From a814f45e6baa8f273f12d84dcb74ead7e23edef2 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 06:23:45 +0000 Subject: import vino-3.22.0-7.el7 --- diff --git a/SOURCES/Do-not-listen-all-if-invalid-interface-is-provided.patch b/SOURCES/Do-not-listen-all-if-invalid-interface-is-provided.patch new file mode 100644 index 0000000..1eb791e --- /dev/null +++ b/SOURCES/Do-not-listen-all-if-invalid-interface-is-provided.patch @@ -0,0 +1,68 @@ +From bfa1432ea1972b4272e3a7b8927f7c22094e5e44 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 22 May 2018 21:06:06 +0200 +Subject: [PATCH 2/2] Do not listen all if invalid interface is provided + +It is not a good idea from security point of view to listen all interfaces +in case of invalid interface is provided. We should rather listen to nothing +and print error in journal. + +https://bugzilla.gnome.org/show_bug.cgi?id=796349 +--- + server/libvncserver/sockets.c | 18 ++++++++++++------ + server/vino-server.c | 3 +++ + 2 files changed, 15 insertions(+), 6 deletions(-) + +diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c +index 746a3e5..45df6d5 100644 +--- a/server/libvncserver/sockets.c ++++ b/server/libvncserver/sockets.c +@@ -152,9 +152,13 @@ rfbInitListenSock(rfbScreenInfoPtr rfbScreen) + char *netIface = (char*)rfbScreen->netIface; + int i; + +- if(netIface == NULL || if_nametoindex(netIface) == 0) { +- if(netIface != NULL) +- rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface); ++ if(netIface != NULL && strlen(netIface) > 0) { ++ if(if_nametoindex(netIface) == 0) { ++ rfbLog("(%s) is an invalid network interface\n", netIface); ++ return; ++ } ++ } ++ else { + netIface = NULL; + } + +@@ -748,9 +752,11 @@ rfbSetNetworkInterface(rfbScreenInfoPtr rfbScreen, const char *netIface) + rfbScreen->netIface = netIface; + } + else { +- rfbScreen->netIface = NULL; +- if(netIface != NULL) +- rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface); ++ rfbScreen->netIface = NULL; ++ if(netIface != NULL && strlen(netIface) > 0) { ++ rfbLog("(%s) is an invalid network interface\n", netIface); ++ return FALSE; ++ } + } + + rfbLog("Re-binding socket to listen for VNC connections on TCP port %d in (%s) interface\n", +diff --git a/server/vino-server.c b/server/vino-server.c +index 38b17e3..b8cd755 100644 +--- a/server/vino-server.c ++++ b/server/vino-server.c +@@ -970,6 +970,9 @@ vino_server_init_io_channels(VinoServer *server) + { + dprintf (RFB, "%d ", rfb_screen->rfbListenSock[i]); + ++ if (rfb_screen->rfbListenSock[i] == -1) ++ continue; ++ + server->priv->io_channel[i] = g_io_channel_unix_new (rfb_screen->rfbListenSock[i]); + server->priv->io_watch[i] = g_io_add_watch (server->priv->io_channel[i], + G_IO_IN|G_IO_PRI, +-- +2.17.0 + diff --git a/SOURCES/Do-not-restart-service-after-unclean-exit-code.patch b/SOURCES/Do-not-restart-service-after-unclean-exit-code.patch new file mode 100644 index 0000000..3cd58d1 --- /dev/null +++ b/SOURCES/Do-not-restart-service-after-unclean-exit-code.patch @@ -0,0 +1,31 @@ +From c5e3011b7364729fa2cd4f11761bf1f001a931a4 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 22 May 2018 20:45:45 +0200 +Subject: [PATCH 1/2] Do not restart service after unclean exit code + +Currently, the vino-server.service has Restart=on-failure, which means +that it is restarted in abnormal cases, but also in case of non-zero +exit code. It is restarted 5 times e.g. in case when X11 is not detected, +which doesn't make sense. Non-zero exit code is used only for states +which won't change with restart (invalid commandline, wayland and some +sanity checks). Change the value to Restart=on-abnormal in order to +prevent the useless restarts and to not spam journal. + +https://bugzilla.gnome.org/show_bug.cgi?id=761120 +--- + server/vino-server.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/server/vino-server.service.in b/server/vino-server.service.in +index a48b813..49e9c1f 100644 +--- a/server/vino-server.service.in ++++ b/server/vino-server.service.in +@@ -5,4 +5,4 @@ Description=Vino VNC server + Type=dbus + BusName=org.gnome.Vino + ExecStart=@libexecdir@/vino-server +-Restart=on-failure ++Restart=on-abnormal +-- +2.17.0 + diff --git a/SOURCES/Prevent-monitoring-all-interfaces-after-change-of-ot.patch b/SOURCES/Prevent-monitoring-all-interfaces-after-change-of-ot.patch new file mode 100644 index 0000000..e345b27 --- /dev/null +++ b/SOURCES/Prevent-monitoring-all-interfaces-after-change-of-ot.patch @@ -0,0 +1,41 @@ +From b51d777b733f76844c3a1c72221a76ace460ab26 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Fri, 24 Aug 2018 14:37:11 +0200 +Subject: [PATCH 1/3] Prevent monitoring all interfaces after change of other + props + +Commit bfa1432 prevents monitoring all interfaces if invalid interface +is provided, but it works only in some cases, because the invalid +interface is not remebered and for example consequent change of port +will cause that all interfaces are monitored again. Remember the invalid +interface to prevent monitoring all interfaces even after change of +other properties... + +https://bugzilla.gnome.org/show_bug.cgi?id=796349 +--- + server/libvncserver/sockets.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c +index 45df6d5..ee755eb 100644 +--- a/server/libvncserver/sockets.c ++++ b/server/libvncserver/sockets.c +@@ -748,12 +748,9 @@ rfbSetNetworkInterface(rfbScreenInfoPtr rfbScreen, const char *netIface) + rfbScreen->rfbListenSockTotal = 0; + } + +- if(netIface != NULL && strlen(netIface) > 0 && if_nametoindex(netIface) > 0) { +- rfbScreen->netIface = netIface; +- } +- else { +- rfbScreen->netIface = NULL; +- if(netIface != NULL && strlen(netIface) > 0) { ++ if(netIface != NULL && strlen(netIface) > 0) { ++ rfbScreen->netIface = netIface; ++ if (if_nametoindex(netIface) == 0) { + rfbLog("(%s) is an invalid network interface\n", netIface); + return FALSE; + } +-- +2.17.1 + diff --git a/SOURCES/Properly-remove-watches-when-changing-server-props.patch b/SOURCES/Properly-remove-watches-when-changing-server-props.patch new file mode 100644 index 0000000..24b112b --- /dev/null +++ b/SOURCES/Properly-remove-watches-when-changing-server-props.patch @@ -0,0 +1,74 @@ +From 8775c6fb949acecca39f006f18a32bac5c009e5d Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Fri, 24 Aug 2018 15:11:58 +0200 +Subject: [PATCH 2/3] Properly remove watches when changing server props + +vino_server_init_io_channels calls vino_server_deinit_io_channels +at the beginning, however the watches and channels don't have to be +removed respective closed, because it relies on rfbListenSock array, +which can be already modified as a consequence of changing server +properties. Let's call vino_server_deinit_io_channels before changing +server properties in order to prevent the following errors: + +rfbCheckFds: accept: Invalid argument + +https://bugzilla.gnome.org/show_bug.cgi?id=796349 +--- + server/vino-server.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/server/vino-server.c b/server/vino-server.c +index b8cd755..7e5599b 100644 +--- a/server/vino-server.c ++++ b/server/vino-server.c +@@ -963,8 +963,6 @@ vino_server_init_io_channels(VinoServer *server) + rfbScreenInfoPtr rfb_screen = server->priv->rfb_screen; + int i; + +- vino_server_deinit_io_channels (server); +- + dprintf (RFB, "Creating watch for listening socket [ "); + for (i=0; i < rfb_screen->rfbListenSockTotal; i++) + { +@@ -1085,6 +1083,7 @@ vino_server_init_from_screen (VinoServer *server, + + vino_server_update_security_types (server); + ++ vino_server_deinit_io_channels (server); + vino_server_init_io_channels (server); + + vino_mdns_add_service ("_rfb._tcp", rfb_screen->rfbPort); +@@ -1624,7 +1623,12 @@ vino_server_set_network_interface (VinoServer *server, + server->priv->network_interface = NULL; + + if (server->priv->rfb_screen != NULL) +- rfbSetNetworkInterface (server->priv->rfb_screen, server->priv->network_interface); ++ { ++ vino_server_deinit_io_channels (server); ++ rfbSetNetworkInterface (server->priv->rfb_screen, server->priv->network_interface); ++ vino_server_init_io_channels (server); ++ vino_server_control_upnp (server); ++ } + + g_object_notify (G_OBJECT (server), "network-interface"); + } +@@ -1651,6 +1655,8 @@ vino_server_set_use_alternative_port (VinoServer *server, + + if (server->priv->rfb_screen) + { ++ vino_server_deinit_io_channels (server); ++ + if (server->priv->use_alternative_port) + rfbSetPort (server->priv->rfb_screen, + server->priv->alternative_port); +@@ -1688,6 +1694,7 @@ vino_server_set_alternative_port (VinoServer *server, + if (server->priv->rfb_screen && + server->priv->use_alternative_port) + { ++ vino_server_deinit_io_channels (server); + rfbSetPort (server->priv->rfb_screen, server->priv->alternative_port); + vino_server_init_io_channels (server); + vino_server_control_upnp (server); +-- +2.17.1 + diff --git a/SOURCES/Return-error-if-X11-is-not-detected.patch b/SOURCES/Return-error-if-X11-is-not-detected.patch new file mode 100644 index 0000000..c6e9b02 --- /dev/null +++ b/SOURCES/Return-error-if-X11-is-not-detected.patch @@ -0,0 +1,42 @@ +From d5b743b11a6f102353af719fa34abd5e6c679e77 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 20 Feb 2018 12:26:18 +0100 +Subject: [PATCH] Return error if X11 is not detected + +Vino-server crashes on Wayland in XQueryExtension. Since vino-server is +not expected to work on displays other than X11, let's exit immediately +if GDK_IS_X11_DISPLAY fail. + +https://bugzilla.gnome.org/show_bug.cgi?id=761120 +--- + server/vino-main.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/server/vino-main.c b/server/vino-main.c +index dd95de7..7be3fff 100644 +--- a/server/vino-main.c ++++ b/server/vino-main.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + #include "vino-input.h" + #include "vino-mdns.h" +@@ -273,6 +274,12 @@ main (int argc, char **argv) + g_option_context_free (context); + } + ++ if (!GDK_IS_X11_DISPLAY (gdk_display_get_default ())) ++ { ++ g_printerr ("X11 is not detected\n"); ++ return 1; ++ } ++ + /* GSettings */ + vino.settings = g_settings_new ("org.gnome.Vino"); + +-- +2.17.0 + diff --git a/SPECS/vino.spec b/SPECS/vino.spec index 83065f4..1cf6c14 100644 --- a/SPECS/vino.spec +++ b/SPECS/vino.spec @@ -1,6 +1,6 @@ Name: vino Version: 3.22.0 -Release: 3%{?dist} +Release: 7%{?dist} Summary: A remote desktop system for GNOME License: GPLv2+ @@ -11,6 +11,15 @@ Source0: https://download.gnome.org/sources/%{name}/3.22/%{name}-%{version}.tar. # https://bugzilla.redhat.com/show_bug.cgi?id=1380620 Patch0: revert-gsettings-conversion-file.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1546043 +Patch1: Return-error-if-X11-is-not-detected.patch +Patch2: Do-not-restart-service-after-unclean-exit-code.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1580577 +Patch3: Do-not-listen-all-if-invalid-interface-is-provided.patch +Patch4: Prevent-monitoring-all-interfaces-after-change-of-ot.patch +Patch5: Properly-remove-watches-when-changing-server-props.patch + BuildRequires: pkgconfig(avahi-client) BuildRequires: pkgconfig(avahi-glib) BuildRequires: pkgconfig(gnutls) @@ -45,6 +54,11 @@ connect to a running GNOME session using VNC. %prep %setup -q %patch0 -p1 -b .revert-gsettings-conversion-file +%patch1 -p1 -b .Return-error-if-X11-is-not-detected +%patch2 -p1 -b .Do-not-restart-service-after-unclean-exit-code +%patch3 -p1 -b .Do-not-listen-all-if-invalid-interface-is-provided +%patch4 -p1 -b .Prevent-monitoring-all-interfaces-after-change-of-ot +%patch5 -p1 -b .Properly-remove-watches-when-changing-server-props # Needed for revert-gsettings-conversion-file.patch autoreconf -fi @@ -71,11 +85,11 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/vino-server.desktop %post touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : -%systemd_user_post +%systemd_user_post vino-server.service %preun -%systemd_user_preun +%systemd_user_preun vino-server.service %postun @@ -84,7 +98,7 @@ if [ $1 -eq 0 ]; then gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || : fi -%systemd_user_postun +%systemd_user_postun vino-server.service %posttrans @@ -106,6 +120,23 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || : %changelog +* Mon Aug 27 2018 Ondrej Holy - 3.22.0-7 +- Prevent monitoring all interfaces after change of other props +- Resolves: #1580577 + +* Wed May 23 2018 Ondrej Holy - 3.22.0-6 +- Do not restart service after unclean exit code +- Do not listen all if invalid interface is provided +- Resolves: #1546043, #1580577 + +* Mon May 21 2018 Ondrej Holy - 3.22.0-5 +- Return error if X11 is not detected +- Resolves: #1546043 + +* Mon May 21 2018 Ondrej Holy - 3.22.0-4 +- Add missing parameter for systemd scriptlets +- Resolves: #1507892 + * Thu Mar 2 2017 Ondrej Holy - 3.22.0-3 - Revert GSettings conversion file - Resolves: #1380620