TigerVNC 1.4.1 now available

[Brian Hinz]

TigerVNC 1.4.1 is now available. This is release is in response to the recent Xorg Security Advisory. There are no known vulnerabilities in TigerVNC itself related to this advisory, however some of the changes to the Xorg codebase were not compatible with TigerVNC.

Additionally, the binary packages supplied by the TigerVNC team were built against vulnerable versions of Xorg. The EL6 and Ubuntu Precise & Trusty packages rely on their respective distribution to mitigate the Xorg CVEs. All of these packages have been rebuilt against the latest upstream Xorg source packages but are otherwise essentially unchanged from the 1.4.0 release. The generic and EL5 binaries were previously built against an older version Xorg to which the CVE patches could not be readily applied. As a result, the following changes were made to the generic and EL5 binaries:

• Version bump of underlying codebase to Xorg X11R7.7 (patched to mitigate all known CVEs).
• Previous versions linked against the system libGL. This led to issues when the system libGL was compiled differently or linked against incompatible libraries. Additionally, the swrast_dri.so library was installed to a location that could conflict with a system or vendor provided library of the same name. Beginning with the 1.4.1 release, the TigerVNC generic and EL5 binaries provide their own copy of libGL (installed under /usr/%{_libdir}/tigervnc/) in order to provide independence from the system libGL.

Project Evergreen support for openSUSE 11.4 ended in October and as such, TigerVNC can no longer supply binary packages for this distribution.  openSUSE 11.4 users should use the generic binaries instead.

Binaries are available from bintray:

https://bintray.com/tigervnc/stable/tigervnc/1.4.1

Regards
The TigerVNC Developers