rpms
/
tigervnc
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:a8
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:a9
rpms:c8s
rpms:imports/c9/tigervnc-1.13.1-8.el9_4.3
rpms:changed/a8/tigervnc-1.13.1-2.el8_9.10.alma.1
rpms:changed/a8/tigervnc-1.13.1-2.el8_9.7.alma.1
rpms:changed/a9/tigervnc-1.13.1-3.el9_3.6.alma.1
rpms:changed/a8/tigervnc-1.13.1-2.el8_9.4.alma.1
rpms:changed/a9/tigervnc-1.13.1-3.el9_3.3.alma.1
rpms:imports/c8-beta/tigervnc-1.13.1-2.el8
rpms:imports/c9-beta/tigervnc-1.13.1-2.el9
rpms:imports/c8/tigervnc-1.12.0-15.el8_8
rpms:imports/c9/tigervnc-1.12.0-13.el9_2
rpms:imports/c9/tigervnc-1.12.0-5.el9_1.2
rpms:imports/c8/tigervnc-1.12.0-9.el8_7.2
rpms:imports/c8/tigervnc-1.12.0-9.el8_7.3
rpms:imports/c9-beta/tigervnc-1.12.0-12.el9
rpms:imports/c8-beta/tigervnc-1.12.0-14.el8
rpms:imports/c8/tigervnc-1.12.0-9.el8_7.1
rpms:imports/c9/tigervnc-1.12.0-5.el9_1.1
rpms:imports/c8/tigervnc-1.12.0-8.el8_7
rpms:imports/c8s/tigervnc-1.12.0-9.el8
rpms:imports/c8s/tigervnc-1.12.0-8.el8
rpms:imports/c9/tigervnc-1.12.0-4.el9
rpms:imports/c8/tigervnc-1.12.0-7.el8
rpms:imports/c9-beta/tigervnc-1.12.0-4.el9
rpms:imports/c8-beta/tigervnc-1.12.0-7.el8
rpms:imports/c8s/tigervnc-1.12.0-7.el8
rpms:imports/c8s/tigervnc-1.12.0-6.el8
rpms:imports/c8s/tigervnc-1.12.0-5.el8
rpms:imports/c9/tigervnc-1.11.0-21.el9
rpms:imports/c8/tigervnc-1.12.0-4.el8
rpms:imports/c9-beta/tigervnc-1.11.0-21.el9
rpms:imports/c8-beta/tigervnc-1.12.0-4.el8
rpms:imports/c8s/tigervnc-1.12.0-4.el8
rpms:imports/c8s/tigervnc-1.12.0-3.el8
rpms:imports/c8/tigervnc-1.11.0-10.el8_5
rpms:imports/c8s/tigervnc-1.12.0-2.el8
rpms:imports/c9-beta/tigervnc-1.11.0-20.el9
rpms:imports/c8s/tigervnc-1.11.0-10.el8_5
rpms:imports/c9-beta/tigervnc-1.11.0-18.el9
rpms:imports/c8/tigervnc-1.11.0-9.el8
rpms:imports/c8-beta/tigervnc-1.11.0-9.el8
rpms:imports/c8-beta/tigervnc-1.11.0-6.el8
rpms:imports/c8-beta/tigervnc-1.10.1-5.el8
rpms:imports/c8-beta/tigervnc-1.9.0-12.el8
rpms:imports/c8-beta/tigervnc-1.9.0-9.el8
rpms:imports/c8s/tigervnc-1.11.0-9.el8
rpms:imports/c8s/tigervnc-1.11.0-8.el8
rpms:imports/c8s/tigervnc-1.11.0-7.el8
rpms:imports/c8s/tigervnc-1.11.0-6.el8
rpms:imports/c8s/tigervnc-1.11.0-5.el8
rpms:imports/c8/tigervnc-1.11.0-6.el8
rpms:imports/c8/tigervnc-1.10.1-9.el8_3
rpms:imports/c8/tigervnc-1.10.1-7.el8
rpms:imports/c8/tigervnc-1.9.0-15.el8_1
rpms:imports/c8/tigervnc-1.9.0-14.el8_1
...
pull from: rpms:c9
Branches Tags
rpms:c9
rpms:a8
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:a9
rpms:c8
rpms:c8s
rpms:imports/c9/tigervnc-1.13.1-8.el9_4.3
rpms:changed/a8/tigervnc-1.13.1-2.el8_9.10.alma.1
rpms:changed/a8/tigervnc-1.13.1-2.el8_9.7.alma.1
rpms:changed/a9/tigervnc-1.13.1-3.el9_3.6.alma.1
rpms:changed/a8/tigervnc-1.13.1-2.el8_9.4.alma.1
rpms:changed/a9/tigervnc-1.13.1-3.el9_3.3.alma.1
rpms:imports/c8-beta/tigervnc-1.13.1-2.el8
rpms:imports/c9-beta/tigervnc-1.13.1-2.el9
rpms:imports/c8/tigervnc-1.12.0-15.el8_8
rpms:imports/c9/tigervnc-1.12.0-13.el9_2
rpms:imports/c9/tigervnc-1.12.0-5.el9_1.2
rpms:imports/c8/tigervnc-1.12.0-9.el8_7.2
rpms:imports/c8/tigervnc-1.12.0-9.el8_7.3
rpms:imports/c9-beta/tigervnc-1.12.0-12.el9
rpms:imports/c8-beta/tigervnc-1.12.0-14.el8
rpms:imports/c8/tigervnc-1.12.0-9.el8_7.1
rpms:imports/c9/tigervnc-1.12.0-5.el9_1.1
rpms:imports/c8/tigervnc-1.12.0-8.el8_7
rpms:imports/c8s/tigervnc-1.12.0-9.el8
rpms:imports/c8s/tigervnc-1.12.0-8.el8
rpms:imports/c9/tigervnc-1.12.0-4.el9
rpms:imports/c8/tigervnc-1.12.0-7.el8
rpms:imports/c9-beta/tigervnc-1.12.0-4.el9
rpms:imports/c8-beta/tigervnc-1.12.0-7.el8
rpms:imports/c8s/tigervnc-1.12.0-7.el8
rpms:imports/c8s/tigervnc-1.12.0-6.el8
rpms:imports/c8s/tigervnc-1.12.0-5.el8
rpms:imports/c9/tigervnc-1.11.0-21.el9
rpms:imports/c8/tigervnc-1.12.0-4.el8
rpms:imports/c9-beta/tigervnc-1.11.0-21.el9
rpms:imports/c8-beta/tigervnc-1.12.0-4.el8
rpms:imports/c8s/tigervnc-1.12.0-4.el8
rpms:imports/c8s/tigervnc-1.12.0-3.el8
rpms:imports/c8/tigervnc-1.11.0-10.el8_5
rpms:imports/c8s/tigervnc-1.12.0-2.el8
rpms:imports/c9-beta/tigervnc-1.11.0-20.el9
rpms:imports/c8s/tigervnc-1.11.0-10.el8_5
rpms:imports/c9-beta/tigervnc-1.11.0-18.el9
rpms:imports/c8/tigervnc-1.11.0-9.el8
rpms:imports/c8-beta/tigervnc-1.11.0-9.el8
rpms:imports/c8-beta/tigervnc-1.11.0-6.el8
rpms:imports/c8-beta/tigervnc-1.10.1-5.el8
rpms:imports/c8-beta/tigervnc-1.9.0-12.el8
rpms:imports/c8-beta/tigervnc-1.9.0-9.el8
rpms:imports/c8s/tigervnc-1.11.0-9.el8
rpms:imports/c8s/tigervnc-1.11.0-8.el8
rpms:imports/c8s/tigervnc-1.11.0-7.el8
rpms:imports/c8s/tigervnc-1.11.0-6.el8
rpms:imports/c8s/tigervnc-1.11.0-5.el8
rpms:imports/c8/tigervnc-1.11.0-6.el8
rpms:imports/c8/tigervnc-1.10.1-9.el8_3
rpms:imports/c8/tigervnc-1.10.1-7.el8
rpms:imports/c8/tigervnc-1.9.0-15.el8_1
rpms:imports/c8/tigervnc-1.9.0-14.el8_1

No commits in common. "c8" and "c9" have entirely different histories.
c8 ... c9

23 changed files with 855 additions and 767 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/tigervnc-1.12.0.tar.gz
SOURCES/tigervnc-1.13.1.tar.gz

2
.tigervnc.metadata
View File

@ -1 +1 @@
44db63993d8ad04f730b0b48e8aca32933bff15a SOURCES/tigervnc-1.12.0.tar.gz
6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz

2
SOURCES/10-libvnc.conf
View File

@ -12,7 +12,7 @@
#EndSection
#Section "Screen"
# Identifier "Screen0"
# Identifier "Screen0
# DefaultDepth 16
# Option "SecurityTypes" "VncAuth"
# Option "PasswordFile" "/root/.vnc/passwd"

199
SOURCES/tigervnc-add-new-keycodes-for-unknown-keysyms.patch
View File

@ -1,199 +0,0 @@
From ccbd491fa48f1c43daeb1a6c5ee91a1a8fa3db88 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Tue, 9 Aug 2022 14:31:07 +0200
Subject: [PATCH] x0vncserver: add new keysym in case we don't find a matching
keycode
We might often fail to find a matching X11 keycode when the client has
a different keyboard layout and end up with no key event. To avoid a
failure we add it as a new keysym/keycode pair so the next time a keysym
from the client that is unknown to the server is send, we will find a
match and proceed with key event. This is same behavior used in Xvnc or
x11vnc, although Xvnc has more advanced mapping from keysym to keycode.
---
unix/x0vncserver/XDesktop.cxx | 121 +++++++++++++++++++++++++++++++++-
unix/x0vncserver/XDesktop.h | 4 ++
2 files changed, 122 insertions(+), 3 deletions(-)
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
index f2046e43e..933998f05 100644
--- a/unix/x0vncserver/XDesktop.cxx
+++ b/unix/x0vncserver/XDesktop.cxx
@@ -31,6 +31,7 @@
#include <x0vncserver/XDesktop.h>
#include <X11/XKBlib.h>
+#include <X11/Xutil.h>
#ifdef HAVE_XTEST
#include <X11/extensions/XTest.h>
#endif
@@ -50,6 +51,7 @@ void vncSetGlueContext(Display *dpy, void *res);
#include <x0vncserver/Geometry.h>
#include <x0vncserver/XPixelBuffer.h>
+using namespace std;
using namespace rfb;
extern const unsigned short code_map_qnum_to_xorgevdev[];
@@ -264,6 +266,9 @@ void XDesktop::start(VNCServer* vs) {
void XDesktop::stop() {
running = false;
+ // Delete added keycodes
+ deleteAddedKeysyms(dpy);
+
#ifdef HAVE_XDAMAGE
if (haveDamage)
XDamageDestroy(dpy, damage);
@@ -383,6 +388,118 @@ KeyCode XDesktop::XkbKeysymToKeycode(Display* dpy, KeySym keysym) {
}
#endif
+KeyCode XDesktop::addKeysym(Display* dpy, KeySym keysym)
+{
+ int types[1];
+ unsigned int key;
+ XkbDescPtr xkb;
+ XkbMapChangesRec changes;
+ KeySym *syms;
+ KeySym upper, lower;
+
+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
+
+ if (!xkb)
+ return 0;
+
+ for (key = xkb->max_key_code; key >= xkb->min_key_code; key--) {
+ if (XkbKeyNumGroups(xkb, key) == 0)
+ break;
+ }
+
+ if (key < xkb->min_key_code)
+ return 0;
+
+ memset(&changes, 0, sizeof(changes));
+
+ XConvertCase(keysym, &lower, &upper);
+
+ if (upper == lower)
+ types[XkbGroup1Index] = XkbOneLevelIndex;
+ else
+ types[XkbGroup1Index] = XkbAlphabeticIndex;
+
+ XkbChangeTypesOfKey(xkb, key, 1, XkbGroup1Mask, types, &changes);
+
+ syms = XkbKeySymsPtr(xkb,key);
+ if (upper == lower)
+ syms[0] = keysym;
+ else {
+ syms[0] = lower;
+ syms[1] = upper;
+ }
+
+ changes.changed |= XkbKeySymsMask;
+ changes.first_key_sym = key;
+ changes.num_key_syms = 1;
+
+ if (XkbChangeMap(dpy, xkb, &changes)) {
+ vlog.info("Added unknown keysym %s to keycode %d", XKeysymToString(keysym), key);
+ addedKeysyms[keysym] = key;
+ return key;
+ }
+
+ return 0;
+}
+
+void XDesktop::deleteAddedKeysyms(Display* dpy) {
+ XkbDescPtr xkb;
+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
+
+ if (!xkb)
+ return;
+
+ XkbMapChangesRec changes;
+ memset(&changes, 0, sizeof(changes));
+
+ KeyCode lowestKeyCode = xkb->max_key_code;
+ KeyCode highestKeyCode = xkb->min_key_code;
+ std::map<KeySym, KeyCode>::iterator it;
+ for (it = addedKeysyms.begin(); it != addedKeysyms.end(); it++) {
+ if (XkbKeyNumGroups(xkb, it->second) != 0) {
+ // Check if we are removing keysym we added ourself
+ if (XkbKeysymToKeycode(dpy, it->first) != it->second)
+ continue;
+
+ XkbChangeTypesOfKey(xkb, it->second, 0, XkbGroup1Mask, NULL, &changes);
+
+ if (it->second < lowestKeyCode)
+ lowestKeyCode = it->second;
+
+ if (it->second > highestKeyCode)
+ highestKeyCode = it->second;
+ }
+ }
+
+ changes.changed |= XkbKeySymsMask;
+ changes.first_key_sym = lowestKeyCode;
+ changes.num_key_syms = highestKeyCode - lowestKeyCode + 1;
+ XkbChangeMap(dpy, xkb, &changes);
+
+ addedKeysyms.clear();
+}
+
+KeyCode XDesktop::keysymToKeycode(Display* dpy, KeySym keysym) {
+ int keycode = 0;
+
+ // XKeysymToKeycode() doesn't respect state, so we have to use
+ // something slightly more complex
+ keycode = XkbKeysymToKeycode(dpy, keysym);
+
+ if (keycode != 0)
+ return keycode;
+
+ // TODO: try to further guess keycode with all possible mods as Xvnc does
+
+ keycode = addKeysym(dpy, keysym);
+
+ if (keycode == 0)
+ vlog.error("Failure adding new keysym 0x%lx", keysym);
+
+ return keycode;
+}
+
+
void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
#ifdef HAVE_XTEST
int keycode = 0;
@@ -398,9 +515,7 @@ void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
if (pressedKeys.find(keysym) != pressedKeys.end())
keycode = pressedKeys[keysym];
else {
- // XKeysymToKeycode() doesn't respect state, so we have to use
- // something slightly more complex
- keycode = XkbKeysymToKeycode(dpy, keysym);
+ keycode = keysymToKeycode(dpy, keysym);
}
}
diff --git a/unix/x0vncserver/XDesktop.h b/unix/x0vncserver/XDesktop.h
index 840d43316..6ebcd9f8a 100644
--- a/unix/x0vncserver/XDesktop.h
+++ b/unix/x0vncserver/XDesktop.h
@@ -55,6 +55,9 @@ class XDesktop : public rfb::SDesktop,
const char* userName);
virtual void pointerEvent(const rfb::Point& pos, int buttonMask);
KeyCode XkbKeysymToKeycode(Display* dpy, KeySym keysym);
+ KeyCode addKeysym(Display* dpy, KeySym keysym);
+ void deleteAddedKeysyms(Display* dpy);
+ KeyCode keysymToKeycode(Display* dpy, KeySym keysym);
virtual void keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down);
virtual void clientCutText(const char* str);
virtual unsigned int setScreenLayout(int fb_width, int fb_height,
@@ -78,6 +81,7 @@ class XDesktop : public rfb::SDesktop,
bool haveXtest;
bool haveDamage;
int maxButtons;
+ std::map<KeySym, KeyCode> addedKeysyms;
std::map<KeySym, KeyCode> pressedKeys;
bool running;
#ifdef HAVE_XDAMAGE

13
SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
index b3d0926d..d36a096f 100644
--- a/unix/xserver/hw/vnc/vncInput.c
+++ b/unix/xserver/hw/vnc/vncInput.c
@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
void vncGetPointerPos(int *x, int *y)
{
- if (vncPointerDev != NULL) {
+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
ScreenPtr ptrScreen;
miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);

117
SOURCES/tigervnc-fix-ghost-cursor-in-zaphod-mode.patch
View File

@ -1,117 +0,0 @@
From f783d5c8b567199178b6690f347e060a69d2aa36 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Thu, 11 Aug 2022 13:15:29 +0200
Subject: [PATCH] x0vncserver: update/display cursor only on correct screen in
zaphod mode
We have to check whether we update cursor position/shape only in case
the cursor is on our display, otherwise in zaphod mode, ie. when having
two instances of x0vncserver on screens :0.0 and :0.1 we would be having
the cursor duplicated and actually not funcional (aka ghost cursor) as
it would be actually not present. We also additionally watch EnterNotify
and LeaveNotify events in order to show/hide cursor accordingly.
Change made with help from Olivier Fourdan <ofourdan@redhat.com>
---
unix/x0vncserver/XDesktop.cxx | 60 +++++++++++++++++++++++++++++++----
1 file changed, 53 insertions(+), 7 deletions(-)
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
index f2046e43e..f07fd78bf 100644
--- a/unix/x0vncserver/XDesktop.cxx
+++ b/unix/x0vncserver/XDesktop.cxx
@@ -192,7 +192,8 @@ XDesktop::XDesktop(Display* dpy_, Geometry *geometry_)
RRScreenChangeNotifyMask | RRCrtcChangeNotifyMask);
/* Override TXWindow::init input mask */
XSelectInput(dpy, DefaultRootWindow(dpy),
- PropertyChangeMask | StructureNotifyMask | ExposureMask);
+ PropertyChangeMask | StructureNotifyMask |
+ ExposureMask | EnterWindowMask | LeaveWindowMask);
} else {
#endif
vlog.info("RANDR extension not present");
@@ -217,11 +218,13 @@ void XDesktop::poll() {
Window root, child;
int x, y, wx, wy;
unsigned int mask;
- XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
- &x, &y, &wx, &wy, &mask);
- x -= geometry->offsetLeft();
- y -= geometry->offsetTop();
- server->setCursorPos(rfb::Point(x, y), false);
+
+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
+ &x, &y, &wx, &wy, &mask)) {
+ x -= geometry->offsetLeft();
+ y -= geometry->offsetTop();
+ server->setCursorPos(rfb::Point(x, y), false);
+ }
}
}
@@ -253,7 +256,14 @@ void XDesktop::start(VNCServer* vs) {
#endif
#ifdef HAVE_XFIXES
- setCursor();
+ Window root, child;
+ int x, y, wx, wy;
+ unsigned int mask;
+ // Check whether the cursor is initially on our screen
+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
+ &x, &y, &wx, &wy, &mask))
+ setCursor();
+
#endif
server->setLEDState(ledState);
@@ -701,6 +711,15 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
if (cev->subtype != XFixesDisplayCursorNotify)
return false;
+ Window root, child;
+ int x, y, wx, wy;
+ unsigned int mask;
+
+ // Check whether the cursor is initially on our screen
+ if (!XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
+ &x, &y, &wx, &wy, &mask))
+ return false;
+
return setCursor();
#endif
#ifdef HAVE_XRANDR
@@ -753,6 +772,33 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
return true;
#endif
+#ifdef HAVE_XFIXES
+ } else if (ev->type == EnterNotify) {
+ XCrossingEvent* cev;
+
+ if (!running)
+ return true;
+
+ cev = (XCrossingEvent*)ev;
+
+ if (cev->window != cev->root)
+ return false;
+
+ return setCursor();
+ } else if (ev->type == LeaveNotify) {
+ XCrossingEvent* cev;
+
+ if (!running)
+ return true;
+
+ cev = (XCrossingEvent*)ev;
+
+ if (cev->window == cev->root)
+ return false;
+
+ server->setCursor(0, 0, Point(), NULL);
+ return true;
+#endif
}
return false;

34
SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch
View File

@ -1,34 +0,0 @@
From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 23 Dec 2021 15:58:00 +0100
Subject: [PATCH] Fix typo in mirror monitor detection
Bug introduced in fb561eb but still somehow passed manual testing.
Resulted in some stray reads off the end of the stack, which were
hopefully harmless.
---
vncviewer/MonitorIndicesParameter.cxx | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx
index 5130831cb..4ac74dd1a 100644
--- a/vncviewer/MonitorIndicesParameter.cxx
+++ b/vncviewer/MonitorIndicesParameter.cxx
@@ -211,13 +211,13 @@ std::vector<MonitorIndicesParameter::Monitor> MonitorIndicesParameter::fetchMoni
// Only keep a single entry for mirrored screens
match = false;
for (int j = 0; j < ((int) monitors.size()); j++) {
- if (monitors[i].x != monitor.x)
+ if (monitors[j].x != monitor.x)
continue;
- if (monitors[i].y != monitor.y)
+ if (monitors[j].y != monitor.y)
continue;
- if (monitors[i].w != monitor.w)
+ if (monitors[j].w != monitor.w)
continue;
- if (monitors[i].h != monitor.h)
+ if (monitors[j].h != monitor.h)
continue;
match = true;

25
SOURCES/tigervnc-root-user-selinux-context.patch
View File

@ -1,25 +0,0 @@
From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 7 Feb 2022 10:45:41 +0100
Subject: [PATCH] SELinux: use /root/.vnc in file context specification
Instead of HOME_ROOT/.vnc, /root/.vnc should be used
for user root's home to specify default file context
as HOME_ROOT actually means base for home dirs (usually /home).
---
unix/vncserver/selinux/vncsession.fc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
index 6aaf4b1f4..bc81f8f25 100644
--- a/unix/vncserver/selinux/vncsession.fc
+++ b/unix/vncserver/selinux/vncsession.fc
@@ -18,7 +18,7 @@
#
HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
-HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
+/root/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
/usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
/usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)

28
SOURCES/tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch
View File

@ -1,28 +0,0 @@
From 774c6bcf33b5c9b94c1ff12895775e77c555decc Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 9 Feb 2023 11:30:37 +0100
Subject: [PATCH] Sanity check when cleaning up keymap changes
Make sure we don't send a bogus request to the X server in the (common)
case that we don't actually have anything to restore.
(cherry picked from commit 1e3484f2017f038dd5149cd50741feaf39a680e4)
---
unix/x0vncserver/XDesktop.cxx | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
index d5c6b2db9..f9c810968 100644
--- a/unix/x0vncserver/XDesktop.cxx
+++ b/unix/x0vncserver/XDesktop.cxx
@@ -481,6 +481,10 @@ void XDesktop::deleteAddedKeysyms(Display* dpy) {
}
}
+ // Did we actually find something to remove?
+ if (highestKeyCode < lowestKeyCode)
+ return;
+
changes.changed |= XkbKeySymsMask;
changes.first_key_sym = lowestKeyCode;
changes.num_key_syms = highestKeyCode - lowestKeyCode + 1;

31
SOURCES/tigervnc-selinux-allow-vncsession-create-vnc-directory.patch
View File

@ -1,31 +0,0 @@
From 717d787de8f913070446444e37d552b51f05515e Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 16 Jan 2023 12:35:40 +0100
Subject: [PATCH] SELinux: Allow vncsession create ~/.vnc directory
Addresses the following AVC denial:
type=PROCTITLE msg=audit(01/12/2023 02:58:12.648:696) : proctitle=/usr/sbin/vncsession fedora :1
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=1 name=/home/fedora/.vnc nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=0 name=/home/fedora/ inode=262145 dev=fc:02 mode=dir,700 ouid=fedora ogid=fedora rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(01/12/2023 02:58:12.648:696) : cwd=/home/fedora
type=SYSCALL msg=audit(01/12/2023 02:58:12.648:696) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x7fff47d52540 a1=0755 a2=0x0 a3=0x0 items=2 ppid=2869 pid=2880 auid=fedora uid=fedora gid=fedora euid=fedora suid=fedora fsuid=fedora egid=fedora sgid=fedora fsgid=fedora tty=(none) ses=8 comm=vncsession exe=/usr/sbin/vncsession subj=system_u:system_r:vnc_session_t:s0 key=(null)
type=AVC msg=audit(01/12/2023 02:58:12.648:696) : avc: denied { create } for pid=2880 comm=vncsession name=.vnc scontext=system_u:system_r:vnc_session_t:s0 tcontext=system_u:object_r:vnc_home_t:s0 tclass=dir permissive=0
Resolves: rhbz#2143704
---
unix/vncserver/selinux/vncsession.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index fb966c14b..680be8ea1 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -37,6 +37,7 @@ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
+create_dirs_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
manage_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
manage_fifo_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
manage_sock_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)

81
SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
View File

@ -1,81 +0,0 @@
From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Thu, 11 Nov 2021 13:52:41 +0100
Subject: [PATCH] SELinux: restore SELinux context in case of different
policies
---
CMakeLists.txt | 13 +++++++++++++
unix/vncserver/CMakeLists.txt | 2 +-
unix/vncserver/vncsession.c | 16 ++++++++++++++++
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 50247c7da..1708eb3d8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE)
endif()
endif()
+# Check for SELinux library
+if(UNIX AND NOT APPLE)
+ check_include_files(selinux/selinux.h HAVE_SELINUX_H)
+ if(HAVE_SELINUX_H)
+ set(CMAKE_REQUIRED_LIBRARIES -lselinux)
+ set(CMAKE_REQUIRED_LIBRARIES)
+ set(SELINUX_LIBS selinux)
+ add_definitions("-DHAVE_SELINUX")
+ else()
+ message(WARNING "Could not find SELinux development files")
+ endif()
+endif()
+
# Generate config.h and make sure the source finds it
configure_file(config.h.in config.h)
add_definitions(-DHAVE_CONFIG_H)
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
index f65ccc7db..ae69dc098 100644
--- a/unix/vncserver/CMakeLists.txt
+++ b/unix/vncserver/CMakeLists.txt
@@ -1,5 +1,5 @@
add_executable(vncsession vncsession.c)
-target_link_libraries(vncsession ${PAM_LIBS})
+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
configure_file(vncserver@.service.in vncserver@.service @ONLY)
configure_file(vncsession-start.in vncsession-start @ONLY)
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
index 3573e5e9b..f6d2fd59e 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -37,6 +37,11 @@
#include <sys/types.h>
#include <sys/wait.h>
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/restorecon.h>
+#endif
+
extern char **environ;
// PAM service name
@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display)
syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
_exit(EX_OSERR);
}
+
+#ifdef HAVE_SELINUX
+ int result;
+ if (selinux_file_context_verify(logfile, 0) == 0) {
+ result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
+
+ if (result < 0) {
+ syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
+ }
+ }
+#endif
}
hostlen = sysconf(_SC_HOST_NAME_MAX);

135
SOURCES/tigervnc-support-username-alias-in-plainusers.patch Normal file
View File

@ -0,0 +1,135 @@
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index 6f65e87..3142ba3 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -27,6 +27,8 @@
#include <rdr/InStream.h>
#if !defined(WIN32) && !defined(__APPLE__)
#include <rfb/UnixPasswordValidator.h>
+#include <unistd.h>
+#include <pwd.h>
#endif
#ifdef WIN32
#include <rfb/WinPasswdValidator.h>
@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
bool PasswordValidator::validUser(const char* username)
{
- CharArray users(plainUsers.getValueStr()), user;
+ std::vector<std::string> users;
- while (users.buf) {
- strSplit(users.buf, ',', &user.buf, &users.buf);
-#ifdef WIN32
- if (0 == stricmp(user.buf, "*"))
- return true;
- if (0 == stricmp(user.buf, username))
- return true;
-#else
- if (!strcmp(user.buf, "*"))
- return true;
- if (!strcmp(user.buf, username))
- return true;
+ users = split(plainUsers, ',');
+
+ for (size_t i = 0; i < users.size(); i++) {
+ if (users[i] == "*")
+ return true;
+#if !defined(WIN32) && !defined(__APPLE__)
+ if (users[i] == "%u") {
+ struct passwd *pw = getpwnam(username);
+ if (pw && pw->pw_uid == getuid())
+ return true;
+ }
#endif
+ if (users[i] == username)
+ return true;
}
return false;
}
diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
index 649eb0b..cce73a0 100644
--- a/common/rfb/util.cxx
+++ b/common/rfb/util.cxx
@@ -99,6 +99,26 @@ namespace rfb {
return false;
}
+ std::vector<std::string> split(const char* src,
+ const char delimiter)
+ {
+ std::vector<std::string> out;
+ const char *start, *stop;
+
+ start = src;
+ do {
+ stop = strchr(start, delimiter);
+ if (stop == NULL) {
+ out.push_back(start);
+ } else {
+ out.push_back(std::string(start, stop-start));
+ start = stop + 1;
+ }
+ } while (stop != NULL);
+
+ return out;
+ }
+
bool strContains(const char* src, char c) {
int l=strlen(src);
for (int i=0; i<l; i++)
diff --git a/common/rfb/util.h b/common/rfb/util.h
index f0ac9ef..ed15c28 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -27,6 +27,9 @@
#include <limits.h>
#include <string.h>
+#include <string>
+#include <vector>
+
struct timeval;
#ifdef __GNUC__
@@ -76,6 +79,10 @@ namespace rfb {
// that part of the string. Obviously, setting both to 0 is not useful...
bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
+ // Splits a string with the specified delimiter
+ std::vector<std::string> split(const char* src,
+ const char delimiter);
+
// Returns true if src contains c
bool strContains(const char* src, char c);
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
index c36ae34..78db730 100644
--- a/unix/x0vncserver/x0vncserver.man
+++ b/unix/x0vncserver/x0vncserver.man
@@ -125,8 +125,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
index ea87dea..e9fb654 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -200,8 +200,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP

17
SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
index f8141959..c5c36539 100644
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
if (strcmp(argv[i], "-inetd") == 0) {
int nullfd;
- dup2(0, 3);
- vncInetdSock = 3;
+ if ((vncInetdSock = dup(0)) == -1)
+ FatalError
+ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
+
/* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
replaced by /dev/null by OsInit() because the pollfd is not

12
SOURCES/vncserver
View File

@ -121,7 +121,7 @@ if ($fontPath eq "") {
# Check command line options
&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0);
&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});
@ -168,8 +168,13 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
$displayNumber = $1;
shift(@ARGV);
if (!&CheckDisplayNumber($displayNumber)) {
warn "A VNC server is already running as :$displayNumber\n";
$displayNumber = &GetDisplayNumber();
if ($opt{'-fallbacktofreeport'}) {
warn "A VNC server is already running as :$displayNumber\n";
$displayNumber = &GetDisplayNumber();
warn "Using port :$displayNumber as fallback\n";
} else {
die "A VNC server is already running as :$displayNumber\n";
}
}
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
&Usage();
@ -675,6 +680,7 @@ sub Usage
" [-autokill]\n".
" [-noxstartup]\n".
" [-xstartup <file>]\n".
" [-fallbacktofreeport]\n".
" <Xvnc-options>...\n\n".
" $prog -kill <X-display>\n\n".
" $prog -list\n\n");

32
SOURCES/xorg-CVE-2024-0229-followup.patch Normal file
View File

@ -0,0 +1,32 @@
From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 22 Jan 2024 14:22:12 +1000
Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
event
Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
---
dix/enterleave.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 7b7ba1098b..c1e6ac600e 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
ev->first_valuator = first;
switch (ev->num_valuators) {
case 6:
- ev->valuator2 = v->axisVal[first + 5];
+ ev->valuator5 = v->axisVal[first + 5];
case 5:
- ev->valuator2 = v->axisVal[first + 4];
+ ev->valuator4 = v->axisVal[first + 4];
case 4:
- ev->valuator2 = v->axisVal[first + 3];
+ ev->valuator3 = v->axisVal[first + 3];
case 3:
ev->valuator2 = v->axisVal[first + 2];
case 2:
--
GitLab

45
SOURCES/xorg-CVE-2024-31080.patch Normal file
View File

@ -0,0 +1,45 @@
From 96798fc1967491c80a4d0c8d9e0a80586cb2152b Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 22 Mar 2024 18:51:45 -0700
Subject: [PATCH 1/4] Xi: ProcXIGetSelectedEvents needs to use unswapped length
to send reply
CVE-2024-31080
Reported-by: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762
Fixes: 53e821ab4 ("Xi: add request processing for XIGetSelectedEvents.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
---
Xi/xiselectev.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Xi/xiselectev.c b/Xi/xiselectev.c
index edcb8a0d3..ac1494987 100644
--- a/Xi/xiselectev.c
+++ b/Xi/xiselectev.c
@@ -349,6 +349,7 @@ ProcXIGetSelectedEvents(ClientPtr client)
InputClientsPtr others = NULL;
xXIEventMask *evmask = NULL;
DeviceIntPtr dev;
+ uint32_t length;
REQUEST(xXIGetSelectedEventsReq);
REQUEST_SIZE_MATCH(xXIGetSelectedEventsReq);
@@ -418,10 +419,12 @@ ProcXIGetSelectedEvents(ClientPtr client)
}
}
+ /* save the value before SRepXIGetSelectedEvents swaps it */
+ length = reply.length;
WriteReplyToClient(client, sizeof(xXIGetSelectedEventsReply), &reply);
if (reply.num_masks)
- WriteToClient(client, reply.length * 4, buffer);
+ WriteToClient(client, length * 4, buffer);
free(buffer);
return Success;
--
2.44.0

43
SOURCES/xorg-CVE-2024-31081.patch Normal file
View File

@ -0,0 +1,43 @@
From 3e77295f888c67fc7645db5d0c00926a29ffecee Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 22 Mar 2024 18:56:27 -0700
Subject: [PATCH 2/4] Xi: ProcXIPassiveGrabDevice needs to use unswapped length
to send reply
CVE-2024-31081
Fixes: d220d6907 ("Xi: add GrabButton and GrabKeysym code.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
---
Xi/xipassivegrab.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
index c9ac2f855..896233bec 100644
--- a/Xi/xipassivegrab.c
+++ b/Xi/xipassivegrab.c
@@ -93,6 +93,7 @@ ProcXIPassiveGrabDevice(ClientPtr client)
GrabParameters param;
void *tmp;
int mask_len;
+ uint32_t length;
REQUEST(xXIPassiveGrabDeviceReq);
REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq,
@@ -247,9 +248,11 @@ ProcXIPassiveGrabDevice(ClientPtr client)
}
}
+ /* save the value before SRepXIPassiveGrabDevice swaps it */
+ length = rep.length;
WriteReplyToClient(client, sizeof(rep), &rep);
if (rep.num_modifiers)
- WriteToClient(client, rep.length * 4, modifiers_failed);
+ WriteToClient(client, length * 4, modifiers_failed);
out:
free(modifiers_failed);
--
2.44.0

47
SOURCES/xorg-CVE-2024-31082.patch Normal file
View File

@ -0,0 +1,47 @@
From 6c684d035c06fd41c727f0ef0744517580864cef Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 22 Mar 2024 19:07:34 -0700
Subject: [PATCH 3/4] Xquartz: ProcAppleDRICreatePixmap needs to use unswapped
length to send reply
CVE-2024-31082
Fixes: 14205ade0 ("XQuartz: appledri: Fix byte swapping in replies")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
---
hw/xquartz/xpr/appledri.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/xquartz/xpr/appledri.c b/hw/xquartz/xpr/appledri.c
index 77574655b..40422b61a 100644
--- a/hw/xquartz/xpr/appledri.c
+++ b/hw/xquartz/xpr/appledri.c
@@ -272,6 +272,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
xAppleDRICreatePixmapReply rep;
int width, height, pitch, bpp;
void *ptr;
+ CARD32 stringLength;
REQUEST_SIZE_MATCH(xAppleDRICreatePixmapReq);
@@ -307,6 +308,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
if (sizeof(rep) != sz_xAppleDRICreatePixmapReply)
ErrorF("error sizeof(rep) is %zu\n", sizeof(rep));
+ stringLength = rep.stringLength; /* save unswapped value */
if (client->swapped) {
swaps(&rep.sequenceNumber);
swapl(&rep.length);
@@ -319,7 +321,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
}
WriteToClient(client, sizeof(rep), &rep);
- WriteToClient(client, rep.stringLength, path);
+ WriteToClient(client, stringLength, path);
return Success;
}
--
2.44.0

72
SOURCES/xorg-CVE-2024-31083-followup.patch Normal file
View File

@ -0,0 +1,72 @@
From 337d8d48b618d4fc0168a7b978be4c3447650b04 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Fri, 5 Apr 2024 15:24:49 +0200
Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs()
ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and
then frees it using FreeGlyph() to decrease the reference count, after
AddGlyph() has increased it.
AddGlyph() however may chose to reuse an existing glyph if it's already
in the glyphSet, and free the glyph that was given, in which case the
caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an
already freed glyph, as reported by ASan:
READ of size 4 thread T0
#0 in FreeGlyph xserver/render/glyph.c:252
#1 in ProcRenderAddGlyphs xserver/render/render.c:1174
#2 in Dispatch xserver/dix/dispatch.c:546
#3 in dix_main xserver/dix/main.c:271
#4 in main xserver/dix/stubmain.c:34
#5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#6 in __libc_start_main_impl ../csu/libc-start.c:360
#7 (/usr/bin/Xwayland+0x44fe4)
Address is located 0 bytes inside of 64-byte region
freed by thread T0 here:
#0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52
#1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538
#2 in AddGlyph xserver/render/glyph.c:295
#3 in ProcRenderAddGlyphs xserver/render/render.c:1173
#4 in Dispatch xserver/dix/dispatch.c:546
#5 in dix_main xserver/dix/main.c:271
#6 in main xserver/dix/stubmain.c:34
#7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
previously allocated by thread T0 here:
#0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69
#1 in AllocateGlyph xserver/render/glyph.c:355
#2 in ProcRenderAddGlyphs xserver/render/render.c:1085
#3 in Dispatch xserver/dix/dispatch.c:546
#4 in dix_main xserver/dix/main.c:271
#5 in main xserver/dix/stubmain.c:34
#6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph
To avoid that, make sure not to free the given glyph in AddGlyph().
v2: Simplify the test using the boolean returned from AddGlyph() (Michel)
v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter)
Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476>
---
render/glyph.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/render/glyph.c b/render/glyph.c
index 13991f8a1..5fa7f3b5b 100644
--- a/render/glyph.c
+++ b/render/glyph.c
@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id)
gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature,
TRUE, glyph->sha1);
if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) {
- FreeGlyphPicture(glyph);
- dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH);
glyph = gr->glyph;
}
else if (gr->glyph != glyph) {
--
2.44.0

112
SOURCES/xorg-CVE-2024-31083.patch Normal file
View File

@ -0,0 +1,112 @@
From bdca6c3d1f5057eeb31609b1280fc93237b00c77 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 30 Jan 2024 13:13:35 +1000
Subject: [PATCH 4/4] render: fix refcounting of glyphs during
ProcRenderAddGlyphs
Previously, AllocateGlyph would return a new glyph with refcount=0 and a
re-used glyph would end up not changing the refcount at all. The
resulting glyph_new array would thus have multiple entries pointing to
the same non-refcounted glyphs.
AddGlyph may free a glyph, resulting in a UAF when the same glyph
pointer is then later used.
Fix this by returning a refcount of 1 for a new glyph and always
incrementing the refcount for a re-used glyph, followed by dropping that
refcount back down again when we're done with it.
CVE-2024-31083, ZDI-CAN-22880
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
---
render/glyph.c | 5 +++--
render/glyphstr_priv.h | 1 +
render/render.c | 15 +++++++++++----
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/render/glyph.c b/render/glyph.c
index 850ea8440..13991f8a1 100644
--- a/render/glyph.c
+++ b/render/glyph.c
@@ -245,10 +245,11 @@ FreeGlyphPicture(GlyphPtr glyph)
}
}
-static void
+void
FreeGlyph(GlyphPtr glyph, int format)
{
CheckDuplicates(&globalGlyphs[format], "FreeGlyph");
+ BUG_RETURN(glyph->refcnt == 0);
if (--glyph->refcnt == 0) {
GlyphRefPtr gr;
int i;
@@ -354,7 +355,7 @@ AllocateGlyph(xGlyphInfo * gi, int fdepth)
glyph = (GlyphPtr) malloc(size);
if (!glyph)
return 0;
- glyph->refcnt = 0;
+ glyph->refcnt = 1;
glyph->size = size + sizeof(xGlyphInfo);
glyph->info = *gi;
dixInitPrivates(glyph, (char *) glyph + head_size, PRIVATE_GLYPH);
diff --git a/render/glyphstr.h b/render/glyphstr.h
index 2f51bd244..3b1d806d1 100644
--- a/render/glyphstr.h
+++ b/render/glyphstr.h
@@ -108,6 +108,7 @@ extern Bool
extern GlyphPtr FindGlyph(GlyphSetPtr glyphSet, Glyph id);
extern GlyphPtr AllocateGlyph(xGlyphInfo * gi, int format);
+extern void FreeGlyph(GlyphPtr glyph, int format);
extern Bool
ResizeGlyphSet(GlyphSetPtr glyphSet, CARD32 change);
diff --git a/render/render.c b/render/render.c
index 29c5055c6..fe5e37dd9 100644
--- a/render/render.c
+++ b/render/render.c
@@ -1076,6 +1076,7 @@ ProcRenderAddGlyphs(ClientPtr client)
if (glyph_new->glyph && glyph_new->glyph != DeletedGlyph) {
glyph_new->found = TRUE;
+ ++glyph_new->glyph->refcnt;
}
else {
GlyphPtr glyph;
@@ -1168,8 +1169,10 @@ ProcRenderAddGlyphs(ClientPtr client)
err = BadAlloc;
goto bail;
}
- for (i = 0; i < nglyphs; i++)
+ for (i = 0; i < nglyphs; i++) {
AddGlyph(glyphSet, glyphs[i].glyph, glyphs[i].id);
+ FreeGlyph(glyphs[i].glyph, glyphSet->fdepth);
+ }
if (glyphsBase != glyphsLocal)
free(glyphsBase);
@@ -1179,9 +1182,13 @@ ProcRenderAddGlyphs(ClientPtr client)
FreePicture((void *) pSrc, 0);
if (pSrcPix)
FreeScratchPixmapHeader(pSrcPix);
- for (i = 0; i < nglyphs; i++)
- if (glyphs[i].glyph && !glyphs[i].found)
- free(glyphs[i].glyph);
+ for (i = 0; i < nglyphs; i++) {
+ if (glyphs[i].glyph) {
+ --glyphs[i].glyph->refcnt;
+ if (!glyphs[i].found)
+ free(glyphs[i].glyph);
+ }
+ }
if (glyphsBase != glyphsLocal)
free(glyphsBase);
return err;
--
2.44.0

42
SOURCES/xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch
View File

@ -1,42 +0,0 @@
From 947bd1b3f4a23565bf10879ec41ba06ebe1e1c76 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 13 Mar 2023 11:08:47 +0100
Subject: [PATCH xserver] composite: Fix use-after-free of the COW
ZDI-CAN-19866/CVE-2023-1393
If a client explicitly destroys the compositor overlay window (aka COW),
we would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.
Make sure to clear the CompScreen pointer to the COW when the latter gets
destroyed explicitly by the client.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
---
composite/compwindow.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/composite/compwindow.c b/composite/compwindow.c
index 4e2494b86..b30da589e 100644
--- a/composite/compwindow.c
+++ b/composite/compwindow.c
@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
ret = (*pScreen->DestroyWindow) (pWin);
cs->DestroyWindow = pScreen->DestroyWindow;
pScreen->DestroyWindow = compDestroyWindow;
+
+ /* Did we just destroy the overlay window? */
+ if (pWin == cs->pOverlayWin)
+ cs->pOverlayWin = NULL;
+
/* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
return ret;
}
--
2.40.0

2
SOURCES/xvnc.service
View File

@ -32,7 +32,7 @@
Description=XVNC Per-Connection Daemon
[Service]
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None -Log *:syslog:30
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
User=nobody
StandardInput=socket
StandardError=syslog

529
SPECS/tigervnc.spec
View File

@ -4,13 +4,13 @@
%global modulename vncsession
Name: tigervnc
Version: 1.12.0
Release: 15%{?dist}
Version: 1.13.1
Release: 8%{?dist}.3
Summary: A TigerVNC remote display system
%global _hardened_build 1
License: GPLv2+
License: GPL-2.0-or-later
URL: http://www.tigervnc.com
Source0: %{name}-%{version}.tar.gz
@ -21,50 +21,79 @@ Source3: 10-libvnc.conf
# Backwards compatibility
Source5: vncserver
# Downstream patches
Patch1: tigervnc-use-gnome-as-default-session.patch
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
# Upstream patches
Patch50: tigervnc-selinux-restore-context-in-case-of-different-policies.patch
Patch51: tigervnc-fix-typo-in-mirror-monitor-detection.patch
Patch52: tigervnc-root-user-selinux-context.patch
Patch53: tigervnc-vncsession-restore-script-systemd-service.patch
# https://github.com/TigerVNC/tigervnc/pull/1513
Patch54: tigervnc-fix-ghost-cursor-in-zaphod-mode.patch
# https://github.com/TigerVNC/tigervnc/pull/1510
Patch55: tigervnc-add-new-keycodes-for-unknown-keysyms.patch
Patch56: tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch
Patch57: tigervnc-selinux-allow-vncsession-create-vnc-directory.patch
Patch50: tigervnc-support-username-alias-in-plainusers.patch
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
# Upstreamable patches
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver120.patch
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
Patch101: 0001-rpath-hack.patch
# CVE-2023-1393 tigervnc: xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Patch110: xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch
# XServer patches
# CVE-2024-0229
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
Patch200: xorg-CVE-2024-0229-followup.patch
Patch201: xorg-CVE-2024-31080.patch
Patch202: xorg-CVE-2024-31081.patch
Patch203: xorg-CVE-2024-31082.patch
Patch204: xorg-CVE-2024-31083.patch
Patch205: xorg-CVE-2024-31083-followup.patch
BuildRequires: make
BuildRequires: gcc-c++
BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
BuildRequires: libXext-devel, xorg-x11-server-source, libXi-devel
BuildRequires: xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel
BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel
BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
BuildRequires: libdrm-devel, libXt-devel, pixman-devel
BuildRequires: systemd, cmake, desktop-file-utils
BuildRequires: libselinux-devel, selinux-policy-devel
BuildRequires: libXfixes-devel, libXdamage-devel, libXrandr-devel
%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
BuildRequires: libXfont2-devel
%else
BuildRequires: libXfont-devel
%endif
BuildRequires: gettext
BuildRequires: cmake
BuildRequires: gnutls-devel
BuildRequires: desktop-file-utils
BuildRequires: libappstream-glib
BuildRequires: libjpeg-turbo-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: zlib-devel
# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support
# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814
BuildRequires: fltk-devel >= 1.3.3
BuildRequires: libX11-devel
BuildRequires: libXext-devel
BuildRequires: libXi-devel
BuildRequires: libXrandr-devel
BuildRequires: libXrender-devel
BuildRequires: pixman-devel
# X11/graphics dependencies
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gettext-autopoint
BuildRequires: libXdamage-devel
BuildRequires: libXdmcp-devel
BuildRequires: libXfixes-devel
BuildRequires: libXfont2-devel
BuildRequires: libXinerama-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
BuildRequires: libdrm-devel
BuildRequires: libtool
BuildRequires: libxkbfile-devel
BuildRequires: libxshmfence-devel
BuildRequires: mesa-libGL-devel
BuildRequires: xorg-x11-font-utils
BuildRequires: xorg-x11-server-devel
BuildRequires: xorg-x11-server-source
BuildRequires: xorg-x11-util-macros
BuildRequires: xorg-x11-xtrans-devel
# SELinux
BuildRequires: libselinux-devel, selinux-policy-devel, systemd
Requires(post): coreutils
Requires(postun):coreutils
@ -102,10 +131,12 @@ X session.
%package server-minimal
Summary: A minimal installation of TigerVNC server
Requires(post): chkconfig
Requires(preun):chkconfig
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(post): systemd
Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
Requires: mesa-dri-drivers, xkeyboard-config, xkbcomp
Requires: tigervnc-license, dbus-x11
%description server-minimal
@ -164,20 +195,23 @@ for all in `find . -type f -perm -001`; do
done
%patch100 -p1 -b .xserver120-rebased
%patch101 -p1 -b .rpath
%patch110 -p1 -b .composite-Fix-use-after-free-of-the-COW
%patch200 -p1 -b .xorg-CVE-2024-0229-followup
%patch201 -p1 -b .xorg-CVE-2024-31080.patch
%patch202 -p1 -b .xorg-CVE-2024-31081.patch
%patch203 -p1 -b .xorg-CVE-2024-31082.patch
%patch204 -p1 -b .xorg-CVE-2024-31083.patch
%patch205 -p1 -b .xorg-CVE-2024-31083-followup.patch
popd
%patch1 -p1 -b .use-gnome-as-default-session
%patch2 -p1 -b .vncsession-restore-script-systemd-service
# Upstream patches
%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies
%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection
%patch52 -p1 -b .root-user-selinux-context
%patch53 -p1 -b .vncsession-restore-script-systemd-service
%patch54 -p1 -b .fix-ghost-cursor-in-zaphod-mode
%patch55 -p1 -b .add-new-keycodes-for-unknown-keysyms
%patch56 -p1 -b .sanity-check-when-cleaning-up-keymap-changes
%patch57 -p1 -b .selinux-allow-vncsession-create-vnc-directory
%patch50 -p1 -b .support-username-alias-in-plainusers
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
# Upstreamable patches
%patch80 -p1 -b .dont-get-pointer-position-for-floating-device
%build
%ifarch sparcv9 sparc64 s390 s390x
@ -185,12 +219,22 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
%else
export CFLAGS="$RPM_OPT_FLAGS -fpic"
%endif
export CXXFLAGS="$CFLAGS"
export CXXFLAGS="$CFLAGS -std=c++11"
%{cmake} .
make %{?_smp_mflags}
%define __cmake_builddir %{_target_platform}
mkdir -p %{%__cmake_builddir}
%cmake
%cmake_build
pushd unix/xserver
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
sed -i 's@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}/%{_target_platform}@g' hw/vnc/Makefile.am
%endif
autoreconf -fiv
%configure \
--disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
@ -213,7 +257,11 @@ make %{?_smp_mflags}
popd
# Build icons
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
pushd %{_target_platform}/media
%else
pushd media
%endif
make
popd
@ -222,19 +270,19 @@ pushd unix/vncserver/selinux
make
popd
%install
%make_install
%cmake_install
rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
pushd unix/xserver/hw/vnc
make install DESTDIR=%{buildroot}
%make_install
popd
# Install systemd unit file
pushd unix/vncserver/selinux
make install DESTDIR=%{buildroot}
popd
# Install systemd unit file
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
@ -243,12 +291,26 @@ install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
pushd media/icons
for s in 16 24 48; do
for s in 16 22 24 32 48 64 128; do
install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png
done
popd
appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml
desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop
%if 0%{?rhel} > 9
# Install a replacement for /usr/bin/vncserver which will tell the user to read the
# HOWTO.md file
cat <<EOF > %{buildroot}/%{_bindir}/vncserver
#!/bin/bash
echo "vncserver has been replaced by a systemd unit."
echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
EOF
chmod +x %{buildroot}/%{_bindir}/vncserver
%else
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
%endif
%find_lang %{name} %{name}.lang
@ -259,15 +321,14 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%post server
%systemd_post xvnc.service
%systemd_post xvnc@.service
%systemd_post xvnc.socket
%preun server
%systemd_preun xvnc.service
%systemd_preun xvnc.socket
%postun server
%systemd_postun xvnc.service
%systemd_postun xvnc@.service
%systemd_postun xvnc.socket
%pre selinux
@ -289,6 +350,7 @@ fi
%{_bindir}/vncviewer
%{_datadir}/applications/*
%{_mandir}/man1/vncviewer.1*
%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml
%files server
%config(noreplace) %{_sysconfdir}/pam.d/tigervnc
@ -298,8 +360,8 @@ fi
%{_unitdir}/vncserver@.service
%{_unitdir}/xvnc@.service
%{_unitdir}/xvnc.socket
%{_bindir}/x0vncserver
%{_bindir}/vncserver
%{_bindir}/x0vncserver
%{_sbindir}/vncsession
%{_libexecdir}/vncserver
%{_libexecdir}/vncsession-start
@ -319,7 +381,7 @@ fi
%files server-module
%{_libdir}/xorg/modules/extensions/libvnc.so
%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%files license
%{_docdir}/tigervnc/LICENCE.TXT
@ -329,214 +391,275 @@ fi
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog
*Mon Mar 27 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-15
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Resolves: bz#2180305
* Tue Apr 16 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8.3
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Resolves: RHEL-30756
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
Resolves: RHEL-30768
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Resolves: RHEL-30762
* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-14
* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20533
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20389
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20383
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20533
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21213
* Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
- Use dup() to get available file descriptor when using -inetd option
Resolves: RHEL-19858
* Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18414
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18426
* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15237
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15249
* Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
- Support username alias in PlainUsers
Resolves: RHEL-8430
* Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
Escalation Vulnerability
Resolves: bz#2180310
* Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
- 1.13.1
Resolves: bz#2175732
* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
- SELinux: allow vncsession create .vnc directory
Resolves: bz#2164704
Resolves: bz#2164703
* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-13
* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-11
- Add sanity check when cleaning up keymap changes
Resolves: bz#2169960
Resolves: bz#2169965
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
Resolves: bz#2167058
Resolves: bz#2167061
* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-11
* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-9
- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
- Rebuild for xorg-x11-server CVEs
Resolves: CVE-2022-4283 (bz#2154233)
Resolves: CVE-2022-46340 (bz#2154220)
Resolves: CVE-2022-46341 (bz#2154223)
Resolves: CVE-2022-46342 (bz#2154225)
Resolves: CVE-2022-46343 (bz#2154227)
Resolves: CVE-2022-46344 (bz#2154229)
Resolves: CVE-2022-4283 (bz#2154234)
Resolves: CVE-2022-46340 (bz#2154221)
Resolves: CVE-2022-46341 (bz#2154224)
Resolves: CVE-2022-46342 (bz#2154226)
Resolves: CVE-2022-46343 (bz#2154228)
Resolves: CVE-2022-46344 (bz#2154230)
* Thu Dec 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
- Bump build version to fix upgrade path
Resolves: bz#1437569
* Fri Nov 18 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
- x0vncserver: add new keysym in case we don't find matching keycode
Resolves: bz#1437569
+ actually apply the patch
Resolves: bz#2119017
* Wed Aug 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
- x0vncserver: add new keysym in case we don't find matching keycode
Resolves: bz#2119017
* Mon Oct 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
- x0vncserver: fix ghost cursor in zaphod mode (better version)
Resolves: bz#2109679
Resolves: bz#2119016
* Wed Aug 17 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
- x0vncserver: fix ghost cursor in zaphod mode
Resolves: bz#2109679
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
- Add BR: libXdamage, libXfixes, libXrandr
Resolves: bz#2091833
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
- BR: libXdamage, libXfixes, libXrandr
Resolves: bz#2088733
* Tue Apr 05 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
- Do not run systemd_preun on Xvnc service file
Resolves: bz#2048011
* Tue Feb 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
* Mon Apr 04 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
- Drop unexisting option from the old vncserver script
Resolves: bz#2021893
* Wed Mar 23 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
- 1.12.0 + sync with Fedora
Resolves: bz#2048011
Resolves: bz#2021893
* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
- Added vncsession-restore script for SELinux policy migration
Fix SELinux context for root user
Resolves: bz#2021892
Resolves: bz#2049506
* Fri Jan 21 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
- Fix crash in vncviewer
Resolves: bz#2021892
* Fri Nov 26 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-20
- Rebuild for absence in RHEL 9.0
Resolves: bz#1985858
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
- Remove unavailable option from vncserver script
Resolves: bz#2021892
* Mon Aug 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-19
- Sync upstream patches + drop unused patches
Resolves: bz#1985858
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
- 1.12.0
Resolves: bz#2021892
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-18
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-17
- Fix logout from VNC session using vncserver
Resolves: bz#1983706
Resolves: bz#1983704
* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
- Run all SELinux RPM macros on correct package
Resolves: bz#1907963
* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-16
- Bump version for rebuild (binutils)
Resolves: bz#1961488
* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-7
* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-14
- SELinux improvements
Resolves: bz#1907963
Resolves: bz#1961488
* Tue Dec 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
- Use GNOME as default session
Resolves: bz#1853608
- Fix endianness issue on s390x
Resolves: bz#1963029
* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
- Make sure we log properly output to journal (actually log to syslog)
Resolves: bz#1841537
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-13
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
- Make sure we log properly output to journal
Resolves: bz#1841537
* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12
- Include RHEL8 patches
* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
- vncserver: ignore new "session" parameter from the new systemd support
Resolves: bz#1897504
* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11
- Enable old vncserver script for RHEL 9
* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
- Revert removal of vncserver
Resolves: bz#1897504
- Correctly start vncsession as a daemon
Resolves: bz#1897498
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Oct 20 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
- Update to 1.11.0
Resolves: bz#1880985
- Backport fix to allow Tigervnc use boolean values in config files
Resolves: bz#1883415
* Thu Dec 10 07:45:46 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
- vncserver: ignore new session parameter from the new systemd support
* Wed Sep 30 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-8
- Tolerate specifying -BoolParam 0 and similar
Resolves: bz#1883415
* Fri Nov 13 14:08:29 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
- Use /run instead of /var/run which is just a symlink
* Wed Jul 08 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-7
- Enable server module on s390x
Resolves: bz#1854925
* Thu Nov 05 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.11.0-7
- Require xkbcomp directly, not xorg-x11-xkb-utils. The latter has had
Provides xkbcomp for years.
* Fri Jul 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-6
- Remove trailing spaces in user name
Resolves: bz#1852432
* Tue Sep 29 13:12:22 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
- Backport upstream fix allowing Tigervnc to specify boolean valus in configuration
- Revert removal of vncserver for F32 and F33
* Thu Jun 25 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
- Install the HOWTO file to correct location
* Thu Sep 24 07:14:06 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
- Actually install the HOWTO.md file
* Wed Sep 23 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
- Call systemd macros on correct service file
* Tue Sep 22 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
- Do not overwrite libvnc.conf config file
* Thu Sep 17 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
- Add /usr/bin/vncserver file informing users to read the HOWTO.md file
Resolves: bz#1790443
* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-4
- Improve SELinux policy
Resolves: bz#1790443
* Wed Sep 09 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
- 1.11.0
* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-3
- Add a HOWTO.md file with instructions how to start VNC server
Resolves: bz#1790443
* Mon Aug 24 2020 Jan Grulich <jgrulich@redhat.com. - 1.10.90-1
- Update to 1.10.90 (1.11.0 beta)
* Tue May 26 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
- Make the systemd service run also for root user
Resolves: bz#1790443
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-9
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Apr 27 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-7
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 1.10.1-6
- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
* Sun Apr 19 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
- Requires: dbus-x11
Resolves: bz#1825331
* Fri Mar 13 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.10.1-4
- Fix build with xserver 1.20.7
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 13 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
- Build with -std=c++11
* Fri Dec 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
- Update to 1.10.1
Resolves: bz#1806992
- Add proper systemd support
Resolves: bz#1790443
* Tue Dec 10 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-2
- Properly install systemd files
* Tue Jan 28 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-13
- Bump build because of z-stream
Resolves: bz#1671714
* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-1
- Update to 1.10.0
* Wed Dec 11 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-12
- Fix installation of systemd files
Resolves: bz#1671714
* Fri Oct 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.90-1
- Update to 1.9.90 (1.10 beta)
- Add systemd user service file
- Use a wrapper for systemd system service file to workaround systemd limitations
* Wed Nov 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-11
- Use wrapper script to workaround systemd issues
Resolves: bz#1671714
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-10
- Do not return returncode indicating error when running "vncserver -list"
Resolves: bz#1727860
* Fri Jul 19 2019 Dan Horák <dan[at]danny.cz> - 1.9.0-6
- drop the s390x special handling (related #1727029)
* Fri Feb 08 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-9
- Make tigervnc systemd service a user service
Resolves: bz#1639846
* Wed Jun 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
- Add missing arguments to systemd_postun scriptlets
Resolves: bz#1716411
* Mon Jan 21 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-8
- Kill the session automatically only when Gnome is installed
Resolves: bz#1665876
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 20 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-7
- Improve coverity scan fixes
Resolves: bz#1602714
Inform whether view-only password is used or not
Resolves: bz#1639169
Backport fixes from RHEL 7
Resolves: bz#1651254
* Tue Oct 09 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-6
* Tue Sep 25 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
- Do not crash passwd when using malloc perturb checks
Resolves: bz#1637086
* Mon Oct 08 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
- Improve coverity scan fixes
Resolves: bz#1602714
* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-4
- Improve coverity scan fixes
Resolves: bz#1602714
* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
- Fix some coverity scan issues
Resolves: bz#1602714
Resolves: bz#1631483
* Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2
- Remove dependency on initscripts
- Ignore buttons in mouse leave events
Resolves: bz#1609516
* Tue Jul 17 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-1
- Update to 1.9.0 + sync with Fedora
- Update to 1.9.0
* Tue Jun 12 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-10
- Fix GLX initialization with Xorg 1.20
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.90-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 29 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-9
- Build against Xorg 1.20
* Wed Jul 4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.90-2
- Clean up spec: use macros consistenly, drop old sys-v migrations
- Drop ancient obsolete/provides
* Mon May 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-8
- Drop BR: ImageMagick
* Thu Jun 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.90-1
- Update to 1.8.90
* Wed Jun 13 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-10
- Fix tigervnc systemd unit file
Resolves: bz#1583159
* Wed Jun 06 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-9
- Fix GLX initialization with 1.20
* Wed Apr 04 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-8
- Rebuild for xserver 1.20
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild