diff --git a/.gitignore b/.gitignore
index d48d90b..4de86f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/tigervnc-1.11.0.tar.gz
+SOURCES/tigervnc-1.12.0.tar.gz
diff --git a/.tigervnc.metadata b/.tigervnc.metadata
index c7c0b3c..9dbf56a 100644
--- a/.tigervnc.metadata
+++ b/.tigervnc.metadata
@@ -1 +1 @@
-6f6b621a76b734888748de10c32c2b5b59d40b19 SOURCES/tigervnc-1.11.0.tar.gz
+44db63993d8ad04f730b0b48e8aca32933bff15a SOURCES/tigervnc-1.12.0.tar.gz
diff --git a/SOURCES/HOWTO.md b/SOURCES/HOWTO.md
deleted file mode 100644
index 28b710d..0000000
--- a/SOURCES/HOWTO.md
+++ /dev/null
@@ -1,110 +0,0 @@
-# What has changed
-The previous Tigervnc versions had a wrapper script called `vncserver` which
-could be run as a user manually to start *Xvnc* process. The usage was quite
-simple as you just run
-```
-$ vncserver :x [vncserver options] [Xvnc options]
-```
-and that was it. While this was working just fine, there were issues when users
-wanted to start a Tigervnc server using *systemd*. For these reasons things were
-completely changed and there is now a new way how this all is supposed to work.
-
- # How to start Tigervnc server
-
-## Add a user mapping
-With this you can map a user to a particular port. The mapping should be done in
-`/etc/tigervnc/vncserver.users` configuration file. It should be pretty
-straightforward once you open the file as there are some examples, but basically
-the mapping is in form
-```
-:x=user
-```
-For example you can have
-```
-:1=test
-:2=vncuser
-```
-
-## Configure Xvnc options
-To configure Xvnc parameters, you need to go to the same directory where you did
-the user mapping and open `vncserver-config-defaults` configuration file. This
-file is for the default Xvnc configuration and will be applied to every user
-unless any of the following applies:
-* The user has its own configuration in `$HOME/.vnc/config`
-* The same option with different value is configured in
- `vncserver-config-mandatory` configuration file, which replaces the default
- configuration and has even a higher priority than the per-user configuration.
- This option is for system administrators when they want to force particular
- *Xvnc* options.
-
-Format of the configuration file is also quite simple as the configuration is
-in form of
-```
-option=value
-option
-```
-for example
-```
-session=gnome
-securitytypes=vncauth,tlsvnc
-desktop=sandbox
-geometry=2000x1200
-localhost
-alwaysshared
-```
-### Note:
-There is one important option you need to set and that option is the session you
-want to start. E.g when you want to start GNOME desktop, then you have to use
-```
-session=gnome
-```
-which should match the name of a session desktop file from `/usr/share/xsessions`
-directory.
-
-## Set VNC password
-You need to set a password for each user in order to be able to start the
-Tigervnc server. In order to create a password, you just run
-```
-$ vncpasswd
-```
-as the user you will be starting the server for.
-### Note:
-If you were using Tigervnc before for your user and you already created a
-password, then you will have to make sure the `$HOME/.vnc` folder created by
-`vncpasswd` will have the correct *SELinux* context. You either can delete this
-folder and recreate it again by creating the password one more time, or
-alternatively you can run
-```
-$ restorecon -RFv /home/<USER>/.vnc
-```
-
-## Start the Tigervnc server
-Finally you can start the server using systemd service. To do so just run
-```
-$ systemctl start vncserver@:x
-```
-as root or
-```
-$ sudo systemctl start vncserver@:x
-```
-as a regular user in case it has permissions to run `sudo`. Don't forget to
-replace the `:x` by the actual number you configured in the user mapping file.
-Following our example by running
-```
-$ systemctl start vncserver@:1
-```
-you will start a Tigervnc server for user `test` with a GNOME session.
-
-### Note:
-If you were previously using Tigervnc and you were used to start it using
-*systemd* then you will need to remove previous *systemd* configuration files,
-those you most likely copied to `/etc/systemd/system/vncserver@.service`,
-otherwise this service file will be preferred over the new one installed with
-latest Tigervnc.
-
-# Limitations
-You will not be able to start a Tigervnc server for a user who is already
-logged into a graphical session. Avoid running the server as the `root` user as
-it's not a safe thing to do. While running the server as the `root` should work
-in general, it's not recommended to do so and there might be some things which
-are not working properly.
diff --git a/SOURCES/tigervnc-argb-runtime-ximage-byteorder-selection.patch b/SOURCES/tigervnc-argb-runtime-ximage-byteorder-selection.patch
deleted file mode 100644
index 24fc077..0000000
--- a/SOURCES/tigervnc-argb-runtime-ximage-byteorder-selection.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7ab92639848a6059e2b6b88499b008b9606f3af6 Mon Sep 17 00:00:00 2001
-From: johnmartin-oracle <55413843+johnmartin-oracle@users.noreply.github.com>
-Date: Thu, 27 Aug 2020 22:30:23 -0400
-Subject: [PATCH] Update Surface_X11.cxx
-
-Runtime sellection of ARGB XImage byte order
----
- vncviewer/Surface_X11.cxx | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/vncviewer/Surface_X11.cxx b/vncviewer/Surface_X11.cxx
-index 6562634dc..8944c3f71 100644
---- a/vncviewer/Surface_X11.cxx
-+++ b/vncviewer/Surface_X11.cxx
-@@ -123,17 +123,17 @@ void Surface::alloc()
- // we find such a format
- templ.type = PictTypeDirect;
- templ.depth = 32;
--#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-- templ.direct.alpha = 0;
-- templ.direct.red = 8;
-- templ.direct.green = 16;
-- templ.direct.blue = 24;
--#else
-- templ.direct.alpha = 24;
-- templ.direct.red = 16;
-- templ.direct.green = 8;
-- templ.direct.blue = 0;
--#endif
-+ if (XImageByteOrder(fl_display) == MSBFirst) {
-+ templ.direct.alpha = 0;
-+ templ.direct.red = 8;
-+ templ.direct.green = 16;
-+ templ.direct.blue = 24;
-+ } else {
-+ templ.direct.alpha = 24;
-+ templ.direct.red = 16;
-+ templ.direct.green = 8;
-+ templ.direct.blue = 0;
-+ }
- templ.direct.alphaMask = 0xff;
- templ.direct.redMask = 0xff;
- templ.direct.greenMask = 0xff;
diff --git a/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch b/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch
deleted file mode 100644
index af5e7f2..0000000
--- a/SOURCES/tigervnc-correctly-start-vncsession-as-daemon.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
-index 2b47f5f5..f78c096f 100644
---- a/unix/vncserver/vncsession.c
-+++ b/unix/vncserver/vncsession.c
-@@ -99,7 +99,7 @@ begin_daemon(void)
- return -1;
- }
-
-- if (pid == 0)
-+ if (pid != 0)
- _exit(0);
-
- /* Send all stdio to /dev/null */
diff --git a/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch b/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch
new file mode 100644
index 0000000..9076432
--- /dev/null
+++ b/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch
@@ -0,0 +1,34 @@
+From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Thu, 23 Dec 2021 15:58:00 +0100
+Subject: [PATCH] Fix typo in mirror monitor detection
+
+Bug introduced in fb561eb but still somehow passed manual testing.
+Resulted in some stray reads off the end of the stack, which were
+hopefully harmless.
+---
+ vncviewer/MonitorIndicesParameter.cxx | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx
+index 5130831cb..4ac74dd1a 100644
+--- a/vncviewer/MonitorIndicesParameter.cxx
++++ b/vncviewer/MonitorIndicesParameter.cxx
+@@ -211,13 +211,13 @@ std::vector<MonitorIndicesParameter::Monitor> MonitorIndicesParameter::fetchMoni
+ // Only keep a single entry for mirrored screens
+ match = false;
+ for (int j = 0; j < ((int) monitors.size()); j++) {
+- if (monitors[i].x != monitor.x)
++ if (monitors[j].x != monitor.x)
+ continue;
+- if (monitors[i].y != monitor.y)
++ if (monitors[j].y != monitor.y)
+ continue;
+- if (monitors[i].w != monitor.w)
++ if (monitors[j].w != monitor.w)
+ continue;
+- if (monitors[i].h != monitor.h)
++ if (monitors[j].h != monitor.h)
+ continue;
+
+ match = true;
diff --git a/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch b/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch
deleted file mode 100644
index e95b145..0000000
--- a/SOURCES/tigervnc-let-user-know-about-not-using-view-only-password.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From dbf76d2ee8da157c2c2970c937bcc0ed9ef08a6f Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich@redhat.com>
-Date: Tue, 25 May 2021 14:14:33 +0200
-Subject: [PATCH] Let user know that a view-only password is not used
-
----
- unix/vncpasswd/vncpasswd.cxx | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
-index 3055223ef..8f3649fe9 100644
---- a/unix/vncpasswd/vncpasswd.cxx
-+++ b/unix/vncpasswd/vncpasswd.cxx
-@@ -160,6 +160,8 @@ int main(int argc, char** argv)
- char yesno[3];
- if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) {
- obfuscatedReadOnly = readpassword();
-+ } else {
-+ fprintf(stderr, "A view-only password is not used\n");
- }
-
- FILE* fp = fopen(fname,"w");
diff --git a/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch b/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch
deleted file mode 100644
index 06a8d0f..0000000
--- a/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 5d834359bef6727df82cf4f2c2f3f255145f7785 Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich@redhat.com>
-Date: Tue, 25 May 2021 14:18:48 +0200
-Subject: [PATCH] CharArray: pre-fill empty array with zeroes
-
-CharArray should always be null-terminated. There is a potential
-scenario where this all might lead to crash. In Password we call
-memset(), passing length of the array we get with strlen(), but
-this won't return correct value when the array is not properly
-null-terminated.
----
- common/rfb/util.h | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/common/rfb/util.h b/common/rfb/util.h
-index 3100f90fd..71caac426 100644
---- a/common/rfb/util.h
-+++ b/common/rfb/util.h
-@@ -52,14 +52,17 @@ namespace rfb {
- CharArray(char* str) : buf(str) {} // note: assumes ownership
- CharArray(size_t len) {
- buf = new char[len]();
-+ memset(buf, 0, len);
- }
- ~CharArray() {
-- delete [] buf;
-+ if (buf) {
-+ delete [] buf;
-+ }
- }
- void format(const char *fmt, ...) __printf_attr(2, 3);
- // Get the buffer pointer & clear it (i.e. caller takes ownership)
- char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
-- void replaceBuf(char* b) {delete [] buf; buf = b;}
-+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
- char* buf;
- private:
- CharArray(const CharArray&);
diff --git a/SOURCES/tigervnc-root-user-selinux-context.patch b/SOURCES/tigervnc-root-user-selinux-context.patch
index e396b99..67f035f 100644
--- a/SOURCES/tigervnc-root-user-selinux-context.patch
+++ b/SOURCES/tigervnc-root-user-selinux-context.patch
@@ -11,16 +11,15 @@ as HOME_ROOT actually means base for home dirs (usually /home).
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
-index ae768ba..5c03e46 100644
+index 6aaf4b1f4..bc81f8f25 100644
--- a/unix/vncserver/selinux/vncsession.fc
+++ b/unix/vncserver/selinux/vncsession.fc
@@ -18,7 +18,7 @@
#
- HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
--HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
-+/root/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
+ HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
+-HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
++/root/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
/usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
/usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
-
diff --git a/SOURCES/tigervnc-selinux-missing-compression-and-correct-location.patch b/SOURCES/tigervnc-selinux-missing-compression-and-correct-location.patch
deleted file mode 100644
index 9507228..0000000
--- a/SOURCES/tigervnc-selinux-missing-compression-and-correct-location.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 6125695b80f6a43002f454786115b0a6c1730831 Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich@redhat.com>
-Date: Mon, 17 May 2021 13:44:32 +0200
-Subject: [PATCH 1/2] SELinux: Add missing compression and install policy to
- correct directory
-
----
- unix/vncserver/selinux/Makefile | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/unix/vncserver/selinux/Makefile b/unix/vncserver/selinux/Makefile
-index 7497bf846..b23f20f60 100644
---- a/unix/vncserver/selinux/Makefile
-+++ b/unix/vncserver/selinux/Makefile
-@@ -10,15 +10,18 @@
- PREFIX=/usr
- DATADIR=$(PREFIX)/share
-
--all: vncsession.pp
-+all: vncsession.pp.bz2
-+
-+%.pp.bz2: %.pp
-+ bzip2 -9 $^
-
- %.pp: %.te
- make -f $(DATADIR)/selinux/devel/Makefile $@
-
- clean:
-- rm -f *.pp
-+ rm -f *.pp *.pp.bz2
- rm -rf tmp
-
--install: vncsession.pp
-- mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages
-- install vncsession.pp $(DESTDIR)$(DATADIR)/selinux/packages/vncsession.pp
-+install: vncsession.pp.bz2
-+ mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages/targeted/
-+ install vncsession.pp.bz2 $(DESTDIR)$(DATADIR)/selinux/packages/targeted/vncsession.pp.bz2
diff --git a/SOURCES/tigervnc-selinux-policy-improvements.patch b/SOURCES/tigervnc-selinux-policy-improvements.patch
deleted file mode 100644
index c797b18..0000000
--- a/SOURCES/tigervnc-selinux-policy-improvements.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From 386542e6d50eeaa68aa91f821c0725ddd0ab9b2a Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Tue, 18 May 2021 12:23:15 +0200
-Subject: [PATCH] selinux: Fix issues reported by SELint
-
-Style guide [1] issues only. No impact on policy functionality.
-
-[1] - https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
----
- unix/vncserver/selinux/vncsession.te | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
-index a773fed39..63ad8a85f 100644
---- a/unix/vncserver/selinux/vncsession.te
-+++ b/unix/vncserver/selinux/vncsession.te
-@@ -17,7 +17,7 @@
- # USA.
- #
-
--policy_module(vncsession, 1.0.0);
-+policy_module(vncsession, 1.0.0)
-
- gen_require(`
- attribute userdomain;
-@@ -42,8 +42,8 @@ can_exec(vnc_session_t, vnc_session_exec_t)
- userdom_spec_domtrans_all_users(vnc_session_t)
- userdom_signal_all_users(vnc_session_t)
-
--allow vnc_session_t self:capability { kill chown dac_override dac_read_search fowner setgid setuid sys_resource };
--allow vnc_session_t self:process { getcap setsched setexec setrlimit };
-+allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };
-+allow vnc_session_t self:process { getcap setexec setrlimit setsched };
- allow vnc_session_t self:fifo_file rw_fifo_file_perms;
-
- manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
-@@ -65,4 +65,3 @@ logging_append_all_logs(vnc_session_t)
-
- mcs_process_set_categories(vnc_session_t)
- mcs_killall(vnc_session_t)
--
-From 23cf514ac265a02dc666e8651dcc579022f0da77 Mon Sep 17 00:00:00 2001
-From: Zdenek Pytela <zpytela@redhat.com>
-Date: Tue, 18 May 2021 13:31:53 +0200
-Subject: [PATCH] selinux: further style and comprehensibility improvements
-
-Sections and rules blocks reordered according to the Style guide.
-
-https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
----
- unix/vncserver/selinux/vncsession.te | 59 +++++++++++++++++-----------
- 1 file changed, 36 insertions(+), 23 deletions(-)
-
-diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
-index 63ad8a85f..86fd6e5ef 100644
---- a/unix/vncserver/selinux/vncsession.te
-+++ b/unix/vncserver/selinux/vncsession.te
-@@ -20,48 +20,61 @@
- policy_module(vncsession, 1.0.0)
-
- gen_require(`
-- attribute userdomain;
-- type xdm_home_t;
-+ attribute userdomain;
-+ type xdm_home_t;
- ')
-
--type vnc_session_exec_t;
--corecmd_executable_file(vnc_session_exec_t)
- type vnc_session_t;
-+type vnc_session_exec_t;
- init_daemon_domain(vnc_session_t, vnc_session_exec_t)
--auth_login_pgm_domain(vnc_session_t)
-+can_exec(vnc_session_t, vnc_session_exec_t)
-
- type vnc_session_var_run_t;
- files_pid_file(vnc_session_var_run_t)
--allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
--files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
--
--auth_write_login_records(vnc_session_t)
--
--can_exec(vnc_session_t, vnc_session_exec_t)
--
--userdom_spec_domtrans_all_users(vnc_session_t)
--userdom_signal_all_users(vnc_session_t)
-
- allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };
- allow vnc_session_t self:process { getcap setexec setrlimit setsched };
- allow vnc_session_t self:fifo_file rw_fifo_file_perms;
-
-+allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
-+files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
-+
- manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
- manage_fifo_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
- manage_sock_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
- manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
--userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
--userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
--
--# This also affects other tools, e.g. vncpasswd
--userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
--userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
--
--miscfiles_read_localization(vnc_session_t)
-
- kernel_read_kernel_sysctls(vnc_session_t)
-
--logging_append_all_logs(vnc_session_t)
-+corecmd_executable_file(vnc_session_exec_t)
-
- mcs_process_set_categories(vnc_session_t)
- mcs_killall(vnc_session_t)
-+
-+optional_policy(`
-+ auth_login_pgm_domain(vnc_session_t)
-+ auth_write_login_records(vnc_session_t)
-+')
-+
-+optional_policy(`
-+ logging_append_all_logs(vnc_session_t)
-+')
-+
-+optional_policy(`
-+ miscfiles_read_localization(vnc_session_t)
-+')
-+
-+optional_policy(`
-+ userdom_spec_domtrans_all_users(vnc_session_t)
-+ userdom_signal_all_users(vnc_session_t)
-+
-+ userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
-+ userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
-+
-+ # This also affects other tools, e.g. vncpasswd
-+ gen_require(`
-+ attribute userdomain;
-+ ')
-+ userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
-+ userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
-+')
-From 3c8622691abfb377b48bf3749dd629c5a7120cf4 Mon Sep 17 00:00:00 2001
-From: Zdenek Pytela <zpytela@redhat.com>
-Date: Tue, 18 May 2021 13:39:11 +0200
-Subject: [PATCH] Allow vnc_session_t manage nfs dirs and files conditionally
-
-The permissions set to manage directories and files with the nfs_t type
-is allowed when the use_nfs_home_dirs boolean is turned on.
-
-Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
----
- unix/vncserver/selinux/vncsession.te | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
-index 86fd6e5ef..46e699117 100644
---- a/unix/vncserver/selinux/vncsession.te
-+++ b/unix/vncserver/selinux/vncsession.te
-@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t)
- mcs_process_set_categories(vnc_session_t)
- mcs_killall(vnc_session_t)
-
-+tunable_policy(`use_nfs_home_dirs',`
-+ fs_manage_nfs_dirs(vnc_session_t)
-+ fs_manage_nfs_files(vnc_session_t)
-+')
-+
- optional_policy(`
- auth_login_pgm_domain(vnc_session_t)
- auth_write_login_records(vnc_session_t)
-diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
-index 46e69911..f1108ec8 100644
---- a/unix/vncserver/selinux/vncsession.te
-+++ b/unix/vncserver/selinux/vncsession.te
-@@ -20,7 +20,6 @@
- policy_module(vncsession, 1.0.0)
-
- gen_require(`
-- attribute userdomain;
- type xdm_home_t;
- ')
-
diff --git a/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch b/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
index f362522..48b3a2e 100644
--- a/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
+++ b/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
@@ -11,10 +11,10 @@ Subject: [PATCH] SELinux: restore SELinux context in case of different
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 7bf9944..85be468 100644
+index 50247c7da..1708eb3d8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -276,6 +276,19 @@ if(UNIX AND NOT APPLE)
+@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE)
endif()
endif()
@@ -35,7 +35,7 @@ index 7bf9944..85be468 100644
configure_file(config.h.in config.h)
add_definitions(-DHAVE_CONFIG_H)
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
-index eeb4b7b..bce1c3e 100644
+index f65ccc7db..ae69dc098 100644
--- a/unix/vncserver/CMakeLists.txt
+++ b/unix/vncserver/CMakeLists.txt
@@ -1,5 +1,5 @@
@@ -46,7 +46,7 @@ index eeb4b7b..bce1c3e 100644
configure_file(vncserver@.service.in vncserver@.service @ONLY)
configure_file(vncsession-start.in vncsession-start @ONLY)
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
-index f78c096..141f689 100644
+index 3573e5e9b..f6d2fd59e 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -37,6 +37,11 @@
@@ -61,8 +61,8 @@ index f78c096..141f689 100644
extern char **environ;
// PAM service name
-@@ -359,6 +364,17 @@ redir_stdio(const char *homedir, const char *display)
- perror("mkdir");
+@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display)
+ syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
_exit(EX_OSERR);
}
+
@@ -78,4 +78,4 @@ index f78c096..141f689 100644
+#endif
}
- if (gethostname(hostname, sizeof(hostname)) == -1) {
+ hostlen = sysconf(_SC_HOST_NAME_MAX);
diff --git a/SOURCES/tigervnc-systemd-service.patch b/SOURCES/tigervnc-systemd-service.patch
deleted file mode 100644
index 846a34b..0000000
--- a/SOURCES/tigervnc-systemd-service.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 40f104ffe1e36df9613f8d316f616fb2b089cc86 Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich@redhat.com>
-Date: Tue, 29 Sep 2020 13:37:16 +0200
-Subject: [PATCH] Use /run instead of /var/run which is just a symlink
-
----
- unix/vncserver/selinux/vncsession.fc | 2 +-
- unix/vncserver/vncserver@.service.in | 2 +-
- unix/vncserver/vncsession.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
-index 121cdd237..ae768baa4 100644
---- a/unix/vncserver/selinux/vncsession.fc
-+++ b/unix/vncserver/selinux/vncsession.fc
-@@ -23,4 +23,4 @@ HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
- /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
- /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
-
--/var/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0)
-+/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0)
-diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
-index 584ecf4b1..5624dff76 100644
---- a/unix/vncserver/vncserver@.service.in
-+++ b/unix/vncserver/vncserver@.service.in
-@@ -36,7 +36,7 @@ After=syslog.target network.target
- [Service]
- Type=forking
- ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i
--PIDFile=/var/run/vncsession-%i.pid
-+PIDFile=/run/vncsession-%i.pid
- SELinuxContext=system_u:system_r:vnc_session_t:s0
-
- [Install]
-diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
-index 3e0c98f0f..2b47f5f55 100644
---- a/unix/vncserver/vncsession.c
-+++ b/unix/vncserver/vncsession.c
-@@ -543,7 +543,7 @@ main(int argc, char **argv)
- }
-
- snprintf(pid_file, sizeof(pid_file),
-- "/var/run/vncsession-%s.pid", display);
-+ "/run/vncsession-%s.pid", display);
- f = fopen(pid_file, "w");
- if (f == NULL) {
- syslog(LOG_ERR, "Failure creating pid file \"%s\": %s",
diff --git a/SOURCES/tigervnc-tolerate-specifying-boolparam.patch b/SOURCES/tigervnc-tolerate-specifying-boolparam.patch
deleted file mode 100644
index 70ddef3..0000000
--- a/SOURCES/tigervnc-tolerate-specifying-boolparam.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From 38c6848b30cb1908171f2b4628e345fbf6727b39 Mon Sep 17 00:00:00 2001
-From: Pierre Ossman <ossman@cendio.se>
-Date: Fri, 18 Sep 2020 10:44:32 +0200
-Subject: [PATCH] Tolerate specifying -BoolParam 0 and similar
-
-This is needed by vncserver which doesn't know which parameters are
-boolean, and it cannot use the -Param=Value form as that isn't tolerated
-by the Xorg code.
----
- unix/vncserver/vncserver.in | 8 ++++----
- unix/xserver/hw/vnc/RFBGlue.cc | 16 ++++++++++++++++
- unix/xserver/hw/vnc/RFBGlue.h | 1 +
- unix/xserver/hw/vnc/xvnc.c | 14 ++++++++++++++
- vncviewer/vncviewer.cxx | 20 ++++++++++++++++++++
- 5 files changed, 55 insertions(+), 4 deletions(-)
-
-diff --git a/unix/vncserver/vncserver.in b/unix/vncserver/vncserver.in
-index 25fbbd315..261b258f1 100755
---- a/unix/vncserver/vncserver.in
-+++ b/unix/vncserver/vncserver.in
-@@ -107,7 +107,7 @@ $default_opts{rfbwait} = 30000;
- $default_opts{rfbauth} = "$vncUserDir/passwd";
- $default_opts{rfbport} = $vncPort;
- $default_opts{fp} = $fontPath if ($fontPath);
--$default_opts{pn} = "";
-+$default_opts{pn} = undef;
-
- # Load user-overrideable system defaults
- LoadConfig($vncSystemConfigDefaultsFile);
-@@ -242,13 +242,13 @@ push(@cmd, "@CMAKE_INSTALL_FULL_BINDIR@/Xvnc", ":$displayNumber");
-
- foreach my $k (sort keys %config) {
- push(@cmd, "-$k");
-- push(@cmd, $config{$k}) if $config{$k};
-+ push(@cmd, $config{$k}) if defined($config{$k});
- delete $default_opts{$k}; # file options take precedence
- }
-
- foreach my $k (sort keys %default_opts) {
- push(@cmd, "-$k");
-- push(@cmd, $default_opts{$k}) if $default_opts{$k};
-+ push(@cmd, $default_opts{$k}) if defined($default_opts{$k});
- }
-
- warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n";
-@@ -291,7 +291,7 @@ sub LoadConfig {
- # current config file being loaded defined the logical opposite setting
- # (NeverShared vs. AlwaysShared, etc etc).
- $toggle = lc($1); # must normalize key case
-- $config{$toggle} = $k;
-+ $config{$toggle} = undef;
- }
- }
- close(IN);
-diff --git a/unix/xserver/hw/vnc/RFBGlue.cc b/unix/xserver/hw/vnc/RFBGlue.cc
-index f108fae43..7c32bea8f 100644
---- a/unix/xserver/hw/vnc/RFBGlue.cc
-+++ b/unix/xserver/hw/vnc/RFBGlue.cc
-@@ -143,6 +143,22 @@ const char* vncGetParamDesc(const char *name)
- return param->getDescription();
- }
-
-+int vncIsParamBool(const char *name)
-+{
-+ VoidParameter *param;
-+ BoolParameter *bparam;
-+
-+ param = rfb::Configuration::getParam(name);
-+ if (param == NULL)
-+ return false;
-+
-+ bparam = dynamic_cast<BoolParameter*>(param);
-+ if (bparam == NULL)
-+ return false;
-+
-+ return true;
-+}
-+
- int vncGetParamCount(void)
- {
- int count;
-diff --git a/unix/xserver/hw/vnc/RFBGlue.h b/unix/xserver/hw/vnc/RFBGlue.h
-index 112405b84..695cea105 100644
---- a/unix/xserver/hw/vnc/RFBGlue.h
-+++ b/unix/xserver/hw/vnc/RFBGlue.h
-@@ -41,6 +41,7 @@ int vncSetParam(const char *name, const char *value);
- int vncSetParamSimple(const char *nameAndValue);
- char* vncGetParam(const char *name);
- const char* vncGetParamDesc(const char *name);
-+int vncIsParamBool(const char *name);
-
- int vncGetParamCount(void);
- char *vncGetParamList(void);
-diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
-index 4eb0b0b13..5744acac8 100644
---- a/unix/xserver/hw/vnc/xvnc.c
-+++ b/unix/xserver/hw/vnc/xvnc.c
-@@ -618,6 +618,20 @@ ddxProcessArgument(int argc, char *argv[], int i)
- exit(0);
- }
-
-+ /* We need to resolve an ambiguity for booleans */
-+ if (argv[i][0] == '-' && i+1 < argc &&
-+ vncIsParamBool(&argv[i][1])) {
-+ if ((strcasecmp(argv[i+1], "0") == 0) ||
-+ (strcasecmp(argv[i+1], "1") == 0) ||
-+ (strcasecmp(argv[i+1], "true") == 0) ||
-+ (strcasecmp(argv[i+1], "false") == 0) ||
-+ (strcasecmp(argv[i+1], "yes") == 0) ||
-+ (strcasecmp(argv[i+1], "no") == 0)) {
-+ vncSetParam(&argv[i][1], argv[i+1]);
-+ return 2;
-+ }
-+ }
-+
- if (vncSetParamSimple(argv[i]))
- return 1;
-
-diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
-index d4dd3063c..77ba3d3f4 100644
---- a/vncviewer/vncviewer.cxx
-+++ b/vncviewer/vncviewer.cxx
-@@ -556,6 +556,26 @@ int main(int argc, char** argv)
- }
-
- for (int i = 1; i < argc;) {
-+ /* We need to resolve an ambiguity for booleans */
-+ if (argv[i][0] == '-' && i+1 < argc) {
-+ VoidParameter *param;
-+
-+ param = Configuration::getParam(&argv[i][1]);
-+ if ((param != NULL) &&
-+ (dynamic_cast<BoolParameter*>(param) != NULL)) {
-+ if ((strcasecmp(argv[i+1], "0") == 0) ||
-+ (strcasecmp(argv[i+1], "1") == 0) ||
-+ (strcasecmp(argv[i+1], "true") == 0) ||
-+ (strcasecmp(argv[i+1], "false") == 0) ||
-+ (strcasecmp(argv[i+1], "yes") == 0) ||
-+ (strcasecmp(argv[i+1], "no") == 0)) {
-+ param->setParam(argv[i+1]);
-+ i += 2;
-+ continue;
-+ }
-+ }
-+ }
-+
- if (Configuration::setParam(argv[i])) {
- i++;
- continue;
diff --git a/SOURCES/tigervnc-utilize-system-crypto-policies.patch b/SOURCES/tigervnc-utilize-system-crypto-policies.patch
deleted file mode 100644
index 9abf50f..0000000
--- a/SOURCES/tigervnc-utilize-system-crypto-policies.patch
+++ /dev/null
@@ -1,198 +0,0 @@
-diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
-index 9900837..59d2086 100644
---- a/common/rfb/CSecurityTLS.cxx
-+++ b/common/rfb/CSecurityTLS.cxx
-@@ -210,26 +210,66 @@ void CSecurityTLS::setParam()
- static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
-
- int ret;
-- char *prio;
-- const char *err;
-
-- prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
-- strlen(kx_anon_priority) + 1);
-- if (prio == NULL)
-- throw AuthFailureException("Not enough memory for GnuTLS priority string");
-+ // Custom priority string specified?
-+ if (strcmp(Security::GnuTLSPriority, "") != 0) {
-+ char *prio;
-+ const char *err;
-
-- strcpy(prio, Security::GnuTLSPriority);
-- if (anon)
-+ prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
-+ strlen(kx_anon_priority) + 1);
-+ if (prio == NULL)
-+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
-+
-+ strcpy(prio, Security::GnuTLSPriority);
-+ if (anon)
-+ strcat(prio, kx_anon_priority);
-+
-+ ret = gnutls_priority_set_direct(session, prio, &err);
-+
-+ free(prio);
-+
-+ if (ret != GNUTLS_E_SUCCESS) {
-+ if (ret == GNUTLS_E_INVALID_REQUEST)
-+ vlog.error("GnuTLS priority syntax error at: %s", err);
-+ throw AuthFailureException("gnutls_set_priority_direct failed");
-+ }
-+ } else if (anon) {
-+ const char *err;
-+
-+#if GNUTLS_VERSION_NUMBER >= 0x030603
-+ // gnutls_set_default_priority_appends() expects a normal priority string that
-+ // doesn't start with ":".
-+ ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
-+ if (ret != GNUTLS_E_SUCCESS) {
-+ if (ret == GNUTLS_E_INVALID_REQUEST)
-+ vlog.error("GnuTLS priority syntax error at: %s", err);
-+ throw AuthFailureException("gnutls_set_default_priority_append failed");
-+ }
-+#else
-+ // We don't know what the system default priority is, so we guess
-+ // it's what upstream GnuTLS has
-+ static const char gnutls_default_priority[] = "NORMAL";
-+ char *prio;
-+
-+ prio = (char*)malloc(strlen(gnutls_default_priority) +
-+ strlen(kx_anon_priority) + 1);
-+ if (prio == NULL)
-+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
-+
-+ strcpy(prio, gnutls_default_priority);
- strcat(prio, kx_anon_priority);
-
-- ret = gnutls_priority_set_direct(session, prio, &err);
-+ ret = gnutls_priority_set_direct(session, prio, &err);
-
-- free(prio);
-+ free(prio);
-
-- if (ret != GNUTLS_E_SUCCESS) {
-- if (ret == GNUTLS_E_INVALID_REQUEST)
-- vlog.error("GnuTLS priority syntax error at: %s", err);
-- throw AuthFailureException("gnutls_set_priority_direct failed");
-+ if (ret != GNUTLS_E_SUCCESS) {
-+ if (ret == GNUTLS_E_INVALID_REQUEST)
-+ vlog.error("GnuTLS priority syntax error at: %s", err);
-+ throw AuthFailureException("gnutls_set_priority_direct failed");
-+ }
-+#endif
- }
-
- if (anon) {
-diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
-index ef5d8c9..f32f87f 100644
---- a/common/rfb/SSecurityTLS.cxx
-+++ b/common/rfb/SSecurityTLS.cxx
-@@ -198,26 +198,66 @@ void SSecurityTLS::setParams(gnutls_session_t session)
- static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
-
- int ret;
-- char *prio;
-- const char *err;
-
-- prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
-- strlen(kx_anon_priority) + 1);
-- if (prio == NULL)
-- throw AuthFailureException("Not enough memory for GnuTLS priority string");
-+ // Custom priority string specified?
-+ if (strcmp(Security::GnuTLSPriority, "") != 0) {
-+ char *prio;
-+ const char *err;
-
-- strcpy(prio, Security::GnuTLSPriority);
-- if (anon)
-+ prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
-+ strlen(kx_anon_priority) + 1);
-+ if (prio == NULL)
-+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
-+
-+ strcpy(prio, Security::GnuTLSPriority);
-+ if (anon)
-+ strcat(prio, kx_anon_priority);
-+
-+ ret = gnutls_priority_set_direct(session, prio, &err);
-+
-+ free(prio);
-+
-+ if (ret != GNUTLS_E_SUCCESS) {
-+ if (ret == GNUTLS_E_INVALID_REQUEST)
-+ vlog.error("GnuTLS priority syntax error at: %s", err);
-+ throw AuthFailureException("gnutls_set_priority_direct failed");
-+ }
-+ } else if (anon) {
-+ const char *err;
-+
-+#if GNUTLS_VERSION_NUMBER >= 0x030603
-+ // gnutls_set_default_priority_appends() expects a normal priority string that
-+ // doesn't start with ":".
-+ ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
-+ if (ret != GNUTLS_E_SUCCESS) {
-+ if (ret == GNUTLS_E_INVALID_REQUEST)
-+ vlog.error("GnuTLS priority syntax error at: %s", err);
-+ throw AuthFailureException("gnutls_set_default_priority_append failed");
-+ }
-+#else
-+ // We don't know what the system default priority is, so we guess
-+ // it's what upstream GnuTLS has
-+ static const char gnutls_default_priority[] = "NORMAL";
-+ char *prio;
-+
-+ prio = (char*)malloc(strlen(gnutls_default_priority) +
-+ strlen(kx_anon_priority) + 1);
-+ if (prio == NULL)
-+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
-+
-+ strcpy(prio, gnutls_default_priority);
- strcat(prio, kx_anon_priority);
-
-- ret = gnutls_priority_set_direct(session, prio, &err);
-+ ret = gnutls_priority_set_direct(session, prio, &err);
-
-- free(prio);
-+ free(prio);
-
-- if (ret != GNUTLS_E_SUCCESS) {
-- if (ret == GNUTLS_E_INVALID_REQUEST)
-- vlog.error("GnuTLS priority syntax error at: %s", err);
-- throw AuthFailureException("gnutls_set_priority_direct failed");
-+ if (ret != GNUTLS_E_SUCCESS) {
-+ if (ret == GNUTLS_E_INVALID_REQUEST)
-+ vlog.error("GnuTLS priority syntax error at: %s", err);
-+ throw AuthFailureException("gnutls_set_priority_direct failed");
-+ }
-+#endif
- }
-
- #if defined (SSECURITYTLS__USE_DEPRECATED_DH)
-diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
-index 0666041..59deb78 100644
---- a/common/rfb/Security.cxx
-+++ b/common/rfb/Security.cxx
-@@ -52,7 +52,7 @@ static LogWriter vlog("Security");
- #ifdef HAVE_GNUTLS
- StringParameter Security::GnuTLSPriority("GnuTLSPriority",
- "GnuTLS priority string that controls the TLS session’s handshake algorithms",
-- "NORMAL");
-+ "");
- #endif
-
- Security::Security()
-diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
-index 83621c0..4a0d20c 100644
---- a/unix/xserver/hw/vnc/Xvnc.man
-+++ b/unix/xserver/hw/vnc/Xvnc.man
-@@ -226,7 +226,9 @@ also be in PEM format.
- .TP
- .B \-GnuTLSPriority \fIpriority\fP
- GnuTLS priority string that controls the TLS session’s handshake algorithms.
--See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
-+See the GnuTLS manual for possible values. For GnuTLS < 3.6.3 the default
-+value will be \fBNORMAL\fP to use upstream default. For newer versions
-+of GnuTLS system-wide crypto policy will be used.
- .
- .TP
- .B \-UseBlacklist
diff --git a/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch b/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch
index e503576..cea1824 100644
--- a/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch
+++ b/SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch
@@ -8,29 +8,29 @@ for systemd service file in order to properly start the session
in case the policy is updated (e.g. after Tigervnc update).
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
-index bce1c3e..44c4e2a 100644
+index ae69dc09..04eb6fc4 100644
--- a/unix/vncserver/CMakeLists.txt
+++ b/unix/vncserver/CMakeLists.txt
@@ -2,6 +2,7 @@ add_executable(vncsession vncsession.c)
target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
-
+
configure_file(vncserver@.service.in vncserver@.service @ONLY)
+configure_file(vncsession-restore.in vncsession-restore @ONLY)
configure_file(vncsession-start.in vncsession-start @ONLY)
configure_file(vncserver.in vncserver @ONLY)
-
-@@ -17,4 +18,5 @@ install(FILES vncserver.users DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/tiger
+ configure_file(vncsession.man.in vncsession.man @ONLY)
+@@ -20,4 +21,5 @@ install(FILES HOWTO.md DESTINATION ${CMAKE_INSTALL_FULL_DOCDIR})
if(INSTALL_SYSTEMD_UNITS)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncserver@.service DESTINATION ${CMAKE_INSTALL_FULL_UNITDIR})
install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-start DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
+ install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-restore DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
endif()
diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
-index 5624dff..be62c85 100644
+index 39f81b73..a83e05a3 100644
--- a/unix/vncserver/vncserver@.service.in
+++ b/unix/vncserver/vncserver@.service.in
@@ -35,6 +35,7 @@ After=syslog.target network.target
-
+
[Service]
Type=forking
+ExecStartPre=+@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-restore %i
diff --git a/SOURCES/tigervnc-working-tls-on-fips-systems.patch b/SOURCES/tigervnc-working-tls-on-fips-systems.patch
deleted file mode 100644
index 5337ac6..0000000
--- a/SOURCES/tigervnc-working-tls-on-fips-systems.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
-index d5ef47e..ef5d8c9 100644
---- a/common/rfb/SSecurityTLS.cxx
-+++ b/common/rfb/SSecurityTLS.cxx
-@@ -37,7 +37,23 @@
- #include <rdr/TLSOutStream.h>
- #include <gnutls/x509.h>
-
--#define DH_BITS 1024 /* XXX This should be configurable! */
-+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
-+/* FFDHE (RFC-7919) 2048-bit parameters, PEM-encoded */
-+static unsigned char ffdhe2048[] =
-+ "-----BEGIN DH PARAMETERS-----\n"
-+ "MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
-+ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
-+ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
-+ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
-+ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
-+ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICAOE=\n"
-+ "-----END DH PARAMETERS-----\n";
-+
-+static const gnutls_datum_t ffdhe_pkcs3_param = {
-+ ffdhe2048,
-+ sizeof(ffdhe2048)
-+};
-+#endif
-
- using namespace rfb;
-
-@@ -50,10 +66,14 @@ StringParameter SSecurityTLS::X509_KeyFile
- static LogWriter vlog("TLS");
-
- SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
-- : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL),
-+ : SSecurity(sc), session(NULL), anon_cred(NULL),
- cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL),
- rawis(NULL), rawos(NULL)
- {
-+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
-+ dh_params = NULL;
-+#endif
-+
- certfile = X509_CertFile.getData();
- keyfile = X509_KeyFile.getData();
-
-@@ -70,10 +90,12 @@ void SSecurityTLS::shutdown()
- }
- }
-
-+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
- if (dh_params) {
- gnutls_dh_params_deinit(dh_params);
- dh_params = 0;
- }
-+#endif
-
- if (anon_cred) {
- gnutls_anon_free_server_credentials(anon_cred);
-@@ -198,17 +220,21 @@ void SSecurityTLS::setParams(gnutls_session_t session)
- throw AuthFailureException("gnutls_set_priority_direct failed");
- }
-
-+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
- if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_dh_params_init failed");
-
-- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
-- throw AuthFailureException("gnutls_dh_params_generate2 failed");
-+ if (gnutls_dh_params_import_pkcs3(dh_params, &ffdhe_pkcs3_param, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
-+ throw AuthFailureException("gnutls_dh_params_import_pkcs3 failed");
-+#endif
-
- if (anon) {
- if (gnutls_anon_allocate_server_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_anon_allocate_server_credentials failed");
-
-+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
- gnutls_anon_set_server_dh_params(anon_cred, dh_params);
-+#endif
-
- if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred)
- != GNUTLS_E_SUCCESS)
-@@ -220,7 +246,9 @@ void SSecurityTLS::setParams(gnutls_session_t session)
- if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
-
-+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
- gnutls_certificate_set_dh_params(cert_cred, dh_params);
-+#endif
-
- switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) {
- case GNUTLS_E_SUCCESS:
-diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
-index dd89bb4..0cb463d 100644
---- a/common/rfb/SSecurityTLS.h
-+++ b/common/rfb/SSecurityTLS.h
-@@ -36,6 +36,13 @@
- #include <rdr/OutStream.h>
- #include <gnutls/gnutls.h>
-
-+/* In GnuTLS 3.6.0 DH parameter generation was deprecated. RFC7919 is used instead.
-+ * GnuTLS before 3.6.0 doesn't know about RFC7919 so we will have to import it.
-+ */
-+#if GNUTLS_VERSION_NUMBER < 0x030600
-+#define SSECURITYTLS__USE_DEPRECATED_DH
-+#endif
-+
- namespace rfb {
-
- class SSecurityTLS : public SSecurity {
-@@ -55,7 +62,9 @@ namespace rfb {
-
- private:
- gnutls_session_t session;
-+#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
- gnutls_dh_params_t dh_params;
-+#endif
- gnutls_anon_server_credentials_t anon_cred;
- gnutls_certificate_credentials_t cert_cred;
- char *keyfile, *certfile;
diff --git a/SOURCES/vncserver b/SOURCES/vncserver
index ae7c3a3..3bc8d3a 100644
--- a/SOURCES/vncserver
+++ b/SOURCES/vncserver
@@ -168,7 +168,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
$displayNumber = $1;
shift(@ARGV);
if (!&CheckDisplayNumber($displayNumber)) {
- die "A VNC server is already running as :$displayNumber\n";
+ warn "A VNC server is already running as :$displayNumber\n";
+ $displayNumber = &GetDisplayNumber();
}
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
&Usage();
@@ -194,7 +195,6 @@ $default_opts{auth} = "edString($xauthorityFile);
$default_opts{geometry} = $geometry if ($geometry);
$default_opts{depth} = $depth if ($depth);
$default_opts{pixelformat} = $pixelformat if ($pixelformat);
-$default_opts{rfbwait} = 30000;
$default_opts{rfbauth} = "$vncUserDir/passwd";
$default_opts{rfbport} = $vncPort;
$default_opts{fp} = $fontPath if ($fontPath);
diff --git a/SOURCES/vncserver.man b/SOURCES/vncserver.man
deleted file mode 100644
index 2641ed1..0000000
--- a/SOURCES/vncserver.man
+++ /dev/null
@@ -1,204 +0,0 @@
-.TH vncserver 1 "" "TigerVNC" "Virtual Network Computing"
-.SH NAME
-vncserver \- start or stop a VNC server
-.SH SYNOPSIS
-.B vncserver
-.RI [: display# ]
-.RB [ \-name
-.IR desktop-name ]
-.RB [ \-geometry
-.IR width x height ]
-.RB [ \-depth
-.IR depth ]
-.RB [ \-pixelformat
-.IR format ]
-.RB [ \-fp
-.IR font-path ]
-.RB [ \-fg ]
-.RB [ \-autokill ]
-.RB [ \-noxstartup ]
-.RB [ \-xstartup
-.IR script ]
-.RI [ Xvnc-options... ]
-.br
-.BI "vncserver \-kill :" display#
-.br
-.BI "vncserver \-list"
-.SH DESCRIPTION
-.B vncserver
-is used to start a VNC (Virtual Network Computing) desktop.
-.B vncserver
-is a Perl script which simplifies the process of starting an Xvnc server. It
-runs Xvnc with appropriate options and starts a window manager on the VNC
-desktop.
-
-.B vncserver
-can be run with no options at all. In this case it will choose the first
-available display number (usually :1), start Xvnc with that display number,
-and start the default window manager in the Xvnc session. You can also
-specify the display number, in which case vncserver will attempt to start
-Xvnc with that display number and exit if the display number is not
-available. For example:
-
-.RS
-vncserver :13
-.RE
-
-Editing the file $HOME/.vnc/xstartup allows you to change the applications run
-at startup (but note that this will not affect an existing VNC session.)
-
-.SH OPTIONS
-You can get a list of options by passing \fB\-h\fP as an option to vncserver.
-In addition to the options listed below, any unrecognised options will be
-passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details.
-
-.TP
-.B \-name \fIdesktop-name\fP
-Each VNC desktop has a name which may be displayed by the viewer. The desktop
-name defaults to "\fIhost\fP:\fIdisplay#\fP (\fIusername\fP)", but you can
-change it with this option. The desktop name option is passed to the xstartup
-script via the $VNCDESKTOP environment variable, which allows you to run a
-different set of applications depending on the name of the desktop.
-.
-.TP
-.B \-geometry \fIwidth\fPx\fIheight\fP
-Specify the size of the VNC desktop to be created. Default is 1024x768.
-.
-.TP
-.B \-depth \fIdepth\fP
-Specify the pixel depth (in bits) of the VNC desktop to be created. Default is
-24. Other possible values are 8, 15 and 16 - anything else is likely to cause
-strange behaviour by applications.
-.
-.TP
-.B \-pixelformat \fIformat\fP
-Specify pixel format for Xvnc to use (BGRnnn or RGBnnn). The default for
-depth 8 is BGR233 (meaning the most significant two bits represent blue, the
-next three green, and the least significant three represent red), the default
-for depth 16 is RGB565, and the default for depth 24 is RGB888.
-.
-.TP
-.B \-cc 3
-As an alternative to the default TrueColor visual, this allows you to run an
-Xvnc server with a PseudoColor visual (i.e. one which uses a color map or
-palette), which can be useful for running some old X applications which only
-work on such a display. Values other than 3 (PseudoColor) and 4 (TrueColor)
-for the \-cc option may result in strange behaviour, and PseudoColor desktops
-must have an 8-bit depth.
-.
-.TP
-.B \-kill :\fIdisplay#\fP
-This kills a VNC desktop previously started with vncserver. It does this by
-killing the Xvnc process, whose process ID is stored in the file
-"$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid". The
-.B \-kill
-option ignores anything preceding the first colon (":") in the display
-argument. Thus, you can invoke "vncserver \-kill $DISPLAY", for example at the
-end of your xstartup file after a particular application exits.
-.
-.TP
-.B \-fp \fIfont-path\fP
-If the vncserver script detects that the X Font Server (XFS) is running, it
-will attempt to start Xvnc and configure Xvnc to use XFS for font handling.
-Otherwise, if XFS is not running, the vncserver script will attempt to start
-Xvnc and allow Xvnc to use its own preferred method of font handling (which may
-be a hard-coded font path or, on more recent systems, a font catalog.) In
-any case, if Xvnc fails to start, the vncserver script will then attempt to
-determine an appropriate X font path for this system and start Xvnc using
-that font path.
-
-The
-.B \-fp
-argument allows you to override the above fallback logic and specify a font
-path for Xvnc to use.
-.
-.TP
-.B \-fg
-Runs Xvnc as a foreground process. This has two effects: (1) The VNC server
-can be aborted with CTRL-C, and (2) the VNC server will exit as soon as the
-user logs out of the window manager in the VNC session. This may be necessary
-when launching TigerVNC from within certain grid computing environments.
-.
-.TP
-.B \-autokill
-Automatically kill Xvnc whenever the xstartup script exits. In most cases,
-this has the effect of terminating Xvnc when the user logs out of the window
-manager.
-.
-.TP
-.B \-noxstartup
-Do not run the %HOME/.vnc/xstartup script after launching Xvnc. This
-option allows you to manually start a window manager in your TigerVNC session.
-.
-.TP
-.B \-xstartup \fIscript\fP
-Run a custom startup script, instead of %HOME/.vnc/xstartup, after launching
-Xvnc. This is useful to run full-screen applications.
-.
-.TP
-.B \-list
-Lists all VNC desktops started by vncserver.
-
-.SH FILES
-Several VNC-related files are found in the directory $HOME/.vnc:
-.TP
-$HOME/.vnc/xstartup
-A shell script specifying X applications to be run when a VNC desktop is
-started. If this file does not exist, then vncserver will create a default
-xstartup script which attempts to launch your chosen window manager.
-.TP
-/etc/tigervnc/vncserver-config-defaults
-The optional system-wide equivalent of $HOME/.vnc/config. If this file exists
-and defines options to be passed to Xvnc, they will be used as defaults for
-users. The user's $HOME/.vnc/config overrides settings configured in this file.
-The overall configuration file load order is: this file, $HOME/.vnc/config,
-and then /etc/tigervnc/vncserver-config-mandatory. None are required to exist.
-.TP
-/etc/tigervnc/vncserver-config-mandatory
-The optional system-wide equivalent of $HOME/.vnc/config. If this file exists
-and defines options to be passed to Xvnc, they will override any of the same
-options defined in a user's $HOME/.vnc/config. This file offers a mechanism
-to establish some basic form of system-wide policy. WARNING! There is
-nothing stopping users from constructing their own vncserver-like script
-that calls Xvnc directly to bypass any options defined in
-/etc/tigervnc/vncserver-config-mandatory. Likewise, any CLI arguments passed
-to vncserver will override ANY config file setting of the same name. The
-overall configuration file load order is:
-/etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then this file.
-None are required to exist.
-.TP
-$HOME/.vnc/config
-An optional server config file wherein options to be passed to Xvnc are listed
-to avoid hard-coding them to the physical invocation. List options in this file
-one per line. For those requiring an argument, simply separate the option from
-the argument with an equal sign, for example: "geometry=2000x1200" or
-"securitytypes=vncauth,tlsvnc". Options without an argument are simply listed
-as a single word, for example: "localhost" or "alwaysshared".
-.TP
-$HOME/.vnc/passwd
-The VNC password file.
-.TP
-$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.log
-The log file for Xvnc and applications started in xstartup.
-.TP
-$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid
-Identifies the Xvnc process ID, used by the
-.B \-kill
-option.
-
-.SH SEE ALSO
-.BR vncviewer (1),
-.BR vncpasswd (1),
-.BR vncconfig (1),
-.BR Xvnc (1)
-.br
-https://www.tigervnc.org
-
-.SH AUTHOR
-Tristan Richardson, RealVNC Ltd., D. R. Commander and others.
-
-VNC was originally developed by the RealVNC team while at Olivetti
-Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were
-implemented by Constantin Kaplinsky. Many other people have since
-participated in development, testing and support. This manual is part
-of the TigerVNC software suite.
diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec
index f878f7d..2518cb9 100644
--- a/SPECS/tigervnc.spec
+++ b/SPECS/tigervnc.spec
@@ -4,8 +4,8 @@
%global modulename vncsession
Name: tigervnc
-Version: 1.11.0
-Release: 21%{?dist}
+Version: 1.12.0
+Release: 4%{?dist}
Summary: A TigerVNC remote display system
%global _hardened_build 1
@@ -17,28 +17,18 @@ Source0: %{name}-%{version}.tar.gz
Source1: xvnc.service
Source2: xvnc.socket
Source3: 10-libvnc.conf
-Source4: HOWTO.md
# Backwards compatibility
Source5: vncserver
-Source6: vncserver.man
+# Downstream patches
Patch1: tigervnc-use-gnome-as-default-session.patch
-# Upstream patches (can be dropped with next Tigervnc release)
-Patch51: tigervnc-let-user-know-about-not-using-view-only-password.patch
-Patch52: tigervnc-working-tls-on-fips-systems.patch
-Patch53: tigervnc-utilize-system-crypto-policies.patch
-Patch54: tigervnc-passwd-crash-with-malloc-checks.patch
-Patch55: tigervnc-tolerate-specifying-boolparam.patch
-Patch56: tigervnc-systemd-service.patch
-Patch57: tigervnc-correctly-start-vncsession-as-daemon.patch
-Patch58: tigervnc-selinux-missing-compression-and-correct-location.patch
-Patch59: tigervnc-selinux-policy-improvements.patch
-Patch60: tigervnc-argb-runtime-ximage-byteorder-selection.patch
-Patch61: tigervnc-selinux-restore-context-in-case-of-different-policies.patch
-Patch62: tigervnc-root-user-selinux-context.patch
-Patch63: tigervnc-vncsession-restore-script-systemd-service.patch
+# Upstream patches
+Patch50: tigervnc-selinux-restore-context-in-case-of-different-policies.patch
+Patch51: tigervnc-fix-typo-in-mirror-monitor-detection.patch
+Patch52: tigervnc-root-user-selinux-context.patch
+Patch53: tigervnc-vncsession-restore-script-systemd-service.patch
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver120.patch
@@ -54,8 +44,9 @@ BuildRequires: libxkbfile-devel, openssl-devel, libpciaccess-devel
BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
-BuildRequires: libdrm-devel, libXt-devel, pixman-devel,
+BuildRequires: libdrm-devel, libXt-devel, pixman-devel, libselinux-devel
BuildRequires: systemd, cmake, desktop-file-utils, selinux-policy-devel
+BuildRequires: libXfixes-devel, libXdamage-devel, libXrandr-devel
%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
BuildRequires: libXfont2-devel
%else
@@ -147,6 +138,10 @@ BuildRequires: selinux-policy-devel
Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel
+# Required for matchpathcon
+Requires: libselinux-utils
+# Required for restorecon
+Requires: policycoreutils
%{?selinux_requires}
%description selinux
@@ -168,19 +163,10 @@ popd
%patch1 -p1 -b .use-gnome-as-default-session
# Upstream patches
-%patch51 -p1 -b .let-user-know-about-not-using-view-only-password
-%patch52 -p1 -b .working-tls-on-fips-systems
-%patch53 -p1 -b .utilize-system-crypto-policies
-%patch54 -p1 -b .passwd-crash-with-malloc-checks
-%patch55 -p1 -b .tolerate-specifying-boolparam
-%patch56 -p1 -b .systemd-service
-%patch57 -p1 -b .correctly-start-vncsession-as-daemon
-%patch58 -p1 -b .selinux-missing-compression-and-correct-location
-%patch59 -p1 -b .selinux-policy-improvements
-%patch60 -p1 -b .argb-runtime-ximage-byteorder-selection
-%patch61 -p1 -b .selinux-restore-context-in-case-of-different-policies
-%patch62 -p1 -b .root-user-selinux-context
-%patch63 -p1 -b .vncsession-restore-script-systemd-service
+%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies
+%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection
+%patch52 -p1 -b .root-user-selinux-context
+%patch53 -p1 -b .vncsession-restore-script-systemd-service
%build
%ifarch sparcv9 sparc64 s390 s390x
@@ -275,10 +261,7 @@ echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
EOF
chmod +x %{buildroot}/%{_bindir}/vncserver
%else
-rm -f %{buildroot}/%{_mandir}/man8/vncserver.8
-
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
-install -m 644 %{SOURCE6} %{buildroot}/%{_mandir}/man8/vncserver.8
%endif
%find_lang %{name} %{name}.lang
@@ -289,14 +272,11 @@ rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la
mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
-install -m 644 %{SOURCE4} %{buildroot}/%{_docdir}/tigervnc/HOWTO.md
-
%post server
%systemd_post xvnc@.service
%systemd_post xvnc.socket
%preun server
-%systemd_preun xvnc@.service
%systemd_preun xvnc.socket
%postun server
@@ -365,6 +345,23 @@ fi
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog
+* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
+- Add BR: libXdamage, libXfixes, libXrandr
+ Resolves: bz#2091833
+
+* Tue Apr 05 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
+- Do not run systemd_preun on Xvnc service file
+ Resolves: bz#2048011
+
+* Mon Apr 04 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
+- Drop unexisting option from the old vncserver script
+ Resolves: bz#2021893
+
+* Wed Mar 23 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
+- 1.12.0 + sync with Fedora
+ Resolves: bz#2048011
+ Resolves: bz#2021893
+
* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
- Added vncsession-restore script for SELinux policy migration
Fix SELinux context for root user