NEWS - neutrinolabs/xrdp GitHub Wiki

Release notes for xrdp v??.??.?? (2024/??/??)

This version of xrdp is based on the start of the v0.10 branch, documented here:-

https://github.com/neutrinolabs/xrdp/wiki/NEWS-v0.10#branch-v010

General announcements

The suffixes of the keyboard mapping files in /etc/xrdp have changed from .ini to .toml. The files are now TOML-compatible. They contain updated mappings which should be easier to read and debug. Users with custom mapping files will need to use the xrdp-genkeymap utility to generate new files. This changed was introduced in #3039.

Security fixes

Unauthenticated RDP security scan finding / partial auth bypass (no CVE). Thanks to @txtdawg for reporting this.

New features

If the client announces support for the RemoteFX codec it is logged (#2946)
utmp support (if required on your system) can now be compiled in with --enable-utmp (#2745). wtmp and lastlog support are available via PAM on Linux systems.
Unicode character input via ibus is now supported (#3058 #3090) - thanks to @seflerZ for contributing this feature.
Media keys in VNC sessions are now supported (#3022) - thanks to @sasha0552 for contributing this feature.
Keyboard mapping files now map RDP scancodes directly to KeySyms and characters (#3039). Previously X11 base keycodes were used in this file. Removing the dependency on X11 base means we can use evdev keycodes on suitable systems (currently Linux and FreeBSD), and also fixes keyboard mapping problems where the system generating the keymap(s) used a different keycode set than the runtime platform.
GFX-RFX lossy compression levels are now selectable depending on connection type on the client (#2973)
The scancode to keycode mapping logic is now entirely located within xrdp, allowing 'evdev' or 'base' X11 keycode mappings to be used as required (#3138)
(librfxcodec) Add neon acceleration support for progressive encoding (neutrinolabs/rfxcodec#68)
(librfxcodec) Removed some unnecessary shift operations (neutrinolabs/rfxcodec#69)
A new config file gfx.toml has been introduced to configure detailed parameters for GFX (#3214)
FUSE operations can now use direct I/O to bypass the block cache (#3255)

Bug fixes

Fix some monitor hotplug issues (#2942)
GFX: Fix disconnect on resize of busy windows (#2962)
Fall back to IPv4 if IPv6 capable but don't have an IPv6 address set (#2967)
Don't generate a corefile when generating SIGSEGV during unit testing (#2999)
If the drdynvc static channel isn't available, disable GFX gracefully (#2990)
A buffer misconfiguration which affects performance on high bandwidth, high latency links has been addressed (#2910)
A permissions fix for the socketdir update in #2731 has been issued (#3011)
A regression in the code for creating the chansrv FUSE directory has been fixed (#3067)
Fix a systemd dependency ("network-online.target") #3086
A problem in session list processing which could result in incorrect display assignments has been fixed (#3103)
A problem in GFX resizing which could lead to a SEGV in xrdp has been fixed (#3107)
A problem with the US Dvorak keyboard layout has been resolved (#3081 #3112)
Fix a regression when the server tries to negotiate GFX when max_bpp is not high enough (#3118 #3121)
Fix a GFX multi-monitor screen placing issue on minimise/maximize (#3075 #3111)
Fix an issue some files are not included properly in release tarball (#3149 #3151)
Using 'I' in the session selection policy now works correctly (#3167 #3170)
A potential name buffer overflow in the redirector has been fixed [no security implications] (#3172)
An unnecessary licensing exchange during connection setup has been removed. This was causing problems for FIPS-compliant clients (#3132 #3143)
Redirector improvements. Removed some unnecessary limitations on filename lengths, and improved compatibility with FreeRDP (#3165 #3173). Special thanks to @tsz8899 for raising this and working with the team.
Various bugs associated with not using evdev keycode mappings are fixed (#355, #621)
Fix misreported cache size (#3209)
Clarified Policy setting in sesman.ini (#3234)
Fixed a regression in support for non-resizeable VNC sessions (#3239)

Internal changes

Remove tcutils channel from xrdp.ini which was already removed in #1943 (#2970)
Adjust some log levels that are too verbose (#2954)
Remove duplicate DEBUG output (#2976)
GFX memory usage for large screens is greatly improved (cherry-pick of #3013)
librfxcodec SSE2 performance improvements (#3031)
Compiler option -Wmissing-prototypes is now enabled for gcc and clang (#2829)
FreeBSD CI bumped to 13.3 (#3104)
CI version updates : cppcheck to v2.15.0 and astyle to 3.4.14 (#3037)
(librfxcodec) Remove use of __m128i_u (neutrinolabs/rfxcodec#69)
Add coverrity scan (#3059)

Known issues

On-the-fly resolution change with the Microsoft Store version of Remote Desktop client sometimes crashes on connect (#1869)
xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
If using lastlog support via pam_lastlog, be aware that reconnections do not update the lastlog file, as these connections do not result in new sessions being opened.

Changes for packagers or developers

If moving from v0.9.x, read the 'Significant changes for packagers or developers section' for the v0.10 branch.
On Linux, compile with --enable-utmp for utmp support. If wtmp and lastlog support are required, check /etc/pam.d/xrdp-sesman is configured appropriately when packaging.
The libxkbfile-dev package (or equivalent) is now required to build xrdp (see #3039)
The product now contains support for running the xrdp process as an unprivileged user (#2974). See also https://github.com/neutrinolabs/ xrdp/wiki/Running-the-xrdp-process-as-non-root
xrdp.ini and sesman.ini are now dynamically substituted during the build process (it was not working as intended before) (#3187 #3189)