rpm/tigervnc
SHA256
1
0
Fork 0
forked from pool/tigervnc
Code Pull Requests Activity

Accepting request 955605 from home:jtorres:branches:X11:XOrg

Browse Source 
- Update to tigervnc 1.12.0
  * The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed
  * Recent server history in the native viewer
  * The native viewer now has an option to reconnect if the connection is dropped
  * Translations are now enabled on Windows and macOS for the native viewer
  * The native viewer now respects the system security policy
  * Better handling of accented keys in the Java viewer
  * The Unix servers can now listen to both a Unix socket and a TCP port at the same time
  * The network code in both the servers and the native viewer has been restructured to give a more responsive experience
  * The vncserver service now correctly handles settings set to "0"
  * Fixed the clipboard Unicode handling in both the native viewer and the servers
  * Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games
- Update to tigervnc 1.11.0
  * A security issue has been fixed in how the viewers handle TLS certificate exceptions
  * vncserver has gotten a major redesign to be compatible with modern distributions
  * The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel)
  * Middle mouse button emulation in the native viewer, for devices with only two mouse buttons
  * The Java viewer now supports Java 9+, but also now requires Java 8+
  * Support for alpha cursors in the Java viewer (a feature already supported in the native viewer)
  * The password and username can now be specified via the environment for the native viewer
  * Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16
  * The official builds have been fixed to work on the upcoming macOS 11
  * The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy
- Removed patches (included in 1.12.0):
  * U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
  * tigervnc-fix-saving-of-bad-server-certs.patch
  * u_xorg-server-1.20.7-ddxInputThreadInit.patch
  * U_0001-Properly-store-certificate-exceptions.patch
  * U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
  * tigervnc-FIPS-use-RFC7919.patch

OBS-URL: https://build.opensuse.org/request/show/955605
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=221
This commit is contained in:
Stefan Dirsch 2022-02-17 10:42:51 +00:00 committed by Git OBS Bridge
parent cb1960b50c
commit e5b1bdbcef
24 changed files with 205 additions and 1018 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
U_0001-Properly-store-certificate-exceptions.patch
View File

@ -1,228 +0,0 @@
From b30f10c681ec87720cff85d490f67098568a9cba Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 21 May 2020 21:10:38 +0200
Subject: [PATCH] Properly store certificate exceptions
The previous method stored the certificates as authorities, meaning that
the owner of that certificate could impersonate any server it wanted
after a client had added an exception.
Handle this more properly by only storing exceptions for specific
hostname/certificate combinations, the same way browsers or SSH does
things.
---
common/rfb/CSecurityTLS.cxx | 163 ++++++++++++++++++++------------------------
1 file changed, 73 insertions(+), 90 deletions(-)
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 5c303a37..99008378 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -250,22 +250,6 @@ void CSecurityTLS::setParam()
if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0)
throw AuthFailureException("load of CA cert failed");
- /* Load previously saved certs */
- char *homeDir = NULL;
- int err;
- if (getvnchomedir(&homeDir) == -1)
- vlog.error("Could not obtain VNC home directory path");
- else {
- CharArray caSave(strlen(homeDir) + 19 + 1);
- sprintf(caSave.buf, "%sx509_savedcerts.pem", homeDir);
- delete [] homeDir;
-
- err = gnutls_certificate_set_x509_trust_file(cert_cred, caSave.buf,
- GNUTLS_X509_FMT_PEM);
- if (err < 0)
- vlog.debug("Failed to load saved server certificates from %s", caSave.buf);
- }
-
if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0)
throw AuthFailureException("load of CRL failed");
@@ -290,7 +274,10 @@ void CSecurityTLS::checkSession()
const gnutls_datum_t *cert_list;
unsigned int cert_list_size = 0;
int err;
+
+ char *homeDir;
gnutls_datum_t info;
+ size_t len;
if (anon)
return;
@@ -333,13 +320,13 @@ void CSecurityTLS::checkSession()
throw AuthFailureException("decoding of certificate failed");
if (gnutls_x509_crt_check_hostname(crt, client->getServerName()) == 0) {
- char buf[255];
+ CharArray text;
vlog.debug("hostname mismatch");
- snprintf(buf, sizeof(buf), "Hostname (%s) does not match any certificate, "
- "do you want to continue?", client->getServerName());
- buf[sizeof(buf) - 1] = '\0';
- if (!msg->showMsgBox(UserMsgBox::M_YESNO, "hostname mismatch", buf))
- throw AuthFailureException("hostname mismatch");
+ text.format("Hostname (%s) does not match the server certificate, "
+ "do you want to continue?", client->getServerName());
+ if (!msg->showMsgBox(UserMsgBox::M_YESNO,
+ "Certificate hostname mismatch", text.buf))
+ throw AuthFailureException("Certificate hostname mismatch");
}
if (status == 0) {
@@ -364,86 +351,82 @@ void CSecurityTLS::checkSession()
throw AuthFailureException("Invalid status of server certificate verification");
}
- vlog.debug("Saved server certificates don't match");
+ /* Certificate is fine, except we don't know the issuer, so TOFU time */
- if (gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &info)) {
- /*
- * GNUTLS doesn't correctly export gnutls_free symbol which is
- * a function pointer. Linking with Visual Studio 2008 Express will
- * fail when you call gnutls_free().
- */
-#if WIN32
- free(info.data);
-#else
- gnutls_free(info.data);
-#endif
- throw AuthFailureException("Could not find certificate to display");
+ homeDir = NULL;
+ if (getvnchomedir(&homeDir) == -1) {
+ throw AuthFailureException("Could not obtain VNC home directory "
+ "path for known hosts storage");
}
- size_t out_size = 0;
- char *out_buf = NULL;
- char *certinfo = NULL;
- int len = 0;
-
- vlog.debug("certificate issuer unknown");
-
- len = snprintf(NULL, 0, "This certificate has been signed by an unknown "
- "authority:\n\n%s\n\nDo you want to save it and "
- "continue?\n ", info.data);
- if (len < 0)
- throw AuthFailureException("certificate decoding error");
-
- vlog.debug("%s", info.data);
-
- certinfo = new char[len];
-
- snprintf(certinfo, len, "This certificate has been signed by an unknown "
- "authority:\n\n%s\n\nDo you want to save it and "
- "continue? ", info.data);
+ CharArray dbPath(strlen(homeDir) + 16 + 1);
+ sprintf(dbPath.buf, "%sx509_known_hosts", homeDir);
+ delete [] homeDir;
- for (int i = 0; i < len - 1; i++)
- if (certinfo[i] == ',' && certinfo[i + 1] == ' ')
- certinfo[i] = '\n';
+ err = gnutls_verify_stored_pubkey(dbPath.buf, NULL,
+ client->getServerName(), NULL,
+ GNUTLS_CRT_X509, &cert_list[0], 0);
- if (!msg->showMsgBox(UserMsgBox::M_YESNO, "certificate issuer unknown",
- certinfo)) {
- delete [] certinfo;
- throw AuthFailureException("certificate issuer unknown");
+ /* Previously known? */
+ if (err == GNUTLS_E_SUCCESS) {
+ vlog.debug("Server certificate found in known hosts file");
+ gnutls_x509_crt_deinit(crt);
+ return;
}
- delete [] certinfo;
-
- if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size)
- != GNUTLS_E_SHORT_MEMORY_BUFFER)
- throw AuthFailureException("certificate issuer unknown, and certificate "
- "export failed");
+ if ((err != GNUTLS_E_NO_CERTIFICATE_FOUND) &&
+ (err != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)) {
+ throw AuthFailureException("Could not load known hosts database");
+ }
- // Save cert
- out_buf = new char[out_size];
+ if (gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &info))
+ throw AuthFailureException("Could not find certificate to display");
- if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0)
- throw AuthFailureException("certificate issuer unknown, and certificate "
- "export failed");
+ len = strlen((char*)info.data);
+ for (size_t i = 0; i < len - 1; i++) {
+ if (info.data[i] == ',' && info.data[i + 1] == ' ')
+ info.data[i] = '\n';
+ }
- char *homeDir = NULL;
- if (getvnchomedir(&homeDir) == -1)
- vlog.error("Could not obtain VNC home directory path");
- else {
- FILE *f;
- CharArray caSave(strlen(homeDir) + 1 + 19);
- sprintf(caSave.buf, "%sx509_savedcerts.pem", homeDir);
- delete [] homeDir;
- f = fopen(caSave.buf, "a+");
- if (!f)
- msg->showMsgBox(UserMsgBox::M_OK, "certificate save failed",
- "Could not save the certificate");
- else {
- fprintf(f, "%s\n", out_buf);
- fclose(f);
- }
+ /* New host */
+ if (err == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ CharArray text;
+
+ vlog.debug("Server host not previously known");
+ vlog.debug("%s", info.data);
+
+ text.format("This certificate has been signed by an unknown "
+ "authority:\n\n%s\n\nSomeone could be trying to "
+ "impersonate the site and you should not "
+ "continue.\n\nDo you want to make an exception "
+ "for this server?", info.data);
+
+ if (!msg->showMsgBox(UserMsgBox::M_YESNO,
+ "Unknown certificate issuer",
+ text.buf))
+ throw AuthFailureException("Unknown certificate issuer");
+ } else if (err == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ CharArray text;
+
+ vlog.debug("Server host key mismatch");
+ vlog.debug("%s", info.data);
+
+ text.format("This host is previously known with a different "
+ "certificate, and the new certificate has been "
+ "signed by an unknown authority:\n\n%s\n\nSomeone "
+ "could be trying to impersonate the site and you "
+ "should not continue.\n\nDo you want to make an "
+ "exception for this server?", info.data);
+
+ if (!msg->showMsgBox(UserMsgBox::M_YESNO,
+ "Unexpected server certificate",
+ text.buf))
+ throw AuthFailureException("Unexpected server certificate");
}
- delete [] out_buf;
+ if (gnutls_store_pubkey(dbPath.buf, NULL, client->getServerName(),
+ NULL, GNUTLS_CRT_X509, &cert_list[0], 0, 0))
+ vlog.error("Failed to store server certificate to known hosts database");
gnutls_x509_crt_deinit(crt);
/*
--
2.16.4

234
U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
View File

@ -1,234 +0,0 @@
From f029745f63ac7d22fb91639b2cb5b3ab56134d6e Mon Sep 17 00:00:00 2001
From: "Brian P. Hinz" <bphinz@users.sf.net>
Date: Tue, 8 Sep 2020 10:13:32 +0200
Subject: [PATCH] Properly store certificate exceptions in Java viewer
Like the native viewer, the Java viewer didn't store certificate
exceptions properly. Whilst not as bad as the native viewer, it still
failed to check that a stored certificate wouldn't be maliciously used
for another server. In practice this can in most cases be used to
impersonate another server.
Handle this like the native viewer by storing exceptions for a specific
hostname/certificate combination.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 164 ++++++++++++++++++++------------
1 file changed, 101 insertions(+), 63 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index ad6f6fe1..e63945dc 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -107,12 +107,6 @@ public class CSecurityTLS extends CSecurity {
X509CRL.setDefaultStr(getDefaultCRL());
}
-// FIXME:
-// Need to shutdown the connection cleanly
-
-// FIXME?
-// add a finalizer method that calls shutdown
-
public boolean processMsg(CConnection cc) {
is = (FdInStream)cc.getInStream();
os = (FdOutStream)cc.getOutStream();
@@ -269,8 +263,13 @@ public class CSecurityTLS extends CSecurity {
{
Collection<? extends Certificate> certs = null;
X509Certificate cert = chain[0];
+ String pk =
+ Base64.getEncoder().encodeToString(cert.getPublicKey().getEncoded());
try {
cert.checkValidity();
+ verifyHostname(cert);
+ } catch(CertificateParsingException e) {
+ throw new SystemException(e.getMessage());
} catch(CertificateNotYetValidException e) {
throw new AuthFailureException("server certificate has not been activated");
} catch(CertificateExpiredException e) {
@@ -279,73 +278,111 @@ public class CSecurityTLS extends CSecurity {
"do you want to continue?"))
throw new AuthFailureException("server certificate has expired");
}
- String thumbprint = getThumbprint(cert);
File vncDir = new File(FileUtils.getVncHomeDir());
- File certFile = new File(vncDir, "x509_savedcerts.pem");
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- if (vncDir.exists() && certFile.exists() && certFile.canRead()) {
- InputStream certStream = new MyFileInputStream(certFile);
- certs = cf.generateCertificates(certStream);
- for (Certificate c : certs)
- if (thumbprint.equals(getThumbprint((X509Certificate)c)))
- return;
- }
+ if (!vncDir.exists())
+ throw new AuthFailureException("Could not obtain VNC home directory "+
+ "path for known hosts storage");
+ File dbPath = new File(vncDir, "x509_known_hosts");
+ String info =
+ " Subject: "+cert.getSubjectX500Principal().getName()+"\n"+
+ " Issuer: "+cert.getIssuerX500Principal().getName()+"\n"+
+ " Serial Number: "+cert.getSerialNumber()+"\n"+
+ " Version: "+cert.getVersion()+"\n"+
+ " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+
+ " Not Valid Before: "+cert.getNotBefore()+"\n"+
+ " Not Valid After: "+cert.getNotAfter()+"\n"+
+ " SHA-1 Fingerprint: "+getThumbprint(cert)+"\n";
try {
- verifyHostname(cert);
+ if (dbPath.exists()) {
+ FileReader db = new FileReader(dbPath);
+ BufferedReader dbBuf = new BufferedReader(db);
+ String line;
+ String server = client.getServerName().toLowerCase();
+ while ((line = dbBuf.readLine())!=null) {
+ String fields[] = line.split("\\|");
+ if (fields.length==6) {
+ if (server.equals(fields[2]) && pk.equals(fields[5])) {
+ vlog.debug("Server certificate found in known hosts file");
+ dbBuf.close();
+ return;
+ } else if (server.equals(fields[2]) && !pk.equals(fields[5]) ||
+ !server.equals(fields[2]) && pk.equals(fields[5])) {
+ throw new CertStoreException();
+ }
+ }
+ }
+ dbBuf.close();
+ }
tm.checkServerTrusted(chain, authType);
+ } catch (IOException e) {
+ throw new AuthFailureException("Could not load known hosts database");
+ } catch (CertStoreException e) {
+ vlog.debug("Server host key mismatch");
+ vlog.debug(info);
+ String text =
+ "This host is previously known with a different "+
+ "certificate, and the new certificate has been "+
+ "signed by an unknown authority\n"+
+ "\n"+info+"\n"+
+ "Someone could be trying to impersonate the site and you should not continue.\n"+
+ "\n"+
+ "Do you want to make an exception for this server?";
+ if (!msg.showMsgBox(YES_NO_OPTION, "Unexpected certificate issuer", text))
+ throw new AuthFailureException("Unexpected certificate issuer");
+ store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
} catch (java.lang.Exception e) {
if (e.getCause() instanceof CertPathBuilderException) {
- String certinfo =
+ vlog.debug("Server host not previously known");
+ vlog.debug(info);
+ String text =
"This certificate has been signed by an unknown authority\n"+
+ "\n"+info+"\n"+
+ "Someone could be trying to impersonate the site and you should not continue.\n"+
"\n"+
- " Subject: "+cert.getSubjectX500Principal().getName()+"\n"+
- " Issuer: "+cert.getIssuerX500Principal().getName()+"\n"+
- " Serial Number: "+cert.getSerialNumber()+"\n"+
- " Version: "+cert.getVersion()+"\n"+
- " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+
- " Not Valid Before: "+cert.getNotBefore()+"\n"+
- " Not Valid After: "+cert.getNotAfter()+"\n"+
- " SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+
- "\n"+
- "Do you want to save it and continue?";
- if (!msg.showMsgBox(YES_NO_OPTION, "certificate issuer unknown",
- certinfo)) {
- throw new AuthFailureException("certificate issuer unknown");
- }
- if (certs == null || !certs.contains(cert)) {
- byte[] der = cert.getEncoded();
- String pem = Base64.getEncoder().encodeToString(der);
- pem = pem.replaceAll("(.{64})", "$1\n");
- FileWriter fw = null;
- try {
- if (!vncDir.exists())
- vncDir.mkdir();
- if (!certFile.exists() && !certFile.createNewFile()) {
- vlog.error("Certificate save failed.");
- } else {
- fw = new FileWriter(certFile.getAbsolutePath(), true);
- fw.write("-----BEGIN CERTIFICATE-----\n");
- fw.write(pem+"\n");
- fw.write("-----END CERTIFICATE-----\n");
- }
- } catch (IOException ioe) {
- msg.showMsgBox(OK_OPTION, "certificate save failed",
- "Could not save the certificate");
- } finally {
- try {
- if (fw != null)
- fw.close();
- } catch(IOException ioe2) {
- throw new Exception(ioe2.getMessage());
- }
- }
- }
+ "Do you want to make an exception for this server?";
+ if (!msg.showMsgBox(YES_NO_OPTION, "Unknown certificate issuer", text))
+ throw new AuthFailureException("Unknown certificate issuer");
+ store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
} else {
throw new SystemException(e.getMessage());
}
}
}
+ private void store_pubkey(File dbPath, String serverName, String pk)
+ {
+ ArrayList<String> lines = new ArrayList<String>();
+ File vncDir = new File(FileUtils.getVncHomeDir());
+ try {
+ if (dbPath.exists()) {
+ FileReader db = new FileReader(dbPath);
+ BufferedReader dbBuf = new BufferedReader(db);
+ String line;
+ while ((line = dbBuf.readLine())!=null) {
+ String fields[] = line.split("\\|");
+ if (fields.length==6)
+ if (!serverName.equals(fields[2]) && !pk.equals(fields[5]))
+ lines.add(line);
+ }
+ dbBuf.close();
+ }
+ } catch (IOException e) {
+ throw new AuthFailureException("Could not load known hosts database");
+ }
+ try {
+ if (!dbPath.exists())
+ dbPath.createNewFile();
+ FileWriter fw = new FileWriter(dbPath.getAbsolutePath(), false);
+ Iterator i = lines.iterator();
+ while (i.hasNext())
+ fw.write((String)i.next()+"\n");
+ fw.write("|g0|"+serverName+"|*|0|"+pk+"\n");
+ fw.close();
+ } catch (IOException e) {
+ vlog.error("Failed to store server certificate to known hosts database");
+ }
+ }
+
public X509Certificate[] getAcceptedIssuers ()
{
return tm.getAcceptedIssuers();
@@ -399,12 +436,13 @@ public class CSecurityTLS extends CSecurity {
}
Object[] answer = {"YES", "NO"};
int ret = JOptionPane.showOptionDialog(null,
- "Hostname verification failed. Do you want to continue?",
- "Hostname Verification Failure",
+ "Hostname ("+client.getServerName()+") does not match the"+
+ " server certificate, do you want to continue?",
+ "Certificate hostname mismatch",
JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
null, answer, answer[0]);
if (ret != JOptionPane.YES_OPTION)
- throw new WarningException("Hostname verification failed.");
+ throw new WarningException("Certificate hostname mismatch.");
} catch (CertificateParsingException e) {
throw new SystemException(e.getMessage());
} catch (InvalidNameException e) {
--
2.16.4

29
U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
View File

@ -1,29 +0,0 @@
From 9f83180219380c690fb743182308bc2d534b8b1b Mon Sep 17 00:00:00 2001
From: Dominique Martinet <asmadeus@codewreck.org>
Date: Sun, 8 Jul 2018 02:15:43 +0900
Subject: [PATCH] viewer: reset ctrl / alt to menu state on focus
Setting Ctrl or Alt key on menu only sends the key press, and the
state is lost when focus is lost and recovered.
This checks the menu variable and sends the keys again if needed.
---
vncviewer/Viewport.cxx | 6 ++++++
1 file changed, 6 insertions(+)
Index: b/vncviewer/Viewport.cxx
===================================================================
--- a/vncviewer/Viewport.cxx
+++ b/vncviewer/Viewport.cxx
@@ -655,6 +655,12 @@ int Viewport::handle(int event)
if (menuAltKey)
handleKeyPress(0x38, XK_Alt_L);
+ // Resend Ctrl/Alt if needed
+ if (menuCtrlKey)
+ handleKeyPress(0x1d, XK_Control_L);
+ if (menuAltKey)
+ handleKeyPress(0x38, XK_Alt_L);
+
// Yes, we would like some focus please!
return 1;

4
n_correct_path_in_desktop_file.patch
View File

@ -10,8 +10,8 @@ Index: tigervnc-1.9.0/vncviewer/vncviewer.desktop.in.in
Name=TigerVNC Viewer Name=TigerVNC Viewer
GenericName=Remote Desktop Viewer GenericName=Remote Desktop Viewer
Comment=Connect to VNC server and display remote desktop Comment=Connect to VNC server and display remote desktop
-Exec=@BIN_DIR@/vncviewer -Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer
+Exec=@BIN_DIR@/vncviewer-tigervnc +Exec=@CMAKE_INSTALL_FULL_BINDIR@/vncviewer-tigervnc
Icon=tigervnc Icon=tigervnc
Terminal=false Terminal=false
Type=Application Type=Application

44
n_tigervnc-date-time.patch
View File

@ -1,48 +1,48 @@
Index: b/unix/xserver/hw/vnc/buildtime.c Index: tigervnc-1.12.0/unix/xserver/hw/vnc/buildtime.c
=================================================================== ===================================================================
--- a/unix/xserver/hw/vnc/buildtime.c --- tigervnc-1.12.0.orig/unix/xserver/hw/vnc/buildtime.c
+++ b/unix/xserver/hw/vnc/buildtime.c +++ tigervnc-1.12.0/unix/xserver/hw/vnc/buildtime.c
@@ -15,4 +15,4 @@ @@ -15,4 +15,4 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA. * USA.
*/ */
-char buildtime[] = __DATE__ " " __TIME__; -char buildtime[] = __DATE__ " " __TIME__;
+char buildtime[] = "??? ?? ???? ??:??:??"; +char buildtime[] = "??? ?? ???? ??:??:??";
Index: b/unix/vncconfig/buildtime.c Index: tigervnc-1.12.0/unix/vncconfig/buildtime.c
=================================================================== ===================================================================
--- a/unix/vncconfig/buildtime.c --- tigervnc-1.12.0.orig/unix/vncconfig/buildtime.c
+++ b/unix/vncconfig/buildtime.c +++ tigervnc-1.12.0/unix/vncconfig/buildtime.c
@@ -15,4 +15,4 @@ @@ -15,4 +15,4 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA. * USA.
*/ */
-char buildtime[] = __DATE__ " " __TIME__; -char buildtime[] = __DATE__ " " __TIME__;
+char buildtime[] = "??? ?? ???? ??:??:??"; +char buildtime[] = "??? ?? ???? ??:??:??";
Index: b/unix/x0vncserver/buildtime.c Index: tigervnc-1.12.0/unix/x0vncserver/buildtime.c
=================================================================== ===================================================================
--- a/unix/x0vncserver/buildtime.c --- tigervnc-1.12.0.orig/unix/x0vncserver/buildtime.c
+++ b/unix/x0vncserver/buildtime.c +++ tigervnc-1.12.0/unix/x0vncserver/buildtime.c
@@ -15,4 +15,4 @@ @@ -15,4 +15,4 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA. * USA.
*/ */
-char buildtime[] = __DATE__ " " __TIME__; -char buildtime[] = __DATE__ " " __TIME__;
+char buildtime[] = "??? ?? ???? ??:??:??"; +char buildtime[] = "??? ?? ???? ??:??:??";
Index: b/win/winvnc/buildTime.cxx Index: tigervnc-1.12.0/win/winvnc/buildTime.cxx
=================================================================== ===================================================================
--- a/win/winvnc/buildTime.cxx --- tigervnc-1.12.0.orig/win/winvnc/buildTime.cxx
+++ b/win/winvnc/buildTime.cxx +++ tigervnc-1.12.0/win/winvnc/buildTime.cxx
@@ -15,4 +15,4 @@ @@ -15,4 +15,4 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA. * USA.
*/ */
-const char* buildTime = "Built on " __DATE__ " at " __TIME__; -const char* buildTime = "Built on " __DATE__ " at " __TIME__;
+const char* buildTime = "Built on ??? ?? ???? at ??:??:??"; +const char* buildTime = "Built on ??? ?? ???? at ??:??:??";
Index: b/CMakeLists.txt Index: tigervnc-1.12.0/CMakeLists.txt
=================================================================== ===================================================================
--- a/CMakeLists.txt --- tigervnc-1.12.0.orig/CMakeLists.txt
+++ b/CMakeLists.txt +++ tigervnc-1.12.0/CMakeLists.txt
@@ -42,10 +42,6 @@ if(MSVC) @@ -44,10 +44,6 @@ if(MSVC)
message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW") message(FATAL_ERROR "TigerVNC cannot be built with Visual Studio. Please use MinGW")
endif() endif()
@ -53,11 +53,11 @@ Index: b/CMakeLists.txt
# Default to optimised builds instead of debug ones. Our code has no bugs ;) # Default to optimised builds instead of debug ones. Our code has no bugs ;)
# (CMake makes it fairly easy to toggle this back to Debug if needed) # (CMake makes it fairly easy to toggle this back to Debug if needed)
if(NOT CMAKE_BUILD_TYPE) if(NOT CMAKE_BUILD_TYPE)
Index: b/vncviewer/vncviewer.cxx Index: tigervnc-1.12.0/vncviewer/vncviewer.cxx
=================================================================== ===================================================================
--- a/vncviewer/vncviewer.cxx --- tigervnc-1.12.0.orig/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx +++ tigervnc-1.12.0/vncviewer/vncviewer.cxx
@@ -98,11 +98,9 @@ static const char *about_text() @@ -104,11 +104,9 @@ static const char *about_text()
// time. // time.
snprintf(buffer, sizeof(buffer), snprintf(buffer, sizeof(buffer),
_("TigerVNC Viewer %d-bit v%s\n" _("TigerVNC Viewer %d-bit v%s\n"
@ -65,8 +65,8 @@ Index: b/vncviewer/vncviewer.cxx
"Copyright (C) 1999-%d TigerVNC Team and many others (see README.rst)\n" "Copyright (C) 1999-%d TigerVNC Team and many others (see README.rst)\n"
"See https://www.tigervnc.org for information on TigerVNC."), "See https://www.tigervnc.org for information on TigerVNC."),
- (int)sizeof(size_t)*8, PACKAGE_VERSION, - (int)sizeof(size_t)*8, PACKAGE_VERSION,
- BUILD_TIMESTAMP, 2019); - BUILD_TIMESTAMP, 2021);
+ (int)sizeof(size_t)*8, PACKAGE_VERSION, 2019); + (int)sizeof(size_t)*8, PACKAGE_VERSION, 2021);
return buffer; return buffer;
} }

8
n_utilize-system-crypto-policies.patch
View File

@ -1,12 +1,12 @@
Index: tigervnc-1.10.1/common/rfb/Security.cxx Index: tigervnc-1.12.0/common/rfb/Security.cxx
=================================================================== ===================================================================
--- tigervnc-1.10.1.orig/common/rfb/Security.cxx --- tigervnc-1.12.0.orig/common/rfb/Security.cxx
+++ tigervnc-1.10.1/common/rfb/Security.cxx +++ tigervnc-1.12.0/common/rfb/Security.cxx
@@ -52,7 +52,7 @@ static LogWriter vlog("Security"); @@ -52,7 +52,7 @@ static LogWriter vlog("Security");
#ifdef HAVE_GNUTLS #ifdef HAVE_GNUTLS
StringParameter Security::GnuTLSPriority("GnuTLSPriority", StringParameter Security::GnuTLSPriority("GnuTLSPriority",
"GnuTLS priority string that controls the TLS sessions handshake algorithms", "GnuTLS priority string that controls the TLS sessions handshake algorithms",
- "NORMAL"); - "");
+ "@SYSTEM"); + "@SYSTEM");
#endif #endif

3
tigervnc-1.10.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:19fcc80d7d35dd58115262e53cac87d8903180261d94c2a6b0c19224f50b58c4
size 1408105

3
tigervnc-1.12.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
size 1561898

129
tigervnc-FIPS-use-RFC7919.patch
View File

@ -1,129 +0,0 @@
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index d5ef47e..2ba787e 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -37,7 +37,23 @@
#include <rdr/TLSOutStream.h>
#include <gnutls/x509.h>
-#define DH_BITS 1024 /* XXX This should be configurable! */
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+/* FFDHE (RFC-7919) 2048-bit parameters, PEM-encoded */
+static unsigned char ffdhe2048[] =
+ "-----BEGIN DH PARAMETERS-----\n"
+ "MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
+ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
+ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
+ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
+ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
+ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICAOE=\n"
+ "-----END DH PARAMETERS-----\n";
+
+static const gnutls_datum_t pkcs3_param = {
+ ffdhe2048,
+ sizeof(ffdhe2048)
+};
+#endif
using namespace rfb;
@@ -50,15 +66,20 @@ StringParameter SSecurityTLS::X509_KeyFile
static LogWriter vlog("TLS");
SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
- : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL),
+ : SSecurity(sc), session(NULL), anon_cred(NULL),
cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL),
rawis(NULL), rawos(NULL)
{
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+ dh_params = NULL;
+#endif
+
certfile = X509_CertFile.getData();
keyfile = X509_KeyFile.getData();
if (gnutls_global_init() != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_global_init failed");
+
}
void SSecurityTLS::shutdown()
@@ -70,10 +91,12 @@ void SSecurityTLS::shutdown()
}
}
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
if (dh_params) {
gnutls_dh_params_deinit(dh_params);
dh_params = 0;
}
+#endif
if (anon_cred) {
gnutls_anon_free_server_credentials(anon_cred);
@@ -198,17 +221,21 @@ void SSecurityTLS::setParams(gnutls_session_t session)
throw AuthFailureException("gnutls_set_priority_direct failed");
}
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_dh_params_init failed");
- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_dh_params_generate2 failed");
+ if (gnutls_dh_params_import_pkcs3(dh_params, &pkcs3_param, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
+ throw AuthFailureException("gnutls_dh_params_import_pkcs3 failed");
+#endif
if (anon) {
if (gnutls_anon_allocate_server_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_anon_allocate_server_credentials failed");
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred)
!= GNUTLS_E_SUCCESS)
@@ -220,7 +247,9 @@ void SSecurityTLS::setParams(gnutls_session_t session)
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
gnutls_certificate_set_dh_params(cert_cred, dh_params);
+#endif
switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) {
case GNUTLS_E_SUCCESS:
diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
index 6f71182..4bddae3 100644
--- a/common/rfb/SSecurityTLS.h
+++ b/common/rfb/SSecurityTLS.h
@@ -36,6 +36,14 @@
#include <rdr/OutStream.h>
#include <gnutls/gnutls.h>
+
+/* In GnuTLS 3.6.0 DH parameter generation was deprecated. RFC7919 is used instead.
+ * GnuTLS before 3.6.0 doesn't know about RFC7919 so we will have to import it.
+ */
+#if GNUTLS_VERSION_NUMBER < 0x030600
+#define SSECURITYTLS__USE_DEPRECATED_DH
+#endif
+
namespace rfb {
class SSecurityTLS : public SSecurity {
@@ -54,8 +62,11 @@ namespace rfb {
void setParams(gnutls_session_t session);
private:
+ bool isUsingDeprecatedDH;
gnutls_session_t session;
+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
gnutls_dh_params_t dh_params;
+#endif
gnutls_anon_server_credentials_t anon_cred;
gnutls_certificate_credentials_t cert_cred;
char *keyfile, *certfile;

61
tigervnc-clean-pressed-key-on-exit.patch
View File

@ -1,21 +1,21 @@
Index: b/vncviewer/DesktopWindow.cxx Index: tigervnc-1.12.0/vncviewer/DesktopWindow.cxx
=================================================================== ===================================================================
--- a/vncviewer/DesktopWindow.cxx --- tigervnc-1.12.0.orig/vncviewer/DesktopWindow.cxx
+++ b/vncviewer/DesktopWindow.cxx +++ tigervnc-1.12.0/vncviewer/DesktopWindow.cxx
@@ -207,6 +207,8 @@ DesktopWindow::~DesktopWindow() @@ -236,6 +236,8 @@ DesktopWindow::~DesktopWindow()
delete statsGraph; delete statsGraph;
+ delete viewport; + delete viewport;
+ +
// FLTK automatically deletes all child widgets, so we shouldn't touch instances.erase(this);
// them ourselves here
} if (instances.size() == 0)
Index: b/vncviewer/Viewport.cxx Index: tigervnc-1.12.0/vncviewer/Viewport.cxx
=================================================================== ===================================================================
--- a/vncviewer/Viewport.cxx --- tigervnc-1.12.0.orig/vncviewer/Viewport.cxx
+++ b/vncviewer/Viewport.cxx +++ tigervnc-1.12.0/vncviewer/Viewport.cxx
@@ -189,6 +189,18 @@ Viewport::Viewport(int w, int h, const r @@ -192,6 +192,18 @@ Viewport::Viewport(int w, int h, const r
Viewport::~Viewport() Viewport::~Viewport()
{ {
@ -34,20 +34,28 @@ Index: b/vncviewer/Viewport.cxx
// Unregister all timeouts in case they get a change tro trigger // Unregister all timeouts in case they get a change tro trigger
// again later when this object is already gone. // again later when this object is already gone.
Fl::remove_timeout(handlePointerTimeout, this); Fl::remove_timeout(handlePointerTimeout, this);
Index: b/vncviewer/vncviewer.cxx Index: tigervnc-1.12.0/vncviewer/vncviewer.cxx
=================================================================== ===================================================================
--- a/vncviewer/vncviewer.cxx --- tigervnc-1.12.0.orig/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx +++ tigervnc-1.12.0/vncviewer/vncviewer.cxx
@@ -107,6 +107,8 @@ static const char *about_text() @@ -113,6 +113,7 @@ static const char *about_text()
return buffer; return buffer;
} }
+static CConn *cc; +static CConn *cc;
+
void exit_vncviewer(const char *error) void abort_vncviewer(const char *error, ...)
{ {
// Prioritise the first error we get as that is probably the most @@ -176,8 +177,6 @@ void about_vncviewer()
@@ -177,6 +179,16 @@ static void CleanupSignalHandler(int sig static void mainloop(const char* vncserver, network::Socket* sock)
{
while (true) {
- CConn *cc;
-
exitMainloop = false;
cc = new CConn(vncServerName, sock);
@@ -262,6 +261,16 @@ static void CleanupSignalHandler(int sig
// CleanupSignalHandler allows C++ object cleanup to happen because it calls // CleanupSignalHandler allows C++ object cleanup to happen because it calls
// exit() rather than the default which is to abort. // exit() rather than the default which is to abort.
vlog.info(_("Termination signal %d has been received. TigerVNC Viewer will now exit."), sig); vlog.info(_("Termination signal %d has been received. TigerVNC Viewer will now exit."), sig);
@ -64,22 +72,13 @@ Index: b/vncviewer/vncviewer.cxx
exit(1); exit(1);
} }
@@ -587,6 +599,9 @@ int main(int argc, char** argv) @@ -744,6 +753,9 @@ int main(int argc, char** argv)
XkbSetDetectableAutoRepeat(fl_display, True, NULL); XkbSetDetectableAutoRepeat(fl_display, True, NULL);
#endif #endif
+ fl_open_display(); + fl_open_display();
+ XSetIOErrorHandler(CleanupXIOErrorHandler); + XSetIOErrorHandler(CleanupXIOErrorHandler);
+ +
CSecurity::upg = &dlg; init_fltk();
#ifdef HAVE_GNUTLS enable_touch();
CSecurityTLS::msg = &dlg;
@@ -672,7 +687,7 @@ int main(int argc, char** argv)
#endif
}
- CConn *cc = new CConn(vncServerName, sock);
+ cc = new CConn(vncServerName, sock);
while (!exitMainloop)
run_mainloop();

60
tigervnc-fix-saving-of-bad-server-certs.patch
View File

@ -1,60 +0,0 @@
From dbad687182ae9093efaf096a069eeafc18b22973 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Mon, 30 Dec 2019 10:24:11 +0100
Subject: [PATCH 1/2] Fix saving of bad server certificates
This check is completely backwards and it is currently unknown how
this ever worked.
---
common/rfb/CSecurityTLS.cxx | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index aa1910909..c1a00212a 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -416,8 +416,9 @@ void CSecurityTLS::checkSession()
delete [] certinfo;
if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size)
- == GNUTLS_E_SHORT_MEMORY_BUFFER)
- throw AuthFailureException("Out of memory");
+ != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ throw AuthFailureException("certificate issuer unknown, and certificate "
+ "export failed");
// Save cert
out_buf = new char[out_size];
From 6208f47dcbf68ff1e751b0b526bb643f0da867a6 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Mon, 30 Dec 2019 10:26:12 +0100
Subject: [PATCH 2/2] Remove unneeded memory checks
new throws an exception on allocation errors rather than return NULL.
---
common/rfb/CSecurityTLS.cxx | 4 ----
1 file changed, 4 deletions(-)
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index c1a00212a..5c303a37c 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -396,8 +396,6 @@ void CSecurityTLS::checkSession()
vlog.debug("%s", info.data);
certinfo = new char[len];
- if (certinfo == NULL)
- throw AuthFailureException("Out of memory");
snprintf(certinfo, len, "This certificate has been signed by an unknown "
"authority:\n\n%s\n\nDo you want to save it and "
@@ -422,8 +420,6 @@ void CSecurityTLS::checkSession()
// Save cert
out_buf = new char[out_size];
- if (out_buf == NULL)
- throw AuthFailureException("Out of memory");
if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0)
throw AuthFailureException("certificate issuer unknown, and certificate "

10
tigervnc-newfbsize.patch
View File

@ -1,13 +1,13 @@
Index: b/vncviewer/CConn.cxx Index: tigervnc-1.12.0/vncviewer/CConn.cxx
=================================================================== ===================================================================
--- a/vncviewer/CConn.cxx --- tigervnc-1.12.0.orig/vncviewer/CConn.cxx
+++ b/vncviewer/CConn.cxx +++ tigervnc-1.12.0/vncviewer/CConn.cxx
@@ -388,6 +388,8 @@ void CConn::dataRect(const Rect& r, int @@ -416,6 +416,8 @@ bool CConn::dataRect(const Rect& r, int
if (encoding != encodingCopyRect) if (encoding != encodingCopyRect)
lastServerEncoding = encoding; lastServerEncoding = encoding;
+ if (encoding == pseudoEncodingDesktopSize) + if (encoding == pseudoEncodingDesktopSize)
+ setDesktopSize( r.width(), r.height() ); + setDesktopSize( r.width(), r.height() );
CConnection::dataRect(r, encoding); ret = CConnection::dataRect(r, encoding);

48
tigervnc.changes
View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Thu Feb 17 09:22:52 UTC 2022 - Joan Torres <joan.torres@suse.com>
- Update to tigervnc 1.12.0
* The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed
* Recent server history in the native viewer
* The native viewer now has an option to reconnect if the connection is dropped
* Translations are now enabled on Windows and macOS for the native viewer
* The native viewer now respects the system security policy
* Better handling of accented keys in the Java viewer
* The Unix servers can now listen to both a Unix socket and a TCP port at the same time
* The network code in both the servers and the native viewer has been restructured to give a more responsive experience
* The vncserver service now correctly handles settings set to "0"
* Fixed the clipboard Unicode handling in both the native viewer and the servers
* Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games
- Update to tigervnc 1.11.0
* A security issue has been fixed in how the viewers handle TLS certificate exceptions
* vncserver has gotten a major redesign to be compatible with modern distributions
* The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel)
* Middle mouse button emulation in the native viewer, for devices with only two mouse buttons
* The Java viewer now supports Java 9+, but also now requires Java 8+
* Support for alpha cursors in the Java viewer (a feature already supported in the native viewer)
* The password and username can now be specified via the environment for the native viewer
* Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16
* The official builds have been fixed to work on the upcoming macOS 11
* The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy
- Removed patches (included in 1.12.0):
* U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
* tigervnc-fix-saving-of-bad-server-certs.patch
* u_xorg-server-1.20.7-ddxInputThreadInit.patch
* U_0001-Properly-store-certificate-exceptions.patch
* U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
* tigervnc-FIPS-use-RFC7919.patch
* u_Fix-non-functional-MaxDisconnectionTime.patch
- Removed patches (no longer needed):
* u_tigervnc-cve-2014-8240.patch (https://github.com/TigerVNC/tigervnc/pull/1258)
* u_tigervnc_update_default_vncxstartup.patch
- Refreshed patches:
* n_correct_path_in_desktop_file.patch
* n_tigervnc-date-time.patch
* n_utilize-system-crypto-policies.patch
* tigervnc-clean-pressed-key-on-exit.patch
* tigervnc-newfbsize.patch
* u_build_libXvnc_as_separate_library.patch
* u_change-button-layout-in-ServerDialog.patch
* u_tigervnc-add-autoaccept-parameter.patch
* u_tigervnc-211.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 10 12:17:07 UTC 2022 - Joan Torres <joan.torres@suse.com> Thu Feb 10 12:17:07 UTC 2022 - Joan Torres <joan.torres@suse.com>

76
tigervnc.spec
View File

@ -22,8 +22,6 @@
%define tlskey %{_sysconfdir}/vnc/tls.key %define tlskey %{_sysconfdir}/vnc/tls.key
%define tlscert %{_sysconfdir}/vnc/tls.cert %define tlscert %{_sysconfdir}/vnc/tls.cert
%define _unitdir %{_prefix}/lib/systemd/system
%if 0%{?suse_version} >= 1500 %if 0%{?suse_version} >= 1500
%define use_firewalld 1 %define use_firewalld 1
%else %else
@ -35,7 +33,7 @@
%endif %endif
Name: tigervnc Name: tigervnc
Version: 1.10.1 Version: 1.12.0
Release: 0 Release: 0
URL: http://tigervnc.org/ URL: http://tigervnc.org/
Summary: An implementation of VNC Summary: An implementation of VNC
@ -63,24 +61,15 @@ Patch1: tigervnc-newfbsize.patch
Patch2: tigervnc-clean-pressed-key-on-exit.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: u_tigervnc-ignore-epipe-on-write.patch Patch3: u_tigervnc-ignore-epipe-on-write.patch
Patch4: n_tigervnc-date-time.patch Patch4: n_tigervnc-date-time.patch
Patch5: u_tigervnc-cve-2014-8240.patch Patch5: u_build_libXvnc_as_separate_library.patch
Patch6: u_tigervnc_update_default_vncxstartup.patch Patch6: u_tigervnc-add-autoaccept-parameter.patch
Patch7: u_build_libXvnc_as_separate_library.patch Patch7: u_change-button-layout-in-ServerDialog.patch
Patch8: u_tigervnc-add-autoaccept-parameter.patch Patch8: n_correct_path_in_desktop_file.patch
Patch9: u_change-button-layout-in-ServerDialog.patch Patch9: n_utilize-system-crypto-policies.patch
Patch10: n_correct_path_in_desktop_file.patch Patch10: u_tigervnc-211.patch
Patch11: U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch Patch11: xserver211.patch
Patch12: tigervnc-fix-saving-of-bad-server-certs.patch Provides: tightvnc = 1.5.0
Patch13: u_xorg-server-1.20.7-ddxInputThreadInit.patch Obsoletes: tightvnc < 1.5.0
Patch21: U_0001-Properly-store-certificate-exceptions.patch
Patch22: U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
Patch23: n_utilize-system-crypto-policies.patch
Patch24: tigervnc-FIPS-use-RFC7919.patch
Patch25: u_tigervnc-211.patch
Patch26: u_Fix-non-functional-MaxDisconnectionTime.patch
Patch27: xserver211.patch
Provides: tightvnc = 1.3.9
Obsoletes: tightvnc < 1.3.9
Provides: vnc Provides: vnc
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -185,9 +174,9 @@ Requires: /bin/hostname
%ifnarch s390 s390x %ifnarch s390 s390x
Recommends: xorg-x11-Xvnc-module Recommends: xorg-x11-Xvnc-module
%endif %endif
Provides: tightvnc = 1.3.9 Provides: tightvnc = 1.5.0
Obsoletes: tightvnc < 1.5.0
Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh
Obsoletes: tightvnc < 1.3.9
%description -n xorg-x11-Xvnc %description -n xorg-x11-Xvnc
This is the TigerVNC implementation of Xvnc. This is the TigerVNC implementation of Xvnc.
@ -262,25 +251,15 @@ It maps common x11vnc arguments to x0vncserver arguments.
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch21 -p1
%patch22 -p1
%patch8 -p1 %patch8 -p1
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
%patch23 -p1 %patch9 -p1
%endif %endif
%patch24 -p1 %patch10 -p0
%patch25 -p0
%patch26 -p1
cp -r %{_prefix}/src/xserver/* unix/xserver/ cp -r %{_prefix}/src/xserver/* unix/xserver/
pushd unix/xserver pushd unix/xserver
#patch -p1 < ../xserver120.patch %patch11 -p1
%patch27 -p1
popd popd
%build %build
@ -290,7 +269,10 @@ export CFLAGS="%optflags"
sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE13} > xvnc@.service sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE13} > xvnc@.service
sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE21} > xvnc-novnc.service sed "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE21} > xvnc-novnc.service
# Build all tigervnc # Build all tigervnc
cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DCMAKE_BUILD_TYPE=RelWithDebInfo . cmake -DCMAKE_VERBOSE_MAKEFILE=ON \
-DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \
-DCMAKE_INSTALL_LIBEXECDIR:PATH=%{_libexecdir} \
-DCMAKE_BUILD_TYPE=RelWithDebInfo .
%make_build %make_build
# Build Xvnc server # Build Xvnc server
@ -319,7 +301,7 @@ popd
# Build java client # Build java client
pushd java pushd java
cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DJAVACFLAGS="-encoding utf8 -source 1.6 -target 1.6" . cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} .
%make_build %make_build
popd popd
@ -351,7 +333,7 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.
install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd install -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd
%endif %endif
# only package as %doc (boo#1173045) # only package as %%doc (boo#1173045)
cp %{SOURCE7} . cp %{SOURCE7} .
install -D -m 755 %{SOURCE8} %{buildroot}%{_bindir}/vncpasswd.arg install -D -m 755 %{SOURCE8} %{buildroot}%{_bindir}/vncpasswd.arg
install -D -m 644 %{SOURCE9} %{buildroot}%{_distconfdir}/pam.d/vnc install -D -m 644 %{SOURCE9} %{buildroot}%{_distconfdir}/pam.d/vnc
@ -380,7 +362,7 @@ install -D xvnc-novnc.service -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service
install -Dm0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/vnc.conf install -Dm0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/vnc.conf
rm -rf %{buildroot}%{_datadir}/doc/tigervnc-* rm -rf %{buildroot}%{_datadir}/doc/tigervnc*
%find_lang '%{name}' %find_lang '%{name}'
@ -475,27 +457,37 @@ fi
%files -n xorg-x11-Xvnc %files -n xorg-x11-Xvnc
%doc LICENCE.TXT README.rst vnc.reg %doc LICENCE.TXT README.rst vnc.reg
%doc unix/vncserver/HOWTO.md
%{_bindir}/Xvnc %{_bindir}/Xvnc
%{_bindir}/vncconfig %{_bindir}/vncconfig
%{_bindir}/vncpasswd %{_bindir}/vncpasswd
%{_bindir}/vncpasswd.arg %{_bindir}/vncpasswd.arg
%{_bindir}/vncserver
%{_bindir}/x0vncserver %{_bindir}/x0vncserver
%{_sbindir}/vncsession
%{_libexecdir}/vncserver
%{_libexecdir}/vncsession-start
%exclude %{_mandir}/man1/Xserver.1* %exclude %{_mandir}/man1/Xserver.1*
%{_mandir}/man1/Xvnc.1* %{_mandir}/man1/Xvnc.1*
%{_mandir}/man1/vncconfig.1* %{_mandir}/man1/vncconfig.1*
%{_mandir}/man1/vncpasswd.1* %{_mandir}/man1/vncpasswd.1*
%{_mandir}/man1/vncserver.1*
%{_mandir}/man1/x0vncserver.1* %{_mandir}/man1/x0vncserver.1*
%{_mandir}/man8/vncserver.8*
%{_mandir}/man8/vncsession.8*
%{_unitdir}/vncserver@.service
%{_unitdir}/xvnc@.service %{_unitdir}/xvnc@.service
%{_unitdir}/xvnc.socket %{_unitdir}/xvnc.socket
%{_unitdir}/xvnc.target %{_unitdir}/xvnc.target
%{_sysusersdir}/vnc.conf %{_sysusersdir}/vnc.conf
%{_sbindir}/rcxvnc %{_sbindir}/rcxvnc
%dir %{_sysconfdir}/tigervnc
%config(noreplace) %{_sysconfdir}/pam.d/tigervnc
%config(noreplace) %{_sysconfdir}/tigervnc/vncserver*
%exclude %{_sharedstatedir}/xkb/compiled/README.compiled %exclude %{_sharedstatedir}/xkb/compiled/README.compiled
%if %{use_firewalld} %if %{use_firewalld}

45
u_Fix-non-functional-MaxDisconnectionTime.patch
View File

@ -1,45 +0,0 @@
From 38726ce083db1a9227325bf87989513499bfa698 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 18 Jun 2020 09:20:17 +0200
Subject: [PATCH] Fix non-functional MaxDisconnectionTime
References: bsc#1195661
Upstream: Merged
Since 8e09912 this wasn't triggered properly as we checked if all
clients were gone before we actually removed the last client from our
list.
---
common/rfb/VNCServerST.cxx | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx
index 8329bb23..35f65a2e 100644
--- a/common/rfb/VNCServerST.cxx
+++ b/common/rfb/VNCServerST.cxx
@@ -172,11 +172,6 @@ void VNCServerST::removeSocket(network::Socket* sock) {
clipboardClient = NULL;
clipboardRequestors.remove(*ci);
- // Adjust the exit timers
- connectTimer.stop();
- if (rfb::Server::maxDisconnectionTime && clients.empty())
- disconnectTimer.start(secsToMillis(rfb::Server::maxDisconnectionTime));
-
// - Delete the per-Socket resources
delete *ci;
@@ -193,6 +188,11 @@ void VNCServerST::removeSocket(network::Socket* sock) {
if (comparer)
comparer->logStats();
+ // Adjust the exit timers
+ connectTimer.stop();
+ if (rfb::Server::maxDisconnectionTime && clients.empty())
+ disconnectTimer.start(secsToMillis(rfb::Server::maxDisconnectionTime));
+
return;
}
}
--
2.34.1

10
u_build_libXvnc_as_separate_library.patch
View File

@ -4,10 +4,10 @@ Subject: [PATCH] Build libXvnc as separate library.
So it can be used by others, not only vncconfig. So it can be used by others, not only vncconfig.
Index: b/unix/vncconfig/CMakeLists.txt Index: tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt
=================================================================== ===================================================================
--- a/unix/vncconfig/CMakeLists.txt --- tigervnc-1.12.0.orig/unix/vncconfig/CMakeLists.txt
+++ b/unix/vncconfig/CMakeLists.txt +++ tigervnc-1.12.0/unix/vncconfig/CMakeLists.txt
@@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR}) @@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR})
include_directories(${CMAKE_SOURCE_DIR}/common) include_directories(${CMAKE_SOURCE_DIR}/common)
include_directories(${CMAKE_SOURCE_DIR}/unix/tx) include_directories(${CMAKE_SOURCE_DIR}/unix/tx)
@ -32,7 +32,7 @@ Index: b/unix/vncconfig/CMakeLists.txt
-target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES}) -target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES})
+target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES}) +target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES})
install(TARGETS vncconfig DESTINATION ${BIN_DIR}) install(TARGETS vncconfig DESTINATION ${CMAKE_INSTALL_FULL_BINDIR})
+install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so) +install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so)
install(FILES vncconfig.man DESTINATION ${MAN_DIR}/man1 RENAME vncconfig.1) install(FILES vncconfig.man DESTINATION ${CMAKE_INSTALL_FULL_MANDIR}/man1 RENAME vncconfig.1)
+install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h) +install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h)

17
u_change-button-layout-in-ServerDialog.patch
View File

@ -8,20 +8,20 @@ To fit strings in languages with longer words...
vncviewer/ServerDialog.cxx | 4 +++- vncviewer/ServerDialog.cxx | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-) 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/vncviewer/ServerDialog.cxx b/vncviewer/ServerDialog.cxx Index: tigervnc-1.12.0/vncviewer/ServerDialog.cxx
index de67f87b..0a8aa775 100644 ===================================================================
--- a/vncviewer/ServerDialog.cxx --- tigervnc-1.12.0.orig/vncviewer/ServerDialog.cxx
+++ b/vncviewer/ServerDialog.cxx +++ tigervnc-1.12.0/vncviewer/ServerDialog.cxx
@@ -53,7 +53,7 @@ ServerDialog::ServerDialog() @@ -68,7 +68,7 @@ ServerDialog::ServerDialog()
serverName = new Fl_Input(x, y, w() - margin*2 - server_label_width, INPUT_HEIGHT, _("VNC server:")); serverName = new Fl_Input_Choice(x, y, w() - margin*2 - server_label_width, INPUT_HEIGHT, _("VNC server:"));
- int adjust = (w() - 20) / 4; - int adjust = (w() - 20) / 4;
+ int adjust = (w() - 20) / 3; + int adjust = (w() - 20) / 3;
int button_width = adjust - margin/2; int button_width = adjust - margin/2;
x = margin; x = margin;
@@ -76,6 +76,8 @@ ServerDialog::ServerDialog() @@ -91,6 +91,8 @@ ServerDialog::ServerDialog()
x = 0; x = 0;
y += margin/2 + BUTTON_HEIGHT; y += margin/2 + BUTTON_HEIGHT;
@ -30,6 +30,3 @@ index de67f87b..0a8aa775 100644
divider = new Fl_Box(x, y, w(), 2); divider = new Fl_Box(x, y, w(), 2);
divider->box(FL_THIN_DOWN_FRAME); divider->box(FL_THIN_DOWN_FRAME);
--
2.13.6

20
u_tigervnc-211.patch
View File

@ -1,11 +1,13 @@
--- ./unix/xserver/hw/vnc/xorg-version.h.orig 2021-10-28 13:58:20.309981257 +0200 Index: unix/xserver/hw/vnc/xorg-version.h
+++ ./unix/xserver/hw/vnc/xorg-version.h 2021-10-28 13:59:33.179368585 +0200 ===================================================================
@@ -54,6 +54,8 @@ --- unix/xserver/hw/vnc/xorg-version.h.orig
#define XORG 119 +++ unix/xserver/hw/vnc/xorg-version.h
#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (20 * 100000) + (99 * 1000)) @@ -33,7 +33,7 @@
#define XORG 120 #error "X.Org older than 1.16 is not supported"
+#elif XORG_VERSION_CURRENT < ((21 * 10000000) + (1 * 100000) + (99 * 1000)) #endif
+#define XORG 211
#else -#if XORG_AT_LEAST(1, 21, 0)
+#if XORG_AT_LEAST(1, 22, 0)
#error "X.Org newer than 1.20 is not supported" #error "X.Org newer than 1.20 is not supported"
#endif #endif

27
u_tigervnc-add-autoaccept-parameter.patch
View File

@ -1,7 +1,7 @@
Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
=================================================================== ===================================================================
--- tigervnc-1.10.1.orig/java/com/tigervnc/rfb/CSecurityTLS.java --- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java
+++ tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java +++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur @@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur
public static StringParameter X509CRL public static StringParameter X509CRL
= new StringParameter("X509CRL", = new StringParameter("X509CRL",
@ -26,9 +26,9 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
} }
+ String thumbprint = getThumbprint(cert); + String thumbprint = getThumbprint(cert);
File vncDir = new File(FileUtils.getVncHomeDir()); File vncDir = new File(FileUtils.getVncHomeDir());
if (!vncDir.exists()) if (!vncDir.exists()) {
throw new AuthFailureException("Could not obtain VNC home directory "+ try {
@@ -332,6 +337,9 @@ public class CSecurityTLS extends CSecur @@ -337,6 +342,9 @@ public class CSecurityTLS extends CSecur
store_pubkey(dbPath, client.getServerName().toLowerCase(), pk); store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
} catch (java.lang.Exception e) { } catch (java.lang.Exception e) {
if (e.getCause() instanceof CertPathBuilderException) { if (e.getCause() instanceof CertPathBuilderException) {
@ -38,7 +38,7 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
vlog.debug("Server host not previously known"); vlog.debug("Server host not previously known");
vlog.debug(info); vlog.debug(info);
String text = String text =
@@ -519,7 +527,7 @@ public class CSecurityTLS extends CSecur @@ -524,7 +532,7 @@ public class CSecurityTLS extends CSecur
private SSLEngineManager manager; private SSLEngineManager manager;
private boolean anon; private boolean anon;
@ -47,16 +47,3 @@ Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
private FdInStream is; private FdInStream is;
private FdOutStream os; private FdOutStream os;
Index: tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java
===================================================================
--- tigervnc-1.10.1.orig/java/com/tigervnc/vncviewer/VncViewer.java
+++ tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java
@@ -393,6 +393,8 @@ public class VncViewer extends javax.swi
// Called right after zero-arg constructor in applet mode
setLookAndFeel();
setBackground(Color.white);
+
+ SecurityClient.setDefaults();
applet = this;
vncServerName.put(loadAppletParameters(applet).toCharArray()).flip();
if (embed.getValue()) {

41
u_tigervnc-cve-2014-8240.patch
View File

@ -1,41 +0,0 @@
Patch-Mainline: To be upstreamed
References: bnc#900896 CVE-2014-8240
Signed-off-by: Michal Srb <msrb@suse.com>
Index: b/unix/x0vncserver/Image.cxx
===================================================================
--- a/unix/x0vncserver/Image.cxx
+++ b/unix/x0vncserver/Image.cxx
@@ -82,6 +82,14 @@ void Image::Init(int width, int height)
xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
+ if (xim->bytes_per_line <= 0 ||
+ xim->height <= 0 ||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
+ vlog.error("Invalid display size");
+ XDestroyImage(xim);
+ exit(1);
+ }
+
xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
if (xim->data == NULL) {
vlog.error("malloc() failed");
@@ -257,6 +265,17 @@ void ShmImage::Init(int width, int heigh
delete shminfo;
shminfo = NULL;
return;
+ }
+
+ if (xim->bytes_per_line <= 0 ||
+ xim->height <= 0 ||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
+ vlog.error("Invalid display size");
+ XDestroyImage(xim);
+ xim = NULL;
+ delete shminfo;
+ shminfo = NULL;
+ return;
}
shminfo->shmid = shmget(IPC_PRIVATE,

2
u_tigervnc-ignore-epipe-on-write.patch
View File

@ -9,7 +9,7 @@ Index: common/rdr/FdOutStream.cxx
=================================================================== ===================================================================
--- common/rdr/FdOutStream.cxx.orig --- common/rdr/FdOutStream.cxx.orig
+++ common/rdr/FdOutStream.cxx +++ common/rdr/FdOutStream.cxx
@@ -204,8 +204,12 @@ int FdOutStream::writeWithTimeout(const @@ -128,8 +128,12 @@ size_t FdOutStream::writeFd(const void*
#endif #endif
} while (n < 0 && (errno == EINTR)); } while (n < 0 && (errno == EINTR));

57
u_tigervnc_update_default_vncxstartup.patch
View File

@ -1,57 +0,0 @@
Author: Michal Srb <msrb@suse.com>
References: bnc#956537
Subject: Update default vnc xstartup script.
Index: tigervnc-1.10.1/unix/vncserver
===================================================================
--- tigervnc-1.10.1.orig/unix/vncserver
+++ tigervnc-1.10.1/unix/vncserver
@@ -58,27 +58,33 @@ $defaultXStartup
= ("#!/bin/sh\n\n".
"unset SESSION_MANAGER\n".
"unset DBUS_SESSION_BUS_ADDRESS\n".
- "OS=`uname -s`\n".
- "if [ \$OS = 'Linux' ]; then\n".
- " case \"\$WINDOWMANAGER\" in\n".
- " \*gnome\*)\n".
- " if [ -e /etc/SuSE-release ]; then\n".
- " PATH=\$PATH:/opt/gnome/bin\n".
- " export PATH\n".
- " fi\n".
- " ;;\n".
- " esac\n".
+ "\n".
+ "userclientrc=\$HOME/.xinitrc\n".
+ "sysclientrc=/usr/libexec/xinit/xinitrc\n".
+ "\n".
+ "if [ -f \"\$userclientrc\" ]; then\n".
+ " client=\"\$userclientrc\"\n".
+ "elif [ -f \"\$sysclientrc\" ]; then\n".
+ " client=\"\$sysclientrc\"\n".
+ "elif [ -f \"/etc/X11/xinit/xinitrc\" ]; then\n".
+ " client=\"/etc/X11/xinit/xinitrc\"\n".
"fi\n".
- "if [ -x /etc/X11/xinit/xinitrc ]; then\n".
- " exec /etc/X11/xinit/xinitrc\n".
+ "\n".
+ "if [ -x \"\$client\" ]; then\n".
+ " exec dbus-launch --exit-with-x11 \"\$client\"\n".
"fi\n".
- "if [ -f /etc/X11/xinit/xinitrc ]; then\n".
- " exec sh /etc/X11/xinit/xinitrc\n".
+ "if [ -f \"\$client\" ]; then\n".
+ " exec dbus-launch --exit-with-x11 sh \"\$client\"\n".
"fi\n".
+ "\n".
"[ -r \$HOME/.Xresources ] && xrdb \$HOME/.Xresources\n".
"xsetroot -solid grey\n".
"xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n".
- "twm &\n");
+ "if [ -x /usr/bin/twm ]; then\n".
+ " /usr/bin/twm &\n".
+ "else\n".
+ " echo \"No window manager found. You should install a window manager to get properly working VNC session.\"\n".
+ "fi\n");
$defaultConfig
= ("## Supported server options to pass to vncserver upon invocation can be listed\n".

19
u_xorg-server-1.20.7-ddxInputThreadInit.patch
View File

@ -1,19 +0,0 @@
diff -u -p -r tigervnc-1.10.0.old/unix/xserver/hw/vnc/xvnc.c tigervnc-1.10.0/unix/xserver/hw/vnc/xvnc.c
--- tigervnc-1.10.0.old/unix/xserver/hw/vnc/xvnc.c 2020-01-15 11:19:19.486731848 +0000
+++ tigervnc-1.10.0/unix/xserver/hw/vnc/xvnc.c 2020-01-15 11:37:33.275445409 +0000
@@ -295,6 +295,15 @@ void ddxBeforeReset(void)
}
#endif
+#if INPUTTHREAD
+/** This function is called in Xserver/os/inputthread.c when starting
+ the input thread. */
+void
+ddxInputThreadInit(void)
+{
+}
+#endif
+
void ddxUseMsg(void)
{
vncPrintBanner();

48
xserver211.patch
View File

@ -1,7 +1,8 @@
diff -u -r xserver.orig/configure.ac xserver/configure.ac Index: xserver/configure.ac
--- xserver.orig/configure.ac 2021-10-28 11:39:43.200727345 +0000 ===================================================================
+++ xserver/configure.ac 2021-10-28 11:39:57.993008591 +0000 --- xserver.orig/configure.ac
@@ -72,6 +72,7 @@ +++ xserver/configure.ac
@@ -72,6 +72,7 @@ dnl forcing an entire recompile.x
AC_CONFIG_HEADERS(include/version-config.h) AC_CONFIG_HEADERS(include/version-config.h)
AM_PROG_AS AM_PROG_AS
@ -9,7 +10,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
AC_PROG_LN_S AC_PROG_LN_S
LT_PREREQ([2.2]) LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll]) LT_INIT([disable-static win32-dll])
@@ -1713,6 +1714,10 @@ @@ -1713,6 +1714,10 @@ if test "x$XVFB" = xyes; then
AC_SUBST([XVFB_SYS_LIBS]) AC_SUBST([XVFB_SYS_LIBS])
fi fi
@ -20,7 +21,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
dnl Xnest DDX dnl Xnest DDX
@@ -1748,6 +1753,8 @@ @@ -1748,6 +1753,8 @@ if test "x$XORG" = xauto; then
fi fi
AC_MSG_RESULT([$XORG]) AC_MSG_RESULT([$XORG])
@ -29,7 +30,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
if test "x$XORG" = xyes; then if test "x$XORG" = xyes; then
PKG_CHECK_MODULES([LIBXCVT], $LIBXCVT) PKG_CHECK_MODULES([LIBXCVT], $LIBXCVT)
@@ -1956,7 +1963,6 @@ @@ -1956,7 +1963,6 @@ if test "x$XORG" = xyes; then
AC_DEFINE(XORG_SERVER, 1, [Building Xorg server]) AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
AC_DEFINE(XORGSERVER, 1, [Building Xorg server]) AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
AC_DEFINE(XFree86Server, 1, [Building XFree86 server]) AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
@ -37,7 +38,7 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs]) AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions]) AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server]) AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
@@ -2339,6 +2345,7 @@ @@ -2339,6 +2345,7 @@ hw/xfree86/utils/man/Makefile
hw/xfree86/utils/gtf/Makefile hw/xfree86/utils/gtf/Makefile
hw/vfb/Makefile hw/vfb/Makefile
hw/vfb/man/Makefile hw/vfb/man/Makefile
@ -45,10 +46,11 @@ diff -u -r xserver.orig/configure.ac xserver/configure.ac
hw/xnest/Makefile hw/xnest/Makefile
hw/xnest/man/Makefile hw/xnest/man/Makefile
hw/xwin/Makefile hw/xwin/Makefile
diff -u -r xserver.orig/hw/Makefile.am xserver/hw/Makefile.am Index: xserver/hw/Makefile.am
--- xserver.orig/hw/Makefile.am 2021-10-28 11:39:43.156726511 +0000 ===================================================================
+++ xserver/hw/Makefile.am 2021-10-28 11:41:02.890242547 +0000 --- xserver.orig/hw/Makefile.am
@@ -28,7 +28,8 @@ +++ xserver/hw/Makefile.am
@@ -28,7 +28,8 @@ SUBDIRS = \
$(XVFB_SUBDIRS) \ $(XVFB_SUBDIRS) \
$(XNEST_SUBDIRS) \ $(XNEST_SUBDIRS) \
$(KDRIVE_SUBDIRS) \ $(KDRIVE_SUBDIRS) \
@ -58,10 +60,11 @@ diff -u -r xserver.orig/hw/Makefile.am xserver/hw/Makefile.am
DIST_SUBDIRS = xfree86 vfb xnest xwin xquartz kdrive DIST_SUBDIRS = xfree86 vfb xnest xwin xquartz kdrive
diff -u -r xserver.orig/mi/miinitext.c xserver/mi/miinitext.c Index: xserver/mi/miinitext.c
--- xserver.orig/mi/miinitext.c 2021-10-28 11:39:43.232727953 +0000 ===================================================================
+++ xserver/mi/miinitext.c 2021-10-28 11:39:57.993008591 +0000 --- xserver.orig/mi/miinitext.c
@@ -106,8 +106,15 @@ +++ xserver/mi/miinitext.c
@@ -106,8 +106,15 @@ SOFTWARE.
#include "miinitext.h" #include "miinitext.h"
@ -77,10 +80,11 @@ diff -u -r xserver.orig/mi/miinitext.c xserver/mi/miinitext.c
{GEExtensionInit, "Generic Event Extension", &noGEExtension}, {GEExtensionInit, "Generic Event Extension", &noGEExtension},
{ShapeExtensionInit, "SHAPE", NULL}, {ShapeExtensionInit, "SHAPE", NULL},
#ifdef MITSHM #ifdef MITSHM
diff -u -r xserver.old/hw/vnc/xvnc.c xserver/hw/vnc/xvnc.c Index: xserver/hw/vnc/xvnc.c
--- xserver.old/hw/vnc/xvnc.c 2021-10-28 12:14:39.360628791 +0000 ===================================================================
+++ xserver/hw/vnc/xvnc.c 2021-10-28 12:30:56.599310018 +0000 --- xserver.orig/hw/vnc/xvnc.c
@@ -85,7 +85,18 @@ +++ xserver/hw/vnc/xvnc.c
@@ -69,7 +69,18 @@ extern char buildtime[];
#undef VENDOR_RELEASE #undef VENDOR_RELEASE
#undef VENDOR_STRING #undef VENDOR_STRING
#include "version-config.h" #include "version-config.h"
@ -98,5 +102,5 @@ diff -u -r xserver.old/hw/vnc/xvnc.c xserver/hw/vnc/xvnc.c
+#define DEFAULT_LOG_FILE_VERBOSITY 3 +#define DEFAULT_LOG_FILE_VERBOSITY 3
+#endif +#endif
#define XVNCVERSION "TigerVNC 1.10.0" #define XVNCVERSION "TigerVNC 1.12.0"
#define XVNCCOPYRIGHT ("Copyright (C) 1999-2019 TigerVNC Team and many others (see README.rst)\n" \ #define XVNCCOPYRIGHT ("Copyright (C) 1999-2021 TigerVNC Team and many others (see README.rst)\n" \