DSOS release notes

From SpinetiX Support Wiki

Jump to: navigation, search
This page tells you what's new within the DSOS operating system starting with release 4.5.0. It applies to HMP400, HMP350, HMP300, DiVA, and 3rd-party players. We welcome your feedback!
For download links, see the Firmware page. For release notes prior to 4.5.0, see the links below.

Introduction

DSOS

DSOS™ by SpinetiX™ is a lightweight, secured operating system designed for digital signage players, especially for demands of defense, financial, cruise vessel and other high-availability scenarios.

Native to the HMP400, DSOS also brings embedded system design to the entire Intel ecosystem, ideal for fanless architectures like Intel Goldmont, but scalable to i5, i7 or i9 when maximum performance matters.

Release 4.6.0

Release name: "Punta Giordani" 4.6.0. Release date: August 6, 2020.
Firmware version numbers:

New

Applies to HMP400 and HMP400W.

  • Support for HDMI CEC.
    • This can be used on the HDMI output or on the DisplayPort Alt-mode output with a DP to HDMI adapter cable supporting the DP 1.3 "CEC tunneling over AUX" protocol.
    • HMP Control Center will show a warning message when the selected video output does not support CEC
    • The display power management can be enabled from Control Center > Display & Audio page.
    • Note that some players from the first production batches, could lack the hardware support for CEC - this information can be found in Control Center.
  • Support for rendering PDF files.


Applies to HMP400W and third-party players.

  • Wi-Fi connections can now be easily configured from a smartphone, tablet or computer without any other network connection, nor USB stick, by connecting directly to the player over the air. See Wi-Fi setup page for more details.

Improvements

Applies to HMP400 and HMP400W.

  • HTML rendering engine:
    • Performance got improved by adding texture sharing.
    • Added support for using the proxy configuration.
    • Updated to Chromium 79.
  • The DSOS license status (license type, missing license, or expired license) is shown on Control Center home page and on the OSD that appears when the blue button is pressed.
    • The configuration backup file now includes an indication of the DSOS license active at the time the backup file is generated. This allows displaying a clean error to the user if he tries to restore a configuration backup containing features not supported by the DSOS license currently activated on the player.


Applies to HMP400, HMP400W, and third-party players.

  • The audio connectors' names shown in Control Center are hardware-dependent.
  • The embedded web server now supports TLS 1.3.
  • The IP addresses and other information are shown only for the active interface on the OSD that appears when the blue button is pressed.
  • The welcome splash screen shows a specific error message when the device is not enrolled in SpinetiX cloud services, aiding in diagnosis.
  • Support for new image codecs (webp, dng).
  • Support for hardware motion-adaptive deinterlacing with past and/or future references.
  • Updated timezone database from version 2018i to 2019a; it affects Palestine and Metlakatla.

Fixed

  • Daily power saving schedule feature.
  • Players would stop communicating with ARYA until next reboot when reconfigured.
  • Interlaced videos could show green frames.
  • URLs with empty components in path (i.e., doubled slash) were not interpreted correctly.
  • Minor changes within the player report.


Applies to HMP400, HMP400W, and third-party players.

  • The dropdown listing the time zones in Control Center is empty. This is a regression introduced in 4.5.3 release.


Applies to third-party players.

  • Incorrect serial number shown on the OSD that appears when the power button is pressed.

Security

Applies to HMP400, HMP400W, and third-party players.

Updated Linux kernel from 4.19.80 to 4.19.127 to fix security issues.

  • These could potentially affect the firmware: CVE-2019-17133, CVE-2019-19532, CVE-2019-18282, CVE-2019-0155, CVE-2019-0154, CVE-2019-19922, CVE-2019-11135, CVE-2019-19767, CVE-2019-19252, CVE-2019-19447, CVE-2019-20812, CVE-2020-0305, CVE-2019-20636, CVE-2019-14615, CVE-2019-19059, CVE-2019-19058, CVE-2019-5108, CVE-2020-8428, CVE-2019-16234, CVE-2020-8647, CVE-2020-8649, CVE-2020-8648, CVE-2020-11565, CVE-2020-12826, CVE-2019-19768, CVE-2020-12464, CVE-2020-10732, CVE-2019-19462
  • These do not affect the firmware: CVE-2019-19075, CVE-2019-17075, CVE-2019-19060, CVE-2019-19065, CVE-2019-17666, CVE-2019-15098, CVE-2019-19048, CVE-2020-10773, CVE-2019-19526, CVE-2019-16233, CVE-2019-19049, CVE-2019-19045, CVE-2019-19052, CVE-2019-18813, CVE-2019-19529, CVE-2018-12207, CVE-2019-16231, CVE-2019-19534, CVE-2019-19524, CVE-2019-18660, CVE-2019-15291, CVE-2019-18683, CVE-2019-12614, CVE-2019-19062, CVE-2019-19227, CVE-2019-19071, CVE-2019-19079, CVE-2019-19332, CVE-2019-18786, CVE-2019-19057, CVE-2019-19063, CVE-2019-19947, CVE-2019-16230, CVE-2019-16232, CVE-2019-16229, CVE-2020-10690, CVE-2019-18809, CVE-2019-19965, CVE-2019-14901, CVE-2019-14895, CVE-2019-19066, CVE-2019-19068, CVE-2019-19056, CVE-2019-9445, CVE-2019-20096, CVE-2019-15217, CVE-2019-19077, CVE-2020-12652, CVE-2019-19046, CVE-2019-20806, CVE-2019-14896, CVE-2019-14897, CVE-2020-14416, CVE-2020-12769, CVE-2019-3016, CVE-2020-12653, CVE-2020-12654, CVE-2020-9383, CVE-2020-2732, CVE-2020-0009, CVE-2020-10942, CVE-2020-12465, CVE-2020-11608, CVE-2020-11609, CVE-2020-11668, CVE-2020-11494, CVE-2020-12657, CVE-2020-11669, CVE-2020-12659, CVE-2020-1749, CVE-2020-0067, CVE-2020-11884, CVE-2020-10751, CVE-2020-13143, CVE-2020-10711, CVE-2020-12770, CVE-2020-12768, CVE-2019-18814, CVE-2020-10757

More security fixes:

  • openssl: CVE-2019-1543
  • bluez5: CVE-2018-10910
  • libsndfile1: changed fix for CVE-2017-14245 and CVE-2017-14246, fixed CVE-2017-12562, CVE-2018-19758, CVE-2019-3832
  • glibc: CVE-2019-9169, CVE-2016-10739, CVE-2018-19591, CVE-2019-6488, CVE-2019-7309; fix for incomplete CVE-2016-10739
  • elfutils: CVE-2019-7146, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665
  • busybox: CVE-2018-20679, CVE-2019-5747
  • sqlite3: CVE-2018-20505, CVE-2018-20506, CVE-2019-8457
  • cairo: CVE-2018-19876, CVE-2019-6461, CVE-2019-6462
  • tar: CVE-2019-0023, CVE-2018-20482
  • glib2: CVE-2019-12450, CVE-2019-9633, CVE-2019-13012
  • curl: CVE-2019-5435, CVE-2019-5436, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5482
  • bzip2: CVE-2019-12900
  • expat: CVE-2018-20843
  • dbus: CVE-2019-12749
  • gcc: CVE-2019-14250
  • bind libraries: updated from 9.11.4 to 9.11.5-P4, CVE-2018-5738, CVE-2018-5744, CVE-2018-5745, CVE-2019-6465
  • pango: CVE-2019-1010238
  • gnutls: CVE-2019-3829 and CVE-2019-3836
  • libgcrypt: CVE-2019-12904
  • apache httpd: update from 2.4.34 to 2.4.41, fixes CVE-2018-17189, CVE-2018-17199, CVE-2019-0190, CVE-2019-0220, CVE-2019-0196, CVE-2019-0197, CVE-2019-0215, CVE-2019-0217, CVE-2019-0211, CVE-2019-10081, CVE-2019-9517, CVE-2019-10098, CVE-2019-10092, CVE-2019-10097, CVE-2019-10082


Applies to HMP350, HMP300, and DiVA.

  • The fix for CVE-2020-15809 in 4.5.3 was incomplete, URI validation in the rssProxy.php missed a few possible cases.

Developer

Applies to HMP400, HMP400W, and third-party players.

  • RPC API - new commands for Wi-Fi: wifi_scan, wifi_connect, wifi_disconnect, and wifi_get_info.
  • JavaScript - extended the deviceInfo global object with two new methods, mostly relevant for Wi-Fi: .getMainNetworkInterface() and .getActiveNetworkInterface().

Unresolved

Release 4.5.3

Release name: "Matterhorn" 4.5.3. Release date: July 20, 2020.
Firmware version numbers:

Improvements

  • CORS requests are now allowed for endpoints other than RPC, provided the RPC API key is used.
  • Changed the display message when the player license expires or is missing, now a black screen is shown instead of the "no valid license" floating text.

Fixed

  • The content server was not disabled when a player was added to ARYA, leading to confusing errors in Elementi if a publish was attempted.
  • Importing X.509 server certificates with unknown extensions would make the network page display an error and be unusable until the certificate was removed.
  • RTP (not MPEG2TS) streaming will stop after a few minutes.
  • AJAX POST requests would use chunked transfer encoding since firmware 4.5.0, but many simple devices do not support them, which broke communications; now chunked transfer encoding is not used in AJAX requests.
  • HTTP requests to server whose name started with vN, N being an integer, would be modified to be within square brackets, breaking the request


Applies to HMP400, HMP400W, and third-party players.

  • Video modes could be incorrectly programmed when the attached display did not return a valid EDID, due to an internal DisplayPort link rate being incorrectly programmed.
  • The hardware watchdog would not fire if the system hung during shutdown, as it got disabled when the software watchdog exited, now the hardware watchdog never disables.
  • The unused rssProxy.php, i18njs.php and timezones.php were incorrectly included in the firmware image, which increases the attack surface, they are no longer included.


Applies to HMP350, HMP300, and DiVA.

  • Visual stutter could occur with looping videos.
  • Player could hang after video playback.

Security

  • Fixed CVE-2020-15809, the spxmanage component would allow requests that access unintended resources because of SSRF and Path Traversal.

Unresolved

Release 4.5.2

Release name: "Matterhorn" 4.5.2. Release date: June 8, 2020.
Firmware version numbers:

Improvements

Applies to HMP400 and HMP400W.

  • The RTC is now calibrated for improved time accuracy while the player is powered off.

Fixed

Applies to all models.


Applies to HMP400, HMP400W, and third-party players.

  • Configurations deployed via USB sticks including a reboot directive could cause a reboot loop.
  • Recovery Console updated to version 2.8.1, fixing the player rebooting after a couple of minutes when a reset to factory defaults operation was pending.
  • On HMP400W, the local link IPv6 addresses in static DNS configurations would get the wrong interface identifier when Wi-Fi was the selected interface.

Developer

Release 4.5.1

Release name: "Matterhorn" 4.5.1. Release date: May 20, 2020.
Firmware version numbers:

New

Applies to HMP400, HMP400W, and third-party players.

  • Enabled Wi-Fi connections with support for personal (pre-shared key) and enterprise authentication, as well as open/unauthenticated networks. Wi-Fi is enabled from Control Center, and the configuration is done via a configuration backup file.
  • Configurations can now be deployed via USB sticks - inserting a USB stick with a configuration backup file on a not-yet configured player will automatically apply the configuration; this feature is automatically disabled once the player has been fully configured for security reasons.
  • Added support for 802.1x authentication on Ethernet; configuration is done via the configuration backup file.

Improvements

Applies to HMP400, HMP400W, and third-party players.


Applies to third-party players.

  • Names corresponding to the labels on the device are now shown in Control Center's video and audio output selectors.

Changes

Applies to HMP400 and HMP400W.

  • Licenses were incorrectly included in the configuration backup, which can invalidate a valid license received from the license server when restoring the configuration backup at a later time; licenses are no longer included in the configuration backup as they are distributed directly by the license server. Configuration backups saved from firmware 4.5.0 for units which had a license should be manually edited to remove the license before restoring.

Fixed

Applies to all models.

  • Streaming was not working properly with some sources.
  • An HTTP proxy on port 80 could not be used. This was a regression introduced in 4.5.0.
  • Some web services, like RSS feeds, behave differently when the referrer is about:blank, a full URL is now used to avoid problems.
  • Solved incompatibility with myDrive.ch file storage service.
  • Webp images could crash the player causing a reboot.
  • RPC responses to failed calls were not returned to the RPC concentrator (regression introduced in 4.5.0); in addition any HTTP level RPC call errors are also returned to the RPC concentrator.
  • The player could reboot during network state changes due to races in the restart of the NTP daemon.
  • Credentials to access resources on AWS could be renewed just after they expired, instead of a few minutes before, causing temporary problems with ARYA.
  • The license texts in Control Center's about page were not properly tagged as UTF-8 plain text and could display garbled.
  • EULA and third-party licenses updated to reflect current ones.


Applies to HMP400, HMP400W, and third-party players.

  • On full HD deinterlaced videos, the bottom of the 1088 coded lines were outputted instead of the top 1080.
  • The player was not restarted when the audio configuration changed, although a restart was required.
  • Network default routes installed by the DHCP client may conflict with existing default routes and not become effective, they are now replaced.
  • The NTP daemon no longer restarts on IP address changes as it is no longer necessary.
  • The report did not properly dump the TPM2 public data of persistent handles.

Developer

Applies to all players.


Applies to HMP400, HMP400W, and third-party players.

  • Configuration API new tags: wifi-dhcp, wifi-static, wifi-v6-none, wifi-v6-static, wifi-ap-add, and wifi-ap-reset.
  • RPC API - the get_info command has been extended to support Wi-Fi.
  • Status API - the info endpoint has been extended to support Wi-Fi.

Release 4.5.0

Release name: "Matterhorn" 4.5.0. Release date: April 20, 2020.
Firmware version numbers:

New

  • Added DSOS support for the new hardware models: HMP400/HMP400W and selected 3rd-party players.
  • Added support for the DSOS activation licenses; the player license information is displayed on the Control Center home page and included within the configuration backup.
  • New HTML5 rendering engine, based on Chromium 74, with support for hardware accelerated video decoding and WebGL. Applies only to players with DSOS Kiosk and DSOS Systems licenses.
    • New "password manager" functionality to support forms-based authentication on websites, using credentials stored under Saved passwords.
    • New "click robot" engine to navigate, scroll, zoom on content of interest and/or click through consent popups on HTML5 pages.
  • New Pull Mode engine that supports faster downloads, end-to-end content integrity checking with SHA-256, and processing of RPC commands.
  • JPEG images are now automatically rotated and flipped according to EXIF data.
  • Added support merging multiple calendars on the same view for Google calendar and Outlook online.
  • Added support for underlined text.
  • HTTP traffic capturing can be enabled from Control Center or RPC, for improved diagnostics. The captures are also included in the player report. Credentials are masked in the captures.

Improvements

  • Added video and audio output selectors in Control Center and Configuration Wizard for players with multiple video/audio outputs.
  • Added support Hyperlink and Picture columns in SharePoint lists.
  • Firmware updater now checks that update source is compatible with product's model before applying any updates.
  • Bonjour and SSDP announcements now include additional serial numbers for the benefit of the newly supported models.
  • JS locale files are now compressed, reducing the firmware size.
  • Updated some internal libraries:
    • ffmpeg to version 4.0.2 (was 3.4.5)
    • libical to version 2.0.0 (was 1.0.1)
    • Yii PHP framework to version 1.1.21 (was 1.1.17)

Changes

  • Removed support for Instagram widgets because Instagram has discontinued the Legacy API.
  • Session cookies now expire after 2 days (used to never expire before).

Fixed

  • Pull Mode with ICS executed after being disabled.
  • Cookies for public top level domains were incorrectly allowed in the Pull Mode daemon (uploader).
  • Crash when pressing blue button when playing a project with asynchronous audio player event handlers.
  • Events widget - long event titles were not showing correctly.
  • JSignage Graph plugin: Axis grid were not shown in some cases because of missing min and max values.
  • If there is any text in an editable text area, editing was broken.

Security

  • Enrollment to SpinetiX cloud services now uses the TPM to authenticate third-party devices.
  • Protected from XEE attacks in XML files.
  • Use HTTPS protocol for the ECB exchange rate data source.
  • CORS violations and other errors in HTML5 content are reported in the log.

Developer

  • Credentials can now be used on AJAX requests to the player from web pages not hosted on the player (i.e., the authorization headers are now allowed for CORS).
  • Uploader process logs more messages at trace level to diagnose replication issues in Pull Mode.
  • New tags for the Configuration API:
    • <video-output-selector> to select the video output connector on DSOS devices.
    • <pullmode-http-capture-log> to capture HTTP traffic for the uploader process.
    • <http-capture-log> to capture HTTP traffic for the player.
  • New options for the get_info RPC command:
    • videoConnectors: true to report the list of attached screens
    • audioConnectors: true to report the list of attached audio connectors
  • The JavaScript libraries have been updated.

See also

This page was last modified on 7 September 2020, at 12:41.