2d65b03a40
- Update to 0.9.5: * Sending an illegal security type would result in use-after-free. * The required size for the alpha map for cursors was incorrectly calculated. This resulted in a heap-overflow under some circumstances. * The buffer transform for the cursor was being applied to the cursor hotspot. The buffer transform does not apply to the hotspot, so undoing the transform is incorrect. This resulted in the cursor being offset from the correct hotspot.
Michael Vetter2025-07-29 05:21:51 +00:00
286161a894
Accepting request 1249618 from X11:Wayland
Ana Guerrero2025-03-03 15:43:30 +00:00
450e44ff5f
- Update to 0.9.4: * The last release leaked client resources and would keep capturing after all clients closed their connection. This release fixes that and a double-free on exit.
Michael Vetter2025-03-03 08:10:18 +00:00
340e142d88
- Update to 0.9.3: * Fix some instances of use-after-free that can be reached before authentication takes place. Those should be viewed as potential vulnerabilities, so it would be prudent to upgrade ASAP if you're running Neat VNC on the internet. * Fix a few issues with WebSockets. One of those bugs will allow an unauthenticated client to put the server into an endless loop when parsing HTTP headers. There were also problems with ping message handling and the way some legacy clients/browsers were being dealt with that he fixed.
Michael Vetter2025-02-23 18:25:30 +00:00
1a598e9a51
- Update to 0.9.2: * This patch release adds missing bounds checks. Two buffer overflow vulnerabilities were reported by Frederik Reiter who also provided patches to fix them. There are potential security implications, but only authenticated clients would be able to exploit these vulnerabilities, if at all. Nevertheless, it is prudent to update as soon as possible.
Michael Vetter2025-01-07 10:56:20 +00:00
aa42b80abe
- Update to 0.9.2: * This patch release adds missing bounds checks. Two buffer overflow vulnerabilities were reported by Frederik Reiter who also provided patches to fix them. There are potential security implications, but only authenticated clients would be able to exploit these vulnerabilities, if at all. Nevertheless, it is prudent to update as soon as possible.
Michael Vetter2025-01-07 10:56:20 +00:00
d3fa733938
Accepting request 1217333 from X11:Wayland
Ana Guerrero2024-10-23 19:14:03 +00:00
d798974745
Accepting request 1217333 from X11:Wayland
Ana Guerrero2024-10-23 19:14:03 +00:00
15270f9dc5
I'm sorry, I forgot to remove this file as part of the previous SR. I don't think it deserves a changelog entry since submitting the file was a mistake that shouldn't have never been in obs.
Michael Vetter2024-10-23 11:27:57 +00:00
d8bb8f3bf4
Accepting request 1217318 from home:alarrosa:branches:X11:Wayland
Michael Vetter2024-10-23 11:27:57 +00:00
62a03f6a4c
- Update to 0.8.1+git20241008.b539421 adding a _service file to get the sources from git. This fixes a FTBFS with ffmpeg-7 in Factory. Note that we can't use @PARENT_TAG@ in the _service file because 0.8.1 was branched from the v0.8 branch so using it would look like going back to 0.8.0. - Add a patch to keep building with older ffmpeg versions too as well as find the gmp dependency, which can't be found using pkgconfig in 15.6: * fix-build-in-15.6.patch
Michael Vetter2024-10-23 10:11:19 +00:00
b4e2ce8e52
Accepting request 1217303 from home:alarrosa:branches:X11:Wayland
Michael Vetter2024-10-23 10:11:19 +00:00
4beca30166
- bsc#1228777 (CVE-2024-42458) Update to 0.8.1:
Michael Vetter2024-08-02 07:02:20 +00:00
3db0a1dcbc
- bsc#1228777 (CVE-2024-42458) Update to 0.8.1:
Michael Vetter2024-08-02 07:02:20 +00:00
b978a0d10b
- Update to 0.8.1: * Add sanity check for chosen security type
Michael Vetter2024-08-02 06:26:10 +00:00
c911b16fc6
- Update to 0.8.1: * Add sanity check for chosen security type
Michael Vetter2024-08-02 06:26:10 +00:00
0a6f39ef67
Accepting request 1150570 from X11:Wayland
Ana Guerrero2024-02-26 18:45:33 +00:00
7f9dc0d027
Accepting request 1150570 from X11:Wayland
Ana Guerrero2024-02-26 18:45:33 +00:00
ffbc1ae29d
- Update to 0.8.0: Highlights: * The colour map pixel format as described in RFC 6143 has been implemented. Before, the client would just get disconnected if they requested it. Now they get a map that emulates RGB332. * Momentary interception of log messages. The user can now set a thread-local log hander and then set it back to the default. * Philip Zabel made the code more consistent with the style guide. Breaking Changes: * nvnc_client_get_hostname has been replaced with nvnc_client_get_address Bugfixes: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup.
Michael Vetter2024-02-26 07:15:48 +00:00
342a4bd56a
- Update to 0.8.0: Highlights: * The colour map pixel format as described in RFC 6143 has been implemented. Before, the client would just get disconnected if they requested it. Now they get a map that emulates RGB332. * Momentary interception of log messages. The user can now set a thread-local log hander and then set it back to the default. * Philip Zabel made the code more consistent with the style guide. Breaking Changes: * nvnc_client_get_hostname has been replaced with nvnc_client_get_address Bugfixes: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup.
Michael Vetter2024-02-26 07:15:48 +00:00
3ad320ba12
Accepting request 1143746 from X11:Wayland
Ana Guerrero2024-02-04 18:07:54 +00:00
522e2e0720
Accepting request 1143746 from X11:Wayland
Ana Guerrero2024-02-04 18:07:54 +00:00
e7b9fb60b0
- Update to 0.7.2: * Clients are now allowed to request more than 32 encodings (#108) * Zlib streams are now preserved when a client switches between encodings (#109)
Michael Vetter2024-02-03 06:41:19 +00:00
c209e4845d
- Update to 0.7.2: * Clients are now allowed to request more than 32 encodings (#108) * Zlib streams are now preserved when a client switches between encodings (#109)
Michael Vetter2024-02-03 06:41:19 +00:00
361c2f6249
Accepting request 1123502 from X11:Wayland
Ana Guerrero2023-11-06 20:14:10 +00:00
0de2162502
Accepting request 1123502 from X11:Wayland
Ana Guerrero2023-11-06 20:14:10 +00:00
c4f838bb89
- Update to 0.7.1: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup.
Michael Vetter2023-11-06 08:00:48 +00:00
a20e7962d8
- Update to 0.7.1: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup.
Michael Vetter2023-11-06 08:00:48 +00:00
11ab08c81e
Accepting request 1115753 from X11:Wayland
Ana Guerrero2023-10-05 18:04:46 +00:00
7953d774f5
Accepting request 1115753 from X11:Wayland
Ana Guerrero2023-10-05 18:04:46 +00:00
c78ad7b943
- Update to 0.7.0: * Desktop resizing * Software pixel buffers with less than 32 bits per pixel are now supported * The server may now choose to open a websocket instead of a regular TCP socket * The RSA-AES and RSA-AES-256 security types have now been implemented * A Diffie-Hellman based security type frame Apple is also implemented, although not recommended * Murmurhash in the damage refinery has been replaced with xxHash, which performs much better in my tests so far * Users should now get proper feedback when authentication fails
Michael Vetter2023-10-05 07:45:40 +00:00
673acb8e3f
- Update to 0.7.0: * Desktop resizing * Software pixel buffers with less than 32 bits per pixel are now supported * The server may now choose to open a websocket instead of a regular TCP socket * The RSA-AES and RSA-AES-256 security types have now been implemented * A Diffie-Hellman based security type frame Apple is also implemented, although not recommended * Murmurhash in the damage refinery has been replaced with xxHash, which performs much better in my tests so far * Users should now get proper feedback when authentication fails
Michael Vetter2023-10-05 07:45:40 +00:00
00e8bcf1c0
- Update to 0.6.0: Highlights: * The client now has control over h264 quality settings * Left & right scrolling is now supported * A custom framebuffer allocator function can now be assigned * The following functions have been added + A function for querying client side cursor support + A function to get the hostname of a connected client + A function to get the credentials of an authenticated client + A function for listing connected clients + A function for disconnecting a client Bug fixes: * A race condition when a client tries to resize the display before it has an encoder * Cursor buffers are now freed on close * Various race conditions in encoders * Spurious exits due to SIGPIPE * Occasional leaked buffers when clients disconnect * Clients no longer linger on exit with TLS
Michael Vetter2023-01-23 16:54:35 +00:00
18935f4dc5
- Update to 0.6.0: Highlights: * The client now has control over h264 quality settings * Left & right scrolling is now supported * A custom framebuffer allocator function can now be assigned * The following functions have been added + A function for querying client side cursor support + A function to get the hostname of a connected client + A function to get the credentials of an authenticated client + A function for listing connected clients + A function for disconnecting a client Bug fixes: * A race condition when a client tries to resize the display before it has an encoder * Cursor buffers are now freed on close * Various race conditions in encoders * Spurious exits due to SIGPIPE * Occasional leaked buffers when clients disconnect * Clients no longer linger on exit with TLS
Michael Vetter2023-01-23 16:54:35 +00:00
304896566c
- Update to 0.5.4: * This fixes stalling during h264 encoding. The FFmpeg devs seem to think that it's normal to change the default behaviour of their code, so this needs to be fixed here instead.
Michael Vetter2022-11-07 22:55:08 +00:00
f47499cb13
- Update to 0.5.4: * This fixes stalling during h264 encoding. The FFmpeg devs seem to think that it's normal to change the default behaviour of their code, so this needs to be fixed here instead.
Michael Vetter2022-11-07 22:55:08 +00:00
53c02aa7ba
Accepting request 875904 from X11:Wayland
Richard Brown
2021-03-02 11:34:24 +00:00
560f508ae4
Accepting request 875904 from X11:Wayland
Richard Brown
2021-03-02 11:34:24 +00:00
bdbc9493fc
Accepting request 875828 from home:dirkmueller:Factory
Michael Vetter2021-03-01 08:27:24 +00:00
2995b1803d
Accepting request 875828 from home:dirkmueller:Factory
Michael Vetter2021-03-01 08:27:24 +00:00
Dominique Leuenberger
Michael Vetter
Ana Guerrero
Richard Brown
Jan Engelhardt