Works fine for my usecase: - tigervnc client to a linux machine running tigervnc in standalone mode - tigervnc in standalone mode in a vm hosting xfce4 with openbox/xfwm4 without compositing. Libreoffice calc and Librewolf also works.
Thank you! > if anyone who's using tigervnc would like to give the update a spin, > here's a diff. (needs up-to-date -current to apply). > > more bits using PAM funcions crept in (upstream seem to basically > assume that it's available on a unix-like system and don't guard > against its presence in the unix part of the tree) so I've given in > and added the dep, there are some other issues with nettle-related > code so I haven't enabled that. > > > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/x11/tigervnc/Makefile,v > diff -u -p -r1.33 Makefile > --- Makefile 6 Jul 2026 09:30:10 -0000 1.33 > +++ Makefile 6 Jul 2026 15:27:18 -0000 > @@ -2,8 +2,7 @@ COMMENT= high performance, multi-platfor > > GH_ACCOUNT= TigerVNC > GH_PROJECT= tigervnc > -GH_TAGNAME= v1.15.0 > -REVISION= 2 > +GH_TAGNAME= v1.16.2 > > XORG_V= 21.1.23 > > @@ -26,7 +25,7 @@ WANTLIB += GL ICE SM X11 Xau Xcursor Xda > WANTLIB += Xfont2 Xft Xi Xinerama Xrandr Xrender Xtst avcodec > WANTLIB += avutil c fltk fltk_images > WANTLIB += fontconfig fontenc freetype gmp gnutls hogweed > -WANTLIB += iconv idn2 intl jpeg kvm m nettle p11-kit > +WANTLIB += iconv idn2 intl jpeg kvm m nettle p11-kit pam > WANTLIB += pixman-1 swscale tasn1 unistring xcvt xshmfence z > > SITES.x= https://www.x.org/releases/individual/xserver/ > @@ -51,10 +50,9 @@ CONFIGURE_ARGS= -DMAN_DIR="${TRUEPREFIX} > -DDOC_DIR="${TRUEPREFIX}/share/doc/tigervnc" \ > > -DCMAKE_INSTALL_FULL_SYSCONFDIR="${TRUEPREFIX}/share/examples/tigervnc" > \ -DINSTALL_SYSTEMD_UNITS=OFF \ > - -DENABLE_PWQUALITY=OFF > -# ld: error: undefined symbol: vtable for rfb::UnixPasswordValidator > -# might need something more to enable nettle (sha/aes support) while > pam is disabled? -CONFIGURE_ARGS+= -DENABLE_NETTLE=OFF > + -DENABLE_NETTLE=OFF \ > + -DENABLE_PWQUALITY=OFF \ > + -DENABLE_WAYLAND=OFF > CFLAGS+= -I${LOCALBASE}/include -I${X11BASE}/include > CXXFLAGS+= -I${LOCALBASE}/include -I${X11BASE}/include > NO_TEST= Yes > @@ -64,6 +62,7 @@ BUILD_DEPENDS= devel/gettext,-tools > LIB_DEPENDS= devel/gettext,-runtime \ > graphics/ffmpeg \ > security/gnutls \ > + security/openpam \ > x11/fltk > RUN_DEPENDS= devel/desktop-file-utils \ > x11/gtk+4,-guic > Index: distinfo > =================================================================== > RCS file: /cvs/ports/x11/tigervnc/distinfo,v > diff -u -p -r1.16 distinfo > --- distinfo 6 Jul 2026 09:30:10 -0000 1.16 > +++ distinfo 6 Jul 2026 15:27:18 -0000 > @@ -1,8 +1,8 @@ > -SHA256 (tigervnc-1.15.0.tar.gz) = > fyMZBoAeifCaIS6GcB898XIuNnZ9YFWk5hk5BXBUhTc= +SHA256 > (tigervnc-1.16.2.tar.gz) = > sQfAyLipYllCgWkDZsJBhulcLqShaay8AHaqYu0B9Gc= SHA256 > (tigervnc-vncserver-1.10.1.man) = > SYPtbv1V+i4qPDYNS7s5yfcD77b6Kc5PbY/TRZmb6O0= SHA256 > (tigervnc-vncserver-1.10.1.pl) = > QKXeRAhhWcwN8+2dSH1x48qj5JPVNafgdhuNRZG7WuM= SHA256 > (xorg-server-21.1.23.tar.xz) = > 45gy5WF9ra8HL9+fDhnl0uHCoTYHrCgLrBq6n4/hRjQ= -SIZE > (tigervnc-1.15.0.tar.gz) = 2126369 +SIZE (tigervnc-1.16.2.tar.gz) = > 2222162 SIZE (tigervnc-vncserver-1.10.1.man) = 7844 SIZE > (tigervnc-vncserver-1.10.1.pl) = 24313 SIZE > (xorg-server-21.1.23.tar.xz) = 5069780 Index: > patches/patch-CMakeLists_txt > =================================================================== > RCS file: /cvs/ports/x11/tigervnc/patches/patch-CMakeLists_txt,v diff > -u -p -r1.7 patch-CMakeLists_txt --- > patches/patch-CMakeLists_txt 14 Sep 2025 15:48:36 -0000 > 1.7 +++ patches/patch-CMakeLists_txt 6 Jul 2026 15:27:18 -0000 > @@ -1,30 +1,21 @@ Index: CMakeLists.txt --- CMakeLists.txt.orig +++ > CMakeLists.txt -@@ -341,7 +341,7 @@ if (ENABLE_NETTLE) > - endif() > - > - # Check for PAM library > --if(UNIX AND NOT APPLE) > -+if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") > - check_include_files(security/pam_appl.h HAVE_PAM_H) > - set(CMAKE_REQUIRED_LIBRARIES -lpam) > - check_function_exists(pam_start HAVE_PAM_START) > -@@ -354,7 +354,7 @@ if(UNIX AND NOT APPLE) > +@@ -346,7 +346,7 @@ if(UNIX AND NOT APPLE) > endif() > > # Check for SELinux library > -if(UNIX AND NOT APPLE) > +if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") > - check_include_files(selinux/selinux.h HAVE_SELINUX_H) > - if(HAVE_SELINUX_H) > - set(CMAKE_REQUIRED_LIBRARIES -lselinux) > -@@ -367,7 +367,7 @@ if(UNIX AND NOT APPLE) > + trioption(ENABLE_SELINUX "Enable SELinux support") > + if(ENABLE_SELINUX) > + if(ENABLE_SELINUX STREQUAL "AUTO") > +@@ -361,7 +361,7 @@ if(UNIX AND NOT APPLE) > endif() > > # check for systemd support (socket activation) > -if(UNIX AND NOT APPLE) > +if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") > - find_package(PkgConfig) > - if (PKG_CONFIG_FOUND) > - pkg_check_modules(LIBSYSTEMD libsystemd) > + trioption(ENABLE_SYSTEMD "Enable systemd support") > + if(ENABLE_SYSTEMD) > + if(ENABLE_SYSTEMD STREQUAL "AUTO") > Index: patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake > =================================================================== > RCS file: > /cvs/ports/x11/tigervnc/patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake,v > diff -u -p -r1.1 patch-cmake_Modules_CMakeMacroLibtoolFile_cmake --- > patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake 15 Oct > 2024 16:52:12 -0000 1.1 +++ > patches/patch-cmake_Modules_CMakeMacroLibtoolFile_cmake 6 Jul > 2026 15:27:18 -0000 @@ -1,17 +1,16 @@ -blargh. +strip off the > directory name from library, to avoid issues finding libs +with a > full path (seen with e.g. /usr/X11R6/lib/libpixman-1.so.46.4) > Index: cmake/Modules/CMakeMacroLibtoolFile.cmake > --- cmake/Modules/CMakeMacroLibtoolFile.cmake.orig > +++ cmake/Modules/CMakeMacroLibtoolFile.cmake > -@@ -112,6 +112,11 @@ function(libtool_generate_control_file _target) > +@@ -110,7 +110,8 @@ function(libtool_generate_control_file _target) > + endif() > + > if(NOT FL) > - find_library(FL ${library} PATHS ${LIBRARY_PATHS}) > +- find_library(FL ${library} PATHS ${LIBRARY_PATHS}) > ++ get_filename_component(_lib_name ${library} NAME) > ++ find_library(FL ${_lib_name} PATHS ${LIBRARY_PATHS}) > endif() > -+ if(NOT FL) > -+ string(REPLACE "/usr/lib/" "" library ${library}) > -+ string(REPLACE "/usr/local/lib/" "" library ${library}) > -+ find_library(FL ${library} PATHS ${LIBRARY_PATHS}) > -+ endif() > > if(FL) > - # Found library. Depending on if it's static or not we > might Index: patches/patch-cmake_Modules_FindXkbcommon_cmake > =================================================================== > RCS file: patches/patch-cmake_Modules_FindXkbcommon_cmake > diff -N patches/patch-cmake_Modules_FindXkbcommon_cmake > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-cmake_Modules_FindXkbcommon_cmake 6 Jul 2026 > 15:27:18 -0000 @@ -0,0 +1,12 @@ > +Index: cmake/Modules/FindXkbcommon.cmake > +--- cmake/Modules/FindXkbcommon.cmake.orig > ++++ cmake/Modules/FindXkbcommon.cmake > +@@ -14,7 +14,7 @@ This module will set the following variables if > found: > + > #]=======================================================================] > + > + > +-find_package(Pkgconfig QUIET) > ++find_package(PkgConfig QUIET) > + if(PKG_CONFIG_FOUND) > + pkg_check_modules(PC_Xkbcommon QUIET xkbcommon) > + endif() > Index: patches/patch-common_rfb_CMakeLists_txt > =================================================================== > RCS file: patches/patch-common_rfb_CMakeLists_txt > diff -N patches/patch-common_rfb_CMakeLists_txt > --- patches/patch-common_rfb_CMakeLists_txt 14 Sep 2025 > 15:48:36 -0000 1.5 +++ /dev/null 1 Jan 1970 00:00:00 > -0000 @@ -1,12 +0,0 @@ > -Index: common/rfb/CMakeLists.txt > ---- common/rfb/CMakeLists.txt.orig > -+++ common/rfb/CMakeLists.txt > -@@ -91,7 +91,7 @@ if(WIN32) > - target_sources(rfb PRIVATE WinPasswdValidator.cxx) > - endif(WIN32) > - > --if(UNIX AND NOT APPLE) > -+if(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") > - target_sources(rfb PRIVATE UnixPasswordValidator.cxx pam.c) > - target_link_libraries(rfb ${PAM_LIBS}) > - endif() > Index: patches/patch-common_rfb_SSecurityPlain_cxx > =================================================================== > RCS file: > /cvs/ports/x11/tigervnc/patches/patch-common_rfb_SSecurityPlain_cxx,v > diff -u -p -r1.5 patch-common_rfb_SSecurityPlain_cxx --- > patches/patch-common_rfb_SSecurityPlain_cxx 14 Sep 2025 > 15:48:36 -0000 1.5 +++ > patches/patch-common_rfb_SSecurityPlain_cxx 6 Jul 2026 > 15:27:18 -0000 @@ -1,22 +1,22 @@ Index: common/rfb/SSecurityPlain.cxx > --- common/rfb/SSecurityPlain.cxx.orig +++ > common/rfb/SSecurityPlain.cxx -@@ -26,7 +26,7 @@ > +@@ -28,7 +28,7 @@ > + #include <rfb/SConnection.h> > #include <rfb/Exception.h> > - #include <rfb/util.h> > #include <rdr/InStream.h> > -#if !defined(WIN32) && !defined(__APPLE__) > +#if !defined(WIN32) && !defined(__APPLE__) && !defined(__OpenBSD__) > #include <rfb/UnixPasswordValidator.h> > #include <unistd.h> > #include <pwd.h> > -@@ -55,7 +55,7 @@ bool PasswordValidator::validUser(const char* > username > - for (size_t i = 0; i < users.size(); i++) { > - if (users[i] == "*") > +@@ -53,7 +53,7 @@ bool PasswordValidator::validUser(const char* > username > + for (const char* user : plainUsers) { > + if (strcmp(user, "*") == 0) > return true; > -#if !defined(WIN32) && !defined(__APPLE__) > +#if !defined(WIN32) && !defined(__APPLE__) && !defined(__OpenBSD__) > - if (users[i] == "%u") { > + if (strcmp(user, "%u") == 0) { > struct passwd *pw = getpwnam(username); > if (pw && pw->pw_uid == getuid()) > @@ -72,7 +72,7 @@ SSecurityPlain::SSecurityPlain(SConnection* sc_) : > SSe Index: patches/patch-unix_vncserver_CMakeLists_txt > =================================================================== > RCS file: > /cvs/ports/x11/tigervnc/patches/patch-unix_vncserver_CMakeLists_txt,v > diff -u -p -r1.4 patch-unix_vncserver_CMakeLists_txt --- > patches/patch-unix_vncserver_CMakeLists_txt 8 Feb 2023 > 19:44:34 -0000 1.4 +++ > patches/patch-unix_vncserver_CMakeLists_txt 6 Jul 2026 > 15:27:18 -0000 @@ -6,9 +6,9 @@ Index: unix/vncserver/CMakeLists.txt > @@ -1,3 +1,4 @@ +if(HAVE_PAM_H) add_executable(vncsession > vncsession.c) > - target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS}) > - > -@@ -14,6 +15,7 @@ install(FILES vncserver.man DESTINATION > ${CMAKE_INSTAL > + target_include_directories(vncsession SYSTEM PRIVATE > ${PAM_INCLUDE_DIRS}) > + target_include_directories(vncsession SYSTEM PRIVATE > ${SELINUX_INCLUDE_DIRS}) +@@ -17,6 +18,7 @@ install(FILES > vncserver.man DESTINATION ${CMAKE_INSTAL install(FILES > vncserver-config-defaults vncserver-config-mandatory DESTINATION > ${CMAKE_INSTALL_FULL_SYSCONFDIR}/tigervnc) install(FILES > vncserver.users DESTINATION > ${CMAKE_INSTALL_FULL_SYSCONFDIR}/tigervnc) Index: > patches/patch-unix_x0vncserver_Image_cxx > =================================================================== > RCS file: patches/patch-unix_x0vncserver_Image_cxx diff -N > patches/patch-unix_x0vncserver_Image_cxx --- > patches/patch-unix_x0vncserver_Image_cxx 28 Mar 2026 12:34:09 > -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ > -1,23 +0,0 @@ -From a3fbb54278ebe91bf573f44b32d64e78a33a4828 Mon Sep > 17 00:00:00 2001 -From: Pierre Ossman <[email protected]> -Date: Tue, > 24 Mar 2026 09:52:01 +0100 -Subject: [PATCH] Prevent other users > reading x0vncserver screen - > -Prevent other users from observing the screen, or modifying what is > sent -to the client. Malicious attackers can even crash x0vncserver > if they -time the modifications right. > - > -(cherry picked from commit 0b5cab169d847789efa54459a87659d3fd484393) > - > -Index: unix/x0vncserver/Image.cxx > ---- unix/x0vncserver/Image.cxx.orig > -+++ unix/x0vncserver/Image.cxx > -@@ -268,7 +268,7 @@ void ShmImage::Init(int width, int height, const > XVisu > - > - shminfo->shmid = shmget(IPC_PRIVATE, > - xim->bytes_per_line * xim->height, > -- IPC_CREAT|0777); > -+ IPC_CREAT|0600); > - if (shminfo->shmid == -1) { > - perror("shmget"); > - vlog.error("shmget() failed (%d bytes requested)", > Index: patches/patch-unix_xserver_hw_vnc_Makefile_am > =================================================================== > RCS file: > /cvs/ports/x11/tigervnc/patches/patch-unix_xserver_hw_vnc_Makefile_am,v > diff -u -p -r1.7 patch-unix_xserver_hw_vnc_Makefile_am --- > patches/patch-unix_xserver_hw_vnc_Makefile_am 14 Sep 2025 > 15:48:36 -0000 1.7 +++ > patches/patch-unix_xserver_hw_vnc_Makefile_am 6 Jul 2026 > 15:27:18 -0000 @@ -1,7 +1,7 @@ Index: unix/xserver/hw/vnc/Makefile.am > --- unix/xserver/hw/vnc/Makefile.am.orig +++ > unix/xserver/hw/vnc/Makefile.am -@@ -60,7 +60,7 @@ Xvnc_LDADD = \ > +@@ -57,7 +57,7 @@ Xvnc_LDADD = \ > $(LOCAL_LIBS) \ > $(XSERVER_SYS_LIBS) \ > $(XVNC_SYS_LIBS) \ > Index: patches/patch-unix_xserver_hw_vnc_vncHooks_c > =================================================================== > RCS file: patches/patch-unix_xserver_hw_vnc_vncHooks_c > diff -N patches/patch-unix_xserver_hw_vnc_vncHooks_c > --- patches/patch-unix_xserver_hw_vnc_vncHooks_c 28 Mar 2026 > 12:34:09 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 > -0000 @@ -1,29 +0,0 @@ > -From 87612b64652152ca19d568eb6b8770d067730da3 Mon Sep 17 00:00:00 > 2001 -From: Pierre Ossman <[email protected]> > -Date: Thu, 26 Mar 2026 10:10:12 +0100 > -Subject: [PATCH] Use locks to avoid races with input thread > - > -Taken from how Xorg deals with hooking these functions. Without it we > -can get corruption of the sprite functions struct. > - > -(cherry picked from commit 3bc1cf73ea96082929232797e98823fa3e5ed4ed) > - > -Index: unix/xserver/hw/vnc/vncHooks.c > ---- unix/xserver/hw/vnc/vncHooks.c.orig > -+++ unix/xserver/hw/vnc/vncHooks.c > -@@ -1144,6 +1144,7 @@ static Bool vncHooksRandRCrtcSet(ScreenPtr > pScreen, RR > - // Unwrap and rewrap helpers > - > - #define SPRITE_PROLOGUE(field) > \ -+ input_lock(); > \ > - miPointerScreenPtr miPointerPriv = > \ > - dixLookupPrivate(&screen->devPrivates, miPointerScreenKey); > \ > - vncHooksScreenPtr vncHooksScreen = vncHooksScreenPrivate(screen); > \ -@@ -1152,6 +1153,7 @@ static Bool > vncHooksRandRCrtcSet(ScreenPtr pScreen, RR > - > - #define SPRITE_EPILOGUE(field) > \ > - wrap(vncHooksScreen, miPointerPriv, spriteFuncs, > &vncHooksSpriteFuncs); \ -+ input_unlock(); > - > - static Bool vncHooksRealizeCursor(DeviceIntPtr dev, ScreenPtr > screen, > - CursorPtr cursor) > Index: patches/patch-unix_xserver_hw_vnc_xvnc_c > =================================================================== > RCS file: patches/patch-unix_xserver_hw_vnc_xvnc_c > diff -N patches/patch-unix_xserver_hw_vnc_xvnc_c > --- patches/patch-unix_xserver_hw_vnc_xvnc_c 6 Jul 2026 > 09:30:10 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 > -0000 @@ -1,46 +0,0 @@ > -From 1f1aaca09a1f9919f5169caea9c396b14c2af765 Mon Sep 17 00:00:00 > 2001 -From: Pierre Ossman <[email protected]> > -Date: Tue, 8 Apr 2025 14:41:04 +0200 > -Subject: [PATCH] Don't print Xvnc banner before parsing args > - > -If we'll be running in inetd mode, then stdout and stderr will be a > -client socket and not an appropriate place for logging. > - > -Mimic what Xorg does instead. > ---- > - unix/xserver/hw/vnc/xvnc.c | 9 +++++---- > - 1 file changed, 5 insertions(+), 4 deletions(-) > - > -Index: unix/xserver/hw/vnc/xvnc.c > ---- unix/xserver/hw/vnc/xvnc.c.orig > -+++ unix/xserver/hw/vnc/xvnc.c > -@@ -442,7 +442,7 @@ ddxProcessArgument(int argc, char *argv[], int i) > - } > - > - if (!strcmp(argv[i], "-showconfig") || !strcmp(argv[i], > "-version")) { -- /* Already shown at start */ > -+ vncPrintBanner(); > - exit(0); > - } > - > -@@ -1166,8 +1166,11 @@ InitOutput(ScreenInfo * scrInfo, int argc, > char **argv > - int i; > - int NumFormats = 0; > - > -- if (serverGeneration == 1) > -+ if (serverGeneration == 1) { > -+ vncPrintBanner(); > -+ > - LoadExtensionList(vncExtensions, ARRAY_SIZE(vncExtensions), > TRUE); -+ } > - > - #if XORG_AT_LEAST(1, 20, 0) > - xorgGlxCreateVendor(); > -@@ -1259,7 +1262,5 @@ vncClientGone(int fd) > - int > - main(int argc, char *argv[], char *envp[]) > - { > -- vncPrintBanner(); > -- > - return dix_main(argc, argv, envp); > - } > Index: pkg/PLIST > =================================================================== > RCS file: /cvs/ports/x11/tigervnc/pkg/PLIST,v > diff -u -p -r1.7 PLIST > --- pkg/PLIST 8 Feb 2023 19:44:34 -0000 1.7 > +++ pkg/PLIST 6 Jul 2026 15:27:18 -0000 > @@ -26,6 +26,7 @@ share/icons/hicolor/32x32/apps/tigervnc. > share/icons/hicolor/48x48/apps/tigervnc.png > share/icons/hicolor/64x64/apps/tigervnc.png > share/icons/hicolor/scalable/apps/tigervnc.svg > +share/locale/ar/LC_MESSAGES/tigervnc.mo > share/locale/bg/LC_MESSAGES/tigervnc.mo > share/locale/cs/LC_MESSAGES/tigervnc.mo > share/locale/da/LC_MESSAGES/tigervnc.mo > -- greetings, Florian Viehweger
