From 400a0408a1bd45a0a47e5052772d14385fceea7c Mon Sep 17 00:00:00 2001 From: tigro Date: Mon, 30 Dec 2024 23:10:32 +0300 Subject: [PATCH] import tigervnc-1.14.0-8.el10 --- .gitignore | 2 +- .tigervnc.metadata | 2 +- SOURCES/0001-rpath-hack.patch | 24 - SOURCES/HOWTO.md | 110 +++++ ...g-coma-in-default-security-type-list.patch | 24 + ...gervnc-correctly-handle-zrle-cursors.patch | 29 ++ ...pointer-position-for-floating-device.patch | 13 - ...isting-config-directory-in-vncpasswd.patch | 27 ++ ...igervnc-use-gnome-as-default-session.patch | 12 - ...ession-use-bin-sh-when-shell-not-set.patch | 29 ++ SOURCES/tigervnc-xserver120.patch | 138 ------ SOURCES/vncserver | 11 +- SOURCES/xorg-CVE-2024-9632.patch | 54 --- SPECS/tigervnc.spec | 431 +++++++++--------- 14 files changed, 435 insertions(+), 471 deletions(-) delete mode 100644 SOURCES/0001-rpath-hack.patch create mode 100644 SOURCES/HOWTO.md create mode 100644 SOURCES/tigervnc-add-missing-coma-in-default-security-type-list.patch create mode 100644 SOURCES/tigervnc-correctly-handle-zrle-cursors.patch delete mode 100644 SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch create mode 100644 SOURCES/tigervnc-handle-existing-config-directory-in-vncpasswd.patch delete mode 100644 SOURCES/tigervnc-use-gnome-as-default-session.patch create mode 100644 SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch delete mode 100644 SOURCES/tigervnc-xserver120.patch delete mode 100644 SOURCES/xorg-CVE-2024-9632.patch diff --git a/.gitignore b/.gitignore index 909656d..abe71a2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/tigervnc-1.14.1.tar.gz +SOURCES/tigervnc-1.14.0.tar.gz diff --git a/.tigervnc.metadata b/.tigervnc.metadata index 6633de2..1a682c4 100644 --- a/.tigervnc.metadata +++ b/.tigervnc.metadata @@ -1 +1 @@ -bc3c8bc9f454eb307011cd5965251f4a28040a25 SOURCES/tigervnc-1.14.1.tar.gz +9e67944113159da85f42c24b43f40b842f23feb3 SOURCES/tigervnc-1.14.0.tar.gz diff --git a/SOURCES/0001-rpath-hack.patch b/SOURCES/0001-rpath-hack.patch deleted file mode 100644 index 4e438dd..0000000 --- a/SOURCES/0001-rpath-hack.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001 -From: Adam Jackson -Date: Thu, 12 Nov 2015 11:10:11 -0500 -Subject: [PATCH] rpath hack - -Normally, rpath is undesirable. But for the X server we _know_ we need -Mesa's libGL, which will always be in %{_libdir}, and not any third-party -libGL that may be configured using ld.so.conf. - ---- - configure.ac | 1 + - 1 files changed, 1 insertions(+), 0 deletion(-) - -diff --git a/configure.ac b/configure.ac -index fa15a2d..a5af1e0 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1261,6 +1261,7 @@ AM_CONDITIONAL(GLX, test "x$GLX" = xyes) - - AM_CONDITIONAL(HASHTABLE, test "x$HASHTABLE" = xyes) - -+GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)" - AC_SUBST([GLX_DEFINES]) - AC_SUBST([GLX_SYS_LIBS]) diff --git a/SOURCES/HOWTO.md b/SOURCES/HOWTO.md new file mode 100644 index 0000000..28b710d --- /dev/null +++ b/SOURCES/HOWTO.md @@ -0,0 +1,110 @@ +# What has changed +The previous Tigervnc versions had a wrapper script called `vncserver` which +could be run as a user manually to start *Xvnc* process. The usage was quite +simple as you just run +``` +$ vncserver :x [vncserver options] [Xvnc options] +``` +and that was it. While this was working just fine, there were issues when users +wanted to start a Tigervnc server using *systemd*. For these reasons things were +completely changed and there is now a new way how this all is supposed to work. + + # How to start Tigervnc server +  +## Add a user mapping +With this you can map a user to a particular port. The mapping should be done in +`/etc/tigervnc/vncserver.users` configuration file. It should be pretty +straightforward once you open the file as there are some examples, but basically +the mapping is in form +``` +:x=user +``` +For example you can have +``` +:1=test +:2=vncuser +``` + +## Configure Xvnc options +To configure Xvnc parameters, you need to go to the same directory where you did +the user mapping and open `vncserver-config-defaults` configuration file. This +file is for the default Xvnc configuration and will be applied to every user +unless any of the following applies: +* The user has its own configuration in `$HOME/.vnc/config` +* The same option with different value is configured in +  `vncserver-config-mandatory` configuration file, which replaces the default +  configuration and has even a higher priority than the per-user configuration. +  This option is for system administrators when they want to force particular +  *Xvnc* options. + +Format of the configuration file is also quite simple as the configuration is +in form of +``` +option=value +option +``` +for example +``` +session=gnome +securitytypes=vncauth,tlsvnc +desktop=sandbox +geometry=2000x1200 +localhost +alwaysshared +``` +### Note: +There is one important option you need to set and that option is the session you +want to start. E.g when you want to start GNOME desktop, then you have to use +``` +session=gnome +``` +which should match the name of a session desktop file from `/usr/share/xsessions` +directory. + +## Set VNC password +You need to set a password for each user in order to be able to start the +Tigervnc server. In order to create a password, you just run +``` +$ vncpasswd +``` +as the user you will be starting the server for. +### Note: +If you were using Tigervnc before for your user and you already created a +password, then you will have to make sure the `$HOME/.vnc` folder created by +`vncpasswd` will have the correct *SELinux* context. You either can delete this +folder and recreate it again by creating the password one more time, or +alternatively you can run +``` +$ restorecon -RFv /home//.vnc +``` + +## Start the Tigervnc server +Finally you can start the server using systemd service. To do so just run +``` +$ systemctl start vncserver@:x +``` +as root or +``` +$ sudo systemctl start vncserver@:x +``` +as a regular user in case it has permissions to run `sudo`. Don't forget to +replace the `:x` by the actual number you configured in the user mapping file. +Following our example by running +``` +$ systemctl start vncserver@:1 +``` +you will start a Tigervnc server for user `test` with a GNOME session. + +### Note: +If you were previously using Tigervnc and you were used to start it using +*systemd* then you will need to remove previous *systemd* configuration files, +those you most likely copied to `/etc/systemd/system/vncserver@.service`, +otherwise this service file will be preferred over the new one installed with +latest Tigervnc. + +# Limitations +You will not be able to start a Tigervnc server for a user who is already +logged into a graphical session. Avoid running the server as the `root` user as +it's not a safe thing to do. While running the server as the `root` should work +in general, it's not recommended to do so and there might be some things which +are not working properly. diff --git a/SOURCES/tigervnc-add-missing-coma-in-default-security-type-list.patch b/SOURCES/tigervnc-add-missing-coma-in-default-security-type-list.patch new file mode 100644 index 0000000..cb426b6 --- /dev/null +++ b/SOURCES/tigervnc-add-missing-coma-in-default-security-type-list.patch @@ -0,0 +1,24 @@ +From 4f6a3521874da5a67fd746389cfa9b6199eb3582 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Mon, 29 Jul 2024 16:16:08 +0200 +Subject: [PATCH] Add missing comma in default security type list + +Otherwise it merges with the next entry, removing both of them from the +default list. +--- + common/rfb/SecurityClient.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/common/rfb/SecurityClient.cxx b/common/rfb/SecurityClient.cxx +index 12860662f..63e0cadc0 100644 +--- a/common/rfb/SecurityClient.cxx ++++ b/common/rfb/SecurityClient.cxx +@@ -60,7 +60,7 @@ StringParameter SecurityClient::secTypes + "X509Plain,TLSPlain,X509Vnc,TLSVnc,X509None,TLSNone," + #endif + #ifdef HAVE_NETTLE +- "RA2,RA2_256,RA2ne,RA2ne_256,DH,MSLogonII" ++ "RA2,RA2_256,RA2ne,RA2ne_256,DH,MSLogonII," + #endif + "VncAuth,None", + ConfViewer); diff --git a/SOURCES/tigervnc-correctly-handle-zrle-cursors.patch b/SOURCES/tigervnc-correctly-handle-zrle-cursors.patch new file mode 100644 index 0000000..1b17302 --- /dev/null +++ b/SOURCES/tigervnc-correctly-handle-zrle-cursors.patch @@ -0,0 +1,29 @@ +From 6d9017eeb364491cf2acdf1c7e61aee8dd198527 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Fri, 30 Aug 2024 16:15:09 +0200 +Subject: [PATCH] Correctly handle ZRLE cursors + +Cursor data has a depth of 32 bits and hence cannot use CPIXELs. + +This is a regression from baca73d. +--- + common/rfb/ZRLEDecoder.cxx | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/rfb/ZRLEDecoder.cxx b/common/rfb/ZRLEDecoder.cxx +index 474fd6ca1..e274a697a 100644 +--- a/common/rfb/ZRLEDecoder.cxx ++++ b/common/rfb/ZRLEDecoder.cxx +@@ -125,10 +125,10 @@ void ZRLEDecoder::zrleDecode(const Rect& r, rdr::InStream* is, + Pixel maxPixel = pf.pixelFromRGB((uint16_t)-1, (uint16_t)-1, (uint16_t)-1); + bool fitsInLS3Bytes = maxPixel < (1<<24); + bool fitsInMS3Bytes = (maxPixel & 0xff) == 0; +- bool isLowCPixel = (sizeof(T) == 4) && ++ bool isLowCPixel = (sizeof(T) == 4) && (pf.depth <= 24) && + ((fitsInLS3Bytes && pf.isLittleEndian()) || + (fitsInMS3Bytes && pf.isBigEndian())); +- bool isHighCPixel = (sizeof(T) == 4) && ++ bool isHighCPixel = (sizeof(T) == 4) && (pf.depth <= 24) && + ((fitsInLS3Bytes && pf.isBigEndian()) || + (fitsInMS3Bytes && pf.isLittleEndian())); + diff --git a/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch b/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch deleted file mode 100644 index 3bf7dda..0000000 --- a/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c -index b3d0926d..d36a096f 100644 ---- a/unix/xserver/hw/vnc/vncInput.c -+++ b/unix/xserver/hw/vnc/vncInput.c -@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y) - - void vncGetPointerPos(int *x, int *y) - { -- if (vncPointerDev != NULL) { -+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) { - ScreenPtr ptrScreen; - - miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY); diff --git a/SOURCES/tigervnc-handle-existing-config-directory-in-vncpasswd.patch b/SOURCES/tigervnc-handle-existing-config-directory-in-vncpasswd.patch new file mode 100644 index 0000000..ea431f8 --- /dev/null +++ b/SOURCES/tigervnc-handle-existing-config-directory-in-vncpasswd.patch @@ -0,0 +1,27 @@ +From 445e0230cf4e939dcc59caf5d5f001c2f7b04da6 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Thu, 15 Aug 2024 14:24:42 +0200 +Subject: [PATCH] Handle existing config directory in vncpasswd + +This fixes commit a79c33d. +--- + unix/vncpasswd/vncpasswd.cxx | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx +index 6666955f1..9f794e129 100644 +--- a/unix/vncpasswd/vncpasswd.cxx ++++ b/unix/vncpasswd/vncpasswd.cxx +@@ -213,8 +213,10 @@ int main(int argc, char** argv) + exit(1); + } + if (os::mkdir_p(configDir, 0777) == -1) { +- fprintf(stderr, "Could not create VNC config directory: %s\n", strerror(errno)); +- exit(1); ++ if (errno != EEXIST) { ++ fprintf(stderr, "Could not create VNC config directory: %s\n", strerror(errno)); ++ exit(1); ++ } + } + snprintf(fname, sizeof(fname), "%s/passwd", configDir); + } diff --git a/SOURCES/tigervnc-use-gnome-as-default-session.patch b/SOURCES/tigervnc-use-gnome-as-default-session.patch deleted file mode 100644 index a767c40..0000000 --- a/SOURCES/tigervnc-use-gnome-as-default-session.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/unix/vncserver/vncserver-config-defaults b/unix/vncserver/vncserver-config-defaults -index 0c217bf..2889347 100644 ---- a/unix/vncserver/vncserver-config-defaults -+++ b/unix/vncserver/vncserver-config-defaults -@@ -13,3 +13,7 @@ - # geometry=2000x1200 - # localhost - # alwaysshared -+ -+# Default to GNOME session -+# Note: change this only when you know what are you doing -+session=gnome diff --git a/SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch b/SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch new file mode 100644 index 0000000..3f46c73 --- /dev/null +++ b/SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch @@ -0,0 +1,29 @@ +From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001 +From: Carlos Santos +Date: Thu, 25 Jul 2024 18:39:59 -0300 +Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set + +An empty shell field in the password file is valid, although not common. +Use /bin/sh in this case, as documented in the passwd(5) man page, since +the vncserver script requires a non-empty SHELL environment variable. + +Fixes issue #1786. + +Signed-off-by: Carlos Santos +--- + unix/vncserver/vncsession.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c +index 1ee096c7c..98a0432aa 100644 +--- a/unix/vncserver/vncsession.c ++++ b/unix/vncserver/vncsession.c +@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp) + + // Set up some basic environment for the script + setenv("HOME", pwent->pw_dir, 1); +- setenv("SHELL", pwent->pw_shell, 1); ++ setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1); + setenv("LOGNAME", pwent->pw_name, 1); + setenv("USER", pwent->pw_name, 1); + setenv("USERNAME", pwent->pw_name, 1); diff --git a/SOURCES/tigervnc-xserver120.patch b/SOURCES/tigervnc-xserver120.patch deleted file mode 100644 index 9bc5182..0000000 --- a/SOURCES/tigervnc-xserver120.patch +++ /dev/null @@ -1,138 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 0909cc5b4..c01873200 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x - AC_CONFIG_HEADERS(include/version-config.h) - - AM_PROG_AS -+AC_PROG_CXX - AC_PROG_LN_S - LT_PREREQ([2.2]) - LT_INIT([disable-static win32-dll]) -@@ -1735,6 +1736,14 @@ if test "x$XVFB" = xyes; then - AC_SUBST([XVFB_SYS_LIBS]) - fi - -+dnl Xvnc DDX -+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"]) -+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"]) -+ -+PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no]) -+if test "x$GBM" = xyes; then -+ AC_DEFINE(HAVE_GBM, 1, [Have GBM support]) -+fi - - dnl Xnest DDX - -@@ -2058,7 +2067,6 @@ if test "x$GLAMOR" = xyes; then - [AC_DEFINE(GLAMOR_HAS_EGL_QUERY_DRIVER, 1, [Have GLAMOR_HAS_EGL_QUERY_DRIVER])], - []) - -- PKG_CHECK_MODULES(GBM, "$LIBGBM", [GBM=yes], [GBM=no]) - if test "x$GBM" = xyes; then - AC_DEFINE(GLAMOR_HAS_GBM, 1, - [Build glamor with GBM-based EGL support]) -@@ -2523,6 +2531,7 @@ hw/dmx/Makefile - hw/dmx/man/Makefile - hw/vfb/Makefile - hw/vfb/man/Makefile -+hw/vnc/Makefile - hw/xnest/Makefile - hw/xnest/man/Makefile - hw/xwin/Makefile -diff --git a/dri3/Makefile.am b/dri3/Makefile.am -index e47a734e0..99c3718a5 100644 ---- a/dri3/Makefile.am -+++ b/dri3/Makefile.am -@@ -1,7 +1,7 @@ - noinst_LTLIBRARIES = libdri3.la - AM_CFLAGS = \ -- -DHAVE_XORG_CONFIG_H \ -- @DIX_CFLAGS@ @XORG_CFLAGS@ -+ @DIX_CFLAGS@ \ -+ @LIBDRM_CFLAGS@ - - libdri3_la_SOURCES = \ - dri3.h \ -diff --git a/dri3/dri3.c b/dri3/dri3.c -index ba32facd7..191252969 100644 ---- a/dri3/dri3.c -+++ b/dri3/dri3.c -@@ -20,10 +20,6 @@ - * OF THIS SOFTWARE. - */ - --#ifdef HAVE_XORG_CONFIG_H --#include --#endif -- - #include "dri3_priv.h" - - #include -diff --git a/dri3/dri3_priv.h b/dri3/dri3_priv.h -index b087a9529..f319d1770 100644 ---- a/dri3/dri3_priv.h -+++ b/dri3/dri3_priv.h -@@ -23,6 +23,7 @@ - #ifndef _DRI3PRIV_H_ - #define _DRI3PRIV_H_ - -+#include "dix-config.h" - #include - #include "scrnintstr.h" - #include "misc.h" -diff --git a/dri3/dri3_request.c b/dri3/dri3_request.c -index 958877efa..687168930 100644 ---- a/dri3/dri3_request.c -+++ b/dri3/dri3_request.c -@@ -20,10 +20,6 @@ - * OF THIS SOFTWARE. - */ - --#ifdef HAVE_XORG_CONFIG_H --#include --#endif -- - #include "dri3_priv.h" - #include - #include -diff --git a/dri3/dri3_screen.c b/dri3/dri3_screen.c -index b98259753..3c7e5bf60 100644 ---- a/dri3/dri3_screen.c -+++ b/dri3/dri3_screen.c -@@ -20,10 +20,6 @@ - * OF THIS SOFTWARE. - */ - --#ifdef HAVE_XORG_CONFIG_H --#include --#endif -- - #include "dri3_priv.h" - #include - #include -diff --git a/hw/Makefile.am b/hw/Makefile.am -index 19895dc77..3ecfa8b7a 100644 ---- a/hw/Makefile.am -+++ b/hw/Makefile.am -@@ -44,3 +44,5 @@ DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland - - relink: - $(AM_V_at)for i in $(SUBDIRS) ; do $(MAKE) -C $$i relink || exit 1 ; done -+ -+SUBDIRS += vnc -diff --git a/include/dix-config.h.in b/include/dix-config.h.in -index f8fc67067..d53c4e72f 100644 ---- a/include/dix-config.h.in -+++ b/include/dix-config.h.in -@@ -83,6 +83,9 @@ - /* Define to 1 if you have the header file. */ - #undef HAVE_FCNTL_H - -+/* Have GBM support */ -+#undef HAVE_GBM -+ - /* Define to 1 if you have the `getdtablesize' function. */ - #undef HAVE_GETDTABLESIZE - diff --git a/SOURCES/vncserver b/SOURCES/vncserver index 79b1509..33c7862 100644 --- a/SOURCES/vncserver +++ b/SOURCES/vncserver @@ -121,7 +121,7 @@ if ($fontPath eq "") { # Check command line options &ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1, - "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0); + "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1); &Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'}); @@ -168,13 +168,7 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { $displayNumber = $1; shift(@ARGV); if (!&CheckDisplayNumber($displayNumber)) { - if ($opt{'-fallbacktofreeport'}) { - warn "A VNC server is already running as :$displayNumber\n"; - $displayNumber = &GetDisplayNumber(); - warn "Using port :$displayNumber as fallback\n"; - } else { - die "A VNC server is already running as :$displayNumber\n"; - } + die "A VNC server is already running as :$displayNumber\n"; } } elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) { &Usage(); @@ -680,7 +674,6 @@ sub Usage " [-autokill]\n". " [-noxstartup]\n". " [-xstartup ]\n". - " [-fallbacktofreeport]\n". " ...\n\n". " $prog -kill \n\n". " $prog -list\n\n"); diff --git a/SOURCES/xorg-CVE-2024-9632.patch b/SOURCES/xorg-CVE-2024-9632.patch deleted file mode 100644 index 2db1508..0000000 --- a/SOURCES/xorg-CVE-2024-9632.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 56351307017e2501f7cd6e31efcfb55c19aba75a Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Thu, 10 Oct 2024 10:37:28 +0200 -Subject: [PATCH] xkb: Fix buffer overflow in _XkbSetCompatMap() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The _XkbSetCompatMap() function attempts to resize the `sym_interpret` -buffer. - -However, It didn't update its size properly. It updated `num_si` only, -without updating `size_si`. - -This may lead to local privilege escalation if the server is run as root -or remote code execution (e.g. x11 over ssh). - -CVE-2024-9632, ZDI-CAN-24756 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Reviewed-by: Peter Hutterer -Tested-by: Peter Hutterer -Reviewed-by: José Expósito ---- - xkb/xkb.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index f203270d5..70e8279aa 100644 ---- a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev, - XkbSymInterpretPtr sym; - unsigned int skipped = 0; - -- if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) { -- compat->num_si = req->firstSI + req->nSI; -+ if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) { -+ compat->num_si = compat->size_si = req->firstSI + req->nSI; - compat->sym_interpret = reallocarray(compat->sym_interpret, -- compat->num_si, -+ compat->size_si, - sizeof(XkbSymInterpretRec)); - if (!compat->sym_interpret) { -- compat->num_si = 0; -+ compat->num_si = compat->size_si = 0; - return BadAlloc; - } - } --- -2.46.2 - diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec index f31b4f3..91bc746 100644 --- a/SPECS/tigervnc.spec +++ b/SPECS/tigervnc.spec @@ -1,11 +1,12 @@ - #defining macros needed by SELinux %global selinuxtype targeted %global modulename vncsession +%bcond server 1 + Name: tigervnc -Version: 1.14.1 -Release: 1%{?dist} +Version: 1.14.0 +Release: 8%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -13,32 +14,24 @@ Summary: A TigerVNC remote display system License: GPL-2.0-or-later URL: http://www.tigervnc.com -Source0: %{name}-%{version}.tar.gz +Source0: https://github.com/TigerVNC/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: xvnc.service Source2: xvnc.socket Source3: 10-libvnc.conf +Source4: HOWTO.md # Backwards compatibility Source5: vncserver # Downstream patches -Patch1: tigervnc-use-gnome-as-default-session.patch -# https://github.com/TigerVNC/tigervnc/pull/1425 -Patch2: tigervnc-vncsession-restore-script-systemd-service.patch +Patch1: tigervnc-vncsession-restore-script-systemd-service.patch # Upstream patches -Patch50: tigervnc-vncsession-move-existing-log-to-log-old-if-present.patch - -# Upstreamable patches -Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch - -# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg -Patch100: tigervnc-xserver120.patch -# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start -Patch101: 0001-rpath-hack.patch - -# XServer patches -Patch200: xorg-CVE-2024-9632.patch +Patch50: tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch +Patch51: tigervnc-add-missing-coma-in-default-security-type-list.patch +Patch52: tigervnc-vncsession-move-existing-log-to-log-old-if-present.patch +Patch53: tigervnc-handle-existing-config-directory-in-vncpasswd.patch +Patch54: tigervnc-correctly-handle-zrle-cursors.patch BuildRequires: make BuildRequires: gcc-c++ @@ -56,6 +49,7 @@ BuildRequires: zlib-devel # TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support # See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814 BuildRequires: fltk-devel >= 1.3.3 +BuildRequires: libxcvt-devel BuildRequires: libX11-devel BuildRequires: libXext-devel BuildRequires: libXi-devel @@ -63,6 +57,13 @@ BuildRequires: libXrandr-devel BuildRequires: libXrender-devel BuildRequires: pixman-devel +%if 0%{?fedora} +# Icons +BuildRequires: ImageMagick +%endif + + +%if %{with server} # X11/graphics dependencies BuildRequires: autoconf BuildRequires: automake @@ -86,11 +87,15 @@ BuildRequires: xorg-x11-server-devel BuildRequires: xorg-x11-server-source BuildRequires: xorg-x11-util-macros BuildRequires: xorg-x11-xtrans-devel +BuildRequires: pkgconfig(libavcodec) +BuildRequires: pkgconfig(libavutil) +BuildRequires: pkgconfig(libswscale) + + # SELinux -BuildRequires: libselinux-devel -BuildRequires: selinux-policy-devel -BuildRequires: systemd +BuildRequires: libselinux-devel, selinux-policy-devel, systemd +%endif Requires(post): coreutils Requires(postun):coreutils @@ -133,8 +138,11 @@ Requires(preun): systemd Requires(postun): systemd Requires(post): systemd -Requires: mesa-dri-drivers, xkeyboard-config, xkbcomp -Requires: tigervnc-license, dbus-x11 +Requires: dbus-x11 +Requires: mesa-dri-drivers +Requires: tigervnc-license +Requires: xkbcomp +Requires: xkeyboard-config %description server-minimal The VNC system allows you to access the same desktop from a wide @@ -172,10 +180,6 @@ BuildRequires: selinux-policy-devel Requires: selinux-policy-%{selinuxtype} Requires(post): selinux-policy-%{selinuxtype} BuildRequires: selinux-policy-devel -# Required for matchpathcon -Requires: libselinux-utils -# Required for restorecon -Requires: policycoreutils %{?selinux_requires} %description selinux @@ -185,26 +189,28 @@ runs properly under an environment with SELinux enabled. %prep %setup -q +%patch -P1 -p1 -b .vncsession-restore-script-systemd-service + +# Upstream patches +%patch -P50 -p1 -b .vncsession-use-bin-sh-when-shell-not-set.patch +%patch -P51 -p1 -b .add-missing-coma-in-default-security-type-list.patch +%patch -P52 -p1 -b .vncsession-move-existing-log-to-log-old-if-present.patch +%patch -P53 -p1 -b .handle-existing-config-directory-in-vncpasswd.patch +%patch -P54 -p1 -b .correctly-handle-zrle-cursors.patch + +%if %{with server} cp -r /usr/share/xorg-x11-server-source/* unix/xserver pushd unix/xserver for all in `find . -type f -perm -001`; do chmod -x "$all" done -# Xorg patches -%patch -P100 -p1 -b .xserver120-rebased -%patch -P101 -p1 -b .rpath -%patch -P200 -p1 -b .xorg-CVE-2024-9632 +cat ../xserver21.patch | patch -p1 popd +%else +sed -i -e '/add_subdirectory.*vnc/d' unix/CMakeLists.txt +%endif -# Tigervnc patches -%patch -P1 -p1 -b .use-gnome-as-default-session -%patch -P2 -p1 -b .vncsession-restore-script-systemd-service - -# Upstream patches -%patch -P50 -p1 -b .vncsession-move-existing-log-to-log-old-if-present - -# Upstreamable patches -%patch -P80 -p1 -b .dont-get-pointer-position-for-floating-device +# Downstream patches %build %ifarch sparcv9 sparc64 s390 s390x @@ -214,14 +220,17 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic" %endif export CXXFLAGS="$CFLAGS -std=c++11" +%if 0%{?fedora} >= 35 || 0%{?rhel} >= 10 %define __cmake_builddir %{_target_platform} -mkdir -p %{%__cmake_builddir} +mkdir -p %{__cmake_builddir} +%endif -%cmake +%cmake -DCMAKE_INSTALL_UNITDIR=%{_unitdir} %cmake_build +%if %{with server} pushd unix/xserver %if 0%{?fedora} > 32 || 0%{?rhel} >= 9 @@ -233,10 +242,8 @@ autoreconf -fiv --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \ --disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \ --with-pic --disable-static \ - --with-default-font-path="catalogue:%{_sysconfdir}/X11/fontpath.d,built-ins" \ - --with-fontdir=%{_datadir}/X11/fonts \ + --with-default-font-path="catalogue:/etc/X11/fontpath.d,built-ins" \ --with-xkb-output=%{_localstatedir}/lib/xkb \ - --enable-install-libxf86config \ --enable-glx --disable-dri --enable-dri2 --enable-dri3 \ --disable-unit-tests \ --disable-config-hal \ @@ -248,36 +255,45 @@ autoreconf -fiv make %{?_smp_mflags} popd +# SELinux +pushd unix/vncserver/selinux +make +popd + +%endif + +%if 0%{?rhel} # Build icons -%if 0%{?fedora} > 32 || 0%{?rhel} >= 9 +%if 0%{?rhel} >= 9 pushd %{_target_platform}/media %else pushd media %endif make popd +%endif + -# SELinux -pushd unix/vncserver/selinux -make -popd %install %cmake_install rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT} +%if %{with server} pushd unix/xserver/hw/vnc %make_install popd -# Install systemd unit file +# Install selinux policy file pushd unix/vncserver/selinux -make install DESTDIR=%{buildroot} +make install DESTDIR=%{buildroot} PREFIX=%{_prefix} popd # Install systemd unit file install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket +install -m755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver +%endif # Install desktop stuff mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps @@ -291,32 +307,23 @@ popd appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop -%if 0%{?rhel} > 9 -# Install a replacement for /usr/bin/vncserver which will tell the user to read the -# HOWTO.md file -cat < %{buildroot}/%{_bindir}/vncserver -#!/bin/bash -echo "vncserver has been replaced by a systemd unit." -echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information." -EOF -chmod +x %{buildroot}/%{_bindir}/vncserver -%else -install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver -%endif - %find_lang %{name} %{name}.lang +%if %{with server} # remove unwanted files rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/ install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf +install -m 644 %{SOURCE4} %{buildroot}/%{_docdir}/tigervnc/HOWTO.md + %post server %systemd_post xvnc@.service %systemd_post xvnc.socket %preun server +%systemd_preun xvnc@.service %systemd_preun xvnc.socket %postun server @@ -335,6 +342,7 @@ if [ $1 -eq 0 ]; then %selinux_modules_uninstall -s %{selinuxtype} %{modulename} %selinux_relabel_post -s %{selinuxtype} fi +%endif %files -f %{name}.lang @@ -344,6 +352,7 @@ fi %{_mandir}/man1/vncviewer.1* %{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml +%if %{with server} %files server %config(noreplace) %{_sysconfdir}/pam.d/tigervnc %config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-defaults @@ -375,177 +384,161 @@ fi %{_libdir}/xorg/modules/extensions/libvnc.so %config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.* +%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} +%endif + %files license %{_docdir}/tigervnc/LICENCE.TXT %files icons %{_datadir}/icons/hicolor/*/apps/* -%files selinux -%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.* -%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} - %changelog -* Fri Nov 08 2024 Jan Grulich - 1.14.1-1 -- 1.14.1 - Resolves: RHEL-66600 -- Fix CVE-2024-9632: xorg-x11-server: heap-based buffer overflow privilege escalation vulnerability - Resolves: RHEL-62000 +* Mon Dec 30 2024 Arkady L. Shane - 1.14.0-8 +- Rebuilt for MSVSphere 10 + +* Sat Oct 05 2024 Neal Gompa - 1.14.0-8 +- Rebuild for ffmpeg 7 + +* Sun Sep 29 2024 Sérgio Basto - 1.14.0-7 +- Enable ffmpeg + +* Fri Sep 27 2024 Sérgio Basto - 1.14.0-6 +- Rebuild for rebase of xorg-server to versions 21.1.x + +* Fri Sep 27 2024 Sérgio Basto - 1.14.0-5 +- Add compability with X11-server-21.1.x -* Mon Aug 05 2024 Jan Grulich - 1.13.1-11 +* Wed Sep 04 2024 Jan Grulich - 1.14.0-4 +- Move old log to log.old if present (fix patch) + +* Mon Sep 02 2024 Jan Grulich - 1.14.0-3 +- Correctly handle ZRLE cursors +- Move old log to log.old if present +- Handle existing config directory in vncpasswd + +* Mon Aug 05 2024 Jan Grulich - 1.14.0-2 - vncsession: use /bin/sh if the user shell is not set - Resolves: RHEL-50679 - -* Tue May 28 2024 Jan Grulich - 1.13.1-10 -- vncconfig: add option to force view-only remote client connections - Resolves: RHEL-12144 - -* Tue Apr 16 2024 Jan Grulich - 1.13.1-9 -- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents - Resolves: RHEL-30756 -- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs - Resolves: RHEL-30768 -- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice - Resolves: RHEL-30762 - -* Wed Feb 07 2024 Jan Grulich - 1.13.1-8 -- Fix copy/paste error in the DeviceStateNotify - Resolves: RHEL-20533 - -* Mon Jan 22 2024 Jan Grulich - 1.13.1-7 -- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice - Resolves: RHEL-20389 -- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent - Resolves: RHEL-20383 -- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access - Resolves: RHEL-20533 -- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer - Resolves: RHEL-21213 - -* Mon Jan 08 2024 Jan Grulich - 1.13.1-6 -- Use dup() to get available file descriptor when using -inetd option - Resolves: RHEL-19858 - -* Mon Dec 18 2023 Jan Grulich - 1.13.1-5 -- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions - Resolves: RHEL-18414 -- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty - Resolves: RHEL-18426 - -* Wed Nov 01 2023 Jan Grulich - 1.13.1-4 -- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow - Resolves: RHEL-15237 - -- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty - Resolves: RHEL-15249 - -* Mon Oct 09 2023 Jan Grulich - 1.13.1-3 -- Support username alias in PlainUsers - Resolves: RHEL-8430 - -* Tue Apr 11 2023 Jan Grulich - 1.13.1-2 -- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege - Escalation Vulnerability - Resolves: bz#2180310 - -* Tue Mar 21 2023 Jan Grulich - 1.13.1-1 +- add missing comma in default security type list + +* Tue Jul 23 2024 Jan Grulich - 1.14.0-1 +- 1.14.0 + +* Sat Jul 20 2024 Fedora Release Engineering - 1.13.90-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Jul 08 2024 Jan Grulich - 1.13.90-2 +- Enable DRI3 support + +* Tue Jul 02 2024 Jan Grulich - 1.13.90-1 +- 1.14.0 beta + +* Wed Apr 10 2024 Jan Grulich - 1.13.1-14 +- Rebuild (xorg-x11-server) + Fix regression caused by the fix for CVE-2024-31083 + +* Thu Apr 04 2024 Jan Grulich - 1.13.1-13 +- Rebuild (xorg-x11-server) + CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 + +* Sat Jan 27 2024 Fedora Release Engineering - 1.13.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Jan 16 2024 Jan Grulich - 1.13.1-11 +- Rebuild (xorg-x11-server) + CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, + CVE-2024-0408 and CVE-2024-0409 + +* Wed Dec 20 2023 Peter Hutterer - 1.13.1-10 +- Fix cmake builddir creation + +* Wed Dec 13 2023 Jan Grulich - 1.13.1-9 +- Rebuild for Xorg CVEs + Fixes: CVE-2023-6377, CVE-2023-6478 + +* Wed Nov 22 2023 Florian Weimer - 1.13.1-8 +- Drop incorrect tigervnc-c99-2.patch. + +* Wed Nov 22 2023 Florian Weimer - 1.13.1-7 +- C compatibility fixes + +* Thu Nov 02 2023 Jan Grulich - 1.13.1-6 +- Fix CVE-2023-5380 and CVE-2023-5367 (rebuild with fixed Xorg) + +* Wed Oct 18 2023 Kalev Lember - 1.13.1-5 +- Drop unrecognized configure options +- Add buildrequires to get correct font and xkb directories from pkg-config +- Re-enable server in flatpak builds and fix the build + +* Sat Jul 22 2023 Fedora Release Engineering - 1.13.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Mar 30 2023 Jan Grulich - 1.13.1-3 +- Drop BR: xorg-x11-font-utils + CVE-2023-1393 + +* Thu Mar 30 2023 Jan Grulich - 1.13.1-2 +- Rebuild (xorg-x11-server) + CVE-2023-1393 + +* Wed Mar 01 2023 Jan Grulich - 1.13.1-1 - 1.13.1 - Resolves: bz#2175732 - -* Tue Feb 21 2023 Jan Grulich - 1.12.0-12 -- SELinux: allow vncsession create .vnc directory - Resolves: bz#2164703 - -* Wed Feb 15 2023 Jan Grulich - 1.12.0-11 -- Add sanity check when cleaning up keymap changes - Resolves: bz#2169965 - -* Mon Feb 06 2023 Jan Grulich - 1.12.0-10 -- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation - Resolves: bz#2167061 - -* Tue Dec 20 2022 Tomas Popela - 1.12.0-9 -- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix - -* Fri Dec 16 2022 Jan Grulich - 1.12.0-8 -- Rebuild for xorg-x11-server CVEs - Resolves: CVE-2022-4283 (bz#2154234) - Resolves: CVE-2022-46340 (bz#2154221) - Resolves: CVE-2022-46341 (bz#2154224) - Resolves: CVE-2022-46342 (bz#2154226) - Resolves: CVE-2022-46343 (bz#2154228) - Resolves: CVE-2022-46344 (bz#2154230) - -* Thu Dec 01 2022 Jan Grulich - 1.12.0-7 -- x0vncserver: add new keysym in case we don't find matching keycode - + actually apply the patch - Resolves: bz#2119017 - -* Thu Dec 01 2022 Jan Grulich - 1.12.0-6 -- x0vncserver: add new keysym in case we don't find matching keycode - Resolves: bz#2119017 - -* Mon Oct 24 2022 Jan Grulich - 1.12.0-5 -- x0vncserver: fix ghost cursor in zaphod mode (better version) - Resolves: bz#2119016 - -* Tue May 31 2022 Jan Grulich - 1.12.0-4 -- Add BR: libXdamage, libXfixes, libXrandr - Resolves: bz#2091833 - -* Tue Apr 05 2022 Jan Grulich - 1.12.0-3 -- Do not run systemd_preun on Xvnc service file - Resolves: bz#2048011 - -* Mon Apr 04 2022 Jan Grulich - 1.12.0-2 -- Drop unexisting option from the old vncserver script - Resolves: bz#2021893 - -* Wed Mar 23 2022 Jan Grulich - 1.12.0-1 -- 1.12.0 + sync with Fedora - Resolves: bz#2048011 - Resolves: bz#2021893 - -* Mon Feb 07 2022 Jan Grulich - 1.11.0-21 -- Added vncsession-restore script for SELinux policy migration - Fix SELinux context for root user - Resolves: bz#2049506 - -* Fri Nov 26 2021 Jan Grulich - 1.11.0-20 -- Rebuild for absence in RHEL 9.0 - Resolves: bz#1985858 - -* Mon Aug 16 2021 Jan Grulich - 1.11.0-19 -- Sync upstream patches + drop unused patches - Resolves: bz#1985858 -* Tue Aug 10 2021 Mohan Boddu - 1.11.0-18 -- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Related: rhbz#1991688 +* Tue Feb 21 2023 Jan Grulich - 1.13.0-3 +- vncsession: allow to create .vnc directory -* Mon Jul 19 2021 Jan Grulich - 1.11.0-17 -- Fix logout from VNC session using vncserver - Resolves: bz#1983704 +* Wed Feb 15 2023 Jan Grulich - 1.13.0-2 +- Backport: Sanity check when cleaning up keymap changes -* Tue Jun 01 2021 Jan Grulich - 1.11.0-16 -- Bump version for rebuild (binutils) - Resolves: bz#1961488 +* Tue Feb 07 2023 Jan Grulich - 1.13.0-1 +- 1.13.0 +- CVE-2023-0494 -* Mon May 17 2021 Jan Grulich - 1.11.0-14 -- SELinux improvements - Resolves: bz#1961488 +* Tue Jan 31 2023 Jan Grulich - 1.12.0-9 +- migrated to SPDX license -- Fix endianness issue on s390x - Resolves: bz#1963029 +* Sat Jan 21 2023 Fedora Release Engineering - 1.12.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -* Fri Apr 16 2021 Mohan Boddu - 1.11.0-13 -- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 +* Sat Jul 23 2022 Fedora Release Engineering - 1.12.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -* Mon Mar 08 2021 Jan Grulich - 1.11.0-12 -- Include RHEL8 patches +* Tue May 31 2022 Jan Grulich - 1.12.0-6 +- Add some missing build requirements for x0vncserver -* Fri Mar 05 2021 Jan Grulich - 1.11.0-11 -- Enable old vncserver script for RHEL 9 +* Tue Feb 15 2022 Jan Grulich - 1.12.0-5 +- Fix migration of SELinux context policy + +* Fri Jan 21 2022 Jan Grulich - 1.12.0-4 +- Fix crash in vncviewer + +* Fri Jan 14 2022 Jan Grulich - 1.12.0-3 +- Remove unavailable option from vncserver script + +* Fri Jan 14 2022 Jan Grulich - 1.12.0-2 +- SELinux: restore SELinux context in case of different policies + +* Thu Nov 11 2021 Jan Grulich - 1.12.0-1 +- 1.12.0 + +* Wed Sep 15 2021 Jan Grulich - 1.11.90-1 +- 1.11.90 + +* Fri Jul 23 2021 Fedora Release Engineering - 1.11.0-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jul 21 2021 Jan Grulich - 1.11.0-13 +- Sync upstream patches + drop unused patches +- Fix logout issue with vncserver script + +* Wed Jun 16 2021 Jan Grulich - 1.11.0-12 +- Re-enable vncserver script for F34+ + +* Tue May 25 2021 Jan Grulich - 1.11.0-11 +- SELinux improvements +- Backport some CentOS changes * Wed Jan 27 2021 Fedora Release Engineering - 1.11.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild