3.5.0 #10084

akallabeth · 2024-04-16T19:32:32Z

akallabeth
Apr 16, 2024
Maintainer

This release focus is on squashing bugs.
The improved test coverage and ci builds revealed a number of previously
unnoticed issues we have addressed and we also got a report from
Evgeny Legerov of Kaspersky Lab identifying a number of out of bound reads
in decoder components and one very nasty out of bound write.

CVE:
CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment
CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data
CVE-2024-32040 [Low] integer underflow in nsc_rle_decode
CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle
CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress
CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress

Noteworthy changes:

location channel support [channel,location] fix broken length check #9981, Location tests #9984, location: Increase buffer size for printing channel info #10065
bugfixes for report from Evgeny Legerov of Kaspersky Lab Fixes #10077
fuzzer tests from Evgeny Legerov of Kaspersky Lab [cmake] add fuzzer tests #10078
bugfixes for coverty scanner Coverity #10066, Coverity #10068, Coverity2 #10069, Coverity #10070, Coverity #10075
clipboard and generic locking fixes [cliprdr,common] fix file_context->request_table #10076
split autoreconnect support from enabling it [core,settings] add missing autoreconnect option #10063
various nightly and workflow fixes recreate codeql.yml #10064, CI: add coverity scheduled workflow #10058, [packaging,rpm] fix excludes #10062
always set wm-class to app_id app_id should be set to wm-class #10051
refactored and simplified CMake current master WITH_LIBRARY_VERSIONING=OFF buggy #10046, [cmake] do not set NO_SONAME #10047
fix relative mouse event sending Send relative mouse events using TS_RELPOINTER_EVENT only when capability present #10010
improve and unify check for APIs used (POSIX, win32, mac, ...) Posix refactor #9995
fix termination for gateway connections [core,gateway] respect abortEvent #9985
fix drivestoredirect RDP file setting, ignore invalid Failed to load addins error when using RDP file which contains drivetoredirect:s #9989
drop IPP support [build,ipp] drop support for IPP #10038

For a complete and detailed change log since the last release run:
git log 3.5.0...3.4.0

This discussion was created from the release 3.5.0.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

3.5.0 #10084

{{title}}

Replies: 0 comments

Select a reply

3.5.0 #10084

akallabeth Apr 16, 2024 Maintainer

Replies: 0 comments

akallabeth
Apr 16, 2024
Maintainer