diff --git a/SOURCES/0001-Restore-correct-size-of-reserved-data.patch b/SOURCES/0001-Restore-correct-size-of-reserved-data.patch new file mode 100644 index 0000000..8f205f3 --- /dev/null +++ b/SOURCES/0001-Restore-correct-size-of-reserved-data.patch @@ -0,0 +1,46 @@ +From 9fe889dbd9e97ee947f13da3c86891940a1a1406 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Thu, 6 Apr 2017 17:12:24 +0100 +Subject: [PATCH] Restore correct size of reserved data + +A previous commit + + commit 7a9271620c894931cc22d6587d58e46c5996dac3 + Author: Lei Li + Date: Mon May 20 11:45:59 2013 +0100 + + Add support for LED state extension to gvnc + +removed 4 elements from the reserved data field, when adding +one pointer. This is because it mistakenly thought the reserved +elements were 1 byte in length, when they are in fact one pointer +in size. + +The original change was technically an ABI incompatible change, +as is this fix. In practice, however, GObject classes are never +instantiated statically at compile time. Instead a call to +g_type_register_static is made at runtime. So this change in the +class size won't have a negative effect unless someone has +subclassed the VncConnectionClass type. Even if subclassing, this +should be harmless as we've merely increased the memory allocation +by 3 words. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit 77bd7cd620a1f9d45f9d479b55a5cba807732b91) +--- + src/vncconnection.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/vncconnection.h b/src/vncconnection.h +index 8c1fa28..3477d1b 100644 +--- a/src/vncconnection.h ++++ b/src/vncconnection.h +@@ -85,7 +85,7 @@ struct _VncConnectionClass + * If adding fields to this struct, remove corresponding + * amount of padding to avoid changing overall struct size + */ +- gpointer _vnc_reserved[VNC_PADDING_LARGE - 5]; ++ gpointer _vnc_reserved[VNC_PADDING_LARGE - 2]; + }; + + diff --git a/SOURCES/0002-Fix-inverted-args-when-creating-framebuffer-for-test.patch b/SOURCES/0002-Fix-inverted-args-when-creating-framebuffer-for-test.patch new file mode 100644 index 0000000..c25347e --- /dev/null +++ b/SOURCES/0002-Fix-inverted-args-when-creating-framebuffer-for-test.patch @@ -0,0 +1,29 @@ +From 871f698cfdd4a7a43e3a155e2b31a13bf54a3cc5 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Thu, 6 Apr 2017 17:18:33 +0100 +Subject: [PATCH] Fix inverted args when creating framebuffer for test suite + +The local & remote format args were inverted in the test +suite. This is currently harmless since we are not trying +to validate the rendered framebuffer content. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit 1f508111add33f0e4ceb4425132777d781974730) +--- + src/vncconnectiontest.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/vncconnectiontest.c b/src/vncconnectiontest.c +index 6a5e49c..7caaa6e 100644 +--- a/src/vncconnectiontest.c ++++ b/src/vncconnectiontest.c +@@ -187,8 +187,7 @@ static void test_helper_desktop_resize(VncConnection *conn, + test->pixels = g_new0(guint8, width * height * 4); + + fb = vnc_base_framebuffer_new(test->pixels, width, height, width * 4, +- remoteFormat, +- &localFormat); ++ &localFormat, remoteFormat); + + vnc_connection_set_framebuffer(conn, VNC_FRAMEBUFFER(fb)); + diff --git a/SOURCES/0003-Avoid-sign-extension-warnings-from-coverity.patch b/SOURCES/0003-Avoid-sign-extension-warnings-from-coverity.patch new file mode 100644 index 0000000..12efffa --- /dev/null +++ b/SOURCES/0003-Avoid-sign-extension-warnings-from-coverity.patch @@ -0,0 +1,34 @@ +From b608ab801c6dfd5babd224d5f8a21010ccb64b28 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Thu, 6 Apr 2017 17:21:29 +0100 +Subject: [PATCH] Avoid sign extension warnings from coverity + + src/vncconnection.c:3082: sign_extension: + Suspicious implicit sign extension: "height" with type "unsigned short" + (16 bits, unsigned) is promoted in "rowlen * height" to type "int" + (32 bits, signed), then sign-extended to type "unsigned long" + (64 bits, unsigned). If "rowlen * height" is greater than 0x7FFFFFFF, + the upper bits of the result will all be 1. + +The 'rowlen' variable is initialization from the unsigned width +variable, so should have used uint instead of int. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit c3e5d23d67c9a209f127caab7843d94a91031a5f) +--- + src/vncconnection.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index 19dbfee..c55f71d 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -3064,7 +3064,7 @@ static void vnc_connection_xcursor(VncConnection *conn, guint16 x, guint16 y, gu + guint8 *pixbuf = NULL; + guint8 *data, *mask, *datap, *maskp; + guint32 *pixp; +- int rowlen; ++ guint rowlen; + int x1, y1; + guint8 fgrgb[3], bgrgb[3]; + guint32 fg, bg; diff --git a/SOURCES/0004-Fix-crash-when-opening-connection-from-a-GSocketAddr.patch b/SOURCES/0004-Fix-crash-when-opening-connection-from-a-GSocketAddr.patch new file mode 100644 index 0000000..83f9262 --- /dev/null +++ b/SOURCES/0004-Fix-crash-when-opening-connection-from-a-GSocketAddr.patch @@ -0,0 +1,32 @@ +From 605811dbb15450037befa3e3b120f737f4625752 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Thu, 6 Apr 2017 17:24:50 +0100 +Subject: [PATCH] Fix crash when opening connection from a GSocketAddress + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit 5368f77d6215d7b6ad1422dff284d288a26ff481) +--- + src/vncconnection.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index c55f71d..8cec1af 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -5423,13 +5423,13 @@ static gboolean vnc_connection_open_addr_internal(VncConnection *conn) + VNC_DEBUG("Connecting with addr %p", priv->addr); + + sock = vnc_connection_connect_socket(&priv->wait, priv->addr, &conn_error); +- vnc_connection_set_error(conn, "Unable to connect: %s", +- conn_error->message); +- g_clear_error(&conn_error); + if (sock) { + priv->sock = sock; + return TRUE; + } ++ vnc_connection_set_error(conn, "Unable to connect: %s", ++ conn_error ? conn_error->message : ""); ++ g_clear_error(&conn_error); + return FALSE; + } + diff --git a/SOURCES/0005-Fix-crash-when-no-error-is-set-after-connection-fail.patch b/SOURCES/0005-Fix-crash-when-no-error-is-set-after-connection-fail.patch new file mode 100644 index 0000000..4deb907 --- /dev/null +++ b/SOURCES/0005-Fix-crash-when-no-error-is-set-after-connection-fail.patch @@ -0,0 +1,36 @@ +From 4b202fd478ccbdb504c9c2a52b5ef4ddcc50838f Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Tue, 11 Apr 2017 10:47:56 +0100 +Subject: [PATCH] Fix crash when no error is set after connection failure + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit a51e6a6973e9bdfcba0e52d3f9ee37686cd95db9) +--- + src/vncconnection.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index 8cec1af..e5b43a0 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -5428,7 +5428,7 @@ static gboolean vnc_connection_open_addr_internal(VncConnection *conn) + return TRUE; + } + vnc_connection_set_error(conn, "Unable to connect: %s", +- conn_error ? conn_error->message : ""); ++ conn_error ? conn_error->message : "Unknown problem"); + g_clear_error(&conn_error); + return FALSE; + } +@@ -5466,8 +5466,9 @@ static gboolean vnc_connection_open_host_internal(VncConnection *conn) + } + g_object_unref(enumerator); + if (!sock) { +- vnc_connection_set_error(conn, "Unable to connect: %s", +- conn_error->message); ++ vnc_connection_set_error(conn, "Unable to connect to %s:%s: %s", ++ priv->host, priv->port, ++ conn_error ? conn_error->message : "Unknown problem"); + } + g_clear_error(&conn_error); + if (sock) { diff --git a/SOURCES/0006-Report-a-proper-error-message-if-hitting-connection-.patch b/SOURCES/0006-Report-a-proper-error-message-if-hitting-connection-.patch new file mode 100644 index 0000000..4526606 --- /dev/null +++ b/SOURCES/0006-Report-a-proper-error-message-if-hitting-connection-.patch @@ -0,0 +1,32 @@ +From 3691a5e5fdf7aeab78ad9b038994c1d24063a509 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Tue, 11 Apr 2017 11:06:28 +0100 +Subject: [PATCH] Report a proper error message if hitting connection timeout + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit 283434730d0cc3a1ee8270e137d71cebe4f0e01b) +--- + src/vncconnection.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index e5b43a0..2b2bdbb 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -103,6 +103,8 @@ + #endif + + ++#define GTK_VNC_ERROR g_quark_from_static_string("gtk-vnc") ++ + struct wait_queue + { + gboolean waiting; +@@ -5386,6 +5388,7 @@ static GSocket *vnc_connection_connect_socket(struct wait_queue *wait, + *error = NULL; + VNC_DEBUG("Socket pending"); + if (!g_io_wait_interruptable(wait, sock, G_IO_OUT|G_IO_ERR|G_IO_HUP)) { ++ g_set_error(error, GTK_VNC_ERROR, 0, "%s", "Connection timed out"); + VNC_DEBUG("connect interrupted"); + timeout = 0; + goto timeout; diff --git a/SOURCES/0007-Fix-incompatibility-with-libvncserver-websockets-han.patch b/SOURCES/0007-Fix-incompatibility-with-libvncserver-websockets-han.patch new file mode 100644 index 0000000..3ab2be0 --- /dev/null +++ b/SOURCES/0007-Fix-incompatibility-with-libvncserver-websockets-han.patch @@ -0,0 +1,241 @@ +From 7079fa855bfbaff0d14122eac27e96a6a6637a17 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Tue, 11 Apr 2017 11:41:03 +0100 +Subject: [PATCH] Fix incompatibility with libvncserver websockets handling + +The previous commit: + + commit 7f4f2fe8da72ed9fef5dd4319e19feb2b4f3d62e + Author: Daniel P. Berrange + Date: Thu Jan 26 09:31:40 2017 +0000 + + Add workaround to avoid hangs when connecting to SPICE + +changed the code so that it would send the bytes "RFB " to the +server before we received its own greeting. This works fine for +VNC servers which follow the RFB protocol spec exclusively. The +libvncserver code though tries to implement websockets tunnelling +support on the same port as the normal RFB service. The way it +does this is by waiting 100ms after the client connects to see +if the client sends any data. If the client sends data, then it +tries to interpret this as an HTTP GET request to initiate the +websockets connection. This breaks when it sees our "RFB " bytes +being sent. Ideally the libvncserver would have just run a normal +RFB connection in this case, but that's not what happens, and +given the libvncserver code is in the wild we need a workaround. + +So instead of immediately sending the 'RFB ' bytes to the VNC +server, we introduce a 2 second wait. ie, we'll wait for the +normal VNC server greeting and if it doesn't arrive after 2 seconds, +we'll send our 'RFB ' bytes proactively, and continue waiting. If we +are on a real VNC server, we'll get our connection initialized +eventually. If connecting to a SPICE server by mistake, we'll get a +clean disconnect, and we'll avoid upsetting libvncserver, because its +100ms wait for HTTP GET will have long since finished. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit f5623cbc63bb0a835bc662d451cc5128d683bd5d) +--- + src/vncconnection.c | 134 +++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 90 insertions(+), 44 deletions(-) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index 2b2bdbb..1ddf38d 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -347,6 +347,23 @@ static GIOCondition g_io_wait(GSocket *sock, GIOCondition cond) + } + + ++static void g_io_wakeup(struct wait_queue *wait) ++{ ++ if (wait->waiting) ++ coroutine_yieldto(wait->context, NULL); ++} ++ ++ ++static gboolean vnc_connection_timeout(gpointer data) ++{ ++ struct wait_queue *wait = data; ++ ++ g_io_wakeup(wait); ++ ++ return FALSE; ++} ++ ++ + static GIOCondition g_io_wait_interruptable(struct wait_queue *wait, + GSocket *sock, + GIOCondition cond) +@@ -373,13 +390,6 @@ static GIOCondition g_io_wait_interruptable(struct wait_queue *wait, + return *ret; + } + +-static void g_io_wakeup(struct wait_queue *wait) +-{ +- if (wait->waiting) +- coroutine_yieldto(wait->context, NULL); +-} +- +- + /* + * Call immediately before the main loop does an iteration. Returns + * true if the condition we're checking is ready for dispatch +@@ -921,8 +931,13 @@ static int vnc_connection_read(VncConnection *conn, void *data, size_t len) + } else if (priv->read_offset == priv->read_size) { + int ret = vnc_connection_read_buf(conn); + +- if (ret < 0) +- return ret; ++ if (ret < 0) { ++ if (ret == -EAGAIN) { ++ return offset == 0 ? -EAGAIN : offset; ++ } else { ++ return ret; ++ } ++ } + priv->read_offset = 0; + priv->read_size = ret; + } +@@ -935,7 +950,7 @@ static int vnc_connection_read(VncConnection *conn, void *data, size_t len) + offset += tmp; + } + +- return 0; ++ return len; + } + + /* +@@ -5239,34 +5254,66 @@ static gboolean vnc_connection_after_version (VncConnection *conn, int major, in + static gboolean vnc_connection_initialize(VncConnection *conn) + { + VncConnectionPrivate *priv = conn->priv; +- int ret, i; ++ int ret, i, want; + char version[13]; + guint32 n_name; ++ gboolean partialGreeting = FALSE; ++ guint timeout; + + priv->absPointer = TRUE; + +- /* We should technically read the server greeting first. +- * If the user mistakenly connects to a SPICE server +- * though, we'll never see the greeting, because with +- * SPICE the client starts first. +- * +- * By sending these 4 bytes first, if the user has +- * accidentally connected to a SPICE server, it will +- * notice this garbage and close the connection, avoiding +- * us waiting forever for a VNC greeting that'll never +- * come. +- * +- * This is harmless for real VNC servers, since the +- * early send will just be queued until they've sent +- * their greeting +- */ +- vnc_connection_write(conn, "RFB ", 4); +- vnc_connection_flush(conn); ++ timeout = g_timeout_add_seconds(2, vnc_connection_timeout, &priv->wait); ++ want = 12; ++ while (want > 0) { ++ priv->wait_interruptable = 1; ++ ret = vnc_connection_read(conn, version + (12 - want), want); ++ priv->wait_interruptable = 0; ++ if (vnc_connection_has_error(conn)) { ++ VNC_DEBUG("Error while reading server version"); ++ goto fail; ++ } ++ if (ret >= 0) { ++ want -= ret; ++ if (ret != 12) { ++ timeout = 0; ++ } ++ } else { ++ if (ret == -EAGAIN) { ++ /* ++ * We didn't see any RFB greeting before our ++ * timeout. We might have mistakenly connected ++ * to a SPICE server, in which case we might ++ * wait forever, since SPICE expects the client ++ * to send first. ++ * ++ * We'll proactively send the 'RFB ' bytes to the ++ * sever. If we've just got a slow VNC server, it'll ++ * be harmless, but if we've got a SPICE server, this ++ * should trigger it to close the connection, avoiding ++ * us waiting foever. ++ * ++ * NB, while we could just send the "RFB " bytes ++ * immediately, the libvncserver code does something ++ * really crazy. When it sees a client connection, it ++ * waits 100ms for an HTTP GET request to indicate ++ * use of websockets proxy. If it sees the RFB bytes ++ * it doesn't run a normal VNC connection, it just kills ++ * the connection :-( ++ */ ++ VNC_DEBUG("No server greeting, sending partial client greeting"); ++ vnc_connection_write(conn, "RFB ", 4); ++ vnc_connection_flush(conn); ++ partialGreeting = TRUE; ++ timeout = 0; ++ } else { ++ VNC_DEBUG("Unexpected read error during greeting"); ++ goto fail; ++ } ++ } ++ } + +- vnc_connection_read(conn, version, 12); +- if (vnc_connection_has_error(conn)) { +- VNC_DEBUG("Error while reading server version"); +- goto fail; ++ if (timeout != 0) { ++ g_source_remove(timeout); + } + + version[12] = 0; +@@ -5291,8 +5338,16 @@ static gboolean vnc_connection_initialize(VncConnection *conn) + priv->minor = 8; + } + +- snprintf(version, 13, "%03d.%03d\n", priv->major, priv->minor); +- vnc_connection_write(conn, version, 8); ++ if (partialGreeting) { ++ VNC_DEBUG("Sending rest of greeting"); ++ snprintf(version, 13, "%03d.%03d\n", priv->major, priv->minor); ++ want = 8; ++ } else { ++ VNC_DEBUG("Sending full greeting"); ++ snprintf(version, 13, "RFB %03d.%03d\n", priv->major, priv->minor); ++ want = 12; ++ } ++ vnc_connection_write(conn, version, want); + vnc_connection_flush(conn); + VNC_DEBUG("Using version: %d.%d", priv->major, priv->minor); + +@@ -5358,15 +5413,6 @@ static gboolean vnc_connection_open_fd_internal(VncConnection *conn) + return !vnc_connection_has_error(conn); + } + +-static gboolean connect_timeout(gpointer data) +-{ +- struct wait_queue *wait = data; +- +- g_io_wakeup(wait); +- +- return FALSE; +-} +- + static GSocket *vnc_connection_connect_socket(struct wait_queue *wait, + GSocketAddress *sockaddr, + GError **error) +@@ -5379,7 +5425,7 @@ static GSocket *vnc_connection_connect_socket(struct wait_queue *wait, + if (!sock) + return NULL; + +- guint timeout = g_timeout_add_seconds(10, connect_timeout, wait); ++ guint timeout = g_timeout_add_seconds(10, vnc_connection_timeout, wait); + + g_socket_set_blocking(sock, FALSE); + if (!g_socket_connect(sock, sockaddr, NULL, error)) { diff --git a/SOURCES/0008-Don-t-short-circuit-request-for-TLS-credentials.patch b/SOURCES/0008-Don-t-short-circuit-request-for-TLS-credentials.patch new file mode 100644 index 0000000..41211c7 --- /dev/null +++ b/SOURCES/0008-Don-t-short-circuit-request-for-TLS-credentials.patch @@ -0,0 +1,40 @@ +From a6ef11572ffdfde69c901c8c4903c911f0e27d76 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 31 Jan 2018 11:09:38 +0000 +Subject: [PATCH] Don't short-circuit request for TLS credentials +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Although newer GNUTLS has a default system trust fallback for CA +certificates, we must still request certificates from the client app. If +we do not, then the VNC client will never be given the opportunity to +provide custom certs to override the system trust database. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit df656c79467c2595b4a2cd35283c7f5d52adf336) +--- + src/vncconnection.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index 1ddf38d..e5496ef 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -3528,16 +3528,8 @@ static gboolean vnc_connection_has_credentials(gpointer data) + return FALSE; + if (priv->want_cred_password && !priv->cred_password) + return FALSE; +- /* +- * For x509 we require a minimum of the CA cert +- * if using GNUTLS < 3.0. With newer GNUTLS we'll +- * fallback to the system trust, so don't need to +- * explicitly check for a CA cert. +- */ +-#if GNUTLS_VERSION_NUMBER < 0x030000 + if (priv->want_cred_x509 && !priv->cred_x509_cacert) + return FALSE; +-#endif + return TRUE; + } + diff --git a/SOURCES/0009-Add-debug-logs-wrt-credential-gathering.patch b/SOURCES/0009-Add-debug-logs-wrt-credential-gathering.patch new file mode 100644 index 0000000..7b6f488 --- /dev/null +++ b/SOURCES/0009-Add-debug-logs-wrt-credential-gathering.patch @@ -0,0 +1,56 @@ +From 109cb2369ce3064e96c91e4387c4e122cf722d53 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 31 Jan 2018 11:11:09 +0000 +Subject: [PATCH] Add debug logs wrt credential gathering +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 8e14f8a00c486ac4a133fcd190526e73406d9cb6) +--- + src/vncconnection.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index e5496ef..35966c9 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -3537,6 +3537,8 @@ static gboolean vnc_connection_gather_credentials(VncConnection *conn) + { + VncConnectionPrivate *priv = conn->priv; + ++ VNC_DEBUG("Checking if credentials are needed"); ++ + if (priv->coroutine_stop) + return FALSE; + +@@ -3554,16 +3556,19 @@ static gboolean vnc_connection_gather_credentials(VncConnection *conn) + g_value_init(&username, VNC_TYPE_CONNECTION_CREDENTIAL); + g_value_set_enum(&username, VNC_CONNECTION_CREDENTIAL_USERNAME); + authCred = g_value_array_append(authCred, &username); ++ VNC_DEBUG("Want a username"); + } + if (priv->want_cred_password) { + g_value_init(&password, VNC_TYPE_CONNECTION_CREDENTIAL); + g_value_set_enum(&password, VNC_CONNECTION_CREDENTIAL_PASSWORD); + authCred = g_value_array_append(authCred, &password); ++ VNC_DEBUG("Want a password"); + } + if (priv->want_cred_x509) { + g_value_init(&clientname, VNC_TYPE_CONNECTION_CREDENTIAL); + g_value_set_enum(&clientname, VNC_CONNECTION_CREDENTIAL_CLIENTNAME); + authCred = g_value_array_append(authCred, &clientname); ++ VNC_DEBUG("Want a TLS clientname"); + } + + sigdata.params.authCred = authCred; +@@ -3577,6 +3582,8 @@ static gboolean vnc_connection_gather_credentials(VncConnection *conn) + VNC_DEBUG("Waiting for missing credentials"); + g_condition_wait(vnc_connection_has_credentials, conn); + VNC_DEBUG("Got all credentials"); ++ } else { ++ VNC_DEBUG("No credentials required"); + } + return !vnc_connection_has_error(conn); + } diff --git a/SOURCES/0010-Explicitly-track-whether-x509-creds-have-been-set.patch b/SOURCES/0010-Explicitly-track-whether-x509-creds-have-been-set.patch new file mode 100644 index 0000000..da8bf46 --- /dev/null +++ b/SOURCES/0010-Explicitly-track-whether-x509-creds-have-been-set.patch @@ -0,0 +1,87 @@ +From 04a3fe9e8122166eb8f257396fd07314182d2fc2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 31 Jan 2018 11:27:10 +0000 +Subject: [PATCH] Explicitly track whether x509 creds have been set +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If we want to use the system trust DB, we can't rely on cred_x509_cacert +field being non-NULL. We must explicitly record whether the client app +has set the x509 credentials. We allow cacert to be missing if we are +built against a new enough GNUTLS. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit abc27748c6ca309ec3c39fb6c84426a459f56c74) +--- + src/vncconnection.c | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index 35966c9..7fcbe89 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -217,6 +217,7 @@ struct _VncConnectionPrivate + char *cred_x509_cacrl; + char *cred_x509_cert; + char *cred_x509_key; ++ gboolean set_cred_x509; + gboolean want_cred_username; + gboolean want_cred_password; + gboolean want_cred_x509; +@@ -3528,7 +3529,7 @@ static gboolean vnc_connection_has_credentials(gpointer data) + return FALSE; + if (priv->want_cred_password && !priv->cred_password) + return FALSE; +- if (priv->want_cred_x509 && !priv->cred_x509_cacert) ++ if (priv->want_cred_x509 && !priv->set_cred_x509) + return FALSE; + return TRUE; + } +@@ -5122,6 +5123,7 @@ static void vnc_connection_close(VncConnection *conn) + priv->cred_password = NULL; + } + ++ priv->set_cred_x509 = FALSE; + if (priv->cred_x509_cacert) { + g_free(priv->cred_x509_cacert); + priv->cred_x509_cacert = NULL; +@@ -5838,6 +5840,7 @@ static gboolean vnc_connection_set_credential_x509(VncConnection *conn, + { + VncConnectionPrivate *priv = conn->priv; + char *sysdir = g_strdup_printf("%s/pki", SYSCONFDIR); ++ int ret; + #ifndef WIN32 + struct passwd *pw; + +@@ -5852,9 +5855,19 @@ static gboolean vnc_connection_set_credential_x509(VncConnection *conn, + for (int i = 0 ; i < sizeof(dirs)/sizeof(dirs[0]) ; i++) + VNC_DEBUG("Searching for certs in %s", dirs[i]); + +- if (vnc_connection_best_path(&priv->cred_x509_cacert, "CA", "cacert.pem", +- dirs, sizeof(dirs)/sizeof(dirs[0])) < 0) ++ ret = vnc_connection_best_path(&priv->cred_x509_cacert, "CA", "cacert.pem", ++ dirs, sizeof(dirs)/sizeof(dirs[0])); ++ /* With modern GNUTLS we can just allow the global GNUTLS trust database ++ * to be used to validate CA certificates if no specific cert is set ++ */ ++ if (ret < 0) { ++#if GNUTLS_VERSION_NUMBER < 0x030000 ++ VNC_DEBUG("No CA certificate provided and no global fallback"); + return FALSE; ++#else ++ VNC_DEBUG("No CA certificate provided, using GNUTLS global trust"); ++#endif ++ } + + /* Don't mind failures of CRL */ + vnc_connection_best_path(&priv->cred_x509_cacrl, "CA", "cacrl.pem", +@@ -5867,6 +5880,8 @@ static gboolean vnc_connection_set_credential_x509(VncConnection *conn, + vnc_connection_best_path(&priv->cred_x509_cert, name, "clientcert.pem", + dirs, sizeof(dirs)/sizeof(dirs[0])); + ++ priv->set_cred_x509 = TRUE; ++ + return TRUE; + } + diff --git a/SPECS/gtk-vnc.spec b/SPECS/gtk-vnc.spec new file mode 100644 index 0000000..fd0c4db --- /dev/null +++ b/SPECS/gtk-vnc.spec @@ -0,0 +1,638 @@ +# -*- rpm-spec -*- + +# This spec file assumes you are building for Fedora 20 or newer, +# or for RHEL 6 or newer. It may need some tweaks for other distros. + +%global with_gir 0 +%if 0%{?fedora} || 0%{?rhel} >= 7 +%global with_gir 1 +%endif + +%global with_gtk3 0 +%if 0%{?fedora} || 0%{?rhel} >= 7 +%global with_gtk3 1 +%endif + +%global with_vala 0 +%if 0%{with_gtk3} +%global with_vala 1 +%endif + +%if 0%{?fedora} >= 25 + %global tls_priority "@LIBVIRT,SYSTEM" +%else + %if 0%{?fedora} >= 21 + %global tls_priority "@SYSTEM" + %else + %global tls_priority "NORMAL" + %endif +%endif + +Summary: A GTK2 widget for VNC clients +Name: gtk-vnc +Version: 0.7.0 +Release: 3%{?dist}%{?extra_release} +License: LGPLv2+ +Group: Development/Libraries +Source: http://ftp.gnome.org/pub/GNOME/sources/%{name}/0.5/%{name}-%{version}.tar.xz +Patch1: 0001-Restore-correct-size-of-reserved-data.patch +Patch2: 0002-Fix-inverted-args-when-creating-framebuffer-for-test.patch +Patch3: 0003-Avoid-sign-extension-warnings-from-coverity.patch +Patch4: 0004-Fix-crash-when-opening-connection-from-a-GSocketAddr.patch +Patch5: 0005-Fix-crash-when-no-error-is-set-after-connection-fail.patch +Patch6: 0006-Report-a-proper-error-message-if-hitting-connection-.patch +Patch7: 0007-Fix-incompatibility-with-libvncserver-websockets-han.patch +Patch8: 0008-Don-t-short-circuit-request-for-TLS-credentials.patch +Patch9: 0009-Add-debug-logs-wrt-credential-gathering.patch +Patch10: 0010-Explicitly-track-whether-x509-creds-have-been-set.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +URL: https://wiki.gnome.org/Projects/gtk-vnc +Requires: gvnc = %{version}-%{release} +BuildRequires: gtk2-devel >= 2.14 +BuildRequires: pygtk2-devel python-devel zlib-devel +BuildRequires: gnutls-devel libgcrypt-devel cyrus-sasl-devel intltool +%if %{with_gir} +BuildRequires: gobject-introspection-devel +%endif +%if %{with_gtk3} +BuildRequires: gtk3-devel +%endif +%if %{with_vala} +BuildRequires: vala-tools +%endif +BuildRequires: pulseaudio-libs-devel +BuildRequires: /usr/bin/pod2man + +%description +gtk-vnc is a VNC viewer widget for GTK2. It is built using coroutines +allowing it to be completely asynchronous while remaining single threaded. + +%package devel +Summary: Development files to build GTK2 applications with gtk-vnc +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig +Requires: gtk2-devel + +%description devel +gtk-vnc is a VNC viewer widget for GTK2. It is built using coroutines +allowing it to be completely asynchronous while remaining single threaded. + +Libraries, includes, etc. to compile with the gtk-vnc library + +%package python +Summary: Python bindings for the gtk-vnc library +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description python +gtk-vnc is a VNC viewer widget for GTK2. It is built using coroutines +allowing it to be completely asynchronous while remaining single threaded. + +A module allowing use of the GTK-VNC widget from python + +%package -n gvnc +Summary: A GObject for VNC connections +Group: Development/Libraries + +%description -n gvnc +gvnc is a GObject for managing a VNC connection. It provides all the +infrastructure required to build a VNC client without having to deal +with the raw protocol itself. + +%package -n gvnc-devel +Summary: Libraries, includes, etc. to compile with the gvnc library +Group: Development/Libraries +Requires: gvnc = %{version}-%{release} +Requires: pkgconfig + +%description -n gvnc-devel +gvnc is a GObject for managing a VNC connection. It provides all the +infrastructure required to build a VNC client without having to deal +with the raw protocol itself. + +Libraries, includes, etc. to compile with the gvnc library + +%package -n gvncpulse +Summary: A Pulse Audio bridge for VNC connections +Group: Development/Libraries +Requires: gvnc = %{version}-%{release} + +%description -n gvncpulse +gvncpulse is a bridge to the Pulse Audio system for VNC. +It allows VNC clients to play back audio on the local +system + +%package -n gvncpulse-devel +Summary: Libraries, includes, etc. to compile with the gvncpulse library +Group: Development/Libraries +Requires: gvncpulse = %{version}-%{release} +Requires: pkgconfig + +%description -n gvncpulse-devel +gvncpulse is a bridge to the Pulse Audio system for VNC. +It allows VNC clients to play back audio on the local +system + +Libraries, includes, etc. to compile with the gvnc library + +%package -n gvnc-tools +Summary: Command line VNC tools +Group: Applications/Internet +Requires: gvnc = %{version}-%{release} + +%description -n gvnc-tools +Provides useful command line utilities for interacting with +VNC servers. Includes the gvnccapture program for capturing +screenshots of a VNC desktop + +%if %{with_gtk3} +%package -n gtk-vnc2 +Summary: A GTK3 widget for VNC clients +Group: Applications/Internet +Requires: gvnc = %{version}-%{release} + +%description -n gtk-vnc2 +gtk-vnc is a VNC viewer widget for GTK3. It is built using coroutines +allowing it to be completely asynchronous while remaining single threaded. + +%package -n gtk-vnc2-devel +Summary: Development files to build GTK3 applications with gtk-vnc +Group: Development/Libraries +Requires: gtk-vnc2 = %{version}-%{release} +Requires: pkgconfig +Requires: gtk3-devel + +%description -n gtk-vnc2-devel +gtk-vnc is a VNC viewer widget for GTK3. It is built using coroutines +allowing it to be completely asynchronous while remaining single threaded. + +Libraries, includes, etc. to compile with the gtk-vnc library +%endif + +%prep +%setup -q -n gtk-vnc-%{version} -c +cd gtk-vnc-%{version} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +cd .. +%if %{with_gtk3} +cp -a gtk-vnc-%{version} gtk-vnc2-%{version} +%endif + +%build +%if %{with_gir} +%define gir_arg --enable-introspection=yes +%else +%define gir_arg --enable-introspection=no +%endif + +cd gtk-vnc-%{version} +%configure --with-gtk=2.0 %{gir_arg} \ + --with-tls-priority=%{tls_priority} +%__make %{?_smp_mflags} V=1 +chmod -x examples/*.pl examples/*.js examples/*.py +cd .. + +%if %{with_gtk3} +cd gtk-vnc2-%{version} +%configure --with-gtk=3.0 %{gir_arg} \ + --with-tls-priority=%{tls_priority} +%__make %{?_smp_mflags} V=1 +chmod -x examples/*.pl examples/*.js examples/*.py +cd .. +%endif + +%install +rm -fr %{buildroot} +cd gtk-vnc-%{version} +%__make install DESTDIR=%{buildroot} +cd .. + +%if %{with_gtk3} +cd gtk-vnc2-%{version} +%__make install DESTDIR=%{buildroot} +cd .. +%endif + +rm -f %{buildroot}%{_libdir}/*.a +rm -f %{buildroot}%{_libdir}/*.la +rm -f %{buildroot}%{_libdir}/python*/site-packages/*.a +rm -f %{buildroot}%{_libdir}/python*/site-packages/*.la + +%find_lang %{name} + +%clean +rm -fr %{buildroot} + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%post -n gvnc -p /sbin/ldconfig + +%postun -n gvnc -p /sbin/ldconfig + +%post -n gvncpulse -p /sbin/ldconfig + +%postun -n gvncpulse -p /sbin/ldconfig + +%if %{with_gtk3} +%post -n gtk-vnc2 -p /sbin/ldconfig + +%postun -n gtk-vnc2 -p /sbin/ldconfig +%endif + +%files +%defattr(-, root, root) +%{_libdir}/libgtk-vnc-1.0.so.* +%if %{with_gir} +%{_libdir}/girepository-1.0/GtkVnc-1.0.typelib +%endif + +%files devel +%defattr(-, root, root) +%doc gtk-vnc-%{version}/examples/gvncviewer.c +%{_libdir}/libgtk-vnc-1.0.so +%dir %{_includedir}/%{name}-1.0/ +%{_includedir}/%{name}-1.0/*.h +%{_libdir}/pkgconfig/%{name}-1.0.pc +%if %{with_gir} +%{_datadir}/gir-1.0/GtkVnc-1.0.gir +%endif + +%files python +%defattr(-, root, root) +%doc gtk-vnc-%{version}/examples/gvncviewer-bindings.py +%{_libdir}/python*/site-packages/gtkvnc.so + +%files -n gvnc -f %{name}.lang +%defattr(-, root, root) +%{_libdir}/libgvnc-1.0.so.* +%if %{with_gir} +%{_libdir}/girepository-1.0/GVnc-1.0.typelib +%endif +%if %{with_vala} +%{_datadir}/vala/vapi/gvnc-1.0.deps +%{_datadir}/vala/vapi/gvnc-1.0.vapi +%endif + +%files -n gvnc-devel +%defattr(-, root, root) +%{_libdir}/libgvnc-1.0.so +%dir %{_includedir}/gvnc-1.0/ +%{_includedir}/gvnc-1.0/*.h +%{_libdir}/pkgconfig/gvnc-1.0.pc +%if %{with_gir} +%{_datadir}/gir-1.0/GVnc-1.0.gir +%endif + +%files -n gvncpulse -f %{name}.lang +%defattr(-, root, root) +%{_libdir}/libgvncpulse-1.0.so.* +%if %{with_gir} +%{_libdir}/girepository-1.0/GVncPulse-1.0.typelib +%endif +%if %{with_vala} +%{_datadir}/vala/vapi/gvncpulse-1.0.deps +%{_datadir}/vala/vapi/gvncpulse-1.0.vapi +%endif + +%files -n gvncpulse-devel +%defattr(-, root, root) +%{_libdir}/libgvncpulse-1.0.so +%dir %{_includedir}/gvncpulse-1.0/ +%{_includedir}/gvncpulse-1.0/*.h +%{_libdir}/pkgconfig/gvncpulse-1.0.pc +%if %{with_gir} +%{_datadir}/gir-1.0/GVncPulse-1.0.gir +%endif + +%files -n gvnc-tools +%defattr(-, root, root) +%doc gtk-vnc-%{version}/AUTHORS +%doc gtk-vnc-%{version}/ChangeLog +%doc gtk-vnc-%{version}/ChangeLog-old +%doc gtk-vnc-%{version}/NEWS +%doc gtk-vnc-%{version}/README +%doc gtk-vnc-%{version}/COPYING.LIB +%{_bindir}/gvnccapture +%{_mandir}/man1/gvnccapture.1* + +%if %{with_gtk3} +%files -n gtk-vnc2 +%defattr(-, root, root) +%{_libdir}/libgtk-vnc-2.0.so.* +%if %{with_gir} +%{_libdir}/girepository-1.0/GtkVnc-2.0.typelib +%endif +%if %{with_vala} +%{_datadir}/vala/vapi/gtk-vnc-2.0.deps +%{_datadir}/vala/vapi/gtk-vnc-2.0.vapi +%endif + +%files -n gtk-vnc2-devel +%defattr(-, root, root) +%doc gtk-vnc2-%{version}/examples/gvncviewer.c +%if %{with_gir} +%doc gtk-vnc2-%{version}/examples/gvncviewer.js +%doc gtk-vnc2-%{version}/examples/gvncviewer.pl +%doc gtk-vnc2-%{version}/examples/gvncviewer-introspection.py +%endif +%{_libdir}/libgtk-vnc-2.0.so +%dir %{_includedir}/%{name}-2.0/ +%{_includedir}/%{name}-2.0/*.h +%{_libdir}/pkgconfig/%{name}-2.0.pc +%if %{with_gir} +%{_datadir}/gir-1.0/GtkVnc-2.0.gir +%endif +%endif + +%changelog +* Thu Feb 1 2018 Daniel P. Berrange - 0.7.0-3 +- Fix TLS credentials request (rhbz #1539148) + +* Wed Apr 12 2017 Daniel P. Berrange - 0.7.0-2 +- Fix reserved data size (rhbz #1416783) +- Fix inverted args in tests (rhbz #1416783) +- Avoid sign extension problems (rhbz #1416783) +- Fix crash with opening via GSocketAddress (rhbz #1416783) +- Fix crash & error reporting during connection timeout (rhbz #1441120) +- Fix incompatibility with libvncserver websockets (rhbz #921330) + +* Thu Feb 16 2017 Daniel P. Berrange - 0.7.0-1 +- Update to 0.7.0 release (rhbz #1416783) +- Release held keys when loosing focus (rhbz #921008) +- Avoid warnings when disconnecting (rhbz #1126825) +- Workaround to avoid hang connecting to SPICE guest (rhbz #921330) +- CVE-2017-5884 - fix bounds checking for RRE, hextile and + copyrect encodings (rhbz #1425367) +- CVE-2017-5885 - fix color map index bounds checking (rhbz #1425367) + +* Fri Jan 24 2014 Daniel Mach - 0.5.2-7 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.5.2-6 +- Mass rebuild 2013-12-27 + +* Wed Oct 9 2013 Daniel P. Berrange - 0.5.2-5 +- Fix missing/incorrect deps in sub-RPMs + +* Fri Sep 13 2013 Daniel P. Berrange - 0.5.2-4 +- Only process key grab sequence upon release (rhbz #1007877) + +* Fri Sep 13 2013 Daniel P. Berrange - 0.5.2-3 +- Fix memory leak in ucontext coroutine (rhbz #1007837) + +* Wed May 8 2013 Daniel P. Berrange - 0.5.2-2 +- Turn off execute bit on examples to stop auto-deps being added + +* Tue Apr 30 2013 Daniel Mach - 0.5.2-1.2 +- Rebuild for cyrus-sasl + +* Fri Feb 22 2013 Daniel P. Berrange - 0.5.2-1 +- Update to 0.5.2 release +- Fix auth credential type (rhbz #697067) + +* Sat Feb 16 2013 Cole Robinson - 0.5.1-7 +- Fix send_key introspection bindings + +* Thu Feb 14 2013 Fedora Release Engineering - 0.5.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Dec 10 2012 Adam Jackson 0.5.1-5 +- gtk-vnc-0.5.1-bigendian.patch: Fix pixel swizzling on big-endian. + +* Tue Sep 4 2012 Daniel P. Berrange - 0.5.1-4 +- Add missing deps on gvnc (rhbz #852053) + +* Thu Jul 19 2012 Fedora Release Engineering - 0.5.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jul 14 2012 Ville Skyttä - 0.5.1-2 +- Call ldconfig at gvnc, gvncpulse, and gtk-vnc2 post(un)install time. + +* Thu Jul 12 2012 Daniel P. Berrange - 0.5.1-1 +- Update to 0.5.1 release + +* Fri Jan 13 2012 Fedora Release Engineering - 0.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 21 2011 Daniel P. Berrange - 0.5.0-1 +- Update to 0.5.0 release + +* Thu Nov 10 2011 Daniel P. Berrange - 0.4.4-1 +- Update to 0.4.4 release + +* Tue Nov 08 2011 Adam Jackson - 0.4.3-2 +- Rebuild to break bogus libpng dep + +* Fri Feb 18 2011 Daniel P. Berrange - 0.4.3-1 +- Update to 0.4.3 release + +* Thu Feb 10 2011 Matthias Clasen - 0.4.2-10 +- Rebuild against newer gtk + +* Wed Feb 09 2011 Fedora Release Engineering - 0.4.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 2 2011 Matthias Clasen - 0.4.2-8 +- Rebuild against newer gtk + +* Thu Jan 13 2011 Daniel P. Berrange - 0.4.2-7 +- Cope with multiple GDK backends in GTK3 + +* Tue Jan 11 2011 Daniel P. Berrange - 0.4.2-6 +- Rebuild for change in GTK3 soname + +* Mon Jan 10 2011 Daniel P. Berrange - 0.4.2-5 +- Add fix to remove use of GdkDrawble for GTK3 compat + +* Sun Jan 9 2011 Matthias Clasen - 0.4.2-5 +- Rebuild against newer gtk3 + +* Tue Dec 14 2010 Daniel P. Berrange - 0.4.2-4 +- Fix unref of GSource objects to address performance degradation (rhbz #657847) + +* Mon Nov 29 2010 Daniel P. Berrange - 0.4.2-3 +- Re-introduce a server side pixmap via cairo to cache framebuffer (rhbz #657542) + +* Mon Nov 29 2010 Daniel P. Berrange - 0.4.2-2 +- Fix crash in TLS shutdown code (rhbz #650601) +- Fix crash in motion event handler (rhbz #650104) +- Fix framebuffer update bounds checking (rhbz #655630) + +* Fri Nov 5 2010 Daniel P. Berrange - 0.4.2-1 +- Update to 0.4.2 release. +- Enable experimental GTK3 build + +* Mon Oct 18 2010 Colin Walters - 0.4.1-9 +- Rebuild to use old pygobject2-python2 API again: + https://bugzilla.redhat.com/show_bug.cgi?id=638457 + +* Wed Sep 29 2010 jkeating - 0.4.1-8 +- Rebuilt for gcc bug 634757 + +* Tue Sep 21 2010 Matthias Clasen - 0.4.1-7 +- Rebuild against newer gobject-introspection + +* Tue Aug 31 2010 Daniel P. Berrange - 0.4.1-6 +- Prevent RPM picking up a dep on gjs (rhbz 628604) + +* Fri Aug 6 2010 Daniel P. Berrange - 0.4.1-5 +- Reset buffer offsets on connection close (rhbz 620843) + +* Thu Aug 5 2010 Daniel P. Berrange - 0.4.1-4 +- Reset buffer pointer on connection close (rhbz 620843) + +* Wed Jul 21 2010 David Malcolm - 0.4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Thu Jul 15 2010 Colin Walters - 0.4.1-2 +- Rebuild with new gobject-introspection + +* Wed Jul 14 2010 Daniel P. Berrange - 0.4.1-1 +- Update to 0.4.1 release + +* Sun Jul 11 2010 Daniel P. Berrange - 0.4.0-1 +- Update to 0.4.0 release +- Add new sub-packages for gvnc + +* Tue Apr 27 2010 Daniel P. Berrange - 0.3.10-3 +- Drop VNC connection if the server sends a update spaning outside bounds of desktop (rhbz #540810) +- Fix gcrypt threading initialization (rhbz #537489) + +* Tue Oct 20 2009 Matthias Clasen - 0.3.10-1 +- Update to 0.3.10 + +* Thu Oct 8 2009 Matthias Clasen - 0.3.9-2 +- Request a full screen refresh when receives a desktop-resize encoding + +* Tue Aug 11 2009 Daniel P. Berrange - 0.3.9-1 +- Update to 0.3.9 release + +* Tue Aug 11 2009 Ville Skyttä - 0.3.8-10 +- Use bzipped upstream tarball. + +* Fri Jul 24 2009 Fedora Release Engineering - 0.3.8-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Mar 27 2009 Daniel P. Berrange - 0.3.8-8.fc11 +- Fix ungrab when pointer type changes + +* Tue Mar 24 2009 Daniel P. Berrange - 0.3.8-7.fc11 +- Fix release of keyboard grab when releasing mouse grab outside app window (rhbz #491167) + +* Thu Mar 5 2009 Daniel P. Berrange - 0.3.8-6.fc11 +- Fix SASL address generation when using AF_UNIX sockets + +* Tue Mar 3 2009 Daniel P. Berrange - 0.3.8-5.fc11 +- Support SASL authentication extension + +* Thu Feb 26 2009 Daniel P. Berrange - 0.3.8-4.fc11 +- Fix relative mouse handling to avoid 'invisible wall' + +* Tue Feb 24 2009 Fedora Release Engineering - 0.3.8-3.fc11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Feb 24 2009 Daniel P. Berrange - 0.3.8-2.fc11 +- Update URLs to gnome.org hosting + +* Sun Dec 7 2008 Daniel P. Berrange - 0.3.8-1.fc11 +- Update to 0.3.8 release + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.3.7-4 +- Rebuild for Python 2.6 + +* Thu Oct 9 2008 Daniel P. Berrange - 0.3.7-3.fc10 +- Avoid bogus framebuffer updates for psuedo-encodings +- Fix scancode translation for evdev + +* Thu Sep 25 2008 Daniel P. Berrange - 0.3.7-2.fc10 +- Allow pointer ungrab keysequence if already grabbed (rhbz #463729) + +* Fri Sep 5 2008 Matthias Clasen - 0.3.7-1 +- Update to 0.3.7 + +* Thu Aug 28 2008 Daniel P. Berrange - 0.3.6-4.fc10 +- Fix key/mouse event propagation (rhbz #454627) + +* Mon Jul 7 2008 Tom "spot" Callaway - 0.3.6-3 +- fix conditional comparison + +* Wed Jun 25 2008 Daniel P. Berrange - 0.3.6-2.fc10 +- Rebuild for GNU TLS ABI change + +* Wed May 7 2008 Daniel P. Berrange - 0.3.6-1.fc10 +- Updated to 0.3.6 release + +* Fri Apr 25 2008 Matthias Clasen - 0.3.5-1.fc9 +- Update to 0.3.5 + +* Fri Apr 4 2008 Daniel P. Berrange - 0.3.4-4.fc9 +- Remove bogus chunk of render patch + +* Thu Apr 3 2008 Daniel P. Berrange - 0.3.4-3.fc9 +- Fix OpenGL rendering artifacts (rhbz #440184) + +* Thu Apr 3 2008 Daniel P. Berrange - 0.3.4-2.fc9 +- Fixed endianness conversions +- Fix makecontext() args crash on x86_64 +- Fix protocol version negotiation + +* Thu Mar 6 2008 Daniel P. Berrange - 0.3.4-1.fc9 +- Update to 0.3.4 release +- Fix crash with OpenGL scaling code + +* Sun Feb 3 2008 Daniel P. Berrange - 0.3.3-1.fc9 +- Update to 0.3.3 release + +* Mon Jan 14 2008 Daniel P. Berrange - 0.3.2-2.fc9 +- Track keystate to avoid stuck modifier keys + +* Mon Dec 31 2007 Daniel P. Berrange - 0.3.2-1.fc9 +- Update to 0.3.2 release +- Added dep on zlib-devel + +* Thu Dec 13 2007 Daniel P. Berrange - 0.3.1-1.fc9 +- Update to 0.3.1 release + +* Wed Oct 10 2007 Daniel P. Berrange - 0.2.0-4.fc8 +- Fixed coroutine cleanup to avoid SEGV (rhbz #325731) + +* Thu Oct 4 2007 Daniel P. Berrange - 0.2.0-3.fc8 +- Fixed coroutine caller to avoid SEGV + +* Wed Sep 26 2007 Daniel P. Berrange - 0.2.0-2.fc8 +- Remove use of PROT_EXEC for coroutine stack (rhbz #307531 ) + +* Thu Sep 13 2007 Daniel P. Berrange - 0.2.0-1.fc8 +- Update to 0.2.0 release + +* Wed Aug 29 2007 Daniel P. Berrange - 0.1.0-5.fc8 +- Fixed handling of mis-matched client/server colour depths + +* Wed Aug 22 2007 Daniel P. Berrange - 0.1.0-4.fc8 +- Fix mixed endian handling & BGR pixel format (rhbz #253597) +- Clear widget areas outside of framebuffer (rhbz #253599) +- Fix off-by-one in python demo + +* Thu Aug 16 2007 Daniel P. Berrange - 0.1.0-3.fc8 +- Tweaked post scripts +- Removed docs from sub-packages +- Explicitly set license to LGPLv2+ +- Remove use of macro for install rule + +* Wed Aug 15 2007 Daniel P. Berrange - 0.1.0-2.fc8 +- Added gnutls-devel requirement to -devel package + +* Wed Aug 15 2007 Daniel P. Berrange - 0.1.0-1.fc8 +- Initial official release