rpms
/
tigervnc
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import tigervnc-1.14.0-8.el10

Browse Source
i10ce changed/i10ce/tigervnc-1.14.0-8.el10
Arkady L. Shane 1 month ago
parent dce9fec684
commit 400a0408a1
Signed by: tigro
GPG Key ID: 1EC08A25C9DB2503
14 changed files with 435 additions and 471 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/tigervnc-1.14.1.tar.gz SOURCES/tigervnc-1.14.0.tar.gz

2
.tigervnc.metadata
Unescape View File

@ -1 +1 @@
bc3c8bc9f454eb307011cd5965251f4a28040a25 SOURCES/tigervnc-1.14.1.tar.gz 9e67944113159da85f42c24b43f40b842f23feb3 SOURCES/tigervnc-1.14.0.tar.gz

24
SOURCES/0001-rpath-hack.patch
Unescape View File

@ -1,24 +0,0 @@
From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Thu, 12 Nov 2015 11:10:11 -0500
Subject: [PATCH] rpath hack
Normally, rpath is undesirable. But for the X server we _know_ we need
Mesa's libGL, which will always be in %{_libdir}, and not any third-party
libGL that may be configured using ld.so.conf.
---
configure.ac | 1 +
1 files changed, 1 insertions(+), 0 deletion(-)
diff --git a/configure.ac b/configure.ac
index fa15a2d..a5af1e0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1261,6 +1261,7 @@ AM_CONDITIONAL(GLX, test "x$GLX" = xyes)
AM_CONDITIONAL(HASHTABLE, test "x$HASHTABLE" = xyes)
+GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)"
AC_SUBST([GLX_DEFINES])
AC_SUBST([GLX_SYS_LIBS])

110
SOURCES/HOWTO.md
Unescape View File

@ -0,0 +1,110 @@
# What has changed
The previous Tigervnc versions had a wrapper script called `vncserver` which
could be run as a user manually to start *Xvnc* process. The usage was quite
simple as you just run
```
$ vncserver :x [vncserver options] [Xvnc options]
```
and that was it. While this was working just fine, there were issues when users
wanted to start a Tigervnc server using *systemd*. For these reasons things were
completely changed and there is now a new way how this all is supposed to work.
 # How to start Tigervnc server
 
## Add a user mapping
With this you can map a user to a particular port. The mapping should be done in
`/etc/tigervnc/vncserver.users` configuration file. It should be pretty
straightforward once you open the file as there are some examples, but basically
the mapping is in form
```
:x=user
```
For example you can have
```
:1=test
:2=vncuser
```
## Configure Xvnc options
To configure Xvnc parameters, you need to go to the same directory where you did
the user mapping and open `vncserver-config-defaults` configuration file. This
file is for the default Xvnc configuration and will be applied to every user
unless any of the following applies:
* The user has its own configuration in `$HOME/.vnc/config`
* The same option with different value is configured in
  `vncserver-config-mandatory` configuration file, which replaces the default
  configuration and has even a higher priority than the per-user configuration.
  This option is for system administrators when they want to force particular
  *Xvnc* options.
Format of the configuration file is also quite simple as the configuration is
in form of
```
option=value
option
```
for example
```
session=gnome
securitytypes=vncauth,tlsvnc
desktop=sandbox
geometry=2000x1200
localhost
alwaysshared
```
### Note:
There is one important option you need to set and that option is the session you
want to start. E.g when you want to start GNOME desktop, then you have to use
```
session=gnome
```
which should match the name of a session desktop file from `/usr/share/xsessions`
directory.
## Set VNC password
You need to set a password for each user in order to be able to start the
Tigervnc server. In order to create a password, you just run
```
$ vncpasswd
```
as the user you will be starting the server for.
### Note:
If you were using Tigervnc before for your user and you already created a
password, then you will have to make sure the `$HOME/.vnc` folder created by
`vncpasswd` will have the correct *SELinux* context. You either can delete this
folder and recreate it again by creating the password one more time, or
alternatively you can run
```
$ restorecon -RFv /home/<USER>/.vnc
```
## Start the Tigervnc server
Finally you can start the server using systemd service. To do so just run
```
$ systemctl start vncserver@:x
```
as root or
```
$ sudo systemctl start vncserver@:x
```
as a regular user in case it has permissions to run `sudo`. Don't forget to
replace the `:x` by the actual number you configured in the user mapping file.
Following our example by running
```
$ systemctl start vncserver@:1
```
you will start a Tigervnc server for user `test` with a GNOME session.
### Note:
If you were previously using Tigervnc and you were used to start it using
*systemd* then you will need to remove previous *systemd* configuration files,
those you most likely copied to `/etc/systemd/system/vncserver@.service`,
otherwise this service file will be preferred over the new one installed with
latest Tigervnc.
# Limitations
You will not be able to start a Tigervnc server for a user who is already
logged into a graphical session. Avoid running the server as the `root` user as
it's not a safe thing to do. While running the server as the `root` should work
in general, it's not recommended to do so and there might be some things which
are not working properly.

24
SOURCES/tigervnc-add-missing-coma-in-default-security-type-list.patch
Unescape View File

@ -0,0 +1,24 @@
From 4f6a3521874da5a67fd746389cfa9b6199eb3582 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Mon, 29 Jul 2024 16:16:08 +0200
Subject: [PATCH] Add missing comma in default security type list
Otherwise it merges with the next entry, removing both of them from the
default list.
---
common/rfb/SecurityClient.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/rfb/SecurityClient.cxx b/common/rfb/SecurityClient.cxx
index 12860662f..63e0cadc0 100644
--- a/common/rfb/SecurityClient.cxx
+++ b/common/rfb/SecurityClient.cxx
@@ -60,7 +60,7 @@ StringParameter SecurityClient::secTypes
"X509Plain,TLSPlain,X509Vnc,TLSVnc,X509None,TLSNone,"
#endif
#ifdef HAVE_NETTLE
- "RA2,RA2_256,RA2ne,RA2ne_256,DH,MSLogonII"
+ "RA2,RA2_256,RA2ne,RA2ne_256,DH,MSLogonII,"
#endif
"VncAuth,None",
ConfViewer);

29
SOURCES/tigervnc-correctly-handle-zrle-cursors.patch
Unescape View File

@ -0,0 +1,29 @@
From 6d9017eeb364491cf2acdf1c7e61aee8dd198527 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Fri, 30 Aug 2024 16:15:09 +0200
Subject: [PATCH] Correctly handle ZRLE cursors
Cursor data has a depth of 32 bits and hence cannot use CPIXELs.
This is a regression from baca73d.
---
common/rfb/ZRLEDecoder.cxx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/rfb/ZRLEDecoder.cxx b/common/rfb/ZRLEDecoder.cxx
index 474fd6ca1..e274a697a 100644
--- a/common/rfb/ZRLEDecoder.cxx
+++ b/common/rfb/ZRLEDecoder.cxx
@@ -125,10 +125,10 @@ void ZRLEDecoder::zrleDecode(const Rect& r, rdr::InStream* is,
Pixel maxPixel = pf.pixelFromRGB((uint16_t)-1, (uint16_t)-1, (uint16_t)-1);
bool fitsInLS3Bytes = maxPixel < (1<<24);
bool fitsInMS3Bytes = (maxPixel & 0xff) == 0;
- bool isLowCPixel = (sizeof(T) == 4) &&
+ bool isLowCPixel = (sizeof(T) == 4) && (pf.depth <= 24) &&
((fitsInLS3Bytes && pf.isLittleEndian()) ||
(fitsInMS3Bytes && pf.isBigEndian()));
- bool isHighCPixel = (sizeof(T) == 4) &&
+ bool isHighCPixel = (sizeof(T) == 4) && (pf.depth <= 24) &&
((fitsInLS3Bytes && pf.isBigEndian()) ||
(fitsInMS3Bytes && pf.isLittleEndian()));

13
SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch
Unescape View File

@ -1,13 +0,0 @@
diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
index b3d0926d..d36a096f 100644
--- a/unix/xserver/hw/vnc/vncInput.c
+++ b/unix/xserver/hw/vnc/vncInput.c
@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
void vncGetPointerPos(int *x, int *y)
{
- if (vncPointerDev != NULL) {
+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
ScreenPtr ptrScreen;
miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);

27
SOURCES/tigervnc-handle-existing-config-directory-in-vncpasswd.patch
Unescape View File

@ -0,0 +1,27 @@
From 445e0230cf4e939dcc59caf5d5f001c2f7b04da6 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 15 Aug 2024 14:24:42 +0200
Subject: [PATCH] Handle existing config directory in vncpasswd
This fixes commit a79c33d.
---
unix/vncpasswd/vncpasswd.cxx | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
index 6666955f1..9f794e129 100644
--- a/unix/vncpasswd/vncpasswd.cxx
+++ b/unix/vncpasswd/vncpasswd.cxx
@@ -213,8 +213,10 @@ int main(int argc, char** argv)
exit(1);
}
if (os::mkdir_p(configDir, 0777) == -1) {
- fprintf(stderr, "Could not create VNC config directory: %s\n", strerror(errno));
- exit(1);
+ if (errno != EEXIST) {
+ fprintf(stderr, "Could not create VNC config directory: %s\n", strerror(errno));
+ exit(1);
+ }
}
snprintf(fname, sizeof(fname), "%s/passwd", configDir);
}

12
SOURCES/tigervnc-use-gnome-as-default-session.patch
Unescape View File

@ -1,12 +0,0 @@
diff --git a/unix/vncserver/vncserver-config-defaults b/unix/vncserver/vncserver-config-defaults
index 0c217bf..2889347 100644
--- a/unix/vncserver/vncserver-config-defaults
+++ b/unix/vncserver/vncserver-config-defaults
@@ -13,3 +13,7 @@
# geometry=2000x1200
# localhost
# alwaysshared
+
+# Default to GNOME session
+# Note: change this only when you know what are you doing
+session=gnome

29
SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
Unescape View File

@ -0,0 +1,29 @@
From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001
From: Carlos Santos <casantos@redhat.com>
Date: Thu, 25 Jul 2024 18:39:59 -0300
Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set
An empty shell field in the password file is valid, although not common.
Use /bin/sh in this case, as documented in the passwd(5) man page, since
the vncserver script requires a non-empty SHELL environment variable.
Fixes issue #1786.
Signed-off-by: Carlos Santos <casantos@redhat.com>
---
unix/vncserver/vncsession.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
index 1ee096c7c..98a0432aa 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp)
// Set up some basic environment for the script
setenv("HOME", pwent->pw_dir, 1);
- setenv("SHELL", pwent->pw_shell, 1);
+ setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1);
setenv("LOGNAME", pwent->pw_name, 1);
setenv("USER", pwent->pw_name, 1);
setenv("USERNAME", pwent->pw_name, 1);

138
SOURCES/tigervnc-xserver120.patch
Unescape View File

@ -1,138 +0,0 @@
diff --git a/configure.ac b/configure.ac
index 0909cc5b4..c01873200 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
AC_CONFIG_HEADERS(include/version-config.h)
AM_PROG_AS
+AC_PROG_CXX
AC_PROG_LN_S
LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll])
@@ -1735,6 +1736,14 @@ if test "x$XVFB" = xyes; then
AC_SUBST([XVFB_SYS_LIBS])
fi
+dnl Xvnc DDX
+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
+
+PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no])
+if test "x$GBM" = xyes; then
+ AC_DEFINE(HAVE_GBM, 1, [Have GBM support])
+fi
dnl Xnest DDX
@@ -2058,7 +2067,6 @@ if test "x$GLAMOR" = xyes; then
[AC_DEFINE(GLAMOR_HAS_EGL_QUERY_DRIVER, 1, [Have GLAMOR_HAS_EGL_QUERY_DRIVER])],
[])
- PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no])
if test "x$GBM" = xyes; then
AC_DEFINE(GLAMOR_HAS_GBM, 1,
[Build glamor with GBM-based EGL support])
@@ -2523,6 +2531,7 @@ hw/dmx/Makefile
hw/dmx/man/Makefile
hw/vfb/Makefile
hw/vfb/man/Makefile
+hw/vnc/Makefile
hw/xnest/Makefile
hw/xnest/man/Makefile
hw/xwin/Makefile
diff --git a/dri3/Makefile.am b/dri3/Makefile.am
index e47a734e0..99c3718a5 100644
--- a/dri3/Makefile.am
+++ b/dri3/Makefile.am
@@ -1,7 +1,7 @@
noinst_LTLIBRARIES = libdri3.la
AM_CFLAGS = \
- -DHAVE_XORG_CONFIG_H \
- @DIX_CFLAGS@ @XORG_CFLAGS@
+ @DIX_CFLAGS@ \
+ @LIBDRM_CFLAGS@
libdri3_la_SOURCES = \
dri3.h \
diff --git a/dri3/dri3.c b/dri3/dri3.c
index ba32facd7..191252969 100644
--- a/dri3/dri3.c
+++ b/dri3/dri3.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
#include <drm_fourcc.h>
diff --git a/dri3/dri3_priv.h b/dri3/dri3_priv.h
index b087a9529..f319d1770 100644
--- a/dri3/dri3_priv.h
+++ b/dri3/dri3_priv.h
@@ -23,6 +23,7 @@
#ifndef _DRI3PRIV_H_
#define _DRI3PRIV_H_
+#include "dix-config.h"
#include <X11/X.h>
#include "scrnintstr.h"
#include "misc.h"
diff --git a/dri3/dri3_request.c b/dri3/dri3_request.c
index 958877efa..687168930 100644
--- a/dri3/dri3_request.c
+++ b/dri3/dri3_request.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
#include <syncsrv.h>
#include <unistd.h>
diff --git a/dri3/dri3_screen.c b/dri3/dri3_screen.c
index b98259753..3c7e5bf60 100644
--- a/dri3/dri3_screen.c
+++ b/dri3/dri3_screen.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
#include <syncsdk.h>
#include <misync.h>
diff --git a/hw/Makefile.am b/hw/Makefile.am
index 19895dc77..3ecfa8b7a 100644
--- a/hw/Makefile.am
+++ b/hw/Makefile.am
@@ -44,3 +44,5 @@ DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
relink:
$(AM_V_at)for i in $(SUBDIRS) ; do $(MAKE) -C $$i relink || exit 1 ; done
+
+SUBDIRS += vnc
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index f8fc67067..d53c4e72f 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -83,6 +83,9 @@
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
+/* Have GBM support */
+#undef HAVE_GBM
+
/* Define to 1 if you have the `getdtablesize' function. */
#undef HAVE_GETDTABLESIZE

9
SOURCES/vncserver
Unescape View File

@ -121,7 +121,7 @@ if ($fontPath eq "") {
# Check command line options # Check command line options
&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1, &ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0); "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);
&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'}); &Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});
@ -168,14 +168,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
$displayNumber = $1; $displayNumber = $1;
shift(@ARGV); shift(@ARGV);
if (!&CheckDisplayNumber($displayNumber)) { if (!&CheckDisplayNumber($displayNumber)) {
if ($opt{'-fallbacktofreeport'}) {
warn "A VNC server is already running as :$displayNumber\n";
$displayNumber = &GetDisplayNumber();
warn "Using port :$displayNumber as fallback\n";
} else {
die "A VNC server is already running as :$displayNumber\n"; die "A VNC server is already running as :$displayNumber\n";
} }
}
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) { } elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
&Usage(); &Usage();
} else { } else {
@ -680,7 +674,6 @@ sub Usage
" [-autokill]\n". " [-autokill]\n".
" [-noxstartup]\n". " [-noxstartup]\n".
" [-xstartup <file>]\n". " [-xstartup <file>]\n".
" [-fallbacktofreeport]\n".
" <Xvnc-options>...\n\n". " <Xvnc-options>...\n\n".
" $prog -kill <X-display>\n\n". " $prog -kill <X-display>\n\n".
" $prog -list\n\n"); " $prog -list\n\n");

54
SOURCES/xorg-CVE-2024-9632.patch
Unescape View File

@ -1,54 +0,0 @@
From 56351307017e2501f7cd6e31efcfb55c19aba75a Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Thu, 10 Oct 2024 10:37:28 +0200
Subject: [PATCH] xkb: Fix buffer overflow in _XkbSetCompatMap()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
CVE-2024-9632, ZDI-CAN-24756
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: José Expósito <jexposit@redhat.com>
---
xkb/xkb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index f203270d5..70e8279aa 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
XkbSymInterpretPtr sym;
unsigned int skipped = 0;
- if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
- compat->num_si = req->firstSI + req->nSI;
+ if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+ compat->num_si = compat->size_si = req->firstSI + req->nSI;
compat->sym_interpret = reallocarray(compat->sym_interpret,
- compat->num_si,
+ compat->size_si,
sizeof(XkbSymInterpretRec));
if (!compat->sym_interpret) {
- compat->num_si = 0;
+ compat->num_si = compat->size_si = 0;
return BadAlloc;
}
}
--
2.46.2

431
SPECS/tigervnc.spec
Unescape View File

@ -1,11 +1,12 @@
#defining macros needed by SELinux #defining macros needed by SELinux
%global selinuxtype targeted %global selinuxtype targeted
%global modulename vncsession %global modulename vncsession
%bcond server 1
Name: tigervnc Name: tigervnc
Version: 1.14.1 Version: 1.14.0
Release: 1%{?dist} Release: 8%{?dist}
Summary: A TigerVNC remote display system Summary: A TigerVNC remote display system
%global _hardened_build 1 %global _hardened_build 1
@ -13,32 +14,24 @@ Summary: A TigerVNC remote display system
License: GPL-2.0-or-later License: GPL-2.0-or-later
URL: http://www.tigervnc.com URL: http://www.tigervnc.com
Source0: %{name}-%{version}.tar.gz Source0: https://github.com/TigerVNC/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: xvnc.service Source1: xvnc.service
Source2: xvnc.socket Source2: xvnc.socket
Source3: 10-libvnc.conf Source3: 10-libvnc.conf
Source4: HOWTO.md
# Backwards compatibility # Backwards compatibility
Source5: vncserver Source5: vncserver
# Downstream patches # Downstream patches
Patch1: tigervnc-use-gnome-as-default-session.patch Patch1: tigervnc-vncsession-restore-script-systemd-service.patch
# https://github.com/TigerVNC/tigervnc/pull/1425
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
# Upstream patches # Upstream patches
Patch50: tigervnc-vncsession-move-existing-log-to-log-old-if-present.patch Patch50: tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
Patch51: tigervnc-add-missing-coma-in-default-security-type-list.patch
# Upstreamable patches Patch52: tigervnc-vncsession-move-existing-log-to-log-old-if-present.patch
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch Patch53: tigervnc-handle-existing-config-directory-in-vncpasswd.patch
Patch54: tigervnc-correctly-handle-zrle-cursors.patch
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver120.patch
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
Patch101: 0001-rpath-hack.patch
# XServer patches
Patch200: xorg-CVE-2024-9632.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -56,6 +49,7 @@ BuildRequires: zlib-devel
# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support # TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support
# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814 # See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814
BuildRequires: fltk-devel >= 1.3.3 BuildRequires: fltk-devel >= 1.3.3
BuildRequires: libxcvt-devel
BuildRequires: libX11-devel BuildRequires: libX11-devel
BuildRequires: libXext-devel BuildRequires: libXext-devel
BuildRequires: libXi-devel BuildRequires: libXi-devel
@ -63,6 +57,13 @@ BuildRequires: libXrandr-devel
BuildRequires: libXrender-devel BuildRequires: libXrender-devel
BuildRequires: pixman-devel BuildRequires: pixman-devel
%if 0%{?fedora}
# Icons
BuildRequires: ImageMagick
%endif
%if %{with server}
# X11/graphics dependencies # X11/graphics dependencies
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -86,11 +87,15 @@ BuildRequires: xorg-x11-server-devel
BuildRequires: xorg-x11-server-source BuildRequires: xorg-x11-server-source
BuildRequires: xorg-x11-util-macros BuildRequires: xorg-x11-util-macros
BuildRequires: xorg-x11-xtrans-devel BuildRequires: xorg-x11-xtrans-devel
BuildRequires: pkgconfig(libavcodec)
BuildRequires: pkgconfig(libavutil)
BuildRequires: pkgconfig(libswscale)
# SELinux # SELinux
BuildRequires: libselinux-devel BuildRequires: libselinux-devel, selinux-policy-devel, systemd
BuildRequires: selinux-policy-devel %endif
BuildRequires: systemd
Requires(post): coreutils Requires(post): coreutils
Requires(postun):coreutils Requires(postun):coreutils
@ -133,8 +138,11 @@ Requires(preun): systemd
Requires(postun): systemd Requires(postun): systemd
Requires(post): systemd Requires(post): systemd
Requires: mesa-dri-drivers, xkeyboard-config, xkbcomp Requires: dbus-x11
Requires: tigervnc-license, dbus-x11 Requires: mesa-dri-drivers
Requires: tigervnc-license
Requires: xkbcomp
Requires: xkeyboard-config
%description server-minimal %description server-minimal
The VNC system allows you to access the same desktop from a wide The VNC system allows you to access the same desktop from a wide
@ -172,10 +180,6 @@ BuildRequires: selinux-policy-devel
Requires: selinux-policy-%{selinuxtype} Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype} Requires(post): selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel BuildRequires: selinux-policy-devel
# Required for matchpathcon
Requires: libselinux-utils
# Required for restorecon
Requires: policycoreutils
%{?selinux_requires} %{?selinux_requires}
%description selinux %description selinux
@ -185,26 +189,28 @@ runs properly under an environment with SELinux enabled.
%prep %prep
%setup -q %setup -q
%patch -P1 -p1 -b .vncsession-restore-script-systemd-service
# Upstream patches
%patch -P50 -p1 -b .vncsession-use-bin-sh-when-shell-not-set.patch
%patch -P51 -p1 -b .add-missing-coma-in-default-security-type-list.patch
%patch -P52 -p1 -b .vncsession-move-existing-log-to-log-old-if-present.patch
%patch -P53 -p1 -b .handle-existing-config-directory-in-vncpasswd.patch
%patch -P54 -p1 -b .correctly-handle-zrle-cursors.patch
%if %{with server}
cp -r /usr/share/xorg-x11-server-source/* unix/xserver cp -r /usr/share/xorg-x11-server-source/* unix/xserver
pushd unix/xserver pushd unix/xserver
for all in `find . -type f -perm -001`; do for all in `find . -type f -perm -001`; do
chmod -x "$all" chmod -x "$all"
done done
# Xorg patches cat ../xserver21.patch | patch -p1
%patch -P100 -p1 -b .xserver120-rebased
%patch -P101 -p1 -b .rpath
%patch -P200 -p1 -b .xorg-CVE-2024-9632
popd popd
%else
sed -i -e '/add_subdirectory.*vnc/d' unix/CMakeLists.txt
%endif
# Tigervnc patches # Downstream patches
%patch -P1 -p1 -b .use-gnome-as-default-session
%patch -P2 -p1 -b .vncsession-restore-script-systemd-service
# Upstream patches
%patch -P50 -p1 -b .vncsession-move-existing-log-to-log-old-if-present
# Upstreamable patches
%patch -P80 -p1 -b .dont-get-pointer-position-for-floating-device
%build %build
%ifarch sparcv9 sparc64 s390 s390x %ifarch sparcv9 sparc64 s390 s390x
@ -214,14 +220,17 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
%endif %endif
export CXXFLAGS="$CFLAGS -std=c++11" export CXXFLAGS="$CFLAGS -std=c++11"
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 10
%define __cmake_builddir %{_target_platform} %define __cmake_builddir %{_target_platform}
mkdir -p %{%__cmake_builddir} mkdir -p %{__cmake_builddir}
%endif
%cmake %cmake -DCMAKE_INSTALL_UNITDIR=%{_unitdir}
%cmake_build %cmake_build
%if %{with server}
pushd unix/xserver pushd unix/xserver
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9 %if 0%{?fedora} > 32 || 0%{?rhel} >= 9
@ -233,10 +242,8 @@ autoreconf -fiv
--disable-xorg --disable-xnest --disable-xvfb --disable-dmx \ --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
--disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \ --disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \
--with-pic --disable-static \ --with-pic --disable-static \
--with-default-font-path="catalogue:%{_sysconfdir}/X11/fontpath.d,built-ins" \ --with-default-font-path="catalogue:/etc/X11/fontpath.d,built-ins" \
--with-fontdir=%{_datadir}/X11/fonts \
--with-xkb-output=%{_localstatedir}/lib/xkb \ --with-xkb-output=%{_localstatedir}/lib/xkb \
--enable-install-libxf86config \
--enable-glx --disable-dri --enable-dri2 --enable-dri3 \ --enable-glx --disable-dri --enable-dri2 --enable-dri3 \
--disable-unit-tests \ --disable-unit-tests \
--disable-config-hal \ --disable-config-hal \
@ -248,36 +255,45 @@ autoreconf -fiv
make %{?_smp_mflags} make %{?_smp_mflags}
popd popd
# SELinux
pushd unix/vncserver/selinux
make
popd
%endif
%if 0%{?rhel}
# Build icons # Build icons
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9 %if 0%{?rhel} >= 9
pushd %{_target_platform}/media pushd %{_target_platform}/media
%else %else
pushd media pushd media
%endif %endif
make make
popd popd
%endif
# SELinux
pushd unix/vncserver/selinux
make
popd
%install %install
%cmake_install %cmake_install
rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT} rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
%if %{with server}
pushd unix/xserver/hw/vnc pushd unix/xserver/hw/vnc
%make_install %make_install
popd popd
# Install systemd unit file # Install selinux policy file
pushd unix/vncserver/selinux pushd unix/vncserver/selinux
make install DESTDIR=%{buildroot} make install DESTDIR=%{buildroot} PREFIX=%{_prefix}
popd popd
# Install systemd unit file # Install systemd unit file
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
install -m755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
%endif
# Install desktop stuff # Install desktop stuff
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
@ -291,32 +307,23 @@ popd
appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml
desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop
%if 0%{?rhel} > 9
# Install a replacement for /usr/bin/vncserver which will tell the user to read the
# HOWTO.md file
cat <<EOF > %{buildroot}/%{_bindir}/vncserver
#!/bin/bash
echo "vncserver has been replaced by a systemd unit."
echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
EOF
chmod +x %{buildroot}/%{_bindir}/vncserver
%else
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
%endif
%find_lang %{name} %{name}.lang %find_lang %{name} %{name}.lang
%if %{with server}
# remove unwanted files # remove unwanted files
rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la
mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
install -m 644 %{SOURCE4} %{buildroot}/%{_docdir}/tigervnc/HOWTO.md
%post server %post server
%systemd_post xvnc@.service %systemd_post xvnc@.service
%systemd_post xvnc.socket %systemd_post xvnc.socket
%preun server %preun server
%systemd_preun xvnc@.service
%systemd_preun xvnc.socket %systemd_preun xvnc.socket
%postun server %postun server
@ -335,6 +342,7 @@ if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulename} %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
%selinux_relabel_post -s %{selinuxtype} %selinux_relabel_post -s %{selinuxtype}
fi fi
%endif
%files -f %{name}.lang %files -f %{name}.lang
@ -344,6 +352,7 @@ fi
%{_mandir}/man1/vncviewer.1* %{_mandir}/man1/vncviewer.1*
%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml %{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml
%if %{with server}
%files server %files server
%config(noreplace) %{_sysconfdir}/pam.d/tigervnc %config(noreplace) %{_sysconfdir}/pam.d/tigervnc
%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-defaults %config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-defaults
@ -375,177 +384,161 @@ fi
%{_libdir}/xorg/modules/extensions/libvnc.so %{_libdir}/xorg/modules/extensions/libvnc.so
%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf %config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%endif
%files license %files license
%{_docdir}/tigervnc/LICENCE.TXT %{_docdir}/tigervnc/LICENCE.TXT
%files icons %files icons
%{_datadir}/icons/hicolor/*/apps/* %{_datadir}/icons/hicolor/*/apps/*
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog %changelog
* Fri Nov 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.1-1 * Mon Dec 30 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 1.14.0-8
- 1.14.1 - Rebuilt for MSVSphere 10
Resolves: RHEL-66600
- Fix CVE-2024-9632: xorg-x11-server: heap-based buffer overflow privilege escalation vulnerability * Sat Oct 05 2024 Neal Gompa <ngompa@fedoraproject.org> - 1.14.0-8
Resolves: RHEL-62000 - Rebuild for ffmpeg 7
* Sun Sep 29 2024 Sérgio Basto <sergio@serjux.com> - 1.14.0-7
- Enable ffmpeg
* Fri Sep 27 2024 Sérgio Basto <sergio@serjux.com> - 1.14.0-6
- Rebuild for rebase of xorg-server to versions 21.1.x
* Fri Sep 27 2024 Sérgio Basto <sergio@serjux.com> - 1.14.0-5
- Add compability with X11-server-21.1.x
* Mon Aug 05 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-11 * Wed Sep 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.0-4
- Move old log to log.old if present (fix patch)
* Mon Sep 02 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.0-3
- Correctly handle ZRLE cursors
- Move old log to log.old if present
- Handle existing config directory in vncpasswd
* Mon Aug 05 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.0-2
- vncsession: use /bin/sh if the user shell is not set - vncsession: use /bin/sh if the user shell is not set
Resolves: RHEL-50679 - add missing comma in default security type list
* Tue May 28 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10 * Tue Jul 23 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.0-1
- vncconfig: add option to force view-only remote client connections - 1.14.0
Resolves: RHEL-12144
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.90-3
* Tue Apr 16 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Resolves: RHEL-30756 * Mon Jul 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.90-2
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs - Enable DRI3 support
Resolves: RHEL-30768
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice * Tue Jul 02 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.90-1
Resolves: RHEL-30762 - 1.14.0 beta
* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8 * Wed Apr 10 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-14
- Fix copy/paste error in the DeviceStateNotify - Rebuild (xorg-x11-server)
Resolves: RHEL-20533 Fix regression caused by the fix for CVE-2024-31083
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7 * Thu Apr 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-13
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice - Rebuild (xorg-x11-server)
Resolves: RHEL-20389 CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20383 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.1-12
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
Resolves: RHEL-20533
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer * Tue Jan 16 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-11
Resolves: RHEL-21213 - Rebuild (xorg-x11-server)
CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886,
* Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6 CVE-2024-0408 and CVE-2024-0409
- Use dup() to get available file descriptor when using -inetd option
Resolves: RHEL-19858 * Wed Dec 20 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.13.1-10
- Fix cmake builddir creation
* Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions * Wed Dec 13 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9
Resolves: RHEL-18414 - Rebuild for Xorg CVEs
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Fixes: CVE-2023-6377, CVE-2023-6478
Resolves: RHEL-18426
* Wed Nov 22 2023 Florian Weimer <fweimer@redhat.com> - 1.13.1-8
* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4 - Drop incorrect tigervnc-c99-2.patch.
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15237 * Wed Nov 22 2023 Florian Weimer <fweimer@redhat.com> - 1.13.1-7
- C compatibility fixes
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15249 * Thu Nov 02 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
- Fix CVE-2023-5380 and CVE-2023-5367 (rebuild with fixed Xorg)
* Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
- Support username alias in PlainUsers * Wed Oct 18 2023 Kalev Lember <klember@redhat.com> - 1.13.1-5
Resolves: RHEL-8430 - Drop unrecognized configure options
- Add buildrequires to get correct font and xkb directories from pkg-config
* Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2 - Re-enable server in flatpak builds and fix the build
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
Escalation Vulnerability * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.1-4
Resolves: bz#2180310 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1 * Thu Mar 30 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
- Drop BR: xorg-x11-font-utils
CVE-2023-1393
* Thu Mar 30 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
- Rebuild (xorg-x11-server)
CVE-2023-1393
* Wed Mar 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
- 1.13.1 - 1.13.1
Resolves: bz#2175732
* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
- SELinux: allow vncsession create .vnc directory
Resolves: bz#2164703
* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-11
- Add sanity check when cleaning up keymap changes
Resolves: bz#2169965
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
Resolves: bz#2167061
* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-9
- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
- Rebuild for xorg-x11-server CVEs
Resolves: CVE-2022-4283 (bz#2154234)
Resolves: CVE-2022-46340 (bz#2154221)
Resolves: CVE-2022-46341 (bz#2154224)
Resolves: CVE-2022-46342 (bz#2154226)
Resolves: CVE-2022-46343 (bz#2154228)
Resolves: CVE-2022-46344 (bz#2154230)
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
- x0vncserver: add new keysym in case we don't find matching keycode
+ actually apply the patch
Resolves: bz#2119017
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
- x0vncserver: add new keysym in case we don't find matching keycode
Resolves: bz#2119017
* Mon Oct 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
- x0vncserver: fix ghost cursor in zaphod mode (better version)
Resolves: bz#2119016
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
- Add BR: libXdamage, libXfixes, libXrandr
Resolves: bz#2091833
* Tue Apr 05 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
- Do not run systemd_preun on Xvnc service file
Resolves: bz#2048011
* Mon Apr 04 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
- Drop unexisting option from the old vncserver script
Resolves: bz#2021893
* Wed Mar 23 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
- 1.12.0 + sync with Fedora
Resolves: bz#2048011
Resolves: bz#2021893
* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
- Added vncsession-restore script for SELinux policy migration
Fix SELinux context for root user
Resolves: bz#2049506
* Fri Nov 26 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-20
- Rebuild for absence in RHEL 9.0
Resolves: bz#1985858
* Mon Aug 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-19
- Sync upstream patches + drop unused patches
Resolves: bz#1985858
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-18 * Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - vncsession: allow to create .vnc directory
Related: rhbz#1991688
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-17 * Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.0-2
- Fix logout from VNC session using vncserver - Backport: Sanity check when cleaning up keymap changes
Resolves: bz#1983704
* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-16 * Tue Feb 07 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.0-1
- Bump version for rebuild (binutils) - 1.13.0
Resolves: bz#1961488 - CVE-2023-0494
* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-14 * Tue Jan 31 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
- SELinux improvements - migrated to SPDX license
Resolves: bz#1961488
- Fix endianness issue on s390x * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.12.0-8
Resolves: bz#1963029 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-13 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.12.0-7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12 * Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
- Include RHEL8 patches - Add some missing build requirements for x0vncserver
* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11 * Tue Feb 15 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
- Enable old vncserver script for RHEL 9 - Fix migration of SELinux context policy
* Fri Jan 21 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
- Fix crash in vncviewer
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
- Remove unavailable option from vncserver script
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
- SELinux: restore SELinux context in case of different policies
* Thu Nov 11 2021 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
- 1.12.0
* Wed Sep 15 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.90-1
- 1.11.90
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 21 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-13
- Sync upstream patches + drop unused patches
- Fix logout issue with vncserver script
* Wed Jun 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12
- Re-enable vncserver script for F34+
* Tue May 25 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11
- SELinux improvements
- Backport some CentOS changes
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save