From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1793450-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 91796158176
	for <garchives@archives.gentoo.org>; Sun, 19 Oct 2025 13:20:21 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 803BA3415F1
	for <garchives@archives.gentoo.org>; Sun, 19 Oct 2025 13:20:21 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
	by bobolink.gentoo.org (Postfix) with ESMTP id C048411057B;
	Sun, 19 Oct 2025 13:20:03 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	by bobolink.gentoo.org (Postfix) with ESMTPS id AEF09110579
	for <gentoo-commits@lists.gentoo.org>; Sun, 19 Oct 2025 13:20:03 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 67A4D341EFA
	for <gentoo-commits@lists.gentoo.org>; Sun, 19 Oct 2025 13:20:03 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id B36613B1F
	for <gentoo-commits@lists.gentoo.org>; Sun, 19 Oct 2025 13:20:00 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1760879870.52fa121f6097aa6550110d2a91745a78c7543c28.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/open-vm-tools/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-emulation/open-vm-tools/Manifest app-emulation/open-vm-tools/open-vm-tools-13.0.5.ebuild
X-VCS-Directories: app-emulation/open-vm-tools/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 52fa121f6097aa6550110d2a91745a78c7543c28
X-VCS-Branch: master
Date: Sun, 19 Oct 2025 13:20:00 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 9d11c0ce-4838-4015-bae7-3f6197ecd393
X-Archives-Hash: 31f845eb1b93345d2f54425ae297a430

commit:     52fa121f6097aa6550110d2a91745a78c7543c28
Author:     Cristian Othón Martínez Vera <cfuga <AT> cfuga <DOT> mx>
AuthorDate: Fri Jul 25 18:57:55 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 19 13:17:50 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52fa121f

app-emulation/open-vm-tools: add 13.0.5, fix CVE-2025-41244

The affected code isn't compiled in Gentoo, because it's disabled by default.
It requires adding `--enable-servicediscovery` to `configure` in order to
activate it, and there's currently no USE flag to control it.

Bug: https://bugs.gentoo.org/963579
Signed-off-by: Cristian Othón Martínez Vera <cfuga <AT> cfuga.mx>
Part-of: https://github.com/gentoo/gentoo/pull/43158
Closes: https://github.com/gentoo/gentoo/pull/43158
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-emulation/open-vm-tools/Manifest               |   1 +
 .../open-vm-tools/open-vm-tools-13.0.5.ebuild      | 154 +++++++++++++++++++++
 2 files changed, 155 insertions(+)

diff --git a/app-emulation/open-vm-tools/Manifest b/app-emulation/open-vm-tools/Manifest
index 0077de34df7d..2f95347c0f19 100644
--- a/app-emulation/open-vm-tools/Manifest
+++ b/app-emulation/open-vm-tools/Manifest
@@ -1,2 +1,3 @@
 DIST open-vm-tools-12.4.5-23787635.tar.gz 4356612 BLAKE2B 59fab76bc740d6c8e8b76f8c2379f751a62a4d4c01add9520acafbd5601d9490c7fb7d5a3631d1198c811be33b1bd7c7b381de2f9a8f703ceec21aab6331797a SHA512 dd90622a0f1c773ed217040788a1bdbfba1e60256d4e5159a2557155f6ac642ab71488044860e417cdd853aad77a6495b98e8fd02f9755be90cc1dc71c840a3c
 DIST open-vm-tools-12.5.0-24276846.tar.gz 4361651 BLAKE2B 2f0bc58e51afbb438efd83b048a81d8f0dc23d50268f3b031789a61e57c45e4502dff81e7b339733e3c34eb9f3c46b4483d92cdc9956906933735b1b51128acf SHA512 068f84192b7056144257a8180884a077fe03e34c441f4eb7729112d3dbd75f70e019d3cdbfe7c25243154d7597f152272efde9417d873a585ec1bfc68f34e234
+DIST open-vm-tools-13.0.5-24915695.tar.gz 4342572 BLAKE2B bd612d2ec36a275b04ef7e73a9c2444f97672fad7e655f9866f4231377f2bb45e7bd6a1278290c9ea17e8cdab4b47f0cb2517b7b11f2b6fe06d802610a281dff SHA512 e8a0c823e8430e3df0873f8031704536e73bec21d4cd37c37a37053fe2a5116ae1d2fdfa05eae95910c22238c967acc96f6603e1dd8289f2ca926507040c757a

diff --git a/app-emulation/open-vm-tools/open-vm-tools-13.0.5.ebuild b/app-emulation/open-vm-tools/open-vm-tools-13.0.5.ebuild
new file mode 100644
index 000000000000..7563f6fa2afb
--- /dev/null
+++ b/app-emulation/open-vm-tools/open-vm-tools-13.0.5.ebuild
@@ -0,0 +1,154 @@
+# Copyright 2007-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools linux-info pam systemd udev
+
+MY_P="${P}-24915695"
+
+DESCRIPTION="Tools for VMware guests"
+HOMEPAGE="https://github.com/vmware/open-vm-tools"
+SRC_URI="https://github.com/vmware/open-vm-tools/releases/download/stable-${PV}/${MY_P}.tar.gz"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="X +deploypkg +dnet doc +fuse gtkmm +icu multimon pam +resolutionkms +ssl +vgauth"
+REQUIRED_USE="
+	multimon? ( X )
+	vgauth? ( ssl )"
+
+RDEPEND="
+	dev-libs/glib
+	net-libs/libtirpc
+	deploypkg? ( dev-libs/libmspack )
+	fuse? ( sys-fs/fuse:3= )
+	pam? ( sys-libs/pam )
+	!pam? ( virtual/libcrypt:= )
+	ssl? ( dev-libs/openssl:= )
+	vgauth? (
+		dev-libs/libxml2:=
+		dev-libs/xmlsec:=
+	)
+	X? (
+		x11-libs/gtk+:3[X]
+		x11-libs/libSM
+		x11-libs/libXcomposite
+		x11-libs/libXext
+		x11-libs/libXi
+		x11-libs/libXrandr
+		x11-libs/libXrender
+		x11-libs/libXtst
+		gtkmm? (
+			dev-cpp/gtkmm:3.0
+			dev-libs/libsigc++:2
+		)
+		multimon? ( x11-libs/libXinerama )
+	)
+	dnet? ( dev-libs/libdnet )
+	icu? ( dev-libs/icu:= )
+	resolutionkms? (
+		x11-libs/libdrm[video_cards_vmware]
+		virtual/libudev
+	)"
+DEPEND="${RDEPEND}
+	net-libs/rpcsvc-proto"
+BDEPEND="
+	dev-util/glib-utils
+	virtual/pkgconfig
+	doc? ( app-text/doxygen )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-12.4.5-Werror.patch
+	"${FILESDIR}"/${PN}-12.4.5-icu.patch
+)
+
+pkg_setup() {
+	local CONFIG_CHECK="~VMWARE_BALLOON ~VMWARE_PVSCSI ~VMXNET3 ~VMWARE_VMCI ~VMWARE_VMCI_VSOCKETS ~FUSE_FS"
+	use X && CONFIG_CHECK+=" ~DRM_VMWGFX"
+	kernel_is -lt 5 5 || CONFIG_CHECK+=" ~X86_IOPL_IOPERM"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--disable-glibc-check
+		--disable-tests
+		--without-root-privileges
+		$(use_enable multimon)
+		$(use_with X x)
+		$(use_with X gtk3)
+		$(use_with gtkmm gtkmm3)
+		$(use_enable doc docs)
+		$(use_enable resolutionkms)
+		$(use_enable deploypkg)
+		$(use_with pam)
+		$(use_enable vgauth)
+		$(use_with dnet)
+		$(use_with icu)
+		--with-udev-rules-dir="$(get_udevdir)"/rules.d
+		$(use_with fuse fuse 3)
+		# Disable it explicitly, we do not yet list the
+		# containerinfo dependencies in the ebuild
+		--disable-containerinfo
+		# Disable it explicitly, gtk2 is obsolete
+		--without-gtk2
+		# Possibly add a separate USE flag for the utility, or
+		# merge it into resolutionkms
+		--disable-vmwgfxctrl
+	)
+	# Avoid a bug in configure.ac
+	use ssl || myeconfargs+=( --without-ssl )
+
+	# Avoid relying on dnet-config script, which breaks cross-compiling. This
+	# library has no pkg-config file.
+	export CUSTOM_DNET_LIBS="-ldnet"
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	find "${ED}" -name '*.la' -delete || die
+
+	if use pam; then
+		rm "${ED}"/etc/pam.d/vmtoolsd || die
+		pamd_mimic_system vmtoolsd auth account
+	fi
+
+	newinitd "${FILESDIR}/open-vm-tools.initd" vmware-tools
+	newconfd "${FILESDIR}/open-vm-tools.confd" vmware-tools
+
+	if use vgauth; then
+		systemd_newunit "${FILESDIR}"/vmtoolsd.vgauth.service vmtoolsd.service
+		systemd_dounit "${FILESDIR}"/vgauthd.service
+	else
+		systemd_dounit "${FILESDIR}"/vmtoolsd.service
+	fi
+
+	# vmhgfs-fuse is built only when fuse is enabled
+	if use fuse; then
+		# Make fstype = vmhgfs-fuse work in fstab
+		dosym vmhgfs-fuse /usr/bin/mount.vmhgfs-fuse
+	fi
+
+	if use X; then
+		fperms 4711 /usr/bin/vmware-user-suid-wrapper
+		dobin scripts/common/vmware-xdg-detect-de
+	fi
+}
+
+pkg_postinst() {
+	udev_reload
+}
+
+pkg_postrm() {
+	udev_reload
+}