Hello community, here is the log from the commit of package tigervnc for openSUSE:Factory checked in at 2019-03-26 22:30:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tigervnc (Old) and /work/SRC/openSUSE:Factory/.tigervnc.new.25356 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tigervnc" Tue Mar 26 22:30:17 2019 rev:58 rq:688637 version:1.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tigervnc/tigervnc.changes 2019-02-08 12:07:30.121602088 +0100 +++ /work/SRC/openSUSE:Factory/.tigervnc.new.25356/tigervnc.changes 2019-03-26 22:30:19.869736065 +0100 @@ -1,0 +2,28 @@ +Tue Mar 26 08:22:53 UTC 2019 - Yifan Jiang <[email protected]> + +- Update with-vnc-key.sh to use only hostname for CN. + + The gnutls introduces gnutls_x509_crt_check_hostname2 in + gnutls/lib/x509/hostname-verify.c#L159 to check if the given + certificate's subject matches the given hostname. + + The function is used by the recent version of libvncclient which + will fail to verify the certification if there is a mismatching + between the connected hostname and the cert issuer's common name. + + https://github.com/LibVNC/libvncserver/commit/cc69ee9 + + So the previous way to generate the vnc server's cert brings a + complicated CN, making the client using libvncclient + (e.g. vinagre, remmina) hard to adapt the hostname check. It is + better to populate the hostname as the common name without extra + strings. + +------------------------------------------------------------------- +Thu Mar 21 09:16:51 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Change Requires(post): firewall-macros to BuildRequires: the + macros are expanded at build time and not needed at all at + runtime. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tigervnc.spec ++++++ --- /var/tmp/diff_new_pack.Q0imM5/_old 2019-03-26 22:30:21.577735653 +0100 +++ /var/tmp/diff_new_pack.Q0imM5/_new 2019-03-26 22:30:21.581735653 +0100 @@ -153,7 +153,7 @@ Requires(post): /bin/awk Requires(post): systemd %if %{use_firewalld} -Requires(post): firewall-macros +BuildRequires: firewall-macros %endif # Needed to generate certificates Requires: windowmanager ++++++ with-vnc-key.sh ++++++ --- /var/tmp/diff_new_pack.Q0imM5/_old 2019-03-26 22:30:21.801735599 +0100 +++ /var/tmp/diff_new_pack.Q0imM5/_new 2019-03-26 22:30:21.805735598 +0100 @@ -25,7 +25,7 @@ # If the cert file doesn't exist, generate it. if ! test -e $TLSCERT ; then # Keeping it short, because hostname could be long and max CN is 64 characters - CN="VNC service on `hostname`" + CN="`hostname`" CN=${CN:0:64} openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/" chown vnc:vnc $TLSCERT
