if anyone who's using tigervnc would like to give the update a spin, here's a diff. (needs up-to-date -current to apply).
more bits using PAM funcions crept in (upstream seem to basically assume that it's available on a unix-like system and don't guard against its presence in the unix part of the tree) so I've given in and added the dep, there are some other issues with nettle-related code so I haven't enabled that. Index: Makefile =================================================================== RCS file: /cvs/ports/x11/tigervnc/Makefile,v diff -u -p -r1.33 Makefile --- Makefile 6 Jul 2026 09:30:10 -0000 1.33 +++ Makefile 6 Jul 2026 15:27:18 -0000 @@ -2,8 +2,7 @@ COMMENT= high performance, multi-platfor GH_ACCOUNT= TigerVNC GH_PROJECT= tigervnc -GH_TAGNAME= v1.15.0 -REVISION= 2 +GH_TAGNAME= v1.16.2 XORG_V= 21.1.23 @@ -26,7 +25,7 @@ WANTLIB += GL ICE SM X11 Xau Xcursor Xda WANTLIB += Xfont2 Xft Xi Xinerama Xrandr Xrender Xtst avcodec WANTLIB += avutil c fltk fltk_images WANTLIB += fontconfig fontenc freetype gmp gnutls hogweed -WANTLIB += iconv idn2 intl jpeg kvm m nettle p11-kit +WANTLIB += iconv idn2 intl jpeg kvm m nettle p11-kit pam WANTLIB += pixman-1 swscale tasn1 unistring xcvt xshmfence z SITES.x= https://www.x.org/releases/individual/xserver/ @@ -51,10 +50,9 @@ CONFIGURE_ARGS= -DMAN_DIR="${TRUEPREFIX} -DDOC_DIR="${TRUEPREFIX}/share/doc/tigervnc" \ -DCMAKE_INSTALL_FULL_SYSCONFDIR="${TRUEPREFIX}/share/examples/tigervnc" \ -DINSTALL_SYSTEMD_UNITS=OFF \ - -DENABLE_PWQUALITY=OFF -# ld: error: undefined symbol: vtable for rfb::UnixPasswordValidator -# might need something more to enable nettle (sha/aes support) while pam is disabled? -CONFIGURE_ARGS+= -DENABLE_NETTLE=OFF + -DENABLE_NETTLE=OFF \ + -DENABLE_PWQUALITY=OFF \ + -DENABLE_WAYLAND=OFF CFLAGS+= -I${LOCALBASE}/include -I${X11BASE}/include CXXFLAGS+= -I${LOCALBASE}/include -I${X11BASE}/include NO_TEST= Yes @@ -64,6 +62,7 @@ BUILD_DEPENDS= devel/gettext,-tools LIB_DEPENDS= devel/gettext,-runtime \ graphics/ffmpeg \ security/gnutls \ + security/openpam \ x11/fltk RUN_DEPENDS= devel/desktop-file-utils \ x11/gtk+4,-guic Index: distinfo =================================================================== RCS file: /cvs/ports/x11/tigervnc/distinfo,v diff -u -p -r1.16 distinfo --- distinfo 6 Jul 2026 09:30:10 -0000 1.16 +++ distinfo 6 Jul 2026 15:27:18 -0000 @@ -1,8 +1,8 @@ -SHA256 (tigervnc-1.15.0.tar.gz) = fyMZBoAeifCaIS6GcB898XIuNnZ9YFWk5hk5BXBUhTc= +SHA256 (tigervnc-1.16.2.tar.gz) = sQfAyLipYllCgWkDZsJBhulcLqShaay8AHaqYu0B9Gc= SHA256 (tigervnc-vncserver-1.10.1.man) = SYPtbv1V+i4qPDYNS7s5yfcD77b6Kc5PbY/TRZmb6O0= SHA256 (tigervnc-vncserver-1.10.1.pl) = QKXeRAhhWcwN8+2dSH1x48qj5JPVNafgdhuNRZG7WuM= SHA256 (xorg-server-21.1.23.tar.xz) = 45gy5WF9ra8HL9+fDhnl0uHCoTYHrCgLrBq6n4/hRjQ= -SIZE (tigervnc-1.15.0.tar.gz) = 2126369 +SIZE (tigervnc-1.16.2.tar.gz) = 2222162 SIZE (tigervnc-vncserver-1.10.1.man) = 7844 SIZE (tigervnc-vncserver-1.10.1.pl) = 24313 SIZE (xorg-server-21.1.23.tar.xz) = 5069780 Index: patches/patch-CMakeLists_txt =================================================================== RCS file: /cvs/ports/x11/tigervnc/patches/patch-CMakeLists_txt,v diff -u -p -r1.7 patch-CMakeLists_txt --- patches/patch-CMakeLists_txt 14 Sep 2025 15:48:36 -0000 1.7 +++ patches/patch-CMakeLists_txt 6 Jul 2026 15:27:18 -0000 @@ -1,30 +1,21 @@ Index: CMakeLists.txt --- CMakeLists.txt.orig +++ CMakeLists.txt -@@ -341,7 +341,7 @@ if (ENABLE_NETTLE) - endif() - - # Check for PAM library --if(UNIX AND NOT APPLE) -+if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - check_include_files(security/pam_appl.h HAVE_PAM_H) - set(CMAKE_REQUIRED_LIBRARIES -lpam) - check_function_exists(pam_start HAVE_PAM_START) -@@ -354,7 +354,7 @@ if(UNIX AND NOT APPLE) +@@ -346,7 +346,7 @@ if(UNIX AND NOT APPLE) endif() # Check for SELinux library -if(UNIX AND NOT APPLE) +if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - check_include_files(selinux/selinux.h HAVE_SELINUX_H) - if(HAVE_SELINUX_H) - set(CMAKE_REQUIRED_LIBRARIES -lselinux) -@@ -367,7 +367,7 @@ if(UNIX AND NOT APPLE) + trioption(ENABLE_SELINUX "Enable SELinux support") + if(ENABLE_SELINUX) + if(ENABLE_SELINUX STREQUAL "AUTO") +@@ -361,7 +361,7 @@ if(UNIX AND NOT APPLE) endif() # check for systemd support (socket activation) -if(UNIX AND NOT APPLE) +if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - find_package(PkgConfig) - if (PKG_CONFIG_FOUND) - pkg_check_modules(LIBSYSTEMD libsystemd) + trioption(ENABLE_SYSTEMD "Enable systemd support") + if(ENABLE_SYSTEMD) + if(ENABLE_SYSTEMD STREQUAL "AUTO") Index: patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake =================================================================== RCS file: /cvs/ports/x11/tigervnc/patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake,v diff -u -p -r1.1 patch-cmake_Modules_CMakeMacroLibtoolFile_cmake --- patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake 15 Oct 2024 16:52:12 -0000 1.1 +++ patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake 6 Jul 2026 15:27:18 -0000 @@ -1,17 +1,16 @@ -blargh. +strip off the directory name from library, to avoid issues finding libs +with a full path (seen with e.g. /usr/X11R6/lib/libpixman-1.so.46.4) Index: cmake/Modules/CMakeMacroLibtoolFile.cmake --- cmake/Modules/CMakeMacroLibtoolFile.cmake.orig +++ cmake/Modules/CMakeMacroLibtoolFile.cmake -@@ -112,6 +112,11 @@ function(libtool_generate_control_file _target) +@@ -110,7 +110,8 @@ function(libtool_generate_control_file _target) + endif() + if(NOT FL) - find_library(FL ${library} PATHS ${LIBRARY_PATHS}) +- find_library(FL ${library} PATHS ${LIBRARY_PATHS}) ++ get_filename_component(_lib_name ${library} NAME) ++ find_library(FL ${_lib_name} PATHS ${LIBRARY_PATHS}) endif() -+ if(NOT FL) -+ string(REPLACE "/usr/lib/" "" library ${library}) -+ string(REPLACE "/usr/local/lib/" "" library ${library}) -+ find_library(FL ${library} PATHS ${LIBRARY_PATHS}) -+ endif() if(FL) - # Found library. Depending on if it's static or not we might Index: patches/patch-cmake_Modules_FindXkbcommon_cmake =================================================================== RCS file: patches/patch-cmake_Modules_FindXkbcommon_cmake diff -N patches/patch-cmake_Modules_FindXkbcommon_cmake --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-cmake_Modules_FindXkbcommon_cmake 6 Jul 2026 15:27:18 -0000 @@ -0,0 +1,12 @@ +Index: cmake/Modules/FindXkbcommon.cmake +--- cmake/Modules/FindXkbcommon.cmake.orig ++++ cmake/Modules/FindXkbcommon.cmake +@@ -14,7 +14,7 @@ This module will set the following variables if found: + #]=======================================================================] + + +-find_package(Pkgconfig QUIET) ++find_package(PkgConfig QUIET) + if(PKG_CONFIG_FOUND) + pkg_check_modules(PC_Xkbcommon QUIET xkbcommon) + endif() Index: patches/patch-common_rfb_CMakeLists_txt =================================================================== RCS file: patches/patch-common_rfb_CMakeLists_txt diff -N patches/patch-common_rfb_CMakeLists_txt --- patches/patch-common_rfb_CMakeLists_txt 14 Sep 2025 15:48:36 -0000 1.5 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -Index: common/rfb/CMakeLists.txt ---- common/rfb/CMakeLists.txt.orig -+++ common/rfb/CMakeLists.txt -@@ -91,7 +91,7 @@ if(WIN32) - target_sources(rfb PRIVATE WinPasswdValidator.cxx) - endif(WIN32) - --if(UNIX AND NOT APPLE) -+if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - target_sources(rfb PRIVATE UnixPasswordValidator.cxx pam.c) - target_link_libraries(rfb ${PAM_LIBS}) - endif() Index: patches/patch-common_rfb_SSecurityPlain_cxx =================================================================== RCS file: /cvs/ports/x11/tigervnc/patches/patch-common_rfb_SSecurityPlain_cxx,v diff -u -p -r1.5 patch-common_rfb_SSecurityPlain_cxx --- patches/patch-common_rfb_SSecurityPlain_cxx 14 Sep 2025 15:48:36 -0000 1.5 +++ patches/patch-common_rfb_SSecurityPlain_cxx 6 Jul 2026 15:27:18 -0000 @@ -1,22 +1,22 @@ Index: common/rfb/SSecurityPlain.cxx --- common/rfb/SSecurityPlain.cxx.orig +++ common/rfb/SSecurityPlain.cxx -@@ -26,7 +26,7 @@ +@@ -28,7 +28,7 @@ + #include <rfb/SConnection.h> #include <rfb/Exception.h> - #include <rfb/util.h> #include <rdr/InStream.h> -#if !defined(WIN32) && !defined(__APPLE__) +#if !defined(WIN32) && !defined(__APPLE__) && !defined(__OpenBSD__) #include <rfb/UnixPasswordValidator.h> #include <unistd.h> #include <pwd.h> -@@ -55,7 +55,7 @@ bool PasswordValidator::validUser(const char* username - for (size_t i = 0; i < users.size(); i++) { - if (users[i] == "*") +@@ -53,7 +53,7 @@ bool PasswordValidator::validUser(const char* username + for (const char* user : plainUsers) { + if (strcmp(user, "*") == 0) return true; -#if !defined(WIN32) && !defined(__APPLE__) +#if !defined(WIN32) && !defined(__APPLE__) && !defined(__OpenBSD__) - if (users[i] == "%u") { + if (strcmp(user, "%u") == 0) { struct passwd *pw = getpwnam(username); if (pw && pw->pw_uid == getuid()) @@ -72,7 +72,7 @@ SSecurityPlain::SSecurityPlain(SConnection* sc_) : SSe Index: patches/patch-unix_vncserver_CMakeLists_txt =================================================================== RCS file: /cvs/ports/x11/tigervnc/patches/patch-unix_vncserver_CMakeLists_txt,v diff -u -p -r1.4 patch-unix_vncserver_CMakeLists_txt --- patches/patch-unix_vncserver_CMakeLists_txt 8 Feb 2023 19:44:34 -0000 1.4 +++ patches/patch-unix_vncserver_CMakeLists_txt 6 Jul 2026 15:27:18 -0000 @@ -6,9 +6,9 @@ Index: unix/vncserver/CMakeLists.txt @@ -1,3 +1,4 @@ +if(HAVE_PAM_H) add_executable(vncsession vncsession.c) - target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS}) - -@@ -14,6 +15,7 @@ install(FILES vncserver.man DESTINATION ${CMAKE_INSTAL + target_include_directories(vncsession SYSTEM PRIVATE ${PAM_INCLUDE_DIRS}) + target_include_directories(vncsession SYSTEM PRIVATE ${SELINUX_INCLUDE_DIRS}) +@@ -17,6 +18,7 @@ install(FILES vncserver.man DESTINATION ${CMAKE_INSTAL install(FILES vncserver-config-defaults vncserver-config-mandatory DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/tigervnc) install(FILES vncserver.users DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/tigervnc) Index: patches/patch-unix_x0vncserver_Image_cxx =================================================================== RCS file: patches/patch-unix_x0vncserver_Image_cxx diff -N patches/patch-unix_x0vncserver_Image_cxx --- patches/patch-unix_x0vncserver_Image_cxx 28 Mar 2026 12:34:09 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,23 +0,0 @@ -From a3fbb54278ebe91bf573f44b32d64e78a33a4828 Mon Sep 17 00:00:00 2001 -From: Pierre Ossman <[email protected]> -Date: Tue, 24 Mar 2026 09:52:01 +0100 -Subject: [PATCH] Prevent other users reading x0vncserver screen - -Prevent other users from observing the screen, or modifying what is sent -to the client. Malicious attackers can even crash x0vncserver if they -time the modifications right. - -(cherry picked from commit 0b5cab169d847789efa54459a87659d3fd484393) - -Index: unix/x0vncserver/Image.cxx ---- unix/x0vncserver/Image.cxx.orig -+++ unix/x0vncserver/Image.cxx -@@ -268,7 +268,7 @@ void ShmImage::Init(int width, int height, const XVisu - - shminfo->shmid = shmget(IPC_PRIVATE, - xim->bytes_per_line * xim->height, -- IPC_CREAT|0777); -+ IPC_CREAT|0600); - if (shminfo->shmid == -1) { - perror("shmget"); - vlog.error("shmget() failed (%d bytes requested)", Index: patches/patch-unix_xserver_hw_vnc_Makefile_am =================================================================== RCS file: /cvs/ports/x11/tigervnc/patches/patch-unix_xserver_hw_vnc_Makefile_am,v diff -u -p -r1.7 patch-unix_xserver_hw_vnc_Makefile_am --- patches/patch-unix_xserver_hw_vnc_Makefile_am 14 Sep 2025 15:48:36 -0000 1.7 +++ patches/patch-unix_xserver_hw_vnc_Makefile_am 6 Jul 2026 15:27:18 -0000 @@ -1,7 +1,7 @@ Index: unix/xserver/hw/vnc/Makefile.am --- unix/xserver/hw/vnc/Makefile.am.orig +++ unix/xserver/hw/vnc/Makefile.am -@@ -60,7 +60,7 @@ Xvnc_LDADD = \ +@@ -57,7 +57,7 @@ Xvnc_LDADD = \ $(LOCAL_LIBS) \ $(XSERVER_SYS_LIBS) \ $(XVNC_SYS_LIBS) \ Index: patches/patch-unix_xserver_hw_vnc_vncHooks_c =================================================================== RCS file: patches/patch-unix_xserver_hw_vnc_vncHooks_c diff -N patches/patch-unix_xserver_hw_vnc_vncHooks_c --- patches/patch-unix_xserver_hw_vnc_vncHooks_c 28 Mar 2026 12:34:09 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,29 +0,0 @@ -From 87612b64652152ca19d568eb6b8770d067730da3 Mon Sep 17 00:00:00 2001 -From: Pierre Ossman <[email protected]> -Date: Thu, 26 Mar 2026 10:10:12 +0100 -Subject: [PATCH] Use locks to avoid races with input thread - -Taken from how Xorg deals with hooking these functions. Without it we -can get corruption of the sprite functions struct. - -(cherry picked from commit 3bc1cf73ea96082929232797e98823fa3e5ed4ed) - -Index: unix/xserver/hw/vnc/vncHooks.c ---- unix/xserver/hw/vnc/vncHooks.c.orig -+++ unix/xserver/hw/vnc/vncHooks.c -@@ -1144,6 +1144,7 @@ static Bool vncHooksRandRCrtcSet(ScreenPtr pScreen, RR - // Unwrap and rewrap helpers - - #define SPRITE_PROLOGUE(field) \ -+ input_lock(); \ - miPointerScreenPtr miPointerPriv = \ - dixLookupPrivate(&screen->devPrivates, miPointerScreenKey); \ - vncHooksScreenPtr vncHooksScreen = vncHooksScreenPrivate(screen); \ -@@ -1152,6 +1153,7 @@ static Bool vncHooksRandRCrtcSet(ScreenPtr pScreen, RR - - #define SPRITE_EPILOGUE(field) \ - wrap(vncHooksScreen, miPointerPriv, spriteFuncs, &vncHooksSpriteFuncs); \ -+ input_unlock(); - - static Bool vncHooksRealizeCursor(DeviceIntPtr dev, ScreenPtr screen, - CursorPtr cursor) Index: patches/patch-unix_xserver_hw_vnc_xvnc_c =================================================================== RCS file: patches/patch-unix_xserver_hw_vnc_xvnc_c diff -N patches/patch-unix_xserver_hw_vnc_xvnc_c --- patches/patch-unix_xserver_hw_vnc_xvnc_c 6 Jul 2026 09:30:10 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,46 +0,0 @@ -From 1f1aaca09a1f9919f5169caea9c396b14c2af765 Mon Sep 17 00:00:00 2001 -From: Pierre Ossman <[email protected]> -Date: Tue, 8 Apr 2025 14:41:04 +0200 -Subject: [PATCH] Don't print Xvnc banner before parsing args - -If we'll be running in inetd mode, then stdout and stderr will be a -client socket and not an appropriate place for logging. - -Mimic what Xorg does instead. ---- - unix/xserver/hw/vnc/xvnc.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -Index: unix/xserver/hw/vnc/xvnc.c ---- unix/xserver/hw/vnc/xvnc.c.orig -+++ unix/xserver/hw/vnc/xvnc.c -@@ -442,7 +442,7 @@ ddxProcessArgument(int argc, char *argv[], int i) - } - - if (!strcmp(argv[i], "-showconfig") || !strcmp(argv[i], "-version")) { -- /* Already shown at start */ -+ vncPrintBanner(); - exit(0); - } - -@@ -1166,8 +1166,11 @@ InitOutput(ScreenInfo * scrInfo, int argc, char **argv - int i; - int NumFormats = 0; - -- if (serverGeneration == 1) -+ if (serverGeneration == 1) { -+ vncPrintBanner(); -+ - LoadExtensionList(vncExtensions, ARRAY_SIZE(vncExtensions), TRUE); -+ } - - #if XORG_AT_LEAST(1, 20, 0) - xorgGlxCreateVendor(); -@@ -1259,7 +1262,5 @@ vncClientGone(int fd) - int - main(int argc, char *argv[], char *envp[]) - { -- vncPrintBanner(); -- - return dix_main(argc, argv, envp); - } Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/x11/tigervnc/pkg/PLIST,v diff -u -p -r1.7 PLIST --- pkg/PLIST 8 Feb 2023 19:44:34 -0000 1.7 +++ pkg/PLIST 6 Jul 2026 15:27:18 -0000 @@ -26,6 +26,7 @@ share/icons/hicolor/32x32/apps/tigervnc. share/icons/hicolor/48x48/apps/tigervnc.png share/icons/hicolor/64x64/apps/tigervnc.png share/icons/hicolor/scalable/apps/tigervnc.svg +share/locale/ar/LC_MESSAGES/tigervnc.mo share/locale/bg/LC_MESSAGES/tigervnc.mo share/locale/cs/LC_MESSAGES/tigervnc.mo share/locale/da/LC_MESSAGES/tigervnc.mo
