rpm/tigervnc
SHA256
1
0
Fork 0
forked from pool/tigervnc
Code Pull Requests Activity

Accepting request 317207 from X11:XOrg

Browse Source 
- Updated to tigervnc 1.5.0.
- Dropped no longer needed patches:
  * tigervnc-sf3495623.patch
  * u_syslog.patch
  * u_tigervnc-build-with-xserver-1.17.patch
  * tigervnc-gnutls-3.4-required.patch
  * u_tigervnc-dont-send-ascii-control-characters.patch
  * u_terminate_instead_of_ignoring_restart.patch
- Dropped no longer needed index.vnc.
- Use encryption everywhere. (fate#318936)
  * u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
  * u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
  * u_tigervnc-add-autoaccept-parameter.patch
- Work with fltk 1.3.2.
  * N_tigervnc_revert_fltk_1_3_3_requirements.patch

OBS-URL: https://build.opensuse.org/request/show/317207
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=22
This commit is contained in:
Stephan Kulow 2015-07-21 11:26:06 +00:00 committed by Git OBS Bridge
commit b56110016d
20 changed files with 1459 additions and 1192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1005
N_tigervnc_revert_fltk_1_3_3_requirements.patch Normal file
View File

File diff suppressed because it is too large Load Diff

21
index.vnc
View File

@ -1,21 +0,0 @@
<!--
index.vnc - default HTML page for TigerVNC Java viewer applet, to be
used with Xvnc. On any file ending in .vnc, the HTTP server embedded in
Xvnc will substitute the following variables when preceded by a dollar:
USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,
Use two dollar signs ($$) to get a dollar sign in the generated
HTML page.
-->
<HTML>
<TITLE>
$USER's $DESKTOP desktop ($DISPLAY)
</TITLE>
<APPLET CODE="com.tigervnc.vncviewer.VncViewer" ARCHIVE="VncViewer.jar" WIDTH="$APPLETWIDTH" HEIGHT="$APPLETHEIGHT">
<PARAM NAME="Port" VALUE="$PORT">
<PARAM NAME="Embed" VALUE="true">
<PARAM NAME="AlwaysShowServerDialog" VALUE="false">
</APPLET>
<BR>
<A href="http://www.tigervnc.org/">TigerVNC site</A>
</HTML>

36
tigervnc-clean-pressed-key-on-exit.patch
View File

@ -1,8 +1,8 @@
Index: tigervnc-1.4.1/vncviewer/DesktopWindow.cxx
Index: tigervnc-1.5.0/vncviewer/DesktopWindow.cxx
===================================================================
--- tigervnc-1.4.1.orig/vncviewer/DesktopWindow.cxx
+++ tigervnc-1.4.1/vncviewer/DesktopWindow.cxx
@@ -188,6 +188,8 @@ DesktopWindow::~DesktopWindow()
--- tigervnc-1.5.0.orig/vncviewer/DesktopWindow.cxx
+++ tigervnc-1.5.0/vncviewer/DesktopWindow.cxx
@@ -177,6 +177,8 @@ DesktopWindow::~DesktopWindow()
OptionsDialog::removeCallback(handleOptions);
@ -11,11 +11,11 @@ Index: tigervnc-1.4.1/vncviewer/DesktopWindow.cxx
// FLTK automatically deletes all child widgets, so we shouldn't touch
// them ourselves here
}
Index: tigervnc-1.4.1/vncviewer/Viewport.cxx
Index: tigervnc-1.5.0/vncviewer/Viewport.cxx
===================================================================
--- tigervnc-1.4.1.orig/vncviewer/Viewport.cxx
+++ tigervnc-1.4.1/vncviewer/Viewport.cxx
@@ -144,6 +144,11 @@ Viewport::Viewport(int w, int h, const r
--- tigervnc-1.5.0.orig/vncviewer/Viewport.cxx
+++ tigervnc-1.5.0/vncviewer/Viewport.cxx
@@ -139,6 +139,11 @@ Viewport::Viewport(int w, int h, const r
Viewport::~Viewport()
{
@ -27,23 +27,23 @@ Index: tigervnc-1.4.1/vncviewer/Viewport.cxx
// Unregister all timeouts in case they get a change tro trigger
// again later when this object is already gone.
Fl::remove_timeout(handlePointerTimeout, this);
Index: tigervnc-1.4.1/vncviewer/vncviewer.cxx
Index: tigervnc-1.5.0/vncviewer/vncviewer.cxx
===================================================================
--- tigervnc-1.4.1.orig/vncviewer/vncviewer.cxx
+++ tigervnc-1.4.1/vncviewer/vncviewer.cxx
@@ -88,6 +88,8 @@ char vncServerName[VNCSERVERNAMELEN] = {
static bool exitMainloop = false;
static const char *exitError = NULL;
--- tigervnc-1.5.0.orig/vncviewer/vncviewer.cxx
+++ tigervnc-1.5.0/vncviewer/vncviewer.cxx
@@ -107,6 +107,8 @@ static const char *about_text()
return buffer;
}
+static CConn *cc;
+
void exit_vncviewer(const char *error)
{
// Prioritise the first error we get as that is probably the most
@@ -114,6 +116,16 @@ static void CleanupSignalHandler(int sig
@@ -158,6 +160,16 @@ static void CleanupSignalHandler(int sig
// CleanupSignalHandler allows C++ object cleanup to happen because it calls
// exit() rather than the default which is to abort.
vlog.info(_("CleanupSignalHandler called"));
vlog.info(_("Termination signal %d has been received. TigerVNC Viewer will now exit."), sig);
+ delete cc;
+ exit(1);
+}
@ -57,7 +57,7 @@ Index: tigervnc-1.4.1/vncviewer/vncviewer.cxx
exit(1);
}
@@ -392,11 +404,19 @@ int main(int argc, char** argv)
@@ -460,11 +472,19 @@ int main(int argc, char** argv)
init_fltk();
@ -77,7 +77,7 @@ Index: tigervnc-1.4.1/vncviewer/vncviewer.cxx
Configuration::enableViewerParams();
/* Load the default parameter settings */
@@ -497,7 +517,7 @@ int main(int argc, char** argv)
@@ -577,7 +597,7 @@ int main(int argc, char** argv)
#endif
}

719
tigervnc-gnutls-3.4-required.patch
View File

@ -1,719 +0,0 @@
From 88c24edd8f7a793561104be50b6ecf2c85b42956 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 29 Jan 2015 13:12:22 +0100
Subject: [PATCH] Raise GnuTLS requirements to 3.x
This allows us to simplify things by getting rid of some old
compatibility code. People should really be using current versions
of GnuTLS anyway to stay secure.
---
BUILDING.txt | 2 +-
CMakeLists.txt | 24 ------
common/os/CMakeLists.txt | 3 +-
common/os/tls.cxx | 198 --------------------------------------------
common/os/tls.h | 59 -------------
common/rdr/TLSErrno.h | 46 ----------
common/rdr/TLSInStream.cxx | 11 ++-
common/rdr/TLSInStream.h | 6 +-
common/rdr/TLSOutStream.cxx | 9 +-
common/rdr/TLSOutStream.h | 6 +-
common/rfb/CSecurityTLS.cxx | 31 ++++---
common/rfb/CSecurityTLS.h | 6 +-
common/rfb/SSecurityTLS.cxx | 23 +++--
common/rfb/SSecurityTLS.h | 10 +--
config.h.in | 7 --
15 files changed, 60 insertions(+), 381 deletions(-)
delete mode 100644 common/os/tls.cxx
delete mode 100644 common/os/tls.h
delete mode 100644 common/rdr/TLSErrno.h
Index: tigervnc-1.4.3/BUILDING.txt
===================================================================
--- tigervnc-1.4.3.orig/BUILDING.txt
+++ tigervnc-1.4.3/BUILDING.txt
@@ -14,7 +14,7 @@ Build Requirements (All Systems)
* See "Building FLTK" below.
-- If building TLS support:
- * GnuTLS
+ * GnuTLS 3.x
* See "Building TLS Support" below.
-- If building native language support (NLS):
Index: tigervnc-1.4.3/CMakeLists.txt
===================================================================
--- tigervnc-1.4.3.orig/CMakeLists.txt
+++ tigervnc-1.4.3/CMakeLists.txt
@@ -270,30 +270,6 @@ if(ENABLE_GNUTLS)
include_directories(${GNUTLS_INCLUDE_DIR})
add_definitions("-DHAVE_GNUTLS")
add_definitions(${GNUTLS_DEFINITIONS})
-
- # Detect old version of GnuTLS
- set(CMAKE_REQUIRED_FLAGS -I${GNUTLS_INCLUDE_DIR})
- set(CMAKE_EXTRA_INCLUDE_FILES gnutls/gnutls.h)
- set(CMAKE_REQUIRED_LIBRARIES ${GNUTLS_LIBRARIES})
- if(WIN32)
- set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ws2_32 user32)
- endif()
- if(ZLIB_FOUND)
- # When we build against the static version of GnuTLS, we also use the
- # included version of Zlib, but it isn't built yet, so we have to use the
- # system's version (if available) to perform this test.
- set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES};-lz)
- endif()
- check_function_exists(gnutls_transport_set_errno HAVE_GNUTLS_SET_ERRNO)
- check_function_exists(gnutls_transport_set_global_errno HAVE_GNUTLS_SET_GLOBAL_ERRNO)
- check_function_exists(gnutls_x509_crt_print HAVE_GNUTLS_X509_CRT_PRINT)
- check_type_size(gnutls_x509_crt_t GNUTLS_X509_CRT_T)
- check_type_size(gnutls_datum_t GNUTLS_DATUM_T)
- check_type_size(gnutls_pk_algorithm_t GNUTLS_PK_ALGORITHM_T)
- check_type_size(gnutls_sign_algorithm_t GNUTLS_SIGN_ALGORITHM_T)
- set(CMAKE_REQUIRED_FLAGS)
- set(CMAKE_EXTRA_INCLUDE_FILES)
- set(CMAKE_REQUIRED_LIBRARIES)
endif()
endif()
Index: tigervnc-1.4.3/common/os/CMakeLists.txt
===================================================================
--- tigervnc-1.4.3.orig/common/os/CMakeLists.txt
+++ tigervnc-1.4.3/common/os/CMakeLists.txt
@@ -2,8 +2,7 @@ include_directories(${CMAKE_SOURCE_DIR}/
add_library(os STATIC
w32tiger.c
- os.cxx
- tls.cxx)
+ os.cxx)
if(UNIX)
libtool_create_control_file(os)
Index: tigervnc-1.4.3/common/os/tls.cxx
===================================================================
--- tigervnc-1.4.3.orig/common/os/tls.cxx
+++ /dev/null
@@ -1,198 +0,0 @@
-/* Copyright (C) 2011 TightVNC Team. All Rights Reserved.
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
- * USA.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <os/tls.h>
-
-#include <iomanip>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sstream>
-#include <sys/types.h>
-#include <time.h>
-
-using namespace std;
-
-#if defined(HAVE_GNUTLS) && !defined(WIN32)
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-
-#ifndef HAVE_GNUTLS_X509_CRT_PRINT
-
-/* Ancient GNUTLS... */
-#if !defined(GNUTLS_VERSION_NUMBER) && !defined(LIBGNUTLS_VERSION_NUMBER)
-#define GNUTLS_DIG_SHA1 GNUTLS_DIG_SHA
-#endif
-
-#define UNKNOWN_SUBJECT(err) \
- do { \
- ss << "unknown subject (" << gnutls_strerror(err) << "), "; \
- } while (0)
-
-#define UNKNOWN_ISSUER(err) \
- do { \
- ss << "unknown issuer (" << gnutls_strerror(err) << "), "; \
- } while (0)
-
-
-static void
-hexprint(ostringstream &ss, const char *data, size_t len)
-{
- size_t j;
- char tmp[3];
-
- if (len == 0)
- ss << "00";
- else {
- for (j = 0; j < len; j++) {
- snprintf(tmp, sizeof(tmp), "%.2x", (unsigned char) data[j]);
- ss << tmp;
- }
- }
-}
-
-/* Implementation based on gnutls_x509_crt_print from GNUTLS */
-int
-gnutls_x509_crt_print(gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
-{
- ostringstream ss;
-
- int err;
-
- char *dn;
- size_t dn_size = 0;
-
- /* Subject */
- err = gnutls_x509_crt_get_dn(cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- UNKNOWN_SUBJECT(err);
- else {
- dn = (char *)malloc(dn_size);
- if (dn == NULL) {
- UNKNOWN_SUBJECT(GNUTLS_E_MEMORY_ERROR);
- } else {
- err = gnutls_x509_crt_get_dn(cert, dn, &dn_size);
- if (err < 0) {
- UNKNOWN_SUBJECT(err);
- } else
- ss << "subject `" << dn << "', ";
- free(dn);
- }
- }
-
- /* Issuer */
- dn = NULL;
- dn_size = 0;
- err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- UNKNOWN_ISSUER(err);
- else {
- dn = (char *)malloc(dn_size);
- if (dn == NULL) {
- UNKNOWN_ISSUER(GNUTLS_E_MEMORY_ERROR);
- } else {
- err = gnutls_x509_crt_get_issuer_dn(cert, dn, &dn_size);
- if (err < 0)
- UNKNOWN_ISSUER(err);
- else
- ss << "issuer `" << dn << "', ";
- free(dn);
- }
- }
-
- /* Key algorithm and size */
- unsigned int bits;
- const char *name;
- name = gnutls_pk_algorithm_get_name( (gnutls_pk_algorithm_t)
- gnutls_x509_crt_get_pk_algorithm(cert, &bits));
- if (name == NULL)
- name = "Unknown";
- ss << name << " key " << bits << " bits, ";
-
- /* Signature algorithm */
- err = gnutls_x509_crt_get_signature_algorithm(cert);
- if (err < 0) {
- ss << "unknown signature algorithm (" << gnutls_strerror(err)
- << "), ";
- } else {
- const char *name;
- name = gnutls_sign_algorithm_get_name((gnutls_sign_algorithm_t)err);
- if (name == NULL)
- name = "Unknown";
-
- ss << "signed using " << name;
- if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
- ss << " (broken!)";
- ss << ", ";
- }
-
- /* Validity */
- time_t tim;
- char s[42];
- size_t max = sizeof(s);
- struct tm t;
-
- tim = gnutls_x509_crt_get_activation_time(cert);
- if (gmtime_r(&tim, &t) == NULL)
- ss << "unknown activation (" << (unsigned long) tim << ")";
- else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- ss << "failed activation (" << (unsigned long) tim << ")";
- else
- ss << "activated `" << s << "'";
- ss << ", ";
-
- tim = gnutls_x509_crt_get_expiration_time(cert);
- if (gmtime_r(&tim, &t) == NULL)
- ss << "unknown expiry (" << (unsigned long) tim << ")";
- else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- ss << "failed expiry (" << (unsigned long) tim << ")";
- else
- ss << "expires `" << s << "'";
- ss << ", ";
-
- /* Fingerprint */
- char buffer[20];
- size_t size = sizeof(buffer);
-
- err = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, buffer, &size);
- if (err < 0)
- ss << "unknown fingerprint (" << gnutls_strerror(err) << ")";
- else {
- ss << "SHA-1 fingerprint `";
- hexprint(ss, buffer, size);
- ss << "'";
- }
-
- out->data = (unsigned char *) strdup(ss.str().c_str());
- if (out->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
- out->size = strlen((char *)out->data);
-
- return 0;
-}
-
-#endif /* HAVE_GNUTLS_X509_CRT_PRINT */
-
-#endif /* HAVE_GNUTLS */
-
Index: tigervnc-1.4.3/common/os/tls.h
===================================================================
--- tigervnc-1.4.3.orig/common/os/tls.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/* Copyright (C) 2011 TightVNC Team. All Rights Reserved.
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
- * USA.
- */
-
-#ifndef OS_TLS_H
-#define OS_TLS_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#if defined(HAVE_GNUTLS)
-#include <gnutls/gnutls.h>
-
-#ifndef HAVE_GNUTLS_DATUM_T
-typedef gnutls_datum gnutls_datum_t;
-#endif
-#ifndef HAVE_GNUTLS_X509_CRT_T
-typedef gnutls_x509_crt gnutls_x509_crt_t;
-#endif
-#ifndef HAVE_GNUTLS_PK_ALGORITHM_T
-typedef gnutls_pk_algorithm gnutls_pk_algorithm_t;
-#endif
-#ifndef HAVE_GNUTLS_SIGN_ALGORITHM_T
-typedef gnutls_sign_algorithm gnutls_sign_algorithm_t;
-#endif
-
-#ifndef HAVE_GNUTLS_X509_CRT_PRINT
-
-typedef enum {
- GNUTLS_CRT_PRINT_ONELINE = 1
-} gnutls_certificate_print_formats_t;
-
-/*
- * Prints certificate in human-readable form.
- */
-int
-gnutls_x509_crt_print(gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
-#endif /* HAVE_GNUTLS_X509_CRT_PRINT */
-#endif /* HAVE_GNUTLS */
-
-#endif /* OS_TLS_H */
-
Index: tigervnc-1.4.3/common/rdr/TLSErrno.h
===================================================================
--- tigervnc-1.4.3.orig/common/rdr/TLSErrno.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/* Copyright (C) 2012 Pierre Ossman for Cendio AB
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
- * USA.
- */
-
-#ifndef __RDR_TLSERRNO_H__
-#define __RDR_TLSERRNO_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_GNUTLS
-
-#include <errno.h>
-
-namespace rdr {
-
- static inline void gnutls_errno_helper(gnutls_session session, int _errno)
- {
-#if defined(HAVE_GNUTLS_SET_ERRNO)
- gnutls_transport_set_errno(session, _errno);
-#elif defined(HAVE_GNUTLS_SET_GLOBAL_ERRNO)
- gnutls_transport_set_global_errno(_errno);
-#else
- errno = _errno;
-#endif
- }
-};
-
-#endif
-
-#endif
Index: tigervnc-1.4.3/common/rdr/TLSInStream.cxx
===================================================================
--- tigervnc-1.4.3.orig/common/rdr/TLSInStream.cxx
+++ tigervnc-1.4.3/common/rdr/TLSInStream.cxx
@@ -25,7 +25,6 @@
#include <rdr/Exception.h>
#include <rdr/TLSException.h>
#include <rdr/TLSInStream.h>
-#include <rdr/TLSErrno.h>
#include <errno.h>
#ifdef HAVE_GNUTLS
@@ -33,14 +32,14 @@ using namespace rdr;
enum { DEFAULT_BUF_SIZE = 16384 };
-ssize_t TLSInStream::pull(gnutls_transport_ptr str, void* data, size_t size)
+ssize_t TLSInStream::pull(gnutls_transport_ptr_t str, void* data, size_t size)
{
TLSInStream* self= (TLSInStream*) str;
InStream *in = self->in;
try {
if (!in->check(1, 1, false)) {
- gnutls_errno_helper(self->session, EAGAIN);
+ gnutls_transport_set_errno(self->session, EAGAIN);
return -1;
}
@@ -50,17 +49,17 @@ ssize_t TLSInStream::pull(gnutls_transpo
in->readBytes(data, size);
} catch (Exception& e) {
- gnutls_errno_helper(self->session, EINVAL);
+ gnutls_transport_set_errno(self->session, EINVAL);
return -1;
}
return size;
}
-TLSInStream::TLSInStream(InStream* _in, gnutls_session _session)
+TLSInStream::TLSInStream(InStream* _in, gnutls_session_t _session)
: session(_session), in(_in), bufSize(DEFAULT_BUF_SIZE), offset(0)
{
- gnutls_transport_ptr recv, send;
+ gnutls_transport_ptr_t recv, send;
ptr = end = start = new U8[bufSize];
Index: tigervnc-1.4.3/common/rdr/TLSInStream.h
===================================================================
--- tigervnc-1.4.3.orig/common/rdr/TLSInStream.h
+++ tigervnc-1.4.3/common/rdr/TLSInStream.h
@@ -33,7 +33,7 @@ namespace rdr {
class TLSInStream : public InStream {
public:
- TLSInStream(InStream* in, gnutls_session session);
+ TLSInStream(InStream* in, gnutls_session_t session);
virtual ~TLSInStream();
int pos();
@@ -41,9 +41,9 @@ namespace rdr {
private:
int overrun(int itemSize, int nItems, bool wait);
int readTLS(U8* buf, int len, bool wait);
- static ssize_t pull(gnutls_transport_ptr str, void* data, size_t size);
+ static ssize_t pull(gnutls_transport_ptr_t str, void* data, size_t size);
- gnutls_session session;
+ gnutls_session_t session;
InStream* in;
int bufSize;
int offset;
Index: tigervnc-1.4.3/common/rdr/TLSOutStream.cxx
===================================================================
--- tigervnc-1.4.3.orig/common/rdr/TLSOutStream.cxx
+++ tigervnc-1.4.3/common/rdr/TLSOutStream.cxx
@@ -25,7 +25,6 @@
#include <rdr/Exception.h>
#include <rdr/TLSException.h>
#include <rdr/TLSOutStream.h>
-#include <rdr/TLSErrno.h>
#include <errno.h>
#ifdef HAVE_GNUTLS
@@ -33,7 +32,7 @@ using namespace rdr;
enum { DEFAULT_BUF_SIZE = 16384 };
-ssize_t TLSOutStream::push(gnutls_transport_ptr str, const void* data,
+ssize_t TLSOutStream::push(gnutls_transport_ptr_t str, const void* data,
size_t size)
{
TLSOutStream* self= (TLSOutStream*) str;
@@ -43,17 +42,17 @@ ssize_t TLSOutStream::push(gnutls_transp
out->writeBytes(data, size);
out->flush();
} catch (Exception& e) {
- gnutls_errno_helper(self->session, EINVAL);
+ gnutls_transport_set_errno(self->session, EINVAL);
return -1;
}
return size;
}
-TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session _session)
+TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session_t _session)
: session(_session), out(_out), bufSize(DEFAULT_BUF_SIZE), offset(0)
{
- gnutls_transport_ptr recv, send;
+ gnutls_transport_ptr_t recv, send;
ptr = start = new U8[bufSize];
end = start + bufSize;
Index: tigervnc-1.4.3/common/rdr/TLSOutStream.h
===================================================================
--- tigervnc-1.4.3.orig/common/rdr/TLSOutStream.h
+++ tigervnc-1.4.3/common/rdr/TLSOutStream.h
@@ -32,7 +32,7 @@ namespace rdr {
class TLSOutStream : public OutStream {
public:
- TLSOutStream(OutStream* out, gnutls_session session);
+ TLSOutStream(OutStream* out, gnutls_session_t session);
virtual ~TLSOutStream();
void flush();
@@ -43,9 +43,9 @@ namespace rdr {
private:
int writeTLS(const U8* data, int length);
- static ssize_t push(gnutls_transport_ptr str, const void* data, size_t size);
+ static ssize_t push(gnutls_transport_ptr_t str, const void* data, size_t size);
- gnutls_session session;
+ gnutls_session_t session;
OutStream* out;
int bufSize;
U8* start;
Index: tigervnc-1.4.3/common/rfb/CSecurityTLS.cxx
===================================================================
--- tigervnc-1.4.3.orig/common/rfb/CSecurityTLS.cxx
+++ tigervnc-1.4.3/common/rfb/CSecurityTLS.cxx
@@ -42,7 +42,6 @@
#include <rdr/TLSInStream.h>
#include <rdr/TLSOutStream.h>
#include <os/os.h>
-#include <os/tls.h>
#include <gnutls/x509.h>
@@ -202,13 +201,19 @@ bool CSecurityTLS::processMsg(CConnectio
void CSecurityTLS::setParam()
{
- static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
- static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
- GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
+ static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH";
+ static const char kx_priority[] = "NORMAL";
+
+ int ret;
+ const char *err;
if (anon) {
- if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_kx_set_priority failed");
+ ret = gnutls_priority_set_direct(session, kx_anon_priority, &err);
+ if (ret != GNUTLS_E_SUCCESS) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ vlog.error("GnuTLS priority syntax error at: %s", err);
+ throw AuthFailureException("gnutls_set_priority_direct failed");
+ }
if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_anon_allocate_client_credentials failed");
@@ -218,8 +223,12 @@ void CSecurityTLS::setParam()
vlog.debug("Anonymous session has been set");
} else {
- if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_kx_set_priority failed");
+ ret = gnutls_priority_set_direct(session, kx_priority, &err);
+ if (ret != GNUTLS_E_SUCCESS) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ vlog.error("GnuTLS priority syntax error at: %s", err);
+ throw AuthFailureException("gnutls_set_priority_direct failed");
+ }
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
@@ -259,10 +268,10 @@ void CSecurityTLS::checkSession()
GNUTLS_CERT_SIGNER_NOT_FOUND |
GNUTLS_CERT_SIGNER_NOT_CA;
unsigned int status;
- const gnutls_datum *cert_list;
+ const gnutls_datum_t *cert_list;
unsigned int cert_list_size = 0;
int err;
- gnutls_datum info;
+ gnutls_datum_t info;
if (anon)
return;
@@ -298,7 +307,7 @@ void CSecurityTLS::checkSession()
throw AuthFailureException("empty certificate chain");
/* Process only server's certificate, not issuer's certificate */
- gnutls_x509_crt crt;
+ gnutls_x509_crt_t crt;
gnutls_x509_crt_init(&crt);
if (gnutls_x509_crt_import(crt, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
Index: tigervnc-1.4.3/common/rfb/CSecurityTLS.h
===================================================================
--- tigervnc-1.4.3.orig/common/rfb/CSecurityTLS.h
+++ tigervnc-1.4.3/common/rfb/CSecurityTLS.h
@@ -64,9 +64,9 @@ namespace rfb {
private:
static void initGlobal();
- gnutls_session session;
- gnutls_anon_client_credentials anon_cred;
- gnutls_certificate_credentials cert_cred;
+ gnutls_session_t session;
+ gnutls_anon_client_credentials_t anon_cred;
+ gnutls_certificate_credentials_t cert_cred;
bool anon;
char *cafile, *crlfile;
Index: tigervnc-1.4.3/common/rfb/SSecurityTLS.cxx
===================================================================
--- tigervnc-1.4.3.orig/common/rfb/SSecurityTLS.cxx
+++ tigervnc-1.4.3/common/rfb/SSecurityTLS.cxx
@@ -164,15 +164,22 @@ bool SSecurityTLS::processMsg(SConnectio
return true;
}
-void SSecurityTLS::setParams(gnutls_session session)
+void SSecurityTLS::setParams(gnutls_session_t session)
{
- static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
- static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
- GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
+ static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH";
+ static const char kx_priority[] = "NORMAL";
- if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority)
- != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_kx_set_priority failed");
+ int ret;
+ const char *err;
+
+ ret = gnutls_priority_set_direct(session,
+ anon ? kx_anon_priority : kx_priority,
+ &err);
+ if (ret != GNUTLS_E_SUCCESS) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ vlog.error("GnuTLS priority syntax error at: %s", err);
+ throw AuthFailureException("gnutls_set_priority_direct failed");
+ }
if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_dh_params_init failed");
Index: tigervnc-1.4.3/common/rfb/SSecurityTLS.h
===================================================================
--- tigervnc-1.4.3.orig/common/rfb/SSecurityTLS.h
+++ tigervnc-1.4.3/common/rfb/SSecurityTLS.h
@@ -51,15 +51,15 @@ namespace rfb {
protected:
void shutdown();
- void setParams(gnutls_session session);
+ void setParams(gnutls_session_t session);
private:
static void initGlobal();
- gnutls_session session;
- gnutls_dh_params dh_params;
- gnutls_anon_server_credentials anon_cred;
- gnutls_certificate_credentials cert_cred;
+ gnutls_session_t session;
+ gnutls_dh_params_t dh_params;
+ gnutls_anon_server_credentials_t anon_cred;
+ gnutls_certificate_credentials_t cert_cred;
char *keyfile, *certfile;
int type;
Index: tigervnc-1.4.3/config.h.in
===================================================================
--- tigervnc-1.4.3.orig/config.h.in
+++ tigervnc-1.4.3/config.h.in
@@ -3,13 +3,6 @@
#cmakedefine HAVE_INET_ATON
#cmakedefine HAVE_GETADDRINFO
-#cmakedefine HAVE_GNUTLS_SET_GLOBAL_ERRNO
-#cmakedefine HAVE_GNUTLS_SET_ERRNO
-#cmakedefine HAVE_GNUTLS_X509_CRT_PRINT
-#cmakedefine HAVE_GNUTLS_X509_CRT_T
-#cmakedefine HAVE_GNUTLS_DATUM_T
-#cmakedefine HAVE_GNUTLS_PK_ALGORITHM_T
-#cmakedefine HAVE_GNUTLS_SIGN_ALGORITHM_T
#cmakedefine HAVE_FLTK_CLIPBOARD
#cmakedefine HAVE_FLTK_MEDIAKEYS
#cmakedefine HAVE_FLTK_FULLSCREEN

10
tigervnc-newfbsize.patch
View File

@ -1,8 +1,8 @@
Index: tigervnc-1.4.1/vncviewer/CConn.cxx
Index: tigervnc-1.5.0/vncviewer/CConn.cxx
===================================================================
--- tigervnc-1.4.1.orig/vncviewer/CConn.cxx
+++ tigervnc-1.4.1/vncviewer/CConn.cxx
@@ -424,6 +424,8 @@ void CConn::dataRect(const Rect& r, int
--- tigervnc-1.5.0.orig/vncviewer/CConn.cxx
+++ tigervnc-1.5.0/vncviewer/CConn.cxx
@@ -427,6 +427,8 @@ void CConn::dataRect(const Rect& r, int
if (encoding != encodingCopyRect)
lastServerEncoding = encoding;
@ -10,4 +10,4 @@ Index: tigervnc-1.4.1/vncviewer/CConn.cxx
+ setDesktopSize( r.width(), r.height() );
if (!Decoder::supported(encoding)) {
vlog.error(_("Unknown rect encoding %d"), encoding);
// TRANSLATORS: Refers to a VNC protocol encoding type

23
tigervnc-sf3495623.patch
View File

@ -1,23 +0,0 @@
diff -ur tigervnc-1.3.0.orig/common/network/TcpSocket.cxx tigervnc-1.3.0/common/network/TcpSocket.cxx
--- tigervnc-1.3.0.orig/common/network/TcpSocket.cxx 2014-02-07 16:35:24.644388330 +0200
+++ tigervnc-1.3.0/common/network/TcpSocket.cxx 2014-02-07 16:39:50.608078320 +0200
@@ -31,6 +31,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
+#include <limits.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netdb.h>
@@ -450,7 +451,10 @@
}
void TcpListener::getMyAddresses(std::list<char*>* result) {
- const hostent* addrs = gethostbyname(0);
+ char hostname[HOST_NAME_MAX];
+ if (gethostname(hostname, HOST_NAME_MAX) < 0)
+ throw rdr::SystemException("gethostname", errorNumber);
+ const hostent* addrs = gethostbyname(hostname);
if (addrs == 0)
throw rdr::SystemException("gethostbyname", errorNumber);
if (addrs->h_addrtype != AF_INET)

19
tigervnc.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Wed Jul 15 11:52:02 UTC 2015 - msrb@suse.com
- Updated to tigervnc 1.5.0.
- Dropped no longer needed patches:
* tigervnc-sf3495623.patch
* u_syslog.patch
* u_tigervnc-build-with-xserver-1.17.patch
* tigervnc-gnutls-3.4-required.patch
* u_tigervnc-dont-send-ascii-control-characters.patch
* u_terminate_instead_of_ignoring_restart.patch
- Dropped no longer needed index.vnc.
- Use encryption everywhere. (fate#318936)
* u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
* u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
* u_tigervnc-add-autoaccept-parameter.patch
- Work with fltk 1.3.2.
* N_tigervnc_revert_fltk_1_3_3_requirements.patch
-------------------------------------------------------------------
Mon Apr 20 12:10:10 UTC 2015 - msrb@suse.com

76
tigervnc.spec
View File

@ -16,8 +16,14 @@
#
%define vncgroup vnc
%define vncuser vnc
%define tlskey %{_sysconfdir}/vnc/tls.key
%define tlscert %{_sysconfdir}/vnc/tls.cert
Name: tigervnc
Version: 1.4.3
Version: 1.5.0
Release: 0
Provides: tightvnc = 1.3.9
Obsoletes: tightvnc < 1.3.9
@ -92,7 +98,6 @@ Summary: A high-performance, platform-neutral implementation of VNC
License: GPL-2.0 and MIT
Group: System/X11/Servers/XF86_4
Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz
Source2: index.vnc
Source3: vnc.xinetd
Source4: 10-libvnc.conf
Source5: vnc-server.firewall
@ -102,18 +107,15 @@ Source8: vnc.reg
Source9: vncpasswd.arg
Patch1: tigervnc-newfbsize.patch
Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: tigervnc-sf3495623.patch
Patch4: u_tigervnc-dont-send-ascii-control-characters.patch
Patch5: u_tigervnc-ignore-epipe-on-write.patch
Patch6: n_tigervnc-date-time.patch
Patch7: U_include-vencrypt-only-if-any-subtype-present.patch
Patch8: u_tigervnc-use_preferred_mode.patch
Patch9: u_tigervnc-cve-2014-8240.patch
Patch10: u_tigervnc-build-with-xserver-1.17.patch
Patch11: u_terminate_instead_of_ignoring_restart.patch
# Require and build against gnutls 3.x
Patch12: tigervnc-gnutls-3.4-required.patch
Patch13: u_syslog.patch
Patch3: u_tigervnc-ignore-epipe-on-write.patch
Patch4: n_tigervnc-date-time.patch
Patch5: U_include-vencrypt-only-if-any-subtype-present.patch
Patch6: u_tigervnc-use_preferred_mode.patch
Patch7: u_tigervnc-cve-2014-8240.patch
Patch8: u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
Patch9: u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
Patch10: u_tigervnc-add-autoaccept-parameter.patch
Patch11: N_tigervnc_revert_fltk_1_3_3_requirements.patch
%description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
@ -123,6 +125,11 @@ it attempts to maintain a common look and feel and re-use components, where poss
TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
%package -n xorg-x11-Xvnc
# Needed to generate certificates
Requires(post): openssl
# Needed to serve java applet
Requires: python
Requires: python-pyOpenSSL
Requires: xinetd
Requires: xkeyboard-config
Summary: TigerVNC implementation of Xvnc
@ -137,20 +144,18 @@ cp -r /usr/src/xserver/* unix/xserver/
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p0
%patch3 -p0
%patch4 -p1
%patch5 -p0
%patch6 -p1
%patch7 -p0
%patch8 -p0
%patch6 -p0
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
pushd unix/xserver
patch -p1 < ../xserver116.patch
patch -p1 < ../xserver117.patch
popd
%build
@ -203,7 +208,6 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/vnc/classes
install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes
popd
install -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/vnc/classes
install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/vnc
%ifnarch s390x
install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf
@ -218,22 +222,40 @@ ln -s -f %{_sysconfdir}/alternatives/vncviewer $RPM_BUILD_ROOT%{_bindir}/vncview
ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz
%endif
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-*
%find_lang '%{name}'
%if 0%{?suse_version} >= 1315
%pre -n xorg-x11-Xvnc
getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup}
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser}
%post -n xorg-x11-Xvnc
if ! test -e %{tlskey} ; then
(umask 077 && openssl genrsa -out %{tlskey} 2048)
chown %{vncuser}:%{vncgroup} %{tlskey}
fi
if ! test -e %{tlscert} ; then
cn="Automatically generated certificate for the VNC service"
openssl req -new -x509 -extensions usr_cert \
-key %{tlskey} -out %{tlscert} -days 7305 -subj "/CN=$cn/"
chown %{vncuser}:%{vncgroup} %{tlscert}
fi
%post
%if 0%{?suse_version} >= 1315
%_sbindir/update-alternatives \
--install %{_bindir}/vncviewer vncviewer %{_bindir}/vncviewer-tigervnc 20 \
--slave %{_mandir}/man1/vncviewer.1.gz vncviewer.1.gz %{_mandir}/man1/vncviewer-tigervnc.1.gz
%endif
%postun
%if 0%{?suse_version} >= 1315
if [ "$1" = 0 ] ; then
"%_sbindir/update-alternatives" --remove vncviewer /usr/bin/vncviewer-tigervnc
fi
%endif
%files -f %{name}.lang
@ -298,4 +320,8 @@ fi
%doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc
%dir %{_sysconfdir}/vnc
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
%changelog

196
u_syslog.patch
View File

@ -1,196 +0,0 @@
Author: Michal Srb <msrb@suse.com>
Subject: Syslog logging
Patch-Mainline: To be upstreamed
Index: tigervnc-1.4.1/common/rfb/CMakeLists.txt
===================================================================
--- tigervnc-1.4.1.orig/common/rfb/CMakeLists.txt
+++ tigervnc-1.4.1/common/rfb/CMakeLists.txt
@@ -29,6 +29,7 @@ set(RFB_SOURCES
Logger.cxx
Logger_file.cxx
Logger_stdio.cxx
+ Logger_syslog.cxx
Password.cxx
PixelBuffer.cxx
PixelFormat.cxx
Index: tigervnc-1.4.1/common/rfb/LogWriter.h
===================================================================
--- tigervnc-1.4.1.orig/common/rfb/LogWriter.h
+++ tigervnc-1.4.1/common/rfb/LogWriter.h
@@ -68,10 +68,15 @@ namespace rfb {
}
}
- DEF_LOGFUNCTION(error, 0)
- DEF_LOGFUNCTION(status, 10)
- DEF_LOGFUNCTION(info, 30)
- DEF_LOGFUNCTION(debug, 100)
+ static const int LEVEL_ERROR = 0;
+ static const int LEVEL_STATUS = 10;
+ static const int LEVEL_INFO = 30;
+ static const int LEVEL_DEBUG = 100;
+
+ DEF_LOGFUNCTION(error, LEVEL_ERROR)
+ DEF_LOGFUNCTION(status, LEVEL_STATUS)
+ DEF_LOGFUNCTION(info, LEVEL_INFO)
+ DEF_LOGFUNCTION(debug, LEVEL_DEBUG)
// -=- DIAGNOSTIC & HELPER ROUTINES
Index: tigervnc-1.4.1/common/rfb/Logger_syslog.cxx
===================================================================
--- /dev/null
+++ tigervnc-1.4.1/common/rfb/Logger_syslog.cxx
@@ -0,0 +1,65 @@
+/* Copyright (C) 2015 TigerVNC
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+// -=- Logger_syslog.cxx - Logger instance for a syslog
+
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+
+#include <rfb/util.h>
+#include <rfb/Logger_syslog.h>
+#include <rfb/LogWriter.h>
+#include <rfb/Threading.h>
+
+using namespace rfb;
+
+
+Logger_Syslog::Logger_Syslog(const char* loggerName)
+ : Logger(loggerName)
+{
+ openlog("Xvnc", LOG_CONS | LOG_PID, LOG_USER);
+}
+
+Logger_Syslog::~Logger_Syslog()
+{
+ closelog();
+}
+
+void Logger_Syslog::write(int level, const char *logname, const char *message)
+{
+ // Convert our priority level into syslog level
+ int priority;
+ if (level >= LogWriter::LEVEL_DEBUG) {
+ priority = LOG_DEBUG;
+ } else if (level >= LogWriter::LEVEL_INFO) {
+ priority = LOG_INFO;
+ } else if (level >= LogWriter::LEVEL_STATUS) {
+ priority = LOG_NOTICE;
+ } else {
+ priority = LOG_ERR;
+ }
+
+ syslog(priority, "%s: %s", logname, message);
+}
+
+static Logger_Syslog logger("syslog");
+
+void rfb::initSyslogLogger() {
+ logger.registerLogger();
+}
Index: tigervnc-1.4.1/common/rfb/Logger_syslog.h
===================================================================
--- /dev/null
+++ tigervnc-1.4.1/common/rfb/Logger_syslog.h
@@ -0,0 +1,40 @@
+/* Copyright (C) 2015 TigerVNC
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+// -=- Logger_syslog - log to syslog
+
+#ifndef __RFB_LOGGER_SYSLOG_H__
+#define __RFB_LOGGER_SYSLOG_H__
+
+#include <time.h>
+#include <rfb/Logger.h>
+
+namespace rfb {
+
+ class Logger_Syslog : public Logger {
+ public:
+ Logger_Syslog(const char* loggerName);
+ virtual ~Logger_Syslog();
+
+ virtual void write(int level, const char *logname, const char *message);
+ };
+
+ void initSyslogLogger();
+};
+
+#endif
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/Xvnc.man
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/Xvnc.man
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/Xvnc.man
@@ -274,11 +274,11 @@ stop non-SSH connections from any other
.
.TP
.B \-Log \fIlogname\fP:\fIdest\fP:\fIlevel\fP
-Configures the debug log settings. \fIdest\fP can currently be \fBstderr\fP or
-\fBstdout\fP, and \fIlevel\fP is between 0 and 100, 100 meaning most verbose
-output. \fIlogname\fP is usually \fB*\fP meaning all, but you can target a
-specific source file if you know the name of its "LogWriter". Default is
-\fB*:stderr:30\fP.
+Configures the debug log settings. \fIdest\fP can currently be \fBstderr\fP,
+\fBstdout\fP or \fBsyslog\fP, and \fIlevel\fP is between 0 and 100, 100 meaning
+most verbose output. \fIlogname\fP is usually \fB*\fP meaning all, but you can
+target a specific source file if you know the name of its "LogWriter". Default
+is \fB*:stderr:30\fP.
.
.TP
.B \-RemapKeys \fImapping
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/xvnc.cc
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
@@ -34,6 +34,7 @@ from the X Consortium.
#include <rfb/Configuration.h>
#include <rfb/Logger_stdio.h>
+#include <rfb/Logger_syslog.h>
#include <rfb/LogWriter.h>
#include <network/TcpSocket.h>
#include "vncExtInit.h"
@@ -376,6 +377,7 @@ ddxProcessArgument(int argc, char *argv[
vfbInitializePixmapDepths();
firstTime = FALSE;
rfb::initStdIOLoggers();
+ rfb::initSyslogLogger();
rfb::LogWriter::setLogParams("*:stderr:30");
rfb::Configuration::enableServerParams();
}

23
u_terminate_instead_of_ignoring_restart.patch
View File

@ -1,23 +0,0 @@
Author: Michal Srb <msrb@suse.com>
Subject: Terminate instead of ignoring reset
Patch-Mainline: To be upstreamed
References: bnc#920969
Index: tigervnc-1.3.0/unix/xserver/hw/vnc/xvnc.cc
===================================================================
--- tigervnc-1.3.0.orig/unix/xserver/hw/vnc/xvnc.cc
+++ tigervnc-1.3.0/unix/xserver/hw/vnc/xvnc.cc
@@ -1607,7 +1607,12 @@ vfbScreenInit(ScreenPtr pScreen, int arg
static void vfbClientStateChange(CallbackListPtr*, void *, void *) {
- dispatchException &= ~DE_RESET;
+ if (dispatchException & DE_RESET) {
+ ErrorF("Warning: VNC extension does not support -reset, terminating instead. Use -noreset to prevent termination.\n");
+
+ dispatchException |= DE_TERMINATE;
+ dispatchException &= ~DE_RESET;
+ }
}
#if XORG >= 113

116
u_tigervnc-add-autoaccept-parameter.patch Normal file
View File

@ -0,0 +1,116 @@
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6014502..9b886b5 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -47,6 +47,9 @@ public class CSecurityTLS extends CSecurity {
public static StringParameter x509crl
= new StringParameter("x509crl",
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+ public static StringParameter x509autoaccept
+ = new StringParameter("x509autoaccept",
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
private void initGlobal()
{
@@ -71,6 +74,7 @@ public class CSecurityTLS extends CSecurity {
setDefaults();
cafile = x509ca.getData();
crlfile = x509crl.getData();
+ certautoaccept = x509autoaccept.getData();
}
public static String getDefaultCA() {
@@ -247,34 +251,46 @@ public class CSecurityTLS extends CSecurity {
try {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
- Object[] answer = {"Proceed", "Exit"};
-
- StringBuilder message = new StringBuilder();
- message.append(e.getCause().getLocalizedMessage());
- message.append("\nContinue connecting to this host?");
+ String fingerprint = null;
try {
+ StringBuilder fingerprintBuilder = new StringBuilder();
+
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
sha1.update(chain[0].getEncoded());
- message.append("\nSHA-1 fingerprint: ");
-
for(byte B : sha1.digest()) {
- message.append(Integer.toHexString(0xff & B));
- message.append(':');
+ fingerprintBuilder.append(String.format("%02x", /*0xff & */B));
+ fingerprintBuilder.append(':');
}
- message.deleteCharAt(message.length() - 1);
+ fingerprintBuilder.deleteCharAt(fingerprintBuilder.length() - 1);
+
+ fingerprint = fingerprintBuilder.toString();
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
// No fingerprint then...
}
- int ret = JOptionPane.showOptionDialog(null,
- message.toString(),
- "Confirm certificate exception?",
- JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
- null, answer, answer[0]);
- if (ret == JOptionPane.NO_OPTION)
- System.exit(1);
+ if(fingerprint == null || certautoaccept == null || !fingerprint.equalsIgnoreCase(certautoaccept)) {
+ Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+ if(fingerprint != null) {
+ message.append("\nSHA-1 fingerprint: ");
+ message.append(fingerprint);
+ message.append("\nBle: ");
+ message.append(certautoaccept);
+ }
+
+ int ret = JOptionPane.showOptionDialog(null,
+ message.toString(),
+ "Confirm certificate exception?",
+ JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
+ null, answer, answer[0]);
+ if (ret == JOptionPane.NO_OPTION)
+ System.exit(1);
+ }
} catch (java.lang.Exception e) {
throw new Exception(e.toString());
}
@@ -301,7 +317,7 @@ public class CSecurityTLS extends CSecurity {
private SSLEngineManager manager;
private boolean anon;
- private String cafile, crlfile;
+ private String cafile, crlfile, certautoaccept;
private FdInStream is;
private FdOutStream os;
diff --git a/java/com/tigervnc/vncviewer/VncViewer.java b/java/com/tigervnc/vncviewer/VncViewer.java
index cc21c2e..6786636 100644
--- a/java/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/com/tigervnc/vncviewer/VncViewer.java
@@ -354,6 +354,8 @@ public class VncViewer extends javax.swing.JApplet
parent.setFocusTraversalKeysEnabled(false);
setLookAndFeel();
setBackground(Color.white);
+
+ SecurityClient.setDefaults();
}
private void getTimestamp() {
@@ -375,6 +377,7 @@ public class VncViewer extends javax.swing.JApplet
if (embed.getValue() && nViewers == 0) {
alwaysShowServerDialog.setParam(false);
Configuration.global().readAppletParams(this);
+ Configuration.viewer().readAppletParams(this);
fullScreen.setParam(false);
scalingFactor.setParam("100");
String host = getCodeBase().getHost();

52
u_tigervnc-build-with-xserver-1.17.patch
View File

@ -1,52 +0,0 @@
Author: Michal Srb <msrb@suse.com>
Subject: Build with xserver 1.17.x.
Do not use removed xalloc&xfree.
Add 1.17.x to supported list.
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/xorg-version.h
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/xorg-version.h
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/xorg-version.h
@@ -48,8 +48,10 @@
#define XORG 115
#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (16 * 100000) + (99 * 1000))
#define XORG 116
+#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (17 * 100000) + (99 * 1000))
+#define XORG 117
#else
-#error "X.Org newer than 1.16 is not supported"
+#error "X.Org newer than 1.17 is not supported"
#endif
#endif
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/xvnc.cc
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
@@ -717,9 +717,9 @@ vfbInstallColormap(ColormapPtr pmap)
entries = pmap->pVisual->ColormapEntries;
pVisual = pmap->pVisual;
- ppix = (Pixel *)xalloc(entries * sizeof(Pixel));
- prgb = (xrgb *)xalloc(entries * sizeof(xrgb));
- defs = (xColorItem *)xalloc(entries * sizeof(xColorItem));
+ ppix = (Pixel *)malloc(entries * sizeof(Pixel));
+ prgb = (xrgb *)malloc(entries * sizeof(xrgb));
+ defs = (xColorItem *)malloc(entries * sizeof(xColorItem));
for (i = 0; i < entries; i++) ppix[i] = i;
/* XXX truecolor */
@@ -738,9 +738,9 @@ vfbInstallColormap(ColormapPtr pmap)
}
(*pmap->pScreen->StoreColors)(pmap, entries, defs);
- xfree(ppix);
- xfree(prgb);
- xfree(defs);
+ free(ppix);
+ free(prgb);
+ free(defs);
}
}

48
u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch Normal file
View File

@ -0,0 +1,48 @@
From af09e89d54b57649cf60363d03f84d129baecd27 Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:38:18 +0300
Subject: [PATCH 2/2] Display SHA-1 fingerprint of untrusted certificate in
java client.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 7633f08..6014502 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -248,9 +248,28 @@ public class CSecurityTLS extends CSecurity {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+
+ try {
+ MessageDigest sha1 = MessageDigest.getInstance("SHA1");
+ sha1.update(chain[0].getEncoded());
+
+ message.append("\nSHA-1 fingerprint: ");
+
+ for(byte B : sha1.digest()) {
+ message.append(Integer.toHexString(0xff & B));
+ message.append(':');
+ }
+ message.deleteCharAt(message.length() - 1);
+ } catch (NoSuchAlgorithmException noSuchAlgorithmException) {
+ // No fingerprint then...
+ }
+
int ret = JOptionPane.showOptionDialog(null,
- e.getCause().getLocalizedMessage()+"\n"+
- "Continue connecting to this host?",
+ message.toString(),
"Confirm certificate exception?",
JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
null, answer, answer[0]);
--
2.1.4

24
u_tigervnc-dont-send-ascii-control-characters.patch
View File

@ -1,24 +0,0 @@
Author: Michal Srb <msrb@suse.com>
Subject: Do not send ascii control characters for CTRL+[A-Z] combinations.
Patch-Mainline: To be upstreamed
References: bnc#864666
Index: vncviewer/Viewport.cxx
===================================================================
--- vncviewer/Viewport.cxx.orig
+++ vncviewer/Viewport.cxx
@@ -1044,7 +1044,13 @@ rdr::U32 Viewport::translateKeyEvent(voi
return NoSymbol;
}
- ucs = fl_utf8decode(keyText, NULL, NULL);
+ if (keyCode >= 'a' && keyCode <= 'z' && keyText[0] < 0x20) {
+ // Do not send ascii control characters - send the original key combination that caused them.
+ ucs = keyCode;
+ } else {
+ ucs = fl_utf8decode(keyText, NULL, NULL);
+ }
+
return ucs2keysym(ucs);
}

60
u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch Normal file
View File

@ -0,0 +1,60 @@
From d6d847633660abb99764192f73da7be5adf3da9c Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:09:21 +0300
Subject: [PATCH 1/2] Use default trust manager in java viewer if custom CA is
not specified.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 34 +++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6f799bb..7633f08 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -207,24 +207,26 @@ public class CSecurityTLS extends CSecurity {
try {
ks.load(null, null);
File cacert = new File(cafile);
- if (!cacert.exists() || !cacert.canRead())
- return;
- InputStream caStream = new FileInputStream(cafile);
- X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
- ks.setCertificateEntry("CA", ca);
- PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
- File crlcert = new File(crlfile);
- if (!crlcert.exists() || !crlcert.canRead()) {
- params.setRevocationEnabled(false);
+ if (!cacert.exists() || !cacert.canRead()) {
+ tmf.init((KeyStore)null); // Use default trust manager
} else {
- InputStream crlStream = new FileInputStream(crlfile);
- Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
- CertStoreParameters csp = new CollectionCertStoreParameters(crls);
- CertStore store = CertStore.getInstance("Collection", csp);
- params.addCertStore(store);
- params.setRevocationEnabled(true);
+ InputStream caStream = new FileInputStream(cafile);
+ X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
+ ks.setCertificateEntry("CA", ca);
+ PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
+ File crlcert = new File(crlfile);
+ if (!crlcert.exists() || !crlcert.canRead()) {
+ params.setRevocationEnabled(false);
+ } else {
+ InputStream crlStream = new FileInputStream(crlfile);
+ Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
+ CertStore store = CertStore.getInstance("Collection", csp);
+ params.addCertStore(store);
+ params.setRevocationEnabled(true);
+ }
+ tmf.init(new CertPathTrustManagerParameters(params));
}
- tmf.init(new CertPathTrustManagerParameters(params));
} catch (java.io.FileNotFoundException e) {
vlog.error(e.toString());
} catch (java.io.IOException e) {
--
2.1.4

31
u_tigervnc-use_preferred_mode.patch
View File

@ -6,22 +6,21 @@ References: bnc#896540
If there is any resolution specified with -geometry or -screen parameters,
report this resolution as preferred one. That way desktop environments won't
change it immediately after start.
Index: unix/xserver/hw/vnc/xvnc.cc
Index: unix/xserver/hw/vnc/xvnc.c
===================================================================
--- unix/xserver/hw/vnc/xvnc.cc (revision 5186)
+++ unix/xserver/hw/vnc/xvnc.cc (working copy)
@@ -1319,12 +1319,22 @@
/* Make sure the CRTC has this output set */
--- unix/xserver/hw/vnc/xvnc.c.orig
+++ unix/xserver/hw/vnc/xvnc.c
@@ -1296,12 +1296,24 @@ static RRCrtcPtr vncRandRCrtcCreate(Scre
vncRandRCrtcSet(pScreen, crtc, NULL, 0, 0, RR_Rotate_0, 1, &output);
- /* Populate a list of default modes */
- RRModePtr modes[sizeof(vncRandRWidths)/sizeof(*vncRandRWidths)];
- int num_modes;
+ /* Populate a list of modes */
+ RRModePtr modes[sizeof(vncRandRWidths)/sizeof(*vncRandRWidths) + 1];
+ int num_modes = 0;
/* Populate a list of default modes */
- modes = malloc(sizeof(RRModePtr)*sizeof(vncRandRWidths)/sizeof(*vncRandRWidths));
+ modes = malloc(sizeof(RRModePtr)*sizeof(vncRandRWidths)/sizeof(*vncRandRWidths) + 1);
if (modes == NULL)
return NULL;
- num_modes = 0;
num_modes = 0;
+
+ /* Start with requested mode */
+ mode = vncRandRModeGet(pScreen->width, pScreen->height);
+ if(mode != NULL) {
@ -30,19 +29,19 @@ Index: unix/xserver/hw/vnc/xvnc.cc
+ }
+
+ /* Add default modes */
for (int i = 0;i < sizeof(vncRandRWidths)/sizeof(*vncRandRWidths);i++) {
for (i = 0;i < sizeof(vncRandRWidths)/sizeof(*vncRandRWidths);i++) {
+ if (vncRandRWidths[i] == pScreen->width && vncRandRHeights[i] == pScreen->height)
+ continue;
+
mode = vncRandRModeGet(vncRandRWidths[i], vncRandRHeights[i]);
if (mode != NULL) {
modes[num_modes] = mode;
@@ -1332,7 +1342,7 @@
@@ -1309,7 +1321,7 @@ static RRCrtcPtr vncRandRCrtcCreate(Scre
}
}
- RROutputSetModes(output, modes, num_modes, 0);
+ RROutputSetModes(output, modes, num_modes, 1);
return crtc;
}
free(modes);

3
v1.4.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0b2603db2b32dfd6e48f6f59618bd9819d187bfbb0c16218637d074a69756824
size 1372873

3
v1.5.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7b0ec1a85d708f72fee17326bd1f894b9132df089226561306f4c2ef19d7df25
size 1268682

18
vnc.xinetd
View File

@ -8,9 +8,9 @@ service vnc1
socket_type = stream
protocol = tcp
wait = no
user = nobody
user = vnc
server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes none -log *:syslog:30
server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@ -23,9 +23,9 @@ service vnc2
socket_type = stream
protocol = tcp
wait = no
user = nobody
user = vnc
server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes none -log *:syslog:30
server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@ -38,9 +38,9 @@ service vnc3
socket_type = stream
protocol = tcp
wait = no
user = nobody
user = vnc
server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes none -log *:syslog:30
server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@ -53,7 +53,7 @@ service vnchttpd1
socket_type = stream
protocol = tcp
wait = no
user = nobody
user = vnc
server = /usr/bin/vnc_inetd_httpd
server_args = 1024 768 5901
disable = yes
@ -68,7 +68,7 @@ service vnchttpd2
socket_type = stream
protocol = tcp
wait = no
user = nobody
user = vnc
server = /usr/bin/vnc_inetd_httpd
server_args = 1280 1024 5902
disable = yes
@ -83,7 +83,7 @@ service vnchttpd3
socket_type = stream
protocol = tcp
wait = no
user = nobody
user = vnc
server = /usr/bin/vnc_inetd_httpd
server_args = 1600 1200 5903
disable = yes

168
vnc_inetd_httpd
View File

@ -1,62 +1,114 @@
#!/bin/bash
read request url httptype || exit 0
url="${url/ /}"
httptype="${httptype/ /}"
#!/usr/bin/env python
width=$1
height=$2
port=$3
# This is simple stupid WWW server intended to serve VNC java applet.
# It is made to be called by xinetd.
# It handles both HTTP and HTTPS on the same port. If HTTPS is allowed, any HTTP requests is responded with redirect to HTTPS.
if [ "x$httptype" != "x" ]; then
line="x"
while [ -n "$line" ]; do
read line || exit 0
line="${line/ /}"
done
fi
case "$url" in
/)
# We need the size of the display for the current applet.
# The VNC menubar is 20 pixels high ...
height=$((height+20))
ctype="text/html"
content="
<HTML><HEAD><TITLE>Remote Desktop</TITLE></HEAD>
<BODY>
<APPLET CODE=\"com.tigervnc.vncviewer.VncViewer\" ARCHIVE=\"VncViewer.jar\" WIDTH=\"$width\" HEIGHT=\"$height\">
<PARAM name=\"Port\" value=\"$port\">
<param name=\"Embed\" value=\"true\">
<param name=\"AlwaysShowServerDialog\" value=\"false\">
</APPLET>
</BODY></HTML>"
;;
*.jar|*.class)
# Use basename to make sure we have just a filename, not ../../...
url=${url/.*\/}
ctype="application/octet-stream"
cfile="/usr/share/vnc/classes/$url"
content="FILE"
;;
esac
import re
import sys
import socket
import time
if [ "x$httptype" != "x" ]; then
echo "HTTP/1.0 200 OK"
echo "Content-Type: $ctype"
if [ "$content" == "FILE" ]; then
clen=`wc -c "$cfile"`
else
clen=`echo "$content"|wc -c`
fi
echo "Content-Length: $clen"
echo "Connection: close"
echo
fi
from OpenSSL import SSL, crypto
if [ "$request" == "GET" ]; then
if [ "$content" == "FILE" ]; then
cat "$cfile"
else
echo "$content"
fi
fi
exit 0
TLS_KEY = "/etc/vnc/tls.key"
TLS_CERT = "/etc/vnc/tls.cert"
JAR_FILE = "/usr/share/vnc/classes/VncViewer.jar"
TIMEOUT = 10
WIDTH = int(sys.argv[1])
HEIGHT = int(sys.argv[2])
VNC_PORT = int(sys.argv[3])
USE_HTTPS = not (len(sys.argv) >= 5 and sys.argv[4] == "NoHTTPS")
# Take the stdin as our input socket (given from xinetd)
conn = sock = socket.fromfd(sys.stdin.fileno(), socket.AF_INET, socket.SOCK_STREAM)
# If we are supposed to use HTTPS, load certificate and replace conn with SSL connection.
if USE_HTTPS:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(TLS_CERT, 'r').read())
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file(TLS_KEY)
context.use_certificate(cert)
conn = SSL.Connection(context, sock)
conn.set_accept_state()
# Send normal response
def send_response(connection, ctype, response):
connection.sendall(
"HTTP/1.0 200 OK\n" +
"Content-Type: " + ctype + "\n" +
"Content-Length: " + str(len(response)) + "\n" +
"Connection: close\n" +
"\n" +
response
)
# Send redirect
def send_redirect(connection, ctype, response, location):
connection.sendall(
"HTTP/1.0 301 Moved Permanently\n" +
"Location: " + location + "\n" +
"Content-Type: " + ctype + "\n" +
"Content-Length: " + str(len(response)) + "\n" +
"Connection: close\n" +
"\n" +
response
)
# Try to read and parse HTTP request
try:
start_time = time.time()
buffer = ''
while True:
buffer += conn.recv(1024)
if buffer.endswith("\r\n\r\n") or start_time + TIMEOUT < time.time():
break
method, url = buffer.split(" ", 2)[0:2]
if url == '/VncViewer.jar':
with open(JAR_FILE, 'r') as file:
send_response(conn, "application/octet-stream", file.read())
else:
response = \
"""<html>
<head>
<title>Remote Desktop</title>
</head>
<body>
<embed type="application/x-java-applet;version=1.6" code="com.tigervnc.vncviewer.VncViewer" archive="VncViewer.jar" width="%d" height="%d"
Port="%d"
Embed="true"
AlwaysShowServerDialog="false"
SecurityTypes="%s"
x509autoaccept="%s"
>
</body>
</html>
"""%(WIDTH, HEIGHT, VNC_PORT, 'X509None' if USE_HTTPS else 'TLSNone', cert.digest('SHA1') if USE_HTTPS else '')
send_response(conn, "text/html", response)
except SSL.Error:
# If SSL failed, it is most probably because the browser is actually trying to do normal HTTP request.
# We have now a partially consumed HTTP request in sock, let's try if we can get Host header out of it
partial_request = sock.recv(8000) # Arbitrary big number, if the request is longer than this, we will just skip the rest.
host = None
match = re.search(r"\r\nHost: ([^\r]+)\r\n", partial_request)
if match:
host = match.group(1)
if host:
# If we got host header, we can redirect nicely with HTTP 301.
send_redirect(sock, "text.html", "<html><body>Use https.</body></html>", "https://" + host)
else:
# If we don't know the host header, redirect using javascript.
send_response(sock, "text.html", "<html><head><script>document.location.protocol = 'https';</script></head><body>Use https.</body></html>")