diff --git a/ChangeLog b/ChangeLog index 1e98eabe3..7e56cadf6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,401 +1,39 @@ -# 2020-07-20 Version 2.2.0 +# 2023-07-21 Version 3.0.0-beta1 -Important notes: -* CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel +We are pleased to announce the first beta release for the next stable 3.0 +series of FreeRDP. It has been a huge endeavour to implement all the new +shiny bells and whistles as well as clean up the code base and we´re still +ironing out some smaller glitches. +This is the first API breaking change since the 2.0 series and there are +some adjustments to be made for existing applications. +See https://github.com/FreeRDP/FreeRDP/wiki/FreeRDP3-migration-notes for +help (still incomplete) -Noteworty changes: -* fix: memory leak in nsc -* urbdrc - * some fixes and improvements -* build - * use cmake to detect getlogin_r - * improve asan checks/detection -* server/proxy - * new: support for heartbeats - * new: support for rail handshake ex flags - * fix: possible race condition with redirects - -Fixed issues: -* #6263 Sound & mic - filter GSM codec for microphone redirection -* #6335: windows client title length -* #6370 - "Alternate Secondary Drawing Order UNKNOWN" -* #6298 - remoteapp with dialog is disconnecting when it loses focus -* #6299 - v2.1.2: Can't connect to Windows7 +Noteworthy changes: +* Support for AAD/AVD authentication +* Support for websocket transport +* Support smartcard authentication (TLS and NLA) +* Full smartcard emulation support (login with certificate + key) +* Rewritten proxy, new module API +* New reference client based on SDL2 (work in progress) +* Rewritten logging, now parsing issues are all writing to the log so + that issues with protocol incompatibilities can be easier analyzed + by just turning on logging +* Full OpenSSL 3 support +* Internal implementations for RC4, MD4 and MD5 (required for non critical + parts in RDP but not part of more recend SSL libraries) +* Updated RDP protocol support +* Improved xfreerdp remote app support +* Reworked internal state machine for both client and server implementations +* Server implementations can now make use of connect-time network autodetection +* Improved clipboard handling, now also support server-to-client file transfer + (currently xfreerdp only) +* EnhancedRemoteApp support: Utilizing the more modern standard allows remote + apps with less glitches and window shadows +* Added client- and server-side handling for RDSTLS +* Support for the graphics redirection channel For a complete and detailed change log since the last release run: -git log 2.1.2..2.2.0 +git log 3.0.0-beta1..2.10.0 -# 2020-06-22 Version 2.1.2 - -Important notes: -* CVE-2020-4033 Out of bound read in RLEDECOMPRESS -* CVE-2020-4031 Use-After-Free in gdi_SelectObject -* CVE-2020-4032 Integer casting vulnerability in `update_recv_secondary_order` -* CVE-2020-4030 OOB read in `TrioParse` -* CVE-2020-11099 OOB Read in license_read_new_or_upgrade_license_packet -* CVE-2020-11098 Out-of-bound read in glyph_cache_put -* CVE-2020-11097 OOB read in ntlm_av_pair_get -* CVE-2020-11095 Global OOB read in update_recv_primary_order -* CVE-2020-11096 Global OOB read in update_read_cache_bitmap_v3_order -* Gateway RPC fixes for windows -* Fixed resource fee race resulting in double free in USB redirection -* Fixed wayland client crashes -* Fixed X11 client mouse mapping issues (X11 mapping on/off) -* Some proxy related improvements (capture module) -* Code cleanup (use getlogin_r, ...) - -For a complete and detailed change log since the last release candidate run: -git log 2.1.1..2.1.2 - - -# 2020-05-20 Version 2.1.1 - -Important notes: -* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage -* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value -* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common -* Enforce synchronous legacy RDP encryption count (#6156) -* Fixed some leaks and crashes missed in 2.1.0 -* Removed dynamic channel listener limits -* Lots of resource cleanup fixes (clang sanitizers) -* A couple of performance improvements -* Various small annoyances eliminated (typos, prefilled username for windows client, ...) - - -For a complete and detailed change log since the last release candidate run: -git log 2.1.0..2.1.1 - - -# 2020-05-05 Version 2.1.0 - -Important notes: - -* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, - CVE-2020-11019, CVE-2020-11017, CVE-2020-11018 -* fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077) - -Noteworthy features and improvements: -* Fixed sound issues (#6043) -* New expert command line options /tune and /tune-list to modify all client - settings in a generic way. -* Fixes for smartcard cache, this improves compatibility of smartcard devices - with newer smartcard channel. -* Shadow server can now be instructed to listen to multiple interfaces. -* Improved server certificate support (#6052) -* Various fixes for wayland client (fullscreen, mouse wheel, ...) -* Fixed large mouse pointer support, now mouse pointers > 96x96 pixel are visible. -* USB redirection command line improvements (filter options) -* Various translation improvements for android and ios clients - -For a complete and detailed change log since the last release candidate run: -git log 2.0.0..2.1.0 - - -# 2020-04-09 Version 2.0.0 - -Important notes: - -* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 -* fix multiple other security related issues (#6005, #6006, #6007, #6008, #6009, #6010, #6011, #6012, #6013) -* sha256 is now used instead of sha1 to fingerprint certificates. This will - invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a - new connection is established after the update - -Noteworthy features and improvements: - -* First version of the RDP proxy was added (#5372) - thanks to @kubistika -* Smartcard received some refactoring. Missing functions were added and input - validation was improved (#5884) -* A new option /cert that unifies all certificate related options (#5880) - The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still - available but marked as deprecated -* Support for Remote Assistance Protocol Version 2 [MS-RA] -* The DirectFB client was removed because it was unmaintained -* Unified initialization of OrderSupport -* Fix for licensing against Windows Server 2003 -* Font smoothing is now enabled per default -* Flatpack support was added -* Smart scaling for Wayland using libcairo was added (#5215) -* Unified update->BeginPaint and update->EndPaint -* An image scaling API for software drawing was added -* Rail was updated to the latest spec version 28.0 -* Support for H.264 in the shadow server is now detected at runtime -* Add mask= option for /gfx and /gfx-h264 (#5771) -* Code reformatting (#5667) -* A new option /timeout was added to adjust the TCP ACK timeout (#5987) - -For a complete and detailed change log since the last release candidate run: -git log 2.0.0-rc4..2.0.0 - - -# 2018-11-19 Version 2.0.0-rc4 - -FreeRDP 2.0.0-rc4 is the fifth release candidate for 2.0.0. Although it mainly -addresses security and stability there are some new features as well. - -Noteworthy features and improvements: - -* fix multiple reported CVEs (#5031) -* gateway: multiple fixes and improvements (#3600, #4787, #4902, #4964, #4947, - #4952, #4938) -* client/X11: support for rail (remote app) icons was added (#5012) -* licensing: the licensing code was re-worked. Per-device licenses - are now saved on the client and used on re-connect. - WARNING: this is a change in FreeRDP behavior regarding licensing. If the old - behavior is required, or no licenses should be saved use the - new command line option +old-license (#4979) -* improve order handling - only orders that were enabled - during capability exchange are accepted (#4926). - WARNING and NOTE: some servers do improperly send orders that weren't negotiated, - for such cases the new command line option /relax-order-checks was added to - disable the strict order checking. If connecting to xrdp the options - /relax-order-checks *and* +glyph-cache are required. -* /smartcard has now support for substring filters (#4840) - for details see https://github.com/FreeRDP/FreeRDP/wiki/smartcard-logon -* add support to set tls security level (for openssl >= 1.1.0) - - default level is set to 1 - - the new command line option /tls-seclevel:[LEVEL] allows to set - a different level if required -* add new command line option /smartcard-logon to allow - smartcard login (currently only with RDP security) (#4842) -* new command line option: /window-position to allow positioning - the window on startup (#5018) -* client/X11: set window title before mapping (#5023) -* rdpsnd/audin (mostly server side) add support for audio re-sampling using soxr or ffmpeg -* client/Android: add Japanese translation (#4906) -* client/Android: add Korean translation (#5029) - -For a complete and detailed change log since the last release candidate run: -git log 2.0.0-rc3..2.0.0-rc4 - - -# 2018-08-01 Version 2.0.0-rc3 - -FreeRDP 2.0.0-rc3 is the fourth release candidate for 2.0.0. -For a complete and detailed change log since the last release candidate run: -git log 2.0.0-rc2..2.0.0-rc3 - -Noteworthy features and improvements: - -* Updated and improved sound and microphone redirection format support (AAC) -* Improved reliability of reconnect and redirection support -* Fixed memory leaks with +async-update -* Improved connection error reporting -* Improved gateway support (various fixes for HTTP and RDG) -* SOCKS proxy support (all clients) -* More reliable resolution switching with /dynamic-resolution (MS-RDPEVOR) (xfreerdp) - -Fixed github issues (excerpt): - -* #1924, #4132, #4511 Fixed redirection -* #4165 AAC and MP3 codec support for sound and microphone redirection -* #4222 Gateway connections prefer IP to hostname -* #4550 Fixed issues with +async-update -* #4634 Comment support in known_hosts file -* #4684 /drive and +drives don't work togehter -* #4735 Automatically reconnect if connection timed out waiting for user interaction - -See https://github.com/FreeRDP/FreeRDP/milestone/9 for a complete list. - - -# 2017-11-28 Version 2.0.0-rc2 - -FreeRDP 2.0.0-rc2 is the third release candidate for 2.0.0. -For a complete and detailed change log since the last release candidate run: -git log 2.0.0-rc1..2.0.0-rc2 - -Noteworthy features and improvements: - -* IMPORTANT: add support CredSSP v6 - this fixes KB4088776 see #4449, #4488 -* basic support for the "Video Optimized Remoting Virtual Channel Extension" (MS-RDPEVOR) was added -* many smart card related fixes and cleanups #4312 -* fix ccache support -* fix OpenSSL 1.1.0 detection on Windows -* fix IPv6 handling on Windows -* add support for memory and thread sanitizer -* support for dynamic resloution changes was added in xfreerdp #4313 -* support for gateway access token (command line option /gat) was added -* initial support for travis-ci.org was added -* SSE optimization version of RGB to AVC444 frame split was added -* build: -msse2/-msse3 are not enabled globally anymore - -Fixed github issues (excerpt): - -* #4227 Convert settings->Password to binary blob -* #4231 freerdp-2.0.0_rc0: 5 tests failed out of 184 on ppc -* #4276 Big endian fixes -* #4291 xfreerdp “Segmentation fault” when connecting to freerdp-shadow-cli -* #4293 [X11] shadow server memory corruption with /monitors:2 #4293 -* #4296 drive redirection - raise an error if the directory can't be founde -* #4306 Cannot connect to shadow server with NLA auth: SEC_E_OUT_OF_SEQUENCE -* #4447 Apple rpath namespace fixes -* #4457 Fix /size: /w: /h: with /monitors: (Fix custom sizes) -* #4527 pre-connection blob (pcb) support in .rdp files -* #4552 Fix Windows 10 cursors drawing as black -* smartcard related: #3521, #3431, #3474, #3488, #775, #1424 - -See https://github.com/FreeRDP/FreeRDP/milestone/8 for a complete list. - - -# 2017-11-28 Version 2.0.0-rc1 - -FreeRDP 2.0.0-rc1 is the second release candidate for 2.0.0. -For a complete and detailed change log since the last release candidate run: -git log 2.0.0-rc0..master - -Noteworthy features and improvements: - -* support for FIPS mode was added (option +fipsmode) -* initial client side kerberos support (run cmake with WITH_GSSAPI) -* support for ssh-agent redirection (as rdp channel) -* the man page(s) and /help were updated an improved -* build: support for GNU/kFreeBSD -* add support for ICU for unicode conversion (-DWITH_ICU=ON) -* client add option to force password prompt before connection (/from-stdin[:force]) -* add Samsung DeX support -* extend /size to allow width or height percentages (#4146) -* add support for "password is pin" -* clipboard is now enabled per default (use -clipboard to disable) - -Fixed github issues (excerpt): - -* #4281: Added option to prefer IPv6 over IPv4 -* #3890: Point to OpenSSL doc for private CA -* #3378: support 31 static channels as described in the spec -* #1536: fix clipboard on mac -* #4253: Rfx decode tile width. -* #3267: fix parsing of drivestoredirect -* #4257: Proper error checks for /kbd argument -* #4249: Corruption due to recursive parser -* #4111: 15bpp color handling for brush. -* #3509: Added Ctrl+Alt+Enter description -* #3211: Return freerdp error from main. -* #3513: add better description for drive redirection -* #4199: ConvertFindDataAToW string length -* #4135: client/x11: fix colors on big endian -* #4089: fix h264 context leak when DeleteSurface -* #4117: possible segfault -* #4091: fix a regression with remote program - -See https://github.com/FreeRDP/FreeRDP/milestone/7 for a complete list. - - -2012-02-07 Version 1.0.1 - -FreeRDP 1.0.1 is a maintenance release to address a certain number of -issues found in 1.0.0. This release also brings corrective measures -to certificate validation which were required for inclusion in Ubuntu. - -* Certificate Validation - * Improved validation logic and robustness - * Added validation of certificate name against hostname - -* Token-based Server Redirection - * Fixed redirection logic - * HAProxy load-balancer support - -* xfreerdp-server - * better event handling - * capture performance improvements - -* wfreerdp - * Fix RemoteFX support - * Fix mingw64 compilation - -* libfreerdp-core: - * Fix severe TCP sending bug - * Added server-side Standard RDP security - -2012-01-16 Version 1.0.0 - -License: - -FreeRDP 1.0 is the first release of FreeRDP under the Apache License 2.0. -The FreeRDP 1.x series is a rewrite, meaning there is no continuity with -the previous FreeRDP 0.x series which were released under GPLv2. - -New Features: - -* RemoteFX - * Both encoder and decoder - * SSE2 and NEON optimization -* NSCodec -* RemoteApp - * Working, minor glitches -* Multimedia Redirection - * ffmpeg support -* Network Level Authentication (NLA) - * NTLMv2 -* Certificate validation -* FIPS-compliant RDP security -* new build system (cmake) -* added official logo and icon - -New Architecture: - -* libfreerdp-core - * core protocol - * highly portable - * both client and server -* libfreerdp-cache - * caching operations -* libfreerdp-codec - * bitmap decompression - * codec encoding/decoding -* libfreerdp-kbd - * keyboard mapping -* libfreerdp-channels - * virtual channel management - * client and server side support -* libfreerdp-gdi - * extensively unit tested - * portable software GDI implementation -* libfreerdp-rail - * RemoteApp library -* libfreerdp-utils - * shared utility library - -FreeRDP Clients: - -* client/X11 (xfreerdp) - * official client - * RemoteApp support - * X11 GDI implementation -* client/DirectFB (dfreerdp) - * DirectFB support - * software-based GDI (libfreerdp-gdi) -* client/Windows (wfreerdp) - * Native Win32 support - -FreeRDP Servers (experimental): - -* server/X11 (xfreerdp-server) - * RemoteFX-only - * no authentication - * highly experimental - * keyboard and mouse input supported - -Virtual Channels: - -* cliprdr (Clipboard Redirection) -* rail (RemoteApp) -* drdynvc (Dynamic Virtual Channels) - * audin (Audio Input Redirection) - * alsa support - * pulse support - * tsmf (Multimedia Redirection) - * alsa support - * pulse support - * ffmpeg support -* rdpdr (Device Redirection) - * disk (Disk Redirection) - * parallel (Parallel Port Redirection) - * serial (Serial Port Redirection) - * printer (Printer Redirection) - * CUPS support - * smartcard (Smartcard Redirection) -* rdpsnd (Sound Redirection) - * alsa support - * pulse support -