From patchwork Sat Oct 4 14:08:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9154 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cf6nb38Qqz3wb0 for ; Sat, 04 Oct 2025 14:08:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cf6nb1Bjyz3sy for ; Sat, 04 Oct 2025 14:08:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cf6nb0SpWz2y4s for ; Sat, 04 Oct 2025 14:08:19 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cf6nX3Hm8z2xRj for ; Sat, 04 Oct 2025 14:08:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cf6nW5YDQz1GW; Sat, 04 Oct 2025 14:08:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1759586895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=gBaGjOkiiZ1BWhmTfEzp2a6OGEJm6rN/BVG5hchf5I8=; b=HA/DHL3H82KxIRaRG23zIBCBEwC9aWKxWarHyHfXGBbkqnIR93qrw11CfpTCuVXd9x9ncb gH/4C2UzKIjEKSBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1759586895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=gBaGjOkiiZ1BWhmTfEzp2a6OGEJm6rN/BVG5hchf5I8=; b=cVsNjmKs7iPfQ12vEvSehFWXvVoJEudB4otuV5Sb/HwVZnXQEMqaSJznj7g54sG9yZq5J8 WiX9bj3fNFPhSqv43yviqzm221dqZ2LpRE8xj7sP+yu1zXOUbGBocEbJ4sKWjDM6UnezH6 sj2SQyak3f0p2DBBbJnLxLRDytVazWe/Ms016a4HA5TCyrzdBPvfV7Le0H8k3pNOz5Y4pz pAklMfJ8G1DOmQPLLAtIwcR+Xq7FZJFgRHpCZsHqCPlBkYt02qEZeXRtCFWOPobT8tsvjh kkq0vfEWWazY5AwRhsP/KntmO92LWUF9qkpJv045jxJhuGpTpC2wT9ENgO7Ujw== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] openvmtools: Update to version 13.0.5 Date: Sat, 4 Oct 2025 16:08:13 +0200 Message-ID: <20251004140813.579888-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 12.5.0 to 13.0.5 - Update of rootfile not required - 2 CVE fixes. - Changelog 13.0.5 Resolved Issues This release resolves CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A patch to address CVE-2025-41244 on earlier open-vm-tools releases is provided to the Linux community at CVE-2025-41244.patch. Guest OS Customization updated to use "systemctl reboot". Currently the "telinit 6" command is used to reboot a Linux VM following Guest OS Customization. As the classic Linux init system, SysVinit, is deprecated in favor of a newer init system, systemd, the telinit command may not be available on the base Linux OS. This change adds support to Guest OS Customization for the systemd init system. If the modern init system, systemd, is available, then a "systemctl reboot" command will be used to trigger reboot. Otherwise, the "telinit 6" command will be used assuming the traditional init system, SysVinit, is still available. 13.0.0 Resolved Issues The following github.com/vmware/open-vm-tools pull requests and issues has been addressed. FTBFS: --std=c23 conflicting types between function definition and declaration MXUserTryAcquireForceFail() Fixes Issue #750 Pull request #751 Provide tools.conf settings to deactivate one-time and periodic time synchronization The new tools.conf settings disable-all and disable-periodic allow the guest OS administrator to deactivate one-time and periodic time synchronization without rebooting the VM or restarting the guest OS. Fixes Issue #302 Fix xmlsec detection when cross-compiling with pkg-config Pull request #732 After October 25, 2024, with open-vm-tools earlier than 13.0.0, the salt-minion component is not installed or fails to install in a guest operating system through the VMware Component Manager When you configure the salt-minion component in the present state, its last status is set to 102 (not installed) or 103 (installation failed), never reaching the installed state 100. The VM advanced setting with the key "guestinfo./vmware.components.salt_minion.desiredstate" has a value present. The VM advanced setting with the key "guestinfo.vmware.components.salt_minion.laststatus" has a value 102 or 103. The salt-minion component installs a log file with traces indicating failure to access the online salt repository on https://repo.saltproject.io. The "vmware-svtminion.sh-install-*.log" file for the failed install shows a trace similar to: INFO: /usr/lib64/open-vm-tools/componentMgr/saltMinion/svtminion.sh:_curl_download attempting download of file 'repo.json' WARNING: /usr/lib64/open-vm-tools/componentMgr/saltMinion/svtminion.sh:_curl_download failed to download file 'repo.json' from 'https://repo.saltproject.io/salt/py3/onedir/repo.json' on '0' attempt, retcode '6' WARNING: /usr/lib64/open-vm-tools/componentMgr/saltMinion/svtminion.sh:_curl_download failed to download file 'repo.json' from 'https://repo.saltproject.io/salt/py3/onedir/repo.json' on '1' attempt, retcode '6' WARNING: /usr/lib64/open-vm-tools/componentMgr/saltMinion/svtminion.sh:_curl_download failed to download file 'repo.json' from 'https://repo.saltproject.io/salt/py3/onedir/repo.json' on '2' attempt, retcode '6' WARNING: /usr/lib64/open-vm-tools/componentMgr/saltMinion/svtminion.sh:_curl_download failed to download file 'repo.json' from 'https://repo.saltproject.io/salt/py3/onedir/repo.json' on '3' attempt, retcode '6' WARNING: /usr/lib64/open-vm-tools/componentMgr/saltMinion/svtminion.sh:_curl_download failed to download file 'repo.json' from 'https://repo.saltproject.io/salt/py3/onedir/repo.json' on '4' attempt, retcode '6' ERROR: /usr/lib64/open-vm-tools/componentMgr/saltMinion/svtminion.sh:_curl_download failed to download file 'repo.json' from 'https://repo.saltproject.io/salt/py3/onedir/repo.json' after '5' attempts This issue is resolved in this release. The new versions of the salt-minion integration scripts supporting the new Salt Project repository locations are available at: https://packages.broadcom.com/artifactory/saltproject-generic/onedir/ 12.5.4 Product Support Notice Beginning with the next major release, we will be reducing the number of supported localization languages. The three supported languages will be: Japanese Spanish French The following languages will no longer be supported: Italian German Brazilian Portuguese Traditional Chinese Korean Simplified Chinese Impact: Users who have been using the deprecated languages will no longer receive updates or support in these languages. All user interfaces, message catalogs, help documentation, and customer support will be available only in English or in the three supported languages mentioned above. Resolved Issues This release resolves CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A patch to address CVE-2025-41244 on earlier open-vm-tools releases is provided to the Linux community at CVE-2025-41244.patch. 12.5.2 Resolved Issues This release resolves CVE-2025-22247. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0007 A patch to address CVE-2025-22247 on earlier open-vm-tools releases is provided to the Linux community at CVE-2025-22247.patch. Signed-off-by: Adolf Belka --- lfs/openvmtools | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/openvmtools b/lfs/openvmtools index 52ea91c73..899bedb03 100644 --- a/lfs/openvmtools +++ b/lfs/openvmtools @@ -26,7 +26,7 @@ include Config SUMMARY = Open Virtual Machine Tools -VER = stable-12.5.0 +VER = stable-13.0.5 THISAPP = open-vm-tools-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)/open-vm-tools TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 PROG = openvmtools -PAK_VER = 13 +PAK_VER = 14 DEPS = @@ -52,7 +52,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 3ad8b820d75fe82f0111a3042a5f26697c56a10b06c77abb55ce84ebd9c8c9867283a7682131633f67ea86a7a85f95f35b3eecc255a3b8de44ee0e242f4da44e +$(DL_FILE)_BLAKE2 = a5f7ba870e8104e8c018b632b446a3c4ad8d90faf09578eba418928be5c53792efc91b84c84de2dec5b23135977e96f5ed10a66fd0047f627d8db6e286b71bb2 install : $(TARGET)