* Sending an illegal security type would result in use-after-free.
* The required size for the alpha map for cursors was incorrectly
calculated. This resulted in a heap-overflow under some circumstances.
* The buffer transform for the cursor was being applied to the
cursor hotspot. The buffer transform does not apply to the hotspot,
so undoing the transform is incorrect. This resulted in the cursor
being offset from the correct hotspot.
OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/neatvnc?expand=0&rev=38
* Fix some instances of use-after-free that can be reached before
authentication takes place. Those should be viewed as potential
vulnerabilities, so it would be prudent to upgrade ASAP if you're
running Neat VNC on the internet.
* Fix a few issues with WebSockets. One of those bugs will allow
an unauthenticated client to put the server into an endless
loop when parsing HTTP headers. There were also problems with
ping message handling and the way some legacy clients/browsers
were being dealt with that he fixed.
OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/neatvnc?expand=0&rev=34
* This patch release adds missing bounds checks.
Two buffer overflow vulnerabilities were reported by Frederik
Reiter who also provided patches to fix them.
There are potential security implications, but only authenticated
clients would be able to exploit these vulnerabilities, if at all.
Nevertheless, it is prudent to update as soon as possible.
- Update to 0.9.1:
* Fix a data type mismatch in the clipboard code that caused the
build to fail for 32 bit architectures.
- Update to 0.9.0:
Highlights:
* A v4l2m2m based H.264 encoder that works on Raspberry Pi 1 to 4,
sponsored by Raspberry Pi Ltd.
* Extended clipboard for UTF-8 text was implemented by Attila Fidan.
* Listening on a pre-bound file descriptor, implemented by Attila Fidan.
* The continuous updates extension was implemented by Philipp Zabel.
* We now have simple bandwidth estimation and improved frame pacing.
* Methods for rating pixel formats and modifiers have according to Neat VNC's
preferences have been added.
* The Qemu/VMWare LED state extensions have been implemented.
* H.264 encoders will now encode the correct colour space into the elementary
stream.
Bug fixes:
* Some memory leaks and reference counting errors have been eradicated.
* A race between resizing events and framebuffer updates that would cause a
buffer with the previous size to be sent after a resize event has been fixed.
* Buffers with 24 bits per pixel will now result in 32 bpp being reported to
OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/neatvnc?expand=0&rev=31
- Update to 0.8.1+git20241008.b539421 adding a _service file to
get the sources from git. This fixes a FTBFS with ffmpeg-7 in
Factory. Note that we can't use @PARENT_TAG@ in the _service
file because 0.8.1 was branched from the v0.8 branch so using it
would look like going back to 0.8.0.
- Add a patch to keep building with older ffmpeg versions too
as well as find the gmp dependency, which can't be found using
pkgconfig in 15.6:
* fix-build-in-15.6.patch
OBS-URL: https://build.opensuse.org/request/show/1217303
OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/neatvnc?expand=0&rev=28
