search

void-linux / void-packages

The Void source packages collection
https://voidlinux.org
Other
2.5k stars 2.11k forks source link

x11vnc password is always in clear text, and clients are unable to connect with password #48007

Open jfcolom opened 8 months ago

jfcolom commented 8 months ago

Is this a new report?

Yes

System Info

Void 6.6.8_1 x86_64 GenuineIntel uptodate rrFFFFF

Package(s) Affected

x11vnc-0.9.16_6

Does a report exist for this bug with the project's home (upstream) and/or another distro?

It works ok in Debian bullseye

Expected behaviour

x11vnc can generate a password file with the option storepasswd among others. The password should be stored obfuscated or encrypted. In addition, vncviewer should be able to connect to the server when the correct password is set.

Actual behaviour

The password is always stored in clear text.

In addition, vncviewer always get "Authentication failure: password check failed!", even when the correct password is set.

Steps to reproduce

  1. Run x11vnc to generate a password:

x11vnc -storepasswd

  1. Input and verify the password

  2. See the generated file

cat $HOME/.vnc/passwd

The password should appear obfuscated or encrypted. In addition, vncviewer should be able to connect when the correct password is set. However, the password is in clear text and the client cannot connect, even when the password is properly set in the client (tested with client from tigervnc package)

onlylunix commented 7 months ago

this is probably related to https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cea7c09c70390799b321479a59b597a25f951f9b

dexgs commented 6 months ago

Based on the linked commit on the gentoo tracker, It seems like the issue is that x11vnc does not work properly with openssl 3.0.

I tried disabling it by modifying the following templates as follows:

# Template file for 'x11vnc'
pkgname=x11vnc
version=0.9.16
revision=7
build_style=gnu-configure
configure_args="--without-crypto --without-ssl"
hostmakedepends="automake libtool pkg-config"
makedepends="libXdamage-devel libXinerama-devel libXrandr-devel libXtst-devel
 libjpeg-turbo-devel openssl-devel libvncserver-devel zlib-devel"
short_desc="VNC server for real X displays"
maintainer="Leah Neukirchen <leah@vuxu.org>"
license="GPL-2.0-or-later, x11vnc-openssl-exception"
homepage="http://www.karlrunge.com/x11vnc/"
changelog="https://raw.githubusercontent.com/LibVNC/x11vnc/master/NEWS"
distfiles="https://github.com/LibVNC/x11vnc/archive/${version}.tar.gz"
checksum=885e5b5f5f25eec6f9e4a1e8be3d0ac71a686331ee1cfb442dba391111bd32bd

if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
    makedepends+=" libgcrypt-devel"
fi

CFLAGS="-fcommon"

pre_configure() {
    autoreconf -fi
}
# Template file for 'libvncserver'
pkgname=libvncserver
version=0.9.14
revision=3
build_style=cmake
confiugre_args="-DWITH_OPENSSL=OFF -DWITH_GNUTLS=ON"
hostmakedepends="pkg-config"
makedepends="zlib-devel libjpeg-turbo-devel libpng-devel libgcrypt-devel"
short_desc="C libraries to easily implement VNC server or client functionality"
maintainer="Orphaned <orphan@voidlinux.org>"
license="GPL-2.0-or-later"
homepage="https://libvnc.github.io/"
distfiles="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-${version}.tar.gz"
checksum=83104e4f7e28b02f8bf6b010d69b626fae591f887e949816305daebae527c9a5

libvncserver-devel_package() {
    depends="${makedepends} ${sourcepkg}-${version}_${revision}"
    short_desc+=" - development files"
    pkg_install() {
        vmove usr/include
        vmove "usr/lib/*.so"
        vmove usr/lib/pkgconfig
    }
}

With these changes, password authentication seemed to work as expected (I just tried the -passwd command line option, which is broken in the current version of the package). Unfortunately I'm really not interested in fiddling with this anymore. Hopefully this helps someone else make some progress.

The key changes are setting confiugre_args="-DWITH_OPENSSL=OFF -DWITH_GNUTLS=ON" for libvncserver and setting configure_args="--without-crypto --without-ssl" for x11vnc.

EDIT: I also checked using a password file and it works with these changes (connecting works and the password file is not plaintext)

I needed to apply this patch (https://gitweb.gentoo.org/repo/gentoo.git/tree/x11-misc/x11vnc/files/x11vnc-0.9.16-crypto.patch?id=cea7c09c70390799b321479a59b597a25f951f9b) as well.