SHA256
1
0
forked from pool/tigervnc

Accepting request 402733 from X11:XOrg

- Generate VNC key and certificate on first use, not during
  installation. (bnc#982349)

- Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
  * Fix zlib stream reset in tight encoding. (bnc#963417)

OBS-URL: https://build.opensuse.org/request/show/402733
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=33
This commit is contained in:
Dominique Leuenberger 2016-06-29 13:01:19 +00:00 committed by Git OBS Bridge
commit 054a6ff6ac
5 changed files with 230 additions and 27 deletions

View File

@ -0,0 +1,159 @@
From 6f318e4451fcb45054408eaf568ca1c30c2d1ab6 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Wed, 11 Nov 2015 13:11:09 +0100
Subject: [PATCH] Clear up ZlibInStream::reset() behaviour
It previously only did a reset of the ZlibInStream object, not the
underlying zlib stream. It also had the side effect of flushing
the underlying stream and disassociating from it.
Clear things up by changing the naming, and introducing a proper
reset function (which is needed by the Tight decoder).
Index: tigervnc-1.5.0/common/rdr/ZlibInStream.cxx
===================================================================
--- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.cxx
+++ tigervnc-1.5.0/common/rdr/ZlibInStream.cxx
@@ -16,6 +16,8 @@
* USA.
*/
+#include <assert.h>
+
#include <rdr/ZlibInStream.h>
#include <rdr/Exception.h>
#include <zlib.h>
@@ -26,26 +28,16 @@ enum { DEFAULT_BUF_SIZE = 16384 };
ZlibInStream::ZlibInStream(int bufSize_)
: underlying(0), bufSize(bufSize_ ? bufSize_ : DEFAULT_BUF_SIZE), offset(0),
- bytesIn(0)
+ zs(NULL), bytesIn(0)
{
- zs = new z_stream;
- zs->zalloc = Z_NULL;
- zs->zfree = Z_NULL;
- zs->opaque = Z_NULL;
- zs->next_in = Z_NULL;
- zs->avail_in = 0;
- if (inflateInit(zs) != Z_OK) {
- delete zs;
- throw Exception("ZlibInStream: inflateInit failed");
- }
ptr = end = start = new U8[bufSize];
+ init();
}
ZlibInStream::~ZlibInStream()
{
+ deinit();
delete [] start;
- inflateEnd(zs);
- delete zs;
}
void ZlibInStream::setUnderlying(InStream* is, int bytesIn_)
@@ -60,7 +52,7 @@ int ZlibInStream::pos()
return offset + ptr - start;
}
-void ZlibInStream::reset()
+void ZlibInStream::removeUnderlying()
{
ptr = end = start;
if (!underlying) return;
@@ -72,6 +64,38 @@ void ZlibInStream::reset()
underlying = 0;
}
+void ZlibInStream::reset()
+{
+ deinit();
+ init();
+}
+
+void ZlibInStream::init()
+{
+ assert(zs == NULL);
+
+ zs = new z_stream;
+ zs->zalloc = Z_NULL;
+ zs->zfree = Z_NULL;
+ zs->opaque = Z_NULL;
+ zs->next_in = Z_NULL;
+ zs->avail_in = 0;
+ if (inflateInit(zs) != Z_OK) {
+ delete zs;
+ zs = NULL;
+ throw Exception("ZlibInStream: inflateInit failed");
+ }
+}
+
+void ZlibInStream::deinit()
+{
+ assert(zs != NULL);
+ removeUnderlying();
+ inflateEnd(zs);
+ delete zs;
+ zs = NULL;
+}
+
int ZlibInStream::overrun(int itemSize, int nItems, bool wait)
{
if (itemSize > bufSize)
Index: tigervnc-1.5.0/common/rdr/ZlibInStream.h
===================================================================
--- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.h
+++ tigervnc-1.5.0/common/rdr/ZlibInStream.h
@@ -38,11 +38,15 @@ namespace rdr {
virtual ~ZlibInStream();
void setUnderlying(InStream* is, int bytesIn);
- void reset();
+ void removeUnderlying();
int pos();
+ void reset();
private:
+ void init();
+ void deinit();
+
int overrun(int itemSize, int nItems, bool wait);
bool decompress(bool wait);
Index: tigervnc-1.5.0/common/rfb/zrleDecode.h
===================================================================
--- tigervnc-1.5.0.orig/common/rfb/zrleDecode.h
+++ tigervnc-1.5.0/common/rfb/zrleDecode.h
@@ -177,7 +177,7 @@ void ZRLE_DECODE (const Rect& r, rdr::In
}
}
- zis->reset();
+ zis->removeUnderlying();
}
#undef ZRLE_DECODE
Index: tigervnc-1.5.0/common/rfb/tightDecode.h
===================================================================
--- tigervnc-1.5.0.orig/common/rfb/tightDecode.h
+++ tigervnc-1.5.0/common/rfb/tightDecode.h
@@ -59,7 +59,7 @@ void TIGHT_DECODE (const Rect& r)
rdr::U8 comp_ctl = is->readU8();
- // Flush zlib streams if we are told by the server to do so.
+ // Reset zlib streams if we are told by the server to do so.
for (int i = 0; i < 4; i++) {
if (comp_ctl & 1) {
zis[i].reset();
@@ -231,7 +231,7 @@ void TIGHT_DECODE (const Rect& r)
delete [] netbuf;
if (streamId != -1) {
- zis[streamId].reset();
+ zis[streamId].removeUnderlying();
}
}

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Thu Jun 16 13:17:15 UTC 2016 - msrb@suse.com
- Generate VNC key and certificate on first use, not during
installation. (bnc#982349)
-------------------------------------------------------------------
Mon Jun 13 15:21:19 UTC 2016 - msrb@suse.com
- Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
* Fix zlib stream reset in tight encoding. (bnc#963417)
-------------------------------------------------------------------
Tue May 24 12:46:07 UTC 2016 - msrb@suse.com

View File

@ -108,6 +108,7 @@ Source7: vnc_inetd_httpd
Source8: vnc.reg
Source9: vncpasswd.arg
Source10: vnc.pam
Source11: with-vnc-key.sh
Patch1: tigervnc-newfbsize.patch
Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: u_tigervnc-ignore-epipe-on-write.patch
@ -120,6 +121,7 @@ Patch9: u_tigervnc_update_default_vncxstartup.patch
Patch10: U_add_allowoverride_parameter.patch
Patch11: u_build_libXvnc_as_separate_library.patch
Patch12: u_tigervnc-show-unencrypted-warning.patch
Patch13: U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
%description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
@ -129,10 +131,10 @@ it attempts to maintain a common look and feel and re-use components, where poss
TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
%package -n xorg-x11-Xvnc
# Needed to generate certificates
Requires(post): openssl
Requires(post): /usr/sbin/useradd
Requires(post): /usr/sbin/groupadd
# Needed to generate certificates
Requires: openssl
# Needed to serve java applet
Requires: icewm
Requires: python
@ -143,6 +145,7 @@ Requires: xinit
Requires: xkbcomp
Requires: xkeyboard-config
Requires: xorg-x11-fonts-core
Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh
Summary: TigerVNC implementation of Xvnc
Group: System/X11/Servers/XF86_4
@ -180,6 +183,7 @@ cp -r /usr/src/xserver/* unix/xserver/
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
pushd unix/xserver
patch -p1 < ../xserver117.patch
@ -255,6 +259,9 @@ ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/ma
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc
install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc
rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-*
%find_lang '%{name}'
@ -264,18 +271,6 @@ getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || :
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || :
usermod -G shadow -a %{vncuser} || :
%post -n xorg-x11-Xvnc
if ! test -e %{tlskey} ; then
(umask 077 && openssl genrsa -out %{tlskey} 2048)
chown %{vncuser}:%{vncgroup} %{tlskey}
fi
if ! test -e %{tlscert} ; then
cn="Automatically generated certificate for the VNC service"
openssl req -new -x509 -extensions usr_cert \
-key %{tlskey} -out %{tlscert} -days 7305 -subj "/CN=$cn/"
chown %{vncuser}:%{vncgroup} %{tlscert}
fi
%post
%if 0%{?suse_version} >= 1315
%_sbindir/update-alternatives \
@ -358,10 +353,12 @@ fi
%doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc
%dir %{_sysconfdir}/vnc
%dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
%{_libexecdir}/vnc
%files -n libXvnc1
%defattr(-,root,root)
%{_libdir}/libXvnc.so.1*

View File

@ -9,8 +9,8 @@ service vnc1
protocol = tcp
wait = no
user = vnc
server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@ -24,8 +24,8 @@ service vnc2
protocol = tcp
wait = no
user = vnc
server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@ -39,8 +39,8 @@ service vnc3
protocol = tcp
wait = no
user = vnc
server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@ -54,8 +54,8 @@ service vnchttpd1
protocol = tcp
wait = no
user = vnc
server = /usr/bin/vnc_inetd_httpd
server_args = 1024 768 5901
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/vnc_inetd_httpd 1024 768 5901
disable = yes
}
# default: off
@ -69,8 +69,8 @@ service vnchttpd2
protocol = tcp
wait = no
user = vnc
server = /usr/bin/vnc_inetd_httpd
server_args = 1280 1024 5902
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/vnc_inetd_httpd 1280 1024 5902
disable = yes
}
# default: off
@ -84,7 +84,7 @@ service vnchttpd3
protocol = tcp
wait = no
user = vnc
server = /usr/bin/vnc_inetd_httpd
server_args = 1600 1200 5903
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/vnc_inetd_httpd 1600 1200 5903
disable = yes
}

35
with-vnc-key.sh Normal file
View File

@ -0,0 +1,35 @@
#!/bin/bash
# Wrapper that makes sure /etc/vnc/tls.{key,cert} exist before executing given command.
TLSKEY=/etc/vnc/tls.key
TLSCERT=/etc/vnc/tls.cert
if test -s $TLSKEY -a -s $TLSCERT; then
# Execute the command we were given.
exec "$@"
fi
(
# Wait for lock on the key file. We must not proceed while someone else is creating it.
flock 200
# If the key file doesn't exist or has zero size (because it doubles as lock), generate it.
if ! test -s $TLSKEY ; then
(umask 077 && openssl genrsa -out $TLSKEY 2048) >&200
chown vnc:vnc $TLSKEY
fi
# If the cert file doesn't exist, generate it.
if ! test -e $TLSCERT ; then
CN="Automatically generated certificate for the VNC service"
openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
chown vnc:vnc $TLSCERT
fi
) 200>>$TLSKEY 2>/dev/null
# Execute the command we were given.
exec "$@"