From 46296022311fbf638edc901e8c63df9160b7811e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 8 Dec 2020 10:13:19 +0000 Subject: [PATCH] import tigervnc-1.11.0-5.el8 --- .gitignore | 1 + .tigervnc.metadata | 1 + SOURCES/0001-rpath-hack.patch | 28 + SOURCES/10-libvnc.conf | 19 + SOURCES/HOWTO.md | 110 ++ SOURCES/tigervnc-1.3.1-CVE-2014-8240.patch | 74 ++ ...correctly-start-vncsession-as-daemon.patch | 13 + SOURCES/tigervnc-cursor.patch | 12 + SOURCES/tigervnc-getmaster.patch | 88 ++ ...w-about-not-using-view-only-password.patch | 13 + ...rvnc-passwd-crash-with-malloc-checks.patch | 41 + SOURCES/tigervnc-systemd-service.patch | 47 + ...gervnc-tolerate-specifying-boolparam.patch | 149 +++ ...ervnc-utilize-system-crypto-policies.patch | 13 + ...tigervnc-working-tls-on-fips-systems.patch | 13 + SOURCES/tigervnc-xserver120.patch | 91 ++ SOURCES/vncserver | 890 ++++++++++++++ SOURCES/vncserver.man | 204 ++++ SOURCES/xvnc.service | 38 + SOURCES/xvnc.socket | 9 + SPECS/tigervnc.spec | 1070 +++++++++++++++++ 21 files changed, 2924 insertions(+) create mode 100644 .gitignore create mode 100644 .tigervnc.metadata create mode 100644 SOURCES/0001-rpath-hack.patch create mode 100644 SOURCES/10-libvnc.conf create mode 100644 SOURCES/HOWTO.md create mode 100644 SOURCES/tigervnc-1.3.1-CVE-2014-8240.patch create mode 100644 SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch create mode 100644 SOURCES/tigervnc-cursor.patch create mode 100644 SOURCES/tigervnc-getmaster.patch create mode 100644 SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch create mode 100644 SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch create mode 100644 SOURCES/tigervnc-systemd-service.patch create mode 100644 SOURCES/tigervnc-tolerate-specifying-boolparam.patch create mode 100644 SOURCES/tigervnc-utilize-system-crypto-policies.patch create mode 100644 SOURCES/tigervnc-working-tls-on-fips-systems.patch create mode 100644 SOURCES/tigervnc-xserver120.patch create mode 100644 SOURCES/vncserver create mode 100644 SOURCES/vncserver.man create mode 100644 SOURCES/xvnc.service create mode 100644 SOURCES/xvnc.socket create mode 100644 SPECS/tigervnc.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d48d90b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tigervnc-1.11.0.tar.gz diff --git a/.tigervnc.metadata b/.tigervnc.metadata new file mode 100644 index 0000000..c7c0b3c --- /dev/null +++ b/.tigervnc.metadata @@ -0,0 +1 @@ +6f6b621a76b734888748de10c32c2b5b59d40b19 SOURCES/tigervnc-1.11.0.tar.gz diff --git a/SOURCES/0001-rpath-hack.patch b/SOURCES/0001-rpath-hack.patch new file mode 100644 index 0000000..689de34 --- /dev/null +++ b/SOURCES/0001-rpath-hack.patch @@ -0,0 +1,28 @@ +From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001 +From: Adam Jackson +Date: Thu, 12 Nov 2015 11:10:11 -0500 +Subject: [PATCH] rpath hack + +Normally, rpath is undesirable. But for the X server we _know_ we need +Mesa's libGL, which will always be in %{_libdir}, and not any third-party +libGL that may be configured using ld.so.conf. + +--- + configure.ac | 1 + + 1 files changed, 1 insertions(+), 0 deletion(-) + +diff --git a/configure.ac b/configure.ac +index fa15a2d..a5af1e0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1357,6 +1357,7 @@ else + fi + AM_CONDITIONAL(GLX, test "x$GLX" = xyes) + ++GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)" + AC_SUBST([GLX_DEFINES]) + AC_SUBST([GLX_SYS_LIBS]) + +-- +2.5.0 + diff --git a/SOURCES/10-libvnc.conf b/SOURCES/10-libvnc.conf new file mode 100644 index 0000000..259d718 --- /dev/null +++ b/SOURCES/10-libvnc.conf @@ -0,0 +1,19 @@ +# This file contains configuration of libvnc.so module +# +# To get libvnc.so module working, do this: +# 1. run "vncpasswd" from tigervnc-server package as root user +# 2. uncomment configuration lines below +# +# Please note you can specify any option which Xvnc accepts. +# Refer to `Xvnc -help` output for detailed list of options. + +#Section "Module" +# Load "vnc" +#EndSection + +#Section "Screen" +# Identifier "Screen0" +# DefaultDepth 16 +# Option "SecurityTypes" "VncAuth" +# Option "PasswordFile" "/root/.vnc/passwd" +#EndSection diff --git a/SOURCES/HOWTO.md b/SOURCES/HOWTO.md new file mode 100644 index 0000000..28b710d --- /dev/null +++ b/SOURCES/HOWTO.md @@ -0,0 +1,110 @@ +# What has changed +The previous Tigervnc versions had a wrapper script called `vncserver` which +could be run as a user manually to start *Xvnc* process. The usage was quite +simple as you just run +``` +$ vncserver :x [vncserver options] [Xvnc options] +``` +and that was it. While this was working just fine, there were issues when users +wanted to start a Tigervnc server using *systemd*. For these reasons things were +completely changed and there is now a new way how this all is supposed to work. + + # How to start Tigervnc server +  +## Add a user mapping +With this you can map a user to a particular port. The mapping should be done in +`/etc/tigervnc/vncserver.users` configuration file. It should be pretty +straightforward once you open the file as there are some examples, but basically +the mapping is in form +``` +:x=user +``` +For example you can have +``` +:1=test +:2=vncuser +``` + +## Configure Xvnc options +To configure Xvnc parameters, you need to go to the same directory where you did +the user mapping and open `vncserver-config-defaults` configuration file. This +file is for the default Xvnc configuration and will be applied to every user +unless any of the following applies: +* The user has its own configuration in `$HOME/.vnc/config` +* The same option with different value is configured in +  `vncserver-config-mandatory` configuration file, which replaces the default +  configuration and has even a higher priority than the per-user configuration. +  This option is for system administrators when they want to force particular +  *Xvnc* options. + +Format of the configuration file is also quite simple as the configuration is +in form of +``` +option=value +option +``` +for example +``` +session=gnome +securitytypes=vncauth,tlsvnc +desktop=sandbox +geometry=2000x1200 +localhost +alwaysshared +``` +### Note: +There is one important option you need to set and that option is the session you +want to start. E.g when you want to start GNOME desktop, then you have to use +``` +session=gnome +``` +which should match the name of a session desktop file from `/usr/share/xsessions` +directory. + +## Set VNC password +You need to set a password for each user in order to be able to start the +Tigervnc server. In order to create a password, you just run +``` +$ vncpasswd +``` +as the user you will be starting the server for. +### Note: +If you were using Tigervnc before for your user and you already created a +password, then you will have to make sure the `$HOME/.vnc` folder created by +`vncpasswd` will have the correct *SELinux* context. You either can delete this +folder and recreate it again by creating the password one more time, or +alternatively you can run +``` +$ restorecon -RFv /home//.vnc +``` + +## Start the Tigervnc server +Finally you can start the server using systemd service. To do so just run +``` +$ systemctl start vncserver@:x +``` +as root or +``` +$ sudo systemctl start vncserver@:x +``` +as a regular user in case it has permissions to run `sudo`. Don't forget to +replace the `:x` by the actual number you configured in the user mapping file. +Following our example by running +``` +$ systemctl start vncserver@:1 +``` +you will start a Tigervnc server for user `test` with a GNOME session. + +### Note: +If you were previously using Tigervnc and you were used to start it using +*systemd* then you will need to remove previous *systemd* configuration files, +those you most likely copied to `/etc/systemd/system/vncserver@.service`, +otherwise this service file will be preferred over the new one installed with +latest Tigervnc. + +# Limitations +You will not be able to start a Tigervnc server for a user who is already +logged into a graphical session. Avoid running the server as the `root` user as +it's not a safe thing to do. While running the server as the `root` should work +in general, it's not recommended to do so and there might be some things which +are not working properly. diff --git a/SOURCES/tigervnc-1.3.1-CVE-2014-8240.patch b/SOURCES/tigervnc-1.3.1-CVE-2014-8240.patch new file mode 100644 index 0000000..09217f1 --- /dev/null +++ b/SOURCES/tigervnc-1.3.1-CVE-2014-8240.patch @@ -0,0 +1,74 @@ +diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx +index f998c6a..fb9dbd4 100644 +--- a/unix/x0vncserver/Image.cxx ++++ b/unix/x0vncserver/Image.cxx +@@ -80,6 +80,14 @@ void Image::Init(int width, int height) + xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)), + ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0); + ++ if (xim->bytes_per_line <= 0 || ++ xim->height <= 0 || ++ xim->height >= INT_MAX / xim->bytes_per_line) { ++ vlog.error("Invalid display size"); ++ XDestroyImage(xim); ++ exit(1); ++ } ++ + xim->data = (char *)malloc(xim->bytes_per_line * xim->height); + if (xim->data == NULL) { + vlog.error("malloc() failed"); +@@ -256,6 +264,17 @@ void ShmImage::Init(int width, int height, const XVisualInfo *vinfo) + return; + } + ++ if (xim->bytes_per_line <= 0 || ++ xim->height <= 0 || ++ xim->height >= INT_MAX / xim->bytes_per_line) { ++ vlog.error("Invalid display size"); ++ XDestroyImage(xim); ++ xim = NULL; ++ delete shminfo; ++ shminfo = NULL; ++ return; ++ } ++ + shminfo->shmid = shmget(IPC_PRIVATE, + xim->bytes_per_line * xim->height, + IPC_CREAT|0777); +diff --git a/vncviewer/PlatformPixelBuffer.cxx b/vncviewer/PlatformPixelBuffer.cxx +index a2b506d..9266d9f 100644 +--- a/vncviewer/PlatformPixelBuffer.cxx ++++ b/vncviewer/PlatformPixelBuffer.cxx +@@ -49,6 +49,15 @@ PlatformPixelBuffer::PlatformPixelBuffer(int width, int height) : + if (!xim) + throw rdr::Exception("XCreateImage"); + ++ if (xim->bytes_per_line <= 0 || ++ xim->height <= 0 || ++ xim->height >= INT_MAX / xim->bytes_per_line) { ++ if (xim) ++ XDestroyImage(xim); ++ xim = NULL; ++ throw rdr::Exception("Invalid display size"); ++ } ++ + xim->data = (char*)malloc(xim->bytes_per_line * xim->height); + if (!xim->data) + throw rdr::Exception("malloc"); +@@ -152,6 +161,16 @@ bool PlatformPixelBuffer::setupShm() + if (!xim) + goto free_shminfo; + ++ if (xim->bytes_per_line <= 0 || ++ xim->height <= 0 || ++ xim->height >= INT_MAX / xim->bytes_per_line) { ++ XDestroyImage(xim); ++ xim = NULL; ++ delete shminfo; ++ shminfo = NULL; ++ throw rdr::Exception("Invalid display size"); ++ } ++ + shminfo->shmid = shmget(IPC_PRIVATE, + xim->bytes_per_line * xim->height, + IPC_CREAT|0600); diff --git a/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch b/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch new file mode 100644 index 0000000..af5e7f2 --- /dev/null +++ b/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch @@ -0,0 +1,13 @@ +diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c +index 2b47f5f5..f78c096f 100644 +--- a/unix/vncserver/vncsession.c ++++ b/unix/vncserver/vncsession.c +@@ -99,7 +99,7 @@ begin_daemon(void) + return -1; + } + +- if (pid == 0) ++ if (pid != 0) + _exit(0); + + /* Send all stdio to /dev/null */ diff --git a/SOURCES/tigervnc-cursor.patch b/SOURCES/tigervnc-cursor.patch new file mode 100644 index 0000000..1f95df8 --- /dev/null +++ b/SOURCES/tigervnc-cursor.patch @@ -0,0 +1,12 @@ +diff -up tigervnc-1.3.0/vncviewer/Viewport.cxx.cursor tigervnc-1.3.0/vncviewer/Viewport.cxx +--- tigervnc-1.3.0/vncviewer/Viewport.cxx.cursor 2013-12-17 13:28:23.170400013 +0000 ++++ tigervnc-1.3.0/vncviewer/Viewport.cxx 2013-12-17 13:29:46.095784064 +0000 +@@ -248,7 +248,7 @@ void Viewport::setCursor(int width, int height, const Point& hotspot, + } + } + +- if (Fl::belowmouse() == this) ++ if (Fl::belowmouse() == this && cursor) + window()->cursor(cursor, cursorHotspot.x, cursorHotspot.y); + } + diff --git a/SOURCES/tigervnc-getmaster.patch b/SOURCES/tigervnc-getmaster.patch new file mode 100644 index 0000000..6ef99b4 --- /dev/null +++ b/SOURCES/tigervnc-getmaster.patch @@ -0,0 +1,88 @@ +diff --git a/unix/xserver/hw/vnc/InputXKB.c b/unix/xserver/hw/vnc/InputXKB.c +index f84a6e4..4eac939 100644 +--- a/unix/xserver/hw/vnc/InputXKB.c ++++ b/unix/xserver/hw/vnc/InputXKB.c +@@ -226,10 +226,7 @@ void vncPrepareInputDevices(void) + + unsigned vncGetKeyboardState(void) + { +- DeviceIntPtr master; +- +- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT); +- return XkbStateFieldFromRec(&master->key->xkbInfo->state); ++ return XkbStateFieldFromRec(&vncKeyboardDev->master->key->xkbInfo->state); + } + + unsigned vncGetLevelThreeMask(void) +@@ -250,7 +247,7 @@ unsigned vncGetLevelThreeMask(void) + return 0; + } + +- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc; ++ xkb = vncKeyboardDev->master->key->xkbInfo->desc; + + act = XkbKeyActionPtr(xkb, keycode, state); + if (act == NULL) +@@ -275,7 +272,7 @@ KeyCode vncPressShift(void) + if (state & ShiftMask) + return 0; + +- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc; ++ xkb = vncKeyboardDev->master->key->xkbInfo->desc; + for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) { + XkbAction *act; + unsigned char mask; +@@ -315,7 +312,7 @@ size_t vncReleaseShift(KeyCode *keys, size_t maxKeys) + + count = 0; + +- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT); ++ master = vncKeyboardDev->master; + xkb = master->key->xkbInfo->desc; + for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) { + XkbAction *act; +@@ -371,7 +368,7 @@ KeyCode vncPressLevelThree(void) + return 0; + } + +- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc; ++ xkb = vncKeyboardDev->master->key->xkbInfo->desc; + + act = XkbKeyActionPtr(xkb, keycode, state); + if (act == NULL) +@@ -402,7 +399,7 @@ size_t vncReleaseLevelThree(KeyCode *keys, size_t maxKeys) + + count = 0; + +- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT); ++ master = vncKeyboardDev->master; + xkb = master->key->xkbInfo->desc; + for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) { + XkbAction *act; +@@ -447,7 +444,7 @@ KeyCode vncKeysymToKeycode(KeySym keysym, unsigned state, unsigned *new_state) + *new_state = state; + + fallback = 0; +- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc; ++ xkb = vncKeyboardDev->master->key->xkbInfo->desc; + for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) { + unsigned int state_out; + KeySym dummy; +@@ -551,7 +548,7 @@ int vncIsAffectedByNumLock(KeyCode keycode) + if (numlock_keycode == 0) + return 0; + +- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc; ++ xkb = vncKeyboardDev->master->key->xkbInfo->desc; + + act = XkbKeyActionPtr(xkb, numlock_keycode, state); + if (act == NULL) +@@ -585,7 +582,7 @@ KeyCode vncAddKeysym(KeySym keysym, unsigned state) + KeySym *syms; + KeySym upper, lower; + +- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT); ++ master = vncKeyboardDev->master; + xkb = master->key->xkbInfo->desc; + for (key = xkb->max_key_code; key >= xkb->min_key_code; key--) { + if (XkbKeyNumGroups(xkb, key) == 0) diff --git a/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch b/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch new file mode 100644 index 0000000..e28ffa9 --- /dev/null +++ b/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch @@ -0,0 +1,13 @@ +diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx +index 16c925ee..6398121e 100644 +--- a/unix/vncpasswd/vncpasswd.cxx ++++ b/unix/vncpasswd/vncpasswd.cxx +@@ -150,6 +150,8 @@ int main(int argc, char** argv) + char yesno[3]; + if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) { + obfuscatedReadOnly = readpassword(); ++ } else { ++ fprintf(stderr, "A view-only password is not used\n"); + } + + FILE* fp = fopen(fname,"w"); diff --git a/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch b/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch new file mode 100644 index 0000000..7377822 --- /dev/null +++ b/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch @@ -0,0 +1,41 @@ +diff --git a/common/rfb/Password.cxx b/common/rfb/Password.cxx +index e4a508c..f555c57 100644 +--- a/common/rfb/Password.cxx ++++ b/common/rfb/Password.cxx +@@ -55,7 +55,7 @@ PlainPasswd::~PlainPasswd() { + + void PlainPasswd::replaceBuf(char* b) { + if (buf) +- memset(buf, 0, strlen(buf)); ++ memset(buf, 0, length ? length : strlen(buf)); + CharArray::replaceBuf(b); + } + +diff --git a/common/rfb/util.h b/common/rfb/util.h +index 3100f90..764692a 100644 +--- a/common/rfb/util.h ++++ b/common/rfb/util.h +@@ -51,16 +51,21 @@ namespace rfb { + CharArray() : buf(0) {} + CharArray(char* str) : buf(str) {} // note: assumes ownership + CharArray(size_t len) { ++ length = len; + buf = new char[len](); + } + ~CharArray() { +- delete [] buf; ++ if (buf) { ++ delete [] buf; ++ buf = nullptr; ++ } + } + void format(const char *fmt, ...) __printf_attr(2, 3); + // Get the buffer pointer & clear it (i.e. caller takes ownership) + char* takeBuf() {char* tmp = buf; buf = 0; return tmp;} +- void replaceBuf(char* b) {delete [] buf; buf = b;} ++ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;} + char* buf; ++ size_t length = 0; + private: + CharArray(const CharArray&); + CharArray& operator=(const CharArray&); diff --git a/SOURCES/tigervnc-systemd-service.patch b/SOURCES/tigervnc-systemd-service.patch new file mode 100644 index 0000000..846a34b --- /dev/null +++ b/SOURCES/tigervnc-systemd-service.patch @@ -0,0 +1,47 @@ +From 40f104ffe1e36df9613f8d316f616fb2b089cc86 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Tue, 29 Sep 2020 13:37:16 +0200 +Subject: [PATCH] Use /run instead of /var/run which is just a symlink + +--- + unix/vncserver/selinux/vncsession.fc | 2 +- + unix/vncserver/vncserver@.service.in | 2 +- + unix/vncserver/vncsession.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc +index 121cdd237..ae768baa4 100644 +--- a/unix/vncserver/selinux/vncsession.fc ++++ b/unix/vncserver/selinux/vncsession.fc +@@ -23,4 +23,4 @@ HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0) + /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0) + /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0) + +-/var/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0) ++/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0) +diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in +index 584ecf4b1..5624dff76 100644 +--- a/unix/vncserver/vncserver@.service.in ++++ b/unix/vncserver/vncserver@.service.in +@@ -36,7 +36,7 @@ After=syslog.target network.target + [Service] + Type=forking + ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i +-PIDFile=/var/run/vncsession-%i.pid ++PIDFile=/run/vncsession-%i.pid + SELinuxContext=system_u:system_r:vnc_session_t:s0 + + [Install] +diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c +index 3e0c98f0f..2b47f5f55 100644 +--- a/unix/vncserver/vncsession.c ++++ b/unix/vncserver/vncsession.c +@@ -543,7 +543,7 @@ main(int argc, char **argv) + } + + snprintf(pid_file, sizeof(pid_file), +- "/var/run/vncsession-%s.pid", display); ++ "/run/vncsession-%s.pid", display); + f = fopen(pid_file, "w"); + if (f == NULL) { + syslog(LOG_ERR, "Failure creating pid file \"%s\": %s", diff --git a/SOURCES/tigervnc-tolerate-specifying-boolparam.patch b/SOURCES/tigervnc-tolerate-specifying-boolparam.patch new file mode 100644 index 0000000..70ddef3 --- /dev/null +++ b/SOURCES/tigervnc-tolerate-specifying-boolparam.patch @@ -0,0 +1,149 @@ +From 38c6848b30cb1908171f2b4628e345fbf6727b39 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Fri, 18 Sep 2020 10:44:32 +0200 +Subject: [PATCH] Tolerate specifying -BoolParam 0 and similar + +This is needed by vncserver which doesn't know which parameters are +boolean, and it cannot use the -Param=Value form as that isn't tolerated +by the Xorg code. +--- + unix/vncserver/vncserver.in | 8 ++++---- + unix/xserver/hw/vnc/RFBGlue.cc | 16 ++++++++++++++++ + unix/xserver/hw/vnc/RFBGlue.h | 1 + + unix/xserver/hw/vnc/xvnc.c | 14 ++++++++++++++ + vncviewer/vncviewer.cxx | 20 ++++++++++++++++++++ + 5 files changed, 55 insertions(+), 4 deletions(-) + +diff --git a/unix/vncserver/vncserver.in b/unix/vncserver/vncserver.in +index 25fbbd315..261b258f1 100755 +--- a/unix/vncserver/vncserver.in ++++ b/unix/vncserver/vncserver.in +@@ -107,7 +107,7 @@ $default_opts{rfbwait} = 30000; + $default_opts{rfbauth} = "$vncUserDir/passwd"; + $default_opts{rfbport} = $vncPort; + $default_opts{fp} = $fontPath if ($fontPath); +-$default_opts{pn} = ""; ++$default_opts{pn} = undef; + + # Load user-overrideable system defaults + LoadConfig($vncSystemConfigDefaultsFile); +@@ -242,13 +242,13 @@ push(@cmd, "@CMAKE_INSTALL_FULL_BINDIR@/Xvnc", ":$displayNumber"); + + foreach my $k (sort keys %config) { + push(@cmd, "-$k"); +- push(@cmd, $config{$k}) if $config{$k}; ++ push(@cmd, $config{$k}) if defined($config{$k}); + delete $default_opts{$k}; # file options take precedence + } + + foreach my $k (sort keys %default_opts) { + push(@cmd, "-$k"); +- push(@cmd, $default_opts{$k}) if $default_opts{$k}; ++ push(@cmd, $default_opts{$k}) if defined($default_opts{$k}); + } + + warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n"; +@@ -291,7 +291,7 @@ sub LoadConfig { + # current config file being loaded defined the logical opposite setting + # (NeverShared vs. AlwaysShared, etc etc). + $toggle = lc($1); # must normalize key case +- $config{$toggle} = $k; ++ $config{$toggle} = undef; + } + } + close(IN); +diff --git a/unix/xserver/hw/vnc/RFBGlue.cc b/unix/xserver/hw/vnc/RFBGlue.cc +index f108fae43..7c32bea8f 100644 +--- a/unix/xserver/hw/vnc/RFBGlue.cc ++++ b/unix/xserver/hw/vnc/RFBGlue.cc +@@ -143,6 +143,22 @@ const char* vncGetParamDesc(const char *name) + return param->getDescription(); + } + ++int vncIsParamBool(const char *name) ++{ ++ VoidParameter *param; ++ BoolParameter *bparam; ++ ++ param = rfb::Configuration::getParam(name); ++ if (param == NULL) ++ return false; ++ ++ bparam = dynamic_cast(param); ++ if (bparam == NULL) ++ return false; ++ ++ return true; ++} ++ + int vncGetParamCount(void) + { + int count; +diff --git a/unix/xserver/hw/vnc/RFBGlue.h b/unix/xserver/hw/vnc/RFBGlue.h +index 112405b84..695cea105 100644 +--- a/unix/xserver/hw/vnc/RFBGlue.h ++++ b/unix/xserver/hw/vnc/RFBGlue.h +@@ -41,6 +41,7 @@ int vncSetParam(const char *name, const char *value); + int vncSetParamSimple(const char *nameAndValue); + char* vncGetParam(const char *name); + const char* vncGetParamDesc(const char *name); ++int vncIsParamBool(const char *name); + + int vncGetParamCount(void); + char *vncGetParamList(void); +diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c +index 4eb0b0b13..5744acac8 100644 +--- a/unix/xserver/hw/vnc/xvnc.c ++++ b/unix/xserver/hw/vnc/xvnc.c +@@ -618,6 +618,20 @@ ddxProcessArgument(int argc, char *argv[], int i) + exit(0); + } + ++ /* We need to resolve an ambiguity for booleans */ ++ if (argv[i][0] == '-' && i+1 < argc && ++ vncIsParamBool(&argv[i][1])) { ++ if ((strcasecmp(argv[i+1], "0") == 0) || ++ (strcasecmp(argv[i+1], "1") == 0) || ++ (strcasecmp(argv[i+1], "true") == 0) || ++ (strcasecmp(argv[i+1], "false") == 0) || ++ (strcasecmp(argv[i+1], "yes") == 0) || ++ (strcasecmp(argv[i+1], "no") == 0)) { ++ vncSetParam(&argv[i][1], argv[i+1]); ++ return 2; ++ } ++ } ++ + if (vncSetParamSimple(argv[i])) + return 1; + +diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx +index d4dd3063c..77ba3d3f4 100644 +--- a/vncviewer/vncviewer.cxx ++++ b/vncviewer/vncviewer.cxx +@@ -556,6 +556,26 @@ int main(int argc, char** argv) + } + + for (int i = 1; i < argc;) { ++ /* We need to resolve an ambiguity for booleans */ ++ if (argv[i][0] == '-' && i+1 < argc) { ++ VoidParameter *param; ++ ++ param = Configuration::getParam(&argv[i][1]); ++ if ((param != NULL) && ++ (dynamic_cast(param) != NULL)) { ++ if ((strcasecmp(argv[i+1], "0") == 0) || ++ (strcasecmp(argv[i+1], "1") == 0) || ++ (strcasecmp(argv[i+1], "true") == 0) || ++ (strcasecmp(argv[i+1], "false") == 0) || ++ (strcasecmp(argv[i+1], "yes") == 0) || ++ (strcasecmp(argv[i+1], "no") == 0)) { ++ param->setParam(argv[i+1]); ++ i += 2; ++ continue; ++ } ++ } ++ } ++ + if (Configuration::setParam(argv[i])) { + i++; + continue; diff --git a/SOURCES/tigervnc-utilize-system-crypto-policies.patch b/SOURCES/tigervnc-utilize-system-crypto-policies.patch new file mode 100644 index 0000000..dbf0dab --- /dev/null +++ b/SOURCES/tigervnc-utilize-system-crypto-policies.patch @@ -0,0 +1,13 @@ +diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx +index e623ab5..4987b29 100644 +--- a/common/rfb/Security.cxx ++++ b/common/rfb/Security.cxx +@@ -52,7 +52,7 @@ static LogWriter vlog("Security"); + #ifdef HAVE_GNUTLS + StringParameter Security::GnuTLSPriority("GnuTLSPriority", + "GnuTLS priority string that controls the TLS session’s handshake algorithms", +- "NORMAL"); ++ "@SYSTEM"); + #endif + + Security::Security() diff --git a/SOURCES/tigervnc-working-tls-on-fips-systems.patch b/SOURCES/tigervnc-working-tls-on-fips-systems.patch new file mode 100644 index 0000000..841ac2f --- /dev/null +++ b/SOURCES/tigervnc-working-tls-on-fips-systems.patch @@ -0,0 +1,13 @@ +diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx +index b946022..2daefa2 100644 +--- a/common/rfb/SSecurityTLS.cxx ++++ b/common/rfb/SSecurityTLS.cxx +@@ -186,7 +186,7 @@ void SSecurityTLS::setParams(gnutls_session_t session) + if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_dh_params_init failed"); + +- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS) ++ if (gnutls_dh_params_generate2(dh_params, gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM)) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_dh_params_generate2 failed"); + + if (anon) { diff --git a/SOURCES/tigervnc-xserver120.patch b/SOURCES/tigervnc-xserver120.patch new file mode 100644 index 0000000..e7eae3c --- /dev/null +++ b/SOURCES/tigervnc-xserver120.patch @@ -0,0 +1,91 @@ +diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac +--- xserver/configure.ac.xserver116-rebased 2016-09-29 13:14:45.595441590 +0200 ++++ xserver/configure.ac 2016-09-29 13:14:45.631442006 +0200 +@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x + AC_CONFIG_HEADERS(include/version-config.h) + + AM_PROG_AS ++AC_PROG_CXX + AC_PROG_LN_S + LT_PREREQ([2.2]) + LT_INIT([disable-static win32-dll]) +@@ -1863,6 +1864,10 @@ if test "x$XVFB" = xyes; then + AC_SUBST([XVFB_SYS_LIBS]) + fi + ++dnl Xvnc DDX ++AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"]) ++AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"]) ++AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"]) + + dnl Xnest DDX + +@@ -1898,6 +1903,8 @@ if test "x$XORG" = xauto; then + fi + AC_MSG_RESULT([$XORG]) + ++AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version]) ++ + if test "x$XORG" = xyes; then + XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common' + XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os' +@@ -2116,7 +2123,6 @@ if test "x$XORG" = xyes; then + AC_DEFINE(XORG_SERVER, 1, [Building Xorg server]) + AC_DEFINE(XORGSERVER, 1, [Building Xorg server]) + AC_DEFINE(XFree86Server, 1, [Building XFree86 server]) +- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version]) + AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs]) + AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions]) + AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server]) +@@ -2691,6 +2697,7 @@ hw/dmx/Makefile + hw/dmx/man/Makefile + hw/vfb/Makefile + hw/vfb/man/Makefile ++hw/vnc/Makefile + hw/xnest/Makefile + hw/xnest/man/Makefile + hw/xwin/Makefile +diff -up xserver/hw/Makefile.am.xserver116-rebased xserver/hw/Makefile.am +--- xserver/hw/Makefile.am.xserver116-rebased 2016-09-29 13:14:45.601441659 +0200 ++++ xserver/hw/Makefile.am 2016-09-29 13:14:45.631442006 +0200 +@@ -38,7 +38,8 @@ SUBDIRS = \ + $(DMX_SUBDIRS) \ + $(KDRIVE_SUBDIRS) \ + $(XQUARTZ_SUBDIRS) \ +- $(XWAYLAND_SUBDIRS) ++ $(XWAYLAND_SUBDIRS) \ ++ vnc + + DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland + +diff --git xserver/mi/miinitext.c xserver/mi/miinitext.c +index 5596e21..003fc3c 100644 +--- xserver/mi/miinitext.c ++++ xserver/mi/miinitext.c +@@ -107,8 +107,15 @@ SOFTWARE. + #include "os.h" + #include "globals.h" + ++#ifdef TIGERVNC ++extern void vncExtensionInit(INITARGS); ++#endif ++ + /* List of built-in (statically linked) extensions */ + static const ExtensionModule staticExtensions[] = { ++#ifdef TIGERVNC ++ {vncExtensionInit, "VNC-EXTENSION", NULL}, ++#endif + {GEExtensionInit, "Generic Event Extension", &noGEExtension}, + {ShapeExtensionInit, "SHAPE", NULL}, + #ifdef MITSHM +--- xserver/include/os.h~ 2016-10-03 09:07:29.000000000 +0200 ++++ xserver/include/os.h 2016-10-03 14:13:00.013654506 +0200 +@@ -621,7 +621,7 @@ + extern _X_EXPORT void + LogClose(enum ExitCode error); + extern _X_EXPORT Bool +-LogSetParameter(LogParameter param, int value); ++LogSetParameter(enum _LogParameter param, int value); + extern _X_EXPORT void + LogVWrite(int verb, const char *f, va_list args) + _X_ATTRIBUTE_PRINTF(2, 0); diff --git a/SOURCES/vncserver b/SOURCES/vncserver new file mode 100644 index 0000000..bd2f422 --- /dev/null +++ b/SOURCES/vncserver @@ -0,0 +1,890 @@ +#!/usr/bin/perl +# +# Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved. +# Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved. +# Copyright (C) 2002-2003 Constantin Kaplinsky. All Rights Reserved. +# Copyright (C) 2002-2005 RealVNC Ltd. +# Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. +# +# This is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. +# + +# +# vncserver - wrapper script to start an X VNC server. +# + +# First make sure we're operating in a sane environment. +$exedir = ""; +$slashndx = rindex($0, "/"); +if($slashndx>=0) { + $exedir = substr($0, 0, $slashndx+1); +} + +&SanityCheck(); + +&NotifyAboutDeprecation(); + +# +# Global variables. You may want to configure some of these for +# your site +# + +$geometry = "1024x768"; +#$depth = 16; + +$vncUserDir = "$ENV{HOME}/.vnc"; +$vncUserConfig = "$vncUserDir/config"; + +$vncSystemConfigDir = "/etc/tigervnc"; +$vncSystemConfigDefaultsFile = "$vncSystemConfigDir/vncserver-config-defaults"; +$vncSystemConfigMandatoryFile = "$vncSystemConfigDir/vncserver-config-mandatory"; + +$skipxstartup = 0; +$xauthorityFile = "$ENV{XAUTHORITY}" || "$ENV{HOME}/.Xauthority"; + +$xstartupFile = $vncUserDir . "/xstartup"; +$defaultXStartup + = ("#!/bin/sh\n\n". + "unset SESSION_MANAGER\n". + "unset DBUS_SESSION_BUS_ADDRESS\n". + "exec /etc/X11/xinit/xinitrc\n"); + +$defaultConfig + = ("## Supported server options to pass to vncserver upon invocation can be listed\n". + "## in this file. See the following manpages for more: vncserver(1) Xvnc(1).\n". + "## Several common ones are shown below. Uncomment and modify to your liking.\n". + "##\n". + "# securitytypes=vncauth,tlsvnc\n". + "# desktop=sandbox\n". + "# geometry=2000x1200\n". + "# localhost\n". + "# alwaysshared\n"); + +chop($host = `uname -n`); + +if (-d "/etc/X11/fontpath.d") { + $fontPath = "catalogue:/etc/X11/fontpath.d"; +} + +@fontpaths = ('/usr/share/X11/fonts', '/usr/share/fonts', '/usr/share/fonts/X11/'); +if (! -l "/usr/lib/X11") {push(@fontpaths, '/usr/lib/X11/fonts');} +if (! -l "/usr/X11") {push(@fontpaths, '/usr/X11/lib/X11/fonts');} +if (! -l "/usr/X11R6") {push(@fontpaths, '/usr/X11R6/lib/X11/fonts');} +push(@fontpaths, '/usr/share/fonts/default'); + +@fonttypes = ('misc', + '75dpi', + '100dpi', + 'Speedo', + 'Type1'); + +foreach $_fpath (@fontpaths) { + foreach $_ftype (@fonttypes) { + if (-f "$_fpath/$_ftype/fonts.dir") { + if (! -l "$_fpath/$_ftype") { + $defFontPath .= "$_fpath/$_ftype,"; + } + } + } +} + +if ($defFontPath) { + if (substr($defFontPath, -1, 1) == ',') { + chop $defFontPath; + } +} + +if ($fontPath eq "") { + $fontPath = $defFontPath; +} + +# Check command line options + +&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1, + "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1); + +&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'}); + +&Kill() if ($opt{'-kill'}); + +&List() if ($opt{'-list'}); + +# Uncomment this line if you want default geometry, depth and pixelformat +# to match the current X display: +# &GetXDisplayDefaults(); + +if ($opt{'-geometry'}) { + $geometry = $opt{'-geometry'}; +} +if ($opt{'-depth'}) { + $depth = $opt{'-depth'}; + $pixelformat = ""; +} +if ($opt{'-pixelformat'}) { + $pixelformat = $opt{'-pixelformat'}; +} +if ($opt{'-noxstartup'}) { + $skipxstartup = 1; +} +if ($opt{'-xstartup'}) { + $xstartupFile = $opt{'-xstartup'}; +} +if ($opt{'-fp'}) { + $fontPath = $opt{'-fp'}; + $fpArgSpecified = 1; +} + +&CheckGeometryAndDepth(); + +# Create the user's vnc directory if necessary. +if (!(-e $vncUserDir)) { + if (!mkdir($vncUserDir,0755)) { + die "$prog: Could not create $vncUserDir.\n"; + } +} + +# Find display number. +if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { + $displayNumber = $1; + shift(@ARGV); + if (!&CheckDisplayNumber($displayNumber)) { + die "A VNC server is already running as :$displayNumber\n"; + } +} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) { + &Usage(); +} else { + $displayNumber = &GetDisplayNumber(); +} + +$vncPort = 5900 + $displayNumber; + +if ($opt{'-name'}) { + $desktopName = $opt{'-name'}; +} else { + $desktopName = "$host:$displayNumber ($ENV{USER})"; +} + +my %default_opts; +my %config; + +# We set some reasonable defaults. Config file settings +# override these where present. +$default_opts{desktop} = "edString($desktopName); +$default_opts{auth} = "edString($xauthorityFile); +$default_opts{geometry} = $geometry if ($geometry); +$default_opts{depth} = $depth if ($depth); +$default_opts{pixelformat} = $pixelformat if ($pixelformat); +$default_opts{rfbwait} = 30000; +$default_opts{rfbauth} = "$vncUserDir/passwd"; +$default_opts{rfbport} = $vncPort; +$default_opts{fp} = $fontPath if ($fontPath); +$default_opts{pn} = ""; + +# Load user-overrideable system defaults +LoadConfig($vncSystemConfigDefaultsFile); + +# Then the user's settings +LoadConfig($vncUserConfig); + +# And then override anything set above if mandatory settings exist. +# WARNING: "Mandatory" is used loosely here! As the man page says, +# there is nothing stopping someone from EASILY subverting the +# settings in $vncSystemConfigMandatoryFile by simply passing +# CLI args to vncserver, which trump config files! To properly +# hard force policy in a non-subvertible way would require major +# development work that touches Xvnc itself. +LoadConfig($vncSystemConfigMandatoryFile, 1); + +# +# Check whether VNC authentication is enabled, and if so, prompt the user to +# create a VNC password if they don't already have one. +# + +$securityTypeArgSpecified = 0; +$vncAuthEnabled = 0; +$passwordArgSpecified = 0; +@vncAuthStrings = ("vncauth", "tlsvnc", "x509vnc"); + +# ...first we check our configuration files' settings +if ($config{'securitytypes'}) { + $securityTypeArgSpecified = 1; + foreach $arg2 (split(',', $config{'securitytypes'})) { + if (grep {$_ eq lc($arg2)} @vncAuthStrings) { + $vncAuthEnabled = 1; + } + } +} + +# ...and finally we check CLI args, which in the case of the topic at +# hand (VNC auth or not), override anything found in configuration files +# (even so-called "mandatory" settings). +for ($i = 0; $i < @ARGV; ++$i) { + # -SecurityTypes can be followed by a space or "=" + my @splitargs = split('=', $ARGV[$i]); + if (@splitargs <= 1 && $i < @ARGV - 1) { + push(@splitargs, $ARGV[$i + 1]); + } + if (lc(@splitargs[0]) eq "-securitytypes") { + if (@splitargs > 1) { + $securityTypeArgSpecified = 1; + } + foreach $arg2 (split(',', @splitargs[1])) { + if (grep {$_ eq lc($arg2)} @vncAuthStrings) { + $vncAuthEnabled = 1; + } + } + } + if ((lc(@splitargs[0]) eq "-password") + || (lc(@splitargs[0]) eq "-passwordfile" + || (lc(@splitargs[0]) eq "-rfbauth"))) { + $passwordArgSpecified = 1; + } +} + +if ((!$securityTypeArgSpecified || $vncAuthEnabled) && !$passwordArgSpecified) { + ($z,$z,$mode) = stat("$vncUserDir/passwd"); + if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { + warn "\nYou will require a password to access your desktops.\n\n"; + system($exedir."vncpasswd -q $vncUserDir/passwd"); + if (($? >> 8) != 0) { + exit 1; + } + } +} + +$desktopLog = "$vncUserDir/$host:$displayNumber.log"; +unlink($desktopLog); + +# Make an X server cookie and set up the Xauthority file +# mcookie is a part of util-linux, usually only GNU/Linux systems have it. +$cookie = `mcookie`; +# Fallback for non GNU/Linux OS - use /dev/urandom on systems that have it, +# otherwise use perl's random number generator, seeded with the sum +# of the current time, our PID and part of the encrypted form of the password. +if ($cookie eq "" && open(URANDOM, '<', '/dev/urandom')) { + my $randata; + if (sysread(URANDOM, $randata, 16) == 16) { + $cookie = unpack 'h*', $randata; + } + close(URANDOM); +} +if ($cookie eq "") { + srand(time+$$+unpack("L",`cat $vncUserDir/passwd`)); + for (1..16) { + $cookie .= sprintf("%02x", int(rand(256)) % 256); + } +} + +open(XAUTH, "|xauth -f $xauthorityFile source -"); +print XAUTH "add $host:$displayNumber . $cookie\n"; +print XAUTH "add $host/unix:$displayNumber . $cookie\n"; +close(XAUTH); + +# Now start the X VNC Server + +# We build up our Xvnc command with options +$cmd = $exedir."Xvnc :$displayNumber"; + +foreach my $k (sort keys %config) { + $cmd .= " -$k $config{$k}"; + delete $default_opts{$k}; # file options take precedence +} + +foreach my $k (sort keys %default_opts) { + $cmd .= " -$k $default_opts{$k}"; +} + +# Add color database stuff here, e.g.: +# $cmd .= " -co /usr/lib/X11/rgb"; + +foreach $arg (@ARGV) { + $cmd .= " " . "edString($arg); +} +$cmd .= " >> " . "edString($desktopLog) . " 2>&1"; + +# Run $cmd and record the process ID. +$pidFile = "$vncUserDir/$host:$displayNumber.pid"; +system("$cmd & echo \$! >$pidFile"); + +# Give Xvnc a chance to start up + +sleep(3); +if ($fontPath ne $defFontPath) { + unless (kill 0, `cat $pidFile`) { + if ($fpArgSpecified) { + warn "\nWARNING: The first attempt to start Xvnc failed, probably because the font\n"; + warn "path you specified using the -fp argument is incorrect. Attempting to\n"; + warn "determine an appropriate font path for this system and restart Xvnc using\n"; + warn "that font path ...\n"; + } else { + warn "\nWARNING: The first attempt to start Xvnc failed, possibly because the font\n"; + warn "catalog is not properly configured. Attempting to determine an appropriate\n"; + warn "font path for this system and restart Xvnc using that font path ...\n"; + } + $cmd =~ s@-fp [^ ]+@@; + $cmd .= " -fp $defFontPath" if ($defFontPath); + system("$cmd & echo \$! >$pidFile"); + sleep(3); + } +} +unless (kill 0, `cat $pidFile`) { + warn "Could not start Xvnc.\n\n"; + unlink $pidFile; + open(LOG, "<$desktopLog"); + while () { print; } + close(LOG); + die "\n"; +} + +warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n"; + +# Create the user's xstartup script if necessary. +if (! $skipxstartup) { + if (!(-e "$xstartupFile")) { + warn "Creating default startup script $xstartupFile\n"; + open(XSTARTUP, ">$xstartupFile"); + print XSTARTUP $defaultXStartup; + close(XSTARTUP); + chmod 0755, "$xstartupFile"; + } +} + +# Create the user's config file if necessary. +if (!(-e "$vncUserDir/config")) { + warn "Creating default config $vncUserDir/config\n"; + open(VNCUSERCONFIG, ">$vncUserDir/config"); + print VNCUSERCONFIG $defaultConfig; + close(VNCUSERCONFIG); + chmod 0644, "$vncUserDir/config"; +} + +# Run the X startup script. +if (! $skipxstartup) { + warn "Starting applications specified in $xstartupFile\n"; +} +warn "Log file is $desktopLog\n\n"; + +# If the unix domain socket exists then use that (DISPLAY=:n) otherwise use +# TCP (DISPLAY=host:n) + +if (-e "/tmp/.X11-unix/X$displayNumber" || + -e "/usr/spool/sockets/X11/$displayNumber") +{ + $ENV{DISPLAY}= ":$displayNumber"; +} else { + $ENV{DISPLAY}= "$host:$displayNumber"; +} +$ENV{VNCDESKTOP}= $desktopName; + +if ($opt{'-fg'}) { + if (! $skipxstartup) { + system("$xstartupFile >> " . "edString($desktopLog) . " 2>&1"); + } + if (kill 0, `cat $pidFile`) { + $opt{'-kill'} = ':'.$displayNumber; + &Kill(); + } +} else { + if ($opt{'-autokill'}) { + if (! $skipxstartup) { + system("($xstartupFile; $0 -kill :$displayNumber) >> " + . "edString($desktopLog) . " 2>&1 &"); + } + } else { + if (! $skipxstartup) { + system("$xstartupFile >> " . "edString($desktopLog) + . " 2>&1 &"); + } + } +} + +exit; + +############################################################################### +# Functions +############################################################################### + +# +# Populate the global %config hash with settings from a specified +# vncserver configuration file if it exists +# +# Args: 1. file path +# 2. optional boolean flag to enable warning when a previously +# set configuration setting is being overridden +# +sub LoadConfig { + local ($configFile, $warnoverride) = @_; + local ($toggle) = undef; + + if (stat($configFile)) { + if (open(IN, $configFile)) { + while () { + next if /^#/; + if (my ($k, $v) = /^\s*(\w+)\s*=\s*(.+)$/) { + $k = lc($k); # must normalize key case + if ($k eq "session") { + next; + } + if ($warnoverride && $config{$k}) { + print("Warning: $configFile is overriding previously defined '$k' to be '$v'\n"); + } + $config{$k} = $v; + } elsif ($_ =~ m/^\s*(\S+)/) { + # We can't reasonably warn on override of toggles (e.g. AlwaysShared) + # because it would get crazy to do so. We'd have to check if the + # current config file being loaded defined the logical opposite setting + # (NeverShared vs. AlwaysShared, etc etc). + $toggle = lc($1); # must normalize key case + $config{$toggle} = $k; + } + } + close(IN); + } + } +} + +# +# CheckGeometryAndDepth simply makes sure that the geometry and depth values +# are sensible. +# + +sub CheckGeometryAndDepth +{ + if ($geometry =~ /^(\d+)x(\d+)$/) { + $width = $1; $height = $2; + + if (($width<1) || ($height<1)) { + die "$prog: geometry $geometry is invalid\n"; + } + + $geometry = "${width}x$height"; + } else { + die "$prog: geometry $geometry is invalid\n"; + } + + if ($depth && (($depth < 8) || ($depth > 32))) { + die "Depth must be between 8 and 32\n"; + } +} + + +# +# GetDisplayNumber gets the lowest available display number. A display number +# n is taken if something is listening on the VNC server port (5900+n) or the +# X server port (6000+n). +# + +sub GetDisplayNumber +{ + foreach $n (1..99) { + if (&CheckDisplayNumber($n)) { + return $n+0; # Bruce Mah's workaround for bug in perl 5.005_02 + } + } + + die "$prog: no free display number on $host.\n"; +} + + +# +# CheckDisplayNumber checks if the given display number is available. A +# display number n is taken if something is listening on the VNC server port +# (5900+n) or the X server port (6000+n). +# + +sub CheckDisplayNumber +{ + local ($n) = @_; + + socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n"; + eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))'; + if (!bind(S, pack('S n x12', $AF_INET, 6000 + $n))) { + close(S); + return 0; + } + close(S); + + socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n"; + eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))'; + if (!bind(S, pack('S n x12', $AF_INET, 5900 + $n))) { + close(S); + return 0; + } + close(S); + + if (-e "/tmp/.X$n-lock") { + warn "\nWarning: $host:$n is taken because of /tmp/.X$n-lock\n"; + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + if (-e "/tmp/.X11-unix/X$n") { + warn "\nWarning: $host:$n is taken because of /tmp/.X11-unix/X$n\n"; + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + if (-e "/usr/spool/sockets/X11/$n") { + warn("\nWarning: $host:$n is taken because of ". + "/usr/spool/sockets/X11/$n\n"); + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + return 1; +} + + +# +# GetXDisplayDefaults uses xdpyinfo to find out the geometry, depth and pixel +# format of the current X display being used. If successful, it sets the +# options as appropriate so that the X VNC server will use the same settings +# (minus an allowance for window manager decorations on the geometry). Using +# the same depth and pixel format means that the VNC server won't have to +# translate pixels when the desktop is being viewed on this X display (for +# TrueColor displays anyway). +# + +sub GetXDisplayDefaults +{ + local (@lines, @matchlines, $width, $height, $defaultVisualId, $i, + $red, $green, $blue); + + $wmDecorationWidth = 4; # a guess at typical size for window manager + $wmDecorationHeight = 24; # decoration size + + return if (!defined($ENV{DISPLAY})); + + @lines = `xdpyinfo 2>/dev/null`; + + return if ($? != 0); + + @matchlines = grep(/dimensions/, @lines); + if (@matchlines) { + ($width, $height) = ($matchlines[0] =~ /(\d+)x(\d+) pixels/); + + $width -= $wmDecorationWidth; + $height -= $wmDecorationHeight; + + $geometry = "${width}x$height"; + } + + @matchlines = grep(/default visual id/, @lines); + if (@matchlines) { + ($defaultVisualId) = ($matchlines[0] =~ /id:\s+(\S+)/); + + for ($i = 0; $i < @lines; $i++) { + if ($lines[$i] =~ /^\s*visual id:\s+$defaultVisualId$/) { + if (($lines[$i+1] !~ /TrueColor/) || + ($lines[$i+2] !~ /depth/) || + ($lines[$i+4] !~ /red, green, blue masks/)) + { + return; + } + last; + } + } + + return if ($i >= @lines); + + ($depth) = ($lines[$i+2] =~ /depth:\s+(\d+)/); + ($red,$green,$blue) + = ($lines[$i+4] + =~ /masks:\s+0x([0-9a-f]+), 0x([0-9a-f]+), 0x([0-9a-f]+)/); + + $red = hex($red); + $green = hex($green); + $blue = hex($blue); + + if ($red > $blue) { + $red = int(log($red) / log(2)) - int(log($green) / log(2)); + $green = int(log($green) / log(2)) - int(log($blue) / log(2)); + $blue = int(log($blue) / log(2)) + 1; + $pixelformat = "rgb$red$green$blue"; + } else { + $blue = int(log($blue) / log(2)) - int(log($green) / log(2)); + $green = int(log($green) / log(2)) - int(log($red) / log(2)); + $red = int(log($red) / log(2)) + 1; + $pixelformat = "bgr$blue$green$red"; + } + } +} + + +# +# quotedString returns a string which yields the original string when parsed +# by a shell. +# + +sub quotedString +{ + local ($in) = @_; + + $in =~ s/\'/\'\"\'\"\'/g; + + return "'$in'"; +} + + +# +# removeSlashes turns slashes into underscores for use as a file name. +# + +sub removeSlashes +{ + local ($in) = @_; + + $in =~ s|/|_|g; + + return "$in"; +} + + +# +# Usage +# + +sub Usage +{ + die("\nusage: $prog [:] [-name ] [-depth ]\n". + " [-geometry x]\n". + " [-pixelformat rgbNNN|bgrNNN]\n". + " [-fp ]\n". + " [-cc ]\n". + " [-fg]\n". + " [-autokill]\n". + " [-noxstartup]\n". + " [-xstartup ]\n". + " ...\n\n". + " $prog -kill \n\n". + " $prog -list\n\n"); +} + + +# +# List +# + +sub List +{ + opendir(dir, $vncUserDir); + my @filelist = readdir(dir); + closedir(dir); + print "\nTigerVNC server sessions:\n\n"; + print "X DISPLAY #\tPROCESS ID\n"; + foreach my $file (@filelist) { + if ($file =~ /$host:(\d+)$\.pid/) { + chop($tmp_pid = `cat $vncUserDir/$file`); + if (kill 0, $tmp_pid) { + print ":".$1."\t\t".`cat $vncUserDir/$file`; + } else { + unlink ($vncUserDir . "/" . $file); + } + } + } + exit; +} + + +# +# Kill +# + +sub Kill +{ + $opt{'-kill'} =~ s/(:\d+)\.\d+$/$1/; # e.g. turn :1.0 into :1 + + if ($opt{'-kill'} =~ /^:\d+$/) { + $pidFile = "$vncUserDir/$host$opt{'-kill'}.pid"; + } else { + if ($opt{'-kill'} !~ /^$host:/) { + die "\nCan't tell if $opt{'-kill'} is on $host\n". + "Use -kill : instead\n\n"; + } + $pidFile = "$vncUserDir/$opt{'-kill'}.pid"; + } + + if (! -r $pidFile) { + die "\nCan't find file $pidFile\n". + "You'll have to kill the Xvnc process manually\n\n"; + } + + $SIG{'HUP'} = 'IGNORE'; + chop($pid = `cat $pidFile`); + warn "Killing Xvnc process ID $pid\n"; + + if (kill 0, $pid) { + system("kill $pid"); + sleep(1); + if (kill 0, $pid) { + print "Xvnc seems to be deadlocked. Kill the process manually and then re-run\n"; + print " ".$0." -kill ".$opt{'-kill'}."\n"; + print "to clean up the socket files.\n"; + exit + } + + } else { + warn "Xvnc process ID $pid already killed\n"; + $opt{'-kill'} =~ s/://; + + if (-e "/tmp/.X11-unix/X$opt{'-kill'}") { + print "Xvnc did not appear to shut down cleanly."; + print " Removing /tmp/.X11-unix/X$opt{'-kill'}\n"; + unlink "/tmp/.X11-unix/X$opt{'-kill'}"; + } + if (-e "/tmp/.X$opt{'-kill'}-lock") { + print "Xvnc did not appear to shut down cleanly."; + print " Removing /tmp/.X$opt{'-kill'}-lock\n"; + unlink "/tmp/.X$opt{'-kill'}-lock"; + } + } + + unlink $pidFile; + exit; +} + + +# +# ParseOptions takes a list of possible options and a boolean indicating +# whether the option has a value following, and sets up an associative array +# %opt of the values of the options given on the command line. It removes all +# the arguments it uses from @ARGV and returns them in @optArgs. +# + +sub ParseOptions +{ + local (@optval) = @_; + local ($opt, @opts, %valFollows, @newargs); + + while (@optval) { + $opt = shift(@optval); + push(@opts,$opt); + $valFollows{$opt} = shift(@optval); + } + + @optArgs = (); + %opt = (); + + arg: while (defined($arg = shift(@ARGV))) { + foreach $opt (@opts) { + if ($arg eq $opt) { + push(@optArgs, $arg); + if ($valFollows{$opt}) { + if (@ARGV == 0) { + &Usage(); + } + $opt{$opt} = shift(@ARGV); + push(@optArgs, $opt{$opt}); + } else { + $opt{$opt} = 1; + } + next arg; + } + } + push(@newargs,$arg); + } + + @ARGV = @newargs; +} + + +# Routine to make sure we're operating in a sane environment. +sub SanityCheck +{ + local ($cmd); + + # Get the program name + ($prog) = ($0 =~ m|([^/]+)$|); + + # + # Check we have all the commands we'll need on the path. + # + + cmd: + foreach $cmd ("uname","xauth") { + for (split(/:/,$ENV{PATH})) { + if (-x "$_/$cmd") { + next cmd; + } + } + die "$prog: couldn't find \"$cmd\" on your PATH.\n"; + } + + if($exedir eq "") { + cmd2: + foreach $cmd ("Xvnc","vncpasswd") { + for (split(/:/,$ENV{PATH})) { + if (-x "$_/$cmd") { + next cmd2; + } + } + die "$prog: couldn't find \"$cmd\" on your PATH.\n"; + } + } + else { + cmd3: + foreach $cmd ($exedir."Xvnc",$exedir."vncpasswd") { + for (split(/:/,$ENV{PATH})) { + if (-x "$cmd") { + next cmd3; + } + } + die "$prog: couldn't find \"$cmd\".\n"; + } + } + + if (!defined($ENV{HOME})) { + die "$prog: The HOME environment variable is not set.\n"; + } + + # + # Find socket constants. 'use Socket' is a perl5-ism, so we wrap it in an + # eval, and if it fails we try 'require "sys/socket.ph"'. If this fails, + # we just guess at the values. If you find perl moaning here, just + # hard-code the values of AF_INET and SOCK_STREAM. You can find these out + # for your platform by looking in /usr/include/sys/socket.h and related + # files. + # + + chop($os = `uname`); + chop($osrev = `uname -r`); + + eval 'use Socket'; + if ($@) { + eval 'require "sys/socket.ph"'; + if ($@) { + if (($os eq "SunOS") && ($osrev !~ /^4/)) { + $AF_INET = 2; + $SOCK_STREAM = 2; + } else { + $AF_INET = 2; + $SOCK_STREAM = 1; + } + } else { + $AF_INET = &AF_INET; + $SOCK_STREAM = &SOCK_STREAM; + } + } else { + $AF_INET = &AF_INET; + $SOCK_STREAM = &SOCK_STREAM; + } +} + +sub NotifyAboutDeprecation +{ + warn "\nWARNING: vncserver has been replaced by a systemd unit and is about to be removed in future releases.\n"; + warn "Please read /usr/share/doc/tigervnc/HOWTO.md for more information.\n"; +} diff --git a/SOURCES/vncserver.man b/SOURCES/vncserver.man new file mode 100644 index 0000000..2641ed1 --- /dev/null +++ b/SOURCES/vncserver.man @@ -0,0 +1,204 @@ +.TH vncserver 1 "" "TigerVNC" "Virtual Network Computing" +.SH NAME +vncserver \- start or stop a VNC server +.SH SYNOPSIS +.B vncserver +.RI [: display# ] +.RB [ \-name +.IR desktop-name ] +.RB [ \-geometry +.IR width x height ] +.RB [ \-depth +.IR depth ] +.RB [ \-pixelformat +.IR format ] +.RB [ \-fp +.IR font-path ] +.RB [ \-fg ] +.RB [ \-autokill ] +.RB [ \-noxstartup ] +.RB [ \-xstartup +.IR script ] +.RI [ Xvnc-options... ] +.br +.BI "vncserver \-kill :" display# +.br +.BI "vncserver \-list" +.SH DESCRIPTION +.B vncserver +is used to start a VNC (Virtual Network Computing) desktop. +.B vncserver +is a Perl script which simplifies the process of starting an Xvnc server. It +runs Xvnc with appropriate options and starts a window manager on the VNC +desktop. + +.B vncserver +can be run with no options at all. In this case it will choose the first +available display number (usually :1), start Xvnc with that display number, +and start the default window manager in the Xvnc session. You can also +specify the display number, in which case vncserver will attempt to start +Xvnc with that display number and exit if the display number is not +available. For example: + +.RS +vncserver :13 +.RE + +Editing the file $HOME/.vnc/xstartup allows you to change the applications run +at startup (but note that this will not affect an existing VNC session.) + +.SH OPTIONS +You can get a list of options by passing \fB\-h\fP as an option to vncserver. +In addition to the options listed below, any unrecognised options will be +passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details. + +.TP +.B \-name \fIdesktop-name\fP +Each VNC desktop has a name which may be displayed by the viewer. The desktop +name defaults to "\fIhost\fP:\fIdisplay#\fP (\fIusername\fP)", but you can +change it with this option. The desktop name option is passed to the xstartup +script via the $VNCDESKTOP environment variable, which allows you to run a +different set of applications depending on the name of the desktop. +. +.TP +.B \-geometry \fIwidth\fPx\fIheight\fP +Specify the size of the VNC desktop to be created. Default is 1024x768. +. +.TP +.B \-depth \fIdepth\fP +Specify the pixel depth (in bits) of the VNC desktop to be created. Default is +24. Other possible values are 8, 15 and 16 - anything else is likely to cause +strange behaviour by applications. +. +.TP +.B \-pixelformat \fIformat\fP +Specify pixel format for Xvnc to use (BGRnnn or RGBnnn). The default for +depth 8 is BGR233 (meaning the most significant two bits represent blue, the +next three green, and the least significant three represent red), the default +for depth 16 is RGB565, and the default for depth 24 is RGB888. +. +.TP +.B \-cc 3 +As an alternative to the default TrueColor visual, this allows you to run an +Xvnc server with a PseudoColor visual (i.e. one which uses a color map or +palette), which can be useful for running some old X applications which only +work on such a display. Values other than 3 (PseudoColor) and 4 (TrueColor) +for the \-cc option may result in strange behaviour, and PseudoColor desktops +must have an 8-bit depth. +. +.TP +.B \-kill :\fIdisplay#\fP +This kills a VNC desktop previously started with vncserver. It does this by +killing the Xvnc process, whose process ID is stored in the file +"$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid". The +.B \-kill +option ignores anything preceding the first colon (":") in the display +argument. Thus, you can invoke "vncserver \-kill $DISPLAY", for example at the +end of your xstartup file after a particular application exits. +. +.TP +.B \-fp \fIfont-path\fP +If the vncserver script detects that the X Font Server (XFS) is running, it +will attempt to start Xvnc and configure Xvnc to use XFS for font handling. +Otherwise, if XFS is not running, the vncserver script will attempt to start +Xvnc and allow Xvnc to use its own preferred method of font handling (which may +be a hard-coded font path or, on more recent systems, a font catalog.) In +any case, if Xvnc fails to start, the vncserver script will then attempt to +determine an appropriate X font path for this system and start Xvnc using +that font path. + +The +.B \-fp +argument allows you to override the above fallback logic and specify a font +path for Xvnc to use. +. +.TP +.B \-fg +Runs Xvnc as a foreground process. This has two effects: (1) The VNC server +can be aborted with CTRL-C, and (2) the VNC server will exit as soon as the +user logs out of the window manager in the VNC session. This may be necessary +when launching TigerVNC from within certain grid computing environments. +. +.TP +.B \-autokill +Automatically kill Xvnc whenever the xstartup script exits. In most cases, +this has the effect of terminating Xvnc when the user logs out of the window +manager. +. +.TP +.B \-noxstartup +Do not run the %HOME/.vnc/xstartup script after launching Xvnc. This +option allows you to manually start a window manager in your TigerVNC session. +. +.TP +.B \-xstartup \fIscript\fP +Run a custom startup script, instead of %HOME/.vnc/xstartup, after launching +Xvnc. This is useful to run full-screen applications. +. +.TP +.B \-list +Lists all VNC desktops started by vncserver. + +.SH FILES +Several VNC-related files are found in the directory $HOME/.vnc: +.TP +$HOME/.vnc/xstartup +A shell script specifying X applications to be run when a VNC desktop is +started. If this file does not exist, then vncserver will create a default +xstartup script which attempts to launch your chosen window manager. +.TP +/etc/tigervnc/vncserver-config-defaults +The optional system-wide equivalent of $HOME/.vnc/config. If this file exists +and defines options to be passed to Xvnc, they will be used as defaults for +users. The user's $HOME/.vnc/config overrides settings configured in this file. +The overall configuration file load order is: this file, $HOME/.vnc/config, +and then /etc/tigervnc/vncserver-config-mandatory. None are required to exist. +.TP +/etc/tigervnc/vncserver-config-mandatory +The optional system-wide equivalent of $HOME/.vnc/config. If this file exists +and defines options to be passed to Xvnc, they will override any of the same +options defined in a user's $HOME/.vnc/config. This file offers a mechanism +to establish some basic form of system-wide policy. WARNING! There is +nothing stopping users from constructing their own vncserver-like script +that calls Xvnc directly to bypass any options defined in +/etc/tigervnc/vncserver-config-mandatory. Likewise, any CLI arguments passed +to vncserver will override ANY config file setting of the same name. The +overall configuration file load order is: +/etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then this file. +None are required to exist. +.TP +$HOME/.vnc/config +An optional server config file wherein options to be passed to Xvnc are listed +to avoid hard-coding them to the physical invocation. List options in this file +one per line. For those requiring an argument, simply separate the option from +the argument with an equal sign, for example: "geometry=2000x1200" or +"securitytypes=vncauth,tlsvnc". Options without an argument are simply listed +as a single word, for example: "localhost" or "alwaysshared". +.TP +$HOME/.vnc/passwd +The VNC password file. +.TP +$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.log +The log file for Xvnc and applications started in xstartup. +.TP +$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid +Identifies the Xvnc process ID, used by the +.B \-kill +option. + +.SH SEE ALSO +.BR vncviewer (1), +.BR vncpasswd (1), +.BR vncconfig (1), +.BR Xvnc (1) +.br +https://www.tigervnc.org + +.SH AUTHOR +Tristan Richardson, RealVNC Ltd., D. R. Commander and others. + +VNC was originally developed by the RealVNC team while at Olivetti +Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were +implemented by Constantin Kaplinsky. Many other people have since +participated in development, testing and support. This manual is part +of the TigerVNC software suite. diff --git a/SOURCES/xvnc.service b/SOURCES/xvnc.service new file mode 100644 index 0000000..9ee468c --- /dev/null +++ b/SOURCES/xvnc.service @@ -0,0 +1,38 @@ +# The vncserver service unit file +# +# Quick HowTo: +# 1. Copy this file to /etc/systemd/system/xvnc@.service +# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket +# 3. Run `systemctl daemon-reload` +# 4. Run `systemctl enable xvnc.socket` +# +# DO NOT RUN THIS SERVICE if your local area network is +# untrusted! For a secure way of using VNC, you should +# limit connections to the local host and then tunnel from +# the machine you want to view VNC on (host A) to the machine +# whose VNC output you want to view (host B) +# +# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB +# +# this will open a connection on port 590N of your hostA to hostB's port 590M +# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB). +# See the ssh man page for details on port forwarding) +# +# You can then point a VNC client on hostA at vncdisplay N of localhost and with +# the help of ssh, you end up seeing what hostB makes available on port 590M +# +# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. +# +# Use "-localhost" to prevent remote VNC clients connecting except when +# doing so through a secure tunnel. See the "-via" option in the +# `man vncviewer' manual page. + + +[Unit] +Description=XVNC Per-Connection Daemon + +[Service] +ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None -Log *:syslog:30 +User=nobody +StandardInput=socket +StandardError=syslog diff --git a/SOURCES/xvnc.socket b/SOURCES/xvnc.socket new file mode 100644 index 0000000..9b3f92d --- /dev/null +++ b/SOURCES/xvnc.socket @@ -0,0 +1,9 @@ +[Unit] +Description=XVNC Server + +[Socket] +ListenStream=5900 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec new file mode 100644 index 0000000..d0ac4e4 --- /dev/null +++ b/SPECS/tigervnc.spec @@ -0,0 +1,1070 @@ +Name: tigervnc +Version: 1.11.0 +Release: 5%{?dist} +Summary: A TigerVNC remote display system + +%global _hardened_build 1 + +License: GPLv2+ +URL: http://www.tigervnc.com + +Source0: %{name}-%{version}.tar.gz +Source1: xvnc.service +Source2: xvnc.socket +Source3: 10-libvnc.conf +Source4: HOWTO.md + +# Backwards compatibility +Source5: vncserver +Source6: vncserver.man + +Patch2: tigervnc-getmaster.patch +Patch5: tigervnc-cursor.patch +Patch6: tigervnc-1.3.1-CVE-2014-8240.patch +Patch8: tigervnc-let-user-know-about-not-using-view-only-password.patch +Patch9: tigervnc-working-tls-on-fips-systems.patch +Patch11: tigervnc-utilize-system-crypto-policies.patch +Patch12: tigervnc-passwd-crash-with-malloc-checks.patch + +# Upstream patches +Patch50: tigervnc-tolerate-specifying-boolparam.patch +Patch51: tigervnc-systemd-service.patch +Patch52: tigervnc-correctly-start-vncsession-as-daemon.patch + +# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg +Patch100: tigervnc-xserver120.patch +# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start +Patch101: 0001-rpath-hack.patch + +BuildRequires: gcc-c++ +BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint +BuildRequires: libXext-devel, xorg-x11-server-source, libXi-devel +BuildRequires: xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel +BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel +BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils +BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel +BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel +BuildRequires: libdrm-devel, libXt-devel, pixman-devel +BuildRequires: systemd, cmake, desktop-file-utils, selinux-policy-devel +%if 0%{?fedora} > 24 || 0%{?rhel} >= 7 +BuildRequires: libXfont2-devel +%else +BuildRequires: libXfont-devel +%endif + +# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support +# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814 +BuildRequires: fltk-devel >= 1.3.3 +BuildRequires: xorg-x11-server-devel + +Requires(post): coreutils +Requires(postun):coreutils + +Requires: hicolor-icon-theme +Requires: tigervnc-license +Requires: tigervnc-icons + +%description +Virtual Network Computing (VNC) is a remote display system which +allows you to view a computing 'desktop' environment not only on the +machine where it is running, but from anywhere on the Internet and +from a wide variety of machine architectures. This package contains a +client which will allow you to connect to other desktops running a VNC +server. + +%package server +Summary: A TigerVNC server +Requires: perl-interpreter +Requires: tigervnc-server-minimal = %{version}-%{release} +Requires: tigervnc-selinux = %{version}-%{release} +Requires: xorg-x11-xauth +Requires: xorg-x11-xinit +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): systemd + +%description server +The VNC system allows you to access the same desktop from a wide +variety of platforms. This package includes set of utilities +which make usage of TigerVNC server more user friendly. It also +contains x0vncserver program which can export your active +X session. + +%package server-minimal +Summary: A minimal installation of TigerVNC server +Requires(post): chkconfig +Requires(preun):chkconfig + +Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils +Requires: tigervnc-license, dbus-x11 + +%description server-minimal +The VNC system allows you to access the same desktop from a wide +variety of platforms. This package contains minimal installation +of TigerVNC server, allowing others to access the desktop on your +machine. + +%package server-module +Summary: TigerVNC module to Xorg +Requires: xorg-x11-server-Xorg %(xserver-sdk-abi-requires ansic) %(xserver-sdk-abi-requires videodrv) +Requires: tigervnc-license + +%description server-module +This package contains libvnc.so module to X server, allowing others +to access the desktop on your machine. + +%package license +Summary: License of TigerVNC suite +BuildArch: noarch + +%description license +This package contains license of the TigerVNC suite + +%package icons +Summary: Icons for TigerVNC viewer +BuildArch: noarch + +%description icons +This package contains icons for TigerVNC viewer + +%package selinux +Summary: SELinux module for TigerVNC +BuildArch: noarch +Requires(pre): libselinux-utils +Requires(post): selinux-policy >= %{_selinux_policy_version} +Requires(post): policycoreutils +Requires(post): libselinux-utils + +%description selinux +This package provides the SELinux policy module to ensure TigerVNC +runs properly under an environment with SELinux enabled. + +%prep +%setup -q + +cp -r /usr/share/xorg-x11-server-source/* unix/xserver +pushd unix/xserver +for all in `find . -type f -perm -001`; do + chmod -x "$all" +done +%patch100 -p1 -b .xserver120-rebased +%patch101 -p1 -b .rpath +popd + +# libvnc.so: don't use unexported GetMaster function (bug #744881 again). +%patch2 -p1 -b .getmaster + +# Fixed viewer crash when cursor has not been set (bug #1051333). +%patch5 -p1 -b .cursor + +# CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based +# buffer overflow in screen size handling +%patch6 -p1 -b .tigervnc-1.3.1-CVE-2014-8240 + +# Bug 1447555 - view-only accepts enter, unclear whether default password is generated or not +%patch8 -p1 -b .let-user-know-about-not-using-view-only-password + +# Bug 1492107 - VNC cannot be used when FIPS is enabled because DH_BITS is too low +%patch9 -p1 -b .working-tls-on-fips-systems + +# Utilize system-wide crypto policies +%patch11 -p1 -b .utilize-system-crypto-policies.patch + +%patch12 -p1 -b .passwd-crash-with-malloc-checks + +# Upstream patches +%patch50 -p1 -b .tolerate-specifying-boolparam +%patch51 -p1 -b .systemd-service +%patch52 -p1 -b .correctly-start-vncsession-as-daemon + +%build +%ifarch sparcv9 sparc64 s390 s390x +export CFLAGS="$RPM_OPT_FLAGS -fPIC" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpic" +%endif +export CXXFLAGS="$CFLAGS" + +%{cmake} . +make %{?_smp_mflags} + +pushd unix/xserver +autoreconf -fiv +%configure \ + --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \ + --disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \ + --with-pic --disable-static \ + --with-default-font-path="catalogue:%{_sysconfdir}/X11/fontpath.d,built-ins" \ + --with-fontdir=%{_datadir}/X11/fonts \ + --with-xkb-output=%{_localstatedir}/lib/xkb \ + --enable-install-libxf86config \ + --enable-glx --disable-dri --enable-dri2 --disable-dri3 \ + --disable-unit-tests \ + --disable-config-hal \ + --disable-config-udev \ + --with-dri-driver-path=%{_libdir}/dri \ + --without-dtrace \ + --disable-devel-docs \ + --disable-selective-werror + +make %{?_smp_mflags} +popd + +# Build icons +pushd media +make +popd + +# SELinux +pushd unix/vncserver/selinux +make +popd + + +%install +%make_install + +pushd unix/xserver/hw/vnc +make install DESTDIR=%{buildroot} +popd + +pushd unix/vncserver/selinux +make install DESTDIR=%{buildroot} +popd + + +# Install systemd unit file +install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service +install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket + +# Install desktop stuff +mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps + +pushd media/icons +for s in 16 24 48; do +install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png +done +popd + +rm -f %{buildroot}/%{_mandir}/man8/vncserver.8 + +install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver +install -m 644 %{SOURCE6} %{buildroot}/%{_mandir}/man8/vncserver.8 + +%find_lang %{name} %{name}.lang + +# remove unwanted files +rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la + +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/ +install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf + +install -m 644 %{SOURCE4} %{buildroot}/%{_docdir}/tigervnc/HOWTO.md + +%post server +%systemd_post xvnc.service +%systemd_post xvnc.socket + +%preun server +%systemd_preun xvnc.service +%systemd_preun xvnc.socket + +%postun server +%systemd_postun xvnc.service +%systemd_postun xvnc.socket + +%pre selinux +%selinux_relabel_pre + +%post selinux +%selinux_modules_install %{_datadir}/selinux/packages/vncsession.pp +%selinux_relabel_post + +%posttrans selinux +%selinux_relabel_post + +%postun selinux +%selinux_modules_uninstall vncsession +if [ $1 -eq 0 ]; then + %selinux_relabel_post +fi + + +%files -f %{name}.lang +%doc README.rst +%{_bindir}/vncviewer +%{_datadir}/applications/* +%{_mandir}/man1/vncviewer.1* + +%files server +%config(noreplace) %{_sysconfdir}/pam.d/tigervnc +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-defaults +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-mandatory +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver.users +%{_unitdir}/vncserver@.service +%{_unitdir}/xvnc@.service +%{_unitdir}/xvnc.socket +%{_bindir}/x0vncserver +%{_bindir}/vncserver +%{_sbindir}/vncsession +%{_libexecdir}/vncserver +%{_libexecdir}/vncsession-start +%{_mandir}/man1/x0vncserver.1* +%{_mandir}/man8/vncserver.8* +%{_mandir}/man8/vncsession.8* +%{_docdir}/tigervnc/HOWTO.md + +%files server-minimal +%{_bindir}/vncconfig +%{_bindir}/vncpasswd +%{_bindir}/Xvnc +%{_mandir}/man1/Xvnc.1* +%{_mandir}/man1/vncpasswd.1* +%{_mandir}/man1/vncconfig.1* + +%files server-module +%{_libdir}/xorg/modules/extensions/libvnc.so +%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf + +%files license +%{_docdir}/tigervnc/LICENCE.TXT + +%files icons +%{_datadir}/icons/hicolor/*/apps/* + +%files selinux +%{_datadir}/selinux/packages/vncsession.pp + + +%changelog +* Thu Dec 03 2020 Jan Grulich - 1.11.0-5 +- Make sure we log properly output to journal (actually log to syslog) + Resolves: bz#1841537 + +* Thu Dec 03 2020 Jan Grulich - 1.11.0-4 +- Make sure we log properly output to journal + Resolves: bz#1841537 + +* Wed Nov 18 2020 Jan Grulich - 1.11.0-3 +- vncserver: ignore new "session" parameter from the new systemd support + Resolves: bz#1897504 + +* Wed Nov 18 2020 Jan Grulich - 1.11.0-2 +- Revert removal of vncserver + Resolves: bz#1897504 +- Correctly start vncsession as a daemon + Resolves: bz#1897498 + +* Tue Oct 20 2020 Jan Grulich - 1.11.0-1 +- Update to 1.11.0 + Resolves: bz#1880985 +- Backport fix to allow Tigervnc use boolean values in config files + Resolves: bz#1883415 + +* Wed Sep 30 2020 Jan Grulich - 1.10.1-8 +- Tolerate specifying -BoolParam 0 and similar + Resolves: bz#1883415 + +* Wed Jul 08 2020 Jan Grulich - 1.10.1-7 +- Enable server module on s390x + Resolves: bz#1854925 + +* Fri Jul 03 2020 Jan Grulich - 1.10.1-6 +- Remove trailing spaces in user name + Resolves: bz#1852432 + +* Thu Jun 25 2020 Jan Grulich - 1.10.1-5 +- Install the HOWTO file to correct location +- Add /usr/bin/vncserver file informing users to read the HOWTO.md file + Resolves: bz#1790443 + +* Mon Jun 15 2020 Jan Grulich - 1.10.1-4 +- Improve SELinux policy + Resolves: bz#1790443 + +* Mon Jun 15 2020 Jan Grulich - 1.10.1-3 +- Add a HOWTO.md file with instructions how to start VNC server + Resolves: bz#1790443 + +* Tue May 26 2020 Jan Grulich - 1.10.1-2 +- Make the systemd service run also for root user + Resolves: bz#1790443 + +* Mon Apr 27 2020 Jan Grulich - 1.10.1-1 +- Update to 1.10.1 + Resolves: bz#1806992 + +- Add proper systemd support + Resolves: bz#1790443 + +* Tue Jan 28 2020 Jan Grulich - 1.9.0-13 +- Bump build because of z-stream + Resolves: bz#1671714 + +* Wed Dec 11 2019 Jan Grulich - 1.9.0-12 +- Fix installation of systemd files + Resolves: bz#1671714 + +* Wed Nov 20 2019 Jan Grulich - 1.9.0-11 +- Use wrapper script to workaround systemd issues + Resolves: bz#1671714 + +* Fri Jul 12 2019 Jan Grulich - 1.9.0-10 +- Do not return returncode indicating error when running "vncserver -list" + Resolves: bz#1727860 + +* Fri Feb 08 2019 Jan Grulich - 1.9.0-9 +- Make tigervnc systemd service a user service + Resolves: bz#1639846 + +* Mon Jan 21 2019 Jan Grulich - 1.9.0-8 +- Kill the session automatically only when Gnome is installed + Resolves: bz#1665876 + +* Tue Nov 20 2018 Jan Grulich - 1.9.0-7 +- Improve coverity scan fixes + Resolves: bz#1602714 + + Inform whether view-only password is used or not + Resolves: bz#1639169 + + Backport fixes from RHEL 7 + Resolves: bz#1651254 + +* Tue Oct 09 2018 Jan Grulich - 1.9.0-6 +- Do not crash passwd when using malloc perturb checks + Resolves: bz#1637086 + +* Mon Oct 08 2018 Jan Grulich - 1.9.0-5 +- Improve coverity scan fixes + Resolves: bz#1602714 + +* Wed Oct 03 2018 Jan Grulich - 1.9.0-4 +- Improve coverity scan fixes + Resolves: bz#1602714 + +* Wed Oct 03 2018 Jan Grulich - 1.9.0-3 +- Fix some coverity scan issues + Resolves: bz#1602714 + +* Wed Aug 01 2018 Jan Grulich - 1.9.0-2 +- Remove dependency on initscripts + +* Tue Jul 17 2018 Jan Grulich - 1.9.0-1 +- Update to 1.9.0 + sync with Fedora + +* Tue Jun 12 2018 Adam Jackson - 1.8.0-10 +- Fix GLX initialization with Xorg 1.20 + +* Tue May 29 2018 Jan Grulich - 1.8.0-9 +- Build against Xorg 1.20 + +* Mon May 14 2018 Jan Grulich - 1.8.0-8 +- Drop BR: ImageMagick + +* Fri Feb 09 2018 Fedora Release Engineering - 1.8.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jan 18 2018 Igor Gnatenko - 1.8.0-6 +- Remove obsolete scriptlets + +* Fri Dec 15 2017 Jan Grulich - 1.8.0-5 +- Properly initialize tigervnc when started as systemd service + +* Thu Aug 03 2017 Fedora Release Engineering - 1.8.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.8.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jul 13 2017 Petr Pisar - 1.8.0-2 +- perl dependency renamed to perl-interpreter + + +* Wed May 17 2017 Jan Grulich - 1.8.0-1 +- Update to 1.8.0 + +* Thu Apr 20 2017 Jan Grulich - 1.7.90-1 +- Update to 1.7.90 (beta) + +* Thu Apr 06 2017 Jan Grulich - 1.7.1-4 +- Added systemd unit file for xvnc + Resolves: bz#891802 + +* Tue Apr 04 2017 Jan Grulich - 1.7.1-3 +- Bug 1438704 - CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 + CVE-2017-7395 CVE-2017-7396 tigervnc: various flaws + + other upstream related fixes + +* Sat Feb 11 2017 Fedora Release Engineering - 1.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 19 2017 Jan Grulich - 1.7.1-1 +- Update to 1.7.1 + +* Mon Jan 9 2017 Hans de Goede - 1.7.0-6 +- Fix -inetd no longer working (rhbz#1408724) + +* Wed Nov 30 2016 Jan Grulich - 1.7.0-5 +- Fix broken vncserver.service file + +* Wed Nov 23 2016 Jan Grulich - 1.7.0-4 +- Improve instructions in vncserver.service + Resolves: bz#1397207 + +* Tue Oct 4 2016 Hans de Goede - 1.7.0-3 +- Update tigervnc-1.7.0-xserver119-support.patch to also request write + notfication when necessary + +* Mon Oct 3 2016 Hans de Goede - 1.7.0-2 +- Add patches for use with xserver-1.19 +- Rebuild against xserver-1.19 +- Cleanup specfile a bit + +* Mon Sep 12 2016 Jan Grulich - 1.7.0-1 +- Update to 1.7.0 + +* Mon Jul 18 2016 Jan Grulich - 1.6.90-1 +- Update to 1.6.90 (1.7.0 beta) + +* Wed Jun 01 2016 Jan Grulich - 1.6.0-6 +- Try to pickup upstream fix for compatibility with gtk vnc clients + +* Wed Jun 01 2016 Jan Grulich - 1.6.0-5 +- Re-enable patch4 again, will need to find a way to make this work on both sides + +* Mon May 23 2016 Jan Grulich - 1.6.0-4 +- Utilize system-wide crypto policies + Resolves: bz#1179345 +- Try to disable patch4 as it was previously written to support an + older version of a different client and breaks some other usage + Resolves: bz#1280440 + +* Fri Feb 05 2016 Fedora Release Engineering - 1.6.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 13 2016 Jan Grulich - 1.6.0-2 +- Update systemd service file + Resolves: bz#1211789 + +* Mon Jan 04 2016 Jan Grulich - 1.6.0-1 +- Update to 1.6.0 + +* Tue Dec 01 2015 Jan Grulich - 1.5.90-1 +- Update to 1.5.90 (1.6.0 beta) + +* Thu Nov 19 2015 Jan Grulich - 1.5.0-4 +- rebuild against final xorg server 1.18 release (bug #1279146) + +* Tue Sep 22 2015 Kalev Lember - 1.5.0-3 +- xorg server 1.18 ABI rebuild + +* Fri Aug 21 2015 Jan Grulich - 1.5.0-2 +- Do not fail with -inetd option + +* Wed Aug 19 2015 Jan Grulich - 1.5.0-1 +- 1.5.0 + +* Tue Aug 04 2015 Kevin Fenzi - 1.4.3-12 +- Rebuild to fix broken deps and build against xorg 1.18 prerelease + +* Thu Jun 25 2015 Tim Waugh - 1.4.3-11 +- Rebuilt (bug #1235603). + +* Fri Jun 19 2015 Fedora Release Engineering - 1.4.3-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon May 04 2015 Kalev Lember - 1.4.3-8 +- Rebuilt for nettle soname bump + +* Wed Apr 22 2015 Tim Waugh - 1.4.3-7 +- Removed incorrect parameters from vncviewer manpage (bug #1213199). + +* Tue Apr 21 2015 Tim Waugh - 1.4.3-6 +- Use full git hash for GitHub tarball release. + +* Fri Apr 10 2015 Tim Waugh - 1.4.3-5 +- Explicit version build dependency for fltk (bug #1208814). + +* Thu Apr 9 2015 Tim Waugh - 1.4.3-4 +- Drop upstream xorg-x11-server patch as it is now built (bug #1210407). + +* Thu Apr 9 2015 Tim Waugh - 1.4.3-3 +- Apply upstream patch to fix byte order (bug #1206060). + +* Fri Mar 6 2015 Tim Waugh - 1.4.3-2 +- Don't disable Xinerama extension (upstream #147). + +* Mon Mar 2 2015 Tim Waugh - 1.4.3-1 +- 1.4.3. + +* Tue Feb 24 2015 Tim Waugh - 1.4.2-3 +- Use calloc instead of xmalloc. +- Removed unnecessary configure flags. + +* Wed Feb 18 2015 Rex Dieter 1.4.2-2 +- rebuild (fltk) + +* Fri Feb 13 2015 Tim Waugh - 1.4.2-1 +- Rebased xserver116.patch against xorg-x11-server-1.17.1. +- Allow build against xorg-x11-server-1.17. +- 1.4.2. + +* Tue Sep 9 2014 Tim Waugh - 1.3.1-11 +- Added missing part of xserver114.patch (bug #1137023). + +* Wed Sep 3 2014 Tim Waugh - 1.3.1-10 +- Fix build against xorg-x11-server-1.16.0 (bug #1136532). + +* Mon Aug 18 2014 Fedora Release Engineering - 1.3.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 15 2014 Tim Waugh - 1.3.1-8 +- Input reset fixes from upstream (bug #1116956). +- No longer need ppc64le patch as it's now in xorg-x11-server. +- Rebased xserver114.patch again. + +* Fri Jun 20 2014 Hans de Goede - 1.3.1-7 +- xserver 1.15.99.903 ABI rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 1.3.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 22 2014 Tim Waugh 1.3.1-5 +- Keep pointer in sync when using module (upstream bug #152). + +* Mon Apr 28 2014 Adam Jackson 1.3.1-4 +- Add version interlocks for -server-module + +* Mon Apr 28 2014 Hans de Goede - 1.3.1-3 +- xserver 1.15.99-20140428 git snapshot ABI rebuild + +* Mon Apr 7 2014 Tim Waugh 1.3.1-2 +- Allow build with dri3 and present extensions (bug #1063392). + +* Thu Mar 27 2014 Tim Waugh 1.3.1-1 +- 1.3.1 (bug #1078806). +- Add ppc64le support (bug #1078495). + +* Wed Mar 19 2014 Tim Waugh 1.3.0-15 +- Disable dri3 to enable building (bug #1063392). +- Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928). + +* Fri Feb 21 2014 Tim Waugh 1.3.0-14 +- Enabled hardened build (bug #955206). + +* Mon Feb 10 2014 Tim Waugh 1.3.0-13 +- Clearer xstartup file (bug #923655). + +* Tue Jan 14 2014 Tim Waugh 1.3.0-12 +- Fixed instructions in systemd unit file. + +* Fri Jan 10 2014 Tim Waugh 1.3.0-11 +- Fixed viewer crash when cursor has not been set (bug #1038701). + +* Thu Dec 12 2013 Tim Waugh 1.3.0-10 +- Avoid invalid read when ZRLE connection closed (upstream bug #133). + +* Tue Dec 3 2013 Tim Waugh 1.3.0-9 +- Fixed build failure with -Werror=format-security (bug #1037358). + +* Thu Nov 07 2013 Adam Jackson 1.3.0-8 +- Rebuild against xserver 1.15RC1 + +* Tue Sep 24 2013 Tim Waugh 1.3.0-7 +- Removed incorrect patch (for unexpected key_is_down). Fixes stuck + keys bug (bug #989502). + +* Thu Sep 19 2013 Tim Waugh 1.3.0-6 +- Fixed typo in 10-libvnc.conf (bug #1009111). + +* Wed Sep 18 2013 Tim Waugh 1.3.0-5 +- Better fix for PIDFile problem (bug #983232). + +* Mon Aug 5 2013 Tim Waugh 1.3.0-4 +- Fixed doc-related build failure (bug #992790). + +* Wed Jul 24 2013 Tim Waugh 1.3.0-3 +- Avoid PIDFile problems in systemd unit file (bug #983232). +- libvnc.so: don't use unexported key_is_down function. +- Don't use shebang in vncserver script. + +* Fri Jul 12 2013 Tim Waugh 1.3.0-2 +- Renumbered patches. +- libvnc.so: don't use unexported GetMaster function (bug #744881 again). + +* Mon Jul 8 2013 Tim Waugh 1.3.0-1 +- 1.3.0. + +* Wed Jul 3 2013 Tim Waugh 1.2.80-0.18.20130314svn5065 +- Removed systemd_requires macro in order to fix the build. + +* Wed Jul 3 2013 Tim Waugh 1.2.80-0.17.20130314svn5065 +- Synchronise manpages and --help output (bug #980870). + +* Mon Jun 17 2013 Adam Jackson 1.2.80-0.16.20130314svn5065 +- tigervnc-setcursor-crash.patch: Attempt to paper over a crash in Xvnc when + setting the cursor. + +* Sat Jun 08 2013 Dennis Gilmore 1.2.80-0.15.20130314svn5065 +- bump to rebuild and pick up bugfix causing X to crash on ppc and arm + +* Thu May 23 2013 Tim Waugh 1.2.80-0.14.20130314svn5065 +- Use systemd rpm macros (bug #850340). Moved systemd requirements + from main package to server sub-package. +- Applied Debian patch to fix busy loop when run from inetd in nowait + mode (bug #920373). +- Added dependency on xorg-x11-xinit to server sub-package so that + default window manager can be found (bug #896284, bug #923655). +- Fixed bogus changelog date. + +* Thu Mar 14 2013 Adam Jackson 1.2.80-0.13.20130314svn5065 +- Less RHEL customization + +* Thu Mar 14 2013 Adam Tkac - 1.2.80-0.12.20130314svn5065 +- include /etc/X11/xorg.conf.d/10-libvnc.conf sample configuration (#712482) +- vncserver now honors specified -geometry parameter (#755947) + +* Tue Mar 12 2013 Adam Tkac - 1.2.80-0.11.20130307svn5060 +- update to r5060 +- split icons to separate package to avoid multilib issues + +* Tue Feb 19 2013 Adam Tkac - 1.2.80-0.10.20130219svn5047 +- update to r5047 (X.Org 1.14 support) + +* Fri Feb 15 2013 Fedora Release Engineering - 1.2.80-0.9.20121126svn5015 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Jan 21 2013 Adam Tkac - 1.2.80-0.8.20121126svn5015 +- rebuild due to "jpeg8-ABI" feature drop + +* Wed Jan 16 2013 Adam Tkac 1.2.80-0.7.20121126svn5015 +- rebuild + +* Tue Dec 04 2012 Adam Tkac 1.2.80-0.6.20121126svn5015 +- rebuild against new fltk + +* Mon Nov 26 2012 Adam Tkac 1.2.80-0.5.20121126svn5015 +- update to r5015 +- build with -fpic instead of -fPIC on all archs except s390/sparc + +* Wed Nov 7 2012 Peter Robinson 1.2.80-0.4.20120905svn4996 +- Build with -fPIC to fix FTBFS on ARM + +* Wed Oct 31 2012 Adam Jackson 1.2.80-0.3.20120905svn4996 +- tigervnc12-xorg113-glx.patch: Fix to only init glx on the first server + generation + +* Fri Sep 28 2012 Adam Jackson 1.2.80-0.2.20120905svn4996 +- tigervnc12-xorg113-glx.patch: Re-enable GLX against xserver 1.13 + +* Fri Aug 17 2012 Adam Tkac 1.2.80-0.1.20120905svn4996 +- update to 1.2.80 +- remove deprecated patches + - tigervnc-102434.patch + - tigervnc-viewer-reparent.patch + - tigervnc11-java7.patch +- patches merged + - tigervnc11-xorg111.patch + - tigervnc11-xorg112.patch + +* Fri Aug 10 2012 Dave Airlie 1.1.0-10 +- fix build against newer X server + +* Mon Jul 23 2012 Adam Jackson 1.1.0-9 +- Build with the Composite extension for feature parity with other X servers + +* Sat Jul 21 2012 Fedora Release Engineering - 1.1.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jul 19 2012 Dave Airlie 1.1.0-7 +- fix building against X.org 1.13 + +* Wed Apr 04 2012 Adam Jackson 1.1.0-6 +- RHEL exclusion for -server-module on ppc* too + +* Mon Mar 26 2012 Adam Tkac - 1.1.0-5 +- clean Xvnc's /tmp environment in service file before startup +- fix building against the latest JAVA 7 and X.Org 1.12 + +* Sat Jan 14 2012 Fedora Release Engineering - 1.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 22 2011 Adam Tkac - 1.1.0-3 +- don't build X.Org devel docs (#755782) +- applet: BR generic java-devel instead of java-gcj-devel (#755783) +- use runuser to start Xvnc in systemd service file (#754259) +- don't attepmt to restart Xvnc session during update/erase (#753216) + +* Fri Nov 11 2011 Adam Tkac - 1.1.0-2 +- libvnc.so: don't use unexported GetMaster function (#744881) +- remove nasm buildreq + +* Mon Sep 12 2011 Adam Tkac - 1.1.0-1 +- update to 1.1.0 +- update the xorg11 patch +- patches merged + - tigervnc11-glx.patch + - tigervnc11-CVE-2011-1775.patch + - 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch + +* Thu Jul 28 2011 Adam Tkac - 1.0.90-6 +- add systemd service file and remove legacy SysV initscript (#717227) + +* Thu May 12 2011 Adam Tkac - 1.0.90-5 +- make Xvnc buildable against X.Org 1.11 + +* Tue May 10 2011 Adam Tkac - 1.0.90-4 +- viewer can send password without proper validation of X.509 certs + (CVE-2011-1775) + +* Wed Apr 13 2011 Adam Tkac - 1.0.90-3 +- fix wrong usage of memcpy which caused screen artifacts (#652590) +- don't point to inaccessible link in sysconfig/vncservers (#644975) + +* Fri Apr 08 2011 Adam Tkac - 1.0.90-2 +- improve compatibility with vinagre client (#692048) + +* Tue Mar 22 2011 Adam Tkac - 1.0.90-1 +- update to 1.0.90 + +* Wed Feb 09 2011 Fedora Release Engineering - 1.0.90-0.32.20110117svn4237 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Adam Tkac 1.0.90-0.31.20110117svn4237 +- fix libvnc.so module loading + +* Mon Jan 17 2011 Adam Tkac 1.0.90-0.30.20110117svn4237 +- update to r4237 +- patches merged + - tigervnc11-optionsdialog.patch + - tigervnc11-rh607866.patch + +* Fri Jan 14 2011 Adam Tkac 1.0.90-0.29.20101208svn4225 +- improve patch for keyboard issues + +* Fri Jan 14 2011 Adam Tkac 1.0.90-0.28.20101208svn4225 +- attempt to fix various keyboard-related issues (key repeating etc) + +* Fri Jan 07 2011 Adam Tkac 1.0.90-0.27.20101208svn4225 +- render "Ok" and "Cancel" buttons in the options dialog correctly + +* Wed Dec 15 2010 Jan Görig 1.0.90-0.26.20101208svn4225 +- added vncserver lock file (#662784) + +* Fri Dec 10 2010 Adam Tkac 1.0.90-0.25.20101208svn4225 +- update to r4225 +- patches merged + - tigervnc11-rh611677.patch + - tigervnc11-rh633931.patch + - tigervnc11-xorg1.10.patch +- enable VeNCrypt and PAM support + +* Mon Dec 06 2010 Adam Tkac 1.0.90-0.24.20100813svn4123 +- rebuild against xserver 1.10.X +- 0001-Return-Success-from-generate_modkeymap-when-max_keys.patch merged + +* Wed Sep 29 2010 jkeating - 1.0.90-0.23.20100813svn4123 +- Rebuilt for gcc bug 634757 + +* Tue Sep 21 2010 Adam Tkac 1.0.90-0.22.20100420svn4030 +- drop xorg-x11-fonts-misc dependency (#636170) + +* Tue Sep 21 2010 Adam Tkac 1.0.90-0.21.20100420svn4030 +- improve patch for #633645 (fix tcsh incompatibilities) + +* Thu Sep 16 2010 Adam Tkac 1.0.90-0.20.20100813svn4123 +- press fake modifiers correctly (#633931) +- supress unneeded debug information emitted from initscript (#633645) + +* Wed Aug 25 2010 Adam Tkac 1.0.90-0.19.20100813svn4123 +- separate Xvnc, vncpasswd and vncconfig to -server-minimal subpkg (#626946) +- move license to separate subpkg and Requires it from main subpkgs +- Xvnc: handle situations when no modifiers exist well (#611677) + +* Fri Aug 13 2010 Adam Tkac 1.0.90-0.18.20100813svn4123 +- update to r4123 (#617973) +- add perl requires to -server subpkg (#619791) + +* Thu Jul 22 2010 Adam Tkac 1.0.90-0.17.20100721svn4113 +- update to r4113 +- patches merged + - tigervnc11-rh586406.patch + - tigervnc11-libvnc.patch + - tigervnc11-rh597172.patch + - tigervnc11-rh600070.patch + - tigervnc11-options.patch +- don't own %%{_datadir}/icons directory (#614301) +- minor improvements in the .desktop file (#616340) +- bundled libjpeg configure requires nasm; is executed even if system-wide + libjpeg is used + +* Fri Jul 02 2010 Adam Tkac 1.0.90-0.16.20100420svn4030 +- build against system-wide libjpeg-turbo (#494458) +- build no longer requires nasm + +* Mon Jun 28 2010 Adam Tkac 1.0.90-0.15.20100420svn4030 +- vncserver: accept <+optname> option when specified as the first one + +* Thu Jun 24 2010 Adam Tkac 1.0.90-0.14.20100420svn4030 +- fix memory leak in Xvnc input code (#597172) +- don't crash when receive negative encoding (#600070) +- explicitly disable udev configuration support +- add gettext-autopoint to BR + +* Mon Jun 14 2010 Adam Tkac 1.0.90-0.13.20100420svn4030 +- update URL about SSH tunneling in the sysconfig file (#601996) + +* Fri Jun 11 2010 Adam Tkac 1.0.90-0.12.20100420svn4030 +- use newer gettext +- autopoint now uses git instead of cvs, adjust BuildRequires appropriately + +* Thu May 13 2010 Adam Tkac 1.0.90-0.11.20100420svn4030 +- link libvnc.so "now" to catch "undefined symbol" errors during Xorg startup +- use always XkbConvertCase instead of XConvertCase (#580159, #586406) +- don't link libvnc.so against libXi.la, libdix.la and libxkb.la; use symbols + from Xorg instead + +* Thu May 13 2010 Adam Tkac 1.0.90-0.10.20100420svn4030 +- update to r4030 snapshot +- patches merged to upstream + - tigervnc11-rh522369.patch + - tigervnc11-rh551262.patch + - tigervnc11-r4002.patch + - tigervnc11-r4014.patch + +* Thu Apr 08 2010 Adam Tkac 1.0.90-0.9.20100219svn3993 +- add server-applet subpackage which contains Java vncviewer applet +- fix Java applet; it didn't work when run from web browser +- add xorg-x11-xkb-utils to server Requires + +* Fri Mar 12 2010 Adam Tkac 1.0.90-0.8.20100219svn3993 +- add French translation to vncviewer.desktop (thanks to Alain Portal) + +* Thu Mar 04 2010 Adam Tkac 1.0.90-0.7.20100219svn3993 +- don't crash during pixel format change (#522369, #551262) + +* Mon Mar 01 2010 Adam Tkac 1.0.90-0.6.20100219svn3993 +- add mesa-dri-drivers and xkeyboard-config to -server Requires +- update to r3993 1.0.90 snapshot + - tigervnc11-noexecstack.patch merged + - tigervnc11-xorg18.patch merged + - xserver18.patch is no longer needed + +* Wed Jan 27 2010 Jan Gorig 1.0.90-0.5.20091221svn3929 +- initscript LSB compliance fixes (#523974) + +* Fri Jan 22 2010 Adam Tkac 1.0.90-0.4.20091221svn3929 +- mark stack as non-executable in jpeg ASM code +- add xorg-x11-xauth to Requires +- add support for X.Org 1.8 +- drop shave sources, they are no longer needed + +* Thu Jan 21 2010 Adam Tkac 1.0.90-0.3.20091221svn3929 +- drop tigervnc-xorg25909.patch, it has been merged to X.Org upstream + +* Thu Jan 07 2010 Adam Tkac 1.0.90-0.2.20091221svn3929 +- add patch for upstream X.Org issue #25909 +- add libXdmcp-devel to build requires to build Xvnc with XDMCP support (#552322) + +* Mon Dec 21 2009 Adam Tkac 1.0.90-0.1.20091221svn3929 +- update to 1.0.90 snapshot +- patches merged + - tigervnc10-compat.patch + - tigervnc10-rh510185.patch + - tigervnc10-rh524340.patch + - tigervnc10-rh516274.patch + +* Mon Oct 26 2009 Adam Tkac 1.0.0-3 +- create Xvnc keyboard mapping before first keypress (#516274) + +* Thu Oct 08 2009 Adam Tkac 1.0.0-2 +- update underlying X source to 1.6.4-0.3.fc11 +- remove bogus '-nohttpd' parameter from /etc/sysconfig/vncservers (#525629) +- initscript LSB compliance fixes (#523974) +- improve -LowColorSwitch documentation and handling (#510185) +- honor dotWhenNoCursor option (and it's changes) every time (#524340) + +* Fri Aug 28 2009 Adam Tkac 1.0.0-1 +- update to 1.0.0 +- tigervnc10-rh495457.patch merged to upstream + +* Mon Aug 24 2009 Karsten Hopp 0.0.91-0.17 +- fix ifnarch s390x for server-module + +* Fri Aug 21 2009 Tomas Mraz - 0.0.91-0.16 +- rebuilt with new openssl + +* Tue Aug 04 2009 Adam Tkac 0.0.91-0.15 +- make Xvnc compilable + +* Sun Jul 26 2009 Fedora Release Engineering - 0.0.91-0.14.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jul 13 2009 Adam Tkac 0.0.91-0.13.1 +- don't write warning when initscript is called with condrestart param (#508367) + +* Tue Jun 23 2009 Adam Tkac 0.0.91-0.13 +- temporary use F11 Xserver base to make Xvnc compilable +- BuildRequires: libXi-devel +- don't ship tigervnc-server-module on s390/s390x + +* Mon Jun 22 2009 Adam Tkac 0.0.91-0.12 +- fix local rendering of cursor (#495457) + +* Thu Jun 18 2009 Adam Tkac 0.0.91-0.11 +- update to 0.0.91 (1.0.0 RC1) +- patches merged + - tigervnc10-rh499401.patch + - tigervnc10-rh497592.patch + - tigervnc10-rh501832.patch +- after discusion in upstream drop tigervnc-bounds.patch +- configure flags cleanup + +* Thu May 21 2009 Adam Tkac 0.0.90-0.10 +- rebuild against 1.6.1.901 X server (#497835) +- disable i18n, vncviewer is not UTF-8 compatible (#501832) + +* Mon May 18 2009 Adam Tkac 0.0.90-0.9 +- fix vncpasswd crash on long passwords (#499401) +- start session dbus daemon correctly (#497592) + +* Mon May 11 2009 Adam Tkac 0.0.90-0.8.1 +- remove merged tigervnc-manminor.patch + +* Tue May 05 2009 Adam Tkac 0.0.90-0.8 +- update to 0.0.90 + +* Thu Apr 30 2009 Adam Tkac 0.0.90-0.7.20090427svn3789 +- server package now requires xorg-x11-fonts-misc (#498184) + +* Mon Apr 27 2009 Adam Tkac 0.0.90-0.6.20090427svn3789 +- update to r3789 + - tigervnc-rh494801.patch merged +- tigervnc-newfbsize.patch is no longer needed +- fix problems when vncviewer and Xvnc run on different endianess (#496653) +- UltraVNC and TightVNC clients work fine again (#496786) + +* Wed Apr 08 2009 Adam Tkac 0.0.90-0.5.20090403svn3751 +- workaround broken fontpath handling in vncserver script (#494801) + +* Fri Apr 03 2009 Adam Tkac 0.0.90-0.4.20090403svn3751 +- update to r3751 +- patches merged + - tigervnc-xclients.patch + - tigervnc-clipboard.patch + - tigervnc-rh212985.patch +- basic RandR support in Xvnc (resize of the desktop) +- use built-in libjpeg (SSE2/MMX accelerated encoding on x86 platform) +- use Tight encoding by default +- use TigerVNC icons + +* Tue Mar 03 2009 Adam Tkac 0.0.90-0.3.20090303svn3631 +- update to r3631 + +* Tue Mar 03 2009 Adam Tkac 0.0.90-0.2.20090302svn3621 +- package review related fixes + +* Mon Mar 02 2009 Adam Tkac 0.0.90-0.1.20090302svn3621 +- initial package, r3621