diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d48d90b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/tigervnc-1.11.0.tar.gz
diff --git a/.tigervnc.metadata b/.tigervnc.metadata
new file mode 100644
index 0000000..c7c0b3c
--- /dev/null
+++ b/.tigervnc.metadata
@@ -0,0 +1 @@
+6f6b621a76b734888748de10c32c2b5b59d40b19 SOURCES/tigervnc-1.11.0.tar.gz
diff --git a/SOURCES/0001-rpath-hack.patch b/SOURCES/0001-rpath-hack.patch
new file mode 100644
index 0000000..4e438dd
--- /dev/null
+++ b/SOURCES/0001-rpath-hack.patch
@@ -0,0 +1,24 @@
+From 2489f2f38eb32d9dd03718a36cbdbdf13d2f8b9b Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Thu, 12 Nov 2015 11:10:11 -0500
+Subject: [PATCH] rpath hack
+
+Normally, rpath is undesirable. But for the X server we _know_ we need
+Mesa's libGL, which will always be in %{_libdir}, and not any third-party
+libGL that may be configured using ld.so.conf.
+
+---
+ configure.ac | 1 +
+ 1 files changed, 1 insertions(+), 0 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fa15a2d..a5af1e0 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1261,6 +1261,7 @@ AM_CONDITIONAL(GLX, test "x$GLX" = xyes)
+
+ AM_CONDITIONAL(HASHTABLE, test "x$HASHTABLE" = xyes)
+
++GLX_SYS_LIBS="$GLX_SYS_LIBS -Wl,-rpath=\$(libdir)"
+ AC_SUBST([GLX_DEFINES])
+ AC_SUBST([GLX_SYS_LIBS])
diff --git a/SOURCES/10-libvnc.conf b/SOURCES/10-libvnc.conf
new file mode 100644
index 0000000..a053a7d
--- /dev/null
+++ b/SOURCES/10-libvnc.conf
@@ -0,0 +1,19 @@
+# This file contains configuration of libvnc.so module
+#
+# To get libvnc.so module working, do this:
+# 1. run "vncpasswd" from tigervnc-server package as root user
+# 2. uncomment configuration lines below
+#
+# Please note you can specify any option which Xvnc accepts.
+# Refer to `Xvnc -help` output for detailed list of options.
+
+#Section "Module"
+# Load "vnc"
+#EndSection
+
+#Section "Screen"
+# Identifier "Screen0
+# DefaultDepth 16
+# Option "SecurityTypes" "VncAuth"
+# Option "PasswordFile" "/root/.vnc/passwd"
+#EndSection
diff --git a/SOURCES/HOWTO.md b/SOURCES/HOWTO.md
new file mode 100644
index 0000000..28b710d
--- /dev/null
+++ b/SOURCES/HOWTO.md
@@ -0,0 +1,110 @@
+# What has changed
+The previous Tigervnc versions had a wrapper script called `vncserver` which
+could be run as a user manually to start *Xvnc* process. The usage was quite
+simple as you just run
+```
+$ vncserver :x [vncserver options] [Xvnc options]
+```
+and that was it. While this was working just fine, there were issues when users
+wanted to start a Tigervnc server using *systemd*. For these reasons things were
+completely changed and there is now a new way how this all is supposed to work.
+
+ # How to start Tigervnc server
+
+## Add a user mapping
+With this you can map a user to a particular port. The mapping should be done in
+`/etc/tigervnc/vncserver.users` configuration file. It should be pretty
+straightforward once you open the file as there are some examples, but basically
+the mapping is in form
+```
+:x=user
+```
+For example you can have
+```
+:1=test
+:2=vncuser
+```
+
+## Configure Xvnc options
+To configure Xvnc parameters, you need to go to the same directory where you did
+the user mapping and open `vncserver-config-defaults` configuration file. This
+file is for the default Xvnc configuration and will be applied to every user
+unless any of the following applies:
+* The user has its own configuration in `$HOME/.vnc/config`
+* The same option with different value is configured in
+ `vncserver-config-mandatory` configuration file, which replaces the default
+ configuration and has even a higher priority than the per-user configuration.
+ This option is for system administrators when they want to force particular
+ *Xvnc* options.
+
+Format of the configuration file is also quite simple as the configuration is
+in form of
+```
+option=value
+option
+```
+for example
+```
+session=gnome
+securitytypes=vncauth,tlsvnc
+desktop=sandbox
+geometry=2000x1200
+localhost
+alwaysshared
+```
+### Note:
+There is one important option you need to set and that option is the session you
+want to start. E.g when you want to start GNOME desktop, then you have to use
+```
+session=gnome
+```
+which should match the name of a session desktop file from `/usr/share/xsessions`
+directory.
+
+## Set VNC password
+You need to set a password for each user in order to be able to start the
+Tigervnc server. In order to create a password, you just run
+```
+$ vncpasswd
+```
+as the user you will be starting the server for.
+### Note:
+If you were using Tigervnc before for your user and you already created a
+password, then you will have to make sure the `$HOME/.vnc` folder created by
+`vncpasswd` will have the correct *SELinux* context. You either can delete this
+folder and recreate it again by creating the password one more time, or
+alternatively you can run
+```
+$ restorecon -RFv /home/<USER>/.vnc
+```
+
+## Start the Tigervnc server
+Finally you can start the server using systemd service. To do so just run
+```
+$ systemctl start vncserver@:x
+```
+as root or
+```
+$ sudo systemctl start vncserver@:x
+```
+as a regular user in case it has permissions to run `sudo`. Don't forget to
+replace the `:x` by the actual number you configured in the user mapping file.
+Following our example by running
+```
+$ systemctl start vncserver@:1
+```
+you will start a Tigervnc server for user `test` with a GNOME session.
+
+### Note:
+If you were previously using Tigervnc and you were used to start it using
+*systemd* then you will need to remove previous *systemd* configuration files,
+those you most likely copied to `/etc/systemd/system/vncserver@.service`,
+otherwise this service file will be preferred over the new one installed with
+latest Tigervnc.
+
+# Limitations
+You will not be able to start a Tigervnc server for a user who is already
+logged into a graphical session. Avoid running the server as the `root` user as
+it's not a safe thing to do. While running the server as the `root` should work
+in general, it's not recommended to do so and there might be some things which
+are not working properly.
diff --git a/SOURCES/tigervnc-argb-runtime-ximage-byteorder-selection.patch b/SOURCES/tigervnc-argb-runtime-ximage-byteorder-selection.patch
new file mode 100644
index 0000000..24fc077
--- /dev/null
+++ b/SOURCES/tigervnc-argb-runtime-ximage-byteorder-selection.patch
@@ -0,0 +1,43 @@
+From 7ab92639848a6059e2b6b88499b008b9606f3af6 Mon Sep 17 00:00:00 2001
+From: johnmartin-oracle <55413843+johnmartin-oracle@users.noreply.github.com>
+Date: Thu, 27 Aug 2020 22:30:23 -0400
+Subject: [PATCH] Update Surface_X11.cxx
+
+Runtime sellection of ARGB XImage byte order
+---
+ vncviewer/Surface_X11.cxx | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/vncviewer/Surface_X11.cxx b/vncviewer/Surface_X11.cxx
+index 6562634dc..8944c3f71 100644
+--- a/vncviewer/Surface_X11.cxx
++++ b/vncviewer/Surface_X11.cxx
+@@ -123,17 +123,17 @@ void Surface::alloc()
+ // we find such a format
+ templ.type = PictTypeDirect;
+ templ.depth = 32;
+-#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+- templ.direct.alpha = 0;
+- templ.direct.red = 8;
+- templ.direct.green = 16;
+- templ.direct.blue = 24;
+-#else
+- templ.direct.alpha = 24;
+- templ.direct.red = 16;
+- templ.direct.green = 8;
+- templ.direct.blue = 0;
+-#endif
++ if (XImageByteOrder(fl_display) == MSBFirst) {
++ templ.direct.alpha = 0;
++ templ.direct.red = 8;
++ templ.direct.green = 16;
++ templ.direct.blue = 24;
++ } else {
++ templ.direct.alpha = 24;
++ templ.direct.red = 16;
++ templ.direct.green = 8;
++ templ.direct.blue = 0;
++ }
+ templ.direct.alphaMask = 0xff;
+ templ.direct.redMask = 0xff;
+ templ.direct.greenMask = 0xff;
diff --git a/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch b/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch
new file mode 100644
index 0000000..af5e7f2
--- /dev/null
+++ b/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch
@@ -0,0 +1,13 @@
+diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
+index 2b47f5f5..f78c096f 100644
+--- a/unix/vncserver/vncsession.c
++++ b/unix/vncserver/vncsession.c
+@@ -99,7 +99,7 @@ begin_daemon(void)
+ return -1;
+ }
+
+- if (pid == 0)
++ if (pid != 0)
+ _exit(0);
+
+ /* Send all stdio to /dev/null */
diff --git a/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch b/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch
new file mode 100644
index 0000000..e95b145
--- /dev/null
+++ b/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch
@@ -0,0 +1,22 @@
+From dbf76d2ee8da157c2c2970c937bcc0ed9ef08a6f Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Tue, 25 May 2021 14:14:33 +0200
+Subject: [PATCH] Let user know that a view-only password is not used
+
+---
+ unix/vncpasswd/vncpasswd.cxx | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
+index 3055223ef..8f3649fe9 100644
+--- a/unix/vncpasswd/vncpasswd.cxx
++++ b/unix/vncpasswd/vncpasswd.cxx
+@@ -160,6 +160,8 @@ int main(int argc, char** argv)
+ char yesno[3];
+ if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) {
+ obfuscatedReadOnly = readpassword();
++ } else {
++ fprintf(stderr, "A view-only password is not used\n");
+ }
+
+ FILE* fp = fopen(fname,"w");
diff --git a/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch b/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch
new file mode 100644
index 0000000..06a8d0f
--- /dev/null
+++ b/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch
@@ -0,0 +1,38 @@
+From 5d834359bef6727df82cf4f2c2f3f255145f7785 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Tue, 25 May 2021 14:18:48 +0200
+Subject: [PATCH] CharArray: pre-fill empty array with zeroes
+
+CharArray should always be null-terminated. There is a potential
+scenario where this all might lead to crash. In Password we call
+memset(), passing length of the array we get with strlen(), but
+this won't return correct value when the array is not properly
+null-terminated.
+---
+ common/rfb/util.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/common/rfb/util.h b/common/rfb/util.h
+index 3100f90fd..71caac426 100644
+--- a/common/rfb/util.h
++++ b/common/rfb/util.h
+@@ -52,14 +52,17 @@ namespace rfb {
+ CharArray(char* str) : buf(str) {} // note: assumes ownership
+ CharArray(size_t len) {
+ buf = new char[len]();
++ memset(buf, 0, len);
+ }
+ ~CharArray() {
+- delete [] buf;
++ if (buf) {
++ delete [] buf;
++ }
+ }
+ void format(const char *fmt, ...) __printf_attr(2, 3);
+ // Get the buffer pointer & clear it (i.e. caller takes ownership)
+ char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
+- void replaceBuf(char* b) {delete [] buf; buf = b;}
++ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
+ char* buf;
+ private:
+ CharArray(const CharArray&);
diff --git a/SOURCES/tigervnc-root-user-selinux-context.patch b/SOURCES/tigervnc-root-user-selinux-context.patch
new file mode 100644
index 0000000..e396b99
--- /dev/null
+++ b/SOURCES/tigervnc-root-user-selinux-context.patch
@@ -0,0 +1,26 @@
+From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001
+From: Zdenek Pytela <zpytela@redhat.com>
+Date: Mon, 7 Feb 2022 10:45:41 +0100
+Subject: [PATCH] SELinux: use /root/.vnc in file context specification
+
+Instead of HOME_ROOT/.vnc, /root/.vnc should be used
+for user root's home to specify default file context
+as HOME_ROOT actually means base for home dirs (usually /home).
+---
+ unix/vncserver/selinux/vncsession.fc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
+index ae768ba..5c03e46 100644
+--- a/unix/vncserver/selinux/vncsession.fc
++++ b/unix/vncserver/selinux/vncsession.fc
+@@ -18,7 +18,7 @@
+ #
+
+ HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
+-HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
++/root/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
+
+ /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
+ /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
+
diff --git a/SOURCES/tigervnc-selinux-missing-compression-and-correct-location.patch b/SOURCES/tigervnc-selinux-missing-compression-and-correct-location.patch
new file mode 100644
index 0000000..9507228
--- /dev/null
+++ b/SOURCES/tigervnc-selinux-missing-compression-and-correct-location.patch
@@ -0,0 +1,38 @@
+From 6125695b80f6a43002f454786115b0a6c1730831 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Mon, 17 May 2021 13:44:32 +0200
+Subject: [PATCH 1/2] SELinux: Add missing compression and install policy to
+ correct directory
+
+---
+ unix/vncserver/selinux/Makefile | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/unix/vncserver/selinux/Makefile b/unix/vncserver/selinux/Makefile
+index 7497bf846..b23f20f60 100644
+--- a/unix/vncserver/selinux/Makefile
++++ b/unix/vncserver/selinux/Makefile
+@@ -10,15 +10,18 @@
+ PREFIX=/usr
+ DATADIR=$(PREFIX)/share
+
+-all: vncsession.pp
++all: vncsession.pp.bz2
++
++%.pp.bz2: %.pp
++ bzip2 -9 $^
+
+ %.pp: %.te
+ make -f $(DATADIR)/selinux/devel/Makefile $@
+
+ clean:
+- rm -f *.pp
++ rm -f *.pp *.pp.bz2
+ rm -rf tmp
+
+-install: vncsession.pp
+- mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages
+- install vncsession.pp $(DESTDIR)$(DATADIR)/selinux/packages/vncsession.pp
++install: vncsession.pp.bz2
++ mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages/targeted/
++ install vncsession.pp.bz2 $(DESTDIR)$(DATADIR)/selinux/packages/targeted/vncsession.pp.bz2
diff --git a/SOURCES/tigervnc-selinux-policy-improvements.patch b/SOURCES/tigervnc-selinux-policy-improvements.patch
new file mode 100644
index 0000000..c797b18
--- /dev/null
+++ b/SOURCES/tigervnc-selinux-policy-improvements.patch
@@ -0,0 +1,183 @@
+From 386542e6d50eeaa68aa91f821c0725ddd0ab9b2a Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Tue, 18 May 2021 12:23:15 +0200
+Subject: [PATCH] selinux: Fix issues reported by SELint
+
+Style guide [1] issues only. No impact on policy functionality.
+
+[1] - https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
+---
+ unix/vncserver/selinux/vncsession.te | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
+index a773fed39..63ad8a85f 100644
+--- a/unix/vncserver/selinux/vncsession.te
++++ b/unix/vncserver/selinux/vncsession.te
+@@ -17,7 +17,7 @@
+ # USA.
+ #
+
+-policy_module(vncsession, 1.0.0);
++policy_module(vncsession, 1.0.0)
+
+ gen_require(`
+ attribute userdomain;
+@@ -42,8 +42,8 @@ can_exec(vnc_session_t, vnc_session_exec_t)
+ userdom_spec_domtrans_all_users(vnc_session_t)
+ userdom_signal_all_users(vnc_session_t)
+
+-allow vnc_session_t self:capability { kill chown dac_override dac_read_search fowner setgid setuid sys_resource };
+-allow vnc_session_t self:process { getcap setsched setexec setrlimit };
++allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };
++allow vnc_session_t self:process { getcap setexec setrlimit setsched };
+ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
+
+ manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
+@@ -65,4 +65,3 @@ logging_append_all_logs(vnc_session_t)
+
+ mcs_process_set_categories(vnc_session_t)
+ mcs_killall(vnc_session_t)
+-
+From 23cf514ac265a02dc666e8651dcc579022f0da77 Mon Sep 17 00:00:00 2001
+From: Zdenek Pytela <zpytela@redhat.com>
+Date: Tue, 18 May 2021 13:31:53 +0200
+Subject: [PATCH] selinux: further style and comprehensibility improvements
+
+Sections and rules blocks reordered according to the Style guide.
+
+https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
+---
+ unix/vncserver/selinux/vncsession.te | 59 +++++++++++++++++-----------
+ 1 file changed, 36 insertions(+), 23 deletions(-)
+
+diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
+index 63ad8a85f..86fd6e5ef 100644
+--- a/unix/vncserver/selinux/vncsession.te
++++ b/unix/vncserver/selinux/vncsession.te
+@@ -20,48 +20,61 @@
+ policy_module(vncsession, 1.0.0)
+
+ gen_require(`
+- attribute userdomain;
+- type xdm_home_t;
++ attribute userdomain;
++ type xdm_home_t;
+ ')
+
+-type vnc_session_exec_t;
+-corecmd_executable_file(vnc_session_exec_t)
+ type vnc_session_t;
++type vnc_session_exec_t;
+ init_daemon_domain(vnc_session_t, vnc_session_exec_t)
+-auth_login_pgm_domain(vnc_session_t)
++can_exec(vnc_session_t, vnc_session_exec_t)
+
+ type vnc_session_var_run_t;
+ files_pid_file(vnc_session_var_run_t)
+-allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
+-files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
+-
+-auth_write_login_records(vnc_session_t)
+-
+-can_exec(vnc_session_t, vnc_session_exec_t)
+-
+-userdom_spec_domtrans_all_users(vnc_session_t)
+-userdom_signal_all_users(vnc_session_t)
+
+ allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };
+ allow vnc_session_t self:process { getcap setexec setrlimit setsched };
+ allow vnc_session_t self:fifo_file rw_fifo_file_perms;
+
++allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
++files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
++
+ manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
+ manage_fifo_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
+ manage_sock_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
+ manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
+-userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
+-userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
+-
+-# This also affects other tools, e.g. vncpasswd
+-userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
+-userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
+-
+-miscfiles_read_localization(vnc_session_t)
+
+ kernel_read_kernel_sysctls(vnc_session_t)
+
+-logging_append_all_logs(vnc_session_t)
++corecmd_executable_file(vnc_session_exec_t)
+
+ mcs_process_set_categories(vnc_session_t)
+ mcs_killall(vnc_session_t)
++
++optional_policy(`
++ auth_login_pgm_domain(vnc_session_t)
++ auth_write_login_records(vnc_session_t)
++')
++
++optional_policy(`
++ logging_append_all_logs(vnc_session_t)
++')
++
++optional_policy(`
++ miscfiles_read_localization(vnc_session_t)
++')
++
++optional_policy(`
++ userdom_spec_domtrans_all_users(vnc_session_t)
++ userdom_signal_all_users(vnc_session_t)
++
++ userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
++ userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
++
++ # This also affects other tools, e.g. vncpasswd
++ gen_require(`
++ attribute userdomain;
++ ')
++ userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
++ userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
++')
+From 3c8622691abfb377b48bf3749dd629c5a7120cf4 Mon Sep 17 00:00:00 2001
+From: Zdenek Pytela <zpytela@redhat.com>
+Date: Tue, 18 May 2021 13:39:11 +0200
+Subject: [PATCH] Allow vnc_session_t manage nfs dirs and files conditionally
+
+The permissions set to manage directories and files with the nfs_t type
+is allowed when the use_nfs_home_dirs boolean is turned on.
+
+Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
+---
+ unix/vncserver/selinux/vncsession.te | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
+index 86fd6e5ef..46e699117 100644
+--- a/unix/vncserver/selinux/vncsession.te
++++ b/unix/vncserver/selinux/vncsession.te
+@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t)
+ mcs_process_set_categories(vnc_session_t)
+ mcs_killall(vnc_session_t)
+
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(vnc_session_t)
++ fs_manage_nfs_files(vnc_session_t)
++')
++
+ optional_policy(`
+ auth_login_pgm_domain(vnc_session_t)
+ auth_write_login_records(vnc_session_t)
+diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
+index 46e69911..f1108ec8 100644
+--- a/unix/vncserver/selinux/vncsession.te
++++ b/unix/vncserver/selinux/vncsession.te
+@@ -20,7 +20,6 @@
+ policy_module(vncsession, 1.0.0)
+
+ gen_require(`
+- attribute userdomain;
+ type xdm_home_t;
+ ')
+
diff --git a/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch b/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
new file mode 100644
index 0000000..f362522
--- /dev/null
+++ b/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
@@ -0,0 +1,81 @@
+From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Thu, 11 Nov 2021 13:52:41 +0100
+Subject: [PATCH] SELinux: restore SELinux context in case of different
+ policies
+
+---
+ CMakeLists.txt | 13 +++++++++++++
+ unix/vncserver/CMakeLists.txt | 2 +-
+ unix/vncserver/vncsession.c | 16 ++++++++++++++++
+ 3 files changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 7bf9944..85be468 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -276,6 +276,19 @@ if(UNIX AND NOT APPLE)
+ endif()
+ endif()
+
++# Check for SELinux library
++if(UNIX AND NOT APPLE)
++ check_include_files(selinux/selinux.h HAVE_SELINUX_H)
++ if(HAVE_SELINUX_H)
++ set(CMAKE_REQUIRED_LIBRARIES -lselinux)
++ set(CMAKE_REQUIRED_LIBRARIES)
++ set(SELINUX_LIBS selinux)
++ add_definitions("-DHAVE_SELINUX")
++ else()
++ message(WARNING "Could not find SELinux development files")
++ endif()
++endif()
++
+ # Generate config.h and make sure the source finds it
+ configure_file(config.h.in config.h)
+ add_definitions(-DHAVE_CONFIG_H)
+diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
+index eeb4b7b..bce1c3e 100644
+--- a/unix/vncserver/CMakeLists.txt
++++ b/unix/vncserver/CMakeLists.txt
+@@ -1,5 +1,5 @@
+ add_executable(vncsession vncsession.c)
+-target_link_libraries(vncsession ${PAM_LIBS})
++target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
+
+ configure_file(vncserver@.service.in vncserver@.service @ONLY)
+ configure_file(vncsession-start.in vncsession-start @ONLY)
+diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
+index f78c096..141f689 100644
+--- a/unix/vncserver/vncsession.c
++++ b/unix/vncserver/vncsession.c
+@@ -37,6 +37,11 @@
+ #include <sys/types.h>
+ #include <sys/wait.h>
+
++#ifdef HAVE_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/restorecon.h>
++#endif
++
+ extern char **environ;
+
+ // PAM service name
+@@ -359,6 +364,17 @@ redir_stdio(const char *homedir, const char *display)
+ perror("mkdir");
+ _exit(EX_OSERR);
+ }
++
++#ifdef HAVE_SELINUX
++ int result;
++ if (selinux_file_context_verify(logfile, 0) == 0) {
++ result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
++
++ if (result < 0) {
++ syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
++ }
++ }
++#endif
+ }
+
+ if (gethostname(hostname, sizeof(hostname)) == -1) {
diff --git a/SOURCES/tigervnc-systemd-service.patch b/SOURCES/tigervnc-systemd-service.patch
new file mode 100644
index 0000000..846a34b
--- /dev/null
+++ b/SOURCES/tigervnc-systemd-service.patch
@@ -0,0 +1,47 @@
+From 40f104ffe1e36df9613f8d316f616fb2b089cc86 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Tue, 29 Sep 2020 13:37:16 +0200
+Subject: [PATCH] Use /run instead of /var/run which is just a symlink
+
+---
+ unix/vncserver/selinux/vncsession.fc | 2 +-
+ unix/vncserver/vncserver@.service.in | 2 +-
+ unix/vncserver/vncsession.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
+index 121cdd237..ae768baa4 100644
+--- a/unix/vncserver/selinux/vncsession.fc
++++ b/unix/vncserver/selinux/vncsession.fc
+@@ -23,4 +23,4 @@ HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
+ /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
+ /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
+
+-/var/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0)
++/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0)
+diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
+index 584ecf4b1..5624dff76 100644
+--- a/unix/vncserver/vncserver@.service.in
++++ b/unix/vncserver/vncserver@.service.in
+@@ -36,7 +36,7 @@ After=syslog.target network.target
+ [Service]
+ Type=forking
+ ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i
+-PIDFile=/var/run/vncsession-%i.pid
++PIDFile=/run/vncsession-%i.pid
+ SELinuxContext=system_u:system_r:vnc_session_t:s0
+
+ [Install]
+diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
+index 3e0c98f0f..2b47f5f55 100644
+--- a/unix/vncserver/vncsession.c
++++ b/unix/vncserver/vncsession.c
+@@ -543,7 +543,7 @@ main(int argc, char **argv)
+ }
+
+ snprintf(pid_file, sizeof(pid_file),
+- "/var/run/vncsession-%s.pid", display);
++ "/run/vncsession-%s.pid", display);
+ f = fopen(pid_file, "w");
+ if (f == NULL) {
+ syslog(LOG_ERR, "Failure creating pid file \"%s\": %s",
diff --git a/SOURCES/tigervnc-tolerate-specifying-boolparam.patch b/SOURCES/tigervnc-tolerate-specifying-boolparam.patch
new file mode 100644
index 0000000..70ddef3
--- /dev/null
+++ b/SOURCES/tigervnc-tolerate-specifying-boolparam.patch
@@ -0,0 +1,149 @@
+From 38c6848b30cb1908171f2b4628e345fbf6727b39 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Fri, 18 Sep 2020 10:44:32 +0200
+Subject: [PATCH] Tolerate specifying -BoolParam 0 and similar
+
+This is needed by vncserver which doesn't know which parameters are
+boolean, and it cannot use the -Param=Value form as that isn't tolerated
+by the Xorg code.
+---
+ unix/vncserver/vncserver.in | 8 ++++----
+ unix/xserver/hw/vnc/RFBGlue.cc | 16 ++++++++++++++++
+ unix/xserver/hw/vnc/RFBGlue.h | 1 +
+ unix/xserver/hw/vnc/xvnc.c | 14 ++++++++++++++
+ vncviewer/vncviewer.cxx | 20 ++++++++++++++++++++
+ 5 files changed, 55 insertions(+), 4 deletions(-)
+
+diff --git a/unix/vncserver/vncserver.in b/unix/vncserver/vncserver.in
+index 25fbbd315..261b258f1 100755
+--- a/unix/vncserver/vncserver.in
++++ b/unix/vncserver/vncserver.in
+@@ -107,7 +107,7 @@ $default_opts{rfbwait} = 30000;
+ $default_opts{rfbauth} = "$vncUserDir/passwd";
+ $default_opts{rfbport} = $vncPort;
+ $default_opts{fp} = $fontPath if ($fontPath);
+-$default_opts{pn} = "";
++$default_opts{pn} = undef;
+
+ # Load user-overrideable system defaults
+ LoadConfig($vncSystemConfigDefaultsFile);
+@@ -242,13 +242,13 @@ push(@cmd, "@CMAKE_INSTALL_FULL_BINDIR@/Xvnc", ":$displayNumber");
+
+ foreach my $k (sort keys %config) {
+ push(@cmd, "-$k");
+- push(@cmd, $config{$k}) if $config{$k};
++ push(@cmd, $config{$k}) if defined($config{$k});
+ delete $default_opts{$k}; # file options take precedence
+ }
+
+ foreach my $k (sort keys %default_opts) {
+ push(@cmd, "-$k");
+- push(@cmd, $default_opts{$k}) if $default_opts{$k};
++ push(@cmd, $default_opts{$k}) if defined($default_opts{$k});
+ }
+
+ warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n";
+@@ -291,7 +291,7 @@ sub LoadConfig {
+ # current config file being loaded defined the logical opposite setting
+ # (NeverShared vs. AlwaysShared, etc etc).
+ $toggle = lc($1); # must normalize key case
+- $config{$toggle} = $k;
++ $config{$toggle} = undef;
+ }
+ }
+ close(IN);
+diff --git a/unix/xserver/hw/vnc/RFBGlue.cc b/unix/xserver/hw/vnc/RFBGlue.cc
+index f108fae43..7c32bea8f 100644
+--- a/unix/xserver/hw/vnc/RFBGlue.cc
++++ b/unix/xserver/hw/vnc/RFBGlue.cc
+@@ -143,6 +143,22 @@ const char* vncGetParamDesc(const char *name)
+ return param->getDescription();
+ }
+
++int vncIsParamBool(const char *name)
++{
++ VoidParameter *param;
++ BoolParameter *bparam;
++
++ param = rfb::Configuration::getParam(name);
++ if (param == NULL)
++ return false;
++
++ bparam = dynamic_cast<BoolParameter*>(param);
++ if (bparam == NULL)
++ return false;
++
++ return true;
++}
++
+ int vncGetParamCount(void)
+ {
+ int count;
+diff --git a/unix/xserver/hw/vnc/RFBGlue.h b/unix/xserver/hw/vnc/RFBGlue.h
+index 112405b84..695cea105 100644
+--- a/unix/xserver/hw/vnc/RFBGlue.h
++++ b/unix/xserver/hw/vnc/RFBGlue.h
+@@ -41,6 +41,7 @@ int vncSetParam(const char *name, const char *value);
+ int vncSetParamSimple(const char *nameAndValue);
+ char* vncGetParam(const char *name);
+ const char* vncGetParamDesc(const char *name);
++int vncIsParamBool(const char *name);
+
+ int vncGetParamCount(void);
+ char *vncGetParamList(void);
+diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
+index 4eb0b0b13..5744acac8 100644
+--- a/unix/xserver/hw/vnc/xvnc.c
++++ b/unix/xserver/hw/vnc/xvnc.c
+@@ -618,6 +618,20 @@ ddxProcessArgument(int argc, char *argv[], int i)
+ exit(0);
+ }
+
++ /* We need to resolve an ambiguity for booleans */
++ if (argv[i][0] == '-' && i+1 < argc &&
++ vncIsParamBool(&argv[i][1])) {
++ if ((strcasecmp(argv[i+1], "0") == 0) ||
++ (strcasecmp(argv[i+1], "1") == 0) ||
++ (strcasecmp(argv[i+1], "true") == 0) ||
++ (strcasecmp(argv[i+1], "false") == 0) ||
++ (strcasecmp(argv[i+1], "yes") == 0) ||
++ (strcasecmp(argv[i+1], "no") == 0)) {
++ vncSetParam(&argv[i][1], argv[i+1]);
++ return 2;
++ }
++ }
++
+ if (vncSetParamSimple(argv[i]))
+ return 1;
+
+diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
+index d4dd3063c..77ba3d3f4 100644
+--- a/vncviewer/vncviewer.cxx
++++ b/vncviewer/vncviewer.cxx
+@@ -556,6 +556,26 @@ int main(int argc, char** argv)
+ }
+
+ for (int i = 1; i < argc;) {
++ /* We need to resolve an ambiguity for booleans */
++ if (argv[i][0] == '-' && i+1 < argc) {
++ VoidParameter *param;
++
++ param = Configuration::getParam(&argv[i][1]);
++ if ((param != NULL) &&
++ (dynamic_cast<BoolParameter*>(param) != NULL)) {
++ if ((strcasecmp(argv[i+1], "0") == 0) ||
++ (strcasecmp(argv[i+1], "1") == 0) ||
++ (strcasecmp(argv[i+1], "true") == 0) ||
++ (strcasecmp(argv[i+1], "false") == 0) ||
++ (strcasecmp(argv[i+1], "yes") == 0) ||
++ (strcasecmp(argv[i+1], "no") == 0)) {
++ param->setParam(argv[i+1]);
++ i += 2;
++ continue;
++ }
++ }
++ }
++
+ if (Configuration::setParam(argv[i])) {
+ i++;
+ continue;
diff --git a/SOURCES/tigervnc-use-gnome-as-default-session.patch b/SOURCES/tigervnc-use-gnome-as-default-session.patch
new file mode 100644
index 0000000..a767c40
--- /dev/null
+++ b/SOURCES/tigervnc-use-gnome-as-default-session.patch
@@ -0,0 +1,12 @@
+diff --git a/unix/vncserver/vncserver-config-defaults b/unix/vncserver/vncserver-config-defaults
+index 0c217bf..2889347 100644
+--- a/unix/vncserver/vncserver-config-defaults
++++ b/unix/vncserver/vncserver-config-defaults
+@@ -13,3 +13,7 @@
+ # geometry=2000x1200
+ # localhost
+ # alwaysshared
++
++# Default to GNOME session
++# Note: change this only when you know what are you doing
++session=gnome
diff --git a/SOURCES/tigervnc-utilize-system-crypto-policies.patch b/SOURCES/tigervnc-utilize-system-crypto-policies.patch
new file mode 100644
index 0000000..9abf50f
--- /dev/null
+++ b/SOURCES/tigervnc-utilize-system-crypto-policies.patch
@@ -0,0 +1,198 @@
+diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
+index 9900837..59d2086 100644
+--- a/common/rfb/CSecurityTLS.cxx
++++ b/common/rfb/CSecurityTLS.cxx
+@@ -210,26 +210,66 @@ void CSecurityTLS::setParam()
+ static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
+
+ int ret;
+- char *prio;
+- const char *err;
+
+- prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
+- strlen(kx_anon_priority) + 1);
+- if (prio == NULL)
+- throw AuthFailureException("Not enough memory for GnuTLS priority string");
++ // Custom priority string specified?
++ if (strcmp(Security::GnuTLSPriority, "") != 0) {
++ char *prio;
++ const char *err;
+
+- strcpy(prio, Security::GnuTLSPriority);
+- if (anon)
++ prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
++ strlen(kx_anon_priority) + 1);
++ if (prio == NULL)
++ throw AuthFailureException("Not enough memory for GnuTLS priority string");
++
++ strcpy(prio, Security::GnuTLSPriority);
++ if (anon)
++ strcat(prio, kx_anon_priority);
++
++ ret = gnutls_priority_set_direct(session, prio, &err);
++
++ free(prio);
++
++ if (ret != GNUTLS_E_SUCCESS) {
++ if (ret == GNUTLS_E_INVALID_REQUEST)
++ vlog.error("GnuTLS priority syntax error at: %s", err);
++ throw AuthFailureException("gnutls_set_priority_direct failed");
++ }
++ } else if (anon) {
++ const char *err;
++
++#if GNUTLS_VERSION_NUMBER >= 0x030603
++ // gnutls_set_default_priority_appends() expects a normal priority string that
++ // doesn't start with ":".
++ ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
++ if (ret != GNUTLS_E_SUCCESS) {
++ if (ret == GNUTLS_E_INVALID_REQUEST)
++ vlog.error("GnuTLS priority syntax error at: %s", err);
++ throw AuthFailureException("gnutls_set_default_priority_append failed");
++ }
++#else
++ // We don't know what the system default priority is, so we guess
++ // it's what upstream GnuTLS has
++ static const char gnutls_default_priority[] = "NORMAL";
++ char *prio;
++
++ prio = (char*)malloc(strlen(gnutls_default_priority) +
++ strlen(kx_anon_priority) + 1);
++ if (prio == NULL)
++ throw AuthFailureException("Not enough memory for GnuTLS priority string");
++
++ strcpy(prio, gnutls_default_priority);
+ strcat(prio, kx_anon_priority);
+
+- ret = gnutls_priority_set_direct(session, prio, &err);
++ ret = gnutls_priority_set_direct(session, prio, &err);
+
+- free(prio);
++ free(prio);
+
+- if (ret != GNUTLS_E_SUCCESS) {
+- if (ret == GNUTLS_E_INVALID_REQUEST)
+- vlog.error("GnuTLS priority syntax error at: %s", err);
+- throw AuthFailureException("gnutls_set_priority_direct failed");
++ if (ret != GNUTLS_E_SUCCESS) {
++ if (ret == GNUTLS_E_INVALID_REQUEST)
++ vlog.error("GnuTLS priority syntax error at: %s", err);
++ throw AuthFailureException("gnutls_set_priority_direct failed");
++ }
++#endif
+ }
+
+ if (anon) {
+diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
+index ef5d8c9..f32f87f 100644
+--- a/common/rfb/SSecurityTLS.cxx
++++ b/common/rfb/SSecurityTLS.cxx
+@@ -198,26 +198,66 @@ void SSecurityTLS::setParams(gnutls_session_t session)
+ static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
+
+ int ret;
+- char *prio;
+- const char *err;
+
+- prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
+- strlen(kx_anon_priority) + 1);
+- if (prio == NULL)
+- throw AuthFailureException("Not enough memory for GnuTLS priority string");
++ // Custom priority string specified?
++ if (strcmp(Security::GnuTLSPriority, "") != 0) {
++ char *prio;
++ const char *err;
+
+- strcpy(prio, Security::GnuTLSPriority);
+- if (anon)
++ prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
++ strlen(kx_anon_priority) + 1);
++ if (prio == NULL)
++ throw AuthFailureException("Not enough memory for GnuTLS priority string");
++
++ strcpy(prio, Security::GnuTLSPriority);
++ if (anon)
++ strcat(prio, kx_anon_priority);
++
++ ret = gnutls_priority_set_direct(session, prio, &err);
++
++ free(prio);
++
++ if (ret != GNUTLS_E_SUCCESS) {
++ if (ret == GNUTLS_E_INVALID_REQUEST)
++ vlog.error("GnuTLS priority syntax error at: %s", err);
++ throw AuthFailureException("gnutls_set_priority_direct failed");
++ }
++ } else if (anon) {
++ const char *err;
++
++#if GNUTLS_VERSION_NUMBER >= 0x030603
++ // gnutls_set_default_priority_appends() expects a normal priority string that
++ // doesn't start with ":".
++ ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
++ if (ret != GNUTLS_E_SUCCESS) {
++ if (ret == GNUTLS_E_INVALID_REQUEST)
++ vlog.error("GnuTLS priority syntax error at: %s", err);
++ throw AuthFailureException("gnutls_set_default_priority_append failed");
++ }
++#else
++ // We don't know what the system default priority is, so we guess
++ // it's what upstream GnuTLS has
++ static const char gnutls_default_priority[] = "NORMAL";
++ char *prio;
++
++ prio = (char*)malloc(strlen(gnutls_default_priority) +
++ strlen(kx_anon_priority) + 1);
++ if (prio == NULL)
++ throw AuthFailureException("Not enough memory for GnuTLS priority string");
++
++ strcpy(prio, gnutls_default_priority);
+ strcat(prio, kx_anon_priority);
+
+- ret = gnutls_priority_set_direct(session, prio, &err);
++ ret = gnutls_priority_set_direct(session, prio, &err);
+
+- free(prio);
++ free(prio);
+
+- if (ret != GNUTLS_E_SUCCESS) {
+- if (ret == GNUTLS_E_INVALID_REQUEST)
+- vlog.error("GnuTLS priority syntax error at: %s", err);
+- throw AuthFailureException("gnutls_set_priority_direct failed");
++ if (ret != GNUTLS_E_SUCCESS) {
++ if (ret == GNUTLS_E_INVALID_REQUEST)
++ vlog.error("GnuTLS priority syntax error at: %s", err);
++ throw AuthFailureException("gnutls_set_priority_direct failed");
++ }
++#endif
+ }
+
+ #if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
+index 0666041..59deb78 100644
+--- a/common/rfb/Security.cxx
++++ b/common/rfb/Security.cxx
+@@ -52,7 +52,7 @@ static LogWriter vlog("Security");
+ #ifdef HAVE_GNUTLS
+ StringParameter Security::GnuTLSPriority("GnuTLSPriority",
+ "GnuTLS priority string that controls the TLS session’s handshake algorithms",
+- "NORMAL");
++ "");
+ #endif
+
+ Security::Security()
+diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
+index 83621c0..4a0d20c 100644
+--- a/unix/xserver/hw/vnc/Xvnc.man
++++ b/unix/xserver/hw/vnc/Xvnc.man
+@@ -226,7 +226,9 @@ also be in PEM format.
+ .TP
+ .B \-GnuTLSPriority \fIpriority\fP
+ GnuTLS priority string that controls the TLS session’s handshake algorithms.
+-See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
++See the GnuTLS manual for possible values. For GnuTLS < 3.6.3 the default
++value will be \fBNORMAL\fP to use upstream default. For newer versions
++of GnuTLS system-wide crypto policy will be used.
+ .
+ .TP
+ .B \-UseBlacklist
diff --git a/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch b/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch
new file mode 100644
index 0000000..e503576
--- /dev/null
+++ b/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch
@@ -0,0 +1,113 @@
+From 1919a8ab86c99b47ba86dc697abcdf3343b0aafa Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Tue, 1 Feb 2022 14:31:05 +0100
+Subject: Add vncsession-restore script to restore SELinux context
+
+The vncsession-restore script is used in the ExecStartPre option
+for systemd service file in order to properly start the session
+in case the policy is updated (e.g. after Tigervnc update).
+
+diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
+index bce1c3e..44c4e2a 100644
+--- a/unix/vncserver/CMakeLists.txt
++++ b/unix/vncserver/CMakeLists.txt
+@@ -2,6 +2,7 @@ add_executable(vncsession vncsession.c)
+ target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
+
+ configure_file(vncserver@.service.in vncserver@.service @ONLY)
++configure_file(vncsession-restore.in vncsession-restore @ONLY)
+ configure_file(vncsession-start.in vncsession-start @ONLY)
+ configure_file(vncserver.in vncserver @ONLY)
+
+@@ -17,4 +18,5 @@ install(FILES vncserver.users DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/tiger
+ if(INSTALL_SYSTEMD_UNITS)
+ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncserver@.service DESTINATION ${CMAKE_INSTALL_FULL_UNITDIR})
+ install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-start DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
++ install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-restore DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
+ endif()
+diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
+index 5624dff..be62c85 100644
+--- a/unix/vncserver/vncserver@.service.in
++++ b/unix/vncserver/vncserver@.service.in
+@@ -35,6 +35,7 @@ After=syslog.target network.target
+
+ [Service]
+ Type=forking
++ExecStartPre=+@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-restore %i
+ ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i
+ PIDFile=/run/vncsession-%i.pid
+ SELinuxContext=system_u:system_r:vnc_session_t:s0
+diff --git a/unix/vncserver/vncsession-restore.in b/unix/vncserver/vncsession-restore.in
+new file mode 100644
+index 00000000..d3abc57d
+--- /dev/null
++++ b/unix/vncserver/vncsession-restore.in
+@@ -0,0 +1,68 @@
++#!/bin/bash
++#
++# Copyright 2022 Jan Grulich <jgrulich@redhat.com>
++#
++# This is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This software is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this software; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++# USA.
++#
++
++USERSFILE="@CMAKE_INSTALL_FULL_SYSCONFDIR@/tigervnc/vncserver.users"
++
++if [ $# -ne 1 ]; then
++ echo "Syntax:" >&2
++ echo " $0 <display>" >&2
++ exit 1
++fi
++
++if [ ! -f "${USERSFILE}" ]; then
++ echo "Users file ${USERSFILE} missing" >&2
++ exit 1
++fi
++
++DISPLAY="$1"
++
++USER=`grep "^ *${DISPLAY}=" "${USERSFILE}" 2>/dev/null | head -1 | cut -d = -f 2- | sed 's/ *$//g'`
++
++if [ -z "${USER}" ]; then
++ echo "No user configured for display ${DISPLAY}" >&2
++ exit 1
++fi
++
++USER_HOMEDIR=`getent passwd ${USER} | cut -f6 -d:`
++
++if [ -z "${USER_HOMEDIR}" ]; then
++ echo "Failed to get home directory for ${USER}" >&2
++ exit 1
++fi
++
++if [ ! -d "${USER_HOMEDIR}/.vnc" ]; then
++ exit 0
++fi
++
++MATCHPATHCON=`which matchpathcon`
++
++if [ $? -eq 0 ]; then
++ ${MATCHPATHCON} -V "${USER_HOMEDIR}/.vnc" &>/dev/null
++ if [ $? -eq 0 ]; then
++ exit 0
++ fi
++fi
++
++RESTORECON=`which restorecon`
++
++if [ $? -eq 0 ]; then
++ exec "${RESTORECON}" -R "${USER_HOMEDIR}/.vnc" >&2
++ return $?
++fi
diff --git a/SOURCES/tigervnc-working-tls-on-fips-systems.patch b/SOURCES/tigervnc-working-tls-on-fips-systems.patch
new file mode 100644
index 0000000..5337ac6
--- /dev/null
+++ b/SOURCES/tigervnc-working-tls-on-fips-systems.patch
@@ -0,0 +1,120 @@
+diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
+index d5ef47e..ef5d8c9 100644
+--- a/common/rfb/SSecurityTLS.cxx
++++ b/common/rfb/SSecurityTLS.cxx
+@@ -37,7 +37,23 @@
+ #include <rdr/TLSOutStream.h>
+ #include <gnutls/x509.h>
+
+-#define DH_BITS 1024 /* XXX This should be configurable! */
++#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
++/* FFDHE (RFC-7919) 2048-bit parameters, PEM-encoded */
++static unsigned char ffdhe2048[] =
++ "-----BEGIN DH PARAMETERS-----\n"
++ "MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
++ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
++ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
++ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
++ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
++ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICAOE=\n"
++ "-----END DH PARAMETERS-----\n";
++
++static const gnutls_datum_t ffdhe_pkcs3_param = {
++ ffdhe2048,
++ sizeof(ffdhe2048)
++};
++#endif
+
+ using namespace rfb;
+
+@@ -50,10 +66,14 @@ StringParameter SSecurityTLS::X509_KeyFile
+ static LogWriter vlog("TLS");
+
+ SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
+- : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL),
++ : SSecurity(sc), session(NULL), anon_cred(NULL),
+ cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL),
+ rawis(NULL), rawos(NULL)
+ {
++#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
++ dh_params = NULL;
++#endif
++
+ certfile = X509_CertFile.getData();
+ keyfile = X509_KeyFile.getData();
+
+@@ -70,10 +90,12 @@ void SSecurityTLS::shutdown()
+ }
+ }
+
++#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+ if (dh_params) {
+ gnutls_dh_params_deinit(dh_params);
+ dh_params = 0;
+ }
++#endif
+
+ if (anon_cred) {
+ gnutls_anon_free_server_credentials(anon_cred);
+@@ -198,17 +220,21 @@ void SSecurityTLS::setParams(gnutls_session_t session)
+ throw AuthFailureException("gnutls_set_priority_direct failed");
+ }
+
++#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+ if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
+ throw AuthFailureException("gnutls_dh_params_init failed");
+
+- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
+- throw AuthFailureException("gnutls_dh_params_generate2 failed");
++ if (gnutls_dh_params_import_pkcs3(dh_params, &ffdhe_pkcs3_param, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
++ throw AuthFailureException("gnutls_dh_params_import_pkcs3 failed");
++#endif
+
+ if (anon) {
+ if (gnutls_anon_allocate_server_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
+ throw AuthFailureException("gnutls_anon_allocate_server_credentials failed");
+
++#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+ gnutls_anon_set_server_dh_params(anon_cred, dh_params);
++#endif
+
+ if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred)
+ != GNUTLS_E_SUCCESS)
+@@ -220,7 +246,9 @@ void SSecurityTLS::setParams(gnutls_session_t session)
+ if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
+ throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
+
++#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+ gnutls_certificate_set_dh_params(cert_cred, dh_params);
++#endif
+
+ switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) {
+ case GNUTLS_E_SUCCESS:
+diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
+index dd89bb4..0cb463d 100644
+--- a/common/rfb/SSecurityTLS.h
++++ b/common/rfb/SSecurityTLS.h
+@@ -36,6 +36,13 @@
+ #include <rdr/OutStream.h>
+ #include <gnutls/gnutls.h>
+
++/* In GnuTLS 3.6.0 DH parameter generation was deprecated. RFC7919 is used instead.
++ * GnuTLS before 3.6.0 doesn't know about RFC7919 so we will have to import it.
++ */
++#if GNUTLS_VERSION_NUMBER < 0x030600
++#define SSECURITYTLS__USE_DEPRECATED_DH
++#endif
++
+ namespace rfb {
+
+ class SSecurityTLS : public SSecurity {
+@@ -55,7 +62,9 @@ namespace rfb {
+
+ private:
+ gnutls_session_t session;
++#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
+ gnutls_dh_params_t dh_params;
++#endif
+ gnutls_anon_server_credentials_t anon_cred;
+ gnutls_certificate_credentials_t cert_cred;
+ char *keyfile, *certfile;
diff --git a/SOURCES/tigervnc-xserver120.patch b/SOURCES/tigervnc-xserver120.patch
new file mode 100644
index 0000000..e7eae3c
--- /dev/null
+++ b/SOURCES/tigervnc-xserver120.patch
@@ -0,0 +1,91 @@
+diff -up xserver/configure.ac.xserver116-rebased xserver/configure.ac
+--- xserver/configure.ac.xserver116-rebased 2016-09-29 13:14:45.595441590 +0200
++++ xserver/configure.ac 2016-09-29 13:14:45.631442006 +0200
+@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
+ AC_CONFIG_HEADERS(include/version-config.h)
+
+ AM_PROG_AS
++AC_PROG_CXX
+ AC_PROG_LN_S
+ LT_PREREQ([2.2])
+ LT_INIT([disable-static win32-dll])
+@@ -1863,6 +1864,10 @@ if test "x$XVFB" = xyes; then
+ AC_SUBST([XVFB_SYS_LIBS])
+ fi
+
++dnl Xvnc DDX
++AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
++AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
++AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
+
+ dnl Xnest DDX
+
+@@ -1898,6 +1903,8 @@ if test "x$XORG" = xauto; then
+ fi
+ AC_MSG_RESULT([$XORG])
+
++AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
++
+ if test "x$XORG" = xyes; then
+ XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
+ XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
+@@ -2116,7 +2123,6 @@ if test "x$XORG" = xyes; then
+ AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
+ AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
+ AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
+- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
+ AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
+ AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
+ AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
+@@ -2691,6 +2697,7 @@ hw/dmx/Makefile
+ hw/dmx/man/Makefile
+ hw/vfb/Makefile
+ hw/vfb/man/Makefile
++hw/vnc/Makefile
+ hw/xnest/Makefile
+ hw/xnest/man/Makefile
+ hw/xwin/Makefile
+diff -up xserver/hw/Makefile.am.xserver116-rebased xserver/hw/Makefile.am
+--- xserver/hw/Makefile.am.xserver116-rebased 2016-09-29 13:14:45.601441659 +0200
++++ xserver/hw/Makefile.am 2016-09-29 13:14:45.631442006 +0200
+@@ -38,7 +38,8 @@ SUBDIRS = \
+ $(DMX_SUBDIRS) \
+ $(KDRIVE_SUBDIRS) \
+ $(XQUARTZ_SUBDIRS) \
+- $(XWAYLAND_SUBDIRS)
++ $(XWAYLAND_SUBDIRS) \
++ vnc
+
+ DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive xwayland
+
+diff --git xserver/mi/miinitext.c xserver/mi/miinitext.c
+index 5596e21..003fc3c 100644
+--- xserver/mi/miinitext.c
++++ xserver/mi/miinitext.c
+@@ -107,8 +107,15 @@ SOFTWARE.
+ #include "os.h"
+ #include "globals.h"
+
++#ifdef TIGERVNC
++extern void vncExtensionInit(INITARGS);
++#endif
++
+ /* List of built-in (statically linked) extensions */
+ static const ExtensionModule staticExtensions[] = {
++#ifdef TIGERVNC
++ {vncExtensionInit, "VNC-EXTENSION", NULL},
++#endif
+ {GEExtensionInit, "Generic Event Extension", &noGEExtension},
+ {ShapeExtensionInit, "SHAPE", NULL},
+ #ifdef MITSHM
+--- xserver/include/os.h~ 2016-10-03 09:07:29.000000000 +0200
++++ xserver/include/os.h 2016-10-03 14:13:00.013654506 +0200
+@@ -621,7 +621,7 @@
+ extern _X_EXPORT void
+ LogClose(enum ExitCode error);
+ extern _X_EXPORT Bool
+-LogSetParameter(LogParameter param, int value);
++LogSetParameter(enum _LogParameter param, int value);
+ extern _X_EXPORT void
+ LogVWrite(int verb, const char *f, va_list args)
+ _X_ATTRIBUTE_PRINTF(2, 0);
diff --git a/SOURCES/vncserver b/SOURCES/vncserver
new file mode 100644
index 0000000..ae7c3a3
--- /dev/null
+++ b/SOURCES/vncserver
@@ -0,0 +1,897 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved.
+# Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright (C) 2002-2003 Constantin Kaplinsky. All Rights Reserved.
+# Copyright (C) 2002-2005 RealVNC Ltd.
+# Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
+#
+# This is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this software; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+#
+
+#
+# vncserver - wrapper script to start an X VNC server.
+#
+
+# First make sure we're operating in a sane environment.
+$exedir = "";
+$slashndx = rindex($0, "/");
+if($slashndx>=0) {
+ $exedir = substr($0, 0, $slashndx+1);
+}
+
+&SanityCheck();
+
+&NotifyAboutDeprecation();
+
+#
+# Global variables. You may want to configure some of these for
+# your site
+#
+
+$geometry = "1024x768";
+#$depth = 16;
+
+$vncUserDir = "$ENV{HOME}/.vnc";
+$vncUserConfig = "$vncUserDir/config";
+
+$vncSystemConfigDir = "/etc/tigervnc";
+$vncSystemConfigDefaultsFile = "$vncSystemConfigDir/vncserver-config-defaults";
+$vncSystemConfigMandatoryFile = "$vncSystemConfigDir/vncserver-config-mandatory";
+
+$skipxstartup = 0;
+$xauthorityFile = "$ENV{XAUTHORITY}" || "$ENV{HOME}/.Xauthority";
+
+$xstartupFile = $vncUserDir . "/xstartup";
+$defaultXStartup
+ = ("#!/bin/sh\n\n".
+ "unset SESSION_MANAGER\n".
+ "unset DBUS_SESSION_BUS_ADDRESS\n".
+ "/etc/X11/xinit/xinitrc\n".
+ "# Assume either Gnome will be started by default when installed\n".
+ "# We want to kill the session automatically in this case when user logs out. In case you modify\n".
+ "# /etc/X11/xinit/Xclients or ~/.Xclients yourself to achieve a different result, then you should\n".
+ "# be responsible to modify below code to avoid that your session will be automatically killed\n".
+ "if [ -e /usr/bin/gnome-session ]; then\n".
+ " vncserver -kill \$DISPLAY\n".
+ "fi\n");
+
+$defaultConfig
+ = ("## Supported server options to pass to vncserver upon invocation can be listed\n".
+ "## in this file. See the following manpages for more: vncserver(1) Xvnc(1).\n".
+ "## Several common ones are shown below. Uncomment and modify to your liking.\n".
+ "##\n".
+ "# securitytypes=vncauth,tlsvnc\n".
+ "# desktop=sandbox\n".
+ "# geometry=2000x1200\n".
+ "# localhost\n".
+ "# alwaysshared\n");
+
+chop($host = `uname -n`);
+
+if (-d "/etc/X11/fontpath.d") {
+ $fontPath = "catalogue:/etc/X11/fontpath.d";
+}
+
+@fontpaths = ('/usr/share/X11/fonts', '/usr/share/fonts', '/usr/share/fonts/X11/');
+if (! -l "/usr/lib/X11") {push(@fontpaths, '/usr/lib/X11/fonts');}
+if (! -l "/usr/X11") {push(@fontpaths, '/usr/X11/lib/X11/fonts');}
+if (! -l "/usr/X11R6") {push(@fontpaths, '/usr/X11R6/lib/X11/fonts');}
+push(@fontpaths, '/usr/share/fonts/default');
+
+@fonttypes = ('misc',
+ '75dpi',
+ '100dpi',
+ 'Speedo',
+ 'Type1');
+
+foreach $_fpath (@fontpaths) {
+ foreach $_ftype (@fonttypes) {
+ if (-f "$_fpath/$_ftype/fonts.dir") {
+ if (! -l "$_fpath/$_ftype") {
+ $defFontPath .= "$_fpath/$_ftype,";
+ }
+ }
+ }
+}
+
+if ($defFontPath) {
+ if (substr($defFontPath, -1, 1) == ',') {
+ chop $defFontPath;
+ }
+}
+
+if ($fontPath eq "") {
+ $fontPath = $defFontPath;
+}
+
+# Check command line options
+
+&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
+ "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);
+
+&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});
+
+&Kill() if ($opt{'-kill'});
+
+&List() if ($opt{'-list'});
+
+# Uncomment this line if you want default geometry, depth and pixelformat
+# to match the current X display:
+# &GetXDisplayDefaults();
+
+if ($opt{'-geometry'}) {
+ $geometry = $opt{'-geometry'};
+}
+if ($opt{'-depth'}) {
+ $depth = $opt{'-depth'};
+ $pixelformat = "";
+}
+if ($opt{'-pixelformat'}) {
+ $pixelformat = $opt{'-pixelformat'};
+}
+if ($opt{'-noxstartup'}) {
+ $skipxstartup = 1;
+}
+if ($opt{'-xstartup'}) {
+ $xstartupFile = $opt{'-xstartup'};
+}
+if ($opt{'-fp'}) {
+ $fontPath = $opt{'-fp'};
+ $fpArgSpecified = 1;
+}
+
+&CheckGeometryAndDepth();
+
+# Create the user's vnc directory if necessary.
+if (!(-e $vncUserDir)) {
+ if (!mkdir($vncUserDir,0755)) {
+ die "$prog: Could not create $vncUserDir.\n";
+ }
+}
+
+# Find display number.
+if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
+ $displayNumber = $1;
+ shift(@ARGV);
+ if (!&CheckDisplayNumber($displayNumber)) {
+ die "A VNC server is already running as :$displayNumber\n";
+ }
+} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
+ &Usage();
+} else {
+ $displayNumber = &GetDisplayNumber();
+}
+
+$vncPort = 5900 + $displayNumber;
+
+if ($opt{'-name'}) {
+ $desktopName = $opt{'-name'};
+} else {
+ $desktopName = "$host:$displayNumber ($ENV{USER})";
+}
+
+my %default_opts;
+my %config;
+
+# We set some reasonable defaults. Config file settings
+# override these where present.
+$default_opts{desktop} = "edString($desktopName);
+$default_opts{auth} = "edString($xauthorityFile);
+$default_opts{geometry} = $geometry if ($geometry);
+$default_opts{depth} = $depth if ($depth);
+$default_opts{pixelformat} = $pixelformat if ($pixelformat);
+$default_opts{rfbwait} = 30000;
+$default_opts{rfbauth} = "$vncUserDir/passwd";
+$default_opts{rfbport} = $vncPort;
+$default_opts{fp} = $fontPath if ($fontPath);
+$default_opts{pn} = "";
+
+# Load user-overrideable system defaults
+LoadConfig($vncSystemConfigDefaultsFile);
+
+# Then the user's settings
+LoadConfig($vncUserConfig);
+
+# And then override anything set above if mandatory settings exist.
+# WARNING: "Mandatory" is used loosely here! As the man page says,
+# there is nothing stopping someone from EASILY subverting the
+# settings in $vncSystemConfigMandatoryFile by simply passing
+# CLI args to vncserver, which trump config files! To properly
+# hard force policy in a non-subvertible way would require major
+# development work that touches Xvnc itself.
+LoadConfig($vncSystemConfigMandatoryFile, 1);
+
+#
+# Check whether VNC authentication is enabled, and if so, prompt the user to
+# create a VNC password if they don't already have one.
+#
+
+$securityTypeArgSpecified = 0;
+$vncAuthEnabled = 0;
+$passwordArgSpecified = 0;
+@vncAuthStrings = ("vncauth", "tlsvnc", "x509vnc");
+
+# ...first we check our configuration files' settings
+if ($config{'securitytypes'}) {
+ $securityTypeArgSpecified = 1;
+ foreach $arg2 (split(',', $config{'securitytypes'})) {
+ if (grep {$_ eq lc($arg2)} @vncAuthStrings) {
+ $vncAuthEnabled = 1;
+ }
+ }
+}
+
+# ...and finally we check CLI args, which in the case of the topic at
+# hand (VNC auth or not), override anything found in configuration files
+# (even so-called "mandatory" settings).
+for ($i = 0; $i < @ARGV; ++$i) {
+ # -SecurityTypes can be followed by a space or "="
+ my @splitargs = split('=', $ARGV[$i]);
+ if (@splitargs <= 1 && $i < @ARGV - 1) {
+ push(@splitargs, $ARGV[$i + 1]);
+ }
+ if (lc(@splitargs[0]) eq "-securitytypes") {
+ if (@splitargs > 1) {
+ $securityTypeArgSpecified = 1;
+ }
+ foreach $arg2 (split(',', @splitargs[1])) {
+ if (grep {$_ eq lc($arg2)} @vncAuthStrings) {
+ $vncAuthEnabled = 1;
+ }
+ }
+ }
+ if ((lc(@splitargs[0]) eq "-password")
+ || (lc(@splitargs[0]) eq "-passwordfile"
+ || (lc(@splitargs[0]) eq "-rfbauth"))) {
+ $passwordArgSpecified = 1;
+ }
+}
+
+if ((!$securityTypeArgSpecified || $vncAuthEnabled) && !$passwordArgSpecified) {
+ ($z,$z,$mode) = stat("$vncUserDir/passwd");
+ if (!(-e "$vncUserDir/passwd") || ($mode & 077)) {
+ warn "\nYou will require a password to access your desktops.\n\n";
+ system($exedir."vncpasswd -q $vncUserDir/passwd");
+ if (($? >> 8) != 0) {
+ exit 1;
+ }
+ }
+}
+
+$desktopLog = "$vncUserDir/$host:$displayNumber.log";
+unlink($desktopLog);
+
+# Make an X server cookie and set up the Xauthority file
+# mcookie is a part of util-linux, usually only GNU/Linux systems have it.
+$cookie = `mcookie`;
+# Fallback for non GNU/Linux OS - use /dev/urandom on systems that have it,
+# otherwise use perl's random number generator, seeded with the sum
+# of the current time, our PID and part of the encrypted form of the password.
+if ($cookie eq "" && open(URANDOM, '<', '/dev/urandom')) {
+ my $randata;
+ if (sysread(URANDOM, $randata, 16) == 16) {
+ $cookie = unpack 'h*', $randata;
+ }
+ close(URANDOM);
+}
+if ($cookie eq "") {
+ srand(time+$$+unpack("L",`cat $vncUserDir/passwd`));
+ for (1..16) {
+ $cookie .= sprintf("%02x", int(rand(256)) % 256);
+ }
+}
+
+open(XAUTH, "|xauth -f $xauthorityFile source -");
+print XAUTH "add $host:$displayNumber . $cookie\n";
+print XAUTH "add $host/unix:$displayNumber . $cookie\n";
+close(XAUTH);
+
+# Now start the X VNC Server
+
+# We build up our Xvnc command with options
+$cmd = $exedir."Xvnc :$displayNumber";
+
+foreach my $k (sort keys %config) {
+ $cmd .= " -$k $config{$k}";
+ delete $default_opts{$k}; # file options take precedence
+}
+
+foreach my $k (sort keys %default_opts) {
+ $cmd .= " -$k $default_opts{$k}";
+}
+
+# Add color database stuff here, e.g.:
+# $cmd .= " -co /usr/lib/X11/rgb";
+
+foreach $arg (@ARGV) {
+ $cmd .= " " . "edString($arg);
+}
+$cmd .= " >> " . "edString($desktopLog) . " 2>&1";
+
+# Run $cmd and record the process ID.
+$pidFile = "$vncUserDir/$host:$displayNumber.pid";
+system("$cmd & echo \$! >$pidFile");
+
+# Give Xvnc a chance to start up
+
+sleep(3);
+if ($fontPath ne $defFontPath) {
+ unless (kill 0, `cat $pidFile`) {
+ if ($fpArgSpecified) {
+ warn "\nWARNING: The first attempt to start Xvnc failed, probably because the font\n";
+ warn "path you specified using the -fp argument is incorrect. Attempting to\n";
+ warn "determine an appropriate font path for this system and restart Xvnc using\n";
+ warn "that font path ...\n";
+ } else {
+ warn "\nWARNING: The first attempt to start Xvnc failed, possibly because the font\n";
+ warn "catalog is not properly configured. Attempting to determine an appropriate\n";
+ warn "font path for this system and restart Xvnc using that font path ...\n";
+ }
+ $cmd =~ s@-fp [^ ]+@@;
+ $cmd .= " -fp $defFontPath" if ($defFontPath);
+ system("$cmd & echo \$! >$pidFile");
+ sleep(3);
+ }
+}
+unless (kill 0, `cat $pidFile`) {
+ warn "Could not start Xvnc.\n\n";
+ unlink $pidFile;
+ open(LOG, "<$desktopLog");
+ while (<LOG>) { print; }
+ close(LOG);
+ die "\n";
+}
+
+warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n";
+
+# Create the user's xstartup script if necessary.
+if (! $skipxstartup) {
+ if (!(-e "$xstartupFile")) {
+ warn "Creating default startup script $xstartupFile\n";
+ open(XSTARTUP, ">$xstartupFile");
+ print XSTARTUP $defaultXStartup;
+ close(XSTARTUP);
+ chmod 0755, "$xstartupFile";
+ }
+}
+
+# Create the user's config file if necessary.
+if (!(-e "$vncUserDir/config")) {
+ warn "Creating default config $vncUserDir/config\n";
+ open(VNCUSERCONFIG, ">$vncUserDir/config");
+ print VNCUSERCONFIG $defaultConfig;
+ close(VNCUSERCONFIG);
+ chmod 0644, "$vncUserDir/config";
+}
+
+# Run the X startup script.
+if (! $skipxstartup) {
+ warn "Starting applications specified in $xstartupFile\n";
+}
+warn "Log file is $desktopLog\n\n";
+
+# If the unix domain socket exists then use that (DISPLAY=:n) otherwise use
+# TCP (DISPLAY=host:n)
+
+if (-e "/tmp/.X11-unix/X$displayNumber" ||
+ -e "/usr/spool/sockets/X11/$displayNumber")
+{
+ $ENV{DISPLAY}= ":$displayNumber";
+} else {
+ $ENV{DISPLAY}= "$host:$displayNumber";
+}
+$ENV{VNCDESKTOP}= $desktopName;
+
+if ($opt{'-fg'}) {
+ if (! $skipxstartup) {
+ system("$xstartupFile >> " . "edString($desktopLog) . " 2>&1");
+ }
+ if (kill 0, `cat $pidFile`) {
+ $opt{'-kill'} = ':'.$displayNumber;
+ &Kill();
+ }
+} else {
+ if ($opt{'-autokill'}) {
+ if (! $skipxstartup) {
+ system("($xstartupFile; $0 -kill :$displayNumber) >> "
+ . "edString($desktopLog) . " 2>&1 &");
+ }
+ } else {
+ if (! $skipxstartup) {
+ system("$xstartupFile >> " . "edString($desktopLog)
+ . " 2>&1 &");
+ }
+ }
+}
+
+exit;
+
+###############################################################################
+# Functions
+###############################################################################
+
+#
+# Populate the global %config hash with settings from a specified
+# vncserver configuration file if it exists
+#
+# Args: 1. file path
+# 2. optional boolean flag to enable warning when a previously
+# set configuration setting is being overridden
+#
+sub LoadConfig {
+ local ($configFile, $warnoverride) = @_;
+ local ($toggle) = undef;
+
+ if (stat($configFile)) {
+ if (open(IN, $configFile)) {
+ while (<IN>) {
+ next if /^#/;
+ if (my ($k, $v) = /^\s*(\w+)\s*=\s*(.+)$/) {
+ $k = lc($k); # must normalize key case
+ if ($k eq "session") {
+ next;
+ }
+ if ($warnoverride && $config{$k}) {
+ print("Warning: $configFile is overriding previously defined '$k' to be '$v'\n");
+ }
+ $config{$k} = $v;
+ } elsif ($_ =~ m/^\s*(\S+)/) {
+ # We can't reasonably warn on override of toggles (e.g. AlwaysShared)
+ # because it would get crazy to do so. We'd have to check if the
+ # current config file being loaded defined the logical opposite setting
+ # (NeverShared vs. AlwaysShared, etc etc).
+ $toggle = lc($1); # must normalize key case
+ $config{$toggle} = $k;
+ }
+ }
+ close(IN);
+ }
+ }
+}
+
+#
+# CheckGeometryAndDepth simply makes sure that the geometry and depth values
+# are sensible.
+#
+
+sub CheckGeometryAndDepth
+{
+ if ($geometry =~ /^(\d+)x(\d+)$/) {
+ $width = $1; $height = $2;
+
+ if (($width<1) || ($height<1)) {
+ die "$prog: geometry $geometry is invalid\n";
+ }
+
+ $geometry = "${width}x$height";
+ } else {
+ die "$prog: geometry $geometry is invalid\n";
+ }
+
+ if ($depth && (($depth < 8) || ($depth > 32))) {
+ die "Depth must be between 8 and 32\n";
+ }
+}
+
+
+#
+# GetDisplayNumber gets the lowest available display number. A display number
+# n is taken if something is listening on the VNC server port (5900+n) or the
+# X server port (6000+n).
+#
+
+sub GetDisplayNumber
+{
+ foreach $n (1..99) {
+ if (&CheckDisplayNumber($n)) {
+ return $n+0; # Bruce Mah's workaround for bug in perl 5.005_02
+ }
+ }
+
+ die "$prog: no free display number on $host.\n";
+}
+
+
+#
+# CheckDisplayNumber checks if the given display number is available. A
+# display number n is taken if something is listening on the VNC server port
+# (5900+n) or the X server port (6000+n).
+#
+
+sub CheckDisplayNumber
+{
+ local ($n) = @_;
+
+ socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n";
+ eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))';
+ if (!bind(S, pack('S n x12', $AF_INET, 6000 + $n))) {
+ close(S);
+ return 0;
+ }
+ close(S);
+
+ socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n";
+ eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))';
+ if (!bind(S, pack('S n x12', $AF_INET, 5900 + $n))) {
+ close(S);
+ return 0;
+ }
+ close(S);
+
+ if (-e "/tmp/.X$n-lock") {
+ warn "\nWarning: $host:$n is taken because of /tmp/.X$n-lock\n";
+ warn "Remove this file if there is no X server $host:$n\n";
+ return 0;
+ }
+
+ if (-e "/tmp/.X11-unix/X$n") {
+ warn "\nWarning: $host:$n is taken because of /tmp/.X11-unix/X$n\n";
+ warn "Remove this file if there is no X server $host:$n\n";
+ return 0;
+ }
+
+ if (-e "/usr/spool/sockets/X11/$n") {
+ warn("\nWarning: $host:$n is taken because of ".
+ "/usr/spool/sockets/X11/$n\n");
+ warn "Remove this file if there is no X server $host:$n\n";
+ return 0;
+ }
+
+ return 1;
+}
+
+
+#
+# GetXDisplayDefaults uses xdpyinfo to find out the geometry, depth and pixel
+# format of the current X display being used. If successful, it sets the
+# options as appropriate so that the X VNC server will use the same settings
+# (minus an allowance for window manager decorations on the geometry). Using
+# the same depth and pixel format means that the VNC server won't have to
+# translate pixels when the desktop is being viewed on this X display (for
+# TrueColor displays anyway).
+#
+
+sub GetXDisplayDefaults
+{
+ local (@lines, @matchlines, $width, $height, $defaultVisualId, $i,
+ $red, $green, $blue);
+
+ $wmDecorationWidth = 4; # a guess at typical size for window manager
+ $wmDecorationHeight = 24; # decoration size
+
+ return if (!defined($ENV{DISPLAY}));
+
+ @lines = `xdpyinfo 2>/dev/null`;
+
+ return if ($? != 0);
+
+ @matchlines = grep(/dimensions/, @lines);
+ if (@matchlines) {
+ ($width, $height) = ($matchlines[0] =~ /(\d+)x(\d+) pixels/);
+
+ $width -= $wmDecorationWidth;
+ $height -= $wmDecorationHeight;
+
+ $geometry = "${width}x$height";
+ }
+
+ @matchlines = grep(/default visual id/, @lines);
+ if (@matchlines) {
+ ($defaultVisualId) = ($matchlines[0] =~ /id:\s+(\S+)/);
+
+ for ($i = 0; $i < @lines; $i++) {
+ if ($lines[$i] =~ /^\s*visual id:\s+$defaultVisualId$/) {
+ if (($lines[$i+1] !~ /TrueColor/) ||
+ ($lines[$i+2] !~ /depth/) ||
+ ($lines[$i+4] !~ /red, green, blue masks/))
+ {
+ return;
+ }
+ last;
+ }
+ }
+
+ return if ($i >= @lines);
+
+ ($depth) = ($lines[$i+2] =~ /depth:\s+(\d+)/);
+ ($red,$green,$blue)
+ = ($lines[$i+4]
+ =~ /masks:\s+0x([0-9a-f]+), 0x([0-9a-f]+), 0x([0-9a-f]+)/);
+
+ $red = hex($red);
+ $green = hex($green);
+ $blue = hex($blue);
+
+ if ($red > $blue) {
+ $red = int(log($red) / log(2)) - int(log($green) / log(2));
+ $green = int(log($green) / log(2)) - int(log($blue) / log(2));
+ $blue = int(log($blue) / log(2)) + 1;
+ $pixelformat = "rgb$red$green$blue";
+ } else {
+ $blue = int(log($blue) / log(2)) - int(log($green) / log(2));
+ $green = int(log($green) / log(2)) - int(log($red) / log(2));
+ $red = int(log($red) / log(2)) + 1;
+ $pixelformat = "bgr$blue$green$red";
+ }
+ }
+}
+
+
+#
+# quotedString returns a string which yields the original string when parsed
+# by a shell.
+#
+
+sub quotedString
+{
+ local ($in) = @_;
+
+ $in =~ s/\'/\'\"\'\"\'/g;
+
+ return "'$in'";
+}
+
+
+#
+# removeSlashes turns slashes into underscores for use as a file name.
+#
+
+sub removeSlashes
+{
+ local ($in) = @_;
+
+ $in =~ s|/|_|g;
+
+ return "$in";
+}
+
+
+#
+# Usage
+#
+
+sub Usage
+{
+ die("\nusage: $prog [:<number>] [-name <desktop-name>] [-depth <depth>]\n".
+ " [-geometry <width>x<height>]\n".
+ " [-pixelformat rgbNNN|bgrNNN]\n".
+ " [-fp <font-path>]\n".
+ " [-cc <visual>]\n".
+ " [-fg]\n".
+ " [-autokill]\n".
+ " [-noxstartup]\n".
+ " [-xstartup <file>]\n".
+ " <Xvnc-options>...\n\n".
+ " $prog -kill <X-display>\n\n".
+ " $prog -list\n\n");
+}
+
+
+#
+# List
+#
+
+sub List
+{
+ opendir(dir, $vncUserDir);
+ my @filelist = readdir(dir);
+ closedir(dir);
+ print "\nTigerVNC server sessions:\n\n";
+ print "X DISPLAY #\tPROCESS ID\n";
+ foreach my $file (@filelist) {
+ if ($file =~ /$host:(\d+)$\.pid/) {
+ chop($tmp_pid = `cat $vncUserDir/$file`);
+ if (kill 0, $tmp_pid) {
+ print ":".$1."\t\t".`cat $vncUserDir/$file`;
+ } else {
+ unlink ($vncUserDir . "/" . $file);
+ }
+ }
+ }
+ exit;
+}
+
+
+#
+# Kill
+#
+
+sub Kill
+{
+ $opt{'-kill'} =~ s/(:\d+)\.\d+$/$1/; # e.g. turn :1.0 into :1
+
+ if ($opt{'-kill'} =~ /^:\d+$/) {
+ $pidFile = "$vncUserDir/$host$opt{'-kill'}.pid";
+ } else {
+ if ($opt{'-kill'} !~ /^$host:/) {
+ die "\nCan't tell if $opt{'-kill'} is on $host\n".
+ "Use -kill :<number> instead\n\n";
+ }
+ $pidFile = "$vncUserDir/$opt{'-kill'}.pid";
+ }
+
+ if (! -r $pidFile) {
+ die "\nCan't find file $pidFile\n".
+ "You'll have to kill the Xvnc process manually\n\n";
+ }
+
+ $SIG{'HUP'} = 'IGNORE';
+ chop($pid = `cat $pidFile`);
+ warn "Killing Xvnc process ID $pid\n";
+
+ if (kill 0, $pid) {
+ system("kill $pid");
+ sleep(1);
+ if (kill 0, $pid) {
+ print "Xvnc seems to be deadlocked. Kill the process manually and then re-run\n";
+ print " ".$0." -kill ".$opt{'-kill'}."\n";
+ print "to clean up the socket files.\n";
+ exit
+ }
+
+ } else {
+ warn "Xvnc process ID $pid already killed\n";
+ $opt{'-kill'} =~ s/://;
+
+ if (-e "/tmp/.X11-unix/X$opt{'-kill'}") {
+ print "Xvnc did not appear to shut down cleanly.";
+ print " Removing /tmp/.X11-unix/X$opt{'-kill'}\n";
+ unlink "/tmp/.X11-unix/X$opt{'-kill'}";
+ }
+ if (-e "/tmp/.X$opt{'-kill'}-lock") {
+ print "Xvnc did not appear to shut down cleanly.";
+ print " Removing /tmp/.X$opt{'-kill'}-lock\n";
+ unlink "/tmp/.X$opt{'-kill'}-lock";
+ }
+ }
+
+ unlink $pidFile;
+ exit;
+}
+
+
+#
+# ParseOptions takes a list of possible options and a boolean indicating
+# whether the option has a value following, and sets up an associative array
+# %opt of the values of the options given on the command line. It removes all
+# the arguments it uses from @ARGV and returns them in @optArgs.
+#
+
+sub ParseOptions
+{
+ local (@optval) = @_;
+ local ($opt, @opts, %valFollows, @newargs);
+
+ while (@optval) {
+ $opt = shift(@optval);
+ push(@opts,$opt);
+ $valFollows{$opt} = shift(@optval);
+ }
+
+ @optArgs = ();
+ %opt = ();
+
+ arg: while (defined($arg = shift(@ARGV))) {
+ foreach $opt (@opts) {
+ if ($arg eq $opt) {
+ push(@optArgs, $arg);
+ if ($valFollows{$opt}) {
+ if (@ARGV == 0) {
+ &Usage();
+ }
+ $opt{$opt} = shift(@ARGV);
+ push(@optArgs, $opt{$opt});
+ } else {
+ $opt{$opt} = 1;
+ }
+ next arg;
+ }
+ }
+ push(@newargs,$arg);
+ }
+
+ @ARGV = @newargs;
+}
+
+
+# Routine to make sure we're operating in a sane environment.
+sub SanityCheck
+{
+ local ($cmd);
+
+ # Get the program name
+ ($prog) = ($0 =~ m|([^/]+)$|);
+
+ #
+ # Check we have all the commands we'll need on the path.
+ #
+
+ cmd:
+ foreach $cmd ("uname","xauth") {
+ for (split(/:/,$ENV{PATH})) {
+ if (-x "$_/$cmd") {
+ next cmd;
+ }
+ }
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+ if($exedir eq "") {
+ cmd2:
+ foreach $cmd ("Xvnc","vncpasswd") {
+ for (split(/:/,$ENV{PATH})) {
+ if (-x "$_/$cmd") {
+ next cmd2;
+ }
+ }
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+ }
+ else {
+ cmd3:
+ foreach $cmd ($exedir."Xvnc",$exedir."vncpasswd") {
+ for (split(/:/,$ENV{PATH})) {
+ if (-x "$cmd") {
+ next cmd3;
+ }
+ }
+ die "$prog: couldn't find \"$cmd\".\n";
+ }
+ }
+
+ if (!defined($ENV{HOME})) {
+ die "$prog: The HOME environment variable is not set.\n";
+ }
+
+ #
+ # Find socket constants. 'use Socket' is a perl5-ism, so we wrap it in an
+ # eval, and if it fails we try 'require "sys/socket.ph"'. If this fails,
+ # we just guess at the values. If you find perl moaning here, just
+ # hard-code the values of AF_INET and SOCK_STREAM. You can find these out
+ # for your platform by looking in /usr/include/sys/socket.h and related
+ # files.
+ #
+
+ chop($os = `uname`);
+ chop($osrev = `uname -r`);
+
+ eval 'use Socket';
+ if ($@) {
+ eval 'require "sys/socket.ph"';
+ if ($@) {
+ if (($os eq "SunOS") && ($osrev !~ /^4/)) {
+ $AF_INET = 2;
+ $SOCK_STREAM = 2;
+ } else {
+ $AF_INET = 2;
+ $SOCK_STREAM = 1;
+ }
+ } else {
+ $AF_INET = &AF_INET;
+ $SOCK_STREAM = &SOCK_STREAM;
+ }
+ } else {
+ $AF_INET = &AF_INET;
+ $SOCK_STREAM = &SOCK_STREAM;
+ }
+}
+
+sub NotifyAboutDeprecation
+{
+ warn "\nWARNING: vncserver has been replaced by a systemd unit and is now considered deprecated and removed in upstream.\n";
+ warn "Please read /usr/share/doc/tigervnc/HOWTO.md for more information.\n";
+}
diff --git a/SOURCES/vncserver.man b/SOURCES/vncserver.man
new file mode 100644
index 0000000..2641ed1
--- /dev/null
+++ b/SOURCES/vncserver.man
@@ -0,0 +1,204 @@
+.TH vncserver 1 "" "TigerVNC" "Virtual Network Computing"
+.SH NAME
+vncserver \- start or stop a VNC server
+.SH SYNOPSIS
+.B vncserver
+.RI [: display# ]
+.RB [ \-name
+.IR desktop-name ]
+.RB [ \-geometry
+.IR width x height ]
+.RB [ \-depth
+.IR depth ]
+.RB [ \-pixelformat
+.IR format ]
+.RB [ \-fp
+.IR font-path ]
+.RB [ \-fg ]
+.RB [ \-autokill ]
+.RB [ \-noxstartup ]
+.RB [ \-xstartup
+.IR script ]
+.RI [ Xvnc-options... ]
+.br
+.BI "vncserver \-kill :" display#
+.br
+.BI "vncserver \-list"
+.SH DESCRIPTION
+.B vncserver
+is used to start a VNC (Virtual Network Computing) desktop.
+.B vncserver
+is a Perl script which simplifies the process of starting an Xvnc server. It
+runs Xvnc with appropriate options and starts a window manager on the VNC
+desktop.
+
+.B vncserver
+can be run with no options at all. In this case it will choose the first
+available display number (usually :1), start Xvnc with that display number,
+and start the default window manager in the Xvnc session. You can also
+specify the display number, in which case vncserver will attempt to start
+Xvnc with that display number and exit if the display number is not
+available. For example:
+
+.RS
+vncserver :13
+.RE
+
+Editing the file $HOME/.vnc/xstartup allows you to change the applications run
+at startup (but note that this will not affect an existing VNC session.)
+
+.SH OPTIONS
+You can get a list of options by passing \fB\-h\fP as an option to vncserver.
+In addition to the options listed below, any unrecognised options will be
+passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details.
+
+.TP
+.B \-name \fIdesktop-name\fP
+Each VNC desktop has a name which may be displayed by the viewer. The desktop
+name defaults to "\fIhost\fP:\fIdisplay#\fP (\fIusername\fP)", but you can
+change it with this option. The desktop name option is passed to the xstartup
+script via the $VNCDESKTOP environment variable, which allows you to run a
+different set of applications depending on the name of the desktop.
+.
+.TP
+.B \-geometry \fIwidth\fPx\fIheight\fP
+Specify the size of the VNC desktop to be created. Default is 1024x768.
+.
+.TP
+.B \-depth \fIdepth\fP
+Specify the pixel depth (in bits) of the VNC desktop to be created. Default is
+24. Other possible values are 8, 15 and 16 - anything else is likely to cause
+strange behaviour by applications.
+.
+.TP
+.B \-pixelformat \fIformat\fP
+Specify pixel format for Xvnc to use (BGRnnn or RGBnnn). The default for
+depth 8 is BGR233 (meaning the most significant two bits represent blue, the
+next three green, and the least significant three represent red), the default
+for depth 16 is RGB565, and the default for depth 24 is RGB888.
+.
+.TP
+.B \-cc 3
+As an alternative to the default TrueColor visual, this allows you to run an
+Xvnc server with a PseudoColor visual (i.e. one which uses a color map or
+palette), which can be useful for running some old X applications which only
+work on such a display. Values other than 3 (PseudoColor) and 4 (TrueColor)
+for the \-cc option may result in strange behaviour, and PseudoColor desktops
+must have an 8-bit depth.
+.
+.TP
+.B \-kill :\fIdisplay#\fP
+This kills a VNC desktop previously started with vncserver. It does this by
+killing the Xvnc process, whose process ID is stored in the file
+"$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid". The
+.B \-kill
+option ignores anything preceding the first colon (":") in the display
+argument. Thus, you can invoke "vncserver \-kill $DISPLAY", for example at the
+end of your xstartup file after a particular application exits.
+.
+.TP
+.B \-fp \fIfont-path\fP
+If the vncserver script detects that the X Font Server (XFS) is running, it
+will attempt to start Xvnc and configure Xvnc to use XFS for font handling.
+Otherwise, if XFS is not running, the vncserver script will attempt to start
+Xvnc and allow Xvnc to use its own preferred method of font handling (which may
+be a hard-coded font path or, on more recent systems, a font catalog.) In
+any case, if Xvnc fails to start, the vncserver script will then attempt to
+determine an appropriate X font path for this system and start Xvnc using
+that font path.
+
+The
+.B \-fp
+argument allows you to override the above fallback logic and specify a font
+path for Xvnc to use.
+.
+.TP
+.B \-fg
+Runs Xvnc as a foreground process. This has two effects: (1) The VNC server
+can be aborted with CTRL-C, and (2) the VNC server will exit as soon as the
+user logs out of the window manager in the VNC session. This may be necessary
+when launching TigerVNC from within certain grid computing environments.
+.
+.TP
+.B \-autokill
+Automatically kill Xvnc whenever the xstartup script exits. In most cases,
+this has the effect of terminating Xvnc when the user logs out of the window
+manager.
+.
+.TP
+.B \-noxstartup
+Do not run the %HOME/.vnc/xstartup script after launching Xvnc. This
+option allows you to manually start a window manager in your TigerVNC session.
+.
+.TP
+.B \-xstartup \fIscript\fP
+Run a custom startup script, instead of %HOME/.vnc/xstartup, after launching
+Xvnc. This is useful to run full-screen applications.
+.
+.TP
+.B \-list
+Lists all VNC desktops started by vncserver.
+
+.SH FILES
+Several VNC-related files are found in the directory $HOME/.vnc:
+.TP
+$HOME/.vnc/xstartup
+A shell script specifying X applications to be run when a VNC desktop is
+started. If this file does not exist, then vncserver will create a default
+xstartup script which attempts to launch your chosen window manager.
+.TP
+/etc/tigervnc/vncserver-config-defaults
+The optional system-wide equivalent of $HOME/.vnc/config. If this file exists
+and defines options to be passed to Xvnc, they will be used as defaults for
+users. The user's $HOME/.vnc/config overrides settings configured in this file.
+The overall configuration file load order is: this file, $HOME/.vnc/config,
+and then /etc/tigervnc/vncserver-config-mandatory. None are required to exist.
+.TP
+/etc/tigervnc/vncserver-config-mandatory
+The optional system-wide equivalent of $HOME/.vnc/config. If this file exists
+and defines options to be passed to Xvnc, they will override any of the same
+options defined in a user's $HOME/.vnc/config. This file offers a mechanism
+to establish some basic form of system-wide policy. WARNING! There is
+nothing stopping users from constructing their own vncserver-like script
+that calls Xvnc directly to bypass any options defined in
+/etc/tigervnc/vncserver-config-mandatory. Likewise, any CLI arguments passed
+to vncserver will override ANY config file setting of the same name. The
+overall configuration file load order is:
+/etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then this file.
+None are required to exist.
+.TP
+$HOME/.vnc/config
+An optional server config file wherein options to be passed to Xvnc are listed
+to avoid hard-coding them to the physical invocation. List options in this file
+one per line. For those requiring an argument, simply separate the option from
+the argument with an equal sign, for example: "geometry=2000x1200" or
+"securitytypes=vncauth,tlsvnc". Options without an argument are simply listed
+as a single word, for example: "localhost" or "alwaysshared".
+.TP
+$HOME/.vnc/passwd
+The VNC password file.
+.TP
+$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.log
+The log file for Xvnc and applications started in xstartup.
+.TP
+$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid
+Identifies the Xvnc process ID, used by the
+.B \-kill
+option.
+
+.SH SEE ALSO
+.BR vncviewer (1),
+.BR vncpasswd (1),
+.BR vncconfig (1),
+.BR Xvnc (1)
+.br
+https://www.tigervnc.org
+
+.SH AUTHOR
+Tristan Richardson, RealVNC Ltd., D. R. Commander and others.
+
+VNC was originally developed by the RealVNC team while at Olivetti
+Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were
+implemented by Constantin Kaplinsky. Many other people have since
+participated in development, testing and support. This manual is part
+of the TigerVNC software suite.
diff --git a/SOURCES/xvnc.service b/SOURCES/xvnc.service
new file mode 100644
index 0000000..3471e1f
--- /dev/null
+++ b/SOURCES/xvnc.service
@@ -0,0 +1,38 @@
+# The vncserver service unit file
+#
+# Quick HowTo:
+# 1. Copy this file to /etc/systemd/system/xvnc@.service
+# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket
+# 3. Run `systemctl daemon-reload`
+# 4. Run `systemctl enable xvnc.socket`
+#
+# DO NOT RUN THIS SERVICE if your local area network is
+# untrusted! For a secure way of using VNC, you should
+# limit connections to the local host and then tunnel from
+# the machine you want to view VNC on (host A) to the machine
+# whose VNC output you want to view (host B)
+#
+# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
+#
+# this will open a connection on port 590N of your hostA to hostB's port 590M
+# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
+# See the ssh man page for details on port forwarding)
+#
+# You can then point a VNC client on hostA at vncdisplay N of localhost and with
+# the help of ssh, you end up seeing what hostB makes available on port 590M
+#
+# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
+#
+# Use "-localhost" to prevent remote VNC clients connecting except when
+# doing so through a secure tunnel. See the "-via" option in the
+# `man vncviewer' manual page.
+
+
+[Unit]
+Description=XVNC Per-Connection Daemon
+
+[Service]
+ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
+User=nobody
+StandardInput=socket
+StandardError=syslog
diff --git a/SOURCES/xvnc.socket b/SOURCES/xvnc.socket
new file mode 100644
index 0000000..9b3f92d
--- /dev/null
+++ b/SOURCES/xvnc.socket
@@ -0,0 +1,9 @@
+[Unit]
+Description=XVNC Server
+
+[Socket]
+ListenStream=5900
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec
new file mode 100644
index 0000000..f878f7d
--- /dev/null
+++ b/SPECS/tigervnc.spec
@@ -0,0 +1,1133 @@
+
+#defining macros needed by SELinux
+%global selinuxtype targeted
+%global modulename vncsession
+
+Name: tigervnc
+Version: 1.11.0
+Release: 21%{?dist}
+Summary: A TigerVNC remote display system
+
+%global _hardened_build 1
+
+License: GPLv2+
+URL: http://www.tigervnc.com
+
+Source0: %{name}-%{version}.tar.gz
+Source1: xvnc.service
+Source2: xvnc.socket
+Source3: 10-libvnc.conf
+Source4: HOWTO.md
+
+# Backwards compatibility
+Source5: vncserver
+Source6: vncserver.man
+
+Patch1: tigervnc-use-gnome-as-default-session.patch
+
+# Upstream patches (can be dropped with next Tigervnc release)
+Patch51: tigervnc-let-user-know-about-not-using-view-only-password.patch
+Patch52: tigervnc-working-tls-on-fips-systems.patch
+Patch53: tigervnc-utilize-system-crypto-policies.patch
+Patch54: tigervnc-passwd-crash-with-malloc-checks.patch
+Patch55: tigervnc-tolerate-specifying-boolparam.patch
+Patch56: tigervnc-systemd-service.patch
+Patch57: tigervnc-correctly-start-vncsession-as-daemon.patch
+Patch58: tigervnc-selinux-missing-compression-and-correct-location.patch
+Patch59: tigervnc-selinux-policy-improvements.patch
+Patch60: tigervnc-argb-runtime-ximage-byteorder-selection.patch
+Patch61: tigervnc-selinux-restore-context-in-case-of-different-policies.patch
+Patch62: tigervnc-root-user-selinux-context.patch
+Patch63: tigervnc-vncsession-restore-script-systemd-service.patch
+
+# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
+Patch100: tigervnc-xserver120.patch
+# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
+Patch101: 0001-rpath-hack.patch
+
+BuildRequires: make
+BuildRequires: gcc-c++
+BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
+BuildRequires: libXext-devel, xorg-x11-server-source, libXi-devel
+BuildRequires: xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel
+BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel
+BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
+BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
+BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
+BuildRequires: libdrm-devel, libXt-devel, pixman-devel,
+BuildRequires: systemd, cmake, desktop-file-utils, selinux-policy-devel
+%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
+BuildRequires: libXfont2-devel
+%else
+BuildRequires: libXfont-devel
+%endif
+
+# TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support
+# See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814
+BuildRequires: fltk-devel >= 1.3.3
+BuildRequires: xorg-x11-server-devel
+
+Requires(post): coreutils
+Requires(postun):coreutils
+
+Requires: hicolor-icon-theme
+Requires: tigervnc-license
+Requires: tigervnc-icons
+
+%description
+Virtual Network Computing (VNC) is a remote display system which
+allows you to view a computing 'desktop' environment not only on the
+machine where it is running, but from anywhere on the Internet and
+from a wide variety of machine architectures. This package contains a
+client which will allow you to connect to other desktops running a VNC
+server.
+
+%package server
+Summary: A TigerVNC server
+Requires: perl-interpreter
+Requires: tigervnc-server-minimal = %{version}-%{release}
+Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
+Requires: xorg-x11-xauth
+Requires: xorg-x11-xinit
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires(post): systemd
+
+%description server
+The VNC system allows you to access the same desktop from a wide
+variety of platforms. This package includes set of utilities
+which make usage of TigerVNC server more user friendly. It also
+contains x0vncserver program which can export your active
+X session.
+
+%package server-minimal
+Summary: A minimal installation of TigerVNC server
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires(post): systemd
+
+Requires: mesa-dri-drivers, xkeyboard-config, xkbcomp
+Requires: tigervnc-license, dbus-x11
+
+%description server-minimal
+The VNC system allows you to access the same desktop from a wide
+variety of platforms. This package contains minimal installation
+of TigerVNC server, allowing others to access the desktop on your
+machine.
+
+%package server-module
+Summary: TigerVNC module to Xorg
+Requires: xorg-x11-server-Xorg %(xserver-sdk-abi-requires ansic) %(xserver-sdk-abi-requires videodrv)
+Requires: tigervnc-license
+
+%description server-module
+This package contains libvnc.so module to X server, allowing others
+to access the desktop on your machine.
+
+%package license
+Summary: License of TigerVNC suite
+BuildArch: noarch
+
+%description license
+This package contains license of the TigerVNC suite
+
+%package icons
+Summary: Icons for TigerVNC viewer
+BuildArch: noarch
+
+%description icons
+This package contains icons for TigerVNC viewer
+
+%package selinux
+Summary: SELinux module for TigerVNC
+BuildArch: noarch
+BuildRequires: selinux-policy-devel
+Requires: selinux-policy-%{selinuxtype}
+Requires(post): selinux-policy-%{selinuxtype}
+BuildRequires: selinux-policy-devel
+%{?selinux_requires}
+
+%description selinux
+This package provides the SELinux policy module to ensure TigerVNC
+runs properly under an environment with SELinux enabled.
+
+%prep
+%setup -q
+
+cp -r /usr/share/xorg-x11-server-source/* unix/xserver
+pushd unix/xserver
+for all in `find . -type f -perm -001`; do
+ chmod -x "$all"
+done
+%patch100 -p1 -b .xserver120-rebased
+%patch101 -p1 -b .rpath
+popd
+
+%patch1 -p1 -b .use-gnome-as-default-session
+
+# Upstream patches
+%patch51 -p1 -b .let-user-know-about-not-using-view-only-password
+%patch52 -p1 -b .working-tls-on-fips-systems
+%patch53 -p1 -b .utilize-system-crypto-policies
+%patch54 -p1 -b .passwd-crash-with-malloc-checks
+%patch55 -p1 -b .tolerate-specifying-boolparam
+%patch56 -p1 -b .systemd-service
+%patch57 -p1 -b .correctly-start-vncsession-as-daemon
+%patch58 -p1 -b .selinux-missing-compression-and-correct-location
+%patch59 -p1 -b .selinux-policy-improvements
+%patch60 -p1 -b .argb-runtime-ximage-byteorder-selection
+%patch61 -p1 -b .selinux-restore-context-in-case-of-different-policies
+%patch62 -p1 -b .root-user-selinux-context
+%patch63 -p1 -b .vncsession-restore-script-systemd-service
+
+%build
+%ifarch sparcv9 sparc64 s390 s390x
+export CFLAGS="$RPM_OPT_FLAGS -fPIC"
+%else
+export CFLAGS="$RPM_OPT_FLAGS -fpic"
+%endif
+export CXXFLAGS="$CFLAGS -std=c++11"
+
+%define __cmake_builddir %{_target_platform}
+
+mkdir -p %{%__cmake_builddir}
+
+%cmake
+
+%cmake_build
+
+pushd unix/xserver
+
+%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
+sed -i 's@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}/%{_target_platform}@g' hw/vnc/Makefile.am
+%endif
+
+autoreconf -fiv
+%configure \
+ --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
+ --disable-xwin --disable-xephyr --disable-kdrive --disable-xwayland \
+ --with-pic --disable-static \
+ --with-default-font-path="catalogue:%{_sysconfdir}/X11/fontpath.d,built-ins" \
+ --with-fontdir=%{_datadir}/X11/fonts \
+ --with-xkb-output=%{_localstatedir}/lib/xkb \
+ --enable-install-libxf86config \
+ --enable-glx --disable-dri --enable-dri2 --disable-dri3 \
+ --disable-unit-tests \
+ --disable-config-hal \
+ --disable-config-udev \
+ --with-dri-driver-path=%{_libdir}/dri \
+ --without-dtrace \
+ --disable-devel-docs \
+ --disable-selective-werror
+
+make %{?_smp_mflags}
+popd
+
+# Build icons
+%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
+pushd %{_target_platform}/media
+%else
+pushd media
+%endif
+make
+popd
+
+# SELinux
+pushd unix/vncserver/selinux
+make
+popd
+
+%install
+%cmake_install
+rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
+
+pushd unix/xserver/hw/vnc
+%make_install
+popd
+
+# Install systemd unit file
+pushd unix/vncserver/selinux
+make install DESTDIR=%{buildroot}
+popd
+
+# Install systemd unit file
+install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
+install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
+
+# Install desktop stuff
+mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps
+
+pushd media/icons
+for s in 16 24 48; do
+install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png
+done
+popd
+
+%if 0%{?rhel} > 9
+# Install a replacement for /usr/bin/vncserver which will tell the user to read the
+# HOWTO.md file
+cat <<EOF > %{buildroot}/%{_bindir}/vncserver
+#!/bin/bash
+echo "vncserver has been replaced by a systemd unit."
+echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
+EOF
+chmod +x %{buildroot}/%{_bindir}/vncserver
+%else
+rm -f %{buildroot}/%{_mandir}/man8/vncserver.8
+
+install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
+install -m 644 %{SOURCE6} %{buildroot}/%{_mandir}/man8/vncserver.8
+%endif
+
+%find_lang %{name} %{name}.lang
+
+# remove unwanted files
+rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la
+
+mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
+
+install -m 644 %{SOURCE4} %{buildroot}/%{_docdir}/tigervnc/HOWTO.md
+
+%post server
+%systemd_post xvnc@.service
+%systemd_post xvnc.socket
+
+%preun server
+%systemd_preun xvnc@.service
+%systemd_preun xvnc.socket
+
+%postun server
+%systemd_postun xvnc@.service
+%systemd_postun xvnc.socket
+
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+%selinux_relabel_post -s %{selinuxtype}
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+ %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
+ %selinux_relabel_post -s %{selinuxtype}
+fi
+
+
+%files -f %{name}.lang
+%doc README.rst
+%{_bindir}/vncviewer
+%{_datadir}/applications/*
+%{_mandir}/man1/vncviewer.1*
+
+%files server
+%config(noreplace) %{_sysconfdir}/pam.d/tigervnc
+%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-defaults
+%config(noreplace) %{_sysconfdir}/tigervnc/vncserver-config-mandatory
+%config(noreplace) %{_sysconfdir}/tigervnc/vncserver.users
+%{_unitdir}/vncserver@.service
+%{_unitdir}/xvnc@.service
+%{_unitdir}/xvnc.socket
+%{_bindir}/vncserver
+%{_bindir}/x0vncserver
+%{_sbindir}/vncsession
+%{_libexecdir}/vncserver
+%{_libexecdir}/vncsession-start
+%{_libexecdir}/vncsession-restore
+%{_mandir}/man1/x0vncserver.1*
+%{_mandir}/man8/vncserver.8*
+%{_mandir}/man8/vncsession.8*
+%{_docdir}/tigervnc/HOWTO.md
+
+%files server-minimal
+%{_bindir}/vncconfig
+%{_bindir}/vncpasswd
+%{_bindir}/Xvnc
+%{_mandir}/man1/Xvnc.1*
+%{_mandir}/man1/vncpasswd.1*
+%{_mandir}/man1/vncconfig.1*
+
+%files server-module
+%{_libdir}/xorg/modules/extensions/libvnc.so
+%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
+
+%files license
+%{_docdir}/tigervnc/LICENCE.TXT
+
+%files icons
+%{_datadir}/icons/hicolor/*/apps/*
+
+%files selinux
+%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
+%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
+
+%changelog
+* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
+- Added vncsession-restore script for SELinux policy migration
+ Fix SELinux context for root user
+ Resolves: bz#2049506
+
+* Fri Nov 26 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-20
+- Rebuild for absence in RHEL 9.0
+ Resolves: bz#1985858
+
+* Mon Aug 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-19
+- Sync upstream patches + drop unused patches
+ Resolves: bz#1985858
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-18
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+ Related: rhbz#1991688
+
+* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-17
+- Fix logout from VNC session using vncserver
+ Resolves: bz#1983704
+
+* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-16
+- Bump version for rebuild (binutils)
+ Resolves: bz#1961488
+
+* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-14
+- SELinux improvements
+ Resolves: bz#1961488
+
+- Fix endianness issue on s390x
+ Resolves: bz#1963029
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-13
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12
+- Include RHEL8 patches
+
+* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11
+- Enable old vncserver script for RHEL 9
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Dec 10 07:45:46 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
+- vncserver: ignore new session parameter from the new systemd support
+
+* Fri Nov 13 14:08:29 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
+- Use /run instead of /var/run which is just a symlink
+
+* Thu Nov 05 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.11.0-7
+- Require xkbcomp directly, not xorg-x11-xkb-utils. The latter has had
+ Provides xkbcomp for years.
+
+* Tue Sep 29 13:12:22 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
+- Backport upstream fix allowing Tigervnc to specify boolean valus in configuration
+- Revert removal of vncserver for F32 and F33
+
+* Thu Sep 24 07:14:06 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
+- Actually install the HOWTO.md file
+
+* Wed Sep 23 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
+- Call systemd macros on correct service file
+
+* Tue Sep 22 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
+- Do not overwrite libvnc.conf config file
+
+* Thu Sep 17 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
+- Add /usr/bin/vncserver file informing users to read the HOWTO.md file
+
+* Wed Sep 09 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
+- 1.11.0
+
+* Mon Aug 24 2020 Jan Grulich <jgrulich@redhat.com. - 1.10.90-1
+- Update to 1.10.90 (1.11.0 beta)
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-9
+- Second attempt - Rebuilt for
+ https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-7
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 1.10.1-6
+- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
+
+* Sun Apr 19 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
+- Requires: dbus-x11
+ Resolves: bz#1825331
+
+* Fri Mar 13 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.10.1-4
+- Fix build with xserver 1.20.7
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jan 13 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
+- Build with -std=c++11
+
+* Fri Dec 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
+- Update to 1.10.1
+
+* Tue Dec 10 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-2
+- Properly install systemd files
+
+* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-1
+- Update to 1.10.0
+
+* Fri Oct 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.90-1
+- Update to 1.9.90 (1.10 beta)
+- Add systemd user service file
+- Use a wrapper for systemd system service file to workaround systemd limitations
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Jul 19 2019 Dan Horák <dan[at]danny.cz> - 1.9.0-6
+- drop the s390x special handling (related #1727029)
+
+* Wed Jun 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
+- Add missing arguments to systemd_postun scriptlets
+ Resolves: bz#1716411
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Sep 25 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
+- Do not crash passwd when using malloc perturb checks
+ Resolves: bz#1631483
+
+* Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2
+- Ignore buttons in mouse leave events
+ Resolves: bz#1609516
+
+* Tue Jul 17 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-1
+- Update to 1.9.0
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.90-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jul 4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.90-2
+- Clean up spec: use macros consistenly, drop old sys-v migrations
+- Drop ancient obsolete/provides
+
+* Thu Jun 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.90-1
+- Update to 1.8.90
+
+* Wed Jun 13 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-10
+- Fix tigervnc systemd unit file
+ Resolves: bz#1583159
+
+* Wed Jun 06 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-9
+- Fix GLX initialization with 1.20
+
+* Wed Apr 04 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-8
+- Rebuild for xserver 1.20
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Jan 18 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.0-6
+- Remove obsolete scriptlets
+
+* Fri Dec 15 2017 Jan Grulich <jgrulich@redhat.com> - 1.8.0-5
+- Properly initialize tigervnc when started as systemd service
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 1.8.0-2
+- perl dependency renamed to perl-interpreter
+ <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
+
+* Wed May 17 2017 Jan Grulich <jgrulich@redhat.com> - 1.8.0-1
+- Update to 1.8.0
+
+* Thu Apr 20 2017 Jan Grulich <jgrulich@redhat.com> - 1.7.90-1
+- Update to 1.7.90 (beta)
+
+* Thu Apr 06 2017 Jan Grulich <jgrulich@redhat.com> - 1.7.1-4
+- Added systemd unit file for xvnc
+ Resolves: bz#891802
+
+* Tue Apr 04 2017 Jan Grulich <jgrulich@redhat.com> - 1.7.1-3
+- Bug 1438704 - CVE-2017-7392 CVE-2017-7393 CVE-2017-7394
+ CVE-2017-7395 CVE-2017-7396 tigervnc: various flaws
+ + other upstream related fixes
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Jan 19 2017 Jan Grulich <jgrulich@redhat.com> - 1.7.1-1
+- Update to 1.7.1
+
+* Mon Jan 9 2017 Hans de Goede <hdegoede@redhat.com> - 1.7.0-6
+- Fix -inetd no longer working (rhbz#1408724)
+
+* Wed Nov 30 2016 Jan Grulich <jgrulich@redhat.com> - 1.7.0-5
+- Fix broken vncserver.service file
+
+* Wed Nov 23 2016 Jan Grulich <jgrulich@redhat.com> - 1.7.0-4
+- Improve instructions in vncserver.service
+ Resolves: bz#1397207
+
+* Tue Oct 4 2016 Hans de Goede <hdegoede@redhat.com> - 1.7.0-3
+- Update tigervnc-1.7.0-xserver119-support.patch to also request write
+ notfication when necessary
+
+* Mon Oct 3 2016 Hans de Goede <hdegoede@redhat.com> - 1.7.0-2
+- Add patches for use with xserver-1.19
+- Rebuild against xserver-1.19
+- Cleanup specfile a bit
+
+* Mon Sep 12 2016 Jan Grulich <jgrulich@redhat.com> - 1.7.0-1
+- Update to 1.7.0
+
+* Mon Jul 18 2016 Jan Grulich <jgrulich@redhat.com> - 1.6.90-1
+- Update to 1.6.90 (1.7.0 beta)
+
+* Wed Jun 01 2016 Jan Grulich <jgrulich@redhat.com> - 1.6.0-6
+- Try to pickup upstream fix for compatibility with gtk vnc clients
+
+* Wed Jun 01 2016 Jan Grulich <jgrulich@redhat.com> - 1.6.0-5
+- Re-enable patch4 again, will need to find a way to make this work on both sides
+
+* Mon May 23 2016 Jan Grulich <jgrulich@redhat.com> - 1.6.0-4
+- Utilize system-wide crypto policies
+ Resolves: bz#1179345
+- Try to disable patch4 as it was previously written to support an
+ older version of a different client and breaks some other usage
+ Resolves: bz#1280440
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jan 13 2016 Jan Grulich <jgrulich@redhat.com> - 1.6.0-2
+- Update systemd service file
+ Resolves: bz#1211789
+
+* Mon Jan 04 2016 Jan Grulich <jgrulich@redhat.com> - 1.6.0-1
+- Update to 1.6.0
+
+* Tue Dec 01 2015 Jan Grulich <jgrulich@redhat.com> - 1.5.90-1
+- Update to 1.5.90 (1.6.0 beta)
+
+* Thu Nov 19 2015 Jan Grulich <jgrulich@redhat.com> - 1.5.0-4
+- rebuild against final xorg server 1.18 release (bug #1279146)
+
+* Tue Sep 22 2015 Kalev Lember <klember@redhat.com> - 1.5.0-3
+- xorg server 1.18 ABI rebuild
+
+* Fri Aug 21 2015 Jan Grulich <jgrulich@redhat.com> - 1.5.0-2
+- Do not fail with -inetd option
+
+* Wed Aug 19 2015 Jan Grulich <jgrulich@redhat.com> - 1.5.0-1
+- 1.5.0
+
+* Tue Aug 04 2015 Kevin Fenzi <kevin@scrye.com> - 1.4.3-12
+- Rebuild to fix broken deps and build against xorg 1.18 prerelease
+
+* Thu Jun 25 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-11
+- Rebuilt (bug #1235603).
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon May 04 2015 Kalev Lember <kalevlember@gmail.com> - 1.4.3-8
+- Rebuilt for nettle soname bump
+
+* Wed Apr 22 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-7
+- Removed incorrect parameters from vncviewer manpage (bug #1213199).
+
+* Tue Apr 21 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-6
+- Use full git hash for GitHub tarball release.
+
+* Fri Apr 10 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-5
+- Explicit version build dependency for fltk (bug #1208814).
+
+* Thu Apr 9 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-4
+- Drop upstream xorg-x11-server patch as it is now built (bug #1210407).
+
+* Thu Apr 9 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-3
+- Apply upstream patch to fix byte order (bug #1206060).
+
+* Fri Mar 6 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-2
+- Don't disable Xinerama extension (upstream #147).
+
+* Mon Mar 2 2015 Tim Waugh <twaugh@redhat.com> - 1.4.3-1
+- 1.4.3.
+
+* Tue Feb 24 2015 Tim Waugh <twaugh@redhat.com> - 1.4.2-3
+- Use calloc instead of xmalloc.
+- Removed unnecessary configure flags.
+
+* Wed Feb 18 2015 Rex Dieter <rdieter@fedoraproject.org> 1.4.2-2
+- rebuild (fltk)
+
+* Fri Feb 13 2015 Tim Waugh <twaugh@redhat.com> - 1.4.2-1
+- Rebased xserver116.patch against xorg-x11-server-1.17.1.
+- Allow build against xorg-x11-server-1.17.
+- 1.4.2.
+
+* Tue Sep 9 2014 Tim Waugh <twaugh@redhat.com> - 1.3.1-11
+- Added missing part of xserver114.patch (bug #1137023).
+
+* Wed Sep 3 2014 Tim Waugh <twaugh@redhat.com> - 1.3.1-10
+- Fix build against xorg-x11-server-1.16.0 (bug #1136532).
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Tue Jul 15 2014 Tim Waugh <twaugh@redhat.com> - 1.3.1-8
+- Input reset fixes from upstream (bug #1116956).
+- No longer need ppc64le patch as it's now in xorg-x11-server.
+- Rebased xserver114.patch again.
+
+* Fri Jun 20 2014 Hans de Goede <hdegoede@redhat.com> - 1.3.1-7
+- xserver 1.15.99.903 ABI rebuild
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu May 22 2014 Tim Waugh <twaugh@redhat.com> 1.3.1-5
+- Keep pointer in sync when using module (upstream bug #152).
+
+* Mon Apr 28 2014 Adam Jackson <ajax@redhat.com> 1.3.1-4
+- Add version interlocks for -server-module
+
+* Mon Apr 28 2014 Hans de Goede <hdegoede@redhat.com> - 1.3.1-3
+- xserver 1.15.99-20140428 git snapshot ABI rebuild
+
+* Mon Apr 7 2014 Tim Waugh <twaugh@redhat.com> 1.3.1-2
+- Allow build with dri3 and present extensions (bug #1063392).
+
+* Thu Mar 27 2014 Tim Waugh <twaugh@redhat.com> 1.3.1-1
+- 1.3.1 (bug #1078806).
+- Add ppc64le support (bug #1078495).
+
+* Wed Mar 19 2014 Tim Waugh <twaugh@redhat.com> 1.3.0-15
+- Disable dri3 to enable building (bug #1063392).
+- Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928).
+
+* Fri Feb 21 2014 Tim Waugh <twaugh@redhat.com> 1.3.0-14
+- Enabled hardened build (bug #955206).
+
+* Mon Feb 10 2014 Tim Waugh <twaugh@redhat.com> 1.3.0-13
+- Clearer xstartup file (bug #923655).
+
+* Tue Jan 14 2014 Tim Waugh <twaugh@redhat.com> 1.3.0-12
+- Fixed instructions in systemd unit file.
+
+* Fri Jan 10 2014 Tim Waugh <twaugh@redhat.com> 1.3.0-11
+- Fixed viewer crash when cursor has not been set (bug #1038701).
+
+* Thu Dec 12 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-10
+- Avoid invalid read when ZRLE connection closed (upstream bug #133).
+
+* Tue Dec 3 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-9
+- Fixed build failure with -Werror=format-security (bug #1037358).
+
+* Thu Nov 07 2013 Adam Jackson <ajax@redhat.com> 1.3.0-8
+- Rebuild against xserver 1.15RC1
+
+* Tue Sep 24 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-7
+- Removed incorrect patch (for unexpected key_is_down). Fixes stuck
+ keys bug (bug #989502).
+
+* Thu Sep 19 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-6
+- Fixed typo in 10-libvnc.conf (bug #1009111).
+
+* Wed Sep 18 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-5
+- Better fix for PIDFile problem (bug #983232).
+
+* Mon Aug 5 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-4
+- Fixed doc-related build failure (bug #992790).
+
+* Wed Jul 24 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-3
+- Avoid PIDFile problems in systemd unit file (bug #983232).
+- libvnc.so: don't use unexported key_is_down function.
+- Don't use shebang in vncserver script.
+
+* Fri Jul 12 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-2
+- Renumbered patches.
+- libvnc.so: don't use unexported GetMaster function (bug #744881 again).
+
+* Mon Jul 8 2013 Tim Waugh <twaugh@redhat.com> 1.3.0-1
+- 1.3.0.
+
+* Wed Jul 3 2013 Tim Waugh <twaugh@redhat.com> 1.2.80-0.18.20130314svn5065
+- Removed systemd_requires macro in order to fix the build.
+
+* Wed Jul 3 2013 Tim Waugh <twaugh@redhat.com> 1.2.80-0.17.20130314svn5065
+- Synchronise manpages and --help output (bug #980870).
+
+* Mon Jun 17 2013 Adam Jackson <ajax@redhat.com> 1.2.80-0.16.20130314svn5065
+- tigervnc-setcursor-crash.patch: Attempt to paper over a crash in Xvnc when
+ setting the cursor.
+
+* Sat Jun 08 2013 Dennis Gilmore <dennis@ausil.us> 1.2.80-0.15.20130314svn5065
+- bump to rebuild and pick up bugfix causing X to crash on ppc and arm
+
+* Thu May 23 2013 Tim Waugh <twaugh@redhat.com> 1.2.80-0.14.20130314svn5065
+- Use systemd rpm macros (bug #850340). Moved systemd requirements
+ from main package to server sub-package.
+- Applied Debian patch to fix busy loop when run from inetd in nowait
+ mode (bug #920373).
+- Added dependency on xorg-x11-xinit to server sub-package so that
+ default window manager can be found (bug #896284, bug #923655).
+- Fixed bogus changelog date.
+
+* Thu Mar 14 2013 Adam Jackson <ajax@redhat.com> 1.2.80-0.13.20130314svn5065
+- Less RHEL customization
+
+* Thu Mar 14 2013 Adam Tkac <atkac redhat com> - 1.2.80-0.12.20130314svn5065
+- include /etc/X11/xorg.conf.d/10-libvnc.conf sample configuration (#712482)
+- vncserver now honors specified -geometry parameter (#755947)
+
+* Tue Mar 12 2013 Adam Tkac <atkac redhat com> - 1.2.80-0.11.20130307svn5060
+- update to r5060
+- split icons to separate package to avoid multilib issues
+
+* Tue Feb 19 2013 Adam Tkac <atkac redhat com> - 1.2.80-0.10.20130219svn5047
+- update to r5047 (X.Org 1.14 support)
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.80-0.9.20121126svn5015
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Mon Jan 21 2013 Adam Tkac <atkac redhat com> - 1.2.80-0.8.20121126svn5015
+- rebuild due to "jpeg8-ABI" feature drop
+
+* Wed Jan 16 2013 Adam Tkac <atkac redhat com> 1.2.80-0.7.20121126svn5015
+- rebuild
+
+* Tue Dec 04 2012 Adam Tkac <atkac redhat com> 1.2.80-0.6.20121126svn5015
+- rebuild against new fltk
+
+* Mon Nov 26 2012 Adam Tkac <atkac redhat com> 1.2.80-0.5.20121126svn5015
+- update to r5015
+- build with -fpic instead of -fPIC on all archs except s390/sparc
+
+* Wed Nov 7 2012 Peter Robinson <pbrobinson@fedoraproject.org> 1.2.80-0.4.20120905svn4996
+- Build with -fPIC to fix FTBFS on ARM
+
+* Wed Oct 31 2012 Adam Jackson <ajax@redhat.com> 1.2.80-0.3.20120905svn4996
+- tigervnc12-xorg113-glx.patch: Fix to only init glx on the first server
+ generation
+
+* Fri Sep 28 2012 Adam Jackson <ajax@redhat.com> 1.2.80-0.2.20120905svn4996
+- tigervnc12-xorg113-glx.patch: Re-enable GLX against xserver 1.13
+
+* Fri Aug 17 2012 Adam Tkac <atkac redhat com> 1.2.80-0.1.20120905svn4996
+- update to 1.2.80
+- remove deprecated patches
+ - tigervnc-102434.patch
+ - tigervnc-viewer-reparent.patch
+ - tigervnc11-java7.patch
+- patches merged
+ - tigervnc11-xorg111.patch
+ - tigervnc11-xorg112.patch
+
+* Fri Aug 10 2012 Dave Airlie <airlied@redhat.com> 1.1.0-10
+- fix build against newer X server
+
+* Mon Jul 23 2012 Adam Jackson <ajax@redhat.com> 1.1.0-9
+- Build with the Composite extension for feature parity with other X servers
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jul 19 2012 Dave Airlie <airlied@redhat.com> 1.1.0-7
+- fix building against X.org 1.13
+
+* Wed Apr 04 2012 Adam Jackson <ajax@redhat.com> 1.1.0-6
+- RHEL exclusion for -server-module on ppc* too
+
+* Mon Mar 26 2012 Adam Tkac <atkac redhat com> - 1.1.0-5
+- clean Xvnc's /tmp environment in service file before startup
+- fix building against the latest JAVA 7 and X.Org 1.12
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Nov 22 2011 Adam Tkac <atkac redhat com> - 1.1.0-3
+- don't build X.Org devel docs (#755782)
+- applet: BR generic java-devel instead of java-gcj-devel (#755783)
+- use runuser to start Xvnc in systemd service file (#754259)
+- don't attepmt to restart Xvnc session during update/erase (#753216)
+
+* Fri Nov 11 2011 Adam Tkac <atkac redhat com> - 1.1.0-2
+- libvnc.so: don't use unexported GetMaster function (#744881)
+- remove nasm buildreq
+
+* Mon Sep 12 2011 Adam Tkac <atkac redhat com> - 1.1.0-1
+- update to 1.1.0
+- update the xorg11 patch
+- patches merged
+ - tigervnc11-glx.patch
+ - tigervnc11-CVE-2011-1775.patch
+ - 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch
+
+* Thu Jul 28 2011 Adam Tkac <atkac redhat com> - 1.0.90-6
+- add systemd service file and remove legacy SysV initscript (#717227)
+
+* Thu May 12 2011 Adam Tkac <atkac redhat com> - 1.0.90-5
+- make Xvnc buildable against X.Org 1.11
+
+* Tue May 10 2011 Adam Tkac <atkac redhat com> - 1.0.90-4
+- viewer can send password without proper validation of X.509 certs
+ (CVE-2011-1775)
+
+* Wed Apr 13 2011 Adam Tkac <atkac redhat com> - 1.0.90-3
+- fix wrong usage of memcpy which caused screen artifacts (#652590)
+- don't point to inaccessible link in sysconfig/vncservers (#644975)
+
+* Fri Apr 08 2011 Adam Tkac <atkac redhat com> - 1.0.90-2
+- improve compatibility with vinagre client (#692048)
+
+* Tue Mar 22 2011 Adam Tkac <atkac redhat com> - 1.0.90-1
+- update to 1.0.90
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.90-0.32.20110117svn4237
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon Jan 17 2011 Adam Tkac <atkac redhat com> 1.0.90-0.31.20110117svn4237
+- fix libvnc.so module loading
+
+* Mon Jan 17 2011 Adam Tkac <atkac redhat com> 1.0.90-0.30.20110117svn4237
+- update to r4237
+- patches merged
+ - tigervnc11-optionsdialog.patch
+ - tigervnc11-rh607866.patch
+
+* Fri Jan 14 2011 Adam Tkac <atkac redhat com> 1.0.90-0.29.20101208svn4225
+- improve patch for keyboard issues
+
+* Fri Jan 14 2011 Adam Tkac <atkac redhat com> 1.0.90-0.28.20101208svn4225
+- attempt to fix various keyboard-related issues (key repeating etc)
+
+* Fri Jan 07 2011 Adam Tkac <atkac redhat com> 1.0.90-0.27.20101208svn4225
+- render "Ok" and "Cancel" buttons in the options dialog correctly
+
+* Wed Dec 15 2010 Jan Görig <jgorig redhat com> 1.0.90-0.26.20101208svn4225
+- added vncserver lock file (#662784)
+
+* Fri Dec 10 2010 Adam Tkac <atkac redhat com> 1.0.90-0.25.20101208svn4225
+- update to r4225
+- patches merged
+ - tigervnc11-rh611677.patch
+ - tigervnc11-rh633931.patch
+ - tigervnc11-xorg1.10.patch
+- enable VeNCrypt and PAM support
+
+* Mon Dec 06 2010 Adam Tkac <atkac redhat com> 1.0.90-0.24.20100813svn4123
+- rebuild against xserver 1.10.X
+- 0001-Return-Success-from-generate_modkeymap-when-max_keys.patch merged
+
+* Wed Sep 29 2010 jkeating - 1.0.90-0.23.20100813svn4123
+- Rebuilt for gcc bug 634757
+
+* Tue Sep 21 2010 Adam Tkac <atkac redhat com> 1.0.90-0.22.20100420svn4030
+- drop xorg-x11-fonts-misc dependency (#636170)
+
+* Tue Sep 21 2010 Adam Tkac <atkac redhat com> 1.0.90-0.21.20100420svn4030
+- improve patch for #633645 (fix tcsh incompatibilities)
+
+* Thu Sep 16 2010 Adam Tkac <atkac redhat com> 1.0.90-0.20.20100813svn4123
+- press fake modifiers correctly (#633931)
+- supress unneeded debug information emitted from initscript (#633645)
+
+* Wed Aug 25 2010 Adam Tkac <atkac redhat com> 1.0.90-0.19.20100813svn4123
+- separate Xvnc, vncpasswd and vncconfig to -server-minimal subpkg (#626946)
+- move license to separate subpkg and Requires it from main subpkgs
+- Xvnc: handle situations when no modifiers exist well (#611677)
+
+* Fri Aug 13 2010 Adam Tkac <atkac redhat com> 1.0.90-0.18.20100813svn4123
+- update to r4123 (#617973)
+- add perl requires to -server subpkg (#619791)
+
+* Thu Jul 22 2010 Adam Tkac <atkac redhat com> 1.0.90-0.17.20100721svn4113
+- update to r4113
+- patches merged
+ - tigervnc11-rh586406.patch
+ - tigervnc11-libvnc.patch
+ - tigervnc11-rh597172.patch
+ - tigervnc11-rh600070.patch
+ - tigervnc11-options.patch
+- don't own %%{_datadir}/icons directory (#614301)
+- minor improvements in the .desktop file (#616340)
+- bundled libjpeg configure requires nasm; is executed even if system-wide
+ libjpeg is used
+
+* Fri Jul 02 2010 Adam Tkac <atkac redhat com> 1.0.90-0.16.20100420svn4030
+- build against system-wide libjpeg-turbo (#494458)
+- build no longer requires nasm
+
+* Mon Jun 28 2010 Adam Tkac <atkac redhat com> 1.0.90-0.15.20100420svn4030
+- vncserver: accept <+optname> option when specified as the first one
+
+* Thu Jun 24 2010 Adam Tkac <atkac redhat com> 1.0.90-0.14.20100420svn4030
+- fix memory leak in Xvnc input code (#597172)
+- don't crash when receive negative encoding (#600070)
+- explicitly disable udev configuration support
+- add gettext-autopoint to BR
+
+* Mon Jun 14 2010 Adam Tkac <atkac redhat com> 1.0.90-0.13.20100420svn4030
+- update URL about SSH tunneling in the sysconfig file (#601996)
+
+* Fri Jun 11 2010 Adam Tkac <atkac redhat com> 1.0.90-0.12.20100420svn4030
+- use newer gettext
+- autopoint now uses git instead of cvs, adjust BuildRequires appropriately
+
+* Thu May 13 2010 Adam Tkac <atkac redhat com> 1.0.90-0.11.20100420svn4030
+- link libvnc.so "now" to catch "undefined symbol" errors during Xorg startup
+- use always XkbConvertCase instead of XConvertCase (#580159, #586406)
+- don't link libvnc.so against libXi.la, libdix.la and libxkb.la; use symbols
+ from Xorg instead
+
+* Thu May 13 2010 Adam Tkac <atkac redhat com> 1.0.90-0.10.20100420svn4030
+- update to r4030 snapshot
+- patches merged to upstream
+ - tigervnc11-rh522369.patch
+ - tigervnc11-rh551262.patch
+ - tigervnc11-r4002.patch
+ - tigervnc11-r4014.patch
+
+* Thu Apr 08 2010 Adam Tkac <atkac redhat com> 1.0.90-0.9.20100219svn3993
+- add server-applet subpackage which contains Java vncviewer applet
+- fix Java applet; it didn't work when run from web browser
+- add xorg-x11-xkb-utils to server Requires
+
+* Fri Mar 12 2010 Adam Tkac <atkac redhat com> 1.0.90-0.8.20100219svn3993
+- add French translation to vncviewer.desktop (thanks to Alain Portal)
+
+* Thu Mar 04 2010 Adam Tkac <atkac redhat com> 1.0.90-0.7.20100219svn3993
+- don't crash during pixel format change (#522369, #551262)
+
+* Mon Mar 01 2010 Adam Tkac <atkac redhat com> 1.0.90-0.6.20100219svn3993
+- add mesa-dri-drivers and xkeyboard-config to -server Requires
+- update to r3993 1.0.90 snapshot
+ - tigervnc11-noexecstack.patch merged
+ - tigervnc11-xorg18.patch merged
+ - xserver18.patch is no longer needed
+
+* Wed Jan 27 2010 Jan Gorig <jgorig redhat com> 1.0.90-0.5.20091221svn3929
+- initscript LSB compliance fixes (#523974)
+
+* Fri Jan 22 2010 Adam Tkac <atkac redhat com> 1.0.90-0.4.20091221svn3929
+- mark stack as non-executable in jpeg ASM code
+- add xorg-x11-xauth to Requires
+- add support for X.Org 1.8
+- drop shave sources, they are no longer needed
+
+* Thu Jan 21 2010 Adam Tkac <atkac redhat com> 1.0.90-0.3.20091221svn3929
+- drop tigervnc-xorg25909.patch, it has been merged to X.Org upstream
+
+* Thu Jan 07 2010 Adam Tkac <atkac redhat com> 1.0.90-0.2.20091221svn3929
+- add patch for upstream X.Org issue #25909
+- add libXdmcp-devel to build requires to build Xvnc with XDMCP support (#552322)
+
+* Mon Dec 21 2009 Adam Tkac <atkac redhat com> 1.0.90-0.1.20091221svn3929
+- update to 1.0.90 snapshot
+- patches merged
+ - tigervnc10-compat.patch
+ - tigervnc10-rh510185.patch
+ - tigervnc10-rh524340.patch
+ - tigervnc10-rh516274.patch
+
+* Mon Oct 26 2009 Adam Tkac <atkac redhat com> 1.0.0-3
+- create Xvnc keyboard mapping before first keypress (#516274)
+
+* Thu Oct 08 2009 Adam Tkac <atkac redhat com> 1.0.0-2
+- update underlying X source to 1.6.4-0.3.fc11
+- remove bogus '-nohttpd' parameter from /etc/sysconfig/vncservers (#525629)
+- initscript LSB compliance fixes (#523974)
+- improve -LowColorSwitch documentation and handling (#510185)
+- honor dotWhenNoCursor option (and it's changes) every time (#524340)
+
+* Fri Aug 28 2009 Adam Tkac <atkac redhat com> 1.0.0-1
+- update to 1.0.0
+- tigervnc10-rh495457.patch merged to upstream
+
+* Mon Aug 24 2009 Karsten Hopp <karsten@redhat.com> 0.0.91-0.17
+- fix ifnarch s390x for server-module
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.0.91-0.16
+- rebuilt with new openssl
+
+* Tue Aug 04 2009 Adam Tkac <atkac redhat com> 0.0.91-0.15
+- make Xvnc compilable
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.91-0.14.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Jul 13 2009 Adam Tkac <atkac redhat com> 0.0.91-0.13.1
+- don't write warning when initscript is called with condrestart param (#508367)
+
+* Tue Jun 23 2009 Adam Tkac <atkac redhat com> 0.0.91-0.13
+- temporary use F11 Xserver base to make Xvnc compilable
+- BuildRequires: libXi-devel
+- don't ship tigervnc-server-module on s390/s390x
+
+* Mon Jun 22 2009 Adam Tkac <atkac redhat com> 0.0.91-0.12
+- fix local rendering of cursor (#495457)
+
+* Thu Jun 18 2009 Adam Tkac <atkac redhat com> 0.0.91-0.11
+- update to 0.0.91 (1.0.0 RC1)
+- patches merged
+ - tigervnc10-rh499401.patch
+ - tigervnc10-rh497592.patch
+ - tigervnc10-rh501832.patch
+- after discusion in upstream drop tigervnc-bounds.patch
+- configure flags cleanup
+
+* Thu May 21 2009 Adam Tkac <atkac redhat com> 0.0.90-0.10
+- rebuild against 1.6.1.901 X server (#497835)
+- disable i18n, vncviewer is not UTF-8 compatible (#501832)
+
+* Mon May 18 2009 Adam Tkac <atkac redhat com> 0.0.90-0.9
+- fix vncpasswd crash on long passwords (#499401)
+- start session dbus daemon correctly (#497592)
+
+* Mon May 11 2009 Adam Tkac <atkac redhat com> 0.0.90-0.8.1
+- remove merged tigervnc-manminor.patch
+
+* Tue May 05 2009 Adam Tkac <atkac redhat com> 0.0.90-0.8
+- update to 0.0.90
+
+* Thu Apr 30 2009 Adam Tkac <atkac redhat com> 0.0.90-0.7.20090427svn3789
+- server package now requires xorg-x11-fonts-misc (#498184)
+
+* Mon Apr 27 2009 Adam Tkac <atkac redhat com> 0.0.90-0.6.20090427svn3789
+- update to r3789
+ - tigervnc-rh494801.patch merged
+- tigervnc-newfbsize.patch is no longer needed
+- fix problems when vncviewer and Xvnc run on different endianess (#496653)
+- UltraVNC and TightVNC clients work fine again (#496786)
+
+* Wed Apr 08 2009 Adam Tkac <atkac redhat com> 0.0.90-0.5.20090403svn3751
+- workaround broken fontpath handling in vncserver script (#494801)
+
+* Fri Apr 03 2009 Adam Tkac <atkac redhat com> 0.0.90-0.4.20090403svn3751
+- update to r3751
+- patches merged
+ - tigervnc-xclients.patch
+ - tigervnc-clipboard.patch
+ - tigervnc-rh212985.patch
+- basic RandR support in Xvnc (resize of the desktop)
+- use built-in libjpeg (SSE2/MMX accelerated encoding on x86 platform)
+- use Tight encoding by default
+- use TigerVNC icons
+
+* Tue Mar 03 2009 Adam Tkac <atkac redhat com> 0.0.90-0.3.20090303svn3631
+- update to r3631
+
+* Tue Mar 03 2009 Adam Tkac <atkac redhat com> 0.0.90-0.2.20090302svn3621
+- package review related fixes
+
+* Mon Mar 02 2009 Adam Tkac <atkac redhat com> 0.0.90-0.1.20090302svn3621
+- initial package, r3621