xrdp v0.10.0

[metalefty]

Release notes for xrdp v0.10.0 (2024/05/10)

This section notes changes since the v0.10 branch was created.

General announcements

The biggest news of this release is that Graphic Pipeline Extension also called GFX in short has been supported. xrdp v0.10 with GFX achieves more frame rates and less bandwidth compared to v0.9. There is a significant performance improvement especially if the client is Windows 11's mstsc.exe or Microsoft Remote Desktop for Mac. GFX H.264/AVC 444 mode and hardware-accelerated encoding are not supported in this version yet.

GFX implementation in xrdp is sponsored by an enterprise sponsor. @CyberTrust is also one of the sponsors. We very much appreciate the sponsorship. It helped us to accelerate xrdp development and land GFX earlier!

Please consider sponsoring or making a donation to the project if you like xrdp. We accept financial contributions via Open Collective. Direct donations to each developer via GitHub Sponsors are also welcomed.

Highlights

This section describes the most user-visible new or changed features in xrdp since v0.9.19. See Branch v0.10 for all changes relative to v0.9.19.

• Added GFX support with multi-monitor support (including monitor hot plug/unplug) (Merge rfxcodec staging changes for GFX #2256 Adding egfx base functions. #2338 Add planar compression #2595 Initial rfx progressive integration #2879 Gfx mainline merge work #2891 GFX: sort versions, flags to return the highest version we support in… #2911 Resize state machine: A fix and a question #2929 Gfx mainline merge multimon1 #2933)
• Touchpad inertial scrolling (Enable touchpad inertial scrolling #2364, Regain scrolling when using VNC backend #2424). Thanks to new contributor @seflerZ
• New look of login screen (Redesign the login screen #2366)
• Scaled login screen on higher DPI monitors (Scaled login screen #2341, Fix freetype2 version checking #2427, Fix memory leak in font handler #2435)
  • This feature works automatically when monitor DPI information is sent by the client (i.e. a full-screen session)
  • Native platform tools are now provided to manipulate .fv1 format font files.
• The format of the date and time in the log file has been changed to ISO 8601 with milliseconds (log: change date format to ISO8601-like #2386 log: fix syslog glitch after #2386 #2541)
• xrdp-sesman now supports a --reload switch to allow for the configuration to be changed when sessions are active (Support and document SIGHUP for xrdp-sesman #2416)

Security fixes

None

New features

• If the client announces support for the Image RemoteFX codec it is logged (back-port of Just log Image RemoteFX codec #2946)

Bug fixes

• Fix some monitor hotplug issues ([v0.10] Fixes some problems with monitor hotplug #2951)
• GFX: Fix disconnect on resize of busy windows (GFX: Fix disconnect on resize of busy windows #2962 [v0.10] cherry picks #2957)
• Fall back to IPv4 if IPv6 capable but don't have an IPv6 address set (Fall back to IPv4 if IPv6 capable but don't have an IPv6 address set #2967 [v0.10] cherry picks #2957)
• Remove tcutils channel from xrdp.ini (Remove tcutils channel from xrdp.ini #2970 [v0.10] cherry picks #2957)
• Don't generate a corefile when generating SIGSEGV during unit testing (Don't generate a corefile when generating SIGSEGV #2987)
• If the drdynvc static channel isn't available, disable GFX gracefully ([V0.10] detect missing drdynvc #3003)
• A buffer misconfiguration which affects performance on high bandwidth, high latency links has been addressed (cherry-pick of Improve performance on long fat networks (LFNs) #2910)
• A permissions fix for the socketdir update in Update sockdir security #2731 has been issued (cherry-pick of Fix permissions on user socket directory #3011)

Internal changes

• Adjust log level not too verbose (GFX: Relegate some logs to LOG_LEVEL_DEBUG #2954 Suppress some logs when no errors #2972 [v0.10] cherry picks #2957)
• Migrate GitHub actions to Node 20 (Migrate github actions to Node 20 #2955 [v0.10] cherry picks #2957)
• Bump copyright year and make easier to bump (Bump copyright year and make easier to bump #2956 [v0.10] cherry picks #2957)
• Remove duplicate DEBUG output (Remove duplicate DEBUG output #2976 [v0.10] cherry picks #2977)
• Add script to make release tarball ([v0.10] Add script to make release tarball #2983)
• Syscall filter for xrdp updated (cherry-pick of Cherry picks to v0 10 #3017)
• GFX memory usage for large screens is greatly improved (cherry-pick of gfx send multiple wire to surface messages when compressed data is la… #3013)
• librfxcodec SSE2 performance improvements ([V0.10] Merge updates from librfxcodec #3032)

Known issues

• On-the-fly resolution change with the Microsoft Store version of Remote Desktop client sometimes crashes on connect (Microsoft Remote Desktop sometimes crashes on connect  #1869)
• xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (Login dialog should be redrawn at the center of new resolution after on-the-fly resizing happened #1867)

Changes for users

• If moving from v0.9.x, read the 'User changes' for the v0.10 branch below.

Changes for packagers or developers

• If moving from v0.9.x, read the 'User changes' and 'Significant changes for packagers or developers section' sections for the v0.10 branch below.

---

Branch v0.10

This branch was forked from development on 2024-02-08 in preparation for testing and release of v0.10.1.

The changes in this section are relative to version v0.9.19 of xrdp.

User changes

• The x11rdp X server is no longer supported. Users will need to move to xorgxrdp (Remove support for x11rdp #2489)

• Running xrdp and xrdp-sesman on separate hosts is no longer supported.

• There are some changes to xrdp.ini and sesman.ini which break backwards compatibility. In particular:-

  • sesman.ini/Globals/ListenAddress is not longer used. A warning message is generated if this is found in the configuration, but the configuration will continue to work.
  • sesman.ini/Globals/ListenPort is now a path to a socket, or an unqualified socket in a default directory. If the old default value 3350 is found, a warning is generated and a default value is used instead. The configuration will continue to work.
  • The ip and pamsessionmng parameters are no longer required in sections in xrdp.ini to locate the sesman port. Unnecessary usages of this parameter now generate warnings. The configuration will continue to work.
  • The 'C' field for the session allocation policy has been replaced with Policy=Separate. This field is has a very specific specialist purpose, and will not be used by the vast majority of users. The renaming makes it much clearer what is happening (Refactor ip address handling #2251 Session allocation policy - Connection setting not useful? #2239). Any uses of the 'C' field will generate warnings, and the configuration will require updating

• The format of the date and time in the log file has been changed to ISO 8601 with milliseconds (log: change date format to ISO8601-like #2386 log: fix syslog glitch after #2386 #2541)

  Users are urged to heed any generated configuration warnings and update their configurations. Later major versions of xrdp may remove these warnings, or introduce other behaviours for the affected parameters.

Security fixes

This branch provides following important security fixes reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches for them.

• CVE-2022-23468
• CVE-2022-23477
• CVE-2022-23478
• CVE-2022-23479
• CVE-2022-23480
• CVE-2022-23481
• CVE-2022-23483
• CVE-2022-23482
• CVE-2022-23484
• CVE-2022-23493

The following issue was reported by @gafusss

• CVE-2023-40184

Other security fixes:-

• CVE-2023-42822: Unchecked access to font glyph info

New features

• Added GFX support with multi-monitor support (including monitor hot plug/unplug) (Merge rfxcodec staging changes for GFX #2256 Adding egfx base functions. #2338 Add planar compression #2595 Initial rfx progressive integration #2879 Gfx mainline merge work #2891 GFX: sort versions, flags to return the highest version we support in… #2911 Resize state machine: A fix and a question #2929 Gfx mainline merge multimon1 #2933)
• Add Ulalaca that enables remote access to macOS's native screen (developed by team unstablers)
  • Ulalaca is still heavy in development, not suitable for production use yet
  • sessionbroker and sessionprojector are also required, see also README
• Scaled login screen on higher DPI monitors (Scaled login screen #2341, Fix freetype2 version checking #2427, Fix memory leak in font handler #2435)
  • This feature works automatically when monitor DPI information is sent by the client (i.e. a full-screen session)
  • Native platform tools are now provided to manipulate .fv1 format font files.
• Touchpad inertial scrolling (Enable touchpad inertial scrolling #2364, Regain scrolling when using VNC backend #2424). Thanks to new contributor @seflerZ
• New look of login screen (Redesign the login screen #2366)
• Record codec GUID to identify unknown codc (Record codec GUID to identify unknown codec #2401)
• OpenSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (Update pamdir_suse to accommodate with TW pam.d move #2413)
• xrdp-sesman now supports a --reload switch to allow for the configuration to be changed when sessions are active (Support and document SIGHUP for xrdp-sesman #2416)
• VNC backend session now supports extra mouse buttons 6, 7 and 8 (vnc: add mouse button 6,7,8 support  #2426)
• LogFile=<stdout> redirects log to stdout, which is useful for debugging (LogFile=<stdout> redirects log to stdout, which is useful for debugging #2407)
• xrdp-sesrun and xrdp-sesadmin can now authenticate automatically as the logged-in user without a password (Implement uds authentication #2472)
• Empty passwords are no longer automatically passed though to sesman for authentication (Disable autologon for empty passwords #2487)
• BSD setusercontext() is now supported (xrdp doesn't initiase user login correctly on *BSD. #2225, Bsd setusercontext #2473)
• The FUSE mount path can now be qualified with the display name or display string (Chansrv fuse display variable #2528)
• Debian: use startup command from /usr/share/xsession if DISPLAY_SESSION is set (use startup command from /usr/share/xsession if DISPLAY_SESSION is set #2522)
• The directory where PAM configuration files is installed can now be set with --with-pamconfdir (Make pam.d directory configurable #2552 improve "#2522 use startup command from /usr/share/xsession ..." #2557)
• Some classes of 'blue screen' failures have been addressed:-
  • X server failures are now reported as a separate error from window manager (Restructure session start #2592)
  • sesman failures are reported immediately (Fail xrdp immediately on sesman connection failure #2640)
• Allow longer UserWindowManager strings (Allow longer UserWindowManager strings #2651)
• Some changes have been made to made it easier to implement AppArmor support in the future (Hardening xrdp with AppArmor #2265):-
  • g_file_open() has been replaced with g_file_open_ro() and g_file_open_rw() calls
  • the starting of the X server with no-new-privileges can now be disabled by the administrator
• On systemd-based systems, system call filtering is used to restrict the system calls that the xrdp process can make (Add syscall filtering to xrdp systemd unit #2697 Log xrdp termination signals #2719)
• GNOME and KDE keyrings should now be supported out-of-the-box on Debian and Arch (Gnome keyring was not unlocked #2776)
• Implement vsock support for FreeBSD Implement vsock support for FreeBSD #2798
• Side buttons on some mice are now supported by NeutrinoRDP (Neutrinordp sidebutton click #2864). Thanks to new contributor @naruhito for this patch.
• Support for the Elbrus E2K architecture (common/arch.h: added e2k arch definition #2872). Thanks to new contributor @r-a-sattarov for this patch.
• Just log Image RemoteFX codec (Just log Image RemoteFX codec #2946)

Bug fixes

• A missing directive to link libxrdpapi with libcommon has been added (Explicitly link libxrdpapi with libcommon #2185)
• Some sesman config warning messages could be lost. This has now been fixed (Open log in sesman before reading config #2198)
• Moving sesman to a Unix domain socket fixes a number of issues related to firewalls and Ipv4/v6 connectivity issues (xrdp - vnc connection does not work in pure IPv4 scenario #1596 xrdp process seems to be using wrong IP stack for connection to sesman #1805 xrdp_wm_log_msg: Error connecting to sesman: 127.0.0.1 port: 3350 #1855)
• Secondary groups are now added correctly on Linux from /etc/security/group.conf (XRDP does not initialise user groups properly upon login (Ubuntu 18.04) #1978).
• The --disable-static switch for configure now works (build fails when configured --disable-static #1467 Allow xrdp to be built with --disable-static #2257)
• Windows RDS compatibility has been improved, so some old clients (e.g. Wyse Sx0) can now be used again with xrdp in non-TLS mode (Cannot connect from Wyse Thin clients #2166)
• PAM_RHOST is now set for the PAM stack (Refactor ip address handling #2251, Pass remote ip address to PAM #392)
• A minor spacing issue in a sesman log message has been fixed (sesman: fix spacing in log #2282)
• MSTSC crashes when resolution is changed by maximizing on a different monitor (Fixes MSTSC resize issue/crash #2291 Block resize if already this size. #2300)
• Fix swapped require_credentials/enable_token_login config options in xrdp.ini manpage (xrdp.ini.5.in: Fix mixed up config options #2391)
• Passwords are no longer left on the heap in sesman (Password Leakage #1599 Remove unnecesssary data from struct auth_info #2438)
• Set permissions on pcsc socket dir to owner only (pcsc ipc dir socket directory permissions #2454 Set permissions on pcsc socket dir to owner only #2459)
• The Kerberos authentication module has been reworked and tested (Fix the kerberos module #2453)
• Minor documentation fixes (Tiny fix in pseudocode description of startwm.sh #2481 sesman: fix help message alignment #2581)
• The correct message is now generated when the session limit is reached (confusing message when max sessions exceeded #642)
• sesman now returns better information to xrdp when session creation fails (sesman should return auth result/reason to xrdp #909, Improve error reporting on authentication/authorization failure #1921)
• MaxLoginRetry limit for sesman now works (MaxLoginRetry for xrdp-sesman effectively broken #1739)
• On systems where the same user can have multiple names, the correct session is now reconnected (Session for winbind users is not always reconnect #1823)
• On FreeBSD, the correct peer is now logged for xorgxrdp connections (os_calls.c: g_sck_get_peer_cred() needs to be patched for FreeBSD #146)
• In some situations, xrdp sessions can be bootstrapped on system startup (Bootstrap xrdp on startup for future connections #1303)
• Don't try to listen on the scard socket if it isn't there (Don't try to listen on the scard socket if it isn't there #2504)
• Fix some noise of MP3/AAC audio redirection and add some parameters to tweak sounds (sound: fix noise between two playbacks for mp3/aac #2519 Support to set parameters for #2519 #2608)
• Memory management fixes to list module (Add memory allocation checking to the list module #2536 Fix regression in list module #2575)
• Session is not now started until X server is fully active (Add xrdp-waitforx to wait for X to start with RandR outputs #2492)
• Fix potential NULL dereferences in chansrv (charsrv: Fix potential null dereference #2573)
• An erroneous free in the smartcard handling code has been removed (chansrv: don't free item on stack #2607)
• An unnecessary 'check.h' include was removed which prevented compilation on Arch systems (remove unnecessary include check.h #2649)
• No user session created with xrdp and pam_systemd_home account module (No user session created with xrdp and pam_systemd_home account module #1684)
• Homedir gets not correctly created at first login (Homedir gets not correctly created at first login #350)
• pam_setcred never returns xrdp-sesman is hung (pam_setcred never returns xrdp-sesman is hung #1323)
• chansrv should no longer hang occasionally in developer builds on session exit (Debug builds can cause xrdp-chansrv to hang on exit on a futex. #2145)
• Environment variables set by PAM modules are no longer restricted to around 250 characters (Remove size limit for PAM environment variables #2711)
• Checking group membership should now work better on systems using directory services (Parameter TerminalServerUsers in sesman.ini does not work in combination with winbind AD integration #2806 Improve tsusers/tsadmins group support #2815)
• Pasting more than 32K characters of text to the clipboard now succeeds (Large clipboard pastes fail #1839 Remove client-server shortcut paste code #2810)
• An incompatibility with FreeRDP 2.11.2 in the drive redirector has been fixed (wrong message order in [MS-RDPEFS] setup #2834 Fix message ordering in devredir #2838)
• Unicode bugs have been fixed (Clipboard question #942 Clipboard can't handle emojis pasted from Windows #2603)

Internal changes

• SCP (Sesman Control Protocol) has been refactored from separate V0 and V1 protocols to a simplified V2 protocol running on top of a new library 'libipm' (Replace SCP V0 and V1 with new IPC mechanism #2163).
• libipm provides a way to pass file descriptors between processes (Add file descriptor passing support for libipm #2494)
• SCP connections are now only supported on top of Unix Domain Sockets (Move to Unix Domain Socket for SCP (sesman) #2207 (UDS) Don't ask user to remove IP setting for VNC connection #2235 Remove TCP socket support from chansrv #2247)
• Monitor processing logic, which was in two places, has now been unified (Unify monitor processing logic. #1895 Update handling of scale factor #2301)
• Simplifications to transport connect logic (Rework transport connect logic #2204)
• The fields in struct trans and struct xrdp_client_info used for storing client addressing information have been simplified (Refactor ip address handling #2251)
• A couple of string utility functions have been added to parse character strings like the one used for the session allocation policy (Refactor ip address handling #2251)
• cppcheck version used for CI bumped to 2.13.0 (Bump cppcheck version to 2.10 #2520 Bump cppcheck to v2.11 #2737 updated Cppcheck to 2.12.1 / provide more includes to Cppcheck #2785 Bump cppchck to v2.13.0 #2886). Note that updated Cppcheck to 2.12.1 / provide more includes to Cppcheck #2785 greatly increases cppcheck scan times.
• cppcheck install script no longer installs z3 for cppcheck >= 2.8 (Cppcheck 2.8 removed the dependency on z3 #2782)
• The physical desktop size information sent from the client is now recorded in more situations (Parse more physical monitor size information #2310)
• Simple maintenance improvements (Simple maintenance improvements #2354)
• An opaque type is now used for the auth_info handle used by the sesman auth module (Replace various types used for auth_info #2362)
• CI updates to cope with github upgrades (Update github actions to address warnings #2394)
• GUIDs created for new sessions are now compliant with RFC4122 random UUIDs (guid_new() returns GUIDs compatible with RFC4122 #2420)
• Some 'magic numbers' have been replaced with constants (Constify some magic numbers #2421)
• FreeBSD CI now runs a 'make check' (Add 'make check' to FreeBSD CI #2490)
• FreeBSD CI now runs on FreeBSD 13.2 (Bump FreeBSD image to 12.4 #2621 Bump CI version of FreeBSD to 13.2 #2896)
• Some logging improvements on audio redirection (sound: logging improvements #2537)
• Extra executables : waitforx (Add xrdp-waitforx to wait for X to start with RandR outputs #2492 Add AM_CPPFLAGS to makefile.am for waitforx #2591 waitforx logging improvements #2586) xrdp-sesexec (Split sesman into sesman and sesexec #2644)
• The poll() system call now replaces select() for monitoring file descriptors (Use poll() instead of select() #2497 Poll regression #2568)
• sigaction() now replaces signal() for increased portability (Remove dependency on signal() function #2813)
• Other portability changes (Improve portability #2909)
• Some extra convenience functions were added for handling lists of strings (List string support #2576)
• g_malloc, g_free, g_memset, g_memcpy, and g_memmove are now macros. These should not be used in new code (common: change g_malloc, g_free, g_memset, g_memcpy, and g_memmove to… #2609)
• config_ac.h is now used consistently (Use config_ac.h consistently and correctly #2667)
• as mentioned above, g_file_open() has been replaced with g_file_open_ro() and g_file_open_rw() calls
• The separate fifo packages in the common directory and chansrv have now been merged (Re-work FIFO code #2686)
• Unicode conversions are now provided by explicit functions rather than relying on C library mbstowcs()/wcstombs() functions (Improve Unicode support #2794)
• Some test timeouts have been increased for slow CI machines (Increase back-stop timeouts for some tests #2901)
• g_obj_wait() can now take a zero timeout (Allow a zero timeout for g_obj_wait() #2904)
• POSIX shared memory is now used to communicate with xorgxrdp rather than System-V shared memory (move to posix shm #2709 posix shm, can not unmap shmem_ptr until encoder is done with it #2786 More integration work from mainline_merge_shm #2889)

Significant changes for packagers or developers

• The libscp.so shared library is replaced with libipm.so
• A new shared library libsesman.so contains shared code for sesman and related executables (Add sesmanlib #2601)
• The default setting for --with-socketdir is now /var/run/xrdp rather than /tmp/.xrdp. The new setting works for installations where /tmp is polyinstantiated ( see xrdp fails with black screen if pam_namespace is enabled #1482 for more details)
• The permissions of the socketdir have changed from 1777 to 755 (owned by root). Within this directory are the sesman socket and user-specific directories. The user-specific directories store the session sockets used by each user (Update sockdir security #2731).
  It is recommended not to use the same --with-socketdir setting for v0.9.x and v0.10.x packages as the differing permissions can cause problems on package downgrades. See xrdp socketdir packaging cleanup #3066 for an example of where this can be a problem.
• Passing --disable-static to configure prevents unused static libraries being installed by make install.
• The simple.c example xrdpapi program has been updated to work with logging changes, and is now built as part of the CI (Update xrdpapi simple example to work with new logging #2276)
• If the xrdp-mkfv1 utility is to be built, the switch --with-freetype2 must be passed to ./configure.
• Minimum supported autoconf version is now 2.69 (Bump autoconf ver #2408)
• Add xrdp-sesman.system to distributed files (File instfiles/pam.d/xrdp-sesman.system not in release archive #2466 Add xrdp-sesman.system to distributed files #2467)
• A developer-only utility to exercise the auth module selected at configure time has been provided (Fix the kerberos module #2453)
• Extra executables have been added to this release in pkglibexecdir
• The default systemd unit files have been changed to no longer fork (Simplify interaction with systemd #2672)

---

This discussion was created from the release xrdp v0.10.0.

[purush2k3]

Hello Team.. we are using actively using xrdp package and awaiting for security patches. Looks like you are planning remediate some vulnerabilities in upcoming release. Can you please share the release plan for v0.10.1?

Are you planning to fix CVE-2022-23613 as well in this release?

Appreciate your help on this!

[metalefty]

Are you planning to fix CVE-2022-23613 as well in this release?

No. Have you seen the details about the CVE?

• https://nvd.nist.gov/vuln/detail/CVE-2022-23613

v0.10.0 is not vulnerable to CVE-2022-23613. So there's nothing that we can fix.