Accepting request 688637 from X11:XOrg

OBS-URL: https://build.opensuse.org/request/show/688637 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=58
2019-03-26 21:30:17 +00:00 · 2019-03-26 21:30:17 +00:00 · eaee04e730
commit eaee04e730
parent 0ef14e1830 576bd884a2
3 changed files with 30 additions and 2 deletions
--- a/tigervnc.changes
+++ b/tigervnc.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Tue Mar 26 08:22:53 UTC 2019 - Yifan Jiang <yfjiang@suse.com>
+
+- Update with-vnc-key.sh to use only hostname for CN.
+
+  The gnutls introduces gnutls_x509_crt_check_hostname2 in
+  gnutls/lib/x509/hostname-verify.c#L159 to check if the given
+  certificate's subject matches the given hostname.
+
+  The function is used by the recent version of libvncclient which
+  will fail to verify the certification if there is a mismatching
+  between the connected hostname and the cert issuer's common name.
+
+  https://github.com/LibVNC/libvncserver/commit/cc69ee9
+
+  So the previous way to generate the vnc server's cert brings a
+  complicated CN, making the client using libvncclient
+  (e.g. vinagre, remmina) hard to adapt the hostname check. It is
+  better to populate the hostname as the common name without extra
+  strings.
+
+-------------------------------------------------------------------
+Thu Mar 21 09:16:51 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Change Requires(post): firewall-macros to BuildRequires: the
+  macros are expanded at build time and not needed at all at
+  runtime.
+
 -------------------------------------------------------------------
 Thu Feb  7 12:34:03 UTC 2019 - Stephan Kulow <coolo@suse.com>

--- a/tigervnc.spec
+++ b/tigervnc.spec
@ -153,7 +153,7 @@ Requires(post): /usr/sbin/groupadd
 Requires(post): /bin/awk
 Requires(post): systemd
 %if %{use_firewalld}
-Requires(post): firewall-macros
+BuildRequires:  firewall-macros
 %endif
 # Needed to generate certificates
 Requires:       windowmanager
--- a/with-vnc-key.sh
+++ b/with-vnc-key.sh
@ -25,7 +25,7 @@ fi
    # If the cert file doesn't exist, generate it.
    if ! test -e $TLSCERT ; then
        # Keeping it short, because hostname could be long and max CN is 64 characters
-        CN="VNC service on `hostname`"
+        CN="`hostname`"
        CN=${CN:0:64}
        openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
        chown vnc:vnc $TLSCERT