Hello community,
here is the log from the commit of package LibVNCServer for openSUSE:Factory checked in at 2019-03-01 16:46:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/LibVNCServer (Old)
and /work/SRC/openSUSE:Factory/.LibVNCServer.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "LibVNCServer"
Fri Mar 1 16:46:08 2019 rev:38 rq:679220 version:0.9.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/LibVNCServer/LibVNCServer.changes 2018-05-19 15:41:11.741416853 +0200
+++ /work/SRC/openSUSE:Factory/.LibVNCServer.new.28833/LibVNCServer.changes 2019-03-01 16:46:11.841827019 +0100
@@ -1,0 +2,128 @@
+Wed Feb 20 15:56:14 UTC 2019 - Felix Zhang
+
+- Add BuildRequire libgnutls-devel: Remmina needs it for VNC
+ connections (boo#1123805)
+
+-------------------------------------------------------------------
+Mon Feb 11 09:16:53 UTC 2019 - Petr Gajdos
+
+- use upstream commit, amend cmake-libdir.patch
+
+-------------------------------------------------------------------
+Mon Feb 11 09:13:18 UTC 2019 - Petr Gajdos
+
+- fix cmake build, add cmake-libdir.patch (upstream issue #281)
+
+-------------------------------------------------------------------
+Tue Feb 5 09:59:42 UTC 2019 - Petr Gajdos
+
+- update to version 0.9.12
+ - Overall changes:
+ * CMake now is the default build system, Autotools were removed.
+ * In addition to TravisCI, all commits are now build-tested by AppVeyorCI.
+ - LibVNCServer/LibVNCClient:
+ * Numerous build fixes for Visual Studio compilers to the extent that
+ one can now _build_ the project with these. The needed changes for
+ successfully _running_ stuff will be implemented in 0.9.13.
+ * Fixed building for Android and added build instructions.
+ * Removed the unused PolarSSL wrapper.
+ * Updated the bundled noVNC to latest release 1.0.0.
+ * Allowed to use global LZO library instead of miniLZO.
+ - LibVNCClient:
+ * Support for OpenSSL 1.1.x.
+ * Support for overriding the default rectangle decode handlers (with
+ hardware-accelerated ones for instance) thanks to Balazs Ludmany.
+ * vnc2mpg updated.
+ * Added support for X509 server certificate verification as part of the
+ handshake process thanks to Simon Waterman.
+ * Added a TRLE decoder thanks to Wiki Wang.
+ * Included Tight decoding optimizations from TurboVNC thanks to DRC.
+ * Ported the SDL viewer from SDL 1.2 to SDL 2.0.
+ * Numerous security fixes.
+ * Added support for custom auth handlers in order to support additional
+ security types.
+ - LibVNCServer:
+ * Websockets rework to remove obsolete code thanks to Andreas Weigel.
+ * Ensured compatibility with gtk-vnc 0.7.0+ thanks to Michał Kępień.
+ * The built-in webserver now sends correct MIME type for Javascript.
+ * Numerous memory management issues fixed.
+ * Made the TightVNC-style file transfer more stable.
+- removed patches
+ - LibVNCServer-CVE-2018-20021.patch (upstreamed)
+ - LibVNCServer-CVE-2018-20023.patch (upstreamed)
+ - libvncserver-0.9.10-ossl.patch (not upstreamed)
+ - LibVNCServer-CVE-2018-15127.patch (upstreamed)
+ - LibVNCServer-CVE-2018-6307.patch (upstreamed)
+ - LibVNCServer-CVE-2018-20019.patch (upstreamed)
+ - LibVNCServer-CVE-2018-7225.patch (upstreamed)
+ - LibVNCServer-CVE-2018-20022.patch (upstreamed)
+ - libvncserver-0.9.1-multilib.patch (cmake now)
+ - LibVNCServer-CVE-2018-15126.patch (upstreamed)
+ - LibVNCServer-CVE-2018-20020.patch (upstreamed)
+ - LibVNCServer-CVE-2018-20024.patch (upstreamed)
+- removed by upstream
+ - libvncserver-config
+- security update
+ * CVE-2018-20749 [bsc#1123828]
+ + LibVNCServer-CVE-2018-20749.patch
+
+-------------------------------------------------------------------
+Fri Jan 11 14:10:36 UTC 2019 - adam.majer@suse.de
+
+- Fix devel package dependencies
+
+-------------------------------------------------------------------
+Thu Jan 3 16:33:06 UTC 2019 - Petr Gajdos
+
+- security update
+ * CVE-2018-15126 [bsc#1120114]
+ + LibVNCServer-CVE-2018-15126.patch
+ * CVE-2018-6307 [bsc#1120115]
+ + LibVNCServer-CVE-2018-6307.patch
+ * CVE-2018-20020 [bsc#1120116]
+ + LibVNCServer-CVE-2018-20020.patch
+ * CVE-2018-15127 [bsc#1120117]
+ + LibVNCServer-CVE-2018-15127.patch
+ * CVE-2018-20019 [bsc#1120118]
+ + LibVNCServer-CVE-2018-20019.patch
+ * CVE-2018-20023 [bsc#1120119]
+ + LibVNCServer-CVE-2018-20023.patch
+ * CVE-2018-20022 [bsc#1120120]
+ + LibVNCServer-CVE-2018-20022.patch
+ * CVE-2018-20024 [bsc#1120121]
+ + LibVNCServer-CVE-2018-20024.patch
+ * CVE-2018-20021 [bsc#1120122]
+ + LibVNCServer-CVE-2018-20021.patch
+
+-------------------------------------------------------------------
+Thu Jan 3 15:11:20 UTC 2019 - Petr Gajdos
+
+- Update to version 0.9.11
+ Overall changes:
+ LibVNCServer/LibVNCClient development now uses continous intregration,
+ provided by TravisCI.
+ LibVNCClient:
+ Now initializes libgcrypt before use if the application did not do it.
+ Fixes a crash when connection to Mac hosts
+ (#45).
+ Various fixes that result in more stable handling of malicious or broken
+ servers.
+ Removed broken and unmaintained H264 decoding.
+ Some documentation fixes.
+ Added hooks to WriteToTLS() for optional protection by mutex.
+ LibVNCServer:
+ Stability fixes for the WebSocket implementation.
+ Replaced SHA1 implementation with the one from RFC 6234.
+ The built-in HTTP server does not allow directory traversals anymore.
+ The built-in HTTP now sends correct MIME types for CSS and SVG.
+ Added support for systemd socket activation.
+ Made it possible to get autoPort behavior with either ipv4 or ipv6
+ disabled.
+ Fixed starting of an onHold-client in threaded mode.
+- dropped patches:
+ - libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch (upstreamed)
+ - libvncserver-byteswap.patch (stop maintaining not upstreamed patch)
+- modified patches:
+ % libvncserver-0.9.10-ossl.patch (refreshed)
+
+-------------------------------------------------------------------
Old:
----
LibVNCServer-CVE-2018-7225.patch
libvncserver-0.9.1-multilib.patch
libvncserver-0.9.10-ossl.patch
libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch
libvncserver-LibVNCServer-0.9.10.tar.gz
libvncserver-byteswap.patch
New:
----
LibVNCServer-0.9.12.tar.gz
LibVNCServer-CVE-2018-20749.patch
cmake-libdir.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ LibVNCServer.spec ++++++
--- /var/tmp/diff_new_pack.dlLuY9/_old 2019-03-01 16:46:12.593826734 +0100
+++ /var/tmp/diff_new_pack.dlLuY9/_new 2019-03-01 16:46:12.597826733 +0100
@@ -1,7 +1,7 @@
#
# spec file for package LibVNCServer
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,36 +12,33 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
+%define libnum 1
Name: LibVNCServer
-Version: 0.9.10
+Version: 0.9.12
Release: 0
Summary: VNC Development Library
License: GPL-2.0-or-later
Group: Development/Libraries/X11
Url: https://github.com/LibVNC/libvncserver
# Archive is renamed by github
-#Source0: https://github.com/LibVNC/libvncserver/archive/%{name}-%{version}.tar.gz
-Source0: libvncserver-%{name}-%{version}.tar.gz
+Source0: https://github.com/LibVNC/libvncserver/archive/%{name}-%{version}.tar.gz
Source1: baselibs.conf
-#PATCH-FIX-OPENSUSE: multilib support
-Patch1: libvncserver-0.9.1-multilib.patch
#PATCH-FIX-OPENSUSE: redefine keysyms only if needed
-Patch7: redef-keysym.patch
-#PATCH_FIX-OPENSUSE: Use system fast byteswap routines.
-Patch11: libvncserver-byteswap.patch
-Patch12: libvncserver-%{version}-ossl.patch
-#PATCH-FIX-UPSTREAM: use namespaced rfbMax macro (avoids conflicts with stl_algobase.h), picked from upstream
-Patch13: libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch
-Patch14: LibVNCServer-CVE-2018-7225.patch
+Patch0: redef-keysym.patch
+# https://github.com/LibVNC/libvncserver/issues/281
+Patch1: cmake-libdir.patch
+Patch2: LibVNCServer-CVE-2018-20749.patch
+BuildRequires: cmake
+BuildRequires: gcc-c++
BuildRequires: libavahi-devel
BuildRequires: libgcrypt-devel
+BuildRequires: libgnutls-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
-BuildRequires: libtool
BuildRequires: lzo-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
@@ -60,28 +57,28 @@
real running X11 server) has been split off into its own package on
2007-07-16.
-%package -n libvncclient0
+%package -n libvncclient%{libnum}
Summary: Library implementing a VNC client
Group: System/Libraries
Obsoletes: linuxvnc < %{version}
Conflicts: LibVNCServer < %version
-%description -n libvncclient0
+%description -n libvncclient%{libnum}
LibVNCServer/LibVNCClient are cross-platform C libraries that allow
implementing VNC server or client functionality in your program.
-%package -n libvncserver0
+%package -n libvncserver%{libnum}
Summary: Library implementing a VNC server
Group: System/Libraries
-%description -n libvncserver0
+%description -n libvncserver%{libnum}
LibVNCServer/LibVNCClient are cross-platform C libraries that allow
implementing VNC server or client functionality in your program.
%package devel
Requires: gnutls-devel
-Requires: libvncclient0 = %version
-Requires: libvncserver0 = %version
+Requires: libvncclient%{libnum} = %version
+Requires: libvncserver%{libnum} = %version
Requires: zlib-devel
Summary: VNC Development Library
Group: Development/Libraries/X11
@@ -101,67 +98,46 @@
%prep
%setup -q -n libvncserver-%{name}-%{version}
-%patch1 -p1 -b .multilib
-#%patch2 -p1 -b .system_minilzo
-%patch7 -p1
-# aclocal; autoheader; automake --add-missing --copy; autoconf
-# ./configure --enable-maintainer-mode
-# sh ./autogen.sh
-%patch11
-%patch12
-%patch13 -p1
-%patch14 -p1
+%patch0 -p1
+%patch1 -p1
+#%patch2 -p1
# fix encoding
-for file in AUTHORS ChangeLog ; do
+for file in ChangeLog ; do
mv ${file} ${file}.OLD && \
iconv -f ISO_8859-1 -t UTF8 ${file}.OLD > ${file} && \
touch --reference ${file}.OLD $file
done
-#nuke bundled minilzo
-#rm -f common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
-
-# needed by patch 2 (and to nuke rpath's)
-#autoreconf
-
%build
-CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_REENTRANT" \
-NOCONFIGURE=1 ./autogen.sh
-
-# Plase note that tightvn cause a problem; need to be fix
-%configure --disable-static --with-pic --enable-shared --with-gnu-ld --without-tightvnc-filetransfer
-
+%cmake
make %{?_smp_mflags}
-%{__install} -d -m0755 RPM_BUILD_ROOT%{_datadir}/x11vnc/classes
-
%check
-make check
+make test
%install
-%makeinstall
-%{__rm} -f %{buildroot}%{_libdir}/*.la
-%{__rm} -f %{buildroot}%{_libdir}/*.a
-
-%post -n libvncclient0 -p /sbin/ldconfig
-%postun -n libvncclient0 -p /sbin/ldconfig
-%post -n libvncserver0 -p /sbin/ldconfig
-%postun -n libvncserver0 -p /sbin/ldconfig
+%cmake_install
+
+%post -n libvncclient%{libnum} -p /sbin/ldconfig
+%postun -n libvncclient%{libnum} -p /sbin/ldconfig
+%post -n libvncserver%{libnum} -p /sbin/ldconfig
+%postun -n libvncserver%{libnum} -p /sbin/ldconfig
-%files -n libvncserver0
+%files -n libvncserver%{libnum}
%defattr(-,root,root)
-%doc COPYING README
-%_libdir/libvncserver.so.0*
+%doc COPYING README.md
+%_libdir/libvncserver.so.%{version}
+%_libdir/libvncserver.so.%{libnum}*
-%files -n libvncclient0
+%files -n libvncclient%{libnum}
%defattr(-,root,root)
-%doc COPYING README
-%_libdir/libvncclient.so.0*
+%doc COPYING README.md
+%_libdir/libvncclient.so.%{version}
+%_libdir/libvncclient.so.%{libnum}*
%files devel
%defattr(-,root,root)
-%doc AUTHORS COPYING ChangeLog NEWS README TODO
-%{_bindir}/libvncserver-config
+%doc AUTHORS COPYING ChangeLog NEWS README.md TODO
%{_includedir}/rfb/*
%dir /usr/include/rfb
%{_libdir}/libvncclient.so
++++++ LibVNCServer-CVE-2018-7225.patch -> LibVNCServer-CVE-2018-20749.patch ++++++
--- /work/SRC/openSUSE:Factory/LibVNCServer/LibVNCServer-CVE-2018-7225.patch 2018-05-19 15:41:11.657419926 +0200
+++ /work/SRC/openSUSE:Factory/.LibVNCServer.new.28833/LibVNCServer-CVE-2018-20749.patch 2019-03-01 16:46:11.829827024 +0100
@@ -1,39 +1,29 @@
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 116c4889..4fc4d9d5 100644
+index 6ca511fe..e210a32f 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
-@@ -88,6 +88,8 @@
- #include
- /* strftime() */
- #include
-+/* PRIu32 */
-+#include
+@@ -1461,11 +1461,21 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
+ int n=0;
- #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
- #include "rfbssl.h"
-@@ -2575,7 +2577,23 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
-
- msg.cct.length = Swap32IfLE(msg.cct.length);
-
-- str = (char *)malloc(msg.cct.length);
-+ /* uint32_t input is passed to malloc()'s size_t argument,
-+ * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int
-+ * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int
-+ * argument. Here we impose a limit of 1 MB so that the value fits
-+ * into all of the types to prevent from misinterpretation and thus
-+ * from accessing uninitialized memory (CVE-2018-7225) and also to
-+ * prevent from a denial-of-service by allocating to much memory in
-+ * the server. */
-+ if (msg.cct.length > 1<<20) {
-+ rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
-+ msg.cct.length);
-+ rfbCloseClient(cl);
-+ return;
-+ }
+ FILEXFER_ALLOWED_OR_CLOSE_AND_RETURN("", cl, NULL);
++
+ /*
+- rfbLog("rfbProcessFileTransferReadBuffer(%dlen)\n", length);
++ We later alloc length+1, which might wrap around on 32-bit systems if length equals
++ 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
++ will safely be allocated since this check will never trigger and malloc() can digest length+1
++ without problems as length is a uint32_t.
+ */
++ if(length == SIZE_MAX) {
++ rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
++ rfbCloseClient(cl);
++ return NULL;
++ }
+
-+ /* Allow zero-length client cut text. */
-+ str = (char *)calloc(msg.cct.length ? msg.cct.length : 1, 1);
- if (str == NULL) {
- rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
- rfbCloseClient(cl);
+ if (length>0) {
+- buffer=malloc((uint64_t)length+1);
++ buffer=malloc((size_t)length+1);
+ if (buffer!=NULL) {
+ if ((n = rfbReadExact(cl, (char *)buffer, length)) <= 0) {
+ if (n != 0)
++++++ cmake-libdir.patch ++++++
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 873cc7b5..55f7e650 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -9,6 +9,7 @@ include(CheckTypeSize)
include(TestBigEndian)
include(CheckCSourceCompiles)
include(CheckCSourceRuns)
+include(GNUInstallDirs)
enable_testing()
@@ -666,8 +667,8 @@ get_link_libraries(PRIVATE_LIBS vncclient)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libvncclient.pc.cmakein ${CMAKE_CURRENT_BINARY_DIR}/libvncclient.pc @ONLY)
-install_targets(/lib vncserver)
-install_targets(/lib vncclient)
+install_targets(/${CMAKE_INSTALL_LIBDIR} vncserver)
+install_targets(/${CMAKE_INSTALL_LIBDIR} vncclient)
install_files(/include/rfb FILES
rfb/keysym.h
rfb/rfb.h
@@ -677,7 +678,7 @@ install_files(/include/rfb FILES
rfb/rfbregion.h
)
-install_files(/lib/pkgconfig FILES
+install_files(/${CMAKE_INSTALL_LIBDIR}/pkgconfig FILES
libvncserver.pc
libvncclient.pc
)