Hello community,
here is the log from the commit of package tigervnc for openSUSE:Factory checked in at 2016-06-29 15:01:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tigervnc (Old)
and /work/SRC/openSUSE:Factory/.tigervnc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tigervnc"
Changes:
--------
--- /work/SRC/openSUSE:Factory/tigervnc/tigervnc.changes 2016-06-02 12:48:35.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.tigervnc.new/tigervnc.changes 2016-06-29 15:01:21.000000000 +0200
@@ -1,0 +2,12 @@
+Thu Jun 16 13:17:15 UTC 2016 - msrb@suse.com
+
+- Generate VNC key and certificate on first use, not during
+ installation. (bnc#982349)
+
+-------------------------------------------------------------------
+Mon Jun 13 15:21:19 UTC 2016 - msrb@suse.com
+
+- Add U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
+ * Fix zlib stream reset in tight encoding. (bnc#963417)
+
+-------------------------------------------------------------------
New:
----
U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
with-vnc-key.sh
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tigervnc.spec ++++++
--- /var/tmp/diff_new_pack.9fpjyb/_old 2016-06-29 15:01:22.000000000 +0200
+++ /var/tmp/diff_new_pack.9fpjyb/_new 2016-06-29 15:01:22.000000000 +0200
@@ -108,6 +108,7 @@
Source8: vnc.reg
Source9: vncpasswd.arg
Source10: vnc.pam
+Source11: with-vnc-key.sh
Patch1: tigervnc-newfbsize.patch
Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: u_tigervnc-ignore-epipe-on-write.patch
@@ -120,6 +121,7 @@
Patch10: U_add_allowoverride_parameter.patch
Patch11: u_build_libXvnc_as_separate_library.patch
Patch12: u_tigervnc-show-unencrypted-warning.patch
+Patch13: U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
%description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
@@ -129,10 +131,10 @@
TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
%package -n xorg-x11-Xvnc
-# Needed to generate certificates
-Requires(post): openssl
Requires(post): /usr/sbin/useradd
Requires(post): /usr/sbin/groupadd
+# Needed to generate certificates
+Requires: openssl
# Needed to serve java applet
Requires: icewm
Requires: python
@@ -143,6 +145,7 @@
Requires: xkbcomp
Requires: xkeyboard-config
Requires: xorg-x11-fonts-core
+Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh
Summary: TigerVNC implementation of Xvnc
Group: System/X11/Servers/XF86_4
@@ -180,6 +183,7 @@
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
pushd unix/xserver
patch -p1 < ../xserver117.patch
@@ -255,6 +259,9 @@
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
+mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc
+install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc
+
rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-*
%find_lang '%{name}'
@@ -264,18 +271,6 @@
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || :
usermod -G shadow -a %{vncuser} || :
-%post -n xorg-x11-Xvnc
-if ! test -e %{tlskey} ; then
- (umask 077 && openssl genrsa -out %{tlskey} 2048)
- chown %{vncuser}:%{vncgroup} %{tlskey}
-fi
-if ! test -e %{tlscert} ; then
- cn="Automatically generated certificate for the VNC service"
- openssl req -new -x509 -extensions usr_cert \
- -key %{tlskey} -out %{tlscert} -days 7305 -subj "/CN=$cn/"
- chown %{vncuser}:%{vncgroup} %{tlscert}
-fi
-
%post
%if 0%{?suse_version} >= 1315
%_sbindir/update-alternatives \
@@ -358,10 +353,12 @@
%doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc
-%dir %{_sysconfdir}/vnc
+%dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
+%{_libexecdir}/vnc
+
%files -n libXvnc1
%defattr(-,root,root)
%{_libdir}/libXvnc.so.1*
++++++ U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch ++++++
From 6f318e4451fcb45054408eaf568ca1c30c2d1ab6 Mon Sep 17 00:00:00 2001
From: Pierre Ossman
Date: Wed, 11 Nov 2015 13:11:09 +0100
Subject: [PATCH] Clear up ZlibInStream::reset() behaviour
It previously only did a reset of the ZlibInStream object, not the
underlying zlib stream. It also had the side effect of flushing
the underlying stream and disassociating from it.
Clear things up by changing the naming, and introducing a proper
reset function (which is needed by the Tight decoder).
Index: tigervnc-1.5.0/common/rdr/ZlibInStream.cxx
===================================================================
--- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.cxx
+++ tigervnc-1.5.0/common/rdr/ZlibInStream.cxx
@@ -16,6 +16,8 @@
* USA.
*/
+#include
+
#include
#include
#include
@@ -26,26 +28,16 @@ enum { DEFAULT_BUF_SIZE = 16384 };
ZlibInStream::ZlibInStream(int bufSize_)
: underlying(0), bufSize(bufSize_ ? bufSize_ : DEFAULT_BUF_SIZE), offset(0),
- bytesIn(0)
+ zs(NULL), bytesIn(0)
{
- zs = new z_stream;
- zs->zalloc = Z_NULL;
- zs->zfree = Z_NULL;
- zs->opaque = Z_NULL;
- zs->next_in = Z_NULL;
- zs->avail_in = 0;
- if (inflateInit(zs) != Z_OK) {
- delete zs;
- throw Exception("ZlibInStream: inflateInit failed");
- }
ptr = end = start = new U8[bufSize];
+ init();
}
ZlibInStream::~ZlibInStream()
{
+ deinit();
delete [] start;
- inflateEnd(zs);
- delete zs;
}
void ZlibInStream::setUnderlying(InStream* is, int bytesIn_)
@@ -60,7 +52,7 @@ int ZlibInStream::pos()
return offset + ptr - start;
}
-void ZlibInStream::reset()
+void ZlibInStream::removeUnderlying()
{
ptr = end = start;
if (!underlying) return;
@@ -72,6 +64,38 @@ void ZlibInStream::reset()
underlying = 0;
}
+void ZlibInStream::reset()
+{
+ deinit();
+ init();
+}
+
+void ZlibInStream::init()
+{
+ assert(zs == NULL);
+
+ zs = new z_stream;
+ zs->zalloc = Z_NULL;
+ zs->zfree = Z_NULL;
+ zs->opaque = Z_NULL;
+ zs->next_in = Z_NULL;
+ zs->avail_in = 0;
+ if (inflateInit(zs) != Z_OK) {
+ delete zs;
+ zs = NULL;
+ throw Exception("ZlibInStream: inflateInit failed");
+ }
+}
+
+void ZlibInStream::deinit()
+{
+ assert(zs != NULL);
+ removeUnderlying();
+ inflateEnd(zs);
+ delete zs;
+ zs = NULL;
+}
+
int ZlibInStream::overrun(int itemSize, int nItems, bool wait)
{
if (itemSize > bufSize)
Index: tigervnc-1.5.0/common/rdr/ZlibInStream.h
===================================================================
--- tigervnc-1.5.0.orig/common/rdr/ZlibInStream.h
+++ tigervnc-1.5.0/common/rdr/ZlibInStream.h
@@ -38,11 +38,15 @@ namespace rdr {
virtual ~ZlibInStream();
void setUnderlying(InStream* is, int bytesIn);
- void reset();
+ void removeUnderlying();
int pos();
+ void reset();
private:
+ void init();
+ void deinit();
+
int overrun(int itemSize, int nItems, bool wait);
bool decompress(bool wait);
Index: tigervnc-1.5.0/common/rfb/zrleDecode.h
===================================================================
--- tigervnc-1.5.0.orig/common/rfb/zrleDecode.h
+++ tigervnc-1.5.0/common/rfb/zrleDecode.h
@@ -177,7 +177,7 @@ void ZRLE_DECODE (const Rect& r, rdr::In
}
}
- zis->reset();
+ zis->removeUnderlying();
}
#undef ZRLE_DECODE
Index: tigervnc-1.5.0/common/rfb/tightDecode.h
===================================================================
--- tigervnc-1.5.0.orig/common/rfb/tightDecode.h
+++ tigervnc-1.5.0/common/rfb/tightDecode.h
@@ -59,7 +59,7 @@ void TIGHT_DECODE (const Rect& r)
rdr::U8 comp_ctl = is->readU8();
- // Flush zlib streams if we are told by the server to do so.
+ // Reset zlib streams if we are told by the server to do so.
for (int i = 0; i < 4; i++) {
if (comp_ctl & 1) {
zis[i].reset();
@@ -231,7 +231,7 @@ void TIGHT_DECODE (const Rect& r)
delete [] netbuf;
if (streamId != -1) {
- zis[streamId].reset();
+ zis[streamId].removeUnderlying();
}
}
++++++ vnc.xinetd ++++++
--- /var/tmp/diff_new_pack.9fpjyb/_old 2016-06-29 15:01:22.000000000 +0200
+++ /var/tmp/diff_new_pack.9fpjyb/_new 2016-06-29 15:01:22.000000000 +0200
@@ -9,8 +9,8 @@
protocol = tcp
wait = no
user = vnc
- server = /usr/bin/Xvnc
- server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
+ server = /usr/lib/vnc/with-vnc-key.sh
+ server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@@ -24,8 +24,8 @@
protocol = tcp
wait = no
user = vnc
- server = /usr/bin/Xvnc
- server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
+ server = /usr/lib/vnc/with-vnc-key.sh
+ server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@@ -39,8 +39,8 @@
protocol = tcp
wait = no
user = vnc
- server = /usr/bin/Xvnc
- server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
+ server = /usr/lib/vnc/with-vnc-key.sh
+ server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes
}
# default: off
@@ -54,8 +54,8 @@
protocol = tcp
wait = no
user = vnc
- server = /usr/bin/vnc_inetd_httpd
- server_args = 1024 768 5901
+ server = /usr/lib/vnc/with-vnc-key.sh
+ server_args = /usr/bin/vnc_inetd_httpd 1024 768 5901
disable = yes
}
# default: off
@@ -69,8 +69,8 @@
protocol = tcp
wait = no
user = vnc
- server = /usr/bin/vnc_inetd_httpd
- server_args = 1280 1024 5902
+ server = /usr/lib/vnc/with-vnc-key.sh
+ server_args = /usr/bin/vnc_inetd_httpd 1280 1024 5902
disable = yes
}
# default: off
@@ -84,7 +84,7 @@
protocol = tcp
wait = no
user = vnc
- server = /usr/bin/vnc_inetd_httpd
- server_args = 1600 1200 5903
+ server = /usr/lib/vnc/with-vnc-key.sh
+ server_args = /usr/bin/vnc_inetd_httpd 1600 1200 5903
disable = yes
}
++++++ with-vnc-key.sh ++++++
#!/bin/bash
# Wrapper that makes sure /etc/vnc/tls.{key,cert} exist before executing given command.
TLSKEY=/etc/vnc/tls.key
TLSCERT=/etc/vnc/tls.cert
if test -s $TLSKEY -a -s $TLSCERT; then
# Execute the command we were given.
exec "$@"
fi
(
# Wait for lock on the key file. We must not proceed while someone else is creating it.
flock 200
# If the key file doesn't exist or has zero size (because it doubles as lock), generate it.
if ! test -s $TLSKEY ; then
(umask 077 && openssl genrsa -out $TLSKEY 2048) >&200
chown vnc:vnc $TLSKEY
fi
# If the cert file doesn't exist, generate it.
if ! test -e $TLSCERT ; then
CN="Automatically generated certificate for the VNC service"
openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
chown vnc:vnc $TLSCERT
fi
) 200>>$TLSKEY 2>/dev/null
# Execute the command we were given.
exec "$@"