New Features 10.05.100
Citrix Receiver 13
- Integrated Citrix Receiver 13.10. Citrix Receiver version 13.7.0 was removed. Citrix Receiver version 13.8.0 was removed. Available Citrix Receiver versions: 13.5.0, 13.9.1, 13.10 (default)
Enable Browser content redirection for rendering of whitelisted webpages on the IGEL Thin Client.
Enhanced Citrix retail logging.
Enable Port forwarding.
Workspace configuration parameter for Citrix Cloud is now available on setup page.
Added a registry key to control the visibility of the Citrix connection bar for desktop sessions. If activated, the In-Session Control Bar should be disabled at
userinterface.igel_toolbar.enableanduserinterface.igel_toolbar.show_always.
This enables the control of the new Multi-monitor layout persistence feature.
Added a registry key to control the availability of deprecated cipher suites:
TLS_RSA_AES256_GCM_SHA384, TLS_RSA_AES128_GCM_SHA256,
TLS_RSA_AES256_CBC_SHA256, TLS_RSA_AES256_CBC_SHA, TLS_RSA_AES128_CBC_SHA,
TLS_RSA_3DES_CBC_EDE_SHA.
Added a registry key to control the availability of the deprecated cipher suite: RC4-MD5.
Added a registry key to control the availability of the deprecated cipher suite: RC4_128_SHA.
- Added Selective H.264 (API v2) to the hardware accelerated Citrix deep compression codec. XenDesktop/XenApp server policy: Use video codec for compression -> For actively changing regions
- Added DRI3 acceleration support to the hardware accelerated Citrix deep compression codec (for INTEL and AMD graphics adapters).
Enable debugging to log file
/var/log/user/ctxh264.log.- Added Kerberos Passthrough (domain passthrough) authentication to StoreFront. Configurable at Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > StoreFront Logon > Authentication Type.
- Updated Citrix HDX RTME used for optimization of Skype for Business to 2.6.0-2030. This new version adds the support for hardware accelerated H.264 en- and decoding on AMD platforms.
See https://support.citrix.com/article/CTX236304 section Capability Checker for Linux platforms how to enable hardware decoding with Citrix VDA registry keysDisableLinuxAMDH264HardwareDecodingandSupportedAMDHWAVideoCardList. The capability check program RTOP-CapabilityChk-x64 is already installed at path/services/ica/hdx_rtme/RTOP-CapabilityChk-x64. The check program must be run with user permissions. - Added display of logged on Citrix username in screen lock, when screen lock password is synchronized with Citrix password.
Added checkbox to activate autostart of a single published application/desktop session.
Added Lakeside SysTrack virtual channel in Citrix, RDP and Horizon sessions. Activation via parameters in Setup.
Updated Olympus dictation channel for Citrix to version 20180621.
Added CrossMatch / DigitalPersona channel for Citrix version 0515.
RDP/IGEL RDP Client 2
Support for new RDP 10 codec AVC444 (H.264), which reduces network bandwidth with Server 2016 and Windows 10 hosts. AMD Radeon graphics is required on the client side. Other graphics hardware (e.g. Intel) as well as other RDP 10 codecs (AVC420 and AVC444V2) will be supported in the future.
Added new parameter ignore_errors to RDP Session config to suppress RDP error messages.
Added Olympus dictation channel for RDP version 20180621.
Parallels Client
- Updated Parallels client to version 16.5.1.20446 (32-Bit)
Added support for FIPS 140-2 compliance.
VMware Horizon
- Updated Horizon client to version 4.8.0-8518891.
ThinLinc
- Updated ThinLinc client to version 4.9.0.
- Shadowing notification is now more reliable and interactive, allowing end users more control of their sessions.
- More than 80 minor enhancements and fixes. See https://www.cendio.com/thinlinc/docs/relnotes/4.9.0.
RedHat Enterprise Virtualization client
- Updated spice components (virt-viewer 7.0, spice-gtk 0.35).
- Removed support for spice-xpi plugin.
X session (Xephyr)
Added support for X sessions configurable at `IGEL Setup > Sessions > X Sessions`. The available XDMCP connection types: indirect via localhost, indirect, direct and broadcast. With the additional connection type "local display", a command can be specified that will be displayed inside the X session window.
Firefox
- Updated Mozilla Firefox to version 60.2.2 ESR.
- The initial page displayed by firefox with default settings is now https://wiki.test.toolchain.igel.kreuzwerker.net instead of the older https://edocs.igel.com.
- Updated Adobe Flash Player download URL to version 31.0.0.122.
- Removed the webapp specific options, this feature was removed from Firefox and is not relevant anymore.
- Moved Browser Certificate configuration to page Sessions > Browser > Browser Global > Certificates.
- Moved Browser Security Device configuration to page Sessions > Browser > Browser Global > Smartcard Middleware.
- Added Fluendo FFmpeg GStreamer proxy: Provides ffmpeg-libavcodec-compatible library, which is needed for H.264 playback in firefox. Instead decoding by standard ffmpeg libraries, the video stream is redirected to GStreamer framework.
Network
- SCEP: Added subject alternative name type DNS Name as UPN (auto). This is similar to DNS Name (auto). In the CSR the result is a Microsoft User Principal Name (UPN) that consists of the hostname.
- NetworkManager updated to version 1.2.6.
Cisco JVDI Client
Integrated new Cisco Jabber Softphone for VDI (Cisco JVDI client) version 12.0.0 as feature with limited functionality. See product documentation for details -> https://wiki.test.toolchain.igel.kreuzwerker.net/cisco-jvdi/en. Activation of this feature at: System > Firmware Customization > Features > Cisco JVDI client. Only Citrix Receiver 13.9.1 is supported.
Java
- Updated Oracle Java Runtime Environment to version 1.8.0 U181.
Smartcard
- Updated SecMaker Net iD to version 6.7.0.23.
- Updated HID Global Omnikey smartcard reader driver to version 4.3.3.
- Updated cryptovision sc/interface to version 7.1.9. Changelog since version 7.0.5:
- Fixed an error during certificate registration using the MS Minidriver for MS VSC. Compatible with sc/interface cache version 1.2 or higher.
- Fixed an error where writing a certificate using the Minidriver for MS VSC corrupted the Container-ID. As a result, the key could not be used using CNG/CAPI.
- Fixed an error during certificate registration using the Minidriver for MS VSC where some Container-ID's could not be used by CNG/CAPI.
- General Bug Fixes.
- Fixed error during profile creation on JCOP3 with ePasslet-Suite 3.0
- Added support for additional BWI card profiles based on CardOS-5.x.
Versions 1.7, 1.8, 1.9, 4.2, 4.3 and 4.4. Support 4k RSA for 1.9 and 4.4. - Fixed support for remote logon in sc/interface cache.
- Fixed Free after use in ReadOnly Minidriver.
- PKCS#11 Fixed MS VSC (GIDSv2) support.
- PKCS#11 Fixed CardOS-4.x "non sc/interface card profile" support.
- MS VSC (GIDSv2) Support for PKCS#11 - Maximum CKA_ID length reduced to 25 bytes!
- Support for JCOP3 and Infineon JTOP - DolphinV2.
- Support for cryptovision's ePasslet-Suite-3.0.
- New ePKIApplet-2.129 for JCOP3, SCE7 and JTOP (DolphinV2) with up to 4096 bits RSA and 512 bits
- EC support, PACE optional.
- RegisterTool plugins now available in Setup. Removed from "support\RegisterTool_Plugins".
- New sc/interface Minidriver support for MS VSC (instead of the MS Minidriver) to allow extended PIN cache configuration.
- Added support for sc/interface cache version 1.0 for Minidriver/ReadOnly Minidriver and PKCS#11.
- Cross-application PIN cache for Windows 8.1 and later.
- WARNING: No longer compatible with Credential Cache (CSP). When there are any questions, support@cryptovision.com should be contacted.
- Added macOS CTK Token Driver for 10.12 and later. Unfortunately, after the installation, a shell script must be executed to enable the full functionality.
- Removed macOS tokend support beginning with version 10.12, installation of 10.10 can be used if needed.
- WARNING: macOS tokend support will discontinue, usage of new CTK Token Driver is necessary.
- Re-Added cvSimpleCardProv for Windows (based on 6.4.2) to enabled the default login selection, see "support\CredentialProvider".
- Updated OpenSC library to version 0.19.0. Improved handling of PIV and CAC ALT token.
Base system
- Updated to kernel version 4.18.11.
Added new GStreamer 1.x support version 1.14.2.
There will only ever be GStreamer in version 1.0 or version 0.10. By default, clients run with the version they have best support for. The provided registry key can be used to override the automatic detection/setting and pin a single version if required.- With GStreamer 1.x the new Parole player is used for media player sessions. When there occur problems with the new player, a switch back to totem/GStreamer 0.10 media player is possible by Fluendo GStreamer Codec Version parameter.
Added optional logoff button in taskbar when the screenlock is active.
- Mobile broadband configuration dialog now provides a simple mode, that displays 3 dropdown boxes to select country, provider and access point (plan). The former version is available via an Expert Mode button.
- IGEL Setup Assistant enhancements:
- displaying page for mobile broadband configuration when any mobile broadband modem is detected.
- displaying page to show broken network connectivity
- desktop icon will now be displayed when the assistant was not yet finished.
- the assistant is now always started on devices without IGEL license, that are not registered at UMS
- new icon design
- Added support for Chinese, Japanese, Korean and Thai fonts.
- KVM kernel modules added.
Added USB power off on shutdown in IGEL UD7 (H850C) and IGEL UD3 (M340C). The feature can be configured by the parameter: (default: deactivated).
- Added policiykit-1-gnome session agent to get a GUI interface for actions which requires root authentification.
Added remote (network attached) logging via rsyslog.
Server mode is possible, though limited and intended for short-term debugging.
Client mode allows to filter and send commands to multiple remotes.
Shutdown or suspend by inactivity.
- Enhanced Change Password utility to be able changing the following items of the logged on user:
- Password of local user (screen lock password).
- PIN of IGEL smartcard.
- PIN of PKCS#11 smartcard.
CUPS Printing
Added PrinterLogic support, Version 18.2.1.128.
Driver
Added Kofax virtual channel for signature pads in Citrix sessions.
Added configuration to change the dynamic power management settings for ATI graphics driver.
Added the possibility to change the dynamic power management settings for graphics AMDGPU driver.
Added possibility to use generic modesetting graphics driver instead of the hardware specific one.
Bluetooth
- Added new Bluetooth Autopairing Wizard for IGEL OS installations without keyboard or mouse available, but with unpaired bluetooth keyboard/mouse. The Autopairing Wizard is started together with IGEL Setup Assistant.
Appliance Mode
The wireless manager can now be invoked from the In-Session control bar. Furthermore, it will be automatically started when no network connection can be established.
Prerequisites: A WiFi device is available and the following registry keys are set to true.- It is possible to use Accessories, VPN connections and other session types in Appliance Mode now. The access to those session types must be explicitely enabled by a new parameter Appliance Mode Access. Possible starting methods:
- XDMCP Appliance mode: Hotkey
All other Appliance modes: Desktop icon, Desktop Context Menu, Application Launcher (+ System tab), Hotkey, Autostart.
X11 system
- Set of User Interface > Display > Options > Monitor DPI now automatically affects the size of the mouse cursor, the panel height, the desktop icons, the application launcher, the size of the start menu and the window manager decorations.
VirtualBox
- Added VirtualBox as feature with limited support. Activation of the feature at: System > Firmware Customization > Features > VirtualBox. Added new registry keys under `virtualbox` and `sessions.virtualbox<NR>`.
Audio
- Updated Pulseaudio to version 12.0-1.
The resample method in Pulseaudio can now be configured by the newly introduced parameter resample-method.
Media Player (Parole/Totem)
Added new Parole Media Player 1.0.1-0ubuntu1. It is used for media player sessions by default now. When there occur problems with the new player, switch back to totem/GStreamer 0.10 media player is possible by setting Fluendo GStreamer Codec Version parameter to 0.10.
- Added RTSP/RTMP support to parole media player / gstreamer 1.x.
The following parameters are only functional with Totem media player/GStreamer 0.10 and not for Parole media player.
As the Media Player Browser Plugin is not supported with Firefox 60 ESR, the following parameters are not available anymore.
Evidian
- Integrated Evidian AuthMgr version 1.5.6840.
- Evidian AuthMgr sessions can be configured at IGEL Setup > Sessions > Evidian AuthMgr > Evidian AuthMgr Sessions (registry keys:
sessions.rsuserauth%). - Evidian AuthMgr global settings can be configured at IGEL Setup > Sessions > Evidian AuthMgr > Evidian AuthMgr Global (registry keys:
evidian).
- Evidian AuthMgr sessions can be configured at IGEL Setup > Sessions > Evidian AuthMgr > Evidian AuthMgr Sessions (registry keys:
Added support for Custom catalog of messages.
Added support for Evidian Data Partition.
Added support for Password Authentication.
Misc
Added support for local scanning as feature with limited support. Activate the feature at: System > Firmware Customization > Features > Scanner support. This has been tested with a Canon LiDE 120 scanner.
- The remaining keys influence scanner button handling. For each button there is an instance of the
devices.scanner.scanbd.action%template. In order to keep scanner button handling flexible the default handling may be replaced by custom scripts. Details of the default handling are listed at the end of this section.
- Default button handling script: There is a default button handling script
/etc/scanbd/scripts/action. It might be used as a potential starting point for custom button handling. The script handles the four buttons of a Canon LiDE 120 in the following ways:- file results in a PDF document that contains a series of pages where each page contains a scan result acquired with scanimage according to the settings. This needs user interaction on the local machine's desktop.
- scan results in an image file that is silently created and stored according to the settings.
- copy makes the script use scanimage according to the settings, convert the resulting image to PDF and send it to the default printer. This obviously requires that a printer is configured.
- email just results in xsane being started. The following settings are not respected in this case:
devices.scanner.scanbd.action%.directorydevices.scanner.scanbd.action%.formatdevices.scanner.scanbd.action%.modedevices.scanner.scanbd.action%.resolutiondevices.scanner.scanbd.action%.brightness
TC Setup (Java)
- Updated TC Setup to version 5.9.11.
- Added an additional local administrator access to IGEL setup. The local administrator password is configurable at Security > Password setup page. The page permissions are configurable at Accessories > Setup > Setup Administrator Permissions setup page.
- Reworked Accessories > Commands and User Interface > Hotkeys > Commands setup pages.
- Reworked Storage Hotplug setup page.
Remote Management
- Added support for UMS File Transfer Status.
Added a new configuration to prevent a user from canceling UMS actions like firmware update, reboot, shutdown, etc. through the UMS notification dialog.
Fabulatech
- FabulaTech USB for Remote Desktop updated to versions 5.2.29; FabulaTech FTPlugin updated to version 3.4.0.
- Support for some specific devices has been improved.