Releases: any1/neatvnc
Releases · any1/neatvnc
v0.9.4
The last release leaked client resources and would keep capturing after all clients closed their connection. This release fixes that and a double-free on exit.
Andri Yngvason (5):
Fix deferred close
cursor: Don't unref buffer on mapping failure
enc: tight: Zero fb after unref
server: Zero cursor buffer on unref
Release v0.9.4
v0.9.3
This is a bugfix release.
Attila Fidan reported and fixed some instances of use-after-free that can be reached before authentication takes place. Those should be viewed as potential vulnerabilities, so it would be prudent to upgrade ASAP if you're running Neat VNC on the internet.
Jeroen Hofstee reported and fixed a few issues with WebSockets. One of those bugs will allow an unauthenticated client to put the server into an endless loop when parsing HTTP headers. There were also problems with ping message handling and the way some legacy clients/browsers were being dealt with that he fixed.
Andri Yngvason (9):
enc: tight: Fix chroma subsampling criteria
server: Add missing bounds check for keycode lookup
stream: Add reference count
stream: Hold reference while calling back
Remove VNC_CLIENT_STATE_ERROR
auth: Return -1 on handshake failure
server: Clean up deferred close idle handler
server: Give up reading when stream is closed
Release v0.9.3
Attila Fidan (6):
server: Don't try processing a big provide msg that isn't text
server: Free provide_msg_buf on compressed buf OOM
stream: Unref payload after failing to create req
server: Fix off by one error in crlf_to_lf
server: Write empty IP string for unhandled sa_family
Fix use after frees of client after client close
Jeroen Hofstee (3):
stream: ws: unmask the payload of a ping
stream: ws: fix parsing headers with a space
stream: ws: change the Sec-WebSocket-Protocol to binary
v0.9.2
This patch release adds missing bounds checks.
Two buffer overflow vulnerabilities were reported by Frederik Reiter who also provided patches to fix them.
There are potential security implications, but only authenticated clients would be able to exploit these vulnerabilities, if at all. Nevertheless, it is prudent to update as soon as possible.
Andri Yngvason (3):
server: Clamp damage to fb size
server: Turn read buffer bounds assert into panic
Release v0.9.2
Frederik Reiter (3):
Fix integer underflow in encodings_to_string_list
Add size validation to on_client_set_desktop_size_event
Add size validation to on_client_set_encodings
v0.9.1
v0.9.0
Highlights
- A v4l2m2m based H.264 encoder that works on Raspberry Pi 1 to 4,
sponsored by Raspberry Pi Ltd. - Extended clipboard for UTF-8 text was implemented by Attila Fidan.
- Listening on a pre-bound file descriptor, implemented by Attila Fidan.
- The continuous updates extension was implemented by Philipp Zabel.
- We now have simple bandwidth estimation and improved frame pacing.
- Methods for rating pixel formats and modifiers have according to Neat VNC's
preferences have been added. - The Qemu/VMWare LED state extensions have been implemented.
- H.264 encoders will now encode the correct colour space into the elementary
stream.
Bug fixes
- Some memory leaks and reference counting errors have been eradicated.
- A race between resizing events and framebuffer updates that would cause a
buffer with the previous size to be sent after a resize event has been fixed. - Buffers with 24 bits per pixel will now result in 32 bpp being reported to
the client because 24 bpp is not allowed by the protocol. Nvidia users should
now be able to use a wider selection of clients as a result of this change.
Breaking changes
There are no breaking changes this release.
Shortlog
Alfred Wingate (1):
server: Remove undeclared variable from tracing macro
Andri Yngvason (72):
meson: Bump minor version to 0.9
Rename h264-encoder.c -> h264-encoder-ffmpeg-impl.c
Create abstract h264 encoder interface
Implement v4l2m2m h264 encoder
h264-v4l2m2m: Update copyright
FUNDING.yml: Add github sponsors
Implement qemu/vmware LED state
Split up crypto code
stream-tcp: Remove unused function prototype
Move stream implementations into directory
Move websocket code into stream/ws
Move encoders into src/enc
Move stream headers into own directory
Move encoder headers into own directory
crypto: Add copyright notices
Extract rsa-aes out of server.c
Extract apple-dh out of server.c
Extract vencrypt out of server.c
Lose Lena
test-images: Add madrill.png to replace Lena
Add sanity check for chosen security type
Check if h264 encoder exists before using it
resampler: Use PIXMAN_OP_SRC instead of PIXMAN_OP_OVER
enc: raw: Keep reference to encoder in worker
enc: h264: ffmpeg: Specify sRGB colorspace
enc: h264: ffmpeg: Convert to BT.709
enc: h264: encoder: Make destroy idempotent
Move continuous update check out of switch-cases
enc: h264: v4l2m2m: Free self on failure
stream: tcp: Don't flush recursively
stream: gnutls: Don't flush recursively
Revert "stream: gnutls: Don't flush recursively"
enc: Add fb hold for raw, tight and zrle
server: Don't hold ref client in encoder
enc: h264: ffmpeg: Remove redundant vec_destroy
fb: Make unref & release idempotent
server: Don't hold onto buffer in client
Don't reference count client objects
server: Wait for encoder to finish on nvnc_close
Implement fence messages
Estimate min_rtt during initial handshake
Create a bandwidth estimator
Drop frames when client falls too far behind
server: Estimate client's bandwidth
Limit rate based on in-flight data and bandwidth estimate
server: Don't set SO_SNDBUF
enc: h264: ffmpeg: Fix comment
enc: h264: ffmpeg: Set color space on buffersrc
enc: h264: ffmpeg: Remove sample_aspect_ratio from struct
enc: h264: ffmpeg: Use sanctioned method for getting hw_frames_ctx
enc: zrle: Make room for palette
enc: zrle: Discard oversized packed tiles
enc: h264: ffmpeg: Add version ifdefs for buffersrc params
server: Return request-forwarded from resize request
Wrap encoder results into single object
Attach resize events to outgoing video frames
Send ping instead of dummy fence when client connects
enc: Remove n_rects from encoder struct
server: Use correct op for cont'd damage check
server: Extract client damage check into function
Add methods to rate pixel formats
Derive depth from pixfmt max values
Only allow a curated set of modifiers
Don't wait forever for encoder to finish
Allow tls XOR crypto to be enabled
server: Fix pixman const errors
pixels: Define fourcc_mod_is_vendor
Clean up release build compiler warnings
meson: Add run_command check argument
Nudge 24 bpp to 32 bpp when reporting to client
Keep reported pixel format
server: Fix find_highest_client_depth
Attila Fidan (2):
server: Support opening from a bound socket fd
server: Implement Extended Clipboard (UTF-8 text)
Jeroen Hofstee (2):
enc: tight: Fix the size of the tile
Send queued message when switching to continues updates
Ontje Lünsdorf (1):
server: Do not unlink an externally managed fd
Philipp Zabel (1):
Add continuous update support
v0.8.1
v0.8.0
Highlights
- The colour map pixel format as described in RFC 6143 has been implemented. Before, the client would just get disconnected if they requested it. Now they get a map that emulates RGB332.
- Momentary interception of log messages. The user can now set a thread-local log hander and then set it back to the default.
- Philipp Zabel made the code more consistent with the style guide.
Breaking Changes
nvnc_client_get_hostnamehas been replaced withnvnc_client_get_address
Bugfixes
These have already been released as part of the v0.7 branch, but they will also be enumerated here.
- Apple's Diffie-Hellman authentication (security type 30) has been fixed.
- A new client connection no longer causes a DNS lookup.
- Clients are now allowed to request more than 32 encodings (#108)
- Zlib streams are now preserved when a client switches between encodings (#109)
Shortlog
Andri Yngvason (24):
Set version for next release
README: Enumerate dependencies for crypto
Don't use tag for git version
server: Fix double-free on failed Apple DH
crypto: Initialise AES-ECB decode context correctly
server: Remove DNS lookup
server: Don't complete fb update more than once
logging: Export default log function
logging: Add method to set thread local log function
logging: Set log function to default when unset
Replace nvnc_client_get_hostname with nvnc_client_get_address
h264-encoder: Use AV_FRAME_FLAG_KEY instead of key_frame
server: Allow server to request more than 32 encodings
Warn when client chooses non-true-color pixel format
Keep zlib streams when switching encodings
pixels: Add strings for RGB222 and BGR222
server: Log pixel format choice
server: Log encodings reported by client
server: Drop current frame if formats change
server: Extract encoder initialisation function
Consolidate security handshake result handling
Implement colour map
Add option to enable experimental features
Release v0.8.0
Philipp Zabel (3):
Indent wrapped argument lists with two tabs (function definitions)
Indent wrapped argument lists with two tabs (function calls)
Remove superfluous whitespace
v0.7.2
This release fixes a couple of bugs:
- Clients are now allowed to request more than 32 encodings (#108)
- Zlib streams are now preserved when a client switches between encodings (#109)
Changes
Andri Yngvason (2):
server: Allow server to request more than 32 encodings
Keep zlib streams when switching encodings
v0.7.1
This release fixes a couple of bugs.
- Apple's Diffie-Hellman authentication (security type 30) has been fixed.
- A new client connection no longer causes a DNS lookup.
Changes
Andri Yngvason (4):
server: Fix double-free on failed Apple DH
crypto: Initialise AES-ECB decode context correctly
server: Remove DNS lookup
Release v0.7.1
v0.7.0
Highlights
- Desktop resizing
- Software pixel buffers with less than 32 bits per pixel are now supported
- The server may now choose to open a websocket instead of a regular TCP socket
- The RSA-AES and RSA-AES-256 security types have now been implemented
- A Diffie-Hellman based security type from Apple is also implemented, although not recommended
- Murmurhash in the damage refinery has been replaced with xxHash, which performs much better in my tests so far
Bugfixes
- Users should now get proper feedback when authentication fails
Changes
Andri Yngvason (69):
Remove _clang-format
Add a CONTRIBUTING.md
.github: Add a pull request template
test: pixels: Use unsigned numeric literals
test: pixels: Revert accidental change
Turn stream into abstract interface class
stream: Add a cork to pause sending
Implement websocket
Add NTP inspired latency tracking and time sync
stream: Add exec_and_send function
server: Use stream_exec_and_send for ntp
server: Reduce SO_SNDBUF to 4096
stream-tcp: EAGAIN is not an error
stream: Add a TODO about cleaning up struct
stream-gnutls: Fix use after free
stream-gnutls: Handle EAGAIN correctly
server: Set SO_SNDBUF to 65536
meson: Ignore format-truncation warnings
ws-handshake: Handle protocol & version fields
stream-ws: Sanitise handshake input
http: Remove unused code
http: Re-order includes
http: Stop memory leak in failure path
http: Only support GET method
stream: Move tls specific member into tls impl
stream: Allocate enough for tls upgrade
server: Actually send a reason when handshake fails
server: Defer client_unref in close_after_write
Add abstract interface for low level crypto
stream: Integrate cipher
Implement Apple's Diffie-Hellman based security type 30
crypto: Add RSA and AES-EAX
crypto: Integrate message handling into cipher
Implement RSA-AES
Add temporary api function to enable auth without tls
stream-ws: Inherit stream-tcp
stream-ws: Clean up exec-and-send resources
Create dedicated RSA-AES stream
crypto: Add helper functions for hashing
server: Use hash_{one,many}
crypto: Add AES256-EAX cipher
crypto: Remove unused code
crypto: Add sha256
server: Define rsa-aes server key length constant
crypto: Make deleting NULL pointers noop
server: Clean up crypto resources on disconnect
Implement RSA-AES-256 security type
Add base64 encoder & decoder
ws-handshake: Use own base64 and SHA1 implementations
Export base64 encoder and decoder
crypto: Add method to import RSA private keys
API: Add method to set RSA credentials
server: Allow arbitrary RSA key length
Remove logging of sensitive information
API: Consolidate setup of security constraints
websocket: Add some missing copyright notices
Replace strlcpy with strncpy
Notify client about NTP support
server: Use memcpy instead of strncpy for username/password
stream: rsa-aes: Unref payload after encoding
Revert "Export base64 encoder and decoder"
server: Use uint32_t for security result failure path
damage-refinery: Replace murmurhash with XXH3
crypto-nettle: Fix use after free
server: Free RSA creds on close
server: Defer cleaning up client resources on close
damage-refinery: Use scalar xxh3 implementation
MazTheMan (2):
Implement 24 bit pixel formats for raw and tight
zrle: fix for source format of 24 bits
Philipp Zabel (3):
Implement desktop resizing
examples: draw: Demonstrate desktop resizing
meson: Fix Meson warning about missing check kwarg in run_command() calls