[Bug 1193100] New: TigerVNC 1.12.0 available (new version) and contains security fix
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100 Bug ID: 1193100 Summary: TigerVNC 1.12.0 available (new version) and contains security fix Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All URL: https://github.com/TigerVNC/tigervnc/releases/tag/v1.1 2.0 OS: All Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications Assignee: screening-team-bugs@suse.de Reporter: jayjayjazz@gmail.com QA Contact: qa-bugs@suse.de Found By: Community User Blocker: --- TigerVNC 1.12.0 available Release Notes for 1.12.0: [1] - The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed - Recent server history in the native viewer - The native viewer now has an option to reconnect if the connection is dropped - Translations are now enabled on Windows and macOS for the native viewer - The native viewer now respects the system security policy� - Better handling of accented keys in the Java viewer - The Unix servers can now listen to both a Unix socket and a TCP port at the same time - The network code in both the servers and the native viewer has been restructured to give a more responsive experience - The vncserver service now correctly handles settings set to "0" - Fixed the clipboard Unicode handling in both the native viewer and the servers - Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games � except when GnuTLS is statically linked It seems that we have version 1.10.x currently in the repositories. So, here are also the changes for 1.11.x: [2] - A security issue has been fixed in how the viewers handle TLS certificate exceptions - vncserver has gotten a major redesign to be compatible with modern distributions - The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel) - Middle mouse button emulation in the native viewer, for devices with only two mouse buttons - The Java viewer now supports Java 9+, but also now requires Java 8+ - Support for alpha cursors in the Java viewer (a feature already supported in the native viewer) - The password and username can now be specified via the environment for the native viewer - Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16 - The official builds have been fixed to work on the upcoming macOS 11 - The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy [1]: https://github.com/TigerVNC/tigervnc/releases/tag/v1.12.0 [2]: https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c1
Andreas Stieger
A security issue has been fixed in how the viewers handle TLS certificate exceptions
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c2
--- Comment #2 from Jazz
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c3
Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c4
--- Comment #4 from Jazz
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c5
--- Comment #5 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c6
--- Comment #6 from Jazz
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c7
--- Comment #7 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c8
--- Comment #8 from Jazz
Low priority. We have a bunch of patches. Usually some and even often many of these need to be adjusted. But you can help by branching the package, update it, adjust the patches and make a submit requrest. ;-)
Thanks for the update. I made some tests: https://build.opensuse.org/package/show/home:JayJayJazz/tigervnc_1.12 It looks like that most of the patches are already upstream. I excluded them from the spec file for this very moment. Still, I can't finish the build. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c9
--- Comment #9 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c10
--- Comment #10 from Jazz
Well, you can't just disable patches assuming they are already upstream if they no longer apply. That's not how updating a package works.
I agree. I checked the commits on github for the TigerVNC project before disabling the patches. If this is the wrong way, how could I make it better? Sorry for hijacking the Bugtracker for such questions. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c11
--- Comment #11 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c12
--- Comment #12 from Jazz
Well, you need to look at the patches and figure out how to add the changes to the new context. If you're not familiar with C/C++ programming it's probably not a good idea to try this.
Unfortunately, I am no C/C++ developer. :-( Does it make sense to forward my current findings regrading TigerVNC in any way? As mentioned: It looks like that some of the patches are deprecated. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100#c13
--- Comment #13 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=1193100
Stefan Dirsch
participants (1)
-
bugzilla_noreply@suse.com