From 7c74c3e8674fe06ab5e23a5ffc26645b684c10a0 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 29 Mar 2024 16:34:15 +0300 Subject: [PATCH] import tigervnc-1.13.1-8.el8 --- .gitignore | 1 + .tigervnc.metadata | 1 + SOURCES/0001-rpath-hack.patch | 24 + SOURCES/10-libvnc.conf | 19 + ...pointer-position-for-floating-device.patch | 13 + ...dont-install-appstream-metadata-file.patch | 51 + ...support-username-alias-in-plainusers.patch | 135 ++ ...se-dup-to-get-available-fd-for-inetd.patch | 17 + ...igervnc-use-gnome-as-default-session.patch | 12 + ...ssion-restore-script-systemd-service.patch | 113 ++ SOURCES/tigervnc-xserver120.patch | 91 ++ SOURCES/vncserver | 903 +++++++++++++ SOURCES/xorg-CVE-2024-0229-followup.patch | 32 + SOURCES/xvnc.service | 38 + SOURCES/xvnc.socket | 9 + SPECS/tigervnc.spec | 1190 +++++++++++++++++ 16 files changed, 2649 insertions(+) create mode 100644 .gitignore create mode 100644 .tigervnc.metadata create mode 100644 SOURCES/0001-rpath-hack.patch create mode 100644 SOURCES/10-libvnc.conf create mode 100644 SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch create mode 100644 SOURCES/tigervnc-dont-install-appstream-metadata-file.patch create mode 100644 SOURCES/tigervnc-support-username-alias-in-plainusers.patch create mode 100644 SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch create mode 100644 SOURCES/tigervnc-use-gnome-as-default-session.patch create mode 100644 SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch create mode 100644 SOURCES/tigervnc-xserver120.patch create mode 100644 SOURCES/vncserver create mode 100644 SOURCES/xorg-CVE-2024-0229-followup.patch create mode 100644 SOURCES/xvnc.service create mode 100644 SOURCES/xvnc.socket create mode 100644 SPECS/tigervnc.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7192365 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tigervnc-1.13.1.tar.gz diff --git a/.tigervnc.metadata b/.tigervnc.metadata new file mode 100644 index 0000000..a37349f --- /dev/null +++ b/.tigervnc.metadata @@ -0,0 +1 @@ +6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz diff --git a/SOURCES/0001-rpath-hack.patch b/SOURCES/0001-rpath-hack.patch new file mode 100644 index 0000000..4e438dd --- /dev/null +++ b/SOURCES/0001-rpath-hack.patch @@ -0,0 +1,24 @@ +From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001 +From: Adam Jackson +Date: Thu, 12 Nov 2015 11:10:11 -0500 +Subject: [PATCH] rpath hack + +Normally, rpath is undesirable. But for the X server we _know_ we need +Mesa's libGL, which will always be in %{_libdir}, and not any third-party +libGL that may be configured using ld.so.conf. + +--- + configure.ac | 1 + + 1 files changed, 1 insertions(+), 0 deletion(-) + +diff --git a/configure.ac b/configure.ac +index fa15a2d..a5af1e0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1261,6 +1261,7 @@ AM_CONDITIONAL(GLX, test "x$GLX" = xyes) + + AM_CONDITIONAL(HASHTABLE, test "x$HASHTABLE" = xyes) + ++GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)" + AC_SUBST([GLX_DEFINES]) + AC_SUBST([GLX_SYS_LIBS]) diff --git a/SOURCES/10-libvnc.conf b/SOURCES/10-libvnc.conf new file mode 100644 index 0000000..259d718 --- /dev/null +++ b/SOURCES/10-libvnc.conf @@ -0,0 +1,19 @@ +# This file contains configuration of libvnc.so module +# +# To get libvnc.so module working, do this: +# 1. run "vncpasswd" from tigervnc-server package as root user +# 2. uncomment configuration lines below +# +# Please note you can specify any option which Xvnc accepts. +# Refer to `Xvnc -help` output for detailed list of options. + +#Section "Module" +# Load "vnc" +#EndSection + +#Section "Screen" +# Identifier "Screen0" +# DefaultDepth 16 +# Option "SecurityTypes" "VncAuth" +# Option "PasswordFile" "/root/.vnc/passwd" +#EndSection diff --git a/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch b/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch new file mode 100644 index 0000000..3bf7dda --- /dev/null +++ b/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch @@ -0,0 +1,13 @@ +diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c +index b3d0926d..d36a096f 100644 +--- a/unix/xserver/hw/vnc/vncInput.c ++++ b/unix/xserver/hw/vnc/vncInput.c +@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y) + + void vncGetPointerPos(int *x, int *y) + { +- if (vncPointerDev != NULL) { ++ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) { + ScreenPtr ptrScreen; + + miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY); diff --git a/SOURCES/tigervnc-dont-install-appstream-metadata-file.patch b/SOURCES/tigervnc-dont-install-appstream-metadata-file.patch new file mode 100644 index 0000000..84bdbfc --- /dev/null +++ b/SOURCES/tigervnc-dont-install-appstream-metadata-file.patch @@ -0,0 +1,51 @@ +diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt +index 052cfb3..c84fb0e 100644 +--- a/po/CMakeLists.txt ++++ b/po/CMakeLists.txt +@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE) + ${PROJECT_SOURCE_DIR}/vncviewer/*.h + ${PROJECT_SOURCE_DIR}/vncviewer/*.cxx + ${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in +- ${PROJECT_SOURCE_DIR}/vncviewer/*.metainfo.xml.in + ) + + add_custom_target(translations_update +diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt +index 15eac66..450b732 100644 +--- a/vncviewer/CMakeLists.txt ++++ b/vncviewer/CMakeLists.txt +@@ -100,34 +100,6 @@ if(UNIX) + add_custom_target(desktop ALL DEPENDS vncviewer.desktop) + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications) + +- if("${GETTEXT_VERSION_STRING}" VERSION_GREATER 0.19.6) +- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml +- COMMAND ${GETTEXT_MSGFMT_EXECUTABLE} +- --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in +- -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml +- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in +- ) +- elseif(INTLTOOL_MERGE_EXECUTABLE) +- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml +- COMMAND sed -e 's@@<_name>@\;s@@@' +- -e 's@@<_summary>@\;s@@@' +- -e 's@@<_caption>@\;s@@@' +- -e 's@

@<_p>@g\;s@

@@g' +- ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in > org.tigervnc.vncviewer.metainfo.xml.intl +- COMMAND ${INTLTOOL_MERGE_EXECUTABLE} +- -x ${CMAKE_SOURCE_DIR}/po +- org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml +- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in +- ) +- else() +- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml +- COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in org.tigervnc.vncviewer.metainfo.xml +- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in +- ) +- endif() +- add_custom_target(appstream ALL DEPENDS org.tigervnc.vncviewer.metainfo.xml) +- install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tigervnc.vncviewer.metainfo.xml DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/metainfo) +- + foreach(res 16 22 24 32 48 64 128) + install(FILES ../media/icons/tigervnc_${res}.png DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/icons/hicolor/${res}x${res}/apps RENAME tigervnc.png) + endforeach() diff --git a/SOURCES/tigervnc-support-username-alias-in-plainusers.patch b/SOURCES/tigervnc-support-username-alias-in-plainusers.patch new file mode 100644 index 0000000..abf4eda --- /dev/null +++ b/SOURCES/tigervnc-support-username-alias-in-plainusers.patch @@ -0,0 +1,135 @@ +diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx +index 6f65e87..3142ba3 100644 +--- a/common/rfb/SSecurityPlain.cxx ++++ b/common/rfb/SSecurityPlain.cxx +@@ -27,6 +27,8 @@ + #include + #if !defined(WIN32) && !defined(__APPLE__) + #include ++#include ++#include + #endif + #ifdef WIN32 + #include +@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers + + bool PasswordValidator::validUser(const char* username) + { +- CharArray users(plainUsers.getValueStr()), user; ++ std::vector users; + +- while (users.buf) { +- strSplit(users.buf, ',', &user.buf, &users.buf); +-#ifdef WIN32 +- if (0 == stricmp(user.buf, "*")) +- return true; +- if (0 == stricmp(user.buf, username)) +- return true; +-#else +- if (!strcmp(user.buf, "*")) +- return true; +- if (!strcmp(user.buf, username)) +- return true; ++ users = split(plainUsers, ','); ++ ++ for (size_t i = 0; i < users.size(); i++) { ++ if (users[i] == "*") ++ return true; ++#if !defined(WIN32) && !defined(__APPLE__) ++ if (users[i] == "%u") { ++ struct passwd *pw = getpwnam(username); ++ if (pw && pw->pw_uid == getuid()) ++ return true; ++ } + #endif ++ if (users[i] == username) ++ return true; + } + return false; + } +diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx +index 649eb0b..cce73a0 100644 +--- a/common/rfb/util.cxx ++++ b/common/rfb/util.cxx +@@ -99,6 +99,26 @@ namespace rfb { + return false; + } + ++ std::vector split(const char* src, ++ const char delimiter) ++ { ++ std::vector out; ++ const char *start, *stop; ++ ++ start = src; ++ do { ++ stop = strchr(start, delimiter); ++ if (stop == NULL) { ++ out.push_back(start); ++ } else { ++ out.push_back(std::string(start, stop-start)); ++ start = stop + 1; ++ } ++ } while (stop != NULL); ++ ++ return out; ++ } ++ + bool strContains(const char* src, char c) { + int l=strlen(src); + for (int i=0; i + #include + ++#include ++#include ++ + struct timeval; + + #ifdef __GNUC__ +@@ -76,6 +79,10 @@ namespace rfb { + // that part of the string. Obviously, setting both to 0 is not useful... + bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false); + ++ // Splits a string with the specified delimiter ++ std::vector split(const char* src, ++ const char delimiter); ++ + // Returns true if src contains c + bool strContains(const char* src, char c); + +diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man +index c36ae34..78db730 100644 +--- a/unix/x0vncserver/x0vncserver.man ++++ b/unix/x0vncserver/x0vncserver.man +@@ -125,8 +125,8 @@ parameter instead. + .B \-PlainUsers \fIuser-list\fP + A comma separated list of user names that are allowed to authenticate via + any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP +-to allow any user to authenticate using this security type. Default is to +-deny all users. ++to allow any user to authenticate using this security type. Specify \fB%u\fP ++to allow the user of the server process. Default is to deny all users. + . + .TP + .B \-pam_service \fIname\fP, \-PAMService \fIname\fP +diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man +index ea87dea..e9fb654 100644 +--- a/unix/xserver/hw/vnc/Xvnc.man ++++ b/unix/xserver/hw/vnc/Xvnc.man +@@ -200,8 +200,8 @@ parameter instead. + .B \-PlainUsers \fIuser-list\fP + A comma separated list of user names that are allowed to authenticate via + any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP +-to allow any user to authenticate using this security type. Default is to +-deny all users. ++to allow any user to authenticate using this security type. Specify \fB%u\fP ++to allow the user of the server process. Default is to deny all users. + . + .TP + .B \-pam_service \fIname\fP, \-PAMService \fIname\fP diff --git a/SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch b/SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch new file mode 100644 index 0000000..0e0f794 --- /dev/null +++ b/SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch @@ -0,0 +1,17 @@ +diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c +index f8141959..c5c36539 100644 +--- a/unix/xserver/hw/vnc/xvnc.c ++++ b/unix/xserver/hw/vnc/xvnc.c +@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i) + if (strcmp(argv[i], "-inetd") == 0) { + int nullfd; + +- dup2(0, 3); +- vncInetdSock = 3; ++ if ((vncInetdSock = dup(0)) == -1) ++ FatalError ++ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno)); ++ + + /* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be + replaced by /dev/null by OsInit() because the pollfd is not diff --git a/SOURCES/tigervnc-use-gnome-as-default-session.patch b/SOURCES/tigervnc-use-gnome-as-default-session.patch new file mode 100644 index 0000000..a767c40 --- /dev/null +++ b/SOURCES/tigervnc-use-gnome-as-default-session.patch @@ -0,0 +1,12 @@ +diff --git a/unix/vncserver/vncserver-config-defaults b/unix/vncserver/vncserver-config-defaults +index 0c217bf..2889347 100644 +--- a/unix/vncserver/vncserver-config-defaults ++++ b/unix/vncserver/vncserver-config-defaults +@@ -13,3 +13,7 @@ + # geometry=2000x1200 + # localhost + # alwaysshared ++ ++# Default to GNOME session ++# Note: change this only when you know what are you doing ++session=gnome diff --git a/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch b/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch new file mode 100644 index 0000000..cea1824 --- /dev/null +++ b/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch @@ -0,0 +1,113 @@ +From 1919a8ab86c99b47ba86dc697abcdf3343b0aafa Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Tue, 1 Feb 2022 14:31:05 +0100 +Subject: Add vncsession-restore script to restore SELinux context + +The vncsession-restore script is used in the ExecStartPre option +for systemd service file in order to properly start the session +in case the policy is updated (e.g. after Tigervnc update). + +diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt +index ae69dc09..04eb6fc4 100644 +--- a/unix/vncserver/CMakeLists.txt ++++ b/unix/vncserver/CMakeLists.txt +@@ -2,6 +2,7 @@ add_executable(vncsession vncsession.c) + target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS}) + + configure_file(vncserver@.service.in vncserver@.service @ONLY) ++configure_file(vncsession-restore.in vncsession-restore @ONLY) + configure_file(vncsession-start.in vncsession-start @ONLY) + configure_file(vncserver.in vncserver @ONLY) + configure_file(vncsession.man.in vncsession.man @ONLY) +@@ -20,4 +21,5 @@ install(FILES HOWTO.md DESTINATION ${CMAKE_INSTALL_FULL_DOCDIR}) + if(INSTALL_SYSTEMD_UNITS) + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncserver@.service DESTINATION ${CMAKE_INSTALL_FULL_UNITDIR}) + install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-start DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR}) ++ install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-restore DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR}) + endif() +diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in +index 39f81b73..a83e05a3 100644 +--- a/unix/vncserver/vncserver@.service.in ++++ b/unix/vncserver/vncserver@.service.in +@@ -35,6 +35,7 @@ After=syslog.target network.target + + [Service] + Type=forking ++ExecStartPre=+@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-restore %i + ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i + PIDFile=/run/vncsession-%i.pid + SELinuxContext=system_u:system_r:vnc_session_t:s0 +diff --git a/unix/vncserver/vncsession-restore.in b/unix/vncserver/vncsession-restore.in +new file mode 100644 +index 00000000..d3abc57d +--- /dev/null ++++ b/unix/vncserver/vncsession-restore.in +@@ -0,0 +1,68 @@ ++#!/bin/bash ++# ++# Copyright 2022 Jan Grulich ++# ++# This is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This software is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this software; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++# USA. ++# ++ ++USERSFILE="@CMAKE_INSTALL_FULL_SYSCONFDIR@/tigervnc/vncserver.users" ++ ++if [ $# -ne 1 ]; then ++ echo "Syntax:" >&2 ++ echo " $0 " >&2 ++ exit 1 ++fi ++ ++if [ ! -f "${USERSFILE}" ]; then ++ echo "Users file ${USERSFILE} missing" >&2 ++ exit 1 ++fi ++ ++DISPLAY="$1" ++ ++USER=`grep "^ *${DISPLAY}=" "${USERSFILE}" 2>/dev/null | head -1 | cut -d = -f 2- | sed 's/ *$//g'` ++ ++if [ -z "${USER}" ]; then ++ echo "No user configured for display ${DISPLAY}" >&2 ++ exit 1 ++fi ++ ++USER_HOMEDIR=`getent passwd ${USER} | cut -f6 -d:` ++ ++if [ -z "${USER_HOMEDIR}" ]; then ++ echo "Failed to get home directory for ${USER}" >&2 ++ exit 1 ++fi ++ ++if [ ! -d "${USER_HOMEDIR}/.vnc" ]; then ++ exit 0 ++fi ++ ++MATCHPATHCON=`which matchpathcon` ++ ++if [ $? -eq 0 ]; then ++ ${MATCHPATHCON} -V "${USER_HOMEDIR}/.vnc" &>/dev/null ++ if [ $? -eq 0 ]; then ++ exit 0 ++ fi ++fi ++ ++RESTORECON=`which restorecon` ++ ++if [ $? -eq 0 ]; then ++ exec "${RESTORECON}" -R "${USER_HOMEDIR}/.vnc" >&2 ++ return $? ++fi diff --git a/SOURCES/tigervnc-xserver120.patch b/SOURCES/tigervnc-xserver120.patch new file mode 100644 index 0000000..e7eae3c --- /dev/null +++ b/SOURCES/tigervnc-xserver120.patch @@ -0,0 +1,91 @@ +diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac +--- xserver/configure.ac.xserver116-rebased 2016-09-29 13:14:45.595441590 +0200 ++++ xserver/configure.ac 2016-09-29 13:14:45.631442006 +0200 +@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x + AC_CONFIG_HEADERS(include/version-config.h) + + AM_PROG_AS ++AC_PROG_CXX + AC_PROG_LN_S + LT_PREREQ([2.2]) + LT_INIT([disable-static win32-dll]) +@@ -1863,6 +1864,10 @@ if test "x$XVFB" = xyes; then + AC_SUBST([XVFB_SYS_LIBS]) + fi + ++dnl Xvnc DDX ++AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"]) ++AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"]) ++AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"]) + + dnl Xnest DDX + +@@ -1898,6 +1903,8 @@ if test "x$XORG" = xauto; then + fi + AC_MSG_RESULT([$XORG]) + ++AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version]) ++ + if test "x$XORG" = xyes; then + XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common' + XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os' +@@ -2116,7 +2123,6 @@ if test "x$XORG" = xyes; then + AC_DEFINE(XORG_SERVER, 1, [Building Xorg server]) + AC_DEFINE(XORGSERVER, 1, [Building Xorg server]) + AC_DEFINE(XFree86Server, 1, [Building XFree86 server]) +- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version]) + AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs]) + AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions]) + AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server]) +@@ -2691,6 +2697,7 @@ hw/dmx/Makefile + hw/dmx/man/Makefile + hw/vfb/Makefile + hw/vfb/man/Makefile ++hw/vnc/Makefile + hw/xnest/Makefile + hw/xnest/man/Makefile + hw/xwin/Makefile +diff -up xserver/hw/Makefile.am.xserver116-rebased xserver/hw/Makefile.am +--- xserver/hw/Makefile.am.xserver116-rebased 2016-09-29 13:14:45.601441659 +0200 ++++ xserver/hw/Makefile.am 2016-09-29 13:14:45.631442006 +0200 +@@ -38,7 +38,8 @@ SUBDIRS = \ + $(DMX_SUBDIRS) \ + $(KDRIVE_SUBDIRS) \ + $(XQUARTZ_SUBDIRS) \ +- $(XWAYLAND_SUBDIRS) ++ $(XWAYLAND_SUBDIRS) \ ++ vnc + + DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland + +diff --git xserver/mi/miinitext.c xserver/mi/miinitext.c +index 5596e21..003fc3c 100644 +--- xserver/mi/miinitext.c ++++ xserver/mi/miinitext.c +@@ -107,8 +107,15 @@ SOFTWARE. + #include "os.h" + #include "globals.h" + ++#ifdef TIGERVNC ++extern void vncExtensionInit(INITARGS); ++#endif ++ + /* List of built-in (statically linked) extensions */ + static const ExtensionModule staticExtensions[] = { ++#ifdef TIGERVNC ++ {vncExtensionInit, "VNC-EXTENSION", NULL}, ++#endif + {GEExtensionInit, "Generic Event Extension", &noGEExtension}, + {ShapeExtensionInit, "SHAPE", NULL}, + #ifdef MITSHM +--- xserver/include/os.h~ 2016-10-03 09:07:29.000000000 +0200 ++++ xserver/include/os.h 2016-10-03 14:13:00.013654506 +0200 +@@ -621,7 +621,7 @@ + extern _X_EXPORT void + LogClose(enum ExitCode error); + extern _X_EXPORT Bool +-LogSetParameter(LogParameter param, int value); ++LogSetParameter(enum _LogParameter param, int value); + extern _X_EXPORT void + LogVWrite(int verb, const char *f, va_list args) + _X_ATTRIBUTE_PRINTF(2, 0); diff --git a/SOURCES/vncserver b/SOURCES/vncserver new file mode 100644 index 0000000..79b1509 --- /dev/null +++ b/SOURCES/vncserver @@ -0,0 +1,903 @@ +#!/usr/bin/perl +# +# Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved. +# Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved. +# Copyright (C) 2002-2003 Constantin Kaplinsky. All Rights Reserved. +# Copyright (C) 2002-2005 RealVNC Ltd. +# Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. +# +# This is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. +# + +# +# vncserver - wrapper script to start an X VNC server. +# + +# First make sure we're operating in a sane environment. +$exedir = ""; +$slashndx = rindex($0, "/"); +if($slashndx>=0) { + $exedir = substr($0, 0, $slashndx+1); +} + +&SanityCheck(); + +&NotifyAboutDeprecation(); + +# +# Global variables. You may want to configure some of these for +# your site +# + +$geometry = "1024x768"; +#$depth = 16; + +$vncUserDir = "$ENV{HOME}/.vnc"; +$vncUserConfig = "$vncUserDir/config"; + +$vncSystemConfigDir = "/etc/tigervnc"; +$vncSystemConfigDefaultsFile = "$vncSystemConfigDir/vncserver-config-defaults"; +$vncSystemConfigMandatoryFile = "$vncSystemConfigDir/vncserver-config-mandatory"; + +$skipxstartup = 0; +$xauthorityFile = "$ENV{XAUTHORITY}" || "$ENV{HOME}/.Xauthority"; + +$xstartupFile = $vncUserDir . "/xstartup"; +$defaultXStartup + = ("#!/bin/sh\n\n". + "unset SESSION_MANAGER\n". + "unset DBUS_SESSION_BUS_ADDRESS\n". + "/etc/X11/xinit/xinitrc\n". + "# Assume either Gnome will be started by default when installed\n". + "# We want to kill the session automatically in this case when user logs out. In case you modify\n". + "# /etc/X11/xinit/Xclients or ~/.Xclients yourself to achieve a different result, then you should\n". + "# be responsible to modify below code to avoid that your session will be automatically killed\n". + "if [ -e /usr/bin/gnome-session ]; then\n". + " vncserver -kill \$DISPLAY\n". + "fi\n"); + +$defaultConfig + = ("## Supported server options to pass to vncserver upon invocation can be listed\n". + "## in this file. See the following manpages for more: vncserver(1) Xvnc(1).\n". + "## Several common ones are shown below. Uncomment and modify to your liking.\n". + "##\n". + "# securitytypes=vncauth,tlsvnc\n". + "# desktop=sandbox\n". + "# geometry=2000x1200\n". + "# localhost\n". + "# alwaysshared\n"); + +chop($host = `uname -n`); + +if (-d "/etc/X11/fontpath.d") { + $fontPath = "catalogue:/etc/X11/fontpath.d"; +} + +@fontpaths = ('/usr/share/X11/fonts', '/usr/share/fonts', '/usr/share/fonts/X11/'); +if (! -l "/usr/lib/X11") {push(@fontpaths, '/usr/lib/X11/fonts');} +if (! -l "/usr/X11") {push(@fontpaths, '/usr/X11/lib/X11/fonts');} +if (! -l "/usr/X11R6") {push(@fontpaths, '/usr/X11R6/lib/X11/fonts');} +push(@fontpaths, '/usr/share/fonts/default'); + +@fonttypes = ('misc', + '75dpi', + '100dpi', + 'Speedo', + 'Type1'); + +foreach $_fpath (@fontpaths) { + foreach $_ftype (@fonttypes) { + if (-f "$_fpath/$_ftype/fonts.dir") { + if (! -l "$_fpath/$_ftype") { + $defFontPath .= "$_fpath/$_ftype,"; + } + } + } +} + +if ($defFontPath) { + if (substr($defFontPath, -1, 1) == ',') { + chop $defFontPath; + } +} + +if ($fontPath eq "") { + $fontPath = $defFontPath; +} + +# Check command line options + +&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1, + "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0); + +&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'}); + +&Kill() if ($opt{'-kill'}); + +&List() if ($opt{'-list'}); + +# Uncomment this line if you want default geometry, depth and pixelformat +# to match the current X display: +# &GetXDisplayDefaults(); + +if ($opt{'-geometry'}) { + $geometry = $opt{'-geometry'}; +} +if ($opt{'-depth'}) { + $depth = $opt{'-depth'}; + $pixelformat = ""; +} +if ($opt{'-pixelformat'}) { + $pixelformat = $opt{'-pixelformat'}; +} +if ($opt{'-noxstartup'}) { + $skipxstartup = 1; +} +if ($opt{'-xstartup'}) { + $xstartupFile = $opt{'-xstartup'}; +} +if ($opt{'-fp'}) { + $fontPath = $opt{'-fp'}; + $fpArgSpecified = 1; +} + +&CheckGeometryAndDepth(); + +# Create the user's vnc directory if necessary. +if (!(-e $vncUserDir)) { + if (!mkdir($vncUserDir,0755)) { + die "$prog: Could not create $vncUserDir.\n"; + } +} + +# Find display number. +if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { + $displayNumber = $1; + shift(@ARGV); + if (!&CheckDisplayNumber($displayNumber)) { + if ($opt{'-fallbacktofreeport'}) { + warn "A VNC server is already running as :$displayNumber\n"; + $displayNumber = &GetDisplayNumber(); + warn "Using port :$displayNumber as fallback\n"; + } else { + die "A VNC server is already running as :$displayNumber\n"; + } + } +} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) { + &Usage(); +} else { + $displayNumber = &GetDisplayNumber(); +} + +$vncPort = 5900 + $displayNumber; + +if ($opt{'-name'}) { + $desktopName = $opt{'-name'}; +} else { + $desktopName = "$host:$displayNumber ($ENV{USER})"; +} + +my %default_opts; +my %config; + +# We set some reasonable defaults. Config file settings +# override these where present. +$default_opts{desktop} = "edString($desktopName); +$default_opts{auth} = "edString($xauthorityFile); +$default_opts{geometry} = $geometry if ($geometry); +$default_opts{depth} = $depth if ($depth); +$default_opts{pixelformat} = $pixelformat if ($pixelformat); +$default_opts{rfbauth} = "$vncUserDir/passwd"; +$default_opts{rfbport} = $vncPort; +$default_opts{fp} = $fontPath if ($fontPath); +$default_opts{pn} = ""; + +# Load user-overrideable system defaults +LoadConfig($vncSystemConfigDefaultsFile); + +# Then the user's settings +LoadConfig($vncUserConfig); + +# And then override anything set above if mandatory settings exist. +# WARNING: "Mandatory" is used loosely here! As the man page says, +# there is nothing stopping someone from EASILY subverting the +# settings in $vncSystemConfigMandatoryFile by simply passing +# CLI args to vncserver, which trump config files! To properly +# hard force policy in a non-subvertible way would require major +# development work that touches Xvnc itself. +LoadConfig($vncSystemConfigMandatoryFile, 1); + +# +# Check whether VNC authentication is enabled, and if so, prompt the user to +# create a VNC password if they don't already have one. +# + +$securityTypeArgSpecified = 0; +$vncAuthEnabled = 0; +$passwordArgSpecified = 0; +@vncAuthStrings = ("vncauth", "tlsvnc", "x509vnc"); + +# ...first we check our configuration files' settings +if ($config{'securitytypes'}) { + $securityTypeArgSpecified = 1; + foreach $arg2 (split(',', $config{'securitytypes'})) { + if (grep {$_ eq lc($arg2)} @vncAuthStrings) { + $vncAuthEnabled = 1; + } + } +} + +# ...and finally we check CLI args, which in the case of the topic at +# hand (VNC auth or not), override anything found in configuration files +# (even so-called "mandatory" settings). +for ($i = 0; $i < @ARGV; ++$i) { + # -SecurityTypes can be followed by a space or "=" + my @splitargs = split('=', $ARGV[$i]); + if (@splitargs <= 1 && $i < @ARGV - 1) { + push(@splitargs, $ARGV[$i + 1]); + } + if (lc(@splitargs[0]) eq "-securitytypes") { + if (@splitargs > 1) { + $securityTypeArgSpecified = 1; + } + foreach $arg2 (split(',', @splitargs[1])) { + if (grep {$_ eq lc($arg2)} @vncAuthStrings) { + $vncAuthEnabled = 1; + } + } + } + if ((lc(@splitargs[0]) eq "-password") + || (lc(@splitargs[0]) eq "-passwordfile" + || (lc(@splitargs[0]) eq "-rfbauth"))) { + $passwordArgSpecified = 1; + } +} + +if ((!$securityTypeArgSpecified || $vncAuthEnabled) && !$passwordArgSpecified) { + ($z,$z,$mode) = stat("$vncUserDir/passwd"); + if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { + warn "\nYou will require a password to access your desktops.\n\n"; + system($exedir."vncpasswd -q $vncUserDir/passwd"); + if (($? >> 8) != 0) { + exit 1; + } + } +} + +$desktopLog = "$vncUserDir/$host:$displayNumber.log"; +unlink($desktopLog); + +# Make an X server cookie and set up the Xauthority file +# mcookie is a part of util-linux, usually only GNU/Linux systems have it. +$cookie = `mcookie`; +# Fallback for non GNU/Linux OS - use /dev/urandom on systems that have it, +# otherwise use perl's random number generator, seeded with the sum +# of the current time, our PID and part of the encrypted form of the password. +if ($cookie eq "" && open(URANDOM, '<', '/dev/urandom')) { + my $randata; + if (sysread(URANDOM, $randata, 16) == 16) { + $cookie = unpack 'h*', $randata; + } + close(URANDOM); +} +if ($cookie eq "") { + srand(time+$$+unpack("L",`cat $vncUserDir/passwd`)); + for (1..16) { + $cookie .= sprintf("%02x", int(rand(256)) % 256); + } +} + +open(XAUTH, "|xauth -f $xauthorityFile source -"); +print XAUTH "add $host:$displayNumber . $cookie\n"; +print XAUTH "add $host/unix:$displayNumber . $cookie\n"; +close(XAUTH); + +# Now start the X VNC Server + +# We build up our Xvnc command with options +$cmd = $exedir."Xvnc :$displayNumber"; + +foreach my $k (sort keys %config) { + $cmd .= " -$k $config{$k}"; + delete $default_opts{$k}; # file options take precedence +} + +foreach my $k (sort keys %default_opts) { + $cmd .= " -$k $default_opts{$k}"; +} + +# Add color database stuff here, e.g.: +# $cmd .= " -co /usr/lib/X11/rgb"; + +foreach $arg (@ARGV) { + $cmd .= " " . "edString($arg); +} +$cmd .= " >> " . "edString($desktopLog) . " 2>&1"; + +# Run $cmd and record the process ID. +$pidFile = "$vncUserDir/$host:$displayNumber.pid"; +system("$cmd & echo \$! >$pidFile"); + +# Give Xvnc a chance to start up + +sleep(3); +if ($fontPath ne $defFontPath) { + unless (kill 0, `cat $pidFile`) { + if ($fpArgSpecified) { + warn "\nWARNING: The first attempt to start Xvnc failed, probably because the font\n"; + warn "path you specified using the -fp argument is incorrect. Attempting to\n"; + warn "determine an appropriate font path for this system and restart Xvnc using\n"; + warn "that font path ...\n"; + } else { + warn "\nWARNING: The first attempt to start Xvnc failed, possibly because the font\n"; + warn "catalog is not properly configured. Attempting to determine an appropriate\n"; + warn "font path for this system and restart Xvnc using that font path ...\n"; + } + $cmd =~ s@-fp [^ ]+@@; + $cmd .= " -fp $defFontPath" if ($defFontPath); + system("$cmd & echo \$! >$pidFile"); + sleep(3); + } +} +unless (kill 0, `cat $pidFile`) { + warn "Could not start Xvnc.\n\n"; + unlink $pidFile; + open(LOG, "<$desktopLog"); + while () { print; } + close(LOG); + die "\n"; +} + +warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n"; + +# Create the user's xstartup script if necessary. +if (! $skipxstartup) { + if (!(-e "$xstartupFile")) { + warn "Creating default startup script $xstartupFile\n"; + open(XSTARTUP, ">$xstartupFile"); + print XSTARTUP $defaultXStartup; + close(XSTARTUP); + chmod 0755, "$xstartupFile"; + } +} + +# Create the user's config file if necessary. +if (!(-e "$vncUserDir/config")) { + warn "Creating default config $vncUserDir/config\n"; + open(VNCUSERCONFIG, ">$vncUserDir/config"); + print VNCUSERCONFIG $defaultConfig; + close(VNCUSERCONFIG); + chmod 0644, "$vncUserDir/config"; +} + +# Run the X startup script. +if (! $skipxstartup) { + warn "Starting applications specified in $xstartupFile\n"; +} +warn "Log file is $desktopLog\n\n"; + +# If the unix domain socket exists then use that (DISPLAY=:n) otherwise use +# TCP (DISPLAY=host:n) + +if (-e "/tmp/.X11-unix/X$displayNumber" || + -e "/usr/spool/sockets/X11/$displayNumber") +{ + $ENV{DISPLAY}= ":$displayNumber"; +} else { + $ENV{DISPLAY}= "$host:$displayNumber"; +} +$ENV{VNCDESKTOP}= $desktopName; + +if ($opt{'-fg'}) { + if (! $skipxstartup) { + system("$xstartupFile >> " . "edString($desktopLog) . " 2>&1"); + } + if (kill 0, `cat $pidFile`) { + $opt{'-kill'} = ':'.$displayNumber; + &Kill(); + } +} else { + if ($opt{'-autokill'}) { + if (! $skipxstartup) { + system("($xstartupFile; $0 -kill :$displayNumber) >> " + . "edString($desktopLog) . " 2>&1 &"); + } + } else { + if (! $skipxstartup) { + system("$xstartupFile >> " . "edString($desktopLog) + . " 2>&1 &"); + } + } +} + +exit; + +############################################################################### +# Functions +############################################################################### + +# +# Populate the global %config hash with settings from a specified +# vncserver configuration file if it exists +# +# Args: 1. file path +# 2. optional boolean flag to enable warning when a previously +# set configuration setting is being overridden +# +sub LoadConfig { + local ($configFile, $warnoverride) = @_; + local ($toggle) = undef; + + if (stat($configFile)) { + if (open(IN, $configFile)) { + while () { + next if /^#/; + if (my ($k, $v) = /^\s*(\w+)\s*=\s*(.+)$/) { + $k = lc($k); # must normalize key case + if ($k eq "session") { + next; + } + if ($warnoverride && $config{$k}) { + print("Warning: $configFile is overriding previously defined '$k' to be '$v'\n"); + } + $config{$k} = $v; + } elsif ($_ =~ m/^\s*(\S+)/) { + # We can't reasonably warn on override of toggles (e.g. AlwaysShared) + # because it would get crazy to do so. We'd have to check if the + # current config file being loaded defined the logical opposite setting + # (NeverShared vs. AlwaysShared, etc etc). + $toggle = lc($1); # must normalize key case + $config{$toggle} = $k; + } + } + close(IN); + } + } +} + +# +# CheckGeometryAndDepth simply makes sure that the geometry and depth values +# are sensible. +# + +sub CheckGeometryAndDepth +{ + if ($geometry =~ /^(\d+)x(\d+)$/) { + $width = $1; $height = $2; + + if (($width<1) || ($height<1)) { + die "$prog: geometry $geometry is invalid\n"; + } + + $geometry = "${width}x$height"; + } else { + die "$prog: geometry $geometry is invalid\n"; + } + + if ($depth && (($depth < 8) || ($depth > 32))) { + die "Depth must be between 8 and 32\n"; + } +} + + +# +# GetDisplayNumber gets the lowest available display number. A display number +# n is taken if something is listening on the VNC server port (5900+n) or the +# X server port (6000+n). +# + +sub GetDisplayNumber +{ + foreach $n (1..99) { + if (&CheckDisplayNumber($n)) { + return $n+0; # Bruce Mah's workaround for bug in perl 5.005_02 + } + } + + die "$prog: no free display number on $host.\n"; +} + + +# +# CheckDisplayNumber checks if the given display number is available. A +# display number n is taken if something is listening on the VNC server port +# (5900+n) or the X server port (6000+n). +# + +sub CheckDisplayNumber +{ + local ($n) = @_; + + socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n"; + eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))'; + if (!bind(S, pack('S n x12', $AF_INET, 6000 + $n))) { + close(S); + return 0; + } + close(S); + + socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n"; + eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))'; + if (!bind(S, pack('S n x12', $AF_INET, 5900 + $n))) { + close(S); + return 0; + } + close(S); + + if (-e "/tmp/.X$n-lock") { + warn "\nWarning: $host:$n is taken because of /tmp/.X$n-lock\n"; + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + if (-e "/tmp/.X11-unix/X$n") { + warn "\nWarning: $host:$n is taken because of /tmp/.X11-unix/X$n\n"; + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + if (-e "/usr/spool/sockets/X11/$n") { + warn("\nWarning: $host:$n is taken because of ". + "/usr/spool/sockets/X11/$n\n"); + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + return 1; +} + + +# +# GetXDisplayDefaults uses xdpyinfo to find out the geometry, depth and pixel +# format of the current X display being used. If successful, it sets the +# options as appropriate so that the X VNC server will use the same settings +# (minus an allowance for window manager decorations on the geometry). Using +# the same depth and pixel format means that the VNC server won't have to +# translate pixels when the desktop is being viewed on this X display (for +# TrueColor displays anyway). +# + +sub GetXDisplayDefaults +{ + local (@lines, @matchlines, $width, $height, $defaultVisualId, $i, + $red, $green, $blue); + + $wmDecorationWidth = 4; # a guess at typical size for window manager + $wmDecorationHeight = 24; # decoration size + + return if (!defined($ENV{DISPLAY})); + + @lines = `xdpyinfo 2>/dev/null`; + + return if ($? != 0); + + @matchlines = grep(/dimensions/, @lines); + if (@matchlines) { + ($width, $height) = ($matchlines[0] =~ /(\d+)x(\d+) pixels/); + + $width -= $wmDecorationWidth; + $height -= $wmDecorationHeight; + + $geometry = "${width}x$height"; + } + + @matchlines = grep(/default visual id/, @lines); + if (@matchlines) { + ($defaultVisualId) = ($matchlines[0] =~ /id:\s+(\S+)/); + + for ($i = 0; $i < @lines; $i++) { + if ($lines[$i] =~ /^\s*visual id:\s+$defaultVisualId$/) { + if (($lines[$i+1] !~ /TrueColor/) || + ($lines[$i+2] !~ /depth/) || + ($lines[$i+4] !~ /red, green, blue masks/)) + { + return; + } + last; + } + } + + return if ($i >= @lines); + + ($depth) = ($lines[$i+2] =~ /depth:\s+(\d+)/); + ($red,$green,$blue) + = ($lines[$i+4] + =~ /masks:\s+0x([0-9a-f]+), 0x([0-9a-f]+), 0x([0-9a-f]+)/); + + $red = hex($red); + $green = hex($green); + $blue = hex($blue); + + if ($red > $blue) { + $red = int(log($red) / log(2)) - int(log($green) / log(2)); + $green = int(log($green) / log(2)) - int(log($blue) / log(2)); + $blue = int(log($blue) / log(2)) + 1; + $pixelformat = "rgb$red$green$blue"; + } else { + $blue = int(log($blue) / log(2)) - int(log($green) / log(2)); + $green = int(log($green) / log(2)) - int(log($red) / log(2)); + $red = int(log($red) / log(2)) + 1; + $pixelformat = "bgr$blue$green$red"; + } + } +} + + +# +# quotedString returns a string which yields the original string when parsed +# by a shell. +# + +sub quotedString +{ + local ($in) = @_; + + $in =~ s/\'/\'\"\'\"\'/g; + + return "'$in'"; +} + + +# +# removeSlashes turns slashes into underscores for use as a file name. +# + +sub removeSlashes +{ + local ($in) = @_; + + $in =~ s|/|_|g; + + return "$in"; +} + + +# +# Usage +# + +sub Usage +{ + die("\nusage: $prog [:] [-name ] [-depth ]\n". + " [-geometry x]\n". + " [-pixelformat rgbNNN|bgrNNN]\n". + " [-fp ]\n". + " [-cc ]\n". + " [-fg]\n". + " [-autokill]\n". + " [-noxstartup]\n". + " [-xstartup ]\n". + " [-fallbacktofreeport]\n". + " ...\n\n". + " $prog -kill \n\n". + " $prog -list\n\n"); +} + + +# +# List +# + +sub List +{ + opendir(dir, $vncUserDir); + my @filelist = readdir(dir); + closedir(dir); + print "\nTigerVNC server sessions:\n\n"; + print "X DISPLAY #\tPROCESS ID\n"; + foreach my $file (@filelist) { + if ($file =~ /$host:(\d+)$\.pid/) { + chop($tmp_pid = `cat $vncUserDir/$file`); + if (kill 0, $tmp_pid) { + print ":".$1."\t\t".`cat $vncUserDir/$file`; + } else { + unlink ($vncUserDir . "/" . $file); + } + } + } + exit; +} + + +# +# Kill +# + +sub Kill +{ + $opt{'-kill'} =~ s/(:\d+)\.\d+$/$1/; # e.g. turn :1.0 into :1 + + if ($opt{'-kill'} =~ /^:\d+$/) { + $pidFile = "$vncUserDir/$host$opt{'-kill'}.pid"; + } else { + if ($opt{'-kill'} !~ /^$host:/) { + die "\nCan't tell if $opt{'-kill'} is on $host\n". + "Use -kill : instead\n\n"; + } + $pidFile = "$vncUserDir/$opt{'-kill'}.pid"; + } + + if (! -r $pidFile) { + die "\nCan't find file $pidFile\n". + "You'll have to kill the Xvnc process manually\n\n"; + } + + $SIG{'HUP'} = 'IGNORE'; + chop($pid = `cat $pidFile`); + warn "Killing Xvnc process ID $pid\n"; + + if (kill 0, $pid) { + system("kill $pid"); + sleep(1); + if (kill 0, $pid) { + print "Xvnc seems to be deadlocked. Kill the process manually and then re-run\n"; + print " ".$0." -kill ".$opt{'-kill'}."\n"; + print "to clean up the socket files.\n"; + exit + } + + } else { + warn "Xvnc process ID $pid already killed\n"; + $opt{'-kill'} =~ s/://; + + if (-e "/tmp/.X11-unix/X$opt{'-kill'}") { + print "Xvnc did not appear to shut down cleanly."; + print " Removing /tmp/.X11-unix/X$opt{'-kill'}\n"; + unlink "/tmp/.X11-unix/X$opt{'-kill'}"; + } + if (-e "/tmp/.X$opt{'-kill'}-lock") { + print "Xvnc did not appear to shut down cleanly."; + print " Removing /tmp/.X$opt{'-kill'}-lock\n"; + unlink "/tmp/.X$opt{'-kill'}-lock"; + } + } + + unlink $pidFile; + exit; +} + + +# +# ParseOptions takes a list of possible options and a boolean indicating +# whether the option has a value following, and sets up an associative array +# %opt of the values of the options given on the command line. It removes all +# the arguments it uses from @ARGV and returns them in @optArgs. +# + +sub ParseOptions +{ + local (@optval) = @_; + local ($opt, @opts, %valFollows, @newargs); + + while (@optval) { + $opt = shift(@optval); + push(@opts,$opt); + $valFollows{$opt} = shift(@optval); + } + + @optArgs = (); + %opt = (); + + arg: while (defined($arg = shift(@ARGV))) { + foreach $opt (@opts) { + if ($arg eq $opt) { + push(@optArgs, $arg); + if ($valFollows{$opt}) { + if (@ARGV == 0) { + &Usage(); + } + $opt{$opt} = shift(@ARGV); + push(@optArgs, $opt{$opt}); + } else { + $opt{$opt} = 1; + } + next arg; + } + } + push(@newargs,$arg); + } + + @ARGV = @newargs; +} + + +# Routine to make sure we're operating in a sane environment. +sub SanityCheck +{ + local ($cmd); + + # Get the program name + ($prog) = ($0 =~ m|([^/]+)$|); + + # + # Check we have all the commands we'll need on the path. + # + + cmd: + foreach $cmd ("uname","xauth") { + for (split(/:/,$ENV{PATH})) { + if (-x "$_/$cmd") { + next cmd; + } + } + die "$prog: couldn't find \"$cmd\" on your PATH.\n"; + } + + if($exedir eq "") { + cmd2: + foreach $cmd ("Xvnc","vncpasswd") { + for (split(/:/,$ENV{PATH})) { + if (-x "$_/$cmd") { + next cmd2; + } + } + die "$prog: couldn't find \"$cmd\" on your PATH.\n"; + } + } + else { + cmd3: + foreach $cmd ($exedir."Xvnc",$exedir."vncpasswd") { + for (split(/:/,$ENV{PATH})) { + if (-x "$cmd") { + next cmd3; + } + } + die "$prog: couldn't find \"$cmd\".\n"; + } + } + + if (!defined($ENV{HOME})) { + die "$prog: The HOME environment variable is not set.\n"; + } + + # + # Find socket constants. 'use Socket' is a perl5-ism, so we wrap it in an + # eval, and if it fails we try 'require "sys/socket.ph"'. If this fails, + # we just guess at the values. If you find perl moaning here, just + # hard-code the values of AF_INET and SOCK_STREAM. You can find these out + # for your platform by looking in /usr/include/sys/socket.h and related + # files. + # + + chop($os = `uname`); + chop($osrev = `uname -r`); + + eval 'use Socket'; + if ($@) { + eval 'require "sys/socket.ph"'; + if ($@) { + if (($os eq "SunOS") && ($osrev !~ /^4/)) { + $AF_INET = 2; + $SOCK_STREAM = 2; + } else { + $AF_INET = 2; + $SOCK_STREAM = 1; + } + } else { + $AF_INET = &AF_INET; + $SOCK_STREAM = &SOCK_STREAM; + } + } else { + $AF_INET = &AF_INET; + $SOCK_STREAM = &SOCK_STREAM; + } +} + +sub NotifyAboutDeprecation +{ + warn "\nWARNING: vncserver has been replaced by a systemd unit and is now considered deprecated and removed in upstream.\n"; + warn "Please read /usr/share/doc/tigervnc/HOWTO.md for more information.\n"; +} diff --git a/SOURCES/xorg-CVE-2024-0229-followup.patch b/SOURCES/xorg-CVE-2024-0229-followup.patch new file mode 100644 index 0000000..9ea651b --- /dev/null +++ b/SOURCES/xorg-CVE-2024-0229-followup.patch @@ -0,0 +1,32 @@ +From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Mon, 22 Jan 2024 14:22:12 +1000 +Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify + event + +Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5 +--- + dix/enterleave.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/dix/enterleave.c b/dix/enterleave.c +index 7b7ba1098b..c1e6ac600e 100644 +--- a/dix/enterleave.c ++++ b/dix/enterleave.c +@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v, + ev->first_valuator = first; + switch (ev->num_valuators) { + case 6: +- ev->valuator2 = v->axisVal[first + 5]; ++ ev->valuator5 = v->axisVal[first + 5]; + case 5: +- ev->valuator2 = v->axisVal[first + 4]; ++ ev->valuator4 = v->axisVal[first + 4]; + case 4: +- ev->valuator2 = v->axisVal[first + 3]; ++ ev->valuator3 = v->axisVal[first + 3]; + case 3: + ev->valuator2 = v->axisVal[first + 2]; + case 2: +-- +GitLab diff --git a/SOURCES/xvnc.service b/SOURCES/xvnc.service new file mode 100644 index 0000000..9ee468c --- /dev/null +++ b/SOURCES/xvnc.service @@ -0,0 +1,38 @@ +# The vncserver service unit file +# +# Quick HowTo: +# 1. Copy this file to /etc/systemd/system/xvnc@.service +# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket +# 3. Run `systemctl daemon-reload` +# 4. Run `systemctl enable xvnc.socket` +# +# DO NOT RUN THIS SERVICE if your local area network is +# untrusted! For a secure way of using VNC, you should +# limit connections to the local host and then tunnel from +# the machine you want to view VNC on (host A) to the machine +# whose VNC output you want to view (host B) +# +# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB +# +# this will open a connection on port 590N of your hostA to hostB's port 590M +# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB). +# See the ssh man page for details on port forwarding) +# +# You can then point a VNC client on hostA at vncdisplay N of localhost and with +# the help of ssh, you end up seeing what hostB makes available on port 590M +# +# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. +# +# Use "-localhost" to prevent remote VNC clients connecting except when +# doing so through a secure tunnel. See the "-via" option in the +# `man vncviewer' manual page. + + +[Unit] +Description=XVNC Per-Connection Daemon + +[Service] +ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None -Log *:syslog:30 +User=nobody +StandardInput=socket +StandardError=syslog diff --git a/SOURCES/xvnc.socket b/SOURCES/xvnc.socket new file mode 100644 index 0000000..9b3f92d --- /dev/null +++ b/SOURCES/xvnc.socket @@ -0,0 +1,9 @@ +[Unit] +Description=XVNC Server + +[Socket] +ListenStream=5900 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec new file mode 100644 index 0000000..f153dd4 --- /dev/null +++ b/SPECS/tigervnc.spec @@ -0,0 +1,1190 @@ + +#defining macros needed by SELinux +%global selinuxtype targeted +%global modulename vncsession + +Name: tigervnc +Version: 1.13.1 +Release: 8%{?dist} +Summary: A TigerVNC remote display system + +%global _hardened_build 1 + +License: GPLv2+ +URL: http://www.tigervnc.com + +Source0: %{name}-%{version}.tar.gz +Source1: xvnc.service +Source2: xvnc.socket +Source3: 10-libvnc.conf + +# Backwards compatibility +Source5: vncserver + +# Downstream patches +Patch1: tigervnc-use-gnome-as-default-session.patch +Patch2: tigervnc-vncsession-restore-script-systemd-service.patch +Patch3: tigervnc-dont-install-appstream-metadata-file.patch + +# Upstream patches +Patch50: tigervnc-support-username-alias-in-plainusers.patch +Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch + +# Upstreamable patches +Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch + +# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg +Patch100: tigervnc-xserver120.patch +# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start +Patch101: 0001-rpath-hack.patch + +# XServer patches +# CVE-2024-0229 +# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251 +Patch200: xorg-CVE-2024-0229-followup.patch + +BuildRequires: make +BuildRequires: gcc-c++ +BuildRequires: gettext +BuildRequires: cmake + +BuildRequires: gnutls-devel +BuildRequires: desktop-file-utils +BuildRequires: libappstream-glib +BuildRequires: libjpeg-turbo-devel +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: zlib-devel + +# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support +# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814 +BuildRequires: fltk-devel >= 1.3.3 +BuildRequires: libX11-devel +BuildRequires: libXext-devel +BuildRequires: libXi-devel +BuildRequires: libXrandr-devel +BuildRequires: libXrender-devel +BuildRequires: pixman-devel + +# X11/graphics dependencies +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gettext-autopoint +BuildRequires: libXdamage-devel +BuildRequires: libXdmcp-devel +BuildRequires: libXfixes-devel +BuildRequires: libXfont2-devel +BuildRequires: libXinerama-devel +BuildRequires: libXt-devel +BuildRequires: libXtst-devel +BuildRequires: libdrm-devel +BuildRequires: libtool +BuildRequires: libxkbfile-devel +BuildRequires: libxshmfence-devel +BuildRequires: mesa-libGL-devel +BuildRequires: xorg-x11-font-utils +BuildRequires: xorg-x11-server-devel +BuildRequires: xorg-x11-server-source +BuildRequires: xorg-x11-util-macros +BuildRequires: xorg-x11-xtrans-devel + +# SELinux +BuildRequires: libselinux-devel, selinux-policy-devel, systemd + +Requires(post): coreutils +Requires(postun):coreutils + +Requires: hicolor-icon-theme +Requires: tigervnc-license +Requires: tigervnc-icons + +%description +Virtual Network Computing (VNC) is a remote display system which +allows you to view a computing 'desktop' environment not only on the +machine where it is running, but from anywhere on the Internet and +from a wide variety of machine architectures. This package contains a +client which will allow you to connect to other desktops running a VNC +server. + +%package server +Summary: A TigerVNC server +Requires: perl-interpreter +Requires: tigervnc-server-minimal = %{version}-%{release} +Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) +Requires: xorg-x11-xauth +Requires: xorg-x11-xinit +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): systemd + +%description server +The VNC system allows you to access the same desktop from a wide +variety of platforms. This package includes set of utilities +which make usage of TigerVNC server more user friendly. It also +contains x0vncserver program which can export your active +X session. + +%package server-minimal +Summary: A minimal installation of TigerVNC server +Requires(post): chkconfig +Requires(preun):chkconfig + +Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils +Requires: tigervnc-license, dbus-x11 + +%description server-minimal +The VNC system allows you to access the same desktop from a wide +variety of platforms. This package contains minimal installation +of TigerVNC server, allowing others to access the desktop on your +machine. + +%package server-module +Summary: TigerVNC module to Xorg +Requires: xorg-x11-server-Xorg %(xserver-sdk-abi-requires ansic) %(xserver-sdk-abi-requires videodrv) +Requires: tigervnc-license + +%description server-module +This package contains libvnc.so module to X server, allowing others +to access the desktop on your machine. + +%package license +Summary: License of TigerVNC suite +BuildArch: noarch + +%description license +This package contains license of the TigerVNC suite + +%package icons +Summary: Icons for TigerVNC viewer +BuildArch: noarch + +%description icons +This package contains icons for TigerVNC viewer + +%package selinux +Summary: SELinux module for TigerVNC +BuildArch: noarch +BuildRequires: selinux-policy-devel +Requires: selinux-policy-%{selinuxtype} +Requires(post): selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +# Required for matchpathcon +Requires: libselinux-utils +# Required for restorecon +Requires: policycoreutils +%{?selinux_requires} + +%description selinux +This package provides the SELinux policy module to ensure TigerVNC +runs properly under an environment with SELinux enabled. + +%prep +%setup -q + +cp -r /usr/share/xorg-x11-server-source/* unix/xserver +pushd unix/xserver +for all in `find . -type f -perm -001`; do + chmod -x "$all" +done +%patch100 -p1 -b .xserver120-rebased +%patch101 -p1 -b .rpath +%patch200 -p1 -b .xorg-CVE-2024-0229-followup +popd + +%patch1 -p1 -b .use-gnome-as-default-session +%patch2 -p1 -b .vncsession-restore-script-systemd-service +%patch3 -p1 -b .dont-install-appstream-metadata-file.patch + +# Upstream patches +%patch50 -p1 -b .support-username-alias-in-plainusers +%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd + +# Upstreamable patches +%patch80 -p1 -b .dont-get-pointer-position-for-floating-device + +%build +%ifarch sparcv9 sparc64 s390 s390x +export CFLAGS="$RPM_OPT_FLAGS -fPIC" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpic" +%endif +export CXXFLAGS="$CFLAGS" + +%{cmake} . +make %{?_smp_mflags} + +pushd unix/xserver +autoreconf -fiv +%configure \ + --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \ + --disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \ + --with-pic --disable-static \ + --with-default-font-path="catalogue:%{_sysconfdir}/X11/fontpath.d,built-ins" \ + --with-fontdir=%{_datadir}/X11/fonts \ + --with-xkb-output=%{_localstatedir}/lib/xkb \ + --enable-install-libxf86config \ + --enable-glx --disable-dri --enable-dri2 --disable-dri3 \ + --disable-unit-tests \ + --disable-config-hal \ + --disable-config-udev \ + --with-dri-driver-path=%{_libdir}/dri \ + --without-dtrace \ + --disable-devel-docs \ + --disable-selective-werror + +make %{?_smp_mflags} +popd + +# Build icons +pushd media +make +popd + +# SELinux +pushd unix/vncserver/selinux +make +popd + + +%install +%make_install + +pushd unix/xserver/hw/vnc +make install DESTDIR=%{buildroot} +popd + +pushd unix/vncserver/selinux +make install DESTDIR=%{buildroot} +popd + + +# Install systemd unit file +install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service +install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket + +# Install desktop stuff +mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps + +pushd media/icons +for s in 16 22 24 32 48 64 128; do +install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png +done +popd + +install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver + +%find_lang %{name} %{name}.lang + +# remove unwanted files +rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la + +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/ +install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf + +%post server +%systemd_post xvnc.service +%systemd_post xvnc.socket + +%preun server +%systemd_preun xvnc.service +%systemd_preun xvnc.socket + +%postun server +%systemd_postun xvnc.service +%systemd_postun xvnc.socket + +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 +%selinux_relabel_post -s %{selinuxtype} + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{modulename} + %selinux_relabel_post -s %{selinuxtype} +fi + + +%files -f %{name}.lang +%doc README.rst +%{_bindir}/vncviewer +%{_datadir}/applications/* +%{_mandir}/man1/vncviewer.1* + +%files server +%config(noreplace) %{_sysconfdir}/pam.d/tigervnc +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-defaults +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-mandatory +%config(noreplace) %{_sysconfdir}/tigervnc/vncserver.users +%{_unitdir}/vncserver@.service +%{_unitdir}/xvnc@.service +%{_unitdir}/xvnc.socket +%{_bindir}/x0vncserver +%{_bindir}/vncserver +%{_sbindir}/vncsession +%{_libexecdir}/vncserver +%{_libexecdir}/vncsession-start +%{_libexecdir}/vncsession-restore +%{_mandir}/man1/x0vncserver.1* +%{_mandir}/man8/vncserver.8* +%{_mandir}/man8/vncsession.8* +%{_docdir}/tigervnc/HOWTO.md + +%files server-minimal +%{_bindir}/vncconfig +%{_bindir}/vncpasswd +%{_bindir}/Xvnc +%{_mandir}/man1/Xvnc.1* +%{_mandir}/man1/vncpasswd.1* +%{_mandir}/man1/vncconfig.1* + +%files server-module +%{_libdir}/xorg/modules/extensions/libvnc.so +%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf + +%files license +%{_docdir}/tigervnc/LICENCE.TXT + +%files icons +%{_datadir}/icons/hicolor/*/apps/* + +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.* +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} + +%changelog +* Fri Mar 29 2024 MSVSphere Packaging Team - 1.13.1-8 +- Rebuilt for MSVSphere 8.10 beta + +* Wed Feb 07 2024 Jan Grulich - 1.13.1-8 +- Fix copy/paste error in the DeviceStateNotify + Resolves: RHEL-20530 + +* Mon Jan 22 2024 Jan Grulich - 1.13.1-7 +- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice + Resolves: RHEL-20388 +- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent + Resolves: RHEL-20382 +- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access + Resolves: RHEL-20530 +- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer + Resolves: RHEL-21214 + +* Mon Jan 08 2024 Jan Grulich - 1.13.1-6 +- Use dup() to get available file descriptor when using -inetd option + Resolves: RHEL-21000 + +* Mon Dec 18 2023 Jan Grulich - 1.13.1-5 +- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions + Resolves: RHEL-18410 +- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty + Resolves: RHEL-18422 + +* Wed Nov 01 2023 Jan Grulich - 1.13.1-4 +- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow + Resolves: RHEL-15236 + +- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty + Resolves: RHEL-15230 + +* Mon Oct 09 2023 Jan Grulich - 1.13.1-3 +- Support username alias in PlainUsers + Resolves: RHEL-4258 + +* Tue Apr 11 2023 Jan Grulich - 1.13.1-2 +- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege + Escalation Vulnerability + Resolves: bz#2180306 + +* Tue Mar 21 2023 Jan Grulich - 1.13.1-1 +- 1.13.1 + Resolves: bz#2175748 +- Restore "--fallbacktofreeport" option in the vncserver script + Resolves: bz#2174398 + +* Thu Dec 08 2022 Jan Grulich - 1.12.0-9 +- Bump build version to fix upgrade path + Resolves: bz#1437569 + +* Fri Nov 18 2022 Jan Grulich - 1.12.0-8 +- x0vncserver: add new keysym in case we don't find matching keycode + Resolves: bz#1437569 + +* Wed Aug 24 2022 Jan Grulich - 1.12.0-7 +- x0vncserver: fix ghost cursor in zaphod mode (better version) + Resolves: bz#2109679 + +* Wed Aug 17 2022 Jan Grulich - 1.12.0-6 +- x0vncserver: fix ghost cursor in zaphod mode + Resolves: bz#2109679 + +* Tue May 31 2022 Jan Grulich - 1.12.0-5 +- BR: libXdamage, libXfixes, libXrandr + Resolves: bz#2088733 + +* Tue Feb 08 2022 Jan Grulich - 1.12.0-4 +- Added vncsession-restore script for SELinux policy migration + Fix SELinux context for root user + Resolves: bz#2021892 + +* Fri Jan 21 2022 Jan Grulich - 1.12.0-3 +- Fix crash in vncviewer + Resolves: bz#2021892 + +* Fri Jan 14 2022 Jan Grulich - 1.12.0-2 +- Remove unavailable option from vncserver script + Resolves: bz#2021892 + +* Fri Jan 14 2022 Jan Grulich - 1.12.0-1 +- 1.12.0 + Resolves: bz#2021892 + +* Mon Jul 19 2021 Jan Grulich - 1.11.0-9 +- Fix logout from VNC session using vncserver + Resolves: bz#1983706 + +* Tue Jun 01 2021 Jan Grulich - 1.11.0-8 +- Run all SELinux RPM macros on correct package + Resolves: bz#1907963 + +* Mon May 17 2021 Jan Grulich - 1.11.0-7 +- SELinux improvements + Resolves: bz#1907963 + +* Tue Dec 15 2020 Jan Grulich - 1.11.0-6 +- Use GNOME as default session + Resolves: bz#1853608 + +* Thu Dec 03 2020 Jan Grulich - 1.11.0-5 +- Make sure we log properly output to journal (actually log to syslog) + Resolves: bz#1841537 + +* Thu Dec 03 2020 Jan Grulich - 1.11.0-4 +- Make sure we log properly output to journal + Resolves: bz#1841537 + +* Wed Nov 18 2020 Jan Grulich - 1.11.0-3 +- vncserver: ignore new "session" parameter from the new systemd support + Resolves: bz#1897504 + +* Wed Nov 18 2020 Jan Grulich - 1.11.0-2 +- Revert removal of vncserver + Resolves: bz#1897504 +- Correctly start vncsession as a daemon + Resolves: bz#1897498 + +* Tue Oct 20 2020 Jan Grulich - 1.11.0-1 +- Update to 1.11.0 + Resolves: bz#1880985 +- Backport fix to allow Tigervnc use boolean values in config files + Resolves: bz#1883415 + +* Wed Sep 30 2020 Jan Grulich - 1.10.1-8 +- Tolerate specifying -BoolParam 0 and similar + Resolves: bz#1883415 + +* Wed Jul 08 2020 Jan Grulich - 1.10.1-7 +- Enable server module on s390x + Resolves: bz#1854925 + +* Fri Jul 03 2020 Jan Grulich - 1.10.1-6 +- Remove trailing spaces in user name + Resolves: bz#1852432 + +* Thu Jun 25 2020 Jan Grulich - 1.10.1-5 +- Install the HOWTO file to correct location +- Add /usr/bin/vncserver file informing users to read the HOWTO.md file + Resolves: bz#1790443 + +* Mon Jun 15 2020 Jan Grulich - 1.10.1-4 +- Improve SELinux policy + Resolves: bz#1790443 + +* Mon Jun 15 2020 Jan Grulich - 1.10.1-3 +- Add a HOWTO.md file with instructions how to start VNC server + Resolves: bz#1790443 + +* Tue May 26 2020 Jan Grulich - 1.10.1-2 +- Make the systemd service run also for root user + Resolves: bz#1790443 + +* Mon Apr 27 2020 Jan Grulich - 1.10.1-1 +- Update to 1.10.1 + Resolves: bz#1806992 + +- Add proper systemd support + Resolves: bz#1790443 + +* Tue Jan 28 2020 Jan Grulich - 1.9.0-13 +- Bump build because of z-stream + Resolves: bz#1671714 + +* Wed Dec 11 2019 Jan Grulich - 1.9.0-12 +- Fix installation of systemd files + Resolves: bz#1671714 + +* Wed Nov 20 2019 Jan Grulich - 1.9.0-11 +- Use wrapper script to workaround systemd issues + Resolves: bz#1671714 + +* Fri Jul 12 2019 Jan Grulich - 1.9.0-10 +- Do not return returncode indicating error when running "vncserver -list" + Resolves: bz#1727860 + +* Fri Feb 08 2019 Jan Grulich - 1.9.0-9 +- Make tigervnc systemd service a user service + Resolves: bz#1639846 + +* Mon Jan 21 2019 Jan Grulich - 1.9.0-8 +- Kill the session automatically only when Gnome is installed + Resolves: bz#1665876 + +* Tue Nov 20 2018 Jan Grulich - 1.9.0-7 +- Improve coverity scan fixes + Resolves: bz#1602714 + + Inform whether view-only password is used or not + Resolves: bz#1639169 + + Backport fixes from RHEL 7 + Resolves: bz#1651254 + +* Tue Oct 09 2018 Jan Grulich - 1.9.0-6 +- Do not crash passwd when using malloc perturb checks + Resolves: bz#1637086 + +* Mon Oct 08 2018 Jan Grulich - 1.9.0-5 +- Improve coverity scan fixes + Resolves: bz#1602714 + +* Wed Oct 03 2018 Jan Grulich - 1.9.0-4 +- Improve coverity scan fixes + Resolves: bz#1602714 + +* Wed Oct 03 2018 Jan Grulich - 1.9.0-3 +- Fix some coverity scan issues + Resolves: bz#1602714 + +* Wed Aug 01 2018 Jan Grulich - 1.9.0-2 +- Remove dependency on initscripts + +* Tue Jul 17 2018 Jan Grulich - 1.9.0-1 +- Update to 1.9.0 + sync with Fedora + +* Tue Jun 12 2018 Adam Jackson - 1.8.0-10 +- Fix GLX initialization with Xorg 1.20 + +* Tue May 29 2018 Jan Grulich - 1.8.0-9 +- Build against Xorg 1.20 + +* Mon May 14 2018 Jan Grulich - 1.8.0-8 +- Drop BR: ImageMagick + +* Fri Feb 09 2018 Fedora Release Engineering - 1.8.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jan 18 2018 Igor Gnatenko - 1.8.0-6 +- Remove obsolete scriptlets + +* Fri Dec 15 2017 Jan Grulich - 1.8.0-5 +- Properly initialize tigervnc when started as systemd service + +* Thu Aug 03 2017 Fedora Release Engineering - 1.8.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.8.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jul 13 2017 Petr Pisar - 1.8.0-2 +- perl dependency renamed to perl-interpreter + + +* Wed May 17 2017 Jan Grulich - 1.8.0-1 +- Update to 1.8.0 + +* Thu Apr 20 2017 Jan Grulich - 1.7.90-1 +- Update to 1.7.90 (beta) + +* Thu Apr 06 2017 Jan Grulich - 1.7.1-4 +- Added systemd unit file for xvnc + Resolves: bz#891802 + +* Tue Apr 04 2017 Jan Grulich - 1.7.1-3 +- Bug 1438704 - CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 + CVE-2017-7395 CVE-2017-7396 tigervnc: various flaws + + other upstream related fixes + +* Sat Feb 11 2017 Fedora Release Engineering - 1.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 19 2017 Jan Grulich - 1.7.1-1 +- Update to 1.7.1 + +* Mon Jan 9 2017 Hans de Goede - 1.7.0-6 +- Fix -inetd no longer working (rhbz#1408724) + +* Wed Nov 30 2016 Jan Grulich - 1.7.0-5 +- Fix broken vncserver.service file + +* Wed Nov 23 2016 Jan Grulich - 1.7.0-4 +- Improve instructions in vncserver.service + Resolves: bz#1397207 + +* Tue Oct 4 2016 Hans de Goede - 1.7.0-3 +- Update tigervnc-1.7.0-xserver119-support.patch to also request write + notfication when necessary + +* Mon Oct 3 2016 Hans de Goede - 1.7.0-2 +- Add patches for use with xserver-1.19 +- Rebuild against xserver-1.19 +- Cleanup specfile a bit + +* Mon Sep 12 2016 Jan Grulich - 1.7.0-1 +- Update to 1.7.0 + +* Mon Jul 18 2016 Jan Grulich - 1.6.90-1 +- Update to 1.6.90 (1.7.0 beta) + +* Wed Jun 01 2016 Jan Grulich - 1.6.0-6 +- Try to pickup upstream fix for compatibility with gtk vnc clients + +* Wed Jun 01 2016 Jan Grulich - 1.6.0-5 +- Re-enable patch4 again, will need to find a way to make this work on both sides + +* Mon May 23 2016 Jan Grulich - 1.6.0-4 +- Utilize system-wide crypto policies + Resolves: bz#1179345 +- Try to disable patch4 as it was previously written to support an + older version of a different client and breaks some other usage + Resolves: bz#1280440 + +* Fri Feb 05 2016 Fedora Release Engineering - 1.6.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 13 2016 Jan Grulich - 1.6.0-2 +- Update systemd service file + Resolves: bz#1211789 + +* Mon Jan 04 2016 Jan Grulich - 1.6.0-1 +- Update to 1.6.0 + +* Tue Dec 01 2015 Jan Grulich - 1.5.90-1 +- Update to 1.5.90 (1.6.0 beta) + +* Thu Nov 19 2015 Jan Grulich - 1.5.0-4 +- rebuild against final xorg server 1.18 release (bug #1279146) + +* Tue Sep 22 2015 Kalev Lember - 1.5.0-3 +- xorg server 1.18 ABI rebuild + +* Fri Aug 21 2015 Jan Grulich - 1.5.0-2 +- Do not fail with -inetd option + +* Wed Aug 19 2015 Jan Grulich - 1.5.0-1 +- 1.5.0 + +* Tue Aug 04 2015 Kevin Fenzi - 1.4.3-12 +- Rebuild to fix broken deps and build against xorg 1.18 prerelease + +* Thu Jun 25 2015 Tim Waugh - 1.4.3-11 +- Rebuilt (bug #1235603). + +* Fri Jun 19 2015 Fedora Release Engineering - 1.4.3-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon May 04 2015 Kalev Lember - 1.4.3-8 +- Rebuilt for nettle soname bump + +* Wed Apr 22 2015 Tim Waugh - 1.4.3-7 +- Removed incorrect parameters from vncviewer manpage (bug #1213199). + +* Tue Apr 21 2015 Tim Waugh - 1.4.3-6 +- Use full git hash for GitHub tarball release. + +* Fri Apr 10 2015 Tim Waugh - 1.4.3-5 +- Explicit version build dependency for fltk (bug #1208814). + +* Thu Apr 9 2015 Tim Waugh - 1.4.3-4 +- Drop upstream xorg-x11-server patch as it is now built (bug #1210407). + +* Thu Apr 9 2015 Tim Waugh - 1.4.3-3 +- Apply upstream patch to fix byte order (bug #1206060). + +* Fri Mar 6 2015 Tim Waugh - 1.4.3-2 +- Don't disable Xinerama extension (upstream #147). + +* Mon Mar 2 2015 Tim Waugh - 1.4.3-1 +- 1.4.3. + +* Tue Feb 24 2015 Tim Waugh - 1.4.2-3 +- Use calloc instead of xmalloc. +- Removed unnecessary configure flags. + +* Wed Feb 18 2015 Rex Dieter 1.4.2-2 +- rebuild (fltk) + +* Fri Feb 13 2015 Tim Waugh - 1.4.2-1 +- Rebased xserver116.patch against xorg-x11-server-1.17.1. +- Allow build against xorg-x11-server-1.17. +- 1.4.2. + +* Tue Sep 9 2014 Tim Waugh - 1.3.1-11 +- Added missing part of xserver114.patch (bug #1137023). + +* Wed Sep 3 2014 Tim Waugh - 1.3.1-10 +- Fix build against xorg-x11-server-1.16.0 (bug #1136532). + +* Mon Aug 18 2014 Fedora Release Engineering - 1.3.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 15 2014 Tim Waugh - 1.3.1-8 +- Input reset fixes from upstream (bug #1116956). +- No longer need ppc64le patch as it's now in xorg-x11-server. +- Rebased xserver114.patch again. + +* Fri Jun 20 2014 Hans de Goede - 1.3.1-7 +- xserver 1.15.99.903 ABI rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 1.3.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 22 2014 Tim Waugh 1.3.1-5 +- Keep pointer in sync when using module (upstream bug #152). + +* Mon Apr 28 2014 Adam Jackson 1.3.1-4 +- Add version interlocks for -server-module + +* Mon Apr 28 2014 Hans de Goede - 1.3.1-3 +- xserver 1.15.99-20140428 git snapshot ABI rebuild + +* Mon Apr 7 2014 Tim Waugh 1.3.1-2 +- Allow build with dri3 and present extensions (bug #1063392). + +* Thu Mar 27 2014 Tim Waugh 1.3.1-1 +- 1.3.1 (bug #1078806). +- Add ppc64le support (bug #1078495). + +* Wed Mar 19 2014 Tim Waugh 1.3.0-15 +- Disable dri3 to enable building (bug #1063392). +- Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928). + +* Fri Feb 21 2014 Tim Waugh 1.3.0-14 +- Enabled hardened build (bug #955206). + +* Mon Feb 10 2014 Tim Waugh 1.3.0-13 +- Clearer xstartup file (bug #923655). + +* Tue Jan 14 2014 Tim Waugh 1.3.0-12 +- Fixed instructions in systemd unit file. + +* Fri Jan 10 2014 Tim Waugh 1.3.0-11 +- Fixed viewer crash when cursor has not been set (bug #1038701). + +* Thu Dec 12 2013 Tim Waugh 1.3.0-10 +- Avoid invalid read when ZRLE connection closed (upstream bug #133). + +* Tue Dec 3 2013 Tim Waugh 1.3.0-9 +- Fixed build failure with -Werror=format-security (bug #1037358). + +* Thu Nov 07 2013 Adam Jackson 1.3.0-8 +- Rebuild against xserver 1.15RC1 + +* Tue Sep 24 2013 Tim Waugh 1.3.0-7 +- Removed incorrect patch (for unexpected key_is_down). Fixes stuck + keys bug (bug #989502). + +* Thu Sep 19 2013 Tim Waugh 1.3.0-6 +- Fixed typo in 10-libvnc.conf (bug #1009111). + +* Wed Sep 18 2013 Tim Waugh 1.3.0-5 +- Better fix for PIDFile problem (bug #983232). + +* Mon Aug 5 2013 Tim Waugh 1.3.0-4 +- Fixed doc-related build failure (bug #992790). + +* Wed Jul 24 2013 Tim Waugh 1.3.0-3 +- Avoid PIDFile problems in systemd unit file (bug #983232). +- libvnc.so: don't use unexported key_is_down function. +- Don't use shebang in vncserver script. + +* Fri Jul 12 2013 Tim Waugh 1.3.0-2 +- Renumbered patches. +- libvnc.so: don't use unexported GetMaster function (bug #744881 again). + +* Mon Jul 8 2013 Tim Waugh 1.3.0-1 +- 1.3.0. + +* Wed Jul 3 2013 Tim Waugh 1.2.80-0.18.20130314svn5065 +- Removed systemd_requires macro in order to fix the build. + +* Wed Jul 3 2013 Tim Waugh 1.2.80-0.17.20130314svn5065 +- Synchronise manpages and --help output (bug #980870). + +* Mon Jun 17 2013 Adam Jackson 1.2.80-0.16.20130314svn5065 +- tigervnc-setcursor-crash.patch: Attempt to paper over a crash in Xvnc when + setting the cursor. + +* Sat Jun 08 2013 Dennis Gilmore 1.2.80-0.15.20130314svn5065 +- bump to rebuild and pick up bugfix causing X to crash on ppc and arm + +* Thu May 23 2013 Tim Waugh 1.2.80-0.14.20130314svn5065 +- Use systemd rpm macros (bug #850340). Moved systemd requirements + from main package to server sub-package. +- Applied Debian patch to fix busy loop when run from inetd in nowait + mode (bug #920373). +- Added dependency on xorg-x11-xinit to server sub-package so that + default window manager can be found (bug #896284, bug #923655). +- Fixed bogus changelog date. + +* Thu Mar 14 2013 Adam Jackson 1.2.80-0.13.20130314svn5065 +- Less RHEL customization + +* Thu Mar 14 2013 Adam Tkac - 1.2.80-0.12.20130314svn5065 +- include /etc/X11/xorg.conf.d/10-libvnc.conf sample configuration (#712482) +- vncserver now honors specified -geometry parameter (#755947) + +* Tue Mar 12 2013 Adam Tkac - 1.2.80-0.11.20130307svn5060 +- update to r5060 +- split icons to separate package to avoid multilib issues + +* Tue Feb 19 2013 Adam Tkac - 1.2.80-0.10.20130219svn5047 +- update to r5047 (X.Org 1.14 support) + +* Fri Feb 15 2013 Fedora Release Engineering - 1.2.80-0.9.20121126svn5015 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Jan 21 2013 Adam Tkac - 1.2.80-0.8.20121126svn5015 +- rebuild due to "jpeg8-ABI" feature drop + +* Wed Jan 16 2013 Adam Tkac 1.2.80-0.7.20121126svn5015 +- rebuild + +* Tue Dec 04 2012 Adam Tkac 1.2.80-0.6.20121126svn5015 +- rebuild against new fltk + +* Mon Nov 26 2012 Adam Tkac 1.2.80-0.5.20121126svn5015 +- update to r5015 +- build with -fpic instead of -fPIC on all archs except s390/sparc + +* Wed Nov 7 2012 Peter Robinson 1.2.80-0.4.20120905svn4996 +- Build with -fPIC to fix FTBFS on ARM + +* Wed Oct 31 2012 Adam Jackson 1.2.80-0.3.20120905svn4996 +- tigervnc12-xorg113-glx.patch: Fix to only init glx on the first server + generation + +* Fri Sep 28 2012 Adam Jackson 1.2.80-0.2.20120905svn4996 +- tigervnc12-xorg113-glx.patch: Re-enable GLX against xserver 1.13 + +* Fri Aug 17 2012 Adam Tkac 1.2.80-0.1.20120905svn4996 +- update to 1.2.80 +- remove deprecated patches + - tigervnc-102434.patch + - tigervnc-viewer-reparent.patch + - tigervnc11-java7.patch +- patches merged + - tigervnc11-xorg111.patch + - tigervnc11-xorg112.patch + +* Fri Aug 10 2012 Dave Airlie 1.1.0-10 +- fix build against newer X server + +* Mon Jul 23 2012 Adam Jackson 1.1.0-9 +- Build with the Composite extension for feature parity with other X servers + +* Sat Jul 21 2012 Fedora Release Engineering - 1.1.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jul 19 2012 Dave Airlie 1.1.0-7 +- fix building against X.org 1.13 + +* Wed Apr 04 2012 Adam Jackson 1.1.0-6 +- RHEL exclusion for -server-module on ppc* too + +* Mon Mar 26 2012 Adam Tkac - 1.1.0-5 +- clean Xvnc's /tmp environment in service file before startup +- fix building against the latest JAVA 7 and X.Org 1.12 + +* Sat Jan 14 2012 Fedora Release Engineering - 1.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 22 2011 Adam Tkac - 1.1.0-3 +- don't build X.Org devel docs (#755782) +- applet: BR generic java-devel instead of java-gcj-devel (#755783) +- use runuser to start Xvnc in systemd service file (#754259) +- don't attepmt to restart Xvnc session during update/erase (#753216) + +* Fri Nov 11 2011 Adam Tkac - 1.1.0-2 +- libvnc.so: don't use unexported GetMaster function (#744881) +- remove nasm buildreq + +* Mon Sep 12 2011 Adam Tkac - 1.1.0-1 +- update to 1.1.0 +- update the xorg11 patch +- patches merged + - tigervnc11-glx.patch + - tigervnc11-CVE-2011-1775.patch + - 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch + +* Thu Jul 28 2011 Adam Tkac - 1.0.90-6 +- add systemd service file and remove legacy SysV initscript (#717227) + +* Thu May 12 2011 Adam Tkac - 1.0.90-5 +- make Xvnc buildable against X.Org 1.11 + +* Tue May 10 2011 Adam Tkac - 1.0.90-4 +- viewer can send password without proper validation of X.509 certs + (CVE-2011-1775) + +* Wed Apr 13 2011 Adam Tkac - 1.0.90-3 +- fix wrong usage of memcpy which caused screen artifacts (#652590) +- don't point to inaccessible link in sysconfig/vncservers (#644975) + +* Fri Apr 08 2011 Adam Tkac - 1.0.90-2 +- improve compatibility with vinagre client (#692048) + +* Tue Mar 22 2011 Adam Tkac - 1.0.90-1 +- update to 1.0.90 + +* Wed Feb 09 2011 Fedora Release Engineering - 1.0.90-0.32.20110117svn4237 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Adam Tkac 1.0.90-0.31.20110117svn4237 +- fix libvnc.so module loading + +* Mon Jan 17 2011 Adam Tkac 1.0.90-0.30.20110117svn4237 +- update to r4237 +- patches merged + - tigervnc11-optionsdialog.patch + - tigervnc11-rh607866.patch + +* Fri Jan 14 2011 Adam Tkac 1.0.90-0.29.20101208svn4225 +- improve patch for keyboard issues + +* Fri Jan 14 2011 Adam Tkac 1.0.90-0.28.20101208svn4225 +- attempt to fix various keyboard-related issues (key repeating etc) + +* Fri Jan 07 2011 Adam Tkac 1.0.90-0.27.20101208svn4225 +- render "Ok" and "Cancel" buttons in the options dialog correctly + +* Wed Dec 15 2010 Jan Görig 1.0.90-0.26.20101208svn4225 +- added vncserver lock file (#662784) + +* Fri Dec 10 2010 Adam Tkac 1.0.90-0.25.20101208svn4225 +- update to r4225 +- patches merged + - tigervnc11-rh611677.patch + - tigervnc11-rh633931.patch + - tigervnc11-xorg1.10.patch +- enable VeNCrypt and PAM support + +* Mon Dec 06 2010 Adam Tkac 1.0.90-0.24.20100813svn4123 +- rebuild against xserver 1.10.X +- 0001-Return-Success-from-generate_modkeymap-when-max_keys.patch merged + +* Wed Sep 29 2010 jkeating - 1.0.90-0.23.20100813svn4123 +- Rebuilt for gcc bug 634757 + +* Tue Sep 21 2010 Adam Tkac 1.0.90-0.22.20100420svn4030 +- drop xorg-x11-fonts-misc dependency (#636170) + +* Tue Sep 21 2010 Adam Tkac 1.0.90-0.21.20100420svn4030 +- improve patch for #633645 (fix tcsh incompatibilities) + +* Thu Sep 16 2010 Adam Tkac 1.0.90-0.20.20100813svn4123 +- press fake modifiers correctly (#633931) +- supress unneeded debug information emitted from initscript (#633645) + +* Wed Aug 25 2010 Adam Tkac 1.0.90-0.19.20100813svn4123 +- separate Xvnc, vncpasswd and vncconfig to -server-minimal subpkg (#626946) +- move license to separate subpkg and Requires it from main subpkgs +- Xvnc: handle situations when no modifiers exist well (#611677) + +* Fri Aug 13 2010 Adam Tkac 1.0.90-0.18.20100813svn4123 +- update to r4123 (#617973) +- add perl requires to -server subpkg (#619791) + +* Thu Jul 22 2010 Adam Tkac 1.0.90-0.17.20100721svn4113 +- update to r4113 +- patches merged + - tigervnc11-rh586406.patch + - tigervnc11-libvnc.patch + - tigervnc11-rh597172.patch + - tigervnc11-rh600070.patch + - tigervnc11-options.patch +- don't own %%{_datadir}/icons directory (#614301) +- minor improvements in the .desktop file (#616340) +- bundled libjpeg configure requires nasm; is executed even if system-wide + libjpeg is used + +* Fri Jul 02 2010 Adam Tkac 1.0.90-0.16.20100420svn4030 +- build against system-wide libjpeg-turbo (#494458) +- build no longer requires nasm + +* Mon Jun 28 2010 Adam Tkac 1.0.90-0.15.20100420svn4030 +- vncserver: accept <+optname> option when specified as the first one + +* Thu Jun 24 2010 Adam Tkac 1.0.90-0.14.20100420svn4030 +- fix memory leak in Xvnc input code (#597172) +- don't crash when receive negative encoding (#600070) +- explicitly disable udev configuration support +- add gettext-autopoint to BR + +* Mon Jun 14 2010 Adam Tkac 1.0.90-0.13.20100420svn4030 +- update URL about SSH tunneling in the sysconfig file (#601996) + +* Fri Jun 11 2010 Adam Tkac 1.0.90-0.12.20100420svn4030 +- use newer gettext +- autopoint now uses git instead of cvs, adjust BuildRequires appropriately + +* Thu May 13 2010 Adam Tkac 1.0.90-0.11.20100420svn4030 +- link libvnc.so "now" to catch "undefined symbol" errors during Xorg startup +- use always XkbConvertCase instead of XConvertCase (#580159, #586406) +- don't link libvnc.so against libXi.la, libdix.la and libxkb.la; use symbols + from Xorg instead + +* Thu May 13 2010 Adam Tkac 1.0.90-0.10.20100420svn4030 +- update to r4030 snapshot +- patches merged to upstream + - tigervnc11-rh522369.patch + - tigervnc11-rh551262.patch + - tigervnc11-r4002.patch + - tigervnc11-r4014.patch + +* Thu Apr 08 2010 Adam Tkac 1.0.90-0.9.20100219svn3993 +- add server-applet subpackage which contains Java vncviewer applet +- fix Java applet; it didn't work when run from web browser +- add xorg-x11-xkb-utils to server Requires + +* Fri Mar 12 2010 Adam Tkac 1.0.90-0.8.20100219svn3993 +- add French translation to vncviewer.desktop (thanks to Alain Portal) + +* Thu Mar 04 2010 Adam Tkac 1.0.90-0.7.20100219svn3993 +- don't crash during pixel format change (#522369, #551262) + +* Mon Mar 01 2010 Adam Tkac 1.0.90-0.6.20100219svn3993 +- add mesa-dri-drivers and xkeyboard-config to -server Requires +- update to r3993 1.0.90 snapshot + - tigervnc11-noexecstack.patch merged + - tigervnc11-xorg18.patch merged + - xserver18.patch is no longer needed + +* Wed Jan 27 2010 Jan Gorig 1.0.90-0.5.20091221svn3929 +- initscript LSB compliance fixes (#523974) + +* Fri Jan 22 2010 Adam Tkac 1.0.90-0.4.20091221svn3929 +- mark stack as non-executable in jpeg ASM code +- add xorg-x11-xauth to Requires +- add support for X.Org 1.8 +- drop shave sources, they are no longer needed + +* Thu Jan 21 2010 Adam Tkac 1.0.90-0.3.20091221svn3929 +- drop tigervnc-xorg25909.patch, it has been merged to X.Org upstream + +* Thu Jan 07 2010 Adam Tkac 1.0.90-0.2.20091221svn3929 +- add patch for upstream X.Org issue #25909 +- add libXdmcp-devel to build requires to build Xvnc with XDMCP support (#552322) + +* Mon Dec 21 2009 Adam Tkac 1.0.90-0.1.20091221svn3929 +- update to 1.0.90 snapshot +- patches merged + - tigervnc10-compat.patch + - tigervnc10-rh510185.patch + - tigervnc10-rh524340.patch + - tigervnc10-rh516274.patch + +* Mon Oct 26 2009 Adam Tkac 1.0.0-3 +- create Xvnc keyboard mapping before first keypress (#516274) + +* Thu Oct 08 2009 Adam Tkac 1.0.0-2 +- update underlying X source to 1.6.4-0.3.fc11 +- remove bogus '-nohttpd' parameter from /etc/sysconfig/vncservers (#525629) +- initscript LSB compliance fixes (#523974) +- improve -LowColorSwitch documentation and handling (#510185) +- honor dotWhenNoCursor option (and it's changes) every time (#524340) + +* Fri Aug 28 2009 Adam Tkac 1.0.0-1 +- update to 1.0.0 +- tigervnc10-rh495457.patch merged to upstream + +* Mon Aug 24 2009 Karsten Hopp 0.0.91-0.17 +- fix ifnarch s390x for server-module + +* Fri Aug 21 2009 Tomas Mraz - 0.0.91-0.16 +- rebuilt with new openssl + +* Tue Aug 04 2009 Adam Tkac 0.0.91-0.15 +- make Xvnc compilable + +* Sun Jul 26 2009 Fedora Release Engineering - 0.0.91-0.14.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jul 13 2009 Adam Tkac 0.0.91-0.13.1 +- don't write warning when initscript is called with condrestart param (#508367) + +* Tue Jun 23 2009 Adam Tkac 0.0.91-0.13 +- temporary use F11 Xserver base to make Xvnc compilable +- BuildRequires: libXi-devel +- don't ship tigervnc-server-module on s390/s390x + +* Mon Jun 22 2009 Adam Tkac 0.0.91-0.12 +- fix local rendering of cursor (#495457) + +* Thu Jun 18 2009 Adam Tkac 0.0.91-0.11 +- update to 0.0.91 (1.0.0 RC1) +- patches merged + - tigervnc10-rh499401.patch + - tigervnc10-rh497592.patch + - tigervnc10-rh501832.patch +- after discusion in upstream drop tigervnc-bounds.patch +- configure flags cleanup + +* Thu May 21 2009 Adam Tkac 0.0.90-0.10 +- rebuild against 1.6.1.901 X server (#497835) +- disable i18n, vncviewer is not UTF-8 compatible (#501832) + +* Mon May 18 2009 Adam Tkac 0.0.90-0.9 +- fix vncpasswd crash on long passwords (#499401) +- start session dbus daemon correctly (#497592) + +* Mon May 11 2009 Adam Tkac 0.0.90-0.8.1 +- remove merged tigervnc-manminor.patch + +* Tue May 05 2009 Adam Tkac 0.0.90-0.8 +- update to 0.0.90 + +* Thu Apr 30 2009 Adam Tkac 0.0.90-0.7.20090427svn3789 +- server package now requires xorg-x11-fonts-misc (#498184) + +* Mon Apr 27 2009 Adam Tkac 0.0.90-0.6.20090427svn3789 +- update to r3789 + - tigervnc-rh494801.patch merged +- tigervnc-newfbsize.patch is no longer needed +- fix problems when vncviewer and Xvnc run on different endianess (#496653) +- UltraVNC and TightVNC clients work fine again (#496786) + +* Wed Apr 08 2009 Adam Tkac 0.0.90-0.5.20090403svn3751 +- workaround broken fontpath handling in vncserver script (#494801) + +* Fri Apr 03 2009 Adam Tkac 0.0.90-0.4.20090403svn3751 +- update to r3751 +- patches merged + - tigervnc-xclients.patch + - tigervnc-clipboard.patch + - tigervnc-rh212985.patch +- basic RandR support in Xvnc (resize of the desktop) +- use built-in libjpeg (SSE2/MMX accelerated encoding on x86 platform) +- use Tight encoding by default +- use TigerVNC icons + +* Tue Mar 03 2009 Adam Tkac 0.0.90-0.3.20090303svn3631 +- update to r3631 + +* Tue Mar 03 2009 Adam Tkac 0.0.90-0.2.20090302svn3621 +- package review related fixes + +* Mon Mar 02 2009 Adam Tkac 0.0.90-0.1.20090302svn3621 +- initial package, r3621