IGEL Universal Desktop LX ========================= Firmware version 10.05.100 Release date 2018-10-25 Last update of this document 2018-10-24 [> IGEL Release Notes](https://kb.igel.com/igelos/en/igel-os-release-notes-2721329.html) Supported Devices ------------------------------------------------------------------------------- IZ2-RFX, IZ2-HDX, IZ2-HORIZON IZ3-RFX, IZ3-HDX, IZ3-HORIZON UD2-LX 40 UD3-LX 51, UD3-LX 50, UD3-LX 42, UD3-LX 41 UD5-LX 50 UD6-LX 51 UD7-LX 10 UD9-LX Touch 41, UD9-LX 40 UD10-LX Touch 10, UD10-LX 10 Component Versions ------------------------------------------------------------------------------- +-------------------------------------------+----------------------------------+ | Clients | | +===========================================+==================================+ | Citrix HDX Realtime Media Engine | 2.6.0-2030 | +-------------------------------------------+----------------------------------+ | Citrix Receiver | 13.10.0.20 | +-------------------------------------------+----------------------------------+ | Citrix Receiver | 13.5.0.10185126 | +-------------------------------------------+----------------------------------+ | Citrix Receiver | 13.9.1.6 | +-------------------------------------------+----------------------------------+ | deviceTRUST Citrix Channel | 17.2.100.0 | +-------------------------------------------+----------------------------------+ | Ericom PowerTerm | 12.0.1.0.20170219.2-_dev_-34574 | +-------------------------------------------+----------------------------------+ | Evidian AuthMgr | 1.5.6840 | +-------------------------------------------+----------------------------------+ | Evince PDF Viewer | 3.18.2-1ubuntu4.3 | +-------------------------------------------+----------------------------------+ | FabulaTech USB for Remote Desktop | 5.2.29 | +-------------------------------------------+----------------------------------+ | Firefox | 60.2.2 | +-------------------------------------------+----------------------------------+ | IBM iAccess Client Solutions | 1.1.5.0 | +-------------------------------------------+----------------------------------+ | IGEL RDP Client | 2.2 | +-------------------------------------------+----------------------------------+ | Imprivata OneSign ProveID Embedded | | +-------------------------------------------+----------------------------------+ | deviceTRUST RDP Channel | 17.2.100.0 | +-------------------------------------------+----------------------------------+ | Leostream Java Connect | 3.3.7.0 | +-------------------------------------------+----------------------------------+ | NX Client | 5.3.12 | +-------------------------------------------+----------------------------------+ | Open VPN | 2.3.10-1ubuntu2.1 | +-------------------------------------------+----------------------------------+ | Oracle JRE | 1.8.0_181 | +-------------------------------------------+----------------------------------+ | Parallels Client (32 bit) | 16.5.1.20446 | +-------------------------------------------+----------------------------------+ | Remote Viewer (Red Hat Virtualization) | 7.0-igel47 | +-------------------------------------------+----------------------------------+ | Spice GTK (Red Hat Virtualization) | 0.35 | +-------------------------------------------+----------------------------------+ | Spice Protocol (Red Hat Virtualization) | 0.12.14 | +-------------------------------------------+----------------------------------+ | Usbredir (Red Hat Virtualization) | 0.8.0 | +-------------------------------------------+----------------------------------+ | Systancia AppliDis | 4.0.0.17 | +-------------------------------------------+----------------------------------+ | ThinLinc Client | 4.9.0-5775 | +-------------------------------------------+----------------------------------+ | ThinPrint Client | 7.5.86 | +-------------------------------------------+----------------------------------+ | Totem Media Player | 2.30.2 | +-------------------------------------------+----------------------------------+ | Parole Media Player | 1.0.1-0ubuntu1igel11 | +-------------------------------------------+----------------------------------+ | VNC Viewer | 1.8.0+git20180123-igel1 | +-------------------------------------------+----------------------------------+ | VMware Horizon client | 4.8.0-8518891 | +-------------------------------------------+----------------------------------+ | Voip Client Ekiga | 4.0.1 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Dictation | | +===========================================+==================================+ | Diktamen driver for dictation | | +-------------------------------------------+----------------------------------+ | Grundig Business Systems dictation driver | | +-------------------------------------------+----------------------------------+ | Nuance Audio Extensions for dictation | B048 | +-------------------------------------------+----------------------------------+ | Olympus driver for dictation | 20180621 | +-------------------------------------------+----------------------------------+ | Philips Speech driver | 12.5.4 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Signature | | +===========================================+==================================+ | Kofax SPVC Citrix Channel | 3.1.41.0 | +-------------------------------------------+----------------------------------+ | signotec Citrix Channel | 8.0.6 | +-------------------------------------------+----------------------------------+ | signotec VCOM Daemon | 2.0.0 | +-------------------------------------------+----------------------------------+ | StepOver TCP Client | 2.1.0 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Smartcard | | +===========================================+==================================+ | PKCS#11 Library A.E.T. SafeSign | 3.0.101 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Athena IDProtect | 623.07 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library cryptovision sc/interface | 7.1.9.620 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Gemalto SafeNet | 10.0.37-0 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library SecMaker NetID | 6.7.0.23 | +-------------------------------------------+----------------------------------+ | Reader Driver ACS CCID | 1.1.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Gemalto eToken | 10.0.37-0 | +-------------------------------------------+----------------------------------+ | Reader Driver HID Global Omnikey | 4.3.3 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive CCID | 5.0.35 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive eHealth200 | 1.0.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive SCRKBC | 5.0.24 | +-------------------------------------------+----------------------------------+ | Reader Driver MUSCLE CCID | 1.4.28 | +-------------------------------------------+----------------------------------+ | Reader Driver REINER SCT cyberJack | 3.99.5final.sp11 | +-------------------------------------------+----------------------------------+ | Resource Manager PC/SC Lite | 1.8.22 | +-------------------------------------------+----------------------------------+ | Cherry USB2LAN Proxy | 3.0.0.6 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | System Components | | +===========================================+==================================+ | OpenSSL | 1.0.2g-1ubuntu4.13 | +-------------------------------------------+----------------------------------+ | OpenSSH Client | 7.2p2-4ubuntu2.4 | +-------------------------------------------+----------------------------------+ | OpenSSH Server | 7.2p2-4ubuntu2.4 | +-------------------------------------------+----------------------------------+ | Bluetooth Stack (bluez) | 5.50-0ubuntu1igel5 | +-------------------------------------------+----------------------------------+ | MESA OpenGL Stack | 18.2.1-1igel51 | +-------------------------------------------+----------------------------------+ | VAAPI ABI Version | 0.40 | +-------------------------------------------+----------------------------------+ | VDPAU Library Version | 1.1.1-3ubuntu1 | +-------------------------------------------+----------------------------------+ | Graphics Driver INTEL | 2.99.917+git20180214-igel830 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/RADEON | 18.0.1-1igel831 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/AMDGPU | 18.0.1-1igel831 | +-------------------------------------------+----------------------------------+ | Graphics Driver VIA | 5.76.52.92-009-005f78-20150730 | +-------------------------------------------+----------------------------------+ | Graphics Driver FBDEV | 0.5.0-1igel819 | +-------------------------------------------+----------------------------------+ | Graphics Driver VESA | 2.3.4-1build2igel639 | +-------------------------------------------+----------------------------------+ | Input Driver Evdev | 2.10.5-1ubuntu1igel750 | +-------------------------------------------+----------------------------------+ | Input Driver Elographics | 1.4.1-1build5igel633 | +-------------------------------------------+----------------------------------+ | Input Driver eGalax | 2.5.5814 | +-------------------------------------------+----------------------------------+ | Input Driver Synaptics | 1.9.0-1ubuntu1igel748 | +-------------------------------------------+----------------------------------+ | Input Driver VMMouse | 13.1.0-1ubuntu2igel635 | +-------------------------------------------+----------------------------------+ | Input Driver Wacom | 0.36.1-0ubuntu1igel813 | +-------------------------------------------+----------------------------------+ | Kernel | 4.18.11 #mainline-ud-r2463 | +-------------------------------------------+----------------------------------+ | Xorg X11 Server | 1.19.6-1ubuntu4igel838 | +-------------------------------------------+----------------------------------+ | Xorg Xephyr | 1.19.6-1ubuntu4igel832 | +-------------------------------------------+----------------------------------+ | CUPS Printing Daemon | 2.1.3-4ubuntu0.5igel20 | +-------------------------------------------+----------------------------------+ | PrinterLogic | 18.2.1.128 | +-------------------------------------------+----------------------------------+ | Lightdm Graphical Login Manager | 1.18.3-0ubuntu1.1 | +-------------------------------------------+----------------------------------+ | XFCE4 Window Manager | 4.12.3-1ubuntu2igel653 | +-------------------------------------------+----------------------------------+ | ISC DHCP Client | 4.3.3-5ubuntu12.10igel6 | +-------------------------------------------+----------------------------------+ | NetworkManager | 1.2.6-0ubuntu0.16.04.2igel58 | +-------------------------------------------+----------------------------------+ | ModemManager | 1.6.8-2igel1 | +-------------------------------------------+----------------------------------+ | GStreamer 0.10 | 0.10.36-2ubuntu0.1 | +-------------------------------------------+----------------------------------+ | GStreamer 1.x | 1.14.2-1ubuntu1igel192 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Features with Limited IGEL Support | | +===========================================+==================================+ | Mobile Device Access USB | | +-------------------------------------------+----------------------------------+ | VPN OpenConnect | | +-------------------------------------------+----------------------------------+ | Scanner support / SANE | | +-------------------------------------------+----------------------------------+ | VirtualBox | | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Features with Limited Functionality | | +===========================================+==================================+ | Cisco JVDI Client | | +-------------------------------------------+----------------------------------+ General Information ------------------------------------------------------------------------------- ### The following clients and features are not supported anymore * Citrix Receiver 12.1 and 13.1 - 13.4 * Citrix Access Gateway Standard Plug-in * Dell vWorkspace Connector for Linux * Ericom PowerTerm Emulation 9 and 11 * Ericom Webconnect * IGEL Legacy RDP Client (rdesktop) * Virtual Bridges VERDE Client * PPTP VPN Support * IGEL Upgrade License Tool with IGEL Smartcard Token * Remote Management by setup.ini file transfer (TFTP) * Remote Access via RSH * Legacy Philips Speech Driver * t-Systems TCOS Smartcard Support * DUS Series touch screens * Elo serial touch screens * IGEL Smartcard without locking desktop * Video Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 * H.264 Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 * Storage Hotplug devices are not automatically removed anymore, instead they must be always ejected manually: - by panel tray icon - by an icon in the 'In-Session Control Bar' (configurable at `IGEL Setup > User Interface > Desktop`) - by a 'Safely Remove Hardware' session (configurable at `IGEL Setup > Accessories`) ### The following clients and features are not available in this release * Cherry eGK Channel * Open VPN Smartcard Support * NCP Secure Client * Asian Input Methods * Composite Manager Security Fixes -------------------------------------------------------------------------------- ### Firefox * Updated Mozilla Firefox to version 60.2.2esr. Security Fixes: mfsa2018-24: CVE-2018-12386, CVE-2018-12387 mfsa2018-23: CVE-2018-12385, CVE-2018-12383 mfsa2018-21: CVE-2018-12377, CVE-2018-12378, CVE-2018-12376 mfsa2018-16: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12369, CVE-2018-5187, CVE-2018-5188 mfsa2018-14: CVE-2018-6126 mfsa2018-11: CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5152, CVE-2018-5153, CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5165, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182, CVE-2018-5151, CVE-2018-5150. mfsa2018-10: CVE-2018-5148 * Firefox profile partition is now mounted at /userhome/.mozilla instead of /.ffpro. * Firefox could only be started as user. * For security reasons Java processes could not be started from a˙browser session now. * Added a registry parameter `java.browser.access` to control java access for all browser sessions. +------------+-----------------------------------------------------------------+ | IGEL Setup | Registry >˙ java > browser > access | +------------+-----------------------------------------------------------------+ | Parameter | `Allow browser to use java` | +------------+-----------------------------------------------------------------+ | Registry | `java.browser.access` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Network * Disabled ICMP redirects. * Changed default LoginGraceTime from 120 to 30 sec. * Added new registry keys for a secure sshd configuration. +------------+-----------------------------------------------------------------+ | Parameter | `Permit X11 forwarding` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_server.x11_forwarding` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Show banner` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_server.show_banner` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Permit tcp tunnel forwarding` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_server.permit_tcp_forwarding` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Fixed SCEP client certificate request file access rights. ### Base system * Added apparmor as an additional security layer for components like Firefox, evince, dhcpclient and cups. +------------+-----------------------------------------------------------------+ | Parameter | `Enable apparmor profiles` | +------------+-----------------------------------------------------------------+ | Registry | `system.security.apparmor` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * For security reasons graphical terminal sessions could now only be started by an administrator when an admin password is set. Administrator must authenticate before a terminal session is started. This does also affects graphical terminal sessions spawned by applications. * To allow users to start a terminal session again a registry key is defined. +------------+-----------------------------------------------------------------+ | Parameter | `User shell terminal` | +------------+-----------------------------------------------------------------+ | Registry | `system.security.usershell` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Fixed open-vm-tools security issue CVE-2015-5191. * Fixed procps security issues CVE-2018-1126, CVE-2018-1125, CVE-2018-1124, CVE-2018-1123 and CVE-2018-1122. * Fixed imagemagick security issues CVE-2018-9133, CVE-2018-8960, CVE-2018-8804, CVE-2018-7443, CVE-2018-5248, CVE-2018-11251, CVE-2018-10177, CVE-2017-18273, CVE-2017-18271, CVE-2017-18252, CVE-2017-18211, CVE-2017-18209, CVE-2017-17914, CVE-2017-17879, CVE-2017-17682, CVE-2017-17681, CVE-2017-17504, CVE-2017-16546, CVE-2017-15281, CVE-2017-15277, CVE-2017-15017, CVE-2017-15016, CVE-2017-15015, CVE-2017-14989, CVE-2017-14741, CVE-2017-14739, CVE-2017-14682, CVE-2017-14626, CVE-2017-14625, CVE-2017-14624, CVE-2017-14607, CVE-2017-14532, CVE-2017-14531, CVE-2017-14505, CVE-2017-14400, CVE-2017-14343, CVE-2017-14342, CVE-2017-14341, CVE-2017-14325, CVE-2017-14249, CVE-2017-14224, CVE-2017-14175, CVE-2017-14174, CVE-2017-14173, CVE-2017-14172, CVE-2017-14060, CVE-2017-13769, CVE-2017-13768, CVE-2017-13758, CVE-2017-13145, CVE-2017-13144, CVE-2017-13143, CVE-2017-13142, CVE-2017-13139, CVE-2017-13134, CVE-2017-12983, CVE-2017-12877, CVE-2017-12875, CVE-2017-12693, CVE-2017-12692, CVE-2017-12691, CVE-2017-12674, CVE-2017-12670, CVE-2017-12643, CVE-2017-12640, CVE-2017-12587, CVE-2017-12563, CVE-2017-12435, CVE-2017-12432, CVE-2017-12431, CVE-2017-12430, CVE-2017-12429, CVE-2017-12140, CVE-2017-11640, CVE-2017-11639, CVE-2017-11537, CVE-2017-11535, CVE-2017-11533, CVE-2017-11352, CVE-2017-10995, CVE-2017-1000476, CVE-2017-1000445, CVE-2018-13153, CVE-2018-12600 and CVE-2018-12599. * Fixed elfutils security issues CVE-2017-7613, CVE-2017-7612, CVE-2017-7611, CVE-2017-7610, CVE-2017-7609, CVE-2017-7608, CVE-2017-7607, CVE-2016-10255 and CVE-2016-10254. * Fixed ghostscript security issues CVE-2018-10194, CVE-2016-10317, CVE-2018-16802, CVE-2018-16585, CVE-2018-16543, CVE-2018-16542, CVE-2018-16541, CVE-2018-16540, CVE-2018-16539, CVE-2018-16513, CVE-2018-16511, CVE-2018-16509, CVE-2018-15911, CVE-2018-15910, CVE-2018-15909, CVE-2018-15908, CVE-2018-11645, CVE-2018-1, CVE-2018-17183 and CVE-2018-16510. * Fixed icu security issue CVE-2017-15422. * Fixed webkit2gtk security issues CVE-2018-4200, CVE-2018-4165, CVE-2018-4163, CVE-2018-4162, CVE-2018-4161, CVE-2018-4146, CVE-2018-4133, CVE-2018-4129, CVE-2018-4128, CVE-2018-4127, CVE-2018-4125, CVE-2018-4122, CVE-2018-4120, CVE-2018-4119, CVE-2018-4118, CVE-2018-4117, CVE-2018-4114, CVE-2018-4113, CVE-2018-4101, CVE-2018-4233, CVE-2018-4232, CVE-2018-4222, CVE-2018-4218, CVE-2018-4199, CVE-2018-4190, CVE-2018-12293, CVE-2018-4284, CVE-2018-4278, CVE-2018-4273, CVE-2018-4272, CVE-2018-4270, CVE-2018-4267, CVE-2018-4266, CVE-2018-4265, CVE-2018-4264, CVE-2018-4263, CVE-2018-4262, CVE-2018-4261, CVE-2018-4246 and CVE-2018-12911. * Fixed perl security issues CVE-2018-6913, CVE-2018-6798, CVE-2018-6797, CVE-2017-6512, CVE-2016-6185 and CVE-2018-12015. * Fixed poppler security issues CVE-2017-18267 and CVE-2018-13988. * Fixed openssl security issues CVE-2018-0739, CVE-2018-0737, CVE-2018-0737, CVE-2018-0732 and CVE-2018-0495. * Fixed tiff security issues CVE-2018-5784, CVE-2017-9936, CVE-2017-9935, CVE-2017-9815, CVE-2017-9404, CVE-2017-9403, CVE-2017-9147, CVE-2017-9117, CVE-2017-7602, CVE-2017-7601, CVE-2017-7600, CVE-2017-7599, CVE-2017-7598, CVE-2017-7597, CVE-2017-7596, CVE-2017-7595, CVE-2017-7594, CVE-2017-7593, CVE-2017-7592, CVE-2017-5563, CVE-2017-18013, CVE-2017-17095, CVE-2017-13727, CVE-2017-13726, CVE-2017-12944, CVE-2017-11613, CVE-2017-11335, CVE-2017-10688, CVE-2016-5318, CVE-2016-5102, CVE-2016-3186, CVE-2016-10371, CVE-2016-10269, CVE-2016-10268, CVE-2016-10267 and CVE-2016-10266. * Fixed libvncserver security issue CVE-2018-7225. * Fixed libvorbis security issue CVE-2018-5146. * Fixed samba security issues CVE-2018-1057, CVE-2018-1050, CVE-2018-10919 and CVE-2018-10858. * Fixed wget security issue CVE-2018-0494. * Fixed bluez security issue CVE-2017-1000250. * Fixed libgcrypt20 security issue CVE-2018-0495. * Fixed file security issue CVE-2018-10360. * Fixed gnupg2 security issue CVE-2018-12020. * Fixed isc-dhcp security issues CVE-2018-5733, CVE-2018-5732, CVE-2018-573, CVE-2017-3144 and CVE-2016-2774. * Fixed curl security issues CVE-2018-1000303, CVE-2018-1000301, CVE-2018-1000300, CVE-2018-1000122, CVE-2018-1000121, CVE-2018-1000120, CVE-2017-8818, CVE-2018-14618 and CVE-2018-0500. * Fixed python3.5 security issues CVE-2017-1000158, CVE-2016-5636, CVE-2016-1000110 and CVE-2016-0772. * Fixed zlib security issues CVE-2016-9843, CVE-2016-9842, CVE-2016-9841 and CVE-2016-9840. * Fixed libsoup2.4 security issue CVE-2018-12910. * Fixed libjpeg-turbo security issue CVE-2018-1152. * Fixed ntp security issues CVE-2018-7185 and CVE-2018-7183. * Fixed libpng1.6 security issue CVE-2018-13785. * Fixed cups security issues CVE-2018-6553, CVE-2018-4181, CVE-2018-4180, CVE-2018-418 and CVE-2017-18248. * Fixed libpng security issue CVE-2016-10087. * Fixed policykit-1 security issue CVE-2018-1116. * Fixed jansson security issue CVE-2016-4425. * Fixed libmspack security issues CVE-2018-14682, CVE-2018-14681, CVE-2018-14680 and CVE-2018-14679. * Fixed libonig security issues CVE-2017-9229, CVE-2017-9228, CVE-2017-9227, CVE-2017-9226 and CVE-2017-9224. * Fixed libxcursor security issue CVE-2015-9262. * Fixed heimdal security issue CVE-2017-17439. * Fixed libarchive security issues CVE-2017-14503, CVE-2017-14501, CVE-2017-14166, CVE-2016-10350, CVE-2016-10349 and CVE-2016-10209. * Fixed libxml2 security issues CVE-2018-14567, CVE-2018-14404, CVE-2017-18258 and CVE-2016-9318. * Fixed confuse security issue CVE-2018-14447. * Fixed libgd2 security issues CVE-2018-5711 and CVE-2018-1000222. * Fixed libx11 security issues CVE-2018-14600, CVE-2018-14599, CVE-2018-14598, CVE-2016-7943 and CVE-2016-7942. * Fixed mpg123 security issues CVE-2017-10683 and CVE-2016-1000247. * Fixed libtirpc security issues CVE-2018-14622, CVE-2017-8779 and CVE-2016-4429. * Fixed jq security issue CVE-2015-8863. * Fixed bind9 security issue CVE-2018-5740. * Fixed lcms2 security issue CVE-2018-16435. * Fixed xdg-utils security issue CVE-2017-18266. * Restricted access to command su to root and user. * Root home is now /root. * Removed system group (GID 0) which shadowed root group (GID 0). * Stricter folder and file permissions. ### X11 system * Restricted desktop icon creation to administrator only. Therefore, "/userhome/Desktop" is owned by root now. Known Issues -------------------------------------------------------------------------------- ### Citrix Receiver 13 * On devices with AMD/Radeon graphics chipsets and activated DRI3 X driver option the hardware accelerated Citrix H.264 decoder plugin can hang. To solve this issue deactivation of DRI3 option is necessary (default setting). Selective H.264 mode (api v2) is not affected from this issue. * Citrix StoreFront login with Gemalto smart card middleware does not detect smart card correctly when the card is inserted after start of login. As a workaround, insert the smart card before starting StoreFront login. * The Citrix Receiver has known issues with gstreamer1.x. This causes problems with multimedia redirection of H264, MPEG1 and MPEG2. Gstreamer1.x is used if browser content redirection is active. ### Parallels Client * Native USB redirection does not work with Parallels Client. * For using the new FIPS 140-2 compliance mode it is necessary due to a bug in the Parallels-Client to connect to the Parallels RAS one time with FIPS support disabled. ### VMware Horizon * VMware Horizon Client for Linux 4.8.0 supports FIPS Mode on only. VMware Horizon server installations up to version 7.5 are supported. * External drives are mounted already before connection, do not appear in the remote desktop. Workaround: mapping the directory /media as a drive on desktop. The external devices will show up within the media drive then. * Client drive mapping and USB redirection for storage devices should not be enabled both at the same time. - On the one hand, when using USB redirection for storage devices: The USB on-insertion feature is only working when the client drive mapping is switched off. In the IGEL Setup client drive mapping can be found in: `Sessions > Horizon Client > Horizon Client Global > Drive Mapping > Enable Drive Mapping`. It is also recommended to disable local `Storage Hotplug` on setup page `Devices > Storage Devices > Storage Hotplug`. - On the other hand, when using drive mapping instead, it is recommended to either switch off USB redirection entirely or at least deny storage devices by adding a filter to the USB class rules. Furthermore Horizon Client relies on the OS to mount the storage devices itself. Enable local `Storage Hotplug` on setup page `Devices > Storage Devices > Storage Hotplug`. ### OpenConnect VPN * VPNs which requires the OpenConnect client cannot be used for firmware updates. ### Appliance Mode * Appliance mode RHEV/Spice: spice-xpi Firefox plugin is no longer supported. The "Console Invocation" has to allow native client (auto is also possible) and it should start in fullscreen to prevent opening windows. ### Hardware * Sometimes the DVI Port on a UD6 is not recognized by the Linux system after booting up. The only available way to solve the issue is to shut down and disconnect the Thin Client from Power (1-2 minutes) and connect and power up it again. * Suspend is not working on UD10 so the support for suspend is disabled. ### Smartcard * In seldom cases the authentication hung when using A.E.T. SafeSign smartcards. ### IGEL Cloud Gateway * No support for UMS file transfer status in ICG protocol. New Features -------------------------------------------------------------------------------- ### Citrix Receiver 13 * Integrated **Citrix Receiver 13.10**. Citrix Receiver version 13.7.0 was removed. Citrix Receiver version 13.8.0 was removed. Available Citrix Receiver versions: 13.5.0, 13.9.1, 13.10 (default) - Enable Browser content redirection for rendering of whitelisted webpages on the IGEL Thin Client. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Citrix XenDesktop > HDX / ICA Global > HDX Multimedia | +------------+-----------------------------------------------------------------+ |Parameter |`Browser content redirection` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.webpageredirection` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ - Enhanced Citrix retail logging. +------------+-----------------------------------------------------------------+ |Parameter |`Citrix Logging` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.syslogthreshold` | +------------+-----------------------------------------------------------------+ |Value |**0** (default) / 3 / 7 | +------------+-----------------------------------------------------------------+ > 0 = Disabled > 3 = Log only errors > 7 = Log all levels - Enable Port forwarding. +------------+-----------------------------------------------------------------+ |Parameter |`Portforward` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.portforward` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ - Workspace configuration parameter for Citrix Cloud is now available on setup page. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Citrix XenDesktop > HDX / ICA Global > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Connect to cloud` | +------------+-----------------------------------------------------------------+ |Registry |`ica.cloudconnect` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ - Added a registry key to control the visibility of the Citrix connection bar for desktop sessions. If activated, the In-Session Control Bar should be disabled at `userinterface.igel_toolbar.enable` and `userinterface.igel_toolbar.show_always`. This enables the control of the new 'Multi-monitor layout persistence' feature. +------------+-----------------------------------------------------------------+ |Parameter |`Citrix Connection Bar` | +------------+-----------------------------------------------------------------+ |Registry |`ica.allregions.connectionbar` | +------------+-----------------------------------------------------------------+ |Value |**factory default** (default) / off / on / server determined | +------------+-----------------------------------------------------------------+ - Added a registry key to control the availability of deprecated cipher suites: TLS_RSA_AES256_GCM_SHA384, TLS_RSA_AES128_GCM_SHA256, TLS_RSA_AES256_CBC_SHA256, TLS_RSA_AES256_CBC_SHA, TLS_RSA_AES128_CBC_SHA, TLS_RSA_3DES_CBC_EDE_SHA. Factory default: true/enabled. Citrix explicitly remarks: > Important: > Set the flag enable_tls_rsa to true to use the other two cipher suites Enable_RC4-MD5 and Enable_RC4_128_SHA. +------------+-----------------------------------------------------------------+ |Parameter |`TLS RSA cipher suites` | +------------+-----------------------------------------------------------------+ |Registry |`ica.allregions.enable_tls_rsa` | +------------+-----------------------------------------------------------------+ |Value |**factory default** (default) / false / true | +------------+-----------------------------------------------------------------+ - Added a registry key to control the availability of the deprecated cipher suite: RC4-MD5 Factory default: false/disabled. +------------+-----------------------------------------------------------------+ |Parameter |`RC4-MD5 cipher suite` | +------------+-----------------------------------------------------------------+ |Registry |`ica.allregions.enable_rc4_md5` | +------------+-----------------------------------------------------------------+ |Value |**factory default** (default) / false / true | +------------+-----------------------------------------------------------------+ - Added a registry key to control the availability of the deprecated cipher suite: RC4_128_SHA Factory default: false/disabled. +------------+-----------------------------------------------------------------+ |Parameter |`RC4_128_SHA cipher suite` | +------------+-----------------------------------------------------------------+ |Registry |`ica.allregions.enable_rc4_128_sha` | +------------+-----------------------------------------------------------------+ |Value |**factory default** (default) / false / true | +------------+-----------------------------------------------------------------+ * Added **Selective H.264** (API v2) to the hardware accelerated Citrix deep compression codec. XenDesktop/XenApp server policy: Use video codec for compression -> For actively changing regions * Added DRI3 acceleration support to the hardware accelerated Citrix deep compression codec (for INTEL and AMD graphics adapters). * Enable debugging to log file /var/log/user/ctxh264.log: +------------+-----------------------------------------------------------------+ | Parameter | `Enable H264 codec debug output` | +------------+-----------------------------------------------------------------+ | Registry | `ica.hw-accelerated-h264-codec-debug` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added Kerberos Passthrough (domain passthrough) authentication to StoreFront. Configurable at Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > StoreFront Logon > Authentication Type * Updated Citrix HDX RTME used for optimization of Skype for Business to 2.6.0-2030. This new version adds the support for hardware accelerated H.264 en- and decoding on AMD platforms. See https://support.citrix.com/article/CTX236304 section "Capability Checker for Linux platforms" how to enable hardware decoding with Citrix VDA registry keys DisableLinuxAMDH264HardwareDecoding and SupportedAMDHWAVideoCardList. The capability check program RTOP-CapabilityChk-x64 is already installed at path /services/ica/hdx_rtme/RTOP-CapabilityChk-x64. The check program must be run with user permissions. * Added display of logged on Citrix username in screen lock, when screen lock password is synchronized with Citrix password. * Added checkbox to activate autostart of a single published application/desktop session. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > Citrix StoreFront/Web Interface > Login | +------------+-----------------------------------------------------------------+ | Parameter | `Start a single published application automatically` | +------------+-----------------------------------------------------------------+ | Registry | `ica.pnlogin.autostart_single_application` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added Lakeside SysTrack virtual channel in Citrix, RDP and Horizon sessions. Activation via following parameters in Setup. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Mapping > Device Support | +------------+-----------------------------------------------------------------+ | Parameter | `Lakeside Systrack channel` | +------------+-----------------------------------------------------------------+ | Registry | `ica.module.virtualdriver.lakeside.enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > RDP > RDP Global > Mapping > Device Support | +------------+-----------------------------------------------------------------+ | Parameter | `Lakeside Systrack channel` | +------------+-----------------------------------------------------------------+ | Registry | `rdp.winconnect.plugins.lakeside.use` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > Performance | +------------+-----------------------------------------------------------------+ | Parameter | `Lakeside Systrack` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.lakeside_systrack` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Updated Olympus dictation channel for Citrix to version 20180621. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Mapping > Device Support | +------------+-----------------------------------------------------------------+ | Parameter | `Olympus channel for dictation` | +------------+-----------------------------------------------------------------+ | Registry | `ica.module.virtualdriver.olycom.enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added CrossMatch / DigitalPersona channel for Citrix version 0515. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Citrix XenDesktop /XenApp > HDX / ICA Global > Mapping > Device Support | +------------+-----------------------------------------------------------------+ | Parameter | `Crossmatch DigitalPersona fingerprint channel` | +------------+-----------------------------------------------------------------+ | Registry | `ica.module.virtualdriver.dpicacnt.enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### RDP/IGEL RDP Client 2 * Support for new RDP 10 codec AVC444 (H.264), which reduces network bandwidth with Server 2016 and Windows 10 hosts. AMD Radeon graphics is required on the client side. Other graphics hardware (e.g. Intel) as well as other RDP 10 codecs (AVC420 and AVC444V2) will be supported in the future. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > RDP > RDP Global > Performance | +------------+-----------------------------------------------------------------+ | Parameter | `Hardware accelerated codecs AVC420/AVC444 (H.264)` | +------------+-----------------------------------------------------------------+ | Registry | `rdp.winconnect.enable-h264` | +------------+-----------------------------------------------------------------+ | Value | **auto** (default) / on / off | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > RDP > RDP Sessions > Session Name > Performance | +------------+-----------------------------------------------------------------+ | Parameter | `Hardware accelerated codecs AVC420/AVC444 (H.264)` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.winconnect%.option.enable-h264` | +------------+-----------------------------------------------------------------+ | Value | **Global setting** (default) / auto / on / off | +------------+-----------------------------------------------------------------+ > The value "auto" enables supported codecs on supported hardware. > The value "on" enables supported codecs on all hardware. > The value "off" disables H.264 codecs. * Added new parameter ignore_errors to RDP Session config to suppress RDP error messages. +------------+-----------------------------------------------------------------+ | Registry | `sessions.winconnect%.ignore_errors` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added Olympus dictation channel for RDP version 20180621. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > RDP > RDP Global > Mapping > Device Support | +------------+-----------------------------------------------------------------+ | Parameter | `Olympus channel for dictation` | +------------+-----------------------------------------------------------------+ | Registry | `rdp.winconnect.plugins.olyvc.use` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### UD Pocket * UD Pocket demo license registration dialog will now show an option to set up proxy servers when IGEL servers cannot be reached. * Updated the page displayed for the UD Pocket demo registration. It can be choosen now whether a partner or the customer is setting up the device, before displaying the form asking for customer information. ### Parallels Client * Updated Parallels client to version 16.5.1.20446 (32-Bit) * Added support for FIPS 140-2 compliance +------------+-----------------------------------------------------------------+ | IGEL Setup | System > Registry | +------------+-----------------------------------------------------------------+ | Parameter | `Enable support for FIPS 140-2 compliance` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.twox%.connection.fips_compliance` | +------------+-----------------------------------------------------------------+ | Value | enabled / disabled (default) | +------------+-----------------------------------------------------------------+ ### VMware Horizon * Updated Horizon client to version 4.8.0-8518891. ### ThinLinc * Updated ThinLinc client to version 4.9.0. - Shadowing notification is now more reliable and interactive, allowing end users more control of their sessions. - More than 80 minor enhancements and fixes. See https://www.cendio.com/thinlinc/docs/relnotes/4.9.0. ### RedHat Enterprise Virtualization client * Updated spice components (virt-viewer 7.0, spice-gtk 0.35). * Removed support for spice-xpi plugin. ### X session (Xephyr) * Added support for X sessions configurable at `IGEL Setup > Sessions > X Sessions`. The available XDMCP connection types: indirect via localhost, indirect, direct and broadcast. With the additional connection type "local display" a command can be specified, that will be displayed inside the X session window. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > X Sessions > X Session > Server | +------------+-----------------------------------------------------------------+ | Parameter | `Connection type` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.xnest.server.connectiontype` | +------------+-----------------------------------------------------------------+ | Range | [Indirect via localhost] [Indirect] [Direct] [Broadcast] | | | [Local display] | +------------+-----------------------------------------------------------------+ | Value | **Indirect via localhost** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > X Sessions > X Session > Server | +------------+-----------------------------------------------------------------+ | Parameter | `Command to be displayed` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.xnest.server.runcommand` | +------------+-----------------------------------------------------------------+ ### Firefox * Updated Mozilla Firefox to version 60.2.2 ESR. * The initial page displayed by firefox with default settings is now https://kb.igel.com instead of the older https://edocs.igel.com. * Updated Adobe Flash Player download URL to version 31.0.0.122. * Removed the webapp specific options, this feature was removed from Firefox and is not relevant anymore. * Moved 'Browser Certificate' configuration to page Sessions > Browser > Browser Global > Certificates. Moved 'Browser Security Device' configuration to page Sessions > Browser > Browser Global > Smartcard Middleware. * Added Fluendo FFmpeg GStreamer proxy: Provides ffmpeg-libavcodec-compatible library, which is needed for H.264 playback in firefox. Instead decoding by standard ffmpeg libraries, the video stream is redirected to gstreamer framework. ### Network * SCEP: Added subject alternative name type "DNS Name as UPN (auto)". This is similar to "DNS Name (auto)". In the CSR the result is a Microsoft User Principal Name (UPN) that consists of the hostname. * NetworkManager updated to version 1.2.6. ### Cisco JVDI Client * Integrated new **Cisco Jabber Softphone for VDI** (Cisco JVDI client) version 12.0.0 as feature with limited functionality. See product documentation for details -> https://kb.igel.com/cisco-jvdi/en Activation of this feature at: System > Firmware Customization > Features > Cisco JVDI client Only Citrix Receiver 13.9.1 is supported. +------------+-----------------------------------------------------------------+ | Parameter | `Log Level` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.ciscovxme.log_level` | +------------+-----------------------------------------------------------------+ | Range | [Info] [Warning] [Error] [Fatal] [Debug] [Trace] | +------------+-----------------------------------------------------------------+ | Value | **Debug** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Unified Communications > Cisco JVDI Client | +------------+-----------------------------------------------------------------+ | Parameter | `Cisco JVDI Client` | +------------+-----------------------------------------------------------------+ | Registry | `ica.module.virtualdriver.vdcisco.enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled**(default) | +------------+-----------------------------------------------------------------+ > Registry path for Common JVDI options: `multimedia.ciscovxme.**` ### Java * Updated Oracle Java Runtime Environment to version 1.8.0 U181. ### Smartcard * Updated SecMaker Net iD to version 6.7.0.23. * Updated HID Global Omnikey smartcard reader driver to version 4.3.3. * updated cryptovision sc/interface to version 7.1.9. Changelog since version 7.0.5: - Fixed an error during certificate registration using the MS Minidriver for MS VSC. Compatible with sc/interface cache version 1.2 or higher. - Fixed an error where writing a certificate using the Minidriver for MS VSC corrupted the Container-ID. As a result the key could not be used using CNG/CAPI. - Fixed an error during certificate registration using the Minidriver for MS VSC where some Container-ID's could not be used by CNG/CAPI. - General Bug Fixes. - Fixed error during profile creation on JCOP3 with ePasslet-Suite 3.0 - Added support for additional BWI card profiles based on CardOS-5.x. Versions 1.7, 1.8, 1.9, 4.2, 4.3 and 4.4. Support 4k RSA for 1.9 and 4.4. - Fixed support for remote logon in sc/interface cache. - Fixed "Free after use" in ReadOnly Minidriver. - PKCS#11 Fixed MS VSC (GIDSv2) support. - PKCS#11 Fixed CardOS-4.x "non sc/interface card profile" support. - MS VSC (GIDSv2) Support for PKCS#11 - Maximum CKA_ID length reduced to 25 bytes! - Support for JCOP3 and Infineon JTOP - DolphinV2. - Support for cryptovision's ePasslet-Suite-3.0. - New ePKIApplet-2.129 for JCOP3, SCE7 and JTOP (DolphinV2) with up to 4096 bits RSA and 512 bits - EC support, PACE optional. - RegisterTool plugins now available in Setup. Removed from"support\RegisterTool_Plugins". - New sc/interface Minidriver support for MS VSC (instead of the MS Minidriver) to allow extended PIN cache configuration. - Added support for sc/interface cache version 1.0 for Minidriver/ReadOnly Minidriver and PKCS#11. - Cross-application PIN cache for Windows 8.1 and later. - WARNING: No longer compatible with Credential Cache (CSP). When there are any questions, support@cryptovision.com should be contacted. - Added macOS CTK Token Driver for 10.12 and later. Unfortunately, after the installation, a shell script must be executed to enable the full functionality. - Removed macOS tokend support beginning with version 10.12, installation of 10.10 can be used if needed. - WARNING: macOS tokend support will discontinue, usage of new CTK Token Driver is necessary. - Re-Added cvSimpleCardProv for Windows (based on 6.4.2) to enabled the default login selection, see "support\CredentialProvider". * Updated OpenSC library to version 0.19.0. Improved handling of PIV and CAC ALT token. ### Base system * Updated to kernel version 4.18.11. * Added new GStreamer 1.x support version 1.14.2. There will only ever be GStreamer in version 1.0 or version 0.10. By default, clients run with the version they have best support for. The provided registry key can be used to override the automatic detection/setting and pin a single version if required. +------------+-----------------------------------------------------------------+ | Parameter | `Fluendo GStreamer Codec Version` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.gstreamer.version` | +------------+-----------------------------------------------------------------+ | Range | [1.x] [0.10] [automatic] | +------------+-----------------------------------------------------------------+ | Value | **automatic** | +------------+-----------------------------------------------------------------+ * With GStreamer 1.x the new Parole player is used for media player sessions. When there occur problems with the new player, a switch back to totem/GStreamer 0.10 media player is possible by `Fluendo GStreamer Codec Version` parameter. * Added optional logoff button in taskbar when the screenlock is active. +------------+-----------------------------------------------------------------+ | IGEL Setup | Security > Logon > Taskbar | +------------+-----------------------------------------------------------------+ | Parameter | `Show logoff button` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock_taskbar_logged_in.logoff_button` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Mobile broadband configuration dialog now provides a simple mode, that displays 3 dropdown boxes to select country, provider and access point (plan). The former version is available via an 'Expert Mode' button. * IGEL Setup Assistant enhancements: - displaying page for mobile broadband configuration whn any mobile broadband modem is detected. - displaying page to show broken network connectivity - desktop icon will now be displayed when the assistant was not yet finished. - the assistant is now always started on devices without IGEL license, that are not registered at UMS - new icon design * Added support for chinese, japanese, korean and thai fonts. * KVM kernel modules added. * Added USB power off on shutdown in IGEL UD7 (H850C) and IGEL UD3 (M340C). The feature can be configured by the parameter: (default: deactivated). +------------+-----------------------------------------------------------------+ | Parameter | `Power off on shutdown` | +------------+-----------------------------------------------------------------+ | Registry | `devices.usb.poweroff_shutdown` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added policiykit-1-gnome session agent to get a gui interface for actions which requires root authentification. * Added remote (network attached) logging via rsyslog . - Server mode is possible, though limited and intended for short-term debugging. - Client mode allows to filter and send commands to multiple remotes. +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Remote mode` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.remote_mode` | +------------+-----------------------------------------------------------------+ | Range | [Server] [Client] [Off] | +------------+-----------------------------------------------------------------+ | Value | **Off** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Custom client config entries` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.client_custom` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Template for log file storage` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.template` | +------------+-----------------------------------------------------------------+ | Value | **/var/log/%HOSTNAME%/messages** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Local port` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.input%.port` | +------------+-----------------------------------------------------------------+ | Value | **514** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Transport protocol` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.input%.transport` | +------------+-----------------------------------------------------------------+ | Range | [TCP] [UDP] | +------------+-----------------------------------------------------------------+ | Value | **TCP** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Local Address` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.input%.local_address` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Name` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.input%.name` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Remote port` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.output%.port` | +------------+-----------------------------------------------------------------+ | Value | **514** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Transport protocol` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.output%.transport` | +------------+-----------------------------------------------------------------+ | Range | [TCP] [UDP] | +------------+-----------------------------------------------------------------+ | Value | **TCP** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Remote address` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.output%.address` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Syslog facility` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.output%.facility` | +------------+-----------------------------------------------------------------+ | Range | [Any] [AUTH] [CRON] [DAEMON] [FTP] [KERN] [LPR] [MAIL] [NEWS] | | | [USER] [UUCP] | +------------+-----------------------------------------------------------------+ | Value | **Any** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | System -> Remote Syslog | +------------+-----------------------------------------------------------------+ | Parameter | `Syslog level` | +------------+-----------------------------------------------------------------+ | Registry | `system.syslog.output%.level` | +------------+-----------------------------------------------------------------+ | Range | [Any] [EMERG] [ALERT] [CRIT] [ERR] [WARNING] [NOTICE] [INFO] | | | [DEBUG] | +------------+-----------------------------------------------------------------+ | Value | **Any** | +------------+-----------------------------------------------------------------+ * Shutdown or suspend by inactivity. +------------+-----------------------------------------------------------------+ | IGEL Setup | System > Power Options > System | +------------+-----------------------------------------------------------------+ | Parameter | `System action on inactivity` | +------------+-----------------------------------------------------------------+ | Registry | `system.power_management.system_standby.ac_action` | +------------+-----------------------------------------------------------------+ | Range | [Suspend (default)][Shutdown] | +------------+-----------------------------------------------------------------+ * Enhanced "Change Password" utility to be able changing the following items of the logged on user: - password of local user (screen lock password). - PIN of IGEL smartcard. - PIN of PKCS#11 smartcard. ### CUPS Printing * Added PrinterLogic support, Version 18.2.1.128 +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `Manage printers by Printer Installer Client` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.active` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `HomeURL Protocol` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.homeurl.protocol` | +------------+-----------------------------------------------------------------+ | Value | `https://` (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `HomeURL Hostname` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.homeurl.hostname` | +------------+-----------------------------------------------------------------+ | Value | `.printercloud.com` (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `Authorization Code` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.auth.crypt_password` | +------------+-----------------------------------------------------------------+ | Value | `` (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `Mapping in sessions > ICA Sessions` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.map_ica` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `Mapping in sessions > RDP Sessions` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.map_rdp` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `Mapping in sessions > NX Sessions` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.map_nxclient` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > PrinterLogic | +------------+-----------------------------------------------------------------+ | Parameter | `Mapping in sessions > Parallels Client Sessions` | +------------+-----------------------------------------------------------------+ | Registry | `printerlogic.map_twox` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Driver * Added Kofax virtual channel for signature pads in Citrix sessions. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Citrix XenDesktop/XenApp -> HDX/ICA Global -> Mapping -> Device Support | +------------+-----------------------------------------------------------------+ | Parameter | `Kofax SPVC Signature Pad Channel` | +------------+-----------------------------------------------------------------+ | Registry | `ica.module.virtualdriver.spvc.enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added configuration to change the dynamic power management settings for ATI graphics driver. +------------+-----------------------------------------------------------------+ | Parameter | `ATI dynamic power management` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.ati.dpm` | +------------+-----------------------------------------------------------------+ | Range | [default][enable][disable] | +------------+-----------------------------------------------------------------+ | Value | **default** (default) | +------------+-----------------------------------------------------------------+ * Added the possibility to change the dynamic power management settings for graphics AMDGPU driver. +------------+-----------------------------------------------------------------+ | Parameter | `AMDGPU dynamic power management` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.amdgpu.dpm` | +------------+-----------------------------------------------------------------+ | Range | [default][enable][disable] | +------------+-----------------------------------------------------------------+ | Value | **default** (default) | +------------+-----------------------------------------------------------------+ * Added possibility to use generic modesetting graphics driver instead of the hardware specific one. New registry keys: +------------+-----------------------------------------------------------------+ | Parameter | `Use generic modesetting driver for ATI hardware.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.ati.use_modesetting` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use generic modesetting driver for AMDGPU hardware.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.amdgpu.use_modesetting` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use generic modesetting driver for INTEL hardware.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.intel.use_modesetting` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use generic modesetting driver for NVIDIA hardware.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.nouveau.use_modesetting` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use generic modesetting driver for VIA hardware.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.via.use_modesetting` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Bluetooth * Added new 'Bluetooth Autopairing Wizard' for IGEL OS installations without keyboard or mouse available, but with unpaired bluetooth keyboard/mouse. The 'Autopairing Wizard' is started together with IGEL Setup Assistant. ### Appliance Mode * In 'Appliance Mode' the wireless manager can now be invoked from the In-Session control bar. Furthermore, it will be automatically started when no network connection can be established. Prerequisites: A WiFi device is availabe and the following registry keys are set to true: - network.interfaces.wirelesslan.device0.active - network.applet.wireless.enable_connection_editor * It is possible to use Accessories, VPN connections and other session types in 'Appliance Mode' now. The access to those session types must be explicitely enabled by a new parameter `Appliance Mode Access`. The possible starting methods: **XDMCP Appliance mode**: Hotkey **All other Appliance modes**: Desktop icon, Desktop Context Menu,Application Launcher (+ System tab), Hotkey, Autostart +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> ICA Connection Center | +------------+-----------------------------------------------------------------+ |Registry |`sessions.icaconncenter0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Task Manager | +------------+-----------------------------------------------------------------+ |Registry |`sessions.taskmanager0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Application Launcher | +------------+-----------------------------------------------------------------+ |Registry |`sessions.launcher0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Firmware Update | +------------+-----------------------------------------------------------------+ |Registry |`sessions.firmware_update0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Quick Settings | +------------+-----------------------------------------------------------------+ |Registry |`sessions.usersetup0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Sound Preferences | +------------+-----------------------------------------------------------------+ |Registry |`sessions.mixer0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Disk Removal | +------------+-----------------------------------------------------------------+ |Registry |`sessions.storage_dcdm0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Disk Utility | +------------+-----------------------------------------------------------------+ |Registry |`sessions.storage_info0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Commands | +------------+-----------------------------------------------------------------+ | |User Interface -> Hotkeys -> Commands | +------------+-----------------------------------------------------------------+ |Registry |`sessions.commands.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Registry |`sessions.wmcommands.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Webcam Information | +------------+-----------------------------------------------------------------+ |Registry |`sessions.webcaminfo0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Touchscreen Calibration | +------------+-----------------------------------------------------------------+ |Registry |`sessions.touchcalib0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |User Interface -> Screen Lock/Saver | +------------+-----------------------------------------------------------------+ |Registry |`sessions.xlock0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Monitor Calibration | +------------+-----------------------------------------------------------------+ |Registry |`sessions.xpattern0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Network Tools | +------------+-----------------------------------------------------------------+ |Registry |`sessions.gnome-nettool0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Screenshot Tool | +------------+-----------------------------------------------------------------+ |Registry |`sessions.screenshooter0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> System Information | +------------+-----------------------------------------------------------------+ |Registry |`sessions.device_manager0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Bluetooth Tool | +------------+-----------------------------------------------------------------+ |Registry |`sessions.bluetooth0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Display Switch | +------------+-----------------------------------------------------------------+ |Registry |`sessions.user_display0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Identify Monitors | +------------+-----------------------------------------------------------------+ |Registry |`sessions.screenid0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> System Log Viewer | +------------+-----------------------------------------------------------------+ | |Accessories -> System Log Viewer -> Options | +------------+-----------------------------------------------------------------+ |Registry |`sessions.systemviewer0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Registry | `userinterface.setup.displaynames.add_layout.appliance_mode_access` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Terminals -> Local Terminal | +------------+-----------------------------------------------------------------+ |Registry |`sessions.xterm.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions -> SSH -> SSH Session | +------------+-----------------------------------------------------------------+ | |Sessions -> SSH -> SSH Session -> Desktop Integration | +------------+-----------------------------------------------------------------+ |Registry |`sessions.ssh.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |System -> Firmware Customization -> Custom Application -> Custom Application | +------------+-----------------------------------------------------------------+ | |System -> Firmware Customization -> Custom Application -> Custom Application -> Desktop Integration | +------------+-----------------------------------------------------------------+ |Registry |`sessions.custom_application.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories -> Mobile Device Access | +------------+-----------------------------------------------------------------+ |Registry |`sessions.mtp-devices0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Network -> VPN -> Open VPN | +------------+-----------------------------------------------------------------+ | |Network -> VPN -> Open VPN -> OpenVPN Connection | +------------+-----------------------------------------------------------------+ | |Network -> VPN -> Open VPN -> OpenVPN Connection -> Desktop Integration | +------------+-----------------------------------------------------------------+ |Registry |`sessions.openvpn.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Network -> VPN -> OpenConnect VPN | +------------+-----------------------------------------------------------------+ | |Network -> VPN -> OpenConnect VPN -> VPN OpenConnect | +------------+-----------------------------------------------------------------+ | |Network -> VPN -> OpenConnect VPN -> VPN OpenConnect -> Desktop Integration | +------------+-----------------------------------------------------------------+ |Registry |`sessions.openconnect.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Network -> VPN -> genucard | +------------+-----------------------------------------------------------------+ | |Network -> VPN -> genucard -> Desktop Integration | +------------+-----------------------------------------------------------------+ |Registry |`sessions.genucard_vpn_connection0.appliance_mode_access` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### X11 system * Set of **User Interface > Display > Options > Monitor DPI** now automatically affects the size of the mouse cursor, the panel height, the desktop icons, the application launcher, the size of the start menu and the window manager decorations. ### VirtualBox * Added VirtualBox as feature with limited support. Activation of the feature at: System > Firmware Customization > Features > VirtualBox. Added new registry keys under `virtualbox` and `sessions.virtualbox`. ### Audio * Updated Pulseaudio to version 12.0-1. * The resample method in Pulseaudio can now be configured by the newly introduced parameter 'resample-method'. +------------+-----------------------------------------------------------------+ | Parameter | `Resample method` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.pulseaudio.daemon.resample-method` | +------------+-----------------------------------------------------------------+ | Range | [soxr-vhq] [soxr-hq] [soxr-mq] [speex-float-10] [speex-float-5] | | | [speex-float-3] [speex-float-1] | +------------+-----------------------------------------------------------------+ | Value | **speex-float-1** | +------------+-----------------------------------------------------------------+ ### Media Player (Parole/Totem) * Added new parole media player 1.0.1-0ubuntu1. It is used for media player sessions by default now. When there occur problems with the new player, switch back to totem/GStreamer 0.10 media player is possible by setting `Fluendo GStreamer Codec Version` parameter to 0.10. +------------+-----------------------------------------------------------------+ | Parameter | `Fluendo GStreamer Codec Version` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.gstreamer.version` | +------------+-----------------------------------------------------------------+ | Range | [1.x] [0.10] [automatic] | +------------+-----------------------------------------------------------------+ | Value | **automatic** | +------------+-----------------------------------------------------------------+ * Added RTSP/RTMP support to parole media player / gstreamer 1.x. * The following parameters are only functional with Totem media player/GStreamer 0.10 and not for Parole media player : +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Media Player -> Media Player Global -> Window | +------------+-----------------------------------------------------------------+ | Parameter | `Automatically resize the player window when a new video is loaded` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.auto_resize` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Media Player -> Media Player Global -> Window | +------------+-----------------------------------------------------------------+ | Parameter | `Main window should stay on top` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.window_on_top` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Media Player -> Media Player Global -> Playback | +------------+-----------------------------------------------------------------+ | Parameter | `Visualization size` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.visual_quality` | +------------+-----------------------------------------------------------------+ | Range | [Small] [Normal] [Large] [Extra Large] | +------------+-----------------------------------------------------------------+ | Value | **Small** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Media Player -> Media Player Global -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Network connection speed` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.connection_speed` | +------------+-----------------------------------------------------------------+ | Range | [56 kbps Modem/ISDN] [112 kbps Dual ISDN/DSL] | | | [256 kbps DSL/Cable] [384 kbps DSL/Cable] [512 kbps DSL/Cable] | | | [1.5 mbps T1/Intranet/LAN] [Intranet/LAN] | +------------+-----------------------------------------------------------------+ | Value | **Intranet/LAN** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Enable deinterlacing` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.deinterlace` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Enable debug` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.debug` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Network buffering threshold` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.network_buffer_threshold` | +------------+-----------------------------------------------------------------+ | Value | **2** | +------------+-----------------------------------------------------------------+ * As the Media Player Browser Plugin is not supported with Firefox 60 ESR, the following parameters are not available anymore: +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Media Player -> Media Player Global -> Browser Plugin | +------------+-----------------------------------------------------------------+ | Parameter | `Video output` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.browser_plugin.video_sink` | +------------+-----------------------------------------------------------------+ | Range | [Default] [Auto] [Hardware Accelerated] [X Video Extension] | | | [X Window System] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Media Player -> Media Player Global -> Browser Plugin | +------------+-----------------------------------------------------------------+ | Parameter | `Aspect ratio` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.mediaplayer.browser_plugin.aspect_ratio` | +------------+-----------------------------------------------------------------+ | Range | [Default] [Auto] [Square] [4:3 (TV)] [16:9 (Widescreen)] | | | [2.11:1 (DVB)] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ ### Evidian * Integrated Evidian AuthMgr version 1.5.6840. - Evidian AuthMgr sessions can be configured at "IGEL Setup > Sessions > Evidian AuthMgr > Evidian AuthMgr Sessions" (registry keys: sessions.rsuserauth%). - Evidian AuthMgr global settings can be configured at "IGEL Setup > Sessions > Evidian AuthMgr > Evidian AuthMgr Global" (registry keys: evidian). * Added support for Custom catalog of messages. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Sessions -> Evidian AuthMgr Session -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Language selection` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.rsuserauth.parameters.message_catalog` | +------------+-----------------------------------------------------------------+ | Range | [Automatic] [English (UK)] [English (US)] [German] [French] | | | [Custom] | +------------+-----------------------------------------------------------------+ | Value | **Automatic** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Global -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Language selection` | +------------+-----------------------------------------------------------------+ | Registry | `evidian.message_catalog` | +------------+-----------------------------------------------------------------+ | Range | [Global setting] [English (UK)] [English (US)] [German] [French]| | | [Custom] | +------------+-----------------------------------------------------------------+ | Value | **Global setting** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Global -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Custom catalog of messages` | +------------+-----------------------------------------------------------------+ | Registry | `evidian.custom_message_catalog` | +------------+-----------------------------------------------------------------+ | Value | **/services/evidian/share/locale/en/rsUserAuth.cat** | +------------+-----------------------------------------------------------------+ * Added support for Evidian Data Partition. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Global -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Evidian AuthMgr Data Partition` | +------------+-----------------------------------------------------------------+ | Registry | `evidian.datapart.enabled` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Global -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Size` | +------------+-----------------------------------------------------------------+ | Registry | `evidian.datapart.size` | +------------+-----------------------------------------------------------------+ | Value | **10** | +------------+-----------------------------------------------------------------+ * Added support for Password Authentication. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Sessions -> Evidian AuthMgr Session -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Allow password authentication` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.rsuserauth.parameters.password_authentication` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Sessions -> Evidian AuthMgr Session -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Allow password forgotten` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.rsuserauth.parameters.password_forgotten` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions -> Evidian AuthMgr -> Evidian AuthMgr Sessions -> Evidian AuthMgr Session -> Options | +------------+-----------------------------------------------------------------+ | Parameter | `Default domain name for password authentication` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.rsuserauth.parameters.password_default_domain` | +------------+-----------------------------------------------------------------+ ### Misc * Added support for local scanning as feature with limited support. Activate the feature at: System > Firmware Customization > Features > Scanner support / SANE This has been tested with a Canon LiDE 120 scanner. Registry keys. +------------+-----------------------------------------------------------------+ | Parameter | `Scanner support / SANE` | +------------+-----------------------------------------------------------------+ | Registry | `services.unsupported03.enabled` | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ > This must be enabled for the feature to become active and the remaining keys > to be valid. +------------+-----------------------------------------------------------------+ | Parameter | `Enable scanner daemon` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.daemon` | +------------+-----------------------------------------------------------------+ | Range | [none] [scanbd] [saned] | +------------+-----------------------------------------------------------------+ | Value | **none** | +------------+-----------------------------------------------------------------+ > The key determines the daemon to be started. scanbd is necessary for > handling buttons on the scanner. It runs saned when necessary (and the > scanner is available). saned alone provides scanning functionality to local > and remote applications (xsane, scanimage, ..). If none is selected the > system can still be used as a client for remote scanner servers (using xsane > or scanimage). +------------+-----------------------------------------------------------------+ | Parameter | `Allowed remote clients` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.allowed_clients` | +------------+-----------------------------------------------------------------+ > The key may contain a space-separated list of hosts and networks (CIDR > notation) that are allowed to connect to a local server. +------------+-----------------------------------------------------------------+ | Parameter | `Remote scanners` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scannerclient.remote` | +------------+-----------------------------------------------------------------+ > This may contain a space-separated list of remote scanner servers to be used > by local applications (xsane, scanimage). It is only relevant if no local > server is configured. * The remaining keys influence scanner button handling. For each button there is an instance of the devices.scanner.scanbd.action% template. * In order to keep scanner button handling flexible the default handling may be replaced by custom scripts. Details of the default handling are listed at the end of this section. +------------+-----------------------------------------------------------------+ | Parameter | `Scanner button name` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.button` | +------------+-----------------------------------------------------------------+ > This contains the (symbolic) name of the button. There are currently four > predefined instances of the template where the value is 'file', 'scan', > 'copy', and 'email' respectively. (These refer to the buttons on a Canon > LiDE 120 from left to right where 'file' may be labeled 'PDF') +------------+-----------------------------------------------------------------+ | Parameter | `Allow while nobody is logged in` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.allow_lockpanel_logged_out` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ > If this is set to false, the button is ignored when nobody is logged in (only > relevant when local logon is configured) +------------+-----------------------------------------------------------------+ | Parameter | `Allow while screen is locked` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.allow_lockpanel_logged_in` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ > When this is set to false, the button is ignored while the screen is locked. +------------+-----------------------------------------------------------------+ | Parameter | `scanbd custom action` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.custom_cmd` | +------------+-----------------------------------------------------------------+ > This may contain a custom button handling command. The value is empty by > default. If it is not, the value will be passed to "bash -c .." and the > default button handling will not be effective. The consequence is that > entering some space characters results in disabling the button. +------------+-----------------------------------------------------------------+ | Parameter | `Directory` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.directory` | +------------+-----------------------------------------------------------------+ | Value | **/tmp** | +------------+-----------------------------------------------------------------+ > Set the target directory for scan results. +------------+-----------------------------------------------------------------+ | Parameter | `Format` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.format` | +------------+-----------------------------------------------------------------+ | Range | [pnm] [tiff] [png] [jpeg] | +------------+-----------------------------------------------------------------+ | Value | **jpeg** | +------------+-----------------------------------------------------------------+ > Determines the image format (passed as argument to scanimage). +------------+-----------------------------------------------------------------+ | Parameter | `Color mode` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.mode` | +------------+-----------------------------------------------------------------+ | Range | [Color] [Gray] [Lineart] | +------------+-----------------------------------------------------------------+ | Value | **Gray** | +------------+-----------------------------------------------------------------+ > Determines the color mode (passed as argument to scanimage). +------------+-----------------------------------------------------------------+ | Parameter | `Resolution in dpi` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.resolution` | +------------+-----------------------------------------------------------------+ | Range | [75] [100] [150] [300] [600] [1200] [2400] [4800] | +------------+-----------------------------------------------------------------+ | Value | **300** | +------------+-----------------------------------------------------------------+ > Determines the resolution (passed as argument to scanimage). +------------+-----------------------------------------------------------------+ | Parameter | `Brightness` | +------------+-----------------------------------------------------------------+ | Registry | `devices.scanner.scanbd.action%.brightness` | +------------+-----------------------------------------------------------------+ | Value | **0** | +------------+-----------------------------------------------------------------+ > Determines the brightness (passed as argument to scanimage). * Default button handling script: There is a default button handling script /etc/scanbd/scripts/action. It might be used as a potential starting point for custom button handling. The script handles the four buttons of a Canon LiDE 120 in the following ways: - 'file' results in a PDF document that contains a series of pages where each page contains a scan result acquired with scanimage according to the settings. This needs user interaction on the local machine's desktop. - 'scan' results in an image file that is silently created and stored according to the settings. - 'copy' makes the script use scanimage according to the settings, convert the resulting image to PDF and send it to the default printer. This obviously requires that a printer is configured. - 'email' just results in xsane being started. The following settings are not respected in this case: -- devices.scanner.scanbd.action%.directory -- devices.scanner.scanbd.action%.format -- devices.scanner.scanbd.action%.mode -- devices.scanner.scanbd.action%.resolution -- devices.scanner.scanbd.action%.brightness ### TC Setup (Java) * Updated TC Setup to version 5.9.11. * Added an additional local administrator access to IGEL setup. The local administrator password is configurable at **Security > Password** setup page. The page permissions are configurable at **Accessories > Setup > Setup Administrator Permissions** setup page. * Reworked Accessories > Commands and User Interface > Hotkeys > Commands setup pages. * Reworked 'Storage Hotplug' setup page. ### Remote Management * Added support for UMS File Transfer Status. * Added a new configuration to prevent an user from canceling UMS actions like firmware update, reboot, shutdown, etc. through the UMS notification dialog. +------------+-----------------------------------------------------------------+ | Parameter | `Allow user to cancel UMS actions` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.rmagent.cancel_usermessage` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ ### Fabulatech * FabulaTech USB for Remote Desktop updated to versions 5.2.29; FabulaTech FTPlugin updated to version 3.4.0. * Support for some specific devices has been improved. Resolved Issues -------------------------------------------------------------------------------- ### Citrix Receiver 13 * Fixed: Now applications may displayed in application launcher independently from startmenu. * Fixed Citrix Azure Cloud login window. * Added a new window manager tweak to automatically unmap unwanted Citrix fragment windows when seamless apps are used. +------------+-----------------------------------------------------------------+ | Parameter | `Auto-close unwanted Wfica windows` | +------------+-----------------------------------------------------------------+ | Registry | `windowmanager.tweaks.SUPPRESS_WFICA_WINDOW_IN_SEAMLESS_SESSION` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Fixed native USB redirection with Citrix receiver 13.10. * Fixed black rectangle around 32-bit mouse icons. * Fixed sound playback over Nuance channel. * Fixed stopping of the Pulseaudio PCM I/O plugin which is used by Citrix Receiver for sound output and recording. * When using the Citrix login method the system language is used now * Fixed a problem with the parameter ica.pnlogin.suppressconnectiondialog, connection messages are suppressed as desired. ### RDP/IGEL RDP Client 2 * Fixed locking in smartcard transactions. * Fixed audio recording in RDP sessions. * Fixed $HOSTNAME to work for RDP login when variable substitution is enabled. +------------+-----------------------------------------------------------------+ | IGEL Setup | System > Firmware Customization > Environment Variables | +------------+-----------------------------------------------------------------+ | Parameter | `Enable variable substitution in session` | +------------+-----------------------------------------------------------------+ | Registry | `system.environment_variables.enable_application_variables` | +------------+-----------------------------------------------------------------+ | Value | **enabled** / disabled (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > RDP > RDP Global > Local Logon | +------------+-----------------------------------------------------------------+ | Parameter | `Type` | +------------+-----------------------------------------------------------------+ | Registry | `rdp.login.saveusertype` | +------------+-----------------------------------------------------------------+ | Value | **Set user/domain from session setup** / Set user/domain from last login (default) | +------------+-----------------------------------------------------------------+ * Added Arabic (101) keyboard layout to RDP client. * Added MultiPointServer 2016 to supported servers for RDP MultiPoint Server appliance. ### RD Web Access * Fixed wrong RDP Remote Application icon when opening a application twice. * Fixed unexpected behavior when maximizing/minimizing RDP Remote Applications. ### VMware Horizon * Added possibility to make certificate verification mandatory. +------------+-----------------------------------------------------------------+ | Parameter | `Allow change of certificate verification mode` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.ssl-verify-mode-change-allow` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Fixed H.264 hardware decoding for Horizon. ### PowerTerm * Fixed printing to CUPS printers in PowerTerm. * Added TLS-1.2 in list of SSL Versions for PowerTerm on page Sessions->PowerTerm Terminal Emulation->PowerTerm Sessions->session name->Connection. ### Parallels Client * Fixed: Authentication fails with Gemalto smart cards * Fixed: Sometimes remote session windows remain on screen after one was logged off from the remote session * Fixed: Remote session closes unexpectedly * Fixed: Combination of "CTRL-C" doesn't work in remote session. * Improved: Use of multiple monitors. * Fixed: Client might hang while watching YouTube videos. * Fixed: Multiple USB drives might not be auto-mapped to a remote session * Fixed: Logoff from a remote session blocks Linux desktop with a black screen. ### Firefox * Fixed occasional loss of trusted certificates in Firefox. Certificates transmitted via UMS filetransfer were not reinstalled when Firefox profile was rebuilt. * Fixed PDF Plugin in Firefox browser. * Removed the browser plugin option from RHEV/Spice as it is no longer supported. * Removed the browser plugin option from SecMaker as it is no longer supported. ### Network * Fixed failing Wake-on-LAN configuration after update on shutdown. Particularly UD2-LX40 devices were affected. * Fixed bug in the GetCA operation for SCEP: An intermediate certificate in addition to the root certificate and any RA certificates resulted in confusion. * sscep version is now 0.6.1 * CA certificate fingerprint is now mandatory for SCEP. So far it could be left empty for debugging purposes. * Added parameter to specify whether a slash (/) is appended to SCEP URL. The slash is needed e.g. with Microsoft servers, but not with Nexus servers. +------------+-----------------------------------------------------------------+ | Parameter | `Append slash (/) to SCEP server URL` | +------------+-----------------------------------------------------------------+ | Registry | `network.scepclient.cert0.scepurlappendslash` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Fixed generating certificate request if challenge password or other fields include special characters like $, #, quotes or spaces in SCEP. * Reaction to Ethernet 802.1X reauthentication failure is now configurable. +------------+-----------------------------------------------------------------+ |Parameter |Restart on reauthentication failure | +------------+-----------------------------------------------------------------+ |Registry |network.interfaces.ethernet.device%.ieee8021x.restart_on_reauth_failure | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ > The default value preserves the traditional behaviour. If the registry key is > set to enabled the network connection will get restarted when a > reauthentication failure occurs. This way the system might switch to a guest > VLAN where authentication is not required. * Added support for SFTP protocol (enabled as default) configurable with new registry key. +------------+-----------------------------------------------------------------+ | Parameter | `Enable SFTP server` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_server.enable_sftp_server` | +------------+-----------------------------------------------------------------+ | Value | disabled / **enabled** (default) | +------------+-----------------------------------------------------------------+ * Improved general security in regards of SCEP ### WiFi * Fixed non working Mediatek MT7630e WiFi driver. * Added several WiFi drivers (Realtek 8188eu, 8822be, 8150, 8187, 8192ce, 8192de, 8192ee, 8723ae, 8821ae....) to the firmware. * Re-enforce configuration after IGEL Setup Assistant exits to ensure consistent state between configuration and system. * Added drivers for Realtek rtl8723de and rtl8822be WiFi devices. * Added support for StarTech USB300WN2X2C Wireless-N WiFi adapter ### Smartcard * Updated OpenSC library to version 0.19.0. Improved handling of PIV and CAC ALT token and other improvements. * Fixed problem with ActivClient smart cards in VMware Horizon sessions. Before this fix, smartcard access inside the session was blocked. +------------+-----------------------------------------------------------------+ | Parameter | `Smartcard SCardConnect in non-blocking mode` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.pcsc-connect-nonblocking` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Improved PC/SC lite daemon to handle attributes SCARD_ATTR_DEVICE_FRIENDLY_NAME_W and SCARD_ATTR_DEVICE_SYSTEM_NAME_W. * Updated Cherry USB2LAN Proxy to version 3.0.0.6. - Fixed an issue where the SICCT listener was not restarted when a SICCT connection has been closed by the EGK device (ORS-880). - Fixed TLS errors resulting from re-using channels before the EGK device confirmed the disconnection of the previous connection (ORS-735). - Increase connection handshake timeout from 1 second to 20 seconds. This is necessary as the EGK device (G87-1505, firmware 2.108.3) does not process the handshake immediately in all situations. (ORS-735). - Added timestamp to log output. * Fixed AD/Kerberos log on with smartcard and 'Smartcard Removal Action': Lock Thin Client. * Fixed custom PKCS#11 module for VMware Horizon logon. Before this fix, the parameters did not get effective. +------------+-----------------------------------------------------------------+ | Parameter | `Horizon logon with custom PKCS#11 module` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.pkcs11.use_custom` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Path to the library` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.pkcs11.custom_path` | +------------+-----------------------------------------------------------------+ | Value | `` (default) | +------------+-----------------------------------------------------------------+ * Fixed error in IGEL Smartcard which prevented login with personalized cards when certain card holder names contained non-ASCII characters. ### HID * Added support for Wacom HID 483C touchscreens (HP Pro x2 612 g2). * Fixed non working Lenovo KBRFBU71 wireless keyboard. * Fixed mouse button mapping. ### CUPS Printing * Fixed HPLIP related printer drivers. * Added missing 'LaserJet 200 color MFP M276 Postscript' to 'Printer Names' for manufacturer HP in the TC Setup under Devices > Printer > CUPS > Printers. ### Application Launcher * Fixed display order of DNS servers in 'Application Launcher' and 'About' dialog. ### Open VPN * Fixed no retry in case the client key passphrase was entered incorrectly. ### Base system * IGEL Setup Assistant fixes: - Fixed startup on first boot. - Retain network configuration if exited via cancel. - Fixed graphical glitches - Fixed WiFi configuration - Prevent startup if an administrator passphrase is set (e.g. from a IGEL System 5 migration). * Fixed "System suspend on inactivity" showing the suspend dialog directly after system resume. * Fixed the custom bootsplash scaling when multiple monitors are configured. Necessary to force a re-installation of the custom bootsplash for this fix to take effect. To force a re-installation: - Trigger the "Update desktop customization" command via UMS or - Press the "Bootsplash update" button at `IGEL Setup > System > Firmware Customization > Corporate Design > Custom Bootsplash`. * Fixed sporadic problems with custom bootsplash and wallpaper installation. * Fixed the buddy update server so that UD Pocket devices can also update from buddy update servers. * Fixed handling of custom environment variables. If values contained white spaces the variables could not be set. * Fixed reboot/shutdown when triggered from the lock screen panel. * Improved support for IGEL UD7 with additional graphic card. * Removed maximize button from on-screen keyboard window. * Fixed deletion of debuglog partition content when booted in emergency boot. * Fixed handling of optional partitions which are not active as default while booting in emergency mode. * Fixed instability in authentication module pam_igelsession.so in some special cases. * Fixed ECDSA/ECDH support in HEIMDAL libraries. * Fixed black screen issues if hostname contains other characters as A-Z a-z 0-9 . _ - ' . * Improved debuglog partition based login. * Restricted access to command **su** to root and user. * Root home is now /root. * Removed **system** group (GID 0) which shadowed **root** group (GID 0). * Stricter folder and file permissions. * Prevent flickering problems on 4k 60Hz screens. ### Storage Devices * Fixed mount issue of PTP devices (Mobile Device Access USB feature must be enabled). * Fixed double detection of MTP and PTP. MTP is preferred over PTP now (Mobile Device Access USB feature must be enabled). ### Appliance Mode * Fixed configuration of post session commands via UMS profile: There is no second reboot required anymore to apply the settings properly in Appliance Mode. ### X11 system * Fixed automatic order selection of screens for IGEL UD7. * Fixed order of desktop wallpapers for IGEL UD7 when the additional graphics card is installed. * Fixed screen stays black problem on UD3-LX. * Fixed non loading DRM/KMS driver on Spectra Nise 106. * Added possibility to change the framebuffer compression for AMDGPU driver. +------------+-----------------------------------------------------------------+ | Parameter | `AMDGPU framebuffer compression.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.amdgpu.use_fbc` | +------------+-----------------------------------------------------------------+ | Range | [default][enable][disable] | +------------+-----------------------------------------------------------------+ | Value | **default** (default) | +------------+-----------------------------------------------------------------+ * Fixed **sessions.user_display0.options.lid_events** work for eDP also. * Fixed VESA only boot with UEFI system. * AMDGPU stability fixes applied. * Fixed issue with screen configuration for certain cases. * Fixed screen configuration getting in endless loop with multi monitor setups. * Fixed memleak in igel_drm_daemon. * Fixed DRI2 memleak with AMDGPU driver. * Changed **x.xserver0.force_reconfig** registry key (former bool now range). +------------+-----------------------------------------------------------------+ | Parameter | `Force a display reconfiguration` | +------------+-----------------------------------------------------------------+ | Registry | `x.xserver0.force_reconfig` | +------------+-----------------------------------------------------------------+ | Range | [default][only on Xorg start/restart][always][never] | +------------+-----------------------------------------------------------------+ | Value | **default** (default) | +------------+-----------------------------------------------------------------+ * Usage of `only on Xorg start/restart` as new default for AMDGPU based devices. * Removed `x.xserver0.composite` registry key to prevent problems with AMD/ATI devices. * Fixed screen remains black when 'Monitor Probing (DDC)' option is "Off", configurable at setup page User Interface > Display > Options. * Added possibility to configure graphic displays only if DPMS state is not OFF. +------------+-----------------------------------------------------------------+ | Parameter | `Do not reconfigure if monitors are in DPMS off state` | +------------+-----------------------------------------------------------------+ | Registry | `x.xserver0.config_on_dpms_on` | +------------+-----------------------------------------------------------------+ | Value | disabled / **enabled** (default) | +------------+-----------------------------------------------------------------+ ### Window manager * On-Screen Keyboard will keep aspect ratio when resized via double click on edge. ### Shadowing/VNC * Fixed instability of 'Secure Shadowing' connector. ### Audio * Added a workaround for button handling of Sennheiser USB headsets. * Fixed saving and restoring of volume controls in Pulseaudio and ALSA. * Improved consistency while storing of changed volume values. * Fixed missing audio output over DVI to HDMI/DP in IGEL UD2 (D220). * Fixed configuration of the default sound output or input on hardware when presence detection in jack connector is missing. ### Hardware * Fixed non working StarTech.com USB2DVIPRO2 DisplayLink graphics adapter. * Fixed freezes of Intel Baytrail devices. * Fixed non working DisplayLink USB graphics adapter after reboot. ### Remote Management * Fixed zero touch deployment by adding a timeout to the Setup Assistant abort message. * Fixed computation of Unit ID. The Unit ID is the identification key of the thin client in UMS, and also thin client licenses will be bound to the Unid ID. Now the Unit ID is computed once and persistently saved. It consists of the serial number of UD Pocket or the MAC address of a network interface. When multiple network interfaces are present, the interface is selected taking following attributes into account: if a license bound to the interface exists, how it is connected (PCI, SDIO, USB or other) and if it is wireless or wired. It is best practice not to connect external network interfaces when a freshly installed thin client device is booted for the first time, so that the Unit ID will consist of a MAC address of a network interface which cannot be removed from the thin client device. * Fixed monitor serial numbers not shown in UMS. * Fixed 'Bluetooth Asset Inventory' zombie when bluetooth dongle is removed. * Fixed UMS filetransfer - now filetransfer action is triggered also if only the file classification was changed. * Fixed "Update on shutdown" UMS job which could be stucked if update is failed once for some reasons.