Debian Patches
Status for tigervnc/1.15.0+dfsg-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-x0vncserver-build-make-missing-libraries-fatal-errors.patch | Ensure that missing optional libraries for the build of x0vncserver are now fatal build errors. =================================================================== |
Joachim Falk <joachim.falk@gmx.de> | not-needed | |||
| 0020-buildtime-from-debian-changelog.patch | Enable reproducible builds by deriving the build time from the Debian changelog. =================================================================== |
Joachim Falk <joachim.falk@gmx.de> | not-needed | |||
| 0030-fix-inetd-mode.patch | Fix inetd mode of Xtigervnc Upstream commit 5cd38b66896c00fd56e9c54eead430d02011c38f "Print Xvnc banner before all the usage options" changes Xtigervnc to print a banner even with -inetd option, rendering it useless for inetd usage. Xtigervnc will output to stdout . . Xvnc TigerVNC 1.15.0 - built 2025-04-18 09:01 . Copyright (C) 1999-2025 TigerVNC team and many others (see README.rst) . See https://www.tigervnc.org for information on TigerVNC. . Underlying X server release 12101016 . . RFB 003.008 . giving a protocol error for VNC clients. Reverting the upstream commit makes it usable again. The following patch is not a complete revert but rather fewer changes. =================================================================== |
Stephan Springl <springl-tigervnc@bfw-online.de> | no | |||
| 0175-xtigervncviewer-WM_CLASS.patch | Update WM_CLASS to correspond to the one given in the xtigervncviewer.desktop file =================================================================== |
Joachim Falk | no | |||
| 0205-defined-CMAKE_INSTALL_FULL_BINDIR.patch | Added missing CMAKE_INSTALL_FULL_BINDIR define =================================================================== |
Joachim Falk <joachim.falk@gmx.de> | no | |||
| 0210-use-tigervncsession-name.patch | We install all scripts and programs of TigerVNC with a tiger prefix. Hence, we have to adapt some programs to take this into account. =================================================================== |
Joachim Falk <joachim.falk@gmx.de> | not-needed | |||
| 0230-cache-PasswordFile.patch | Cache the VNC PasswordFile. In case the home directory becomes inaccessible, e.g., due to an expired Kerberos ticket, the VNC server still needs the content of the VNC password file. Otherwise, it is no longer possible to log in using the security types VncAuth or X509Vnc. =================================================================== |
Joachim Falk <joachim.falk@gmx.de> | no | |||
| rh/0904-Added-RH-patch-tigervnc11-rh588342.patch-which-fixes.patch | [PATCH 4/7] Added RH patch tigervnc11-rh588342.patch which fixes EQ overflowing bug. Xvnc could become unresponsive and the following error message was shown in the log: "[mi] EQ overflowing. The server is probably stuck in an infinite loop.". This was caused by a large number of user input events in the Xvnc event queue, which were being processed too slowly. With this update, this issue no longer occurs and the system works as expected. (BZ#588342) |
Joachim Falk <joachim.falk@gmx.de> | no | 2011-10-13 | ||
| CVE-2014-8240-849479.patch | Fix integer overflow in TigerVNC that allowed remote VNC servers to cause a denial of service (crash). Fix integer overflow in TigerVNC that allowed remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggered a heap-based buffer overflow, a similar issue to CVE-2014-6051. . This issue is CVE-2014-8240. . This patch has been forwarded to upstream, but applying the patch has been rejected by upstream (see https://github.com/TigerVNC/tigervnc/issues/993). . The rationale was given by CendioOssman on Apr 16, 2020, as follows: . I'm not sure CVE-2014-8240 is a problem in practice with the current (1.10.1) TigerVNC. Do you know if there is a proof of concept exploit? It shouldn't affect 64-bit systems, as size_t will be large enough to handle any overflows. And we got a bunch of checks in 1.10.1 that prevent large image buffers like this. So, it will abort before it starts using any invalid buffer like this anyway. . However, Debian still has 32-bit architecture support, and I (Joachim Falk) could not find the mentioned redundant checks on the code path at first glance. Hence, for now, let's still carry this patch. =================================================================== |
Tim Waugh | not-needed |
All known versions for source package 'tigervnc'
- 1.15.0+dfsg-2 (trixie, sid, forky)
- 1.12.0+dfsg-8 (bookworm)