Hello community, here is the log from the commit of package tigervnc for openSUSE:Factory checked in at 2017-01-27 10:45:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tigervnc (Old) and /work/SRC/openSUSE:Factory/.tigervnc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tigervnc" Changes: -------- --- /work/SRC/openSUSE:Factory/tigervnc/tigervnc.changes 2016-12-06 14:23:15.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.tigervnc.new/tigervnc.changes 2017-02-03 20:03:35.323187935 +0100 @@ -1,0 +2,9 @@ +Wed Jan 25 14:52:21 UTC 2017 - [email protected] + +- Update to tigervnc 1.7.1. + * This is a security update for TigerVNC 1.7.0 which fixes a + memory overflow issue via the RRE decoder. A malicious server + could possibly use this issue to take control of the TigerVNC + viewer. + +------------------------------------------------------------------- Old: ---- v1.7.0.tar.gz New: ---- v1.7.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tigervnc.spec ++++++ --- /var/tmp/diff_new_pack.AEOIu8/_old 2017-02-03 20:03:37.546874939 +0100 +++ /var/tmp/diff_new_pack.AEOIu8/_new 2017-02-03 20:03:37.550874377 +0100 @@ -1,7 +1,7 @@ # # spec file for package tigervnc # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %define tlscert %{_sysconfdir}/vnc/tls.cert Name: tigervnc -Version: 1.7.0 +Version: 1.7.1 Release: 0 Provides: tightvnc = 1.3.9 Obsoletes: tightvnc < 1.3.9 ++++++ v1.7.0.tar.gz -> v1.7.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.7.0/CMakeLists.txt new/tigervnc-1.7.1/CMakeLists.txt --- old/tigervnc-1.7.0/CMakeLists.txt 2016-09-08 12:31:18.000000000 +0200 +++ new/tigervnc-1.7.1/CMakeLists.txt 2017-01-18 13:39:28.000000000 +0100 @@ -21,10 +21,10 @@ include(CMakeMacroLibtoolFile) project(tigervnc) -set(VERSION 1.7.0) +set(VERSION 1.7.1) # The RC version must always be four comma-separated numbers -set(RCVERSION 1,7,0,0) +set(RCVERSION 1,7,1,0) # Installation paths set(BIN_DIR "${CMAKE_INSTALL_PREFIX}/bin") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.7.0/common/rfb/PixelBuffer.cxx new/tigervnc-1.7.1/common/rfb/PixelBuffer.cxx --- old/tigervnc-1.7.0/common/rfb/PixelBuffer.cxx 2016-09-08 12:31:18.000000000 +0200 +++ new/tigervnc-1.7.1/common/rfb/PixelBuffer.cxx 2017-01-18 13:39:28.000000000 +0100 @@ -101,15 +101,26 @@ int stride; U8 *buf; int w, h, b; + Rect drect; - w = r.width(); - h = r.height(); + drect = r; + if (!drect.enclosed_by(getRect())) { + vlog.error("Destination rect %dx%d at %d,%d exceeds framebuffer %dx%d", + drect.width(), drect.height(), drect.tl.x, drect.tl.y, width_, height_); + drect = drect.intersect(getRect()); + } + + if (drect.is_empty()) + return; + + w = drect.width(); + h = drect.height(); b = format.bpp/8; if (h == 0) return; - buf = getBufferRW(r, &stride); + buf = getBufferRW(drect, &stride); if (b == 1) { while (h--) { @@ -136,7 +147,7 @@ } } - commitBufferRW(r); + commitBufferRW(drect); } void ModifiablePixelBuffer::imageRect(const Rect& r, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.7.0/java/CMakeLists.txt new/tigervnc-1.7.1/java/CMakeLists.txt --- old/tigervnc-1.7.0/java/CMakeLists.txt 2016-09-08 12:31:18.000000000 +0200 +++ new/tigervnc-1.7.1/java/CMakeLists.txt 2017-01-18 13:39:28.000000000 +0100 @@ -2,7 +2,7 @@ project(tigervnc-java Java) if(NOT VERSION) - set(VERSION 1.7.0) + set(VERSION 1.7.1) endif() find_package(Java) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tigervnc-1.7.0/unix/xserver/hw/vnc/xvnc.c new/tigervnc-1.7.1/unix/xserver/hw/vnc/xvnc.c --- old/tigervnc-1.7.0/unix/xserver/hw/vnc/xvnc.c 2016-09-08 12:31:18.000000000 +0200 +++ new/tigervnc-1.7.1/unix/xserver/hw/vnc/xvnc.c 2017-01-18 13:39:28.000000000 +0100 @@ -85,7 +85,7 @@ #include "version-config.h" #include "site.h" -#define XVNCVERSION "TigerVNC 1.7.0" +#define XVNCVERSION "TigerVNC 1.7.1" #define XVNCCOPYRIGHT ("Copyright (C) 1999-2016 TigerVNC Team and many others (see README.txt)\n" \ "See http://www.tigervnc.org for information on TigerVNC.\n")
