IGEL OS Creator =============== Firmware version 12.2.1 Release date 2023-10-31 Last update of this document 2023-10-31 Supported Devices ------------------------------------------------------------------------------- [> Supported IGEL OS 12 devices](https://kb.igel.com/os12-supported-hardware) Component Versions ------------------------------------------------------------------------------- | Components | | |-------------------------------------------|----------------------------------| | OpenSSL | 1.1.1f-1ubuntu2.19 | | Bluetooth Stack (bluez) | 5.66-1igel1669186181 | | MESA OpenGL Stack | 22.3.6-1+deb12u1igel1683795808 | | VDPAU Library Version | 1.5-2igel1677954724 | | Graphics Driver INTEL | 2.99.917+git20210115-1igel1647250103 | | Graphics Driver ATI/RADEON | 19.1.0-3igel1657777718 | | Graphics Driver ATI/AMDGPU | 23.0.0-1igel1677481842 | | Graphics Driver Nouveau (Nvidia Legacy) | 1.0.17-2igel1644486678 | | Graphics Driver Nvidia | 525.125.06-0ubuntu0.20.04.3 | | Graphics Driver VMware | 13.3.0-3igel1628859075 | | Graphics Driver QXL (Spice) | 0.1.5-3+git20200331-2igel1647014792 | | Graphics Driver FBDEV | 0.5.0-2igel1644486279 | | Graphics Driver VESA | 2.5.0-1+b1igel1647004096 | | Input Driver Evdev | 2.10.6-2+b1igel1647004239 | | Input Driver Elographics | 1.4.3-1igel1678083379 | | Input Driver Synaptics | 1.9.2-1+b1igel1683803726 | | Input Driver VMMouse | 13.1.0-1ubuntu2igel1628499891 | | Input Driver Wacom | 0.39.0-0ubuntu1igel1629136980 | | Kernel | 6.1.42 #mainline-lxos12-g1696246906 | | Xorg X11 Server | 21.1.7-3igel1683808186 | | Lightdm Graphical Login Manager | 1.30.0-0ubuntu4~20.04.2igel1649274243 | | XFCE4 Window Manager | 4.14.5-1~18.04igel1643191202 | | ISC DHCP Client | 4.4.1-2.1ubuntu5.20.04.5 | | WebKit2Gtk | 2.42.1-2+b1igel1697000968 | | Python3 | 3.8.10 | | Virtualbox Guest Utils | 7.0.8-dfsg-2igel1682408222 | | Virtualbox X11 Guest Utils | 7.0.8-dfsg-2igel1682408222 | | Open VM Tools | 11.3.0-2ubuntu0~ubuntu20.04.6 | | Open VM Desktop Tools | 11.3.0-2ubuntu0~ubuntu20.04.6 | | Xen Guest Utilities | 7.10.0-0ubuntu2 | | Spice Vdagent | 0.22.1-3+b2igel1680584586 | | Qemu Guest Agent | 8.0.4+dfsg-3+b1igel1692901316 | # Changes since: 12.2.0 ## New Features - **Hardware** - Validated support for LG USB-C Universal Docking. - Validated hardware support for Poly Blackwire 5220 and Poly EncorePro 320 USB Headsets. - Added hardware support for Lenovo ThinkPad L14 and L15 Gen4 AMD/Intel - Added hardware support for Lenovo ThinkStation P3 Tiny. - Added hardware support for LG 24CR670I AiO. - **Modern Desktop** - It is now possible to configure the time zone in the calendar tray app. The new feature can be disabled by parameter system.time.timezone_in_tray. ## Security Fixes - Fixed libwebp security issue CVE-2023-4863 (initial only Chromium related) and CVE-2023-5129. - Fixed open-vm-tools security issues CVE-2023-20900 and CVE-2023-20867. - Fixed vim security issues CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2598, CVE-2022-2289, CVE-2022-2287, CVE-2022-2286, CVE-2022-2285, CVE-2022-2284, CVE-2022-2264, CVE-2022-2257, CVE-2022-2210 and CVE-2022-2208. - Fixed gawk security issue CVE-2023-4156. - Fixed bind9 security issue CVE-2023-3341. - Fixed cjose security issue CVE-2023-37464. - Fixed flac security issue CVE-2020-22219. - Fixed ghostscript security issues CVE-2023-38559, CVE-2020-21890 and CVE-2020-21710. - Fixed mysql-8.0 security issues CVE-2023-22058, CVE-2023-22057, CVE-2023-22056, CVE-2023-22054, CVE-2023-22053, CVE-2023-22048, CVE-2023-22046, CVE-2023-22038, CVE-2023-22033, CVE-2023-22008 and CVE-2023-22005. - Fixed poppler security issues CVE-2022-27337, CVE-2020-36024 and CVE-2020-36023. - Fixed librsvg security issue CVE-2023-38633. - Fixed tiff security issues CVE-2023-38289, CVE-2023-38288, CVE-2023-3618, CVE-2023-3316, CVE-2023-2908, CVE-2023-26966, CVE-2023-26965, CVE-2023-25433 and CVE-2022-48281. - Fixed cups security issues CVE-2023-4504 and CVE-2023-32360. - Fixed curl security issue CVE-2023-38039. - Fixed krb5 security issue CVE-2023-36054. - Fixed qemu security issues CVE-2023-4135, CVE-2023-40360, CVE-2023-3354, CVE-2023-3255, CVE-2023-3180 and CVE-2023-2861. - Fixed libvpx security issues CVE-2023-5217 and CVE-2023-44488. - Fixed libx11 security issues CVE-2023-43787, CVE-2023-43786 and CVE-2023-43785. - Fixed libxpm security issues CVE-2023-43789, CVE-2023-43788, CVE-2023-43787 and CVE-2023-43786. - Fixed webkit2gtk security issues CVE-2023-41993, CVE-2023-41074, CVE-2023-40451, CVE-2023-39928, CVE-2023-39434 and CVE-2023-35074. - Fixed curl security issues CVE-2023-38546 and CVE-2023-38545. - Fixed ghostscript security issue CVE-2023-43115. ## Resolved Issues - Fixed screen lagging issue with Dell Latitude 7430 - Added possibility to configure Intel PSR setting over IGEL registry | Parameter | Registry | Range | Value | | ------ | ------ | ------ | ------ | | `Change settings for intel PSR (panel self refresh).` | `x.drivers.intel.psr` | [Default][Disable][Enable][Use only up to PSR1][Use up to PSR2] | *Default* | - Added old Single Sign-On configuration parameters for backward compatibility. | Parameter | Registry | Type | Value | | ------ | ------ | ------ | ------ | | `Azure AD Tenant Name/ID (deprecated)` | `auth.cloudidp.aad_tenant` | string | empty *Default* | | `Identity Provider URL (deprecated)` | `auth.cloudidp.idpurl` | string | empty *Default* | | `Client/Application ID (deprecated)` | `auth.cloudidp.client_id` | string | empty *Default* | | `Client secret (deprecated)` | `auth.cloudidp.client_secret` | string | empty *Default* | - Fixed immediate wakeup issue after shutdown on some HP mt645 G7. - Fix handling of proxy configurations with a protocol like "http://". If no protocol is specified the system will add "http://" otherwise the specified protocol will be used. - The Setup Assistant now shows the base system version in the new scheme/format. - Fixed label and tooltip of parameter "Deny shadowing via external VNC tool" on page System>Remote Access>Shadow. Before this fix the meaning was the opposite, which was wrong. - **App Management** - Show all app installation errors as notification locally on the IGEL OS, before only errors during downloading were shown locally - **Hardware** - Fixed function key F8 for microphone on/off on HP mt645 G7. - **Remote Management** - Fixed applying of received settings during boot, the applying could sporadically block in a dead-lock and the received settings will be not applied then. - **IGEL Desktop** - Mobile broadband configuration dialogue in IGEL OS Setup-Assistant and Config-Dialog was updated. - Fixed missing suspend button text in suspend confirmation dialog when suspend timeout is triggered - **igel-system-tray** - If the Wi-Fi automatic switch is enabled and Wi-Fi got disabled because of an active LAN connection, the user is no longer allowed to manually turn Wi-Fi on in the wifi-system-tray. ## Known Issues - Display Configurator may show hotplugged monitors as disabled. - Issues may occur if monitors are connected via docking station. - In general: Monitor hotplug not stable yet and can trigger misconfiguration. - If assigned app is not available in App Portal, there is no error notification on IGEL OS desktop. - The downgrade to base system 12.00.900 or 12.00.910 is not supported. - In very rare cases all apps are lost after an update. Should this be the case, an error message is shown "Opening system App Journal failed." - if the device is manged, the apps will be reinstalled after a reboot. - Display Configurator: Rotation of displays connected to the Lenovo ThinkPad USB-C Hybrid Dock can fail. - Display configuration of displays connected to HP G5 Docking Station may fail on HP t655. - If different power plans are configured for battery and ac mode, they will not automatically change to the configured power plan when the power supply get plugged in or unplugged. So far this issue is known for the following devices: - Lenovo K14 Gen1 (AMD) - **Citrix** - Regarding CVE-2023-41993, CVE-2023-39928 & CVE-2023-41074: For compatibility with Citrix, older Webkit libraries are used instead of the latest ones to continue working properly. - More information: [https://kb.igel.com/securitysafety/en/isn-2023-25-webkit-vulnerabilities-101066782.html] - **Network** - The enumeration of ethernet-interfaces is not matching between the Setup and the system-tray. - In some cases the network is not working with the combination of the Lenovo K14 Gen1 (AMD) and the Lenovo Universal Dock. There is a kernel bugreport open which no proper fix up to now. - **Audio** - LG 34CN650 Headset mic via jack is not working - LG 27CN650 Headset mic via jack is not working - **Hardware** - Wake on LAN is not functional on Dell OptiPlex 3000 and Lenovo K14 Gen1 - Built-in fingerprint sensor is not supported on HP mt440 and mt645. - If using 6 x 4K@60Hz monitors on a t755/t740 with the additional graphic card one or two of the monitors may stay black after coming back from DPMS off state. - This is caused by using the additional graphic card as primary one which only have 512MB VRAM (the VRAM is not enough in this configuration) - The solution here is: -* Go to the BIOS and increase the VRAM size of the iGPU to 2048MiB (maybe 1024MiB may also work) -* Activate the IGEL registry key *x.drivers.swap_card0_with_card1* so the iGPU will become the Primary GPU. Please be aware that the connector names will change then. - Wake up from suspend via UMS does not work on HP mt645 devices. Workaround: Disable system suspend and use shutdown instead. - **IGEL Desktop** - On-screen keyboard sporadically crashes when typing. - XFWM4 composite manager can break screen lock and enables sporadically access to open applications. It is recommended to not enable registry key windowmanager.wm0.variables.usecompositing. The composite manager is disabled by default. - Closing shutdown dialog requires a double ESC key press. - When trying to configure two monitors in a vertical layout (one above the other), and those monitors are configured with "auto-detect" resolution, then saving leads to a wrong layout order. - **Licensing** - Manual deployment of add-on licenses for IGEL Agent for Imprivata licenses (via UMS) is only possible after finished installation of IGEL Agent for Imprivata app on device.