Hello community, here is the log from the commit of package LibVNCServer for openSUSE:Factory checked in at 2019-11-08 15:21:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/LibVNCServer (Old) and /work/SRC/openSUSE:Factory/.LibVNCServer.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "LibVNCServer" Fri Nov 8 15:21:50 2019 rev:39 rq:745157 version:0.9.12 Changes: -------- --- /work/SRC/openSUSE:Factory/LibVNCServer/LibVNCServer.changes 2019-03-01 16:46:11.841827019 +0100 +++ /work/SRC/openSUSE:Factory/.LibVNCServer.new.2990/LibVNCServer.changes 2019-11-08 15:21:53.830751767 +0100 @@ -1,0 +2,13 @@ +Mon Nov 4 11:29:21 UTC 2019 - pgaj...@suse.com + +- turn the test suite on + +------------------------------------------------------------------- +Mon Nov 4 10:26:34 UTC 2019 - pgaj...@suse.com + +- security update +- added patches + CVE-2019-15681 [bsc#1155419] + + LibVNCServer-CVE-2019-15681.patch + +------------------------------------------------------------------- New: ---- LibVNCServer-CVE-2019-15681.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ LibVNCServer.spec ++++++ --- /var/tmp/diff_new_pack.veb01Q/_old 2019-11-08 15:21:55.266753286 +0100 +++ /var/tmp/diff_new_pack.veb01Q/_new 2019-11-08 15:21:55.270753290 +0100 @@ -32,6 +32,8 @@ # https://github.com/LibVNC/libvncserver/issues/281 Patch1: cmake-libdir.patch Patch2: LibVNCServer-CVE-2018-20749.patch +# CVE-2019-15681 [bsc#1155419] +Patch3: LibVNCServer-CVE-2019-15681.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libavahi-devel @@ -100,6 +102,7 @@ %setup -q -n libvncserver-%{name}-%{version} %patch0 -p1 %patch1 -p1 +%patch3 -p1 #%patch2 -p1 # fix encoding for file in ChangeLog ; do @@ -113,6 +116,8 @@ make %{?_smp_mflags} %check +pushd build +export LD_LIBRARY_PATH="$(pwd)" make test %install ++++++ LibVNCServer-CVE-2019-15681.patch ++++++ diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c index 3bacc891..310e5487 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c @@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) rfbServerCutTextMsg sct; rfbClientIteratorPtr iterator; + memset((char *)&sct, 0, sizeof(sct)); + iterator = rfbGetClientIterator(rfbScreen); while ((cl = rfbClientIteratorNext(iterator)) != NULL) { sct.type = rfbServerCutText;