rpms/tigervnc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2025-04-22 07:44:26 +00:00
parent 1ad67a789e
commit 892a31ab5a
12 changed files with 122 additions and 1440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/tigervnc-1.13.1.tar.gz
SOURCES/tigervnc-1.15.0.tar.gz

2
.tigervnc.metadata
View File

@ -1 +1 @@
6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz
fec424f110bdf5032cd5eb4df2596b8251d2e1ed SOURCES/tigervnc-1.15.0.tar.gz

1113
SOURCES/tigervnc-add-option-to-force-view-only-remote-connections.patch
View File

File diff suppressed because it is too large Load Diff

27
SOURCES/tigervnc-add-selinux-policy-rules-allowing-access-to-proc-sys-fs-nr-open.patch Normal file
View File

@ -0,0 +1,27 @@
From 313200978926cc7b7521c0d645918391b7609681 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Thu, 27 Feb 2025 13:49:02 +0100
Subject: [PATCH] Add SELinux policy rules allowing to access
/proc/sys/fs/nr_open
This is needed when the nofile limit is set to unlimited, otherwise we
will fail to start a VNC session.
---
unix/vncserver/selinux/vncsession.te | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index d92f1bd..2ce4fc8 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -37,6 +37,10 @@ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
+# Allow access to /proc/sys/fs/nr_open
+# Needed when the nofile limit is set to unlimited.
+kernel_read_fs_sysctls(vnc_session_t)
+
# Allowed to create ~/.local
optional_policy(`
gnome_filetrans_home_content(vnc_session_t)

47
SOURCES/tigervnc-add-selinux-policy-rules-allowing-create-dirs-under-root-dir.patch Normal file
View File

@ -0,0 +1,47 @@
From e652f06940f84fd8e19d7b674ae8c6000530fb40 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Fri, 7 Feb 2025 15:32:49 +0100
Subject: [PATCH] Add SELinux policy rules allowing to create directories under
/root
We have policy that allows to create ~/.local or ~/.config, but we don't
have rule that allows the same under /root directory, where we fail in
case any of these directories doesn't exist.
---
unix/vncserver/selinux/vncsession.te | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index d92f1bda7d..2f49717077 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -48,6 +48,14 @@ optional_policy(`
create_dirs_pattern(vnc_session_t, gconf_home_t, gconf_home_t)
')
+# Allowed to create /root/.local
+optional_policy(`
+ gen_require(`
+ type admin_home_t;
+ ')
+ create_dirs_pattern(vnc_session_t, admin_home_t, admin_home_t)
+')
+
# Manage TigerVNC files (mainly ~/.local/state/*.log)
create_dirs_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
manage_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
@@ -88,6 +96,7 @@ optional_policy(`
gen_require(`
attribute userdomain;
type gconf_home_t;
+ type admin_home_t;
')
userdom_admin_home_dir_filetrans(userdomain, vnc_home_t, dir, ".vnc")
userdom_user_home_dir_filetrans(userdomain, vnc_home_t, dir, ".vnc")
@@ -95,5 +104,6 @@ optional_policy(`
gnome_config_filetrans(userdomain, vnc_home_t, dir, "tigervnc")
gnome_data_filetrans(userdomain, vnc_home_t, dir, "tigervnc")
filetrans_pattern(userdomain, gconf_home_t, vnc_home_t, dir, "tigervnc")
+ filetrans_pattern(vnc_session_t, admin_home_t, vnc_home_t, dir, "tigervnc")
filetrans_pattern(vnc_session_t, gconf_home_t, vnc_home_t, dir, "tigervnc")
')

13
SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch
View File

@ -1,13 +0,0 @@
diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
index b3d0926d..d36a096f 100644
--- a/unix/xserver/hw/vnc/vncInput.c
+++ b/unix/xserver/hw/vnc/vncInput.c
@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
void vncGetPointerPos(int *x, int *y)
{
- if (vncPointerDev != NULL) {
+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
ScreenPtr ptrScreen;
miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);

10
SOURCES/tigervnc-dont-install-appstream-metadata-file.patch
View File

@ -1,8 +1,8 @@
diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt
index 052cfb3..c84fb0e 100644
index 7d316e7..4f872d0 100644
--- a/po/CMakeLists.txt
+++ b/po/CMakeLists.txt
@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
@@ -15,7 +15,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
${PROJECT_SOURCE_DIR}/vncviewer/*.h
${PROJECT_SOURCE_DIR}/vncviewer/*.cxx
${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in
@ -11,10 +11,10 @@ index 052cfb3..c84fb0e 100644
add_custom_target(translations_update
diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt
index 15eac66..450b732 100644
index 72904b2..6a39062 100644
--- a/vncviewer/CMakeLists.txt
+++ b/vncviewer/CMakeLists.txt
@@ -100,34 +100,6 @@ if(UNIX)
@@ -108,36 +108,6 @@ if(UNIX)
add_custom_target(desktop ALL DEPENDS vncviewer.desktop)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications)
@ -24,6 +24,7 @@ index 15eac66..450b732 100644
- --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
- -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
- ${po_FILES}
- )
- elseif(INTLTOOL_MERGE_EXECUTABLE)
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
@ -36,6 +37,7 @@ index 15eac66..450b732 100644
- -x ${CMAKE_SOURCE_DIR}/po
- org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
- ${po_FILES}
- )
- else()
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml

135
SOURCES/tigervnc-support-username-alias-in-plainusers.patch
View File

@ -1,135 +0,0 @@
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index 6f65e87..3142ba3 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -27,6 +27,8 @@
#include <rdr/InStream.h>
#if !defined(WIN32) && !defined(__APPLE__)
#include <rfb/UnixPasswordValidator.h>
+#include <unistd.h>
+#include <pwd.h>
#endif
#ifdef WIN32
#include <rfb/WinPasswdValidator.h>
@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
bool PasswordValidator::validUser(const char* username)
{
- CharArray users(plainUsers.getValueStr()), user;
+ std::vector<std::string> users;
- while (users.buf) {
- strSplit(users.buf, ',', &user.buf, &users.buf);
-#ifdef WIN32
- if (0 == stricmp(user.buf, "*"))
- return true;
- if (0 == stricmp(user.buf, username))
- return true;
-#else
- if (!strcmp(user.buf, "*"))
- return true;
- if (!strcmp(user.buf, username))
- return true;
+ users = split(plainUsers, ',');
+
+ for (size_t i = 0; i < users.size(); i++) {
+ if (users[i] == "*")
+ return true;
+#if !defined(WIN32) && !defined(__APPLE__)
+ if (users[i] == "%u") {
+ struct passwd *pw = getpwnam(username);
+ if (pw && pw->pw_uid == getuid())
+ return true;
+ }
#endif
+ if (users[i] == username)
+ return true;
}
return false;
}
diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
index 649eb0b..cce73a0 100644
--- a/common/rfb/util.cxx
+++ b/common/rfb/util.cxx
@@ -99,6 +99,26 @@ namespace rfb {
return false;
}
+ std::vector<std::string> split(const char* src,
+ const char delimiter)
+ {
+ std::vector<std::string> out;
+ const char *start, *stop;
+
+ start = src;
+ do {
+ stop = strchr(start, delimiter);
+ if (stop == NULL) {
+ out.push_back(start);
+ } else {
+ out.push_back(std::string(start, stop-start));
+ start = stop + 1;
+ }
+ } while (stop != NULL);
+
+ return out;
+ }
+
bool strContains(const char* src, char c) {
int l=strlen(src);
for (int i=0; i<l; i++)
diff --git a/common/rfb/util.h b/common/rfb/util.h
index f0ac9ef..ed15c28 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -27,6 +27,9 @@
#include <limits.h>
#include <string.h>
+#include <string>
+#include <vector>
+
struct timeval;
#ifdef __GNUC__
@@ -76,6 +79,10 @@ namespace rfb {
// that part of the string. Obviously, setting both to 0 is not useful...
bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
+ // Splits a string with the specified delimiter
+ std::vector<std::string> split(const char* src,
+ const char delimiter);
+
// Returns true if src contains c
bool strContains(const char* src, char c);
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
index c36ae34..78db730 100644
--- a/unix/x0vncserver/x0vncserver.man
+++ b/unix/x0vncserver/x0vncserver.man
@@ -125,8 +125,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
index ea87dea..e9fb654 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -200,8 +200,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP

17
SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch
View File

@ -1,17 +0,0 @@
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
index f8141959..c5c36539 100644
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
if (strcmp(argv[i], "-inetd") == 0) {
int nullfd;
- dup2(0, 3);
- vncInetdSock = 3;
+ if ((vncInetdSock = dup(0)) == -1)
+ FatalError
+ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
+
/* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
replaced by /dev/null by OsInit() because the pollfd is not

29
SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
View File

@ -1,29 +0,0 @@
From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001
From: Carlos Santos <casantos@redhat.com>
Date: Thu, 25 Jul 2024 18:39:59 -0300
Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set
An empty shell field in the password file is valid, although not common.
Use /bin/sh in this case, as documented in the passwd(5) man page, since
the vncserver script requires a non-empty SHELL environment variable.
Fixes issue #1786.
Signed-off-by: Carlos Santos <casantos@redhat.com>
---
unix/vncserver/vncsession.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
index 1ee096c7c..98a0432aa 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp)
// Set up some basic environment for the script
setenv("HOME", pwent->pw_dir, 1);
- setenv("SHELL", pwent->pw_shell, 1);
+ setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1);
setenv("LOGNAME", pwent->pw_name, 1);
setenv("USER", pwent->pw_name, 1);
setenv("USERNAME", pwent->pw_name, 1);

91
SOURCES/tigervnc-xserver120.patch
View File

@ -1,91 +0,0 @@
diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac
--- xserver/configure.ac.xserver116-rebased 2016-09-29 13:14:45.595441590 +0200
+++ xserver/configure.ac 2016-09-29 13:14:45.631442006 +0200
@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
AC_CONFIG_HEADERS(include/version-config.h)
AM_PROG_AS
+AC_PROG_CXX
AC_PROG_LN_S
LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll])
@@ -1863,6 +1864,10 @@ if test "x$XVFB" = xyes; then
AC_SUBST([XVFB_SYS_LIBS])
fi
+dnl Xvnc DDX
+AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
dnl Xnest DDX
@@ -1898,6 +1903,8 @@ if test "x$XORG" = xauto; then
fi
AC_MSG_RESULT([$XORG])
+AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
+
if test "x$XORG" = xyes; then
XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
@@ -2116,7 +2123,6 @@ if test "x$XORG" = xyes; then
AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
@@ -2691,6 +2697,7 @@ hw/dmx/Makefile
hw/dmx/man/Makefile
hw/vfb/Makefile
hw/vfb/man/Makefile
+hw/vnc/Makefile
hw/xnest/Makefile
hw/xnest/man/Makefile
hw/xwin/Makefile
diff -up xserver/hw/Makefile.am.xserver116-rebased xserver/hw/Makefile.am
--- xserver/hw/Makefile.am.xserver116-rebased 2016-09-29 13:14:45.601441659 +0200
+++ xserver/hw/Makefile.am 2016-09-29 13:14:45.631442006 +0200
@@ -38,7 +38,8 @@ SUBDIRS = \
$(DMX_SUBDIRS) \
$(KDRIVE_SUBDIRS) \
$(XQUARTZ_SUBDIRS) \
- $(XWAYLAND_SUBDIRS)
+ $(XWAYLAND_SUBDIRS) \
+ vnc
DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
diff --git xserver/mi/miinitext.c xserver/mi/miinitext.c
index 5596e21..003fc3c 100644
--- xserver/mi/miinitext.c
+++ xserver/mi/miinitext.c
@@ -107,8 +107,15 @@ SOFTWARE.
#include "os.h"
#include "globals.h"
+#ifdef TIGERVNC
+extern void vncExtensionInit(INITARGS);
+#endif
+
/* List of built-in (statically linked) extensions */
static const ExtensionModule staticExtensions[] = {
+#ifdef TIGERVNC
+ {vncExtensionInit, "VNC-EXTENSION", NULL},
+#endif
{GEExtensionInit, "Generic Event Extension", &noGEExtension},
{ShapeExtensionInit, "SHAPE", NULL},
#ifdef MITSHM
--- xserver/include/os.h~ 2016-10-03 09:07:29.000000000 +0200
+++ xserver/include/os.h 2016-10-03 14:13:00.013654506 +0200
@@ -621,7 +621,7 @@
extern _X_EXPORT void
LogClose(enum ExitCode error);
extern _X_EXPORT Bool
-LogSetParameter(LogParameter param, int value);
+LogSetParameter(enum _LogParameter param, int value);
extern _X_EXPORT void
LogVWrite(int verb, const char *f, va_list args)
_X_ATTRIBUTE_PRINTF(2, 0);

76
SPECS/tigervnc.spec
View File

@ -4,8 +4,8 @@
%global modulename vncsession
Name: tigervnc
Version: 1.13.1
Release: 15%{?dist}
Version: 1.15.0
Release: 1%{?dist}
Summary: A TigerVNC remote display system
%global _hardened_build 1
@ -13,7 +13,7 @@ Summary: A TigerVNC remote display system
License: GPLv2+
URL: http://www.tigervnc.com
Source0: %{name}-%{version}.tar.gz
Source0: https://github.com/TigerVNC/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: xvnc.service
Source2: xvnc.socket
Source3: 10-libvnc.conf
@ -23,22 +23,18 @@ Source5: vncserver
# Downstream patches
Patch1: tigervnc-use-gnome-as-default-session.patch
# https://github.com/TigerVNC/tigervnc/pull/1425
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
Patch3: tigervnc-dont-install-appstream-metadata-file.patch
# Upstream patches
Patch50: tigervnc-support-username-alias-in-plainusers.patch
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
Patch52: tigervnc-add-option-to-force-view-only-remote-connections.patch
Patch53: tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
Patch50: tigervnc-add-selinux-policy-rules-allowing-create-dirs-under-root-dir.patch
Patch51: tigervnc-add-selinux-policy-rules-allowing-access-to-proc-sys-fs-nr-open.patch
# Upstreamable patches
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver120.patch
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
Patch101: 0001-rpath-hack.patch
Patch100: 0001-rpath-hack.patch
# XServer patches
Patch200: xorg-CVE-2025-26594.patch
@ -90,18 +86,21 @@ BuildRequires: libXinerama-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
BuildRequires: libdrm-devel
BuildRequires: mesa-libgbm-devel
BuildRequires: libtool
BuildRequires: libxkbfile-devel
BuildRequires: libxshmfence-devel
BuildRequires: mesa-libGL-devel
BuildRequires: xorg-x11-font-utils
BuildRequires: pkgconfig(fontutil)
BuildRequires: pkgconfig(xkbcomp)
BuildRequires: xorg-x11-server-devel
BuildRequires: xorg-x11-server-source
BuildRequires: xorg-x11-util-macros
BuildRequires: xorg-x11-xtrans-devel
# SELinux
BuildRequires: libselinux-devel, selinux-policy-devel, systemd
BuildRequires: libselinux-devel
BuildRequires: selinux-policy-devel
Requires(post): coreutils
Requires(postun):coreutils
@ -109,6 +108,7 @@ Requires(postun):coreutils
Requires: hicolor-icon-theme
Requires: tigervnc-license
Requires: tigervnc-icons
Requires: which
%description
Virtual Network Computing (VNC) is a remote display system which
@ -139,11 +139,16 @@ X session.
%package server-minimal
Summary: A minimal installation of TigerVNC server
Requires(post): chkconfig
Requires(preun):chkconfig
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(post): systemd
Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
Requires: tigervnc-license, dbus-x11
Requires: dbus-x11
Requires: mesa-dri-drivers
Requires: tigervnc-license
Requires: xkbcomp
Requires: xkeyboard-config
%description server-minimal
The VNC system allows you to access the same desktop from a wide
@ -199,8 +204,9 @@ pushd unix/xserver
for all in `find . -type f -perm -001`; do
chmod -x "$all"
done
%patch -P100 -p1 -b .xserver120-rebased
%patch -P101 -p1 -b .rpath
%patch -P100 -p1 -b .rpath
cat ../xserver120.patch | patch -p1
%patch -P200 -p1 -b .xorg-CVE-2025-26594
%patch -P201 -p1 -b .xorg-CVE-2025-26594-2
%patch -P202 -p1 -b .xorg-CVE-2025-26595
@ -221,13 +227,10 @@ popd
%patch -P3 -p1 -b .dont-install-appstream-metadata-file.patch
# Upstream patches
%patch -P50 -p1 -b .support-username-alias-in-plainusers
%patch -P51 -p1 -b .use-dup-to-get-available-fd-for-inetd
%patch -P52 -p1 -b .add-option-to-force-view-only-remote-connections
%patch -P53 -p1 -b .tigervnc-vncsession-use-bin-sh-when-shell-not-set
%patch -P50 -p1 -b .add-selinux-policy-rules-allowing-create-dirs-under-root-dir
%patch -P51 -p1 -b .add-selinux-policy-rules-allowing-access-to-proc-sys-fs-nr-open
# Upstreamable patches
%patch -P80 -p1 -b .dont-get-pointer-position-for-floating-device
%build
%ifarch sparcv9 sparc64 s390 s390x
@ -235,7 +238,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
%else
export CFLAGS="$RPM_OPT_FLAGS -fpic"
%endif
export CXXFLAGS="$CFLAGS"
export CXXFLAGS="$CFLAGS -std=c++11"
%{cmake} .
make %{?_smp_mflags}
@ -246,15 +249,12 @@ autoreconf -fiv
--disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
--disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \
--with-pic --disable-static \
--with-default-font-path="catalogue:%{_sysconfdir}/X11/fontpath.d,built-ins" \
--with-fontdir=%{_datadir}/X11/fonts \
--with-default-font-path="catalogue:/etc/X11/fontpath.d,built-ins" \
--with-xkb-output=%{_localstatedir}/lib/xkb \
--enable-install-libxf86config \
--enable-glx --disable-dri --enable-dri2 --disable-dri3 \
--enable-glx --disable-dri --enable-dri2 --enable-dri3 \
--disable-unit-tests \
--disable-config-hal \
--disable-config-udev \
--with-dri-driver-path=%{_libdir}/dri \
--without-dtrace \
--disable-devel-docs \
--disable-selective-werror
@ -288,6 +288,8 @@ popd
# Install systemd unit file
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
# Install old vncserver script
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
# Install desktop stuff
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
@ -298,7 +300,6 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps
done
popd
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
%find_lang %{name} %{name}.lang
@ -309,15 +310,14 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%post server
%systemd_post xvnc.service
%systemd_post xvnc@.service
%systemd_post xvnc.socket
%preun server
%systemd_preun xvnc.service
%systemd_preun xvnc.socket
%postun server
%systemd_postun xvnc.service
%systemd_postun xvnc@.service
%systemd_postun xvnc.socket
%pre selinux
@ -348,8 +348,8 @@ fi
%{_unitdir}/vncserver@.service
%{_unitdir}/xvnc@.service
%{_unitdir}/xvnc.socket
%{_bindir}/x0vncserver
%{_bindir}/vncserver
%{_bindir}/x0vncserver
%{_sbindir}/vncsession
%{_libexecdir}/vncserver
%{_libexecdir}/vncsession-start
@ -369,7 +369,7 @@ fi
%files server-module
%{_libdir}/xorg/modules/extensions/libvnc.so
%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%files license
%{_docdir}/tigervnc/LICENCE.TXT
@ -382,6 +382,10 @@ fi
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog
* Wed Feb 26 2025 Jan Grulich <jgrulich@redhat.com> - 1.15.0-1
- 1.15.0
Resolves: RHEL-79161
Resolves: RHEL-79982
* Wed Feb 26 2025 Jan Grulich <jgrulich@redhat.com> - 1.13.1-15
- Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor