diff --git a/SOURCES/0001-auth-Add-API-to-unregister-built-in-security-handler.patch b/SOURCES/0001-auth-Add-API-to-unregister-built-in-security-handler.patch
new file mode 100644
index 0000000..882b993
--- /dev/null
+++ b/SOURCES/0001-auth-Add-API-to-unregister-built-in-security-handler.patch
@@ -0,0 +1,47 @@
+From b793e8c51ab253c0951e43a84e9d448416462887 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Wed, 27 Nov 2019 16:58:29 +0100
+Subject: [PATCH] auth: Add API to unregister built in security handlers
+
+If I have a VNC server that first accepts password based authentication,
+then switches to something not using password (e.g. a prompt on screen),
+the security handler from the first would still be sent as, meaning
+clients would still ask for a password without there being one.
+---
+ libvncserver/auth.c | 7 +++++++
+ rfb/rfb.h | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/libvncserver/auth.c b/libvncserver/auth.c
+index 55e0b3c9..8b6fc48f 100644
+--- a/libvncserver/auth.c
++++ b/libvncserver/auth.c
+@@ -248,6 +248,13 @@ determinePrimarySecurityType(rfbClientPtr cl)
+ }
+ }
+
++void
++rfbUnregisterPrimarySecurityHandlers (void)
++{
++ rfbUnregisterSecurityHandler(&VncSecurityHandlerNone);
++ rfbUnregisterSecurityHandler(&VncSecurityHandlerVncAuth);
++}
++
+ void
+ rfbSendSecurityTypeList(rfbClientPtr cl,
+ enum rfbSecurityTag exclude)
+diff --git a/rfb/rfb.h b/rfb/rfb.h
+index 70b92242..738dbd82 100644
+--- a/rfb/rfb.h
++++ b/rfb/rfb.h
+@@ -887,6 +887,7 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
+ extern void rfbAuthProcessClientMessage(rfbClientPtr cl);
+ extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler);
+ extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler);
++extern void rfbUnregisterPrimarySecurityHandlers (void);
+ extern void rfbRegisterChannelSecurityHandler(rfbSecurityHandler* handler);
+ extern void rfbUnregisterChannelSecurityHandler(rfbSecurityHandler* handler);
+ extern void rfbSendSecurityTypeList(rfbClientPtr cl, enum rfbSecurityTag exclude);
+--
+2.23.0
+
diff --git a/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch b/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
index 853ea28..1f7b94c 100644
--- a/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
+++ b/SOURCES/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
@@ -1,4 +1,4 @@
-From 0a98d629447964f1d5d922d5012ee0c2cbf10694 Mon Sep 17 00:00:00 2001
+From fb4b12407e869c3da33df65ed3a43ef87aeae1c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Mon, 11 Jun 2018 23:47:02 +0200
Subject: [PATCH 1/2] libvncserver: Add API to add custom I/O entry points
@@ -7,16 +7,16 @@ Add API to make it possible to channel RFB input and output through
another layer, for example TLS. This is done by making it possible to
override the default read/write/peek functions.
---
- libvncserver/rfbserver.c | 4 +++
- libvncserver/sockets.c | 64 +++++++++++++++++++++++++++++++++++++---
- rfb/rfb.h | 17 +++++++++++
- 3 files changed, 81 insertions(+), 4 deletions(-)
+ libvncserver/rfbserver.c | 4 ++
+ libvncserver/sockets.c | 79 ++++++++++++++++++++++++++++++++++++----
+ rfb/rfb.h | 17 +++++++++
+ 3 files changed, 93 insertions(+), 7 deletions(-)
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 7af6aed..fbedd9f 100644
+index bc9cc117..0c8ee735 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
-@@ -322,6 +322,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
+@@ -319,6 +319,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
cl->screen = rfbScreen;
cl->sock = sock;
@@ -28,10 +28,56 @@ index 7af6aed..fbedd9f 100644
/* setup pseudo scaling */
cl->scaledScreen = rfbScreen;
diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c
-index bbc3d90..27515f2 100644
+index bbc3d90d..4874d4b6 100644
--- a/libvncserver/sockets.c
+++ b/libvncserver/sockets.c
-@@ -589,6 +589,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
+@@ -126,6 +126,9 @@ int deny_severity=LOG_WARNING;
+ int rfbMaxClientWait = 20000; /* time (ms) after which we decide client has
+ gone away - needed to stop us hanging */
+
++static rfbBool
++rfbHasPendingOnSocket(rfbClientPtr cl);
++
+ static rfbBool
+ rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, int sock)
+ {
+@@ -370,16 +373,20 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
+ tv.tv_usec = usec;
+ nfds = select(rfbScreen->maxFd + 1, &fds, NULL, NULL /* &fds */, &tv);
+ if (nfds == 0) {
++ rfbBool hasPendingData = FALSE;
++
+ /* timed out, check for async events */
+ i = rfbGetClientIterator(rfbScreen);
+ while((cl = rfbClientIteratorNext(i))) {
+ if (cl->onHold)
+ continue;
++ hasPendingData |= rfbHasPendingOnSocket(cl);
+ if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
+ rfbSendFileTransferChunk(cl);
+ }
+ rfbReleaseClientIterator(i);
+- return result;
++ if (!hasPendingData)
++ return result;
+ }
+
+ if (nfds < 0) {
+@@ -455,9 +462,11 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
+ if (cl->onHold)
+ continue;
+
+- if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
++ if (rfbHasPendingOnSocket (cl) ||
++ FD_ISSET(cl->sock, &(rfbScreen->allFds)))
+ {
+- if (FD_ISSET(cl->sock, &fds))
++ if (rfbHasPendingOnSocket (cl) ||
++ FD_ISSET(cl->sock, &fds))
+ {
+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
+ do {
+@@ -589,6 +598,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
return sock;
}
@@ -56,13 +102,13 @@ index bbc3d90..27515f2 100644
+static rfbBool
+rfbHasPendingOnSocket(rfbClientPtr cl)
+{
-+ cl->hasPendingOnSocket(cl);
++ return cl->hasPendingOnSocket(cl);
+}
+
/*
* ReadExact reads an exact number of bytes from a client. Returns 1 if
* those bytes have been read, 0 if the other end has closed, or -1 if an error
-@@ -610,10 +634,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -610,10 +643,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
} else if (cl->sslctx) {
n = rfbssl_read(cl, buf, len);
} else {
@@ -75,7 +121,7 @@ index bbc3d90..27515f2 100644
#endif
if (n > 0) {
-@@ -645,6 +669,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -645,6 +678,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
continue;
}
#endif
@@ -86,7 +132,7 @@ index bbc3d90..27515f2 100644
FD_ZERO(&fds);
FD_SET(sock, &fds);
tv.tv_sec = timeout / 1000;
-@@ -681,6 +709,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
+@@ -681,6 +718,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait));
}
@@ -105,7 +151,7 @@ index bbc3d90..27515f2 100644
/*
* PeekExact peeks at an exact number of bytes from a client. Returns 1 if
* those bytes have been read, 0 if the other end has closed, or -1 if an
-@@ -701,7 +741,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -701,7 +750,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
n = rfbssl_peek(cl, buf, len);
else
#endif
@@ -114,7 +160,7 @@ index bbc3d90..27515f2 100644
if (n == len) {
-@@ -757,6 +797,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -757,6 +806,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
return 1;
}
@@ -137,7 +183,7 @@ index bbc3d90..27515f2 100644
/*
* WriteExact writes an exact number of bytes to a client. Returns 1 if
* those bytes have been written, or -1 if an error occurred (errno is set to
-@@ -801,7 +857,7 @@ rfbWriteExact(rfbClientPtr cl,
+@@ -801,7 +866,7 @@ rfbWriteExact(rfbClientPtr cl,
n = rfbssl_write(cl, buf, len);
else
#endif
@@ -147,10 +193,10 @@ index bbc3d90..27515f2 100644
if (n > 0) {
diff --git a/rfb/rfb.h b/rfb/rfb.h
-index f982b40..ba9e898 100644
+index c6edc119..2e5597a9 100644
--- a/rfb/rfb.h
+++ b/rfb/rfb.h
-@@ -415,6 +415,14 @@ typedef struct sraRegion* sraRegionPtr;
+@@ -414,6 +414,14 @@ typedef struct sraRegion* sraRegionPtr;
typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl);
@@ -165,7 +211,7 @@ index f982b40..ba9e898 100644
typedef struct _rfbFileTransferData {
int fd;
int compressionEnabled;
-@@ -696,6 +704,11 @@ typedef struct _rfbClientRec {
+@@ -695,6 +703,11 @@ typedef struct _rfbClientRec {
wsCtx *wsctx;
char *wspath; /* Requests path component */
#endif
@@ -177,7 +223,7 @@ index f982b40..ba9e898 100644
} rfbClientRec, *rfbClientPtr;
/**
-@@ -748,8 +761,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);
+@@ -747,8 +760,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);
extern void rfbCloseClient(rfbClientPtr cl);
extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);
extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
@@ -191,5 +237,5 @@ index f982b40..ba9e898 100644
extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
extern int rfbConnectToTcpAddr(char* host, int port);
--
-2.17.1
+2.23.0
diff --git a/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch b/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch
index e922461..8b9cca6 100644
--- a/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch
+++ b/SOURCES/0002-libvncserver-Add-channel-security-handlers.patch
@@ -1,4 +1,4 @@
-From c343c1b43080bcb45dad285faa5cd8926bfb9811 Mon Sep 17 00:00:00 2001
+From 5e4d810d62da0f2048ce78b3a7812e9e13968162 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Mon, 11 Jun 2018 23:50:05 +0200
Subject: [PATCH 2/2] libvncserver: Add channel security handlers
@@ -13,13 +13,13 @@ done by adding a single channel security handler with the rfbTLS (18)
with a handler that initiates a TLS session, and when a TLS session is
initiated, the regular security handler list is sent.
---
- libvncserver/auth.c | 162 ++++++++++++++++++++++++++++++---------
+ libvncserver/auth.c | 164 ++++++++++++++++++++++++++++++---------
libvncserver/rfbserver.c | 1 +
rfb/rfb.h | 15 +++-
- 3 files changed, 140 insertions(+), 38 deletions(-)
+ 3 files changed, 142 insertions(+), 38 deletions(-)
diff --git a/libvncserver/auth.c b/libvncserver/auth.c
-index 814a814..6581953 100644
+index 814a8142..55e0b3c9 100644
--- a/libvncserver/auth.c
+++ b/libvncserver/auth.c
@@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl, const char *reason);
@@ -255,20 +255,22 @@ index 814a814..6581953 100644
if (securityType == rfbSecTypeInvalid) {
rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n");
rfbClientConnFailed(cl, "Your viewer cannot handle required "
-@@ -316,9 +394,11 @@ rfbAuthNewClient(rfbClientPtr cl)
+@@ -316,9 +394,13 @@ rfbAuthNewClient(rfbClientPtr cl)
return;
}
rfbSendSecurityType(cl, securityType);
+ } else if (channelSecurityHandlers) {
++ rfbLog("Send channel security type list\n");
+ rfbSendChannelSecurityTypeList(cl);
} else {
/* Here it's ok when securityType is set to rfbSecTypeInvalid. */
- rfbSendSecurityTypeList(cl, securityType);
++ rfbLog("Send channel security type 'none'\n");
+ rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE);
}
}
-@@ -332,6 +412,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
+@@ -332,6 +414,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
int n;
uint8_t chosenType;
rfbSecurityHandler* handler;
@@ -276,7 +278,7 @@ index 814a814..6581953 100644
/* Read the security type. */
n = rfbReadExact(cl, (char *)&chosenType, 1);
-@@ -344,8 +425,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
+@@ -344,8 +427,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
return;
}
@@ -296,10 +298,10 @@ index 814a814..6581953 100644
rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType);
handler->handler(cl);
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index fbedd9f..1e8b3c1 100644
+index 0c8ee735..421d8c7f 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
-@@ -643,6 +643,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
+@@ -640,6 +640,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
case RFB_PROTOCOL_VERSION:
rfbProcessClientProtocolVersion(cl);
return;
@@ -308,10 +310,10 @@ index fbedd9f..1e8b3c1 100644
rfbProcessClientSecurityType(cl);
return;
diff --git a/rfb/rfb.h b/rfb/rfb.h
-index ba9e898..be58d08 100644
+index 2e5597a9..d2a7c9fb 100644
--- a/rfb/rfb.h
+++ b/rfb/rfb.h
-@@ -182,6 +182,11 @@ typedef struct {
+@@ -181,6 +181,11 @@ typedef struct {
} data; /**< there have to be count*3 entries */
} rfbColourMap;
@@ -323,7 +325,7 @@ index ba9e898..be58d08 100644
/**
* Security handling (RFB protocol version 3.7)
*/
-@@ -190,6 +195,7 @@ typedef struct _rfbSecurity {
+@@ -189,6 +194,7 @@ typedef struct _rfbSecurity {
uint8_t type;
void (*handler)(struct _rfbClientRec* cl);
struct _rfbSecurity* next;
@@ -331,7 +333,7 @@ index ba9e898..be58d08 100644
} rfbSecurityHandler;
/**
-@@ -506,7 +512,7 @@ typedef struct _rfbClientRec {
+@@ -505,7 +511,7 @@ typedef struct _rfbClientRec {
/** Possible client states: */
enum {
RFB_PROTOCOL_VERSION, /**< establishing protocol version */
@@ -340,7 +342,7 @@ index ba9e898..be58d08 100644
RFB_AUTHENTICATION, /**< authenticating */
RFB_INITIALISATION, /**< sending initialisation messages */
RFB_NORMAL, /**< normal protocol messages */
-@@ -514,7 +520,9 @@ typedef struct _rfbClientRec {
+@@ -513,7 +519,9 @@ typedef struct _rfbClientRec {
/* Ephemeral internal-use states that will never be seen by software
* using LibVNCServer to provide services: */
@@ -351,7 +353,7 @@ index ba9e898..be58d08 100644
} state;
rfbBool reverseConnection;
-@@ -855,6 +863,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
+@@ -854,6 +862,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
extern void rfbAuthProcessClientMessage(rfbClientPtr cl);
extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler);
extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler);
@@ -362,5 +364,5 @@ index ba9e898..be58d08 100644
/* rre.c */
--
-2.17.1
+2.23.0
diff --git a/SPECS/libvncserver.spec b/SPECS/libvncserver.spec
index 707fcde..9d93403 100644
--- a/SPECS/libvncserver.spec
+++ b/SPECS/libvncserver.spec
@@ -1,7 +1,7 @@
Summary: Library to make writing a VNC server easy
Name: libvncserver
Version: 0.9.11
-Release: 9%{?dist}.2
+Release: 14%{?dist}
# NOTE: --with-filetransfer => GPLv2
License: GPLv2+
@@ -16,6 +16,10 @@ Patch4: 0040-Ensure-compatibility-with-gtk-vnc-0.7.0.patch
Patch10: 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
Patch11: 0002-libvncserver-Add-channel-security-handlers.patch
+## Add API needed by gnome-remote-desktop to handle settings changes
+# rhbz#1684729
+Patch12: 0001-auth-Add-API-to-unregister-built-in-security-handler.patch
+
## downstream patches
Patch100: libvncserver-0.9.11-system_minilzo.patch
Patch101: libvncserver-0.9.1-multilib.patch
@@ -34,7 +38,7 @@ Patch105: libvncserver-0.9.11-Limit-client-cut-text-length-to-1-MB.patch
# fixed in upstream after 0.9.12
Patch106: libvncserver-0.9.11-Fix-CVE-2018-15127-Heap-out-of-bounds-write-in-rfbse.patch
# Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client),
-# bug #1814342, <https://github.com/LibVNC/libvncserver/issues/275>,
+# bug #1814343, <https://github.com/LibVNC/libvncserver/issues/275>,
# in upstream after 0.9.12
Patch107: libvncserver-0.9.11-libvncclient-cursor-limit-width-height-input-values.patch
@@ -91,6 +95,8 @@ developing applications that use %{name}.
%patch10 -p1
%patch11 -p1
+%patch12 -p1
+
%patch100 -p1 -b .system_minilzo
# Nuke bundled minilzo
#rm -fv common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
@@ -166,12 +172,25 @@ make -C test test ||:
%changelog
-* Wed Mar 18 2020 Petr Pisar <ppisar@redhat.com> - 0.9.11-9.2
-- Enable gating (bug #1681199)
-
-* Wed Mar 18 2020 Petr Pisar <ppisar@redhat.com> - 0.9.11-9.1
+* Wed Mar 18 2020 Petr Pisar <ppisar@redhat.com> - 0.9.11-14
- Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client)
- (bug #1814342)
+ (bug #1814343)
+
+* Thu Nov 28 2019 Jonas Ådahl <jadahl@redhat.com> - 0.9.11-13
+- Manually apply new patch
+ Resolves: #1684729
+
+* Wed Nov 27 2019 Jonas Ådahl <jadahl@redhat.com> - 0.9.11-12
+- Add API needed by gnome-remote-desktop to handle settings changes
+ Resolves: #1684729
+
+* Wed Nov 27 2019 Tomas Pelka <tpelka@redhat.com> - 0.9.11-11
+- Enable gating through gnome-remote-desktop for now
+ Resolves: #1765448
+
+* Wed Nov 27 2019 Jonas Ådahl <jadahl@redhat.com> - 0.9.11-10
+- Update TLS security type enablement patches
+ Resolves: #1765448
* Thu Jan 10 2019 Petr Pisar <ppisar@redhat.com> - 0.9.11-9
- Fix CVE-2018-15127 (Heap out-of-bounds write in