xrdp v0.10.1

Release notes for xrdp v0.10.1 (2024/07/31)

General announcements

A clipboard bugfix included in this release is sponsored by Krämer Pferdesport GmbH & Co KG. We very much appreciate the sponsorship.

Please consider sponsoring or making a donation to the project if you like xrdp. We accept financial contributions via Open Collective. Direct donations to each developer via GitHub Sponsors are also welcomed.

Security fixes

• Unauthenticated RDP security scan finding / partial auth bypass (no CVE). Thanks to @txtdawg for reporting this.

New features

• GFX-RFX lossy compression levels are now selectable depending on connection type on the client (#3183, backport of #2973)

Bug fixes

• A regression in the code for creating the chansrv FUSE directory has been fixed (#3088, backport of #3082)
• Fix a systemd dependency ("network-online.target") (#3088, backport of #3086)
• A problem in session list processing which could result in incorrect display assignments has been fixed (#3088, backport of #3103)
• A problem in GFX resizing which could lead to a SEGV in xrdp has been fixed (#3088, backport of #3107)
• A problem with the US Dvorak keyboard layout has been resolved (#3088, backport of #3112)
• A regression bug when pasting image to LibreOffice has been fixed [Sponsored by Krämer Pferdesport GmbH & Co KG] (#3102 #3120)
• Fix a regression when the server tries to negotiate GFX when max_bpp is not high enough (#3118 #3122)
• Fix a GFX multi-monitor screen placing issue on minimise/maximize (#3075 #3127)
• Fix an issue some files are not included properly in release tarball (#3149 #3150)
• Using 'I' in the session selection policy now works correctly (#3167 #3171)
• A potential name buffer overflow in the redirector has been fixed [no security implications] (#3175)
• Screens wider than 4096 pixels should now be supported (#3083)
• An unnecessary licensing exchange during connection setup has been removed. This was causing problems for FIPS-compliant clients (#3132 backport of #3143)

Internal changes

• FreeBSD CI bumped to 13.3 (#3088, backport of #3104)

Changes for users

• None since v0.10.0.
• If moving from v0.9.x, read the v0.10.0 release note.

Changes for packagers or developers

• None since v0.10.0.
• If moving from v0.9.x, read the v0.10.0 release note.

xrdp 0.9.26

Release notes for xrdp v0.9.26 (2024/06/20)

General announcements

xrdp v0.9.x is approaching the end-of-life. It will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found.

We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed.

Security fixes

No new security fixes in this release.

Bug fixes

• Fall back to IPv4 if IPv6 capable but don't have an IPv6 address set (#2958, back-port of #2967)
• Remove tcutils channel from xrdp.ini (#2958, back-port of #2970)
• Remove duplicate DEBUG output (#2958, back-port of #2976)
• Fix drive redirection regression caused by #2032 (#3087, back-port of #3082)
• A regression bug when pasting image to LibreOffice has been fixed [Sponsored by Krämer Pferdesport GmbH & Co KG] (#3124, back-port of #3120)

New features

No new features in this release.

Internal changes

• Bump copyright year and make easier to bump (#2958, back-port of #2956)
• Migrate github actions to Node 20 (#2958, back-port of #2955)
• FreeBSD CI bumped to 13.3 (#3087, back-port of #3104)

Known issues

• On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
• xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.10.0

Release notes for xrdp v0.10.0 (2024/05/10)

This section notes changes since the v0.10 branch was created.

General announcements

The biggest news of this release is that Graphic Pipeline Extension also called GFX in short has been supported. xrdp v0.10 with GFX achieves more frame rates and less bandwidth compared to v0.9. There is a significant performance improvement especially if the client is Windows 11's mstsc.exe or Microsoft Remote Desktop for Mac. GFX H.264/AVC 444 mode and hardware-accelerated encoding are not supported in this version yet.

GFX implementation in xrdp is sponsored by an enterprise sponsor. @CyberTrust is also one of the sponsors. We very much appreciate the sponsorship. It helped us to accelerate xrdp development and land GFX earlier!

Please consider sponsoring or making a donation to the project if you like xrdp. We accept financial contributions via Open Collective. Direct donations to each developer via GitHub Sponsors are also welcomed.

Highlights

This section describes the most user-visible new or changed features in xrdp since v0.9.19. See Branch v0.10 for all changes relative to v0.9.19.

• Added GFX support with multi-monitor support (including monitor hot plug/unplug) (#2256 #2338 #2595 #2879 #2891 #2911 #2929 #2933)
• Touchpad inertial scrolling (#2364, #2424). Thanks to new contributor @seflerZ
• New look of login screen (#2366)
• Scaled login screen on higher DPI monitors (#2341, #2427, #2435)
  • This feature works automatically when monitor DPI information is sent by the client (i.e. a full-screen session)
  • Native platform tools are now provided to manipulate .fv1 format font files.
• The format of the date and time in the log file has been changed to ISO 8601 with milliseconds (#2386 #2541)
• xrdp-sesman now supports a --reload switch to allow for the configuration to be changed when sessions are active (#2416)

Security fixes

None

New features

• If the client announces support for the Image RemoteFX codec it is logged (back-port of #2946)

Bug fixes

• Fix some monitor hotplug issues (#2951)
• GFX: Fix disconnect on resize of busy windows (#2962 #2957)
• Fall back to IPv4 if IPv6 capable but don't have an IPv6 address set (#2967 #2957)
• Remove tcutils channel from xrdp.ini (#2970 #2957)
• Don't generate a corefile when generating SIGSEGV during unit testing (#2987)
• If the drdynvc static channel isn't available, disable GFX gracefully (#3003)
• A buffer misconfiguration which affects performance on high bandwidth, high latency links has been addressed (cherry-pick of #2910)
• A permissions fix for the socketdir update in #2731 has been issued (cherry-pick of #3011)

Internal changes

• Adjust log level not too verbose (#2954 #2972 #2957)
• Migrate GitHub actions to Node 20 (#2955 #2957)
• Bump copyright year and make easier to bump (#2956 #2957)
• Remove duplicate DEBUG output (#2976 #2977)
• Add script to make release tarball (#2983)
• Syscall filter for xrdp updated (cherry-pick of #3017)
• GFX memory usage for large screens is greatly improved (cherry-pick of #3013)
• librfxcodec SSE2 performance improvements (#3032)

Known issues

• On-the-fly resolution change with the Microsoft Store version of Remote Desktop client sometimes crashes on connect (#1869)
• xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Changes for users

• If moving from v0.9.x, read the 'User changes' for the v0.10 branch below.

Changes for packagers or developers

• If moving from v0.9.x, read the 'User changes' and 'Significant changes for packagers or developers section' sections for the v0.10 branch below.

---

Branch v0.10

This branch was forked from development on 2024-02-08 in preparation for testing and release of v0.10.1.

The changes in this section are relative to version v0.9.19 of xrdp.

User changes

• The x11rdp X server is no longer supported. Users will need to move to xorgxrdp (#2489)

• Running xrdp and xrdp-sesman on separate hosts is no longer supported.

• There are some changes to xrdp.ini and sesman.ini which break backwards compatibility. In particular:-

  • sesman.ini/Globals/ListenAddress is not longer used. A warning message is generated if this is found in the configuration, but the configuration will continue to work.
  • sesman.ini/Globals/ListenPort is now a path to a socket, or an unqualified socket in a default directory. If the old default value 3350 is found, a warning is generated and a default value is used instead. The configuration will continue to work.
  • The ip and pamsessionmng parameters are no longer required in sections in xrdp.ini to locate the sesman port. Unnecessary usages of this parameter now generate warnings. The configuration will continue to work.
  • The 'C' field for the session allocation policy has been replaced with Policy=Separate. This field is has a very specific specialist purpose, and will not be used by the vast majority of users. The renaming makes it much clearer what is happening (#2251 #2239). Any uses of the 'C' field will generate warnings, and the configuration will require updating

• The format of the date and time in the log file has been changed to ISO 8601 with milliseconds (#2386 #2541)

  Users are urged to heed any generated configuration warnings and update their configurations. Later major versions of xrdp may remove these warnings, or introduce other behaviours for the affected parameters.

Security fixes

This branch provides following important security fixes reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches for them.

• CVE-2022-23468
• CVE-2022-23477
• CVE-2022-23478
• CVE-2022-23479
• CVE-2022-23480
• CVE-2022-23481
• CVE-2022-23483
• CVE-2022-23482
• CVE-2022-23484
• CVE-2022-23493

The following issue was reported by @gafusss

• CVE-2023-40184

Other security fixes:-

• CVE-2023-42822: Unchecked access to font glyph info

New features

• Added GFX support with multi-monitor support (including monitor hot plug/unplug) (#2256 #2338 #2595 #2879 #2891 #2911 #2929 #2933)
• Add Ulalaca that enables remote access to macOS's native screen (developed by team unstablers)
  • Ulalaca is still heavy in development, not suitable for production use yet
  • sessionbroker and sessionprojector are also required, see also README
• Scaled login screen on higher DPI monitors (#2341, #2427, #2435)
  • This feature works automatically when monitor DPI information is sent by the client (i.e. a full-screen session)
  • Native platform tools are now provided to manipulate .fv1 format font files.
• Touchpad inertial scrolling (#2364, #2424). Thanks to new contributor @seflerZ
• New look of login screen (#2366)
• Record codec GUID to identify unknown codc (#2401)
• OpenSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
• xrdp-sesman now supports a --reload switch to allow for the configuration to be changed when sessions are active (#2416)
• VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
• LogFile=<stdout> redirects log to stdout, which is useful for debugging (#2407)
• xrdp-sesrun and xrdp-sesadmin can now authenticate automatically as the logged-in user without a password (#2472)
• Empty passwords are no longer automatically passed though to sesman for authentication (#2487)
• BSD setusercontext() is now supported (#2225, #2473)
• The FUSE mount path can now be qualified with the display name or display string (#2528)
• Debian: use startup command from /usr/share/xsession if DISPLAY_SESSION is set (#2522)
• The directory where PAM configuration files is installed can now be set with --with-pamconfdir (#2552 #2557)
• Some classes of 'blue screen' failures have been addressed:-
  • X server failures are now reported as a separate error from window manager (#2592)
  • sesman failures are reported immediately (#2640)
• Allow longer UserWindowManager strings (#2651)
• Some changes have been made to made it easier to implement AppArmor support in the future (#2265):-
  • g_file_open() has been replaced with g_file_open_ro() and g_file_open_rw() calls
  • the starting of the X server with no-new-privileges can now be disabled by the administrator
• On systemd-based systems, system call filtering is used to restrict the system calls that the xrdp process can make (#2697 #2719)
• GNOME and KDE keyrings should now be supported out-of-the-box on Debian and Arch (#2776)
• Implement vsock support for FreeBSD #2798
• Side buttons on so...

xrdp v0.10.0-beta.3

This will be the last beta release before the official v0.10.0 release if no major problems are found in this release.

xrdp v0.10.0-beta.2

This is the second beta release of xrdp v0.10.0.

xrdp v0.9.25.1

Release notes for xrdp v0.9.25.1 (2024/03/13)

This release fixes a bug that occurred in v0.9.25 where scrolling did not work in the Xvnc backend.

Thanks to @bsmojver reporting the issue and testing!

General announcements

This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found.

We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed.

Bug fixes

• Mouse wheel scrolling in Xvnc session no longer works in 0.9.25 (#2993 #2994)

xrdp v0.9.25

Release notes for xrdp v0.9.25 (2024/03/11)

• Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

General announcements

This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found.

We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed.

Security fixes

No new security fixes in this release.

Bug fixes

• Backport touchpad inertial scrolling (#2364 #2424 #2948).

New features

• If the client announces support for the Image RemoteFX codec it is logged (back-port of #2946)

Internal changes

• FreeBSD CI version bumped to 13.2 from 12.4 (#2897)
• Some test timeouts have been increased for slow CI machines (#2903)

Known issues

• On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
• xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.10.0-beta.1

This is the first beta release of xrdp v0.10.0.

xrdp v0.9.24

Release notes for xrdp v0.9.24 (2023/12/30)

• Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

General announcements

We have created a fund on Open Collective. Support us if you like xrdp!

Direct donations to each developer via GitHub Sponsors are also welcomed.

Security fixes

No new security fixes in this release.

Bug fixes

• Checking group membership should now work better on systems using directory services (#2806 #2817)
• Pasting more than 32K characters of text to the clipboard now succeeds (#1839 #2824)
• An incompatibility with FreeRDP 2.11.2 in the drive redirector has been fixed (#2834 #2839)

New features

• Side buttons on some mice are now supported by NeutrinoRDP (#2860). Thanks to new contributor @naruhito for this patch.

Internal changes

• cppcheck version used for CI bumped to 2.13.0 (#2830/#2887). Note that this greatly increases cppcheck scan times.

Known issues

• On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
• xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

xrdp v0.9.23.1

Release notes for xrdp v0.9.23.1 (2023/09/27)

This is a security fix release for CVE-2023-42822. This update is recommended for all xrdp users.

Security fixes

• CVE-2023-42822: Unchecked access to font glyph info

Bug fixes

No bug fixes other than the above security fix in this release.

New features

No new features in this release.

Internal changes

• cppcheck install script no longer installs z3 for cppcheck >= 2.8 (#2782)