rpms/tigervnc
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Include RHEL8 patches

Browse Source
This commit is contained in:
Jan Grulich 2021-03-08 13:57:49 +01:00
parent 38c35b2dcd
commit ee4aa1d959
10 changed files with 524 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
0001-rpath-hack.patch Normal file
View File

@ -0,0 +1,24 @@
From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Thu, 12 Nov 2015 11:10:11 -0500
Subject: [PATCH] rpath hack
Normally, rpath is undesirable. But for the X server we _know_ we need
Mesa's libGL, which will always be in %{_libdir}, and not any third-party
libGL that may be configured using ld.so.conf.
---
configure.ac | 1 +
1 files changed, 1 insertions(+), 0 deletion(-)
diff --git a/configure.ac b/configure.ac
index fa15a2d..a5af1e0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1261,6 +1261,7 @@ AM_CONDITIONAL(GLX, test "x$GLX" = xyes)
AM_CONDITIONAL(HASHTABLE, test "x$HASHTABLE" = xyes)
+GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)"
AC_SUBST([GLX_DEFINES])
AC_SUBST([GLX_SYS_LIBS])

74
tigervnc-1.3.1-CVE-2014-8240.patch Normal file
View File

@ -0,0 +1,74 @@
diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx
index f998c6a..fb9dbd4 100644
--- a/unix/x0vncserver/Image.cxx
+++ b/unix/x0vncserver/Image.cxx
@@ -80,6 +80,14 @@ void Image::Init(int width, int height)
xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
+ if (xim->bytes_per_line <= 0 ||
+ xim->height <= 0 ||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
+ vlog.error("Invalid display size");
+ XDestroyImage(xim);
+ exit(1);
+ }
+
xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
if (xim->data == NULL) {
vlog.error("malloc() failed");
@@ -256,6 +264,17 @@ void ShmImage::Init(int width, int height, const XVisualInfo *vinfo)
return;
}
+ if (xim->bytes_per_line <= 0 ||
+ xim->height <= 0 ||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
+ vlog.error("Invalid display size");
+ XDestroyImage(xim);
+ xim = NULL;
+ delete shminfo;
+ shminfo = NULL;
+ return;
+ }
+
shminfo->shmid = shmget(IPC_PRIVATE,
xim->bytes_per_line * xim->height,
IPC_CREAT|0777);
diff --git a/vncviewer/PlatformPixelBuffer.cxx b/vncviewer/PlatformPixelBuffer.cxx
index a2b506d..9266d9f 100644
--- a/vncviewer/PlatformPixelBuffer.cxx
+++ b/vncviewer/PlatformPixelBuffer.cxx
@@ -49,6 +49,15 @@ PlatformPixelBuffer::PlatformPixelBuffer(int width, int height) :
if (!xim)
throw rdr::Exception("XCreateImage");
+ if (xim->bytes_per_line <= 0 ||
+ xim->height <= 0 ||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
+ if (xim)
+ XDestroyImage(xim);
+ xim = NULL;
+ throw rdr::Exception("Invalid display size");
+ }
+
xim->data = (char*)malloc(xim->bytes_per_line * xim->height);
if (!xim->data)
throw rdr::Exception("malloc");
@@ -152,6 +161,16 @@ bool PlatformPixelBuffer::setupShm()
if (!xim)
goto free_shminfo;
+ if (xim->bytes_per_line <= 0 ||
+ xim->height <= 0 ||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
+ XDestroyImage(xim);
+ xim = NULL;
+ delete shminfo;
+ shminfo = NULL;
+ throw rdr::Exception("Invalid display size");
+ }
+
shminfo->shmid = shmget(IPC_PRIVATE,
xim->bytes_per_line * xim->height,
IPC_CREAT|0600);

14
tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/unix/vncserver b/unix/vncserver
index a6c890f..687ef72 100755
--- a/unix/vncserver
+++ b/unix/vncserver
@@ -208,7 +208,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
$displayNumber = $1;
shift(@ARGV);
if (!&CheckDisplayNumber($displayNumber)) {
- die "A VNC server is already running as :$displayNumber\n";
+ warn "A VNC server is already running as :$displayNumber\n";
+ $displayNumber = &GetDisplayNumber();
}
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
&Usage();

13
tigervnc-correctly-start-vncsession-as-daemon.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
index 2b47f5f5..f78c096f 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -99,7 +99,7 @@ begin_daemon(void)
return -1;
}
- if (pid == 0)
+ if (pid != 0)
_exit(0);
/* Send all stdio to /dev/null */

312
tigervnc-covscan.patch Normal file
View File

@ -0,0 +1,312 @@
diff --git a/common/network/TcpSocket.cxx b/common/network/TcpSocket.cxx
index 51d77c76..9e277cbb 100644
--- a/common/network/TcpSocket.cxx
+++ b/common/network/TcpSocket.cxx
@@ -736,7 +736,7 @@ char* TcpFilter::patternToStr(const TcpFilter::Pattern& p) {
buffer + 1, sizeof (buffer) - 2, NULL, 0, NI_NUMERICHOST);
strcat(buffer, "]");
addr.buf = rfb::strDup(buffer);
- } else if (p.address.u.sa.sa_family == AF_UNSPEC)
+ } else
addr.buf = rfb::strDup("");
char action;
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index e1a31f78..d268202b 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -95,9 +95,9 @@ void CSecurityTLS::setDefaults()
delete [] homeDir;
if (!fileexists(caDefault.buf))
- X509CA.setDefaultStr(strdup(caDefault.buf));
+ X509CA.setDefaultStr(caDefault.buf);
if (!fileexists(crlDefault.buf))
- X509CRL.setDefaultStr(strdup(crlDefault.buf));
+ X509CRL.setDefaultStr(crlDefault.buf);
}
void CSecurityTLS::shutdown(bool needbye)
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index 6d48b65c..6f72432a 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -41,7 +41,7 @@ StringParameter PasswordValidator::plainUsers
bool PasswordValidator::validUser(const char* username)
{
- CharArray users(strDup(plainUsers.getValueStr())), user;
+ CharArray users(plainUsers.getValueStr()), user;
while (users.buf) {
strSplit(users.buf, ',', &user.buf, &users.buf);
diff --git a/unix/tx/TXWindow.cxx b/unix/tx/TXWindow.cxx
index a6819179..6129840e 100644
--- a/unix/tx/TXWindow.cxx
+++ b/unix/tx/TXWindow.cxx
@@ -24,6 +24,7 @@
#include <list>
#include <stdio.h>
#include <stdlib.h>
+#include <vector>
#include <rfb/util.h>
std::list<TXWindow*> windows;
@@ -132,20 +133,20 @@ TXGlobalEventHandler* TXWindow::setGlobalEventHandler(TXGlobalEventHandler* h)
void TXWindow::getColours(Display* dpy, XColor* cols, int nCols)
{
- bool* got = new bool[nCols];
+ std::vector<bool> got;
+
bool failed = false;
int i;
for (i = 0; i < nCols; i++) {
if (XAllocColor(dpy, cmap, &cols[i])) {
- got[i] = true;
+ got.push_back(true);
} else {
- got[i] = false;
+ got.push_back(false);
failed = true;
}
}
if (!failed) {
- delete [] got;
return;
}
@@ -168,12 +169,13 @@ void TXWindow::getColours(Display* dpy, XColor* cols, int nCols)
int cmapSize = DisplayCells(dpy,DefaultScreen(dpy));
XColor* cm = new XColor[cmapSize];
- bool* shared = new bool[cmapSize];
- bool* usedAsNearest = new bool[cmapSize];
+ std::vector<bool> shared;
+ std::vector<bool> usedAsNearest;
for (i = 0; i < cmapSize; i++) {
cm[i].pixel = i;
- shared[i] = usedAsNearest[i] = false;
+ shared.push_back(false);
+ usedAsNearest.push_back(false);
}
XQueryColors(dpy, cmap, cm, cmapSize);
diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
index 8bd4e48e..3055223e 100644
--- a/unix/vncpasswd/vncpasswd.cxx
+++ b/unix/vncpasswd/vncpasswd.cxx
@@ -134,7 +134,7 @@ int main(int argc, char** argv)
} else if (argv[i][0] == '-') {
usage();
} else if (!fname) {
- fname = argv[i];
+ fname = strDup(argv[i]);
} else {
usage();
}
@@ -165,24 +165,37 @@ int main(int argc, char** argv)
FILE* fp = fopen(fname,"w");
if (!fp) {
fprintf(stderr,"Couldn't open %s for writing\n",fname);
+ delete [] fname;
+ delete obfuscated;
+ delete obfuscatedReadOnly;
exit(1);
}
chmod(fname, S_IRUSR|S_IWUSR);
if (fwrite(obfuscated->buf, obfuscated->length, 1, fp) != 1) {
fprintf(stderr,"Writing to %s failed\n",fname);
+ delete [] fname;
+ delete obfuscated;
+ delete obfuscatedReadOnly;
exit(1);
}
+ delete obfuscated;
+
if (obfuscatedReadOnly) {
if (fwrite(obfuscatedReadOnly->buf, obfuscatedReadOnly->length, 1, fp) != 1) {
fprintf(stderr,"Writing to %s failed\n",fname);
+ delete [] fname;
+ delete obfuscatedReadOnly;
exit(1);
}
}
fclose(fp);
+ delete [] fname;
+ delete obfuscatedReadOnly;
+
return 0;
}
}
diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc
index d6f6b742..7ca71d94 100644
--- a/unix/xserver/hw/vnc/vncExtInit.cc
+++ b/unix/xserver/hw/vnc/vncExtInit.cc
@@ -184,7 +184,7 @@ void vncExtensionInit(void)
listeners.push_back(new network::TcpListener(vncInetdSock));
vlog.info("inetd wait");
}
- } else if (rfbunixpath.getValueStr()[0] != '\0') {
+ } else if (((const char*)rfbunixpath)[0] != '\0') {
char path[PATH_MAX];
int mode = (int)rfbunixmode;
@@ -192,7 +192,7 @@ void vncExtensionInit(void)
strncpy(path, rfbunixpath, sizeof(path));
else
snprintf(path, sizeof(path), "%s.%d",
- rfbunixpath.getValueStr(), scr);
+ (const char*)rfbunixpath, scr);
path[sizeof(path)-1] = '\0';
listeners.push_back(new network::UnixListener(path, mode));
diff --git a/unix/xserver/hw/vnc/vncSelection.c b/unix/xserver/hw/vnc/vncSelection.c
index 51dfd9c6..4f3538d4 100644
--- a/unix/xserver/hw/vnc/vncSelection.c
+++ b/unix/xserver/hw/vnc/vncSelection.c
@@ -105,7 +105,7 @@ void vncClientCutText(const char* str, int len)
LOG_ERROR("Could not set PRIMARY selection");
}
- vncOwnSelection(xaCLIPBOARD);
+ rc = vncOwnSelection(xaCLIPBOARD);
if (rc != Success)
LOG_ERROR("Could not set CLIPBOARD selection");
}
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
index 3b4d2f31..c845ebc4 100644
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@@ -766,10 +766,13 @@ vfbUninstallColormap(ColormapPtr pmap)
curpmap = (ColormapPtr) LookupIDByType(pmap->pScreen->defColormap,
RT_COLORMAP);
#else
- dixLookupResourceByType((void * *) &curpmap, pmap->pScreen->defColormap,
- RT_COLORMAP, serverClient, DixUnknownAccess);
+ int rc = dixLookupResourceByType((void * *) &curpmap, pmap->pScreen->defColormap,
+ RT_COLORMAP, serverClient, DixUnknownAccess);
+ if (rc != Success)
+ ErrorF("Failed to uninstall color map\n");
+ else
#endif
- (*pmap->pScreen->InstallColormap)(curpmap);
+ (*pmap->pScreen->InstallColormap)(curpmap);
}
}
}
diff --git a/vncviewer/DesktopWindow.cxx b/vncviewer/DesktopWindow.cxx
index d070b648..1843485a 100644
--- a/vncviewer/DesktopWindow.cxx
+++ b/vncviewer/DesktopWindow.cxx
@@ -103,12 +103,12 @@ DesktopWindow::DesktopWindow(int w, int h, const char *name,
int geom_x = 0, geom_y = 0;
if (strcmp(geometry, "") != 0) {
int matched;
- matched = sscanf(geometry.getValueStr(), "+%d+%d", &geom_x, &geom_y);
+ matched = sscanf((const char*)geometry, "+%d+%d", &geom_x, &geom_y);
if (matched == 2) {
force_position(1);
} else {
int geom_w, geom_h;
- matched = sscanf(geometry.getValueStr(), "%dx%d+%d+%d", &geom_w, &geom_h, &geom_x, &geom_y);
+ matched = sscanf((const char*)geometry, "%dx%d+%d+%d", &geom_w, &geom_h, &geom_x, &geom_y);
switch (matched) {
case 4:
force_position(1);
diff --git a/vncviewer/OptionsDialog.cxx b/vncviewer/OptionsDialog.cxx
index b018c95b..62b5d9c5 100644
--- a/vncviewer/OptionsDialog.cxx
+++ b/vncviewer/OptionsDialog.cxx
@@ -282,7 +282,7 @@ void OptionsDialog::loadOptions(void)
/* Screen */
int width, height;
- if (sscanf(desktopSize.getValueStr(), "%dx%d", &width, &height) != 2) {
+ if (sscanf((const char*)desktopSize, "%dx%d", &width, &height) != 2) {
desktopSizeCheckbox->value(false);
desktopWidthInput->value("1024");
desktopHeightInput->value("768");
diff --git a/vncviewer/ServerDialog.cxx b/vncviewer/ServerDialog.cxx
index de67f87b..fec17896 100644
--- a/vncviewer/ServerDialog.cxx
+++ b/vncviewer/ServerDialog.cxx
@@ -150,7 +150,7 @@ void ServerDialog::handleLoad(Fl_Widget *widget, void *data)
return;
}
- const char* filename = strdup(file_chooser->value());
+ const char* filename = file_chooser->value();
try {
dialog->serverName->value(loadViewerParameters(filename));
@@ -165,8 +165,8 @@ void ServerDialog::handleLoad(Fl_Widget *widget, void *data)
void ServerDialog::handleSaveAs(Fl_Widget *widget, void *data)
{
ServerDialog *dialog = (ServerDialog*)data;
- const char* servername = strdup(dialog->serverName->value());
- char* filename;
+ const char* servername = dialog->serverName->value();
+ const char* filename;
Fl_File_Chooser* file_chooser = new Fl_File_Chooser("", _("TigerVNC configuration (*.tigervnc)"),
2, _("Save the TigerVNC configuration to file"));
@@ -187,7 +187,7 @@ void ServerDialog::handleSaveAs(Fl_Widget *widget, void *data)
return;
}
- filename = strdup(file_chooser->value());
+ filename = file_chooser->value();
FILE* f = fopen(filename, "r");
if (f) {
@@ -235,7 +235,7 @@ void ServerDialog::handleCancel(Fl_Widget *widget, void *data)
void ServerDialog::handleConnect(Fl_Widget *widget, void *data)
{
ServerDialog *dialog = (ServerDialog*)data;
- const char* servername = strdup(dialog->serverName->value());
+ const char* servername = dialog->serverName->value();
dialog->hide();
diff --git a/vncviewer/parameters.cxx b/vncviewer/parameters.cxx
index 51cce3d7..94cc1b05 100644
--- a/vncviewer/parameters.cxx
+++ b/vncviewer/parameters.cxx
@@ -499,6 +499,7 @@ void saveViewerParameters(const char *filename, const char *servername) {
}
snprintf(filepath, sizeof(filepath), "%sdefault.tigervnc", homeDir);
+ free(homeDir);
} else {
snprintf(filepath, sizeof(filepath), "%s", filename);
}
@@ -555,6 +556,7 @@ char* loadViewerParameters(const char *filename) {
"can't obtain home directory path."));
snprintf(filepath, sizeof(filepath), "%sdefault.tigervnc", homeDir);
+ free(homeDir);
} else {
snprintf(filepath, sizeof(filepath), "%s", filename);
}
diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
index f076565f..a9d4dfea 100644
--- a/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx
@@ -470,9 +470,9 @@ static int mktunnel()
int localPort = findFreeTcpPort();
int remotePort;
- gatewayHost = strDup(via.getValueStr());
if (interpretViaParam(remoteHost, &remotePort, localPort) != 0)
return 1;
+ gatewayHost = (const char*)via;
createTunnel(gatewayHost, remoteHost, remotePort, localPort);
return 0;

12
tigervnc-cursor.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up tigervnc-1.3.0/vncviewer/Viewport.cxx.cursor tigervnc-1.3.0/vncviewer/Viewport.cxx
--- tigervnc-1.3.0/vncviewer/Viewport.cxx.cursor 2013-12-17 13:28:23.170400013 +0000
+++ tigervnc-1.3.0/vncviewer/Viewport.cxx 2013-12-17 13:29:46.095784064 +0000
@@ -248,7 +248,7 @@ void Viewport::setCursor(int width, int height, const Point& hotspot,
}
}
- if (Fl::belowmouse() == this)
+ if (Fl::belowmouse() == this && cursor)
window()->cursor(cursor, cursorHotspot.x, cursorHotspot.y);
}

13
tigervnc-let-user-know-about-not-using-view-only-password.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
index 16c925ee..6398121e 100644
--- a/unix/vncpasswd/vncpasswd.cxx
+++ b/unix/vncpasswd/vncpasswd.cxx
@@ -150,6 +150,8 @@ int main(int argc, char** argv)
char yesno[3];
if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) {
obfuscatedReadOnly = readpassword();
+ } else {
+ fprintf(stderr, "A view-only password is not used\n");
}
FILE* fp = fopen(fname,"w");

12
tigervnc-use-gnome-as-default-session.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/unix/vncserver/vncserver-config-defaults b/unix/vncserver/vncserver-config-defaults
index 0c217bf..2889347 100644
--- a/unix/vncserver/vncserver-config-defaults
+++ b/unix/vncserver/vncserver-config-defaults
@@ -13,3 +13,7 @@
# geometry=2000x1200
# localhost
# alwaysshared
+
+# Default to GNOME session
+# Note: change this only when you know what are you doing
+session=gnome

13
tigervnc-working-tls-on-fips-systems.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index b946022..2daefa2 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -186,7 +186,7 @@ void SSecurityTLS::setParams(gnutls_session_t session)
if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_dh_params_init failed");
- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
+ if (gnutls_dh_params_generate2(dh_params, gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM)) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_dh_params_generate2 failed");
if (anon) {

47
tigervnc.spec
View File

@ -1,6 +1,6 @@
Name: tigervnc Name: tigervnc
Version: 1.11.0 Version: 1.11.0
Release: 11%{?dist} Release: 12%{?dist}
Summary: A TigerVNC remote display system Summary: A TigerVNC remote display system
%global _hardened_build 1 %global _hardened_build 1
@ -19,14 +19,23 @@ Source5: vncserver
Source6: vncserver.man Source6: vncserver.man
Patch1: tigervnc-getmaster.patch Patch1: tigervnc-getmaster.patch
Patch2: tigervnc-utilize-system-crypto-policies.patch Patch2: tigervnc-cursor.patch
Patch3: tigervnc-passwd-crash-with-malloc-checks.patch Patch3: tigervnc-1.3.1-CVE-2014-8240.patch
Patch4: tigervnc-systemd-service.patch Patch4: tigervnc-let-user-know-about-not-using-view-only-password.patch
Patch5: tigervnc-working-tls-on-fips-systems.patch
Patch6: tigervnc-utilize-system-crypto-policies.patch
Patch7: tigervnc-passwd-crash-with-malloc-checks.patch
Patch8: tigervnc-use-gnome-as-default-session.patch
# Upstream patches # Upstream patches
Patch50: tigervnc-tolerate-specifying-boolparam.patch Patch50: tigervnc-tolerate-specifying-boolparam.patch
Patch51: tigervnc-systemd-service.patch
Patch52: tigervnc-correctly-start-vncsession-as-daemon.patch
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver120.patch Patch100: tigervnc-xserver120.patch
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
Patch101: 0001-rpath-hack.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -144,20 +153,35 @@ for all in `find . -type f -perm -001`; do
chmod -x "$all" chmod -x "$all"
done done
%patch100 -p1 -b .xserver120-rebased %patch100 -p1 -b .xserver120-rebased
%patch101 -p1 -b .rpath
popd popd
# libvnc.so: don't use unexported GetMaster function (bug #744881 again). # libvnc.so: don't use unexported GetMaster function (bug #744881 again).
%patch1 -p1 -b .getmaster %patch1 -p1 -b .getmaster
# Fixed viewer crash when cursor has not been set (bug #1051333).
%patch2 -p1 -b .cursor
# CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based
# buffer overflow in screen size handling
%patch3 -p1 -b .tigervnc-1.3.1-CVE-2014-8240
# Bug 1447555 - view-only accepts enter, unclear whether default password is generated or not
%patch4 -p1 -b .let-user-know-about-not-using-view-only-password
# Bug 1492107 - VNC cannot be used when FIPS is enabled because DH_BITS is too low
%patch5 -p1 -b .working-tls-on-fips-systems
# Utilize system-wide crypto policies # Utilize system-wide crypto policies
%patch2 -p1 -b .utilize-system-crypto-policies %patch6 -p1 -b .utilize-system-crypto-policies.patch
%patch3 -p1 -b .tigervnc-passwd-crash-with-malloc-checks %patch7 -p1 -b .passwd-crash-with-malloc-checks
%patch8 -p1 -b .use-gnome-as-default-session
# https://github.com/TigerVNC/tigervnc/pull/1115 # Upstream patches
%patch4 -p1 -b .tigervnc-systemd-service %patch50 -p1 -b .tolerate-specifying-boolparam
%patch51 -p1 -b .systemd-service
%patch50 -p1 -b .tigervnc-tolerate-specifying-boolparam %patch52 -p1 -b .correctly-start-vncsession-as-daemon
%build %build
%ifarch sparcv9 sparc64 s390 s390x %ifarch sparcv9 sparc64 s390 s390x
@ -339,6 +363,9 @@ fi
%{_datadir}/selinux/packages/vncsession.pp %{_datadir}/selinux/packages/vncsession.pp
%changelog %changelog
* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12
- Include RHEL8 patches
* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11 * Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11
- Enable old vncserver script for RHEL 9 - Enable old vncserver script for RHEL 9