Since a world update on 26th December KRDC would not connect to clients that had a password, please see this forum thread https://forums.gentoo.org/viewtopic-t-1160195-highlight-.html As you will see it has identified the issue to be with libvncserver and its requirement to be built with the gcrypt use flag enabled in order for KRDC to process passworded connections.
Besides declaring the use-dep in krdc, it seems to me that net-libs/libvncserver should better have gcrypt default enabled.
Still, this forum post https://forums.gentoo.org/viewtopic-p-8769612.html#8769612 is explicitly talking about x11-misc/x11vnc which also does not declare such a usedep on libvncserver. Alexander, you are maintainer for both, so just extending $summary scope.
(In reply to Andreas Sturmlechner from comment #1) > Besides declaring the use-dep in krdc, it seems to me that > net-libs/libvncserver should better have gcrypt default enabled. Yes, it's a good idea.
What about x11-misc/x11vnc and declaring the usedep on libvncserver[gcrypt] though?
(In reply to Alexander Tsoy from comment #3) > (In reply to Andreas Sturmlechner from comment #1) > > Besides declaring the use-dep in krdc, it seems to me that > > net-libs/libvncserver should better have gcrypt default enabled. > Yes, it's a good idea. On the other hand USE="ssl -gcrypt -gnutls" should also work. At least I cannot see the difference between openssl and libgcrypt crypto backends.
(In reply to barrie backhurst from comment #0) > As you will see it has identified the issue to be with libvncserver and its > requirement to be built with the gcrypt use flag enabled in order for KRDC > to process passworded connections. Please provide "emerge --info net-libs/libvncserver" output
emerge --info net-libs/libvncserver Portage 3.0.44 (python 3.10.10-final-0, default/linux/amd64/17.1/desktop/plasma, gcc-12, glibc-2.36-r7, 5.9.10-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-5.9.10-gentoo-x86_64-Dual-Core_AMD_Opteron-tm-_Processor_2218_HE-with-glibc2.36 KiB Mem: 8162256 total, 486572 free KiB Swap: 8388604 total, 6693988 free Timestamp of repository gentoo: Sat, 18 Feb 2023 09:15:01 +0000 Head commit of repository gentoo: b3edfe0019505092b957d0f6824b519306274a26 sh bash 5.2_p15-r2 ld GNU ld (Gentoo 2.40 p2) 2.40.0 app-misc/pax-utils: 1.3.7::gentoo app-shells/bash: 5.2_p15-r2::gentoo dev-lang/perl: 5.36.0-r2::gentoo dev-lang/python: 3.10.10_p1::gentoo, 3.11.2_p1::gentoo dev-lang/rust: 1.67.1::gentoo dev-util/cmake: 3.25.2::gentoo dev-util/meson: 1.0.0::gentoo sys-apps/baselayout: 2.13-r1::gentoo sys-apps/openrc: 0.46::gentoo sys-apps/sandbox: 2.30-r1::gentoo sys-devel/autoconf: 2.13-r7::gentoo, 2.71-r5::gentoo sys-devel/automake: 1.16.5::gentoo sys-devel/binutils: 2.40-r1::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/clang: 15.0.7-r1::gentoo sys-devel/gcc: 12.2.1_p20230121-r1::gentoo sys-devel/gcc-config: 2.10::gentoo sys-devel/libtool: 2.4.7-r1::gentoo sys-devel/lld: 15.0.7::gentoo sys-devel/llvm: 15.0.7::gentoo sys-devel/make: 4.4::gentoo sys-kernel/linux-headers: 6.1::gentoo (virtual/os-headers) sys-libs/glibc: 2.36-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.uk.gentoo.org/gentoo-portage priority: -1000 volatile: True sync-rsync-verify-jobs: 1 sync-rsync-verify-metamanifest: yes sync-rsync-verify-max-age: 24 sync-rsync-extra-opts: myown location: /usr/local/portage masters: gentoo volatile: True Installed sets: @kde ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=opteron-sse3 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=opteron-sse3 -O2 -pipe" DISTDIR="/usr/portage/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="rsync://rsync.mirrorservice.org/www.ibiblio.org/gentoo/ http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ ftp://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo/" LANG="en_GB.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LEX="flex" LINGUAS="en en_GB" MAKEOPTS="-j5" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" SHELL="/bin/bash" USE="3dnow 3dnowext X a52 aac acl acpi activities alsa amd64 bluetooth branding bzip2 cairo cdda cdr cli crypt cups dbus declarative dri dts dvd dvdr elogind encode exif flac fortran gdbm gif gpm gui iconv icu ipv6 jpeg kde kwallet lcms libglvnd libnotify libtirpc mad mmx mmxext mng mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf plasma png policykit postproc ppds qml qrcode qt5 readline samba sdl seccomp semantic-desktop sound spell split-usr sse sse2 ssl startup-notification svg test-rust thumbnail tiff truetype udev udisks unicode upower usb vorbis vpx widgets wxwidgets x264 xattr xcb xft xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="3dnow 3dnowext mmx mmxext sse sse2 sse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" L10N="en en-GB" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_10" RUBY_TARGETS="ruby27" USERLAND="GNU" VIDEO_CARDS="nouveau" VOICEMAIL_STORAGE="file" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS ================================================================= Package Settings ================================================================= net-libs/libvncserver-0.9.14::gentoo was built with the following: USE="24bpp filetransfer gcrypt ipv6 jpeg png ssl threads zlib -gnutls -lzo -sasl -systemd" ABI_X86="(64)"
So, USE=ssl was previously enabled and it did not suffice?
(In reply to Andreas Sturmlechner from comment #8) > So, USE=ssl was previously enabled and it did not suffice? Yes, the only change I have made to the USE flags is the addition of gcrypt
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd2a179ecfadad2276ca63e7d993fd7ec87ebd73 commit cd2a179ecfadad2276ca63e7d993fd7ec87ebd73 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2023-02-15 19:28:49 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2023-02-28 16:13:00 +0000 net-libs/libvncserver: turn gcrypt USE flag on by default Also avoid using internal crypto backend as it doesn't support all authentication methods. Bug: https://bugs.gentoo.org/893608 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/29596 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-libs/libvncserver/libvncserver-0.9.14.ebuild | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
(In reply to barrie backhurst from comment #9) > Yes, the only change I have made to the USE flags is the addition of gcrypt Interesting. So there is definitely a bug somewhere.
I reproduced this issue with remmina client and ultravnc server. It's a bug in openssl crypto backend. So in addition to not allowing internal crypto we also need to apply upstream patch.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f2d52caeae7b364e291c73fd9ceabd90dd1b7fa commit 0f2d52caeae7b364e291c73fd9ceabd90dd1b7fa Author: Sam James <sam@gentoo.org> AuthorDate: 2023-03-23 04:43:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-23 04:56:51 +0000 net-libs/libvncserver: add patch metadata Bug: https://bugs.gentoo.org/893608 Signed-off-by: Sam James <sam@gentoo.org> .../files/libvncserver-0.9.14-crypto-openssl-fix.patch | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01dbaaafe6f24fecdc12973aa620ce50ffeb544d commit 01dbaaafe6f24fecdc12973aa620ce50ffeb544d Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2023-03-23 02:50:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-23 04:56:50 +0000 net-libs/libvncserver: fix openssl crypto backend Bug: https://bugs.gentoo.org/893608 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/30311 Signed-off-by: Sam James <sam@gentoo.org> .../libvncserver-0.9.14-crypto-openssl-fix.patch | 59 ++++++++++++++++ .../libvncserver/libvncserver-0.9.14-r1.ebuild | 81 ++++++++++++++++++++++ 2 files changed, 140 insertions(+)
(In reply to barrie backhurst from comment #9) > Yes, the only change I have made to the USE flags is the addition of gcrypt Please test net-libs/libvncserver-0.9.14-r1 with USE="ssl -gcrypt -gnutls". I will probably remove gcrypt from IUSE alongside with recently added REQUIRED_USE and leave only two combinations possible: - USE="ssl -gnutls" - openssl as tls and crypto backends - USE="ssl gnutls" - gnutls as tls backend + libgcrypt as crypto backend
Thanks for following up with that, in any case no longer blocking KDE Gear stabilisation.
(In reply to Alexander Tsoy from comment #14) > (In reply to barrie backhurst from comment #9) > > Yes, the only change I have made to the USE flags is the addition of gcrypt > Please test net-libs/libvncserver-0.9.14-r1 with USE="ssl -gcrypt -gnutls". > I have updated including the USE combination above and I am afraid it will not connect to the windows server eix libvncserver [I] net-libs/libvncserver Available versions: 0.9.14 (~)0.9.14-r1 {+24bpp +filetransfer +gcrypt gnutls ipv6 +jpeg lzo +png sasl ssl systemd +threads +zlib} Installed versions: 0.9.14-r1(15:21:24 28/03/23)(24bpp filetransfer ipv6 jpeg png ssl threads zlib -gcrypt -gnutls -lzo -sasl -systemd) Homepage: https://libvnc.github.io/ Description: library for creating vnc servers Re-enabling the gcrypt flag and re-emerging, connection works again
(In reply to barrie backhurst from comment #16) > > Please test net-libs/libvncserver-0.9.14-r1 with USE="ssl -gcrypt -gnutls". > > > I have updated including the USE combination above and I am afraid it will > not connect to the windows server Thank you for the feedback. Could you tell more about your Windows setup? What VNC server, what auth settings, etc?
Sanity check failed: > net-libs/libvncserver-0.9.14-r1 > depend arm dev profile default/linux/arm/17.0/musl/armv6j (4 total) > sys-apps/systemd:= > rdepend arm dev profile default/linux/arm/17.0/musl/armv6j (4 total) > sys-apps/systemd:=
All sanity-check issues have been resolved
Unable to check for sanity: > dependent bug #906743 is missing keywords
(In reply to Alexander Tsoy from comment #17) > Thank you for the feedback. Could you tell more about your Windows setup? > What VNC server, what auth settings, etc? UPDATE: I was still using openssl-1.1 back then and commit from #comment 13 fixed Ultra MSLogonIIAuth for me. Now with openssl-3.0 authentication seems completely broken. Related upstream issue: https://github.com/LibVNC/libvncserver/issues/590
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cea7c09c70390799b321479a59b597a25f951f9b commit cea7c09c70390799b321479a59b597a25f951f9b Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2024-01-04 18:58:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-20 12:47:50 +0000 net-libs/libvncserver: always enable gcrypt-based crypto backend There are a few reasons for that: - internal crypto backend doesn't support all authentication methods and the use of external crypto backend was already forced via REQUIRED_USE - openssl-based crypto backend is completely broken with openssl-3.0 - build system does not allow to disable openssl-based crypto backend when openssl-based TLS backend is enabled without also enabling gcrypt-based crypto backend - all major distros are building with gcrypt-based crypto backend, so it is the most tested configuration. Closes: https://bugs.gentoo.org/893608 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Signed-off-by: Sam James <sam@gentoo.org> .../libvncserver/libvncserver-0.9.14-r2.ebuild | 73 ++++++++++++++++++++++ 1 file changed, 73 insertions(+)
