- Fixes for bsc#1209283

* Drop chown vnc:vnc calls in with-vnc-key.sh
  * Add TLSNone to -securitytypes to increase security in xvnc@.service

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=245

tigervnc.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Apr  3 08:57:25 UTC 2023 - Joan Torres <joan.torres@suse.com>
+
+- Fixes for bsc#1209283
+  * Drop chown vnc:vnc calls in with-vnc-key.sh
+  * Add TLSNone to -securitytypes to increase security in xvnc@.service
+
 -------------------------------------------------------------------
 Sun Mar 19 09:33:05 UTC 2023 - Dirk Müller <dmueller@suse.com>
 

with-vnc-key.sh

@@ -19,7 +19,6 @@ fi
     # If the key file doesn't exist or has zero size (because it doubles as lock), generate it.
     if ! test -s $TLSKEY ; then
         (umask 077 && openssl genrsa -out $TLSKEY 2048) >&200
-        chown vnc:vnc $TLSKEY
     fi
 
     # If the cert file doesn't exist, generate it.
@@ -28,7 +27,6 @@ fi
         CN="`hostname`"
         CN=${CN:0:64}
         openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
-        chown vnc:vnc $TLSCERT
     fi
 
 ) 200>>$TLSKEY 2>/dev/null

xvnc@.service.in

@@ -2,7 +2,7 @@
 Description=Xvnc Server
 
 [Service]
-ExecStart=@LIBEXECDIR@/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
+ExecStart=@LIBEXECDIR@/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,TLSNone,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
 User=vnc
 StandardInput=socket
 StandardOutput=socket