SOURCES/10-libvnc.conf

@@ -12,7 +12,7 @@
 #EndSection
 
 #Section "Screen"
-#    Identifier "Screen0
+#    Identifier "Screen0"
 #    DefaultDepth 16
 #    Option "SecurityTypes" "VncAuth"
 #    Option "PasswordFile" "/root/.vnc/passwd"

SOURCES/tigervnc-dont-install-appstream-metadata-file.patch

@@ -0,0 +1,51 @@
+diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt
+index 052cfb3..c84fb0e 100644
+--- a/po/CMakeLists.txt
++++ b/po/CMakeLists.txt
+@@ -14,7 +14,6 @@ if (GETTEXT_XGETTEXT_EXECUTABLE)
+     ${PROJECT_SOURCE_DIR}/vncviewer/*.h
+     ${PROJECT_SOURCE_DIR}/vncviewer/*.cxx
+     ${PROJECT_SOURCE_DIR}/vncviewer/*.desktop.in.in
+-    ${PROJECT_SOURCE_DIR}/vncviewer/*.metainfo.xml.in
+   )
+ 
+   add_custom_target(translations_update
+diff --git a/vncviewer/CMakeLists.txt b/vncviewer/CMakeLists.txt
+index 15eac66..450b732 100644
+--- a/vncviewer/CMakeLists.txt
++++ b/vncviewer/CMakeLists.txt
+@@ -100,34 +100,6 @@ if(UNIX)
+   add_custom_target(desktop ALL DEPENDS vncviewer.desktop)
+   install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncviewer.desktop DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/applications)
+ 
+-  if("${GETTEXT_VERSION_STRING}" VERSION_GREATER 0.19.6)
+-    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
+-      COMMAND ${GETTEXT_MSGFMT_EXECUTABLE}
+-                --xml --template ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
+-                -d ${CMAKE_SOURCE_DIR}/po -o org.tigervnc.vncviewer.metainfo.xml
+-      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
+-    )
+-  elseif(INTLTOOL_MERGE_EXECUTABLE)
+-    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
+-      COMMAND sed -e 's@<name>@<_name>@\;s@</name>@</_name>@'
+-                  -e 's@<summary>@<_summary>@\;s@</summary>@</_summary>@'
+-                  -e 's@<caption>@<_caption>@\;s@</caption>@</_caption>@'
+-                  -e 's@<p>@<_p>@g\;s@</p>@</_p>@g'
+-                ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in > org.tigervnc.vncviewer.metainfo.xml.intl
+-      COMMAND ${INTLTOOL_MERGE_EXECUTABLE}
+-                -x ${CMAKE_SOURCE_DIR}/po
+-                org.tigervnc.vncviewer.metainfo.xml.intl org.tigervnc.vncviewer.metainfo.xml
+-      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
+-    )
+-  else()
+-    add_custom_command(OUTPUT org.tigervnc.vncviewer.metainfo.xml
+-      COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in org.tigervnc.vncviewer.metainfo.xml
+-      DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/org.tigervnc.vncviewer.metainfo.xml.in
+-    )
+-  endif()
+-  add_custom_target(appstream ALL DEPENDS org.tigervnc.vncviewer.metainfo.xml)
+-  install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tigervnc.vncviewer.metainfo.xml DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/metainfo)
+-
+   foreach(res 16 22 24 32 48 64 128)
+     install(FILES ../media/icons/tigervnc_${res}.png DESTINATION ${CMAKE_INSTALL_FULL_DATADIR}/icons/hicolor/${res}x${res}/apps RENAME tigervnc.png)
+   endforeach()

SOURCES/tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch

@@ -0,0 +1,29 @@
+From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@redhat.com>
+Date: Thu, 25 Jul 2024 18:39:59 -0300
+Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set
+
+An empty shell field in the password file is valid, although not common.
+Use /bin/sh in this case, as documented in the passwd(5) man page, since
+the vncserver script requires a non-empty SHELL environment variable.
+
+Fixes issue #1786.
+
+Signed-off-by: Carlos Santos <casantos@redhat.com>
+---
+ unix/vncserver/vncsession.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
+index 1ee096c7c..98a0432aa 100644
+--- a/unix/vncserver/vncsession.c
++++ b/unix/vncserver/vncsession.c
+@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp)
+ 
+     // Set up some basic environment for the script
+     setenv("HOME", pwent->pw_dir, 1);
+-    setenv("SHELL", pwent->pw_shell, 1);
++    setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1);
+     setenv("LOGNAME", pwent->pw_name, 1);
+     setenv("USER", pwent->pw_name, 1);
+     setenv("USERNAME", pwent->pw_name, 1);

SOURCES/xorg-CVE-2024-0229-followup.patch

@@ -1,32 +0,0 @@
-From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Mon, 22 Jan 2024 14:22:12 +1000
-Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
- event
-
-Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
----
- dix/enterleave.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/dix/enterleave.c b/dix/enterleave.c
-index 7b7ba1098b..c1e6ac600e 100644
---- a/dix/enterleave.c
-+++ b/dix/enterleave.c
-@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
-     ev->first_valuator = first;
-     switch (ev->num_valuators) {
-     case 6:
--        ev->valuator2 = v->axisVal[first + 5];
-+        ev->valuator5 = v->axisVal[first + 5];
-     case 5:
--        ev->valuator2 = v->axisVal[first + 4];
-+        ev->valuator4 = v->axisVal[first + 4];
-     case 4:
--        ev->valuator2 = v->axisVal[first + 3];
-+        ev->valuator3 = v->axisVal[first + 3];
-     case 3:
-         ev->valuator2 = v->axisVal[first + 2];
-     case 2:
---
-GitLab

SOURCES/xvnc.service

@@ -32,7 +32,7 @@
 Description=XVNC Per-Connection Daemon
 
 [Service]
-ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
+ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None -Log *:syslog:30
 User=nobody
 StandardInput=socket
 StandardError=syslog

SPECS/tigervnc.spec

@@ -5,12 +5,12 @@
 
 Name:           tigervnc
 Version:        1.13.1
-Release:        8%{?dist}
+Release:        13%{?dist}
 Summary:        A TigerVNC remote display system
 
 %global _hardened_build 1
 
-License:        GPL-2.0-or-later
+License:        GPLv2+
 URL:            http://www.tigervnc.com
 
 Source0:        %{name}-%{version}.tar.gz
@@ -24,10 +24,13 @@ Source5:        vncserver
 # Downstream patches
 Patch1:         tigervnc-use-gnome-as-default-session.patch
 Patch2:         tigervnc-vncsession-restore-script-systemd-service.patch
+Patch3:         tigervnc-dont-install-appstream-metadata-file.patch
 
 # Upstream patches
 Patch50:        tigervnc-support-username-alias-in-plainusers.patch
 Patch51:        tigervnc-use-dup-to-get-available-fd-for-inetd.patch
+Patch52:        tigervnc-add-option-to-force-view-only-remote-connections.patch
+Patch53:        tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
 
 # Upstreamable patches
 Patch80:        tigervnc-dont-get-pointer-position-for-floating-device.patch
@@ -38,9 +41,6 @@ Patch100:       tigervnc-xserver120.patch
 Patch101:       0001-rpath-hack.patch
 
 # XServer patches
-# CVE-2024-0229
-# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
-Patch200:       xorg-CVE-2024-0229-followup.patch
 
 BuildRequires:  make
 BuildRequires:  gcc-c++
@@ -126,12 +126,10 @@ X session.
 
 %package server-minimal
 Summary:        A minimal installation of TigerVNC server
-Requires(post): systemd
-Requires(preun): systemd
-Requires(postun): systemd
-Requires(post): systemd
+Requires(post): chkconfig
+Requires(preun):chkconfig
 
-Requires:       mesa-dri-drivers, xkeyboard-config, xkbcomp
+Requires:       mesa-dri-drivers, xkeyboard-config, xorg-x11-xkb-utils
 Requires:       tigervnc-license, dbus-x11
 
 %description server-minimal
@@ -190,15 +188,17 @@ for all in `find . -type f -perm -001`; do
 done
 %patch100 -p1 -b .xserver120-rebased
 %patch101 -p1 -b .rpath
-%patch200 -p1 -b .xorg-CVE-2024-0229-followup
 popd
 
 %patch1 -p1 -b .use-gnome-as-default-session
 %patch2 -p1 -b .vncsession-restore-script-systemd-service
+%patch3 -p1 -b .dont-install-appstream-metadata-file.patch
 
 # Upstream patches
 %patch50 -p1 -b .support-username-alias-in-plainusers
 %patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
+%patch52 -p1 -b .add-option-to-force-view-only-remote-connections
+%patch53 -p1 -b .tigervnc-vncsession-use-bin-sh-when-shell-not-set
 
 # Upstreamable patches
 %patch80 -p1 -b .dont-get-pointer-position-for-floating-device
@@ -209,22 +209,12 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
 %else
 export CFLAGS="$RPM_OPT_FLAGS -fpic"
 %endif
-export CXXFLAGS="$CFLAGS -std=c++11"
+export CXXFLAGS="$CFLAGS"
 
-%define __cmake_builddir %{_target_platform}
-
-mkdir -p %{%__cmake_builddir}
-
-%cmake
-
-%cmake_build
+%{cmake} .
+make %{?_smp_mflags}
 
 pushd unix/xserver
-
-%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
-sed -i 's@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}@TIGERVNC_BUILDDIR=${TIGERVNC_SRCDIR}/%{_target_platform}@g' hw/vnc/Makefile.am
-%endif
-
 autoreconf -fiv
 %configure \
         --disable-xorg --disable-xnest --disable-xvfb --disable-dmx \
@@ -247,11 +237,7 @@ make %{?_smp_mflags}
 popd
 
 # Build icons
-%if 0%{?fedora} > 32 || 0%{?rhel} >= 9
-pushd %{_target_platform}/media
-%else
 pushd media
-%endif
 make
 popd
 
@@ -260,19 +246,19 @@ pushd unix/vncserver/selinux
 make
 popd
 
+
 %install
-%cmake_install
-rm -f %{buildroot}%{_docdir}/%{name}-%{version}/{README.rst,LICENCE.TXT}
+%make_install
 
 pushd unix/xserver/hw/vnc
-%make_install
+make install DESTDIR=%{buildroot}
 popd
 
-# Install systemd unit file
 pushd unix/vncserver/selinux
 make install DESTDIR=%{buildroot}
 popd
 
+
 # Install systemd unit file
 install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/xvnc@.service
 install -m644 %{SOURCE2} %{buildroot}%{_unitdir}/xvnc.socket
@@ -286,21 +272,7 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps
 done
 popd
 
-appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/org.tigervnc.vncviewer.metainfo.xml
-desktop-file-validate %{buildroot}%{_datadir}/applications/vncviewer.desktop
-
-%if 0%{?rhel} > 9
-# Install a replacement for /usr/bin/vncserver which will tell the user to read the
-# HOWTO.md file
-cat <<EOF > %{buildroot}/%{_bindir}/vncserver
-#!/bin/bash
-echo "vncserver has been replaced by a systemd unit."
-echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information."
-EOF
-chmod +x %{buildroot}/%{_bindir}/vncserver
-%else
 install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
-%endif
 
 %find_lang %{name} %{name}.lang
 
@@ -311,14 +283,15 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
 install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
 
 %post server
-%systemd_post xvnc@.service
+%systemd_post xvnc.service
 %systemd_post xvnc.socket
 
 %preun server
+%systemd_preun xvnc.service
 %systemd_preun xvnc.socket
 
 %postun server
-%systemd_postun xvnc@.service
+%systemd_postun xvnc.service
 %systemd_postun xvnc.socket
 
 %pre selinux
@@ -340,7 +313,6 @@ fi
 %{_bindir}/vncviewer
 %{_datadir}/applications/*
 %{_mandir}/man1/vncviewer.1*
-%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml
 
 %files server
 %config(noreplace) %{_sysconfdir}/pam.d/tigervnc
@@ -350,8 +322,8 @@ fi
 %{_unitdir}/vncserver@.service
 %{_unitdir}/xvnc@.service
 %{_unitdir}/xvnc.socket
-%{_bindir}/vncserver
 %{_bindir}/x0vncserver
+%{_bindir}/vncserver
 %{_sbindir}/vncsession
 %{_libexecdir}/vncserver
 %{_libexecdir}/vncsession-start
@@ -371,7 +343,7 @@ fi
 
 %files server-module
 %{_libdir}/xorg/modules/extensions/libvnc.so
-%config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
+%config %{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
 
 %files license
 %{_docdir}/tigervnc/LICENCE.TXT
@@ -384,264 +356,255 @@ fi
 %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
 
 %changelog
+* Mon Aug 05 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-13
+- vncsession: use /bin/sh if the user shell is not set
+  Resolves: RHEL-52827
+
+* Fri Jul 12 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-12
+- Fix FTBS: drop already applied Xorg patches
+  Resolves: RHEL-46696
+
+* Tue May 28 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-11
+- vncconfig: add option to force view-only remote client connections
+  Resolves: RHEL-11908
+
+* Mon Apr 15 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
+- Drop patches that are already part of xorg-x11-server
+  Resolves: RHEL-30755
+  Resolves: RHEL-30767
+  Resolves: RHEL-30761
+
+* Thu Apr 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-9
+- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
+  Resolves: RHEL-30755
+- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
+  Resolves: RHEL-30767
+- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
+  Resolves: RHEL-30761
+
 * Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
 - Fix copy/paste error in the DeviceStateNotify
-  Resolves: RHEL-20533
+  Resolves: RHEL-20530
 
 * Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
 - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
-  Resolves: RHEL-20389
+  Resolves: RHEL-20388
 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
-  Resolves: RHEL-20383
+  Resolves: RHEL-20382
 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
-  Resolves: RHEL-20533
+  Resolves: RHEL-20530
 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
-  Resolves: RHEL-21213
+  Resolves: RHEL-21214
 
 * Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
 - Use dup() to get available file descriptor when using -inetd option
-  Resolves: RHEL-19858
+  Resolves: RHEL-21000
 
 * Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
 - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
-  Resolves: RHEL-18414
+  Resolves: RHEL-18410
 - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
-  Resolves: RHEL-18426
+  Resolves: RHEL-18422
 
 * Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
 - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
-  Resolves: RHEL-15237
+  Resolves: RHEL-15236
 
 - Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
-  Resolves: RHEL-15249
+  Resolves: RHEL-15230
 
 * Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
 - Support username alias in PlainUsers
-  Resolves: RHEL-8430
+  Resolves: RHEL-4258
 
 * Tue Apr 11 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-2
 - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
   Escalation Vulnerability
-  Resolves: bz#2180310
+  Resolves: bz#2180306
 
 * Tue Mar 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-1
 - 1.13.1
-  Resolves: bz#2175732
+  Resolves: bz#2175748
+- Restore "--fallbacktofreeport" option in the vncserver script
+  Resolves: bz#2174398
 
-* Tue Feb 21 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-12
-- SELinux: allow vncsession create .vnc directory
-  Resolves: bz#2164703
+* Thu Dec 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
+- Bump build version to fix upgrade path
+  Resolves: bz#1437569
 
-* Wed Feb 15 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-11
-- Add sanity check when cleaning up keymap changes
-  Resolves: bz#2169965
-
-* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-10
-- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
-  Resolves: bz#2167061
-
-* Tue Dec 20 2022 Tomas Popela <tpopela@redhat.com> - 1.12.0-9
-- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
-
-* Fri Dec 16 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
-- Rebuild for xorg-x11-server CVEs
-  Resolves: CVE-2022-4283 (bz#2154234)
-  Resolves: CVE-2022-46340 (bz#2154221)
-  Resolves: CVE-2022-46341 (bz#2154224)
-  Resolves: CVE-2022-46342 (bz#2154226)
-  Resolves: CVE-2022-46343 (bz#2154228)
-  Resolves: CVE-2022-46344 (bz#2154230)
-
-* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
+* Fri Nov 18 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
 - x0vncserver: add new keysym in case we don't find matching keycode
-  + actually apply the patch
-  Resolves: bz#2119017
+  Resolves: bz#1437569
 
-* Thu Dec 01 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
-- x0vncserver: add new keysym in case we don't find matching keycode
-  Resolves: bz#2119017
-
-* Mon Oct 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
+* Wed Aug 24 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-7
 - x0vncserver: fix ghost cursor in zaphod mode (better version)
-  Resolves: bz#2119016
+  Resolves: bz#2109679
 
-* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
-- Add BR: libXdamage, libXfixes, libXrandr
-  Resolves: bz#2091833
+* Wed Aug 17 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-6
+- x0vncserver: fix ghost cursor in zaphod mode
+  Resolves: bz#2109679
 
-* Tue Apr 05 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
-- Do not run systemd_preun on Xvnc service file
-  Resolves: bz#2048011
+* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
+- BR: libXdamage, libXfixes, libXrandr
+  Resolves: bz#2088733
 
-* Mon Apr 04 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
-- Drop unexisting option from the old vncserver script
-  Resolves: bz#2021893
-
-* Wed Mar 23 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
-- 1.12.0 + sync with Fedora
-  Resolves: bz#2048011
-  Resolves: bz#2021893
-
-* Mon Feb 07 2022 Jan Grulich <jgrulich@redhat.com> - 1.11.0-21
+* Tue Feb 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
 - Added vncsession-restore script for SELinux policy migration
   Fix SELinux context for root user
-  Resolves: bz#2049506
+  Resolves: bz#2021892
 
-* Fri Nov 26 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-20
-- Rebuild for absence in RHEL 9.0
-  Resolves: bz#1985858
+* Fri Jan 21 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
+- Fix crash in vncviewer
+  Resolves: bz#2021892
 
-* Mon Aug 16 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-19
-- Sync upstream patches + drop unused patches
-  Resolves: bz#1985858
+* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
+- Remove unavailable option from vncserver script
+  Resolves: bz#2021892
 
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-18
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
+- 1.12.0
+  Resolves: bz#2021892
 
-* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-17
+* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
 - Fix logout from VNC session using vncserver
-  Resolves: bz#1983704
+  Resolves: bz#1983706
 
-* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-16
-- Bump version for rebuild (binutils)
-  Resolves: bz#1961488
+* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
+- Run all SELinux RPM macros on correct package
+  Resolves: bz#1907963
 
-* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-14
+* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-7
 - SELinux improvements
-  Resolves: bz#1961488
+  Resolves: bz#1907963
 
-- Fix endianness issue on s390x
-  Resolves: bz#1963029
+* Tue Dec 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
+- Use GNOME as default session
+  Resolves: bz#1853608
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.11.0-13
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
+- Make sure we log properly output to journal (actually log to syslog)
+  Resolves: bz#1841537
 
-* Mon Mar 08 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-12
-- Include RHEL8 patches
+* Thu Dec 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
+- Make sure we log properly output to journal
+  Resolves: bz#1841537
 
-* Fri Mar 05 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-11
-- Enable old vncserver script for RHEL 9
+* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
+- vncserver: ignore new "session" parameter from the new systemd support
+  Resolves: bz#1897504
 
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Wed Nov 18 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
+- Revert removal of vncserver
+  Resolves: bz#1897504
+- Correctly start vncsession as a daemon
+  Resolves: bz#1897498
 
-* Thu Dec 10 07:45:46 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
-- vncserver: ignore new session parameter from the new systemd support
+* Tue Oct 20 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
+- Update to 1.11.0
+  Resolves: bz#1880985
+- Backport fix to allow Tigervnc use boolean values in config files
+  Resolves: bz#1883415
 
-* Fri Nov 13 14:08:29 CET 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-8
-- Use /run instead of /var/run which is just a symlink
+* Wed Sep 30 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-8
+- Tolerate specifying -BoolParam 0 and similar
+  Resolves: bz#1883415
 
-* Thu Nov 05 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.11.0-7
-- Require xkbcomp directly, not xorg-x11-xkb-utils. The latter has had
-  Provides xkbcomp for years.
+* Wed Jul 08 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-7
+- Enable server module on s390x
+  Resolves: bz#1854925
 
-* Tue Sep 29 13:12:22 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-6
-- Backport upstream fix allowing Tigervnc to specify boolean valus in configuration
-- Revert removal of vncserver for F32 and F33
+* Fri Jul 03 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-6
+- Remove trailing spaces in user name
+  Resolves: bz#1852432
 
-* Thu Sep 24 07:14:06 CEST 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-5
-- Actually install the HOWTO.md file
-
-* Wed Sep 23 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-4
-- Call systemd macros on correct service file
-
-* Tue Sep 22 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-3
-- Do not overwrite libvnc.conf config file
-
-* Thu Sep 17 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-2
+* Thu Jun 25 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
+- Install the HOWTO file to correct location
 - Add /usr/bin/vncserver file informing users to read the HOWTO.md file
+  Resolves: bz#1790443
 
-* Wed Sep 09 2020 Jan Grulich <jgrulich@redhat.com> - 1.11.0-1
-- 1.11.0
+* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-4
+- Improve SELinux policy
+  Resolves: bz#1790443
 
-* Mon Aug 24 2020 Jan Grulich <jgrulich@redhat.com. - 1.10.90-1
-- Update to 1.10.90 (1.11.0 beta)
+* Mon Jun 15 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-3
+- Add a HOWTO.md file with instructions how to start VNC server
+  Resolves: bz#1790443
 
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-9
-- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+* Tue May 26 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
+- Make the systemd service run also for root user
+  Resolves: bz#1790443
 
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-7
-- Use make macros
-- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
-
-* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 1.10.1-6
-- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
-
-* Sun Apr 19 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-5
-- Requires: dbus-x11
-  Resolves: bz#1825331
-
-* Fri Mar 13 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.10.1-4
-- Fix build with xserver 1.20.7
-
-* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Jan 13 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-2
-- Build with -std=c++11
-
-* Fri Dec 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
+* Mon Apr 27 2020 Jan Grulich <jgrulich@redhat.com> - 1.10.1-1
 - Update to 1.10.1
+  Resolves: bz#1806992
 
-* Tue Dec 10 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-2
-- Properly install systemd files
+- Add proper systemd support
+  Resolves: bz#1790443
 
-* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.10.0-1
-- Update to 1.10.0
+* Tue Jan 28 2020 Jan Grulich <jgrulich@redhat.com> - 1.9.0-13
+- Bump build because of z-stream
+  Resolves: bz#1671714
 
-* Fri Oct 18 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.90-1
-- Update to 1.9.90 (1.10 beta)
-- Add systemd user service file
-- Use a wrapper for systemd system service file to workaround systemd limitations
+* Wed Dec 11 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-12
+- Fix installation of systemd files
+  Resolves: bz#1671714
 
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+* Wed Nov 20 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-11
+- Use wrapper script to workaround systemd issues
+  Resolves: bz#1671714
 
-* Fri Jul 19 2019 Dan Horák <dan[at]danny.cz> - 1.9.0-6
-- drop the s390x special handling (related #1727029)
+* Fri Jul 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-10
+- Do not return returncode indicating error when running "vncserver -list"
+  Resolves: bz#1727860
 
-* Wed Jun 12 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
-- Add missing arguments to systemd_postun scriptlets
-  Resolves: bz#1716411
+* Fri Feb 08 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-9
+- Make tigervnc systemd service a user service
+  Resolves: bz#1639846
 
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+* Mon Jan 21 2019 Jan Grulich <jgrulich@redhat.com> - 1.9.0-8
+- Kill the session automatically only when Gnome is installed
+  Resolves: bz#1665876
 
-* Tue Sep 25 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
+* Tue Nov 20 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-7
+- Improve coverity scan fixes
+  Resolves: bz#1602714
+
+  Inform whether view-only password is used or not
+  Resolves: bz#1639169
+
+  Backport fixes from RHEL 7
+  Resolves: bz#1651254
+
+* Tue Oct 09 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-6
 - Do not crash passwd when using malloc perturb checks
-  Resolves: bz#1631483
+  Resolves: bz#1637086
+
+* Mon Oct 08 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-5
+- Improve coverity scan fixes
+  Resolves: bz#1602714
+
+* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-4
+- Improve coverity scan fixes
+  Resolves: bz#1602714
+
+* Wed Oct 03 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
+- Fix some coverity scan issues
+  Resolves: bz#1602714
 
 * Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2
-- Ignore buttons in mouse leave events
-  Resolves: bz#1609516
+- Remove dependency on initscripts
 
 * Tue Jul 17 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-1
-- Update to 1.9.0
+- Update to 1.9.0 + sync with Fedora
 
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.90-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+* Tue Jun 12 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-10
+- Fix GLX initialization with Xorg 1.20
 
-* Wed Jul  4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.90-2
-- Clean up spec: use macros consistenly, drop old sys-v migrations
-- Drop ancient obsolete/provides
+* Tue May 29 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-9
+- Build against Xorg 1.20
 
-* Thu Jun 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.90-1
-- Update to 1.8.90
-
-* Wed Jun 13 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-10
-- Fix tigervnc systemd unit file
-  Resolves: bz#1583159
-
-* Wed Jun 06 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-9
-- Fix GLX initialization with 1.20
-
-* Wed Apr 04 2018 Adam Jackson <ajax@redhat.com> - 1.8.0-8
-- Rebuild for xserver 1.20
+* Mon May 14 2018 Jan Grulich <jgrulich@redhat.com> - 1.8.0-8
+- Drop BR: ImageMagick
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild