File tigervnc.changes of Package tigervnc.20174
-------------------------------------------------------------------
Sat Jun 19 02:14:01 UTC 2021 - Jason Sikes <jsikes@suse.com>
- tigervnc-FIPS-use-RFC7919.patch
* Enable GnuTLS 3.6.0 and later to use Diffie-Hellman parameters
from RFC7919 instead of generating our own, for FIPS compliance.
* Specify RFC7919 parameters for GnuTLS older than 3.6.0.
* bsc#1179809
-------------------------------------------------------------------
Wed Oct 7 14:52:16 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>
- CVE-2020-26117: Server certificates were stored as certiticate
authoritied, allowing malicious owners of these certificates
to impersonate any server after a client had added an exception
(boo#1176733)
U_0001-Properly-store-certificate-exceptions.patch,
* Properly store certificate exceptions (boo#1176733)
U_Move-UserPasswordGetter-out-of-CConn.patch
* pre-requisite of the next patch
U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
* Properly store certificate exceptions in Java (boo#1176733)
- adjusted u_tigervnc-add-autoaccept-parameter.patch and applying
it last
-------------------------------------------------------------------
Thu Jan 16 15:48:32 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>
- removed broken and unneeded patch
0002-Encapsulate-PixelBuffer-internal-details.patch (bsc#1160937)
-------------------------------------------------------------------
Thu Jan 9 20:57:04 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>
- TigerVNC security fix:
0001-Make-ZlibInStream-more-robust-against-failures.patch
0002-Encapsulate-PixelBuffer-internal-details.patch
0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch
0004-Add-write-protection-to-OffsetPixelBuffer.patch
0005-Handle-empty-Tight-gradient-rects.patch
0006-Add-unit-test-for-PixelFormat-sanity-checks.patch
0007-Fix-depth-sanity-test-in-PixelFormat.patch
0008-Add-sanity-checks-for-PixelFormat-shift-values.patch
0009-Remove-unused-FixedMemOutStream.patch
0010-Use-size_t-for-lengths-in-stream-objects.patch
0011-Be-defensive-about-overflows-in-stream-objects.patch
0012-Add-unit-tests-for-PixelFormat.is888-detection.patch
0013-Handle-pixel-formats-with-odd-shift-values.patch
* stack use-after-return due to incorrect usage of stack memory
in ZRLEDecoder (CVE-2019-15691, bsc#1159856)
* improper value checks in CopyRectDecode may lead to heap
buffer overflow (CVE-2019-15692, bsc#1160250)
* heap buffer overflow in TightDecoder::FilterGradient
(CVE-2019-15693, bsc#1159858)
* improper error handling in processing MemOutStream may lead
to heap buffer overflow (CVE-2019-15694, bsc#1160251
* stack buffer overflow, which could be triggered from
CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860)
-------------------------------------------------------------------
Thu Jan 11 10:11:51 UTC 2018 - msrb@suse.com
- n_java_fix_16bit_depth.patch
* Fix 16bit depth support in the java viewer. (bnc#1075403)
-------------------------------------------------------------------
Thu Sep 7 07:22:04 UTC 2017 - msrb@suse.com
- U_tigervnc-fix-race-problem-with-detecting-listening-inetd-sockets.patch
(bnc#1054300)
-------------------------------------------------------------------
Fri Aug 11 08:59:54 UTC 2017 - msrb@suse.com
- Disable MIT-SHM extension when running under vnc user.
(bnc#1053373)
-------------------------------------------------------------------
Thu Jul 20 07:49:41 UTC 2017 - msrb@suse.com
- U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch,
U_handle_certificate_verification_for_saved_certs_correctly.patch
* Fix certificate handling in the java client. (bnc#1041847)
- Refresh u_tigervnc-add-autoaccept-parameter.patch and apply it
last.
- Make sure CN in generated certificate doesn't exceed 64
characters. (bnc#1041847)
-------------------------------------------------------------------
Fri Jul 7 08:06:00 UTC 2017 - msrb@suse.com
- Change with-vnc-key.sh to generate TLS certificate using current
hostname. (bnc#1041847)
-------------------------------------------------------------------
Fri Apr 7 14:28:21 UTC 2017 - msrb@suse.com
- U_tigervnc-limit-size-of-cursor-accepted-by-client.patch
* Prevent buffer overflow in VNC client.
(bnc#1032880)
-------------------------------------------------------------------
Wed Apr 5 13:48:51 UTC 2017 - msrb@suse.com
- U_tigervnc-better-check-for-screen-visibility.patch
* Crop operations to visible screen. (bnc#1032272)
-------------------------------------------------------------------
Fri Mar 31 14:30:37 UTC 2017 - msrb@suse.com
- U_tigervnc-delete-underlying-ssecurity-in-SSecurityVeNCrypt.patch,
U_tigervnc-prevent-leak-of-SecurityServer-and-ClientServer.patch
* Prevent leaks in VNC server. (bnc#bnc#1031886)
- U_tigervnc-fix-crash-from-integer-overflow-in-SMsgReader-readClientCutText.patch
* Prevent clients crashing VNC server. (bnc#1031877)
- U_tigervnc-fix-checkNoWait-logic-in-SSecurityPlain.patch,
U_tigervnc-limit-max-username-password-size-in-SSecurityPlain.patch
* Prevent multiple security issues in security Plain. (bnc#1031879)
- U_tigervnc-prevent-double-free-by-crafted-fences.patch
* Prevent double free in VNC server. (bnc#1031875)
-------------------------------------------------------------------
Mon Mar 27 13:44:41 UTC 2017 - msrb@suse.com
- U_tigervnc-restore-cropping-API-to-maskRect.patch,
U_tigervnc-crop-cursor-before-calling-maskRect.patch
* Prevent client disconnection caused by invalid cursor
manipulation. (bnc#1024929, bnc#1031045)
-------------------------------------------------------------------
Thu Mar 2 14:19:27 UTC 2017 - msrb@suse.com
- Readd index.vnc. (bnc#1026833)
-------------------------------------------------------------------
Thu Feb 2 12:10:37 UTC 2017 - msrb@suse.com
- U_tigervnc_proper_global_init_deinit_of_GnuTLS.patch
* Prevent crash caused by failed TLS connection. (bnc#1023012)
-------------------------------------------------------------------
Wed Jan 18 13:59:38 UTC 2017 - msrb@suse.com
- U_tigervnc-fix-buffer-overflow-in-ModifiablePixelBuffer-fillRect.patch,
U_tigervnc-prevent-invalid-PixelBuffer-accesses.patch,
U_tigervnc-check-invalid-RRE-rects.patch
* Fix buffer overflow in client caused by malicious server.
(bnc#1019274)
-------------------------------------------------------------------
Thu Jun 16 14:06:07 UTC 2016 - msrb@suse.com
- Generate VNC key and certificate on first use, not during
installation. (bnc#982349)
-------------------------------------------------------------------
Thu Jun 9 11:39:18 UTC 2016 - msrb@suse.com
- U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
* Fix zlib stream reset in tight encoding. (bnc#963417)
- Marking bnc#964352 (xkbcomp dependency) as fixed.
-------------------------------------------------------------------
Thu May 19 18:21:55 UTC 2016 - msrb@suse.com
- Add /etc/pam.d/vnc configuration and add vnc user to shadow
group. (bnc#980326)
-------------------------------------------------------------------
Thu Apr 28 02:52:05 UTC 2016 - msrb@suse.com
- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701)
-------------------------------------------------------------------
Wed Apr 27 11:41:10 UTC 2016 - msrb@suse.com
- Add dependency on xorg-x11-fonts-core. (bnc#977019)
-------------------------------------------------------------------
Mon Apr 11 13:56:14 UTC 2016 - msrb@suse.com
- Remove unnecessary dependency on icewm.
-------------------------------------------------------------------
Fri Apr 8 10:42:39 UTC 2016 - sndirsch@suse.com
- buildrequire specific xorg-x11-server-source version (currently
1.18.3) in order to prevent incomprehensible patch failures
-------------------------------------------------------------------
Tue Apr 5 19:21:12 UTC 2016 - msrb@suse.com
- Update to tigervnc 1.6.0. (fate#319701, fate#319319, bnc#952057)
- N_tigervnc_revert_fltk_1_3_3_requirements.patch
* Stay compatible with fltk 1.3.2.
- u_xserver118.patch
* Build with X Server 1.18
- u_tigervnc_update_default_vncxstartup.patch
* Update default VNC xstartup script.
- u_add_allowoverride_parameter.patch
* Add option to to specify which parameters can be set from
inside VNC session. (fate#319319)
- u_build_libXvnc_as_separate_library.patch
* Allows other applications to use XVNC extension. (fate#319319)
- Remove upstreamed or obsolete patches:
* U_support_ipv6.patch
* n_tigervnc_Revert_Attempt_to_handle_Ctrl-key.patch
* tigervnc-sf3495623.patch
* u_syslog.patch
* u_terminate_instead_of_ignoring_restart.patch
* u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
* u_tigervnc-dont-send-ascii-control-characters.patch
* u_tigervnc-prioritize-anon-ecdh.patch
* u_tigervnc-send-special-keys-directly.patch
* u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
* u_tigervnc-use_preferred_mode.patch
* u_tigervnc-vncserver-clean-pid-files.patch
-------------------------------------------------------------------
Thu Oct 22 15:47:51 UTC 2015 - msrb@suse.com
- U_support_ipv6.patch
* Bind to both ipv4 and ipv6 addresses. (bnc#951281)
-------------------------------------------------------------------
Wed Oct 14 11:25:34 UTC 2015 - msrb@suse.com
- u_tigervnc-prioritize-anon-ecdh.patch
* Prefer ANON-ECDH over ANON-DH cipher to avoid java bug.
(bnc#950147)
-------------------------------------------------------------------
Mon Oct 5 10:57:50 UTC 2015 - msrb@suse.com
- u_tigervnc-vncserver-clean-pid-files.patch
* vncserver: Clean pid files of dead processes. (bnc#948392)
-------------------------------------------------------------------
Wed Aug 26 11:08:50 UTC 2015 - msrb@suse.com
- Remove commented out DefaultDepth 16 from 10-libvnc.conf file.
Using 16 bit depth can cause troubles and does not have any
positives anymore, so lets not suggest it to users. (bnc#942982)
-------------------------------------------------------------------
Tue Aug 11 11:52:05 UTC 2015 - msrb@suse.com
- Readd index.vnc. (bnc#941123)
-------------------------------------------------------------------
Tue Jul 28 12:51:46 UTC 2015 - msrb@suse.com
- Update tigervnc configuration safely. (bnc#939099)
-------------------------------------------------------------------
Tue Jul 7 08:19:19 UTC 2015 - msrb@suse.com
- Use xserver sources from xorg-x11-server-source.
- Drop xserver patches. (They are present in xorg-x11-server.)
- Use encryption everywhere. (fate#318936)
-------------------------------------------------------------------
Wed Apr 1 11:59:30 UTC 2015 - msrb@suse.com
- u_terminate_instead_of_ignoring_restart.patch
* Terminate instead of ignoring restart. (bnc#920969)
-------------------------------------------------------------------
Thu Feb 12 12:09:12 UTC 2015 - msrb@suse.com
- U_xkb-check-strings-length-against-request-size.patch
* Check string lenghts in XkbSetGeometry request.
(bnc#915810, CVE-2015-0255)
-------------------------------------------------------------------
Mon Feb 2 13:10:47 UTC 2015 - msrb@suse.com
- n_tigervnc_Revert_Attempt_to_handle_Ctrl-key.patch
* Revert bugged upstream commit. (bnc#915782)
- Rebuild against fltk backported patches for cursor and clipboard
handling. (bnc#908738)
- Update to tigervnc 1.4.1 and X server 1.15.2.
(Required for security patches.) (bnc#911577)
- Synchronize patches from xorg-x11-server that are relevant for Xvnc:
* U_BellProc-Send-bell-event-on-core-protocol-bell-when-requested.patch
* U_Xi_unvalidated_lengths_in_Xinput_extension.patch
* U_Xv_unvalidated_lengths_in_XVideo_extension_swapped_procs.patch
* U_dbe_Call_to_DDX_SwapBuffers_requires_address_of_int_not_unsigned_int.patch
* U_dbe_unvalidated_lengths_in_DbeSwapBuffers_calls.patch
* U_dix_GetHosts_bounds_check_using_wrong_pointer_value.patch
* U_dix_Missing_parens_in_REQUEST_FIXED_SIZE_macro.patch
* U_dix_integer_overflow_in_GetHosts.patch
* U_dix_integer_overflow_in_ProcPutImage.patch
* U_dix_integer_overflow_in_REQUEST_FIXED_SIZE.patch
* U_dix_integer_overflow_in_RegionSizeof.patch
* U_fb-Fix-invalid-bpp-for-24bit-depth-window.patch
* U_glx_Add_safe__add_mul_pad.patch
* U_glx_Additional_paranoia_in___glXGetAnswerBuffer___GLX_GET_ANSWER_BUFFER.patch
* U_glx_Be_more_paranoid_about_variable_length_requests.patch
* U_glx_Be_more_strict_about_rejecting_invalid_image_sizes.patch
* U_glx_Fix_image_size_computation_for_EXT_texture_integer.patch
* U_glx_Fix_mask_truncation_in___glXGetAnswerBuffer.patch
* U_glx_Integer_overflow_protection_for_non_generated_render_requests.patch
* U_glx_Length_checking_for_GLXRender_requests.patch
* U_glx_Length_checking_for_RenderLarge_requests.patch
* U_glx_Length_checking_for_non_generated_single_request.patch
* U_glx_Length_checking_for_non_generated_vendor_private_requests.patch
* U_glx_Pass_remaining_request_length_into_varsize.patch
* U_glx_Request_length_checks_for_SetClientInfoARB.patch
* U_glx_Top_level_length_checking_for_swapped_VendorPrivate_requests.patch
* U_randr_unvalidated_lengths_in_RandR_extension_swapped_procs.patch
* U_render_check_request_size_before_reading_it.patch
* U_render_unvalidated_lengths_in_Render_extn_swapped_procs.patch
* U_unchecked_malloc_may_allow_unauthed_client_to_crash_Xserver.patch
* U_xcmisc_unvalidated_length_in_SProcXCMiscGetXIDList.patch
* U_xfixes_unvalidated_length_in_SProcXFixesSelectSelectionInput.patch
* n_tigervnc-date-time.patch
- Drop upstreamed/obsolete patches:
* U_tigervnc-dont-check-inputs-with-assert.patch
* U_tigervnc-use-asserts-in-release.patch
* tigervnc-1.2.80-fix-int-to-pointer.patch
* tigervnc-sf3492352.diff
* u_aarch64-support.patch
* u_tigervnc-1.3.0-fix-use-after-free.patch
* u_tigervnc-check-shm-harder.patch
-------------------------------------------------------------------
Tue Nov 25 15:31:58 UTC 2014 - msrb@suse.com
- Add u_tigervnc-send-special-keys-directly.patch,
fix u_tigervnc-dont-send-ascii-control-characters.patch
* Send correctly keys that don't type any characters, such as
CTRL+Space. (bnc#906922)
-------------------------------------------------------------------
Thu Oct 30 13:20:16 UTC 2014 - msrb@suse.com
- u_tigervnc-cve-2014-8240.patch
* Prevent potentially dangerous integer overflow.
(bnc#900896 CVE-2014-8240)
-------------------------------------------------------------------
Thu Sep 25 13:20:42 UTC 2014 - msrb@suse.com
- u_tigervnc-use_preferred_mode.patch
* Mark user chosen resolution as preferred. (bnc#896540)
-------------------------------------------------------------------
Mon Aug 18 10:33:20 UTC 2014 - msrb@suse.com
- Obsolete tightvnc <= 1.3.9 for proper upgrade from SLE11.
(bnc#891982)
-------------------------------------------------------------------
Tue Aug 12 12:44:34 UTC 2014 - msrb@suse.com
- u_tigervnc-check-shm-harder.patch
* Check if SHM really works before deciding to use it.
(bnc#890580)
-------------------------------------------------------------------
Fri Aug 1 14:17:00 UTC 2014 - msrb@suse.com
- U_include-vencrypt-only-if-any-subtype-present.patch
* Do not automatically offer VeNCrypt security if none of it's
subtypes is selected. (bnc#889781)
-------------------------------------------------------------------
Wed Jul 23 12:03:23 UTC 2014 - msrb@suse.com
- Fix mistakes in spec file. (bnc#888371)
-------------------------------------------------------------------
Wed May 28 14:39:22 UTC 2014 - msrb@suse.com
- Use update-alternatives.
-------------------------------------------------------------------
Thu May 8 21:24:05 UTC 2014 - msrb@suse.com
- u_tigervnc-ignore-epipe-on-write.patch
* Do not display error message because of EPIPE on write.
(bnc#864676)
-------------------------------------------------------------------
Sat Apr 26 12:07:52 UTC 2014 - sndirsch@suse.com
- xorg-x11-Xvnc: require xkeyboard-config (bnc#875329)
-------------------------------------------------------------------
Thu Apr 24 13:19:51 UTC 2014 - msrb@suse.com
- vnc.xinetd
* Do not use 16 bpp by default anymore. The network trafic gain
of 16 bpp together with Tight encoding is arguable. 16 bpp
causes graphical issues and is known to not work properly
in Mesa. (bnc#871965)
-------------------------------------------------------------------
Fri Mar 21 14:24:29 UTC 2014 - msrb@suse.com
- U_tigervnc-dont-check-inputs-with-assert.patch and
U_tigervnc-use-asserts-in-release.patch
* Fix security issue. (bnc#869307, CVE-2014-0011)
-------------------------------------------------------------------
Thu Mar 20 00:40:17 CET 2014 - ro@suse.de
- excludearch s390 (would need compilation with fPIC as well
but common/CMakeLists.txt does this only on 64bit)
-------------------------------------------------------------------
Mon Mar 17 13:47:18 UTC 2014 - msrb@suse.com
- Update HTML page that serves vnc client applet. (bnc#867273)
- u_tigervnc-dont-send-ascii-control-characters.patch
* Send CTRL+[A-Z] combinations instead of ascii control characters.
(bnc#864666)
-------------------------------------------------------------------
Fri Feb 21 15:18:35 UTC 2014 - dvaleev@suse.com
- Add ppc64le support (bnc#865069)
- added patches:
* u_ppc64le-support.patch
-------------------------------------------------------------------
Thu Feb 13 14:42:31 UTC 2014 - msrb@suse.com
- Readd vncpasswd.arg for compatibility with installation system
and potentially another users. (bnc#855246)
-------------------------------------------------------------------
Fri Feb 7 15:11:41 UTC 2014 - msrb@suse.com
- Drop tigervnc-sf3492503.diff, tigervnc-sf3495623.diff and
xorg-bug38185.patch (not used and not needed).
- Update tigervnc-sf3492352.diff and tigervnc-sf3495623.patch.
-------------------------------------------------------------------
Wed Feb 5 15:22:33 UTC 2014 - msrb@suse.com
- N_use-icewm.patch
* Switch fallback WM to icewm in vncserver script. (bnc#862315)
-------------------------------------------------------------------
Fri Jan 10 15:11:50 UTC 2014 - sndirsch@suse.com
- do not include vnc Xserver module and xorg.conf snippet on s390x
-------------------------------------------------------------------
Thu Jan 9 11:40:13 UTC 2014 - msrb@suse.com
- Remove unnecessary BuildRequires for binutils-gold.
-------------------------------------------------------------------
Mon Dec 16 14:51:48 UTC 2013 - msrb@suse.com
- Exclude xorg-server-1.13.0/hw/xfree86/modes/xf86gtf.c and
xorg-server-1.13.0/hw/xfree86/utils/gtf/gtf.c from xserver
sources. (bnc#855566)
- n_tigervnc-dont-build-gtf.patch
* Fix build with gtf files excluded. (bnc#855566)
-------------------------------------------------------------------
Tue Dec 3 14:34:56 UTC 2013 - msrb@suse.com
- tigervnc-clean-pressed-key-on-exit.patch
* Send release events for pressed keys after X I/O error.
(bnc#670448)
-------------------------------------------------------------------
Mon Nov 18 14:05:44 UTC 2013 - msrb@suse.com
- Update to 1.3.0.
- Build xorg-x11-Xvnc package from this sources.
-------------------------------------------------------------------
Wed Sep 19 08:08:53 UTC 2012 - werner@suse.de
- Make it build with latest TeXLive 2012 and use pdf engine
-------------------------------------------------------------------
Wed Mar 21 23:30:32 UTC 2012 - jengelh@medozas.de
- Add missing tarball
- Parallel build with %_smp_mflags
- Remove redundant sections
-------------------------------------------------------------------
Fri Feb 24 20:47:33 UTC 2012 - giecrilj@stegny.2a.pl
- bump to 1.1 (current stable)
- add documentation (bnc#748504)
- build dynamic server
- eliminate gethostbyname, patch submitted upstream
- incidental clean-up
-------------------------------------------------------------------
Wed Feb 9 15:07:34 UTC 2011 - sndirsch@novell.com
- added jpeg-devel to BuildRequires
-------------------------------------------------------------------
Wed Feb 9 14:00:16 UTC 2011 - sndirsch@novell.com
- use system jpeg for building
- fixed xkb path
- added more reasonable options for Xvfb building
-------------------------------------------------------------------
Wed Feb 9 08:57:06 UTC 2011 - sndirsch@novell.com
- added Reinhard's xdmcp fix (bnc #625593)
-------------------------------------------------------------------
Wed Feb 9 08:50:10 UTC 2011 - sndirsch@novell.com
- TigerVNC build
* fix fontpatch
* cleanup
-------------------------------------------------------------------
Wed Feb 9 04:41:24 UTC 2011 - sndirsch@novell.com
- build Xvnc of TigerVNC project when %tigervnc is set; make this
the default for now
-------------------------------------------------------------------
Tue Feb 8 17:00:32 UTC 2011 - sndirsch@novell.com
- latest version of Perl script
-------------------------------------------------------------------
Thu Feb 3 17:41:02 UTC 2011 - sndirsch@novell.com
- renamed package from xorg-x11-Xvnc-ng to xorg-x11-Xvnc
-------------------------------------------------------------------
Thu Feb 3 17:26:04 UTC 2011 - sndirsch@novell.com
- rewritten wrapper script in Perl
-------------------------------------------------------------------
Wed Jan 26 10:07:10 UTC 2011 - sndirsch@novell.com
- added services file for SuSEfirewall2
-------------------------------------------------------------------
Wed Jan 26 00:43:01 UTC 2011 - sndirsch@novell.com
- created package
