These checks depend on accessRights being set up, this has only happened
if we have done the QUERYING steps.

Properties should be initialized in order to avoid random values in
case they are used earlier than expected.

Enable this automatically for developers so we increase the chance of
these problems getting caught. There is a risk of overhead though so
keep them disabled for release builds.

Unfortunately this error can be given by GnuTLS even though the
underlying stream still has data available. So stop trusting this value
and keep track of the underlying stream explicitly.

It's a bit field so it's easier to decode in hex.

The browsers allow users to make an exception for expired certificates,
so we should probably also.

Otherwise we can get crashes on NULL dereference. This should only
happen on reverse connections where we don't have a server address.

Ubuntu 20.04
gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
libx264-dev:amd64 2:0.155.2917+git0a84d98-2

[ 11%] Building CXX object common/rfb/CMakeFiles/rfb.dir/H264LibavDecoderContext.cxx.o
tigervnc/common/rfb/H264LibavDecoderContext.cxx: In member function ‘virtual bool rfb::H264LibavDecoderContext::initCodec()’:
tigervnc/common/rfb/H264LibavDecoderContext.cxx:50:40: error: invalid conversion from ‘const AVCodec*’ to ‘AVCodec*’ [-fpermissive]
   50 |   AVCodec *codec = avcodec_find_decoder(AV_CODEC_ID_H264);
      |                    ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
      |                                        |
      |                                        const AVCodec*
make[2]: *** [common/rfb/CMakeFiles/rfb.dir/build.make:895: common/rfb/CMakeFiles/rfb.dir/H264LibavDecoderContext.cxx.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:597: common/rfb/CMakeFiles/rfb.dir/all] Error 2
make: *** [Makefile:130: all] Error 2

Avoid duplication, and add logging for some more error conditions so
it's possible to see in the logs why a resize has failed or produced
unexpected results.

Linux implementation using ffmpeg

This is a regression from ad0f061. If a VMware cursor rect was split up
over multiple read()s then the stream would become corrupted as we set
the restore point at the wrong place.

The generally recommended way is to include it from source files, not
headers. We had a mix of both. Let's try to be consistent and follow the
recommended way.

Can be helpful to see what encodings were actually used during a
connection, and how they performed.

macOS' built in VNC server unfortunately sends the entire monitor in a
single rect, so we need to be prepared to buffer a lot of data in case
the monitor has a large resolution.

Gives a bit more context where this error happened.

Single CPU machines are extremely rare now, so let's avoid the hassle of
multiple code paths.

The certificates might still be fine using the system trust store, or
the user can make an exception. So let's just log and continue on.

This got very common after 960c7d2 where we now always have a default
value for these settings.

This fixes regression introduced by the extended clipboard extension.
Previously it was possible for the server to hold on to the CLIPBOARD
selection even if another application took ownership of PRIMARY. This is
important to handle the common use case of selecting something in order
to paste over it.

The new request based model doesn't readily support this as we assume
the client has lost its data once we push the new PRIMARY selection to
it. So to handle this we have the maintain a cache of the client's data,
and make sure to fill that cache before we do anything that might cause
the client to lose the data.

The call of gnutls_set_default_priority_append() expects a normal priority
string, which means it must not start with ':'.

Let's avoid making this too complex and force every user to know about
magical functions.

Allows the default value to be dynamically generated in a buffer that is
reused.

Our current architecture doesn't support waiting for a response here, so
don't even try or we'll just get an error.

The session might have died, or failed to initialise properly, so be
prepared for gnutls_bye() to be unable to do its job.

We would leak the security module below the top client VeNCrypt module,
meaning that those modules would not get a chance to shut down
gracefully.

It's perfectly safe to delete NULL pointers, so simplify things by
removing these checks.

Gives us a more meaningful error rather than just "Error in push/pull
function".

Having this early check means that we somewhat randomly get different
exception behaviours on errors in deeper layers as some exceptions are
allowed to propagate unhindered and some are not (since they are thrown
in the pull function).

Give GnuTLS the correct errno from deeper layers, in the cases where we
know it. In most cases GnuTLS doesn't care, but just in case...

CharArray should always be null-terminated. There is a potential
scenario where this all might lead to crash. In Password we call
memset(), passing length of the array we get with strlen(), but
this won't return correct value when the array is not properly
null-terminated.

This change makes it possible for re-synchronizing the remote cursor on
the vncviewer when in fullscreen mode. This is done by locally moving
the cursor position to what the server thinks it should be.

Now SDL games should work!

This change adds support for the VMware Mouse Position
pseudo-encoding[1], which is used to notify VNC clients when X11 clients
call `XWarpPointer()`[2]. This function is called by SDL (and other
similar libraries)  when they detect that the server does not support
native relative motion, like some RFB clients.

With this, RFB clients can choose to adjust the local cursor position
under certain circumstances to match what the server has set. For
instance, if pointer lock has been enabled on the client's machine and
the cursor is not being drawn locally, the local position of the cursor
is irrelevant, so the RFB client can use what the server sends as the
canonical absolute position of the cursor. This ultimately enables the
possibility of games (especially FPS games) to behave how users expect
(if the clients implement the corresponding change).

Part of: #619

1: https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#vmware-cursor-position-pseudo-encoding
2: https://tronche.com/gui/x/xlib/input/XWarpPointer.html
3: https://hg.libsdl.org/SDL/file/28e3b60e2131/src/events/SDL_mouse.c#l804

This reverts commit d6e39658ae. Apparently
this is broken on macOS so it's not something we can make use of.

Some of these were incorrectly calculated so the server or client would
wait too long before proceeding with decoding.

Change all of these to be a more explicit calculation to avoid such
issues in the future.

TCP_CORK is a Linux thing and BSD has TCP_NOPUSH instead.

We didn't include the proper headers to get the correct define, so
corking was never enabled.

We computed a safe area if a client gave us a bogus one, but we didn't
actually use it. Fix this properly and make sure we don't pass on bad
coordinates further.

So the current clipboard state is properly reflected in the desktop
session.

This was out of sync with the client handling for no good reason.