Hello community, here is the log from the commit of package tigervnc for openSUSE:Factory checked in at 2020-01-07 23:51:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tigervnc (Old) and /work/SRC/openSUSE:Factory/.tigervnc.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tigervnc" Tue Jan 7 23:51:14 2020 rev:61 rq:760855 version:1.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tigervnc/tigervnc.changes 2019-10-09 15:18:26.320655797 +0200 +++ /work/SRC/openSUSE:Factory/.tigervnc.new.6675/tigervnc.changes 2020-01-07 23:51:28.883973005 +0100 @@ -1,0 +2,21 @@ +Tue Dec 31 09:53:30 UTC 2019 - Loic Devulder <[email protected]> + +- Add tigervnc-fix-saving-of-bad-server-certs.patch + * fix saving of bad server certificates (boo#1159948) + +------------------------------------------------------------------- +Tue Dec 3 10:32:36 UTC 2019 - Marius Kittler <[email protected]> + +- tigervnc-1.10.0 + * The clipboard now supports full Unicode in the native viewer, WinVNC and Xvnc/libvnc.so + * The native client will now respect the system trust store when verifying server certificates + * Improved compatibility with VMware's VNC server + * Improved compatibility with some input methods on macOS + * Improvements to the automatic "repair" of JPEG artefacts + * Better handling of the Alt keys in some corner cases + * The Java web server has been removed as applets are no longer support by most browsers + * x0vncserver can now be configured to only allow local connections + * x0vncserver has received fixes for when only part of the display is shared + * Polling is now default in WinVNC as that works better for most + +------------------------------------------------------------------- Old: ---- tigervnc-1.9.0-201-e71a426.tar.gz New: ---- tigervnc-1.10.0.tar.gz tigervnc-fix-saving-of-bad-server-certs.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tigervnc.spec ++++++ --- /var/tmp/diff_new_pack.2Iki6g/_old 2020-01-07 23:51:29.471973310 +0100 +++ /var/tmp/diff_new_pack.2Iki6g/_new 2020-01-07 23:51:29.475973312 +0100 @@ -1,7 +1,7 @@ # # spec file for package tigervnc # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,7 +31,7 @@ %endif Name: tigervnc -Version: 1.9.0 +Version: 1.10.0 Release: 0 Provides: tightvnc = 1.3.9 Obsoletes: tightvnc < 1.3.9 @@ -105,13 +105,13 @@ Requires(post): update-alternatives Requires(postun): update-alternatives %endif -Url: http://tigervnc.org/ +URL: http://tigervnc.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: An implementation of VNC #Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz License: GPL-2.0-only AND MIT Group: System/X11/Servers/XF86_4 -Source1: tigervnc-1.9.0-201-e71a426.tar.gz +Source1: tigervnc-%{version}.tar.gz Source4: 10-libvnc.conf Source5: vnc-server.susefirewall Source6: vnc-httpd.susefirewall @@ -140,6 +140,7 @@ Patch9: u_change-button-layout-in-ServerDialog.patch Patch10: n_correct_path_in_desktop_file.patch Patch11: U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch +Patch12: tigervnc-fix-saving-of-bad-server-certs.patch %description TigerVNC is an implementation of VNC (Virtual Network Computing), a @@ -244,7 +245,7 @@ It maps common x11vnc arguments to x0vncserver arguments. %prep -%setup -T -b1 -q -n tigervnc +%setup -T -b1 -q -n tigervnc-%{version} cp -r /usr/src/xserver/* unix/xserver/ %patch1 -p1 @@ -258,6 +259,7 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 pushd unix/xserver patch -p1 < ../xserver120.patch ++++++ tigervnc-1.9.0-201-e71a426.tar.gz -> tigervnc-1.10.0.tar.gz ++++++ ++++ 5133 lines of diff (skipped) ++++++ tigervnc-fix-saving-of-bad-server-certs.patch ++++++ >From dbad687182ae9093efaf096a069eeafc18b22973 Mon Sep 17 00:00:00 2001 From: Pierre Ossman <[email protected]> Date: Mon, 30 Dec 2019 10:24:11 +0100 Subject: [PATCH 1/2] Fix saving of bad server certificates This check is completely backwards and it is currently unknown how this ever worked. --- common/rfb/CSecurityTLS.cxx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index aa1910909..c1a00212a 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -416,8 +416,9 @@ void CSecurityTLS::checkSession() delete [] certinfo; if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size) - == GNUTLS_E_SHORT_MEMORY_BUFFER) - throw AuthFailureException("Out of memory"); + != GNUTLS_E_SHORT_MEMORY_BUFFER) + throw AuthFailureException("certificate issuer unknown, and certificate " + "export failed"); // Save cert out_buf = new char[out_size]; >From 6208f47dcbf68ff1e751b0b526bb643f0da867a6 Mon Sep 17 00:00:00 2001 From: Pierre Ossman <[email protected]> Date: Mon, 30 Dec 2019 10:26:12 +0100 Subject: [PATCH 2/2] Remove unneeded memory checks new throws an exception on allocation errors rather than return NULL. --- common/rfb/CSecurityTLS.cxx | 4 ---- 1 file changed, 4 deletions(-) diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index c1a00212a..5c303a37c 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -396,8 +396,6 @@ void CSecurityTLS::checkSession() vlog.debug("%s", info.data); certinfo = new char[len]; - if (certinfo == NULL) - throw AuthFailureException("Out of memory"); snprintf(certinfo, len, "This certificate has been signed by an unknown " "authority:\n\n%s\n\nDo you want to save it and " @@ -422,8 +420,6 @@ void CSecurityTLS::checkSession() // Save cert out_buf = new char[out_size]; - if (out_buf == NULL) - throw AuthFailureException("Out of memory"); if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0) throw AuthFailureException("certificate issuer unknown, and certificate "
