14 changed files with 496 additions and 421 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/tigervnc-1.13.1.tar.gz
+SOURCES/tigervnc-1.12.0.tar.gz
--- a/.tigervnc.metadata
+++ b/.tigervnc.metadata
@ -1 +1 @@
-6f7a23f14833f552c88523da1a5e102f3b8d35c2 SOURCES/tigervnc-1.13.1.tar.gz
+44db63993d8ad04f730b0b48e8aca32933bff15a SOURCES/tigervnc-1.12.0.tar.gz
--- a/SOURCES/tigervnc-add-new-keycodes-for-unknown-keysyms.patch
+++ b/SOURCES/tigervnc-add-new-keycodes-for-unknown-keysyms.patch
@ -0,0 +1,199 @@
+From ccbd491fa48f1c43daeb1a6c5ee91a1a8fa3db88 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Tue, 9 Aug 2022 14:31:07 +0200
+Subject: [PATCH] x0vncserver: add new keysym in case we don't find a matching
+ keycode
+
+We might often fail to find a matching X11 keycode when the client has
+a different keyboard layout and end up with no key event. To avoid a
+failure we add it as a new keysym/keycode pair so the next time a keysym
+from the client that is unknown to the server is send, we will find a
+match and proceed with key event. This is same behavior used in Xvnc or
+x11vnc, although Xvnc has more advanced mapping from keysym to keycode.
+---
+ unix/x0vncserver/XDesktop.cxx | 121 +++++++++++++++++++++++++++++++++-
+ unix/x0vncserver/XDesktop.h   |   4 ++
+ 2 files changed, 122 insertions(+), 3 deletions(-)
+
+diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
+index f2046e43e..933998f05 100644
+--- a/unix/x0vncserver/XDesktop.cxx
+++ b/unix/x0vncserver/XDesktop.cxx
+@@ -31,6 +31,7 @@
+ #include <x0vncserver/XDesktop.h>
+
+ #include <X11/XKBlib.h>
+#include <X11/Xutil.h>
+ #ifdef HAVE_XTEST
+ #include <X11/extensions/XTest.h>
+ #endif
+@@ -50,6 +51,7 @@ void vncSetGlueContext(Display *dpy, void *res);
+ #include <x0vncserver/Geometry.h>
+ #include <x0vncserver/XPixelBuffer.h>
+
+using namespace std;
+ using namespace rfb;
+
+ extern const unsigned short code_map_qnum_to_xorgevdev[];
+@@ -264,6 +266,9 @@ void XDesktop::start(VNCServer* vs) {
+ void XDesktop::stop() {
+   running = false;
+
+  // Delete added keycodes
+  deleteAddedKeysyms(dpy);
+
+ #ifdef HAVE_XDAMAGE
+   if (haveDamage)
+     XDamageDestroy(dpy, damage);
+@@ -383,6 +388,118 @@ KeyCode XDesktop::XkbKeysymToKeycode(Display* dpy, KeySym keysym) {
+ }
+ #endif
+
+KeyCode XDesktop::addKeysym(Display* dpy, KeySym keysym)
+{
+  int types[1];
+  unsigned int key;
+  XkbDescPtr xkb;
+  XkbMapChangesRec changes;
+  KeySym *syms;
+  KeySym upper, lower;
+
+  xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
+
+  if (!xkb)
+    return 0;
+
+  for (key = xkb->max_key_code; key >= xkb->min_key_code; key--) {
+    if (XkbKeyNumGroups(xkb, key) == 0)
+      break;
+  }
+
+  if (key < xkb->min_key_code)
+    return 0;
+
+  memset(&changes, 0, sizeof(changes));
+
+  XConvertCase(keysym, &lower, &upper);
+
+  if (upper == lower)
+    types[XkbGroup1Index] = XkbOneLevelIndex;
+  else
+    types[XkbGroup1Index] = XkbAlphabeticIndex;
+
+  XkbChangeTypesOfKey(xkb, key, 1, XkbGroup1Mask, types, &changes);
+
+  syms = XkbKeySymsPtr(xkb,key);
+  if (upper == lower)
+    syms[0] = keysym;
+  else {
+    syms[0] = lower;
+    syms[1] = upper;
+  }
+
+  changes.changed |= XkbKeySymsMask;
+  changes.first_key_sym = key;
+  changes.num_key_syms = 1;
+
+  if (XkbChangeMap(dpy, xkb, &changes)) {
+    vlog.info("Added unknown keysym %s to keycode %d", XKeysymToString(keysym), key);
+    addedKeysyms[keysym] = key;
+    return key;
+  }
+
+  return 0;
+}
+
+void XDesktop::deleteAddedKeysyms(Display* dpy) {
+  XkbDescPtr xkb;
+  xkb = XkbGetMap(dpy, XkbAllComponentsMask, XkbUseCoreKbd);
+
+  if (!xkb)
+    return;
+
+  XkbMapChangesRec changes;
+  memset(&changes, 0, sizeof(changes));
+
+  KeyCode lowestKeyCode = xkb->max_key_code;
+  KeyCode highestKeyCode = xkb->min_key_code;
+  std::map<KeySym, KeyCode>::iterator it;
+  for (it = addedKeysyms.begin(); it != addedKeysyms.end(); it++) {
+    if (XkbKeyNumGroups(xkb, it->second) != 0) {
+      // Check if we are removing keysym we added ourself
+      if (XkbKeysymToKeycode(dpy, it->first) != it->second)
+        continue;
+
+      XkbChangeTypesOfKey(xkb, it->second, 0, XkbGroup1Mask, NULL, &changes);
+
+      if (it->second < lowestKeyCode)
+        lowestKeyCode = it->second;
+
+      if (it->second > highestKeyCode)
+        highestKeyCode = it->second;
+    }
+  }
+
+  changes.changed |= XkbKeySymsMask;
+  changes.first_key_sym = lowestKeyCode;
+  changes.num_key_syms = highestKeyCode - lowestKeyCode + 1;
+  XkbChangeMap(dpy, xkb, &changes);
+
+  addedKeysyms.clear();
+}
+
+KeyCode XDesktop::keysymToKeycode(Display* dpy, KeySym keysym) {
+  int keycode = 0;
+
+  // XKeysymToKeycode() doesn't respect state, so we have to use
+  // something slightly more complex
+  keycode = XkbKeysymToKeycode(dpy, keysym);
+
+  if (keycode != 0)
+    return keycode;
+
+  // TODO: try to further guess keycode with all possible mods as Xvnc does
+
+  keycode = addKeysym(dpy, keysym);
+
+  if (keycode == 0)
+    vlog.error("Failure adding new keysym 0x%lx", keysym);
+
+  return keycode;
+}
+
+
+ void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
+ #ifdef HAVE_XTEST
+   int keycode = 0;
+@@ -398,9 +515,7 @@ void XDesktop::keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down) {
+     if (pressedKeys.find(keysym) != pressedKeys.end())
+       keycode = pressedKeys[keysym];
+     else {
+-      // XKeysymToKeycode() doesn't respect state, so we have to use
+-      // something slightly more complex
+-      keycode = XkbKeysymToKeycode(dpy, keysym);
+      keycode = keysymToKeycode(dpy, keysym);
+     }
+   }
+
+diff --git a/unix/x0vncserver/XDesktop.h b/unix/x0vncserver/XDesktop.h
+index 840d43316..6ebcd9f8a 100644
+--- a/unix/x0vncserver/XDesktop.h
+++ b/unix/x0vncserver/XDesktop.h
+@@ -55,6 +55,9 @@ class XDesktop : public rfb::SDesktop,
+                                const char* userName);
+   virtual void pointerEvent(const rfb::Point& pos, int buttonMask);
+   KeyCode XkbKeysymToKeycode(Display* dpy, KeySym keysym);
+  KeyCode addKeysym(Display* dpy, KeySym keysym);
+  void deleteAddedKeysyms(Display* dpy);
+  KeyCode keysymToKeycode(Display* dpy, KeySym keysym);
+   virtual void keyEvent(rdr::U32 keysym, rdr::U32 xtcode, bool down);
+   virtual void clientCutText(const char* str);
+   virtual unsigned int setScreenLayout(int fb_width, int fb_height,
+@@ -78,6 +81,7 @@ class XDesktop : public rfb::SDesktop,
+   bool haveXtest;
+   bool haveDamage;
+   int maxButtons;
+  std::map<KeySym, KeyCode> addedKeysyms;
+   std::map<KeySym, KeyCode> pressedKeys;
+   bool running;
+ #ifdef HAVE_XDAMAGE
--- a/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch
+++ b/SOURCES/tigervnc-dont-get-pointer-position-for-floating-device.patch
@ -1,13 +0,0 @@
-diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
-index b3d0926d..d36a096f 100644
--- a/unix/xserver/hw/vnc/vncInput.c
-+++ b/unix/xserver/hw/vnc/vncInput.c
-@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
- 
- void vncGetPointerPos(int *x, int *y)
- {
-	if (vncPointerDev != NULL) {
-+	if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
- 		ScreenPtr ptrScreen;
- 
- 		miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);
--- a/SOURCES/tigervnc-dont-install-appstream-metadata-file.patch
+++ b/SOURCES/tigervnc-dont-install-appstream-metadata-file.patch
@ -1,51 +0,0 @@
-diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt
-index 052cfb3..c84fb0e 100644
--- a/po/CMakeLists.txt
-+++ b/po/CMakeLists.txt
-@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
-     ${PROJECT_SOURCE_DIR}/vncviewer/*.h
-     ${PROJECT_SOURCE_DIR}/vncviewer/*.cxx
-     ${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in
-    ${PROJECT_SOURCE_DIR}/vncviewer/*.metainfo.xml.in
-   )
- 
-   add_custom_target(translations_update
-diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt
-index 15eac66..450b732 100644
--- a/vncviewer/CMakeLists.txt
-+++ b/vncviewer/CMakeLists.txt
-@@ -100,34 +100,6 @@ if(UNIX)
-   add_custom_target(desktop ALL DEPENDS vncviewer.desktop)
-   install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications)
- 
-  if("${GETTEXT_VERSION_STRING}" VERSION_GREATER 0.19.6)
-    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
-      COMMAND ${GETTEXT_MSGFMT_EXECUTABLE}
-                --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
-                -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml
-      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
-    )
-  elseif(INTLTOOL_MERGE_EXECUTABLE)
-    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
-      COMMAND sed -e 's@<name>@<_name>@\;s@</name>@</_name>@'
-                  -e 's@<summary>@<_summary>@\;s@</summary>@</_summary>@'
-                  -e 's@<caption>@<_caption>@\;s@</caption>@</_caption>@'
-                  -e 's@<p>@<_p>@g\;s@</p>@</_p>@g'
-                ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in > org.tigervnc.vncviewer.metainfo.xml.intl
-      COMMAND ${INTLTOOL_MERGE_EXECUTABLE}
-                -x ${CMAKE_SOURCE_DIR}/po
-                org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml
-      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
-    )
-  else()
-    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
-      COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in org.tigervnc.vncviewer.metainfo.xml
-      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
-    )
-  endif()
-  add_custom_target(appstream ALL DEPENDS org.tigervnc.vncviewer.metainfo.xml)
-  install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tigervnc.vncviewer.metainfo.xml DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/metainfo)
-
-   foreach(res 16 22 24 32 48 64 128)
-     install(FILES ../media/icons/tigervnc_${res}.png DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/icons/hicolor/${res}x${res}/apps RENAME tigervnc.png)
-   endforeach()
--- a/SOURCES/tigervnc-fix-ghost-cursor-in-zaphod-mode.patch
+++ b/SOURCES/tigervnc-fix-ghost-cursor-in-zaphod-mode.patch
@ -0,0 +1,117 @@
+From f783d5c8b567199178b6690f347e060a69d2aa36 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Thu, 11 Aug 2022 13:15:29 +0200
+Subject: [PATCH] x0vncserver: update/display cursor only on correct screen in
+ zaphod mode
+
+We have to check whether we update cursor position/shape only in case
+the cursor is on our display, otherwise in zaphod mode, ie. when having
+two instances of x0vncserver on screens :0.0 and :0.1 we would be having
+the cursor duplicated and actually not funcional (aka ghost cursor) as
+it would be actually not present. We also additionally watch EnterNotify
+and LeaveNotify events in order to show/hide cursor accordingly.
+
+Change made with help from Olivier Fourdan <ofourdan@redhat.com>
+---
+ unix/x0vncserver/XDesktop.cxx | 60 +++++++++++++++++++++++++++++++----
+ 1 file changed, 53 insertions(+), 7 deletions(-)
+
+diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
+index f2046e43e..f07fd78bf 100644
+--- a/unix/x0vncserver/XDesktop.cxx
+++ b/unix/x0vncserver/XDesktop.cxx
+@@ -192,7 +192,8 @@ XDesktop::XDesktop(Display* dpy_, Geometry *geometry_)
+                    RRScreenChangeNotifyMask | RRCrtcChangeNotifyMask);
+     /* Override TXWindow::init input mask */
+     XSelectInput(dpy, DefaultRootWindow(dpy),
+-                 PropertyChangeMask | StructureNotifyMask | ExposureMask);
+                 PropertyChangeMask | StructureNotifyMask |
+                 ExposureMask | EnterWindowMask | LeaveWindowMask);
+   } else {
+ #endif
+     vlog.info("RANDR extension not present");
+@@ -217,11 +218,13 @@ void XDesktop::poll() {
+     Window root, child;
+     int x, y, wx, wy;
+     unsigned int mask;
+-    XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
+-                  &x, &y, &wx, &wy, &mask);
+-    x -= geometry->offsetLeft();
+-    y -= geometry->offsetTop();
+-    server->setCursorPos(rfb::Point(x, y), false);
+
+    if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
+                      &x, &y, &wx, &wy, &mask)) {
+      x -= geometry->offsetLeft();
+      y -= geometry->offsetTop();
+      server->setCursorPos(rfb::Point(x, y), false);
+    }
+   }
+ }
+
+@@ -253,7 +256,14 @@ void XDesktop::start(VNCServer* vs) {
+ #endif
+
+ #ifdef HAVE_XFIXES
+-  setCursor();
+  Window root, child;
+  int x, y, wx, wy;
+  unsigned int mask;
+  // Check whether the cursor is initially on our screen
+  if (XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
+                    &x, &y, &wx, &wy, &mask))
+    setCursor();
+
+ #endif
+
+   server->setLEDState(ledState);
+@@ -701,6 +711,15 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
+     if (cev->subtype != XFixesDisplayCursorNotify)
+       return false;
+
+    Window root, child;
+    int x, y, wx, wy;
+    unsigned int mask;
+
+    // Check whether the cursor is initially on our screen
+    if (!XQueryPointer(dpy, DefaultRootWindow(dpy), &root, &child,
+                      &x, &y, &wx, &wy, &mask))
+      return false;
+
+     return setCursor();
+ #endif
+ #ifdef HAVE_XRANDR
+@@ -753,6 +772,33 @@ bool XDesktop::handleGlobalEvent(XEvent* ev) {
+
+     return true;
+ #endif
+#ifdef HAVE_XFIXES
+  } else if (ev->type == EnterNotify) {
+    XCrossingEvent* cev;
+
+    if (!running)
+      return true;
+
+    cev = (XCrossingEvent*)ev;
+
+    if (cev->window != cev->root)
+      return false;
+
+    return setCursor();
+  } else if (ev->type == LeaveNotify) {
+    XCrossingEvent* cev;
+
+    if (!running)
+      return true;
+
+    cev = (XCrossingEvent*)ev;
+
+    if (cev->window == cev->root)
+      return false;
+
+    server->setCursor(0, 0, Point(), NULL);
+    return true;
+#endif
+   }
+
+   return false;
--- a/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch
+++ b/SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch
@ -0,0 +1,34 @@
+From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Thu, 23 Dec 2021 15:58:00 +0100
+Subject: [PATCH] Fix typo in mirror monitor detection
+
+Bug introduced in fb561eb but still somehow passed manual testing.
+Resulted in some stray reads off the end of the stack, which were
+hopefully harmless.
+---
+ vncviewer/MonitorIndicesParameter.cxx | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx
+index 5130831cb..4ac74dd1a 100644
+--- a/vncviewer/MonitorIndicesParameter.cxx
+++ b/vncviewer/MonitorIndicesParameter.cxx
+@@ -211,13 +211,13 @@ std::vector<MonitorIndicesParameter::Monitor> MonitorIndicesParameter::fetchMoni
+         // Only keep a single entry for mirrored screens
+         match = false;
+         for (int j = 0; j < ((int) monitors.size()); j++) {
+-            if (monitors[i].x != monitor.x)
+            if (monitors[j].x != monitor.x)
+                 continue;
+-            if (monitors[i].y != monitor.y)
+            if (monitors[j].y != monitor.y)
+                 continue;
+-            if (monitors[i].w != monitor.w)
+            if (monitors[j].w != monitor.w)
+                 continue;
+-            if (monitors[i].h != monitor.h)
+            if (monitors[j].h != monitor.h)
+                 continue;
+
+             match = true;
--- a/SOURCES/tigervnc-root-user-selinux-context.patch
+++ b/SOURCES/tigervnc-root-user-selinux-context.patch
@ -0,0 +1,25 @@
+From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001
+From: Zdenek Pytela <zpytela@redhat.com>
+Date: Mon, 7 Feb 2022 10:45:41 +0100
+Subject: [PATCH] SELinux: use /root/.vnc in file context specification
+
+Instead of HOME_ROOT/.vnc, /root/.vnc should be used
+for user root's home to specify default file context
+as HOME_ROOT actually means base for home dirs (usually /home).
+---
+ unix/vncserver/selinux/vncsession.fc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
+index 6aaf4b1f4..bc81f8f25 100644
+--- a/unix/vncserver/selinux/vncsession.fc
+++ b/unix/vncserver/selinux/vncsession.fc
+@@ -18,7 +18,7 @@
+ #
+
+ HOME_DIR/\.vnc(/.*)?      gen_context(system_u:object_r:vnc_home_t,s0)
+-HOME_ROOT/\.vnc(/.*)?      gen_context(system_u:object_r:vnc_home_t,s0)
+/root/\.vnc(/.*)?      gen_context(system_u:object_r:vnc_home_t,s0)
+
+ /usr/sbin/vncsession			--	gen_context(system_u:object_r:vnc_session_exec_t,s0)
+ /usr/libexec/vncsession-start		--	gen_context(system_u:object_r:vnc_session_exec_t,s0)
--- a/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
+++ b/SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch
@ -0,0 +1,81 @@
+From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Thu, 11 Nov 2021 13:52:41 +0100
+Subject: [PATCH] SELinux: restore SELinux context in case of different
+ policies
+
+---
+ CMakeLists.txt                | 13 +++++++++++++
+ unix/vncserver/CMakeLists.txt |  2 +-
+ unix/vncserver/vncsession.c   | 16 ++++++++++++++++
+ 3 files changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 50247c7da..1708eb3d8 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE)
+   endif()
+ endif()
+
+# Check for SELinux library
+if(UNIX AND NOT APPLE)
+  check_include_files(selinux/selinux.h HAVE_SELINUX_H)
+  if(HAVE_SELINUX_H)
+    set(CMAKE_REQUIRED_LIBRARIES -lselinux)
+    set(CMAKE_REQUIRED_LIBRARIES)
+    set(SELINUX_LIBS selinux)
+    add_definitions("-DHAVE_SELINUX")
+  else()
+    message(WARNING "Could not find SELinux development files")
+  endif()
+endif()
+
+ # Generate config.h and make sure the source finds it
+ configure_file(config.h.in config.h)
+ add_definitions(-DHAVE_CONFIG_H)
+diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
+index f65ccc7db..ae69dc098 100644
+--- a/unix/vncserver/CMakeLists.txt
+++ b/unix/vncserver/CMakeLists.txt
+@@ -1,5 +1,5 @@
+ add_executable(vncsession vncsession.c)
+-target_link_libraries(vncsession ${PAM_LIBS})
+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
+
+ configure_file(vncserver@.service.in vncserver@.service @ONLY)
+ configure_file(vncsession-start.in vncsession-start @ONLY)
+diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
+index 3573e5e9b..f6d2fd59e 100644
+--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
+@@ -37,6 +37,11 @@
+ #include <sys/types.h>
+ #include <sys/wait.h>
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/restorecon.h>
+#endif
+
+ extern char **environ;
+
+ // PAM service name
+@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display)
+             syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
+             _exit(EX_OSERR);
+         }
+
+#ifdef HAVE_SELINUX
+        int result;
+        if (selinux_file_context_verify(logfile, 0) == 0) {
+            result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
+
+            if (result < 0) {
+                syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
+            }
+        }
+#endif
+     }
+
+     hostlen = sysconf(_SC_HOST_NAME_MAX);
--- a/SOURCES/tigervnc-support-username-alias-in-plainusers.patch
+++ b/SOURCES/tigervnc-support-username-alias-in-plainusers.patch
@ -1,135 +0,0 @@
-diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
-index 6f65e87..3142ba3 100644
--- a/common/rfb/SSecurityPlain.cxx
-+++ b/common/rfb/SSecurityPlain.cxx
-@@ -27,6 +27,8 @@
- #include <rdr/InStream.h>
- #if !defined(WIN32) && !defined(__APPLE__)
- #include <rfb/UnixPasswordValidator.h>
-+#include <unistd.h>
-+#include <pwd.h>
- #endif
- #ifdef WIN32
- #include <rfb/WinPasswdValidator.h>
-@@ -45,21 +47,22 @@ StringParameter PasswordValidator::plainUsers
-
- bool PasswordValidator::validUser(const char* username)
- {
-  CharArray users(plainUsers.getValueStr()), user;
-+  std::vector<std::string> users;
-
-  while (users.buf) {
-    strSplit(users.buf, ',', &user.buf, &users.buf);
-#ifdef WIN32
-    if (0 == stricmp(user.buf, "*"))
-	  return true;
-    if (0 == stricmp(user.buf, username))
-	  return true;
-#else
-    if (!strcmp(user.buf, "*"))
-	  return true;
-    if (!strcmp(user.buf, username))
-	  return true;
-+  users = split(plainUsers, ',');
-+
-+  for (size_t i = 0; i < users.size(); i++) {
-+    if (users[i] == "*")
-+      return true;
-+#if !defined(WIN32) && !defined(__APPLE__)
-+    if (users[i] == "%u") {
-+      struct passwd *pw = getpwnam(username);
-+      if (pw && pw->pw_uid == getuid())
-+        return true;
-+    }
- #endif
-+    if (users[i] == username)
-+      return true;
-   }
-   return false;
- }
-diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
-index 649eb0b..cce73a0 100644
--- a/common/rfb/util.cxx
-+++ b/common/rfb/util.cxx
-@@ -99,6 +99,26 @@ namespace rfb {
-     return false;
-   }
-
-+  std::vector<std::string> split(const char* src,
-+                                 const char delimiter)
-+  {
-+    std::vector<std::string> out;
-+    const char *start, *stop;
-+
-+    start = src;
-+    do {
-+      stop = strchr(start, delimiter);
-+      if (stop == NULL) {
-+        out.push_back(start);
-+      } else {
-+        out.push_back(std::string(start, stop-start));
-+        start = stop + 1;
-+      }
-+    } while (stop != NULL);
-+
-+    return out;
-+  }
-+
-   bool strContains(const char* src, char c) {
-     int l=strlen(src);
-     for (int i=0; i<l; i++)
-diff --git a/common/rfb/util.h b/common/rfb/util.h
-index f0ac9ef..ed15c28 100644
--- a/common/rfb/util.h
-+++ b/common/rfb/util.h
-@@ -27,6 +27,9 @@
- #include <limits.h>
- #include <string.h>
-
-+#include <string>
-+#include <vector>
-+
- struct timeval;
-
- #ifdef __GNUC__
-@@ -76,6 +79,10 @@ namespace rfb {
-   // that part of the string.  Obviously, setting both to 0 is not useful...
-   bool strSplit(const char* src, const char limiter, char** out1, char** out2, bool fromEnd=false);
-
-+  // Splits a string with the specified delimiter
-+  std::vector<std::string> split(const char* src,
-+                                 const char delimiter);
-+
-   // Returns true if src contains c
-   bool strContains(const char* src, char c);
-
-diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
-index c36ae34..78db730 100644
--- a/unix/x0vncserver/x0vncserver.man
-+++ b/unix/x0vncserver/x0vncserver.man
-@@ -125,8 +125,8 @@ parameter instead.
- .B \-PlainUsers \fIuser-list\fP
- A comma separated list of user names that are allowed to authenticate via
- any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
-+to allow any user to authenticate using this security type. Specify \fB%u\fP
-+to allow the user of the server process. Default is to deny all users.
- .
- .TP
- .B \-pam_service \fIname\fP, \-PAMService \fIname\fP
-diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
-index ea87dea..e9fb654 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
-+++ b/unix/xserver/hw/vnc/Xvnc.man
-@@ -200,8 +200,8 @@ parameter instead.
- .B \-PlainUsers \fIuser-list\fP
- A comma separated list of user names that are allowed to authenticate via
- any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
-to allow any user to authenticate using this security type. Default is to
-deny all users.
-+to allow any user to authenticate using this security type. Specify \fB%u\fP
-+to allow the user of the server process. Default is to deny all users.
- .
- .TP
- .B \-pam_service \fIname\fP, \-PAMService \fIname\fP
--- a/SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch
+++ b/SOURCES/tigervnc-use-dup-to-get-available-fd-for-inetd.patch
@ -1,17 +0,0 @@
-diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
-index f8141959..c5c36539 100644
--- a/unix/xserver/hw/vnc/xvnc.c
-+++ b/unix/xserver/hw/vnc/xvnc.c
-@@ -366,8 +366,10 @@ ddxProcessArgument(int argc, char *argv[], int i)
-     if (strcmp(argv[i], "-inetd") == 0) {
-         int nullfd;
- 
-        dup2(0, 3);
-        vncInetdSock = 3;
-+        if ((vncInetdSock = dup(0)) == -1)
-+            FatalError
-+                ("Xvnc error: failed to allocate a new file descriptor for -inetd: %s\n", strerror(errno));
-+
- 
-         /* Avoid xserver >= 1.19's epoll-fd becoming fd 2 / stderr only to be
-            replaced by /dev/null by OsInit() because the pollfd is not
--- a/SOURCES/vncserver
+++ b/SOURCES/vncserver
@ -121,7 +121,7 @@ if ($fontPath eq "") {
 # Check command line options

 &ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
-	      "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1,"-fallbacktofreeport",0);
+	      "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);

 &Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});

@ -168,13 +168,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
    $displayNumber = $1;
    shift(@ARGV);
    if (!&CheckDisplayNumber($displayNumber)) {
-        if ($opt{'-fallbacktofreeport'}) {
-            warn "A VNC server is already running as :$displayNumber\n";
-            $displayNumber = &GetDisplayNumber();
-            warn "Using port :$displayNumber as fallback\n";
-        } else {
-            die "A VNC server is already running as :$displayNumber\n";
-        }
+        warn "A VNC server is already running as :$displayNumber\n";
+        $displayNumber = &GetDisplayNumber();
    }
 } elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
    &Usage();
@ -680,7 +675,6 @@ sub Usage
 	"                 [-autokill]\n".
 	"                 [-noxstartup]\n".
 	"                 [-xstartup <file>]\n".
-	"                 [-fallbacktofreeport]\n".
 	"                 <Xvnc-options>...\n\n".
 	"       $prog -kill <X-display>\n\n".
 	"       $prog -list\n\n");
--- a/SOURCES/xorg-CVE-2024-31083-followup.patch
+++ b/SOURCES/xorg-CVE-2024-31083-followup.patch
@ -1,72 +0,0 @@
-From 337d8d48b618d4fc0168a7b978be4c3447650b04 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan <ofourdan@redhat.com>
-Date: Fri, 5 Apr 2024 15:24:49 +0200
-Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs()
-
-ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and
-then frees it using FreeGlyph() to decrease the reference count, after
-AddGlyph() has increased it.
-
-AddGlyph() however may chose to reuse an existing glyph if it's already
-in the glyphSet, and free the glyph that was given, in which case the
-caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an
-already freed glyph, as reported by ASan:
-
-  READ of size 4 thread T0
-    #0 in FreeGlyph xserver/render/glyph.c:252
-    #1 in ProcRenderAddGlyphs xserver/render/render.c:1174
-    #2 in Dispatch xserver/dix/dispatch.c:546
-    #3 in dix_main xserver/dix/main.c:271
-    #4 in main xserver/dix/stubmain.c:34
-    #5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
-    #6 in __libc_start_main_impl ../csu/libc-start.c:360
-    #7  (/usr/bin/Xwayland+0x44fe4)
-  Address is located 0 bytes inside of 64-byte region
-  freed by thread T0 here:
-    #0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52
-    #1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538
-    #2 in AddGlyph xserver/render/glyph.c:295
-    #3 in ProcRenderAddGlyphs xserver/render/render.c:1173
-    #4 in Dispatch xserver/dix/dispatch.c:546
-    #5 in dix_main xserver/dix/main.c:271
-    #6 in main xserver/dix/stubmain.c:34
-    #7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
-  previously allocated by thread T0 here:
-    #0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69
-    #1 in AllocateGlyph xserver/render/glyph.c:355
-    #2 in ProcRenderAddGlyphs xserver/render/render.c:1085
-    #3 in Dispatch xserver/dix/dispatch.c:546
-    #4 in dix_main xserver/dix/main.c:271
-    #5 in main xserver/dix/stubmain.c:34
-    #6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
-  SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph
-
-To avoid that, make sure not to free the given glyph in AddGlyph().
-
-v2: Simplify the test using the boolean returned from AddGlyph() (Michel)
-v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter)
-
-Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs
-Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
-Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
-Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476>
---
- render/glyph.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/render/glyph.c b/render/glyph.c
-index 13991f8a1..5fa7f3b5b 100644
--- a/render/glyph.c
-+++ b/render/glyph.c
-@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id)
-     gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature,
-                       TRUE, glyph->sha1);
-     if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) {
-        FreeGlyphPicture(glyph);
-        dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH);
-         glyph = gr->glyph;
-     }
-     else if (gr->glyph != glyph) {
-- 
-2.44.0
-
--- a/SPECS/tigervnc.spec
+++ b/SPECS/tigervnc.spec
@ -4,8 +4,8 @@
 %global modulename vncsession

 Name:           tigervnc
-Version:        1.13.1
-Release:        10%{?dist}
+Version:        1.12.0
+Release:        9%{?dist}
 Summary:        A TigerVNC remote display system

 %global _hardened_build 1
@ -21,73 +21,47 @@ Source3:        10-libvnc.conf
 # Backwards compatibility
 Source5:        vncserver

-# Downstream patches
 Patch1:         tigervnc-use-gnome-as-default-session.patch
-Patch2:         tigervnc-vncsession-restore-script-systemd-service.patch
-Patch3:         tigervnc-dont-install-appstream-metadata-file.patch

 # Upstream patches
-Patch50:        tigervnc-support-username-alias-in-plainusers.patch
-Patch51:        tigervnc-use-dup-to-get-available-fd-for-inetd.patch
-
-# Upstreamable patches
-Patch80:        tigervnc-dont-get-pointer-position-for-floating-device.patch
+Patch50:        tigervnc-selinux-restore-context-in-case-of-different-policies.patch
+Patch51:        tigervnc-fix-typo-in-mirror-monitor-detection.patch
+Patch52:        tigervnc-root-user-selinux-context.patch
+Patch53:        tigervnc-vncsession-restore-script-systemd-service.patch
+# https://github.com/TigerVNC/tigervnc/pull/1513
+Patch54:        tigervnc-fix-ghost-cursor-in-zaphod-mode.patch
+# https://github.com/TigerVNC/tigervnc/pull/1510
+Patch55:       tigervnc-add-new-keycodes-for-unknown-keysyms.patch

 # This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
 Patch100:       tigervnc-xserver120.patch
 # 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
 Patch101:       0001-rpath-hack.patch

-# XServer patches
-Patch200:       xorg-CVE-2024-31083-followup.patch
+# Upstreamable patches

-BuildRequires:  make
 BuildRequires:  gcc-c++
-BuildRequires:  gettext
-BuildRequires:  cmake
-
-BuildRequires:  gnutls-devel
-BuildRequires:  desktop-file-utils
-BuildRequires:  libappstream-glib
-BuildRequires:  libjpeg-turbo-devel
-BuildRequires:  openssl-devel
-BuildRequires:  pam-devel
-BuildRequires:  zlib-devel
+BuildRequires:  libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
+BuildRequires:  libXext-devel, xorg-x11-server-source, libXi-devel
+BuildRequires:  xorg-x11-xtrans-devel, xorg-x11-util-macros, libXtst-devel
+BuildRequires:  libxkbfile-devel, openssl-devel, libpciaccess-devel
+BuildRequires:  mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
+BuildRequires:  freetype-devel, libXdmcp-devel, libxshmfence-devel
+BuildRequires:  libjpeg-turbo-devel, gnutls-devel, pam-devel
+BuildRequires:  libdrm-devel, libXt-devel, pixman-devel
+BuildRequires:  systemd, cmake, desktop-file-utils
+BuildRequires:  libselinux-devel, selinux-policy-devel
+BuildRequires:  libXfixes-devel, libXdamage-devel, libXrandr-devel
+%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
+BuildRequires:  libXfont2-devel
+%else
+BuildRequires:  libXfont-devel
+%endif

 # TigerVNC 1.4.x requires fltk 1.3.3 for keyboard handling support
 # See https://github.com/TigerVNC/tigervnc/issues/8, also bug #1208814
 BuildRequires:  fltk-devel >= 1.3.3
-BuildRequires:  libX11-devel
-BuildRequires:  libXext-devel
-BuildRequires:  libXi-devel
-BuildRequires:  libXrandr-devel
-BuildRequires:  libXrender-devel
-BuildRequires:  pixman-devel
-
-# X11/graphics dependencies
-BuildRequires:  autoconf
-BuildRequires:  automake
-BuildRequires:  gettext-autopoint
-BuildRequires:  libXdamage-devel
-BuildRequires:  libXdmcp-devel
-BuildRequires:  libXfixes-devel
-BuildRequires:  libXfont2-devel
-BuildRequires:  libXinerama-devel
-BuildRequires:  libXt-devel
-BuildRequires:  libXtst-devel
-BuildRequires:  libdrm-devel
-BuildRequires:  libtool
-BuildRequires:  libxkbfile-devel
-BuildRequires:  libxshmfence-devel
-BuildRequires:  mesa-libGL-devel
-BuildRequires:  xorg-x11-font-utils
 BuildRequires:  xorg-x11-server-devel
-BuildRequires:  xorg-x11-server-source
-BuildRequires:  xorg-x11-util-macros
-BuildRequires:  xorg-x11-xtrans-devel
-
-# SELinux
-BuildRequires:  libselinux-devel, selinux-policy-devel, systemd

 Requires(post): coreutils
 Requires(postun):coreutils
@ -187,19 +161,18 @@ for all in `find . -type f -perm -001`; do
 done
 %patch100 -p1 -b .xserver120-rebased
 %patch101 -p1 -b .rpath
-%patch200 -p1 -b .xorg-CVE-2024-31083-followup
 popd

 %patch1 -p1 -b .use-gnome-as-default-session
-%patch2 -p1 -b .vncsession-restore-script-systemd-service
-%patch3 -p1 -b .dont-install-appstream-metadata-file.patch

 # Upstream patches
-%patch50 -p1 -b .support-username-alias-in-plainusers
-%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
+%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies
+%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection
+%patch52 -p1 -b .root-user-selinux-context
+%patch53 -p1 -b .vncsession-restore-script-systemd-service
+%patch54 -p1 -b .fix-ghost-cursor-in-zaphod-mode
+%patch55 -p1 -b .add-new-keycodes-for-unknown-keysyms

-# Upstreamable patches
-%patch80 -p1 -b .dont-get-pointer-position-for-floating-device

 %build
 %ifarch sparcv9 sparc64 s390 s390x
@ -265,7 +238,7 @@ install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
 mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps

 pushd media/icons
-for s in 16 22 24 32 48 64 128; do
+for s in 16 24 48; do
 install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps/tigervnc.png
 done
 popd
@ -351,69 +324,9 @@ fi

 %files selinux
 %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
-%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
+%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}

 %changelog
-* Mon Apr 15 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
- Drop patches that are already part of xorg-x11-server
-  Resolves: RHEL-30755
-  Resolves: RHEL-30767
-  Resolves: RHEL-30761
-
-* Thu Apr 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
-  Resolves: RHEL-30755
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
-  Resolves: RHEL-30767
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
-  Resolves: RHEL-30761
-
-* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
- Fix copy/paste error in the DeviceStateNotify
-  Resolves: RHEL-20530
-
-* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
-  Resolves: RHEL-20388
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
-  Resolves: RHEL-20382
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
-  Resolves: RHEL-20530
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
-  Resolves: RHEL-21214
-
-* Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
- Use dup() to get available file descriptor when using -inetd option
-  Resolves: RHEL-21000
-
-* Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
-  Resolves: RHEL-18410
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
-  Resolves: RHEL-18422
-
-* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
-  Resolves: RHEL-15236
-
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
-  Resolves: RHEL-15230
-
-* Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
- Support username alias in PlainUsers
-  Resolves: RHEL-4258
-
-* Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
-  Escalation Vulnerability
-  Resolves: bz#2180306
-
-* Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
- 1.13.1
-  Resolves: bz#2175748
- Restore "--fallbacktofreeport" option in the vncserver script
-  Resolves: bz#2174398
-
 * Thu Dec 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
 - Bump build version to fix upgrade path
  Resolves: bz#1437569