diff --git a/SOURCES/0001-rpath-hack.patch b/SOURCES/0001-rpath-hack.patch
new file mode 100644
index 0000000..a0c3c10
--- /dev/null
+++ b/SOURCES/0001-rpath-hack.patch
@@ -0,0 +1,28 @@
+From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Thu, 12 Nov 2015 11:10:11 -0500
+Subject: [PATCH] rpath hack
+
+Normally, rpath is undesirable. But for the X server we _know_ we need
+Mesa's libGL, which will always be in %{_libdir}, and not any third-party
+libGL that may be configured using ld.so.conf.
+
+---
+ configure.ac | 1 +
+ 1 files changed, 1 insertions(+), 0 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fa15a2d..a5af1e0 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1330,6 +1330,7 @@ if test "x$GLX_USE_TLS" = xyes ; then
+ GLX_DEFINES="-DGLX_USE_TLS -DPTHREADS"
+ GLX_SYS_LIBS="$GLX_SYS_LIBS -lpthread"
+ fi
++GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)"
+ AC_SUBST([GLX_DEFINES])
+ AC_SUBST([GLX_SYS_LIBS])
+
+--
+2.5.0
+
diff --git a/SOURCES/tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch b/SOURCES/tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch
new file mode 100644
index 0000000..3623b14
--- /dev/null
+++ b/SOURCES/tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch
@@ -0,0 +1,14 @@
+diff --git a/unix/vncserver b/unix/vncserver
+index a6c890f..687ef72 100755
+--- a/unix/vncserver
++++ b/unix/vncserver
+@@ -208,7 +208,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
+ $displayNumber = $1;
+ shift(@ARGV);
+ if (!&CheckDisplayNumber($displayNumber)) {
+- die "A VNC server is already running as :$displayNumber\n";
++ warn "A VNC server is already running as :$displayNumber\n";
++ $displayNumber = &GetDisplayNumber();
+ }
+ } elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
+ &Usage();
diff --git a/SOURCES/tigervnc-1.3.1-repair-so-reuseaddr.patch b/SOURCES/tigervnc-1.3.1-repair-so-reuseaddr.patch
new file mode 100644
index 0000000..7443f3f
--- /dev/null
+++ b/SOURCES/tigervnc-1.3.1-repair-so-reuseaddr.patch
@@ -0,0 +1,27 @@
+diff --git a/common/network/TcpSocket.cxx b/common/network/TcpSocket.cxx
+index 83387ab..0d94522 100644
+--- a/common/network/TcpSocket.cxx
++++ b/common/network/TcpSocket.cxx
+@@ -434,10 +434,6 @@ TcpListener::TcpListener(const struct sockaddr *listenaddr,
+ }
+ #endif /* defined(IPV6_V6ONLY) */
+
+- if (bind(sock, &sa.u.sa, listenaddrlen) == -1) {
+- closesocket(sock);
+- throw SocketException("failed to bind socket", errorNumber);
+- }
+ #ifndef WIN32
+ // - By default, close the socket on exec()
+ fcntl(sock, F_SETFD, FD_CLOEXEC);
+@@ -452,6 +448,11 @@ TcpListener::TcpListener(const struct sockaddr *listenaddr,
+ fd = sock;
+ #endif
+
++ if (bind(sock, &sa.u.sa, listenaddrlen) == -1) {
++ closesocket(sock);
++ throw SocketException("failed to bind socket", errorNumber);
++ }
++
+ // - Set it to be a listening socket
+ if (listen(sock, 5) < 0) {
+ int e = errorNumber;
diff --git a/SOURCES/tigervnc11-rh692048.patch b/SOURCES/tigervnc11-rh692048.patch
index 924c1cf..7d0d487 100644
--- a/SOURCES/tigervnc11-rh692048.patch
+++ b/SOURCES/tigervnc11-rh692048.patch
@@ -1,44 +1,30 @@
-diff -up tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx.rh690245 tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx
---- tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx.rh690245 2011-02-21 14:14:16.000000000 +0100
-+++ tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityClient.cxx 2011-03-31 09:47:34.519099718 +0200
-@@ -45,7 +45,7 @@ StringParameter SecurityClient::secTypes
- ("SecurityTypes",
- "Specify which security scheme to use (None, VncAuth)",
- #ifdef HAVE_GNUTLS
-- "X509Plain,TLSPlain,X509Vnc,TLSVnc,X509None,TLSNone,VncAuth,None",
-+ "VeNCrypt,X509Plain,TLSPlain,X509Vnc,TLSVnc,X509None,TLSNone,VncAuth,None",
- #else
- "VncAuth,None",
- #endif
-diff -up tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx.rh690245 tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx
---- tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx.rh690245 2011-02-21 14:14:16.000000000 +0100
-+++ tigervnc-1.0.90-20110314svn4359/common/rfb/Security.cxx 2011-03-31 09:47:34.519099718 +0200
-@@ -67,7 +67,6 @@ const std::list<rdr::U8> Security::GetEn
+From 1f8aba3147ec13aaa70a44372775b72bb4e59941 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Tue, 29 Dec 2015 15:02:11 +0100
+Subject: Add workaround for Vino's VeNCrypt implementation
+
+
+diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
+index e623ab5..0666041 100644
+--- a/common/rfb/Security.cxx
++++ b/common/rfb/Security.cxx
+@@ -74,7 +74,18 @@ const std::list<rdr::U8> Security::GetEnabledSecTypes(void)
list<rdr::U8> result;
list<U32>::iterator i;
-
+
- result.push_back(secTypeVeNCrypt);
++ /* Partial workaround for Vino's stupid behaviour. It doesn't allow
++ * the basic authentication types as part of the VeNCrypt handshake,
++ * making it impossible for a client to do opportunistic encryption.
++ * At least make it possible to connect when encryption is explicitly
++ * disabled. */
++ for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) {
++ if (*i >= 0x100) {
++ result.push_back(secTypeVeNCrypt);
++ break;
++ }
++ }
++
for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
if (*i < 0x100)
result.push_back(*i);
-@@ -105,8 +104,6 @@ bool Security::IsSupported(U32 secType)
- for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
- if (*i == secType)
- return true;
-- if (secType == secTypeVeNCrypt)
-- return true;
-
- return false;
- }
-diff -up tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx.rh690245 tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx
---- tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx.rh690245 2011-02-21 14:50:17.000000000 +0100
-+++ tigervnc-1.0.90-20110314svn4359/common/rfb/SecurityServer.cxx 2011-03-31 10:06:43.595362302 +0200
-@@ -39,7 +39,7 @@ StringParameter SecurityServer::secTypes
- ("SecurityTypes",
- "Specify which security scheme to use (None, VncAuth)",
- #ifdef HAVE_GNUTLS
-- "VncAuth,TLSVnc",
-+ "VncAuth",
- #else
- "VncAuth",
- #endif
diff --git a/SOURCES/vncserver.service b/SOURCES/vncserver.service
index 4cec744..911986e 100644
--- a/SOURCES/vncserver.service
+++ b/SOURCES/vncserver.service
@@ -2,8 +2,10 @@
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
-# 2. Edit <USER> and vncserver parameters appropriately
-# ("runuser -l <USER> -c /usr/bin/vncserver %i -arg1 -arg2")
+# 2. Edit /etc/systemd/system/vncserver@.service, replacing <USER>
+# with the actual user name. Leave the remaining lines of the file unmodified
+# (ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
+# PIDFile=/home/<USER>/.vnc/%H%i.pid)
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec
index 2e2d47b..de0ed46 100644
--- a/SPECS/tigervnc.spec
+++ b/SPECS/tigervnc.spec
@@ -1,6 +1,6 @@
Name: tigervnc
Version: 1.3.1
-Release: 4%{?dist}
+Release: 9%{?dist}
Summary: A TigerVNC remote display system
Group: User Interface/Desktops
@@ -59,9 +59,13 @@ Patch28: tigervnc-set-initial-mode-as-prefered.patch
Patch29: tigervnc-CVE-2014-8241.patch
Patch30: tigervnc-1.3.1-CVE-2014-8240.patch
Patch31: tigervnc-inetd-crash.patch
+Patch32: tigervnc-1.3.1-repair-so-reuseaddr.patch
+Patch33: tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch
# This is tigervnc-%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver117.patch
+# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
+Patch101: 0001-rpath-hack.patch
%description
Virtual Network Computing (VNC) is a remote display system which
@@ -167,6 +171,7 @@ for all in `find . -type f -perm -001`; do
chmod -x "$all"
done
%patch100 -p1 -b .xserver117
+%patch101 -p1 -b .rpath
popd
# Applied Debian patch to fix busy loop when run from inetd in nowait
@@ -222,6 +227,12 @@ popd
# Bug 1283925 - segfault in network::TcpListener::TcpListener
%patch31 -p1 -b .tigervnc-inetd-crash
+# Bug 1332575 - vncExtInit: failed to bind socket: Address already in use (98)
+%patch32 -p1 -b .repair-so-reuseaddr
+
+# Bug 1322155 - Xorg socket conflict for VNC port 5901
+%patch33 -p1 -b .do-not-die-when-port-is-already-taken
+
%build
%ifarch sparcv9 sparc64 s390 s390x
export CFLAGS="$RPM_OPT_FLAGS -fPIC"
@@ -253,7 +264,8 @@ autoreconf -fiv
--without-dtrace \
--disable-unit-tests \
--disable-devel-docs \
- --disable-selective-werror
+ --disable-selective-werror \
+ --enable-listen-tcp
make %{?_smp_mflags}
popd
@@ -391,9 +403,31 @@ fi
%{_datadir}/icons/hicolor/*/apps/*
%changelog
+* Tue Sep 13 2016 Adam Jackson <ajax@redhat.com> - 1.3.1-9
+- Force DT_RUNPATH to point to Mesa's libGL
+ Resolves: bz#1326867
+
+* Thu Jun 02 2016 Jan Grulich <jgrulich@redhat.com> - 1.3.1-8
+- Make other security types work
+ Resolves: bz#1341969
+
+* Wed May 25 2016 Jan Grulich <jgrulich@redhat.com> - 1.3.1-7
+- Restore default behaviour to listen on TCP
+ Resolves: bz#1304646
+
+* Tue May 24 2016 Jan Grulich <jgrulich@redhat.com> - 1.3.1-6
+- Do not fail to bind a network socket
+ Resolves: bz#1332575
+- Do not die when port is already taken
+ Resolves: bz#1322155
+
+* Thu Mar 24 2016 Jan Grulich <jgrulich@redhat.com> - 1.3.1-5
+- Update comments in vncserver configuration file example
+ Resolves: bz#1295275
+
* Tue Feb 02 2016 Jan Grulich <jgrulich@redhat.com> - 1.3.1-4
- Do not crash when using -inetd option
- Resolves: bz#1304700
+ Resolves: bz#1283925
* Wed Sep 02 2015 Jan Grulich <jgrulich@redhat.com> - 1.3.1-3
- Do not mention that display number is required in the file name