13 changed files with 1261 additions and 400 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-SOURCES/gnome-remote-desktop-47.alpha.tar.xz
+SOURCES/LibVNCServer-0.9.13.tar.gz
 SOURCES/gnome-remote-desktop-40.0.tar.xz
--- a/.gnome-remote-desktop.metadata
+++ b/.gnome-remote-desktop.metadata
@ -1 +1,2 @@
-5c94c91ac6d2c8e70bfc65d273937d9fcd7b594e SOURCES/gnome-remote-desktop-47.alpha.tar.xz
+55d79e6c4305cd67cd487c601298349c17ca05c1 SOURCES/LibVNCServer-0.9.13.tar.gz
 7c7688373ac31e724515f8b105922c3423e4469a SOURCES/gnome-remote-desktop-40.0.tar.xz
--- a/SOURCES/0001-crypto-Don-t-compile-SHA1-support-when-Websockets-ar.patch
+++ b/SOURCES/0001-crypto-Don-t-compile-SHA1-support-when-Websockets-ar.patch
@ -0,0 +1,92 @@
 From fdc71dd25c8505b3580e70afd4b4213cad8f8ebb Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Mon, 25 Oct 2021 16:14:26 +0200
 Subject: [PATCH] crypto: Don't compile SHA1 support when Websockets are
 disabled
 SHA1 is not ideal, security wise. Let's make sure we don't even have it
 compiled when nothing depends on it, e.g. Websockets.
 ---
 common/crypto.h           | 2 ++
 common/crypto_included.c  | 2 ++
 common/crypto_libgcrypt.c | 2 ++
 common/crypto_openssl.c   | 2 ++
 4 files changed, 8 insertions(+)
 diff --git a/common/crypto.h b/common/crypto.h
 index 04be9304..c1f32194 100644
 --- a/common/crypto.h
 +++ b/common/crypto.h
@@ -11,7 +11,9 @@
 int hash_md5(void *out, const void *in, const size_t in_len);
 /* Generates an SHA1 hash of 'in' and writes it to 'out', which must be 20 bytes in size. */
 +#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len);
 +#endif
 /* Fill 'out' with 'len' random bytes. */
 void random_bytes(void *out, size_t len);
 diff --git a/common/crypto_included.c b/common/crypto_included.c
 index b359336f..cf8d43c2 100644
 --- a/common/crypto_included.c
 +++ b/common/crypto_included.c
@@ -33,6 +33,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
     return 0;
 }
 +#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len)
 {
     SHA1Context sha1;
@@ -45,6 +46,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
     return 1;
 }
 +#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
 void random_bytes(void *out, size_t len)
 {
 diff --git a/common/crypto_libgcrypt.c b/common/crypto_libgcrypt.c
 index 34d845b4..f62bdaf8 100644
 --- a/common/crypto_libgcrypt.c
 +++ b/common/crypto_libgcrypt.c
@@ -74,6 +74,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
     return result;
 }
 +#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len)
 {
     int result = 0;
@@ -98,6 +99,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
     gcry_md_close(sha1);
     return result;
 }
 +#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
 void random_bytes(void *out, size_t len)
 {
 diff --git a/common/crypto_openssl.c b/common/crypto_openssl.c
 index 60d4bd4d..9816eb04 100644
 --- a/common/crypto_openssl.c
 +++ b/common/crypto_openssl.c
@@ -49,6 +49,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
     return 1;
 }
 +#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len)
 {
     SHA_CTX sha1;
@@ -60,6 +61,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
 	return 0;
     return 1;
 }
 +#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
 void random_bytes(void *out, size_t len)
 {
 -- 
 2.31.1
--- a/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
+++ b/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
@ -0,0 +1,241 @@
 From e4849b01fec4494057728d1aa3a165ed21705682 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Mon, 11 Jun 2018 23:47:02 +0200
 Subject: [PATCH 1/4] libvncserver: Add API to add custom I/O entry points
 Add API to make it possible to channel RFB input and output through
 another layer, for example TLS. This is done by making it possible to
 override the default read/write/peek functions.
 ---
 libvncserver/rfbserver.c |  4 ++
 libvncserver/sockets.c   | 79 ++++++++++++++++++++++++++++++++++++----
 rfb/rfb.h                | 17 +++++++++
 3 files changed, 93 insertions(+), 7 deletions(-)
 diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
 index e9eaa5fc..72e9ba79 100644
 --- a/libvncserver/rfbserver.c
 +++ b/libvncserver/rfbserver.c
@@ -319,6 +319,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
     cl->screen = rfbScreen;
     cl->sock = sock;
 +    cl->readFromSocket = rfbDefaultReadFromSocket;
 +    cl->peekAtSocket = rfbDefaultPeekAtSocket;
 +    cl->hasPendingOnSocket = rfbDefaultHasPendingOnSocket;
 +    cl->writeToSocket = rfbDefaultWriteToSocket;
     cl->viewOnly = FALSE;
     /* setup pseudo scaling */
     cl->scaledScreen = rfbScreen;
 diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c
 index 2c87376b..4bb881ec 100644
 --- a/libvncserver/sockets.c
 +++ b/libvncserver/sockets.c
@@ -101,6 +101,9 @@ int deny_severity=LOG_WARNING;
 int rfbMaxClientWait = 20000;   /* time (ms) after which we decide client has
                                    gone away - needed to stop us hanging */
 +static rfbBool
 +rfbHasPendingOnSocket(rfbClientPtr cl);
 +
 static rfbBool
 rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, rfbSocket sock)
 {
@@ -364,16 +367,20 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
 	tv.tv_usec = usec;
 	nfds = select(rfbScreen->maxFd + 1, &fds, NULL, NULL /* &fds */, &tv);
 	if (nfds == 0) {
 +            rfbBool hasPendingData = FALSE;
 +
 	    /* timed out, check for async events */
             i = rfbGetClientIterator(rfbScreen);
             while((cl = rfbClientIteratorNext(i))) {
                 if (cl->onHold)
                     continue;
 +                hasPendingData |= rfbHasPendingOnSocket(cl);
                 if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
                     rfbSendFileTransferChunk(cl);
             }
             rfbReleaseClientIterator(i);
 -	    return result;
 +            if (!hasPendingData)
 +                return result;
 	}
 	if (nfds < 0) {
@@ -449,9 +456,11 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
 	    if (cl->onHold)
 		continue;
 -            if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
 +            if (rfbHasPendingOnSocket (cl) ||
 +                FD_ISSET(cl->sock, &(rfbScreen->allFds)))
             {
 -                if (FD_ISSET(cl->sock, &fds))
 +                if (rfbHasPendingOnSocket (cl) ||
 +                    FD_ISSET(cl->sock, &fds))
                 {
 #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
                     do {
@@ -614,6 +623,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
     return sock;
 }
 +int
 +rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len)
 +{
 +    return read(cl->sock, buf, len);
 +}
 +
 +static int
 +rfbReadFromSocket(rfbClientPtr cl, char *buf, int len)
 +{
 +    return cl->readFromSocket(cl, buf, len);
 +}
 +
 +rfbBool
 +rfbDefaultHasPendingOnSocket(rfbClientPtr cl)
 +{
 +    return FALSE;
 +}
 +
 +static rfbBool
 +rfbHasPendingOnSocket(rfbClientPtr cl)
 +{
 +    return cl->hasPendingOnSocket(cl);
 +}
 +
 /*
  * ReadExact reads an exact number of bytes from a client.  Returns 1 if
  * those bytes have been read, 0 if the other end has closed, or -1 if an error
@@ -635,10 +668,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
         } else if (cl->sslctx) {
 	    n = rfbssl_read(cl, buf, len);
 	} else {
 -            n = read(sock, buf, len);
 +            n = rfbReadFromSocket(cl, buf, len);
         }
 #else
 -        n = read(sock, buf, len);
 +        n = rfbReadFromSocket(cl, buf, len);
 #endif
         if (n > 0) {
@@ -670,6 +703,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
 		    continue;
 	    }
 #endif
 +
 +            if (rfbHasPendingOnSocket(cl))
 +                continue;
 +
             FD_ZERO(&fds);
             FD_SET(sock, &fds);
             tv.tv_sec = timeout / 1000;
@@ -706,6 +743,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
     return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait));
 }
 +int
 +rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len)
 +{
 +    return recv(cl->sock, buf, len, MSG_PEEK);
 +}
 +
 +int
 +rfbPeekAtSocket(rfbClientPtr cl, char *buf, int len)
 +{
 +    cl->peekAtSocket(cl, buf, len);
 +}
 +
 /*
  * PeekExact peeks at an exact number of bytes from a client.  Returns 1 if
  * those bytes have been read, 0 if the other end has closed, or -1 if an
@@ -726,7 +775,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
 	    n = rfbssl_peek(cl, buf, len);
 	else
 #endif
 -	    n = recv(sock, buf, len, MSG_PEEK);
 +            n = rfbPeekAtSocket(cl, buf, len);
         if (n == len) {
@@ -782,6 +831,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
     return 1;
 }
 +int
 +rfbDefaultWriteToSocket(rfbClientPtr cl,
 +			const char *buf,
 +			int len)
 +{
 +    return write(cl->sock, buf, len);
 +}
 +
 +static int
 +rfbWriteToSocket(rfbClientPtr cl,
 +		 const char *buf,
 +		 int len)
 +{
 +    return cl->writeToSocket(cl, buf, len);
 +}
 +
 /*
  * WriteExact writes an exact number of bytes to a client.  Returns 1 if
  * those bytes have been written, or -1 if an error occurred (errno is set to
@@ -826,7 +891,7 @@ rfbWriteExact(rfbClientPtr cl,
 	    n = rfbssl_write(cl, buf, len);
 	else
 #endif
 -	    n = write(sock, buf, len);
 +	    n = rfbWriteToSocket(cl, buf, len);
         if (n > 0) {
 diff --git a/rfb/rfb.h b/rfb/rfb.h
 index 5e9ba86f..3c0b25a3 100644
 --- a/rfb/rfb.h
 +++ b/rfb/rfb.h
@@ -387,6 +387,14 @@ typedef struct sraRegion* sraRegionPtr;
 typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl);
 typedef void (*ClientFramebufferUpdateRequestHookPtr)(struct _rfbClientRec* cl, rfbFramebufferUpdateRequestMsg* furMsg);
 +typedef int (*ClientReadFromSocket)(struct _rfbClientRec* cl,
 +                                    char *buf, int len);
 +typedef int (*ClientPeekAtSocket)(struct _rfbClientRec* cl,
 +                                  char *buf, int len);
 +typedef rfbBool (*ClientHasPendingOnSocket)(struct _rfbClientRec* cl);
 +typedef int (*ClientWriteToSocket)(struct _rfbClientRec* cl,
 +                                   const char *buf, int len);
 +
 typedef struct _rfbFileTransferData {
   int fd;
   int compressionEnabled;
@@ -680,6 +688,11 @@ typedef struct _rfbClientRec {
     rfbBool useExtDesktopSize;
     int requestedDesktopSizeChange;
     int lastDesktopSizeChangeError;
 +
 +    ClientReadFromSocket readFromSocket;         /* Read data from socket */
 +    ClientPeekAtSocket peekAtSocket;             /* Peek at data from socket */
 +    ClientHasPendingOnSocket hasPendingOnSocket; /* Peek at data from socket */
 +    ClientWriteToSocket writeToSocket;           /* Write data to socket */
 } rfbClientRec, *rfbClientPtr;
 /**
@@ -732,8 +745,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);
 extern void rfbCloseClient(rfbClientPtr cl);
 extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);
 extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
 +extern int rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len);
 extern int rfbPeekExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
 +extern int rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len);
 +extern rfbBool rfbDefaultHasPendingOnSocket(rfbClientPtr cl);
 extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len);
 +extern int rfbDefaultWriteToSocket(rfbClientPtr cl, const char *buf, int len);
 extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);
 extern rfbSocket rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
 extern rfbSocket rfbConnectToTcpAddr(char* host, int port);
 -- 
 2.28.0
--- a/SOURCES/0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
+++ b/SOURCES/0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
@ -0,0 +1,28 @@
 From d138cf90130b0e8d5062f136ecdbcaa85e734d5d Mon Sep 17 00:00:00 2001
 From: Christian Beier <info@christianbeier.net>
 Date: Mon, 20 Jul 2020 22:33:29 +0200
 Subject: [PATCH] libvncserver: don't NULL out internal of the default cursor
 ...otherwise an rfbScreen created after rfbScreenCleanup() was called
 gets assigned an invalid cursor struct.
 ---
 libvncserver/main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/libvncserver/main.c b/libvncserver/main.c
 index 9149fda3..a3a711e3 100644
 --- a/libvncserver/main.c
 +++ b/libvncserver/main.c
@@ -1110,7 +1110,8 @@ void rfbScreenCleanup(rfbScreenInfoPtr screen)
   FREE_IF(underCursorBuffer);
   TINI_MUTEX(screen->cursorMutex);
 -  rfbFreeCursor(screen->cursor);
 +  if(screen->cursor != &myCursor)
 +      rfbFreeCursor(screen->cursor);
 #ifdef LIBVNCSERVER_HAVE_LIBZ
   rfbZlibCleanup(screen);
 -- 
 2.28.0
--- a/SOURCES/0001-pipewire-stream-Don-t-leak-GSource-s.patch
+++ b/SOURCES/0001-pipewire-stream-Don-t-leak-GSource-s.patch
@ -0,0 +1,53 @@
 From 2fba1c597f272516759933ee439e6fef3f6142f3 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Tue, 6 Apr 2021 11:32:14 +0200
 Subject: [PATCH] pipewire-stream: Don't leak GSource's
 The pipewire loop is owned by the source, and failing to free it means
 pipewire will keep file descriptors open indefinitely.
 While we properly "destroy":ed the source, destroying it only removes it
 from the context, it doesn't destroy or unref it. To also free it, we
 also need to unref it.
 ---
 src/grd-rdp-pipewire-stream.c | 6 +++++-
 src/grd-vnc-pipewire-stream.c | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)
 diff --git a/src/grd-rdp-pipewire-stream.c b/src/grd-rdp-pipewire-stream.c
 index 09015e7..6c79312 100644
 --- a/src/grd-rdp-pipewire-stream.c
 +++ b/src/grd-rdp-pipewire-stream.c
@@ -577,7 +577,11 @@ grd_rdp_pipewire_stream_finalize (GObject *object)
   g_clear_pointer (&stream->pipewire_core, pw_core_disconnect);
   g_clear_pointer (&stream->pipewire_context, pw_context_destroy);
 -  g_clear_pointer (&stream->pipewire_source, g_source_destroy);
 +  if (stream->pipewire_source)
 +    {
 +      g_source_destroy (stream->pipewire_source);
 +      g_clear_pointer (&stream->pipewire_source, g_source_unref);
 +    }
   G_OBJECT_CLASS (grd_rdp_pipewire_stream_parent_class)->finalize (object);
 }
 diff --git a/src/grd-vnc-pipewire-stream.c b/src/grd-vnc-pipewire-stream.c
 index 82ceb9b..5085062 100644
 --- a/src/grd-vnc-pipewire-stream.c
 +++ b/src/grd-vnc-pipewire-stream.c
@@ -594,7 +594,11 @@ grd_vnc_pipewire_stream_finalize (GObject *object)
   g_clear_pointer (&stream->pipewire_core, pw_core_disconnect);
   g_clear_pointer (&stream->pipewire_context, pw_context_destroy);
 -  g_clear_pointer (&stream->pipewire_source, g_source_destroy);
 +  if (stream->pipewire_source)
 +    {
 +      g_source_destroy (stream->pipewire_source);
 +      g_clear_pointer (&stream->pipewire_source, g_source_unref);
 +    }
   G_OBJECT_CLASS (grd_vnc_pipewire_stream_parent_class)->finalize (object);
 }
 -- 
 2.31.1
--- a/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch
+++ b/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch
@ -0,0 +1,368 @@
 From c9131a78878a785c3de21e9d49521d7b68400ad7 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Mon, 11 Jun 2018 23:50:05 +0200
 Subject: [PATCH 2/4] libvncserver: Add channel security handlers
 Add another type of security handler that is meant to be used initially
 to set up a secure channel. Regular security handlers would be
 advertised and processed after any channel security have succeeded.
 For example, this, together with the custom I/O functions allows a
 LibVNCServer user to implement TLS in combination with VNCAuth. This is
 done by adding a single channel security handler with the rfbTLS (18)
 with a handler that initiates a TLS session, and when a TLS session is
 initiated, the regular security handler list is sent.
 ---
 libvncserver/auth.c      | 164 ++++++++++++++++++++++++++++++---------
 libvncserver/rfbserver.c |   1 +
 rfb/rfb.h                |  15 +++-
 3 files changed, 142 insertions(+), 38 deletions(-)
 diff --git a/libvncserver/auth.c b/libvncserver/auth.c
 index 814a8142..55e0b3c9 100644
 --- a/libvncserver/auth.c
 +++ b/libvncserver/auth.c
@@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl, const char *reason);
  * Handle security types
  */
 +/* Channel security handlers to set up a secure channel, e.g. TLS. */
 +static rfbSecurityHandler* channelSecurityHandlers = NULL;
 +
 +/* Security handlers when channel security is established. */
 static rfbSecurityHandler* securityHandlers = NULL;
 -/*
 - * This method registers a list of new security types.  
 - * It avoids same security type getting registered multiple times. 
 - * The order is not preserved if multiple security types are
 - * registered at one-go.
 - */
 void
 -rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
 +rfbRegisterSecurityHandlerTo(rfbSecurityHandler* handler,
 +                             rfbSecurityHandler** handlerList)
 {
 -	rfbSecurityHandler *head = securityHandlers, *next = NULL;
 +	rfbSecurityHandler *head = *handlerList, *next = NULL;
 	if(handler == NULL)
 		return;
@@ -57,39 +56,35 @@ rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
 	while(head != NULL) {
 		if(head == handler) {
 -			rfbRegisterSecurityHandler(next);
 +			rfbRegisterSecurityHandlerTo(next, handlerList);
 			return;
 		}
 		head = head->next;
 	}
 -	handler->next = securityHandlers;
 -	securityHandlers = handler;
 +	handler->next = *handlerList;
 +	*handlerList = handler;
 -	rfbRegisterSecurityHandler(next);
 +	rfbRegisterSecurityHandlerTo(next, handlerList);
 }
 -/*
 - * This method unregisters a list of security types. 
 - * These security types won't be available for any new
 - * client connection. 
 - */
 -void
 -rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
 +static void
 +rfbUnregisterSecurityHandlerFrom(rfbSecurityHandler* handler,
 +                                 rfbSecurityHandler** handlerList)
 {
 	rfbSecurityHandler *cur = NULL, *pre = NULL;
 	if(handler == NULL)
 		return;
 -	if(securityHandlers == handler) {
 -		securityHandlers = securityHandlers->next;
 -		rfbUnregisterSecurityHandler(handler->next);
 +	if(*handlerList == handler) {
 +		*handlerList = (*handlerList)->next;
 +		rfbUnregisterSecurityHandlerFrom(handler->next, handlerList);
 		return;
 	}
 -	cur = pre = securityHandlers;
 +	cur = pre = *handlerList;
 	while(cur) {
 		if(cur == handler) {
@@ -99,7 +94,50 @@ rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
 		pre = cur;
 		cur = cur->next;
 	}
 -	rfbUnregisterSecurityHandler(handler->next);
 +	rfbUnregisterSecurityHandlerFrom(handler->next, handlerList);
 +}
 +
 +void
 +rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler)
 +{
 +    rfbRegisterSecurityHandlerTo(handler, &channelSecurityHandlers);
 +}
 +
 +/*
 + * This method unregisters a list of security types.
 + * These security types won't be available for any new
 + * client connection.
 + */
 +
 +void
 +rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler)
 +{
 +    rfbUnregisterSecurityHandlerFrom(handler, &channelSecurityHandlers);
 +}
 +
 +/*
 + * This method registers a list of new security types.
 + * It avoids same security type getting registered multiple times.
 + * The order is not preserved if multiple security types are
 + * registered at one-go.
 + */
 +
 +void
 +rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
 +{
 +    rfbRegisterSecurityHandlerTo(handler, &securityHandlers);
 +}
 +
 +/*
 + * This method unregisters a list of security types.
 + * These security types won't be available for any new
 + * client connection.
 + */
 +
 +void
 +rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
 +{
 +    rfbUnregisterSecurityHandlerFrom(handler, &securityHandlers);
 }
 /*
@@ -197,9 +235,22 @@ static rfbSecurityHandler VncSecurityHandlerNone = {
     NULL
 };
 +static int32_t
 +determinePrimarySecurityType(rfbClientPtr cl)
 +{
 +    if (!cl->screen->authPasswdData || cl->reverseConnection) {
 +        /* chk if this condition is valid or not. */
 +        return rfbSecTypeNone;
 +    } else if (cl->screen->authPasswdData) {
 +        return rfbSecTypeVncAuth;
 +    } else {
 +        return rfbSecTypeInvalid;
 +    }
 +}
 -static void
 -rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
 +void
 +rfbSendSecurityTypeList(rfbClientPtr cl,
 +                        enum rfbSecurityTag exclude)
 {
     /* The size of the message is the count of security types +1,
      * since the first byte is the number of types. */
@@ -207,9 +258,10 @@ rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
     rfbSecurityHandler* handler;
 #define MAX_SECURITY_TYPES 255
     uint8_t buffer[MAX_SECURITY_TYPES+1];
 -
 +    int32_t primaryType;
     /* Fill in the list of security types in the client structure. (NOTE: Not really in the client structure) */
 +    primaryType = determinePrimarySecurityType(cl);
     switch (primaryType) {
     case rfbSecTypeNone:
         rfbRegisterSecurityHandler(&VncSecurityHandlerNone);
@@ -221,6 +273,9 @@ rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
     for (handler = securityHandlers;
 	    handler && size<MAX_SECURITY_TYPES; handler = handler->next) {
 +	if (exclude && (handler->securityTags & exclude))
 +	    continue;
 +
 	buffer[size] = handler->type;
 	size++;
     }
@@ -249,7 +304,29 @@ rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
     cl->state = RFB_SECURITY_TYPE;
 }
 +static void
 +rfbSendChannelSecurityTypeList(rfbClientPtr cl)
 +{
 +    int size = 1;
 +    rfbSecurityHandler* handler;
 +    uint8_t buffer[MAX_SECURITY_TYPES+1];
 +
 +    for (handler = channelSecurityHandlers;
 +	    handler && size<MAX_SECURITY_TYPES; handler = handler->next) {
 +	buffer[size] = handler->type;
 +	size++;
 +    }
 +    buffer[0] = (unsigned char)size-1;
 +
 +    if (rfbWriteExact(cl, (char *)buffer, size) < 0) {
 +	rfbLogPerror("rfbSendSecurityTypeList: write");
 +	rfbCloseClient(cl);
 +	return;
 +    }
 +    /* Dispatch client input to rfbProcessClientChannelSecurityType. */
 +    cl->state = RFB_CHANNEL_SECURITY_TYPE;
 +}
 /*
@@ -297,18 +374,19 @@ rfbSendSecurityType(rfbClientPtr cl, int32_t securityType)
 void
 rfbAuthNewClient(rfbClientPtr cl)
 {
 -    int32_t securityType = rfbSecTypeInvalid;
 +    int32_t securityType;
 -    if (!cl->screen->authPasswdData || cl->reverseConnection) {
 -	/* chk if this condition is valid or not. */
 -	securityType = rfbSecTypeNone;
 -    } else if (cl->screen->authPasswdData) {
 - 	    securityType = rfbSecTypeVncAuth;
 -    }
 +    securityType = determinePrimarySecurityType(cl);
     if (cl->protocolMajorVersion==3 && cl->protocolMinorVersion < 7)
     {
 	/* Make sure we use only RFB 3.3 compatible security types. */
 +	if (channelSecurityHandlers) {
 +	    rfbLog("VNC channel security enabled - RFB 3.3 client rejected\n");
 +	    rfbClientConnFailed(cl, "Your viewer cannot hnadler required "
 +				"security methods");
 +	    return;
 +	}
 	if (securityType == rfbSecTypeInvalid) {
 	    rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n");
 	    rfbClientConnFailed(cl, "Your viewer cannot handle required "
@@ -316,9 +394,13 @@ rfbAuthNewClient(rfbClientPtr cl)
 	    return;
 	}
 	rfbSendSecurityType(cl, securityType);
 +    } else if (channelSecurityHandlers) {
 +	rfbLog("Send channel security type list\n");
 +	rfbSendChannelSecurityTypeList(cl);
     } else {
 	/* Here it's ok when securityType is set to rfbSecTypeInvalid. */
 -	rfbSendSecurityTypeList(cl, securityType);
 +	rfbLog("Send channel security type 'none'\n");
 +	rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE);
     }
 }
@@ -332,6 +414,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
     int n;
     uint8_t chosenType;
     rfbSecurityHandler* handler;
 +    rfbSecurityHandler* handlerListHead;
     /* Read the security type. */
     n = rfbReadExact(cl, (char *)&chosenType, 1);
@@ -344,8 +427,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
 	return;
     }
 +    switch (cl->state) {
 +    case RFB_CHANNEL_SECURITY_TYPE:
 +        handlerListHead = channelSecurityHandlers;
 +        break;
 +    case RFB_SECURITY_TYPE:
 +        handlerListHead = securityHandlers;
 +        break;
 +    }
 +
     /* Make sure it was present in the list sent by the server. */
 -    for (handler = securityHandlers; handler; handler = handler->next) {
 +    for (handler = handlerListHead; handler; handler = handler->next) {
 	if (chosenType == handler->type) {
 	      rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType);
 	      handler->handler(cl);
 diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
 index 72e9ba79..48eada64 100644
 --- a/libvncserver/rfbserver.c
 +++ b/libvncserver/rfbserver.c
@@ -652,6 +652,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
     case RFB_PROTOCOL_VERSION:
         rfbProcessClientProtocolVersion(cl);
         return;
 +    case RFB_CHANNEL_SECURITY_TYPE:
     case RFB_SECURITY_TYPE:
         rfbProcessClientSecurityType(cl);
         return;
 diff --git a/rfb/rfb.h b/rfb/rfb.h
 index 3c0b25a3..d136f884 100644
 --- a/rfb/rfb.h
 +++ b/rfb/rfb.h
@@ -144,6 +144,11 @@ typedef struct {
   } data; /**< there have to be count*3 entries */
 } rfbColourMap;
 +enum rfbSecurityTag {
 +    RFB_SECURITY_TAG_NONE = 0,
 +    RFB_SECURITY_TAG_CHANNEL = 1 << 0
 +};
 +
 /**
  * Security handling (RFB protocol version 3.7)
  */
@@ -152,6 +157,7 @@ typedef struct _rfbSecurity {
 	uint8_t type;
 	void (*handler)(struct _rfbClientRec* cl);
 	struct _rfbSecurity* next;
 +	enum rfbSecurityTag securityTags;
 } rfbSecurityHandler;
 /**
@@ -480,7 +486,7 @@ typedef struct _rfbClientRec {
                                 /** Possible client states: */
     enum {
         RFB_PROTOCOL_VERSION,   /**< establishing protocol version */
 -	RFB_SECURITY_TYPE,      /**< negotiating security (RFB v.3.7) */
 +        RFB_SECURITY_TYPE,      /**< negotiating security (RFB v.3.7) */
         RFB_AUTHENTICATION,     /**< authenticating */
         RFB_INITIALISATION,     /**< sending initialisation messages */
         RFB_NORMAL,             /**< normal protocol messages */
@@ -488,7 +494,9 @@ typedef struct _rfbClientRec {
         /* Ephemeral internal-use states that will never be seen by software
          * using LibVNCServer to provide services: */
 -        RFB_INITIALISATION_SHARED /**< sending initialisation messages with implicit shared-flag already true */
 +        RFB_INITIALISATION_SHARED, /**< sending initialisation messages with implicit shared-flag already true */
 +
 +        RFB_CHANNEL_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */
     } state;
     rfbBool reverseConnection;
@@ -840,6 +848,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
 extern void rfbAuthProcessClientMessage(rfbClientPtr cl);
 extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler);
 extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler);
 +extern void rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler);
 +extern void rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler);
 +extern void rfbSendSecurityTypeList(rfbClientPtr cl, enum rfbSecurityTag exclude);
 /* rre.c */
 -- 
 2.28.0
--- a/SOURCES/0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
+++ b/SOURCES/0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
@ -0,0 +1,32 @@
 From 2a77dd86a97fa5f4735f678599cea839ba09009c Mon Sep 17 00:00:00 2001
 From: Christian Beier <info@christianbeier.net>
 Date: Sun, 9 Aug 2020 20:11:26 +0200
 Subject: [PATCH 3/4] libvncserver/auth: don't keep security handlers from
 previous runs
 Whyohsoever security handlers are stored in a variable global to the
 application, not in the rfbScreen struct. This meant that security
 handlers registered once would stick around forever before this commit.
 ---
 libvncserver/auth.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/libvncserver/auth.c b/libvncserver/auth.c
 index 55e0b3c9..fc74c800 100644
 --- a/libvncserver/auth.c
 +++ b/libvncserver/auth.c
@@ -264,9 +264,11 @@ rfbSendSecurityTypeList(rfbClientPtr cl,
     primaryType = determinePrimarySecurityType(cl);
     switch (primaryType) {
     case rfbSecTypeNone:
 +	rfbUnregisterSecurityHandler(&VncSecurityHandlerVncAuth);
         rfbRegisterSecurityHandler(&VncSecurityHandlerNone);
         break;
     case rfbSecTypeVncAuth:
 +	rfbUnregisterSecurityHandler(&VncSecurityHandlerNone);
         rfbRegisterSecurityHandler(&VncSecurityHandlerVncAuth);
         break;
     }
 -- 
 2.28.0
--- a/SOURCES/0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
+++ b/SOURCES/0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
@ -0,0 +1,45 @@
 From 641610b961a732bb68f111536ebf8c42be20f05b Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Wed, 16 Sep 2020 17:35:49 +0200
 Subject: [PATCH 4/4] zlib: Clear buffer pointers on cleanup (#444)
 The pointers to the buffers were freed, and the size fields were set to
 0, but the buffer pointers themsef was not set to NULL, when shutting
 down, meaning the next time used, NULL checks would not tell whether the
 pointer is valid. This caused crashes ending with
  #0  0x00007ffff73729e5 in raise () from /lib64/libc.so.6
  #1  0x00007ffff735b895 in abort () from /lib64/libc.so.6
  #2  0x00007ffff73b6857 in __libc_message () from /lib64/libc.so.6
  #3  0x00007ffff73bdd7c in malloc_printerr () from /lib64/libc.so.6
  #4  0x00007ffff73c2f1a in realloc () from /lib64/libc.so.6
  #5  0x00007ffff78b558e in rfbSendOneRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=40) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:106
  #6  0x00007ffff78b5dec in rfbSendRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=600) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:308
  #7  0x00007ffff7899453 in rfbSendFramebufferUpdate (cl=0x4a4b80, givenUpdateRegion=0x49ef70) at /home/jonas/Dev/gnome/libvncserver/libvncserver/rfbserver.c:3264
  #8  0x00007ffff789079d in rfbUpdateClient (cl=0x4a4b80) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1275
  #9  0x00007ffff78905f5 in rfbProcessEvents (screen=0x4d5790, usec=0) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1251
 ---
 libvncserver/zlib.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/libvncserver/zlib.c b/libvncserver/zlib.c
 index d24d7d15..5c3a8236 100644
 --- a/libvncserver/zlib.c
 +++ b/libvncserver/zlib.c
@@ -64,11 +64,13 @@ void rfbZlibCleanup(rfbScreenInfoPtr screen)
 {
   if (zlibBeforeBufSize) {
     free(zlibBeforeBuf);
 +    zlibBeforeBuf = NULL;
     zlibBeforeBufSize=0;
   }
   if (zlibAfterBufSize) {
     zlibAfterBufSize=0;
     free(zlibAfterBuf);
 +    zlibAfterBuf = NULL;
   }
 }
 -- 
 2.28.0
--- a/SOURCES/gnutls-anontls.patch
+++ b/SOURCES/gnutls-anontls.patch
@ -1,4 +1,4 @@
-From 0e754e3a90f486c031da535656584673016107a3 Mon Sep 17 00:00:00 2001
+From 8676ef6c32557234d08acb13d7524df5fa1f4bb2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Thu, 14 Jun 2018 12:21:37 +0200
 Subject: [PATCH 1/7] vnc: Add anonymous TLS encryption support
@ -13,34 +13,34 @@ VNC connection.
 src/grd-enums.h                               |   6 +
 src/grd-session-vnc.c                         | 120 ++++-
 src/grd-session-vnc.h                         |  17 +
- src/grd-settings-user.c                       |   3 +
+ src/grd-settings.c                            |  28 ++
- src/grd-settings.c                            |  18 +
+ src/grd-settings.h                            |   2 +
- src/grd-vnc-server.c                          |  49 ++
+ src/grd-vnc-server.c                          |  45 ++
 src/grd-vnc-tls.c                             | 444 ++++++++++++++++++
 src/grd-vnc-tls.h                             |  28 ++
 src/meson.build                               |   3 +
 ...nome.desktop.remote-desktop.gschema.xml.in |  10 +
- 11 files changed, 673 insertions(+), 26 deletions(-)
+ 11 files changed, 678 insertions(+), 26 deletions(-)
 create mode 100644 src/grd-vnc-tls.c
 create mode 100644 src/grd-vnc-tls.h
 diff --git a/meson.build b/meson.build
-index 995863ce..40733a6e 100644
+index 5e9ad04..9bbd5fc 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -62,6 +62,7 @@ endif
+@@ -40,6 +40,7 @@ endif
 if have_vnc
   libvncclient_dep = dependency('libvncclient')
   libvncserver_dep = dependency('libvncserver')
   libvncclient_dep = dependency('libvncclient')
 +  gnutls_dep = dependency('gnutls')
 endif
- prefix = get_option('prefix')
+ cdata = configuration_data()
 diff --git a/src/grd-enums.h b/src/grd-enums.h
-index 028bdf9a..47a1d921 100644
+index ffab821..4333863 100644
 --- a/src/grd-enums.h
 +++ b/src/grd-enums.h
-@@ -33,6 +33,12 @@ typedef enum
+@@ -27,4 +27,10 @@ typedef enum
   GRD_VNC_AUTH_METHOD_PASSWORD
 } GrdVncAuthMethod;
@ -50,14 +50,12 @@ index 028bdf9a..47a1d921 100644
 +  GRD_VNC_ENCRYPTION_TLS_ANON = 1 << 1,
 +} GrdVncEncryption;
 +
- typedef enum
+ #endif /* GRD_ENUMS_H */
 {
   GRD_VNC_SCREEN_SHARE_MODE_MIRROR_PRIMARY,
 diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
-index 0ca76e89..e13ac013 100644
+index 0e520dc..0c189fd 100644
 --- a/src/grd-session-vnc.c
 +++ b/src/grd-session-vnc.c
-@@ -46,7 +46,9 @@ struct _GrdSessionVnc
+@@ -45,7 +45,9 @@ struct _GrdSessionVnc
 {
   GrdSession parent;
@ -67,7 +65,7 @@ index 0ca76e89..e13ac013 100644
   GSource *source;
   rfbScreenInfoPtr rfb_screen;
   rfbClientPtr rfb_client;
-@@ -608,6 +610,12 @@ check_rfb_password (rfbClientPtr  rfb_client,
+@@ -540,6 +542,12 @@ check_rfb_password (rfbClientPtr  rfb_client,
     }
 }
@ -80,7 +78,7 @@ index 0ca76e89..e13ac013 100644
 int
 grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
                                       int            width)
-@@ -615,6 +623,18 @@ grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
+@@ -547,6 +555,18 @@ grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
   return width * BGRX_BYTES_PER_PIXEL;
 }
@ -99,7 +97,7 @@ index 0ca76e89..e13ac013 100644
 static void
 init_vnc_session (GrdSessionVnc *session_vnc)
 {
-@@ -689,44 +709,85 @@ init_vnc_session (GrdSessionVnc *session_vnc)
+@@ -590,44 +610,85 @@ init_vnc_session (GrdSessionVnc *session_vnc)
   rfbProcessEvents (rfb_screen, 0);
 }
@ -210,7 +208,7 @@ index 0ca76e89..e13ac013 100644
     }
   return G_SOURCE_CONTINUE;
-@@ -739,7 +800,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
+@@ -640,7 +701,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
   socket = g_socket_connection_get_socket (session_vnc->connection);
   session_vnc->source = g_socket_create_source (socket,
@ -222,23 +220,18 @@ index 0ca76e89..e13ac013 100644
                                                 NULL);
   g_source_set_callback (session_vnc->source,
                          (GSourceFunc) handle_socket_data,
-@@ -780,6 +844,7 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
+@@ -666,8 +730,10 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
                               "context", context,
                               NULL);
 +  session_vnc->vnc_server = vnc_server;
   session_vnc->connection = g_object_ref (connection);
   settings = grd_context_get_settings (context);
@@ -792,6 +857,7 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
                     G_CALLBACK (on_view_only_changed),
                     session_vnc);
 +  grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func);
   grd_session_vnc_attach_source (session_vnc);
   init_vnc_session (session_vnc);
-@@ -806,6 +872,8 @@ grd_session_vnc_dispose (GObject *object)
+@@ -682,6 +748,8 @@ grd_session_vnc_dispose (GObject *object)
   g_assert (!session_vnc->rfb_screen);
@ -248,12 +241,12 @@ index 0ca76e89..e13ac013 100644
   G_OBJECT_CLASS (grd_session_vnc_parent_class)->dispose (object);
 diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
-index be79cf4a..ffc8d27a 100644
+index a532567..4e7b33d 100644
 --- a/src/grd-session-vnc.h
 +++ b/src/grd-session-vnc.h
-@@ -37,6 +37,9 @@ G_DECLARE_FINAL_TYPE (GrdSessionVnc,
+@@ -36,6 +36,9 @@ G_DECLARE_FINAL_TYPE (GrdSessionVnc,
                       GRD, SESSION_VNC,
-                       GrdSession)
+                       GrdSession);
 +typedef gboolean (* GrdVncSocketGrabFunc) (GrdSessionVnc  *session_vnc,
 +                                           GError        **error);
@ -261,7 +254,7 @@ index be79cf4a..ffc8d27a 100644
 GrdSessionVnc *grd_session_vnc_new (GrdVncServer      *vnc_server,
                                     GSocketConnection *connection);
-@@ -63,6 +66,20 @@ void grd_session_vnc_set_client_clipboard_text (GrdSessionVnc *session_vnc,
+@@ -62,6 +65,20 @@ void grd_session_vnc_set_client_clipboard_text (GrdSessionVnc *session_vnc,
 int grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
                                           int            width);
@ -282,80 +275,94 @@ index be79cf4a..ffc8d27a 100644
 +GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
 +
 #endif /* GRD_SESSION_VNC_H */
 diff --git a/src/grd-settings-user.c b/src/grd-settings-user.c
 index 20b81a94..34115078 100644
 --- a/src/grd-settings-user.c
 +++ b/src/grd-settings-user.c
@@ -79,6 +79,9 @@ grd_settings_user_constructed (GObject *object)
   g_settings_bind (settings->vnc_settings, "auth-method",
                    settings, "vnc-auth-method",
                    G_SETTINGS_BIND_DEFAULT);
 +  g_settings_bind (settings->vnc_settings, "encryption",
 +                   settings, "vnc-encryption",
 +                   G_SETTINGS_BIND_DEFAULT);
   switch (grd_settings_get_runtime_mode (GRD_SETTINGS (settings)))
     {
 diff --git a/src/grd-settings.c b/src/grd-settings.c
-index fba1d714..f3475010 100644
+index d2f31d2..12d8693 100644
 --- a/src/grd-settings.c
 +++ b/src/grd-settings.c
-@@ -58,6 +58,7 @@ enum
+@@ -60,6 +60,7 @@ struct _GrdSettings
   PROP_RDP_SERVER_CERT_PATH,
   PROP_RDP_SERVER_KEY_PATH,
   PROP_VNC_AUTH_METHOD,
 +  PROP_VNC_ENCRYPTION,
 };
 typedef struct _GrdSettingsPrivate
@@ -84,6 +85,7 @@ typedef struct _GrdSettingsPrivate
     gboolean view_only;
     GrdVncScreenShareMode screen_share_mode;
     GrdVncAuthMethod auth_method;
     int port;
 +    GrdVncEncryption encryption;
   } vnc;
- } GrdSettingsPrivate;
+ };
-@@ -425,6 +427,9 @@ grd_settings_get_property (GObject    *object,
+@@ -242,6 +243,12 @@ grd_settings_get_vnc_auth_method (GrdSettings *settings)
-       else
+     return settings->vnc.auth_method;
-         g_value_set_enum (value, priv->vnc.auth_method);
+ }
-       break;
+ 
-+    case PROP_VNC_ENCRYPTION:
+GrdVncEncryption
-+      g_value_set_flags (value, priv->vnc.encryption);
+grd_settings_get_vnc_encryption (GrdSettings *settings)
-+      break;
+{
-     default:
+  return settings->vnc.encryption;
-       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+}
-     }
+
-@@ -562,6 +567,9 @@ grd_settings_set_property (GObject      *object,
+ static void
-     case PROP_VNC_AUTH_METHOD:
+ update_rdp_tls_cert (GrdSettings *settings)
-       priv->vnc.auth_method = g_value_get_enum (value);
+ {
-       break;
+@@ -277,6 +284,13 @@ update_vnc_auth_method (GrdSettings *settings)
-+    case PROP_VNC_ENCRYPTION:
+                                                    "auth-method");
-+      priv->vnc.encryption = g_value_get_flags (value);
+ }
-+      break;
+ 
-     default:
+static void
-       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+update_vnc_encryption (GrdSettings *settings)
 +{
 +  settings->vnc.encryption = g_settings_get_flags (settings->vnc.settings,
 +                                                   "encryption");
 +}
 +
 static void
 on_rdp_settings_changed (GSettings   *rdp_settings,
                          const char  *key,
@@ -314,6 +328,11 @@ on_vnc_settings_changed (GSettings   *vnc_settings,
       update_vnc_auth_method (settings);
       g_signal_emit (settings, signals[VNC_AUTH_METHOD_CHANGED], 0);
     }
-@@ -743,4 +751,14 @@ grd_settings_class_init (GrdSettingsClass *klass)
+  else if (strcmp (key, "encryption") == 0)
-                                                       G_PARAM_READWRITE |
+    {
-                                                       G_PARAM_CONSTRUCT |
+      update_vnc_encryption (settings);
-                                                       G_PARAM_STATIC_STRINGS));
+      g_signal_emit (settings, signals[VNC_ENCRYPTION_CHANGED], 0);
-+  g_object_class_install_property (object_class,
+    }
 +                                   PROP_VNC_ENCRYPTION,
 +                                   g_param_spec_flags ("vnc-encryption",
 +                                                       "vnc encryption",
 +                                                       "vnc encryption",
 +                                                       GRD_TYPE_VNC_ENCRYPTION,
 +                                                       GRD_VNC_ENCRYPTION_TLS_ANON,
 +                                                       G_PARAM_READWRITE |
 +                                                       G_PARAM_CONSTRUCT |
 +                                                       G_PARAM_STATIC_STRINGS));
 }
 static void
@@ -345,6 +364,8 @@ grd_settings_init (GrdSettings *settings)
   settings->rdp.port = GRD_RDP_SERVER_PORT;
   settings->vnc.port = GRD_VNC_SERVER_PORT;
 +
 +  update_vnc_encryption (settings);
 }
 static void
@@ -389,4 +410,11 @@ grd_settings_class_init (GrdSettingsClass *klass)
                   0,
                   NULL, NULL, NULL,
                   G_TYPE_NONE, 0);
 +  signals[VNC_ENCRYPTION_CHANGED] =
 +    g_signal_new ("vnc-encryption-changed",
 +                  G_TYPE_FROM_CLASS (klass),
 +                  G_SIGNAL_RUN_LAST,
 +                  0,
 +                  NULL, NULL, NULL,
 +                  G_TYPE_NONE, 0);
 }
 diff --git a/src/grd-settings.h b/src/grd-settings.h
 index e12e47e..b940fdb 100644
 --- a/src/grd-settings.h
 +++ b/src/grd-settings.h
@@ -64,4 +64,6 @@ gboolean grd_settings_get_vnc_view_only (GrdSettings *settings);
 GrdVncAuthMethod grd_settings_get_vnc_auth_method (GrdSettings *settings);
 +GrdVncEncryption grd_settings_get_vnc_encryption (GrdSettings *settings);
 +
 #endif /* GRD_SETTINGS_H */
 diff --git a/src/grd-vnc-server.c b/src/grd-vnc-server.c
-index 877272d2..59a13db5 100644
+index a6d95cb..f9c68db 100644
 --- a/src/grd-vnc-server.c
 +++ b/src/grd-vnc-server.c
-@@ -24,6 +24,7 @@
+@@ -24,11 +24,13 @@
 #include "grd-vnc-server.h"
@ -363,15 +370,13 @@ index 877272d2..59a13db5 100644
 #include <gio/gio.h>
 #include <rfb/rfb.h>
-@@ -31,6 +32,7 @@
+ #include "grd-context.h"
 #include "grd-debug.h"
 #include "grd-session-vnc.h"
 #include "grd-utils.h"
 +#include "grd-vnc-tls.h"
 enum
- {
+@@ -130,6 +132,43 @@ on_incoming (GSocketService    *service,
@@ -130,6 +132,45 @@ on_incoming (GSocketService    *service,
   return TRUE;
 }
@ -383,9 +388,7 @@ index 877272d2..59a13db5 100644
 +  GrdVncEncryption encryption;
 +
 +  tls_security_handler = grd_vnc_tls_get_security_handler ();
-+  g_object_get (G_OBJECT (settings),
+  encryption = grd_settings_get_vnc_encryption (settings);
 +                "vnc-encryption", &encryption,
 +                NULL);
 +
 +  if (encryption == (GRD_VNC_ENCRYPTION_NONE | GRD_VNC_ENCRYPTION_TLS_ANON))
 +    {
@ -417,19 +420,18 @@ index 877272d2..59a13db5 100644
 gboolean
 grd_vnc_server_start (GrdVncServer  *vnc_server,
                       GError       **error)
-@@ -241,11 +282,19 @@ grd_vnc_server_dispose (GObject *object)
+@@ -220,12 +259,18 @@ static void
 static void
 grd_vnc_server_constructed (GObject *object)
 {
-+  GrdVncServer *vnc_server = GRD_VNC_SERVER (object);
+   GrdVncServer *vnc_server = GRD_VNC_SERVER (object);
 +  GrdSettings *settings = grd_context_get_settings (vnc_server->context);
-+
+ 
-   if (grd_get_debug_flags () & GRD_DEBUG_VNC)
+   if (grd_context_get_debug_flags (vnc_server->context) & GRD_DEBUG_VNC)
     rfbLogEnable (1);
   else
     rfbLogEnable (0);
-+  g_signal_connect (settings, "notify::vnc-encryption",
+  g_signal_connect (settings, "vnc-encryption-changed",
 +                    G_CALLBACK (on_vnc_encryption_changed),
 +                    vnc_server);
 +  sync_encryption_settings (vnc_server);
@ -439,7 +441,7 @@ index 877272d2..59a13db5 100644
 diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
 new file mode 100644
-index 00000000..ec4758e0
+index 0000000..ec4758e
 --- /dev/null
 +++ b/src/grd-vnc-tls.c
@@ -0,0 +1,444 @@
@ -889,7 +891,7 @@ index 00000000..ec4758e0
 +}
 diff --git a/src/grd-vnc-tls.h b/src/grd-vnc-tls.h
 new file mode 100644
-index 00000000..135ef8c7
+index 0000000..135ef8c
 --- /dev/null
 +++ b/src/grd-vnc-tls.h
@@ -0,0 +1,28 @@
@ -922,10 +924,10 @@ index 00000000..135ef8c7
 +
 +#endif /* GRD_VNC_TLS_H */
 diff --git a/src/meson.build b/src/meson.build
-index 914e2cc1..4e820c59 100644
+index 843746d..133cc60 100644
 --- a/src/meson.build
 +++ b/src/meson.build
-@@ -188,10 +188,13 @@ if have_vnc
+@@ -72,10 +72,13 @@ if have_vnc
     'grd-vnc-pipewire-stream.h',
     'grd-vnc-server.c',
     'grd-vnc-server.h',
@ -940,11 +942,11 @@ index 914e2cc1..4e820c59 100644
 endif
 diff --git a/src/org.gnome.desktop.remote-desktop.gschema.xml.in b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
-index c3d583c1..8a736c82 100644
+index 4b6e593..0086d99 100644
 --- a/src/org.gnome.desktop.remote-desktop.gschema.xml.in
 +++ b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
-@@ -148,5 +148,15 @@
+@@ -49,5 +49,15 @@
-                     configuration updates.
+ 	 * password - by requiring the remote client to provide a known password
       </description>
     </key>
 +    <key name='encryption' flags='org.gnome.desktop.remote-desktop.GrdVncEncryption'>
@ -960,10 +962,10 @@ index c3d583c1..8a736c82 100644
   </schema>
 </schemalist>
 -- 
-2.44.0
+2.29.2
-From 6e5f6deab459acdd1e7785ab6975932f2815548f Mon Sep 17 00:00:00 2001
+From 552e9c9add722e953a8da22bd54ba0fef7a9d6af Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Wed, 27 Nov 2019 11:02:09 +0100
 Subject: [PATCH 2/7] session-vnc: Add paused/resumed signals
@ -976,10 +978,10 @@ out-of-socket source.
 1 file changed, 65 insertions(+), 7 deletions(-)
 diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
-index e13ac013..30820d7d 100644
+index 0c189fd..596896d 100644
 --- a/src/grd-session-vnc.c
 +++ b/src/grd-session-vnc.c
-@@ -42,14 +42,27 @@
+@@ -41,14 +41,27 @@
 #define BGRX_SAMPLES_PER_PIXEL 3
 #define BGRX_BYTES_PER_PIXEL 4
@ -1007,8 +1009,8 @@ index e13ac013..30820d7d 100644
   rfbScreenInfoPtr rfb_screen;
   rfbClientPtr rfb_client;
-@@ -81,7 +94,7 @@ struct _GrdSessionVnc
+@@ -76,7 +89,7 @@ struct _GrdSessionVnc
- G_DEFINE_TYPE (GrdSessionVnc, grd_session_vnc, GRD_TYPE_SESSION)
+ G_DEFINE_TYPE (GrdSessionVnc, grd_session_vnc, GRD_TYPE_SESSION);
 static void
 -grd_session_vnc_detach_source (GrdSessionVnc *session_vnc);
@ -1016,7 +1018,7 @@ index e13ac013..30820d7d 100644
 static gboolean
 close_session_idle (gpointer user_data);
-@@ -248,7 +261,8 @@ handle_client_gone (rfbClientPtr rfb_client)
+@@ -235,7 +248,8 @@ handle_client_gone (rfbClientPtr rfb_client)
   g_debug ("VNC client gone");
@ -1026,16 +1028,16 @@ index e13ac013..30820d7d 100644
   maybe_queue_close_session_idle (session_vnc);
   session_vnc->rfb_client = NULL;
 }
-@@ -338,7 +352,7 @@ handle_new_client (rfbClientPtr rfb_client)
+@@ -304,7 +318,7 @@ handle_new_client (rfbClientPtr rfb_client)
-     {
+                               session_vnc->prompt_cancellable,
-     case GRD_VNC_AUTH_METHOD_PROMPT:
+                               prompt_response_callback,
-       show_sharing_desktop_prompt (session_vnc, rfb_client->host);
+                               session_vnc);
 -      grd_session_vnc_detach_source (session_vnc);
 +      grd_session_vnc_pause (session_vnc);
       return RFB_CLIENT_ON_HOLD;
     case GRD_VNC_AUTH_METHOD_PASSWORD:
       session_vnc->rfb_screen->passwordCheck = check_rfb_password;
-@@ -601,7 +615,7 @@ check_rfb_password (rfbClientPtr  rfb_client,
+@@ -533,7 +547,7 @@ check_rfb_password (rfbClientPtr  rfb_client,
   if (memcmp (challenge_encrypted, response_encrypted, len) == 0)
     {
       grd_session_start (GRD_SESSION (session_vnc));
@ -1044,8 +1046,8 @@ index e13ac013..30820d7d 100644
       return TRUE;
     }
   else
-@@ -821,6 +835,36 @@ grd_session_vnc_detach_source (GrdSessionVnc *session_vnc)
+@@ -718,6 +732,36 @@ grd_session_vnc_detach_source (GrdSessionVnc *session_vnc)
-   g_clear_pointer (&session_vnc->source, g_source_unref);
+   g_clear_pointer (&session_vnc->source, g_source_destroy);
 }
 +gboolean
@ -1078,10 +1080,10 @@ index e13ac013..30820d7d 100644
 +  g_signal_emit (session_vnc, signals[RESUMED], 0);
 +}
 +
- static void
+ GrdSessionVnc *
- on_view_only_changed (GrdSettings   *settings,
+ grd_session_vnc_new (GrdVncServer      *vnc_server,
-                       GParamSpec    *pspec,
+                      GSocketConnection *connection)
-@@ -859,6 +903,7 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
+@@ -735,6 +779,7 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
   grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func);
   grd_session_vnc_attach_source (session_vnc);
@ -1089,16 +1091,16 @@ index e13ac013..30820d7d 100644
   init_vnc_session (session_vnc);
-@@ -893,7 +938,7 @@ grd_session_vnc_stop (GrdSession *session)
+@@ -764,7 +809,7 @@ grd_session_vnc_stop (GrdSession *session)
-       g_clear_object (&session_vnc->stream);
+ 
-     }
+   g_clear_object (&session_vnc->pipewire_stream);
 -  grd_session_vnc_detach_source (session_vnc);
 +  grd_session_vnc_pause (session_vnc);
   g_clear_object (&session_vnc->connection);
   g_clear_object (&session_vnc->clipboard_vnc);
-@@ -984,8 +1029,8 @@ on_stream_ready (GrdStream     *stream,
+@@ -817,8 +862,8 @@ grd_session_vnc_stream_ready (GrdSession *session,
                     G_CALLBACK (on_pipewire_stream_closed),
                     session_vnc);
@ -1109,10 +1111,10 @@ index e13ac013..30820d7d 100644
 }
 static void
-@@ -1020,4 +1065,17 @@ grd_session_vnc_class_init (GrdSessionVncClass *klass)
+@@ -837,4 +882,17 @@ grd_session_vnc_class_init (GrdSessionVncClass *klass)
-   session_class->remote_desktop_session_started =
+ 
-     grd_session_vnc_remote_desktop_session_started;
+   session_class->stop = grd_session_vnc_stop;
-   session_class->on_stream_created = grd_session_vnc_on_stream_created;
+   session_class->stream_ready = grd_session_vnc_stream_ready;
 +
 +  signals[PAUSED] = g_signal_new ("paused",
 +                                  G_TYPE_FROM_CLASS (klass),
@ -1128,10 +1130,10 @@ index e13ac013..30820d7d 100644
 +                                   G_TYPE_NONE, 0);
 }
 -- 
-2.44.0
+2.29.2
-From 00f4fdfc676361f5f71e6f6b346c11cb7088b836 Mon Sep 17 00:00:00 2001
+From 3b33524046d299111cc150cc8d6d100f1e516485 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Wed, 27 Nov 2019 11:03:46 +0100
 Subject: [PATCH 3/7] session-vnc: Add grd_session_vnc_dispatch() helper
@ -1144,10 +1146,10 @@ available that is not visible to the socket source.
 2 files changed, 18 insertions(+), 10 deletions(-)
 diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
-index 30820d7d..3ee06f79 100644
+index 596896d..06b2cf7 100644
 --- a/src/grd-session-vnc.c
 +++ b/src/grd-session-vnc.c
-@@ -771,6 +771,21 @@ vnc_socket_grab_func (GrdSessionVnc  *session_vnc,
+@@ -672,6 +672,21 @@ vnc_socket_grab_func (GrdSessionVnc  *session_vnc,
   return TRUE;
 }
@ -1169,7 +1171,7 @@ index 30820d7d..3ee06f79 100644
 static gboolean
 handle_socket_data (GSocket *socket,
                     GIOCondition condition,
-@@ -787,16 +802,7 @@ handle_socket_data (GSocket *socket,
+@@ -688,16 +703,7 @@ handle_socket_data (GSocket *socket,
     }
   else if (condition & G_IO_IN)
     {
@ -1188,10 +1190,10 @@ index 30820d7d..3ee06f79 100644
   else
     {
 diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
-index ffc8d27a..a86d61d2 100644
+index 4e7b33d..cf275af 100644
 --- a/src/grd-session-vnc.h
 +++ b/src/grd-session-vnc.h
-@@ -80,6 +80,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc        *session_vnc,
+@@ -79,6 +79,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc        *session_vnc,
 void grd_session_vnc_ungrab_socket (GrdSessionVnc        *session_vnc,
                                     GrdVncSocketGrabFunc  grab_func);
@ -1201,10 +1203,10 @@ index ffc8d27a..a86d61d2 100644
 #endif /* GRD_SESSION_VNC_H */
 -- 
-2.44.0
+2.29.2
-From 69efe6df5e9e8548c0241a612980af31f1dc5c5a Mon Sep 17 00:00:00 2001
+From 3945af78cea858033d954bb1b071269687bdea85 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Wed, 27 Nov 2019 11:05:13 +0100
 Subject: [PATCH 4/7] vnc/tls: Add some logging
@ -1216,7 +1218,7 @@ protocol rather than the session itself.
 1 file changed, 9 insertions(+)
 diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
-index ec4758e0..ac6c35f6 100644
+index ec4758e..ac6c35f 100644
 --- a/src/grd-vnc-tls.c
 +++ b/src/grd-vnc-tls.c
@@ -67,6 +67,7 @@ grd_vnc_tls_context_new (void)
@ -1278,10 +1280,10 @@ index ec4758e0..ac6c35f6 100644
     {
       g_warning ("TLS handshake failed: %s", error->message);
 -- 
-2.44.0
+2.29.2
-From 2a11c4f47165b62409f4428b9de1bda59c6ebb2f Mon Sep 17 00:00:00 2001
+From f5330797678f4c4db4a3fa19cebd30dd4d6bbb8c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Wed, 27 Nov 2019 11:07:40 +0100
 Subject: [PATCH 5/7] vnc/tls: Dispatch also when data is pending outside of
@ -1298,10 +1300,10 @@ long as there is data to read in those buffers.
 2 files changed, 86 insertions(+), 6 deletions(-)
 diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
-index a86d61d2..5db388b0 100644
+index cf275af..efc0038 100644
 --- a/src/grd-session-vnc.h
 +++ b/src/grd-session-vnc.h
-@@ -80,6 +80,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc        *session_vnc,
+@@ -79,6 +79,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc        *session_vnc,
 void grd_session_vnc_ungrab_socket (GrdSessionVnc        *session_vnc,
                                     GrdVncSocketGrabFunc  grab_func);
@ -1311,7 +1313,7 @@ index a86d61d2..5db388b0 100644
 GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
 diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
-index ac6c35f6..312b6b92 100644
+index ac6c35f..312b6b9 100644
 --- a/src/grd-vnc-tls.c
 +++ b/src/grd-vnc-tls.c
@@ -41,6 +41,12 @@ typedef enum _GrdTlsHandshakeState
@ -1448,10 +1450,10 @@ index ac6c35f6..312b6b92 100644
     }
 -- 
-2.44.0
+2.29.2
-From 1ed580b541ab5c3b815d8e29cf3aa71f1de0b649 Mon Sep 17 00:00:00 2001
+From fae9653965ddcc3d5684a056d9bdf46ef439d649 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Wed, 27 Nov 2019 16:48:00 +0100
 Subject: [PATCH 6/7] session-vnc: Set our own password handling function up
@ -1470,10 +1472,10 @@ password prompt.
 1 file changed, 2 insertions(+), 6 deletions(-)
 diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
-index 3ee06f79..6e118d88 100644
+index 06b2cf7..7a4c6b3 100644
 --- a/src/grd-session-vnc.c
 +++ b/src/grd-session-vnc.c
-@@ -99,11 +99,6 @@ grd_session_vnc_pause (GrdSessionVnc *session_vnc);
+@@ -94,11 +94,6 @@ grd_session_vnc_pause (GrdSessionVnc *session_vnc);
 static gboolean
 close_session_idle (gpointer user_data);
@ -1485,7 +1487,7 @@ index 3ee06f79..6e118d88 100644
 static void
 swap_uint8 (uint8_t *a,
             uint8_t *b)
-@@ -355,7 +350,6 @@ handle_new_client (rfbClientPtr rfb_client)
+@@ -321,7 +316,6 @@ handle_new_client (rfbClientPtr rfb_client)
       grd_session_vnc_pause (session_vnc);
       return RFB_CLIENT_ON_HOLD;
     case GRD_VNC_AUTH_METHOD_PASSWORD:
@ -1493,9 +1495,9 @@ index 3ee06f79..6e118d88 100644
       /*
        * authPasswdData needs to be non NULL in libvncserver to trigger
        * password authentication.
-@@ -719,6 +713,8 @@ init_vnc_session (GrdSessionVnc *session_vnc)
+@@ -620,6 +614,8 @@ init_vnc_session (GrdSessionVnc *session_vnc)
-       session_vnc->monitor_config->connectors = connectors;
+   rfb_screen->frameBuffer = g_malloc0 (screen_width * screen_height * 4);
-     }
+   memset (rfb_screen->frameBuffer, 0x1f, screen_width * screen_height * 4);
 +  rfb_screen->passwordCheck = check_rfb_password;
 +
@ -1503,10 +1505,10 @@ index 3ee06f79..6e118d88 100644
   rfbProcessEvents (rfb_screen, 0);
 }
 -- 
-2.44.0
+2.29.2
-From 9b7b729d9f945fcb2942c74d8ab7a9b62d6cf4bd Mon Sep 17 00:00:00 2001
+From 1ae1286b2cc868045f93c02b7a990638ca94b26d Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Mon, 12 Oct 2020 17:34:30 +0200
 Subject: [PATCH 7/7] vnc: Copy pixels using the right destination stride
@ -1524,10 +1526,10 @@ dropped.
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
-index 5db388b0..c4f4e8d4 100644
+index efc0038..f3a6314 100644
 --- a/src/grd-session-vnc.h
 +++ b/src/grd-session-vnc.h
-@@ -68,7 +68,8 @@ int grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
+@@ -67,7 +67,8 @@ int grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
 int grd_session_vnc_get_fd (GrdSessionVnc *session_vnc);
@ -1538,5 +1540,5 @@ index 5db388b0..c4f4e8d4 100644
 gboolean grd_session_vnc_is_client_gone (GrdSessionVnc *session_vnc);
 -- 
-2.44.0
+2.29.2
--- a/SOURCES/libvncserver-LibVNCServer-0.9.13-static-library-link.patch
+++ b/SOURCES/libvncserver-LibVNCServer-0.9.13-static-library-link.patch
@ -0,0 +1,47 @@
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index 0b6228a..20fec85 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -495,7 +495,7 @@ if(WIN32)
   endif(WITH_TIGHTVNC_FILETRANSFER)
 endif(WIN32)
 -target_link_libraries(vncclient
 +target_link_libraries(vncclient PUBLIC
                       ${ADDITIONAL_LIBS}
                       ${ZLIB_LIBRARIES}
                       ${LZO_LIBRARIES}
@@ -504,7 +504,7 @@ target_link_libraries(vncclient
                       ${GNUTLS_LIBRARIES}
                       ${OPENSSL_LIBRARIES}
 )
 -target_link_libraries(vncserver
 +target_link_libraries(vncserver PUBLIC
                       ${ADDITIONAL_LIBS}
                       ${ZLIB_LIBRARIES}
                       ${LZO_LIBRARIES}
 diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein
 index ceeda39..f131dca 100644
 --- a/libvncclient.pc.cmakein
 +++ b/libvncclient.pc.cmakein
@@ -8,7 +8,6 @@ Description: A library for easy implementation of a VNC client.
 Version: @LibVNCServer_VERSION@
 Requires:
 Requires.private:
 -Libs: -L${libdir} -lvncclient
 -Libs.private: @PRIVATE_LIBS@
 +Libs: -L${libdir} -lvncclient @PRIVATE_LIBS@
 Cflags: -I${includedir}
 diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein
 index 33ec668..5ae98c9 100644
 --- a/libvncserver.pc.cmakein
 +++ b/libvncserver.pc.cmakein
@@ -8,6 +8,5 @@ Description: A library for easy implementation of a VNC server.
 Version: @LibVNCServer_VERSION@
 Requires:
 Requires.private:
 -Libs: -L${libdir} -lvncserver
 -Libs.private: @PRIVATE_LIBS@
 +Libs: -L${libdir} -lvncserver @PRIVATE_LIBS@
 Cflags: -I${includedir}
--- a/SOURCES/libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch
+++ b/SOURCES/libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch
@ -0,0 +1,15 @@
 diff -up libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c.crypto_policy libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c
 --- libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c.crypto_policy	2020-06-13 13:49:53.000000000 -0500
 +++ libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c	2020-07-02 08:00:54.304902893 -0500
@@ -29,8 +29,8 @@
 #include "tls.h"
 -static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
 -static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH";
 +static const char *rfbTLSPriority = "@SYSTEM";
 +static const char *rfbAnonTLSPriority= "@SYSTEM:+ANON-DH";
 #define DH_BITS 1024
 static gnutls_dh_params_t rfbDHParams;
 diff -up libvncserver-LibVNCServer-0.9.13/libvncserver/rfbssl_gnutls.c.crypto_policy libvncserver-LibVNCServer-0.9.13/libvncserver/rfbssl_gnutls.c
--- a/SPECS/gnome-remote-desktop.spec
+++ b/SPECS/gnome-remote-desktop.spec
@ -1,68 +1,93 @@
-%global systemd_unit_handover gnome-remote-desktop-handover.service
+%global systemd_unit gnome-remote-desktop.service
 %global systemd_unit_headless gnome-remote-desktop-headless.service
 %global systemd_unit_system gnome-remote-desktop.service
 %global systemd_unit_user gnome-remote-desktop.service
 %global tarball_version %%(echo %{version} | tr '~' '.')
-%bcond rdp %[0%{?fedora} || 0%{?rhel} >= 10]
+%if 0%{?rhel} >= 9
-%bcond vnc %[0%{?fedora} || 0%{?rhel} < 10]
+%global bundle_libvncserver 1
 %global enable_rdp 0
 %else
 %global bundle_libvncserver 0
 %global enable_rdp 1
 %endif
-%global libei_version 1.0.901
+%global libvncserver_name LibVNCServer
-%global pipewire_version 0.3.49
+%global libvncserver_version 0.9.13
 Name:           gnome-remote-desktop
-Version:        47.alpha
+Version:        40.0
-Release:        1%{?dist}
+Release:        10%{?dist}
 Summary:        GNOME Remote Desktop screen share service
-License:        GPL-2.0-or-later
+License:        GPLv2+
-URL:            https://gitlab.gnome.org/GNOME/gnome-remote-desktop
+URL:            https://gitlab.gnome.org/jadahl/gnome-remote-desktop
-Source0:        https://download.gnome.org/sources/%{name}/47/%{name}-%{tarball_version}.tar.xz
+Source0:        https://download.gnome.org/sources/gnome-remote-desktop/40/%{name}-%{tarball_version}.tar.xz
 Source1:        https://github.com/LibVNC/libvncserver/archive/refs/tags/%{libvncserver_name}-%{libvncserver_version}.tar.gz
 ### gnome-remote-desktop patches
 # Adds encryption support (requires patched LibVNCServer)
 Patch0:         gnutls-anontls.patch
-BuildRequires:  asciidoc
+# Backport upstream leak fix (rhbz#1951129)
 Patch1:         0001-pipewire-stream-Don-t-leak-GSource-s.patch
 ### LibVNCServer patches
 ## TLS security type enablement patches
 # https://github.com/LibVNC/libvncserver/pull/234
 Patch1000: 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
 Patch1001: 0002-libvncserver-Add-channel-security-handlers.patch
 # https://github.com/LibVNC/libvncserver/commit/87c52ee0551b7c4e76855d270d475b9e3039fe08
 Patch1002: 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
 # Fix crash on all runs after the first
 # https://github.com/LibVNC/libvncserver/pull/444
 # https://bugzilla.redhat.com/show_bug.cgi?id=1882718
 Patch1003: 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
 # Fix another crasher
 # https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/45
 # https://bugzilla.redhat.com/show_bug.cgi?id=1882718
 Patch1004: 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
 ## downstream patches
 Patch2000: libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch
 Patch2001: libvncserver-LibVNCServer-0.9.13-static-library-link.patch
 ## Don't compile SHA1 support
 Patch2100: 0001-crypto-Don-t-compile-SHA1-support-when-Websockets-ar.patch
 BuildRequires:  git
 BuildRequires:  gcc
-BuildRequires:  meson >= 0.47.0
+BuildRequires:  meson >= 0.36.0
-BuildRequires:  systemd-rpm-macros
+BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(cairo)
-BuildRequires:  pkgconfig(epoxy)
+BuildRequires:  pkgconfig(glib-2.0) >= 2.32
-BuildRequires:  pkgconfig(dbus-1)
+BuildRequires:  pkgconfig(gio-unix-2.0) >= 2.32
-BuildRequires:  pkgconfig(ffnvcodec)
+BuildRequires:  pkgconfig(libpipewire-0.3) >= 0.3.0
-%if %{with rdp}
+%if 0%{?enable_rdp}
-BuildRequires:  pkgconfig(fdk-aac)
+BuildRequires:  pkgconfig(freerdp2)
-BuildRequires:  pkgconfig(freerdp3)
+BuildRequires:  pkgconfig(winpr2)
 BuildRequires:  pkgconfig(fuse3)
 BuildRequires:  pkgconfig(opus)
 BuildRequires:  pkgconfig(polkit-gobject-1)
 BuildRequires:  pkgconfig(winpr3)
 %endif
-BuildRequires:  pkgconfig(gbm)
+BuildRequires:  pkgconfig(xkbcommon)
 BuildRequires:  pkgconfig(glib-2.0) >= 2.68
 BuildRequires:  pkgconfig(gio-unix-2.0)
 BuildRequires:  pkgconfig(gnutls)
 BuildRequires:  pkgconfig(gudev-1.0)
 BuildRequires:  pkgconfig(libdrm)
 BuildRequires:  pkgconfig(libei-1.0) >= %{libei_version}
 BuildRequires:  pkgconfig(libnotify)
 BuildRequires:  pkgconfig(libpipewire-0.3)
 BuildRequires:  pkgconfig(libsecret-1)
-%if %{with vnc}
+BuildRequires:  pkgconfig(libnotify)
 BuildRequires:  pkgconfig(gnutls)
 %if 0%{?bundle_libvncserver}
 BuildRequires:  cmake
 BuildRequires:  lzo-devel
 BuildRequires:  lzo-minilzo
 %else
 BuildRequires:  pkgconfig(libvncserver) >= 0.9.11-7
 %endif
 BuildRequires:  pkgconfig(systemd)
 BuildRequires:  pkgconfig(xkbcommon)
 BuildRequires:  pkgconfig(tss2-esys)
 BuildRequires:  pkgconfig(tss2-mu)
 BuildRequires:  pkgconfig(tss2-rc)
 BuildRequires:  pkgconfig(tss2-tctildr)
-Requires:       libei%{?_isa} >= %{libei_version}
+%{?systemd_requires}
-Requires:       pipewire%{?_isa} >= %{pipewire_version}
+BuildRequires:  systemd
 Requires:       pipewire >= 0.3.0
 Obsoletes:      vino < 3.22.0-21
 %if 0%{?bundle_libvncserver}
 Provides:       bundled(libvncserver) = %{libvncserver_version}
 %endif
 %description
 GNOME Remote Desktop is a remote desktop and screen sharing service for the
@ -70,232 +95,143 @@ GNOME desktop environment.
 %prep
-%autosetup -p1 -n %{name}-%{tarball_version}
+
 ## Setup libvncserver
 %if 0%{?bundle_libvncserver}
 %setup -b 1 -n libvncserver-%{libvncserver_name}-%{libvncserver_version}
 %patch1000 -p1 -b .tls-1
 %patch1001 -p1 -b .tls-2
 %patch1002 -p1 -b .handlers
 %patch1003 -p1 -b .pointers
 %patch1004 -p1 -b .cursor_null
 %patch2000 -p1 -b .crypto_policy
 %patch2001 -p1 -b .static
 %patch2100 -p1 -b .no-sha1
 # Nuke bundled minilzo
 rm -fv common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
 # Fix encoding
 for file in ChangeLog ; do
    mv ${file} ${file}.OLD && \
    iconv -f ISO_8859-1 -t UTF8 ${file}.OLD > ${file} && \
    touch --reference ${file}.OLD $file
 done
 %endif
 ## Setup gnome-remote-desktop
 %setup -n %{name}-%{tarball_version}
 %patch0 -p1
 %patch1 -p1
 %build
-%meson \
+
-%if %{with rdp}
+## Build libvncserver
-    -Drdp=true \
+
-%else
+%if 0%{?bundle_libvncserver}
-    -Drdp=false \
+pushd ../libvncserver-%{libvncserver_name}-%{libvncserver_version}
 mkdir -p %{_builddir}/libvncserver/
 %global libvncserver_install_dir %{buildroot}%{_builddir}/libvncserver
 %cmake \
  -DCMAKE_INSTALL_PREFIX=%{libvncserver_install_dir} \
  -DINCLUDE_INSTALL_DIR=%{libvncserver_install_dir}/include \
  -DLIB_INSTALL_DIR:PATH=%{libvncserver_install_dir}/%{_lib} \
  -DSYSCONF_INSTALL_DIR=%{libvncserver_install_dir}/etc \
  -DWITH_FFMPEG=OFF -DWITH_GTK=OFF -DWITH_OPENSSL=OFF -DWITH_GNUTLS=ON \
  -DWITH_SDL=OFF -DWITH_X11=OFF -DWITH_WEBSOCKETS=OFF \
  -DLIBVNCSERVER_WITH_WEBSOCKETS=OFF -DBUILD_SHARED_LIBS=OFF
 %cmake_build
 %__cmake --install "%{__cmake_builddir}"
 popd
 %endif
-%if %{with vnc}
+
-    -Dvnc=true \
+## Build gnome-remote-desktop
 %if 0%{?bundle_libvncserver}
 %global pkg_config_path_override --pkg-config-path %{buildroot}/%{_builddir}/libvncserver/%{_lib}/pkgconfig
 %endif
 %if 0%{?enable_rdp}
 %global rdp_configuration -Drdp=true
 %else
-    -Dvnc=false \
+%global rdp_configuration -Drdp=false
 %endif
-    -Dsystemd=true \
+
-    -Dtests=false
+%meson %{?pkg_config_path_override} %{rdp_configuration}
 %meson_build
 %install
 %meson_install
-%find_lang %{name}
+%if 0%{?bundle_libvncserver}
 pushd ../libvncserver-%{libvncserver_name}-%{libvncserver_version}
 cp COPYING %{_builddir}/%{name}-%{tarball_version}/COPYING.libvncserver
 popd
 %endif
 %post
-%systemd_post %{systemd_unit_system}
+%systemd_user_post %{systemd_unit}
 %systemd_user_post %{systemd_unit_handover}
 %systemd_user_post %{systemd_unit_headless}
 %systemd_user_post %{systemd_unit_user}
 %preun
-%systemd_preun %{systemd_unit_system}
+%systemd_user_preun %{systemd_unit}
 %systemd_user_preun %{systemd_unit_handover}
 %systemd_user_preun %{systemd_unit_headless}
 %systemd_user_preun %{systemd_unit_user}
 %postun
-%systemd_postun_with_restart %{systemd_unit_system}
+%systemd_user_postun_with_restart %{systemd_unit}
 %systemd_user_postun_with_restart %{systemd_unit_handover}
 %systemd_user_postun_with_restart %{systemd_unit_headless}
 %systemd_user_postun_with_restart %{systemd_unit_user}
-%files -f %{name}.lang
+%files
 %license COPYING
-%doc README.md
+%if 0%{?bundle_libvncserver}
-%{_bindir}/grdctl
+%license COPYING.libvncserver
 %endif
 %doc README
 %{_libexecdir}/gnome-remote-desktop-daemon
-%{_libexecdir}/gnome-remote-desktop-enable-service
+%{_userunitdir}/gnome-remote-desktop.service
 %{_userunitdir}/%{systemd_unit_user}
 %{_userunitdir}/%{systemd_unit_headless}
 %{_userunitdir}/%{systemd_unit_handover}
 %{_unitdir}/%{systemd_unit_system}
 %{_datadir}/applications/org.gnome.RemoteDesktop.Handover.desktop
 %{_datadir}/dbus-1/system-services/org.gnome.RemoteDesktop.service
 %{_datadir}/dbus-1/system.d/org.gnome.RemoteDesktop.conf
 %{_datadir}/glib-2.0/schemas/org.gnome.desktop.remote-desktop.gschema.xml
 %{_datadir}/glib-2.0/schemas/org.gnome.desktop.remote-desktop.enums.xml
 %{_datadir}/polkit-1/actions/org.gnome.remotedesktop.configure-system-daemon.policy
 %{_datadir}/polkit-1/actions/org.gnome.remotedesktop.enable-system-daemon.policy
 %{_datadir}/polkit-1/rules.d/20-gnome-remote-desktop.rules
 %{_sysusersdir}/gnome-remote-desktop-sysusers.conf
 %{_tmpfilesdir}/gnome-remote-desktop-tmpfiles.conf
 %if %{with rdp}
 %{_datadir}/gnome-remote-desktop/
 %endif
 %{_mandir}/man1/grdctl.1*
 %changelog
-* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 47.alpha-1
+* Wed Jul 19 2023 Jonas Ådahl <jadahl@redhat.com> - 40.0-10
- Rebuilt for MSVSphere 10
+- Don't compile in SHA1 support again
-
+  Resolves: #2223925
 * Mon Jul 22 2024 Jonas Ådahl <jadahl@redhat.com> - 47~alpha-1
 - Update to 47.alpha
  Resolves: RHEL-50079
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 46.2-2
 - Bump release for June 2024 mass rebuild
 * Thu May 23 2024 Nieves Montero <nmontero@redhat.com> - 46.2-1
 - Update to 46.2
 * Thu Apr 18 2024 David King <amigadave@amigadave.com> - 46.1-1
 - Update to 46.1
 * Thu Mar 28 2024 Adam Williamson <awilliam@redhat.com> - 46.0-2
 - Correct systemd macros
 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 45.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 45.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Fri Nov 24 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 45.1-2
 - Disable VNC in RHEL 10+
 * Sun Oct 22 2023 Kalev Lember <klember@redhat.com> - 45.1-1
 - Update to 45.1
 * Sat Oct 21 2023 Kalev Lember <klember@redhat.com> - 45.0-1
 - Update to 45.0
 * Tue Sep 05 2023 Kalev Lember <klember@redhat.com> - 45.rc-1
 - Update to 45.rc
 * Fri Aug 11 2023 Kalev Lember <klember@redhat.com> - 45.beta-1
 - Update to 45.beta
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 45.alpha-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Wed Jul 05 2023 Jonas Ådahl <jadahl@redhat.com> - 45~alpha-1
 - Update to 45.alpha
 * Wed May 31 2023 Kalev Lember <klember@redhat.com> - 44.2-1
 - Update to 44.2
 * Mon Apr 24 2023 David King <amigadave@amigadave.com> - 44.1-1
 - Update to 44.1
 * Sun Mar 19 2023 David King <amigadave@amigadave.com> - 44.0-1
 - Update to 44.0
 * Thu Mar 16 2023 Jonas Ådahl <jadahl@redhat.com> - 44~rc-2
 - Enable RDP in ELN
 * Sun Mar 05 2023 David King <amigadave@amigadave.com> - 44~rc-1
 - Update to 44.rc
 * Mon Feb 06 2023 David King <amigadave@amigadave.com> - 44~alpha-1
 - Update to 44.alpha
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 43.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Thu Dec 08 2022 David King <amigadave@amigadave.com> - 43.2-1
 - Update to 43.2
 * Tue Nov 08 2022 Stephen Gallagher <sgallagh@redhat.com> - 43.1-2
 - Fix build on RHEL 9+/ELN
 * Thu Oct 27 2022 David King <amigadave@amigadave.com> - 43.1-1
 - Update to 43.1
 * Tue Sep 20 2022 Jonas Ådahl <jadahl@redhat.com> - 43.0
 - Update to 43.0
 * Thu Aug 18 2022 Jonas Ådahl <jadahl@redhat.com> - 43~beta-4
 - Drop dependency on tpm2-abrmd
 * Tue Aug 16 2022 Kalev Lember <klember@redhat.com> - 43~beta-3
 - Avoid manual requires on tss2* and rely on automatic soname deps instead
 * Mon Aug 15 2022 Simone Caronni <negativo17@gmail.com> - 43~beta-2
 - Rebuild for updated FreeRDP.
 * Thu Aug 11 2022 Jonas Ådahl <jadahl@redhat.com> - 43~beta
 - Update to 43.beta
 * Fri Jul 29 2022 Tomas Popela <tpopela@redhat.com> - 43~alpha-2
 - FreeRDP is built without server support in RHEL and ELN so we should disable
  the RDP there
 * Thu Jul 28 2022 Jonas Ådahl <jadahl@redhat.com> - 43~alpha
 - Update to 43.alpha
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 42.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Thu Jul 07 2022 David King <amigadave@amigadave.com> - 42.3-1
 - Update to 43.3 (#2091415)
 * Sun May 29 2022 David King <amigadave@amigadave.com> - 42.2-1
 - Update to 42.2
 * Wed May 11 2022 David King <amigadave@amigadave.com> - 42.1.1-1
 - Update to 42.1.1 (#2061546)
 * Wed Apr 27 2022 David King <amigadave@amigadave.com> - 42.1-2
 - Fix isa macro in Requires
 * Tue Apr 26 2022 David King <amigadave@amigadave.com> - 42.1-1
 - Update to 42.1 (#2061546)
 * Mon Mar 21 2022 Jonas Ådahl <jadahl@redhat.com> - 42.0
 - Update to 42.0
 * Mon Mar 14 2022 Jonas Ådahl <jadahl@redhat.com> - 42~rc-1
 - Update to 42.rc
 * Wed Feb 16 2022 Jonas Ådahl <jadahl@redhat.com> - 42~beta-1
 - Update to 42.beta
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 41.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-* Wed Dec 08 2021 Jonas Ådahl <jadahl@redhat.com> - 41.2-1
+* Wed Jul 19 2023 Jonas Ådahl <jadahl@redhat.com> - 40.0-9
- Update to 41.2
+- Bump version number
  Related: rhbz#2188174
-* Mon Nov 01 2021 Kalev Lember <klember@redhat.com> - 41.1-1
+* Wed Apr 19 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 40.0-8
- Update to 41.1
+- Do not provide libvncserver.so.1
  Resolves: rhbz#2188174
-* Mon Sep 20 2021 Kalev Lember <klember@redhat.com> - 41.0-1
+* Mon Oct 25 2021 Jonas Ådahl <jadahl@redhat.com> - 40.0-7
- Update to 41.0
+- Don't compile in SHA1 support
  Resolves: #1936594
-* Tue Sep 07 2021 Jonas Ådahl <jadahl@redhat.com> - 41~rc-1
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 40.0-6
- Bump to 41.rc
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
-* Wed Aug 04 2021 Kalev Lember <klember@redhat.com> - 40.1-3
+* Tue Jun 15 2021 Jonas Ådahl <jadahl@redhat.com> - 40.0-5
- Avoid systemd_requires as per updated packaging guidelines
+- Backport leak fix
  Resolves: #1951129
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 40.1-2
+* Mon May 17 2021 Ondrej Holy <oholy@redhat.com> - 40.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+- Rebuild for updated FreeRDP (#1951123).
-* Mon May 03 2021 Jonas Ådahl <jadahl@redhat.com> - 40.1-1
+* Thu Apr 22 2021 Jonas Ådahl <jadahl@redhat.com> - 40.0-3
- Bump to 40.1
+- Bundle libvncserver
 - Disable RDP support
-* Thu Apr 15 2021 Simone Caronni <negativo17@gmail.com> - 40.0-2
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 40.0-2
- Rebuild for updated FreeRDP.
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Mon Mar 22 2021 Kalev Lember <klember@redhat.com> - 40.0-1
 - Update to 40.0
`@ -1 +1,2 @@`
	`SOURCES/gnome-remote-desktop-47.alpha.tar.xz`	`SOURCES/LibVNCServer-0.9.13.tar.gz`
		`SOURCES/gnome-remote-desktop-40.0.tar.xz`
`@ -1 +1,2 @@`
	`5c94c91ac6d2c8e70bfc65d273937d9fcd7b594e SOURCES/gnome-remote-desktop-47.alpha.tar.xz`	`55d79e6c4305cd67cd487c601298349c17ca05c1 SOURCES/LibVNCServer-0.9.13.tar.gz`
		`7c7688373ac31e724515f8b105922c3423e4469a SOURCES/gnome-remote-desktop-40.0.tar.xz`