diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..77f3f36
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/LibVNCServer-0.9.11.tar.gz
diff --git a/.libvncserver.metadata b/.libvncserver.metadata
new file mode 100644
index 0000000..01e5bd8
--- /dev/null
+++ b/.libvncserver.metadata
@@ -0,0 +1 @@
+d844a2c9e69465d104a8468dce515a49e4db9585 SOURCES/LibVNCServer-0.9.11.tar.gz
diff --git a/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch b/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
new file mode 100644
index 0000000..853ea28
--- /dev/null
+++ b/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
@@ -0,0 +1,195 @@
+From 0a98d629447964f1d5d922d5012ee0c2cbf10694 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Mon, 11 Jun 2018 23:47:02 +0200
+Subject: [PATCH 1/2] libvncserver: Add API to add custom I/O entry points
+
+Add API to make it possible to channel RFB input and output through
+another layer, for example TLS. This is done by making it possible to
+override the default read/write/peek functions.
+---
+ libvncserver/rfbserver.c | 4 +++
+ libvncserver/sockets.c | 64 +++++++++++++++++++++++++++++++++++++---
+ rfb/rfb.h | 17 +++++++++++
+ 3 files changed, 81 insertions(+), 4 deletions(-)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 7af6aed..fbedd9f 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -322,6 +322,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
+
+ cl->screen = rfbScreen;
+ cl->sock = sock;
++ cl->readFromSocket = rfbDefaultReadFromSocket;
++ cl->peekAtSocket = rfbDefaultPeekAtSocket;
++ cl->hasPendingOnSocket = rfbDefaultHasPendingOnSocket;
++ cl->writeToSocket = rfbDefaultWriteToSocket;
+ cl->viewOnly = FALSE;
+ /* setup pseudo scaling */
+ cl->scaledScreen = rfbScreen;
+diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c
+index bbc3d90..27515f2 100644
+--- a/libvncserver/sockets.c
++++ b/libvncserver/sockets.c
+@@ -589,6 +589,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
+ return sock;
+ }
+
++int
++rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len)
++{
++ return read(cl->sock, buf, len);
++}
++
++static int
++rfbReadFromSocket(rfbClientPtr cl, char *buf, int len)
++{
++ return cl->readFromSocket(cl, buf, len);
++}
++
++rfbBool
++rfbDefaultHasPendingOnSocket(rfbClientPtr cl)
++{
++ return FALSE;
++}
++
++static rfbBool
++rfbHasPendingOnSocket(rfbClientPtr cl)
++{
++ cl->hasPendingOnSocket(cl);
++}
++
+ /*
+ * ReadExact reads an exact number of bytes from a client. Returns 1 if
+ * those bytes have been read, 0 if the other end has closed, or -1 if an error
+@@ -610,10 +634,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+ } else if (cl->sslctx) {
+ n = rfbssl_read(cl, buf, len);
+ } else {
+- n = read(sock, buf, len);
++ n = rfbReadFromSocket(cl, buf, len);
+ }
+ #else
+- n = read(sock, buf, len);
++ n = rfbReadFromSocket(cl, buf, len);
+ #endif
+
+ if (n > 0) {
+@@ -645,6 +669,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+ continue;
+ }
+ #endif
++
++ if (rfbHasPendingOnSocket(cl))
++ continue;
++
+ FD_ZERO(&fds);
+ FD_SET(sock, &fds);
+ tv.tv_sec = timeout / 1000;
+@@ -681,6 +709,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
+ return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait));
+ }
+
++int
++rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len)
++{
++ return recv(cl->sock, buf, len, MSG_PEEK);
++}
++
++int
++rfbPeekAtSocket(rfbClientPtr cl, char *buf, int len)
++{
++ cl->peekAtSocket(cl, buf, len);
++}
++
+ /*
+ * PeekExact peeks at an exact number of bytes from a client. Returns 1 if
+ * those bytes have been read, 0 if the other end has closed, or -1 if an
+@@ -701,7 +741,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+ n = rfbssl_peek(cl, buf, len);
+ else
+ #endif
+- n = recv(sock, buf, len, MSG_PEEK);
++ n = rfbPeekAtSocket(cl, buf, len);
+
+ if (n == len) {
+
+@@ -757,6 +797,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+ return 1;
+ }
+
++int
++rfbDefaultWriteToSocket(rfbClientPtr cl,
++ const char *buf,
++ int len)
++{
++ return write(cl->sock, buf, len);
++}
++
++static int
++rfbWriteToSocket(rfbClientPtr cl,
++ const char *buf,
++ int len)
++{
++ return cl->writeToSocket(cl, buf, len);
++}
++
+ /*
+ * WriteExact writes an exact number of bytes to a client. Returns 1 if
+ * those bytes have been written, or -1 if an error occurred (errno is set to
+@@ -801,7 +857,7 @@ rfbWriteExact(rfbClientPtr cl,
+ n = rfbssl_write(cl, buf, len);
+ else
+ #endif
+- n = write(sock, buf, len);
++ n = rfbWriteToSocket(cl, buf, len);
+
+ if (n > 0) {
+
+diff --git a/rfb/rfb.h b/rfb/rfb.h
+index f982b40..ba9e898 100644
+--- a/rfb/rfb.h
++++ b/rfb/rfb.h
+@@ -415,6 +415,14 @@ typedef struct sraRegion* sraRegionPtr;
+
+ typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl);
+
++typedef int (*ClientReadFromSocket)(struct _rfbClientRec* cl,
++ char *buf, int len);
++typedef int (*ClientPeekAtSocket)(struct _rfbClientRec* cl,
++ char *buf, int len);
++typedef rfbBool (*ClientHasPendingOnSocket)(struct _rfbClientRec* cl);
++typedef int (*ClientWriteToSocket)(struct _rfbClientRec* cl,
++ const char *buf, int len);
++
+ typedef struct _rfbFileTransferData {
+ int fd;
+ int compressionEnabled;
+@@ -696,6 +704,11 @@ typedef struct _rfbClientRec {
+ wsCtx *wsctx;
+ char *wspath; /* Requests path component */
+ #endif
++
++ ClientReadFromSocket readFromSocket; /* Read data from socket */
++ ClientPeekAtSocket peekAtSocket; /* Peek at data from socket */
++ ClientHasPendingOnSocket hasPendingOnSocket; /* Peek at data from socket */
++ ClientWriteToSocket writeToSocket; /* Write data to socket */
+ } rfbClientRec, *rfbClientPtr;
+
+ /**
+@@ -748,8 +761,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);
+ extern void rfbCloseClient(rfbClientPtr cl);
+ extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);
+ extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
++extern int rfbDefaultReadFromSocket(rfbClientPtr cl, char *buf, int len);
+ extern int rfbPeekExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
++extern int rfbDefaultPeekAtSocket(rfbClientPtr cl, char *buf, int len);
++extern rfbBool rfbDefaultHasPendingOnSocket(rfbClientPtr cl);
+ extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len);
++extern int rfbDefaultWriteToSocket(rfbClientPtr cl, const char *buf, int len);
+ extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);
+ extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
+ extern int rfbConnectToTcpAddr(char* host, int port);
+--
+2.17.1
+
diff --git a/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch b/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch
new file mode 100644
index 0000000..e922461
--- /dev/null
+++ b/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch
@@ -0,0 +1,366 @@
+From c343c1b43080bcb45dad285faa5cd8926bfb9811 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Mon, 11 Jun 2018 23:50:05 +0200
+Subject: [PATCH 2/2] libvncserver: Add channel security handlers
+
+Add another type of security handler that is meant to be used initially
+to set up a secure channel. Regular security handlers would be
+advertised and processed after any channel security have succeeded.
+
+For example, this, together with the custom I/O functions allows a
+LibVNCServer user to implement TLS in combination with VNCAuth. This is
+done by adding a single channel security handler with the rfbTLS (18)
+with a handler that initiates a TLS session, and when a TLS session is
+initiated, the regular security handler list is sent.
+---
+ libvncserver/auth.c | 162 ++++++++++++++++++++++++++++++---------
+ libvncserver/rfbserver.c | 1 +
+ rfb/rfb.h | 15 +++-
+ 3 files changed, 140 insertions(+), 38 deletions(-)
+
+diff --git a/libvncserver/auth.c b/libvncserver/auth.c
+index 814a814..6581953 100644
+--- a/libvncserver/auth.c
++++ b/libvncserver/auth.c
+@@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl, const char *reason);
+ * Handle security types
+ */
+
++/* Channel security handlers to set up a secure channel, e.g. TLS. */
++static rfbSecurityHandler* channelSecurityHandlers = NULL;
++
++/* Security handlers when channel security is established. */
+ static rfbSecurityHandler* securityHandlers = NULL;
+
+-/*
+- * This method registers a list of new security types.
+- * It avoids same security type getting registered multiple times.
+- * The order is not preserved if multiple security types are
+- * registered at one-go.
+- */
+ void
+-rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
++rfbRegisterSecurityHandlerTo(rfbSecurityHandler* handler,
++ rfbSecurityHandler** handlerList)
+ {
+- rfbSecurityHandler *head = securityHandlers, *next = NULL;
++ rfbSecurityHandler *head = *handlerList, *next = NULL;
+
+ if(handler == NULL)
+ return;
+@@ -57,39 +56,35 @@ rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
+
+ while(head != NULL) {
+ if(head == handler) {
+- rfbRegisterSecurityHandler(next);
++ rfbRegisterSecurityHandlerTo(next, handlerList);
+ return;
+ }
+
+ head = head->next;
+ }
+
+- handler->next = securityHandlers;
+- securityHandlers = handler;
++ handler->next = *handlerList;
++ *handlerList = handler;
+
+- rfbRegisterSecurityHandler(next);
++ rfbRegisterSecurityHandlerTo(next, handlerList);
+ }
+
+-/*
+- * This method unregisters a list of security types.
+- * These security types won't be available for any new
+- * client connection.
+- */
+-void
+-rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
++static void
++rfbUnregisterSecurityHandlerFrom(rfbSecurityHandler* handler,
++ rfbSecurityHandler** handlerList)
+ {
+ rfbSecurityHandler *cur = NULL, *pre = NULL;
+
+ if(handler == NULL)
+ return;
+
+- if(securityHandlers == handler) {
+- securityHandlers = securityHandlers->next;
+- rfbUnregisterSecurityHandler(handler->next);
++ if(*handlerList == handler) {
++ *handlerList = (*handlerList)->next;
++ rfbUnregisterSecurityHandlerFrom(handler->next, handlerList);
+ return;
+ }
+
+- cur = pre = securityHandlers;
++ cur = pre = *handlerList;
+
+ while(cur) {
+ if(cur == handler) {
+@@ -99,7 +94,50 @@ rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
+ pre = cur;
+ cur = cur->next;
+ }
+- rfbUnregisterSecurityHandler(handler->next);
++ rfbUnregisterSecurityHandlerFrom(handler->next, handlerList);
++}
++
++void
++rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler)
++{
++ rfbRegisterSecurityHandlerTo(handler, &channelSecurityHandlers);
++}
++
++/*
++ * This method unregisters a list of security types.
++ * These security types won't be available for any new
++ * client connection.
++ */
++
++void
++rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler)
++{
++ rfbUnregisterSecurityHandlerFrom(handler, &channelSecurityHandlers);
++}
++
++/*
++ * This method registers a list of new security types.
++ * It avoids same security type getting registered multiple times.
++ * The order is not preserved if multiple security types are
++ * registered at one-go.
++ */
++
++void
++rfbRegisterSecurityHandler(rfbSecurityHandler* handler)
++{
++ rfbRegisterSecurityHandlerTo(handler, &securityHandlers);
++}
++
++/*
++ * This method unregisters a list of security types.
++ * These security types won't be available for any new
++ * client connection.
++ */
++
++void
++rfbUnregisterSecurityHandler(rfbSecurityHandler* handler)
++{
++ rfbUnregisterSecurityHandlerFrom(handler, &securityHandlers);
+ }
+
+ /*
+@@ -197,9 +235,22 @@ static rfbSecurityHandler VncSecurityHandlerNone = {
+ NULL
+ };
+
++static int32_t
++determinePrimarySecurityType(rfbClientPtr cl)
++{
++ if (!cl->screen->authPasswdData || cl->reverseConnection) {
++ /* chk if this condition is valid or not. */
++ return rfbSecTypeNone;
++ } else if (cl->screen->authPasswdData) {
++ return rfbSecTypeVncAuth;
++ } else {
++ return rfbSecTypeInvalid;
++ }
++}
+
+-static void
+-rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
++void
++rfbSendSecurityTypeList(rfbClientPtr cl,
++ enum rfbSecurityTag exclude)
+ {
+ /* The size of the message is the count of security types +1,
+ * since the first byte is the number of types. */
+@@ -207,9 +258,10 @@ rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
+ rfbSecurityHandler* handler;
+ #define MAX_SECURITY_TYPES 255
+ uint8_t buffer[MAX_SECURITY_TYPES+1];
+-
++ int32_t primaryType;
+
+ /* Fill in the list of security types in the client structure. (NOTE: Not really in the client structure) */
++ primaryType = determinePrimarySecurityType(cl);
+ switch (primaryType) {
+ case rfbSecTypeNone:
+ rfbRegisterSecurityHandler(&VncSecurityHandlerNone);
+@@ -221,6 +273,9 @@ rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
+
+ for (handler = securityHandlers;
+ handler && size<MAX_SECURITY_TYPES; handler = handler->next) {
++ if (exclude && (handler->securityTags & exclude))
++ continue;
++
+ buffer[size] = handler->type;
+ size++;
+ }
+@@ -249,7 +304,29 @@ rfbSendSecurityTypeList(rfbClientPtr cl, int primaryType)
+ cl->state = RFB_SECURITY_TYPE;
+ }
+
++static void
++rfbSendChannelSecurityTypeList(rfbClientPtr cl)
++{
++ int size = 1;
++ rfbSecurityHandler* handler;
++ uint8_t buffer[MAX_SECURITY_TYPES+1];
++
++ for (handler = channelSecurityHandlers;
++ handler && size<MAX_SECURITY_TYPES; handler = handler->next) {
++ buffer[size] = handler->type;
++ size++;
++ }
++ buffer[0] = (unsigned char)size-1;
++
++ if (rfbWriteExact(cl, (char *)buffer, size) < 0) {
++ rfbLogPerror("rfbSendSecurityTypeList: write");
++ rfbCloseClient(cl);
++ return;
++ }
+
++ /* Dispatch client input to rfbProcessClientChannelSecurityType. */
++ cl->state = RFB_CHANNEL_SECURITY_TYPE;
++}
+
+
+ /*
+@@ -297,18 +374,19 @@ rfbSendSecurityType(rfbClientPtr cl, int32_t securityType)
+ void
+ rfbAuthNewClient(rfbClientPtr cl)
+ {
+- int32_t securityType = rfbSecTypeInvalid;
++ int32_t securityType;
+
+- if (!cl->screen->authPasswdData || cl->reverseConnection) {
+- /* chk if this condition is valid or not. */
+- securityType = rfbSecTypeNone;
+- } else if (cl->screen->authPasswdData) {
+- securityType = rfbSecTypeVncAuth;
+- }
++ securityType = determinePrimarySecurityType(cl);
+
+ if (cl->protocolMajorVersion==3 && cl->protocolMinorVersion < 7)
+ {
+ /* Make sure we use only RFB 3.3 compatible security types. */
++ if (channelSecurityHandlers) {
++ rfbLog("VNC channel security enabled - RFB 3.3 client rejected\n");
++ rfbClientConnFailed(cl, "Your viewer cannot hnadler required "
++ "security methods");
++ return;
++ }
+ if (securityType == rfbSecTypeInvalid) {
+ rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n");
+ rfbClientConnFailed(cl, "Your viewer cannot handle required "
+@@ -316,9 +394,11 @@ rfbAuthNewClient(rfbClientPtr cl)
+ return;
+ }
+ rfbSendSecurityType(cl, securityType);
++ } else if (channelSecurityHandlers) {
++ rfbSendChannelSecurityTypeList(cl);
+ } else {
+ /* Here it's ok when securityType is set to rfbSecTypeInvalid. */
+- rfbSendSecurityTypeList(cl, securityType);
++ rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE);
+ }
+ }
+
+@@ -332,6 +412,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
+ int n;
+ uint8_t chosenType;
+ rfbSecurityHandler* handler;
++ rfbSecurityHandler* handlerListHead;
+
+ /* Read the security type. */
+ n = rfbReadExact(cl, (char *)&chosenType, 1);
+@@ -344,8 +425,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
+ return;
+ }
+
++ switch (cl->state) {
++ case RFB_CHANNEL_SECURITY_TYPE:
++ handlerListHead = channelSecurityHandlers;
++ break;
++ case RFB_SECURITY_TYPE:
++ handlerListHead = securityHandlers;
++ break;
++ }
++
+ /* Make sure it was present in the list sent by the server. */
+- for (handler = securityHandlers; handler; handler = handler->next) {
++ for (handler = handlerListHead; handler; handler = handler->next) {
+ if (chosenType == handler->type) {
+ rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType);
+ handler->handler(cl);
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index fbedd9f..1e8b3c1 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -643,6 +643,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
+ case RFB_PROTOCOL_VERSION:
+ rfbProcessClientProtocolVersion(cl);
+ return;
++ case RFB_CHANNEL_SECURITY_TYPE:
+ case RFB_SECURITY_TYPE:
+ rfbProcessClientSecurityType(cl);
+ return;
+diff --git a/rfb/rfb.h b/rfb/rfb.h
+index ba9e898..be58d08 100644
+--- a/rfb/rfb.h
++++ b/rfb/rfb.h
+@@ -182,6 +182,11 @@ typedef struct {
+ } data; /**< there have to be count*3 entries */
+ } rfbColourMap;
+
++enum rfbSecurityTag {
++ RFB_SECURITY_TAG_NONE = 0,
++ RFB_SECURITY_TAG_CHANNEL = 1 << 0
++};
++
+ /**
+ * Security handling (RFB protocol version 3.7)
+ */
+@@ -190,6 +195,7 @@ typedef struct _rfbSecurity {
+ uint8_t type;
+ void (*handler)(struct _rfbClientRec* cl);
+ struct _rfbSecurity* next;
++ enum rfbSecurityTag securityTags;
+ } rfbSecurityHandler;
+
+ /**
+@@ -506,7 +512,7 @@ typedef struct _rfbClientRec {
+ /** Possible client states: */
+ enum {
+ RFB_PROTOCOL_VERSION, /**< establishing protocol version */
+- RFB_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */
++ RFB_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */
+ RFB_AUTHENTICATION, /**< authenticating */
+ RFB_INITIALISATION, /**< sending initialisation messages */
+ RFB_NORMAL, /**< normal protocol messages */
+@@ -514,7 +520,9 @@ typedef struct _rfbClientRec {
+ /* Ephemeral internal-use states that will never be seen by software
+ * using LibVNCServer to provide services: */
+
+- RFB_INITIALISATION_SHARED /**< sending initialisation messages with implicit shared-flag already true */
++ RFB_INITIALISATION_SHARED, /**< sending initialisation messages with implicit shared-flag already true */
++
++ RFB_CHANNEL_SECURITY_TYPE, /**< negotiating security (RFB v.3.7) */
+ } state;
+
+ rfbBool reverseConnection;
+@@ -855,6 +863,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
+ extern void rfbAuthProcessClientMessage(rfbClientPtr cl);
+ extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler);
+ extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler);
++extern void rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler);
++extern void rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler);
++extern void rfbSendSecurityTypeList(rfbClientPtr cl, enum rfbSecurityTag exclude);
+
+ /* rre.c */
+
+--
+2.17.1
+
diff --git a/SOURCES/0040-Ensure-compatibility-with-gtk-vnc-0.7.0.patch b/SOURCES/0040-Ensure-compatibility-with-gtk-vnc-0.7.0.patch
new file mode 100644
index 0000000..a814328
--- /dev/null
+++ b/SOURCES/0040-Ensure-compatibility-with-gtk-vnc-0.7.0.patch
@@ -0,0 +1,28 @@
+From 75f04c14e49e084e41bdd5491edad8823773a08c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <github@kempniu.pl>
+Date: Tue, 14 Feb 2017 12:42:04 +0100
+Subject: [PATCH 40/98] Ensure compatibility with gtk-vnc 0.7.0+
+
+---
+ libvncserver/websockets.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c
+index 72396c2..0b2d46f 100644
+--- a/libvncserver/websockets.c
++++ b/libvncserver/websockets.c
+@@ -245,7 +245,10 @@ webSocketsCheck (rfbClientPtr cl)
+ return FALSE;
+ }
+
+- if (strncmp(bbuf, "<", 1) == 0) {
++ if (strncmp(bbuf, "RFB ", 4) == 0) {
++ rfbLog("Normal socket connection\n");
++ return TRUE;
++ } else if (strncmp(bbuf, "<", 1) == 0) {
+ rfbLog("Got Flash policy request, sending response\n");
+ if (rfbWriteExact(cl, FLASH_POLICY_RESPONSE,
+ SZ_FLASH_POLICY_RESPONSE) < 0) {
+--
+2.9.4
+
diff --git a/SOURCES/LibVNCServer-0.9.10-system-crypto-policy.patch b/SOURCES/LibVNCServer-0.9.10-system-crypto-policy.patch
new file mode 100644
index 0000000..47d540b
--- /dev/null
+++ b/SOURCES/LibVNCServer-0.9.10-system-crypto-policy.patch
@@ -0,0 +1,26 @@
+diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c
+--- libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c 2015-12-12 00:14:37.269157918 +0100
++++ libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c 2015-12-12 11:23:29.391385234 +0100
+@@ -31,8 +31,8 @@
+ #include "tls.h"
+
+
+-static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
+-static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH";
++static const char *rfbTLSPriority = "@SYSTEM";
++static const char *rfbAnonTLSPriority= "@SYSTEM:+ANON-DH";
+
+ #define DH_BITS 1024
+ static gnutls_dh_params_t rfbDHParams;
+diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c
+--- libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c 2015-12-12 00:14:37.270157930 +0100
++++ libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c 2015-12-12 11:14:49.966830581 +0100
+@@ -54,7 +54,7 @@
+
+ if (!GNUTLS_E_SUCCESS == (ret = gnutls_init(&session, GNUTLS_SERVER))) {
+ /* */
+- } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_priority_set_direct(session, "EXPORT", NULL))) {
++ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_set_default_priority(session))) {
+ /* */
+ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->x509_cred))) {
+ /* */
diff --git a/SOURCES/libvncserver-0.9.1-multilib.patch b/SOURCES/libvncserver-0.9.1-multilib.patch
new file mode 100644
index 0000000..d54a470
--- /dev/null
+++ b/SOURCES/libvncserver-0.9.1-multilib.patch
@@ -0,0 +1,20 @@
+diff -up LibVNCServer-0.9.1/libvncserver-config.in.multilib LibVNCServer-0.9.1/libvncserver-config.in
+--- LibVNCServer-0.9.1/libvncserver-config.in.multilib 2007-05-26 21:28:25.000000000 -0500
++++ LibVNCServer-0.9.1/libvncserver-config.in 2008-01-22 14:51:08.000000000 -0600
+@@ -4,7 +4,6 @@ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ exec_prefix_set=no
+ includedir=@includedir@
+-libdir=@libdir@
+
+ # if this script is in the same directory as libvncserver-config.in, assume not installed
+ if [ -f "`dirname "$0"`/libvncserver-config.in" ]; then
+@@ -63,7 +62,7 @@ while test $# -gt 0; do
+ libs="$libs -R$dir"
+ fi
+ done
+- echo "$libs" -lvncserver -lvncclient @LIBS@ @WSOCKLIB@
++ echo "$libs" -lvncserver -lvncclient
+ ;;
+ --link)
+ echo @CC@
diff --git a/SOURCES/libvncserver-0.9.11-Fix-CVE-2018-15127-Heap-out-of-bounds-write-in-rfbse.patch b/SOURCES/libvncserver-0.9.11-Fix-CVE-2018-15127-Heap-out-of-bounds-write-in-rfbse.patch
new file mode 100644
index 0000000..3140fcb
--- /dev/null
+++ b/SOURCES/libvncserver-0.9.11-Fix-CVE-2018-15127-Heap-out-of-bounds-write-in-rfbse.patch
@@ -0,0 +1,82 @@
+From d9a832a2edbf95d664b07791f77a22ac3dfb95f5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Thu, 10 Jan 2019 12:11:04 +0100
+Subject: [PATCH] Fix CVE-2018-15127 (Heap out-of-bounds write in
+ rfbserver.c:rfbProcessFileTransferReadBuffer())
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch contains the following three upstream patches squashed
+together and ported to 0.9.11 version:
+
+ commit 502821828ed00b4a2c4bef90683d0fd88ce495de
+ Author: Christian Beier <dontmind@freeshell.org>
+ Date: Sun Oct 21 20:21:30 2018 +0200
+
+ LibVNCServer: fix heap out-of-bound write access
+
+ Closes #243
+
+ commit 15bb719c03cc70f14c36a843dcb16ed69b405707
+ Author: Christian Beier <dontmind@freeshell.org>
+ Date: Sun Jan 6 15:13:56 2019 +0100
+
+ Error out in rfbProcessFileTransferReadBuffer if length can not be allocated
+
+ re #273
+
+ commit 09e8fc02f59f16e2583b34fe1a270c238bd9ffec
+ Author: Petr Písař <ppisar@redhat.com>
+ Date: Mon Jan 7 10:40:01 2019 +0100
+
+ Limit lenght to INT_MAX bytes in rfbProcessFileTransferReadBuffer()
+
+ This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
+ out-of-bound write access in rfbProcessFileTransferReadBuffer() when
+ reading a transfered file content in a server. The former fix did not
+ work on platforms with a 32-bit int type (expected by rfbReadExact()).
+
+ CVE-2018-15127
+ <https://github.com/LibVNC/libvncserver/issues/243>
+ <https://github.com/LibVNC/libvncserver/issues/273>
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ libvncserver/rfbserver.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index b50a7f4..1b4dd97 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -1471,11 +1471,24 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
+ int n=0;
+
+ FILEXFER_ALLOWED_OR_CLOSE_AND_RETURN("", cl, NULL);
++
+ /*
+- rfbLog("rfbProcessFileTransferReadBuffer(%dlen)\n", length);
++ We later alloc length+1, which might wrap around on 32-bit systems if length equals
++ 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
++ will safely be allocated since this check will never trigger and malloc() can digest length+1
++ without problems as length is a uint32_t.
++ We also later pass length to rfbReadExact() that expects a signed int type and
++ that might wrap on platforms with a 32-bit int type if length is bigger
++ than 0X7FFFFFFF.
+ */
++ if(length == SIZE_MAX || length > INT_MAX) {
++ rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
++ rfbCloseClient(cl);
++ return NULL;
++ }
++
+ if (length>0) {
+- buffer=malloc(length+1);
++ buffer=malloc((size_t)length+1);
+ if (buffer!=NULL) {
+ if ((n = rfbReadExact(cl, (char *)buffer, length)) <= 0) {
+ if (n != 0)
+--
+2.17.2
+
diff --git a/SOURCES/libvncserver-0.9.11-Limit-client-cut-text-length-to-1-MB.patch b/SOURCES/libvncserver-0.9.11-Limit-client-cut-text-length-to-1-MB.patch
new file mode 100644
index 0000000..2a71f7f
--- /dev/null
+++ b/SOURCES/libvncserver-0.9.11-Limit-client-cut-text-length-to-1-MB.patch
@@ -0,0 +1,40 @@
+From e7d578afbb16592ccee8f13aedd65b2220e220ae Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Tue, 6 Mar 2018 11:58:02 +0100
+Subject: [PATCH] Limit client cut text length to 1 MB
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch constrains client text length to 1 MB. Otherwise a client
+could make server allocate 2 GB of memory and that seems to be to much
+to classify it as denial of service.
+
+I keep the previous checks for maximal type values intentionally as
+a course of defensive coding. (You cannot never know how small the
+types are. And as a warning for people patching out this change not to
+introduce CVE-2018-7225 again.)
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ libvncserver/rfbserver.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index a9561fc..0027343 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -2587,7 +2587,9 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
+ * argument. Here we check that the value fits into all of them to
+ * prevent from misinterpretation and thus from accessing uninitialized
+ * memory. CVE-2018-7225 */
+- if (msg.cct.length > SIZE_MAX || msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {
++ /* But first to prevent from a denial-of-service by allocating to much
++ * memory in the server, we impose a limit of 1 MB. */
++ if (msg.cct.length > 1<<20 || msg.cct.length > SIZE_MAX || msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {
+ rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
+ msg.cct.length);
+ rfbCloseClient(cl);
+--
+2.13.6
+
diff --git a/SOURCES/libvncserver-0.9.11-Validate-client-cut-text-length.patch b/SOURCES/libvncserver-0.9.11-Validate-client-cut-text-length.patch
new file mode 100644
index 0000000..dc89cdf
--- /dev/null
+++ b/SOURCES/libvncserver-0.9.11-Validate-client-cut-text-length.patch
@@ -0,0 +1,76 @@
+From 0073e4f694d5a51bb72ff12a5e8364b6e752e094 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Mon, 26 Feb 2018 13:48:00 +0100
+Subject: [PATCH] Validate client cut text length
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Client-provided unsigned 32-bit cut text length is passed to various
+functions that expects argument of a different type.
+
+E.g. "RFB 003.003\n\001\006\0\0\0\xff\xff\xff\xff" string sent to the
+RFB server leads to 4294967295 msg.cct.length value that in turn is
+interpreted as -1 by rfbReadExact() and thus uninitialized str buffer
+with potentially sensitive data is passed to subsequent functions.
+
+This patch fixes it by checking for a maximal value that still can be
+processed correctly. It also corrects accepting length value of zero
+(malloc(0) is interpreted on differnet systems differently).
+
+Whether a client can make the server allocate up to 2 GB and cause
+a denial of service on memory-tight systems is kept without answer.
+A possible solution would be adding an arbitrary memory limit that is
+deemed safe.
+
+CVE-2018-7225
+<https://github.com/LibVNC/libvncserver/issues/218>
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ libvncserver/rfbserver.c | 22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 116c488..a9561fc 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -88,6 +88,12 @@
+ #include <errno.h>
+ /* strftime() */
+ #include <time.h>
++/* SIZE_MAX */
++#include <stdint.h>
++/* PRIu32 */
++#include <inttypes.h>
++/* INT_MAX */
++#include <limits.h>
+
+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
+ #include "rfbssl.h"
+@@ -2575,7 +2581,21 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
+
+ msg.cct.length = Swap32IfLE(msg.cct.length);
+
+- str = (char *)malloc(msg.cct.length);
++ /* uint32_t input is passed to malloc()'s size_t argument,
++ * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int
++ * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int
++ * argument. Here we check that the value fits into all of them to
++ * prevent from misinterpretation and thus from accessing uninitialized
++ * memory. CVE-2018-7225 */
++ if (msg.cct.length > SIZE_MAX || msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {
++ rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
++ msg.cct.length);
++ rfbCloseClient(cl);
++ return;
++ }
++
++ /* Allow zero-length client cut text. */
++ str = (char *)malloc(msg.cct.length ? msg.cct.length : 1);
+ if (str == NULL) {
+ rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
+ rfbCloseClient(cl);
+--
+2.13.6
+
diff --git a/SOURCES/libvncserver-0.9.11-soname.patch b/SOURCES/libvncserver-0.9.11-soname.patch
new file mode 100644
index 0000000..3b45b34
--- /dev/null
+++ b/SOURCES/libvncserver-0.9.11-soname.patch
@@ -0,0 +1,22 @@
+diff -up libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.soname libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am
+--- libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.soname 2017-05-16 10:21:51.500768946 -0500
++++ libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am 2017-05-17 11:26:44.383312391 -0500
+@@ -25,5 +25,5 @@ EXTRA_DIST=corre.c hextile.c rre.c tight
+ $(libvncclient_la_OBJECTS): ../rfb/rfbclient.h
+
+ lib_LTLIBRARIES=libvncclient.la
+-libvncclient_la_LDFLAGS = -version-info 1:0:0
++libvncclient_la_LDFLAGS = -version-info 0:0:0
+
+diff -up libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.soname libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am
+--- libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.soname 2017-05-16 10:21:51.500768946 -0500
++++ libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am 2017-05-17 11:27:02.259459683 -0500
+@@ -66,7 +66,7 @@ libvncserver_la_LIBADD += $(LIBSYSTEMD_L
+ endif
+
+ lib_LTLIBRARIES=libvncserver.la
+-libvncserver_la_LDFLAGS = -version-info 1:0:0
++libvncserver_la_LDFLAGS = -version-info 0:0:0
+
+ if HAVE_RPM
+ $(PACKAGE)-$(VERSION).tar.gz: dist
diff --git a/SOURCES/libvncserver-0.9.11-system_minilzo.patch b/SOURCES/libvncserver-0.9.11-system_minilzo.patch
new file mode 100644
index 0000000..c513c40
--- /dev/null
+++ b/SOURCES/libvncserver-0.9.11-system_minilzo.patch
@@ -0,0 +1,55 @@
+diff -up libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am
+--- libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.system_minilzo 2017-02-14 10:54:54.308402791 -0600
++++ libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am 2017-02-14 10:56:28.007379315 -0600
+@@ -13,8 +13,8 @@ endif
+ endif
+
+
+-libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c ../common/minilzo.c $(TLSSRCS)
+-libvncclient_la_LIBADD=$(TLSLIBS)
++libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c $(TLSSRCS)
++libvncclient_la_LIBADD=$(TLSLIBS) -lminilzo
+
+ noinst_HEADERS=../common/lzodefs.h ../common/lzoconf.h ../common/minilzo.h tls.h
+
+diff -up libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c
+--- libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c.system_minilzo 2016-12-30 07:01:28.000000000 -0600
++++ libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c 2017-02-14 10:54:54.309402801 -0600
+@@ -66,7 +66,7 @@
+ #include <gcrypt.h>
+ #endif
+
+-#include "minilzo.h"
++#include <lzo/minilzo.h>
+ #include "tls.h"
+
+ #ifdef _MSC_VER
+diff -up libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am
+--- libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.system_minilzo 2017-02-14 10:54:54.309402801 -0600
++++ libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am 2017-02-14 10:57:28.495009713 -0600
+@@ -53,11 +53,11 @@ endif
+ LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \
+ stats.c corre.c hextile.c rre.c translate.c cutpaste.c \
+ httpd.c cursor.c font.c \
+- draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ../common/minilzo.c ultra.c scale.c \
++ draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ultra.c scale.c \
+ $(ZLIBSRCS) $(TIGHTSRCS) $(TIGHTVNCFILETRANSFERSRCS)
+
+ libvncserver_la_SOURCES=$(LIB_SRCS)
+-libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS)
++libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) -lminilzo
+
+ if WITH_SYSTEMD
+ AM_CPPFLAGS += -DLIBVNCSERVER_WITH_SYSTEMD
+diff -up libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c
+--- libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c.system_minilzo 2016-12-30 07:01:28.000000000 -0600
++++ libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c 2017-02-14 10:54:54.309402801 -0600
+@@ -8,7 +8,7 @@
+ */
+
+ #include <rfb/rfb.h>
+-#include "minilzo.h"
++#include <lzo/minilzo.h>
+
+ /*
+ * cl->beforeEncBuf contains pixel data in the client's format.
diff --git a/SPECS/libvncserver.spec b/SPECS/libvncserver.spec
new file mode 100644
index 0000000..3c619a7
--- /dev/null
+++ b/SPECS/libvncserver.spec
@@ -0,0 +1,280 @@
+Summary: Library to make writing a VNC server easy
+Name: libvncserver
+Version: 0.9.11
+Release: 9%{?dist}
+
+# NOTE: --with-filetransfer => GPLv2
+License: GPLv2+
+URL: http://libvnc.github.io/
+Source0: https://github.com/LibVNC/libvncserver/archive/LibVNCServer-%{version}.tar.gz
+
+## upstream patches
+Patch4: 0040-Ensure-compatibility-with-gtk-vnc-0.7.0.patch
+
+## TLS security type enablement patches
+# https://github.com/LibVNC/libvncserver/pull/234
+Patch10: 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
+Patch11: 0002-libvncserver-Add-channel-security-handlers.patch
+
+## downstream patches
+Patch100: libvncserver-0.9.11-system_minilzo.patch
+Patch101: libvncserver-0.9.1-multilib.patch
+Patch102: LibVNCServer-0.9.10-system-crypto-policy.patch
+# revert soname bump
+Patch103: libvncserver-0.9.11-soname.patch
+# 1/2 Fix CVE-2018-7225, bug #1546860
+Patch104: libvncserver-0.9.11-Validate-client-cut-text-length.patch
+# 2/2 Fix CVE-2018-7225, bug #1546860
+Patch105: libvncserver-0.9.11-Limit-client-cut-text-length-to-1-MB.patch
+# Fix CVE-2018-15127 (Heap out-of-bounds write in
+# rfbserver.c:rfbProcessFileTransferReadBuffer()), bug #1662997, upstream bugs
+# <https://github.com/LibVNC/libvncserver/issues/243>
+# <https://github.com/LibVNC/libvncserver/issues/273>
+# <https://github.com/LibVNC/libvncserver/issues/276>
+# fixed in upstream after 0.9.12
+Patch106: libvncserver-0.9.11-Fix-CVE-2018-15127-Heap-out-of-bounds-write-in-rfbse.patch
+
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libgcrypt-devel
+BuildRequires: libjpeg-devel
+BuildRequires: libtool
+BuildRequires: lzo-devel
+BuildRequires: lzo-minilzo
+BuildRequires: pkgconfig(gnutls)
+BuildRequires: pkgconfig(libcrypto)
+BuildRequires: pkgconfig(libpng)
+BuildRequires: pkgconfig(libssl)
+# Additional deps for --with-x11vnc, see https://bugzilla.redhat.com/show_bug.cgi?id=864947
+BuildRequires: pkgconfig(avahi-client)
+BuildRequires: pkgconfig(ice)
+BuildRequires: pkgconfig(x11)
+BuildRequires: pkgconfig(xdamage)
+BuildRequires: pkgconfig(xext)
+BuildRequires: pkgconfig(xfixes)
+BuildRequires: pkgconfig(xi)
+BuildRequires: pkgconfig(xinerama)
+BuildRequires: pkgconfig(xrandr)
+BuildRequires: pkgconfig(xtst)
+
+# For %%check
+BuildRequires: xorg-x11-xauth
+BuildRequires: zlib-devel
+
+%description
+LibVNCServer makes writing a VNC server (or more correctly, a program exporting
+a frame-buffer via the Remote Frame Buffer protocol) easy.
+
+It hides the programmer from the tedious task of managing clients and
+compression schemata.
+
+%package devel
+Summary: Development files for %{name}
+Requires: %{name}%{?_isa} = %{version}-%{release}
+# libvncserver-config deps
+Requires: coreutils
+
+%description devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+
+%prep
+%setup -q -n %{name}-LibVNCServer-%{version}
+
+%patch4 -p1 -b .0004
+
+%patch10 -p1
+%patch11 -p1
+
+%patch100 -p1 -b .system_minilzo
+# Nuke bundled minilzo
+#rm -fv common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
+
+%patch101 -p1 -b .multilib
+%patch102 -p1
+%if 0%{?fedora} < 26
+%patch103 -p1 -b .soname
+%global soname 0
+%else
+%global soname 1
+%endif
+%patch104 -p1
+%patch105 -p1
+%patch106 -p1
+
+# Fix encoding
+for file in ChangeLog ; do
+ mv ${file} ${file}.OLD && \
+ iconv -f ISO_8859-1 -t UTF8 ${file}.OLD > ${file} && \
+ touch --reference ${file}.OLD $file
+done
+
+# Needed by patch 1 (and to nuke rpath's)
+autoreconf -vif
+
+
+%build
+%configure \
+ --disable-silent-rules \
+ --disable-static \
+ --without-filetransfer \
+ --with-gcrypt \
+ --with-png \
+ --with-x11vnc
+
+# Hack to omit unused-direct-shlib-dependencies
+sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
+
+make %{?_smp_mflags}
+
+
+%install
+%make_install
+
+# Unpackaged files
+rm -fv %{buildroot}%{_bindir}/linuxvnc
+rm -fv %{buildroot}%{_libdir}/lib*.a
+rm -fv %{buildroot}%{_libdir}/lib*.la
+
+
+%check
+make -C test test ||:
+
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%license COPYING
+%doc AUTHORS ChangeLog NEWS README TODO
+%{_libdir}/libvncclient.so.%{soname}*
+%{_libdir}/libvncserver.so.%{soname}*
+
+%files devel
+%{_bindir}/libvncserver-config
+%{_includedir}/rfb/
+%{_libdir}/libvncclient.so
+%{_libdir}/libvncserver.so
+%{_libdir}/pkgconfig/libvncclient.pc
+%{_libdir}/pkgconfig/libvncserver.pc
+
+
+%changelog
+* Thu Jan 10 2019 Petr Pisar <ppisar@redhat.com> - 0.9.11-9
+- Fix CVE-2018-15127 (Heap out-of-bounds write in
+ rfbserver.c:rfbProcessFileTransferReadBuffer()) (bug #1662997)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.11-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 19 2018 Jonas Ådahl <jadahl@redhat.com> - 0.9.11-7
+- Add API to enable implementing TLS security type
+
+* Mon Feb 26 2018 Petr Pisar <ppisar@redhat.com> - 0.9.11-6
+- Fix CVE-2018-7225 (bug #1546860)
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.11-5.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.11-4.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.11-3.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed May 17 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.9.11-2.1
+- revert soname bump for < f26
+
+* Tue May 16 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.9.11-2
+- libvncclient sets +SRP in priority string (#1449605)
+- libvncserver blocks gtk-vnc clients >= 0.7.0 (#1451321)
+
+* Tue Feb 14 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.9.11-1
+- 0.9.11 (#1421948)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.10-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Feb 18 2016 Than Ngo <than@redhat.com> - 0.9.10-5
+- fix conflict with max() macro with gcc6, which causes build failure in KDE/Qt
+ like krfb
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.10-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Dec 17 2015 Simone Caronni <negativo17@gmail.com> - 0.9.10-3
+- Update crypto policies patch.
+
+* Sat Dec 12 2015 Simone Caronni <negativo17@gmail.com> - 0.9.10-2
+- Add patch for using system crypto policies (#1179318).
+
+* Fri Dec 11 2015 Simone Caronni <negativo17@gmail.com> - 0.9.10-1
+- Update to official 0.9.10 release, update configure parameters and remove
+ upstreamed patches.
+- Trim changelog.
+- Clean up SPEC file.
+- Add license macro.
+- Remove very old obsolete/provides on pacakge with camel case (LibVNCServer).
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.10-0.7.20140718git9453be42
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Sep 25 2014 Rex Dieter <rdieter@fedoraproject.org> 0.9.10-0.6.20140718git9453be42
+- Security fixes (#1145878) ...
+- CVE-2014-6051 (#1144287)
+- CVE-2014-6052 (#1144288)
+- CVE-2014-6053 (#1144289)
+- CVE-2014-6054 (#1144291)
+- CVE-2014-6055 (#1144293)
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.10-0.5.20140718git9453be42
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sun Aug 03 2014 Rex Dieter <rdieter@fedoraproject.org> 0.9.10-0.4.20140718git9453be42
+- 20140718git9453be42 snapshot
+
+* Sun Aug 03 2014 Rex Dieter <rdieter@fedoraproject.org> 0.9.10-0.3.20140405git646f844f
+- include krfb patches (upstream pull request #16)
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.10-0.2.20140405git646f844f
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Apr 29 2014 Rex Dieter <rdieter@fedoraproject.org> 0.9.10-0.1.20140405git646f844f
+- Update to the latest git commit 646f844 (#1092245)
+
+* Mon Mar 31 2014 Rex Dieter <rdieter@fedoraproject.org> 0.9.9-11
+- x11vnc crash when client connect (#972618)
+ pull in some upstream commits that may help
+
+* Sat Dec 21 2013 Rex Dieter <rdieter@fedoraproject.org> - 0.9.9-10
+- include additional dependencies for x11vnc (#864947)
+- %%build: --disable-silent-rules
+- cleanup spec, drop support for old rpm (el5)
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.9-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Jul 23 2013 Rex Dieter <rdieter@fedoraproject.org> 0.9.9-8
+- Automagic dependencies, explitictly build --with-gcrypt --with-png (#852660)
+
+* Thu Feb 14 2013 Rex Dieter <rdieter@fedoraproject.org> 0.9.9-7
+- pkgconfig love (#854111)
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 0.9.9-5
+- rebuild due to "jpeg8-ABI" feature drop
+
+* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 0.9.9-4
+- rebuild against new libjpeg
+
+* Thu Jul 26 2012 Rex Dieter <rdieter@fedoraproject.org> 0.9.9-3
+- libvncserver fails to build in mock with selinux enabled (#843603)
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Mon May 07 2012 Rex Dieter <rdieter@fedoraproject.org> 0.9.9-1
+- 0.9.9