commit 39f0f9db4b95f594f1528b4b86ab016b25391bb72223efe6a02b510f8e1e27ef Author: Adrian Schröter Date: Tue Nov 12 12:05:18 2024 +0100 Sync from SUSE:SLFO:Main LibVNCServer revision e7f5f8718ef2283a10d3924453dd24e5 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch b/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch new file mode 100644 index 0000000..93df8a5 --- /dev/null +++ b/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch @@ -0,0 +1,238 @@ +From e4849b01fec4494057728d1aa3a165ed21705682 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Mon, 11 Jun 2018 23:47:02 +0200 +Subject: [PATCH 1/4] libvncserver: Add API to add custom I/O entry points + +Add API to make it possible to channel RFB input and output through +another layer, for example TLS. This is done by making it possible to +override the default read/write/peek functions. +--- + libvncserver/rfbserver.c | 4 ++ + libvncserver/sockets.c | 79 ++++++++++++++++++++++++++++++++++++---- + rfb/rfb.h | 17 +++++++++ + 3 files changed, 93 insertions(+), 7 deletions(-) + +Index: libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c +=================================================================== +--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/rfbserver.c ++++ libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c +@@ -321,6 +321,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rf + + cl->screen = rfbScreen; + cl->sock = sock; ++ cl->readFromSocket = rfbDefaultReadFromSocket; ++ cl->peekAtSocket = rfbDefaultPeekAtSocket; ++ cl->hasPendingOnSocket = rfbDefaultHasPendingOnSocket; ++ cl->writeToSocket = rfbDefaultWriteToSocket; + cl->viewOnly = FALSE; + /* setup pseudo scaling */ + cl->scaledScreen = rfbScreen; +Index: libvncserver-LibVNCServer-0.9.14/libvncserver/sockets.c +=================================================================== +--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/sockets.c ++++ libvncserver-LibVNCServer-0.9.14/libvncserver/sockets.c +@@ -102,6 +102,9 @@ int rfbMaxClientWait = 20000; /* time + gone away - needed to stop us hanging */ + + static rfbBool ++rfbHasPendingOnSocket(rfbClientPtr cl); ++ ++static rfbBool + rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, rfbSocket sock) + { + const int one = 1; +@@ -364,16 +367,20 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,l + tv.tv_usec = usec; + nfds = select(rfbScreen->maxFd + 1, &fds, NULL, NULL /* &fds */, &tv); + if (nfds == 0) { ++ rfbBool hasPendingData = FALSE; ++ + /* timed out, check for async events */ + i = rfbGetClientIterator(rfbScreen); + while((cl = rfbClientIteratorNext(i))) { + if (cl->onHold) + continue; ++ hasPendingData |= rfbHasPendingOnSocket(cl); + if (FD_ISSET(cl->sock, &(rfbScreen->allFds))) + rfbSendFileTransferChunk(cl); + } + rfbReleaseClientIterator(i); +- return result; ++ if (!hasPendingData) ++ return result; + } + + if (nfds < 0) { +@@ -449,9 +456,11 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,l + if (cl->onHold) + continue; + +- if (FD_ISSET(cl->sock, &(rfbScreen->allFds))) ++ if (rfbHasPendingOnSocket (cl) || ++ FD_ISSET(cl->sock, &(rfbScreen->allFds))) + { +- if (FD_ISSET(cl->sock, &fds)) ++ if (rfbHasPendingOnSocket (cl) || ++ FD_ISSET(cl->sock, &fds)) + { + #ifdef LIBVNCSERVER_WITH_WEBSOCKETS + do { +@@ -638,6 +647,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen, + return sock; + } + ++int ++rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len) ++{ ++ return read(cl->sock, buf, len); ++} ++ ++static int ++rfbReadFromSocket(rfbClientPtr cl, char *buf, int len) ++{ ++ return cl->readFromSocket(cl, buf, len); ++} ++ ++rfbBool ++rfbDefaultHasPendingOnSocket(rfbClientPtr cl) ++{ ++ return FALSE; ++} ++ ++static rfbBool ++rfbHasPendingOnSocket(rfbClientPtr cl) ++{ ++ return cl->hasPendingOnSocket(cl); ++} ++ + /* + * ReadExact reads an exact number of bytes from a client. Returns 1 if + * those bytes have been read, 0 if the other end has closed, or -1 if an error +@@ -659,10 +692,10 @@ rfbReadExactTimeout(rfbClientPtr cl, cha + } else if (cl->sslctx) { + n = rfbssl_read(cl, buf, len); + } else { +- n = read(sock, buf, len); ++ n = rfbReadFromSocket(cl, buf, len); + } + #else +- n = read(sock, buf, len); ++ n = rfbReadFromSocket(cl, buf, len); + #endif + + if (n > 0) { +@@ -694,6 +727,10 @@ rfbReadExactTimeout(rfbClientPtr cl, cha + continue; + } + #endif ++ ++ if (rfbHasPendingOnSocket(cl)) ++ continue; ++ + FD_ZERO(&fds); + FD_SET(sock, &fds); + tv.tv_sec = timeout / 1000; +@@ -730,6 +767,18 @@ int rfbReadExact(rfbClientPtr cl,char* b + return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait)); + } + ++int ++rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len) ++{ ++ return recv(cl->sock, buf, len, MSG_PEEK); ++} ++ ++int ++rfbPeekAtSocket(rfbClientPtr cl, char *buf, int len) ++{ ++ return cl->peekAtSocket(cl, buf, len); ++} ++ + /* + * PeekExact peeks at an exact number of bytes from a client. Returns 1 if + * those bytes have been read, 0 if the other end has closed, or -1 if an +@@ -750,7 +799,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, cha + n = rfbssl_peek(cl, buf, len); + else + #endif +- n = recv(sock, buf, len, MSG_PEEK); ++ n = rfbPeekAtSocket(cl, buf, len); + + if (n == len) { + +@@ -806,6 +855,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, cha + return 1; + } + ++int ++rfbDefaultWriteToSocket(rfbClientPtr cl, ++ const char *buf, ++ int len) ++{ ++ return write(cl->sock, buf, len); ++} ++ ++static int ++rfbWriteToSocket(rfbClientPtr cl, ++ const char *buf, ++ int len) ++{ ++ return cl->writeToSocket(cl, buf, len); ++} ++ + /* + * WriteExact writes an exact number of bytes to a client. Returns 1 if + * those bytes have been written, or -1 if an error occurred (errno is set to +@@ -863,7 +928,7 @@ rfbWriteExact(rfbClientPtr cl, + n = rfbssl_write(cl, buf, len); + else + #endif +- n = write(sock, buf, len); ++ n = rfbWriteToSocket(cl, buf, len); + + if (n > 0) { + +Index: libvncserver-LibVNCServer-0.9.14/rfb/rfb.h +=================================================================== +--- libvncserver-LibVNCServer-0.9.14.orig/rfb/rfb.h ++++ libvncserver-LibVNCServer-0.9.14/rfb/rfb.h +@@ -398,6 +398,14 @@ typedef struct sraRegion* sraRegionPtr; + typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl); + typedef void (*ClientFramebufferUpdateRequestHookPtr)(struct _rfbClientRec* cl, rfbFramebufferUpdateRequestMsg* furMsg); + ++typedef int (*ClientReadFromSocket)(struct _rfbClientRec* cl, ++ char *buf, int len); ++typedef int (*ClientPeekAtSocket)(struct _rfbClientRec* cl, ++ char *buf, int len); ++typedef rfbBool (*ClientHasPendingOnSocket)(struct _rfbClientRec* cl); ++typedef int (*ClientWriteToSocket)(struct _rfbClientRec* cl, ++ const char *buf, int len); ++ + typedef struct _rfbFileTransferData { + int fd; + int compressionEnabled; +@@ -707,6 +715,11 @@ typedef struct _rfbClientRec { + int tightPngDstDataLen; + #endif + #endif ++ ++ ClientReadFromSocket readFromSocket; /* Read data from socket */ ++ ClientPeekAtSocket peekAtSocket; /* Peek at data from socket */ ++ ClientHasPendingOnSocket hasPendingOnSocket; /* Peek at data from socket */ ++ ClientWriteToSocket writeToSocket; /* Write data to socket */ + } rfbClientRec, *rfbClientPtr; + + /** +@@ -759,8 +772,12 @@ extern void rfbDisconnectUDPSock(rfbScre + extern void rfbCloseClient(rfbClientPtr cl); + extern int rfbReadExact(rfbClientPtr cl, char *buf, int len); + extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout); ++extern int rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len); + extern int rfbPeekExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout); ++extern int rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len); ++extern rfbBool rfbDefaultHasPendingOnSocket(rfbClientPtr cl); + extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len); ++extern int rfbDefaultWriteToSocket(rfbClientPtr cl, const char *buf, int len); + extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec); + extern rfbSocket rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port); + extern rfbSocket rfbConnectToTcpAddr(char* host, int port); diff --git a/0002-libvncserver-Add-channel-security-handlers.patch b/0002-libvncserver-Add-channel-security-handlers.patch new file mode 100644 index 0000000..0a28122 --- /dev/null +++ b/0002-libvncserver-Add-channel-security-handlers.patch @@ -0,0 +1,362 @@ +From c9131a78878a785c3de21e9d49521d7b68400ad7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Mon, 11 Jun 2018 23:50:05 +0200 +Subject: [PATCH 2/4] libvncserver: Add channel security handlers + +Add another type of security handler that is meant to be used initially +to set up a secure channel. Regular security handlers would be +advertised and processed after any channel security have succeeded. + +For example, this, together with the custom I/O functions allows a +LibVNCServer user to implement TLS in combination with VNCAuth. This is +done by adding a single channel security handler with the rfbTLS (18) +with a handler that initiates a TLS session, and when a TLS session is +initiated, the regular security handler list is sent. +--- + libvncserver/auth.c | 164 ++++++++++++++++++++++++++++++--------- + libvncserver/rfbserver.c | 1 + + rfb/rfb.h | 15 +++- + 3 files changed, 142 insertions(+), 38 deletions(-) + +Index: libvncserver-LibVNCServer-0.9.14/libvncserver/auth.c +=================================================================== +--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/auth.c ++++ libvncserver-LibVNCServer-0.9.14/libvncserver/auth.c +@@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl + * Handle security types + */ + ++/* Channel security handlers to set up a secure channel, e.g. TLS. */ ++static rfbSecurityHandler* channelSecurityHandlers = NULL; ++ ++/* Security handlers when channel security is established. */ + static rfbSecurityHandler* securityHandlers = NULL; + +-/* +- * This method registers a list of new security types. +- * It avoids same security type getting registered multiple times. +- * The order is not preserved if multiple security types are +- * registered at one-go. +- */ + void +-rfbRegisterSecurityHandler(rfbSecurityHandler* handler) ++rfbRegisterSecurityHandlerTo(rfbSecurityHandler* handler, ++ rfbSecurityHandler** handlerList) + { +- rfbSecurityHandler *head = securityHandlers, *next = NULL; ++ rfbSecurityHandler *head = *handlerList, *next = NULL; + + if(handler == NULL) + return; +@@ -57,39 +56,35 @@ rfbRegisterSecurityHandler(rfbSecurityHa + + while(head != NULL) { + if(head == handler) { +- rfbRegisterSecurityHandler(next); ++ rfbRegisterSecurityHandlerTo(next, handlerList); + return; + } + + head = head->next; + } + +- handler->next = securityHandlers; +- securityHandlers = handler; ++ handler->next = *handlerList; ++ *handlerList = handler; + +- rfbRegisterSecurityHandler(next); ++ rfbRegisterSecurityHandlerTo(next, handlerList); + } + +-/* +- * This method unregisters a list of security types. +- * These security types won't be available for any new +- * client connection. +- */ +-void +-rfbUnregisterSecurityHandler(rfbSecurityHandler* handler) ++static void ++rfbUnregisterSecurityHandlerFrom(rfbSecurityHandler* handler, ++ rfbSecurityHandler** handlerList) + { + rfbSecurityHandler *cur = NULL, *pre = NULL; + + if(handler == NULL) + return; + +- if(securityHandlers == handler) { +- securityHandlers = securityHandlers->next; +- rfbUnregisterSecurityHandler(handler->next); ++ if(*handlerList == handler) { ++ *handlerList = (*handlerList)->next; ++ rfbUnregisterSecurityHandlerFrom(handler->next, handlerList); + return; + } + +- cur = pre = securityHandlers; ++ cur = pre = *handlerList; + + while(cur) { + if(cur == handler) { +@@ -99,7 +94,50 @@ rfbUnregisterSecurityHandler(rfbSecurity + pre = cur; + cur = cur->next; + } +- rfbUnregisterSecurityHandler(handler->next); ++ rfbUnregisterSecurityHandlerFrom(handler->next, handlerList); ++} ++ ++void ++rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler) ++{ ++ rfbRegisterSecurityHandlerTo(handler, &channelSecurityHandlers); ++} ++ ++/* ++ * This method unregisters a list of security types. ++ * These security types won't be available for any new ++ * client connection. ++ */ ++ ++void ++rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler) ++{ ++ rfbUnregisterSecurityHandlerFrom(handler, &channelSecurityHandlers); ++} ++ ++/* ++ * This method registers a list of new security types. ++ * It avoids same security type getting registered multiple times. ++ * The order is not preserved if multiple security types are ++ * registered at one-go. ++ */ ++ ++void ++rfbRegisterSecurityHandler(rfbSecurityHandler* handler) ++{ ++ rfbRegisterSecurityHandlerTo(handler, &securityHandlers); ++} ++ ++/* ++ * This method unregisters a list of security types. ++ * These security types won't be available for any new ++ * client connection. ++ */ ++ ++void ++rfbUnregisterSecurityHandler(rfbSecurityHandler* handler) ++{ ++ rfbUnregisterSecurityHandlerFrom(handler, &securityHandlers); + } + + /* +@@ -197,9 +235,22 @@ static rfbSecurityHandler VncSecurityHan + NULL + }; + ++static int32_t ++determinePrimarySecurityType(rfbClientPtr cl) ++{ ++ if (!cl->screen->authPasswdData || cl->reverseConnection) { ++ /* chk if this condition is valid or not. */ ++ return rfbSecTypeNone; ++ } else if (cl->screen->authPasswdData) { ++ return rfbSecTypeVncAuth; ++ } else { ++ return rfbSecTypeInvalid; ++ } ++} + +-static void +-rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType) ++void ++rfbSendSecurityTypeList(rfbClientPtr cl, ++ enum rfbSecurityTag exclude) + { + /* The size of the message is the count of security types +1, + * since the first byte is the number of types. */ +@@ -207,9 +258,10 @@ rfbSendSecurityTypeList(rfbClientPtr cl, + rfbSecurityHandler* handler; + #define MAX_SECURITY_TYPES 255 + uint8_t buffer[MAX_SECURITY_TYPES+1]; +- ++ int32_t primaryType; + + /* Fill in the list of security types in the client structure. (NOTE: Not really in the client structure) */ ++ primaryType = determinePrimarySecurityType(cl); + switch (primaryType) { + case rfbSecTypeNone: + rfbUnregisterSecurityHandler(&VncSecurityHandlerVncAuth); +@@ -223,6 +275,9 @@ rfbSendSecurityTypeList(rfbClientPtr cl, + + for (handler = securityHandlers; + handler && sizenext) { ++ if (exclude && (handler->securityTags & exclude)) ++ continue; ++ + buffer[size] = handler->type; + size++; + } +@@ -251,7 +306,29 @@ rfbSendSecurityTypeList(rfbClientPtr cl, + cl->state = RFB_SECURITY_TYPE; + } + ++static void ++rfbSendChannelSecurityTypeList(rfbClientPtr cl) ++{ ++ int size = 1; ++ rfbSecurityHandler* handler; ++ uint8_t buffer[MAX_SECURITY_TYPES+1]; ++ ++ for (handler = channelSecurityHandlers; ++ handler && sizenext) { ++ buffer[size] = handler->type; ++ size++; ++ } ++ buffer[0] = (unsigned char)size-1; ++ ++ if (rfbWriteExact(cl, (char *)buffer, size) < 0) { ++ rfbLogPerror("rfbSendSecurityTypeList: write"); ++ rfbCloseClient(cl); ++ return; ++ } + ++ /* Dispatch client input to rfbProcessClientChannelSecurityType. */ ++ cl->state = RFB_CHANNEL_SECURITY_TYPE; ++} + + + /* +@@ -299,18 +376,19 @@ rfbSendSecurityType(rfbClientPtr cl, int + void + rfbAuthNewClient(rfbClientPtr cl) + { +- int32_t securityType = rfbSecTypeInvalid; ++ int32_t securityType; + +- if (!cl->screen->authPasswdData || cl->reverseConnection) { +- /* chk if this condition is valid or not. */ +- securityType = rfbSecTypeNone; +- } else if (cl->screen->authPasswdData) { +- securityType = rfbSecTypeVncAuth; +- } ++ securityType = determinePrimarySecurityType(cl); + + if (cl->protocolMajorVersion==3 && cl->protocolMinorVersion < 7) + { + /* Make sure we use only RFB 3.3 compatible security types. */ ++ if (channelSecurityHandlers) { ++ rfbLog("VNC channel security enabled - RFB 3.3 client rejected\n"); ++ rfbClientConnFailed(cl, "Your viewer cannot hnadler required " ++ "security methods"); ++ return; ++ } + if (securityType == rfbSecTypeInvalid) { + rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n"); + rfbClientConnFailed(cl, "Your viewer cannot handle required " +@@ -318,9 +396,13 @@ rfbAuthNewClient(rfbClientPtr cl) + return; + } + rfbSendSecurityType(cl, securityType); ++ } else if (channelSecurityHandlers) { ++ rfbLog("Send channel security type list\n"); ++ rfbSendChannelSecurityTypeList(cl); + } else { + /* Here it's ok when securityType is set to rfbSecTypeInvalid. */ +- rfbSendSecurityTypeList(cl, securityType); ++ rfbLog("Send channel security type 'none'\n"); ++ rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE); + } + } + +@@ -334,6 +416,7 @@ rfbProcessClientSecurityType(rfbClientPt + int n; + uint8_t chosenType; + rfbSecurityHandler* handler; ++ rfbSecurityHandler* handlerListHead; + + /* Read the security type. */ + n = rfbReadExact(cl, (char *)&chosenType, 1); +@@ -346,8 +429,17 @@ rfbProcessClientSecurityType(rfbClientPt + return; + } + ++ switch (cl->state) { ++ case RFB_CHANNEL_SECURITY_TYPE: ++ handlerListHead = channelSecurityHandlers; ++ break; ++ case RFB_SECURITY_TYPE: ++ handlerListHead = securityHandlers; ++ break; ++ } ++ + /* Make sure it was present in the list sent by the server. */ +- for (handler = securityHandlers; handler; handler = handler->next) { ++ for (handler = handlerListHead; handler; handler = handler->next) { + if (chosenType == handler->type) { + rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType); + handler->handler(cl); +Index: libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c +=================================================================== +--- libvncserver-LibVNCServer-0.9.14.orig/libvncserver/rfbserver.c ++++ libvncserver-LibVNCServer-0.9.14/libvncserver/rfbserver.c +@@ -670,6 +670,7 @@ rfbProcessClientMessage(rfbClientPtr cl) + case RFB_PROTOCOL_VERSION: + rfbProcessClientProtocolVersion(cl); + return; ++ case RFB_CHANNEL_SECURITY_TYPE: + case RFB_SECURITY_TYPE: + rfbProcessClientSecurityType(cl); + return; +Index: libvncserver-LibVNCServer-0.9.14/rfb/rfb.h +=================================================================== +--- libvncserver-LibVNCServer-0.9.14.orig/rfb/rfb.h ++++ libvncserver-LibVNCServer-0.9.14/rfb/rfb.h +@@ -147,6 +147,11 @@ typedef struct { + } data; /**< there have to be count*3 entries */ + } rfbColourMap; + ++enum rfbSecurityTag { ++ RFB_SECURITY_TAG_NONE = 0, ++ RFB_SECURITY_TAG_CHANNEL = 1 << 0 ++}; ++ + /** + * Security handling (RFB protocol version 3.7) + */ +@@ -155,6 +160,7 @@ typedef struct _rfbSecurity { + uint8_t type; + void (*handler)(struct _rfbClientRec* cl); + struct _rfbSecurity* next; ++ enum rfbSecurityTag securityTags; + } rfbSecurityHandler; + + /** +@@ -491,7 +497,7 @@ typedef struct _rfbClientRec { + /** Possible client states: */ + enum { + RFB_PROTOCOL_VERSION, /**< establishing protocol version */ +- RFB_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */ ++ RFB_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */ + RFB_AUTHENTICATION, /**< authenticating */ + RFB_INITIALISATION, /**< sending initialisation messages */ + RFB_NORMAL, /**< normal protocol messages */ +@@ -500,6 +506,7 @@ typedef struct _rfbClientRec { + * using LibVNCServer to provide services: */ + + RFB_INITIALISATION_SHARED, /**< sending initialisation messages with implicit shared-flag already true */ ++ RFB_CHANNEL_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */ + RFB_SHUTDOWN /**< Client is shutting down */ + } state; + +@@ -870,6 +877,9 @@ extern void rfbProcessClientSecurityType + extern void rfbAuthProcessClientMessage(rfbClientPtr cl); + extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler); + extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler); ++extern void rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler); ++extern void rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler); ++extern void rfbSendSecurityTypeList(rfbClientPtr cl, enum rfbSecurityTag exclude); + + /* rre.c */ + diff --git a/LibVNCServer-0.9.14.tar.gz b/LibVNCServer-0.9.14.tar.gz new file mode 100644 index 0000000..40b0d32 --- /dev/null +++ b/LibVNCServer-0.9.14.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:83104e4f7e28b02f8bf6b010d69b626fae591f887e949816305daebae527c9a5 +size 593516 diff --git a/LibVNCServer.changes b/LibVNCServer.changes new file mode 100644 index 0000000..d8adab7 --- /dev/null +++ b/LibVNCServer.changes @@ -0,0 +1,584 @@ +------------------------------------------------------------------- +Fri Jun 23 14:44:58 UTC 2023 - pgajdos@suse.com + +- version update to 0.9.14 + ## Overall changes: + * Added more documentation (build system integration, repeater setup) and a legal FAQ. + * Added [contribution guidelines](CONTRIBUTING.md). + * Ported the TravisCI continous integration machinery to GitHub workflows. + ## LibVNCServer/LibVNCClient: + * Added [qemu extended key event]. + * Fixed several potential multiplication overflows. + ## LibVNCClient: + * Fixes of several memory leaks and buffer overflows. + * Added UltraVNC's MSLogonII authentication scheme. + * Fixed TLS interoperability with GnuTLS servers. + * Fixed detection of newer UltraVNC and TightVNC servers. + * Added support for [SetDesktopSize]. + * Added SSH tunneling example using libssh2. + * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers. + ## LibVNCServer: + * Fixes to the multi-threaded server implementation which should be a lot more sound now. + * Fixed TightVNC-filetransfer file upload for 64-bit systems. + * Fixes of crashes in the zlib compression. + * Added support for [UTF8 clipboard data]. + * Fixed visual artifacts in framebuffer on ARM platforms. + * Fixed several WebSockets bugs. + * Fixed the UltraVNC-style repeater example. + * Added support for larger framebuffers (two 4k screens possible now). + * Added support for timeouts for outbound connections (to repeaters for instance). + * Fixed out-of-bounds memory access in Tight encoding. +- modified patches + % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed) + % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed) +- deleted patches + - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch (upstreamed) + - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch (upstreamed) + - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch (upstreamed) + - LibVNCServer-CVE-2020-29260.patch (upstreamed) + +------------------------------------------------------------------- +Thu Sep 8 08:26:25 UTC 2022 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup() + + LibVNCServer-CVE-2020-29260.patch + +------------------------------------------------------------------- +Fri Sep 17 07:14:46 UTC 2021 - pgajdos@suse.com + +- purposedly adding just this changelog entry +- previous version updates fixed also: + * CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + * CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite + * CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes + * CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS + * CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak + * CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c + * CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c + * CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock() + * CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c + * CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + * CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service + * CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + * CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings. + * CVE-2020-14403 [bsc#1173701] + * CVE-2020-14404 [bsc#1173701] + +------------------------------------------------------------------- +Fri Jan 8 15:07:43 UTC 2021 - Frederic Crozat + +- Add many patches needed for GNOME Remote desktop (already in + Fedora): + * TLS security type enablement patches gh#LibVNC/libvncserver!234 + - 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch + - 0002-libvncserver-Add-channel-security-handlers.patch + - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch + * Fix crash on all runs after the first gh#LibVNC/libvncserver!444 rh#1882718 + - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch + * Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718 + - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch + +------------------------------------------------------------------- +Tue Jun 30 06:48:57 UTC 2020 - pgajdos@suse.com + +- version update to 0.9.13 [bsc#1173477] + ## Overall changes: + * Small tweaks to the CMake build system. + * The macOS server example was overhauled and is now the most feature-complete sample + application of the project, ready for real-world use. + * Lots of documentation updates and markdownifying. + * The TravisCI continuous integration now also build-checks cross-compilation from + Linux to Windows. + * Setup a [Gitter community chat](https://gitter.im/LibVNC/libvncserver) for the project. + ## LibVNCServer/LibVNCClient: + * Both LibVNCServer and LibVNCClient now support an additional platform, namely + Microsoft Windows. Building is supported with Visual Studio as well as MingGW. + * The separate crypto routines used by LibVNCClient and LibVNCServer were refactored + into an implementation common to both libraries. + * Several security issues got fixed. + * The bundled noVNC client is now at version 1.1.0 and included via a git submodule. + ## LibVNCClient: + * Added connect timeout as well as read timeout support thanks to Tobias Junghans. + * Both TLS backends now do proper locking of network operations when multi-threaded + thanks to Gaurav Ujjwal. + * Fixed regression in Tight/Raw decoding introduced in 0.9.12 thanks to DRC. + * Fixed encrypted connections to AnonTLS servers when using the OpenSSL back-end. + Made possible by the profound research done by Gaurav Ujjwal. + ## LibVNCServer: + * Added a hooking function (`clientFramebufferUpdateRequestHook`) to deliver + rfbFramebufferUpdateRequest messages from clients to the frame producer + thanks to Jae Hyun Yoo. + * Added SetDesktopSize/ExtendedDesktopSize support thanks to Floris Bos. + * Added multi-threading support for MS Windows. + * Fixed VNC repeater/proxy functionality that was broken in 0.9.12. + * Fixed unstable WebSockets connections thanks to Sebastian Kranz. +- deleted patches + - LibVNCServer-CVE-2019-15681.patch (upstreamed) + - LibVNCServer-CVE-2019-15690.patch (upstreamed) + - LibVNCServer-CVE-2019-20788.patch (upstreamed) + - avoid-pthread_join-if-backgroundLoop-is-FALSE.patch (upstreamed) + - cmake-libdir.patch (upstreamed) + - fix-crash-on-shutdown.patch (upstreamed) + +------------------------------------------------------------------- +Mon May 4 13:48:26 UTC 2020 - pgajdos@suse.com + +- deleted patches + - LibVNCServer-CVE-2018-20749.patch (mistakenly added, it is + already part of 0.9.12) + +------------------------------------------------------------------- +Mon Apr 27 09:20:21 UTC 2020 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2019-15690 [bsc#1160471], heap buffer overflow + + LibVNCServer-CVE-2019-15690.patch + fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value + + LibVNCServer-CVE-2019-20788.patch + +------------------------------------------------------------------- +Fri Jan 10 08:24:05 UTC 2020 - Fabian Vogt + +- Add patches to fix crash on shutdown: + * avoid-pthread_join-if-backgroundLoop-is-FALSE.patch + * fix-crash-on-shutdown.patch + +------------------------------------------------------------------- +Mon Nov 4 11:29:21 UTC 2019 - pgajdos@suse.com + +- turn the test suite on + +------------------------------------------------------------------- +Mon Nov 4 10:26:34 UTC 2019 - pgajdos@suse.com + +- security update +- added patches + CVE-2019-15681 [bsc#1155419] + + LibVNCServer-CVE-2019-15681.patch + +------------------------------------------------------------------- +Wed Feb 20 15:56:14 UTC 2019 - Felix Zhang + +- Add BuildRequire libgnutls-devel: Remmina needs it for VNC + connections (boo#1123805) + +------------------------------------------------------------------- +Mon Feb 11 09:16:53 UTC 2019 - Petr Gajdos + +- use upstream commit, amend cmake-libdir.patch + +------------------------------------------------------------------- +Mon Feb 11 09:13:18 UTC 2019 - Petr Gajdos + +- fix cmake build, add cmake-libdir.patch (upstream issue #281) + +------------------------------------------------------------------- +Tue Feb 5 09:59:42 UTC 2019 - Petr Gajdos + +- update to version 0.9.12 + - Overall changes: + * CMake now is the default build system, Autotools were removed. + * In addition to TravisCI, all commits are now build-tested by AppVeyorCI. + - LibVNCServer/LibVNCClient: + * Numerous build fixes for Visual Studio compilers to the extent that + one can now _build_ the project with these. The needed changes for + successfully _running_ stuff will be implemented in 0.9.13. + * Fixed building for Android and added build instructions. + * Removed the unused PolarSSL wrapper. + * Updated the bundled noVNC to latest release 1.0.0. + * Allowed to use global LZO library instead of miniLZO. + - LibVNCClient: + * Support for OpenSSL 1.1.x. + * Support for overriding the default rectangle decode handlers (with + hardware-accelerated ones for instance) thanks to Balazs Ludmany. + * vnc2mpg updated. + * Added support for X509 server certificate verification as part of the + handshake process thanks to Simon Waterman. + * Added a TRLE decoder thanks to Wiki Wang. + * Included Tight decoding optimizations from TurboVNC thanks to DRC. + * Ported the SDL viewer from SDL 1.2 to SDL 2.0. + * Numerous security fixes. + * Added support for custom auth handlers in order to support additional + security types. + - LibVNCServer: + * Websockets rework to remove obsolete code thanks to Andreas Weigel. + * Ensured compatibility with gtk-vnc 0.7.0+ thanks to Michał Kępień. + * The built-in webserver now sends correct MIME type for Javascript. + * Numerous memory management issues fixed. + * Made the TightVNC-style file transfer more stable. +- removed patches + - LibVNCServer-CVE-2018-20021.patch (upstreamed) + - LibVNCServer-CVE-2018-20023.patch (upstreamed) + - libvncserver-0.9.10-ossl.patch (not upstreamed) + - LibVNCServer-CVE-2018-15127.patch (upstreamed) + - LibVNCServer-CVE-2018-6307.patch (upstreamed) + - LibVNCServer-CVE-2018-20019.patch (upstreamed) + - LibVNCServer-CVE-2018-7225.patch (upstreamed) + - LibVNCServer-CVE-2018-20022.patch (upstreamed) + - libvncserver-0.9.1-multilib.patch (cmake now) + - LibVNCServer-CVE-2018-15126.patch (upstreamed) + - LibVNCServer-CVE-2018-20020.patch (upstreamed) + - LibVNCServer-CVE-2018-20024.patch (upstreamed) +- removed by upstream + - libvncserver-config +- security update + * CVE-2018-20749 [bsc#1123828] + + LibVNCServer-CVE-2018-20749.patch + +------------------------------------------------------------------- +Fri Jan 11 14:10:36 UTC 2019 - adam.majer@suse.de + +- Fix devel package dependencies + +------------------------------------------------------------------- +Thu Jan 3 16:33:06 UTC 2019 - Petr Gajdos + +- security update + * CVE-2018-15126 [bsc#1120114] + + LibVNCServer-CVE-2018-15126.patch + * CVE-2018-6307 [bsc#1120115] + + LibVNCServer-CVE-2018-6307.patch + * CVE-2018-20020 [bsc#1120116] + + LibVNCServer-CVE-2018-20020.patch + * CVE-2018-15127 [bsc#1120117] + + LibVNCServer-CVE-2018-15127.patch + * CVE-2018-20019 [bsc#1120118] + + LibVNCServer-CVE-2018-20019.patch + * CVE-2018-20023 [bsc#1120119] + + LibVNCServer-CVE-2018-20023.patch + * CVE-2018-20022 [bsc#1120120] + + LibVNCServer-CVE-2018-20022.patch + * CVE-2018-20024 [bsc#1120121] + + LibVNCServer-CVE-2018-20024.patch + * CVE-2018-20021 [bsc#1120122] + + LibVNCServer-CVE-2018-20021.patch + +------------------------------------------------------------------- +Thu Jan 3 15:11:20 UTC 2019 - Petr Gajdos + +- Update to version 0.9.11 + Overall changes: + LibVNCServer/LibVNCClient development now uses continous intregration, + provided by TravisCI. + LibVNCClient: + Now initializes libgcrypt before use if the application did not do it. + Fixes a crash when connection to Mac hosts + (#45). + Various fixes that result in more stable handling of malicious or broken + servers. + Removed broken and unmaintained H264 decoding. + Some documentation fixes. + Added hooks to WriteToTLS() for optional protection by mutex. + LibVNCServer: + Stability fixes for the WebSocket implementation. + Replaced SHA1 implementation with the one from RFC 6234. + The built-in HTTP server does not allow directory traversals anymore. + The built-in HTTP now sends correct MIME types for CSS and SVG. + Added support for systemd socket activation. + Made it possible to get autoPort behavior with either ipv4 or ipv6 + disabled. + Fixed starting of an onHold-client in threaded mode. +- dropped patches: + - libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch (upstreamed) + - libvncserver-byteswap.patch (stop maintaining not upstreamed patch) +- modified patches: + % libvncserver-0.9.10-ossl.patch (refreshed) + +------------------------------------------------------------------- +Tue Mar 20 07:42:09 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2018-7225 [bsc#1081493] + + LibVNCServer-CVE-2018-7225.patch + +------------------------------------------------------------------- +Tue May 24 17:25:53 UTC 2016 - antoine.belvire@laposte.net + +- Fix build errors of applications using stl_algobase.h and + libvncserver's rfbproto.h, e.g. krfb (issue #102) + * Add libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch + +------------------------------------------------------------------- +Sun Feb 8 04:24:43 UTC 2015 - crrodriguez@opensuse.org + +- Remove xorg-x11-devel from buildRequires, X libraries + are not directly used/linked + +------------------------------------------------------------------- +Sun Feb 8 03:54:55 UTC 2015 - crrodriguez@opensuse.org + +- libvncserver-0.9.10-ossl.patch: Update, do not + RAND_load_file("/dev/urandom", 1024) if the the PRNG is already + seeded. (It always is on linux) + +------------------------------------------------------------------- +Sat Dec 13 13:50:35 UTC 2014 - p.drouand@gmail.com + +- Update to version 0.9.10 + + Moved the whole project from sourceforge to https://libvnc.github.io/. + + Cleaned out the autotools build system which now uses autoreconf. + + Updated noVNC HTML5 client to latest version. + + Split out x11vnc sources into separate repository at + https://github.com/LibVNC/x11vnc + + Split out vncterm sources into separate repository at + https://github.com/LibVNC/vncterm + + Split out VisualNaCro sources into separate repository at + https://github.com/LibVNC/VisualNaCro + + Merged Debian patches. + + Fixed some security-related buffer overflow cases. + + Added compatibility headers to make LibVNCServer/LibVNCClient + build on native Windows 8. + + Update LZO to version 2.07, fixing CVE-2014-4607. + + Merged patches from KDE/krfb. + + Can now do IPv6 without IPv4. + + Fixed a use-after-free issue in scale.c. +- Update Url and download source to new project home +- Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it + out of main tarball +- Rebase libvncserver-ossl.patch to upstream changes + > libvncserver-0.9.10-ossl.patch +- Remove linuxvnc subpackage; like x11vnc, it has been splited out + but is depreciated and unmaintained. + +------------------------------------------------------------------- +Fri Oct 3 19:51:18 UTC 2014 - olaf@aepfle.de + +- Obsolete old LibVNCServer.rpm in libvncclient0 package. The old + version included binaries, devel and runtime libs. But nothing + removes the old package, which leads to file conflicts during + upgrade if linuxvnc.rpm is not on the install media (bnc#893343) + +------------------------------------------------------------------- +Tue Jul 1 13:35:34 UTC 2014 - coolo@suse.com + +- remove old .bz2 file + +------------------------------------------------------------------- +Mon Mar 18 09:36:38 UTC 2013 - mmeister@suse.com + +- Add Url to Source section in spec file + +------------------------------------------------------------------- +Sat Jan 12 14:01:28 UTC 2013 - jengelh@inai.de + +- Follow shared library packaging guidelines +- Avoid self-obsolete tag +- Put libvncserver-config into -devel where it should belong +- Provide pkgconfig() RPM symbols + +------------------------------------------------------------------- +Tue Jan 1 19:35:08 UTC 2013 - crrodriguez@opensuse.org + +- Switch SSL backend to openssl, we all agree that OpenSSL + has it faults, but it is heavily optimized in all platforms + not only x86 and performance matters in interactive,latency + sensitive tasks like VNC. + +- libvncserver-ossl.patch Ensures openssl use less memory + and avoid abi breaks on openSSL updates. + +------------------------------------------------------------------- +Sun Dec 30 22:02:37 UTC 2012 - crrodriguez@opensuse.org + +- libvncserver-byteswap.patch : USe OS byteswapping macros + which are optimized for the target arch. + +- BuildRequire libpng-Devel + +------------------------------------------------------------------- +Tue Oct 16 12:02:12 UTC 2012 - mvyskocil@suse.com + +- delete not used LibVNCServer-0.9.9-system_minilzo.patch +- document patches +- rename redef-keysym to redef-keysym.patch + +------------------------------------------------------------------- +Wed Sep 26 21:08:14 UTC 2012 - p.drouand@gmail.com + +- Update to 0.9.9 version: + - Overall changes: + * Added noVNC HTML5 VNC viewer (http://kanaka.github.com/noVNC/) connect possibility + to our http server. Pure JavaScript, no Java plugin required anymore! (But a + recent browser...) + * Added a GTK+ VNC viewer example. + + - LibVNCServer/LibVNCClient: + * Added support to build for Google Android. + * Complete IPv6 support in both LibVNCServer and LibVNCClient. + + - LibVNCServer: + * Split two event-loop related functions out of the rfbProcessEvents() mechanism. + This is required to be able to do proper event loop integration with Qt. Idea was + taken from Vino's libvncserver fork. + * Added TightPNG (http://wiki.qemu.org/VNC_Tight_PNG) encoding support. Like the + original Tight encoding, this still uses JPEG, but ZLIB encoded rects are encoded + with PNG here. + * Added suport for serving VNC sessions through WebSockets + (http://en.wikipedia.org/wiki/WebSocket), a web technology providing for multiplexing + bi-directional, full-duplex communications channels over a single TCP connection. + * Support connections from the Mac OS X built-in VNC client to LibVNCServer + instances running with no password. + * Replaced the Tight encoder with a TurboVNC one which is tremendously faster in most + cases, especially with high-color video or 3D workloads. + (http://www.virtualgl.org/pmwiki/uploads/About/tighttoturbo.pdf) + + - LibVNCClient: + * Added support to only listen for reverse connections on a specific IP address. + * Support for using OpenSSL instead of GnuTLS. This could come in handy on embedded + devices where only this TLS implementation is available. + * Added support to connect to UltraVNC Single Click servers. +- remove upstreamed LibVNCServer-LINUX.diff +- remove upstreamed LibVNCServer-0.9.8_git201104301110-overflow.patch +- remove upstreamed LibVNCServer-system-lzo.patch +- rename and refresh dont-build-x11vnc to LibVNCServer-0.9.9-no_x11vnc.patch +- add, but not enable LibVNCServer-0.9.9-system_minilzo.patch +- add libvncserver-0.9.1-multilib.patch + +------------------------------------------------------------------- +Mon Aug 27 11:29:44 UTC 2012 - idonmez@suse.com + +- Devel package needs a dependency on gnutls-devel + +------------------------------------------------------------------- +Sat Aug 18 09:53:29 UTC 2012 - gber@opensuse.org + +- enable support for gnutls + +------------------------------------------------------------------- +Wed Nov 30 14:30:22 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Sat Sep 17 09:39:03 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Fri May 6 21:00:48 UTC 2011 - crrodriguez@opensuse.org + +- Update to version 0.9.8 latest. + * Changes too long to list here, see NEWS +- Use system lzo library + +------------------------------------------------------------------- +Fri Oct 8 14:03:58 UTC 2010 - coolo@novell.com + +- add baselibs.conf to build 32bit libs for DirectFB-32bit to use + +------------------------------------------------------------------- +Tue Apr 21 22:28:00 CEST 2009 - garloff@suse.de + +- Update to LibVNCserver-0.9.7: + * add (server-side) ZYWRLE support + * fixes (update after resizing, endianess, width != scanline) + * improve timeouts, port fallback, and connection time of the SSL + Java viewers + +------------------------------------------------------------------- +Fri Mar 6 05:32:52 CET 2009 - crrodriguez@suse.de + +- remove static libraries and "la" files + +------------------------------------------------------------------- +Mon Oct 27 15:36:23 CET 2008 - garloff@suse.de + +- fix-warn.diff: Avoid pointer > 0 comparison (bnc 435610) + +------------------------------------------------------------------- +Mon Feb 25 07:27:32 CET 2008 - crrodriguez@suse.de + +- fix library-without-ldconfig-post* errors +- devel package requires zlib-devel + +------------------------------------------------------------------- +Thu Oct 11 15:46:54 CEST 2007 - sbrabec@suse.cz + +- Use binding specific avahi package. + +------------------------------------------------------------------- +Tue Jul 17 01:16:12 CEST 2007 - garloff@suse.de + +- Split LibVNCServer into itself, -devel and x11vnc. +- Update to LibVNCserver-0.9.1. +- Drop patches that have been integrated upstream. + +------------------------------------------------------------------- +Wed Apr 11 10:40:20 CEST 2007 - stbinner@suse.de + +- fix misplaced guards in rfb.h + +------------------------------------------------------------------- +Thu Mar 15 17:14:53 MDT 2007 - ccoffing@novell.com + +- Fix incorrect usage of condition variables, which was causing + a crash during heavy updates. (#246100) + +------------------------------------------------------------------- +Fri Jul 28 19:14:22 CEST 2006 - garloff@suse.de + +- Update to version 0.8.2: + * Support for VNC protocol version 3.8. + * Many UltraVNC encodings and features added: FileTransfer, + SetSingleWindow, ServerInput, TextChat, UltraZip, etc. + * Support for PalmVNC and UltraVNC style 1/n server-side scaling. + * Improved Statistics reporting. + * KeyboardLedState encoding. + * LibVNCClient and x11vnc enhancements. + * Many bugs and leaks fixed. + * CVE-2006-2450 fix is already included, drop patch. +- Use -allinput in x11vnc_ssh script. + +------------------------------------------------------------------- +Mon Jun 19 12:59:00 CEST 2006 - garloff@suse.de + +- Update to version 0.8. +- Enable -fstack-protector for auth relevant files. +- Fix some compiler warnings. +- Disallow NoneAuth if password is set (#184418, CVE-2006-2450). + +------------------------------------------------------------------- +Fri Feb 24 22:51:21 CET 2006 - garloff@suse.de + +- Optimize event loop in LibVNCserver (from intel for Xen). + +------------------------------------------------------------------- +Wed Jan 25 21:33:41 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Dec 30 20:45:29 CET 2005 - garloff@suse.de + +- Don't enable -threads by default; it's performance is nice, but + the stability is not that great. +- Include x11vnc_ssh in distribution. + +------------------------------------------------------------------- +Thu Dec 22 18:55:29 CET 2005 - garloff@suse.de + +- Workaround for -thread mode: Wait for a client being fully + authenticated before sending data. + +------------------------------------------------------------------- +Wed Dec 21 15:27:36 CET 2005 - garloff@suse.de + +- Update to LibVNCServer-0.7.99 +- Fix compiler detected bugs (uninitialized var, buffer overflow). +- Package documentation. + +------------------------------------------------------------------- +Tue Dec 20 11:52:22 CET 2005 - ro@suse.de + +- do not try to detect LINUX by presence of /dev/vcsa1 + +------------------------------------------------------------------- +Sun Aug 21 03:27:19 CEST 2005 - garloff@suse.de + +- Initial creation of package LibVNCServer-0.7.1. + +------------------------------------------------------------------- diff --git a/LibVNCServer.spec b/LibVNCServer.spec new file mode 100644 index 0000000..2f248c6 --- /dev/null +++ b/LibVNCServer.spec @@ -0,0 +1,149 @@ +# +# spec file for package LibVNCServer +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libnum 1 +Name: LibVNCServer +Version: 0.9.14 +Release: 0 +Summary: VNC Development Library +License: GPL-2.0-or-later +Group: Development/Libraries/X11 +URL: https://github.com/LibVNC/libvncserver +# Archive is renamed by github +Source0: https://github.com/LibVNC/libvncserver/archive/%{name}-%{version}.tar.gz +Source1: baselibs.conf +#PATCH-FIX-OPENSUSE: redefine keysyms only if needed +Patch0: redef-keysym.patch +#PATCH-FEATURE-UPSTREAM TLS security type enablement patches gh#LibVNC/libvncserver!234 +Patch10: 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch +Patch11: 0002-libvncserver-Add-channel-security-handlers.patch +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: libavahi-devel +BuildRequires: libgcrypt-devel +BuildRequires: libgnutls-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: lzo-devel +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: slang-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +VNC is a set of programs using the RFB (Remote Frame Buffer) protocol. +They are designed to "export" a frame buffer via the network. It is +already in wide use for administration, but it is not that easy to +program a server yourself. This has been changed by LibVNCServer. + +X.org already has a virtual Xvnc server which you can start as an own +screen (e.g. :1) and connect to with a VNC client (e.g. vncviewer from +tightvnc). The x11vnc binary (that allows you to export the window of a +real running X11 server) has been split off into its own package on +2007-07-16. + +%package -n libvncclient%{libnum} +Summary: Library implementing a VNC client +Group: System/Libraries +Obsoletes: linuxvnc < %{version} +Conflicts: LibVNCServer < %version + +%description -n libvncclient%{libnum} +LibVNCServer/LibVNCClient are cross-platform C libraries that allow +implementing VNC server or client functionality in your program. + +%package -n libvncserver%{libnum} +Summary: Library implementing a VNC server +Group: System/Libraries + +%description -n libvncserver%{libnum} +LibVNCServer/LibVNCClient are cross-platform C libraries that allow +implementing VNC server or client functionality in your program. + +%package devel +Requires: gnutls-devel +Requires: libvncclient%{libnum} = %version +Requires: libvncserver%{libnum} = %version +Requires: zlib-devel +Summary: VNC Development Library +Group: Development/Libraries/X11 + +%description devel +VNC is a set of programs using the RFB (Remote Frame Buffer) protocol. +They are designed to "export" a frame buffer via the network. It is +already in wide use for administration, but it is not that easy to +program a server yourself. This has been changed by LibVNCServer. + +X.org already has a virtual Xvnc server which you can start as an own +screen (e.g. :1) and connect to with a VNC client (e.g. vncviewer from +tightvnc). + +The LibVNCServer-devel package contains the static libraries and header +files for LibVNCServer. + +%prep +%setup -q -n libvncserver-%{name}-%{version} +%autopatch -p1 + +# fix encoding +for file in ChangeLog ; do +mv ${file} ${file}.OLD && \ +iconv -f ISO_8859-1 -t UTF8 ${file}.OLD > ${file} && \ +touch --reference ${file}.OLD $file +done + +%build +%cmake +make %{?_smp_mflags} + +%check +pushd build +export LD_LIBRARY_PATH="$(pwd)" +make test + +%install +%cmake_install + +%post -n libvncclient%{libnum} -p /sbin/ldconfig +%postun -n libvncclient%{libnum} -p /sbin/ldconfig +%post -n libvncserver%{libnum} -p /sbin/ldconfig +%postun -n libvncserver%{libnum} -p /sbin/ldconfig + +%files -n libvncserver%{libnum} +%defattr(-,root,root) +%doc COPYING README.md +%_libdir/libvncserver.so.%{version} +%_libdir/libvncserver.so.%{libnum}* + +%files -n libvncclient%{libnum} +%defattr(-,root,root) +%doc COPYING README.md +%_libdir/libvncclient.so.%{version} +%_libdir/libvncclient.so.%{libnum}* + +%files devel +%defattr(-,root,root) +%doc AUTHORS COPYING ChangeLog NEWS.md README.md +%{_includedir}/rfb/* +%dir /usr/include/rfb +%{_libdir}/libvncclient.so +%{_libdir}/libvncserver.so +%{_libdir}/pkgconfig/*.pc +%{_libdir}/cmake/LibVNCServer + +%changelog diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..233b456 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +LibVNCServer diff --git a/redef-keysym.patch b/redef-keysym.patch new file mode 100644 index 0000000..8e2dd2c --- /dev/null +++ b/redef-keysym.patch @@ -0,0 +1,244 @@ +Index: LibVNCServer-0.8.2/rfb/keysym.h +=================================================================== +--- LibVNCServer-0.8.2.orig/rfb/keysym.h ++++ LibVNCServer-0.8.2/rfb/keysym.h +@@ -50,15 +50,29 @@ SOFTWARE. + + ******************************************************************/ + + /* default keysyms */ +-#define XK_MISCELLANY +-#define XK_XKB_KEYS +-#define XK_LATIN1 +-#define XK_LATIN2 +-#define XK_LATIN3 +-#define XK_LATIN4 +-#define XK_GREEK ++#ifndef XK_MISCELLANY ++# define _XK_MISCELLANY ++#endif ++#ifndef XK_XKB_KEYS ++# define _XK_XKB_KEYS ++#endif ++#ifndef XK_LATIN1 ++# define _XK_LATIN1 ++#endif ++#ifndef XK_LATIN2 ++# define _XK_LATIN2 ++#endif ++#ifndef XK_LATIN3 ++# define _XK_LATIN3 ++#endif ++#ifndef XK_LATIN4 ++# define _XK_LATIN4 ++#endif ++#ifndef XK_GREEK ++# define _XK_GREEK ++#endif + + /* $TOG: keysymdef.h /main/25 1997/06/21 10:54:51 kaleb $ */ + + /*********************************************************** +@@ -110,11 +124,13 @@ ARISING OUT OF OR IN CONNECTION WITH THE + SOFTWARE. + + ******************************************************************/ + +-#define XK_VoidSymbol 0xFFFFFF /* void symbol */ ++#ifndef XK_VoidSymbol ++# define XK_VoidSymbol 0xFFFFFF /* void symbol */ ++#endif + +-#ifdef XK_MISCELLANY ++#ifdef _XK_MISCELLANY + /* + * TTY Functions, cleverly chosen to map to ascii, for convenience of + * programming, but could have been arbitrary (at the cost of lookup + * tables in client code. +@@ -330,9 +346,9 @@ SOFTWARE. + * ISO 9995 Function and Modifier Keys + * Byte 3 = 0xFE + */ + +-#ifdef XK_XKB_KEYS ++#ifdef _XK_XKB_KEYS + #define XK_ISO_Lock 0xFE01 + #define XK_ISO_Level2_Latch 0xFE02 + #define XK_ISO_Level3_Shift 0xFE03 + #define XK_ISO_Level3_Latch 0xFE04 +@@ -445,9 +461,9 @@ SOFTWARE. + * 3270 Terminal Keys + * Byte 3 = 0xFD + */ + +-#ifdef XK_3270 ++#ifdef _XK_3270 + #define XK_3270_Duplicate 0xFD01 + #define XK_3270_FieldMark 0xFD02 + #define XK_3270_Right2 0xFD03 + #define XK_3270_Left2 0xFD04 +@@ -482,9 +498,9 @@ SOFTWARE. + /* + * Latin 1 + * Byte 3 = 0 + */ +-#ifdef XK_LATIN1 ++#ifdef _XK_LATIN1 + #define XK_space 0x020 + #define XK_exclam 0x021 + #define XK_quotedbl 0x022 + #define XK_numbersign 0x023 +@@ -686,9 +702,9 @@ SOFTWARE. + * Latin 2 + * Byte 3 = 1 + */ + +-#ifdef XK_LATIN2 ++#ifdef _XK_LATIN2 + #define XK_Aogonek 0x1a1 + #define XK_breve 0x1a2 + #define XK_Lstroke 0x1a3 + #define XK_Lcaron 0x1a5 +@@ -751,9 +767,9 @@ SOFTWARE. + * Latin 3 + * Byte 3 = 2 + */ + +-#ifdef XK_LATIN3 ++#ifdef _XK_LATIN3 + #define XK_Hstroke 0x2a1 + #define XK_Hcircumflex 0x2a6 + #define XK_Iabovedot 0x2a9 + #define XK_Gbreve 0x2ab +@@ -782,9 +798,9 @@ SOFTWARE. + * Latin 4 + * Byte 3 = 3 + */ + +-#ifdef XK_LATIN4 ++#ifdef _XK_LATIN4 + #define XK_kra 0x3a2 + #define XK_kappa 0x3a2 /* deprecated */ + #define XK_Rcedilla 0x3a3 + #define XK_Itilde 0x3a5 +@@ -826,9 +842,9 @@ SOFTWARE. + * Katakana + * Byte 3 = 4 + */ + +-#ifdef XK_KATAKANA ++#ifdef _XK_KATAKANA + #define XK_overline 0x47e + #define XK_kana_fullstop 0x4a1 + #define XK_kana_openingbracket 0x4a2 + #define XK_kana_closingbracket 0x4a3 +@@ -904,9 +920,9 @@ SOFTWARE. + * Arabic + * Byte 3 = 5 + */ + +-#ifdef XK_ARABIC ++#ifdef _XK_ARABIC + #define XK_Arabic_comma 0x5ac + #define XK_Arabic_semicolon 0x5bb + #define XK_Arabic_question_mark 0x5bf + #define XK_Arabic_hamza 0x5c1 +@@ -961,9 +977,9 @@ SOFTWARE. + /* + * Cyrillic + * Byte 3 = 6 + */ +-#ifdef XK_CYRILLIC ++#ifdef _XK_CYRILLIC + #define XK_Serbian_dje 0x6a1 + #define XK_Macedonia_gje 0x6a2 + #define XK_Cyrillic_io 0x6a3 + #define XK_Ukrainian_ie 0x6a4 +@@ -1076,9 +1092,9 @@ SOFTWARE. + * Greek + * Byte 3 = 7 + */ + +-#ifdef XK_GREEK ++#ifdef _XK_GREEK + #define XK_Greek_ALPHAaccent 0x7a1 + #define XK_Greek_EPSILONaccent 0x7a2 + #define XK_Greek_ETAaccent 0x7a3 + #define XK_Greek_IOTAaccent 0x7a4 +@@ -1158,9 +1174,9 @@ SOFTWARE. + * Technical + * Byte 3 = 8 + */ + +-#ifdef XK_TECHNICAL ++#ifdef _XK_TECHNICAL + #define XK_leftradical 0x8a1 + #define XK_topleftradical 0x8a2 + #define XK_horizconnector 0x8a3 + #define XK_topintegral 0x8a4 +@@ -1215,9 +1231,9 @@ SOFTWARE. + * Special + * Byte 3 = 9 + */ + +-#ifdef XK_SPECIAL ++#ifdef _XK_SPECIAL + #define XK_blank 0x9df + #define XK_soliddiamond 0x9e0 + #define XK_checkerboard 0x9e1 + #define XK_ht 0x9e2 +@@ -1247,9 +1263,9 @@ SOFTWARE. + * Publishing + * Byte 3 = a + */ + +-#ifdef XK_PUBLISHING ++#ifdef _XK_PUBLISHING + #define XK_emspace 0xaa1 + #define XK_enspace 0xaa2 + #define XK_em3space 0xaa3 + #define XK_em4space 0xaa4 +@@ -1338,9 +1354,9 @@ SOFTWARE. + * APL + * Byte 3 = b + */ + +-#ifdef XK_APL ++#ifdef _XK_APL + #define XK_leftcaret 0xba3 + #define XK_rightcaret 0xba6 + #define XK_downcaret 0xba8 + #define XK_upcaret 0xba9 +@@ -1365,9 +1381,9 @@ SOFTWARE. + * Hebrew + * Byte 3 = c + */ + +-#ifdef XK_HEBREW ++#ifdef _XK_HEBREW + #define XK_hebrew_doublelowline 0xcdf + #define XK_hebrew_aleph 0xce0 + #define XK_hebrew_bet 0xce1 + #define XK_hebrew_beth 0xce1 /* deprecated */ +@@ -1413,9 +1429,9 @@ SOFTWARE. + * Thai + * Byte 3 = d + */ + +-#ifdef XK_THAI ++#ifdef _XK_THAI + #define XK_Thai_kokai 0xda1 + #define XK_Thai_khokhai 0xda2 + #define XK_Thai_khokhuat 0xda3 + #define XK_Thai_khokhwai 0xda4 +@@ -1505,9 +1521,9 @@ SOFTWARE. + * Korean + * Byte 3 = e + */ + +-#ifdef XK_KOREAN ++#ifdef _XK_KOREAN + + #define XK_Hangul 0xff31 /* Hangul start/stop(toggle) */ + #define XK_Hangul_Start 0xff32 /* Hangul start */ + #define XK_Hangul_End 0xff33 /* Hangul end, English start */