From d364e76ae8137b26578b675e29bb74f4215452b8 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 30 Jun 2020 15:00:24 +0900 Subject: [PATCH 1/3] Update NEWS for v0.9.13.1 --- NEWS.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/NEWS.md b/NEWS.md index 6d949ba7..3f137919 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,17 @@ +# Release notes for xrdp v0.9.13.1 (2020/06/30) + +This is a security fix release that includes fixes for the following local buffer overflow vulnerability. + +* [CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044) + +This update is recommended for all xrdp users. + +## Special thanks + +Thanks to [Ashley Newson](https://github.com/ashleynewson) reporting the vulnerability and reviewing fix. + +----------------------- + # Release notes for xrdp v0.9.13 (2020/03/11) This release is an intermediate bugfix release. The previous version v0.9.12 has some regressions on drive redirection. @@ -111,7 +125,7 @@ Thank you for matt335672 contributing to lots of improvements in drive redirecti ----------------------- -## Release notes for xrdp v0.9.9 (2018/12/25) +# Release notes for xrdp v0.9.9 (2018/12/25) ## Release cycle From the next release, release cycle will be changed from quarterly to every From b4ca302c0512929c40f23ede1550f1ddcdd62eac Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 31 Aug 2020 14:15:12 +0900 Subject: [PATCH 2/3] Update NEWS for v0.9.14 --- NEWS.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/NEWS.md b/NEWS.md index 3f137919..e57c13fd 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,34 @@ +# Release notes for xrdp v0.9.14 (2020/08/31) + +## New features +* VNC multi-monitor support if you are using a suitable Xvnc server #1343 +* VNC sessions now resize by default on reconnection if you are using a suitable Xvnc server #1343 +* Support Slackware for PAM #1558 #1560 +* Support Programmer Dvorak Keyboard #1663 + +**[HEADS UP]** The VNC changes are significant. They described in more detail on the following wiki page. +* [Xvnc backend : Multi monitor and resize support](https://github.com/neutrinolabs/xrdp/wiki/Xvnc-backend-:-Multi-monitor-and-resize-support) + +## Bug fixes +* Fix odd shift key behavior (workaround) #397 #1522 +* Fix Xorg path in the document for Arch Linux #1448 #1529 +* Fix Xorg path in the document for CentOS 8 #1646 #1647 +* Fix internal username/password buffer is smaller than RDP protocol specification #1648 #1653 +* Fix possible memory out-of-bounds accesses #1549 +* Fix memory allocation overflow #1557 +* Prevent chansrv input channels being scanned during a server reset #1595 +* Ignore TS_MULTIFRAGMENTUPDATE_CAPABILITYSET from client if fp disabled #1593 +* Minor manpage fixes #1611 + +## Other changes +* CI error fixes +* Introduce cppcheck + +## Known issues +* FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to + xrdp's bad-mannered behaviour, add `+glyph-cache` option to FreeRDP to connect #1266 +* Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965 + # Release notes for xrdp v0.9.13.1 (2020/06/30) This is a security fix release that includes fixes for the following local buffer overflow vulnerability. From 9ec6162a54d54a60434b5bdc093aa1c9f876f204 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 31 Aug 2020 14:24:41 +0900 Subject: [PATCH 3/3] bump version to v0.9.14 --- README.md | 2 +- configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 84ba4615..21f755b5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/neutrinolabs/xrdp-questions) ![Apache-License](https://img.shields.io/badge/License-Apache%202.0-blue.svg) -*Current Version:* 0.9.13 +*Current Version:* 0.9.14 # xrdp - an open source RDP server diff --git a/configure.ac b/configure.ac index d5fc41bc..8a2d2301 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # Process this file with autoconf to produce a configure script AC_PREREQ(2.65) -AC_INIT([xrdp], [0.9.13], [xrdp-devel@googlegroups.com]) +AC_INIT([xrdp], [0.9.14], [xrdp-devel@googlegroups.com]) AC_CONFIG_HEADERS(config_ac.h:config_ac-h.in) AM_INIT_AUTOMAKE([1.7.2 foreign]) AC_CONFIG_MACRO_DIR([m4])