Merge branch 'feature/KASM-6637_kasmvnc_1.3.3' into 'master'

KASM-6637 kasmvnc 1.3.3

Closes KASM-6637

See merge request kasm-technologies/internal/KasmVNC!148

centos/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -83,6 +83,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

common/network/websocket.c

@@ -27,6 +27,9 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <fcntl.h>  // daemonizing
+#include <pwd.h>
+#include <grp.h>
+#include <wordexp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/bio.h> /* base64 encode/decode */
@@ -924,7 +927,7 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
 
     // in case they percent-encoded dots
     if (strstr(buf, "../")) {
-        handler_msg("Attempted dir traversal attack, rejecting\n", len);
+        handler_msg("Attempted dir traversal attack, rejecting\n");
         goto nope;
     }
 
@@ -1636,6 +1639,103 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
         ws_send(ws_ctx, buf, strlen(buf));
         weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
 
+        ret = 1;
+    } else entry("/api/downloads") {
+        char subpath[PATH_MAX] = "", startpath[PATH_MAX] = "~/Downloads", allpath[PATH_MAX];
+        param = parse_get(args, "path", &len);
+        if (len) {
+            memcpy(buf, param, len);
+            buf[len] = '\0';
+            percent_decode(buf, subpath, 0);
+
+            if (strstr(subpath, "../")) {
+                handler_msg("Attempted directory traversal in /api/downloads\n");
+                goto nope;
+            }
+        }
+
+        wordexp_t wexp;
+        if (!wordexp(startpath, &wexp, WRDE_NOCMD))
+            strcpy(startpath, wexp.we_wordv[0]);
+        else
+            goto nope;
+        wordfree(&wexp);
+
+        snprintf(allpath, PATH_MAX, "%s/%s", startpath, subpath);
+        allpath[PATH_MAX - 1] = '\0';
+
+        DIR *dir = opendir(allpath);
+        if (!dir) {
+            handler_msg("Requested dir does not exist\n");
+            goto nope;
+        }
+
+        sprintf(buf, "HTTP/1.1 200 OK\r\n"
+                 "Server: KasmVNC/4.0\r\n"
+                 "Connection: close\r\n"
+                 "Content-type: text/json\r\n"
+                 "%s"
+                 "\r\n", extra_headers ? extra_headers : "");
+        ws_send(ws_ctx, buf, strlen(buf));
+        len = 15;
+
+        ws_send(ws_ctx, "{ \"files\": [\n", 13);
+
+        struct dirent *ent;
+        unsigned char sent = 0;
+        while ((ent = readdir(dir))) {
+            if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, ".."))
+                continue;
+
+            sprintf(path, "%s/%s", allpath, ent->d_name);
+            struct stat st;
+            if (lstat(path, &st))
+                continue;
+
+            char own[LOGIN_NAME_MAX], grp[LOGIN_NAME_MAX], perms[32];
+            sprintf(perms, "%03o", st.st_mode & 0777);
+
+            struct passwd pwdt, *pwdptr;
+            if (getpwuid_r(st.st_uid, &pwdt, buf, sizeof(buf), &pwdptr)) {
+                sprintf(own, "(unknown uid %u)", st.st_uid);
+            } else {
+                strcpy(own, pwdt.pw_name);
+            }
+
+            struct group grpt, *grpptr;
+            if (getgrgid_r(st.st_gid, &grpt, buf, sizeof(buf), &grpptr)) {
+                sprintf(grp, "(unknown gid %u)", st.st_gid);
+            } else {
+                strcpy(grp, grpt.gr_name);
+            }
+
+            sprintf(buf, "%s{ \"filename\": \"%s\", "
+                         "\"date_modified\": %lu, "
+                         "\"date_created\": %lu, "
+                         "\"is_dir\": %s, "
+                         "\"size\": %lu, "
+                         "\"owner\": \"%s\", "
+                         "\"group\": \"%s\", "
+                         "\"perms\": \"%s\" }",
+                         sent ? ",\n" : "",
+                         ent->d_name,
+                         st.st_mtime,
+                         st.st_ctime,
+                         S_ISDIR(st.st_mode) ? "true" : "false",
+                         S_ISDIR(st.st_mode) ? 0 : st.st_size,
+                         own,
+                         grp,
+                         perms);
+            sent = 1;
+            ws_send(ws_ctx, buf, strlen(buf));
+            len += strlen(buf);
+        }
+
+        ws_send(ws_ctx, "]}", 2);
+
+        closedir(dir);
+        weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, len);
+
         ret = 1;
     }
 

common/rfb/Blacklist.cxx

@@ -42,6 +42,9 @@ Blacklist::~Blacklist() {
 }
 
 bool Blacklist::isBlackmarked(const char* name) {
+  if (!threshold)
+    return false;
+
   BlacklistMap::iterator i = blm.find(name);
   if (i == blm.end()) {
     // Entry is not already black-marked.

debian/changelog

@@ -1,3 +1,40 @@
+kasmvnc (1.3.3-1) unstable; urgency=medium
+
+  * Allow disabling IP blacklist
+  * Downloads API for detailed file downloads information
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Fri, 25 Oct 2024 11:23:00 +0000
+
+kasmvnc (1.3.2-1) unstable; urgency=medium
+
+  * Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+  * Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+  * Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+  * Fixed memory leak in kasmproxy.
+  * Fixed mime types of downloads to ensure the browser interprets them as downloads.
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Tue, 24 Sep 2024 11:23:00 +0000
+
+kasmvnc (1.3.1-1) unstable; urgency=medium
+
+  * Fix exception thrown on Firefox 124 and higher
+  * Fix artifacts on high resolution secondary screens
+  * Fixes for touch support on primary and secondary screens
+  * Fix for Oculus keyboard input
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 12 Mar 2024 11:23:00 +0000
+
+kasmvnc (1.3.0-1) unstable; urgency=medium
+
+  * Multi-monitor support.
+  * Increased performance with watermark enabled.
+  * Added support for Fedora 39 and Alpine 319.
+  * Allow special characters in usernames.
+  * Better logging of client settings when client connects or changes settings.
+  * Add support for rotation of text-based watermark.
+
+ -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 02 Feb 2024 14:33:00 +0000
+
 kasmvnc (1.2.0-1) unstable; urgency=medium
 
   * Add support for Unix relays for bidirectional communication between noVNC

fedora/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -83,6 +83,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

opensuse/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        leap15
 Summary:        VNC server accessible from a web browser
 
@@ -81,6 +81,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-leap15
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

oracle/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -82,6 +82,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

oracle/kasmvncserver9.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.2.0
+Version:        1.3.3
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -82,6 +82,27 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
+* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
+- Allow disabling IP blacklist
+- Downloads API for detailed file downloads information
+* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
+- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
+- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
+- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
+- Fixed memory leak in kasmproxy.
+- Fixed mime types of downloads to ensure the browser interprets them as downloads.
+* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
+- Fix exception thrown on Firefox 124 and higher
+- Fix artifacts on high resolution secondary screens
+- Fixes for touch support on primary and secondary screens
+- Fix for Oculus keyboard input
+* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
+- Multi-monitor support.
+- Increased performance with watermark enabled.
+- Added support for Fedora 39 and Alpine 319.
+- Allow special characters in usernames.
+- Better logging of client settings when client connects or changes settings.
+- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

unix/xserver/hw/vnc/Xvnc.man

@@ -478,7 +478,7 @@ See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
 .TP
 .B \-BlacklistThreshold \fIcount\fP
 The number of unauthenticated connection attempts allowed from any individual
-host before that host is black-listed.  Default is 5.
+host before that host is black-listed.  Default is 5. Set to 0 to disable.
 .
 .TP
 .B \-BlacklistTimeout \fIseconds\fP

unix/xserver/hw/vnc/xvnc.c

@@ -96,7 +96,7 @@ from the X Consortium.
 #include "version-config.h"
 #include "site.h"
 
-#define XVNCVERSION "KasmVNC 1.2.0"
+#define XVNCVERSION "KasmVNC 1.3.3"
 #define XVNCCOPYRIGHT ("Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)\n" \
                        "See http://kasmweb.com for information on KasmVNC.\n")