IGEL Linux =============================================================================== Version 5.12.100 Release date 2017-10-20 Last update of this document 2017-11-08 [> IGEL eDOCS Release Notes](http://edocs.igel.com/index.htm#15006.htm) Supported Devices ------------------------------------------------------------------------------- * IZ2-RFX, IZ2-HDX, IZ2-HORIZON * IZ3-RFX, IZ3-HDX, IZ3-HORIZON * UD2-LX 40, UD2-LX 31, UD2-LX 30 * UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40 * UD5-LX 50, UD5-LX 40, UD5-LX 30 * UD6-LX 51 * UD9-LX Touch 41, UD9-LX 40, UD9-LX Touch 31, UD9-LX 30 * UD10-LX Touch 10, UD10-LX 10 Component Versions ------------------------------------------------------------------------------- | Clients | | | ----------------------------------------- | ----------------------------- | | Cisco VXME Client | 11.9.0 | | Citrix Access Gateway Standard Plug-in | 4.6.3.0800 | | Citrix HDX Realtime Media Engine | 2.3.0-1075 | | Citrix Receiver | 12.1.8.250715 | | Citrix Receiver | 13.3.2.366713 | | Citrix Receiver | 13.7.0.10276925 | | CREALOGIX CLX.Giromat | 1.1.0b3 | | Dell vWorkspace Connector for Linux | 8.6.1 | | Ericom PowerTerm | 12.0.1.0.20170219.2-_dev_-34574 | | Ericom PowerTerm | 9.2.0.6.20091224.1-_rc_-25848 | | Ericom Webconnect | 5.6.0.4000-rel.20413 | | Evidian AuthMgr | 1.5.6362 | | Evince PDF Viewer | 2.30 | | FabulaTech USB for Remote Desktop | 5.1.3 | | Firefox | 45.9.0 | | IBM iSeriesAccess | 7.1.0-1.0 | | IBM iAccess Client Solutions | 1.1.5.0 | | IGEL Legacy RDP Client | 1.0 | | IGEL RDP Client | 2.2 | | Imprivata OneSign ProveID Embedded | | | Leostream Java Connect | 3.0.57.0 | | NCP Secure Client (Enterprise) | 3.25-rev23310-i686 | | NX Client | 5.3.12 | | Open VPN | 2.3.2 | | Oracle JRE | 1.8.0_144 | | Parallels 2X Client | 16.0.1.18456 | | Remote Viewer 7.0 for RedHat Enterprise Virtualization Desktops | | | Systancia AppliDis | 4.0.0.14 | | Thinlinc Client | 4.7.0-5280 | | ThinPrint Client | 7.5.83 | | Totem Media Player | 2.30.2 | | Nimboxx VERDE Client | 8.0.0-rel.25568 | | VMware Horizon Client | 4.6.0-6617224 | | Voip Client Ekiga | 4.0.1 | | Dictation | | | ----------------------------------------- | ----------------------------- | | Driver for Grundig Business Systems dictation devices | | | Diktamen Extensions for dictation | 20170929 | | Nuance Audio Extensions for dictation | 7.47.0 | | Driver for Olympus dictation devices | | | Legacy Philips Speech Driver | 5.0.10 | | Philips Speech Driver | 12.5.4 | | Signature | | | ----------------------------------------- | ----------------------------- | | signotec Citrix Channel | 8.0.6 | | signotec VCOM Daemon | 2.0.0 | | Softpro/Kofax Citrix Virtual | Channel 3.1.33.2 | | StepOver TCP Client | 2.1.0 | | Smartcard | | | ----------------------------------------- | ----------------------------- | | PKCS#11 Library A.E.T SafeSign | 3.0.93 | | PKCS#11 Library Athena IDProtect | 623.07 | | PKCS#11 Library cryptovision sc/interface | 6.6.3 | | PKCS#11 Library Gemalto IDPrime | 1.2.1 | | PKCS#11 Library SecMaker NetID | 6.6.0.30 | | PKCS#11 Library ASIP Sante cryptolibcps | 5.0.9 | | Reader Driver ACS CCID | 1.1.1 | | Reader Driver HID Global Omnikey CCID | 4.0.5.5 | | Reader Driver Identive / SCM Microsystems CCID | 5.0.35 | | Reader Driver MUSCLE CCID | 1.4.25 | | Reader Driver Omnikey CCID | legacy-3.6.0 | | Reader Driver Omnikey RFID | legacy-2.7.2 | | Reader Driver REINER SCT cyberJack | 3.99.5final.SP09 | | Reader Driver Gemalto / SafeNet eToken | 8.1.0-4 | | Reader Driver SCM Microsystems CCID Legacy | 5.0.21 | | Reader Driver SCM Microsystems SDI011 | 5.0.18 | | Resource Manager PC/SC Lite | 1.8.22 | | Cherry USB2LAN Proxy | 3.0.0.4 | | System Components | | | --------------------------------- | ------------------------------------- | | Graphics Driver INTEL | 2.99.917+git20160706-1ubuntu1 | | Graphics Driver ATI/RADEON | 7.8.0-1 | | Graphics Driver ATI/AMDGPU | 1.2.0-1 | | Graphics Driver VIA | 5.76.52.92-009-005f78-20150730 | | Graphics Driver VIA Legacy | 5.75.32.87a-59172 | | Graphics Driver VESA | 2.3.4-0ubuntu1~trusty1 | | Input Driver Evdev | 2.9.0-1ubuntu2~trusty1 | | Input Driver eGalax | 2.5.2107 | | Input Driver Synaptics | 1.8.2-1ubuntu1~trusty1 | | Input Driver Wacom | 0.25.0-0ubuntu1.1~trusty1 | | Kernel | 4.4.83 #96.119-ud-r1909 | | Xorg X11 Server | lts-wily-1.17.4 | | Xorg Xephyr | lts-wily-1.17.4 | Security Fixes ------------------------------------------------------------------------------- * Configuration of minimal allowed **ssh cipher security**: | SSH client | | | ---------- | ------------------------------------------------------ | | Parameter | `Minimal encryption level` | | Registry | `network.ssh_client.minimal_encryption_level` | | Range | [128bit (default)] [192bit] [256bit] | > The minimal encryption level is only configurable, if the following parameter is enabled: | | | | ---------- | ------------------------------------------------------ | | Parameter | `Disable weak encryption algorithms` | | Registry | `network.ssh_client.disable_weak_encryption` | | Value | **enabled**(default) / disabled | | SSH server | | | ---------- | ------------------------------------------------------ | | Parameter | `Minimal encryption level` | | Registry | `network.ssh_server.minimal_encryption_level` | | Range | [128bit (default)] [192bit] [256bit] | > The minimal encryption level is only configurable, if the following parameter is enabled: | | | | ---------- | ------------------------------------------------------ | | Parameter | `Disable weak encryption algorithms` | | Registry | `network.ssh_server.disable_weak_encryption` | | Value | **enabled**(default) / disabled | * Fixed nss security issues CVE-2017-7502, CVE-2017-5461 and CVE-2016-2183. * Fixed bind9 security issues CVE-2017-3143, CVE-2017-3142, CVE-2017-3138, CVE-2017-3137, CVE-2017-3136, CVE-2017-3135 and CVE-2016-8864. * Fixed eglibc security issues CVE-2017-1000366, CVE-2016-6323, CVE-2016-4429, CVE-2016-3706, CVE-2016-1234, CVE-2015-8984, CVE-2015-8983, CVE-2015-8982 and CVE-2015-5180. * Fixed libevent security issues CVE-2016-10197, CVE-2016-10196 and CVE-2016-10195. * Fixed expat security issue CVE-2017-9233. * Fixed freetype security issues CVE-2017-8287, CVE-2017-8105, CVE-2016-10328 and CVE-2016-10244. * Fixed libgcrypt11 security issue CVE-2017-7526. * Fixed gnutls26 security issues CVE-2017-7869 and CVE-2016-8610. * Fixed gst-plugins-base1.0 security issues CVE-2017-5844, CVE-2017-5842, CVE-2017-5839, CVE-2017-5837 and CVE-2016-9811. * Fixed icu security issues CVE-2017-7868, CVE-2017-7867, CVE-2016-7415, CVE-2016-6293, CVE-2016-0494, CVE-2015-4844 and CVE-2014-9911. * Fixed jasper security issues CVE-2016-9591, CVE-2016-9560, CVE-2016-8882, CVE-2016-8693, CVE-2016-8692, CVE-2016-8691, CVE-2016-8654, CVE-2016-2089, CVE-2016-1867, CVE-2016-10251 and CVE-2016-10249. * Fixed jbig2dec security issues CVE-2017-7976, CVE-2017-7975, CVE-2017-7885 and CVE-2016-9601. * Fixed nettle security issue CVE-2016-6489. * Fixed libnl3 security issue CVE-2017-0553. * Fixed rtmpdump security issues CVE-2015-8272, CVE-2015-8271 and CVE-2015-8270. * Fixed libsndfile security issues CVE-2017-8365, CVE-2017-8363, CVE-2017-8362, CVE-2017-8361, CVE-2017-7742, CVE-2017-7741, CVE-2017-7586 and CVE-2017-7585. * Fixed libssh2 security issue CVE-2016-0787. * Fixed libtasn1-6 security issue CVE-2017-6891. * Fixed tiff security issues CVE-2017-5225, CVE-2016-9540, CVE-2016-9539, CVE-2016-9538, CVE-2016-9537, CVE-2016-9536, CVE-2016-9535, CVE-2016-9534, CVE-2016-9533, CVE-2016-9532, CVE-2016-9453, CVE-2016-9448, CVE-2016-9297, CVE-2016-9273, CVE-2016-8331, CVE-2016-6223, CVE-2016-5875, CVE-2016-5652, CVE-2016-5323, CVE-2016-5322, CVE-2016-5321, CVE-2016-5320, CVE-2016-5317, CVE-2016-5316, CVE-2016-5315, CVE-2016-5314, CVE-2016-3991, CVE-2016-3990, CVE-2016-3945, CVE-2016-3658, CVE-2016-3632, CVE-2016-3624, CVE-2016-3623, CVE-2016-3622, CVE-2016-10094, CVE-2016-10093, CVE-2016-10092, CVE-2015-8668 and CVE-2015-7554. * Fixed samba security issues CVE-2017-9461, CVE-2017-7494, CVE-2017-2619, CVE-2017-11103, CVE-2016-2126, CVE-2016-2125, CVE-2016-2123, CVE-2016-2119, CVE-2017-12163, CVE-2017-12151 and CVE-2017-12150. * Fixed xerces-c security issues CVE-2016-4463 and CVE-2016-2099. * Fixed libxml2 security issues CVE-2016-5131, CVE-2016-4658, CVE-2016-4448, CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-7376, CVE-2017-7375 and CVE-2017-0663. * Fixed libxpm security issue CVE-2016-10164. * Fixed libxslt security issues CVE-2017-5029, CVE-2016-4738, CVE-2016-1841, CVE-2016-1684, CVE-2016-1683 and CVE-2015-7955. * Fixed openvpn security issues CVE-2017-7521, CVE-2017-7520, CVE-2017-7512, CVE-2017-7508, CVE-2017-7479 and CVE-2016-6329. * Fixed tcpdump security issues CVE-2017-5486, CVE-2017-5485, CVE-2017-5484, CVE-2017-5483, CVE-2017-5482, CVE-2017-5342, CVE-2017-5341, CVE-2017-5205, CVE-2017-5204, CVE-2017-5203, CVE-2017-5202, CVE-2016-8575, CVE-2016-8574, CVE-2016-7993, CVE-2016-7992, CVE-2016-7986, CVE-2016-7985, CVE-2016-7984, CVE-2016-7983, CVE-2016-7975, CVE-2016-7974, CVE-2016-7973, CVE-2016-7940, CVE-2016-7939, CVE-2016-7938, CVE-2016-7937, CVE-2016-7936, CVE-2016-7935, CVE-2016-7934, CVE-2016-7933, CVE-2016-7932, CVE-2016-7931, CVE-2016-7930, CVE-2016-7929, CVE-2016-7928, CVE-2016-7927, CVE-2016-7926, CVE-2016-7925, CVE-2016-7924, CVE-2016-7923, CVE-2016-7922, CVE-2015-2155, CVE-2015-2154, CVE-2015-2153, CVE-2015-0261, CVE-2014-9140, CVE-2014-8769, CVE-2014-8768, CVE-2014-8767, CVE-2017-13725, CVE-2017-13690, CVE-2017-13689, CVE-2017-13688, CVE-2017-13687, CVE-2017-13055, CVE-2017-13054, CVE-2017-13053, CVE-2017-13052, CVE-2017-13051, CVE-2017-13050, CVE-2017-13049, CVE-2017-13048, CVE-2017-13047, CVE-2017-13046, CVE-2017-13045, CVE-2017-13044, CVE-2017-13043, CVE-2017-13042, CVE-2017-13041, CVE-2017-13040, CVE-2017-13039, CVE-2017-13038, CVE-2017-13037, CVE-2017-13036, CVE-2017-13035, CVE-2017-13034, CVE-2017-13033, CVE-2017-13032, CVE-2017-13031, CVE-2017-13030, CVE-2017-13029, CVE-2017-13028, CVE-2017-13027, CVE-2017-13026, CVE-2017-13025, CVE-2017-13024, CVE-2017-13023, CVE-2017-13022, CVE-2017-13021, CVE-2017-13020, CVE-2017-13019, CVE-2017-13018, CVE-2017-13017, CVE-2017-13016, CVE-2017-13015, CVE-2017-13014, CVE-2017-13013, CVE-2017-13012, CVE-2017-13011, CVE-2017-13010, CVE-2017-13009, CVE-2017-13008, CVE-2017-13007, CVE-2017-13006, CVE-2017-13005, CVE-2017-13004, CVE-2017-13003, CVE-2017-13002, CVE-2017-13001, CVE-2017-13000, CVE-2017-12999, CVE-2017-12998, CVE-2017-12997, CVE-2017-12996, CVE-2017-12995, CVE-2017-12994, CVE-2017-12993, CVE-2017-12992, CVE-2017-12991, CVE-2017-12990, CVE-2017-12989, CVE-2017-12988, CVE-2017-12987, CVE-2017-12986, CVE-2017-12985, CVE-2017-12902, CVE-2017-12901, CVE-2017-12900, CVE-2017-12899, CVE-2017-12898, CVE-2017-12897, CVE-2017-12896, CVE-2017-12895, CVE-2017-12894, CVE-2017-12893, CVE-2017-11543, CVE-2017-11542, CVE-2017-11541 and CVE-2017-11108. * Fixed bash security issues CVE-2016-9401, CVE-2016-7543 and CVE-2016-0634. * Fixed eject security issue CVE-2017-6964. * Fixed libsoup2.4 security issue CVE-2017-2885. * Fixed gst-plugins-base0.10 security issues CVE-2016-9811, CVE-2017-5837 and CVE-2017-5844. * Fixed gst-plugins-good0.10 security issues CVE-2016-10198, CVE-2016-10199 and CVE-2017-5840. * Fixed bluez security issue CVE-2017-1000250. * Fixed kernel bluetooth security issue CVE-2017-1000251. * Fixed gdk-pixbuf security issues CVE-2017-6311, CVE-2017-2870 and CVE-2017-2862. * Fixed graphite2 security issues CVE-2017-7778, CVE-2017-7777, CVE-2017-7776, CVE-2017-7775, CVE-2017-7774, CVE-2017-7773, CVE-2017-7772 and CVE-2017-7771. * Fixed curl security issues CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421 and CVE-2016-0755. * Fixed nvidia-graphics-drivers-304 security issues CVE-2017-0318 and CVE-2016-7382. * Fixed libplist security issue CVE-2017-7982. * Fixed regression from CVE-2017-1000364 fix. * Fixed wpa security issues (KRACK vulnerability) CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, CVE-2016-4476 and CVE-2016-4477. Known Issues ------------------------------------------------------------------------------- ### VMware Horizon * Remote applications are not seamless in the strict sense. These are rather displayed in an extra window decorated by the TC's window manager. * If more applications defined and started in the same session, all are displayed inside this window. The default size of this window can be defined in the Window section of the Horizon session. * On UD3 50/IZ3 50, accelerated H.264 decoding is only possible for Blast sessions with screen heights up to 1152 pixels due to hardware limitations. If sessions exceed 1152 pixel height, the GL-Basic rendering engine is used instead. Current Horizon Blast implementation also shows a certain lag on this type of hardware which increases over time, so that usability decreases accordingly. * Client drive mapping and USB redirection for storage devices should not be enabled both at the same time. - On the one hand, if you want to use USB redirection for your storage devices: Note that the USB on-insertion feature is only working if the client drive mapping is switched off. In the IGEL Setup client drive mapping can be found in: `Sessions > Horizon Client > Horizon Client Global > Drive Mapping > Enable Drive Mapping`. It is also recommended to disable local Storage Hotplug: On page `Devices > Storage Devices > Storage Hotplug`, put number of storage hotplug devices to 0. - On the other hand, if you use drive mapping instead, it is recommended that you should either switch off USB redirection entirely or at least deny storage devices by adding a filter to the USB class rules. And because Horizon Client relies on the OS to mount the storage devices itself, please go to setup page: `Devices > Storage Devices > Storage Hotplug` and switch on "Enable dynamic drive mapping" and put "Number of storage hotplug devices" to at least 1. ### Quest vWorkspace * Seamless applications exported from Win8/8.1 desktops show display errors when dragged to the screen edges. * At dual view configuration flash redirected windows can appear on wrong screen. * After the start of a seamless session the window is initially maximized before being resized to the correct size. * Windows XP sessions might not work properly anymore. * Only standard 105 keys PC keyboards are supported. Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys. * Mapping of drives to a dedicated drive letter is not possible anymore. * If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped. * If printer mapping is enabled, all printers configured in CUPS are mapped. * For Multimedia Redirection, sound redirection with WMV/WMA streams is not working. * USB Redirection may not work reliably. * Session starts only if RDP Local Logon Window (`IGEL Setup > Sessions > RDP > RDP Global > Local Logon`) is active. ### X11 system * The IGEL devices UD2 30/31 (D210), IZ2 30/31 (D210) and UD3 30/31 (M310) automatically use the VIA fallback driver since the new driver does not support these devices reliably enough at the moment. To disable the automatic fallback feature, disable registry key `x.drivers.via.fallback_vx855_auto_use` (default: enabled). ### Universal MultiDisplay * While updating the UMD slave devices from 5.10.100 or older firmwares there will be screen flickering and corruptions until the end of the update. New Features ------------------------------------------------------------------------------- ### Citrix Receiver 13 * Integrated **Citrix Receiver 13.7.0**. Citrix Receiver versions 13.4.2 and 13.5.0 were removed. Available Citrix Receiver versions: 12.1.8, 13.3.2, 13.7.0 (default) * With Receiver version 13.7.0 the **HDX Adaptive Transport over EDT** feature is supported. Details about HDX Adaptive Transport can be found here: [> Citrix Product Documentation](https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/hdx/adaptive-transport.html) | | | | ---------- | ------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Options | | Parameter | `HDX Adaptive Transport over EDT` | | Registry | `ica.wfclient.hdxoverudp` | | Range | [UDP without fallback to TCP] [TCP Only - UDP disabled] [UDP with fallback to TCP (default)] | * Added **CEIP configuration** for Citrix Receiver 13.7.0. (Citrix Customer Experience Improvement Program). Details about CEIP can be found here: [> About CEIP](https://www.citrix.com/community/cx/ceip.html) | | | | ---------- | ---------------------------- | | Parameter | `Participate in CEIP` | | Registry | `ica.module.enableceip` | | Range | [Disable (default)] [Enable] | * Citrix Receiver 13.7.0 introduces a new, stricter, validation policy for server certificates to ensure a continuous improvement of client security. * The **Multi-Stream ICA** feature is only supported with Citrix Receiver 13.7.0 and must be enabled here: | | | | ---------- | --------------------------------------------- | | IGEL Setup | Sessions > Citrix > HDX Global > Options | | Parameter | `Multi-Stream ICA` | | Registry | `ica.module.allowmultistream` | | Value | enabled / **disabled**(default) | * Added **Citrix HDX RTME 2.3.0** used for Skype for Business optimization in ICA sessions. | | | | ---------- | ----------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Unified Communications > Skype for Business | | Parameter | `Enable HDX Realtime Media Engine` | | Registry | `ica.module.virtualdriver.hdxrtme.enable` | | Value | enabled / **disabled**(default) | * Added **signotec Virtual Channel** version 8.0.6 for Citrix. Support for redirection via Citrix Virtual Channel: | | | | ---------- | ----------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Mapping > Device Support | | Parameter | `signotec signature pad channel` | | Registry | `ica.module.virtualdriver.stvcpad.enable` | | Value | enabled / **disabled**(default) | > Activating the Virtual Channel takes preference over VCOM Daemon: | | | | ---------- | ------------------------------------------ | | IGEL Setup | User Interface > Input > Signature Pad | | Parameter | `Enable signotec VCOM Daemon` | | Registry | `devices.signotec.enable` | | Value | enabled / **disabled**(default) | * Using **high quality sound** format by default now. The audio bandwidth usage can be lowered at: | | For StoreFront sessions | | ---------- | ---------------------------------------------- | | IGEL Setup | Sessions > Citrix > HDX Global > Options | | Parameter | `Audio Bandwidth Limit in StoreFront sessions` | | Registry | `ica.wfclient.audiobandwidthlimit` | | Range | [high (default)] [medium] [low] | | | For legacy sessions | | ---------- | ---------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > Legacy ICA Sessions > ICA Session > Options | | Parameter | `Audio Bandwidth Limit` | | Registry | `sessions.ica.appsrv.audiobandwithlimit` | | Range | [high (default)] [medium] [low] | ### RDP/IGEL RDP Client 2 * Added option to **expand RDP fullscreen sessions** across all monitors: | | | | ---------- | --------------------------------------------- | | IGEL Setup | Sessions > RDP > RDP Global > Window | | Parameter | `Multi-monitor fullscreen mode` | | Registry | `rdp.winconnect.usemonitorfullscreen` | | New option | Expand fullscreen session across all monitors | | | | | ---------- | -------------------------------------------------- | | IGEL Setup | Sessions > RDP > RDP Sessions ... > Window | | Parameter | `Multi-monitor fullscreen mode` | | Registry | `sessions.winconnect%.option.usemonitorfullscreen` | | New option | Expand fullscreen session across all monitors | * Added support for **shell variables in local logon** configurations. The shell variable configuration is available at setup page `System > Firmware Customization > Environment Variables` * Added option to execute the **post session command** only for a RDP session logoff and not for a RDP session disconnect: | | | | ---------- | ------------------------------------------------- | | Parameter | `Perform post session command only on RDP logoff` | | Registry | `auth.login.autologoff_only_on_session_logoff` | | Value | enabled / **disabled**(default) | > The post session command configuration is available at setup page > `System > Firmware Customization > Custom Commands > Post Session` * Added option to configure the RDP sessions **log verbosity**: | | | | ---------- | ------------------------- | | Parameter | `Debug Log Level` | | Registry | `rdp.winconnect.loglevel` | | Range | [TRACE] [DEBUG] [INFO] [WARN] [ERROR(default)] [FATAL] [OFF] | ### VMware Horizon * Integrated **VMware Horizon Client 4.6.0-6617224** * Added **media provider optimization for Skype for Business**: | | | | ---------- | ---------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > Unified Communications > Skype for Business | | Parameter | `Virtualization Pack Skype for Business` | | Registry | `vmware.view.mediaprovider_skype` | | Value | **enabled**(default) / disabled | * Added setup page for USB Redirection: `Sessions > Horizon Client > Horizon Client Global > USB Redirection` * Added new parameter to modify the **USB redirection behavior**: | | | | --------- | ---------------------------------------- | | Parameter | `Redirect HID functionality of some headsets or headphones` | | Registry | `vmware.view.redirect_headset_hid` | | Value | **enabled**(default) / disabled | > If enabled, Jabra, Plantronics and Sennheiser headsets/headphones > will be ignored as HID devices by the X-server. * Added possibility regarding USB redirection to **split up composite USB devices** and redirect only a subset of their interfaces. This can be done automatically according to their class type or explicitly by naming the interfaces' number to exclude. Enable this parameter for automatic device splitting: | | | | ---------- | ---------------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > USB Redirection | | Parameter | `Automatic splitting of composite USB devices` | | Registry | `vmware.view.usb.allowautodevicesplitting` | | Value | enabled / **disabled**(default) | | | | | ---------- | ---------------------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > USB Redirection | | Parameter | `Device Rules > Rule` | | Registry | `vmware.view.usb.devicepolicy.product_rule.rule` | | Range | [Deny (default)] [Allow] [Split] [No auto-split] | > Additionally to "Deny" and "Allow" for every usb device, there are > two new rules: "Split" and "No auto-split". > Default is "Deny". | | | | ---------- | ---------------------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > USB Redirection | | Parameter | `Device Rules > Interface Exclude List` | | Registry | `vmware.view.usb.devicepolicy.product_rule.excludeif` | > If the rule is set to "Split" you can specify the interfaces to > exclude in the new key. Default is empty. Interface numbers can be > separated by commas. > If the rule is set to "No auto-split" you can prevent the specific > USB device from being split. (This is only effective if > `Automatic splitting of composite USB devices` is enabled.) ### Multimedia * Added **Cisco VXME client 11.9.0** for support of Cisco Jabber in Citrix ICA and VMware Horizon sessions: | | | | ---------- | ----------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Unified Communications > Cisco Jabber | | Parameter | `Cisco VXME client` | | Registry | `ica.module.virtualdriver.vdcisco.enable` | | Value | enabled / **disabled**(default) | | | | | ---------- | ----------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > Unified Communications > Cisco Jabber | | Parameter | `Cisco VXME client` | | Registry | `vmware.view.vdcisco.enable` | | Value | enabled / **disabled**(default) | > Registry path for Common VXME options: `multimedia.ciscovxme.*` ### Parallels Client * Updated Parallels 2X Client to version 16.0.1-18456 ### NX client * Updated NoMachine NX Client to version 5.3.12 ### RedHat Enterprise Virtualization client * Updated virt-viewer to version 7.0 ### Firefox * Updated Firefox browser to version 45.9.0 * Updated Flash Player download URL to version 27.0.0.170 ### Remote Management * Update online status on switch between WiFi and LAN connections. ### WiFi * Added feature to prevent permanent storage of credentials via **Wireless Manager (Cafe wireless)**: | | | | --------- | --------------------------------------------------- | | Parameter | `Allow storage of credentials` | | Registry | `network.applet.wireless.allow_storing_credentials` | | Value | **enabled**(default) / disabled | > If disabled, the Wireless Manager doesn't allow to permanently store: > 1. The passphrase in the case of WPA(2) Personal (by skipping the > connection configuration dialog). > 2. The credentials in the case of EAP/PEAP methods that require username > and password. ### Smartcard * Added possibility to prevent the user from editing the (predefined) user name in the local login window for Horizon: | | | | --------- | -------------------------------- | | Parameter | `User name is editable` | | Registry | `vmware.login.username_editable` | | Value | **enabled**(default) / disabled | * Updated **PC/SC Lite** smart card resource manager to version 1.8.22. ### Base system * Updated kernel to version Ubuntu-4.4.0-96.119. * Added a **secure wipe operation** of the related partitions, when a custom partition is disabled or a reset to factory defaults is performed. One can choose between a secure and insecure wiping mode: | | | | --------- | ------------------------------- | | Parameter | `Securely wipe disks` | | Registry | `system.security.secure_wipe` | | Value | **enabled**(default) / disabled | ### Driver * Updated **Diktamen Citrix extension for dictation** to version from 2017/09/29 * Updated **Citrix Virtual Channel OlyCom for dictation** with Olympus devices to version from 3. November 2016. * Added **Cherry USB2LAN Proxy**. This daemon detects Cherry EGK (German healthcare card) devices and exposes their SICCT and HTTPS channels through a network connection: | | | | ---------- | ----------------------------------- | | IGEL Setup | Security > Smartcard > Services | | Parameter | `Cherry USB2LAN Proxy` | | Registry | `devices.cherry_usblanproxy.enable` | | Value | enabled / **disabled**(default) | * **StepOver TCP/Citrix Client** version 2.1.0 Added support for redirection via Citrix Virtual Channel: | | | | ---------- | --------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Mapping > Device Support | | Parameter | `StepOver signature pad channel` | | Registry | `ica.module.virtualdriver.soctx.enable` | | Value | enabled / **disabled**(default) | > Activating the Virtual Channel takes preference over TCP Client: | | | | ---------- | ------------------------------------------ | | IGEL Setup | User Interface > Input > Signature Pad | | Parameter | `Enable StepOver TCP Client` | | Registry | `devices.sotcp.enable` | | Value | enabled / **disabled**(default) | * Added support for SATA drives in **DriveLock**. * Integrated **Philips Speech Driver 12.5.4**. New supported device: SpeechMike Premium Air. ### X11 system * Added a feature to **display a countdown** before either the screen gets locked or an arbitrary shell command gets executed. The purpose is to give the user a chance to avoid the screen lock or the command respectively: | | | | ---------- | ------------------------------------------------ | | IGEL Setup | User Interface > Screen Lock/Saver > Options | | Parameter | `Countdown duration in seconds` | | Registry | `sessions.xlock0.options.countdown_seconds` | | Default | 0 (means disabled) | > If the value is greater than 0, the actions mentioned above will be > delayed by this amount of seconds. Size, position and appearance > of the counter is determined by the **clock settings** at IGEL Setup > `User Interface > Screen Lock/Saver > Screensaver`. The counter is > only visibile, if the parameter `Clock display monitor` is set to > `All` or to a display number. > The time when the counter appears is specified by the > same setting as for the ordinary screensaver. | | | | ---------- | ------------------------------------------------- | | IGEL Setup | User Interface > Screen Lock/Saver > Options | | Parameter | `Countdown visual effect` | | Registry | `sessions.xlock0.options.countdown_visual_effect` | | Range | [Dark screenshot (default)] [Gray screenshot] | > A range of visual effects of which one is applied when the > countdown starts. | | | | ---------- | ---------------------------------------------------- | | IGEL Setup | User Interface > Screen Lock/Saver > Options | | Parameter | `Countdown background image` | | Registry | `sessions.xlock0.options.countdown_background_image` | > A background image to be shown with the counter. Size and position > are determined by settings of the ordinary screensaver. | | | | ---------- | --------------------------------------------------- | | Parameter | `Countdown done command` | | Registry | `sessions.xlock0.options.countdown_done_cmd` | > This should be left empty, when a local screen lock is configured that is > supposed to start after the countdown has reached 0. Alternatively an > arbitrary command can be specified that is supposed to have a similar > effect, e.g. log off from an appliance mode session. > The command is executed synchronously before the countdown goes away. > If the command doesn't terminate quickly it must be sent to the > background by appending "&". | | | | --------- | ------------------------------------------------- | | Parameter | `Countdown condition command` | | Registry | `sessions.xlock0.options.countdown_condition_cmd` | > This is only relevant if the `countdown_done_cmd` value is not empty. > A command can be specified, which is executed before the countdown is > started. A non-zero exit code means that the countdown shall not be > started. E.g. it might not be desirable to try to terminate a > user session when there is currently none. | | | | --------- | ----------------------------------------------------- | | Parameter | `Continue screensaver after countdown done command` | | Registry | `sessions.xlock0.options.countdown_done_cmd_continue` | > If enabled the ordinary screensaver is shown after the command has > been executed. (Some applications stop the screensaver, when they get > restarted. So this doesn't always have the desired effect.) ### X server * Added options to **avoid tearing artefacts**: | | For INTEL graphics adapters | | --------- | ------------------------------------------- | | Parameter | `Enable tear free option on INTEL hardware` | | Registry | `x.drivers.intel.use_tear_free` | | Value | **enabled**(default) / disabled | | | For ATI/Radeon graphics adapters | | --------- | ------------------------------------------- | | Parameter | `Enable tear free option on ATI hardware` | | Registry | `x.drivers.ati.use_tear_free` | | Value | **enabled**(default) / disabled | | | For ATI/AMDGPU graphics adapters | | --------- | ------------------------------------------- | | Parameter | `Enable tear free option on ATI hardware` | | Registry | `x.drivers.amdgpu.use_tear_free` | | Value | **enabled**(default) / disabled | ### Windowmanager * Added option to choose the monitor on which **desktop icons** are placed: | | | | ---------- | --------------------------------------------------- | | IGEL Setup | User Interface > Desktop | | Parameter | `Monitor for desktop icons` | | Registry | `windowmanager.defaulttheme.desktopxineramamonitor` | | Range | [All monitors(default)][Same as taskbar][1st monitor][2nd monitor] etc. | ### Audio * Added option to configure **default sound output and input**: | | Default sound output | | ---------- | ------------------------------------------------ | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Port Name` | | Registry | `userinterface.sound.default_sink.port_name` | | Range | [Automatic (default)] [HDMI / DisplayPort] [Speakers] [Headphones] | | | | | ---------- | ------------------------------------------------ | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Device Name` | | Registry | `userinterface.sound.default_sink.device_name` | | | Default sound input | | ---------- | ------------------------------------------------ | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Port Name` | | Registry | `userinterface.sound.default_source.port_name` | | Range | [Automatic (default)] [Microphone] [Headset Microphone] | | | | | ---------- | ------------------------------------------------ | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Device Name` | | Registry | `userinterface.sound.default_source.device_name` | > The port and device names must be the same as the corresponding names > in the "Sound Preferences" dialog. Automatic method works as follows: > 1. USB devices before PCI devices > 2. HDMI before internal speaker > 3. Unplugged ports are ignored ### Evidian * Integrated **Evidian AuthMgr** version 1.5.6362. Evidian AuthMgr sessions can be configured at `IGEL Setup > Evidian`, registry keys: `sessions.rsuserauth%`. ### Java * Updated Oracle JRE to version 8U144 ### TC Setup (Java) * New TC setup version 5.7.12 * Added hint to use fully qualified domain name at parameter: | | | | ---------- | ---------------------------------------------- | | IGEL Setup | Security > Active Directory/Kerberos | | Parameter | `Default Domain (Fully Qualified Domain Name)` | | Registry | `auth.krb5.libdefaults.default_realm` | * The IGEL Setup now logs errors and informations to the file `/var/log/user/tcsetup.log`: | | | | ---------- | ---------------------------------------- | | Parameter | `Log Level` | | Registry | `userinterface.setup.debug.log_level` | | Range | [off][fatal][error(default)][warn][info][debug][trace][all] | | | | | ---------- | ---------------------------------------- | | Parameter | `Maximum log file size (in MB)` | | Registry | `userinterface.setup.debug.log_max_size` | | Default | 2 | | | | | ---------- | ---------------------------------------- | | Parameter | `Rotation count` | | Registry | `userinterface.setup.debug.log_rotation` | | Default | 1 | Resolved Issues ------------------------------------------------------------------------------- ### Citrix * Fixed an issue regarding window focus with some applications (e.g. Adobe Reader). Focus hints of seamless application windows are ignored by default now. The fix can be disabled by this key: | | | | --------- | ----------------------------------------------- | | Parameter | `Ignore focus hints of ICA windows` | | Registry | `windowmanager.tweaks.wfica_ignore_focus_hints` | | Value | **enabled**(default) / disabled | * Fixed selection of the Citrix Receiver version. ### RDP/IGEL RDP Client 2 * Fixed dynamic client drive mapping for USB devices containing whitespaces in the device name. * Fixed audio/video synchronization during video playback using EVOR protocol. ### RedHat Enterprise Virtualization client * Fixed logoff/disconnect issue. Browser will keep the current user logged in instead of starting a new session. Fixed support for "native client" option. ### Smartcard * Fixed login with IGEL Smartcard. Before this fix, in some cases the smart card wasn't detected any more after a few log in cycles. ### CUPS Printing * Fixed issues with print job names longer than 255 characters, so that you still be able to print from certain applications which disregard the IPP definitions of a well defined job name. To do this you have to disable the following key: | | | | --------- | ------------------------------- | | Parameter | `Validate print job name` | | Registry | `print.cups.jobname-validation` | | Value | **enabled**(default) / disabled | ### Base system * Fixed an issue where the IGEL LX10 Upgrade Tool detected the UD9 LX30 falsely as 64-bit capable. * Fixed an issue with the **Update on Shutdown** feature from UMS, when the firmware should be migrated to Linux 10. Before this fix, the target system could not perform the migration. * Improved custom partition installation: Show additional and more explaining log messages in extra dialog window. * Improved USB 3.0 stability for ASMedia ASM1042A devices. ### X server * Fixed VIA graphics driver for VX900 based devices. * Fixed VNC/Shadowing lags and freezes on VIA based hardware. ### Audio * Fixed sound output over DisplayPort in IGEL UD devices. * Fixed audio jack detection in IGEL UD2 (D220) * Fixed input and output recognition for Sennheiser USB headsets.