From 2bf60087e83e394675400aaac8225d038af2c982 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2016 06:15:34 +0000 Subject: import tigervnc-1.3.1-9.el7 --- diff --git a/SOURCES/0001-rpath-hack.patch b/SOURCES/0001-rpath-hack.patch new file mode 100644 index 0000000..a0c3c10 --- /dev/null +++ b/SOURCES/0001-rpath-hack.patch @@ -0,0 +1,28 @@ +From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001 +From: Adam Jackson +Date: Thu, 12 Nov 2015 11:10:11 -0500 +Subject: [PATCH] rpath hack + +Normally, rpath is undesirable. But for the X server we _know_ we need +Mesa's libGL, which will always be in %{_libdir}, and not any third-party +libGL that may be configured using ld.so.conf. + +--- + configure.ac | 1 + + 1 files changed, 1 insertions(+), 0 deletion(-) + +diff --git a/configure.ac b/configure.ac +index fa15a2d..a5af1e0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1330,6 +1330,7 @@ if test "x$GLX_USE_TLS" = xyes ; then + GLX_DEFINES="-DGLX_USE_TLS -DPTHREADS" + GLX_SYS_LIBS="$GLX_SYS_LIBS -lpthread" + fi ++GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)" + AC_SUBST([GLX_DEFINES]) + AC_SUBST([GLX_SYS_LIBS]) + +-- +2.5.0 + diff --git a/SOURCES/tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch b/SOURCES/tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch new file mode 100644 index 0000000..3623b14 --- /dev/null +++ b/SOURCES/tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch @@ -0,0 +1,14 @@ +diff --git a/unix/vncserver b/unix/vncserver +index a6c890f..687ef72 100755 +--- a/unix/vncserver ++++ b/unix/vncserver +@@ -208,7 +208,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { + $displayNumber = $1; + shift(@ARGV); + if (!&CheckDisplayNumber($displayNumber)) { +- die "A VNC server is already running as :$displayNumber\n"; ++ warn "A VNC server is already running as :$displayNumber\n"; ++ $displayNumber = &GetDisplayNumber(); + } + } elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) { + &Usage(); diff --git a/SOURCES/tigervnc-1.3.1-repair-so-reuseaddr.patch b/SOURCES/tigervnc-1.3.1-repair-so-reuseaddr.patch new file mode 100644 index 0000000..7443f3f --- /dev/null +++ b/SOURCES/tigervnc-1.3.1-repair-so-reuseaddr.patch @@ -0,0 +1,27 @@ +diff --git a/common/network/TcpSocket.cxx b/common/network/TcpSocket.cxx +index 83387ab..0d94522 100644 +--- a/common/network/TcpSocket.cxx ++++ b/common/network/TcpSocket.cxx +@@ -434,10 +434,6 @@ TcpListener::TcpListener(const struct sockaddr *listenaddr, + } + #endif /* defined(IPV6_V6ONLY) */ + +- if (bind(sock, &sa.u.sa, listenaddrlen) == -1) { +- closesocket(sock); +- throw SocketException("failed to bind socket", errorNumber); +- } + #ifndef WIN32 + // - By default, close the socket on exec() + fcntl(sock, F_SETFD, FD_CLOEXEC); +@@ -452,6 +448,11 @@ TcpListener::TcpListener(const struct sockaddr *listenaddr, + fd = sock; + #endif + ++ if (bind(sock, &sa.u.sa, listenaddrlen) == -1) { ++ closesocket(sock); ++ throw SocketException("failed to bind socket", errorNumber); ++ } ++ + // - Set it to be a listening socket + if (listen(sock, 5) < 0) { + int e = errorNumber; diff --git a/SOURCES/tigervnc11-rh692048.patch b/SOURCES/tigervnc11-rh692048.patch index 924c1cf..7d0d487 100644 --- a/SOURCES/tigervnc11-rh692048.patch +++ b/SOURCES/tigervnc11-rh692048.patch @@ -1,44 +1,30 @@ -diff -up tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx.rh690245 tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx ---- tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx.rh690245 2011-02-21 14:14:16.000000000 +0100 -+++ tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx 2011-03-31 09:47:34.519099718 +0200 -@@ -45,7 +45,7 @@ StringParameter SecurityClient::secTypes - ("SecurityTypes", - "Specify which security scheme to use (None, VncAuth)", - #ifdef HAVE_GNUTLS -- "X509Plain,TLSPlain,X509Vnc,TLSVnc,X509None,TLSNone,VncAuth,None", -+ "VeNCrypt,X509Plain,TLSPlain,X509Vnc,TLSVnc,X509None,TLSNone,VncAuth,None", - #else - "VncAuth,None", - #endif -diff -up tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx.rh690245 tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx ---- tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx.rh690245 2011-02-21 14:14:16.000000000 +0100 -+++ tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx 2011-03-31 09:47:34.519099718 +0200 -@@ -67,7 +67,6 @@ const std::list Security::GetEn +From 1f8aba3147ec13aaa70a44372775b72bb4e59941 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Tue, 29 Dec 2015 15:02:11 +0100 +Subject: Add workaround for Vino's VeNCrypt implementation + + +diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx +index e623ab5..0666041 100644 +--- a/common/rfb/Security.cxx ++++ b/common/rfb/Security.cxx +@@ -74,7 +74,18 @@ const std::list Security::GetEnabledSecTypes(void) list result; list::iterator i; - + - result.push_back(secTypeVeNCrypt); ++ /* Partial workaround for Vino's stupid behaviour. It doesn't allow ++ * the basic authentication types as part of the VeNCrypt handshake, ++ * making it impossible for a client to do opportunistic encryption. ++ * At least make it possible to connect when encryption is explicitly ++ * disabled. */ ++ for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) { ++ if (*i >= 0x100) { ++ result.push_back(secTypeVeNCrypt); ++ break; ++ } ++ } ++ for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) if (*i < 0x100) result.push_back(*i); -@@ -105,8 +104,6 @@ bool Security::IsSupported(U32 secType) - for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) - if (*i == secType) - return true; -- if (secType == secTypeVeNCrypt) -- return true; - - return false; - } -diff -up tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx.rh690245 tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx ---- tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx.rh690245 2011-02-21 14:50:17.000000000 +0100 -+++ tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx 2011-03-31 10:06:43.595362302 +0200 -@@ -39,7 +39,7 @@ StringParameter SecurityServer::secTypes - ("SecurityTypes", - "Specify which security scheme to use (None, VncAuth)", - #ifdef HAVE_GNUTLS -- "VncAuth,TLSVnc", -+ "VncAuth", - #else - "VncAuth", - #endif diff --git a/SOURCES/vncserver.service b/SOURCES/vncserver.service index 4cec744..911986e 100644 --- a/SOURCES/vncserver.service +++ b/SOURCES/vncserver.service @@ -2,8 +2,10 @@ # # Quick HowTo: # 1. Copy this file to /etc/systemd/system/vncserver@.service -# 2. Edit and vncserver parameters appropriately -# ("runuser -l -c /usr/bin/vncserver %i -arg1 -arg2") +# 2. Edit /etc/systemd/system/vncserver@.service, replacing +# with the actual user name. Leave the remaining lines of the file unmodified +# (ExecStart=/usr/sbin/runuser -l -c "/usr/bin/vncserver %i" +# PIDFile=/home//.vnc/%H%i.pid) # 3. Run `systemctl daemon-reload` # 4. Run `systemctl enable vncserver@:.service` # diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec index 2e2d47b..de0ed46 100644 --- a/SPECS/tigervnc.spec +++ b/SPECS/tigervnc.spec @@ -1,6 +1,6 @@ Name: tigervnc Version: 1.3.1 -Release: 4%{?dist} +Release: 9%{?dist} Summary: A TigerVNC remote display system Group: User Interface/Desktops @@ -59,9 +59,13 @@ Patch28: tigervnc-set-initial-mode-as-prefered.patch Patch29: tigervnc-CVE-2014-8241.patch Patch30: tigervnc-1.3.1-CVE-2014-8240.patch Patch31: tigervnc-inetd-crash.patch +Patch32: tigervnc-1.3.1-repair-so-reuseaddr.patch +Patch33: tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch # This is tigervnc-%{version}/unix/xserver116.patch rebased on the latest xorg Patch100: tigervnc-xserver117.patch +# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start +Patch101: 0001-rpath-hack.patch %description Virtual Network Computing (VNC) is a remote display system which @@ -167,6 +171,7 @@ for all in `find . -type f -perm -001`; do chmod -x "$all" done %patch100 -p1 -b .xserver117 +%patch101 -p1 -b .rpath popd # Applied Debian patch to fix busy loop when run from inetd in nowait @@ -222,6 +227,12 @@ popd # Bug 1283925 - segfault in network::TcpListener::TcpListener %patch31 -p1 -b .tigervnc-inetd-crash +# Bug 1332575 - vncExtInit: failed to bind socket: Address already in use (98) +%patch32 -p1 -b .repair-so-reuseaddr + +# Bug 1322155 - Xorg socket conflict for VNC port 5901 +%patch33 -p1 -b .do-not-die-when-port-is-already-taken + %build %ifarch sparcv9 sparc64 s390 s390x export CFLAGS="$RPM_OPT_FLAGS -fPIC" @@ -253,7 +264,8 @@ autoreconf -fiv --without-dtrace \ --disable-unit-tests \ --disable-devel-docs \ - --disable-selective-werror + --disable-selective-werror \ + --enable-listen-tcp make %{?_smp_mflags} popd @@ -391,9 +403,31 @@ fi %{_datadir}/icons/hicolor/*/apps/* %changelog +* Tue Sep 13 2016 Adam Jackson - 1.3.1-9 +- Force DT_RUNPATH to point to Mesa's libGL + Resolves: bz#1326867 + +* Thu Jun 02 2016 Jan Grulich - 1.3.1-8 +- Make other security types work + Resolves: bz#1341969 + +* Wed May 25 2016 Jan Grulich - 1.3.1-7 +- Restore default behaviour to listen on TCP + Resolves: bz#1304646 + +* Tue May 24 2016 Jan Grulich - 1.3.1-6 +- Do not fail to bind a network socket + Resolves: bz#1332575 +- Do not die when port is already taken + Resolves: bz#1322155 + +* Thu Mar 24 2016 Jan Grulich - 1.3.1-5 +- Update comments in vncserver configuration file example + Resolves: bz#1295275 + * Tue Feb 02 2016 Jan Grulich - 1.3.1-4 - Do not crash when using -inetd option - Resolves: bz#1304700 + Resolves: bz#1283925 * Wed Sep 02 2015 Jan Grulich - 1.3.1-3 - Do not mention that display number is required in the file name