| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Some code points are reserved for the UTF-16 coding itself and must not
appear as input data to the algorithm.
|
| |
|
|
| |
Signed bug prevented anything not ASCII from being coded correctly.
|
| |
|
|
|
| |
Everything outside of BMP was handled incorrectly and was coded as
completely different code points.
|
| |
|
|
|
|
|
|
| |
This would mess up most conversions from UTF-8 as the caller wouldn't
know how far to step to get to the next valid character, resulting in
markers for invalid data to be injected here and there.
Also add some unit tests to avoid this reoccurring.
|
| |
|
|
|
| |
It is now dynamically generated, so it will be in the build directory
and not in the source directory.
|
| |\ |
|
| | | |
|
| |\ \
| |/
|/| |
|
| | | |
|
| | |
| |
| |
| | |
Refer @CMAKE_INSTALL_FULL_SYSCONF@ instead.
|
| |/
|
|
|
|
| |
This is needed by vncserver which doesn't know which parameters are
boolean, and it cannot use the -Param=Value form as that isn't tolerated
by the Xorg code.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Like the native viewer, the Java viewer didn't store certificate
exceptions properly. Whilst not as bad as the native viewer, it still
failed to check that a stored certificate wouldn't be maliciously used
for another server. In practice this can in most cases be used to
impersonate another server.
Handle this like the native viewer by storing exceptions for a specific
hostname/certificate combination.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous method stored the certificates as authorities, meaning that
the owner of that certificate could impersonate any server it wanted
after a client had added an exception.
Handle this more properly by only storing exceptions for specific
hostname/certificate combinations, the same way browsers or SSH does
things.
|
| | |
| |
| |
| |
| | |
Not sure why this got in there, but it is incorrect as it results in
creating files with too liberal permissions.
|
| | | |
|
| | |
| |
| |
| | |
For some reason it got generated at an incorrect 20x20 size last time.
|
| | |
| |
| |
| |
| | |
It should be using the safe wrappers for everything so make sure it
cannot bypass those and call the SConnection methods directly.
|
| | |
| |
| |
| |
| |
| |
| | |
We incorrectly called the underlying functions instead of the safe
wrappers for the new clipboard functions. This had the effect of a)
crashing the entire server if one of these functions failed, and b) not
respecting the settings disabling the clipboard.
|
| | | |
|
| | | |
|
| |\ \
| | |
| | |
| | | |
https://github.com/MarkMielke/tigervnc
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
64x64 changed block can be large for fine changes such as cursor
movement and typing in terminal windows, or an update to a clock.
If the block can be efficiently cropped, this will reduce latency
and bandwidth. Every pixel cropped is a pixel less to analyze, encode,
transmit, and decode.
The previous code already detected the top of the change in order
to determine if the block had changed. However, it did not use
this information to reduce the size of the change rectangle, nor
did it calculate any of the other edges.
The new code introduces detection of the other edges, and uses
the information to build a reduced area change rectangle. This
has the additional effect of reducing the number of discrete pixel
values in the change block which may allow a more efficient
encoding algorithm to be selected.
As this section of code is performance sensitive, the method
of detecting the edges has been optimized to quickly fall back
to pessimistic values as soon as a single comparison fails on
each edge. In the case that full 64x64 block are changing,
there will be three extra comparisons per block.
In cases where the change rectangle can be reduced from 64x64,
the reduced size of the change rectangle represents reduced
effort to encode, transfer, and decode the contained pixels.
In the case of images with high frequency changes, which
specifically includes text, the lossy JPEG encoding can be
highly distorted, especially with JPEG level 6 or less. The
quick flash from a distorted JPEG to a lossless JPEG can
appear as a flickering to some people. This effect was more
obvious when the surrounding area is not expected to change,
but is being distorted anyways due to being part of the 64x64
blocking algorithm.
In the case of a user typing in a terminal window, this change
may commonly reduce the number of pixels updated with every
character typed from 4096 pixels (64x64) to 640 pixels (32x20)
or less.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This line affects every command run by the user, unlike everything else
in our policy which is just for vncserver/vncsession. It's easy to miss
this so add a comment pointing it out.
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow vnc session labeled with SELinux vnc_session_t domain to create
directory in user homedir ~/.vnc labeled with SELinux label xdm_home_t.
Because also process vncpasswd creates ~/.vnc directory, file transition that
userdomain attribute SELinux domain (label for the process) can create the
directory with the same label needs to be added.
userdomain attribute contains following SELinux types:
auditadm_t
dbadm_t
guest_t
logadm_t
secadm_t
staff_t
staff_wine_t
sysadm_t
unconfined_t
user_t
user_wine_t
webadm_t
xguest_t
Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | | |
https://github.com/MarkMielke/tigervnc
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the X server is not shut down cleanly, it can leave UNIX domain
sockets around that "vncserver" has previously mis-identified as
evidence that the display number is still in use.
Instead of checking for existence of /tmp/.X11-unix/X<n>, the code
will now attempt to connect to the socket to confirm that there is a
server process listening on this UNIX domain socket. This will
eliminate false positives in the case the UNIX domain socket still
exists but is not associated with a listening Xorg server. The Xorg
server does not have a problem with fixing this file when it next
starts up. It is only important to avoid using the port if it is still
in use.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The display check and related setup code was complex due to
compatibility with Perl 4. This included different ways of obtaining
system constants and building system data structures. Perl 5 provides
direct constants and utility methods to abstract this out of the
vncserver code.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the X server is not shut down cleanly, it may leave lock files
around that "vncserver" has previously mis-identified as evidence that
the display number is still in use.
Instead of checking for existence of /tmp/.X<n>-lock, the code will
now extract the PID from the lock file and confirm that a process
exists with the same PID. This will eliminate false positives in the
case that this file references a PID that no longer exists. The Xorg
server does not have a problem with fixing this file when it next
starts up. It is only important to avoid using the port if it is still
in use.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The display check had duplicate code to first check if the X11 port is
not in use, and then check that the RFB port is not in use. Eliminate
the duplicate code by using a for-loop.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Several calculated values such as file paths and port numbers were
hard coded within strings or expressions, sometimes multiple
times. These values should be extracted into named variables to
improve self-documentation and avoid accidental divergence.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Checking for the existence of `/tmp/.X<n>-lock` is a fast read-only
operation, while calls to bind() or connect() are more expensive and
may have side effects. Perform the fast operation first.
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
The check for existence of `/usr/spool/sockets/X11/<n>` has been
removed. This file is only relevant on HP-UX, and TigerVNC dropped
support for HP-UX in commit 31e5aa3.
|
| | | |
| | |
| | |
| | |
| | | |
We handled this in the failure scenario, but not in the vastly more
common successful case.
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
If InnoSetup is run on a case sensitive system then the configuration
files must match what the file is actually called.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
It doesn't work very well so it shouldn't be included by default.
|
| | | | |
| | | |
| | | |
| | | | |
It uses bash-isms so a POSIX shell will not work correctly.
|
| | | | |
| | | |
| | | |
| | | | |
It's just confusing when this is split over two directories.
|
| | | | |
| | | |
| | | |
| | | | |
Don't just build things, also test the various packaging.
|
| | | | |
| | | |
| | | |
| | | | |
java problem that no longer seems necessary
|
| |\ \ \ \
| |_|/ /
|/| | | |
EL 7 tigervnc.spec updates
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add missing build requirements: libpng-devel, zlib-devel
Remove obsolete build requirements: libXfont-devel
Fix unexpected rpm macro expansion `%{VERSION}` which is supposed
to be passed through as literal to `rpm -q --qf`. This hasn't
caused problems before, but it was found to cause problems when
built from EL 8 when it expanded to "1.10.1".
|
| |\ \ \ |
|
| | |/ / |
|
| |\ \ \
| |/ /
|/| |
| | | |
https://github.com/MarkMielke/tigervnc
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If using SSecurityPlain and the user specifies an empty username
and password, it will invoke InStream::checkNoWait(0) which will
cause a division by zero when calculating the number of available
items.
Enhance InStream::check() to behave properly when asked for
zero items, or zero sized items.
Add comments to InStream::check(), InStream::checkNoWait(),
and InStream::readBytes() to document expected behaviour
when requested to check or read zero items, or an item with
zero size.
|
| |\ \ \ |
|
