import vino-3.22.0-11.el8
This commit is contained in:
parent
e1abe95a70
commit
6204a67f25
|
@ -0,0 +1,45 @@
|
|||
From 403bb480066605ee6270fa2c7c1fd55bf5d1dbe6 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Holy <oholy@redhat.com>
|
||||
Date: Tue, 15 Jun 2021 10:10:11 +0200
|
||||
Subject: [PATCH] Fix crashes under FIPS
|
||||
|
||||
When FIPS mode is enabled, gnutls_dh_params_generate2 returns 0, because
|
||||
DH_BITS is 1024, which is too small for FIPS. This causes
|
||||
gnutls_anon_set_server_dh_params to crash. Let's use
|
||||
gnutls_sec_param_to_pk_bits instead of the hardcoded DH_BITS value. It
|
||||
returns 2048 for GNUTLS_SEC_PARAM_MEDIUM, which is big enough. Just a note
|
||||
that the similar downstream patch is used for TigerVNC already.
|
||||
---
|
||||
server/libvncserver/auth.c | 8 +++-----
|
||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/server/libvncserver/auth.c b/server/libvncserver/auth.c
|
||||
index cfaed55..639d3c5 100644
|
||||
--- a/server/libvncserver/auth.c
|
||||
+++ b/server/libvncserver/auth.c
|
||||
@@ -32,19 +32,17 @@ void
|
||||
rfbAuthInitScreen(rfbScreenInfoPtr rfbScreen)
|
||||
{
|
||||
#ifdef VINO_HAVE_GNUTLS
|
||||
-#define DH_BITS 1024
|
||||
-
|
||||
gnutls_global_init();
|
||||
|
||||
gnutls_anon_allocate_server_credentials(&rfbScreen->anonCredentials);
|
||||
|
||||
gnutls_dh_params_init(&rfbScreen->dhParams);
|
||||
- gnutls_dh_params_generate2(rfbScreen->dhParams, DH_BITS);
|
||||
+ gnutls_dh_params_generate2(rfbScreen->dhParams,
|
||||
+ gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH,
|
||||
+ GNUTLS_SEC_PARAM_MEDIUM));
|
||||
|
||||
gnutls_anon_set_server_dh_params(rfbScreen->anonCredentials,
|
||||
rfbScreen->dhParams);
|
||||
-
|
||||
-#undef DH_BITS
|
||||
#endif /* VINO_HAVE_GNUTLS */
|
||||
}
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
Name: vino
|
||||
Version: 3.22.0
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
Summary: A remote desktop system for GNOME
|
||||
|
||||
License: GPLv2+
|
||||
|
@ -20,6 +20,9 @@ Patch4: Properly-remove-watches-when-changing-server-props.patch
|
|||
# https://bugzilla.redhat.com/show_bug.cgi?id=1602728
|
||||
Patch5: Fix-various-defects-reported-by-covscan.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1960705
|
||||
Patch6: Fix-crashes-under-FIPS.patch
|
||||
|
||||
BuildRequires: pkgconfig(avahi-client)
|
||||
BuildRequires: pkgconfig(avahi-glib)
|
||||
BuildRequires: pkgconfig(gnutls)
|
||||
|
@ -54,6 +57,7 @@ connect to a running GNOME session using VNC.
|
|||
%patch3 -p1 -b .Prevent-monitoring-all-interfaces-after-change-of-ot.patch
|
||||
%patch4 -p1 -b .Properly-remove-watches-when-changing-server-props.patch
|
||||
%patch5 -p1 -b .Fix-various-defects-reported-by-covscan
|
||||
%patch6 -p1 -b .Fix-crashes-under-FIPS
|
||||
|
||||
|
||||
%build
|
||||
|
@ -81,15 +85,15 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/vino-server.desktop
|
|||
|
||||
|
||||
%post
|
||||
%systemd_user_post
|
||||
%systemd_user_post vino-server.service
|
||||
|
||||
|
||||
%preun
|
||||
%systemd_user_preun
|
||||
%systemd_user_preun vino-server.service
|
||||
|
||||
|
||||
%postun
|
||||
%systemd_user_postun
|
||||
%systemd_user_postun vino-server.service
|
||||
|
||||
|
||||
%files -f %{name}.lang
|
||||
|
@ -103,6 +107,10 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/vino-server.desktop
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Jun 29 2021 Ondrej Holy <oholy@redhat.com> - 3.22.0-11
|
||||
- Fix crashes under FIPS
|
||||
- Resolves: #1960705
|
||||
|
||||
* Wed Sep 26 2018 Ondrej Holy <oholy@redhat.com> - 3.22.0-10
|
||||
- Fix various defects reported by covscan
|
||||
- Resolves: #1602728
|
||||
|
|
Loading…
Reference in New Issue