Revisions of LibVNCServer
buildservice-autocommit
accepted
request 1094908
from
Petr Gajdos (pgajdos)
(revision 70)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 69)
- version update to 0.9.14 ## Overall changes: * Added more documentation (build system integration, repeater setup) and a legal FAQ. * Added [contribution guidelines](CONTRIBUTING.md). * Ported the TravisCI continous integration machinery to GitHub workflows. ## LibVNCServer/LibVNCClient: * Added [qemu extended key event]. * Fixed several potential multiplication overflows. ## LibVNCClient: * Fixes of several memory leaks and buffer overflows. * Added UltraVNC's MSLogonII authentication scheme. * Fixed TLS interoperability with GnuTLS servers. * Fixed detection of newer UltraVNC and TightVNC servers. * Added support for [SetDesktopSize]. * Added SSH tunneling example using libssh2. * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers. ## LibVNCServer: * Fixes to the multi-threaded server implementation which should be a lot more sound now. * Fixed TightVNC-filetransfer file upload for 64-bit systems. * Fixes of crashes in the zlib compression. * Added support for [UTF8 clipboard data]. * Fixed visual artifacts in framebuffer on ARM platforms. * Fixed several WebSockets bugs. * Fixed the UltraVNC-style repeater example. * Added support for larger framebuffers (two 4k screens possible now). * Added support for timeouts for outbound connections (to repeaters for instance). * Fixed out-of-bounds memory access in Tight encoding. - modified patches % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed) % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
buildservice-autocommit
accepted
request 1001885
from
Petr Gajdos (pgajdos)
(revision 68)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 67)
- security update - added patches fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup() + LibVNCServer-CVE-2020-29260.patch
Petr Gajdos (pgajdos)
committed
(revision 66)
- purposedly adding just this changelog entry - previous version updates fixed also: * CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c * CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite * CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes * CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS * CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak * CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c * CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c * CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock() * CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c * CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. * CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service * CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. * CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings. * CVE-2020-14403 [bsc#1173701] * CVE-2020-14404 [bsc#1173701]
buildservice-autocommit
accepted
request 862815
from
Petr Gajdos (pgajdos)
(revision 65)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 862813
from
Frederic Crozat (fcrozat)
(revision 64)
drop unwanted patch
Petr Gajdos (pgajdos)
accepted
request 862644
from
Frederic Crozat (fcrozat)
(revision 63)
- Add many patches needed for GNOME Remote desktop (already in Fedora): * TLS security type enablement patches gh#LibVNC/libvncserver!234 - 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch - 0002-libvncserver-Add-channel-security-handlers.patch - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch * Fix crash on all runs after the first gh#LibVNC/libvncserver!444 rh#1882718 - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch * Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718 - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
buildservice-autocommit
accepted
request 817795
from
Petr Gajdos (pgajdos)
(revision 62)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 61)
- version update to 0.9.13 [bsc#1173477]
Petr Gajdos (pgajdos)
committed
(revision 60)
- version update to 0.9.13 ## Overall changes: * Small tweaks to the CMake build system. * The macOS server example was overhauled and is now the most feature-complete sample application of the project, ready for real-world use. * Lots of documentation updates and markdownifying. * The TravisCI continuous integration now also build-checks cross-compilation from Linux to Windows. * Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project. ## LibVNCServer/LibVNCClient: * Both LibVNCServer and LibVNCClient now support an additional platform, namely Microsoft Windows. Building is supported with Visual Studio as well as MingGW. * The separate crypto routines used by LibVNCClient and LibVNCServer were refactored into an implementation common to both libraries. * Several security issues got fixed. * The bundled noVNC client is now at version 1.1.0 and included via a git submodule. ## LibVNCClient: * Added connect timeout as well as read timeout support thanks to Tobias Junghans. * Both TLS backends now do proper locking of network operations when multi-threaded thanks to Gaurav Ujjwal. * Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC. * Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end. Made possible by the profound research done by Gaurav Ujjwal. ## LibVNCServer: * Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver rfbFramebufferUpdateRequest messages from clients to the frame producer thanks to Jae Hyun Yoo. * Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos. * Added multi-threading support for MS Windows. * Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
buildservice-autocommit
accepted
request 800071
from
Petr Gajdos (pgajdos)
(revision 59)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 58)
- deleted patches - LibVNCServer-CVE-2018-20749.patch (mistakenly added, it is already part of 0.9.12)
buildservice-autocommit
accepted
request 798132
from
Petr Gajdos (pgajdos)
(revision 57)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 56)
- security update - added patches fix CVE-2019-15690 [bsc#1160471], heap buffer overflow + LibVNCServer-CVE-2019-15690.patch fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value + LibVNCServer-CVE-2019-20788.patch
buildservice-autocommit
accepted
request 762624
from
Petr Gajdos (pgajdos)
(revision 55)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 762623
from
Fabian Vogt (favogt)
(revision 54)
- Add patches to fix crash on shutdown: * avoid-pthread_join-if-backgroundLoop-is-FALSE.patch * fix-crash-on-shutdown.patch
buildservice-autocommit
accepted
request 745157
from
Petr Gajdos (pgajdos)
(revision 53)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 52)
- turn the test suite on
Petr Gajdos (pgajdos)
committed
(revision 51)
- security update - added patches CVE-2019-15681 [bsc#1155419] + LibVNCServer-CVE-2019-15681.patch
Displaying revisions 1 - 20 of 70