diff --git a/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch b/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch index af27908..5d85b09 100644 --- a/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch +++ b/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch @@ -1,7 +1,7 @@ -From 450f4a50771fd36cdd170356f83ebab5ff0dea51 Mon Sep 17 00:00:00 2001 +From e4849b01fec4494057728d1aa3a165ed21705682 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20=C3=85dahl?= Date: Mon, 11 Jun 2018 23:47:02 +0200 -Subject: [PATCH 1/2] libvncserver: Add API to add custom I/O entry points +Subject: [PATCH 1/4] libvncserver: Add API to add custom I/O entry points Add API to make it possible to channel RFB input and output through another layer, for example TLS. This is done by making it possible to @@ -13,7 +13,7 @@ override the default read/write/peek functions. 3 files changed, 93 insertions(+), 7 deletions(-) diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 44ca2153..cee87dbb 100644 +index e9eaa5fc..72e9ba79 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c @@ -319,6 +319,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen, @@ -237,5 +237,5 @@ index 5e9ba86f..3c0b25a3 100644 extern rfbSocket rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port); extern rfbSocket rfbConnectToTcpAddr(char* host, int port); -- -2.25.4 +2.28.0 diff --git a/0002-libvncserver-Add-channel-security-handlers.patch b/0002-libvncserver-Add-channel-security-handlers.patch index de2e421..eb2aa9f 100644 --- a/0002-libvncserver-Add-channel-security-handlers.patch +++ b/0002-libvncserver-Add-channel-security-handlers.patch @@ -1,7 +1,7 @@ -From 30b947df1b25cf741f6863b4c3f77e0016aa4898 Mon Sep 17 00:00:00 2001 +From c9131a78878a785c3de21e9d49521d7b68400ad7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20=C3=85dahl?= Date: Mon, 11 Jun 2018 23:50:05 +0200 -Subject: [PATCH 2/2] libvncserver: Add channel security handlers +Subject: [PATCH 2/4] libvncserver: Add channel security handlers Add another type of security handler that is meant to be used initially to set up a secure channel. Regular security handlers would be @@ -298,10 +298,10 @@ index 814a8142..55e0b3c9 100644 rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType); handler->handler(cl); diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index cee87dbb..6efede61 100644 +index 72e9ba79..48eada64 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c -@@ -654,6 +654,7 @@ rfbProcessClientMessage(rfbClientPtr cl) +@@ -652,6 +652,7 @@ rfbProcessClientMessage(rfbClientPtr cl) case RFB_PROTOCOL_VERSION: rfbProcessClientProtocolVersion(cl); return; @@ -364,5 +364,5 @@ index 3c0b25a3..d136f884 100644 /* rre.c */ -- -2.25.4 +2.28.0 diff --git a/0003-auth-Add-API-to-unregister-built-in-security-handler.patch b/0003-auth-Add-API-to-unregister-built-in-security-handler.patch deleted file mode 100644 index 5c4a84d..0000000 --- a/0003-auth-Add-API-to-unregister-built-in-security-handler.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 42815c7a5672edb16ab810378b7c34b3e8e74832 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jonas=20=C3=85dahl?= -Date: Wed, 27 Nov 2019 16:58:29 +0100 -Subject: [PATCH 3/3] auth: Add API to unregister built in security handlers - -If I have a VNC server that first accepts password based authentication, -then switches to something not using password (e.g. a prompt on screen), -the security handler from the first would still be sent as, meaning -clients would still ask for a password without there being one. ---- - libvncserver/auth.c | 7 +++++++ - rfb/rfb.h | 1 + - 2 files changed, 8 insertions(+) - -diff --git a/libvncserver/auth.c b/libvncserver/auth.c -index fc74c800..94b46fd6 100644 ---- a/libvncserver/auth.c -+++ b/libvncserver/auth.c -@@ -248,6 +248,13 @@ determinePrimarySecurityType(rfbClientPtr cl) - } - } - -+void -+rfbUnregisterPrimarySecurityHandlers (void) -+{ -+ rfbUnregisterSecurityHandler(&VncSecurityHandlerNone); -+ rfbUnregisterSecurityHandler(&VncSecurityHandlerVncAuth); -+} -+ - void - rfbSendSecurityTypeList(rfbClientPtr cl, - enum rfbSecurityTag exclude) -diff --git a/rfb/rfb.h b/rfb/rfb.h -index f56bd47d..d1763c6c 100644 ---- a/rfb/rfb.h -+++ b/rfb/rfb.h -@@ -856,6 +856,7 @@ extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler); - extern void rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler); - extern void rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler); - extern void rfbSendSecurityTypeList(rfbClientPtr cl, enum rfbSecurityTag exclude); -+extern void rfbUnregisterPrimarySecurityHandlers (void); - - /* rre.c */ - --- -2.26.2 - diff --git a/0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch b/0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch new file mode 100644 index 0000000..2f736d0 --- /dev/null +++ b/0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch @@ -0,0 +1,32 @@ +From 2a77dd86a97fa5f4735f678599cea839ba09009c Mon Sep 17 00:00:00 2001 +From: Christian Beier +Date: Sun, 9 Aug 2020 20:11:26 +0200 +Subject: [PATCH 3/4] libvncserver/auth: don't keep security handlers from + previous runs + +Whyohsoever security handlers are stored in a variable global to the +application, not in the rfbScreen struct. This meant that security +handlers registered once would stick around forever before this commit. +--- + libvncserver/auth.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libvncserver/auth.c b/libvncserver/auth.c +index 55e0b3c9..fc74c800 100644 +--- a/libvncserver/auth.c ++++ b/libvncserver/auth.c +@@ -264,9 +264,11 @@ rfbSendSecurityTypeList(rfbClientPtr cl, + primaryType = determinePrimarySecurityType(cl); + switch (primaryType) { + case rfbSecTypeNone: ++ rfbUnregisterSecurityHandler(&VncSecurityHandlerVncAuth); + rfbRegisterSecurityHandler(&VncSecurityHandlerNone); + break; + case rfbSecTypeVncAuth: ++ rfbUnregisterSecurityHandler(&VncSecurityHandlerNone); + rfbRegisterSecurityHandler(&VncSecurityHandlerVncAuth); + break; + } +-- +2.28.0 + diff --git a/0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch b/0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch new file mode 100644 index 0000000..d45dfeb --- /dev/null +++ b/0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch @@ -0,0 +1,45 @@ +From 641610b961a732bb68f111536ebf8c42be20f05b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Wed, 16 Sep 2020 17:35:49 +0200 +Subject: [PATCH 4/4] zlib: Clear buffer pointers on cleanup (#444) + +The pointers to the buffers were freed, and the size fields were set to +0, but the buffer pointers themsef was not set to NULL, when shutting +down, meaning the next time used, NULL checks would not tell whether the +pointer is valid. This caused crashes ending with + + #0 0x00007ffff73729e5 in raise () from /lib64/libc.so.6 + #1 0x00007ffff735b895 in abort () from /lib64/libc.so.6 + #2 0x00007ffff73b6857 in __libc_message () from /lib64/libc.so.6 + #3 0x00007ffff73bdd7c in malloc_printerr () from /lib64/libc.so.6 + #4 0x00007ffff73c2f1a in realloc () from /lib64/libc.so.6 + #5 0x00007ffff78b558e in rfbSendOneRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=40) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:106 + #6 0x00007ffff78b5dec in rfbSendRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=600) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:308 + #7 0x00007ffff7899453 in rfbSendFramebufferUpdate (cl=0x4a4b80, givenUpdateRegion=0x49ef70) at /home/jonas/Dev/gnome/libvncserver/libvncserver/rfbserver.c:3264 + #8 0x00007ffff789079d in rfbUpdateClient (cl=0x4a4b80) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1275 + #9 0x00007ffff78905f5 in rfbProcessEvents (screen=0x4d5790, usec=0) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1251 +--- + libvncserver/zlib.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libvncserver/zlib.c b/libvncserver/zlib.c +index d24d7d15..5c3a8236 100644 +--- a/libvncserver/zlib.c ++++ b/libvncserver/zlib.c +@@ -64,11 +64,13 @@ void rfbZlibCleanup(rfbScreenInfoPtr screen) + { + if (zlibBeforeBufSize) { + free(zlibBeforeBuf); ++ zlibBeforeBuf = NULL; + zlibBeforeBufSize=0; + } + if (zlibAfterBufSize) { + zlibAfterBufSize=0; + free(zlibAfterBuf); ++ zlibAfterBuf = NULL; + } + } + +-- +2.28.0 + diff --git a/libvncserver.spec b/libvncserver.spec index 49e6624..c733a32 100644 --- a/libvncserver.spec +++ b/libvncserver.spec @@ -3,7 +3,7 @@ Summary: Library to make writing a VNC server easy Name: libvncserver Version: 0.9.13 -Release: 7%{?dist} +Release: 8%{?dist} # NOTE: --with-filetransfer => GPLv2 License: GPLv2+ @@ -14,8 +14,12 @@ Source0: https://github.com/LibVNC/libvncserver/archive/LibVNCServer-%{versio # https://github.com/LibVNC/libvncserver/pull/234 Patch10: 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch Patch11: 0002-libvncserver-Add-channel-security-handlers.patch -# https://github.com/LibVNC/libvncserver/pull/350 -Patch12: 0003-auth-Add-API-to-unregister-built-in-security-handler.patch +# https://github.com/LibVNC/libvncserver/commit/87c52ee0551b7c4e76855d270d475b9e3039fe08 +Patch12: 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch +# Fix crash on all runs after the first +# https://github.com/LibVNC/libvncserver/pull/444 +# https://bugzilla.redhat.com/show_bug.cgi?id=1882718 +Patch13: 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch ## downstream patches Patch102: libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch @@ -85,9 +89,10 @@ developing applications that use %{name}. %prep %setup -q -n %{name}-LibVNCServer-%{version} -## FIXME: needs rebasing %patch10 -p1 -b .tls-1 %patch11 -p1 -b .tls-2 +%patch12 -p1 -b .handlers +%patch13 -p1 -b .pointers %patch102 -p1 -b .crypto_policy @@ -133,6 +138,10 @@ done %changelog +* Fri Oct 09 2020 Adam Williamson - 0.9.13-8 +- Rebase all patches so Patch12 applies +- Backport PR #444 to fix crash on all runs after the first (#1882718) + * Mon Sep 14 2020 Jonas Ã…dahl - 0.9.13-7 - Add API to unregister security handlers