_TO_STR(TOOLS_VERSION_PLIERS_PATCH2) +#define TOOLS_VERSION_CURRENT_CSV TOOLS_VERSION_TO_CSV(TOOLS_VERSION_PLIERS_PATCH2) /* * The extended Tools version is the current Tools version with the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/VGAuthUtil.c new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/VGAuthUtil.c --- old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/VGAuthUtil.c 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/VGAuthUtil.c 2025-05-12 22:07:33.000000000 +0200 @@ -309,3 +309,36 @@ #endif g_assert(0); } + + +/* + ****************************************************************************** + * Util_Utf8CaseCmp -- */ /** + * + * Case insensitive comparison for utf8 strings which can have non-ascii + * characters. + * + * @param[in] str1 Null terminated utf8 string. + * @param[in] str2 Null terminated utf8 string. + * + ****************************************************************************** + */ + +int +Util_Utf8CaseCmp(const gchar *str1, + const gchar *str2) +{ + int ret; + gchar *str1Case; + gchar *str2Case; + + str1Case = g_utf8_casefold(str1, -1); + str2Case = g_utf8_casefold(str2, -1); + + ret = g_strcmp0(str1Case, str2Case); + + g_free(str1Case); + g_free(str2Case); + + return ret; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/VGAuthUtil.h new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/VGAuthUtil.h --- old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/VGAuthUtil.h 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/VGAuthUtil.h 2025-05-12 22:07:33.000000000 +0200 @@ -105,4 +105,6 @@ void Util_Assert(const char *cond, const char *file, int lineNum); +int Util_Utf8CaseCmp(const gchar *str1, const gchar *str2); + #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/prefs.h new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/prefs.h --- old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/prefs.h 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/prefs.h 2025-05-12 22:07:33.000000000 +0200 @@ -167,6 +167,9 @@ /** Where the localized version of the messages were installed. */ #define VGAUTH_PREF_LOCALIZATION_DIR "msgCatalog" +/** If symlinks or junctions are allowed in alias store file path */ +#define VGAUTH_PREF_ALLOW_SYMLINKS "allowSymlinks" + /* * Pref values */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/usercheck.c new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/usercheck.c --- old/open-vm-tools-12.5.0/open-vm-tools/vgauth/common/usercheck.c 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/vgauth/common/usercheck.c 2025-05-12 22:07:33.000000000 +0200 @@ -78,6 +78,8 @@ * Solaris as well, but that path is untested. */ +#define MAX_USER_NAME_LEN 256 + /* * A single retry works for the LDAP case, but try more often in case NIS * or something else has a related issue. Note that a bad username/uid won't @@ -354,12 +356,29 @@ * restricted list for local usernames. */ size_t len; - char *illegalChars = "<>/"; + size_t i = 0; + int backSlashCnt = 0; + /* + * As user names are used to generate its alias store file name/path, it + * should not contain path traversal characters ('/' and '\'). + */ + char *illegalChars = "<>/\\"; len = strlen(userName); - if (strcspn(userName, illegalChars) != len) { + if (len > MAX_USER_NAME_LEN) { return FALSE; } + + while ((i += strcspn(userName + i, illegalChars)) < len) { + /* + * One backward slash is allowed for domain\username separator. + */ + if (userName[i] != '\\' || ++backSlashCnt > 1) { + return FALSE; + } + ++i; + } + return TRUE; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/vgauth/serviceImpl/alias.c new/open-vm-tools-12.5.2/open-vm-tools/vgauth/serviceImpl/alias.c --- old/open-vm-tools-12.5.0/open-vm-tools/vgauth/serviceImpl/alias.c 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/vgauth/serviceImpl/alias.c 2025-05-12 22:07:33.000000000 +0200 @@ -41,6 +41,7 @@ #include "certverify.h" #include "VGAuthProto.h" #include "vmxlog.h" +#include "VGAuthUtil.h" // puts the identity store in an easy to find place #undef WIN_TEST_MODE @@ -66,6 +67,7 @@ #define ALIASSTORE_FILE_PREFIX "user-" #define ALIASSTORE_FILE_SUFFIX ".xml" +static gboolean allowSymlinks = FALSE; static gchar *aliasStoreRootDir = DEFAULT_ALIASSTORE_ROOT_DIR; #ifdef _WIN32 @@ -252,6 +254,12 @@ */ +#ifdef _WIN32 +#define ISPATHSEP(c) ((c) == '\\' || (c) == '/') +#else +#define ISPATHSEP(c) ((c) == '/') +#endif + /* ****************************************************************************** @@ -466,6 +474,7 @@ gunichar2 *fileNameW = NULL; BOOL ok; DWORD bytesRead; + gchar *realPath = NULL; *fileSize = 0; *contents = NULL; @@ -622,6 +631,22 @@ goto done; } + if (!allowSymlinks) { + /* + * Check if fileName is real path. + */ + if ((realPath = ServiceFileGetPathByHandle(hFile)) == NULL) { + err = VGAUTH_E_FAIL; + goto done; + } + if (Util_Utf8CaseCmp(realPath, fileName) != 0) { + Warning("%s: Real path (%s) is not same as file path (%s)\n", + __FUNCTION__, realPath, fileName); + err = VGAUTH_E_FAIL; + goto done; + } + } + /* * Now finally read the contents. */ @@ -650,6 +675,7 @@ CloseHandle(hFile); } g_free(fileNameW); + g_free(realPath); return err; } @@ -672,6 +698,7 @@ gchar *buf; gchar *bp; int fd = -1; + gchar realPath[PATH_MAX] = { 0 }; *fileSize = 0; *contents = NULL; @@ -817,6 +844,23 @@ goto done; } + if (!allowSymlinks) { + /* + * Check if fileName is real path. + */ + if (realpath(fileName, realPath) == NULL) { + Warning("%s: realpath() failed. errno (%d)\n", __FUNCTION__, errno); + err = VGAUTH_E_FAIL; + goto done; + } + if (g_strcmp0(realPath, fileName) != 0) { + Warning("%s: Real path (%s) is not same as file path (%s)\n", + __FUNCTION__, realPath, fileName); + err = VGAUTH_E_FAIL; + goto done; + } + } + /* * All confidence checks passed; read the bits. */ @@ -2803,8 +2847,13 @@ /* * We don't verify the user exists in a Remove operation, to allow - * cleanup of deleted user's stores. + * cleanup of deleted user's stores, but we do check whether the + * user name is legal or not. */ + if (!Usercheck_UsernameIsLegal(userName)) { + Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName); + return VGAUTH_E_FAIL; + } if (!CertVerify_IsWellFormedPEMCert(pemCert)) { return VGAUTH_E_INVALID_CERTIFICATE; @@ -3036,6 +3085,16 @@ } #endif + /* + * We don't verify the user exists in a Query operation to allow + * cleaning up after a deleted user, but we do check whether the + * user name is legal or not. + */ + if (!Usercheck_UsernameIsLegal(userName)) { + Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName); + return VGAUTH_E_FAIL; + } + err = AliasLoadAliases(userName, num, aList); if (VGAUTH_E_OK != err) { Warning("%s: failed to load Aliases for '%s'\n", __FUNCTION__, userName); @@ -3294,6 +3353,7 @@ VGAuthError err = VGAUTH_E_OK; gboolean saveBadDir = FALSE; char *defaultDir = NULL; + size_t len; #ifdef _WIN32 { @@ -3324,6 +3384,10 @@ defaultDir = g_strdup(DEFAULT_ALIASSTORE_ROOT_DIR); #endif + allowSymlinks = Pref_GetBool(gPrefs, + VGAUTH_PREF_ALLOW_SYMLINKS, + VGAUTH_PREF_GROUP_NAME_SERVICE, + FALSE); /* * Find the alias store directory. This allows an installer to put * it somewhere else if necessary. @@ -3337,6 +3401,14 @@ VGAUTH_PREF_GROUP_NAME_SERVICE, defaultDir); + /* + * Remove the trailing separator if any from aliasStoreRootDir path. + */ + len = strlen(aliasStoreRootDir); + if (ISPATHSEP(aliasStoreRootDir[len - 1])) { + aliasStoreRootDir[len - 1] = '\0'; + } + Log("Using '%s' for alias store root directory\n", aliasStoreRootDir); g_free(defaultDir); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/vgauth/serviceImpl/service.c new/open-vm-tools-12.5.2/open-vm-tools/vgauth/serviceImpl/service.c --- old/open-vm-tools-12.5.0/open-vm-tools/vgauth/serviceImpl/service.c 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/vgauth/serviceImpl/service.c 2025-05-12 22:07:33.000000000 +0200 @@ -28,6 +28,7 @@ #include "VGAuthUtil.h" #ifdef _WIN32 #include "winUtil.h" +#include <glib.h> #endif static ServiceStartListeningForIOFunc startListeningIOFunc = NULL; @@ -283,9 +284,35 @@ ServiceUserNameToPipeName(const char *userName) { gchar *escapedName = ServiceEncodeUserName(userName); +#ifdef _WIN32 + /* + * Adding below pragma only in windows to suppress the compile time warning + * about unavailability of g_uuid_string_random() since compiler flag + * GLIB_VERSION_MAX_ALLOWED is defined to GLIB_VERSION_2_34. + * TODO: Remove below pragma when GLIB_VERSION_MAX_ALLOWED is bumped up to + * or greater than GLIB_VERSION_2_52. + */ +#pragma warning(suppress : 4996) + gchar *uuidStr = g_uuid_string_random(); + /* + * Add a unique suffix to avoid a name collision with an existing named pipe + * created by someone else (intentionally or by accident). + * This is not needed for Linux; name collisions on sockets are already + * avoided there since (1) file system paths to VGAuthService sockets are in + * a directory that is writable only by root and (2) VGAuthService unlinks a + * socket path before binding it to a newly created socket. + */ + gchar *pipeName = g_strdup_printf("%s-%s-%s", + SERVICE_PUBLIC_PIPE_NAME, + escapedName, + uuidStr); + + g_free(uuidStr); +#else gchar *pipeName = g_strdup_printf("%s-%s", SERVICE_PUBLIC_PIPE_NAME, escapedName); +#endif g_free(escapedName); return pipeName; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-vm-tools-12.5.0/open-vm-tools/vgauth/serviceImpl/serviceInt.h new/open-vm-tools-12.5.2/open-vm-tools/vgauth/serviceImpl/serviceInt.h --- old/open-vm-tools-12.5.0/open-vm-tools/vgauth/serviceImpl/serviceInt.h 2024-10-10 17:05:07.000000000 +0200 +++ new/open-vm-tools-12.5.2/open-vm-tools/vgauth/serviceImpl/serviceInt.h 2025-05-12 22:07:33.000000000 +0200 @@ -441,6 +441,7 @@ VGAuthError ServiceFileVerifyEveryoneReadableByHandle(const HANDLE hFile); VGAuthError ServiceFileVerifyUserAccessByHandle(const HANDLE hFile, const char *userName); +gchar *ServiceFileGetPathByHandle(HANDLE hFile); #else VGAuthError ServiceFileVerifyFileOwnerAndPerms(const char *fileName, const char *userName, ++++++ open-vm-tools.obsinfo ++++++ --- /var/tmp/diff_new_pack.0s34Di/_old 2025-05-15 17:00:02.842856581 +0200 +++ /var/tmp/diff_new_pack.0s34Di/_new 2025-05-15 17:00:02.842856581 +0200 @@ -1,5 +1,5 @@ name: open-vm-tools -version: 12.5.0 -mtime: 1728572707 -commit: f2ca37ef3510543172657b82493d1eceefa9a134 +version: 12.5.2 +mtime: 1747080453 +commit: 908dbba833dd28d72b315ee9fc96f5bcd0576e41
