Created attachment 515238 [details] /usr/local/portage/local-overlay/app-emulation/vmware-workstation/vmware-workstation-14.1.1.7528167_rc-r0.ebuild All earlier versions suffer serious CVE : please HARD-MASK or PRUNE. Predecessor: Bug 634770 - [vmware] app-emulation/vmware-workstation-14.0.0 version bump player.product.version = "14.1.1" product.buildNumber = "7528167" product.version = "14.1.1" product.name = "VMware Workstation" workstation.product.version = "14.1.1" VMWARE_FUSION_VER="10.1.1_7520154" ./files : just copy-rename vmware-14.0.rc vmware-14.1.rc ..........^... vmware-server-14.0.rc vmware-server-14.1.rc .................^...
Reference: Bug 644950 - [vmware] app-emulation/vmware-modules-329.1.1: version bump Disabling line 88: #ernel_is ge 4 13 0 && epatch "${FILESDIR}/${PV_MAJOR}-4.13-01-vmmon-fix-page-accounting.patch" in vmware-modules-329.1.1_rc-r0.ebuild, vmware-workstation-14.1.1.7528167_rc-r0.ebuild cleanly builds, vmware starts without error messages, VMs can be started / worked / shutdown / re-set to earlier snapshots.
Reference to our colleagues @ Arch Linux: . . . https://aur.archlinux.org/packages/vmware-workstation/
vmware-workstation-14.1.1.7528167 added to my overlay: https://github.com/stefantalpalaru/gentoo-overlay
CONFIRMATION: Together with vmware-modules-329.1.1-r1.ebuild, vmware-workstation-14.1.1.7528167.ebuild . . . works with 4.15.0-gentoo [ https://bugs.gentoo.org/644950#c9 ] .
> . . . works with 4.15.0-gentoo Courtesy for all friends of "~" : CONFIRMATION for sys-kernel/gentoo-sources-4.15.0 sys-kernel/linux-headers-4.15 sys-devel/gcc:7.3.0 sys-libs/glibc-2.26-r5:2.2 sys-devel/binutils-2.30:2.30 positively tested with - clean --emptytree re-build of the whole system - multiple { M$ | Gnu/Linux | BSD } VMs
VMware Tools : update problem Inside the (M$) VM, the toolbar icon (correctly) indicates that there is a newer version available for the currently installed VMware Tools . . . Version 10.1.15, build-6627299 . Trying to install them via "VM" --> "update VMware Tools..." tries to (correctly) upgrade to . . . Version 10.2.0 but fails: "Error updating VMware Tools for Windows Vista or later. See details for more information." "There was a problem updating a software component. Try again later and if the problem persists, contact VMware Support or your system administrator." Manually commanding "Check for updates" again connects to [ https://softwareupdate.vmware.com/cds ] and throws "There are no software updates available at this time." Manually mounting e.g. /opt/vmware/lib/vmware/isoimages/windows.iso to /media/iso-image , manifest.txt displays
(continuded) (sorry - early send unwanted ) displays "10.2.0.7047" as version entries, which looks pretty much correct to me.
http://softwareupdate.vmware.com/cds/vmw-desktop/ws /14.1.1/7528167/linux/packages/ contains metadata.xml.gz vmware-tools-freebsd-10.2.0-7259539.x86_64.component.tar vmware-tools-linux-10.2.0-7259539.x86_64.component.tar vmware-tools-linuxPreGlibc25-10.2.0-7259539.x86_64.component.tar vmware-tools-netware-10.2.0-7259539.x86_64.component.tar vmware-tools-solaris-10.2.0-7259539.x86_64.component.tar vmware-tools-winPre2k-10.2.0-7259539.x86_64.component.tar vmware-tools-winPreVista-10.2.0-7259539.x86_64.component.tar vmware-tools-windows-10.2.0-7259539.x86_64.component.tar metadata.xml entries always refer to <product> <buildNumber>7528167</buildNumber> <version>14.1.1</version> ... grep: no "7047" found, neither in metadata.xml nor in vmware-tools-windows-10.2.0-7259539.x86_64.component --> --> descriptor --> ... .component ? buttons on my eyes ?
@ Stefan: Re-phrasing the situation: - The old VMware Tools Version 10.1.15, build-6627299 already contained in the existing VMs originate from the upgrade to 14.0.0, build-6661328 already. - Their upgrade to the new 10.2.0-7259539 supplied with 14.1.1 fails. <--- - https://kb.vmware.com/s/article/2007298 does not mitigate the problem.
Is there something we can do on our side?
(In reply to Ștefan Talpalaru from comment #10) > Is there something we can do on our side? In between, I consider "VMware Tools for this virtual machine have not been found on your computer. Installation will not be able to continue." as the key issue now. Just investigating freshly pruned vmware.log files: - start the VM - require a tools upgrade |--> cancel - shutdown A) VM with Windows 8.1: ToolsISO: open of /opt/vmware/lib/vmware/isoimages/isoimages_manifest.txt.sig <----- failed: Could not find the file ToolsISO: Unable to read signature file '/opt/vmware/lib/vmware/isoimages/isoimages_manifest.txt.sig', <----- ignoring. ToolsISO: Selected Tools ISO 'windows.iso' for 'windows8-64' guest. # cd /opt/vmware/lib/vmware/isoimages # ll -rw-r--r-- 1 root root 17M 7. Mär 12:06 freebsd.iso -rw-r--r-- 1 root root 256 7. Mär 12:06 freebsd.iso.sig -rw-r--r-- 1 root root 5,1K 7. Mär 12:06 isoimages_manifest.txt ......................................... isoimages_manifest.txt.sig !missing! -rw-r--r-- 1 root root 56M 7. Mär 12:06 linux.iso -rw-r--r-- 1 root root 256 7. Mär 12:06 linux.iso.sig -rw-r--r-- 1 root root 451 7. Mär 12:06 tools-key.pub -rw-r--r-- 1 root root 99M 7. Mär 12:06 windows.iso -rw-r--r-- 1 root root 256 7. Mär 12:06 windows.iso.sig . . . indeed . . . B) Same findings for Windows-7.
Created attachment 522668 [details] Win-7 vmware.log grep "Tools"
Created attachment 522670 [details] Win-8.1 vmware.log grep "Tools"
# ll /opt/vmware/lib/vmware/isoimages | grep -v "\.iso" -rw-r--r-- 1 root root 5,1K 7. Mär 12:06 isoimages_manifest.txt -rw-r--r-- 1 root root 451 7. Mär 12:06 tools-key.pub vmware-workstation-14.1.1.7528167.ebuild, line 672 ff does take care for the *.iso and *.iso.sig, but where does vmware-workstation-14.1.1.7528167.ebuild introduce the two above? Grepping the ebuild for "manifest" | "tools" | "key" did not enlight me either yet.
# # . . . WORKAROUND : # - for each VM : - you may want to take a snapshot before - manually create an additional CD/DVD - - and with that supply the corresponding /opt/vmware/lib/vmware/isoimages/{*}.iso originating from the vmware-workstation-14.1.1 installation - start the VM - open the corresponding virtual CD - e.g., start setup{64}.exe . . . - reboot to finish the installation - verify that it's "Version 10.2.0" now - shutdown - get rid of the (temporary) CD/DVD again - you may want to take a snapshot again Enjoy.
Extracting # VMware-Workstation-Full-14.1.1-7528167.x86_64.bundle -x <temp-dir> # find . -name *manifest.txt* ./vmware-player-app/lib/isoimages/isoimages_manifest.txt ./vmware-vix-lib-Workstation1400/lib/Workstation-14.0.0/64bit/manifest.txt # find . -name *manifest.txt.sig <--- none found # find . -name *.txt.sig <--- none found # ll ./vmware-player-app/lib/isoimages/ -rw-r--r-- 1 root root 5,1K 9. Mär 21:07 isoimages_manifest.txt -rw-r--r-- 1 root root 451 9. Mär 21:07 tools-key.pub # diff: ./vmware-player-app/lib/isoimages/isoimages_manifest.txt and /opt/vmware/lib/vmware/isoimages/isoimages_manifest.txt are identical, same applies to .../tools-key.pub . More and more get the impression that the cause of the error is buried in VMware's Tools updater ... Strangely, I can not find any corresponding bugs elsewhere ...
dev-libs/nettle: Upgrade from dev-libs/nettle-3.3-r2:0/6.1 to dev-libs/nettle-3.4:0/6.2 New stable version in Gentoo creates conflict with vmware-workstation. CONFIRMATION: Change vmware-workstation-14.1.1.7528167.ebuild, line 181: from dev-libs/nettle:0/6.1 to dev-libs/nettle:0/6.2 WORKSFORME.
nettle dependency upgraded in app-emulation/vmware-workstation-14.1.1.7528167-r1
(In reply to Ștefan Talpalaru from comment #3) > vmware-workstation-14.1.1.7528167 added to my overlay: > https://github.com/stefantalpalaru/gentoo-overlay Thanks! Works fine so far on ~amd64. The only issue I ran across is a fetch failure with "vmware-tools-darwin" and "vmware-tools-darwinPre15".
I can't replicate the fetch failures, but I released app-emulation/vmware-workstation-14.1.1.7528167-r2 with the package version inserted in those two archives' names since I noticed they lacked that.
When using bundled-libs, this happens: ====================================== emerge -a --depclean >>> These are the packages that would be unmerged: media-libs/tiff selected: 3.9.7-r1 protected: none omitted: 4.0.9-r3 ... !! existing preserved libs: >>> package: media-libs/tiff-3.9.7-r1 * - /usr/lib64/libtiff.so.3 * used by /opt/vmware/lib/vmware/libconf/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-tiff.so (app-emulation/vmware-workstation-14.1.1.7528167-r1) ====================================== It doesn't appear that workstation bundles libtiff.so.3 though, unless the ebuild just isn't installing it, that is. So maybe it needs a dep on media-libs/tiff:3 I guess?
media-libs/tiff:3 dependency added in app-emulation/vmware-workstation-14.1.1.7528167-r3
vmware-workstation-14.1.2.8497320 and vmware-modules-329.1.2 added to my overlay
(In reply to Ștefan Talpalaru from comment #23) @Stefan: Thanks a lot! Ebuild resolves Darwin Tools download to "14.1.2" instead of "10.1.2* .---> digest / download fails. Digest tries do download them although none of the mac use flags are set. Kind regards! VMWARE_FUSION_VER="${MY_PV}_${PV_BUILD}" <----- https://softwareupdate.vmware.com/cds/vmw-desktop/fusion/10.1.2/8502123/packages/ .........................................................^^.^.^.^^^^^^^ >>> Downloading 'https://softwareupdate.vmware.com/cds/vmw-desktop/fusion/14.1.2/8497320/... ..........................................................^^.^.^.^^^^^^^
(In addition to Manfred Knick from comment #24) > VMWARE_FUSION_VER="${MY_PV}_${PV_BUILD}" <----- CONFIRMATION: WORKSFORME with . . . VMWARE_FUSION_VER="10.1.2_8502123" <----- Fusion being much younger than Workstation, Major Release differs by four Minor Release typically matches Release Version often divert because of non-matching patch updates This was the reason for hard-coding VMWARE_FUSION_VER into the ebuild. This update heals the following CVE: VMSA-2018-0012 VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue VMSA-2018-0013 VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities So all users are strongly encouraged to update as soon as Stefan has released expected follow-up "-r1" !
Unfortunately, the Tools Update problem described in comment 6 ff persist. Fortunately, the WORKAROUND also: - assign "/opt/vmware/lib/vmware/isoimages/windows.iso" to CD-ROM - run setup from explorer manully installs 10.2.5_8068393
VMWARE_FUSION_VER fixed in vmware-workstation-14.1.2.8497320-r1. Thanks for the info. > Unfortunately, the Tools Update problem described in comment 6 ff persist. Looks like it's an old problem on Linux hosts: https://communities.vmware.com/thread/522017 So we're stuck with having to manually mount the corresponding ISO image from "/opt/vmware/lib/vmware/isoimages/" and install the guest tools from there.
Created attachment 532788 [details] grep -i Tools vmware.log > 0_grep_-i_Tools_vmware.log__.txt
(In reply to Ștefan Talpalaru from comment #27) Still same complaint contained: open of /opt/vmware/lib/vmware/isoimages/isoimages_manifest.txt.sig failed: ................................................................^^^ Could not find the file # ll /opt/vmware/lib/vmware/isoimages/ -rw-r--r-- 1 root root 17M 23. Mai 17:40 freebsd.iso -rw-r--r-- 1 root root 256 23. Mai 17:40 freebsd.iso.sig -rw-r--r-- 1 root root 5,1K 23. Mai 17:40 isoimages_manifest.txt <----- -rw-r--r-- 1 root root 55M 23. Mai 17:40 linux.iso -rw-r--r-- 1 root root 256 23. Mai 17:40 linux.iso.sig -rw-r--r-- 1 root root 451 23. Mai 17:40 tools-key.pub -rw-r--r-- 1 root root 99M 23. Mai 17:40 windows.iso -rw-r--r-- 1 root root 256 23. Mai 17:40 windows.iso.sig
This file contains lines attributing which iso to take for which Guest Operating System Version, e.g. . . . windows7-64 = "windows.iso" Thus it really sounds reasonable to expect it being secured by a signature - which is missing indeed.
Workstation misses dependency: ... Fail to realpath: /usr/lib64/alsa-lib/libasound_module_rate_speexrate.so ... Denied library: /usr/lib64/alsa-lib/libasound_module_rate_speexrate.so Please add . . . media-plugins/alsa-plugins with USE flag . . . speex being required. Thanks!
Dependency added. "isoimages_manifest.txt.sig" is not in the archive at all and I don't think it's generated on the fly. I wonder if it's present in a Windows installation.
Created attachment 532810 [details] vmware-ui :: extract concerning Tools upgrade
(In addition to Manfred Knick from comment #33) A clue, finally: E110: CDS error: Cannot proceed with install. Your copy of the VMware Installer is too old. Please install a new build. Notabene: Above: - the correct version is identified - the correct Download address as well - even "Checksum verification succeeded" Below: - (misleading?) error message: --- > "CDS_BULLETIN_NOT_DOWNLOADING_ERROR" # cd /opt/vmware/lib/vmware-installer/2.1.0 -rw-r--r-- 1 root root 796K 23. Mai 17:40 vmis-launcher -rw-r--r-- 1 root root 1,9K 23. Mai 17:40 vmware-installer -rw-r--r-- 1 root root 29K 23. Mai 17:40 vmware-installer.py Notabenee: - not contained in any PATH - not set as executable - direct call fails, as to be expected: # bash ./vmware-installer -t ./vmware-installer: Zeile 51: @@VMWARE_INSTALLER@@/python/init.sh: Datei oder Verzeichnis nicht gefunden # cat /etc/vmware-installer/bootstrap VMWARE_INSTALLER="@@VMWARE_INSTALLER@@" VERSION="@@VERSION@@" # For backwards compatibility VMISVERSION="@@VERSION@@" VMISBUILDNUM="7305623" VMISPYVERSION="27" /etc/vmware-installer/database ("SQLite format 3") contains the following correct version strings vmware-tools-windows10.2.5 vmware-tools-linux10.2.5 vmware-tools-freebsd10.2.5 correlating to my install USE flags as well as to /opt/vmware/lib/vmware/isoimages.
As to be expected, the error message stems from /opt/vmware/lib/vmware/lib/libcds.so/libcds.so (closed-src). Unfortunately, I was non able to identify the expected version. - Is "2.1.0" just not being found? - Is "2.1.0" really "too old"?
(In reply to Manfred Knick from comment #34) > # bash ./vmware-installer -t > ./vmware-installer: Zeile 51: @@VMWARE_INSTALLER@@/python/init.sh: > Datei oder Verzeichnis nicht gefunden Extracting the Bundle contains drwxr-xr-x 2 root root 4,0K 12. Nov 2017 artwork drwxr-xr-x 2 root root 4,0K 12. Nov 2017 bin -rw-r--r-- 1 root root 162 12. Nov 2017 bootstrap drwxr-xr-x 4 root root 4,0K 12. Nov 2017 lib -rw-r--r-- 1 root root 86K 12. Nov 2017 manifest.xml drwxr-xr-x 4 root root 4,0K 12. Nov 2017 python <----- drwxr-xr-x 2 root root 4,0K 12. Nov 2017 sopython drwxr-xr-x 5 root root 4,0K 12. Nov 2017 vmis -rw-r--r-- 1 root root 796K 12. Nov 2017 vmis-launcher -rw-r--r-- 1 root root 1,9K 12. Nov 2017 vmware-installer -rw-r--r-- 1 root root 29K 12. Nov 2017 vmware-installer.py -rw-r--r-- 1 root root 400 12. Nov 2017 vmware-uninstall -rw-r--r-- 1 root root 1,4K 12. Nov 2017 vmware-uninstall-downgrade with $ ll python -rw-r--r-- 1 root root 414 12. Nov 2017 init.sh <----- drwxr-xr-x 23 root root 12K 12. Nov 2017 lib -rw-r--r-- 1 root root 2,0M 12. Nov 2017 libpython.so drwxr-xr-x 5 root root 4,0K 12. Nov 2017 pygtk -rw-r--r-- 1 root root 6,1K 12. Nov 2017 python which are completely missing beneath /opt/vmware.
CONFIRMATION: . . . sys-kernel/gentoo-sources-4.17.2:4.17.2 WORKSFORME with - x11-drivers/nvidia-drivers-396.24-r1:0/396 - app-emulation/vmware-modules-329.1.2:0 - app-emulation/vmware-workstation-14.1.2.8497320-r1:0 WARNING: In contrast, for vanilla-kernel-sources 4.18-rc1: c.f. [ http://rglinuxtech.com/ ]
[Security-announce] New VMSA-2018-0017 - VMware Tools update addresses an out-of-bounds read vulnerability - ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2018-0017 Severity: Important Synopsis: VMware Tools update addresses an out-of-bounds read vulnerability Issue date: 2018-07-12 Updated on: 2018-07-12 (Initial Advisory) CVE number: CVE-2018-6969 1. Summary VMware Tools update addresses an out-of-bounds read vulnerability 2. Relevant Releases VMware Tools 3. Problem Description VMware Tools HGFS out-of-bounds read vulnerability VMware Tools contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on guest VMs. Note: In order to be able to exploit this issue, file sharing must be enabled. VMware would like to thank Anurudh for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6969 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround =========== ============ ======= ======== ============= ========== VMware Tools 10.x & prior Windows Important 10.3.0* None * VMware Tools must be updated to 10.3.0 for each Windows VM to resolve CVE-2018-6969. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware Tools 10.3.0 Downloads and Documentation: https://my.vmware.com/web/vmware/details?downloadGroup= VMTOOLS1030&productId=491 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6969 - -----------------------------------------------------------------------
https://docs.vmware.com/en/VMware-Tools/ VMware Tools 10.3.0 Release Notes https://docs.vmware.com/en/VMware-Tools/10.3/rn/vmware-tools-1030-release-notes.html ! Users are strongly encouraged to upgrade - ! please c.f. Comment 6 ff. Comment 15 Comment 26 DOWNLOAD: https://my.vmware.com/group/vmware/details?downloadGroup=VMTOOLS1030&productId=614
@ Ștefan Talpalaru : VMware Tools 10.3.0 Release Notes [1] ... Compatibility Notes Starting with VMware Tools version 10.2.0, Perl script-based VMware Tools installation for FreeBSD has been discontinued. FreeBSD systems are supported only through the open-vm-tools packages directly available from FreeBSD package repositories. FreeBSD packages for open-vm-tools 10.1.0 and later are available from FreeBSD package repositories. [1] https://docs.vmware.com/en/VMware-Tools/10.3/rn/vmware-tools-1030-release-notes.html ==> app-emulation/vmware-workstation ==> USE flag "vmware-tools-freebsd" seems obsolete from now onwards Thanks!
We use the guest tools bundled with the workstation, so we have to wait for a new workstation version.
(In reply to Ștefan Talpalaru from comment #41) > We use the guest tools bundled with the workstation, so we have to wait for > a new workstation version. Correct. That exactly was the reason why [VMware Overlay] had decided for a separate (mandatory) package, to enable Tools upgrade during Workstation lifetime. But as long as we depend upon the WORKAROUND for updates, the effect makes no difference, unfortunately. Kind regards! Manfred
CONFIRMATION: Sorry - forgot to mention: Tested with - 7 - 8.1 (July 17: EOL for <= Skylake) - 10 (1809 : Redstone 4) etc. # uname -a Linux XXXX 4.17.6-gentoo #1 SMP Sat Jul 14 16:56:51 CEST 2018 x86_64 Intel(R) Xeon(R) CPU E3-1276 v3 @ 3.60GHz GenuineIntel GNU/Linux # equery list sys-apps/iucode_tool:0 [IP-] [ ] sys-apps/iucode_tool-2.3.1:0 # equery list nvidia* [IP-] [ ] sys-firmware/nvidia-firmware-340.32:0 [IP-] [ ] x11-drivers/nvidia-drivers-396.24-r1:0/396
HINT: Upgrading from ---- 16299 – 1709 Redstone 3 including Tools 10.3.0 to ---- 17134 – 1803 Redstone 4 , Windows 10 failed to recognize VMware Display Driver. Trying to repair manually failed too. WORKAROUND: - De-install VMware Tools completely - Re-install VMware Tools manually as described above - Re-boot and enjoy
(ADDENDUM to Manfred Knick from comment #44) Same applies & works if you e.g. upgrade 8.1 ("keep") (EOL on < = Skylake HW tomorrow ) to 10.
Follow-up: Bug 663670 - [vmware overlay] app-emulation/vmware-workstation-14.1.3 version bump ["stable" only, excluding "~amd64"]
