Package Release Info


Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-2019-283
Available in Package Hub : 15 Subpackages Updates





Change Logs

* Tue Feb 05 2019
- security update
  * CVE-2018-20749 [bsc#1123828]
    + LibVNCServer-CVE-2018-20749.patch
  * CVE-2018-20750 [bsc#1123832]
    + LibVNCServer-CVE-2018-20750.patch
  * CVE-2018-20748 [bsc#1123823]
    + LibVNCServer-CVE-2018-20748.patch
Version: 0.9.10-4.3.1
* Thu Jan 03 2019
- security update
  * CVE-2018-15126 [bsc#1120114]
    + LibVNCServer-CVE-2018-15126.patch
  * CVE-2018-6307 [bsc#1120115]
    + LibVNCServer-CVE-2018-6307.patch
  * CVE-2018-20020 [bsc#1120116]
    + LibVNCServer-CVE-2018-20020.patch
  * CVE-2018-15127 [bsc#1120117]
    + LibVNCServer-CVE-2018-15127.patch
  * CVE-2018-20019 [bsc#1120118]
    + LibVNCServer-CVE-2018-20019.patch
  * CVE-2018-20023 [bsc#1120119]
    + LibVNCServer-CVE-2018-20023.patch
  * CVE-2018-20022 [bsc#1120120]
    + LibVNCServer-CVE-2018-20022.patch
  * CVE-2018-20024 [bsc#1120121]
    + LibVNCServer-CVE-2018-20024.patch
  * CVE-2018-20021 [bsc#1120122]
    + LibVNCServer-CVE-2018-20021.patch
* Tue Mar 20 2018
- security update
  * CVE-2018-7225 [bsc#1081493]
    + LibVNCServer-CVE-2018-7225.patch
* Tue May 24 2016
- Fix build errors of applications using stl_algobase.h and
  libvncserver's rfbproto.h, e.g. krfb (issue #102)
  * Add libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch
* Sun Feb 08 2015
- Remove xorg-x11-devel from buildRequires, X libraries
  are not directly used/linked
* Sun Feb 08 2015
- libvncserver-0.9.10-ossl.patch: Update, do not
  RAND_load_file("/dev/urandom", 1024) if the the PRNG is already
  seeded. (It always is on linux)
* Sat Dec 13 2014
- Update to version 0.9.10
  + Moved the whole project from sourceforge to
  + Cleaned out the autotools build system which now uses autoreconf.
  + Updated noVNC HTML5 client to latest version.
  + Split out x11vnc sources into separate repository at
  + Split out vncterm sources into separate repository at
  + Split out VisualNaCro sources into separate repository at
  + Merged Debian patches.
  + Fixed some security-related buffer overflow cases.
  + Added compatibility headers to make LibVNCServer/LibVNCClient
    build on native Windows 8.
  + Update LZO to version 2.07, fixing CVE-2014-4607.
  + Merged patches from KDE/krfb.
  + Can now do IPv6 without IPv4.
  + Fixed a use-after-free issue in scale.c.
- Update Url and download source to new project home
- Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it
  out of main tarball
- Rebase libvncserver-ossl.patch to upstream changes
  > libvncserver-0.9.10-ossl.patch
- Remove linuxvnc subpackage; like x11vnc, it has been splited out
  but is depreciated and unmaintained.
* Fri Oct 03 2014
- Obsolete old LibVNCServer.rpm in libvncclient0 package. The old
  version included binaries, devel and runtime libs. But nothing
  removes the old package, which leads to file conflicts during
  upgrade if linuxvnc.rpm is not on the install media (bnc#893343)
* Tue Jul 01 2014
- remove old .bz2 file
* Mon Mar 18 2013
- Add Url to Source section in spec file
* Sat Jan 12 2013
- Follow shared library packaging guidelines
- Avoid self-obsolete tag
- Put libvncserver-config into -devel where it should belong
- Provide pkgconfig() RPM symbols
* Tue Jan 01 2013
- Switch SSL backend to openssl, we all agree that OpenSSL
  has it faults, but it is heavily optimized in all platforms
  not only x86 and performance matters in interactive,latency
  sensitive tasks like VNC.
- libvncserver-ossl.patch Ensures openssl use less memory
  and avoid abi breaks on openSSL updates.
* Sun Dec 30 2012
- libvncserver-byteswap.patch : USe OS byteswapping macros
  which are optimized for the target arch.
- BuildRequire libpng-Devel
* Tue Oct 16 2012
- delete not used LibVNCServer-0.9.9-system_minilzo.patch
- document patches
- rename redef-keysym to redef-keysym.patch
* Wed Sep 26 2012
- Update to 0.9.9 version:
  - Overall changes:
  * Added noVNC HTML5 VNC viewer ( connect possibility
    to our http server. Pure JavaScript, no Java plugin required anymore! (But a
    recent browser...)
  * Added a GTK+ VNC viewer example.
  - LibVNCServer/LibVNCClient:
  * Added support to build for Google Android.
  * Complete IPv6 support in both LibVNCServer and LibVNCClient.
  - LibVNCServer:
  * Split two event-loop related functions out of the rfbProcessEvents() mechanism.
    This is required to be able to do proper event loop integration with Qt. Idea was
    taken from Vino's libvncserver fork.
  * Added TightPNG ( encoding support. Like the
    original Tight encoding, this still uses JPEG, but ZLIB encoded rects are encoded
    with PNG here.
  * Added suport for serving VNC sessions through WebSockets
    (, a web technology providing for multiplexing
    bi-directional, full-duplex communications channels over a single TCP connection.
  * Support connections from the Mac OS X built-in VNC client to LibVNCServer
    instances running with no password.
  * Replaced the Tight encoder with a TurboVNC one which is tremendously faster in most
    cases, especially with high-color video or 3D workloads.
  - LibVNCClient:
  * Added support to only listen for reverse connections on a specific IP address.
  * Support for using OpenSSL instead of GnuTLS. This could come in handy on embedded
    devices where only this TLS implementation is available.
  * Added support to connect to UltraVNC Single Click servers.
- remove upstreamed LibVNCServer-LINUX.diff
- remove upstreamed LibVNCServer-0.9.8_git201104301110-overflow.patch
- remove upstreamed LibVNCServer-system-lzo.patch
- rename and refresh dont-build-x11vnc to LibVNCServer-0.9.9-no_x11vnc.patch
- add, but not enable LibVNCServer-0.9.9-system_minilzo.patch
- add libvncserver-0.9.1-multilib.patch
* Mon Aug 27 2012
- Devel package needs a dependency on gnutls-devel
* Sat Aug 18 2012
- enable support for gnutls
* Wed Nov 30 2011
- add automake as buildrequire to avoid implicit dependency
* Sat Sep 17 2011
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
* Fri May 06 2011
- Update to version 0.9.8 latest.
  * Changes too long to list here, see NEWS
- Use system lzo library
* Fri Oct 08 2010
- add baselibs.conf to build 32bit libs for DirectFB-32bit to use
Version: 0.9.10-4.14.1
* Mon Apr 27 2020
- security update
- added patches
  fix CVE-2019-15690 [bsc#1160471], heap buffer overflow
  + LibVNCServer-CVE-2019-15690.patch
  fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value
  + LibVNCServer-CVE-2019-20788.patch
* Mon Nov 04 2019
- security update
- added patches
  CVE-2019-15681 [bsc#1155419]
  + LibVNCServer-CVE-2019-15681.patch
- note the correct way how to run the testsuite, it does not
  seem to be usable as it is, though (segfaults)
Version: 0.9.10-4.19.1
* Tue Jun 30 2020
- security update
- added patches
  fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
  + LibVNCServer-CVE-2017-18922.patch
Version: 0.9.10-4.22.1
* Thu Jul 09 2020
- security update
- added patches
  fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
  + LibVNCServer-CVE-2018-21247.patch
  fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
  + LibVNCServer-CVE-2019-20839.patch
  fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
  + LibVNCServer-CVE-2019-20840.patch
  fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
  + LibVNCServer-CVE-2020-14398.patch
* Wed Jul 08 2020
- security update
- added patches
  fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
  + LibVNCServer-CVE-2020-14397.patch
  fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
  + LibVNCServer-CVE-2020-14399.patch
  fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
  + LibVNCServer-CVE-2020-14400.patch
  fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
  + LibVNCServer-CVE-2020-14401.patch
  fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
  + LibVNCServer-CVE-2020-14402,14403,14404.patch
Version: 0.9.10-4.25.1
* Tue Nov 24 2020
- security update
- added patches
  fix CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS
  + LibVNCServer-CVE-2020-25708.patch