Merge branch 'feature/KASM-6852-fedora-41' into 'master'

Resolve KASM-6852 "Feature/ fedora 41"

Closes KASM-6852

See merge request kasm-technologies/internal/KasmVNC!156

.gitlab-ci.yml

@@ -17,7 +17,7 @@ variables:
 workflow:
   rules:
     # Disable tag builds.
-    - if: $CI_COMMIT_TAG != $CI_COMMIT_REF_NAME
+    - if: $CI_COMMIT_TAG != $CI_COMMIT_REF_NAME && $CI_PIPELINE_SOURCE != "merge_request_event"
 
 stages:
   - www
@@ -180,6 +180,44 @@ build_ubuntu_jammy_arm:
     paths:
       - output/
 
+build_ubuntu_noble:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-amd
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package ubuntu noble;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+    
+build_ubuntu_noble_arm:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-arm
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script: 
+    - bash builder/build-package ubuntu noble;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
 build_debian_buster:
   stage: build
   allow_failure: true
@@ -333,25 +371,6 @@ build_kali_rolling_arm:
     paths:
       - output/
 
-build_centos7:
-  stage: build
-  allow_failure: true
-  tags:
-    - oci-fixed-amd
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package centos core
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
 build_oracle_8:
   stage: build
   allow_failure: true
@@ -580,6 +599,82 @@ build_fedora_thirtynine_arm:
     paths:
       - output/
 
+build_fedora_forty:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-amd
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package fedora forty;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+    
+build_fedora_forty_arm:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-arm
+  before_script: 
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package fedora forty;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
+build_fedora_fortyone:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-amd
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package fedora fortyone;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+    
+build_fedora_fortyone_arm:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-arm
+  before_script: 
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script: 
+    - bash builder/build-package fedora fortyone;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
 build_alpine_317:
   stage: build
   allow_failure: true
@@ -704,6 +799,82 @@ build_alpine_319_arm:
     paths:
       - output/
 
+build_alpine_320:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-amd
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package alpine 320;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
+build_alpine_320_arm:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-arm
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package alpine 320;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
+build_alpine_321:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-amd
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package alpine 321;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
+build_alpine_321_arm:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-arm
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package alpine 321;
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
 upload:
   stage: upload
   image: ubuntu:focal

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "kasmweb"]
 	path = kasmweb
 	url = https://github.com/kasmtech/noVNC.git
-	branch = master
+	branch = release/1.2.2

README.md

@@ -4,7 +4,7 @@
 
 KasmVNC provides remote web-based access to a Desktop or application. While VNC is in the name, KasmVNC differs from other VNC variants such as TigerVNC, RealVNC, and TurboVNC. KasmVNC has broken from the RFB specification which defines VNC, in order to support modern technologies and increase security. KasmVNC is accessed by users from any modern browser and does not support legacy VNC viewer applications. KasmVNC uses a modern YAML based configuration at the server and user level, allowing for ease of management.
 
-[Kasm Technologies](https://www.kasmweb.com) developed Kasm Workspaces, the Containerized Streaming Platform. Kasm has open-sourced the Workspace docker images, which include containerized [full desktops and apps](https://github.com/kasmtech/workspaces-images) and [base images](https://github.com/kasmtech/workspaces-core-images) intended for developers to create custimized streaming containers. These containers can be used standalone or within the [Kasm Workspaces Platform](https://www.kasmweb.com) which provides a full Enterprise feature set.
+[Kasm Technologies](https://www.kasmweb.com) developed Kasm Workspaces, the Containerized Streaming Platform. Kasm has open-sourced the Workspace docker images, which include containerized [full desktops and apps](https://github.com/kasmtech/workspaces-images) and [base images](https://github.com/kasmtech/workspaces-core-images) intended for developers to create customized streaming containers. These containers can be used standalone or within the [Kasm Workspaces Platform](https://www.kasmweb.com) which provides a full Enterprise feature set.
 
 ## Documentation
 
@@ -27,7 +27,7 @@ wget <package_url>
 sudo apt-get install ./kasmvncserver_*.deb
 
 # Add your user to the ssl-cert group
-sudo addgroup $USER ssl-cert
+sudo adduser $USER ssl-cert
 ```
 
 ### Oracle 8
@@ -269,4 +269,4 @@ Future Goals:
 See the [builder/README.md](https://github.com/kasmtech/KasmVNC/blob/master/builder/README.md). We containerize our build systems to ensure highly repeatable builds.
 
 ### License and Acknowledgements
-See the [LICENSE.TXT](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT) and [ACKNOWLEDGEMENTS.MD](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT)
+See the [LICENSE.TXT](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT) and [ACKNOWLEDGEMENTS.md](https://github.com/kasmtech/KasmVNC/blob/master/ACKNOWLEDGEMENTS.md)

builder/build.sh

@@ -46,7 +46,11 @@ EOF
 cd /tmp
 # default to the version of x in Ubuntu 18.04, otherwise caller will need to specify
 XORG_VER=${XORG_VER:-"1.19.6"}
-XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##')
+if [[ "${XORG_VER}" == 21* ]]; then
+  XORG_PATCH=21
+else
+  XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##')
+fi
 wget --no-check-certificate https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.gz
 
 #git clone https://kasmweb@bitbucket.org/kasmtech/kasmvnc.git
@@ -139,6 +143,8 @@ if [ -d /usr/lib/x86_64-linux-gnu/dri ]; then
   ln -s /usr/lib/x86_64-linux-gnu/dri dri
 elif [ -d /usr/lib/aarch64-linux-gnu/dri ]; then
   ln -s /usr/lib/aarch64-linux-gnu/dri dri
+elif [ -d /usr/lib/arm-linux-gnueabihf/dri ]; then
+  ln -s /usr/lib/arm-linux-gnueabihf/dri dri
 elif [ -d /usr/lib/xorg/modules/dri ]; then
   ln -s /usr/lib/xorg/modules/dri dri
 else

builder/dockerfile.alpine_317.build

@@ -2,7 +2,7 @@ FROM alpine:3.17
 
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 317
-ENV XORG_VER 1.20.14
+ENV XORG_VER 21.1.8
 
 RUN \
   echo "**** install build deps ****" && \

builder/dockerfile.alpine_318.build

@@ -2,7 +2,7 @@ FROM alpine:3.18
 
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 318
-ENV XORG_VER 1.20.14
+ENV XORG_VER 21.1.10
 
 RUN \
   echo "**** install build deps ****" && \

builder/dockerfile.alpine_319.build

@@ -2,7 +2,7 @@ FROM alpine:3.19
 
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 319
-ENV XORG_VER 1.20.14
+ENV XORG_VER 21.1.12
 
 RUN \
   echo "**** install build deps ****" && \

builder/dockerfile.alpine_320.apk.build

@@ -0,0 +1,7 @@
+FROM alpine:3.20
+
+RUN apk add shadow bash
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+USER docker

builder/dockerfile.alpine_320.build

@@ -0,0 +1,82 @@
+FROM alpine:3.20
+
+ENV KASMVNC_BUILD_OS alpine
+ENV KASMVNC_BUILD_OS_CODENAME 320
+ENV XORG_VER 21.1.14
+
+RUN \
+  echo "**** install build deps ****" && \
+  apk add \
+    alpine-release \
+    alpine-sdk \
+    autoconf \
+    automake \
+    bash \
+    ca-certificates \
+    cmake \
+    coreutils \
+    curl \
+    eudev-dev \
+    font-cursor-misc \
+    font-misc-misc \
+    font-util-dev \
+    git \
+    grep \
+    jq \
+    libdrm-dev \
+    libepoxy-dev \
+    libjpeg-turbo-dev \
+    libjpeg-turbo-static \
+    libpciaccess-dev \
+    libtool \
+    libwebp-dev \
+    libx11-dev \
+    libxau-dev \
+    libxcb-dev \
+    libxcursor-dev \
+    libxcvt-dev \
+    libxdmcp-dev \
+    libxext-dev \
+    libxfont2-dev \
+    libxkbfile-dev \
+    libxrandr-dev \
+    libxshmfence-dev \
+    libxtst-dev \
+    mesa-dev \
+    mesa-dri-gallium \
+    meson \
+    nettle-dev \
+    openssl-dev \
+    pixman-dev \
+    procps \
+    shadow \
+    tar \
+    tzdata \
+    wayland-dev \
+    wayland-protocols \
+    xcb-util-dev \
+    xcb-util-image-dev \
+    xcb-util-keysyms-dev \
+    xcb-util-renderutil-dev \
+    xcb-util-wm-dev \
+    xinit \
+    xkbcomp \
+    xkbcomp-dev \
+    xkeyboard-config \
+    xorgproto \
+    xorg-server-common \
+    xorg-server-dev \
+    xtrans
+
+
+ENV SCRIPTS_DIR=/tmp/scripts
+COPY builder/scripts $SCRIPTS_DIR
+RUN $SCRIPTS_DIR/build-webp
+RUN $SCRIPTS_DIR/build-libjpeg-turbo
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+COPY --chown=docker:docker . /src/
+
+USER docker
+ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.alpine_321.apk.build

@@ -0,0 +1,7 @@
+FROM alpine:3.21
+
+RUN apk add shadow bash
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+USER docker

builder/dockerfile.alpine_321.build

@@ -0,0 +1,82 @@
+FROM alpine:3.21
+
+ENV KASMVNC_BUILD_OS alpine
+ENV KASMVNC_BUILD_OS_CODENAME 321
+ENV XORG_VER 21.1.14
+
+RUN \
+  echo "**** install build deps ****" && \
+  apk add \
+    alpine-release \
+    alpine-sdk \
+    autoconf \
+    automake \
+    bash \
+    ca-certificates \
+    cmake \
+    coreutils \
+    curl \
+    eudev-dev \
+    font-cursor-misc \
+    font-misc-misc \
+    font-util-dev \
+    git \
+    grep \
+    jq \
+    libdrm-dev \
+    libepoxy-dev \
+    libjpeg-turbo-dev \
+    libjpeg-turbo-static \
+    libpciaccess-dev \
+    libtool \
+    libwebp-dev \
+    libx11-dev \
+    libxau-dev \
+    libxcb-dev \
+    libxcursor-dev \
+    libxcvt-dev \
+    libxdmcp-dev \
+    libxext-dev \
+    libxfont2-dev \
+    libxkbfile-dev \
+    libxrandr-dev \
+    libxshmfence-dev \
+    libxtst-dev \
+    mesa-dev \
+    mesa-dri-gallium \
+    meson \
+    nettle-dev \
+    openssl-dev \
+    pixman-dev \
+    procps \
+    shadow \
+    tar \
+    tzdata \
+    wayland-dev \
+    wayland-protocols \
+    xcb-util-dev \
+    xcb-util-image-dev \
+    xcb-util-keysyms-dev \
+    xcb-util-renderutil-dev \
+    xcb-util-wm-dev \
+    xinit \
+    xkbcomp \
+    xkbcomp-dev \
+    xkeyboard-config \
+    xorgproto \
+    xorg-server-common \
+    xorg-server-dev \
+    xtrans
+
+
+ENV SCRIPTS_DIR=/tmp/scripts
+COPY builder/scripts $SCRIPTS_DIR
+RUN $SCRIPTS_DIR/build-webp
+RUN $SCRIPTS_DIR/build-libjpeg-turbo
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+COPY --chown=docker:docker . /src/
+
+USER docker
+ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.debian_bookworm.build

@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 
 ENV KASMVNC_BUILD_OS debian
 ENV KASMVNC_BUILD_OS_CODENAME bookworm
-ENV XORG_VER 1.20.10
+ENV XORG_VER 21.1.7
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN \

builder/dockerfile.fedora_forty.build

@@ -0,0 +1,86 @@
+FROM fedora:40
+
+ENV KASMVNC_BUILD_OS fedora
+ENV KASMVNC_BUILD_OS_CODENAME forty
+ENV XORG_VER 1.20.14
+
+RUN \
+  echo "**** install build deps ****" && \
+  dnf group install -y \
+    "C Development Tools and Libraries" \
+    "Development Tools" && \
+  dnf install -y \
+    autoconf \
+    automake \
+    bison \
+    byacc \
+    bzip2 \
+    cmake \
+    diffutils \
+    doxygen \
+    file \
+    flex \
+    fop \
+    gcc \
+    gcc-c++ \
+    git \
+    glibc-devel \
+    libdrm-devel \
+    libepoxy-devel \
+    libmd-devel \
+    libpciaccess-devel \
+    libtool \
+    libwebp-devel \
+    libX11-devel \
+    libXau-devel \
+    libxcb-devel \
+    libXcursor-devel \
+    libxcvt-devel \
+    libXdmcp-devel \
+    libXext-devel \
+    libXfont2-devel \
+    libxkbfile-devel \
+    libXrandr-devel \
+    libxshmfence-devel \
+    libXtst-devel \
+    mesa-libEGL-devel \
+    mesa-libgbm-devel \
+    mesa-libGL-devel \
+    meson \
+    mingw64-binutils \
+    mt-st \
+    nettle-devel \
+    openssl-devel \
+    patch \
+    pixman-devel \
+    wayland-devel \
+    wget \
+    which \
+    xcb-util-devel \
+    xcb-util-image-devel \
+    xcb-util-keysyms-devel \
+    xcb-util-renderutil-devel \
+    xcb-util-wm-devel \
+    xinit \
+    xkbcomp \
+    xkbcomp-devel \
+    xkeyboard-config \
+    xmlto \
+    xorg-x11-font-utils \
+    xorg-x11-proto-devel \
+    xorg-x11-server-common \
+    xorg-x11-server-devel \
+    xorg-x11-xtrans-devel \
+    xsltproc
+
+ENV SCRIPTS_DIR=/tmp/scripts
+COPY builder/scripts $SCRIPTS_DIR
+RUN $SCRIPTS_DIR/build-webp
+RUN $SCRIPTS_DIR/build-libjpeg-turbo
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+COPY --chown=docker:docker . /src/
+
+USER docker
+ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.fedora_forty.rpm.build

@@ -0,0 +1,13 @@
+FROM fedora:40
+
+RUN dnf install -y fedora-packager fedora-review
+RUN dnf install -y tree vim less
+RUN dnf install -y redhat-lsb-core
+RUN dnf install -y dnf-plugins-core
+
+COPY fedora/*.spec /tmp
+RUN dnf builddep -y /tmp/*.spec
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+USER docker

builder/dockerfile.fedora_fortyone.build

@@ -0,0 +1,87 @@
+FROM fedora:41
+
+ENV KASMVNC_BUILD_OS fedora
+ENV KASMVNC_BUILD_OS_CODENAME fortyone
+ENV XORG_VER 21.1.15
+
+RUN \
+  echo "**** install build deps ****" && \
+  dnf group install -y \
+    c-development \
+    development-tools \
+    development-libs && \
+  dnf install -y \
+    autoconf \
+    automake \
+    bison \
+    byacc \
+    bzip2 \
+    cmake \
+    diffutils \
+    doxygen \
+    file \
+    flex \
+    fop \
+    gcc \
+    gcc-c++ \
+    git \
+    glibc-devel \
+    libdrm-devel \
+    libepoxy-devel \
+    libmd-devel \
+    libpciaccess-devel \
+    libtool \
+    libwebp-devel \
+    libX11-devel \
+    libXau-devel \
+    libxcb-devel \
+    libXcursor-devel \
+    libxcvt-devel \
+    libXdmcp-devel \
+    libXext-devel \
+    libXfont2-devel \
+    libxkbfile-devel \
+    libXrandr-devel \
+    libxshmfence-devel \
+    libXtst-devel \
+    mesa-libEGL-devel \
+    mesa-libgbm-devel \
+    mesa-libGL-devel \
+    meson \
+    mingw64-binutils \
+    mt-st \
+    nettle-devel \
+    openssl-devel \
+    patch \
+    pixman-devel \
+    wayland-devel \
+    wget \
+    which \
+    xcb-util-devel \
+    xcb-util-image-devel \
+    xcb-util-keysyms-devel \
+    xcb-util-renderutil-devel \
+    xcb-util-wm-devel \
+    xinit \
+    xkbcomp \
+    xkbcomp-devel \
+    xkeyboard-config \
+    xmlto \
+    xorg-x11-font-utils \
+    xorg-x11-proto-devel \
+    xorg-x11-server-common \
+    xorg-x11-server-devel \
+    xorg-x11-xtrans-devel \
+    xsltproc
+
+ENV SCRIPTS_DIR=/tmp/scripts
+COPY builder/scripts $SCRIPTS_DIR
+RUN $SCRIPTS_DIR/build-webp
+RUN $SCRIPTS_DIR/build-libjpeg-turbo
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+COPY --chown=docker:docker . /src/
+
+USER docker
+ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.fedora_fortyone.rpm.build

@@ -0,0 +1,13 @@
+FROM fedora:41
+
+RUN dnf install -y fedora-packager fedora-review
+RUN dnf install -y tree vim less
+RUN dnf install -y redhat-lsb-core
+RUN dnf install -y dnf-plugins-core
+
+COPY fedora/*.spec /tmp
+RUN dnf builddep -y /tmp/*.spec
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd
+
+USER docker

builder/dockerfile.kali_kali-rolling.build

@@ -2,10 +2,8 @@ FROM kalilinux/kali-rolling:latest
 
 ENV KASMVNC_BUILD_OS kali
 ENV KASMVNC_BUILD_OS_CODENAME kali-rolling
-ENV XORG_VER 1.20.10
+ENV XORG_VER 21.1.14
 ENV DEBIAN_FRONTEND noninteractive
-ENV CC=gcc-11
-ENV CXX=g++-11
 
 RUN grep '^deb'  /etc/apt/sources.list | sed 's#^deb#deb-src#' >> /etc/apt/sources.list
 
@@ -14,7 +12,7 @@ RUN apt-get update && \
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
-RUN apt-get update && apt-get -y install gcc-11 g++-11 curl
+RUN apt-get update && apt-get -y install gcc g++ curl
 RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget tightvncserver
 RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
 

builder/dockerfile.oracle_8.build

@@ -2,7 +2,7 @@ FROM oraclelinux:8
 
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 8
-ENV XORG_VER 1.20.10
+ENV XORG_VER 1.20.11
 
 # Install from stock repos
 RUN \

builder/dockerfile.oracle_9.build

@@ -2,7 +2,7 @@ FROM oraclelinux:9
 
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 9
-ENV XORG_VER 1.20.10
+ENV XORG_VER 1.20.11
 
 # Install from stock repos
 RUN \

builder/dockerfile.oracle_9.rpm.build

@@ -4,8 +4,8 @@ ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 9
 
 RUN dnf config-manager --set-enabled ol9_codeready_builder
-RUN dnf config-manager --set-enabled ol9_distro_builder
-RUN dnf install -y \
+RUN dnf config-manager --nobest --set-enabled ol9_distro_builder
+RUN dnf install --nobest -y \
   gpg* \
   less \
   redhat-lsb-core \

builder/dockerfile.ubuntu_jammy.build

@@ -2,7 +2,7 @@ FROM ubuntu:jammy
 
 ENV KASMVNC_BUILD_OS ubuntu
 ENV KASMVNC_BUILD_OS_CODENAME jammy
-ENV XORG_VER 1.20.8
+ENV XORG_VER 21.1.3
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN sed -i 's$# deb-src$deb-src$' /etc/apt/sources.list

builder/dockerfile.ubuntu_noble.build

@@ -0,0 +1,28 @@
+FROM ubuntu:noble
+
+ENV KASMVNC_BUILD_OS ubuntu
+ENV KASMVNC_BUILD_OS_CODENAME noble
+ENV XORG_VER 21.1.12
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN sed -i 's$Types: deb$Types: deb deb-src$' /etc/apt/sources.list.d/ubuntu.sources
+
+RUN apt-get update && \
+      apt-get -y install sudo
+
+RUN apt-get update && apt-get install -y --no-install-recommends tzdata
+RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
+RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget curl
+RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+
+ENV SCRIPTS_DIR=/tmp/scripts
+COPY builder/scripts $SCRIPTS_DIR
+RUN $SCRIPTS_DIR/build-webp
+RUN $SCRIPTS_DIR/build-libjpeg-turbo
+
+RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
+
+COPY --chown=docker:docker . /src/
+
+USER docker
+ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.ubuntu_noble.deb.build

@@ -0,0 +1,19 @@
+FROM ubuntu:noble
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+      apt-get -y install vim build-essential devscripts equivs
+
+# Install build-deps for the package.
+COPY ./debian/control /tmp
+RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control
+
+ARG L_UID
+RUN if [ "$L_UID" -eq 0 ]; then \
+      useradd -m docker; \
+    else \
+      useradd -m docker -u $L_UID;\
+    fi
+
+USER docker

builder/dockerfile.ubuntu_noble.deb.test

@@ -0,0 +1,57 @@
+FROM ubuntu:noble
+
+ENV DISPLAY=:1 \
+    VNC_PORT=8443 \
+    VNC_RESOLUTION=1280x720 \
+    MAX_FRAME_RATE=24 \
+    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
+    HOME=/home/user \
+    TERM=xterm \
+    STARTUPDIR=/dockerstartup \
+    INST_SCRIPTS=/dockerstartup/install \
+    KASM_RX_HOME=/dockerstartup/kasmrx \
+    DEBIAN_FRONTEND=noninteractive \
+    VNC_COL_DEPTH=24 \
+    VNC_RESOLUTION=1280x1024 \
+    VNC_PW=vncpassword \
+    VNC_USER=user \
+    VNC_VIEW_ONLY_PW=vncviewonlypassword \
+    LD_LIBRARY_PATH=/usr/local/lib/ \
+    OMP_WAIT_POLICY=PASSIVE \
+    SHELL=/bin/bash \
+    SINGLE_APPLICATION=0 \
+    KASMVNC_BUILD_OS=ubuntu \
+    KASMVNC_BUILD_OS_CODENAME=noble
+
+EXPOSE $VNC_PORT
+
+WORKDIR $HOME
+
+### REQUIRED STUFF ###
+
+RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
+RUN apt-get purge -y pm-utils xscreensaver*
+RUN apt-get update && apt-get install -y vim less
+RUN apt-get update && apt-get -y install lsb-release
+
+RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
+
+RUN mkdir -p $STARTUPDIR
+COPY builder/startup/ $STARTUPDIR
+
+### START CUSTOM STUFF ####
+
+ARG KASMVNC_PACKAGE_DIR
+COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp/
+RUN rm -f /tmp/kasmvncserver_*+*.deb; dpkg -i /tmp/*.deb; apt-get -yf install
+
+RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \
+  chmod +x ~/.vnc/xstartup
+
+### END CUSTOM STUFF ###
+
+RUN chown -R 1000:0 $HOME
+USER 1000:ssl-cert
+WORKDIR $HOME
+
+ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]

builder/dockerfile.ubuntu_noble.test

@@ -0,0 +1,51 @@
+FROM ubuntu:noble
+
+ENV DISPLAY=:1 \
+    VNC_PORT=8443 \
+    VNC_RESOLUTION=1280x720 \
+    MAX_FRAME_RATE=24 \
+    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
+    HOME=/home/user \
+    TERM=xterm \
+    STARTUPDIR=/dockerstartup \
+    INST_SCRIPTS=/dockerstartup/install \
+    KASM_RX_HOME=/dockerstartup/kasmrx \
+    DEBIAN_FRONTEND=noninteractive \
+    VNC_COL_DEPTH=24 \
+    VNC_RESOLUTION=1280x1024 \
+    VNC_PW=vncpassword \
+    VNC_USER=user \
+    VNC_VIEW_ONLY_PW=vncviewonlypassword \
+    LD_LIBRARY_PATH=/usr/local/lib/ \
+    OMP_WAIT_POLICY=PASSIVE \
+    SHELL=/bin/bash \
+    SINGLE_APPLICATION=0 \
+    KASMVNC_BUILD_OS=ubuntu \
+    KASMVNC_BUILD_OS_CODENAME=noble
+
+EXPOSE $VNC_PORT
+
+WORKDIR $HOME
+
+### REQUIRED STUFF ###
+
+RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
+RUN apt-get purge -y pm-utils xscreensaver*
+
+RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
+
+RUN mkdir -p $STARTUPDIR
+COPY startup/ $STARTUPDIR
+
+### START CUSTOM STUFF ####
+
+COPY build/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz /tmp/
+RUN tar -xzvf /tmp/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz --strip 1 -C /
+
+### END CUSTOM STUFF ###
+
+RUN chown -R 1000:0 $HOME
+USER 1000
+WORKDIR $HOME
+
+ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]

centos/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -83,6 +83,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

common/network/websocket.c

@@ -18,6 +18,7 @@
 #include <errno.h>
 #include <string.h>
 #include <dirent.h>
+#include <inttypes.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -26,6 +27,9 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <fcntl.h>  // daemonizing
+#include <pwd.h>
+#include <grp.h>
+#include <wordexp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/bio.h> /* base64 encode/decode */
@@ -782,6 +786,10 @@ static const char *name2mime(const char *name) {
         goto def;
     end++;
 
+    // Everything under Downloads/ should be treated as binary
+    if (strcasestr(name, "Downloads/"))
+        goto def;
+
     #define CMP(s) if (!strncmp(end, s, sizeof(s) - 1))
 
     CMP("htm")
@@ -917,6 +925,12 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
 
     percent_decode(path, buf, 1);
 
+    // in case they percent-encoded dots
+    if (strstr(buf, "../")) {
+        handler_msg("Attempted dir traversal attack, rejecting\n");
+        goto nope;
+    }
+
     handler_msg("Requested file '%s'\n", buf);
     sprintf(fullpath, "%s/%s", settings.httpdir, buf);
 
@@ -933,15 +947,15 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
         goto nope;
     }
 
-    fseek(f, 0, SEEK_END);
-    const uint64_t filesize = ftell(f);
+    fseeko(f, 0, SEEK_END);
+    const uint64_t filesize = ftello(f);
     rewind(f);
 
     sprintf(buf, "HTTP/1.1 200 OK\r\n"
                  "Server: KasmVNC/4.0\r\n"
                  "Connection: close\r\n"
                  "Content-type: %s\r\n"
-                 "Content-length: %lu\r\n"
+                 "Content-length: %" PRIu64 "\r\n"
                  "%s"
                  "\r\n",
                  name2mime(path), filesize, extra_headers ? extra_headers : "");
@@ -1018,6 +1032,20 @@ static void send403(ws_ctx_t *ws_ctx, const char * const origip, const char * co
     weblog(403, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(buf));
 }
 
+static void send400(ws_ctx_t *ws_ctx, const char * const origip, const char * const ip,
+                    const char *info) {
+    char buf[4096];
+    sprintf(buf, "HTTP/1.1 400 Bad Request\r\n"
+                 "Server: KasmVNC/4.0\r\n"
+                 "Connection: close\r\n"
+                 "Content-type: text/plain\r\n"
+                 "%s"
+                 "\r\n"
+                 "400 Bad Request%s", extra_headers ? extra_headers : "", info);
+    ws_send(ws_ctx, buf, strlen(buf));
+    weblog(400, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(buf));
+}
+
 static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * const user,
                              const char * const ip, const char * const origip) {
     char buf[4096], path[4096];
@@ -1611,6 +1639,103 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
         ws_send(ws_ctx, buf, strlen(buf));
         weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
 
+        ret = 1;
+    } else entry("/api/downloads") {
+        char subpath[PATH_MAX] = "", startpath[PATH_MAX] = "~/Downloads", allpath[PATH_MAX];
+        param = parse_get(args, "path", &len);
+        if (len) {
+            memcpy(buf, param, len);
+            buf[len] = '\0';
+            percent_decode(buf, subpath, 0);
+
+            if (strstr(subpath, "../")) {
+                handler_msg("Attempted directory traversal in /api/downloads\n");
+                goto nope;
+            }
+        }
+
+        wordexp_t wexp;
+        if (!wordexp(startpath, &wexp, WRDE_NOCMD))
+            strcpy(startpath, wexp.we_wordv[0]);
+        else
+            goto nope;
+        wordfree(&wexp);
+
+        snprintf(allpath, PATH_MAX, "%s/%s", startpath, subpath);
+        allpath[PATH_MAX - 1] = '\0';
+
+        DIR *dir = opendir(allpath);
+        if (!dir) {
+            handler_msg("Requested dir does not exist\n");
+            goto nope;
+        }
+
+        sprintf(buf, "HTTP/1.1 200 OK\r\n"
+                 "Server: KasmVNC/4.0\r\n"
+                 "Connection: close\r\n"
+                 "Content-type: text/json\r\n"
+                 "%s"
+                 "\r\n", extra_headers ? extra_headers : "");
+        ws_send(ws_ctx, buf, strlen(buf));
+        len = 15;
+
+        ws_send(ws_ctx, "{ \"files\": [\n", 13);
+
+        struct dirent *ent;
+        unsigned char sent = 0;
+        while ((ent = readdir(dir))) {
+            if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, ".."))
+                continue;
+
+            sprintf(path, "%s/%s", allpath, ent->d_name);
+            struct stat st;
+            if (lstat(path, &st))
+                continue;
+
+            char own[LOGIN_NAME_MAX], grp[LOGIN_NAME_MAX], perms[32];
+            sprintf(perms, "%03o", st.st_mode & 0777);
+
+            struct passwd pwdt, *pwdptr;
+            if (getpwuid_r(st.st_uid, &pwdt, buf, sizeof(buf), &pwdptr)) {
+                sprintf(own, "(unknown uid %u)", st.st_uid);
+            } else {
+                strcpy(own, pwdt.pw_name);
+            }
+
+            struct group grpt, *grpptr;
+            if (getgrgid_r(st.st_gid, &grpt, buf, sizeof(buf), &grpptr)) {
+                sprintf(grp, "(unknown gid %u)", st.st_gid);
+            } else {
+                strcpy(grp, grpt.gr_name);
+            }
+
+            sprintf(buf, "%s{ \"filename\": \"%s\", "
+                         "\"date_modified\": %lu, "
+                         "\"date_created\": %lu, "
+                         "\"is_dir\": %s, "
+                         "\"size\": %lu, "
+                         "\"owner\": \"%s\", "
+                         "\"group\": \"%s\", "
+                         "\"perms\": \"%s\" }",
+                         sent ? ",\n" : "",
+                         ent->d_name,
+                         st.st_mtime,
+                         st.st_ctime,
+                         S_ISDIR(st.st_mode) ? "true" : "false",
+                         S_ISDIR(st.st_mode) ? 0 : st.st_size,
+                         own,
+                         grp,
+                         perms);
+            sent = 1;
+            ws_send(ws_ctx, buf, strlen(buf));
+            len += strlen(buf);
+        }
+
+        ws_send(ws_ctx, "]}", 2);
+
+        closedir(dir);
+        weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, len);
+
         ret = 1;
     }
 
@@ -1644,7 +1769,7 @@ timeout:
 }
 
 ws_ctx_t *do_handshake(int sock, char * const ip) {
-    char handshake[4096], response[4096], sha1[29], trailer[17];
+    char handshake[16 * 1024], response[4096], sha1[29], trailer[17];
     char *scheme, *pre;
     headers_t *headers;
     int len, i, offset;
@@ -1701,6 +1826,7 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
             break;
         } else if (sizeof(handshake) <= (size_t)(offset + 1)) {
             handler_emsg("Oversized handshake\n");
+            send400(ws_ctx, "-", ip, ", too large");
             free_ws_ctx(ws_ctx);
             return NULL;
         } else if (9 == i) {

common/rfb/Blacklist.cxx

@@ -42,6 +42,9 @@ Blacklist::~Blacklist() {
 }
 
 bool Blacklist::isBlackmarked(const char* name) {
+  if (!threshold)
+    return false;
+
   BlacklistMap::iterator i = blm.find(name);
   if (i == blm.end()) {
     // Entry is not already black-marked.

debian/changelog

@@ -1,3 +1,40 @@
+kasmvnc (1.3.3-1) unstable; urgency=medium
+
+  * Allow disabling IP blacklist
+  * Downloads API for detailed file downloads information
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Fri, 25 Oct 2024 11:23:00 +0000
+
+kasmvnc (1.3.2-1) unstable; urgency=medium
+
+  * Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+  * Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+  * Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+  * Fixed memory leak in kasmproxy.
+  * Fixed mime types of downloads to ensure the browser interprets them as downloads.
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Tue, 24 Sep 2024 11:23:00 +0000
+
+kasmvnc (1.3.1-1) unstable; urgency=medium
+
+  * Fix exception thrown on Firefox 124 and higher
+  * Fix artifacts on high resolution secondary screens
+  * Fixes for touch support on primary and secondary screens
+  * Fix for Oculus keyboard input
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 12 Mar 2024 11:23:00 +0000
+
+kasmvnc (1.3.0-1) unstable; urgency=medium
+
+  * Multi-monitor support.
+  * Increased performance with watermark enabled.
+  * Added support for Fedora 39 and Alpine 319.
+  * Allow special characters in usernames.
+  * Better logging of client settings when client connects or changes settings.
+  * Add support for rotation of text-based watermark.
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 02 Feb 2024 14:33:00 +0000
+
 kasmvnc (1.2.0-1) unstable; urgency=medium
 
   * Add support for Unix relays for bidirectional communication between noVNC

fedora/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -83,6 +83,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

kasmweb

@@ -1 +1 @@
-Subproject commit 54b9bac920267e902af3c9dfca4c0f64cff92f41
+Subproject commit bce2d6a7048025c6e6c05df9d98b206c23f6dbab

opensuse/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        leap15
 Summary:        VNC server accessible from a web browser
 
@@ -81,6 +81,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-leap15
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

oracle/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -82,6 +82,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

oracle/kasmvncserver9.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -82,6 +82,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

unix/kasmxproxy/kasmxproxy.c

@@ -520,6 +520,8 @@ int main(int argc, char **argv) {
 			cursorhash = newhash;
 		}
 
+		XFree(cursor);
+
 		usleep(sleeptime);
 	}
 

unix/xserver/hw/vnc/Xvnc.man

@@ -478,7 +478,7 @@ See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
 .TP
 .B \-BlacklistThreshold \fIcount\fP
 The number of unauthenticated connection attempts allowed from any individual
-host before that host is black-listed.  Default is 5.
+host before that host is black-listed.  Default is 5. Set to 0 to disable.
 .
 .TP
 .B \-BlacklistTimeout \fIseconds\fP

unix/xserver/hw/vnc/dri3.c

@@ -55,9 +55,12 @@ typedef struct gbm_pixmap gbm_pixmap;
 static DevPrivateKeyRec dri3_pixmap_private_key;
 static struct timeval start;
 
-#define MAX_TEXPIXMAPS 32
-static PixmapPtr texpixmaps[MAX_TEXPIXMAPS];
-static uint32_t num_texpixmaps;
+struct texpixmap {
+    PixmapPtr pixmap;
+    struct xorg_list entry;
+};
+
+static struct xorg_list texpixmaps;
 static CARD32 update_texpixmaps(OsTimerPtr timer, CARD32 time, void *arg);
 static OsTimerPtr texpixmaptimer;
 
@@ -110,25 +113,21 @@ static gbm_pixmap *gbm_pixmap_get(PixmapPtr pixmap)
 
 static void add_texpixmap(PixmapPtr pix)
 {
-    uint32_t i;
-    for (i = 0; i < MAX_TEXPIXMAPS; i++) {
-        if (texpixmaps[i] == pix)
-            return;
-    }
+    struct texpixmap *ptr;
 
-    for (i = 0; i < MAX_TEXPIXMAPS; i++) {
-        if (!texpixmaps[i]) {
-            texpixmaps[i] = pix;
-            pix->refcnt++;
-            num_texpixmaps++;
-            // start if not running
-            if (!texpixmaptimer)
-                texpixmaptimer = TimerSet(NULL, 0, 16, update_texpixmaps, NULL);
+    xorg_list_for_each_entry(ptr, &texpixmaps, entry) {
+        if (ptr->pixmap == pix)
             return;
-        }
     }
 
-    ErrorF("Max number of texpixmaps reached\n");
+    ptr = calloc(1, sizeof(struct texpixmap));
+    ptr->pixmap = pix;
+    pix->refcnt++;
+    xorg_list_append(&ptr->entry, &texpixmaps);
+
+    // start if not running
+    if (!texpixmaptimer)
+        texpixmaptimer = TimerSet(NULL, 0, 16, update_texpixmaps, NULL);
 }
 
 static PixmapPtr
@@ -313,38 +312,41 @@ void xvnc_sync_dri3_textures(void)
     // This is called both from the global damage report and the timer,
     // to account for cases that do not use the damage report.
 
-    uint32_t i, y;
+    uint32_t y;
     gbm_pixmap *gp;
     uint8_t *src, *dst;
     uint32_t srcstride, dststride;
     void *opaque = NULL;
+    struct texpixmap *ptr, *tmpptr;
 
-    for (i = 0; i < MAX_TEXPIXMAPS; i++) {
-        if (!texpixmaps[i])
-            continue;
-        if (texpixmaps[i]->refcnt == 1) {
+    // We may not be running on hw if there's a compositor using PRESENT on llvmpipe
+    if (!driNode)
+        return;
+
+    xorg_list_for_each_entry_safe(ptr, tmpptr, &texpixmaps, entry) {
+        if (ptr->pixmap->refcnt == 1) {
             // We are the only user left, delete it
-            texpixmaps[i]->drawable.pScreen->DestroyPixmap(texpixmaps[i]);
-            texpixmaps[i] = NULL;
-            num_texpixmaps--;
+            ptr->pixmap->drawable.pScreen->DestroyPixmap(ptr->pixmap);
+            xorg_list_del(&ptr->entry);
+            free(ptr);
             continue;
         }
 
-        gp = gbm_pixmap_get(texpixmaps[i]);
+        gp = gbm_pixmap_get(ptr->pixmap);
         opaque = NULL;
         dst = gbm_bo_map(gp->bo, 0, 0,
-                         texpixmaps[i]->drawable.width,
-                         texpixmaps[i]->drawable.height,
+                         ptr->pixmap->drawable.width,
+                         ptr->pixmap->drawable.height,
                          GBM_BO_TRANSFER_WRITE, &dststride, &opaque);
         if (!dst) {
             ErrorF("gbm map failed, errno %d\n", errno);
             continue;
         }
 
-        srcstride = texpixmaps[i]->devKind;
-        src = texpixmaps[i]->devPrivate.ptr;
+        srcstride = ptr->pixmap->devKind;
+        src = ptr->pixmap->devPrivate.ptr;
 
-        for (y = 0; y < texpixmaps[i]->drawable.height; y++) {
+        for (y = 0; y < ptr->pixmap->drawable.height; y++) {
             memcpy(dst, src, srcstride);
             dst += dststride;
             src += srcstride;
@@ -358,7 +360,7 @@ static CARD32 update_texpixmaps(OsTimerPtr timer, CARD32 time, void *arg)
 {
     xvnc_sync_dri3_textures();
 
-    if (!num_texpixmaps) {
+    if (xorg_list_is_empty(&texpixmaps)) {
         TimerFree(texpixmaptimer);
         texpixmaptimer = NULL;
         return 0;
@@ -387,6 +389,8 @@ void xvnc_init_dri3(void)
     if (!priv.gbm)
         FatalError("Failed to create gbm\n");
 
+    xorg_list_init(&texpixmaps);
+
     if (!dri3_screen_init(screenInfo.screens[0], &xvnc_dri3_info))
         FatalError("Couldn't init dri3\n");
 }

unix/xserver/hw/vnc/xorg-version.h

@@ -54,8 +54,10 @@
 #define XORG 119
 #elif XORG_VERSION_CURRENT < ((1 * 10000000) + (20 * 100000) + (99 * 1000))
 #define XORG 120
+#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (21 * 100000) + (99 * 1000))
+#define XORG 121
 #else
-#error "X.Org newer than 1.20 is not supported"
+#error "X.Org newer than 21 is not supported"
 #endif
 
 #endif

unix/xserver/hw/vnc/xvnc.c

@@ -94,9 +94,8 @@ from the X Consortium.
 #undef VENDOR_RELEASE
 #undef VENDOR_STRING
 #include "version-config.h"
-#include "site.h"
 
-#define XVNCVERSION "KasmVNC 1.2.0"
+#define XVNCVERSION "KasmVNC 1.3.3"
 #define XVNCCOPYRIGHT ("Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)\n" \
                        "See http://kasmweb.com for information on KasmVNC.\n")
 
@@ -164,7 +163,7 @@ const char *driNode = NULL;
 static Bool displaySpecified = FALSE;
 static char displayNumStr[16];
 
-static int vncVerbose = DEFAULT_LOG_VERBOSITY;
+static int vncVerbose = 0;
 
 int unixrelays[MAX_UNIX_RELAYS];
 char unixrelaynames[MAX_UNIX_RELAYS][MAX_UNIX_RELAY_NAME_LEN];
@@ -283,8 +282,13 @@ vncPrintBanner(void)
     ErrorF("\nXvnc %s%s - built %s\n%s", XVNCVERSION,
            sizeof(XVNCEXTRAVERSION) > 2 ? XVNCEXTRAVERSION : "",
            buildtime, XVNCCOPYRIGHT);
+    // VENDOR_STRING was removed in 21
+    #ifdef VENDOR_STRING
     ErrorF("Underlying X server release %d, %s\n\n", VENDOR_RELEASE,
            VENDOR_STRING);
+    #else
+    ErrorF("Underlying X server release %d\n\n", VENDOR_RELEASE);
+    #endif
 }
 
 static void

unix/xserver21.patch

@@ -0,0 +1,115 @@
+diff -urpN xorg-server-1.20.0/configure.ac xorg-server-1.20.0/configure.ac
+--- xorg-server-1.20.0/configure.ac	2018-05-10 09:32:34.000000000 -0700
++++ xorg-server-1.20.0/configure.ac	2018-06-13 19:04:47.536413626 -0700
+@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
+ AC_CONFIG_HEADERS(include/version-config.h)
+ 
+ AM_PROG_AS
++AC_PROG_CXX
+ AC_PROG_LN_S
+ LT_PREREQ([2.2])
+ LT_INIT([disable-static win32-dll])
+@@ -1777,6 +1778,10 @@ if test "x$XVFB" = xyes; then
+ 	AC_SUBST([XVFB_SYS_LIBS])
+ fi
+ 
++dnl Xvnc DDX
++AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
++AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
++AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
+ 
+ dnl Xnest DDX
+ 
+@@ -1812,6 +1817,8 @@ if test "x$XORG" = xauto; then
+ fi
+ AC_MSG_RESULT([$XORG])
+ 
++AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
++
+ if test "x$XORG" = xyes; then
+ 	XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
+ 	XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
+@@ -2029,7 +2036,6 @@ if test "x$XORG" = xyes; then
+ 	AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
+ 	AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
+ 	AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
+-	AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
+ 	AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
+ 	AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
+ 	AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
+@@ -2565,6 +2571,7 @@ hw/dmx/Makefile
+ hw/dmx/man/Makefile
+ hw/vfb/Makefile
+ hw/vfb/man/Makefile
++hw/vnc/Makefile
+ hw/xnest/Makefile
+ hw/xnest/man/Makefile
+ hw/xwin/Makefile
+diff -urpN xorg-server-1.20.0/hw/Makefile.am xorg-server-1.20.0/hw/Makefile.am
+--- xorg-server-1.20.0/hw/Makefile.am	2018-05-10 09:32:34.000000000 -0700
++++ xorg-server-1.20.0/hw/Makefile.am	2018-06-13 19:04:47.536413626 -0700
+@@ -44,3 +44,5 @@
+ 
+ relink:
+ 	$(AM_V_at)for i in $(SUBDIRS) ; do $(MAKE) -C $$i relink || exit 1 ; done
++
++SUBDIRS += vnc
+diff -urpN xorg-server-1.20.0/mi/miinitext.c xorg-server-1.20.0/mi/miinitext.c
+--- xorg-server-1.20.0/mi/miinitext.c	2018-05-10 09:32:37.000000000 -0700
++++ xorg-server-1.20.0/mi/miinitext.c	2018-06-13 19:05:14.742200675 -0700
+@@ -107,8 +107,15 @@ SOFTWARE.
+ #include "os.h"
+ #include "globals.h"
+ 
++#ifdef KASMVNC
++extern void vncExtensionInit(void);
++#endif
++
+ /* List of built-in (statically linked) extensions */
+ static const ExtensionModule staticExtensions[] = {
++#ifdef KASMVNC
++    {vncExtensionInit, "VNC-EXTENSION", NULL},
++#endif
+     {GEExtensionInit, "Generic Event Extension", &noGEExtension},
+     {ShapeExtensionInit, "SHAPE", NULL},
+ #ifdef MITSHM
+--- xserver.orig/present/present.c	2019-02-26 21:28:50.000000000 +0200
++++ xserver/present/present.c	2023-01-20 11:32:27.175493594 +0200
+@@ -27,6 +27,8 @@
+ #include "present_priv.h"
+ #include <gcstruct.h>
+ 
++void xvnc_sync_dri3_pixmap(PixmapPtr pixmap);
++
+ /*
+  * Returns:
+  * TRUE if the first MSC value is equal to or after the second one
+@@ -79,6 +81,8 @@
+     ScreenPtr   screen = drawable->pScreen;
+     GCPtr       gc;
+ 
++    xvnc_sync_dri3_pixmap(pixmap);
++
+     gc = GetScratchGC(drawable->depth, screen);
+     if (update) {
+         ChangeGCVal     changes[2];
+--- xserver.orig/damageext/damageext.c	2019-02-26 21:28:50.000000000 +0200
++++ xserver/damageext/damageext.c	2023-03-21 12:52:58.411647186 +0200
+@@ -87,6 +87,8 @@
+     *h = draw->height;
+ }
+ 
++void xvnc_sync_dri3_textures(void);
++
+ static void
+ DamageExtNotify(DamageExtPtr pDamageExt, BoxPtr pBoxes, int nBoxes)
+ {
+@@ -97,6 +99,8 @@
+ 
+     damageGetGeometry(pDrawable, &x, &y, &w, &h);
+ 
++    xvnc_sync_dri3_textures();
++
+     UpdateCurrentTimeIf();
+     ev = (xDamageNotifyEvent) {
+         .type = DamageEventBase + XDamageNotify,