IGEL Linux ========== Version 5.10.410 Release date 2016-11-02 Last update of this document 2016-11-02 Supported devices: IZ2-RFX, IZ2-HDX, IZ2-HORIZON IZ3-RFX, IZ3-HDX, IZ3-HORIZON UD2-LX 40, UD2-LX 31, UD2-LX 30 UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40, UD3-LX 31 UD5-LX 50, UD5-LX 40, UD5-LX 30 UD6-LX 51 UD9-LX Touch 41, UD9-LX 40, UD9-LX Touch 31, UD9-LX 30 UD10-LX Touch 10, UD10-LX 10 ============================================================================= Versions: ============================================================================= Clients: - Citrix Access Gateway Standard Plug-in 4.6.3.0800 - Citrix HDX Realtime Media Engine 2.1.0-602 - Citrix Receiver 12.1.8.250715 - Citrix Receiver 13.1.4.322630 - Citrix Receiver 13.3.2.366713 - Dell vWorkspace Connector for Linux 8.6.0 - Ericom PowerTerm 11.0.3.0.20160407.1-_dev_-34574 - Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848 - Ericom Webconnect 5.6.0.4000-rel.20413 - Evidian AuthMgr 1.4.5888 - FabulaTech USB for Remote Desktop 5.1.3 - Firefox 38.8.0 - IBM iSeriesAccess 7.1.0-1.0 - IGEL Legacy RDP Client 1.0 - IGEL RDP Client 2.2 - Imprivata OneSign ProveID Embedded - Leostream Java Connect 3.0.57.0 - NCP Secure Client (Enterprise) 3.25-rev23310-i686 - NX Client 5.1.9 - Open VPN 2.3.2 - Oracle JRE 1.8.0_112 - Parallels 2X Client 15.0-3736 - Remote Viewer 2.0 for RedHat Enterprise Virtualization Desktops - Systancia AppliDis 4.0.0.14 - Thinlinc Client 4.5.0-4930 - ThinPrint Client 7.0.65 - Totem Media Player 2.30.2 - Nimboxx VERDE Client 8.0.0-rel.25568 - VMware Horizon client 4.1.0-3956299 - Voip Client Ekiga 4.0.1 Dictation: - Driver for Grundig Business Systems dictation devices - Diktamen Extensions for dictation 1.1 - Nuance Audio Extensions for dictation 7.47.0 - Driver for Olympus dictation devices - Legacy Philips Speech Driver 5.0.10 - Philips Speech Driver 12.3.21 Signature: - signotec VCOM Daemon 2.0.0 - Softpro/Kofax Citrix Virtual Channel 3.1.33.2 - StepOver TCP Client 1.0.2 Smartcard: - PKCS#11 Library A.E.T SafeSign 3.0.93 - PKCS#11 Library Athena IDProtect 623.07 - PKCS#11 Library cryptovision sc/interface 6.6.3 - PKCS#11 Library Gemalto IDPrime 1.2.1 - PKCS#11 Library SecMaker NetID 6.3.0.50 - Reader Driver ACS CCID 1.1.1 - Reader Driver HID Global Omnikey CCID 4.0.5.5 - Reader Driver Identiv / SCM Microsystems CCID 5.0.35 - Reader Driver MUSCLE CCID 1.4.22 - Reader Driver Omnikey CCID legacy-3.6.0 - Reader Driver Omnikey RFID legacy-2.7.2 - Reader Driver REINER SCT cyberJack 3.99.5final.SP08 - Reader Driver Gemalto / SafeNet eToken 8.1.0-4 - Reader Driver SCM Microsystems CCID Legacy 5.0.21 - Reader Driver SCM Microsystems SDI011 5.0.18 - Resource Manager PC/SC Lite 1.8.15 System Components: - Graphics Driver ATI lts-xenial - Graphics Driver INTEL lts-xenial-2.99.917 - Graphics Driver VIA lts-vivid-5.76.52.92-009-005f78-20150730 - Kernel 3.19.8-ckt19 #59.65-ud-r1597 - Xorg X11 Server lts-wily-1.17.2 - Xorg Xephyr lts-wily-1.17.2 ============================================================================= Information: ============================================================================= - IMPORTANT: END OF MAINTENANCE In this release the following products are not supported any more because of End of Maintenance: - IZ2-HDX31 - IZ2-RFX31 - IZ2-HORIZON31 These products can not be used for productive work with this firmware release. They still can be downgraded to an earlier firmware version, or converted to a Universal Desktop thin client via Upgrade License. [Citrix Receiver 13] - It is not possible to use normal Citrix StoreFront / WebInterface sessions and Citrix Self-Service at the same time. ============================================================================= Known issues: ============================================================================= [Citrix Receiver 13] - Randomly seamless application windows are displayed twice in a dual monitor setup. [Citrix] - It can happen that the window of a published Firefox can get unusable when the window is maximized, then minimized and maximized again. This can also happen to other applications. Workaround: enable registry key ica.wfclient.twisetfocusbeforerestore with Citrix Receiver 13.3.1 [RDP/IGEL RDP Client 2] - If you start a session to a Microsoft Windows Server 2008R2 server with compression enabled and try to do a remote control of another session on this server, the igelrdp2 client can freeze after terminating the remote controlled session. This does not affect Microsoft Windows Server 2012R2 servers. A possible workaround is to set the compression level at rdp.winconnect.compression-level from RDP6.1 to RDP6, or below. [Open VPN] - Certificate and key files using relative paths (from reference directory /wfs/OpenVPN/) are not found. This applies also when you use the file picker dialog to locate them. Work around of prefixing all such files explicitly with /wfs/OpenVPN/ is necessary. - Upon disconnect of an OpenVPN session the remote agent is stopped and thus the UMS connection not available anymore. [NX client] - When using NoMachine NX Client 5.x to connect to NX Server 3.5 or FreeNX and run the UMS the NX session crash. A functional workaround is to edit the RemoteManager.bin.config file (default installation location is /opt/IGEL/RemoteManager/rmclient/) and add as second line: - vmparam -Dsun.java2d.xrender=false This will disable the xrender support that cause the NX Session to crash when starting the Universal Management Suite. [Parallels Client] - Is not possible to minimize seamless application window from the taskbar. - Authentification with Smartcard is not working [Firefox] - If socks- and http/ssl proxy is defined in the system wide setup, the browser uses the socks proxy. If it is defined in session specific setup, the browser prefers http/ssl proxy. [VMware Horizon] - Remote Applications are not seamless in the strict sense. These are rather displayed in an extra window decorated by the TC's window manager. - If more applications defined and started in the same session, all are displayed inside this window. The default size of this window can be defined in the Window section of the Horizon session. - PCoIP user input language synchronization is currently broken. [Dell vWorkspace Connector] - Seamless applications exported from Win8/8.1 desktops show display errors when dragged to the screen edges. - With a dual monitor configuration flash redirected windows can appear on wrong screen. - After the start of a seamless session the window is initially maximized before being resized to the correct size. - Windows XP sessions might not work properly anymore. - Only standard 105 keys PC keyboards are supported. Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys. - Mapping of drives to a dedicated drive letter is not possible anymore. - If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped. - If printer mapping is enabled all printers configured in CUPS are mapped. - For Multimedia Redirection sound redirection with WMV/WMA streams is not working. - USB Redirection may not work reliable. - Session starts only if RDP Local Logon Window (IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active. [Evidian AuthMgr] - Active Directory users with a password containing special characters may have problems to authenticate with the configured session. Known special characters which results in errors are: ` (grave accent, ASCII code 96) ´ (acute accent, ASCII code 239) [Universal MultiDisplay] - X-Sessions don't work with UMD currently. [Multimedia] - No Hardware Video Acceleration while playback of MPEG-1 videos on IGEL UD3-LX 50 (M340C) ============================================================================= 5.10.410 (stable build based on 5.10.240) ============================================================================= Resolved issues: ============================================================================= [Firefox] - Updated Flash Player download URL to version 11.2.202.643 [base system] - Updated timezone data to most current version. [X11 system] - Added BLT as possible intel accel method (registry key: x.drivers.intel.accel_method) [Audio] - Impoved handling of data underruns in audio streams using ALSA over Pulseaudio. [Java] - Updated Oracle JRE to 1.8U112. ============================================================================= Security issues: ============================================================================= - Disabled weak ssh encryption algorithms as default for client and server. This are following algorithms: arcfour, arcfour128, arcfour256, aes128-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se, blowfish-cbc, cast128-cbc and 3des-cbc. If one need ssh connections which only over one of the now deactivated encryption algorithms the new registry keys: * network.ssh_client.disable_weak_encryption (default: true) * network.ssh_server.disable_weak_encryption (default: true) could be set to false to support the weak encryption again. - Fixed Kernel Local Privilege Escalation "Dirty COW" - CVE-2016-5195. - Fixed openssl security issues: CVE-2014-3571, CVE-2016-6306, CVE-2016-6304, CVE-2016-6303, CVE-2016-6302, CVE-2016-2183, CVE-2016-2182, CVE-2016-2181, CVE-2016-2180, CVE-2016-2179 and CVE-2016-2178. ============================================================================= 5.10.240 (stable build based on 5.10.180) ============================================================================= Resolved issues: ============================================================================= [Citrix Receiver 12/13] - Fixed sticky shift and right control keys in ICA sessions when generic keyboard mapping is specified. Before this fix the status of these modifiers inside the session window could be wrong after the window got active again. [VMware Horizon] - Fixed handling of sessions which should only use the local logon dialog. Before it was possible that the client's internal logon dialog was also used upon connect to the server. [CUPS Printing] - Fixed printing of multiple documents or copies in one print job. Before the first document or copy was printed, and then the printing stalled. This happened e.g. when printing multiple copies originating from a AS400 via LPD protocol. [base system] - Fixed keyboard layout not being changed directly after applying changes in IGEL Setup. [X11 system] - Fixed DisplayPort monitor remain black if the ThinClient is powered on before the monitor. New registry key: * session.user_display%.options.enhanced_hotplug, default: true [Universal MultiDisplay] - Fixed UMD satellit monitor stay black issue. ============================================================================= 5.10.180 (stable build based on 5.10.170) ============================================================================= New features: ============================================================================= [Network] - Added a new configuration to disable reverse dns lookup of the terminal name: registry key network.dns.hostname_dnslookup, default: enabled [Java] - Updated Java Runtime Environment to version 1.8.0 update 102 [Caradigm] - Added Autostart functionality to Caradigm Session. Caradigm Session can be configured at Setup page: "IGEL Setup->Sessions->Caradigm" (registry keys: sessions.caradigm0) Client specific settings are shared with Caradigm Appliance settings. (registry keys: caradigm) New registry keys: * sessions.caradigm0.autostart, default: false * sessions.caradigm0.waittime2autostart, default: 0 ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed "Touch here..." button within Citrix XenDesktop Appliance mode not being displayed even though touchscreen is present. [RDP/IGEL RDP Client 2] - Fixed a keyboard focus issue in RDP Web Access sessions for certain applications, especially for Microsoft Dynamics Navision 2015 in fullscreen mode and UMS console. - Added evaluation of parameter "Setup -> Sessions -> RDP -> RDP Global -> Mapping -> Audio -> Audio Capture" to RDP Web Access sessions. [Firefox] - Updated Flash Player download URL to version 11.2.202.632 [base system] - Updated realtek r8168 driver from 8.040.00 to 8.042.00. - Fixed openssl0.9.8 security issue CVE-2016-2108 (memory corruption in ASN.1 encoder) [X11 system] - Fixed wrong Display order for VIA ThinClients (affects UD2 lx30, UD3 lx30, UD3 lx40, UD3 lx41, UD3 lx42 and UD5 lx30) [Windowmanager] - Allow task switch via the taskbar while the main menu is active. [Audio] - Configuration of sound volumes is made more reliable and works now if IGEL Active Directory Logon is used. [Hardware] - Fixed randomly system freeze on devices with VIA graphics. ============================================================================= 5.10.170 (stable build based on 5.10.160) ============================================================================= New features: ============================================================================= [Citrix] - Citrix HDX RTME (Optimization for Skype for Business Client) updated to 2.1.0-602. [Citrix Receiver 13] - Integrated Citrix Receiver 13.3.2. Webcam redirection does work in sessions running on Version 7.6 VDAs correctly. The copy speed of mapped client drives has been improved. [misc] - Fabulatech USB for Remote Desktop updated to 5.1.3. ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed distorted sound output in applications using ALSA (e.g. Citrix ICA Receiver). - Fixed audio input in applications using ALSA (e.g. Citrix ICA Receiver). - Citrix session login window with smartcard authentication translated correctly to german [RDP/IGEL RDP Client 2] - The global key "verify server certificates" on the options page will now be evaluated by RD Web Access. If it is disabled, the check certificate dialog will not longer appear if the server certificate could not be evaluated by the client. [base system] - Fixed not working standby suspend if using active directory login and no user was logged in. - Fixed suspend blocked by xfce4 panel. [Audio] - Fixed distorted sound output in applications using ALSA (e.g. Citrix ICA Receiver). - Fixed audio input in applications using ALSA (e.g. Citrix ICA Receiver). ============================================================================= 5.10.160 (stable build based on 5.10.100) ============================================================================= New features: ============================================================================= [RDP/IGEL RDP Client 2] - Added selection of Display Resolution to RDP sessions. Now you can start a RDP session with a display resolution different than the window size. The session will be scaled to fit in the selected window size but with a session resolution selected by Display Resolution parameter. You can change the display resolution at "Sessions -> RDP -> RDP Sessions -> Session X -> Window -> Display Resolution". The default value is "Same as Window Size". NOTE: This new feature does not work with multi-monitor sessions. This feature also ignores Display Control setting from "Sessions -> RDP -> RDP Global -> Window -> Enable Display Control". - Added a notification label to RDP Login dialogue to signalize a wrong password or username. The Login dialogue is also opened again after a failed login. [VMware Horizon] - Updated VMware Horizon Client to version 4.1.0-3956299 [Smartcard] - Added CoolKey PKCS#11 library version 1.1.0. Use with Kerberos and/or Citrix StoreFront Logon: On page Security->Smartcard->Middleware activate "Use a custom PKCS#11 module" and set "Path to the library" to "/usr/lib/pkcs11/libcoolkeypk11.so" Use with VMWare Horizon: In IGEL Registry set the following parameters: vmware.view.pkcs11.use_custom true vmware.view.pkcs11.custom_path /usr/lib/pkcs11/libcoolkeypk11.so Use with Firefox Browser: In IGEL Registry set the following parameters: browserglobal.security_device.custom.enable true browserglobal.security_device.custom.device_name CoolKey browserglobal.security_device.custom.lib_path /usr/lib/pkcs11/libcoolkeypk11.so - Added support for smart card reader HID OMNIKEY CardMan (076B:3031) 3021. [Caradigm] - Added support for RDP. A RDP session must be configured at "IGEL Setup -> Sessions -> RDP Sessions" IMPORTANT: The first configured RDP session will be used. - Added preview version of Caradigm Session as new session type. Caradigm Session can be configured at Setup page: "IGEL Setup -> Sessions -> Caradigm" (registry keys: sessions.caradigm0) Client specific settings are shared with Caradigm Appliance settings. (registry keys: caradigm) - Improved UI Design. ============================================================================= Resolved issues: ============================================================================= [Citrix] - A screenshot that is copied to clipboard by the Screenshot Tool can be pasted into Citrix sessions now. Prerequisites: Open the Citrix session before taking the screenshot. [RDP/IGEL RDP Client 2] - Fixed the certificate dialog in the RDP multipoint server appliance mode to appear on top. - Fixed a bug in Remote Desktop Web Asccess on devices with poor performance (e.g. D210). Previously the session did not start and the getting applications window froze. - Fixed a bug in "System -> Firmware Customization -> Custom Commands -> Post Session" if RDP was selected. Now we also consider the RDP Login Window and execute the selected command after the Login Window is closed. - Fixed a bug in evaluation of parameter "Sessions -> RDP -> RDP Global -> Options -> Inverted cursor color". Now the cursor should behave like intended. - Fixed a problem with smart card redirection. This could cause failing communication with smart cards e.g. when using DATEV software. [VMware Horizon] - Horizon client version 4.1.0-3956299 fixes instability of RTAV: Multiple starting and stopping sound recordings, like when using a dictaphone, do not not crash the client anymore. - Fixed bug regarding local logon in appliance mode where credentials were not correctly passed to Horizon Client. [base system] - Fixed sometimes not working standby suspend if using active directory login on the ThinClient. [X11 system] - Added option to disable reaction to display hotplug events for DisplayPort only or for all ports (very useful for DisplayPort power-off disconnect issues). Registry key: sessions.user_display0.options.disable_hotplug Possible values: none, dp, all - Changed DisplaySwitcher to use the same screen 1 as defined in setup display configuration if not overriden by Primary selection setting in DisplaySwitcher. ============================================================================= IGEL Linux 5.10.100 ============================================================================= New Features: ============================================================================= [Citrix] - Added UDP audio support for Citrix Receiver 13. To enable UDP audio, adjust the following parameters in the registry: "ica.module.enableudpaudio" (default: off) "ica.module.udpaudioportlow" (default: 16500) "ica.module.udpaudioporthigh" (default: 16509) IMPORTANT: UDP audio support works with medium audio quality only! [Citrix Receiver 13] - Integrated Citrix Receiver 13.3.1. - Added Citrix HDX Hardware Acceleration for H.264-enhanced SuperCodec (i.e. used by Citrix HDX 3D Pro) - The hardware acceleration can be enabled at Setup page "Sessions -> Citrix XenDesktop / XenApp -> HDX / ICA Global -> Codec" or with registry key ica.hw-accelerated-h264-codec. See http://edocs.igel.com/#10201440.htm for the list of supported devices. Limited functionality on UD3-LX 40/41/42 and UD10-LX: - HDX Hardware Acceleration does only work with 256 MB Video Memory or more. Video Memory must be adjusted in System Bios. The default is 128 MB. - Seamless window mode not supported. - Desktop sessions expanded over 2 monitors are not supported. - Desktop sessions on rotated screens may flicker. For the other devices: - Fixed seamless window flicker when placed between 2 monitors - Fixed Desktop screen artefacts with sessions expanded over 2 monitors and the session was covered by another window. Missing features for hardware accelerated HDX SuperCodec (does not apply to software only implementation): - Lossless text rectangles - Small frame rectangles Although the rendering quality in H.264 is quite good for typical desktop content, there is an option for rendering text perfectly lossless at the expense of higher bandwidth requirements. These features will be supported in the next release. Prerequisites for the HDX Hardware Acceleration: - Usage of Citrix Receiver 13.1.4 or 13.3.1 - Licensed IGEL Multimedia Codec-Pack - Enabled "Hardware Video Acceleration" at IGEL Setup -> System -> Firmware Customization -> Features - Enabled "H.264 Deep Compression Codec" at IGEL Setup -> Sessions -> Citrix XenDesktop / XenApp -> HDX / ICA Global -> Codec -> Graphical Codec - Connect to a XenApp/XenDesktop server with active H.264 Display Mode: See http://support.citrix.com/article/CTX200370 how to determine the Display Mode. [RDP/IGEL RDP Client 2] - Added selection of the input language for RDP sessions. You can configure the input language at Setup Page "Sessions -> RDP -> RDP Global -> Keyboard -> Input Language", or in the registry at rdp.winconnect.input-language. default: default (No input language selected) [VMware Horizon] - Updated VMware Horizon Client to version 4.0.1-3698616 with support for VMware Blast protocol. The following devices are supporting hardware accelerated VMware Blast: - UD2 40 + IZ2 Horizon 40 - UD3 50, IZ3 Horizon 50 - UD5 40, 50 - UD6 51 - UD9 40/41 You can disable hardware acceleration with the following registry key: - vmware.view.allowblacklisteddrivers, Type: bool, default: enabled - Added selection of the input language for Horizon sessions. You can configure the input language at Setup Page "Sessions -> RDP -> RDP Global -> Keyboard -> Input Language", or in the registry at rdp.winconnect.input-language. default: default (No input language selected) [XenDesktop Appliance Mode] - Added additional customiztaion capabilities to XenDesktop appliance mode: - To alter the background color, simply activate the parameter xen.xenapp-morph.customization.use_desktop_color. The background color of the appliance mode then corresponds to the primary desktop color of the first monitor which can be configured at Setup Page "User Interface -> Desktop -> Background" If the above mentioned parameter is turned off, the background color of the XenDesktop appliance mode is black. - Background To alter the style of the dialog images (Press Ctrl+Alt+Enter, Touch here..., etc.), simply activate parameter xen.xenapp-morph.customization.use_wallpaper_style. The style of the dialog images within the appliance mode then corresponds to the wallpaper style of the first monitor which can be configured at Setup Page "User Interface -> Desktop -> Background". If the above mentioned parameter is turned off, the dialog images are displayed centered without being resized. To change the dialog images, please use the following tutorial on eDocs: http://edocs.igel.com/index.htm#10200860.htm [Parallels Client] - Parallels 2X Client updated to v15.0.3736 - Added the possibility to autostart the Parallels exposed application/desktop automatically when opening a Parallels Session. This can be done by adding to the following registry key: - sessions.twox.connection.appid_autostart (integer, default NULL) the "Published Resource" ID number of the exposed application or desktop. The application ID number can be found on the Parallels RAS Console under "Publishing", "Published Resources", "", "information". - The standard application menu list can now be hidden by setting the following registry key to enabled: - sessions.twox.connection.appid_showapplist (boolean, default disabled) - When a user with an expired password try to open a Parallels remote application or desktop a password reset box is showed to allow the user to change the expired password. [NX client] - Nomachine Client updated to version 5.1.9 [vWorkspace] - Updated Dell vWorkspace Connector to version 8.6.1 [Firefox] - Updated Firefox to ESR 38.8.0. [Network] - Added network optimizations for different network scenarios and roaming users: - When a LAN interface is configured but the device is not connected to a cable, startup is traditionally delayed to give the user a chance to fix that. Sometimes this is not desired. So there is a new registry key by which waiting can be turned off: - network.interfaces.ethernet.device%.nolink_nowait, Type bool, Default disabled (old behaviour) - If the UMS is only acceessible in certain environment, startup can be delayed quite significantly. Two new registry keys have been added to inform the system if a connection attempt makes sense or not: - system.remotemanager.device_whitelist, Type string, Default empty This may contain a space-separated list of network devices (eth0 for LAN, eth1 for LAN2, wlan0 for WLAN, ppp10 for MBB, tun0 for OpenVPN). If there are entries in the list a connection to the UMS is only tried, if one of the devices is up. - system.remotemanager.network_whitelist, Type string, Default empty This parameter can contain a space-separated list of network adresses of the form Address/Prefix, e.g. "172.30.0.0/16 192.168.100.0/24". If there are entires in the list a connection to the UMS is only tried, if one of the device's IP addresses is in the scope of one of the list entries. (This obviously is useless with a static IP configuration) - When different environments cannot be distinguished by the previous two mechanisms the startup delay can be reduced by a shorter timeout for connections to the UMS. - system.remotemanager.rmagent_timeout, Type integer, Default 90 This is a time in seconds. The former two mechanisms are preferable. - In this context it is usually a good idea to set the registry key network.global.waitfor_interfaces to disabled. As a reminder: In the case of disabled the result is not only that the system only waits for one interface being up (instead of all). It also means that any "No link" messages regarding Ethernet vanish automatically after a few seconds. [WiFi] - "bgscan" settings is now configured for every WLAN authentication method. The relevant parameters are: - network.interfaces.wirelesslan.device0.bgscan.module - network.interfaces.wirelesslan.device0.bgscan.simple.long_interval - network.interfaces.wirelesslan.device0.bgscan.simple.short_interval - network.interfaces.wirelesslan.device0.bgscan.simple.signal_strength [Open VPN] - Added Aladdin eToken support for Network Manager [Smartcard] - Added new smart card middleware support for cryptovision sc/interface. - For use with Horizon client activate "Enable Horizon logon with cryptovision smartcards" on Setup page "Sessions -> Horizon Client -> Horizon Client Global -> Smartcard" - For use with Firefox Browser activate "Use cryptovision Security Device" on Setup page "Sessions -> Browser -> Browser Global -> Encryption" - For use with Citrix Local Logon mask, Citrix StoreFront, Active Directory/Kerberos Logon or Open VPN activate "Use cryptovision PKCS#11 module" on Setup page "Security -> Smartcard -> Middleware" [base system] - Added German (IBM) keyboard layout. In this layout 'Caps Lock' capitalizes letters but does not affect other keys, e.g. pressing a numeric key results in a number and not the corresponding special character. - Fixed Post Session Command feature ("Auto Logoff") for vWorkspace and NX sesssions. The feature is now configurable at IGEL Setup page "System -> Firmware Customization -> Custom Commands -> Post Session" - Added support to copy a complete session in IGEL Setup: - functionality is available for all session types (e.g. RDP, Citrix, ..) - executed via context menu in IGEL Setup -> Sessions -> [any session] -> Session instance context menu -> Copy - Added Bluetooth System tray icon with the following features: - Open the Bluetooth User Interface: double click on the Bluetooth tray icon or right-click the Bluetooth tray icon then click on "Paired devices" - Disable the Bluetooth client-side device: right-click the Bluetooth tray icon then click on "Disable Bluetooth" - Enable the Bluetooth client-side device: right-click the Bluetooth tray icon then click on "Enable Bluetooth" - List the paired devices - Remove a paired device: right-click the Bluetooth-tray icon and click on a paired device to remove it. To enable the Bluetooth tray icon set the following registry key to enabled: devices.bluetooth.tray (bool, default:disabled) or in IGEL Setup: "Devices -> Bluetooth -> Tray Icon" - Kerberos error message "Error in communication with Active Directory." now is customizable via IGEL Setup Registry parameter userinterface.auth.displaynames.err_ad_unreachable [Driver] - Added support for Lenovo Touchpad SK-8835 - Added Bluetooth support: - Based on BlueZ 5.37 with support for GAP, GATT and SDP protocols v4.2 (Low Energy Bluetooth devices) - Bluetooth support can be activated in IGEL Setup: "Devices -> Bluetooth -> Activate Bluetooth on System startup" or by setting the following registry key to enabled: devices.bluetooth.enable (bool, default:disabled) - Added a Bluetooth User Interface with the following features: - Search for new devices: scan for new Bluetooth devices start automatically - Pair a new device methods: - Random key exchange: type in the right number sequence showed in the UI in the device (most keyboard devices) - Automatic key exchange: automatic key exchange between device and client, user intervention is not required (Low Energy device like mouse) - On screen confirmation: confirm that the number sequence showed in the UI is the same shown on the device - Fixed PIN Option: specify the PIN to use to pair the Bluetooth device - Remove a paired device: - select a paired device and click on the "Forward" button The User Interface to pair Bluetooth devices can be found in "IGEL Setup -> Accessories" and in the Application Launcher. - Added new Olympus Dictation driver for Citrix from 12.04.2016. - Added new Dictation driver Diktamen for Citrix Enable at IGEL Setup page "Sessions -> Citrix XenDesktop / XenApp->HDX / ICA Global -> Mapping -> Device Support -> Diktamen Channel for Dictation" Supported Devices: - Dictation devices VID PID - Grundig SonicMic EU 0x15d8 0x0025 - Grundig SonicMic US 0x15d8 0x0026 - Grundig SonicMic US 0x15d8 0x002A - Grundix Cordex 0x15d8 0x0020 - Philips 32xx,35xx 0x0911 0x0c1c - Philips 52xx 0x0911 0x149a - Philips 6264 0x0911 0x1878 - Philips 6274 0x0911 0x2512 - Olympus DR 2000 0x07b4 0x0216 - Olympus DR 2100 0x07b4 0x0253 - Foot pedals VID PID - VEC 0x05f3 0x00ff - Philips, old version 0x0911 0x184c - Philips 0x0911 0x1844 - Infinity 0x0e0f 0x0003 - Grunding 0x15d8 0x0024 - Olympus 0x07b4 0x0218 - DictaPhone 0x04b4 0x0100 [Java] - Updated Java Runtime Environment to 1.8.0_92 - Fixes CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-0695, CVE-2016-3425, CVE-2016-3422, CVE-2016-3426 [TC Setup (Java)] - Updated IGEL Setup concerning smart cards: - Setup page "Devices -> Smartcard" moved to "Security -> Smartcard" - smart card middleware (PKCS#11 module) selection for Citrix ICA Local Logon window, Citrix StoreFront and AD/Kerberos Logon now is located on Setup page "Security -> Smartcard -> Middleware" - there are page links for direct navigation between the related pages [Remote Management] - Added logging of Citrix StoreFront / Web Interface login and logoff events to Universal Management Suite. To enable this feature, activate parameter at Setup page "System -> Remote management -> Logging -> Log login and logoff event"s. For this feature UMS version 5.02.100 or newer is required. [X11 System] - Updated mesa stack to xenial (lts-xenial) version. - Added Samsung wallpapers to be used on Samsung TC2 devices as default. [Caradigm] - Updated Caradigm Appliance Mode. Caradigm Appliance can be configured at Setup page: "IGEL Setup -> Appliance Mode -> Caradigm" (registry keys: caradigm) New registry keys: - caradigm.session_type_params.vvdm. - Added support for VMware Horizon. A VMware Horizon desktop connection must be configured at Setup page "IGEL Setup -> Appliance Mode ->Caradigm" and "IGEL Setup -> Horizon client Global" ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed Local Logon with Citrix. The username and password that you have typed in the local logon window weren't passed to the desktop. You had to type the username and password again on the login of the desktop. - With the new parameter " Userinterface -> Hotkeys -> Commands -> Activate ctrl+alt+end for citrix sessions" the user can use ctrl+alt+end to change his password. [RDP/IGEL RDP Client 2] - Fixed video and audio sync with videos if in a RDP session the EVOR (Enchanced Video Optimized Remoting) protocol is established between the server and the client. - Fixed a problem with Cherry G80-1502 keyboard in combination with a Microsoft Windows Server 2008R2 Terminal Server. - Fixed multimedia redirection of MPEG-1 and MPEG-2 videos in a RDP session. - Optimized connection mechanism to a DNS Round Robin server Farm. Previously it could take some time until a connection was successfully initiated. - Added new registry parameter rdp.winconnect.compression-level to customize the compression algorithm used. range = 8K, 64K, RDP6, RDP6.1; default = RDP6.1 - Fixed potential endless loop in the RDP client when RemoteFX is disabled on the server and a lot of graphics updates happen (i.e. Excel 2010 scrolling) - Fixed a possible freeze if RemoteFX and RemoteFX codec mode WAN was used. This bug only occured on slow single core devices. [RDP/IGEL Legacy RDP Client 1.0] - Fixed a bogus error message after session logout. This message did only appear if rdp toolbar, and local logon were not enabled. [RD Web Access] - Improved RD Web Access autostart feature. There is no need to create the destkop icons to start an app automatically. [Quest vWorkspace] - Removed broken parameter "Keyboard Map" (sessions.qrdesktop%.option.keyboard) from Setup page "Sessions -> vWorkspace Client -> vWorkspace Client Sessions -> [vWorkspace Client Session] -> Keyboard". [PowerTerm] - New Ericom PowerTerm InterConnect version 11.0.3.0.20160407.1-_dev_-34574 (replaces version 10.2.0.0.20150802.1-_dev_-34574). The following issues have been addressed: - when changing the background frame color to another color than black, after start of the emulator the frame will be displayed in black - in IBM 5250 emulation, when switching from 27x132 to 24x80 mode, in the frame some remainders of the previous screen are visible - sporadic wrong content in emulation window (only occurred on multi processor devices) - sporadic freeze of communication in IBM 5250 emulation (only occurred on multi processor devices) [Open VPN] - Fixed OpenVPN if session is triggered on system boot and also on desktop autostart that results in an unnecessary restart of this session. Now, if one session is already configured for start at system boot, generic autostart of VPN sessions is disabled. [Imprivata] - Fixed a bug where changing Imprivata settings at IGEL setup did not change the Imprivata config file if the Imprivata appliance mode was already in use. [Smartcard] - Fixed access to Safenet / Aladdin eToken. No communication with the token was possible before, token appeared as uninitialized. [base system] - Fixed appearance of taskbar even if it is disabled. - Updated CA certificates to 2016-01-04 version. - Fixed openssl security issues CVE-2016-2109, CVE-2016-2108, CVE-2016-2107, CVE-2016-2106 and CVE-2016-2105. - Fixed libdmx security issue CVE-2013-1992. - Fixed pam security issues CVE-2015-3238, CVE-2014-2583 and CVE-2013-7041. - Fixed nss security issues CVE-2016-1950, CVE-2016-1938, CVE-2015-7575, CVE-2015-7182 and CVE-2015-7181. - Fixed bind9 security issues CVE-2016-1286, CVE-2016-1285, CVE-2015-8704 and CVE-2015-8000. - Fixed cups-filters security issues CVE-2015-8560 and CVE-2015-8327. - Fixed libgcrypt11 security issue CVE-2015-7511. - Fixed gnutls26 Poodle TLS issue and security issue CVE-2015-7575. - Fixed graphite2 security issues CVE-2016-2802, CVE-2016-2801, CVE-2016-2800, CVE-2016-2799, CVE-2016-2798, CVE-2016-2797, CVE-2016-2796, CVE-2016-2795, CVE-2016-2794, CVE-2016-2793, CVE-2016-2792, CVE-2016-2791, CVE-2016-2790, CVE-2016-1977, CVE-2016-1526, CVE-2016-1523, CVE-2016-1522 and CVE-2016-1521. - Fixed krb5 security issues CVE-2015-5355, CVE-2015-2698, CVE-2015-2697, CVE-2015-2696, CVE-2015-2695 and CVE-2015-2694. - Fixed jasper security issues CVE-2016-2116 and CVE-2016-1577. - Fixed nspr security issue CVE-2015-7183. - Fixed pcre3 security issues CVE-2016-3191, CVE-2015-2328, CVE-2015-8380, CVE-2015-8382, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393 and CVE-2015-8394. - Fixed pixman security issue CVE-2014-9766. - Fixed libpng security issues CVE-2015-8540, CVE-2015-8472, CVE-2015-8126 and CVE-2015-7981. - Fixed libsndfile security issues CVE-2015-7805, CVE-2014-9756 and CVE-2014-9496. - Fixed tiff security issues CVE-2015-8784, CVE-2015-8783, CVE-2015-8782, CVE-2015-8781, CVE-2015-8683 and CVE-2015-8665. - Fixed libwbclient0 security issues CVE-2016-0771, CVE-2015-8467, CVE-2015-7560, CVE-2015-7540, CVE-2015-5330, CVE-2015-5299, CVE-2015-5296, CVE-2015-5252, CVE-2015-3223, CVE-2016-2118, CVE-2016-2115, CVE-2016-2114, CVE-2016-2113, CVE-2016-2112, CVE-2016-2111, CVE-2016-2110 and CVE-2015-5370. - Fixed xerces-c security issue CVE-2016-0729. - Fixed libxml2 security issues CVE-2015-8710, CVE-2015-8317, CVE-2015-8242, CVE-2015-8241, CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-7500, CVE-2015-7499, CVE-2015-7498, CVE-2015-7497, CVE-2015-5312 and CVE-2015-1819. - Fixed isc-dhcp security issue CVE-2015-8605. - Fixed openssh security issues CVE-2016-0778, CVE-2016-0777, CVE-2016-3115, CVE-2016-1908 and CVE-2015-8325. - Fixed curl security issue CVE-2016-0755. - Fixed libtasn1-6 security issues CVE-2016-4008. - blocked all access to tcp port 631 (Samsung TC2 only) limited ssh client and server cipher via config file to only secure variants (Samsung TC2 only) [Driver] - New StepOver TCP Client version 1.0.2: - Fixed stability of the daemon. Before sporadically communication with the signature pad was lost. - Dictation with Nuance: Added file /userhome/.log4crc for configuration of logging. [Storage Devices] - Mounting hotplug storage devices can now be restricted based on the device class (floppy, optical, harddisk, flash, other). New registry keys: - devices.hotplug.enable_floppy - devices.hotplug.enable_optical - devices.hotplug.enable_harddisk - devices.hotplug.enable_flash - devices.hotplug.enable_other These are all of type bool. Their default value is enabled. If enabled mounting volumes on floppies, optical media, harddisks, flash memory devices, and others is enabled respectively. [X11 system] - Fixed eGalax touch screen calibration in dual monitor set up (e.g. UD9-LX Touch 41). Before it could happen that after calibration the second monitor was not working correctly until next reboot. - Fixed black screen issues if changing from mirror to extended screen configuration on newer Radeon devices - Fixed screen corruptions if resolution of mirrored screens is changed in DisplaySwitcher. - Changed graphic output name DisplayPort to eDP on Samsung TC2 (so the internal panel shown as internal panel) - Improved DisplaySwitcher Mirror configuration (resolution and rotation changes in advanced menu) - Fixed usage of highest common resolution (former it was not always the highest resolution) in mirror mode. - Fixed DisplaySwitcher that preserve settings working correctly after reboot. - Changed screensaver logo on Samsung TC2 devices. [Windowmanager] - Fixed a bug where the desktop crashed on very low resolutions. - Fixed product logo in start menu on Zero Clients - Fixed a bug where changing the pointer speed or the double click interval in the IGEL Setup while the Display Switch is opened resulted in a pointer speed of 1 and a double click interval of 100. This in turn made a double click almost imposible. - Fixed a bug where the language of the context menu items for the window button bar was always English, regardless of the configured language. [Audio] - Fixed restoring of sound volume after automatic session logoff. - Improved responsiveness for sound volume control to user changes. [Hardware] - Limited minimal resolution in DisplaySwitcher on Samsung TC2 hardware to 640x480 - Fixed spurious headphone plugged misdetects when playing loud music on Samsung TC2 hardware. - Added registry key x.drivers.ati.use_shadow_primary (default: disabled). If set to enabled it could fix slow RDP performance problems on ATI/AMD graphic cards. - Fixed slow UMD performance. Fixed bad network performance with small packages. [Remote Management] - Download all files and send an error message to IGEL UMS if one or more files not available. Also send a syslog message with the filename. [VNC] - Improved security of Secure VNC: A stronger certificate with signature algorithm sha512RSA and key length 4096 Bit will be created and used. The new certificate will be placed in directory /wfs/client-certs.