IGEL Linux ========== Version 5.11.100 Release date 2017-03-03 Supported devices: IZ2-RFX, IZ2-HDX, IZ2-HORIZON IZ3-RFX, IZ3-HDX, IZ3-HORIZON UD2-LX 40, UD2-LX 31, UD2-LX 30 UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40, UD3-LX 31 UD5-LX 50, UD5-LX 40, UD5-LX 30 UD6-LX 51 UD9-LX Touch 41, UD9-LX 40, UD9-LX Touch 31, UD9-LX 30 UD10-LX Touch 10, UD10-LX 10 ============================================================================= Versions: ============================================================================= Clients: - Citrix Access Gateway Standard Plug-in 4.6.3.0800 - Citrix HDX Realtime Media Engine 2.2.0-837 - Citrix Receiver 12.1.8.250715 - Citrix Receiver 13.3.2.366713 - Citrix Receiver 13.4.2.10146724 - Dell vWorkspace Connector for Linux 8.6.1 - Ericom PowerTerm 12.0.1.0.20170219.2-_dev_-34574 - Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848 - Ericom Webconnect 5.6.0.4000-rel.20413 - Evidian AuthMgr 1.4.6132 - Evince PDF Viewer 2.30 - FabulaTech USB for Remote Desktop 5.1.3 - Firefox 45.6.0 - IBM iSeriesAccess 7.1.0-1.0 - IBM iAccess Client Solutions 1.1.5.0 - IGEL Legacy RDP Client 1.0 - IGEL RDP Client 2.2 - Imprivata OneSign ProveID Embedded - Leostream Java Connect 3.0.57.0 - NCP Secure Client (Enterprise) 3.25-rev23310-i686 - NX Client 5.1.9 - Open VPN 2.3.2 - Oracle JRE 1.8.0_121 - Parallels 2X Client 15.0-3865 - Remote Viewer 4.0 for RedHat Enterprise Virtualization Desktops - Systancia AppliDis 4.0.0.14 - Thinlinc Client 4.7.0-5280 - ThinPrint Client 7.0.72 - Totem Media Player 2.30.2 - Nimboxx VERDE Client 8.0.0-rel.25568 - VMware Horizon Client 4.3.0-4710754 - Voip Client Ekiga 4.0.1 - CREALOGIX CLX.Giromat 1.1.0b3 Dictation: - Driver for Grundig Business Systems dictation devices - Diktamen Extensions for dictation 1.1 - Nuance Audio Extensions for dictation 7.47.0 - Driver for Olympus dictation devices - Legacy Philips Speech Driver 5.0.10 - Philips Speech Driver 12.4.10 Signature: - signotec VCOM Daemon 2.0.0 - Softpro/Kofax Citrix Virtual Channel 3.1.33.2 - StepOver TCP Client 1.0.2 Smartcard: - PKCS#11 Library A.E.T SafeSign 3.0.93 - PKCS#11 Library Athena IDProtect 623.07 - PKCS#11 Library cryptovision sc/interface 6.6.3 - PKCS#11 Library Gemalto IDPrime 1.2.1 - PKCS#11 Library SecMaker NetID 6.5.2.37 - PKCS#11 Library ASIP Sante cryptolibcps 5.0.9 - Reader Driver ACS CCID 1.1.1 - Reader Driver HID Global Omnikey CCID 4.0.5.5 - Reader Driver Identive / SCM Microsystems CCID 5.0.35 - Reader Driver MUSCLE CCID 1.4.25 - Reader Driver Omnikey CCID legacy-3.6.0 - Reader Driver Omnikey RFID legacy-2.7.2 - Reader Driver REINER SCT cyberJack 3.99.5final.SP09 - Reader Driver Gemalto / SafeNet eToken 8.1.0-4 - Reader Driver SCM Microsystems CCID Legacy 5.0.21 - Reader Driver SCM Microsystems SDI011 5.0.18 - Resource Manager PC/SC Lite 1.8.20 System Components: - Kernel 4.4.35 #59.80-ud-r1701 - Graphics Driver INTEL 2.99.917+git20160706-1ubuntu1 - Graphics Driver ATI/RADEON 7.8.0-1 - Graphics Driver ATI/AMDGPU 1.2.0-1 - Graphics Driver VIA 5.76.52.92-009-005f78-20150730 - Graphics Driver VIA Legacy 5.75.32.87a-59172 - Input Driver Evdev 2.9.0-1ubuntu2~trusty1 - Input Driver eGalax 2.5.2107 - Input Driver Wacom 0.25.0-0ubuntu1.1~trusty1 - Xorg X11 Server lts-wily-1.17.4 - Xorg Xephyr lts-wily-1.17.4 ============================================================================= Known Issues: ============================================================================= [Citrix] - Videos encoded with the rare combination H.264/MP3 won't play audio [VMware Horizon] - On UD3 50/IZ3 50 hardware accelerated Blast sessions (using client version 4.3.0) are only shown correctly in sessions with more than 1152 pixel height. This could affect also other hardware with AMD Mullins type chipset. [Evidian] - Active Directory users with a password containing special characters may have problems to authenticate with the configured session. Known special characters which results in errors are: ` (grave accent, ASCII code 96) ´ (acute accent, ASCII code 239) [Universal MultiDisplay] - While updating the UMD slave devices from 5.10.100 or older firmwares there will be screen flickering and corruptions until the update is finished. [genucard VPN] - When establishing a VPN connection using the autostart mechanism, the VPN connection times out after approximately 6h. This is due to the login session being closed and the automatic reconnection of the genucard can not happen again. Possible workarounds: * After the desktop gets shown, login to the genucard application again normally, and leave the connector application open. * Disable the autostart mechanism and establish the VPN connection using the appropriate starting method on the desktop. ============================================================================= IGEL Linux 5.11.100 ============================================================================= New features: ============================================================================= [Linux 10 Upgrade] - It is now possible to upgrade to IGEL Linux 10. For more information, please see the particular section in eDocs. http://edocs.igel.com/#12642.htm The registry keys for configuring the desktop integration of the IGEL Linux 10 Upgrade tool are the following: * sessions.igel_check_upgrade0.applaunch * sessions.igel_check_upgrade0.applaunch_system (default: true) * sessions.igel_check_upgrade0.desktop * sessions.igel_check_upgrade0.pulldown * sessions.igel_check_upgrade0.quick_start * sessions.igel_check_upgrade0.startmenu * sessions.igel_check_upgrade0.startmenu_system (default: true) [Citrix] - Updated Citrix HDX RTME (Skype for Business Optimization Pack) to 2.2.0-837. - Added basic support for CID (Certificate Identity Declaration) with SecMaker smart cards. For this feature Citrix Receiver 13.4 or newer is required. To enable the feature activate the following parameter in registry: parameter name: ica.authman.cid default value: false - Added domain white list for certificates located on smart card. This list is used to filter certificates for login with smart card to Legacy ICA sessions when the local login window is active. Parameter (in Registry): scard.pkcs11.domain_whitelist default value: (empty) The value is a comma separated list of domains. If the first character of the domain is '*', all domains which end with the given name match, e.g. example.com, *.example2.com [Citrix Receiver 13] - Integrated Citrix Receiver 13.3.2 (default) - Integrated Citrix receiver 13.4.2 [RDP/IGEL RDP Client 2] - Added the Desktop Scale Factor option to change the RDP session scale: Sessions -> RDP -> RDP Global -> Window -> Desktop Scale Factor Sessions -> RDP -> RDP Sessions -> (session) -> Window -> Desktop Scale Factor - Added selection of Display Resolution for RDP sessions. Now it is possible to start an RDP session with a display resolution different than the window size. The session will be scaled to fit in the selected window size, with a session resolution selected by Display Resolution parameter. The display resolution can be configured at "Sessions -> RDP -> RDP Sessions -> Session X -> Window -> Display Resolution". The default value is "Same as Window Size". NOTE: This new feature does not work with multi-monitor sessions. This feature also ignores Display Control setting from "Sessions -> RDP -> RDP Global -> Window -> Enable Display Control". - Basic support for RDP codec activity monitoring. Usage: A local shell is needed. 1. Determine the process id (pid) of the RDP session in question: The corresponding binary is "igelrdp2". 2. Start the monitor /services/rrdp/bin/rdpmon The monitor shows codec activities in real time. Only codecs belonging to RemoteFX Adaptive Graphics are monitored. If the monitor doesn't indicate any activity, this means that RemoteFX is not active for some reason. - Added a notification label to RDP login dialogue to signalize a wrong password or username. The login dialogue is also opened again after a failed login. - Added calculator key to known keys. Now you can use the calculator key to start the calculator inside a RDP session can be used. [VMware Horizon] - Updated VMware Horizon Client to version 4.3.0-4710754 [PowerTerm] - New Ericom PowerTerm version 12.0.1.0.20170219.2-_dev_-34574. [Parallels Client] - Updated Parallels Client to version 15.0-3865 (Hotfix 5) [IBM_5250] - Added IBM iAccess Client Solutions 5250 emulation version 1.1.5.0. Configuration can be done in IGEL Setup under "Sessions->IBM iAccess Client". For further information, please refer to the edocs section or the documentation provided in the client at "Help -> Information Center". [ThinLinc] - Updated ThinLinc Client to version 4.7.0-5280 [FabulaTech] - Updated FabulaTech USB for Remote Desktop Client to version 5.1.3. [Firefox] - Updated Mozilla Firefox to version 45.6.0 - Updated Flash Player download URL to version 24.0.0.194 [RedHat Enterprise Virtualization client] - Updated RedHat/Spice virt-viewer client to version 4. [Network] - Added a new configuration to disable reverse dns lookup of the terminal name: registry key network.dns.hostname_dnslookup, default: enabled [WiFi] - Added support for WiFi D-Link DWA-171 A1G (Realtek 802.11n rtl8812au/rtl8821au) Added support for WiFi TP-LINK TL-WN725N (Realtek 802.11n rtl8188eu) - Updated WPA Supplicant to version 2.6 [OpenVPN] - Added restart option for boot time started VPN connections. All session based autostart/restart settings will be ignored as long as a boot time VPN connection is configured. [genucard VPN] - Improved user feedback, usability and error handling - Added: Performing firmware update over genucard VPN is now possible even without a visible desktop. - Updated labels to new genua corporate design. [Imprivata] - Updated Imprivata Loader to onesign-bootstrap-loader_1.0.396200_i386 Fri Nov 4 12:33:54 EDT 2016 [Smartcard] - Added CoolKey PKCS#11 library version 1.1.0. - Use with Kerberos and/or Citrix StoreFront Logon: On page Security->Smartcard->Middleware activate "Use a custom PKCS#11 module" and set "Path to the library" to "/usr/lib/pkcs11/libcoolkeypk11.so" - Use with VMware Horizon: In IGEL Registry set the following parameters: vmware.view.pkcs11.use_custom true vmware.view.pkcs11.custom_path /usr/lib/pkcs11/libcoolkeypk11.so - Use with Firefox browser: In IGEL Registry set the following parameters: browserglobal.security_device.custom.enable true browserglobal.security_device.custom.device_name CoolKey browserglobal.security_device.custom.lib_path /usr/lib/pkcs11/libcoolkeypk11.so - Added support for smart card reader HID Global OMNIKEY 3x21 with USB Id 076B:3031 (AVIATOR). - Integrated PKCS#11 driver ASIP Sante cryptolibcps version 5.0.9 and smart card reader driver galss version 3.40.03-1. - Updated SecMaker Net iD to version 6.5.2.37. This version supports Citrix CID (Certificate Identity Declaration). - Updated Open Source CCID smart card driver to version 1.4.25 New supported readers: Vendor Device Name 0x058F 0x9540 Alcor Micro AU9560 0x1059 0x0019 G&D StarSign CUT S 0x24DC 0x0402 Aladdin R.D. JaCarta 0x2406 0x5003 appidkey GmbH ID50 -USB 0x2406 0x5004 appidkey GmbH ID100-USB SC Reader 0x0A5C 0x5832 Broadcom Corp 5880 0x0A5C 0x5833 Broadcom Corp 5880 0x0A5C 0x5834 Broadcom Corp 5880 0x046A 0x00A7 Cherry SmartTerminal XX44 v2 0x2CE4 0x7479 ESMART Token GOST 0x096E 0x0622 Feitian VR504 VHBR Contactless & Contact Card Reader 0x096E 0x0623 Feitian bR500 0x0BF8 0x1024 Fujitsu Smartcard Reader D323 0x076B 0x3A21 Generic USB Smart Card Reader 0x076B 0x5022 HID Global OMNIKEY 5022 Smart Card Reader 0x076B 0x6632 HID Global OMNIKEY 6121 Smart Card Reader 0x076B 0x3B01 IonIDe Smartcard Reader 0x2A18 0x5000 KACST HSID Reader 0x2A18 0x5001 KACST HSID Reader Single Storage 0x2A18 0x5002 KACST HSID Reader Dual Storage 0x0A5C 0x5800 Broadcom Corp 5880 0x0A5C 0x5805 Broadcom Corp 5880 0x03F0 0x1024 HP USB Smart Card Keyboard 0x04CC 0x5072 KEBTechnology KONA USB SmartCard Added Cherry smart card readers for use with IGEL Smartcard: Cherry KC 1000 SC Cherry KC 1000 SC/DI Cherry KC 1000 SC Z Cherry KC 1000 SC/DI Z Cherry SmartTerminal XX44 v2 - Updated Reader Driver REINER SCT cyberJack to version 3.99.5final.SP09 This fixes problems when the USB reader is unplugged. - Updated PC/SC Lite to version 1.8.20. Fixed stability and protocol errors. [Base system] - All appliance modes: The automatic start of the system's screensaver no longer gets disabled. The system's screen lock still gets disabled. I.e. sessions.xlock0.options.autolock=false is not implied anymore, but sessions.xlock0.options.usepassword=none is still active. - Updated Dutch and French user interface translation. - Improved gathering of debug information about network state changes, syslog or host reachability problems. Collecting information about syslog, tcpdump, ping or HTTP/s requests is now possible. Please see http://edocs.igel.com/index.htm#10482.htm for further information - Updated timezone data to version 2016j-0ubuntu0.14.04 - Updated kernel to version 4.4.35. - Updated realtek r8168 driver from 8.040.00 to 8.042.00. Improved reliability of connection with the r8168 driver. [Philips Speech] - Updated Philips Speech Driver to version 12.4.10 - Added support for SpeechMike Premium Touch - Added support for SpeechAir [X11 system] - Added BLT as possible intel acceleration method (registry key: x.drivers.intel.accel_method) - Updated graphics drivers - Added option to disable reaction to display hotplug events for DisplayPort only or for all ports (very useful for DisplayPort power-off disconnect issues). Registry key: sessions.user_display0.options.disable_hotplug Possible values: none, dp, all - Improved DisplaySwitcher to visualize it more clear which screen is exactly which on the simple view configuration buttons. Changed "Identify Displays" button in DisplaySwitcher simple view, to work as in advanced view. - Added the possibility to use Intel gma500 driver (useful for some ATOM based devices), activated via registry key. New registry key: * x.drivers.use_gma500, default: false [X server] - Updated Xorg server to version 1.17.4. [Universal MultiDisplay] - Updated to a new UMD implementation with improved performance and stability. This may be configured by the following registry keys: * x.dmx.dmx_old_variant, default: false * x.dmx.use_nxproxy, default: false * x.dmx.use_nxproxy_compression, default: false [Audio] - Added Sidetone volume control to the advanced sound mixer. [Multimedia] - Updated Fluendo video codecs [Misc] - Added CREALOGIX CLX.Giromat application for reading Swiss banking payment slips. The starting methods of the application can be configured under 'Accessories -> CLX.Giromat'. [Evidian] - Integrated Evidian AuthMgr version 1.4.6132. Evidian AuthMgr sessions can be configured at "IGEL Setup->Evidian" (registry keys: sessions.rsuserauth%) Registry keys: * sessions.rsuserauth.parameters.crypt_password, default: empty * sessions.rsuserauth.parameters.url0.protocol, default: http * sessions.rsuserauth.parameters.url0.server, default: empty * sessions.rsuserauth.parameters.url0.port, default: http * sessions.rsuserauth.parameters.url0.custom_port, default: 9764 * sessions.rsuserauth.parameters.url0.service, default: /soap * sessions.rsuserauth.parameters.url0.cacert_path: empty * sessions.rsuserauth.parameters.url1.server, default: empty * sessions.rsuserauth.parameters.url1.port, default: http * sessions.rsuserauth.parameters.url1.custom_port, default: 9764 * sessions.rsuserauth.parameters.url1.service, default: /soap * sessions.rsuserauth.parameters.url1.cacert_path: empty * sessions.rsuserauth.parameters.url2.server, default: empty * sessions.rsuserauth.parameters.url2.port, default: http * sessions.rsuserauth.parameters.url2.custom_port, default: 9764 * sessions.rsuserauth.parameters.url2.service, default: /soap * sessions.rsuserauth.parameters.url2.cacert_path: empty * sessions.rsuserauth.parameters.url3.server, default: empty * sessions.rsuserauth.parameters.url3.port, default: http * sessions.rsuserauth.parameters.url3.custom_port, default: 9764 * sessions.rsuserauth.parameters.url3.service, default: /soap * sessions.rsuserauth.parameters.url3.cacert_path: empty * sessions.rsuserauth.parameters.url4.server, default: empty * sessions.rsuserauth.parameters.url4.port, default: http * sessions.rsuserauth.parameters.url4.custom_port, default: 9764 * sessions.rsuserauth.parameters.url4.service, default: /soap * sessions.rsuserauth.parameters.url4.cacert_path: empty * sessions.rsuserauth.parameters.sessiontype, default: None * sessions.rsuserauth.parameters.custom.start_exec, default: empty * sessions.rsuserauth.parameters.custom.stop_exec, default: empty * sessions.rsuserauth.parameters.message, default: false * sessions.rsuserauth.parameters.tapping, default: false * sessions.rsuserauth.parameters.tapping_deplay, default: 3 * sessions.rsuserauth.parameters.debug, default: false * sessions.rsuserauth.parameters.debug_level, default: none * sessions.rsuserauth.parameters.ini, default: false * sessions.rsuserauth.parameters.ini_path, default: /etc/rsUserAuth/rsUserAuth.ini An Evidian AuthMgr session starts automatically by default and a session icon will not appear on the desktop * sessions.rsuserauth.autostart, default: true * sessions.rsuserauth.desktop, default: false Obsolete parameters compared with Linux v5.10.100 (and before) * sessions.rsuserauth.cacert.path * sessions.rsuserauth.parameters.url - Added support for multiple Evidian E-SSO controllers - Added support for Citrix XenDesktop/XenApp A Citrix server must be configured at "IGEL Setup->Sessions->Citrix XenDesktop/XenApp->Citrix Storefront/Web Interface->Server" - Added support for RDP. A configured RDP session is required. Note: The first configured RDP session will be used. - Added support for VMware Horizon. A configured VMware Horizon session is required. Note: The first configured VMware Horizon session will be used. [Java] - Updated Oracle JRE to 1.8U121 [TC Setup (Java)] - Updated TC Setup to version 5.3.35 [Caradigm] - Added Caradigm session as new session type. Caradigm sessions can be configured on setup page: "IGEL Setup->Sessions->Caradigm" (registry keys: sessions.caradigm0) Client specific settings are shared with Caradigm appliance settings. (registry keys: caradigm) - Improved UI design. - Added autostart functionality to Caradigm sessions. Caradigm sessions can be configured at Setup page: "IGEL Setup->Sessions->Caradigm" (registry keys: sessions.caradigm0) Client specific settings are shared with Caradigm Appliance settings. (registry keys: caradigm) New registry keys: * sessions.caradigm0.autostart, default: false * sessions.caradigm0.waittime2autostart, default: 0 [Remote Management] - Added: Systems with dynamic graphics memory size report "Dynamic" as size to UMS. [VNC] - Added "repeat" option to the x11vnc server configuration. This will enable the autorepeating keystrokes feature triggered by long press of the key down button. The parameter may be set in the registry with the following option: * network.vncserver.kb_repeat (default: enabled) ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed: Screenshot that is copied to clipboard by the Screenshot Tool can be pasted into Citrix sessions now. Prerequisites: Open the Citrix session before taking the screenshot. - Fixed distorted sound output in applications using ALSA (e.g. Citrix ICA Receiver). - Fixed audio input in applications using ALSA (e.g. Citrix ICA Receiver). - Fixed: The parameter SpeedScreenMMAStopOverlayHandlingEvents is set to false by default. This should improve scaling of the video window while using multimedia redirection. - Fixed local logon with disabled show domain. Local logon uses domain entries from ica session or from citrix global config correctly - Fixed: User names with ' are handled correctly in Citrix XenApp/StoreFront logon now. - Fixed: Citrix Receiver 13.4.2 fixes some problems with popup dialogs of seamless applications (e.g. the print dialog of Adobe Reader XI) - Fixed: Citrix session login window with smartcard authentication translated correctly to german - Fixed: The parameter ica.wfclient.logoffdesktopthrotwi is set to true by default - Fixed password change over netscaler - Fixed: "Touch here..." button within Citrix XenDesktop Appliance mode not being displayed even though touchscreen is present. - Improved handling of data underruns in audio streams using ALSA over Pulseaudio. [Citrix Receiver 12] - Fixed: The parameter SpeedScreenMMAStopOverlayHandlingEvents is set to false by default. This should improve scaling of the video window while using multimedia redirection. - Fixed sticky shift and right control keys in ICA sessions when generic keyboard mapping is specified. Before this fix the status of these modifiers inside the session window could be wrong after the window got active again. [Citrix Receiver 13] - Fixed: The parameter SpeedScreenMMAStopOverlayHandlingEvents is set to false by default. This should improve scaling of the video window while using multimedia redirection. - Fixed sticky shift and right control keys in ICA sessions when generic keyboard mapping is specified. Before this fix the status of these modifiers inside the session window could be wrong after the window got active again. [RDP/IGEL RDP Client 2] - Fixed the certificate dialog in the RDP multipoint server appliance mode to appear on top. - Fixed a bug in Remote Desktop Web Access on devices with poor performance (e.g. D210). Previously the session did not start and the "Getting Applications" window froze. - Fixed a bug in "System -> Firmware Customization -> Custom Commands -> Post Session" when RDP was selected. Now the RDP Login Window is considered and execution of the selected command after the login window is closed. - Fixed printer redirection with custom driver name. Previously printers were always redirected with MS Publisher ImageSetter driver name. Now the settings from IGEL Setup take effect again. - Fixed a bug in evaluation of parameter "Sessions -> RDP -> RDP Global -> Options -> Inverted cursor color". Now the cursor should behave like intended. - Fixed: The global key "verify server certificates" on the options page will now be evaluated by RD Web Access. If it is disabled, the check certificate dialog will not longer appear if the server certificate could not be evaluated by the client. - Fixed a keyboard focus issue in RDP Web Access sessions for certain applications, especially for Microsoft Dynamics Navision 2015 in fullscreen mode and the UMS console. - Added evaluation of parameter "Setup -> Sessions -> RDP -> RDP Global -> Mapping -> Audio -> Audio Capture" to RDP Web Access sessions. - Added a new registry parameter rdp.login.show_message. This parameter is used for RDP Sessions with RemoteApps mode enabled. If this parameter is enabled a window is shown before the RemoteApp will be started. The window displays the login process or, if configured, an interactive login message set by Group Policy. - Fixed problem with graphical window fragments in RDP sessions to server 2012r2. - Fixed logon with smart card or token. Reconnecting to a disconnected session failed sporadically. - Added: Allows RDP native USB redirection of devices of the communication device class when they are enabled explicitly via their vendor/product id in the "Device Rules" section of the "Native USB Redirection" settings. - Fixed a problem with smart card redirection. Communication with smart cards e.g. when using DATEV software failed. - Fixed RDP drawing issues with non-RemoteFX remote app sessions. - Fixed automatic reconnect while serial port mapping is active. Could happen that the RDP client froze before. [RD Web Access] - Fixed printer mapping in Remote Desktop Web Access sessions. In some cases print jobs were not printed out. - Fixed printer mapping in RDP sessions. Starting from version 5.10.160 printers with default Microsoft printer driver were not mapped into sessions. [VMware Horizon] - New horizon client version fixes instability of RTAV: Multiple starting and stopping sound recordings, usually when using a dictaphone, do not not crash the client anymore. - Fixed bug regarding local logon in appliance mode, where credentials were not correctly passed to Horizon Client. - Fixed handling of sessions which should only use the local logon dialog. Before it was possible to use the client's internal logon dialog for connection to the server. - Fixed lockup which occured after logging off a hw accelerated blast session running on intel baytrail chipset [PowerTerm] - Fixed sporadic display problems in 5250 emulation. - Fixed input of Euro sign in IBM 5250 Display emulation with Host Code Page supporting Euro, e.g. 1141. - Changed default directory path for SSL certificates to /userhome/.ssl; the former value ~/.ssl did not work as expected. [Parallels Client] - Fixed: When a user with an expired password tries to open a Parallels remote application or desktop, a password reset box is now shown to allow the user to change the expired password. - Fixed URL redirect with Parallels client. [RedHat Enterprise Virtualization client] - Fixed RedHat/Spice Appliance Mode MultiScreen setup: Added a multimonitor fallback configuration that will be used for all remote VM without an explicit server configuration. The fallback config will assign the VM display 1 to TC monitor 1, VM display 2 to TC monitor 2 etc for 4 display/monitor (1:1;2:2;3:3;4:4). - Fixed browser window resize after disconnect in appliance mode for Red Hat/Spice virt-viewer client. [Network] - Registry keys have been added to influence EAP authentication attributes. These settings are for experts only! * network.interfaces.wirelesslan.device0.wpa.phase1_direct * network.interfaces.wirelesslan.device0.wpa.phase2_direct * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.phase1_direct * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.phase2_direct * network.interfaces.ethernet.device%.ieee8021x.phase1_direct * network.interfaces.ethernet.device%.ieee8021x.phase2_direct They are all of type string and their default value is empty. The values directly affect the phase1/phase2 settings for wpa_supplicant. Documentation can be found here: https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf Radius server vendors should be able to advise users about what they might try. In some customer environments wpa_supplicant 2.1 has worked but later versions 2.5 and 2.6 have not. The main goal of these keys is to enable the customer to make the new wpa_supplicant behave like the 2.1 version. One major difference is usage of TLS 1.2 in authentication involving PEAP. In order to enforce a different version of TLS, phase1-direct can e.g. be set to "tls_disable_tlsv1_2=1" - Remote management has sporadically been broken after wake-up via wake-on-LAN. Now instead of only logging the problem the device is rebooted. Furthermore, before the reboot some debug information is stored in the file /wfs/2016051110000538-debug.txt. Customers are asked to send a copy of the file to IGEL when it occurs. The file can be deleted from the device at any time. - Removed obsolete registry keys: * network.interface_trigger.enabled * network.interface_trigger.script - Disabled weak ssh encryption algorithms as default for client and server. This are following algorithms: arcfour, arcfour128, arcfour256, aes128-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se, blowfish-cbc, cast128-cbc and 3des-cbc. In case one of the above mentioned algorithms is needed, the following settings may be disabled: * network.ssh_client.disable_weak_encryption (default: enabled) * network.ssh_server.disable_weak_encryption (default: enabled) - Fixed various issues with the Realtek r8168 driver by not using NAPI anymore. - Fixed bug: Under certain circumstances suspend/resume via UMS resulted in incomplete restart of network-dependent services, particularly IGEL remote agent. - Fixed wrong network device order in Virtualbox: eth0 is now vbox network interface 1 and eth1 now vbox network interface 2. [WiFi] - Improved support for D-Link "dwa171 rtl8821au" - Fixed WiFi problems with certain Intel WiFi cards. [Open VPN] - Fixed issue where specific TLS-options were not included in sessions with username/password authentication. - Fixed issue where input of credentials was impossible in Xen appliance mode - Fixed handling of relative paths used to locate certificate or key files for TLS session (all relative path refer to /wfs/OpenVPN) - Fixed cases where starting a VPN connection did not finish because parameters where misconfigured. E.g. wrong password for a private key or a directory path given when a file path was expected. [genucard VPN] - Fixed genucard connector does not open with enabled autostart. [CUPS Printing] - Fixed printing of multiple documents or copies in one print job. Before the first document or copy was printed, and then the printing stalled. This happened e.g. when printing multiple copies originating from a AS400 via LPD protocol. - Added: Security updates for cups (disabled SSLv3 and RC4 cypers). - Fixed: Printjobs are removed just after printout is finished. [Base system] - Fixed critical and low battery level actions on DLOG DLT-V7212 hardware - Fixed occasionally broken standby/suspend with active directory login. - Fixed keyboard layout not being changed directly after applying changes in IGEL Setup. - Fixed the two parameters "Show taskbar in screenlock" (userinterface.screenlock_taskbar_logged_in.enabled) and "Show taskbar in login screen" (userinterface.screenlock_taskbar_logged_out.enabled), - Fixed eglibc security issues CVE-2016-3075, CVE-2015-8779, CVE-2015-8778, CVE-2015-8777, CVE-2015-8776, CVE-2015-5277, CVE-2015-1781, CVE-2014-9761, CVE-2014-8121 and CVE-2013-2207. - Fixed expat security issues CVE-2016-5300, CVE-2016-0718, CVE-2015-1283 and CVE-2012-6702. - Fixed fontconfig security issue CVE-2016-5384. - Fixed libgcrypt11 security issue CVE-2016-6313. - Fixed libimobiledevice security issue CVE-2016-5104. - Fixed nspr security issue CVE-2016-1951. - Fixed libxml2 security issues CVE-2016-4483, CVE-2016-4449, CVE-2016-4447, CVE-2016-3705, CVE-2016-3627, CVE-2016-2073, CVE-2016-1840, CVE-2016-1839, CVE-2016-1838, CVE-2016-1837, CVE-2016-1836, CVE-2016-1835, CVE-2016-1834, CVE-2016-1833, CVE-2016-1762 and CVE-2015-8806. - Fixed openssh security issues CVE-2016-6515 and CVE-2016-6210. - Fixed dosfstools security issues CVE-2016-4804 and CVE-2015-8872. - Fixed wget security issue CVE-2016-4971. - Fixed openssl security issues: CVE-2017-3731, CVE-2016-8610, CVE-2016-7056, CVE-2016-6306, CVE-2016-6304, CVE-2016-6303, CVE-2016-6302, CVE-2016-2183, CVE-2016-2182, CVE-2016-2181, CVE-2016-2180, CVE-2016-2179, CVE-2016-2178, CVE-2016-2177, CVE-2016-2108 and CVE-2014-3571. - Fixed nss security issues CVE-2016-9074, CVE-2016-8635, CVE-2016-5285 and CVE-2016-2834. - Fixed dbus security issue CVE-2015-0245. - Fixed gst-plugins-bad0.10 security issues CVE-2016-9447 and CVE-2016-9445. - Fixed bind9 security issues CVE-2016-9444, CVE-2016-9147, CVE-2016-9131, CVE-2016-8864 and CVE-2016-2776. - Fixed gdk-pixbuf security issues CVE-2016-6352, CVE-2015-8875 and CVE-2015-7552. - Fixed gnutls26 security issues CVE-2017-5337, CVE-2017-5336 and CVE-2017-5335. - Fixed harfbuzz security issue CVE-2015-8947. - Fixed libidn security issues CVE-2016-6263, CVE-2016-6262, CVE-2016-6261 and CVE-2015-8948. - Fixed tar security issue CVE-2016-6321. - Fixed curl security issues CVE-2016-8624, CVE-2016-8623, CVE-2016-8622, CVE-2016-8621, CVE-2016-8620, CVE-2016-8619, CVE-2016-8618, CVE-2016-8617, CVE-2016-8616, CVE-2016-8615, CVE-2016-7167, CVE-2016-7141, CVE-2016-5421, CVE-2016-5420 and CVE-2016-5419. - Fixed ignored password requirement of autostarted sessions. - Fixed Kernel Local Privilege Escalation "Dirty COW" - CVE-2016-5195. - Fixed wakeup by USB mouse and keyboard devices when appliance mode is active. - Fixed start menu not opening on the first click after "Show Desktop" was used. - Fixed startmenu freezes. [Storage Devices] - Fixed bug: Only the first DVD inserted into a DVD-ROM TS-H353B (SATA drive) was successfully handled by the storage hotplug mechanism. Later, the same or another DVD wasn't mounted. This happened regardless whether dynamic client drive mapping was enabled or not. New registry key: devices.hotplug.h353b_type_events Type: string Default: empty This may contain a comma-separated list of products, that shall be handled in the same way as the device mentioned above (it is not necessary to specify this one). For diagnostic purposes: If the value is not empty, then present devices that don't match any entry are reported in /var/log/messages. [X11 system] - Fixed Lenovo ThinkCentre M92p DisplayPort monitor staying black after bootup. - Fixed folder structure in the legacy start menu, when the first folder contains no application. - Fixed: Citrix fullscreen session focus fix when returning from screen lock - Fixed: Changed DisplaySwitcher to use the same screen 1 as defined in setup display configuration if not overriden by Primary selection setting in DisplaySwitcher. - Fixed wrong display order for VIA thin clients (affects UD2 lx30, UD3 lx30, UD3 lx40, UD3 lx41, UD3 lx42 and UD5 lx30) - Fixed DisplayPort monitor remaining black if the thin client is powered on before the monitor. New registry key: * session.user_display%.options.enhanced_hotplug, default: true - Fixed dual screen configuration issue when switching sessions.user_display0.options.preserve_settings setting by UMS profile. [Windowmanager] - Fixed panel behavior when enabled in login and lock screen, but disabled on normal desktop [Shadowing/VNC] - The correct UMS IP address is now shown correctly in the VNC accept remote connection dialog. [Audio] - Fixed distorted sound output in applications using ALSA (e.g. Citrix ICA Receiver). - Fixed audio input in applications using ALSA (e.g. Citrix ICA Receiver). - Fixed: Configuration of sound volumes is made more reliable and works now if IGEL Active Directory Logon is used. - Fixed support for Sennheiser DW Pro USB, MB Pro, SC260 and SC70 headsets. - Fixed volume control of the built-in speaker in IGEL UD3 (M340C). - Improved handling of data underruns in audio streams using ALSA over Pulseaudio. - Fixed an issue with audio bandwidth limit, new registry parameter ica.wfclient.audiobandwidthlimit - Fixed problem with internal audio on UD3-LX50 [Multimedia] - Fixed multimedia redirection of WMV videos in Citrix sessions, by usage of hardware video acceleration. [Hardware] - Fixed random system freeze on devices with VIA graphics. - Fixed playback of WMV/VC1 videos with hardware decoder on Samsung TC2. - Fixed issue with ShadowPrimary on Radeon devices. [TC Setup (Java)] - Fixed button "Set time and date" under "System -> Time and Date": Time and date was not set correctly in some cases [Remote Management] - Fixed UMS registration with '&' sign in password. - Remote management has sporadically been broken after wake-up via wake-on-LAN. Instead of only logging the problem the device is rebooted afterwards. In addition, some debug information are stored in the file before the reboot. /wfs/2016051110000538-debug.txt. Customers are asked to send a copy of the file to IGEL when it occurs. The file can be deleted from the device at any time. - Fixed secure shadowing certificate handling - notification does occur only once per shadowed system - Fixed logging of logoff events to ""UMS User Login History"" at shutdown or suspend. [VNC] - Fixed certificate warning in Secure VNC when certificate has changed.