diff --git a/tigervnc-1.10.0.tar.gz b/tigervnc-1.10.0.tar.gz new file mode 100644 index 0000000..39bc42f --- /dev/null +++ b/tigervnc-1.10.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a1e54d980eef8db06f5f696aa1fb6b98be049dac5205fda8b54f211a88dd182c +size 1401973 diff --git a/tigervnc-1.9.0-201-e71a426.tar.gz b/tigervnc-1.9.0-201-e71a426.tar.gz deleted file mode 100644 index acfa217..0000000 --- a/tigervnc-1.9.0-201-e71a426.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:05ed2337c64f24b639c938b4910c861d1cf26164b75297e96277eaa8aa594501 -size 1401295 diff --git a/tigervnc-fix-saving-of-bad-server-certs.patch b/tigervnc-fix-saving-of-bad-server-certs.patch new file mode 100644 index 0000000..683a55a --- /dev/null +++ b/tigervnc-fix-saving-of-bad-server-certs.patch @@ -0,0 +1,60 @@ +From dbad687182ae9093efaf096a069eeafc18b22973 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Mon, 30 Dec 2019 10:24:11 +0100 +Subject: [PATCH 1/2] Fix saving of bad server certificates + +This check is completely backwards and it is currently unknown how +this ever worked. +--- + common/rfb/CSecurityTLS.cxx | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx +index aa1910909..c1a00212a 100644 +--- a/common/rfb/CSecurityTLS.cxx ++++ b/common/rfb/CSecurityTLS.cxx +@@ -416,8 +416,9 @@ void CSecurityTLS::checkSession() + delete [] certinfo; + + if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size) +- == GNUTLS_E_SHORT_MEMORY_BUFFER) +- throw AuthFailureException("Out of memory"); ++ != GNUTLS_E_SHORT_MEMORY_BUFFER) ++ throw AuthFailureException("certificate issuer unknown, and certificate " ++ "export failed"); + + // Save cert + out_buf = new char[out_size]; + +From 6208f47dcbf68ff1e751b0b526bb643f0da867a6 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Mon, 30 Dec 2019 10:26:12 +0100 +Subject: [PATCH 2/2] Remove unneeded memory checks + +new throws an exception on allocation errors rather than return NULL. +--- + common/rfb/CSecurityTLS.cxx | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx +index c1a00212a..5c303a37c 100644 +--- a/common/rfb/CSecurityTLS.cxx ++++ b/common/rfb/CSecurityTLS.cxx +@@ -396,8 +396,6 @@ void CSecurityTLS::checkSession() + vlog.debug("%s", info.data); + + certinfo = new char[len]; +- if (certinfo == NULL) +- throw AuthFailureException("Out of memory"); + + snprintf(certinfo, len, "This certificate has been signed by an unknown " + "authority:\n\n%s\n\nDo you want to save it and " +@@ -422,8 +420,6 @@ void CSecurityTLS::checkSession() + + // Save cert + out_buf = new char[out_size]; +- if (out_buf == NULL) +- throw AuthFailureException("Out of memory"); + + if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0) + throw AuthFailureException("certificate issuer unknown, and certificate " diff --git a/tigervnc.changes b/tigervnc.changes index a099f53..755ac0f 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Tue Dec 31 09:53:30 UTC 2019 - Loic Devulder + +- Add tigervnc-fix-saving-of-bad-server-certs.patch + * fix saving of bad server certificates (boo#1159948) + +------------------------------------------------------------------- +Tue Dec 3 10:32:36 UTC 2019 - Marius Kittler + +- tigervnc-1.10.0 + * The clipboard now supports full Unicode in the native viewer, WinVNC and Xvnc/libvnc.so + * The native client will now respect the system trust store when verifying server certificates + * Improved compatibility with VMware's VNC server + * Improved compatibility with some input methods on macOS + * Improvements to the automatic "repair" of JPEG artefacts + * Better handling of the Alt keys in some corner cases + * The Java web server has been removed as applets are no longer support by most browsers + * x0vncserver can now be configured to only allow local connections + * x0vncserver has received fixes for when only part of the display is shared + * Polling is now default in WinVNC as that works better for most + ------------------------------------------------------------------- Fri Oct 4 14:19:48 UTC 2019 - Hans-Peter Jansen diff --git a/tigervnc.spec b/tigervnc.spec index 8beb7d9..ed089f4 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -1,7 +1,7 @@ # # spec file for package tigervnc # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,7 +31,7 @@ %endif Name: tigervnc -Version: 1.9.0 +Version: 1.10.0 Release: 0 Provides: tightvnc = 1.3.9 Obsoletes: tightvnc < 1.3.9 @@ -105,13 +105,13 @@ BuildRequires: pkgconfig(xtrans) >= 1.2.2 Requires(post): update-alternatives Requires(postun): update-alternatives %endif -Url: http://tigervnc.org/ +URL: http://tigervnc.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: An implementation of VNC #Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz License: GPL-2.0-only AND MIT Group: System/X11/Servers/XF86_4 -Source1: tigervnc-1.9.0-201-e71a426.tar.gz +Source1: tigervnc-%{version}.tar.gz Source4: 10-libvnc.conf Source5: vnc-server.susefirewall Source6: vnc-httpd.susefirewall @@ -140,6 +140,7 @@ Patch8: u_tigervnc-add-autoaccept-parameter.patch Patch9: u_change-button-layout-in-ServerDialog.patch Patch10: n_correct_path_in_desktop_file.patch Patch11: U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch +Patch12: tigervnc-fix-saving-of-bad-server-certs.patch %description TigerVNC is an implementation of VNC (Virtual Network Computing), a @@ -244,7 +245,7 @@ This is a wrapper that looks like x11vnc, but starts x0vncserver instead. It maps common x11vnc arguments to x0vncserver arguments. %prep -%setup -T -b1 -q -n tigervnc +%setup -T -b1 -q -n tigervnc-%{version} cp -r /usr/src/xserver/* unix/xserver/ %patch1 -p1 @@ -258,6 +259,7 @@ cp -r /usr/src/xserver/* unix/xserver/ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 pushd unix/xserver patch -p1 < ../xserver120.patch