SLFO-pool/LibVNCServer
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main LibVNCServer revision e7f5f8718ef2283a10d3924453dd24e5

Browse Source
This commit is contained in:
Adrian Schröter 2024-11-12 12:05:18 +01:00
commit 39f0f9db4b
8 changed files with 1604 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

238
0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch Normal file
View File

@ -0,0 +1,238 @@
From e4849b01fec4494057728d1aa3a165ed21705682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Mon, 11 Jun 2018 23:47:02 +0200
Subject: [PATCH 1/4] libvncserver: Add API to add custom I/O entry points
Add API to make it possible to channel RFB input and output through
another layer, for example TLS. This is done by making it possible to
override the default read/write/peek functions.
---
libvncserver/rfbserver.c | 4 ++
libvncserver/sockets.c | 79 ++++++++++++++++++++++++++++++++++++----
rfb/rfb.h | 17 +++++++++
3 files changed, 93 insertions(+), 7 deletions(-)
Index: libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c
===================================================================
--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/rfbserver.c
+++ libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c
@@ -321,6 +321,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rf
cl->screen = rfbScreen;
cl->sock = sock;
+ cl->readFromSocket = rfbDefaultReadFromSocket;
+ cl->peekAtSocket = rfbDefaultPeekAtSocket;
+ cl->hasPendingOnSocket = rfbDefaultHasPendingOnSocket;
+ cl->writeToSocket = rfbDefaultWriteToSocket;
cl->viewOnly = FALSE;
/* setup pseudo scaling */
cl->scaledScreen = rfbScreen;
Index: libvncserver-LibVNCServer-0.9.14/libvncserver/sockets.c
===================================================================
--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/sockets.c
+++ libvncserver-LibVNCServer-0.9.14/libvncserver/sockets.c
@@ -102,6 +102,9 @@ int rfbMaxClientWait = 20000; /* time
gone away - needed to stop us hanging */
static rfbBool
+rfbHasPendingOnSocket(rfbClientPtr cl);
+
+static rfbBool
rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, rfbSocket sock)
{
const int one = 1;
@@ -364,16 +367,20 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,l
tv.tv_usec = usec;
nfds = select(rfbScreen->maxFd + 1, &fds, NULL, NULL /* &fds */, &tv);
if (nfds == 0) {
+ rfbBool hasPendingData = FALSE;
+
/* timed out, check for async events */
i = rfbGetClientIterator(rfbScreen);
while((cl = rfbClientIteratorNext(i))) {
if (cl->onHold)
continue;
+ hasPendingData |= rfbHasPendingOnSocket(cl);
if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
rfbSendFileTransferChunk(cl);
}
rfbReleaseClientIterator(i);
- return result;
+ if (!hasPendingData)
+ return result;
}
if (nfds < 0) {
@@ -449,9 +456,11 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,l
if (cl->onHold)
continue;
- if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
+ if (rfbHasPendingOnSocket (cl) ||
+ FD_ISSET(cl->sock, &(rfbScreen->allFds)))
{
- if (FD_ISSET(cl->sock, &fds))
+ if (rfbHasPendingOnSocket (cl) ||
+ FD_ISSET(cl->sock, &fds))
{
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
do {
@@ -638,6 +647,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
return sock;
}
+int
+rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len)
+{
+ return read(cl->sock, buf, len);
+}
+
+static int
+rfbReadFromSocket(rfbClientPtr cl, char *buf, int len)
+{
+ return cl->readFromSocket(cl, buf, len);
+}
+
+rfbBool
+rfbDefaultHasPendingOnSocket(rfbClientPtr cl)
+{
+ return FALSE;
+}
+
+static rfbBool
+rfbHasPendingOnSocket(rfbClientPtr cl)
+{
+ return cl->hasPendingOnSocket(cl);
+}
+
/*
* ReadExact reads an exact number of bytes from a client. Returns 1 if
* those bytes have been read, 0 if the other end has closed, or -1 if an error
@@ -659,10 +692,10 @@ rfbReadExactTimeout(rfbClientPtr cl, cha
} else if (cl->sslctx) {
n = rfbssl_read(cl, buf, len);
} else {
- n = read(sock, buf, len);
+ n = rfbReadFromSocket(cl, buf, len);
}
#else
- n = read(sock, buf, len);
+ n = rfbReadFromSocket(cl, buf, len);
#endif
if (n > 0) {
@@ -694,6 +727,10 @@ rfbReadExactTimeout(rfbClientPtr cl, cha
continue;
}
#endif
+
+ if (rfbHasPendingOnSocket(cl))
+ continue;
+
FD_ZERO(&fds);
FD_SET(sock, &fds);
tv.tv_sec = timeout / 1000;
@@ -730,6 +767,18 @@ int rfbReadExact(rfbClientPtr cl,char* b
return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait));
}
+int
+rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len)
+{
+ return recv(cl->sock, buf, len, MSG_PEEK);
+}
+
+int
+rfbPeekAtSocket(rfbClientPtr cl, char *buf, int len)
+{
+ return cl->peekAtSocket(cl, buf, len);
+}
+
/*
* PeekExact peeks at an exact number of bytes from a client. Returns 1 if
* those bytes have been read, 0 if the other end has closed, or -1 if an
@@ -750,7 +799,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, cha
n = rfbssl_peek(cl, buf, len);
else
#endif
- n = recv(sock, buf, len, MSG_PEEK);
+ n = rfbPeekAtSocket(cl, buf, len);
if (n == len) {
@@ -806,6 +855,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, cha
return 1;
}
+int
+rfbDefaultWriteToSocket(rfbClientPtr cl,
+ const char *buf,
+ int len)
+{
+ return write(cl->sock, buf, len);
+}
+
+static int
+rfbWriteToSocket(rfbClientPtr cl,
+ const char *buf,
+ int len)
+{
+ return cl->writeToSocket(cl, buf, len);
+}
+
/*
* WriteExact writes an exact number of bytes to a client. Returns 1 if
* those bytes have been written, or -1 if an error occurred (errno is set to
@@ -863,7 +928,7 @@ rfbWriteExact(rfbClientPtr cl,
n = rfbssl_write(cl, buf, len);
else
#endif
- n = write(sock, buf, len);
+ n = rfbWriteToSocket(cl, buf, len);
if (n > 0) {
Index: libvncserver-LibVNCServer-0.9.14/rfb/rfb.h
===================================================================
--- libvncserver-LibVNCServer-0.9.14.orig/rfb/rfb.h
+++ libvncserver-LibVNCServer-0.9.14/rfb/rfb.h
@@ -398,6 +398,14 @@ typedef struct sraRegion* sraRegionPtr;
typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl);
typedef void (*ClientFramebufferUpdateRequestHookPtr)(struct _rfbClientRec* cl, rfbFramebufferUpdateRequestMsg* furMsg);
+typedef int (*ClientReadFromSocket)(struct _rfbClientRec* cl,
+ char *buf, int len);
+typedef int (*ClientPeekAtSocket)(struct _rfbClientRec* cl,
+ char *buf, int len);
+typedef rfbBool (*ClientHasPendingOnSocket)(struct _rfbClientRec* cl);
+typedef int (*ClientWriteToSocket)(struct _rfbClientRec* cl,
+ const char *buf, int len);
+
typedef struct _rfbFileTransferData {
int fd;
int compressionEnabled;
@@ -707,6 +715,11 @@ typedef struct _rfbClientRec {
int tightPngDstDataLen;
#endif
#endif
+
+ ClientReadFromSocket readFromSocket; /* Read data from socket */
+ ClientPeekAtSocket peekAtSocket; /* Peek at data from socket */
+ ClientHasPendingOnSocket hasPendingOnSocket; /* Peek at data from socket */
+ ClientWriteToSocket writeToSocket; /* Write data to socket */
} rfbClientRec, *rfbClientPtr;
/**
@@ -759,8 +772,12 @@ extern void rfbDisconnectUDPSock(rfbScre
extern void rfbCloseClient(rfbClientPtr cl);
extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);
extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
+extern int rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len);
extern int rfbPeekExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
+extern int rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len);
+extern rfbBool rfbDefaultHasPendingOnSocket(rfbClientPtr cl);
extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len);
+extern int rfbDefaultWriteToSocket(rfbClientPtr cl, const char *buf, int len);
extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);
extern rfbSocket rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
extern rfbSocket rfbConnectToTcpAddr(char* host, int port);

362
0002-libvncserver-Add-channel-security-handlers.patch Normal file
View File

@ -0,0 +1,362 @@
From c9131a78878a785c3de21e9d49521d7b68400ad7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Mon, 11 Jun 2018 23:50:05 +0200
Subject: [PATCH 2/4] libvncserver: Add channel security handlers
Add another type of security handler that is meant to be used initially
to set up a secure channel. Regular security handlers would be
advertised and processed after any channel security have succeeded.
For example, this, together with the custom I/O functions allows a
LibVNCServer user to implement TLS in combination with VNCAuth. This is
done by adding a single channel security handler with the rfbTLS (18)
with a handler that initiates a TLS session, and when a TLS session is
initiated, the regular security handler list is sent.
---
libvncserver/auth.c | 164 ++++++++++++++++++++++++++++++---------
libvncserver/rfbserver.c | 1 +
rfb/rfb.h | 15 +++-
3 files changed, 142 insertions(+), 38 deletions(-)
Index: libvncserver-LibVNCServer-0.9.14/libvncserver/auth.c
===================================================================
--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/auth.c
+++ libvncserver-LibVNCServer-0.9.14/libvncserver/auth.c
@@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl
* Handle security types
*/
+/* Channel security handlers to set up a secure channel, e.g. TLS. */
+static rfbSecurityHandler* channelSecurityHandlers = NULL;
+
+/* Security handlers when channel security is established. */
static rfbSecurityHandler* securityHandlers = NULL;
-/*
- * This method registers a list of new security types.
- * It avoids same security type getting registered multiple times.
- * The order is not preserved if multiple security types are
- * registered at one-go.
- */
void
-rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
+rfbRegisterSecurityHandlerTo(rfbSecurityHandler* handler,
+ rfbSecurityHandler** handlerList)
{
- rfbSecurityHandler *head = securityHandlers, *next = NULL;
+ rfbSecurityHandler *head = *handlerList, *next = NULL;
if(handler == NULL)
return;
@@ -57,39 +56,35 @@ rfbRegisterSecurityHandler(rfbSecurityHa
while(head != NULL) {
if(head == handler) {
- rfbRegisterSecurityHandler(next);
+ rfbRegisterSecurityHandlerTo(next, handlerList);
return;
}
head = head->next;
}
- handler->next = securityHandlers;
- securityHandlers = handler;
+ handler->next = *handlerList;
+ *handlerList = handler;
- rfbRegisterSecurityHandler(next);
+ rfbRegisterSecurityHandlerTo(next, handlerList);
}
-/*
- * This method unregisters a list of security types.
- * These security types won't be available for any new
- * client connection.
- */
-void
-rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
+static void
+rfbUnregisterSecurityHandlerFrom(rfbSecurityHandler* handler,
+ rfbSecurityHandler** handlerList)
{
rfbSecurityHandler *cur = NULL, *pre = NULL;
if(handler == NULL)
return;
- if(securityHandlers == handler) {
- securityHandlers = securityHandlers->next;
- rfbUnregisterSecurityHandler(handler->next);
+ if(*handlerList == handler) {
+ *handlerList = (*handlerList)->next;
+ rfbUnregisterSecurityHandlerFrom(handler->next, handlerList);
return;
}
- cur = pre = securityHandlers;
+ cur = pre = *handlerList;
while(cur) {
if(cur == handler) {
@@ -99,7 +94,50 @@ rfbUnregisterSecurityHandler(rfbSecurity
pre = cur;
cur = cur->next;
}
- rfbUnregisterSecurityHandler(handler->next);
+ rfbUnregisterSecurityHandlerFrom(handler->next, handlerList);
+}
+
+void
+rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler)
+{
+ rfbRegisterSecurityHandlerTo(handler, &channelSecurityHandlers);
+}
+
+/*
+ * This method unregisters a list of security types.
+ * These security types won't be available for any new
+ * client connection.
+ */
+
+void
+rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler)
+{
+ rfbUnregisterSecurityHandlerFrom(handler, &channelSecurityHandlers);
+}
+
+/*
+ * This method registers a list of new security types.
+ * It avoids same security type getting registered multiple times.
+ * The order is not preserved if multiple security types are
+ * registered at one-go.
+ */
+
+void
+rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
+{
+ rfbRegisterSecurityHandlerTo(handler, &securityHandlers);
+}
+
+/*
+ * This method unregisters a list of security types.
+ * These security types won't be available for any new
+ * client connection.
+ */
+
+void
+rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
+{
+ rfbUnregisterSecurityHandlerFrom(handler, &securityHandlers);
}
/*
@@ -197,9 +235,22 @@ static rfbSecurityHandler VncSecurityHan
NULL
};
+static int32_t
+determinePrimarySecurityType(rfbClientPtr cl)
+{
+ if (!cl->screen->authPasswdData || cl->reverseConnection) {
+ /* chk if this condition is valid or not. */
+ return rfbSecTypeNone;
+ } else if (cl->screen->authPasswdData) {
+ return rfbSecTypeVncAuth;
+ } else {
+ return rfbSecTypeInvalid;
+ }
+}
-static void
-rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
+void
+rfbSendSecurityTypeList(rfbClientPtr cl,
+ enum rfbSecurityTag exclude)
{
/* The size of the message is the count of security types +1,
* since the first byte is the number of types. */
@@ -207,9 +258,10 @@ rfbSendSecurityTypeList(rfbClientPtr cl,
rfbSecurityHandler* handler;
#define MAX_SECURITY_TYPES 255
uint8_t buffer[MAX_SECURITY_TYPES+1];
-
+ int32_t primaryType;
/* Fill in the list of security types in the client structure. (NOTE: Not really in the client structure) */
+ primaryType = determinePrimarySecurityType(cl);
switch (primaryType) {
case rfbSecTypeNone:
rfbUnregisterSecurityHandler(&VncSecurityHandlerVncAuth);
@@ -223,6 +275,9 @@ rfbSendSecurityTypeList(rfbClientPtr cl,
for (handler = securityHandlers;
handler && size<MAX_SECURITY_TYPES; handler = handler->next) {
+ if (exclude && (handler->securityTags & exclude))
+ continue;
+
buffer[size] = handler->type;
size++;
}
@@ -251,7 +306,29 @@ rfbSendSecurityTypeList(rfbClientPtr cl,
cl->state = RFB_SECURITY_TYPE;
}
+static void
+rfbSendChannelSecurityTypeList(rfbClientPtr cl)
+{
+ int size = 1;
+ rfbSecurityHandler* handler;
+ uint8_t buffer[MAX_SECURITY_TYPES+1];
+
+ for (handler = channelSecurityHandlers;
+ handler && size<MAX_SECURITY_TYPES; handler = handler->next) {
+ buffer[size] = handler->type;
+ size++;
+ }
+ buffer[0] = (unsigned char)size-1;
+
+ if (rfbWriteExact(cl, (char *)buffer, size) < 0) {
+ rfbLogPerror("rfbSendSecurityTypeList: write");
+ rfbCloseClient(cl);
+ return;
+ }
+ /* Dispatch client input to rfbProcessClientChannelSecurityType. */
+ cl->state = RFB_CHANNEL_SECURITY_TYPE;
+}
/*
@@ -299,18 +376,19 @@ rfbSendSecurityType(rfbClientPtr cl, int
void
rfbAuthNewClient(rfbClientPtr cl)
{
- int32_t securityType = rfbSecTypeInvalid;
+ int32_t securityType;
- if (!cl->screen->authPasswdData || cl->reverseConnection) {
- /* chk if this condition is valid or not. */
- securityType = rfbSecTypeNone;
- } else if (cl->screen->authPasswdData) {
- securityType = rfbSecTypeVncAuth;
- }
+ securityType = determinePrimarySecurityType(cl);
if (cl->protocolMajorVersion==3 && cl->protocolMinorVersion < 7)
{
/* Make sure we use only RFB 3.3 compatible security types. */
+ if (channelSecurityHandlers) {
+ rfbLog("VNC channel security enabled - RFB 3.3 client rejected\n");
+ rfbClientConnFailed(cl, "Your viewer cannot hnadler required "
+ "security methods");
+ return;
+ }
if (securityType == rfbSecTypeInvalid) {
rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n");
rfbClientConnFailed(cl, "Your viewer cannot handle required "
@@ -318,9 +396,13 @@ rfbAuthNewClient(rfbClientPtr cl)
return;
}
rfbSendSecurityType(cl, securityType);
+ } else if (channelSecurityHandlers) {
+ rfbLog("Send channel security type list\n");
+ rfbSendChannelSecurityTypeList(cl);
} else {
/* Here it's ok when securityType is set to rfbSecTypeInvalid. */
- rfbSendSecurityTypeList(cl, securityType);
+ rfbLog("Send channel security type 'none'\n");
+ rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE);
}
}
@@ -334,6 +416,7 @@ rfbProcessClientSecurityType(rfbClientPt
int n;
uint8_t chosenType;
rfbSecurityHandler* handler;
+ rfbSecurityHandler* handlerListHead;
/* Read the security type. */
n = rfbReadExact(cl, (char *)&chosenType, 1);
@@ -346,8 +429,17 @@ rfbProcessClientSecurityType(rfbClientPt
return;
}
+ switch (cl->state) {
+ case RFB_CHANNEL_SECURITY_TYPE:
+ handlerListHead = channelSecurityHandlers;
+ break;
+ case RFB_SECURITY_TYPE:
+ handlerListHead = securityHandlers;
+ break;
+ }
+
/* Make sure it was present in the list sent by the server. */
- for (handler = securityHandlers; handler; handler = handler->next) {
+ for (handler = handlerListHead; handler; handler = handler->next) {
if (chosenType == handler->type) {
rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType);
handler->handler(cl);
Index: libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c
===================================================================
--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/rfbserver.c
+++ libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c
@@ -670,6 +670,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
case RFB_PROTOCOL_VERSION:
rfbProcessClientProtocolVersion(cl);
return;
+ case RFB_CHANNEL_SECURITY_TYPE:
case RFB_SECURITY_TYPE:
rfbProcessClientSecurityType(cl);
return;
Index: libvncserver-LibVNCServer-0.9.14/rfb/rfb.h
===================================================================
--- libvncserver-LibVNCServer-0.9.14.orig/rfb/rfb.h
+++ libvncserver-LibVNCServer-0.9.14/rfb/rfb.h
@@ -147,6 +147,11 @@ typedef struct {
} data; /**< there have to be count*3 entries */
} rfbColourMap;
+enum rfbSecurityTag {
+ RFB_SECURITY_TAG_NONE = 0,
+ RFB_SECURITY_TAG_CHANNEL = 1 << 0
+};
+
/**
* Security handling (RFB protocol version 3.7)
*/
@@ -155,6 +160,7 @@ typedef struct _rfbSecurity {
uint8_t type;
void (*handler)(struct _rfbClientRec* cl);
struct _rfbSecurity* next;
+ enum rfbSecurityTag securityTags;
} rfbSecurityHandler;
/**
@@ -491,7 +497,7 @@ typedef struct _rfbClientRec {
/** Possible client states: */
enum {
RFB_PROTOCOL_VERSION, /**< establishing protocol version */
- RFB_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */
+ RFB_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */
RFB_AUTHENTICATION, /**< authenticating */
RFB_INITIALISATION, /**< sending initialisation messages */
RFB_NORMAL, /**< normal protocol messages */
@@ -500,6 +506,7 @@ typedef struct _rfbClientRec {
* using LibVNCServer to provide services: */
RFB_INITIALISATION_SHARED, /**< sending initialisation messages with implicit shared-flag already true */
+ RFB_CHANNEL_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */
RFB_SHUTDOWN /**< Client is shutting down */
} state;
@@ -870,6 +877,9 @@ extern void rfbProcessClientSecurityType
extern void rfbAuthProcessClientMessage(rfbClientPtr cl);
extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler);
extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler);
+extern void rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler);
+extern void rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler);
+extern void rfbSendSecurityTypeList(rfbClientPtr cl, enum rfbSecurityTag exclude);
/* rre.c */

BIN
LibVNCServer-0.9.14.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

584
LibVNCServer.changes Normal file
View File

@ -0,0 +1,584 @@
-------------------------------------------------------------------
Fri Jun 23 14:44:58 UTC 2023 - pgajdos@suse.com
- version update to 0.9.14
## Overall changes:
* Added more documentation (build system integration, repeater setup) and a legal FAQ.
* Added [contribution guidelines](CONTRIBUTING.md).
* Ported the TravisCI continous integration machinery to GitHub workflows.
## LibVNCServer/LibVNCClient:
* Added [qemu extended key event].
* Fixed several potential multiplication overflows.
## LibVNCClient:
* Fixes of several memory leaks and buffer overflows.
* Added UltraVNC's MSLogonII authentication scheme.
* Fixed TLS interoperability with GnuTLS servers.
* Fixed detection of newer UltraVNC and TightVNC servers.
* Added support for [SetDesktopSize].
* Added SSH tunneling example using libssh2.
* Added some extensions to VeNCrypt in order to be compatible with a wider range of servers.
## LibVNCServer:
* Fixes to the multi-threaded server implementation which should be a lot more sound now.
* Fixed TightVNC-filetransfer file upload for 64-bit systems.
* Fixes of crashes in the zlib compression.
* Added support for [UTF8 clipboard data].
* Fixed visual artifacts in framebuffer on ARM platforms.
* Fixed several WebSockets bugs.
* Fixed the UltraVNC-style repeater example.
* Added support for larger framebuffers (two 4k screens possible now).
* Added support for timeouts for outbound connections (to repeaters for instance).
* Fixed out-of-bounds memory access in Tight encoding.
- modified patches
% 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed)
% 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
- deleted patches
- 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch (upstreamed)
- 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch (upstreamed)
- 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch (upstreamed)
- LibVNCServer-CVE-2020-29260.patch (upstreamed)
-------------------------------------------------------------------
Thu Sep 8 08:26:25 UTC 2022 - pgajdos@suse.com
- security update
- added patches
fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
+ LibVNCServer-CVE-2020-29260.patch
-------------------------------------------------------------------
Fri Sep 17 07:14:46 UTC 2021 - pgajdos@suse.com
- purposedly adding just this changelog entry
- previous version updates fixed also:
* CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
* CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite
* CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes
* CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS
* CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak
* CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c
* CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c
* CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock()
* CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c
* CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
* CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service
* CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
* CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings.
* CVE-2020-14403 [bsc#1173701]
* CVE-2020-14404 [bsc#1173701]
-------------------------------------------------------------------
Fri Jan 8 15:07:43 UTC 2021 - Frederic Crozat <fcrozat@suse.com>
- Add many patches needed for GNOME Remote desktop (already in
Fedora):
* TLS security type enablement patches gh#LibVNC/libvncserver!234
- 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
- 0002-libvncserver-Add-channel-security-handlers.patch
- 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
* Fix crash on all runs after the first gh#LibVNC/libvncserver!444 rh#1882718
- 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
* Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718
- 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
-------------------------------------------------------------------
Tue Jun 30 06:48:57 UTC 2020 - pgajdos@suse.com
- version update to 0.9.13 [bsc#1173477]
## Overall changes:
* Small tweaks to the CMake build system.
* The macOS server example was overhauled and is now the most feature-complete sample
application of the project, ready for real-world use.
* Lots of documentation updates and markdownifying.
* The TravisCI continuous integration now also build-checks cross-compilation from
Linux to Windows.
* Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project.
## LibVNCServer/LibVNCClient:
* Both LibVNCServer and LibVNCClient now support an additional platform, namely
Microsoft Windows. Building is supported with Visual Studio as well as MingGW.
* The separate crypto routines used by LibVNCClient and LibVNCServer were refactored
into an implementation common to both libraries.
* Several security issues got fixed.
* The bundled noVNC client is now at version 1.1.0 and included via a git submodule.
## LibVNCClient:
* Added connect timeout as well as read timeout support thanks to Tobias Junghans.
* Both TLS backends now do proper locking of network operations when multi-threaded
thanks to Gaurav Ujjwal.
* Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC.
* Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end.
Made possible by the profound research done by Gaurav Ujjwal.
## LibVNCServer:
* Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver
rfbFramebufferUpdateRequest messages from clients to the frame producer
thanks to Jae Hyun Yoo.
* Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos.
* Added multi-threading support for MS Windows.
* Fixed VNC repeater/proxy functionality that was broken in 0.9.12.
* Fixed unstable WebSockets connections thanks to Sebastian Kranz.
- deleted patches
- LibVNCServer-CVE-2019-15681.patch (upstreamed)
- LibVNCServer-CVE-2019-15690.patch (upstreamed)
- LibVNCServer-CVE-2019-20788.patch (upstreamed)
- avoid-pthread_join-if-backgroundLoop-is-FALSE.patch (upstreamed)
- cmake-libdir.patch (upstreamed)
- fix-crash-on-shutdown.patch (upstreamed)
-------------------------------------------------------------------
Mon May 4 13:48:26 UTC 2020 - pgajdos@suse.com
- deleted patches
- LibVNCServer-CVE-2018-20749.patch (mistakenly added, it is
already part of 0.9.12)
-------------------------------------------------------------------
Mon Apr 27 09:20:21 UTC 2020 - pgajdos@suse.com
- security update
- added patches
fix CVE-2019-15690 [bsc#1160471], heap buffer overflow
+ LibVNCServer-CVE-2019-15690.patch
fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value
+ LibVNCServer-CVE-2019-20788.patch
-------------------------------------------------------------------
Fri Jan 10 08:24:05 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Add patches to fix crash on shutdown:
* avoid-pthread_join-if-backgroundLoop-is-FALSE.patch
* fix-crash-on-shutdown.patch
-------------------------------------------------------------------
Mon Nov 4 11:29:21 UTC 2019 - pgajdos@suse.com
- turn the test suite on
-------------------------------------------------------------------
Mon Nov 4 10:26:34 UTC 2019 - pgajdos@suse.com
- security update
- added patches
CVE-2019-15681 [bsc#1155419]
+ LibVNCServer-CVE-2019-15681.patch
-------------------------------------------------------------------
Wed Feb 20 15:56:14 UTC 2019 - Felix Zhang <fezhang@suse.com>
- Add BuildRequire libgnutls-devel: Remmina needs it for VNC
connections (boo#1123805)
-------------------------------------------------------------------
Mon Feb 11 09:16:53 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- use upstream commit, amend cmake-libdir.patch
-------------------------------------------------------------------
Mon Feb 11 09:13:18 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- fix cmake build, add cmake-libdir.patch (upstream issue #281)
-------------------------------------------------------------------
Tue Feb 5 09:59:42 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- update to version 0.9.12
- Overall changes:
* CMake now is the default build system, Autotools were removed.
* In addition to TravisCI, all commits are now build-tested by AppVeyorCI.
- LibVNCServer/LibVNCClient:
* Numerous build fixes for Visual Studio compilers to the extent that
one can now _build_ the project with these. The needed changes for
successfully _running_ stuff will be implemented in 0.9.13.
* Fixed building for Android and added build instructions.
* Removed the unused PolarSSL wrapper.
* Updated the bundled noVNC to latest release 1.0.0.
* Allowed to use global LZO library instead of miniLZO.
- LibVNCClient:
* Support for OpenSSL 1.1.x.
* Support for overriding the default rectangle decode handlers (with
hardware-accelerated ones for instance) thanks to Balazs Ludmany.
* vnc2mpg updated.
* Added support for X509 server certificate verification as part of the
handshake process thanks to Simon Waterman.
* Added a TRLE decoder thanks to Wiki Wang.
* Included Tight decoding optimizations from TurboVNC thanks to DRC.
* Ported the SDL viewer from SDL 1.2 to SDL 2.0.
* Numerous security fixes.
* Added support for custom auth handlers in order to support additional
security types.
- LibVNCServer:
* Websockets rework to remove obsolete code thanks to Andreas Weigel.
* Ensured compatibility with gtk-vnc 0.7.0+ thanks to Michał Kępień.
* The built-in webserver now sends correct MIME type for Javascript.
* Numerous memory management issues fixed.
* Made the TightVNC-style file transfer more stable.
- removed patches
- LibVNCServer-CVE-2018-20021.patch (upstreamed)
- LibVNCServer-CVE-2018-20023.patch (upstreamed)
- libvncserver-0.9.10-ossl.patch (not upstreamed)
- LibVNCServer-CVE-2018-15127.patch (upstreamed)
- LibVNCServer-CVE-2018-6307.patch (upstreamed)
- LibVNCServer-CVE-2018-20019.patch (upstreamed)
- LibVNCServer-CVE-2018-7225.patch (upstreamed)
- LibVNCServer-CVE-2018-20022.patch (upstreamed)
- libvncserver-0.9.1-multilib.patch (cmake now)
- LibVNCServer-CVE-2018-15126.patch (upstreamed)
- LibVNCServer-CVE-2018-20020.patch (upstreamed)
- LibVNCServer-CVE-2018-20024.patch (upstreamed)
- removed by upstream
- libvncserver-config
- security update
* CVE-2018-20749 [bsc#1123828]
+ LibVNCServer-CVE-2018-20749.patch
-------------------------------------------------------------------
Fri Jan 11 14:10:36 UTC 2019 - adam.majer@suse.de
- Fix devel package dependencies
-------------------------------------------------------------------
Thu Jan 3 16:33:06 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- security update
* CVE-2018-15126 [bsc#1120114]
+ LibVNCServer-CVE-2018-15126.patch
* CVE-2018-6307 [bsc#1120115]
+ LibVNCServer-CVE-2018-6307.patch
* CVE-2018-20020 [bsc#1120116]
+ LibVNCServer-CVE-2018-20020.patch
* CVE-2018-15127 [bsc#1120117]
+ LibVNCServer-CVE-2018-15127.patch
* CVE-2018-20019 [bsc#1120118]
+ LibVNCServer-CVE-2018-20019.patch
* CVE-2018-20023 [bsc#1120119]
+ LibVNCServer-CVE-2018-20023.patch
* CVE-2018-20022 [bsc#1120120]
+ LibVNCServer-CVE-2018-20022.patch
* CVE-2018-20024 [bsc#1120121]
+ LibVNCServer-CVE-2018-20024.patch
* CVE-2018-20021 [bsc#1120122]
+ LibVNCServer-CVE-2018-20021.patch
-------------------------------------------------------------------
Thu Jan 3 15:11:20 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- Update to version 0.9.11
Overall changes:
LibVNCServer/LibVNCClient development now uses continous intregration,
provided by TravisCI.
LibVNCClient:
Now initializes libgcrypt before use if the application did not do it.
Fixes a crash when connection to Mac hosts
(#45).
Various fixes that result in more stable handling of malicious or broken
servers.
Removed broken and unmaintained H264 decoding.
Some documentation fixes.
Added hooks to WriteToTLS() for optional protection by mutex.
LibVNCServer:
Stability fixes for the WebSocket implementation.
Replaced SHA1 implementation with the one from RFC 6234.
The built-in HTTP server does not allow directory traversals anymore.
The built-in HTTP now sends correct MIME types for CSS and SVG.
Added support for systemd socket activation.
Made it possible to get autoPort behavior with either ipv4 or ipv6
disabled.
Fixed starting of an onHold-client in threaded mode.
- dropped patches:
- libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch (upstreamed)
- libvncserver-byteswap.patch (stop maintaining not upstreamed patch)
- modified patches:
% libvncserver-0.9.10-ossl.patch (refreshed)
-------------------------------------------------------------------
Tue Mar 20 07:42:09 UTC 2018 - pgajdos@suse.com
- security update
* CVE-2018-7225 [bsc#1081493]
+ LibVNCServer-CVE-2018-7225.patch
-------------------------------------------------------------------
Tue May 24 17:25:53 UTC 2016 - antoine.belvire@laposte.net
- Fix build errors of applications using stl_algobase.h and
libvncserver's rfbproto.h, e.g. krfb (issue #102)
* Add libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch
-------------------------------------------------------------------
Sun Feb 8 04:24:43 UTC 2015 - crrodriguez@opensuse.org
- Remove xorg-x11-devel from buildRequires, X libraries
are not directly used/linked
-------------------------------------------------------------------
Sun Feb 8 03:54:55 UTC 2015 - crrodriguez@opensuse.org
- libvncserver-0.9.10-ossl.patch: Update, do not
RAND_load_file("/dev/urandom", 1024) if the the PRNG is already
seeded. (It always is on linux)
-------------------------------------------------------------------
Sat Dec 13 13:50:35 UTC 2014 - p.drouand@gmail.com
- Update to version 0.9.10
+ Moved the whole project from sourceforge to https://libvnc.github.io/.
+ Cleaned out the autotools build system which now uses autoreconf.
+ Updated noVNC HTML5 client to latest version.
+ Split out x11vnc sources into separate repository at
https://github.com/LibVNC/x11vnc
+ Split out vncterm sources into separate repository at
https://github.com/LibVNC/vncterm
+ Split out VisualNaCro sources into separate repository at
https://github.com/LibVNC/VisualNaCro
+ Merged Debian patches.
+ Fixed some security-related buffer overflow cases.
+ Added compatibility headers to make LibVNCServer/LibVNCClient
build on native Windows 8.
+ Update LZO to version 2.07, fixing CVE-2014-4607.
+ Merged patches from KDE/krfb.
+ Can now do IPv6 without IPv4.
+ Fixed a use-after-free issue in scale.c.
- Update Url and download source to new project home
- Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it
out of main tarball
- Rebase libvncserver-ossl.patch to upstream changes
> libvncserver-0.9.10-ossl.patch
- Remove linuxvnc subpackage; like x11vnc, it has been splited out
but is depreciated and unmaintained.
-------------------------------------------------------------------
Fri Oct 3 19:51:18 UTC 2014 - olaf@aepfle.de
- Obsolete old LibVNCServer.rpm in libvncclient0 package. The old
version included binaries, devel and runtime libs. But nothing
removes the old package, which leads to file conflicts during
upgrade if linuxvnc.rpm is not on the install media (bnc#893343)
-------------------------------------------------------------------
Tue Jul 1 13:35:34 UTC 2014 - coolo@suse.com
- remove old .bz2 file
-------------------------------------------------------------------
Mon Mar 18 09:36:38 UTC 2013 - mmeister@suse.com
- Add Url to Source section in spec file
-------------------------------------------------------------------
Sat Jan 12 14:01:28 UTC 2013 - jengelh@inai.de
- Follow shared library packaging guidelines
- Avoid self-obsolete tag
- Put libvncserver-config into -devel where it should belong
- Provide pkgconfig() RPM symbols
-------------------------------------------------------------------
Tue Jan 1 19:35:08 UTC 2013 - crrodriguez@opensuse.org
- Switch SSL backend to openssl, we all agree that OpenSSL
has it faults, but it is heavily optimized in all platforms
not only x86 and performance matters in interactive,latency
sensitive tasks like VNC.
- libvncserver-ossl.patch Ensures openssl use less memory
and avoid abi breaks on openSSL updates.
-------------------------------------------------------------------
Sun Dec 30 22:02:37 UTC 2012 - crrodriguez@opensuse.org
- libvncserver-byteswap.patch : USe OS byteswapping macros
which are optimized for the target arch.
- BuildRequire libpng-Devel
-------------------------------------------------------------------
Tue Oct 16 12:02:12 UTC 2012 - mvyskocil@suse.com
- delete not used LibVNCServer-0.9.9-system_minilzo.patch
- document patches
- rename redef-keysym to redef-keysym.patch
-------------------------------------------------------------------
Wed Sep 26 21:08:14 UTC 2012 - p.drouand@gmail.com
- Update to 0.9.9 version:
- Overall changes:
* Added noVNC HTML5 VNC viewer (http://kanaka.github.com/noVNC/) connect possibility
to our http server. Pure JavaScript, no Java plugin required anymore! (But a
recent browser...)
* Added a GTK+ VNC viewer example.
- LibVNCServer/LibVNCClient:
* Added support to build for Google Android.
* Complete IPv6 support in both LibVNCServer and LibVNCClient.
- LibVNCServer:
* Split two event-loop related functions out of the rfbProcessEvents() mechanism.
This is required to be able to do proper event loop integration with Qt. Idea was
taken from Vino's libvncserver fork.
* Added TightPNG (http://wiki.qemu.org/VNC_Tight_PNG) encoding support. Like the
original Tight encoding, this still uses JPEG, but ZLIB encoded rects are encoded
with PNG here.
* Added suport for serving VNC sessions through WebSockets
(http://en.wikipedia.org/wiki/WebSocket), a web technology providing for multiplexing
bi-directional, full-duplex communications channels over a single TCP connection.
* Support connections from the Mac OS X built-in VNC client to LibVNCServer
instances running with no password.
* Replaced the Tight encoder with a TurboVNC one which is tremendously faster in most
cases, especially with high-color video or 3D workloads.
(http://www.virtualgl.org/pmwiki/uploads/About/tighttoturbo.pdf)
- LibVNCClient:
* Added support to only listen for reverse connections on a specific IP address.
* Support for using OpenSSL instead of GnuTLS. This could come in handy on embedded
devices where only this TLS implementation is available.
* Added support to connect to UltraVNC Single Click servers.
- remove upstreamed LibVNCServer-LINUX.diff
- remove upstreamed LibVNCServer-0.9.8_git201104301110-overflow.patch
- remove upstreamed LibVNCServer-system-lzo.patch
- rename and refresh dont-build-x11vnc to LibVNCServer-0.9.9-no_x11vnc.patch
- add, but not enable LibVNCServer-0.9.9-system_minilzo.patch
- add libvncserver-0.9.1-multilib.patch
-------------------------------------------------------------------
Mon Aug 27 11:29:44 UTC 2012 - idonmez@suse.com
- Devel package needs a dependency on gnutls-devel
-------------------------------------------------------------------
Sat Aug 18 09:53:29 UTC 2012 - gber@opensuse.org
- enable support for gnutls
-------------------------------------------------------------------
Wed Nov 30 14:30:22 UTC 2011 - coolo@suse.com
- add automake as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Sat Sep 17 09:39:03 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
-------------------------------------------------------------------
Fri May 6 21:00:48 UTC 2011 - crrodriguez@opensuse.org
- Update to version 0.9.8 latest.
* Changes too long to list here, see NEWS
- Use system lzo library
-------------------------------------------------------------------
Fri Oct 8 14:03:58 UTC 2010 - coolo@novell.com
- add baselibs.conf to build 32bit libs for DirectFB-32bit to use
-------------------------------------------------------------------
Tue Apr 21 22:28:00 CEST 2009 - garloff@suse.de
- Update to LibVNCserver-0.9.7:
* add (server-side) ZYWRLE support
* fixes (update after resizing, endianess, width != scanline)
* improve timeouts, port fallback, and connection time of the SSL
Java viewers
-------------------------------------------------------------------
Fri Mar 6 05:32:52 CET 2009 - crrodriguez@suse.de
- remove static libraries and "la" files
-------------------------------------------------------------------
Mon Oct 27 15:36:23 CET 2008 - garloff@suse.de
- fix-warn.diff: Avoid pointer > 0 comparison (bnc 435610)
-------------------------------------------------------------------
Mon Feb 25 07:27:32 CET 2008 - crrodriguez@suse.de
- fix library-without-ldconfig-post* errors
- devel package requires zlib-devel
-------------------------------------------------------------------
Thu Oct 11 15:46:54 CEST 2007 - sbrabec@suse.cz
- Use binding specific avahi package.
-------------------------------------------------------------------
Tue Jul 17 01:16:12 CEST 2007 - garloff@suse.de
- Split LibVNCServer into itself, -devel and x11vnc.
- Update to LibVNCserver-0.9.1.
- Drop patches that have been integrated upstream.
-------------------------------------------------------------------
Wed Apr 11 10:40:20 CEST 2007 - stbinner@suse.de
- fix misplaced guards in rfb.h
-------------------------------------------------------------------
Thu Mar 15 17:14:53 MDT 2007 - ccoffing@novell.com
- Fix incorrect usage of condition variables, which was causing
a crash during heavy updates. (#246100)
-------------------------------------------------------------------
Fri Jul 28 19:14:22 CEST 2006 - garloff@suse.de
- Update to version 0.8.2:
* Support for VNC protocol version 3.8.
* Many UltraVNC encodings and features added: FileTransfer,
SetSingleWindow, ServerInput, TextChat, UltraZip, etc.
* Support for PalmVNC and UltraVNC style 1/n server-side scaling.
* Improved Statistics reporting.
* KeyboardLedState encoding.
* LibVNCClient and x11vnc enhancements.
* Many bugs and leaks fixed.
* CVE-2006-2450 fix is already included, drop patch.
- Use -allinput in x11vnc_ssh script.
-------------------------------------------------------------------
Mon Jun 19 12:59:00 CEST 2006 - garloff@suse.de
- Update to version 0.8.
- Enable -fstack-protector for auth relevant files.
- Fix some compiler warnings.
- Disallow NoneAuth if password is set (#184418, CVE-2006-2450).
-------------------------------------------------------------------
Fri Feb 24 22:51:21 CET 2006 - garloff@suse.de
- Optimize event loop in LibVNCserver (from intel for Xen).
-------------------------------------------------------------------
Wed Jan 25 21:33:41 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Dec 30 20:45:29 CET 2005 - garloff@suse.de
- Don't enable -threads by default; it's performance is nice, but
the stability is not that great.
- Include x11vnc_ssh in distribution.
-------------------------------------------------------------------
Thu Dec 22 18:55:29 CET 2005 - garloff@suse.de
- Workaround for -thread mode: Wait for a client being fully
authenticated before sending data.
-------------------------------------------------------------------
Wed Dec 21 15:27:36 CET 2005 - garloff@suse.de
- Update to LibVNCServer-0.7.99
- Fix compiler detected bugs (uninitialized var, buffer overflow).
- Package documentation.
-------------------------------------------------------------------
Tue Dec 20 11:52:22 CET 2005 - ro@suse.de
- do not try to detect LINUX by presence of /dev/vcsa1
-------------------------------------------------------------------
Sun Aug 21 03:27:19 CEST 2005 - garloff@suse.de
- Initial creation of package LibVNCServer-0.7.1.
-------------------------------------------------------------------

149
LibVNCServer.spec Normal file
View File

@ -0,0 +1,149 @@
#
# spec file for package LibVNCServer
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define libnum 1
Name: LibVNCServer
Version: 0.9.14
Release: 0
Summary: VNC Development Library
License: GPL-2.0-or-later
Group: Development/Libraries/X11
URL: https://github.com/LibVNC/libvncserver
# Archive is renamed by github
Source0: https://github.com/LibVNC/libvncserver/archive/%{name}-%{version}.tar.gz
Source1: baselibs.conf
#PATCH-FIX-OPENSUSE: redefine keysyms only if needed
Patch0: redef-keysym.patch
#PATCH-FEATURE-UPSTREAM TLS security type enablement patches gh#LibVNC/libvncserver!234
Patch10: 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
Patch11: 0002-libvncserver-Add-channel-security-handlers.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: libavahi-devel
BuildRequires: libgcrypt-devel
BuildRequires: libgnutls-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
BuildRequires: lzo-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: slang-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
VNC is a set of programs using the RFB (Remote Frame Buffer) protocol.
They are designed to "export" a frame buffer via the network. It is
already in wide use for administration, but it is not that easy to
program a server yourself. This has been changed by LibVNCServer.
X.org already has a virtual Xvnc server which you can start as an own
screen (e.g. :1) and connect to with a VNC client (e.g. vncviewer from
tightvnc). The x11vnc binary (that allows you to export the window of a
real running X11 server) has been split off into its own package on
2007-07-16.
%package -n libvncclient%{libnum}
Summary: Library implementing a VNC client
Group: System/Libraries
Obsoletes: linuxvnc < %{version}
Conflicts: LibVNCServer < %version
%description -n libvncclient%{libnum}
LibVNCServer/LibVNCClient are cross-platform C libraries that allow
implementing VNC server or client functionality in your program.
%package -n libvncserver%{libnum}
Summary: Library implementing a VNC server
Group: System/Libraries
%description -n libvncserver%{libnum}
LibVNCServer/LibVNCClient are cross-platform C libraries that allow
implementing VNC server or client functionality in your program.
%package devel
Requires: gnutls-devel
Requires: libvncclient%{libnum} = %version
Requires: libvncserver%{libnum} = %version
Requires: zlib-devel
Summary: VNC Development Library
Group: Development/Libraries/X11
%description devel
VNC is a set of programs using the RFB (Remote Frame Buffer) protocol.
They are designed to "export" a frame buffer via the network. It is
already in wide use for administration, but it is not that easy to
program a server yourself. This has been changed by LibVNCServer.
X.org already has a virtual Xvnc server which you can start as an own
screen (e.g. :1) and connect to with a VNC client (e.g. vncviewer from
tightvnc).
The LibVNCServer-devel package contains the static libraries and header
files for LibVNCServer.
%prep
%setup -q -n libvncserver-%{name}-%{version}
%autopatch -p1
# fix encoding
for file in ChangeLog ; do
mv ${file} ${file}.OLD && \
iconv -f ISO_8859-1 -t UTF8 ${file}.OLD > ${file} && \
touch --reference ${file}.OLD $file
done
%build
%cmake
make %{?_smp_mflags}
%check
pushd build
export LD_LIBRARY_PATH="$(pwd)"
make test
%install
%cmake_install
%post -n libvncclient%{libnum} -p /sbin/ldconfig
%postun -n libvncclient%{libnum} -p /sbin/ldconfig
%post -n libvncserver%{libnum} -p /sbin/ldconfig
%postun -n libvncserver%{libnum} -p /sbin/ldconfig
%files -n libvncserver%{libnum}
%defattr(-,root,root)
%doc COPYING README.md
%_libdir/libvncserver.so.%{version}
%_libdir/libvncserver.so.%{libnum}*
%files -n libvncclient%{libnum}
%defattr(-,root,root)
%doc COPYING README.md
%_libdir/libvncclient.so.%{version}
%_libdir/libvncclient.so.%{libnum}*
%files devel
%defattr(-,root,root)
%doc AUTHORS COPYING ChangeLog NEWS.md README.md
%{_includedir}/rfb/*
%dir /usr/include/rfb
%{_libdir}/libvncclient.so
%{_libdir}/libvncserver.so
%{_libdir}/pkgconfig/*.pc
%{_libdir}/cmake/LibVNCServer
%changelog

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
LibVNCServer

244
redef-keysym.patch Normal file
View File

@ -0,0 +1,244 @@
Index: LibVNCServer-0.8.2/rfb/keysym.h
===================================================================
--- LibVNCServer-0.8.2.orig/rfb/keysym.h
+++ LibVNCServer-0.8.2/rfb/keysym.h
@@ -50,15 +50,29 @@ SOFTWARE.
******************************************************************/
/* default keysyms */
-#define XK_MISCELLANY
-#define XK_XKB_KEYS
-#define XK_LATIN1
-#define XK_LATIN2
-#define XK_LATIN3
-#define XK_LATIN4
-#define XK_GREEK
+#ifndef XK_MISCELLANY
+# define _XK_MISCELLANY
+#endif
+#ifndef XK_XKB_KEYS
+# define _XK_XKB_KEYS
+#endif
+#ifndef XK_LATIN1
+# define _XK_LATIN1
+#endif
+#ifndef XK_LATIN2
+# define _XK_LATIN2
+#endif
+#ifndef XK_LATIN3
+# define _XK_LATIN3
+#endif
+#ifndef XK_LATIN4
+# define _XK_LATIN4
+#endif
+#ifndef XK_GREEK
+# define _XK_GREEK
+#endif
/* $TOG: keysymdef.h /main/25 1997/06/21 10:54:51 kaleb $ */
/***********************************************************
@@ -110,11 +124,13 @@ ARISING OUT OF OR IN CONNECTION WITH THE
SOFTWARE.
******************************************************************/
-#define XK_VoidSymbol 0xFFFFFF /* void symbol */
+#ifndef XK_VoidSymbol
+# define XK_VoidSymbol 0xFFFFFF /* void symbol */
+#endif
-#ifdef XK_MISCELLANY
+#ifdef _XK_MISCELLANY
/*
* TTY Functions, cleverly chosen to map to ascii, for convenience of
* programming, but could have been arbitrary (at the cost of lookup
* tables in client code.
@@ -330,9 +346,9 @@ SOFTWARE.
* ISO 9995 Function and Modifier Keys
* Byte 3 = 0xFE
*/
-#ifdef XK_XKB_KEYS
+#ifdef _XK_XKB_KEYS
#define XK_ISO_Lock 0xFE01
#define XK_ISO_Level2_Latch 0xFE02
#define XK_ISO_Level3_Shift 0xFE03
#define XK_ISO_Level3_Latch 0xFE04
@@ -445,9 +461,9 @@ SOFTWARE.
* 3270 Terminal Keys
* Byte 3 = 0xFD
*/
-#ifdef XK_3270
+#ifdef _XK_3270
#define XK_3270_Duplicate 0xFD01
#define XK_3270_FieldMark 0xFD02
#define XK_3270_Right2 0xFD03
#define XK_3270_Left2 0xFD04
@@ -482,9 +498,9 @@ SOFTWARE.
/*
* Latin 1
* Byte 3 = 0
*/
-#ifdef XK_LATIN1
+#ifdef _XK_LATIN1
#define XK_space 0x020
#define XK_exclam 0x021
#define XK_quotedbl 0x022
#define XK_numbersign 0x023
@@ -686,9 +702,9 @@ SOFTWARE.
* Latin 2
* Byte 3 = 1
*/
-#ifdef XK_LATIN2
+#ifdef _XK_LATIN2
#define XK_Aogonek 0x1a1
#define XK_breve 0x1a2
#define XK_Lstroke 0x1a3
#define XK_Lcaron 0x1a5
@@ -751,9 +767,9 @@ SOFTWARE.
* Latin 3
* Byte 3 = 2
*/
-#ifdef XK_LATIN3
+#ifdef _XK_LATIN3
#define XK_Hstroke 0x2a1
#define XK_Hcircumflex 0x2a6
#define XK_Iabovedot 0x2a9
#define XK_Gbreve 0x2ab
@@ -782,9 +798,9 @@ SOFTWARE.
* Latin 4
* Byte 3 = 3
*/
-#ifdef XK_LATIN4
+#ifdef _XK_LATIN4
#define XK_kra 0x3a2
#define XK_kappa 0x3a2 /* deprecated */
#define XK_Rcedilla 0x3a3
#define XK_Itilde 0x3a5
@@ -826,9 +842,9 @@ SOFTWARE.
* Katakana
* Byte 3 = 4
*/
-#ifdef XK_KATAKANA
+#ifdef _XK_KATAKANA
#define XK_overline 0x47e
#define XK_kana_fullstop 0x4a1
#define XK_kana_openingbracket 0x4a2
#define XK_kana_closingbracket 0x4a3
@@ -904,9 +920,9 @@ SOFTWARE.
* Arabic
* Byte 3 = 5
*/
-#ifdef XK_ARABIC
+#ifdef _XK_ARABIC
#define XK_Arabic_comma 0x5ac
#define XK_Arabic_semicolon 0x5bb
#define XK_Arabic_question_mark 0x5bf
#define XK_Arabic_hamza 0x5c1
@@ -961,9 +977,9 @@ SOFTWARE.
/*
* Cyrillic
* Byte 3 = 6
*/
-#ifdef XK_CYRILLIC
+#ifdef _XK_CYRILLIC
#define XK_Serbian_dje 0x6a1
#define XK_Macedonia_gje 0x6a2
#define XK_Cyrillic_io 0x6a3
#define XK_Ukrainian_ie 0x6a4
@@ -1076,9 +1092,9 @@ SOFTWARE.
* Greek
* Byte 3 = 7
*/
-#ifdef XK_GREEK
+#ifdef _XK_GREEK
#define XK_Greek_ALPHAaccent 0x7a1
#define XK_Greek_EPSILONaccent 0x7a2
#define XK_Greek_ETAaccent 0x7a3
#define XK_Greek_IOTAaccent 0x7a4
@@ -1158,9 +1174,9 @@ SOFTWARE.
* Technical
* Byte 3 = 8
*/
-#ifdef XK_TECHNICAL
+#ifdef _XK_TECHNICAL
#define XK_leftradical 0x8a1
#define XK_topleftradical 0x8a2
#define XK_horizconnector 0x8a3
#define XK_topintegral 0x8a4
@@ -1215,9 +1231,9 @@ SOFTWARE.
* Special
* Byte 3 = 9
*/
-#ifdef XK_SPECIAL
+#ifdef _XK_SPECIAL
#define XK_blank 0x9df
#define XK_soliddiamond 0x9e0
#define XK_checkerboard 0x9e1
#define XK_ht 0x9e2
@@ -1247,9 +1263,9 @@ SOFTWARE.
* Publishing
* Byte 3 = a
*/
-#ifdef XK_PUBLISHING
+#ifdef _XK_PUBLISHING
#define XK_emspace 0xaa1
#define XK_enspace 0xaa2
#define XK_em3space 0xaa3
#define XK_em4space 0xaa4
@@ -1338,9 +1354,9 @@ SOFTWARE.
* APL
* Byte 3 = b
*/
-#ifdef XK_APL
+#ifdef _XK_APL
#define XK_leftcaret 0xba3
#define XK_rightcaret 0xba6
#define XK_downcaret 0xba8
#define XK_upcaret 0xba9
@@ -1365,9 +1381,9 @@ SOFTWARE.
* Hebrew
* Byte 3 = c
*/
-#ifdef XK_HEBREW
+#ifdef _XK_HEBREW
#define XK_hebrew_doublelowline 0xcdf
#define XK_hebrew_aleph 0xce0
#define XK_hebrew_bet 0xce1
#define XK_hebrew_beth 0xce1 /* deprecated */
@@ -1413,9 +1429,9 @@ SOFTWARE.
* Thai
* Byte 3 = d
*/
-#ifdef XK_THAI
+#ifdef _XK_THAI
#define XK_Thai_kokai 0xda1
#define XK_Thai_khokhai 0xda2
#define XK_Thai_khokhuat 0xda3
#define XK_Thai_khokhwai 0xda4
@@ -1505,9 +1521,9 @@ SOFTWARE.
* Korean
* Byte 3 = e
*/
-#ifdef XK_KOREAN
+#ifdef _XK_KOREAN
#define XK_Hangul 0xff31 /* Hangul start/stop(toggle) */
#define XK_Hangul_Start 0xff32 /* Hangul start */
#define XK_Hangul_End 0xff33 /* Hangul end, English start */