import tigervnc-1.10.1-7.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:59:22 -05:00 committed by Andrew Lukoshko
parent 11a5358b7a
commit 85151b63c1
29 changed files with 2552 additions and 3409 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/tigervnc-1.9.0.tar.gz
SOURCES/tigervnc-1.10.1.tar.gz

View File

@ -1 +1 @@
c56656c596fb863bb2c4b67fb62b4165011d181f SOURCES/tigervnc-1.9.0.tar.gz
34efc6e2e67be672dca38c10ce064bcb08adee9f SOURCES/tigervnc-1.10.1.tar.gz

View File

@ -0,0 +1,34 @@
From 920d9c4d6562ecabf79497bc901d50522d4bc661 Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Sat, 1 Feb 2020 11:08:26 +0100
Subject: [PATCH] xserver: add no-op input thread init function
This allows Xvnc to build with xorg-server 1.20.7, which requires OS
layers to implement a ddxInputThreadInit function when configured with
--enable-input-thread (the default).
relevant xorg-server commit: e3f26605d85d987da434640f52646d728f1fe919
---
unix/xserver/hw/vnc/Input.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/unix/xserver/hw/vnc/Input.c b/unix/xserver/hw/vnc/Input.c
index 534e435e..b342d4d6 100644
--- a/unix/xserver/hw/vnc/Input.c
+++ b/unix/xserver/hw/vnc/Input.c
@@ -711,3 +711,12 @@ static void vncKeysymKeyboardEvent(KeySym keysym, int down)
*/
mieqProcessInputEvents();
}
+
+#if INPUTTHREAD
+/** This function is called in Xserver/os/inputthread.c when starting
+ the input thread. */
+void
+ddxInputThreadInit(void)
+{
+}
+#endif
--
2.24.1

110
SOURCES/HOWTO.md Normal file
View File

@ -0,0 +1,110 @@
# What has changed
The previous Tigervnc versions had a wrapper script called `vncserver` which
could be run as a user manually to start *Xvnc* process. The usage was quite
simple as you just run
```
$ vncserver :x [vncserver options] [Xvnc options]
```
and that was it. While this was working just fine, there were issues when users
wanted to start a Tigervnc server using *systemd*. For these reasons things were
completely changed and there is now a new way how this all is supposed to work.
 # How to start Tigervnc server
 
## Add a user mapping
With this you can map a user to a particular port. The mapping should be done in
`/etc/tigervnc/vncserver.users` configuration file. It should be pretty
straightforward once you open the file as there are some examples, but basically
the mapping is in form
```
:x=user
```
For example you can have
```
:1=test
:2=vncuser
```
## Configure Xvnc options
To configure Xvnc parameters, you need to go to the same directory where you did
the user mapping and open `vncserver-config-defaults` configuration file. This
file is for the default Xvnc configuration and will be applied to every user
unless any of the following applies:
* The user has its own configuration in `$HOME/.vnc/config`
* The same option with different value is configured in
  `vncserver-config-mandatory` configuration file, which replaces the default
  configuration and has even a higher priority than the per-user configuration.
  This option is for system administrators when they want to force particular
  *Xvnc* options.
Format of the configuration file is also quite simple as the configuration is
in form of
```
option=value
option
```
for example
```
session=gnome
securitytypes=vncauth,tlsvnc
desktop=sandbox
geometry=2000x1200
localhost
alwaysshared
```
### Note:
There is one important option you need to set and that option is the session you
want to start. E.g when you want to start GNOME desktop, then you have to use
```
session=gnome
```
which should match the name of a session desktop file from `/usr/share/xsessions`
directory.
## Set VNC password
You need to set a password for each user in order to be able to start the
Tigervnc server. In order to create a password, you just run
```
$ vncpasswd
```
as the user you will be starting the server for.
### Note:
If you were using Tigervnc before for your user and you already created a
password, then you will have to make sure the `$HOME/.vnc` folder created by
`vncpasswd` will have the correct *SELinux* context. You either can delete this
folder and recreate it again by creating the password one more time, or
alternatively you can run
```
$ restorecon -RFv /home/<USER>/.vnc
```
## Start the Tigervnc server
Finally you can start the server using systemd service. To do so just run
```
$ systemctl start vncserver@:x
```
as root or
```
$ sudo systemctl start vncserver@:x
```
as a regular user in case it has permissions to run `sudo`. Don't forget to
replace the `:x` by the actual number you configured in the user mapping file.
Following our example by running
```
$ systemctl start vncserver@:1
```
you will start a Tigervnc server for user `test` with a GNOME session.
### Note:
If you were previously using Tigervnc and you were used to start it using
*systemd* then you will need to remove previous *systemd* configuration files,
those you most likely copied to `/etc/systemd/system/vncserver@.service`,
otherwise this service file will be preferred over the new one installed with
latest Tigervnc.
# Limitations
You will not be able to start a Tigervnc server for a user who is already
logged into a graphical session. Avoid running the server as the `root` user as
it's not a safe thing to do. While running the server as the `root` should work
in general, it's not recommended to do so and there might be some things which
are not working properly.

View File

@ -1,14 +0,0 @@
diff --git a/unix/vncserver b/unix/vncserver
index a6c890f..687ef72 100755
--- a/unix/vncserver
+++ b/unix/vncserver
@@ -208,7 +208,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
$displayNumber = $1;
shift(@ARGV);
if (!&CheckDisplayNumber($displayNumber)) {
- die "A VNC server is already running as :$displayNumber\n";
+ warn "A VNC server is already running as :$displayNumber\n";
+ $displayNumber = &GetDisplayNumber();
}
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
&Usage();

View File

@ -1,116 +0,0 @@
From d61a767d6842b530ffb532ddd5a3d233119aad40 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 10 Sep 2019 11:05:48 +0200
Subject: [PATCH] Make ZlibInStream more robust against failures
Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.
A malicious server could theoretically use this for remote code
execution in the client.
Issue found by Pavel Cheremushkin from Kaspersky Lab
---
common/rdr/ZlibInStream.cxx | 13 +++++++------
common/rdr/ZlibInStream.h | 2 +-
common/rfb/CMsgReader.cxx | 3 ++-
common/rfb/SMsgReader.cxx | 3 ++-
common/rfb/TightDecoder.cxx | 3 ++-
common/rfb/zrleDecode.h | 3 ++-
6 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/common/rdr/ZlibInStream.cxx b/common/rdr/ZlibInStream.cxx
index 4053bd1..a361010 100644
--- a/common/rdr/ZlibInStream.cxx
+++ b/common/rdr/ZlibInStream.cxx
@@ -52,16 +52,16 @@ int ZlibInStream::pos()
return offset + ptr - start;
}
-void ZlibInStream::removeUnderlying()
+void ZlibInStream::flushUnderlying()
{
ptr = end = start;
- if (!underlying) return;
while (bytesIn > 0) {
decompress(true);
end = start; // throw away any data
}
- underlying = 0;
+
+ setUnderlying(NULL, 0);
}
void ZlibInStream::reset()
@@ -90,7 +90,7 @@ void ZlibInStream::init()
void ZlibInStream::deinit()
{
assert(zs != NULL);
- removeUnderlying();
+ setUnderlying(NULL, 0);
inflateEnd(zs);
delete zs;
zs = NULL;
@@ -100,8 +100,6 @@ int ZlibInStream::overrun(int itemSize, int nItems, bool wait)
{
if (itemSize > bufSize)
throw Exception("ZlibInStream overrun: max itemSize exceeded");
- if (!underlying)
- throw Exception("ZlibInStream overrun: no underlying stream");
if (end - ptr != 0)
memmove(start, ptr, end - ptr);
@@ -127,6 +125,9 @@ int ZlibInStream::overrun(int itemSize, int nItems, bool wait)
bool ZlibInStream::decompress(bool wait)
{
+ if (!underlying)
+ throw Exception("ZlibInStream overrun: no underlying stream");
+
zs->next_out = (U8*)end;
zs->avail_out = start + bufSize - end;
diff --git a/common/rdr/ZlibInStream.h b/common/rdr/ZlibInStream.h
index 6bd4da4..86ba1ff 100644
--- a/common/rdr/ZlibInStream.h
+++ b/common/rdr/ZlibInStream.h
@@ -38,7 +38,7 @@ namespace rdr {
virtual ~ZlibInStream();
void setUnderlying(InStream* is, int bytesIn);
- void removeUnderlying();
+ void flushUnderlying();
int pos();
void reset();
diff --git a/common/rfb/TightDecoder.cxx b/common/rfb/TightDecoder.cxx
index 3a1254a..4273eb7 100644
--- a/common/rfb/TightDecoder.cxx
+++ b/common/rfb/TightDecoder.cxx
@@ -340,7 +340,8 @@ void TightDecoder::decodeRect(const Rect& r, const void* buffer,
zis[streamId].readBytes(netbuf, dataSize);
- zis[streamId].removeUnderlying();
+ zis[streamId].flushUnderlying();
+ zis[streamId].setUnderlying(NULL, 0);
delete ms;
bufptr = netbuf;
diff --git a/common/rfb/zrleDecode.h b/common/rfb/zrleDecode.h
index 0bfbbe1..a69ca67 100644
--- a/common/rfb/zrleDecode.h
+++ b/common/rfb/zrleDecode.h
@@ -178,7 +178,8 @@ void ZRLE_DECODE (const Rect& r, rdr::InStream* is,
}
}
- zis->removeUnderlying();
+ zis->flushUnderlying();
+ zis->setUnderlying(NULL, 0);
}
#undef ZRLE_DECODE

View File

@ -1,71 +0,0 @@
From 996356b6c65ca165ee1ea46a571c32a1dc3c3821 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 10 Sep 2019 15:21:03 +0200
Subject: [PATCH] Restrict PixelBuffer dimensions to safe values
We do a lot of calculations based on pixel coordinates and we need
to make sure they do not overflow. Restrict the maximum dimensions
we support rather than try to switch over all calculations to use
64 bit integers.
This prevents attackers from from injecting code by specifying a
huge framebuffer size and relying on the values overflowing to
access invalid areas of the heap.
This primarily affects the client which gets both the screen
dimensions and the pixel contents from the remote side. But the
server might also be affected as a client can adjust the screen
dimensions, as can applications inside the session.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
---
common/rfb/PixelBuffer.cxx | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/common/rfb/PixelBuffer.cxx b/common/rfb/PixelBuffer.cxx
index ad58324..18f41f8 100644
--- a/common/rfb/PixelBuffer.cxx
+++ b/common/rfb/PixelBuffer.cxx
@@ -31,6 +31,14 @@ using namespace rdr;
static LogWriter vlog("PixelBuffer");
+// We do a lot of byte offset calculations that assume the result fits
+// inside a signed 32 bit integer. Limit the maximum size of pixel
+// buffers so that these calculations never overflow.
+
+const int maxPixelBufferWidth = 16384;
+const int maxPixelBufferHeight = 16384;
+const int maxPixelBufferStride = 16384;
+
// -=- Generic pixel buffer class
@@ -108,6 +116,11 @@ void PixelBuffer::getImage(const PixelFormat& pf, void* imageBuf,
void PixelBuffer::setSize(int width, int height)
{
+ if ((width < 0) || (width > maxPixelBufferWidth))
+ throw rfb::Exception("Invalid PixelBuffer width of %d pixels requested", width);
+ if ((height < 0) || (height > maxPixelBufferHeight))
+ throw rfb::Exception("Invalid PixelBuffer height of %d pixels requested", height);
+
width_ = width;
height_ = height;
}
@@ -337,6 +350,15 @@ const rdr::U8* FullFramePixelBuffer::getBuffer(const Rect& r, int* stride_) cons
void FullFramePixelBuffer::setBuffer(int width, int height,
rdr::U8* data_, int stride_)
{
+ if ((width < 0) || (width > maxPixelBufferWidth))
+ throw rfb::Exception("Invalid PixelBuffer width of %d pixels requested", width);
+ if ((height < 0) || (height > maxPixelBufferHeight))
+ throw rfb::Exception("Invalid PixelBuffer height of %d pixels requested", height);
+ if ((stride_ < 0) || (stride_ > maxPixelBufferStride) || (stride_ < width))
+ throw rfb::Exception("Invalid PixelBuffer stride of %d pixels requested", stride_);
+ if ((width != 0) && (height != 0) && (data_ == NULL))
+ throw rfb::Exception("PixelBuffer requested without a valid memory area");
+
ModifiablePixelBuffer::setSize(width, height);
stride = stride_;
data = data_;

View File

@ -1,75 +0,0 @@
From b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 10 Sep 2019 15:36:42 +0200
Subject: [PATCH] Handle empty Tight gradient rects
We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.
This could theoretically be used by a malicious server to inject
code in to the viewer process.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
---
common/rfb/tightDecode.h | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
diff --git a/common/rfb/tightDecode.h b/common/rfb/tightDecode.h
index b6e86ed5e..8f77aebd0 100644
--- a/common/rfb/tightDecode.h
+++ b/common/rfb/tightDecode.h
@@ -56,15 +56,17 @@ TightDecoder::FilterGradient24(const rdr::U8 *inbuf,
int rectWidth = r.width();
for (y = 0; y < rectHeight; y++) {
- /* First pixel in a row */
- for (c = 0; c < 3; c++) {
- pix[c] = inbuf[y*rectWidth*3+c] + prevRow[c];
- thisRow[c] = pix[c];
- }
- pf.bufferFromRGB((rdr::U8*)&outbuf[y*stride], pix, 1);
+ for (x = 0; x < rectWidth; x++) {
+ /* First pixel in a row */
+ if (x == 0) {
+ for (c = 0; c < 3; c++) {
+ pix[c] = inbuf[y*rectWidth*3+c] + prevRow[c];
+ thisRow[c] = pix[c];
+ }
+ pf.bufferFromRGB((rdr::U8*)&outbuf[y*stride], pix, 1);
+ continue;
+ }
- /* Remaining pixels of a row */
- for (x = 1; x < rectWidth; x++) {
for (c = 0; c < 3; c++) {
est[c] = prevRow[x*3+c] + pix[c] - prevRow[(x-1)*3+c];
if (est[c] > 0xff) {
@@ -103,17 +105,20 @@ void TightDecoder::FilterGradient(const rdr::U8* inbuf,
int rectWidth = r.width();
for (y = 0; y < rectHeight; y++) {
- /* First pixel in a row */
- pf.rgbFromBuffer(pix, &inbuf[y*rectWidth], 1);
- for (c = 0; c < 3; c++)
- pix[c] += prevRow[c];
+ for (x = 0; x < rectWidth; x++) {
+ /* First pixel in a row */
+ if (x == 0) {
+ pf.rgbFromBuffer(pix, &inbuf[y*rectWidth], 1);
+ for (c = 0; c < 3; c++)
+ pix[c] += prevRow[c];
- memcpy(thisRow, pix, sizeof(pix));
+ memcpy(thisRow, pix, sizeof(pix));
- pf.bufferFromRGB((rdr::U8*)&outbuf[y*stride], pix, 1);
+ pf.bufferFromRGB((rdr::U8*)&outbuf[y*stride], pix, 1);
+
+ continue;
+ }
- /* Remaining pixels of a row */
- for (x = 1; x < rectWidth; x++) {
for (c = 0; c < 3; c++) {
est[c] = prevRow[x*3+c] + pix[c] - prevRow[(x-1)*3+c];
if (est[c] > 255) {

File diff suppressed because it is too large Load Diff

View File

@ -1,17 +0,0 @@
diff --git a/common/rfb/PixelFormat.cxx b/common/rfb/PixelFormat.cxx
index a9d015d..896f4e5 100644
--- a/common/rfb/PixelFormat.cxx
+++ b/common/rfb/PixelFormat.cxx
@@ -200,6 +200,12 @@ bool PixelFormat::is888(void) const
return false;
if (blueMax != 255)
return false;
+ if ((redShift & 0x7) != 0)
+ return false;
+ if ((greenShift & 0x7) != 0)
+ return false;
+ if ((blueShift & 0x7) != 0)
+ return false;
return true;
}

View File

@ -1,51 +0,0 @@
From 9f615301aba1cc54a749950bf9462c5a85217bc4 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 10 Sep 2019 15:25:30 +0200
Subject: [PATCH] Add write protection to OffsetPixelBuffer
No one should every try to write to this buffer. Enforce that by
throwing an exception if any one tries to get a writeable pointer
to the data.
---
common/rfb/EncodeManager.cxx | 6 ++++++
common/rfb/EncodeManager.h | 3 +++
2 files changed, 9 insertions(+)
diff --git a/common/rfb/EncodeManager.cxx b/common/rfb/EncodeManager.cxx
index 1653cea..66ba432 100644
--- a/common/rfb/EncodeManager.cxx
+++ b/common/rfb/EncodeManager.cxx
@@ -24,6 +24,7 @@
#include <rfb/SMsgWriter.h>
#include <rfb/UpdateTracker.h>
#include <rfb/LogWriter.h>
+#include <rfb/Exception.h>
#include <rfb/RawEncoder.h>
#include <rfb/RREEncoder.h>
@@ -895,6 +896,11 @@ void EncodeManager::OffsetPixelBuffer::update(const PixelFormat& pf,
setBuffer(width, height, (rdr::U8*)data_, stride_);
}
+rdr::U8* EncodeManager::OffsetPixelBuffer::getBufferRW(const Rect& r, int* stride)
+{
+ throw rfb::Exception("Invalid write attempt to OffsetPixelBuffer");
+}
+
// Preprocessor generated, optimised methods
#define BPP 8
diff --git a/common/rfb/EncodeManager.h b/common/rfb/EncodeManager.h
index 79db950..7d47420 100644
--- a/common/rfb/EncodeManager.h
+++ b/common/rfb/EncodeManager.h
@@ -124,6 +124,9 @@ namespace rfb {
void update(const PixelFormat& pf, int width, int height,
const rdr::U8* data_, int stride);
+
+ private:
+ virtual rdr::U8* getBufferRW(const Rect& r, int* stride);
};
OffsetPixelBuffer offsetPixelBuffer;

View File

@ -1,355 +0,0 @@
From 75e6e0653a48baf474fd45d78b1da53e2f324642 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 24 Sep 2019 09:41:07 +0200
Subject: [PATCH] Be defensive about overflows in stream objects
We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.
This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
---
common/rdr/FdInStream.cxx | 8 +++++---
common/rdr/FdOutStream.cxx | 7 ++++---
common/rdr/FileInStream.cxx | 8 +++++---
common/rdr/HexInStream.cxx | 8 +++++---
common/rdr/HexOutStream.cxx | 6 ++++--
common/rdr/InStream.h | 24 +++++++++++++-----------
common/rdr/MemOutStream.h | 4 ++++
common/rdr/OutStream.h | 24 +++++++++++++-----------
common/rdr/RandomStream.cxx | 6 ++++--
common/rdr/TLSInStream.cxx | 10 ++++++----
common/rdr/TLSOutStream.cxx | 6 ++++--
common/rdr/ZlibInStream.cxx | 6 ++++--
common/rdr/ZlibOutStream.cxx | 6 ++++--
13 files changed, 75 insertions(+), 48 deletions(-)
diff --git a/common/rdr/FdInStream.cxx b/common/rdr/FdInStream.cxx
index 789cbec..406ece5 100644
--- a/common/rdr/FdInStream.cxx
+++ b/common/rdr/FdInStream.cxx
@@ -136,7 +136,7 @@ size_t FdInStream::overrun(size_t itemSize, size_t nItems, bool wait)
ptr = start;
size_t bytes_to_read;
- while (end < start + itemSize) {
+ while ((size_t)(end - start) < itemSize) {
bytes_to_read = start + bufSize - end;
if (!timing) {
// When not timing, we must be careful not to read too much
@@ -152,8 +152,10 @@ size_t FdInStream::overrun(size_t itemSize, size_t nItems, bool wait)
end += n;
}
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/FdOutStream.cxx b/common/rdr/FdOutStream.cxx
index 1757dc3..f5d07e4 100644
--- a/common/rdr/FdOutStream.cxx
+++ b/common/rdr/FdOutStream.cxx
@@ -149,9 +149,10 @@ size_t FdOutStream::overrun(size_t itemSize, size_t nItems)
}
}
- // Can we fit all the items asked for?
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/FileInStream.cxx b/common/rdr/FileInStream.cxx
index 94f5db8..bdb05a3 100644
--- a/common/rdr/FileInStream.cxx
+++ b/common/rdr/FileInStream.cxx
@@ -68,7 +68,7 @@ size_t FileInStream::overrun(size_t itemSize, size_t nItems, bool wait)
ptr = b;
- while (end < b + itemSize) {
+ while ((size_t)(end - b) < itemSize) {
size_t n = fread((U8 *)end, b + sizeof(b) - end, 1, file);
if (n == 0) {
if (ferror(file))
@@ -80,8 +80,10 @@ size_t FileInStream::overrun(size_t itemSize, size_t nItems, bool wait)
end += b + sizeof(b) - end;
}
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/HexInStream.cxx b/common/rdr/HexInStream.cxx
index 8f93988..a6bc92c 100644
--- a/common/rdr/HexInStream.cxx
+++ b/common/rdr/HexInStream.cxx
@@ -91,7 +91,7 @@ size_t HexInStream::overrun(size_t itemSize, size_t nItems, bool wait) {
offset += ptr - start;
ptr = start;
- while (end < ptr + itemSize) {
+ while ((size_t)(end - ptr) < itemSize) {
size_t n = in_stream.check(2, 1, wait);
if (n == 0) return 0;
const U8* iptr = in_stream.getptr();
@@ -110,8 +110,10 @@ size_t HexInStream::overrun(size_t itemSize, size_t nItems, bool wait) {
end += length;
}
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/HexOutStream.cxx b/common/rdr/HexOutStream.cxx
index 7232514..eac2eff 100644
--- a/common/rdr/HexOutStream.cxx
+++ b/common/rdr/HexOutStream.cxx
@@ -102,8 +102,10 @@ HexOutStream::overrun(size_t itemSize, size_t nItems) {
writeBuffer();
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/InStream.h b/common/rdr/InStream.h
index 14ecf09..f71a4d9 100644
--- a/common/rdr/InStream.h
+++ b/common/rdr/InStream.h
@@ -43,12 +43,15 @@ namespace rdr {
inline size_t check(size_t itemSize, size_t nItems=1, bool wait=true)
{
- if (ptr + itemSize * nItems > end) {
- if (ptr + itemSize > end)
- return overrun(itemSize, nItems, wait);
+ size_t nAvail;
+
+ if (itemSize > (size_t)(end - ptr))
+ return overrun(itemSize, nItems, wait);
+
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
- nItems = (end - ptr) / itemSize;
- }
return nItems;
}
@@ -93,13 +96,12 @@ namespace rdr {
// readBytes() reads an exact number of bytes.
void readBytes(void* data, size_t length) {
- U8* dataPtr = (U8*)data;
- U8* dataEnd = dataPtr + length;
- while (dataPtr < dataEnd) {
- size_t n = check(1, dataEnd - dataPtr);
- memcpy(dataPtr, ptr, n);
+ while (length > 0) {
+ size_t n = check(1, length);
+ memcpy(data, ptr, n);
ptr += n;
- dataPtr += n;
+ data = (U8*)data + n;
+ length -= n;
}
}
diff --git a/common/rdr/MemOutStream.h b/common/rdr/MemOutStream.h
index 4a815b3..b56bac3 100644
--- a/common/rdr/MemOutStream.h
+++ b/common/rdr/MemOutStream.h
@@ -23,6 +23,7 @@
#ifndef __RDR_MEMOUTSTREAM_H__
#define __RDR_MEMOUTSTREAM_H__
+#include <rdr/Exception.h>
#include <rdr/OutStream.h>
namespace rdr {
@@ -65,6 +66,9 @@ namespace rdr {
if (len < (size_t)(end - start) * 2)
len = (end - start) * 2;
+ if (len < (size_t)(end - start))
+ throw Exception("Overflow in MemOutStream::overrun()");
+
U8* newStart = new U8[len];
memcpy(newStart, start, ptr - start);
ptr = newStart + (ptr - start);
diff --git a/common/rdr/OutStream.h b/common/rdr/OutStream.h
index 11aafd2..0f60ccc 100644
--- a/common/rdr/OutStream.h
+++ b/common/rdr/OutStream.h
@@ -46,12 +46,15 @@ namespace rdr {
inline size_t check(size_t itemSize, size_t nItems=1)
{
- if (ptr + itemSize * nItems > end) {
- if (ptr + itemSize > end)
- return overrun(itemSize, nItems);
+ size_t nAvail;
+
+ if (itemSize > (size_t)(end - ptr))
+ return overrun(itemSize, nItems);
+
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
- nItems = (end - ptr) / itemSize;
- }
return nItems;
}
@@ -91,13 +94,12 @@ namespace rdr {
// writeBytes() writes an exact number of bytes.
void writeBytes(const void* data, size_t length) {
- const U8* dataPtr = (const U8*)data;
- const U8* dataEnd = dataPtr + length;
- while (dataPtr < dataEnd) {
- size_t n = check(1, dataEnd - dataPtr);
- memcpy(ptr, dataPtr, n);
+ while (length > 0) {
+ size_t n = check(1, length);
+ memcpy(ptr, data, n);
ptr += n;
- dataPtr += n;
+ data = (U8*)data + n;
+ length -= n;
}
}
diff --git a/common/rdr/RandomStream.cxx b/common/rdr/RandomStream.cxx
index 7681095..6c64ac5 100644
--- a/common/rdr/RandomStream.cxx
+++ b/common/rdr/RandomStream.cxx
@@ -123,8 +123,10 @@ size_t RandomStream::overrun(size_t itemSize, size_t nItems, bool wait) {
*(U8*)end++ = (int) (256.0*rand()/(RAND_MAX+1.0));
}
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/TLSInStream.cxx b/common/rdr/TLSInStream.cxx
index d0f9426..3e1172f 100644
--- a/common/rdr/TLSInStream.cxx
+++ b/common/rdr/TLSInStream.cxx
@@ -43,7 +43,7 @@ ssize_t TLSInStream::pull(gnutls_transport_ptr_t str, void* data, size_t size)
return -1;
}
- if (in->getend() - in->getptr() < (ptrdiff_t)size)
+ if ((size_t)(in->getend() - in->getptr()) < size)
size = in->getend() - in->getptr();
in->readBytes(data, size);
@@ -92,15 +92,17 @@ size_t TLSInStream::overrun(size_t itemSize, size_t nItems, bool wait)
end -= ptr - start;
ptr = start;
- while (end < start + itemSize) {
+ while ((size_t)(end - start) < itemSize) {
size_t n = readTLS((U8*) end, start + bufSize - end, wait);
if (!wait && n == 0)
return 0;
end += n;
}
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/TLSOutStream.cxx b/common/rdr/TLSOutStream.cxx
index 30c456f..7d7c3b5 100644
--- a/common/rdr/TLSOutStream.cxx
+++ b/common/rdr/TLSOutStream.cxx
@@ -100,8 +100,10 @@ size_t TLSOutStream::overrun(size_t itemSize, size_t nItems)
flush();
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/ZlibInStream.cxx b/common/rdr/ZlibInStream.cxx
index e2f971c..9fcfaf6 100644
--- a/common/rdr/ZlibInStream.cxx
+++ b/common/rdr/ZlibInStream.cxx
@@ -113,8 +113,10 @@ size_t ZlibInStream::overrun(size_t itemSize, size_t nItems, bool wait)
return 0;
}
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}
diff --git a/common/rdr/ZlibOutStream.cxx b/common/rdr/ZlibOutStream.cxx
index 4e7ffd6..5e158bf 100644
--- a/common/rdr/ZlibOutStream.cxx
+++ b/common/rdr/ZlibOutStream.cxx
@@ -127,8 +127,10 @@ size_t ZlibOutStream::overrun(size_t itemSize, size_t nItems)
}
}
- if (itemSize * nItems > (size_t)(end - ptr))
- nItems = (end - ptr) / itemSize;
+ size_t nAvail;
+ nAvail = (end - ptr) / itemSize;
+ if (nAvail < nItems)
+ return nAvail;
return nItems;
}

View File

@ -1,312 +0,0 @@
diff --git a/common/network/TcpSocket.cxx b/common/network/TcpSocket.cxx
index 51d77c76..9e277cbb 100644
--- a/common/network/TcpSocket.cxx
+++ b/common/network/TcpSocket.cxx
@@ -736,7 +736,7 @@ char* TcpFilter::patternToStr(const TcpFilter::Pattern& p) {
buffer + 1, sizeof (buffer) - 2, NULL, 0, NI_NUMERICHOST);
strcat(buffer, "]");
addr.buf = rfb::strDup(buffer);
- } else if (p.address.u.sa.sa_family == AF_UNSPEC)
+ } else
addr.buf = rfb::strDup("");
char action;
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index e1a31f78..d268202b 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -95,9 +95,9 @@ void CSecurityTLS::setDefaults()
delete [] homeDir;
if (!fileexists(caDefault.buf))
- X509CA.setDefaultStr(strdup(caDefault.buf));
+ X509CA.setDefaultStr(caDefault.buf);
if (!fileexists(crlDefault.buf))
- X509CRL.setDefaultStr(strdup(crlDefault.buf));
+ X509CRL.setDefaultStr(crlDefault.buf);
}
void CSecurityTLS::shutdown(bool needbye)
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index 6d48b65c..6f72432a 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -41,7 +41,7 @@ StringParameter PasswordValidator::plainUsers
bool PasswordValidator::validUser(const char* username)
{
- CharArray users(strDup(plainUsers.getValueStr())), user;
+ CharArray users(plainUsers.getValueStr()), user;
while (users.buf) {
strSplit(users.buf, ',', &user.buf, &users.buf);
diff --git a/unix/tx/TXWindow.cxx b/unix/tx/TXWindow.cxx
index a6819179..6129840e 100644
--- a/unix/tx/TXWindow.cxx
+++ b/unix/tx/TXWindow.cxx
@@ -24,6 +24,7 @@
#include <list>
#include <stdio.h>
#include <stdlib.h>
+#include <vector>
#include <rfb/util.h>
std::list<TXWindow*> windows;
@@ -132,20 +133,20 @@ TXGlobalEventHandler* TXWindow::setGlobalEventHandler(TXGlobalEventHandler* h)
void TXWindow::getColours(Display* dpy, XColor* cols, int nCols)
{
- bool* got = new bool[nCols];
+ std::vector<bool> got;
+
bool failed = false;
int i;
for (i = 0; i < nCols; i++) {
if (XAllocColor(dpy, cmap, &cols[i])) {
- got[i] = true;
+ got.push_back(true);
} else {
- got[i] = false;
+ got.push_back(false);
failed = true;
}
}
if (!failed) {
- delete [] got;
return;
}
@@ -168,12 +169,13 @@ void TXWindow::getColours(Display* dpy, XColor* cols, int nCols)
int cmapSize = DisplayCells(dpy,DefaultScreen(dpy));
XColor* cm = new XColor[cmapSize];
- bool* shared = new bool[cmapSize];
- bool* usedAsNearest = new bool[cmapSize];
+ std::vector<bool> shared;
+ std::vector<bool> usedAsNearest;
for (i = 0; i < cmapSize; i++) {
cm[i].pixel = i;
- shared[i] = usedAsNearest[i] = false;
+ shared.push_back(false);
+ usedAsNearest.push_back(false);
}
XQueryColors(dpy, cmap, cm, cmapSize);
diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
index 8bd4e48e..3055223e 100644
--- a/unix/vncpasswd/vncpasswd.cxx
+++ b/unix/vncpasswd/vncpasswd.cxx
@@ -134,7 +134,7 @@ int main(int argc, char** argv)
} else if (argv[i][0] == '-') {
usage();
} else if (!fname) {
- fname = argv[i];
+ fname = strDup(argv[i]);
} else {
usage();
}
@@ -165,24 +165,37 @@ int main(int argc, char** argv)
FILE* fp = fopen(fname,"w");
if (!fp) {
fprintf(stderr,"Couldn't open %s for writing\n",fname);
+ delete [] fname;
+ delete obfuscated;
+ delete obfuscatedReadOnly;
exit(1);
}
chmod(fname, S_IRUSR|S_IWUSR);
if (fwrite(obfuscated->buf, obfuscated->length, 1, fp) != 1) {
fprintf(stderr,"Writing to %s failed\n",fname);
+ delete [] fname;
+ delete obfuscated;
+ delete obfuscatedReadOnly;
exit(1);
}
+ delete obfuscated;
+
if (obfuscatedReadOnly) {
if (fwrite(obfuscatedReadOnly->buf, obfuscatedReadOnly->length, 1, fp) != 1) {
fprintf(stderr,"Writing to %s failed\n",fname);
+ delete [] fname;
+ delete obfuscatedReadOnly;
exit(1);
}
}
fclose(fp);
+ delete [] fname;
+ delete obfuscatedReadOnly;
+
return 0;
}
}
diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc
index d6f6b742..7ca71d94 100644
--- a/unix/xserver/hw/vnc/vncExtInit.cc
+++ b/unix/xserver/hw/vnc/vncExtInit.cc
@@ -184,7 +184,7 @@ void vncExtensionInit(void)
listeners.push_back(new network::TcpListener(vncInetdSock));
vlog.info("inetd wait");
}
- } else if (rfbunixpath.getValueStr()[0] != '\0') {
+ } else if (((const char*)rfbunixpath)[0] != '\0') {
char path[PATH_MAX];
int mode = (int)rfbunixmode;
@@ -192,7 +192,7 @@ void vncExtensionInit(void)
strncpy(path, rfbunixpath, sizeof(path));
else
snprintf(path, sizeof(path), "%s.%d",
- rfbunixpath.getValueStr(), scr);
+ (const char*)rfbunixpath, scr);
path[sizeof(path)-1] = '\0';
listeners.push_back(new network::UnixListener(path, mode));
diff --git a/unix/xserver/hw/vnc/vncSelection.c b/unix/xserver/hw/vnc/vncSelection.c
index 51dfd9c6..4f3538d4 100644
--- a/unix/xserver/hw/vnc/vncSelection.c
+++ b/unix/xserver/hw/vnc/vncSelection.c
@@ -105,7 +105,7 @@ void vncClientCutText(const char* str, int len)
LOG_ERROR("Could not set PRIMARY selection");
}
- vncOwnSelection(xaCLIPBOARD);
+ rc = vncOwnSelection(xaCLIPBOARD);
if (rc != Success)
LOG_ERROR("Could not set CLIPBOARD selection");
}
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
index 3b4d2f31..c845ebc4 100644
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@@ -766,10 +766,13 @@ vfbUninstallColormap(ColormapPtr pmap)
curpmap = (ColormapPtr) LookupIDByType(pmap->pScreen->defColormap,
RT_COLORMAP);
#else
- dixLookupResourceByType((void * *) &curpmap, pmap->pScreen->defColormap,
- RT_COLORMAP, serverClient, DixUnknownAccess);
+ int rc = dixLookupResourceByType((void * *) &curpmap, pmap->pScreen->defColormap,
+ RT_COLORMAP, serverClient, DixUnknownAccess);
+ if (rc != Success)
+ ErrorF("Failed to uninstall color map\n");
+ else
#endif
- (*pmap->pScreen->InstallColormap)(curpmap);
+ (*pmap->pScreen->InstallColormap)(curpmap);
}
}
}
diff --git a/vncviewer/DesktopWindow.cxx b/vncviewer/DesktopWindow.cxx
index d070b648..1843485a 100644
--- a/vncviewer/DesktopWindow.cxx
+++ b/vncviewer/DesktopWindow.cxx
@@ -103,12 +103,12 @@ DesktopWindow::DesktopWindow(int w, int h, const char *name,
int geom_x = 0, geom_y = 0;
if (strcmp(geometry, "") != 0) {
int matched;
- matched = sscanf(geometry.getValueStr(), "+%d+%d", &geom_x, &geom_y);
+ matched = sscanf((const char*)geometry, "+%d+%d", &geom_x, &geom_y);
if (matched == 2) {
force_position(1);
} else {
int geom_w, geom_h;
- matched = sscanf(geometry.getValueStr(), "%dx%d+%d+%d", &geom_w, &geom_h, &geom_x, &geom_y);
+ matched = sscanf((const char*)geometry, "%dx%d+%d+%d", &geom_w, &geom_h, &geom_x, &geom_y);
switch (matched) {
case 4:
force_position(1);
diff --git a/vncviewer/OptionsDialog.cxx b/vncviewer/OptionsDialog.cxx
index b018c95b..62b5d9c5 100644
--- a/vncviewer/OptionsDialog.cxx
+++ b/vncviewer/OptionsDialog.cxx
@@ -282,7 +282,7 @@ void OptionsDialog::loadOptions(void)
/* Screen */
int width, height;
- if (sscanf(desktopSize.getValueStr(), "%dx%d", &width, &height) != 2) {
+ if (sscanf((const char*)desktopSize, "%dx%d", &width, &height) != 2) {
desktopSizeCheckbox->value(false);
desktopWidthInput->value("1024");
desktopHeightInput->value("768");
diff --git a/vncviewer/ServerDialog.cxx b/vncviewer/ServerDialog.cxx
index de67f87b..fec17896 100644
--- a/vncviewer/ServerDialog.cxx
+++ b/vncviewer/ServerDialog.cxx
@@ -150,7 +150,7 @@ void ServerDialog::handleLoad(Fl_Widget *widget, void *data)
return;
}
- const char* filename = strdup(file_chooser->value());
+ const char* filename = file_chooser->value();
try {
dialog->serverName->value(loadViewerParameters(filename));
@@ -165,8 +165,8 @@ void ServerDialog::handleLoad(Fl_Widget *widget, void *data)
void ServerDialog::handleSaveAs(Fl_Widget *widget, void *data)
{
ServerDialog *dialog = (ServerDialog*)data;
- const char* servername = strdup(dialog->serverName->value());
- char* filename;
+ const char* servername = dialog->serverName->value();
+ const char* filename;
Fl_File_Chooser* file_chooser = new Fl_File_Chooser("", _("TigerVNC configuration (*.tigervnc)"),
2, _("Save the TigerVNC configuration to file"));
@@ -187,7 +187,7 @@ void ServerDialog::handleSaveAs(Fl_Widget *widget, void *data)
return;
}
- filename = strdup(file_chooser->value());
+ filename = file_chooser->value();
FILE* f = fopen(filename, "r");
if (f) {
@@ -235,7 +235,7 @@ void ServerDialog::handleCancel(Fl_Widget *widget, void *data)
void ServerDialog::handleConnect(Fl_Widget *widget, void *data)
{
ServerDialog *dialog = (ServerDialog*)data;
- const char* servername = strdup(dialog->serverName->value());
+ const char* servername = dialog->serverName->value();
dialog->hide();
diff --git a/vncviewer/parameters.cxx b/vncviewer/parameters.cxx
index 51cce3d7..94cc1b05 100644
--- a/vncviewer/parameters.cxx
+++ b/vncviewer/parameters.cxx
@@ -499,6 +499,7 @@ void saveViewerParameters(const char *filename, const char *servername) {
}
snprintf(filepath, sizeof(filepath), "%sdefault.tigervnc", homeDir);
+ free(homeDir);
} else {
snprintf(filepath, sizeof(filepath), "%s", filename);
}
@@ -555,6 +556,7 @@ char* loadViewerParameters(const char *filename) {
"can't obtain home directory path."));
snprintf(filepath, sizeof(filepath), "%sdefault.tigervnc", homeDir);
+ free(homeDir);
} else {
snprintf(filepath, sizeof(filepath), "%s", filename);
}
diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
index f076565f..a9d4dfea 100644
--- a/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx
@@ -470,9 +470,9 @@ static int mktunnel()
int localPort = findFreeTcpPort();
int remotePort;
- gatewayHost = strDup(via.getValueStr());
if (interpretViaParam(remoteHost, &remotePort, localPort) != 0)
return 1;
+ gatewayHost = (const char*)via;
createTunnel(gatewayHost, remoteHost, remotePort, localPort);
return 0;

View File

@ -1,526 +0,0 @@
From 53f913a76196c7357d4858bfbf2c33caa9181bae Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 10 Sep 2019 15:18:30 +0200
Subject: [PATCH] Encapsulate PixelBuffer internal details
Don't allow subclasses to just override dimensions or buffer details
directly and instead force them to go via methods. This allows us
to do sanity checks on the new values and catch bugs and attacks.
---
common/rfb/Cursor.cxx | 3 +-
common/rfb/EncodeManager.cxx | 5 +-
common/rfb/PixelBuffer.cxx | 103 ++++++++++++++++----------
common/rfb/PixelBuffer.h | 17 +++--
unix/x0vncserver/XPixelBuffer.cxx | 9 +--
unix/xserver/hw/vnc/XserverDesktop.cc | 24 +++---
unix/xserver/hw/vnc/XserverDesktop.h | 2 +-
vncviewer/PlatformPixelBuffer.cxx | 9 +--
win/rfb_win32/DIBSectionBuffer.cxx | 41 ++++------
9 files changed, 111 insertions(+), 102 deletions(-)
diff --git a/common/rfb/Cursor.cxx b/common/rfb/Cursor.cxx
index 99df82d..7f3fc9a 100644
--- a/common/rfb/Cursor.cxx
+++ b/common/rfb/Cursor.cxx
@@ -271,8 +271,7 @@ void RenderedCursor::update(PixelBuffer* framebuffer,
assert(cursor);
format = framebuffer->getPF();
- width_ = framebuffer->width();
- height_ = framebuffer->height();
+ setSize(framebuffer->width(), framebuffer->height());
rawOffset = pos.subtract(cursor->hotspot());
clippedRect = Rect(0, 0, cursor->width(), cursor->height())
diff --git a/common/rfb/EncodeManager.cxx b/common/rfb/EncodeManager.cxx
index 0ce611e..11f31d3 100644
--- a/common/rfb/EncodeManager.cxx
+++ b/common/rfb/EncodeManager.cxx
@@ -979,11 +979,8 @@ void EncodeManager::OffsetPixelBuffer::update(const PixelFormat& pf,
int stride_)
{
format = pf;
- width_ = width;
- height_ = height;
// Forced cast. We never write anything though, so it should be safe.
- data = (rdr::U8*)data_;
- stride = stride_;
+ setBuffer(width, height, (rdr::U8*)data_, stride_);
}
// Preprocessor generated, optimised methods
diff --git a/common/rfb/PixelBuffer.cxx b/common/rfb/PixelBuffer.cxx
index 007b6c8..ad58324 100644
--- a/common/rfb/PixelBuffer.cxx
+++ b/common/rfb/PixelBuffer.cxx
@@ -35,8 +35,14 @@ static LogWriter vlog("PixelBuffer");
// -=- Generic pixel buffer class
PixelBuffer::PixelBuffer(const PixelFormat& pf, int w, int h)
- : format(pf), width_(w), height_(h) {}
-PixelBuffer::PixelBuffer() : width_(0), height_(0) {}
+ : format(pf), width_(0), height_(0)
+{
+ setSize(w, h);
+}
+
+PixelBuffer::PixelBuffer() : width_(0), height_(0)
+{
+}
PixelBuffer::~PixelBuffer() {}
@@ -53,7 +59,7 @@ PixelBuffer::getImage(void* imageBuf, const Rect& r, int outStride) const
if (!r.enclosed_by(getRect()))
throw rfb::Exception("Source rect %dx%d at %d,%d exceeds framebuffer %dx%d",
r.width(), r.height(),
- r.tl.x, r.tl.y, width_, height_);
+ r.tl.x, r.tl.y, width(), height());
data = getBuffer(r, &inStride);
@@ -89,7 +95,7 @@ void PixelBuffer::getImage(const PixelFormat& pf, void* imageBuf,
if (!r.enclosed_by(getRect()))
throw rfb::Exception("Source rect %dx%d at %d,%d exceeds framebuffer %dx%d",
r.width(), r.height(),
- r.tl.x, r.tl.y, width_, height_);
+ r.tl.x, r.tl.y, width(), height());
if (stride == 0)
stride = r.width();
@@ -100,6 +106,12 @@ void PixelBuffer::getImage(const PixelFormat& pf, void* imageBuf,
stride, srcStride);
}
+void PixelBuffer::setSize(int width, int height)
+{
+ width_ = width;
+ height_ = height;
+}
+
// -=- Modifiable generic pixel buffer class
ModifiablePixelBuffer::ModifiablePixelBuffer(const PixelFormat& pf,
@@ -124,7 +136,7 @@ void ModifiablePixelBuffer::fillRect(const Rect& r, const void* pix)
if (!r.enclosed_by(getRect()))
throw rfb::Exception("Destination rect %dx%d at %d,%d exceeds framebuffer %dx%d",
- r.width(), r.height(), r.tl.x, r.tl.y, width_, height_);
+ r.width(), r.height(), r.tl.x, r.tl.y, width(), height());
w = r.width();
h = r.height();
@@ -175,7 +187,7 @@ void ModifiablePixelBuffer::imageRect(const Rect& r,
if (!r.enclosed_by(getRect()))
throw rfb::Exception("Destination rect %dx%d at %d,%d exceeds framebuffer %dx%d",
r.width(), r.height(),
- r.tl.x, r.tl.y, width_, height_);
+ r.tl.x, r.tl.y, width(), height());
bytesPerPixel = getPF().bpp/8;
@@ -213,13 +225,13 @@ void ModifiablePixelBuffer::copyRect(const Rect &rect,
if (!drect.enclosed_by(getRect()))
throw rfb::Exception("Destination rect %dx%d at %d,%d exceeds framebuffer %dx%d",
drect.width(), drect.height(),
- drect.tl.x, drect.tl.y, width_, height_);
+ drect.tl.x, drect.tl.y, width(), height());
srect = drect.translate(move_by_delta.negate());
if (!srect.enclosed_by(getRect()))
throw rfb::Exception("Source rect %dx%d at %d,%d exceeds framebuffer %dx%d",
srect.width(), srect.height(),
- srect.tl.x, srect.tl.y, width_, height_);
+ srect.tl.x, srect.tl.y, width(), height());
srcData = getBuffer(srect, &srcStride);
dstData = getBufferRW(drect, &dstStride);
@@ -272,7 +284,7 @@ void ModifiablePixelBuffer::imageRect(const PixelFormat& pf, const Rect &dest,
if (!dest.enclosed_by(getRect()))
throw rfb::Exception("Destination rect %dx%d at %d,%d exceeds framebuffer %dx%d",
dest.width(), dest.height(),
- dest.tl.x, dest.tl.y, width_, height_);
+ dest.tl.x, dest.tl.y, width(), height());
if (stride == 0)
stride = dest.width();
@@ -301,7 +313,7 @@ rdr::U8* FullFramePixelBuffer::getBufferRW(const Rect& r, int* stride_)
if (!r.enclosed_by(getRect()))
throw rfb::Exception("Pixel buffer request %dx%d at %d,%d exceeds framebuffer %dx%d",
r.width(), r.height(),
- r.tl.x, r.tl.y, width_, height_);
+ r.tl.x, r.tl.y, width(), height());
*stride_ = stride;
return &data[(r.tl.x + (r.tl.y * stride)) * format.bpp/8];
@@ -316,55 +328,69 @@ const rdr::U8* FullFramePixelBuffer::getBuffer(const Rect& r, int* stride_) cons
if (!r.enclosed_by(getRect()))
throw rfb::Exception("Pixel buffer request %dx%d at %d,%d exceeds framebuffer %dx%d",
r.width(), r.height(),
- r.tl.x, r.tl.y, width_, height_);
+ r.tl.x, r.tl.y, width(), height());
*stride_ = stride;
return &data[(r.tl.x + (r.tl.y * stride)) * format.bpp/8];
}
+void FullFramePixelBuffer::setBuffer(int width, int height,
+ rdr::U8* data_, int stride_)
+{
+ ModifiablePixelBuffer::setSize(width, height);
+ stride = stride_;
+ data = data_;
+}
+
+void FullFramePixelBuffer::setSize(int w, int h)
+{
+ // setBuffer() should be used
+ throw rfb::Exception("Invalid call to FullFramePixelBuffer::setSize()");
+}
+
// -=- Managed pixel buffer class
// Automatically allocates enough space for the specified format & area
ManagedPixelBuffer::ManagedPixelBuffer()
- : datasize(0)
+ : data_(NULL), datasize(0)
{
- checkDataSize();
};
ManagedPixelBuffer::ManagedPixelBuffer(const PixelFormat& pf, int w, int h)
- : FullFramePixelBuffer(pf, w, h, NULL, w), datasize(0)
+ : FullFramePixelBuffer(pf, 0, 0, NULL, 0), data_(NULL), datasize(0)
{
- checkDataSize();
-};
+ setSize(w, h);
+}
-ManagedPixelBuffer::~ManagedPixelBuffer() {
- if (data) delete [] data;
-};
+ManagedPixelBuffer::~ManagedPixelBuffer()
+{
+ if (data_)
+ delete [] data_;
+}
+void ManagedPixelBuffer::setPF(const PixelFormat &pf)
+{
+ format = pf;
+ setSize(width(), height());
+}
-void
-ManagedPixelBuffer::setPF(const PixelFormat &pf) {
- format = pf; checkDataSize();
-};
-void
-ManagedPixelBuffer::setSize(int w, int h) {
- width_ = w; height_ = h; stride = w; checkDataSize();
-};
+void ManagedPixelBuffer::setSize(int w, int h)
+{
+ unsigned long new_datasize = w * h * (format.bpp/8);
+ new_datasize = w * h * (format.bpp/8);
-inline void
-ManagedPixelBuffer::checkDataSize() {
- unsigned long new_datasize = width_ * height_ * (format.bpp/8);
if (datasize < new_datasize) {
- if (data) {
- delete [] data;
- datasize = 0; data = 0;
+ if (data_) {
+ delete [] data_;
+ data_ = NULL;
+ datasize = 0;
}
if (new_datasize) {
- data = new U8[new_datasize];
- if (!data)
- throw Exception("rfb::ManagedPixelBuffer unable to allocate buffer");
+ data_ = new U8[new_datasize];
datasize = new_datasize;
}
}
-};
+
+ setBuffer(w, h, data_, w);
+}
diff --git a/common/rfb/PixelBuffer.h b/common/rfb/PixelBuffer.h
index d89793f..3e4018f 100644
--- a/common/rfb/PixelBuffer.h
+++ b/common/rfb/PixelBuffer.h
@@ -90,7 +90,12 @@ namespace rfb {
protected:
PixelBuffer();
+ virtual void setSize(int width, int height);
+
+ protected:
PixelFormat format;
+
+ private:
int width_, height_;
};
@@ -154,7 +159,12 @@ namespace rfb {
protected:
FullFramePixelBuffer();
+ virtual void setBuffer(int width, int height, rdr::U8* data, int stride);
+ private:
+ virtual void setSize(int w, int h);
+
+ private:
rdr::U8* data;
int stride;
};
@@ -172,12 +182,9 @@ namespace rfb {
virtual void setPF(const PixelFormat &pf);
virtual void setSize(int w, int h);
- // Return the total number of bytes of pixel data in the buffer
- int dataLen() const { return width_ * height_ * (format.bpp/8); }
-
- protected:
+ private:
+ rdr::U8* data_; // Mirrors FullFramePixelBuffer::data
unsigned long datasize;
- void checkDataSize();
};
};
diff --git a/unix/x0vncserver/XPixelBuffer.cxx b/unix/x0vncserver/XPixelBuffer.cxx
index 4769b65..f0b0696 100644
--- a/unix/x0vncserver/XPixelBuffer.cxx
+++ b/unix/x0vncserver/XPixelBuffer.cxx
@@ -50,13 +50,8 @@ XPixelBuffer::XPixelBuffer(Display *dpy, ImageFactory &factory,
ffs(m_image->xim->blue_mask) - 1);
// Set up the remaining data of the parent class.
- width_ = rect.width();
- height_ = rect.height();
- data = (rdr::U8 *)m_image->xim->data;
-
- // Calculate the distance in pixels between two subsequent scan
- // lines of the framebuffer. This may differ from image width.
- stride = m_image->xim->bytes_per_line * 8 / m_image->xim->bits_per_pixel;
+ setBuffer(rect.width(), rect.height(), (rdr::U8 *)m_image->xim->data,
+ m_image->xim->bytes_per_line * 8 / m_image->xim->bits_per_pixel);
// Get initial screen image from the X display.
m_image->get(DefaultRootWindow(m_dpy), m_offsetLeft, m_offsetTop);
diff --git a/unix/xserver/hw/vnc/XserverDesktop.cc b/unix/xserver/hw/vnc/XserverDesktop.cc
index 4aac765..78df899 100644
--- a/unix/xserver/hw/vnc/XserverDesktop.cc
+++ b/unix/xserver/hw/vnc/XserverDesktop.cc
@@ -115,7 +115,7 @@ XserverDesktop::XserverDesktop(int screenIndex_,
: screenIndex(screenIndex_),
server(0), httpServer(0),
listeners(listeners_), httpListeners(httpListeners_),
- directFbptr(true),
+ shadowFramebuffer(NULL),
queryConnectId(0), queryConnectTimer(this)
{
format = pf;
@@ -152,8 +152,8 @@ XserverDesktop::~XserverDesktop()
delete httpListeners.back();
httpListeners.pop_back();
}
- if (!directFbptr)
- delete [] data;
+ if (shadowFramebuffer)
+ delete [] shadowFramebuffer;
delete httpServer;
delete server;
}
@@ -172,22 +172,18 @@ void XserverDesktop::setFramebuffer(int w, int h, void* fbptr, int stride_)
{
ScreenSet layout;
- width_ = w;
- height_ = h;
-
- if (!directFbptr) {
- delete [] data;
- directFbptr = true;
+ if (shadowFramebuffer) {
+ delete [] shadowFramebuffer;
+ shadowFramebuffer = NULL;
}
if (!fbptr) {
- fbptr = new rdr::U8[w * h * (format.bpp/8)];
+ shadowFramebuffer = new rdr::U8[w * h * (format.bpp/8)];
+ fbptr = shadowFramebuffer;
stride_ = w;
- directFbptr = false;
}
- data = (rdr::U8*)fbptr;
- stride = stride_;
+ setBuffer(w, h, (rdr::U8*)fbptr, stride_);
vncSetGlueContext(screenIndex);
layout = ::computeScreenLayout(&outputIdMap);
@@ -569,7 +565,7 @@ unsigned int XserverDesktop::setScreenLayout(int fb_width, int fb_height,
void XserverDesktop::grabRegion(const rfb::Region& region)
{
- if (directFbptr)
+ if (shadowFramebuffer == NULL)
return;
std::vector<rfb::Rect> rects;
diff --git a/unix/xserver/hw/vnc/XserverDesktop.h b/unix/xserver/hw/vnc/XserverDesktop.h
index f866a4c..dc4fe60 100644
--- a/unix/xserver/hw/vnc/XserverDesktop.h
+++ b/unix/xserver/hw/vnc/XserverDesktop.h
@@ -124,7 +124,7 @@ private:
rfb::HTTPServer* httpServer;
std::list<network::SocketListener*> listeners;
std::list<network::SocketListener*> httpListeners;
- bool directFbptr;
+ rdr::U8* shadowFramebuffer;
uint32_t queryConnectId;
network::Socket* queryConnectSocket;
diff --git a/vncviewer/PlatformPixelBuffer.cxx b/vncviewer/PlatformPixelBuffer.cxx
index a2b506d..a218901 100644
--- a/vncviewer/PlatformPixelBuffer.cxx
+++ b/vncviewer/PlatformPixelBuffer.cxx
@@ -36,7 +36,7 @@ static rfb::LogWriter vlog("PlatformPixelBuffer");
PlatformPixelBuffer::PlatformPixelBuffer(int width, int height) :
FullFramePixelBuffer(rfb::PixelFormat(32, 24, false, true,
255, 255, 255, 16, 8, 0),
- width, height, 0, stride),
+ 0, 0, NULL, 0),
Surface(width, height)
#if !defined(WIN32) && !defined(__APPLE__)
, shminfo(NULL), xim(NULL)
@@ -56,11 +56,10 @@ PlatformPixelBuffer::PlatformPixelBuffer(int width, int height) :
vlog.debug("Using standard XImage");
}
- data = (rdr::U8*)xim->data;
- stride = xim->bytes_per_line / (getPF().bpp/8);
+ setBuffer(width, height, (rdr::U8*)xim->data,
+ xim->bytes_per_line / (getPF().bpp/8));
#else
- FullFramePixelBuffer::data = (rdr::U8*)Surface::data;
- stride = width;
+ setBuffer(width, height, (rdr::U8*)Surface::data, width);
#endif
}
diff --git a/win/rfb_win32/DIBSectionBuffer.cxx b/win/rfb_win32/DIBSectionBuffer.cxx
index e2b0d64..e00cf23 100644
--- a/win/rfb_win32/DIBSectionBuffer.cxx
+++ b/win/rfb_win32/DIBSectionBuffer.cxx
@@ -52,39 +52,28 @@ void DIBSectionBuffer::setPF(const PixelFormat& pf) {
if (!pf.trueColour)
throw rfb::Exception("palette format not supported");
format = pf;
- recreateBuffer();
+ setSize(width(), height());
}
-void DIBSectionBuffer::setSize(int w, int h) {
- if (width_ == w && height_ == h) {
- vlog.debug("size unchanged by setSize()");
- return;
- }
- width_ = w;
- height_ = h;
- recreateBuffer();
-}
-
-
inline void initMaxAndShift(DWORD mask, int* max, int* shift) {
for ((*shift) = 0; (mask & 1) == 0; (*shift)++) mask >>= 1;
(*max) = (rdr::U16)mask;
}
-void DIBSectionBuffer::recreateBuffer() {
+void DIBSectionBuffer::setSize(int w, int h) {
HBITMAP new_bitmap = 0;
rdr::U8* new_data = 0;
- if (width_ && height_ && (format.depth != 0)) {
+ if (w && h && (format.depth != 0)) {
BitmapInfo bi;
memset(&bi, 0, sizeof(bi));
UINT iUsage = DIB_RGB_COLORS;
bi.bmiHeader.biSize = sizeof(BITMAPINFOHEADER);
bi.bmiHeader.biBitCount = format.bpp;
- bi.bmiHeader.biSizeImage = (format.bpp / 8) * width_ * height_;
+ bi.bmiHeader.biSizeImage = (format.bpp / 8) * w * h;
bi.bmiHeader.biPlanes = 1;
- bi.bmiHeader.biWidth = width_;
- bi.bmiHeader.biHeight = -height_;
+ bi.bmiHeader.biWidth = w;
+ bi.bmiHeader.biHeight = -h;
bi.bmiHeader.biCompression = (format.bpp > 8) ? BI_BITFIELDS : BI_RGB;
bi.mask.red = format.pixelFromRGB((rdr::U16)~0, 0, 0);
bi.mask.green = format.pixelFromRGB(0, (rdr::U16)~0, 0);
@@ -115,12 +104,12 @@ void DIBSectionBuffer::recreateBuffer() {
if (device) {
BitmapDC src_dev(device, bitmap);
BitmapDC dest_dev(device, new_bitmap);
- BitBlt(dest_dev, 0, 0, width_, height_, src_dev, 0, 0, SRCCOPY);
+ BitBlt(dest_dev, 0, 0, w, h, src_dev, 0, 0, SRCCOPY);
} else {
WindowDC wndDC(window);
BitmapDC src_dev(wndDC, bitmap);
BitmapDC dest_dev(wndDC, new_bitmap);
- BitBlt(dest_dev, 0, 0, width_, height_, src_dev, 0, 0, SRCCOPY);
+ BitBlt(dest_dev, 0, 0, w, h, src_dev, 0, 0, SRCCOPY);
}
}
@@ -128,17 +117,17 @@ void DIBSectionBuffer::recreateBuffer() {
// Delete the old bitmap
DeleteObject(bitmap);
bitmap = 0;
- data = 0;
+ setBuffer(0, 0, NULL, 0);
}
if (new_bitmap) {
int bpp, depth;
int redMax, greenMax, blueMax;
int redShift, greenShift, blueShift;
+ int new_stride;
// Set up the new bitmap
bitmap = new_bitmap;
- data = new_data;
// Determine the *actual* DIBSection format
DIBSECTION ds;
@@ -147,14 +136,16 @@ void DIBSectionBuffer::recreateBuffer() {
// Correct the "stride" of the DIB
// *** This code DWORD aligns each row - is that right???
- stride = width_;
- int bytesPerRow = stride * format.bpp/8;
+ new_stride = w;
+ int bytesPerRow = new_stride * format.bpp/8;
if (bytesPerRow % 4) {
bytesPerRow += 4 - (bytesPerRow % 4);
- stride = (bytesPerRow * 8) / format.bpp;
- vlog.info("adjusting DIB stride: %d to %d", width_, stride);
+ new_stride = (bytesPerRow * 8) / format.bpp;
+ vlog.info("adjusting DIB stride: %d to %d", w, new_stride);
}
+ setBuffer(w, h, new_data, new_stride);
+
// Calculate the PixelFormat for the DIB
bpp = depth = ds.dsBm.bmBitsPixel;

View File

@ -1,8 +1,8 @@
diff --git a/unix/xserver/hw/vnc/InputXKB.c b/unix/xserver/hw/vnc/InputXKB.c
index a9bd11d..7b54b43 100644
index f84a6e4..4eac939 100644
--- a/unix/xserver/hw/vnc/InputXKB.c
+++ b/unix/xserver/hw/vnc/InputXKB.c
@@ -214,10 +214,7 @@ void vncPrepareInputDevices(void)
@@ -226,10 +226,7 @@ void vncPrepareInputDevices(void)
unsigned vncGetKeyboardState(void)
{
@ -14,7 +14,7 @@ index a9bd11d..7b54b43 100644
}
unsigned vncGetLevelThreeMask(void)
@@ -238,7 +235,7 @@ unsigned vncGetLevelThreeMask(void)
@@ -250,7 +247,7 @@ unsigned vncGetLevelThreeMask(void)
return 0;
}
@ -23,7 +23,7 @@ index a9bd11d..7b54b43 100644
act = XkbKeyActionPtr(xkb, keycode, state);
if (act == NULL)
@@ -263,7 +260,7 @@ KeyCode vncPressShift(void)
@@ -275,7 +272,7 @@ KeyCode vncPressShift(void)
if (state & ShiftMask)
return 0;
@ -32,7 +32,7 @@ index a9bd11d..7b54b43 100644
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
XkbAction *act;
unsigned char mask;
@@ -303,7 +300,7 @@ size_t vncReleaseShift(KeyCode *keys, size_t maxKeys)
@@ -315,7 +312,7 @@ size_t vncReleaseShift(KeyCode *keys, size_t maxKeys)
count = 0;
@ -41,7 +41,7 @@ index a9bd11d..7b54b43 100644
xkb = master->key->xkbInfo->desc;
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
XkbAction *act;
@@ -359,7 +356,7 @@ KeyCode vncPressLevelThree(void)
@@ -371,7 +368,7 @@ KeyCode vncPressLevelThree(void)
return 0;
}
@ -50,7 +50,7 @@ index a9bd11d..7b54b43 100644
act = XkbKeyActionPtr(xkb, keycode, state);
if (act == NULL)
@@ -390,7 +387,7 @@ size_t vncReleaseLevelThree(KeyCode *keys, size_t maxKeys)
@@ -402,7 +399,7 @@ size_t vncReleaseLevelThree(KeyCode *keys, size_t maxKeys)
count = 0;
@ -59,16 +59,16 @@ index a9bd11d..7b54b43 100644
xkb = master->key->xkbInfo->desc;
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
XkbAction *act;
@@ -433,7 +430,7 @@ KeyCode vncKeysymToKeycode(KeySym keysym, unsigned state, unsigned *new_state)
if (new_state != NULL)
@@ -447,7 +444,7 @@ KeyCode vncKeysymToKeycode(KeySym keysym, unsigned state, unsigned *new_state)
*new_state = state;
fallback = 0;
- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc;
+ xkb = vncKeyboardDev->master->key->xkbInfo->desc;
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
unsigned int state_out;
KeySym dummy;
@@ -511,7 +508,7 @@ int vncIsAffectedByNumLock(KeyCode keycode)
@@ -551,7 +548,7 @@ int vncIsAffectedByNumLock(KeyCode keycode)
if (numlock_keycode == 0)
return 0;
@ -77,7 +77,7 @@ index a9bd11d..7b54b43 100644
act = XkbKeyActionPtr(xkb, numlock_keycode, state);
if (act == NULL)
@@ -545,7 +542,7 @@ KeyCode vncAddKeysym(KeySym keysym, unsigned state)
@@ -585,7 +582,7 @@ KeyCode vncAddKeysym(KeySym keysym, unsigned state)
KeySym *syms;
KeySym upper, lower;

View File

@ -1,28 +0,0 @@
diff --git a/unix/vncserver b/unix/vncserver
index 9e7a6ac..139f960 100755
--- a/unix/vncserver
+++ b/unix/vncserver
@@ -684,6 +684,7 @@ sub Usage
" [-geometry <width>x<height>]\n".
" [-pixelformat rgbNNN|bgrNNN]\n".
" [-fp <font-path>]\n".
+ " [-cc <visual>]\n".
" [-fg]\n".
" [-autokill]\n".
" [-noxstartup]\n".
diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
index f076565..05669a4 100644
--- a/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx
@@ -352,6 +352,11 @@ static void usage(const char *programName)
" %s [parameters] -listen [port] [parameters]\n"
" %s [parameters] [.tigervnc file]\n",
programName, programName, programName);
+ fprintf(stderr,"\n"
+ "Options:\n\n"
+ " -display Xdisplay - Specifies the X display for the viewer window\n"
+ " -geometry geometry - Standard X position and sizing specification.\n");
+
fprintf(stderr,"\n"
"Parameters can be turned on with -<param> or off with -<param>=0\n"
"Parameters which take a value can be specified as "

View File

@ -1,13 +1,41 @@
diff --git a/common/rfb/Password.cxx b/common/rfb/Password.cxx
index e4a508c..f555c57 100644
--- a/common/rfb/Password.cxx
+++ b/common/rfb/Password.cxx
@@ -55,7 +55,7 @@ PlainPasswd::~PlainPasswd() {
void PlainPasswd::replaceBuf(char* b) {
if (buf)
- memset(buf, 0, strlen(buf));
+ memset(buf, 0, length ? length : strlen(buf));
CharArray::replaceBuf(b);
}
diff --git a/common/rfb/util.h b/common/rfb/util.h
index b678b89..9e59bd3 100644
index 3100f90..764692a 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -50,7 +50,7 @@ namespace rfb {
@@ -51,16 +51,21 @@ namespace rfb {
CharArray() : buf(0) {}
CharArray(char* str) : buf(str) {} // note: assumes ownership
CharArray(int len) {
- buf = new char[len];
+ buf = new char[len]();
CharArray(size_t len) {
+ length = len;
buf = new char[len]();
}
~CharArray() {
delete [] buf;
- delete [] buf;
+ if (buf) {
+ delete [] buf;
+ buf = nullptr;
+ }
}
void format(const char *fmt, ...) __printf_attr(2, 3);
// Get the buffer pointer & clear it (i.e. caller takes ownership)
char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
- void replaceBuf(char* b) {delete [] buf; buf = b;}
+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
char* buf;
+ size_t length = 0;
private:
CharArray(const CharArray&);
CharArray& operator=(const CharArray&);

View File

@ -1,32 +0,0 @@
diff --git a/common/rfb/PixelFormat.cxx b/common/rfb/PixelFormat.cxx
index 76051dc..a9d015d 100644
--- a/common/rfb/PixelFormat.cxx
+++ b/common/rfb/PixelFormat.cxx
@@ -75,7 +75,8 @@ PixelFormat::PixelFormat(int b, int d, bool e, bool t,
redMax(rm), greenMax(gm), blueMax(bm),
redShift(rs), greenShift(gs), blueShift(bs)
{
- assert(isSane());
+ if (!isSane())
+ throw Exception("invalid pixel format");
updateState();
}
@@ -672,8 +673,16 @@ bool PixelFormat::isSane(void)
return false;
totalBits = bits(redMax) + bits(greenMax) + bits(blueMax);
- if (totalBits > bpp)
+ if (totalBits > depth)
+ return false;
+
+ if ((bits(redMax) + redShift) > bpp)
+ return false;
+ if ((bits(greenMax) + greenShift) > bpp)
return false;
+ if ((bits(blueMax) + blueShift) > bpp)
+ return false;
+
if (((redMax << redShift) & (greenMax << greenShift)) != 0)
return false;

View File

@ -1,5 +1,18 @@
From 0f1ded057dbf875e69a0d72418d95610db8fa6a3 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Mon, 30 Dec 2019 10:50:52 +0100
Subject: [PATCH] Provide correct dimensions for XShm setup
Since 53f913a we initialize the underlying PixelBuffer with 0x0
dimensions, which means we need to keep more explicit track of what
we are trying to allocate in the setup methods.
---
vncviewer/PlatformPixelBuffer.cxx | 6 +++---
vncviewer/PlatformPixelBuffer.h | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/vncviewer/PlatformPixelBuffer.cxx b/vncviewer/PlatformPixelBuffer.cxx
index 2b934c5..3d47163 100644
index 61f7b743b..59e51d596 100644
--- a/vncviewer/PlatformPixelBuffer.cxx
+++ b/vncviewer/PlatformPixelBuffer.cxx
@@ -43,7 +43,7 @@ PlatformPixelBuffer::PlatformPixelBuffer(int width, int height) :
@ -11,7 +24,7 @@ index 2b934c5..3d47163 100644
xim = XCreateImage(fl_display, CopyFromParent, 32,
ZPixmap, 0, 0, width, height, 32, 0);
if (!xim)
@@ -139,7 +139,7 @@ static int XShmAttachErrorHandler(Display *dpy, XErrorEvent *error)
@@ -136,7 +136,7 @@ static int XShmAttachErrorHandler(Display *dpy, XErrorEvent *error)
return 0;
}
@ -20,7 +33,7 @@ index 2b934c5..3d47163 100644
{
int major, minor;
Bool pixmaps;
@@ -156,7 +156,7 @@ bool PlatformPixelBuffer::setupShm()
@@ -153,7 +153,7 @@ bool PlatformPixelBuffer::setupShm()
shminfo = new XShmSegmentInfo;
xim = XShmCreateImage(fl_display, CopyFromParent, 32,
@ -30,10 +43,10 @@ index 2b934c5..3d47163 100644
goto free_shminfo;
diff --git a/vncviewer/PlatformPixelBuffer.h b/vncviewer/PlatformPixelBuffer.h
index f9038cd..ec439f6 100644
index f9038cd9c..ec439f64f 100644
--- a/vncviewer/PlatformPixelBuffer.h
+++ b/vncviewer/PlatformPixelBuffer.h
@@ -53,7 +53,7 @@ protected:
@@ -53,7 +53,7 @@ class PlatformPixelBuffer: public rfb::FullFramePixelBuffer, public Surface {
#if !defined(WIN32) && !defined(__APPLE__)
protected:

View File

@ -0,0 +1,26 @@
From 989491eb4b325f980e94d27e0ad1a7bee63b6ebd Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Fri, 3 Jul 2020 13:56:35 +0200
Subject: [PATCH] Remove trailing spaces in user name
It's quite easy to make a mistake and add an additional space when configuring
users in the vncserver.users config file. You will then get an error that the
user doesn't exist and it's hard to spot the mistake. Same applies for a space
before the display number.
---
unix/vncserver/vncsession-start.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/vncserver/vncsession-start.in b/unix/vncserver/vncsession-start.in
index b20fcdd97..65ee0a81c 100644
--- a/unix/vncserver/vncsession-start.in
+++ b/unix/vncserver/vncsession-start.in
@@ -33,7 +33,7 @@ fi
DISPLAY="$1"
-USER=`grep "^${DISPLAY}=" "${USERSFILE}" 2>/dev/null | head -1 | cut -d = -f 2-`
+USER=`grep "^ *${DISPLAY}=" "${USERSFILE}" 2>/dev/null | head -1 | cut -d = -f 2- | sed 's/ *$//g'`
if [ -z "${USER}" ]; then
echo "No user configured for display ${DISPLAY}" >&2

View File

@ -1,9 +0,0 @@
diff -up tigervnc-1.3.0/unix/vncserver.shebang tigervnc-1.3.0/unix/vncserver
--- tigervnc-1.3.0/unix/vncserver.shebang 2013-07-24 12:22:34.962158378 +0100
+++ tigervnc-1.3.0/unix/vncserver 2013-07-24 12:22:41.593188190 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
#
# Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved.
# Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved.

File diff suppressed because it is too large Load Diff

View File

@ -1,13 +0,0 @@
diff --git a/unix/vncserver b/unix/vncserver
index bb4f2feb..68be032d 100755
--- a/unix/vncserver
+++ b/unix/vncserver
@@ -709,7 +709,7 @@ sub List
}
}
}
- exit 1;
+ exit;
}

View File

@ -1,40 +0,0 @@
diff --git a/unix/vncserver b/unix/vncserver
index bb4f2feb..b038dd3b 100755
--- a/unix/vncserver
+++ b/unix/vncserver
@@ -58,27 +58,14 @@ $defaultXStartup
= ("#!/bin/sh\n\n".
"unset SESSION_MANAGER\n".
"unset DBUS_SESSION_BUS_ADDRESS\n".
- "OS=`uname -s`\n".
- "if [ \$OS = 'Linux' ]; then\n".
- " case \"\$WINDOWMANAGER\" in\n".
- " \*gnome\*)\n".
- " if [ -e /etc/SuSE-release ]; then\n".
- " PATH=\$PATH:/opt/gnome/bin\n".
- " export PATH\n".
- " fi\n".
- " ;;\n".
- " esac\n".
- "fi\n".
- "if [ -x /etc/X11/xinit/xinitrc ]; then\n".
- " exec /etc/X11/xinit/xinitrc\n".
- "fi\n".
- "if [ -f /etc/X11/xinit/xinitrc ]; then\n".
- " exec sh /etc/X11/xinit/xinitrc\n".
- "fi\n".
- "[ -r \$HOME/.Xresources ] && xrdb \$HOME/.Xresources\n".
- "xsetroot -solid grey\n".
- "xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n".
- "twm &\n");
+ "/etc/X11/xinit/xinitrc\n".
+ "# Assume either Gnome will be started by default when installed\n".
+ "# We want to kill the session automatically in this case when user logs out. In case you modify\n".
+ "# /etc/X11/xinit/Xclients or ~/.Xclients yourself to achieve a different result, then you should\n".
+ "# be responsible to modify below code to avoid that your session will be automatically killed\n".
+ "if [ -e /usr/bin/gnome-session ]; then\n".
+ " vncserver -kill \$DISPLAY\n".
+ "fi\n");
$defaultConfig
= ("## Supported server options to pass to vncserver upon invocation can be listed\n".

View File

@ -1,45 +0,0 @@
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Replace <USER> with the actual user name and edit vncserver
# parameters in the wrapper script located in /usr/bin/vncserver_wrapper
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver_wrapper <USER> %i
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
[Install]
WantedBy=multi-user.target

View File

@ -1,59 +0,0 @@
# The vncserver service unit file
#
# Quick HowTo: As the User wanting to have this functionality
#
# 1. Copy this file to ~/.config/systemd/user/ (Optional, in case default settings are not suitable)
#
# $ mkdir -p ~/.config/systemd/user
# $ cp /usr/lib/systemd/user/vncserver@.service ~/.config/systemd/user/
#
# 2. Reload user's systemd
#
# $ systemctl --user daemon-reload
#
# 3. Start the service immediately and enable it at boot
#
# $ systemctl --user enable vncserver@:<display>.service --now
#
# 4. Enable lingering
#
# $ loginctl enable-linger
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver %i
ExecStop=/usr/bin/vncserver -kill %i
Restart=on-success
RestartSec=15
[Install]
WantedBy=default.target

View File

@ -1 +0,0 @@
# THIS FILE HAS BEEN REPLACED BY /lib/systemd/system/vncserver@.service

View File

@ -1,42 +0,0 @@
#!/bin/sh
USER="$1"
INSTANCE="$2"
die() {
echo "FATAL: ${@:-}" >&2
exit 2
}
cleanup() {
[ -n "$VNCPID" ] || return
if kill -0 $VNCPID 2>/dev/null; then
kill $VNCPID
fi
}
trap cleanup TERM INT HUP
[ -n "$USER" -a -n "$INSTANCE" ] || die "Invalid usage!"
/usr/sbin/runuser -l "$USER" -c "/usr/bin/vncserver ${INSTANCE}"
[ $? -eq 0 ] || die "'runuser -l $USER' failed!"
# Wait up to 5 seconds for vncserver to be up
for tries in $(seq 1 50); do
[ -e "~$USER/.vnc/$(hostname)${INSTANCE}.pid" ] && break
sleep 0.1
done
eval HOME=~$USER
VNCPID=$(cat "$HOME/.vnc/$(hostname)${INSTANCE}.pid" 2>/dev/null || true)
[ -n "$VNCPID" ] || die "'vncserver ${INSTANCE}' failed to start after 5 seconds!"
echo "'vncserver ${INSTANCE}' has PID $VNCPID, waiting until it exits ..."
while kill -0 $VNCPID 2>/dev/null; do
sleep 5
done
echo "PID $VNCPID exited, exiting ..."

View File

@ -1,6 +1,6 @@
Name: tigervnc
Version: 1.9.0
Release: 15%{?dist}
Version: 1.10.1
Release: 7%{?dist}
Summary: A TigerVNC remote display system
%global _hardened_build 1
@ -9,41 +9,24 @@ License: GPLv2+
URL: http://www.tigervnc.com
Source0: %{name}-%{version}.tar.gz
Source1: vncserver-system.service
Source2: vncserver-user.service
Source3: vncserver.sysconfig
Source4: 10-libvnc.conf
Source5: xvnc.service
Source6: xvnc.socket
Source7: vncserver_wrapper
Source1: xvnc.service
Source2: xvnc.socket
Source3: 10-libvnc.conf
Source4: HOWTO.md
Patch1: tigervnc-manpages.patch
Patch2: tigervnc-getmaster.patch
Patch3: tigervnc-shebang.patch
Patch4: tigervnc-xstartup.patch
Patch5: tigervnc-cursor.patch
Patch6: tigervnc-1.3.1-CVE-2014-8240.patch
Patch7: tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch
Patch8: tigervnc-let-user-know-about-not-using-view-only-password.patch
Patch9: tigervnc-working-tls-on-fips-systems.patch
Patch11: tigervnc-utilize-system-crypto-policies.patch
Patch12: tigervnc-passwd-crash-with-malloc-checks.patch
Patch13: tigervnc-vncserver-do-not-return-returncode-indicating-error.patch
Patch13: 0001-xserver-add-no-op-input-thread-init-function.patch
Patch14: tigervnc-provide-correct-dimensions-for-xshm-setup.patch
Patch50: tigervnc-covscan.patch
# Security fixes
Patch200: tigervnc-CVE-2019-15691.patch
Patch201: tigervnc-encapsulate-pixelbuffer-internal-details.patch
Patch202: tigervnc-CVE-2019-15692.patch
Patch203: tigervnc-add-write-protection-to-offsetpixelbuffer.patch
Patch204: tigervnc-CVE-2019-15693.patch
Patch205: tigervnc-pixelformat-sanity-checks.patch
Patch206: tigervnc-CVE-2019-15694.patch
Patch207: tigervnc-be-defensive-about-overflows-in-stream-objects.patch
Patch208: tigervnc-CVE-2019-15695.patch
# Upstream patches
Patch50: tigervnc-systemd-support.patch
Patch51: tigervnc-remove-trailing-spaces-in-user-name.patch
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver120.patch
@ -55,12 +38,11 @@ BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-auto
BuildRequires: libXext-devel, xorg-x11-server-source, libXi-devel
BuildRequires: xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel
BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel
BuildRequires: mesa-libGL-devel, libXinerama-devel
BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
BuildRequires: desktop-file-utils, java-devel, jpackage-utils
BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
BuildRequires: libdrm-devel, libXt-devel, pixman-devel
BuildRequires: systemd, cmake
BuildRequires: systemd, cmake, desktop-file-utils, selinux-policy-devel
%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
BuildRequires: libXfont2-devel
%else
@ -70,9 +52,7 @@ BuildRequires: libXfont-devel
# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support
# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814
BuildRequires: fltk-devel >= 1.3.3
%ifnarch s390 s390x
BuildRequires: xorg-x11-server-devel
%endif
Requires(post): coreutils
Requires(postun):coreutils
@ -92,7 +72,8 @@ server.
%package server
Summary: A TigerVNC server
Requires: perl-interpreter
Requires: tigervnc-server-minimal
Requires: tigervnc-server-minimal = %{version}-%{release}
Requires: tigervnc-selinux = %{version}-%{release}
Requires: xorg-x11-xauth
Requires: xorg-x11-xinit
Requires(post): systemd
@ -113,7 +94,7 @@ Requires(post): chkconfig
Requires(preun):chkconfig
Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
Requires: tigervnc-license
Requires: tigervnc-license, dbus-x11
%description server-minimal
The VNC system allows you to access the same desktop from a wide
@ -121,7 +102,6 @@ variety of platforms. This package contains minimal installation
of TigerVNC server, allowing others to access the desktop on your
machine.
%ifnarch s390 s390x
%package server-module
Summary: TigerVNC module to Xorg
Requires: xorg-x11-server-Xorg %(xserver-sdk-abi-requires ansic) %(xserver-sdk-abi-requires videodrv)
@ -130,16 +110,6 @@ Requires: tigervnc-license
%description server-module
This package contains libvnc.so module to X server, allowing others
to access the desktop on your machine.
%endif
%package server-applet
Summary: Java TigerVNC viewer applet for TigerVNC server
Requires: tigervnc-server, java, jpackage-utils
BuildArch: noarch
%description server-applet
The Java TigerVNC viewer applet for web browsers. Install this package to allow
clients to use web browser when connect to the TigerVNC server.
%package license
Summary: License of TigerVNC suite
@ -155,6 +125,18 @@ BuildArch: noarch
%description icons
This package contains icons for TigerVNC viewer
%package selinux
Summary: SELinux module for TigerVNC
BuildArch: noarch
Requires(pre): libselinux-utils
Requires(post): selinux-policy >= %{_selinux_policy_version}
Requires(post): policycoreutils
Requires(post): libselinux-utils
%description selinux
This package provides the SELinux policy module to ensure TigerVNC
runs properly under an environment with SELinux enabled.
%prep
%setup -q
@ -167,19 +149,9 @@ done
%patch101 -p1 -b .rpath
popd
# Synchronise manpages and --help output (bug #980870).
%patch1 -p1 -b .manpages
# libvnc.so: don't use unexported GetMaster function (bug #744881 again).
%patch2 -p1 -b .getmaster
# Don't use shebang in vncserver script.
%patch3 -p1 -b .shebang
# Clearer xstartup file (bug #923655).
# Bug 1665876 - Tigervnc not starting on RHEL 7.6 server without -noxstartup option
%patch4 -p1 -b .xstartup
# Fixed viewer crash when cursor has not been set (bug #1051333).
%patch5 -p1 -b .cursor
@ -187,9 +159,6 @@ popd
# buffer overflow in screen size handling
%patch6 -p1 -b .tigervnc-1.3.1-CVE-2014-8240
# Bug 1322155 - Xorg socket conflict for VNC port 5901
%patch7 -p1 -b .do-not-die-when-port-is-already-taken
# Bug 1447555 - view-only accepts enter, unclear whether default password is generated or not
%patch8 -p1 -b .let-user-know-about-not-using-view-only-password
@ -201,22 +170,20 @@ popd
%patch12 -p1 -b .passwd-crash-with-malloc-checks
%patch13 -p1 -b .vncserver-do-not-return-returncode-indicating-error
%patch13 -p1 -b .xserver-add-no-op-input-thread-init-function.
%patch50 -p1 -b .tigervnc-covscan
%patch14 -p1 -b .provide-correct-dimensions-for-xshm-setup
# Security fixes
%patch200 -p1 -b .CVE-2019-15691
%patch201 -p1 -b .encapsulate-pixelbuffer-internal-details
%patch202 -p1 -b .CVE-2019-15692
%patch203 -p1 -b .add-write-protection-to-offsetpixelbuffer
%patch204 -p1 -b .CVE-2019-15693
%patch205 -p1 -b .pixelformat-sanity-checks
%patch206 -p1 -b .CVE-2019-15694
%patch207 -p1 -b .be-defensive-about-overflows-in-stream-objects
%patch208 -p1 -b .CVE-2019-15695
# HACK make sure we are able to successfuly apply a patch. This is because we will
# be creating a directory under name which already exists as a file and it also seems
# to be not possible to create a directory with a patch
pushd unix
rm vncserver
mkdir vncserver
popd
%patch14 -p1 -b .tigervnc-provide-correct-dimensions-for-xshm-setup
%patch50 -p1 -b .tigervnc-systemd-support
%patch51 -p1 -b .remove-trailing-spaces-in-user-name
%build
%ifarch sparcv9 sparc64 s390 s390x
@ -256,34 +223,27 @@ pushd media
make
popd
# Build Java applet
pushd java
%{cmake} .
JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8" make
# SELinux
pushd unix/vncserver/selinux
make
popd
%install
%make_install
rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
pushd unix/xserver/hw/vnc
make install DESTDIR=%{buildroot}
popd
pushd unix/vncserver/selinux
make install DESTDIR=%{buildroot}
popd
# Install systemd unit file
mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{_userunitdir}
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/vncserver@.service
install -m644 %{SOURCE2} %{buildroot}%{_userunitdir}/vncserver@.service
install -m644 %{SOURCE5} %{buildroot}%{_unitdir}/xvnc@.service
install -m644 %{SOURCE6} %{buildroot}%{_unitdir}/xvnc.socket
rm -rf %{buildroot}%{_initrddir}
# Install vncserver wrapper script
install -m744 %{SOURCE7} %{buildroot}%{_bindir}/vncserver_wrapper
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/vncservers
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
# Install desktop stuff
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
@ -294,41 +254,54 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps
done
popd
# Install Java applet
pushd java
mkdir -p %{buildroot}%{_datadir}/vnc/classes
install -m755 VncViewer.jar %{buildroot}%{_datadir}/vnc/classes
install -m644 com/tigervnc/vncviewer/index.vnc %{buildroot}%{_datadir}/vnc/classes
popd
# Install a replacement for /usr/bin/vncserver which will tell the user to read the
# HOWTO.md file
cat <<EOF > %{buildroot}/%{_bindir}/vncserver
#!/bin/bash
echo "vncserver has been replaced by a systemd unit."
echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
EOF
chmod +x %{buildroot}/%{_bindir}/vncserver
%find_lang %{name} %{name}.lang
# remove unwanted files
rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la
%ifarch s390 s390x
rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.so
%else
mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%endif
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
install -m 644 %{SOURCE4} %{buildroot}/%{_docdir}/tigervnc/HOWTO.md
%post server
%systemd_post vncserver.service
%systemd_post xvnc.service
%systemd_post xvnc.socket
%preun server
%systemd_preun vncserver.service
%systemd_preun xvnc.service
%systemd_preun xvnc.socket
%postun server
%systemd_postun vncserver.service
%systemd_postun xvnc.service
%systemd_postun xvnc.socket
%pre selinux
%selinux_relabel_pre
%post selinux
%selinux_modules_install %{_datadir}/selinux/packages/vncsession.pp
%selinux_relabel_post
%posttrans selinux
%selinux_relabel_post
%postun selinux
%selinux_modules_uninstall vncsession
if [ $1 -eq 0 ]; then
%selinux_relabel_post
fi
%files -f %{name}.lang
%doc README.rst
%{_bindir}/vncviewer
@ -336,16 +309,22 @@ install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.c
%{_mandir}/man1/vncviewer.1*
%files server
%config(noreplace) %{_sysconfdir}/sysconfig/vncservers
%{_userunitdir}/vncserver@.service
%config(noreplace) %{_sysconfdir}/pam.d/tigervnc
%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-defaults
%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-mandatory
%config(noreplace) %{_sysconfdir}/tigervnc/vncserver.users
%{_unitdir}/vncserver@.service
%{_unitdir}/xvnc@.service
%{_unitdir}/xvnc.socket
%{_bindir}/x0vncserver
%{_bindir}/vncserver
%{_bindir}/vncserver_wrapper
%{_mandir}/man1/vncserver.1*
%{_sbindir}/vncsession
%{_libexecdir}/vncserver
%{_libexecdir}/vncsession-start
%{_mandir}/man1/x0vncserver.1*
%{_mandir}/man8/vncserver.8*
%{_mandir}/man8/vncsession.8*
%{_docdir}/tigervnc/HOWTO.md
%files server-minimal
%{_bindir}/vncconfig
@ -355,62 +334,64 @@ install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.c
%{_mandir}/man1/vncpasswd.1*
%{_mandir}/man1/vncconfig.1*
%ifnarch s390 s390x
%files server-module
%{_libdir}/xorg/modules/extensions/libvnc.so
%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%endif
%files server-applet
%doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc/classes/*
%files license
%license LICENCE.TXT
%{_docdir}/tigervnc/LICENCE.TXT
%files icons
%{_datadir}/icons/hicolor/*/apps/*
%files selinux
%{_datadir}/selinux/packages/vncsession.pp
%changelog
* Thu Apr 22 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-15
- Bump build version
Resolves: bz#1819877
Resolves: bz#1819879
Resolves: bz#1819882
Resolves: bz#1819886
Resolves: bz#1819884
* Wed Jul 08 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-7
- Enable server module on s390x
Resolves: bz#1854925
* Thu Apr 09 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-14
- Bump build version
Resolves: bz#1819877
Resolves: bz#1819879
Resolves: bz#1819882
Resolves: bz#1819886
Resolves: bz#1819884
* Fri Jul 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-6
- Remove trailing spaces in user name
Resolves: bz#1852432
* Wed Apr 08 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-13
- Fix stack buffer overflow in CMsgReader::readSetCursor
Resolves: bz#1819877
* Thu Jun 25 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
- Install the HOWTO file to correct location
- Add /usr/bin/vncserver file informing users to read the HOWTO.md file
Resolves: bz#1790443
- Fix heap buffer overflow in DecodeManager::decodeRect
Resolves: bz#1819879
* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-4
- Improve SELinux policy
Resolves: bz#1790443
- Fix heap buffer overflow in TightDecoder::FilterGradient
Resolves: bz#1819882
* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-3
- Add a HOWTO.md file with instructions how to start VNC server
Resolves: bz#1790443
- Fix heap-based buffer overflow triggered from CopyRectDecoder
Resolves: bz#1819886
* Tue May 26 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
- Make the systemd service run also for root user
Resolves: bz#1790443
- Fix stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder
Resolves: bz#1819884
* Mon Apr 27 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
- Update to 1.10.1
Resolves: bz#1806992
* Tue Jan 28 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-12
- Fix installation of 10-libvnc.conf file
Resolves: bz#1795168
- Add proper systemd support
Resolves: bz#1790443
* Mon Jan 27 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-11
* Tue Jan 28 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-13
- Bump build because of z-stream
Resolves: bz#1671714
* Wed Dec 11 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-12
- Fix installation of systemd files
Resolves: bz#1671714
* Wed Nov 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-11
- Use wrapper script to workaround systemd issues
Resolves: bz#1795168
Resolves: bz#1671714
* Fri Jul 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-10
- Do not return returncode indicating error when running "vncserver -list"