IGEL OS 11 ========== Firmware version 11.03.110 Release date 2020-01-15 Last update of this document 2020-01-16 [> IGEL Release Notes](https://kb.igel.com/igelos11/releasenotes) Supported Devices ------------------------------------------------------------------------------- UD2-LX 51, UD2-LX 50, UD2-LX 40 UD3-LX 60, UD3-LX 51, UD3-LX 50 UD5-LX 50 UD6-LX 51 UD7-LX 11, UD7-LX 10 UD9-LX Touch 41, UD9-LX 40 [> Supported IGEL OS 11 thirdparty devices](https://kb.igel.com/os11-supported-hardware) Component Versions ------------------------------------------------------------------------------- +-------------------------------------------+----------------------------------+ | Clients | | +===========================================+==================================+ | Cisco JVDI Client | 12.7.0 | +-------------------------------------------+----------------------------------+ | Citrix HDX Realtime Media Engine | 2.8.0-2235 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 18.10.0.11 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 19.10.0.15 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 19.12.0.19 | +-------------------------------------------+----------------------------------+ | deviceTRUST Citrix Channel | 19.1.200.2 | +-------------------------------------------+----------------------------------+ | Ericom PowerTerm | 12.0.1.0.20170219.2-_dev_-34574 | +-------------------------------------------+----------------------------------+ | Ericom PowerTerm | 12.5_x64_20190619_12.5.1.40008 | +-------------------------------------------+----------------------------------+ | Evidian AuthMgr | 1.5.7116 | +-------------------------------------------+----------------------------------+ | Evince PDF Viewer | 3.18.2-1ubuntu4.6 | +-------------------------------------------+----------------------------------+ | FabulaTech USB for Remote Desktop | 5.2.29 | +-------------------------------------------+----------------------------------+ | Firefox | 68.4.1 | +-------------------------------------------+----------------------------------+ | IBM iAccess Client Solutions | 1.1.8.1 | +-------------------------------------------+----------------------------------+ | IGEL RDP Client | 2.2 | +-------------------------------------------+----------------------------------+ | Imprivata OneSign ProveID Embedded | onesign-bootstrap-loader_1.0.523630_amd64 | | | Qualification in progress | +-------------------------------------------+----------------------------------+ | deviceTRUST RDP Channel | 19.1.200.2 | +-------------------------------------------+----------------------------------+ | NCP Secure Enterprise Client | 5.10_rev40552 | +-------------------------------------------+----------------------------------+ | NX Client | 6.7.6 | +-------------------------------------------+----------------------------------+ | Open VPN | 2.3.10-1ubuntu2.2 | +-------------------------------------------+----------------------------------+ | Zulu JRE | 8.42.0.23 | +-------------------------------------------+----------------------------------+ | Parallels Client (64 bit) | 17.0.21474 | +-------------------------------------------+----------------------------------+ | Spice GTK (Red Hat Virtualization) | 0.37-1igel62 | +-------------------------------------------+----------------------------------+ | Remote Viewer (Red Hat Virtualization) | 8.0-1igel49 | +-------------------------------------------+----------------------------------+ | Usbredir (Red Hat Virtualization) | 0.8.0-1+b1igel71 | +-------------------------------------------+----------------------------------+ | Teradici PCoIP Software Client | 19.05.9-18.04 | +-------------------------------------------+----------------------------------+ | ThinLinc Client | 4.10.1-6197 | +-------------------------------------------+----------------------------------+ | ThinPrint Client | 7.5.88 | +-------------------------------------------+----------------------------------+ | Totem Media Player | 2.30.2 | +-------------------------------------------+----------------------------------+ | Parole Media Player | 1.0.1-0ubuntu1igel18 | +-------------------------------------------+----------------------------------+ | VNC Viewer | 1.9.0+dfsg-3igel8 | +-------------------------------------------+----------------------------------+ | VMware Horizon client | 5.2.0-14604769 | +-------------------------------------------+----------------------------------+ | Voip Client Ekiga | 4.0.1 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Dictation | | +===========================================+==================================+ | Diktamen driver for dictation | | +-------------------------------------------+----------------------------------+ | Grundig Business Systems dictation driver | | +-------------------------------------------+----------------------------------+ | Nuance Audio Extensions for dictation | B301 | +-------------------------------------------+----------------------------------+ | Olympus driver for dictation | 20180621 | +-------------------------------------------+----------------------------------+ | Philips Speech driver | 12.8.5 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Signature | | +===========================================+==================================+ | Kofax SPVC Citrix Channel | 3.1.41.0 | +-------------------------------------------+----------------------------------+ | signotec Citrix Channel | 8.0.8 | +-------------------------------------------+----------------------------------+ | signotec VCOM Daemon | 2.0.0 | +-------------------------------------------+----------------------------------+ | StepOver TCP Client | 2.3.2 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Smartcard | | +===========================================+==================================+ | PKCS#11 Library A.E.T. SafeSign | 3.0.101 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Athena IDProtect | 623.07 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library cryptovision sc/interface | 7.1.20 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Gemalto SafeNet | 10.0.37-0 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library OpenSC | 0.19.0-2igel35 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library SecMaker NetID | 6.8.1.31 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library 90meter | 20190522 | +-------------------------------------------+----------------------------------+ | Reader Driver ACS CCID | 1.1.6-1igel1 | +-------------------------------------------+----------------------------------+ | Reader Driver Gemalto eToken | 10.0.37-0 | +-------------------------------------------+----------------------------------+ | Reader Driver HID Global Omnikey | 4.3.3 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive CCID | 5.0.35 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive eHealth200 | 1.0.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive SCRKBC | 5.0.24 | +-------------------------------------------+----------------------------------+ | Reader Driver MUSCLE CCID | 1.4.31-1igel6 | +-------------------------------------------+----------------------------------+ | Reader Driver REINER SCT cyberJack | 3.99.5final.sp13igel15 | +-------------------------------------------+----------------------------------+ | Resource Manager PC/SC Lite | 1.8.23-1igel9 | +-------------------------------------------+----------------------------------+ | Cherry USB2LAN Proxy | 3.2.0.3 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | System Components | | +===========================================+==================================+ | OpenSSL | 1.0.2g-1ubuntu4.15 | +-------------------------------------------+----------------------------------+ | OpenSSH Client | 7.2p2-4ubuntu2.8 | +-------------------------------------------+----------------------------------+ | OpenSSH Server | 7.2p2-4ubuntu2.8 | +-------------------------------------------+----------------------------------+ | Bluetooth Stack (bluez) | 5.50-0ubuntu1igel5 | +-------------------------------------------+----------------------------------+ | MESA OpenGL Stack | 19.2.5-1igel93 | +-------------------------------------------+----------------------------------+ | VAAPI ABI Version | 0.40 | +-------------------------------------------+----------------------------------+ | VDPAU Library Version | 1.2-1igel911 | +-------------------------------------------+----------------------------------+ | Graphics Driver INTEL | 2.99.917+git20191117-igel939 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/RADEON | 19.0.1-3igel936 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/AMDGPU | 19.0.1-5igel924 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nouveau (Nvidia Legacy) | 1.0.16-1igel867 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nvidia | 418.56-0ubuntu1 | +-------------------------------------------+----------------------------------+ | Graphics Driver Vboxvideo | 1.0.0-igel798 | +-------------------------------------------+----------------------------------+ | Graphics Driver VMware | 13.3.0-2igel857 | +-------------------------------------------+----------------------------------+ | Graphics Driver QXL (Spice) | 0.1.5-2build2-igel925 | +-------------------------------------------+----------------------------------+ | Graphics Driver FBDEV | 0.5.0-1igel819 | +-------------------------------------------+----------------------------------+ | Graphics Driver VESA | 2.4.0-1igel855 | +-------------------------------------------+----------------------------------+ | Input Driver Evdev | 2.10.6-1igel888 | +-------------------------------------------+----------------------------------+ | Input Driver Elographics | 1.4.1-1build5igel633 | +-------------------------------------------+----------------------------------+ | Input Driver eGalax | 2.5.5814 | +-------------------------------------------+----------------------------------+ | Input Driver Synaptics | 1.9.1-1ubuntu1igel866 | +-------------------------------------------+----------------------------------+ | Input Driver VMMouse | 13.1.0-1ubuntu2igel635 | +-------------------------------------------+----------------------------------+ | Input Driver Wacom | 0.36.1-0ubuntu2igel888 | +-------------------------------------------+----------------------------------+ | Kernel | 4.19.85 #mainline-lxos-r2872 | +-------------------------------------------+----------------------------------+ | Xorg X11 Server | 1.20.5-1igel914 | +-------------------------------------------+----------------------------------+ | Xorg Xephyr | 1.20.5-1igel914 | +-------------------------------------------+----------------------------------+ | CUPS Printing Daemon | 2.1.3-4ubuntu0.10igel29 | +-------------------------------------------+----------------------------------+ | PrinterLogic | 25.1.0.303 | +-------------------------------------------+----------------------------------+ | Lightdm Graphical Login Manager | 1.18.3-0ubuntu1.1 | +-------------------------------------------+----------------------------------+ | XFCE4 Window Manager | 4.12.3-1ubuntu2igel675 | +-------------------------------------------+----------------------------------+ | ISC DHCP Client | 4.3.3-5ubuntu12.10igel7 | +-------------------------------------------+----------------------------------+ | NetworkManager | 1.2.6-0ubuntu0.16.04.3igel74 | +-------------------------------------------+----------------------------------+ | ModemManager | 1.10.0-1~ubuntu18.04.2igel3 | +-------------------------------------------+----------------------------------+ | GStreamer 0.10 | 0.10.36-2ubuntu0.2 | +-------------------------------------------+----------------------------------+ | GStreamer 1.x | 1.16.1-1igel222 | +-------------------------------------------+----------------------------------+ | WebKit2Gtk | 2.26.2-1igel27 | +-------------------------------------------+----------------------------------+ | Python2 | 2.7.12 | +-------------------------------------------+----------------------------------+ | Python3 | 3.5.2 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Features with Limited IGEL Support | | +===========================================+==================================+ | Mobile Device Access USB (MTP) | 1.1.16-2igel1 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (imobile) | 1.2.1~git20181030.92c5462-1igel5 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (gphoto) | 2.5.23-2igel2 | +-------------------------------------------+----------------------------------+ | VPN OpenConnect | 7.08-1 | +-------------------------------------------+----------------------------------+ | Scanner support | 1.0.27-1 | +-------------------------------------------+----------------------------------+ | VirtualBox | 6.0.14-dfsg-1igel33 | +-------------------------------------------+----------------------------------+ General Information -------------------------------------------------------------------------------- ### CAUTION: * Firmware downgrade to older versions (11.01 or 11.02) is not possible, due to the unsigned firmware update files. ### The following clients and features are not supported anymore * Caradigm * Citrix Legacy Sessions * Citrix Web Interface * Citrix StoreFront Legacy * Citrix HDX Flash Redirection * Citrix XenDesktop Appliance Mode * Flash Player Download * JAVA Web Start * Leostream Java Connect * Systancia AppliDis * VIA graphics driver Known Issues -------------------------------------------------------------------------------- ### Firefox * Firefox IGEL extensions are not updated automatically under some circumstances. After an update from 11.03.10x to 11.03.110 the IGEL extensions will stay on the old version. In this case, the following settings concerning kiosk mode cannot be executed: - Switch off Hotkey for new window/tab - Blocking of internal browser pages like preferences, file picker, specific local directories As a workaround: - a reset to defaults should be performed - or the browser's mimetype template can be switched from "Standard" to "Minimal" by registry key browserglobal.app.mimetypes_template. There the browser profile is renewed as well. After the TC got the new setting, reboot and set the mimetypes_template registry key back to "Standard". ### Citrix * With activated DRI3 and an AMD GPU Citrix H.264 acceleration plugin could freeze. Selective H.264 mode (API v2) is not affected from this issue. * Citrix has known issues with GStreamer1.0 which describe problems with multimedia redirection of H.264, MPEG1 and MPEG2. GStreamer1.0 is used if browser content redirection is active. * Browser content redirection does not work with activated DRI3 and hardware accelerated H.264 deep compression codec. * Citrix StoreFront login with Gemalto smartcard middleware does not detect smartcard correctly if the card is inserted after start of login. As a workaround, insert the smartcard before starting the StoreFront login. * Citrix H.264 acceleration plugin does not work with **enabled** server policy "Optimize for 3D graphics workload" in combination with server policy "Use video codec compression" -> *"For the entire screen"**. * To launch multiple desktop sessions with Citrix HDX RTME and Citrix H.264 acceleration plugin the following registry key must be enabled: +------------+-----------------------------------------------------------------+ |Parameter |`Activate workaround for dual RTME sessions and H264 acceleration` | +------------+-----------------------------------------------------------------+ |Registry |`ica.workaround-dual-rtme` | +------------+-----------------------------------------------------------------+ |Range | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ > This workaround is not applicable when "Enable Secure ICA" is active for the > specific delivery group. * "Multimedia redirection" isn't working if "HDX RealTime Media Engine" is enabled at the same time. Workaround: Switch off "HDX RealTime Media Engine": +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Citrix > Citrix Global > HDX Multimedia | +------------+-----------------------------------------------------------------+ | |Sessions > Citrix > Citrix Global > Unified Communications > Skype for Business | +------------+-----------------------------------------------------------------+ |Parameter |`HDX RealTime Media Engine` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.hdxrtme.enable` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * With Citrix Workspace App 19.10.0 or 19.8.0 the session sometimes freezes while session logoff from a published desktop. Workaround: Use CWA 18.10.0. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Citrix > Citrix Global > Citrix Client Selection | +------------+-----------------------------------------------------------------+ |Parameter |`Citrix client version` | +------------+-----------------------------------------------------------------+ |Registry |`ica.activeversion` | +------------+-----------------------------------------------------------------+ |Range | [**Default** (default: 19.10.0)] [18.10.0] [19.8.0] [19.10.0] | +------------+-----------------------------------------------------------------+ ### VMware Horizon * After disconnect of an RDP based session, the Horizon main window which contains the server or sessions overview cannot be resized anymore. * Seamless application windows in Horizon Client may not be displayed correctly. When starting the first seamless app a new iconified window appears in the taskbar and only if you click on it the application will show up. * Client drive mapping and USB redirection for storage devices should not be enabled both at the same time. - On the one hand, when using USB redirection for storage devices: The USB on-insertion feature is only working when the client drive mapping is switched off. In the IGEL Setup client drive mapping can be found in: `Sessions > Horizon Client > Horizon Client Global > Drive Mapping > Enable Drive Mapping`. It is also recommended to disable local `Storage Hotplug` on setup page `Devices > Storage Devices > Storage Hotplug`. - On the other hand, when using drive mapping instead, it is recommended to either switch off USB redirection entirely or at least deny storage devices by adding a filter to the USB class rules. Furthermore Horizon Client relies on the OS to mount the storage devices itself. Enable local `Storage Hotplug` on setup page `Devices > Storage Devices > Storage Hotplug`. * External drives mounted already before connection do not appear in the remote desktop. Workaround: map the directory /media as a drive. Then the external devices will show up inside the media drive. ### WiFi * TP-Link Archer T2UH WiFi adapters does not work after system suspend/resume. Workaround: Disable system suspend at IGEL Setup > System > Power Options > Shutdown. ### Parallels Client * Native USB redirection does not work with Parallels Client. ### Smartcard * In seldom cases the authentication hung when using A.E.T. SafeSign smartcards. ### Appliance Mode * Appliance mode RHEV/Spice: spice-xpi firefox plugin is no longer supported. The "Console Invocation" has to allow 'Native' client (auto is also possible) and should be started in fullscreen to prevent any opening windows. ### Multimedia * Multimedia redirection with GStreamer could fail with the Nouveau GPU driver. ### Audio * Audio jack detection on Advantec POC-W243L doesn't work. Sound output goes through the headset connection and the internal speakers. * IGEL UD2 (D220) fails to restore the volume level of the speaker when the device used firmware version 11.01.110 before. ### VirtualBox * The current VirtualBox Guest Tools/Drivers will not work with VirtualBox 5.2.x or older hosts which leads to black screen and non working graphic. Workaround: Install with 'Failsafe Installation + Recovery' and set **x.drivers.force_vesa** registry key to true. * When running in VirtualBox virtualization, resizing the window will not automatically change desktop resolution of IGEL OS guest. ### Hardware * HP t730 could freeze when monitors with different resolutions are connected (1920x1200 + 2560x1440 + 3840x1600 for example). When this occors, the registry key **x.drivers.kms.best_console_mode** has to be set to **disabled**. * Some newer Delock 62599 active DisplayPort to DVI (4k) adapters only work with INTEL devices. --- Release Notes 11.03.110 (Based On 11.03.103) -------------------------------------------------------------------------------- Security Fixes -------------------------------------------------------------------------------- ### Firefox * Updated Mozilla Firefox to 68.4.1esr: - Fix for mfsa2020-03, also known as CVE-2019-17026. - Fixes for mfsa2020-02, also known as: CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024. - Fixes for mfsa2019-37, also known as: CVE-2019-17008, CVE-2019-11745, CVE-2019-17010, CVE-2019-17005, CVE-2019-17011, CVE-2019-17012. New Features -------------------------------------------------------------------------------- ### Citrix * Integrated **Citrix Workspace App 19.12** * Available Citrix Workspace Apps in this release: 19.12(default), 19.10 and 18.10 * New registry keys: * Added a registry key for enabling fullscreen banner "Citrix Desktop Viewer" when starting a Desktop or Application session. +------------+-----------------------------------------------------------------+ |Parameter |`Show Citrix Desktop Viewer screen` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.cdviewerscreen` | +------------+-----------------------------------------------------------------+ |Value |**off** (default)/on | +------------+-----------------------------------------------------------------+ * Added a registry key to enable usage of Chromium Embedded Framework (CEF) for Browser Content Redirection (BCR) [Experimental]. +------------+-----------------------------------------------------------------+ |Parameter |`Use Chromium Embedded Framework (CEF)` | +------------+-----------------------------------------------------------------+ |Registry |`ica.allregions.usecefbrowser` | +------------+-----------------------------------------------------------------+ |Value |**factory default** (default)/false/true | +------------+-----------------------------------------------------------------+ * "factory default" means that can be set by config file. * Changed default: +------------+-----------------------------------------------------------------+ |Parameter |`VDTUI protocol` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.vdtui.enable` | +------------+-----------------------------------------------------------------+ |Value |off/**on** (default) | +------------+-----------------------------------------------------------------+ Resolved Issues -------------------------------------------------------------------------------- ### OSC Installer * Fixed deployment of IGEL OS with IGEL Deployment Appliance. ### Firefox * Fixed possibility to remove the browsers navigation bar. In 11.03.100 the whole browser content was invisible without the navigation bar. ### WiFi * Fixed support for some newer WiFi chipsets. * Fixed WiFi backport driver instability problems with updating them to 5.4-rc8-1. ### Imprivata * Fixed race condition that may lead to unexpected behavior with RDP connections. * Fixed VMware Horizon session disconnect. ### Smartcard * Fixed bug in smartcard transaction locking. ### Cisco JVDI Client * The Cisco EULA must be accepted together with the IGEL EULA before installing IGEL OS and also within IGEL Setup Assistant when requesting an IGEL OS demo license. ### Base system * Fixed potential temporary settings loss when resuming from standby. Release Notes 11.03.103 (Based On 11.03.100) -------------------------------------------------------------------------------- Resolved Issues -------------------------------------------------------------------------------- ### RDP/IGEL RDP Client 2 * Fixed Fabulatech Scanner Redirection not working for RDP Remote Apps. --- Release Notes 11.03.100 -------------------------------------------------------------------------------- Security Fixes -------------------------------------------------------------------------------- ### Firefox * Updated Mozilla Firefox to 68.2.0esr - Fixes for mfsa2019-33, also known as: CVE-2019-15903, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764. - Fixes for mfsa2019-26, also known as: CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752, CVE-2019-9812, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735, CVE-2019-11740. ### Base system * Added cryptographic signatures to OS 11 firmware files to prevent reading from corrupt images or disks. -> Updates to firmwares without valid signatures are blocked. -> When a signature error on the system partition is detected, the system is halted immediately. For system recovery a reinstallation via the OS Creator tool (OSC) is required. A signature error during early boot is signalized by a beep sequence. -> When a signature error in another partition is detected the partition is removed and a firmware update is triggered to reinstall the corrupt partition. -> Added user visible notification about partition signature errors. * Fixed admin logout from rescue shell after suspend * Fixed security issue CVE-2019-15902 in 4.19.x kernel. * Updated Intel microcodes to version 20191115 to fix various security issues (CVE-2019-11135, CVE-2019-0117 and CVE-2019-11139). * Fixed cups security issues CVE-2019-8696, CVE-2019-8675 and CVE-2019-86. * Fixed openjpeg2 security issues CVE-2018-6616, CVE-2018-5785, CVE-2018-18088, CVE-2018-14423 and CVE-2017-17480. * Fixed xorg-server security issue CVE-2018-14665. * Fixed expat security issue CVE-2019-15903. * Fixed freetype security issue CVE-2015-9383. * Fixed ghostscript security issues CVE-2019-14817, CVE-2019-14813, CVE-2019-14812, CVE-2019-14811, CVE-2019-10216 and CVE-2019-14869. * Fixed python2.7 security issues CVE-2019-9948, CVE-2019-9947, CVE-2019-9740, CVE-2019-9636, CVE-2019-5010, CVE-2019-10160 , CVE-2018-20852, CVE-2019-16935 and CVE-2019-16056. * Fixed python3.5 security issues CVE-2019-9948, CVE-2019-9947, CVE-2019-9740, CVE-2019-9636, CVE-2019-5010, CVE-2019-10160, CVE-2018-20852, CVE-2018-20406, CVE-2019-16935 and CVE-2019-16056. * Fixed giflib security issues CVE-2019-15133 and CVE-2018-11490. * Fixed libvirt security issues CVE-2019-3886, CVE-2019-11091, CVE-2019-10168, CVE-2019-10167, CVE-2019-10166, CVE-2019-10161, CVE-2019-10132, CVE-2018-6764, CVE-2018-5748, CVE-2018-12130, CVE-2018-12127, CVE-2018-12126, CVE-2018-1064, CVE-2017-2635, CVE-2017-1000256 and CVE-2016-5008. * Fixed e2fsprogs security issue CVE-2019-5094. * Fixed rpcbind security issues CVE-2017-8779 and CVE-2015-7236. * Fixed wpa security issues CVE-2019-16275 and CVE-2019-13377. * Fixed tiff security issues CVE-2019-17546 and CVE-2019-14973. * Fixed aspell security issue CVE-2019-17544. * Fixed libsdl1.2 security issues CVE-2019-7638, CVE-2019-7637, CVE-2019-7636, CVE-2019-7635, CVE-2019-7578, CVE-2019-7577, CVE-2019-7576, CVE-2019-7575, CVE-2019-7574, CVE-2019-7573, CVE-2019-7572 and CVE-2019-13616. * Fixed libsoup2.4 security issues CVE-2019-17266, CVE-2018-12910 and CVE-2017-2885. * Fixed rtlwifi driver security issue CVE-2019-17666 . * Fixed libxslt security issues CVE-2019-18197, CVE-2019-13118 and CVE-2019-13117. * Fixed opus security issue CVE-2017-0381. * Fixed curl security issues CVE-2019-5482 and CVE-2019-5481. * Fixed libidn2 security issues CVE-2019-18224 and CVE-2019-12290. * Fixed libarchive security issue CVE-2019-18408. * Fixed samba security issues CVE-2019-14847 and CVE-2019-10218. * Fixed file security issue CVE-2019-18218. * Fixed imagemagick security issues CVE-2019-16713, CVE-2019-16711, CVE-2019-16710, CVE-2019-16709, CVE-2019-16708, CVE-2019-15140, CVE-2019-15139, CVE-2019-14981, CVE-2019-13454, CVE-2019-13391, CVE-2019-13311, CVE-2019-13310, CVE-2019-13309, CVE-2019-13307, CVE-2019-13306, CVE-2019-13305, CVE-2019-13304, CVE-2019-13301, CVE-2019-13300, CVE-2019-13297, CVE-2019-13295, CVE-2019-13137, CVE-2019-13135, CVE-2019-12979, CVE-2019-12978, CVE-2019-12977, CVE-2019-12976, CVE-2019-12975 and CVE-2019-12974. * Fixed libjpeg-turbo security issues CVE-2019-2201, CVE-2018-20330 and CVE-2018-19664. * Fixed python-ecdsa security issues CVE-2019-14859, CVE-2019-14853 and CVE-2019-1485. * Restricted access to journalctl log file for root only. * Limit list of allowed TLS ciphers according to the Germany BSI recommendation (TR-0210202 Version 2019-01). The functionality is controlled by the parameter: +------------+-----------------------------------------------------------------+ | Registry | `system.security.remote_management.tls_policy` | +------------+-----------------------------------------------------------------+ | Value | **Default** / BSI | +------------+-----------------------------------------------------------------+ - The limited cipher list is applied on TLS (SSL) connections in: - IGEL RM Agent - Secure Shadowing - Secure Terminal - Firmware Update - Custom Partition New Features -------------------------------------------------------------------------------- ### Citrix * Integrated **Citrix Workspace app 19.10** * Available’Citrix Workspace apps in this release: 19.10 (default), 19.08 and 18.10 * Added a registry key to enable Transparent User Interface [TUI] Virtual Channel [VC] protocol. +------------+-----------------------------------------------------------------+ |Parameter |`Enable VDTUI protocol` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.vdtui.enable` | +------------+-----------------------------------------------------------------+ |Value |**off** (default)/on | +------------+-----------------------------------------------------------------+ * Updated libwebkit2gtk-4.0-37 to version 2.26.2. It is now possible to enable debug output for Citrix Browser Content Redirection by running the script /config/bin/install-webkit-debug. The debug output is written to /var/log/user/webcontainer.debug. CAUTION: Only short sessions with enabled debug output can be tracked, due to the huge amount of debugging data which is written to the log file. * Added support for "FabulaTech Scanner for Remote Desktop": +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Citrix > Citrix Global > Fabulatech Scanner Redirection | +------------+-----------------------------------------------------------------+ |Parameter |`Fabulatech Scanner for Remote Desktop` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.fabulatech_scanner.enable` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ ### RDP/IGEL RDP Client 2 * Added support for "FabulaTech Scanner for Remote Desktop": +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > RDP > RDP Global > Fabulatech Scanner Redirection | +------------+-----------------------------------------------------------------+ |Parameter |`Fabulatech Scanner for Remote Desktop` | +------------+-----------------------------------------------------------------+ |Registry |`rdp.fabulatech_scanner.enable` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ ### VMware Horizon * Updated Horizon Client to version 5.2.0-14604769 * Added local scanner redirection for VMWare Horizon Client +------------+-----------------------------------------------------------------+ |Parameter | `Scanner Redirection` | +------------+-----------------------------------------------------------------+ |Registry | `vmware.view.enable-scanner-redir` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * Added support for "FabulaTech Scanner for Remote Desktop": +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Horizon Client > Horizon Client Global > Fabulatech Scanner Redirection | +------------+-----------------------------------------------------------------+ |Parameter |`Fabulatech Scanner for Remote Desktop` | +------------+-----------------------------------------------------------------+ |Registry |`vmware.view.usb.enable-fabulatech-scanner` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ ### ThinLinc * Updated ThinLinc Client to version 4.10.1. ### Parallels Client * Updated Parallels Client to Version 17.0.1 For using the FIPS 140-2 compliance mode no special handling is needed anymore. ### Teradici PCoIP Client * Updated Teradici PCoIP client to 19.05.9. ### Imprivata * Added: When available flash is bigger than 2GB, 500 MB will be used for the Imprivata data partition. ### Cisco JVDI Client * Integrated new **Cisco Jabber Softphone for VDI** (Cisco JVDI Client) version 12.7 in 64bit. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Unified Communications > Cisco Jabber | +------------+-----------------------------------------------------------------+ |Parameter |`Cisco JVDI client` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.vdcisco.enable` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled**(default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Horizon Client > Horizon Global > Unified Communications > Cisco Jabber | +------------+-----------------------------------------------------------------+ |Parameter |`Cisco JVDI client` | +------------+-----------------------------------------------------------------+ |Registry |`vmware.view.vdcisco.enable` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled**(default) | +------------+-----------------------------------------------------------------+ > Registry path for Common JVDI options: `multimedia.ciscovxme.**` ### Logging * Added Elastic FIlebeat 7.3.0. This is a lightweight way to forward and centralize logs and files. New registry keys to enable and configure Elastic FIlebeat: +------------+-----------------------------------------------------------------+ | IGEL Setup | System > Firmware Customization > Features | +------------+-----------------------------------------------------------------+ | Parameter | `Elastic Filebeat` | +------------+-----------------------------------------------------------------+ | Registry | `services.elastic_filebeat.enabled` | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use custom configuration.` | +------------+-----------------------------------------------------------------+ | Registry | `network.filebeat.custom.enabled` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Custom Configuration` | +------------+-----------------------------------------------------------------+ | Registry | `network.filebeat.custom.config` | +------------+-----------------------------------------------------------------+ | Type | Multiline | +------------+-----------------------------------------------------------------+ | Value | `filebeat.inputs: ...` | +------------+-----------------------------------------------------------------+ ### Base system * Added support for exFAT filesystem. * Updated Kernel to version 4.19.85 with WiFi backport drivers 5.3.6.1 * Updated Intel microcodes to version 20191115 to fix various security issues (CVE-2019-11135, CVE-2019-0117 and CVE-2019-11139). * Updated Xorg Xserver from version 1.19.6 to 1.20.5 * Updated Mesa OpenGL stack from version 19.0.8 to 19.2.5 * Updated the X11 video and input drivers to their most current available versions. * Added functionality to enable or disable touchpad with a hotkey. +------------+-----------------------------------------------------------------+ |IGEL Setup |User Interface > Input > Touchpad | +------------+-----------------------------------------------------------------+ |Parameter |`Enable Touchpad` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.touchpad.general.touchpadenable` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |User Interface > Input > Touchpad | +------------+-----------------------------------------------------------------+ |Parameter |`Hotkey` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.touchpad.general.usehotkey` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |User Interface > Input > Touchpad | +------------+-----------------------------------------------------------------+ |Parameter |`Modifiers` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.touchpad.general.hotkeymodifier` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |User Interface > Input > Touchpad | +------------+-----------------------------------------------------------------+ |Parameter |`Hotkey` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.touchpad.general.hotkey` | +------------+-----------------------------------------------------------------+ * Added feature to log into different files and to store log files on a persistent encrypted partition. +------------+-----------------------------------------------------------------+ |IGEL Setup |System > Logging | +------------+-----------------------------------------------------------------+ |Parameter |`Local logging` | +------------+-----------------------------------------------------------------+ |Registry |`system.syslog.enabled` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |System > Logging | +------------+-----------------------------------------------------------------+ |Parameter |`Use persistent log partition` | +------------+-----------------------------------------------------------------+ |Registry |`system.syslog.persistent` | +------------+-----------------------------------------------------------------+ |Value |enabled’ / **disabled**’(default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |System > Logging | +------------+-----------------------------------------------------------------+ |Parameter |`Partition size in MB` | +------------+-----------------------------------------------------------------+ |Registry |`system.syslog.partsize` | +------------+-----------------------------------------------------------------+ |Value |**100** (default) | +------------+-----------------------------------------------------------------+ - Create /var/log/auth.log: +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.sinks.auth` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ - Create /var/log/daemon.log: +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.sinks.daemon` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ - Create /var/log/kern.log: +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.sinks.kern` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ - Create /var/log/syslog: +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.sinks.syslog` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Updated Fluendo multimedia codecs to the following versions: gst-fluendo-h264dec - 18/09/2019 0.10.54 gst-fluendo-vadec - 16/10/2019 0.10.210 * Added beep sequence to signalize a missing system partition during early boot. ### CUPS Printing * Updated Printer Installer client to version 25.1.0.303 * Added missing cups model names for some printers. ### Smartcard * Updated MUSCLE Open Source CCID driver to version 1.4.31. Added additional smartcard reader Cherry SECURE BOARD. * Updated SecMaker Net iD smart card library to version 6.8.1.31. The changes are: - Support for Gemalto IDPrime 940 and 3940. - Support for new VRK card (IDEMIA IAS ECC, spec: FINEID S1 - FINEID S1 Electronic ID Application v4.0). - Support for Aventra MyEID v4.0 (customer specific card profile with read support only). - Fixed problem with detection of cards in Net iD Card Portal - Other fixes, see release notes at SecMaker. ### WiFi * Added backports kernel drivers with version 5.3.6-1 for better WiFi support. * Disabled backports drivers for Microsoft Surface Laptop 3. * Added new registry key to enable or disable the use of the backport drivers (reboot is needed): +------------+-----------------------------------------------------------------+ | Parameter | `Use the newer backport drivers for WiFi.` | +------------+-----------------------------------------------------------------+ | Registry | `network.drivers.use_backport_drivers` | +------------+-----------------------------------------------------------------+ | Range | [Default] [False] [True] | +------------+-----------------------------------------------------------------+ | Value | **Default** (normally use backport drivers) | +------------+-----------------------------------------------------------------+ * Added switch for more aggressively search of configured hidden WiFi networks: +------------+-----------------------------------------------------------------+ |Parameter |Force connection to hidden network | +------------+-----------------------------------------------------------------+ |Registry |`network.interfaces.wirelesslan.device0.mssid_force_hidden` | +------------+-----------------------------------------------------------------+ |Value |**never** (default), once, continuously | +------------+-----------------------------------------------------------------+ - The default value "never" preserves the old behaviour. Changing it can be useful in situations where the system cannot detect any configured WiFi in the environment. If "once" is selected, the system will blindly try to connect to all configured hidden networks once (until the network as a whole gets started again). In the case of "continuously", it will continue trying to connect to hidden networks. Remarks: An access point found in this way will be remembered next time and its reconnecting will be faster. Search for hidden networks in the Wireless Manager is not affected. ### Driver * Updated Philips Speech Driver to version 12.8.5. * Added login with BioSec BS Login Hand Vein Recognition software. The parameters have to be set in IGEL Setup Registry: +------------+-----------------------------------------------------------------+ |Parameter |Login with Biosec BS Login | +------------+-----------------------------------------------------------------+ |Registry |auth.login.biosec_bslogin | +------------+-----------------------------------------------------------------+ |Value |**false**/true | +------------+-----------------------------------------------------------------+ |Parameter |URL of LifePassServer | +------------+-----------------------------------------------------------------+ |Registry |auth.biosec.lifepassserverurl | +------------+-----------------------------------------------------------------+ |Value |**localhost:10100** | +------------+-----------------------------------------------------------------+ |Setup |System>Firmware Customization>Features | +------------+-----------------------------------------------------------------+ |Parameter |Biosec BS Login | +------------+-----------------------------------------------------------------+ |Registry |services.biosec_bslogin.enabled | +------------+-----------------------------------------------------------------+ |Value |**true**/false | +------------+-----------------------------------------------------------------+ * Added Broadcom Tigon3 network driver. ### X11 system * Added support for secure keyboard input with Cherry SECURE BOARD 1.0. In secure mode all keyboard input devices are suppressed except pre-personalized Cherry SECURE BOARD 1.0 devices. For the encrypted communication certificates and keys in directories /wfs/cherry/ca-certs and /wfs/cherry/client-certs are required. +------------+-----------------------------------------------------------------+ |Setup |`User Interface > Input > Keyboard | +------------+-----------------------------------------------------------------+ |Parameter |`Secure keyboard input with Cherry SECURE BOARD` | +------------+-----------------------------------------------------------------+ |Registry |`devices.cherry_secureboard.enable` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Debug messages for Cherry SECURE BOARD` | +------------+-----------------------------------------------------------------+ |Registry |`devices.cherry_secureboard.debug` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added the possibility to configure the screen brightness with registry keys: +------------+-----------------------------------------------------------------+ | Parameter | `Brightness value` | +------------+-----------------------------------------------------------------+ | Registry | `x.xserver0.brightness` | +------------+-----------------------------------------------------------------+ | Value | **1.0** (default) | +------------+-----------------------------------------------------------------+ | Range | 0.1 - 1.0 (darker) | | | 1.0 - 3.0 (brighter) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Brightness value` | +------------+-----------------------------------------------------------------+ | Registry | `x.xserver0.screen[1-7].brightness` | +------------+-----------------------------------------------------------------+ | Value | **1.0** (default) | +------------+-----------------------------------------------------------------+ | Range | 0.1 - 1.0 (darker) | | | 1.0 - 3.0 (brighter) | +------------+-----------------------------------------------------------------+ * Added new registry keys to be able to configure some modesetting graphics driver options if needed. New registry keys: +------------+-----------------------------------------------------------------+ | Parameter | `Use DRI3 PageFlip feature.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_page_flip` | +------------+-----------------------------------------------------------------+ | Range | [Default] [False] [True] | +------------+-----------------------------------------------------------------+ | Value | **Default** (normally use page flip feature) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use shadow framebuffer layer.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_shadow_fb` | +------------+-----------------------------------------------------------------+ | Range | [Default] [False] [True] | +------------+-----------------------------------------------------------------+ | Value | **Default** (normally use shadow framebuffer) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use double shadow framebuffer to improve VNC performance.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_double_shadow` | +------------+-----------------------------------------------------------------+ | Range | [False] [True] | +------------+-----------------------------------------------------------------+ | Value | **False** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use software cursor for modesetting driver.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_sw_cursor` | +------------+-----------------------------------------------------------------+ | Range | [Default] [False] [True] | +------------+-----------------------------------------------------------------+ | Value | **Default** (normally false) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Choose acceleration method.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.accel_method` | +------------+-----------------------------------------------------------------+ | Range | [Default] [Glamor] [None] | +------------+-----------------------------------------------------------------+ | Value | **Default** (normally Glamor is used) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Force usage of DRI3 regardless of x.drivers.use_dri3 setting.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.force_dri3` | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ ### Misc * Added Support for "Stratusphere UX" from Liquidware. +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Connector ID Key Software | +------------+-----------------------------------------------------------------+ |Parameter |`Enable Stratusphere UX CID Key` | +------------+-----------------------------------------------------------------+ |Registry |`stratusphere_ux.cid_key_software.enable` | +------------+-----------------------------------------------------------------+ |Parameter |`Stratusphere hub` | +------------+-----------------------------------------------------------------+ |Registry |`stratusphere_ux.cid_key_software.hub` | +------------+-----------------------------------------------------------------+ |Parameter |`Stratusphere machine group` | +------------+-----------------------------------------------------------------+ |Registry |`stratusphere_ux.cid_key_software.machine_group` | +------------+-----------------------------------------------------------------+ |Parameter |`Stratusphere user group` | +------------+-----------------------------------------------------------------+ |Registry |`stratusphere_ux.cid_key_software.user_group` | +------------+-----------------------------------------------------------------+ * Added the launcher of Login VSI's monitoring tool Login PI to the IGEL OS which can be configured from setup via parameters and started from the UMS. Besides of specifying the parameters given below, a SSL certificate must be provided and deployed via the UMS. This has to be obtained from the Login PI server manually. Given the parameters and the certificate, the launcher can be started via job from the UMS. +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Login PI | +------------+-----------------------------------------------------------------+ |Parameter |`Server URL` | +------------+-----------------------------------------------------------------+ |Registry |`debug.tools.login_pi.server_url` | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Login PI | +------------+-----------------------------------------------------------------+ |Parameter |`Secret` | +------------+-----------------------------------------------------------------+ |Registry |`debug.tools.login_pi.crypt_password` | +------------+-----------------------------------------------------------------+ ### Hardware * Added recognition for UD2 M250C with 8 GB eMMC with product id UD2-LX 51. * Added support for IGEL M350C with product id UD3-LX 60. * UD7 with active "AMD Secure Processor" feature uses new product id UD7-LX 11. * Improved support for ADS-Tec VMT9000 devices: - Enable rs-232 additional power supply without restart. - Enable external wifi antenna without restart. - Enable shutdown by ignition off. - Enable watchdog service. * Added hardware support for LG CL600N. * Added hardware support for LG CL600W. * Added new registry keys to be able to configure some new i915 parameter. New registry keys: +------------+-----------------------------------------------------------------+ | Parameter | `Disable the use of limited color range for DisplayPort 1.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.intel.dp1_no_limited_color_range` | +------------+-----------------------------------------------------------------+ | Range | [Default] [No] [Yes] | +------------+-----------------------------------------------------------------+ | Value | **Default** (only for M250C the use of limited color range for DP1 is disabled) | +------------+-----------------------------------------------------------------+ * Added support for newer Prolific PL2303 USB serial adapters (used in UD3-LX 60). Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Fixed video playback with enabled Citrix Browser Content Redirection. ### RDP/IGEL RDP Client 2 * Fixed RDP graphics issues with Windows 2008(R2) Server (when RemoteFX is not enabled). * Fixed RDP Web Access Domain Visibility not working correctly. * Fixed sound glitch while using PulseAudio system. PulseAudio is now the default sound driver. ### VMware Horizon * Fixed sound issue in Horizon client 5.x using PCoIP protocol. ### Firefox * Fixed: Homepage cannot be set * Fixed: RTSP media stream with enabled apparmor. ### Network * Fixed issue with configuration of more then one NTP server. * Fixed network interface device order for Dell Wyse 5070 Thin Client so that the onboard interface always is the first one. Caution: When endpoint is updated from a previous firmware version, network interface device order might change! * Changed minimal allowed MSS size to 750 to avoid problems with some VPN solutions. * Added new registry keys to be able to configure the minimal allowed TCP MSS size. New registry keys: +------------+-----------------------------------------------------------------+ | Parameter | `Minimal TCP send MSS size.` | +------------+-----------------------------------------------------------------+ | Registry | `system.sysctl.tcp_min_snd_mss` | +------------+-----------------------------------------------------------------+ | Type | Integer | +------------+-----------------------------------------------------------------+ | Value | **750** (default) | +------------+-----------------------------------------------------------------+ | Tooltip | Minimal TCP send MSS size (configurable value in the area from 200 to 1450). | +------------+-----------------------------------------------------------------+ ### Smartcard * Fixed not working 90meter in Firefox when apparmor is enabled. * Fixed handling of smartcards in pcsc-lite: improved transaction locking. A new parameter was introduced to control the new behavior (enabled by default): +------------+-----------------------------------------------------------------+ |Parameter |`Abort stalled transactions` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.abort_stalled_transactions` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Fixed bug in smartcard transaction locking. * Fixed IGEL Smartcard to be able to handle VoIP client Ekiga sessions. * Fixed smartcard usernames displayed on login screen: non-ASCII characters were not shown correctly before. * Fixed error message on login screen, shown when smart card PIN is locked. ### Base system * Fixed license handling: Add-on licenses can be used on top of Workspace Edition evaluation licenses now. * Fixed warnings when evaluation license is about to expire. In detail, removed warning when Enterprise Management Pack is about to expire and WE is already licensed. * Fixed ActiveDirectory/Kerberos password change with "Change Password" accessory for users which are member of many (~300+) AD groups. * Fixed IGEL License retrieval via FTP protocol in IGEL Setup Assistant and Licenses Browser tool. * Fixed bug in reboot message where not all available translations were used. * Fixed problems with missing library if using OpenConnect feature. * Changed: Bluetooth is off by default again. It wiil be temporary enabled for auto pairing before the initial Setup Assistant runs. Only if a device is paired during this phase, Bluetooth is enabled afterwards. To enable Bluetooth support by configuration use this parameter: +------------+-----------------------------------------------------------------+ |IGEL Setup | Devices > Bluetooth | +------------+-----------------------------------------------------------------+ |Parameter |`Bluetooth` | +------------+-----------------------------------------------------------------+ |Registry |`devices.bluetooth.enable` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * Fixed license information of Add-On licenses in category evaluation. * Re-fixed broken custom bootsplash when doing a reset to factory defaults via UMS. ### Custom Partition * Automatic constrain of minimum size for custom partition to 5MB. ### Firmware update * Automatic firmware update is now checked after retrieval of UMS settings. * If there are some not executed changes in the network configuration, these changes are applied automatically before performing firmware update. ### Storage Devices * Fixed bug: udiskd mounted storage devices on behalf of user processes (e.g. parole) even if Storage Hotplug was disabled in the setup. ### X11 system * Fixed issue with Wacom Signing Pads not being recognized as displays. * Solved issues with certain monitors on UD2 LX50. * Fixed Multi-GPU NVIDIA setups with Display Switch. * Prevent configuration of Display Switch utility on unlicensed device. * Fixed an issue with modesetting driver and DisplayLink USB graphic adapters. ### X server * Fixed Xorg freezes when usage of modesetting driver and video acceleration. ### Shared Workplace * Fixed broken "Shared Workplace" authentication when ICG is used. ### Hardware * Fixed EFI freeze problem after bootcode update on devices like the HP t630 and probably others too. * Added: Bluetooth tool shows now a message when no device is connected. * Fixed issue with limited colors on the DisplayPort 1 of UD2-LX50. ### Remote Management * Fixed automatic registering in the UMS using DNS entry or DHCP tag during initial rollout. ### IGEL Cloud Gateway * Fixed search for an available buddy update server when devices are managed over ICG. ### VNC * Fixed sporadic connection failure in VNC server.