Hello community, here is the log from the commit of package vino for openSUSE:Leap:15.2 checked in at 2020-03-06 12:37:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/vino (Old) and /work/SRC/openSUSE:Leap:15.2/.vino.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vino" Fri Mar 6 12:37:36 2020 rev:13 rq:779621 version:3.22.0 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/vino/vino.changes 2020-01-15 16:28:07.552743391 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.vino.new.26092/vino.changes 2020-03-06 12:37:48.846630891 +0100 @@ -1,0 +2,11 @@ +Sat Jan 25 14:20:51 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org> + +- No longer recommend -lang: supplements are in use + +------------------------------------------------------------------- +Tue Nov 12 21:38:10 UTC 2019 - Michael Gorse <mgo...@suse.com> + +- Add vino-CVE-2019-15681.patch: fix uninitialized memory read in + LibVNCServer (boo#1155419 CVE-2019-15681). + +------------------------------------------------------------------- @@ -5,0 +17,30 @@ + +------------------------------------------------------------------- +Fri Jan 4 01:12:14 UTC 2019 - bjorn....@gmail.com + +- Phase out telepathy support in GNOME, mask + pkgconfig(telepathy-glib) BuildRequires, and pass + --without-telepathy to configure. + +------------------------------------------------------------------- +Mon Jul 9 08:34:28 UTC 2018 - bjorn....@gmail.com + +- Drop NetworkManager-devel BuildRequires and stop passing + with-network-manager: No longer needed, nor recognized. +- Stop passing with-libnotify and with-gnome-keyring to configure, + no longer recognized. +- Modernize spec, use autosetup and make_build macros. +- Drop glib2_gsettings_schema_requires macro and stop post(un) + handling of glib2_gsettings_schema_post(un), no longer needed. +- Drop update-desktop-files BuildRequires and no longer use + suse_update_desktop_file macro, no longer needed. +- Replace telepathy-glib-devel with pkgconfig(telepathy-glib) + BuildRequires. +- Add explicit pkgconfig(dbus-glib-1), pkgconfig(gio-unix-2.0), + pkgconfig(glib-2.0) and pkgconfig(gtk+-x11-3.0) BuildRequires: + align with what configure checks for. + +------------------------------------------------------------------- +Mon Feb 26 11:35:30 UTC 2018 - dims...@opensuse.org + +- Use SPDX3.0 license tags and package COPYING as %license. New: ---- vino-CVE-2019-15681.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vino.spec ++++++ --- /var/tmp/diff_new_pack.2MnYya/_old 2020-03-06 12:37:50.206631718 +0100 +++ /var/tmp/diff_new_pack.2MnYya/_new 2020-03-06 12:37:50.226631730 +0100 @@ -1,7 +1,7 @@ # # spec file for package vino # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,83 +20,75 @@ Version: 3.22.0 Release: 0 Summary: GNOME VNC Server -License: GPL-2.0+ +License: GPL-2.0-or-later Group: Productivity/Networking/Other -Url: http://www.gnome.org -Source: http://download.gnome.org/sources/vino/3.22/%{name}-%{version}.tar.xz +URL: http://www.gnome.org +Source0: https://download.gnome.org/sources/vino/3.22/%{name}-%{version}.tar.xz # PATCH-FIX-UPSTREAM vino-error-on-wayland.patch boo#1122549 mgo...@suse.com -- have vino-server print an error if wayland is detected, rather than segfaulting. Patch0: vino-error-on-wayland.patch -BuildRequires: NetworkManager-devel +# PATCH-FIX-UPSTREAM vino-CVE-2019-15681.patch boo#1155419 mgo...@suse.com -- fix uninitialized memory read in LibVNCServer. +Patch1: vino-CVE-2019-15681.patch + BuildRequires: fdupes BuildRequires: intltool >= 0.50.0 BuildRequires: libavahi-glib-devel BuildRequires: libgcrypt-devel BuildRequires: libjpeg-devel -BuildRequires: telepathy-glib-devel >= 0.18.0 +BuildRequires: pkgconfig BuildRequires: translation-update-upstream -BuildRequires: update-desktop-files +BuildRequires: pkgconfig(dbus-glib-1) +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(glib-2.0) >= 2.32.0 BuildRequires: pkgconfig(gnutls) >= 2.2.0 BuildRequires: pkgconfig(gtk+-3.0) +BuildRequires: pkgconfig(gtk+-x11-3.0) >= 3.0.0 BuildRequires: pkgconfig(ice) BuildRequires: pkgconfig(libnotify) >= 0.7.0 BuildRequires: pkgconfig(libsecret-1) BuildRequires: pkgconfig(sm) BuildRequires: pkgconfig(systemd) +# Disable telepathy support and pass --without-telepathy to configure +#BuildRequires: pkgconfig(telepathy-glib) >= 0.18.0 BuildRequires: pkgconfig(xtst) -Recommends: %{name}-lang -BuildRoot: %{_tmppath}/%{name}-%{version}-build -%glib2_gsettings_schema_requires %description A VNC Server for GNOME %lang_package + %prep -%setup -q -%patch0 -p1 +%autosetup -p1 translation-update-upstream %build -%configure\ +%configure \ --libexecdir=%{_libexecdir}/vino \ --enable-ipv6 \ - --with-telepathy \ - --with-libnotify \ - --with-network-manager \ - --with-gnome-keyring \ + --without-telepathy \ --with-gnutls \ --with-gcrypt \ --with-avahi \ --with-zlib \ - --with-jpeg -make %{?_smp_mflags} + --with-jpeg \ + %{nil} +%make_build %install %make_install -%suse_update_desktop_file vino-server %find_lang %{name} %{?no_lang_C} %fdupes %{buildroot} -%clean -rm -rf %{buildroot} - -%post -%glib2_gsettings_schema_post - -%postun -%glib2_gsettings_schema_postun - %files -%defattr(-,root,root) -%doc AUTHORS COPYING ChangeLog NEWS README -%defattr (-, root, root) +%license COPYING +%doc AUTHORS ChangeLog NEWS README %{_datadir}/applications/vino-server.desktop %{_datadir}/dbus-1/services/org.freedesktop.Telepathy.Client.Vino.service %{_datadir}/glib-2.0/schemas/org.gnome.Vino.enums.xml %{_datadir}/glib-2.0/schemas/org.gnome.Vino.gschema.xml -%dir %{_datadir}/telepathy/ -%dir %{_datadir}/telepathy/clients/ -%{_datadir}/telepathy/clients/Vino.client +# Disable telepathy support +#%%dir %%{_datadir}/telepathy/ +#%%dir %%{_datadir}/telepathy/clients/ +#%%{_datadir}/telepathy/clients/Vino.client %{_libexecdir}/vino %{_userunitdir}/vino-server.service ++++++ vino-CVE-2019-15681.patch ++++++ diff -urp vino-3.22.0.orig/server/libvncserver/rfbserver.c vino-3.22.0/server/libvncserver/rfbserver.c --- vino-3.22.0.orig/server/libvncserver/rfbserver.c 2015-08-28 11:00:50.000000000 -0500 +++ vino-3.22.0/server/libvncserver/rfbserver.c 2019-11-12 14:48:04.702135937 -0600 @@ -1534,6 +1534,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rf rfbServerCutTextMsg sct; rfbClientIteratorPtr iterator; + memset((char *)&sct, 0, sizeof(sct)); + iterator = rfbGetClientIterator(rfbScreen); while ((cl = rfbClientIteratorNext(iterator)) != NULL) { /* Client is not authenticated, ignore. See GNOME bug 678434. */