SOURCES/10-libvnc.conf

@@ -12,7 +12,7 @@
 #EndSection
 
 #Section "Screen"
-#    Identifier "Screen0"
+#    Identifier "Screen0
 #    DefaultDepth 16
 #    Option "SecurityTypes" "VncAuth"
 #    Option "PasswordFile" "/root/.vnc/passwd"

SOURCES/tigervnc-dont-install-appstream-metadata-file.patch

@@ -1,51 +0,0 @@
-diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt
-index 052cfb3..c84fb0e 100644
---- a/po/CMakeLists.txt
-+++ b/po/CMakeLists.txt
-@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
-     ${PROJECT_SOURCE_DIR}/vncviewer/*.h
-     ${PROJECT_SOURCE_DIR}/vncviewer/*.cxx
-     ${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in
--    ${PROJECT_SOURCE_DIR}/vncviewer/*.metainfo.xml.in
-   )
- 
-   add_custom_target(translations_update
-diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt
-index 15eac66..450b732 100644
---- a/vncviewer/CMakeLists.txt
-+++ b/vncviewer/CMakeLists.txt
-@@ -100,34 +100,6 @@ if(UNIX)
-   add_custom_target(desktop ALL DEPENDS vncviewer.desktop)
-   install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications)
- 
--  if("${GETTEXT_VERSION_STRING}" VERSION_GREATER 0.19.6)
--    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
--      COMMAND ${GETTEXT_MSGFMT_EXECUTABLE}
--                --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
--                -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml
--      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
--    )
--  elseif(INTLTOOL_MERGE_EXECUTABLE)
--    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
--      COMMAND sed -e 's@<name>@<_name>@\;s@</name>@</_name>@'
--                  -e 's@<summary>@<_summary>@\;s@</summary>@</_summary>@'
--                  -e 's@<caption>@<_caption>@\;s@</caption>@</_caption>@'
--                  -e 's@<p>@<_p>@g\;s@</p>@</_p>@g'
--                ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in > org.tigervnc.vncviewer.metainfo.xml.intl
--      COMMAND ${INTLTOOL_MERGE_EXECUTABLE}
--                -x ${CMAKE_SOURCE_DIR}/po
--                org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml
--      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
--    )
--  else()
--    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
--      COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in org.tigervnc.vncviewer.metainfo.xml
--      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
--    )
--  endif()
--  add_custom_target(appstream ALL DEPENDS org.tigervnc.vncviewer.metainfo.xml)
--  install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tigervnc.vncviewer.metainfo.xml DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/metainfo)
--
-   foreach(res 16 22 24 32 48 64 128)
-     install(FILES ../media/icons/tigervnc_${res}.png DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/icons/hicolor/${res}x${res}/apps RENAME tigervnc.png)
-   endforeach()

SOURCES/xorg-CVE-2024-0229-followup.patch

@@ -0,0 +1,32 @@
+From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 22 Jan 2024 14:22:12 +1000
+Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
+ event
+
+Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
+---
+ dix/enterleave.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dix/enterleave.c b/dix/enterleave.c
+index 7b7ba1098b..c1e6ac600e 100644
+--- a/dix/enterleave.c
++++ b/dix/enterleave.c
+@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
+     ev->first_valuator = first;
+     switch (ev->num_valuators) {
+     case 6:
+-        ev->valuator2 = v->axisVal[first + 5];
++        ev->valuator5 = v->axisVal[first + 5];
+     case 5:
+-        ev->valuator2 = v->axisVal[first + 4];
++        ev->valuator4 = v->axisVal[first + 4];
+     case 4:
+-        ev->valuator2 = v->axisVal[first + 3];
++        ev->valuator3 = v->axisVal[first + 3];
+     case 3:
+         ev->valuator2 = v->axisVal[first + 2];
+     case 2:
+--
+GitLab

SOURCES/xorg-CVE-2024-31083-followup.patch

@@ -1,72 +0,0 @@
-From 337d8d48b618d4fc0168a7b978be4c3447650b04 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan <ofourdan@redhat.com>
-Date: Fri, 5 Apr 2024 15:24:49 +0200
-Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs()
-
-ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and
-then frees it using FreeGlyph() to decrease the reference count, after
-AddGlyph() has increased it.
-
-AddGlyph() however may chose to reuse an existing glyph if it's already
-in the glyphSet, and free the glyph that was given, in which case the
-caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an
-already freed glyph, as reported by ASan:
-
-  READ of size 4 thread T0
-    #0 in FreeGlyph xserver/render/glyph.c:252
-    #1 in ProcRenderAddGlyphs xserver/render/render.c:1174
-    #2 in Dispatch xserver/dix/dispatch.c:546
-    #3 in dix_main xserver/dix/main.c:271
-    #4 in main xserver/dix/stubmain.c:34
-    #5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
-    #6 in __libc_start_main_impl ../csu/libc-start.c:360
-    #7  (/usr/bin/Xwayland+0x44fe4)
-  Address is located 0 bytes inside of 64-byte region
-  freed by thread T0 here:
-    #0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52
-    #1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538
-    #2 in AddGlyph xserver/render/glyph.c:295
-    #3 in ProcRenderAddGlyphs xserver/render/render.c:1173
-    #4 in Dispatch xserver/dix/dispatch.c:546
-    #5 in dix_main xserver/dix/main.c:271
-    #6 in main xserver/dix/stubmain.c:34
-    #7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
-  previously allocated by thread T0 here:
-    #0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69
-    #1 in AllocateGlyph xserver/render/glyph.c:355
-    #2 in ProcRenderAddGlyphs xserver/render/render.c:1085
-    #3 in Dispatch xserver/dix/dispatch.c:546
-    #4 in dix_main xserver/dix/main.c:271
-    #5 in main xserver/dix/stubmain.c:34
-    #6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
-  SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph
-
-To avoid that, make sure not to free the given glyph in AddGlyph().
-
-v2: Simplify the test using the boolean returned from AddGlyph() (Michel)
-v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter)
-
-Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs
-Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
-Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
-Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476>
----
- render/glyph.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/render/glyph.c b/render/glyph.c
-index 13991f8a1..5fa7f3b5b 100644
---- a/render/glyph.c
-+++ b/render/glyph.c
-@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id)
-     gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature,
-                       TRUE, glyph->sha1);
-     if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) {
--        FreeGlyphPicture(glyph);
--        dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH);
-         glyph = gr->glyph;
-     }
-     else if (gr->glyph != glyph) {
--- 
-2.44.0
-

SOURCES/xvnc.service

@@ -32,7 +32,7 @@
 Description=XVNC Per-Connection Daemon
 
 [Service]
-ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None -Log *:syslog:30
+ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
 User=nobody
 StandardInput=socket
 StandardError=syslog

SPECS/tigervnc.spec

@@ -5,12 +5,12 @@
 
 Name:           tigervnc
 Version:        1.13.1
-Release:        10%{?dist}
+Release:        8%{?dist}
 Summary:        A TigerVNC remote display system
 
 %global _hardened_build 1
 
-License:        GPLv2+
+License:        GPL-2.0-or-later
 URL:            http://www.tigervnc.com
 
 Source0:        %{name}-%{version}.tar.gz
@@ -24,7 +24,6 @@ Source5:        vncserver
 # Downstream patches
 Patch1:         tigervnc-use-gnome-as-default-session.patch
 Patch2:         tigervnc-vncsession-restore-script-systemd-service.patch
-Patch3:         tigervnc-dont-install-appstream-metadata-file.patch
 
 # Upstream patches
 Patch50:        tigervnc-support-username-alias-in-plainusers.patch
@@ -39,7 +38,9 @@ Patch100:       tigervnc-xserver120.patch
 Patch101:       0001-rpath-hack.patch
 
 # XServer patches
-Patch200:       xorg-CVE-2024-31083-followup.patch
+# CVE-2024-0229
+# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
+Patch200:       xorg-CVE-2024-0229-followup.patch
 
 BuildRequires:  make
 BuildRequires:  gcc-c++
@@ -125,10 +126,12 @@ X session.
 
 %package server-minimal
 Summary:        A minimal installation of TigerVNC server
-Requires(post): chkconfig
-Requires(preun):chkconfig
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires(post): systemd
 
-Requires:       mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
+Requires:       mesa-dri-drivers, xkeyboard-config, xkbcomp
 Requires:       tigervnc-license, dbus-x11
 
 %description server-minimal
@@ -187,12 +190,11 @@ for all in `find . -type f -perm -001`; do
 done
 %patch100 -p1 -b .xserver120-rebased
 %patch101 -p1 -b .rpath
-%patch200 -p1 -b .xorg-CVE-2024-31083-followup
+%patch200 -p1 -b .xorg-CVE-2024-0229-followup
 popd
 
 %patch1 -p1 -b .use-gnome-as-default-session
 %patch2 -p1 -b .vncsession-restore-script-systemd-service
-%patch3 -p1 -b .dont-install-appstream-metadata-file.patch
 
 # Upstream patches
 %patch50 -p1 -b .support-username-alias-in-plainusers
@@ -207,12 +209,22 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
 %else
 export CFLAGS="$RPM_OPT_FLAGS -fpic"
 %endif
-export CXXFLAGS="$CFLAGS"
+export CXXFLAGS="$CFLAGS -std=c++11"
 
-%{cmake} .
-make %{?_smp_mflags}
+%define __cmake_builddir %{_target_platform}
+
+mkdir -p %{%__cmake_builddir}
+
+%cmake
+
+%cmake_build
 
 pushd unix/xserver
+
+%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
+sed -i 's@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}/%{_target_platform}@g' hw/vnc/Makefile.am
+%endif
+
 autoreconf -fiv
 %configure \
         --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
@@ -235,7 +247,11 @@ make %{?_smp_mflags}
 popd
 
 # Build icons
+%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
+pushd %{_target_platform}/media
+%else
 pushd media
+%endif
 make
 popd
 
@@ -244,19 +260,19 @@ pushd unix/vncserver/selinux
 make
 popd
 
-
 %install
-%make_install
+%cmake_install
+rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
 
 pushd unix/xserver/hw/vnc
-make install DESTDIR=%{buildroot}
+%make_install
 popd
 
+# Install systemd unit file
 pushd unix/vncserver/selinux
 make install DESTDIR=%{buildroot}
 popd
 
-
 # Install systemd unit file
 install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
 install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
@@ -270,7 +286,21 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps
 done
 popd
 
+appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml
+desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop
+
+%if 0%{?rhel} > 9
+# Install a replacement for /usr/bin/vncserver which will tell the user to read the
+# HOWTO.md file
+cat <<EOF > %{buildroot}/%{_bindir}/vncserver
+#!/bin/bash
+echo "vncserver has been replaced by a systemd unit."
+echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
+EOF
+chmod +x %{buildroot}/%{_bindir}/vncserver
+%else
 install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
+%endif
 
 %find_lang %{name} %{name}.lang
 
@@ -281,15 +311,14 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
 install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
 
 %post server
-%systemd_post xvnc.service
+%systemd_post xvnc@.service
 %systemd_post xvnc.socket
 
 %preun server
-%systemd_preun xvnc.service
 %systemd_preun xvnc.socket
 
 %postun server
-%systemd_postun xvnc.service
+%systemd_postun xvnc@.service
 %systemd_postun xvnc.socket
 
 %pre selinux
@@ -311,6 +340,7 @@ fi
 %{_bindir}/vncviewer
 %{_datadir}/applications/*
 %{_mandir}/man1/vncviewer.1*
+%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml
 
 %files server
 %config(noreplace) %{_sysconfdir}/pam.d/tigervnc
@@ -320,8 +350,8 @@ fi
 %{_unitdir}/vncserver@.service
 %{_unitdir}/xvnc@.service
 %{_unitdir}/xvnc.socket
-%{_bindir}/x0vncserver
 %{_bindir}/vncserver
+%{_bindir}/x0vncserver
 %{_sbindir}/vncsession
 %{_libexecdir}/vncserver
 %{_libexecdir}/vncsession-start
@@ -341,7 +371,7 @@ fi
 
 %files server-module
 %{_libdir}/xorg/modules/extensions/libvnc.so
-%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
+%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
 
 %files license
 %{_docdir}/tigervnc/LICENCE.TXT
@@ -354,243 +384,264 @@ fi
 %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
 
 %changelog
-* Mon Apr 15 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
-- Drop patches that are already part of xorg-x11-server
-  Resolves: RHEL-30755
-  Resolves: RHEL-30767
-  Resolves: RHEL-30761
-
-* Thu Apr 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9
-- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
-  Resolves: RHEL-30755
-- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
-  Resolves: RHEL-30767
-- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
-  Resolves: RHEL-30761
-
 * Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
 - Fix copy/paste error in the DeviceStateNotify
-  Resolves: RHEL-20530
+  Resolves: RHEL-20533
 
 * Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
 - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
-  Resolves: RHEL-20388
+  Resolves: RHEL-20389
 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
-  Resolves: RHEL-20382
+  Resolves: RHEL-20383
 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
-  Resolves: RHEL-20530
+  Resolves: RHEL-20533
 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
-  Resolves: RHEL-21214
+  Resolves: RHEL-21213
 
 * Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
 - Use dup() to get available file descriptor when using -inetd option
-  Resolves: RHEL-21000
+  Resolves: RHEL-19858
 
 * Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
 - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
-  Resolves: RHEL-18410
+  Resolves: RHEL-18414
 - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
-  Resolves: RHEL-18422
+  Resolves: RHEL-18426
 
 * Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
 - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
-  Resolves: RHEL-15236
+  Resolves: RHEL-15237
 
 - Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
-  Resolves: RHEL-15230
+  Resolves: RHEL-15249
 
 * Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
 - Support username alias in PlainUsers
-  Resolves: RHEL-4258
+  Resolves: RHEL-8430
 
 * Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
 - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
   Escalation Vulnerability
-  Resolves: bz#2180306
+  Resolves: bz#2180310
 
 * Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
 - 1.13.1
-  Resolves: bz#2175748
-- Restore "--fallbacktofreeport" option in the vncserver script
-  Resolves: bz#2174398
+  Resolves: bz#2175732
 
-* Thu Dec 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
-- Bump build version to fix upgrade path
-  Resolves: bz#1437569
+* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
+- SELinux: allow vncsession create .vnc directory
+  Resolves: bz#2164703
 
-* Fri Nov 18 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
+* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-11
+- Add sanity check when cleaning up keymap changes
+  Resolves: bz#2169965
+
+* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
+- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
+  Resolves: bz#2167061
+
+* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-9
+- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
+
+* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
+- Rebuild for xorg-x11-server CVEs
+  Resolves: CVE-2022-4283 (bz#2154234)
+  Resolves: CVE-2022-46340 (bz#2154221)
+  Resolves: CVE-2022-46341 (bz#2154224)
+  Resolves: CVE-2022-46342 (bz#2154226)
+  Resolves: CVE-2022-46343 (bz#2154228)
+  Resolves: CVE-2022-46344 (bz#2154230)
+
+* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
 - x0vncserver: add new keysym in case we don't find matching keycode
-  Resolves: bz#1437569
+  + actually apply the patch
+  Resolves: bz#2119017
 
-* Wed Aug 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
+* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
+- x0vncserver: add new keysym in case we don't find matching keycode
+  Resolves: bz#2119017
+
+* Mon Oct 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
 - x0vncserver: fix ghost cursor in zaphod mode (better version)
-  Resolves: bz#2109679
+  Resolves: bz#2119016
 
-* Wed Aug 17 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
-- x0vncserver: fix ghost cursor in zaphod mode
-  Resolves: bz#2109679
+* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
+- Add BR: libXdamage, libXfixes, libXrandr
+  Resolves: bz#2091833
 
-* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
-- BR: libXdamage, libXfixes, libXrandr
-  Resolves: bz#2088733
+* Tue Apr 05 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
+- Do not run systemd_preun on Xvnc service file
+  Resolves: bz#2048011
 
-* Tue Feb 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
+* Mon Apr 04 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
+- Drop unexisting option from the old vncserver script
+  Resolves: bz#2021893
+
+* Wed Mar 23 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
+- 1.12.0 + sync with Fedora
+  Resolves: bz#2048011
+  Resolves: bz#2021893
+
+* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
 - Added vncsession-restore script for SELinux policy migration
   Fix SELinux context for root user
-  Resolves: bz#2021892
+  Resolves: bz#2049506
 
-* Fri Jan 21 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
-- Fix crash in vncviewer
-  Resolves: bz#2021892
+* Fri Nov 26 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-20
+- Rebuild for absence in RHEL 9.0
+  Resolves: bz#1985858
 
-* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
-- Remove unavailable option from vncserver script
-  Resolves: bz#2021892
+* Mon Aug 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-19
+- Sync upstream patches + drop unused patches
+  Resolves: bz#1985858
 
-* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
-- 1.12.0
-  Resolves: bz#2021892
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-18
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
+* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-17
 - Fix logout from VNC session using vncserver
-  Resolves: bz#1983706
+  Resolves: bz#1983704
 
-* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
-- Run all SELinux RPM macros on correct package
-  Resolves: bz#1907963
+* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-16
+- Bump version for rebuild (binutils)
+  Resolves: bz#1961488
 
-* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-7
+* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-14
 - SELinux improvements
-  Resolves: bz#1907963
+  Resolves: bz#1961488
 
-* Tue Dec 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
-- Use GNOME as default session
-  Resolves: bz#1853608
+- Fix endianness issue on s390x
+  Resolves: bz#1963029
 
-* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
-- Make sure we log properly output to journal (actually log to syslog)
-  Resolves: bz#1841537
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-13
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
-- Make sure we log properly output to journal
-  Resolves: bz#1841537
+* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12
+- Include RHEL8 patches
 
-* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
-- vncserver: ignore new "session" parameter from the new systemd support
-  Resolves: bz#1897504
+* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11
+- Enable old vncserver script for RHEL 9
 
-* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
-- Revert removal of vncserver
-  Resolves: bz#1897504
-- Correctly start vncsession as a daemon
-  Resolves: bz#1897498
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Tue Oct 20 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
-- Update to 1.11.0
-  Resolves: bz#1880985
-- Backport fix to allow Tigervnc use boolean values in config files
-  Resolves: bz#1883415
+* Thu Dec 10 07:45:46 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
+- vncserver: ignore new session parameter from the new systemd support
 
-* Wed Sep 30 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-8
-- Tolerate specifying -BoolParam 0 and similar
-  Resolves: bz#1883415
+* Fri Nov 13 14:08:29 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
+- Use /run instead of /var/run which is just a symlink
 
-* Wed Jul 08 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-7
-- Enable server module on s390x
-  Resolves: bz#1854925
+* Thu Nov 05 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.11.0-7
+- Require xkbcomp directly, not xorg-x11-xkb-utils. The latter has had
+  Provides xkbcomp for years.
 
-* Fri Jul 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-6
-- Remove trailing spaces in user name
-  Resolves: bz#1852432
+* Tue Sep 29 13:12:22 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
+- Backport upstream fix allowing Tigervnc to specify boolean valus in configuration
+- Revert removal of vncserver for F32 and F33
 
-* Thu Jun 25 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
-- Install the HOWTO file to correct location
+* Thu Sep 24 07:14:06 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
+- Actually install the HOWTO.md file
+
+* Wed Sep 23 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
+- Call systemd macros on correct service file
+
+* Tue Sep 22 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
+- Do not overwrite libvnc.conf config file
+
+* Thu Sep 17 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
 - Add /usr/bin/vncserver file informing users to read the HOWTO.md file
-  Resolves: bz#1790443
 
-* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-4
-- Improve SELinux policy
-  Resolves: bz#1790443
+* Wed Sep 09 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
+- 1.11.0
 
-* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-3
-- Add a HOWTO.md file with instructions how to start VNC server
-  Resolves: bz#1790443
+* Mon Aug 24 2020 Jan Grulich <jgrulich@redhat.com. - 1.10.90-1
+- Update to 1.10.90 (1.11.0 beta)
 
-* Tue May 26 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
-- Make the systemd service run also for root user
-  Resolves: bz#1790443
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-9
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Mon Apr 27 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-7
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 1.10.1-6
+- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
+
+* Sun Apr 19 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
+- Requires: dbus-x11
+  Resolves: bz#1825331
+
+* Fri Mar 13 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.10.1-4
+- Fix build with xserver 1.20.7
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jan 13 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
+- Build with -std=c++11
+
+* Fri Dec 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
 - Update to 1.10.1
-  Resolves: bz#1806992
 
-- Add proper systemd support
-  Resolves: bz#1790443
+* Tue Dec 10 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-2
+- Properly install systemd files
 
-* Tue Jan 28 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-13
-- Bump build because of z-stream
-  Resolves: bz#1671714
+* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-1
+- Update to 1.10.0
 
-* Wed Dec 11 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-12
-- Fix installation of systemd files
-  Resolves: bz#1671714
+* Fri Oct 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.90-1
+- Update to 1.9.90 (1.10 beta)
+- Add systemd user service file
+- Use a wrapper for systemd system service file to workaround systemd limitations
 
-* Wed Nov 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-11
-- Use wrapper script to workaround systemd issues
-  Resolves: bz#1671714
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
-* Fri Jul 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-10
-- Do not return returncode indicating error when running "vncserver -list"
-  Resolves: bz#1727860
+* Fri Jul 19 2019 Dan Horák <dan[at]danny.cz> - 1.9.0-6
+- drop the s390x special handling (related #1727029)
 
-* Fri Feb 08 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-9
-- Make tigervnc systemd service a user service
-  Resolves: bz#1639846
+* Wed Jun 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
+- Add missing arguments to systemd_postun scriptlets
+  Resolves: bz#1716411
 
-* Mon Jan 21 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-8
-- Kill the session automatically only when Gnome is installed
-  Resolves: bz#1665876
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
-* Tue Nov 20 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-7
-- Improve coverity scan fixes
-  Resolves: bz#1602714
-
-  Inform whether view-only password is used or not
-  Resolves: bz#1639169
-
-  Backport fixes from RHEL 7
-  Resolves: bz#1651254
-
-* Tue Oct 09 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-6
+* Tue Sep 25 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
 - Do not crash passwd when using malloc perturb checks
-  Resolves: bz#1637086
-
-* Mon Oct 08 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
-- Improve coverity scan fixes
-  Resolves: bz#1602714
-
-* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-4
-- Improve coverity scan fixes
-  Resolves: bz#1602714
-
-* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
-- Fix some coverity scan issues
-  Resolves: bz#1602714
+  Resolves: bz#1631483
 
 * Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2
-- Remove dependency on initscripts
+- Ignore buttons in mouse leave events
+  Resolves: bz#1609516
 
 * Tue Jul 17 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-1
-- Update to 1.9.0 + sync with Fedora
+- Update to 1.9.0
 
-* Tue Jun 12 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-10
-- Fix GLX initialization with Xorg 1.20
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.90-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
-* Tue May 29 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-9
-- Build against Xorg 1.20
+* Wed Jul  4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.90-2
+- Clean up spec: use macros consistenly, drop old sys-v migrations
+- Drop ancient obsolete/provides
 
-* Mon May 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-8
-- Drop BR: ImageMagick
+* Thu Jun 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.90-1
+- Update to 1.8.90
+
+* Wed Jun 13 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-10
+- Fix tigervnc systemd unit file
+  Resolves: bz#1583159
+
+* Wed Jun 06 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-9
+- Fix GLX initialization with 1.20
+
+* Wed Apr 04 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-8
+- Rebuild for xserver 1.20
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild