From 25ffbd1774230c84d299185f8baf3e0897fd6c5a Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 10 2018 05:22:26 +0000
Subject: import libvncserver-0.9.9-11.el7


---

diff --git a/SOURCES/LibVNCServer-0.9.9-libvncserver-sockets.c-do-not-segfault-when-listenSo.patch b/SOURCES/LibVNCServer-0.9.9-libvncserver-sockets.c-do-not-segfault-when-listenSo.patch
new file mode 100644
index 0000000..ea15e2a
--- /dev/null
+++ b/SOURCES/LibVNCServer-0.9.9-libvncserver-sockets.c-do-not-segfault-when-listenSo.patch
@@ -0,0 +1,33 @@
+From 66282f58000c8863e104666c30cb67b1d5cbdee3 Mon Sep 17 00:00:00 2001
+From: "Kyle J. McKay" <mackyle@gmail.com>
+Date: Fri, 18 May 2012 00:30:11 -0700
+Subject: [PATCH] libvncserver/sockets.c: do not segfault when
+ listenSock/listen6Sock == -1
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ libvncserver/sockets.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c
+index 84c9c98..3ff2aac 100644
+--- a/libvncserver/sockets.c
++++ b/libvncserver/sockets.c
+@@ -402,9 +402,9 @@ rfbProcessNewConnection(rfbScreenInfoPtr rfbScreen)
+       rfbLogPerror("rfbProcessNewConnection: error in select");
+       return FALSE;
+     }
+-    if (FD_ISSET(rfbScreen->listenSock, &listen_fds)) 
++    if (rfbScreen->listenSock >= 0 && FD_ISSET(rfbScreen->listenSock, &listen_fds))
+       chosen_listen_sock = rfbScreen->listenSock;
+-    if (FD_ISSET(rfbScreen->listen6Sock, &listen_fds)) 
++    if (rfbScreen->listen6Sock >= 0 && FD_ISSET(rfbScreen->listen6Sock, &listen_fds))
+       chosen_listen_sock = rfbScreen->listen6Sock;
+ 
+     if ((sock = accept(chosen_listen_sock,
+-- 
+2.13.5
+
diff --git a/SPECS/libvncserver.spec b/SPECS/libvncserver.spec
index f76bbc3..8a16a75 100644
--- a/SPECS/libvncserver.spec
+++ b/SPECS/libvncserver.spec
@@ -6,7 +6,7 @@
 Summary: Library to make writing a vnc server easy
 Name:    libvncserver
 Version: 0.9.9
-Release: 9%{?dist}.1
+Release: 11%{?dist}
 # NOTE: --with-tightvnc-filetransfer => GPLv2
 License: GPLv2+
 Group:   System Environment/Libraries
@@ -20,16 +20,21 @@ Patch1: LibVNCServer-0.9.9-system_minilzo.patch
 Patch2: libvncserver-0.9.1-multilib.patch
 # pkgconfig love (upstreamable)
 Patch3: LibVNCServer-0.9.9-pkgconfig.patch
-# Fix CVE-2014-6051, bug #1157670
+# Fix CVE-2014-6051, bug #1157671
 Patch4: LibVNCServer-0.9.10-CVE-2014-6051.patch
-# Fix CVE-2014-6052, bug #1157670
+# Fix CVE-2014-6052, bug #1157671
 Patch5: LibVNCServer-0.9.9-CVE-2014-6052.patch
-# Fix CVE-2014-6053, bug #1157670
+# Fix CVE-2014-6053, bug #1157671
 Patch6: LibVNCServer-0.9.10-CVE-2014-6053.patch
-# Fix CVE-2014-6054, bug #1157670
+# Fix CVE-2014-6054, bug #1157671
 Patch7: LibVNCServer-0.9.10-CVE-2014-6054.patch
-# Fix CVE-2014-6055, bug #1157670
+# Fix CVE-2014-6055, bug #1157671
 Patch8: LibVNCServer-0.9.10-CVE-2014-6055.patch
+# Fix a crash in the VNC server library on connecting an IPv4 client if the
+# server could not start listening on an IPv6 socket, bug #1314814, in upstream
+# after 0.9.9,
+# <https://sourceforge.net/p/libvncserver/mailman/message/29358128/>
+Patch9: LibVNCServer-0.9.9-libvncserver-sockets.c-do-not-segfault-when-listenSo.patch
 
 # upstream name
 Obsoletes: LibVNCServer < 0.9.1
@@ -81,6 +86,7 @@ rm -f common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 # fix encoding
 for file in AUTHORS ChangeLog ; do
@@ -149,16 +155,20 @@ rm -rf %{buildroot}
 
 
 %changelog
-* Fri Oct 31 2014 Petr Pisar <ppisar@redhat.com> - 0.9.9-9.1
-- Fix CVE-2014-6051 (integer overflow in screen size handling) (bug #1157670)
+* Fri Sep 15 2017 Petr Pisar <ppisar@redhat.com> - 0.9.9-11
+- Fix a crash in the VNC server library on connecting an IPv4 client if the
+  server could not start listening on an IPv6 socket (bug #1314814)
+
+* Fri Oct 31 2014 Petr Pisar <ppisar@redhat.com> - 0.9.9-10
+- Fix CVE-2014-6051 (integer overflow in screen size handling) (bug #1157671)
 - Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup)
-  (bug #1157670)
+  (bug #1157671)
 - Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message
-  handling) (bug #1157670)
+  handling) (bug #1157671)
 - Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling)
-  (bug #1157670)
+  (bug #1157671)
 - Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer
-  handling) (bug #1157670)
+  handling) (bug #1157671)
 
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.9.9-9
 - Mass rebuild 2014-01-24