Brian P. Hinz [Mon, 3 Nov 2014 04:37:54 +0000 (23:37 -0500)]
Major overhaul of SSLEngineManager
The SSLEngineManager was basically an abomination. The work is now
done as it should be, with the buffers being fed and the engine
deciding when data is consumed or produced. The engine should be
much more robust now as well.
Additionally, although JRE 7 supports the TLSv1.1 and TLSv1.2
protocols, they are not actually enabled by default. The JSSE
reference cites compatibility reasons for this but this doesn't
appear to be the case with the TigerVNC server and they will be
enabled by default in JRE 8.
The regular expression for enabling anonymous DH cipher suites
was too narrow and excluded the elliptic curve ciphers, which
are now ordered ahead of the ephemeral ciphers by the default
security provider.
Lastly, increase the size of the buffer in FdOutStream from 8Kb
to 16Kb. I'm not sure why FdInStream and FdOutStream were
asymmetric to begin with, but 16Kb is the default size for TLS
packets and there seems to be now negative effects on plain
text connections.
Pierre Ossman [Fri, 17 Oct 2014 08:36:58 +0000 (10:36 +0200)]
Clean up GnuTLS linking and instructions
GnuTLS can have different crypto backends, and it is rarely gcrypt
these days. So we should not be including that unconditionally,
and should not be pointing people at it either. Also remove the
section about Win32 binaries as those are out of date and probably
insecure. Lastly remove the section about static builds as it is
a general issue and in no way complete with just the GnuTLS portions.
Tim Waugh [Thu, 16 Oct 2014 13:53:17 +0000 (14:53 +0100)]
Don't use MIT-SHM on remote displays.
When run from within 'ssh -X' or 'ssh -Y', MIT-SHM will appear to be
available even though it won't work: the shared memory will be on the
machine running vncviewer, not on the machine running the X server it
displays to. Depending on what shm segments are available on the
machine running the X server, the failure may not be apparent when
checking that MIT-SHM works.
Avoid this by not using MIT-SHM when XDisplayName() indicates we may
not be running locally.
Original bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1072733
Pierre Ossman [Fri, 10 Oct 2014 11:37:35 +0000 (13:37 +0200)]
Use exceptions rather than asserts for for "normal" errors
Although these are rare, they are still not indicative of bugs so
an exception (which ends up in the log and might also be shown to
the user) is more appropriate than an assert. Asserts should only
be used to catch blatant API misuse and similar.
Pierre Ossman [Tue, 30 Sep 2014 15:03:28 +0000 (17:03 +0200)]
Handle PrintScreen and SysReq on Windows
This key requires a bit extra care on Windows. We get wildly
different messages depending on if Alt is pressed or not. The symbol
chosen now follows the standard behaviour on X11.
Brian P. Hinz [Sat, 27 Sep 2014 02:02:47 +0000 (22:02 -0400)]
Fix pointer initialization to prevent NULL events.
Moved call to initEventq() into InitInputDevice() to prevent NULL events from being passed in. The surrounding IFDEF explains why Red Hat BZ bug #820443 just went away, EL6 bumped the version of xorg-x11-server-source to 1.13 at EL6.4.
Pierre Ossman [Wed, 17 Sep 2014 15:11:56 +0000 (17:11 +0200)]
Move preferred encoding tracking into a server object
Having it in ConnParams made the linker pull all the encoder objects
into vncviewer, making it larger than necessary and giving it extra
parameters in its help output that weren't relevant.
Pierre Ossman [Tue, 19 Aug 2014 12:08:04 +0000 (14:08 +0200)]
Disable input methods when the viewport is focused
Input methods are way too complex for us to map them to the VNC
protocol in any sane manner. Best just to disable them and rely
on simple keyboard behaviour when the viewport is active.
Pierre Ossman [Fri, 22 Aug 2014 12:43:33 +0000 (14:43 +0200)]
Ship FLTK patches instead of referring a URI
It makes things more self contained (although you still need to
download FLTK itself), avoids the confusion of STR:s in varying
states, and allows us to refer to patches that aren't available
on an STR.
Brian P. Hinz [Fri, 8 Aug 2014 03:52:19 +0000 (23:52 -0400)]
Fix some cmake quoting and escape issues. The un-escaped parens generate a "Argument not separated from preceding token by whitespace" warning. The '--directory' argument might need to be quoted if PROJECT_SOURCE_DIR contains spaces.
bphinz [Fri, 8 Aug 2014 03:31:35 +0000 (23:31 -0400)]
Merge pull request #21 from bphinz/precise-damage-fix
Added missing dependency in Ubuntu precise package that caused x0vncserver to fall back to polling if the build host didn't already have libxdamage-dev installed.