open-vm-tools: fix CVE-2023-34058

A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-34058 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2023-11-14 05:49:15 +0000
committer: Armin Kuster <akuster808@gmail.com> 2023-11-16 21:49:15 -0500
commit: 76ed1e8bc43bf26c9b33d96696d5acb46743c001 (patch)
tree: 1652c6f8448092dfb3d61e299e9d9366a447bfe3
parent: 511f43fd17544d8e687bf793cd829af705f755d9 (diff)
download: meta-openembedded-76ed1e8bc43bf26c9b33d96696d5acb46743c001.tar.gz
2 files changed, 242 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch
new file mode 100644
index 000000000..cb031767a
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch
@@ -0,0 +1,241 @@
+From 6822b5a84f8cfa60d46479d6b8f1c63eb85eac87 Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Wed, 18 Oct 2023 09:04:07 -0700
+Subject: [PATCH] Address CVE-2023-34058
+VGAuth: don't accept tokens with unrelated certs.
+CVE: CVE-2023-34058
+Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/e5be40b9cc025d03ccd5689ef9192d29abd68bfe]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ open-vm-tools/vgauth/common/certverify.c      | 145 +++++++++++++++++
+ open-vm-tools/vgauth/common/certverify.h      |   4 +
+ open-vm-tools/vgauth/common/prefs.h           |   2 +
+ .../vgauth/serviceImpl/saml-xmlsec1.c         |  14 ++
+ 4 files changed, 165 insertions(+), 0 deletions(-)
+diff --git a/open-vm-tools/vgauth/common/certverify.c b/open-vm-tools/vgauth/common/certverify.c
+index 0ed78edb..845f59b9 100644
+--- a/open-vm-tools/vgauth/common/certverify.c
+++ b/open-vm-tools/vgauth/common/certverify.c
+@@ -914,3 +914,148 @@ done:
+    return err;
+ }
+
+
+/*
+ * Finds a cert with a subject (if checkSubj is set) or issuer (if
+ * checkSUbj is unset), matching 'val' in the list
+ * of certs.  Returns a match or NULL.
+ */
+
+static X509 *
+FindCert(GList *cList,
+         X509_NAME *val,
+         int checkSubj)
+{
+   GList *l;
+   X509 *c;
+   X509_NAME *v;
+
+   l = cList;
+   while (l != NULL) {
+      c = (X509 *) l->data;
+      if (checkSubj) {
+         v = X509_get_subject_name(c);
+      } else {
+         v = X509_get_issuer_name(c);
+      }
+      if (X509_NAME_cmp(val, v) == 0) {
+         return c;
+      }
+      l = l->next;
+   }
+   return NULL;
+}
+
+
+/*
+ ******************************************************************************
+ * CertVerify_CheckForUnrelatedCerts --                                  */ /**
+ *
+ * Looks over a list of certs.  If it finds that they are not all
+ * part of the same chain, returns failure.
+ *
+ * @param[in]     numCerts      The number of certs in the chain.
+ * @param[in]     pemCerts      The chain of certificates to verify.
+ *
+ * @return VGAUTH_E_OK on success, VGAUTH_E_FAIL if unrelated certs are found.
+ *
+ ******************************************************************************
+ */
+
+VGAuthError
+CertVerify_CheckForUnrelatedCerts(int numCerts,
+                                  const char **pemCerts)
+{
+   VGAuthError err = VGAUTH_E_FAIL;
+   int chainLen = 0;
+   int i;
+   X509 **certs = NULL;
+   GList *rawList = NULL;
+   X509 *baseCert;
+   X509 *curCert;
+   X509_NAME *subject;
+   X509_NAME *issuer;
+
+   /* common single cert case; nothing to do */
+   if (numCerts == 1) {
+      return VGAUTH_E_OK;
+   }
+
+   /* convert all PEM to X509 objects */
+   certs = g_malloc0(numCerts * sizeof(X509 *));
+   for (i = 0; i < numCerts; i++) {
+      certs[i] = CertStringToX509(pemCerts[i]);
+      if (NULL == certs[i]) {
+         g_warning("%s: failed to convert cert to X509\n", __FUNCTION__);
+         goto done;
+      }
+   }
+
+   /* choose the cert to start the chain.  shouldn't matter which */
+   baseCert = certs[0];
+
+   /* put the rest into a list */
+   for (i = 1; i < numCerts; i++) {
+      rawList = g_list_append(rawList, certs[i]);
+   }
+
+   /* now chase down to a leaf, looking for certs the baseCert issued */
+   subject = X509_get_subject_name(baseCert);
+   while ((curCert = FindCert(rawList, subject, 0)) != NULL) {
+      /* pull it from the list */
+      rawList = g_list_remove(rawList, curCert);
+      /* set up the next find */
+      subject = X509_get_subject_name(curCert);
+   }
+
+   /*
+    * walk up to the root cert, by finding a cert where the
+    * issuer equals the subject of the current
+    */
+   issuer = X509_get_issuer_name(baseCert);
+   while ((curCert = FindCert(rawList, issuer, 1)) != NULL) {
+      /* pull it from the list */
+      rawList = g_list_remove(rawList, curCert);
+      /* set up the next find */
+      issuer = X509_get_issuer_name(curCert);
+   }
+
+   /*
+    * At this point, anything on the list should be certs that are not part
+    * of the chain that includes the original 'baseCert'.
+    *
+    * For a valid token, the list should be empty.
+    */
+   chainLen = g_list_length(rawList);
+   if (chainLen != 0 ) {
+      GList *l;
+
+      g_warning("%s: %d unrelated certs found in list\n",
+                __FUNCTION__, chainLen);
+
+      /* debug helper */
+      l = rawList;
+      while (l != NULL) {
+         X509* c = (X509 *) l->data;
+         char *s = X509_NAME_oneline(X509_get_subject_name(c), NULL, 0);
+
+         g_debug("%s: unrelated cert subject: %s\n", __FUNCTION__, s);
+         free(s);
+         l = l->next;
+      }
+
+      goto done;
+   }
+
+   g_debug("%s: Success!  no unrelated certs found\n", __FUNCTION__);
+   err = VGAUTH_E_OK;
+
+done:
+   g_list_free(rawList);
+   for (i = 0; i < numCerts; i++) {
+      X509_free(certs[i]);
+   }
+   g_free(certs);
+   return err;
+}
+diff --git a/open-vm-tools/vgauth/common/certverify.h b/open-vm-tools/vgauth/common/certverify.h
+index d7c6410b..89ec97a1 100644
+--- a/open-vm-tools/vgauth/common/certverify.h
+++ b/open-vm-tools/vgauth/common/certverify.h
+@@ -67,6 +67,10 @@ VGAuthError CertVerify_CheckSignatureUsingCert(VGAuthHashAlg hash,
+                                                size_t signatureLen,
+                                                const unsigned char *signature);
+
+VGAuthError CertVerify_CheckForUnrelatedCerts(int numCerts,
+                                              const char **pemCerts);
+
+ gchar * CertVerify_StripPEMCert(const gchar *pemCert);
+ gchar * CertVerify_CertToX509String(const gchar *pemCert);
+diff --git a/open-vm-tools/vgauth/common/prefs.h b/open-vm-tools/vgauth/common/prefs.h
+index ff116928..6c58f3f4 100644
+--- a/open-vm-tools/vgauth/common/prefs.h
+++ b/open-vm-tools/vgauth/common/prefs.h
+@@ -136,6 +136,8 @@ msgCatalog = /etc/vmware-tools/vgauth/messages
+ #define VGAUTH_PREF_ALIASSTORE_DIR         "aliasStoreDir"
+ /** The number of seconds slack allowed in either direction in SAML token date checks. */
+ #define VGAUTH_PREF_CLOCK_SKEW_SECS        "clockSkewAdjustment"
+/** If unrelated certificates are allowed in a SAML token */
+#define VGAUTH_PREF_ALLOW_UNRELATED_CERTS  "allowUnrelatedCerts"
+ /** Ticket group name. */
+ #define VGAUTH_PREF_GROUP_NAME_TICKET      "ticket"
+diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+index 14cba1b5..57e93162 100644
+--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+@@ -49,6 +49,7 @@
+ #include "vmxlog.h"
+ static int gClockSkewAdjustment = VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS;
+static gboolean gAllowUnrelatedCerts = FALSE;
+ static xmlSchemaPtr gParsedSchemas = NULL;
+ static xmlSchemaValidCtxtPtr gSchemaValidateCtx = NULL;
+@@ -369,6 +370,10 @@ LoadPrefs(void)
+                                       VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS);
+     Log("%s: Allowing %d of clock skew for SAML date validation\n",
+         __FUNCTION__, gClockSkewAdjustment);
+    gAllowUnrelatedCerts = Pref_GetBool(gPrefs,
+                                        VGAUTH_PREF_ALLOW_UNRELATED_CERTS,
+                                        VGAUTH_PREF_GROUP_NAME_SERVICE,
+                                        FALSE);
+ }
+@@ -1697,6 +1702,15 @@ SAML_VerifyBearerTokenAndChain(const char *xmlText,
+       return VGAUTH_E_AUTHENTICATION_DENIED;
+    }
+   if (!gAllowUnrelatedCerts) {
+      err = CertVerify_CheckForUnrelatedCerts(num, (const char **) certChain);
+      if (err != VGAUTH_E_OK) {
+         VMXLog_Log(VMXLOG_LEVEL_WARNING,
+                    "Unrelated certs found in SAML token, failing\n");
+         return VGAUTH_E_AUTHENTICATION_DENIED;
+      }
+   }
+
+    subj.type = SUBJECT_TYPE_NAMED;
+    subj.name = *subjNameOut;
+    err = ServiceVerifyAndCheckTrustCertChainForSubject(num,
+--
+2.40.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb
index e12e4be7f..a8e7275c1 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb
@@ -44,6 +44,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=stabl
           file://0013-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \
           file://0001-timeSync-Portable-way-to-print-64bit-time_t.patch;patchdir=.. \
           file://CVE-2023-20867.patch;patchdir=.. \
+           file://CVE-2023-34058.patch;patchdir=.. \
           "
 UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)"
author	Archana Polampalli <archana.polampalli@windriver.com>	2023-11-14 05:49:15 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-11-16 21:49:15 -0500
commit	76ed1e8bc43bf26c9b33d96696d5acb46743c001 (patch)
tree	1652c6f8448092dfb3d61e299e9d9366a447bfe3
parent	511f43fd17544d8e687bf793cd829af705f755d9 (diff)
download	meta-openembedded-76ed1e8bc43bf26c9b33d96696d5acb46743c001.tar.gz

diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch new file mode 100644 index 000000000..cb031767a --- /dev/null +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch
@@ -0,0 +1,241 @@
		1	From 6822b5a84f8cfa60d46479d6b8f1c63eb85eac87 Mon Sep 17 00:00:00 2001
		2	From: John Wolfe <jwolfe@vmware.com>
		3	Date: Wed, 18 Oct 2023 09:04:07 -0700
		4	Subject: [PATCH] Address CVE-2023-34058
		5
		6	VGAuth: don't accept tokens with unrelated certs.
		7
		8	CVE: CVE-2023-34058
		9
		10	Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/e5be40b9cc025d03ccd5689ef9192d29abd68bfe]
		11
		12	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		13	---
		14	open-vm-tools/vgauth/common/certverify.c \| 145 +++++++++++++++++
		15	open-vm-tools/vgauth/common/certverify.h \| 4 +
		16	open-vm-tools/vgauth/common/prefs.h \| 2 +
		17	.../vgauth/serviceImpl/saml-xmlsec1.c \| 14 ++
		18	4 files changed, 165 insertions(+), 0 deletions(-)
		19
		20	diff --git a/open-vm-tools/vgauth/common/certverify.c b/open-vm-tools/vgauth/common/certverify.c
		21	index 0ed78edb..845f59b9 100644
		22	--- a/open-vm-tools/vgauth/common/certverify.c
		23	+++ b/open-vm-tools/vgauth/common/certverify.c
		24	@@ -914,3 +914,148 @@ done:
		25
		26	return err;
		27	}
		28	+
		29	+
		30	+/*
		31	+ * Finds a cert with a subject (if checkSubj is set) or issuer (if
		32	+ * checkSUbj is unset), matching 'val' in the list
		33	+ * of certs. Returns a match or NULL.
		34	+ */
		35	+
		36	+static X509 *
		37	+FindCert(GList *cList,
		38	+ X509_NAME *val,
		39	+ int checkSubj)
		40	+{
		41	+ GList *l;
		42	+ X509 *c;
		43	+ X509_NAME *v;
		44	+
		45	+ l = cList;
		46	+ while (l != NULL) {
		47	+ c = (X509 *) l->data;
		48	+ if (checkSubj) {
		49	+ v = X509_get_subject_name(c);
		50	+ } else {
		51	+ v = X509_get_issuer_name(c);
		52	+ }
		53	+ if (X509_NAME_cmp(val, v) == 0) {
		54	+ return c;
		55	+ }
		56	+ l = l->next;
		57	+ }
		58	+ return NULL;
		59	+}
		60	+
		61	+
		62	+/*
		63	+ ******************************************************************************
		64	+ * CertVerify_CheckForUnrelatedCerts -- / /*
		65	+ *
		66	+ * Looks over a list of certs. If it finds that they are not all
		67	+ * part of the same chain, returns failure.
		68	+ *
		69	+ * @param[in] numCerts The number of certs in the chain.
		70	+ * @param[in] pemCerts The chain of certificates to verify.
		71	+ *
		72	+ * @return VGAUTH_E_OK on success, VGAUTH_E_FAIL if unrelated certs are found.
		73	+ *
		74	+ ******************************************************************************
		75	+ */
		76	+
		77	+VGAuthError
		78	+CertVerify_CheckForUnrelatedCerts(int numCerts,
		79	+ const char **pemCerts)
		80	+{
		81	+ VGAuthError err = VGAUTH_E_FAIL;
		82	+ int chainLen = 0;
		83	+ int i;
		84	+ X509 **certs = NULL;
		85	+ GList *rawList = NULL;
		86	+ X509 *baseCert;
		87	+ X509 *curCert;
		88	+ X509_NAME *subject;
		89	+ X509_NAME *issuer;
		90	+
		91	+ /* common single cert case; nothing to do */
		92	+ if (numCerts == 1) {
		93	+ return VGAUTH_E_OK;
		94	+ }
		95	+
		96	+ /* convert all PEM to X509 objects */
		97	+ certs = g_malloc0(numCerts * sizeof(X509 *));
		98	+ for (i = 0; i < numCerts; i++) {
		99	+ certs[i] = CertStringToX509(pemCerts[i]);
		100	+ if (NULL == certs[i]) {
		101	+ g_warning("%s: failed to convert cert to X509\n", __FUNCTION__);
		102	+ goto done;
		103	+ }
		104	+ }
		105	+
		106	+ /* choose the cert to start the chain. shouldn't matter which */
		107	+ baseCert = certs[0];
		108	+
		109	+ /* put the rest into a list */
		110	+ for (i = 1; i < numCerts; i++) {
		111	+ rawList = g_list_append(rawList, certs[i]);
		112	+ }
		113	+
		114	+ /* now chase down to a leaf, looking for certs the baseCert issued */
		115	+ subject = X509_get_subject_name(baseCert);
		116	+ while ((curCert = FindCert(rawList, subject, 0)) != NULL) {
		117	+ /* pull it from the list */
		118	+ rawList = g_list_remove(rawList, curCert);
		119	+ /* set up the next find */
		120	+ subject = X509_get_subject_name(curCert);
		121	+ }
		122	+
		123	+ /*
		124	+ * walk up to the root cert, by finding a cert where the
		125	+ * issuer equals the subject of the current
		126	+ */
		127	+ issuer = X509_get_issuer_name(baseCert);
		128	+ while ((curCert = FindCert(rawList, issuer, 1)) != NULL) {
		129	+ /* pull it from the list */
		130	+ rawList = g_list_remove(rawList, curCert);
		131	+ /* set up the next find */
		132	+ issuer = X509_get_issuer_name(curCert);
		133	+ }
		134	+
		135	+ /*
		136	+ * At this point, anything on the list should be certs that are not part
		137	+ * of the chain that includes the original 'baseCert'.
		138	+ *
		139	+ * For a valid token, the list should be empty.
		140	+ */
		141	+ chainLen = g_list_length(rawList);
		142	+ if (chainLen != 0 ) {
		143	+ GList *l;
		144	+
		145	+ g_warning("%s: %d unrelated certs found in list\n",
		146	+ __FUNCTION__, chainLen);
		147	+
		148	+ /* debug helper */
		149	+ l = rawList;
		150	+ while (l != NULL) {
		151	+ X509* c = (X509 *) l->data;
		152	+ char *s = X509_NAME_oneline(X509_get_subject_name(c), NULL, 0);
		153	+
		154	+ g_debug("%s: unrelated cert subject: %s\n", __FUNCTION__, s);
		155	+ free(s);
		156	+ l = l->next;
		157	+ }
		158	+
		159	+ goto done;
		160	+ }
		161	+
		162	+ g_debug("%s: Success! no unrelated certs found\n", __FUNCTION__);
		163	+ err = VGAUTH_E_OK;
		164	+
		165	+done:
		166	+ g_list_free(rawList);
		167	+ for (i = 0; i < numCerts; i++) {
		168	+ X509_free(certs[i]);
		169	+ }
		170	+ g_free(certs);
		171	+ return err;
		172	+}
		173	diff --git a/open-vm-tools/vgauth/common/certverify.h b/open-vm-tools/vgauth/common/certverify.h
		174	index d7c6410b..89ec97a1 100644
		175	--- a/open-vm-tools/vgauth/common/certverify.h
		176	+++ b/open-vm-tools/vgauth/common/certverify.h
		177	@@ -67,6 +67,10 @@ VGAuthError CertVerify_CheckSignatureUsingCert(VGAuthHashAlg hash,
		178	size_t signatureLen,
		179	const unsigned char *signature);
		180
		181	+
		182	+VGAuthError CertVerify_CheckForUnrelatedCerts(int numCerts,
		183	+ const char **pemCerts);
		184	+
		185	gchar * CertVerify_StripPEMCert(const gchar *pemCert);
		186
		187	gchar * CertVerify_CertToX509String(const gchar *pemCert);
		188	diff --git a/open-vm-tools/vgauth/common/prefs.h b/open-vm-tools/vgauth/common/prefs.h
		189	index ff116928..6c58f3f4 100644
		190	--- a/open-vm-tools/vgauth/common/prefs.h
		191	+++ b/open-vm-tools/vgauth/common/prefs.h
		192	@@ -136,6 +136,8 @@ msgCatalog = /etc/vmware-tools/vgauth/messages
		193	#define VGAUTH_PREF_ALIASSTORE_DIR "aliasStoreDir"
		194	/** The number of seconds slack allowed in either direction in SAML token date checks. */
		195	#define VGAUTH_PREF_CLOCK_SKEW_SECS "clockSkewAdjustment"
		196	+/** If unrelated certificates are allowed in a SAML token */
		197	+#define VGAUTH_PREF_ALLOW_UNRELATED_CERTS "allowUnrelatedCerts"
		198
		199	/** Ticket group name. */
		200	#define VGAUTH_PREF_GROUP_NAME_TICKET "ticket"
		201	diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
		202	index 14cba1b5..57e93162 100644
		203	--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
		204	+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
		205	@@ -49,6 +49,7 @@
		206	#include "vmxlog.h"
		207
		208	static int gClockSkewAdjustment = VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS;
		209	+static gboolean gAllowUnrelatedCerts = FALSE;
		210	static xmlSchemaPtr gParsedSchemas = NULL;
		211	static xmlSchemaValidCtxtPtr gSchemaValidateCtx = NULL;
		212
		213	@@ -369,6 +370,10 @@ LoadPrefs(void)
		214	VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS);
		215	Log("%s: Allowing %d of clock skew for SAML date validation\n",
		216	__FUNCTION__, gClockSkewAdjustment);
		217	+ gAllowUnrelatedCerts = Pref_GetBool(gPrefs,
		218	+ VGAUTH_PREF_ALLOW_UNRELATED_CERTS,
		219	+ VGAUTH_PREF_GROUP_NAME_SERVICE,
		220	+ FALSE);
		221	}
		222
		223
		224	@@ -1697,6 +1702,15 @@ SAML_VerifyBearerTokenAndChain(const char *xmlText,
		225	return VGAUTH_E_AUTHENTICATION_DENIED;
		226	}
		227
		228	+ if (!gAllowUnrelatedCerts) {
		229	+ err = CertVerify_CheckForUnrelatedCerts(num, (const char **) certChain);
		230	+ if (err != VGAUTH_E_OK) {
		231	+ VMXLog_Log(VMXLOG_LEVEL_WARNING,
		232	+ "Unrelated certs found in SAML token, failing\n");
		233	+ return VGAUTH_E_AUTHENTICATION_DENIED;
		234	+ }
		235	+ }
		236	+
		237	subj.type = SUBJECT_TYPE_NAMED;
		238	subj.name = *subjNameOut;
		239	err = ServiceVerifyAndCheckTrustCertChainForSubject(num,
		240	--
		241	2.40.0


diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb index e12e4be7f..a8e7275c1 100644 --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb
@@ -44,6 +44,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=stabl
44	file://0013-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \	44	file://0013-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \
45	file://0001-timeSync-Portable-way-to-print-64bit-time_t.patch;patchdir=.. \	45	file://0001-timeSync-Portable-way-to-print-64bit-time_t.patch;patchdir=.. \
46	file://CVE-2023-20867.patch;patchdir=.. \	46	file://CVE-2023-20867.patch;patchdir=.. \
		47	file://CVE-2023-34058.patch;patchdir=.. \
47	"	48	"
48		49
49	UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)"	50	UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)"