Ignore deprecated warning for LIBXML2 APIs xmlFileXXX.
CVE-2024-40896 has been fixed in the following libxml2 releases.
- 2.13.3
- 2.12.9
- 2.11.9
The libxml2 version 2.13.0 has deprecated the xmlFileMatch, UserXmlFileOpen,
xmlFileRead, xmlFileClose callback functions. This change suppresses a
"deprecated-declaration" warning when these functions are invoked.
Record the use of tools version 12.1.1 for the MacOS tools patch release.
The last darwin.iso for MacOS guests was at version 12.1.0. A
subsequent security issues was fixed in VMware Tools patch 12.1.1
(only darwin.iso).
Adding use of that version number as TOOLS_VERSION_MITER_SAW_PATCH1
in lib/include/vm_tools_version.h.
Kruti [Fri, 4 Oct 2024 05:57:50 +0000 (22:57 -0700)]
Ignore deprecated warning for LIBXML2 APIs xmlFileXXX.
CVE-2024-40896 has been fixed in the following libxml2 releases.
- 2.13.3
- 2.12.9
- 2.11.9
The libxml2 version 2.13.0 has deprecated the xmlFileMatch, UserXmlFileOpen,
xmlFileRead, xmlFileClose callback functions. This change suppresses a
"deprecated-declaration" warning when these functions are invoked.
John Wolfe [Tue, 24 Sep 2024 21:31:17 +0000 (14:31 -0700)]
====================================================================
The "stable-12.5.x" branch was created from the "devel" branch here.
====================================================================
Update the ChangeLog with the ChangeLog update of Aug 27, 2024.
Kruti [Tue, 27 Aug 2024 09:31:46 +0000 (02:31 -0700)]
Update ChangeLog with the granular push of Aug 27, 2024.
- plus Copyright pattern update of file tools.conf
- plus README.md update of Aug 15, 2024.
- plus ChangeLog update of July 15, 2024.
Kruti [Tue, 27 Aug 2024 09:11:00 +0000 (02:11 -0700)]
Annotate the os-release guest identification function HostinfoOsRelease()
The HostinfoOsRelease() function examines the os-release standard file(s) to
collect distro identification data of interest. This is open-source and users
can legally modify the code changing the standard file priority order or
accessing other files. Any such change breaks compliance with the os-release
standard and may cause confusion in the field.
The function header has been updated to remind users of this issue.
Update vmware-user.desktop.in and delete vmware-user.desktop.
Update settings for vmware-user.desktop.in:
- Remove Encoding since it's deprecated.
- Uncomment NoDisplay=True since the bug related to it was fixed
a while ago.
Delete bora-vmsoft/install/common/vmware-user.desktop as it is no
longer needed. In open-vm-tools, vmware-user.desktop is generated from
vmware-user.desktop.in.
Kruti [Mon, 24 Jun 2024 16:08:34 +0000 (09:08 -0700)]
Update of the ChangeLog with the final changes in preparation for
the open-vm-tools 12.4.5 release.
- plus fix for incorrectly patched files.
- plus ChangeLog update of Jun 7, 2024.
Kruti [Fri, 7 Jun 2024 16:55:04 +0000 (09:55 -0700)]
[Coverity]: Fixes for issues found from static application security testing
Adding coverity escapes for false-positive issues.
hgfsServerParameters.c -- 1 issue reported.
issue: Overrunning array of 5 bytes at byte offset 5 by dereferencing
pointer "newName".
impact: False-Positive
fix: suppress 'overrun-local'
vmhgfs-fuse/file.c -- 2 issues reported.
issue: Overrunning array of n bytes at byte offset n by dereferencing
pointer "newNameP" (n is 17 and 5 respectively for those 2 locations
where the issue occured).
impact: False-Positive
fix: suppress 'overrun-local'
vmhgfs-fuse/link.c -- 2 issues reported.
issue: Overrunning array of n bytes at byte offset n by dereferencing
pointer "fileNameP" (n is 17 and 5 respectively for those 2 locations
where the issue occured).
impact: False-Positive
fix: suppress 'overrun-local'
vmhgfs-fuse/transport.c -- 1 issue reported.
issue: uninit_use_in_call: Using uninitialized value "reply" while calling
HgfsCompleteReq() function.
impact: Bug
fix: Remove function, it is unused/dead code (transport.h too).
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
ProcManagerPosix.c: Direct child process's logs to stdio.
Mutexes in lib/libvmtools/vmtoolsLog.c and glib could have been locked
at fork time. The vmtoolsLog.c Debug(), Warning() and Panic()functions
are not safe for child processes.
- Direct the offspring process's logs to stdio.
- Terminate the offspring process with _exit() or abort().
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
Fix LOCK_EVASION issue found by Coverity scan.
fileLogger.c -- 2 issues reported in file
issue: MultiReader/SingleWriter lock race conditions between assign and
check.
fix: Mitigation more than fix.
issue: Coverity seems confused by the MR/SW lock, but there is some data
field assignment performed under the wrong lock to clean up.
fix: Move assignment made under Read lock to Write lock.
Moved setting the data->error status inside of writer lock block.
Added re-checking the data->error status at reader -> writer and
writer -> reader lock transitions.
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
Verify the xmlsec version before passing the compiler
flag "-DXMLSEC_NO_SIZE_T", as it has been deprecated since 1.3.3.
The configure option "--enable-size-t" has been set to yes by default starting
with 1.3.0.
version < 1.3.0 :
Add "-DXMLSEC_NO_SIZE_T" if size_t has a size other than 4 bytes.
(There was no enable-size-t before 1.2.35 and the enable-size-t is
"no" by default in [1.2.35, 1.3.0))
version >= 1.3.0 :
Do not add "-DXMLSEC_NO_SIZE_T" (as enable-size-t is "yes" by
default in version [1.3.0, 1.3.3) and no need to consider this
option since 1.3.3)
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
[Coverity]: UNINIT in resolutionSet finding from static application
security testing (SAST)
resolutionSet.c -- 1 issue reported in the file
issue: capabilityArray not initialized or partially initialized when
reaching the statement.
impact: False-positive
fix: suppress 'uninit_use_in_call'
VMTools_WrapArray converts the capabilityArray to a GArray.
The 'wrapped' array is allocated space for capabilityCount elements and
only the first capabilityCount elements are COPIED from capabilityArray
to the allocated GArray. As such, the uninitialized elements of the
capabilityArray are never used to generate the returned GArray. While
technically true (uninitialized) there is no reason to zero the array
indexes from capabilityCount through to the end of the array as these
elements are unused.
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
Update NetworkManager calls in suspend/resume scripts.
Revise the NetworkManager calls in the Linux network script to
prefer using the Sleep method over the "Enable" method being used
to work around a bug in version 0.9.0.
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
Fixes for issues found in Coverity scan.
vgauth/serviceImpl/saml-xmlsec1.c
issue: 'string_null' for strlen(pemCert)
impact: False-positive
fix: suppress 'string_null'
issue: leaked_storage: certChain is not cleaned up on error.
impact: Memory is leaked on the error path.
fix: Add line before return to free certChain.
services/plugins/serviceDiscovery/serviceDiscovery.c
issue: overrun-local: gdpErrMsgs array contains one less entry then there are
enum defined.
impact: Valid but the function never return the GDP_ERR_MAX enum.
fix: in gdp.h, add an error entry for GDP_ERR_MAX this way gdpErrMsgs will
generate all entries.
lib/file/fileLockPosix.c
issue: string_null for 'buffer' not being null terminated.
impact: False-positive
fix: suppress 'string_null'
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
Fix the SHELLCHECK_WARNING findings from static application security testing
(SAST)
install/Linux/scripts/network: Multiple shellcheck issues found in the
Linux "network" script with the warning "Remove backticks to avoid
executing output (or use eval if intentional)."
Removed the backticks from those corresponding lines of the script.
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
[Coverity]: Fix the Y2K38_SAFETY findings from static application security
testing (SAST)
guestInfoServer.c -- 2 issues reported in file
issue: casting time_t (64bits) to int (32bits) causing Y2K38_SAFETY.
impact: delta is a time delta in seconds, overflow if delta >=
(G_MAXINT/1000)+1
fix: Remove cast on delta, cast both values as int64.
issue: casting time_t to int for logging to a '%d'.
impact: delta is a time delta in seconds, not expected to overflow a 32 bit
int.
fix: Remove cast on delta, change string to use '%"FMT64"d' format and cast
the time_t to int64; time_t is defined as 'long int'.
vixTools.c -- 7 issues reported in file
issue: casting time_t to int for convertion to string (xml)
impact: procStartTime is a time from epoch, it will overflow the int in Y2K38.
fix: Remove the cast, change the string to use '%"FMT64"d"' and cast the
time_t to int64; time_t is defined as 'long int'.
issues: casting time_t to int in call to VixToolsPrintProcInfoEx.
impact: The times used are time from epoch and will be impacted by Y2K38.
fix: Change signature of VixToolsPrintProcInfoEx to take in time_t types.
Change VixToolsPrintProcInfoEx to use '%"FMT64"d' in string conversions.
and cast the time_t to int64; time_t is defined as 'long int'.
Kruti [Fri, 7 Jun 2024 16:55:03 +0000 (09:55 -0700)]
Linux network log file permissions fix: 0644 to 0600
Since release 11.3.5, on linux guests, the vmware-network.log file has root
default file creation permissions (0644) rather than the expected 0600
permissions.
Fix:
- Adding chmod 0600 on log file creation.
- Adding file creation before first logging.
- Adding handling of unset handler in case switch, default to file logging.
- Adding logging of unknown or bad handler, and using file logging as default.
- Default number of logfiles when network.maxOldLogFiles is set to 0.
Kruti [Tue, 28 May 2024 09:35:23 +0000 (02:35 -0700)]
Update ChangeLog with the granular push of May 26, 2024.
- plus Copyright pattern update of file x86_basic_defs.h
- plus ChangeLog update of May 20, 2024.
Kruti [Tue, 21 May 2024 05:58:13 +0000 (22:58 -0700)]
[Coverity]: Fixes for issues found from static application security testing
Adding coverity escapes for false-positive issues.
hgfsServerParameters.c -- 1 issue reported.
issue: Overrunning array of 5 bytes at byte offset 5 by dereferencing
pointer "newName".
impact: False-Positive
fix: suppress 'overrun-local'
vmhgfs-fuse/file.c -- 2 issues reported.
issue: Overrunning array of n bytes at byte offset n by dereferencing
pointer "newNameP" (n is 17 and 5 respectively for those 2 locations
where the issue occured).
impact: False-Positive
fix: suppress 'overrun-local'
vmhgfs-fuse/link.c -- 2 issues reported.
issue: Overrunning array of n bytes at byte offset n by dereferencing
pointer "fileNameP" (n is 17 and 5 respectively for those 2 locations
where the issue occured).
impact: False-Positive
fix: suppress 'overrun-local'
vmhgfs-fuse/transport.c -- 1 issue reported.
issue: uninit_use_in_call: Using uninitialized value "reply" while calling
HgfsCompleteReq() function.
impact: Bug
fix: Remove function, it is unused/dead code (transport.h too).
projects / thirdparty / open-vm-tools.git / log
