forked from pool/tigervnc
Accepting request 402733 from X11:XOrg
- Generate VNC key and certificate on first use, not during installation. (bnc#982349) - Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch * Fix zlib stream reset in tight encoding. (bnc#963417) OBS-URL: https://build.opensuse.org/request/show/402733 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=33
This commit is contained in:
commit
054a6ff6ac
159
U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
Normal file
159
U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
Normal file
@ -0,0 +1,159 @@
|
|||||||
|
From 6f318e4451fcb45054408eaf568ca1c30c2d1ab6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pierre Ossman <ossman@cendio.se>
|
||||||
|
Date: Wed, 11 Nov 2015 13:11:09 +0100
|
||||||
|
Subject: [PATCH] Clear up ZlibInStream::reset() behaviour
|
||||||
|
|
||||||
|
It previously only did a reset of the ZlibInStream object, not the
|
||||||
|
underlying zlib stream. It also had the side effect of flushing
|
||||||
|
the underlying stream and disassociating from it.
|
||||||
|
|
||||||
|
Clear things up by changing the naming, and introducing a proper
|
||||||
|
reset function (which is needed by the Tight decoder).
|
||||||
|
|
||||||
|
Index: tigervnc-1.5.0/common/rdr/ZlibInStream.cxx
|
||||||
|
===================================================================
|
||||||
|
--- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.cxx
|
||||||
|
+++ tigervnc-1.5.0/common/rdr/ZlibInStream.cxx
|
||||||
|
@@ -16,6 +16,8 @@
|
||||||
|
* USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#include <assert.h>
|
||||||
|
+
|
||||||
|
#include <rdr/ZlibInStream.h>
|
||||||
|
#include <rdr/Exception.h>
|
||||||
|
#include <zlib.h>
|
||||||
|
@@ -26,26 +28,16 @@ enum { DEFAULT_BUF_SIZE = 16384 };
|
||||||
|
|
||||||
|
ZlibInStream::ZlibInStream(int bufSize_)
|
||||||
|
: underlying(0), bufSize(bufSize_ ? bufSize_ : DEFAULT_BUF_SIZE), offset(0),
|
||||||
|
- bytesIn(0)
|
||||||
|
+ zs(NULL), bytesIn(0)
|
||||||
|
{
|
||||||
|
- zs = new z_stream;
|
||||||
|
- zs->zalloc = Z_NULL;
|
||||||
|
- zs->zfree = Z_NULL;
|
||||||
|
- zs->opaque = Z_NULL;
|
||||||
|
- zs->next_in = Z_NULL;
|
||||||
|
- zs->avail_in = 0;
|
||||||
|
- if (inflateInit(zs) != Z_OK) {
|
||||||
|
- delete zs;
|
||||||
|
- throw Exception("ZlibInStream: inflateInit failed");
|
||||||
|
- }
|
||||||
|
ptr = end = start = new U8[bufSize];
|
||||||
|
+ init();
|
||||||
|
}
|
||||||
|
|
||||||
|
ZlibInStream::~ZlibInStream()
|
||||||
|
{
|
||||||
|
+ deinit();
|
||||||
|
delete [] start;
|
||||||
|
- inflateEnd(zs);
|
||||||
|
- delete zs;
|
||||||
|
}
|
||||||
|
|
||||||
|
void ZlibInStream::setUnderlying(InStream* is, int bytesIn_)
|
||||||
|
@@ -60,7 +52,7 @@ int ZlibInStream::pos()
|
||||||
|
return offset + ptr - start;
|
||||||
|
}
|
||||||
|
|
||||||
|
-void ZlibInStream::reset()
|
||||||
|
+void ZlibInStream::removeUnderlying()
|
||||||
|
{
|
||||||
|
ptr = end = start;
|
||||||
|
if (!underlying) return;
|
||||||
|
@@ -72,6 +64,38 @@ void ZlibInStream::reset()
|
||||||
|
underlying = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+void ZlibInStream::reset()
|
||||||
|
+{
|
||||||
|
+ deinit();
|
||||||
|
+ init();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void ZlibInStream::init()
|
||||||
|
+{
|
||||||
|
+ assert(zs == NULL);
|
||||||
|
+
|
||||||
|
+ zs = new z_stream;
|
||||||
|
+ zs->zalloc = Z_NULL;
|
||||||
|
+ zs->zfree = Z_NULL;
|
||||||
|
+ zs->opaque = Z_NULL;
|
||||||
|
+ zs->next_in = Z_NULL;
|
||||||
|
+ zs->avail_in = 0;
|
||||||
|
+ if (inflateInit(zs) != Z_OK) {
|
||||||
|
+ delete zs;
|
||||||
|
+ zs = NULL;
|
||||||
|
+ throw Exception("ZlibInStream: inflateInit failed");
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void ZlibInStream::deinit()
|
||||||
|
+{
|
||||||
|
+ assert(zs != NULL);
|
||||||
|
+ removeUnderlying();
|
||||||
|
+ inflateEnd(zs);
|
||||||
|
+ delete zs;
|
||||||
|
+ zs = NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int ZlibInStream::overrun(int itemSize, int nItems, bool wait)
|
||||||
|
{
|
||||||
|
if (itemSize > bufSize)
|
||||||
|
Index: tigervnc-1.5.0/common/rdr/ZlibInStream.h
|
||||||
|
===================================================================
|
||||||
|
--- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.h
|
||||||
|
+++ tigervnc-1.5.0/common/rdr/ZlibInStream.h
|
||||||
|
@@ -38,11 +38,15 @@ namespace rdr {
|
||||||
|
virtual ~ZlibInStream();
|
||||||
|
|
||||||
|
void setUnderlying(InStream* is, int bytesIn);
|
||||||
|
- void reset();
|
||||||
|
+ void removeUnderlying();
|
||||||
|
int pos();
|
||||||
|
+ void reset();
|
||||||
|
|
||||||
|
private:
|
||||||
|
|
||||||
|
+ void init();
|
||||||
|
+ void deinit();
|
||||||
|
+
|
||||||
|
int overrun(int itemSize, int nItems, bool wait);
|
||||||
|
bool decompress(bool wait);
|
||||||
|
|
||||||
|
Index: tigervnc-1.5.0/common/rfb/zrleDecode.h
|
||||||
|
===================================================================
|
||||||
|
--- tigervnc-1.5.0.orig/common/rfb/zrleDecode.h
|
||||||
|
+++ tigervnc-1.5.0/common/rfb/zrleDecode.h
|
||||||
|
@@ -177,7 +177,7 @@ void ZRLE_DECODE (const Rect& r, rdr::In
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- zis->reset();
|
||||||
|
+ zis->removeUnderlying();
|
||||||
|
}
|
||||||
|
|
||||||
|
#undef ZRLE_DECODE
|
||||||
|
Index: tigervnc-1.5.0/common/rfb/tightDecode.h
|
||||||
|
===================================================================
|
||||||
|
--- tigervnc-1.5.0.orig/common/rfb/tightDecode.h
|
||||||
|
+++ tigervnc-1.5.0/common/rfb/tightDecode.h
|
||||||
|
@@ -59,7 +59,7 @@ void TIGHT_DECODE (const Rect& r)
|
||||||
|
|
||||||
|
rdr::U8 comp_ctl = is->readU8();
|
||||||
|
|
||||||
|
- // Flush zlib streams if we are told by the server to do so.
|
||||||
|
+ // Reset zlib streams if we are told by the server to do so.
|
||||||
|
for (int i = 0; i < 4; i++) {
|
||||||
|
if (comp_ctl & 1) {
|
||||||
|
zis[i].reset();
|
||||||
|
@@ -231,7 +231,7 @@ void TIGHT_DECODE (const Rect& r)
|
||||||
|
delete [] netbuf;
|
||||||
|
|
||||||
|
if (streamId != -1) {
|
||||||
|
- zis[streamId].reset();
|
||||||
|
+ zis[streamId].removeUnderlying();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -1,3 +1,15 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 16 13:17:15 UTC 2016 - msrb@suse.com
|
||||||
|
|
||||||
|
- Generate VNC key and certificate on first use, not during
|
||||||
|
installation. (bnc#982349)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 13 15:21:19 UTC 2016 - msrb@suse.com
|
||||||
|
|
||||||
|
- Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
|
||||||
|
* Fix zlib stream reset in tight encoding. (bnc#963417)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue May 24 12:46:07 UTC 2016 - msrb@suse.com
|
Tue May 24 12:46:07 UTC 2016 - msrb@suse.com
|
||||||
|
|
||||||
|
@ -108,6 +108,7 @@ Source7: vnc_inetd_httpd
|
|||||||
Source8: vnc.reg
|
Source8: vnc.reg
|
||||||
Source9: vncpasswd.arg
|
Source9: vncpasswd.arg
|
||||||
Source10: vnc.pam
|
Source10: vnc.pam
|
||||||
|
Source11: with-vnc-key.sh
|
||||||
Patch1: tigervnc-newfbsize.patch
|
Patch1: tigervnc-newfbsize.patch
|
||||||
Patch2: tigervnc-clean-pressed-key-on-exit.patch
|
Patch2: tigervnc-clean-pressed-key-on-exit.patch
|
||||||
Patch3: u_tigervnc-ignore-epipe-on-write.patch
|
Patch3: u_tigervnc-ignore-epipe-on-write.patch
|
||||||
@ -120,6 +121,7 @@ Patch9: u_tigervnc_update_default_vncxstartup.patch
|
|||||||
Patch10: U_add_allowoverride_parameter.patch
|
Patch10: U_add_allowoverride_parameter.patch
|
||||||
Patch11: u_build_libXvnc_as_separate_library.patch
|
Patch11: u_build_libXvnc_as_separate_library.patch
|
||||||
Patch12: u_tigervnc-show-unencrypted-warning.patch
|
Patch12: u_tigervnc-show-unencrypted-warning.patch
|
||||||
|
Patch13: U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
|
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
|
||||||
@ -129,10 +131,10 @@ it attempts to maintain a common look and feel and re-use components, where poss
|
|||||||
TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
|
TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
|
||||||
|
|
||||||
%package -n xorg-x11-Xvnc
|
%package -n xorg-x11-Xvnc
|
||||||
# Needed to generate certificates
|
|
||||||
Requires(post): openssl
|
|
||||||
Requires(post): /usr/sbin/useradd
|
Requires(post): /usr/sbin/useradd
|
||||||
Requires(post): /usr/sbin/groupadd
|
Requires(post): /usr/sbin/groupadd
|
||||||
|
# Needed to generate certificates
|
||||||
|
Requires: openssl
|
||||||
# Needed to serve java applet
|
# Needed to serve java applet
|
||||||
Requires: icewm
|
Requires: icewm
|
||||||
Requires: python
|
Requires: python
|
||||||
@ -143,6 +145,7 @@ Requires: xinit
|
|||||||
Requires: xkbcomp
|
Requires: xkbcomp
|
||||||
Requires: xkeyboard-config
|
Requires: xkeyboard-config
|
||||||
Requires: xorg-x11-fonts-core
|
Requires: xorg-x11-fonts-core
|
||||||
|
Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh
|
||||||
Summary: TigerVNC implementation of Xvnc
|
Summary: TigerVNC implementation of Xvnc
|
||||||
Group: System/X11/Servers/XF86_4
|
Group: System/X11/Servers/XF86_4
|
||||||
|
|
||||||
@ -180,6 +183,7 @@ cp -r /usr/src/xserver/* unix/xserver/
|
|||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
|
%patch13 -p1
|
||||||
|
|
||||||
pushd unix/xserver
|
pushd unix/xserver
|
||||||
patch -p1 < ../xserver117.patch
|
patch -p1 < ../xserver117.patch
|
||||||
@ -255,6 +259,9 @@ ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/ma
|
|||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
|
||||||
|
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc
|
||||||
|
install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc
|
||||||
|
|
||||||
rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-*
|
rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-*
|
||||||
|
|
||||||
%find_lang '%{name}'
|
%find_lang '%{name}'
|
||||||
@ -264,18 +271,6 @@ getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || :
|
|||||||
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || :
|
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || :
|
||||||
usermod -G shadow -a %{vncuser} || :
|
usermod -G shadow -a %{vncuser} || :
|
||||||
|
|
||||||
%post -n xorg-x11-Xvnc
|
|
||||||
if ! test -e %{tlskey} ; then
|
|
||||||
(umask 077 && openssl genrsa -out %{tlskey} 2048)
|
|
||||||
chown %{vncuser}:%{vncgroup} %{tlskey}
|
|
||||||
fi
|
|
||||||
if ! test -e %{tlscert} ; then
|
|
||||||
cn="Automatically generated certificate for the VNC service"
|
|
||||||
openssl req -new -x509 -extensions usr_cert \
|
|
||||||
-key %{tlskey} -out %{tlscert} -days 7305 -subj "/CN=$cn/"
|
|
||||||
chown %{vncuser}:%{vncgroup} %{tlscert}
|
|
||||||
fi
|
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%if 0%{?suse_version} >= 1315
|
%if 0%{?suse_version} >= 1315
|
||||||
%_sbindir/update-alternatives \
|
%_sbindir/update-alternatives \
|
||||||
@ -358,10 +353,12 @@ fi
|
|||||||
%doc java/com/tigervnc/vncviewer/README
|
%doc java/com/tigervnc/vncviewer/README
|
||||||
%{_datadir}/vnc
|
%{_datadir}/vnc
|
||||||
|
|
||||||
%dir %{_sysconfdir}/vnc
|
%dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc
|
||||||
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
|
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
|
||||||
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
|
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
|
||||||
|
|
||||||
|
%{_libexecdir}/vnc
|
||||||
|
|
||||||
%files -n libXvnc1
|
%files -n libXvnc1
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_libdir}/libXvnc.so.1*
|
%{_libdir}/libXvnc.so.1*
|
||||||
|
24
vnc.xinetd
24
vnc.xinetd
@ -9,8 +9,8 @@ service vnc1
|
|||||||
protocol = tcp
|
protocol = tcp
|
||||||
wait = no
|
wait = no
|
||||||
user = vnc
|
user = vnc
|
||||||
server = /usr/bin/Xvnc
|
server = /usr/lib/vnc/with-vnc-key.sh
|
||||||
server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
|
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
|
||||||
disable = yes
|
disable = yes
|
||||||
}
|
}
|
||||||
# default: off
|
# default: off
|
||||||
@ -24,8 +24,8 @@ service vnc2
|
|||||||
protocol = tcp
|
protocol = tcp
|
||||||
wait = no
|
wait = no
|
||||||
user = vnc
|
user = vnc
|
||||||
server = /usr/bin/Xvnc
|
server = /usr/lib/vnc/with-vnc-key.sh
|
||||||
server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
|
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
|
||||||
disable = yes
|
disable = yes
|
||||||
}
|
}
|
||||||
# default: off
|
# default: off
|
||||||
@ -39,8 +39,8 @@ service vnc3
|
|||||||
protocol = tcp
|
protocol = tcp
|
||||||
wait = no
|
wait = no
|
||||||
user = vnc
|
user = vnc
|
||||||
server = /usr/bin/Xvnc
|
server = /usr/lib/vnc/with-vnc-key.sh
|
||||||
server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
|
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
|
||||||
disable = yes
|
disable = yes
|
||||||
}
|
}
|
||||||
# default: off
|
# default: off
|
||||||
@ -54,8 +54,8 @@ service vnchttpd1
|
|||||||
protocol = tcp
|
protocol = tcp
|
||||||
wait = no
|
wait = no
|
||||||
user = vnc
|
user = vnc
|
||||||
server = /usr/bin/vnc_inetd_httpd
|
server = /usr/lib/vnc/with-vnc-key.sh
|
||||||
server_args = 1024 768 5901
|
server_args = /usr/bin/vnc_inetd_httpd 1024 768 5901
|
||||||
disable = yes
|
disable = yes
|
||||||
}
|
}
|
||||||
# default: off
|
# default: off
|
||||||
@ -69,8 +69,8 @@ service vnchttpd2
|
|||||||
protocol = tcp
|
protocol = tcp
|
||||||
wait = no
|
wait = no
|
||||||
user = vnc
|
user = vnc
|
||||||
server = /usr/bin/vnc_inetd_httpd
|
server = /usr/lib/vnc/with-vnc-key.sh
|
||||||
server_args = 1280 1024 5902
|
server_args = /usr/bin/vnc_inetd_httpd 1280 1024 5902
|
||||||
disable = yes
|
disable = yes
|
||||||
}
|
}
|
||||||
# default: off
|
# default: off
|
||||||
@ -84,7 +84,7 @@ service vnchttpd3
|
|||||||
protocol = tcp
|
protocol = tcp
|
||||||
wait = no
|
wait = no
|
||||||
user = vnc
|
user = vnc
|
||||||
server = /usr/bin/vnc_inetd_httpd
|
server = /usr/lib/vnc/with-vnc-key.sh
|
||||||
server_args = 1600 1200 5903
|
server_args = /usr/bin/vnc_inetd_httpd 1600 1200 5903
|
||||||
disable = yes
|
disable = yes
|
||||||
}
|
}
|
||||||
|
35
with-vnc-key.sh
Normal file
35
with-vnc-key.sh
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Wrapper that makes sure /etc/vnc/tls.{key,cert} exist before executing given command.
|
||||||
|
|
||||||
|
|
||||||
|
TLSKEY=/etc/vnc/tls.key
|
||||||
|
TLSCERT=/etc/vnc/tls.cert
|
||||||
|
|
||||||
|
|
||||||
|
if test -s $TLSKEY -a -s $TLSCERT; then
|
||||||
|
# Execute the command we were given.
|
||||||
|
exec "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
(
|
||||||
|
# Wait for lock on the key file. We must not proceed while someone else is creating it.
|
||||||
|
flock 200
|
||||||
|
|
||||||
|
# If the key file doesn't exist or has zero size (because it doubles as lock), generate it.
|
||||||
|
if ! test -s $TLSKEY ; then
|
||||||
|
(umask 077 && openssl genrsa -out $TLSKEY 2048) >&200
|
||||||
|
chown vnc:vnc $TLSKEY
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If the cert file doesn't exist, generate it.
|
||||||
|
if ! test -e $TLSCERT ; then
|
||||||
|
CN="Automatically generated certificate for the VNC service"
|
||||||
|
openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
|
||||||
|
chown vnc:vnc $TLSCERT
|
||||||
|
fi
|
||||||
|
|
||||||
|
) 200>>$TLSKEY 2>/dev/null
|
||||||
|
|
||||||
|
# Execute the command we were given.
|
||||||
|
exec "$@"
|
Loading…
Reference in New Issue
Block a user