From 5ab1cdde9327531757d865a3cdf9b0f1755b9a5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@redhat.com>
Date: Fri, 20 Mar 2020 09:51:26 +0100
Subject: [PATCH] Update to 1.8

---
 ...on-support.patch => anon-tls-support.patch | 619 +++++++++++++++++-
 gnome-remote-desktop.spec                     |  15 +-
 sources                                       |   2 +-
 3 files changed, 594 insertions(+), 42 deletions(-)
 rename 0001-vnc-Add-anonymous-TLS-encryption-support.patch => anon-tls-support.patch (58%)

diff --git a/0001-vnc-Add-anonymous-TLS-encryption-support.patch b/anon-tls-support.patch
similarity index 58%
rename from 0001-vnc-Add-anonymous-TLS-encryption-support.patch
rename to anon-tls-support.patch
index 4f63274..b0bd073 100644
--- a/0001-vnc-Add-anonymous-TLS-encryption-support.patch
+++ b/anon-tls-support.patch
@@ -1,7 +1,7 @@
-From 0a6f8835480a1bdb57b77a471bda9993acb8e0b9 Mon Sep 17 00:00:00 2001
+From f431e71d2a40db2fcfc8f88ba5899b4b938b4c2f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Thu, 14 Jun 2018 12:21:37 +0200
-Subject: [PATCH] vnc: Add anonymous TLS encryption support
+Subject: [PATCH 1/6] vnc: Add anonymous TLS encryption support
 
 Add support for encrypting the VNC connection using anonymous TLS. In
 effect this means that the channel is encrypted using TLS but that no
@@ -13,23 +13,23 @@ VNC connection.
  src/grd-enums.h                               |   6 +
  src/grd-session-vnc.c                         |  98 +++-
  src/grd-session-vnc.h                         |  15 +
- src/grd-settings.c                            |  27 ++
+ src/grd-settings.c                            |  28 ++
  src/grd-settings.h                            |   2 +
  src/grd-vnc-server.c                          |  45 ++
  src/grd-vnc-tls.c                             | 444 ++++++++++++++++++
  src/grd-vnc-tls.h                             |  28 ++
  src/meson.build                               |   5 +-
- ...g.gnome.desktop.remote-desktop.gschema.xml |  10 +
- 11 files changed, 665 insertions(+), 16 deletions(-)
+ ...nome.desktop.remote-desktop.gschema.xml.in |  10 +
+ 11 files changed, 666 insertions(+), 16 deletions(-)
  create mode 100644 src/grd-vnc-tls.c
  create mode 100644 src/grd-vnc-tls.h
 
 diff --git a/meson.build b/meson.build
-index 86730f1..f1d10a6 100644
+index 516656e..db77711 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -14,6 +14,7 @@ systemd_dep = dependency('systemd')
- libvncserver_dep = dependency('libvncserver')
+@@ -15,6 +15,7 @@ libvncserver_dep = dependency('libvncserver')
+ libvncclient_dep = dependency('libvncclient')
  libsecret_dep = dependency('libsecret-1')
  libnotify_dep = dependency('libnotify')
 +gnutls_dep = dependency('gnutls')
@@ -52,7 +52,7 @@ index ffab821..4333863 100644
 +
  #endif /* GRD_ENUMS_H */
 diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
-index 589ba4b..1990576 100644
+index 4cdc379..6d489cc 100644
 --- a/src/grd-session-vnc.c
 +++ b/src/grd-session-vnc.c
 @@ -44,7 +44,9 @@ struct _GrdSessionVnc
@@ -96,7 +96,7 @@ index 589ba4b..1990576 100644
  static void
  init_vnc_session (GrdSessionVnc *session_vnc)
  {
-@@ -553,33 +573,74 @@ init_vnc_session (GrdSessionVnc *session_vnc)
+@@ -554,33 +574,74 @@ init_vnc_session (GrdSessionVnc *session_vnc)
    rfbProcessEvents (rfb_screen, 0);
  }
  
@@ -185,7 +185,7 @@ index 589ba4b..1990576 100644
      }
  
    return G_SOURCE_CONTINUE;
-@@ -592,7 +653,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
+@@ -593,7 +654,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
  
    socket = g_socket_connection_get_socket (session_vnc->connection);
    session_vnc->source = g_socket_create_source (socket,
@@ -197,7 +197,7 @@ index 589ba4b..1990576 100644
                                                  NULL);
    g_source_set_callback (session_vnc->source,
                           (GSourceFunc) handle_socket_data,
-@@ -618,8 +682,10 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
+@@ -619,8 +683,10 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
                                "context", context,
                                NULL);
  
@@ -208,7 +208,7 @@ index 589ba4b..1990576 100644
    grd_session_vnc_attach_source (session_vnc);
  
    init_vnc_session (session_vnc);
-@@ -634,6 +700,8 @@ grd_session_vnc_dispose (GObject *object)
+@@ -635,6 +701,8 @@ grd_session_vnc_dispose (GObject *object)
  
    g_assert (!session_vnc->rfb_screen);
  
@@ -251,19 +251,19 @@ index 25919b6..e0601c3 100644
 +
  #endif /* GRD_SESSION_VNC_H */
 diff --git a/src/grd-settings.c b/src/grd-settings.c
-index a3a2afa..c886b7e 100644
+index bdf8211..7324310 100644
 --- a/src/grd-settings.c
 +++ b/src/grd-settings.c
-@@ -46,6 +46,7 @@ struct _GrdSettings
-     GSettings *settings;
+@@ -48,6 +48,7 @@ struct _GrdSettings
      gboolean view_only;
      GrdVncAuthMethod auth_method;
+     int port;
 +    GrdVncEncryption encryption;
    } vnc;
  };
  
-@@ -87,6 +88,12 @@ grd_settings_get_vnc_auth_method (GrdSettings *settings)
-   return settings->vnc.auth_method;
+@@ -120,6 +121,12 @@ grd_settings_get_vnc_auth_method (GrdSettings *settings)
+     return settings->vnc.auth_method;
  }
  
 +GrdVncEncryption
@@ -275,7 +275,7 @@ index a3a2afa..c886b7e 100644
  static void
  update_vnc_view_only (GrdSettings *settings)
  {
-@@ -101,6 +108,13 @@ update_vnc_auth_method (GrdSettings *settings)
+@@ -134,6 +141,13 @@ update_vnc_auth_method (GrdSettings *settings)
                                                     "auth-method");
  }
  
@@ -289,7 +289,7 @@ index a3a2afa..c886b7e 100644
  static void
  on_vnc_settings_changed (GSettings   *vnc_settings,
                           const char  *key,
-@@ -116,6 +130,11 @@ on_vnc_settings_changed (GSettings   *vnc_settings,
+@@ -149,6 +163,11 @@ on_vnc_settings_changed (GSettings   *vnc_settings,
        update_vnc_auth_method (settings);
        g_signal_emit (settings, signals[VNC_AUTH_METHOD_CHANGED], 0);
      }
@@ -301,15 +301,16 @@ index a3a2afa..c886b7e 100644
  }
  
  static void
-@@ -137,6 +156,7 @@ grd_settings_init (GrdSettings *settings)
- 
-   update_vnc_view_only (settings);
+@@ -172,6 +191,8 @@ grd_settings_init (GrdSettings *settings)
    update_vnc_auth_method (settings);
+ 
+   settings->vnc.port = GRD_VNC_SERVER_PORT;
++
 +  update_vnc_encryption (settings);
  }
  
  static void
-@@ -160,4 +180,11 @@ grd_settings_class_init (GrdSettingsClass *klass)
+@@ -195,4 +216,11 @@ grd_settings_class_init (GrdSettingsClass *klass)
                    0,
                    NULL, NULL, NULL,
                    G_TYPE_NONE, 0);
@@ -322,10 +323,10 @@ index a3a2afa..c886b7e 100644
 +                  G_TYPE_NONE, 0);
  }
 diff --git a/src/grd-settings.h b/src/grd-settings.h
-index 9b23b09..4bca403 100644
+index e4e0c09..0575ec1 100644
 --- a/src/grd-settings.h
 +++ b/src/grd-settings.h
-@@ -40,4 +40,6 @@ gboolean grd_settings_get_vnc_view_only (GrdSettings *settings);
+@@ -45,4 +45,6 @@ gboolean grd_settings_get_vnc_view_only (GrdSettings *settings);
  
  GrdVncAuthMethod grd_settings_get_vnc_auth_method (GrdSettings *settings);
  
@@ -333,7 +334,7 @@ index 9b23b09..4bca403 100644
 +
  #endif /* GRD_SETTINGS_H */
 diff --git a/src/grd-vnc-server.c b/src/grd-vnc-server.c
-index a8fed02..769b7ec 100644
+index a6d95cb..f9c68db 100644
 --- a/src/grd-vnc-server.c
 +++ b/src/grd-vnc-server.c
 @@ -24,11 +24,13 @@
@@ -348,9 +349,9 @@ index a8fed02..769b7ec 100644
  #include "grd-session-vnc.h"
 +#include "grd-vnc-tls.h"
  
- #define GRD_VNC_SERVER_PORT 5900
  
-@@ -131,6 +133,43 @@ on_incoming (GSocketService    *service,
+ enum
+@@ -130,6 +132,43 @@ on_incoming (GSocketService    *service,
    return TRUE;
  }
  
@@ -394,7 +395,7 @@ index a8fed02..769b7ec 100644
  gboolean
  grd_vnc_server_start (GrdVncServer  *vnc_server,
                        GError       **error)
-@@ -219,12 +258,18 @@ static void
+@@ -220,12 +259,18 @@ static void
  grd_vnc_server_constructed (GObject *object)
  {
    GrdVncServer *vnc_server = GRD_VNC_SERVER (object);
@@ -898,7 +899,7 @@ index 0000000..135ef8c
 +
 +#endif /* GRD_VNC_TLS_H */
 diff --git a/src/meson.build b/src/meson.build
-index e6ba615..31c7221 100644
+index 0f76fab..9d2f1ce 100644
 --- a/src/meson.build
 +++ b/src/meson.build
 @@ -21,6 +21,8 @@ daemon_sources = files([
@@ -920,10 +921,10 @@ index e6ba615..31c7221 100644
             include_directories: [configinc],
             install: true,
             install_dir: libexecdir)
-diff --git a/src/org.gnome.desktop.remote-desktop.gschema.xml b/src/org.gnome.desktop.remote-desktop.gschema.xml
+diff --git a/src/org.gnome.desktop.remote-desktop.gschema.xml.in b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
 index a5c2022..846e65b 100644
---- a/src/org.gnome.desktop.remote-desktop.gschema.xml
-+++ b/src/org.gnome.desktop.remote-desktop.gschema.xml
+--- a/src/org.gnome.desktop.remote-desktop.gschema.xml.in
++++ b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
 @@ -23,5 +23,15 @@
  	 * password - by requiring the remote client to provide a known password
        </description>
@@ -941,5 +942,553 @@ index a5c2022..846e65b 100644
    </schema>
  </schemalist>
 -- 
-2.20.1
+2.25.1
+
+
+From 73c96bb84856362e2446645533bfff8af2e90529 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Wed, 27 Nov 2019 11:02:09 +0100
+Subject: [PATCH 2/6] session-vnc: Add paused/resumed signals
+
+Paused is when the socket sourec is detached, and resumed when attached.
+Meant to be used by the TLS channel security to a attach/detach
+out-of-socket source.
+---
+ src/grd-session-vnc.c | 72 ++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 65 insertions(+), 7 deletions(-)
+
+diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
+index 6d489cc..afe5889 100644
+--- a/src/grd-session-vnc.c
++++ b/src/grd-session-vnc.c
+@@ -40,14 +40,27 @@
+ #define BGRX_SAMPLES_PER_PIXEL 3
+ #define BGRX_BYTES_PER_PIXEL 4
+ 
++enum
++{
++  PAUSED,
++  RESUMED,
++
++  N_SIGNALS
++};
++
++static guint signals[N_SIGNALS];
++
+ struct _GrdSessionVnc
+ {
+   GrdSession parent;
+ 
+   GrdVncServer *vnc_server;
+   GSocketConnection *connection;
++
+   GList *socket_grabs;
+   GSource *source;
++  gboolean is_paused;
++
+   rfbScreenInfoPtr rfb_screen;
+   rfbClientPtr rfb_client;
+ 
+@@ -73,7 +86,7 @@ struct _GrdSessionVnc
+ G_DEFINE_TYPE (GrdSessionVnc, grd_session_vnc, GRD_TYPE_SESSION);
+ 
+ static void
+-grd_session_vnc_detach_source (GrdSessionVnc *session_vnc);
++grd_session_vnc_pause (GrdSessionVnc *session_vnc);
+ 
+ static gboolean
+ close_session_idle (gpointer user_data);
+@@ -215,7 +228,8 @@ handle_client_gone (rfbClientPtr rfb_client)
+ 
+   g_debug ("VNC client gone");
+ 
+-  grd_session_vnc_detach_source (session_vnc);
++  grd_session_vnc_pause (session_vnc);
++
+   maybe_queue_close_session_idle (session_vnc);
+ }
+ 
+@@ -283,7 +297,7 @@ handle_new_client (rfbClientPtr rfb_client)
+                               session_vnc->prompt_cancellable,
+                               prompt_response_callback,
+                               session_vnc);
+-      grd_session_vnc_detach_source (session_vnc);
++      grd_session_vnc_pause (session_vnc);
+       return RFB_CLIENT_ON_HOLD;
+     case GRD_VNC_AUTH_METHOD_PASSWORD:
+       session_vnc->rfb_screen->passwordCheck = check_rfb_password;
+@@ -501,7 +515,7 @@ check_rfb_password (rfbClientPtr  rfb_client,
+   if (memcmp (challenge_encrypted, response_encrypted, len) == 0)
+     {
+       grd_session_start (GRD_SESSION (session_vnc));
+-      grd_session_vnc_detach_source (session_vnc);
++      grd_session_vnc_pause (session_vnc);
+       return TRUE;
+     }
+   else
+@@ -671,6 +685,36 @@ grd_session_vnc_detach_source (GrdSessionVnc *session_vnc)
+   g_clear_pointer (&session_vnc->source, g_source_destroy);
+ }
+ 
++gboolean
++grd_session_vnc_is_paused (GrdSessionVnc *session_vnc)
++{
++  return session_vnc->is_paused;
++}
++
++static void
++grd_session_vnc_pause (GrdSessionVnc *session_vnc)
++{
++  if (grd_session_vnc_is_paused (session_vnc))
++    return;
++
++  session_vnc->is_paused = TRUE;
++
++  grd_session_vnc_detach_source (session_vnc);
++  g_signal_emit (session_vnc, signals[PAUSED], 0);
++}
++
++static void
++grd_session_vnc_resume (GrdSessionVnc *session_vnc)
++{
++  if (!grd_session_vnc_is_paused (session_vnc))
++    return;
++
++  session_vnc->is_paused = FALSE;
++
++  grd_session_vnc_attach_source (session_vnc);
++  g_signal_emit (session_vnc, signals[RESUMED], 0);
++}
++
+ GrdSessionVnc *
+ grd_session_vnc_new (GrdVncServer      *vnc_server,
+                      GSocketConnection *connection)
+@@ -688,6 +732,7 @@ grd_session_vnc_new (GrdVncServer      *vnc_server,
+ 
+   grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func);
+   grd_session_vnc_attach_source (session_vnc);
++  session_vnc->is_paused = FALSE;
+ 
+   init_vnc_session (session_vnc);
+ 
+@@ -717,7 +762,7 @@ grd_session_vnc_stop (GrdSession *session)
+ 
+   g_clear_object (&session_vnc->pipewire_stream);
+ 
+-  grd_session_vnc_detach_source (session_vnc);
++  grd_session_vnc_pause (session_vnc);
+ 
+   g_clear_object (&session_vnc->connection);
+   g_clear_pointer (&session_vnc->rfb_screen->frameBuffer, g_free);
+@@ -773,8 +818,8 @@ grd_session_vnc_stream_ready (GrdSession *session,
+                     G_CALLBACK (on_pipwire_stream_closed),
+                     session_vnc);
+ 
+-  if (!session_vnc->source)
+-    grd_session_vnc_attach_source (session_vnc);
++  if (grd_session_vnc_is_paused (session_vnc))
++    grd_session_vnc_resume (session_vnc);
+ }
+ 
+ static void
+@@ -793,4 +838,17 @@ grd_session_vnc_class_init (GrdSessionVncClass *klass)
+ 
+   session_class->stop = grd_session_vnc_stop;
+   session_class->stream_ready = grd_session_vnc_stream_ready;
++
++  signals[PAUSED] = g_signal_new ("paused",
++                                  G_TYPE_FROM_CLASS (klass),
++                                  G_SIGNAL_RUN_LAST,
++                                  0,
++                                  NULL, NULL, NULL,
++                                  G_TYPE_NONE, 0);
++  signals[RESUMED] = g_signal_new ("resumed",
++                                   G_TYPE_FROM_CLASS (klass),
++                                   G_SIGNAL_RUN_LAST,
++                                   0,
++                                   NULL, NULL, NULL,
++                                   G_TYPE_NONE, 0);
+ }
+-- 
+2.25.1
+
+
+From fd139827f668c3fadf61a90b47c1b01a95ba0503 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Wed, 27 Nov 2019 11:03:46 +0100
+Subject: [PATCH 3/6] session-vnc: Add grd_session_vnc_dispatch() helper
+
+To be used by the TLS channel security to dispatch when there is data
+available that is not visible to the socket source.
+---
+ src/grd-session-vnc.c | 26 ++++++++++++++++----------
+ src/grd-session-vnc.h |  2 ++
+ 2 files changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
+index afe5889..e26f145 100644
+--- a/src/grd-session-vnc.c
++++ b/src/grd-session-vnc.c
+@@ -625,6 +625,21 @@ vnc_socket_grab_func (GrdSessionVnc  *session_vnc,
+   return TRUE;
+ }
+ 
++void
++grd_session_vnc_dispatch (GrdSessionVnc *session_vnc)
++{
++  GrdVncSocketGrabFunc grab_func;
++  g_autoptr (GError) error = NULL;
++
++  grab_func = g_list_first (session_vnc->socket_grabs)->data;
++  if (!grab_func (session_vnc, &error))
++    {
++      g_warning ("Error when reading socket: %s", error->message);
++
++      grd_session_stop (GRD_SESSION (session_vnc));
++    }
++}
++
+ static gboolean
+ handle_socket_data (GSocket *socket,
+                     GIOCondition condition,
+@@ -641,16 +656,7 @@ handle_socket_data (GSocket *socket,
+     }
+   else if (condition & G_IO_IN)
+     {
+-      GrdVncSocketGrabFunc grab_func;
+-      g_autoptr (GError) error = NULL;
+-
+-      grab_func = g_list_first (session_vnc->socket_grabs)->data;
+-      if (!grab_func (session_vnc, &error))
+-        {
+-          g_warning ("Error when reading socket: %s", error->message);
+-
+-          grd_session_stop (session);
+-        }
++      grd_session_vnc_dispatch (session_vnc);
+     }
+   else
+     {
+diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
+index e0601c3..5caa9f4 100644
+--- a/src/grd-session-vnc.h
++++ b/src/grd-session-vnc.h
+@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc        *session_vnc,
+ void grd_session_vnc_ungrab_socket (GrdSessionVnc        *session_vnc,
+                                     GrdVncSocketGrabFunc  grab_func);
+ 
++void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
++
+ GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
+ 
+ #endif /* GRD_SESSION_VNC_H */
+-- 
+2.25.1
+
+
+From 7bdf190a3a69cecfe8027ee499b5029cfb12f3da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Wed, 27 Nov 2019 11:05:13 +0100
+Subject: [PATCH 4/6] vnc/tls: Add some logging
+
+Uses the log utility from libvncserver as it is related to the RFB
+protocol rather than the session itself.
+---
+ src/grd-vnc-tls.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
+index ec4758e..ac6c35f 100644
+--- a/src/grd-vnc-tls.c
++++ b/src/grd-vnc-tls.c
+@@ -67,6 +67,7 @@ grd_vnc_tls_context_new (void)
+ 
+   tls_context = g_new0 (GrdVncTlsContext, 1);
+ 
++  rfbLog ("TLS: Initializing gnutls context\n");
+   gnutls_global_init ();
+ 
+   gnutls_anon_allocate_server_credentials (&tls_context->anon_credentials);
+@@ -127,6 +128,7 @@ perform_anon_tls_handshake (GrdVncTlsSession  *tls_session,
+   ret = gnutls_handshake (tls_session->tls_session);
+   if (ret != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal (ret))
+     {
++      rfbLog ("TLS: More handshake pending\n");
+       tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_DURING;
+       return TRUE;
+     }
+@@ -140,6 +142,8 @@ perform_anon_tls_handshake (GrdVncTlsSession  *tls_session,
+       return FALSE;
+     }
+ 
++  rfbLog ("TLS: Handshake finished");
++
+   tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_FINISHED;
+   return TRUE;
+ }
+@@ -373,6 +377,7 @@ perform_handshake (GrdSessionVnc  *session_vnc,
+       break;
+     case GRD_TLS_HANDSHAKE_STATE_FINISHED:
+       grd_session_vnc_ungrab_socket (session_vnc, tls_handshake_grab_func);
++      rfbLog ("TLS: Sending post-channel security security list\n");
+       rfbSendSecurityTypeList (grd_session_vnc_get_rfb_client (session_vnc),
+                                RFB_SECURITY_TAG_CHANNEL);
+       break;
+@@ -387,6 +392,7 @@ tls_handshake_grab_func (GrdSessionVnc  *session_vnc,
+ {
+   g_autoptr (GError) handshake_error = NULL;
+ 
++  rfbLog ("TLS: Continuing handshake\n");
+   if (!perform_handshake (session_vnc, &handshake_error))
+     {
+       g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+@@ -404,6 +410,8 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
+   GrdVncTlsSession *tls_session;
+   g_autoptr(GError) error = NULL;
+ 
++  rfbLog ("TLS: Setting up rfbClient for gnutls encrypted traffic\n");
++
+   tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
+   if (!tls_session)
+     {
+@@ -424,6 +432,7 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
+       grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
+     }
+ 
++  rfbLog ("TLS: Performing handshake\n");
+   if (!perform_handshake (session_vnc, &error))
+     {
+       g_warning ("TLS handshake failed: %s", error->message);
+-- 
+2.25.1
+
+
+From 15a28c9f383b260e9b1cef37a663bff7d2efa255 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Wed, 27 Nov 2019 11:07:40 +0100
+Subject: [PATCH 5/6] vnc/tls: Dispatch also when data is pending outside of
+ the socket
+
+gnutls may have data available in its buffers, and we have our own peek
+buffer temporarly storing data later to be processed. This would missed
+by the socket source, as it wouldn't get any notification about it from
+epoll(). Deal with this by adding a custom source that dispatches as
+long as there is data to read in those buffers.
+---
+ src/grd-session-vnc.h |  2 +
+ src/grd-vnc-tls.c     | 92 ++++++++++++++++++++++++++++++++++++++++---
+ 2 files changed, 88 insertions(+), 6 deletions(-)
+
+diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
+index 5caa9f4..db1c7f3 100644
+--- a/src/grd-session-vnc.h
++++ b/src/grd-session-vnc.h
+@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc        *session_vnc,
+ void grd_session_vnc_ungrab_socket (GrdSessionVnc        *session_vnc,
+                                     GrdVncSocketGrabFunc  grab_func);
+ 
++gboolean grd_session_vnc_is_paused (GrdSessionVnc *session_vnc);
++
+ void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
+ 
+ GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
+diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
+index ac6c35f..8f65225 100644
+--- a/src/grd-vnc-tls.c
++++ b/src/grd-vnc-tls.c
+@@ -41,6 +41,12 @@ typedef enum _GrdTlsHandshakeState
+   GRD_TLS_HANDSHAKE_STATE_FINISHED
+ } GrdTlsHandshakeState;
+ 
++typedef struct _PeekBufferSource
++{
++  GSource parent;
++  GrdSessionVnc *session_vnc;
++} PeekBufferSource;
++
+ typedef struct _GrdVncTlsSession
+ {
+   GrdVncTlsContext *tls_context;
+@@ -53,6 +59,8 @@ typedef struct _GrdVncTlsSession
+   char *peek_buffer;
+   int peek_buffer_size;
+   int peek_buffer_len;
++
++  GSource *peek_buffer_source;
+ } GrdVncTlsSession;
+ 
+ static gboolean
+@@ -296,16 +304,14 @@ grd_vnc_tls_peek_at_socket (rfbClientPtr  rfb_client,
+   peekable_len = MIN (len, tls_session->peek_buffer_len);
+   memcpy (buf, tls_session->peek_buffer, peekable_len);
+ 
++  fprintf(stderr, ":::: %s:%d %s() - peeked %d bytes, can peek %d bytes\n", __FILE__, __LINE__, __func__,
++          peekable_len, tls_session->peek_buffer_len);
+   return peekable_len;
+ }
+ 
+-static rfbBool
+-grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
++static gboolean
++grd_vnc_tls_session_has_pending_data (GrdVncTlsSession *tls_session)
+ {
+-  GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
+-  GrdVncTlsSession *tls_session =
+-    grd_vnc_tls_session_from_vnc_session (session_vnc);
+-
+   if (tls_session->peek_buffer_len > 0)
+     return TRUE;
+ 
+@@ -315,6 +321,16 @@ grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
+   return FALSE;
+ }
+ 
++static rfbBool
++grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
++{
++  GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
++  GrdVncTlsSession *tls_session =
++    grd_vnc_tls_session_from_vnc_session (session_vnc);
++
++  return grd_vnc_tls_session_has_pending_data (tls_session);
++}
++
+ static int
+ grd_vnc_tls_write_to_socket (rfbClientPtr  rfb_client,
+                              const char   *buf,
+@@ -403,6 +419,62 @@ tls_handshake_grab_func (GrdSessionVnc  *session_vnc,
+   return TRUE;
+ }
+ 
++static gboolean
++peek_buffer_source_prepare (GSource *source,
++                            int     *timeout)
++{
++  PeekBufferSource *psource = (PeekBufferSource *) source;
++  GrdSessionVnc *session_vnc = psource->session_vnc;
++  GrdVncTlsSession *tls_session =
++    grd_vnc_tls_session_from_vnc_session (session_vnc);
++
++  return grd_vnc_tls_session_has_pending_data (tls_session);
++}
++
++static gboolean
++peek_buffer_source_dispatch (GSource     *source,
++                             GSourceFunc  callback,
++                             gpointer     user_data)
++{
++  PeekBufferSource *psource = (PeekBufferSource *) source;
++  GrdSessionVnc *session_vnc = psource->session_vnc;
++
++  grd_session_vnc_dispatch (session_vnc);
++
++  return G_SOURCE_CONTINUE;
++}
++
++static GSourceFuncs peek_buffer_source_funcs = {
++  .prepare = peek_buffer_source_prepare,
++  .dispatch = peek_buffer_source_dispatch,
++};
++
++static void
++attach_peek_buffer_source (GrdSessionVnc *session_vnc)
++{
++  GrdVncTlsSession *tls_session;
++
++  tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
++  tls_session->peek_buffer_source = g_source_new (&peek_buffer_source_funcs,
++                                                  sizeof (PeekBufferSource));
++  ((PeekBufferSource *) tls_session->peek_buffer_source)->session_vnc =
++    session_vnc;
++  g_source_set_priority (tls_session->peek_buffer_source,
++                         G_PRIORITY_DEFAULT + 1);
++
++  g_source_attach (tls_session->peek_buffer_source, NULL);
++}
++
++static void
++detach_peek_buffer_source (GrdSessionVnc *session_vnc)
++{
++  GrdVncTlsSession *tls_session;
++
++  tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
++
++  g_clear_pointer (&tls_session->peek_buffer_source, g_source_destroy);
++}
++
+ static void
+ rfb_tls_security_handler (rfbClientPtr rfb_client)
+ {
+@@ -429,6 +501,14 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
+       rfb_client->hasPendingOnSocket = grd_vnc_tls_has_pending_on_socket;
+       rfb_client->writeToSocket = grd_vnc_tls_write_to_socket;
+ 
++      if (!grd_session_vnc_is_paused (session_vnc))
++        attach_peek_buffer_source (session_vnc);
++
++      g_signal_connect (session_vnc, "paused",
++                        G_CALLBACK (detach_peek_buffer_source), NULL);
++      g_signal_connect (session_vnc, "resumed",
++                        G_CALLBACK (attach_peek_buffer_source), NULL);
++
+       grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
+     }
+ 
+-- 
+2.25.1
+
+
+From a85de2328db0a0d3412f13a5c9f3a0c2676b6239 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
+Date: Wed, 27 Nov 2019 16:48:00 +0100
+Subject: [PATCH 6/6] session-vnc: Set our own password handling function up
+ front
+
+libvncserver decides whether to register a auth security handler
+depending on whether the password data is set or not. When we use the
+prompt auth method, we don't want to ask for password, so set the
+password data to NULL.
+
+Also, to be a bit more in control of the password mechanism, always set
+the password function up front, instead of just when the client uses the
+password prompt.
+---
+ src/grd-session-vnc.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
+index e26f145..740e68c 100644
+--- a/src/grd-session-vnc.c
++++ b/src/grd-session-vnc.c
+@@ -91,11 +91,6 @@ grd_session_vnc_pause (GrdSessionVnc *session_vnc);
+ static gboolean
+ close_session_idle (gpointer user_data);
+ 
+-static rfbBool
+-check_rfb_password (rfbClientPtr  rfb_client,
+-                    const char   *response_encrypted,
+-                    int           len);
+-
+ static void
+ swap_uint8 (uint8_t *a,
+             uint8_t *b)
+@@ -300,7 +295,6 @@ handle_new_client (rfbClientPtr rfb_client)
+       grd_session_vnc_pause (session_vnc);
+       return RFB_CLIENT_ON_HOLD;
+     case GRD_VNC_AUTH_METHOD_PASSWORD:
+-      session_vnc->rfb_screen->passwordCheck = check_rfb_password;
+       /*
+        * authPasswdData needs to be non NULL in libvncserver to trigger
+        * password authentication.
+@@ -584,6 +578,8 @@ init_vnc_session (GrdSessionVnc *session_vnc)
+   rfb_screen->frameBuffer = g_malloc0 (screen_width * screen_height * 4);
+   memset (rfb_screen->frameBuffer, 0x1f, screen_width * screen_height * 4);
+ 
++  rfb_screen->passwordCheck = check_rfb_password;
++
+   rfbInitServer (rfb_screen);
+   rfbProcessEvents (rfb_screen, 0);
+ }
+-- 
+2.25.1
 
diff --git a/gnome-remote-desktop.spec b/gnome-remote-desktop.spec
index 6a27815..1b16d67 100644
--- a/gnome-remote-desktop.spec
+++ b/gnome-remote-desktop.spec
@@ -1,16 +1,16 @@
 %global systemd_unit gnome-remote-desktop.service
 
 Name:           gnome-remote-desktop
-Version:        0.1.7
-Release:        3%{?dist}
+Version:        0.1.8
+Release:        1%{?dist}
 Summary:        GNOME Remote Desktop screen share service
 
 License:        GPLv2+
 URL:            https://gitlab.gnome.org/jadahl/gnome-remote-desktop
-Source0:        https://gitlab.gnome.org/jadahl/gnome-remote-desktop/uploads/ed3e8b8ebc1a74b6f4ed7260a2739f40/gnome-remote-desktop-0.1.7.tar.xz
+Source0:        https://gitlab.gnome.org/jadahl/gnome-remote-desktop/uploads/6b6c139b154fbaf51075ac084c0fe14b/gnome-remote-desktop-0.1.8.tar.xz
 
 # Adds encryption support (requires patched LibVNCServer)
-Patch0:         0001-vnc-Add-anonymous-TLS-encryption-support.patch
+Patch0:         anon-tls-support.patch
 
 BuildRequires:  git
 BuildRequires:  gcc
@@ -18,7 +18,7 @@ BuildRequires:  meson >= 0.36.0
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(glib-2.0) >= 2.32
 BuildRequires:  pkgconfig(gio-unix-2.0) >= 2.32
-BuildRequires:  pkgconfig(libpipewire-0.2) >= 0.2.5
+BuildRequires:  pkgconfig(libpipewire-0.3) >= 0.3.0
 BuildRequires:  pkgconfig(libvncserver) >= 0.9.11-7
 BuildRequires:  pkgconfig(libsecret-1)
 BuildRequires:  pkgconfig(libnotify)
@@ -27,7 +27,7 @@ BuildRequires:  pkgconfig(gnutls)
 %{?systemd_requires}
 BuildRequires:  systemd
 
-Requires:       pipewire >= 0.2.5
+Requires:       pipewire >= 0.3.0
 
 %description
 GNOME Remote Desktop is a remote desktop and screen sharing service for the
@@ -69,6 +69,9 @@ GNOME desktop environment.
 
 
 %changelog
+* Wed Mar 11 2020 Jonas Ådahl <jadahl@redhat.com> - 0.1.8-1
+- Update to 0.1.8
+
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
diff --git a/sources b/sources
index 1c68eb1..0cd4e90 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (gnome-remote-desktop-0.1.7.tar.xz) = dd20e5e6fd724ff03d8a32319c7145f1fef4331439e52921b812f087e6b83185bf318bb2fb9758fe083ec3cfea30448b601da4ed1aba85fa892ef7fbb794b9ed
+SHA512 (gnome-remote-desktop-0.1.8.tar.xz) = 83e7d9e356c7121d6d102e2f0159f3ff20d039d705dd1ffa7c582a90aa2f433aa6f0153b972f1f2a4da928f842bfb7a950e7ba4b8ff6fda1deb8cf7792114315