This package contains the following plugins for the proxy server:
* bitmap-filter
* capture
* demo
* dyn-channel-dump
Provides
Requires
License
Apache-2.0
Changelog
* Fri Jan 23 2026 Yifan Jiang <yfjiang@suse.com>
- Update to version 3.21.0:
+ Bugfix release with a few new API functions addressing shortcomings with
regard to input data validation.
Thanks to @ehdgks0627 we have fixed the following additional (medium)
client side vulnerabilities:
* CVE-2026-23530
* CVE-2026-23531
* CVE-2026-23532
* CVE-2026-23533
* CVE-2026-23534
* CVE-2026-23732
* CVE-2026-23883
* CVE-2026-23884
- Changes from version 3.20.2
* [client,sdl] fix monitor resolution (#12142)
* [codec,progressive] fix progressive_rfx_upgrade_block (#12143)
* Krb cache fix (#12145)
* Rdpdr improved checks (#12141)
* Codec advanced length checks (#12146)
* Glyph fix length checks (#12151)
* Wlog printf format string checks (#12150)
* [warnings,format] fix format string warnings (#12152)
* Double free fixes (#12153)
* [clang-tidy] clean up code warnings (#12154)
* Fri Jan 16 2026 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.20.2:
+ Patch release fixing a regression with gateway connections
introduced with 3.20.1
[#]# What's Changed
* Warnings and missing enumeration types (#12137)
- Changes from version 3.20.1:
+ New years cleanup release. Fixes some issues reported and does
a cleaning sweep to bring down warnings.
Thanks to @ehdgks0627 doing some code review/testing we've
uncovered the following (medium) vulnerabilities:
* CVE-2026-22851
* CVE-2026-22852
* CVE-2026-22853
* CVE-2026-22854
* CVE-2026-22855
* CVE-2026-22856
* CVE-2026-22857
* CVE-2026-22858
* CVE-2026-22859
+ These affect FreeRDP based clients only, with the exception of
CVE-2026-22858 also affecting FreeRDP proxy. FreeRDP based
servers are not affected.
* Tue Dec 30 2025 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.20.0:
* Mingw fixes (#12070)
* [crypto,certificate_data] add some hostname sanitation
* [client,common]: Fix loading of rdpsnd channel
* [client,sdl] set touch and pen hints
- Changes from version 3.19.1:
* [core,transport] improve SSL error logging
* [utils,helpers] fix freerdp_settings_get_legacy_config_path
* From stdin and sdl-creds improve
* [crypto,certificate] sanitize hostnames
* [channels,drdynvc] propagate error in dynamic channel
* [CMake] make Mbed-TLS and LibreSSL experimental
* Json fix
* rdpecam: send sample only if it's available
* [channels,rdpecam] allow MJPEG frame skip and direct passthrough
* [winpr,utils] explicit NULL checks in jansson WINPR_JSON_ParseWithLength
* [packaging,flatpak] remove xprop
- Changes from version 3.19.0:
* [client,common] fix retry counter
* [cmake] fix aarch64 neon detection
* Fix response body existence check when using RDP Gateway
* fix line clipping issue
* Clip coord fix
* [core,input] Add debug log to keyboard state sync
* Update command line usage for gateway option
* [codec,ffmpeg] 8.0 dropped AV_PROFILE_AAC_MAIN
* [channels,audin] fix pulse memory leak
* [channels,drive] Small performance improvements in drive channel
* [winpr,utils] fix command line error logging
* [common,test] Adjust AVC and H264 expectations
* drdynvc: implement compressed packet
* [channels,rdpecam] improve log messages
* Fix remote credential guard channel loading
* Fix inverted ifdef
* [core,nego] disable all enabled modes except the one requested
* rdpear: handle basic NTLM commands and fix server-side
* [smartcardlogon] Fix off-by-one error in `smartcard_hw_enumerateCerts`
* rdpecam: fix camera sample grabbing
* Thu Nov 20 2025 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.18.0:
+ Fix a regression reading passwords from stdin
+ Fix a timer regression (µs instead of ms)
+ Improved multitouch support
+ Fix a bug with PLANAR codec (used with /bpp:32 or sometimes with /gfx)
+ Better error handling for ARM transport (Entra)
+ Fix audio encoder lag (microphone/AAC) with FFMPEG
+ Support for janssen JSON library
- Drop 11876.patch: fixed upstream
* Mon Oct 13 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Fix spelling mistakes in Summaries.
* Fri Oct 03 2025 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.17.2:
+ Minor improvements and bugfix release.
+ Most notably resource usage (file handles) has been greatly reduced and
static build pkg-config have been fixed.
For users of xfreerdp RAILS/RemoteApp mode the switch to DesktopSession
mode has been fixed (working UAC screen)
- Changes from version 3.17.1
+ Minor improvements and bugfix release.
* most notably a memory leak was addressed
* fixed header files missing C++ guards
* xfreerdp as well as the SDL clients now support a system wide configuration file
* Heimdal kerberos support was improved
* builds with [MS-RDPEAR] now properly abort at configure if Heimdal is used
(this configuration was never supported, so ensure nobody compiles it that way)
- Add 11876.patch: properly set requires fields for pkgconfig and
cmake files
* Sat Sep 13 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Enable openh264 support, we can build against the noopenh264 stub
* Fri Aug 22 2025 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.17.0:
* [client,sdl2] fix build with webview (#11685)
* [core,nla] use wcslen for password length (#11687)
* Clear channel error prior to call channel init event proc (#11688)
* Warn args (#11689)
* [client,common] fix -mouse-motion (#11690)
* [core,proxy] fix IPv4 and IPv6 length (#11692)
* Regression fix2 (#11696)
* Log fixes (#11693)
* [common,settings] fix int casts (#11699)
* [core,connection] fix log level of several messages (#11697)
* [client,sdl] print current video driver (#11701)
* [crypto,tls] print big warning for /cert:ignore (#11704)
* [client,desktop] fix StartupWMClass setting (#11708)
* [cmake] unify version creation (#11711)
* [common,settings] force reallocation on caps copy (#11715)
* [manpages] Add example of keyboard remapping (#11718)
* Some fixes in Negotiate and NLA (#11722)
* [client,x11] fix clipboard issues (#11724)
* kerberos: do various tries for TGT retrieval in u2u (#11723)
* Cmdline escape strings (#11735)
* [winpr,utils] do not log command line arguments (#11736)
* [api,doc] Add stylesheed for doxygen (#11738)
* [core,proxy] fix BIO read methods (#11739)
* [client,common] fix sso_mib_get_access_token return value in error case (#11741)
* [crypto,tls] do not use context->settings->instance (#11749)
* winpr: re-introduce the credentials module (#11734)
* [winpr,timezone] ensure thread-safe initialization (#11754)
* core/redirection: Ensure stream has enough space for the certificate (#11762)
* [client,common] do not log success (#11766)
* Clean up bugs exposed on systems with high core counts (#11761)
* [cmake] add installWithRPATH (#11747)
* [clang-tidy] fix various warnings (#11769)
* Wlog improve type checks (#11774)
* [client,common] fix tenantid command line parsing (#11779)
* Proxy module static and shared linking support (#11768)
* LoadLibrary Null fix (#11786)
* [client,common] add freerdp_client_populate_settings_from_rdp_file_un… (#11780)
* Fullchain support (#11787)
* [client,x11] ignore floatbar events (#11771)
* [winpr,credentials] prefer utf-8 over utf-16-LE #11790
* [proxy,modules] ignore bitmap-filter skip remaining #11789
* Mon Jun 16 2025 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.16.0:
* Lots of improvements for the SDL3 client
* Various X11 client improvements
* Add a timer implementation
* Various AAD/Azure/Entra improvements
* YUV420 primitives fixes
- Update to 3.15.0:
* [client,sdl] fix crash on suppress output
* [channels,remdesk] fix possible memory leak
* [client,x11] map exit code success
* Hidef rail checks and deprecation fixe
* Standard rdp security network issues
* [core,rdp] fix check for SEC_FLAGSHI_VALID
* [core,caps] fix rdp_apply_order_capability_set
* [core,proxy] align no_proxy to curl
* [core,gateway] fix string reading for TSG
* [client,sdl] refactor display update
* Tue Mar 18 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.14.0:
+ Bugfix and cleanup release. Due to some new API functions the
minor version has been increased.
- Changes from version 3.13.0:
+ Friends of old hardware rejoice, serial port redirection got an
update (not kidding you)
+ Android builds have been updated to be usable again
+ Mingw builds now periodically do a shared and static build
+ Fixed some bugs and regressions along the way and improved test
coverage as well
- Changes from version 3.12.0:
+ Multimonitor backward compatibility fixes
+ Smartcard compatibility
+ Improve the [MS-RDPECAM] support
+ Improve smartcard redirection support
+ Refactor SSE optimizations: Split headers, unify load/store,
require SSE3 for all optimized functions
+ Refactors the CMake build to better support configuration based
builders
+ Fix a few regressions from last release (USB redirection and
graphical glitches)
- Changes from version 3.11.0:
+ A new release with bugfixes and code cleanups as well as a few
nifty little features
* Wed Feb 12 2025 Christophe Marin <christophe@krop.fr>
- Fix freerdp-devel requirement. fuse3 is among the public link
targets but isn't installed automatically
* Wed Feb 05 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Drop pkgconfig(webkit2gtk-4.0) BuildRequires, we are not passing
webview=on to cmake, hence unused and nobody complained.
* Sun Dec 29 2024 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.10.3:
* Fix usage of GetComputerNameExA (#10988)
* Fix cmake clean target (#10990)
* Mon Dec 16 2024 Joan Torres <joan.torres@suse.com>
- Update to 3.10.2
* Fix initializing ComputerName setting (#10985)
* Fix some warnings and possible leaks (#10985)
* Add FreeBSD as architecture build to our ci (#10980 and others)
* Fix empty include directory creation (#10981)
* Fix SIMD detection (#10968)
* Improve settings unit test coverage (#10966)
* Fix sending server redirection PDU (#10963)
* Fix return and use of GetComputerNameA (#10962)
* Thu Dec 12 2024 Joan Torres <joan.torres@suse.com>
- Update to 3.10.0
So, what is new:
* Enforce use of a supported build type (#10777)
* Enable FDK-AAC support for nightly packages (#10875, #10781)
* Better AAD/AVD support (#10796)
* Build system updates (#10844)
* Enforce spell checking (#10881)
* Split unit tests so a subset can be run during package build (#10776)
* We're shipping a .desktop file now (#10465)
* Build scripts for nightly packages (#10835, #10783)
Noteworthy changes:
* Fix wStream API bugs (#10885)
* Autoreconnect fixes (#10915)
* Fix monitor layout checks (#10905)
* Enforce code formatting for CMake files (#10895)
* Enable SIMD optimizations by default (#10894)
* WinPR types not based on stdint.h et al (#10754)
* Improve code assertions (#10768)
* Code cleanups (#10763, #10914)
* Fixes bsc#1233824
* Wed Oct 23 2024 ecsos <ecsos@opensuse.org>
- Update to 3.9.0
So, what is new:
* Support for RDPEAR (remote credential guard) /remoteGuard option for non windows clients
* Global configuration file support, allowing to configure certificate
accept/ignore/... default settings for all users
* Simplified manpage generation, eliminates docbook and xmlto dependencies
speeding up builds
* New API for client channels to run tasks on RDP thread
* New extended transport layer API
* RDPECAM MJPEG support
* the first updates of timezone definitions from our automated ci
Noteworthy changes:
* Fix bugs in SSE4.1/AVX2 image copy (#10720)
* Add warnings for invalid monitor settings during connect (#10672)
* Fix ALSA microphone support (#10664)
* Fix modal windows in RAILS mode (#10629)
* Update experimental SDL3 client (SDL3 API should now have been stabilized,
various pull requests)
* Fix keyboard layouts, the external JSON did miss a few (#10639)
* Sun Sep 01 2024 ecsos <ecsos@opensuse.org>
- Update to 3.8.0
Noteworthy changes:
* Reduce number of warnings on CI build (make dependency includes SYSTEM) (#10509)
* Fix possible crashes with P11 certificate parsing (#10462, #10463)
* Various clipboard related fixes (#10472, #10476, #10477, #10480, #10484)
* Fix a race condition on DesktopResize (xfreerdp) (#10488)
* Improve certificate warnings (#10489)
* Try all possible resolved IP addresses for a DNS name on connect (#10491)
* Fix an issue with GFX SolidFill alpha data (#10498)
* Various fixes for SDL clients (#10504, #10492, #10471)
* Fix serial and parallel redirection crashes (#10510)
* Fix android build issues with NDK 27 (#10529)
* Improve performance of some WinPR primitives (#10528)
* Fix an issue with autoreconnect (#10523)
* Support ssh-askpass like password reading (#10516)
* Lots of code cleanups to reduce clang-tidy warnings (#10531, #10525, #10521, #10520, #10519, #10518)
* Fri Aug 23 2024 Michael Gorse <mgorse@suse.com>
- Only use gcc 12 for SLE 15 / Leap. SLE 16 will presumably use a
newer gcc by default.
* Fri Aug 09 2024 ecsos <ecsos@opensuse.org>
- Update to 3.7.0
* Support for FDK-AAC for sound and microphone redirection
(activate with -DWITH_FDK_AAC=ON build option)
This allows enabling the AAC compression that do not ship faad2 and/or faac
* Support keyboard layouts as JSON resources
(activate with -DWITH_KEYBOARD_LAYOUT_FROM_FILE=ON build option,
also requires JSON support)
This allows editing keyboard layouts for existing releases should the need arise
* Support timezones as JSON resources
(activate with -DWITH_TIMEZONE_FROM_FILE=ON -DWITH_TIMEZONE_COMPILED=OFF build options,
also requires JSON support)
Allows reading the mapping between IANA and windows timezones
from a JSON file, allowing easier updates without recompile
* Improve shadow server compatibility with windows 11 24H2 RDP client
Windows 7 RFX and bitmap updates with multiple rectangles have
been deactivated, so adjust shadow to not send such.
Noteworthy changes:
* Fix ActionScript paramter (#10423)
* Support keyboard layouts as JSON resource (#10394)
* Support timezones as JSON resource and command line argument
(#10428 #10393 #10391)
* Deactivate AsyncUpdate (#10402)
* Compatibility fixes for shadow with windows 11 24H2
(#10455 #10422 #10420 #10416)
* Fix SDL client autoreconnect (#10390)
* Fix xfreerdp clipboard locking (#10385)
* Improve logging (#10426 #10441)
* Improve warnings and code checks
(#10381 #10401 #10403 #10405 #10406 #10410 #10421 #10454)
* Support FDK-AAC (#10372)
* Fix drive redirection state transitions (#10367 #10374)
* Support mth:// routing token (#10366)
* Ignore unsupported SetThreadPriority (#10363)
* Fix reported documentation and code typos
(#10365 #10368 #10370 #10369 #10431 #10446)
* Wed Jul 10 2024 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.6.3:
* Fix xfreerdp and sdl-freerdp manpage names (accidentally changed name)
* Fix crash of wfreerdp
* Fix missing dependency for ci abi-checker
* Fix build WITH_SSE2/WITH_NEON: only enable support if the compiler
also defines symbols that suggest support.
* Improved image copy (#10208)
* Experimental [MS-RDPECAM] support by @oleg0421 (#10258)
* Improved primitives (#10304)
* Connection timeout for HTTP gateway transport (#10288)
* Improved command line failure logging (#10333)
* p11-kit support (#10081)
* json-c support (#10183)
* (experimental) SDL3 port SDL client (#10195)
* New option '/gfx:frame-ack:off' for connection delay testing (#10214)
* improved decoder speed (#10222, #10235)
* xfreerdp floatbar hide bug (#10237)
* winpr-makecert month bug (#10236)
* kerberos kdcUrl check fixes (#10238)
* timezone updates (#10120, #10144, #10170)
* fixed a capability protocol violation bug (#10132)
* fix SDL client dialog bug terminating on credential dialog (#10134)
* some more oss-fuzz issues (#10126, #10141, #10148, #10161, #10239)
* fix a graphics regression (#10352)
* workaround for a protocol bug of older FreeRDP based servers (#10358)
* fix possible NULL dereference in command line parser (#10348)
* Wed Apr 24 2024 ecsos <ecsos@opensuse.org>
- Update to 3.5.1:
* Lots of fixes for oss-fuzz reports
* Timezone detection fixes (#10106)
* SDL key remapping support (#10103)
* Improved help (#10099)
* FreeBSD epoll detection fix (#10097)
- Changes from 3.5.0:
* CVE:
- CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment
- CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data
- CVE-2024-32040 [Low] integer underflow in nsc_rle_decode
- CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle
- CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress
- CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress
* location channel support #9981, #9984, #10065
* bugfixes for report from Evgeny Legerov of Kaspersky Lab #10077
* fuzzer tests from Evgeny Legerov of Kaspersky Lab #10078
* bugfixes for coverty scanner #10066, #10068, #10069, #10070, #10075
* clipboard and generic locking fixes #10076
* split autoreconnect support from enabling it #10063
* various nightly and workflow fixes #10064, #10058, #10062
* always set wm-class to ap