diff --git a/U_add_allowoverride_parameter.patch b/U_add_allowoverride_parameter.patch new file mode 100644 index 0000000..52221d1 --- /dev/null +++ b/U_add_allowoverride_parameter.patch @@ -0,0 +1,164 @@ +Git-commit: ef0dd758a3fad048c1f04e144b03a3e69b001f21 +Patch-Mainline: To be upstreamed +Author: Michal Srb +Subject: Add AllowOverride parameter. +References: fate#319319 + +Allows to specify which configuration parameters can be modified on runtime. + +diff --git a/unix/xserver/hw/vnc/vncExt.c b/unix/xserver/hw/vnc/vncExt.c +index 43794da..b27115f 100644 +--- a/unix/xserver/hw/vnc/vncExt.c ++++ b/unix/xserver/hw/vnc/vncExt.c +@@ -182,17 +182,16 @@ static int ProcVncExtSetParam(ClientPtr client) + rep.sequenceNumber = client->sequence; + + /* +- * Allow to change only certain parameters. +- * Changing other parameters (for example PAM service name) +- * could have negative security impact. ++ * Prevent change of clipboard related parameters if clipboard is disabled. + */ +- if (strncasecmp(param, "desktop", 7) != 0 && +- strncasecmp(param, "AcceptPointerEvents", 19) != 0 && +- (vncNoClipboard || strncasecmp(param, "SendCutText", 11) != 0) && +- (vncNoClipboard || strncasecmp(param, "AcceptCutText", 13) != 0)) ++ if (vncNoClipboard && ++ (strncasecmp(param, "SendCutText", 11) == 0 || ++ strncasecmp(param, "AcceptCutText", 13) == 0)) ++ goto deny; ++ ++ if (!vncOverrideParam(param)) + goto deny; + +- vncSetParamSimple(param); + rep.success = 1; + + // Send DesktopName update if desktop name has been changed +diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc +index 863cd36..1d37493 100644 +--- a/unix/xserver/hw/vnc/vncExtInit.cc ++++ b/unix/xserver/hw/vnc/vncExtInit.cc +@@ -20,6 +20,9 @@ + #include + #include + ++#include ++#include ++ + #include + #include + #include +@@ -52,6 +55,15 @@ int vncFbstride[MAXSCREENS]; + + int vncInetdSock = -1; + ++struct CaseInsensitiveCompare { ++ bool operator() (const std::string &a, const std::string &b) const { ++ return strcasecmp(a.c_str(), b.c_str()) < 0; ++ } ++}; ++ ++typedef std::set ParamSet; ++static ParamSet allowOverrideSet; ++ + rfb::StringParameter httpDir("httpd", + "Directory containing files to serve via HTTP", + ""); +@@ -69,6 +81,9 @@ rfb::StringParameter interface("interface", + rfb::BoolParameter avoidShiftNumLock("AvoidShiftNumLock", + "Avoid fake Shift presses for keys affected by NumLock.", + true); ++rfb::StringParameter allowOverride("AllowOverride", ++ "Comma separated list of parameters that can be modified using VNC extension.", ++ "desktop,AcceptPointerEvents,SendCutText,AcceptCutText"); + + static PixelFormat vncGetPixelFormat(int scrIdx) + { +@@ -99,6 +114,19 @@ static PixelFormat vncGetPixelFormat(int scrIdx) + redShift, greenShift, blueShift); + } + ++static void parseOverrideList(const char *text, ParamSet &out) ++{ ++ for (const char* iter = text; ; ++iter) { ++ if (*iter == ',' || *iter == '\0') { ++ out.insert(std::string(text, iter)); ++ text = iter + 1; ++ ++ if (*iter == '\0') ++ break; ++ } ++ } ++} ++ + void vncExtensionInit(void) + { + int ret; +@@ -128,6 +156,10 @@ void vncExtensionInit(void) + try { + if (!initialised) { + rfb::initStdIOLoggers(); ++ ++ parseOverrideList(allowOverride, allowOverrideSet); ++ allowOverride.setImmutable(); ++ + initialised = true; + } + +@@ -379,3 +411,16 @@ void vncRefreshScreenLayout(int scrIdx) + { + desktop[scrIdx]->refreshScreenLayout(); + } ++ ++int vncOverrideParam(const char *nameAndValue) ++{ ++ const char* equalSign = strchr(nameAndValue, '='); ++ if (!equalSign) ++ return 0; ++ ++ std::string key(nameAndValue, equalSign); ++ if (allowOverrideSet.find(key) == allowOverrideSet.end()) ++ return 0; ++ ++ return rfb::Configuration::setParam(nameAndValue); ++} +diff --git a/unix/xserver/hw/vnc/vncExtInit.h b/unix/xserver/hw/vnc/vncExtInit.h +index 6430ac0..be6487c 100644 +--- a/unix/xserver/hw/vnc/vncExtInit.h ++++ b/unix/xserver/hw/vnc/vncExtInit.h +@@ -90,6 +90,8 @@ void vncPreScreenResize(int scrIdx); + void vncPostScreenResize(int scrIdx, int success, int width, int height); + void vncRefreshScreenLayout(int scrIdx); + ++int vncOverrideParam(const char *nameAndValue); ++ + #ifdef __cplusplus + } + #endif +diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man +index 4a83315..a4d9f8d 100644 +--- a/unix/xserver/hw/vnc/Xvnc.man ++++ b/unix/xserver/hw/vnc/Xvnc.man +@@ -300,6 +300,21 @@ Key affected by NumLock often require a fake Shift to be inserted in order + for the correct symbol to be generated. Turning on this option avoids these + extra fake Shift events but may result in a slightly different symbol + (e.g. a Return instead of a keypad Enter). ++. ++.TP ++.B \-AllowOverride ++Comma separated list of parameters that can be modified using VNC extension. ++Parameters can be modified for example using \fBvncconfig\fP(1) program from ++inside a running session. ++ ++Allowing override of parameters such as \fBPAMService\fP or \fBPasswordFile\fP ++can negatively impact security if Xvnc runs under different user than the ++programs allowed to override the parameters. ++ ++When \fBNoClipboard\fP parameter is set, allowing override of \fBSendCutText\fP ++and \fBAcceptCutText\fP has no effect. ++ ++Default is \fBdesktop,AcceptPointerEvents,SendCutText,AcceptCutText\fP. + + .SH USAGE WITH INETD + By configuring the \fBinetd\fP(1) service appropriately, Xvnc can be launched diff --git a/tigervnc.changes b/tigervnc.changes index da7f541..418bdac 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Apr 29 14:13:22 UTC 2016 - msrb@suse.com + +- Add U_add_allowoverride_parameter.patch and + u_build_libXvnc_as_separate_library.patch (fate#319319) +- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701) + ------------------------------------------------------------------- Wed Apr 27 10:34:05 UTC 2016 - msrb@suse.com diff --git a/tigervnc.spec b/tigervnc.spec index 2ffe9e9..a0a4829 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -116,6 +116,9 @@ Patch6: u_tigervnc-cve-2014-8240.patch Patch7: u_tigervnc-add-autoaccept-parameter.patch Patch8: u_xserver118.patch Patch9: u_tigervnc_update_default_vncxstartup.patch +Patch10: U_add_allowoverride_parameter.patch +Patch11: u_build_libXvnc_as_separate_library.patch +Patch12: u_tigervnc-show-unencrypted-warning.patch %description TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), @@ -145,6 +148,21 @@ Group: System/X11/Servers/XF86_4 %description -n xorg-x11-Xvnc This is the TigerVNC implementation of Xvnc. +%package -n libXvnc1 +Summary: X extension to control VNC module +Group: System/Libraries + +%description -n libXvnc1 +Xvnc extension allows X clients to read and change VNC configuration. + +%package -n libXvnc-devel +Summary: X extension to control VNC module +Group: Development/Libraries/C and C++ +Requires: libXvnc1 = %version + +%description -n libXvnc-devel +Xvnc extension allows X clients to read and change VNC configuration. + %prep %setup -T -b1 -q cp -r /usr/src/xserver/* unix/xserver/ @@ -158,6 +176,9 @@ cp -r /usr/src/xserver/* unix/xserver/ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 pushd unix/xserver patch -p1 < ../xserver117.patch @@ -266,6 +287,10 @@ if [ "$1" = 0 ] ; then fi %endif +%post -n libXvnc1 -p /sbin/ldconfig + +%postun -n libXvnc1 -p /sbin/ldconfig + %files -f %{name}.lang %defattr(-,root,root,-) %ghost %{_bindir}/vncviewer @@ -332,4 +357,13 @@ fi %ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey} %ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert} +%files -n libXvnc1 +%defattr(-,root,root) +%{_libdir}/libXvnc.so.1* + +%files -n libXvnc-devel +%defattr(-,root,root) +%{_libdir}/libXvnc.so +%{_includedir}/X11/extensions/Xvnc.h + %changelog diff --git a/u_build_libXvnc_as_separate_library.patch b/u_build_libXvnc_as_separate_library.patch new file mode 100644 index 0000000..7a78ed3 --- /dev/null +++ b/u_build_libXvnc_as_separate_library.patch @@ -0,0 +1,38 @@ +Author: Michal Srb +Patch-Mainline: To be upstreamed +Subject: [PATCH] Build libXvnc as separate library. + +So it can be used by others, not only vncconfig. + +diff --git a/unix/vncconfig/CMakeLists.txt b/unix/vncconfig/CMakeLists.txt +index 959681f..5fe1fb8 100644 +--- a/unix/vncconfig/CMakeLists.txt ++++ b/unix/vncconfig/CMakeLists.txt +@@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR}) + include_directories(${CMAKE_SOURCE_DIR}/common) + include_directories(${CMAKE_SOURCE_DIR}/unix/tx) + ++include(GNUInstallDirs) ++ ++add_library(Xvnc SHARED ++ vncExt.c) ++ ++set_target_properties(Xvnc ++ PROPERTIES ++ VERSION 1.0.0 ++ SOVERSION 1 ++) ++ + add_executable(vncconfig + buildtime.c +- vncExt.c + vncconfig.cxx + QueryConnectDialog.cxx) + +-target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES}) ++target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES}) + + install(TARGETS vncconfig DESTINATION ${BIN_DIR}) ++install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so) + install(FILES vncconfig.man DESTINATION ${MAN_DIR}/man1 RENAME vncconfig.1) ++install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h) diff --git a/u_tigervnc-show-unencrypted-warning.patch b/u_tigervnc-show-unencrypted-warning.patch new file mode 100644 index 0000000..1a0d177 --- /dev/null +++ b/u_tigervnc-show-unencrypted-warning.patch @@ -0,0 +1,178 @@ +Author: Michal Srb +Subject: Display warning in window title when no encryption is in use. +Patch-Mainline: To be upstreamed +References: fate#319701 + +Index: tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx +=================================================================== +--- tigervnc-1.6.0.orig/common/rfb/CSecurityPlain.cxx ++++ tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx +@@ -31,7 +31,7 @@ bool CSecurityPlain::processMsg(CConnect + CharArray username; + CharArray password; + +- (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf); ++ (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf, cc->csecurity->getType()); + + // Return the response to the server + os->writeU32(strlen(username.buf)); +Index: tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx +=================================================================== +--- tigervnc-1.6.0.orig/common/rfb/CSecurityVncAuth.cxx ++++ tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx +@@ -46,7 +46,7 @@ bool CSecurityVncAuth::processMsg(CConne + rdr::U8 challenge[vncAuthChallengeSize]; + is->readBytes(challenge, vncAuthChallengeSize); + PlainPasswd passwd; +- (CSecurity::upg)->getUserPasswd(0, &passwd.buf); ++ (CSecurity::upg)->getUserPasswd(0, &passwd.buf, cc->csecurity->getType()); + + // Calculate the correct response + rdr::U8 key[8]; +Index: tigervnc-1.6.0/common/rfb/Security.cxx +=================================================================== +--- tigervnc-1.6.0.orig/common/rfb/Security.cxx ++++ tigervnc-1.6.0/common/rfb/Security.cxx +@@ -206,3 +206,19 @@ std::list rfb::parseSecTypes(c + } + return result; + } ++ ++bool rfb::isSecTypeEncrypted(rdr::U32 num) ++{ ++ switch (num) { ++ case secTypeTLSNone: ++ case secTypeTLSVnc: ++ case secTypeTLSPlain: ++ case secTypeX509None: ++ case secTypeX509Vnc: ++ case secTypeX509Plain: ++ return true; ++ ++ default: ++ return false; ++ } ++} +Index: tigervnc-1.6.0/common/rfb/Security.h +=================================================================== +--- tigervnc-1.6.0.orig/common/rfb/Security.h ++++ tigervnc-1.6.0/common/rfb/Security.h +@@ -104,6 +104,8 @@ namespace rfb { + const char* secTypeName(rdr::U32 num); + rdr::U32 secTypeNum(const char* name); + std::list parseSecTypes(const char* types); ++ ++ bool isSecTypeEncrypted(rdr::U32 num); + } + + #endif +Index: tigervnc-1.6.0/common/rfb/UserPasswdGetter.h +=================================================================== +--- tigervnc-1.6.0.orig/common/rfb/UserPasswdGetter.h ++++ tigervnc-1.6.0/common/rfb/UserPasswdGetter.h +@@ -17,6 +17,9 @@ + */ + #ifndef __RFB_USERPASSWDGETTER_H__ + #define __RFB_USERPASSWDGETTER_H__ ++ ++#include ++ + namespace rfb { + class UserPasswdGetter { + public: +@@ -24,7 +27,7 @@ namespace rfb { + // dialog, getpass(), etc. The user buffer pointer can be null, in which + // case no user name will be retrieved. The caller MUST delete [] the + // result(s). +- virtual void getUserPasswd(char** user, char** password)=0; ++ virtual void getUserPasswd(char** user, char** password, rdr::U32 secType)=0; + }; + } + #endif +Index: tigervnc-1.6.0/vncviewer/DesktopWindow.cxx +=================================================================== +--- tigervnc-1.6.0.orig/vncviewer/DesktopWindow.cxx ++++ tigervnc-1.6.0/vncviewer/DesktopWindow.cxx +@@ -27,6 +27,7 @@ + + #include + #include ++#include + + #include "DesktopWindow.h" + #include "OptionsDialog.h" +@@ -206,7 +207,11 @@ void DesktopWindow::setName(const char * + CharArray windowNameStr; + windowNameStr.replaceBuf(new char[256]); + +- snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC", name); ++ const char *warning = ""; ++ if (!rfb::isSecTypeEncrypted(cc->csecurity->getType())) ++ warning = _("(Connection not encrypted!)"); ++ ++ snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC %s", name, warning); + + copy_label(windowNameStr.buf); + } +Index: tigervnc-1.6.0/vncviewer/UserDialog.cxx +=================================================================== +--- tigervnc-1.6.0.orig/vncviewer/UserDialog.cxx ++++ tigervnc-1.6.0/vncviewer/UserDialog.cxx +@@ -32,10 +32,12 @@ + #include + #include + #include ++#include + + #include + #include + #include ++#include + + #include "i18n.h" + #include "fltk_layout.h" +@@ -59,7 +61,7 @@ UserDialog::~UserDialog() + { + } + +-void UserDialog::getUserPasswd(char** user, char** password) ++void UserDialog::getUserPasswd(char** user, char** password, rdr::U32 secType) + { + CharArray passwordFileStr(passwordFile.getData()); + +@@ -82,8 +84,12 @@ void UserDialog::getUserPasswd(char** us + return; + } + ++ const char* title = _("VNC authentication"); ++ if (!rfb::isSecTypeEncrypted(secType)) ++ title = _("VNC authentication (Connection not encrypted!)"); ++ + if (!user) { +- fl_message_title(_("VNC authentication")); ++ fl_message_title(title); + *password = strDup(fl_password(_("Password:"), "")); + if (!*password) + throw rfb::Exception(_("Authentication cancelled")); +@@ -93,7 +99,7 @@ void UserDialog::getUserPasswd(char** us + + // Largely copied from FLTK so that we get the same look and feel + // as the simpler password input. +- Fl_Window *win = new Fl_Window(410, 145, _("VNC authentication")); ++ Fl_Window *win = new Fl_Window(410, 145, title); + win->callback(button_cb,(void *)0); + + Fl_Input *username = new Fl_Input(70, 25, 300, 25, _("Username:")); +Index: tigervnc-1.6.0/vncviewer/UserDialog.h +=================================================================== +--- tigervnc-1.6.0.orig/vncviewer/UserDialog.h ++++ tigervnc-1.6.0/vncviewer/UserDialog.h +@@ -31,7 +31,7 @@ public: + + // UserPasswdGetter callbacks + +- void getUserPasswd(char** user, char** password); ++ void getUserPasswd(char** user, char** password, rdr::U32 secType); + + // UserMsgBox callbacks +