import CS tigervnc-1.13.1-10.el8
This commit is contained in:
parent
1f98227e4a
commit
ae88ffbba8
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/tigervnc-1.12.0.tar.gz
|
||||
SOURCES/tigervnc-1.13.1.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
44db63993d8ad04f730b0b48e8aca32933bff15a SOURCES/tigervnc-1.12.0.tar.gz
|
||||
6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz
|
||||
|
@ -1,199 +0,0 @@
|
||||
From ccbd491fa48f1c43daeb1a6c5ee91a1a8fa3db88 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Tue, 9 Aug 2022 14:31:07 +0200
|
||||
Subject: [PATCH] x0vncserver: add new keysym in case we don't find a matching
|
||||
keycode
|
||||
|
||||
We might often fail to find a matching X11 keycode when the client has
|
||||
a different keyboard layout and end up with no key event. To avoid a
|
||||
failure we add it as a new keysym/keycode pair so the next time a keysym
|
||||
from the client that is unknown to the server is send, we will find a
|
||||
match and proceed with key event. This is same behavior used in Xvnc or
|
||||
x11vnc, although Xvnc has more advanced mapping from keysym to keycode.
|
||||
---
|
||||
unix/x0vncserver/XDesktop.cxx | 121 +++++++++++++++++++++++++++++++++-
|
||||
unix/x0vncserver/XDesktop.h | 4 ++
|
||||
2 files changed, 122 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
|
||||
index f2046e43e..933998f05 100644
|
||||
--- a/unix/x0vncserver/XDesktop.cxx
|
||||
+++ b/unix/x0vncserver/XDesktop.cxx
|
||||
@@ -31,6 +31,7 @@
|
||||
#include <x0vncserver/XDesktop.h>
|
||||
|
||||
#include <X11/XKBlib.h>
|
||||
+#include <X11/Xutil.h>
|
||||
#ifdef HAVE_XTEST
|
||||
#include <X11/extensions/XTest.h>
|
||||
#endif
|
||||
@@ -50,6 +51,7 @@ void vncSetGlueContext(Display *dpy, void *res);
|
||||
#include <x0vncserver/Geometry.h>
|
||||
#include <x0vncserver/XPixelBuffer.h>
|
||||
|
||||
+using namespace std;
|
||||
using namespace rfb;
|
||||
|
||||
extern const unsigned short code_map_qnum_to_xorgevdev[];
|
||||
@@ -264,6 +266,9 @@ void XDesktop::start(VNCServer* vs) {
|
||||
void XDesktop::stop() {
|
||||
running = false;
|
||||
|
||||
+ // Delete added keycodes
|
||||
+ deleteAddedKeysyms(dpy);
|
||||
+
|
||||
#ifdef HAVE_XDAMAGE
|
||||
if (haveDamage)
|
||||
XDamageDestroy(dpy, damage);
|
||||
@@ -383,6 +388,118 @@ KeyCode XDesktop::XkbKeysymToKeycode(Display* dpy, KeySym keysym) {
|
||||
}
|
||||
#endif
|
||||
|
||||
+KeyCode XDesktop::addKeysym(Display* dpy, KeySym keysym)
|
||||
+{
|
||||
+ int types[1];
|
||||
+ unsigned int key;
|
||||
+ XkbDescPtr xkb;
|
||||
+ XkbMapChangesRec changes;
|
||||
+ KeySym *syms;
|
||||
+ KeySym upper, lower;
|
||||
+
|
||||
+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
|
||||
+
|
||||
+ if (!xkb)
|
||||
+ return 0;
|
||||
+
|
||||
+ for (key = xkb->max_key_code; key >= xkb->min_key_code; key--) {
|
||||
+ if (XkbKeyNumGroups(xkb, key) == 0)
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (key < xkb->min_key_code)
|
||||
+ return 0;
|
||||
+
|
||||
+ memset(&changes, 0, sizeof(changes));
|
||||
+
|
||||
+ XConvertCase(keysym, &lower, &upper);
|
||||
+
|
||||
+ if (upper == lower)
|
||||
+ types[XkbGroup1Index] = XkbOneLevelIndex;
|
||||
+ else
|
||||
+ types[XkbGroup1Index] = XkbAlphabeticIndex;
|
||||
+
|
||||
+ XkbChangeTypesOfKey(xkb, key, 1, XkbGroup1Mask, types, &changes);
|
||||
+
|
||||
+ syms = XkbKeySymsPtr(xkb,key);
|
||||
+ if (upper == lower)
|
||||
+ syms[0] = keysym;
|
||||
+ else {
|
||||
+ syms[0] = lower;
|
||||
+ syms[1] = upper;
|
||||
+ }
|
||||
+
|
||||
+ changes.changed |= XkbKeySymsMask;
|
||||
+ changes.first_key_sym = key;
|
||||
+ changes.num_key_syms = 1;
|
||||
+
|
||||
+ if (XkbChangeMap(dpy, xkb, &changes)) {
|
||||
+ vlog.info("Added unknown keysym %s to keycode %d", XKeysymToString(keysym), key);
|
||||
+ addedKeysyms[keysym] = key;
|
||||
+ return key;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void XDesktop::deleteAddedKeysyms(Display* dpy) {
|
||||
+ XkbDescPtr xkb;
|
||||
+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
|
||||
+
|
||||
+ if (!xkb)
|
||||
+ return;
|
||||
+
|
||||
+ XkbMapChangesRec changes;
|
||||
+ memset(&changes, 0, sizeof(changes));
|
||||
+
|
||||
+ KeyCode lowestKeyCode = xkb->max_key_code;
|
||||
+ KeyCode highestKeyCode = xkb->min_key_code;
|
||||
+ std::map<KeySym, KeyCode>::iterator it;
|
||||
+ for (it = addedKeysyms.begin(); it != addedKeysyms.end(); it++) {
|
||||
+ if (XkbKeyNumGroups(xkb, it->second) != 0) {
|
||||
+ // Check if we are removing keysym we added ourself
|
||||
+ if (XkbKeysymToKeycode(dpy, it->first) != it->second)
|
||||
+ continue;
|
||||
+
|
||||
+ XkbChangeTypesOfKey(xkb, it->second, 0, XkbGroup1Mask, NULL, &changes);
|
||||
+
|
||||
+ if (it->second < lowestKeyCode)
|
||||
+ lowestKeyCode = it->second;
|
||||
+
|
||||
+ if (it->second > highestKeyCode)
|
||||
+ highestKeyCode = it->second;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ changes.changed |= XkbKeySymsMask;
|
||||
+ changes.first_key_sym = lowestKeyCode;
|
||||
+ changes.num_key_syms = highestKeyCode - lowestKeyCode + 1;
|
||||
+ XkbChangeMap(dpy, xkb, &changes);
|
||||
+
|
||||
+ addedKeysyms.clear();
|
||||
+}
|
||||
+
|
||||
+KeyCode XDesktop::keysymToKeycode(Display* dpy, KeySym keysym) {
|
||||
+ int keycode = 0;
|
||||
+
|
||||
+ // XKeysymToKeycode() doesn't respect state, so we have to use
|
||||
+ // something slightly more complex
|
||||
+ keycode = XkbKeysymToKeycode(dpy, keysym);
|
||||
+
|
||||
+ if (keycode != 0)
|
||||
+ return keycode;
|
||||
+
|
||||
+ // TODO: try to further guess keycode with all possible mods as Xvnc does
|
||||
+
|
||||
+ keycode = addKeysym(dpy, keysym);
|
||||
+
|
||||
+ if (keycode == 0)
|
||||
+ vlog.error("Failure adding new keysym 0x%lx", keysym);
|
||||
+
|
||||
+ return keycode;
|
||||
+}
|
||||
+
|
||||
+
|
||||
void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
|
||||
#ifdef HAVE_XTEST
|
||||
int keycode = 0;
|
||||
@@ -398,9 +515,7 @@ void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
|
||||
if (pressedKeys.find(keysym) != pressedKeys.end())
|
||||
keycode = pressedKeys[keysym];
|
||||
else {
|
||||
- // XKeysymToKeycode() doesn't respect state, so we have to use
|
||||
- // something slightly more complex
|
||||
- keycode = XkbKeysymToKeycode(dpy, keysym);
|
||||
+ keycode = keysymToKeycode(dpy, keysym);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.h b/unix/x0vncserver/XDesktop.h
|
||||
index 840d43316..6ebcd9f8a 100644
|
||||
--- a/unix/x0vncserver/XDesktop.h
|
||||
+++ b/unix/x0vncserver/XDesktop.h
|
||||
@@ -55,6 +55,9 @@ class XDesktop : public rfb::SDesktop,
|
||||
const char* userName);
|
||||
virtual void pointerEvent(const rfb::Point& pos, int buttonMask);
|
||||
KeyCode XkbKeysymToKeycode(Display* dpy, KeySym keysym);
|
||||
+ KeyCode addKeysym(Display* dpy, KeySym keysym);
|
||||
+ void deleteAddedKeysyms(Display* dpy);
|
||||
+ KeyCode keysymToKeycode(Display* dpy, KeySym keysym);
|
||||
virtual void keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down);
|
||||
virtual void clientCutText(const char* str);
|
||||
virtual unsigned int setScreenLayout(int fb_width, int fb_height,
|
||||
@@ -78,6 +81,7 @@ class XDesktop : public rfb::SDesktop,
|
||||
bool haveXtest;
|
||||
bool haveDamage;
|
||||
int maxButtons;
|
||||
+ std::map<KeySym, KeyCode> addedKeysyms;
|
||||
std::map<KeySym, KeyCode> pressedKeys;
|
||||
bool running;
|
||||
#ifdef HAVE_XDAMAGE
|
@ -0,0 +1,13 @@
|
||||
diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
|
||||
index b3d0926d..d36a096f 100644
|
||||
--- a/unix/xserver/hw/vnc/vncInput.c
|
||||
+++ b/unix/xserver/hw/vnc/vncInput.c
|
||||
@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
|
||||
|
||||
void vncGetPointerPos(int *x, int *y)
|
||||
{
|
||||
- if (vncPointerDev != NULL) {
|
||||
+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
|
||||
ScreenPtr ptrScreen;
|
||||
|
||||
miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);
|
51
SOURCES/tigervnc-dont-install-appstream-metadata-file.patch
Normal file
51
SOURCES/tigervnc-dont-install-appstream-metadata-file.patch
Normal file
@ -0,0 +1,51 @@
|
||||
diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt
|
||||
index 052cfb3..c84fb0e 100644
|
||||
--- a/po/CMakeLists.txt
|
||||
+++ b/po/CMakeLists.txt
|
||||
@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
|
||||
${PROJECT_SOURCE_DIR}/vncviewer/*.h
|
||||
${PROJECT_SOURCE_DIR}/vncviewer/*.cxx
|
||||
${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in
|
||||
- ${PROJECT_SOURCE_DIR}/vncviewer/*.metainfo.xml.in
|
||||
)
|
||||
|
||||
add_custom_target(translations_update
|
||||
diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt
|
||||
index 15eac66..450b732 100644
|
||||
--- a/vncviewer/CMakeLists.txt
|
||||
+++ b/vncviewer/CMakeLists.txt
|
||||
@@ -100,34 +100,6 @@ if(UNIX)
|
||||
add_custom_target(desktop ALL DEPENDS vncviewer.desktop)
|
||||
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications)
|
||||
|
||||
- if("${GETTEXT_VERSION_STRING}" VERSION_GREATER 0.19.6)
|
||||
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
|
||||
- COMMAND ${GETTEXT_MSGFMT_EXECUTABLE}
|
||||
- --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
|
||||
- -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml
|
||||
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
|
||||
- )
|
||||
- elseif(INTLTOOL_MERGE_EXECUTABLE)
|
||||
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
|
||||
- COMMAND sed -e 's@<name>@<_name>@\;s@</name>@</_name>@'
|
||||
- -e 's@<summary>@<_summary>@\;s@</summary>@</_summary>@'
|
||||
- -e 's@<caption>@<_caption>@\;s@</caption>@</_caption>@'
|
||||
- -e 's@<p>@<_p>@g\;s@</p>@</_p>@g'
|
||||
- ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in > org.tigervnc.vncviewer.metainfo.xml.intl
|
||||
- COMMAND ${INTLTOOL_MERGE_EXECUTABLE}
|
||||
- -x ${CMAKE_SOURCE_DIR}/po
|
||||
- org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml
|
||||
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
|
||||
- )
|
||||
- else()
|
||||
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
|
||||
- COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in org.tigervnc.vncviewer.metainfo.xml
|
||||
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
|
||||
- )
|
||||
- endif()
|
||||
- add_custom_target(appstream ALL DEPENDS org.tigervnc.vncviewer.metainfo.xml)
|
||||
- install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tigervnc.vncviewer.metainfo.xml DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/metainfo)
|
||||
-
|
||||
foreach(res 16 22 24 32 48 64 128)
|
||||
install(FILES ../media/icons/tigervnc_${res}.png DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/icons/hicolor/${res}x${res}/apps RENAME tigervnc.png)
|
||||
endforeach()
|
@ -1,117 +0,0 @@
|
||||
From f783d5c8b567199178b6690f347e060a69d2aa36 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Thu, 11 Aug 2022 13:15:29 +0200
|
||||
Subject: [PATCH] x0vncserver: update/display cursor only on correct screen in
|
||||
zaphod mode
|
||||
|
||||
We have to check whether we update cursor position/shape only in case
|
||||
the cursor is on our display, otherwise in zaphod mode, ie. when having
|
||||
two instances of x0vncserver on screens :0.0 and :0.1 we would be having
|
||||
the cursor duplicated and actually not funcional (aka ghost cursor) as
|
||||
it would be actually not present. We also additionally watch EnterNotify
|
||||
and LeaveNotify events in order to show/hide cursor accordingly.
|
||||
|
||||
Change made with help from Olivier Fourdan <ofourdan@redhat.com>
|
||||
---
|
||||
unix/x0vncserver/XDesktop.cxx | 60 +++++++++++++++++++++++++++++++----
|
||||
1 file changed, 53 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
|
||||
index f2046e43e..f07fd78bf 100644
|
||||
--- a/unix/x0vncserver/XDesktop.cxx
|
||||
+++ b/unix/x0vncserver/XDesktop.cxx
|
||||
@@ -192,7 +192,8 @@ XDesktop::XDesktop(Display* dpy_, Geometry *geometry_)
|
||||
RRScreenChangeNotifyMask | RRCrtcChangeNotifyMask);
|
||||
/* Override TXWindow::init input mask */
|
||||
XSelectInput(dpy, DefaultRootWindow(dpy),
|
||||
- PropertyChangeMask | StructureNotifyMask | ExposureMask);
|
||||
+ PropertyChangeMask | StructureNotifyMask |
|
||||
+ ExposureMask | EnterWindowMask | LeaveWindowMask);
|
||||
} else {
|
||||
#endif
|
||||
vlog.info("RANDR extension not present");
|
||||
@@ -217,11 +218,13 @@ void XDesktop::poll() {
|
||||
Window root, child;
|
||||
int x, y, wx, wy;
|
||||
unsigned int mask;
|
||||
- XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
- &x, &y, &wx, &wy, &mask);
|
||||
- x -= geometry->offsetLeft();
|
||||
- y -= geometry->offsetTop();
|
||||
- server->setCursorPos(rfb::Point(x, y), false);
|
||||
+
|
||||
+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
+ &x, &y, &wx, &wy, &mask)) {
|
||||
+ x -= geometry->offsetLeft();
|
||||
+ y -= geometry->offsetTop();
|
||||
+ server->setCursorPos(rfb::Point(x, y), false);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -253,7 +256,14 @@ void XDesktop::start(VNCServer* vs) {
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_XFIXES
|
||||
- setCursor();
|
||||
+ Window root, child;
|
||||
+ int x, y, wx, wy;
|
||||
+ unsigned int mask;
|
||||
+ // Check whether the cursor is initially on our screen
|
||||
+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
+ &x, &y, &wx, &wy, &mask))
|
||||
+ setCursor();
|
||||
+
|
||||
#endif
|
||||
|
||||
server->setLEDState(ledState);
|
||||
@@ -701,6 +711,15 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
|
||||
if (cev->subtype != XFixesDisplayCursorNotify)
|
||||
return false;
|
||||
|
||||
+ Window root, child;
|
||||
+ int x, y, wx, wy;
|
||||
+ unsigned int mask;
|
||||
+
|
||||
+ // Check whether the cursor is initially on our screen
|
||||
+ if (!XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
+ &x, &y, &wx, &wy, &mask))
|
||||
+ return false;
|
||||
+
|
||||
return setCursor();
|
||||
#endif
|
||||
#ifdef HAVE_XRANDR
|
||||
@@ -753,6 +772,33 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
|
||||
|
||||
return true;
|
||||
#endif
|
||||
+#ifdef HAVE_XFIXES
|
||||
+ } else if (ev->type == EnterNotify) {
|
||||
+ XCrossingEvent* cev;
|
||||
+
|
||||
+ if (!running)
|
||||
+ return true;
|
||||
+
|
||||
+ cev = (XCrossingEvent*)ev;
|
||||
+
|
||||
+ if (cev->window != cev->root)
|
||||
+ return false;
|
||||
+
|
||||
+ return setCursor();
|
||||
+ } else if (ev->type == LeaveNotify) {
|
||||
+ XCrossingEvent* cev;
|
||||
+
|
||||
+ if (!running)
|
||||
+ return true;
|
||||
+
|
||||
+ cev = (XCrossingEvent*)ev;
|
||||
+
|
||||
+ if (cev->window == cev->root)
|
||||
+ return false;
|
||||
+
|
||||
+ server->setCursor(0, 0, Point(), NULL);
|
||||
+ return true;
|
||||
+#endif
|
||||
}
|
||||
|
||||
return false;
|
@ -1,34 +0,0 @@
|
||||
From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001
|
||||
From: Pierre Ossman <ossman@cendio.se>
|
||||
Date: Thu, 23 Dec 2021 15:58:00 +0100
|
||||
Subject: [PATCH] Fix typo in mirror monitor detection
|
||||
|
||||
Bug introduced in fb561eb but still somehow passed manual testing.
|
||||
Resulted in some stray reads off the end of the stack, which were
|
||||
hopefully harmless.
|
||||
---
|
||||
vncviewer/MonitorIndicesParameter.cxx | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx
|
||||
index 5130831cb..4ac74dd1a 100644
|
||||
--- a/vncviewer/MonitorIndicesParameter.cxx
|
||||
+++ b/vncviewer/MonitorIndicesParameter.cxx
|
||||
@@ -211,13 +211,13 @@ std::vector<MonitorIndicesParameter::Monitor> MonitorIndicesParameter::fetchMoni
|
||||
// Only keep a single entry for mirrored screens
|
||||
match = false;
|
||||
for (int j = 0; j < ((int) monitors.size()); j++) {
|
||||
- if (monitors[i].x != monitor.x)
|
||||
+ if (monitors[j].x != monitor.x)
|
||||
continue;
|
||||
- if (monitors[i].y != monitor.y)
|
||||
+ if (monitors[j].y != monitor.y)
|
||||
continue;
|
||||
- if (monitors[i].w != monitor.w)
|
||||
+ if (monitors[j].w != monitor.w)
|
||||
continue;
|
||||
- if (monitors[i].h != monitor.h)
|
||||
+ if (monitors[j].h != monitor.h)
|
||||
continue;
|
||||
|
||||
match = true;
|
@ -1,25 +0,0 @@
|
||||
From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Pytela <zpytela@redhat.com>
|
||||
Date: Mon, 7 Feb 2022 10:45:41 +0100
|
||||
Subject: [PATCH] SELinux: use /root/.vnc in file context specification
|
||||
|
||||
Instead of HOME_ROOT/.vnc, /root/.vnc should be used
|
||||
for user root's home to specify default file context
|
||||
as HOME_ROOT actually means base for home dirs (usually /home).
|
||||
---
|
||||
unix/vncserver/selinux/vncsession.fc | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
|
||||
index 6aaf4b1f4..bc81f8f25 100644
|
||||
--- a/unix/vncserver/selinux/vncsession.fc
|
||||
+++ b/unix/vncserver/selinux/vncsession.fc
|
||||
@@ -18,7 +18,7 @@
|
||||
#
|
||||
|
||||
HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||
-HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||
+/root/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||
|
||||
/usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
||||
/usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
@ -1,28 +0,0 @@
|
||||
From 774c6bcf33b5c9b94c1ff12895775e77c555decc Mon Sep 17 00:00:00 2001
|
||||
From: Pierre Ossman <ossman@cendio.se>
|
||||
Date: Thu, 9 Feb 2023 11:30:37 +0100
|
||||
Subject: [PATCH] Sanity check when cleaning up keymap changes
|
||||
|
||||
Make sure we don't send a bogus request to the X server in the (common)
|
||||
case that we don't actually have anything to restore.
|
||||
|
||||
(cherry picked from commit 1e3484f2017f038dd5149cd50741feaf39a680e4)
|
||||
---
|
||||
unix/x0vncserver/XDesktop.cxx | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
|
||||
index d5c6b2db9..f9c810968 100644
|
||||
--- a/unix/x0vncserver/XDesktop.cxx
|
||||
+++ b/unix/x0vncserver/XDesktop.cxx
|
||||
@@ -481,6 +481,10 @@ void XDesktop::deleteAddedKeysyms(Display* dpy) {
|
||||
}
|
||||
}
|
||||
|
||||
+ // Did we actually find something to remove?
|
||||
+ if (highestKeyCode < lowestKeyCode)
|
||||
+ return;
|
||||
+
|
||||
changes.changed |= XkbKeySymsMask;
|
||||
changes.first_key_sym = lowestKeyCode;
|
||||
changes.num_key_syms = highestKeyCode - lowestKeyCode + 1;
|
@ -1,31 +0,0 @@
|
||||
From 717d787de8f913070446444e37d552b51f05515e Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Pytela <zpytela@redhat.com>
|
||||
Date: Mon, 16 Jan 2023 12:35:40 +0100
|
||||
Subject: [PATCH] SELinux: Allow vncsession create ~/.vnc directory
|
||||
|
||||
Addresses the following AVC denial:
|
||||
|
||||
type=PROCTITLE msg=audit(01/12/2023 02:58:12.648:696) : proctitle=/usr/sbin/vncsession fedora :1
|
||||
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=1 name=/home/fedora/.vnc nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
|
||||
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=0 name=/home/fedora/ inode=262145 dev=fc:02 mode=dir,700 ouid=fedora ogid=fedora rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
|
||||
type=CWD msg=audit(01/12/2023 02:58:12.648:696) : cwd=/home/fedora
|
||||
type=SYSCALL msg=audit(01/12/2023 02:58:12.648:696) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x7fff47d52540 a1=0755 a2=0x0 a3=0x0 items=2 ppid=2869 pid=2880 auid=fedora uid=fedora gid=fedora euid=fedora suid=fedora fsuid=fedora egid=fedora sgid=fedora fsgid=fedora tty=(none) ses=8 comm=vncsession exe=/usr/sbin/vncsession subj=system_u:system_r:vnc_session_t:s0 key=(null)
|
||||
type=AVC msg=audit(01/12/2023 02:58:12.648:696) : avc: denied { create } for pid=2880 comm=vncsession name=.vnc scontext=system_u:system_r:vnc_session_t:s0 tcontext=system_u:object_r:vnc_home_t:s0 tclass=dir permissive=0
|
||||
|
||||
Resolves: rhbz#2143704
|
||||
---
|
||||
unix/vncserver/selinux/vncsession.te | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
||||
index fb966c14b..680be8ea1 100644
|
||||
--- a/unix/vncserver/selinux/vncsession.te
|
||||
+++ b/unix/vncserver/selinux/vncsession.te
|
||||
@@ -37,6 +37,7 @@ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
|
||||
allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
|
||||
files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
|
||||
|
||||
+create_dirs_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
manage_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
manage_fifo_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
manage_sock_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
@ -1,81 +0,0 @@
|
||||
From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Thu, 11 Nov 2021 13:52:41 +0100
|
||||
Subject: [PATCH] SELinux: restore SELinux context in case of different
|
||||
policies
|
||||
|
||||
---
|
||||
CMakeLists.txt | 13 +++++++++++++
|
||||
unix/vncserver/CMakeLists.txt | 2 +-
|
||||
unix/vncserver/vncsession.c | 16 ++++++++++++++++
|
||||
3 files changed, 30 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 50247c7da..1708eb3d8 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
+# Check for SELinux library
|
||||
+if(UNIX AND NOT APPLE)
|
||||
+ check_include_files(selinux/selinux.h HAVE_SELINUX_H)
|
||||
+ if(HAVE_SELINUX_H)
|
||||
+ set(CMAKE_REQUIRED_LIBRARIES -lselinux)
|
||||
+ set(CMAKE_REQUIRED_LIBRARIES)
|
||||
+ set(SELINUX_LIBS selinux)
|
||||
+ add_definitions("-DHAVE_SELINUX")
|
||||
+ else()
|
||||
+ message(WARNING "Could not find SELinux development files")
|
||||
+ endif()
|
||||
+endif()
|
||||
+
|
||||
# Generate config.h and make sure the source finds it
|
||||
configure_file(config.h.in config.h)
|
||||
add_definitions(-DHAVE_CONFIG_H)
|
||||
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
|
||||
index f65ccc7db..ae69dc098 100644
|
||||
--- a/unix/vncserver/CMakeLists.txt
|
||||
+++ b/unix/vncserver/CMakeLists.txt
|
||||
@@ -1,5 +1,5 @@
|
||||
add_executable(vncsession vncsession.c)
|
||||
-target_link_libraries(vncsession ${PAM_LIBS})
|
||||
+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
|
||||
|
||||
configure_file(vncserver@.service.in vncserver@.service @ONLY)
|
||||
configure_file(vncsession-start.in vncsession-start @ONLY)
|
||||
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
|
||||
index 3573e5e9b..f6d2fd59e 100644
|
||||
--- a/unix/vncserver/vncsession.c
|
||||
+++ b/unix/vncserver/vncsession.c
|
||||
@@ -37,6 +37,11 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
+#ifdef HAVE_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/restorecon.h>
|
||||
+#endif
|
||||
+
|
||||
extern char **environ;
|
||||
|
||||
// PAM service name
|
||||
@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display)
|
||||
syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
|
||||
_exit(EX_OSERR);
|
||||
}
|
||||
+
|
||||
+#ifdef HAVE_SELINUX
|
||||
+ int result;
|
||||
+ if (selinux_file_context_verify(logfile, 0) == 0) {
|
||||
+ result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
|
||||
+
|
||||
+ if (result < 0) {
|
||||
+ syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
|
||||
hostlen = sysconf(_SC_HOST_NAME_MAX);
|
135
SOURCES/tigervnc-support-username-alias-in-plainusers.patch
Normal file
135
SOURCES/tigervnc-support-username-alias-in-plainusers.patch
Normal file
@ -0,0 +1,135 @@
|
||||
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
|
||||
index 6f65e87..3142ba3 100644
|
||||
--- a/common/rfb/SSecurityPlain.cxx
|
||||
+++ b/common/rfb/SSecurityPlain.cxx
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <rdr/InStream.h>
|
||||
#if !defined(WIN32) && !defined(__APPLE__)
|
||||
#include <rfb/UnixPasswordValidator.h>
|
||||
+#include <unistd.h>
|
||||
+#include <pwd.h>
|
||||
#endif
|
||||
#ifdef WIN32
|
||||
#include <rfb/WinPasswdValidator.h>
|
||||
@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
|
||||
|
||||
bool PasswordValidator::validUser(const char* username)
|
||||
{
|
||||
- CharArray users(plainUsers.getValueStr()), user;
|
||||
+ std::vector<std::string> users;
|
||||
|
||||
- while (users.buf) {
|
||||
- strSplit(users.buf, ',', &user.buf, &users.buf);
|
||||
-#ifdef WIN32
|
||||
- if (0 == stricmp(user.buf, "*"))
|
||||
- return true;
|
||||
- if (0 == stricmp(user.buf, username))
|
||||
- return true;
|
||||
-#else
|
||||
- if (!strcmp(user.buf, "*"))
|
||||
- return true;
|
||||
- if (!strcmp(user.buf, username))
|
||||
- return true;
|
||||
+ users = split(plainUsers, ',');
|
||||
+
|
||||
+ for (size_t i = 0; i < users.size(); i++) {
|
||||
+ if (users[i] == "*")
|
||||
+ return true;
|
||||
+#if !defined(WIN32) && !defined(__APPLE__)
|
||||
+ if (users[i] == "%u") {
|
||||
+ struct passwd *pw = getpwnam(username);
|
||||
+ if (pw && pw->pw_uid == getuid())
|
||||
+ return true;
|
||||
+ }
|
||||
#endif
|
||||
+ if (users[i] == username)
|
||||
+ return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
|
||||
index 649eb0b..cce73a0 100644
|
||||
--- a/common/rfb/util.cxx
|
||||
+++ b/common/rfb/util.cxx
|
||||
@@ -99,6 +99,26 @@ namespace rfb {
|
||||
return false;
|
||||
}
|
||||
|
||||
+ std::vector<std::string> split(const char* src,
|
||||
+ const char delimiter)
|
||||
+ {
|
||||
+ std::vector<std::string> out;
|
||||
+ const char *start, *stop;
|
||||
+
|
||||
+ start = src;
|
||||
+ do {
|
||||
+ stop = strchr(start, delimiter);
|
||||
+ if (stop == NULL) {
|
||||
+ out.push_back(start);
|
||||
+ } else {
|
||||
+ out.push_back(std::string(start, stop-start));
|
||||
+ start = stop + 1;
|
||||
+ }
|
||||
+ } while (stop != NULL);
|
||||
+
|
||||
+ return out;
|
||||
+ }
|
||||
+
|
||||
bool strContains(const char* src, char c) {
|
||||
int l=strlen(src);
|
||||
for (int i=0; i<l; i++)
|
||||
diff --git a/common/rfb/util.h b/common/rfb/util.h
|
||||
index f0ac9ef..ed15c28 100644
|
||||
--- a/common/rfb/util.h
|
||||
+++ b/common/rfb/util.h
|
||||
@@ -27,6 +27,9 @@
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
+#include <string>
|
||||
+#include <vector>
|
||||
+
|
||||
struct timeval;
|
||||
|
||||
#ifdef __GNUC__
|
||||
@@ -76,6 +79,10 @@ namespace rfb {
|
||||
// that part of the string. Obviously, setting both to 0 is not useful...
|
||||
bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
|
||||
|
||||
+ // Splits a string with the specified delimiter
|
||||
+ std::vector<std::string> split(const char* src,
|
||||
+ const char delimiter);
|
||||
+
|
||||
// Returns true if src contains c
|
||||
bool strContains(const char* src, char c);
|
||||
|
||||
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
|
||||
index c36ae34..78db730 100644
|
||||
--- a/unix/x0vncserver/x0vncserver.man
|
||||
+++ b/unix/x0vncserver/x0vncserver.man
|
||||
@@ -125,8 +125,8 @@ parameter instead.
|
||||
.B \-PlainUsers \fIuser-list\fP
|
||||
A comma separated list of user names that are allowed to authenticate via
|
||||
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
|
||||
-to allow any user to authenticate using this security type. Default is to
|
||||
-deny all users.
|
||||
+to allow any user to authenticate using this security type. Specify \fB%u\fP
|
||||
+to allow the user of the server process. Default is to deny all users.
|
||||
.
|
||||
.TP
|
||||
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
|
||||
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
|
||||
index ea87dea..e9fb654 100644
|
||||
--- a/unix/xserver/hw/vnc/Xvnc.man
|
||||
+++ b/unix/xserver/hw/vnc/Xvnc.man
|
||||
@@ -200,8 +200,8 @@ parameter instead.
|
||||
.B \-PlainUsers \fIuser-list\fP
|
||||
A comma separated list of user names that are allowed to authenticate via
|
||||
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
|
||||
-to allow any user to authenticate using this security type. Default is to
|
||||
-deny all users.
|
||||
+to allow any user to authenticate using this security type. Specify \fB%u\fP
|
||||
+to allow the user of the server process. Default is to deny all users.
|
||||
.
|
||||
.TP
|
||||
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
|
17
SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch
Normal file
17
SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
|
||||
index f8141959..c5c36539 100644
|
||||
--- a/unix/xserver/hw/vnc/xvnc.c
|
||||
+++ b/unix/xserver/hw/vnc/xvnc.c
|
||||
@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
|
||||
if (strcmp(argv[i], "-inetd") == 0) {
|
||||
int nullfd;
|
||||
|
||||
- dup2(0, 3);
|
||||
- vncInetdSock = 3;
|
||||
+ if ((vncInetdSock = dup(0)) == -1)
|
||||
+ FatalError
|
||||
+ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
|
||||
+
|
||||
|
||||
/* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
|
||||
replaced by /dev/null by OsInit() because the pollfd is not
|
@ -121,7 +121,7 @@ if ($fontPath eq "") {
|
||||
# Check command line options
|
||||
|
||||
&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
|
||||
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);
|
||||
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0);
|
||||
|
||||
&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});
|
||||
|
||||
@ -168,8 +168,13 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
|
||||
$displayNumber = $1;
|
||||
shift(@ARGV);
|
||||
if (!&CheckDisplayNumber($displayNumber)) {
|
||||
warn "A VNC server is already running as :$displayNumber\n";
|
||||
$displayNumber = &GetDisplayNumber();
|
||||
if ($opt{'-fallbacktofreeport'}) {
|
||||
warn "A VNC server is already running as :$displayNumber\n";
|
||||
$displayNumber = &GetDisplayNumber();
|
||||
warn "Using port :$displayNumber as fallback\n";
|
||||
} else {
|
||||
die "A VNC server is already running as :$displayNumber\n";
|
||||
}
|
||||
}
|
||||
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
|
||||
&Usage();
|
||||
@ -675,6 +680,7 @@ sub Usage
|
||||
" [-autokill]\n".
|
||||
" [-noxstartup]\n".
|
||||
" [-xstartup <file>]\n".
|
||||
" [-fallbacktofreeport]\n".
|
||||
" <Xvnc-options>...\n\n".
|
||||
" $prog -kill <X-display>\n\n".
|
||||
" $prog -list\n\n");
|
||||
|
72
SOURCES/xorg-CVE-2024-31083-followup.patch
Normal file
72
SOURCES/xorg-CVE-2024-31083-followup.patch
Normal file
@ -0,0 +1,72 @@
|
||||
From 337d8d48b618d4fc0168a7b978be4c3447650b04 Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Date: Fri, 5 Apr 2024 15:24:49 +0200
|
||||
Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs()
|
||||
|
||||
ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and
|
||||
then frees it using FreeGlyph() to decrease the reference count, after
|
||||
AddGlyph() has increased it.
|
||||
|
||||
AddGlyph() however may chose to reuse an existing glyph if it's already
|
||||
in the glyphSet, and free the glyph that was given, in which case the
|
||||
caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an
|
||||
already freed glyph, as reported by ASan:
|
||||
|
||||
READ of size 4 thread T0
|
||||
#0 in FreeGlyph xserver/render/glyph.c:252
|
||||
#1 in ProcRenderAddGlyphs xserver/render/render.c:1174
|
||||
#2 in Dispatch xserver/dix/dispatch.c:546
|
||||
#3 in dix_main xserver/dix/main.c:271
|
||||
#4 in main xserver/dix/stubmain.c:34
|
||||
#5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
||||
#6 in __libc_start_main_impl ../csu/libc-start.c:360
|
||||
#7 (/usr/bin/Xwayland+0x44fe4)
|
||||
Address is located 0 bytes inside of 64-byte region
|
||||
freed by thread T0 here:
|
||||
#0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52
|
||||
#1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538
|
||||
#2 in AddGlyph xserver/render/glyph.c:295
|
||||
#3 in ProcRenderAddGlyphs xserver/render/render.c:1173
|
||||
#4 in Dispatch xserver/dix/dispatch.c:546
|
||||
#5 in dix_main xserver/dix/main.c:271
|
||||
#6 in main xserver/dix/stubmain.c:34
|
||||
#7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
||||
previously allocated by thread T0 here:
|
||||
#0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69
|
||||
#1 in AllocateGlyph xserver/render/glyph.c:355
|
||||
#2 in ProcRenderAddGlyphs xserver/render/render.c:1085
|
||||
#3 in Dispatch xserver/dix/dispatch.c:546
|
||||
#4 in dix_main xserver/dix/main.c:271
|
||||
#5 in main xserver/dix/stubmain.c:34
|
||||
#6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
||||
SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph
|
||||
|
||||
To avoid that, make sure not to free the given glyph in AddGlyph().
|
||||
|
||||
v2: Simplify the test using the boolean returned from AddGlyph() (Michel)
|
||||
v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter)
|
||||
|
||||
Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs
|
||||
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
|
||||
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476>
|
||||
---
|
||||
render/glyph.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/render/glyph.c b/render/glyph.c
|
||||
index 13991f8a1..5fa7f3b5b 100644
|
||||
--- a/render/glyph.c
|
||||
+++ b/render/glyph.c
|
||||
@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id)
|
||||
gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature,
|
||||
TRUE, glyph->sha1);
|
||||
if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) {
|
||||
- FreeGlyphPicture(glyph);
|
||||
- dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH);
|
||||
glyph = gr->glyph;
|
||||
}
|
||||
else if (gr->glyph != glyph) {
|
||||
--
|
||||
2.44.0
|
||||
|
@ -1,42 +0,0 @@
|
||||
From 947bd1b3f4a23565bf10879ec41ba06ebe1e1c76 Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Date: Mon, 13 Mar 2023 11:08:47 +0100
|
||||
Subject: [PATCH xserver] composite: Fix use-after-free of the COW
|
||||
|
||||
ZDI-CAN-19866/CVE-2023-1393
|
||||
|
||||
If a client explicitly destroys the compositor overlay window (aka COW),
|
||||
we would leave a dangling pointer to that window in the CompScreen
|
||||
structure, which will trigger a use-after-free later.
|
||||
|
||||
Make sure to clear the CompScreen pointer to the COW when the latter gets
|
||||
destroyed explicitly by the client.
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
||||
---
|
||||
composite/compwindow.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/composite/compwindow.c b/composite/compwindow.c
|
||||
index 4e2494b86..b30da589e 100644
|
||||
--- a/composite/compwindow.c
|
||||
+++ b/composite/compwindow.c
|
||||
@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
|
||||
ret = (*pScreen->DestroyWindow) (pWin);
|
||||
cs->DestroyWindow = pScreen->DestroyWindow;
|
||||
pScreen->DestroyWindow = compDestroyWindow;
|
||||
+
|
||||
+ /* Did we just destroy the overlay window? */
|
||||
+ if (pWin == cs->pOverlayWin)
|
||||
+ cs->pOverlayWin = NULL;
|
||||
+
|
||||
/* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.40.0
|
||||
|
@ -4,8 +4,8 @@
|
||||
%global modulename vncsession
|
||||
|
||||
Name: tigervnc
|
||||
Version: 1.12.0
|
||||
Release: 15%{?dist}
|
||||
Version: 1.13.1
|
||||
Release: 10%{?dist}
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
%global _hardened_build 1
|
||||
@ -21,50 +21,73 @@ Source3: 10-libvnc.conf
|
||||
# Backwards compatibility
|
||||
Source5: vncserver
|
||||
|
||||
# Downstream patches
|
||||
Patch1: tigervnc-use-gnome-as-default-session.patch
|
||||
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
|
||||
Patch3: tigervnc-dont-install-appstream-metadata-file.patch
|
||||
|
||||
# Upstream patches
|
||||
Patch50: tigervnc-selinux-restore-context-in-case-of-different-policies.patch
|
||||
Patch51: tigervnc-fix-typo-in-mirror-monitor-detection.patch
|
||||
Patch52: tigervnc-root-user-selinux-context.patch
|
||||
Patch53: tigervnc-vncsession-restore-script-systemd-service.patch
|
||||
# https://github.com/TigerVNC/tigervnc/pull/1513
|
||||
Patch54: tigervnc-fix-ghost-cursor-in-zaphod-mode.patch
|
||||
# https://github.com/TigerVNC/tigervnc/pull/1510
|
||||
Patch55: tigervnc-add-new-keycodes-for-unknown-keysyms.patch
|
||||
Patch56: tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch
|
||||
Patch57: tigervnc-selinux-allow-vncsession-create-vnc-directory.patch
|
||||
Patch50: tigervnc-support-username-alias-in-plainusers.patch
|
||||
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
|
||||
|
||||
# Upstreamable patches
|
||||
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
|
||||
|
||||
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
|
||||
Patch100: tigervnc-xserver120.patch
|
||||
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
||||
Patch101: 0001-rpath-hack.patch
|
||||
|
||||
# CVE-2023-1393 tigervnc: xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
|
||||
Patch110: xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch
|
||||
# XServer patches
|
||||
Patch200: xorg-CVE-2024-31083-followup.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
|
||||
BuildRequires: libXext-devel, xorg-x11-server-source, libXi-devel
|
||||
BuildRequires: xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel
|
||||
BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel
|
||||
BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
|
||||
BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
|
||||
BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
|
||||
BuildRequires: libdrm-devel, libXt-devel, pixman-devel
|
||||
BuildRequires: systemd, cmake, desktop-file-utils
|
||||
BuildRequires: libselinux-devel, selinux-policy-devel
|
||||
BuildRequires: libXfixes-devel, libXdamage-devel, libXrandr-devel
|
||||
%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
|
||||
BuildRequires: libXfont2-devel
|
||||
%else
|
||||
BuildRequires: libXfont-devel
|
||||
%endif
|
||||
BuildRequires: gettext
|
||||
BuildRequires: cmake
|
||||
|
||||
BuildRequires: gnutls-devel
|
||||
BuildRequires: desktop-file-utils
|
||||
BuildRequires: libappstream-glib
|
||||
BuildRequires: libjpeg-turbo-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: zlib-devel
|
||||
|
||||
# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support
|
||||
# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814
|
||||
BuildRequires: fltk-devel >= 1.3.3
|
||||
BuildRequires: libX11-devel
|
||||
BuildRequires: libXext-devel
|
||||
BuildRequires: libXi-devel
|
||||
BuildRequires: libXrandr-devel
|
||||
BuildRequires: libXrender-devel
|
||||
BuildRequires: pixman-devel
|
||||
|
||||
# X11/graphics dependencies
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: gettext-autopoint
|
||||
BuildRequires: libXdamage-devel
|
||||
BuildRequires: libXdmcp-devel
|
||||
BuildRequires: libXfixes-devel
|
||||
BuildRequires: libXfont2-devel
|
||||
BuildRequires: libXinerama-devel
|
||||
BuildRequires: libXt-devel
|
||||
BuildRequires: libXtst-devel
|
||||
BuildRequires: libdrm-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libxkbfile-devel
|
||||
BuildRequires: libxshmfence-devel
|
||||
BuildRequires: mesa-libGL-devel
|
||||
BuildRequires: xorg-x11-font-utils
|
||||
BuildRequires: xorg-x11-server-devel
|
||||
BuildRequires: xorg-x11-server-source
|
||||
BuildRequires: xorg-x11-util-macros
|
||||
BuildRequires: xorg-x11-xtrans-devel
|
||||
|
||||
# SELinux
|
||||
BuildRequires: libselinux-devel, selinux-policy-devel, systemd
|
||||
|
||||
Requires(post): coreutils
|
||||
Requires(postun):coreutils
|
||||
@ -164,20 +187,19 @@ for all in `find . -type f -perm -001`; do
|
||||
done
|
||||
%patch100 -p1 -b .xserver120-rebased
|
||||
%patch101 -p1 -b .rpath
|
||||
%patch110 -p1 -b .composite-Fix-use-after-free-of-the-COW
|
||||
%patch200 -p1 -b .xorg-CVE-2024-31083-followup
|
||||
popd
|
||||
|
||||
%patch1 -p1 -b .use-gnome-as-default-session
|
||||
%patch2 -p1 -b .vncsession-restore-script-systemd-service
|
||||
%patch3 -p1 -b .dont-install-appstream-metadata-file.patch
|
||||
|
||||
# Upstream patches
|
||||
%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies
|
||||
%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection
|
||||
%patch52 -p1 -b .root-user-selinux-context
|
||||
%patch53 -p1 -b .vncsession-restore-script-systemd-service
|
||||
%patch54 -p1 -b .fix-ghost-cursor-in-zaphod-mode
|
||||
%patch55 -p1 -b .add-new-keycodes-for-unknown-keysyms
|
||||
%patch56 -p1 -b .sanity-check-when-cleaning-up-keymap-changes
|
||||
%patch57 -p1 -b .selinux-allow-vncsession-create-vnc-directory
|
||||
%patch50 -p1 -b .support-username-alias-in-plainusers
|
||||
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
|
||||
|
||||
# Upstreamable patches
|
||||
%patch80 -p1 -b .dont-get-pointer-position-for-floating-device
|
||||
|
||||
%build
|
||||
%ifarch sparcv9 sparc64 s390 s390x
|
||||
@ -243,7 +265,7 @@ install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
|
||||
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
|
||||
|
||||
pushd media/icons
|
||||
for s in 16 24 48; do
|
||||
for s in 16 22 24 32 48 64 128; do
|
||||
install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png
|
||||
done
|
||||
popd
|
||||
@ -329,36 +351,68 @@ fi
|
||||
|
||||
%files selinux
|
||||
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
|
||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
|
||||
%changelog
|
||||
*Mon Mar 27 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-15
|
||||
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
|
||||
Resolves: bz#2180305
|
||||
* Mon Apr 15 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
|
||||
- Drop patches that are already part of xorg-x11-server
|
||||
Resolves: RHEL-30755
|
||||
Resolves: RHEL-30767
|
||||
Resolves: RHEL-30761
|
||||
|
||||
* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-14
|
||||
- SELinux: allow vncsession create .vnc directory
|
||||
Resolves: bz#2164704
|
||||
* Thu Apr 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9
|
||||
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
|
||||
Resolves: RHEL-30755
|
||||
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
|
||||
Resolves: RHEL-30767
|
||||
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
|
||||
Resolves: RHEL-30761
|
||||
|
||||
* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-13
|
||||
- Add sanity check when cleaning up keymap changes
|
||||
Resolves: bz#2169960
|
||||
* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
|
||||
- Fix copy/paste error in the DeviceStateNotify
|
||||
Resolves: RHEL-20530
|
||||
|
||||
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
|
||||
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
|
||||
Resolves: bz#2167058
|
||||
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
|
||||
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
|
||||
Resolves: RHEL-20388
|
||||
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
|
||||
Resolves: RHEL-20382
|
||||
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
|
||||
Resolves: RHEL-20530
|
||||
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
|
||||
Resolves: RHEL-21214
|
||||
|
||||
* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-11
|
||||
- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
|
||||
* Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
|
||||
- Use dup() to get available file descriptor when using -inetd option
|
||||
Resolves: RHEL-21000
|
||||
|
||||
* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
|
||||
- Rebuild for xorg-x11-server CVEs
|
||||
Resolves: CVE-2022-4283 (bz#2154233)
|
||||
Resolves: CVE-2022-46340 (bz#2154220)
|
||||
Resolves: CVE-2022-46341 (bz#2154223)
|
||||
Resolves: CVE-2022-46342 (bz#2154225)
|
||||
Resolves: CVE-2022-46343 (bz#2154227)
|
||||
Resolves: CVE-2022-46344 (bz#2154229)
|
||||
* Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
|
||||
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
|
||||
Resolves: RHEL-18410
|
||||
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
|
||||
Resolves: RHEL-18422
|
||||
|
||||
* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
|
||||
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
|
||||
Resolves: RHEL-15236
|
||||
|
||||
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
|
||||
Resolves: RHEL-15230
|
||||
|
||||
* Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
|
||||
- Support username alias in PlainUsers
|
||||
Resolves: RHEL-4258
|
||||
|
||||
* Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
|
||||
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
|
||||
Escalation Vulnerability
|
||||
Resolves: bz#2180306
|
||||
|
||||
* Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
|
||||
- 1.13.1
|
||||
Resolves: bz#2175748
|
||||
- Restore "--fallbacktofreeport" option in the vncserver script
|
||||
Resolves: bz#2174398
|
||||
|
||||
* Thu Dec 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
|
||||
- Bump build version to fix upgrade path
|
||||
|
Loading…
Reference in New Issue
Block a user