Hello community, here is the log from the commit of package tigervnc for openSUSE:Factory checked in at 2016-05-04 08:17:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tigervnc (Old) and /work/SRC/openSUSE:Factory/.tigervnc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tigervnc" Changes: -------- --- /work/SRC/openSUSE:Factory/tigervnc/tigervnc.changes 2016-01-13 22:42:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.tigervnc.new/tigervnc.changes 2016-05-04 08:17:52.000000000 +0200 @@ -1,0 +2,12 @@ +Fri Apr 29 14:13:22 UTC 2016 - msrb@suse.com + +- Add U_add_allowoverride_parameter.patch and + u_build_libXvnc_as_separate_library.patch (fate#319319) +- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701) + +------------------------------------------------------------------- +Wed Apr 27 10:34:05 UTC 2016 - msrb@suse.com + +- Add dependency on xorg-x11-fonts-core. (bnc#977019) + +------------------------------------------------------------------- New: ---- U_add_allowoverride_parameter.patch u_build_libXvnc_as_separate_library.patch u_tigervnc-show-unencrypted-warning.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tigervnc.spec ++++++ --- /var/tmp/diff_new_pack.X6joUg/_old 2016-05-04 08:17:53.000000000 +0200 +++ /var/tmp/diff_new_pack.X6joUg/_new 2016-05-04 08:17:53.000000000 +0200 @@ -116,6 +116,9 @@ Patch7: u_tigervnc-add-autoaccept-parameter.patch Patch8: u_xserver118.patch Patch9: u_tigervnc_update_default_vncxstartup.patch +Patch10: U_add_allowoverride_parameter.patch +Patch11: u_build_libXvnc_as_separate_library.patch +Patch12: u_tigervnc-show-unencrypted-warning.patch %description TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), @@ -138,12 +141,28 @@ Requires: xinit Requires: xkbcomp Requires: xkeyboard-config +Requires: xorg-x11-fonts-core Summary: TigerVNC implementation of Xvnc Group: System/X11/Servers/XF86_4 %description -n xorg-x11-Xvnc This is the TigerVNC implementation of Xvnc. +%package -n libXvnc1 +Summary: X extension to control VNC module +Group: System/Libraries + +%description -n libXvnc1 +Xvnc extension allows X clients to read and change VNC configuration. + +%package -n libXvnc-devel +Summary: X extension to control VNC module +Group: Development/Libraries/C and C++ +Requires: libXvnc1 = %version + +%description -n libXvnc-devel +Xvnc extension allows X clients to read and change VNC configuration. + %prep %setup -T -b1 -q cp -r /usr/src/xserver/* unix/xserver/ @@ -157,6 +176,9 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 pushd unix/xserver patch -p1 < ../xserver117.patch @@ -265,6 +287,10 @@ fi %endif +%post -n libXvnc1 -p /sbin/ldconfig + +%postun -n libXvnc1 -p /sbin/ldconfig + %files -f %{name}.lang %defattr(-,root,root,-) %ghost %{_bindir}/vncviewer @@ -331,4 +357,13 @@ %ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey} %ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert} +%files -n libXvnc1 +%defattr(-,root,root) +%{_libdir}/libXvnc.so.1* + +%files -n libXvnc-devel +%defattr(-,root,root) +%{_libdir}/libXvnc.so +%{_includedir}/X11/extensions/Xvnc.h + %changelog ++++++ U_add_allowoverride_parameter.patch ++++++ Git-commit: ef0dd758a3fad048c1f04e144b03a3e69b001f21 Patch-Mainline: To be upstreamed Author: Michal Srb <michalsrb@gmail.com> Subject: Add AllowOverride parameter. References: fate#319319 Allows to specify which configuration parameters can be modified on runtime. diff --git a/unix/xserver/hw/vnc/vncExt.c b/unix/xserver/hw/vnc/vncExt.c index 43794da..b27115f 100644 --- a/unix/xserver/hw/vnc/vncExt.c +++ b/unix/xserver/hw/vnc/vncExt.c @@ -182,17 +182,16 @@ static int ProcVncExtSetParam(ClientPtr client) rep.sequenceNumber = client->sequence; /* - * Allow to change only certain parameters. - * Changing other parameters (for example PAM service name) - * could have negative security impact. + * Prevent change of clipboard related parameters if clipboard is disabled. */ - if (strncasecmp(param, "desktop", 7) != 0 && - strncasecmp(param, "AcceptPointerEvents", 19) != 0 && - (vncNoClipboard || strncasecmp(param, "SendCutText", 11) != 0) && - (vncNoClipboard || strncasecmp(param, "AcceptCutText", 13) != 0)) + if (vncNoClipboard && + (strncasecmp(param, "SendCutText", 11) == 0 || + strncasecmp(param, "AcceptCutText", 13) == 0)) + goto deny; + + if (!vncOverrideParam(param)) goto deny; - vncSetParamSimple(param); rep.success = 1; // Send DesktopName update if desktop name has been changed diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc index 863cd36..1d37493 100644 --- a/unix/xserver/hw/vnc/vncExtInit.cc +++ b/unix/xserver/hw/vnc/vncExtInit.cc @@ -20,6 +20,9 @@ #include <stdio.h> #include <errno.h> +#include <set> +#include <string> + #include <rfb/Configuration.h> #include <rfb/Logger_stdio.h> #include <rfb/LogWriter.h> @@ -52,6 +55,15 @@ int vncFbstride[MAXSCREENS]; int vncInetdSock = -1; +struct CaseInsensitiveCompare { + bool operator() (const std::string &a, const std::string &b) const { + return strcasecmp(a.c_str(), b.c_str()) < 0; + } +}; + +typedef std::set<std::string, CaseInsensitiveCompare> ParamSet; +static ParamSet allowOverrideSet; + rfb::StringParameter httpDir("httpd", "Directory containing files to serve via HTTP", ""); @@ -69,6 +81,9 @@ rfb::StringParameter interface("interface", rfb::BoolParameter avoidShiftNumLock("AvoidShiftNumLock", "Avoid fake Shift presses for keys affected by NumLock.", true); +rfb::StringParameter allowOverride("AllowOverride", + "Comma separated list of parameters that can be modified using VNC extension.", + "desktop,AcceptPointerEvents,SendCutText,AcceptCutText"); static PixelFormat vncGetPixelFormat(int scrIdx) { @@ -99,6 +114,19 @@ static PixelFormat vncGetPixelFormat(int scrIdx) redShift, greenShift, blueShift); } +static void parseOverrideList(const char *text, ParamSet &out) +{ + for (const char* iter = text; ; ++iter) { + if (*iter == ',' || *iter == '\0') { + out.insert(std::string(text, iter)); + text = iter + 1; + + if (*iter == '\0') + break; + } + } +} + void vncExtensionInit(void) { int ret; @@ -128,6 +156,10 @@ void vncExtensionInit(void) try { if (!initialised) { rfb::initStdIOLoggers(); + + parseOverrideList(allowOverride, allowOverrideSet); + allowOverride.setImmutable(); + initialised = true; } @@ -379,3 +411,16 @@ void vncRefreshScreenLayout(int scrIdx) { desktop[scrIdx]->refreshScreenLayout(); } + +int vncOverrideParam(const char *nameAndValue) +{ + const char* equalSign = strchr(nameAndValue, '='); + if (!equalSign) + return 0; + + std::string key(nameAndValue, equalSign); + if (allowOverrideSet.find(key) == allowOverrideSet.end()) + return 0; + + return rfb::Configuration::setParam(nameAndValue); +} diff --git a/unix/xserver/hw/vnc/vncExtInit.h b/unix/xserver/hw/vnc/vncExtInit.h index 6430ac0..be6487c 100644 --- a/unix/xserver/hw/vnc/vncExtInit.h +++ b/unix/xserver/hw/vnc/vncExtInit.h @@ -90,6 +90,8 @@ void vncPreScreenResize(int scrIdx); void vncPostScreenResize(int scrIdx, int success, int width, int height); void vncRefreshScreenLayout(int scrIdx); +int vncOverrideParam(const char *nameAndValue); + #ifdef __cplusplus } #endif diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man index 4a83315..a4d9f8d 100644 --- a/unix/xserver/hw/vnc/Xvnc.man +++ b/unix/xserver/hw/vnc/Xvnc.man @@ -300,6 +300,21 @@ Key affected by NumLock often require a fake Shift to be inserted in order for the correct symbol to be generated. Turning on this option avoids these extra fake Shift events but may result in a slightly different symbol (e.g. a Return instead of a keypad Enter). +. +.TP +.B \-AllowOverride +Comma separated list of parameters that can be modified using VNC extension. +Parameters can be modified for example using \fBvncconfig\fP(1) program from +inside a running session. + +Allowing override of parameters such as \fBPAMService\fP or \fBPasswordFile\fP +can negatively impact security if Xvnc runs under different user than the +programs allowed to override the parameters. + +When \fBNoClipboard\fP parameter is set, allowing override of \fBSendCutText\fP +and \fBAcceptCutText\fP has no effect. + +Default is \fBdesktop,AcceptPointerEvents,SendCutText,AcceptCutText\fP. .SH USAGE WITH INETD By configuring the \fBinetd\fP(1) service appropriately, Xvnc can be launched ++++++ u_build_libXvnc_as_separate_library.patch ++++++ Author: Michal Srb <michalsrb@gmail.com> Patch-Mainline: To be upstreamed Subject: [PATCH] Build libXvnc as separate library. So it can be used by others, not only vncconfig. diff --git a/unix/vncconfig/CMakeLists.txt b/unix/vncconfig/CMakeLists.txt index 959681f..5fe1fb8 100644 --- a/unix/vncconfig/CMakeLists.txt +++ b/unix/vncconfig/CMakeLists.txt @@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR}) include_directories(${CMAKE_SOURCE_DIR}/common) include_directories(${CMAKE_SOURCE_DIR}/unix/tx) +include(GNUInstallDirs) + +add_library(Xvnc SHARED + vncExt.c) + +set_target_properties(Xvnc + PROPERTIES + VERSION 1.0.0 + SOVERSION 1 +) + add_executable(vncconfig buildtime.c - vncExt.c vncconfig.cxx QueryConnectDialog.cxx) -target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES}) +target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES}) install(TARGETS vncconfig DESTINATION ${BIN_DIR}) +install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so) install(FILES vncconfig.man DESTINATION ${MAN_DIR}/man1 RENAME vncconfig.1) +install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h) ++++++ u_tigervnc-show-unencrypted-warning.patch ++++++ Author: Michal Srb <michalsrb@gmail.com> Subject: Display warning in window title when no encryption is in use. Patch-Mainline: To be upstreamed References: fate#319701 Index: tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx =================================================================== --- tigervnc-1.6.0.orig/common/rfb/CSecurityPlain.cxx +++ tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx @@ -31,7 +31,7 @@ bool CSecurityPlain::processMsg(CConnect CharArray username; CharArray password; - (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf); + (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf, cc->csecurity->getType()); // Return the response to the server os->writeU32(strlen(username.buf)); Index: tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx =================================================================== --- tigervnc-1.6.0.orig/common/rfb/CSecurityVncAuth.cxx +++ tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx @@ -46,7 +46,7 @@ bool CSecurityVncAuth::processMsg(CConne rdr::U8 challenge[vncAuthChallengeSize]; is->readBytes(challenge, vncAuthChallengeSize); PlainPasswd passwd; - (CSecurity::upg)->getUserPasswd(0, &passwd.buf); + (CSecurity::upg)->getUserPasswd(0, &passwd.buf, cc->csecurity->getType()); // Calculate the correct response rdr::U8 key[8]; Index: tigervnc-1.6.0/common/rfb/Security.cxx =================================================================== --- tigervnc-1.6.0.orig/common/rfb/Security.cxx +++ tigervnc-1.6.0/common/rfb/Security.cxx @@ -206,3 +206,19 @@ std::list<rdr::U32> rfb::parseSecTypes(c } return result; } + +bool rfb::isSecTypeEncrypted(rdr::U32 num) +{ + switch (num) { + case secTypeTLSNone: + case secTypeTLSVnc: + case secTypeTLSPlain: + case secTypeX509None: + case secTypeX509Vnc: + case secTypeX509Plain: + return true; + + default: + return false; + } +} Index: tigervnc-1.6.0/common/rfb/Security.h =================================================================== --- tigervnc-1.6.0.orig/common/rfb/Security.h +++ tigervnc-1.6.0/common/rfb/Security.h @@ -104,6 +104,8 @@ namespace rfb { const char* secTypeName(rdr::U32 num); rdr::U32 secTypeNum(const char* name); std::list<rdr::U32> parseSecTypes(const char* types); + + bool isSecTypeEncrypted(rdr::U32 num); } #endif Index: tigervnc-1.6.0/common/rfb/UserPasswdGetter.h =================================================================== --- tigervnc-1.6.0.orig/common/rfb/UserPasswdGetter.h +++ tigervnc-1.6.0/common/rfb/UserPasswdGetter.h @@ -17,6 +17,9 @@ */ #ifndef __RFB_USERPASSWDGETTER_H__ #define __RFB_USERPASSWDGETTER_H__ + +#include <rdr/types.h> + namespace rfb { class UserPasswdGetter { public: @@ -24,7 +27,7 @@ namespace rfb { // dialog, getpass(), etc. The user buffer pointer can be null, in which // case no user name will be retrieved. The caller MUST delete [] the // result(s). - virtual void getUserPasswd(char** user, char** password)=0; + virtual void getUserPasswd(char** user, char** password, rdr::U32 secType)=0; }; } #endif Index: tigervnc-1.6.0/vncviewer/DesktopWindow.cxx =================================================================== --- tigervnc-1.6.0.orig/vncviewer/DesktopWindow.cxx +++ tigervnc-1.6.0/vncviewer/DesktopWindow.cxx @@ -27,6 +27,7 @@ #include <rfb/LogWriter.h> #include <rfb/CMsgWriter.h> +#include <rfb/Security.h> #include "DesktopWindow.h" #include "OptionsDialog.h" @@ -206,7 +207,11 @@ void DesktopWindow::setName(const char * CharArray windowNameStr; windowNameStr.replaceBuf(new char[256]); - snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC", name); + const char *warning = ""; + if (!rfb::isSecTypeEncrypted(cc->csecurity->getType())) + warning = _("(Connection not encrypted!)"); + + snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC %s", name, warning); copy_label(windowNameStr.buf); } Index: tigervnc-1.6.0/vncviewer/UserDialog.cxx =================================================================== --- tigervnc-1.6.0.orig/vncviewer/UserDialog.cxx +++ tigervnc-1.6.0/vncviewer/UserDialog.cxx @@ -32,10 +32,12 @@ #include <FL/Fl_Secret_Input.H> #include <FL/Fl_Button.H> #include <FL/Fl_Return_Button.H> +#include <FL/Fl_Text_Display.H> #include <rfb/util.h> #include <rfb/Password.h> #include <rfb/Exception.h> +#include <rfb/Security.h> #include "i18n.h" #include "fltk_layout.h" @@ -59,7 +61,7 @@ UserDialog::~UserDialog() { } -void UserDialog::getUserPasswd(char** user, char** password) +void UserDialog::getUserPasswd(char** user, char** password, rdr::U32 secType) { CharArray passwordFileStr(passwordFile.getData()); @@ -82,8 +84,12 @@ void UserDialog::getUserPasswd(char** us return; } + const char* title = _("VNC authentication"); + if (!rfb::isSecTypeEncrypted(secType)) + title = _("VNC authentication (Connection not encrypted!)"); + if (!user) { - fl_message_title(_("VNC authentication")); + fl_message_title(title); *password = strDup(fl_password(_("Password:"), "")); if (!*password) throw rfb::Exception(_("Authentication cancelled")); @@ -93,7 +99,7 @@ void UserDialog::getUserPasswd(char** us // Largely copied from FLTK so that we get the same look and feel // as the simpler password input. - Fl_Window *win = new Fl_Window(410, 145, _("VNC authentication")); + Fl_Window *win = new Fl_Window(410, 145, title); win->callback(button_cb,(void *)0); Fl_Input *username = new Fl_Input(70, 25, 300, 25, _("Username:")); Index: tigervnc-1.6.0/vncviewer/UserDialog.h =================================================================== --- tigervnc-1.6.0.orig/vncviewer/UserDialog.h +++ tigervnc-1.6.0/vncviewer/UserDialog.h @@ -31,7 +31,7 @@ public: // UserPasswdGetter callbacks - void getUserPasswd(char** user, char** password); + void getUserPasswd(char** user, char** password, rdr::U32 secType); // UserMsgBox callbacks