diff --git a/10-libvnc.conf b/10-libvnc.conf index bbd3c01..c05c969 100644 --- a/10-libvnc.conf +++ b/10-libvnc.conf @@ -12,7 +12,7 @@ #EndSection #Section "Screen" -# Identifier "Screen0 +# Identifier "Screen0" # Option "SecurityTypes" "VncAuth" # Option "PasswordFile" "/root/.vnc/passwd" #EndSection diff --git a/U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch b/U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch deleted file mode 100644 index b8cdffa..0000000 --- a/U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch +++ /dev/null @@ -1,87 +0,0 @@ -Git-commit: 7fcc8614e1ff8c19fd3a1a275fa5ab6eda28f6bd -Author: "Brian P. Hinz" -Subject: Allow multiple certs with same DN in saved certs file. -Signed-off-by: Michal Srb -References: bnc#1041847 - - -diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java -index 4b20e0bf..08aa1125 100644 ---- a/java/com/tigervnc/rfb/CSecurityTLS.java -+++ b/java/com/tigervnc/rfb/CSecurityTLS.java -@@ -218,9 +218,8 @@ public class CSecurityTLS extends CSecurity { - Collection cacerts = - cf.generateCertificates(caStream); - for (Certificate cert : cacerts) { -- String dn = -- ((X509Certificate)cert).getSubjectX500Principal().getName(); -- ks.setCertificateEntry(dn, (X509Certificate)cert); -+ String thumbprint = getThumbprint((X509Certificate)cert); -+ ks.setCertificateEntry(thumbprint, (X509Certificate)cert); - } - } - File cacert = new File(cafile); -@@ -229,9 +228,8 @@ public class CSecurityTLS extends CSecurity { - Collection cacerts = - cf.generateCertificates(caStream); - for (Certificate cert : cacerts) { -- String dn = -- ((X509Certificate)cert).getSubjectX500Principal().getName(); -- ks.setCertificateEntry(dn, (X509Certificate)cert); -+ String thumbprint = getThumbprint((X509Certificate)cert); -+ ks.setCertificateEntry(thumbprint, (X509Certificate)cert); - } - } - PKIXBuilderParameters params = -@@ -264,19 +262,13 @@ public class CSecurityTLS extends CSecurity { - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException - { -- MessageDigest md = null; - try { -- md = MessageDigest.getInstance("SHA-1"); - verifyHostname(chain[0]); - tm.checkServerTrusted(chain, authType); - } catch (java.lang.Exception e) { - if (e.getCause() instanceof CertPathBuilderException) { - Object[] answer = {"YES", "NO"}; - X509Certificate cert = chain[0]; -- md.update(cert.getEncoded()); -- String thumbprint = -- DatatypeConverter.printHexBinary(md.digest()); -- thumbprint = thumbprint.replaceAll("..(?!$)", "$0 "); - int ret = JOptionPane.showOptionDialog(null, - "This certificate has been signed by an unknown authority\n"+ - "\n"+ -@@ -287,7 +279,7 @@ public class CSecurityTLS extends CSecurity { - " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+ - " Not Valid Before: "+cert.getNotBefore()+"\n"+ - " Not Valid After: "+cert.getNotAfter()+"\n"+ -- " SHA1 Fingerprint: "+thumbprint+"\n"+ -+ " SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+ - "\n"+ - "Do you want to save it and continue?", - "Certificate Issuer Unknown", -@@ -351,6 +343,22 @@ public class CSecurityTLS extends CSecurity { - return tm.getAcceptedIssuers(); - } - -+ private String getThumbprint(X509Certificate cert) -+ { -+ String thumbprint = null; -+ try { -+ MessageDigest md = MessageDigest.getInstance("SHA-1"); -+ md.update(cert.getEncoded()); -+ thumbprint = DatatypeConverter.printHexBinary(md.digest()); -+ thumbprint = thumbprint.replaceAll("..(?!$)", "$0 "); -+ } catch(CertificateEncodingException e) { -+ throw new SystemException(e.getMessage()); -+ } catch(NoSuchAlgorithmException e) { -+ throw new SystemException(e.getMessage()); -+ } -+ return thumbprint; -+ } -+ - private void verifyHostname(X509Certificate cert) - throws CertificateParsingException - { diff --git a/U_handle_certificate_verification_for_saved_certs_correctly.patch b/U_handle_certificate_verification_for_saved_certs_correctly.patch deleted file mode 100644 index ca19463..0000000 --- a/U_handle_certificate_verification_for_saved_certs_correctly.patch +++ /dev/null @@ -1,131 +0,0 @@ -Git-commit: 79314c2f6abef363a83cc406de5d6628410e53e5 -Author: "Brian P. Hinz" -Subject: Handle certificate verification for saved certs correctly -Signed-off-by: Michal Srb -References: bnc#1041847 - - -diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java -index 08aa1125..733e97d4 100644 ---- a/java/com/tigervnc/rfb/CSecurityTLS.java -+++ b/java/com/tigervnc/rfb/CSecurityTLS.java -@@ -3,7 +3,7 @@ - * Copyright (C) 2005 Martin Koegler - * Copyright (C) 2010 m-privacy GmbH - * Copyright (C) 2010 TigerVNC Team -- * Copyright (C) 2011-2015 Brian P. Hinz -+ * Copyright (C) 2011-2017 Brian P. Hinz - * Copyright (C) 2015 D. R. Commander. All Rights Reserved. - * - * This is free software; you can redistribute it and/or modify -@@ -211,17 +211,7 @@ public class CSecurityTLS extends CSecurity { - for (TrustManager m : tmf.getTrustManagers()) - if (m instanceof X509TrustManager) - for (X509Certificate c : ((X509TrustManager)m).getAcceptedIssuers()) -- ks.setCertificateEntry(c.getSubjectX500Principal().getName(), c); -- File castore = new File(FileUtils.getVncHomeDir()+"x509_savedcerts.pem"); -- if (castore.exists() && castore.canRead()) { -- InputStream caStream = new MyFileInputStream(castore); -- Collection cacerts = -- cf.generateCertificates(caStream); -- for (Certificate cert : cacerts) { -- String thumbprint = getThumbprint((X509Certificate)cert); -- ks.setCertificateEntry(thumbprint, (X509Certificate)cert); -- } -- } -+ ks.setCertificateEntry(getThumbprint((X509Certificate)c), c); - File cacert = new File(cafile); - if (cacert.exists() && cacert.canRead()) { - InputStream caStream = new MyFileInputStream(cacert); -@@ -262,13 +252,25 @@ public class CSecurityTLS extends CSecurity { - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException - { -+ Collection certs = null; -+ X509Certificate cert = chain[0]; -+ String thumbprint = getThumbprint(cert); -+ File vncDir = new File(FileUtils.getVncHomeDir()); -+ File certFile = new File(vncDir, "x509_savedcerts.pem"); -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ if (vncDir.exists() && certFile.exists() && certFile.canRead()) { -+ InputStream certStream = new MyFileInputStream(certFile); -+ certs = cf.generateCertificates(certStream); -+ for (Certificate c : certs) -+ if (thumbprint.equals(getThumbprint((X509Certificate)c))) -+ return; -+ } - try { -- verifyHostname(chain[0]); -+ verifyHostname(cert); - tm.checkServerTrusted(chain, authType); - } catch (java.lang.Exception e) { - if (e.getCause() instanceof CertPathBuilderException) { - Object[] answer = {"YES", "NO"}; -- X509Certificate cert = chain[0]; - int ret = JOptionPane.showOptionDialog(null, - "This certificate has been signed by an unknown authority\n"+ - "\n"+ -@@ -286,13 +288,10 @@ public class CSecurityTLS extends CSecurity { - JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, - null, answer, answer[0]); - if (ret == JOptionPane.YES_OPTION) { -- Collection cacerts = null; -- File vncDir = new File(FileUtils.getVncHomeDir()); -- File caFile = new File(vncDir, "x509_savedcerts.pem"); - try { - if (!vncDir.exists()) - vncDir.mkdir(); -- if (!caFile.createNewFile()) { -+ if (!certFile.exists() && !certFile.createNewFile()) { - vlog.error("Certificate save failed."); - return; - } -@@ -301,31 +300,24 @@ public class CSecurityTLS extends CSecurity { - vlog.error("Certificate save failed: "+ioe.getMessage()); - return; - } -- InputStream caStream = new MyFileInputStream(caFile); -- CertificateFactory cf = -- CertificateFactory.getInstance("X.509"); -- cacerts = -- (Collection )cf.generateCertificates(caStream); -- for (int i = 0; i < chain.length; i++) { -- if (cacerts == null || !cacerts.contains(chain[i])) { -- byte[] der = chain[i].getEncoded(); -- String pem = DatatypeConverter.printBase64Binary(der); -- pem = pem.replaceAll("(.{64})", "$1\n"); -- FileWriter fw = null; -+ if (certs == null || !certs.contains(cert)) { -+ byte[] der = cert.getEncoded(); -+ String pem = DatatypeConverter.printBase64Binary(der); -+ pem = pem.replaceAll("(.{64})", "$1\n"); -+ FileWriter fw = null; -+ try { -+ fw = new FileWriter(certFile.getAbsolutePath(), true); -+ fw.write("-----BEGIN CERTIFICATE-----\n"); -+ fw.write(pem+"\n"); -+ fw.write("-----END CERTIFICATE-----\n"); -+ } catch (IOException ioe) { -+ throw new Exception(ioe.getMessage()); -+ } finally { - try { -- fw = new FileWriter(caFile.getAbsolutePath(), true); -- fw.write("-----BEGIN CERTIFICATE-----\n"); -- fw.write(pem+"\n"); -- fw.write("-----END CERTIFICATE-----\n"); -- } catch (IOException ioe) { -- throw new Exception(ioe.getMessage()); -- } finally { -- try { -- if (fw != null) -- fw.close(); -- } catch(IOException ioe2) { -- throw new Exception(ioe2.getMessage()); -- } -+ if (fw != null) -+ fw.close(); -+ } catch(IOException ioe2) { -+ throw new Exception(ioe2.getMessage()); - } - } - } diff --git a/U_vncviewer-Fix-fullscreen-scrolling.patch b/U_vncviewer-Fix-fullscreen-scrolling.patch deleted file mode 100644 index af4adb6..0000000 --- a/U_vncviewer-Fix-fullscreen-scrolling.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e8d25d83463805c0f6ef623dba2ac9a276df3587 Mon Sep 17 00:00:00 2001 -From: Luke Shumaker -Date: Tue, 23 May 2017 02:16:27 -0400 -Subject: [PATCH] vncviewer: Fix fullscreen scrolling - ---- - vncviewer/DesktopWindow.cxx | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/vncviewer/DesktopWindow.cxx b/vncviewer/DesktopWindow.cxx -index 47fe8f89..946b162c 100644 ---- a/vncviewer/DesktopWindow.cxx -+++ b/vncviewer/DesktopWindow.cxx -@@ -1120,11 +1120,6 @@ void DesktopWindow::scrollTo(int x, int y) - hscroll->value(x); - vscroll->value(y); - -- if (!hscroll->visible()) -- x = -viewport->x(); -- if (!vscroll->visible()) -- y = -viewport->y(); -- - // Scrollbar position results in inverse movement of - // the viewport widget - x = -x; -@@ -1189,7 +1184,7 @@ void DesktopWindow::handleEdgeScroll(void *data) - if ((dx == 0) && (dy == 0)) - return; - -- self->scrollTo(self->hscroll->value() + dx, self->vscroll->value() + dy); -+ self->scrollTo(self->hscroll->value() - dx, self->vscroll->value() - dy); - - Fl::repeat_timeout(0.1, handleEdgeScroll, data); - } --- -2.13.6 - diff --git a/U_vncviewer-Fix-scrollbar-visibility.patch b/U_vncviewer-Fix-scrollbar-visibility.patch deleted file mode 100644 index fbdf987..0000000 --- a/U_vncviewer-Fix-scrollbar-visibility.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 0a8c4d48bbf71b83a575ec89b41aebc4439242ae Mon Sep 17 00:00:00 2001 -From: Luke Shumaker -Date: Tue, 23 May 2017 14:03:15 -0400 -Subject: [PATCH] vncviewer: Fix scrollbar visibility - -Have a window that is sized to the remote screen. Now shrink the window -vertically, making it shorter than the remote screen in one axis. The -vertical scrollbar appears. However, the horizontal scrollbar does not -appear, despite the rightmost ~24 pixels (Fl::scrollbar_size()) being -hidden by the vertical scroll bar. - -Fix that. - -For clarity, move the fullscreen checks into a separate `if` statement, -rather than keeping the size and fullscreen checks together. - -I think the comment does a decent job of explaining and justifying the -check's logic, but if you require further convincing, perhaps this -alternate explanation will help: - - The check for the X-axis is - - if ((w() - (h() < viewport->h() ? Fl::scrollbar_size() : 0) < viewport->w()) - - To be a bit more verbose and repetitive, we can split that ternary in to - two separate checks, and add some comments: - - if ( - (w() - < viewport->w()) // X needs a scrollbar - || - ( (w() - Fl::scrollbar_size() < viewport->w()) && (h() < viewport->h()) ) - //( X doesn't need a scrollbar unless Y does ) && ( Y does need one ) ) - ) - - Within the "Y does need one" check, we don't need to worry about the - case where `h() - Fl::scrollbar_size() < viewport-h()` is true, - because if both axes are saying "I don't need a scrollbar unless - you do", then neither needs one. ---- - vncviewer/DesktopWindow.cxx | 34 +++++++++++++++++++++++++++------- - 1 file changed, 27 insertions(+), 7 deletions(-) - -diff --git a/vncviewer/DesktopWindow.cxx b/vncviewer/DesktopWindow.cxx -index 47fe8f89..e2ed0887 100644 ---- a/vncviewer/DesktopWindow.cxx -+++ b/vncviewer/DesktopWindow.cxx -@@ -1046,15 +1046,35 @@ void DesktopWindow::repositionWidgets() - - // Scrollbars visbility - -- if (!fullscreen_active() && (w() < viewport->w())) -- hscroll->show(); -- else -+ if (fullscreen_active()) { - hscroll->hide(); -- -- if (!fullscreen_active() && (h() < viewport->h())) -- vscroll->show(); -- else - vscroll->hide(); -+ } else { -+ // Decide whether to show a scrollbar by checking if the window -+ // size (possibly minus scrollbar_size) is less than the viewport -+ // (remote framebuffer) size. -+ // -+ // We decide whether to subtract scrollbar_size on an axis by -+ // checking if the other axis *definitely* needs a scrollbar. You -+ // might be tempted to think that this becomes a weird recursive -+ // problem, but it isn't: If the window size is less than the -+ // viewport size (without subtracting the scrollbar_size), then -+ // that axis *definitely* needs a scrollbar; if the check changes -+ // when we subtract scrollbar_size, then that axis only *maybe* -+ // needs a scrollbar. If both axes only "maybe" need a scrollbar, -+ // then neither does; so we don't need to recurse on the "maybe" -+ // cases. -+ -+ if (w() - (h() < viewport->h() ? Fl::scrollbar_size() : 0) < viewport->w()) -+ hscroll->show(); -+ else -+ hscroll->hide(); -+ -+ if (h() - (w() < viewport->w() ? Fl::scrollbar_size() : 0) < viewport->h()) -+ vscroll->show(); -+ else -+ vscroll->hide(); -+ } - - // Scrollbars positions - --- -2.13.6 - diff --git a/n_correct_path_in_desktop_file.patch b/n_correct_path_in_desktop_file.patch new file mode 100644 index 0000000..6b5c1cf --- /dev/null +++ b/n_correct_path_in_desktop_file.patch @@ -0,0 +1,17 @@ +Our /usr/bin/vncviewer is symlink to alternatives. This desktop file is named +specifically "TigerVNC Viewer", so lets start /usr/bin/vncviewer-tigervnc, no +matter what the currently selected alternative is. + +Index: tigervnc-1.9.0/vncviewer/vncviewer.desktop.in.in +=================================================================== +--- tigervnc-1.9.0.orig/vncviewer/vncviewer.desktop.in.in ++++ tigervnc-1.9.0/vncviewer/vncviewer.desktop.in.in +@@ -2,7 +2,7 @@ + Name=TigerVNC Viewer + GenericName=Remote Desktop Viewer + Comment=Connect to VNC server and display remote desktop +-Exec=@BIN_DIR@/vncviewer ++Exec=@BIN_DIR@/vncviewer-tigervnc + Icon=tigervnc + Terminal=false + Type=Application diff --git a/n_tigervnc-date-time.patch b/n_tigervnc-date-time.patch index dc0f497..2f830f1 100644 --- a/n_tigervnc-date-time.patch +++ b/n_tigervnc-date-time.patch @@ -1,47 +1,47 @@ -Index: tigervnc-1.8.0/unix/xserver/hw/vnc/buildtime.c +Index: tigervnc-1.9.0/unix/xserver/hw/vnc/buildtime.c =================================================================== ---- tigervnc-1.8.0.orig/unix/xserver/hw/vnc/buildtime.c -+++ tigervnc-1.8.0/unix/xserver/hw/vnc/buildtime.c +--- tigervnc-1.9.0.orig/unix/xserver/hw/vnc/buildtime.c ++++ tigervnc-1.9.0/unix/xserver/hw/vnc/buildtime.c @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -char buildtime[] = __DATE__ " " __TIME__; +char buildtime[] = "??? ?? ???? ??:??:??"; -Index: tigervnc-1.8.0/unix/vncconfig/buildtime.c +Index: tigervnc-1.9.0/unix/vncconfig/buildtime.c =================================================================== ---- tigervnc-1.8.0.orig/unix/vncconfig/buildtime.c -+++ tigervnc-1.8.0/unix/vncconfig/buildtime.c +--- tigervnc-1.9.0.orig/unix/vncconfig/buildtime.c ++++ tigervnc-1.9.0/unix/vncconfig/buildtime.c @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -char buildtime[] = __DATE__ " " __TIME__; +char buildtime[] = "??? ?? ???? ??:??:??"; -Index: tigervnc-1.8.0/unix/x0vncserver/buildtime.c +Index: tigervnc-1.9.0/unix/x0vncserver/buildtime.c =================================================================== ---- tigervnc-1.8.0.orig/unix/x0vncserver/buildtime.c -+++ tigervnc-1.8.0/unix/x0vncserver/buildtime.c +--- tigervnc-1.9.0.orig/unix/x0vncserver/buildtime.c ++++ tigervnc-1.9.0/unix/x0vncserver/buildtime.c @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -char buildtime[] = __DATE__ " " __TIME__; +char buildtime[] = "??? ?? ???? ??:??:??"; -Index: tigervnc-1.8.0/win/winvnc/buildTime.cxx +Index: tigervnc-1.9.0/win/winvnc/buildTime.cxx =================================================================== ---- tigervnc-1.8.0.orig/win/winvnc/buildTime.cxx -+++ tigervnc-1.8.0/win/winvnc/buildTime.cxx +--- tigervnc-1.9.0.orig/win/winvnc/buildTime.cxx ++++ tigervnc-1.9.0/win/winvnc/buildTime.cxx @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -const char* buildTime = "Built on " __DATE__ " at " __TIME__; +const char* buildTime = "Built on ??? ?? ???? at ??:??:??"; -Index: tigervnc-1.8.0/CMakeLists.txt +Index: tigervnc-1.9.0/CMakeLists.txt =================================================================== ---- tigervnc-1.8.0.orig/CMakeLists.txt -+++ tigervnc-1.8.0/CMakeLists.txt +--- tigervnc-1.9.0.orig/CMakeLists.txt ++++ tigervnc-1.9.0/CMakeLists.txt @@ -42,12 +42,6 @@ if(MSVC) message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW") endif() @@ -55,20 +55,20 @@ Index: tigervnc-1.8.0/CMakeLists.txt # Default to optimised builds instead of debug ones. Our code has no bugs ;) # (CMake makes it fairly easy to toggle this back to Debug if needed) if(NOT CMAKE_BUILD_TYPE) -Index: tigervnc-1.8.0/vncviewer/vncviewer.cxx +Index: tigervnc-1.9.0/vncviewer/vncviewer.cxx =================================================================== ---- tigervnc-1.8.0.orig/vncviewer/vncviewer.cxx -+++ tigervnc-1.8.0/vncviewer/vncviewer.cxx +--- tigervnc-1.9.0.orig/vncviewer/vncviewer.cxx ++++ tigervnc-1.9.0/vncviewer/vncviewer.cxx @@ -98,11 +98,9 @@ static const char *about_text() // time. snprintf(buffer, sizeof(buffer), _("TigerVNC Viewer %d-bit v%s\n" - "Built on: %s\n" - "Copyright (C) 1999-%d TigerVNC Team and many others (see README.txt)\n" + "Copyright (C) 1999-%d TigerVNC Team and many others (see README.rst)\n" "See http://www.tigervnc.org for information on TigerVNC."), - (int)sizeof(size_t)*8, PACKAGE_VERSION, -- BUILD_TIMESTAMP, 2017); -+ (int)sizeof(size_t)*8, PACKAGE_VERSION, 2017); +- BUILD_TIMESTAMP, 2018); ++ (int)sizeof(size_t)*8, PACKAGE_VERSION, 2018); return buffer; } diff --git a/tigervnc-1.8.0-nowindows.patch b/tigervnc-1.8.0-nowindows.patch deleted file mode 100644 index fa92f5e..0000000 --- a/tigervnc-1.8.0-nowindows.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- tigervnc-1.8.0/java/com/tigervnc/vncviewer/F8Menu.java 2017-12-18 15:47:56.544658662 +0100 -+++ tigervnc-1.8.0/java/com/tigervnc/vncviewer/F8Menu.java 2017-12-18 15:54:53.002571101 +0100 -@@ -40,9 +40,6 @@ - public F8Menu(CConn cc) { - super("VNC Menu"); - setLightWeightPopupEnabled(false); -- String os = System.getProperty("os.name"); -- if (os.startsWith("Windows")) -- com.sun.java.swing.plaf.windows.WindowsLookAndFeel.setMnemonicHidden(false); - this.cc = cc; - restore = addMenuItem("Restore",KeyEvent.VK_R); - restore.setEnabled(!embed.getValue()); diff --git a/tigervnc-clean-pressed-key-on-exit.patch b/tigervnc-clean-pressed-key-on-exit.patch index e7c95ea..20cd5c2 100644 --- a/tigervnc-clean-pressed-key-on-exit.patch +++ b/tigervnc-clean-pressed-key-on-exit.patch @@ -1,8 +1,8 @@ -Index: tigervnc-1.8.0/vncviewer/DesktopWindow.cxx +Index: tigervnc-1.9.0/vncviewer/DesktopWindow.cxx =================================================================== ---- tigervnc-1.8.0.orig/vncviewer/DesktopWindow.cxx -+++ tigervnc-1.8.0/vncviewer/DesktopWindow.cxx -@@ -206,6 +206,8 @@ DesktopWindow::~DesktopWindow() +--- tigervnc-1.9.0.orig/vncviewer/DesktopWindow.cxx ++++ tigervnc-1.9.0/vncviewer/DesktopWindow.cxx +@@ -207,6 +207,8 @@ DesktopWindow::~DesktopWindow() delete statsGraph; @@ -11,26 +11,33 @@ Index: tigervnc-1.8.0/vncviewer/DesktopWindow.cxx // FLTK automatically deletes all child widgets, so we shouldn't touch // them ourselves here } -Index: tigervnc-1.8.0/vncviewer/Viewport.cxx +Index: tigervnc-1.9.0/vncviewer/Viewport.cxx =================================================================== ---- tigervnc-1.8.0.orig/vncviewer/Viewport.cxx -+++ tigervnc-1.8.0/vncviewer/Viewport.cxx -@@ -131,6 +131,11 @@ Viewport::Viewport(int w, int h, const r +--- tigervnc-1.9.0.orig/vncviewer/Viewport.cxx ++++ tigervnc-1.9.0/vncviewer/Viewport.cxx +@@ -189,6 +189,18 @@ Viewport::Viewport(int w, int h, const r Viewport::~Viewport() { + // Send release for every pressed key + for(DownMap::iterator iter = downKeySym.begin(); iter != downKeySym.end(); ++iter) { -+ cc->writer()->keyEvent(iter->second, false); ++ try { ++ if (iter->first > 0xff) ++ cc->writer()->writeKeyEvent(iter->second, 0, false); ++ else ++ cc->writer()->writeKeyEvent(iter->second, iter->first, false); ++ } catch (rdr::Exception& e) { ++ // ignore ++ } + } + // Unregister all timeouts in case they get a change tro trigger // again later when this object is already gone. Fl::remove_timeout(handlePointerTimeout, this); -Index: tigervnc-1.8.0/vncviewer/vncviewer.cxx +Index: tigervnc-1.9.0/vncviewer/vncviewer.cxx =================================================================== ---- tigervnc-1.8.0.orig/vncviewer/vncviewer.cxx -+++ tigervnc-1.8.0/vncviewer/vncviewer.cxx +--- tigervnc-1.9.0.orig/vncviewer/vncviewer.cxx ++++ tigervnc-1.9.0/vncviewer/vncviewer.cxx @@ -107,6 +107,8 @@ static const char *about_text() return buffer; } @@ -57,27 +64,17 @@ Index: tigervnc-1.8.0/vncviewer/vncviewer.cxx exit(1); } -@@ -481,11 +493,19 @@ int main(int argc, char** argv) - - init_fltk(); - -+ fl_open_display(); -+ -+ XSetIOErrorHandler(CleanupXIOErrorHandler); -+ - #if !defined(WIN32) && !defined(__APPLE__) - fl_open_display(); +@@ -566,6 +578,9 @@ int main(int argc, char** argv) XkbSetDetectableAutoRepeat(fl_display, True, NULL); #endif + fl_open_display(); -+ + XSetIOErrorHandler(CleanupXIOErrorHandler); + - Configuration::enableViewerParams(); - - /* Load the default parameter settings */ -@@ -602,7 +622,7 @@ int main(int argc, char** argv) + CSecurity::upg = &dlg; + #ifdef HAVE_GNUTLS + CSecurityTLS::msg = &dlg; +@@ -651,7 +666,7 @@ int main(int argc, char** argv) #endif } diff --git a/tigervnc.changes b/tigervnc.changes index 4f500f5..a3bf2a8 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Mon Aug 6 12:04:52 UTC 2018 - msrb@suse.com + +- Add xvnc.target to fix xvnc-novnc.service's dependency. + (bnc#1103552) +- Split the X server's VNC module into subpackage and give it + dependency on the current extension ABI. + +------------------------------------------------------------------- +Thu Aug 2 08:31:09 UTC 2018 - msrb@suse.com + +- Update to tigervnc 1.9.0 + * Alternative, "raw" keyboard mode in the native client and all servers + * CapsLock/NumLock/ScrollLock synchronisation in the native client and all servers + * Automatic "repair" of JPEG artefacts on screen in all servers + * Support for UNIX sockets in the native client and in the UNIX servers + * Both clients now warn when sending the password over a possibly insecure channel + * Performance improvements in the Java client + * The Java client now requires Java 7 + * Improved high latency handling in all servers + * Slightly better keyboard handling in x0vncserver + * x0vncserver now supports cursors and screen resize + * Xorg 1.20 can now be used as a base for Xvnc/libvnc.so + - Fixes bnc#1103537 + +- Removed patches (included in 1.9.0): + * u_tigervnc-show-unencrypted-warning.patch + * U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch + * U_handle_certificate_verification_for_saved_certs_correctly.patch + * u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch + * u_add-support-for-X-server-1.20.0.patch + * U_vncviewer-Fix-fullscreen-scrolling.patch + * U_vncviewer-Fix-scrollbar-visibility.patch + +- Removed patches (no longer needed): + * tigervnc-1.8.0-nowindows.patch + +- Refreshed patches: + * n_tigervnc-date-time.patch + * tigervnc-clean-pressed-key-on-exit.patch + * u_tigervnc-add-autoaccept-parameter.patch + * u_tigervnc-ignore-epipe-on-write.patch + +- Added patches: + * n_correct_path_in_desktop_file.patch + +- Fixed typo in 10-libvnc.conf + ------------------------------------------------------------------- Fri Jun 8 09:09:38 UTC 2018 - msrb@suse.com diff --git a/tigervnc.spec b/tigervnc.spec index 7c64066..b21e68f 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -31,7 +31,7 @@ %endif Name: tigervnc -Version: 1.8.0 +Version: 1.9.0 Release: 0 Provides: tightvnc = 1.3.9 Obsoletes: tightvnc < 1.3.9 @@ -126,6 +126,7 @@ Source15: xvnc-novnc.service Source16: xvnc-novnc.socket Source17: tigervnc.firewalld Source18: tigervnc-https.firewalld +Source19: xvnc.target Patch1: tigervnc-newfbsize.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch @@ -134,16 +135,9 @@ Patch4: n_tigervnc-date-time.patch Patch5: u_tigervnc-cve-2014-8240.patch Patch6: u_tigervnc_update_default_vncxstartup.patch Patch7: u_build_libXvnc_as_separate_library.patch -Patch8: u_tigervnc-show-unencrypted-warning.patch -Patch9: U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch -Patch10: U_handle_certificate_verification_for_saved_certs_correctly.patch -Patch11: u_tigervnc-add-autoaccept-parameter.patch -Patch12: u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch -Patch13: tigervnc-1.8.0-nowindows.patch -Patch14: u_change-button-layout-in-ServerDialog.patch -Patch15: u_add-support-for-X-server-1.20.0.patch -Patch16: U_vncviewer-Fix-fullscreen-scrolling.patch -Patch17: U_vncviewer-Fix-scrollbar-visibility.patch +Patch8: u_tigervnc-add-autoaccept-parameter.patch +Patch9: u_change-button-layout-in-ServerDialog.patch +Patch10: n_correct_path_in_desktop_file.patch %description TigerVNC is an implementation of VNC (Virtual Network Computing), a @@ -171,6 +165,7 @@ Requires: xorg-x11-fonts-core # For the with-vnc-key.sh script Requires: /bin/hostname %{?systemd_requires} +Recommends: xorg-x11-Xvnc-module Provides: tightvnc = 1.3.9 Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh Obsoletes: tightvnc < 1.3.9 @@ -180,6 +175,17 @@ Group: System/X11/Servers/XF86_4 %description -n xorg-x11-Xvnc This is the TigerVNC implementation of Xvnc. +%package -n xorg-x11-Xvnc-module +Requires: xorg-x11-Xvnc +Summary: VNC module for X server +Group: System/X11/Servers/XF86_4 +%{x11_abi_extension_req} + +%description -n xorg-x11-Xvnc-module +This module allows to share content of X server's screen over VNC. +It is loaded into X server as a module if enable in X server's +configuration. + %package -n xorg-x11-Xvnc-novnc Requires: novnc Requires: python-websockify @@ -245,13 +251,6 @@ cp -r /usr/src/xserver/* unix/xserver/ %patch8 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 pushd unix/xserver patch -p1 < ../xserver120.patch @@ -346,6 +345,7 @@ install -D %{SOURCE13} -m 0444 %{buildroot}%{_unitdir}/xvnc@.service install -D %{SOURCE14} -m 0444 %{buildroot}%{_unitdir}/xvnc.socket install -D %{SOURCE15} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service install -D %{SOURCE16} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.socket +install -D %{SOURCE19} -m 0444 %{buildroot}%{_unitdir}/xvnc.target rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-* @@ -423,7 +423,7 @@ fi %defattr(-,root,root,-) %ghost %{_bindir}/vncviewer %{_bindir}/vncviewer-tigervnc -%doc LICENCE.TXT README.txt +%doc LICENCE.TXT README.rst %ghost %_mandir/man1/vncviewer.1.gz %doc %_mandir/man1/vncviewer-tigervnc.1.gz %if 0%{?suse_version} >= 1315 @@ -450,7 +450,7 @@ fi %_datadir/applications/vncviewer.desktop %files -n xorg-x11-Xvnc -%doc LICENCE.TXT README.txt +%doc LICENCE.TXT README.rst %defattr(-,root,root) %{_bindir}/Xvnc @@ -469,18 +469,9 @@ fi %{_unitdir}/xvnc@.service %{_unitdir}/xvnc.socket +%{_unitdir}/xvnc.target %{_sbindir}/rcxvnc -%exclude /usr/%{_lib}/xorg/protocol.txt -%exclude /usr/%{_lib}/xorg/modules/extensions/libvnc.la -%ifnarch s390 s390x -%{_libdir}/xorg/modules/extensions/libvnc.so -%else -%exclude %{_libdir}/xorg/modules -%exclude %{_libdir}/xorg/modules/extensions -%exclude %{_libdir}/xorg/modules/extensions/libvnc.so -%endif - %exclude /var/lib/xkb/compiled/README.compiled %if %{use_firewalld} @@ -493,11 +484,6 @@ fi %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd %endif -%ifnarch s390 s390x -%config(noreplace) /etc/X11/xorg.conf.d/10-libvnc.conf -%else -%exclude /etc/X11/xorg.conf.d -%endif %dir /etc/slp.reg.d %config(noreplace) /etc/slp.reg.d/vnc.reg @@ -509,6 +495,19 @@ fi %{_libexecdir}/vnc +%files -n xorg-x11-Xvnc-module +%exclude /usr/%{_lib}/xorg/protocol.txt +%exclude /usr/%{_lib}/xorg/modules/extensions/libvnc.la +%ifnarch s390 s390x +%{_libdir}/xorg/modules/extensions/libvnc.so +%config(noreplace) /etc/X11/xorg.conf.d/10-libvnc.conf +%else +%exclude /etc/X11/xorg.conf.d +%exclude %{_libdir}/xorg/modules +%exclude %{_libdir}/xorg/modules/extensions +%exclude %{_libdir}/xorg/modules/extensions/libvnc.so +%endif + %files -n xorg-x11-Xvnc-novnc %{_unitdir}/xvnc-novnc.service %{_unitdir}/xvnc-novnc.socket diff --git a/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch b/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch deleted file mode 100644 index f158306..0000000 --- a/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch +++ /dev/null @@ -1,71 +0,0 @@ -From b1d7c2caf496e7236fe43c69fd380fedb830a979 Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Tue, 26 Sep 2017 13:45:36 +0200 -Subject: [PATCH] Unset pixel buffer when x0vncserver client disconnects. - -In XDesktop::start() we allocate pixel buffer and set it as the backend to the given VNCServer. -In XDesktop::stop() we deallocate the buffer, so we must unset it from the VNCServer as well. -Otherwise the VNCServer could try to access it and crash, for example in deferred update. ---- - common/rfb/VNCServerST.cxx | 14 ++++---------- - unix/x0vncserver/x0vncserver.cxx | 6 +++++- - 2 files changed, 9 insertions(+), 11 deletions(-) - -Index: tigervnc-1.8.0/common/rfb/VNCServerST.cxx -=================================================================== ---- tigervnc-1.8.0.orig/common/rfb/VNCServerST.cxx -+++ tigervnc-1.8.0/common/rfb/VNCServerST.cxx -@@ -312,6 +312,8 @@ void VNCServerST::setPixelBuffer(PixelBu - screenLayout = layout; - - if (!pb) { -+ stopFrameClock(); -+ - if (desktopStarted) - throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?"); - return; -@@ -335,18 +337,10 @@ void VNCServerST::setPixelBuffer(PixelBu - - void VNCServerST::setPixelBuffer(PixelBuffer* pb_) - { -- ScreenSet layout; -- -- if (!pb_) { -- if (desktopStarted) -- throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?"); -- return; -- } -- -- layout = screenLayout; -+ ScreenSet layout = screenLayout; - - // Check that the screen layout is still valid -- if (!layout.validate(pb_->width(), pb_->height())) { -+ if (pb_ && !layout.validate(pb_->width(), pb_->height())) { - Rect fbRect; - ScreenSet::iterator iter, iter_next; - -Index: tigervnc-1.8.0/unix/x0vncserver/x0vncserver.cxx -=================================================================== ---- tigervnc-1.8.0.orig/unix/x0vncserver/x0vncserver.cxx -+++ tigervnc-1.8.0/unix/x0vncserver/x0vncserver.cxx -@@ -176,7 +176,8 @@ public: - #endif - } - virtual ~XDesktop() { -- stop(); -+ if (running) -+ stop(); - } - - inline void poll() { -@@ -223,6 +224,9 @@ public: - XDamageDestroy(dpy, damage); - #endif - -+ server->setPixelBuffer(0); -+ server = 0; -+ - delete pb; - pb = 0; - } diff --git a/u_add-support-for-X-server-1.20.0.patch b/u_add-support-for-X-server-1.20.0.patch deleted file mode 100644 index 7590628..0000000 --- a/u_add-support-for-X-server-1.20.0.patch +++ /dev/null @@ -1,162 +0,0 @@ -Git-commit: 25520b9b4680ac56f43d9b03929dd87093a3d06d -Author: Michal Srb -Subject: Add support for X server 1.20.0. -Patch-mainline: To be upstreamed - -In-server GLVND requires xorgGlxCreateVendor call from InitOutput. -DPMS functions were moved to another location and no longer need to be faked. -xserver120.patch is a copy of xserver119.patch with refreshed contexts. ---- - unix/xserver/hw/vnc/xorg-version.h | 4 +- - unix/xserver/hw/vnc/xvnc.c | 8 ++++ - unix/xserver120.patch | 82 ++++++++++++++++++++++++++++++++++++++ - 3 files changed, 93 insertions(+), 1 deletion(-) - create mode 100644 unix/xserver120.patch - -diff --git a/unix/xserver/hw/vnc/xorg-version.h b/unix/xserver/hw/vnc/xorg-version.h -index 9d1c0eb8..16145711 100644 ---- a/unix/xserver/hw/vnc/xorg-version.h -+++ b/unix/xserver/hw/vnc/xorg-version.h -@@ -52,8 +52,10 @@ - #define XORG 118 - #elif XORG_VERSION_CURRENT < ((1 * 10000000) + (19 * 100000) + (99 * 1000)) - #define XORG 119 -+#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (20 * 100000) + (99 * 1000)) -+#define XORG 120 - #else --#error "X.Org newer than 1.19 is not supported" -+#error "X.Org newer than 1.20 is not supported" - #endif - - #endif -diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c -index 57152cd5..9a61b1ef 100644 ---- a/unix/xserver/hw/vnc/xvnc.c -+++ b/unix/xserver/hw/vnc/xvnc.c -@@ -202,6 +202,7 @@ vfbBitsPerPixel(int depth) - static void vfbFreeFramebufferMemory(vfbFramebufferInfoPtr pfb); - - #ifdef DPMSExtension -+#if XORG < 120 - /* Why support DPMS? Because stupid modern desktop environments - such as Unity 2D on Ubuntu 11.10 crashes if DPMS is not - available. (DPMSSet is called by dpms.c, but the return value -@@ -218,6 +219,7 @@ Bool DPMSSupported(void) - return FALSE; - } - #endif -+#endif - - #if XORG < 111 - void ddxGiveUp() -@@ -1738,6 +1740,10 @@ InitOutput(ScreenInfo *scrInfo, int argc, char **argv) - - vncPrintBanner(); - -+#if XORG >= 120 -+ xorgGlxCreateVendor(); -+#else -+ - #if XORG >= 113 - #ifdef GLXEXT - if (serverGeneration == 1) -@@ -1749,6 +1755,8 @@ InitOutput(ScreenInfo *scrInfo, int argc, char **argv) - #endif - #endif - -+#endif -+ - /* initialize pixmap formats */ - - /* must have a pixmap depth to match every screen depth */ -diff --git a/unix/xserver120.patch b/unix/xserver120.patch -new file mode 100644 -index 00000000..d8598494 ---- /dev/null -+++ b/unix/xserver120.patch -@@ -0,0 +1,82 @@ -+Index: xserver/configure.ac -+=================================================================== -+--- xserver.orig/configure.ac -++++ xserver/configure.ac -+@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x -+ AC_CONFIG_HEADERS(include/version-config.h) -+ -+ AM_PROG_AS -++AC_PROG_CXX -+ AC_PROG_LN_S -+ LT_PREREQ([2.2]) -+ LT_INIT([disable-static win32-dll]) -+@@ -1777,6 +1778,10 @@ if test "x$XVFB" = xyes; then -+ AC_SUBST([XVFB_SYS_LIBS]) -+ fi -+ -++dnl Xvnc DDX -++AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"]) -++AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"]) -++AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"]) -+ -+ dnl Xnest DDX -+ -+@@ -1812,6 +1817,8 @@ if test "x$XORG" = xauto; then -+ fi -+ AC_MSG_RESULT([$XORG]) -+ -++AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version]) -++ -+ if test "x$XORG" = xyes; then -+ XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common' -+ XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os' -+@@ -2029,7 +2036,6 @@ if test "x$XORG" = xyes; then -+ AC_DEFINE(XORG_SERVER, 1, [Building Xorg server]) -+ AC_DEFINE(XORGSERVER, 1, [Building Xorg server]) -+ AC_DEFINE(XFree86Server, 1, [Building XFree86 server]) -+- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version]) -+ AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs]) -+ AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions]) -+ AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server]) -+@@ -2565,6 +2571,7 @@ hw/dmx/Makefile -+ hw/dmx/man/Makefile -+ hw/vfb/Makefile -+ hw/vfb/man/Makefile -++hw/vnc/Makefile -+ hw/xnest/Makefile -+ hw/xnest/man/Makefile -+ hw/xwin/Makefile -+Index: xserver/hw/Makefile.am -+=================================================================== -+--- xserver.orig/hw/Makefile.am -++++ xserver/hw/Makefile.am -+@@ -38,7 +38,8 @@ SUBDIRS = \ -+ $(DMX_SUBDIRS) \ -+ $(KDRIVE_SUBDIRS) \ -+ $(XQUARTZ_SUBDIRS) \ -+- $(XWAYLAND_SUBDIRS) -++ $(XWAYLAND_SUBDIRS) \ -++ vnc -+ -+ DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland -+ -+Index: xserver/mi/miinitext.c -+=================================================================== -+--- xserver.orig/mi/miinitext.c -++++ xserver/mi/miinitext.c -+@@ -107,8 +107,15 @@ SOFTWARE. -+ #include "os.h" -+ #include "globals.h" -+ -++#ifdef TIGERVNC -++extern void vncExtensionInit(void); -++#endif -++ -+ /* List of built-in (statically linked) extensions */ -+ static const ExtensionModule staticExtensions[] = { -++#ifdef TIGERVNC -++ {vncExtensionInit, "VNC-EXTENSION", NULL}, -++#endif -+ {GEExtensionInit, "Generic Event Extension", &noGEExtension}, -+ {ShapeExtensionInit, "SHAPE", NULL}, -+ #ifdef MITSHM --- -2.13.6 - diff --git a/u_tigervnc-add-autoaccept-parameter.patch b/u_tigervnc-add-autoaccept-parameter.patch index bb0bf24..a5afdeb 100644 --- a/u_tigervnc-add-autoaccept-parameter.patch +++ b/u_tigervnc-add-autoaccept-parameter.patch @@ -1,18 +1,18 @@ -Index: tigervnc-1.8.0/java/com/tigervnc/rfb/CSecurityTLS.java +Index: tigervnc-1.9.0/java/com/tigervnc/rfb/CSecurityTLS.java =================================================================== ---- tigervnc-1.8.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java -+++ tigervnc-1.8.0/java/com/tigervnc/rfb/CSecurityTLS.java -@@ -64,6 +64,9 @@ public class CSecurityTLS extends CSecur +--- tigervnc-1.9.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java ++++ tigervnc-1.9.0/java/com/tigervnc/rfb/CSecurityTLS.java +@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur public static StringParameter X509CRL = new StringParameter("X509CRL", "X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer); + public static StringParameter x509autoaccept + = new StringParameter("x509autoaccept", + "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer); + public static UserMsgBox msg; private void initGlobal() - { -@@ -82,6 +85,7 @@ public class CSecurityTLS extends CSecur +@@ -85,6 +88,7 @@ public class CSecurityTLS extends CSecur setDefaults(); cafile = X509CA.getData(); crlfile = X509CRL.getData(); @@ -20,7 +20,7 @@ Index: tigervnc-1.8.0/java/com/tigervnc/rfb/CSecurityTLS.java } public static String getDefaultCA() { -@@ -270,6 +274,10 @@ public class CSecurityTLS extends CSecur +@@ -283,6 +287,10 @@ public class CSecurityTLS extends CSecur tm.checkServerTrusted(chain, authType); } catch (java.lang.Exception e) { if (e.getCause() instanceof CertPathBuilderException) { @@ -28,10 +28,10 @@ Index: tigervnc-1.8.0/java/com/tigervnc/rfb/CSecurityTLS.java + return; + } + - Object[] answer = {"YES", "NO"}; - int ret = JOptionPane.showOptionDialog(null, + String certinfo = "This certificate has been signed by an unknown authority\n"+ -@@ -466,7 +474,7 @@ public class CSecurityTLS extends CSecur + "\n"+ +@@ -471,7 +479,7 @@ public class CSecurityTLS extends CSecur private SSLEngineManager manager; private boolean anon; @@ -40,11 +40,11 @@ Index: tigervnc-1.8.0/java/com/tigervnc/rfb/CSecurityTLS.java private FdInStream is; private FdOutStream os; -Index: tigervnc-1.8.0/java/com/tigervnc/vncviewer/VncViewer.java +Index: tigervnc-1.9.0/java/com/tigervnc/vncviewer/VncViewer.java =================================================================== ---- tigervnc-1.8.0.orig/java/com/tigervnc/vncviewer/VncViewer.java -+++ tigervnc-1.8.0/java/com/tigervnc/vncviewer/VncViewer.java -@@ -368,6 +368,8 @@ public class VncViewer extends javax.swi +--- tigervnc-1.9.0.orig/java/com/tigervnc/vncviewer/VncViewer.java ++++ tigervnc-1.9.0/java/com/tigervnc/vncviewer/VncViewer.java +@@ -393,6 +393,8 @@ public class VncViewer extends javax.swi // Called right after zero-arg constructor in applet mode setLookAndFeel(); setBackground(Color.white); diff --git a/u_tigervnc-ignore-epipe-on-write.patch b/u_tigervnc-ignore-epipe-on-write.patch index 990b3e4..38ab090 100644 --- a/u_tigervnc-ignore-epipe-on-write.patch +++ b/u_tigervnc-ignore-epipe-on-write.patch @@ -9,8 +9,8 @@ Index: common/rdr/FdOutStream.cxx =================================================================== --- common/rdr/FdOutStream.cxx.orig +++ common/rdr/FdOutStream.cxx -@@ -191,8 +191,12 @@ int FdOutStream::writeWithTimeout(const - n = ::write(fd, data, length); +@@ -204,8 +204,12 @@ int FdOutStream::writeWithTimeout(const + #endif } while (n < 0 && (errno == EINTR)); - if (n < 0) diff --git a/u_tigervnc-show-unencrypted-warning.patch b/u_tigervnc-show-unencrypted-warning.patch deleted file mode 100644 index 1a0d177..0000000 --- a/u_tigervnc-show-unencrypted-warning.patch +++ /dev/null @@ -1,178 +0,0 @@ -Author: Michal Srb -Subject: Display warning in window title when no encryption is in use. -Patch-Mainline: To be upstreamed -References: fate#319701 - -Index: tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx -=================================================================== ---- tigervnc-1.6.0.orig/common/rfb/CSecurityPlain.cxx -+++ tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx -@@ -31,7 +31,7 @@ bool CSecurityPlain::processMsg(CConnect - CharArray username; - CharArray password; - -- (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf); -+ (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf, cc->csecurity->getType()); - - // Return the response to the server - os->writeU32(strlen(username.buf)); -Index: tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx -=================================================================== ---- tigervnc-1.6.0.orig/common/rfb/CSecurityVncAuth.cxx -+++ tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx -@@ -46,7 +46,7 @@ bool CSecurityVncAuth::processMsg(CConne - rdr::U8 challenge[vncAuthChallengeSize]; - is->readBytes(challenge, vncAuthChallengeSize); - PlainPasswd passwd; -- (CSecurity::upg)->getUserPasswd(0, &passwd.buf); -+ (CSecurity::upg)->getUserPasswd(0, &passwd.buf, cc->csecurity->getType()); - - // Calculate the correct response - rdr::U8 key[8]; -Index: tigervnc-1.6.0/common/rfb/Security.cxx -=================================================================== ---- tigervnc-1.6.0.orig/common/rfb/Security.cxx -+++ tigervnc-1.6.0/common/rfb/Security.cxx -@@ -206,3 +206,19 @@ std::list rfb::parseSecTypes(c - } - return result; - } -+ -+bool rfb::isSecTypeEncrypted(rdr::U32 num) -+{ -+ switch (num) { -+ case secTypeTLSNone: -+ case secTypeTLSVnc: -+ case secTypeTLSPlain: -+ case secTypeX509None: -+ case secTypeX509Vnc: -+ case secTypeX509Plain: -+ return true; -+ -+ default: -+ return false; -+ } -+} -Index: tigervnc-1.6.0/common/rfb/Security.h -=================================================================== ---- tigervnc-1.6.0.orig/common/rfb/Security.h -+++ tigervnc-1.6.0/common/rfb/Security.h -@@ -104,6 +104,8 @@ namespace rfb { - const char* secTypeName(rdr::U32 num); - rdr::U32 secTypeNum(const char* name); - std::list parseSecTypes(const char* types); -+ -+ bool isSecTypeEncrypted(rdr::U32 num); - } - - #endif -Index: tigervnc-1.6.0/common/rfb/UserPasswdGetter.h -=================================================================== ---- tigervnc-1.6.0.orig/common/rfb/UserPasswdGetter.h -+++ tigervnc-1.6.0/common/rfb/UserPasswdGetter.h -@@ -17,6 +17,9 @@ - */ - #ifndef __RFB_USERPASSWDGETTER_H__ - #define __RFB_USERPASSWDGETTER_H__ -+ -+#include -+ - namespace rfb { - class UserPasswdGetter { - public: -@@ -24,7 +27,7 @@ namespace rfb { - // dialog, getpass(), etc. The user buffer pointer can be null, in which - // case no user name will be retrieved. The caller MUST delete [] the - // result(s). -- virtual void getUserPasswd(char** user, char** password)=0; -+ virtual void getUserPasswd(char** user, char** password, rdr::U32 secType)=0; - }; - } - #endif -Index: tigervnc-1.6.0/vncviewer/DesktopWindow.cxx -=================================================================== ---- tigervnc-1.6.0.orig/vncviewer/DesktopWindow.cxx -+++ tigervnc-1.6.0/vncviewer/DesktopWindow.cxx -@@ -27,6 +27,7 @@ - - #include - #include -+#include - - #include "DesktopWindow.h" - #include "OptionsDialog.h" -@@ -206,7 +207,11 @@ void DesktopWindow::setName(const char * - CharArray windowNameStr; - windowNameStr.replaceBuf(new char[256]); - -- snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC", name); -+ const char *warning = ""; -+ if (!rfb::isSecTypeEncrypted(cc->csecurity->getType())) -+ warning = _("(Connection not encrypted!)"); -+ -+ snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC %s", name, warning); - - copy_label(windowNameStr.buf); - } -Index: tigervnc-1.6.0/vncviewer/UserDialog.cxx -=================================================================== ---- tigervnc-1.6.0.orig/vncviewer/UserDialog.cxx -+++ tigervnc-1.6.0/vncviewer/UserDialog.cxx -@@ -32,10 +32,12 @@ - #include - #include - #include -+#include - - #include - #include - #include -+#include - - #include "i18n.h" - #include "fltk_layout.h" -@@ -59,7 +61,7 @@ UserDialog::~UserDialog() - { - } - --void UserDialog::getUserPasswd(char** user, char** password) -+void UserDialog::getUserPasswd(char** user, char** password, rdr::U32 secType) - { - CharArray passwordFileStr(passwordFile.getData()); - -@@ -82,8 +84,12 @@ void UserDialog::getUserPasswd(char** us - return; - } - -+ const char* title = _("VNC authentication"); -+ if (!rfb::isSecTypeEncrypted(secType)) -+ title = _("VNC authentication (Connection not encrypted!)"); -+ - if (!user) { -- fl_message_title(_("VNC authentication")); -+ fl_message_title(title); - *password = strDup(fl_password(_("Password:"), "")); - if (!*password) - throw rfb::Exception(_("Authentication cancelled")); -@@ -93,7 +99,7 @@ void UserDialog::getUserPasswd(char** us - - // Largely copied from FLTK so that we get the same look and feel - // as the simpler password input. -- Fl_Window *win = new Fl_Window(410, 145, _("VNC authentication")); -+ Fl_Window *win = new Fl_Window(410, 145, title); - win->callback(button_cb,(void *)0); - - Fl_Input *username = new Fl_Input(70, 25, 300, 25, _("Username:")); -Index: tigervnc-1.6.0/vncviewer/UserDialog.h -=================================================================== ---- tigervnc-1.6.0.orig/vncviewer/UserDialog.h -+++ tigervnc-1.6.0/vncviewer/UserDialog.h -@@ -31,7 +31,7 @@ public: - - // UserPasswdGetter callbacks - -- void getUserPasswd(char** user, char** password); -+ void getUserPasswd(char** user, char** password, rdr::U32 secType); - - // UserMsgBox callbacks - diff --git a/v1.8.0.tar.gz b/v1.8.0.tar.gz deleted file mode 100644 index 13afa89..0000000 --- a/v1.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9951dab0e10f8de03996ec94bec0d938da9f36d48dca8c954e8bbc95c16338f8 -size 1433830 diff --git a/v1.9.0.tar.gz b/v1.9.0.tar.gz new file mode 100644 index 0000000..8eb3d5d --- /dev/null +++ b/v1.9.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f15ced8500ec56356c3bf271f52e58ed83729118361c7103eab64a618441f740 +size 1506520 diff --git a/xvnc-novnc.service b/xvnc-novnc.service index 14a3690..f16fc55 100644 --- a/xvnc-novnc.service +++ b/xvnc-novnc.service @@ -1,7 +1,7 @@ [Unit] Description=noVNC Web Server -Requires=xvnc.socket -After=xvnc.socket +Requires=xvnc.target +After=xvnc.target [Service] ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/websockify --key /etc/vnc/tls.key --cert /etc/vnc/tls.cert --web /usr/share/novnc --inetd localhost:5901 diff --git a/xvnc.socket b/xvnc.socket index 1bbca04..27537ea 100644 --- a/xvnc.socket +++ b/xvnc.socket @@ -1,5 +1,7 @@ [Unit] Description=Xvnc Server +Before=xvnc.target +Wants=xvnc.target [Socket] ListenStream=5901 diff --git a/xvnc.target b/xvnc.target new file mode 100644 index 0000000..ca42c97 --- /dev/null +++ b/xvnc.target @@ -0,0 +1,2 @@ +[Unit] +Description=System VNC service