LibVNCServer-0.9.13
bk138
released this
13 Jun 19:19
·
217 commits
to master
since this release
0.9.13 truly is a cross-platform release, the best we've ever done in that respect: Out of the 49 issues closed with this release, 20 alone were related to MS Windows. The result is that 0.9.13 is the first release with full support for Microsoft Windows! The cross-platform focused work did not end there tough: MacOS support was brought up from barebones to a fully working production-grade VNC server application. Other highlights are improvements regarding TLS in LibVNCClient, SetDesktopSize support in LibVNCServer and a major cleanup of the project's documentation. Last but not least, 0.9.13 comes with the usual assortment of bugfixes and security improvements.
Overall changes:
- Small tweaks to the CMake build system.
- The macOS server example was overhauled and is now the most feature-complete sample
application of the project, ready for real-world use. - Lots of documentation updates and markdownifying.
- The TravisCI continuous integration now also build-checks cross-compilation from
Linux to Windows. - Setup a Gitter community chat for the project.
LibVNCServer/LibVNCClient:
- Both LibVNCServer and LibVNCClient now support an additional platform, namely
Microsoft Windows. Building is supported with Visual Studio as well as MingGW. - The separate crypto routines used by LibVNCClient and LibVNCServer were refactored
into an implementation common to both libraries. - Several security issues got fixed, namely:
- CVE-2018-21247: When connecting to a repeater, only send initialised string
- CVE-2019-20839: libvncclient: bail out if unix socket name would overflow
- CVE-2019-20840: fix crash because of unaligned accesses in hybiReadAndDecode()
- CVE-2020-14396: libvncclient/tls_openssl: do not deref a NULL pointer
- CVE-2020-14397: libvncserver: add missing NULL pointer checks
- CVE-2020-14398: libvncclient: handle half-open TCP connections
- CVE-2020-14399: libvncclient: fix pointer aliasing/alignment issue
- CVE-2020-14400: libvncserver: fix pointer aliasing/alignment issue
- CVE-2020-14401: libvncserver: scale: cast to 64 bit before shifting
- CVE-2020-14402: libvncserver: encodings: prevent OOB accesses
- CVE-2020-14403: encodings: prevent OOB accesses
- CVE-2020-14404: libvncserver: encodings: prevent OOB accesses
- CVE-2020-14405: libvncclient/rfbproto: limit max textchat size
- The bundled noVNC client is now at version 1.1.0 and included via a git submodule.
LibVNCClient:
- Added connect timeout as well as read timeout support thanks to Tobias Junghans.
- Both TLS backends now do proper locking of network operations when multi-threaded
thanks to Gaurav Ujjwal. - Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC.
- Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end.
Made possible by the profound research done by Gaurav Ujjwal.
LibVNCServer:
- Added a hooking function (
clientFramebufferUpdateRequestHook
) to deliver
rfbFramebufferUpdateRequest messages from clients to the frame producer
thanks to Jae Hyun Yoo. - Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos.
- Added multi-threading support for MS Windows.
- Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
- Fixed unstable WebSockets connections thanks to Sebastian Kranz.