Changelog for
libvncclient1-0.9.14-2.3.i586.rpm :
* Fri Jun 23 2023 pgajdosAATTsuse.com- version update to 0.9.14 [#]# Overall changes:
* Added more documentation (build system integration, repeater setup) and a legal FAQ.
* Added [contribution guidelines](CONTRIBUTING.md).
* Ported the TravisCI continous integration machinery to GitHub workflows. [#]# LibVNCServer/LibVNCClient:
* Added [qemu extended key event].
* Fixed several potential multiplication overflows. [#]# LibVNCClient:
* Fixes of several memory leaks and buffer overflows.
* Added UltraVNC\'s MSLogonII authentication scheme.
* Fixed TLS interoperability with GnuTLS servers.
* Fixed detection of newer UltraVNC and TightVNC servers.
* Added support for [SetDesktopSize].
* Added SSH tunneling example using libssh2.
* Added some extensions to VeNCrypt in order to be compatible with a wider range of servers. [#]# LibVNCServer:
* Fixes to the multi-threaded server implementation which should be a lot more sound now.
* Fixed TightVNC-filetransfer file upload for 64-bit systems.
* Fixes of crashes in the zlib compression.
* Added support for [UTF8 clipboard data].
* Fixed visual artifacts in framebuffer on ARM platforms.
* Fixed several WebSockets bugs.
* Fixed the UltraVNC-style repeater example.
* Added support for larger framebuffers (two 4k screens possible now).
* Added support for timeouts for outbound connections (to repeaters for instance).
* Fixed out-of-bounds memory access in Tight encoding.- modified patches % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed) % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)- deleted patches - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch (upstreamed) - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch (upstreamed) - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch (upstreamed) - LibVNCServer-CVE-2020-29260.patch (upstreamed)
* Thu Sep 08 2022 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup() + LibVNCServer-CVE-2020-29260.patch
* Fri Sep 17 2021 pgajdosAATTsuse.com- purposedly adding just this changelog entry- previous version updates fixed also:
* CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
* CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite
* CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes
* CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS
* CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak
* CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c
* CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c
* CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock()
* CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c
* CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
* CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service
* CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
* CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings.
* CVE-2020-14403 [bsc#1173701]
* CVE-2020-14404 [bsc#1173701]
* Fri Jan 08 2021 Frederic Crozat
- Add many patches needed for GNOME Remote desktop (already in Fedora):
* TLS security type enablement patches gh#LibVNC/libvncserver!234 - 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch - 0002-libvncserver-Add-channel-security-handlers.patch - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
* Fix crash on all runs after the first gh#LibVNC/libvncserver!444 rh#1882718 - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
* Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718 - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
* Tue Jun 30 2020 pgajdosAATTsuse.com- version update to 0.9.13 [bsc#1173477] [#]# Overall changes:
* Small tweaks to the CMake build system.
* The macOS server example was overhauled and is now the most feature-complete sample application of the project, ready for real-world use.
* Lots of documentation updates and markdownifying.
* The TravisCI continuous integration now also build-checks cross-compilation from Linux to Windows.
* Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project. [#]# LibVNCServer/LibVNCClient:
* Both LibVNCServer and LibVNCClient now support an additional platform, namely Microsoft Windows. Building is supported with Visual Studio as well as MingGW.
* The separate crypto routines used by LibVNCClient and LibVNCServer were refactored into an implementation common to both libraries.
* Several security issues got fixed.
* The bundled noVNC client is now at version 1.1.0 and included via a git submodule. [#]# LibVNCClient:
* Added connect timeout as well as read timeout support thanks to Tobias Junghans.
* Both TLS backends now do proper locking of network operations when multi-threaded thanks to Gaurav Ujjwal.
* Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC.
* Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end. Made possible by the profound research done by Gaurav Ujjwal. [#]# LibVNCServer:
* Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver rfbFramebufferUpdateRequest messages from clients to the frame producer thanks to Jae Hyun Yoo.
* Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos.
* Added multi-threading support for MS Windows.
* Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
* Fixed unstable WebSockets connections thanks to Sebastian Kranz.- deleted patches - LibVNCServer-CVE-2019-15681.patch (upstreamed) - LibVNCServer-CVE-2019-15690.patch (upstreamed) - LibVNCServer-CVE-2019-20788.patch (upstreamed) - avoid-pthread_join-if-backgroundLoop-is-FALSE.patch (upstreamed) - cmake-libdir.patch (upstreamed) - fix-crash-on-shutdown.patch (upstreamed)
* Mon May 04 2020 pgajdosAATTsuse.com- deleted patches - LibVNCServer-CVE-2018-20749.patch (mistakenly added, it is already part of 0.9.12)
* Mon Apr 27 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2019-15690 [bsc#1160471], heap buffer overflow + LibVNCServer-CVE-2019-15690.patch fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value + LibVNCServer-CVE-2019-20788.patch
* Fri Jan 10 2020 Fabian Vogt - Add patches to fix crash on shutdown:
* avoid-pthread_join-if-backgroundLoop-is-FALSE.patch
* fix-crash-on-shutdown.patch
* Mon Nov 04 2019 pgajdosAATTsuse.com- turn the test suite on
* Mon Nov 04 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-15681 [bsc#1155419] + LibVNCServer-CVE-2019-15681.patch