forked from pool/tigervnc
Stefan Dirsch
e5b1bdbcef
- Update to tigervnc 1.12.0 * The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed * Recent server history in the native viewer * The native viewer now has an option to reconnect if the connection is dropped * Translations are now enabled on Windows and macOS for the native viewer * The native viewer now respects the system security policy * Better handling of accented keys in the Java viewer * The Unix servers can now listen to both a Unix socket and a TCP port at the same time * The network code in both the servers and the native viewer has been restructured to give a more responsive experience * The vncserver service now correctly handles settings set to "0" * Fixed the clipboard Unicode handling in both the native viewer and the servers * Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games - Update to tigervnc 1.11.0 * A security issue has been fixed in how the viewers handle TLS certificate exceptions * vncserver has gotten a major redesign to be compatible with modern distributions * The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel) * Middle mouse button emulation in the native viewer, for devices with only two mouse buttons * The Java viewer now supports Java 9+, but also now requires Java 8+ * Support for alpha cursors in the Java viewer (a feature already supported in the native viewer) * The password and username can now be specified via the environment for the native viewer * Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16 * The official builds have been fixed to work on the upcoming macOS 11 * The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy - Removed patches (included in 1.12.0): * U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch * tigervnc-fix-saving-of-bad-server-certs.patch * u_xorg-server-1.20.7-ddxInputThreadInit.patch * U_0001-Properly-store-certificate-exceptions.patch * U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch * tigervnc-FIPS-use-RFC7919.patch OBS-URL: https://build.opensuse.org/request/show/955605 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=221
50 lines
2.0 KiB
Diff
50 lines
2.0 KiB
Diff
Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
===================================================================
|
|
--- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
+++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur
|
|
public static StringParameter X509CRL
|
|
= new StringParameter("X509CRL",
|
|
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
|
|
+ public static StringParameter x509autoaccept
|
|
+ = new StringParameter("x509autoaccept",
|
|
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
|
|
public static UserMsgBox msg;
|
|
|
|
private void initGlobal()
|
|
@@ -85,6 +88,7 @@ public class CSecurityTLS extends CSecur
|
|
setDefaults();
|
|
cafile = X509CA.getData();
|
|
crlfile = X509CRL.getData();
|
|
+ certautoaccept = x509autoaccept.getData();
|
|
}
|
|
|
|
public static String getDefaultCA() {
|
|
@@ -278,6 +282,7 @@ public class CSecurityTLS extends CSecur
|
|
"do you want to continue?"))
|
|
throw new AuthFailureException("server certificate has expired");
|
|
}
|
|
+ String thumbprint = getThumbprint(cert);
|
|
File vncDir = new File(FileUtils.getVncHomeDir());
|
|
if (!vncDir.exists()) {
|
|
try {
|
|
@@ -337,6 +342,9 @@ public class CSecurityTLS extends CSecur
|
|
store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
|
|
} catch (java.lang.Exception e) {
|
|
if (e.getCause() instanceof CertPathBuilderException) {
|
|
+ if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) {
|
|
+ return;
|
|
+ }
|
|
vlog.debug("Server host not previously known");
|
|
vlog.debug(info);
|
|
String text =
|
|
@@ -524,7 +532,7 @@ public class CSecurityTLS extends CSecur
|
|
private SSLEngineManager manager;
|
|
private boolean anon;
|
|
|
|
- private String cafile, crlfile;
|
|
+ private String cafile, crlfile, certautoaccept;
|
|
private FdInStream is;
|
|
private FdOutStream os;
|
|
|