Compare commits

...

No commits in common. 'c9' and 'c8-beta' have entirely different histories.
c9 ... c8-beta

2
.gitignore vendored

@ -1 +1 @@
SOURCES/tigervnc-1.14.1.tar.gz SOURCES/tigervnc-1.13.1.tar.gz

@ -1 +1 @@
bc3c8bc9f454eb307011cd5965251f4a28040a25 SOURCES/tigervnc-1.14.1.tar.gz 6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz

@ -12,7 +12,7 @@
#EndSection #EndSection
#Section "Screen" #Section "Screen"
# Identifier "Screen0 # Identifier "Screen0"
# DefaultDepth 16 # DefaultDepth 16
# Option "SecurityTypes" "VncAuth" # Option "SecurityTypes" "VncAuth"
# Option "PasswordFile" "/root/.vnc/passwd" # Option "PasswordFile" "/root/.vnc/passwd"

@ -0,0 +1,51 @@
diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt
index 052cfb3..c84fb0e 100644
--- a/po/CMakeLists.txt
+++ b/po/CMakeLists.txt
@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
${PROJECT_SOURCE_DIR}/vncviewer/*.h
${PROJECT_SOURCE_DIR}/vncviewer/*.cxx
${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in
- ${PROJECT_SOURCE_DIR}/vncviewer/*.metainfo.xml.in
)
add_custom_target(translations_update
diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt
index 15eac66..450b732 100644
--- a/vncviewer/CMakeLists.txt
+++ b/vncviewer/CMakeLists.txt
@@ -100,34 +100,6 @@ if(UNIX)
add_custom_target(desktop ALL DEPENDS vncviewer.desktop)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications)
- if("${GETTEXT_VERSION_STRING}" VERSION_GREATER 0.19.6)
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
- COMMAND ${GETTEXT_MSGFMT_EXECUTABLE}
- --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
- -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
- )
- elseif(INTLTOOL_MERGE_EXECUTABLE)
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
- COMMAND sed -e 's@<name>@<_name>@\;s@</name>@</_name>@'
- -e 's@<summary>@<_summary>@\;s@</summary>@</_summary>@'
- -e 's@<caption>@<_caption>@\;s@</caption>@</_caption>@'
- -e 's@<p>@<_p>@g\;s@</p>@</_p>@g'
- ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in > org.tigervnc.vncviewer.metainfo.xml.intl
- COMMAND ${INTLTOOL_MERGE_EXECUTABLE}
- -x ${CMAKE_SOURCE_DIR}/po
- org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
- )
- else()
- add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
- COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in org.tigervnc.vncviewer.metainfo.xml
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
- )
- endif()
- add_custom_target(appstream ALL DEPENDS org.tigervnc.vncviewer.metainfo.xml)
- install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tigervnc.vncviewer.metainfo.xml DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/metainfo)
-
foreach(res 16 22 24 32 48 64 128)
install(FILES ../media/icons/tigervnc_${res}.png DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/icons/hicolor/${res}x${res}/apps RENAME tigervnc.png)
endforeach()

@ -0,0 +1,135 @@
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index 6f65e87..3142ba3 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -27,6 +27,8 @@
#include <rdr/InStream.h>
#if !defined(WIN32) && !defined(__APPLE__)
#include <rfb/UnixPasswordValidator.h>
+#include <unistd.h>
+#include <pwd.h>
#endif
#ifdef WIN32
#include <rfb/WinPasswdValidator.h>
@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
bool PasswordValidator::validUser(const char* username)
{
- CharArray users(plainUsers.getValueStr()), user;
+ std::vector<std::string> users;
- while (users.buf) {
- strSplit(users.buf, ',', &user.buf, &users.buf);
-#ifdef WIN32
- if (0 == stricmp(user.buf, "*"))
- return true;
- if (0 == stricmp(user.buf, username))
- return true;
-#else
- if (!strcmp(user.buf, "*"))
- return true;
- if (!strcmp(user.buf, username))
- return true;
+ users = split(plainUsers, ',');
+
+ for (size_t i = 0; i < users.size(); i++) {
+ if (users[i] == "*")
+ return true;
+#if !defined(WIN32) && !defined(__APPLE__)
+ if (users[i] == "%u") {
+ struct passwd *pw = getpwnam(username);
+ if (pw && pw->pw_uid == getuid())
+ return true;
+ }
#endif
+ if (users[i] == username)
+ return true;
}
return false;
}
diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
index 649eb0b..cce73a0 100644
--- a/common/rfb/util.cxx
+++ b/common/rfb/util.cxx
@@ -99,6 +99,26 @@ namespace rfb {
return false;
}
+ std::vector<std::string> split(const char* src,
+ const char delimiter)
+ {
+ std::vector<std::string> out;
+ const char *start, *stop;
+
+ start = src;
+ do {
+ stop = strchr(start, delimiter);
+ if (stop == NULL) {
+ out.push_back(start);
+ } else {
+ out.push_back(std::string(start, stop-start));
+ start = stop + 1;
+ }
+ } while (stop != NULL);
+
+ return out;
+ }
+
bool strContains(const char* src, char c) {
int l=strlen(src);
for (int i=0; i<l; i++)
diff --git a/common/rfb/util.h b/common/rfb/util.h
index f0ac9ef..ed15c28 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -27,6 +27,9 @@
#include <limits.h>
#include <string.h>
+#include <string>
+#include <vector>
+
struct timeval;
#ifdef __GNUC__
@@ -76,6 +79,10 @@ namespace rfb {
// that part of the string. Obviously, setting both to 0 is not useful...
bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
+ // Splits a string with the specified delimiter
+ std::vector<std::string> split(const char* src,
+ const char delimiter);
+
// Returns true if src contains c
bool strContains(const char* src, char c);
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
index c36ae34..78db730 100644
--- a/unix/x0vncserver/x0vncserver.man
+++ b/unix/x0vncserver/x0vncserver.man
@@ -125,8 +125,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
index ea87dea..e9fb654 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -200,8 +200,8 @@ parameter instead.
.B \-PlainUsers \fIuser-list\fP
A comma separated list of user names that are allowed to authenticate via
any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
+to allow any user to authenticate using this security type. Specify \fB%u\fP
+to allow the user of the server process. Default is to deny all users.
.
.TP
.B \-pam_service \fIname\fP, \-PAMService \fIname\fP

@ -0,0 +1,17 @@
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
index f8141959..c5c36539 100644
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
if (strcmp(argv[i], "-inetd") == 0) {
int nullfd;
- dup2(0, 3);
- vncInetdSock = 3;
+ if ((vncInetdSock = dup(0)) == -1)
+ FatalError
+ ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
+
/* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
replaced by /dev/null by OsInit() because the pollfd is not

@ -1,94 +0,0 @@
From e26bc65b92d1e43570619deadf20b965e0952fef Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Wed, 31 Jul 2024 14:43:46 -0500
Subject: [PATCH] vncsession: Move existing log to log.old if present
---
unix/vncserver/vncsession.c | 47 ++++++++++++++++++++++++++++---------
1 file changed, 36 insertions(+), 11 deletions(-)
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
index 98a0432aa..a10e0789e 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -393,8 +393,9 @@ redir_stdio(const char *homedir, const char *display, char **envp)
int fd;
long hostlen;
char* hostname = NULL, *xdgstate;
- char logfile[PATH_MAX], legacy[PATH_MAX];
+ char logdir[PATH_MAX], logfile[PATH_MAX], logfile_old[PATH_MAX], legacy[PATH_MAX];
struct stat st;
+ size_t fmt_len;
fd = open("/dev/null", O_RDONLY);
if (fd == -1) {
@@ -408,15 +409,24 @@ redir_stdio(const char *homedir, const char *display, char **envp)
close(fd);
xdgstate = getenvp("XDG_STATE_HOME", envp);
- if (xdgstate != NULL && xdgstate[0] == '/')
- snprintf(logfile, sizeof(logfile), "%s/tigervnc", xdgstate);
- else
- snprintf(logfile, sizeof(logfile), "%s/.local/state/tigervnc", homedir);
+ if (xdgstate != NULL && xdgstate[0] == '/') {
+ fmt_len = snprintf(logdir, sizeof(logdir), "%s/tigervnc", xdgstate);
+ if (fmt_len >= sizeof(logdir)) {
+ syslog(LOG_CRIT, "Log dir path too long");
+ _exit(EX_OSERR);
+ }
+ } else {
+ fmt_len = snprintf(logdir, sizeof(logdir), "%s/.local/state/tigervnc", homedir);
+ if (fmt_len >= sizeof(logdir)) {
+ syslog(LOG_CRIT, "Log dir path too long");
+ _exit(EX_OSERR);
+ }
+ }
snprintf(legacy, sizeof(legacy), "%s/.vnc", homedir);
- if (stat(logfile, &st) != 0 && stat(legacy, &st) == 0) {
+ if (stat(logdir, &st) != 0 && stat(legacy, &st) == 0) {
syslog(LOG_WARNING, "~/.vnc is deprecated, please consult 'man vncsession' for paths to migrate to.");
- strcpy(logfile, legacy);
+ strcpy(logdir, legacy);
#ifdef HAVE_SELINUX
/* this is only needed to handle historical type changes for the legacy dir */
@@ -431,9 +441,9 @@ redir_stdio(const char *homedir, const char *display, char **envp)
#endif
}
- if (mkdir_p(logfile, 0755) == -1) {
+ if (mkdir_p(logdir, 0755) == -1) {
if (errno != EEXIST) {
- syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
+ syslog(LOG_CRIT, "Failure creating \"%s\": %s", logdir, strerror(errno));
_exit(EX_OSERR);
}
}
@@ -450,9 +460,24 @@ redir_stdio(const char *homedir, const char *display, char **envp)
_exit(EX_OSERR);
}
- snprintf(logfile + strlen(logfile), sizeof(logfile) - strlen(logfile), "/%s%s.log",
- hostname, display);
+ fmt_len = snprintf(logfile, sizeof(logfile), "/%s/%s%s.log", logdir, hostname, display);
+ if (fmt_len >= sizeof(logfile)) {
+ syslog(LOG_CRIT, "Log path too long");
+ _exit(EX_OSERR);
+ }
+ fmt_len = snprintf(logfile_old, sizeof(logfile_old), "/%s/%s%s.log.old", logdir, hostname, display);
+ if (fmt_len >= sizeof(logfile)) {
+ syslog(LOG_CRIT, "Log.old path too long");
+ _exit(EX_OSERR);
+ }
free(hostname);
+
+ if (stat(logfile, &st) == 0) {
+ if (rename(logfile, logfile_old) != 0) {
+ syslog(LOG_CRIT, "Failure renaming log file \"%s\" to \"%s\": %s", logfile, logfile_old, strerror(errno));
+ _exit(EX_OSERR);
+ }
+ }
fd = open(logfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);
if (fd == -1) {
syslog(LOG_CRIT, "Failure creating log file \"%s\": %s", logfile, strerror(errno));

@ -1,7 +1,6 @@
diff --git a/configure.ac b/configure.ac diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac
index 0909cc5b4..c01873200 100644 --- xserver/configure.ac.xserver116-rebased 2016-09-29 13:14:45.595441590 +0200
--- a/configure.ac +++ xserver/configure.ac 2016-09-29 13:14:45.631442006 +0200
+++ b/configure.ac
@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x @@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
AC_CONFIG_HEADERS(include/version-config.h) AC_CONFIG_HEADERS(include/version-config.h)
@ -10,30 +9,35 @@ index 0909cc5b4..c01873200 100644
AC_PROG_LN_S AC_PROG_LN_S
LT_PREREQ([2.2]) LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll]) LT_INIT([disable-static win32-dll])
@@ -1735,6 +1736,14 @@ if test "x$XVFB" = xyes; then @@ -1863,6 +1864,10 @@ if test "x$XVFB" = xyes; then
AC_SUBST([XVFB_SYS_LIBS]) AC_SUBST([XVFB_SYS_LIBS])
fi fi
+dnl Xvnc DDX +dnl Xvnc DDX
+AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"]) +AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"]) +AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
+
+PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no])
+if test "x$GBM" = xyes; then
+ AC_DEFINE(HAVE_GBM, 1, [Have GBM support])
+fi
dnl Xnest DDX dnl Xnest DDX
@@ -2058,7 +2067,6 @@ if test "x$GLAMOR" = xyes; then @@ -1898,6 +1903,8 @@ if test "x$XORG" = xauto; then
[AC_DEFINE(GLAMOR_HAS_EGL_QUERY_DRIVER, 1, [Have GLAMOR_HAS_EGL_QUERY_DRIVER])], fi
[]) AC_MSG_RESULT([$XORG])
- PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no]) +AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
if test "x$GBM" = xyes; then +
AC_DEFINE(GLAMOR_HAS_GBM, 1, if test "x$XORG" = xyes; then
[Build glamor with GBM-based EGL support]) XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
@@ -2523,6 +2531,7 @@ hw/dmx/Makefile XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
@@ -2116,7 +2123,6 @@ if test "x$XORG" = xyes; then
AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
@@ -2691,6 +2697,7 @@ hw/dmx/Makefile
hw/dmx/man/Makefile hw/dmx/man/Makefile
hw/vfb/Makefile hw/vfb/Makefile
hw/vfb/man/Makefile hw/vfb/man/Makefile
@ -41,98 +45,47 @@ index 0909cc5b4..c01873200 100644
hw/xnest/Makefile hw/xnest/Makefile
hw/xnest/man/Makefile hw/xnest/man/Makefile
hw/xwin/Makefile hw/xwin/Makefile
diff --git a/dri3/Makefile.am b/dri3/Makefile.am diff -up xserver/hw/Makefile.am.xserver116-rebased xserver/hw/Makefile.am
index e47a734e0..99c3718a5 100644 --- xserver/hw/Makefile.am.xserver116-rebased 2016-09-29 13:14:45.601441659 +0200
--- a/dri3/Makefile.am +++ xserver/hw/Makefile.am 2016-09-29 13:14:45.631442006 +0200
+++ b/dri3/Makefile.am @@ -38,7 +38,8 @@ SUBDIRS = \
@@ -1,7 +1,7 @@ $(DMX_SUBDIRS) \
noinst_LTLIBRARIES = libdri3.la $(KDRIVE_SUBDIRS) \
AM_CFLAGS = \ $(XQUARTZ_SUBDIRS) \
- -DHAVE_XORG_CONFIG_H \ - $(XWAYLAND_SUBDIRS)
- @DIX_CFLAGS@ @XORG_CFLAGS@ + $(XWAYLAND_SUBDIRS) \
+ @DIX_CFLAGS@ \ + vnc
+ @LIBDRM_CFLAGS@
libdri3_la_SOURCES = \
dri3.h \
diff --git a/dri3/dri3.c b/dri3/dri3.c
index ba32facd7..191252969 100644
--- a/dri3/dri3.c
+++ b/dri3/dri3.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
#include <drm_fourcc.h> DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
diff --git a/dri3/dri3_priv.h b/dri3/dri3_priv.h
index b087a9529..f319d1770 100644
--- a/dri3/dri3_priv.h
+++ b/dri3/dri3_priv.h
@@ -23,6 +23,7 @@
#ifndef _DRI3PRIV_H_
#define _DRI3PRIV_H_
+#include "dix-config.h" diff --git xserver/mi/miinitext.c xserver/mi/miinitext.c
#include <X11/X.h> index 5596e21..003fc3c 100644
#include "scrnintstr.h" --- xserver/mi/miinitext.c
#include "misc.h" +++ xserver/mi/miinitext.c
diff --git a/dri3/dri3_request.c b/dri3/dri3_request.c @@ -107,8 +107,15 @@ SOFTWARE.
index 958877efa..687168930 100644 #include "os.h"
--- a/dri3/dri3_request.c #include "globals.h"
+++ b/dri3/dri3_request.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H +#ifdef TIGERVNC
-#include <xorg-config.h> +extern void vncExtensionInit(INITARGS);
-#endif +#endif
-
#include "dri3_priv.h"
#include <syncsrv.h>
#include <unistd.h>
diff --git a/dri3/dri3_screen.c b/dri3/dri3_screen.c
index b98259753..3c7e5bf60 100644
--- a/dri3/dri3_screen.c
+++ b/dri3/dri3_screen.c
@@ -20,10 +20,6 @@
* OF THIS SOFTWARE.
*/
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
#include "dri3_priv.h"
#include <syncsdk.h>
#include <misync.h>
diff --git a/hw/Makefile.am b/hw/Makefile.am
index 19895dc77..3ecfa8b7a 100644
--- a/hw/Makefile.am
+++ b/hw/Makefile.am
@@ -44,3 +44,5 @@ DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
relink:
$(AM_V_at)for i in $(SUBDIRS) ; do $(MAKE) -C $$i relink || exit 1 ; done
+ +
+SUBDIRS += vnc /* List of built-in (statically linked) extensions */
diff --git a/include/dix-config.h.in b/include/dix-config.h.in static const ExtensionModule staticExtensions[] = {
index f8fc67067..d53c4e72f 100644 +#ifdef TIGERVNC
--- a/include/dix-config.h.in + {vncExtensionInit, "VNC-EXTENSION", NULL},
+++ b/include/dix-config.h.in +#endif
@@ -83,6 +83,9 @@ {GEExtensionInit, "Generic Event Extension", &noGEExtension},
/* Define to 1 if you have the <fcntl.h> header file. */ {ShapeExtensionInit, "SHAPE", NULL},
#undef HAVE_FCNTL_H #ifdef MITSHM
--- xserver/include/os.h~ 2016-10-03 09:07:29.000000000 +0200
+/* Have GBM support */ +++ xserver/include/os.h 2016-10-03 14:13:00.013654506 +0200
+#undef HAVE_GBM @@ -621,7 +621,7 @@
+ extern _X_EXPORT void
/* Define to 1 if you have the `getdtablesize' function. */ LogClose(enum ExitCode error);
#undef HAVE_GETDTABLESIZE extern _X_EXPORT Bool
-LogSetParameter(LogParameter param, int value);
+LogSetParameter(enum _LogParameter param, int value);
extern _X_EXPORT void
LogVWrite(int verb, const char *f, va_list args)
_X_ATTRIBUTE_PRINTF(2, 0);

@ -0,0 +1,32 @@
From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 22 Jan 2024 14:22:12 +1000
Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
event
Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
---
dix/enterleave.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 7b7ba1098b..c1e6ac600e 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
ev->first_valuator = first;
switch (ev->num_valuators) {
case 6:
- ev->valuator2 = v->axisVal[first + 5];
+ ev->valuator5 = v->axisVal[first + 5];
case 5:
- ev->valuator2 = v->axisVal[first + 4];
+ ev->valuator4 = v->axisVal[first + 4];
case 4:
- ev->valuator2 = v->axisVal[first + 3];
+ ev->valuator3 = v->axisVal[first + 3];
case 3:
ev->valuator2 = v->axisVal[first + 2];
case 2:
--
GitLab

@ -1,54 +0,0 @@
From 56351307017e2501f7cd6e31efcfb55c19aba75a Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Thu, 10 Oct 2024 10:37:28 +0200
Subject: [PATCH] xkb: Fix buffer overflow in _XkbSetCompatMap()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
CVE-2024-9632, ZDI-CAN-24756
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: José Expósito <jexposit@redhat.com>
---
xkb/xkb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index f203270d5..70e8279aa 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
XkbSymInterpretPtr sym;
unsigned int skipped = 0;
- if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
- compat->num_si = req->firstSI + req->nSI;
+ if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+ compat->num_si = compat->size_si = req->firstSI + req->nSI;
compat->sym_interpret = reallocarray(compat->sym_interpret,
- compat->num_si,
+ compat->size_si,
sizeof(XkbSymInterpretRec));
if (!compat->sym_interpret) {
- compat->num_si = 0;
+ compat->num_si = compat->size_si = 0;
return BadAlloc;
}
}
--
2.46.2

@ -32,7 +32,7 @@
Description=XVNC Per-Connection Daemon Description=XVNC Per-Connection Daemon
[Service] [Service]
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None -Log *:syslog:30
User=nobody User=nobody
StandardInput=socket StandardInput=socket
StandardError=syslog StandardError=syslog

@ -4,13 +4,13 @@
%global modulename vncsession %global modulename vncsession
Name: tigervnc Name: tigervnc
Version: 1.14.1 Version: 1.13.1
Release: 1%{?dist} Release: 8%{?dist}
Summary: A TigerVNC remote display system Summary: A TigerVNC remote display system
%global _hardened_build 1 %global _hardened_build 1
License: GPL-2.0-or-later License: GPLv2+
URL: http://www.tigervnc.com URL: http://www.tigervnc.com
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
@ -23,11 +23,12 @@ Source5: vncserver
# Downstream patches # Downstream patches
Patch1: tigervnc-use-gnome-as-default-session.patch Patch1: tigervnc-use-gnome-as-default-session.patch
# https://github.com/TigerVNC/tigervnc/pull/1425
Patch2: tigervnc-vncsession-restore-script-systemd-service.patch Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
Patch3: tigervnc-dont-install-appstream-metadata-file.patch
# Upstream patches # Upstream patches
Patch50: tigervnc-vncsession-move-existing-log-to-log-old-if-present.patch Patch50: tigervnc-support-username-alias-in-plainusers.patch
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
# Upstreamable patches # Upstreamable patches
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
@ -38,7 +39,9 @@ Patch100: tigervnc-xserver120.patch
Patch101: 0001-rpath-hack.patch Patch101: 0001-rpath-hack.patch
# XServer patches # XServer patches
Patch200: xorg-CVE-2024-9632.patch # CVE-2024-0229
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
Patch200: xorg-CVE-2024-0229-followup.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -75,22 +78,18 @@ BuildRequires: libXinerama-devel
BuildRequires: libXt-devel BuildRequires: libXt-devel
BuildRequires: libXtst-devel BuildRequires: libXtst-devel
BuildRequires: libdrm-devel BuildRequires: libdrm-devel
BuildRequires: mesa-libgbm-devel
BuildRequires: libtool BuildRequires: libtool
BuildRequires: libxkbfile-devel BuildRequires: libxkbfile-devel
BuildRequires: libxshmfence-devel BuildRequires: libxshmfence-devel
BuildRequires: mesa-libGL-devel BuildRequires: mesa-libGL-devel
BuildRequires: pkgconfig(fontutil) BuildRequires: xorg-x11-font-utils
BuildRequires: pkgconfig(xkbcomp)
BuildRequires: xorg-x11-server-devel BuildRequires: xorg-x11-server-devel
BuildRequires: xorg-x11-server-source BuildRequires: xorg-x11-server-source
BuildRequires: xorg-x11-util-macros BuildRequires: xorg-x11-util-macros
BuildRequires: xorg-x11-xtrans-devel BuildRequires: xorg-x11-xtrans-devel
# SELinux # SELinux
BuildRequires: libselinux-devel BuildRequires: libselinux-devel, selinux-policy-devel, systemd
BuildRequires: selinux-policy-devel
BuildRequires: systemd
Requires(post): coreutils Requires(post): coreutils
Requires(postun):coreutils Requires(postun):coreutils
@ -128,12 +127,10 @@ X session.
%package server-minimal %package server-minimal
Summary: A minimal installation of TigerVNC server Summary: A minimal installation of TigerVNC server
Requires(post): systemd Requires(post): chkconfig
Requires(preun): systemd Requires(preun):chkconfig
Requires(postun): systemd
Requires(post): systemd
Requires: mesa-dri-drivers, xkeyboard-config, xkbcomp Requires: mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
Requires: tigervnc-license, dbus-x11 Requires: tigervnc-license, dbus-x11
%description server-minimal %description server-minimal
@ -190,21 +187,21 @@ pushd unix/xserver
for all in `find . -type f -perm -001`; do for all in `find . -type f -perm -001`; do
chmod -x "$all" chmod -x "$all"
done done
# Xorg patches %patch100 -p1 -b .xserver120-rebased
%patch -P100 -p1 -b .xserver120-rebased %patch101 -p1 -b .rpath
%patch -P101 -p1 -b .rpath %patch200 -p1 -b .xorg-CVE-2024-0229-followup
%patch -P200 -p1 -b .xorg-CVE-2024-9632
popd popd
# Tigervnc patches %patch1 -p1 -b .use-gnome-as-default-session
%patch -P1 -p1 -b .use-gnome-as-default-session %patch2 -p1 -b .vncsession-restore-script-systemd-service
%patch -P2 -p1 -b .vncsession-restore-script-systemd-service %patch3 -p1 -b .dont-install-appstream-metadata-file.patch
# Upstream patches # Upstream patches
%patch -P50 -p1 -b .vncsession-move-existing-log-to-log-old-if-present %patch50 -p1 -b .support-username-alias-in-plainusers
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
# Upstreamable patches # Upstreamable patches
%patch -P80 -p1 -b .dont-get-pointer-position-for-floating-device %patch80 -p1 -b .dont-get-pointer-position-for-floating-device
%build %build
%ifarch sparcv9 sparc64 s390 s390x %ifarch sparcv9 sparc64 s390 s390x
@ -212,22 +209,12 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
%else %else
export CFLAGS="$RPM_OPT_FLAGS -fpic" export CFLAGS="$RPM_OPT_FLAGS -fpic"
%endif %endif
export CXXFLAGS="$CFLAGS -std=c++11" export CXXFLAGS="$CFLAGS"
%define __cmake_builddir %{_target_platform}
mkdir -p %{%__cmake_builddir}
%cmake %{cmake} .
make %{?_smp_mflags}
%cmake_build
pushd unix/xserver pushd unix/xserver
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
sed -i 's@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}/%{_target_platform}@g' hw/vnc/Makefile.am
%endif
autoreconf -fiv autoreconf -fiv
%configure \ %configure \
--disable-xorg --disable-xnest --disable-xvfb --disable-dmx \ --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
@ -237,10 +224,11 @@ autoreconf -fiv
--with-fontdir=%{_datadir}/X11/fonts \ --with-fontdir=%{_datadir}/X11/fonts \
--with-xkb-output=%{_localstatedir}/lib/xkb \ --with-xkb-output=%{_localstatedir}/lib/xkb \
--enable-install-libxf86config \ --enable-install-libxf86config \
--enable-glx --disable-dri --enable-dri2 --enable-dri3 \ --enable-glx --disable-dri --enable-dri2 --disable-dri3 \
--disable-unit-tests \ --disable-unit-tests \
--disable-config-hal \ --disable-config-hal \
--disable-config-udev \ --disable-config-udev \
--with-dri-driver-path=%{_libdir}/dri \
--without-dtrace \ --without-dtrace \
--disable-devel-docs \ --disable-devel-docs \
--disable-selective-werror --disable-selective-werror
@ -249,11 +237,7 @@ make %{?_smp_mflags}
popd popd
# Build icons # Build icons
%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
pushd %{_target_platform}/media
%else
pushd media pushd media
%endif
make make
popd popd
@ -262,19 +246,19 @@ pushd unix/vncserver/selinux
make make
popd popd
%install %install
%cmake_install %make_install
rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
pushd unix/xserver/hw/vnc pushd unix/xserver/hw/vnc
%make_install make install DESTDIR=%{buildroot}
popd popd
# Install systemd unit file
pushd unix/vncserver/selinux pushd unix/vncserver/selinux
make install DESTDIR=%{buildroot} make install DESTDIR=%{buildroot}
popd popd
# Install systemd unit file # Install systemd unit file
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
@ -288,21 +272,7 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps
done done
popd popd
appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml
desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop
%if 0%{?rhel} > 9
# Install a replacement for /usr/bin/vncserver which will tell the user to read the
# HOWTO.md file
cat <<EOF > %{buildroot}/%{_bindir}/vncserver
#!/bin/bash
echo "vncserver has been replaced by a systemd unit."
echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
EOF
chmod +x %{buildroot}/%{_bindir}/vncserver
%else
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
%endif
%find_lang %{name} %{name}.lang %find_lang %{name} %{name}.lang
@ -313,14 +283,15 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%post server %post server
%systemd_post xvnc@.service %systemd_post xvnc.service
%systemd_post xvnc.socket %systemd_post xvnc.socket
%preun server %preun server
%systemd_preun xvnc.service
%systemd_preun xvnc.socket %systemd_preun xvnc.socket
%postun server %postun server
%systemd_postun xvnc@.service %systemd_postun xvnc.service
%systemd_postun xvnc.socket %systemd_postun xvnc.socket
%pre selinux %pre selinux
@ -342,7 +313,6 @@ fi
%{_bindir}/vncviewer %{_bindir}/vncviewer
%{_datadir}/applications/* %{_datadir}/applications/*
%{_mandir}/man1/vncviewer.1* %{_mandir}/man1/vncviewer.1*
%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml
%files server %files server
%config(noreplace) %{_sysconfdir}/pam.d/tigervnc %config(noreplace) %{_sysconfdir}/pam.d/tigervnc
@ -352,8 +322,8 @@ fi
%{_unitdir}/vncserver@.service %{_unitdir}/vncserver@.service
%{_unitdir}/xvnc@.service %{_unitdir}/xvnc@.service
%{_unitdir}/xvnc.socket %{_unitdir}/xvnc.socket
%{_bindir}/vncserver
%{_bindir}/x0vncserver %{_bindir}/x0vncserver
%{_bindir}/vncserver
%{_sbindir}/vncsession %{_sbindir}/vncsession
%{_libexecdir}/vncserver %{_libexecdir}/vncserver
%{_libexecdir}/vncsession-start %{_libexecdir}/vncsession-start
@ -373,7 +343,7 @@ fi
%files server-module %files server-module
%{_libdir}/xorg/modules/extensions/libvnc.so %{_libdir}/xorg/modules/extensions/libvnc.so
%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf %config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
%files license %files license
%{_docdir}/tigervnc/LICENCE.TXT %{_docdir}/tigervnc/LICENCE.TXT
@ -386,286 +356,229 @@ fi
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog %changelog
* Fri Nov 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.1-1
- 1.14.1
Resolves: RHEL-66600
- Fix CVE-2024-9632: xorg-x11-server: heap-based buffer overflow privilege escalation vulnerability
Resolves: RHEL-62000
* Mon Aug 05 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-11
- vncsession: use /bin/sh if the user shell is not set
Resolves: RHEL-50679
* Tue May 28 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
- vncconfig: add option to force view-only remote client connections
Resolves: RHEL-12144
* Tue Apr 16 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Resolves: RHEL-30756
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
Resolves: RHEL-30768
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Resolves: RHEL-30762
* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8 * Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
- Fix copy/paste error in the DeviceStateNotify - Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20533 Resolves: RHEL-20530
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7 * Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20389 Resolves: RHEL-20388
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20383 Resolves: RHEL-20382
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20533 Resolves: RHEL-20530
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21213 Resolves: RHEL-21214
* Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6 * Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
- Use dup() to get available file descriptor when using -inetd option - Use dup() to get available file descriptor when using -inetd option
Resolves: RHEL-19858 Resolves: RHEL-21000
* Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5 * Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18414 Resolves: RHEL-18410
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18426 Resolves: RHEL-18422
* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4 * Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15237 Resolves: RHEL-15236
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty - Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15249 Resolves: RHEL-15230
* Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3 * Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
- Support username alias in PlainUsers - Support username alias in PlainUsers
Resolves: RHEL-8430 Resolves: RHEL-4258
* Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2 * Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
Escalation Vulnerability Escalation Vulnerability
Resolves: bz#2180310 Resolves: bz#2180306
* Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1 * Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
- 1.13.1 - 1.13.1
Resolves: bz#2175732 Resolves: bz#2175748
- Restore "--fallbacktofreeport" option in the vncserver script
* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12 Resolves: bz#2174398
- SELinux: allow vncsession create .vnc directory
Resolves: bz#2164703
* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-11
- Add sanity check when cleaning up keymap changes
Resolves: bz#2169965
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10 * Thu Dec 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation - Bump build version to fix upgrade path
Resolves: bz#2167061 Resolves: bz#1437569
* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-9 * Fri Nov 18 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
- Rebuild for xorg-x11-server CVEs
Resolves: CVE-2022-4283 (bz#2154234)
Resolves: CVE-2022-46340 (bz#2154221)
Resolves: CVE-2022-46341 (bz#2154224)
Resolves: CVE-2022-46342 (bz#2154226)
Resolves: CVE-2022-46343 (bz#2154228)
Resolves: CVE-2022-46344 (bz#2154230)
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
- x0vncserver: add new keysym in case we don't find matching keycode
+ actually apply the patch
Resolves: bz#2119017
* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
- x0vncserver: add new keysym in case we don't find matching keycode - x0vncserver: add new keysym in case we don't find matching keycode
Resolves: bz#2119017 Resolves: bz#1437569
* Mon Oct 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5 * Wed Aug 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
- x0vncserver: fix ghost cursor in zaphod mode (better version) - x0vncserver: fix ghost cursor in zaphod mode (better version)
Resolves: bz#2119016 Resolves: bz#2109679
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4 * Wed Aug 17 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
- Add BR: libXdamage, libXfixes, libXrandr - x0vncserver: fix ghost cursor in zaphod mode
Resolves: bz#2091833 Resolves: bz#2109679
* Tue Apr 05 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3 * Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
- Do not run systemd_preun on Xvnc service file - BR: libXdamage, libXfixes, libXrandr
Resolves: bz#2048011 Resolves: bz#2088733
* Mon Apr 04 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2 * Tue Feb 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
- Drop unexisting option from the old vncserver script
Resolves: bz#2021893
* Wed Mar 23 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
- 1.12.0 + sync with Fedora
Resolves: bz#2048011
Resolves: bz#2021893
* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
- Added vncsession-restore script for SELinux policy migration - Added vncsession-restore script for SELinux policy migration
Fix SELinux context for root user Fix SELinux context for root user
Resolves: bz#2049506 Resolves: bz#2021892
* Fri Nov 26 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-20 * Fri Jan 21 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
- Rebuild for absence in RHEL 9.0 - Fix crash in vncviewer
Resolves: bz#1985858 Resolves: bz#2021892
* Mon Aug 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-19 * Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
- Sync upstream patches + drop unused patches - Remove unavailable option from vncserver script
Resolves: bz#1985858 Resolves: bz#2021892
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-18 * Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - 1.12.0
Related: rhbz#1991688 Resolves: bz#2021892
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-17 * Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
- Fix logout from VNC session using vncserver - Fix logout from VNC session using vncserver
Resolves: bz#1983704 Resolves: bz#1983706
* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-16 * Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
- Bump version for rebuild (binutils) - Run all SELinux RPM macros on correct package
Resolves: bz#1961488 Resolves: bz#1907963
* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-14 * Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-7
- SELinux improvements - SELinux improvements
Resolves: bz#1961488 Resolves: bz#1907963
- Fix endianness issue on s390x * Tue Dec 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
Resolves: bz#1963029 - Use GNOME as default session
Resolves: bz#1853608
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-13
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
- Make sure we log properly output to journal (actually log to syslog)
* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12 Resolves: bz#1841537
- Include RHEL8 patches
* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11 - Make sure we log properly output to journal
- Enable old vncserver script for RHEL 9 Resolves: bz#1841537
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10 * Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - vncserver: ignore new "session" parameter from the new systemd support
Resolves: bz#1897504
* Thu Dec 10 07:45:46 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
- vncserver: ignore new session parameter from the new systemd support * Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
- Revert removal of vncserver
* Fri Nov 13 14:08:29 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8 Resolves: bz#1897504
- Use /run instead of /var/run which is just a symlink - Correctly start vncsession as a daemon
Resolves: bz#1897498
* Thu Nov 05 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.11.0-7
- Require xkbcomp directly, not xorg-x11-xkb-utils. The latter has had * Tue Oct 20 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
Provides xkbcomp for years. - Update to 1.11.0
Resolves: bz#1880985
* Tue Sep 29 13:12:22 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6 - Backport fix to allow Tigervnc use boolean values in config files
- Backport upstream fix allowing Tigervnc to specify boolean valus in configuration Resolves: bz#1883415
- Revert removal of vncserver for F32 and F33
* Wed Sep 30 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-8
* Thu Sep 24 07:14:06 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5 - Tolerate specifying -BoolParam 0 and similar
- Actually install the HOWTO.md file Resolves: bz#1883415
* Wed Sep 23 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4 * Wed Jul 08 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-7
- Call systemd macros on correct service file - Enable server module on s390x
Resolves: bz#1854925
* Tue Sep 22 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
- Do not overwrite libvnc.conf config file * Fri Jul 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-6
- Remove trailing spaces in user name
* Thu Sep 17 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2 Resolves: bz#1852432
* Thu Jun 25 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
- Install the HOWTO file to correct location
- Add /usr/bin/vncserver file informing users to read the HOWTO.md file - Add /usr/bin/vncserver file informing users to read the HOWTO.md file
Resolves: bz#1790443
* Wed Sep 09 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1 * Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-4
- 1.11.0 - Improve SELinux policy
Resolves: bz#1790443
* Mon Aug 24 2020 Jan Grulich <jgrulich@redhat.com. - 1.10.90-1 * Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-3
- Update to 1.10.90 (1.11.0 beta) - Add a HOWTO.md file with instructions how to start VNC server
Resolves: bz#1790443
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-9 * Tue May 26 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
- Second attempt - Rebuilt for - Make the systemd service run also for root user
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Resolves: bz#1790443
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-8 * Mon Apr 27 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - Update to 1.10.1
Resolves: bz#1806992
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-7 - Add proper systemd support
- Use make macros Resolves: bz#1790443
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 1.10.1-6 * Tue Jan 28 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-13
- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 - Bump build because of z-stream
Resolves: bz#1671714
* Sun Apr 19 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5 * Wed Dec 11 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-12
- Requires: dbus-x11 - Fix installation of systemd files
Resolves: bz#1825331 Resolves: bz#1671714
* Fri Mar 13 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.10.1-4 * Wed Nov 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-11
- Fix build with xserver 1.20.7 - Use wrapper script to workaround systemd issues
Resolves: bz#1671714
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-3 * Fri Jul 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Do not return returncode indicating error when running "vncserver -list"
Resolves: bz#1727860
* Mon Jan 13 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2 * Fri Feb 08 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-9
- Build with -std=c++11 - Make tigervnc systemd service a user service
Resolves: bz#1639846
* Fri Dec 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1 * Mon Jan 21 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-8
- Update to 1.10.1 - Kill the session automatically only when Gnome is installed
Resolves: bz#1665876
* Tue Dec 10 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-2 * Tue Nov 20 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-7
- Properly install systemd files - Improve coverity scan fixes
Resolves: bz#1602714
* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-1 Inform whether view-only password is used or not
- Update to 1.10.0 Resolves: bz#1639169
* Fri Oct 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.90-1 Backport fixes from RHEL 7
- Update to 1.9.90 (1.10 beta) Resolves: bz#1651254
- Add systemd user service file
- Use a wrapper for systemd system service file to workaround systemd limitations
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7 * Tue Oct 09 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - Do not crash passwd when using malloc perturb checks
Resolves: bz#1637086
* Fri Jul 19 2019 Dan Horák <dan[at]danny.cz> - 1.9.0-6
- drop the s390x special handling (related #1727029)
* Wed Jun 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5 * Mon Oct 08 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
- Add missing arguments to systemd_postun scriptlets - Improve coverity scan fixes
Resolves: bz#1716411 Resolves: bz#1602714
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4 * Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - Improve coverity scan fixes
Resolves: bz#1602714
* Tue Sep 25 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3 * Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
- Do not crash passwd when using malloc perturb checks - Fix some coverity scan issues
Resolves: bz#1631483 Resolves: bz#1602714
* Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2 * Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2
- Ignore buttons in mouse leave events - Remove dependency on initscripts
Resolves: bz#1609516
* Tue Jul 17 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-1 * Tue Jul 17 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-1
- Update to 1.9.0 - Update to 1.9.0 + sync with Fedora
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.90-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jul 4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.90-2
- Clean up spec: use macros consistenly, drop old sys-v migrations
- Drop ancient obsolete/provides
* Thu Jun 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.90-1
- Update to 1.8.90
* Wed Jun 13 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-10 * Tue Jun 12 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-10
- Fix tigervnc systemd unit file - Fix GLX initialization with Xorg 1.20
Resolves: bz#1583159
* Wed Jun 06 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-9 * Tue May 29 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-9
- Fix GLX initialization with 1.20 - Build against Xorg 1.20
* Wed Apr 04 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-8 * Mon May 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-8
- Rebuild for xserver 1.20 - Drop BR: ImageMagick
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

Loading…
Cancel
Save