<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-graphics/tigervnc, branch master</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-05-22T18:21:43+00:00</updated>
<entry>
<title>tigervnc: Fix do_configure Error</title>
<updated>2026-05-22T18:21:43+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2026-05-22T09:06:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=99f4962fa384b2163b9540e2d67983d272d49d9f'/>
<id>urn:sha1:99f4962fa384b2163b9540e2d67983d272d49d9f</id>
<content type='text'>
update version of xorg-xserver according to oe-core
WARNING: tigervnc-1.16.2-r0 do_configure: TigerVNC xorg-server version (21.1.21) is different from oe-core's xorg-xserver version (21.1.22)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: upgrade 1.16.0 -&gt; 1.16.2</title>
<updated>2026-04-01T20:16:42+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-01T06:45:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=192a27f231c7073ad8185f11b802dc8f2efbd5d4'/>
<id>urn:sha1:192a27f231c7073ad8185f11b802dc8f2efbd5d4</id>
<content type='text'>
Contains fix for CVE-2026-34352.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: Fix do_rootfs Error</title>
<updated>2026-02-25T06:30:31+00:00</updated>
<author>
<name>Liu Yiding</name>
<email>liuyd.fnst@fujitsu.com</email>
</author>
<published>2026-02-25T03:36:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=dbc81636773934763b1c7931148ec966a07592ba'/>
<id>urn:sha1:dbc81636773934763b1c7931148ec966a07592ba</id>
<content type='text'>
Fix the following error:
ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['tigervnc'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().

Signed-off-by: Liu Yiding &lt;liuyd.fnst@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: upgrade 1.15.0 -&gt; 1.16.0</title>
<updated>2026-01-31T07:59:12+00:00</updated>
<author>
<name>Liu Yiding</name>
<email>liuyd.fnst@fujitsu.com</email>
</author>
<published>2026-01-29T09:05:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=52b76013e84ae39697d68f7e7c4a9133ae039d17'/>
<id>urn:sha1:52b76013e84ae39697d68f7e7c4a9133ae039d17</id>
<content type='text'>
1.ChangeLog
  https://github.com/TigerVNC/tigervnc/releases/tag/v1.16.0

2.Update 0002-add-missing-dynamic-library-to-FLTK_LIBRARIES.patch for 1.16.0

3.Update xorg-server to 21.1.21

4.Fix do_install error

Signed-off-by: Liu Yiding &lt;liuyd.fnst@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: compare vendored xserver version to oe-core's xserver</title>
<updated>2025-12-28T16:14:39+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-12-27T06:56:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fe9219f6352bb2dd12ac12ed350046e70aa32798'/>
<id>urn:sha1:fe9219f6352bb2dd12ac12ed350046e70aa32798</id>
<content type='text'>
TigerVNC compiles its own xserver from a separate tarball, it doesn't
use oe-core's xserver for most of the compilation.

The vendored xserver code should be still kept in sync with oe-core
to minimize incompatibilities, feature and bug-discrepepancies (...)

However it is easy to miss when xserver is updated in oe-core, TigerVNC's
xserver gets out of sync frequently.

This change adds a small check before do_configure that compares the
vendored and oe-core's xserver version, and issues a warning if
TigerVNC recipe needs to be synced to oe-core.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: ignore CVE-2025-26594...26601</title>
<updated>2025-12-25T19:25:58+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-12-25T16:35:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4924e89bb77fe5486063229c50039a458d60f8ea'/>
<id>urn:sha1:4924e89bb77fe5486063229c50039a458d60f8ea</id>
<content type='text'>
Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601

Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601

TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.

All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).

Due to this, ignore these vulnerabilities, and just mark them as patched.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: ignore CVE-2023-6478</title>
<updated>2025-12-25T19:25:58+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-12-25T16:35:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=62a78f8ba7c8bd229cc82cf81bcc6a6d8116ebca'/>
<id>urn:sha1:62a78f8ba7c8bd229cc82cf81bcc6a6d8116ebca</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478

TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.

The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: ignore CVE-2023-6377</title>
<updated>2025-12-25T19:25:58+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-12-25T16:35:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f691f2178b15eec22f09a1c17b9945fad4e330e6'/>
<id>urn:sha1:f691f2178b15eec22f09a1c17b9945fad4e330e6</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377

TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.

The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: sync xserver code with oe-core</title>
<updated>2025-12-25T19:25:58+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-12-25T16:35:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fadb9c05709dae9e817a50e4d99093d4e2937933'/>
<id>urn:sha1:fadb9c05709dae9e817a50e4d99093d4e2937933</id>
<content type='text'>
TigerVNC compiles its own xserver. Synchronize the xserver version
with oe-core.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>tigervnc: fix typo in CVE_STATUS</title>
<updated>2025-11-28T21:44:01+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-11-28T20:03:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2f913279d4926ab92b97ffbb7c53031835b393bd'/>
<id>urn:sha1:2f913279d4926ab92b97ffbb7c53031835b393bd</id>
<content type='text'>
Forgot to add the CVE- prefix in previous patch.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
