Package Release Info

LibVNCServer-0.9.10-4.22.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1922
Available in Package Hub : 15 SP2 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

libvncserver0

Change Logs

* Thu Jul 09 2020 pgajdos@suse.com 
- security update
- added patches
  fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
  + LibVNCServer-CVE-2018-21247.patch
  fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
  + LibVNCServer-CVE-2019-20839.patch
  fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
  + LibVNCServer-CVE-2019-20840.patch
  fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
  + LibVNCServer-CVE-2020-14398.patch
* Wed Jul 08 2020 pgajdos@suse.com 
- security update
- added patches
  fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
  + LibVNCServer-CVE-2020-14397.patch
  fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
  + LibVNCServer-CVE-2020-14399.patch
  fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
  + LibVNCServer-CVE-2020-14400.patch
  fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
  + LibVNCServer-CVE-2020-14401.patch
  fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
  + LibVNCServer-CVE-2020-14402,14403,14404.patch
Version: 0.9.10-2.21
* Tue Mar 20 2018 pgajdos@suse.com 
- security update
  * CVE-2018-7225 [bsc#1081493]
    + LibVNCServer-CVE-2018-7225.patch
* Tue May 24 2016 antoine.belvire@laposte.net 
- Fix build errors of applications using stl_algobase.h and
  libvncserver's rfbproto.h, e.g. krfb (issue #102)
  * Add libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch
* Sun Feb 08 2015 crrodriguez@opensuse.org 
- Remove xorg-x11-devel from buildRequires, X libraries
  are not directly used/linked
* Sun Feb 08 2015 crrodriguez@opensuse.org 
- libvncserver-0.9.10-ossl.patch: Update, do not
  RAND_load_file("/dev/urandom", 1024) if the the PRNG is already
  seeded. (It always is on linux)
* Sat Dec 13 2014 p.drouand@gmail.com 
- Update to version 0.9.10
  + Moved the whole project from sourceforge to https://libvnc.github.io/.
  + Cleaned out the autotools build system which now uses autoreconf.
  + Updated noVNC HTML5 client to latest version.
  + Split out x11vnc sources into separate repository at
    https://github.com/LibVNC/x11vnc
  + Split out vncterm sources into separate repository at
    https://github.com/LibVNC/vncterm
  + Split out VisualNaCro sources into separate repository at
    https://github.com/LibVNC/VisualNaCro
  + Merged Debian patches.
  + Fixed some security-related buffer overflow cases.
  + Added compatibility headers to make LibVNCServer/LibVNCClient
    build on native Windows 8.
  + Update LZO to version 2.07, fixing CVE-2014-4607.
  + Merged patches from KDE/krfb.
  + Can now do IPv6 without IPv4.
  + Fixed a use-after-free issue in scale.c.
- Update Url and download source to new project home
- Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it
  out of main tarball
- Rebase libvncserver-ossl.patch to upstream changes
  > libvncserver-0.9.10-ossl.patch
- Remove linuxvnc subpackage; like x11vnc, it has been splited out
  but is depreciated and unmaintained.
* Fri Oct 03 2014 olaf@aepfle.de 
- Obsolete old LibVNCServer.rpm in libvncclient0 package. The old
  version included binaries, devel and runtime libs. But nothing
  removes the old package, which leads to file conflicts during
  upgrade if linuxvnc.rpm is not on the install media (bnc#893343)
* Tue Jul 01 2014 coolo@suse.com 
- remove old .bz2 file
* Mon Mar 18 2013 mmeister@suse.com 
- Add Url to Source section in spec file
* Sat Jan 12 2013 jengelh@inai.de 
- Follow shared library packaging guidelines
- Avoid self-obsolete tag
- Put libvncserver-config into -devel where it should belong
- Provide pkgconfig() RPM symbols
* Tue Jan 01 2013 crrodriguez@opensuse.org 
- Switch SSL backend to openssl, we all agree that OpenSSL
  has it faults, but it is heavily optimized in all platforms
  not only x86 and performance matters in interactive,latency
  sensitive tasks like VNC.
- libvncserver-ossl.patch Ensures openssl use less memory
  and avoid abi breaks on openSSL updates.
Version: 0.9.10-4.19.1
* Tue Jun 30 2020 pgajdos@suse.com 
- version update to 0.9.13 [bsc#1173477]
  [#]# Overall changes:
  * Small tweaks to the CMake build system.
  * The macOS server example was overhauled and is now the most feature-complete sample
    application of the project, ready for real-world use.
  * Lots of documentation updates and markdownifying.
  * The TravisCI continuous integration now also build-checks cross-compilation from
    Linux to Windows.
  * Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project.
  [#]# LibVNCServer/LibVNCClient:
  * Both LibVNCServer and LibVNCClient now support an additional platform, namely
    Microsoft Windows. Building is supported with Visual Studio as well as MingGW.
  * The separate crypto routines used by LibVNCClient and LibVNCServer were refactored
    into an implementation common to both libraries.
  * Several security issues got fixed.
  * The bundled noVNC client is now at version 1.1.0 and included via a git submodule.
  [#]# LibVNCClient:
  * Added connect timeout as well as read timeout support thanks to Tobias Junghans.
  * Both TLS backends now do proper locking of network operations when multi-threaded
    thanks to Gaurav Ujjwal.
  * Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC.
  * Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end.
    Made possible by the profound research done by Gaurav Ujjwal.
  [#]# LibVNCServer:
  * Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver
    rfbFramebufferUpdateRequest messages from clients to the frame producer
    thanks to Jae Hyun Yoo.
  * Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos.
  * Added multi-threading support for MS Windows.
  * Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
  * Fixed unstable WebSockets connections thanks to Sebastian Kranz.
- deleted patches
  - LibVNCServer-CVE-2019-15681.patch (upstreamed)
  - LibVNCServer-CVE-2019-15690.patch (upstreamed)
  - LibVNCServer-CVE-2019-20788.patch (upstreamed)
  - avoid-pthread_join-if-backgroundLoop-is-FALSE.patch (upstreamed)
  - cmake-libdir.patch (upstreamed)
  - fix-crash-on-shutdown.patch (upstreamed)
Version: 0.9.10-4.14.1
* Mon Apr 27 2020 pgajdos@suse.com 
- security update
- added patches
  fix CVE-2019-15690 [bsc#1160471], heap buffer overflow
  + LibVNCServer-CVE-2019-15690.patch
  fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value
  + LibVNCServer-CVE-2019-20788.patch
* Mon Nov 04 2019 pgajdos@suse.com 
- security update
- added patches
  CVE-2019-15681 [bsc#1155419]
  + LibVNCServer-CVE-2019-15681.patch
Version: 0.9.10-150000.4.32.3
* Tue Nov 29 2022 pgajdos@suse.com 
- turn on reliable tests and turn off unreliable ones
- added patches
  sync the testsuite with Factory state
  + LibVNCServer-update-testsuite.patch
- see [bsc#1203106], [bsc#1204127], [bsc#1204129], [bsc#1173477], [bsc#1170916]
Version: 0.9.10-150000.4.29.1
* Thu Sep 08 2022 pgajdos@suse.com 
- security update
- added patches
  fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
  + LibVNCServer-CVE-2020-29260.patch