From 55dd353e2e4b1cea6c6f34d78b9097196b14af8c Mon Sep 17 00:00:00 2001
From: Simone Caronni <negativo17@gmail.com>
Date: Dec 12 2015 13:43:02 +0000
Subject: Add patch for using system crypto policies (#1179318)


---

diff --git a/LibVNCServer-0.9.10-system-crypto-policy.patch b/LibVNCServer-0.9.10-system-crypto-policy.patch
new file mode 100644
index 0000000..198aeec
--- /dev/null
+++ b/LibVNCServer-0.9.10-system-crypto-policy.patch
@@ -0,0 +1,26 @@
+diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c
+--- libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c	2015-12-12 00:14:37.269157918 +0100
++++ libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c	2015-12-12 11:23:29.391385234 +0100
+@@ -31,8 +31,8 @@
+ #include "tls.h"
+ 
+ 
+-static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
+-static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH";
++static const char *rfbTLSPriority = "@SYSTEM";
++static const char *rfbAnonTLSPriority= "@SYSTEM";
+ 
+ #define DH_BITS 1024
+ static gnutls_dh_params_t rfbDHParams;
+diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c
+--- libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c	2015-12-12 00:14:37.270157930 +0100
++++ libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c	2015-12-12 11:14:49.966830581 +0100
+@@ -54,7 +54,7 @@
+ 
+     if (!GNUTLS_E_SUCCESS == (ret = gnutls_init(&session, GNUTLS_SERVER))) {
+       /* */
+-    } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_priority_set_direct(session, "EXPORT", NULL))) {
++    } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_set_default_priority(session))) {
+       /* */
+     } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->x509_cred))) {
+       /* */
diff --git a/libvncserver.spec b/libvncserver.spec
index c3bc290..dc57364 100644
--- a/libvncserver.spec
+++ b/libvncserver.spec
@@ -1,7 +1,7 @@
 Summary:    Library to make writing a VNC server easy
 Name:       libvncserver
 Version:    0.9.10
-Release:    1%{?dist}
+Release:    2%{?dist}
 
 # NOTE: --with-filetransfer => GPLv2
 License:    GPLv2+
@@ -10,6 +10,7 @@ Source0:    https://github.com/LibVNC/libvncserver/archive/LibVNCServer-%{versio
 
 Patch1:     LibVNCServer-0.9.10-system_minilzo.patch
 Patch2:     libvncserver-0.9.1-multilib.patch
+Patch3:     LibVNCServer-0.9.10-system-crypto-policy.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -64,6 +65,7 @@ developing applications that use %{name}.
 # Nuke bundled minilzo
 rm -fv common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
 %patch2 -p1 -b .multilib
+%patch3 -p1
 
 # Fix encoding
 for file in ChangeLog ; do
@@ -125,6 +127,9 @@ make -C test test ||:
 
 
 %changelog
+* Sat Dec 12 2015 Simone Caronni <negativo17@gmail.com> - 0.9.10-2
+- Add patch for using system crypto policies (#1179318).
+
 * Fri Dec 11 2015 Simone Caronni <negativo17@gmail.com> - 0.9.10-1
 - Update to official 0.9.10 release, update configure parameters and remove
   upstreamed patches.