Dominique Leuenberger 2016-01-13 21:42:48 +00:00 committed by Git OBS Bridge
commit da402b26a4
14 changed files with 59 additions and 1333 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,23 +0,0 @@
Subject: [PATCH] Fix reversed logic in vncIsTCPPortUsed()
Author: Pierre Ossman <ossman@cendio.se>
Patch-mainline: Upstream
Git-commit: 6bb08082956334711de44dad49b95f90a7b02700
Signed-off-by: Michal Srb <msrb@suse.com>
Patch by Jay Kulpinski. Prevents -inetd mode from automatically
finding a free X11 display number.
diff --git a/unix/xserver/hw/vnc/RFBGlue.cc b/unix/xserver/hw/vnc/RFBGlue.cc
index 09832ab..a150792 100644
--- a/unix/xserver/hw/vnc/RFBGlue.cc
+++ b/unix/xserver/hw/vnc/RFBGlue.cc
@@ -194,7 +194,7 @@ int vncIsTCPPortUsed(int port)
std::list<network::TcpListener> dummy;
network::createTcpListeners (&dummy, 0, port);
} catch (rdr::Exception& e) {
- return 0;
+ return 1;
}
- return 1;
+ return 0;
}

View File

@ -39,16 +39,3 @@ Index: tigervnc-1.4.1/win/winvnc/buildTime.cxx
-const char* buildTime = "Built on " __DATE__ " at " __TIME__;
+const char* buildTime = "Built on ??? ?? ???? at ??:??:??";
Index: tigervnc-1.4.1/CMakeLists.txt
===================================================================
--- tigervnc-1.4.1.orig/CMakeLists.txt
+++ tigervnc-1.4.1/CMakeLists.txt
@@ -39,8 +39,7 @@ if(MSVC)
message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW")
endif()
-set(BUILD_TIMESTAMP "")
-execute_process(COMMAND "date" "+%Y-%m-%d %H:%M" OUTPUT_VARIABLE BUILD_TIMESTAMP)
+set(BUILD_TIMESTAMP "??-??-?? ??:??")
if(NOT BUILD_TIMESTAMP)
set(BUILD_TIMESTAMP "")

View File

@ -1,8 +1,8 @@
Index: tigervnc-1.5.0/vncviewer/CConn.cxx
Index: tigervnc-1.6.0/vncviewer/CConn.cxx
===================================================================
--- tigervnc-1.5.0.orig/vncviewer/CConn.cxx
+++ tigervnc-1.5.0/vncviewer/CConn.cxx
@@ -427,6 +427,8 @@ void CConn::dataRect(const Rect& r, int
--- tigervnc-1.6.0.orig/vncviewer/CConn.cxx
+++ tigervnc-1.6.0/vncviewer/CConn.cxx
@@ -438,6 +438,8 @@ void CConn::dataRect(const Rect& r, int
if (encoding != encodingCopyRect)
lastServerEncoding = encoding;

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Tue Jan 12 12:14:27 UTC 2016 - msrb@suse.com
- Updated to tigervnc 1.6.0.
- Removed patches:
* N_tigervnc_revert_fltk_1_3_3_requirements.patch
* U_tigervnc-fix-reversed-logic-in-vncIsTCPPortUsed.patch
* u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
* u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
* u_tigervnc-use_preferred_mode.patch
* u_tigervnc-vncserver-clean-pid-files.patch
- Updated patches:
* n_tigervnc-date-time.patch
* u_tigervnc-add-autoaccept-parameter.patch
* u_tigervnc_update_default_vncxstartup.patch
-------------------------------------------------------------------
Wed Dec 16 14:25:35 UTC 2015 - msrb@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package tigervnc
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -23,7 +23,7 @@
%define tlscert %{_sysconfdir}/vnc/tls.cert
Name: tigervnc
Version: 1.5.0
Version: 1.6.0
Release: 0
Provides: tightvnc = 1.3.9
Obsoletes: tightvnc < 1.3.9
@ -112,16 +112,10 @@ Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: u_tigervnc-ignore-epipe-on-write.patch
Patch4: n_tigervnc-date-time.patch
Patch5: U_include-vencrypt-only-if-any-subtype-present.patch
Patch6: u_tigervnc-use_preferred_mode.patch
Patch7: u_tigervnc-cve-2014-8240.patch
Patch8: u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
Patch9: u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
Patch10: u_tigervnc-add-autoaccept-parameter.patch
Patch11: N_tigervnc_revert_fltk_1_3_3_requirements.patch
Patch12: U_tigervnc-fix-reversed-logic-in-vncIsTCPPortUsed.patch
Patch13: u_tigervnc-vncserver-clean-pid-files.patch
Patch14: u_xserver118.patch
Patch15: u_tigervnc_update_default_vncxstartup.patch
Patch6: u_tigervnc-cve-2014-8240.patch
Patch7: u_tigervnc-add-autoaccept-parameter.patch
Patch8: u_xserver118.patch
Patch9: u_tigervnc_update_default_vncxstartup.patch
%description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
@ -159,16 +153,10 @@ cp -r /usr/src/xserver/* unix/xserver/
%patch3 -p0
%patch4 -p1
%patch5 -p0
%patch6 -p0
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
pushd unix/xserver
patch -p1 < ../xserver117.patch
@ -178,7 +166,7 @@ popd
export CXXFLAGS="%optflags -fPIC"
export CFLAGS="%optflags -fPIC"
# Build all tigervnc
cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DCMAKE_BUILD_TYPE=RelWithDebInfo
cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_TIMESTAMP="??-??-?? ??:??"
make %{?_smp_mflags}
# Build Xvnc server

View File

@ -1,8 +1,8 @@
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6014502..9b886b5 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -47,6 +47,9 @@ public class CSecurityTLS extends CSecurity {
Index: tigervnc-1.6.0/java/com/tigervnc/rfb/CSecurityTLS.java
===================================================================
--- tigervnc-1.6.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java
+++ tigervnc-1.6.0/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -64,6 +64,9 @@ public class CSecurityTLS extends CSecur
public static StringParameter x509crl
= new StringParameter("x509crl",
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
@ -12,7 +12,7 @@ index 6014502..9b886b5 100644
private void initGlobal()
{
@@ -71,6 +74,7 @@ public class CSecurityTLS extends CSecurity {
@@ -82,6 +85,7 @@ public class CSecurityTLS extends CSecur
setDefaults();
cafile = x509ca.getData();
crlfile = x509crl.getData();
@ -20,71 +20,19 @@ index 6014502..9b886b5 100644
}
public static String getDefaultCA() {
@@ -247,34 +251,46 @@ public class CSecurityTLS extends CSecurity {
try {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
- Object[] answer = {"Proceed", "Exit"};
-
- StringBuilder message = new StringBuilder();
- message.append(e.getCause().getLocalizedMessage());
- message.append("\nContinue connecting to this host?");
+ String fingerprint = null;
try {
+ StringBuilder fingerprintBuilder = new StringBuilder();
@@ -277,6 +281,11 @@ public class CSecurityTLS extends CSecur
String thumbprint =
DatatypeConverter.printHexBinary(md.digest());
thumbprint = thumbprint.replaceAll("..(?!$)", "$0 ");
+
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
sha1.update(chain[0].getEncoded());
- message.append("\nSHA-1 fingerprint: ");
-
for(byte B : sha1.digest()) {
- message.append(Integer.toHexString(0xff & B));
- message.append(':');
+ fingerprintBuilder.append(String.format("%02x", /*0xff & */B));
+ fingerprintBuilder.append(':');
}
- message.deleteCharAt(message.length() - 1);
+ fingerprintBuilder.deleteCharAt(fingerprintBuilder.length() - 1);
+
+ fingerprint = fingerprintBuilder.toString();
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
// No fingerprint then...
}
- int ret = JOptionPane.showOptionDialog(null,
- message.toString(),
- "Confirm certificate exception?",
- JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
- null, answer, answer[0]);
- if (ret == JOptionPane.NO_OPTION)
- System.exit(1);
+ if(fingerprint == null || certautoaccept == null || !fingerprint.equalsIgnoreCase(certautoaccept)) {
+ Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+ if(fingerprint != null) {
+ message.append("\nSHA-1 fingerprint: ");
+ message.append(fingerprint);
+ message.append("\nBle: ");
+ message.append(certautoaccept);
+ if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) {
+ return;
+ }
+
+ int ret = JOptionPane.showOptionDialog(null,
+ message.toString(),
+ "Confirm certificate exception?",
+ JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
+ null, answer, answer[0]);
+ if (ret == JOptionPane.NO_OPTION)
+ System.exit(1);
+ }
} catch (java.lang.Exception e) {
throw new Exception(e.toString());
}
@@ -301,7 +317,7 @@ public class CSecurityTLS extends CSecurity {
int ret = JOptionPane.showOptionDialog(null,
"This certificate has been signed by an unknown authority\n"+
"\n"+
@@ -466,7 +475,7 @@ public class CSecurityTLS extends CSecur
private SSLEngineManager manager;
private boolean anon;
@ -93,11 +41,11 @@ index 6014502..9b886b5 100644
private FdInStream is;
private FdOutStream os;
diff --git a/java/com/tigervnc/vncviewer/VncViewer.java b/java/com/tigervnc/vncviewer/VncViewer.java
index cc21c2e..6786636 100644
--- a/java/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/com/tigervnc/vncviewer/VncViewer.java
@@ -354,6 +354,8 @@ public class VncViewer extends javax.swing.JApplet
Index: tigervnc-1.6.0/java/com/tigervnc/vncviewer/VncViewer.java
===================================================================
--- tigervnc-1.6.0.orig/java/com/tigervnc/vncviewer/VncViewer.java
+++ tigervnc-1.6.0/java/com/tigervnc/vncviewer/VncViewer.java
@@ -353,6 +353,8 @@ public class VncViewer extends javax.swi
parent.setFocusTraversalKeysEnabled(false);
setLookAndFeel();
setBackground(Color.white);
@ -106,7 +54,7 @@ index cc21c2e..6786636 100644
}
private void getTimestamp() {
@@ -375,6 +377,7 @@ public class VncViewer extends javax.swing.JApplet
@@ -374,6 +376,7 @@ public class VncViewer extends javax.swi
if (embed.getValue() && nViewers == 0) {
alwaysShowServerDialog.setParam(false);
Configuration.global().readAppletParams(this);

View File

@ -1,48 +0,0 @@
From af09e89d54b57649cf60363d03f84d129baecd27 Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:38:18 +0300
Subject: [PATCH 2/2] Display SHA-1 fingerprint of untrusted certificate in
java client.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 7633f08..6014502 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -248,9 +248,28 @@ public class CSecurityTLS extends CSecurity {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+
+ try {
+ MessageDigest sha1 = MessageDigest.getInstance("SHA1");
+ sha1.update(chain[0].getEncoded());
+
+ message.append("\nSHA-1 fingerprint: ");
+
+ for(byte B : sha1.digest()) {
+ message.append(Integer.toHexString(0xff & B));
+ message.append(':');
+ }
+ message.deleteCharAt(message.length() - 1);
+ } catch (NoSuchAlgorithmException noSuchAlgorithmException) {
+ // No fingerprint then...
+ }
+
int ret = JOptionPane.showOptionDialog(null,
- e.getCause().getLocalizedMessage()+"\n"+
- "Continue connecting to this host?",
+ message.toString(),
"Confirm certificate exception?",
JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
null, answer, answer[0]);
--
2.1.4

View File

@ -1,60 +0,0 @@
From d6d847633660abb99764192f73da7be5adf3da9c Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:09:21 +0300
Subject: [PATCH 1/2] Use default trust manager in java viewer if custom CA is
not specified.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 34 +++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6f799bb..7633f08 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -207,24 +207,26 @@ public class CSecurityTLS extends CSecurity {
try {
ks.load(null, null);
File cacert = new File(cafile);
- if (!cacert.exists() || !cacert.canRead())
- return;
- InputStream caStream = new FileInputStream(cafile);
- X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
- ks.setCertificateEntry("CA", ca);
- PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
- File crlcert = new File(crlfile);
- if (!crlcert.exists() || !crlcert.canRead()) {
- params.setRevocationEnabled(false);
+ if (!cacert.exists() || !cacert.canRead()) {
+ tmf.init((KeyStore)null); // Use default trust manager
} else {
- InputStream crlStream = new FileInputStream(crlfile);
- Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
- CertStoreParameters csp = new CollectionCertStoreParameters(crls);
- CertStore store = CertStore.getInstance("Collection", csp);
- params.addCertStore(store);
- params.setRevocationEnabled(true);
+ InputStream caStream = new FileInputStream(cafile);
+ X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
+ ks.setCertificateEntry("CA", ca);
+ PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
+ File crlcert = new File(crlfile);
+ if (!crlcert.exists() || !crlcert.canRead()) {
+ params.setRevocationEnabled(false);
+ } else {
+ InputStream crlStream = new FileInputStream(crlfile);
+ Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
+ CertStore store = CertStore.getInstance("Collection", csp);
+ params.addCertStore(store);
+ params.setRevocationEnabled(true);
+ }
+ tmf.init(new CertPathTrustManagerParameters(params));
}
- tmf.init(new CertPathTrustManagerParameters(params));
} catch (java.io.FileNotFoundException e) {
vlog.error(e.toString());
} catch (java.io.IOException e) {
--
2.1.4

View File

@ -1,47 +0,0 @@
Author: Michal Srb <msrb@suse.com>
Subject: Use preferred mode.
Patch-Mainline: To be upstreamed
References: bnc#896540
If there is any resolution specified with -geometry or -screen parameters,
report this resolution as preferred one. That way desktop environments won't
change it immediately after start.
Index: unix/xserver/hw/vnc/xvnc.c
===================================================================
--- unix/xserver/hw/vnc/xvnc.c.orig
+++ unix/xserver/hw/vnc/xvnc.c
@@ -1296,12 +1296,24 @@ static RRCrtcPtr vncRandRCrtcCreate(Scre
vncRandRCrtcSet(pScreen, crtc, NULL, 0, 0, RR_Rotate_0, 1, &output);
/* Populate a list of default modes */
- modes = malloc(sizeof(RRModePtr)*sizeof(vncRandRWidths)/sizeof(*vncRandRWidths));
+ modes = malloc(sizeof(RRModePtr)*sizeof(vncRandRWidths)/sizeof(*vncRandRWidths) + 1);
if (modes == NULL)
return NULL;
num_modes = 0;
+
+ /* Start with requested mode */
+ mode = vncRandRModeGet(pScreen->width, pScreen->height);
+ if(mode != NULL) {
+ modes[num_modes] = mode;
+ num_modes++;
+ }
+
+ /* Add default modes */
for (i = 0;i < sizeof(vncRandRWidths)/sizeof(*vncRandRWidths);i++) {
+ if (vncRandRWidths[i] == pScreen->width && vncRandRHeights[i] == pScreen->height)
+ continue;
+
mode = vncRandRModeGet(vncRandRWidths[i], vncRandRHeights[i]);
if (mode != NULL) {
modes[num_modes] = mode;
@@ -1309,7 +1321,7 @@ static RRCrtcPtr vncRandRCrtcCreate(Scre
}
}
- RROutputSetModes(output, modes, num_modes, 0);
+ RROutputSetModes(output, modes, num_modes, 1);
free(modes);

View File

@ -1,30 +0,0 @@
Author: Egbert Eich <eich@suse.com>
Subject: Clean pid files of dead processes.
Patch-Mainline: To be upstreamed
References: bnc#948392
Signed-off-by: Michal Srb <msrb@suse.com>
--- a/unix/vncserver 2015-05-19 18:01:12.000000000 +0200
+++ b/unix/vncserver 2015-10-01 15:52:50.920363305 +0200
@@ -302,6 +302,7 @@
}
unless (kill 0, `cat $pidFile`) {
warn "Could not start Xvnc.\n\n";
+ unlink $pidFile;
open(LOG, "<$desktopLog");
while (<LOG>) { print; }
close(LOG);
@@ -587,7 +588,12 @@
print "X DISPLAY #\tPROCESS ID\n";
foreach my $file (@filelist) {
if ($file =~ /$host:(\d+)$\.pid/) {
- print ":".$1."\t\t".`cat $vncUserDir/$file`;
+ chop($tmp_pid = `cat $vncUserDir/$file`);
+ if (kill 0, $tmp_pid) {
+ print ":".$1."\t\t".`cat $vncUserDir/$file`;
+ } else {
+ unlink ($vncUserDir . "/" . $file);
+ }
}
}
exit 1;

View File

@ -2,11 +2,11 @@ Author: Michal Srb <msrb@suse.com>
References: bnc#956537
Subject: Update default vnc xstartup script.
Index: tigervnc-1.5.0/unix/vncserver
Index: tigervnc-1.6.0/unix/vncserver
===================================================================
--- tigervnc-1.5.0.orig/unix/vncserver
+++ tigervnc-1.5.0/unix/vncserver
@@ -59,27 +59,31 @@ $defaultXStartup
--- tigervnc-1.6.0.orig/unix/vncserver
+++ tigervnc-1.6.0/unix/vncserver
@@ -61,27 +61,31 @@ $defaultXStartup
= ("#!/bin/sh\n\n".
"unset SESSION_MANAGER\n".
"unset DBUS_SESSION_BUS_ADDRESS\n".
@ -51,5 +51,5 @@ Index: tigervnc-1.5.0/unix/vncserver
+ " echo \"No window manager found. You should install a window manager to get properly working VNC session.\"\n".
+ "fi\n");
chop($host = `uname -n`);
$defaultConfig
= ("## Supported server options to pass to vncserver upon invocation can be listed\n".

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7b0ec1a85d708f72fee17326bd1f894b9132df089226561306f4c2ef19d7df25
size 1268682

3
v1.6.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:98ffe98fcfe883e6c35aec579295b53d73d2ccf62e0f6e53a73ecad993b096ca
size 1291089