diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a01770f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/vino-3.22.0.tar.xz diff --git a/.vino.metadata b/.vino.metadata new file mode 100644 index 0000000..71f1364 --- /dev/null +++ b/.vino.metadata @@ -0,0 +1 @@ +e2c0fa2fd7f74da66f5aec5033fd6541a8e5c485 SOURCES/vino-3.22.0.tar.xz diff --git a/SOURCES/Do-not-listen-all-if-invalid-interface-is-provided.patch b/SOURCES/Do-not-listen-all-if-invalid-interface-is-provided.patch new file mode 100644 index 0000000..1eb791e --- /dev/null +++ b/SOURCES/Do-not-listen-all-if-invalid-interface-is-provided.patch @@ -0,0 +1,68 @@ +From bfa1432ea1972b4272e3a7b8927f7c22094e5e44 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 22 May 2018 21:06:06 +0200 +Subject: [PATCH 2/2] Do not listen all if invalid interface is provided + +It is not a good idea from security point of view to listen all interfaces +in case of invalid interface is provided. We should rather listen to nothing +and print error in journal. + +https://bugzilla.gnome.org/show_bug.cgi?id=796349 +--- + server/libvncserver/sockets.c | 18 ++++++++++++------ + server/vino-server.c | 3 +++ + 2 files changed, 15 insertions(+), 6 deletions(-) + +diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c +index 746a3e5..45df6d5 100644 +--- a/server/libvncserver/sockets.c ++++ b/server/libvncserver/sockets.c +@@ -152,9 +152,13 @@ rfbInitListenSock(rfbScreenInfoPtr rfbScreen) + char *netIface = (char*)rfbScreen->netIface; + int i; + +- if(netIface == NULL || if_nametoindex(netIface) == 0) { +- if(netIface != NULL) +- rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface); ++ if(netIface != NULL && strlen(netIface) > 0) { ++ if(if_nametoindex(netIface) == 0) { ++ rfbLog("(%s) is an invalid network interface\n", netIface); ++ return; ++ } ++ } ++ else { + netIface = NULL; + } + +@@ -748,9 +752,11 @@ rfbSetNetworkInterface(rfbScreenInfoPtr rfbScreen, const char *netIface) + rfbScreen->netIface = netIface; + } + else { +- rfbScreen->netIface = NULL; +- if(netIface != NULL) +- rfbLog("WARNING: This (%s) a invalid network interface, set to all\n", netIface); ++ rfbScreen->netIface = NULL; ++ if(netIface != NULL && strlen(netIface) > 0) { ++ rfbLog("(%s) is an invalid network interface\n", netIface); ++ return FALSE; ++ } + } + + rfbLog("Re-binding socket to listen for VNC connections on TCP port %d in (%s) interface\n", +diff --git a/server/vino-server.c b/server/vino-server.c +index 38b17e3..b8cd755 100644 +--- a/server/vino-server.c ++++ b/server/vino-server.c +@@ -970,6 +970,9 @@ vino_server_init_io_channels(VinoServer *server) + { + dprintf (RFB, "%d ", rfb_screen->rfbListenSock[i]); + ++ if (rfb_screen->rfbListenSock[i] == -1) ++ continue; ++ + server->priv->io_channel[i] = g_io_channel_unix_new (rfb_screen->rfbListenSock[i]); + server->priv->io_watch[i] = g_io_add_watch (server->priv->io_channel[i], + G_IO_IN|G_IO_PRI, +-- +2.17.0 + diff --git a/SOURCES/Do-not-restart-service-after-unclean-exit-code.patch b/SOURCES/Do-not-restart-service-after-unclean-exit-code.patch new file mode 100644 index 0000000..3cd58d1 --- /dev/null +++ b/SOURCES/Do-not-restart-service-after-unclean-exit-code.patch @@ -0,0 +1,31 @@ +From c5e3011b7364729fa2cd4f11761bf1f001a931a4 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 22 May 2018 20:45:45 +0200 +Subject: [PATCH 1/2] Do not restart service after unclean exit code + +Currently, the vino-server.service has Restart=on-failure, which means +that it is restarted in abnormal cases, but also in case of non-zero +exit code. It is restarted 5 times e.g. in case when X11 is not detected, +which doesn't make sense. Non-zero exit code is used only for states +which won't change with restart (invalid commandline, wayland and some +sanity checks). Change the value to Restart=on-abnormal in order to +prevent the useless restarts and to not spam journal. + +https://bugzilla.gnome.org/show_bug.cgi?id=761120 +--- + server/vino-server.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/server/vino-server.service.in b/server/vino-server.service.in +index a48b813..49e9c1f 100644 +--- a/server/vino-server.service.in ++++ b/server/vino-server.service.in +@@ -5,4 +5,4 @@ Description=Vino VNC server + Type=dbus + BusName=org.gnome.Vino + ExecStart=@libexecdir@/vino-server +-Restart=on-failure ++Restart=on-abnormal +-- +2.17.0 + diff --git a/SOURCES/Fix-crashes-under-FIPS.patch b/SOURCES/Fix-crashes-under-FIPS.patch new file mode 100644 index 0000000..dddf33a --- /dev/null +++ b/SOURCES/Fix-crashes-under-FIPS.patch @@ -0,0 +1,45 @@ +From 403bb480066605ee6270fa2c7c1fd55bf5d1dbe6 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 15 Jun 2021 10:10:11 +0200 +Subject: [PATCH] Fix crashes under FIPS + +When FIPS mode is enabled, gnutls_dh_params_generate2 returns 0, because +DH_BITS is 1024, which is too small for FIPS. This causes +gnutls_anon_set_server_dh_params to crash. Let's use +gnutls_sec_param_to_pk_bits instead of the hardcoded DH_BITS value. It +returns 2048 for GNUTLS_SEC_PARAM_MEDIUM, which is big enough. Just a note +that the similar downstream patch is used for TigerVNC already. +--- + server/libvncserver/auth.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/server/libvncserver/auth.c b/server/libvncserver/auth.c +index cfaed55..639d3c5 100644 +--- a/server/libvncserver/auth.c ++++ b/server/libvncserver/auth.c +@@ -32,19 +32,17 @@ void + rfbAuthInitScreen(rfbScreenInfoPtr rfbScreen) + { + #ifdef VINO_HAVE_GNUTLS +-#define DH_BITS 1024 +- + gnutls_global_init(); + + gnutls_anon_allocate_server_credentials(&rfbScreen->anonCredentials); + + gnutls_dh_params_init(&rfbScreen->dhParams); +- gnutls_dh_params_generate2(rfbScreen->dhParams, DH_BITS); ++ gnutls_dh_params_generate2(rfbScreen->dhParams, ++ gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, ++ GNUTLS_SEC_PARAM_MEDIUM)); + + gnutls_anon_set_server_dh_params(rfbScreen->anonCredentials, + rfbScreen->dhParams); +- +-#undef DH_BITS + #endif /* VINO_HAVE_GNUTLS */ + } + +-- +2.31.1 + diff --git a/SOURCES/Fix-various-defects-reported-by-covscan.patch b/SOURCES/Fix-various-defects-reported-by-covscan.patch new file mode 100644 index 0000000..7389d0a --- /dev/null +++ b/SOURCES/Fix-various-defects-reported-by-covscan.patch @@ -0,0 +1,177 @@ +From af30833fe2c7629ee2102853a4c01b71f56acf43 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 28 Aug 2018 14:24:08 +0200 +Subject: [PATCH] Fix various defects reported by covscan + +This patch fixes the following important defects reported by covscan: +server/libvncserver/main.c:178: leaked_storage: Variable "i" going out of scope leaks the storage it points to. +server/libvncserver/rfbserver.c:195: leaked_storage: Variable "cl" going out of scope leaks the storage it points to. +server/libvncserver/rfbserver.c:1161: overwrite_var: Overwriting "i" in "i = sraRgnGetIterator(updateRegion)" leaks the storage that "i" +server/libvncserver/rfbserver.c:1232: deref_arg: Calling "sraRgnReleaseIterator" dereferences freed pointer "i". +server/libvncserver/rfbserver.c:1291: leaked_storage: Variable "i" going out of scope leaks the storage it points to. +server/libvncserver/sockets.c:635: leaked_handle: Handle variable "sock" going out of scope leaks the handle. +server/libvncserver/sockets.c:635: leaked_handle: Handle variable "sock6" going out of scope leaks the handle. +server/libvncserver/sockets.c:639: leaked_handle: Handle variable "sock" going out of scope leaks the handle. +server/libvncserver/sockets.c:639: leaked_handle: Handle variable "sock6" going out of scope leaks the handle. +server/libvncserver/sockets.c:663: overwrite_var: Overwriting handle "sock" in "sock = NewSocketListenTCP((struct sockaddr *)s4, 16U)" leaks the handle. +server/libvncserver/sockets.c:677: overwrite_var: Overwriting handle "sock" in "sock = NewSocketListenTCP((struct sockaddr *)s6, 46U)" leaks the handle. +server/libvncserver/sockets.c:691: leaked_handle: Handle variable "sock" going out of scope leaks the handle. +server/libvncserver/tableinit24.c:150:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] +server/miniupnp/minissdpc.c:43: buffer_size_warning: Calling strncpy with a maximum size argument of 108 bytes on destination array "addr.sun_path" of size 108 bytes might leave the destination string unterminated. +server/miniupnp/miniupnpc.c:405: leaked_handle: Handle variable "sudp" going out of scope leaks the handle. +server/smclient/eggsmclient-xsmp.c:1171: missing_va_end: va_end was not called for "ap". +--- + server/libvncserver/main.c | 2 ++ + server/libvncserver/rfbserver.c | 7 +++++++ + server/libvncserver/sockets.c | 6 +++--- + server/libvncserver/tableinit24.c | 8 ++++---- + server/miniupnp/minissdpc.c | 2 +- + server/miniupnp/miniupnpc.c | 1 + + server/smclient/eggsmclient-xsmp.c | 1 + + 7 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/server/libvncserver/main.c b/server/libvncserver/main.c +index 016bbff..0d9a737 100644 +--- a/server/libvncserver/main.c ++++ b/server/libvncserver/main.c +@@ -175,6 +175,8 @@ void rfbDoCopyRegion(rfbScreenInfoPtr rfbScreen,sraRegionPtr copyRegion,int dx,i + } + + rfbScheduleCopyRegion(rfbScreen,copyRegion,dx,dy); ++ ++ sraRgnReleaseIterator(i); + } + + void rfbDoCopyRect(rfbScreenInfoPtr rfbScreen,int x1,int y1,int x2,int y2,int dx,int dy) +diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c +index 0a60fb2..a880b53 100644 +--- a/server/libvncserver/rfbserver.c ++++ b/server/libvncserver/rfbserver.c +@@ -192,6 +192,7 @@ rfbNewClient(rfbScreenInfoPtr rfbScreen, + if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) { + rfbLogPerror("fcntl failed"); + close(sock); ++ free(cl); + return NULL; + } + #endif +@@ -200,6 +201,7 @@ rfbNewClient(rfbScreenInfoPtr rfbScreen, + (char *)&one, sizeof(one)) < 0) { + rfbLogPerror("setsockopt failed"); + close(sock); ++ free(cl); + return NULL; + } + +@@ -1089,6 +1091,7 @@ rfbSendFramebufferUpdate(rfbClientPtr cl, + int h = rect.y2 - y; + nUpdateRegionRects += (((h-1) / (ZLIB_MAX_SIZE( w ) / w)) + 1); + } ++ sraRgnReleaseIterator(i); + #ifdef VINO_HAVE_JPEG + } else if (cl->preferredEncoding == rfbEncodingTight) { + nUpdateRegionRects = 0; +@@ -1141,6 +1144,8 @@ rfbSendFramebufferUpdate(rfbClientPtr cl, + + UNLOCK(cl->cursorMutex); + ++ i = NULL; ++ + if (sendCursorShape) { + cl->cursorWasChanged = FALSE; + if (!rfbSendCursorShape(cl)) +@@ -1288,6 +1293,8 @@ rfbSendCopyRegion(rfbClientPtr cl, + + } + ++ sraRgnReleaseIterator(i); ++ + return TRUE; + } + +diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c +index ee755eb..2366e19 100644 +--- a/server/libvncserver/sockets.c ++++ b/server/libvncserver/sockets.c +@@ -625,12 +625,12 @@ ListenOnTCPPort(rfbScreenInfoPtr rfbScreen, int port, const char *netIface) + rfbLog("Listening IPv4://0.0.0.0:%d\n", port); + + #ifdef VINO_ENABLE_IPV6 +- if(sock6 > 0) { ++ if(sock6 >= 0) { + psock[*ptot] = sock6; + *ptot += 1; + } + #endif +- if(sock > 0) { ++ if(sock >= 0) { + psock[*ptot] = sock; + *ptot += 1; + } +@@ -683,7 +683,7 @@ ListenOnTCPPort(rfbScreenInfoPtr rfbScreen, int port, const char *netIface) + } + #endif + +- if(sock > 0) { ++ if(sock >= 0) { + psock[*ptot] = sock; + *ptot += 1; + sock = -1; +diff --git a/server/libvncserver/tableinit24.c b/server/libvncserver/tableinit24.c +index 39e9920..575a501 100644 +--- a/server/libvncserver/tableinit24.c ++++ b/server/libvncserver/tableinit24.c +@@ -149,9 +149,9 @@ rfbInitOneRGBTable24 (uint8_t *table, int inMax, int outMax, int outShift, + *(uint32_t *)&table[3*i] = outValue; + if(!rfbEndianTest) + memmove(table+3*i,table+3*i+1,3); +- if (swap) { +- c = table[3*i]; table[3*i] = table[3*i+2]; +- table[3*i+2] = c; +- } ++ if (swap) { ++ c = table[3*i]; table[3*i] = table[3*i+2]; ++ table[3*i+2] = c; ++ } + } + } +diff --git a/server/miniupnp/minissdpc.c b/server/miniupnp/minissdpc.c +index d37599f..64772f9 100644 +--- a/server/miniupnp/minissdpc.c ++++ b/server/miniupnp/minissdpc.c +@@ -40,7 +40,7 @@ getDevicesFromMiniSSDPD(const char * devtype, const char * socketpath) + return NULL; + } + addr.sun_family = AF_UNIX; +- strncpy(addr.sun_path, socketpath, sizeof(addr.sun_path)); ++ strncpy(addr.sun_path, socketpath, sizeof(addr.sun_path) - 1); + if(connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0) + { + /*syslog(LOG_WARNING, "connect(\"%s\"): %m", socketpath);*/ +diff --git a/server/miniupnp/miniupnpc.c b/server/miniupnp/miniupnpc.c +index f9d620e..718526a 100644 +--- a/server/miniupnp/miniupnpc.c ++++ b/server/miniupnp/miniupnpc.c +@@ -402,6 +402,7 @@ struct UPNPDev * upnpDiscover(int delay, const char * multicastif, + #endif + { + PRINT_SOCKET_ERROR("setsockopt"); ++ closesocket(sudp); + return NULL; + } + +diff --git a/server/smclient/eggsmclient-xsmp.c b/server/smclient/eggsmclient-xsmp.c +index d5cf3b5..5ca976f 100644 +--- a/server/smclient/eggsmclient-xsmp.c ++++ b/server/smclient/eggsmclient-xsmp.c +@@ -1162,6 +1162,7 @@ array_prop (const char *name, ...) + pv.value = value; + g_array_append_val (vals, pv); + } ++ va_end (ap); + + prop->num_vals = vals->len; + prop->vals = (SmPropValue *)vals->data; +-- +2.19.0 + diff --git a/SOURCES/Prevent-monitoring-all-interfaces-after-change-of-ot.patch b/SOURCES/Prevent-monitoring-all-interfaces-after-change-of-ot.patch new file mode 100644 index 0000000..95adc1f --- /dev/null +++ b/SOURCES/Prevent-monitoring-all-interfaces-after-change-of-ot.patch @@ -0,0 +1,40 @@ +From e49456ae361f5fee765625e2eb3d7439a560cc84 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Fri, 24 Aug 2018 14:37:11 +0200 +Subject: [PATCH] Prevent monitoring all interfaces after change of other props + +Commit bfa1432 prevents monitoring all interfaces if invalid interface +is provided, but it works only in some cases, because the invalid +interface is not remembered and for example consequent change of port +will cause that all interfaces are monitored again. Remember the invalid +interface to prevent monitoring all interfaces even after change of +other properties... + +https://bugzilla.gnome.org/show_bug.cgi?id=796349 +--- + server/libvncserver/sockets.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/server/libvncserver/sockets.c b/server/libvncserver/sockets.c +index 45df6d5..ee755eb 100644 +--- a/server/libvncserver/sockets.c ++++ b/server/libvncserver/sockets.c +@@ -748,12 +748,9 @@ rfbSetNetworkInterface(rfbScreenInfoPtr rfbScreen, const char *netIface) + rfbScreen->rfbListenSockTotal = 0; + } + +- if(netIface != NULL && strlen(netIface) > 0 && if_nametoindex(netIface) > 0) { +- rfbScreen->netIface = netIface; +- } +- else { +- rfbScreen->netIface = NULL; +- if(netIface != NULL && strlen(netIface) > 0) { ++ if(netIface != NULL && strlen(netIface) > 0) { ++ rfbScreen->netIface = netIface; ++ if (if_nametoindex(netIface) == 0) { + rfbLog("(%s) is an invalid network interface\n", netIface); + return FALSE; + } +-- +2.19.0 + diff --git a/SOURCES/Properly-remove-watches-when-changing-server-props.patch b/SOURCES/Properly-remove-watches-when-changing-server-props.patch new file mode 100644 index 0000000..3050e76 --- /dev/null +++ b/SOURCES/Properly-remove-watches-when-changing-server-props.patch @@ -0,0 +1,74 @@ +From 56ac24642d60ef8398f3e44f571337e0224c6857 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Fri, 24 Aug 2018 15:11:58 +0200 +Subject: [PATCH] Properly remove watches when changing server props + +vino_server_init_io_channels calls vino_server_deinit_io_channels +at the beginning, however the watches and channels don't have to be +removed respective closed, because it relies on rfbListenSock array, +which can be already modified as a consequence of changing server +properties. Let's call vino_server_deinit_io_channels before changing +server properties in order to prevent the following errors: + +rfbCheckFds: accept: Invalid argument + +https://bugzilla.gnome.org/show_bug.cgi?id=796349 +--- + server/vino-server.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/server/vino-server.c b/server/vino-server.c +index b8cd755..7e5599b 100644 +--- a/server/vino-server.c ++++ b/server/vino-server.c +@@ -963,8 +963,6 @@ vino_server_init_io_channels(VinoServer *server) + rfbScreenInfoPtr rfb_screen = server->priv->rfb_screen; + int i; + +- vino_server_deinit_io_channels (server); +- + dprintf (RFB, "Creating watch for listening socket [ "); + for (i=0; i < rfb_screen->rfbListenSockTotal; i++) + { +@@ -1085,6 +1083,7 @@ vino_server_init_from_screen (VinoServer *server, + + vino_server_update_security_types (server); + ++ vino_server_deinit_io_channels (server); + vino_server_init_io_channels (server); + + vino_mdns_add_service ("_rfb._tcp", rfb_screen->rfbPort); +@@ -1624,7 +1623,12 @@ vino_server_set_network_interface (VinoServer *server, + server->priv->network_interface = NULL; + + if (server->priv->rfb_screen != NULL) +- rfbSetNetworkInterface (server->priv->rfb_screen, server->priv->network_interface); ++ { ++ vino_server_deinit_io_channels (server); ++ rfbSetNetworkInterface (server->priv->rfb_screen, server->priv->network_interface); ++ vino_server_init_io_channels (server); ++ vino_server_control_upnp (server); ++ } + + g_object_notify (G_OBJECT (server), "network-interface"); + } +@@ -1651,6 +1655,8 @@ vino_server_set_use_alternative_port (VinoServer *server, + + if (server->priv->rfb_screen) + { ++ vino_server_deinit_io_channels (server); ++ + if (server->priv->use_alternative_port) + rfbSetPort (server->priv->rfb_screen, + server->priv->alternative_port); +@@ -1688,6 +1694,7 @@ vino_server_set_alternative_port (VinoServer *server, + if (server->priv->rfb_screen && + server->priv->use_alternative_port) + { ++ vino_server_deinit_io_channels (server); + rfbSetPort (server->priv->rfb_screen, server->priv->alternative_port); + vino_server_init_io_channels (server); + vino_server_control_upnp (server); +-- +2.19.0 + diff --git a/SOURCES/Return-error-if-X11-is-not-detected.patch b/SOURCES/Return-error-if-X11-is-not-detected.patch new file mode 100644 index 0000000..c6e9b02 --- /dev/null +++ b/SOURCES/Return-error-if-X11-is-not-detected.patch @@ -0,0 +1,42 @@ +From d5b743b11a6f102353af719fa34abd5e6c679e77 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 20 Feb 2018 12:26:18 +0100 +Subject: [PATCH] Return error if X11 is not detected + +Vino-server crashes on Wayland in XQueryExtension. Since vino-server is +not expected to work on displays other than X11, let's exit immediately +if GDK_IS_X11_DISPLAY fail. + +https://bugzilla.gnome.org/show_bug.cgi?id=761120 +--- + server/vino-main.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/server/vino-main.c b/server/vino-main.c +index dd95de7..7be3fff 100644 +--- a/server/vino-main.c ++++ b/server/vino-main.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + #include "vino-input.h" + #include "vino-mdns.h" +@@ -273,6 +274,12 @@ main (int argc, char **argv) + g_option_context_free (context); + } + ++ if (!GDK_IS_X11_DISPLAY (gdk_display_get_default ())) ++ { ++ g_printerr ("X11 is not detected\n"); ++ return 1; ++ } ++ + /* GSettings */ + vino.settings = g_settings_new ("org.gnome.Vino"); + +-- +2.17.0 + diff --git a/SPECS/vino.spec b/SPECS/vino.spec new file mode 100644 index 0000000..d63227d --- /dev/null +++ b/SPECS/vino.spec @@ -0,0 +1,677 @@ +Name: vino +Version: 3.22.0 +Release: 11%{?dist} +Summary: A remote desktop system for GNOME + +License: GPLv2+ +URL: https://wiki.gnome.org/Projects/Vino +#VCS: git:git://git.gnome.org/vino +Source0: https://download.gnome.org/sources/%{name}/3.22/%{name}-%{version}.tar.xz + +# https://bugzilla.redhat.com/show_bug.cgi?id=1631391 +Patch0: Return-error-if-X11-is-not-detected.patch +Patch1: Do-not-restart-service-after-unclean-exit-code.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1631210 +Patch2: Do-not-listen-all-if-invalid-interface-is-provided.patch +Patch3: Prevent-monitoring-all-interfaces-after-change-of-ot.patch +Patch4: Properly-remove-watches-when-changing-server-props.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1602728 +Patch5: Fix-various-defects-reported-by-covscan.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1960705 +Patch6: Fix-crashes-under-FIPS.patch + +BuildRequires: pkgconfig(avahi-client) +BuildRequires: pkgconfig(avahi-glib) +BuildRequires: pkgconfig(gnutls) +BuildRequires: pkgconfig(gtk+-x11-3.0) +BuildRequires: pkgconfig(ice) +BuildRequires: pkgconfig(libnotify) +BuildRequires: pkgconfig(libsecret-1) +BuildRequires: pkgconfig(sm) +BuildRequires: libgcrypt-devel +BuildRequires: libXt-devel, libXtst-devel, libXdamage-devel +BuildRequires: intltool +BuildRequires: gettext +BuildRequires: desktop-file-utils + +# For user unit. +BuildRequires: systemd +%{?systemd_requires} + +# Following requires are for directory ownership +Requires: dbus + +%description +Vino is a VNC server for GNOME. It allows remote users to +connect to a running GNOME session using VNC. + + +%prep +%setup -q +%patch0 -p1 -b .Return-error-if-X11-is-not-detected +%patch1 -p1 -b .Do-not-restart-service-after-unclean-exit-code +%patch2 -p1 -b .Do-not-listen-all-if-invalid-interface-is-provided +%patch3 -p1 -b .Prevent-monitoring-all-interfaces-after-change-of-ot.patch +%patch4 -p1 -b .Properly-remove-watches-when-changing-server-props.patch +%patch5 -p1 -b .Fix-various-defects-reported-by-covscan +%patch6 -p1 -b .Fix-crashes-under-FIPS + + +%build +%configure \ + --disable-silent-rules \ + --with-avahi \ + --with-secret \ + --with-gnutls \ + --without-telepathy + +make %{?_smp_mflags} + + +%install +make install DESTDIR=%{buildroot} INSTALL="install -p" + +rm -f $RPM_BUILD_ROOT%{_datadir}/dbus-1/services/org.freedesktop.Telepathy.Client.Vino.service +rm -f $RPM_BUILD_ROOT%{_datadir}/telepathy/clients/Vino.client + +%find_lang %{name} + + +%check +desktop-file-validate %{buildroot}%{_datadir}/applications/vino-server.desktop + + +%post +%systemd_user_post vino-server.service + + +%preun +%systemd_user_preun vino-server.service + + +%postun +%systemd_user_postun vino-server.service + + +%files -f %{name}.lang +%doc AUTHORS NEWS README docs/TODO docs/remote-desktop.txt +%license COPYING +%{_libexecdir}/* +%{_datadir}/applications/vino-server.desktop +%{_datadir}/glib-2.0/schemas/org.gnome.Vino.enums.xml +%{_datadir}/glib-2.0/schemas/org.gnome.Vino.gschema.xml +%{_userunitdir}/vino-server.service + + +%changelog +* Tue Jun 29 2021 Ondrej Holy - 3.22.0-11 +- Fix crashes under FIPS +- Resolves: #1960705 + +* Wed Sep 26 2018 Ondrej Holy - 3.22.0-10 +- Fix various defects reported by covscan +- Resolves: #1602728 + +* Thu Sep 20 2018 Ondrej Holy - 3.22.0-9 +- Do not listen all if invalid interface is provided +- Resolves: #1631210 + +* Thu Sep 20 2018 Ondrej Holy - 3.22.0-8 +- Do not restart service after unclean exit code +- Resolves: #1631391 + +* Mon Aug 13 2018 Debarshi Ray - 3.22.0-7 +- Disable Telepathy support +Resolves: #1612055 + +* Fri Feb 09 2018 Fedora Release Engineering - 3.22.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 05 2018 Igor Gnatenko - 3.22.0-5 +- Remove obsolete scriptlets + +* Thu Aug 03 2017 Fedora Release Engineering - 3.22.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 3.22.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 3.22.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Sep 20 2016 David King - 3.22.0-1 +- Update to 3.22.0 + +* Tue Sep 13 2016 David King - 3.21.92-1 +- Update to 3.21.92 + +* Mon May 09 2016 David King - 3.20.2-1 +- Update to 3.20.2 + +* Mon Apr 11 2016 David King - 3.20.1-1 +- Update to 3.20.1 + +* Tue Mar 22 2016 David King - 3.20.0-1 +- Update for 3.20.0 + +* Fri Feb 05 2016 Fedora Release Engineering - 3.18.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Nov 12 2015 David King - 3.18.1-1 +- Update to 3.18.1 + +* Mon Sep 21 2015 David King - 3.18.0-1 +- Update to 3.18.0 + +* Tue Sep 01 2015 David King - 3.17.91-1 +- Update to 3.17.91 + +* Fri Jun 19 2015 Fedora Release Engineering - 3.16.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Mar 23 2015 Kalev Lember - 3.16.0-1 +- Update to 3.16.0 + +* Mon Mar 16 2015 David King - 3.15.92-1 +- Update to 3.15.92 + +* Mon Mar 02 2015 David King - 3.15.91-1 +- Update to 3.5.91 + +* Tue Feb 24 2015 David King - 3.15.90-2 +- Avoid a critical warning from EggSMClient on startup (#1194174) +- Preserve timestamps during install + +* Mon Feb 16 2015 David King - 3.15.90-1 +- Update to 3.15.90 +- Use license macro for COPYING + +* Mon Jan 19 2015 David King - 3.15.4-1 +- Update to 3.15.4 + +* Fri Jan 09 2015 David King - 3.14.1-2 +- Drop unnecessary libtool sed +- Validate desktop file during check phase +- Update URL +- Use pkgconfig for BuildRequires +- Tidy spec file +- Remove obsolete calls to gtk-update-icon-cache + +* Mon Nov 10 2014 Kalev Lember - 3.14.1-1 +- Update to 3.14.1 + +* Tue Sep 23 2014 Kalev Lember - 3.14.0-1 +- Update to 3.14.0 + +* Mon Aug 18 2014 Kalev Lember - 3.13.90-1 +- Update to 3.13.90 + +* Mon Aug 18 2014 Fedora Release Engineering - 3.13.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jun 24 2014 Richard Hughes - 3.13.3-1 +- Update to 3.13.3 + +* Sun Jun 08 2014 Fedora Release Engineering - 3.12.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Mar 27 2014 Parag - 3.12.0-2 +- update spec file as per merge-review(rh#226527) + +* Mon Mar 24 2014 Richard Hughes - 3.12.0-1 +- Update to 3.12.0 + +* Tue Mar 18 2014 Richard Hughes - 3.11.92-1 +- Update to 3.11.92 + +* Mon Jan 13 2014 Richard Hughes - 3.11.4-1 +- Update to 3.11.4 + +* Tue Oct 29 2013 Richard Hughes - 3.10.1-1 +- Update to 3.10.1 + +* Thu Sep 26 2013 Rex Dieter 3.10.0-2 +- add explicit avahi build deps, build verbosely. + +* Wed Sep 25 2013 Kalev Lember - 3.10.0-1 +- Update to 3.10.0 + +* Wed Sep 18 2013 Kalev Lember - 3.9.92-1 +- Update to 3.9.92 + +* Sun Aug 04 2013 Fedora Release Engineering - 3.9.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 16 2013 Richard Hughes - 3.9.3-1 +- Update to 3.9.3 + +* Sun Jun 02 2013 Kalev Lember - 3.9.2-1 +- Update to 3.9.2 +- Adapt the spec file for dropped preferences dialog +- Build with libsecret +- Update the configure options; most have been renamed from --enable to --with + +* Mon Apr 15 2013 Kalev Lember - 3.8.1-1 +- Update to 3.8.1 + +* Tue Mar 26 2013 Kalev Lember - 3.8.0-1 +- Update to 3.8.0 + +* Tue Mar 19 2013 Richard Hughes - 3.7.92-1 +- Update to 3.7.92 + +* Fri Mar 8 2013 Matthias Clasen - 3.7.91-1 +- Update to 3.7.91 + +* Tue Feb 19 2013 Richard Hughes - 3.7.90-1 +- Update to 3.7.90 + +* Fri Feb 15 2013 Fedora Release Engineering - 3.7.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 16 2013 Richard Hughes - 3.7.4-1 +- Update to 3.7.4 + +* Wed Jan 09 2013 Richard Hughes - 3.7.3-1 +- Update to 3.7.3 + +* Sun Dec 2 2012 Matthias Clasen - 3.6.2-2 +- Don't add a vendor prefix to the desktop file, that breaks + activating the preferences from the statusicon (#827913) + +* Tue Nov 13 2012 Kalev Lember - 3.6.2-1 +- Update to 3.6.2 + +* Wed Oct 17 2012 Kalev Lember - 3.6.1-1 +- Update to 3.6.1 + +* Tue Sep 25 2012 Matthias Clasen - 3.6.0-1 +- Update to 3.6.0 + +* Wed Sep 19 2012 Richard Hughes - 3.5.92-1 +- Update to 3.5.92 + +* Wed Aug 22 2012 Richard Hughes - 3.5.90-1 +- Update to 3.5.90 + +* Fri Jul 27 2012 Fedora Release Engineering - 3.5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 07 2012 Richard Hughes - 3.5.2-1 +- Update to 3.5.2 + +* Sun May 06 2012 Kalev Lember - 3.5.1-1 +- Update to 3.5.1 + +* Tue Apr 24 2012 Kalev Lember - 3.4.1-2 +- Silence rpm scriptlet output + +* Tue Apr 17 2012 Kalev Lember - 3.4.1-1 +- Update to 3.4.1 + +* Tue Mar 27 2012 Debarshi Ray - 3.4.0-1 +- Update to 3.4.0 + +* Wed Mar 21 2012 Kalev Lember - 3.3.92-1 +- Update to 3.3.92 +- Don't BR unique-devel; vino doesn't use libunique any more + +* Sat Jan 14 2012 Fedora Release Engineering - 3.3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 21 2011 Matthias Clasen - 3.3.3-1 +- Update to 3.3.3 + +* Wed Nov 2 2011 Matthias Clasen - 3.3.1-1 +- Update to 3.3.1 + +* Wed Oct 26 2011 Fedora Release Engineering - 3.2.1-2 +- Rebuilt for glibc bug#747377 + +* Wed Oct 19 2011 Matthias Clasen - 3.2.1-1 +- Update to 3.2.1 + +* Tue Sep 27 2011 Ray - 3.2.0-1 +- Update to 3.2.0 + +* Tue Sep 20 2011 Matthias Clasen - 3.1.92-1 +- Update to 3.1.92 + +* Tue Sep 6 2011 Matthias Clasen - 3.1.91-1 +- Update to 3.1.91 + +* Wed Aug 31 2011 Matthias Clasen - 3.1.90-1 +- Update to 3.1.90 + +* Thu Aug 18 2011 Matthias Clasen - 3.1.5-1 +- Update to 3.1.5 + +* Mon Jul 25 2011 Matthias Clasen - 3.1.4-1 +- Update to 3.1.4 + +* Tue Jul 05 2011 Bastien Nocera 3.1.3-1 +- Update to 3.1.3 + +* Tue Jun 14 2011 Tomas Bzatek - 3.1.2-1 +- Update to 3.1.2 + +* Wed May 11 2011 Tomas Bzatek - 3.1.1-1 +- Update to 3.1.1 + +* Sat May 07 2011 Christopher Aillon - 3.0.2-2 +- Update icon cache scriptlet + +* Wed May 4 2011 Christopher Aillon - 3.0.2-1 +- Update to 3.0.2 + +* Mon Apr 25 2011 Matthias Clasen - 3.0.1-1 +- Update to 3.0.1 + +* Mon Apr 4 2011 Matthias Clasen - 3.0.0-1 +- Update to 3.0.0 + +* Fri Mar 25 2011 Matthias Clasen - 2.99.5-1 +- Update to 2.99.5 + +* Mon Mar 21 2011 Matthias Clasen - 2.99.4-1 +- Update to 2.99.4 + +* Tue Mar 8 2011 Matthias Clasen - 2.99.3-1 +- Update to 2.99.3 + +* Tue Feb 22 2011 Matthias Clasen - 2.99.0-1 +- Update to 2.99.0 + +* Mon Feb 07 2011 Fedora Release Engineering - 2.32.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Nov 3 2010 Matthias Clasen - 2.32.0-2 +- Rebuild against libnotify 0.7.0 + +* Wed Sep 29 2010 Matthias Clasen - 2.32.0-1 +- Update to 2.32.0 + +* Tue Aug 31 2010 Matthias Clasen - 2.31.91-1 +- Update to 2.31.91 + +* Wed Jun 30 2010 Matthias Clasen - 2.31.4-1 +- Update to 2.31.4 + +* Tue Mar 30 2010 Matthias Clasen - 2.28.2-1 +- Update to 2.28.2 + +* Mon Oct 19 2009 Matthias Clasen - 2.28.1-1 +- Update to 2.28.1 + +* Sun Sep 27 2009 Matthias Clasen - 2.28.0-3 +- Even better, just rely on autostart + +* Sun Sep 27 2009 Matthias Clasen - 2.28.0-2 +- Make vino-server set a proper restart command + +* Wed Sep 23 2009 Matthias Clasen - 2.28.0-1 +- Update to 2.28.0 + +* Mon Sep 7 2009 Matthias Clasen - 2.27.92-1 +- Update to 2.27.92 + +* Tue Aug 25 2009 Matthias Clasen - 2.27.91-1 +- Update to 2.27.91 + +* Tue Aug 11 2009 Matthias Clasen - 2.27.90-1 +- Update to 2.27.90 + +* Mon Aug 3 2009 Matthias Clasen - 2.27.5-2 +- Enable telepathy + +* Tue Jul 28 2009 Matthias Clasen - 2.27.5-1 +- Update to 2.27.5 + +* Sun Jul 26 2009 Fedora Release Engineering - 2.26.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 9 2009 Matthias Clasen - 2.26.1-5 +- Rebuild to shrink GConf schemas + +* Tue Jun 16 2009 Matthias Clasen - 2.26.1-4 +- Try again: rebuild with new gcc + +* Mon Jun 15 2009 Matthias Clasen - 2.26.1-3 +- Rebuild with new gcc + +* Fri Jun 12 2009 Matthias Clasen - 2.26.1-2 +- Drop unneeded direct dependencies + +* Mon Apr 13 2009 Matthias Clasen - 2.26.1-1 +- Update to 2.26.1 +- See http://download.gnome.org/sources/vino/2.26/vino-2.26.1.news + +* Mon Mar 16 2009 Matthias Clasen - 2.26.0-1 +- Update to 2.26.0 + +* Mon Mar 2 2009 Matthias Clasen - 2.25.92-1 +- Update to 2.25.92 +- Enable NetworkManager support + +* Wed Feb 25 2009 Fedora Release Engineering - 2.25.91-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 18 2009 Matthias Clasen - 2.25.91-1 +- Update to 2.25.91 + +* Tue Feb 3 2009 Matthias Clasen - 2.25.90-1 +- Update to 2.25.90 + +* Fri Jan 23 2009 Matthias Clasen - 2.25.5-1 +- Update to 2.25.5 + +* Tue Jan 6 2009 Matthias Clasen - 2.25.4-1 +- Update to 2.25.4 + +* Wed Dec 17 2008 Matthias Clasen - 2.25.3-1 +- Update to 2.25.3 + +* Mon Oct 20 2008 Matthias Clasen - 2.24.1-1 +- Update to 2.24.1 + +* Mon Sep 22 2008 Matthias Clasen - 2.24.0-1 +- Update to 2.24.0 + +* Mon Sep 8 2008 Matthias Clasen - 2.23.92-1 +- Update to 2.23.92 + +* Tue Sep 2 2008 Matthias Clasen - 2.23.91-1 +- Update to 2.23.91 + +* Fri Aug 22 2008 Matthias Clasen - 2.23.90-1 +- Update to 2.23.90 + +* Fri Jul 25 2008 Matthias Clasen - 2.23.5-3 +- Use autostart to have gnome-session start the server + +* Fri Jul 25 2008 Matthias Clasen - 2.23.5-2 +- Use standard icon names + +* Tue Jul 22 2008 Matthias Clasen - 2.23.5-1 +- Update to 2.23.5 + +* Mon Apr 7 2008 Matthias Clasen - 2.22.1-1 +- Update to 2.22.1 + +* Mon Mar 10 2008 Matthias Clasen - 2.22.0-1 +- Update to 2.22.0 + +* Mon Feb 25 2008 Matthias Clasen - 2.21.92-1 +- Update 2.21.92 + +* Tue Feb 12 2008 Matthias Clasen - 2.21.91-1 +- Update to 2.21.91 + +* Tue Jan 29 2008 Matthias Clasen - 2.21.90-1 +- Update to 2.21.90 + +* Wed Dec 5 2007 Matthias Clasen - 2.21.3-1 +- Update to 2.21.3 + +* Tue Nov 13 2007 Matthias Clasen - 2.21.2-1 +- Update to 2.21.2 + +* Tue Oct 23 2007 Matthias Clasen - 2.20.1-2 +- Rebuild against new dbus-glib + +* Mon Oct 15 2007 Matthias Clasen - 2.20.1-1 +- Update to 2.20.1 (translation updates) + +* Tue Oct 2 2007 Matthias Clasen - 2.20.0-2 +- Fix a directory ownership issue + +* Mon Sep 17 2007 Matthias Clasen - 2.20.0-1 +- Update to 2.20.0 + +* Tue Sep 4 2007 Matthias Clasen - 2.19.92-1 +- Update to 2.19.92 + +* Mon Aug 13 2007 Matthias Clasen - 2.19.90-1 +- Update to 2.19.90 +- Update the license field + +* Mon Jul 9 2007 Matthias Clasen - 2.19.5-1 +- Update to 2.19.5 + +* Sun May 20 2007 Matthias Clasen - 2.18.1-1 +- Update to 2.18.1 + +* Tue Mar 13 2007 Matthias Clasen - 2.18.0-1 +- Update to 2.18.0 + +* Tue Feb 27 2007 Matthias Clasen - 2.17.92-1 +- Update to 2.17.92 +- Drop obsolete patches + +* Wed Jan 24 2007 Matthias Clasen - 2.17.5-2 +- Fix some careless gconf value handling +- use libnotify +- Improve category in the desktop file + +* Wed Jan 10 2007 Matthias Clasen - 2.17.5-1 +- Update to 2.17.5 + +* Tue Dec 19 2006 Matthias Clasen - 2.17.4-1 +- Update to 2.17.4 + +* Mon Nov 6 2006 Matthias Clasen - 2.17.2-1 +- Update to 2.17.2 + +* Sun Oct 22 2006 Matthias Clasen - 2.16.0-1 +- Update to 2.16.0 + +* Wed Oct 18 2006 Matthias Clasen - 2.13.5-6 +- Fix scripts according to the packaging guidelines + +* Tue Oct 17 2006 Matthias Clasen - 2.13.5-5 +- Fix #191160 + +* Wed Jul 12 2006 Jesse Keating - 2.13.5-4.1 +- rebuild + +* Sat Jun 10 2006 Matthias Clasen - 2.13.5-4 +- More missing BuildRequires + +* Mon May 22 2006 Matthias Clasen - 2.13.5-3 +- Add missing BuildRequires + +* Fri Feb 10 2006 Jesse Keating - 2.13.5-2.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.13.5-2.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 17 2006 Mark McLoughlin 2.13.5-2 +- Build with --enable-avahi + +* Tue Jan 17 2006 Matthias Clasen 2.13.5-1 +- Update to 2.13.5 + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Mon Sep 26 2005 Mark McLoughlin 2.12.0-2 +- Add patch from Alexandre Oliva to fix + more keyboard brokeness (#158713) + +* Wed Sep 7 2005 Matthias Clasen 2.12.0-1 +- Update to 2.12.0 + +* Wed Aug 17 2005 Matthias Clasen 2.11.90-2 +- Rebuild + +* Thu Aug 4 2005 Matthias Clasen 2.11.90-1 +- New upstream version + +* Mon Jul 11 2005 Matthias Clasen 2.11.1.2-1 +- Newer upstream version +- Drop upstreamed patches + +* Fri May 20 2005 Mark McLoughlin 2.10.0-4 +- Fix various keyboarding handling issues: + + bug #142974: caps lock not working + + bug #140515: shift not working with some keys + + bug #134451: over-eager key repeating + +* Wed Apr 27 2005 Jeremy Katz - 2.10.0-3 +- silence %%post + +* Mon Mar 28 2005 Christopher Aillon +- rebuilt + +* Fri Mar 25 2005 Christopher Aillon 2.10.0-1 +- Update to 2.10.0 +- Update the GTK+ theme icon cache on (un)install + +* Wed Mar 2 2005 Mark McLoughlin 2.9.2-2 +- Rebuild with gcc4 + +* Thu Jan 27 2005 Matthias Clasen 2.9.2-1 +- Update to 2.9.2 + +* Tue Oct 12 2004 Mark McLoughlin 2.8.1-1 +- Update to 2.8.1 +- Remove backported fixes + +* Thu Oct 7 2004 Mark McLoughlin 2.8.0.1-1.1 +- Don't hang with metacity's "reduced resources" mode (#134240) +- Improve the key repeat rate situation a good deal (#134451) + +* Wed Sep 29 2004 Mark McLoughlin 2.8.0.1-1 +- Update to 2.8.0.1 + +* Tue Sep 21 2004 Mark McLoughlin 2.8.0-1 +- Update to 2.8.0 +- Remove upstreamed work-without-gnutls patch + +* Tue Sep 7 2004 Matthias Clasen 2.7.92-3 +- Disable help button until there is help (#131632) + +* Wed Sep 1 2004 Mark McLoughlin 2.7.92-2 +- Add patch to fix hang without GNU TLS (bug #131354) + +* Mon Aug 30 2004 Mark McLoughlin 2.7.92-1 +- Update to 2.7.92 + +* Tue Aug 17 2004 Mark McLoughlin 2.7.91-1 +- Update to 2.7.91 + +* Mon Aug 16 2004 Mark McLoughlin 2.7.90-2 +- Define libgcrypt_version + +* Thu Aug 12 2004 Mark McLoughlin 2.7.90-1 +- Update to 2.7.90 + +* Wed Aug 4 2004 Mark McLoughlin 2.7.4-1 +- Update to 2.7.4 + +* Tue Jul 13 2004 Mark McLoughlin 2.7.3.1-1 +- Initial build.