File LibVNCServer.changes of Package LibVNCServer.15607

Overview Repositories Revisions Requests Users Attributes Meta

File LibVNCServer.changes of Package LibVNCServer.15607

-------------------------------------------------------------------
Thu Jul  9 13:21:48 UTC 2020 - pgajdos@suse.com

- security update
- added patches
  fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
  + LibVNCServer-CVE-2018-21247.patch
  fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
  + LibVNCServer-CVE-2019-20839.patch
  fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
  + LibVNCServer-CVE-2019-20840.patch
  fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
  + LibVNCServer-CVE-2020-14398.patch

-------------------------------------------------------------------
Wed Jul  8 07:55:22 UTC 2020 - pgajdos@suse.com

- security update
- added patches
  fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
  + LibVNCServer-CVE-2020-14397.patch
  fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
  + LibVNCServer-CVE-2020-14399.patch
  fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
  + LibVNCServer-CVE-2020-14400.patch
  fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
  + LibVNCServer-CVE-2020-14401.patch
  fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
  + LibVNCServer-CVE-2020-14402,14403,14404.patch

-------------------------------------------------------------------
Tue Jun 30 13:11:04 UTC 2020 - pgajdos@suse.com

- security update
- added patches
  fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
  + LibVNCServer-CVE-2017-18922.patch

-------------------------------------------------------------------
Mon Apr 27 09:22:50 UTC 2020 - pgajdos@suse.com

- security update
- added patches
  fix CVE-2019-15690 [bsc#1160471], heap buffer overflow
  + LibVNCServer-CVE-2019-15690.patch
  fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value
  + LibVNCServer-CVE-2019-20788.patch

-------------------------------------------------------------------
Mon Nov  4 12:56:03 UTC 2019 - pgajdos@suse.com

- security update
- added patches
  CVE-2019-15681 [bsc#1155419]
  + LibVNCServer-CVE-2019-15681.patch
- note the correct way how to run the testsuite, it does not
  seem to be usable as it is, though (fails randomly)

-------------------------------------------------------------------
Wed Feb 20 15:56:14 UTC 2019 - Felix Zhang <fezhang@suse.com>

- Add BuildRequire libgnutls-devel: Remmina needs it for VNC
  connections (boo#1123805)

-------------------------------------------------------------------
Tue Feb  5 14:03:46 UTC 2019 - Petr Gajdos <pgajdos@suse.com>

- security update
  * CVE-2018-20749 [bsc#1123828]
    + LibVNCServer-CVE-2018-20749.patch
  * CVE-2018-20750 [bsc#1123832]
    + LibVNCServer-CVE-2018-20750.patch
  * CVE-2018-20748 [bsc#1123823]
    + LibVNCServer-CVE-2018-20748.patch

-------------------------------------------------------------------
Thu Jan  3 11:18:33 UTC 2019 - Petr Gajdos <pgajdos@suse.com>

- security update
  * CVE-2018-15126 [bsc#1120114]
    + LibVNCServer-CVE-2018-15126.patch
  * CVE-2018-6307 [bsc#1120115]
    + LibVNCServer-CVE-2018-6307.patch
  * CVE-2018-20020 [bsc#1120116]
    + LibVNCServer-CVE-2018-20020.patch
  * CVE-2018-15127 [bsc#1120117]
    + LibVNCServer-CVE-2018-15127.patch
  * CVE-2018-20019 [bsc#1120118]
    + LibVNCServer-CVE-2018-20019.patch
  * CVE-2018-20023 [bsc#1120119]
    + LibVNCServer-CVE-2018-20023.patch
  * CVE-2018-20022 [bsc#1120120]
    + LibVNCServer-CVE-2018-20022.patch
  * CVE-2018-20024 [bsc#1120121]
    + LibVNCServer-CVE-2018-20024.patch
  * CVE-2018-20021 [bsc#1120122]
    + LibVNCServer-CVE-2018-20021.patch

-------------------------------------------------------------------
Mon Mar 19 17:56:16 UTC 2018 - pgajdos@suse.com

- security update
  * CVE-2018-7225 [bsc#1081493]
    + LibVNCServer-CVE-2018-7225.patch

-------------------------------------------------------------------
Tue Jan  3 15:30:13 UTC 2017 - pgajdos@suse.com

- security update
  * CVE-2016-9941 [bsc#1017711]
    + LibVNCServer-CVE-2016-9941.patch
  * CVE-2016-9942 [bsc#1017712]
    + LibVNCServer-CVE-2016-9942.patch

-------------------------------------------------------------------
Thu Nov 12 18:01:56 UTC 2015 - max@suse.com

- bsc#897031: fix several security issues:
  * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on
    client side.
  * CVE-2014-6052: Lack of malloc() return value checking on
    client side.
  * CVE-2014-6053: Server crash on a very large ClientCutText
    message.
  * CVE-2014-6054: Server crash when scaling factor is set to zero.
  * CVE-2014-6055: Multiple stack overflows in File Transfer
    feature.
- bsc#854151: Restrict the SSL cipher suite.

-------------------------------------------------------------------
Tue Nov 11 08:58:28 UTC 2014 - olaf@aepfle.de

- Provide libvncclient.so.0()(64bit) in SLED12 (bnc#904676)

-------------------------------------------------------------------
Fri Oct  3 19:51:18 UTC 2014 - olaf@aepfle.de

- Obsolete old LibVNCServer.rpm in libvncclient0 package. The old
  version included binaries, devel and runtime libs. But nothing
  removes the old package, which leads to file conflicts during
  upgrade if linuxvnc.rpm is not on the install media (bnc#893343)

-------------------------------------------------------------------
Mon Mar 18 09:36:38 UTC 2013 - mmeister@suse.com

- Add Url to Source section in spec file

-------------------------------------------------------------------
Sat Jan 12 14:01:28 UTC 2013 - jengelh@inai.de

- Follow shared library packaging guidelines
- Avoid self-obsolete tag
- Put libvncserver-config into -devel where it should belong
- Provide pkgconfig() RPM symbols

-------------------------------------------------------------------
Tue Jan  1 19:35:08 UTC 2013 - crrodriguez@opensuse.org

- Switch SSL backend to openssl, we all agree that OpenSSL
  has it faults, but it is heavily optimized in all platforms
  not only x86 and performance matters in interactive,latency
  sensitive tasks like VNC.

- libvncserver-ossl.patch Ensures openssl use less memory
  and avoid abi breaks on openSSL updates.

-------------------------------------------------------------------
Sun Dec 30 22:02:37 UTC 2012 - crrodriguez@opensuse.org

- libvncserver-byteswap.patch : USe OS byteswapping macros 
  which are optimized for the target arch.

- BuildRequire libpng-Devel

-------------------------------------------------------------------
Tue Oct 16 12:02:12 UTC 2012 - mvyskocil@suse.com

- delete not used LibVNCServer-0.9.9-system_minilzo.patch
- document patches
- rename redef-keysym to redef-keysym.patch

-------------------------------------------------------------------
Wed Sep 26 21:08:14 UTC 2012 - p.drouand@gmail.com

- Update to 0.9.9 version:
 - Overall changes:
     * Added noVNC HTML5 VNC viewer (http://kanaka.github.com/noVNC/) connect possibility
       to our http server. Pure JavaScript, no Java plugin required anymore! (But a
       recent browser...)
     * Added a GTK+ VNC viewer example.

- LibVNCServer/LibVNCClient:
     * Added support to build for Google Android.
     * Complete IPv6 support in both LibVNCServer and LibVNCClient.

- LibVNCServer:
     * Split two event-loop related functions out of the rfbProcessEvents() mechanism.
       This is required to be able to do proper event loop integration with Qt. Idea was
       taken from Vino's libvncserver fork.
     * Added TightPNG (http://wiki.qemu.org/VNC_Tight_PNG) encoding support. Like the
       original Tight encoding, this still uses JPEG, but ZLIB encoded rects are encoded
       with PNG here.
     * Added suport for serving VNC sessions through WebSockets
       (http://en.wikipedia.org/wiki/WebSocket), a web technology providing for multiplexing
       bi-directional, full-duplex communications channels over a single TCP connection.
     * Support connections from the Mac OS X built-in VNC client to LibVNCServer
       instances running with no password.
     * Replaced the Tight encoder with a TurboVNC one which is tremendously faster in most
       cases, especially with high-color video or 3D workloads.
       (http://www.virtualgl.org/pmwiki/uploads/About/tighttoturbo.pdf)

- LibVNCClient:
     * Added support to only listen for reverse connections on a specific IP address.
     * Support for using OpenSSL instead of GnuTLS. This could come in handy on embedded
       devices where only this TLS implementation is available.
     * Added support to connect to UltraVNC Single Click servers.
- remove upstreamed LibVNCServer-LINUX.diff
- remove upstreamed LibVNCServer-0.9.8_git201104301110-overflow.patch
- remove upstreamed LibVNCServer-system-lzo.patch
- rename and refresh dont-build-x11vnc to LibVNCServer-0.9.9-no_x11vnc.patch
- add, but not enable LibVNCServer-0.9.9-system_minilzo.patch
- add libvncserver-0.9.1-multilib.patch

-------------------------------------------------------------------
Mon Aug 27 11:29:44 UTC 2012 - idonmez@suse.com

- Devel package needs a dependency on gnutls-devel

-------------------------------------------------------------------
Sat Aug 18 09:53:29 UTC 2012 - gber@opensuse.org

- enable support for gnutls

-------------------------------------------------------------------
Wed Nov 30 14:30:22 UTC 2011 - coolo@suse.com

- add automake as buildrequire to avoid implicit dependency

-------------------------------------------------------------------
Sat Sep 17 09:39:03 UTC 2011 - jengelh@medozas.de

- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build

-------------------------------------------------------------------
Fri May  6 21:00:48 UTC 2011 - crrodriguez@opensuse.org

- Update to version 0.9.8 latest.
  * Changes too long to list here, see NEWS 
- Use system lzo library

-------------------------------------------------------------------
Fri Oct  8 14:03:58 UTC 2010 - coolo@novell.com

- add baselibs.conf to build 32bit libs for DirectFB-32bit to use

-------------------------------------------------------------------
Tue Apr 21 22:28:00 CEST 2009 - garloff@suse.de

- Update to LibVNCserver-0.9.7: 
  * add (server-side) ZYWRLE support
  * fixes (update after resizing, endianess, width != scanline)
  * improve timeouts, port fallback, and connection time of the SSL
    Java viewers

-------------------------------------------------------------------
Fri Mar  6 05:32:52 CET 2009 - crrodriguez@suse.de

- remove static libraries and "la" files

-------------------------------------------------------------------
Mon Oct 27 15:36:23 CET 2008 - garloff@suse.de

- fix-warn.diff: Avoid pointer > 0 comparison (bnc 435610)

-------------------------------------------------------------------
Mon Feb 25 07:27:32 CET 2008 - crrodriguez@suse.de

- fix library-without-ldconfig-post* errors
- devel package requires zlib-devel

-------------------------------------------------------------------
Thu Oct 11 15:46:54 CEST 2007 - sbrabec@suse.cz

- Use binding specific avahi package.

-------------------------------------------------------------------
Tue Jul 17 01:16:12 CEST 2007 - garloff@suse.de

- Split LibVNCServer into itself, -devel and x11vnc.
- Update to LibVNCserver-0.9.1.
- Drop patches that have been integrated upstream.

-------------------------------------------------------------------
Wed Apr 11 10:40:20 CEST 2007 - stbinner@suse.de

- fix misplaced guards in rfb.h

-------------------------------------------------------------------
Thu Mar 15 17:14:53 MDT 2007 - ccoffing@novell.com

- Fix incorrect usage of condition variables, which was causing
  a crash during heavy updates. (#246100)

-------------------------------------------------------------------
Fri Jul 28 19:14:22 CEST 2006 - garloff@suse.de

- Update to version 0.8.2:
  * Support for VNC protocol version 3.8.  
  * Many UltraVNC encodings and features added: FileTransfer, 
    SetSingleWindow, ServerInput, TextChat, UltraZip, etc.
  * Support for PalmVNC and UltraVNC style 1/n server-side scaling.
  * Improved Statistics reporting.
  * KeyboardLedState encoding.
  * LibVNCClient and x11vnc enhancements.
  * Many bugs and leaks fixed.
  * CVE-2006-2450 fix is already included, drop patch.
- Use -allinput in x11vnc_ssh script.

-------------------------------------------------------------------
Mon Jun 19 12:59:00 CEST 2006 - garloff@suse.de

- Update to version 0.8.
- Enable -fstack-protector for auth relevant files.
- Fix some compiler warnings.
- Disallow NoneAuth if password is set (#184418, CVE-2006-2450).

-------------------------------------------------------------------
Fri Feb 24 22:51:21 CET 2006 - garloff@suse.de

- Optimize event loop in LibVNCserver (from intel for Xen).

-------------------------------------------------------------------
Wed Jan 25 21:33:41 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Fri Dec 30 20:45:29 CET 2005 - garloff@suse.de

- Don't enable -threads by default; it's performance is nice, but
  the stability is not that great.
- Include x11vnc_ssh in distribution.

-------------------------------------------------------------------
Thu Dec 22 18:55:29 CET 2005 - garloff@suse.de

- Workaround for -thread mode: Wait for a client being fully 
  authenticated before sending data.

-------------------------------------------------------------------
Wed Dec 21 15:27:36 CET 2005 - garloff@suse.de

- Update to LibVNCServer-0.7.99 
- Fix compiler detected bugs (uninitialized var, buffer overflow).
- Package documentation.

-------------------------------------------------------------------
Tue Dec 20 11:52:22 CET 2005 - ro@suse.de

- do not try to detect LINUX by presence of /dev/vcsa1

-------------------------------------------------------------------
Sun Aug 21 03:27:19 CEST 2005 - garloff@suse.de

- Initial creation of package LibVNCServer-0.7.1.

-------------------------------------------------------------------

Places

File LibVNCServer.changes of Package LibVNCServer.15607

Places