Skip to content

Releases: neutrinolabs/xrdp

xrdp v0.9.23

31 Aug 05:54
v0.9.23
4c3dd94
Compare
Choose a tag to compare

Release notes for xrdp v0.9.23 (2023/08/31)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

Bug fixes

  • Environment variables set by PAM modules are no longer restricted to around 250 characters (#2712)
  • X11 clipboard clients now no longer hang when requesting a clipboard format which isn't available (#2767)

New features

No new features in this release.

Internal changes

  • Introduce release tarball generation script (#2703)
  • cppcheck version used for CI bumped to 2.11 (#2738)

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.9.22.1

23 May 01:05
v0.9.22.1
b26ca93
Compare
Choose a tag to compare

Release notes for xrdp v0.9.22.1 (2023/05/23)

This release is just a re-packing of source code tarball since v0.9.22 tarball includes invalid source code (#2687).

See v0.9.22 release note for functional changes since v0.9.22.1 is what v0.9.22 should be.

Thanks to @morgancoxuk and @bsmojver for reporting and testing!

References

xrdp v0.9.22

07 May 06:55
v0.9.22
71594b5
Compare
Choose a tag to compare

Release notes for xrdp v0.9.22 (2023/05/07)

NOTICE: This version unintentionally includes old source code. Use v0.9.22.1 instead.

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

No security fixes in this release.

New features

  • Empty passwords are no longer automatically passed through to sesman for authentication (#2509)
  • Don't try to listen on the scard socket if it isn't there (#2507)
  • The directory where PAM configuration files are installed can now be set with --with-pamconfdir (#2552 #2557 #2566)
  • Sesman can now be configured to ignore alternate shells passed from the client (#2634)
  • Allow longer UserWindowManager strings (#2653)

Bug fixes

  • Minor documentation fixes (#2508 #2582)
  • Memory management fixes to list module (#2548 #2577)
  • Fix some noise when MP3/AAC are in use and some logging improvements (#2519 #2537 #2554)
  • Fix potential NULL dereferences in chansrv (#2574)
  • An erroneous free in the smartcard handling code has been removed (#2611)
  • An unnecessary 'check.h' include was removed which prevented compilation on Arch systems (#2650)

Internal changes

  • cppcheck version used for CI bumped to 2.10 (#2521)
  • g_malloc, g_free, g_memset, and g_memcpy are now macros. These should not be used in new code (#2612)
  • FreeBSD CI now runs on FreeBSD 12.4 (#2622)

Changes for packagers or developers

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.9.21.1

13 Dec 09:16
v0.9.21.1
d459047
Compare
Choose a tag to compare

Release notes for xrdp v0.9.21.1 (2022/12/13)

This release only includes following fix for packagers. Packagers try to build xrdp on distributions other than Arch Linux, Debian, SUSE, Red Hat(ish), FreeBSD and macOS may be required to use this release.

Changes for packagers or developers

  • Add missing xrdp-sesman.system to distributed tarball (#2466 #2468)

xrdp v0.9.21

10 Dec 12:35
v0.9.21
83a4d55
Compare
Choose a tag to compare

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.

New features

  • openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
  • VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

  • Passwords are no longer left on the heap in sesman (#1599 #2439)
  • Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

  • CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.9.20

15 Sep 06:01
v0.9.20
e101d6b
Compare
Choose a tag to compare

Release notes for xrdp v0.9.20 (2022/09/15)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

New features

  • Mitigation for too fast vertical scroll has been implemented. This is actually not a new feature of xrdp so see also xorgxrdp v0.9.19 release note.

Bug fixes

  • Windows RDS compatibility has been improved, so some old clients (e.g. Wyse Sx0) can now be used again with xrdp in non-TLS mode (#2273)
  • Update xrdpapi simple example to work with new logging (#2276)
  • sesman: fix spacing in log (#2282)
  • Fix MSTSC crashes when resolution is changed by maximizing on a different monitor (#2292 #1928)
  • Mark count with unused attribute (#2353)
  • Simple maintenance improvements (#2354)

Internal changes

  • FreeBSD version for CI bumped to 12-3 (#2226)
  • cppcheck version used for CI bumped to 2.9 (#2351)

Changes for packagers or developers

Nothing this time.

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.9.19

17 Mar 06:50
v0.9.19
Compare
Choose a tag to compare

Release notes for xrdp v0.9.19 (2022/03/17)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

New features

Bug fixes

  • CVE-2022-23613: Privilege escalation on xrdp-sesman (This fix is also in the out-of-band v0.9.18.1 release)
  • The versions of imlib2 used on RHEL 7 and 8 are now detected correctly (#2118)
  • Some situations where zombie processes could exist have been resolved (#2146, #2151, #2168)
  • Some null-pointer exceptions which can happen in the logging module have been addressed (#2149)
  • Some minor logging errors have been corrected (#2152)
  • The signal handling in sesman has been reworked to prevent race conditions when a child exits. This has also made it possible to reliably reload the sesman configuration with SIGHUP (#1729, #2168)

Internal changes

  • Versions 0.13 and later of checklib can undefine the pre-processor symbol HAVE_STDINT_H. The xrdp tests now build successfully against these versions (#2124)
  • OpenSSL packaging changes (#2130):-
    • The OpenSSL 3 EVP interface is now fully supported
    • When building against OpenSSL 3, an internal implementation of the RC4 cipher is used instead of the implementation from the OpenSSL legacy provider
    • The wrapping of the OpenSSL library has been improved which should make it simpler to provide an alternative cryptographic provider in the future, if required
    • The logging of TLS/non-TLS security negotiation has been improved
  • cppcheck version used for CI bumped to 2.7 (#2140)
  • The s_check() macro which is easily mis-used has been removed (#2144)
  • Status values for the DRDYNVC channel are now available in libxrdp/xrdp_channel.h

Changes for packagers or developers

  • On OpenSSL 3 systems, there is now no need to build with the -Wno-error=deprecated-declarations flag

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.9.18.1

08 Feb 02:13
v0.9.18.1
7e61945
Compare
Choose a tag to compare

Release notes for xrdp v0.9.18.1 (2022/02/08)

This is a security fix release that includes fixes for the following privilege escalation vulnerability.

Users who uses xrdp v0.9.17 or v0.9.18 are recommended to update to this version.

Special thanks

Thanks to Gilad Kleinman (@giladkl) reporting the vulnerability and reviewing fix.

xrdp v0.9.18

11 Jan 02:59
v0.9.18
d76732b
Compare
Choose a tag to compare

Release notes for xrdp v0.9.18 (2022/01/10)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
  • Special thanks for @trishume for contributing code to the RFX codec

New features

  • Backgrounds and logos on the login screen can now be zoomed and scaled (#1962)
  • Small change for Alpine Linux support (#2005)
  • loongarch support (#2057)
  • Improved Fail2ban support (#1976)

Bug fixes

  • Logging is improved for security protocol level decisions (#1974, #1975)
  • An unnecessary log error message which is always generated when running neutrinordp has been removed (#2016)
  • An incorrect development log message has been fixed (#2074)
  • Some informational and error messages written to the console on stdout have been removed or replaced with log messages (#2078 #2080)
  • Failure to attach to the memory area shared with xorgxrdp is now logged (#2065)
  • A regression in the VNC module logging which might cause a connection to drop out has been identified and fixed (#1989)
  • Remote drive redirection now works if printer redirection is also requested by the client (#327)
  • Some file names could not be copied from the client to the server over the clipboard. This is now fixed (#1992, #1995)
  • A config value has been added which allows copy-pasting of files to work with Nautilus for GNOME 3 versions >= 3.29.92 (#1994, #1996)
  • Clipboard now works properly when files can't be read (#1997 #2001)
  • (xorgxrdp v0.2.18) The screen is fully refreshed after initialising shared memory which should fix black screen problems like #1964
  • An incorrect initialisation reported by @qarmin has been fixed (#1909)
  • Some minor memory leaks have been fixed (#2014 #2028)
  • A hard hang in chansrv when copying files from the remote system has been addressed (#2032)
  • Users can now capitalise username and password on the login screen if required (#2061)
  • Some failed size checks in the fastpath code with --enable-devel-streamcheck have been addressed (#2066,#2070)
  • Log level for clipboard restriction has been promoted from DEVEL DEBUG to INFO (#2088)
  • A buffer overflow in the RFX codec associated with large screens has been fixed (#2087)

Internal changes

  • Some 64-bit packages are removed during the 32-bit CI build process in an attempt to make this more robust (#1985)
  • Minor improvements to error checking and logging for file copy-paste (#1996)
  • Now uses cppcheck 2.6 for CI builds (#2008)
  • Generated systemd unit files now ignored by git (#2006)
  • More internal tests (#2015)
  • Some unnecessary files have been removed from the distribution (#2030)
  • The which command in shell scripts has been replaced with command -v (#2067)
  • Additional unit tests added for g_file_get_size() (#1988)
  • A compiler warning with -O3 on gcc 11.1 has been addressed (#2105)
  • An unused declaration for xrdp_wm_drdynvc_up has been removed (#2098)
  • The SCP V0 code has been unified, which will make it easier to update and replace (#2011)
  • Monitor processing unit tests for existing xrdp_sec function have been added (#1932)
  • The librfxcodec has been updated as part of #2087, and also to add stack frames to assemble code to assist debugging

Changes for packagers or developers

  • The --with-imlib2 option has been added. If xrdp is built with imlib2, the login screen supports more image formats for the background and logo, and better quality zooming and scaling (#1962)

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.9.17

01 Sep 01:42
v0.9.17
5808832
Compare
Choose a tag to compare

Release notes for xrdp v0.9.17 (2021/08/31)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

New features

  • The IP address, port, and user name of NeutrinoRDP Proxy connection are logged in xrdp.log - these connections may not have a sesman log to use (#1873)
  • The performance settings for NeutrinoRDP can be now configured (#1903)
  • Support for Alpine Linux in startwm.sh (#1965)
  • clipboard: log file transfer for the purpose of audit (#1954)
  • Client's Keyboard layout now can be overridden by xrdp configuration for debugging purposes (#1952)

Bug fixes

  • PAM_USER environment variable is not set when using pam_exec module (#1882)
  • Allow common channel settings to be overridden for modules as well as chansrv (#1899)
  • The text only-copy/paste interface for the VNC module (used only when chansrv is not active) has been improved (#1900)
  • The unsupported tcutils utility has been removed (#1943)
  • The quality of TLS logging has been improved (#1926)
  • Keyboard information is now passed correctly through NeuutrinoRDP, and can be overridden if required (#1934)
  • A message is now logged in the sesman log for unsuccessful login attempts detailing the user used (#1947)

Internal changes

  • astyle formatting is now checked during CI builds (#1879)
  • Generalise development build options, and add --enable-devel-streamcheck (#1887)
  • Now uses cppcheck 2.5 for CI builds (#1938)
  • The SCP protocol is now using a standard struct trans for messaging rather than its own thing (#1925)

Changes for packagers or developers

  • The --enable-xrdpdebug developer option has been replaced with finer-grained --enable-devel-* options. Consequently, specifying --enable-xrdpdebug is now an error (#1913)

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)