Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
|
@ -1 +1 @@
|
|||
SOURCES/tigervnc-1.12.0.tar.gz
|
||||
SOURCES/tigervnc-1.13.1.tar.gz
|
||||
|
|
|
@ -1 +1 @@
|
|||
44db63993d8ad04f730b0b48e8aca32933bff15a SOURCES/tigervnc-1.12.0.tar.gz
|
||||
6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
#EndSection
|
||||
|
||||
#Section "Screen"
|
||||
# Identifier "Screen0"
|
||||
# Identifier "Screen0
|
||||
# DefaultDepth 16
|
||||
# Option "SecurityTypes" "VncAuth"
|
||||
# Option "PasswordFile" "/root/.vnc/passwd"
|
||||
|
|
|
@ -1,199 +0,0 @@
|
|||
From ccbd491fa48f1c43daeb1a6c5ee91a1a8fa3db88 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Tue, 9 Aug 2022 14:31:07 +0200
|
||||
Subject: [PATCH] x0vncserver: add new keysym in case we don't find a matching
|
||||
keycode
|
||||
|
||||
We might often fail to find a matching X11 keycode when the client has
|
||||
a different keyboard layout and end up with no key event. To avoid a
|
||||
failure we add it as a new keysym/keycode pair so the next time a keysym
|
||||
from the client that is unknown to the server is send, we will find a
|
||||
match and proceed with key event. This is same behavior used in Xvnc or
|
||||
x11vnc, although Xvnc has more advanced mapping from keysym to keycode.
|
||||
---
|
||||
unix/x0vncserver/XDesktop.cxx | 121 +++++++++++++++++++++++++++++++++-
|
||||
unix/x0vncserver/XDesktop.h | 4 ++
|
||||
2 files changed, 122 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
|
||||
index f2046e43e..933998f05 100644
|
||||
--- a/unix/x0vncserver/XDesktop.cxx
|
||||
+++ b/unix/x0vncserver/XDesktop.cxx
|
||||
@@ -31,6 +31,7 @@
|
||||
#include <x0vncserver/XDesktop.h>
|
||||
|
||||
#include <X11/XKBlib.h>
|
||||
+#include <X11/Xutil.h>
|
||||
#ifdef HAVE_XTEST
|
||||
#include <X11/extensions/XTest.h>
|
||||
#endif
|
||||
@@ -50,6 +51,7 @@ void vncSetGlueContext(Display *dpy, void *res);
|
||||
#include <x0vncserver/Geometry.h>
|
||||
#include <x0vncserver/XPixelBuffer.h>
|
||||
|
||||
+using namespace std;
|
||||
using namespace rfb;
|
||||
|
||||
extern const unsigned short code_map_qnum_to_xorgevdev[];
|
||||
@@ -264,6 +266,9 @@ void XDesktop::start(VNCServer* vs) {
|
||||
void XDesktop::stop() {
|
||||
running = false;
|
||||
|
||||
+ // Delete added keycodes
|
||||
+ deleteAddedKeysyms(dpy);
|
||||
+
|
||||
#ifdef HAVE_XDAMAGE
|
||||
if (haveDamage)
|
||||
XDamageDestroy(dpy, damage);
|
||||
@@ -383,6 +388,118 @@ KeyCode XDesktop::XkbKeysymToKeycode(Display* dpy, KeySym keysym) {
|
||||
}
|
||||
#endif
|
||||
|
||||
+KeyCode XDesktop::addKeysym(Display* dpy, KeySym keysym)
|
||||
+{
|
||||
+ int types[1];
|
||||
+ unsigned int key;
|
||||
+ XkbDescPtr xkb;
|
||||
+ XkbMapChangesRec changes;
|
||||
+ KeySym *syms;
|
||||
+ KeySym upper, lower;
|
||||
+
|
||||
+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
|
||||
+
|
||||
+ if (!xkb)
|
||||
+ return 0;
|
||||
+
|
||||
+ for (key = xkb->max_key_code; key >= xkb->min_key_code; key--) {
|
||||
+ if (XkbKeyNumGroups(xkb, key) == 0)
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (key < xkb->min_key_code)
|
||||
+ return 0;
|
||||
+
|
||||
+ memset(&changes, 0, sizeof(changes));
|
||||
+
|
||||
+ XConvertCase(keysym, &lower, &upper);
|
||||
+
|
||||
+ if (upper == lower)
|
||||
+ types[XkbGroup1Index] = XkbOneLevelIndex;
|
||||
+ else
|
||||
+ types[XkbGroup1Index] = XkbAlphabeticIndex;
|
||||
+
|
||||
+ XkbChangeTypesOfKey(xkb, key, 1, XkbGroup1Mask, types, &changes);
|
||||
+
|
||||
+ syms = XkbKeySymsPtr(xkb,key);
|
||||
+ if (upper == lower)
|
||||
+ syms[0] = keysym;
|
||||
+ else {
|
||||
+ syms[0] = lower;
|
||||
+ syms[1] = upper;
|
||||
+ }
|
||||
+
|
||||
+ changes.changed |= XkbKeySymsMask;
|
||||
+ changes.first_key_sym = key;
|
||||
+ changes.num_key_syms = 1;
|
||||
+
|
||||
+ if (XkbChangeMap(dpy, xkb, &changes)) {
|
||||
+ vlog.info("Added unknown keysym %s to keycode %d", XKeysymToString(keysym), key);
|
||||
+ addedKeysyms[keysym] = key;
|
||||
+ return key;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void XDesktop::deleteAddedKeysyms(Display* dpy) {
|
||||
+ XkbDescPtr xkb;
|
||||
+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
|
||||
+
|
||||
+ if (!xkb)
|
||||
+ return;
|
||||
+
|
||||
+ XkbMapChangesRec changes;
|
||||
+ memset(&changes, 0, sizeof(changes));
|
||||
+
|
||||
+ KeyCode lowestKeyCode = xkb->max_key_code;
|
||||
+ KeyCode highestKeyCode = xkb->min_key_code;
|
||||
+ std::map<KeySym, KeyCode>::iterator it;
|
||||
+ for (it = addedKeysyms.begin(); it != addedKeysyms.end(); it++) {
|
||||
+ if (XkbKeyNumGroups(xkb, it->second) != 0) {
|
||||
+ // Check if we are removing keysym we added ourself
|
||||
+ if (XkbKeysymToKeycode(dpy, it->first) != it->second)
|
||||
+ continue;
|
||||
+
|
||||
+ XkbChangeTypesOfKey(xkb, it->second, 0, XkbGroup1Mask, NULL, &changes);
|
||||
+
|
||||
+ if (it->second < lowestKeyCode)
|
||||
+ lowestKeyCode = it->second;
|
||||
+
|
||||
+ if (it->second > highestKeyCode)
|
||||
+ highestKeyCode = it->second;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ changes.changed |= XkbKeySymsMask;
|
||||
+ changes.first_key_sym = lowestKeyCode;
|
||||
+ changes.num_key_syms = highestKeyCode - lowestKeyCode + 1;
|
||||
+ XkbChangeMap(dpy, xkb, &changes);
|
||||
+
|
||||
+ addedKeysyms.clear();
|
||||
+}
|
||||
+
|
||||
+KeyCode XDesktop::keysymToKeycode(Display* dpy, KeySym keysym) {
|
||||
+ int keycode = 0;
|
||||
+
|
||||
+ // XKeysymToKeycode() doesn't respect state, so we have to use
|
||||
+ // something slightly more complex
|
||||
+ keycode = XkbKeysymToKeycode(dpy, keysym);
|
||||
+
|
||||
+ if (keycode != 0)
|
||||
+ return keycode;
|
||||
+
|
||||
+ // TODO: try to further guess keycode with all possible mods as Xvnc does
|
||||
+
|
||||
+ keycode = addKeysym(dpy, keysym);
|
||||
+
|
||||
+ if (keycode == 0)
|
||||
+ vlog.error("Failure adding new keysym 0x%lx", keysym);
|
||||
+
|
||||
+ return keycode;
|
||||
+}
|
||||
+
|
||||
+
|
||||
void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
|
||||
#ifdef HAVE_XTEST
|
||||
int keycode = 0;
|
||||
@@ -398,9 +515,7 @@ void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
|
||||
if (pressedKeys.find(keysym) != pressedKeys.end())
|
||||
keycode = pressedKeys[keysym];
|
||||
else {
|
||||
- // XKeysymToKeycode() doesn't respect state, so we have to use
|
||||
- // something slightly more complex
|
||||
- keycode = XkbKeysymToKeycode(dpy, keysym);
|
||||
+ keycode = keysymToKeycode(dpy, keysym);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.h b/unix/x0vncserver/XDesktop.h
|
||||
index 840d43316..6ebcd9f8a 100644
|
||||
--- a/unix/x0vncserver/XDesktop.h
|
||||
+++ b/unix/x0vncserver/XDesktop.h
|
||||
@@ -55,6 +55,9 @@ class XDesktop : public rfb::SDesktop,
|
||||
const char* userName);
|
||||
virtual void pointerEvent(const rfb::Point& pos, int buttonMask);
|
||||
KeyCode XkbKeysymToKeycode(Display* dpy, KeySym keysym);
|
||||
+ KeyCode addKeysym(Display* dpy, KeySym keysym);
|
||||
+ void deleteAddedKeysyms(Display* dpy);
|
||||
+ KeyCode keysymToKeycode(Display* dpy, KeySym keysym);
|
||||
virtual void keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down);
|
||||
virtual void clientCutText(const char* str);
|
||||
virtual unsigned int setScreenLayout(int fb_width, int fb_height,
|
||||
@@ -78,6 +81,7 @@ class XDesktop : public rfb::SDesktop,
|
||||
bool haveXtest;
|
||||
bool haveDamage;
|
||||
int maxButtons;
|
||||
+ std::map<KeySym, KeyCode> addedKeysyms;
|
||||
std::map<KeySym, KeyCode> pressedKeys;
|
||||
bool running;
|
||||
#ifdef HAVE_XDAMAGE
|
|
@ -0,0 +1,13 @@
|
|||
diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
|
||||
index b3d0926d..d36a096f 100644
|
||||
--- a/unix/xserver/hw/vnc/vncInput.c
|
||||
+++ b/unix/xserver/hw/vnc/vncInput.c
|
||||
@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
|
||||
|
||||
void vncGetPointerPos(int *x, int *y)
|
||||
{
|
||||
- if (vncPointerDev != NULL) {
|
||||
+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
|
||||
ScreenPtr ptrScreen;
|
||||
|
||||
miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);
|
|
@ -1,117 +0,0 @@
|
|||
From f783d5c8b567199178b6690f347e060a69d2aa36 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Thu, 11 Aug 2022 13:15:29 +0200
|
||||
Subject: [PATCH] x0vncserver: update/display cursor only on correct screen in
|
||||
zaphod mode
|
||||
|
||||
We have to check whether we update cursor position/shape only in case
|
||||
the cursor is on our display, otherwise in zaphod mode, ie. when having
|
||||
two instances of x0vncserver on screens :0.0 and :0.1 we would be having
|
||||
the cursor duplicated and actually not funcional (aka ghost cursor) as
|
||||
it would be actually not present. We also additionally watch EnterNotify
|
||||
and LeaveNotify events in order to show/hide cursor accordingly.
|
||||
|
||||
Change made with help from Olivier Fourdan <ofourdan@redhat.com>
|
||||
---
|
||||
unix/x0vncserver/XDesktop.cxx | 60 +++++++++++++++++++++++++++++++----
|
||||
1 file changed, 53 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
|
||||
index f2046e43e..f07fd78bf 100644
|
||||
--- a/unix/x0vncserver/XDesktop.cxx
|
||||
+++ b/unix/x0vncserver/XDesktop.cxx
|
||||
@@ -192,7 +192,8 @@ XDesktop::XDesktop(Display* dpy_, Geometry *geometry_)
|
||||
RRScreenChangeNotifyMask | RRCrtcChangeNotifyMask);
|
||||
/* Override TXWindow::init input mask */
|
||||
XSelectInput(dpy, DefaultRootWindow(dpy),
|
||||
- PropertyChangeMask | StructureNotifyMask | ExposureMask);
|
||||
+ PropertyChangeMask | StructureNotifyMask |
|
||||
+ ExposureMask | EnterWindowMask | LeaveWindowMask);
|
||||
} else {
|
||||
#endif
|
||||
vlog.info("RANDR extension not present");
|
||||
@@ -217,11 +218,13 @@ void XDesktop::poll() {
|
||||
Window root, child;
|
||||
int x, y, wx, wy;
|
||||
unsigned int mask;
|
||||
- XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
- &x, &y, &wx, &wy, &mask);
|
||||
- x -= geometry->offsetLeft();
|
||||
- y -= geometry->offsetTop();
|
||||
- server->setCursorPos(rfb::Point(x, y), false);
|
||||
+
|
||||
+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
+ &x, &y, &wx, &wy, &mask)) {
|
||||
+ x -= geometry->offsetLeft();
|
||||
+ y -= geometry->offsetTop();
|
||||
+ server->setCursorPos(rfb::Point(x, y), false);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -253,7 +256,14 @@ void XDesktop::start(VNCServer* vs) {
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_XFIXES
|
||||
- setCursor();
|
||||
+ Window root, child;
|
||||
+ int x, y, wx, wy;
|
||||
+ unsigned int mask;
|
||||
+ // Check whether the cursor is initially on our screen
|
||||
+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
+ &x, &y, &wx, &wy, &mask))
|
||||
+ setCursor();
|
||||
+
|
||||
#endif
|
||||
|
||||
server->setLEDState(ledState);
|
||||
@@ -701,6 +711,15 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
|
||||
if (cev->subtype != XFixesDisplayCursorNotify)
|
||||
return false;
|
||||
|
||||
+ Window root, child;
|
||||
+ int x, y, wx, wy;
|
||||
+ unsigned int mask;
|
||||
+
|
||||
+ // Check whether the cursor is initially on our screen
|
||||
+ if (!XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
|
||||
+ &x, &y, &wx, &wy, &mask))
|
||||
+ return false;
|
||||
+
|
||||
return setCursor();
|
||||
#endif
|
||||
#ifdef HAVE_XRANDR
|
||||
@@ -753,6 +772,33 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
|
||||
|
||||
return true;
|
||||
#endif
|
||||
+#ifdef HAVE_XFIXES
|
||||
+ } else if (ev->type == EnterNotify) {
|
||||
+ XCrossingEvent* cev;
|
||||
+
|
||||
+ if (!running)
|
||||
+ return true;
|
||||
+
|
||||
+ cev = (XCrossingEvent*)ev;
|
||||
+
|
||||
+ if (cev->window != cev->root)
|
||||
+ return false;
|
||||
+
|
||||
+ return setCursor();
|
||||
+ } else if (ev->type == LeaveNotify) {
|
||||
+ XCrossingEvent* cev;
|
||||
+
|
||||
+ if (!running)
|
||||
+ return true;
|
||||
+
|
||||
+ cev = (XCrossingEvent*)ev;
|
||||
+
|
||||
+ if (cev->window == cev->root)
|
||||
+ return false;
|
||||
+
|
||||
+ server->setCursor(0, 0, Point(), NULL);
|
||||
+ return true;
|
||||
+#endif
|
||||
}
|
||||
|
||||
return false;
|
|
@ -1,34 +0,0 @@
|
|||
From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001
|
||||
From: Pierre Ossman <ossman@cendio.se>
|
||||
Date: Thu, 23 Dec 2021 15:58:00 +0100
|
||||
Subject: [PATCH] Fix typo in mirror monitor detection
|
||||
|
||||
Bug introduced in fb561eb but still somehow passed manual testing.
|
||||
Resulted in some stray reads off the end of the stack, which were
|
||||
hopefully harmless.
|
||||
---
|
||||
vncviewer/MonitorIndicesParameter.cxx | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx
|
||||
index 5130831cb..4ac74dd1a 100644
|
||||
--- a/vncviewer/MonitorIndicesParameter.cxx
|
||||
+++ b/vncviewer/MonitorIndicesParameter.cxx
|
||||
@@ -211,13 +211,13 @@ std::vector<MonitorIndicesParameter::Monitor> MonitorIndicesParameter::fetchMoni
|
||||
// Only keep a single entry for mirrored screens
|
||||
match = false;
|
||||
for (int j = 0; j < ((int) monitors.size()); j++) {
|
||||
- if (monitors[i].x != monitor.x)
|
||||
+ if (monitors[j].x != monitor.x)
|
||||
continue;
|
||||
- if (monitors[i].y != monitor.y)
|
||||
+ if (monitors[j].y != monitor.y)
|
||||
continue;
|
||||
- if (monitors[i].w != monitor.w)
|
||||
+ if (monitors[j].w != monitor.w)
|
||||
continue;
|
||||
- if (monitors[i].h != monitor.h)
|
||||
+ if (monitors[j].h != monitor.h)
|
||||
continue;
|
||||
|
||||
match = true;
|
|
@ -1,25 +0,0 @@
|
|||
From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Pytela <zpytela@redhat.com>
|
||||
Date: Mon, 7 Feb 2022 10:45:41 +0100
|
||||
Subject: [PATCH] SELinux: use /root/.vnc in file context specification
|
||||
|
||||
Instead of HOME_ROOT/.vnc, /root/.vnc should be used
|
||||
for user root's home to specify default file context
|
||||
as HOME_ROOT actually means base for home dirs (usually /home).
|
||||
---
|
||||
unix/vncserver/selinux/vncsession.fc | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
|
||||
index 6aaf4b1f4..bc81f8f25 100644
|
||||
--- a/unix/vncserver/selinux/vncsession.fc
|
||||
+++ b/unix/vncserver/selinux/vncsession.fc
|
||||
@@ -18,7 +18,7 @@
|
||||
#
|
||||
|
||||
HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||
-HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||
+/root/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||
|
||||
/usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
||||
/usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
|
@ -1,28 +0,0 @@
|
|||
From 774c6bcf33b5c9b94c1ff12895775e77c555decc Mon Sep 17 00:00:00 2001
|
||||
From: Pierre Ossman <ossman@cendio.se>
|
||||
Date: Thu, 9 Feb 2023 11:30:37 +0100
|
||||
Subject: [PATCH] Sanity check when cleaning up keymap changes
|
||||
|
||||
Make sure we don't send a bogus request to the X server in the (common)
|
||||
case that we don't actually have anything to restore.
|
||||
|
||||
(cherry picked from commit 1e3484f2017f038dd5149cd50741feaf39a680e4)
|
||||
---
|
||||
unix/x0vncserver/XDesktop.cxx | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
|
||||
index d5c6b2db9..f9c810968 100644
|
||||
--- a/unix/x0vncserver/XDesktop.cxx
|
||||
+++ b/unix/x0vncserver/XDesktop.cxx
|
||||
@@ -481,6 +481,10 @@ void XDesktop::deleteAddedKeysyms(Display* dpy) {
|
||||
}
|
||||
}
|
||||
|
||||
+ // Did we actually find something to remove?
|
||||
+ if (highestKeyCode < lowestKeyCode)
|
||||
+ return;
|
||||
+
|
||||
changes.changed |= XkbKeySymsMask;
|
||||
changes.first_key_sym = lowestKeyCode;
|
||||
changes.num_key_syms = highestKeyCode - lowestKeyCode + 1;
|
|
@ -1,31 +0,0 @@
|
|||
From 717d787de8f913070446444e37d552b51f05515e Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Pytela <zpytela@redhat.com>
|
||||
Date: Mon, 16 Jan 2023 12:35:40 +0100
|
||||
Subject: [PATCH] SELinux: Allow vncsession create ~/.vnc directory
|
||||
|
||||
Addresses the following AVC denial:
|
||||
|
||||
type=PROCTITLE msg=audit(01/12/2023 02:58:12.648:696) : proctitle=/usr/sbin/vncsession fedora :1
|
||||
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=1 name=/home/fedora/.vnc nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
|
||||
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=0 name=/home/fedora/ inode=262145 dev=fc:02 mode=dir,700 ouid=fedora ogid=fedora rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
|
||||
type=CWD msg=audit(01/12/2023 02:58:12.648:696) : cwd=/home/fedora
|
||||
type=SYSCALL msg=audit(01/12/2023 02:58:12.648:696) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x7fff47d52540 a1=0755 a2=0x0 a3=0x0 items=2 ppid=2869 pid=2880 auid=fedora uid=fedora gid=fedora euid=fedora suid=fedora fsuid=fedora egid=fedora sgid=fedora fsgid=fedora tty=(none) ses=8 comm=vncsession exe=/usr/sbin/vncsession subj=system_u:system_r:vnc_session_t:s0 key=(null)
|
||||
type=AVC msg=audit(01/12/2023 02:58:12.648:696) : avc: denied { create } for pid=2880 comm=vncsession name=.vnc scontext=system_u:system_r:vnc_session_t:s0 tcontext=system_u:object_r:vnc_home_t:s0 tclass=dir permissive=0
|
||||
|
||||
Resolves: rhbz#2143704
|
||||
---
|
||||
unix/vncserver/selinux/vncsession.te | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
||||
index fb966c14b..680be8ea1 100644
|
||||
--- a/unix/vncserver/selinux/vncsession.te
|
||||
+++ b/unix/vncserver/selinux/vncsession.te
|
||||
@@ -37,6 +37,7 @@ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
|
||||
allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
|
||||
files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
|
||||
|
||||
+create_dirs_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
manage_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
manage_fifo_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
||||
manage_sock_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)
|
|
@ -1,81 +0,0 @@
|
|||
From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Thu, 11 Nov 2021 13:52:41 +0100
|
||||
Subject: [PATCH] SELinux: restore SELinux context in case of different
|
||||
policies
|
||||
|
||||
---
|
||||
CMakeLists.txt | 13 +++++++++++++
|
||||
unix/vncserver/CMakeLists.txt | 2 +-
|
||||
unix/vncserver/vncsession.c | 16 ++++++++++++++++
|
||||
3 files changed, 30 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 50247c7da..1708eb3d8 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
+# Check for SELinux library
|
||||
+if(UNIX AND NOT APPLE)
|
||||
+ check_include_files(selinux/selinux.h HAVE_SELINUX_H)
|
||||
+ if(HAVE_SELINUX_H)
|
||||
+ set(CMAKE_REQUIRED_LIBRARIES -lselinux)
|
||||
+ set(CMAKE_REQUIRED_LIBRARIES)
|
||||
+ set(SELINUX_LIBS selinux)
|
||||
+ add_definitions("-DHAVE_SELINUX")
|
||||
+ else()
|
||||
+ message(WARNING "Could not find SELinux development files")
|
||||
+ endif()
|
||||
+endif()
|
||||
+
|
||||
# Generate config.h and make sure the source finds it
|
||||
configure_file(config.h.in config.h)
|
||||
add_definitions(-DHAVE_CONFIG_H)
|
||||
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
|
||||
index f65ccc7db..ae69dc098 100644
|
||||
--- a/unix/vncserver/CMakeLists.txt
|
||||
+++ b/unix/vncserver/CMakeLists.txt
|
||||
@@ -1,5 +1,5 @@
|
||||
add_executable(vncsession vncsession.c)
|
||||
-target_link_libraries(vncsession ${PAM_LIBS})
|
||||
+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
|
||||
|
||||
configure_file(vncserver@.service.in vncserver@.service @ONLY)
|
||||
configure_file(vncsession-start.in vncsession-start @ONLY)
|
||||
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
|
||||
index 3573e5e9b..f6d2fd59e 100644
|
||||
--- a/unix/vncserver/vncsession.c
|
||||
+++ b/unix/vncserver/vncsession.c
|
||||
@@ -37,6 +37,11 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
+#ifdef HAVE_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/restorecon.h>
|
||||
+#endif
|
||||
+
|
||||
extern char **environ;
|
||||
|
||||
// PAM service name
|
||||
@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display)
|
||||
syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
|
||||
_exit(EX_OSERR);
|
||||
}
|
||||
+
|
||||
+#ifdef HAVE_SELINUX
|
||||
+ int result;
|
||||
+ if (selinux_file_context_verify(logfile, 0) == 0) {
|
||||
+ result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
|
||||
+
|
||||
+ if (result < 0) {
|
||||
+ syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
|
||||
hostlen = sysconf(_SC_HOST_NAME_MAX);
|
|
@ -0,0 +1,135 @@
|
|||
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
|
||||
index 6f65e87..3142ba3 100644
|
||||
--- a/common/rfb/SSecurityPlain.cxx
|
||||
+++ b/common/rfb/SSecurityPlain.cxx
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <rdr/InStream.h>
|
||||
#if !defined(WIN32) && !defined(__APPLE__)
|
||||
#include <rfb/UnixPasswordValidator.h>
|
||||
+#include <unistd.h>
|
||||
+#include <pwd.h>
|
||||
#endif
|
||||
#ifdef WIN32
|
||||
#include <rfb/WinPasswdValidator.h>
|
||||
@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
|
||||
|
||||
bool PasswordValidator::validUser(const char* username)
|
||||
{
|
||||
- CharArray users(plainUsers.getValueStr()), user;
|
||||
+ std::vector<std::string> users;
|
||||
|
||||
- while (users.buf) {
|
||||
- strSplit(users.buf, ',', &user.buf, &users.buf);
|
||||
-#ifdef WIN32
|
||||
- if (0 == stricmp(user.buf, "*"))
|
||||
- return true;
|
||||
- if (0 == stricmp(user.buf, username))
|
||||
- return true;
|
||||
-#else
|
||||
- if (!strcmp(user.buf, "*"))
|
||||
- return true;
|
||||
- if (!strcmp(user.buf, username))
|
||||
- return true;
|
||||
+ users = split(plainUsers, ',');
|
||||
+
|
||||
+ for (size_t i = 0; i < users.size(); i++) {
|
||||
+ if (users[i] == "*")
|
||||
+ return true;
|
||||
+#if !defined(WIN32) && !defined(__APPLE__)
|
||||
+ if (users[i] == "%u") {
|
||||
+ struct passwd *pw = getpwnam(username);
|
||||
+ if (pw && pw->pw_uid == getuid())
|
||||
+ return true;
|
||||
+ }
|
||||
#endif
|
||||
+ if (users[i] == username)
|
||||
+ return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
|
||||
index 649eb0b..cce73a0 100644
|
||||
--- a/common/rfb/util.cxx
|
||||
+++ b/common/rfb/util.cxx
|
||||
@@ -99,6 +99,26 @@ namespace rfb {
|
||||
return false;
|
||||
}
|
||||
|
||||
+ std::vector<std::string> split(const char* src,
|
||||
+ const char delimiter)
|
||||
+ {
|
||||
+ std::vector<std::string> out;
|
||||
+ const char *start, *stop;
|
||||
+
|
||||
+ start = src;
|
||||
+ do {
|
||||
+ stop = strchr(start, delimiter);
|
||||
+ if (stop == NULL) {
|
||||
+ out.push_back(start);
|
||||
+ } else {
|
||||
+ out.push_back(std::string(start, stop-start));
|
||||
+ start = stop + 1;
|
||||
+ }
|
||||
+ } while (stop != NULL);
|
||||
+
|
||||
+ return out;
|
||||
+ }
|
||||
+
|
||||
bool strContains(const char* src, char c) {
|
||||
int l=strlen(src);
|
||||
for (int i=0; i<l; i++)
|
||||
diff --git a/common/rfb/util.h b/common/rfb/util.h
|
||||
index f0ac9ef..ed15c28 100644
|
||||
--- a/common/rfb/util.h
|
||||
+++ b/common/rfb/util.h
|
||||
@@ -27,6 +27,9 @@
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
+#include <string>
|
||||
+#include <vector>
|
||||
+
|
||||
struct timeval;
|
||||
|
||||
#ifdef __GNUC__
|
||||
@@ -76,6 +79,10 @@ namespace rfb {
|
||||
// that part of the string. Obviously, setting both to 0 is not useful...
|
||||
bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
|
||||
|
||||
+ // Splits a string with the specified delimiter
|
||||
+ std::vector<std::string> split(const char* src,
|
||||
+ const char delimiter);
|
||||
+
|
||||
// Returns true if src contains c
|
||||
bool strContains(const char* src, char c);
|
||||
|
||||
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
|
||||
index c36ae34..78db730 100644
|
||||
--- a/unix/x0vncserver/x0vncserver.man
|
||||
+++ b/unix/x0vncserver/x0vncserver.man
|
||||
@@ -125,8 +125,8 @@ parameter instead.
|
||||
.B \-PlainUsers \fIuser-list\fP
|
||||
A comma separated list of user names that are allowed to authenticate via
|
||||
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
|
||||
-to allow any user to authenticate using this security type. Default is to
|
||||
-deny all users.
|
||||
+to allow any user to authenticate using this security type. Specify \fB%u\fP
|
||||
+to allow the user of the server process. Default is to deny all users.
|
||||
.
|
||||
.TP
|
||||
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
|
||||
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
|
||||
index ea87dea..e9fb654 100644
|
||||
--- a/unix/xserver/hw/vnc/Xvnc.man
|
||||
+++ b/unix/xserver/hw/vnc/Xvnc.man
|
||||
@@ -200,8 +200,8 @@ parameter instead.
|
||||
.B \-PlainUsers \fIuser-list\fP
|
||||
A comma separated list of user names that are allowed to authenticate via
|
||||
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
|
||||
-to allow any user to authenticate using this security type. Default is to
|
||||
-deny all users.
|
||||
+to allow any user to authenticate using this security type. Specify \fB%u\fP
|
||||
+to allow the user of the server process. Default is to deny all users.
|
||||
.
|
||||
.TP
|
||||
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
|
|
@ -0,0 +1,17 @@
|
|||
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
|
||||
index f8141959..c5c36539 100644
|
||||
--- a/unix/xserver/hw/vnc/xvnc.c
|
||||
+++ b/unix/xserver/hw/vnc/xvnc.c
|
||||
@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
|
||||
if (strcmp(argv[i], "-inetd") == 0) {
|
||||
int nullfd;
|
||||
|
||||
- dup2(0, 3);
|
||||
- vncInetdSock = 3;
|
||||
+ if ((vncInetdSock = dup(0)) == -1)
|
||||
+ FatalError
|
||||
+ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
|
||||
+
|
||||
|
||||
/* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
|
||||
replaced by /dev/null by OsInit() because the pollfd is not
|
|
@ -121,7 +121,7 @@ if ($fontPath eq "") {
|
|||
# Check command line options
|
||||
|
||||
&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
|
||||
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);
|
||||
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0);
|
||||
|
||||
&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});
|
||||
|
||||
|
@ -168,8 +168,13 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
|
|||
$displayNumber = $1;
|
||||
shift(@ARGV);
|
||||
if (!&CheckDisplayNumber($displayNumber)) {
|
||||
warn "A VNC server is already running as :$displayNumber\n";
|
||||
$displayNumber = &GetDisplayNumber();
|
||||
if ($opt{'-fallbacktofreeport'}) {
|
||||
warn "A VNC server is already running as :$displayNumber\n";
|
||||
$displayNumber = &GetDisplayNumber();
|
||||
warn "Using port :$displayNumber as fallback\n";
|
||||
} else {
|
||||
die "A VNC server is already running as :$displayNumber\n";
|
||||
}
|
||||
}
|
||||
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
|
||||
&Usage();
|
||||
|
@ -675,6 +680,7 @@ sub Usage
|
|||
" [-autokill]\n".
|
||||
" [-noxstartup]\n".
|
||||
" [-xstartup <file>]\n".
|
||||
" [-fallbacktofreeport]\n".
|
||||
" <Xvnc-options>...\n\n".
|
||||
" $prog -kill <X-display>\n\n".
|
||||
" $prog -list\n\n");
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
|
||||
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Date: Mon, 22 Jan 2024 14:22:12 +1000
|
||||
Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
|
||||
event
|
||||
|
||||
Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
|
||||
---
|
||||
dix/enterleave.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/dix/enterleave.c b/dix/enterleave.c
|
||||
index 7b7ba1098b..c1e6ac600e 100644
|
||||
--- a/dix/enterleave.c
|
||||
+++ b/dix/enterleave.c
|
||||
@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
|
||||
ev->first_valuator = first;
|
||||
switch (ev->num_valuators) {
|
||||
case 6:
|
||||
- ev->valuator2 = v->axisVal[first + 5];
|
||||
+ ev->valuator5 = v->axisVal[first + 5];
|
||||
case 5:
|
||||
- ev->valuator2 = v->axisVal[first + 4];
|
||||
+ ev->valuator4 = v->axisVal[first + 4];
|
||||
case 4:
|
||||
- ev->valuator2 = v->axisVal[first + 3];
|
||||
+ ev->valuator3 = v->axisVal[first + 3];
|
||||
case 3:
|
||||
ev->valuator2 = v->axisVal[first + 2];
|
||||
case 2:
|
||||
--
|
||||
GitLab
|
|
@ -1,42 +0,0 @@
|
|||
From 947bd1b3f4a23565bf10879ec41ba06ebe1e1c76 Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Date: Mon, 13 Mar 2023 11:08:47 +0100
|
||||
Subject: [PATCH xserver] composite: Fix use-after-free of the COW
|
||||
|
||||
ZDI-CAN-19866/CVE-2023-1393
|
||||
|
||||
If a client explicitly destroys the compositor overlay window (aka COW),
|
||||
we would leave a dangling pointer to that window in the CompScreen
|
||||
structure, which will trigger a use-after-free later.
|
||||
|
||||
Make sure to clear the CompScreen pointer to the COW when the latter gets
|
||||
destroyed explicitly by the client.
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
||||
---
|
||||
composite/compwindow.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/composite/compwindow.c b/composite/compwindow.c
|
||||
index 4e2494b86..b30da589e 100644
|
||||
--- a/composite/compwindow.c
|
||||
+++ b/composite/compwindow.c
|
||||
@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
|
||||
ret = (*pScreen->DestroyWindow) (pWin);
|
||||
cs->DestroyWindow = pScreen->DestroyWindow;
|
||||
pScreen->DestroyWindow = compDestroyWindow;
|
||||
+
|
||||
+ /* Did we just destroy the overlay window? */
|
||||
+ if (pWin == cs->pOverlayWin)
|
||||
+ cs->pOverlayWin = NULL;
|
||||
+
|
||||
/* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.40.0
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
Description=XVNC Per-Connection Daemon
|
||||
|
||||
[Service]
|
||||
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None -Log *:syslog:30
|
||||
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
|
||||
User=nobody
|
||||
StandardInput=socket
|
||||
StandardError=syslog
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
%global modulename vncsession
|
||||
|
||||
Name: tigervnc
|
||||
Version: 1.12.0
|
||||
Release: 15%{?dist}
|
||||
Version: 1.13.1
|
||||
Release: 8%{?dist}
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
%global _hardened_build 1
|
||||
|
||||
License: GPLv2+
|
||||
License: GPL-2.0-or-later
|
||||
URL: http://www.tigervnc.com
|
||||
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
@ -21,50 +21,74 @@ Source3: 10-libvnc.conf
|
|||
# Backwards compatibility
|
||||
Source5: vncserver
|
||||
|
||||
# Downstream patches
|
||||
Patch1: tigervnc-use-gnome-as-default-session.patch
|
||||
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
|
||||
|
||||
# Upstream patches
|
||||
Patch50: tigervnc-selinux-restore-context-in-case-of-different-policies.patch
|
||||
Patch51: tigervnc-fix-typo-in-mirror-monitor-detection.patch
|
||||
Patch52: tigervnc-root-user-selinux-context.patch
|
||||
Patch53: tigervnc-vncsession-restore-script-systemd-service.patch
|
||||
# https://github.com/TigerVNC/tigervnc/pull/1513
|
||||
Patch54: tigervnc-fix-ghost-cursor-in-zaphod-mode.patch
|
||||
# https://github.com/TigerVNC/tigervnc/pull/1510
|
||||
Patch55: tigervnc-add-new-keycodes-for-unknown-keysyms.patch
|
||||
Patch56: tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch
|
||||
Patch57: tigervnc-selinux-allow-vncsession-create-vnc-directory.patch
|
||||
Patch50: tigervnc-support-username-alias-in-plainusers.patch
|
||||
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
|
||||
|
||||
# Upstreamable patches
|
||||
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
|
||||
|
||||
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
|
||||
Patch100: tigervnc-xserver120.patch
|
||||
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
||||
Patch101: 0001-rpath-hack.patch
|
||||
|
||||
# CVE-2023-1393 tigervnc: xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
|
||||
Patch110: xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch
|
||||
# XServer patches
|
||||
# CVE-2024-0229
|
||||
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
|
||||
Patch200: xorg-CVE-2024-0229-followup.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
|
||||
BuildRequires: libXext-devel, xorg-x11-server-source, libXi-devel
|
||||
BuildRequires: xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel
|
||||
BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel
|
||||
BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
|
||||
BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
|
||||
BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
|
||||
BuildRequires: libdrm-devel, libXt-devel, pixman-devel
|
||||
BuildRequires: systemd, cmake, desktop-file-utils
|
||||
BuildRequires: libselinux-devel, selinux-policy-devel
|
||||
BuildRequires: libXfixes-devel, libXdamage-devel, libXrandr-devel
|
||||
%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
|
||||
BuildRequires: libXfont2-devel
|
||||
%else
|
||||
BuildRequires: libXfont-devel
|
||||
%endif
|
||||
BuildRequires: gettext
|
||||
BuildRequires: cmake
|
||||
|
||||
BuildRequires: gnutls-devel
|
||||
BuildRequires: desktop-file-utils
|
||||
BuildRequires: libappstream-glib
|
||||
BuildRequires: libjpeg-turbo-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: zlib-devel
|
||||
|
||||
# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support
|
||||
# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814
|
||||
BuildRequires: fltk-devel >= 1.3.3
|
||||
BuildRequires: libX11-devel
|
||||
BuildRequires: libXext-devel
|
||||
BuildRequires: libXi-devel
|
||||
BuildRequires: libXrandr-devel
|
||||
BuildRequires: libXrender-devel
|
||||
BuildRequires: pixman-devel
|
||||
|
||||
# X11/graphics dependencies
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: gettext-autopoint
|
||||
BuildRequires: libXdamage-devel
|
||||
BuildRequires: libXdmcp-devel
|
||||
BuildRequires: libXfixes-devel
|
||||
BuildRequires: libXfont2-devel
|
||||
BuildRequires: libXinerama-devel
|
||||
BuildRequires: libXt-devel
|
||||
BuildRequires: libXtst-devel
|
||||
BuildRequires: libdrm-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libxkbfile-devel
|
||||
BuildRequires: libxshmfence-devel
|
||||
BuildRequires: mesa-libGL-devel
|
||||
BuildRequires: xorg-x11-font-utils
|
||||
BuildRequires: xorg-x11-server-devel
|
||||
BuildRequires: xorg-x11-server-source
|
||||
BuildRequires: xorg-x11-util-macros
|
||||
BuildRequires: xorg-x11-xtrans-devel
|
||||
|
||||
# SELinux
|
||||
BuildRequires: libselinux-devel, selinux-policy-devel, systemd
|
||||
|
||||
Requires(post): coreutils
|
||||
Requires(postun):coreutils
|
||||
|
@ -102,10 +126,12 @@ X session.
|
|||
|
||||
%package server-minimal
|
||||
Summary: A minimal installation of TigerVNC server
|
||||
Requires(post): chkconfig
|
||||
Requires(preun):chkconfig
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
Requires(post): systemd
|
||||
|
||||
Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
|
||||
Requires: mesa-dri-drivers, xkeyboard-config, xkbcomp
|
||||
Requires: tigervnc-license, dbus-x11
|
||||
|
||||
%description server-minimal
|
||||
|
@ -164,20 +190,18 @@ for all in `find . -type f -perm -001`; do
|
|||
done
|
||||
%patch100 -p1 -b .xserver120-rebased
|
||||
%patch101 -p1 -b .rpath
|
||||
%patch110 -p1 -b .composite-Fix-use-after-free-of-the-COW
|
||||
%patch200 -p1 -b .xorg-CVE-2024-0229-followup
|
||||
popd
|
||||
|
||||
%patch1 -p1 -b .use-gnome-as-default-session
|
||||
%patch2 -p1 -b .vncsession-restore-script-systemd-service
|
||||
|
||||
# Upstream patches
|
||||
%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies
|
||||
%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection
|
||||
%patch52 -p1 -b .root-user-selinux-context
|
||||
%patch53 -p1 -b .vncsession-restore-script-systemd-service
|
||||
%patch54 -p1 -b .fix-ghost-cursor-in-zaphod-mode
|
||||
%patch55 -p1 -b .add-new-keycodes-for-unknown-keysyms
|
||||
%patch56 -p1 -b .sanity-check-when-cleaning-up-keymap-changes
|
||||
%patch57 -p1 -b .selinux-allow-vncsession-create-vnc-directory
|
||||
%patch50 -p1 -b .support-username-alias-in-plainusers
|
||||
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
|
||||
|
||||
# Upstreamable patches
|
||||
%patch80 -p1 -b .dont-get-pointer-position-for-floating-device
|
||||
|
||||
%build
|
||||
%ifarch sparcv9 sparc64 s390 s390x
|
||||
|
@ -185,12 +209,22 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
|
|||
%else
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fpic"
|
||||
%endif
|
||||
export CXXFLAGS="$CFLAGS"
|
||||
export CXXFLAGS="$CFLAGS -std=c++11"
|
||||
|
||||
%{cmake} .
|
||||
make %{?_smp_mflags}
|
||||
%define __cmake_builddir %{_target_platform}
|
||||
|
||||
mkdir -p %{%__cmake_builddir}
|
||||
|
||||
%cmake
|
||||
|
||||
%cmake_build
|
||||
|
||||
pushd unix/xserver
|
||||
|
||||
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
|
||||
sed -i 's@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}/%{_target_platform}@g' hw/vnc/Makefile.am
|
||||
%endif
|
||||
|
||||
autoreconf -fiv
|
||||
%configure \
|
||||
--disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
|
||||
|
@ -213,7 +247,11 @@ make %{?_smp_mflags}
|
|||
popd
|
||||
|
||||
# Build icons
|
||||
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
|
||||
pushd %{_target_platform}/media
|
||||
%else
|
||||
pushd media
|
||||
%endif
|
||||
make
|
||||
popd
|
||||
|
||||
|
@ -222,19 +260,19 @@ pushd unix/vncserver/selinux
|
|||
make
|
||||
popd
|
||||
|
||||
|
||||
%install
|
||||
%make_install
|
||||
%cmake_install
|
||||
rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
|
||||
|
||||
pushd unix/xserver/hw/vnc
|
||||
make install DESTDIR=%{buildroot}
|
||||
%make_install
|
||||
popd
|
||||
|
||||
# Install systemd unit file
|
||||
pushd unix/vncserver/selinux
|
||||
make install DESTDIR=%{buildroot}
|
||||
popd
|
||||
|
||||
|
||||
# Install systemd unit file
|
||||
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
|
||||
install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
|
||||
|
@ -243,12 +281,26 @@ install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
|
|||
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
|
||||
|
||||
pushd media/icons
|
||||
for s in 16 24 48; do
|
||||
for s in 16 22 24 32 48 64 128; do
|
||||
install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png
|
||||
done
|
||||
popd
|
||||
|
||||
appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml
|
||||
desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop
|
||||
|
||||
%if 0%{?rhel} > 9
|
||||
# Install a replacement for /usr/bin/vncserver which will tell the user to read the
|
||||
# HOWTO.md file
|
||||
cat <<EOF > %{buildroot}/%{_bindir}/vncserver
|
||||
#!/bin/bash
|
||||
echo "vncserver has been replaced by a systemd unit."
|
||||
echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
|
||||
EOF
|
||||
chmod +x %{buildroot}/%{_bindir}/vncserver
|
||||
%else
|
||||
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
|
||||
%endif
|
||||
|
||||
%find_lang %{name} %{name}.lang
|
||||
|
||||
|
@ -259,15 +311,14 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
|
|||
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
||||
|
||||
%post server
|
||||
%systemd_post xvnc.service
|
||||
%systemd_post xvnc@.service
|
||||
%systemd_post xvnc.socket
|
||||
|
||||
%preun server
|
||||
%systemd_preun xvnc.service
|
||||
%systemd_preun xvnc.socket
|
||||
|
||||
%postun server
|
||||
%systemd_postun xvnc.service
|
||||
%systemd_postun xvnc@.service
|
||||
%systemd_postun xvnc.socket
|
||||
|
||||
%pre selinux
|
||||
|
@ -289,6 +340,7 @@ fi
|
|||
%{_bindir}/vncviewer
|
||||
%{_datadir}/applications/*
|
||||
%{_mandir}/man1/vncviewer.1*
|
||||
%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml
|
||||
|
||||
%files server
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/tigervnc
|
||||
|
@ -298,8 +350,8 @@ fi
|
|||
%{_unitdir}/vncserver@.service
|
||||
%{_unitdir}/xvnc@.service
|
||||
%{_unitdir}/xvnc.socket
|
||||
%{_bindir}/x0vncserver
|
||||
%{_bindir}/vncserver
|
||||
%{_bindir}/x0vncserver
|
||||
%{_sbindir}/vncsession
|
||||
%{_libexecdir}/vncserver
|
||||
%{_libexecdir}/vncsession-start
|
||||
|
@ -319,7 +371,7 @@ fi
|
|||
|
||||
%files server-module
|
||||
%{_libdir}/xorg/modules/extensions/libvnc.so
|
||||
%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
||||
%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
||||
|
||||
%files license
|
||||
%{_docdir}/tigervnc/LICENCE.TXT
|
||||
|
@ -329,214 +381,267 @@ fi
|
|||
|
||||
%files selinux
|
||||
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
|
||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
|
||||
%changelog
|
||||
*Mon Mar 27 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-15
|
||||
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
|
||||
Resolves: bz#2180305
|
||||
* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
|
||||
- Fix copy/paste error in the DeviceStateNotify
|
||||
Resolves: RHEL-20533
|
||||
|
||||
* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-14
|
||||
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
|
||||
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
|
||||
Resolves: RHEL-20389
|
||||
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
|
||||
Resolves: RHEL-20383
|
||||
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
|
||||
Resolves: RHEL-20533
|
||||
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
|
||||
Resolves: RHEL-21213
|
||||
|
||||
* Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
|
||||
- Use dup() to get available file descriptor when using -inetd option
|
||||
Resolves: RHEL-19858
|
||||
|
||||
* Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
|
||||
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
|
||||
Resolves: RHEL-18414
|
||||
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
|
||||
Resolves: RHEL-18426
|
||||
|
||||
* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
|
||||
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
|
||||
Resolves: RHEL-15237
|
||||
|
||||
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
|
||||
Resolves: RHEL-15249
|
||||
|
||||
* Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
|
||||
- Support username alias in PlainUsers
|
||||
Resolves: RHEL-8430
|
||||
|
||||
* Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
|
||||
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
|
||||
Escalation Vulnerability
|
||||
Resolves: bz#2180310
|
||||
|
||||
* Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
|
||||
- 1.13.1
|
||||
Resolves: bz#2175732
|
||||
|
||||
* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
|
||||
- SELinux: allow vncsession create .vnc directory
|
||||
Resolves: bz#2164704
|
||||
Resolves: bz#2164703
|
||||
|
||||
* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-13
|
||||
* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-11
|
||||
- Add sanity check when cleaning up keymap changes
|
||||
Resolves: bz#2169960
|
||||
Resolves: bz#2169965
|
||||
|
||||
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
|
||||
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
|
||||
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
|
||||
Resolves: bz#2167058
|
||||
Resolves: bz#2167061
|
||||
|
||||
* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-11
|
||||
* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-9
|
||||
- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
|
||||
|
||||
* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
|
||||
* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
|
||||
- Rebuild for xorg-x11-server CVEs
|
||||
Resolves: CVE-2022-4283 (bz#2154233)
|
||||
Resolves: CVE-2022-46340 (bz#2154220)
|
||||
Resolves: CVE-2022-46341 (bz#2154223)
|
||||
Resolves: CVE-2022-46342 (bz#2154225)
|
||||
Resolves: CVE-2022-46343 (bz#2154227)
|
||||
Resolves: CVE-2022-46344 (bz#2154229)
|
||||
Resolves: CVE-2022-4283 (bz#2154234)
|
||||
Resolves: CVE-2022-46340 (bz#2154221)
|
||||
Resolves: CVE-2022-46341 (bz#2154224)
|
||||
Resolves: CVE-2022-46342 (bz#2154226)
|
||||
Resolves: CVE-2022-46343 (bz#2154228)
|
||||
Resolves: CVE-2022-46344 (bz#2154230)
|
||||
|
||||
* Thu Dec 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
|
||||
- Bump build version to fix upgrade path
|
||||
Resolves: bz#1437569
|
||||
|
||||
* Fri Nov 18 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
|
||||
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
|
||||
- x0vncserver: add new keysym in case we don't find matching keycode
|
||||
Resolves: bz#1437569
|
||||
+ actually apply the patch
|
||||
Resolves: bz#2119017
|
||||
|
||||
* Wed Aug 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
|
||||
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
|
||||
- x0vncserver: add new keysym in case we don't find matching keycode
|
||||
Resolves: bz#2119017
|
||||
|
||||
* Mon Oct 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
|
||||
- x0vncserver: fix ghost cursor in zaphod mode (better version)
|
||||
Resolves: bz#2109679
|
||||
Resolves: bz#2119016
|
||||
|
||||
* Wed Aug 17 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
|
||||
- x0vncserver: fix ghost cursor in zaphod mode
|
||||
Resolves: bz#2109679
|
||||
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
|
||||
- Add BR: libXdamage, libXfixes, libXrandr
|
||||
Resolves: bz#2091833
|
||||
|
||||
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
|
||||
- BR: libXdamage, libXfixes, libXrandr
|
||||
Resolves: bz#2088733
|
||||
* Tue Apr 05 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
|
||||
- Do not run systemd_preun on Xvnc service file
|
||||
Resolves: bz#2048011
|
||||
|
||||
* Tue Feb 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
|
||||
* Mon Apr 04 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
|
||||
- Drop unexisting option from the old vncserver script
|
||||
Resolves: bz#2021893
|
||||
|
||||
* Wed Mar 23 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
|
||||
- 1.12.0 + sync with Fedora
|
||||
Resolves: bz#2048011
|
||||
Resolves: bz#2021893
|
||||
|
||||
* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
|
||||
- Added vncsession-restore script for SELinux policy migration
|
||||
Fix SELinux context for root user
|
||||
Resolves: bz#2021892
|
||||
Resolves: bz#2049506
|
||||
|
||||
* Fri Jan 21 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
|
||||
- Fix crash in vncviewer
|
||||
Resolves: bz#2021892
|
||||
* Fri Nov 26 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-20
|
||||
- Rebuild for absence in RHEL 9.0
|
||||
Resolves: bz#1985858
|
||||
|
||||
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
|
||||
- Remove unavailable option from vncserver script
|
||||
Resolves: bz#2021892
|
||||
* Mon Aug 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-19
|
||||
- Sync upstream patches + drop unused patches
|
||||
Resolves: bz#1985858
|
||||
|
||||
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
|
||||
- 1.12.0
|
||||
Resolves: bz#2021892
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-18
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
|
||||
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-17
|
||||
- Fix logout from VNC session using vncserver
|
||||
Resolves: bz#1983706
|
||||
Resolves: bz#1983704
|
||||
|
||||
* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
|
||||
- Run all SELinux RPM macros on correct package
|
||||
Resolves: bz#1907963
|
||||
* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-16
|
||||
- Bump version for rebuild (binutils)
|
||||
Resolves: bz#1961488
|
||||
|
||||
* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-7
|
||||
* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-14
|
||||
- SELinux improvements
|
||||
Resolves: bz#1907963
|
||||
Resolves: bz#1961488
|
||||
|
||||
* Tue Dec 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
|
||||
- Use GNOME as default session
|
||||
Resolves: bz#1853608
|
||||
- Fix endianness issue on s390x
|
||||
Resolves: bz#1963029
|
||||
|
||||
* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
|
||||
- Make sure we log properly output to journal (actually log to syslog)
|
||||
Resolves: bz#1841537
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-13
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
|
||||
- Make sure we log properly output to journal
|
||||
Resolves: bz#1841537
|
||||
* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12
|
||||
- Include RHEL8 patches
|
||||
|
||||
* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
|
||||
- vncserver: ignore new "session" parameter from the new systemd support
|
||||
Resolves: bz#1897504
|
||||
* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11
|
||||
- Enable old vncserver script for RHEL 9
|
||||
|
||||
* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
|
||||
- Revert removal of vncserver
|
||||
Resolves: bz#1897504
|
||||
- Correctly start vncsession as a daemon
|
||||
Resolves: bz#1897498
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Tue Oct 20 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
|
||||
- Update to 1.11.0
|
||||
Resolves: bz#1880985
|
||||
- Backport fix to allow Tigervnc use boolean values in config files
|
||||
Resolves: bz#1883415
|
||||
* Thu Dec 10 07:45:46 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
|
||||
- vncserver: ignore new session parameter from the new systemd support
|
||||
|
||||
* Wed Sep 30 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-8
|
||||
- Tolerate specifying -BoolParam 0 and similar
|
||||
Resolves: bz#1883415
|
||||
* Fri Nov 13 14:08:29 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
|
||||
- Use /run instead of /var/run which is just a symlink
|
||||
|
||||
* Wed Jul 08 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-7
|
||||
- Enable server module on s390x
|
||||
Resolves: bz#1854925
|
||||
* Thu Nov 05 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.11.0-7
|
||||
- Require xkbcomp directly, not xorg-x11-xkb-utils. The latter has had
|
||||
Provides xkbcomp for years.
|
||||
|
||||
* Fri Jul 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-6
|
||||
- Remove trailing spaces in user name
|
||||
Resolves: bz#1852432
|
||||
* Tue Sep 29 13:12:22 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
|
||||
- Backport upstream fix allowing Tigervnc to specify boolean valus in configuration
|
||||
- Revert removal of vncserver for F32 and F33
|
||||
|
||||
* Thu Jun 25 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
|
||||
- Install the HOWTO file to correct location
|
||||
* Thu Sep 24 07:14:06 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
|
||||
- Actually install the HOWTO.md file
|
||||
|
||||
* Wed Sep 23 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
|
||||
- Call systemd macros on correct service file
|
||||
|
||||
* Tue Sep 22 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
|
||||
- Do not overwrite libvnc.conf config file
|
||||
|
||||
* Thu Sep 17 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
|
||||
- Add /usr/bin/vncserver file informing users to read the HOWTO.md file
|
||||
Resolves: bz#1790443
|
||||
|
||||
* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-4
|
||||
- Improve SELinux policy
|
||||
Resolves: bz#1790443
|
||||
* Wed Sep 09 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
|
||||
- 1.11.0
|
||||
|
||||
* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-3
|
||||
- Add a HOWTO.md file with instructions how to start VNC server
|
||||
Resolves: bz#1790443
|
||||
* Mon Aug 24 2020 Jan Grulich <jgrulich@redhat.com. - 1.10.90-1
|
||||
- Update to 1.10.90 (1.11.0 beta)
|
||||
|
||||
* Tue May 26 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
|
||||
- Make the systemd service run also for root user
|
||||
Resolves: bz#1790443
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-9
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Apr 27 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-7
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 1.10.1-6
|
||||
- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
|
||||
|
||||
* Sun Apr 19 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
|
||||
- Requires: dbus-x11
|
||||
Resolves: bz#1825331
|
||||
|
||||
* Fri Mar 13 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.10.1-4
|
||||
- Fix build with xserver 1.20.7
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Mon Jan 13 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
|
||||
- Build with -std=c++11
|
||||
|
||||
* Fri Dec 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
|
||||
- Update to 1.10.1
|
||||
Resolves: bz#1806992
|
||||
|
||||
- Add proper systemd support
|
||||
Resolves: bz#1790443
|
||||
* Tue Dec 10 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-2
|
||||
- Properly install systemd files
|
||||
|
||||
* Tue Jan 28 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-13
|
||||
- Bump build because of z-stream
|
||||
Resolves: bz#1671714
|
||||
* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-1
|
||||
- Update to 1.10.0
|
||||
|
||||
* Wed Dec 11 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-12
|
||||
- Fix installation of systemd files
|
||||
Resolves: bz#1671714
|
||||
* Fri Oct 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.90-1
|
||||
- Update to 1.9.90 (1.10 beta)
|
||||
- Add systemd user service file
|
||||
- Use a wrapper for systemd system service file to workaround systemd limitations
|
||||
|
||||
* Wed Nov 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-11
|
||||
- Use wrapper script to workaround systemd issues
|
||||
Resolves: bz#1671714
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Jul 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-10
|
||||
- Do not return returncode indicating error when running "vncserver -list"
|
||||
Resolves: bz#1727860
|
||||
* Fri Jul 19 2019 Dan Horák <dan[at]danny.cz> - 1.9.0-6
|
||||
- drop the s390x special handling (related #1727029)
|
||||
|
||||
* Fri Feb 08 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-9
|
||||
- Make tigervnc systemd service a user service
|
||||
Resolves: bz#1639846
|
||||
* Wed Jun 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
|
||||
- Add missing arguments to systemd_postun scriptlets
|
||||
Resolves: bz#1716411
|
||||
|
||||
* Mon Jan 21 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-8
|
||||
- Kill the session automatically only when Gnome is installed
|
||||
Resolves: bz#1665876
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Tue Nov 20 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-7
|
||||
- Improve coverity scan fixes
|
||||
Resolves: bz#1602714
|
||||
|
||||
Inform whether view-only password is used or not
|
||||
Resolves: bz#1639169
|
||||
|
||||
Backport fixes from RHEL 7
|
||||
Resolves: bz#1651254
|
||||
|
||||
* Tue Oct 09 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-6
|
||||
* Tue Sep 25 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
|
||||
- Do not crash passwd when using malloc perturb checks
|
||||
Resolves: bz#1637086
|
||||
|
||||
* Mon Oct 08 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
|
||||
- Improve coverity scan fixes
|
||||
Resolves: bz#1602714
|
||||
|
||||
* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-4
|
||||
- Improve coverity scan fixes
|
||||
Resolves: bz#1602714
|
||||
|
||||
* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
|
||||
- Fix some coverity scan issues
|
||||
Resolves: bz#1602714
|
||||
Resolves: bz#1631483
|
||||
|
||||
* Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2
|
||||
- Remove dependency on initscripts
|
||||
- Ignore buttons in mouse leave events
|
||||
Resolves: bz#1609516
|
||||
|
||||
* Tue Jul 17 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-1
|
||||
- Update to 1.9.0 + sync with Fedora
|
||||
- Update to 1.9.0
|
||||
|
||||
* Tue Jun 12 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-10
|
||||
- Fix GLX initialization with Xorg 1.20
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.90-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue May 29 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-9
|
||||
- Build against Xorg 1.20
|
||||
* Wed Jul 4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.90-2
|
||||
- Clean up spec: use macros consistenly, drop old sys-v migrations
|
||||
- Drop ancient obsolete/provides
|
||||
|
||||
* Mon May 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-8
|
||||
- Drop BR: ImageMagick
|
||||
* Thu Jun 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.90-1
|
||||
- Update to 1.8.90
|
||||
|
||||
* Wed Jun 13 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-10
|
||||
- Fix tigervnc systemd unit file
|
||||
Resolves: bz#1583159
|
||||
|
||||
* Wed Jun 06 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-9
|
||||
- Fix GLX initialization with 1.20
|
||||
|
||||
* Wed Apr 04 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-8
|
||||
- Rebuild for xserver 1.20
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
|
Loading…
Reference in New Issue