Resolves: RHEL-45316
This commit is contained in:
Jan Grulich 2024-07-23 13:19:58 +02:00
parent f76f6574de
commit 55f47bf052
7 changed files with 133 additions and 1351 deletions

1
.gitignore vendored
View File

@ -32,3 +32,4 @@ tigervnc-1.0.90-20100721svn4113.tar.bz2
/tigervnc-1.11.0.tar.gz
/tigervnc-1.12.0.tar.gz
/tigervnc-1.13.1.tar.gz
/tigervnc-1.14.0.tar.gz

View File

@ -1 +1 @@
SHA512 (tigervnc-1.13.1.tar.gz) = 9190dbcd3b57ba52286c158c0675104d68463d7e3ea8e23493514b64451ddb511f3daf0f177339bc231155daea376d9c8dc58216663e10aa12f67468f4559da5
SHA512 (tigervnc-1.14.0.tar.gz) = ee36f0aa40957274fb00fd755624a8bea80432d797d6c183645ed1251058ab30594d2261693b5655c5ca85a22e53f93029eeccc51fe86780398d1a017fa2311c

File diff suppressed because it is too large Load Diff

View File

@ -1,135 +0,0 @@
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index 6f65e87..3142ba3 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -27,6 +27,8 @@
#include <rdr/InStream.h>
#if !defined(WIN32) && !defined(__APPLE__)
#include <rfb/UnixPasswordValidator.h>
+#include <unistd.h>
+#include <pwd.h>
#endif
#ifdef WIN32
#include <rfb/WinPasswdValidator.h>
@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
bool PasswordValidator::validUser(const char* username)
{
- CharArray users(plainUsers.getValueStr()), user;
+ std::vector<std::string> users;
- while (users.buf) {
- strSplit(users.buf, ',', &user.buf, &users.buf);
-#ifdef WIN32
- if (0 == stricmp(user.buf, "*"))
- return true;
- if (0 == stricmp(user.buf, username))
- return true;
-#else
- if (!strcmp(user.buf, "*"))
- return true;
- if (!strcmp(user.buf, username))
- return true;
+ users = split(plainUsers, ',');
+
+ for (size_t i = 0; i < users.size(); i++) {
+ if (users[i] == "*")
+ return true;
+#if !defined(WIN32) && !defined(__APPLE__)
+ if (users[i] == "%u") {
+ struct passwd *pw = getpwnam(username);
+ if (pw && pw->pw_uid == getuid())
+ return true;
+ }
#endif
+ if (users[i] == username)
+ return true;
}
return false;
}
diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
index 649eb0b..cce73a0 100644
--- a/common/rfb/util.cxx
+++ b/common/rfb/util.cxx
@@ -99,6 +99,26 @@ namespace rfb {
return false;
}
+ std::vector<std::string> split(const char* src,
+ const char delimiter)
+ {
+ std::vector<std::string> out;
+ const char *start, *stop;
+
+ start = src;
+ do {
+ stop = strchr(start, delimiter);
+ if (stop == NULL) {
+ out.push_back(start);
+ } else {
+ out.push_back(std::string(start, stop-start));
+ start = stop + 1;
+ }
+ } while (stop != NULL);
+
+ return out;
+ }
+
bool strContains(const char* src, char c) {
int l=strlen(src);
for (int i=0; i<l; i++)
diff --git a/common/rfb/util.h b/common/rfb/util.h
index f0ac9ef..ed15c28 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -27,6 +27,9 @@
#include <limits.h>
#include <string.h>
+#include <string>
+#include <vector>
+
struct timeval;
#ifdef __GNUC__
@@ -76,6 +79,10 @@ namespace rfb {
// that part of the string. Obviously, setting both to 0 is not useful...
bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
+ // Splits a string with the specified delimiter
+ std::vector<std::string> split(const char* src,
+ const char delimiter);
+
// Returns true if src contains c
bool strContains(const char* src, char c);
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
index c36ae34..78db730 100644
--- a/unix/x0vncserver/x0vncserver.man
+++ b/unix/x0vncserver/x0vncserver.man
@@ -125,8 +125,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
index ea87dea..e9fb654 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -200,8 +200,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP

View File

@ -1,17 +0,0 @@
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
index f8141959..c5c36539 100644
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
if (strcmp(argv[i], "-inetd") == 0) {
int nullfd;
- dup2(0, 3);
- vncInetdSock = 3;
+ if ((vncInetdSock = dup(0)) == -1)
+ FatalError
+ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
+
/* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
replaced by /dev/null by OsInit() because the pollfd is not

View File

@ -1,6 +1,7 @@
diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac
--- xserver/configure.ac.xserver116-rebased 2016-09-29 13:14:45.595441590 +0200
+++ xserver/configure.ac 2016-09-29 13:14:45.631442006 +0200
diff --git a/configure.ac b/configure.ac
index 0909cc5b4..c01873200 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
AC_CONFIG_HEADERS(include/version-config.h)
@ -9,35 +10,30 @@ diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac
AC_PROG_LN_S
LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll])
@@ -1863,6 +1864,10 @@ if test "x$XVFB" = xyes; then
@@ -1735,6 +1736,14 @@ if test "x$XVFB" = xyes; then
AC_SUBST([XVFB_SYS_LIBS])
fi
+dnl Xvnc DDX
+AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
+
+PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no])
+if test "x$GBM" = xyes; then
+ AC_DEFINE(HAVE_GBM, 1, [Have GBM support])
+fi
dnl Xnest DDX
@@ -1898,6 +1903,8 @@ if test "x$XORG" = xauto; then
fi
AC_MSG_RESULT([$XORG])
@@ -2058,7 +2067,6 @@ if test "x$GLAMOR" = xyes; then
[AC_DEFINE(GLAMOR_HAS_EGL_QUERY_DRIVER, 1, [Have GLAMOR_HAS_EGL_QUERY_DRIVER])],
[])
+AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
+
if test "x$XORG" = xyes; then
XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
@@ -2116,7 +2123,6 @@ if test "x$XORG" = xyes; then
AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
@@ -2691,6 +2697,7 @@ hw/dmx/Makefile
- PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no])
if test "x$GBM" = xyes; then
AC_DEFINE(GLAMOR_HAS_GBM, 1,
[Build glamor with GBM-based EGL support])
@@ -2523,6 +2531,7 @@ hw/dmx/Makefile
hw/dmx/man/Makefile
hw/vfb/Makefile
hw/vfb/man/Makefile
@ -45,47 +41,98 @@ diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac
hw/xnest/Makefile
hw/xnest/man/Makefile
hw/xwin/Makefile
diff -up xserver/hw/Makefile.am.xserver116-rebased xserver/hw/Makefile.am
--- xserver/hw/Makefile.am.xserver116-rebased 2016-09-29 13:14:45.601441659 +0200
+++ xserver/hw/Makefile.am 2016-09-29 13:14:45.631442006 +0200
@@ -38,7 +38,8 @@ SUBDIRS = \
$(DMX_SUBDIRS) \
$(KDRIVE_SUBDIRS) \
$(XQUARTZ_SUBDIRS) \
- $(XWAYLAND_SUBDIRS)
+ $(XWAYLAND_SUBDIRS) \
+ vnc
diff --git a/dri3/Makefile.am b/dri3/Makefile.am
index e47a734e0..99c3718a5 100644
--- a/dri3/Makefile.am
+++ b/dri3/Makefile.am
@@ -1,7 +1,7 @@
noinst_LTLIBRARIES = libdri3.la
AM_CFLAGS = \
- -DHAVE_XORG_CONFIG_H \
- @DIX_CFLAGS@ @XORG_CFLAGS@
+ @DIX_CFLAGS@ \
+ @LIBDRM_CFLAGS@
DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
libdri3_la_SOURCES = \
dri3.h \
diff --git a/dri3/dri3.c b/dri3/dri3.c
index ba32facd7..191252969 100644
--- a/dri3/dri3.c
+++ b/dri3/dri3.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
diff --git xserver/mi/miinitext.c xserver/mi/miinitext.c
index 5596e21..003fc3c 100644
--- xserver/mi/miinitext.c
+++ xserver/mi/miinitext.c
@@ -107,8 +107,15 @@ SOFTWARE.
#include "os.h"
#include "globals.h"
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
+#ifdef TIGERVNC
+extern void vncExtensionInit(INITARGS);
+#endif
#include <drm_fourcc.h>
diff --git a/dri3/dri3_priv.h b/dri3/dri3_priv.h
index b087a9529..f319d1770 100644
--- a/dri3/dri3_priv.h
+++ b/dri3/dri3_priv.h
@@ -23,6 +23,7 @@
#ifndef _DRI3PRIV_H_
#define _DRI3PRIV_H_
+#include "dix-config.h"
#include <X11/X.h>
#include "scrnintstr.h"
#include "misc.h"
diff --git a/dri3/dri3_request.c b/dri3/dri3_request.c
index 958877efa..687168930 100644
--- a/dri3/dri3_request.c
+++ b/dri3/dri3_request.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
#include <syncsrv.h>
#include <unistd.h>
diff --git a/dri3/dri3_screen.c b/dri3/dri3_screen.c
index b98259753..3c7e5bf60 100644
--- a/dri3/dri3_screen.c
+++ b/dri3/dri3_screen.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
#include <syncsdk.h>
#include <misync.h>
diff --git a/hw/Makefile.am b/hw/Makefile.am
index 19895dc77..3ecfa8b7a 100644
--- a/hw/Makefile.am
+++ b/hw/Makefile.am
@@ -44,3 +44,5 @@ DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
relink:
$(AM_V_at)for i in $(SUBDIRS) ; do $(MAKE) -C $$i relink || exit 1 ; done
+
/* List of built-in (statically linked) extensions */
static const ExtensionModule staticExtensions[] = {
+#ifdef TIGERVNC
+ {vncExtensionInit, "VNC-EXTENSION", NULL},
+#endif
{GEExtensionInit, "Generic Event Extension", &noGEExtension},
{ShapeExtensionInit, "SHAPE", NULL},
#ifdef MITSHM
--- xserver/include/os.h~ 2016-10-03 09:07:29.000000000 +0200
+++ xserver/include/os.h 2016-10-03 14:13:00.013654506 +0200
@@ -621,7 +621,7 @@
extern _X_EXPORT void
LogClose(enum ExitCode error);
extern _X_EXPORT Bool
-LogSetParameter(LogParameter param, int value);
+LogSetParameter(enum _LogParameter param, int value);
extern _X_EXPORT void
LogVWrite(int verb, const char *f, va_list args)
_X_ATTRIBUTE_PRINTF(2, 0);
+SUBDIRS += vnc
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index f8fc67067..d53c4e72f 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -83,6 +83,9 @@
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
+/* Have GBM support */
+#undef HAVE_GBM
+
/* Define to 1 if you have the `getdtablesize' function. */
#undef HAVE_GETDTABLESIZE

View File

@ -4,8 +4,8 @@
%global modulename vncsession
Name: tigervnc
Version: 1.13.1
Release: 10%{?dist}
Version: 1.14.0
Release: 1%{?dist}
Summary: A TigerVNC remote display system
%global _hardened_build 1
@ -26,9 +26,6 @@ Patch1: tigervnc-use-gnome-as-default-session.patch
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
# Upstream patches
Patch50: tigervnc-support-username-alias-in-plainusers.patch
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
Patch52: tigervnc-add-option-to-force-view-only-remote-connections.patch
# Upstreamable patches
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
@ -76,11 +73,13 @@ BuildRequires: libXinerama-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
BuildRequires: libdrm-devel
BuildRequires: mesa-libgbm-devel
BuildRequires: libtool
BuildRequires: libxkbfile-devel
BuildRequires: libxshmfence-devel
BuildRequires: mesa-libGL-devel
BuildRequires: xorg-x11-font-utils
BuildRequires: pkgconfig(fontutil)
BuildRequires: pkgconfig(xkbcomp)
BuildRequires: xorg-x11-server-devel
BuildRequires: xorg-x11-server-source
BuildRequires: xorg-x11-util-macros
@ -188,21 +187,18 @@ for all in `find . -type f -perm -001`; do
chmod -x "$all"
done
# Xorg patches
%patch100 -p1 -b .xserver120-rebased
%patch101 -p1 -b .rpath
%patch -P100 -p1 -b .xserver120-rebased
%patch -P101 -p1 -b .rpath
popd
# Tigervnc patches
%patch1 -p1 -b .use-gnome-as-default-session
%patch2 -p1 -b .vncsession-restore-script-systemd-service
%patch -P1 -p1 -b .use-gnome-as-default-session
%patch -P2 -p1 -b .vncsession-restore-script-systemd-service
# Upstream patches
%patch50 -p1 -b .support-username-alias-in-plainusers
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
%patch52 -p1 -b .add-option-to-force-view-only-remote-connections
# Upstreamable patches
%patch80 -p1 -b .dont-get-pointer-position-for-floating-device
%patch -P80 -p1 -b .dont-get-pointer-position-for-floating-device
%build
%ifarch sparcv9 sparc64 s390 s390x
@ -235,11 +231,10 @@ autoreconf -fiv
--with-fontdir=%{_datadir}/X11/fonts \
--with-xkb-output=%{_localstatedir}/lib/xkb \
--enable-install-libxf86config \
--enable-glx --disable-dri --enable-dri2 --disable-dri3 \
--enable-glx --disable-dri --enable-dri2 --enable-dri3 \
--disable-unit-tests \
--disable-config-hal \
--disable-config-udev \
--with-dri-driver-path=%{_libdir}/dri \
--without-dtrace \
--disable-devel-docs \
--disable-selective-werror
@ -385,6 +380,10 @@ fi
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog
* Tue Jul 23 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.0-1
- 1.14.0
Resolves: RHEL-45316
* Tue May 28 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
- vncconfig: add option to force view-only remote client connections
Resolves: RHEL-12144