This release is just a re-packing of source code tarball since v0.9.22 tarball includes invalid source code (#2687).
See [v0.9.22 release note](https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.22) for functional changes since v0.9.22.1 is what v0.9.22 should be.
Thanks to [@morgancoxuk](https://github.com/morgancoxuk) and [bsmojver](https://github.com/bsmojver) for reporting and testing!
* Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
## Security fixes
No security fixes in this release.
## New features
* Empty passwords are no longer automatically passed through to sesman for authentication (#2509)
* Don't try to listen on the scard socket if it isn't there (#2507)
* The directory where PAM configuration files are installed can now be set with --with-pamconfdir (#2552 #2557#2566)
* Sesman can now be configured to ignore alternate shells passed from the client (#2634)
* Allow longer UserWindowManager strings (#2653)
## Bug fixes
* Minor documentation fixes (#2508 #2582)
* Memory management fixes to list module (#2548 #2577)
* Fix some noise when MP3/AAC are in use and some logging improvements (#2519 #2537#2554)
* Fix potential NULL dereferences in chansrv (#2574)
* An erroneous free in the smartcard handling code has been removed (#2611)
* An unnecessary 'check.h' include was removed which prevented compilation on Arch systems (#2650)
## Internal changes
* cppcheck version used for CI bumped to 2.10 (#2521)
* g_malloc, g_free, g_memset, and g_memcpy are now macros. These should not be used in new code (#2612)
* FreeBSD CI now runs on FreeBSD 12.4 (#2622)
## Changes for packagers or developers
* openSUSE [Bug 1208121](https://bugzilla.opensuse.org/show_bug.cgi?id=1208121) has been addressed in upstream
## Known issues
* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
This release only includes following fix for packagers. Packagers try to build xrdp on distributions _other than_ Arch Linux, Debian, SUSE, Red Hat(ish), FreeBSD and macOS may be required to use this release.
## Changes for packagers or developers
* Add missing xrdp-sesman.system to distributed tarball (#2466 #2468)
* Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
## Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
These security issues are reported by [Team BT5 (BoB 11th)](https://github.com/Team-BT5). We appreciate their great help with making and reviewing patches.
## New features
* openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
* VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
## Bug fixes
* Passwords are no longer left on the heap in sesman (#1599 #2439)
* Set permissions on pcsc socket dir to owner only (#2454 #2460)
## Internal changes
* CI updates to cope with github upgrades (#2395)
## Changes for packagers or developers
Nothing this time.
## Known issues
* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
* Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
## New features
* Mitigation for too fast vertical scroll has been implemented. This is actually not a new feature of xrdp so see also [xorgxrdp v0.9.19 release note](https://github.com/neutrinolabs/xorgxrdp/releases/tag/v0.9.19).
## Bug fixes
* Windows RDS compatibility has been improved, so some old clients (e.g. Wyse Sx0) can now be used again with xrdp in non-TLS mode (#2273)
* Update xrdpapi simple example to work with new logging (#2276)
* sesman: fix spacing in log (#2282)
* Fix MSTSC crashes when resolution is changed by maximizing on a different monitor (#2292 #1928)
* Mark count with unused attribute (#2353)
* Simple maintenance improvements (#2354)
## Internal changes
* FreeBSD version for CI bumped to 12-3 (#2226)
* cppcheck version used for CI bumped to 2.9 (#2351)
## Changes for packagers or developers
Nothing this time.
## Known issues
* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
* Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
## New features
* Both inbound and outbound clipboards can now be restricted for text, files or images [Sponsored by @CyberTrust@clear-code and @kenhys] (#2087)
## Bug fixes
* [CVE-2022-23613](https://www.cve.org/CVERecord?id=CVE-2022-23613): Privilege escalation on xrdp-sesman (This fix is also in the out-of-band v0.9.18.1 release)
* The versions of imlib2 used on RHEL 7 and 8 are now detected correctly (#2118)
* Some situations where zombie processes could exist have been resolved (#2146, #2151, #2168)
* Some null-pointer exceptions which can happen in the logging module have been addressed (#2149)
* Some minor logging errors have been corrected (#2152)
* The signal handling in sesman has been reworked to prevent race conditions when a child exits. This has also made it possible to reliably reload the sesman configuration with SIGHUP (#1729, #2168)
## Internal changes
* Versions 0.13 and later of checklib can undefine the pre-processor symbol `HAVE_STDINT_H`. The xrdp tests now build successfully against these versions (#2124)
* OpenSSL packaging changes (#2130):-
- The OpenSSL 3 EVP interface is now fully supported
- When building against OpenSSL 3, an internal implementation of the RC4 cipher is used instead of the implementation from the OpenSSL legacy provider
- The wrapping of the OpenSSL library has been improved which should make it simpler to provide an alternative cryptographic provider in the future, if required
- The logging of TLS/non-TLS security negotiation has been improved
* cppcheck version used for CI bumped to 2.7 (#2140)
* The `s_check()` macro which is easily mis-used has been removed (#2144)
* Status values for the DRDYNVC channel are now available in `libxrdp/xrdp_channel.h`
## Changes for packagers or developers
* On OpenSSL 3 systems, there is now no need to build with the `-Wno-error=deprecated-declarations` flag
## Known issues
* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
* Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
* Special thanks for @trishume for contributing code to the RFX codec
## New features
* Backgrounds and logos on the login screen can now be zoomed and scaled (#1962)
* Small change for Alpine Linux support (#2005)
* loongarch support (#2057)
* Improved Fail2ban support (#1976)
## Bug fixes
* Logging is improved for security protocol level decisions (#1974, #1975)
* An unnecessary log error message which is always generated when running neutrinordp has been removed (#2016)
* An incorrect development log message has been fixed (#2074)
* Some informational and error messages written to the console on stdout have been removed or replaced with log messages (#2078 #2080)
* Failure to attach to the memory area shared with xorgxrdp is now logged (#2065)
* A regression in the VNC module logging which might cause a connection to drop out has been identified and fixed (#1989)
* Remote drive redirection now works if printer redirection is also requested by the client (#327)
* Some file names could not be copied from the client to the server over the clipboard. This is now fixed (#1992, #1995)
* A config value has been added which allows copy-pasting of files to work with Nautilus for GNOME 3 versions >= 3.29.92 (#1994, #1996)
* Clipboard now works properly when files can't be read (#1997 #2001)
* (xorgxrdp v0.2.18) The screen is fully refreshed after initialising shared memory which should fix black screen problems like #1964
* An incorrect initialisation reported by @qarmin has been fixed (#1909)
* Some minor memory leaks have been fixed (#2014 #2028)
* A hard hang in chansrv when copying files from the remote system has been addressed (#2032)
* Users can now capitalise username and password on the login screen if required (#2061)
* Some failed size checks in the fastpath code with `--enable-devel-streamcheck` have been addressed (#2066,#2070)
* Log level for clipboard restriction has been promoted from DEVEL DEBUG to INFO (#2088)
* A buffer overflow in the RFX codec associated with large screens has been fixed (#2087)
## Internal changes
* Some 64-bit packages are removed during the 32-bit CI build process in an attempt to make this more robust (#1985)
* Minor improvements to error checking and logging for file copy-paste (#1996)
* Now uses cppcheck 2.6 for CI builds (#2008)
* Generated systemd unit files now ignored by git (#2006)
* More internal tests (#2015)
* Some unnecessary files have been removed from the distribution (#2030)
* The `which` command in shell scripts has been replaced with `command -v` (#2067)
* Additional unit tests added for `g_file_get_size()` (#1988)
* A compiler warning with -O3 on gcc 11.1 has been addressed (#2105)
* An unused declaration for xrdp_wm_drdynvc_up has been removed (#2098)
* The SCP V0 code has been unified, which will make it easier to update and replace (#2011)
* Monitor processing unit tests for existing xrdp_sec function have been added (#1932)
* The librfxcodec has been updated as part of #2087, and also to add stack frames to assemble code to assist debugging
## Changes for packagers or developers
* The `--with-imlib2` option has been added. If xrdp is built with imlib2, the login screen supports more image formats for the background and logo, and better quality zooming and scaling (#1962)
## Known issues
* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
* Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
## New features
* The IP address, port, and user name of NeutrinoRDP Proxy connection are logged in xrdp.log - these connections may not have a sesman log to use (#1873)
* The performance settings for NeutrinoRDP can be now configured (#1903)
* Support for Alpine Linux in startwm.sh (#1965)
* clipboard: log file transfer for the purpose of audit (#1954)
* Client's Keyboard layout now can be overridden by xrdp configuration for debugging purposes (#1952)
## Bug fixes
* PAM_USER environment variable is not set when using pam_exec module (#1882)
* Allow common channel settings to be overridden for modules as well as chansrv (#1899)
* The text only-copy/paste interface for the VNC module (used only when chansrv is not active) has been improved (#1900)
* The unsupported `tcutils` utility has been removed (#1943)
* The quality of TLS logging has been improved (#1926)
* Keyboard information is now passed correctly through NeuutrinoRDP, and can be overridden if required (#1934)
* A message is now logged in the sesman log for unsuccessful login attempts detailing the user used (#1947)
## Internal changes
* astyle formatting is now checked during CI builds (#1879)
* Generalise development build options, and add --enable-devel-streamcheck (#1887)
* Now uses cppcheck 2.5 for CI builds (#1938)
* The SCP protocol is now using a standard `struct trans` for messaging rather than its own thing (#1925)
## Changes for packagers or developers
* The `--enable-xrdpdebug` developer option has been replaced with finer-grained `--enable-devel-*` options. Consequently, specifying `--enable-xrdpdebug` is now an error (#1913)
## Known issues
* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
* On-the-fly resolution change now supported for Xvnc and Xorg (#448, #1820) - thanks to @Nexarian for this significant first contribution. See the following YouTube video for a demo.
* [Windows] https://youtu.be/cZ0ebieZHeA
* [Mac] https://youtu.be/6kfAkyLUgFY
* xrdp can now use key algorithms other than RSA for TLS (#1776)
* Do not spit on the console 2nd stage (inspired by Debian) #1762
* Unified and improved logging (#1742, #1767, #1802, #1806, #1807, #1826, #1843) - thanks to @aquesnel for this detailed work.
* Other logging level fixes (#1864)
* chansrv can now work on `DISPLAY=:0` so it can be used with x11vnc/Vino/etc sessions (#1849)
## Bug fixes
* Fix some regressions in sesman auth modules (#1769)
* Minor manpage fixes (#1787)
* Fix TS_PLAY_SOUND_PDU_DATA to set the correct frequency and duration (#1793)
* Fix password leakage to logs in NeutrinoRDP module (#1872) - thanks to @TOMATO-ONE for reporting.
## Internal changes
* cppcheck version for CI bumped to 2.4 (#1771, #1836)
* FreeBSD version for CI bumped to 12-2 (#1804)
* Support for check unit test framework added (#1843, #1860)
* FreeBSD FUSE module now compiles under CI but needs additional work (#1856)
* Compilation support added for additional Debian platforms (#1818)
* Refactoring:-
* Confusing preprocessor macro USE_NOPAM replaced with USE_PAM (#1800)
* Window manager states in xrdp executable now use symbolic constants instead of numbers (#1803)
* Documentation improvements
* KRDC added to client list (#1817)
* Platform support tier added (#1822)
* README file revised (#1863)
* Don't install test+development executables by default (#1858)
## Changes for packagers
These changes are likely to impact operating system package builders and those building xrdp from source.
* (#1843, #1860) This release introduces an additional optional compile-time dependency on the `check` unit test framework. The dependency is recommended when packaging for compile-time tests.
* (#1858) The executables `memtest` and `tcp_proxy` are no longer copied to the sbin directory on a package install.
## Known issues
* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
* [CVE-2020-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044)
This release fixes a trivial packaging issue #848 occurred in v0.9.3. The issue only affects systemd systems. This release is principally for distro packagers or users who compile & install xrdp from source.
Users who running xrdp on these systems don't need to upgrade from v0.9.3 to v0.9.3.1.