Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 634862 - [vmware] app-emulation/vmware-modules-329.0.0: multiple CVE
Summary: [vmware] app-emulation/vmware-modules-329.0.0: multiple CVE
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo VMWare Bug Squashers [disabled]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-20 09:23 UTC by Manfred Knick
Modified: 2018-01-18 14:40 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
vmware-modules-329.0.0.ebuild (vmware-modules-329.0.0.ebuild,5.65 KB, text/plain)
2017-11-05 14:01 UTC, Manfred Knick
Details
vmware-modules-329.0.0.ebuild (vmware-modules-329.0.0.ebuild,5.70 KB, text/plain)
2017-11-06 09:14 UTC, Manfred Knick
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Manfred Knick 2017-10-20 09:23:58 UTC
Assignee: 	Gentoo VMWare Bug Squashers
-------------------------------------------

REFERENCE:

Bug 634770 - app-emulation/vmware-workstation-14.0.0 version bump


(??) has to be checked / replaced according to

"versioning of vmware-modules" :

. . . https://github.com/gentoo/vmware/issues/18
Comment 1 Manfred Knick 2017-11-01 14:37:04 UTC
(In reply to Manfred Knick from comment #0)

> (??) has to be checked / replaced according to

- Run the official installer

- tar -xf    /usr/lib64/vmware/modules/source/vmmon.tar 

- $ grep   VMMON_VERSION      vmmon-only/include/iocontrols.h

#define VMMON_VERSION           (329 << 16 | 0)                 <---
#define VMMON_VERSION_MAJOR(v)  ((uint32) (v) >> 16)
#define VMMON_VERSION_MINOR(v)  ((uint16) (v))
Comment 2 Manfred Knick 2017-11-05 14:01:43 UTC
Created attachment 502692 [details]
vmware-modules-329.0.0.ebuild

/usr/local/portage/local-overlay/app-emulation/vmware-modules/vmware-modules-329.0.0.ebuild

adapted from OVERLAY:

app-emulation/vmware-modules-308.5.7:0::vmware
Comment 3 Manfred Knick 2017-11-06 09:14:57 UTC
Created attachment 502780 [details]
vmware-modules-329.0.0.ebuild

3 old patches don't apply any more
Comment 4 Manfred Knick 2017-11-06 13:54:07 UTC
Cross-reference, concerning kernel version 4.14 :

     https://bugs.gentoo.org/619392#c5  ff.
Comment 5 Manfred Knick 2017-11-25 14:44:04 UTC
Bug 634770 , comments #c44 and #c45 belong here:

. . . ERROR: could not insert ... : Exec format error

   https://bugs.gentoo.org/634770#c44

   https://bugs.gentoo.org/634770#c45
Comment 6 Manfred Knick 2017-11-25 15:09:03 UTC
 Ștefan Talpalaru 2017-11-25 14:45:41 UTC

answered :

 https://bugs.gentoo.org/634770#c47
Comment 7 Manfred Knick 2017-11-25 15:50:15 UTC
@ Stefan :

In your overlay,

-workstation already contains a "Manifest" file.

Would you like to add one for -modules too?
Comment 8 Ștefan Talpalaru 2017-11-25 16:16:56 UTC
No need. "Thin" manifests only store hashes for dist files not under version control. There is no such file for this package, because it uses sources already installed by vmware-workstation.

More details: https://wiki.gentoo.org/wiki/Repository_format/package/Manifest#Thin_Manifest
Comment 9 Manfred Knick 2017-11-25 16:42:14 UTC
(In reply to Ștefan Talpalaru from comment #8)
> No need.

Sorry, Stefan,
but - once again - I'm _not_ testing your complete overlay.

$ grep -i "thin" /var/lib/layman/vmware/metadata/layout.conf 

# Use thin manifests
thin-manifests = true
# Dont sign thin manifests. There is no current policy for git commit signing

So I agree it definitely makes sense not to include it into your overlay -
meanwhile, I will manage myself locally.

Thanks for your hint.
Comment 10 Ștefan Talpalaru 2017-11-25 16:52:51 UTC
(In reply to Manfred Knick from comment #9)
> Sorry, Stefan,
> but - once again - I'm _not_ testing your complete overlay.

I don't mean no disrespect, but that's your problem, not mine. I take great care to run repoman in my overlay before publishing any modification to GitHub, so you won't catch me with broken or missing manifests. I also prefer the use of GitHub issues for bug reporting.

Now, I'm very grateful for your help in significantly improving the ebuild, but let's not pretend that anyone besides us cares about these Bugzilla comments and attachments. Most of Gentoo development moved outside Gentoo, in personal or project overlays.

The only time you'll see a core developer do a version bump is when they need it themselves. Reporting bugs here is still useful for regular users, but expecting them to be fixed in a promptly matter by core devs is nothing but a cargo cult - the planes won't land just because we built runways, the ebuilds won't reach the main tree just because you attach them.
Comment 11 Manfred Knick 2017-11-25 17:18:26 UTC
(In reply to Ștefan Talpalaru from comment #10)
> (In reply to Manfred Knick from comment #9)

> > but - once again - I'm _not_ testing your complete overlay.

This was only meant as an explanation.
 
> I don't mean no disrespect, but that's your problem, not mine. 

'til one minute ago,
I assumed your goal would be 
to gain integration of exactly these two packages
into official vmware overlay?

My goal is,

after - unfortunately and not really necessary; almost carelessly -
VMware as a professional solution had to be removed from Main Portage Tree,

to help at least re-establish the official [VMWARE] overlay
into a state that professional customers re-gain confidence
in using it for professional purposes.

Those people will definitely 
- neither care about multiple private GitHub repositories
- nor about GitHub issues.

Thus I get strongly urged to make sure that
   - plain Gentoo                     plus
   - official [VMWARE] overlay
are sufficient and reliable.

Just my 2 cents of thought ...

If I'm travelling headless roads,
I prefer to learn my mis-understandings.

If you intend to re-integrate VMware into Main Portage Tree via your Overlay,
I'll be the first to applaud - 
then please, let me know in which way I can help / assist best.

Kind regards
Manfred
Comment 12 Ștefan Talpalaru 2017-11-25 17:46:39 UTC
(In reply to Manfred Knick from comment #11)
> 'til one minute ago,
> I assumed your goal would be 
> to gain integration of exactly these two packages
> into official vmware overlay?

No, that's an exercise in futility. Look at what people are working on in that overlay - https://cgit.gentoo.org/proj/vmware.git/log/ :

"Added latest version 12.5.8.7098237" - 8 days ago

They obviously have other priorities.

> to help at least re-establish the official [VMWARE] overlay
> into a state that professional customers re-gain confidence
> in using it for professional purposes.

You can try, but I wouldn't hold my breath. Your best bet is that at some point in the future Fabio Rossi will need to run VMWare 14 so he'll stumble upon our work, cripple it in some horrible way and upstream that :-)
Comment 13 Manfred Knick 2017-11-25 18:17:25 UTC
(In reply to Ștefan Talpalaru from comment #12)

I deeply disgust disrespect.
Comment 14 Manfred Knick 2017-11-29 12:23:53 UTC
REFERENCE:

https://bugs.gentoo.org/634770#c56 ff.

Thanks again to Ștefan Talpalaru.
Comment 15 Manfred Knick 2017-11-29 12:44:29 UTC
(In reply to Manfred Knick from comment #14)

These have obsoleted former ebuild attachments.
Comment 16 Manfred Knick 2018-01-18 14:39:33 UTC
Obsolete: Multiple CVE

--> Bug 644950 - [vmware] app-emulation/vmware-modules-329.1.1: version bump