diff --git a/tigervnc.changes b/tigervnc.changes index 39de62d..aa07dbd 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Apr 3 08:57:25 UTC 2023 - Joan Torres + +- Fixes for bsc#1209283 + * Drop chown vnc:vnc calls in with-vnc-key.sh + * Add TLSNone to -securitytypes to increase security in xvnc@.service + ------------------------------------------------------------------- Sun Mar 19 09:33:05 UTC 2023 - Dirk Müller diff --git a/with-vnc-key.sh b/with-vnc-key.sh index 39fc549..bf16b70 100644 --- a/with-vnc-key.sh +++ b/with-vnc-key.sh @@ -19,7 +19,6 @@ fi # If the key file doesn't exist or has zero size (because it doubles as lock), generate it. if ! test -s $TLSKEY ; then (umask 077 && openssl genrsa -out $TLSKEY 2048) >&200 - chown vnc:vnc $TLSKEY fi # If the cert file doesn't exist, generate it. @@ -28,7 +27,6 @@ fi CN="`hostname`" CN=${CN:0:64} openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/" - chown vnc:vnc $TLSCERT fi ) 200>>$TLSKEY 2>/dev/null diff --git a/xvnc@.service.in b/xvnc@.service.in index 077383f..16cd76c 100644 --- a/xvnc@.service.in +++ b/xvnc@.service.in @@ -2,7 +2,7 @@ Description=Xvnc Server [Service] -ExecStart=@LIBEXECDIR@/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM +ExecStart=@LIBEXECDIR@/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,TLSNone,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM User=vnc StandardInput=socket StandardOutput=socket