Firmware release notes 4.8.4

Note:

For other versions, see the DSOS release notes page.

New

• Added support for retrieving SharePoint news posts, including title, description, header image, and link to full article. This social network channel is available within the advanced data feed widgets of Elementi X.

Improvements

• Control Center
  • Added the pairing PIN on the main page to ease adding a player to ARYA.
  • The display info box no longer shows the "type" item, as the information was misleading and not useful with current platforms.
• Recovery Console is updated to version 2.19.0.
• The Apache httpd version is no longer returned within the HTTP response headers to avoid misdetection of security vulnerabilities, since often vulnerabilities are fixed by backports without increasing the version number.
• Added capability to select audio track by number, using "#n" syntax in the spx:audio attribute.
• Added new spx:rangeRequests attribute to media layers for disabling the use of HTTP byte range requests for compatibility with servers that do not support it properly.
• Added automatic clock skew compensation so that players or computers whose local clock is off by more than 5 minutes can still communicate with the SpinetiX cloud; the compensation is however limited, as very large offsets anyhow break TLS certificate validation.
• Updated EULA to the December 5, 2023, version.

Applies to HMP400 and HMP400W

• The Status API now includes information about the present power sources (usb, poe, or poe+usb).

Applies to third-party DSOS players

• Added support for the iQnetiX EMP-III player.
• Added support for the Intel AX101 Wi-Fi module.

Fixes

• SRT streams with multiple audio tracks failed to be decoded.
• Elementi and the player on DSOS did not use the same user HTTP user agent string, now they both use "Mozilla/5.0 (compatible) AppleWebKit/537.36 (KHTML, like Gecko) SpinetiX-resac/1.1".

Applies to iBX440 and third-party players using Gen12 Intel GPUs

• The video output streaming feature did not work

Applies to HMP400, HMP400W, iBX410, iBX410W, iBX440, and third-party players

• The video timings for the 4096x2160@60p-256:135 video mode were incorrect, using 2106 lines instead of 2160 lines, due to a typo.

Applies to HMP300, HMP350, and DiVA

• The "ENERGY_PERF_BIAS set to normal (6)" message was being logged at boot, even if the platform had no ENERGY_PERF_BIAS setting.

Security

Updated base libraries and components, the main changes are as follows:

• curl: fix CVE-2024-2398, which did not affect DSOS.
• httpd: update from version 2.4.58 to 2.4.61, which fixes CVE-2024-24795, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2024-39573 and CVE-2024-39884 which may affect DSOS and CVE-2024-27316, CVE-2024-38472 and CVE-2024-36387, none of which affect DSOS.
• libxml2: fix CVE-2024-25062, which did not affect DSOS.
• ncurses: fix CVE-2023-50495, which may have affected DSOS.
• openssh: fix CVE-2024-0727, which did affect DSOS.
• shadow: fix CVE-2023-4641, which did not affect DSOS.
• tar: fix CVE-2023-39804, which did not affect DSOS.

Applies to HMP400, HMP400W, iBX410, iBX410W, iBX440, and third-party players.

• linux-firmware: updated from 20231030 to 20240220
• wireless-regdb: updated from 2023.05.03 to 2024.01.23
• intel-microcode: updated from 20230808 to 20240312, fixing CVE-2023-22655, CVE-2023-23583, CVE-2023-28746, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490