Import from CS git
This commit is contained in:
parent
1ad67a789e
commit
892a31ab5a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/tigervnc-1.13.1.tar.gz
|
||||
SOURCES/tigervnc-1.15.0.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz
|
||||
fec424f110bdf5032cd5eb4df2596b8251d2e1ed SOURCES/tigervnc-1.15.0.tar.gz
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,27 @@
|
||||
From 313200978926cc7b7521c0d645918391b7609681 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Thu, 27 Feb 2025 13:49:02 +0100
|
||||
Subject: [PATCH] Add SELinux policy rules allowing to access
|
||||
/proc/sys/fs/nr_open
|
||||
|
||||
This is needed when the nofile limit is set to unlimited, otherwise we
|
||||
will fail to start a VNC session.
|
||||
---
|
||||
unix/vncserver/selinux/vncsession.te | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
||||
index d92f1bd..2ce4fc8 100644
|
||||
--- a/unix/vncserver/selinux/vncsession.te
|
||||
+++ b/unix/vncserver/selinux/vncsession.te
|
||||
@@ -37,6 +37,10 @@ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
|
||||
allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
|
||||
files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
|
||||
|
||||
+# Allow access to /proc/sys/fs/nr_open
|
||||
+# Needed when the nofile limit is set to unlimited.
|
||||
+kernel_read_fs_sysctls(vnc_session_t)
|
||||
+
|
||||
# Allowed to create ~/.local
|
||||
optional_policy(`
|
||||
gnome_filetrans_home_content(vnc_session_t)
|
@ -0,0 +1,47 @@
|
||||
From e652f06940f84fd8e19d7b674ae8c6000530fb40 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Fri, 7 Feb 2025 15:32:49 +0100
|
||||
Subject: [PATCH] Add SELinux policy rules allowing to create directories under
|
||||
/root
|
||||
|
||||
We have policy that allows to create ~/.local or ~/.config, but we don't
|
||||
have rule that allows the same under /root directory, where we fail in
|
||||
case any of these directories doesn't exist.
|
||||
---
|
||||
unix/vncserver/selinux/vncsession.te | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
||||
index d92f1bda7d..2f49717077 100644
|
||||
--- a/unix/vncserver/selinux/vncsession.te
|
||||
+++ b/unix/vncserver/selinux/vncsession.te
|
||||
@@ -48,6 +48,14 @@ optional_policy(`
|
||||
create_dirs_pattern(vnc_session_t, gconf_home_t, gconf_home_t)
|
||||
')
|
||||
|
||||
+# Allowed to create /root/.local
|
||||
+optional_policy(`
|
||||
+ gen_require(`
|
||||
+ type admin_home_t;
|
||||
+ ')
|
||||
+ create_dirs_pattern(vnc_session_t, admin_home_t, admin_home_t)
|
||||
+')
|
||||
+
|
||||
# Manage TigerVNC files (mainly ~/.local/state/*.log)
|
||||
create_dirs_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
manage_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
@@ -88,6 +96,7 @@ optional_policy(`
|
||||
gen_require(`
|
||||
attribute userdomain;
|
||||
type gconf_home_t;
|
||||
+ type admin_home_t;
|
||||
')
|
||||
userdom_admin_home_dir_filetrans(userdomain, vnc_home_t, dir, ".vnc")
|
||||
userdom_user_home_dir_filetrans(userdomain, vnc_home_t, dir, ".vnc")
|
||||
@@ -95,5 +104,6 @@ optional_policy(`
|
||||
gnome_config_filetrans(userdomain, vnc_home_t, dir, "tigervnc")
|
||||
gnome_data_filetrans(userdomain, vnc_home_t, dir, "tigervnc")
|
||||
filetrans_pattern(userdomain, gconf_home_t, vnc_home_t, dir, "tigervnc")
|
||||
+ filetrans_pattern(vnc_session_t, admin_home_t, vnc_home_t, dir, "tigervnc")
|
||||
filetrans_pattern(vnc_session_t, gconf_home_t, vnc_home_t, dir, "tigervnc")
|
||||
')
|
@ -1,13 +0,0 @@
|
||||
diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
|
||||
index b3d0926d..d36a096f 100644
|
||||
--- a/unix/xserver/hw/vnc/vncInput.c
|
||||
+++ b/unix/xserver/hw/vnc/vncInput.c
|
||||
@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
|
||||
|
||||
void vncGetPointerPos(int *x, int *y)
|
||||
{
|
||||
- if (vncPointerDev != NULL) {
|
||||
+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
|
||||
ScreenPtr ptrScreen;
|
||||
|
||||
miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);
|
@ -1,8 +1,8 @@
|
||||
diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt
|
||||
index 052cfb3..c84fb0e 100644
|
||||
index 7d316e7..4f872d0 100644
|
||||
--- a/po/CMakeLists.txt
|
||||
+++ b/po/CMakeLists.txt
|
||||
@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
|
||||
@@ -15,7 +15,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
|
||||
${PROJECT_SOURCE_DIR}/vncviewer/*.h
|
||||
${PROJECT_SOURCE_DIR}/vncviewer/*.cxx
|
||||
${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in
|
||||
@ -11,10 +11,10 @@ index 052cfb3..c84fb0e 100644
|
||||
|
||||
add_custom_target(translations_update
|
||||
diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt
|
||||
index 15eac66..450b732 100644
|
||||
index 72904b2..6a39062 100644
|
||||
--- a/vncviewer/CMakeLists.txt
|
||||
+++ b/vncviewer/CMakeLists.txt
|
||||
@@ -100,34 +100,6 @@ if(UNIX)
|
||||
@@ -108,36 +108,6 @@ if(UNIX)
|
||||
add_custom_target(desktop ALL DEPENDS vncviewer.desktop)
|
||||
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications)
|
||||
|
||||
@ -24,6 +24,7 @@ index 15eac66..450b732 100644
|
||||
- --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
|
||||
- -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml
|
||||
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
|
||||
- ${po_FILES}
|
||||
- )
|
||||
- elseif(INTLTOOL_MERGE_EXECUTABLE)
|
||||
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
|
||||
@ -36,6 +37,7 @@ index 15eac66..450b732 100644
|
||||
- -x ${CMAKE_SOURCE_DIR}/po
|
||||
- org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml
|
||||
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
|
||||
- ${po_FILES}
|
||||
- )
|
||||
- else()
|
||||
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
|
||||
|
@ -1,135 +0,0 @@
|
||||
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
|
||||
index 6f65e87..3142ba3 100644
|
||||
--- a/common/rfb/SSecurityPlain.cxx
|
||||
+++ b/common/rfb/SSecurityPlain.cxx
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <rdr/InStream.h>
|
||||
#if !defined(WIN32) && !defined(__APPLE__)
|
||||
#include <rfb/UnixPasswordValidator.h>
|
||||
+#include <unistd.h>
|
||||
+#include <pwd.h>
|
||||
#endif
|
||||
#ifdef WIN32
|
||||
#include <rfb/WinPasswdValidator.h>
|
||||
@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
|
||||
|
||||
bool PasswordValidator::validUser(const char* username)
|
||||
{
|
||||
- CharArray users(plainUsers.getValueStr()), user;
|
||||
+ std::vector<std::string> users;
|
||||
|
||||
- while (users.buf) {
|
||||
- strSplit(users.buf, ',', &user.buf, &users.buf);
|
||||
-#ifdef WIN32
|
||||
- if (0 == stricmp(user.buf, "*"))
|
||||
- return true;
|
||||
- if (0 == stricmp(user.buf, username))
|
||||
- return true;
|
||||
-#else
|
||||
- if (!strcmp(user.buf, "*"))
|
||||
- return true;
|
||||
- if (!strcmp(user.buf, username))
|
||||
- return true;
|
||||
+ users = split(plainUsers, ',');
|
||||
+
|
||||
+ for (size_t i = 0; i < users.size(); i++) {
|
||||
+ if (users[i] == "*")
|
||||
+ return true;
|
||||
+#if !defined(WIN32) && !defined(__APPLE__)
|
||||
+ if (users[i] == "%u") {
|
||||
+ struct passwd *pw = getpwnam(username);
|
||||
+ if (pw && pw->pw_uid == getuid())
|
||||
+ return true;
|
||||
+ }
|
||||
#endif
|
||||
+ if (users[i] == username)
|
||||
+ return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
|
||||
index 649eb0b..cce73a0 100644
|
||||
--- a/common/rfb/util.cxx
|
||||
+++ b/common/rfb/util.cxx
|
||||
@@ -99,6 +99,26 @@ namespace rfb {
|
||||
return false;
|
||||
}
|
||||
|
||||
+ std::vector<std::string> split(const char* src,
|
||||
+ const char delimiter)
|
||||
+ {
|
||||
+ std::vector<std::string> out;
|
||||
+ const char *start, *stop;
|
||||
+
|
||||
+ start = src;
|
||||
+ do {
|
||||
+ stop = strchr(start, delimiter);
|
||||
+ if (stop == NULL) {
|
||||
+ out.push_back(start);
|
||||
+ } else {
|
||||
+ out.push_back(std::string(start, stop-start));
|
||||
+ start = stop + 1;
|
||||
+ }
|
||||
+ } while (stop != NULL);
|
||||
+
|
||||
+ return out;
|
||||
+ }
|
||||
+
|
||||
bool strContains(const char* src, char c) {
|
||||
int l=strlen(src);
|
||||
for (int i=0; i<l; i++)
|
||||
diff --git a/common/rfb/util.h b/common/rfb/util.h
|
||||
index f0ac9ef..ed15c28 100644
|
||||
--- a/common/rfb/util.h
|
||||
+++ b/common/rfb/util.h
|
||||
@@ -27,6 +27,9 @@
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
+#include <string>
|
||||
+#include <vector>
|
||||
+
|
||||
struct timeval;
|
||||
|
||||
#ifdef __GNUC__
|
||||
@@ -76,6 +79,10 @@ namespace rfb {
|
||||
// that part of the string. Obviously, setting both to 0 is not useful...
|
||||
bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
|
||||
|
||||
+ // Splits a string with the specified delimiter
|
||||
+ std::vector<std::string> split(const char* src,
|
||||
+ const char delimiter);
|
||||
+
|
||||
// Returns true if src contains c
|
||||
bool strContains(const char* src, char c);
|
||||
|
||||
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
|
||||
index c36ae34..78db730 100644
|
||||
--- a/unix/x0vncserver/x0vncserver.man
|
||||
+++ b/unix/x0vncserver/x0vncserver.man
|
||||
@@ -125,8 +125,8 @@ parameter instead.
|
||||
.B \-PlainUsers \fIuser-list\fP
|
||||
A comma separated list of user names that are allowed to authenticate via
|
||||
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
|
||||
-to allow any user to authenticate using this security type. Default is to
|
||||
-deny all users.
|
||||
+to allow any user to authenticate using this security type. Specify \fB%u\fP
|
||||
+to allow the user of the server process. Default is to deny all users.
|
||||
.
|
||||
.TP
|
||||
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
|
||||
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
|
||||
index ea87dea..e9fb654 100644
|
||||
--- a/unix/xserver/hw/vnc/Xvnc.man
|
||||
+++ b/unix/xserver/hw/vnc/Xvnc.man
|
||||
@@ -200,8 +200,8 @@ parameter instead.
|
||||
.B \-PlainUsers \fIuser-list\fP
|
||||
A comma separated list of user names that are allowed to authenticate via
|
||||
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
|
||||
-to allow any user to authenticate using this security type. Default is to
|
||||
-deny all users.
|
||||
+to allow any user to authenticate using this security type. Specify \fB%u\fP
|
||||
+to allow the user of the server process. Default is to deny all users.
|
||||
.
|
||||
.TP
|
||||
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
|
@ -1,17 +0,0 @@
|
||||
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
|
||||
index f8141959..c5c36539 100644
|
||||
--- a/unix/xserver/hw/vnc/xvnc.c
|
||||
+++ b/unix/xserver/hw/vnc/xvnc.c
|
||||
@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
|
||||
if (strcmp(argv[i], "-inetd") == 0) {
|
||||
int nullfd;
|
||||
|
||||
- dup2(0, 3);
|
||||
- vncInetdSock = 3;
|
||||
+ if ((vncInetdSock = dup(0)) == -1)
|
||||
+ FatalError
|
||||
+ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
|
||||
+
|
||||
|
||||
/* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
|
||||
replaced by /dev/null by OsInit() because the pollfd is not
|
@ -1,29 +0,0 @@
|
||||
From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001
|
||||
From: Carlos Santos <casantos@redhat.com>
|
||||
Date: Thu, 25 Jul 2024 18:39:59 -0300
|
||||
Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set
|
||||
|
||||
An empty shell field in the password file is valid, although not common.
|
||||
Use /bin/sh in this case, as documented in the passwd(5) man page, since
|
||||
the vncserver script requires a non-empty SHELL environment variable.
|
||||
|
||||
Fixes issue #1786.
|
||||
|
||||
Signed-off-by: Carlos Santos <casantos@redhat.com>
|
||||
---
|
||||
unix/vncserver/vncsession.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
|
||||
index 1ee096c7c..98a0432aa 100644
|
||||
--- a/unix/vncserver/vncsession.c
|
||||
+++ b/unix/vncserver/vncsession.c
|
||||
@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp)
|
||||
|
||||
// Set up some basic environment for the script
|
||||
setenv("HOME", pwent->pw_dir, 1);
|
||||
- setenv("SHELL", pwent->pw_shell, 1);
|
||||
+ setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1);
|
||||
setenv("LOGNAME", pwent->pw_name, 1);
|
||||
setenv("USER", pwent->pw_name, 1);
|
||||
setenv("USERNAME", pwent->pw_name, 1);
|
@ -1,91 +0,0 @@
|
||||
diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac
|
||||
--- xserver/configure.ac.xserver116-rebased 2016-09-29 13:14:45.595441590 +0200
|
||||
+++ xserver/configure.ac 2016-09-29 13:14:45.631442006 +0200
|
||||
@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
|
||||
AC_CONFIG_HEADERS(include/version-config.h)
|
||||
|
||||
AM_PROG_AS
|
||||
+AC_PROG_CXX
|
||||
AC_PROG_LN_S
|
||||
LT_PREREQ([2.2])
|
||||
LT_INIT([disable-static win32-dll])
|
||||
@@ -1863,6 +1864,10 @@ if test "x$XVFB" = xyes; then
|
||||
AC_SUBST([XVFB_SYS_LIBS])
|
||||
fi
|
||||
|
||||
+dnl Xvnc DDX
|
||||
+AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
|
||||
+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
|
||||
+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
|
||||
|
||||
dnl Xnest DDX
|
||||
|
||||
@@ -1898,6 +1903,8 @@ if test "x$XORG" = xauto; then
|
||||
fi
|
||||
AC_MSG_RESULT([$XORG])
|
||||
|
||||
+AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
|
||||
+
|
||||
if test "x$XORG" = xyes; then
|
||||
XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
|
||||
XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
|
||||
@@ -2116,7 +2123,6 @@ if test "x$XORG" = xyes; then
|
||||
AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
|
||||
AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
|
||||
AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
|
||||
- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
|
||||
AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
|
||||
AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
|
||||
AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
|
||||
@@ -2691,6 +2697,7 @@ hw/dmx/Makefile
|
||||
hw/dmx/man/Makefile
|
||||
hw/vfb/Makefile
|
||||
hw/vfb/man/Makefile
|
||||
+hw/vnc/Makefile
|
||||
hw/xnest/Makefile
|
||||
hw/xnest/man/Makefile
|
||||
hw/xwin/Makefile
|
||||
diff -up xserver/hw/Makefile.am.xserver116-rebased xserver/hw/Makefile.am
|
||||
--- xserver/hw/Makefile.am.xserver116-rebased 2016-09-29 13:14:45.601441659 +0200
|
||||
+++ xserver/hw/Makefile.am 2016-09-29 13:14:45.631442006 +0200
|
||||
@@ -38,7 +38,8 @@ SUBDIRS = \
|
||||
$(DMX_SUBDIRS) \
|
||||
$(KDRIVE_SUBDIRS) \
|
||||
$(XQUARTZ_SUBDIRS) \
|
||||
- $(XWAYLAND_SUBDIRS)
|
||||
+ $(XWAYLAND_SUBDIRS) \
|
||||
+ vnc
|
||||
|
||||
DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
|
||||
|
||||
diff --git xserver/mi/miinitext.c xserver/mi/miinitext.c
|
||||
index 5596e21..003fc3c 100644
|
||||
--- xserver/mi/miinitext.c
|
||||
+++ xserver/mi/miinitext.c
|
||||
@@ -107,8 +107,15 @@ SOFTWARE.
|
||||
#include "os.h"
|
||||
#include "globals.h"
|
||||
|
||||
+#ifdef TIGERVNC
|
||||
+extern void vncExtensionInit(INITARGS);
|
||||
+#endif
|
||||
+
|
||||
/* List of built-in (statically linked) extensions */
|
||||
static const ExtensionModule staticExtensions[] = {
|
||||
+#ifdef TIGERVNC
|
||||
+ {vncExtensionInit, "VNC-EXTENSION", NULL},
|
||||
+#endif
|
||||
{GEExtensionInit, "Generic Event Extension", &noGEExtension},
|
||||
{ShapeExtensionInit, "SHAPE", NULL},
|
||||
#ifdef MITSHM
|
||||
--- xserver/include/os.h~ 2016-10-03 09:07:29.000000000 +0200
|
||||
+++ xserver/include/os.h 2016-10-03 14:13:00.013654506 +0200
|
||||
@@ -621,7 +621,7 @@
|
||||
extern _X_EXPORT void
|
||||
LogClose(enum ExitCode error);
|
||||
extern _X_EXPORT Bool
|
||||
-LogSetParameter(LogParameter param, int value);
|
||||
+LogSetParameter(enum _LogParameter param, int value);
|
||||
extern _X_EXPORT void
|
||||
LogVWrite(int verb, const char *f, va_list args)
|
||||
_X_ATTRIBUTE_PRINTF(2, 0);
|
@ -4,8 +4,8 @@
|
||||
%global modulename vncsession
|
||||
|
||||
Name: tigervnc
|
||||
Version: 1.13.1
|
||||
Release: 15%{?dist}
|
||||
Version: 1.15.0
|
||||
Release: 1%{?dist}
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
%global _hardened_build 1
|
||||
@ -13,7 +13,7 @@ Summary: A TigerVNC remote display system
|
||||
License: GPLv2+
|
||||
URL: http://www.tigervnc.com
|
||||
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
Source0: https://github.com/TigerVNC/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
Source1: xvnc.service
|
||||
Source2: xvnc.socket
|
||||
Source3: 10-libvnc.conf
|
||||
@ -23,22 +23,18 @@ Source5: vncserver
|
||||
|
||||
# Downstream patches
|
||||
Patch1: tigervnc-use-gnome-as-default-session.patch
|
||||
# https://github.com/TigerVNC/tigervnc/pull/1425
|
||||
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
|
||||
Patch3: tigervnc-dont-install-appstream-metadata-file.patch
|
||||
|
||||
# Upstream patches
|
||||
Patch50: tigervnc-support-username-alias-in-plainusers.patch
|
||||
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
|
||||
Patch52: tigervnc-add-option-to-force-view-only-remote-connections.patch
|
||||
Patch53: tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
|
||||
Patch50: tigervnc-add-selinux-policy-rules-allowing-create-dirs-under-root-dir.patch
|
||||
Patch51: tigervnc-add-selinux-policy-rules-allowing-access-to-proc-sys-fs-nr-open.patch
|
||||
|
||||
# Upstreamable patches
|
||||
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
|
||||
|
||||
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
|
||||
Patch100: tigervnc-xserver120.patch
|
||||
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
||||
Patch101: 0001-rpath-hack.patch
|
||||
Patch100: 0001-rpath-hack.patch
|
||||
|
||||
# XServer patches
|
||||
Patch200: xorg-CVE-2025-26594.patch
|
||||
@ -90,18 +86,21 @@ BuildRequires: libXinerama-devel
|
||||
BuildRequires: libXt-devel
|
||||
BuildRequires: libXtst-devel
|
||||
BuildRequires: libdrm-devel
|
||||
BuildRequires: mesa-libgbm-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libxkbfile-devel
|
||||
BuildRequires: libxshmfence-devel
|
||||
BuildRequires: mesa-libGL-devel
|
||||
BuildRequires: xorg-x11-font-utils
|
||||
BuildRequires: pkgconfig(fontutil)
|
||||
BuildRequires: pkgconfig(xkbcomp)
|
||||
BuildRequires: xorg-x11-server-devel
|
||||
BuildRequires: xorg-x11-server-source
|
||||
BuildRequires: xorg-x11-util-macros
|
||||
BuildRequires: xorg-x11-xtrans-devel
|
||||
|
||||
# SELinux
|
||||
BuildRequires: libselinux-devel, selinux-policy-devel, systemd
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: selinux-policy-devel
|
||||
|
||||
Requires(post): coreutils
|
||||
Requires(postun):coreutils
|
||||
@ -109,6 +108,7 @@ Requires(postun):coreutils
|
||||
Requires: hicolor-icon-theme
|
||||
Requires: tigervnc-license
|
||||
Requires: tigervnc-icons
|
||||
Requires: which
|
||||
|
||||
%description
|
||||
Virtual Network Computing (VNC) is a remote display system which
|
||||
@ -139,11 +139,16 @@ X session.
|
||||
|
||||
%package server-minimal
|
||||
Summary: A minimal installation of TigerVNC server
|
||||
Requires(post): chkconfig
|
||||
Requires(preun):chkconfig
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
Requires(post): systemd
|
||||
|
||||
Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
|
||||
Requires: tigervnc-license, dbus-x11
|
||||
Requires: dbus-x11
|
||||
Requires: mesa-dri-drivers
|
||||
Requires: tigervnc-license
|
||||
Requires: xkbcomp
|
||||
Requires: xkeyboard-config
|
||||
|
||||
%description server-minimal
|
||||
The VNC system allows you to access the same desktop from a wide
|
||||
@ -199,8 +204,9 @@ pushd unix/xserver
|
||||
for all in `find . -type f -perm -001`; do
|
||||
chmod -x "$all"
|
||||
done
|
||||
%patch -P100 -p1 -b .xserver120-rebased
|
||||
%patch -P101 -p1 -b .rpath
|
||||
%patch -P100 -p1 -b .rpath
|
||||
cat ../xserver120.patch | patch -p1
|
||||
|
||||
%patch -P200 -p1 -b .xorg-CVE-2025-26594
|
||||
%patch -P201 -p1 -b .xorg-CVE-2025-26594-2
|
||||
%patch -P202 -p1 -b .xorg-CVE-2025-26595
|
||||
@ -221,13 +227,10 @@ popd
|
||||
%patch -P3 -p1 -b .dont-install-appstream-metadata-file.patch
|
||||
|
||||
# Upstream patches
|
||||
%patch -P50 -p1 -b .support-username-alias-in-plainusers
|
||||
%patch -P51 -p1 -b .use-dup-to-get-available-fd-for-inetd
|
||||
%patch -P52 -p1 -b .add-option-to-force-view-only-remote-connections
|
||||
%patch -P53 -p1 -b .tigervnc-vncsession-use-bin-sh-when-shell-not-set
|
||||
%patch -P50 -p1 -b .add-selinux-policy-rules-allowing-create-dirs-under-root-dir
|
||||
%patch -P51 -p1 -b .add-selinux-policy-rules-allowing-access-to-proc-sys-fs-nr-open
|
||||
|
||||
# Upstreamable patches
|
||||
%patch -P80 -p1 -b .dont-get-pointer-position-for-floating-device
|
||||
|
||||
%build
|
||||
%ifarch sparcv9 sparc64 s390 s390x
|
||||
@ -235,7 +238,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
|
||||
%else
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fpic"
|
||||
%endif
|
||||
export CXXFLAGS="$CFLAGS"
|
||||
export CXXFLAGS="$CFLAGS -std=c++11"
|
||||
|
||||
%{cmake} .
|
||||
make %{?_smp_mflags}
|
||||
@ -246,15 +249,12 @@ autoreconf -fiv
|
||||
--disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
|
||||
--disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \
|
||||
--with-pic --disable-static \
|
||||
--with-default-font-path="catalogue:%{_sysconfdir}/X11/fontpath.d,built-ins" \
|
||||
--with-fontdir=%{_datadir}/X11/fonts \
|
||||
--with-default-font-path="catalogue:/etc/X11/fontpath.d,built-ins" \
|
||||
--with-xkb-output=%{_localstatedir}/lib/xkb \
|
||||
--enable-install-libxf86config \
|
||||
--enable-glx --disable-dri --enable-dri2 --disable-dri3 \
|
||||
--enable-glx --disable-dri --enable-dri2 --enable-dri3 \
|
||||
--disable-unit-tests \
|
||||
--disable-config-hal \
|
||||
--disable-config-udev \
|
||||
--with-dri-driver-path=%{_libdir}/dri \
|
||||
--without-dtrace \
|
||||
--disable-devel-docs \
|
||||
--disable-selective-werror
|
||||
@ -288,6 +288,8 @@ popd
|
||||
# Install systemd unit file
|
||||
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
|
||||
install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
|
||||
# Install old vncserver script
|
||||
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
|
||||
|
||||
# Install desktop stuff
|
||||
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
|
||||
@ -298,7 +300,6 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps
|
||||
done
|
||||
popd
|
||||
|
||||
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
|
||||
|
||||
%find_lang %{name} %{name}.lang
|
||||
|
||||
@ -309,15 +310,14 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
|
||||
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
||||
|
||||
%post server
|
||||
%systemd_post xvnc.service
|
||||
%systemd_post xvnc@.service
|
||||
%systemd_post xvnc.socket
|
||||
|
||||
%preun server
|
||||
%systemd_preun xvnc.service
|
||||
%systemd_preun xvnc.socket
|
||||
|
||||
%postun server
|
||||
%systemd_postun xvnc.service
|
||||
%systemd_postun xvnc@.service
|
||||
%systemd_postun xvnc.socket
|
||||
|
||||
%pre selinux
|
||||
@ -348,8 +348,8 @@ fi
|
||||
%{_unitdir}/vncserver@.service
|
||||
%{_unitdir}/xvnc@.service
|
||||
%{_unitdir}/xvnc.socket
|
||||
%{_bindir}/x0vncserver
|
||||
%{_bindir}/vncserver
|
||||
%{_bindir}/x0vncserver
|
||||
%{_sbindir}/vncsession
|
||||
%{_libexecdir}/vncserver
|
||||
%{_libexecdir}/vncsession-start
|
||||
@ -369,7 +369,7 @@ fi
|
||||
|
||||
%files server-module
|
||||
%{_libdir}/xorg/modules/extensions/libvnc.so
|
||||
%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
||||
%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
||||
|
||||
%files license
|
||||
%{_docdir}/tigervnc/LICENCE.TXT
|
||||
@ -382,6 +382,10 @@ fi
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
|
||||
%changelog
|
||||
* Wed Feb 26 2025 Jan Grulich <jgrulich@redhat.com> - 1.15.0-1
|
||||
- 1.15.0
|
||||
Resolves: RHEL-79161
|
||||
Resolves: RHEL-79982
|
||||
|
||||
* Wed Feb 26 2025 Jan Grulich <jgrulich@redhat.com> - 1.13.1-15
|
||||
- Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor
|
||||
|
Loading…
Reference in New Issue
Block a user