Package: tightvnc / 1:1.3.10-3
Metadata
Package | Version | Patches format |
---|---|---|
tightvnc | 1:1.3.10-3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
fix spelling.patch | (download) |
Xvnc/lib/font/Type1/t1funcs.c |
2 1 + 1 - 0 ! |
fix spelling in various files |
20 vncviewer vncviewer.man.patch | (download) |
vncviewer/vncviewer.man |
2 1 + 1 - 0 ! |
vncviewer/vncviewer.man: fix hyphens |
30 ftbfs mips.patch | (download) |
Xvnc/config/cf/linux.cf |
31 30 + 1 - 0 ! |
[patch] xvnc/config/cf/linux.cf: mips changes Organization: Private Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Signed-off-by: Jari Aalto <jari.aalto@cante.net> |
debian changes 1.3.9 6.1.patch | (download) |
Xvnc/config/cf/Imake.cf |
4 2 + 2 - 0 ! |
upstream changes introduced in version 1.3.9-6.1 This patch has been created by dpkg-source during the package build. Here's the last changelog entry, hopefully it gives details on why those changes were made: . tightvnc (1.3.9-6.1) unstable; urgency=low . * Non-maintainer upload. - Update to packaging format "3.0 (quilt)". * debian/compat - Update to 7. * debian/control - (Build-Depends): Update xutils to xutils-dev (important; Closes: #575865). Update to debhelper 7.1. Remove obsolete x-dev. - (Depends): Add ${misc:Depends}. - (Homepage): New field. - (Standards-Version): Update to 3.8.4. - (tightvncserver::Depends): Replace obsolete xbase-clients with x11-utils and xauth. The needed binaries xdpyinfo and xauth are used in Perl program /usr/bin/tightvncserver. * debian/copyright - Point to GPL-2. * debian/patches - (10, 20): Add new patches. - (30): Convert original MIPS patch to apply to current sources. - (tightvnc-ftbfs-mips.patch): Removed. See 30. * debian/*.{postrm,prerm} - Add "set -e". - Fix Lintian maintainer-script-without-set-e. * debian/rules - (CC): Add. Export variable for xmkmf(1). - (DH_COMPAT): Delete; use debian/compat. - (install): Correct tightvncpasswd.1x to tightvncpasswd.1. - (binary-arch): Remove empty directories. * debian/source/format - New file. * debian/watch - New file. * debian/tightvncserver.doc-base - New file. * debian/xtightvncviewer.menu - (section): Update obsolete Apps/Net to Applications/Network/Communication. . The person named in the Author field signed this changelog entry. Bug-Debian: http://bugs.debian.org/575865 |
aarch64.patch | (download) |
Xvnc/config/cf/Imake.cf |
4 4 + 0 - 0 ! |
add aarch64 (arm64) support |
ppc64el.patch | (download) |
Xvnc/config/cf/Imake.cf |
4 4 + 0 - 0 ! |
add ppc64el support |
more arm64 fixes.patch | (download) |
Xvnc/include/Xmd.h |
2 1 + 1 - 0 ! |
|
CVE 2019 15680.patch | (download) |
vncviewer/zlib.c |
5 5 + 0 - 0 ! |
--- |
CVE 2019 15681.patch | (download) |
Xvnc/programs/Xserver/hw/vnc/rfbserver.c |
2 2 + 0 - 0 ! |
[patch] rfbserver: don't leak stack memory to the remote Thanks go to Pavel Cheremushkin of Kaspersky for reporting. [sunweaver] Ported to rfbserver.c in tightvnc |
CVE 2014 6053.patch | (download) |
Xvnc/programs/Xserver/hw/vnc/rfbserver.c |
6 6 + 0 - 0 ! |
[patch] check malloc() return value on client->server clientcuttext message. Client can send up to 2**32-1 bytes of text, and such a large allocation is likely to fail in case of high memory pressure. This would in a server crash (write at address 0). [sunweaver] port libvncserver patch over to tightvnc's vnc server code |
CVE 2018 7225.patch | (download) |
Xvnc/programs/Xserver/hw/vnc/rfbserver.c |
21 20 + 1 - 0 ! |
cve-2018-7225 Bug-Debian: https://bugs.debian.org/894045 |
CVE 2018 20021.patch | (download) |
vncviewer/rfbproto.c |
2 1 + 1 - 0 ! |
cve-2018-20021 CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM |
CVE 2019 8287.patch | (download) |
vncviewer/corre.c |
2 1 + 1 - 0 ! |
cve-2019-8287 (same as CVE-2018-20020/libvncserver) heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution |
CVE 2018 20022.patch | (download) |
vncviewer/rfbproto.c |
2 2 + 0 - 0 ! |
cve-2018-20022 multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR |
CVE 2019 15679.patch | (download) |
vncviewer/rfbproto.c |
10 4 + 6 - 0 ! |
[patch] libvncclient: fail on server-sent desktop name lengths longer than 1MB re #273 |
CVE 2019 15678.patch | (download) |
vncviewer/rfbproto.c |
5 5 + 0 - 0 ! |
[patch] libvncclient: ignore server-sent cut text longer than 1mb This is in line with how LibVNCServer does it (28afb6c537dc82ba04d5f245b15ca7205c6dbb9c) and fixes part of #273. [sunweaver] Port to tightvnc. |
CVE 2019 15678 addon.patch | (download) |
vncviewer/rfbproto.c |
4 4 + 0 - 0 ! |
[patch] libvncclient: ignore server-sent reason strings longer than 1MB Fixes #273 [sunweaver] Extract these few lines from the above referenced patch and port to tightvnc. This patch was part of the fix series for CVE-2018-20748/libvncserver |
fix deprecated_BSD+SVID option.patch | (download) |
Xvnc/config/cf/linux.cf |
4 2 + 2 - 0 ! |
replace _bsd_source and _svid_source by _default_source Warnings say "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE". |
ftbfs gcc 10.patch | (download) |
Xvnc/programs/Xserver/cfb/cfballpriv.c |
4 2 + 2 - 0 ! |
ensure tightvnc builds with gcc-10 Apply the measure suggested on https://gcc.gnu.org/gcc-10/porting_to.html. For further documentation refer to https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html. Bug-Debian: https://bugs.debian.org/957878 |
no stipple.patch | (download) |
Xvnc/programs/Xserver/cfb/Imakefile |
22 0 + 22 - 0 ! |
don't use assembler code PIE versus stipmips.s results in a FTBFS. . stipmips.s is assembler code from 1990, such assembler optimizations are no longer necessary. |
ftbfs with binutils 236.patch | (download) |
Xvnc/config/cf/Imake.tmpl |
6 3 + 3 - 0 ! |
fix ftbfs with binutils version >= 2.36 Thanks to Matthias Klose <doko@debian.org> for pointing this out. |
space chars in home dir name.patch | (download) |
vncserver |
50 32 + 18 - 0 ! |
allow for space characters in the home directory name This patch makes sure $HOME is properly quoted so that unusual characters like spaces, apostrophes etc. do not cause unwanted effects up to the failure to start the VNC server. |