Changelog for
xorg-x11-Xvnc-1.9.0-lp152.7.3.1.x86_64.rpm :
* Fri Sep 25 2020 Stefan Dirsch
- CVE-2020-26117: Server certificates were stored as certiticate authoritied, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (boo#1176733)
* U_0001-Properly-store-certificate-exceptions.patch, U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
* Properly store certificate exceptions (boo#1176733)- adjusted u_tigervnc-add-autoaccept-parameter.patch
* Wed May 13 2020 Stefan Dirsch - U_Avoid-potential-crash-when-replacing-buffer-in-Plain.patch
* fixes crash in free() when using \"-f\" option of vncpasswd command (bsc#1171519)
* Wed Jan 08 2020 Stefan Dirsch - TigerVNC security fix: 0001-Make-ZlibInStream-more-robust-against-failures.patch 0002-Encapsulate-PixelBuffer-internal-details.patch 0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch 0004-Add-write-protection-to-OffsetPixelBuffer.patch 0005-Handle-empty-Tight-gradient-rects.patch 0006-Add-unit-test-for-PixelFormat-sanity-checks.patch 0007-Fix-depth-sanity-test-in-PixelFormat.patch 0008-Add-sanity-checks-for-PixelFormat-shift-values.patch 0009-Remove-unused-FixedMemOutStream.patch 0010-Use-size_t-for-lengths-in-stream-objects.patch 0011-Be-defensive-about-overflows-in-stream-objects.patch 0012-Add-unit-tests-for-PixelFormat.is888-detection.patch 0013-Handle-pixel-formats-with-odd-shift-values.patch
* stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691, bsc#1159856)
* improper value checks in CopyRectDecode may lead to heap buffer overflow (CVE-2019-15692, bsc#1160250)
* heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693, bsc#1159858)
* improper error handling in processing MemOutStream may lead to heap buffer overflow (CVE-2019-15694, bsc#1160251
* stack buffer overflow, which could be triggered from CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860)
* Thu Jan 17 2019 msrbAATTsuse.com- Switch websocket dependency to python3. (bsc#1119737)
* Thu Jan 17 2019 msrbAATTsuse.com- Do not build xorg-x11-Xvnc-module on s390. It fails to build because macros.xorg-server is incomplete on s390 and the module would be useless without real X server anyway.
* Tue Jan 08 2019 msrbAATTsuse.com- Add U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
* Fix the ALT and CTRL buttons in viewer\'s F8 menu. (bsc#1119354)
* Wed Sep 19 2018 Jason Sikes - Changed \"openssl\" requirement to \"openssl(cli)\"
* (bsc#1101470)
* Mon Aug 06 2018 msrbAATTsuse.com- Add xvnc.target to fix xvnc-novnc.service\'s dependency. (bnc#1103552)- Split the X server\'s VNC module into subpackage and give it dependency on the current extension ABI.
* Thu Aug 02 2018 msrbAATTsuse.com- Update to tigervnc 1.9.0
* Alternative, \"raw\" keyboard mode in the native client and all servers
* CapsLock/NumLock/ScrollLock synchronisation in the native client and all servers
* Automatic \"repair\" of JPEG artefacts on screen in all servers
* Support for UNIX sockets in the native client and in the UNIX servers
* Both clients now warn when sending the password over a possibly insecure channel
* Performance improvements in the Java client
* The Java client now requires Java 7
* Improved high latency handling in all servers
* Slightly better keyboard handling in x0vncserver
* x0vncserver now supports cursors and screen resize
* Xorg 1.20 can now be used as a base for Xvnc/libvnc.so - Fixes bnc#1103537- Removed patches (included in 1.9.0):
* u_tigervnc-show-unencrypted-warning.patch
* U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch
* U_handle_certificate_verification_for_saved_certs_correctly.patch
* u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch
* u_add-support-for-X-server-1.20.0.patch
* U_vncviewer-Fix-fullscreen-scrolling.patch
* U_vncviewer-Fix-scrollbar-visibility.patch- Removed patches (no longer needed):
* tigervnc-1.8.0-nowindows.patch- Refreshed patches:
* n_tigervnc-date-time.patch
* tigervnc-clean-pressed-key-on-exit.patch
* u_tigervnc-add-autoaccept-parameter.patch
* u_tigervnc-ignore-epipe-on-write.patch- Added patches:
* n_correct_path_in_desktop_file.patch- Fixed typo in 10-libvnc.conf
* Fri Jun 08 2018 msrbAATTsuse.com- Updated u_add-support-for-X-server-1.20.0.patch to version sent upstream. Fixes GLX initialization.
* Wed Jun 06 2018 msrbAATTsuse.com- U_vncviewer-Fix-fullscreen-scrolling.patch, U_vncviewer-Fix-scrollbar-visibility.patch
* Fix scrolling in vncviewer. (boo#1095664)- u_add-support-for-X-server-1.20.0.patch
* Fix build against X server 1.20.0.
* Tue Apr 24 2018 msrbAATTsuse.com- Reload firewalld files after installation.
* Wed Apr 11 2018 jengelhAATTinai.de- Limit feature description to openSUSE. Ensure neutrality of description.
* Wed Apr 11 2018 msrbAATTsuse.com- Add u_change-button-layout-in-ServerDialog.patch
* To fit strings in languages with longer words... (bnc#1084865)- Refresh n_tigervnc-date-time.patch
* Completely hide the build time (bnc#1082968)
* Thu Mar 22 2018 msrbAATTsuse.com- Enable xvnc.socket if upgraded from previous installation that had VNC enabled in xinetd configuration. (bnc#1085974)- Subpackage xorg-x11-Xvnc must also obsolete tightvnc.
* Wed Feb 28 2018 msrbAATTsuse.com- Replace SuSEFirewall2 by firewalld. (bnc#1081952)
* Mon Dec 18 2017 dimstarAATTopensuse.org- Do not mess with /usr/lib
*64)?/debug: this is RPM\'s playground for debuginfo packages.
* Mon Dec 18 2017 fstrbaAATTsuse.com- Added patch:
* tigervnc-1.8.0-nowindows.patch + Remove Windows code that is removed from jdk10
* Tue Dec 12 2017 msrbAATTsuse.com- Depend on pkgconfig\'s gl, egl and gbm instead of Mesa-devel.
* Those dependencies are what the underlying X server really needs. Mesa-devel is too general and is a bottleneck in distribution build. (bnc#1071297)
* Tue Sep 26 2017 msrbAATTsuse.com- u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch
* Fixes crash in x0vncserver after client disconnects. (bnc#1058587)
* Mon Sep 25 2017 msrbAATTsuse.com- Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc. (fate#323207)- Replace java applet with novnc as web-based VNC viewer. (fate#323880)- Convert xinetd services to systemd socket activated services. (bnc#1058460)
* Mon Sep 11 2017 fstrbaAATTsuse.com- Specify java source and target level 1.6 in order to be able to build with jdk9
* Fri Aug 11 2017 msrbAATTsuse.com- Disable MIT-SHM extension when running under vnc user. (bnc#1053373)
* Thu Jul 20 2017 msrbAATTsuse.com- U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch, U_handle_certificate_verification_for_saved_certs_correctly.patch
* Fix certificate handling in the java client. (bnc#1041847)- Refresh u_tigervnc-add-autoaccept-parameter.patch and apply it last.- Make sure CN in generated certificate doesn\'t exceed 64 characters. (bnc#1041847)
* Fri Jul 07 2017 msrbAATTsuse.com- Change with-vnc-key.sh to generate TLS certificate using current hostname. (bnc#1041847)
* Fri Jun 09 2017 tchvatalAATTsuse.com- Require java-deve >= 1.6.0 to avoid bootstrap fail
* Fri Jun 02 2017 meissnerAATTsuse.com- removed unneeded -fPIC flags for CFLAGS, these made it avoid PIE support.
* Wed May 31 2017 msrbAATTsuse.com- Update to tigervnc 1.8.0
* Overhaul of the Java client to match the look and behaviour of the native client
* Initial work for multi-threaded decoding in the Java client
* vncconfig no longer needed for clipboard with Xvnc/libvnc.so
* vncserver has system wide config support
* Full support for alpha cursors in Xvnc/libvnc.so and both viewers- Removed patches:
* U_Add-xorg-xserver-1.19-support.patch
* U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch
* U_tigervnc-better-check-for-screen-visibility.patch
* Mon Apr 10 2017 msrbAATTsuse.com- U_tigervnc-better-check-for-screen-visibility.patch
* Crop operations to visible screen. (bnc#1032272)
* Thu Mar 02 2017 msrbAATTsuse.com- Readd index.vnc. (bnc#1026833)
* Mon Feb 20 2017 msrbAATTsuse.com- U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch
* Fixes inetd mode with x server 1.19 (bnc#1025759)
* Wed Jan 25 2017 msrbAATTsuse.com- Update to tigervnc 1.7.1.
* This is a security update for TigerVNC 1.7.0 which fixes a memory overflow issue via the RRE decoder. A malicious server could possibly use this issue to take control of the TigerVNC viewer.
* Wed Nov 30 2016 sndirschAATTsuse.com- U_Add-xorg-xserver-1.19-support.patch
* Add xorg-xserver 1.19 support
* Tue Sep 13 2016 msrbAATTsuse.com- Update to tigervnc 1.7.0.
* Multi-threaded decoder in the FLTK viewer
* Improved SSH integration in the Java viewer
* Fine grained lock down of Xvnc parameters
* Compatibility with Xorg 1.18
* Lots of packaging fixes
* Better compatibility with Vino, both in the FLTK and Java viewer- Removed patches:
* U_add_allowoverride_parameter.patch
* U_include-vencrypt-only-if-any-subtype-present.patch
* U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
* u_xserver118.patch
* Mon Aug 08 2016 eichAATTsuse.com- Adding a generic \'windowmanager\' requires which will be satisfied by any package providing \'windowmanager\': Requires: windowmanager (boo#981663).
* Thu Jun 16 2016 msrbAATTsuse.com- Generate VNC key and certificate on first use, not during installation. (bnc#982349)
* Mon Jun 13 2016 msrbAATTsuse.com- Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
* Fix zlib stream reset in tight encoding. (bnc#963417)
* Tue May 24 2016 msrbAATTsuse.com- Add /etc/pam.d/vnc configuration and add vnc user to shadow group. (bnc#980326)- Add dependency on fltk-devel version >= 1.3.3.
* Fri Apr 29 2016 msrbAATTsuse.com- Add U_add_allowoverride_parameter.patch and u_build_libXvnc_as_separate_library.patch (fate#319319)- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701)
* Wed Apr 27 2016 msrbAATTsuse.com- Add dependency on xorg-x11-fonts-core. (bnc#977019)
* Tue Jan 12 2016 msrbAATTsuse.com- Updated to tigervnc 1.6.0.- Removed patches:
* N_tigervnc_revert_fltk_1_3_3_requirements.patch
* U_tigervnc-fix-reversed-logic-in-vncIsTCPPortUsed.patch
* u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
* u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
* u_tigervnc-use_preferred_mode.patch
* u_tigervnc-vncserver-clean-pid-files.patch- Updated patches:
* n_tigervnc-date-time.patch
* u_tigervnc-add-autoaccept-parameter.patch
* u_tigervnc_update_default_vncxstartup.patch
* Wed Dec 16 2015 msrbAATTsuse.com- u_tigervnc_update_default_vncxstartup.patch
* Update default VNC xstartup script.- Add dependency on xinit and icewm. (bnc#956537)
* Thu Nov 12 2015 msrbAATTsuse.com- u_xserver118.patch
* Build with xserver 1.18.0.
* Thu Oct 01 2015 msrbAATTsuse.com- u_tigervnc-vncserver-clean-pid-files.patch
* vncserver: Clean pid files of dead processes. (bnc#948392)
* Sun Sep 13 2015 msrbAATTsuse.com- U_tigervnc-fix-reversed-logic-in-vncIsTCPPortUsed.patch
* Fixes Xvnc with -inetd parameter. (bnc#945600)
* Thu Aug 27 2015 hguoAATTsuse.com- VNC server cannot run without xauth and xkbcomp, therefore introduce these dependencies.
* Tue Aug 25 2015 msrbAATTsuse.com- Remove commented out DefaultDepth 16 from 10-libvnc.conf file. Using 16 bit depth can cause troubles and does not have any positives anymore, so lets not suggest it to users. (bnc#942982)
* Fri Jul 31 2015 dimstarAATTopensuse.org- Add /usr/sbin/groupadd and /usr/sbin/useradd Requires(post) to xorg-x11-Xvnc: the scripts are creating users/groups.
* Wed Jul 15 2015 msrbAATTsuse.com- Updated to tigervnc 1.5.0.- Dropped no longer needed patches:
* tigervnc-sf3495623.patch
* u_syslog.patch
* u_tigervnc-build-with-xserver-1.17.patch
* tigervnc-gnutls-3.4-required.patch
* u_tigervnc-dont-send-ascii-control-characters.patch
* u_terminate_instead_of_ignoring_restart.patch- Dropped no longer needed index.vnc.- Use encryption everywhere. (fate#318936)
* u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
* u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
* u_tigervnc-add-autoaccept-parameter.patch- Work with fltk 1.3.2.
* N_tigervnc_revert_fltk_1_3_3_requirements.patch
* Thu May 28 2015 roAATTsuse.de- add buildrequires for xf86driproto and presentproto to match xserver- disable dri2 on s390/s390x
* Mon Apr 20 2015 msrbAATTsuse.com- u_syslog.patch, vnc.xinetd
* Add logging to syslog.
* Wed Apr 15 2015 dimstarAATTopensuse.org- Add tigervnc-gnutls-3.4-required.patch: raise gnutls dependency to 3.2. Simplifies code, but makes it build with gnutls 3.4. Patch taken from Arch.
* Tue Apr 14 2015 meissnerAATTsuse.com- Updated to tigervnc 1.4.3
* Upstream patches applied to the underlying Xorg code base to mitigate CVE-2015-0255 / bsc#915810.
* Fixes for performance regressions introduced in 1.4.0.
* Character encoding of clipboard text send by Java viewer now strictly adheres to the RFB specification.
* Wed Apr 01 2015 msrbAATTsuse.com- u_terminate_instead_of_ignoring_restart.patch
* Terminate instead of ignoring restart. (bnc#920969)
* Tue Feb 24 2015 msrbAATTsuse.com- Fix build against X server 1.17.x.
* u_tigervnc-build-with-xserver-1.17.patch
* Thu Feb 05 2015 msrbAATTsuse.com- Use xserver sources from xorg-x11-server-source.- Drop no longer needed patches:
* N_xorg-server-xdmcp.patch
* n_tigervnc-dont-build-gtf.patch
* Fri Jan 09 2015 msrbAATTsuse.com- Update to tigervnc 1.4.1 on xorg-server 1.16.1.- Drop upstreamed or obsolete patches: tigervnc-sf3492352.diff u_aarch64-support.patch u_tigervnc-check-shm-harder.patch u_arch-Fix-image-and-bitmap-byte-order-for-ppc64le.patch u_tigervnc-1.3.0-fix-use-after-free.patch tigervnc-1.2.80-fix-int-to-pointer.patch
* Sun Nov 16 2014 oscarAATTnaiandei.net- add -fPIC to CFLAGS and CXXFLAGS to compile correctly on armv7l
* Thu Oct 30 2014 msrbAATTsuse.com- u_tigervnc-cve-2014-8240.patch
* Prevent potentially dangerous integer overflow. (bnc#900896 CVE-2014-8240)
* Mon Oct 13 2014 msrbAATTsuse.com- u_tigervnc-use_preferred_mode.patch
* Mark user chosen resolution as preferred. (bnc#896540)