Hello community,
here is the log from the commit of package tigervnc for openSUSE:Factory checked in at 2014-05-18 06:50:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tigervnc (Old)
and /work/SRC/openSUSE:Factory/.tigervnc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tigervnc"
Changes:
--------
--- /work/SRC/openSUSE:Factory/tigervnc/tigervnc.changes 2014-05-05 21:09:54.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.tigervnc.new/tigervnc.changes 2014-05-18 06:50:05.000000000 +0200
@@ -1,0 +2,6 @@
+Fri May 16 13:52:19 UTC 2014 - msrb@suse.com
+
+- Update to version 1.3.1
+ * Security release (CVE-2014-0011).
+
+-------------------------------------------------------------------
Old:
----
tigervnc-1.3.0.tar.bz2
xorg-server-1.13.0.tar.bz2
New:
----
tigervnc-1.3.1.tar.bz2
xorg-server-1.14.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tigervnc.spec ++++++
--- /var/tmp/diff_new_pack.K8mOwm/_old 2014-05-18 06:50:08.000000000 +0200
+++ /var/tmp/diff_new_pack.K8mOwm/_new 2014-05-18 06:50:08.000000000 +0200
@@ -17,7 +17,7 @@
Name: tigervnc
-Version: 1.3.0
+Version: 1.3.1
Release: 0
Conflicts: tightvnc
BuildRequires: Mesa-devel
@@ -84,8 +84,8 @@
Summary: A high-performance, platform-neutral implementation of VNC
License: GPL-2.0 and MIT
Group: System/X11/Servers/XF86_4
-Source1: tigervnc-1.3.0.tar.bz2
-Source2: xorg-server-1.13.0.tar.bz2
+Source1: tigervnc-1.3.1.tar.bz2
+Source2: xorg-server-1.14.0.tar.bz2
Source3: vnc.xinetd
Source4: 10-libvnc.conf
Source5: vnc-server.firewall
@@ -143,7 +143,7 @@
%patch6 -p0
pushd unix/xserver
-patch -p1 < ../xserver113.patch
+patch -p1 < ../xserver114.patch
%patch10 -p1
%patch11 -p1
%patch12 -p1
@@ -212,7 +212,7 @@
%files -f %{name}.lang
%defattr(-,root,root,-)
%{_bindir}/vncviewer
-%exclude /usr/share/doc/tigervnc-1.3.0
+%exclude /usr/share/doc/tigervnc-1.3.1
%doc LICENCE.TXT
%doc README.txt
%{_mandir}/man1/vncviewer.1*
++++++ tigervnc-1.3.0.tar.bz2 -> tigervnc-1.3.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.3.0/CMakeLists.txt new/tigervnc-1.3.1/CMakeLists.txt
--- old/tigervnc-1.3.0/CMakeLists.txt 2013-07-04 15:41:14.000000000 +0200
+++ new/tigervnc-1.3.1/CMakeLists.txt 2014-03-19 14:22:01.000000000 +0100
@@ -18,10 +18,10 @@
include(CMakeMacroLibtoolFile)
project(tigervnc)
-set(VERSION 1.3.0)
+set(VERSION 1.3.1)
# The RC version must always be four comma-separated numbers
-set(RCVERSION 1,3,0,0)
+set(RCVERSION 1,3,1,0)
# Installation paths
set(BIN_DIR "${CMAKE_INSTALL_PREFIX}/bin")
@@ -63,6 +63,10 @@
message(STATUS "VERSION = ${VERSION}, BUILD = ${BUILD}")
add_definitions(-D__BUILD__="${BUILD}")
+# We want to keep our asserts even in release builds so remove NDEBUG
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -UNDEBUG")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -UNDEBUG")
+
if(NOT DEFINED BUILD_WINVNC)
set(BUILD_WINVNC 1)
endif()
@@ -303,8 +307,20 @@
option(ENABLE_GNUTLS "Enable protocol encryption and advanced authentication" ON)
if(ENABLE_GNUTLS)
find_package(GnuTLS)
+ find_package(Gcrypt)
+ find_package(Gpg_Error)
if (GNUTLS_FOUND)
include_directories(${GNUTLS_INCLUDE_DIR})
+ if (GCRYPT_FOUND)
+ include_directories(${GCRYPT_INCLUDE_DIR})
+ set(GNUTLS_LIBRARIES ${GNUTLS_LIBRARIES};${GCRYPT_LIBRARIES})
+ set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${GCRYPT_LIBRARIES})
+ if (GPG_ERROR_FOUND)
+ include_directories(${GPG_ERROR_INCLUDE_DIR})
+ set(GNUTLS_LIBRARIES ${GNUTLS_LIBRARIES};${GPG_ERROR_LIBRARIES})
+ set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${GPG_ERROR_LIBRARIES})
+ endif()
+ endif()
add_definitions("-DHAVE_GNUTLS")
add_definitions(${GNUTLS_DEFINITIONS})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.3.0/cmake/Modules/FindGcrypt.cmake new/tigervnc-1.3.1/cmake/Modules/FindGcrypt.cmake
--- old/tigervnc-1.3.0/cmake/Modules/FindGcrypt.cmake 1970-01-01 01:00:00.000000000 +0100
+++ new/tigervnc-1.3.1/cmake/Modules/FindGcrypt.cmake 2014-03-19 14:22:01.000000000 +0100
@@ -0,0 +1,36 @@
+# - Find gcrypt
+# Find the native GCRYPT includes and library
+#
+# GCRYPT_FOUND - True if gcrypt found.
+# GCRYPT_INCLUDE_DIR - where to find gcrypt.h, etc.
+# GCRYPT_LIBRARIES - List of libraries when using gcrypt.
+
+if (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES)
+ set(GCRYPT_FIND_QUIETLY TRUE)
+endif (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES)
+
+# Include dir
+find_path(GCRYPT_INCLUDE_DIR
+ NAMES
+ gcrypt.h
+)
+
+# Library
+find_library(GCRYPT_LIBRARY
+ NAMES gcrypt
+)
+
+# handle the QUIETLY and REQUIRED arguments and set GCRYPT_FOUND to TRUE if
+# all listed variables are TRUE
+INCLUDE(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(GCRYPT DEFAULT_MSG GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR)
+
+IF(GCRYPT_FOUND)
+ SET( GCRYPT_LIBRARIES ${GCRYPT_LIBRARY} )
+ELSE(GCRYPT_FOUND)
+ SET( GCRYPT_LIBRARIES )
+ENDIF(GCRYPT_FOUND)
+
+# Lastly make it so that the GCRYPT_LIBRARY and GCRYPT_INCLUDE_DIR variables
+# only show up under the advanced options in the gui cmake applications.
+MARK_AS_ADVANCED( GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.3.0/cmake/Modules/FindGpg_Error.cmake new/tigervnc-1.3.1/cmake/Modules/FindGpg_Error.cmake
--- old/tigervnc-1.3.0/cmake/Modules/FindGpg_Error.cmake 1970-01-01 01:00:00.000000000 +0100
+++ new/tigervnc-1.3.1/cmake/Modules/FindGpg_Error.cmake 2014-03-19 14:22:01.000000000 +0100
@@ -0,0 +1,36 @@
+# - Find gpg-error
+# Find the native GPG_ERROR includes and library
+#
+# GPG_ERROR_FOUND - True if gpg-error found.
+# GPG_ERROR_INCLUDE_DIR - where to find gpg-error.h, etc.
+# GPG_ERROR_LIBRARIES - List of libraries when using gpg-error.
+
+if (GPG_ERROR_INCLUDE_DIR AND GPG_ERROR_LIBRARIES)
+ set(GPG_ERROR_FIND_QUIETLY TRUE)
+endif (GPG_ERROR_INCLUDE_DIR AND GPG_ERROR_LIBRARIES)
+
+# Include dir
+find_path(GPG_ERROR_INCLUDE_DIR
+ NAMES
+ gpg-error.h
+)
+
+# Library
+find_library(GPG_ERROR_LIBRARY
+ NAMES gpg-error
+)
+
+# handle the QUIETLY and REQUIRED arguments and set GPG_ERROR_FOUND to TRUE if
+# all listed variables are TRUE
+INCLUDE(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(GPG_ERROR DEFAULT_MSG GPG_ERROR_LIBRARY GPG_ERROR_INCLUDE_DIR)
+
+IF(GPG_ERROR_FOUND)
+ SET( GPG_ERROR_LIBRARIES ${GPG_ERROR_LIBRARY} )
+ELSE(GPG_ERROR_FOUND)
+ SET( GPG_ERROR_LIBRARIES )
+ENDIF(GPG_ERROR_FOUND)
+
+# Lastly make it so that the GPG_ERROR_LIBRARY and GPG_ERROR_INCLUDE_DIR variables
+# only show up under the advanced options in the gui cmake applications.
+MARK_AS_ADVANCED( GPG_ERROR_LIBRARY GPG_ERROR_INCLUDE_DIR )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.3.0/common/rfb/zrleDecode.h new/tigervnc-1.3.1/common/rfb/zrleDecode.h
--- old/tigervnc-1.3.0/common/rfb/zrleDecode.h 2013-07-01 14:41:59.000000000 +0200
+++ new/tigervnc-1.3.1/common/rfb/zrleDecode.h 2014-03-19 13:06:24.000000000 +0100
@@ -25,9 +25,10 @@
// FILL_RECT - fill a rectangle with a single colour
// IMAGE_RECT - draw a rectangle of pixel data from a buffer
+#include