publicWagsHome/KasmVNC
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: publicWagsHome:v1.3.3
Branches Tags
publicWagsHome:master publicWagsHome:release/1.3.3 publicWagsHome:release/1.3.2 publicWagsHome:release/1.2.1 publicWagsHome:release/1.3.1 publicWagsHome:release/1.3.0 publicWagsHome:release/1.2.0 publicWagsHome:release/1.1.1 publicWagsHome:release/1.1.0 publicWagsHome:release/1.0.1 publicWagsHome:release/1.0.0 publicWagsHome:release/0.9.3.2 publicWagsHome:release/0.9.3.1 publicWagsHome:innovation/session_recording publicWagsHome:release/0.9.3 publicWagsHome:KASM-1810_yaml_config publicWagsHome:httpblacklist publicWagsHome:feature/KASM-2119_ubuntu_2004_default publicWagsHome:video publicWagsHome:bugfix/KASM-2021_kali_stable publicWagsHome:feature/KASM-2083_ARM_Neon publicWagsHome:configchecks publicWagsHome:bugfix/KASM-2034_mobile_audio publicWagsHome:bugfix/KASM-2053_video_quality publicWagsHome:KASM-1609_select_de_to_run publicWagsHome:feature/KASM-1883_x_proxy publicWagsHome:KASM-1910-fix_pipeline publicWagsHome:easy-start-select-de-to-run publicWagsHome:xdg-portal-kde-firefox publicWagsHome:toggle-game-mode publicWagsHome:relativemotion publicWagsHome:pointer_lock_api
publicWagsHome:v1.3.3 publicWagsHome:v1.3.2 publicWagsHome:v1.2.1 publicWagsHome:v1.3.1 publicWagsHome:v1.3.0 publicWagsHome:v1.2.0 publicWagsHome:v1.1.0 publicWagsHome:v1.0.1 publicWagsHome:temporary2 publicWagsHome:temporary publicWagsHome:v1.0.0 publicWagsHome:v0.9.3-beta publicWagsHome:v0.9.2-beta publicWagsHome:v0.9.1-beta publicWagsHome:v0.9.0-beta
..
compare: publicWagsHome:release/1.3.1
Branches Tags
publicWagsHome:master publicWagsHome:release/1.3.3 publicWagsHome:release/1.3.2 publicWagsHome:release/1.2.1 publicWagsHome:release/1.3.1 publicWagsHome:release/1.3.0 publicWagsHome:release/1.2.0 publicWagsHome:release/1.1.1 publicWagsHome:release/1.1.0 publicWagsHome:release/1.0.1 publicWagsHome:release/1.0.0 publicWagsHome:release/0.9.3.2 publicWagsHome:release/0.9.3.1 publicWagsHome:innovation/session_recording publicWagsHome:release/0.9.3 publicWagsHome:KASM-1810_yaml_config publicWagsHome:httpblacklist publicWagsHome:feature/KASM-2119_ubuntu_2004_default publicWagsHome:video publicWagsHome:bugfix/KASM-2021_kali_stable publicWagsHome:feature/KASM-2083_ARM_Neon publicWagsHome:configchecks publicWagsHome:bugfix/KASM-2034_mobile_audio publicWagsHome:bugfix/KASM-2053_video_quality publicWagsHome:KASM-1609_select_de_to_run publicWagsHome:feature/KASM-1883_x_proxy publicWagsHome:KASM-1910-fix_pipeline publicWagsHome:easy-start-select-de-to-run publicWagsHome:xdg-portal-kde-firefox publicWagsHome:toggle-game-mode publicWagsHome:relativemotion publicWagsHome:pointer_lock_api
publicWagsHome:v1.3.3 publicWagsHome:v1.3.2 publicWagsHome:v1.2.1 publicWagsHome:v1.3.1 publicWagsHome:v1.3.0 publicWagsHome:v1.2.0 publicWagsHome:v1.1.0 publicWagsHome:v1.0.1 publicWagsHome:temporary2 publicWagsHome:temporary publicWagsHome:v1.0.0 publicWagsHome:v0.9.3-beta publicWagsHome:v0.9.2-beta publicWagsHome:v0.9.1-beta publicWagsHome:v0.9.0-beta

4 Commits
v1.3.3 ... release/1.

Author SHA1 Message Date
Matthew McClaskey
230e50f7b8 Merge branch 'bugfix/KASM-5742_kasmvnc_1.3.1_bugfixes' into 'release/1.3.1' 
Resolve KASM-5742 "Bugfix/ kasmvnc 1.3.1 bugfixes"

See merge request kasm-technologies/internal/KasmVNC!128
 2024-03-15 09:19:45 +00:00
Matt McClaskey
57c47a9c20 update novnc ref 2024-03-14 12:34:31 -04:00
Matt McClaskey
c4ca652795 bump version number, update novnc ref 2024-03-12 11:26:10 -04:00
Matt McClaskey
6d878d3575 update novnc ref, bump package version to 1.3.0 2024-03-12 11:16:02 -04:00
26 changed files with 52 additions and 708 deletions
Expand all files Collapse all files

116
.gitlab-ci.yml
View File

@@ -17,7 +17,7 @@ variables:
workflow:
rules:
# Disable tag builds.
- if: $CI_COMMIT_TAG != $CI_COMMIT_REF_NAME && $CI_PIPELINE_SOURCE != "merge_request_event"
- if: $CI_COMMIT_TAG != $CI_COMMIT_REF_NAME
stages:
- www
@@ -180,44 +180,6 @@ build_ubuntu_jammy_arm:
paths:
- output/
build_ubuntu_noble:
stage: build
allow_failure: true
tags:
- oci-fixed-amd
before_script:
- *prepare_build
- *prepare_www
after_script:
- *prepare_artfacts
script:
- bash builder/build-package ubuntu noble;
only:
variables:
- $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
artifacts:
paths:
- output/
build_ubuntu_noble_arm:
stage: build
allow_failure: true
tags:
- oci-fixed-arm
before_script:
- *prepare_build
- *prepare_www
after_script:
- *prepare_artfacts
script:
- bash builder/build-package ubuntu noble;
only:
variables:
- $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
artifacts:
paths:
- output/
build_debian_buster:
stage: build
allow_failure: true
@@ -618,44 +580,6 @@ build_fedora_thirtynine_arm:
paths:
- output/
build_fedora_forty:
stage: build
allow_failure: true
tags:
- oci-fixed-amd
before_script:
- *prepare_build
- *prepare_www
after_script:
- *prepare_artfacts
script:
- bash builder/build-package fedora forty;
only:
variables:
- $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
artifacts:
paths:
- output/
build_fedora_forty_arm:
stage: build
allow_failure: true
tags:
- oci-fixed-arm
before_script:
- *prepare_build
- *prepare_www
after_script:
- *prepare_artfacts
script:
- bash builder/build-package fedora forty;
only:
variables:
- $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
artifacts:
paths:
- output/
build_alpine_317:
stage: build
allow_failure: true
@@ -780,44 +704,6 @@ build_alpine_319_arm:
paths:
- output/
build_alpine_320:
stage: build
allow_failure: true
tags:
- oci-fixed-amd
before_script:
- *prepare_build
- *prepare_www
after_script:
- *prepare_artfacts
script:
- bash builder/build-package alpine 320;
only:
variables:
- $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
artifacts:
paths:
- output/
build_alpine_320_arm:
stage: build
allow_failure: true
tags:
- oci-fixed-arm
before_script:
- *prepare_build
- *prepare_www
after_script:
- *prepare_artfacts
script:
- bash builder/build-package alpine 320;
only:
variables:
- $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
artifacts:
paths:
- output/
upload:
stage: upload
image: ubuntu:focal

2
.gitmodules vendored
View File

@@ -1,4 +1,4 @@
[submodule "kasmweb"]
path = kasmweb
url = https://github.com/kasmtech/noVNC.git
branch = release/1.2.2
branch = release/1.2.1

6
README.md
View File

@@ -4,7 +4,7 @@
KasmVNC provides remote web-based access to a Desktop or application. While VNC is in the name, KasmVNC differs from other VNC variants such as TigerVNC, RealVNC, and TurboVNC. KasmVNC has broken from the RFB specification which defines VNC, in order to support modern technologies and increase security. KasmVNC is accessed by users from any modern browser and does not support legacy VNC viewer applications. KasmVNC uses a modern YAML based configuration at the server and user level, allowing for ease of management.
[Kasm Technologies](https://www.kasmweb.com) developed Kasm Workspaces, the Containerized Streaming Platform. Kasm has open-sourced the Workspace docker images, which include containerized [full desktops and apps](https://github.com/kasmtech/workspaces-images) and [base images](https://github.com/kasmtech/workspaces-core-images) intended for developers to create customized streaming containers. These containers can be used standalone or within the [Kasm Workspaces Platform](https://www.kasmweb.com) which provides a full Enterprise feature set.
[Kasm Technologies](https://www.kasmweb.com) developed Kasm Workspaces, the Containerized Streaming Platform. Kasm has open-sourced the Workspace docker images, which include containerized [full desktops and apps](https://github.com/kasmtech/workspaces-images) and [base images](https://github.com/kasmtech/workspaces-core-images) intended for developers to create custimized streaming containers. These containers can be used standalone or within the [Kasm Workspaces Platform](https://www.kasmweb.com) which provides a full Enterprise feature set.
## Documentation
@@ -27,7 +27,7 @@ wget <package_url>
sudo apt-get install ./kasmvncserver_*.deb
# Add your user to the ssl-cert group
sudo adduser $USER ssl-cert
sudo addgroup $USER ssl-cert
```
### Oracle 8
@@ -269,4 +269,4 @@ Future Goals:
See the [builder/README.md](https://github.com/kasmtech/KasmVNC/blob/master/builder/README.md). We containerize our build systems to ensure highly repeatable builds.
### License and Acknowledgements
See the [LICENSE.TXT](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT) and [ACKNOWLEDGEMENTS.md](https://github.com/kasmtech/KasmVNC/blob/master/ACKNOWLEDGEMENTS.md)
See the [LICENSE.TXT](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT) and [ACKNOWLEDGEMENTS.MD](https://github.com/kasmtech/KasmVNC/blob/master/LICENSE.TXT)

2
builder/build.sh
View File

@@ -139,8 +139,6 @@ if [ -d /usr/lib/x86_64-linux-gnu/dri ]; then
ln -s /usr/lib/x86_64-linux-gnu/dri dri
elif [ -d /usr/lib/aarch64-linux-gnu/dri ]; then
ln -s /usr/lib/aarch64-linux-gnu/dri dri
elif [ -d /usr/lib/arm-linux-gnueabihf/dri ]; then
ln -s /usr/lib/arm-linux-gnueabihf/dri dri
elif [ -d /usr/lib/xorg/modules/dri ]; then
ln -s /usr/lib/xorg/modules/dri dri
else

7
builder/dockerfile.alpine_320.apk.build
View File

@@ -1,7 +0,0 @@
FROM alpine:3.20
RUN apk add shadow bash
RUN useradd -m docker && echo "docker:docker" | chpasswd
USER docker

82
builder/dockerfile.alpine_320.build
View File

@@ -1,82 +0,0 @@
FROM alpine:3.20
ENV KASMVNC_BUILD_OS alpine
ENV KASMVNC_BUILD_OS_CODENAME 320
ENV XORG_VER 1.20.14
RUN \
echo "**** install build deps ****" && \
apk add \
alpine-release \
alpine-sdk \
autoconf \
automake \
bash \
ca-certificates \
cmake \
coreutils \
curl \
eudev-dev \
font-cursor-misc \
font-misc-misc \
font-util-dev \
git \
grep \
jq \
libdrm-dev \
libepoxy-dev \
libjpeg-turbo-dev \
libjpeg-turbo-static \
libpciaccess-dev \
libtool \
libwebp-dev \
libx11-dev \
libxau-dev \
libxcb-dev \
libxcursor-dev \
libxcvt-dev \
libxdmcp-dev \
libxext-dev \
libxfont2-dev \
libxkbfile-dev \
libxrandr-dev \
libxshmfence-dev \
libxtst-dev \
mesa-dev \
mesa-dri-gallium \
meson \
nettle-dev \
openssl-dev \
pixman-dev \
procps \
shadow \
tar \
tzdata \
wayland-dev \
wayland-protocols \
xcb-util-dev \
xcb-util-image-dev \
xcb-util-keysyms-dev \
xcb-util-renderutil-dev \
xcb-util-wm-dev \
xinit \
xkbcomp \
xkbcomp-dev \
xkeyboard-config \
xorgproto \
xorg-server-common \
xorg-server-dev \
xtrans
ENV SCRIPTS_DIR=/tmp/scripts
COPY builder/scripts $SCRIPTS_DIR
RUN $SCRIPTS_DIR/build-webp
RUN $SCRIPTS_DIR/build-libjpeg-turbo
RUN useradd -m docker && echo "docker:docker" | chpasswd
COPY --chown=docker:docker . /src/
USER docker
ENTRYPOINT ["/src/builder/build.sh"]

86
builder/dockerfile.fedora_forty.build
View File

@@ -1,86 +0,0 @@
FROM fedora:40
ENV KASMVNC_BUILD_OS fedora
ENV KASMVNC_BUILD_OS_CODENAME forty
ENV XORG_VER 1.20.14
RUN \
echo "**** install build deps ****" && \
dnf group install -y \
"C Development Tools and Libraries" \
"Development Tools" && \
dnf install -y \
autoconf \
automake \
bison \
byacc \
bzip2 \
cmake \
diffutils \
doxygen \
file \
flex \
fop \
gcc \
gcc-c++ \
git \
glibc-devel \
libdrm-devel \
libepoxy-devel \
libmd-devel \
libpciaccess-devel \
libtool \
libwebp-devel \
libX11-devel \
libXau-devel \
libxcb-devel \
libXcursor-devel \
libxcvt-devel \
libXdmcp-devel \
libXext-devel \
libXfont2-devel \
libxkbfile-devel \
libXrandr-devel \
libxshmfence-devel \
libXtst-devel \
mesa-libEGL-devel \
mesa-libgbm-devel \
mesa-libGL-devel \
meson \
mingw64-binutils \
mt-st \
nettle-devel \
openssl-devel \
patch \
pixman-devel \
wayland-devel \
wget \
which \
xcb-util-devel \
xcb-util-image-devel \
xcb-util-keysyms-devel \
xcb-util-renderutil-devel \
xcb-util-wm-devel \
xinit \
xkbcomp \
xkbcomp-devel \
xkeyboard-config \
xmlto \
xorg-x11-font-utils \
xorg-x11-proto-devel \
xorg-x11-server-common \
xorg-x11-server-devel \
xorg-x11-xtrans-devel \
xsltproc
ENV SCRIPTS_DIR=/tmp/scripts
COPY builder/scripts $SCRIPTS_DIR
RUN $SCRIPTS_DIR/build-webp
RUN $SCRIPTS_DIR/build-libjpeg-turbo
RUN useradd -m docker && echo "docker:docker" | chpasswd
COPY --chown=docker:docker . /src/
USER docker
ENTRYPOINT ["/src/builder/build.sh"]

13
builder/dockerfile.fedora_forty.rpm.build
View File

@@ -1,13 +0,0 @@
FROM fedora:40
RUN dnf install -y fedora-packager fedora-review
RUN dnf install -y tree vim less
RUN dnf install -y redhat-lsb-core
RUN dnf install -y dnf-plugins-core
COPY fedora/*.spec /tmp
RUN dnf builddep -y /tmp/*.spec
RUN useradd -m docker && echo "docker:docker" | chpasswd
USER docker

4
builder/dockerfile.oracle_9.rpm.build
View File

@@ -4,8 +4,8 @@ ENV KASMVNC_BUILD_OS oracle
ENV KASMVNC_BUILD_OS_CODENAME 9
RUN dnf config-manager --set-enabled ol9_codeready_builder
RUN dnf config-manager --nobest --set-enabled ol9_distro_builder
RUN dnf install --nobest -y \
RUN dnf config-manager --set-enabled ol9_distro_builder
RUN dnf install -y \
gpg* \
less \
redhat-lsb-core \

28
builder/dockerfile.ubuntu_noble.build
View File

@@ -1,28 +0,0 @@
FROM ubuntu:noble
ENV KASMVNC_BUILD_OS ubuntu
ENV KASMVNC_BUILD_OS_CODENAME noble
ENV XORG_VER 1.20.8
ENV DEBIAN_FRONTEND noninteractive
RUN sed -i 's$Types: deb$Types: deb deb-src$' /etc/apt/sources.list.d/ubuntu.sources
RUN apt-get update && \
apt-get -y install sudo
RUN apt-get update && apt-get install -y --no-install-recommends tzdata
RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget curl
RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
ENV SCRIPTS_DIR=/tmp/scripts
COPY builder/scripts $SCRIPTS_DIR
RUN $SCRIPTS_DIR/build-webp
RUN $SCRIPTS_DIR/build-libjpeg-turbo
RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
COPY --chown=docker:docker . /src/
USER docker
ENTRYPOINT ["/src/builder/build.sh"]

19
builder/dockerfile.ubuntu_noble.deb.build
View File

@@ -1,19 +0,0 @@
FROM ubuntu:noble
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && \
apt-get -y install vim build-essential devscripts equivs
# Install build-deps for the package.
COPY ./debian/control /tmp
RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control
ARG L_UID
RUN if [ "$L_UID" -eq 0 ]; then \
useradd -m docker; \
else \
useradd -m docker -u $L_UID;\
fi
USER docker

57
builder/dockerfile.ubuntu_noble.deb.test
View File

@@ -1,57 +0,0 @@
FROM ubuntu:noble
ENV DISPLAY=:1 \
VNC_PORT=8443 \
VNC_RESOLUTION=1280x720 \
MAX_FRAME_RATE=24 \
VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
HOME=/home/user \
TERM=xterm \
STARTUPDIR=/dockerstartup \
INST_SCRIPTS=/dockerstartup/install \
KASM_RX_HOME=/dockerstartup/kasmrx \
DEBIAN_FRONTEND=noninteractive \
VNC_COL_DEPTH=24 \
VNC_RESOLUTION=1280x1024 \
VNC_PW=vncpassword \
VNC_USER=user \
VNC_VIEW_ONLY_PW=vncviewonlypassword \
LD_LIBRARY_PATH=/usr/local/lib/ \
OMP_WAIT_POLICY=PASSIVE \
SHELL=/bin/bash \
SINGLE_APPLICATION=0 \
KASMVNC_BUILD_OS=ubuntu \
KASMVNC_BUILD_OS_CODENAME=noble
EXPOSE $VNC_PORT
WORKDIR $HOME
### REQUIRED STUFF ###
RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
RUN apt-get purge -y pm-utils xscreensaver*
RUN apt-get update && apt-get install -y vim less
RUN apt-get update && apt-get -y install lsb-release
RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
RUN mkdir -p $STARTUPDIR
COPY builder/startup/ $STARTUPDIR
### START CUSTOM STUFF ####
ARG KASMVNC_PACKAGE_DIR
COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp/
RUN rm -f /tmp/kasmvncserver_*+*.deb; dpkg -i /tmp/*.deb; apt-get -yf install
RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \
chmod +x ~/.vnc/xstartup
### END CUSTOM STUFF ###
RUN chown -R 1000:0 $HOME
USER 1000:ssl-cert
WORKDIR $HOME
ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]

51
builder/dockerfile.ubuntu_noble.test
View File

@@ -1,51 +0,0 @@
FROM ubuntu:noble
ENV DISPLAY=:1 \
VNC_PORT=8443 \
VNC_RESOLUTION=1280x720 \
MAX_FRAME_RATE=24 \
VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
HOME=/home/user \
TERM=xterm \
STARTUPDIR=/dockerstartup \
INST_SCRIPTS=/dockerstartup/install \
KASM_RX_HOME=/dockerstartup/kasmrx \
DEBIAN_FRONTEND=noninteractive \
VNC_COL_DEPTH=24 \
VNC_RESOLUTION=1280x1024 \
VNC_PW=vncpassword \
VNC_USER=user \
VNC_VIEW_ONLY_PW=vncviewonlypassword \
LD_LIBRARY_PATH=/usr/local/lib/ \
OMP_WAIT_POLICY=PASSIVE \
SHELL=/bin/bash \
SINGLE_APPLICATION=0 \
KASMVNC_BUILD_OS=ubuntu \
KASMVNC_BUILD_OS_CODENAME=noble
EXPOSE $VNC_PORT
WORKDIR $HOME
### REQUIRED STUFF ###
RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
RUN apt-get purge -y pm-utils xscreensaver*
RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
RUN mkdir -p $STARTUPDIR
COPY startup/ $STARTUPDIR
### START CUSTOM STUFF ####
COPY build/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz /tmp/
RUN tar -xzvf /tmp/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz --strip 1 -C /
### END CUSTOM STUFF ###
RUN chown -R 1000:0 $HOME
USER 1000
WORKDIR $HOME
ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]

11
centos/kasmvncserver.spec
View File

@@ -1,5 +1,5 @@
Name: kasmvncserver
Version: 1.3.3
Version: 1.3.1
Release: 1%{?dist}
Summary: VNC server accessible from a web browser
@@ -83,15 +83,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
%doc /usr/share/doc/kasmvncserver/README.md
%changelog
* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
- Allow disabling IP blacklist
- Downloads API for detailed file downloads information
* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
- Fixed memory leak in kasmproxy.
- Fixed mime types of downloads to ensure the browser interprets them as downloads.
* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
- Fix exception thrown on Firefox 124 and higher
- Fix artifacts on high resolution secondary screens

134
common/network/websocket.c
View File

@@ -18,7 +18,6 @@
#include <errno.h>
#include <string.h>
#include <dirent.h>
#include <inttypes.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
@@ -27,9 +26,6 @@
#include <arpa/inet.h>
#include <netdb.h>
#include <fcntl.h> // daemonizing
#include <pwd.h>
#include <grp.h>
#include <wordexp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/bio.h> /* base64 encode/decode */
@@ -786,10 +782,6 @@ static const char *name2mime(const char *name) {
goto def;
end++;
// Everything under Downloads/ should be treated as binary
if (strcasestr(name, "Downloads/"))
goto def;
#define CMP(s) if (!strncmp(end, s, sizeof(s) - 1))
CMP("htm")
@@ -925,12 +917,6 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
percent_decode(path, buf, 1);
// in case they percent-encoded dots
if (strstr(buf, "../")) {
handler_msg("Attempted dir traversal attack, rejecting\n");
goto nope;
}
handler_msg("Requested file '%s'\n", buf);
sprintf(fullpath, "%s/%s", settings.httpdir, buf);
@@ -947,15 +933,15 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
goto nope;
}
fseeko(f, 0, SEEK_END);
const uint64_t filesize = ftello(f);
fseek(f, 0, SEEK_END);
const uint64_t filesize = ftell(f);
rewind(f);
sprintf(buf, "HTTP/1.1 200 OK\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: %s\r\n"
"Content-length: %" PRIu64 "\r\n"
"Content-length: %lu\r\n"
"%s"
"\r\n",
name2mime(path), filesize, extra_headers ? extra_headers : "");
@@ -1032,20 +1018,6 @@ static void send403(ws_ctx_t *ws_ctx, const char * const origip, const char * co
weblog(403, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(buf));
}
static void send400(ws_ctx_t *ws_ctx, const char * const origip, const char * const ip,
const char *info) {
char buf[4096];
sprintf(buf, "HTTP/1.1 400 Bad Request\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"%s"
"\r\n"
"400 Bad Request%s", extra_headers ? extra_headers : "", info);
ws_send(ws_ctx, buf, strlen(buf));
weblog(400, wsthread_handler_id, 0, origip, ip, "-", 1, "-", strlen(buf));
}
static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * const user,
const char * const ip, const char * const origip) {
char buf[4096], path[4096];
@@ -1639,103 +1611,6 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
ws_send(ws_ctx, buf, strlen(buf));
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
ret = 1;
} else entry("/api/downloads") {
char subpath[PATH_MAX] = "", startpath[PATH_MAX] = "~/Downloads", allpath[PATH_MAX];
param = parse_get(args, "path", &len);
if (len) {
memcpy(buf, param, len);
buf[len] = '\0';
percent_decode(buf, subpath, 0);
if (strstr(subpath, "../")) {
handler_msg("Attempted directory traversal in /api/downloads\n");
goto nope;
}
}
wordexp_t wexp;
if (!wordexp(startpath, &wexp, WRDE_NOCMD))
strcpy(startpath, wexp.we_wordv[0]);
else
goto nope;
wordfree(&wexp);
snprintf(allpath, PATH_MAX, "%s/%s", startpath, subpath);
allpath[PATH_MAX - 1] = '\0';
DIR *dir = opendir(allpath);
if (!dir) {
handler_msg("Requested dir does not exist\n");
goto nope;
}
sprintf(buf, "HTTP/1.1 200 OK\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/json\r\n"
"%s"
"\r\n", extra_headers ? extra_headers : "");
ws_send(ws_ctx, buf, strlen(buf));
len = 15;
ws_send(ws_ctx, "{ \"files\": [\n", 13);
struct dirent *ent;
unsigned char sent = 0;
while ((ent = readdir(dir))) {
if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, ".."))
continue;
sprintf(path, "%s/%s", allpath, ent->d_name);
struct stat st;
if (lstat(path, &st))
continue;
char own[LOGIN_NAME_MAX], grp[LOGIN_NAME_MAX], perms[32];
sprintf(perms, "%03o", st.st_mode & 0777);
struct passwd pwdt, *pwdptr;
if (getpwuid_r(st.st_uid, &pwdt, buf, sizeof(buf), &pwdptr)) {
sprintf(own, "(unknown uid %u)", st.st_uid);
} else {
strcpy(own, pwdt.pw_name);
}
struct group grpt, *grpptr;
if (getgrgid_r(st.st_gid, &grpt, buf, sizeof(buf), &grpptr)) {
sprintf(grp, "(unknown gid %u)", st.st_gid);
} else {
strcpy(grp, grpt.gr_name);
}
sprintf(buf, "%s{ \"filename\": \"%s\", "
"\"date_modified\": %lu, "
"\"date_created\": %lu, "
"\"is_dir\": %s, "
"\"size\": %lu, "
"\"owner\": \"%s\", "
"\"group\": \"%s\", "
"\"perms\": \"%s\" }",
sent ? ",\n" : "",
ent->d_name,
st.st_mtime,
st.st_ctime,
S_ISDIR(st.st_mode) ? "true" : "false",
S_ISDIR(st.st_mode) ? 0 : st.st_size,
own,
grp,
perms);
sent = 1;
ws_send(ws_ctx, buf, strlen(buf));
len += strlen(buf);
}
ws_send(ws_ctx, "]}", 2);
closedir(dir);
weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, len);
ret = 1;
}
@@ -1769,7 +1644,7 @@ timeout:
}
ws_ctx_t *do_handshake(int sock, char * const ip) {
char handshake[16 * 1024], response[4096], sha1[29], trailer[17];
char handshake[4096], response[4096], sha1[29], trailer[17];
char *scheme, *pre;
headers_t *headers;
int len, i, offset;
@@ -1826,7 +1701,6 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
break;
} else if (sizeof(handshake) <= (size_t)(offset + 1)) {
handler_emsg("Oversized handshake\n");
send400(ws_ctx, "-", ip, ", too large");
free_ws_ctx(ws_ctx);
return NULL;
} else if (9 == i) {

3
common/rfb/Blacklist.cxx
View File

@@ -42,9 +42,6 @@ Blacklist::~Blacklist() {
}
bool Blacklist::isBlackmarked(const char* name) {
if (!threshold)
return false;
BlacklistMap::iterator i = blm.find(name);
if (i == blm.end()) {
// Entry is not already black-marked.

17
debian/changelog vendored
View File

@@ -1,20 +1,3 @@
kasmvnc (1.3.3-1) unstable; urgency=medium
* Allow disabling IP blacklist
* Downloads API for detailed file downloads information
-- Kasm Technologies LLC <info@kasmweb.com> Fri, 25 Oct 2024 11:23:00 +0000
kasmvnc (1.3.2-1) unstable; urgency=medium
* Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
* Fixed CVE-2024-38449, directory traversal bug in built-in web server.
* Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
* Fixed memory leak in kasmproxy.
* Fixed mime types of downloads to ensure the browser interprets them as downloads.
-- Kasm Technologies LLC <info@kasmweb.com> Tue, 24 Sep 2024 11:23:00 +0000
kasmvnc (1.3.1-1) unstable; urgency=medium
* Fix exception thrown on Firefox 124 and higher

11
fedora/kasmvncserver.spec
View File

@@ -1,5 +1,5 @@
Name: kasmvncserver
Version: 1.3.3
Version: 1.3.1
Release: 1%{?dist}
Summary: VNC server accessible from a web browser
@@ -83,15 +83,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
%doc /usr/share/doc/kasmvncserver/README.md
%changelog
* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
- Allow disabling IP blacklist
- Downloads API for detailed file downloads information
* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
- Fixed memory leak in kasmproxy.
- Fixed mime types of downloads to ensure the browser interprets them as downloads.
* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
- Fix exception thrown on Firefox 124 and higher
- Fix artifacts on high resolution secondary screens

2
kasmweb

Submodule kasmweb updated: bce2d6a704...3891addf9c

11
opensuse/kasmvncserver.spec
View File

@@ -1,5 +1,5 @@
Name: kasmvncserver
Version: 1.3.3
Version: 1.3.1
Release: leap15
Summary: VNC server accessible from a web browser
@@ -81,15 +81,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
%doc /usr/share/doc/kasmvncserver/README.md
%changelog
* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
- Allow disabling IP blacklist
- Downloads API for detailed file downloads information
* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
- Fixed memory leak in kasmproxy.
- Fixed mime types of downloads to ensure the browser interprets them as downloads.
* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
- Fix exception thrown on Firefox 124 and higher
- Fix artifacts on high resolution secondary screens

11
oracle/kasmvncserver.spec
View File

@@ -1,5 +1,5 @@
Name: kasmvncserver
Version: 1.3.3
Version: 1.3.1
Release: 1%{?dist}
Summary: VNC server accessible from a web browser
@@ -82,15 +82,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
%doc /usr/share/doc/kasmvncserver/README.md
%changelog
* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
- Allow disabling IP blacklist
- Downloads API for detailed file downloads information
* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
- Fixed memory leak in kasmproxy.
- Fixed mime types of downloads to ensure the browser interprets them as downloads.
* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
- Fix exception thrown on Firefox 124 and higher
- Fix artifacts on high resolution secondary screens

11
oracle/kasmvncserver9.spec
View File

@@ -1,5 +1,5 @@
Name: kasmvncserver
Version: 1.3.3
Version: 1.3.1
Release: 1%{?dist}
Summary: VNC server accessible from a web browser
@@ -82,15 +82,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
%doc /usr/share/doc/kasmvncserver/README.md
%changelog
* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
- Allow disabling IP blacklist
- Downloads API for detailed file downloads information
* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
- Fixed memory leak in kasmproxy.
- Fixed mime types of downloads to ensure the browser interprets them as downloads.
* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
- Fix exception thrown on Firefox 124 and higher
- Fix artifacts on high resolution secondary screens

2
unix/kasmxproxy/kasmxproxy.c
View File

@@ -520,8 +520,6 @@ int main(int argc, char **argv) {
cursorhash = newhash;
}
XFree(cursor);
usleep(sleeptime);
}

2
unix/xserver/hw/vnc/Xvnc.man
View File

@@ -478,7 +478,7 @@ See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
.TP
.B \-BlacklistThreshold \fIcount\fP
The number of unauthenticated connection attempts allowed from any individual
host before that host is black-listed. Default is 5. Set to 0 to disable.
host before that host is black-listed. Default is 5.
.
.TP
.B \-BlacklistTimeout \fIseconds\fP

70
unix/xserver/hw/vnc/dri3.c
View File

@@ -55,12 +55,9 @@ typedef struct gbm_pixmap gbm_pixmap;
static DevPrivateKeyRec dri3_pixmap_private_key;
static struct timeval start;
struct texpixmap {
PixmapPtr pixmap;
struct xorg_list entry;
};
static struct xorg_list texpixmaps;
#define MAX_TEXPIXMAPS 32
static PixmapPtr texpixmaps[MAX_TEXPIXMAPS];
static uint32_t num_texpixmaps;
static CARD32 update_texpixmaps(OsTimerPtr timer, CARD32 time, void *arg);
static OsTimerPtr texpixmaptimer;
@@ -113,21 +110,25 @@ static gbm_pixmap *gbm_pixmap_get(PixmapPtr pixmap)
static void add_texpixmap(PixmapPtr pix)
{
struct texpixmap *ptr;
xorg_list_for_each_entry(ptr, &texpixmaps, entry) {
if (ptr->pixmap == pix)
uint32_t i;
for (i = 0; i < MAX_TEXPIXMAPS; i++) {
if (texpixmaps[i] == pix)
return;
}
ptr = calloc(1, sizeof(struct texpixmap));
ptr->pixmap = pix;
pix->refcnt++;
xorg_list_append(&ptr->entry, &texpixmaps);
for (i = 0; i < MAX_TEXPIXMAPS; i++) {
if (!texpixmaps[i]) {
texpixmaps[i] = pix;
pix->refcnt++;
num_texpixmaps++;
// start if not running
if (!texpixmaptimer)
texpixmaptimer = TimerSet(NULL, 0, 16, update_texpixmaps, NULL);
return;
}
}
// start if not running
if (!texpixmaptimer)
texpixmaptimer = TimerSet(NULL, 0, 16, update_texpixmaps, NULL);
ErrorF("Max number of texpixmaps reached\n");
}
static PixmapPtr
@@ -312,41 +313,38 @@ void xvnc_sync_dri3_textures(void)
// This is called both from the global damage report and the timer,
// to account for cases that do not use the damage report.
uint32_t y;
uint32_t i, y;
gbm_pixmap *gp;
uint8_t *src, *dst;
uint32_t srcstride, dststride;
void *opaque = NULL;
struct texpixmap *ptr, *tmpptr;
// We may not be running on hw if there's a compositor using PRESENT on llvmpipe
if (!driNode)
return;
xorg_list_for_each_entry_safe(ptr, tmpptr, &texpixmaps, entry) {
if (ptr->pixmap->refcnt == 1) {
for (i = 0; i < MAX_TEXPIXMAPS; i++) {
if (!texpixmaps[i])
continue;
if (texpixmaps[i]->refcnt == 1) {
// We are the only user left, delete it
ptr->pixmap->drawable.pScreen->DestroyPixmap(ptr->pixmap);
xorg_list_del(&ptr->entry);
free(ptr);
texpixmaps[i]->drawable.pScreen->DestroyPixmap(texpixmaps[i]);
texpixmaps[i] = NULL;
num_texpixmaps--;
continue;
}
gp = gbm_pixmap_get(ptr->pixmap);
gp = gbm_pixmap_get(texpixmaps[i]);
opaque = NULL;
dst = gbm_bo_map(gp->bo, 0, 0,
ptr->pixmap->drawable.width,
ptr->pixmap->drawable.height,
texpixmaps[i]->drawable.width,
texpixmaps[i]->drawable.height,
GBM_BO_TRANSFER_WRITE, &dststride, &opaque);
if (!dst) {
ErrorF("gbm map failed, errno %d\n", errno);
continue;
}
srcstride = ptr->pixmap->devKind;
src = ptr->pixmap->devPrivate.ptr;
srcstride = texpixmaps[i]->devKind;
src = texpixmaps[i]->devPrivate.ptr;
for (y = 0; y < ptr->pixmap->drawable.height; y++) {
for (y = 0; y < texpixmaps[i]->drawable.height; y++) {
memcpy(dst, src, srcstride);
dst += dststride;
src += srcstride;
@@ -360,7 +358,7 @@ static CARD32 update_texpixmaps(OsTimerPtr timer, CARD32 time, void *arg)
{
xvnc_sync_dri3_textures();
if (xorg_list_is_empty(&texpixmaps)) {
if (!num_texpixmaps) {
TimerFree(texpixmaptimer);
texpixmaptimer = NULL;
return 0;
@@ -389,8 +387,6 @@ void xvnc_init_dri3(void)
if (!priv.gbm)
FatalError("Failed to create gbm\n");
xorg_list_init(&texpixmaps);
if (!dri3_screen_init(screenInfo.screens[0], &xvnc_dri3_info))
FatalError("Couldn't init dri3\n");
}

2
unix/xserver/hw/vnc/xvnc.c
View File

@@ -96,7 +96,7 @@ from the X Consortium.
#include "version-config.h"
#include "site.h"
#define XVNCVERSION "KasmVNC 1.3.3"
#define XVNCVERSION "KasmVNC 1.3.1"
#define XVNCCOPYRIGHT ("Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)\n" \
"See http://kasmweb.com for information on KasmVNC.\n")