IGEL Universal Desktop LX / IGEL Zero ===================================== Version 10.03.100 Release date 2017-08-30 Last update of this document 2017-08-30 Supported devices: IZ2-RFX, IZ2-HDX, IZ2-HORIZON IZ3-RFX, IZ3-HDX, IZ3-HORIZON UD2-LX 40 UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40 UD5-LX 50, UD5-LX 40 UD6-LX 51 UD9-LX Touch 41, UD9-LX 40 UD10-LX Touch 10, UD10-LX 10 The online Release Notes can be found at http://edocs.igel.com/index.htm#14429.htm Registry keys of parameters are listed there. ============================================================================= Versions: ============================================================================= Clients: - Citrix HDX Realtime Media Engine 2.2.100-949 - Citrix Receiver 13.3.2.366713 - Citrix Receiver 13.4.2.10146724 - Citrix Receiver 13.5.0.10185126 - Ericom PowerTerm 12.0.1.0.20170219.2-_dev_-34574 - Evidian AuthMgr 1.4.6132 - FabulaTech USB for Remote Desktop 5.1.3 - Firefox 52.3.0 - IBM iAccess Client Solutions 1.1.5.0 - IGEL RDP Client 2.2 - Imprivata OneSign ProveID Embedded - Leostream Java Connect 3.3.7.0 - NX Client 5.2.11 - Oracle JRE 1.8.0_141 - Parallels Client (32 bit) 15.5.2.16129 - Remote Viewer 6.0 for RedHat Enterprise Virtualization Desktops - Systancia AppliDis 4.0.0.17 - Thinlinc Client 4.8.0-5456 - ThinPrint Client 7.0.78 - Totem Media Player 2.30.2 - VMware Horizon client 4.5.0-5650368 Dictation: - Diktamen driver for dictation - Driver for Grundig Business Systems dictation devices - Nuance Audio Extensions for dictation B048 - Olympus driver for dictation 20161103 - Philips Speech driver 12.4.15 Signature: - signotec Citrix Channel 8.0.6 - signotec VCOM Daemon 2.0.0 - StepOver TCP Client 2.1.0 Smartcard: - PKCS#11 Library A.E.T. SafeSign 3.0.101 - PKCS#11 Library Athena IDProtect 623.07 - PKCS#11 Library cryptovision sc/interface 6.6.3.502 - PKCS#11 Library Gemalto IDPrime 1.2.3 - PKCS#11 Library SecMaker NetID 6.6.0.30 - Reader Driver ACS CCID 1.1.3 - Reader Driver Gemalto eToken 9.0.43 - Reader Driver HID Global Omnikey 4.2.4 - Reader Driver Identive CCID 5.0.35 - Reader Driver Identive eHealth200 1.0.5 - Reader Driver MUSCLE CCID 1.4.27 - Reader Driver REINER SCT cyberJack 3.99.5final.sp09 - Resource Manager PC/SC Lite 1.8.20 - Cherry USB2LAN Proxy 3.0.0.4 System Components: - Graphics Driver INTEL 2.99.917+git20170607-igel - Graphics Driver ATI/RADEON 7.9.0-0ubuntu1 - Graphics Driver ATI/AMDGPU 1.3.0-0ubuntu1 - Graphics Driver VIA 5.76.52.92-009-005f78-20150730 - Graphics Driver FBDEV 0.4.4-1build5 - Graphics Driver VESA 2.3.4-1build2 - Input Driver Evdev 2.10.5-1ubuntu1 - Input Driver Elographics 1.4.1-1build5 - Input Driver eGalax 2.5.5814 - Input Driver Synaptics 1.9.0-1ubuntu1 - Input Driver Vmmouse 13.1.0-1ubuntu2 - Input Driver Wacom 0.34.0-0ubuntu2 - Kernel 4.10.17 #29.33-ud-r1874 ============================================================================= Security Fixes: ============================================================================= - Fixed kernel security issue CVE-2017-1000364. - Security fix for Secure Shadowing: Do not accept weak SSL ciphers anymore. As the RC4 cipher is not accepted anymore, this change fixes Bar Mitzvah attacks (CVE-2015-2808). - Added possibility to configure minimal allowed ssh cipher security. New registry keys: * network.ssh_client.disable_weak_encryption (defaults to true) * network.ssh_client.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit * network.ssh_server.disable_weak_encryption (defaults to true) * network.ssh_server.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit - Firefox security fixes: * Fixes for mfsa2017-19, also known as: CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7784, CVE-2017-7802, CVE-2017-7785, CVE-2017-7786, CVE-2017-7753, CVE-2017-7787, CVE-2017-7807, CVE-2017-7792, CVE-2017-7791, CVE-2017-7803, CVE-2017-7779. * Fixes for mfsa2017-16, also known as: CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7778, CVE-2017-7758, CVE-2017-7764, CVE-2017-5470. * Fixes for mfsa2017-12, also known as: CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5434, CVE-2017-5432, CVE-2017-5460, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5464, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5465, CVE-2017-5448, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5469, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5462, CVE-2017-5467, CVE-2017-5430, CVE-2017-5429. * Fix for mfsa2017-08, also known as CVE-2017-5428. - Fixed bind9 security issues CVE-2017-3143, CVE-2017-3142, CVE-2017-3138, CVE-2017-3137 and CVE-2017-3136. - Fixed freetype security issues CVE-2016-10328, CVE-2017-8287 and CVE-2017-8105. - Fixed lightdm security issue CVE-2017-7358. - Fixed nss security issues CVE-2017-7502, CVE-2017-5461 and CVE-2016-2183. - Fixed ghostscript security issues CVE-2017-8291, CVE-2017-7207, CVE-2017-5951, CVE-2016-10220, CVE-2016-10219 and CVE-2016-10217. - Fixed libxslt security issues CVE-2017-5029, CVE-2016-4738, CVE-2016-1841, CVE-2016-1684 and CVE-2016-1683. - Fixed icu security issues CVE-2017-7868 and CVE-2017-7867. - Fixed shadow security issues CVE-2017-2616 and CVE-2016-6252. - Fixed rtmpdump security issues CVE-2015-8272, CVE-2015-8271 and CVE-2015-8270. - Fixed bash security issues CVE-2016-9401, CVE-2016-7543 and CVE-2016-0634. - Fixed jbig2dec security issues CVE-2017-7976, CVE-2017-7975, CVE-2017-7885 and CVE-2016-9601. - Fixed samba security issue CVE-2017-7494, CVE-2017-9461 and CVE-2017-11103. - Fixed imagemagick security issues CVE-2017-7606, CVE-2017-7619, CVE-2017-7941, CVE-2017-7943, CVE-2017-8343, CVE-2017-8344, CVE-2017-8345, CVE-2017-8346, CVE-2017-8347, CVE-2017-8348, CVE-2017-8349, CVE-2017-8350, CVE-2017-8351, CVE-2017-8352, CVE-2017-8353, CVE-2017-8354, CVE-2017-8355, CVE-2017-8356, CVE-2017-8357, CVE-2017-8765, CVE-2017-8830, CVE-2017-9098, CVE-2017-9141, CVE-2017-9142, CVE-2017-9143, CVE-2017-9144, CVE-2017-9261, CVE-2017-9262, CVE-2017-9405, CVE-2017-9407, CVE-2017-9409, CVE-2017-9439, CVE-2017-9440, CVE-2017-9501, CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188, CVE-2017-11352, CVE-2017-11360, CVE-2017-11447, CVE-2017-11448, CVE-2017-11449, CVE-2017-11450 and CVE-2017-11478. - Fixed openldap security issue CVE-2017-9287. - Fixed libsndfile security issues CVE-2017-8365, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742, CVE-2017-8361, CVE-2017-8362, CVE-2017-8363 and CVE-2017-8365. - Fixed libtasn1-6 security issue CVE-2017-6891. - Fixed nvidia-graphics-drivers-375 security issues CVE-2017-0350, CVE-2017-0351 and CVE-2017-0353. - Fixed libnl3 security issue CVE-2017-0553. - Fixed gnutls28 security issues CVE-2017-7869 and CVE-2017-7507. - Fixed libxrandr security issues CVE-2016-7947 and CVE-2016-7948. - Fixed glibc security issue CVE-2017-1000366. - Fixed openvpn security issues CVE-2017-7521, CVE-2017-7520, CVE-2017-7512, CVE-2017-7508, CVE-2017-7479 and CVE-2016-6329. - Fixed libgcrypt20 security issues CVE-2017-9526 and CVE-2017-7526. - Fixed ntp security issues CVE-2017-6464, CVE-2017-6463, CVE-2017-6462, CVE-2017-6460, CVE-2017-6458, CVE-2016-9311, CVE-2016-9310, CVE-2016-7434, CVE-2016-7433, CVE-2016-7429, CVE-2016-7428, CVE-2016-7427, CVE-2016-7426 and CVE-2016-2519. - Fixed systemd security issue CVE-2017-9445. - Fixed poppler security issues CVE-2017-9775, CVE-2017-9408, CVE-2017-9406, CVE-2017-9083, CVE-2017-7515, CVE-2017-7511 and CVE-2017-2820. - Fixed evince security issue CVE-2017-1000083. - Fixed heimdal security issues CVE-2017-6594 and CVE-2017-11103. - Fixed expat security issue CVE-2017-9233. - Updated preinstalled CA certificate package to ubuntu artful version 20161130+nmu1. The list of newly supported and removed certificates can be found at online Release Notes (edocs.igel.com). ============================================================================= Information: ============================================================================= The following clients and features are not supported anymore: ============================================================================= - Citrix Receiver 12.1 and 13.1 - Citrix Access Gateway Standard Plug-in - Dell vWorkspace Connector for Linux - Ericom PowerTerm Emulation 9 and 11 - Ericom Webconnect - IGEL Legacy RDP Client (rdesktop) - Virtual Bridges VERDE Client - PPTP VPN Support - IGEL Upgrade License Tool with IGEL Smartcard Token - Remote Management by setup.ini file transfer (TFTP) - XC Font Service - Remote Access via RSH - Legacy Philips Speech Driver - Digital Persona Support - Sane Scanner Support - Softpro/Kofax Citrix Virtual Channel - t-Systems TCOS Smartcard Support - DUS Series touch screens - Elo serial touch screens - IGEL Smartcard without locking desktop - Video Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 - H.264 Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 - Storage Hotplug devices are not automatically removed anymore, instead they must be always ejected manually: - by panel tray icon - by an icon in the "In-Session Control Bar" ("In-Session Control Bar" configurable at IGEL Setup -> User Interface -> Desktop) - by a "Safely Remove Hardware" session (configurable at IGEL Setup -> Accessories) ============================================================================= The following clients and features are not available in 10.03.100: ============================================================================= - Voip Client Ekiga - X session (Xorg Xephyr) - XDMCP - Cherry eGK Channel - Open VPN Smartcard Support - NCP Secure Client - Asian Input Methods - Composite Manager ============================================================================= Known Issues: ============================================================================= [Citrix] - Citrix Multi Stream policy does not work with Storefront sessions, only with Self-Service and Browser. [VMware Horizon] - Blast: On Intel Baytrail based chipsets, H.264 rendering breaks after 20min. Therefore, by default, on following devices the GL-Basic Renderering Engine is used instead of the H.264 GL-Renderer: IGEL UD 6 51 (H830C), IGEL UD 5 50 (H820), IGEL UD9 40/41 (TC-215B) and IGEL UD2 40 (D220). - The USB on-insertion feature is only working if the client drive mapping is switched off. In the IGEL Setup Client drive mapping can be found in: Sessions -> RDP -> RDP Global -> Mapping -> Drive mapping -> Enable Drive Mapping - External drives mounted already before connection do not appear in the remote desktop. Workaround: map the directory /media as a drive in your desktop. Then the external devices will show up inside the media drive. [Firefox] - Because the support for the gstreamer framework was dropped by recent Firefox versions, support for H264 decoding in the browser is not possible anymore due to licensing restrictions. - After firmware update a fullscreen browser session starts once in window mode. Afterwards the fullscreen mode is functional again. ============================================================================= New features: ============================================================================= [Citrix Receiver 13] - Integrated Citrix Receiver 13.5.0. This is the default version now. Available Citrix Receiver versions: 13.3.2, 13.4.2, 13.5.0 (default) - Added Multi Media Stream (for browser and selfservice sessions) to be used when connecting to a multi stream ICA enabled server. Configuration can be done with parameter "Multi-Stream ICA" at TC Setup under Sessions -> Citrix -> HDX Global -> Options. Only supported with Citrix Receiver 13.5.0. (registry key: ica.module.allowmultistream) [Citrix] - Removed the IGEL setup page 'HDX Flash' from Sessions -> Citrix -> HDX Global since this feature isn't supported anymore in IGEL Linux 10. - Removed the IGEL setup page 'Options' from Sessions -> Citrix -> Citrix StoreFront since the options aren't supported anymore in IGEL Linux 10. - Using high quality sound format by default now. The audio bandwith usage can be lowered at IGEL Setup under: Sessions -> Citrix -> HDX Global -> Options -> Audio Bandwidth Limit for StoreFront Sessions. For legacy sessions at IGEL Setup under: Sessions -> Citrix -> Legacy ICA Sessions -> ICA Session -> Options - signotec Virtual Channel for Citrix 8.0.6 Added support for redirection via Citrix Virtual Channel. Enable on page Sessions->Citrix XenDesktop/XenApp->HDX/ICA Global->Mapping-Device Support, parameter "signotec signature pad channel". (registry key: ica.module.virtualdriver.stvcpad.enable) Activating the Citrix channel takes preference over VCOM Daemon (Setup page User Interface->Input->Signature Pad, parameter "Enable signotec VCOM Daemon"). (registry key: devices.signotec.enable) - StepOver TCP/Citrix Client version 2.1.0 Added support for redirection via Citrix Virtual Channel. Enable on page: Sessions->Citrix XenDesktop/XenApp->HDX/ICA Global->Mapping-Device Support Parameter: "StepOver signature pad channel". (registry key: ica.module.virtualdriver.soctx.enable) Activating the Citrix channel takes preference over TCP Client. Setup page: User Interface->Input->Signature Pad Parameter "Enable StepOver TCP Client" (registry key: devices.sotcp.enable) [VMware Horizon] - Updated VMware Horizon Client to version 4.5.0-5650368 - Added setup page for USB Redirection: Sessions -> Horizon Client -> Horizon Client Global -> USB Redirection - Added the following parameters to modify the USB-redirection behavior: * Automatically connect at startup (registry key: vmware.view.usb-autoconnect-at-start-up): If enabled, USB devices are redirected at start-up (i.e. when client connects to the desktop). If disabled, USB devices are not redirected, but listed as available in the VMware menubar. (default: enabled) * Automatically connect when inserted (registry key: vmware.view.usb-autoconnect-on-insert): If enabled, USB devices are redirected on insertion of the device. If disabled, USB devices are only listed as available in the VMware menubar. (default: enabled) - Added new parameter "Reconnecting when there are running applications from a previous session" to determine handling of open application upon reconnect. Setup page: Sessions -> Horizon Client -> Horizon Client Global -> Server Options registry key: vmware.view.reconnect-behavior-mode [ThinLinc] - Updated ThinLinc client to version 4.8.0.5456 [Firefox] - Updated Firefox to version 52.3.0 ESR - Updated Flash Player download URL to version 26.0.0.151 [Network] - Added a new configuration to disable reverse dns lookup of the terminal name: registry key: network.dns.hostname_dnslookup - Added support for mobile broadband connections: The corresponding setup page is Network -> Mobile Broadband. A connection is established automatically and kept until the system is shut down. Connecting/disconnecting manually is not supported. New parameters: * "Enable Mobile Broadband", key:network.interfaces.mobile_broadband.enabled For security reasons the feature is disabled by default. The parameter must be enabled to establish a mobile broadband connection. * "Device type", key: network.interfaces.mobile_broadband.devtype Determines the type of the device that shall be configured. The router device type is meant for Huawei devices in HiLink mode. Currently there is no other official way to control that by software other than through the browser. So, the connection settings mentioned below are not used. Implication: The device should be configured so that no user interaction is required to establish a connection when it is plugged in. This is particularly important when a system firmware update shall be performed, because that may go through a state where only a rudimentary system is at work and an interaction with the device via browser is impossible. The tray icon representing such a device, is the same as used for an ethernet device. When the device type is "modem", the connection settings (see below) are used. The device is represented by a special tray icon. It currently only indicates whether a connection has been established or not. I.e. it does not truly reflect signal strength. The connection parameters are similar to those offered by Ubuntu for a mobile broadband connection. * "Number", key: network.interfaces.mobile_broadband.connection0.gsm.number This is the number to dial, e.g. "*99#". Consult your provider if this isn't known. * "user name", key: network.interfaces.mobile_broadband.connection0.gsm.username Consult your provider if this isn't known. * "Password", key: network.interfaces.mobile_broadband.connection0.gsm.crypt_password Consult your provider if this isn't known. * "APN", key: network.interfaces.mobile_broadband.connection0.gsm.apn The APN (Access Point Name). Consult your provider if this isn't known. * "Network ID", key: network.interfaces.mobile_broadband.connection0.gsm.network_id The Network ID. Consult your provider if this isn't known. * "PIN", key: network.interfaces.mobile_broadband.connection0.sim.crypt_password The PIN for the SIM card. If the PIN is not necessary, the value should be set to "-". If this is left empty, it can be entered later, just before a connection attempt is made. Other necessary connection parameters must be specified in advance. The following parameters determine the behaviour of the tray icon and its context menu: * "Enable tray icon", key: network.applet.modem.enable_trayicon A network icon for a mobile broadband connection is only shown if this is enabled. * "Enable context menu", key: network.applet.modem.enable_context_menu The context menu as a whole is shown if this is enabled. * "Enable network info dialog", key: network.applet.modem.enable_network_info_dialog The context menu contains an entry for showing detailed information about the connection if this is enabled. * "Enable mobile broadband configuration dialog", key: network.applet.modem.enable_connection_editor The context menu offers an entry for configuring a mobile broadband connection if this is enabled. - Added support for Huawei mobile broadband devices in HiLink mode. This has only been tested with a Huawei (HiLink-only) E3372. - Added support for LTE (Sierra EM7303) on Toshiba PORTEGE notebooks. - Added support for mobile broadband on Lenovo ThinkPad 10. [WiFi] - Added the possibility to configure a wifi connection directly in the Setup Assistant if a suitable device was detected. - Added support for various Atheros WiFi devices (ath10k). - Added support for WiFi USB dongle TP-Link Archer T2UH (mediatek 7610u chipset) - Added support for Broadcom BCM43241 chipset WiFi/Bluetooth combo. - Improved support for devices driven by Broadcom Linux hybrid wireless driver (wl). [Imprivata] - New Imprivata OneSign ProveID Embedded support: Version: onesign-bootstrap-loader_1.0.429768_amd64 Version date: Wed Jul 5 17:10:24 EDT 2017 Setup page Sessions -> Appliance Mode [AppliDis] - Enhanced option handling [Smartcard] - Added Cherry USB2LAN Proxy. This daemon detects Cherry EGK (German health care card) devices and exposes their SICCT and HTTPS channels through a network connection. Corresponding Setup page: Security->Smartcard->Services, Parameter "Cherry USB2LAN Proxy". Registry key: devices.cherry_usblanproxy.enable - Updated SecMaker Net iD version 6.6.0.30 [Base system] - Updated kernel to version Ubuntu-hwe-4.10.0-29.33~16.04.1. - Updated GRUB2 bootloader to version 2.02~beta3-4ubuntu6 (Ubuntu artful). - Added extended support for custom partitions: * better support for multiple download sources * better support for initialization scripts inside the custom partition - Added possibility to perform an automatic update on shutdown. This new feature can be enabled at TC Setup under System -> Update -> Firmware Update with parameter "Automatic Update Check On Shutdown" (registry key: update.autoupdate_on_shutdown). This feature automatically checks the firmware version on the configured update source during shutdown process and invokes a firmware update if the version differs from the active version. - Added monitoring agent which permanently observes the health state of a device. The agent must be enabled with the following registry key: monitoring_agent.general.enable_agent The following events are monitored: - Error and warning messages in the systemd journal and other log files - Memory consumption and CPU load of running processes - Disk space of the writable file systems (wfs, firefox profile, custom partition, etc.) The agent writes the collected events to the log file /monitoring/monitoring_agent.log. If a debug log partition is enabled by registry key debug.tools.log_partition_enabled, the monitoring log file is stored to this partition at /debuglog/monitoring/monitoring_agent.log. In this case the monitoring log file is preserved over reboot. See product documentation for all monitoring_agent options (registry keys: monitoring_agent.*). - Updated preinstalled CA certificate package to ubuntu artful version 20161130+nmu1. - Updated TC Setup to version 5.7.5. - Added possibility to specify USB serial devices via USB port number or USB vendor and device id. Currently connected devices appear in the list after opening the dialog "Detect Devices..." in IGEL Setup running directly on the thin client. - Added tool for mobile device access. Its purpose is to access the content of mobile devices which supports the MTP or PTP protocol. Due to the variety of mobile devices it is not possible to guarantee the functionality. Therefore this tool has restricted IGEL Support. [Driver] - Added support for TSharc USB touchscreen monitor. - Added support for IIYAMA ProLite T2452MTS-B4 and IIYAMA ProLite T2252MSC touchscreens. - Added support for Broadcom BCM43241 chipset WiFi/Bluetooth combo. - Added new Dictation driver Diktamen for Citrix and RDP. * Enable for Citrix at IGEL Setup page "Sessions -> Citrix XenDesktop / XenApp->HDX / ICA Global -> Mapping -> Device Support -> Diktamen Channel for Dictation" key: ica.module.virtualdriver.diktamen.enable * Enable for RDP at IGEL Setup page "Sessions -> RDP -> RDP Global -> Mapping -> Device Support -> Diktamen Channel for Dictation" key: rdp.winconnect.plugins.diktamen.use Supported dictation devices: Name VID PID * Grundig SonicMic EU 0x15d8 0x0025 * Grundig SonicMic US 0x15d8 0x0026 * Grundig SonicMic US 0x15d8 0x002A * Grundix Cordex 0x15d8 0x0020 * Philips 32xx,35xx 0x0911 0x0c1c * Philips 52xx 0x0911 0x149a * Philips 6264 0x0911 0x1878 * Philips 6274 0x0911 0x2512 * Olympus DR 2000 0x07b4 0x0216 * Olympus DR 2100 0x07b4 0x0253 Supported foot pedals: Name VID PID * VEC 0x05f3 0x00ff * Philips, old version 0x0911 0x184c * Philips 0x0911 0x1844 * Infinity 0x0e0f 0x0003 * Grundig 0x15d8 0x0024 * Olympus 0x07b4 0x0218 * DictaPhone 0x04b4 0x0100 - Added Citrix Virtual Channel OlyCom for dictation with Olympus devices. Configure on Setup page: Sessions->Citrix XenDesktop/XenApp->HDX/ICA Global->Mapping->Device Support Parameter: "OlyCom Channel for Dictation with Olympus Devices" key: ica.module.virtualdriver.olycom.enable - Added Nuance Audio Extension for dictation via Citrix. Enable on Setup page: Sesions->Citrix XenDesktop/XenApp->HDX/ICA Global->Mapping->Device Support Parameter: "Nuance channel for dictation" key: ica.module.virtualdriver.nuance.enable This channel only redirects audio data. For redirection of buttons also activate the respective channel of the manufacturer of the dictation device. - Added support for serial attached device via inputattach daemon. This will allow to attach a serial line to an input-layer device. The following registry keys have been added: * devices.serial.inputattach.com.enabled Enable the inputattach daemon for port com. * devices.serial.inputattach.com.baud (default: handle by inputattach mode) Specify the baud rate to use. This is only necessary if the default mode rate is incorrect. * devices.serial.inputattach.com.nocarriagereturn (default: disabled) Remove carriage return on every input signal strings received. * devices.serial.inputattach.com.port (default: /dev/ttyS) Specify the device to use. * devices.serial.inputattach.com.mode (default: bs) Specify the serial attached device initialization mode. - Added support for Bluetooth Serial Port Profile via RFCOMM protocol. This will allow to pair a bluetooth device like barcode scanners in SPP mode. The following registry keys have been added: * devices.serial.inputattach.hci.enabled Enable the inputattach daemon for port hci. * devices.serial.inputattach.hci.baud (default: 9600) Specify the baud rate to use. This is only necessary if the default baud rate is incorrect. * devices.serial.inputattach.hci.nocarriagereturn (default: disabled) Remove carriage return on every input signal strings received. * devices.serial.inputattach.hci.port (default: /dev/rfcomm) Specify the device to use. * devices.serial.inputattach.hci.macaddr Specify the remote bluetooth device mac address (BD ADDR). * devices.serial.inputattach.hci.reconnect (default: true) Automatically reconnect to the remote device if disconnected or out of range every 10 seconds. [X11 system] - Updated mesa opengl to version 17.1.5 - Updated X server to version 1.19.3. - Updated graphics drivers. - Added support for DisplayLink based USB graphic adapters. Note: Performance depends on CPU (with slower CPUs Performance will suffer i5 or higher is recommended) - Added initial support for MultiGPU setups: * support for up to 3 graphics adapters * new monitor connector assignment per graphic card at setup page User Interface -> Display -> Advanced -> Graphic card registry keys : * x.xserver0.graphic_card * x.xserver0.screen1.graphic_card * x.xserver0.screen2.graphic_card * x.xserver0.screen3.graphic_card * x.xserver0.screen4.graphic_card * x.xserver0.screen5.graphic_card * x.xserver0.screen6.graphic_card * x.xserver0.screen7.graphic_card * new touchscreen connector assignment per graphic card at setup page User Interface -> Input -> Touchscreen -> Graphic card registry key: userinterface.touchscreen.touchscreen_graphic_card [X server] - Added possibility to configure non default resolutions via registry keys. The configured resolution will be used if the resolution in the IGEL Setup under User Interface -> Display page is set to automatic detect. The accepted format for the new registry keys is: WxH : W = width, H = height (for example 1920x1080) WxH@R : W = width, H = height, R = refresh rate (for example 1920x1080@60 or 1920x1200@59.8) New registry keys: * x.xserver0.custom_resolution (1st monitor) * x.xserver0.screen1.custom_resolution (2nd monitor) * x.xserver0.screen2.custom_resolution (3rd monitor) * x.xserver0.screen3.custom_resolution (4th monitor) * x.xserver0.screen4.custom_resolution (5th monitor) * x.xserver0.screen5.custom_resolution (6th monitor) * x.xserver0.screen6.custom_resolution (7th monitor) * x.xserver0.screen7.custom_resolution (8th monitor) [Window manager] - Added possibility to change the monitor on which the desktop icons are placed (configurable at IGEL Setup -> User Interface -> Monitor for desktop icons). key: windowmanager.defaulttheme.desktopxineramamonitor - Added support for the automatic tiling function of the window manager. When activated, dragging a window to the edges or corners of the screen will automatically resize and reposition the window to cover a quarter, half or the full screen. It is possible to activate this function with registry key windowmanager.wm0.variables.tileonmove. - Added registry key to run unpatched xfwm4 version: windowmanager.vanilla - Added registry key to print extra debug output whenever an ICA tweak is triggered in the window manager (might produce some output): windowmanager.tweaks.verbose [Printing] - Added TCP/IP print server functionality. Configure in IGEL Setup on page: Devices -> Printer -> TCP/IP registry keys: devices.devicemapd.* [Java] - Updated Oracle JRE to 1.8U141 [TC Setup (Java)] - The IGEL Setup now logs errors and informations to the file /var/log/user/tcsetup.log. The following options are available: * userinterface.setup.debug.log_level * userinterface.setup.debug.log_max_size * userinterface.setup.debug.log_rotation [Remote Management] - Added capability to display formatted user messages. - Added the following parameters to configure minimal allowed ssh cipher security: * network.ssh_client.minimal_encryption_level Possible range 128bit, 192bit or 256bit (default: 128bit) * network.ssh_server.minimal_encryption_level Possible range 128bit, 192bit or 256bit (default: 128bit) - Added battery status reporting to remote management. The frequency of the reporting can be configured in the registry at: system.remotemanager.battery_report_frequency - Added Asset Inventory Tracking support (AIT Agent). [IGEL Cloud Gateway] - Added download of custom wallpaper and bootsplash in ICG agent. ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed problems with vanishing Citrix seamless application windows under special circumstances (e.g. dragging an MS Outlook window to another screen when "Hide when minimized" is activated in the Outlook system tray icon). There is a new parameter to control the method used for hiding server side windows when switching between workspaces on client: * ica.wfclient.twiwshidewindowtype: 1 - Hide server side windows by minimizing them (Default) 2 - Hide server side windows by moving them to the right-bottom corner outside of the screen (try this when the vanishing window problem occurs) - Fixed audio issues in Citrix ICA sessions by using high quality sound format as default. [RDP/IGEL RDP Client 2] - Fixed connection issues with installed root-ca certificate and a gateway/connection-broker and skip the obsolete certificate acknowledge dialog for connections redirected from a trusted connection-broker (RDP-8 compliance). - Fixed RDP client screen update issues for desktop sessions and improved the screen update performance. - Fixed problem with graphical window fragments in RDP sessions to server 2012R2. - Fixed COM port mapping: fixed waiting for event character. [RD Web Access] - Fixed resize Excel 2013 columns in RD WebAccess. - Fixed RD web access sessions not recognizing smartcards. [VMware Horizon] - Fixed handling of stalled VMware/RDP sessions: * In case the session uses an HTTPS tunnel to reach the remote desktop, Horizon View Client resets the tunnel one minute after the network congestion is observed. Upon this reset, the RDP client terminates and does not try to reconnect, because the predefined Horizon client https tunnel is now closed at this point. * In case of direct connection to the remote desktop, the reconnect dialog of the RDP client terminates the client immediately now when the cancel button is pressed. - Fixed an issue where the VMware Horizon session would not be automatically restarted in spite the setup parameter being enabled. - Fixed client drive mapping. - Fixed bug in H.264 rendering by adding a switch to modify the Blast GL-Rendering Engine with registry key: vmware.view.glrenderer [RedHat Enterprise Virtualization client] - Fixed sporadic dual login request. [Network] - Fixed bug with hostname not being adopted from DHCP lease. - Fixed issues with 802.1x authentication by improving reliability of local network connection establishment at boot time. [WiFi] - Fixed Atheros ath10k Q6174 not working issue. [genucard VPN] - Fixed running into a too short timeout during rekeying and displaying an incorrect message about the rekeying result. - Fixed issue with too short connection timeouts. This mostly occurred when establishing a WIFI connection. [Smartcard] - Fixed smart card detection over USB3 by adding a tool to improve detection of smart card insertions. This may be needed if reader is connected to a USB 3.0 port. Enable in setup registry with key scard.scpolld.enable. - Fixed error when reading smart card for the first time by adding a the parameter scard.pcscd.on_demand (default: enabled). When enabled, the smart card service PC/SC-Lite starts when it is accessed the first time and terminates after 60 seconds of inactivity. When disabled, the service is started immediately at boot and stays running. Disabling the key can help to avoid smart card errors which e.g. only occur once after boot. - Fixed IGEL Smartcard not supporting Remote Desktop Web Access sessions. - Fixed screen lock while being authenticated with IGEL smartcard without password. - Fixed Active Directory log on with smart card: in some cases sporadic error messages "Unknown smart card." occurred. - Fixed waiting for smart card insertion and removal events. [Application Launcher] - Fixed a wrong ordering of the network interfaces in some rare situations. [Base system] - Several fixes in local login handling: - Fixed problem with AD/Kerberos login mask being shown before network is ready. Added warning message in login screen while network is not available and network based authentication methods (Kerberos, Shared Workplace) are active. - Fixed issue with missing domain suffix in AD/Kerberos login by adding hint to use fully qualified domain name at parameter "Default Domain" on page Security->Active Directory/Kerberos. (key: auth.krb5.libdefaults.default_realm) - Fixed AD/Kerberos logon: if no default domain is specified in setup, fall back to the first explicitly defined domain in setup. Added domain info label on Kerberos and Shared Workplace logon mask. - Fixed problem with focus handling in local login screen when navigating with TAB, CTRL+TAB and ENTER keys between input fields. - Fixed Screen Lock in combination with Active Directory and Shared Workplace Logon. The screen gets locked only if "Screen Lock Password" is "User Password" or "Screen Lock Password" (setup page User Interface -> Screen Lock/Saver -> Options). Before this fix the screen was locked also if "Screen Lock Password" was set to "None". - Fixed behaviour of local logon when "Login with Screen Lock Password" (key: auth.login.xlock) is active, "Screen Lock Password" (key: sessions.xlock0.options.usepassword) is set to "User Password", but no user password is set. - Fixed AD/Kerberos Logon with smart card and "Smartcard Removal Action" "Lock Thin Client". Before this fix the desktop wasn't locked when removing the smart card. - Fixed vulnerability of login screen and screen lock to changes of count and resolution of monitors. Now the login/lock screen is refreshed on all monitors when such events occur. - Fixed vulnerability to brute force attacks on local login screen. Limited number of unsuccessful login attempts to 5 in an interval of 30 seconds by default. The number of attempts and the interval can be configured setting the following parameters: * auth.login.lockout_threshold default: 5 * auth.login.lockout_duration default: 30 - Fixed placement of user menu on login screen in multi monitor configurations. Before it could have happened that menu was hidden behind the task bar. - Fixed security issue with Secure Shadowing: Do not accept weak SSL ciphers anymore. As example the RC4 cipher is not accepted anymore, this change fixes Bar Mitzvah attacks (CVE-2015-2808). Due to the higher security demands Secure Shadowing with Java 6 based UMS version 4.07.100 and 4.08.100 is not supported anymore. Secure Shadowing is supported with UMS 5 and UMS 4.09.100. - Fixed the position of the task list in the panel when there aren't any quick starters defined. - Fixed automatic suspend after a defined time period of inactivity. Parameter: System standby at setup page System -> Power Options -> System Key: system.power_management.system_standby.ac - Fixed reboot message does no longer occur if downloaded license file has the same feature set as previously loaded licenses - Fixed double restart of browser window with a configured "Logoff" post session command together with Citrix / Web Interface sessions. - Fixed an issue where special key/button strokes regarding power management (i.e. power off, sleep, monitor brightness and keyboard brightness) weren't recognized in certain situations, e.g. if a context menu was open. - Improved error messages when changing of Kerberos/Active Directory password fails. Especially the notification for users when the password does not meet the complexity constraints. - Fixed wrong interpretation of [ctrl] + [arrow key] in the terminal. Moving the cursor a whole word at a time is now possible again. - Fixed problem with bootorder setting (EFI only) on mmc block based devices. - Fixed device not booting if no network connection is available and no settings have been made yet (i.e. after first boot or reset to factory defaults). - Fixed title of 'Finish' page within IGEL Setup Assistant not changing upon switching the language. - Fixed manual session start not working in case no network was available. Automatic session start will still wait for network with sessions that rely on a functioning network connection. - Fixed free size calculation during firmware update on storage devices bigger than 4Gb. - Fixed Bluetooth Tray icon. Now the "paired devices" section show the correct device list. - Fixed an issue with failsafe boot which could lead to a non bootable system. - Fixed an issue where some services would not be restarted after suspend / resume. - Fixed kernel security issue CVE-2017-1000364. - Fixed password protection of firmware update session. - Fixed button labels in the IGEL Setup Assistant. The 'Next' button is now labeled with 'Skip' on the Date/Time, ICG and Wifi page. This makes it more clear that the user has to use the embedded controls rather than the 'Next' button to change the particular settings. - Fixed the position of the task list in the panel when there aren't any quick starters defined. [Appliance Mode] - Fixed XenDesktop Appliance Mode with smartcard logon: The browser is not restarted anymore when the smartcard is inserted initially. - Fixed wrong availability of minimize button in Citrix Self-Service Appliance Mode: Hide minimize button in In-session control bar. - Fixed issues with screenlock in appliance mode by not starting it in appliance mode anymore. Screensaver is still functional. The screenlock does not work together with the appliance mode logon screens. [X11 system] - Fixed issues with Dell P2217 monitor (now also for DELL P2217H model). Added registry key x.xserver0.force_reconfig (default: disabled) to force a X reconfiguration. - Fixed issues with detecting HDMI monitors on VIA hardware. Added registry key x.drivers.via.force_hdmi_output (default: disabled) which can be activated to fix the not detected HDMI monitor on VIA hardware issue. - Fixed evtouch non working touchscreen calibration. - Fixed evtouch not saved touchscreen calibration over reboot. - Fixed a small memory leak in the xfce4-panel when window titles change. - Fixed DisplaySwitcher not always reacting on configuration changes. - Fixed sporadic black screen issues after boot. [X server] - Fixed X-Server hangs if all monitors were disconnected and plugged directly again on UD5 and UD6. - Fixed X-Server crash on VIA based hardware. - Fixed stability for VIA based hardware when the screen resolution / configuration is switched quite often. [Window manager] - Fixed issue with moving icons to desktop by drag and drop in legacy start menu. - Fixed issue with moving icons by drag and drop in legacy start menu. - Fixed high memory consumption of taskbar if a background image is set. - Fixed panel start after kerberos/smartcard logon, when the panel is disabled at logon screen. - Fixed Citrix window manager tweaks configuration: registry keys windowmanager.tweaks.* are functional again. [Shared Workplace] - Fixed passthrough authentication with Shared Workplace. Now e.g. Shared Workplace and Citrix Single Sign On is working again. [Audio] - Fixed input and output recognizing for Sennheiser USB headsets. - Fixed state saving of Pulseaudio sound system. - Fixed sound volume control in IGEL UD2 (D220), IGEL UD3 (M340C) and IGEL UD6 (H830C). Now volume control takes in account all relevant hardware volume controls and all available audio sinks and sources are exposed in the sound volume dialog. [Hardware] - Fixed touchpad parameters for newer touchpad devices. [TC Setup (Java)] - Fixed IGEL setup display corruptions after screen config changes. [Remote Management] - Fixed an issue where the UD3-LX50 couldn't be suspended via UMS. - Fixed an issue when the new remote settings were received while the IGEL setup assistant was running. - Fixed missing system log file in support file bundle. - Fixed handling of UMS jobs: "Firmware Update" and "Update On Shutdown". - Fixed issue with Secure Shadowing by applying the JCE Unlimited Strength Jurisdiction Policy files and thus enabling higher strength encryption than the Oracle JRE uses by default. [IGEL Cloud Gateway] - Fixed fingerprint check in ICG Setup for certificates issued by a trusted CA. - Fixed depth limit of a certificate chain in the ICG agent. - Fixed status update of the ICG status icon in tray. - Fixed default port number in ICG Setup. Now port 8443 is used by default if a server URL is entered without port number. - Fixed handling in removing a TC from UMS over ICG. - Fixed issue when establishing initial connection to ICG server. [Caradigm] - Fixed Caradigm VMware/RDP sessions using network level authentication