Overview

Request 664669 superseded

- Fix devel package dependencies

- security update
* CVE-2018-15126 [bsc#1120114]
+ LibVNCServer-CVE-2018-15126.patch
* CVE-2018-6307 [bsc#1120115]
+ LibVNCServer-CVE-2018-6307.patch
* CVE-2018-20020 [bsc#1120116]
+ LibVNCServer-CVE-2018-20020.patch
* CVE-2018-15127 [bsc#1120117]
+ LibVNCServer-CVE-2018-15127.patch
* CVE-2018-20019 [bsc#1120118]
+ LibVNCServer-CVE-2018-20019.patch
* CVE-2018-20023 [bsc#1120119]
+ LibVNCServer-CVE-2018-20023.patch
* CVE-2018-20022 [bsc#1120120]
+ LibVNCServer-CVE-2018-20022.patch
* CVE-2018-20024 [bsc#1120121]
+ LibVNCServer-CVE-2018-20024.patch
* CVE-2018-20021 [bsc#1120122]
+ LibVNCServer-CVE-2018-20021.patch

- Update to version 0.9.11
Overall changes:
LibVNCServer/LibVNCClient development now uses continous intregration,
provided by TravisCI.
LibVNCClient:
Now initializes libgcrypt before use if the application did not do it.
Fixes a crash when connection to Mac hosts
(#45).
Various fixes that result in more stable handling of malicious or broken
servers.
Removed broken and unmaintained H264 decoding.
Some documentation fixes.
Added hooks to WriteToTLS() for optional protection by mutex.
LibVNCServer:
Stability fixes for the WebSocket implementation.
Replaced SHA1 implementation with the one from RFC 6234.
The built-in HTTP server does not allow directory traversals anymore.
The built-in HTTP now sends correct MIME types for CSS and SVG.
Added support for systemd socket activation.
Made it possible to get autoPort behavior with either ipv4 or ipv6
disabled.
Fixed starting of an onHold-client in threaded mode.
- dropped patches:
- libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch (upstreamed)
- libvncserver-byteswap.patch (stop maintaining not upstreamed patch)
- modified patches:
% libvncserver-0.9.10-ossl.patch (refreshed)

Dominique Leuenberger's avatar
Dominique Leuenberger (dimstar) -
reviewer

CC @lwfinger

virtualbox has a hard requires on libvncserver0 - with libVnc being updated, this dependency is no longer met, which results in:

can't install virtualbox-vnc-5.2.22-3.2.i586:
  nothing provides libvncserver0 needed by virtualbox-vnc-5.2.22-3.2.i586

Can you please correct this in one of the upcoming submissions for virtualbox?

Dominique Leuenberger's avatar
Dominique Leuenberger (dimstar_suse) -
reviewer target maintainer

Waiting for virtualbox

Request History
Adam Majer's avatar

adamm created request

- Fix devel package dependencies

- security update
* CVE-2018-15126 [bsc#1120114]
+ LibVNCServer-CVE-2018-15126.patch
* CVE-2018-6307 [bsc#1120115]
+ LibVNCServer-CVE-2018-6307.patch
* CVE-2018-20020 [bsc#1120116]
+ LibVNCServer-CVE-2018-20020.patch
* CVE-2018-15127 [bsc#1120117]
+ LibVNCServer-CVE-2018-15127.patch
* CVE-2018-20019 [bsc#1120118]
+ LibVNCServer-CVE-2018-20019.patch
* CVE-2018-20023 [bsc#1120119]
+ LibVNCServer-CVE-2018-20023.patch
* CVE-2018-20022 [bsc#1120120]
+ LibVNCServer-CVE-2018-20022.patch
* CVE-2018-20024 [bsc#1120121]
+ LibVNCServer-CVE-2018-20024.patch
* CVE-2018-20021 [bsc#1120122]
+ LibVNCServer-CVE-2018-20021.patch

- Update to version 0.9.11
Overall changes:
LibVNCServer/LibVNCClient development now uses continous intregration,
provided by TravisCI.
LibVNCClient:
Now initializes libgcrypt before use if the application did not do it.
Fixes a crash when connection to Mac hosts
(#45).
Various fixes that result in more stable handling of malicious or broken
servers.
Removed broken and unmaintained H264 decoding.
Some documentation fixes.
Added hooks to WriteToTLS() for optional protection by mutex.
LibVNCServer:
Stability fixes for the WebSocket implementation.
Replaced SHA1 implementation with the one from RFC 6234.
The built-in HTTP server does not allow directory traversals anymore.
The built-in HTTP now sends correct MIME types for CSS and SVG.
Added support for systemd socket activation.
Made it possible to get autoPort behavior with either ipv4 or ipv6
disabled.
Fixed starting of an onHold-client in threaded mode.
- dropped patches:
- libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch (upstreamed)
- libvncserver-byteswap.patch (stop maintaining not upstreamed patch)
- modified patches:
% libvncserver-0.9.10-ossl.patch (refreshed)

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto added repo-checker as a reviewer

Please review build success

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Staging Bot's avatar

staging-bot set openSUSE:Factory:Staging:E as a staging project

Being evaluated by staging project "openSUSE:Factory:Staging:E"

Staging Bot's avatar

staging-bot accepted review

Picked openSUSE:Factory:Staging:E

Jan Engelhardt's avatar

jengelh accepted review

Dominique Leuenberger's avatar

dimstar_suse accepted review

Removing from openSUSE:Factory:Staging:E, re-evaluation needed

Dominique Leuenberger's avatar

dimstar_suse added factory-staging as a reviewer

Requesting new staging review

Saul Goodman's avatar

licensedigger accepted review

ok

Petr Gajdos's avatar

pgajdos superseded request

superseded by 673320

openSUSE Build Service is sponsored by
Places