Firmware release notes 4.8.2

Recovery console is updated to version 2.17.1
The display-info file now supports reporting information about multiple displays on the iBX440.
Expiration of sign in to Control Center is now also applied to endpoints which are directly served by the Apache httpd server; now all endpoints which can be accessed after signing in to Control Center without further authentication, apply the same expiration.
The value of the bootcount counter is now explicitly logged on each boot for ease of diagnostics.
Moved the uploader spx.publish logs from trace to debug level for ease of diagnostics.

Enabled transparent huge pages for improved performance, in particular on iBX410, iBX440, and recent third-party players.
Removed some unused grub components from DSOS to optimize storage use.
Improved the error logging of the Wi-Fi and 802.1x daemon (iwd) to aid in diagnostics.
The UEFI Secure Boot database is now re-provisioned on boot if it was cleared from the BIOS.
The logs from the HTML5 rendering engine (CEF) are now rotated when they exceed 800 KB.

Applies to iBX410 and iBX410W.

Tuned the system parameters to optimize the performance when heavily loaded and make the performance more consistent and predictable.

Applies to iBX440.

The "Update Now" button normally shown on the firmware version tile of the Control Center main page when there is a new firmware available was not shown. This was a regression introduced in 4.8.0.
The Scheduled Download settings UI in Control Center sometimes did not reflect the actual settings. This was a regression introduced in 4.8.0.
Removed unused authentication mechanism in Control Center with per-user API keys which was not exposed and was unused.
Reports taken on third party players with eMMC based storage were missing the recovery data.
There was a spurious error about missing NTP peers on each boot.

The Wi-Fi configuration interface would not generate a correct configuration if a certificate in PEM format was provided and had Windows or Mac line endings, or was missing a final newline.

Make sure the Intel Energy performance bias is set to "normal" on boot, irrespective of what the BIOS sets.
Some miscellaneous drivers were not enabled.

Connecting a DisplayPort multi-stream capable display would confuse DSOS, DisplayPort multi-stream is now disabled.
The counter that limits the number of times the EFI boot manager entries may be re-written was not reset on a reset to factory defaults.
The Wi-Fi automated BSS blacklist timings were too long, misbehaving or misconfigured networks would often retry only every 24 hours, they are now retried every 10 minutes at most, with the back-off starting at 5 seconds.

Applies to HMP300, HMP350, and DiVA

It was not possible to adjust content duration in a playlist within the content management interface. This was a regression introduced in 4.8.0.
Some text animations could lead to a crash and reboot of the player.
Some 60 Hz stretch displays could report the vertical refresh frequency as 59 Hz instead of 60.

Updated base libraries and components, the main changes are as follows:

libxml2: fixed CVE-2023-39615, which may have affected DSOS, and CVE-2021-3516, which did not affect DSOS.
openssh: fixed CVE-2023-38408, which did not affect DSOS.
bind: fixed CVE-2023-2828 and CVE-2023-3341, which did not affect DSOS.
php: fixed CVE-2023-3824, which may have affected DSOS, and CVE-2023-3247 and CVE-2022-4900, which did not affect DSOS.
httpd: fixed CVE-2023-45802, which did not affect DSOS.
glib-2.0: fixed CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, which affected DSOS.
curl: fixed CVE-2023-28321 and CVE-2023-28322, which affected DSOS, and CVE-2023-38546 and CVE-2023-38545, which did not affect DSOS.
openssl: updated to version 1.1.1w, fixing CVE-2023-4807, which did not affect DSOS.
busybox: fixed CVE-2022-48174, which may have affected DSOS.
dbus: fixed CVE-2023-34969, which did not affect DSOS.
gawk: fixed CVE-2023-4156, which affected DSOS.
glibc: fixed CVE-2023-4911 and CVE-2023-4813, which did not affect DSOS.
binutils: fixed CVE-2023-25584 and CVE-2021-46174, which did not affect DSOS.
avahi: fixed CVE-2023-1981, CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472 and CVE-2023-38473, which may have affected DSOS.
shadow: fixed CVE-2023-29383, which did not affect DSOS.
zlib: fixed CVE-2023-45853, which did not affect DSOS.

Updated the UEFI Secure Boot forbidden signatures list (dbx) to version 2023-05-09 from UEFI.
Added the 2023 Microsoft UEFI Secure Boot certificates to the signature database (db), "Microsoft UEFI CA 2023" and "Windows UEFI CA 2023".
Added the "Microsoft Corporation KEK 2K CA 2023" KEK certificate to the UEFI Secure Boot Key Exchange Key (KEK) database.

The <display-video-mode> configuration element, can now be used without parameters to reset the display video mode for all outputs, thus making it possible to use multiple such tags in an additive way.
The <hdmi-link-type> configuration element, supported only on DiVA, HMP300, and HMP350 models, would mess up the display configuration instead of being ignored on the other player models. This was a regression introduced in 4.8.0.

Contents