To increase the security, the enclosed firewall solution SuSEFirewall2 is activated at the end of the installation in the proposal dialog. This means that all ports are closed initially and can be opened in the proposal dialog if necessary. By default, you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP, Samba ("Network Neighborhood"), and some games. You can fine-tune the firewall settings using YaST.

If network access is required during the installation or configuration of a service, the respective YaST module opens the needed TCP and UDP ports of all internal and external interfaces. If this is not desired, the user can close the ports in the YaST module or specify other detailed firewall settings.

By default, IPv6 support is not enabled for KDE. You can enable it using the /etc/sysconfig editor of YaST. The reason for disabling this feature is that IPv6 addresses are not properly supported by all Internet service providers and, as a consequence, this would lead to error messages while browsing the Web and delays while displaying Web pages.

The YaST Online Update now supports a special kind of RPM package that only stores the binary difference from a given base package. This technique significantly reduces the package size and download time at the expense of higher CPU load for reassembling the final package. In /etc/sysconfig/onlineupdate, configure whether YOU should use these delta packages. See /usr/share/doc/packages/deltarpm/README for technical details.

At the end of the installation (proposal dialog), the ports needed for the print system must be open in the firewall configuration. Port 631/TCP and port 631/UDP are needed for CUPS and should not be closed for normal operation. Port 515/TCP (for the old LPD protocol) and the ports used by Samba must also be open for printing via LPD or SMB.

The change from XFree86 to X.Org is facilitated by compatibility links that enable access to important files and commands with the old names.

In the course of the change to X.Org, the packages were renamed from XFree86* to xorg-x11*.

We have removed a number of terminal emulators because they are either no longer maintained or do not work in the default environment, especially by not supporting UTF-8. SUSE Linux offers standard terminals, such as xterm, the KDE and GNOME terminals, and mlterm (Multilingual Terminal Emulator for X), which might be a replacement for aterm and eterm.

The configuration files in /etc/sysconfig/powersave have changed:

/etc/powersave.conf has become obsolete. Existing variables have been moved to the files listed in Table 5.3, “Split Configuration Files in /etc/sysconfig/powersave”. If you changed the “event” variables in /etc/powersave.conf, these must now be adapted in /etc/sysconfig/powersave/events.

The names of sleep states have changed from:

To:

The sound mixer kmix is preset as the default. For high-end hardware, there are other mixers, like QAMix. KAMix, envy24control (only ICE1712), or hdspmixer (only RME Hammerfall).

In the past, a patch was applied to the cdrecord binary from the cdrecord package to support burning DVDs. Instead, a new binary cdrecord-dvd is installed that has this patch.

The growisofs program from the dvd+rw-tools package can now burn all DVD media (DVD+R, DVD-R, DVD+RW, DVD-RW, DVD+RL). Try using that one instead of the patched cdrecord-dvd.

It is possible to install multiple kernels side by side. This feature is meant to allow administrators to upgrade from one kernel to another by installing the new kernel, verifying that the new kernel works as expected, then uninstalling the old kernel. While YaST does not yet support this feature, kernels can easily be installed and uninstalled from the shell using rpm -i package.rpm.

The default boot loader menus contain one kernel entry. Before installing multiple kernels, it is useful to add an entry for the extra kernels, so that they can easily be selected. The kernel that was active before installing a new kernel can be accessed as vmlinuz.previous and initrd.previous. By creating a boot loader entry similar to the default entry and having this entry refer to vmlinuz.previous and initrd.previous instead of vmlinuz and initrd, the previously active kernel can be accessed. Alternatively, GRUB and LILO support wild card boot loader entries. Refer to the GRUB info pages (info grub) and to the lilo.conf (5) manual page for details.

The Manual Installation mode is gone from the boot loader screen. You can still get linuxrc into manual mode using manual=1 at the boot prompt. Normally this is not necessary because you can set installation options at the kernel prompt directly, such as textmode=1 or a URL as the installation source.

Kerberos is the default for network authentication instead of heimdal. Converting an existing heimdal configuration automatically is not possible. During a system update, backup copies of configuration files are created as shown in Table 5.5, “Backup Files”.

The client configuration (/etc/krb5.conf) is very similar to the one of heimdal. If nothing special was configured, it is enough to replace the parameter kpasswd_server with admin_server.

It is not possible to copy the server-related (kdc and kadmind) data. After the system update, the old heimdal database is still available under /var/heimdal. MIT kerberos maintains the database under /var/lib/kerberos/krb5kdc.

Due to technical problems with JFS, it is no longer supported. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.

As an intrusion detection system, use AIDE (package name aide), which is released under the GPL. Tripwire is no longer available on SUSE Linux.

The configuration tool SaX2 writes the X.Org configuration settings into /etc/X11/xorg.conf. During an installation from scratch, no compatibility link from XF86Config to xorg.conf is created.

The packages xview, xview-devel, xview-devel-examples, olvwm, and xtoolpl were dropped. In the past, we just provided the XView (OpenLook) base system. The XView libraries are no longer provided after the system update. Even more important, OLVWM (OpenLook Virtual Window Manager) is no longer available.

You should include these default configuration files from within your application-specific configuration file, because it is easier to modify and maintain one file instead of the approximately forty files that used to exist on the system. If you install an application later, it inherits the already applied changes and the administrator is not required to remember to adjust the configuration.

The changes are simple. If you have the following configuration file (which should be the default for most applications):

#%PAM-1.0
auth     required       pam_unix2.so
account  required       pam_unix2.so
password required       pam_pwcheck.so
password required       pam_unix2.so    use_first_pass use_authtok
#password required      pam_make.so     /var/yp
session required        pam_unix2.so

you can change it to:

#%PAM-1.0
auth     include        common-auth
account  include        common-account
password include        common-password
session  include        common-session

The tar usage syntax is stricter now. The tar options must come before the file or directory specifications. Appending options, like --atime-preserve or --numeric-owner, after the file or directory specification makes tar fail. Check your backup scripts. Commands such as the following no longer work:

tar czf etc.tar.gz /etc --atime-preserve

See the tar info pages for more information.

By default, calling su to become root does not set the PATH for root. Either call su - to start a login shell with the complete environment for root or set ALWAYS_SET_PATH to yes in /etc/default/su if you want to change the default behavior of su.

Names of the powersave configuration variables are changed for consistency, but the sysconfig files are still the same. Find more information in Section 35.5.1, “Configuring the powersave Package”.

cardmgr no longer manages PC cards. Instead, as with Cardbus cards and other subsystems, a kernel module manages them. All necessary actions are executed by hotplug. The pcmcia start script has been removed and cardctl is replaced by pccardctl. For more information, see /usr/share/doc/packages/pcmciautils/README.SUSE.

Many applications now rely on D-BUS for interprocess communication (IPC). Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/xinitrc uses dbus-launch to start the window manager.

If you have a local ~/.xinitrc file, you must change it accordingly. Otherwise applications like f-spot, banshee, tomboy, or Network Manager banshee might fail. Save your old ~/.xinitrc. Then copy the new template file into your home directory with:

cp /etc/skel/.xinitrc.template ~/.xinitrc

Finally, add your customizations from the saved .xinitrc.

For reasons of compatibility with LSB (Linux Standard Base), most configuration files and the init script were renamed from xntp to ntp. The new filenames are:

/etc/slp.reg.d/ntp.reg

/etc/init.d/ntp

/etc/logrotate.d/ntp

/usr/sbin/rcntp

/etc/sysconfig/ntp

Hotplug events are now completely handled by the udev daemon (udevd). We do not use the event multiplexer system in /etc/hotplug.d and /etc/dev.d anymore. Instead udevd calls all hotplug helper tools directly, according to its rules. Udev rules and helper tools are provided by udev and various other packages.

Find the TEI XSL stylesheets (tei-xsl-stylesheets) with a new directory layout at /usr/share/xml/tei/stylesheet/rahtz/current. From there, for example, use base/p4/html/tei.xsl to produce HTML output. For more information, see http://www.tei-c.org/Stylesheets/teic/

For proper functionality, GNOME applications depend on file system change notification support. For local-only file systems, install the gamin package (preferred) or run the FAM daemon. For remote file systems, run FAM on both the server and client and open the firewall for RPC calls by FAM.

GNOME (gnome-vfs2 and libgda) contains a wrapper that picks gamin or fam to provide file system change notification:

For Apache version 2.2, Chapter 32, The Apache HTTP Server was completely reworked. In addition, find generic upgrade information at http://httpd.apache.org/docs/2.2/upgrading.html and the description of new features at http://httpd.apache.org/docs/2.2/new_features_2_2.html.

By default, xinetd no longer starts the vsftpd FTP server. It is now a stand-alone daemon and you must configure it with the YaST runtime editor.

With Firefox 1.5, the method for applications to open a Firefox instance or window has changed. The new method was already partly available in former versions where the behavior was implemented in the wrapper script.

If your application does not use mozilla-xremote-client or firefox -remote, you do not have to change anything. Otherwise the new command to open a URL is firefox url and it does not matter whether Firefox is already running or not. If it is already running, it follows the preference configured in Open links from other applications in.

From the command line, you can influence the behavior by using firefox -new-window url or firefox -new-tab url.

On some computers, Firefox with Pango support enabled is very slow. The performance seems to depend on the X server. Set MOZ_DISABLE_PANGO=0 if you want to switch on font rendering for your environment anyway:

export MOZ_DISABLE_PANGO=0
firefox

As with every major release update, it is strongly recommended to perform a backup of the MySQL table files and create an SQL dump beforehand. After the update, /etc/init.d/mysql automatically executes mysql_fix_privilege_tables. Refer to http://dev.mysql.com/doc/refman/5.0/en/upgrade.html for more information and detailed instructions.

The local and IO APIC for the 32-bit x86 architecture has changed. A local and IO APIC (I/O Advanced Programmable Interrupt Controller) is an SMP-capable replacement for PC-style interrupt controllers. SMP systems and all recent uniprocessor systems have such a controller.

Until now, local and IO APIC was disabled on uniprocessor systems by default and had to be manually activated by using the "apic" kernel parameter. Now it runs by default and can be manually deactivated. For 64-bit systems, APIC is always enabled by default.

If you experience problems with devices not working properly, you can manually apply the following configuration options:

The ulimit settings can be configured in /etc/sysconfig/ulimit. By default, only two limits are changed from the kernel defaults:

These soft limits can be overridden with the ulimit command by the user. Hard limits could only be overridden by root.

The values have been chosen conservatively to avoid breaking large processes that have worked before. If there are no legitimate processes with huge memory consumption, set the limits lower to provide more effective protection against run-away processes. The limits are per process and thus not an effective protection against malicious users. The limits are meant to protect against accidental excessive memory usage.

To configure different limits depending on the user, use the pam_limits functionality and configure /etc/security/limits.conf. The ulimit package is not required for that, but both mechanisms can be used in parallel. The limits configured in limits.conf override the global defaults from the ulimit package.

A new mounting mechanism replaces the submount system used earlier. This new mechanism does not unmount media automatically, but on hardware request. Some devices, most notably older CD drives but also some new drives with broken firmware, do not send this signal. To eject the media on such devices, select Eject in the context menu (opened by right-clicking) of the device in "My Computer" or select Eject in the context menu of the device icon on the desktop.

The kernel-default package contains the standard kernel for both uniprocessor and multiprocessor systems. The kernel comes with SMP support and runs with minimal overhead on uniprocessor systems. There is no kernel-smp package anymore.

Include the language add-on medium in your list of installation sources, if you want better support for one of our tier 2 languages. Tier 2 languages are all but the tier 1 languages (English, French, German, Italian, Spanish, Brazilian Portuguese, simplified and traditional Chinese, Japanese, and Czech). Support for tier 1 languages is available on the standard media set.