From b2a9114658143348020f91b6f74c738b954de8118f75141e62e9265260cc0659 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Sat, 4 May 2024 01:24:02 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main tigervnc revision 512ce1739bf3a9fcc2ed6b8c86ceaa46 --- .gitattributes | 23 + 10-libvnc.conf | 18 + index.vnc | 21 + n_correct_path_in_desktop_file.patch | 17 + n_dont_sign_java_client.patch | 30 + n_tigervnc-date-time.patch | 88 ++ n_vncserver.patch | 19 + tigervnc-1.13.1.tar.gz | 3 + tigervnc-https.firewalld | 7 + tigervnc.changes | 1157 ++++++++++++++++++ tigervnc.firewalld | 7 + tigervnc.spec | 558 +++++++++ u_build_libXvnc_as_separate_library.patch | 38 + u_change-button-layout-in-ServerDialog.patch | 32 + u_tigervnc-add-autoaccept-parameter.patch | 49 + u_tigervnc-ignore-epipe-on-write.patch | 26 + vnc-httpd.susefirewall | 4 + vnc-server.susefirewall | 4 + vnc.pam | 5 + vnc.reg | 42 + vnc.sysusers | 3 + vncpasswd.arg | 10 + with-vnc-key.sh | 35 + x11vnc | 194 +++ xvnc-novnc.service.in | 10 + xvnc-novnc.socket | 9 + xvnc.socket | 11 + xvnc.target | 2 + xvnc@.service.in | 9 + 29 files changed, 2431 insertions(+) create mode 100644 .gitattributes create mode 100644 10-libvnc.conf create mode 100644 index.vnc create mode 100644 n_correct_path_in_desktop_file.patch create mode 100644 n_dont_sign_java_client.patch create mode 100644 n_tigervnc-date-time.patch create mode 100644 n_vncserver.patch create mode 100644 tigervnc-1.13.1.tar.gz create mode 100644 tigervnc-https.firewalld create mode 100644 tigervnc.changes create mode 100644 tigervnc.firewalld create mode 100644 tigervnc.spec create mode 100644 u_build_libXvnc_as_separate_library.patch create mode 100644 u_change-button-layout-in-ServerDialog.patch create mode 100644 u_tigervnc-add-autoaccept-parameter.patch create mode 100644 u_tigervnc-ignore-epipe-on-write.patch create mode 100644 vnc-httpd.susefirewall create mode 100644 vnc-server.susefirewall create mode 100644 vnc.pam create mode 100644 vnc.reg create mode 100644 vnc.sysusers create mode 100644 vncpasswd.arg create mode 100644 with-vnc-key.sh create mode 100644 x11vnc create mode 100644 xvnc-novnc.service.in create mode 100644 xvnc-novnc.socket create mode 100644 xvnc.socket create mode 100644 xvnc.target create mode 100644 xvnc@.service.in diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/10-libvnc.conf b/10-libvnc.conf new file mode 100644 index 0000000..c05c969 --- /dev/null +++ b/10-libvnc.conf @@ -0,0 +1,18 @@ +# This file contains configuration of libvnc.so module +# +# To get libvnc.so module working, do this: +# 1. run "vncpasswd" as root user +# 2. uncomment configuration lines below +# +# Please note you can specify any option which Xvnc accepts. +# Refer to `Xvnc -help` output for detailed list of options. + +#Section "Module" +# Load "vnc" +#EndSection + +#Section "Screen" +# Identifier "Screen0" +# Option "SecurityTypes" "VncAuth" +# Option "PasswordFile" "/root/.vnc/passwd" +#EndSection diff --git a/index.vnc b/index.vnc new file mode 100644 index 0000000..07cacb3 --- /dev/null +++ b/index.vnc @@ -0,0 +1,21 @@ + + + + +$USER's $DESKTOP desktop ($DISPLAY) + + + + + + +
+TigerVNC site + diff --git a/n_correct_path_in_desktop_file.patch b/n_correct_path_in_desktop_file.patch new file mode 100644 index 0000000..93aa80c --- /dev/null +++ b/n_correct_path_in_desktop_file.patch @@ -0,0 +1,17 @@ +Our /usr/bin/vncviewer is symlink to alternatives. This desktop file is named +specifically "TigerVNC Viewer", so lets start /usr/bin/vncviewer-tigervnc, no +matter what the currently selected alternative is. + +Index: tigervnc-1.9.0/vncviewer/vncviewer.desktop.in.in +=================================================================== +--- tigervnc-1.9.0.orig/vncviewer/vncviewer.desktop.in.in ++++ tigervnc-1.9.0/vncviewer/vncviewer.desktop.in.in +@@ -2,7 +2,7 @@ + Name=TigerVNC Viewer + GenericName=Remote Desktop Viewer + Comment=Connect to VNC server and display remote desktop +-Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer ++Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer-tigervnc + Icon=tigervnc + Terminal=false + Type=Application diff --git a/n_dont_sign_java_client.patch b/n_dont_sign_java_client.patch new file mode 100644 index 0000000..0adbddf --- /dev/null +++ b/n_dont_sign_java_client.patch @@ -0,0 +1,30 @@ +References: bsc#1208478 +Author: Joan Torres +Subject: Don't sign the Java client + +This avoids the addition of a signed file in the jar with a timestamp. +The signing was necessary for accessing the system clipboard +when the Java client runs as an applet. +(This shouldn't harm due to the deprecation of Java applets +was done in version 9). +Index: java/CMakeLists.txt +=================================================================== +--- java/CMakeLists.txt.orig ++++ java/CMakeLists.txt +@@ -154,15 +154,6 @@ add_custom_command(OUTPUT VncViewer.jar + com/jcraft/jsch/jce/*.class + com/jcraft/jsch/*.class + com/tigervnc/vncviewer/*.png +- com/tigervnc/vncviewer/tigervnc.ico +- COMMAND ${CMAKE_COMMAND} +- ARGS -DJava_PATH=${Java_PATH} -DJAR_FILE=${BINDIR}/VncViewer.jar +- -DJAVA_KEYSTORE=${JAVA_KEYSTORE} +- -DJAVA_KEYSTORE_TYPE=${JAVA_KEYSTORE_TYPE} +- -DJAVA_STOREPASS=${JAVA_STOREPASS} +- -DJAVA_KEYPASS=${JAVA_KEYPASS} +- -DJAVA_KEY_ALIAS=${JAVA_KEY_ALIAS} +- -DJAVA_TSA_URL=${JAVA_TSA_URL} +- -P ${SRCDIR}/cmake/SignJar.cmake) ++ com/tigervnc/vncviewer/tigervnc.ico) + + add_custom_target(java ALL DEPENDS VncViewer.jar) diff --git a/n_tigervnc-date-time.patch b/n_tigervnc-date-time.patch new file mode 100644 index 0000000..e9476f3 --- /dev/null +++ b/n_tigervnc-date-time.patch @@ -0,0 +1,88 @@ +Index: tigervnc-1.13.1/unix/xserver/hw/vnc/buildtime.c +=================================================================== +--- tigervnc-1.13.1.orig/unix/xserver/hw/vnc/buildtime.c ++++ tigervnc-1.13.1/unix/xserver/hw/vnc/buildtime.c +@@ -15,4 +15,4 @@ + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +-char buildtime[] = __DATE__ " " __TIME__; ++char buildtime[] = "??? ?? ???? ??:??:??"; +Index: tigervnc-1.13.1/unix/vncconfig/buildtime.c +=================================================================== +--- tigervnc-1.13.1.orig/unix/vncconfig/buildtime.c ++++ tigervnc-1.13.1/unix/vncconfig/buildtime.c +@@ -15,4 +15,4 @@ + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +-char buildtime[] = __DATE__ " " __TIME__; ++char buildtime[] = "??? ?? ???? ??:??:??"; +Index: tigervnc-1.13.1/unix/x0vncserver/buildtime.c +=================================================================== +--- tigervnc-1.13.1.orig/unix/x0vncserver/buildtime.c ++++ tigervnc-1.13.1/unix/x0vncserver/buildtime.c +@@ -15,4 +15,4 @@ + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +-char buildtime[] = __DATE__ " " __TIME__; ++char buildtime[] = "??? ?? ???? ??:??:??"; +Index: tigervnc-1.13.1/win/winvnc/buildTime.cxx +=================================================================== +--- tigervnc-1.13.1.orig/win/winvnc/buildTime.cxx ++++ tigervnc-1.13.1/win/winvnc/buildTime.cxx +@@ -15,4 +15,4 @@ + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ +-const char* buildTime = "Built on " __DATE__ " at " __TIME__; ++const char* buildTime = "Built on ??? ?? ???? at ??:??:??"; +Index: tigervnc-1.13.1/CMakeLists.txt +=================================================================== +--- tigervnc-1.13.1.orig/CMakeLists.txt ++++ tigervnc-1.13.1/CMakeLists.txt +@@ -40,10 +40,6 @@ if(MSVC) + message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW") + endif() + +-if(NOT BUILD_TIMESTAMP) +- STRING(TIMESTAMP BUILD_TIMESTAMP "%Y-%m-%d %H:%M" UTC) +-endif() +- + # Default to optimised builds instead of debug ones. Our code has no bugs ;) + # (CMake makes it fairly easy to toggle this back to Debug if needed) + if(NOT CMAKE_BUILD_TYPE) +Index: tigervnc-1.13.1/vncviewer/vncviewer.cxx +=================================================================== +--- tigervnc-1.13.1.orig/vncviewer/vncviewer.cxx ++++ tigervnc-1.13.1/vncviewer/vncviewer.cxx +@@ -105,10 +105,9 @@ static const char *about_text() + // time. + snprintf(buffer, sizeof(buffer), + _("TigerVNC Viewer v%s\n" +- "Built on: %s\n" + "Copyright (C) 1999-%d TigerVNC Team and many others (see README.rst)\n" + "See https://www.tigervnc.org for information on TigerVNC."), +- PACKAGE_VERSION, BUILD_TIMESTAMP, 2022); ++ PACKAGE_VERSION, 2022); + + return buffer; + } +Index: tigervnc-1.13.1/java/CMakeLists.txt +=================================================================== +--- tigervnc-1.13.1.orig/java/CMakeLists.txt ++++ tigervnc-1.13.1/java/CMakeLists.txt +@@ -22,12 +22,6 @@ set(JAVA_STOREPASS NOTFOUND CACHE STRING + set(JAVA_KEYPASS NOTFOUND CACHE STRING "Password used to protect the private key of the specified keystore entry") + set(JAVA_TSA_URL NOTFOUND CACHE STRING "URL of Time Stamping Authority (TSA)") + +-if(NOT BUILD) +- STRING(TIMESTAMP BUILD "%Y%m%d" UTC) +-endif() +-STRING(TIMESTAMP JAVA_DATE "%Y-%m-%d" UTC) +-STRING(TIMESTAMP JAVA_TIME "%H:%M:%S" UTC) +- + set(JAVA_SOURCES "") + set(JAVA_CLASSES "") + diff --git a/n_vncserver.patch b/n_vncserver.patch new file mode 100644 index 0000000..2ac642b --- /dev/null +++ b/n_vncserver.patch @@ -0,0 +1,19 @@ +Index: unix/vncserver/vncserver.in +=================================================================== +--- unix/vncserver/vncserver.in.orig ++++ unix/vncserver/vncserver.in +@@ -1,4 +1,4 @@ +-#!/usr/bin/env perl ++#!/usr/bin/perl + # + # Copyright (C) 2015-2019 Pierre Ossman for Cendio AB + # Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved. +@@ -439,7 +439,7 @@ sub SanityCheck + die "$prog: couldn't find \"$cmd\" on your PATH.\n"; + } + +- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") { ++ foreach $cmd ("/usr/etc/X11/xdm/Xsession", "/etc/X11/xdm/Xsession", "/etc/X11/xinit/Xsession", "/etc/X11/Xsession") { + if (-x "$cmd") { + $Xsession = $cmd; + last; diff --git a/tigervnc-1.13.1.tar.gz b/tigervnc-1.13.1.tar.gz new file mode 100644 index 0000000..646d8cc --- /dev/null +++ b/tigervnc-1.13.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25 +size 1989081 diff --git a/tigervnc-https.firewalld b/tigervnc-https.firewalld new file mode 100644 index 0000000..253fe79 --- /dev/null +++ b/tigervnc-https.firewalld @@ -0,0 +1,7 @@ + + + VNC over HTTPS + The xvnc-novnc servers a web-based VNC viewer over HTTPS. Allows accessing VNC using any modern browser. It displays VNC display :1. + + + diff --git a/tigervnc.changes b/tigervnc.changes new file mode 100644 index 0000000..3d8841a --- /dev/null +++ b/tigervnc.changes @@ -0,0 +1,1157 @@ +------------------------------------------------------------------- +Mon Feb 19 12:49:39 UTC 2024 - Stefan Dirsch + +- buildrequire xorg-x11-server-source/-sdk >= 21.1.11 and trigger + rebuild with newer xorg-x11-server-source package (bsc#1219311, + bsc#1219205) + +------------------------------------------------------------------- +Tue Nov 21 15:10:39 UTC 2023 - Joan Torres + +- introduced n_dont_sign_java_client.patch and changed + n_tigervnc-date-time.patch to allow the build to be reproducible + (bsc#1208478): + * Dont sign the Java client so the jar file won't contain a + signed file with a variable timestamp. + * The signing was necessary for accessing the system clipboard + when the Java client runs as an applet. + (This shouldn't harm due to the deprecation of Java applets + was done in version 9). + +------------------------------------------------------------------- +Fri Apr 14 07:30:42 UTC 2023 - Joan Torres + +- xorg-x11-Xvnc requires dbus-1-x11 (bsc#1207730) + +------------------------------------------------------------------- +Mon Apr 3 08:57:25 UTC 2023 - Joan Torres + +- Fixes for bsc#1209283 + * Drop chown vnc:vnc calls in with-vnc-key.sh + * Add TLSNone to -securitytypes to increase security in xvnc@.service + +------------------------------------------------------------------- +Sun Mar 19 09:33:05 UTC 2023 - Dirk Müller + +- update to 1.13.1: + * x0vncserver can either crash itself, or crash the X server + it is connected to + * The servers might crash if the clipboard is updated just as + a client is connected + * The vncserver service can fail to start on SELinux system + if ~/.vnc doesn't exist + +------------------------------------------------------------------- +Wed Feb 15 16:41:57 UTC 2023 - Joan Torres + +- A little cleanup of specfile + +------------------------------------------------------------------- +Wed Feb 15 15:01:13 UTC 2023 - Joan Torres + +- Update to tigervnc 1.13.0 + * The servers and native viewer now support RealVNC's RSA-AES authentication methods and encryption + * The native viewer is now translated to Romanian and Georgian + * The native viewer now (optionally) supports PiKVM's H.264 encoding + * The display settings for the native viewer have been overhauled to make them easier to understand + * The native viewer now supports adding exceptions for expired certificates + * Resolved an issue where full-screen mode didn't work in the native viewer on macOS 13 + * Lock key synchronization has been re-enabled in the native viewer after being accidentally disabled in 1.11.0 + * Xvnc/libvnc.so can now be built with Xorg 1.21 + * x0vncserver is a bit better at handling differing server and client keyboard layout + * x0vncserver now correctly handles zaphod mode +- Removed patches (no longer needed): + * tigervnc-newfbsize.patch (https://github.com/TigerVNC/tigervnc/pull/13) + * n_utilize-system-crypto-policies.patch (https://github.com/TigerVNC/tigervnc/pull/1262) + * xserver211.patch & u_tigervnc-211.patch (https://github.com/TigerVNC/tigervnc/pull/1383) +- Refreshed patches: + * n_tigervnc-date-time.patch + * n_vncserver.patch + * u_change-button-layout-in-ServerDialog.patch + +------------------------------------------------------------------- +Wed Jan 4 09:32:50 UTC 2023 - Stefan Schubert + +- Migration of PAM settings to /usr/lib/pam.d. + +------------------------------------------------------------------- +Mon Nov 7 14:58:46 UTC 2022 - Stefan Dirsch + +- Release 1.12.0 covers bugfixes for bsc#1197119,bsc#1199477 + +------------------------------------------------------------------- +Mon Nov 7 10:10:03 UTC 2022 - Stefan Dirsch + +- Release 1.12.0 supersedes the following patches still used with + tigervnc 1.10.1 on sle15-sp4/Leap 15.4: + * U_0003-Update-Surface_X11.cxx.patch + * U_Handle-pending-data-in-TLS-buffers.patch + +------------------------------------------------------------------- +Tue Aug 9 12:17:29 UTC 2022 - Thorsten Kukuk + +- Use %_pam_vendordir + +------------------------------------------------------------------- +Thu Apr 28 21:10:19 UTC 2022 - Dirk Müller + +- fix homepage url +- move license to licensedir +- a few of the trivial spec-cleaner cleanups + +------------------------------------------------------------------- +Fri Apr 15 00:35:02 UTC 2022 - Cristian Rodríguez + +- nasm is not needed for build, remove from buildrequires + +------------------------------------------------------------------- +Wed Mar 2 13:23:00 UTC 2022 - Stefan Dirsch + +- x11vnc: no longer explicitely require python3, since it's already + required implicitely via autogenerated RPM requires + +------------------------------------------------------------------- +Wed Mar 2 08:12:41 UTC 2022 - Joan Torres + +- x11vnc requires python3 (bsc#1196623) + +------------------------------------------------------------------- +Mon Feb 21 16:18:49 UTC 2022 - Joan Torres + +- Remove patch: tigervnc-clean-pressed-key-on-exit.patch + * fixed bsc#670448 wich can no longer be reproduced + * removing the patch fixes bsc#1196214 + * related: https://github.com/TigerVNC/tigervnc/pull/14 + +------------------------------------------------------------------- +Thu Feb 17 14:14:13 UTC 2022 - Stefan Dirsch + +- n_vncserver.patch + * fix location of Xsession script +- vncserver usage has radically changed; please check this: + https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/HOWTO.md + +------------------------------------------------------------------- +Thu Feb 17 09:22:52 UTC 2022 - Joan Torres + +- Update to tigervnc 1.12.0 + * The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed + * Recent server history in the native viewer + * The native viewer now has an option to reconnect if the connection is dropped + * Translations are now enabled on Windows and macOS for the native viewer + * The native viewer now respects the system security policy + * Better handling of accented keys in the Java viewer + * The Unix servers can now listen to both a Unix socket and a TCP port at the same time + * The network code in both the servers and the native viewer has been restructured to give a more responsive experience + * The vncserver service now correctly handles settings set to "0" + * Fixed the clipboard Unicode handling in both the native viewer and the servers + * Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games +- Update to tigervnc 1.11.0 + * A security issue has been fixed in how the viewers handle TLS certificate exceptions + * vncserver has gotten a major redesign to be compatible with modern distributions + * The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel) + * Middle mouse button emulation in the native viewer, for devices with only two mouse buttons + * The Java viewer now supports Java 9+, but also now requires Java 8+ + * Support for alpha cursors in the Java viewer (a feature already supported in the native viewer) + * The password and username can now be specified via the environment for the native viewer + * Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16 + * The official builds have been fixed to work on the upcoming macOS 11 + * The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy +- Removed patches (included in 1.12.0): + * U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch + * tigervnc-fix-saving-of-bad-server-certs.patch + * u_xorg-server-1.20.7-ddxInputThreadInit.patch + * U_0001-Properly-store-certificate-exceptions.patch + * U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch + * tigervnc-FIPS-use-RFC7919.patch + * u_Fix-non-functional-MaxDisconnectionTime.patch +- Removed patches (no longer needed): + * u_tigervnc-cve-2014-8240.patch (https://github.com/TigerVNC/tigervnc/pull/1258) + * u_tigervnc_update_default_vncxstartup.patch +- Refreshed patches: + * n_correct_path_in_desktop_file.patch + * n_tigervnc-date-time.patch + * n_utilize-system-crypto-policies.patch + * tigervnc-clean-pressed-key-on-exit.patch + * tigervnc-newfbsize.patch + * u_build_libXvnc_as_separate_library.patch + * u_change-button-layout-in-ServerDialog.patch + * u_tigervnc-add-autoaccept-parameter.patch + * u_tigervnc-211.patch + +------------------------------------------------------------------- +Thu Feb 10 12:17:07 UTC 2022 - Joan Torres + +- u_Fix-non-functional-MaxDisconnectionTime.patch + * Backport patch that fixes issue with MaxDisconnetionTime + (bsc#1195661). + +------------------------------------------------------------------- +Mon Nov 15 17:22:13 UTC 2021 - Stefan Dirsch + +- Use a template xvnc@.service.in to dynamically adjust xvnc@.service + during installation to cater for the correct libexecdir value. This + fixes wrong path for with-vnc-key.sh on sle15-sp4 (bsc#1192713) + +------------------------------------------------------------------- +Fri Oct 29 16:57:10 UTC 2021 - Stefan Dirsch + +- buildrequire xorg-x11-server-sdk/xorg-x11-server-source >= 21.1.0 + +------------------------------------------------------------------- +Thu Oct 28 13:05:33 UTC 2021 - Callum Farmer + +- Change to systemd-sysusers + +------------------------------------------------------------------- +Thu Oct 28 12:03:58 UTC 2021 - Stefan Dirsch + +- u_tigervnc-211.patch, xserver211.patch + * fixes build against xorg-server 21.1 sources + +------------------------------------------------------------------- +Thu Oct 21 10:16:38 UTC 2021 - Joan Torres + +- Not using System crypto policies for <= sle15-sp3 (boo#1191394) + +------------------------------------------------------------------- +Tue Sep 28 10:58:00 UTC 2021 - Stefan Dirsch + +- contains fix for crash in free() when using "-f" option of + vncpasswd command (bsc#1171519) + +------------------------------------------------------------------- +Mon Sep 27 12:51:25 UTC 2021 - Stefan Dirsch + +- covers SLE/SLE-18630 + +------------------------------------------------------------------- +Mon Aug 23 13:49:20 UTC 2021 - Jan Engelhardt + +- Remove --with-pic which has no effect with --disable-static. +- Remove old specfile constructs. +- Drop %if..%endif guards around %package; these do not affect + the build result. +- Combine %service_* calls to reduce generated boilerplate. + +------------------------------------------------------------------- +Mon Aug 2 15:21:39 UTC 2021 - Stefan Dirsch + +- no longer require libXfont(1) + +------------------------------------------------------------------- +Sat Jun 19 00:07:23 UTC 2021 - Jason Sikes + +- Specify RFC7919 parameters for GnuTLS versions older than 3.6.0. + * Modified tigervnc-FIPS-use-RFC7919.patch + * https://github.com/TigerVNC/tigervnc/pull/1273 + +------------------------------------------------------------------- +Mon Jun 7 01:47:07 UTC 2021 - Jason Sikes + +- Enable GnuTLS to use Diffie-Hellman parameters from RFC7919 + instead of generating our own. + * bsc#1179809 + * tigervnc-FIPS-use-RFC7919.patch + * DH parameter generation was depricated in GnuTLS 3.6.0. + +------------------------------------------------------------------- +Mon May 3 09:19:17 UTC 2021 - Dominique Leuenberger + +- Do not carry two variants of the same servcice file, but rather + bring a template which we dynamically adjust during installation + to cater for the correct libexecdir value. + + Replace xvnc-novnc-libexec.service and xvnc-novnc-lib.service + with xvnc-novnc.service.in. + +------------------------------------------------------------------- +Mon May 3 08:54:23 UTC 2021 - Stefan Dirsch + +- package both xvnc-novnc-libexec.service and xvnc-novnc-lib.service + source files + +------------------------------------------------------------------- +Tue Apr 27 13:41:26 UTC 2021 - Scott Bradnick + +- Adjusting suse_version check from '> 1500' to '>= 1550' per request. + +------------------------------------------------------------------- +Fri Apr 23 14:26:45 UTC 2021 - Scott Bradnick + +- Adding if statement to control libexec (Tumbleweed +) vs lib based + 'Source#' file for 'xvnc-novnc.service'. + +------------------------------------------------------------------- +Thu Apr 22 18:30:29 UTC 2021 - Scott Bradnick + +- 'xvnc-novnc.service' requires '/usr/libexec/vnc/with-vnc-key.sh' + vs '/usr/lib/vnc/with-vnc-key.sh' for ExecStart to work correctly. + +------------------------------------------------------------------- +Fri Mar 5 14:46:02 UTC 2021 - Pedro Monreal + +- Use the system crypto-policies [bsc#1183082] +- Add n_utilize-system-crypto-policies.patch + +------------------------------------------------------------------- +Mon Dec 7 12:01:22 UTC 2020 - Stefan Dirsch + +- x11vnc wrapper script: converted to python3 (boo#1179592) + +------------------------------------------------------------------- +Wed Nov 25 16:28:09 UTC 2020 - Stefan Dirsch + +- u_tigervnc_update_default_vncxstartup.patch + * check first for /usr/libexec/xinit/xinitrc, then + /etc/X11/xinit/xinitrc (reported by aschnell @SUSE) + +------------------------------------------------------------------- +Thu Nov 19 13:43:27 UTC 2020 - Stefan Dirsch + +- xvnc@.service: fixed path for %libexecdir (boo#1178601) + +------------------------------------------------------------------- +Fri Sep 25 10:38:58 UTC 2020 - Stefan Dirsch + +- CVE-2020-26117: Server certificates were stored as certiticate + authoritied, allowing malicious owners of these certificates + to impersonate any server after a client had added an exception + (boo#1176733) + U_0001-Properly-store-certificate-exceptions.patch, + U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch +- adjusted u_tigervnc-add-autoaccept-parameter.patch + +------------------------------------------------------------------- +Wed Sep 16 10:01:17 UTC 2020 - Stefan Dirsch + +- vnserver: fix startup of Plasma desktop (boo#1176571) + +------------------------------------------------------------------- +Wed Aug 19 09:51:43 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) +- Spec file cleanups + +------------------------------------------------------------------- +Wed Jul 1 10:19:18 UTC 2020 - Stefan Dirsch + +- moved vnc snippet to /usr/share/X11/xorg.conf.d (boo#1173045) +- package SLP sample config vnc.reg only as %doc (boo#1173045) +- moved vnc pam config to /etc/usr/pam.d (boo#1173045) + +------------------------------------------------------------------- +Mon Apr 13 18:20:43 UTC 2020 - Lorenzo Paulatto + +- TigerVNC 1.10.1: + Added libXdamage-devel and libXrandr-devel to the BuildRequisites, + to build x0vncserver with DAMAGE, RANDR and XTEXT support + +------------------------------------------------------------------- +Fri Apr 10 10:33:53 UTC 2020 - Andreas Stieger + +- TigerVNC 1.10.1: + Previously patched security fixes now in upstream release: + CVE-2019-15691, bsc#1159856 + CVE-2019-15692, bsc#1160250 + CVE-2019-15693, bsc#1159858 + CVE-2019-15694, bsc#1160251 + CVE-2019-15695, bsc#1159860 + dropping the following patches: + * 0001-Make-ZlibInStream-more-robust-against-failures.patch + * 0002-Encapsulate-PixelBuffer-internal-details.patch + * 0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch + * 0004-Add-write-protection-to-OffsetPixelBuffer.patch + * 0005-Handle-empty-Tight-gradient-rects.patch + * 0006-Add-unit-test-for-PixelFormat-sanity-checks.patch + * 0007-Fix-depth-sanity-test-in-PixelFormat.patch + * 0008-Add-sanity-checks-for-PixelFormat-shift-values.patch + * 0009-Remove-unused-FixedMemOutStream.patch + * 0010-Use-size_t-for-lengths-in-stream-objects.patch + * 0011-Be-defensive-about-overflows-in-stream-objects.patch + * 0012-Add-unit-tests-for-PixelFormat.is888-detection.patch + * 0013-Handle-pixel-formats-with-odd-shift-values.patch + +------------------------------------------------------------------- +Sun Feb 23 10:18:23 UTC 2020 - Hans-Peter Jansen + +- raise java dependency to 1.8.0 in order to compile the java part + on older distributions + +------------------------------------------------------------------- +Fri Feb 7 11:55:20 UTC 2020 - Stefan Dirsch + +- added a reference to bsc#1162951 about the reasoning why adding + the vnc user to the shadow group + +------------------------------------------------------------------- +Wed Jan 15 11:42:20 UTC 2020 - Stefan Dirsch + +- u_xorg-server-1.20.7-ddxInputThreadInit.patch + * buildfix for xorg-server 1.20.7, which moved ddxInputThread + call from os layer into ddx layer + +------------------------------------------------------------------- +Tue Jan 7 15:43:09 UTC 2020 - Stefan Dirsch + +- TigerVNC security fix: + 0001-Make-ZlibInStream-more-robust-against-failures.patch + 0002-Encapsulate-PixelBuffer-internal-details.patch + 0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch + 0004-Add-write-protection-to-OffsetPixelBuffer.patch + 0005-Handle-empty-Tight-gradient-rects.patch + 0006-Add-unit-test-for-PixelFormat-sanity-checks.patch + 0007-Fix-depth-sanity-test-in-PixelFormat.patch + 0008-Add-sanity-checks-for-PixelFormat-shift-values.patch + 0009-Remove-unused-FixedMemOutStream.patch + 0010-Use-size_t-for-lengths-in-stream-objects.patch + 0011-Be-defensive-about-overflows-in-stream-objects.patch + 0012-Add-unit-tests-for-PixelFormat.is888-detection.patch + 0013-Handle-pixel-formats-with-odd-shift-values.patch + * stack use-after-return due to incorrect usage of stack memory + in ZRLEDecoder (CVE-2019-15691, bsc#1159856) + * improper value checks in CopyRectDecode may lead to heap + buffer overflow (CVE-2019-15692, bsc#1160250) + * heap buffer overflow in TightDecoder::FilterGradient + (CVE-2019-15693, bsc#1159858) + * improper error handling in processing MemOutStream may lead + to heap buffer overflow (CVE-2019-15694, bsc#1160251 + * stack buffer overflow, which could be triggered from + CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860) + +------------------------------------------------------------------- +Tue Dec 31 09:53:30 UTC 2019 - Loic Devulder + +- Add tigervnc-fix-saving-of-bad-server-certs.patch + * fix saving of bad server certificates (boo#1159948) + +------------------------------------------------------------------- +Tue Dec 3 10:32:36 UTC 2019 - Marius Kittler + +- tigervnc-1.10.0 + * The clipboard now supports full Unicode in the native viewer, WinVNC and Xvnc/libvnc.so + * The native client will now respect the system trust store when verifying server certificates + * Improved compatibility with VMware's VNC server + * Improved compatibility with some input methods on macOS + * Improvements to the automatic "repair" of JPEG artefacts + * Better handling of the Alt keys in some corner cases + * The Java web server has been removed as applets are no longer support by most browsers + * x0vncserver can now be configured to only allow local connections + * x0vncserver has received fixes for when only part of the display is shared + * Polling is now default in WinVNC as that works better for most + +------------------------------------------------------------------- +Fri Oct 4 14:19:48 UTC 2019 - Hans-Peter Jansen + +- tigervnc-1.9.0-201-e71a426 + * implements extended clipboard handling (now utf-8 based) + * fixes a couple of small glitches + +------------------------------------------------------------------- +Sat Apr 20 09:54:02 UTC 2019 - Stefan Dirsch + +- tigervnc-1.9.0-199-005db35 + * update to current git master in order to fix boo#1132901 + +------------------------------------------------------------------- +Tue Mar 26 08:22:53 UTC 2019 - Yifan Jiang + +- Update with-vnc-key.sh to use only hostname for CN. + + The gnutls introduces gnutls_x509_crt_check_hostname2 in + gnutls/lib/x509/hostname-verify.c#L159 to check if the given + certificate's subject matches the given hostname. + + The function is used by the recent version of libvncclient which + will fail to verify the certification if there is a mismatching + between the connected hostname and the cert issuer's common name. + + https://github.com/LibVNC/libvncserver/commit/cc69ee9 + + So the previous way to generate the vnc server's cert brings a + complicated CN, making the client using libvncclient + (e.g. vinagre, remmina) hard to adapt the hostname check. It is + better to populate the hostname as the common name without extra + strings. + +------------------------------------------------------------------- +Thu Mar 21 09:16:51 UTC 2019 - Dominique Leuenberger + +- Change Requires(post): firewall-macros to BuildRequires: the + macros are expanded at build time and not needed at all at + runtime. + +------------------------------------------------------------------- +Thu Feb 7 12:34:03 UTC 2019 - Stephan Kulow + +- Fix build with latest cmake - which now requires the source + directory as argument (still works with old cmake versions) + +------------------------------------------------------------------- +Thu Jan 17 12:07:27 UTC 2019 - msrb@suse.com + +- Switch websocket dependency to python3. (bsc#1119737) + +------------------------------------------------------------------- +Thu Jan 17 10:21:29 UTC 2019 - msrb@suse.com + +- Do not build xorg-x11-Xvnc-module on s390. It fails to build + because macros.xorg-server is incomplete on s390 and the module + would be useless without real X server anyway. + +------------------------------------------------------------------- +Tue Jan 8 12:38:42 UTC 2019 - msrb@suse.com + +- Add U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch + * Fix the ALT and CTRL buttons in viewer's F8 menu. (bsc#1119354) + +------------------------------------------------------------------- +Wed Sep 19 21:19:21 UTC 2018 - Jason Sikes + +- Changed "openssl" requirement to "openssl(cli)" + * (bsc#1101470) + +------------------------------------------------------------------- +Mon Aug 6 12:04:52 UTC 2018 - msrb@suse.com + +- Add xvnc.target to fix xvnc-novnc.service's dependency. + (bnc#1103552) +- Split the X server's VNC module into subpackage and give it + dependency on the current extension ABI. + +------------------------------------------------------------------- +Thu Aug 2 08:31:09 UTC 2018 - msrb@suse.com + +- Update to tigervnc 1.9.0 + * Alternative, "raw" keyboard mode in the native client and all servers + * CapsLock/NumLock/ScrollLock synchronisation in the native client and all servers + * Automatic "repair" of JPEG artefacts on screen in all servers + * Support for UNIX sockets in the native client and in the UNIX servers + * Both clients now warn when sending the password over a possibly insecure channel + * Performance improvements in the Java client + * The Java client now requires Java 7 + * Improved high latency handling in all servers + * Slightly better keyboard handling in x0vncserver + * x0vncserver now supports cursors and screen resize + * Xorg 1.20 can now be used as a base for Xvnc/libvnc.so + - Fixes bnc#1103537 + +- Removed patches (included in 1.9.0): + * u_tigervnc-show-unencrypted-warning.patch + * U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch + * U_handle_certificate_verification_for_saved_certs_correctly.patch + * u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch + * u_add-support-for-X-server-1.20.0.patch + * U_vncviewer-Fix-fullscreen-scrolling.patch + * U_vncviewer-Fix-scrollbar-visibility.patch + +- Removed patches (no longer needed): + * tigervnc-1.8.0-nowindows.patch + +- Refreshed patches: + * n_tigervnc-date-time.patch + * tigervnc-clean-pressed-key-on-exit.patch + * u_tigervnc-add-autoaccept-parameter.patch + * u_tigervnc-ignore-epipe-on-write.patch + +- Added patches: + * n_correct_path_in_desktop_file.patch + +- Fixed typo in 10-libvnc.conf + +------------------------------------------------------------------- +Fri Jun 8 09:09:38 UTC 2018 - msrb@suse.com + +- Updated u_add-support-for-X-server-1.20.0.patch to version sent + upstream. Fixes GLX initialization. + +------------------------------------------------------------------- +Wed Jun 6 09:07:23 UTC 2018 - msrb@suse.com + +- U_vncviewer-Fix-fullscreen-scrolling.patch, + U_vncviewer-Fix-scrollbar-visibility.patch + * Fix scrolling in vncviewer. (boo#1095664) + +- u_add-support-for-X-server-1.20.0.patch + * Fix build against X server 1.20.0. + +------------------------------------------------------------------- +Tue Apr 24 09:16:59 UTC 2018 - msrb@suse.com + +- Reload firewalld files after installation. + +------------------------------------------------------------------- +Wed Apr 11 09:48:51 UTC 2018 - jengelh@inai.de + +- Limit feature description to openSUSE. Ensure neutrality of + description. + +------------------------------------------------------------------- +Wed Apr 11 08:12:52 UTC 2018 - msrb@suse.com + +- Add u_change-button-layout-in-ServerDialog.patch + * To fit strings in languages with longer words... (bnc#1084865) +- Refresh n_tigervnc-date-time.patch + * Completely hide the build time (bnc#1082968) + +------------------------------------------------------------------- +Thu Mar 22 14:27:28 UTC 2018 - msrb@suse.com + +- Enable xvnc.socket if upgraded from previous installation that + had VNC enabled in xinetd configuration. (bnc#1085974) +- Subpackage xorg-x11-Xvnc must also obsolete tightvnc. + +------------------------------------------------------------------- +Wed Feb 28 12:19:52 UTC 2018 - msrb@suse.com + +- Replace SuSEFirewall2 by firewalld. (bnc#1081952) + +------------------------------------------------------------------- +Mon Dec 18 16:44:20 UTC 2017 - dimstar@opensuse.org + +- Do not mess with /usr/lib*64)?/debug: this is RPM's playground + for debuginfo packages. + +------------------------------------------------------------------- +Mon Dec 18 14:56:17 UTC 2017 - fstrba@suse.com + +- Added patch: + * tigervnc-1.8.0-nowindows.patch + + Remove Windows code that is removed from jdk10 + +------------------------------------------------------------------- +Tue Dec 12 13:15:25 UTC 2017 - msrb@suse.com + +- Depend on pkgconfig's gl, egl and gbm instead of Mesa-devel. + * Those dependencies are what the underlying X server really + needs. Mesa-devel is too general and is a bottleneck in + distribution build. (bnc#1071297) + +------------------------------------------------------------------- +Tue Sep 26 11:53:23 UTC 2017 - msrb@suse.com + +- u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch + * Fixes crash in x0vncserver after client disconnects. + (bnc#1058587) + +------------------------------------------------------------------- +Mon Sep 25 08:36:07 UTC 2017 - msrb@suse.com + +- Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc. + (fate#323207) + +- Replace java applet with novnc as web-based VNC viewer. + (fate#323880) + +- Convert xinetd services to systemd socket activated services. + (bnc#1058460) + +------------------------------------------------------------------- +Mon Sep 11 14:12:30 UTC 2017 - fstrba@suse.com + +- Specify java source and target level 1.6 in order to be able to + build with jdk9 + +------------------------------------------------------------------- +Fri Aug 11 08:59:54 UTC 2017 - msrb@suse.com + +- Disable MIT-SHM extension when running under vnc user. + (bnc#1053373) + +------------------------------------------------------------------- +Thu Jul 20 07:49:41 UTC 2017 - msrb@suse.com + +- U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch, + U_handle_certificate_verification_for_saved_certs_correctly.patch + * Fix certificate handling in the java client. (bnc#1041847) + +- Refresh u_tigervnc-add-autoaccept-parameter.patch and apply it + last. + +- Make sure CN in generated certificate doesn't exceed 64 + characters. (bnc#1041847) + +------------------------------------------------------------------- +Fri Jul 7 08:06:00 UTC 2017 - msrb@suse.com + +- Change with-vnc-key.sh to generate TLS certificate using current + hostname. (bnc#1041847) + +------------------------------------------------------------------- +Fri Jun 9 11:03:23 UTC 2017 - tchvatal@suse.com + +- Require java-deve >= 1.6.0 to avoid bootstrap fail + +------------------------------------------------------------------- +Fri Jun 2 10:02:06 UTC 2017 - meissner@suse.com + +- removed unneeded -fPIC flags for CFLAGS, these made it avoid + PIE support. + +------------------------------------------------------------------- +Wed May 31 11:33:52 UTC 2017 - msrb@suse.com + +- Update to tigervnc 1.8.0 + * Overhaul of the Java client to match the look and behaviour of the native client + * Initial work for multi-threaded decoding in the Java client + * vncconfig no longer needed for clipboard with Xvnc/libvnc.so + * vncserver has system wide config support + * Full support for alpha cursors in Xvnc/libvnc.so and both viewers + +- Removed patches: + * U_Add-xorg-xserver-1.19-support.patch + * U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch + * U_tigervnc-better-check-for-screen-visibility.patch + +------------------------------------------------------------------- +Mon Apr 10 14:24:51 UTC 2017 - msrb@suse.com + +- U_tigervnc-better-check-for-screen-visibility.patch + * Crop operations to visible screen. (bnc#1032272) + +------------------------------------------------------------------- +Thu Mar 2 14:19:27 UTC 2017 - msrb@suse.com + +- Readd index.vnc. (bnc#1026833) + +------------------------------------------------------------------- +Mon Feb 20 17:43:56 UTC 2017 - msrb@suse.com + +- U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch + * Fixes inetd mode with x server 1.19 (bnc#1025759) + +------------------------------------------------------------------- +Wed Jan 25 14:52:21 UTC 2017 - msrb@suse.com + +- Update to tigervnc 1.7.1. + * This is a security update for TigerVNC 1.7.0 which fixes a + memory overflow issue via the RRE decoder. A malicious server + could possibly use this issue to take control of the TigerVNC + viewer. + +------------------------------------------------------------------- +Wed Nov 30 17:15:40 UTC 2016 - sndirsch@suse.com + +- U_Add-xorg-xserver-1.19-support.patch + * Add xorg-xserver 1.19 support + +------------------------------------------------------------------- +Tue Sep 13 14:10:08 UTC 2016 - msrb@suse.com + +- Update to tigervnc 1.7.0. + * Multi-threaded decoder in the FLTK viewer + * Improved SSH integration in the Java viewer + * Fine grained lock down of Xvnc parameters + * Compatibility with Xorg 1.18 + * Lots of packaging fixes + * Better compatibility with Vino, both in the FLTK and Java viewer +- Removed patches: + * U_add_allowoverride_parameter.patch + * U_include-vencrypt-only-if-any-subtype-present.patch + * U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch + * u_xserver118.patch + +------------------------------------------------------------------- +Mon Aug 8 20:05:19 UTC 2016 - eich@suse.com + +- Adding a generic 'windowmanager' requires which will be + satisfied by any package providing 'windowmanager': + Requires: windowmanager + (boo#981663). + +------------------------------------------------------------------- +Thu Jun 16 13:17:15 UTC 2016 - msrb@suse.com + +- Generate VNC key and certificate on first use, not during + installation. (bnc#982349) + +------------------------------------------------------------------- +Mon Jun 13 15:21:19 UTC 2016 - msrb@suse.com + +- Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch + * Fix zlib stream reset in tight encoding. (bnc#963417) + +------------------------------------------------------------------- +Tue May 24 12:46:07 UTC 2016 - msrb@suse.com + +- Add /etc/pam.d/vnc configuration and add vnc user to shadow + group. (bnc#980326) +- Add dependency on fltk-devel version >= 1.3.3. + +------------------------------------------------------------------- +Fri Apr 29 14:13:22 UTC 2016 - msrb@suse.com + +- Add U_add_allowoverride_parameter.patch and + u_build_libXvnc_as_separate_library.patch (fate#319319) +- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701) + +------------------------------------------------------------------- +Wed Apr 27 10:34:05 UTC 2016 - msrb@suse.com + +- Add dependency on xorg-x11-fonts-core. (bnc#977019) + +------------------------------------------------------------------- +Tue Jan 12 12:14:27 UTC 2016 - msrb@suse.com + +- Updated to tigervnc 1.6.0. +- Removed patches: + * N_tigervnc_revert_fltk_1_3_3_requirements.patch + * U_tigervnc-fix-reversed-logic-in-vncIsTCPPortUsed.patch + * u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch + * u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch + * u_tigervnc-use_preferred_mode.patch + * u_tigervnc-vncserver-clean-pid-files.patch +- Updated patches: + * n_tigervnc-date-time.patch + * u_tigervnc-add-autoaccept-parameter.patch + * u_tigervnc_update_default_vncxstartup.patch + +------------------------------------------------------------------- +Wed Dec 16 14:25:35 UTC 2015 - msrb@suse.com + +- u_tigervnc_update_default_vncxstartup.patch + * Update default VNC xstartup script. +- Add dependency on xinit and icewm. (bnc#956537) + +------------------------------------------------------------------- +Thu Nov 12 12:51:31 UTC 2015 - msrb@suse.com + +- u_xserver118.patch + * Build with xserver 1.18.0. + +------------------------------------------------------------------- +Thu Oct 1 23:16:52 UTC 2015 - msrb@suse.com + +- u_tigervnc-vncserver-clean-pid-files.patch + * vncserver: Clean pid files of dead processes. (bnc#948392) + +------------------------------------------------------------------- +Sun Sep 13 14:57:35 UTC 2015 - msrb@suse.com + +- U_tigervnc-fix-reversed-logic-in-vncIsTCPPortUsed.patch + * Fixes Xvnc with -inetd parameter. (bnc#945600) + +------------------------------------------------------------------- +Thu Aug 27 14:14:46 UTC 2015 - hguo@suse.com + +- VNC server cannot run without xauth and xkbcomp, therefore + introduce these dependencies. + +------------------------------------------------------------------- +Tue Aug 25 15:14:04 UTC 2015 - msrb@suse.com + +- Remove commented out DefaultDepth 16 from 10-libvnc.conf file. + Using 16 bit depth can cause troubles and does not have any + positives anymore, so lets not suggest it to users. (bnc#942982) + +------------------------------------------------------------------- +Fri Jul 31 13:48:16 UTC 2015 - dimstar@opensuse.org + +- Add /usr/sbin/groupadd and /usr/sbin/useradd Requires(post) to + xorg-x11-Xvnc: the scripts are creating users/groups. + +------------------------------------------------------------------- +Wed Jul 15 11:52:02 UTC 2015 - msrb@suse.com + +- Updated to tigervnc 1.5.0. +- Dropped no longer needed patches: + * tigervnc-sf3495623.patch + * u_syslog.patch + * u_tigervnc-build-with-xserver-1.17.patch + * tigervnc-gnutls-3.4-required.patch + * u_tigervnc-dont-send-ascii-control-characters.patch + * u_terminate_instead_of_ignoring_restart.patch +- Dropped no longer needed index.vnc. +- Use encryption everywhere. (fate#318936) + * u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch + * u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch + * u_tigervnc-add-autoaccept-parameter.patch +- Work with fltk 1.3.2. + * N_tigervnc_revert_fltk_1_3_3_requirements.patch + +------------------------------------------------------------------- +Thu May 28 02:10:46 CEST 2015 - ro@suse.de + +- add buildrequires for xf86driproto and presentproto to + match xserver +- disable dri2 on s390/s390x + +------------------------------------------------------------------- +Mon Apr 20 12:10:10 UTC 2015 - msrb@suse.com + +- u_syslog.patch, vnc.xinetd + * Add logging to syslog. + +------------------------------------------------------------------- +Wed Apr 15 10:39:07 UTC 2015 - dimstar@opensuse.org + +- Add tigervnc-gnutls-3.4-required.patch: raise gnutls dependency + to 3.2. Simplifies code, but makes it build with gnutls 3.4. + Patch taken from Arch. + +------------------------------------------------------------------- +Tue Apr 14 08:53:09 UTC 2015 - meissner@suse.com + +- Updated to tigervnc 1.4.3 + + * Upstream patches applied to the underlying Xorg code base to mitigate + CVE-2015-0255 / bsc#915810. + * Fixes for performance regressions introduced in 1.4.0. + * Character encoding of clipboard text send by Java viewer now strictly + adheres to the RFB specification. + +------------------------------------------------------------------- +Wed Apr 1 12:44:09 UTC 2015 - msrb@suse.com + +- u_terminate_instead_of_ignoring_restart.patch + * Terminate instead of ignoring restart. (bnc#920969) + +------------------------------------------------------------------- +Tue Feb 24 13:00:22 UTC 2015 - msrb@suse.com + +- Fix build against X server 1.17.x. + * u_tigervnc-build-with-xserver-1.17.patch + +------------------------------------------------------------------- +Thu Feb 5 13:39:04 UTC 2015 - msrb@suse.com + +- Use xserver sources from xorg-x11-server-source. +- Drop no longer needed patches: + * N_xorg-server-xdmcp.patch + * n_tigervnc-dont-build-gtf.patch + +------------------------------------------------------------------- +Fri Jan 9 12:50:45 UTC 2015 - msrb@suse.com + +- Update to tigervnc 1.4.1 on xorg-server 1.16.1. +- Drop upstreamed or obsolete patches: + tigervnc-sf3492352.diff + u_aarch64-support.patch + u_tigervnc-check-shm-harder.patch + u_arch-Fix-image-and-bitmap-byte-order-for-ppc64le.patch + u_tigervnc-1.3.0-fix-use-after-free.patch + tigervnc-1.2.80-fix-int-to-pointer.patch + +------------------------------------------------------------------- +Sun Nov 16 09:33:04 UTC 2014 - oscar@naiandei.net + +- add -fPIC to CFLAGS and CXXFLAGS to compile correctly on armv7l + +------------------------------------------------------------------- +Thu Oct 30 13:33:27 UTC 2014 - msrb@suse.com + +- u_tigervnc-cve-2014-8240.patch + * Prevent potentially dangerous integer overflow. + (bnc#900896 CVE-2014-8240) + +------------------------------------------------------------------- +Mon Oct 13 11:51:03 UTC 2014 - msrb@suse.com + +- u_tigervnc-use_preferred_mode.patch + * Mark user chosen resolution as preferred. (bnc#896540) + +------------------------------------------------------------------- +Mon Aug 18 13:58:30 UTC 2014 - sndirsch@suse.com + +- use update-alternatives only on openSUSE > 13.1 + +------------------------------------------------------------------- +Mon Aug 18 11:07:09 UTC 2014 - msrb@suse.com + +- u_tigervnc-check-shm-harder.patch + * Check if SHM really works before deciding to use it. + (bnc#890580) + +------------------------------------------------------------------- +Mon Aug 4 10:37:08 UTC 2014 - msrb@suse.com + +- U_include-vencrypt-only-if-any-subtype-present.patch + * Do not automatically offer VeNCrypt security if none of it's + subtypes is selected. (bnc#889781) + +------------------------------------------------------------------- +Wed Jun 4 11:39:54 UTC 2014 - msrb@suse.com + +- Fix some errors reported by rpmlint. + +------------------------------------------------------------------- +Thu May 29 03:37:30 UTC 2014 - crrodriguez@opensuse.org + +- n_tigervnc-date-time.patch package republishes everyday + and gets on my nerves, this is because the binaries contain + hardcoded timestamps, avoid that. +- export CXXFLAGS and CFLAGS before building ttigervnc otherwise + it gets built without optimization. +- Make build verbose so it rpmlint catches errors like the above ones. + +------------------------------------------------------------------- +Wed May 28 14:54:02 UTC 2014 - msrb@suse.com + +- Use update-alternatives. + +------------------------------------------------------------------- +Tue May 20 13:55:30 UTC 2014 - msrb@suse.com + +- u_tigervnc-ignore-epipe-on-write.patch + * Do not display error message because of EPIPE on write. + (bnc#864676) + +------------------------------------------------------------------- +Fri May 16 13:52:19 UTC 2014 - msrb@suse.com + +- Update to version 1.3.1 + * Security release (CVE-2014-0011). + +------------------------------------------------------------------- +Mon Apr 28 01:00:39 UTC 2014 - sndirsch@suse.com + +- added missing pkgconfig(xorg-macros) >= 1.14 + +------------------------------------------------------------------- +Sat Apr 26 12:04:30 UTC 2014 - sndirsch@suse.com + +- xorg-x11-Xvnc: require xkeyboard-config (bnc#875329) + +------------------------------------------------------------------- +Fri Apr 25 11:55:11 UTC 2014 - msrb@suse.com + +- vnc.xinetd + * Do not use 16 bpp by default anymore. The network trafic gain + of 16 bpp together with Tight encoding is arguable. 16 bpp + causes graphical issues and is known to not work properly + in Mesa. (bnc#871965) + +------------------------------------------------------------------- +Mon Mar 17 13:47:18 UTC 2014 - msrb@suse.com + +- Update HTML page that serves vnc client applet. (bnc#867273) +- u_tigervnc-dont-send-ascii-control-characters.patch + * Send CTRL+[A-Z] combinations instead of ascii control characters. + (bnc#864666) + +------------------------------------------------------------------- +Mon Feb 24 14:42:50 UTC 2014 - msrb@suse.com + +- u_arch-Fix-image-and-bitmap-byte-order-for-ppc64le.patch: + arch: Fix image and bitmap byte order for ppc64le (bnc#865069) + +------------------------------------------------------------------- +Thu Feb 13 14:29:47 UTC 2014 - msrb@suse.com + +- Readd vncpasswd.arg for compatibility with installation system + and potentially another users. (bnc#855246) + +------------------------------------------------------------------- +Fri Feb 7 14:52:02 UTC 2014 - msrb@suse.com + +- Drop tigervnc-sf3492503.diff, tigervnc-sf3495623.diff and + tigervnc-sf3495623.patch.old (not used and not needed). +- Update tigervnc-sf3492352.diff and tigervnc-sf3495623.patch. + +------------------------------------------------------------------- +Fri Jan 10 15:11:50 UTC 2014 - sndirsch@suse.com + +- do not include vnc Xserver module and xorg.conf snippet on s390x + +------------------------------------------------------------------- +Thu Jan 9 11:40:13 UTC 2014 - msrb@suse.com + +- Remove unnecessary BuildRequires for binutils-gold. + +------------------------------------------------------------------- +Mon Dec 16 14:51:48 UTC 2013 - msrb@suse.com + +- Exclude xorg-server-1.13.0/hw/xfree86/modes/xf86gtf.c and + xorg-server-1.13.0/hw/xfree86/utils/gtf/gtf.c from xserver + sources. (bnc#855566) +- n_tigervnc-dont-build-gtf.patch + * Fix build with gtf files excluded. (bnc#855566) + +------------------------------------------------------------------- +Tue Dec 3 14:34:56 UTC 2013 - msrb@suse.com + +- tigervnc-clean-pressed-key-on-exit.patch + * Send release events for pressed keys after X I/O error. + (bnc#670448) + +------------------------------------------------------------------- +Mon Nov 18 14:05:44 UTC 2013 - msrb@suse.com + +- Update to 1.3.0. +- Build xorg-x11-Xvnc package from this sources. + +------------------------------------------------------------------- +Wed Sep 19 08:08:53 UTC 2012 - werner@suse.de + +- Make it build with latest TeXLive 2012 and use pdf engine + +------------------------------------------------------------------- +Wed Mar 21 23:30:32 UTC 2012 - jengelh@medozas.de + +- Add missing tarball +- Parallel build with %_smp_mflags +- Remove redundant sections + +------------------------------------------------------------------- +Fri Feb 24 20:47:33 UTC 2012 - giecrilj@stegny.2a.pl + +- bump to 1.1 (current stable) +- add documentation (bnc#748504) +- build dynamic server +- eliminate gethostbyname, patch submitted upstream +- incidental clean-up + +------------------------------------------------------------------- +Wed Feb 9 15:07:34 UTC 2011 - sndirsch@novell.com + +- added jpeg-devel to BuildRequires + +------------------------------------------------------------------- +Wed Feb 9 14:00:16 UTC 2011 - sndirsch@novell.com + +- use system jpeg for building +- fixed xkb path +- added more reasonable options for Xvfb building + +------------------------------------------------------------------- +Wed Feb 9 08:57:06 UTC 2011 - sndirsch@novell.com + +- added Reinhard's xdmcp fix (bnc #625593) + +------------------------------------------------------------------- +Wed Feb 9 08:50:10 UTC 2011 - sndirsch@novell.com + +- TigerVNC build + * fix fontpatch + * cleanup + +------------------------------------------------------------------- +Wed Feb 9 04:41:24 UTC 2011 - sndirsch@novell.com + +- build Xvnc of TigerVNC project when %tigervnc is set; make this + the default for now + +------------------------------------------------------------------- +Tue Feb 8 17:00:32 UTC 2011 - sndirsch@novell.com + +- latest version of Perl script + +------------------------------------------------------------------- +Thu Feb 3 17:41:02 UTC 2011 - sndirsch@novell.com + +- renamed package from xorg-x11-Xvnc-ng to xorg-x11-Xvnc + +------------------------------------------------------------------- +Thu Feb 3 17:26:04 UTC 2011 - sndirsch@novell.com + +- rewritten wrapper script in Perl + +------------------------------------------------------------------- +Wed Jan 26 10:07:10 UTC 2011 - sndirsch@novell.com + +- added services file for SuSEfirewall2 + +------------------------------------------------------------------- +Wed Jan 26 00:43:01 UTC 2011 - sndirsch@novell.com + +- created package + diff --git a/tigervnc.firewalld b/tigervnc.firewalld new file mode 100644 index 0000000..316e35e --- /dev/null +++ b/tigervnc.firewalld @@ -0,0 +1,7 @@ + + + VNC display :1 + VNC is protocol for remote desktop. The TigerVNC service and the vncmanager service use VNC display number :1. + + + diff --git a/tigervnc.spec b/tigervnc.spec new file mode 100644 index 0000000..92e05d4 --- /dev/null +++ b/tigervnc.spec @@ -0,0 +1,558 @@ +# +# spec file for package tigervnc +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define vncgroup vnc +%define vncuser vnc +%define tlskey %{_sysconfdir}/vnc/tls.key +%define tlscert %{_sysconfdir}/vnc/tls.cert +%if 0%{?suse_version} >= 1500 +%define use_firewalld 1 +%else +%define use_firewalld 0 +%endif +%if 0%{?suse_version} < 1550 +%define _pam_vendordir %{_sysconfdir}/pam.d +%endif +Name: tigervnc +Version: 1.13.1 +Release: 0 +Summary: An implementation of VNC +License: GPL-2.0-only AND MIT +Group: System/X11/Servers/XF86_4 +URL: https://tigervnc.org/ +Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source4: 10-libvnc.conf +Source5: vnc-server.susefirewall +Source6: vnc-httpd.susefirewall +Source7: vnc.reg +Source8: vncpasswd.arg +Source9: vnc.pam +Source10: with-vnc-key.sh +Source11: index.vnc +Source12: x11vnc +Source13: xvnc@.service.in +Source14: xvnc.socket +Source16: xvnc-novnc.socket +Source17: tigervnc.firewalld +Source18: tigervnc-https.firewalld +Source19: xvnc.target +Source21: xvnc-novnc.service.in +Source22: vnc.sysusers +Patch1: u_tigervnc-ignore-epipe-on-write.patch +Patch2: u_build_libXvnc_as_separate_library.patch +Patch3: u_tigervnc-add-autoaccept-parameter.patch +Patch4: u_change-button-layout-in-ServerDialog.patch +Patch5: n_tigervnc-date-time.patch +Patch6: n_correct_path_in_desktop_file.patch +Patch7: n_vncserver.patch +Patch8: n_dont_sign_java_client.patch +Provides: tightvnc = 1.5.0 +Obsoletes: tightvnc < 1.5.0 +Provides: vnc +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: cmake +BuildRequires: fltk-devel >= 1.3.3 +BuildRequires: gcc-c++ +BuildRequires: java-devel >= 1.8.0 +BuildRequires: jpackage-utils +BuildRequires: libjpeg-devel +BuildRequires: libopenssl-devel +BuildRequires: libtool +BuildRequires: xorg-x11-server-sdk >= 21.1.11 +BuildRequires: xorg-x11-server-source >= 21.1.11 +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xext) +BuildRequires: pkgconfig(xproto) +BuildRequires: pkgconfig(xtst) +# Because of keytool to build java client +BuildRequires: libXdamage-devel +BuildRequires: libXrandr-devel +BuildRequires: libgcrypt-devel +BuildRequires: libgpg-error-devel +BuildRequires: mozilla-nss +BuildRequires: pam-devel +BuildRequires: pkgconfig +BuildRequires: systemd-rpm-macros +BuildRequires: sysuser-tools +BuildRequires: xmlto +BuildRequires: xorg-x11-libICE-devel +BuildRequires: xorg-x11-libSM-devel +BuildRequires: pkgconfig(bigreqsproto) >= 1.1.0 +BuildRequires: pkgconfig(compositeproto) >= 0.4 +BuildRequires: pkgconfig(damageproto) >= 1.1 +BuildRequires: pkgconfig(dri) +BuildRequires: pkgconfig(egl) +BuildRequires: pkgconfig(fixesproto) >= 4.1 +BuildRequires: pkgconfig(fontsproto) +BuildRequires: pkgconfig(fontutil) +BuildRequires: pkgconfig(gbm) +BuildRequires: pkgconfig(gl) +BuildRequires: pkgconfig(glproto) +BuildRequires: pkgconfig(gnutls) >= 3.6.0 +BuildRequires: pkgconfig(inputproto) >= 1.9.99.902 +BuildRequires: pkgconfig(kbproto) >= 1.0.3 +BuildRequires: pkgconfig(libtasn1) +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(pciaccess) >= 0.8.0 +BuildRequires: pkgconfig(pixman-1) >= 0.15.20 +BuildRequires: pkgconfig(presentproto) >= 1.0 +BuildRequires: pkgconfig(randrproto) >= 1.2.99.3 +BuildRequires: pkgconfig(recordproto) >= 1.13.99.1 +BuildRequires: pkgconfig(renderproto) >= 0.11 +BuildRequires: pkgconfig(resourceproto) +BuildRequires: pkgconfig(scrnsaverproto) >= 1.1 +BuildRequires: pkgconfig(videoproto) +BuildRequires: pkgconfig(xau) +BuildRequires: pkgconfig(xcmiscproto) >= 1.2.0 +BuildRequires: pkgconfig(xdmcp) +BuildRequires: pkgconfig(xextproto) >= 7.0.99.3 +BuildRequires: pkgconfig(xf86driproto) >= 2.1.1 +BuildRequires: pkgconfig(xfont2) +BuildRequires: pkgconfig(xineramaproto) +BuildRequires: pkgconfig(xkbfile) +BuildRequires: pkgconfig(xorg-macros) >= 1.14 +BuildRequires: pkgconfig(xproto) >= 7.0.17 +BuildRequires: pkgconfig(xtrans) >= 1.2.2 +BuildRequires: pkgconfig(zlib) +%if 0%{?suse_version} >= 1315 +Requires(post): update-alternatives +Requires(postun):update-alternatives +%endif + +%description +TigerVNC is an implementation of VNC (Virtual Network Computing), a +client/server application that allows users to launch and interact +with graphical applications on remote machines. TigerVNC is capable +of running 3D and video applications. TigerVNC also provides +extensions for advanced authentication methods and TLS encryption. + +%package -n xorg-x11-Xvnc +Summary: TigerVNC implementation of Xvnc +Group: System/X11/Servers/XF86_4 +Requires(pre): group(shadow) +%sysusers_requires +Requires(post): /bin/awk +Requires(post): systemd +%if %{use_firewalld} +BuildRequires: firewall-macros +%endif +# Needed to generate certificates +Requires: windowmanager +Requires: dbus-1-x11 +Requires: xauth +Requires: xinit +Requires: xkbcomp +Requires: xkeyboard-config +Requires: xorg-x11-fonts-core +Requires: openssl(cli) +# For the with-vnc-key.sh script +Requires: /bin/hostname +%{?systemd_requires} +%ifnarch s390 s390x +Recommends: xorg-x11-Xvnc-module +%endif +Provides: tightvnc = 1.5.0 +Obsoletes: tightvnc < 1.5.0 +Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh + +%description -n xorg-x11-Xvnc +This is the TigerVNC implementation of Xvnc. + +%package -n xorg-x11-Xvnc-module +Summary: VNC module for X server +#%%{x11_abi_extension_req} +Group: System/X11/Servers/XF86_4 +Requires: xorg-x11-Xvnc + +%description -n xorg-x11-Xvnc-module +This module allows to share content of X server's screen over VNC. +It is loaded into X server as a module if enable in X server's +configuration. + +%package -n xorg-x11-Xvnc-novnc +Summary: NoVNC service for Xvnc +Group: System/X11/Servers/XF86_4 +Requires: novnc +Requires: python3-websockify +Requires: xorg-x11-Xvnc +BuildArch: noarch +%{?systemd_requires} + +%description -n xorg-x11-Xvnc-novnc +A service that starts noVNC linked to Xvnc server. + +%package -n xorg-x11-Xvnc-java +Summary: VNC viewer in java +Group: System/X11/Servers/XF86_4 +BuildArch: noarch +%{?systemd_requires} + +%description -n xorg-x11-Xvnc-java +A VNC client written in java that can be used as standalone application or as +an applet inside web page. + +%package -n libXvnc1 +Summary: X extension to control VNC module +Group: System/Libraries + +%description -n libXvnc1 +Xvnc extension allows X clients to read and change VNC configuration. + +%package -n libXvnc-devel +Summary: X extension to control VNC module +Group: Development/Libraries/C and C++ +Requires: libXvnc1 = %version + +%description -n libXvnc-devel +Xvnc extension allows X clients to read and change VNC configuration. + +%package x11vnc +Summary: Wrapper that starts x0vncserver +Group: System/X11/Servers/XF86_4 +Requires: xorg-x11-Xvnc +Conflicts: x11vnc +Provides: x11vnc +BuildArch: noarch + +%description x11vnc +This is a wrapper that looks like x11vnc, but starts x0vncserver instead. +It maps common x11vnc arguments to x0vncserver arguments. + +%prep +%setup -T -b1 -q -n tigervnc-%{version} +%patch1 -p0 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p0 +%patch8 -p0 + +cp -r %{_prefix}/src/xserver/* unix/xserver/ +pushd unix/xserver +patch -p1 < ../xserver21.1.1.patch +popd + +%build +%sysusers_generate_pre %{SOURCE22} xorg-x11-Xvnc vnc.conf +export CXXFLAGS="%optflags" +export CFLAGS="%optflags" +sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE13} > xvnc@.service +sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE21} > xvnc-novnc.service +# Build all tigervnc +cmake -DCMAKE_VERBOSE_MAKEFILE=ON \ + -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \ + -DCMAKE_INSTALL_LIBEXECDIR:PATH=%{_libexecdir} \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo . +%make_build + +# Build Xvnc server +pushd unix/xserver +autoreconf -fi +%configure \ + --disable-xorg --disable-xnest --disable-xvfb \ + --disable-xwin --disable-xephyr --disable-kdrive \ + --disable-static --disable-xinerama \ + --with-xkb-path="%{_datadir}/X11/xkb" \ + --with-xkb-output="%{_sharedstatedir}/xkb/compiled" \ + --enable-glx --enable-dri \ +%ifnarch s390 s390x + --enable-dri2 \ +%endif + --disable-config-hal \ + --disable-config-udev \ + --without-dtrace \ + --disable-unit-tests \ + --disable-devel-docs \ + --with-fontrootdir=%{_datadir}/fonts \ + --disable-selective-werror +%make_build V=1 +popd + +# Build java client +pushd java +cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} . +%make_build +popd + +%install + +%make_install + +mv %{buildroot}%{_bindir}/vncviewer %{buildroot}%{_bindir}/vncviewer-tigervnc +mv %{buildroot}%{_datadir}/man/man1/vncviewer.1 %{buildroot}%{_datadir}/man/man1/vncviewer-tigervnc.1 + +pushd unix/xserver +%make_install +popd + +pushd java +mkdir -p %{buildroot}%{_datadir}/vnc/classes +install -m755 VncViewer.jar %{buildroot}%{_datadir}/vnc/classes +popd + +%ifnarch s390x +install -D -m 644 %{SOURCE4} %{buildroot}%{_datadir}/X11/xorg.conf.d/10-libvnc.conf +%endif + +%if %{use_firewalld} +install -D -m 644 %{SOURCE17} %{buildroot}%{_prefix}/lib/firewalld/services/tigervnc.xml +install -D -m 644 %{SOURCE18} %{buildroot}%{_prefix}/lib/firewalld/services/tigervnc-https.xml +%else +install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-server +install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd +%endif + +# only package as %%doc (boo#1173045) +cp %{SOURCE7} . +install -D -m 755 %{SOURCE8} %{buildroot}%{_bindir}/vncpasswd.arg +install -D -m 644 %{SOURCE9} %{buildroot}%{_pam_vendordir}/vnc +%if 0%{?suse_version} >= 1550 +mv %{buildroot}%{_sysconfdir}/pam.d/tigervnc %{buildroot}%{_pam_vendordir} +%endif +install -D -m 644 %{SOURCE11} %{buildroot}%{_datadir}/vnc/classes +%if 0%{?suse_version} >= 1315 +ln -s -f %{_sysconfdir}/alternatives/vncviewer %{buildroot}%{_bindir}/vncviewer +ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz %{buildroot}%{_mandir}/man1/vncviewer.1.gz +%endif + +mkdir -p %{buildroot}%{_sbindir} +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc-novnc + +mkdir -p %{buildroot}%{_sysconfdir}/vnc + +mkdir -p %{buildroot}%{_libexecdir}/vnc +install -D -m 755 %{SOURCE10} %{buildroot}%{_libexecdir}/vnc + +install -D -m 755 %{SOURCE12} %{buildroot}%{_bindir}/x11vnc + +install -D xvnc@.service -m 0444 %{buildroot}%{_unitdir}/xvnc@.service +install -D %{SOURCE14} -m 0444 %{buildroot}%{_unitdir}/xvnc.socket +install -D %{SOURCE16} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.socket +install -D %{SOURCE19} -m 0444 %{buildroot}%{_unitdir}/xvnc.target +install -D xvnc-novnc.service -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service + +install -Dm0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/vnc.conf + +rm -rf %{buildroot}%{_datadir}/doc/tigervnc* + +%find_lang '%{name}' + +%post +%if 0%{?suse_version} >= 1315 +%_sbindir/update-alternatives \ + --install %{_bindir}/vncviewer vncviewer %{_bindir}/vncviewer-tigervnc 20 \ + --slave %{_mandir}/man1/vncviewer.1.gz vncviewer.1.gz %{_mandir}/man1/vncviewer-tigervnc.1.gz +%endif + +%postun +%if 0%{?suse_version} >= 1315 +if [ "$1" = 0 ] ; then + "%{_sbindir}/update-alternatives" --remove vncviewer %{_bindir}/vncviewer-tigervnc +fi +%endif + +%pre -n xorg-x11-Xvnc -f xorg-x11-Xvnc.pre +%service_add_pre xvnc.socket xvnc.target +%if 0%{?suse_version} >= 1550 +# Prepare for migration to /usr/lib; save any old .rpmsave +for i in pam.d/vnc pam.d/tigervnc ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans -n xorg-x11-Xvnc +# Migration to /usr/lib, restore just created .rpmsave +for i in pam.d/vnc pam.d/tigervnc ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%post -n xorg-x11-Xvnc +%service_add_post xvnc.socket xvnc.target + +%if %{use_firewalld} +%{firewalld_reload} +%endif + +# If there is old xinetd configuration file and VNC service was enabled, enable the systemd service too. +# Once we are done, RPM will rename the file to /etc/xinetd.d/vnc.rpmsave, so this won't happen +# during future updates. +if [ -e %{_sysconfdir}/xinetd.d/vnc ] && awk ' + BEGIN { in_vnc1_section = 0 } + /service.*vnc1/ { in_vnc1_section = 1 } + in_vnc1_section && /disable\s*=\s*yes/ { exit 1 } + in_vnc1_section && /}/ { exit 0 } + ' %{_sysconfdir}/xinetd.d/vnc; +then + echo "Found old xinetd configuration with enabled VNC service. Enabling xvnc.socket." + systemctl enable xvnc.socket +fi + +%preun -n xorg-x11-Xvnc +%service_del_preun xvnc.socket xvnc.target + +%postun -n xorg-x11-Xvnc +%service_del_postun xvnc.socket xvnc.target + +%pre -n xorg-x11-Xvnc-novnc +%service_add_pre xvnc-novnc.service xvnc-novnc.socket + +%post -n xorg-x11-Xvnc-novnc +%service_add_post xvnc-novnc.service xvnc-novnc.socket + +%preun -n xorg-x11-Xvnc-novnc +%service_del_preun xvnc-novnc.service xvnc-novnc.socket + +%postun -n xorg-x11-Xvnc-novnc +%service_del_postun xvnc-novnc.service xvnc-novnc.socket + +%post -n libXvnc1 -p /sbin/ldconfig +%postun -n libXvnc1 -p /sbin/ldconfig + +%files -f %{name}.lang +%ghost %{_bindir}/vncviewer +%{_bindir}/vncviewer-tigervnc +%license LICENCE.TXT +%doc README.rst +%ghost %{_mandir}/man1/vncviewer.1.gz +%{_mandir}/man1/vncviewer-tigervnc.1%{?ext_man} +%if 0%{?suse_version} >= 1315 +%ghost %{_sysconfdir}/alternatives/vncviewer +%ghost %{_sysconfdir}/alternatives/vncviewer.1.gz +%endif + +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/16x16/apps +%dir %{_datadir}/icons/hicolor/22x22 +%dir %{_datadir}/icons/hicolor/22x22/apps +%dir %{_datadir}/icons/hicolor/24x24 +%dir %{_datadir}/icons/hicolor/24x24/apps +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/32x32/apps +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/48x48/apps +%dir %{_datadir}/icons/hicolor/64x64 +%dir %{_datadir}/icons/hicolor/64x64/apps +%dir %{_datadir}/icons/hicolor/128x128 +%dir %{_datadir}/icons/hicolor/128x128/apps +%dir %{_datadir}/icons/hicolor/scalable +%dir %{_datadir}/icons/hicolor/scalable/apps + +%{_datadir}/icons/hicolor/*/apps/tigervnc.png +%{_datadir}/icons/hicolor/scalable/apps/tigervnc.svg + +%{_datadir}/applications/vncviewer.desktop +%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml + +%files -n xorg-x11-Xvnc +%license LICENCE.TXT +%doc README.rst vnc.reg +%doc unix/vncserver/HOWTO.md + +%{_bindir}/Xvnc +%{_bindir}/vncconfig +%{_bindir}/vncpasswd +%{_bindir}/vncpasswd.arg +%{_bindir}/x0vncserver +%{_sbindir}/vncsession + +%{_libexecdir}/vncserver +%{_libexecdir}/vncsession-start + +%exclude %{_mandir}/man1/Xserver.1* +%{_mandir}/man1/Xvnc.1%{?ext_man} +%{_mandir}/man1/vncconfig.1%{?ext_man} +%{_mandir}/man1/vncpasswd.1%{?ext_man} +%{_mandir}/man1/x0vncserver.1%{?ext_man} +%{_mandir}/man8/vncserver.8%{?ext_man} +%{_mandir}/man8/vncsession.8%{?ext_man} + +%{_unitdir}/vncserver@.service +%{_unitdir}/xvnc@.service +%{_unitdir}/xvnc.socket +%{_unitdir}/xvnc.target +%{_sysusersdir}/vnc.conf +%{_sbindir}/rcxvnc + +%dir %{_sysconfdir}/tigervnc +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver* + +%exclude %{_sharedstatedir}/xkb/compiled/README.compiled + +%if %{use_firewalld} +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/tigervnc.xml +%{_prefix}/lib/firewalld/services/tigervnc-https.xml +%else +%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-server +%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd +%endif + +%if 0%{?suse_version} < 1550 +%config %{_sysconfdir}/pam.d/vnc +%config(noreplace) %{_sysconfdir}/pam.d/tigervnc +%else +%{_pam_vendordir}/vnc +%{_pam_vendordir}/tigervnc +%endif + +%dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc +%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey} +%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert} + +%{_libexecdir}/vnc + +%ifarch s390 s390x +# These would be in xorg-x11-Xvnc-module, but we don't build that on s390 +%exclude %{_libdir}/xorg/protocol.txt +%exclude %{_libdir}/xorg/modules/extensions/libvnc.la +%exclude %{_libdir}/xorg/modules/extensions/libvnc.so +%endif + +%ifnarch s390 s390x +%files -n xorg-x11-Xvnc-module +%exclude %{_libdir}/xorg/protocol.txt +%exclude %{_libdir}/xorg/modules/extensions/libvnc.la +%{_libdir}/xorg/modules/extensions/libvnc.so +%{_datadir}/X11/xorg.conf.d/10-libvnc.conf +%endif + +%files -n xorg-x11-Xvnc-novnc +%{_unitdir}/xvnc-novnc.service +%{_unitdir}/xvnc-novnc.socket +%{_sbindir}/rcxvnc-novnc + +%files -n xorg-x11-Xvnc-java +%doc java/com/tigervnc/vncviewer/README +%{_datadir}/vnc + +%files -n libXvnc1 +%{_libdir}/libXvnc.so.1* + +%files -n libXvnc-devel +%{_libdir}/libXvnc.so +%{_includedir}/X11/extensions/Xvnc.h + +%files x11vnc +%{_bindir}/x11vnc + +%changelog diff --git a/u_build_libXvnc_as_separate_library.patch b/u_build_libXvnc_as_separate_library.patch new file mode 100644 index 0000000..7e79a98 --- /dev/null +++ b/u_build_libXvnc_as_separate_library.patch @@ -0,0 +1,38 @@ +Author: Michal Srb +Patch-Mainline: To be upstreamed +Subject: [PATCH] Build libXvnc as separate library. + +So it can be used by others, not only vncconfig. + +Index: tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt +=================================================================== +--- tigervnc-1.12.0.orig/unix/vncconfig/CMakeLists.txt ++++ tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt +@@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR}) + include_directories(${CMAKE_SOURCE_DIR}/common) + include_directories(${CMAKE_SOURCE_DIR}/unix/tx) + ++include(GNUInstallDirs) ++ ++add_library(Xvnc SHARED ++ vncExt.c) ++ ++set_target_properties(Xvnc ++ PROPERTIES ++ VERSION 1.0.0 ++ SOVERSION 1 ++) ++ + add_executable(vncconfig + buildtime.c +- vncExt.c + vncconfig.cxx + QueryConnectDialog.cxx) + +-target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES}) ++target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES}) + + install(TARGETS vncconfig DESTINATION ${CMAKE_INSTALL_FULL_BINDIR}) ++install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so) + install(FILES vncconfig.man DESTINATION ${CMAKE_INSTALL_FULL_MANDIR}/man1 RENAME vncconfig.1) ++install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h) diff --git a/u_change-button-layout-in-ServerDialog.patch b/u_change-button-layout-in-ServerDialog.patch new file mode 100644 index 0000000..04e81e3 --- /dev/null +++ b/u_change-button-layout-in-ServerDialog.patch @@ -0,0 +1,32 @@ +Patch-mainline: To be upstreamed +References: bnc#1084865 +Author: Michal Srb +Subject: Change button layout in ServerDialog. + +To fit strings in languages with longer words... +--- + vncviewer/ServerDialog.cxx | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +Index: tigervnc-1.13.0/vncviewer/ServerDialog.cxx +=================================================================== +--- tigervnc-1.13.0.orig/vncviewer/ServerDialog.cxx ++++ tigervnc-1.13.0/vncviewer/ServerDialog.cxx +@@ -70,7 +70,7 @@ ServerDialog::ServerDialog() + serverName = new Fl_Input_Choice(x, y, w() - margin*2 - server_label_width, INPUT_HEIGHT, _("VNC server:")); + usedDir = NULL; + +- int adjust = (w() - 20) / 4; ++ int adjust = (w() - 20) / 3; + int button_width = adjust - margin/2; + + x = margin; +@@ -93,6 +93,8 @@ ServerDialog::ServerDialog() + + x = 0; + y += margin/2 + BUTTON_HEIGHT; ++ adjust = (w() - 20) / 4; ++ button_width = adjust - margin/2; + + divider = new Fl_Box(x, y, w(), 2); + divider->box(FL_THIN_DOWN_FRAME); diff --git a/u_tigervnc-add-autoaccept-parameter.patch b/u_tigervnc-add-autoaccept-parameter.patch new file mode 100644 index 0000000..830a92f --- /dev/null +++ b/u_tigervnc-add-autoaccept-parameter.patch @@ -0,0 +1,49 @@ +Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java +=================================================================== +--- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java ++++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java +@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur + public static StringParameter X509CRL + = new StringParameter("X509CRL", + "X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer); ++ public static StringParameter x509autoaccept ++ = new StringParameter("x509autoaccept", ++ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer); + public static UserMsgBox msg; + + private void initGlobal() +@@ -85,6 +88,7 @@ public class CSecurityTLS extends CSecur + setDefaults(); + cafile = X509CA.getData(); + crlfile = X509CRL.getData(); ++ certautoaccept = x509autoaccept.getData(); + } + + public static String getDefaultCA() { +@@ -278,6 +282,7 @@ public class CSecurityTLS extends CSecur + "do you want to continue?")) + throw new AuthFailureException("server certificate has expired"); + } ++ String thumbprint = getThumbprint(cert); + File vncDir = new File(FileUtils.getVncHomeDir()); + if (!vncDir.exists()) { + try { +@@ -337,6 +342,9 @@ public class CSecurityTLS extends CSecur + store_pubkey(dbPath, client.getServerName().toLowerCase(), pk); + } catch (java.lang.Exception e) { + if (e.getCause() instanceof CertPathBuilderException) { ++ if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) { ++ return; ++ } + vlog.debug("Server host not previously known"); + vlog.debug(info); + String text = +@@ -524,7 +532,7 @@ public class CSecurityTLS extends CSecur + private SSLEngineManager manager; + private boolean anon; + +- private String cafile, crlfile; ++ private String cafile, crlfile, certautoaccept; + private FdInStream is; + private FdOutStream os; + diff --git a/u_tigervnc-ignore-epipe-on-write.patch b/u_tigervnc-ignore-epipe-on-write.patch new file mode 100644 index 0000000..19a444d --- /dev/null +++ b/u_tigervnc-ignore-epipe-on-write.patch @@ -0,0 +1,26 @@ +Author: Michal Srb +Subject: Ignore EPIPE on write. +Patch-Mainline: To be upstreamed +References: bnc#864676 + +If the VNC server closes connection after our last read and before this write, we will report error message about EPIPE. +This situation is no error, however, we should quit normally same as when we find out that connection was closed during read. +Index: common/rdr/FdOutStream.cxx +=================================================================== +--- common/rdr/FdOutStream.cxx.orig ++++ common/rdr/FdOutStream.cxx +@@ -128,8 +128,12 @@ size_t FdOutStream::writeFd(const void* + #endif + } while (n < 0 && (errno == EINTR)); + +- if (n < 0) +- throw SystemException("write", errno); ++ if (n < 0) { ++ if(errno == EPIPE) ++ n = length; // Ignore EPIPE and fake successfull write, it doesn't matter that we are writing to closed socket, we will find out once we try to read from it. ++ else ++ throw SystemException("write", errno); ++ } + + gettimeofday(&lastWrite, NULL); + diff --git a/vnc-httpd.susefirewall b/vnc-httpd.susefirewall new file mode 100644 index 0000000..be8a18c --- /dev/null +++ b/vnc-httpd.susefirewall @@ -0,0 +1,4 @@ +## Name: VNC mini-HTTP server +## Description: Opens the VNC HTTP ports so that browsers can connect. + +TCP="5800:5899" diff --git a/vnc-server.susefirewall b/vnc-server.susefirewall new file mode 100644 index 0000000..a73b0e7 --- /dev/null +++ b/vnc-server.susefirewall @@ -0,0 +1,4 @@ +## Name: VNC +## Description: Opens VNC server ports so that viewers can connect. + +TCP="5900:5999" diff --git a/vnc.pam b/vnc.pam new file mode 100644 index 0000000..fef9dd4 --- /dev/null +++ b/vnc.pam @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/vnc.reg b/vnc.reg new file mode 100644 index 0000000..d32c01d --- /dev/null +++ b/vnc.reg @@ -0,0 +1,42 @@ +############################################################################# +# +# OpenSLP registration file +# +# register VNC remote logins via kdm +# You need also to allow remote logins +# +############################################################################# + +# Register VNC service for krdc (KDE VNC client in kdenetwork) +service:remotedesktop.kde:vnc://$HOSTNAME:5901,en,65535 +tcp-port=5901 +description=VNC remote login [1024x768] + +# Register VNC service for krdc (KDE VNC client in kdenetwork) +service:remotedesktop.kde:vnc://$HOSTNAME:5902,en,65535 +tcp-port=5902 +description=VNC remote login [1280x1024] + +# Register VNC service for krdc (KDE VNC client in kdenetwork) +service:remotedesktop.kde:vnc://$HOSTNAME:5903,en,65535 +tcp-port=5903 +description=VNC remote login [1600x1200] + +# Register VNC service for Java clients +# Can be used with every Web browser with enabled Java +service:remotedesktop.java:http://$HOSTNAME:5801,en,65535 +tcp-port=5801 +description=VNC remote login [1024x768] + +# Register VNC service for Java clients +# Can be used with every Web browser with enabled Java +service:remotedesktop.java:http://$HOSTNAME:5802,en,65535 +tcp-port=5802 +description=VNC remote login [1280x1024] + +# Register VNC service for Java clients +# Can be used with every Web browser with enabled Java +service:remotedesktop.java:http://$HOSTNAME:5803,en,65535 +tcp-port=5803 +description=VNC remote login [1600x1200] + diff --git a/vnc.sysusers b/vnc.sysusers new file mode 100644 index 0000000..00470eb --- /dev/null +++ b/vnc.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +u vnc - "user for VNC" /var/lib/empty - +m vnc shadow - - - diff --git a/vncpasswd.arg b/vncpasswd.arg new file mode 100644 index 0000000..55c0434 --- /dev/null +++ b/vncpasswd.arg @@ -0,0 +1,10 @@ +#!/bin/sh + +# Compatibility replacement for vncpasswd.arg. + +if [ $# -ne 2 ]; then + echo "Usage: $0 file password" + exit 1 +fi + +echo "$2" | vncpasswd -f > "$1" diff --git a/with-vnc-key.sh b/with-vnc-key.sh new file mode 100644 index 0000000..bf16b70 --- /dev/null +++ b/with-vnc-key.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Wrapper that makes sure /etc/vnc/tls.{key,cert} exist before executing given command. + + +TLSKEY=/etc/vnc/tls.key +TLSCERT=/etc/vnc/tls.cert + + +if test -s $TLSKEY -a -s $TLSCERT; then + # Execute the command we were given. + exec "$@" +fi + +( + # Wait for lock on the key file. We must not proceed while someone else is creating it. + flock 200 + + # If the key file doesn't exist or has zero size (because it doubles as lock), generate it. + if ! test -s $TLSKEY ; then + (umask 077 && openssl genrsa -out $TLSKEY 2048) >&200 + fi + + # If the cert file doesn't exist, generate it. + if ! test -e $TLSCERT ; then + # Keeping it short, because hostname could be long and max CN is 64 characters + CN="`hostname`" + CN=${CN:0:64} + openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/" + fi + +) 200>>$TLSKEY 2>/dev/null + +# Execute the command we were given. +exec "$@" diff --git a/x11vnc b/x11vnc new file mode 100644 index 0000000..760140f --- /dev/null +++ b/x11vnc @@ -0,0 +1,194 @@ +#!/usr/bin/python3 + +# This is wrapper for x0vncserver that translate most common x11vnc arguments +# to x0vncserver's arguments + +import argparse +import socket +import os +import sys + +def is_port_free(port): + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.bind(('', port)) + sock.close() + return True + except socket.error as e: + return False + +def find_free_port(starting_port): + for port in range(starting_port, 6000): + if is_port_free(port): + return port + return None + +parser = argparse.ArgumentParser(add_help=False) + +parser.add_argument('-help', '-h', action='help') +parser.add_argument('--version', '-V', action='store_true') + +parser.add_argument('-storepasswd', nargs=2) + +parser.add_argument('-display') +parser.add_argument('-auth') +parser.add_argument('-N', action='store_true') +parser.add_argument('-rfbport', type=int) +parser.add_argument('-autoport', type=int, default=5900) +parser.add_argument('-6', dest='yes6', action='store_true') +parser.add_argument('-no6', action='store_true') + +#parser.add_argument('-once', action='store_true') # TODO: Add support to x0vncserver +parser.add_argument('-forever', '-many', action='store_true') +parser.add_argument('-viewonly', action='store_true') + +#parser.add_argument('-shared', action='store_true') # TODO? +parser.add_argument('-alwaysshared', action='store_true') +parser.add_argument('-nevershared', action='store_true') +parser.add_argument('-dontdisconnect', action='store_true') + +#parser.add_argument('-timeout', nargs=1, type=int) # TODO? + +parser.add_argument('-clip') +parser.add_argument('-deferupdate', type=int) +parser.add_argument('-noshm', action='store_true') + +#parser.add_argument('-allow', nargs=1) # TODO? +#parser.add_argument('-localhost') # TODO? + +parser.add_argument('-rfbauth') +parser.add_argument('-nopw', action='store_true') +parser.add_argument('-unixpw') + +# Accepted, but ignored arguments +ignored_arguments = ['-v', '-verbose', '-q', '-quiet'] +parser.add_argument(*ignored_arguments, dest='ignored_argument', action='store_true') + + +print('Warning: x11vnc is deprecated in favor of x0vncserver.') +print(' This is a wrapper that maps the most common set of x11vnc') +print(' arguments to x0vncserver arguments.') +print() +print(' Use x0vncserver directly if you want encrypted connection.') +print() + +args = parser.parse_args() + + +# Warnings +if args.ignored_argument: + print('Warning: x11vnc wrapper accepts but ignores following arguments:') + print(', '.join(ignored_arguments)) + + +# vncpasswd +if args.storepasswd: + (password, passwdfile) = args.storepasswd + + os.execlp('vncpasswd.arg', 'vncpasswd.arg', passwdfile, password) + + +# x0vncserver +new_args = ['x0vncserver'] + +default_security_type = 'None' +security_type = default_security_type + +if args.version: + new_args.append('-version') + +if args.display: + new_args.append('-display') + new_args.append(args.display) + +if args.auth: + os.environ['XAUTHORITY'] = args.auth + +if args.N: + display = args.display or os.environ['DISPLAY'] + if not display: + print('No display set') + sys.exit(1) + port = int(display.split(':')[-1]) + 5900 + if is_port_free(port): + new_args.append('-rfbport') + new_args.append(str(port)) + else: + print('Port %d is already used'%port) + sys.exit(1) + +if args.rfbport: + new_args.append('-rfbport') + new_args.append(str(args.rfbport)) +else: + port = find_free_port(args.autoport) + new_args.append('-rfbport') + new_args.append(str(port)) + +if args.yes6: + new_args.append('-UseIPv6') +if args.no6: + new_args.append('-UseIPv6=0') + +if args.forever: + # This is default in x0vncserver + pass + +if args.viewonly: + new_args.append('-AcceptKeyEvents=0') + new_args.append('-AcceptPointerEvents=0') + new_args.append('-AcceptCutText=0') + new_args.append('-AcceptSetDesktopSize=0') + +if args.alwaysshared: + new_args.append('-AlwaysShared') +if args.nevershared: + new_args.append('-NeverShared') +if args.dontdisconnect: + new_args.append('-DisconnectClients=0') +else: + new_args.append('-DisconnectClients') + +if args.clip: + new_args.append('-Geometry') + new_args.append(args.clip) + +if args.deferupdate: + new_args.append('-DeferUpdate') + new_args.append(str(args.deferupdate)) + +if args.noshm: + new_args.append('-UseSHM=0') + +if args.rfbauth: + security_type = 'VncAuth' + new_args.append('-PasswordFile') + new_args.append(args.rfbauth) + +if args.unixpw: + security_type = 'Plain' + new_args.append('-PlainUsers') + new_args.append(args.unixpw) + +new_args.append('-SecurityTypes') +new_args.append(security_type) + +if not args.nopw: + # Note: This is the same warning as the original x11vnc gives + if security_type == default_security_type: + print(""" +#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +#@ @# +#@ ** WARNING ** WARNING ** WARNING ** WARNING ** @# +#@ @# +#@ YOU ARE RUNNING X11VNC WITHOUT A PASSWORD!! @# +#@ @# +#@ This means anyone with network access to this computer @# +#@ may be able to view and control your desktop. @# +#@ @# +#@ >>> If you did not mean to do this Press CTRL-C now!! <<< @# +#@ @# +#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +""") + +os.execvp('x0vncserver', new_args) diff --git a/xvnc-novnc.service.in b/xvnc-novnc.service.in new file mode 100644 index 0000000..26ee7fb --- /dev/null +++ b/xvnc-novnc.service.in @@ -0,0 +1,10 @@ +[Unit] +Description=noVNC Web Server +Requires=xvnc.target +After=xvnc.target + +[Service] +ExecStart=@LIBEXECDIR@/vnc/with-vnc-key.sh /usr/bin/websockify --key /etc/vnc/tls.key --cert /etc/vnc/tls.cert --web /usr/share/novnc --inetd localhost:5901 +User=vnc +StandardInput=socket +StandardError=syslog diff --git a/xvnc-novnc.socket b/xvnc-novnc.socket new file mode 100644 index 0000000..87368d0 --- /dev/null +++ b/xvnc-novnc.socket @@ -0,0 +1,9 @@ +[Unit] +Description=noVNC Web Server + +[Socket] +ListenStream=5801 +Accept=False + +[Install] +WantedBy=sockets.target diff --git a/xvnc.socket b/xvnc.socket new file mode 100644 index 0000000..27537ea --- /dev/null +++ b/xvnc.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Xvnc Server +Before=xvnc.target +Wants=xvnc.target + +[Socket] +ListenStream=5901 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/xvnc.target b/xvnc.target new file mode 100644 index 0000000..ca42c97 --- /dev/null +++ b/xvnc.target @@ -0,0 +1,2 @@ +[Unit] +Description=System VNC service diff --git a/xvnc@.service.in b/xvnc@.service.in new file mode 100644 index 0000000..16cd76c --- /dev/null +++ b/xvnc@.service.in @@ -0,0 +1,9 @@ +[Unit] +Description=Xvnc Server + +[Service] +ExecStart=@LIBEXECDIR@/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,TLSNone,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM +User=vnc +StandardInput=socket +StandardOutput=socket +StandardError=syslog