Release: IGEL Universal Desktop LX/OS 5.07.100

IGEL Linux
==========
Version 5.07.100
Release date 2015-07-31
Last update of this document 2015-07-20

Supported devices:
IZ2-RFX, IZ2-HDX, IZ2-HORIZON
IZ3-RFX, IZ3-HDX, IZ3-HORIZON
UD2-LX 40, UD2-LX 31, UD2-LX 30
UD3-LX 42, UD3-LX 41, UD3-LX 40, UD3-LX 31
UD5-LX 50, UD5-LX 40, UD5-LX 30
UD6-LX 51
UD9-LX Touch 31, UD9-LX 30
UD10-LX Touch 10, UD10-LX 10

The online Release Notes can be found at http://edocs.igel.com/index.htm#10203510.htm
Registry Keys of parameters are listed there.

==============
Versions:
==============
Clients:
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.8.0-258
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.4.281908
– Citrix Receiver 13.1.4.322630
– Dell vWorkspace Connector for Linux 8.5.0
– Ericom PowerTerm 10.1.0.0.20140313.1-_dev_-31580
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– Evidian AuthMgr 1.3.5664
– FabulaTech USB for Remote Desktop 5.1.0
– Firefox 38.1.0
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NCP Secure Client (Enterprise) 3.25-rev23310-i686
– Open VPN 2.3.2
– NX Client 4.6.3
– Oracle JRE 1.8.0_51
– Parallels 2X Client 14.1.3414
– Remote Viewer 2.0 for RedHat Enterprise Virtualization Desktops
– Systancia AppliDis 4.0.0.14
– Thinlinc Client 4.4.0-4775
– ThinPrint Client 7.0.65
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon client 3.4.0-2769709
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.3.5

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.3.0.50
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.5
– Reader Driver MUSCLE CCID 1.4.19
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems SDI011 5.0.18
– Reader Driver Identive / SCM Microsystems CCID 5.0.33
– Resource Manager PC/SC Lite 1.8.12

System Components:
– Graphics Driver ATI 7.3.0
– Graphics Driver INTEL 2.99.910
– Graphics Driver VIA 5.76.52.92-151843
– Kernel 3.13.11-ckt20 #54.91-ud-r1292
– Xorg X11 Server 1.15.1
– Xorg Xephyr 1.15.1

==============
Information:
==============

IMPORTANT:
This release integrates three Citrix Receiver versions: 12.1.8, 13.0.4 and 13.1.4.
Only one of these versions can be active at a time.
You can change the Receiver version in IGEL Setup/UMS on page
“Sessions->Citrix XenDesktop / XenApp->Citrix Receiver Selection”
==============
Known issues:
==============

[Citrix]
– It can happen that the window of a published Firefox can get unusable when the window is maximized,
then minimized and maximized again. This can also happen to other applications, too.

[Citrix Receiver 13]
– Randomly seamless application window are displayed twice in a dual monitor setup.

[VMware Horizon]
– Remote Applications are not seamless in the strict sense.
These are rather displayed in an extra window decorated by the TC’s window manager.
– If more applications defined and started in the same session, all are displayed inside this window.
The default size of this window can be defined in the Window section of the Horizon session.
– PCoIP user input language synchronization is currently broken.

[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display errors when
dragged to the screen edges.
– With a dual monitor configuration flash redirected windows can appear on wrong screen.
– After the start of a seamless session the window is initially maximized before being
resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection may not work reliable.
– Session starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[Genucard VPN]
– Network loss, network reconfiguration or dis- and reconnecting genucard requires session restarts

[Evidian AuthMgr]
– Active Directory users with a password containing special characters may have problems to
authenticate with the configured session.
Known special characters which results in errors are:
$ (dollar sign, ASCII code 36)
` (grave accent, ASCII code 96)
´ (acute accent, ASCII code 239)

[Universal MultiDisplay]
– X-Sessions don’t work with UMD currently.
– Java TC Setup can show display corruptions.

==============
IGEL Linux 5.07.100
==============
New Features:
==============

[Citrix]
– Updated Citrix Receiver 13.1 to new version 13.1.4.322630
– Added a host name length check: If a host name has more than 20 characters it might cause problems under
some server configurations, therefore StoreFront/XenApp Login displays a warning notification.
Registry key:
“Check hostname length” ica.pnlogin.check_hostname (default: enabled / disabled).
– Upgraded Citrix Lync RTME to 1.8.0-258. The new version supports both Lync 2010 Client and
Lync 2013 Client in a virtual desktop or a seamless application.
– StoreFront/XenApp Login uses predefined user and domain also without autologon function.
– Improved the visual feedback of starting Citrix sessions with the browser. Now there will be displayed a popup notification
with application name.

[RDP/IGEL RDP Client 2]
– Added RD Web Access server e-mail discovery. Configurable at:
“IGEL Setup->Sessions->RDP->Remote Desktop Web Access->Server”
By setting “Server configuration” to “Ask user”, the user gets a dialog
either to enter his e-mail for e-mail discovery or to enter the hole Server URL to the Web Access Server.
– Added MultiPoint Server support as an IGEL appliance mode.
The appliance can be enabled at:
IGEL Setup->Sessions->Appliance Mode
Set the “Appliance mode” to “RDP MultiPoint Server”. The server will be automatically detected.
A target server could be predefined by “Connect to server once it has been found” parameter.
If this server has been found, a RDP connection will be established immediately.
– Implemented support for Hardware Video Acceleration in RDP-EVOR Video Redirection.

[VMware Horizon]
– Update VMware Horizon client to version 3.4.0-2769709
– Added Local Logon for Horizon Sessions:
IGEL Setup->Sessions->Horizion Client->Horizont Client Global->Local Logon
Registry keys: vmware.login.*
This new feature allows customization of the login mask for VMWare Horizon Sessions, predefinition of the
user, password and/or domain field and storing of the last login credentials.
Moreover, the new local logon can be used for both, session and appliance mode.
Additional possibilities of customization (i.e. height/width of login mask, custom logo, custom title) can be
found in the registry under: vmware.login.*

[2X Client]
– Updated 2X Client to Parallels 2X Client 14.1.3414
Added new “RemoteFX” option
IGEL Setup->Sessions->Parallels 2X Client->Parallels 2X Sessions->[session name]->Experience
Registry key: sessions.twox<NR>.experience.remotefx (defaut: enabled / disabled)

[NX client]
– Updated NoMachine NX Client to version 4.6.3

[ThinLinc]
– Updated ThinLinc client to version 4.4.0-4775
– Added Multi Monitor configuration with parameter “Full screen all monitor”:
IGEL Setup->Sessions->ThinLinc->ThinLinc Global->Window
thinlinc.full_screen_all_monitors; default: enabled / disabled
IGEL Setup->Sessions->ThinLinc->ThinLinc Sessions->[session name]->Window
sessions.thinlinc<NR>.config.full_screen_all_monitors; default: enabled / disabled

[Firefox]
– Updated Firefox to version 38.1.0 ESR
– Updated Flash Player download URL to version 11.2.202.491
– Added possibility to preset proxy connection for Browser Session with username, password and realm
IGEL Setup->Sessions->Browser->Browser Global->Proxy:
“Proxy Realm” browserglobal.app.conv_proxy_preset_cred.realm
“Username” browserglobal.app.conv_proxy_preset_cred.username
“Password” browserglobal.app.conv_proxy_preset_cred.crypt_password

– Added parameters to change the behaviour of URL bar suggestions:
IGEL Setup->Sessions->Browser->Browser Global->Privacy:
“Suggest visited sites in URL bar” browserglobal.app.browser_urlbar_suggest_history; default: enabled / disabled
“Suggest only typed visited sites” browserglobal.app.browser_urlbar_suggest_history_onlyTyped; default: disabled / enabled
“Suggest bookmarked sites in URL bar” browserglobal.app.browser_urlbar_suggest_bookmark; default: enabled / disabled
“Suggest open pages in URL bar” browserglobal.app.browser_urlbar_suggest_openpage; default: enabled / disabled

IGEL Setup->Sessions->Browser->[session name]->Privacy:
“Suggest visited sites in URL bar” sessions.browser<NR>.app.browser_urlbar_suggest_history; default: Global Setting;
range: Global Setting, disabled, enabled
“Suggest only typed visited sites” sessions.browser<NR>.app.browser_urlbar_suggest_history_onlyTyped; default: Global Setting;
range: Global Setting, disabled, enabled
“Suggest bookmarked sites in URL bar” sessions.browser<NR>.app.browser_urlbar_suggest_bookmark; default: Global Setting;
range: Global Setting, disabled, enabled
“Suggest open pages in URL bar” sessions.browser<NR>.app.browser_urlbar_suggest_openpage; default: Global Setting;
range: Global Setting, disabled, enabled

– Added parameter to enable built-in tracking protection:
Enable built-in tracking protectionIGEL Setup->Sessions->Browser->Browser Global->Privacy
“Enable built-in tracking protection” browserglobal.app.privacy_trackingprotection; default: enabled / disabled

IGEL Setup->Sessions->Browser->[session name]->Privacy
“Enable built-in tracking protection” sessions.browser<NR>.app.privacy_trackingprotection; default: Global Setting; range: Global Setting, enabled, disabled

– Added Italian and Japanese Firefox UI translation
– Added Italian dictionary for spell checking
– Renamed Setup->Sessions->Browser->[session name]->Toolbars to
Setup->Sessions->Browser->[session name]->Menus & Toolbars
– Integrated Setup->Sessions->Browser->[session name]->Toolbar Items and Setup->Sessions->Browser->[session name]->Toolbarconfig
into Setup->Sessions->Browser->[session name]->Menus & Toolbars
– Added the following buttons to the list of configurable toolbar elements:
IGEL Setup->Sessions->Browser->[session name]->Menus & Toolbars
“Navigation Toolbar” and “Application Menu”
New elements: social-share-button, loop-button, panic-button,
new-window-button, fullscreen-button, tabview-button, web-apps-button
Note that the webrtc-status-button has been replaced by loop-button!

– Added parameter “Enable Firefox Hello”
Registry: browserglobal.app.loop_enabled; default: disabled / enabled
– Added parameter “Enable Reader Mode”
Registry: browserglobal.app.readermode_enabled; default: disabled / enabled
– Added parameter “Enable Social Integration”
Registry: browserglobal.app.social_enabled; default: disabled / enabled
– Added parameter “Enable Firefox Heartbeat”
Registry: browserglobal.app.heartbeat_enabled; default: disabled / enabled

– Added parameter “Disable navigation elements in context menu”
IGEL Setup->Sessions->Browser->[session name]->Context
Registry: sessions.browser<NR>.app.disable_contextnavigation; default: disabled / enabled

– Added parameter “Use old searchbar” to enable the old searchbar prior to Firefox 38 ESR
IGEL Setup->Sessions->Browser->Browser Global->Advanced
Registry: browserglobal.app.oldsearchbar; default: disabled / enabled
IGEL Setup->Sessions->Browser->[session name]->Advanced
Registry sessions.browser<NR>.app.oldsearchbar; default: Global Setting; Range: Global Setting, enabled, disabled

– Added parameter “Disable GStreamer in Browser”
IGEL Setup->Sessions->Browser->Browser Global->Advanced
Registry: browserglobal.app.disablegstreamer; default: disabled / enabled
IGEL Setup->Sessions->Browser->[session name]->Advanced
Registry sessions.browser<NR>.app.disablegstreamer; default: Global Setting; Range: Global Setting, enabled, disabled

– Added parameter “Disable OpenGL acceleration” to IGEL Setup->Sessions->Browser->Browser Global->Advanced page

– Moved parameter “Languages for Web Pages” from
IGEL Setup->Sessions->Browser->Browser Global->Advanced to IGEL Setup->Sessions->Browser->Browser Global->Content
and from IGEL Setup->Sessions->Browser->[session name]->Advanced to IGEL Setup->Sessions->Browser->[session name]->Content, respectively.

[Network]
– Added NCP VPN Support again:
Upgraded NCP Enterprise VPN Client to version 3.25-rev23310.
– Added support for DHCP provided NTP servers.
Enable use of DHCP provided NTP servers: system.time.ntp_use_dhcp_timeservers, default: enabled
– Upgraded WPA Supplicant to version 2.1
– Upgraded Network-Manager to version 0.9.8.8
– Added possibility to set private key file for TSIG based DDNS Registration.
Setup->Network->LAN Interfaces->Key file for additional DNS authentication
– New IPv6 parameter “IPv6-Configuration” added at
IGEL Setup->Network->LAN Interfaces->Interface1
IGEL Setup->Network->LAN Interfaces->Interface2
IGEL Setup->Network->LAN Interfaces->Wireless
New registry keys:
network.interfaces.ethernet.device0.ipv6_configuration
network.interfaces.ethernet.device1.ipv6_configuration
network.interfaces.wirelesslan.device0.ipv6_configuration
Range: Compatibility mode, Disabled, Automatic, DHCPv6
Default: Compatibility mode
These specify the type of IPv6 configuration for the first and second ethernet device and the WiFi device respectively.
– “Compatibility mode” is equivalent to the behaviour of former versions of the firmware.
NetworkManager ignores the device, but the kernel does some basic configuration, particularly it assigns
a link-local address to the device.
– When “Disabled” is selected IPv6 is disabled completely.
– In the case of “Automatic” the device tries to perform an IPv6 stateless or stateful autoconfiguration
based on router advertisements. Depending on the router advertisements this involves DHCPv6 (see RFC 4861).
– “DHCPv6” is offered as an option, because it is supported by NetworkManager.
It might be used when a DHCPv6 server is available but no router advertisements. Routing has to be
configured by other means then. In practise “automatic” will normally be preferable.
In all cases IPv4 is configured in the usual way.

New registry keys:
network.interfaces.ethernet.device0.dual_stack_timeout
network.interfaces.ethernet.device1.dual_stack_timeout
network.interfaces.wirelesslan.device0.dual_stack_timeout
Type: integer
Default: 15
In the case where “IPv6-Configuration” is set to “Automatic” or “DHCPv6” this is the time in seconds that will be
waited for the other configuration, IPv4 or IPv6, to complete after the first one is done (before running the
scripts that depend on the network being up).

NOTE:
IGEL devices so far cannot communicate with the UMS via IPv6.
Therefore the major application scenario for IPv6 is the following:
– Devices still receive their IPv4 configuration and potentially IGEL-specific
DHCP options from a DHCPv4 server.
– The major part of the settings is received from the UMS via IPv4.
– Currently just the default options are requested from the DHCPv6 server.
So this is limited to receiving the IPv6 address, nameservers and the
DNS search list.
– Regarding DNS only IPv6 nameserver addresses should be delivered (in router
advertisements or DHCPv6 options). The resolver should be able to use those
for retrieving AAAA records and also A records if need be.
– Where clients and servers are prepared to use IPv6 they then will do so.
Examples: An NTP-server (“System->Time and date->NTP time server”) can be
specified as an IPv6 address or a name for which the DNS has only
an AAAA record available. Similarly in a web-browser session IPv6 will be
used when the DNS has AAAA records available for servers.

– Added configuration parameters for handling old IPv4 DHCP leases, when there is no answer from any DHCP server:
network.interfaces.ethernet.device0.dhcp_timeout_lease_handling
network.interfaces.ethernet.device1.dhcp_timeout_lease_handling
network.interfaces.wirelesslan.device0.dhcp_timeout_lease_handling
These specify the behaviour for the first and second ethernet device and the WiFi device respectively.
Range: Reject all old leases, Check leases, Accept any old lease; default: Reject all old leases
“Reject all old leases” is equivalent to the behaviour of former Linux5 systems and means that no old leases are used.
In the case of “Check leases” an old lease is considered ok if the first router answers to a ping.
“Accept any old lease” blindly accepts the first old lease offered by the DHCP client. This is dangerous and it is
reasonable only under extraordinary circumstances.

[WiFi]
– Added configuration for BSSID (MAC address) of a certain Access Point to associate with it. If the BSSID is configured,
then the WPA supplicant is restricted to associate only with this Access Point. The BSSID parameter can be set to the
string value “bestsignal”, then the BSSID of the Access Point with the best signal level is selected. The detection of
the Access Point providing best signal level is executed once during network configuration. The parameters are accessible
only by Registry in IGEL Setup:
For the first configured SSID:
“BSSID” network.interfaces.wirelesslan.device0.bssid (default: not set)
For additional SSIDs:
“BSSID” network.interfaces.wirelesslan.device0.alt_ssid<NR>.bssid (default: not set)
NOTE: Detection of the AP providing best signal level isn’t supported for VIA VNT VT6656.

[Genucard VPN]
– Added change of smartcard PIN
– Added support to rekey genucard
– Added key file extensions .key and .KEY for machine authentication private keys, to bind the Genucard
to a specific thin client.
– Added more detailed error messages
– Added logging mechanism in UI
– Updated Look & Feel

[Open VPN]
– Added Open VPN client support version 2.3.2
– Added new VPN session type OpenVPN at:
IGEL Setup->Network->VPN->Open VPN
Registry keys:
sessions.openvpn<NR>.*
For autostart:
“Enable Autostart During Boot” network.interfaces.openvpn.autostart_enabled (default: disabled / enabled)
“Autostart Session ID” network.interfaces.openvpn.autostart_session_id (default: not set)
– Supported are Open VPN client sessions using different authentication modes
– TLS
– Username/password
– Static key
Accordingly deployment (using eg. UMS or USB storage) of TLS certificate(s) onto the TC is needed.
Default directory for persistent storage of certificates is /wfs/OpenVPN.

[Smartcard]
– Added driver for smartcard reader SCM Microsystems SDI011 Contactless Reader with USB Id 0x04E6:0x512B
– Updated Identive/SCM Microsystems smartcard reader driver scmccid to version 5.0.33.
New supported readers:
USB Id Name
0x04E6:0x5816 SCT3512 Token
0x04E6:0x5817 SCT3522CC Token
0x04E6:0x581A SCT3522DI Token
0x04E6:0x5724 CLOUD 4701 F Smart Card Reader
0x04E6:0x5790 CLOUD 3700 F Contactless Reader
0x04E6:0x5791 CLOUD 3701 F Contactless Reader
0x04E6:0x5713 uTrust 2980 F Smart Card Reader
– Updated open source CCID smart card reader driver to version 1.4.19.
The following readers are newly supported:

USB Vend. USB Prod. Name
0x03EB 0x9324 IIT E.Key Almaz-1C
0x03F0 0x1024 Hewlett-Packard Company HP USB Smart Card Keyboard
0x03F0 0x104A Hewlett Packard HP USB Smartcard CCID Keyboard
0x03F0 0x581D Hewlett-Packard HP lt4112 Gobi 4G Module
0x0403 0xC587 SecuTech SecuTech Token
0x0424 0x1104 Microchip SEC1110
0x0424 0x1202 Microchip SEC1210
0x046A 0x00A1 Cherry KC 1000 SC
0x046A 0x00A2 Cherry KC 1000 SC/DI
0x046A 0x00A4 Cherry KC 1000 SC Z
0x046A 0x00A5 Cherry KC 1000 SC/DI Z
0x04E6 0x5291 SCM Microsystems Inc. SCL010 Contactless Reader
0x04F2 0x0967 Chicony USB Smart Card Keyboard
0x058F 0x9522 Alcor Micro AU9522
0x062D 0x0001 THRC Smart Card Reader
0x076B 0x5400 HID Global veriCLASS Reader
0x076B 0x5427 HID OMNIKEY 5427 CK
0x079B 0x0026 Morpho MSO350/MSO351 Fingerprint Sensor & SmartCard Reader
0x079B 0x0052 Morpho MSO1350 Fingerprint Sensor & SmartCard Reader
0x08AE 0x0BDF Macally NFC CCID eNetPad
0x08E6 0x34C5 Gemalto Ezio Shield Branch Reader
0x08E6 0x8141 Gemalto IDBridge K3000
0x096E 0x0603 PIVKey T800
0x096E 0x0608 Feitian 502-CL
0x096E 0x060D Feitian R502
0x096E 0x061A Feitian bR301
0x096E 0x080F Feitian eJAVA Token
0x09D8 0x0427 Elatec TWN4 SmartCard NFC
0x0A5C 0x5804 Broadcom Corp 5880
0x0A89 0x0080 Aktiv PINPad Ex
0x0A89 0x0081 Aktiv PINPad In
0x0BF8 0x1005 Fujitsu Siemens Computers SmartCard Keyboard USB 2A
0x0BF8 0x1006 Fujitsu Siemens Computers SmartCard USB 2A
0x0BF8 0x1022 FujitsuTechnologySolutions GmbH Keyboard KB100 SCR
0x0BF8 0x1023 FujitsuTechnologySolutions GmbH Keyboard KB100 SCR eSIG
0x0C4B 0x0504 REINER SCT cyberJack go
0x0C4B 0x0520 REINER SCT tanJack Bluetooth
0x0CA6 0x00A0 CASTLES EZCCID Smart Card Reader
0x0D46 0x301D KOBIL Systems IDToken
0x0DB5 0x0138 Access IS ePassport Reader
0x0F14 0x003D Ingenico WITEO USB Smart Card Reader
0x0F1A 0x0002 GIS Ltd SmartMouse USB
0x1050 0x0111 Yubico Yubikey NEO OTP+CCID
0x1050 0x0112 Yubico Yubikey NEO CCID
0x1050 0x0115 Yubico Yubikey NEO U2F+CCID
0x1050 0x0116 Yubico Yubikey NEO OTP+U2F+CCID
0x1059 0x0017 Giesecke & Devrient GmbH StarSign Crypto USB Token
0x15CF 0x0019 Avtor SecureToken
0x15CF 0x001D Avtor SC Reader 371
0x163C 0x0407 Watchdata USB Key
0x163C 0x0A03 Watchdata W5181
0x17EF 0x6007 Lenovo Lenovo USB Smartcard Keyboard
0x17EF 0x6055 Lenovo Lenovo USB Smartcard Keyboard
0x1862 0x0000 Teridian Semiconductors TSC12xxFV.09
0x1A44 0x0101 VASCO DIGIPASS KEY 101
0x1A44 0x0120 VASCO DIGIPASS KEY 202
0x1A44 0x0122 VASCO DIGIPASS KEY 202
0x1C34 0x8141 SpringCard NFC’Roll
0x1C34 0x91B1 SpringCard H663 Series
0x1C34 0xA1A1 SpringCard H512 Series
0x1DB2 0x088B DUALi DRAGON NFC READER
0x1FC9 0x010B NXP PR533
0x1FFA 0x000C Identive Technologies Multi-ISO HF Reader – USB
0x2021 0x0001 AK910 CKey
0x2021 0x0011 AK910 CKey
0x2021 0x0101 AK910 IDONE
0x20A0 0x4108 Crypto Stick Crypto Stick v1.4
0x20A0 0x4109 German Privacy Foundation Crypto Stick v2.0
0x20A0 0x4211 Free Software Initiative of Japan Gnuk Token
0x21AB 0x0010 Planeta RC700-NFC CCID
0x2406 0x6200 IID AT90S064 CCID READER
0x2406 0x6300 Inside Secure VaultIC 420 Smart Object
0x2406 0x6301 Inside Secure VaultIC 440 Smart Object
0x2406 0x6302 Inside Secure VaultIC 460 Smart Object
0x2406 0x6303 INSIDE Secure VaultIC 405 Smart Object
0x2406 0x6305 INSIDE Secure VaultIC 441 Smart Object
0x2406 0x6403 Inside Secure AT90SCR100
0x2406 0x6404 Inside Secure AT90SCR050
0x2406 0x6407 Inside Secure AT90SCR200
0x24A2 0x0102 SafeTech SafeTouch
0x257B 0xD205 eID_R6 001 X8
0x25DD 0x1101 Bit4id miniLector-s
0x25DD 0x1201 Bit4id cryptokey
0x25DD 0x2221 Bit4id iAM
0x25DD 0x2321 Bit4id CKey4
0x25DD 0x3111 Bit4id miniLector
0x2A17 0x0001 udea MILKO V1.
0x8829 0xCCB2 CCB eSafeLD

– Added functionality to execute commands when smartcards are inserted and removed.
The following parameters are added:
“Enable Smartcard Insert and Removal Actions” scard.scwatchd.enable (default: disabled / enabled)
“Smartcard Insert Action” scard.scwatchd.insert_action (default: not set)
command which is executed when smartcard is inserted
“Smartcard Removal Action” scard.scwatchd.removal_action (default: not set)
command which is executed when smartcard is removed

[Driver]
– Updated Philips Dictation Driver to version 12.3.5

[base system]
– Updated Fabulatech USB for Remote Desktop to version 5.1.0
– Updated Kernel to Ubuntu Trusty version 3.13-54.91
– Added Italian GUI translation.
– Added Spanish GUI translation.
– Updated TC Setup to version 4.9.13
– Reworked Power Options:
– Added new XFCE Power Manager daemon 1.4.3
– Added new battery tray icon with:
– new battery information dialog
– new brightness adjustment
– new “Presentation mode” activation, which disables DPMS and screen saver
– more reliable remaining charge and discharge time information
– Renamed IGEL Setup->System->Energy to IGEL Setup->System->Power Options
– System Suspend and CPU Power Plan options now on IGEL Setup->System->Power Options->System
– Battery options now on IGEL Setup->System->Power Options->Battery:
Removed tray icon parameters from setup page, because they are not supported anymore
by the new battery tray icon:
“Display power” windowmanager.wm0.variables.battery_indicator.display_power
“Display percentage in tooltip” windowmanager.wm0.variables.battery_indicator.tooltip_display_percentage
“Display time in tooltip” windowmanager.wm0.variables.battery_indicator.tooltip_display_time

– DPMS options at IGEL Setup->System->Power Options->Display and
IGEL Setup->User Interface->Display->Power Options: It’s possible now
to set different timeout values for battery and AC mode.
“Standby Time” (Plugged in) x.xserver0.standbytime, default: 10 Minutes
“Standby Time” (On battery) x.xserver0.standbytime_bat, default: 6 Minutes
“Suspend Time” (Plugged in) x.xserver0.suspendtime, default: 12 Minutes
“Suspend Time” (On battery) x.xserver0.suspendtime_bat, default: 8 Minutes
“Off Time” (Plugged in) x.xserver0.offtime, default: 15 Minutes
“Off Time” (On battery) x.xserver0.offtime_bat, default: 10 Minutes
From now on only certain timeout values can be set with a drop down box:
Range: Never, 1 Minute, 2 Minutes, 3 Minutes, 4 Minutes, 5 Minutes
6 Minutes, 8 Minutes, 10 Minutes, 12 Minutes
15 Minutes, 20 Minutes, 25 Minutes, 30 Minutes, 45 Minutes
1 Hour, 2 Hours, 3 Hours, 4 Hours, 5 Hours

– New display brightness configuration at IGEL Setup->System->Power Options->Display and
IGEL Setup->User Interface->Display->Power Options for battery and AC mode:
The display brightness can be automatically reduced after a configured idle time.
“Reduce after” (Plugged in) x.xserver0.brightness_on_ac; default: 9 (Never)
Range: 10 – 120 seconds, value 9 is never
“Reduce after” (On battery) x.xserver0.brightness_on_battery; default: 9 (Never)
Range: 10 – 120 seconds, value 9 is never
“On inactivity reduce to” (Plugged in) x.xserver0.brightness_level_ac; default: 80%
Value of the display brightness: 1% – 100%
“On inactivity reduce to” (On battery) x.xserver0.brightness_level_bat; default: 20%
Value of the display brightness: 1% – 100%

– Shutdown options now on IGEL Setup->System->Power Options->Shutdown

[Desktop]
– Added the possibility to define the sorting order of the buttons for application windows in the taskbar. The new
parameter is called “windowmanager.wm0.variables.tasklist_sort_order”. By default the buttons are sorted by
timestamp, just like in previous firmwares. Other sorting types like drag ‘n’ drop, sorting by window title and
grouping are available now.
– Added possibility to store custom files, e.g. documents, pictures or videos on the Desktop. In order to do this,
distribute the respective files via UMS to the location /wfs/user/Desktop on the thin client.
After the next reboot, these files can be accessed through the Desktop. The supported file types and
their associated software can be looked up at: http://edocs.igel.com/index.htm#10203086.htm

[VNC Viewer]
– Added the ability to specify the color depth, which is useful for slow connections:
IGEL Setup->Sessions->VNC Viewer Sessions->[session name]->Misc
“Color Level” sessions.vncviewer<NR>.option.color_depth; default: Default
Range: Default, Very Low (8 colors), Low (64 colors), Medium (256 colors)
Note: With “Default” setting the highest possible color depth is used.

[Evidian AuthMgr]
– Updated Evidian AuthMgr to version 1.3.5664.
Evidian AuthMgr sessions can be configured at
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Sessions
Registry keys: sessions.rsuserauth<NR>.*
Setup page IGEL Setup->Evidian was renamed to IGEL Setup->Evidian AuthMgr
– Added IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Global and
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Sessions
setup sections

– Changed defaults:
– An Evidian AuthMgr session starts automatically by default now
sessions.rsuserauth<NR>.autostart, default: enabled / disabled
– No session icon will appear on the desktop by default now
sessions.rsuserauth<NR>.desktop, default: disabled / enabled

– Added support for HTTPS connections
A CA certificate must be configured at
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Sessions->Evidian AuthMgr Session->Connections
Registry key:
“CA Certificate” sessions.rsuserauth<NR>.parameters.cacert_path, default: not set
– Integrated Restart session to restart all running Evidian AuthMgr sessions.
Restart session can be configured at
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Global
registry keys: session.rsuserauthrestart0.*
– Added a new parameter to enable the usage of an Evidian Authentication configuration file and
a parameter to define the path to that configuration file.
The feature is not supported by IGEL, but provides the possiblity
to use an Evidian pkcs#11 library via custom partition.
registry keys:
“Use Smartcard Authentication configuration file” sessions.rsuserauth<NR>.parameters.authconf, default: disabled
“Smartcard Authentication configuration file” sessions.rsuserauth<NR>.parameters.authconf_path,
default: /etc/rsUserAuth/authConf.txt
[Java]
– Updated Java Runtime Environment to 1.8.0_51
– see http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
for a detailed list of fixed issues.

[PowerTerm]
– Updated Ericom PowerTerm InterConnect LTC to version 10.1.0.0.20140313.1-_dev_-31580.

[VoIP]
– Added configuration of some video settings for VoIP client Ekiga. In the Registry the following parameters can be set:
“Maximum video bitrate (in kbits/s)” voip.ekiga.codecs.video.maximum_video_tx_bitrate
default: 64; valid range: 16 – 10240

“Video Codecs” voip.ekiga.codecs.video.media_list, default: [theora*90000*0*SIP*1,h261*90000*0*H.323 SIP*1]
Note: Prioritized list of “theora*90000*0*SIP*1” and “h261*90000*0*H.323 SIP*1” codecs, separated by “,” and
enclosed by “[” and “]”

“Picture Quality – Frame Rate Tradeoff” voip.ekiga.codecs.video.temporal_spatial_tradeoff, default: 31
valid range: 0(maximum quality) – 31(maximum frame rate)

“Video Input Device” voip.ekiga.devices.video.input_device, default: Default
Range: Default, Moving Logo (Moving Logo/Moving Logo)
Note: it’s possible to enter other input devices

“Video Size” voip.ekiga.devices.video.size, default: 176×144
Range: 176×144,320×240,352×288,640×480,704×576
Note: it’s possible to enter a custom size

==============
Resolved issues:
==============

[Citrix]
– Fixed refreshing of Citrix StoreFront/XenApp sessions
– Added windowmanager.tweaks.SKIP_NAMELESS_ICA_WINDOWS registry key to skip
ICA seamless windows that have an empty name.
This is to avoid an issue with drop-down boxes in Lotus Notes and potentially in other applications.
– Fixed a focus problem in the IBM/Lotus Notes email search dialog.
Added windowmanager.tweaks.dont_focus_transient_ica_windows registry key for that.
– Removed windowmanager.tweaks.SKIP_WM_FLAG_INPUT_WINDOWS from the settings and from the window manager binary.
[Citrix Receiver 13]
– Fixes with Citrix Receiver 13.1.4:
– Fixed fullscreen sessions with dual screen configurations, if the session window is restricted to one monitor.
– Fixed systray icons: menu from puplished applications lead to a session disconnect.
– Fixed sticky windows keys in Citrix sessions.
– Fixed session disconnects when transferring data continuously
through the Citrix Generic USB or Client drive redirection.

[RDP/IGEL RDP Client 2]
– Fixed session termination on System suspend or after changes in Setup.
– Fixed wrong authentication failed messages if round robin and local logon with network authentication (NTLM) are used.
– Fixed NLA authentication.
– Fixed serial port redirection: implemented DSR handshaking output flow control preventing data loss.
– Fixed application start mechanism. Now you can use the “start application after login” feature again.
– Fixed log on with SafeNet smart card or token.
– Fixed using different gateway credentials if local logon is enabled.
– Fixed reading smart cards with Cherry G80-1502 keyboard integrated serial reader via RDP with COM Port Redirection.

[RD Web Access]
– Fixed drop down lists in Microsoft Dynamics in RDP remote app sessions.

[VMware Horizon]
– Fixed RDP connection problems to Windows XP machines
– Fixed serial port redirection: implemented DSR handshaking output flow control preventing data loss.

[PowerTerm]
– Updated Ericom PowerTerm InterConnect LTC to version 10.1.0.0.20140313.1-_dev_-31580: With this version
the PowerTerm fonts are working again.

[2X Client]
– Fixed the maximize and minimize issue of published application window in multi monitor configuration

[Firefox]
– Added parameter to completely disable the mozplugger plugin in Firefox.
Registry: browser_plugin.mozplugger.disable; default: disabled / enabled
With disabled mozplugger the display of certain documents can be fixed. (PDF, DVI, PS)
– Fixed App Menu button not being hidden if either sessions.browser<NR>.app.main_menubar_hidden or
sessions.browser<NR>.app.use_menubar is active
– Fixed Bookmarks Menu not being hidden in the App Menu and Toolbar if sessions.browser<NR>.app.bookmmenu_hidden is active
– Fixed Home Button not being hidden in the App Menu if sessions.browser<NR>.app.home_button_hidden is active
– Fixed Print Button not being hidden in the App Menu if sessions.browser<NR>.app.print_button_hidden is active
– Fixed Developer Tools button not being hidden in the App Menu if sessions.browser<NR>.app.tools_hidden is active

[Network]
– Fixed deadlock in PPTP VPN which occurs on some devices while a VPN connection is being configurated.
– Upgraded NCP Enterprise VPN Client to version 3.25-rev23310: This version fixes problem leading to system freeze in 5.05.100.
– In connection with 802.1X/WPA Enterprise authentication RSA private key files can now be used unencrypted.
The private key password has to be empty then. PKCS12 files are not affected by the change.
– Improved CA certificate fingerprint check in connection with SCEP. The CA certificate is checked after receiving it and
it is discarded if it fails the test. The check is not done, if the fingerprint in the setup is left empty.
– Fixed SCEP CA Identifier usage. The CA identifier (option -i) is now passed to sscep’s getca method (only).
– If SCEP data shall be used for 802.1X autentication with Ethernet device ethX and the client certificate is
still missing, there is now another attempt at configuring the device without authentication. This depends on
network.interfaces.ethernet.deviceX.ieee8021x.secure_only ,default: disabled
– Improved reaction to changes in SCEP settings.
If there are changes in IGEL Setup->Network->SCEP Client->Certificate any old client private key and
client certificate are discarded.
Changes in Network->SCEP Client->Certification Authority result in a complete reset, i.e. any old CA and RA certificates
as well as any old client certificate and client private key are discarded.

[Imprivata]
– Fixed Imprivata Appliance with Citrix Receiver 13.1 connections.

[Smartcard]
– Fixed Smartcard Reader detection after suspend, in appliance mode.
– Fixed hanging AD / Kerberos Logon: when log on with A.E.T. SafeSign smart card was active, the log on screen
sporadically was freezing. This was occurring only with IGEL UD3-LX 41 and IGEL UD3-LX 42 so far.

[CUPS Printing]
– Fixed not working hpijs printer filter.
– Fixed printing of files with filename which contains special chars (like umlaut or other language specific characters)
via LPD print

[base system]
– Fixed serial port redirection: implemented DSR handshaking output flow control preventing data loss.
– Fixed curl security issues: CVE-2015-3143, CVE-2015-3145 and CVE-2015-3148
– Fixed gstreamer0.10-plugins-bad security issues: CVE-2015-0797
– Fixed CVE-2013-7439 security issue in libxext, libxfixes, libxi and libxrender
– Fixed mime-support security issue: CVE-2014-7209
– Fixed ntpdate security issues: CVE-2015-1798 and CVE-2015-1799
– Fixed nvidia-graphic-drivers-304 security issues: CVE-2014-8091, CVE-2014-8098 and CVE-2014-8298
– Fixed ppp security issues: CVE-2014-3158 and CVE-2015-3310
– Fixed tcpdump security issues: CVE-2015-0261, CVE-2015-2153, CVE-2015-2154 and CVE-2015-2155
– Fixed virtualbox security issues: CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, CVE-2014-6588,
CVE-2015-0427 and CVE-2015-3456 (a.k.a. VENOM)
– Fixed isc-dhcp security issues: CVE-2011-2749, CVE-2012-3954, CVE-2012-3571, CVE-2012-3570, CVE-2012-3955,
CVE-2012-2248 and CVE-2013-2494
– Fixed fuse security issue: CVE-2015-3202
– Fixed libtasn1-6 security issue: CVE-2015-3622
– Fixed xerces-c security issue: CVE-2015-0252
– Fixed libnm security issue: CVE-2015-1322
– Fixed policykit security issue: CVE-2013-4288
– Fixed system upgrade on a device which is configured to be a firmware update buddy. Some partitions can
have same content in a system 4 and in a system 5 firmware but these partitions still keeping the old
firmware magic number. Thus a client can’t update these partitions from such a buddy, because the update process
refuses to use partition’s images containing other magic number then the running firmware. Now the update process
checks magic number of each partition and updates partitions if the magic number mismatches.
– Updated some more base libraries and binaries to Ubuntu Trusty version 14.04.2
– Fixed update of disabled partitions on buddy update server: If buddy device will be rebooted by
the update process, then disabled partitions will be now updated.
– Fixed custom timezone configuration. Custom timezone files must be located at /wfs/zoneinfo/ directory to be considered.
– Firmware update mechanism now calculates available size on the storage taking into account non-auto partitions,
which are created by the firmware at runtime (e.g. Firefox profile partition).
– Fixed execution of initialization action of the custom partition if custom partiton is reconfigured
(e.g. disabled and then enabled again without reboot).
– Improved security with openssl with disabling export ciphers by default and reject dh keys smaller
than 768 bits (fixes LOGJAM vulnerability CVE-2015-4000)
– Fixed openssl security issues: CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792
– Fixed openssl0.9.8 issues: CVE-2014-3508, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3569,
CVE-2014-3568, CVE-2014-3567, CVE-2014-3571, CVE-2014-3570, CVE-2015-0204, CVE-2014-3572, CVE-2014-8275, CVE-2015-0288,
CVE-2015-0209, CVE-2015-0293, CVE-2015-0292, CVE-2015-0289, CVE-2015-0287, CVE-2015-0286, CVE-2015-1791, CVE-2015-1792,
CVE-2015-1790, CVE-2015-1789, CVE-2015-4000 and CVE-2014-8176

[Storage Devices]
– Fixed listing of USB external harddisks in the eject tool (only when dynamic client drive mapping is
enabled) and in the disk utility.
– The Common Toolbar at User Interface -> Display -> Desktop -> Common Toolbar now fully supports the Imprivata appliance mode.

[X server]
– Fixed XC Font Service: connection to remote font server is working again.
– Fixed support for pivot mode with display switcher (advanced configuration)
– Fixed screen remains black in dual screen config after short disconnect.
– Fixed memory leak in VIA graphic driver:
Also fixes issues with UMD hangs or restarts which were caused by the memory leak.

[Desktop]
– Fixed taskbar positioning for certain multimonitor configurations with different screen sizes.

[Universal MultiDisplay]
– Fixed a text rendering issue on the second screen of the Master.
– Fixed not recognized keyboard input on UMD monitor number 2
– Fixed UMD JWS-session X-server crash.

[Printing]
– Fixed TCP/IP printing to USB connected printer. Before it only was working if a CUPS USB printer was configured.
– Increased stability of printing with USB connected printers.

Leave a Reply

You must be logged in to post a comment.