File tigervnc.spec of Package tigervnc.5211
#
# spec file for package tigervnc
#
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define vncgroup vnc
%define vncuser vnc
%define tlskey %{_sysconfdir}/vnc/tls.key
%define tlscert %{_sysconfdir}/vnc/tls.cert
Name: tigervnc
Version: 1.4.3
Release: 0
Obsoletes: tightvnc <= 1.3.9
Provides: tightvnc = 1.3.9.5
Provides: vnc
BuildRequires: Mesa-devel
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: cmake
BuildRequires: fltk-devel
BuildRequires: gcc-c++
BuildRequires: gcc-c++
BuildRequires: java-devel
BuildRequires: jpackage-utils
BuildRequires: libjpeg-devel
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: nasm
BuildRequires: xorg-x11-server-sdk
BuildRequires: xorg-x11-server-source
BuildRequires: pkgconfig(x11)
BuildRequires: pkgconfig(xext)
BuildRequires: pkgconfig(xproto)
BuildRequires: pkgconfig(xtst)
# Because of keytool to build java client
BuildRequires: libgcrypt-devel
BuildRequires: libgpg-error-devel
BuildRequires: mozilla-nss
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: xmlto
BuildRequires: xorg-x11-libICE-devel
BuildRequires: xorg-x11-libSM-devel
BuildRequires: pkgconfig(bigreqsproto) >= 1.1.0
BuildRequires: pkgconfig(compositeproto) >= 0.4
BuildRequires: pkgconfig(damageproto) >= 1.1
BuildRequires: pkgconfig(dri)
BuildRequires: pkgconfig(fixesproto) >= 4.1
BuildRequires: pkgconfig(fontsproto)
BuildRequires: pkgconfig(fontutil)
BuildRequires: pkgconfig(gl)
BuildRequires: pkgconfig(glproto)
BuildRequires: pkgconfig(gnutls)
BuildRequires: pkgconfig(inputproto) >= 1.9.99.902
BuildRequires: pkgconfig(kbproto) >= 1.0.3
BuildRequires: pkgconfig(libtasn1)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(pciaccess) >= 0.8.0
BuildRequires: pkgconfig(pixman-1) >= 0.15.20
BuildRequires: pkgconfig(randrproto) >= 1.2.99.3
BuildRequires: pkgconfig(recordproto) >= 1.13.99.1
BuildRequires: pkgconfig(renderproto) >= 0.11
BuildRequires: pkgconfig(resourceproto)
BuildRequires: pkgconfig(scrnsaverproto) >= 1.1
BuildRequires: pkgconfig(videoproto)
BuildRequires: pkgconfig(xau)
BuildRequires: pkgconfig(xcmiscproto) >= 1.2.0
BuildRequires: pkgconfig(xdmcp)
BuildRequires: pkgconfig(xextproto) >= 7.0.99.3
BuildRequires: pkgconfig(xfont) >= 1.4.2
BuildRequires: pkgconfig(xineramaproto)
BuildRequires: pkgconfig(xkbfile)
BuildRequires: pkgconfig(xproto) >= 7.0.17
BuildRequires: pkgconfig(xtrans) >= 1.2.2
Requires(post): update-alternatives
Requires(postun): update-alternatives
Url: http://tigervnc.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: A high-performance, platform-neutral implementation of VNC
# would need fixing to use fPIC in common/CMakeLists.txt
License: GPL-2.0-only AND MIT
Group: System/X11/Servers/XF86_4
ExcludeArch: s390
Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz
Source3: vnc.xinetd
Source4: 10-libvnc.conf
Source5: vnc-server.firewall
Source6: vnc-httpd.firewall
Source7: vnc_inetd_httpd
Source8: vnc.reg
Source9: vncpasswd.arg
Source10: index.vnc
Source11: with-vnc-key.sh
Patch1: tigervnc-newfbsize.patch
Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: N_use-icewm.patch
Patch4: tigervnc-sf3495623.patch
Patch5: u_tigervnc-dont-send-ascii-control-characters.patch
Patch6: u_tigervnc-ignore-epipe-on-write.patch
Patch7: U_include-vencrypt-only-if-any-subtype-present.patch
Patch8: u_tigervnc-use_preferred_mode.patch
Patch9: u_tigervnc-cve-2014-8240.patch
Patch10: u_tigervnc-send-special-keys-directly.patch
Patch11: n_tigervnc_Revert_Attempt_to_handle_Ctrl-key.patch
Patch12: n_tigervnc-date-time.patch
Patch13: u_terminate_instead_of_ignoring_restart.patch
Patch14: u_syslog.patch
Patch15: u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
Patch16: u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
Patch17: u_tigervnc-add-autoaccept-parameter.patch
Patch18: u_tigervnc-vncserver-clean-pid-files.patch
Patch19: u_tigervnc-prioritize-anon-ecdh.patch
Patch20: U_support_ipv6.patch
Patch21: U_tigervnc_clear_up_zlibinstream_reset_behaviour.patch
Patch22: U_tigervnc-fixed-ipv6-support.patch
Patch23: U_tigervnc-fix-buffer-overflow-in-ModifiablePixelBuffer-fillRect.patch
Patch24: U_tigervnc_proper_global_init_deinit_of_GnuTLS.patch
Patch25: U_tigervnc-delete-underlying-ssecurity-in-SSecurityVeNCrypt.patch
Patch26: U_tigervnc-fix-checkNoWait-logic-in-SSecurityPlain.patch
Patch27: U_tigervnc-fix-crash-from-integer-overflow-in-SMsgReader-readClientCutText.patch
Patch28: U_tigervnc-limit-max-username-password-size-in-SSecurityPlain.patch
Patch29: U_tigervnc-prevent-double-free-by-crafted-fences.patch
Patch30: U_tigervnc-prevent-leak-of-SecurityServer-and-ClientServer.patch
Patch31: U_tigervnc-limit-size-of-cursor-accepted-by-client.patch
Patch41: 0001-Make-ZlibInStream-more-robust-against-failures.patch
Patch43: 0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch
Patch44: 0004-Add-write-protection-to-OffsetPixelBuffer.patch
Patch45: 0005-Handle-empty-Tight-gradient-rects.patch
Patch46: 0006-Add-unit-test-for-PixelFormat-sanity-checks.patch
Patch47: 0007-Fix-depth-sanity-test-in-PixelFormat.patch
Patch48: 0008-Add-sanity-checks-for-PixelFormat-shift-values.patch
Patch49: 0009-Remove-unused-FixedMemOutStream.patch
Patch50: 0010-Use-size_t-for-lengths-in-stream-objects.patch
Patch51: 0011-Be-defensive-about-overflows-in-stream-objects.patch
Patch52: 0012-Add-unit-tests-for-PixelFormat.is888-detection.patch
Patch53: 0013-Handle-pixel-formats-with-odd-shift-values.patch
%description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
a client/server application that allows users to launch and interact with graphical applications on remote machines.
TigerVNC provides the levels of performance necessary to run 3D and video applications;
it attempts to maintain a common look and feel and re-use components, where possible, across the various platforms that it supports.
TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
%package -n xorg-x11-Xvnc
# Needed to serve java applet
Requires: python
Requires: python-pyOpenSSL
Requires: xinetd
# Needed to generate certificates
Requires: openssl
# Needed by vncserver script.
Requires: icewm-lite
Requires: xauth
Requires: xkbcomp
Requires: xkeyboard-config
Requires: xorg-x11-fonts-core
# For the with-vnc-key.sh script
Requires: /bin/hostname
Summary: TigerVNC implementation of Xvnc
Group: System/X11/Servers/XF86_4
%description -n xorg-x11-Xvnc
This is the TigerVNC implementation of Xvnc.
%prep
%setup -T -b1 -q
cp -r /usr/src/xserver/* unix/xserver/
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p0
%patch6 -p0
%patch7 -p0
%patch8 -p0
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch41 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
pushd unix/xserver
patch -p1 < ../xserver115.patch
popd
%build
export CXXFLAGS="%optflags -fPIC"
export CFLAGS="%optflags -fPIC"
# Build all tigervnc
cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} -DCMAKE_BUILD_TYPE=RelWithDebInfo
make %{?_smp_mflags}
# Build Xvnc server
pushd unix/xserver
autoreconf -fi
%configure \
--disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
--disable-xwin --disable-xephyr --disable-kdrive --with-pic \
--disable-static --disable-xinerama \
--with-xkb-path="/usr/share/X11/xkb" \
--with-xkb-output="/var/lib/xkb/compiled" \
--enable-glx --enable-dri --enable-dri2 \
--disable-config-dbus \
--disable-config-hal \
--disable-config-udev \
--without-dtrace \
--disable-unit-tests \
--disable-devel-docs \
--with-fontrootdir=/usr/share/fonts \
--disable-selective-werror
make %{?_smp_mflags} V=1
popd
# Build java client
pushd java
cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix}
make %{?_smp_mflags}
popd
%install
%make_install
mv $RPM_BUILD_ROOT/usr/bin/vncviewer $RPM_BUILD_ROOT/usr/bin/vncviewer-tigervnc
mv $RPM_BUILD_ROOT/usr/share/man/man1/vncviewer.1 $RPM_BUILD_ROOT/usr/share/man/man1/vncviewer-tigervnc.1
pushd unix/xserver
%make_install
popd
pushd java
mkdir -p $RPM_BUILD_ROOT%{_datadir}/vnc/classes
install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes
popd
install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/vnc
%ifnarch s390 s390x
install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf
%endif
install -D -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-server
install -D -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-httpd
install -D -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/vnc_inetd_httpd
install -D -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/slp.reg.d/vnc.reg
install -D -m 755 %{SOURCE9} $RPM_BUILD_ROOT%{_bindir}/vncpasswd.arg
install -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_datadir}/vnc/classes
ln -s -f %{_sysconfdir}/alternatives/vncviewer $RPM_BUILD_ROOT%{_bindir}/vncviewer
ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc
install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc
%find_lang '%{name}'
%pre -n xorg-x11-Xvnc
getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup}
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser}
%post -n xorg-x11-Xvnc
# Script to update /etc/xinetd.d/vnc file. (We don't want the file to be replaced by RPM if the user made any changes, but quite often the only change is removal of "disable = yes". So this script will update the "server_args" and "user" lines unless they have been changed.)
awk -i inplace '
BEGIN {
# vnc1, vnc2, vnc3 services
OLD_LINE1 = "^\tserver_args\t= -noreset -inetd -once -query localhost -geometry [0-9]+x[0-9]+ -securitytypes none$"
NEW_LINE1 = "\tserver_args\t= -noreset -inetd -once -query localhost -geometry %s -securitytypes X509None,TLSNone,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30"
# vnchttpd1, vnchttpd2, vnchttpd3 services
OLD_LINE2 = "^\tserver_args\t= [0-9]+ [0-9]+ [0-9]+$"
NEW_LINE2 = "\tserver_args\t= %s %s %s HTTPS"
# user
OLD_LINE3 = "\tuser\t\t= nobody"
NEW_LINE3 = "\tuser\t\t= vnc"
# Counter for changed vnc services. We want to change httpvnc services only if we changed all 3 vnc services.
CHANGED_VNC_CONFIGS = 0
}
$0 ~ OLD_LINE1 { printf NEW_LINE1 "\n", $9; CHANGED_VNC_CONFIGS++; next; }
$0 ~ OLD_LINE2 && CHANGED_VNC_CONFIGS == 3 { printf NEW_LINE2 "\n", $3, $4, $5; next; }
$0 == OLD_LINE3 { print NEW_LINE3; next; }
{ print }
' /etc/xinetd.d/vnc
%post
%_sbindir/update-alternatives \
--install %{_bindir}/vncviewer vncviewer %{_bindir}/vncviewer-tigervnc 20 \
--slave %{_mandir}/man1/vncviewer.1.gz vncviewer.1.gz %{_mandir}/man1/vncviewer-tigervnc.1.gz
%postun
if [ "$1" = 0 ] ; then
"%_sbindir/update-alternatives" --remove vncviewer /usr/bin/vncviewer-tigervnc
fi
%files -f %{name}.lang
%defattr(-,root,root,-)
%{_bindir}/vncviewer
%{_bindir}/vncviewer-tigervnc
%exclude /usr/share/doc/tigervnc-%{version}
%doc LICENCE.TXT
%doc README.txt
%doc %_mandir/man1/vncviewer.1.gz
%doc %_mandir/man1/vncviewer-tigervnc.1.gz
%ghost %_sysconfdir/alternatives/vncviewer
%ghost %_sysconfdir/alternatives/vncviewer.1.gz
%files -n xorg-x11-Xvnc
%defattr(-,root,root)
%{_bindir}/Xvnc
%{_bindir}/vncconfig
%{_bindir}/vncpasswd
%{_bindir}/vncpasswd.arg
%{_bindir}/vncserver
%{_bindir}/x0vncserver
%{_bindir}/vnc_inetd_httpd
%exclude %{_mandir}/man1/Xserver.1*
%{_mandir}/man1/Xvnc.1*
%{_mandir}/man1/vncconfig.1*
%{_mandir}/man1/vncpasswd.1*
%{_mandir}/man1/vncserver.1*
%{_mandir}/man1/x0vncserver.1*
%exclude /usr/%{_lib}/xorg/protocol.txt
%exclude /usr/%{_lib}/xorg/modules/extensions/libvnc.la
%ifnarch s390 s390x
%{_libdir}/xorg/modules/extensions/libvnc.so
%else
%exclude %{_libdir}/xorg/modules
%exclude %{_libdir}/xorg/modules/extensions
%exclude %{_libdir}/xorg/modules/extensions/libvnc.so
%endif
%exclude /var/lib/xkb/compiled/README.compiled
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-server
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/vnc-httpd
%ifnarch s390 s390x
%config(noreplace) /etc/X11/xorg.conf.d/10-libvnc.conf
%else
%exclude /etc/X11/xorg.conf.d
%endif
%config(noreplace) /etc/xinetd.d/vnc
%dir /etc/slp.reg.d
%config(noreplace) /etc/slp.reg.d/vnc.reg
%exclude /usr/lib/debug/*
%exclude /usr/lib/debug/.*
%exclude /usr/src/debug
%doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc
%dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
%{_libexecdir}/vnc
%changelog
