xrdp/NEWS.md
2021-08-31 11:21:55 +09:00

23 KiB

Release notes for xrdp v0.9.17 (2021/08/31)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

New features

  • The IP address, port, and user name of NeutrinoRDP Proxy connection are logged in xrdp.log - these connections may not have a sesman log to use (#1873)
  • The performance settings for NeutrinoRDP can be now configured (#1903)
  • Support for Alpine Linux in startwm.sh (#1965)
  • clipboard: log file transfer for the purpose of audit (#1954)
  • Client's Keyboard layout now can be overridden by xrdp configuration for debugging purposes (#1952)

Bug fixes

  • PAM_USER environment variable is not set when using pam_exec module (#1882)
  • Allow common channel settings to be overridden for modules as well as chansrv (#1899)
  • The text only-copy/paste interface for the VNC module (used only when chansrv is not active) has been improved (#1900)
  • The unsupported tcutils utility has been removed (#1943)
  • The quality of TLS logging has been improved (#1926)
  • Keyboard information is now passed correctly through NeuutrinoRDP, and can be overridden if required (#1934)
  • A message is now logged in the sesman log for unsuccessful login attempts detailing the user used (#1947)

Internal changes

  • astyle formatting is now checked during CI builds (#1879)
  • Generalise development build options, and add --enable-devel-streamcheck (#1887)
  • Now uses cppcheck 2.5 for CI builds (#1938)
  • The SCP protocol is now using a standard struct trans for messaging rather than its own thing (#1925)

Changes for packagers or developers

  • The --enable-xrdpdebug developer option has been replaced with finer-grained --enable-devel-* options. Consequently, specifying --enable-xrdpdebug is now an error (#1913)

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Release notes for xrdp v0.9.16 (2021/04/30)

New features

  • On-the-fly resolution change now supported for Xvnc and Xorg (#448, #1820) - thanks to @Nexarian for this significant first contribution. See the following YouTube video for a demo.
  • xrdp can now use key algorithms other than RSA for TLS (#1776)
  • Do not spit on the console 2nd stage (inspired by Debian) #1762
  • Unified and improved logging (#1742, #1767, #1802, #1806, #1807, #1826, #1843) - thanks to @aquesnel for this detailed work.
  • Other logging level fixes (#1864)
  • chansrv can now work on DISPLAY=:0 so it can be used with x11vnc/Vino/etc sessions (#1849)

Bug fixes

  • Fix some regressions in sesman auth modules (#1769)
  • Minor manpage fixes (#1787)
  • Fix TS_PLAY_SOUND_PDU_DATA to set the correct frequency and duration (#1793)
  • Fix password leakage to logs in NeutrinoRDP module (#1872) - thanks to @TOMATO-ONE for reporting.

Internal changes

  • cppcheck version for CI bumped to 2.4 (#1771, #1836)
  • FreeBSD version for CI bumped to 12-2 (#1804)
  • Support for check unit test framework added (#1843, #1860)
  • FreeBSD FUSE module now compiles under CI but needs additional work (#1856)
  • Compilation support added for additional Debian platforms (#1818)
  • Refactoring:-
    • Confusing preprocessor macro USE_NOPAM replaced with USE_PAM (#1800)
    • Window manager states in xrdp executable now use symbolic constants instead of numbers (#1803)
  • Documentation improvements
    • KRDC added to client list (#1817)
    • Platform support tier added (#1822)
    • README file revised (#1863)
  • Don't install test+development executables by default (#1858)

Changes for packagers

These changes are likely to impact operating system package builders and those building xrdp from source.

  • (#1843, #1860) This release introduces an additional optional compile-time dependency on the check unit test framework. The dependency is recommended when packaging for compile-time tests.
  • (#1858) The executables memtest and tcp_proxy are no longer copied to the sbin directory on a package install.

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Release notes for xrdp v0.9.15 (2020/12/28)

New features

  • Allow token sign in without autologon for SSO (#1667 #1668)
  • Norwegian keyboard support (#1675)
  • Improved config support for chansrv (#1635)
  • Unified chansrv, sesman and libxrdp logging (#1633 #1708 #1738) - thanks to @aquesnel
  • Support SUSE move to /usr/etc (#1702)
  • Parameters may now be specified for user-specified shell (#1270 #1695)
  • xrdp executables now allow alternative config files to be specified with -c (#1588 #1650 #1651)
  • sesrun improvements (#1741)
  • Drive redirection location can now be specified (#1048)
  • Now compiles on RISC-V (#1761)

Bug fixes

  • Additional buffer overflow checks (#1662)
  • FUSE support now builds on 32-bit platforms (#1682)
  • genkeymap array size conflict fixed (#1691)
  • Buffering issue with neutrinordp over a slow link fixed (#1608 1634)
  • Various documentation fixes (#1704 #1741 #1755 #1759)
  • Prevent PAM info message from causing authentication failure (#1727)
  • Cosmetic fixes for minor issues (#1751 #1755 #1749)
  • Try harder to clean up socket files on session exit (#1740 #1756)
  • xrdp-chansrv become defunct in docker while file copy (#1658)

Internal changes

  • Compilation warnings with newer compilers (#1659 #1680)
  • Continuation Integration checks on 32-bit platforms now include FUSE support (#1682)
  • Continuation Integration builds now default to the Ubuntu Focal platform (#1666)
  • FUSE type tidy-ups (#1686)
  • Switch from Travis CI to GitHub Actions (#1728 #1732)
  • Easier to set up console logging for utilities (#1711)

Release notes for xrdp v0.9.14 (2020/08/31)

New features

  • VNC multi-monitor support if you are using a suitable Xvnc server #1343
  • VNC sessions now resize by default on reconnection if you are using a suitable Xvnc server #1343
  • Support Slackware for PAM #1558 #1560
  • Support Programmer Dvorak Keyboard #1663

[HEADS UP] The VNC changes are significant. They described in more detail on the following wiki page.

Bug fixes

  • Fix odd shift key behavior (workaround) #397 #1522
  • Fix Xorg path in the document for Arch Linux #1448 #1529
  • Fix Xorg path in the document for CentOS 8 #1646 #1647
  • Fix internal username/password buffer is smaller than RDP protocol specification #1648 #1653
  • Fix possible memory out-of-bounds accesses #1549
  • Fix memory allocation overflow #1557
  • Prevent chansrv input channels being scanned during a server reset #1595
  • Ignore TS_MULTIFRAGMENTUPDATE_CAPABILITYSET from client if fp disabled #1593
  • Minor manpage fixes #1611

Other changes

  • CI error fixes
  • Introduce cppcheck

Known issues

  • FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266
  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.13.1 (2020/06/30)

This is a security fix release that includes fixes for the following local buffer overflow vulnerability.

This update is recommended for all xrdp users.

Special thanks

Thanks to Ashley Newson reporting the vulnerability and reviewing fix.


Release notes for xrdp v0.9.13 (2020/03/11)

This release is an intermediate bugfix release. The previous version v0.9.12 has some regressions on drive redirection.

  • Fix chansrv crashes with segmentation fault (regression in #1449) #1487
  • Drive redirection now supports Guacamole client #1505 #1507
  • Prevent a coredump in the event of a corrupted file system #1507
  • Resolve double-free in chansrv_fuse #1469

Bug fixes (other)

  • Fix the issue xrdp --version | less will show empty output #1471 #1472
  • Fix some warnings found by cppcheck #1479 #1481 #1484 #1485

Other changes

  • Add FreeBSD CI test #1466
  • Move Microsoft-defined constants into separate includes #1470
  • Perform cppcheck during CI test #1493
  • Support mousex button 8/9 #1478

Known issues

  • FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266
  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.12 (2019/12/28)

Bug fixes

  • Fix "The log reference is NULL" error when sesman startup #1425
  • Fix behavior when shmem_id changes #1439
  • Make vsock config accept -1 for cid and port #1441
  • Cleanup refresh rect and check stream bounds #1437
  • Significant improvements in drive redirection #1449
  • Fix build on macOS Catalina #1462

Other changes

  • Proprietary microphone redirection via rdpsnd is now default off RDP compatible microphone redirection is on instead #1427
  • Skip connecting to chansrv when no channels enabled #1393
  • Add openSUSE's pam rules #1442
  • Do not terminate xrdp daemon when caught SIGHUP #1319

Known issues

  • FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266
  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.11 (2019/08/19)

New features

  • Suppress output (do not draw screen when client window is minimized) #1330
  • Audio input (microphone) redirection compatible with MS-RDPEAI #1369
  • Now xrdp can listen on more than one port #1124 #1366

Bug fixes

  • Fix the issue audio redirection sometimes sounds with long delay #1363
  • Check term event for more responsive shutdown #1372

Known issues

  • FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266
  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.11 (2019/08/19)

New features

  • Suppress output (do not draw screen when client window is minimized) #1330
  • Audio input (microphone) redirection compatible with MS-RDPEAI #1369
  • Now xrdp can listen on more than one port #1124 #1366

Bug fixes

  • Fix the issue audio redirection sometimes sounds with long delay #1363
  • Check term event for more responsive shutdown #1372

Known issues

  • FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266
  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.10 (2019/04/18)

Special thanks

Thank you for matt335672 contributing to lots of improvements in drive redirection!

New features

  • Restrict outbound (server->client) clipboard transfer, configured in sesman.ini #1298

Bug fixes

  • Fix the issue libscp v1 not setting width but height twice #1293
  • Fix the issue reconnecting to session causes duplicate drive entries in fuse fs #1299
  • Fix default_wm and reconnect_sh refer wrong path after sesman caught SIGUP #1315 #1331
  • Shutdown xrdp more responsively #1325
  • Improve remote file lookup in drive redirection #996 #1327
  • Overwriting & appending to existing files is are now supported #1327

Other changes

  • Add Danish Keyboard #1290
  • Put xrdp- prefix to some executables appear in man page #1313
  • Replace some URLs from SF.net to xrdp.org #1313

Known issues

  • FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266
  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.9 (2018/12/25)

Release cycle

From the next release, release cycle will be changed from quarterly to every 4 months. xrdp will be released in April, August, December.

New features

  • Disconnection by idle timeout (requires xorgxrdp v0.2.9 or later) #1227
  • Glyph cache v2 (fixes no font issue on iOS/macOS/Android client) #367 #1235

Bug fixes

  • Fix xrdp-chansrv crashes caused in drive redirection #1202 #1225
  • Fix build with FDK AAC v2 #1257
  • Do not enable RemoteApp if the INFO_RAIL flag is not set (RDP-RDP proxy) #1253

Other changes

  • Add Spanish Latin Amarican keyboard #1237 #1240 #1244
  • Dynamic channel improvements #1222 #1224
  • Remove some deprecated sesman session types #1232
  • Refactoring and cleanups

Known issues

  • FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266
  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.8 (2018/09/25)

Deprecation notice

We removed TLSv1 and TLSv1.1 from the default config. The current default is TLSv1.2 and TLSv1.3. Users can whenever re-enable these early TLS versions by editing xrdp. To use TLSv1.3, OpenSSL or LibreSSL must support TLSv1.3. You can know the OpenSSL or LibreSSL version by xrdp --version command that compiled with xrdp.

Other topics

Pulseaudio modules has been removed from xrdp source tree since it is actually independent and not part of xrdp. The repository has been moved to: https://github.com/neutrinolabs/pulseaudio-module-xrdp

If you want to use audio redirection, make sure install the module separately.

New features

  • Add TLSv1.3 support #1193

Bug fixes

  • Ensure unmount redirected drive on fatal X error #1140

Other changes

  • Show more helpful message if xrdp-dis failed #1206
  • Pass pulse socket name via environment variable #1198
  • Fix xrdp's log path in man page #1168

Release notes for xrdp v0.9.7 (2018/06/29)

Deprecation notice

x11rdp has been removed from xrdp reposiory and stored in the separate repository. Checkout x11rdp repository if you still need x11rdp. In most cases, xorgxrdp can replace x11rdp.

Bug fixes

  • Fix endianness detection on ppc64el #1082
  • Fix a bug xrdp file copy slow #1112 #1132
  • Copy the PAM session environment for the reconnect script #1120
  • Accept fullpath for DefaultWindowManager, ReconnectScript #1147

Other changes

  • Add PAM support for Arch Linux #1078
  • Show OpenSSL version to '--version' CLI option #1096
  • Separate x11rdp from xrdp repository #1104
  • Support sesrun start xorgxrdp sessions #1108
  • Show configure summary when configure is done #1126 #1134 #1137
  • Less spit on the console when sesman starts #1142
  • Fix memory leaks #1146
  • Separate rc script for FreeBSD into xrdp and xrdp-sesman #1153
  • Improve documents and helps

Known issues

  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.6 (2018/03/26)

Compatibility notice

Exclamation mark (!) has been removed from comment out symbol of config files. Use number sign (#) or semicolon (;) instead. As a result of this change, now you can use exclamation mark as config value such as in tls_ciphers.

tls_ciphers=HIGH:!aNULL:!eNULL:!EXPORT:!RC4

See also: #1033

macOS supports

Please note that xrdp still doesn't support macOS officially so far. However, a volunteer is working on macOS compatibility.

  • Generate dylibs for macOS #1015
  • Add PAM support for macOS #1021

Bug fixes

  • Make listen check before daemon fork #988
  • Fix xrdp sometimes become zombie processes #1000
  • Include hostname in sesman password file name #1006 #1007 #1076
  • Fix default startwm.sh to use bash explicitly #1009 #1049
  • Fix the issue FreeBSD doesn't acknowledge terminated sessions #1016 #1030

Other changes

  • Add Swiss French keyboard #1053
  • Improve perfect forward secrecy, explicitly enable ECDHE/DHE #1024 #1052 #1063
  • Lots of leak fixes, cleanups and refactoring

Known issues

  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.5 (2017/12/27)

Security fixes

New features

  • Add a new log level TRACE more verbose than DEBUG #835 #944
  • SSH agent forwarding via RDP #867 #868 FreeRDP/FreeRDP#4122
  • Support horizontal wheel properly #928

Bug fixes

  • Avoid use of hard-coded sesman port #895
  • Workaround for corrupted display with Windows Server 2008 using NeutrinoRDP #869
  • Fix glitch in audio redirection by AAC #910 #936
  • Implement vsock support #930 #935 #948
  • Avoid 100% CPU usage on SSL accept #956

Other changes

  • Add US Dvorak keyboard #929
  • Suppress some misleading logs #964
  • Add Finnish keyboard #972
  • Add more user-friendlier description about Xorg config #974
  • Renew pulseaudio document #984 #985
  • Lots of cleanups and refactoring

Known issues

  • Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965

Release notes for xrdp v0.9.4 (2017/09/28)

New features

  • Accept prefill credentials in base64 form #153 #811
  • Indroduce AAC encoder to audio redirection (requires Windows 10 client)

Bugfixes

  • Fix ocasional SEGV in drive redirection #838
  • Fix client's IP addresses in xrdp-sesman.log are always logged as 0.0.0.0 #878 #882
  • Fix ls_background_image didn't accept full path #776 #853
  • Fix misuse of hidelogwindow #414 #876
  • Fix WTSVirtualChannelWrite return code #859
  • Fix no longer needed socket files remained in the socket dir #812 #831
  • Make creating socket path a bit more robust #823

Other changes

  • Add Belgian keyboard #858
  • Add a PAM file for FreeBSD #824
  • Several refactorings and cosmetic changes

Known issues

  • Windows 10 (1703) shows black blank screen in RemoteFX mode
  • This issue is already fixed at Insider Preview build 16273

Release notes for xrdp v0.9.3.1 (2017/08/16)

This release fixes a trivial packaging issue #848 occurred in v0.9.3. The issue only affects systemd systems. This release is principally for distro packagers or users who compile & install xrdp from source.

Users who running xrdp on these systems don't need to upgrade from v0.9.3 to v0.9.3.1.

  • Linux systems without systemd
  • non-Linux systems such as BSD operating systems

Release notes for xrdp v0.9.3 (2017/07/15)

New features

  • Log user-friendly messages when certificate/privkey is inaccessible

Bugfixes

  • Now sesman sets mandatory LOGNAME environment variable #725
  • Now sesman ensures socket directory present #801
  • Exit with failure status if port already in use #644
  • Eliminate some hard coded paths
  • Fix glitches with IPv4 struct initialization #803
  • Fix some keyboard layout integration (UK, Spanish)
  • Fix handle OS when IPv6 disabled #714
  • Fix issues around systemd session #778
  • Fix protocol error when 32 bit color and non RemoteFX session #737 #804
  • Fix sesadmin shows error when no sessions #797
  • Fix TLS spins 100% CPU #728
  • Fix Xvnc backend disconnects when some data copied to clipboard #755
  • Pick up the first section if given section(domain) doesn't match anything #750

Other changes

  • Change xrdp-chansrv log path to include display number
  • Optimize startwm.sh for SUSE
  • Several cleanups and optimizations

Known issues

  • Windows 10 (1703) shows black blank screen in RemoteFX mode

Release notes for xrdp v0.9.2 (2017/03/30)

New features

  • RemoteFX codec support is now enabled by default.
  • Bitmap updates support is now enabled by default.
  • TLS ciphers suites and version is now logged.
  • Connected computer name is now logged.
  • Switched to Xorg (xorgxrdp) as the default backend now.
  • Miscellaneous RemoteFX codec mode improvements.
  • Socket directory is configurable at the compile time.

Bugfixes

  • Parallels client for MacOS / iOS can now connect (audio redirection must be disabled on client or xrdp server though).
  • MS RDP client for iOS can now connect using TLS security layer.
  • MS RDP client for Android can now connect to xrdp.
  • Large resolutions (4K) can be used with RemoteFX graphics.
  • Multiple RemoteApps can be opened throguh NeutrinoRDP proxy.
  • tls_ciphers in xrdp.ini is not limited to 63 chars anymore, it's variable-length.
  • Fixed an issue where tls_ciphers were ignored and rdp security layer could be used instead.
  • Kill disconnected sessions feature is working with Xorg (xorgxrdp) backend.
  • Miscellaneous code cleanup and memory issues fixes.

Release notes for xrdp v0.9.1 (2016/12/21)

New features

  • New xorgxrdp backend using existing Xorg with additional modules
  • Improvements to X11rdp backend
  • Support for IPv6 (disabled by default)
  • Initial support for RemoteFX Codec (disabled by default)
  • Support for TLS security layer (preferred over RDP layer if supported by the client)
  • Support for disabling deprecated SSLv3 protocol and for selecting custom cipher suites in xrdp.ini
  • Support for bidirectional fastpath (enabled in both directions by default)
  • Support clients that don't support drawing orders, such as MS RDP client for Android, ChromeRDP (disabled by default)
  • More configurable login screen
  • Support for new virtual channels:
    • rdpdr: device redirection
    • rdpsnd: audio output
    • cliprdr: clipboard
    • xrdpvr: xrdp video redirection channel (can be used along with NeutrinoRDP client)
  • Support for disabling virtual channels globally or by session type
  • Allow to specify the path for backends (Xorg, X11rdp, Xvnc)
  • Added files for systemd support
  • Multi-monitor support
  • xrdp-chansrv stroes logs in ${XDG_DATA_HOME}/xrdp now

Security fixes

  • User's password could be recovered from the Xvnc password file
  • X11 authentication was not used