SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch

@@ -1,29 +0,0 @@
-From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001
-From: Carlos Santos <casantos@redhat.com>
-Date: Thu, 25 Jul 2024 18:39:59 -0300
-Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set
-
-An empty shell field in the password file is valid, although not common.
-Use /bin/sh in this case, as documented in the passwd(5) man page, since
-the vncserver script requires a non-empty SHELL environment variable.
-
-Fixes issue #1786.
-
-Signed-off-by: Carlos Santos <casantos@redhat.com>
----
- unix/vncserver/vncsession.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
-index 1ee096c7c..98a0432aa 100644
---- a/unix/vncserver/vncsession.c
-+++ b/unix/vncserver/vncsession.c
-@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp)
- 
-     // Set up some basic environment for the script
-     setenv("HOME", pwent->pw_dir, 1);
--    setenv("SHELL", pwent->pw_shell, 1);
-+    setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1);
-     setenv("LOGNAME", pwent->pw_name, 1);
-     setenv("USER", pwent->pw_name, 1);
-     setenv("USERNAME", pwent->pw_name, 1);

SOURCES/xorg-CVE-2024-0229-followup.patch

@@ -0,0 +1,32 @@
+From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 22 Jan 2024 14:22:12 +1000
+Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
+ event
+
+Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
+---
+ dix/enterleave.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dix/enterleave.c b/dix/enterleave.c
+index 7b7ba1098b..c1e6ac600e 100644
+--- a/dix/enterleave.c
++++ b/dix/enterleave.c
+@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
+     ev->first_valuator = first;
+     switch (ev->num_valuators) {
+     case 6:
+-        ev->valuator2 = v->axisVal[first + 5];
++        ev->valuator5 = v->axisVal[first + 5];
+     case 5:
+-        ev->valuator2 = v->axisVal[first + 4];
++        ev->valuator4 = v->axisVal[first + 4];
+     case 4:
+-        ev->valuator2 = v->axisVal[first + 3];
++        ev->valuator3 = v->axisVal[first + 3];
+     case 3:
+         ev->valuator2 = v->axisVal[first + 2];
+     case 2:
+--
+GitLab

SPECS/tigervnc.spec

@@ -5,7 +5,7 @@
 
 Name:           tigervnc
 Version:        1.13.1
-Release:        14%{?dist}
+Release:        8%{?dist}
 Summary:        A TigerVNC remote display system
 
 %global _hardened_build 1
@@ -29,8 +29,6 @@ Patch3:         tigervnc-dont-install-appstream-metadata-file.patch
 # Upstream patches
 Patch50:        tigervnc-support-username-alias-in-plainusers.patch
 Patch51:        tigervnc-use-dup-to-get-available-fd-for-inetd.patch
-Patch52:        tigervnc-add-option-to-force-view-only-remote-connections.patch
-Patch53:        tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
 
 # Upstreamable patches
 Patch80:        tigervnc-dont-get-pointer-position-for-floating-device.patch
@@ -41,6 +39,9 @@ Patch100:       tigervnc-xserver120.patch
 Patch101:       0001-rpath-hack.patch
 
 # XServer patches
+# CVE-2024-0229
+# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
+Patch200:       xorg-CVE-2024-0229-followup.patch
 
 BuildRequires:  make
 BuildRequires:  gcc-c++
@@ -186,22 +187,21 @@ pushd unix/xserver
 for all in `find . -type f -perm -001`; do
         chmod -x "$all"
 done
-%patch -P100 -p1 -b .xserver120-rebased
+%patch100 -p1 -b .xserver120-rebased
-%patch -P101 -p1 -b .rpath
+%patch101 -p1 -b .rpath
+%patch200 -p1 -b .xorg-CVE-2024-0229-followup
 popd
 
-%patch -P1 -p1 -b .use-gnome-as-default-session
+%patch1 -p1 -b .use-gnome-as-default-session
-%patch -P2 -p1 -b .vncsession-restore-script-systemd-service
+%patch2 -p1 -b .vncsession-restore-script-systemd-service
-%patch -P3 -p1 -b .dont-install-appstream-metadata-file.patch
+%patch3 -p1 -b .dont-install-appstream-metadata-file.patch
 
 # Upstream patches
-%patch -P50 -p1 -b .support-username-alias-in-plainusers
+%patch50 -p1 -b .support-username-alias-in-plainusers
-%patch -P51 -p1 -b .use-dup-to-get-available-fd-for-inetd
+%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
-%patch -P52 -p1 -b .add-option-to-force-view-only-remote-connections
-%patch -P53 -p1 -b .tigervnc-vncsession-use-bin-sh-when-shell-not-set
 
 # Upstreamable patches
-%patch -P80 -p1 -b .dont-get-pointer-position-for-floating-device
+%patch80 -p1 -b .dont-get-pointer-position-for-floating-device
 
 %build
 %ifarch sparcv9 sparc64 s390 s390x
@@ -356,36 +356,6 @@ fi
 %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
 
 %changelog
-* Thu Oct 31 2024 Jan Grulich <jgrulich@redhat.com>
-- Fix CVE-2024-9632: xorg-x11-server: heap-based buffer overflow privilege escalation vulnerability
-  Resolves: RHEL-61999
-
-* Mon Aug 05 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-13
-- vncsession: use /bin/sh if the user shell is not set
-  Resolves: RHEL-52827
-
-* Fri Jul 12 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-12
-- Fix FTBS: drop already applied Xorg patches
-  Resolves: RHEL-46696
-
-* Tue May 28 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-11
-- vncconfig: add option to force view-only remote client connections
-  Resolves: RHEL-11908
-
-* Mon Apr 15 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
-- Drop patches that are already part of xorg-x11-server
-  Resolves: RHEL-30755
-  Resolves: RHEL-30767
-  Resolves: RHEL-30761
-
-* Thu Apr 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9
-- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
-  Resolves: RHEL-30755
-- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
-  Resolves: RHEL-30767
-- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
-  Resolves: RHEL-30761
-
 * Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
 - Fix copy/paste error in the DeviceStateNotify
   Resolves: RHEL-20530