- Update to tigervnc 1.12.0
* The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed
* Recent server history in the native viewer
* The native viewer now has an option to reconnect if the connection is dropped
* Translations are now enabled on Windows and macOS for the native viewer
* The native viewer now respects the system security policy
* Better handling of accented keys in the Java viewer
* The Unix servers can now listen to both a Unix socket and a TCP port at the same time
* The network code in both the servers and the native viewer has been restructured to give a more responsive experience
* The vncserver service now correctly handles settings set to "0"
* Fixed the clipboard Unicode handling in both the native viewer and the servers
* Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games
- Update to tigervnc 1.11.0
* A security issue has been fixed in how the viewers handle TLS certificate exceptions
* vncserver has gotten a major redesign to be compatible with modern distributions
* The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel)
* Middle mouse button emulation in the native viewer, for devices with only two mouse buttons
* The Java viewer now supports Java 9+, but also now requires Java 8+
* Support for alpha cursors in the Java viewer (a feature already supported in the native viewer)
* The password and username can now be specified via the environment for the native viewer
* Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16
* The official builds have been fixed to work on the upcoming macOS 11
* The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy
- Removed patches (included in 1.12.0):
* U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
* tigervnc-fix-saving-of-bad-server-certs.patch
* u_xorg-server-1.20.7-ddxInputThreadInit.patch
* U_0001-Properly-store-certificate-exceptions.patch
* U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
* tigervnc-FIPS-use-RFC7919.patch
OBS-URL: https://build.opensuse.org/request/show/955605
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=221
0001-Make-ZlibInStream-more-robust-against-failures.patch
0002-Encapsulate-PixelBuffer-internal-details.patch
0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch
0004-Add-write-protection-to-OffsetPixelBuffer.patch
0005-Handle-empty-Tight-gradient-rects.patch
0006-Add-unit-test-for-PixelFormat-sanity-checks.patch
0007-Fix-depth-sanity-test-in-PixelFormat.patch
0008-Add-sanity-checks-for-PixelFormat-shift-values.patch
0009-Remove-unused-FixedMemOutStream.patch
0010-Use-size_t-for-lengths-in-stream-objects.patch
0011-Be-defensive-about-overflows-in-stream-objects.patch
0012-Add-unit-tests-for-PixelFormat.is888-detection.patch
0013-Handle-pixel-formats-with-odd-shift-values.patch
* stack use-after-return due to incorrect usage of stack memory
in ZRLEDecoder (CVE-2019-15691, bsc#1159856)
* improper value checks in CopyRectDecode may lead to heap
buffer overflow (CVE-2019-15692, bsc#1160250)
* heap buffer overflow in TightDecoder::FilterGradient
(CVE-2019-15693, bsc#1159858)
* improper error handling in processing MemOutStream may lead
to heap buffer overflow (CVE-2019-15694, bsc#1160251
* stack buffer overflow, which could be triggered from
CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=168
- tigervnc-1.10.0
* The clipboard now supports full Unicode in the native viewer, WinVNC and Xvnc/libvnc.so
* The native client will now respect the system trust store when verifying server certificates
* Improved compatibility with VMware's VNC server
* Improved compatibility with some input methods on macOS
* Improvements to the automatic "repair" of JPEG artefacts
* Better handling of the Alt keys in some corner cases
* The Java web server has been removed as applets are no longer support by most browsers
* x0vncserver can now be configured to only allow local connections
* x0vncserver has received fixes for when only part of the display is shared
* Polling is now default in WinVNC as that works better for most
OBS-URL: https://build.opensuse.org/request/show/753184
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=167
- Update with-vnc-key.sh to use only hostname for CN.
The gnutls introduces gnutls_x509_crt_check_hostname2 in
gnutls/lib/x509/hostname-verify.c#L159 to check if the given
certificate's subject matches the given hostname.
The function is used by the recent version of libvncclient which
will fail to verify the certification if there is a mismatching
between the connected hostname and the cert issuer's common name.
https://github.com/LibVNC/libvncserver/commit/cc69ee9
So the previous way to generate the vnc server's cert brings a
complicated CN, making the client using libvncclient
(e.g. vinagre, remmina) hard to adapt the hostname check. It is
better to populate the hostname as the common name without extra
strings.
OBS-URL: https://build.opensuse.org/request/show/688610
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=159
