These streams both need to change the corking state temporarily, but it
is important it is restored to the previous state or things might get
messed up.

For the zlib stream it would just leave things uncorked, which still
works but is less efficient.

But for the TLS stream it might make things very unresponsive as the
corking might be left on permanently, delaying packets indefinitely.

There is no point flushing when corking was enabled, as we might then
push out a small buffer that the corking otherwise would have preserved.

Modern cmake has better support for adding source files and libraries
incrementally, so let's use that to clean things up.

Enable this automatically for developers so we increase the chance of
these problems getting caught. There is a risk of overhead though so
keep them disabled for release builds.

Unfortunately this error can be given by GnuTLS even though the
underlying stream still has data available. So stop trusting this value
and keep track of the underlying stream explicitly.

The generally recommended way is to include it from source files, not
headers. We had a mix of both. Let's try to be consistent and follow the
recommended way.

macOS' built in VNC server unfortunately sends the entire monitor in a
single rect, so we need to be prepared to buffer a lot of data in case
the monitor has a large resolution.

Gives us a more meaningful error rather than just "Error in push/pull
function".

Having this early check means that we somewhat randomly get different
exception behaviours on errors in deeper layers as some exceptions are
allowed to propagate unhindered and some are not (since they are thrown
in the pull function).

Give GnuTLS the correct errno from deeper layers, in the cases where we
know it. In most cases GnuTLS doesn't care, but just in case...

This reverts commit d6e39658ae. Apparently
this is broken on macOS so it's not something we can make use of.

TCP_CORK is a Linux thing and BSD has TCP_NOPUSH instead.

We didn't include the proper headers to get the correct define, so
corking was never enabled.

If using SSecurityPlain and the user specifies an empty username
and password, it will invoke InStream::checkNoWait(0) which will
cause a division by zero when calculating the number of available
items.

Enhance InStream::check() to behave properly when asked for
zero items, or zero sized items.

Add comments to InStream::check(), InStream::checkNoWait(),
and InStream::readBytes() to document expected behaviour
when requested to check or read zero items, or an item with
zero size.

Major restructuring of how streams work. Neither input nor output
streams are now blocking. This avoids stalling the rest of the client or
server when a peer is slow or unresponsive.

Note that this puts an extra burden on users of streams to make sure
they are allowed to do their work once the underlying transports are
ready (e.g. monitoring fds).

These are not universal in the protocol so having functions for them
only obfuscates things.

Now measures over an entire update, which should hopefully give us more
stable values. They are still small values for fast networks though so
increase precision in the values we keep.

Provide some safety checks when directly accessing the underlying
pointer of streams.

External callers don't need to know the exact details, only if there is
data that needs to be flushed or not.

This allows us to handle peaks in input and output streams gracefully
without having to block processing.

The principle can be used in a more general fashion than just TCP
streams.

Just have a simply number of bytes argument to avoid a lot of
complexity.

Most streams are backed by a memory buffer. Create common base classes
for this functionality to avoid code duplication.

Makes it more readable to write code that needs to know how much
data/space is available in a stream.

It might leak data depending on what's in the buffer. Use pad() instead
where blank space is needed.

They were accidentally left unused in fbad8a9 so they haven't been used
in some time.

Created a new subclass of Exception called GAIException() that will
handle error messages from getaddrinfo() instead of letting Exception()
handle it. GAIException() will make use of gai_strerror() to map the
error code to text. On Windows, gai_strerrorW() must be used if the text
is encoded with UTF-8.

The previous error messages did not support Unicode characters. This
commit will use UTF-8 encoding to be able to display error messages in
every language.

There are multiple "okay" return values, not just Z_OK. Make sure we
don't bail out needlessly.

There might be more bytes left in the current TLS record, even if
there is nothing on the underlying stream. Make sure we properly
return this when we aren't being requested to block.

We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.

This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

Provides safety against them accidentally becoming negative because
of bugs in the calculations.

Also does the same to CharArray and friends as they were strongly
connection to the stream objects.

Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab

Applets don't work anymore so remove everything that has to do
with serving them.

We already assume sockets here since we use select().

Include the type of exception in the string generated by each
subclass. Also simplify the constructs to what is needed.

fread() returns size_t, which is unsigned. Don't check
for negative values to avoid warnings from Clang.

/home/shade/dev/tigervnc/common/rdr/FileInStream.cxx:74:13: error: comparison of unsigned expression < 0 is always false [-Werror,-Wtautological-compare]
      if (n < 0 || ferror(file))
          ~ ^ ~