Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libvncclient1-0.9.13-150400.3.3.1 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

Name: libvncclient1 Distribution: SUSE Linux Enterprise 15
Version: 0.9.13 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150400.3.3.1 Build date: Thu Sep 8 15:06:48 2022
Group: System/Libraries Build host: sheep04
Size: 173512 Source RPM: LibVNCServer-0.9.13-150400.3.3.1.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/LibVNC/libvncserver
Summary: Library implementing a VNC client
LibVNCServer/LibVNCClient are cross-platform C libraries that allow
implementing VNC server or client functionality in your program.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Thu Sep 08 2022 pgajdos@suse.com
  - security update
  - added patches
    fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
    + LibVNCServer-CVE-2020-29260.patch
* Fri Sep 17 2021 pgajdos@suse.com
  - purposedly adding just this changelog entry
  - previous version updates fixed also:
    * CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
    * CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite
    * CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes
    * CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS
    * CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak
    * CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c
    * CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c
    * CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock()
    * CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c
    * CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
    * CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service
    * CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
    * CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings.
    * CVE-2020-14403 [bsc#1173701]
    * CVE-2020-14404 [bsc#1173701]
* Fri Jan 08 2021 fcrozat@suse.com
  - Add many patches needed for GNOME Remote desktop (already in
    Fedora):
    * TLS security type enablement patches gh#LibVNC/libvncserver!234
    - 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
    - 0002-libvncserver-Add-channel-security-handlers.patch
    - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
    * Fix crash on all runs after the first gh#LibVNC/libvncserver!444 rh#1882718
    - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
    * Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718
    - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
* Tue Jun 30 2020 pgajdos@suse.com
  - version update to 0.9.13 [bsc#1173477]
    [#]# Overall changes:
    * Small tweaks to the CMake build system.
    * The macOS server example was overhauled and is now the most feature-complete sample
      application of the project, ready for real-world use.
    * Lots of documentation updates and markdownifying.
    * The TravisCI continuous integration now also build-checks cross-compilation from
      Linux to Windows.
    * Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project.
    [#]# LibVNCServer/LibVNCClient:
    * Both LibVNCServer and LibVNCClient now support an additional platform, namely
      Microsoft Windows. Building is supported with Visual Studio as well as MingGW.
    * The separate crypto routines used by LibVNCClient and LibVNCServer were refactored
      into an implementation common to both libraries.
    * Several security issues got fixed.
    * The bundled noVNC client is now at version 1.1.0 and included via a git submodule.
    [#]# LibVNCClient:
    * Added connect timeout as well as read timeout support thanks to Tobias Junghans.
    * Both TLS backends now do proper locking of network operations when multi-threaded
      thanks to Gaurav Ujjwal.
    * Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC.
    * Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end.
      Made possible by the profound research done by Gaurav Ujjwal.
    [#]# LibVNCServer:
    * Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver
      rfbFramebufferUpdateRequest messages from clients to the frame producer
      thanks to Jae Hyun Yoo.
    * Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos.
    * Added multi-threading support for MS Windows.
    * Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
    * Fixed unstable WebSockets connections thanks to Sebastian Kranz.
  - deleted patches
    - LibVNCServer-CVE-2019-15681.patch (upstreamed)
    - LibVNCServer-CVE-2019-15690.patch (upstreamed)
    - LibVNCServer-CVE-2019-20788.patch (upstreamed)
    - avoid-pthread_join-if-backgroundLoop-is-FALSE.patch (upstreamed)
    - cmake-libdir.patch (upstreamed)
    - fix-crash-on-shutdown.patch (upstreamed)
* Mon May 04 2020 pgajdos@suse.com
  - deleted patches
    - LibVNCServer-CVE-2018-20749.patch (mistakenly added, it is
      already part of 0.9.12)
* Mon Apr 27 2020 pgajdos@suse.com
  - security update
  - added patches
    fix CVE-2019-15690 [bsc#1160471], heap buffer overflow
    + LibVNCServer-CVE-2019-15690.patch
    fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value
    + LibVNCServer-CVE-2019-20788.patch
* Fri Jan 10 2020 fvogt@suse.com
  - Add patches to fix crash on shutdown:
    * avoid-pthread_join-if-backgroundLoop-is-FALSE.patch
    * fix-crash-on-shutdown.patch
* Mon Nov 04 2019 pgajdos@suse.com
  - turn the test suite on
* Mon Nov 04 2019 pgajdos@suse.com
  - security update
  - added patches
    CVE-2019-15681 [bsc#1155419]
    + LibVNCServer-CVE-2019-15681.patch
* Wed Feb 20 2019 fezhang@suse.com
  - Add BuildRequire libgnutls-devel: Remmina needs it for VNC
    connections (boo#1123805)
* Mon Feb 11 2019 pgajdos@suse.com
  - use upstream commit, amend cmake-libdir.patch
* Mon Feb 11 2019 pgajdos@suse.com
  - fix cmake build, add cmake-libdir.patch (upstream issue #281)
* Tue Feb 05 2019 pgajdos@suse.com
  - update to version 0.9.12
    - Overall changes:
    * CMake now is the default build system, Autotools were removed.
    * In addition to TravisCI, all commits are now build-tested by AppVeyorCI.
    - LibVNCServer/LibVNCClient:
    * Numerous build fixes for Visual Studio compilers to the extent that
      one can now _build_ the project with these. The needed changes for
      successfully _running_ stuff will be implemented in 0.9.13.
    * Fixed building for Android and added build instructions.
    * Removed the unused PolarSSL wrapper.
    * Updated the bundled noVNC to latest release 1.0.0.
    * Allowed to use global LZO library instead of miniLZO.
    - LibVNCClient:
    * Support for OpenSSL 1.1.x.
    * Support for overriding the default rectangle decode handlers (with
      hardware-accelerated ones for instance) thanks to Balazs Ludmany.
    * vnc2mpg updated.
    * Added support for X509 server certificate verification as part of the
      handshake process thanks to Simon Waterman.
    * Added a TRLE decoder thanks to Wiki Wang.
    * Included Tight decoding optimizations from TurboVNC thanks to DRC.
    * Ported the SDL viewer from SDL 1.2 to SDL 2.0.
    * Numerous security fixes.
    * Added support for custom auth handlers in order to support additional
      security types.
    - LibVNCServer:
    * Websockets rework to remove obsolete code thanks to Andreas Weigel.
    * Ensured compatibility with gtk-vnc 0.7.0+ thanks to Michał Kępień.
    * The built-in webserver now sends correct MIME type for Javascript.
    * Numerous memory management issues fixed.
    * Made the TightVNC-style file transfer more stable.
  - removed patches
    - LibVNCServer-CVE-2018-20021.patch (upstreamed)
    - LibVNCServer-CVE-2018-20023.patch (upstreamed)
    - libvncserver-0.9.10-ossl.patch (not upstreamed)
    - LibVNCServer-CVE-2018-15127.patch (upstreamed)
    - LibVNCServer-CVE-2018-6307.patch (upstreamed)
    - LibVNCServer-CVE-2018-20019.patch (upstreamed)
    - LibVNCServer-CVE-2018-7225.patch (upstreamed)
    - LibVNCServer-CVE-2018-20022.patch (upstreamed)
    - libvncserver-0.9.1-multilib.patch (cmake now)
    - LibVNCServer-CVE-2018-15126.patch (upstreamed)
    - LibVNCServer-CVE-2018-20020.patch (upstreamed)
    - LibVNCServer-CVE-2018-20024.patch (upstreamed)
  - removed by upstream
    - libvncserver-config
  - security update
    * CVE-2018-20749 [bsc#1123828]
      + LibVNCServer-CVE-2018-20749.patch
* Fri Jan 11 2019 adam.majer@suse.de
  - Fix devel package dependencies
* Thu Jan 03 2019 pgajdos@suse.com
  - security update
    * CVE-2018-15126 [bsc#1120114]
      + LibVNCServer-CVE-2018-15126.patch
    * CVE-2018-6307 [bsc#1120115]
      + LibVNCServer-CVE-2018-6307.patch
    * CVE-2018-20020 [bsc#1120116]
      + LibVNCServer-CVE-2018-20020.patch
    * CVE-2018-15127 [bsc#1120117]
      + LibVNCServer-CVE-2018-15127.patch
    * CVE-2018-20019 [bsc#1120118]
      + LibVNCServer-CVE-2018-20019.patch
    * CVE-2018-20023 [bsc#1120119]
      + LibVNCServer-CVE-2018-20023.patch
    * CVE-2018-20022 [bsc#1120120]
      + LibVNCServer-CVE-2018-20022.patch
    * CVE-2018-20024 [bsc#1120121]
      + LibVNCServer-CVE-2018-20024.patch
    * CVE-2018-20021 [bsc#1120122]
      + LibVNCServer-CVE-2018-20021.patch
* Thu Jan 03 2019 pgajdos@suse.com
  - Update to version 0.9.11
      Overall changes:
      LibVNCServer/LibVNCClient development now uses continous intregration,
      provided by TravisCI.
      LibVNCClient:
      Now initializes libgcrypt before use if the application did not do it.
      Fixes a crash when connection to Mac hosts
      (#45).
      Various fixes that result in more stable handling of malicious or broken
      servers.
      Removed broken and unmaintained H264 decoding.
      Some documentation fixes.
      Added hooks to WriteToTLS() for optional protection by mutex.
      LibVNCServer:
      Stability fixes for the WebSocket implementation.
      Replaced SHA1 implementation with the one from RFC 6234.
      The built-in HTTP server does not allow directory traversals anymore.
      The built-in HTTP now sends correct MIME types for CSS and SVG.
      Added support for systemd socket activation.
      Made it possible to get autoPort behavior with either ipv4 or ipv6
      disabled.
      Fixed starting of an onHold-client in threaded mode.
  - dropped patches:
    - libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch (upstreamed)
    - libvncserver-byteswap.patch (stop maintaining not upstreamed patch)
  - modified patches:
    % libvncserver-0.9.10-ossl.patch (refreshed)
* Tue Mar 20 2018 pgajdos@suse.com
  - security update
    * CVE-2018-7225 [bsc#1081493]
      + LibVNCServer-CVE-2018-7225.patch
* Tue May 24 2016 antoine.belvire@laposte.net
  - Fix build errors of applications using stl_algobase.h and
    libvncserver's rfbproto.h, e.g. krfb (issue #102)
    * Add libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch
* Sun Feb 08 2015 crrodriguez@opensuse.org
  - Remove xorg-x11-devel from buildRequires, X libraries
    are not directly used/linked
* Sun Feb 08 2015 crrodriguez@opensuse.org
  - libvncserver-0.9.10-ossl.patch: Update, do not
    RAND_load_file("/dev/urandom", 1024) if the the PRNG is already
    seeded. (It always is on linux)
* Sat Dec 13 2014 p.drouand@gmail.com
  - Update to version 0.9.10
    + Moved the whole project from sourceforge to https://libvnc.github.io/.
    + Cleaned out the autotools build system which now uses autoreconf.
    + Updated noVNC HTML5 client to latest version.
    + Split out x11vnc sources into separate repository at
      https://github.com/LibVNC/x11vnc
    + Split out vncterm sources into separate repository at
      https://github.com/LibVNC/vncterm
    + Split out VisualNaCro sources into separate repository at
      https://github.com/LibVNC/VisualNaCro
    + Merged Debian patches.
    + Fixed some security-related buffer overflow cases.
    + Added compatibility headers to make LibVNCServer/LibVNCClient
      build on native Windows 8.
    + Update LZO to version 2.07, fixing CVE-2014-4607.
    + Merged patches from KDE/krfb.
    + Can now do IPv6 without IPv4.
    + Fixed a use-after-free issue in scale.c.
  - Update Url and download source to new project home
  - Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it
    out of main tarball
  - Rebase libvncserver-ossl.patch to upstream changes
    > libvncserver-0.9.10-ossl.patch
  - Remove linuxvnc subpackage; like x11vnc, it has been splited out
    but is depreciated and unmaintained.

Files

/usr/lib64/libvncclient.so.0.9.13
/usr/lib64/libvncclient.so.1
/usr/share/doc/packages/libvncclient1
/usr/share/doc/packages/libvncclient1/COPYING
/usr/share/doc/packages/libvncclient1/README.md


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:11:13 2024