- version update to 0.9.14
## Overall changes:
* Added more documentation (build system integration, repeater setup) and a legal FAQ.
* Added [contribution guidelines](CONTRIBUTING.md).
* Ported the TravisCI continous integration machinery to GitHub workflows.
## LibVNCServer/LibVNCClient:
* Added [qemu extended key event].
* Fixed several potential multiplication overflows.
## LibVNCClient:
* Fixes of several memory leaks and buffer overflows.
* Added UltraVNC's MSLogonII authentication scheme.
* Fixed TLS interoperability with GnuTLS servers.
* Fixed detection of newer UltraVNC and TightVNC servers.
* Added support for [SetDesktopSize].
* Added SSH tunneling example using libssh2.
* Added some extensions to VeNCrypt in order to be compatible with a wider range of servers.
## LibVNCServer:
* Fixes to the multi-threaded server implementation which should be a lot more sound now.
* Fixed TightVNC-filetransfer file upload for 64-bit systems.
* Fixes of crashes in the zlib compression.
* Added support for [UTF8 clipboard data].
* Fixed visual artifacts in framebuffer on ARM platforms.
* Fixed several WebSockets bugs.
* Fixed the UltraVNC-style repeater example.
* Added support for larger framebuffers (two 4k screens possible now).
* Added support for timeouts for outbound connections (to repeaters for instance).
* Fixed out-of-bounds memory access in Tight encoding.
- modified patches
% 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed)
% 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
OBS-URL: https://build.opensuse.org/request/show/1094908
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/LibVNCServer?expand=0&rev=47
## Overall changes:
* Added more documentation (build system integration, repeater setup) and a legal FAQ.
* Added [contribution guidelines](CONTRIBUTING.md).
* Ported the TravisCI continous integration machinery to GitHub workflows.
## LibVNCServer/LibVNCClient:
* Added [qemu extended key event].
* Fixed several potential multiplication overflows.
## LibVNCClient:
* Fixes of several memory leaks and buffer overflows.
* Added UltraVNC's MSLogonII authentication scheme.
* Fixed TLS interoperability with GnuTLS servers.
* Fixed detection of newer UltraVNC and TightVNC servers.
* Added support for [SetDesktopSize].
* Added SSH tunneling example using libssh2.
* Added some extensions to VeNCrypt in order to be compatible with a wider range of servers.
## LibVNCServer:
* Fixes to the multi-threaded server implementation which should be a lot more sound now.
* Fixed TightVNC-filetransfer file upload for 64-bit systems.
* Fixes of crashes in the zlib compression.
* Added support for [UTF8 clipboard data].
* Fixed visual artifacts in framebuffer on ARM platforms.
* Fixed several WebSockets bugs.
* Fixed the UltraVNC-style repeater example.
* Added support for larger framebuffers (two 4k screens possible now).
* Added support for timeouts for outbound connections (to repeaters for instance).
* Fixed out-of-bounds memory access in Tight encoding.
- modified patches
% 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed)
% 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/LibVNCServer?expand=0&rev=69
- purposedly adding just this changelog entry
- previous version updates fixed also:
* CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
* CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite
* CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes
* CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS
* CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak
* CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c
* CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c
* CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock()
* CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c
* CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
* CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service
* CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
* CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings.
* CVE-2020-14403 [bsc#1173701]
* CVE-2020-14404 [bsc#1173701]
OBS-URL: https://build.opensuse.org/request/show/919689
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/LibVNCServer?expand=0&rev=45
- previous version updates fixed also:
* CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
* CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite
* CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes
* CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS
* CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak
* CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c
* CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c
* CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock()
* CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c
* CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
* CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service
* CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
* CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings.
* CVE-2020-14403 [bsc#1173701]
* CVE-2020-14404 [bsc#1173701]
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/LibVNCServer?expand=0&rev=66
- Add many patches needed for GNOME Remote desktop (already in
Fedora):
* TLS security type enablement patches gh#LibVNC/libvncserver!234
- 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
- 0002-libvncserver-Add-channel-security-handlers.patch
- 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
* Fix crash on all runs after the first gh#LibVNC/libvncserver!444 rh#1882718
- 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
* Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718
- 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
OBS-URL: https://build.opensuse.org/request/show/862644
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/LibVNCServer?expand=0&rev=63
- version update to 0.9.13 [bsc#1173477]
## Overall changes:
* Small tweaks to the CMake build system.
* The macOS server example was overhauled and is now the most feature-complete sample
application of the project, ready for real-world use.
* Lots of documentation updates and markdownifying.
* The TravisCI continuous integration now also build-checks cross-compilation from
Linux to Windows.
* Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project.
## LibVNCServer/LibVNCClient:
* Both LibVNCServer and LibVNCClient now support an additional platform, namely
Microsoft Windows. Building is supported with Visual Studio as well as MingGW.
* The separate crypto routines used by LibVNCClient and LibVNCServer were refactored
into an implementation common to both libraries.
* Several security issues got fixed.
* The bundled noVNC client is now at version 1.1.0 and included via a git submodule.
## LibVNCClient:
* Added connect timeout as well as read timeout support thanks to Tobias Junghans.
* Both TLS backends now do proper locking of network operations when multi-threaded
thanks to Gaurav Ujjwal.
* Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC.
* Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end.
Made possible by the profound research done by Gaurav Ujjwal.
## LibVNCServer:
* Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver
rfbFramebufferUpdateRequest messages from clients to the frame producer
thanks to Jae Hyun Yoo.
* Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos.
* Added multi-threading support for MS Windows.
* Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
OBS-URL: https://build.opensuse.org/request/show/817795
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/LibVNCServer?expand=0&rev=43
## Overall changes:
* Small tweaks to the CMake build system.
* The macOS server example was overhauled and is now the most feature-complete sample
application of the project, ready for real-world use.
* Lots of documentation updates and markdownifying.
* The TravisCI continuous integration now also build-checks cross-compilation from
Linux to Windows.
* Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project.
## LibVNCServer/LibVNCClient:
* Both LibVNCServer and LibVNCClient now support an additional platform, namely
Microsoft Windows. Building is supported with Visual Studio as well as MingGW.
* The separate crypto routines used by LibVNCClient and LibVNCServer were refactored
into an implementation common to both libraries.
* Several security issues got fixed.
* The bundled noVNC client is now at version 1.1.0 and included via a git submodule.
## LibVNCClient:
* Added connect timeout as well as read timeout support thanks to Tobias Junghans.
* Both TLS backends now do proper locking of network operations when multi-threaded
thanks to Gaurav Ujjwal.
* Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC.
* Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end.
Made possible by the profound research done by Gaurav Ujjwal.
## LibVNCServer:
* Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver
rfbFramebufferUpdateRequest messages from clients to the frame producer
thanks to Jae Hyun Yoo.
* Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos.
* Added multi-threading support for MS Windows.
* Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/LibVNCServer?expand=0&rev=60
- update to version 0.9.12
- Overall changes:
* CMake now is the default build system, Autotools were removed.
* In addition to TravisCI, all commits are now build-tested by AppVeyorCI.
- LibVNCServer/LibVNCClient:
* Numerous build fixes for Visual Studio compilers to the extent that
one can now _build_ the project with these. The needed changes for
successfully _running_ stuff will be implemented in 0.9.13.
* Fixed building for Android and added build instructions.
* Removed the unused PolarSSL wrapper.
* Updated the bundled noVNC to latest release 1.0.0.
* Allowed to use global LZO library instead of miniLZO.
- LibVNCClient:
* Support for OpenSSL 1.1.x.
* Support for overriding the default rectangle decode handlers (with
hardware-accelerated ones for instance) thanks to Balazs Ludmany.
* vnc2mpg updated.
* Added support for X509 server certificate verification as part of the
handshake process thanks to Simon Waterman.
* Added a TRLE decoder thanks to Wiki Wang.
* Included Tight decoding optimizations from TurboVNC thanks to DRC.
* Ported the SDL viewer from SDL 1.2 to SDL 2.0.
* Numerous security fixes.
* Added support for custom auth handlers in order to support additional
security types.
- LibVNCServer:
* Websockets rework to remove obsolete code thanks to Andreas Weigel.
* Ensured compatibility with gtk-vnc 0.7.0+ thanks to Michał Kępień.
* The built-in webserver now sends correct MIME type for Javascript.
* Numerous memory management issues fixed.
OBS-URL: https://build.opensuse.org/request/show/671855
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/LibVNCServer?expand=0&rev=44
- security update
* CVE-2018-15126 [bsc#1120114]
+ LibVNCServer-CVE-2018-15126.patch
* CVE-2018-6307 [bsc#1120115]
+ LibVNCServer-CVE-2018-6307.patch
* CVE-2018-20020 [bsc#1120116]
+ LibVNCServer-CVE-2018-20020.patch
* CVE-2018-15127 [bsc#1120117]
+ LibVNCServer-CVE-2018-15127.patch
* CVE-2018-20019 [bsc#1120118]
+ LibVNCServer-CVE-2018-20019.patch
* CVE-2018-20023 [bsc#1120119]
+ LibVNCServer-CVE-2018-20023.patch
* CVE-2018-20022 [bsc#1120120]
+ LibVNCServer-CVE-2018-20022.patch
* CVE-2018-20024 [bsc#1120121]
+ LibVNCServer-CVE-2018-20024.patch
* CVE-2018-20021 [bsc#1120122]
+ LibVNCServer-CVE-2018-20021.patch
- Update to version 0.9.11
Overall changes:
LibVNCServer/LibVNCClient development now uses continous intregration,
provided by TravisCI.
LibVNCClient:
Now initializes libgcrypt before use if the application did not do it.
Fixes a crash when connection to Mac hosts
(#45).
Various fixes that result in more stable handling of malicious or broken
servers.
OBS-URL: https://build.opensuse.org/request/show/662702
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/LibVNCServer?expand=0&rev=42
- Update to version 0.9.10
+ Moved the whole project from sourceforge to https://libvnc.github.io/.
+ Cleaned out the autotools build system which now uses autoreconf.
+ Updated noVNC HTML5 client to latest version.
+ Split out x11vnc sources into separate repository at
https://github.com/LibVNC/x11vnc
+ Split out vncterm sources into separate repository at
https://github.com/LibVNC/vncterm
+ Split out VisualNaCro sources into separate repository at
https://github.com/LibVNC/VisualNaCro
+ Merged Debian patches.
+ Fixed some security-related buffer overflow cases.
+ Added compatibility headers to make LibVNCServer/LibVNCClient
build on native Windows 8.
+ Update LZO to version 2.07, fixing CVE-2014-4607.
+ Merged patches from KDE/krfb.
+ Can now do IPv6 without IPv4.
+ Fixed a use-after-free issue in scale.c.
- Update Url and download source to new project home
- Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it
out of main tarball
- Rebase libvncserver-ossl.patch to upstream changes
> libvncserver-0.9.10-ossl.patch
- Remove linuxvnc subpackage; like x11vnc, it has been splited out
but is depreciated and unmaintained.
OBS-URL: https://build.opensuse.org/request/show/265357
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/LibVNCServer?expand=0&rev=34
