34179ea7cb
- version update to 0.9.14 ## Overall changes: * Added more documentation (build system integration, repeater setup) and a legal FAQ. * Added [contribution guidelines](CONTRIBUTING.md). * Ported the TravisCI continous integration machinery to GitHub workflows. ## LibVNCServer/LibVNCClient: * Added [qemu extended key event]. * Fixed several potential multiplication overflows. ## LibVNCClient: * Fixes of several memory leaks and buffer overflows. * Added UltraVNC's MSLogonII authentication scheme. * Fixed TLS interoperability with GnuTLS servers. * Fixed detection of newer UltraVNC and TightVNC servers. * Added support for [SetDesktopSize]. * Added SSH tunneling example using libssh2. * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers. ## LibVNCServer: * Fixes to the multi-threaded server implementation which should be a lot more sound now. * Fixed TightVNC-filetransfer file upload for 64-bit systems. * Fixes of crashes in the zlib compression. * Added support for [UTF8 clipboard data]. * Fixed visual artifacts in framebuffer on ARM platforms. * Fixed several WebSockets bugs. * Fixed the UltraVNC-style repeater example. * Added support for larger framebuffers (two 4k screens possible now). * Added support for timeouts for outbound connections (to repeaters for instance). * Fixed out-of-bounds memory access in Tight encoding. - modified patches % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed) % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
Petr Gajdos2023-06-23 14:47:24 +00:00
3f8ca4a0dc
- version update to 0.9.14 ## Overall changes: * Added more documentation (build system integration, repeater setup) and a legal FAQ. * Added [contribution guidelines](CONTRIBUTING.md). * Ported the TravisCI continous integration machinery to GitHub workflows. ## LibVNCServer/LibVNCClient: * Added [qemu extended key event]. * Fixed several potential multiplication overflows. ## LibVNCClient: * Fixes of several memory leaks and buffer overflows. * Added UltraVNC's MSLogonII authentication scheme. * Fixed TLS interoperability with GnuTLS servers. * Fixed detection of newer UltraVNC and TightVNC servers. * Added support for [SetDesktopSize]. * Added SSH tunneling example using libssh2. * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers. ## LibVNCServer: * Fixes to the multi-threaded server implementation which should be a lot more sound now. * Fixed TightVNC-filetransfer file upload for 64-bit systems. * Fixes of crashes in the zlib compression. * Added support for [UTF8 clipboard data]. * Fixed visual artifacts in framebuffer on ARM platforms. * Fixed several WebSockets bugs. * Fixed the UltraVNC-style repeater example. * Added support for larger framebuffers (two 4k screens possible now). * Added support for timeouts for outbound connections (to repeaters for instance). * Fixed out-of-bounds memory access in Tight encoding. - modified patches % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed) % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
Petr Gajdos2023-06-23 14:47:24 +00:00
eda0463099
- purposedly adding just this changelog entry - previous version updates fixed also: * CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c * CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite * CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes * CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS * CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak * CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c * CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c * CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock() * CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c * CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. * CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service * CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. * CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings. * CVE-2020-14403 [bsc#1173701] * CVE-2020-14404 [bsc#1173701]
Petr Gajdos2021-09-17 09:13:27 +00:00
0019a553ed
- purposedly adding just this changelog entry - previous version updates fixed also: * CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c * CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite * CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes * CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS * CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak * CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c * CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c * CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock() * CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c * CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. * CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service * CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. * CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings. * CVE-2020-14403 [bsc#1173701] * CVE-2020-14404 [bsc#1173701]
Petr Gajdos2021-09-17 09:13:27 +00:00
b53ff28ae7
- version update to 0.9.13 [bsc#1173477]
Petr Gajdos2020-06-30 06:52:30 +00:00
c16faa1dd8
- version update to 0.9.13 [bsc#1173477]
Petr Gajdos2020-06-30 06:52:30 +00:00
f0e1496500
- version update to 0.9.13 ## Overall changes: * Small tweaks to the CMake build system. * The macOS server example was overhauled and is now the most feature-complete sample application of the project, ready for real-world use. * Lots of documentation updates and markdownifying. * The TravisCI continuous integration now also build-checks cross-compilation from Linux to Windows. * Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project. ## LibVNCServer/LibVNCClient: * Both LibVNCServer and LibVNCClient now support an additional platform, namely Microsoft Windows. Building is supported with Visual Studio as well as MingGW. * The separate crypto routines used by LibVNCClient and LibVNCServer were refactored into an implementation common to both libraries. * Several security issues got fixed. * The bundled noVNC client is now at version 1.1.0 and included via a git submodule. ## LibVNCClient: * Added connect timeout as well as read timeout support thanks to Tobias Junghans. * Both TLS backends now do proper locking of network operations when multi-threaded thanks to Gaurav Ujjwal. * Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC. * Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end. Made possible by the profound research done by Gaurav Ujjwal. ## LibVNCServer: * Added a hooking function (clientFramebufferUpdateRequestHook) to deliver rfbFramebufferUpdateRequest messages from clients to the frame producer thanks to Jae Hyun Yoo. * Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos. * Added multi-threading support for MS Windows. * Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
Petr Gajdos2020-06-30 06:51:13 +00:00
8fed7fb8c3
- version update to 0.9.13 ## Overall changes: * Small tweaks to the CMake build system. * The macOS server example was overhauled and is now the most feature-complete sample application of the project, ready for real-world use. * Lots of documentation updates and markdownifying. * The TravisCI continuous integration now also build-checks cross-compilation from Linux to Windows. * Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project. ## LibVNCServer/LibVNCClient: * Both LibVNCServer and LibVNCClient now support an additional platform, namely Microsoft Windows. Building is supported with Visual Studio as well as MingGW. * The separate crypto routines used by LibVNCClient and LibVNCServer were refactored into an implementation common to both libraries. * Several security issues got fixed. * The bundled noVNC client is now at version 1.1.0 and included via a git submodule. ## LibVNCClient: * Added connect timeout as well as read timeout support thanks to Tobias Junghans. * Both TLS backends now do proper locking of network operations when multi-threaded thanks to Gaurav Ujjwal. * Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC. * Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end. Made possible by the profound research done by Gaurav Ujjwal. ## LibVNCServer: * Added a hooking function (clientFramebufferUpdateRequestHook) to deliver rfbFramebufferUpdateRequest messages from clients to the frame producer thanks to Jae Hyun Yoo. * Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos. * Added multi-threading support for MS Windows. * Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
Petr Gajdos2020-06-30 06:51:13 +00:00
5bfbbc96fa
- deleted patches - LibVNCServer-CVE-2018-20749.patch (mistakenly added, it is already part of 0.9.12)
Petr Gajdos2020-05-04 13:50:18 +00:00
cc7f4421b3
- deleted patches - LibVNCServer-CVE-2018-20749.patch (mistakenly added, it is already part of 0.9.12)
Petr Gajdos2020-05-04 13:50:18 +00:00
Petr Gajdos
Ana Guerrero
Petr Gajdos
Dominique Leuenberger
Dirk Mueller
Jan Engelhardt
Adam Majer
Marcus Meissner
Ismail Dönmez
Stephan Kulow
Cristian Rodríguez