Release Notes #

For SUSE Linux Enterprise Desktop 12 documentation, see http://www.suse.com/documentation/sled-12/, where you can download PDF documents. For installation with YaST software management or with zypper, packages are available on the product media. Some of these packages are installed by default. These are the package names:

Technology Preview features are either not supported or supported in a limited fashion. These features are mainly included for customer convenience and may be functionally incomplete, unstable or in other ways not suitable for production use.

The following packages require additional support contracts to be obtained by the customer in order to receive full support:

When you are installing via AutoYaST and do not update the system during the installation, the installer will permanently halt at the end of Stage 2 (that is, after the first system reboot) when NetworkManager is restarted.

Make sure your AutoYaST control file contains a registration section and that the system you are installing on can download updates. If the system is registered and online, you will receive an update that allows the installation to go through.

In the YaST installer, on the page Installation Settings, the headline Clone System Configuration and the button Export Configuration allow creating an AutoYaST XML file. However, generating files using these options will result in an invalid package selection and network configuration. This means that when the file is used for an installation, that installation could fail.

To create valid AutoYaST XML files, use an installed system. Ensure that the latest YaST updates have been installed and run:

yast clone_system

Prior to SUSE Linux Enterprise 12 SP1, after the first rollback of the system the original root volume was no longer reachable and would never be removed automatically. This resulted in a disk space leak.

Starting with SP1, YaST installs the system into a subvolume controlled by Snapper.

CJK languages (Chinese, Japanese, and Korean) do not work properly during text-mode installation if the framebuffer is not used (Text Mode selected in boot loader).

There are three ways to resolve this issue:

If you are using third-party kernel modules packages (KMP) and perform an offline upgrade to SLED 12 SP1, the repositories containing these modules are disabled automatically. However, the packages already installed are kept, even though they are incompatible. The upgraded system will now try to use the outdated drivers, often leading to issues.

Examples for commonly-used third-party KMPs are the proprietary graphics drivers from AMD or NVidia. Booting with an outdated graphics driver can lead to the X Window System failing to start.

If you are using third-party KMPs, always perform an online upgrade. This allows for automatically updating the repository URLs needed for the packages.

When performing a service pack migration, it is necessary to change the configuration on the registration server to provide access to the new repositories. If the migration process is interrupted or reverted (via restoring from a backup or snapshot), the information on the registration server is inconsistent with the status of the system. This may lead to you being prevented from accessing update repositories or to wrong repositories being used on the client.

When a rollback is done via Snapper, the system will notify the registration server to ensure access to the correct repositories is set up during the boot process. If the system was restored any other way or the communication with the registration server failed for any reason (for example, because the server was not accessible due to network issues), trigger the rollback on the client manually by calling snapper rollback.

We suggest always checking that the correct repositories are set up on the system, especially after refreshing the service using zypper ref -s.

When upgrading from SUSE Linux Enterprise Server or Desktop 12 to SUSE Linux Enterprise Server or Desktop 12 SP1, you may experience a version downgrade of specific software packages, including the Linux Kernel.

This is expected behavior. It is important to remember that the version number is not sufficient to determine which bug fixes are applied to a software package.

All SLE 12 SP1 software packages and updates are contained in the SLE 12 SP1 repositories. No packages from SLE 12 repositories are needed for installation or upgrade.

In case you do add SLE 12 update repositories, be aware of one characteristic of the repository concept: Version numbers in the SLE 12 update repository can be higher than those in the SLE 12 SP1 repository. Thus, if you update with the SLE 12 repositories enabled, you may receive the SLE 12 version of a package instead of the SLE 12 SP1 version.

Using package versions from a lower product version or SP can result in unwanted side effects. If you do not need them, switch off all SLE 12 repositories.

Only keep old repositories if your system depends on a specific older version of a package. If you need a package from a lower product version or SP though, and thus have SLE 12 repositories enabled, make sure that the packages you intended to upgrade have actually been upgraded.

Online migration from SLE 12 to SLE 12 SP1 is not supported if debuginfo packages are installed.

In the past, you could use YaST Wagon to migrate between Service Packs. YaST Wagon is now unsupported.

You can now use either the YaST Online Migration module or zypper migration.

To learn more about migrating between Service Packs, see the section Service Pack Migration in the Deployment Guide: https://www.suse.com/documentation/sles-12/book_sle_deployment/data/cha_update_spmigration.html (https://www.suse.com/documentation/sles-12/book_sle_deployment/data/cha_update_spmigration.html).

Note that when performing the SP migration, both YaST and Zypper will install all recommended packages. Especially in the case of custom minimal installations, this may increase the installation size of the system significantly.

There are two ways to change this behavior:

An important requirement for every Enterprise operating system is the level of support a customer receives for his environment. Kernel modules are the most relevant connector between hardware ("controllers") and the operating system.

For more information about the handling of kernel modules, see the SUSE Linux Enterprise Administration Guide.

SLE 12 only supported version 7 of OpenJDK. There was no solution for customers needing a higher version of Java.

In SLE 12 SP1, OpenJDK 8 was added as an alternative Java version. OpenJDK 7 remains available additionally. To choose the right version for your use case, use update-alternatives.

Since SLE 12 SP1, YaST includes a new journal module, which enables users and system administrators to take advantage of the advanced filtering capabilities of the systemd journal.

The new module displays the log entries in a table with a search box providing grep-like live searching. In addition, it allows to filter the entries in the list by date and time, unit, file, or priority.

In short, the module offers all the advantages of the old (and still present) log viewer with some extra systemd powered goodies.

The original provider of the pax binary was the package pax. However, this binary was not LSB-compatible and is not maintained upstream.

In SLE 12 SP1, pax was replaced with spax (from the package star). For backwards compatibility, this package also provides a symbolic link for pax.

The new command spax provides many of the same options that the former pax also offered. However, the following options are not supported: -0, -B, -D, -E, -G, -O, -P, -T, -U, -Y, -Z. spax does not provide options beyond those offered by pax.

Additionally, the formats supported by the option -x have changed:

It is also possible that other options have slightly different behavior than you are used to. For more information, see the spax manual pages.

The Qt 5 libraries were updated to 5.5.1. Qt 5.5.1 includes new features and security fixes for known vulnerabilities over Qt 5.3.2 (the version initially shipped in SP1).

Among other security fixes, the new version includes a fix for the Qt WebEngine's Weak Diffie-Hellman vulnerability (CVE-2015-4000).

New features include:

The tar version in SLES and SLED 12 (SP0) was not handling extended attributes properly.

A maintenance update for tar fixes this issue. This update introduces new package dependencies:

Both of these packages are already required by other core packages in a SLE installation.

The Wireshark 1.10.x series of releases was discontinued upstream and does no longer receive security updates or bug fixes.

Wireshark was updated to the 1.12.x series of releases, providing for delivery of fixes for security issues as well as new and updated protocol support and dissectors.

ntp was updated to version 4.2.8.

Name resolution for the affected hosts works otherwise.

Configure ntpd to not run in chroot mode by setting

NTPD_RUN_CHROOTED="no"

in /etc/sysconfig/ntp. Then restart the service with:

systemctl restart ntpd

Due to the architecture of ntpd, it does not start reliably in a chroot environment. Furthermore, the daemon drops all capabilities except for the one needed to open sockets on reserved ports, so chroot is not required. If policy requirements mandate this, AppArmor can be used to further limit the process in what it can do.

Additional Information

The meaning of some parameters has changed, for example sntp -s is now sntp -S.

After having been deprecated for several years, ntpdc is now disabled by default for security reasons. It can be re-enabled by adding the line enable mode7 to /etc/ntp.conf, but preferably ntpq should be used instead.

The package fcoe-utils used to depend on the back-end libraries libHBAAPI and libhbalinux. The sole purpose of these two libraries is reading informational and statistical data from Sysfs.

The commands fcoeadm and fcping from the package fcoe-utils have been rewritten to directly read the needed information from Sysfs without a third-party back-end library.

The Python script interpreter was updated to version 2.7.9. A key feature is the improved SSL module which can better check X.509 certificates used in TLS/SSL communication.

If certificate validation is enabled, the Python SSL module will no longer work with TLS/SSL installations that rely on self-signed certificates or are set up improperly.

For compatibility reasons, TLS/SSL certificate validation remains disabled by default.

The following packages were removed with the major release of SUSE Linux Enterprise Desktop 12:

The following packages were removed with the release of SUSE Linux Enterprise Desktop 12 SP1:

The following packages are deprecated and will be removed with SUSE Linux Enterprise Desktop 13.

In order to be able to create PDFs, graphviz needs the package graphviz-gnome. Therefore, graphviz unconditionally required that package. This is unwanted on systems where X11 is not installed.

graphviz package now only pulls in graphviz-gnome if X11 is installed.

This means that on systems without X11, the graphviz tools cannot create PDFs.

On-the-fly compression is now supported with Btrfs. It can be turned on through mount-time options passed to the filesystem. See the Btrfs section in mount(8) manual page for details.