if anyone who's using tigervnc would like to give the update a spin,
here's a diff. (needs up-to-date -current to apply).

more bits using PAM funcions crept in (upstream seem to basically assume
that it's available on a unix-like system and don't guard against its
presence in the unix part of the tree) so I've given in and added the
dep, there are some other issues with nettle-related code so I haven't
enabled that.



Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/tigervnc/Makefile,v
diff -u -p -r1.33 Makefile
--- Makefile    6 Jul 2026 09:30:10 -0000       1.33
+++ Makefile    6 Jul 2026 15:27:18 -0000
@@ -2,8 +2,7 @@ COMMENT=        high performance, multi-platfor
 
 GH_ACCOUNT=    TigerVNC
 GH_PROJECT=    tigervnc
-GH_TAGNAME=    v1.15.0
-REVISION=      2
+GH_TAGNAME=    v1.16.2
 
 XORG_V=                21.1.23
 
@@ -26,7 +25,7 @@ WANTLIB += GL ICE SM X11 Xau Xcursor Xda
 WANTLIB += Xfont2 Xft Xi Xinerama Xrandr Xrender Xtst avcodec
 WANTLIB += avutil c fltk fltk_images
 WANTLIB += fontconfig fontenc freetype gmp gnutls hogweed
-WANTLIB += iconv idn2 intl jpeg kvm m nettle p11-kit
+WANTLIB += iconv idn2 intl jpeg kvm m nettle p11-kit pam
 WANTLIB += pixman-1 swscale tasn1 unistring xcvt xshmfence z
 
 SITES.x=       https://www.x.org/releases/individual/xserver/
@@ -51,10 +50,9 @@ CONFIGURE_ARGS=      -DMAN_DIR="${TRUEPREFIX}
                -DDOC_DIR="${TRUEPREFIX}/share/doc/tigervnc" \
                
-DCMAKE_INSTALL_FULL_SYSCONFDIR="${TRUEPREFIX}/share/examples/tigervnc" \
                -DINSTALL_SYSTEMD_UNITS=OFF \
-               -DENABLE_PWQUALITY=OFF
-# ld: error: undefined symbol: vtable for rfb::UnixPasswordValidator
-# might need something more to enable nettle (sha/aes support) while pam is 
disabled?
-CONFIGURE_ARGS+= -DENABLE_NETTLE=OFF
+               -DENABLE_NETTLE=OFF \
+               -DENABLE_PWQUALITY=OFF \
+               -DENABLE_WAYLAND=OFF
 CFLAGS+=       -I${LOCALBASE}/include -I${X11BASE}/include
 CXXFLAGS+=     -I${LOCALBASE}/include -I${X11BASE}/include
 NO_TEST=       Yes
@@ -64,6 +62,7 @@ BUILD_DEPENDS=        devel/gettext,-tools
 LIB_DEPENDS=   devel/gettext,-runtime \
                graphics/ffmpeg \
                security/gnutls \
+               security/openpam \
                x11/fltk
 RUN_DEPENDS=   devel/desktop-file-utils \
                x11/gtk+4,-guic
Index: distinfo
===================================================================
RCS file: /cvs/ports/x11/tigervnc/distinfo,v
diff -u -p -r1.16 distinfo
--- distinfo    6 Jul 2026 09:30:10 -0000       1.16
+++ distinfo    6 Jul 2026 15:27:18 -0000
@@ -1,8 +1,8 @@
-SHA256 (tigervnc-1.15.0.tar.gz) = fyMZBoAeifCaIS6GcB898XIuNnZ9YFWk5hk5BXBUhTc=
+SHA256 (tigervnc-1.16.2.tar.gz) = sQfAyLipYllCgWkDZsJBhulcLqShaay8AHaqYu0B9Gc=
 SHA256 (tigervnc-vncserver-1.10.1.man) = 
SYPtbv1V+i4qPDYNS7s5yfcD77b6Kc5PbY/TRZmb6O0=
 SHA256 (tigervnc-vncserver-1.10.1.pl) = 
QKXeRAhhWcwN8+2dSH1x48qj5JPVNafgdhuNRZG7WuM=
 SHA256 (xorg-server-21.1.23.tar.xz) = 
45gy5WF9ra8HL9+fDhnl0uHCoTYHrCgLrBq6n4/hRjQ=
-SIZE (tigervnc-1.15.0.tar.gz) = 2126369
+SIZE (tigervnc-1.16.2.tar.gz) = 2222162
 SIZE (tigervnc-vncserver-1.10.1.man) = 7844
 SIZE (tigervnc-vncserver-1.10.1.pl) = 24313
 SIZE (xorg-server-21.1.23.tar.xz) = 5069780
Index: patches/patch-CMakeLists_txt
===================================================================
RCS file: /cvs/ports/x11/tigervnc/patches/patch-CMakeLists_txt,v
diff -u -p -r1.7 patch-CMakeLists_txt
--- patches/patch-CMakeLists_txt        14 Sep 2025 15:48:36 -0000      1.7
+++ patches/patch-CMakeLists_txt        6 Jul 2026 15:27:18 -0000
@@ -1,30 +1,21 @@
 Index: CMakeLists.txt
 --- CMakeLists.txt.orig
 +++ CMakeLists.txt
-@@ -341,7 +341,7 @@ if (ENABLE_NETTLE)
- endif()
- 
- # Check for PAM library
--if(UNIX AND NOT APPLE)
-+if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-   check_include_files(security/pam_appl.h HAVE_PAM_H)
-   set(CMAKE_REQUIRED_LIBRARIES -lpam)
-   check_function_exists(pam_start HAVE_PAM_START)
-@@ -354,7 +354,7 @@ if(UNIX AND NOT APPLE)
+@@ -346,7 +346,7 @@ if(UNIX AND NOT APPLE)
  endif()
  
  # Check for SELinux library
 -if(UNIX AND NOT APPLE)
 +if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-   check_include_files(selinux/selinux.h HAVE_SELINUX_H)
-   if(HAVE_SELINUX_H)
-     set(CMAKE_REQUIRED_LIBRARIES -lselinux)
-@@ -367,7 +367,7 @@ if(UNIX AND NOT APPLE)
+   trioption(ENABLE_SELINUX "Enable SELinux support")
+   if(ENABLE_SELINUX)
+     if(ENABLE_SELINUX STREQUAL "AUTO")
+@@ -361,7 +361,7 @@ if(UNIX AND NOT APPLE)
  endif()
  
  # check for systemd support (socket activation)
 -if(UNIX AND NOT APPLE)
 +if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-   find_package(PkgConfig)
-   if (PKG_CONFIG_FOUND)
-     pkg_check_modules(LIBSYSTEMD libsystemd)
+   trioption(ENABLE_SYSTEMD "Enable systemd support")
+   if(ENABLE_SYSTEMD)
+     if(ENABLE_SYSTEMD STREQUAL "AUTO")
Index: patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake
===================================================================
RCS file: 
/cvs/ports/x11/tigervnc/patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake,v
diff -u -p -r1.1 patch-cmake_Modules_CMakeMacroLibtoolFile_cmake
--- patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake     15 Oct 2024 
16:52:12 -0000      1.1
+++ patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake     6 Jul 2026 
15:27:18 -0000
@@ -1,17 +1,16 @@
-blargh.
+strip off the directory name from library, to avoid issues finding libs
+with a full path (seen with e.g. /usr/X11R6/lib/libpixman-1.so.46.4)
 
 Index: cmake/Modules/CMakeMacroLibtoolFile.cmake
 --- cmake/Modules/CMakeMacroLibtoolFile.cmake.orig
 +++ cmake/Modules/CMakeMacroLibtoolFile.cmake
-@@ -112,6 +112,11 @@ function(libtool_generate_control_file _target)
+@@ -110,7 +110,8 @@ function(libtool_generate_control_file _target)
+           endif()
+ 
            if(NOT FL)
-             find_library(FL ${library} PATHS ${LIBRARY_PATHS})
+-            find_library(FL ${library} PATHS ${LIBRARY_PATHS})
++            get_filename_component(_lib_name ${library} NAME)
++            find_library(FL ${_lib_name} PATHS ${LIBRARY_PATHS})
            endif()
-+          if(NOT FL)
-+            string(REPLACE "/usr/lib/" "" library ${library})
-+            string(REPLACE "/usr/local/lib/" "" library ${library})
-+            find_library(FL ${library} PATHS ${LIBRARY_PATHS})
-+          endif()
  
            if(FL)
-             # Found library. Depending on if it's static or not we might
Index: patches/patch-cmake_Modules_FindXkbcommon_cmake
===================================================================
RCS file: patches/patch-cmake_Modules_FindXkbcommon_cmake
diff -N patches/patch-cmake_Modules_FindXkbcommon_cmake
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-cmake_Modules_FindXkbcommon_cmake     6 Jul 2026 15:27:18 
-0000
@@ -0,0 +1,12 @@
+Index: cmake/Modules/FindXkbcommon.cmake
+--- cmake/Modules/FindXkbcommon.cmake.orig
++++ cmake/Modules/FindXkbcommon.cmake
+@@ -14,7 +14,7 @@ This module will set the following variables if found:
+ #]=======================================================================]
+ 
+ 
+-find_package(Pkgconfig QUIET)
++find_package(PkgConfig QUIET)
+ if(PKG_CONFIG_FOUND)
+   pkg_check_modules(PC_Xkbcommon QUIET xkbcommon)
+ endif()
Index: patches/patch-common_rfb_CMakeLists_txt
===================================================================
RCS file: patches/patch-common_rfb_CMakeLists_txt
diff -N patches/patch-common_rfb_CMakeLists_txt
--- patches/patch-common_rfb_CMakeLists_txt     14 Sep 2025 15:48:36 -0000      
1.5
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-Index: common/rfb/CMakeLists.txt
---- common/rfb/CMakeLists.txt.orig
-+++ common/rfb/CMakeLists.txt
-@@ -91,7 +91,7 @@ if(WIN32)
-   target_sources(rfb PRIVATE WinPasswdValidator.cxx)
- endif(WIN32)
- 
--if(UNIX AND NOT APPLE)
-+if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-   target_sources(rfb PRIVATE UnixPasswordValidator.cxx pam.c)
-   target_link_libraries(rfb ${PAM_LIBS})
- endif()
Index: patches/patch-common_rfb_SSecurityPlain_cxx
===================================================================
RCS file: /cvs/ports/x11/tigervnc/patches/patch-common_rfb_SSecurityPlain_cxx,v
diff -u -p -r1.5 patch-common_rfb_SSecurityPlain_cxx
--- patches/patch-common_rfb_SSecurityPlain_cxx 14 Sep 2025 15:48:36 -0000      
1.5
+++ patches/patch-common_rfb_SSecurityPlain_cxx 6 Jul 2026 15:27:18 -0000
@@ -1,22 +1,22 @@
 Index: common/rfb/SSecurityPlain.cxx
 --- common/rfb/SSecurityPlain.cxx.orig
 +++ common/rfb/SSecurityPlain.cxx
-@@ -26,7 +26,7 @@
+@@ -28,7 +28,7 @@
+ #include <rfb/SConnection.h>
  #include <rfb/Exception.h>
- #include <rfb/util.h>
  #include <rdr/InStream.h>
 -#if !defined(WIN32) && !defined(__APPLE__)
 +#if !defined(WIN32) && !defined(__APPLE__) && !defined(__OpenBSD__)
  #include <rfb/UnixPasswordValidator.h>
  #include <unistd.h>
  #include <pwd.h>
-@@ -55,7 +55,7 @@ bool PasswordValidator::validUser(const char* username
-   for (size_t i = 0; i < users.size(); i++) {
-     if (users[i] == "*")
+@@ -53,7 +53,7 @@ bool PasswordValidator::validUser(const char* username
+   for (const char* user : plainUsers) {
+     if (strcmp(user, "*") == 0)
        return true;
 -#if !defined(WIN32) && !defined(__APPLE__)
 +#if !defined(WIN32) && !defined(__APPLE__) && !defined(__OpenBSD__)
-     if (users[i] == "%u") {
+     if (strcmp(user, "%u") == 0) {
        struct passwd *pw = getpwnam(username);
        if (pw && pw->pw_uid == getuid())
 @@ -72,7 +72,7 @@ SSecurityPlain::SSecurityPlain(SConnection* sc_) : SSe
Index: patches/patch-unix_vncserver_CMakeLists_txt
===================================================================
RCS file: /cvs/ports/x11/tigervnc/patches/patch-unix_vncserver_CMakeLists_txt,v
diff -u -p -r1.4 patch-unix_vncserver_CMakeLists_txt
--- patches/patch-unix_vncserver_CMakeLists_txt 8 Feb 2023 19:44:34 -0000       
1.4
+++ patches/patch-unix_vncserver_CMakeLists_txt 6 Jul 2026 15:27:18 -0000
@@ -6,9 +6,9 @@ Index: unix/vncserver/CMakeLists.txt
 @@ -1,3 +1,4 @@
 +if(HAVE_PAM_H)
  add_executable(vncsession vncsession.c)
- target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
- 
-@@ -14,6 +15,7 @@ install(FILES vncserver.man DESTINATION ${CMAKE_INSTAL
+ target_include_directories(vncsession SYSTEM PRIVATE ${PAM_INCLUDE_DIRS})
+ target_include_directories(vncsession SYSTEM PRIVATE ${SELINUX_INCLUDE_DIRS})
+@@ -17,6 +18,7 @@ install(FILES vncserver.man DESTINATION ${CMAKE_INSTAL
  install(FILES vncserver-config-defaults vncserver-config-mandatory 
DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/tigervnc)
  
  install(FILES vncserver.users DESTINATION 
${CMAKE_INSTALL_FULL_SYSCONFDIR}/tigervnc)
Index: patches/patch-unix_x0vncserver_Image_cxx
===================================================================
RCS file: patches/patch-unix_x0vncserver_Image_cxx
diff -N patches/patch-unix_x0vncserver_Image_cxx
--- patches/patch-unix_x0vncserver_Image_cxx    28 Mar 2026 12:34:09 -0000      
1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,23 +0,0 @@
-From a3fbb54278ebe91bf573f44b32d64e78a33a4828 Mon Sep 17 00:00:00 2001
-From: Pierre Ossman <[email protected]>
-Date: Tue, 24 Mar 2026 09:52:01 +0100
-Subject: [PATCH] Prevent other users reading x0vncserver screen
-
-Prevent other users from observing the screen, or modifying what is sent
-to the client. Malicious attackers can even crash x0vncserver if they
-time the modifications right.
-
-(cherry picked from commit 0b5cab169d847789efa54459a87659d3fd484393)
-
-Index: unix/x0vncserver/Image.cxx
---- unix/x0vncserver/Image.cxx.orig
-+++ unix/x0vncserver/Image.cxx
-@@ -268,7 +268,7 @@ void ShmImage::Init(int width, int height, const XVisu
- 
-   shminfo->shmid = shmget(IPC_PRIVATE,
-                           xim->bytes_per_line * xim->height,
--                          IPC_CREAT|0777);
-+                          IPC_CREAT|0600);
-   if (shminfo->shmid == -1) {
-     perror("shmget");
-     vlog.error("shmget() failed (%d bytes requested)",
Index: patches/patch-unix_xserver_hw_vnc_Makefile_am
===================================================================
RCS file: 
/cvs/ports/x11/tigervnc/patches/patch-unix_xserver_hw_vnc_Makefile_am,v
diff -u -p -r1.7 patch-unix_xserver_hw_vnc_Makefile_am
--- patches/patch-unix_xserver_hw_vnc_Makefile_am       14 Sep 2025 15:48:36 
-0000      1.7
+++ patches/patch-unix_xserver_hw_vnc_Makefile_am       6 Jul 2026 15:27:18 
-0000
@@ -1,7 +1,7 @@
 Index: unix/xserver/hw/vnc/Makefile.am
 --- unix/xserver/hw/vnc/Makefile.am.orig
 +++ unix/xserver/hw/vnc/Makefile.am
-@@ -60,7 +60,7 @@ Xvnc_LDADD = \
+@@ -57,7 +57,7 @@ Xvnc_LDADD = \
        $(LOCAL_LIBS) \
        $(XSERVER_SYS_LIBS) \
        $(XVNC_SYS_LIBS) \
Index: patches/patch-unix_xserver_hw_vnc_vncHooks_c
===================================================================
RCS file: patches/patch-unix_xserver_hw_vnc_vncHooks_c
diff -N patches/patch-unix_xserver_hw_vnc_vncHooks_c
--- patches/patch-unix_xserver_hw_vnc_vncHooks_c        28 Mar 2026 12:34:09 
-0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,29 +0,0 @@
-From 87612b64652152ca19d568eb6b8770d067730da3 Mon Sep 17 00:00:00 2001
-From: Pierre Ossman <[email protected]>
-Date: Thu, 26 Mar 2026 10:10:12 +0100
-Subject: [PATCH] Use locks to avoid races with input thread
-
-Taken from how Xorg deals with hooking these functions. Without it we
-can get corruption of the sprite functions struct.
-
-(cherry picked from commit 3bc1cf73ea96082929232797e98823fa3e5ed4ed)
-
-Index: unix/xserver/hw/vnc/vncHooks.c
---- unix/xserver/hw/vnc/vncHooks.c.orig
-+++ unix/xserver/hw/vnc/vncHooks.c
-@@ -1144,6 +1144,7 @@ static Bool vncHooksRandRCrtcSet(ScreenPtr pScreen, RR
- // Unwrap and rewrap helpers
- 
- #define SPRITE_PROLOGUE(field)                                            \
-+  input_lock();                                                           \
-   miPointerScreenPtr miPointerPriv =                                      \
-     dixLookupPrivate(&screen->devPrivates, miPointerScreenKey);           \
-   vncHooksScreenPtr vncHooksScreen = vncHooksScreenPrivate(screen);       \
-@@ -1152,6 +1153,7 @@ static Bool vncHooksRandRCrtcSet(ScreenPtr pScreen, RR
- 
- #define SPRITE_EPILOGUE(field)                                            \
-   wrap(vncHooksScreen, miPointerPriv, spriteFuncs, &vncHooksSpriteFuncs); \
-+  input_unlock();
- 
- static Bool vncHooksRealizeCursor(DeviceIntPtr dev, ScreenPtr screen,
-                                   CursorPtr cursor)
Index: patches/patch-unix_xserver_hw_vnc_xvnc_c
===================================================================
RCS file: patches/patch-unix_xserver_hw_vnc_xvnc_c
diff -N patches/patch-unix_xserver_hw_vnc_xvnc_c
--- patches/patch-unix_xserver_hw_vnc_xvnc_c    6 Jul 2026 09:30:10 -0000       
1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,46 +0,0 @@
-From 1f1aaca09a1f9919f5169caea9c396b14c2af765 Mon Sep 17 00:00:00 2001
-From: Pierre Ossman <[email protected]>
-Date: Tue, 8 Apr 2025 14:41:04 +0200
-Subject: [PATCH] Don't print Xvnc banner before parsing args
-
-If we'll be running in inetd mode, then stdout and stderr will be a
-client socket and not an appropriate place for logging.
-
-Mimic what Xorg does instead.
----
- unix/xserver/hw/vnc/xvnc.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-Index: unix/xserver/hw/vnc/xvnc.c
---- unix/xserver/hw/vnc/xvnc.c.orig
-+++ unix/xserver/hw/vnc/xvnc.c
-@@ -442,7 +442,7 @@ ddxProcessArgument(int argc, char *argv[], int i)
-     }
- 
-     if (!strcmp(argv[i], "-showconfig") || !strcmp(argv[i], "-version")) {
--        /* Already shown at start */
-+        vncPrintBanner();
-         exit(0);
-     }
- 
-@@ -1166,8 +1166,11 @@ InitOutput(ScreenInfo * scrInfo, int argc, char **argv
-     int i;
-     int NumFormats = 0;
- 
--    if (serverGeneration == 1)
-+    if (serverGeneration == 1) {
-+        vncPrintBanner();
-+
-         LoadExtensionList(vncExtensions, ARRAY_SIZE(vncExtensions), TRUE);
-+    }
- 
- #if XORG_AT_LEAST(1, 20, 0)
-     xorgGlxCreateVendor();
-@@ -1259,7 +1262,5 @@ vncClientGone(int fd)
- int
- main(int argc, char *argv[], char *envp[])
- {
--    vncPrintBanner();
--
-     return dix_main(argc, argv, envp);
- }
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/x11/tigervnc/pkg/PLIST,v
diff -u -p -r1.7 PLIST
--- pkg/PLIST   8 Feb 2023 19:44:34 -0000       1.7
+++ pkg/PLIST   6 Jul 2026 15:27:18 -0000
@@ -26,6 +26,7 @@ share/icons/hicolor/32x32/apps/tigervnc.
 share/icons/hicolor/48x48/apps/tigervnc.png
 share/icons/hicolor/64x64/apps/tigervnc.png
 share/icons/hicolor/scalable/apps/tigervnc.svg
+share/locale/ar/LC_MESSAGES/tigervnc.mo
 share/locale/bg/LC_MESSAGES/tigervnc.mo
 share/locale/cs/LC_MESSAGES/tigervnc.mo
 share/locale/da/LC_MESSAGES/tigervnc.mo

Reply via email to