Kruti Pendharkar [Wed, 11 Jun 2025 00:48:53 +0000 (17:48 -0700)]
Check if the user name contains any illegal characters.
Verify that the user name whose store will be used to remove and query
aliases does not contain any illegal and path traversal characters
(backward and forward slashes).
Kruti Pendharkar [Wed, 11 Jun 2025 00:48:53 +0000 (17:48 -0700)]
Set the "patch" field of VMTools version to zero.
Prior to VMTools 13.0.0, the fourth field in the VMTools version was set
to PRODUCT_BUILD_NUMBER_NUMERIC which was the sequential build number
of the product within the branch. Going forward, the fourth field
of the displayed VMTools version is to be the "patch" starting with a
'0' value.
Check if the user name contains any illegal characters.
Verify that the user name whose store will be used to remove and query
aliases does not contain any illegal and path traversal characters
(backward and forward slashes).
Avoid potential pointer truncation in Util_Memcpy32
`Util_Memcpy32` casts pointers to `long` types, but `long` is
not necessarily large enough to store a pointer without
truncation. (For example, Windows typically uses LLP64 where
`long` is a 32-bit integer type on x64 systems. Although
`Util_Memcpy32` does its interesting work only for GCC, some
parts of our build use GCC on Windows, and apparently that
GCC configuration also uses LLP64.)
John Wolfe [Mon, 5 May 2025 22:58:03 +0000 (15:58 -0700)]
Validate user names and file paths
Prevent usage of illegal characters in user names and file paths.
Also, disallow unexpected symlinks in file paths.
This patch contains changes to common source files not applicable
to open-vm-tools.
All files being updated should be consider to have the copyright to
be updated to:
* Copyright (c) XXXX-2025 Broadcom. All Rights Reserved.
* The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
The 2025 Broadcom copyright information update is not part of this
patch set to allow the patch to be easily applied to previous
open-vm-tools source releases.
Use different command to reboot linux VM, depending on the init system type
We currently use the "telinit 6" command to reboot linux VMs.
However, the "telinit" command will be unavailable in the future as SysVinit
will be deprecated on some modern linux systems.
For example: In SUSE, "telinit" command is part of systemd-sysvcompat
(15 SP6 and newer) or systemd-sysvinit (older than 15 SP6), whereas in some
SUSE images or templates such as SUSE minimal VM has no such packages installed.
See SUSE KB: https://www.suse.com/support/kb/doc/?id=000021564
This change detects the init system of a linux and uses different command
to trigger reboot. If the modern init system, systemd, is available, then
"systemctl reboot" command will be used to trigger reboot. Otherwise, continue
using "telinit 6" command as SysVinit, the traditional init system, is still
available.
Prior to VMTools 13.0.0, the fourth field in the VMTools version was set
to PRODUCT_BUILD_NUMBER_NUMERIC which was the sequential build number
of the product within the branch. Going forward, the fourth field
of the displayed VMTools version is to be the "patch" starting with a
'0' value.
Kruti Pendharkar [Tue, 25 Feb 2025 09:29:11 +0000 (01:29 -0800)]
Update the AC_VMW_CHECK_LIB fields for xmlsec1 library.
Currently, the library's custom "config" (xmlsec1-config)
is being used to determine compiler and linker flags.
Customer reported cross compiler problem with the xmlsec1-config
usage and suggested the below changes to use pkg-config instead.
o Pass library name as 3rd parameter to AC_VMW_CHECK_LIB Macro
to determine the compiler and linker flags via pkg-config.
o Also use the predefined 'PKG_CONFIG' variable rather than hardcoding
'pkg-config'
Kruti Pendharkar [Tue, 25 Feb 2025 09:29:11 +0000 (01:29 -0800)]
Provide a tools.conf setting to disable timesync plugin
This change intends to address a customer issue that requires an
in-guest config to disable timesync without having to reboot VM or
restart. Although we have some ways to implement it from host side,
customer claimed the guest administator may not be the administrator
of vSphere so that an in-guest approach is still needed.
This change adds two config options under "timeSync" group:
- disable-all: This disables all time sync including one-time sync
and periodic sync.
- disable-periodic: This disables periodic sync only.
Note we cannot disable one-time sync and keep periodic sync enabled
as this is not allowed according to the product design.
Kruti Pendharkar [Tue, 25 Feb 2025 09:29:11 +0000 (01:29 -0800)]
Fix a couple of memory leaks in drag-and-drop/copy-paste code:
* `CopyPasteRpcV3::HandleMsg` calls `CPClipboard_Unserialize`
which allocates memory to the supplied `Clipboard`
structure, but it neglected to call `CPClipboard_Destroy`
to free it when done. Also update the documentation for
`CPClipboard_Unserialize` to make the contract more
explicit.
* `DnD_SetCPClipboardFromLocalText` completely neglected to
free its destination buffer.
Bonus cleanup:
* Make some pointers `const` (which also allows us to remove
some casts).
* Replace a call to `UNICODE_RELEASE_UTF16` with `free` since
the memory was allocated by lib/dnd with `malloc` and was
not allocated by lib/unicode.
Kruti Pendharkar [Tue, 25 Feb 2025 09:29:11 +0000 (01:29 -0800)]
Fix the assembler warning
The Warning "found movsd; assuming movsl was meant" was noticed while
building open-vm-tools with gcc 12.2.0 (on Debian 12.2.0-14).
It was because of the change https://sourceware.org/bugzilla/show_bug.cgi?id=29525
made to the GNU assembler code (GNU Binutils for Debian) 2.39.90.20221231.
Replace the instruction "movsd" with "movsl" to avoid this warning.
Kruti Pendharkar [Tue, 25 Feb 2025 01:42:24 +0000 (17:42 -0800)]
Update the AC_VMW_CHECK_LIB fields for xmlsec1 library.
Currently, the library's custom "config" (xmlsec1-config)
is being used to determine compiler and linker flags.
Customer reported cross compiler problem with the xmlsec1-config
usage and suggested the below changes to use pkg-config instead.
o Pass library name as 3rd parameter to AC_VMW_CHECK_LIB Macro
to determine the compiler and linker flags via pkg-config.
o Also use the predefined 'PKG_CONFIG' variable rather than hardcoding
'pkg-config'
Kruti Pendharkar [Tue, 25 Feb 2025 01:42:24 +0000 (17:42 -0800)]
Provide a tools.conf setting to disable timesync plugin
This change intends to address a customer issue that requires an
in-guest config to disable timesync without having to reboot VM or
restart. Although we have some ways to implement it from host side,
customer claimed the guest administator may not be the administrator
of vSphere so that an in-guest approach is still needed.
This change adds two config options under "timeSync" group:
- disable-all: This disables all time sync including one-time sync
and periodic sync.
- disable-periodic: This disables periodic sync only.
Note we cannot disable one-time sync and keep periodic sync enabled
as this is not allowed according to the product design.
Kruti Pendharkar [Tue, 25 Feb 2025 01:42:24 +0000 (17:42 -0800)]
Fix the assembler warning
The Warning "found movsd; assuming movsl was meant" was noticed while
building open-vm-tools with gcc 12.2.0 (on Debian 12.2.0-14).
It was because of the change https://sourceware.org/bugzilla/show_bug.cgi?id=29525
made to the GNU assembler code (GNU Binutils for Debian) 2.39.90.20221231.
Replace the instruction "movsd" with "movsl" to avoid this warning.
Kruti Pendharkar [Tue, 25 Feb 2025 01:42:24 +0000 (17:42 -0800)]
[config] Change to tools.conf ignored when time syncs backwards.
Originally seen on Windows 2025:
A guest start with a date+time that gets updated by a time sync process (ntp,
timesync) that performs a significant jump backwards in time.
*: Significant here as nothing to do with the size of the jump, but rather its
timing.
The VMware Tools 'tools.conf' file exists and was created in the original time
configuration of the VM such that it's last modified time is current on boot and
when initially loaded (read) by the VMware Tools service. The service will have
saved this last modified timestamp for future comparisons.
At a point after the VMware Tools configuration is loaded, a time sync occurs
that updates the guest time backwards (Tx becomes Tx-y) such that the new time
is before the VMware Tools configuration file's (tools.conf) last modified
timestamp.
After the time adjustment AND before the new time catches up with the old time;
the VMware Tools configuration file (tools.conf) is updated. Its last modified
time changing from a time consistent with the old time to a time at or shortly
later than the new time.
When the VMware Tools service checks for configuration update, the saved and
current 'last modified' timestamps are compared.
The old comparison was performing a '<=' comparison to skip reading the
configuration file, only re-loading the configuration for newer timestamps.
In the conditions here, this check causes the configuration change to be ignored
until the guest time catches up and passes the saved 'future' timestamp or the
VMware Tools service is restarted.
Change:
Changing the last modified timestamp check to skip the configuration reload
when the timestamp are the same (from '<=' to '==').
Kruti Pendharkar [Fri, 21 Feb 2025 13:54:27 +0000 (05:54 -0800)]
[componentMgr] salt-minion - update integration script to version 2024.12.05
svtminion:
New release (2024.12.05) of the salt-minion integration script.
o Supports the new repository locations at packages.broadcom.com.
o Only supports Salt 3006 and higher with new Broadcom infrastructure.
o New return code 107 (Installed but Stopped); used when the service is
installed but stopped. Added to help with customer case where the service
remains 'not running' due to user action.
NOTE: Fixed line 31 apostrophe being an unicode homoglyph in svtminion.ps1
validated the downloaded files sha256 before that change.
componentMgr:
Update component manager to support the new return code 107.
return code: 107
string id: INSTALLEDSTOPPED
string message: Installed but Stopped.
Kruti Pendharkar [Tue, 18 Feb 2025 09:42:46 +0000 (01:42 -0800)]
Update ChangeLog with the granular push of Feb 18, 2025.
- plus ChangeLog update of Jan 08, 2025.
- plus missed copyright year update to multiple files.
Kruti Pendharkar [Tue, 18 Feb 2025 09:13:56 +0000 (01:13 -0800)]
[componentMgr] salt-minion - update integration script to version 2024.12.05
svtminion:
New release (2024.12.05) of the salt-minion integration script.
o Supports the new repository locations at packages.broadcom.com.
o Only supports Salt 3006 and higher with new Broadcom infrastructure.
o New return code 107 (Installed but Stopped); used when the service is
installed but stopped. Added to help with customer case where the service
remains 'not running' due to user action.
NOTE: Fixed line 31 apostrophe being an unicode homoglyph in svtminion.ps1
validated the downloaded files sha256 before that change.
componentMgr:
Update component manager to support the new return code 107.
return code: 107
string id: INSTALLEDSTOPPED
string message: Installed but Stopped.
Kruti Pendharkar [Tue, 18 Feb 2025 09:13:55 +0000 (01:13 -0800)]
Fix a couple of memory leaks in drag-and-drop/copy-paste code:
* `CopyPasteRpcV3::HandleMsg` calls `CPClipboard_Unserialize`
which allocates memory to the supplied `Clipboard`
structure, but it neglected to call `CPClipboard_Destroy`
to free it when done. Also update the documentation for
`CPClipboard_Unserialize` to make the contract more
explicit.
* `DnD_SetCPClipboardFromLocalText` completely neglected to
free its destination buffer.
Bonus cleanup:
* Make some pointers `const` (which also allows us to remove
some casts).
* Replace a call to `UNICODE_RELEASE_UTF16` with `free` since
the memory was allocated by lib/dnd with `malloc` and was
not allocated by lib/unicode.
Kruti Pendharkar [Tue, 18 Feb 2025 09:13:55 +0000 (01:13 -0800)]
[VMX][GuestOps] VM Denial of Service through guestops API requests.
Using PowerCLI Invoke-VMScript; an arbitrary 'ScriptText' payload can be sent
that will result in an internal vix request message that exceeds the
VIX_COMMAND_MAX_REQUEST_SIZE limit (64KB at writing).
Some guestops implementation do not check the result of call to
VixMsg_AllocRequestMsg(), which can be NULL, before use; causing a panic and
the VM (vmx) to crash/coredump.
The check for VIX_COMMAND_MAX_USER_INPUT_SIZE in foundryVMGuestOps.c are ported
to guestOps.c and additional checks are added to other site that call into
VixMsg_AllocRequestMsg() within guestOps.c.
projects / thirdparty / open-vm-tools.git / log
