From 8d1ca0c931c2f352c3f1f0dd13bd1c55c7d93ddf Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Wed, 15 Sep 2021 11:56:04 +0200 Subject: [PATCH] 1.11.90 --- .gitignore | 1 + sources | 2 +- ...b-runtime-ximage-byteorder-selection.patch | 43 ---- ...correctly-start-vncsession-as-daemon.patch | 13 -- ...w-about-not-using-view-only-password.patch | 22 -- ...rvnc-passwd-crash-with-malloc-checks.patch | 38 ---- ...ing-compression-and-correct-location.patch | 38 ---- tigervnc-selinux-policy-improvements.patch | 183 ---------------- tigervnc-systemd-service.patch | 47 ---- tigervnc-tolerate-specifying-boolparam.patch | 149 ------------- tigervnc-utilize-system-crypto-policies.patch | 198 ----------------- tigervnc-working-tls-on-fips-systems.patch | 120 ----------- tigervnc.spec | 35 +-- vncserver.man | 204 ------------------ 14 files changed, 7 insertions(+), 1086 deletions(-) delete mode 100644 tigervnc-argb-runtime-ximage-byteorder-selection.patch delete mode 100644 tigervnc-correctly-start-vncsession-as-daemon.patch delete mode 100644 tigervnc-let-user-know-about-not-using-view-only-password.patch delete mode 100644 tigervnc-passwd-crash-with-malloc-checks.patch delete mode 100644 tigervnc-selinux-missing-compression-and-correct-location.patch delete mode 100644 tigervnc-selinux-policy-improvements.patch delete mode 100644 tigervnc-systemd-service.patch delete mode 100644 tigervnc-tolerate-specifying-boolparam.patch delete mode 100644 tigervnc-utilize-system-crypto-policies.patch delete mode 100644 tigervnc-working-tls-on-fips-systems.patch delete mode 100644 vncserver.man diff --git a/.gitignore b/.gitignore index 0020ad9..55644f3 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ tigervnc-1.0.90-20100721svn4113.tar.bz2 /tigervnc-1.10.1.tar.gz /tigervnc-1.10.90.tar.gz /tigervnc-1.11.0.tar.gz +/tigervnc-1.11.90.tar.gz diff --git a/sources b/sources index 7f760be..baaa55a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (tigervnc-1.11.0.tar.gz) = 262676f065de6dfb72b1482c0ef1e6d8b764f53360ae6114debbe0986eede45d27e283e1452a72cb9b7540657ab347fd36df5b30b72d6db4a0f8cbea5b591025 +SHA512 (tigervnc-1.11.90.tar.gz) = d4d213b129db9d478e4fe7213bbb1401442998f9bee3c5588fda44bfbbb1e7875a1ca6e3589fbe67eaeceffdaee27d5f312bd26598d9eb734c7d87e06abeba52 diff --git a/tigervnc-argb-runtime-ximage-byteorder-selection.patch b/tigervnc-argb-runtime-ximage-byteorder-selection.patch deleted file mode 100644 index 24fc077..0000000 --- a/tigervnc-argb-runtime-ximage-byteorder-selection.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ab92639848a6059e2b6b88499b008b9606f3af6 Mon Sep 17 00:00:00 2001 -From: johnmartin-oracle <55413843+johnmartin-oracle@users.noreply.github.com> -Date: Thu, 27 Aug 2020 22:30:23 -0400 -Subject: [PATCH] Update Surface_X11.cxx - -Runtime sellection of ARGB XImage byte order ---- - vncviewer/Surface_X11.cxx | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/vncviewer/Surface_X11.cxx b/vncviewer/Surface_X11.cxx -index 6562634dc..8944c3f71 100644 ---- a/vncviewer/Surface_X11.cxx -+++ b/vncviewer/Surface_X11.cxx -@@ -123,17 +123,17 @@ void Surface::alloc() - // we find such a format - templ.type = PictTypeDirect; - templ.depth = 32; --#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -- templ.direct.alpha = 0; -- templ.direct.red = 8; -- templ.direct.green = 16; -- templ.direct.blue = 24; --#else -- templ.direct.alpha = 24; -- templ.direct.red = 16; -- templ.direct.green = 8; -- templ.direct.blue = 0; --#endif -+ if (XImageByteOrder(fl_display) == MSBFirst) { -+ templ.direct.alpha = 0; -+ templ.direct.red = 8; -+ templ.direct.green = 16; -+ templ.direct.blue = 24; -+ } else { -+ templ.direct.alpha = 24; -+ templ.direct.red = 16; -+ templ.direct.green = 8; -+ templ.direct.blue = 0; -+ } - templ.direct.alphaMask = 0xff; - templ.direct.redMask = 0xff; - templ.direct.greenMask = 0xff; diff --git a/tigervnc-correctly-start-vncsession-as-daemon.patch b/tigervnc-correctly-start-vncsession-as-daemon.patch deleted file mode 100644 index af5e7f2..0000000 --- a/tigervnc-correctly-start-vncsession-as-daemon.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c -index 2b47f5f5..f78c096f 100644 ---- a/unix/vncserver/vncsession.c -+++ b/unix/vncserver/vncsession.c -@@ -99,7 +99,7 @@ begin_daemon(void) - return -1; - } - -- if (pid == 0) -+ if (pid != 0) - _exit(0); - - /* Send all stdio to /dev/null */ diff --git a/tigervnc-let-user-know-about-not-using-view-only-password.patch b/tigervnc-let-user-know-about-not-using-view-only-password.patch deleted file mode 100644 index e95b145..0000000 --- a/tigervnc-let-user-know-about-not-using-view-only-password.patch +++ /dev/null @@ -1,22 +0,0 @@ -From dbf76d2ee8da157c2c2970c937bcc0ed9ef08a6f Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Tue, 25 May 2021 14:14:33 +0200 -Subject: [PATCH] Let user know that a view-only password is not used - ---- - unix/vncpasswd/vncpasswd.cxx | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx -index 3055223ef..8f3649fe9 100644 ---- a/unix/vncpasswd/vncpasswd.cxx -+++ b/unix/vncpasswd/vncpasswd.cxx -@@ -160,6 +160,8 @@ int main(int argc, char** argv) - char yesno[3]; - if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) { - obfuscatedReadOnly = readpassword(); -+ } else { -+ fprintf(stderr, "A view-only password is not used\n"); - } - - FILE* fp = fopen(fname,"w"); diff --git a/tigervnc-passwd-crash-with-malloc-checks.patch b/tigervnc-passwd-crash-with-malloc-checks.patch deleted file mode 100644 index 06a8d0f..0000000 --- a/tigervnc-passwd-crash-with-malloc-checks.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5d834359bef6727df82cf4f2c2f3f255145f7785 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Tue, 25 May 2021 14:18:48 +0200 -Subject: [PATCH] CharArray: pre-fill empty array with zeroes - -CharArray should always be null-terminated. There is a potential -scenario where this all might lead to crash. In Password we call -memset(), passing length of the array we get with strlen(), but -this won't return correct value when the array is not properly -null-terminated. ---- - common/rfb/util.h | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/common/rfb/util.h b/common/rfb/util.h -index 3100f90fd..71caac426 100644 ---- a/common/rfb/util.h -+++ b/common/rfb/util.h -@@ -52,14 +52,17 @@ namespace rfb { - CharArray(char* str) : buf(str) {} // note: assumes ownership - CharArray(size_t len) { - buf = new char[len](); -+ memset(buf, 0, len); - } - ~CharArray() { -- delete [] buf; -+ if (buf) { -+ delete [] buf; -+ } - } - void format(const char *fmt, ...) __printf_attr(2, 3); - // Get the buffer pointer & clear it (i.e. caller takes ownership) - char* takeBuf() {char* tmp = buf; buf = 0; return tmp;} -- void replaceBuf(char* b) {delete [] buf; buf = b;} -+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;} - char* buf; - private: - CharArray(const CharArray&); diff --git a/tigervnc-selinux-missing-compression-and-correct-location.patch b/tigervnc-selinux-missing-compression-and-correct-location.patch deleted file mode 100644 index 9507228..0000000 --- a/tigervnc-selinux-missing-compression-and-correct-location.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 6125695b80f6a43002f454786115b0a6c1730831 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Mon, 17 May 2021 13:44:32 +0200 -Subject: [PATCH 1/2] SELinux: Add missing compression and install policy to - correct directory - ---- - unix/vncserver/selinux/Makefile | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/unix/vncserver/selinux/Makefile b/unix/vncserver/selinux/Makefile -index 7497bf846..b23f20f60 100644 ---- a/unix/vncserver/selinux/Makefile -+++ b/unix/vncserver/selinux/Makefile -@@ -10,15 +10,18 @@ - PREFIX=/usr - DATADIR=$(PREFIX)/share - --all: vncsession.pp -+all: vncsession.pp.bz2 -+ -+%.pp.bz2: %.pp -+ bzip2 -9 $^ - - %.pp: %.te - make -f $(DATADIR)/selinux/devel/Makefile $@ - - clean: -- rm -f *.pp -+ rm -f *.pp *.pp.bz2 - rm -rf tmp - --install: vncsession.pp -- mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages -- install vncsession.pp $(DESTDIR)$(DATADIR)/selinux/packages/vncsession.pp -+install: vncsession.pp.bz2 -+ mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages/targeted/ -+ install vncsession.pp.bz2 $(DESTDIR)$(DATADIR)/selinux/packages/targeted/vncsession.pp.bz2 diff --git a/tigervnc-selinux-policy-improvements.patch b/tigervnc-selinux-policy-improvements.patch deleted file mode 100644 index c797b18..0000000 --- a/tigervnc-selinux-policy-improvements.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 386542e6d50eeaa68aa91f821c0725ddd0ab9b2a Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Tue, 18 May 2021 12:23:15 +0200 -Subject: [PATCH] selinux: Fix issues reported by SELint - -Style guide [1] issues only. No impact on policy functionality. - -[1] - https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide ---- - unix/vncserver/selinux/vncsession.te | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te -index a773fed39..63ad8a85f 100644 ---- a/unix/vncserver/selinux/vncsession.te -+++ b/unix/vncserver/selinux/vncsession.te -@@ -17,7 +17,7 @@ - # USA. - # - --policy_module(vncsession, 1.0.0); -+policy_module(vncsession, 1.0.0) - - gen_require(` - attribute userdomain; -@@ -42,8 +42,8 @@ can_exec(vnc_session_t, vnc_session_exec_t) - userdom_spec_domtrans_all_users(vnc_session_t) - userdom_signal_all_users(vnc_session_t) - --allow vnc_session_t self:capability { kill chown dac_override dac_read_search fowner setgid setuid sys_resource }; --allow vnc_session_t self:process { getcap setsched setexec setrlimit }; -+allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource }; -+allow vnc_session_t self:process { getcap setexec setrlimit setsched }; - allow vnc_session_t self:fifo_file rw_fifo_file_perms; - - manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) -@@ -65,4 +65,3 @@ logging_append_all_logs(vnc_session_t) - - mcs_process_set_categories(vnc_session_t) - mcs_killall(vnc_session_t) -- -From 23cf514ac265a02dc666e8651dcc579022f0da77 Mon Sep 17 00:00:00 2001 -From: Zdenek Pytela -Date: Tue, 18 May 2021 13:31:53 +0200 -Subject: [PATCH] selinux: further style and comprehensibility improvements - -Sections and rules blocks reordered according to the Style guide. - -https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide ---- - unix/vncserver/selinux/vncsession.te | 59 +++++++++++++++++----------- - 1 file changed, 36 insertions(+), 23 deletions(-) - -diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te -index 63ad8a85f..86fd6e5ef 100644 ---- a/unix/vncserver/selinux/vncsession.te -+++ b/unix/vncserver/selinux/vncsession.te -@@ -20,48 +20,61 @@ - policy_module(vncsession, 1.0.0) - - gen_require(` -- attribute userdomain; -- type xdm_home_t; -+ attribute userdomain; -+ type xdm_home_t; - ') - --type vnc_session_exec_t; --corecmd_executable_file(vnc_session_exec_t) - type vnc_session_t; -+type vnc_session_exec_t; - init_daemon_domain(vnc_session_t, vnc_session_exec_t) --auth_login_pgm_domain(vnc_session_t) -+can_exec(vnc_session_t, vnc_session_exec_t) - - type vnc_session_var_run_t; - files_pid_file(vnc_session_var_run_t) --allow vnc_session_t vnc_session_var_run_t:file manage_file_perms; --files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) -- --auth_write_login_records(vnc_session_t) -- --can_exec(vnc_session_t, vnc_session_exec_t) -- --userdom_spec_domtrans_all_users(vnc_session_t) --userdom_signal_all_users(vnc_session_t) - - allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource }; - allow vnc_session_t self:process { getcap setexec setrlimit setsched }; - allow vnc_session_t self:fifo_file rw_fifo_file_perms; - -+allow vnc_session_t vnc_session_var_run_t:file manage_file_perms; -+files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) -+ - manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) - manage_fifo_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) - manage_sock_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) - manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) --userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") --userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") -- --# This also affects other tools, e.g. vncpasswd --userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") --userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") -- --miscfiles_read_localization(vnc_session_t) - - kernel_read_kernel_sysctls(vnc_session_t) - --logging_append_all_logs(vnc_session_t) -+corecmd_executable_file(vnc_session_exec_t) - - mcs_process_set_categories(vnc_session_t) - mcs_killall(vnc_session_t) -+ -+optional_policy(` -+ auth_login_pgm_domain(vnc_session_t) -+ auth_write_login_records(vnc_session_t) -+') -+ -+optional_policy(` -+ logging_append_all_logs(vnc_session_t) -+') -+ -+optional_policy(` -+ miscfiles_read_localization(vnc_session_t) -+') -+ -+optional_policy(` -+ userdom_spec_domtrans_all_users(vnc_session_t) -+ userdom_signal_all_users(vnc_session_t) -+ -+ userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") -+ userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") -+ -+ # This also affects other tools, e.g. vncpasswd -+ gen_require(` -+ attribute userdomain; -+ ') -+ userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") -+ userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") -+') -From 3c8622691abfb377b48bf3749dd629c5a7120cf4 Mon Sep 17 00:00:00 2001 -From: Zdenek Pytela -Date: Tue, 18 May 2021 13:39:11 +0200 -Subject: [PATCH] Allow vnc_session_t manage nfs dirs and files conditionally - -The permissions set to manage directories and files with the nfs_t type -is allowed when the use_nfs_home_dirs boolean is turned on. - -Resolves: https://github.com/TigerVNC/tigervnc/issues/1189 ---- - unix/vncserver/selinux/vncsession.te | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te -index 86fd6e5ef..46e699117 100644 ---- a/unix/vncserver/selinux/vncsession.te -+++ b/unix/vncserver/selinux/vncsession.te -@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t) - mcs_process_set_categories(vnc_session_t) - mcs_killall(vnc_session_t) - -+tunable_policy(`use_nfs_home_dirs',` -+ fs_manage_nfs_dirs(vnc_session_t) -+ fs_manage_nfs_files(vnc_session_t) -+') -+ - optional_policy(` - auth_login_pgm_domain(vnc_session_t) - auth_write_login_records(vnc_session_t) -diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te -index 46e69911..f1108ec8 100644 ---- a/unix/vncserver/selinux/vncsession.te -+++ b/unix/vncserver/selinux/vncsession.te -@@ -20,7 +20,6 @@ - policy_module(vncsession, 1.0.0) - - gen_require(` -- attribute userdomain; - type xdm_home_t; - ') - diff --git a/tigervnc-systemd-service.patch b/tigervnc-systemd-service.patch deleted file mode 100644 index 846a34b..0000000 --- a/tigervnc-systemd-service.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 40f104ffe1e36df9613f8d316f616fb2b089cc86 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Tue, 29 Sep 2020 13:37:16 +0200 -Subject: [PATCH] Use /run instead of /var/run which is just a symlink - ---- - unix/vncserver/selinux/vncsession.fc | 2 +- - unix/vncserver/vncserver@.service.in | 2 +- - unix/vncserver/vncsession.c | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc -index 121cdd237..ae768baa4 100644 ---- a/unix/vncserver/selinux/vncsession.fc -+++ b/unix/vncserver/selinux/vncsession.fc -@@ -23,4 +23,4 @@ HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0) - /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0) - /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0) - --/var/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0) -+/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0) -diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in -index 584ecf4b1..5624dff76 100644 ---- a/unix/vncserver/vncserver@.service.in -+++ b/unix/vncserver/vncserver@.service.in -@@ -36,7 +36,7 @@ After=syslog.target network.target - [Service] - Type=forking - ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i --PIDFile=/var/run/vncsession-%i.pid -+PIDFile=/run/vncsession-%i.pid - SELinuxContext=system_u:system_r:vnc_session_t:s0 - - [Install] -diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c -index 3e0c98f0f..2b47f5f55 100644 ---- a/unix/vncserver/vncsession.c -+++ b/unix/vncserver/vncsession.c -@@ -543,7 +543,7 @@ main(int argc, char **argv) - } - - snprintf(pid_file, sizeof(pid_file), -- "/var/run/vncsession-%s.pid", display); -+ "/run/vncsession-%s.pid", display); - f = fopen(pid_file, "w"); - if (f == NULL) { - syslog(LOG_ERR, "Failure creating pid file \"%s\": %s", diff --git a/tigervnc-tolerate-specifying-boolparam.patch b/tigervnc-tolerate-specifying-boolparam.patch deleted file mode 100644 index 70ddef3..0000000 --- a/tigervnc-tolerate-specifying-boolparam.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 38c6848b30cb1908171f2b4628e345fbf6727b39 Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Fri, 18 Sep 2020 10:44:32 +0200 -Subject: [PATCH] Tolerate specifying -BoolParam 0 and similar - -This is needed by vncserver which doesn't know which parameters are -boolean, and it cannot use the -Param=Value form as that isn't tolerated -by the Xorg code. ---- - unix/vncserver/vncserver.in | 8 ++++---- - unix/xserver/hw/vnc/RFBGlue.cc | 16 ++++++++++++++++ - unix/xserver/hw/vnc/RFBGlue.h | 1 + - unix/xserver/hw/vnc/xvnc.c | 14 ++++++++++++++ - vncviewer/vncviewer.cxx | 20 ++++++++++++++++++++ - 5 files changed, 55 insertions(+), 4 deletions(-) - -diff --git a/unix/vncserver/vncserver.in b/unix/vncserver/vncserver.in -index 25fbbd315..261b258f1 100755 ---- a/unix/vncserver/vncserver.in -+++ b/unix/vncserver/vncserver.in -@@ -107,7 +107,7 @@ $default_opts{rfbwait} = 30000; - $default_opts{rfbauth} = "$vncUserDir/passwd"; - $default_opts{rfbport} = $vncPort; - $default_opts{fp} = $fontPath if ($fontPath); --$default_opts{pn} = ""; -+$default_opts{pn} = undef; - - # Load user-overrideable system defaults - LoadConfig($vncSystemConfigDefaultsFile); -@@ -242,13 +242,13 @@ push(@cmd, "@CMAKE_INSTALL_FULL_BINDIR@/Xvnc", ":$displayNumber"); - - foreach my $k (sort keys %config) { - push(@cmd, "-$k"); -- push(@cmd, $config{$k}) if $config{$k}; -+ push(@cmd, $config{$k}) if defined($config{$k}); - delete $default_opts{$k}; # file options take precedence - } - - foreach my $k (sort keys %default_opts) { - push(@cmd, "-$k"); -- push(@cmd, $default_opts{$k}) if $default_opts{$k}; -+ push(@cmd, $default_opts{$k}) if defined($default_opts{$k}); - } - - warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n"; -@@ -291,7 +291,7 @@ sub LoadConfig { - # current config file being loaded defined the logical opposite setting - # (NeverShared vs. AlwaysShared, etc etc). - $toggle = lc($1); # must normalize key case -- $config{$toggle} = $k; -+ $config{$toggle} = undef; - } - } - close(IN); -diff --git a/unix/xserver/hw/vnc/RFBGlue.cc b/unix/xserver/hw/vnc/RFBGlue.cc -index f108fae43..7c32bea8f 100644 ---- a/unix/xserver/hw/vnc/RFBGlue.cc -+++ b/unix/xserver/hw/vnc/RFBGlue.cc -@@ -143,6 +143,22 @@ const char* vncGetParamDesc(const char *name) - return param->getDescription(); - } - -+int vncIsParamBool(const char *name) -+{ -+ VoidParameter *param; -+ BoolParameter *bparam; -+ -+ param = rfb::Configuration::getParam(name); -+ if (param == NULL) -+ return false; -+ -+ bparam = dynamic_cast(param); -+ if (bparam == NULL) -+ return false; -+ -+ return true; -+} -+ - int vncGetParamCount(void) - { - int count; -diff --git a/unix/xserver/hw/vnc/RFBGlue.h b/unix/xserver/hw/vnc/RFBGlue.h -index 112405b84..695cea105 100644 ---- a/unix/xserver/hw/vnc/RFBGlue.h -+++ b/unix/xserver/hw/vnc/RFBGlue.h -@@ -41,6 +41,7 @@ int vncSetParam(const char *name, const char *value); - int vncSetParamSimple(const char *nameAndValue); - char* vncGetParam(const char *name); - const char* vncGetParamDesc(const char *name); -+int vncIsParamBool(const char *name); - - int vncGetParamCount(void); - char *vncGetParamList(void); -diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c -index 4eb0b0b13..5744acac8 100644 ---- a/unix/xserver/hw/vnc/xvnc.c -+++ b/unix/xserver/hw/vnc/xvnc.c -@@ -618,6 +618,20 @@ ddxProcessArgument(int argc, char *argv[], int i) - exit(0); - } - -+ /* We need to resolve an ambiguity for booleans */ -+ if (argv[i][0] == '-' && i+1 < argc && -+ vncIsParamBool(&argv[i][1])) { -+ if ((strcasecmp(argv[i+1], "0") == 0) || -+ (strcasecmp(argv[i+1], "1") == 0) || -+ (strcasecmp(argv[i+1], "true") == 0) || -+ (strcasecmp(argv[i+1], "false") == 0) || -+ (strcasecmp(argv[i+1], "yes") == 0) || -+ (strcasecmp(argv[i+1], "no") == 0)) { -+ vncSetParam(&argv[i][1], argv[i+1]); -+ return 2; -+ } -+ } -+ - if (vncSetParamSimple(argv[i])) - return 1; - -diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx -index d4dd3063c..77ba3d3f4 100644 ---- a/vncviewer/vncviewer.cxx -+++ b/vncviewer/vncviewer.cxx -@@ -556,6 +556,26 @@ int main(int argc, char** argv) - } - - for (int i = 1; i < argc;) { -+ /* We need to resolve an ambiguity for booleans */ -+ if (argv[i][0] == '-' && i+1 < argc) { -+ VoidParameter *param; -+ -+ param = Configuration::getParam(&argv[i][1]); -+ if ((param != NULL) && -+ (dynamic_cast(param) != NULL)) { -+ if ((strcasecmp(argv[i+1], "0") == 0) || -+ (strcasecmp(argv[i+1], "1") == 0) || -+ (strcasecmp(argv[i+1], "true") == 0) || -+ (strcasecmp(argv[i+1], "false") == 0) || -+ (strcasecmp(argv[i+1], "yes") == 0) || -+ (strcasecmp(argv[i+1], "no") == 0)) { -+ param->setParam(argv[i+1]); -+ i += 2; -+ continue; -+ } -+ } -+ } -+ - if (Configuration::setParam(argv[i])) { - i++; - continue; diff --git a/tigervnc-utilize-system-crypto-policies.patch b/tigervnc-utilize-system-crypto-policies.patch deleted file mode 100644 index 9abf50f..0000000 --- a/tigervnc-utilize-system-crypto-policies.patch +++ /dev/null @@ -1,198 +0,0 @@ -diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx -index 9900837..59d2086 100644 ---- a/common/rfb/CSecurityTLS.cxx -+++ b/common/rfb/CSecurityTLS.cxx -@@ -210,26 +210,66 @@ void CSecurityTLS::setParam() - static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH"; - - int ret; -- char *prio; -- const char *err; - -- prio = (char*)malloc(strlen(Security::GnuTLSPriority) + -- strlen(kx_anon_priority) + 1); -- if (prio == NULL) -- throw AuthFailureException("Not enough memory for GnuTLS priority string"); -+ // Custom priority string specified? -+ if (strcmp(Security::GnuTLSPriority, "") != 0) { -+ char *prio; -+ const char *err; - -- strcpy(prio, Security::GnuTLSPriority); -- if (anon) -+ prio = (char*)malloc(strlen(Security::GnuTLSPriority) + -+ strlen(kx_anon_priority) + 1); -+ if (prio == NULL) -+ throw AuthFailureException("Not enough memory for GnuTLS priority string"); -+ -+ strcpy(prio, Security::GnuTLSPriority); -+ if (anon) -+ strcat(prio, kx_anon_priority); -+ -+ ret = gnutls_priority_set_direct(session, prio, &err); -+ -+ free(prio); -+ -+ if (ret != GNUTLS_E_SUCCESS) { -+ if (ret == GNUTLS_E_INVALID_REQUEST) -+ vlog.error("GnuTLS priority syntax error at: %s", err); -+ throw AuthFailureException("gnutls_set_priority_direct failed"); -+ } -+ } else if (anon) { -+ const char *err; -+ -+#if GNUTLS_VERSION_NUMBER >= 0x030603 -+ // gnutls_set_default_priority_appends() expects a normal priority string that -+ // doesn't start with ":". -+ ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0); -+ if (ret != GNUTLS_E_SUCCESS) { -+ if (ret == GNUTLS_E_INVALID_REQUEST) -+ vlog.error("GnuTLS priority syntax error at: %s", err); -+ throw AuthFailureException("gnutls_set_default_priority_append failed"); -+ } -+#else -+ // We don't know what the system default priority is, so we guess -+ // it's what upstream GnuTLS has -+ static const char gnutls_default_priority[] = "NORMAL"; -+ char *prio; -+ -+ prio = (char*)malloc(strlen(gnutls_default_priority) + -+ strlen(kx_anon_priority) + 1); -+ if (prio == NULL) -+ throw AuthFailureException("Not enough memory for GnuTLS priority string"); -+ -+ strcpy(prio, gnutls_default_priority); - strcat(prio, kx_anon_priority); - -- ret = gnutls_priority_set_direct(session, prio, &err); -+ ret = gnutls_priority_set_direct(session, prio, &err); - -- free(prio); -+ free(prio); - -- if (ret != GNUTLS_E_SUCCESS) { -- if (ret == GNUTLS_E_INVALID_REQUEST) -- vlog.error("GnuTLS priority syntax error at: %s", err); -- throw AuthFailureException("gnutls_set_priority_direct failed"); -+ if (ret != GNUTLS_E_SUCCESS) { -+ if (ret == GNUTLS_E_INVALID_REQUEST) -+ vlog.error("GnuTLS priority syntax error at: %s", err); -+ throw AuthFailureException("gnutls_set_priority_direct failed"); -+ } -+#endif - } - - if (anon) { -diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx -index ef5d8c9..f32f87f 100644 ---- a/common/rfb/SSecurityTLS.cxx -+++ b/common/rfb/SSecurityTLS.cxx -@@ -198,26 +198,66 @@ void SSecurityTLS::setParams(gnutls_session_t session) - static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH"; - - int ret; -- char *prio; -- const char *err; - -- prio = (char*)malloc(strlen(Security::GnuTLSPriority) + -- strlen(kx_anon_priority) + 1); -- if (prio == NULL) -- throw AuthFailureException("Not enough memory for GnuTLS priority string"); -+ // Custom priority string specified? -+ if (strcmp(Security::GnuTLSPriority, "") != 0) { -+ char *prio; -+ const char *err; - -- strcpy(prio, Security::GnuTLSPriority); -- if (anon) -+ prio = (char*)malloc(strlen(Security::GnuTLSPriority) + -+ strlen(kx_anon_priority) + 1); -+ if (prio == NULL) -+ throw AuthFailureException("Not enough memory for GnuTLS priority string"); -+ -+ strcpy(prio, Security::GnuTLSPriority); -+ if (anon) -+ strcat(prio, kx_anon_priority); -+ -+ ret = gnutls_priority_set_direct(session, prio, &err); -+ -+ free(prio); -+ -+ if (ret != GNUTLS_E_SUCCESS) { -+ if (ret == GNUTLS_E_INVALID_REQUEST) -+ vlog.error("GnuTLS priority syntax error at: %s", err); -+ throw AuthFailureException("gnutls_set_priority_direct failed"); -+ } -+ } else if (anon) { -+ const char *err; -+ -+#if GNUTLS_VERSION_NUMBER >= 0x030603 -+ // gnutls_set_default_priority_appends() expects a normal priority string that -+ // doesn't start with ":". -+ ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0); -+ if (ret != GNUTLS_E_SUCCESS) { -+ if (ret == GNUTLS_E_INVALID_REQUEST) -+ vlog.error("GnuTLS priority syntax error at: %s", err); -+ throw AuthFailureException("gnutls_set_default_priority_append failed"); -+ } -+#else -+ // We don't know what the system default priority is, so we guess -+ // it's what upstream GnuTLS has -+ static const char gnutls_default_priority[] = "NORMAL"; -+ char *prio; -+ -+ prio = (char*)malloc(strlen(gnutls_default_priority) + -+ strlen(kx_anon_priority) + 1); -+ if (prio == NULL) -+ throw AuthFailureException("Not enough memory for GnuTLS priority string"); -+ -+ strcpy(prio, gnutls_default_priority); - strcat(prio, kx_anon_priority); - -- ret = gnutls_priority_set_direct(session, prio, &err); -+ ret = gnutls_priority_set_direct(session, prio, &err); - -- free(prio); -+ free(prio); - -- if (ret != GNUTLS_E_SUCCESS) { -- if (ret == GNUTLS_E_INVALID_REQUEST) -- vlog.error("GnuTLS priority syntax error at: %s", err); -- throw AuthFailureException("gnutls_set_priority_direct failed"); -+ if (ret != GNUTLS_E_SUCCESS) { -+ if (ret == GNUTLS_E_INVALID_REQUEST) -+ vlog.error("GnuTLS priority syntax error at: %s", err); -+ throw AuthFailureException("gnutls_set_priority_direct failed"); -+ } -+#endif - } - - #if defined (SSECURITYTLS__USE_DEPRECATED_DH) -diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx -index 0666041..59deb78 100644 ---- a/common/rfb/Security.cxx -+++ b/common/rfb/Security.cxx -@@ -52,7 +52,7 @@ static LogWriter vlog("Security"); - #ifdef HAVE_GNUTLS - StringParameter Security::GnuTLSPriority("GnuTLSPriority", - "GnuTLS priority string that controls the TLS session’s handshake algorithms", -- "NORMAL"); -+ ""); - #endif - - Security::Security() -diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man -index 83621c0..4a0d20c 100644 ---- a/unix/xserver/hw/vnc/Xvnc.man -+++ b/unix/xserver/hw/vnc/Xvnc.man -@@ -226,7 +226,9 @@ also be in PEM format. - .TP - .B \-GnuTLSPriority \fIpriority\fP - GnuTLS priority string that controls the TLS session’s handshake algorithms. --See the GnuTLS manual for possible values. Default is \fBNORMAL\fP. -+See the GnuTLS manual for possible values. For GnuTLS < 3.6.3 the default -+value will be \fBNORMAL\fP to use upstream default. For newer versions -+of GnuTLS system-wide crypto policy will be used. - . - .TP - .B \-UseBlacklist diff --git a/tigervnc-working-tls-on-fips-systems.patch b/tigervnc-working-tls-on-fips-systems.patch deleted file mode 100644 index 5337ac6..0000000 --- a/tigervnc-working-tls-on-fips-systems.patch +++ /dev/null @@ -1,120 +0,0 @@ -diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx -index d5ef47e..ef5d8c9 100644 ---- a/common/rfb/SSecurityTLS.cxx -+++ b/common/rfb/SSecurityTLS.cxx -@@ -37,7 +37,23 @@ - #include - #include - --#define DH_BITS 1024 /* XXX This should be configurable! */ -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) -+/* FFDHE (RFC-7919) 2048-bit parameters, PEM-encoded */ -+static unsigned char ffdhe2048[] = -+ "-----BEGIN DH PARAMETERS-----\n" -+ "MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" -+ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" -+ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" -+ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" -+ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" -+ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICAOE=\n" -+ "-----END DH PARAMETERS-----\n"; -+ -+static const gnutls_datum_t ffdhe_pkcs3_param = { -+ ffdhe2048, -+ sizeof(ffdhe2048) -+}; -+#endif - - using namespace rfb; - -@@ -50,10 +66,14 @@ StringParameter SSecurityTLS::X509_KeyFile - static LogWriter vlog("TLS"); - - SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon) -- : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL), -+ : SSecurity(sc), session(NULL), anon_cred(NULL), - cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL), - rawis(NULL), rawos(NULL) - { -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) -+ dh_params = NULL; -+#endif -+ - certfile = X509_CertFile.getData(); - keyfile = X509_KeyFile.getData(); - -@@ -70,10 +90,12 @@ void SSecurityTLS::shutdown() - } - } - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - if (dh_params) { - gnutls_dh_params_deinit(dh_params); - dh_params = 0; - } -+#endif - - if (anon_cred) { - gnutls_anon_free_server_credentials(anon_cred); -@@ -198,17 +220,21 @@ void SSecurityTLS::setParams(gnutls_session_t session) - throw AuthFailureException("gnutls_set_priority_direct failed"); - } - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) - throw AuthFailureException("gnutls_dh_params_init failed"); - -- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS) -- throw AuthFailureException("gnutls_dh_params_generate2 failed"); -+ if (gnutls_dh_params_import_pkcs3(dh_params, &ffdhe_pkcs3_param, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS) -+ throw AuthFailureException("gnutls_dh_params_import_pkcs3 failed"); -+#endif - - if (anon) { - if (gnutls_anon_allocate_server_credentials(&anon_cred) != GNUTLS_E_SUCCESS) - throw AuthFailureException("gnutls_anon_allocate_server_credentials failed"); - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - gnutls_anon_set_server_dh_params(anon_cred, dh_params); -+#endif - - if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred) - != GNUTLS_E_SUCCESS) -@@ -220,7 +246,9 @@ void SSecurityTLS::setParams(gnutls_session_t session) - if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) - throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); - -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - gnutls_certificate_set_dh_params(cert_cred, dh_params); -+#endif - - switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) { - case GNUTLS_E_SUCCESS: -diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h -index dd89bb4..0cb463d 100644 ---- a/common/rfb/SSecurityTLS.h -+++ b/common/rfb/SSecurityTLS.h -@@ -36,6 +36,13 @@ - #include - #include - -+/* In GnuTLS 3.6.0 DH parameter generation was deprecated. RFC7919 is used instead. -+ * GnuTLS before 3.6.0 doesn't know about RFC7919 so we will have to import it. -+ */ -+#if GNUTLS_VERSION_NUMBER < 0x030600 -+#define SSECURITYTLS__USE_DEPRECATED_DH -+#endif -+ - namespace rfb { - - class SSecurityTLS : public SSecurity { -@@ -55,7 +62,9 @@ namespace rfb { - - private: - gnutls_session_t session; -+#if defined (SSECURITYTLS__USE_DEPRECATED_DH) - gnutls_dh_params_t dh_params; -+#endif - gnutls_anon_server_credentials_t anon_cred; - gnutls_certificate_credentials_t cert_cred; - char *keyfile, *certfile; diff --git a/tigervnc.spec b/tigervnc.spec index 065ffb1..5f877ca 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -3,8 +3,8 @@ %global modulename vncsession Name: tigervnc -Version: 1.11.0 -Release: 14%{?dist} +Version: 1.11.90 +Release: 1%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -20,22 +20,9 @@ Source4: HOWTO.md # Backwards compatibility Source5: vncserver -Source6: vncserver.man # Downstream patches -# Upstream patches (can be dropped with next Tigervnc release) -Patch51: tigervnc-let-user-know-about-not-using-view-only-password.patch -Patch52: tigervnc-working-tls-on-fips-systems.patch -Patch53: tigervnc-utilize-system-crypto-policies.patch -Patch54: tigervnc-passwd-crash-with-malloc-checks.patch -Patch55: tigervnc-tolerate-specifying-boolparam.patch -Patch56: tigervnc-systemd-service.patch -Patch57: tigervnc-correctly-start-vncsession-as-daemon.patch -Patch58: tigervnc-selinux-missing-compression-and-correct-location.patch -Patch59: tigervnc-selinux-policy-improvements.patch -Patch60: tigervnc-argb-runtime-ximage-byteorder-selection.patch - # This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg Patch100: tigervnc-xserver120.patch @@ -160,18 +147,6 @@ popd # Downstream patches -# Upstream patches -%patch51 -p1 -b .let-user-know-about-not-using-view-only-password -%patch52 -p1 -b .working-tls-on-fips-systems -%patch53 -p1 -b .utilize-system-crypto-policies -%patch54 -p1 -b .passwd-crash-with-malloc-checks -%patch55 -p1 -b .tolerate-specifying-boolparam -%patch56 -p1 -b .systemd-service -%patch57 -p1 -b .correctly-start-vncsession-as-daemon -%patch58 -p1 -b .selinux-missing-compression-and-correct-location -%patch59 -p1 -b .selinux-policy-improvements -%patch60 -p1 -b .argb-runtime-ximage-byteorder-selection - %build %ifarch sparcv9 sparc64 s390 s390x export CFLAGS="$RPM_OPT_FLAGS -fPIC" @@ -257,10 +232,7 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps done popd -rm -f %{buildroot}/%{_mandir}/man8/vncserver.8 - install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver -install -m 644 %{SOURCE6} %{buildroot}/%{_mandir}/man8/vncserver.8 %find_lang %{name} %{name}.lang @@ -345,6 +317,9 @@ fi %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %changelog +* Wed Sep 15 2021 Jan Grulich - 1.11.90-1 +- 1.11.90 + * Fri Jul 23 2021 Fedora Release Engineering - 1.11.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild diff --git a/vncserver.man b/vncserver.man deleted file mode 100644 index 2641ed1..0000000 --- a/vncserver.man +++ /dev/null @@ -1,204 +0,0 @@ -.TH vncserver 1 "" "TigerVNC" "Virtual Network Computing" -.SH NAME -vncserver \- start or stop a VNC server -.SH SYNOPSIS -.B vncserver -.RI [: display# ] -.RB [ \-name -.IR desktop-name ] -.RB [ \-geometry -.IR width x height ] -.RB [ \-depth -.IR depth ] -.RB [ \-pixelformat -.IR format ] -.RB [ \-fp -.IR font-path ] -.RB [ \-fg ] -.RB [ \-autokill ] -.RB [ \-noxstartup ] -.RB [ \-xstartup -.IR script ] -.RI [ Xvnc-options... ] -.br -.BI "vncserver \-kill :" display# -.br -.BI "vncserver \-list" -.SH DESCRIPTION -.B vncserver -is used to start a VNC (Virtual Network Computing) desktop. -.B vncserver -is a Perl script which simplifies the process of starting an Xvnc server. It -runs Xvnc with appropriate options and starts a window manager on the VNC -desktop. - -.B vncserver -can be run with no options at all. In this case it will choose the first -available display number (usually :1), start Xvnc with that display number, -and start the default window manager in the Xvnc session. You can also -specify the display number, in which case vncserver will attempt to start -Xvnc with that display number and exit if the display number is not -available. For example: - -.RS -vncserver :13 -.RE - -Editing the file $HOME/.vnc/xstartup allows you to change the applications run -at startup (but note that this will not affect an existing VNC session.) - -.SH OPTIONS -You can get a list of options by passing \fB\-h\fP as an option to vncserver. -In addition to the options listed below, any unrecognised options will be -passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details. - -.TP -.B \-name \fIdesktop-name\fP -Each VNC desktop has a name which may be displayed by the viewer. The desktop -name defaults to "\fIhost\fP:\fIdisplay#\fP (\fIusername\fP)", but you can -change it with this option. The desktop name option is passed to the xstartup -script via the $VNCDESKTOP environment variable, which allows you to run a -different set of applications depending on the name of the desktop. -. -.TP -.B \-geometry \fIwidth\fPx\fIheight\fP -Specify the size of the VNC desktop to be created. Default is 1024x768. -. -.TP -.B \-depth \fIdepth\fP -Specify the pixel depth (in bits) of the VNC desktop to be created. Default is -24. Other possible values are 8, 15 and 16 - anything else is likely to cause -strange behaviour by applications. -. -.TP -.B \-pixelformat \fIformat\fP -Specify pixel format for Xvnc to use (BGRnnn or RGBnnn). The default for -depth 8 is BGR233 (meaning the most significant two bits represent blue, the -next three green, and the least significant three represent red), the default -for depth 16 is RGB565, and the default for depth 24 is RGB888. -. -.TP -.B \-cc 3 -As an alternative to the default TrueColor visual, this allows you to run an -Xvnc server with a PseudoColor visual (i.e. one which uses a color map or -palette), which can be useful for running some old X applications which only -work on such a display. Values other than 3 (PseudoColor) and 4 (TrueColor) -for the \-cc option may result in strange behaviour, and PseudoColor desktops -must have an 8-bit depth. -. -.TP -.B \-kill :\fIdisplay#\fP -This kills a VNC desktop previously started with vncserver. It does this by -killing the Xvnc process, whose process ID is stored in the file -"$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid". The -.B \-kill -option ignores anything preceding the first colon (":") in the display -argument. Thus, you can invoke "vncserver \-kill $DISPLAY", for example at the -end of your xstartup file after a particular application exits. -. -.TP -.B \-fp \fIfont-path\fP -If the vncserver script detects that the X Font Server (XFS) is running, it -will attempt to start Xvnc and configure Xvnc to use XFS for font handling. -Otherwise, if XFS is not running, the vncserver script will attempt to start -Xvnc and allow Xvnc to use its own preferred method of font handling (which may -be a hard-coded font path or, on more recent systems, a font catalog.) In -any case, if Xvnc fails to start, the vncserver script will then attempt to -determine an appropriate X font path for this system and start Xvnc using -that font path. - -The -.B \-fp -argument allows you to override the above fallback logic and specify a font -path for Xvnc to use. -. -.TP -.B \-fg -Runs Xvnc as a foreground process. This has two effects: (1) The VNC server -can be aborted with CTRL-C, and (2) the VNC server will exit as soon as the -user logs out of the window manager in the VNC session. This may be necessary -when launching TigerVNC from within certain grid computing environments. -. -.TP -.B \-autokill -Automatically kill Xvnc whenever the xstartup script exits. In most cases, -this has the effect of terminating Xvnc when the user logs out of the window -manager. -. -.TP -.B \-noxstartup -Do not run the %HOME/.vnc/xstartup script after launching Xvnc. This -option allows you to manually start a window manager in your TigerVNC session. -. -.TP -.B \-xstartup \fIscript\fP -Run a custom startup script, instead of %HOME/.vnc/xstartup, after launching -Xvnc. This is useful to run full-screen applications. -. -.TP -.B \-list -Lists all VNC desktops started by vncserver. - -.SH FILES -Several VNC-related files are found in the directory $HOME/.vnc: -.TP -$HOME/.vnc/xstartup -A shell script specifying X applications to be run when a VNC desktop is -started. If this file does not exist, then vncserver will create a default -xstartup script which attempts to launch your chosen window manager. -.TP -/etc/tigervnc/vncserver-config-defaults -The optional system-wide equivalent of $HOME/.vnc/config. If this file exists -and defines options to be passed to Xvnc, they will be used as defaults for -users. The user's $HOME/.vnc/config overrides settings configured in this file. -The overall configuration file load order is: this file, $HOME/.vnc/config, -and then /etc/tigervnc/vncserver-config-mandatory. None are required to exist. -.TP -/etc/tigervnc/vncserver-config-mandatory -The optional system-wide equivalent of $HOME/.vnc/config. If this file exists -and defines options to be passed to Xvnc, they will override any of the same -options defined in a user's $HOME/.vnc/config. This file offers a mechanism -to establish some basic form of system-wide policy. WARNING! There is -nothing stopping users from constructing their own vncserver-like script -that calls Xvnc directly to bypass any options defined in -/etc/tigervnc/vncserver-config-mandatory. Likewise, any CLI arguments passed -to vncserver will override ANY config file setting of the same name. The -overall configuration file load order is: -/etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then this file. -None are required to exist. -.TP -$HOME/.vnc/config -An optional server config file wherein options to be passed to Xvnc are listed -to avoid hard-coding them to the physical invocation. List options in this file -one per line. For those requiring an argument, simply separate the option from -the argument with an equal sign, for example: "geometry=2000x1200" or -"securitytypes=vncauth,tlsvnc". Options without an argument are simply listed -as a single word, for example: "localhost" or "alwaysshared". -.TP -$HOME/.vnc/passwd -The VNC password file. -.TP -$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.log -The log file for Xvnc and applications started in xstartup. -.TP -$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid -Identifies the Xvnc process ID, used by the -.B \-kill -option. - -.SH SEE ALSO -.BR vncviewer (1), -.BR vncpasswd (1), -.BR vncconfig (1), -.BR Xvnc (1) -.br -https://www.tigervnc.org - -.SH AUTHOR -Tristan Richardson, RealVNC Ltd., D. R. Commander and others. - -VNC was originally developed by the RealVNC team while at Olivetti -Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were -implemented by Constantin Kaplinsky. Many other people have since -participated in development, testing and support. This manual is part -of the TigerVNC software suite.