Accepting request 955672 from X11:XOrg
- n_vncserver.patch * fix location of Xsession script - vncserver usage has radically changed; please check this: https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/HOWTO.md - Update to tigervnc 1.12.0 * The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed * Recent server history in the native viewer * The native viewer now has an option to reconnect if the connection is dropped * Translations are now enabled on Windows and macOS for the native viewer * The native viewer now respects the system security policy * Better handling of accented keys in the Java viewer * The Unix servers can now listen to both a Unix socket and a TCP port at the same time * The network code in both the servers and the native viewer has been restructured to give a more responsive experience * The vncserver service now correctly handles settings set to "0" * Fixed the clipboard Unicode handling in both the native viewer and the servers * Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games - Update to tigervnc 1.11.0 * A security issue has been fixed in how the viewers handle TLS certificate exceptions * vncserver has gotten a major redesign to be compatible with modern distributions * The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel) * Middle mouse button emulation in the native viewer, for devices with only two mouse buttons * The Java viewer now supports Java 9+, but also now requires Java 8+ * Support for alpha cursors in the Java viewer (a feature already supported in the native viewer) * The password and username can now be specified via the environment for the native viewer * Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16 * The official builds have been fixed to work on the upcoming macOS 11 * The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy - Removed patches (included in 1.12.0): * U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch * tigervnc-fix-saving-of-bad-server-certs.patch * u_xorg-server-1.20.7-ddxInputThreadInit.patch * U_0001-Properly-store-certificate-exceptions.patch * U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch * tigervnc-FIPS-use-RFC7919.patch * u_Fix-non-functional-MaxDisconnectionTime.patch - Removed patches (no longer needed): * u_tigervnc-cve-2014-8240.patch (https://github.com/TigerVNC/tigervnc/pull/1258) * u_tigervnc_update_default_vncxstartup.patch - Refreshed patches: * n_correct_path_in_desktop_file.patch * n_tigervnc-date-time.patch * n_utilize-system-crypto-policies.patch * tigervnc-clean-pressed-key-on-exit.patch * tigervnc-newfbsize.patch * u_build_libXvnc_as_separate_library.patch * u_change-button-layout-in-ServerDialog.patch * u_tigervnc-add-autoaccept-parameter.patch * u_tigervnc-211.patch OBS-URL: https://build.opensuse.org/request/show/955672 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=87
This commit is contained in:
commit
e24fe8e8a7
@ -1,228 +0,0 @@
|
|||||||
From b30f10c681ec87720cff85d490f67098568a9cba Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pierre Ossman <ossman@cendio.se>
|
|
||||||
Date: Thu, 21 May 2020 21:10:38 +0200
|
|
||||||
Subject: [PATCH] Properly store certificate exceptions
|
|
||||||
|
|
||||||
The previous method stored the certificates as authorities, meaning that
|
|
||||||
the owner of that certificate could impersonate any server it wanted
|
|
||||||
after a client had added an exception.
|
|
||||||
|
|
||||||
Handle this more properly by only storing exceptions for specific
|
|
||||||
hostname/certificate combinations, the same way browsers or SSH does
|
|
||||||
things.
|
|
||||||
---
|
|
||||||
common/rfb/CSecurityTLS.cxx | 163 ++++++++++++++++++++------------------------
|
|
||||||
1 file changed, 73 insertions(+), 90 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
|
|
||||||
index 5c303a37..99008378 100644
|
|
||||||
--- a/common/rfb/CSecurityTLS.cxx
|
|
||||||
+++ b/common/rfb/CSecurityTLS.cxx
|
|
||||||
@@ -250,22 +250,6 @@ void CSecurityTLS::setParam()
|
|
||||||
if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0)
|
|
||||||
throw AuthFailureException("load of CA cert failed");
|
|
||||||
|
|
||||||
- /* Load previously saved certs */
|
|
||||||
- char *homeDir = NULL;
|
|
||||||
- int err;
|
|
||||||
- if (getvnchomedir(&homeDir) == -1)
|
|
||||||
- vlog.error("Could not obtain VNC home directory path");
|
|
||||||
- else {
|
|
||||||
- CharArray caSave(strlen(homeDir) + 19 + 1);
|
|
||||||
- sprintf(caSave.buf, "%sx509_savedcerts.pem", homeDir);
|
|
||||||
- delete [] homeDir;
|
|
||||||
-
|
|
||||||
- err = gnutls_certificate_set_x509_trust_file(cert_cred, caSave.buf,
|
|
||||||
- GNUTLS_X509_FMT_PEM);
|
|
||||||
- if (err < 0)
|
|
||||||
- vlog.debug("Failed to load saved server certificates from %s", caSave.buf);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0)
|
|
||||||
throw AuthFailureException("load of CRL failed");
|
|
||||||
|
|
||||||
@@ -290,7 +274,10 @@ void CSecurityTLS::checkSession()
|
|
||||||
const gnutls_datum_t *cert_list;
|
|
||||||
unsigned int cert_list_size = 0;
|
|
||||||
int err;
|
|
||||||
+
|
|
||||||
+ char *homeDir;
|
|
||||||
gnutls_datum_t info;
|
|
||||||
+ size_t len;
|
|
||||||
|
|
||||||
if (anon)
|
|
||||||
return;
|
|
||||||
@@ -333,13 +320,13 @@ void CSecurityTLS::checkSession()
|
|
||||||
throw AuthFailureException("decoding of certificate failed");
|
|
||||||
|
|
||||||
if (gnutls_x509_crt_check_hostname(crt, client->getServerName()) == 0) {
|
|
||||||
- char buf[255];
|
|
||||||
+ CharArray text;
|
|
||||||
vlog.debug("hostname mismatch");
|
|
||||||
- snprintf(buf, sizeof(buf), "Hostname (%s) does not match any certificate, "
|
|
||||||
- "do you want to continue?", client->getServerName());
|
|
||||||
- buf[sizeof(buf) - 1] = '\0';
|
|
||||||
- if (!msg->showMsgBox(UserMsgBox::M_YESNO, "hostname mismatch", buf))
|
|
||||||
- throw AuthFailureException("hostname mismatch");
|
|
||||||
+ text.format("Hostname (%s) does not match the server certificate, "
|
|
||||||
+ "do you want to continue?", client->getServerName());
|
|
||||||
+ if (!msg->showMsgBox(UserMsgBox::M_YESNO,
|
|
||||||
+ "Certificate hostname mismatch", text.buf))
|
|
||||||
+ throw AuthFailureException("Certificate hostname mismatch");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (status == 0) {
|
|
||||||
@@ -364,86 +351,82 @@ void CSecurityTLS::checkSession()
|
|
||||||
throw AuthFailureException("Invalid status of server certificate verification");
|
|
||||||
}
|
|
||||||
|
|
||||||
- vlog.debug("Saved server certificates don't match");
|
|
||||||
+ /* Certificate is fine, except we don't know the issuer, so TOFU time */
|
|
||||||
|
|
||||||
- if (gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &info)) {
|
|
||||||
- /*
|
|
||||||
- * GNUTLS doesn't correctly export gnutls_free symbol which is
|
|
||||||
- * a function pointer. Linking with Visual Studio 2008 Express will
|
|
||||||
- * fail when you call gnutls_free().
|
|
||||||
- */
|
|
||||||
-#if WIN32
|
|
||||||
- free(info.data);
|
|
||||||
-#else
|
|
||||||
- gnutls_free(info.data);
|
|
||||||
-#endif
|
|
||||||
- throw AuthFailureException("Could not find certificate to display");
|
|
||||||
+ homeDir = NULL;
|
|
||||||
+ if (getvnchomedir(&homeDir) == -1) {
|
|
||||||
+ throw AuthFailureException("Could not obtain VNC home directory "
|
|
||||||
+ "path for known hosts storage");
|
|
||||||
}
|
|
||||||
|
|
||||||
- size_t out_size = 0;
|
|
||||||
- char *out_buf = NULL;
|
|
||||||
- char *certinfo = NULL;
|
|
||||||
- int len = 0;
|
|
||||||
-
|
|
||||||
- vlog.debug("certificate issuer unknown");
|
|
||||||
-
|
|
||||||
- len = snprintf(NULL, 0, "This certificate has been signed by an unknown "
|
|
||||||
- "authority:\n\n%s\n\nDo you want to save it and "
|
|
||||||
- "continue?\n ", info.data);
|
|
||||||
- if (len < 0)
|
|
||||||
- throw AuthFailureException("certificate decoding error");
|
|
||||||
-
|
|
||||||
- vlog.debug("%s", info.data);
|
|
||||||
-
|
|
||||||
- certinfo = new char[len];
|
|
||||||
-
|
|
||||||
- snprintf(certinfo, len, "This certificate has been signed by an unknown "
|
|
||||||
- "authority:\n\n%s\n\nDo you want to save it and "
|
|
||||||
- "continue? ", info.data);
|
|
||||||
+ CharArray dbPath(strlen(homeDir) + 16 + 1);
|
|
||||||
+ sprintf(dbPath.buf, "%sx509_known_hosts", homeDir);
|
|
||||||
+ delete [] homeDir;
|
|
||||||
|
|
||||||
- for (int i = 0; i < len - 1; i++)
|
|
||||||
- if (certinfo[i] == ',' && certinfo[i + 1] == ' ')
|
|
||||||
- certinfo[i] = '\n';
|
|
||||||
+ err = gnutls_verify_stored_pubkey(dbPath.buf, NULL,
|
|
||||||
+ client->getServerName(), NULL,
|
|
||||||
+ GNUTLS_CRT_X509, &cert_list[0], 0);
|
|
||||||
|
|
||||||
- if (!msg->showMsgBox(UserMsgBox::M_YESNO, "certificate issuer unknown",
|
|
||||||
- certinfo)) {
|
|
||||||
- delete [] certinfo;
|
|
||||||
- throw AuthFailureException("certificate issuer unknown");
|
|
||||||
+ /* Previously known? */
|
|
||||||
+ if (err == GNUTLS_E_SUCCESS) {
|
|
||||||
+ vlog.debug("Server certificate found in known hosts file");
|
|
||||||
+ gnutls_x509_crt_deinit(crt);
|
|
||||||
+ return;
|
|
||||||
}
|
|
||||||
|
|
||||||
- delete [] certinfo;
|
|
||||||
-
|
|
||||||
- if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size)
|
|
||||||
- != GNUTLS_E_SHORT_MEMORY_BUFFER)
|
|
||||||
- throw AuthFailureException("certificate issuer unknown, and certificate "
|
|
||||||
- "export failed");
|
|
||||||
+ if ((err != GNUTLS_E_NO_CERTIFICATE_FOUND) &&
|
|
||||||
+ (err != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)) {
|
|
||||||
+ throw AuthFailureException("Could not load known hosts database");
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- // Save cert
|
|
||||||
- out_buf = new char[out_size];
|
|
||||||
+ if (gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &info))
|
|
||||||
+ throw AuthFailureException("Could not find certificate to display");
|
|
||||||
|
|
||||||
- if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0)
|
|
||||||
- throw AuthFailureException("certificate issuer unknown, and certificate "
|
|
||||||
- "export failed");
|
|
||||||
+ len = strlen((char*)info.data);
|
|
||||||
+ for (size_t i = 0; i < len - 1; i++) {
|
|
||||||
+ if (info.data[i] == ',' && info.data[i + 1] == ' ')
|
|
||||||
+ info.data[i] = '\n';
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- char *homeDir = NULL;
|
|
||||||
- if (getvnchomedir(&homeDir) == -1)
|
|
||||||
- vlog.error("Could not obtain VNC home directory path");
|
|
||||||
- else {
|
|
||||||
- FILE *f;
|
|
||||||
- CharArray caSave(strlen(homeDir) + 1 + 19);
|
|
||||||
- sprintf(caSave.buf, "%sx509_savedcerts.pem", homeDir);
|
|
||||||
- delete [] homeDir;
|
|
||||||
- f = fopen(caSave.buf, "a+");
|
|
||||||
- if (!f)
|
|
||||||
- msg->showMsgBox(UserMsgBox::M_OK, "certificate save failed",
|
|
||||||
- "Could not save the certificate");
|
|
||||||
- else {
|
|
||||||
- fprintf(f, "%s\n", out_buf);
|
|
||||||
- fclose(f);
|
|
||||||
- }
|
|
||||||
+ /* New host */
|
|
||||||
+ if (err == GNUTLS_E_NO_CERTIFICATE_FOUND) {
|
|
||||||
+ CharArray text;
|
|
||||||
+
|
|
||||||
+ vlog.debug("Server host not previously known");
|
|
||||||
+ vlog.debug("%s", info.data);
|
|
||||||
+
|
|
||||||
+ text.format("This certificate has been signed by an unknown "
|
|
||||||
+ "authority:\n\n%s\n\nSomeone could be trying to "
|
|
||||||
+ "impersonate the site and you should not "
|
|
||||||
+ "continue.\n\nDo you want to make an exception "
|
|
||||||
+ "for this server?", info.data);
|
|
||||||
+
|
|
||||||
+ if (!msg->showMsgBox(UserMsgBox::M_YESNO,
|
|
||||||
+ "Unknown certificate issuer",
|
|
||||||
+ text.buf))
|
|
||||||
+ throw AuthFailureException("Unknown certificate issuer");
|
|
||||||
+ } else if (err == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
|
|
||||||
+ CharArray text;
|
|
||||||
+
|
|
||||||
+ vlog.debug("Server host key mismatch");
|
|
||||||
+ vlog.debug("%s", info.data);
|
|
||||||
+
|
|
||||||
+ text.format("This host is previously known with a different "
|
|
||||||
+ "certificate, and the new certificate has been "
|
|
||||||
+ "signed by an unknown authority:\n\n%s\n\nSomeone "
|
|
||||||
+ "could be trying to impersonate the site and you "
|
|
||||||
+ "should not continue.\n\nDo you want to make an "
|
|
||||||
+ "exception for this server?", info.data);
|
|
||||||
+
|
|
||||||
+ if (!msg->showMsgBox(UserMsgBox::M_YESNO,
|
|
||||||
+ "Unexpected server certificate",
|
|
||||||
+ text.buf))
|
|
||||||
+ throw AuthFailureException("Unexpected server certificate");
|
|
||||||
}
|
|
||||||
|
|
||||||
- delete [] out_buf;
|
|
||||||
+ if (gnutls_store_pubkey(dbPath.buf, NULL, client->getServerName(),
|
|
||||||
+ NULL, GNUTLS_CRT_X509, &cert_list[0], 0, 0))
|
|
||||||
+ vlog.error("Failed to store server certificate to known hosts database");
|
|
||||||
|
|
||||||
gnutls_x509_crt_deinit(crt);
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
2.16.4
|
|
||||||
|
|
@ -1,234 +0,0 @@
|
|||||||
From f029745f63ac7d22fb91639b2cb5b3ab56134d6e Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Brian P. Hinz" <bphinz@users.sf.net>
|
|
||||||
Date: Tue, 8 Sep 2020 10:13:32 +0200
|
|
||||||
Subject: [PATCH] Properly store certificate exceptions in Java viewer
|
|
||||||
|
|
||||||
Like the native viewer, the Java viewer didn't store certificate
|
|
||||||
exceptions properly. Whilst not as bad as the native viewer, it still
|
|
||||||
failed to check that a stored certificate wouldn't be maliciously used
|
|
||||||
for another server. In practice this can in most cases be used to
|
|
||||||
impersonate another server.
|
|
||||||
|
|
||||||
Handle this like the native viewer by storing exceptions for a specific
|
|
||||||
hostname/certificate combination.
|
|
||||||
---
|
|
||||||
java/com/tigervnc/rfb/CSecurityTLS.java | 164 ++++++++++++++++++++------------
|
|
||||||
1 file changed, 101 insertions(+), 63 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
||||||
index ad6f6fe1..e63945dc 100644
|
|
||||||
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
||||||
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
||||||
@@ -107,12 +107,6 @@ public class CSecurityTLS extends CSecurity {
|
|
||||||
X509CRL.setDefaultStr(getDefaultCRL());
|
|
||||||
}
|
|
||||||
|
|
||||||
-// FIXME:
|
|
||||||
-// Need to shutdown the connection cleanly
|
|
||||||
-
|
|
||||||
-// FIXME?
|
|
||||||
-// add a finalizer method that calls shutdown
|
|
||||||
-
|
|
||||||
public boolean processMsg(CConnection cc) {
|
|
||||||
is = (FdInStream)cc.getInStream();
|
|
||||||
os = (FdOutStream)cc.getOutStream();
|
|
||||||
@@ -269,8 +263,13 @@ public class CSecurityTLS extends CSecurity {
|
|
||||||
{
|
|
||||||
Collection<? extends Certificate> certs = null;
|
|
||||||
X509Certificate cert = chain[0];
|
|
||||||
+ String pk =
|
|
||||||
+ Base64.getEncoder().encodeToString(cert.getPublicKey().getEncoded());
|
|
||||||
try {
|
|
||||||
cert.checkValidity();
|
|
||||||
+ verifyHostname(cert);
|
|
||||||
+ } catch(CertificateParsingException e) {
|
|
||||||
+ throw new SystemException(e.getMessage());
|
|
||||||
} catch(CertificateNotYetValidException e) {
|
|
||||||
throw new AuthFailureException("server certificate has not been activated");
|
|
||||||
} catch(CertificateExpiredException e) {
|
|
||||||
@@ -279,73 +278,111 @@ public class CSecurityTLS extends CSecurity {
|
|
||||||
"do you want to continue?"))
|
|
||||||
throw new AuthFailureException("server certificate has expired");
|
|
||||||
}
|
|
||||||
- String thumbprint = getThumbprint(cert);
|
|
||||||
File vncDir = new File(FileUtils.getVncHomeDir());
|
|
||||||
- File certFile = new File(vncDir, "x509_savedcerts.pem");
|
|
||||||
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
||||||
- if (vncDir.exists() && certFile.exists() && certFile.canRead()) {
|
|
||||||
- InputStream certStream = new MyFileInputStream(certFile);
|
|
||||||
- certs = cf.generateCertificates(certStream);
|
|
||||||
- for (Certificate c : certs)
|
|
||||||
- if (thumbprint.equals(getThumbprint((X509Certificate)c)))
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
+ if (!vncDir.exists())
|
|
||||||
+ throw new AuthFailureException("Could not obtain VNC home directory "+
|
|
||||||
+ "path for known hosts storage");
|
|
||||||
+ File dbPath = new File(vncDir, "x509_known_hosts");
|
|
||||||
+ String info =
|
|
||||||
+ " Subject: "+cert.getSubjectX500Principal().getName()+"\n"+
|
|
||||||
+ " Issuer: "+cert.getIssuerX500Principal().getName()+"\n"+
|
|
||||||
+ " Serial Number: "+cert.getSerialNumber()+"\n"+
|
|
||||||
+ " Version: "+cert.getVersion()+"\n"+
|
|
||||||
+ " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+
|
|
||||||
+ " Not Valid Before: "+cert.getNotBefore()+"\n"+
|
|
||||||
+ " Not Valid After: "+cert.getNotAfter()+"\n"+
|
|
||||||
+ " SHA-1 Fingerprint: "+getThumbprint(cert)+"\n";
|
|
||||||
try {
|
|
||||||
- verifyHostname(cert);
|
|
||||||
+ if (dbPath.exists()) {
|
|
||||||
+ FileReader db = new FileReader(dbPath);
|
|
||||||
+ BufferedReader dbBuf = new BufferedReader(db);
|
|
||||||
+ String line;
|
|
||||||
+ String server = client.getServerName().toLowerCase();
|
|
||||||
+ while ((line = dbBuf.readLine())!=null) {
|
|
||||||
+ String fields[] = line.split("\\|");
|
|
||||||
+ if (fields.length==6) {
|
|
||||||
+ if (server.equals(fields[2]) && pk.equals(fields[5])) {
|
|
||||||
+ vlog.debug("Server certificate found in known hosts file");
|
|
||||||
+ dbBuf.close();
|
|
||||||
+ return;
|
|
||||||
+ } else if (server.equals(fields[2]) && !pk.equals(fields[5]) ||
|
|
||||||
+ !server.equals(fields[2]) && pk.equals(fields[5])) {
|
|
||||||
+ throw new CertStoreException();
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ dbBuf.close();
|
|
||||||
+ }
|
|
||||||
tm.checkServerTrusted(chain, authType);
|
|
||||||
+ } catch (IOException e) {
|
|
||||||
+ throw new AuthFailureException("Could not load known hosts database");
|
|
||||||
+ } catch (CertStoreException e) {
|
|
||||||
+ vlog.debug("Server host key mismatch");
|
|
||||||
+ vlog.debug(info);
|
|
||||||
+ String text =
|
|
||||||
+ "This host is previously known with a different "+
|
|
||||||
+ "certificate, and the new certificate has been "+
|
|
||||||
+ "signed by an unknown authority\n"+
|
|
||||||
+ "\n"+info+"\n"+
|
|
||||||
+ "Someone could be trying to impersonate the site and you should not continue.\n"+
|
|
||||||
+ "\n"+
|
|
||||||
+ "Do you want to make an exception for this server?";
|
|
||||||
+ if (!msg.showMsgBox(YES_NO_OPTION, "Unexpected certificate issuer", text))
|
|
||||||
+ throw new AuthFailureException("Unexpected certificate issuer");
|
|
||||||
+ store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
|
|
||||||
} catch (java.lang.Exception e) {
|
|
||||||
if (e.getCause() instanceof CertPathBuilderException) {
|
|
||||||
- String certinfo =
|
|
||||||
+ vlog.debug("Server host not previously known");
|
|
||||||
+ vlog.debug(info);
|
|
||||||
+ String text =
|
|
||||||
"This certificate has been signed by an unknown authority\n"+
|
|
||||||
+ "\n"+info+"\n"+
|
|
||||||
+ "Someone could be trying to impersonate the site and you should not continue.\n"+
|
|
||||||
"\n"+
|
|
||||||
- " Subject: "+cert.getSubjectX500Principal().getName()+"\n"+
|
|
||||||
- " Issuer: "+cert.getIssuerX500Principal().getName()+"\n"+
|
|
||||||
- " Serial Number: "+cert.getSerialNumber()+"\n"+
|
|
||||||
- " Version: "+cert.getVersion()+"\n"+
|
|
||||||
- " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+
|
|
||||||
- " Not Valid Before: "+cert.getNotBefore()+"\n"+
|
|
||||||
- " Not Valid After: "+cert.getNotAfter()+"\n"+
|
|
||||||
- " SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+
|
|
||||||
- "\n"+
|
|
||||||
- "Do you want to save it and continue?";
|
|
||||||
- if (!msg.showMsgBox(YES_NO_OPTION, "certificate issuer unknown",
|
|
||||||
- certinfo)) {
|
|
||||||
- throw new AuthFailureException("certificate issuer unknown");
|
|
||||||
- }
|
|
||||||
- if (certs == null || !certs.contains(cert)) {
|
|
||||||
- byte[] der = cert.getEncoded();
|
|
||||||
- String pem = Base64.getEncoder().encodeToString(der);
|
|
||||||
- pem = pem.replaceAll("(.{64})", "$1\n");
|
|
||||||
- FileWriter fw = null;
|
|
||||||
- try {
|
|
||||||
- if (!vncDir.exists())
|
|
||||||
- vncDir.mkdir();
|
|
||||||
- if (!certFile.exists() && !certFile.createNewFile()) {
|
|
||||||
- vlog.error("Certificate save failed.");
|
|
||||||
- } else {
|
|
||||||
- fw = new FileWriter(certFile.getAbsolutePath(), true);
|
|
||||||
- fw.write("-----BEGIN CERTIFICATE-----\n");
|
|
||||||
- fw.write(pem+"\n");
|
|
||||||
- fw.write("-----END CERTIFICATE-----\n");
|
|
||||||
- }
|
|
||||||
- } catch (IOException ioe) {
|
|
||||||
- msg.showMsgBox(OK_OPTION, "certificate save failed",
|
|
||||||
- "Could not save the certificate");
|
|
||||||
- } finally {
|
|
||||||
- try {
|
|
||||||
- if (fw != null)
|
|
||||||
- fw.close();
|
|
||||||
- } catch(IOException ioe2) {
|
|
||||||
- throw new Exception(ioe2.getMessage());
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
+ "Do you want to make an exception for this server?";
|
|
||||||
+ if (!msg.showMsgBox(YES_NO_OPTION, "Unknown certificate issuer", text))
|
|
||||||
+ throw new AuthFailureException("Unknown certificate issuer");
|
|
||||||
+ store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
|
|
||||||
} else {
|
|
||||||
throw new SystemException(e.getMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ private void store_pubkey(File dbPath, String serverName, String pk)
|
|
||||||
+ {
|
|
||||||
+ ArrayList<String> lines = new ArrayList<String>();
|
|
||||||
+ File vncDir = new File(FileUtils.getVncHomeDir());
|
|
||||||
+ try {
|
|
||||||
+ if (dbPath.exists()) {
|
|
||||||
+ FileReader db = new FileReader(dbPath);
|
|
||||||
+ BufferedReader dbBuf = new BufferedReader(db);
|
|
||||||
+ String line;
|
|
||||||
+ while ((line = dbBuf.readLine())!=null) {
|
|
||||||
+ String fields[] = line.split("\\|");
|
|
||||||
+ if (fields.length==6)
|
|
||||||
+ if (!serverName.equals(fields[2]) && !pk.equals(fields[5]))
|
|
||||||
+ lines.add(line);
|
|
||||||
+ }
|
|
||||||
+ dbBuf.close();
|
|
||||||
+ }
|
|
||||||
+ } catch (IOException e) {
|
|
||||||
+ throw new AuthFailureException("Could not load known hosts database");
|
|
||||||
+ }
|
|
||||||
+ try {
|
|
||||||
+ if (!dbPath.exists())
|
|
||||||
+ dbPath.createNewFile();
|
|
||||||
+ FileWriter fw = new FileWriter(dbPath.getAbsolutePath(), false);
|
|
||||||
+ Iterator i = lines.iterator();
|
|
||||||
+ while (i.hasNext())
|
|
||||||
+ fw.write((String)i.next()+"\n");
|
|
||||||
+ fw.write("|g0|"+serverName+"|*|0|"+pk+"\n");
|
|
||||||
+ fw.close();
|
|
||||||
+ } catch (IOException e) {
|
|
||||||
+ vlog.error("Failed to store server certificate to known hosts database");
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
public X509Certificate[] getAcceptedIssuers ()
|
|
||||||
{
|
|
||||||
return tm.getAcceptedIssuers();
|
|
||||||
@@ -399,12 +436,13 @@ public class CSecurityTLS extends CSecurity {
|
|
||||||
}
|
|
||||||
Object[] answer = {"YES", "NO"};
|
|
||||||
int ret = JOptionPane.showOptionDialog(null,
|
|
||||||
- "Hostname verification failed. Do you want to continue?",
|
|
||||||
- "Hostname Verification Failure",
|
|
||||||
+ "Hostname ("+client.getServerName()+") does not match the"+
|
|
||||||
+ " server certificate, do you want to continue?",
|
|
||||||
+ "Certificate hostname mismatch",
|
|
||||||
JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
|
|
||||||
null, answer, answer[0]);
|
|
||||||
if (ret != JOptionPane.YES_OPTION)
|
|
||||||
- throw new WarningException("Hostname verification failed.");
|
|
||||||
+ throw new WarningException("Certificate hostname mismatch.");
|
|
||||||
} catch (CertificateParsingException e) {
|
|
||||||
throw new SystemException(e.getMessage());
|
|
||||||
} catch (InvalidNameException e) {
|
|
||||||
--
|
|
||||||
2.16.4
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From 9f83180219380c690fb743182308bc2d534b8b1b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dominique Martinet <asmadeus@codewreck.org>
|
|
||||||
Date: Sun, 8 Jul 2018 02:15:43 +0900
|
|
||||||
Subject: [PATCH] viewer: reset ctrl / alt to menu state on focus
|
|
||||||
|
|
||||||
Setting Ctrl or Alt key on menu only sends the key press, and the
|
|
||||||
state is lost when focus is lost and recovered.
|
|
||||||
This checks the menu variable and sends the keys again if needed.
|
|
||||||
---
|
|
||||||
vncviewer/Viewport.cxx | 6 ++++++
|
|
||||||
1 file changed, 6 insertions(+)
|
|
||||||
|
|
||||||
Index: b/vncviewer/Viewport.cxx
|
|
||||||
===================================================================
|
|
||||||
--- a/vncviewer/Viewport.cxx
|
|
||||||
+++ b/vncviewer/Viewport.cxx
|
|
||||||
@@ -655,6 +655,12 @@ int Viewport::handle(int event)
|
|
||||||
if (menuAltKey)
|
|
||||||
handleKeyPress(0x38, XK_Alt_L);
|
|
||||||
|
|
||||||
+ // Resend Ctrl/Alt if needed
|
|
||||||
+ if (menuCtrlKey)
|
|
||||||
+ handleKeyPress(0x1d, XK_Control_L);
|
|
||||||
+ if (menuAltKey)
|
|
||||||
+ handleKeyPress(0x38, XK_Alt_L);
|
|
||||||
+
|
|
||||||
// Yes, we would like some focus please!
|
|
||||||
return 1;
|
|
||||||
|
|
@ -10,8 +10,8 @@ Index: tigervnc-1.9.0/vncviewer/vncviewer.desktop.in.in
|
|||||||
Name=TigerVNC Viewer
|
Name=TigerVNC Viewer
|
||||||
GenericName=Remote Desktop Viewer
|
GenericName=Remote Desktop Viewer
|
||||||
Comment=Connect to VNC server and display remote desktop
|
Comment=Connect to VNC server and display remote desktop
|
||||||
-Exec=@BIN_DIR@/vncviewer
|
-Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer
|
||||||
+Exec=@BIN_DIR@/vncviewer-tigervnc
|
+Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer-tigervnc
|
||||||
Icon=tigervnc
|
Icon=tigervnc
|
||||||
Terminal=false
|
Terminal=false
|
||||||
Type=Application
|
Type=Application
|
||||||
|
@ -1,48 +1,48 @@
|
|||||||
Index: b/unix/xserver/hw/vnc/buildtime.c
|
Index: tigervnc-1.12.0/unix/xserver/hw/vnc/buildtime.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/unix/xserver/hw/vnc/buildtime.c
|
--- tigervnc-1.12.0.orig/unix/xserver/hw/vnc/buildtime.c
|
||||||
+++ b/unix/xserver/hw/vnc/buildtime.c
|
+++ tigervnc-1.12.0/unix/xserver/hw/vnc/buildtime.c
|
||||||
@@ -15,4 +15,4 @@
|
@@ -15,4 +15,4 @@
|
||||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||||
* USA.
|
* USA.
|
||||||
*/
|
*/
|
||||||
-char buildtime[] = __DATE__ " " __TIME__;
|
-char buildtime[] = __DATE__ " " __TIME__;
|
||||||
+char buildtime[] = "??? ?? ???? ??:??:??";
|
+char buildtime[] = "??? ?? ???? ??:??:??";
|
||||||
Index: b/unix/vncconfig/buildtime.c
|
Index: tigervnc-1.12.0/unix/vncconfig/buildtime.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/unix/vncconfig/buildtime.c
|
--- tigervnc-1.12.0.orig/unix/vncconfig/buildtime.c
|
||||||
+++ b/unix/vncconfig/buildtime.c
|
+++ tigervnc-1.12.0/unix/vncconfig/buildtime.c
|
||||||
@@ -15,4 +15,4 @@
|
@@ -15,4 +15,4 @@
|
||||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||||
* USA.
|
* USA.
|
||||||
*/
|
*/
|
||||||
-char buildtime[] = __DATE__ " " __TIME__;
|
-char buildtime[] = __DATE__ " " __TIME__;
|
||||||
+char buildtime[] = "??? ?? ???? ??:??:??";
|
+char buildtime[] = "??? ?? ???? ??:??:??";
|
||||||
Index: b/unix/x0vncserver/buildtime.c
|
Index: tigervnc-1.12.0/unix/x0vncserver/buildtime.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/unix/x0vncserver/buildtime.c
|
--- tigervnc-1.12.0.orig/unix/x0vncserver/buildtime.c
|
||||||
+++ b/unix/x0vncserver/buildtime.c
|
+++ tigervnc-1.12.0/unix/x0vncserver/buildtime.c
|
||||||
@@ -15,4 +15,4 @@
|
@@ -15,4 +15,4 @@
|
||||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||||
* USA.
|
* USA.
|
||||||
*/
|
*/
|
||||||
-char buildtime[] = __DATE__ " " __TIME__;
|
-char buildtime[] = __DATE__ " " __TIME__;
|
||||||
+char buildtime[] = "??? ?? ???? ??:??:??";
|
+char buildtime[] = "??? ?? ???? ??:??:??";
|
||||||
Index: b/win/winvnc/buildTime.cxx
|
Index: tigervnc-1.12.0/win/winvnc/buildTime.cxx
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/win/winvnc/buildTime.cxx
|
--- tigervnc-1.12.0.orig/win/winvnc/buildTime.cxx
|
||||||
+++ b/win/winvnc/buildTime.cxx
|
+++ tigervnc-1.12.0/win/winvnc/buildTime.cxx
|
||||||
@@ -15,4 +15,4 @@
|
@@ -15,4 +15,4 @@
|
||||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||||
* USA.
|
* USA.
|
||||||
*/
|
*/
|
||||||
-const char* buildTime = "Built on " __DATE__ " at " __TIME__;
|
-const char* buildTime = "Built on " __DATE__ " at " __TIME__;
|
||||||
+const char* buildTime = "Built on ??? ?? ???? at ??:??:??";
|
+const char* buildTime = "Built on ??? ?? ???? at ??:??:??";
|
||||||
Index: b/CMakeLists.txt
|
Index: tigervnc-1.12.0/CMakeLists.txt
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/CMakeLists.txt
|
--- tigervnc-1.12.0.orig/CMakeLists.txt
|
||||||
+++ b/CMakeLists.txt
|
+++ tigervnc-1.12.0/CMakeLists.txt
|
||||||
@@ -42,10 +42,6 @@ if(MSVC)
|
@@ -44,10 +44,6 @@ if(MSVC)
|
||||||
message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW")
|
message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW")
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
@ -53,11 +53,11 @@ Index: b/CMakeLists.txt
|
|||||||
# Default to optimised builds instead of debug ones. Our code has no bugs ;)
|
# Default to optimised builds instead of debug ones. Our code has no bugs ;)
|
||||||
# (CMake makes it fairly easy to toggle this back to Debug if needed)
|
# (CMake makes it fairly easy to toggle this back to Debug if needed)
|
||||||
if(NOT CMAKE_BUILD_TYPE)
|
if(NOT CMAKE_BUILD_TYPE)
|
||||||
Index: b/vncviewer/vncviewer.cxx
|
Index: tigervnc-1.12.0/vncviewer/vncviewer.cxx
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/vncviewer/vncviewer.cxx
|
--- tigervnc-1.12.0.orig/vncviewer/vncviewer.cxx
|
||||||
+++ b/vncviewer/vncviewer.cxx
|
+++ tigervnc-1.12.0/vncviewer/vncviewer.cxx
|
||||||
@@ -98,11 +98,9 @@ static const char *about_text()
|
@@ -104,11 +104,9 @@ static const char *about_text()
|
||||||
// time.
|
// time.
|
||||||
snprintf(buffer, sizeof(buffer),
|
snprintf(buffer, sizeof(buffer),
|
||||||
_("TigerVNC Viewer %d-bit v%s\n"
|
_("TigerVNC Viewer %d-bit v%s\n"
|
||||||
@ -65,8 +65,8 @@ Index: b/vncviewer/vncviewer.cxx
|
|||||||
"Copyright (C) 1999-%d TigerVNC Team and many others (see README.rst)\n"
|
"Copyright (C) 1999-%d TigerVNC Team and many others (see README.rst)\n"
|
||||||
"See https://www.tigervnc.org for information on TigerVNC."),
|
"See https://www.tigervnc.org for information on TigerVNC."),
|
||||||
- (int)sizeof(size_t)*8, PACKAGE_VERSION,
|
- (int)sizeof(size_t)*8, PACKAGE_VERSION,
|
||||||
- BUILD_TIMESTAMP, 2019);
|
- BUILD_TIMESTAMP, 2021);
|
||||||
+ (int)sizeof(size_t)*8, PACKAGE_VERSION, 2019);
|
+ (int)sizeof(size_t)*8, PACKAGE_VERSION, 2021);
|
||||||
|
|
||||||
return buffer;
|
return buffer;
|
||||||
}
|
}
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
Index: tigervnc-1.10.1/common/rfb/Security.cxx
|
Index: tigervnc-1.12.0/common/rfb/Security.cxx
|
||||||
===================================================================
|
===================================================================
|
||||||
--- tigervnc-1.10.1.orig/common/rfb/Security.cxx
|
--- tigervnc-1.12.0.orig/common/rfb/Security.cxx
|
||||||
+++ tigervnc-1.10.1/common/rfb/Security.cxx
|
+++ tigervnc-1.12.0/common/rfb/Security.cxx
|
||||||
@@ -52,7 +52,7 @@ static LogWriter vlog("Security");
|
@@ -52,7 +52,7 @@ static LogWriter vlog("Security");
|
||||||
#ifdef HAVE_GNUTLS
|
#ifdef HAVE_GNUTLS
|
||||||
StringParameter Security::GnuTLSPriority("GnuTLSPriority",
|
StringParameter Security::GnuTLSPriority("GnuTLSPriority",
|
||||||
"GnuTLS priority string that controls the TLS session’s handshake algorithms",
|
"GnuTLS priority string that controls the TLS session’s handshake algorithms",
|
||||||
- "NORMAL");
|
- "");
|
||||||
+ "@SYSTEM");
|
+ "@SYSTEM");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
11
n_vncserver.patch
Normal file
11
n_vncserver.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- unix/vncserver/vncserver.in.orig 2022-02-17 15:06:23.333514000 +0100
|
||||||
|
+++ unix/vncserver/vncserver.in 2022-02-17 15:07:43.597755000 +0100
|
||||||
|
@@ -437,7 +437,7 @@
|
||||||
|
die "$prog: couldn't find \"$cmd\" on your PATH.\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
|
||||||
|
+ foreach $cmd ("/usr/etc/X11/xdm/Xsession", "/etc/X11/xdm/Xsession", "/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
|
||||||
|
if (-x "$cmd") {
|
||||||
|
$Xsession = $cmd;
|
||||||
|
last;
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:19fcc80d7d35dd58115262e53cac87d8903180261d94c2a6b0c19224f50b58c4
|
|
||||||
size 1408105
|
|
3
tigervnc-1.12.0.tar.gz
Normal file
3
tigervnc-1.12.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
|
||||||
|
size 1561898
|
@ -1,129 +0,0 @@
|
|||||||
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
|
|
||||||
index d5ef47e..2ba787e 100644
|
|
||||||
--- a/common/rfb/SSecurityTLS.cxx
|
|
||||||
+++ b/common/rfb/SSecurityTLS.cxx
|
|
||||||
@@ -37,7 +37,23 @@
|
|
||||||
#include <rdr/TLSOutStream.h>
|
|
||||||
#include <gnutls/x509.h>
|
|
||||||
|
|
||||||
-#define DH_BITS 1024 /* XXX This should be configurable! */
|
|
||||||
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
|
|
||||||
+/* FFDHE (RFC-7919) 2048-bit parameters, PEM-encoded */
|
|
||||||
+static unsigned char ffdhe2048[] =
|
|
||||||
+ "-----BEGIN DH PARAMETERS-----\n"
|
|
||||||
+ "MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
|
|
||||||
+ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
|
|
||||||
+ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
|
|
||||||
+ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
|
|
||||||
+ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
|
|
||||||
+ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICAOE=\n"
|
|
||||||
+ "-----END DH PARAMETERS-----\n";
|
|
||||||
+
|
|
||||||
+static const gnutls_datum_t pkcs3_param = {
|
|
||||||
+ ffdhe2048,
|
|
||||||
+ sizeof(ffdhe2048)
|
|
||||||
+};
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
using namespace rfb;
|
|
||||||
|
|
||||||
@@ -50,15 +66,20 @@ StringParameter SSecurityTLS::X509_KeyFile
|
|
||||||
static LogWriter vlog("TLS");
|
|
||||||
|
|
||||||
SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
|
|
||||||
- : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL),
|
|
||||||
+ : SSecurity(sc), session(NULL), anon_cred(NULL),
|
|
||||||
cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL),
|
|
||||||
rawis(NULL), rawos(NULL)
|
|
||||||
{
|
|
||||||
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
|
|
||||||
+ dh_params = NULL;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
certfile = X509_CertFile.getData();
|
|
||||||
keyfile = X509_KeyFile.getData();
|
|
||||||
|
|
||||||
if (gnutls_global_init() != GNUTLS_E_SUCCESS)
|
|
||||||
throw AuthFailureException("gnutls_global_init failed");
|
|
||||||
+
|
|
||||||
}
|
|
||||||
|
|
||||||
void SSecurityTLS::shutdown()
|
|
||||||
@@ -70,10 +91,12 @@ void SSecurityTLS::shutdown()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
|
|
||||||
if (dh_params) {
|
|
||||||
gnutls_dh_params_deinit(dh_params);
|
|
||||||
dh_params = 0;
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (anon_cred) {
|
|
||||||
gnutls_anon_free_server_credentials(anon_cred);
|
|
||||||
@@ -198,17 +221,21 @@ void SSecurityTLS::setParams(gnutls_session_t session)
|
|
||||||
throw AuthFailureException("gnutls_set_priority_direct failed");
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
|
|
||||||
if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
|
|
||||||
throw AuthFailureException("gnutls_dh_params_init failed");
|
|
||||||
|
|
||||||
- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
|
|
||||||
- throw AuthFailureException("gnutls_dh_params_generate2 failed");
|
|
||||||
+ if (gnutls_dh_params_import_pkcs3(dh_params, &pkcs3_param, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
|
|
||||||
+ throw AuthFailureException("gnutls_dh_params_import_pkcs3 failed");
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (anon) {
|
|
||||||
if (gnutls_anon_allocate_server_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
|
|
||||||
throw AuthFailureException("gnutls_anon_allocate_server_credentials failed");
|
|
||||||
|
|
||||||
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
|
|
||||||
gnutls_anon_set_server_dh_params(anon_cred, dh_params);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred)
|
|
||||||
!= GNUTLS_E_SUCCESS)
|
|
||||||
@@ -220,7 +247,9 @@ void SSecurityTLS::setParams(gnutls_session_t session)
|
|
||||||
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
|
|
||||||
throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
|
|
||||||
|
|
||||||
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
|
|
||||||
gnutls_certificate_set_dh_params(cert_cred, dh_params);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) {
|
|
||||||
case GNUTLS_E_SUCCESS:
|
|
||||||
diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
|
|
||||||
index 6f71182..4bddae3 100644
|
|
||||||
--- a/common/rfb/SSecurityTLS.h
|
|
||||||
+++ b/common/rfb/SSecurityTLS.h
|
|
||||||
@@ -36,6 +36,14 @@
|
|
||||||
#include <rdr/OutStream.h>
|
|
||||||
#include <gnutls/gnutls.h>
|
|
||||||
|
|
||||||
+
|
|
||||||
+/* In GnuTLS 3.6.0 DH parameter generation was deprecated. RFC7919 is used instead.
|
|
||||||
+ * GnuTLS before 3.6.0 doesn't know about RFC7919 so we will have to import it.
|
|
||||||
+ */
|
|
||||||
+#if GNUTLS_VERSION_NUMBER < 0x030600
|
|
||||||
+#define SSECURITYTLS__USE_DEPRECATED_DH
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
namespace rfb {
|
|
||||||
|
|
||||||
class SSecurityTLS : public SSecurity {
|
|
||||||
@@ -54,8 +62,11 @@ namespace rfb {
|
|
||||||
void setParams(gnutls_session_t session);
|
|
||||||
|
|
||||||
private:
|
|
||||||
+ bool isUsingDeprecatedDH;
|
|
||||||
gnutls_session_t session;
|
|
||||||
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
|
|
||||||
gnutls_dh_params_t dh_params;
|
|
||||||
+#endif
|
|
||||||
gnutls_anon_server_credentials_t anon_cred;
|
|
||||||
gnutls_certificate_credentials_t cert_cred;
|
|
||||||
char *keyfile, *certfile;
|
|
@ -1,21 +1,21 @@
|
|||||||
Index: b/vncviewer/DesktopWindow.cxx
|
Index: tigervnc-1.12.0/vncviewer/DesktopWindow.cxx
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/vncviewer/DesktopWindow.cxx
|
--- tigervnc-1.12.0.orig/vncviewer/DesktopWindow.cxx
|
||||||
+++ b/vncviewer/DesktopWindow.cxx
|
+++ tigervnc-1.12.0/vncviewer/DesktopWindow.cxx
|
||||||
@@ -207,6 +207,8 @@ DesktopWindow::~DesktopWindow()
|
@@ -236,6 +236,8 @@ DesktopWindow::~DesktopWindow()
|
||||||
|
|
||||||
delete statsGraph;
|
delete statsGraph;
|
||||||
|
|
||||||
+ delete viewport;
|
+ delete viewport;
|
||||||
+
|
+
|
||||||
// FLTK automatically deletes all child widgets, so we shouldn't touch
|
instances.erase(this);
|
||||||
// them ourselves here
|
|
||||||
}
|
if (instances.size() == 0)
|
||||||
Index: b/vncviewer/Viewport.cxx
|
Index: tigervnc-1.12.0/vncviewer/Viewport.cxx
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/vncviewer/Viewport.cxx
|
--- tigervnc-1.12.0.orig/vncviewer/Viewport.cxx
|
||||||
+++ b/vncviewer/Viewport.cxx
|
+++ tigervnc-1.12.0/vncviewer/Viewport.cxx
|
||||||
@@ -189,6 +189,18 @@ Viewport::Viewport(int w, int h, const r
|
@@ -192,6 +192,18 @@ Viewport::Viewport(int w, int h, const r
|
||||||
|
|
||||||
Viewport::~Viewport()
|
Viewport::~Viewport()
|
||||||
{
|
{
|
||||||
@ -34,20 +34,28 @@ Index: b/vncviewer/Viewport.cxx
|
|||||||
// Unregister all timeouts in case they get a change tro trigger
|
// Unregister all timeouts in case they get a change tro trigger
|
||||||
// again later when this object is already gone.
|
// again later when this object is already gone.
|
||||||
Fl::remove_timeout(handlePointerTimeout, this);
|
Fl::remove_timeout(handlePointerTimeout, this);
|
||||||
Index: b/vncviewer/vncviewer.cxx
|
Index: tigervnc-1.12.0/vncviewer/vncviewer.cxx
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/vncviewer/vncviewer.cxx
|
--- tigervnc-1.12.0.orig/vncviewer/vncviewer.cxx
|
||||||
+++ b/vncviewer/vncviewer.cxx
|
+++ tigervnc-1.12.0/vncviewer/vncviewer.cxx
|
||||||
@@ -107,6 +107,8 @@ static const char *about_text()
|
@@ -113,6 +113,7 @@ static const char *about_text()
|
||||||
return buffer;
|
return buffer;
|
||||||
}
|
}
|
||||||
|
|
||||||
+static CConn *cc;
|
+static CConn *cc;
|
||||||
+
|
|
||||||
void exit_vncviewer(const char *error)
|
void abort_vncviewer(const char *error, ...)
|
||||||
{
|
{
|
||||||
// Prioritise the first error we get as that is probably the most
|
@@ -176,8 +177,6 @@ void about_vncviewer()
|
||||||
@@ -177,6 +179,16 @@ static void CleanupSignalHandler(int sig
|
static void mainloop(const char* vncserver, network::Socket* sock)
|
||||||
|
{
|
||||||
|
while (true) {
|
||||||
|
- CConn *cc;
|
||||||
|
-
|
||||||
|
exitMainloop = false;
|
||||||
|
|
||||||
|
cc = new CConn(vncServerName, sock);
|
||||||
|
@@ -262,6 +261,16 @@ static void CleanupSignalHandler(int sig
|
||||||
// CleanupSignalHandler allows C++ object cleanup to happen because it calls
|
// CleanupSignalHandler allows C++ object cleanup to happen because it calls
|
||||||
// exit() rather than the default which is to abort.
|
// exit() rather than the default which is to abort.
|
||||||
vlog.info(_("Termination signal %d has been received. TigerVNC Viewer will now exit."), sig);
|
vlog.info(_("Termination signal %d has been received. TigerVNC Viewer will now exit."), sig);
|
||||||
@ -64,22 +72,13 @@ Index: b/vncviewer/vncviewer.cxx
|
|||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -587,6 +599,9 @@ int main(int argc, char** argv)
|
@@ -744,6 +753,9 @@ int main(int argc, char** argv)
|
||||||
XkbSetDetectableAutoRepeat(fl_display, True, NULL);
|
XkbSetDetectableAutoRepeat(fl_display, True, NULL);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
+ fl_open_display();
|
+ fl_open_display();
|
||||||
+ XSetIOErrorHandler(CleanupXIOErrorHandler);
|
+ XSetIOErrorHandler(CleanupXIOErrorHandler);
|
||||||
+
|
+
|
||||||
CSecurity::upg = &dlg;
|
init_fltk();
|
||||||
#ifdef HAVE_GNUTLS
|
enable_touch();
|
||||||
CSecurityTLS::msg = &dlg;
|
|
||||||
@@ -672,7 +687,7 @@ int main(int argc, char** argv)
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
- CConn *cc = new CConn(vncServerName, sock);
|
|
||||||
+ cc = new CConn(vncServerName, sock);
|
|
||||||
|
|
||||||
while (!exitMainloop)
|
|
||||||
run_mainloop();
|
|
||||||
|
@ -1,60 +0,0 @@
|
|||||||
From dbad687182ae9093efaf096a069eeafc18b22973 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pierre Ossman <ossman@cendio.se>
|
|
||||||
Date: Mon, 30 Dec 2019 10:24:11 +0100
|
|
||||||
Subject: [PATCH 1/2] Fix saving of bad server certificates
|
|
||||||
|
|
||||||
This check is completely backwards and it is currently unknown how
|
|
||||||
this ever worked.
|
|
||||||
---
|
|
||||||
common/rfb/CSecurityTLS.cxx | 5 +++--
|
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
|
|
||||||
index aa1910909..c1a00212a 100644
|
|
||||||
--- a/common/rfb/CSecurityTLS.cxx
|
|
||||||
+++ b/common/rfb/CSecurityTLS.cxx
|
|
||||||
@@ -416,8 +416,9 @@ void CSecurityTLS::checkSession()
|
|
||||||
delete [] certinfo;
|
|
||||||
|
|
||||||
if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size)
|
|
||||||
- == GNUTLS_E_SHORT_MEMORY_BUFFER)
|
|
||||||
- throw AuthFailureException("Out of memory");
|
|
||||||
+ != GNUTLS_E_SHORT_MEMORY_BUFFER)
|
|
||||||
+ throw AuthFailureException("certificate issuer unknown, and certificate "
|
|
||||||
+ "export failed");
|
|
||||||
|
|
||||||
// Save cert
|
|
||||||
out_buf = new char[out_size];
|
|
||||||
|
|
||||||
From 6208f47dcbf68ff1e751b0b526bb643f0da867a6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pierre Ossman <ossman@cendio.se>
|
|
||||||
Date: Mon, 30 Dec 2019 10:26:12 +0100
|
|
||||||
Subject: [PATCH 2/2] Remove unneeded memory checks
|
|
||||||
|
|
||||||
new throws an exception on allocation errors rather than return NULL.
|
|
||||||
---
|
|
||||||
common/rfb/CSecurityTLS.cxx | 4 ----
|
|
||||||
1 file changed, 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
|
|
||||||
index c1a00212a..5c303a37c 100644
|
|
||||||
--- a/common/rfb/CSecurityTLS.cxx
|
|
||||||
+++ b/common/rfb/CSecurityTLS.cxx
|
|
||||||
@@ -396,8 +396,6 @@ void CSecurityTLS::checkSession()
|
|
||||||
vlog.debug("%s", info.data);
|
|
||||||
|
|
||||||
certinfo = new char[len];
|
|
||||||
- if (certinfo == NULL)
|
|
||||||
- throw AuthFailureException("Out of memory");
|
|
||||||
|
|
||||||
snprintf(certinfo, len, "This certificate has been signed by an unknown "
|
|
||||||
"authority:\n\n%s\n\nDo you want to save it and "
|
|
||||||
@@ -422,8 +420,6 @@ void CSecurityTLS::checkSession()
|
|
||||||
|
|
||||||
// Save cert
|
|
||||||
out_buf = new char[out_size];
|
|
||||||
- if (out_buf == NULL)
|
|
||||||
- throw AuthFailureException("Out of memory");
|
|
||||||
|
|
||||||
if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0)
|
|
||||||
throw AuthFailureException("certificate issuer unknown, and certificate "
|
|
@ -1,13 +1,13 @@
|
|||||||
Index: b/vncviewer/CConn.cxx
|
Index: tigervnc-1.12.0/vncviewer/CConn.cxx
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/vncviewer/CConn.cxx
|
--- tigervnc-1.12.0.orig/vncviewer/CConn.cxx
|
||||||
+++ b/vncviewer/CConn.cxx
|
+++ tigervnc-1.12.0/vncviewer/CConn.cxx
|
||||||
@@ -388,6 +388,8 @@ void CConn::dataRect(const Rect& r, int
|
@@ -416,6 +416,8 @@ bool CConn::dataRect(const Rect& r, int
|
||||||
|
|
||||||
if (encoding != encodingCopyRect)
|
if (encoding != encodingCopyRect)
|
||||||
lastServerEncoding = encoding;
|
lastServerEncoding = encoding;
|
||||||
+ if (encoding == pseudoEncodingDesktopSize)
|
+ if (encoding == pseudoEncodingDesktopSize)
|
||||||
+ setDesktopSize( r.width(), r.height() );
|
+ setDesktopSize( r.width(), r.height() );
|
||||||
|
|
||||||
CConnection::dataRect(r, encoding);
|
ret = CConnection::dataRect(r, encoding);
|
||||||
|
|
||||||
|
@ -1,3 +1,59 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 17 14:14:13 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>
|
||||||
|
|
||||||
|
- n_vncserver.patch
|
||||||
|
* fix location of Xsession script
|
||||||
|
- vncserver usage has radically changed; please check this:
|
||||||
|
https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/HOWTO.md
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 17 09:22:52 UTC 2022 - Joan Torres <joan.torres@suse.com>
|
||||||
|
|
||||||
|
- Update to tigervnc 1.12.0
|
||||||
|
* The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed
|
||||||
|
* Recent server history in the native viewer
|
||||||
|
* The native viewer now has an option to reconnect if the connection is dropped
|
||||||
|
* Translations are now enabled on Windows and macOS for the native viewer
|
||||||
|
* The native viewer now respects the system security policy
|
||||||
|
* Better handling of accented keys in the Java viewer
|
||||||
|
* The Unix servers can now listen to both a Unix socket and a TCP port at the same time
|
||||||
|
* The network code in both the servers and the native viewer has been restructured to give a more responsive experience
|
||||||
|
* The vncserver service now correctly handles settings set to "0"
|
||||||
|
* Fixed the clipboard Unicode handling in both the native viewer and the servers
|
||||||
|
* Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games
|
||||||
|
- Update to tigervnc 1.11.0
|
||||||
|
* A security issue has been fixed in how the viewers handle TLS certificate exceptions
|
||||||
|
* vncserver has gotten a major redesign to be compatible with modern distributions
|
||||||
|
* The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel)
|
||||||
|
* Middle mouse button emulation in the native viewer, for devices with only two mouse buttons
|
||||||
|
* The Java viewer now supports Java 9+, but also now requires Java 8+
|
||||||
|
* Support for alpha cursors in the Java viewer (a feature already supported in the native viewer)
|
||||||
|
* The password and username can now be specified via the environment for the native viewer
|
||||||
|
* Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16
|
||||||
|
* The official builds have been fixed to work on the upcoming macOS 11
|
||||||
|
* The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy
|
||||||
|
- Removed patches (included in 1.12.0):
|
||||||
|
* U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
|
||||||
|
* tigervnc-fix-saving-of-bad-server-certs.patch
|
||||||
|
* u_xorg-server-1.20.7-ddxInputThreadInit.patch
|
||||||
|
* U_0001-Properly-store-certificate-exceptions.patch
|
||||||
|
* U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
|
||||||
|
* tigervnc-FIPS-use-RFC7919.patch
|
||||||
|
* u_Fix-non-functional-MaxDisconnectionTime.patch
|
||||||
|
- Removed patches (no longer needed):
|
||||||
|
* u_tigervnc-cve-2014-8240.patch (https://github.com/TigerVNC/tigervnc/pull/1258)
|
||||||
|
* u_tigervnc_update_default_vncxstartup.patch
|
||||||
|
- Refreshed patches:
|
||||||
|
* n_correct_path_in_desktop_file.patch
|
||||||
|
* n_tigervnc-date-time.patch
|
||||||
|
* n_utilize-system-crypto-policies.patch
|
||||||
|
* tigervnc-clean-pressed-key-on-exit.patch
|
||||||
|
* tigervnc-newfbsize.patch
|
||||||
|
* u_build_libXvnc_as_separate_library.patch
|
||||||
|
* u_change-button-layout-in-ServerDialog.patch
|
||||||
|
* u_tigervnc-add-autoaccept-parameter.patch
|
||||||
|
* u_tigervnc-211.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 10 12:17:07 UTC 2022 - Joan Torres <joan.torres@suse.com>
|
Thu Feb 10 12:17:07 UTC 2022 - Joan Torres <joan.torres@suse.com>
|
||||||
|
|
||||||
|
@ -22,8 +22,6 @@
|
|||||||
%define tlskey %{_sysconfdir}/vnc/tls.key
|
%define tlskey %{_sysconfdir}/vnc/tls.key
|
||||||
%define tlscert %{_sysconfdir}/vnc/tls.cert
|
%define tlscert %{_sysconfdir}/vnc/tls.cert
|
||||||
|
|
||||||
%define _unitdir %{_prefix}/lib/systemd/system
|
|
||||||
|
|
||||||
%if 0%{?suse_version} >= 1500
|
%if 0%{?suse_version} >= 1500
|
||||||
%define use_firewalld 1
|
%define use_firewalld 1
|
||||||
%else
|
%else
|
||||||
@ -35,7 +33,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: tigervnc
|
Name: tigervnc
|
||||||
Version: 1.10.1
|
Version: 1.12.0
|
||||||
Release: 0
|
Release: 0
|
||||||
URL: http://tigervnc.org/
|
URL: http://tigervnc.org/
|
||||||
Summary: An implementation of VNC
|
Summary: An implementation of VNC
|
||||||
@ -63,24 +61,16 @@ Patch1: tigervnc-newfbsize.patch
|
|||||||
Patch2: tigervnc-clean-pressed-key-on-exit.patch
|
Patch2: tigervnc-clean-pressed-key-on-exit.patch
|
||||||
Patch3: u_tigervnc-ignore-epipe-on-write.patch
|
Patch3: u_tigervnc-ignore-epipe-on-write.patch
|
||||||
Patch4: n_tigervnc-date-time.patch
|
Patch4: n_tigervnc-date-time.patch
|
||||||
Patch5: u_tigervnc-cve-2014-8240.patch
|
Patch5: u_build_libXvnc_as_separate_library.patch
|
||||||
Patch6: u_tigervnc_update_default_vncxstartup.patch
|
Patch6: u_tigervnc-add-autoaccept-parameter.patch
|
||||||
Patch7: u_build_libXvnc_as_separate_library.patch
|
Patch7: u_change-button-layout-in-ServerDialog.patch
|
||||||
Patch8: u_tigervnc-add-autoaccept-parameter.patch
|
Patch8: n_correct_path_in_desktop_file.patch
|
||||||
Patch9: u_change-button-layout-in-ServerDialog.patch
|
Patch9: n_utilize-system-crypto-policies.patch
|
||||||
Patch10: n_correct_path_in_desktop_file.patch
|
Patch10: u_tigervnc-211.patch
|
||||||
Patch11: U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
|
Patch11: xserver211.patch
|
||||||
Patch12: tigervnc-fix-saving-of-bad-server-certs.patch
|
Patch12: n_vncserver.patch
|
||||||
Patch13: u_xorg-server-1.20.7-ddxInputThreadInit.patch
|
Provides: tightvnc = 1.5.0
|
||||||
Patch21: U_0001-Properly-store-certificate-exceptions.patch
|
Obsoletes: tightvnc < 1.5.0
|
||||||
Patch22: U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
|
|
||||||
Patch23: n_utilize-system-crypto-policies.patch
|
|
||||||
Patch24: tigervnc-FIPS-use-RFC7919.patch
|
|
||||||
Patch25: u_tigervnc-211.patch
|
|
||||||
Patch26: u_Fix-non-functional-MaxDisconnectionTime.patch
|
|
||||||
Patch27: xserver211.patch
|
|
||||||
Provides: tightvnc = 1.3.9
|
|
||||||
Obsoletes: tightvnc < 1.3.9
|
|
||||||
Provides: vnc
|
Provides: vnc
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -185,9 +175,9 @@ Requires: /bin/hostname
|
|||||||
%ifnarch s390 s390x
|
%ifnarch s390 s390x
|
||||||
Recommends: xorg-x11-Xvnc-module
|
Recommends: xorg-x11-Xvnc-module
|
||||||
%endif
|
%endif
|
||||||
Provides: tightvnc = 1.3.9
|
Provides: tightvnc = 1.5.0
|
||||||
|
Obsoletes: tightvnc < 1.5.0
|
||||||
Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh
|
Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh
|
||||||
Obsoletes: tightvnc < 1.3.9
|
|
||||||
|
|
||||||
%description -n xorg-x11-Xvnc
|
%description -n xorg-x11-Xvnc
|
||||||
This is the TigerVNC implementation of Xvnc.
|
This is the TigerVNC implementation of Xvnc.
|
||||||
@ -262,25 +252,16 @@ It maps common x11vnc arguments to x0vncserver arguments.
|
|||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch9 -p1
|
|
||||||
%patch10 -p1
|
|
||||||
%patch11 -p1
|
|
||||||
%patch12 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
%patch21 -p1
|
|
||||||
%patch22 -p1
|
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
||||||
%patch23 -p1
|
%patch9 -p1
|
||||||
%endif
|
%endif
|
||||||
%patch24 -p1
|
%patch10 -p0
|
||||||
%patch25 -p0
|
%patch12 -p0
|
||||||
%patch26 -p1
|
|
||||||
|
|
||||||
cp -r %{_prefix}/src/xserver/* unix/xserver/
|
cp -r %{_prefix}/src/xserver/* unix/xserver/
|
||||||
pushd unix/xserver
|
pushd unix/xserver
|
||||||
#patch -p1 < ../xserver120.patch
|
%patch11 -p1
|
||||||
%patch27 -p1
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -290,7 +271,10 @@ export CFLAGS="%optflags"
|
|||||||
sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE13} > xvnc@.service
|
sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE13} > xvnc@.service
|
||||||
sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE21} > xvnc-novnc.service
|
sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE21} > xvnc-novnc.service
|
||||||
# Build all tigervnc
|
# Build all tigervnc
|
||||||
cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DCMAKE_BUILD_TYPE=RelWithDebInfo .
|
cmake -DCMAKE_VERBOSE_MAKEFILE=ON \
|
||||||
|
-DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \
|
||||||
|
-DCMAKE_INSTALL_LIBEXECDIR:PATH=%{_libexecdir} \
|
||||||
|
-DCMAKE_BUILD_TYPE=RelWithDebInfo .
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
# Build Xvnc server
|
# Build Xvnc server
|
||||||
@ -319,7 +303,7 @@ popd
|
|||||||
|
|
||||||
# Build java client
|
# Build java client
|
||||||
pushd java
|
pushd java
|
||||||
cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DJAVACFLAGS="-encoding utf8 -source 1.6 -target 1.6" .
|
cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} .
|
||||||
%make_build
|
%make_build
|
||||||
popd
|
popd
|
||||||
|
|
||||||
@ -351,7 +335,7 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.
|
|||||||
install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd
|
install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# only package as %doc (boo#1173045)
|
# only package as %%doc (boo#1173045)
|
||||||
cp %{SOURCE7} .
|
cp %{SOURCE7} .
|
||||||
install -D -m 755 %{SOURCE8} %{buildroot}%{_bindir}/vncpasswd.arg
|
install -D -m 755 %{SOURCE8} %{buildroot}%{_bindir}/vncpasswd.arg
|
||||||
install -D -m 644 %{SOURCE9} %{buildroot}%{_distconfdir}/pam.d/vnc
|
install -D -m 644 %{SOURCE9} %{buildroot}%{_distconfdir}/pam.d/vnc
|
||||||
@ -380,7 +364,7 @@ install -D xvnc-novnc.service -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service
|
|||||||
|
|
||||||
install -Dm0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/vnc.conf
|
install -Dm0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/vnc.conf
|
||||||
|
|
||||||
rm -rf %{buildroot}%{_datadir}/doc/tigervnc-*
|
rm -rf %{buildroot}%{_datadir}/doc/tigervnc*
|
||||||
|
|
||||||
%find_lang '%{name}'
|
%find_lang '%{name}'
|
||||||
|
|
||||||
@ -475,27 +459,37 @@ fi
|
|||||||
|
|
||||||
%files -n xorg-x11-Xvnc
|
%files -n xorg-x11-Xvnc
|
||||||
%doc LICENCE.TXT README.rst vnc.reg
|
%doc LICENCE.TXT README.rst vnc.reg
|
||||||
|
%doc unix/vncserver/HOWTO.md
|
||||||
|
|
||||||
%{_bindir}/Xvnc
|
%{_bindir}/Xvnc
|
||||||
%{_bindir}/vncconfig
|
%{_bindir}/vncconfig
|
||||||
%{_bindir}/vncpasswd
|
%{_bindir}/vncpasswd
|
||||||
%{_bindir}/vncpasswd.arg
|
%{_bindir}/vncpasswd.arg
|
||||||
%{_bindir}/vncserver
|
|
||||||
%{_bindir}/x0vncserver
|
%{_bindir}/x0vncserver
|
||||||
|
%{_sbindir}/vncsession
|
||||||
|
|
||||||
|
%{_libexecdir}/vncserver
|
||||||
|
%{_libexecdir}/vncsession-start
|
||||||
|
|
||||||
%exclude %{_mandir}/man1/Xserver.1*
|
%exclude %{_mandir}/man1/Xserver.1*
|
||||||
%{_mandir}/man1/Xvnc.1*
|
%{_mandir}/man1/Xvnc.1*
|
||||||
%{_mandir}/man1/vncconfig.1*
|
%{_mandir}/man1/vncconfig.1*
|
||||||
%{_mandir}/man1/vncpasswd.1*
|
%{_mandir}/man1/vncpasswd.1*
|
||||||
%{_mandir}/man1/vncserver.1*
|
|
||||||
%{_mandir}/man1/x0vncserver.1*
|
%{_mandir}/man1/x0vncserver.1*
|
||||||
|
%{_mandir}/man8/vncserver.8*
|
||||||
|
%{_mandir}/man8/vncsession.8*
|
||||||
|
|
||||||
|
%{_unitdir}/vncserver@.service
|
||||||
%{_unitdir}/xvnc@.service
|
%{_unitdir}/xvnc@.service
|
||||||
%{_unitdir}/xvnc.socket
|
%{_unitdir}/xvnc.socket
|
||||||
%{_unitdir}/xvnc.target
|
%{_unitdir}/xvnc.target
|
||||||
%{_sysusersdir}/vnc.conf
|
%{_sysusersdir}/vnc.conf
|
||||||
%{_sbindir}/rcxvnc
|
%{_sbindir}/rcxvnc
|
||||||
|
|
||||||
|
%dir %{_sysconfdir}/tigervnc
|
||||||
|
%config(noreplace) %{_sysconfdir}/pam.d/tigervnc
|
||||||
|
%config(noreplace) %{_sysconfdir}/tigervnc/vncserver*
|
||||||
|
|
||||||
%exclude %{_sharedstatedir}/xkb/compiled/README.compiled
|
%exclude %{_sharedstatedir}/xkb/compiled/README.compiled
|
||||||
|
|
||||||
%if %{use_firewalld}
|
%if %{use_firewalld}
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
From 38726ce083db1a9227325bf87989513499bfa698 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pierre Ossman <ossman@cendio.se>
|
|
||||||
Date: Thu, 18 Jun 2020 09:20:17 +0200
|
|
||||||
Subject: [PATCH] Fix non-functional MaxDisconnectionTime
|
|
||||||
References: bsc#1195661
|
|
||||||
Upstream: Merged
|
|
||||||
|
|
||||||
Since 8e09912 this wasn't triggered properly as we checked if all
|
|
||||||
clients were gone before we actually removed the last client from our
|
|
||||||
list.
|
|
||||||
---
|
|
||||||
common/rfb/VNCServerST.cxx | 10 +++++-----
|
|
||||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx
|
|
||||||
index 8329bb23..35f65a2e 100644
|
|
||||||
--- a/common/rfb/VNCServerST.cxx
|
|
||||||
+++ b/common/rfb/VNCServerST.cxx
|
|
||||||
@@ -172,11 +172,6 @@ void VNCServerST::removeSocket(network::Socket* sock) {
|
|
||||||
clipboardClient = NULL;
|
|
||||||
clipboardRequestors.remove(*ci);
|
|
||||||
|
|
||||||
- // Adjust the exit timers
|
|
||||||
- connectTimer.stop();
|
|
||||||
- if (rfb::Server::maxDisconnectionTime && clients.empty())
|
|
||||||
- disconnectTimer.start(secsToMillis(rfb::Server::maxDisconnectionTime));
|
|
||||||
-
|
|
||||||
// - Delete the per-Socket resources
|
|
||||||
delete *ci;
|
|
||||||
|
|
||||||
@@ -193,6 +188,11 @@ void VNCServerST::removeSocket(network::Socket* sock) {
|
|
||||||
if (comparer)
|
|
||||||
comparer->logStats();
|
|
||||||
|
|
||||||
+ // Adjust the exit timers
|
|
||||||
+ connectTimer.stop();
|
|
||||||
+ if (rfb::Server::maxDisconnectionTime && clients.empty())
|
|
||||||
+ disconnectTimer.start(secsToMillis(rfb::Server::maxDisconnectionTime));
|
|
||||||
+
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -4,10 +4,10 @@ Subject: [PATCH] Build libXvnc as separate library.
|
|||||||
|
|
||||||
So it can be used by others, not only vncconfig.
|
So it can be used by others, not only vncconfig.
|
||||||
|
|
||||||
Index: b/unix/vncconfig/CMakeLists.txt
|
Index: tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt
|
||||||
===================================================================
|
===================================================================
|
||||||
--- a/unix/vncconfig/CMakeLists.txt
|
--- tigervnc-1.12.0.orig/unix/vncconfig/CMakeLists.txt
|
||||||
+++ b/unix/vncconfig/CMakeLists.txt
|
+++ tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt
|
||||||
@@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR})
|
@@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR})
|
||||||
include_directories(${CMAKE_SOURCE_DIR}/common)
|
include_directories(${CMAKE_SOURCE_DIR}/common)
|
||||||
include_directories(${CMAKE_SOURCE_DIR}/unix/tx)
|
include_directories(${CMAKE_SOURCE_DIR}/unix/tx)
|
||||||
@ -32,7 +32,7 @@ Index: b/unix/vncconfig/CMakeLists.txt
|
|||||||
-target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES})
|
-target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES})
|
||||||
+target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES})
|
+target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES})
|
||||||
|
|
||||||
install(TARGETS vncconfig DESTINATION ${BIN_DIR})
|
install(TARGETS vncconfig DESTINATION ${CMAKE_INSTALL_FULL_BINDIR})
|
||||||
+install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so)
|
+install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so)
|
||||||
install(FILES vncconfig.man DESTINATION ${MAN_DIR}/man1 RENAME vncconfig.1)
|
install(FILES vncconfig.man DESTINATION ${CMAKE_INSTALL_FULL_MANDIR}/man1 RENAME vncconfig.1)
|
||||||
+install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h)
|
+install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h)
|
||||||
|
@ -8,20 +8,20 @@ To fit strings in languages with longer words...
|
|||||||
vncviewer/ServerDialog.cxx | 4 +++-
|
vncviewer/ServerDialog.cxx | 4 +++-
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/vncviewer/ServerDialog.cxx b/vncviewer/ServerDialog.cxx
|
Index: tigervnc-1.12.0/vncviewer/ServerDialog.cxx
|
||||||
index de67f87b..0a8aa775 100644
|
===================================================================
|
||||||
--- a/vncviewer/ServerDialog.cxx
|
--- tigervnc-1.12.0.orig/vncviewer/ServerDialog.cxx
|
||||||
+++ b/vncviewer/ServerDialog.cxx
|
+++ tigervnc-1.12.0/vncviewer/ServerDialog.cxx
|
||||||
@@ -53,7 +53,7 @@ ServerDialog::ServerDialog()
|
@@ -68,7 +68,7 @@ ServerDialog::ServerDialog()
|
||||||
|
|
||||||
serverName = new Fl_Input(x, y, w() - margin*2 - server_label_width, INPUT_HEIGHT, _("VNC server:"));
|
serverName = new Fl_Input_Choice(x, y, w() - margin*2 - server_label_width, INPUT_HEIGHT, _("VNC server:"));
|
||||||
|
|
||||||
- int adjust = (w() - 20) / 4;
|
- int adjust = (w() - 20) / 4;
|
||||||
+ int adjust = (w() - 20) / 3;
|
+ int adjust = (w() - 20) / 3;
|
||||||
int button_width = adjust - margin/2;
|
int button_width = adjust - margin/2;
|
||||||
|
|
||||||
x = margin;
|
x = margin;
|
||||||
@@ -76,6 +76,8 @@ ServerDialog::ServerDialog()
|
@@ -91,6 +91,8 @@ ServerDialog::ServerDialog()
|
||||||
|
|
||||||
x = 0;
|
x = 0;
|
||||||
y += margin/2 + BUTTON_HEIGHT;
|
y += margin/2 + BUTTON_HEIGHT;
|
||||||
@ -30,6 +30,3 @@ index de67f87b..0a8aa775 100644
|
|||||||
|
|
||||||
divider = new Fl_Box(x, y, w(), 2);
|
divider = new Fl_Box(x, y, w(), 2);
|
||||||
divider->box(FL_THIN_DOWN_FRAME);
|
divider->box(FL_THIN_DOWN_FRAME);
|
||||||
--
|
|
||||||
2.13.6
|
|
||||||
|
|
||||||
|
@ -1,11 +1,13 @@
|
|||||||
--- ./unix/xserver/hw/vnc/xorg-version.h.orig 2021-10-28 13:58:20.309981257 +0200
|
Index: unix/xserver/hw/vnc/xorg-version.h
|
||||||
+++ ./unix/xserver/hw/vnc/xorg-version.h 2021-10-28 13:59:33.179368585 +0200
|
===================================================================
|
||||||
@@ -54,6 +54,8 @@
|
--- unix/xserver/hw/vnc/xorg-version.h.orig
|
||||||
#define XORG 119
|
+++ unix/xserver/hw/vnc/xorg-version.h
|
||||||
#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (20 * 100000) + (99 * 1000))
|
@@ -33,7 +33,7 @@
|
||||||
#define XORG 120
|
#error "X.Org older than 1.16 is not supported"
|
||||||
+#elif XORG_VERSION_CURRENT < ((21 * 10000000) + (1 * 100000) + (99 * 1000))
|
#endif
|
||||||
+#define XORG 211
|
|
||||||
#else
|
-#if XORG_AT_LEAST(1, 21, 0)
|
||||||
|
+#if XORG_AT_LEAST(1, 22, 0)
|
||||||
#error "X.Org newer than 1.20 is not supported"
|
#error "X.Org newer than 1.20 is not supported"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
|
Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
|
||||||
===================================================================
|
===================================================================
|
||||||
--- tigervnc-1.10.1.orig/java/com/tigervnc/rfb/CSecurityTLS.java
|
--- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java
|
||||||
+++ tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
|
+++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
|
||||||
@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur
|
@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur
|
||||||
public static StringParameter X509CRL
|
public static StringParameter X509CRL
|
||||||
= new StringParameter("X509CRL",
|
= new StringParameter("X509CRL",
|
||||||
@ -26,9 +26,9 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
|
|||||||
}
|
}
|
||||||
+ String thumbprint = getThumbprint(cert);
|
+ String thumbprint = getThumbprint(cert);
|
||||||
File vncDir = new File(FileUtils.getVncHomeDir());
|
File vncDir = new File(FileUtils.getVncHomeDir());
|
||||||
if (!vncDir.exists())
|
if (!vncDir.exists()) {
|
||||||
throw new AuthFailureException("Could not obtain VNC home directory "+
|
try {
|
||||||
@@ -332,6 +337,9 @@ public class CSecurityTLS extends CSecur
|
@@ -337,6 +342,9 @@ public class CSecurityTLS extends CSecur
|
||||||
store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
|
store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
|
||||||
} catch (java.lang.Exception e) {
|
} catch (java.lang.Exception e) {
|
||||||
if (e.getCause() instanceof CertPathBuilderException) {
|
if (e.getCause() instanceof CertPathBuilderException) {
|
||||||
@ -38,7 +38,7 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
|
|||||||
vlog.debug("Server host not previously known");
|
vlog.debug("Server host not previously known");
|
||||||
vlog.debug(info);
|
vlog.debug(info);
|
||||||
String text =
|
String text =
|
||||||
@@ -519,7 +527,7 @@ public class CSecurityTLS extends CSecur
|
@@ -524,7 +532,7 @@ public class CSecurityTLS extends CSecur
|
||||||
private SSLEngineManager manager;
|
private SSLEngineManager manager;
|
||||||
private boolean anon;
|
private boolean anon;
|
||||||
|
|
||||||
@ -47,16 +47,3 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
|
|||||||
private FdInStream is;
|
private FdInStream is;
|
||||||
private FdOutStream os;
|
private FdOutStream os;
|
||||||
|
|
||||||
Index: tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java
|
|
||||||
===================================================================
|
|
||||||
--- tigervnc-1.10.1.orig/java/com/tigervnc/vncviewer/VncViewer.java
|
|
||||||
+++ tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java
|
|
||||||
@@ -393,6 +393,8 @@ public class VncViewer extends javax.swi
|
|
||||||
// Called right after zero-arg constructor in applet mode
|
|
||||||
setLookAndFeel();
|
|
||||||
setBackground(Color.white);
|
|
||||||
+
|
|
||||||
+ SecurityClient.setDefaults();
|
|
||||||
applet = this;
|
|
||||||
vncServerName.put(loadAppletParameters(applet).toCharArray()).flip();
|
|
||||||
if (embed.getValue()) {
|
|
||||||
|
@ -1,41 +0,0 @@
|
|||||||
Patch-Mainline: To be upstreamed
|
|
||||||
References: bnc#900896 CVE-2014-8240
|
|
||||||
Signed-off-by: Michal Srb <msrb@suse.com>
|
|
||||||
|
|
||||||
Index: b/unix/x0vncserver/Image.cxx
|
|
||||||
===================================================================
|
|
||||||
--- a/unix/x0vncserver/Image.cxx
|
|
||||||
+++ b/unix/x0vncserver/Image.cxx
|
|
||||||
@@ -82,6 +82,14 @@ void Image::Init(int width, int height)
|
|
||||||
xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
|
|
||||||
ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
|
|
||||||
|
|
||||||
+ if (xim->bytes_per_line <= 0 ||
|
|
||||||
+ xim->height <= 0 ||
|
|
||||||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
|
|
||||||
+ vlog.error("Invalid display size");
|
|
||||||
+ XDestroyImage(xim);
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
|
|
||||||
if (xim->data == NULL) {
|
|
||||||
vlog.error("malloc() failed");
|
|
||||||
@@ -257,6 +265,17 @@ void ShmImage::Init(int width, int heigh
|
|
||||||
delete shminfo;
|
|
||||||
shminfo = NULL;
|
|
||||||
return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (xim->bytes_per_line <= 0 ||
|
|
||||||
+ xim->height <= 0 ||
|
|
||||||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
|
|
||||||
+ vlog.error("Invalid display size");
|
|
||||||
+ XDestroyImage(xim);
|
|
||||||
+ xim = NULL;
|
|
||||||
+ delete shminfo;
|
|
||||||
+ shminfo = NULL;
|
|
||||||
+ return;
|
|
||||||
}
|
|
||||||
|
|
||||||
shminfo->shmid = shmget(IPC_PRIVATE,
|
|
@ -9,7 +9,7 @@ Index: common/rdr/FdOutStream.cxx
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- common/rdr/FdOutStream.cxx.orig
|
--- common/rdr/FdOutStream.cxx.orig
|
||||||
+++ common/rdr/FdOutStream.cxx
|
+++ common/rdr/FdOutStream.cxx
|
||||||
@@ -204,8 +204,12 @@ int FdOutStream::writeWithTimeout(const
|
@@ -128,8 +128,12 @@ size_t FdOutStream::writeFd(const void*
|
||||||
#endif
|
#endif
|
||||||
} while (n < 0 && (errno == EINTR));
|
} while (n < 0 && (errno == EINTR));
|
||||||
|
|
||||||
|
@ -1,57 +0,0 @@
|
|||||||
Author: Michal Srb <msrb@suse.com>
|
|
||||||
References: bnc#956537
|
|
||||||
Subject: Update default vnc xstartup script.
|
|
||||||
|
|
||||||
Index: tigervnc-1.10.1/unix/vncserver
|
|
||||||
===================================================================
|
|
||||||
--- tigervnc-1.10.1.orig/unix/vncserver
|
|
||||||
+++ tigervnc-1.10.1/unix/vncserver
|
|
||||||
@@ -58,27 +58,33 @@ $defaultXStartup
|
|
||||||
= ("#!/bin/sh\n\n".
|
|
||||||
"unset SESSION_MANAGER\n".
|
|
||||||
"unset DBUS_SESSION_BUS_ADDRESS\n".
|
|
||||||
- "OS=`uname -s`\n".
|
|
||||||
- "if [ \$OS = 'Linux' ]; then\n".
|
|
||||||
- " case \"\$WINDOWMANAGER\" in\n".
|
|
||||||
- " \*gnome\*)\n".
|
|
||||||
- " if [ -e /etc/SuSE-release ]; then\n".
|
|
||||||
- " PATH=\$PATH:/opt/gnome/bin\n".
|
|
||||||
- " export PATH\n".
|
|
||||||
- " fi\n".
|
|
||||||
- " ;;\n".
|
|
||||||
- " esac\n".
|
|
||||||
+ "\n".
|
|
||||||
+ "userclientrc=\$HOME/.xinitrc\n".
|
|
||||||
+ "sysclientrc=/usr/libexec/xinit/xinitrc\n".
|
|
||||||
+ "\n".
|
|
||||||
+ "if [ -f \"\$userclientrc\" ]; then\n".
|
|
||||||
+ " client=\"\$userclientrc\"\n".
|
|
||||||
+ "elif [ -f \"\$sysclientrc\" ]; then\n".
|
|
||||||
+ " client=\"\$sysclientrc\"\n".
|
|
||||||
+ "elif [ -f \"/etc/X11/xinit/xinitrc\" ]; then\n".
|
|
||||||
+ " client=\"/etc/X11/xinit/xinitrc\"\n".
|
|
||||||
"fi\n".
|
|
||||||
- "if [ -x /etc/X11/xinit/xinitrc ]; then\n".
|
|
||||||
- " exec /etc/X11/xinit/xinitrc\n".
|
|
||||||
+ "\n".
|
|
||||||
+ "if [ -x \"\$client\" ]; then\n".
|
|
||||||
+ " exec dbus-launch --exit-with-x11 \"\$client\"\n".
|
|
||||||
"fi\n".
|
|
||||||
- "if [ -f /etc/X11/xinit/xinitrc ]; then\n".
|
|
||||||
- " exec sh /etc/X11/xinit/xinitrc\n".
|
|
||||||
+ "if [ -f \"\$client\" ]; then\n".
|
|
||||||
+ " exec dbus-launch --exit-with-x11 sh \"\$client\"\n".
|
|
||||||
"fi\n".
|
|
||||||
+ "\n".
|
|
||||||
"[ -r \$HOME/.Xresources ] && xrdb \$HOME/.Xresources\n".
|
|
||||||
"xsetroot -solid grey\n".
|
|
||||||
"xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n".
|
|
||||||
- "twm &\n");
|
|
||||||
+ "if [ -x /usr/bin/twm ]; then\n".
|
|
||||||
+ " /usr/bin/twm &\n".
|
|
||||||
+ "else\n".
|
|
||||||
+ " echo \"No window manager found. You should install a window manager to get properly working VNC session.\"\n".
|
|
||||||
+ "fi\n");
|
|
||||||
|
|
||||||
$defaultConfig
|
|
||||||
= ("## Supported server options to pass to vncserver upon invocation can be listed\n".
|
|
@ -1,19 +0,0 @@
|
|||||||
diff -u -p -r tigervnc-1.10.0.old/unix/xserver/hw/vnc/xvnc.c tigervnc-1.10.0/unix/xserver/hw/vnc/xvnc.c
|
|
||||||
--- tigervnc-1.10.0.old/unix/xserver/hw/vnc/xvnc.c 2020-01-15 11:19:19.486731848 +0000
|
|
||||||
+++ tigervnc-1.10.0/unix/xserver/hw/vnc/xvnc.c 2020-01-15 11:37:33.275445409 +0000
|
|
||||||
@@ -295,6 +295,15 @@ void ddxBeforeReset(void)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#if INPUTTHREAD
|
|
||||||
+/** This function is called in Xserver/os/inputthread.c when starting
|
|
||||||
+ the input thread. */
|
|
||||||
+void
|
|
||||||
+ddxInputThreadInit(void)
|
|
||||||
+{
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
void ddxUseMsg(void)
|
|
||||||
{
|
|
||||||
vncPrintBanner();
|
|
@ -1,7 +1,8 @@
|
|||||||
diff -u -r xserver.orig/configure.ac xserver/configure.ac
|
Index: xserver/configure.ac
|
||||||
--- xserver.orig/configure.ac 2021-10-28 11:39:43.200727345 +0000
|
===================================================================
|
||||||
+++ xserver/configure.ac 2021-10-28 11:39:57.993008591 +0000
|
--- xserver.orig/configure.ac
|
||||||
@@ -72,6 +72,7 @@
|
+++ xserver/configure.ac
|
||||||
|
@@ -72,6 +72,7 @@ dnl forcing an entire recompile.x
|
||||||
AC_CONFIG_HEADERS(include/version-config.h)
|
AC_CONFIG_HEADERS(include/version-config.h)
|
||||||
|
|
||||||
AM_PROG_AS
|
AM_PROG_AS
|
||||||
@ -9,7 +10,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
|
|||||||
AC_PROG_LN_S
|
AC_PROG_LN_S
|
||||||
LT_PREREQ([2.2])
|
LT_PREREQ([2.2])
|
||||||
LT_INIT([disable-static win32-dll])
|
LT_INIT([disable-static win32-dll])
|
||||||
@@ -1713,6 +1714,10 @@
|
@@ -1713,6 +1714,10 @@ if test "x$XVFB" = xyes; then
|
||||||
AC_SUBST([XVFB_SYS_LIBS])
|
AC_SUBST([XVFB_SYS_LIBS])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -20,7 +21,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
|
|||||||
|
|
||||||
dnl Xnest DDX
|
dnl Xnest DDX
|
||||||
|
|
||||||
@@ -1748,6 +1753,8 @@
|
@@ -1748,6 +1753,8 @@ if test "x$XORG" = xauto; then
|
||||||
fi
|
fi
|
||||||
AC_MSG_RESULT([$XORG])
|
AC_MSG_RESULT([$XORG])
|
||||||
|
|
||||||
@ -29,7 +30,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
|
|||||||
if test "x$XORG" = xyes; then
|
if test "x$XORG" = xyes; then
|
||||||
PKG_CHECK_MODULES([LIBXCVT], $LIBXCVT)
|
PKG_CHECK_MODULES([LIBXCVT], $LIBXCVT)
|
||||||
|
|
||||||
@@ -1956,7 +1963,6 @@
|
@@ -1956,7 +1963,6 @@ if test "x$XORG" = xyes; then
|
||||||
AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
|
AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
|
||||||
AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
|
AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
|
||||||
AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
|
AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
|
||||||
@ -37,7 +38,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
|
|||||||
AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
|
AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
|
||||||
AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
|
AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
|
||||||
AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
|
AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
|
||||||
@@ -2339,6 +2345,7 @@
|
@@ -2339,6 +2345,7 @@ hw/xfree86/utils/man/Makefile
|
||||||
hw/xfree86/utils/gtf/Makefile
|
hw/xfree86/utils/gtf/Makefile
|
||||||
hw/vfb/Makefile
|
hw/vfb/Makefile
|
||||||
hw/vfb/man/Makefile
|
hw/vfb/man/Makefile
|
||||||
@ -45,10 +46,11 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
|
|||||||
hw/xnest/Makefile
|
hw/xnest/Makefile
|
||||||
hw/xnest/man/Makefile
|
hw/xnest/man/Makefile
|
||||||
hw/xwin/Makefile
|
hw/xwin/Makefile
|
||||||
diff -u -r xserver.orig/hw/Makefile.am xserver/hw/Makefile.am
|
Index: xserver/hw/Makefile.am
|
||||||
--- xserver.orig/hw/Makefile.am 2021-10-28 11:39:43.156726511 +0000
|
===================================================================
|
||||||
+++ xserver/hw/Makefile.am 2021-10-28 11:41:02.890242547 +0000
|
--- xserver.orig/hw/Makefile.am
|
||||||
@@ -28,7 +28,8 @@
|
+++ xserver/hw/Makefile.am
|
||||||
|
@@ -28,7 +28,8 @@ SUBDIRS = \
|
||||||
$(XVFB_SUBDIRS) \
|
$(XVFB_SUBDIRS) \
|
||||||
$(XNEST_SUBDIRS) \
|
$(XNEST_SUBDIRS) \
|
||||||
$(KDRIVE_SUBDIRS) \
|
$(KDRIVE_SUBDIRS) \
|
||||||
@ -58,10 +60,11 @@ diff -u -r xserver.orig/hw/Makefile.am xserver/hw/Makefile.am
|
|||||||
|
|
||||||
DIST_SUBDIRS = xfree86 vfb xnest xwin xquartz kdrive
|
DIST_SUBDIRS = xfree86 vfb xnest xwin xquartz kdrive
|
||||||
|
|
||||||
diff -u -r xserver.orig/mi/miinitext.c xserver/mi/miinitext.c
|
Index: xserver/mi/miinitext.c
|
||||||
--- xserver.orig/mi/miinitext.c 2021-10-28 11:39:43.232727953 +0000
|
===================================================================
|
||||||
+++ xserver/mi/miinitext.c 2021-10-28 11:39:57.993008591 +0000
|
--- xserver.orig/mi/miinitext.c
|
||||||
@@ -106,8 +106,15 @@
|
+++ xserver/mi/miinitext.c
|
||||||
|
@@ -106,8 +106,15 @@ SOFTWARE.
|
||||||
|
|
||||||
#include "miinitext.h"
|
#include "miinitext.h"
|
||||||
|
|
||||||
@ -77,10 +80,11 @@ diff -u -r xserver.orig/mi/miinitext.c xserver/mi/miinitext.c
|
|||||||
{GEExtensionInit, "Generic Event Extension", &noGEExtension},
|
{GEExtensionInit, "Generic Event Extension", &noGEExtension},
|
||||||
{ShapeExtensionInit, "SHAPE", NULL},
|
{ShapeExtensionInit, "SHAPE", NULL},
|
||||||
#ifdef MITSHM
|
#ifdef MITSHM
|
||||||
diff -u -r xserver.old/hw/vnc/xvnc.c xserver/hw/vnc/xvnc.c
|
Index: xserver/hw/vnc/xvnc.c
|
||||||
--- xserver.old/hw/vnc/xvnc.c 2021-10-28 12:14:39.360628791 +0000
|
===================================================================
|
||||||
+++ xserver/hw/vnc/xvnc.c 2021-10-28 12:30:56.599310018 +0000
|
--- xserver.orig/hw/vnc/xvnc.c
|
||||||
@@ -85,7 +85,18 @@
|
+++ xserver/hw/vnc/xvnc.c
|
||||||
|
@@ -69,7 +69,18 @@ extern char buildtime[];
|
||||||
#undef VENDOR_RELEASE
|
#undef VENDOR_RELEASE
|
||||||
#undef VENDOR_STRING
|
#undef VENDOR_STRING
|
||||||
#include "version-config.h"
|
#include "version-config.h"
|
||||||
@ -98,5 +102,5 @@ diff -u -r xserver.old/hw/vnc/xvnc.c xserver/hw/vnc/xvnc.c
|
|||||||
+#define DEFAULT_LOG_FILE_VERBOSITY 3
|
+#define DEFAULT_LOG_FILE_VERBOSITY 3
|
||||||
+#endif
|
+#endif
|
||||||
|
|
||||||
#define XVNCVERSION "TigerVNC 1.10.0"
|
#define XVNCVERSION "TigerVNC 1.12.0"
|
||||||
#define XVNCCOPYRIGHT ("Copyright (C) 1999-2019 TigerVNC Team and many others (see README.rst)\n" \
|
#define XVNCCOPYRIGHT ("Copyright (C) 1999-2021 TigerVNC Team and many others (see README.rst)\n" \
|
||||||
|
Loading…
Reference in New Issue
Block a user