From 55924763f03e40e408e20d0ce16f63c52822a242 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 8 Nov 2023 17:22:01 +0300 Subject: [PATCH] import tigervnc-1.13.1-2.el9 --- .gitignore | 2 +- .tigervnc.metadata | 2 +- ...add-new-keycodes-for-unknown-keysyms.patch | 199 ------------------ ...rvnc-fix-ghost-cursor-in-zaphod-mode.patch | 117 ---------- ...fix-typo-in-mirror-monitor-detection.patch | 34 --- .../tigervnc-root-user-selinux-context.patch | 25 --- ...heck-when-cleaning-up-keymap-changes.patch | 28 --- ...llow-vncsession-create-vnc-directory.patch | 31 --- ...ontext-in-case-of-different-policies.patch | 81 ------- SOURCES/vncserver | 12 +- ...posite-Fix-use-after-free-of-the-COW.patch | 42 ---- SPECS/tigervnc.spec | 104 +++++---- 12 files changed, 70 insertions(+), 607 deletions(-) delete mode 100644 SOURCES/tigervnc-add-new-keycodes-for-unknown-keysyms.patch delete mode 100644 SOURCES/tigervnc-fix-ghost-cursor-in-zaphod-mode.patch delete mode 100644 SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch delete mode 100644 SOURCES/tigervnc-root-user-selinux-context.patch delete mode 100644 SOURCES/tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch delete mode 100644 SOURCES/tigervnc-selinux-allow-vncsession-create-vnc-directory.patch delete mode 100644 SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch delete mode 100644 SOURCES/xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch diff --git a/.gitignore b/.gitignore index 4de86f8..7192365 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/tigervnc-1.12.0.tar.gz +SOURCES/tigervnc-1.13.1.tar.gz diff --git a/.tigervnc.metadata b/.tigervnc.metadata index 9dbf56a..a37349f 100644 --- a/.tigervnc.metadata +++ b/.tigervnc.metadata @@ -1 +1 @@ -44db63993d8ad04f730b0b48e8aca32933bff15a SOURCES/tigervnc-1.12.0.tar.gz +6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz diff --git a/SOURCES/tigervnc-add-new-keycodes-for-unknown-keysyms.patch b/SOURCES/tigervnc-add-new-keycodes-for-unknown-keysyms.patch deleted file mode 100644 index d4fd2b3..0000000 --- a/SOURCES/tigervnc-add-new-keycodes-for-unknown-keysyms.patch +++ /dev/null @@ -1,199 +0,0 @@ -From ccbd491fa48f1c43daeb1a6c5ee91a1a8fa3db88 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Tue, 9 Aug 2022 14:31:07 +0200 -Subject: [PATCH] x0vncserver: add new keysym in case we don't find a matching - keycode - -We might often fail to find a matching X11 keycode when the client has -a different keyboard layout and end up with no key event. To avoid a -failure we add it as a new keysym/keycode pair so the next time a keysym -from the client that is unknown to the server is send, we will find a -match and proceed with key event. This is same behavior used in Xvnc or -x11vnc, although Xvnc has more advanced mapping from keysym to keycode. ---- - unix/x0vncserver/XDesktop.cxx | 121 +++++++++++++++++++++++++++++++++- - unix/x0vncserver/XDesktop.h | 4 ++ - 2 files changed, 122 insertions(+), 3 deletions(-) - -diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx -index f2046e43e..933998f05 100644 ---- a/unix/x0vncserver/XDesktop.cxx -+++ b/unix/x0vncserver/XDesktop.cxx -@@ -31,6 +31,7 @@ - #include - - #include -+#include - #ifdef HAVE_XTEST - #include - #endif -@@ -50,6 +51,7 @@ void vncSetGlueContext(Display *dpy, void *res); - #include - #include - -+using namespace std; - using namespace rfb; - - extern const unsigned short code_map_qnum_to_xorgevdev[]; -@@ -264,6 +266,9 @@ void XDesktop::start(VNCServer* vs) { - void XDesktop::stop() { - running = false; - -+ // Delete added keycodes -+ deleteAddedKeysyms(dpy); -+ - #ifdef HAVE_XDAMAGE - if (haveDamage) - XDamageDestroy(dpy, damage); -@@ -383,6 +388,118 @@ KeyCode XDesktop::XkbKeysymToKeycode(Display* dpy, KeySym keysym) { - } - #endif - -+KeyCode XDesktop::addKeysym(Display* dpy, KeySym keysym) -+{ -+ int types[1]; -+ unsigned int key; -+ XkbDescPtr xkb; -+ XkbMapChangesRec changes; -+ KeySym *syms; -+ KeySym upper, lower; -+ -+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd); -+ -+ if (!xkb) -+ return 0; -+ -+ for (key = xkb->max_key_code; key >= xkb->min_key_code; key--) { -+ if (XkbKeyNumGroups(xkb, key) == 0) -+ break; -+ } -+ -+ if (key < xkb->min_key_code) -+ return 0; -+ -+ memset(&changes, 0, sizeof(changes)); -+ -+ XConvertCase(keysym, &lower, &upper); -+ -+ if (upper == lower) -+ types[XkbGroup1Index] = XkbOneLevelIndex; -+ else -+ types[XkbGroup1Index] = XkbAlphabeticIndex; -+ -+ XkbChangeTypesOfKey(xkb, key, 1, XkbGroup1Mask, types, &changes); -+ -+ syms = XkbKeySymsPtr(xkb,key); -+ if (upper == lower) -+ syms[0] = keysym; -+ else { -+ syms[0] = lower; -+ syms[1] = upper; -+ } -+ -+ changes.changed |= XkbKeySymsMask; -+ changes.first_key_sym = key; -+ changes.num_key_syms = 1; -+ -+ if (XkbChangeMap(dpy, xkb, &changes)) { -+ vlog.info("Added unknown keysym %s to keycode %d", XKeysymToString(keysym), key); -+ addedKeysyms[keysym] = key; -+ return key; -+ } -+ -+ return 0; -+} -+ -+void XDesktop::deleteAddedKeysyms(Display* dpy) { -+ XkbDescPtr xkb; -+ xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd); -+ -+ if (!xkb) -+ return; -+ -+ XkbMapChangesRec changes; -+ memset(&changes, 0, sizeof(changes)); -+ -+ KeyCode lowestKeyCode = xkb->max_key_code; -+ KeyCode highestKeyCode = xkb->min_key_code; -+ std::map::iterator it; -+ for (it = addedKeysyms.begin(); it != addedKeysyms.end(); it++) { -+ if (XkbKeyNumGroups(xkb, it->second) != 0) { -+ // Check if we are removing keysym we added ourself -+ if (XkbKeysymToKeycode(dpy, it->first) != it->second) -+ continue; -+ -+ XkbChangeTypesOfKey(xkb, it->second, 0, XkbGroup1Mask, NULL, &changes); -+ -+ if (it->second < lowestKeyCode) -+ lowestKeyCode = it->second; -+ -+ if (it->second > highestKeyCode) -+ highestKeyCode = it->second; -+ } -+ } -+ -+ changes.changed |= XkbKeySymsMask; -+ changes.first_key_sym = lowestKeyCode; -+ changes.num_key_syms = highestKeyCode - lowestKeyCode + 1; -+ XkbChangeMap(dpy, xkb, &changes); -+ -+ addedKeysyms.clear(); -+} -+ -+KeyCode XDesktop::keysymToKeycode(Display* dpy, KeySym keysym) { -+ int keycode = 0; -+ -+ // XKeysymToKeycode() doesn't respect state, so we have to use -+ // something slightly more complex -+ keycode = XkbKeysymToKeycode(dpy, keysym); -+ -+ if (keycode != 0) -+ return keycode; -+ -+ // TODO: try to further guess keycode with all possible mods as Xvnc does -+ -+ keycode = addKeysym(dpy, keysym); -+ -+ if (keycode == 0) -+ vlog.error("Failure adding new keysym 0x%lx", keysym); -+ -+ return keycode; -+} -+ -+ - void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) { - #ifdef HAVE_XTEST - int keycode = 0; -@@ -398,9 +515,7 @@ void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) { - if (pressedKeys.find(keysym) != pressedKeys.end()) - keycode = pressedKeys[keysym]; - else { -- // XKeysymToKeycode() doesn't respect state, so we have to use -- // something slightly more complex -- keycode = XkbKeysymToKeycode(dpy, keysym); -+ keycode = keysymToKeycode(dpy, keysym); - } - } - -diff --git a/unix/x0vncserver/XDesktop.h b/unix/x0vncserver/XDesktop.h -index 840d43316..6ebcd9f8a 100644 ---- a/unix/x0vncserver/XDesktop.h -+++ b/unix/x0vncserver/XDesktop.h -@@ -55,6 +55,9 @@ class XDesktop : public rfb::SDesktop, - const char* userName); - virtual void pointerEvent(const rfb::Point& pos, int buttonMask); - KeyCode XkbKeysymToKeycode(Display* dpy, KeySym keysym); -+ KeyCode addKeysym(Display* dpy, KeySym keysym); -+ void deleteAddedKeysyms(Display* dpy); -+ KeyCode keysymToKeycode(Display* dpy, KeySym keysym); - virtual void keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down); - virtual void clientCutText(const char* str); - virtual unsigned int setScreenLayout(int fb_width, int fb_height, -@@ -78,6 +81,7 @@ class XDesktop : public rfb::SDesktop, - bool haveXtest; - bool haveDamage; - int maxButtons; -+ std::map addedKeysyms; - std::map pressedKeys; - bool running; - #ifdef HAVE_XDAMAGE diff --git a/SOURCES/tigervnc-fix-ghost-cursor-in-zaphod-mode.patch b/SOURCES/tigervnc-fix-ghost-cursor-in-zaphod-mode.patch deleted file mode 100644 index 8e45eb6..0000000 --- a/SOURCES/tigervnc-fix-ghost-cursor-in-zaphod-mode.patch +++ /dev/null @@ -1,117 +0,0 @@ -From f783d5c8b567199178b6690f347e060a69d2aa36 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Thu, 11 Aug 2022 13:15:29 +0200 -Subject: [PATCH] x0vncserver: update/display cursor only on correct screen in - zaphod mode - -We have to check whether we update cursor position/shape only in case -the cursor is on our display, otherwise in zaphod mode, ie. when having -two instances of x0vncserver on screens :0.0 and :0.1 we would be having -the cursor duplicated and actually not funcional (aka ghost cursor) as -it would be actually not present. We also additionally watch EnterNotify -and LeaveNotify events in order to show/hide cursor accordingly. - -Change made with help from Olivier Fourdan ---- - unix/x0vncserver/XDesktop.cxx | 60 +++++++++++++++++++++++++++++++---- - 1 file changed, 53 insertions(+), 7 deletions(-) - -diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx -index f2046e43e..f07fd78bf 100644 ---- a/unix/x0vncserver/XDesktop.cxx -+++ b/unix/x0vncserver/XDesktop.cxx -@@ -192,7 +192,8 @@ XDesktop::XDesktop(Display* dpy_, Geometry *geometry_) - RRScreenChangeNotifyMask | RRCrtcChangeNotifyMask); - /* Override TXWindow::init input mask */ - XSelectInput(dpy, DefaultRootWindow(dpy), -- PropertyChangeMask | StructureNotifyMask | ExposureMask); -+ PropertyChangeMask | StructureNotifyMask | -+ ExposureMask | EnterWindowMask | LeaveWindowMask); - } else { - #endif - vlog.info("RANDR extension not present"); -@@ -217,11 +218,13 @@ void XDesktop::poll() { - Window root, child; - int x, y, wx, wy; - unsigned int mask; -- XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child, -- &x, &y, &wx, &wy, &mask); -- x -= geometry->offsetLeft(); -- y -= geometry->offsetTop(); -- server->setCursorPos(rfb::Point(x, y), false); -+ -+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child, -+ &x, &y, &wx, &wy, &mask)) { -+ x -= geometry->offsetLeft(); -+ y -= geometry->offsetTop(); -+ server->setCursorPos(rfb::Point(x, y), false); -+ } - } - } - -@@ -253,7 +256,14 @@ void XDesktop::start(VNCServer* vs) { - #endif - - #ifdef HAVE_XFIXES -- setCursor(); -+ Window root, child; -+ int x, y, wx, wy; -+ unsigned int mask; -+ // Check whether the cursor is initially on our screen -+ if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child, -+ &x, &y, &wx, &wy, &mask)) -+ setCursor(); -+ - #endif - - server->setLEDState(ledState); -@@ -701,6 +711,15 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) { - if (cev->subtype != XFixesDisplayCursorNotify) - return false; - -+ Window root, child; -+ int x, y, wx, wy; -+ unsigned int mask; -+ -+ // Check whether the cursor is initially on our screen -+ if (!XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child, -+ &x, &y, &wx, &wy, &mask)) -+ return false; -+ - return setCursor(); - #endif - #ifdef HAVE_XRANDR -@@ -753,6 +772,33 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) { - - return true; - #endif -+#ifdef HAVE_XFIXES -+ } else if (ev->type == EnterNotify) { -+ XCrossingEvent* cev; -+ -+ if (!running) -+ return true; -+ -+ cev = (XCrossingEvent*)ev; -+ -+ if (cev->window != cev->root) -+ return false; -+ -+ return setCursor(); -+ } else if (ev->type == LeaveNotify) { -+ XCrossingEvent* cev; -+ -+ if (!running) -+ return true; -+ -+ cev = (XCrossingEvent*)ev; -+ -+ if (cev->window == cev->root) -+ return false; -+ -+ server->setCursor(0, 0, Point(), NULL); -+ return true; -+#endif - } - - return false; diff --git a/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch b/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch deleted file mode 100644 index 9076432..0000000 --- a/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Thu, 23 Dec 2021 15:58:00 +0100 -Subject: [PATCH] Fix typo in mirror monitor detection - -Bug introduced in fb561eb but still somehow passed manual testing. -Resulted in some stray reads off the end of the stack, which were -hopefully harmless. ---- - vncviewer/MonitorIndicesParameter.cxx | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx -index 5130831cb..4ac74dd1a 100644 ---- a/vncviewer/MonitorIndicesParameter.cxx -+++ b/vncviewer/MonitorIndicesParameter.cxx -@@ -211,13 +211,13 @@ std::vector MonitorIndicesParameter::fetchMoni - // Only keep a single entry for mirrored screens - match = false; - for (int j = 0; j < ((int) monitors.size()); j++) { -- if (monitors[i].x != monitor.x) -+ if (monitors[j].x != monitor.x) - continue; -- if (monitors[i].y != monitor.y) -+ if (monitors[j].y != monitor.y) - continue; -- if (monitors[i].w != monitor.w) -+ if (monitors[j].w != monitor.w) - continue; -- if (monitors[i].h != monitor.h) -+ if (monitors[j].h != monitor.h) - continue; - - match = true; diff --git a/SOURCES/tigervnc-root-user-selinux-context.patch b/SOURCES/tigervnc-root-user-selinux-context.patch deleted file mode 100644 index 67f035f..0000000 --- a/SOURCES/tigervnc-root-user-selinux-context.patch +++ /dev/null @@ -1,25 +0,0 @@ -From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001 -From: Zdenek Pytela -Date: Mon, 7 Feb 2022 10:45:41 +0100 -Subject: [PATCH] SELinux: use /root/.vnc in file context specification - -Instead of HOME_ROOT/.vnc, /root/.vnc should be used -for user root's home to specify default file context -as HOME_ROOT actually means base for home dirs (usually /home). ---- - unix/vncserver/selinux/vncsession.fc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc -index 6aaf4b1f4..bc81f8f25 100644 ---- a/unix/vncserver/selinux/vncsession.fc -+++ b/unix/vncserver/selinux/vncsession.fc -@@ -18,7 +18,7 @@ - # - - HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0) --HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0) -+/root/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0) - - /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0) - /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0) diff --git a/SOURCES/tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch b/SOURCES/tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch deleted file mode 100644 index 012a741..0000000 --- a/SOURCES/tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 774c6bcf33b5c9b94c1ff12895775e77c555decc Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Thu, 9 Feb 2023 11:30:37 +0100 -Subject: [PATCH] Sanity check when cleaning up keymap changes - -Make sure we don't send a bogus request to the X server in the (common) -case that we don't actually have anything to restore. - -(cherry picked from commit 1e3484f2017f038dd5149cd50741feaf39a680e4) ---- - unix/x0vncserver/XDesktop.cxx | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx -index d5c6b2db9..f9c810968 100644 ---- a/unix/x0vncserver/XDesktop.cxx -+++ b/unix/x0vncserver/XDesktop.cxx -@@ -481,6 +481,10 @@ void XDesktop::deleteAddedKeysyms(Display* dpy) { - } - } - -+ // Did we actually find something to remove? -+ if (highestKeyCode < lowestKeyCode) -+ return; -+ - changes.changed |= XkbKeySymsMask; - changes.first_key_sym = lowestKeyCode; - changes.num_key_syms = highestKeyCode - lowestKeyCode + 1; diff --git a/SOURCES/tigervnc-selinux-allow-vncsession-create-vnc-directory.patch b/SOURCES/tigervnc-selinux-allow-vncsession-create-vnc-directory.patch deleted file mode 100644 index d6bc61b..0000000 --- a/SOURCES/tigervnc-selinux-allow-vncsession-create-vnc-directory.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 717d787de8f913070446444e37d552b51f05515e Mon Sep 17 00:00:00 2001 -From: Zdenek Pytela -Date: Mon, 16 Jan 2023 12:35:40 +0100 -Subject: [PATCH] SELinux: Allow vncsession create ~/.vnc directory - -Addresses the following AVC denial: - -type=PROCTITLE msg=audit(01/12/2023 02:58:12.648:696) : proctitle=/usr/sbin/vncsession fedora :1 -type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=1 name=/home/fedora/.vnc nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 -type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=0 name=/home/fedora/ inode=262145 dev=fc:02 mode=dir,700 ouid=fedora ogid=fedora rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 -type=CWD msg=audit(01/12/2023 02:58:12.648:696) : cwd=/home/fedora -type=SYSCALL msg=audit(01/12/2023 02:58:12.648:696) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x7fff47d52540 a1=0755 a2=0x0 a3=0x0 items=2 ppid=2869 pid=2880 auid=fedora uid=fedora gid=fedora euid=fedora suid=fedora fsuid=fedora egid=fedora sgid=fedora fsgid=fedora tty=(none) ses=8 comm=vncsession exe=/usr/sbin/vncsession subj=system_u:system_r:vnc_session_t:s0 key=(null) -type=AVC msg=audit(01/12/2023 02:58:12.648:696) : avc: denied { create } for pid=2880 comm=vncsession name=.vnc scontext=system_u:system_r:vnc_session_t:s0 tcontext=system_u:object_r:vnc_home_t:s0 tclass=dir permissive=0 - -Resolves: rhbz#2143704 ---- - unix/vncserver/selinux/vncsession.te | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te -index fb966c14b..680be8ea1 100644 ---- a/unix/vncserver/selinux/vncsession.te -+++ b/unix/vncserver/selinux/vncsession.te -@@ -37,6 +37,7 @@ allow vnc_session_t self:fifo_file rw_fifo_file_perms; - allow vnc_session_t vnc_session_var_run_t:file manage_file_perms; - files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) - -+create_dirs_pattern(vnc_session_t, vnc_home_t, vnc_home_t) - manage_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t) - manage_fifo_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t) - manage_sock_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t) diff --git a/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch b/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch deleted file mode 100644 index 48b3a2e..0000000 --- a/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch +++ /dev/null @@ -1,81 +0,0 @@ -From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Thu, 11 Nov 2021 13:52:41 +0100 -Subject: [PATCH] SELinux: restore SELinux context in case of different - policies - ---- - CMakeLists.txt | 13 +++++++++++++ - unix/vncserver/CMakeLists.txt | 2 +- - unix/vncserver/vncsession.c | 16 ++++++++++++++++ - 3 files changed, 30 insertions(+), 1 deletion(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 50247c7da..1708eb3d8 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE) - endif() - endif() - -+# Check for SELinux library -+if(UNIX AND NOT APPLE) -+ check_include_files(selinux/selinux.h HAVE_SELINUX_H) -+ if(HAVE_SELINUX_H) -+ set(CMAKE_REQUIRED_LIBRARIES -lselinux) -+ set(CMAKE_REQUIRED_LIBRARIES) -+ set(SELINUX_LIBS selinux) -+ add_definitions("-DHAVE_SELINUX") -+ else() -+ message(WARNING "Could not find SELinux development files") -+ endif() -+endif() -+ - # Generate config.h and make sure the source finds it - configure_file(config.h.in config.h) - add_definitions(-DHAVE_CONFIG_H) -diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt -index f65ccc7db..ae69dc098 100644 ---- a/unix/vncserver/CMakeLists.txt -+++ b/unix/vncserver/CMakeLists.txt -@@ -1,5 +1,5 @@ - add_executable(vncsession vncsession.c) --target_link_libraries(vncsession ${PAM_LIBS}) -+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS}) - - configure_file(vncserver@.service.in vncserver@.service @ONLY) - configure_file(vncsession-start.in vncsession-start @ONLY) -diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c -index 3573e5e9b..f6d2fd59e 100644 ---- a/unix/vncserver/vncsession.c -+++ b/unix/vncserver/vncsession.c -@@ -37,6 +37,11 @@ - #include - #include - -+#ifdef HAVE_SELINUX -+#include -+#include -+#endif -+ - extern char **environ; - - // PAM service name -@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display) - syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno)); - _exit(EX_OSERR); - } -+ -+#ifdef HAVE_SELINUX -+ int result; -+ if (selinux_file_context_verify(logfile, 0) == 0) { -+ result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE); -+ -+ if (result < 0) { -+ syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno)); -+ } -+ } -+#endif - } - - hostlen = sysconf(_SC_HOST_NAME_MAX); diff --git a/SOURCES/vncserver b/SOURCES/vncserver index 3bc8d3a..79b1509 100644 --- a/SOURCES/vncserver +++ b/SOURCES/vncserver @@ -121,7 +121,7 @@ if ($fontPath eq "") { # Check command line options &ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1, - "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1); + "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0); &Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'}); @@ -168,8 +168,13 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { $displayNumber = $1; shift(@ARGV); if (!&CheckDisplayNumber($displayNumber)) { - warn "A VNC server is already running as :$displayNumber\n"; - $displayNumber = &GetDisplayNumber(); + if ($opt{'-fallbacktofreeport'}) { + warn "A VNC server is already running as :$displayNumber\n"; + $displayNumber = &GetDisplayNumber(); + warn "Using port :$displayNumber as fallback\n"; + } else { + die "A VNC server is already running as :$displayNumber\n"; + } } } elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) { &Usage(); @@ -675,6 +680,7 @@ sub Usage " [-autokill]\n". " [-noxstartup]\n". " [-xstartup ]\n". + " [-fallbacktofreeport]\n". " ...\n\n". " $prog -kill \n\n". " $prog -list\n\n"); diff --git a/SOURCES/xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch b/SOURCES/xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch deleted file mode 100644 index ee1ae7b..0000000 --- a/SOURCES/xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 947bd1b3f4a23565bf10879ec41ba06ebe1e1c76 Mon Sep 17 00:00:00 2001 -From: Olivier Fourdan -Date: Mon, 13 Mar 2023 11:08:47 +0100 -Subject: [PATCH xserver] composite: Fix use-after-free of the COW - -ZDI-CAN-19866/CVE-2023-1393 - -If a client explicitly destroys the compositor overlay window (aka COW), -we would leave a dangling pointer to that window in the CompScreen -structure, which will trigger a use-after-free later. - -Make sure to clear the CompScreen pointer to the COW when the latter gets -destroyed explicitly by the client. - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Olivier Fourdan -Reviewed-by: Adam Jackson ---- - composite/compwindow.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/composite/compwindow.c b/composite/compwindow.c -index 4e2494b86..b30da589e 100644 ---- a/composite/compwindow.c -+++ b/composite/compwindow.c -@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) - ret = (*pScreen->DestroyWindow) (pWin); - cs->DestroyWindow = pScreen->DestroyWindow; - pScreen->DestroyWindow = compDestroyWindow; -+ -+ /* Did we just destroy the overlay window? */ -+ if (pWin == cs->pOverlayWin) -+ cs->pOverlayWin = NULL; -+ - /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ - return ret; - } --- -2.40.0 - diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec index 979e916..a921d69 100644 --- a/SPECS/tigervnc.spec +++ b/SPECS/tigervnc.spec @@ -4,13 +4,13 @@ %global modulename vncsession Name: tigervnc -Version: 1.12.0 -Release: 13%{?dist} +Version: 1.13.1 +Release: 2%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 -License: GPLv2+ +License: GPL-2.0-or-later URL: http://www.tigervnc.com Source0: %{name}-%{version}.tar.gz @@ -23,49 +23,62 @@ Source5: vncserver # Downstream patches Patch1: tigervnc-use-gnome-as-default-session.patch +Patch2: tigervnc-vncsession-restore-script-systemd-service.patch # Upstream patches -Patch50: tigervnc-selinux-restore-context-in-case-of-different-policies.patch -Patch51: tigervnc-fix-typo-in-mirror-monitor-detection.patch -Patch52: tigervnc-root-user-selinux-context.patch -Patch53: tigervnc-vncsession-restore-script-systemd-service.patch -# https://github.com/TigerVNC/tigervnc/pull/1513 -Patch54: tigervnc-fix-ghost-cursor-in-zaphod-mode.patch -# https://github.com/TigerVNC/tigervnc/pull/1510 -Patch55: tigervnc-add-new-keycodes-for-unknown-keysyms.patch -Patch56: tigervnc-sanity-check-when-cleaning-up-keymap-changes.patch -Patch57: tigervnc-selinux-allow-vncsession-create-vnc-directory.patch # This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg Patch100: tigervnc-xserver120.patch # 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start Patch101: 0001-rpath-hack.patch -# CVE-2023-1393 tigervnc: xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability -Patch110: xorg-x11-server-composite-Fix-use-after-free-of-the-COW.patch - BuildRequires: make BuildRequires: gcc-c++ -BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint -BuildRequires: libXext-devel, xorg-x11-server-source, libXi-devel -BuildRequires: xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel -BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel -BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils -BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel -BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel -BuildRequires: libdrm-devel, libXt-devel, pixman-devel, libselinux-devel -BuildRequires: systemd, cmake, desktop-file-utils, selinux-policy-devel -BuildRequires: libXfixes-devel, libXdamage-devel, libXrandr-devel -%if 0%{?fedora} > 24 || 0%{?rhel} >= 7 -BuildRequires: libXfont2-devel -%else -BuildRequires: libXfont-devel -%endif +BuildRequires: gettext +BuildRequires: cmake + +BuildRequires: gnutls-devel +BuildRequires: desktop-file-utils +BuildRequires: libappstream-glib +BuildRequires: libjpeg-turbo-devel +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: zlib-devel # TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support # See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814 BuildRequires: fltk-devel >= 1.3.3 +BuildRequires: libX11-devel +BuildRequires: libXext-devel +BuildRequires: libXi-devel +BuildRequires: libXrandr-devel +BuildRequires: libXrender-devel +BuildRequires: pixman-devel + +# X11/graphics dependencies +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gettext-autopoint +BuildRequires: libXdamage-devel +BuildRequires: libXdmcp-devel +BuildRequires: libXfixes-devel +BuildRequires: libXfont2-devel +BuildRequires: libXinerama-devel +BuildRequires: libXt-devel +BuildRequires: libXtst-devel +BuildRequires: libdrm-devel +BuildRequires: libtool +BuildRequires: libxkbfile-devel +BuildRequires: libxshmfence-devel +BuildRequires: mesa-libGL-devel +BuildRequires: xorg-x11-font-utils BuildRequires: xorg-x11-server-devel +BuildRequires: xorg-x11-server-source +BuildRequires: xorg-x11-util-macros +BuildRequires: xorg-x11-xtrans-devel + +# SELinux +BuildRequires: libselinux-devel, selinux-policy-devel, systemd Requires(post): coreutils Requires(postun):coreutils @@ -167,20 +180,12 @@ for all in `find . -type f -perm -001`; do done %patch100 -p1 -b .xserver120-rebased %patch101 -p1 -b .rpath -%patch110 -p1 -b .composite-Fix-use-after-free-of-the-COW popd %patch1 -p1 -b .use-gnome-as-default-session +%patch2 -p1 -b .vncsession-restore-script-systemd-service # Upstream patches -%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies -%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection -%patch52 -p1 -b .root-user-selinux-context -%patch53 -p1 -b .vncsession-restore-script-systemd-service -%patch54 -p1 -b .fix-ghost-cursor-in-zaphod-mode -%patch55 -p1 -b .add-new-keycodes-for-unknown-keysyms -%patch56 -p1 -b .sanity-check-when-cleaning-up-keymap-changes -%patch57 -p1 -b .selinux-allow-vncsession-create-vnc-directory %build %ifarch sparcv9 sparc64 s390 s390x @@ -260,11 +265,14 @@ install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps pushd media/icons -for s in 16 24 48; do +for s in 16 22 24 32 48 64 128; do install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png done popd +appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml +desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop + %if 0%{?rhel} > 9 # Install a replacement for /usr/bin/vncserver which will tell the user to read the # HOWTO.md file @@ -316,6 +324,7 @@ fi %{_bindir}/vncviewer %{_datadir}/applications/* %{_mandir}/man1/vncviewer.1* +%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml %files server %config(noreplace) %{_sysconfdir}/pam.d/tigervnc @@ -359,11 +368,16 @@ fi %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %changelog -*Mon Mar 27 2023 Jan Grulich - 1.12.0-13 -- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability - Resolves: bz#2180309 +* Tue Apr 11 2023 Jan Grulich - 1.13.1-2 +- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege + Escalation Vulnerability + Resolves: bz#2180310 + +* Tue Mar 21 2023 Jan Grulich - 1.13.1-1 +- 1.13.1 + Resolves: bz#2175732 -* Wed Mar 15 2023 MSVSphere Packaging Team - 1.12.0-4 +* Wed Mar 15 2023 MSVSphere Packaging Team - 1.12.0-12 - Rebuilt for MSVSphere 9.1. * Tue Feb 21 2023 Jan Grulich - 1.12.0-12