diff --git a/U_0001-Properly-store-certificate-exceptions.patch b/U_0001-Properly-store-certificate-exceptions.patch deleted file mode 100644 index 71c3db0..0000000 --- a/U_0001-Properly-store-certificate-exceptions.patch +++ /dev/null @@ -1,228 +0,0 @@ -From b30f10c681ec87720cff85d490f67098568a9cba Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Thu, 21 May 2020 21:10:38 +0200 -Subject: [PATCH] Properly store certificate exceptions - -The previous method stored the certificates as authorities, meaning that -the owner of that certificate could impersonate any server it wanted -after a client had added an exception. - -Handle this more properly by only storing exceptions for specific -hostname/certificate combinations, the same way browsers or SSH does -things. ---- - common/rfb/CSecurityTLS.cxx | 163 ++++++++++++++++++++------------------------ - 1 file changed, 73 insertions(+), 90 deletions(-) - -diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx -index 5c303a37..99008378 100644 ---- a/common/rfb/CSecurityTLS.cxx -+++ b/common/rfb/CSecurityTLS.cxx -@@ -250,22 +250,6 @@ void CSecurityTLS::setParam() - if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0) - throw AuthFailureException("load of CA cert failed"); - -- /* Load previously saved certs */ -- char *homeDir = NULL; -- int err; -- if (getvnchomedir(&homeDir) == -1) -- vlog.error("Could not obtain VNC home directory path"); -- else { -- CharArray caSave(strlen(homeDir) + 19 + 1); -- sprintf(caSave.buf, "%sx509_savedcerts.pem", homeDir); -- delete [] homeDir; -- -- err = gnutls_certificate_set_x509_trust_file(cert_cred, caSave.buf, -- GNUTLS_X509_FMT_PEM); -- if (err < 0) -- vlog.debug("Failed to load saved server certificates from %s", caSave.buf); -- } -- - if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0) - throw AuthFailureException("load of CRL failed"); - -@@ -290,7 +274,10 @@ void CSecurityTLS::checkSession() - const gnutls_datum_t *cert_list; - unsigned int cert_list_size = 0; - int err; -+ -+ char *homeDir; - gnutls_datum_t info; -+ size_t len; - - if (anon) - return; -@@ -333,13 +320,13 @@ void CSecurityTLS::checkSession() - throw AuthFailureException("decoding of certificate failed"); - - if (gnutls_x509_crt_check_hostname(crt, client->getServerName()) == 0) { -- char buf[255]; -+ CharArray text; - vlog.debug("hostname mismatch"); -- snprintf(buf, sizeof(buf), "Hostname (%s) does not match any certificate, " -- "do you want to continue?", client->getServerName()); -- buf[sizeof(buf) - 1] = '\0'; -- if (!msg->showMsgBox(UserMsgBox::M_YESNO, "hostname mismatch", buf)) -- throw AuthFailureException("hostname mismatch"); -+ text.format("Hostname (%s) does not match the server certificate, " -+ "do you want to continue?", client->getServerName()); -+ if (!msg->showMsgBox(UserMsgBox::M_YESNO, -+ "Certificate hostname mismatch", text.buf)) -+ throw AuthFailureException("Certificate hostname mismatch"); - } - - if (status == 0) { -@@ -364,86 +351,82 @@ void CSecurityTLS::checkSession() - throw AuthFailureException("Invalid status of server certificate verification"); - } - -- vlog.debug("Saved server certificates don't match"); -+ /* Certificate is fine, except we don't know the issuer, so TOFU time */ - -- if (gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &info)) { -- /* -- * GNUTLS doesn't correctly export gnutls_free symbol which is -- * a function pointer. Linking with Visual Studio 2008 Express will -- * fail when you call gnutls_free(). -- */ --#if WIN32 -- free(info.data); --#else -- gnutls_free(info.data); --#endif -- throw AuthFailureException("Could not find certificate to display"); -+ homeDir = NULL; -+ if (getvnchomedir(&homeDir) == -1) { -+ throw AuthFailureException("Could not obtain VNC home directory " -+ "path for known hosts storage"); - } - -- size_t out_size = 0; -- char *out_buf = NULL; -- char *certinfo = NULL; -- int len = 0; -- -- vlog.debug("certificate issuer unknown"); -- -- len = snprintf(NULL, 0, "This certificate has been signed by an unknown " -- "authority:\n\n%s\n\nDo you want to save it and " -- "continue?\n ", info.data); -- if (len < 0) -- throw AuthFailureException("certificate decoding error"); -- -- vlog.debug("%s", info.data); -- -- certinfo = new char[len]; -- -- snprintf(certinfo, len, "This certificate has been signed by an unknown " -- "authority:\n\n%s\n\nDo you want to save it and " -- "continue? ", info.data); -+ CharArray dbPath(strlen(homeDir) + 16 + 1); -+ sprintf(dbPath.buf, "%sx509_known_hosts", homeDir); -+ delete [] homeDir; - -- for (int i = 0; i < len - 1; i++) -- if (certinfo[i] == ',' && certinfo[i + 1] == ' ') -- certinfo[i] = '\n'; -+ err = gnutls_verify_stored_pubkey(dbPath.buf, NULL, -+ client->getServerName(), NULL, -+ GNUTLS_CRT_X509, &cert_list[0], 0); - -- if (!msg->showMsgBox(UserMsgBox::M_YESNO, "certificate issuer unknown", -- certinfo)) { -- delete [] certinfo; -- throw AuthFailureException("certificate issuer unknown"); -+ /* Previously known? */ -+ if (err == GNUTLS_E_SUCCESS) { -+ vlog.debug("Server certificate found in known hosts file"); -+ gnutls_x509_crt_deinit(crt); -+ return; - } - -- delete [] certinfo; -- -- if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size) -- != GNUTLS_E_SHORT_MEMORY_BUFFER) -- throw AuthFailureException("certificate issuer unknown, and certificate " -- "export failed"); -+ if ((err != GNUTLS_E_NO_CERTIFICATE_FOUND) && -+ (err != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)) { -+ throw AuthFailureException("Could not load known hosts database"); -+ } - -- // Save cert -- out_buf = new char[out_size]; -+ if (gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &info)) -+ throw AuthFailureException("Could not find certificate to display"); - -- if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0) -- throw AuthFailureException("certificate issuer unknown, and certificate " -- "export failed"); -+ len = strlen((char*)info.data); -+ for (size_t i = 0; i < len - 1; i++) { -+ if (info.data[i] == ',' && info.data[i + 1] == ' ') -+ info.data[i] = '\n'; -+ } - -- char *homeDir = NULL; -- if (getvnchomedir(&homeDir) == -1) -- vlog.error("Could not obtain VNC home directory path"); -- else { -- FILE *f; -- CharArray caSave(strlen(homeDir) + 1 + 19); -- sprintf(caSave.buf, "%sx509_savedcerts.pem", homeDir); -- delete [] homeDir; -- f = fopen(caSave.buf, "a+"); -- if (!f) -- msg->showMsgBox(UserMsgBox::M_OK, "certificate save failed", -- "Could not save the certificate"); -- else { -- fprintf(f, "%s\n", out_buf); -- fclose(f); -- } -+ /* New host */ -+ if (err == GNUTLS_E_NO_CERTIFICATE_FOUND) { -+ CharArray text; -+ -+ vlog.debug("Server host not previously known"); -+ vlog.debug("%s", info.data); -+ -+ text.format("This certificate has been signed by an unknown " -+ "authority:\n\n%s\n\nSomeone could be trying to " -+ "impersonate the site and you should not " -+ "continue.\n\nDo you want to make an exception " -+ "for this server?", info.data); -+ -+ if (!msg->showMsgBox(UserMsgBox::M_YESNO, -+ "Unknown certificate issuer", -+ text.buf)) -+ throw AuthFailureException("Unknown certificate issuer"); -+ } else if (err == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { -+ CharArray text; -+ -+ vlog.debug("Server host key mismatch"); -+ vlog.debug("%s", info.data); -+ -+ text.format("This host is previously known with a different " -+ "certificate, and the new certificate has been " -+ "signed by an unknown authority:\n\n%s\n\nSomeone " -+ "could be trying to impersonate the site and you " -+ "should not continue.\n\nDo you want to make an " -+ "exception for this server?", info.data); -+ -+ if (!msg->showMsgBox(UserMsgBox::M_YESNO, -+ "Unexpected server certificate", -+ text.buf)) -+ throw AuthFailureException("Unexpected server certificate"); - } - -- delete [] out_buf; -+ if (gnutls_store_pubkey(dbPath.buf, NULL, client->getServerName(), -+ NULL, GNUTLS_CRT_X509, &cert_list[0], 0, 0)) -+ vlog.error("Failed to store server certificate to known hosts database"); - - gnutls_x509_crt_deinit(crt); - /* --- -2.16.4 - diff --git a/U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch b/U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch deleted file mode 100644 index 1ab6f76..0000000 --- a/U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch +++ /dev/null @@ -1,234 +0,0 @@ -From f029745f63ac7d22fb91639b2cb5b3ab56134d6e Mon Sep 17 00:00:00 2001 -From: "Brian P. Hinz" -Date: Tue, 8 Sep 2020 10:13:32 +0200 -Subject: [PATCH] Properly store certificate exceptions in Java viewer - -Like the native viewer, the Java viewer didn't store certificate -exceptions properly. Whilst not as bad as the native viewer, it still -failed to check that a stored certificate wouldn't be maliciously used -for another server. In practice this can in most cases be used to -impersonate another server. - -Handle this like the native viewer by storing exceptions for a specific -hostname/certificate combination. ---- - java/com/tigervnc/rfb/CSecurityTLS.java | 164 ++++++++++++++++++++------------ - 1 file changed, 101 insertions(+), 63 deletions(-) - -diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java -index ad6f6fe1..e63945dc 100644 ---- a/java/com/tigervnc/rfb/CSecurityTLS.java -+++ b/java/com/tigervnc/rfb/CSecurityTLS.java -@@ -107,12 +107,6 @@ public class CSecurityTLS extends CSecurity { - X509CRL.setDefaultStr(getDefaultCRL()); - } - --// FIXME: --// Need to shutdown the connection cleanly -- --// FIXME? --// add a finalizer method that calls shutdown -- - public boolean processMsg(CConnection cc) { - is = (FdInStream)cc.getInStream(); - os = (FdOutStream)cc.getOutStream(); -@@ -269,8 +263,13 @@ public class CSecurityTLS extends CSecurity { - { - Collection certs = null; - X509Certificate cert = chain[0]; -+ String pk = -+ Base64.getEncoder().encodeToString(cert.getPublicKey().getEncoded()); - try { - cert.checkValidity(); -+ verifyHostname(cert); -+ } catch(CertificateParsingException e) { -+ throw new SystemException(e.getMessage()); - } catch(CertificateNotYetValidException e) { - throw new AuthFailureException("server certificate has not been activated"); - } catch(CertificateExpiredException e) { -@@ -279,73 +278,111 @@ public class CSecurityTLS extends CSecurity { - "do you want to continue?")) - throw new AuthFailureException("server certificate has expired"); - } -- String thumbprint = getThumbprint(cert); - File vncDir = new File(FileUtils.getVncHomeDir()); -- File certFile = new File(vncDir, "x509_savedcerts.pem"); -- CertificateFactory cf = CertificateFactory.getInstance("X.509"); -- if (vncDir.exists() && certFile.exists() && certFile.canRead()) { -- InputStream certStream = new MyFileInputStream(certFile); -- certs = cf.generateCertificates(certStream); -- for (Certificate c : certs) -- if (thumbprint.equals(getThumbprint((X509Certificate)c))) -- return; -- } -+ if (!vncDir.exists()) -+ throw new AuthFailureException("Could not obtain VNC home directory "+ -+ "path for known hosts storage"); -+ File dbPath = new File(vncDir, "x509_known_hosts"); -+ String info = -+ " Subject: "+cert.getSubjectX500Principal().getName()+"\n"+ -+ " Issuer: "+cert.getIssuerX500Principal().getName()+"\n"+ -+ " Serial Number: "+cert.getSerialNumber()+"\n"+ -+ " Version: "+cert.getVersion()+"\n"+ -+ " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+ -+ " Not Valid Before: "+cert.getNotBefore()+"\n"+ -+ " Not Valid After: "+cert.getNotAfter()+"\n"+ -+ " SHA-1 Fingerprint: "+getThumbprint(cert)+"\n"; - try { -- verifyHostname(cert); -+ if (dbPath.exists()) { -+ FileReader db = new FileReader(dbPath); -+ BufferedReader dbBuf = new BufferedReader(db); -+ String line; -+ String server = client.getServerName().toLowerCase(); -+ while ((line = dbBuf.readLine())!=null) { -+ String fields[] = line.split("\\|"); -+ if (fields.length==6) { -+ if (server.equals(fields[2]) && pk.equals(fields[5])) { -+ vlog.debug("Server certificate found in known hosts file"); -+ dbBuf.close(); -+ return; -+ } else if (server.equals(fields[2]) && !pk.equals(fields[5]) || -+ !server.equals(fields[2]) && pk.equals(fields[5])) { -+ throw new CertStoreException(); -+ } -+ } -+ } -+ dbBuf.close(); -+ } - tm.checkServerTrusted(chain, authType); -+ } catch (IOException e) { -+ throw new AuthFailureException("Could not load known hosts database"); -+ } catch (CertStoreException e) { -+ vlog.debug("Server host key mismatch"); -+ vlog.debug(info); -+ String text = -+ "This host is previously known with a different "+ -+ "certificate, and the new certificate has been "+ -+ "signed by an unknown authority\n"+ -+ "\n"+info+"\n"+ -+ "Someone could be trying to impersonate the site and you should not continue.\n"+ -+ "\n"+ -+ "Do you want to make an exception for this server?"; -+ if (!msg.showMsgBox(YES_NO_OPTION, "Unexpected certificate issuer", text)) -+ throw new AuthFailureException("Unexpected certificate issuer"); -+ store_pubkey(dbPath, client.getServerName().toLowerCase(), pk); - } catch (java.lang.Exception e) { - if (e.getCause() instanceof CertPathBuilderException) { -- String certinfo = -+ vlog.debug("Server host not previously known"); -+ vlog.debug(info); -+ String text = - "This certificate has been signed by an unknown authority\n"+ -+ "\n"+info+"\n"+ -+ "Someone could be trying to impersonate the site and you should not continue.\n"+ - "\n"+ -- " Subject: "+cert.getSubjectX500Principal().getName()+"\n"+ -- " Issuer: "+cert.getIssuerX500Principal().getName()+"\n"+ -- " Serial Number: "+cert.getSerialNumber()+"\n"+ -- " Version: "+cert.getVersion()+"\n"+ -- " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+ -- " Not Valid Before: "+cert.getNotBefore()+"\n"+ -- " Not Valid After: "+cert.getNotAfter()+"\n"+ -- " SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+ -- "\n"+ -- "Do you want to save it and continue?"; -- if (!msg.showMsgBox(YES_NO_OPTION, "certificate issuer unknown", -- certinfo)) { -- throw new AuthFailureException("certificate issuer unknown"); -- } -- if (certs == null || !certs.contains(cert)) { -- byte[] der = cert.getEncoded(); -- String pem = Base64.getEncoder().encodeToString(der); -- pem = pem.replaceAll("(.{64})", "$1\n"); -- FileWriter fw = null; -- try { -- if (!vncDir.exists()) -- vncDir.mkdir(); -- if (!certFile.exists() && !certFile.createNewFile()) { -- vlog.error("Certificate save failed."); -- } else { -- fw = new FileWriter(certFile.getAbsolutePath(), true); -- fw.write("-----BEGIN CERTIFICATE-----\n"); -- fw.write(pem+"\n"); -- fw.write("-----END CERTIFICATE-----\n"); -- } -- } catch (IOException ioe) { -- msg.showMsgBox(OK_OPTION, "certificate save failed", -- "Could not save the certificate"); -- } finally { -- try { -- if (fw != null) -- fw.close(); -- } catch(IOException ioe2) { -- throw new Exception(ioe2.getMessage()); -- } -- } -- } -+ "Do you want to make an exception for this server?"; -+ if (!msg.showMsgBox(YES_NO_OPTION, "Unknown certificate issuer", text)) -+ throw new AuthFailureException("Unknown certificate issuer"); -+ store_pubkey(dbPath, client.getServerName().toLowerCase(), pk); - } else { - throw new SystemException(e.getMessage()); - } - } - } - -+ private void store_pubkey(File dbPath, String serverName, String pk) -+ { -+ ArrayList lines = new ArrayList(); -+ File vncDir = new File(FileUtils.getVncHomeDir()); -+ try { -+ if (dbPath.exists()) { -+ FileReader db = new FileReader(dbPath); -+ BufferedReader dbBuf = new BufferedReader(db); -+ String line; -+ while ((line = dbBuf.readLine())!=null) { -+ String fields[] = line.split("\\|"); -+ if (fields.length==6) -+ if (!serverName.equals(fields[2]) && !pk.equals(fields[5])) -+ lines.add(line); -+ } -+ dbBuf.close(); -+ } -+ } catch (IOException e) { -+ throw new AuthFailureException("Could not load known hosts database"); -+ } -+ try { -+ if (!dbPath.exists()) -+ dbPath.createNewFile(); -+ FileWriter fw = new FileWriter(dbPath.getAbsolutePath(), false); -+ Iterator i = lines.iterator(); -+ while (i.hasNext()) -+ fw.write((String)i.next()+"\n"); -+ fw.write("|g0|"+serverName+"|*|0|"+pk+"\n"); -+ fw.close(); -+ } catch (IOException e) { -+ vlog.error("Failed to store server certificate to known hosts database"); -+ } -+ } -+ - public X509Certificate[] getAcceptedIssuers () - { - return tm.getAcceptedIssuers(); -@@ -399,12 +436,13 @@ public class CSecurityTLS extends CSecurity { - } - Object[] answer = {"YES", "NO"}; - int ret = JOptionPane.showOptionDialog(null, -- "Hostname verification failed. Do you want to continue?", -- "Hostname Verification Failure", -+ "Hostname ("+client.getServerName()+") does not match the"+ -+ " server certificate, do you want to continue?", -+ "Certificate hostname mismatch", - JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, - null, answer, answer[0]); - if (ret != JOptionPane.YES_OPTION) -- throw new WarningException("Hostname verification failed."); -+ throw new WarningException("Certificate hostname mismatch."); - } catch (CertificateParsingException e) { - throw new SystemException(e.getMessage()); - } catch (InvalidNameException e) { --- -2.16.4 - diff --git a/U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch b/U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch deleted file mode 100644 index 5c86155..0000000 --- a/U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9f83180219380c690fb743182308bc2d534b8b1b Mon Sep 17 00:00:00 2001 -From: Dominique Martinet -Date: Sun, 8 Jul 2018 02:15:43 +0900 -Subject: [PATCH] viewer: reset ctrl / alt to menu state on focus - -Setting Ctrl or Alt key on menu only sends the key press, and the -state is lost when focus is lost and recovered. -This checks the menu variable and sends the keys again if needed. ---- - vncviewer/Viewport.cxx | 6 ++++++ - 1 file changed, 6 insertions(+) - -Index: b/vncviewer/Viewport.cxx -=================================================================== ---- a/vncviewer/Viewport.cxx -+++ b/vncviewer/Viewport.cxx -@@ -655,6 +655,12 @@ int Viewport::handle(int event) - if (menuAltKey) - handleKeyPress(0x38, XK_Alt_L); - -+ // Resend Ctrl/Alt if needed -+ if (menuCtrlKey) -+ handleKeyPress(0x1d, XK_Control_L); -+ if (menuAltKey) -+ handleKeyPress(0x38, XK_Alt_L); -+ - // Yes, we would like some focus please! - return 1; - diff --git a/n_correct_path_in_desktop_file.patch b/n_correct_path_in_desktop_file.patch index 6b5c1cf..93aa80c 100644 --- a/n_correct_path_in_desktop_file.patch +++ b/n_correct_path_in_desktop_file.patch @@ -10,8 +10,8 @@ Index: tigervnc-1.9.0/vncviewer/vncviewer.desktop.in.in Name=TigerVNC Viewer GenericName=Remote Desktop Viewer Comment=Connect to VNC server and display remote desktop --Exec=@BIN_DIR@/vncviewer -+Exec=@BIN_DIR@/vncviewer-tigervnc +-Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer ++Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer-tigervnc Icon=tigervnc Terminal=false Type=Application diff --git a/n_tigervnc-date-time.patch b/n_tigervnc-date-time.patch index 1c34cc5..738a402 100644 --- a/n_tigervnc-date-time.patch +++ b/n_tigervnc-date-time.patch @@ -1,48 +1,48 @@ -Index: b/unix/xserver/hw/vnc/buildtime.c +Index: tigervnc-1.12.0/unix/xserver/hw/vnc/buildtime.c =================================================================== ---- a/unix/xserver/hw/vnc/buildtime.c -+++ b/unix/xserver/hw/vnc/buildtime.c +--- tigervnc-1.12.0.orig/unix/xserver/hw/vnc/buildtime.c ++++ tigervnc-1.12.0/unix/xserver/hw/vnc/buildtime.c @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -char buildtime[] = __DATE__ " " __TIME__; +char buildtime[] = "??? ?? ???? ??:??:??"; -Index: b/unix/vncconfig/buildtime.c +Index: tigervnc-1.12.0/unix/vncconfig/buildtime.c =================================================================== ---- a/unix/vncconfig/buildtime.c -+++ b/unix/vncconfig/buildtime.c +--- tigervnc-1.12.0.orig/unix/vncconfig/buildtime.c ++++ tigervnc-1.12.0/unix/vncconfig/buildtime.c @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -char buildtime[] = __DATE__ " " __TIME__; +char buildtime[] = "??? ?? ???? ??:??:??"; -Index: b/unix/x0vncserver/buildtime.c +Index: tigervnc-1.12.0/unix/x0vncserver/buildtime.c =================================================================== ---- a/unix/x0vncserver/buildtime.c -+++ b/unix/x0vncserver/buildtime.c +--- tigervnc-1.12.0.orig/unix/x0vncserver/buildtime.c ++++ tigervnc-1.12.0/unix/x0vncserver/buildtime.c @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -char buildtime[] = __DATE__ " " __TIME__; +char buildtime[] = "??? ?? ???? ??:??:??"; -Index: b/win/winvnc/buildTime.cxx +Index: tigervnc-1.12.0/win/winvnc/buildTime.cxx =================================================================== ---- a/win/winvnc/buildTime.cxx -+++ b/win/winvnc/buildTime.cxx +--- tigervnc-1.12.0.orig/win/winvnc/buildTime.cxx ++++ tigervnc-1.12.0/win/winvnc/buildTime.cxx @@ -15,4 +15,4 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ -const char* buildTime = "Built on " __DATE__ " at " __TIME__; +const char* buildTime = "Built on ??? ?? ???? at ??:??:??"; -Index: b/CMakeLists.txt +Index: tigervnc-1.12.0/CMakeLists.txt =================================================================== ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -42,10 +42,6 @@ if(MSVC) +--- tigervnc-1.12.0.orig/CMakeLists.txt ++++ tigervnc-1.12.0/CMakeLists.txt +@@ -44,10 +44,6 @@ if(MSVC) message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW") endif() @@ -53,11 +53,11 @@ Index: b/CMakeLists.txt # Default to optimised builds instead of debug ones. Our code has no bugs ;) # (CMake makes it fairly easy to toggle this back to Debug if needed) if(NOT CMAKE_BUILD_TYPE) -Index: b/vncviewer/vncviewer.cxx +Index: tigervnc-1.12.0/vncviewer/vncviewer.cxx =================================================================== ---- a/vncviewer/vncviewer.cxx -+++ b/vncviewer/vncviewer.cxx -@@ -98,11 +98,9 @@ static const char *about_text() +--- tigervnc-1.12.0.orig/vncviewer/vncviewer.cxx ++++ tigervnc-1.12.0/vncviewer/vncviewer.cxx +@@ -104,11 +104,9 @@ static const char *about_text() // time. snprintf(buffer, sizeof(buffer), _("TigerVNC Viewer %d-bit v%s\n" @@ -65,8 +65,8 @@ Index: b/vncviewer/vncviewer.cxx "Copyright (C) 1999-%d TigerVNC Team and many others (see README.rst)\n" "See https://www.tigervnc.org for information on TigerVNC."), - (int)sizeof(size_t)*8, PACKAGE_VERSION, -- BUILD_TIMESTAMP, 2019); -+ (int)sizeof(size_t)*8, PACKAGE_VERSION, 2019); +- BUILD_TIMESTAMP, 2021); ++ (int)sizeof(size_t)*8, PACKAGE_VERSION, 2021); return buffer; } diff --git a/n_utilize-system-crypto-policies.patch b/n_utilize-system-crypto-policies.patch index 64c45aa..95b9d71 100644 --- a/n_utilize-system-crypto-policies.patch +++ b/n_utilize-system-crypto-policies.patch @@ -1,12 +1,12 @@ -Index: tigervnc-1.10.1/common/rfb/Security.cxx +Index: tigervnc-1.12.0/common/rfb/Security.cxx =================================================================== ---- tigervnc-1.10.1.orig/common/rfb/Security.cxx -+++ tigervnc-1.10.1/common/rfb/Security.cxx +--- tigervnc-1.12.0.orig/common/rfb/Security.cxx ++++ tigervnc-1.12.0/common/rfb/Security.cxx @@ -52,7 +52,7 @@ static LogWriter vlog("Security"); #ifdef HAVE_GNUTLS StringParameter Security::GnuTLSPriority("GnuTLSPriority", "GnuTLS priority string that controls the TLS session’s handshake algorithms", -- "NORMAL"); +- ""); + "@SYSTEM"); #endif diff --git a/tigervnc-1.10.1.tar.gz b/tigervnc-1.10.1.tar.gz deleted file mode 100644 index 3ab38a1..0000000 --- a/tigervnc-1.10.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:19fcc80d7d35dd58115262e53cac87d8903180261d94c2a6b0c19224f50b58c4 -size 1408105 diff --git a/tigervnc-1.12.0.tar.gz b/tigervnc-1.12.0.tar.gz new file mode 100644 index 0000000..7f66ec1 --- /dev/null +++ b/tigervnc-1.12.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789 +size 1561898 diff --git a/tigervnc-FIPS-use-RFC7919.patch b/tigervnc-FIPS-use-RFC7919.patch deleted file mode 100644 index 1fc67bd..0000000 --- a/tigervnc-FIPS-use-RFC7919.patch +++ /dev/null @@ -1,129 +0,0 @@ -diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx -index d5ef47e..2ba787e 100644 ---- a/common/rfb/SSecurityTLS.cxx -+++ b/common/rfb/SSecurityTLS.cxx -@@ -37,7 +37,23 @@ - #include - #include - --#define DH_BITS 1024 /* XXX This should be configurable! */ -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) -+/* FFDHE (RFC-7919) 2048-bit parameters, PEM-encoded */ -+static unsigned char ffdhe2048[] = -+ "-----BEGIN DH PARAMETERS-----\n" -+ "MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" -+ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" -+ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" -+ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" -+ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" -+ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICAOE=\n" -+ "-----END DH PARAMETERS-----\n"; -+ -+static const gnutls_datum_t pkcs3_param = { -+ ffdhe2048, -+ sizeof(ffdhe2048) -+}; -+#endif - - using namespace rfb; - -@@ -50,15 +66,20 @@ StringParameter SSecurityTLS::X509_KeyFile - static LogWriter vlog("TLS"); - - SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon) -- : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL), -+ : SSecurity(sc), session(NULL), anon_cred(NULL), - cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL), - rawis(NULL), rawos(NULL) - { -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) -+ dh_params = NULL; -+#endif -+ - certfile = X509_CertFile.getData(); - keyfile = X509_KeyFile.getData(); - - if (gnutls_global_init() != GNUTLS_E_SUCCESS) - throw AuthFailureException("gnutls_global_init failed"); -+ - } - - void SSecurityTLS::shutdown() -@@ -70,10 +91,12 @@ void SSecurityTLS::shutdown() - } - } - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - if (dh_params) { - gnutls_dh_params_deinit(dh_params); - dh_params = 0; - } -+#endif - - if (anon_cred) { - gnutls_anon_free_server_credentials(anon_cred); -@@ -198,17 +221,21 @@ void SSecurityTLS::setParams(gnutls_session_t session) - throw AuthFailureException("gnutls_set_priority_direct failed"); - } - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) - throw AuthFailureException("gnutls_dh_params_init failed"); - -- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS) -- throw AuthFailureException("gnutls_dh_params_generate2 failed"); -+ if (gnutls_dh_params_import_pkcs3(dh_params, &pkcs3_param, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS) -+ throw AuthFailureException("gnutls_dh_params_import_pkcs3 failed"); -+#endif - - if (anon) { - if (gnutls_anon_allocate_server_credentials(&anon_cred) != GNUTLS_E_SUCCESS) - throw AuthFailureException("gnutls_anon_allocate_server_credentials failed"); - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - gnutls_anon_set_server_dh_params(anon_cred, dh_params); -+#endif - - if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred) - != GNUTLS_E_SUCCESS) -@@ -220,7 +247,9 @@ void SSecurityTLS::setParams(gnutls_session_t session) - if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) - throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - gnutls_certificate_set_dh_params(cert_cred, dh_params); -+#endif - - switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) { - case GNUTLS_E_SUCCESS: -diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h -index 6f71182..4bddae3 100644 ---- a/common/rfb/SSecurityTLS.h -+++ b/common/rfb/SSecurityTLS.h -@@ -36,6 +36,14 @@ - #include - #include - -+ -+/* In GnuTLS 3.6.0 DH parameter generation was deprecated. RFC7919 is used instead. -+ * GnuTLS before 3.6.0 doesn't know about RFC7919 so we will have to import it. -+ */ -+#if GNUTLS_VERSION_NUMBER < 0x030600 -+#define SSECURITYTLS__USE_DEPRECATED_DH -+#endif -+ - namespace rfb { - - class SSecurityTLS : public SSecurity { -@@ -54,8 +62,11 @@ namespace rfb { - void setParams(gnutls_session_t session); - - private: -+ bool isUsingDeprecatedDH; - gnutls_session_t session; -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - gnutls_dh_params_t dh_params; -+#endif - gnutls_anon_server_credentials_t anon_cred; - gnutls_certificate_credentials_t cert_cred; - char *keyfile, *certfile; diff --git a/tigervnc-clean-pressed-key-on-exit.patch b/tigervnc-clean-pressed-key-on-exit.patch index ecbf687..a03293c 100644 --- a/tigervnc-clean-pressed-key-on-exit.patch +++ b/tigervnc-clean-pressed-key-on-exit.patch @@ -1,21 +1,21 @@ -Index: b/vncviewer/DesktopWindow.cxx +Index: tigervnc-1.12.0/vncviewer/DesktopWindow.cxx =================================================================== ---- a/vncviewer/DesktopWindow.cxx -+++ b/vncviewer/DesktopWindow.cxx -@@ -207,6 +207,8 @@ DesktopWindow::~DesktopWindow() +--- tigervnc-1.12.0.orig/vncviewer/DesktopWindow.cxx ++++ tigervnc-1.12.0/vncviewer/DesktopWindow.cxx +@@ -236,6 +236,8 @@ DesktopWindow::~DesktopWindow() delete statsGraph; + delete viewport; + - // FLTK automatically deletes all child widgets, so we shouldn't touch - // them ourselves here - } -Index: b/vncviewer/Viewport.cxx + instances.erase(this); + + if (instances.size() == 0) +Index: tigervnc-1.12.0/vncviewer/Viewport.cxx =================================================================== ---- a/vncviewer/Viewport.cxx -+++ b/vncviewer/Viewport.cxx -@@ -189,6 +189,18 @@ Viewport::Viewport(int w, int h, const r +--- tigervnc-1.12.0.orig/vncviewer/Viewport.cxx ++++ tigervnc-1.12.0/vncviewer/Viewport.cxx +@@ -192,6 +192,18 @@ Viewport::Viewport(int w, int h, const r Viewport::~Viewport() { @@ -34,20 +34,28 @@ Index: b/vncviewer/Viewport.cxx // Unregister all timeouts in case they get a change tro trigger // again later when this object is already gone. Fl::remove_timeout(handlePointerTimeout, this); -Index: b/vncviewer/vncviewer.cxx +Index: tigervnc-1.12.0/vncviewer/vncviewer.cxx =================================================================== ---- a/vncviewer/vncviewer.cxx -+++ b/vncviewer/vncviewer.cxx -@@ -107,6 +107,8 @@ static const char *about_text() +--- tigervnc-1.12.0.orig/vncviewer/vncviewer.cxx ++++ tigervnc-1.12.0/vncviewer/vncviewer.cxx +@@ -113,6 +113,7 @@ static const char *about_text() return buffer; } +static CConn *cc; -+ - void exit_vncviewer(const char *error) + + void abort_vncviewer(const char *error, ...) { - // Prioritise the first error we get as that is probably the most -@@ -177,6 +179,16 @@ static void CleanupSignalHandler(int sig +@@ -176,8 +177,6 @@ void about_vncviewer() + static void mainloop(const char* vncserver, network::Socket* sock) + { + while (true) { +- CConn *cc; +- + exitMainloop = false; + + cc = new CConn(vncServerName, sock); +@@ -262,6 +261,16 @@ static void CleanupSignalHandler(int sig // CleanupSignalHandler allows C++ object cleanup to happen because it calls // exit() rather than the default which is to abort. vlog.info(_("Termination signal %d has been received. TigerVNC Viewer will now exit."), sig); @@ -64,22 +72,13 @@ Index: b/vncviewer/vncviewer.cxx exit(1); } -@@ -587,6 +599,9 @@ int main(int argc, char** argv) +@@ -744,6 +753,9 @@ int main(int argc, char** argv) XkbSetDetectableAutoRepeat(fl_display, True, NULL); #endif + fl_open_display(); + XSetIOErrorHandler(CleanupXIOErrorHandler); + - CSecurity::upg = &dlg; - #ifdef HAVE_GNUTLS - CSecurityTLS::msg = &dlg; -@@ -672,7 +687,7 @@ int main(int argc, char** argv) - #endif - } + init_fltk(); + enable_touch(); -- CConn *cc = new CConn(vncServerName, sock); -+ cc = new CConn(vncServerName, sock); - - while (!exitMainloop) - run_mainloop(); diff --git a/tigervnc-fix-saving-of-bad-server-certs.patch b/tigervnc-fix-saving-of-bad-server-certs.patch deleted file mode 100644 index 683a55a..0000000 --- a/tigervnc-fix-saving-of-bad-server-certs.patch +++ /dev/null @@ -1,60 +0,0 @@ -From dbad687182ae9093efaf096a069eeafc18b22973 Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Mon, 30 Dec 2019 10:24:11 +0100 -Subject: [PATCH 1/2] Fix saving of bad server certificates - -This check is completely backwards and it is currently unknown how -this ever worked. ---- - common/rfb/CSecurityTLS.cxx | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx -index aa1910909..c1a00212a 100644 ---- a/common/rfb/CSecurityTLS.cxx -+++ b/common/rfb/CSecurityTLS.cxx -@@ -416,8 +416,9 @@ void CSecurityTLS::checkSession() - delete [] certinfo; - - if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size) -- == GNUTLS_E_SHORT_MEMORY_BUFFER) -- throw AuthFailureException("Out of memory"); -+ != GNUTLS_E_SHORT_MEMORY_BUFFER) -+ throw AuthFailureException("certificate issuer unknown, and certificate " -+ "export failed"); - - // Save cert - out_buf = new char[out_size]; - -From 6208f47dcbf68ff1e751b0b526bb643f0da867a6 Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Mon, 30 Dec 2019 10:26:12 +0100 -Subject: [PATCH 2/2] Remove unneeded memory checks - -new throws an exception on allocation errors rather than return NULL. ---- - common/rfb/CSecurityTLS.cxx | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx -index c1a00212a..5c303a37c 100644 ---- a/common/rfb/CSecurityTLS.cxx -+++ b/common/rfb/CSecurityTLS.cxx -@@ -396,8 +396,6 @@ void CSecurityTLS::checkSession() - vlog.debug("%s", info.data); - - certinfo = new char[len]; -- if (certinfo == NULL) -- throw AuthFailureException("Out of memory"); - - snprintf(certinfo, len, "This certificate has been signed by an unknown " - "authority:\n\n%s\n\nDo you want to save it and " -@@ -422,8 +420,6 @@ void CSecurityTLS::checkSession() - - // Save cert - out_buf = new char[out_size]; -- if (out_buf == NULL) -- throw AuthFailureException("Out of memory"); - - if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0) - throw AuthFailureException("certificate issuer unknown, and certificate " diff --git a/tigervnc-newfbsize.patch b/tigervnc-newfbsize.patch index 44fd1f6..9adbd8d 100644 --- a/tigervnc-newfbsize.patch +++ b/tigervnc-newfbsize.patch @@ -1,13 +1,13 @@ -Index: b/vncviewer/CConn.cxx +Index: tigervnc-1.12.0/vncviewer/CConn.cxx =================================================================== ---- a/vncviewer/CConn.cxx -+++ b/vncviewer/CConn.cxx -@@ -388,6 +388,8 @@ void CConn::dataRect(const Rect& r, int +--- tigervnc-1.12.0.orig/vncviewer/CConn.cxx ++++ tigervnc-1.12.0/vncviewer/CConn.cxx +@@ -416,6 +416,8 @@ bool CConn::dataRect(const Rect& r, int if (encoding != encodingCopyRect) lastServerEncoding = encoding; + if (encoding == pseudoEncodingDesktopSize) + setDesktopSize( r.width(), r.height() ); - CConnection::dataRect(r, encoding); + ret = CConnection::dataRect(r, encoding); diff --git a/tigervnc.changes b/tigervnc.changes index 81da6aa..eaa7ddb 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Thu Feb 17 09:22:52 UTC 2022 - Joan Torres + +- Update to tigervnc 1.12.0 + * The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed + * Recent server history in the native viewer + * The native viewer now has an option to reconnect if the connection is dropped + * Translations are now enabled on Windows and macOS for the native viewer + * The native viewer now respects the system security policy + * Better handling of accented keys in the Java viewer + * The Unix servers can now listen to both a Unix socket and a TCP port at the same time + * The network code in both the servers and the native viewer has been restructured to give a more responsive experience + * The vncserver service now correctly handles settings set to "0" + * Fixed the clipboard Unicode handling in both the native viewer and the servers + * Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games +- Update to tigervnc 1.11.0 + * A security issue has been fixed in how the viewers handle TLS certificate exceptions + * vncserver has gotten a major redesign to be compatible with modern distributions + * The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel) + * Middle mouse button emulation in the native viewer, for devices with only two mouse buttons + * The Java viewer now supports Java 9+, but also now requires Java 8+ + * Support for alpha cursors in the Java viewer (a feature already supported in the native viewer) + * The password and username can now be specified via the environment for the native viewer + * Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16 + * The official builds have been fixed to work on the upcoming macOS 11 + * The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy +- Removed patches (included in 1.12.0): + * U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch + * tigervnc-fix-saving-of-bad-server-certs.patch + * u_xorg-server-1.20.7-ddxInputThreadInit.patch + * U_0001-Properly-store-certificate-exceptions.patch + * U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch + * tigervnc-FIPS-use-RFC7919.patch + * u_Fix-non-functional-MaxDisconnectionTime.patch +- Removed patches (no longer needed): + * u_tigervnc-cve-2014-8240.patch (https://github.com/TigerVNC/tigervnc/pull/1258) + * u_tigervnc_update_default_vncxstartup.patch +- Refreshed patches: + * n_correct_path_in_desktop_file.patch + * n_tigervnc-date-time.patch + * n_utilize-system-crypto-policies.patch + * tigervnc-clean-pressed-key-on-exit.patch + * tigervnc-newfbsize.patch + * u_build_libXvnc_as_separate_library.patch + * u_change-button-layout-in-ServerDialog.patch + * u_tigervnc-add-autoaccept-parameter.patch + * u_tigervnc-211.patch + ------------------------------------------------------------------- Thu Feb 10 12:17:07 UTC 2022 - Joan Torres diff --git a/tigervnc.spec b/tigervnc.spec index ea0da04..ca859d4 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -22,8 +22,6 @@ %define tlskey %{_sysconfdir}/vnc/tls.key %define tlscert %{_sysconfdir}/vnc/tls.cert -%define _unitdir %{_prefix}/lib/systemd/system - %if 0%{?suse_version} >= 1500 %define use_firewalld 1 %else @@ -35,7 +33,7 @@ %endif Name: tigervnc -Version: 1.10.1 +Version: 1.12.0 Release: 0 URL: http://tigervnc.org/ Summary: An implementation of VNC @@ -63,24 +61,15 @@ Patch1: tigervnc-newfbsize.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch Patch3: u_tigervnc-ignore-epipe-on-write.patch Patch4: n_tigervnc-date-time.patch -Patch5: u_tigervnc-cve-2014-8240.patch -Patch6: u_tigervnc_update_default_vncxstartup.patch -Patch7: u_build_libXvnc_as_separate_library.patch -Patch8: u_tigervnc-add-autoaccept-parameter.patch -Patch9: u_change-button-layout-in-ServerDialog.patch -Patch10: n_correct_path_in_desktop_file.patch -Patch11: U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch -Patch12: tigervnc-fix-saving-of-bad-server-certs.patch -Patch13: u_xorg-server-1.20.7-ddxInputThreadInit.patch -Patch21: U_0001-Properly-store-certificate-exceptions.patch -Patch22: U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch -Patch23: n_utilize-system-crypto-policies.patch -Patch24: tigervnc-FIPS-use-RFC7919.patch -Patch25: u_tigervnc-211.patch -Patch26: u_Fix-non-functional-MaxDisconnectionTime.patch -Patch27: xserver211.patch -Provides: tightvnc = 1.3.9 -Obsoletes: tightvnc < 1.3.9 +Patch5: u_build_libXvnc_as_separate_library.patch +Patch6: u_tigervnc-add-autoaccept-parameter.patch +Patch7: u_change-button-layout-in-ServerDialog.patch +Patch8: n_correct_path_in_desktop_file.patch +Patch9: n_utilize-system-crypto-policies.patch +Patch10: u_tigervnc-211.patch +Patch11: xserver211.patch +Provides: tightvnc = 1.5.0 +Obsoletes: tightvnc < 1.5.0 Provides: vnc BuildRequires: autoconf BuildRequires: automake @@ -185,9 +174,9 @@ Requires: /bin/hostname %ifnarch s390 s390x Recommends: xorg-x11-Xvnc-module %endif -Provides: tightvnc = 1.3.9 +Provides: tightvnc = 1.5.0 +Obsoletes: tightvnc < 1.5.0 Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh -Obsoletes: tightvnc < 1.3.9 %description -n xorg-x11-Xvnc This is the TigerVNC implementation of Xvnc. @@ -262,25 +251,15 @@ It maps common x11vnc arguments to x0vncserver arguments. %patch5 -p1 %patch6 -p1 %patch7 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch21 -p1 -%patch22 -p1 %patch8 -p1 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 -%patch23 -p1 +%patch9 -p1 %endif -%patch24 -p1 -%patch25 -p0 -%patch26 -p1 +%patch10 -p0 cp -r %{_prefix}/src/xserver/* unix/xserver/ pushd unix/xserver -#patch -p1 < ../xserver120.patch -%patch27 -p1 +%patch11 -p1 popd %build @@ -290,7 +269,10 @@ export CFLAGS="%optflags" sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE13} > xvnc@.service sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE21} > xvnc-novnc.service # Build all tigervnc -cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DCMAKE_BUILD_TYPE=RelWithDebInfo . +cmake -DCMAKE_VERBOSE_MAKEFILE=ON \ + -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \ + -DCMAKE_INSTALL_LIBEXECDIR:PATH=%{_libexecdir} \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo . %make_build # Build Xvnc server @@ -319,7 +301,7 @@ popd # Build java client pushd java -cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DJAVACFLAGS="-encoding utf8 -source 1.6 -target 1.6" . +cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} . %make_build popd @@ -351,7 +333,7 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2. install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd %endif -# only package as %doc (boo#1173045) +# only package as %%doc (boo#1173045) cp %{SOURCE7} . install -D -m 755 %{SOURCE8} %{buildroot}%{_bindir}/vncpasswd.arg install -D -m 644 %{SOURCE9} %{buildroot}%{_distconfdir}/pam.d/vnc @@ -380,7 +362,7 @@ install -D xvnc-novnc.service -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service install -Dm0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/vnc.conf -rm -rf %{buildroot}%{_datadir}/doc/tigervnc-* +rm -rf %{buildroot}%{_datadir}/doc/tigervnc* %find_lang '%{name}' @@ -475,27 +457,37 @@ fi %files -n xorg-x11-Xvnc %doc LICENCE.TXT README.rst vnc.reg +%doc unix/vncserver/HOWTO.md %{_bindir}/Xvnc %{_bindir}/vncconfig %{_bindir}/vncpasswd %{_bindir}/vncpasswd.arg -%{_bindir}/vncserver %{_bindir}/x0vncserver +%{_sbindir}/vncsession + +%{_libexecdir}/vncserver +%{_libexecdir}/vncsession-start %exclude %{_mandir}/man1/Xserver.1* %{_mandir}/man1/Xvnc.1* %{_mandir}/man1/vncconfig.1* %{_mandir}/man1/vncpasswd.1* -%{_mandir}/man1/vncserver.1* %{_mandir}/man1/x0vncserver.1* +%{_mandir}/man8/vncserver.8* +%{_mandir}/man8/vncsession.8* +%{_unitdir}/vncserver@.service %{_unitdir}/xvnc@.service %{_unitdir}/xvnc.socket %{_unitdir}/xvnc.target %{_sysusersdir}/vnc.conf %{_sbindir}/rcxvnc +%dir %{_sysconfdir}/tigervnc +%config(noreplace) %{_sysconfdir}/pam.d/tigervnc +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver* + %exclude %{_sharedstatedir}/xkb/compiled/README.compiled %if %{use_firewalld} diff --git a/u_Fix-non-functional-MaxDisconnectionTime.patch b/u_Fix-non-functional-MaxDisconnectionTime.patch deleted file mode 100644 index 1f4e31c..0000000 --- a/u_Fix-non-functional-MaxDisconnectionTime.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 38726ce083db1a9227325bf87989513499bfa698 Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Thu, 18 Jun 2020 09:20:17 +0200 -Subject: [PATCH] Fix non-functional MaxDisconnectionTime -References: bsc#1195661 -Upstream: Merged - -Since 8e09912 this wasn't triggered properly as we checked if all -clients were gone before we actually removed the last client from our -list. ---- - common/rfb/VNCServerST.cxx | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx -index 8329bb23..35f65a2e 100644 ---- a/common/rfb/VNCServerST.cxx -+++ b/common/rfb/VNCServerST.cxx -@@ -172,11 +172,6 @@ void VNCServerST::removeSocket(network::Socket* sock) { - clipboardClient = NULL; - clipboardRequestors.remove(*ci); - -- // Adjust the exit timers -- connectTimer.stop(); -- if (rfb::Server::maxDisconnectionTime && clients.empty()) -- disconnectTimer.start(secsToMillis(rfb::Server::maxDisconnectionTime)); -- - // - Delete the per-Socket resources - delete *ci; - -@@ -193,6 +188,11 @@ void VNCServerST::removeSocket(network::Socket* sock) { - if (comparer) - comparer->logStats(); - -+ // Adjust the exit timers -+ connectTimer.stop(); -+ if (rfb::Server::maxDisconnectionTime && clients.empty()) -+ disconnectTimer.start(secsToMillis(rfb::Server::maxDisconnectionTime)); -+ - return; - } - } --- -2.34.1 - diff --git a/u_build_libXvnc_as_separate_library.patch b/u_build_libXvnc_as_separate_library.patch index 45aa520..7e79a98 100644 --- a/u_build_libXvnc_as_separate_library.patch +++ b/u_build_libXvnc_as_separate_library.patch @@ -4,10 +4,10 @@ Subject: [PATCH] Build libXvnc as separate library. So it can be used by others, not only vncconfig. -Index: b/unix/vncconfig/CMakeLists.txt +Index: tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt =================================================================== ---- a/unix/vncconfig/CMakeLists.txt -+++ b/unix/vncconfig/CMakeLists.txt +--- tigervnc-1.12.0.orig/unix/vncconfig/CMakeLists.txt ++++ tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt @@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR}) include_directories(${CMAKE_SOURCE_DIR}/common) include_directories(${CMAKE_SOURCE_DIR}/unix/tx) @@ -32,7 +32,7 @@ Index: b/unix/vncconfig/CMakeLists.txt -target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES}) +target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES}) - install(TARGETS vncconfig DESTINATION ${BIN_DIR}) + install(TARGETS vncconfig DESTINATION ${CMAKE_INSTALL_FULL_BINDIR}) +install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so) - install(FILES vncconfig.man DESTINATION ${MAN_DIR}/man1 RENAME vncconfig.1) + install(FILES vncconfig.man DESTINATION ${CMAKE_INSTALL_FULL_MANDIR}/man1 RENAME vncconfig.1) +install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h) diff --git a/u_change-button-layout-in-ServerDialog.patch b/u_change-button-layout-in-ServerDialog.patch index 4a4bea1..e6b0c6a 100644 --- a/u_change-button-layout-in-ServerDialog.patch +++ b/u_change-button-layout-in-ServerDialog.patch @@ -8,20 +8,20 @@ To fit strings in languages with longer words... vncviewer/ServerDialog.cxx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -diff --git a/vncviewer/ServerDialog.cxx b/vncviewer/ServerDialog.cxx -index de67f87b..0a8aa775 100644 ---- a/vncviewer/ServerDialog.cxx -+++ b/vncviewer/ServerDialog.cxx -@@ -53,7 +53,7 @@ ServerDialog::ServerDialog() +Index: tigervnc-1.12.0/vncviewer/ServerDialog.cxx +=================================================================== +--- tigervnc-1.12.0.orig/vncviewer/ServerDialog.cxx ++++ tigervnc-1.12.0/vncviewer/ServerDialog.cxx +@@ -68,7 +68,7 @@ ServerDialog::ServerDialog() - serverName = new Fl_Input(x, y, w() - margin*2 - server_label_width, INPUT_HEIGHT, _("VNC server:")); + serverName = new Fl_Input_Choice(x, y, w() - margin*2 - server_label_width, INPUT_HEIGHT, _("VNC server:")); - int adjust = (w() - 20) / 4; + int adjust = (w() - 20) / 3; int button_width = adjust - margin/2; x = margin; -@@ -76,6 +76,8 @@ ServerDialog::ServerDialog() +@@ -91,6 +91,8 @@ ServerDialog::ServerDialog() x = 0; y += margin/2 + BUTTON_HEIGHT; @@ -30,6 +30,3 @@ index de67f87b..0a8aa775 100644 divider = new Fl_Box(x, y, w(), 2); divider->box(FL_THIN_DOWN_FRAME); --- -2.13.6 - diff --git a/u_tigervnc-211.patch b/u_tigervnc-211.patch index e39183d..16b8db5 100644 --- a/u_tigervnc-211.patch +++ b/u_tigervnc-211.patch @@ -1,11 +1,13 @@ ---- ./unix/xserver/hw/vnc/xorg-version.h.orig 2021-10-28 13:58:20.309981257 +0200 -+++ ./unix/xserver/hw/vnc/xorg-version.h 2021-10-28 13:59:33.179368585 +0200 -@@ -54,6 +54,8 @@ - #define XORG 119 - #elif XORG_VERSION_CURRENT < ((1 * 10000000) + (20 * 100000) + (99 * 1000)) - #define XORG 120 -+#elif XORG_VERSION_CURRENT < ((21 * 10000000) + (1 * 100000) + (99 * 1000)) -+#define XORG 211 - #else +Index: unix/xserver/hw/vnc/xorg-version.h +=================================================================== +--- unix/xserver/hw/vnc/xorg-version.h.orig ++++ unix/xserver/hw/vnc/xorg-version.h +@@ -33,7 +33,7 @@ + #error "X.Org older than 1.16 is not supported" + #endif + +-#if XORG_AT_LEAST(1, 21, 0) ++#if XORG_AT_LEAST(1, 22, 0) #error "X.Org newer than 1.20 is not supported" #endif + diff --git a/u_tigervnc-add-autoaccept-parameter.patch b/u_tigervnc-add-autoaccept-parameter.patch index a39cb0a..830a92f 100644 --- a/u_tigervnc-add-autoaccept-parameter.patch +++ b/u_tigervnc-add-autoaccept-parameter.patch @@ -1,7 +1,7 @@ -Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java +Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java =================================================================== ---- tigervnc-1.10.1.orig/java/com/tigervnc/rfb/CSecurityTLS.java -+++ tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java +--- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java ++++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java @@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur public static StringParameter X509CRL = new StringParameter("X509CRL", @@ -26,9 +26,9 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java } + String thumbprint = getThumbprint(cert); File vncDir = new File(FileUtils.getVncHomeDir()); - if (!vncDir.exists()) - throw new AuthFailureException("Could not obtain VNC home directory "+ -@@ -332,6 +337,9 @@ public class CSecurityTLS extends CSecur + if (!vncDir.exists()) { + try { +@@ -337,6 +342,9 @@ public class CSecurityTLS extends CSecur store_pubkey(dbPath, client.getServerName().toLowerCase(), pk); } catch (java.lang.Exception e) { if (e.getCause() instanceof CertPathBuilderException) { @@ -38,7 +38,7 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java vlog.debug("Server host not previously known"); vlog.debug(info); String text = -@@ -519,7 +527,7 @@ public class CSecurityTLS extends CSecur +@@ -524,7 +532,7 @@ public class CSecurityTLS extends CSecur private SSLEngineManager manager; private boolean anon; @@ -47,16 +47,3 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java private FdInStream is; private FdOutStream os; -Index: tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java -=================================================================== ---- tigervnc-1.10.1.orig/java/com/tigervnc/vncviewer/VncViewer.java -+++ tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java -@@ -393,6 +393,8 @@ public class VncViewer extends javax.swi - // Called right after zero-arg constructor in applet mode - setLookAndFeel(); - setBackground(Color.white); -+ -+ SecurityClient.setDefaults(); - applet = this; - vncServerName.put(loadAppletParameters(applet).toCharArray()).flip(); - if (embed.getValue()) { diff --git a/u_tigervnc-cve-2014-8240.patch b/u_tigervnc-cve-2014-8240.patch deleted file mode 100644 index d2b3256..0000000 --- a/u_tigervnc-cve-2014-8240.patch +++ /dev/null @@ -1,41 +0,0 @@ -Patch-Mainline: To be upstreamed -References: bnc#900896 CVE-2014-8240 -Signed-off-by: Michal Srb - -Index: b/unix/x0vncserver/Image.cxx -=================================================================== ---- a/unix/x0vncserver/Image.cxx -+++ b/unix/x0vncserver/Image.cxx -@@ -82,6 +82,14 @@ void Image::Init(int width, int height) - xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)), - ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0); - -+ if (xim->bytes_per_line <= 0 || -+ xim->height <= 0 || -+ xim->height >= INT_MAX / xim->bytes_per_line) { -+ vlog.error("Invalid display size"); -+ XDestroyImage(xim); -+ exit(1); -+ } -+ - xim->data = (char *)malloc(xim->bytes_per_line * xim->height); - if (xim->data == NULL) { - vlog.error("malloc() failed"); -@@ -257,6 +265,17 @@ void ShmImage::Init(int width, int heigh - delete shminfo; - shminfo = NULL; - return; -+ } -+ -+ if (xim->bytes_per_line <= 0 || -+ xim->height <= 0 || -+ xim->height >= INT_MAX / xim->bytes_per_line) { -+ vlog.error("Invalid display size"); -+ XDestroyImage(xim); -+ xim = NULL; -+ delete shminfo; -+ shminfo = NULL; -+ return; - } - - shminfo->shmid = shmget(IPC_PRIVATE, diff --git a/u_tigervnc-ignore-epipe-on-write.patch b/u_tigervnc-ignore-epipe-on-write.patch index 38ab090..19a444d 100644 --- a/u_tigervnc-ignore-epipe-on-write.patch +++ b/u_tigervnc-ignore-epipe-on-write.patch @@ -9,7 +9,7 @@ Index: common/rdr/FdOutStream.cxx =================================================================== --- common/rdr/FdOutStream.cxx.orig +++ common/rdr/FdOutStream.cxx -@@ -204,8 +204,12 @@ int FdOutStream::writeWithTimeout(const +@@ -128,8 +128,12 @@ size_t FdOutStream::writeFd(const void* #endif } while (n < 0 && (errno == EINTR)); diff --git a/u_tigervnc_update_default_vncxstartup.patch b/u_tigervnc_update_default_vncxstartup.patch deleted file mode 100644 index 3af324f..0000000 --- a/u_tigervnc_update_default_vncxstartup.patch +++ /dev/null @@ -1,57 +0,0 @@ -Author: Michal Srb -References: bnc#956537 -Subject: Update default vnc xstartup script. - -Index: tigervnc-1.10.1/unix/vncserver -=================================================================== ---- tigervnc-1.10.1.orig/unix/vncserver -+++ tigervnc-1.10.1/unix/vncserver -@@ -58,27 +58,33 @@ $defaultXStartup - = ("#!/bin/sh\n\n". - "unset SESSION_MANAGER\n". - "unset DBUS_SESSION_BUS_ADDRESS\n". -- "OS=`uname -s`\n". -- "if [ \$OS = 'Linux' ]; then\n". -- " case \"\$WINDOWMANAGER\" in\n". -- " \*gnome\*)\n". -- " if [ -e /etc/SuSE-release ]; then\n". -- " PATH=\$PATH:/opt/gnome/bin\n". -- " export PATH\n". -- " fi\n". -- " ;;\n". -- " esac\n". -+ "\n". -+ "userclientrc=\$HOME/.xinitrc\n". -+ "sysclientrc=/usr/libexec/xinit/xinitrc\n". -+ "\n". -+ "if [ -f \"\$userclientrc\" ]; then\n". -+ " client=\"\$userclientrc\"\n". -+ "elif [ -f \"\$sysclientrc\" ]; then\n". -+ " client=\"\$sysclientrc\"\n". -+ "elif [ -f \"/etc/X11/xinit/xinitrc\" ]; then\n". -+ " client=\"/etc/X11/xinit/xinitrc\"\n". - "fi\n". -- "if [ -x /etc/X11/xinit/xinitrc ]; then\n". -- " exec /etc/X11/xinit/xinitrc\n". -+ "\n". -+ "if [ -x \"\$client\" ]; then\n". -+ " exec dbus-launch --exit-with-x11 \"\$client\"\n". - "fi\n". -- "if [ -f /etc/X11/xinit/xinitrc ]; then\n". -- " exec sh /etc/X11/xinit/xinitrc\n". -+ "if [ -f \"\$client\" ]; then\n". -+ " exec dbus-launch --exit-with-x11 sh \"\$client\"\n". - "fi\n". -+ "\n". - "[ -r \$HOME/.Xresources ] && xrdb \$HOME/.Xresources\n". - "xsetroot -solid grey\n". - "xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n". -- "twm &\n"); -+ "if [ -x /usr/bin/twm ]; then\n". -+ " /usr/bin/twm &\n". -+ "else\n". -+ " echo \"No window manager found. You should install a window manager to get properly working VNC session.\"\n". -+ "fi\n"); - - $defaultConfig - = ("## Supported server options to pass to vncserver upon invocation can be listed\n". diff --git a/u_xorg-server-1.20.7-ddxInputThreadInit.patch b/u_xorg-server-1.20.7-ddxInputThreadInit.patch deleted file mode 100644 index 3cfb5de..0000000 --- a/u_xorg-server-1.20.7-ddxInputThreadInit.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -u -p -r tigervnc-1.10.0.old/unix/xserver/hw/vnc/xvnc.c tigervnc-1.10.0/unix/xserver/hw/vnc/xvnc.c ---- tigervnc-1.10.0.old/unix/xserver/hw/vnc/xvnc.c 2020-01-15 11:19:19.486731848 +0000 -+++ tigervnc-1.10.0/unix/xserver/hw/vnc/xvnc.c 2020-01-15 11:37:33.275445409 +0000 -@@ -295,6 +295,15 @@ void ddxBeforeReset(void) - } - #endif - -+#if INPUTTHREAD -+/** This function is called in Xserver/os/inputthread.c when starting -+ the input thread. */ -+void -+ddxInputThreadInit(void) -+{ -+} -+#endif -+ - void ddxUseMsg(void) - { - vncPrintBanner(); diff --git a/xserver211.patch b/xserver211.patch index a96262b..b9693b0 100644 --- a/xserver211.patch +++ b/xserver211.patch @@ -1,7 +1,8 @@ -diff -u -r xserver.orig/configure.ac xserver/configure.ac ---- xserver.orig/configure.ac 2021-10-28 11:39:43.200727345 +0000 -+++ xserver/configure.ac 2021-10-28 11:39:57.993008591 +0000 -@@ -72,6 +72,7 @@ +Index: xserver/configure.ac +=================================================================== +--- xserver.orig/configure.ac ++++ xserver/configure.ac +@@ -72,6 +72,7 @@ dnl forcing an entire recompile.x AC_CONFIG_HEADERS(include/version-config.h) AM_PROG_AS @@ -9,7 +10,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac AC_PROG_LN_S LT_PREREQ([2.2]) LT_INIT([disable-static win32-dll]) -@@ -1713,6 +1714,10 @@ +@@ -1713,6 +1714,10 @@ if test "x$XVFB" = xyes; then AC_SUBST([XVFB_SYS_LIBS]) fi @@ -20,7 +21,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac dnl Xnest DDX -@@ -1748,6 +1753,8 @@ +@@ -1748,6 +1753,8 @@ if test "x$XORG" = xauto; then fi AC_MSG_RESULT([$XORG]) @@ -29,7 +30,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac if test "x$XORG" = xyes; then PKG_CHECK_MODULES([LIBXCVT], $LIBXCVT) -@@ -1956,7 +1963,6 @@ +@@ -1956,7 +1963,6 @@ if test "x$XORG" = xyes; then AC_DEFINE(XORG_SERVER, 1, [Building Xorg server]) AC_DEFINE(XORGSERVER, 1, [Building Xorg server]) AC_DEFINE(XFree86Server, 1, [Building XFree86 server]) @@ -37,7 +38,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs]) AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions]) AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server]) -@@ -2339,6 +2345,7 @@ +@@ -2339,6 +2345,7 @@ hw/xfree86/utils/man/Makefile hw/xfree86/utils/gtf/Makefile hw/vfb/Makefile hw/vfb/man/Makefile @@ -45,10 +46,11 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac hw/xnest/Makefile hw/xnest/man/Makefile hw/xwin/Makefile -diff -u -r xserver.orig/hw/Makefile.am xserver/hw/Makefile.am ---- xserver.orig/hw/Makefile.am 2021-10-28 11:39:43.156726511 +0000 -+++ xserver/hw/Makefile.am 2021-10-28 11:41:02.890242547 +0000 -@@ -28,7 +28,8 @@ +Index: xserver/hw/Makefile.am +=================================================================== +--- xserver.orig/hw/Makefile.am ++++ xserver/hw/Makefile.am +@@ -28,7 +28,8 @@ SUBDIRS = \ $(XVFB_SUBDIRS) \ $(XNEST_SUBDIRS) \ $(KDRIVE_SUBDIRS) \ @@ -58,10 +60,11 @@ diff -u -r xserver.orig/hw/Makefile.am xserver/hw/Makefile.am DIST_SUBDIRS = xfree86 vfb xnest xwin xquartz kdrive -diff -u -r xserver.orig/mi/miinitext.c xserver/mi/miinitext.c ---- xserver.orig/mi/miinitext.c 2021-10-28 11:39:43.232727953 +0000 -+++ xserver/mi/miinitext.c 2021-10-28 11:39:57.993008591 +0000 -@@ -106,8 +106,15 @@ +Index: xserver/mi/miinitext.c +=================================================================== +--- xserver.orig/mi/miinitext.c ++++ xserver/mi/miinitext.c +@@ -106,8 +106,15 @@ SOFTWARE. #include "miinitext.h" @@ -77,10 +80,11 @@ diff -u -r xserver.orig/mi/miinitext.c xserver/mi/miinitext.c {GEExtensionInit, "Generic Event Extension", &noGEExtension}, {ShapeExtensionInit, "SHAPE", NULL}, #ifdef MITSHM -diff -u -r xserver.old/hw/vnc/xvnc.c xserver/hw/vnc/xvnc.c ---- xserver.old/hw/vnc/xvnc.c 2021-10-28 12:14:39.360628791 +0000 -+++ xserver/hw/vnc/xvnc.c 2021-10-28 12:30:56.599310018 +0000 -@@ -85,7 +85,18 @@ +Index: xserver/hw/vnc/xvnc.c +=================================================================== +--- xserver.orig/hw/vnc/xvnc.c ++++ xserver/hw/vnc/xvnc.c +@@ -69,7 +69,18 @@ extern char buildtime[]; #undef VENDOR_RELEASE #undef VENDOR_STRING #include "version-config.h" @@ -98,5 +102,5 @@ diff -u -r xserver.old/hw/vnc/xvnc.c xserver/hw/vnc/xvnc.c +#define DEFAULT_LOG_FILE_VERBOSITY 3 +#endif - #define XVNCVERSION "TigerVNC 1.10.0" - #define XVNCCOPYRIGHT ("Copyright (C) 1999-2019 TigerVNC Team and many others (see README.rst)\n" \ + #define XVNCVERSION "TigerVNC 1.12.0" + #define XVNCCOPYRIGHT ("Copyright (C) 1999-2021 TigerVNC Team and many others (see README.rst)\n" \