Accepting request 1296230 from X11:Wayland

- Update to 0.9.5: * Sending an illegal security type would result in use-after-free. * The required size for the alpha map for cursors was incorrectly calculated. This resulted in a heap-overflow under some circumstances. * The buffer transform for the cursor was being applied to the cursor hotspot. The buffer transform does not apply to the hotspot, so undoing the transform is incorrect. This resulted in the cursor being offset from the correct hotspot. OBS-URL: https://build.opensuse.org/request/show/1296230 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/neatvnc?expand=0&rev=18
- Update to 0.9.5:
2025-07-30 09:44:32 +00:00 · 2025-07-29 05:21:51 +00:00 · 2025-03-03 15:43:30 +00:00 · 2025-03-03 08:10:18 +00:00 · 2025-02-24 14:48:42 +00:00 · 2025-02-23 18:25:30 +00:00
6 changed files with 43 additions and 9 deletions
--- a/4
+++ b/4
@@ -3,8 +3,8 @@
  <service name="obs_scm" mode="manual">
    <param name="scm">git</param>
    <param name="url">https://github.com/any1/neatvnc.git</param>
-    <param name="revision">4c37ae9349f16a255cd3e95ed7931c71e6abf8fc</param>
-    <param name="versionformat">0.9.2</param>
+    <param name="revision">af5811b75e63f53d1d1f1f3f337387553a96786a</param>
+    <param name="versionformat">0.9.5</param>
  </service>
  <service name="tar" mode="manual"/>
  <service name="recompress" mode="manual">
--- a/neatvnc-0.9.2.tar.xz
+++ b/neatvnc-0.9.2.tar.xz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:310f33ff7ba0a2cf248e12e18557efd1374dac4a256ae3ee2f9dcd71d3e4600d
-size 785168
--- a/neatvnc-0.9.5.tar.xz
+++ b/neatvnc-0.9.5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:99cdddd640aa00f649f5dd1325f1ed8169c50aacdc057ea4b6cf4287eea52a3f
+size 785396
--- a/neatvnc.changes
+++ b/neatvnc.changes
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Tue Jul 29 05:19:43 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 0.9.5:
+  * Sending an illegal security type would result in use-after-free.
+  * The required size for the alpha map for cursors was incorrectly
+    calculated. This resulted in a heap-overflow under some circumstances.
+  * The buffer transform for the cursor was being applied to the
+    cursor hotspot. The buffer transform does not apply to the hotspot,
+    so undoing the transform is incorrect. This resulted in the cursor
+    being offset from the correct hotspot.
+
+-------------------------------------------------------------------
+Mon Mar  3 08:09:46 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 0.9.4:
+  * The last release leaked client resources and would keep capturing
+    after all clients closed their connection. This release fixes
+    that and a double-free on exit.
+
+-------------------------------------------------------------------
+Sun Feb 23 18:23:21 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 0.9.3:
+  * Fix some instances of use-after-free that can be reached before
+    authentication takes place. Those should be viewed as potential
+    vulnerabilities, so it would be prudent to upgrade ASAP if you're
+    running Neat VNC on the internet.
+  * Fix a few issues with WebSockets. One of those bugs will allow
+    an unauthenticated client to put the server into an endless
+    loop when parsing HTTP headers. There were also problems with
+    ping message handling and the way some legacy clients/browsers
+    were being dealt with that he fixed.
+
 -------------------------------------------------------------------
 Mon Dec 30 11:06:23 UTC 2024 - Michael Vetter <mvetter@suse.com>

--- a/neatvnc.obsinfo
+++ b/neatvnc.obsinfo
@@ -1,4 +1,4 @@
 name: neatvnc
-version: 0.9.2
-mtime: 1733604143
-commit: 4c37ae9349f16a255cd3e95ed7931c71e6abf8fc
+version: 0.9.5
+mtime: 1740304370
+commit: af5811b75e63f53d1d1f1f3f337387553a96786a
--- a/neatvnc.spec
+++ b/neatvnc.spec
@@ -19,7 +19,7 @@
 %define libsoname libneatvnc0

 Name:           neatvnc
-Version:        0.9.2
+Version:        0.9.5
 Release:        0
 Summary:        A VNC server library
 License:        ISC
Author	SHA256	Message	Date
Dominique Leuenberger	142c68f3db	Accepting request 1296230 from X11:Wayland - Update to 0.9.5: * Sending an illegal security type would result in use-after-free. * The required size for the alpha map for cursors was incorrectly calculated. This resulted in a heap-overflow under some circumstances. * The buffer transform for the cursor was being applied to the cursor hotspot. The buffer transform does not apply to the hotspot, so undoing the transform is incorrect. This resulted in the cursor being offset from the correct hotspot. OBS-URL: https://build.opensuse.org/request/show/1296230 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/neatvnc?expand=0&rev=18	2025-07-30 09:44:32 +00:00
Michael Vetter	ee09bca060	- Update to 0.9.5: * Sending an illegal security type would result in use-after-free. * The required size for the alpha map for cursors was incorrectly calculated. This resulted in a heap-overflow under some circumstances. * The buffer transform for the cursor was being applied to the cursor hotspot. The buffer transform does not apply to the hotspot, so undoing the transform is incorrect. This resulted in the cursor being offset from the correct hotspot. OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/neatvnc?expand=0&rev=38	2025-07-29 05:21:51 +00:00
Ana Guerrero	301c8a30de	Accepting request 1249618 from X11:Wayland - Update to 0.9.4: * The last release leaked client resources and would keep capturing after all clients closed their connection. This release fixes that and a double-free on exit. OBS-URL: https://build.opensuse.org/request/show/1249618 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/neatvnc?expand=0&rev=17	2025-03-03 15:43:30 +00:00
Michael Vetter	088941ea8e	- Update to 0.9.4: * The last release leaked client resources and would keep capturing after all clients closed their connection. This release fixes that and a double-free on exit. OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/neatvnc?expand=0&rev=36	2025-03-03 08:10:18 +00:00
Dominique Leuenberger	dbac61387c	Accepting request 1247934 from X11:Wayland - Update to 0.9.3: * Fix some instances of use-after-free that can be reached before authentication takes place. Those should be viewed as potential vulnerabilities, so it would be prudent to upgrade ASAP if you're running Neat VNC on the internet. * Fix a few issues with WebSockets. One of those bugs will allow an unauthenticated client to put the server into an endless loop when parsing HTTP headers. There were also problems with ping message handling and the way some legacy clients/browsers were being dealt with that he fixed. OBS-URL: https://build.opensuse.org/request/show/1247934 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/neatvnc?expand=0&rev=16	2025-02-24 14:48:42 +00:00
Michael Vetter	121f2789b7	- Update to 0.9.3: * Fix some instances of use-after-free that can be reached before authentication takes place. Those should be viewed as potential vulnerabilities, so it would be prudent to upgrade ASAP if you're running Neat VNC on the internet. * Fix a few issues with WebSockets. One of those bugs will allow an unauthenticated client to put the server into an endless loop when parsing HTTP headers. There were also problems with ping message handling and the way some legacy clients/browsers were being dealt with that he fixed. OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/neatvnc?expand=0&rev=34	2025-02-23 18:25:30 +00:00