Merge branch 'master' into 'release/1.2.0'

Ingest version changes to cut new installers See merge request kasm-technologies/internal/KasmVNC!111
67 changed files with 198 additions and 1951 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -11,13 +11,12 @@ variables:
  # arm builds, because build_debian_buster_arm matches build_debian_buster.
  # "BUILD_JOBS: none" won't build any build jobs, nor www.
  BUILD_JOBS: all
-  DOCKER_HOST: tcp://docker:2375
+  DOCKER_HOST: unix://
  DOCKER_TLS_CERTDIR: ""
 workflow:
  rules:
    # Disable tag builds.
-    - if: $CI_COMMIT_TAG != $CI_COMMIT_REF_NAME && $CI_PIPELINE_SOURCE != "merge_request_event"
+    - if: $CI_COMMIT_TAG != $CI_COMMIT_REF_NAME
 stages:
  - www
@ -39,13 +38,11 @@ stages:
 default:
  tags:
-    - oci-fixed-amd
+    - oci-fixed-amd64
 build_www:
  stage: www
  allow_failure: false
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
  script:
@ -69,8 +66,6 @@ build_www:
 build_ubuntu_bionic:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -89,7 +84,7 @@ build_ubuntu_bionic_arm:
  stage: build
  allow_failure: false
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -107,8 +102,6 @@ build_ubuntu_bionic_arm:
 build_ubuntu_focal:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -127,7 +120,7 @@ build_ubuntu_focal_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -145,8 +138,6 @@ build_ubuntu_focal_arm:
 build_ubuntu_jammy:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -165,7 +156,7 @@ build_ubuntu_jammy_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -180,37 +171,16 @@ build_ubuntu_jammy_arm:
    paths:
      - output/
-build_ubuntu_noble:
+build_debian_buster:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package ubuntu noble;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_ubuntu_noble_arm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
-    - bash builder/build-package ubuntu noble;
+    - bash builder/build-package debian buster;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
@ -218,11 +188,11 @@ build_ubuntu_noble_arm:
    paths:
      - output/
-build_debian_buster:
+build_debian_buster_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-amd
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -237,18 +207,16 @@ build_debian_buster:
    paths:
      - output/
-build_debian_buster_arm:
+build_debian_bullseye:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
-    - bash builder/build-package debian buster;
+    - bash builder/build-package debian bullseye;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
@ -256,11 +224,11 @@ build_debian_buster_arm:
    paths:
      - output/
-build_debian_bullseye:
+build_debian_bullseye_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-amd
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -275,18 +243,17 @@ build_debian_bullseye:
    paths:
      - output/
-build_debian_bullseye_arm:
+
 build_debian_bookworm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
-    - bash builder/build-package debian bullseye;
+    - bash builder/build-package debian bookworm;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
@ -294,12 +261,11 @@ build_debian_bullseye_arm:
    paths:
      - output/
-
+build_debian_bookworm_arm:
 build_debian_bookworm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-amd
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -314,18 +280,16 @@ build_debian_bookworm:
    paths:
      - output/
-build_debian_bookworm_arm:
+build_kali_rolling:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
-    - bash builder/build-package debian bookworm;
+    - bash builder/build-package kali kali-rolling;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
@ -333,11 +297,11 @@ build_debian_bookworm_arm:
    paths:
      - output/
-build_kali_rolling:
+build_kali_rolling_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-amd
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -352,18 +316,16 @@ build_kali_rolling:
    paths:
      - output/
-build_kali_rolling_arm:
+build_centos7:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
-    - bash builder/build-package kali kali-rolling;
+    - bash builder/build-package centos core
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
@ -374,8 +336,6 @@ build_kali_rolling_arm:
 build_oracle_8:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -394,7 +354,7 @@ build_oracle_8_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -412,8 +372,6 @@ build_oracle_8_arm:
 build_oracle_9:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -432,7 +390,7 @@ build_oracle_9_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -450,8 +408,6 @@ build_oracle_9_arm:
 build_opensuse_15:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -470,7 +426,7 @@ build_opensuse_15_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -488,8 +444,6 @@ build_opensuse_15_arm:
 build_fedora_thirtyseven:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -508,7 +462,7 @@ build_fedora_thirtyseven_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -526,8 +480,6 @@ build_fedora_thirtyseven_arm:
 build_fedora_thirtyeight:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -546,7 +498,7 @@ build_fedora_thirtyeight_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -561,125 +513,9 @@ build_fedora_thirtyeight_arm:
    paths:
      - output/
 build_fedora_thirtynine:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package fedora thirtynine;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_fedora_thirtynine_arm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package fedora thirtynine;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_fedora_forty:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package fedora forty;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_fedora_forty_arm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script: 
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package fedora forty;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_fedora_fortyone:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package fedora fortyone;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_fedora_fortyone_arm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script: 
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script: 
    - bash builder/build-package fedora fortyone;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_alpine_317:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -698,7 +534,7 @@ build_alpine_317_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -715,8 +551,6 @@ build_alpine_317_arm:
 test:
  stage: test
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
  script:
@ -726,8 +560,6 @@ test:
 build_alpine_318:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
@ -746,7 +578,7 @@ build_alpine_318_arm:
  stage: build
  allow_failure: true
  tags:
-    - oci-fixed-arm
+    - oci-fixed-arm64
  before_script:
    - *prepare_build
    - *prepare_www
@ -761,125 +593,9 @@ build_alpine_318_arm:
    paths:
      - output/
 build_alpine_319:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package alpine 319;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_alpine_319_arm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package alpine 319;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_alpine_320:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package alpine 320;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_alpine_320_arm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package alpine 320;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_alpine_321:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-amd
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package alpine 321;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_alpine_321_arm:
  stage: build
  allow_failure: true
  tags:
    - oci-fixed-arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package alpine 321;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 upload:
  stage: upload
  image: ubuntu:focal
  tags:
    - oci-fixed-amd
  artifacts:
    paths:
      - output/
@ -917,8 +633,6 @@ upload_build_preview:
  needs: ["upload"]
  dependencies: ["upload"]
  image: ubuntu:focal
  tags:
    - oci-fixed-amd
  before_script:
    - . .ci/upload.sh
  resource_group: upload_build_preview
--- a/.gitmodules
+++ b/.gitmodules
@ -1,4 +1,4 @@
 [submodule "kasmweb"]
 	path = kasmweb
 	url = https://github.com/kasmtech/noVNC.git
-	branch = release/1.2.2
+	branch = master
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@
 KasmVNC provides remote web-based access to a Desktop or application. While VNC is in the name, KasmVNC differs from other VNC variants such as TigerVNC, RealVNC, and TurboVNC. KasmVNC has broken from the RFB specification which defines VNC, in order to support modern technologies and increase security. KasmVNC is accessed by users from any modern browser and does not support legacy VNC viewer applications. KasmVNC uses a modern YAML based configuration at the server and user level, allowing for ease of management.
-[Kasm Technologies](https://www.kasmweb.com) developed Kasm Workspaces, the Containerized Streaming Platform. Kasm has open-sourced the Workspace docker images, which include containerized [full desktops and apps](https://github.com/kasmtech/workspaces-images) and [base images](https://github.com/kasmtech/workspaces-core-images) intended for developers to create customized streaming containers. These containers can be used standalone or within the [Kasm Workspaces Platform](https://www.kasmweb.com) which provides a full Enterprise feature set.
+[Kasm Technologies](https://www.kasmweb.com) developed Kasm Workspaces, the Containerized Streaming Platform. Kasm has open-sourced the Workspace docker images, which include containerized [full desktops and apps](https://github.com/kasmtech/workspaces-images) and [base images](https://github.com/kasmtech/workspaces-core-images) intended for developers to create custimized streaming containers. These containers can be used standalone or within the [Kasm Workspaces Platform](https://www.kasmweb.com) which provides a full Enterprise feature set.
 ## Documentation
@ -27,7 +27,7 @@ wget <package_url>
 sudo apt-get install ./kasmvncserver_*.deb
 # Add your user to the ssl-cert group
-sudo adduser $USER ssl-cert
+sudo addgroup $USER ssl-cert
 ```
 ### Oracle 8
@ -269,4 +269,4 @@ Future Goals:
 See the [builder/README.md](https://github.com/kasmtech/KasmVNC/blob/master/builder/README.md). We containerize our build systems to ensure highly repeatable builds.
 ### License and Acknowledgements
-See the [LICENSE.TXT](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT) and [ACKNOWLEDGEMENTS.md](https://github.com/kasmtech/KasmVNC/blob/master/ACKNOWLEDGEMENTS.md)
+See the [LICENSE.TXT](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT) and [ACKNOWLEDGEMENTS.MD](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT)
--- a/builder/build.sh
+++ b/builder/build.sh
@ -46,11 +46,7 @@ EOF
 cd /tmp
 # default to the version of x in Ubuntu 18.04, otherwise caller will need to specify
 XORG_VER=${XORG_VER:-"1.19.6"}
 if [[ "${XORG_VER}" == 21* ]]; then
  XORG_PATCH=21
 else
 XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##')
 fi
 wget --no-check-certificate https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.gz
 #git clone https://kasmweb@bitbucket.org/kasmtech/kasmvnc.git
@ -143,8 +139,6 @@ if [ -d /usr/lib/x86_64-linux-gnu/dri ]; then
  ln -s /usr/lib/x86_64-linux-gnu/dri dri
 elif [ -d /usr/lib/aarch64-linux-gnu/dri ]; then
  ln -s /usr/lib/aarch64-linux-gnu/dri dri
 elif [ -d /usr/lib/arm-linux-gnueabihf/dri ]; then
  ln -s /usr/lib/arm-linux-gnueabihf/dri dri
 elif [ -d /usr/lib/xorg/modules/dri ]; then
  ln -s /usr/lib/xorg/modules/dri dri
 else
--- a/builder/dockerfile.alpine_317.build
+++ b/builder/dockerfile.alpine_317.build
@ -2,7 +2,7 @@ FROM alpine:3.17
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 317
-ENV XORG_VER 21.1.8
+ENV XORG_VER 1.20.14
 RUN \
  echo "**** install build deps ****" && \
--- a/builder/dockerfile.alpine_318.build
+++ b/builder/dockerfile.alpine_318.build
@ -2,7 +2,7 @@ FROM alpine:3.18
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 318
-ENV XORG_VER 21.1.10
+ENV XORG_VER 1.20.14
 RUN \
  echo "**** install build deps ****" && \
--- a/builder/dockerfile.alpine_319.apk.build
+++ b/builder/dockerfile.alpine_319.apk.build
@ -1,7 +0,0 @@
 FROM alpine:3.19
 RUN apk add shadow bash
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 USER docker
--- a/builder/dockerfile.alpine_319.build
+++ b/builder/dockerfile.alpine_319.build
@ -1,82 +0,0 @@
 FROM alpine:3.19
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 319
 ENV XORG_VER 21.1.12
 RUN \
  echo "**** install build deps ****" && \
  apk add \
    alpine-release \
    alpine-sdk \
    autoconf \
    automake \
    bash \
    ca-certificates \
    cmake \
    coreutils \
    curl \
    eudev-dev \
    font-cursor-misc \
    font-misc-misc \
    font-util-dev \
    git \
    grep \
    jq \
    libdrm-dev \
    libepoxy-dev \
    libjpeg-turbo-dev \
    libjpeg-turbo-static \
    libpciaccess-dev \
    libtool \
    libwebp-dev \
    libx11-dev \
    libxau-dev \
    libxcb-dev \
    libxcursor-dev \
    libxcvt-dev \
    libxdmcp-dev \
    libxext-dev \
    libxfont2-dev \
    libxkbfile-dev \
    libxrandr-dev \
    libxshmfence-dev \
    libxtst-dev \
    mesa-dev \
    mesa-dri-gallium \
    meson \
    nettle-dev \
    openssl-dev \
    pixman-dev \
    procps \
    shadow \
    tar \
    tzdata \
    wayland-dev \
    wayland-protocols \
    xcb-util-dev \
    xcb-util-image-dev \
    xcb-util-keysyms-dev \
    xcb-util-renderutil-dev \
    xcb-util-wm-dev \
    xinit \
    xkbcomp \
    xkbcomp-dev \
    xkeyboard-config \
    xorgproto \
    xorg-server-common \
    xorg-server-dev \
    xtrans
 ENV SCRIPTS_DIR=/tmp/scripts
 COPY builder/scripts $SCRIPTS_DIR
 RUN $SCRIPTS_DIR/build-webp
 RUN $SCRIPTS_DIR/build-libjpeg-turbo
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.alpine_320.apk.build
+++ b/builder/dockerfile.alpine_320.apk.build
@ -1,7 +0,0 @@
 FROM alpine:3.20
 RUN apk add shadow bash
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 USER docker
--- a/builder/dockerfile.alpine_320.build
+++ b/builder/dockerfile.alpine_320.build
@ -1,82 +0,0 @@
 FROM alpine:3.20
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 320
 ENV XORG_VER 21.1.14
 RUN \
  echo "**** install build deps ****" && \
  apk add \
    alpine-release \
    alpine-sdk \
    autoconf \
    automake \
    bash \
    ca-certificates \
    cmake \
    coreutils \
    curl \
    eudev-dev \
    font-cursor-misc \
    font-misc-misc \
    font-util-dev \
    git \
    grep \
    jq \
    libdrm-dev \
    libepoxy-dev \
    libjpeg-turbo-dev \
    libjpeg-turbo-static \
    libpciaccess-dev \
    libtool \
    libwebp-dev \
    libx11-dev \
    libxau-dev \
    libxcb-dev \
    libxcursor-dev \
    libxcvt-dev \
    libxdmcp-dev \
    libxext-dev \
    libxfont2-dev \
    libxkbfile-dev \
    libxrandr-dev \
    libxshmfence-dev \
    libxtst-dev \
    mesa-dev \
    mesa-dri-gallium \
    meson \
    nettle-dev \
    openssl-dev \
    pixman-dev \
    procps \
    shadow \
    tar \
    tzdata \
    wayland-dev \
    wayland-protocols \
    xcb-util-dev \
    xcb-util-image-dev \
    xcb-util-keysyms-dev \
    xcb-util-renderutil-dev \
    xcb-util-wm-dev \
    xinit \
    xkbcomp \
    xkbcomp-dev \
    xkeyboard-config \
    xorgproto \
    xorg-server-common \
    xorg-server-dev \
    xtrans
 ENV SCRIPTS_DIR=/tmp/scripts
 COPY builder/scripts $SCRIPTS_DIR
 RUN $SCRIPTS_DIR/build-webp
 RUN $SCRIPTS_DIR/build-libjpeg-turbo
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.alpine_321.apk.build
+++ b/builder/dockerfile.alpine_321.apk.build
@ -1,7 +0,0 @@
 FROM alpine:3.21
 RUN apk add shadow bash
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 USER docker
--- a/builder/dockerfile.alpine_321.build
+++ b/builder/dockerfile.alpine_321.build
@ -1,82 +0,0 @@
 FROM alpine:3.21
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 321
 ENV XORG_VER 21.1.14
 RUN \
  echo "**** install build deps ****" && \
  apk add \
    alpine-release \
    alpine-sdk \
    autoconf \
    automake \
    bash \
    ca-certificates \
    cmake \
    coreutils \
    curl \
    eudev-dev \
    font-cursor-misc \
    font-misc-misc \
    font-util-dev \
    git \
    grep \
    jq \
    libdrm-dev \
    libepoxy-dev \
    libjpeg-turbo-dev \
    libjpeg-turbo-static \
    libpciaccess-dev \
    libtool \
    libwebp-dev \
    libx11-dev \
    libxau-dev \
    libxcb-dev \
    libxcursor-dev \
    libxcvt-dev \
    libxdmcp-dev \
    libxext-dev \
    libxfont2-dev \
    libxkbfile-dev \
    libxrandr-dev \
    libxshmfence-dev \
    libxtst-dev \
    mesa-dev \
    mesa-dri-gallium \
    meson \
    nettle-dev \
    openssl-dev \
    pixman-dev \
    procps \
    shadow \
    tar \
    tzdata \
    wayland-dev \
    wayland-protocols \
    xcb-util-dev \
    xcb-util-image-dev \
    xcb-util-keysyms-dev \
    xcb-util-renderutil-dev \
    xcb-util-wm-dev \
    xinit \
    xkbcomp \
    xkbcomp-dev \
    xkeyboard-config \
    xorgproto \
    xorg-server-common \
    xorg-server-dev \
    xtrans
 ENV SCRIPTS_DIR=/tmp/scripts
 COPY builder/scripts $SCRIPTS_DIR
 RUN $SCRIPTS_DIR/build-webp
 RUN $SCRIPTS_DIR/build-libjpeg-turbo
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.debian_bookworm.build
+++ b/builder/dockerfile.debian_bookworm.build
@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 ENV KASMVNC_BUILD_OS debian
 ENV KASMVNC_BUILD_OS_CODENAME bookworm
-ENV XORG_VER 21.1.7
+ENV XORG_VER 1.20.10
 ENV DEBIAN_FRONTEND noninteractive
 RUN \
--- a/builder/dockerfile.fedora_forty.build
+++ b/builder/dockerfile.fedora_forty.build
@ -1,86 +0,0 @@
 FROM fedora:40
 ENV KASMVNC_BUILD_OS fedora
 ENV KASMVNC_BUILD_OS_CODENAME forty
 ENV XORG_VER 1.20.14
 RUN \
  echo "**** install build deps ****" && \
  dnf group install -y \
    "C Development Tools and Libraries" \
    "Development Tools" && \
  dnf install -y \
    autoconf \
    automake \
    bison \
    byacc \
    bzip2 \
    cmake \
    diffutils \
    doxygen \
    file \
    flex \
    fop \
    gcc \
    gcc-c++ \
    git \
    glibc-devel \
    libdrm-devel \
    libepoxy-devel \
    libmd-devel \
    libpciaccess-devel \
    libtool \
    libwebp-devel \
    libX11-devel \
    libXau-devel \
    libxcb-devel \
    libXcursor-devel \
    libxcvt-devel \
    libXdmcp-devel \
    libXext-devel \
    libXfont2-devel \
    libxkbfile-devel \
    libXrandr-devel \
    libxshmfence-devel \
    libXtst-devel \
    mesa-libEGL-devel \
    mesa-libgbm-devel \
    mesa-libGL-devel \
    meson \
    mingw64-binutils \
    mt-st \
    nettle-devel \
    openssl-devel \
    patch \
    pixman-devel \
    wayland-devel \
    wget \
    which \
    xcb-util-devel \
    xcb-util-image-devel \
    xcb-util-keysyms-devel \
    xcb-util-renderutil-devel \
    xcb-util-wm-devel \
    xinit \
    xkbcomp \
    xkbcomp-devel \
    xkeyboard-config \
    xmlto \
    xorg-x11-font-utils \
    xorg-x11-proto-devel \
    xorg-x11-server-common \
    xorg-x11-server-devel \
    xorg-x11-xtrans-devel \
    xsltproc
 ENV SCRIPTS_DIR=/tmp/scripts
 COPY builder/scripts $SCRIPTS_DIR
 RUN $SCRIPTS_DIR/build-webp
 RUN $SCRIPTS_DIR/build-libjpeg-turbo
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.fedora_forty.rpm.build
+++ b/builder/dockerfile.fedora_forty.rpm.build
@ -1,13 +0,0 @@
 FROM fedora:40
 RUN dnf install -y fedora-packager fedora-review
 RUN dnf install -y tree vim less
 RUN dnf install -y redhat-lsb-core
 RUN dnf install -y dnf-plugins-core
 COPY fedora/*.spec /tmp
 RUN dnf builddep -y /tmp/*.spec
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 USER docker
--- a/builder/dockerfile.fedora_fortyone.build
+++ b/builder/dockerfile.fedora_fortyone.build
@ -1,87 +0,0 @@
 FROM fedora:41
 ENV KASMVNC_BUILD_OS fedora
 ENV KASMVNC_BUILD_OS_CODENAME fortyone
 ENV XORG_VER 21.1.15
 RUN \
  echo "**** install build deps ****" && \
  dnf group install -y \
    c-development \
    development-tools \
    development-libs && \
  dnf install -y \
    autoconf \
    automake \
    bison \
    byacc \
    bzip2 \
    cmake \
    diffutils \
    doxygen \
    file \
    flex \
    fop \
    gcc \
    gcc-c++ \
    git \
    glibc-devel \
    libdrm-devel \
    libepoxy-devel \
    libmd-devel \
    libpciaccess-devel \
    libtool \
    libwebp-devel \
    libX11-devel \
    libXau-devel \
    libxcb-devel \
    libXcursor-devel \
    libxcvt-devel \
    libXdmcp-devel \
    libXext-devel \
    libXfont2-devel \
    libxkbfile-devel \
    libXrandr-devel \
    libxshmfence-devel \
    libXtst-devel \
    mesa-libEGL-devel \
    mesa-libgbm-devel \
    mesa-libGL-devel \
    meson \
    mingw64-binutils \
    mt-st \
    nettle-devel \
    openssl-devel \
    patch \
    pixman-devel \
    wayland-devel \
    wget \
    which \
    xcb-util-devel \
    xcb-util-image-devel \
    xcb-util-keysyms-devel \
    xcb-util-renderutil-devel \
    xcb-util-wm-devel \
    xinit \
    xkbcomp \
    xkbcomp-devel \
    xkeyboard-config \
    xmlto \
    xorg-x11-font-utils \
    xorg-x11-proto-devel \
    xorg-x11-server-common \
    xorg-x11-server-devel \
    xorg-x11-xtrans-devel \
    xsltproc
 ENV SCRIPTS_DIR=/tmp/scripts
 COPY builder/scripts $SCRIPTS_DIR
 RUN $SCRIPTS_DIR/build-webp
 RUN $SCRIPTS_DIR/build-libjpeg-turbo
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.fedora_fortyone.rpm.build
+++ b/builder/dockerfile.fedora_fortyone.rpm.build
@ -1,13 +0,0 @@
 FROM fedora:41
 RUN dnf install -y fedora-packager fedora-review
 RUN dnf install -y tree vim less
 RUN dnf install -y redhat-lsb-core
 RUN dnf install -y dnf-plugins-core
 COPY fedora/*.spec /tmp
 RUN dnf builddep -y /tmp/*.spec
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 USER docker
--- a/builder/dockerfile.fedora_thirtynine.build
+++ b/builder/dockerfile.fedora_thirtynine.build
@ -1,86 +0,0 @@
 FROM fedora:39
 ENV KASMVNC_BUILD_OS fedora
 ENV KASMVNC_BUILD_OS_CODENAME thirtynine
 ENV XORG_VER 1.20.14
 RUN \
  echo "**** install build deps ****" && \
  dnf group install -y \
    "C Development Tools and Libraries" \
    "Development Tools" && \
  dnf install -y \
    autoconf \
    automake \
    bison \
    byacc \
    bzip2 \
    cmake \
    diffutils \
    doxygen \
    file \
    flex \
    fop \
    gcc \
    gcc-c++ \
    git \
    glibc-devel \
    libdrm-devel \
    libepoxy-devel \
    libmd-devel \
    libpciaccess-devel \
    libtool \
    libwebp-devel \
    libX11-devel \
    libXau-devel \
    libxcb-devel \
    libXcursor-devel \
    libxcvt-devel \
    libXdmcp-devel \
    libXext-devel \
    libXfont2-devel \
    libxkbfile-devel \
    libXrandr-devel \
    libxshmfence-devel \
    libXtst-devel \
    mesa-libEGL-devel \
    mesa-libgbm-devel \
    mesa-libGL-devel \
    meson \
    mingw64-binutils \
    mt-st \
    nettle-devel \
    openssl-devel \
    patch \
    pixman-devel \
    wayland-devel \
    wget \
    which \
    xcb-util-devel \
    xcb-util-image-devel \
    xcb-util-keysyms-devel \
    xcb-util-renderutil-devel \
    xcb-util-wm-devel \
    xinit \
    xkbcomp \
    xkbcomp-devel \
    xkeyboard-config \
    xmlto \
    xorg-x11-font-utils \
    xorg-x11-proto-devel \
    xorg-x11-server-common \
    xorg-x11-server-devel \
    xorg-x11-xtrans-devel \
    xsltproc
 ENV SCRIPTS_DIR=/tmp/scripts
 COPY builder/scripts $SCRIPTS_DIR
 RUN $SCRIPTS_DIR/build-webp
 RUN $SCRIPTS_DIR/build-libjpeg-turbo
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.fedora_thirtynine.rpm.build
+++ b/builder/dockerfile.fedora_thirtynine.rpm.build
@ -1,13 +0,0 @@
 FROM fedora:39
 RUN dnf install -y fedora-packager fedora-review
 RUN dnf install -y tree vim less
 RUN dnf install -y redhat-lsb-core
 RUN dnf install -y dnf-plugins-core
 COPY fedora/*.spec /tmp
 RUN dnf builddep -y /tmp/*.spec
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 USER docker
--- a/builder/dockerfile.kali_kali-rolling.build
+++ b/builder/dockerfile.kali_kali-rolling.build
@ -2,8 +2,10 @@ FROM kalilinux/kali-rolling:latest
 ENV KASMVNC_BUILD_OS kali
 ENV KASMVNC_BUILD_OS_CODENAME kali-rolling
-ENV XORG_VER 21.1.14
+ENV XORG_VER 1.20.10
 ENV DEBIAN_FRONTEND noninteractive
 ENV CC=gcc-11
 ENV CXX=g++-11
 RUN grep '^deb'  /etc/apt/sources.list | sed 's#^deb#deb-src#' >> /etc/apt/sources.list
@ -12,7 +14,7 @@ RUN apt-get update && \
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
-RUN apt-get update && apt-get -y install gcc g++ curl
+RUN apt-get update && apt-get -y install gcc-11 g++-11 curl
 RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget tightvncserver
 RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
--- a/builder/dockerfile.oracle_8.build
+++ b/builder/dockerfile.oracle_8.build
@ -2,7 +2,7 @@ FROM oraclelinux:8
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 8
-ENV XORG_VER 1.20.11
+ENV XORG_VER 1.20.10
 # Install from stock repos
 RUN \
--- a/builder/dockerfile.oracle_9.build
+++ b/builder/dockerfile.oracle_9.build
@ -2,7 +2,7 @@ FROM oraclelinux:9
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 9
-ENV XORG_VER 1.20.11
+ENV XORG_VER 1.20.10
 # Install from stock repos
 RUN \
--- a/builder/dockerfile.oracle_9.rpm.build
+++ b/builder/dockerfile.oracle_9.rpm.build
@ -4,8 +4,8 @@ ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 9
 RUN dnf config-manager --set-enabled ol9_codeready_builder
-RUN dnf config-manager --nobest --set-enabled ol9_distro_builder
+RUN dnf config-manager --set-enabled ol9_distro_builder
-RUN dnf install --nobest -y \
+RUN dnf install -y \
  gpg* \
  less \
  redhat-lsb-core \
--- a/builder/dockerfile.ubuntu_jammy.build
+++ b/builder/dockerfile.ubuntu_jammy.build
@ -2,7 +2,7 @@ FROM ubuntu:jammy
 ENV KASMVNC_BUILD_OS ubuntu
 ENV KASMVNC_BUILD_OS_CODENAME jammy
-ENV XORG_VER 21.1.3
+ENV XORG_VER 1.20.8
 ENV DEBIAN_FRONTEND noninteractive
 RUN sed -i 's$# deb-src$deb-src$' /etc/apt/sources.list
--- a/builder/dockerfile.ubuntu_noble.build
+++ b/builder/dockerfile.ubuntu_noble.build
@ -1,28 +0,0 @@
 FROM ubuntu:noble
 ENV KASMVNC_BUILD_OS ubuntu
 ENV KASMVNC_BUILD_OS_CODENAME noble
 ENV XORG_VER 21.1.12
 ENV DEBIAN_FRONTEND noninteractive
 RUN sed -i 's$Types: deb$Types: deb deb-src$' /etc/apt/sources.list.d/ubuntu.sources
 RUN apt-get update && \
      apt-get -y install sudo
 RUN apt-get update && apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget curl
 RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
 ENV SCRIPTS_DIR=/tmp/scripts
 COPY builder/scripts $SCRIPTS_DIR
 RUN $SCRIPTS_DIR/build-webp
 RUN $SCRIPTS_DIR/build-libjpeg-turbo
 RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.ubuntu_noble.deb.build
+++ b/builder/dockerfile.ubuntu_noble.deb.build
@ -1,19 +0,0 @@
 FROM ubuntu:noble
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update && \
      apt-get -y install vim build-essential devscripts equivs
 # Install build-deps for the package.
 COPY ./debian/control /tmp
 RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control
 ARG L_UID
 RUN if [ "$L_UID" -eq 0 ]; then \
      useradd -m docker; \
    else \
      useradd -m docker -u $L_UID;\
    fi
 USER docker
--- a/builder/dockerfile.ubuntu_noble.deb.test
+++ b/builder/dockerfile.ubuntu_noble.deb.test
@ -1,57 +0,0 @@
 FROM ubuntu:noble
 ENV DISPLAY=:1 \
    VNC_PORT=8443 \
    VNC_RESOLUTION=1280x720 \
    MAX_FRAME_RATE=24 \
    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
    HOME=/home/user \
    TERM=xterm \
    STARTUPDIR=/dockerstartup \
    INST_SCRIPTS=/dockerstartup/install \
    KASM_RX_HOME=/dockerstartup/kasmrx \
    DEBIAN_FRONTEND=noninteractive \
    VNC_COL_DEPTH=24 \
    VNC_RESOLUTION=1280x1024 \
    VNC_PW=vncpassword \
    VNC_USER=user \
    VNC_VIEW_ONLY_PW=vncviewonlypassword \
    LD_LIBRARY_PATH=/usr/local/lib/ \
    OMP_WAIT_POLICY=PASSIVE \
    SHELL=/bin/bash \
    SINGLE_APPLICATION=0 \
    KASMVNC_BUILD_OS=ubuntu \
    KASMVNC_BUILD_OS_CODENAME=noble
 EXPOSE $VNC_PORT
 WORKDIR $HOME
 ### REQUIRED STUFF ###
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
 RUN apt-get update && apt-get -y install lsb-release
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 RUN mkdir -p $STARTUPDIR
 COPY builder/startup/ $STARTUPDIR
 ### START CUSTOM STUFF ####
 ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp/
 RUN rm -f /tmp/kasmvncserver_*+*.deb; dpkg -i /tmp/*.deb; apt-get -yf install
 RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \
  chmod +x ~/.vnc/xstartup
 ### END CUSTOM STUFF ###
 RUN chown -R 1000:0 $HOME
 USER 1000:ssl-cert
 WORKDIR $HOME
 ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]
--- a/builder/dockerfile.ubuntu_noble.test
+++ b/builder/dockerfile.ubuntu_noble.test
@ -1,51 +0,0 @@
 FROM ubuntu:noble
 ENV DISPLAY=:1 \
    VNC_PORT=8443 \
    VNC_RESOLUTION=1280x720 \
    MAX_FRAME_RATE=24 \
    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
    HOME=/home/user \
    TERM=xterm \
    STARTUPDIR=/dockerstartup \
    INST_SCRIPTS=/dockerstartup/install \
    KASM_RX_HOME=/dockerstartup/kasmrx \
    DEBIAN_FRONTEND=noninteractive \
    VNC_COL_DEPTH=24 \
    VNC_RESOLUTION=1280x1024 \
    VNC_PW=vncpassword \
    VNC_USER=user \
    VNC_VIEW_ONLY_PW=vncviewonlypassword \
    LD_LIBRARY_PATH=/usr/local/lib/ \
    OMP_WAIT_POLICY=PASSIVE \
    SHELL=/bin/bash \
    SINGLE_APPLICATION=0 \
    KASMVNC_BUILD_OS=ubuntu \
    KASMVNC_BUILD_OS_CODENAME=noble
 EXPOSE $VNC_PORT
 WORKDIR $HOME
 ### REQUIRED STUFF ###
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 RUN mkdir -p $STARTUPDIR
 COPY startup/ $STARTUPDIR
 ### START CUSTOM STUFF ####
 COPY build/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz /tmp/
 RUN tar -xzvf /tmp/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz --strip 1 -C /
 ### END CUSTOM STUFF ###
 RUN chown -R 1000:0 $HOME
 USER 1000
 WORKDIR $HOME
 ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]
--- a/builder/startup/deb/select-de.sh
+++ b/builder/startup/deb/select-de.sh
@ -198,7 +198,6 @@ generate_xstartup() {
  cat <<-SCRIPT > "$xstartup_script"
 #!/bin/sh
 set -x
 $de_cmd
 SCRIPT
  chmod +x "$xstartup_script"
--- a/centos/kasmvncserver.spec
+++ b/centos/kasmvncserver.spec
@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
@ -83,27 +83,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
 - Allow disabling IP blacklist
 - Downloads API for detailed file downloads information
 * Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
 - Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
 - Fixed CVE-2024-38449, directory traversal bug in built-in web server.
 - Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
 - Fixed memory leak in kasmproxy.
 - Fixed mime types of downloads to ensure the browser interprets them as downloads.
 * Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
 - Fix exception thrown on Firefox 124 and higher
 - Fix artifacts on high resolution secondary screens
 - Fixes for touch support on primary and secondary screens
 - Fix for Oculus keyboard input
 * Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
 - Multi-monitor support.
 - Increased performance with watermark enabled.
 - Added support for Fedora 39 and Alpine 319.
 - Allow special characters in usernames.
 - Better logging of client settings when client connects or changes settings.
 - Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
  and containerized applications.
--- a/common/network/GetAPIMessager.cxx
+++ b/common/network/GetAPIMessager.cxx
@ -550,7 +550,7 @@ void GetAPIMessager::netGetBottleneckStats(char *buf, uint32_t len) {
 		const char *id = it->first.c_str();
 		const char *data = it->second.c_str();
-		const char *at = strrchr(id, '@');
+		const char *at = strchr(id, '@');
 		if (!at)
 			continue;
--- a/common/network/Udp.cxx
+++ b/common/network/Udp.cxx
@ -40,7 +40,7 @@ using namespace network;
 static rfb::LogWriter vlog("WebUdp");
 static WuHost *host = NULL;
-rfb::IntParameter udpSize("udpSize", "UDP packet data size", 1296, 500, 1400);
+rfb::IntParameter udpSize("udpSize", "UDP packet data size", 1300, 500, 1400);
 extern settings_t settings;
@ -95,11 +95,10 @@ void *udpserver(void *nport) {
 }
 // Send one packet, split into N UDP-sized pieces
-static uint8_t udpsend(WuClient *client, const uint8_t *data, unsigned len, uint32_t *id,
+static uint8_t udpsend(WuClient *client, const uint8_t *data, unsigned len, uint32_t *id) {
 			const uint32_t *frame) {
 	const uint32_t DATA_MAX = udpSize;
-	uint8_t buf[1400 + sizeof(uint32_t) * 5];
+	uint8_t buf[1400 + sizeof(uint32_t) * 4];
 	const uint32_t pieces = (len / DATA_MAX) + ((len % DATA_MAX) ? 1 : 0);
 	uint32_t i;
@ -112,13 +111,12 @@ static uint8_t udpsend(WuClient *client, const uint8_t *data, unsigned len, uint
 		memcpy(&buf[4], &i, sizeof(uint32_t));
 		memcpy(&buf[8], &pieces, sizeof(uint32_t));
 		memcpy(&buf[12], &hash, sizeof(uint32_t));
 		memcpy(&buf[16], frame, sizeof(uint32_t));
-		memcpy(&buf[20], data, curlen);
+		memcpy(&buf[16], data, curlen);
 		data += curlen;
 		len -= curlen;
-		if (WuHostSendBinary(host, client, buf, curlen + sizeof(uint32_t) * 5) < 0)
+		if (WuHostSendBinary(host, client, buf, curlen + sizeof(uint32_t) * 4) < 0)
 			return 1;
 	}
@ -127,8 +125,7 @@ static uint8_t udpsend(WuClient *client, const uint8_t *data, unsigned len, uint
 	return 0;
 }
-UdpStream::UdpStream(): OutStream(), client(NULL), total_len(0), id(0), failed(false),
+UdpStream::UdpStream(): OutStream(), client(NULL), total_len(0), id(0), failed(false) {
 	                frame(0) {
 	ptr = data;
 	end = data + UDPSTREAM_BUFSIZE;
@ -140,7 +137,7 @@ void UdpStream::flush() {
 	total_len += len;
 	if (client) {
-		if (udpsend(client, data, len, &id, &frame)) {
+		if (udpsend(client, data, len, &id)) {
 			vlog.error("Error sending udp, client gone?");
 			failed = true;
 		}
--- a/common/network/Udp.h
+++ b/common/network/Udp.h
@ -40,10 +40,6 @@ namespace network {
 				client = cli;
 			}
 			void setFrameNumber(const unsigned in) {
 				frame = in;
 			}
 			bool isFailed() const;
 			void clearFailed();
 		private:
@ -52,7 +48,6 @@ namespace network {
 			size_t total_len;
 			uint32_t id;
 			bool failed;
 			uint32_t frame;
 	};
 }
--- a/common/network/websocket.c
+++ b/common/network/websocket.c
@ -18,7 +18,6 @@
 #include <errno.h>
 #include <string.h>
 #include <dirent.h>
 #include <inttypes.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@ -27,9 +26,6 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <fcntl.h>  // daemonizing
 #include <pwd.h>
 #include <grp.h>
 #include <wordexp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/bio.h> /* base64 encode/decode */
@ -37,6 +33,7 @@
 #include <openssl/sha.h> /* sha1 hash */
 #include "websocket.h"
 #include "jsonescape.h"
 #include "kasmpasswd.h"
 #include <network/Blacklist.h>
 /*
@ -786,10 +783,6 @@ static const char *name2mime(const char *name) {
        goto def;
    end++;
    // Everything under Downloads/ should be treated as binary
    if (strcasestr(name, "Downloads/"))
        goto def;
    #define CMP(s) if (!strncmp(end, s, sizeof(s) - 1))
    CMP("htm")
@ -925,12 +918,6 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
    percent_decode(path, buf, 1);
    // in case they percent-encoded dots
    if (strstr(buf, "../")) {
        handler_msg("Attempted dir traversal attack, rejecting\n");
        goto nope;
    }
    handler_msg("Requested file '%s'\n", buf);
    sprintf(fullpath, "%s/%s", settings.httpdir, buf);
@ -947,15 +934,15 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
        goto nope;
    }
-    fseeko(f, 0, SEEK_END);
+    fseek(f, 0, SEEK_END);
-    const uint64_t filesize = ftello(f);
+    const uint64_t filesize = ftell(f);
    rewind(f);
    sprintf(buf, "HTTP/1.1 200 OK\r\n"
                 "Server: KasmVNC/4.0\r\n"
                 "Connection: close\r\n"
                 "Content-type: %s\r\n"
-                 "Content-length: %" PRIu64 "\r\n"
+                 "Content-length: %lu\r\n"
                 "%s"
                 "\r\n",
                 name2mime(path), filesize, extra_headers ? extra_headers : "");
@ -1032,20 +1019,6 @@ static void send403(ws_ctx_t *ws_ctx, const char * const origip, const char * co
    weblog(403, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(buf));
 }
 static void send400(ws_ctx_t *ws_ctx, const char * const origip, const char * const ip,
                    const char *info) {
    char buf[4096];
    sprintf(buf, "HTTP/1.1 400 Bad Request\r\n"
                 "Server: KasmVNC/4.0\r\n"
                 "Connection: close\r\n"
                 "Content-type: text/plain\r\n"
                 "%s"
                 "\r\n"
                 "400 Bad Request%s", extra_headers ? extra_headers : "", info);
    ws_send(ws_ctx, buf, strlen(buf));
    weblog(400, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(buf));
 }
 static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * const user,
                             const char * const ip, const char * const origip) {
    char buf[4096], path[4096];
@ -1639,103 +1612,6 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
        ws_send(ws_ctx, buf, strlen(buf));
        weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
        ret = 1;
    } else entry("/api/downloads") {
        char subpath[PATH_MAX] = "", startpath[PATH_MAX] = "~/Downloads", allpath[PATH_MAX];
        param = parse_get(args, "path", &len);
        if (len) {
            memcpy(buf, param, len);
            buf[len] = '\0';
            percent_decode(buf, subpath, 0);
            if (strstr(subpath, "../")) {
                handler_msg("Attempted directory traversal in /api/downloads\n");
                goto nope;
            }
        }
        wordexp_t wexp;
        if (!wordexp(startpath, &wexp, WRDE_NOCMD))
            strcpy(startpath, wexp.we_wordv[0]);
        else
            goto nope;
        wordfree(&wexp);
        snprintf(allpath, PATH_MAX, "%s/%s", startpath, subpath);
        allpath[PATH_MAX - 1] = '\0';
        DIR *dir = opendir(allpath);
        if (!dir) {
            handler_msg("Requested dir does not exist\n");
            goto nope;
        }
        sprintf(buf, "HTTP/1.1 200 OK\r\n"
                 "Server: KasmVNC/4.0\r\n"
                 "Connection: close\r\n"
                 "Content-type: text/json\r\n"
                 "%s"
                 "\r\n", extra_headers ? extra_headers : "");
        ws_send(ws_ctx, buf, strlen(buf));
        len = 15;
        ws_send(ws_ctx, "{ \"files\": [\n", 13);
        struct dirent *ent;
        unsigned char sent = 0;
        while ((ent = readdir(dir))) {
            if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, ".."))
                continue;
            sprintf(path, "%s/%s", allpath, ent->d_name);
            struct stat st;
            if (lstat(path, &st))
                continue;
            char own[LOGIN_NAME_MAX], grp[LOGIN_NAME_MAX], perms[32];
            sprintf(perms, "%03o", st.st_mode & 0777);
            struct passwd pwdt, *pwdptr;
            if (getpwuid_r(st.st_uid, &pwdt, buf, sizeof(buf), &pwdptr)) {
                sprintf(own, "(unknown uid %u)", st.st_uid);
            } else {
                strcpy(own, pwdt.pw_name);
            }
            struct group grpt, *grpptr;
            if (getgrgid_r(st.st_gid, &grpt, buf, sizeof(buf), &grpptr)) {
                sprintf(grp, "(unknown gid %u)", st.st_gid);
            } else {
                strcpy(grp, grpt.gr_name);
            }
            sprintf(buf, "%s{ \"filename\": \"%s\", "
                         "\"date_modified\": %lu, "
                         "\"date_created\": %lu, "
                         "\"is_dir\": %s, "
                         "\"size\": %lu, "
                         "\"owner\": \"%s\", "
                         "\"group\": \"%s\", "
                         "\"perms\": \"%s\" }",
                         sent ? ",\n" : "",
                         ent->d_name,
                         st.st_mtime,
                         st.st_ctime,
                         S_ISDIR(st.st_mode) ? "true" : "false",
                         S_ISDIR(st.st_mode) ? 0 : st.st_size,
                         own,
                         grp,
                         perms);
            sent = 1;
            ws_send(ws_ctx, buf, strlen(buf));
            len += strlen(buf);
        }
        ws_send(ws_ctx, "]}", 2);
        closedir(dir);
        weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, len);
        ret = 1;
    }
@ -1769,7 +1645,7 @@ timeout:
 }
 ws_ctx_t *do_handshake(int sock, char * const ip) {
-    char handshake[16 * 1024], response[4096], sha1[29], trailer[17];
+    char handshake[4096], response[4096], sha1[29], trailer[17];
    char *scheme, *pre;
    headers_t *headers;
    int len, i, offset;
@ -1826,7 +1702,6 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
            break;
        } else if (sizeof(handshake) <= (size_t)(offset + 1)) {
            handler_emsg("Oversized handshake\n");
            send400(ws_ctx, "-", ip, ", too large");
            free_ws_ctx(ws_ctx);
            return NULL;
        } else if (9 == i) {
@ -1881,7 +1756,7 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
    }
    unsigned char owner = 0;
-    char inuser[USERNAME_LEN] = "-";
+    char inuser[32] = "-";
    if (!settings.disablebasicauth) {
        const char *hdr = strstr(handshake, "Authorization: Basic ");
        if (!hdr) {
@ -1919,7 +1794,7 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
        if (resppw && *resppw)
            resppw++;
        if (settings.passwdfile) {
-            if (resppw && *resppw && resppw - response < USERNAME_LEN + 1) {
+            if (resppw && *resppw && resppw - response < 32) {
                char pwbuf[4096];
                struct kasmpasswd_t *set = readkasmpasswd(settings.passwdfile);
                if (!set->num) {
--- a/common/network/websocket.h
+++ b/common/network/websocket.h
@ -2,7 +2,6 @@
 #include <stdint.h>
 #include "GetAPIEnums.h"
 #include "datelog.h"
 #include "kasmpasswd.h"
 #define BUFSIZE 65536
 #define DBUFSIZE (BUFSIZE * 3) / 4 - 20
@ -58,7 +57,7 @@ typedef struct {
    char      *tin_buf;
    char      *tout_buf;
-    char      user[USERNAME_LEN];
+    char      user[32];
    char      ip[64];
 } ws_ctx_t;
--- a/common/rfb/Blacklist.cxx
+++ b/common/rfb/Blacklist.cxx
@ -42,9 +42,6 @@ Blacklist::~Blacklist() {
 }
 bool Blacklist::isBlackmarked(const char* name) {
  if (!threshold)
    return false;
  BlacklistMap::iterator i = blm.find(name);
  if (i == blm.end()) {
    // Entry is not already black-marked.
--- a/common/rfb/ConnParams.cxx
+++ b/common/rfb/ConnParams.cxx
@ -24,7 +24,6 @@
 #include <rfb/Exception.h>
 #include <rfb/encodings.h>
 #include <rfb/ledStates.h>
 #include <rfb/LogWriter.h>
 #include <rfb/clipboardTypes.h>
 #include <rfb/ConnParams.h>
 #include <rfb/ServerCore.h>
@ -33,19 +32,6 @@
 using namespace rfb;
 static LogWriter vlog("CP");
 static void clientparlog(const char name[], const bool applied) {
  vlog.debug("Client sent config param %s, %s",
             name,
             applied ? "applied" : "ignored due to -IgnoreClientSettingsKasm/lacking perms");
 }
 static void clientparlog(const char name[], int val, const bool applied) {
  vlog.debug("Client sent config param %s %d, %s",
             name, val,
             applied ? "applied" : "ignored due to -IgnoreClientSettingsKasm/lacking perms");
 }
 ConnParams::ConnParams()
  : majorVersion(0), minorVersion(0),
    width(0), height(0), useCopyRect(false),
@ -161,71 +147,54 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
    switch (encodings[i]) {
    case encodingCopyRect:
      useCopyRect = true;
      clientparlog("copyrect", true);
      break;
    case pseudoEncodingCursor:
      supportsLocalCursor = true;
      clientparlog("cursor", true);
      break;
    case pseudoEncodingXCursor:
      supportsLocalXCursor = true;
      clientparlog("xcursor", true);
      break;
    case pseudoEncodingCursorWithAlpha:
      supportsLocalCursorWithAlpha = true;
      clientparlog("cursorWithAlpha", true);
      break;
    case pseudoEncodingVMwareCursor:
      supportsVMWareCursor = true;
      clientparlog("vmwareCursor", true);
      break;
    case pseudoEncodingDesktopSize:
      supportsDesktopResize = true;
      clientparlog("desktopSize", true);
      break;
    case pseudoEncodingExtendedDesktopSize:
      supportsExtendedDesktopSize = true;
      clientparlog("extendedDesktopSize", true);
      break;
    case pseudoEncodingVMwareCursorPosition:
      supportsCursorPosition = true;
      clientparlog("vmwareCursorPosition", true);
      break;
    case pseudoEncodingDesktopName:
      supportsDesktopRename = true;
      clientparlog("desktopRename", true);
      break;
    case pseudoEncodingLastRect:
      supportsLastRect = true;
      clientparlog("lastRect", true);
      break;
    case pseudoEncodingLEDState:
      supportsLEDState = true;
      clientparlog("ledState", true);
      break;
    case pseudoEncodingQEMUKeyEvent:
      supportsQEMUKeyEvent = true;
      clientparlog("qemuKeyEvent", true);
      break;
    case pseudoEncodingWEBP:
      supportsWEBP = true;
      clientparlog("webp", true);
      break;
    case pseudoEncodingQOI:
      supportsQOI = true;
      clientparlog("qoi", true);
      break;
    case pseudoEncodingFence:
      supportsFence = true;
      clientparlog("fence", true);
      break;
    case pseudoEncodingContinuousUpdates:
      supportsContinuousUpdates = true;
      clientparlog("continuousUpdates", true);
      break;
    case pseudoEncodingExtendedClipboard:
      supportsExtendedClipboard = true;
      clientparlog("extendedClipboard", true);
      break;
    case pseudoEncodingSubsamp1X:
      subsampling = subsampleNone;
@ -246,12 +215,8 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
      subsampling = subsample16X;
      break;
    case pseudoEncodingPreferBandwidth:
-      if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings) {
+      if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings)
        Server::preferBandwidth.setParam(true);
        clientparlog("preferBandwidth", true);
      } else {
        clientparlog("preferBandwidth", false);
      }
      break;
    case pseudoEncodingMaxVideoResolution:
      if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings)
@ -260,133 +225,57 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
    }
    if (encodings[i] >= pseudoEncodingCompressLevel0 &&
-        encodings[i] <= pseudoEncodingCompressLevel9) {
+        encodings[i] <= pseudoEncodingCompressLevel9)
      compressLevel = encodings[i] - pseudoEncodingCompressLevel0;
      clientparlog("compressLevel", compressLevel, true);
    }
    if (encodings[i] >= pseudoEncodingQualityLevel0 &&
-        encodings[i] <= pseudoEncodingQualityLevel9) {
+        encodings[i] <= pseudoEncodingQualityLevel9)
      qualityLevel = encodings[i] - pseudoEncodingQualityLevel0;
      clientparlog("qualityLevel", qualityLevel, true);
    }
    if (encodings[i] >= pseudoEncodingFineQualityLevel0 &&
-        encodings[i] <= pseudoEncodingFineQualityLevel100) {
+        encodings[i] <= pseudoEncodingFineQualityLevel100)
      fineQualityLevel = encodings[i] - pseudoEncodingFineQualityLevel0;
      clientparlog("fineQualityLevel", fineQualityLevel, true);
    }
    if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings) {
      if (encodings[i] >= pseudoEncodingJpegVideoQualityLevel0 &&
-          encodings[i] <= pseudoEncodingJpegVideoQualityLevel9) {
+          encodings[i] <= pseudoEncodingJpegVideoQualityLevel9)
          Server::jpegVideoQuality.setParam(encodings[i] - pseudoEncodingJpegVideoQualityLevel0);
          clientparlog("jpegVideoQuality", encodings[i] - pseudoEncodingJpegVideoQualityLevel0, true);
      }
      if (encodings[i] >= pseudoEncodingWebpVideoQualityLevel0 &&
-          encodings[i] <= pseudoEncodingWebpVideoQualityLevel9) {
+          encodings[i] <= pseudoEncodingWebpVideoQualityLevel9)
          Server::webpVideoQuality.setParam(encodings[i] - pseudoEncodingWebpVideoQualityLevel0);
          clientparlog("webpVideoQuality", encodings[i] - pseudoEncodingWebpVideoQualityLevel0, true);
      }
      if (encodings[i] >= pseudoEncodingTreatLosslessLevel0 &&
-          encodings[i] <= pseudoEncodingTreatLosslessLevel10) {
+          encodings[i] <= pseudoEncodingTreatLosslessLevel10)
          Server::treatLossless.setParam(encodings[i] - pseudoEncodingTreatLosslessLevel0);
          clientparlog("treatLossless", encodings[i] - pseudoEncodingTreatLosslessLevel0, true);
      }
      if (encodings[i] >= pseudoEncodingDynamicQualityMinLevel0 &&
-          encodings[i] <= pseudoEncodingDynamicQualityMinLevel9) {
+          encodings[i] <= pseudoEncodingDynamicQualityMinLevel9)
          Server::dynamicQualityMin.setParam(encodings[i] - pseudoEncodingDynamicQualityMinLevel0);
          clientparlog("dynamicQualityMin", encodings[i] - pseudoEncodingDynamicQualityMinLevel0, true);
      }
      if (encodings[i] >= pseudoEncodingDynamicQualityMaxLevel0 &&
-          encodings[i] <= pseudoEncodingDynamicQualityMaxLevel9) {
+          encodings[i] <= pseudoEncodingDynamicQualityMaxLevel9)
          Server::dynamicQualityMax.setParam(encodings[i] - pseudoEncodingDynamicQualityMaxLevel0);
          clientparlog("dynamicQualityMax", encodings[i] - pseudoEncodingDynamicQualityMaxLevel0, true);
      }
      if (encodings[i] >= pseudoEncodingVideoAreaLevel1 &&
-          encodings[i] <= pseudoEncodingVideoAreaLevel100) {
+          encodings[i] <= pseudoEncodingVideoAreaLevel100)
          Server::videoArea.setParam(encodings[i] - pseudoEncodingVideoAreaLevel1 + 1);
          clientparlog("videoArea", encodings[i] - pseudoEncodingVideoAreaLevel1 + 1, true);
      }
      if (encodings[i] >= pseudoEncodingVideoTimeLevel0 &&
-          encodings[i] <= pseudoEncodingVideoTimeLevel100) {
+          encodings[i] <= pseudoEncodingVideoTimeLevel100)
          Server::videoTime.setParam(encodings[i] - pseudoEncodingVideoTimeLevel0);
          clientparlog("videoTime", encodings[i] - pseudoEncodingVideoTimeLevel0, true);
      }
      if (encodings[i] >= pseudoEncodingVideoOutTimeLevel1 &&
-          encodings[i] <= pseudoEncodingVideoOutTimeLevel100) {
+          encodings[i] <= pseudoEncodingVideoOutTimeLevel100)
          Server::videoOutTime.setParam(encodings[i] - pseudoEncodingVideoOutTimeLevel1 + 1);
          clientparlog("videoOutTime", encodings[i] - pseudoEncodingVideoOutTimeLevel1 + 1, true);
      }
      if (encodings[i] >= pseudoEncodingFrameRateLevel10 &&
-          encodings[i] <= pseudoEncodingFrameRateLevel60) {
+          encodings[i] <= pseudoEncodingFrameRateLevel60)
          Server::frameRate.setParam(encodings[i] - pseudoEncodingFrameRateLevel10 + 10);
          clientparlog("frameRate", encodings[i] - pseudoEncodingFrameRateLevel10 + 10, true);
      }
      if (encodings[i] >= pseudoEncodingVideoScalingLevel0 &&
-          encodings[i] <= pseudoEncodingVideoScalingLevel9) {
+          encodings[i] <= pseudoEncodingVideoScalingLevel9)
          Server::videoScaling.setParam(encodings[i] - pseudoEncodingVideoScalingLevel0);
          clientparlog("videoScaling", encodings[i] - pseudoEncodingVideoScalingLevel0, true);
      }
    } else {
      if (encodings[i] >= pseudoEncodingJpegVideoQualityLevel0 &&
          encodings[i] <= pseudoEncodingJpegVideoQualityLevel9) {
          clientparlog("jpegVideoQuality", encodings[i] - pseudoEncodingJpegVideoQualityLevel0, false);
      }
      if (encodings[i] >= pseudoEncodingWebpVideoQualityLevel0 &&
          encodings[i] <= pseudoEncodingWebpVideoQualityLevel9) {
          clientparlog("webpVideoQuality", encodings[i] - pseudoEncodingWebpVideoQualityLevel0, false);
      }
      if (encodings[i] >= pseudoEncodingTreatLosslessLevel0 &&
          encodings[i] <= pseudoEncodingTreatLosslessLevel10) {
          clientparlog("treatLossless", encodings[i] - pseudoEncodingTreatLosslessLevel0, false);
      }
      if (encodings[i] >= pseudoEncodingDynamicQualityMinLevel0 &&
          encodings[i] <= pseudoEncodingDynamicQualityMinLevel9) {
          clientparlog("dynamicQualityMin", encodings[i] - pseudoEncodingDynamicQualityMinLevel0, false);
      }
      if (encodings[i] >= pseudoEncodingDynamicQualityMaxLevel0 &&
          encodings[i] <= pseudoEncodingDynamicQualityMaxLevel9) {
          clientparlog("dynamicQualityMax", encodings[i] - pseudoEncodingDynamicQualityMaxLevel0, false);
      }
      if (encodings[i] >= pseudoEncodingVideoAreaLevel1 &&
          encodings[i] <= pseudoEncodingVideoAreaLevel100) {
          clientparlog("videoArea", encodings[i] - pseudoEncodingVideoAreaLevel1 + 1, false);
      }
      if (encodings[i] >= pseudoEncodingVideoTimeLevel0 &&
          encodings[i] <= pseudoEncodingVideoTimeLevel100) {
          clientparlog("videoTime", encodings[i] - pseudoEncodingVideoTimeLevel0, false);
      }
      if (encodings[i] >= pseudoEncodingVideoOutTimeLevel1 &&
          encodings[i] <= pseudoEncodingVideoOutTimeLevel100) {
          clientparlog("videoOutTime", encodings[i] - pseudoEncodingVideoOutTimeLevel1 + 1, false);
      }
      if (encodings[i] >= pseudoEncodingFrameRateLevel10 &&
          encodings[i] <= pseudoEncodingFrameRateLevel60) {
          clientparlog("frameRate", encodings[i] - pseudoEncodingFrameRateLevel10 + 10, false);
      }
      if (encodings[i] >= pseudoEncodingVideoScalingLevel0 &&
          encodings[i] <= pseudoEncodingVideoScalingLevel9) {
          clientparlog("videoScaling", encodings[i] - pseudoEncodingVideoScalingLevel0, false);
      }
    }
    if (encodings[i] > 0)
--- a/common/rfb/EncodeManager.cxx
+++ b/common/rfb/EncodeManager.cxx
@ -363,9 +363,6 @@ void EncodeManager::doUpdate(bool allowLossy, const Region& changed_,
    unsigned screenArea;
    updates++;
    if (conn->cp.supportsUdp)
      ((network::UdpStream *) conn->getOutStream(conn->cp.supportsUdp))->setFrameNumber(updates);
    // The video resolution may have changed, check it
    if (conn->cp.kasmPassed[ConnParams::KASM_MAX_VIDEO_RESOLUTION])
@ -423,6 +420,9 @@ void EncodeManager::doUpdate(bool allowLossy, const Region& changed_,
          nRects++;
    }
    if (watermarkData)
        packWatermark(changed);
    conn->writer()->writeFramebufferUpdateStart(nRects);
    writeCopyRects(copied, copyDelta);
@ -440,7 +440,7 @@ void EncodeManager::doUpdate(bool allowLossy, const Region& changed_,
    if (!videoDetected) // In case detection happened between the calls
      writeRects(cursorRegion, renderedCursor);
-    if (watermarkData && conn->sendWatermark()) {
+    if (watermarkData) {
      beforeLength = conn->getOutStream(conn->cp.supportsUdp)->length();
      const Rect rect(0, 0, pb->width(), pb->height());
--- a/common/rfb/SConnection.h
+++ b/common/rfb/SConnection.h
@ -198,10 +198,6 @@ namespace rfb {
        std::vector<unsigned char> data;
    };
    virtual bool sendWatermark() const {
        return false;
    }
  protected:
    void setState(stateEnum s) { state_ = s; }
--- a/common/rfb/SMsgReader.cxx
+++ b/common/rfb/SMsgReader.cxx
@ -171,9 +171,6 @@ void SMsgReader::readSetMaxVideoResolution()
  if (!rfb::Server::ignoreClientSettingsKasm && handler->canChangeKasmSettings()) {
    sprintf(tmp, "%ux%u", width, height);
    rfb::Server::maxVideoResolution.setParam(tmp);
    vlog.debug("Client sent config param maxVideoResolution %ux%u, applied", width, height);
  } else {
    vlog.debug("Client sent config param maxVideoResolution %ux%u, ignored due to -IgnoreClientSettingsKasm/lacking perms", width, height);
  }
 }
--- a/common/rfb/SMsgWriter.cxx
+++ b/common/rfb/SMsgWriter.cxx
@ -39,7 +39,7 @@ static LogWriter vlog("SMsgWriter");
 SMsgWriter::SMsgWriter(ConnParams* cp_, rdr::OutStream* os_, rdr::OutStream* udps_)
  : cp(cp_), os(os_), udps(udps_),
-    nRectsInUpdate(0), dataRectsInUpdate(0), nRectsInHeader(0),
+    nRectsInUpdate(0), nRectsInHeader(0),
    needSetDesktopSize(false), needExtendedDesktopSize(false),
    needSetDesktopName(false), needSetCursor(false),
    needSetXCursor(false), needSetCursorWithAlpha(false),
@ -340,7 +340,7 @@ void SMsgWriter::writeFramebufferUpdateStart(int nRects)
  os->writeU16(nRects);
-  nRectsInUpdate = dataRectsInUpdate = 0;
+  nRectsInUpdate = 0;
  if (nRects == 0xFFFF)
    nRectsInHeader = 0;
  else
@ -365,7 +365,7 @@ void SMsgWriter::writeFramebufferUpdateEnd()
    // Send an UDP flip marker, if needed
    if (cp->supportsUdp) {
-      udps->writeS16(dataRectsInUpdate);
+      udps->writeS16(0);
      udps->writeS16(0);
      udps->writeU16(0);
      udps->writeU16(0);
@ -394,7 +394,6 @@ void SMsgWriter::startRect(const Rect& r, int encoding)
 {
  if (++nRectsInUpdate > nRectsInHeader && nRectsInHeader)
    throw Exception("SMsgWriter::startRect: nRects out of sync");
  ++dataRectsInUpdate;
  if (cp->supportsUdp) {
    udps->writeS16(r.tl.x);
--- a/common/rfb/SMsgWriter.h
+++ b/common/rfb/SMsgWriter.h
@ -165,7 +165,6 @@ namespace rfb {
    rdr::OutStream* udps;
    int nRectsInUpdate;
    int dataRectsInUpdate;
    int nRectsInHeader;
    bool needSetDesktopSize;
--- a/common/rfb/ServerCore.cxx
+++ b/common/rfb/ServerCore.cxx
@ -201,10 +201,6 @@ rfb::IntParameter rfb::Server::DLP_WatermarkTimeOffsetMinutes
 ("DLP_WatermarkTimeOffsetMinutes",
 "Offset from UTC for -DLP_WatermarkText, minutes",
 0, -24 * 60, 24 * 60);
 rfb::IntParameter rfb::Server::DLP_WatermarkTextAngle
 ("DLP_WatermarkTextAngle",
 "Angle for -DLP_WatermarkText rotation",
 0, -359, 359);
 rfb::StringParameter rfb::Server::DLP_WatermarkImage
 ("DLP_WatermarkImage",
 "PNG file to use as a watermark",
--- a/common/rfb/ServerCore.h
+++ b/common/rfb/ServerCore.h
@ -52,7 +52,6 @@ namespace rfb {
    static IntParameter DLP_WatermarkFontSize;
    static IntParameter DLP_WatermarkTimeOffset;
    static IntParameter DLP_WatermarkTimeOffsetMinutes;
    static IntParameter DLP_WatermarkTextAngle;
    static StringParameter DLP_ClipLog;
    static StringParameter DLP_Region;
    static StringParameter DLP_Clip_Types;
--- a/common/rfb/VNCSConnectionST.cxx
+++ b/common/rfb/VNCSConnectionST.cxx
@ -88,8 +88,8 @@ VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s,
  wordfree(&wexp);
  user[0] = '\0';
-  const char *at = strrchr(peerEndpoint.buf, '@');
+  const char *at = strchr(peerEndpoint.buf, '@');
-  if (at && at - peerEndpoint.buf > 1 && at - peerEndpoint.buf < USERNAME_LEN) {
+  if (at && at - peerEndpoint.buf > 1 && at - peerEndpoint.buf < 32) {
    memcpy(user, peerEndpoint.buf, at - peerEndpoint.buf);
    user[at - peerEndpoint.buf] = '\0';
  }
@ -997,8 +997,8 @@ void VNCSConnectionST::setDesktopSize(int fb_width, int fb_height,
 {
  unsigned int result;
-  if (!(accessRights & AccessSetDesktopSize)) goto justnotify;
+  if (!(accessRights & AccessSetDesktopSize)) return;
-  if (!rfb::Server::acceptSetDesktopSize) goto justnotify;
+  if (!rfb::Server::acceptSetDesktopSize) return;
  // Don't bother the desktop with an invalid configuration
  if (!layout.validate(fb_width, fb_height)) {
@ -1021,14 +1021,6 @@ void VNCSConnectionST::setDesktopSize(int fb_width, int fb_height,
        throw Exception("Desktop configured a different screen layout than requested");
    server->notifyScreenLayoutChange(this);
  }
  return;
  justnotify:
  writer()->writeExtendedDesktopSize(reasonClient, resultProhibited,
                                     server->pb->getRect().width(),
                                     server->pb->getRect().height(),
                                     server->screenLayout);
 }
 void VNCSConnectionST::fence(rdr::U32 flags, unsigned len, const char data[])
@ -1643,7 +1635,7 @@ void VNCSConnectionST::sendStats(const bool toClient) {
 void VNCSConnectionST::handleFrameStats(rdr::U32 all, rdr::U32 render)
 {
  if (server->apimessager) {
-    const char *at = strrchr(peerEndpoint.buf, '@');
+    const char *at = strchr(peerEndpoint.buf, '@');
    if (!at)
      at = peerEndpoint.buf;
    else
--- a/common/rfb/VNCSConnectionST.h
+++ b/common/rfb/VNCSConnectionST.h
@ -35,8 +35,6 @@
 #include <rfb/Timer.h>
 #include <rfb/unixRelayLimits.h>
 #include "kasmpasswd.h"
 namespace rfb {
  class VNCServerST;
@ -215,10 +213,6 @@ namespace rfb {
    virtual void sendUnixRelayData(const char name[], const unsigned char *buf,
                                   const unsigned len);
    bool sendWatermark() const {
        return server->sendWatermark;
    }
  private:
    // SConnection callbacks
@ -324,7 +318,7 @@ namespace rfb {
    rdr::U64 bstats_total[BS_NUM];
    struct timeval connStart;
-    char user[USERNAME_LEN];
+    char user[32];
    char kasmpasswdpath[4096];
    bool needsPermCheck;
--- a/common/rfb/VNCServerST.cxx
+++ b/common/rfb/VNCServerST.cxx
@ -135,7 +135,7 @@ VNCServerST::VNCServerST(const char* name_, SDesktop* desktop_)
    queryConnectionHandler(0), keyRemapper(&KeyRemapper::defInstance),
    lastConnectionTime(0), disableclients(false),
    frameTimer(this), apimessager(NULL), trackingFrameStats(0),
-    clipboardId(0), sendWatermark(false)
+    clipboardId(0)
 {
  lastUserInputTime = lastDisconnectTime = time(0);
  slog.debug("creating single-threaded server %s", name.buf);
@ -223,9 +223,6 @@ VNCServerST::VNCServerST(const char* name_, SDesktop* desktop_)
  trackingClient[0] = 0;
  if (watermarkData)
    sendWatermark = true;
  if (Server::selfBench)
    SelfBench();
 }
@ -282,9 +279,6 @@ void VNCServerST::addSocket(network::Socket* sock, bool outgoing)
  VNCSConnectionST* client = new VNCSConnectionST(this, sock, outgoing);
  client->init();
  if (watermarkData)
    sendWatermark = true;
 }
 void VNCServerST::removeSocket(network::Socket* sock) {
@ -820,7 +814,7 @@ static void upgradeClientToUdp(const network::GetAPIMessager::action_data &act,
    inet_ntop(AF_INET, &act.udp.ip, buf, 32);
    const char * const who = (*ci)->getPeerEndpoint();
-    const char *start = strrchr(who, '@');
+    const char *start = strchr(who, '@');
    if (!start)
      continue;
    start++;
@ -981,8 +975,8 @@ void VNCServerST::writeUpdate()
  }
  if (watermarkData && Server::DLP_WatermarkText[0] && watermarkTextNeedsUpdate(true)) {
-    // The text may have changed
+    // If using a text watermark, we have to mark everything as changed...
-    sendWatermark = true;
+    refreshClients();
  }
  comparer->getUpdateInfo(&ui, pb->getRect());
@ -1110,8 +1104,6 @@ void VNCServerST::writeUpdate()
    }
  }
  sendWatermark = false; // the client now caches it, only send once
  if (trackingFrameStats) {
    if (enctime) {
      const unsigned totalMs = msSince(&start);
--- a/common/rfb/VNCServerST.h
+++ b/common/rfb/VNCServerST.h
@ -290,8 +290,6 @@ namespace rfb {
    void checkAPIMessages(network::GetAPIMessager *apimessager,
                          rdr::U8 &trackingFrameStats, char trackingClient[]);
    bool sendWatermark;
  };
 };
--- a/common/rfb/Watermark.cxx
+++ b/common/rfb/Watermark.cxx
@ -16,7 +16,6 @@
 * USA.
 */
 #include <math.h>
 #include <png.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -29,7 +28,6 @@
 #include "font.h"
 #include <ft2build.h>
 #include FT_FREETYPE_H
 #include FT_GLYPH_H
 #include "Watermark.h"
@ -189,149 +187,6 @@ static uint32_t drawnwidth(const char *txt) {
 	return x;
 }
 static void angle2mat(FT_Matrix &mat) {
 	const float angle = Server::DLP_WatermarkTextAngle / 360.f * 2 * -3.14159f;
 	mat.xx = (FT_Fixed)( cosf(angle) * 0x10000L);
 	mat.xy = (FT_Fixed)(-sinf(angle) * 0x10000L);
 	mat.yx = (FT_Fixed)( sinf(angle) * 0x10000L);
 	mat.yy = (FT_Fixed)( cosf(angle) * 0x10000L);
 }
 // Note: w and h are absolute
 static void angledstr(uint8_t *buf, const char *txt, const uint32_t x_, const uint32_t y_,
 		const uint32_t w, const uint32_t h,
 		const uint32_t stride, const bool invx, const bool invy) {
 	unsigned ucs[256], i, ucslen;
 	unsigned len = strlen(txt);
 	i = 0;
 	ucslen = 0;
 	while (len > 0 && txt[i]) {
 		size_t ret = rfb::utf8ToUCS4(&txt[i], len, &ucs[ucslen]);
 		i += ret;
 		len -= ret;
 		ucslen++;
 	}
 	FT_Matrix mat;
 	FT_Vector pen;
 	angle2mat(mat);
 	pen.x = 0;
 	pen.y = 0;
 	uint32_t x, y;
 	x = x_;
 	y = y_;
 	for (i = 0; i < ucslen; i++) {
 		FT_Set_Transform(face, &mat, &pen);
 		if (FT_Load_Char(face, ucs[i], FT_LOAD_RENDER))
 			continue;
 		const FT_Bitmap * const map = &(face->glyph->bitmap);
 		uint32_t row, col;
 		for (row = 0; row < (uint32_t) map->rows; row++) {
 			int ny = row + y - face->glyph->bitmap_top;
 			if (ny < 0)
 				continue;
 			if ((unsigned) ny >= h)
 				continue;
 			uint8_t *dst = (uint8_t *) buf;
 			dst += ny * stride + x;
 			const uint8_t *src = map->buffer + map->pitch * row;
 			for (col = 0; col < (uint32_t) map->width; col++) {
 				if (col + x >= w)
 					continue;
 				const uint8_t out = (src[col] + 8) >> 4;
 				dst[col] |= out < 16 ? out : 15;
 			}
 		}
 		x += face->glyph->advance.x >> 6;
 		pen.x += face->glyph->advance.x;
 		pen.y += face->glyph->advance.y;
 	}
 }
 static void angledsize(const char *txt, uint32_t &w, uint32_t &h,
 			uint32_t &recw, uint32_t &recy,
 			bool &invx, bool &invy) {
 	unsigned ucs[256], i, ucslen;
 	unsigned len = strlen(txt);
 	i = 0;
 	ucslen = 0;
 	while (len > 0 && txt[i]) {
 		size_t ret = rfb::utf8ToUCS4(&txt[i], len, &ucs[ucslen]);
 		i += ret;
 		len -= ret;
 		ucslen++;
 	}
 	FT_Matrix mat;
 	FT_Vector pen;
 	angle2mat(mat);
 	pen.x = 0;
 	pen.y = 0;
 	FT_BBox firstbox, lastbox;
 	for (i = 0; i < ucslen; i++) {
 		FT_Set_Transform(face, &mat, &pen);
 		if (FT_Load_Char(face, ucs[i], FT_LOAD_DEFAULT))
 			continue;
 		if (i == 0) {
 			FT_Glyph glyph;
 			FT_Get_Glyph(face->glyph, &glyph);
 			FT_Glyph_Get_CBox(glyph, FT_GLYPH_BBOX_PIXELS, &firstbox);
 			FT_Done_Glyph(glyph);
 			// recommended y; if the angle is steep enough, use the X bearing
 			#define EDGE 22
 			const int angle = abs(Server::DLP_WatermarkTextAngle);
 			if ((angle > (45 + EDGE) && angle < (135 - EDGE)) ||
 				(angle > (225 + EDGE) && angle < (315 - EDGE)))
 				recy = face->glyph->metrics.horiBearingX >> 6;
 			else
 				recy = face->glyph->metrics.horiBearingY >> 6;
 			#undef EDGE
 		} else if (i == ucslen - 1) {
 			FT_Glyph glyph;
 			FT_Get_Glyph(face->glyph, &glyph);
 			FT_Glyph_Get_CBox(glyph, FT_GLYPH_BBOX_PIXELS, &lastbox);
 			FT_Done_Glyph(glyph);
 		}
 		if (i != ucslen - 1) {
 			pen.x += face->glyph->advance.x;
 			pen.y += face->glyph->advance.y;
 		}
 	}
 	// recommended width, used when X is inverted
 	recw = face->size->metrics.max_advance >> 6;
 	// The used area is an union of first box, last box, and their relative distance
 	invx = pen.x < 0;
 	invy = pen.y > 0;
 	w = (firstbox.xMax - firstbox.xMin) + (lastbox.xMax - lastbox.xMin) + abs(pen.x >> 6);
 	h = (firstbox.yMax - firstbox.yMin) + (lastbox.yMax - lastbox.yMin) + abs(pen.y >> 6);
 }
 static bool drawtext(const char fmt[], const int16_t utcOff, const char fontpath[],
 			const uint8_t fontsize) {
 	char buf[PATH_MAX];
@ -358,24 +213,6 @@ static bool drawtext(const char fmt[], const int16_t utcOff, const char fontpath
 		return false;
 	free(watermarkInfo.src);
 	if (Server::DLP_WatermarkTextAngle) {
 		uint32_t w, h, recw, recy = fontsize;
 		bool invx, invy;
 		angledsize(buf, w, h, recw, recy, invx, invy);
 		// The max is because a rotated text with the time can change size.
 		// With the max op, at least it will only grow instead of bouncing.
 		w = __rfbmax(w, watermarkInfo.w);
 		h = __rfbmax(h, watermarkInfo.h);
 		watermarkInfo.w = w;
 		watermarkInfo.h = h;
 		watermarkInfo.src = (uint8_t *) calloc(w, h);
 		angledstr(watermarkInfo.src, buf,
 				invx ? w - recw: 0, invy ? h - recy : recy,
 				w, h, w, invx, invy);
 	} else {
 	const uint32_t h = fontsize + 4;
 	const uint32_t w = drawnwidth(buf);
@ -384,7 +221,6 @@ static bool drawtext(const char fmt[], const int16_t utcOff, const char fontpath
 	watermarkInfo.src = (uint8_t *) calloc(w, h);
 	str(watermarkInfo.src, buf, 0, fontsize, w, h, w);
 	}
 	return true;
 }
@ -443,31 +279,6 @@ bool watermarkInit() {
 	return true;
 }
 static void packWatermark() {
 	// Take the expanded 4-bit data, filter it by the changed rects, pack
 	// to shared bytes, and compress with zlib
 	uint16_t x, y;
 	uint8_t pix[2], cur = 0;
 	uint8_t *dst = watermarkTmp;
 	for (y = 0; y < rh; y++) {
 		for (x = 0; x < rw; x++) {
 			pix[cur] = watermarkUnpacked[y * rw + x];
 			if (cur || (y == rh - 1 && x == rw - 1))
 				*dst++ = pix[0] | (pix[1] << 4);
 			cur ^= 1;
 		}
 	}
 	uLong destLen = MAXW * MAXH / 2;
 	if (compress2(watermarkData, &destLen, watermarkTmp, rw * rh / 2 + 1, 1) != Z_OK)
 		vlog.error("Zlib compression error");
 	watermarkDataLen = destLen;
 }
 // update the screen-size rendered watermark whenever the screen is resized
 // or if using text, every frame
 void VNCServerST::updateWatermark() {
@ -548,10 +359,48 @@ void VNCServerST::updateWatermark() {
 					rw - sx);
 		}
 	}
 }
 void packWatermark(const Region &changed) {
 	// Take the expanded 4-bit data, filter it by the changed rects, pack
 	// to shared bytes, and compress with zlib
 	uint16_t x, y;
 	uint8_t pix[2], cur = 0;
 	uint8_t *dst = watermarkTmp;
        const Rect &bounding = changed.get_bounding_rect();
 	for (y = 0; y < rh; y++) {
 		// Is the entire line outside the changed area?
 		if (bounding.tl.y > y || bounding.br.y < y) {
 			for (x = 0; x < rw; x++) {
 				pix[cur] = 0;
 				if (cur || (y == rh - 1 && x == rw - 1))
 					*dst++ = pix[0] | (pix[1] << 4);
 				cur ^= 1;
 			}
 		} else {
 			for (x = 0; x < rw; x++) {
 				pix[cur] = 0;
 				if (bounding.contains(Point(x, y)) && changed.contains(x, y))
 					pix[cur] = watermarkUnpacked[y * rw + x];
 				if (cur || (y == rh - 1 && x == rw - 1))
 					*dst++ = pix[0] | (pix[1] << 4);
 				cur ^= 1;
 			}
 		}
 	}
-	packWatermark();
+	uLong destLen = MAXW * MAXH / 2;
 	if (compress2(watermarkData, &destLen, watermarkTmp, rw * rh / 2 + 1, 1) != Z_OK)
 		vlog.error("Zlib compression error");
-	sendWatermark = true;
+	watermarkDataLen = destLen;
 }
 // Limit changes to once per second
@ -563,5 +412,5 @@ bool watermarkTextNeedsUpdate(const bool early) {
 	if (early)
 		now = time(NULL);
-	return now != lastUpdate && strchr(Server::DLP_WatermarkText, '%');
+	return now != lastUpdate;
 }
--- a/common/rfb/Watermark.h
+++ b/common/rfb/Watermark.h
@ -35,6 +35,7 @@ struct watermarkInfo_t {
 extern watermarkInfo_t watermarkInfo;
 bool watermarkInit();
 void packWatermark(const rfb::Region &changed); // filter and pack the watermark for sending
 bool watermarkTextNeedsUpdate(const bool early);
 extern uint8_t *watermarkData;
--- a/debian/changelog
+++ b/debian/changelog
@ -1,40 +1,3 @@
 kasmvnc (1.3.3-1) unstable; urgency=medium
  * Allow disabling IP blacklist
  * Downloads API for detailed file downloads information
 -- Kasm Technologies LLC <info@kasmweb.com>  Fri, 25 Oct 2024 11:23:00 +0000
 kasmvnc (1.3.2-1) unstable; urgency=medium
  * Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
  * Fixed CVE-2024-38449, directory traversal bug in built-in web server.
  * Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
  * Fixed memory leak in kasmproxy.
  * Fixed mime types of downloads to ensure the browser interprets them as downloads.
 -- Kasm Technologies LLC <info@kasmweb.com>  Tue, 24 Sep 2024 11:23:00 +0000
 kasmvnc (1.3.1-1) unstable; urgency=medium
  * Fix exception thrown on Firefox 124 and higher
  * Fix artifacts on high resolution secondary screens
  * Fixes for touch support on primary and secondary screens
  * Fix for Oculus keyboard input
 -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 12 Mar 2024 11:23:00 +0000
 kasmvnc (1.3.0-1) unstable; urgency=medium
  * Multi-monitor support.
  * Increased performance with watermark enabled.
  * Added support for Fedora 39 and Alpine 319.
  * Allow special characters in usernames.
  * Better logging of client settings when client connects or changes settings.
  * Add support for rotation of text-based watermark.
 -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 02 Feb 2024 14:33:00 +0000
 kasmvnc (1.2.0-1) unstable; urgency=medium
  * Add support for Unix relays for bidirectional communication between noVNC
--- a/fedora/kasmvncserver.spec
+++ b/fedora/kasmvncserver.spec
@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
@ -83,27 +83,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
 - Allow disabling IP blacklist
 - Downloads API for detailed file downloads information
 * Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
 - Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
 - Fixed CVE-2024-38449, directory traversal bug in built-in web server.
 - Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
 - Fixed memory leak in kasmproxy.
 - Fixed mime types of downloads to ensure the browser interprets them as downloads.
 * Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
 - Fix exception thrown on Firefox 124 and higher
 - Fix artifacts on high resolution secondary screens
 - Fixes for touch support on primary and secondary screens
 - Fix for Oculus keyboard input
 * Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
 - Multi-monitor support.
 - Increased performance with watermark enabled.
 - Added support for Fedora 39 and Alpine 319.
 - Allow special characters in usernames.
 - Better logging of client settings when client connects or changes settings.
 - Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
  and containerized applications.
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit bce2d6a7048025c6e6c05df9d98b206c23f6dbab
+Subproject commit 68135beedd40c2654f2d41bba821165ddf0d09d7
--- a/opensuse/kasmvncserver.spec
+++ b/opensuse/kasmvncserver.spec
@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        leap15
 Summary:        VNC server accessible from a web browser
@ -81,27 +81,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
 - Allow disabling IP blacklist
 - Downloads API for detailed file downloads information
 * Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
 - Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
 - Fixed CVE-2024-38449, directory traversal bug in built-in web server.
 - Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
 - Fixed memory leak in kasmproxy.
 - Fixed mime types of downloads to ensure the browser interprets them as downloads.
 * Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
 - Fix exception thrown on Firefox 124 and higher
 - Fix artifacts on high resolution secondary screens
 - Fixes for touch support on primary and secondary screens
 - Fix for Oculus keyboard input
 * Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
 - Multi-monitor support.
 - Increased performance with watermark enabled.
 - Added support for Fedora 39 and Alpine 319.
 - Allow special characters in usernames.
 - Better logging of client settings when client connects or changes settings.
 - Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-leap15
 - Add support for Unix relays for bidirectional communication between noVNC
  and containerized applications.
--- a/oracle/kasmvncserver.spec
+++ b/oracle/kasmvncserver.spec
@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
@ -82,27 +82,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
 - Allow disabling IP blacklist
 - Downloads API for detailed file downloads information
 * Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
 - Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
 - Fixed CVE-2024-38449, directory traversal bug in built-in web server.
 - Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
 - Fixed memory leak in kasmproxy.
 - Fixed mime types of downloads to ensure the browser interprets them as downloads.
 * Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
 - Fix exception thrown on Firefox 124 and higher
 - Fix artifacts on high resolution secondary screens
 - Fixes for touch support on primary and secondary screens
 - Fix for Oculus keyboard input
 * Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
 - Multi-monitor support.
 - Increased performance with watermark enabled.
 - Added support for Fedora 39 and Alpine 319.
 - Allow special characters in usernames.
 - Better logging of client settings when client connects or changes settings.
 - Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
  and containerized applications.
--- a/oracle/kasmvncserver9.spec
+++ b/oracle/kasmvncserver9.spec
@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
@ -82,27 +82,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
 - Allow disabling IP blacklist
 - Downloads API for detailed file downloads information
 * Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
 - Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
 - Fixed CVE-2024-38449, directory traversal bug in built-in web server.
 - Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
 - Fixed memory leak in kasmproxy.
 - Fixed mime types of downloads to ensure the browser interprets them as downloads.
 * Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
 - Fix exception thrown on Firefox 124 and higher
 - Fix artifacts on high resolution secondary screens
 - Fixes for touch support on primary and secondary screens
 - Fix for Oculus keyboard input
 * Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
 - Multi-monitor support.
 - Increased performance with watermark enabled.
 - Added support for Fedora 39 and Alpine 319.
 - Allow special characters in usernames.
 - Better logging of client settings when client connects or changes settings.
 - Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
  and containerized applications.
--- a/spec/fixtures/defaults_config.yaml
+++ b/spec/fixtures/defaults_config.yaml
@ -50,12 +50,6 @@ data_loss_prevention:
    # location: 10,10
    # tint: 255,20,20,128
    # repeat_spacing: 10
    #text:
      # template: "${USER} %H:%M"
      # font: auto
      # font_size: 48
      # timezone_name: Australia/Adelaide
      # angle: 0
  logging:
    level: off
--- a/unix/kasmvnc_defaults.yaml
+++ b/unix/kasmvnc_defaults.yaml
@ -100,7 +100,6 @@ data_loss_prevention:
      # font: auto
      # font_size: 48
      # timezone_name: Australia/Adelaide
      # angle: 0
  logging:
    # "verbose" SETTING LOGS YOUR PRIVATE INFORMATION. Keypresses and clipboard content
    level: off
--- a/unix/kasmvncpasswd/kasmpasswd.h
+++ b/unix/kasmvncpasswd/kasmpasswd.h
@ -6,7 +6,7 @@ extern "C" {
 #endif
 struct kasmpasswd_entry_t {
-	char user[128];
+	char user[32];
 	char password[128];
 	unsigned char read : 1;
 	unsigned char write : 1;
--- a/unix/kasmxproxy/kasmxproxy.c
+++ b/unix/kasmxproxy/kasmxproxy.c
@ -520,8 +520,6 @@ int main(int argc, char **argv) {
 			cursorhash = newhash;
 		}
 		XFree(cursor);
 		usleep(sleeptime);
 	}
--- a/unix/vncserver
+++ b/unix/vncserver
@ -669,10 +669,9 @@ sub RunXstartup {
  DetectAndExportDisplay();
  $ENV{VNCDESKTOP}= $desktopName;
  my $xstartupCmd = "{ echo 'Running $xstartupFile'; $xstartupFile; }";
  if ($opt{'-fg'}) {
    if (! $skipxstartup) {
-      system("$xstartupCmd >> " . quotedString($desktopLog) . " 2>&1");
+      system("$xstartupFile >> " . quotedString($desktopLog) . " 2>&1");
    }
    if (IsXvncRunning()) {
      $opt{'-kill'} = ':'.$displayNumber;
@ -681,12 +680,12 @@ sub RunXstartup {
  } else {
    if ($opt{'-autokill'}) {
      if (! $skipxstartup) {
-        system("($xstartupCmd; $0 -kill :$displayNumber) >> "
+        system("($xstartupFile; $0 -kill :$displayNumber) >> "
          . quotedString($desktopLog) . " 2>&1 &");
      }
    } else {
      if (! $skipxstartup) {
-        system("$xstartupCmd >> " . quotedString($desktopLog)
+        system("$xstartupFile >> " . quotedString($desktopLog)
          . " 2>&1 &");
      }
    }
@ -1862,24 +1861,6 @@ sub DefineConfigToCLIConversion {
          $offset_in_seconds/60;
        }
    }),
    KasmVNC::CliOption->new({
        name => 'DLP_WatermarkTextAngle',
        configKeys => [
          KasmVNC::ConfigKey->new({
            name => "data_loss_prevention.watermark.text.angle",
            validator => KasmVNC::CallbackValidator->new({
              isValidCallback => sub {
                my $value = shift;
                return 0 unless $value =~ /^-?\d+$/;
                $value >= -359 && $value <= 359;
              },
              errorMessage => "must be in range -359..359"
            }),
          })
        ]
    }),
    KasmVNC::CliOption->new({
        name => 'DLP_Log',
        configKeys => [
--- a/unix/vncserver.man
+++ b/unix/vncserver.man
@ -54,18 +54,11 @@ passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details.
 .TP
 .B \-select-de [\fIde_name\fP]
-Select Desktop Enviromnent to run. Cinnamon, Mate, LXDE, LXQT, KDE, Gnome, XFCE,
+Select Desktop Enviromnent to run. Cinnamon, Mate, LXDE, LXQT, KDE, Gnome, XFCE
-are supported.
+are supported. If \fIde_name\fP isn't specified, a text UI prompt to select a
-
+Desktop Enviromnent will be shown.
 To trigger a text UI prompt to select a Desktop Enviromnent, run \fBvncserver\fP
 for the first time, or pass this option without arguments. To bypass the prompt,
 pass this option with the Desktop Enviromnent argument.
 Warning: $HOME/.vnc/xstartup will be overwritten.
 To run a custom setup (not one of the supported Desktop Enviromnents), create
 $HOME/.vnc/xstartup executable and specify \fB\-select-de manual\fP to signify you
 don't want its contents to be auto-generated.
 .TP
 .B \-geometry \fIwidth\fPx\fIheight\fP
 Specify the size of the VNC desktop to be created. Default is 1024x768.
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@ -384,10 +384,6 @@ Instead of an image, render this text as the watermark. Takes time formatting op
 for \fBstrftime\fP.
 .
 .TP
 .B \-DLP_WatermarkTextAngle \fIangle\fP
 Rotate the text by this many degrees, increasing clockwise. Default \fB0\fP.
 .
 .TP
 .B \-DLP_WatermarkFont \fI/path/to/font.ttf\fP
 Use a different font for -DLP_WatermarkText than the bundled one. TTF and OTF fonts
 are accepted.
@ -478,7 +474,7 @@ See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
 .TP
 .B \-BlacklistThreshold \fIcount\fP
 The number of unauthenticated connection attempts allowed from any individual
-host before that host is black-listed.  Default is 5. Set to 0 to disable.
+host before that host is black-listed.  Default is 5.
 .
 .TP
 .B \-BlacklistTimeout \fIseconds\fP
--- a/unix/xserver/hw/vnc/dri3.c
+++ b/unix/xserver/hw/vnc/dri3.c
@ -55,12 +55,9 @@ typedef struct gbm_pixmap gbm_pixmap;
 static DevPrivateKeyRec dri3_pixmap_private_key;
 static struct timeval start;
-struct texpixmap {
+#define MAX_TEXPIXMAPS 32
-    PixmapPtr pixmap;
+static PixmapPtr texpixmaps[MAX_TEXPIXMAPS];
-    struct xorg_list entry;
+static uint32_t num_texpixmaps;
 };
 static struct xorg_list texpixmaps;
 static CARD32 update_texpixmaps(OsTimerPtr timer, CARD32 time, void *arg);
 static OsTimerPtr texpixmaptimer;
@ -113,21 +110,25 @@ static gbm_pixmap *gbm_pixmap_get(PixmapPtr pixmap)
 static void add_texpixmap(PixmapPtr pix)
 {
-    struct texpixmap *ptr;
+    uint32_t i;
-
+    for (i = 0; i < MAX_TEXPIXMAPS; i++) {
-    xorg_list_for_each_entry(ptr, &texpixmaps, entry) {
+        if (texpixmaps[i] == pix)
        if (ptr->pixmap == pix)
            return;
    }
-    ptr = calloc(1, sizeof(struct texpixmap));
+    for (i = 0; i < MAX_TEXPIXMAPS; i++) {
-    ptr->pixmap = pix;
+        if (!texpixmaps[i]) {
            texpixmaps[i] = pix;
            pix->refcnt++;
-    xorg_list_append(&ptr->entry, &texpixmaps);
+            num_texpixmaps++;
            // start if not running
            if (!texpixmaptimer)
                texpixmaptimer = TimerSet(NULL, 0, 16, update_texpixmaps, NULL);
            return;
        }
    }
    ErrorF("Max number of texpixmaps reached\n");
 }
 static PixmapPtr
@ -312,41 +313,38 @@ void xvnc_sync_dri3_textures(void)
    // This is called both from the global damage report and the timer,
    // to account for cases that do not use the damage report.
-    uint32_t y;
+    uint32_t i, y;
    gbm_pixmap *gp;
    uint8_t *src, *dst;
    uint32_t srcstride, dststride;
    void *opaque = NULL;
    struct texpixmap *ptr, *tmpptr;
-    // We may not be running on hw if there's a compositor using PRESENT on llvmpipe
+    for (i = 0; i < MAX_TEXPIXMAPS; i++) {
-    if (!driNode)
+        if (!texpixmaps[i])
-        return;
+            continue;
-
+        if (texpixmaps[i]->refcnt == 1) {
    xorg_list_for_each_entry_safe(ptr, tmpptr, &texpixmaps, entry) {
        if (ptr->pixmap->refcnt == 1) {
            // We are the only user left, delete it
-            ptr->pixmap->drawable.pScreen->DestroyPixmap(ptr->pixmap);
+            texpixmaps[i]->drawable.pScreen->DestroyPixmap(texpixmaps[i]);
-            xorg_list_del(&ptr->entry);
+            texpixmaps[i] = NULL;
-            free(ptr);
+            num_texpixmaps--;
            continue;
        }
-        gp = gbm_pixmap_get(ptr->pixmap);
+        gp = gbm_pixmap_get(texpixmaps[i]);
        opaque = NULL;
        dst = gbm_bo_map(gp->bo, 0, 0,
-                         ptr->pixmap->drawable.width,
+                         texpixmaps[i]->drawable.width,
-                         ptr->pixmap->drawable.height,
+                         texpixmaps[i]->drawable.height,
                         GBM_BO_TRANSFER_WRITE, &dststride, &opaque);
        if (!dst) {
            ErrorF("gbm map failed, errno %d\n", errno);
            continue;
        }
-        srcstride = ptr->pixmap->devKind;
+        srcstride = texpixmaps[i]->devKind;
-        src = ptr->pixmap->devPrivate.ptr;
+        src = texpixmaps[i]->devPrivate.ptr;
-        for (y = 0; y < ptr->pixmap->drawable.height; y++) {
+        for (y = 0; y < texpixmaps[i]->drawable.height; y++) {
            memcpy(dst, src, srcstride);
            dst += dststride;
            src += srcstride;
@ -360,7 +358,7 @@ static CARD32 update_texpixmaps(OsTimerPtr timer, CARD32 time, void *arg)
 {
    xvnc_sync_dri3_textures();
-    if (xorg_list_is_empty(&texpixmaps)) {
+    if (!num_texpixmaps) {
        TimerFree(texpixmaptimer);
        texpixmaptimer = NULL;
        return 0;
@ -389,8 +387,6 @@ void xvnc_init_dri3(void)
    if (!priv.gbm)
        FatalError("Failed to create gbm\n");
    xorg_list_init(&texpixmaps);
    if (!dri3_screen_init(screenInfo.screens[0], &xvnc_dri3_info))
        FatalError("Couldn't init dri3\n");
 }
--- a/unix/xserver/hw/vnc/xorg-version.h
+++ b/unix/xserver/hw/vnc/xorg-version.h
@ -54,10 +54,8 @@
 #define XORG 119
 #elif XORG_VERSION_CURRENT < ((1 * 10000000) + (20 * 100000) + (99 * 1000))
 #define XORG 120
 #elif XORG_VERSION_CURRENT < ((1 * 10000000) + (21 * 100000) + (99 * 1000))
 #define XORG 121
 #else
-#error "X.Org newer than 21 is not supported"
+#error "X.Org newer than 1.20 is not supported"
 #endif
 #endif
--- a/unix/xserver/hw/vnc/xvnc.c
+++ b/unix/xserver/hw/vnc/xvnc.c
@ -94,8 +94,9 @@ from the X Consortium.
 #undef VENDOR_RELEASE
 #undef VENDOR_STRING
 #include "version-config.h"
 #include "site.h"
-#define XVNCVERSION "KasmVNC 1.3.3"
+#define XVNCVERSION "KasmVNC 1.2.0"
 #define XVNCCOPYRIGHT ("Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)\n" \
                       "See http://kasmweb.com for information on KasmVNC.\n")
@ -163,7 +164,7 @@ const char *driNode = NULL;
 static Bool displaySpecified = FALSE;
 static char displayNumStr[16];
-static int vncVerbose = 0;
+static int vncVerbose = DEFAULT_LOG_VERBOSITY;
 int unixrelays[MAX_UNIX_RELAYS];
 char unixrelaynames[MAX_UNIX_RELAYS][MAX_UNIX_RELAY_NAME_LEN];
@ -282,13 +283,8 @@ vncPrintBanner(void)
    ErrorF("\nXvnc %s%s - built %s\n%s", XVNCVERSION,
           sizeof(XVNCEXTRAVERSION) > 2 ? XVNCEXTRAVERSION : "",
           buildtime, XVNCCOPYRIGHT);
    // VENDOR_STRING was removed in 21
    #ifdef VENDOR_STRING
    ErrorF("Underlying X server release %d, %s\n\n", VENDOR_RELEASE,
           VENDOR_STRING);
    #else
    ErrorF("Underlying X server release %d\n\n", VENDOR_RELEASE);
    #endif
 }
 static void
--- a/unix/xserver21.patch
+++ b/unix/xserver21.patch
@ -1,115 +0,0 @@
 diff -urpN xorg-server-1.20.0/configure.ac xorg-server-1.20.0/configure.ac
 --- xorg-server-1.20.0/configure.ac	2018-05-10 09:32:34.000000000 -0700
 +++ xorg-server-1.20.0/configure.ac	2018-06-13 19:04:47.536413626 -0700
@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
 AC_CONFIG_HEADERS(include/version-config.h)
 AM_PROG_AS
 +AC_PROG_CXX
 AC_PROG_LN_S
 LT_PREREQ([2.2])
 LT_INIT([disable-static win32-dll])
@@ -1777,6 +1778,10 @@ if test "x$XVFB" = xyes; then
 	AC_SUBST([XVFB_SYS_LIBS])
 fi
 +dnl Xvnc DDX
 +AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
 +AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
 +AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
 dnl Xnest DDX
@@ -1812,6 +1817,8 @@ if test "x$XORG" = xauto; then
 fi
 AC_MSG_RESULT([$XORG])
 +AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
 +
 if test "x$XORG" = xyes; then
 	XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
 	XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
@@ -2029,7 +2036,6 @@ if test "x$XORG" = xyes; then
 	AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
 	AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
 	AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
 -	AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
 	AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
 	AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
 	AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
@@ -2565,6 +2571,7 @@ hw/dmx/Makefile
 hw/dmx/man/Makefile
 hw/vfb/Makefile
 hw/vfb/man/Makefile
 +hw/vnc/Makefile
 hw/xnest/Makefile
 hw/xnest/man/Makefile
 hw/xwin/Makefile
 diff -urpN xorg-server-1.20.0/hw/Makefile.am xorg-server-1.20.0/hw/Makefile.am
 --- xorg-server-1.20.0/hw/Makefile.am	2018-05-10 09:32:34.000000000 -0700
 +++ xorg-server-1.20.0/hw/Makefile.am	2018-06-13 19:04:47.536413626 -0700
@@ -44,3 +44,5 @@
 relink:
 	$(AM_V_at)for i in $(SUBDIRS) ; do $(MAKE) -C $$i relink || exit 1 ; done
 +
 +SUBDIRS += vnc
 diff -urpN xorg-server-1.20.0/mi/miinitext.c xorg-server-1.20.0/mi/miinitext.c
 --- xorg-server-1.20.0/mi/miinitext.c	2018-05-10 09:32:37.000000000 -0700
 +++ xorg-server-1.20.0/mi/miinitext.c	2018-06-13 19:05:14.742200675 -0700
@@ -107,8 +107,15 @@ SOFTWARE.
 #include "os.h"
 #include "globals.h"
 +#ifdef KASMVNC
 +extern void vncExtensionInit(void);
 +#endif
 +
 /* List of built-in (statically linked) extensions */
 static const ExtensionModule staticExtensions[] = {
 +#ifdef KASMVNC
 +    {vncExtensionInit, "VNC-EXTENSION", NULL},
 +#endif
     {GEExtensionInit, "Generic Event Extension", &noGEExtension},
     {ShapeExtensionInit, "SHAPE", NULL},
 #ifdef MITSHM
 --- xserver.orig/present/present.c	2019-02-26 21:28:50.000000000 +0200
 +++ xserver/present/present.c	2023-01-20 11:32:27.175493594 +0200
@@ -27,6 +27,8 @@
 #include "present_priv.h"
 #include <gcstruct.h>
 +void xvnc_sync_dri3_pixmap(PixmapPtr pixmap);
 +
 /*
  * Returns:
  * TRUE if the first MSC value is equal to or after the second one
@@ -79,6 +81,8 @@
     ScreenPtr   screen = drawable->pScreen;
     GCPtr       gc;
 +    xvnc_sync_dri3_pixmap(pixmap);
 +
     gc = GetScratchGC(drawable->depth, screen);
     if (update) {
         ChangeGCVal     changes[2];
 --- xserver.orig/damageext/damageext.c	2019-02-26 21:28:50.000000000 +0200
 +++ xserver/damageext/damageext.c	2023-03-21 12:52:58.411647186 +0200
@@ -87,6 +87,8 @@
     *h = draw->height;
 }
 +void xvnc_sync_dri3_textures(void);
 +
 static void
 DamageExtNotify(DamageExtPtr pDamageExt, BoxPtr pBoxes, int nBoxes)
 {
@@ -97,6 +99,8 @@
     damageGetGeometry(pDrawable, &x, &y, &w, &h);
 +    xvnc_sync_dri3_textures();
 +
     UpdateCurrentTimeIf();
     ev = (xDamageNotifyEvent) {
         .type = DamageEventBase + XDamageNotify,
		`@ -1 +1 @@`
			`Subproject commit bce2d6a7048025c6e6c05df9d98b206c23f6dbab`				`Subproject commit 68135beedd40c2654f2d41bba821165ddf0d09d7`