freerdp2/ChangeLog

639 lines
22 KiB
Plaintext

# 2022-10-12 Version 2.8.1
Notewhorth changes:
* Fixed CVE-2022-39282
* Fixed CVE-2022-39283
* Added missing commit for backported #8041: Remove ALAW/ULAW codecs from linux backends (unreliable)
* Added hash checks for android build script dependencies
Fixed issues:
* Backported #8190: Fix build break with newer FFMPEG versions
* Backported #8234: Updated flatpak with build script
* Backported #8210: Better execinfo support check for android
* Backported #7708: Header now defines DumpThreadHandles
* Backported #8176: Check fullscreen state and not setting
* Backported #8236: Send resize on window state change
* Backported #7611: Audin macOS monterey fix
* Backported #8291: Android build script update
# 2022-07-28 Version 2.8.0
Noteworthy changes:
* Backported API to get peer accepted channel option flags
* Backported API to get peer accepted channel names
* Backported Stream_CheckAndLogRequiredLength
* Backported #7954: Add server side handling for [MS-RDPET]
* Backported #8010: Add server side handling for [MS-RDPECAM]
* Backported #8041: Remove ALAW/ULAW codecs from linux backends (unreliable)
* Backported #8051: Relieve CLIPRDR filename restriction when connecting to non-MS Windows servers
* Backported #8048: TLS version control
* Backported #7987: Add a new command line arg to enforce tls1.2
Fixed issues:
* Fixed #7837: Prevent out of bound reads for FFMPEG
* Backported #7859 and #7861: Unwind support for backtrace generation
* Backported #7440: wlfreerdp appid
* Backported #7832: RAIL window restore
* Backported #7833: Refactored WinPR thread locking
* Backported #7893: Mac rdpsnd memory leak fixes
* Backported #7895: Mac audin memory leak fixes
* Backported #7898: Automatic android versioning
* Backported #7916: GFX 10.7 capability support
* Backported #7949: Server RDPSND API improvements
* Backported #7957: Server DVC API improvements
* Backported #7760: Fixed osMinorType values
* Backported #8013: Add missing osMajorType values
* Backported #8076: Fix wrong usage of subband diffing flag (tile artifact fix)
For a complete and detailed change log since the last release run:
git log 2.7.0..2.8.0
# 2022-04-25 Version 2.7.0
Noteworthy changes:
* Backported OpenSSL3 gateway support (#7822)
* Backported various NTLM fixes
* Backported WINPR_ASSERT to ease future backports
Fixed issues:
* Backported #6786: Use /network:auto by default
* Backported #7714: Workaround for broken surface frame marker
* Backported #7733: Support 10bit X11 color (BGRX32 only)
* Backported #7745: GFX progressive double free
* Backported #7808: Disable websockets with /gt:rpc
* Backported #7815: RAIL expect LOGON_MSG_SESSION_CONTINUE
Important notes:
For a complete and detailed change log since the last release run:
git log 2.6.1..2.7.0
# 2022-03-07 Version 2.6.1
Noteworthy changes:
Fixed issues:
* Backported freerdp_abort_connect during freerdp_connect fix (#7700)
* Backported improved version dection see docs/version_detection.md for details
* Backported various rdpsnd fixes (#7695)
Important notes:
For a complete and detailed change log since the last release run:
git log 2.0.0..2.6.1
# 2022-02-22 Version 2.6.0
Noteworthy changes:
* Backported android FFMPEG build scripts
* Updated android build dependencies
Fixed issues:
* Backported #7303: Fix PDU length for RDPINPUT_PROTOCOL_V300
* Backported #7658: Sanitize optional physical monitor size values
* Backported #7426: Wayland memory corruption
* Backported #7293: Remove unused codec x264
* Backported #7541: Allow resolutions larger 2048x2048
* Backported #7574: FFMPEG 5.0 support
* Backported #7578: FFMPEG 5.0 support
* Backported #7580: Fixed device hotplugging
* Backported #7583: GetUserNameExA: Prefer getpwuid_r over getlogin_r over getlogin
* Backported #7585: Android Mediacodec support
Important notes:
For a complete and detailed change log since the last release run:
git log 2.5.0..2.6.0
# 2022-01-12 Version 2.5.0
Noteworthy changes:
* Fixed smartcard login in case a redirection occurs the pin was lost
* Backported windows client drawing fixes
* Backported improved macOS keyboard layout detection
* Backported TcpConnectTimeout
* Backported LibreSSL compatibility patches
* Backported signal handler backtrace
* Backported OpenSSL 3.0 support
Fixed issues:
* Backport #7539: Wayland client clipboard issues
* Backport #7509: Various fixes regarding registry emulation, addin loader
and updated locale detection
* Backport #7466: Android android_register_pointer missing initialization
Important notes:
For a complete and detailed change log since the last release run:
git log 2.4.1..2.5.0
# 2021-10-20 Version 2.4.1
Noteworthy changes:
* Refactored RPC gateway parsing code
* OpenSSL 3.0 compatibility fixes
* USB redirection: fixed transfer lengths
Fixed issues:
* #7363: Length checks in ConvertUTF8toUTF16
* #7349: Added checks for bitmap width and heigth values
Important notes:
* CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory
* CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory
For a complete and detailed change log since the last release run:
git log 2.4.0..2.4.1
# 2021-07-27 Version 2.4.0
Noteworthy changes:
* Backported multithreadded progressive decoder (#7036)
* Backported clipboard fixes (#6924)
* Fixed remote file read (#7185)
Fixed issues:
* #6938: RAILS clipboard remote -> local
* #6985: Support newer FFMPEG builds
* #6989: Use OpenSSL default certificate store settings
* #7073: Planar alignment fixes
# 2021-03-15 Version 2.3.2
For a complete and detailed change log since the last release run:
git log 2.3.2..2.4.0
Noteworthy changes:
* Fixed autoreconnect printer backend loading
* Fixed compilation on older mac os versions < 10.14
* Fixed mouse pointer move with smart-sizing
* Added command line option to disable websocket gateway support
* Fixed drive hotplugging issues with windows
* Fixed smartcard issues on mac
Fixed issues:
* #6900: Transparency issues with aFreeRDP
* #6848: Invalid format string in smartcard trace
* #6846: Fixed static builds
* #6888: Crash due to missing bounds checks
* #6882: Use default sound devoce on mac
For a complete and detailed change log since the last release run:
git log 2.3.1..2.3.2
# 2021-03-01 Version 2.3.1
Noteworthy changes:
* This is a compatibility bugfix release readding some (deprecated)
symbols/defines
* Also add some more EXPERIMENTAL warnings to CMake flags as some were not
clear enough.
* Fixed a memory leak in xfreerdp (mouse pointer updates)
* No longer activating some compile time debug options with -DWITH_DEBUG_ALL=ON
which might leak sensitive information.
* Added -DDEFINE_NO_DEPRECATED for developers to detect use of deprecated
symbols
For a complete and detailed change log since the last release run:
git log 2.3.0..2.3.1
# 2021-02-24 Version 2.3.0
Important notes:
* CMake option WITH_PROXY_MODULES is currently experimental, do not use in
production.
* The clipboard struct FILEDESCRIPTOR was replaced by FILEDESCRIPTORW with
proper data types. They are binary compatible and the former is kept for
compatibility but compilers will emit warnings.
Noteworthy changes:
* Websocket support for proxy connections
* Progressive codec improvements. Reduces graphical glitches against windows
and ogon servers
* Fixed +glyph-cache, now working properly without disconnects
* Huge file support in clipboard
* XWayland support for xfreerdp (keyboard grabbing)
* Improved wlfreerdp (wayland client)
* Option to allow keyboard scancodes to be remapped manually
* Improved mouse wheel behaviour when scrolling
* Improved dynamic channel behaviour, more stable event detection
* New connection state PubSub notification: Clients can now monitor current
connection state
Fixed issues:
* #6626: Fixed parsing of FastGlyph order.
* #6624: Added support for xwayland keyboard grab
* #6492: Added clipboard CB_HUGE_FILE_SUPPORT_ENABLED flag
* #6428: Improve NLA error code logging.
* #6416: Http gateway message support
* #6753: List of pull requests to backport for stable-next
For a complete and detailed change log since the last release run:
git log 2.2.0..2.3.0
# 2020-07-20 Version 2.2.0
Important notes:
* CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel
Noteworty changes:
* fix: memory leak in nsc
* urbdrc
* some fixes and improvements
* build
* use cmake to detect getlogin_r
* improve asan checks/detection
* server/proxy
* new: support for heartbeats
* new: support for rail handshake ex flags
* fix: possible race condition with redirects
Fixed issues:
* #6263 Sound & mic - filter GSM codec for microphone redirection
* #6335: windows client title length
* #6370 - "Alternate Secondary Drawing Order UNKNOWN"
* #6298 - remoteapp with dialog is disconnecting when it loses focus
* #6299 - v2.1.2: Can't connect to Windows7
For a complete and detailed change log since the last release run:
git log 2.1.2..2.2.0
# 2020-06-22 Version 2.1.2
Important notes:
* CVE-2020-4033 Out of bound read in RLEDECOMPRESS
* CVE-2020-4031 Use-After-Free in gdi_SelectObject
* CVE-2020-4032 Integer casting vulnerability in `update_recv_secondary_order`
* CVE-2020-4030 OOB read in `TrioParse`
* CVE-2020-11099 OOB Read in license_read_new_or_upgrade_license_packet
* CVE-2020-11098 Out-of-bound read in glyph_cache_put
* CVE-2020-11097 OOB read in ntlm_av_pair_get
* CVE-2020-11095 Global OOB read in update_recv_primary_order
* CVE-2020-11096 Global OOB read in update_read_cache_bitmap_v3_order
* Gateway RPC fixes for windows
* Fixed resource fee race resulting in double free in USB redirection
* Fixed wayland client crashes
* Fixed X11 client mouse mapping issues (X11 mapping on/off)
* Some proxy related improvements (capture module)
* Code cleanup (use getlogin_r, ...)
For a complete and detailed change log since the last release candidate run:
git log 2.1.1..2.1.2
# 2020-05-20 Version 2.1.1
Important notes:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
* Enforce synchronous legacy RDP encryption count (#6156)
* Fixed some leaks and crashes missed in 2.1.0
* Removed dynamic channel listener limits
* Lots of resource cleanup fixes (clang sanitizers)
* A couple of performance improvements
* Various small annoyances eliminated (typos, prefilled username for windows client, ...)
For a complete and detailed change log since the last release candidate run:
git log 2.1.0..2.1.1
# 2020-05-05 Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041,
CVE-2020-11019, CVE-2020-11017, CVE-2020-11018
* fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077)
Noteworthy features and improvements:
* Fixed sound issues (#6043)
* New expert command line options /tune and /tune-list to modify all client
settings in a generic way.
* Fixes for smartcard cache, this improves compatibility of smartcard devices
with newer smartcard channel.
* Shadow server can now be instructed to listen to multiple interfaces.
* Improved server certificate support (#6052)
* Various fixes for wayland client (fullscreen, mouse wheel, ...)
* Fixed large mouse pointer support, now mouse pointers > 96x96 pixel are visible.
* USB redirection command line improvements (filter options)
* Various translation improvements for android and ios clients
For a complete and detailed change log since the last release candidate run:
git log 2.0.0..2.1.0
# 2020-04-09 Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526
* fix multiple other security related issues (#6005, #6006, #6007, #6008, #6009, #6010, #6011, #6012, #6013)
* sha256 is now used instead of sha1 to fingerprint certificates. This will
invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a
new connection is established after the update
Noteworthy features and improvements:
* First version of the RDP proxy was added (#5372) - thanks to @kubistika
* Smartcard received some refactoring. Missing functions were added and input
validation was improved (#5884)
* A new option /cert that unifies all certificate related options (#5880)
The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still
available but marked as deprecated
* Support for Remote Assistance Protocol Version 2 [MS-RA]
* The DirectFB client was removed because it was unmaintained
* Unified initialization of OrderSupport
* Fix for licensing against Windows Server 2003
* Font smoothing is now enabled per default
* Flatpack support was added
* Smart scaling for Wayland using libcairo was added (#5215)
* Unified update->BeginPaint and update->EndPaint
* An image scaling API for software drawing was added
* Rail was updated to the latest spec version 28.0
* Support for H.264 in the shadow server is now detected at runtime
* Add mask=<value> option for /gfx and /gfx-h264 (#5771)
* Code reformatting (#5667)
* A new option /timeout was added to adjust the TCP ACK timeout (#5987)
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc4..2.0.0
# 2018-11-19 Version 2.0.0-rc4
FreeRDP 2.0.0-rc4 is the fifth release candidate for 2.0.0. Although it mainly
addresses security and stability there are some new features as well.
Noteworthy features and improvements:
* fix multiple reported CVEs (#5031)
* gateway: multiple fixes and improvements (#3600, #4787, #4902, #4964, #4947,
#4952, #4938)
* client/X11: support for rail (remote app) icons was added (#5012)
* licensing: the licensing code was re-worked. Per-device licenses
are now saved on the client and used on re-connect.
WARNING: this is a change in FreeRDP behavior regarding licensing. If the old
behavior is required, or no licenses should be saved use the
new command line option +old-license (#4979)
* improve order handling - only orders that were enabled
during capability exchange are accepted (#4926).
WARNING and NOTE: some servers do improperly send orders that weren't negotiated,
for such cases the new command line option /relax-order-checks was added to
disable the strict order checking. If connecting to xrdp the options
/relax-order-checks *and* +glyph-cache are required.
* /smartcard has now support for substring filters (#4840)
for details see https://github.com/FreeRDP/FreeRDP/wiki/smartcard-logon
* add support to set tls security level (for openssl >= 1.1.0)
- default level is set to 1
- the new command line option /tls-seclevel:[LEVEL] allows to set
a different level if required
* add new command line option /smartcard-logon to allow
smartcard login (currently only with RDP security) (#4842)
* new command line option: /window-position to allow positioning
the window on startup (#5018)
* client/X11: set window title before mapping (#5023)
* rdpsnd/audin (mostly server side) add support for audio re-sampling using soxr or ffmpeg
* client/Android: add Japanese translation (#4906)
* client/Android: add Korean translation (#5029)
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc3..2.0.0-rc4
# 2018-08-01 Version 2.0.0-rc3
FreeRDP 2.0.0-rc3 is the fourth release candidate for 2.0.0.
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc2..2.0.0-rc3
Noteworthy features and improvements:
* Updated and improved sound and microphone redirection format support (AAC)
* Improved reliability of reconnect and redirection support
* Fixed memory leaks with +async-update
* Improved connection error reporting
* Improved gateway support (various fixes for HTTP and RDG)
* SOCKS proxy support (all clients)
* More reliable resolution switching with /dynamic-resolution (MS-RDPEVOR) (xfreerdp)
Fixed github issues (excerpt):
* #1924, #4132, #4511 Fixed redirection
* #4165 AAC and MP3 codec support for sound and microphone redirection
* #4222 Gateway connections prefer IP to hostname
* #4550 Fixed issues with +async-update
* #4634 Comment support in known_hosts file
* #4684 /drive and +drives don't work togehter
* #4735 Automatically reconnect if connection timed out waiting for user interaction
See https://github.com/FreeRDP/FreeRDP/milestone/9 for a complete list.
# 2017-11-28 Version 2.0.0-rc2
FreeRDP 2.0.0-rc2 is the third release candidate for 2.0.0.
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc1..2.0.0-rc2
Noteworthy features and improvements:
* IMPORTANT: add support CredSSP v6 - this fixes KB4088776 see #4449, #4488
* basic support for the "Video Optimized Remoting Virtual Channel Extension" (MS-RDPEVOR) was added
* many smart card related fixes and cleanups #4312
* fix ccache support
* fix OpenSSL 1.1.0 detection on Windows
* fix IPv6 handling on Windows
* add support for memory and thread sanitizer
* support for dynamic resloution changes was added in xfreerdp #4313
* support for gateway access token (command line option /gat) was added
* initial support for travis-ci.org was added
* SSE optimization version of RGB to AVC444 frame split was added
* build: -msse2/-msse3 are not enabled globally anymore
Fixed github issues (excerpt):
* #4227 Convert settings->Password to binary blob
* #4231 freerdp-2.0.0_rc0: 5 tests failed out of 184 on ppc
* #4276 Big endian fixes
* #4291 xfreerdp “Segmentation fault” when connecting to freerdp-shadow-cli
* #4293 [X11] shadow server memory corruption with /monitors:2 #4293
* #4296 drive redirection - raise an error if the directory can't be founde
* #4306 Cannot connect to shadow server with NLA auth: SEC_E_OUT_OF_SEQUENCE
* #4447 Apple rpath namespace fixes
* #4457 Fix /size: /w: /h: with /monitors: (Fix custom sizes)
* #4527 pre-connection blob (pcb) support in .rdp files
* #4552 Fix Windows 10 cursors drawing as black
* smartcard related: #3521, #3431, #3474, #3488, #775, #1424
See https://github.com/FreeRDP/FreeRDP/milestone/8 for a complete list.
# 2017-11-28 Version 2.0.0-rc1
FreeRDP 2.0.0-rc1 is the second release candidate for 2.0.0.
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc0..master
Noteworthy features and improvements:
* support for FIPS mode was added (option +fipsmode)
* initial client side kerberos support (run cmake with WITH_GSSAPI)
* support for ssh-agent redirection (as rdp channel)
* the man page(s) and /help were updated an improved
* build: support for GNU/kFreeBSD
* add support for ICU for unicode conversion (-DWITH_ICU=ON)
* client add option to force password prompt before connection (/from-stdin[:force])
* add Samsung DeX support
* extend /size to allow width or height percentages (#4146)
* add support for "password is pin"
* clipboard is now enabled per default (use -clipboard to disable)
Fixed github issues (excerpt):
* #4281: Added option to prefer IPv6 over IPv4
* #3890: Point to OpenSSL doc for private CA
* #3378: support 31 static channels as described in the spec
* #1536: fix clipboard on mac
* #4253: Rfx decode tile width.
* #3267: fix parsing of drivestoredirect
* #4257: Proper error checks for /kbd argument
* #4249: Corruption due to recursive parser
* #4111: 15bpp color handling for brush.
* #3509: Added Ctrl+Alt+Enter description
* #3211: Return freerdp error from main.
* #3513: add better description for drive redirection
* #4199: ConvertFindDataAToW string length
* #4135: client/x11: fix colors on big endian
* #4089: fix h264 context leak when DeleteSurface
* #4117: possible segfault
* #4091: fix a regression with remote program
See https://github.com/FreeRDP/FreeRDP/milestone/7 for a complete list.
2012-02-07 Version 1.0.1
FreeRDP 1.0.1 is a maintenance release to address a certain number of
issues found in 1.0.0. This release also brings corrective measures
to certificate validation which were required for inclusion in Ubuntu.
* Certificate Validation
* Improved validation logic and robustness
* Added validation of certificate name against hostname
* Token-based Server Redirection
* Fixed redirection logic
* HAProxy load-balancer support
* xfreerdp-server
* better event handling
* capture performance improvements
* wfreerdp
* Fix RemoteFX support
* Fix mingw64 compilation
* libfreerdp-core:
* Fix severe TCP sending bug
* Added server-side Standard RDP security
2012-01-16 Version 1.0.0
License:
FreeRDP 1.0 is the first release of FreeRDP under the Apache License 2.0.
The FreeRDP 1.x series is a rewrite, meaning there is no continuity with
the previous FreeRDP 0.x series which were released under GPLv2.
New Features:
* RemoteFX
* Both encoder and decoder
* SSE2 and NEON optimization
* NSCodec
* RemoteApp
* Working, minor glitches
* Multimedia Redirection
* ffmpeg support
* Network Level Authentication (NLA)
* NTLMv2
* Certificate validation
* FIPS-compliant RDP security
* new build system (cmake)
* added official logo and icon
New Architecture:
* libfreerdp-core
* core protocol
* highly portable
* both client and server
* libfreerdp-cache
* caching operations
* libfreerdp-codec
* bitmap decompression
* codec encoding/decoding
* libfreerdp-kbd
* keyboard mapping
* libfreerdp-channels
* virtual channel management
* client and server side support
* libfreerdp-gdi
* extensively unit tested
* portable software GDI implementation
* libfreerdp-rail
* RemoteApp library
* libfreerdp-utils
* shared utility library
FreeRDP Clients:
* client/X11 (xfreerdp)
* official client
* RemoteApp support
* X11 GDI implementation
* client/DirectFB (dfreerdp)
* DirectFB support
* software-based GDI (libfreerdp-gdi)
* client/Windows (wfreerdp)
* Native Win32 support
FreeRDP Servers (experimental):
* server/X11 (xfreerdp-server)
* RemoteFX-only
* no authentication
* highly experimental
* keyboard and mouse input supported
Virtual Channels:
* cliprdr (Clipboard Redirection)
* rail (RemoteApp)
* drdynvc (Dynamic Virtual Channels)
* audin (Audio Input Redirection)
* alsa support
* pulse support
* tsmf (Multimedia Redirection)
* alsa support
* pulse support
* ffmpeg support
* rdpdr (Device Redirection)
* disk (Disk Redirection)
* parallel (Parallel Port Redirection)
* serial (Serial Port Redirection)
* printer (Printer Redirection)
* CUPS support
* smartcard (Smartcard Redirection)
* rdpsnd (Sound Redirection)
* alsa support
* pulse support