Rdesktop Versions Save

It's been several years since a last major release of rdesktop, but now it's finally time. This means there has been lots and lots of changes, too many to reasonably list here. But these are the main changes included in this release:

• Use GnuTLS and nettle instead of OpenSSL
• Improved certificate handling
• Add support for dynamic resize of sessions
• Add support for alpha cursors
• Add PulseAudio support
• Add Kerberos support on macOS
• Kerberos support no longer requires libgssglue
• Remove support for rdesktop's custom microphone extension
• Several fixes to improve compatibility with modern desktops
• macOS compatibility fixes
• Improved handling of redirections
• Many smart card bug fixes
• Many disk redirection bug fixes
• Improved logging
• Lots of other small bug fixes

It's been several years since a last major release of rdesktop, but now it's finally time. This means there has been lots and lots of changes, too many to reasonably list here. But these are the main changes included in this release:

• Use GnuTLS and nettle instead of OpenSSL
• Improved certificate handling
• Add support for dynamic resize of sessions
• Add support for alpha cursors
• Add PulseAudio support
• Add Kerberos support on macOS
• Kerberos support no longer requires libgssglue
• Remove support for rdesktop's custom microphone extension
• Several fixes to improve compatibility with modern desktops
• macOS compatibility fixes
• Improved handling of redirections
• Many smart card bug fixes
• Many disk redirection bug fixes
• Improved logging
• Lots of other small bug fixes

This is a small bug fix release for rdesktop 1.8.5. An issue was discovered soon after release where it was impossible to connect to some servers. This issue has now been fixed, but otherwise this release is identical to 1.8.5.

This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling. rdesktop will now detect any attempts to access invalid areas and refuse to continue. Users are adviced to upgrade as soon as possible.

A big thank you to Kaspersky Lab and National Cyber Security Centre for identifying these issues.

• Add rdp_protocol_error function that is used in several fixes
• Refactor of process_bitmap_updates
• Fix possible integer overflow in s_check_rem() on 32bit arch
• Fix memory corruption in process_bitmap_data - CVE-2018-8794
• Fix remote code execution in process_bitmap_data - CVE-2018-8795
• Fix remote code execution in process_plane - CVE-2018-8797
• Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
• Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
• Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
• Fix Denial of Service in sec_recv - CVE-2018-20176
• Fix minor information leak in rdpdr_process - CVE-2018-8791
• Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
• Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
• Fix Denial of Service in process_bitmap_data - CVE-2018-8796
• Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
• Fix Denial of Service in process_secondary_order - CVE-2018-8799
• Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
• Fix major information leak in ui_clip_handle_data - CVE-2018-20174
• Fix memory corruption in rdp_in_unistr - CVE-2018-20177
• Fix Denial of Service in process_demand_active - CVE-2018-20178
• Fix remote code execution in lspci_process - CVE-2018-20179
• Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
• Fix remote code execution in seamless_process - CVE-2018-20181
• Fix remote code execution in seamless_process_line - CVE-2018-20182
• Fix building against OpenSSL 1.1

• Fix for crash with recent versions of X.Org
• Fix for potential vulnerability against compromised/malicious servers (reported by iDefense)
• Fix for Windows 2008 Server
• ALSA driver added
• Sound drivers can now be selected at runtime
• Smartcard support (Alexi Volkov [email protected])
• Send physical mouse buttons rather than logical ones

• Security: Directory traversal vulnerability with disk redirection (disallow /.. requests)
• New maintainer: Peter Åstrand [email protected]
• Brush cache support
• Removed the hardcoded limit of the username length
• Increased domain name length to 255 chars
• Improved compatibility with PulseAudio/padsp
• Cleaned up and documented the return values
• Keyboard fix: avoid stuck keys in certain cases
• Support for new pointers
• License has been changed to GPLv3
• EWMH fixes for 64-bit machines
• RandR support: automatically resize session if using relative screen size
• Improved support for Windows 2008 Session Broker
• Japanese keyboard map has been improved
• New keyboard map: fr-bepo
• Many stability fixes regarding smart card redirection
• Windows 2008 R2 / 7: Fix sound playback when not using other redirections
• Windows 2008 R2 / 7: Solve disk redirection read-only issues
• Windows 2008 R2 / 7: Solve issue with recursive deletion
• Avoid exit when printing, if lpr command terminates early

• Fix clipboard issue when not building with unicode support
• Fix compilation against newer PCSC lite versions
• Fix for per-device license mode on Windows 2008 R2 terminal server
• Fix building 64bit version with static openssl linkage
• Rewrite of smartcard handling for 64bit support, fixes several bugs
• Improved license handling using XDG directories

• Support for protocol negotiation eg. SSL/TLSv1 and CredSSP
• Support for CredSSP + Kerberos authentication (NLA)
• Support for smart card single-sign-on
• Support passing smart card pin as password as argument
• Added IPC for controlling a master rdesktop process
• Support for connection sharing when using SeamlessRDP
• Improved handling of network connection failures
• Autoreconnect using the connection cookie at network failure
• Fix a few smart card issues
• Fix bug with mouse scroll handling
• Fix for left/right braces in Italian keymap
• Fix crash and memory leak in local drive redirection
• Fixes issues with license files loading/saving

• Fix a typo in configure.ac
• Fix a bug which made rdesktop steal CPU cycles.
• Fix issue with reconnect, make use of deactivate variable
• Added 4 new disconnect reasons with exit codes
• Fix issues of window handling in SeamlessRDP parts of rdesktop
• Fix a backward compability with OpenSSL < 0.9.9
• Fix a bug when code needs a x window available but there are none.
• Fix a sigsegv zeroing memory
• Fix a 64bit portability issue