- TigerVNC security fix:
0001-Make-ZlibInStream-more-robust-against-failures.patch
0002-Encapsulate-PixelBuffer-internal-details.patch
0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch
0004-Add-write-protection-to-OffsetPixelBuffer.patch
0005-Handle-empty-Tight-gradient-rects.patch
0006-Add-unit-test-for-PixelFormat-sanity-checks.patch
0007-Fix-depth-sanity-test-in-PixelFormat.patch
0008-Add-sanity-checks-for-PixelFormat-shift-values.patch
0009-Remove-unused-FixedMemOutStream.patch
0010-Use-size_t-for-lengths-in-stream-objects.patch
0011-Be-defensive-about-overflows-in-stream-objects.patch
0012-Add-unit-tests-for-PixelFormat.is888-detection.patch
0013-Handle-pixel-formats-with-odd-shift-values.patch
* stack use-after-return due to incorrect usage of stack memory
in ZRLEDecoder (CVE-2019-15691, bsc#1159856)
* improper value checks in CopyRectDecode may lead to heap
buffer overflow (CVE-2019-15692, bsc#1160250)
* heap buffer overflow in TightDecoder::FilterGradient
(CVE-2019-15693, bsc#1159858)
* improper error handling in processing MemOutStream may lead
to heap buffer overflow (CVE-2019-15694, bsc#1160251
* stack buffer overflow, which could be triggered from
CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860)
OBS-URL: https://build.opensuse.org/request/show/762160
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=62
0001-Make-ZlibInStream-more-robust-against-failures.patch
0002-Encapsulate-PixelBuffer-internal-details.patch
0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch
0004-Add-write-protection-to-OffsetPixelBuffer.patch
0005-Handle-empty-Tight-gradient-rects.patch
0006-Add-unit-test-for-PixelFormat-sanity-checks.patch
0007-Fix-depth-sanity-test-in-PixelFormat.patch
0008-Add-sanity-checks-for-PixelFormat-shift-values.patch
0009-Remove-unused-FixedMemOutStream.patch
0010-Use-size_t-for-lengths-in-stream-objects.patch
0011-Be-defensive-about-overflows-in-stream-objects.patch
0012-Add-unit-tests-for-PixelFormat.is888-detection.patch
0013-Handle-pixel-formats-with-odd-shift-values.patch
* stack use-after-return due to incorrect usage of stack memory
in ZRLEDecoder (CVE-2019-15691, bsc#1159856)
* improper value checks in CopyRectDecode may lead to heap
buffer overflow (CVE-2019-15692, bsc#1160250)
* heap buffer overflow in TightDecoder::FilterGradient
(CVE-2019-15693, bsc#1159858)
* improper error handling in processing MemOutStream may lead
to heap buffer overflow (CVE-2019-15694, bsc#1160251
* stack buffer overflow, which could be triggered from
CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=168
- tigervnc-1.10.0
* The clipboard now supports full Unicode in the native viewer, WinVNC and Xvnc/libvnc.so
* The native client will now respect the system trust store when verifying server certificates
* Improved compatibility with VMware's VNC server
* Improved compatibility with some input methods on macOS
* Improvements to the automatic "repair" of JPEG artefacts
* Better handling of the Alt keys in some corner cases
* The Java web server has been removed as applets are no longer support by most browsers
* x0vncserver can now be configured to only allow local connections
* x0vncserver has received fixes for when only part of the display is shared
* Polling is now default in WinVNC as that works better for most
OBS-URL: https://build.opensuse.org/request/show/753184
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=167
- Update with-vnc-key.sh to use only hostname for CN.
The gnutls introduces gnutls_x509_crt_check_hostname2 in
gnutls/lib/x509/hostname-verify.c#L159 to check if the given
certificate's subject matches the given hostname.
The function is used by the recent version of libvncclient which
will fail to verify the certification if there is a mismatching
between the connected hostname and the cert issuer's common name.
https://github.com/LibVNC/libvncserver/commit/cc69ee9
So the previous way to generate the vnc server's cert brings a
complicated CN, making the client using libvncclient
(e.g. vinagre, remmina) hard to adapt the hostname check. It is
better to populate the hostname as the common name without extra
strings.
OBS-URL: https://build.opensuse.org/request/show/688610
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=159
- Update to tigervnc 1.9.0
* Alternative, "raw" keyboard mode in the native client and all servers
* CapsLock/NumLock/ScrollLock synchronisation in the native client and all servers
* Automatic "repair" of JPEG artefacts on screen in all servers
* Support for UNIX sockets in the native client and in the UNIX servers
* Both clients now warn when sending the password over a possibly insecure channel
* Performance improvements in the Java client
* The Java client now requires Java 7
* Improved high latency handling in all servers
* Slightly better keyboard handling in x0vncserver
* x0vncserver now supports cursors and screen resize
* Xorg 1.20 can now be used as a base for Xvnc/libvnc.so
- Removed patches (included in 1.9.0):
* u_tigervnc-show-unencrypted-warning.patch
* U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch
* U_handle_certificate_verification_for_saved_certs_correctly.patch
* u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch
* u_add-support-for-X-server-1.20.0.patch
* U_vncviewer-Fix-fullscreen-scrolling.patch
* U_vncviewer-Fix-scrollbar-visibility.patch
- Removed patches (no longer needed):
* tigervnc-1.8.0-nowindows.patch
- Refreshed patches:
* n_tigervnc-date-time.patch
* tigervnc-clean-pressed-key-on-exit.patch
* u_tigervnc-add-autoaccept-parameter.patch
* u_tigervnc-ignore-epipe-on-write.patch
- Added patches:
* n_correct_path_in_desktop_file.patch
- Fixed typo in 10-libvnc.conf
OBS-URL: https://build.opensuse.org/request/show/627036
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=145