rpms
/
vino
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import vino-3.22.0-11.el8

This commit is contained in:
CentOS Sources 2021-11-09 04:55:32 -05:00 committed by Stepan Oksanichenko
parent e1abe95a70
commit 6204a67f25
2 changed files with 57 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SOURCES/Fix-crashes-under-FIPS.patch Normal file
View File

@ -0,0 +1,45 @@
From 403bb480066605ee6270fa2c7c1fd55bf5d1dbe6 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Tue, 15 Jun 2021 10:10:11 +0200
Subject: [PATCH] Fix crashes under FIPS
When FIPS mode is enabled, gnutls_dh_params_generate2 returns 0, because
DH_BITS is 1024, which is too small for FIPS. This causes
gnutls_anon_set_server_dh_params to crash. Let's use
gnutls_sec_param_to_pk_bits instead of the hardcoded DH_BITS value. It
returns 2048 for GNUTLS_SEC_PARAM_MEDIUM, which is big enough. Just a note
that the similar downstream patch is used for TigerVNC already.
---
server/libvncserver/auth.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/server/libvncserver/auth.c b/server/libvncserver/auth.c
index cfaed55..639d3c5 100644
--- a/server/libvncserver/auth.c
+++ b/server/libvncserver/auth.c
@@ -32,19 +32,17 @@ void
rfbAuthInitScreen(rfbScreenInfoPtr rfbScreen)
{
#ifdef VINO_HAVE_GNUTLS
-#define DH_BITS 1024
-
gnutls_global_init();
gnutls_anon_allocate_server_credentials(&rfbScreen->anonCredentials);
gnutls_dh_params_init(&rfbScreen->dhParams);
- gnutls_dh_params_generate2(rfbScreen->dhParams, DH_BITS);
+ gnutls_dh_params_generate2(rfbScreen->dhParams,
+ gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_MEDIUM));
gnutls_anon_set_server_dh_params(rfbScreen->anonCredentials,
rfbScreen->dhParams);
-
-#undef DH_BITS
#endif /* VINO_HAVE_GNUTLS */
}
--
2.31.1

16
SPECS/vino.spec
View File

@ -1,6 +1,6 @@
Name: vino
Version: 3.22.0
Release: 10%{?dist}
Release: 11%{?dist}
Summary: A remote desktop system for GNOME
License: GPLv2+
@ -20,6 +20,9 @@ Patch4: Properly-remove-watches-when-changing-server-props.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1602728
Patch5: Fix-various-defects-reported-by-covscan.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1960705
Patch6: Fix-crashes-under-FIPS.patch
BuildRequires: pkgconfig(avahi-client)
BuildRequires: pkgconfig(avahi-glib)
BuildRequires: pkgconfig(gnutls)
@ -54,6 +57,7 @@ connect to a running GNOME session using VNC.
%patch3 -p1 -b .Prevent-monitoring-all-interfaces-after-change-of-ot.patch
%patch4 -p1 -b .Properly-remove-watches-when-changing-server-props.patch
%patch5 -p1 -b .Fix-various-defects-reported-by-covscan
%patch6 -p1 -b .Fix-crashes-under-FIPS
%build
@ -81,15 +85,15 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/vino-server.desktop
%post
%systemd_user_post
%systemd_user_post vino-server.service
%preun
%systemd_user_preun
%systemd_user_preun vino-server.service
%postun
%systemd_user_postun
%systemd_user_postun vino-server.service
%files -f %{name}.lang
@ -103,6 +107,10 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/vino-server.desktop
%changelog
* Tue Jun 29 2021 Ondrej Holy <oholy@redhat.com> - 3.22.0-11
- Fix crashes under FIPS
- Resolves: #1960705
* Wed Sep 26 2018 Ondrej Holy <oholy@redhat.com> - 3.22.0-10
- Fix various defects reported by covscan
- Resolves: #1602728