Accepting request 392822 from home:michalsrb:branches:X11:XOrg

- Add U_add_allowoverride_parameter.patch and
    u_build_libXvnc_as_separate_library.patch (fate#319319)
- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701)

OBS-URL: https://build.opensuse.org/request/show/392822
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=83

U_add_allowoverride_parameter.patch

@@ -0,0 +1,164 @@
+Git-commit: ef0dd758a3fad048c1f04e144b03a3e69b001f21
+Patch-Mainline: To be upstreamed
+Author: Michal Srb <michalsrb@gmail.com>
+Subject: Add AllowOverride parameter.
+References: fate#319319
+
+Allows to specify which configuration parameters can be modified on runtime.
+
+diff --git a/unix/xserver/hw/vnc/vncExt.c b/unix/xserver/hw/vnc/vncExt.c
+index 43794da..b27115f 100644
+--- a/unix/xserver/hw/vnc/vncExt.c
++++ b/unix/xserver/hw/vnc/vncExt.c
+@@ -182,17 +182,16 @@ static int ProcVncExtSetParam(ClientPtr client)
+   rep.sequenceNumber = client->sequence;
+ 
+   /*
+-   * Allow to change only certain parameters.
+-   * Changing other parameters (for example PAM service name)
+-   * could have negative security impact.
++   * Prevent change of clipboard related parameters if clipboard is disabled.
+    */
+-  if (strncasecmp(param, "desktop", 7) != 0 &&
+-      strncasecmp(param, "AcceptPointerEvents", 19) != 0 &&
+-      (vncNoClipboard || strncasecmp(param, "SendCutText", 11) != 0) &&
+-      (vncNoClipboard || strncasecmp(param, "AcceptCutText", 13) != 0))
++  if (vncNoClipboard &&
++      (strncasecmp(param, "SendCutText", 11) == 0 ||
++       strncasecmp(param, "AcceptCutText", 13) == 0))
++    goto deny;
++
++  if (!vncOverrideParam(param))
+     goto deny;
+ 
+-  vncSetParamSimple(param);
+   rep.success = 1;
+ 
+   // Send DesktopName update if desktop name has been changed
+diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc
+index 863cd36..1d37493 100644
+--- a/unix/xserver/hw/vnc/vncExtInit.cc
++++ b/unix/xserver/hw/vnc/vncExtInit.cc
+@@ -20,6 +20,9 @@
+ #include <stdio.h>
+ #include <errno.h>
+ 
++#include <set>
++#include <string>
++
+ #include <rfb/Configuration.h>
+ #include <rfb/Logger_stdio.h>
+ #include <rfb/LogWriter.h>
+@@ -52,6 +55,15 @@ int vncFbstride[MAXSCREENS];
+ 
+ int vncInetdSock = -1;
+ 
++struct CaseInsensitiveCompare {
++  bool operator() (const std::string &a, const std::string &b) const {
++    return strcasecmp(a.c_str(), b.c_str()) < 0;
++  }
++};
++
++typedef std::set<std::string, CaseInsensitiveCompare> ParamSet;
++static ParamSet allowOverrideSet;
++
+ rfb::StringParameter httpDir("httpd",
+                              "Directory containing files to serve via HTTP",
+                              "");
+@@ -69,6 +81,9 @@ rfb::StringParameter interface("interface",
+ rfb::BoolParameter avoidShiftNumLock("AvoidShiftNumLock",
+                                      "Avoid fake Shift presses for keys affected by NumLock.",
+                                      true);
++rfb::StringParameter allowOverride("AllowOverride",
++                                   "Comma separated list of parameters that can be modified using VNC extension.",
++                                   "desktop,AcceptPointerEvents,SendCutText,AcceptCutText");
+ 
+ static PixelFormat vncGetPixelFormat(int scrIdx)
+ {
+@@ -99,6 +114,19 @@ static PixelFormat vncGetPixelFormat(int scrIdx)
+                      redShift, greenShift, blueShift);
+ }
+ 
++static void parseOverrideList(const char *text, ParamSet &out)
++{
++  for (const char* iter = text; ; ++iter) {
++    if (*iter == ',' || *iter == '\0') {
++      out.insert(std::string(text, iter));
++      text = iter + 1;
++
++      if (*iter == '\0')
++        break;
++    }
++  }
++}
++
+ void vncExtensionInit(void)
+ {
+   int ret;
+@@ -128,6 +156,10 @@ void vncExtensionInit(void)
+   try {
+     if (!initialised) {
+       rfb::initStdIOLoggers();
++
++      parseOverrideList(allowOverride, allowOverrideSet);
++      allowOverride.setImmutable();
++
+       initialised = true;
+     }
+ 
+@@ -379,3 +411,16 @@ void vncRefreshScreenLayout(int scrIdx)
+ {
+   desktop[scrIdx]->refreshScreenLayout();
+ }
++
++int vncOverrideParam(const char *nameAndValue)
++{
++  const char* equalSign = strchr(nameAndValue, '=');
++  if (!equalSign)
++    return 0;
++
++  std::string key(nameAndValue, equalSign);
++  if (allowOverrideSet.find(key) == allowOverrideSet.end())
++    return 0;
++
++  return rfb::Configuration::setParam(nameAndValue);
++}
+diff --git a/unix/xserver/hw/vnc/vncExtInit.h b/unix/xserver/hw/vnc/vncExtInit.h
+index 6430ac0..be6487c 100644
+--- a/unix/xserver/hw/vnc/vncExtInit.h
++++ b/unix/xserver/hw/vnc/vncExtInit.h
+@@ -90,6 +90,8 @@ void vncPreScreenResize(int scrIdx);
+ void vncPostScreenResize(int scrIdx, int success, int width, int height);
+ void vncRefreshScreenLayout(int scrIdx);
+ 
++int vncOverrideParam(const char *nameAndValue);
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
+index 4a83315..a4d9f8d 100644
+--- a/unix/xserver/hw/vnc/Xvnc.man
++++ b/unix/xserver/hw/vnc/Xvnc.man
+@@ -300,6 +300,21 @@ Key affected by NumLock often require a fake Shift to be inserted in order
+ for the correct symbol to be generated. Turning on this option avoids these
+ extra fake Shift events but may result in a slightly different symbol
+ (e.g. a Return instead of a keypad Enter).
++.
++.TP
++.B \-AllowOverride
++Comma separated list of parameters that can be modified using VNC extension.
++Parameters can be modified for example using \fBvncconfig\fP(1) program from
++inside a running session.
++
++Allowing override of parameters such as \fBPAMService\fP or \fBPasswordFile\fP
++can negatively impact security if Xvnc runs under different user than the
++programs allowed to override the parameters.
++
++When \fBNoClipboard\fP parameter is set, allowing override of \fBSendCutText\fP
++and \fBAcceptCutText\fP has no effect.
++
++Default is \fBdesktop,AcceptPointerEvents,SendCutText,AcceptCutText\fP.
+ 
+ .SH USAGE WITH INETD
+ By configuring the \fBinetd\fP(1) service appropriately, Xvnc can be launched

tigervnc.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Apr 29 14:13:22 UTC 2016 - msrb@suse.com
+
+- Add U_add_allowoverride_parameter.patch and
+    u_build_libXvnc_as_separate_library.patch (fate#319319)
+- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701)
+
 -------------------------------------------------------------------
 Wed Apr 27 10:34:05 UTC 2016 - msrb@suse.com
 

tigervnc.spec

@@ -116,6 +116,9 @@ Patch6:         u_tigervnc-cve-2014-8240.patch
 Patch7:         u_tigervnc-add-autoaccept-parameter.patch
 Patch8:         u_xserver118.patch
 Patch9:         u_tigervnc_update_default_vncxstartup.patch
+Patch10:        U_add_allowoverride_parameter.patch
+Patch11:        u_build_libXvnc_as_separate_library.patch
+Patch12:        u_tigervnc-show-unencrypted-warning.patch
 
 %description
 TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), 
@@ -145,6 +148,21 @@ Group:          System/X11/Servers/XF86_4
 %description -n xorg-x11-Xvnc
 This is the TigerVNC implementation of Xvnc.
 
+%package -n libXvnc1
+Summary:        X extension to control VNC module
+Group:          System/Libraries
+
+%description -n libXvnc1
+Xvnc extension allows X clients to read and change VNC configuration.
+
+%package -n libXvnc-devel
+Summary:        X extension to control VNC module
+Group:          Development/Libraries/C and C++
+Requires:       libXvnc1 = %version
+
+%description -n libXvnc-devel
+Xvnc extension allows X clients to read and change VNC configuration.
+
 %prep
 %setup -T -b1 -q
 cp -r /usr/src/xserver/* unix/xserver/
@@ -158,6 +176,9 @@ cp -r /usr/src/xserver/* unix/xserver/
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
 
 pushd unix/xserver
 patch -p1 < ../xserver117.patch
@@ -266,6 +287,10 @@ if [ "$1" = 0 ] ; then
 fi
 %endif
 
+%post -n libXvnc1 -p /sbin/ldconfig
+
+%postun -n libXvnc1 -p /sbin/ldconfig
+
 %files -f %{name}.lang
 %defattr(-,root,root,-)
 %ghost %{_bindir}/vncviewer
@@ -332,4 +357,13 @@ fi
 %ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
 %ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
 
+%files -n libXvnc1
+%defattr(-,root,root)
+%{_libdir}/libXvnc.so.1*
+
+%files -n libXvnc-devel
+%defattr(-,root,root)
+%{_libdir}/libXvnc.so
+%{_includedir}/X11/extensions/Xvnc.h
+
 %changelog

u_build_libXvnc_as_separate_library.patch

@@ -0,0 +1,38 @@
+Author: Michal Srb <michalsrb@gmail.com>
+Patch-Mainline: To be upstreamed
+Subject: [PATCH] Build libXvnc as separate library.
+
+So it can be used by others, not only vncconfig.
+
+diff --git a/unix/vncconfig/CMakeLists.txt b/unix/vncconfig/CMakeLists.txt
+index 959681f..5fe1fb8 100644
+--- a/unix/vncconfig/CMakeLists.txt
++++ b/unix/vncconfig/CMakeLists.txt
+@@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR})
+ include_directories(${CMAKE_SOURCE_DIR}/common)
+ include_directories(${CMAKE_SOURCE_DIR}/unix/tx)
+ 
++include(GNUInstallDirs)
++
++add_library(Xvnc SHARED
++  vncExt.c)
++
++set_target_properties(Xvnc
++  PROPERTIES
++    VERSION 1.0.0
++    SOVERSION 1
++)
++
+ add_executable(vncconfig 
+   buildtime.c
+-  vncExt.c
+   vncconfig.cxx
+   QueryConnectDialog.cxx)
+ 
+-target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES})
++target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES})
+ 
+ install(TARGETS vncconfig DESTINATION ${BIN_DIR})
++install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so)
+ install(FILES vncconfig.man DESTINATION ${MAN_DIR}/man1 RENAME vncconfig.1)
++install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h)

u_tigervnc-show-unencrypted-warning.patch

@@ -0,0 +1,178 @@
+Author: Michal Srb <michalsrb@gmail.com>
+Subject: Display warning in window title when no encryption is in use.
+Patch-Mainline: To be upstreamed
+References: fate#319701
+
+Index: tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx
+===================================================================
+--- tigervnc-1.6.0.orig/common/rfb/CSecurityPlain.cxx
++++ tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx
+@@ -31,7 +31,7 @@ bool CSecurityPlain::processMsg(CConnect
+   CharArray username;
+   CharArray password;
+ 
+-  (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf);
++  (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf, cc->csecurity->getType());
+ 
+   // Return the response to the server
+   os->writeU32(strlen(username.buf));
+Index: tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx
+===================================================================
+--- tigervnc-1.6.0.orig/common/rfb/CSecurityVncAuth.cxx
++++ tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx
+@@ -46,7 +46,7 @@ bool CSecurityVncAuth::processMsg(CConne
+   rdr::U8 challenge[vncAuthChallengeSize];
+   is->readBytes(challenge, vncAuthChallengeSize);
+   PlainPasswd passwd;
+-  (CSecurity::upg)->getUserPasswd(0, &passwd.buf);
++  (CSecurity::upg)->getUserPasswd(0, &passwd.buf, cc->csecurity->getType());
+ 
+   // Calculate the correct response
+   rdr::U8 key[8];
+Index: tigervnc-1.6.0/common/rfb/Security.cxx
+===================================================================
+--- tigervnc-1.6.0.orig/common/rfb/Security.cxx
++++ tigervnc-1.6.0/common/rfb/Security.cxx
+@@ -206,3 +206,19 @@ std::list<rdr::U32> rfb::parseSecTypes(c
+   }
+   return result;
+ }
++
++bool rfb::isSecTypeEncrypted(rdr::U32 num)
++{
++  switch (num) {
++  case secTypeTLSNone:
++  case secTypeTLSVnc:
++  case secTypeTLSPlain:
++  case secTypeX509None:
++  case secTypeX509Vnc:
++  case secTypeX509Plain:
++    return true;
++
++  default:
++    return false;
++  }
++}
+Index: tigervnc-1.6.0/common/rfb/Security.h
+===================================================================
+--- tigervnc-1.6.0.orig/common/rfb/Security.h
++++ tigervnc-1.6.0/common/rfb/Security.h
+@@ -104,6 +104,8 @@ namespace rfb {
+   const char* secTypeName(rdr::U32 num);
+   rdr::U32 secTypeNum(const char* name);
+   std::list<rdr::U32> parseSecTypes(const char* types);
++
++  bool isSecTypeEncrypted(rdr::U32 num);
+ }
+ 
+ #endif
+Index: tigervnc-1.6.0/common/rfb/UserPasswdGetter.h
+===================================================================
+--- tigervnc-1.6.0.orig/common/rfb/UserPasswdGetter.h
++++ tigervnc-1.6.0/common/rfb/UserPasswdGetter.h
+@@ -17,6 +17,9 @@
+  */
+ #ifndef __RFB_USERPASSWDGETTER_H__
+ #define __RFB_USERPASSWDGETTER_H__
++
++#include <rdr/types.h>
++
+ namespace rfb {
+   class UserPasswdGetter {
+   public:
+@@ -24,7 +27,7 @@ namespace rfb {
+     // dialog, getpass(), etc.  The user buffer pointer can be null, in which
+     // case no user name will be retrieved.  The caller MUST delete [] the
+     // result(s).
+-    virtual void getUserPasswd(char** user, char** password)=0;
++    virtual void getUserPasswd(char** user, char** password, rdr::U32 secType)=0;
+   };
+ }
+ #endif
+Index: tigervnc-1.6.0/vncviewer/DesktopWindow.cxx
+===================================================================
+--- tigervnc-1.6.0.orig/vncviewer/DesktopWindow.cxx
++++ tigervnc-1.6.0/vncviewer/DesktopWindow.cxx
+@@ -27,6 +27,7 @@
+ 
+ #include <rfb/LogWriter.h>
+ #include <rfb/CMsgWriter.h>
++#include <rfb/Security.h>
+ 
+ #include "DesktopWindow.h"
+ #include "OptionsDialog.h"
+@@ -206,7 +207,11 @@ void DesktopWindow::setName(const char *
+   CharArray windowNameStr;
+   windowNameStr.replaceBuf(new char[256]);
+ 
+-  snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC", name);
++  const char *warning = "";
++  if (!rfb::isSecTypeEncrypted(cc->csecurity->getType()))
++    warning = _("(Connection not encrypted!)");
++
++  snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC %s", name, warning);
+ 
+   copy_label(windowNameStr.buf);
+ }
+Index: tigervnc-1.6.0/vncviewer/UserDialog.cxx
+===================================================================
+--- tigervnc-1.6.0.orig/vncviewer/UserDialog.cxx
++++ tigervnc-1.6.0/vncviewer/UserDialog.cxx
+@@ -32,10 +32,12 @@
+ #include <FL/Fl_Secret_Input.H>
+ #include <FL/Fl_Button.H>
+ #include <FL/Fl_Return_Button.H>
++#include <FL/Fl_Text_Display.H>
+ 
+ #include <rfb/util.h>
+ #include <rfb/Password.h>
+ #include <rfb/Exception.h>
++#include <rfb/Security.h>
+ 
+ #include "i18n.h"
+ #include "fltk_layout.h"
+@@ -59,7 +61,7 @@ UserDialog::~UserDialog()
+ {
+ }
+ 
+-void UserDialog::getUserPasswd(char** user, char** password)
++void UserDialog::getUserPasswd(char** user, char** password, rdr::U32 secType)
+ {
+   CharArray passwordFileStr(passwordFile.getData());
+ 
+@@ -82,8 +84,12 @@ void UserDialog::getUserPasswd(char** us
+     return;
+   }
+ 
++  const char* title = _("VNC authentication");
++  if (!rfb::isSecTypeEncrypted(secType))
++    title = _("VNC authentication (Connection not encrypted!)");
++
+   if (!user) {
+-    fl_message_title(_("VNC authentication"));
++    fl_message_title(title);
+     *password = strDup(fl_password(_("Password:"), ""));
+     if (!*password)
+       throw rfb::Exception(_("Authentication cancelled"));
+@@ -93,7 +99,7 @@ void UserDialog::getUserPasswd(char** us
+ 
+   // Largely copied from FLTK so that we get the same look and feel
+   // as the simpler password input.
+-  Fl_Window *win = new Fl_Window(410, 145, _("VNC authentication"));
++  Fl_Window *win = new Fl_Window(410, 145, title);
+   win->callback(button_cb,(void *)0);
+ 
+   Fl_Input *username = new Fl_Input(70, 25, 300, 25, _("Username:"));
+Index: tigervnc-1.6.0/vncviewer/UserDialog.h
+===================================================================
+--- tigervnc-1.6.0.orig/vncviewer/UserDialog.h
++++ tigervnc-1.6.0/vncviewer/UserDialog.h
+@@ -31,7 +31,7 @@ public:
+ 
+   // UserPasswdGetter callbacks
+ 
+-  void getUserPasswd(char** user, char** password);
++  void getUserPasswd(char** user, char** password, rdr::U32 secType);
+ 
+   // UserMsgBox callbacks
+