Hello community, here is the log from the commit of package tigervnc for openSUSE:Factory checked in at 2016-06-29 15:01:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tigervnc (Old) and /work/SRC/openSUSE:Factory/.tigervnc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tigervnc" Changes: -------- --- /work/SRC/openSUSE:Factory/tigervnc/tigervnc.changes 2016-06-02 12:48:35.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tigervnc.new/tigervnc.changes 2016-06-29 15:01:21.000000000 +0200 @@ -1,0 +2,12 @@ +Thu Jun 16 13:17:15 UTC 2016 - msrb@suse.com + +- Generate VNC key and certificate on first use, not during + installation. (bnc#982349) + +------------------------------------------------------------------- +Mon Jun 13 15:21:19 UTC 2016 - msrb@suse.com + +- Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch + * Fix zlib stream reset in tight encoding. (bnc#963417) + +------------------------------------------------------------------- New: ---- U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch with-vnc-key.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tigervnc.spec ++++++ --- /var/tmp/diff_new_pack.9fpjyb/_old 2016-06-29 15:01:22.000000000 +0200 +++ /var/tmp/diff_new_pack.9fpjyb/_new 2016-06-29 15:01:22.000000000 +0200 @@ -108,6 +108,7 @@ Source8: vnc.reg Source9: vncpasswd.arg Source10: vnc.pam +Source11: with-vnc-key.sh Patch1: tigervnc-newfbsize.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch Patch3: u_tigervnc-ignore-epipe-on-write.patch @@ -120,6 +121,7 @@ Patch10: U_add_allowoverride_parameter.patch Patch11: u_build_libXvnc_as_separate_library.patch Patch12: u_tigervnc-show-unencrypted-warning.patch +Patch13: U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch %description TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), @@ -129,10 +131,10 @@ TigerVNC also provides extensions for advanced authentication methods and TLS encryption. %package -n xorg-x11-Xvnc -# Needed to generate certificates -Requires(post): openssl Requires(post): /usr/sbin/useradd Requires(post): /usr/sbin/groupadd +# Needed to generate certificates +Requires: openssl # Needed to serve java applet Requires: icewm Requires: python @@ -143,6 +145,7 @@ Requires: xkbcomp Requires: xkeyboard-config Requires: xorg-x11-fonts-core +Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh Summary: TigerVNC implementation of Xvnc Group: System/X11/Servers/XF86_4 @@ -180,6 +183,7 @@ %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 pushd unix/xserver patch -p1 < ../xserver117.patch @@ -255,6 +259,9 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc +mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc +install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc + rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-* %find_lang '%{name}' @@ -264,18 +271,6 @@ getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || : usermod -G shadow -a %{vncuser} || : -%post -n xorg-x11-Xvnc -if ! test -e %{tlskey} ; then - (umask 077 && openssl genrsa -out %{tlskey} 2048) - chown %{vncuser}:%{vncgroup} %{tlskey} -fi -if ! test -e %{tlscert} ; then - cn="Automatically generated certificate for the VNC service" - openssl req -new -x509 -extensions usr_cert \ - -key %{tlskey} -out %{tlscert} -days 7305 -subj "/CN=$cn/" - chown %{vncuser}:%{vncgroup} %{tlscert} -fi - %post %if 0%{?suse_version} >= 1315 %_sbindir/update-alternatives \ @@ -358,10 +353,12 @@ %doc java/com/tigervnc/vncviewer/README %{_datadir}/vnc -%dir %{_sysconfdir}/vnc +%dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc %ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey} %ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert} +%{_libexecdir}/vnc + %files -n libXvnc1 %defattr(-,root,root) %{_libdir}/libXvnc.so.1* ++++++ U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch ++++++

From 6f318e4451fcb45054408eaf568ca1c30c2d1ab6 Mon Sep 17 00:00:00 2001 From: Pierre Ossman <ossman@cendio.se> Date: Wed, 11 Nov 2015 13:11:09 +0100 Subject: [PATCH] Clear up ZlibInStream::reset() behaviour

It previously only did a reset of the ZlibInStream object, not the underlying zlib stream. It also had the side effect of flushing the underlying stream and disassociating from it. Clear things up by changing the naming, and introducing a proper reset function (which is needed by the Tight decoder). Index: tigervnc-1.5.0/common/rdr/ZlibInStream.cxx =================================================================== --- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.cxx +++ tigervnc-1.5.0/common/rdr/ZlibInStream.cxx @@ -16,6 +16,8 @@ * USA. */ +#include <assert.h> + #include <rdr/ZlibInStream.h> #include <rdr/Exception.h> #include <zlib.h> @@ -26,26 +28,16 @@ enum { DEFAULT_BUF_SIZE = 16384 }; ZlibInStream::ZlibInStream(int bufSize_) : underlying(0), bufSize(bufSize_ ? bufSize_ : DEFAULT_BUF_SIZE), offset(0), - bytesIn(0) + zs(NULL), bytesIn(0) { - zs = new z_stream; - zs->zalloc = Z_NULL; - zs->zfree = Z_NULL; - zs->opaque = Z_NULL; - zs->next_in = Z_NULL; - zs->avail_in = 0; - if (inflateInit(zs) != Z_OK) { - delete zs; - throw Exception("ZlibInStream: inflateInit failed"); - } ptr = end = start = new U8[bufSize]; + init(); } ZlibInStream::~ZlibInStream() { + deinit(); delete [] start; - inflateEnd(zs); - delete zs; } void ZlibInStream::setUnderlying(InStream* is, int bytesIn_) @@ -60,7 +52,7 @@ int ZlibInStream::pos() return offset + ptr - start; } -void ZlibInStream::reset() +void ZlibInStream::removeUnderlying() { ptr = end = start; if (!underlying) return; @@ -72,6 +64,38 @@ void ZlibInStream::reset() underlying = 0; } +void ZlibInStream::reset() +{ + deinit(); + init(); +} + +void ZlibInStream::init() +{ + assert(zs == NULL); + + zs = new z_stream; + zs->zalloc = Z_NULL; + zs->zfree = Z_NULL; + zs->opaque = Z_NULL; + zs->next_in = Z_NULL; + zs->avail_in = 0; + if (inflateInit(zs) != Z_OK) { + delete zs; + zs = NULL; + throw Exception("ZlibInStream: inflateInit failed"); + } +} + +void ZlibInStream::deinit() +{ + assert(zs != NULL); + removeUnderlying(); + inflateEnd(zs); + delete zs; + zs = NULL; +} + int ZlibInStream::overrun(int itemSize, int nItems, bool wait) { if (itemSize > bufSize) Index: tigervnc-1.5.0/common/rdr/ZlibInStream.h =================================================================== --- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.h +++ tigervnc-1.5.0/common/rdr/ZlibInStream.h @@ -38,11 +38,15 @@ namespace rdr { virtual ~ZlibInStream(); void setUnderlying(InStream* is, int bytesIn); - void reset(); + void removeUnderlying(); int pos(); + void reset(); private: + void init(); + void deinit(); + int overrun(int itemSize, int nItems, bool wait); bool decompress(bool wait); Index: tigervnc-1.5.0/common/rfb/zrleDecode.h =================================================================== --- tigervnc-1.5.0.orig/common/rfb/zrleDecode.h +++ tigervnc-1.5.0/common/rfb/zrleDecode.h @@ -177,7 +177,7 @@ void ZRLE_DECODE (const Rect& r, rdr::In } } - zis->reset(); + zis->removeUnderlying(); } #undef ZRLE_DECODE Index: tigervnc-1.5.0/common/rfb/tightDecode.h =================================================================== --- tigervnc-1.5.0.orig/common/rfb/tightDecode.h +++ tigervnc-1.5.0/common/rfb/tightDecode.h @@ -59,7 +59,7 @@ void TIGHT_DECODE (const Rect& r) rdr::U8 comp_ctl = is->readU8(); - // Flush zlib streams if we are told by the server to do so. + // Reset zlib streams if we are told by the server to do so. for (int i = 0; i < 4; i++) { if (comp_ctl & 1) { zis[i].reset(); @@ -231,7 +231,7 @@ void TIGHT_DECODE (const Rect& r) delete [] netbuf; if (streamId != -1) { - zis[streamId].reset(); + zis[streamId].removeUnderlying(); } } ++++++ vnc.xinetd ++++++ --- /var/tmp/diff_new_pack.9fpjyb/_old 2016-06-29 15:01:22.000000000 +0200 +++ /var/tmp/diff_new_pack.9fpjyb/_new 2016-06-29 15:01:22.000000000 +0200 @@ -9,8 +9,8 @@ protocol = tcp wait = no user = vnc - server = /usr/bin/Xvnc - server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 + server = /usr/lib/vnc/with-vnc-key.sh + server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 disable = yes } # default: off @@ -24,8 +24,8 @@ protocol = tcp wait = no user = vnc - server = /usr/bin/Xvnc - server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 + server = /usr/lib/vnc/with-vnc-key.sh + server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 disable = yes } # default: off @@ -39,8 +39,8 @@ protocol = tcp wait = no user = vnc - server = /usr/bin/Xvnc - server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 + server = /usr/lib/vnc/with-vnc-key.sh + server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 disable = yes } # default: off @@ -54,8 +54,8 @@ protocol = tcp wait = no user = vnc - server = /usr/bin/vnc_inetd_httpd - server_args = 1024 768 5901 + server = /usr/lib/vnc/with-vnc-key.sh + server_args = /usr/bin/vnc_inetd_httpd 1024 768 5901 disable = yes } # default: off @@ -69,8 +69,8 @@ protocol = tcp wait = no user = vnc - server = /usr/bin/vnc_inetd_httpd - server_args = 1280 1024 5902 + server = /usr/lib/vnc/with-vnc-key.sh + server_args = /usr/bin/vnc_inetd_httpd 1280 1024 5902 disable = yes } # default: off @@ -84,7 +84,7 @@ protocol = tcp wait = no user = vnc - server = /usr/bin/vnc_inetd_httpd - server_args = 1600 1200 5903 + server = /usr/lib/vnc/with-vnc-key.sh + server_args = /usr/bin/vnc_inetd_httpd 1600 1200 5903 disable = yes } ++++++ with-vnc-key.sh ++++++ #!/bin/bash # Wrapper that makes sure /etc/vnc/tls.{key,cert} exist before executing given command. TLSKEY=/etc/vnc/tls.key TLSCERT=/etc/vnc/tls.cert if test -s $TLSKEY -a -s $TLSCERT; then # Execute the command we were given. exec "$@" fi ( # Wait for lock on the key file. We must not proceed while someone else is creating it. flock 200 # If the key file doesn't exist or has zero size (because it doubles as lock), generate it. if ! test -s $TLSKEY ; then (umask 077 && openssl genrsa -out $TLSKEY 2048) >&200 chown vnc:vnc $TLSKEY fi # If the cert file doesn't exist, generate it. if ! test -e $TLSCERT ; then CN="Automatically generated certificate for the VNC service" openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/" chown vnc:vnc $TLSCERT fi ) 200>>$TLSKEY 2>/dev/null # Execute the command we were given. exec "$@"