openSUSE 11.3 Release Notes

Copyright © 2010 Novell, Inc.

Máte právo kopírovať, distribuovať a/alebo meniť tento dokument podľa podmienok GNU Free Documentation License (verzia 1.2) alebo podľa niektorej z vyšších verzií publikovaných združením Free Software Foundation; ale bez nemenných odstavcov, textov na prednej a zadnej strane obálky. Znenie licencie nájdete v súbore fdl.txt.

The release notes are under constant development. Download the newest version as part of the Internet test or refer to http://www.suse.com/relnotes/i386/openSUSE/11.3/RELEASE-NOTES.en.html.

Tieto poznámky sú rozdelené do nasledujúcich okruhov:

Inštalácia
  1. N/A
Všeobecné
  1. openSUSE dokumentácia
  2. LXDE—a New Desktop Environment
Aktualizácia systému
  1. Samba: smbfs služba premenovaná na cifs
  2. Incompatible IPsec and strongSwan Changes
Technické
  1. Inicializácia grafiky s KMS (Kernel Mode Setting)
  2. Samba: mount.cifs nie je setuid root
  3. SSH Public Key Authentication

Inštalácia

N/A

Všeobecné

openSUSE dokumentácia

LXDE—a New Desktop Environment

LXDE provides a lightweight desktop environment for old and obsolete computers with limited hardware resources.

pcmanfm and libfm (LXDE File Manager and its main library) are released as RC1 versions and will get updated with the official updates (stable versions) as soon as possible.

Aktualizácia systému

Samba: smbfs služba premenovaná na cifs

Vzhľadom k tomu, že smbfs nie je časťou jadra. Nahradil ho komponent cifs. Aby nedochádzalo k zámene názvu služby, sme ho nakoniec premenovali zodpovedajúcim spôsobom.

Počas aktualizácie systému s nainštalovaným balíkom samba-client, stav služby bude uložený, /etc/samba/smbfstab prenesený do /etc/samba/cifstab a stav služby obnovený, ak je potrebné.

Incompatible IPsec and strongSwan Changes

The "sha256"/"sha2_256" keywords now configure the kernel with 128-bit truncation, not the non-standard 96-bit truncation used by previous releases. If you depend on the 96-bit truncation scheme, use the new "sha256_96" keyword—this might be necessary, if you want to establish a connection with an old kernel (openSUSE 11.2 or earlier).

In those case modify the connection settings to the old and non-standard 96-bit truncation in the ipsec.conf of the new system:

esp=aes128-sha256_96

There is also an incompatible strongSwan change. IPComp in tunnel mode was fixed to strip out the duplicated outer header. This change makes IPComp tunnel mode connections incompatible with previous releases. Disable compression on such tunnels.

Technické

Inicializácia grafiky s KMS (Kernel Mode Setting)

V openSUSE 11.3 sme prešli na KMS (Kernel Mode Setting) pre Intel, ATI a NVIDIA grafické karty, ktorý je teraz štandardný. Ak sa vyskytnú problémy s podporou KMS ovládača (intel, radeon, nouveau), zakážte KMS pridaním nomodeset do príkazového riadka jadra. Ak to chcete nastaviť nastálo, pridajte ho do príkazového riadka jadra v /boot/grub/menu.lst. Táto voľba zaistí, že (intel, radeon, nouveau) je natiahnutý s modeset=0 v initrd, t.j. KMS je zakázaný.

V zriedkavých prípadoch, kedy načítanie DRM modulu z initrd je všeobecný problém a nesúvisí s KMS, dokonca je možné zakázať načítanie DRM modulu v initrd úplne. Pre toto nastavte NO_KMS_IN_INITRD sysconfig premennú na yes caz YAST, ktorý potom obnoví initrd afterwards. Reštartnite počítač.

On Intel without KMS the Xserver falls back to the fbdev driver (the intel driver only supports KMS); alternatively, there is the "intellegacy" driver (xorg-x11-driver-video-intel-legacy package) which still supports UMS (User Mode Setting). To use it, edit /etc/X11/xorg.conf.d/50-device.conf and change the driver entry to intellegacy.

On ATI for current GPUs it falls back to radeonhd. On NVIDIA without KMS the nv driver is used (the nouveau driver only supports KMS).

Samba: mount.cifs nie je setuid root

The mount.cifs program that is being used to mount Samba/CIFS shares will not be allowed to be run as a setuid root program. mount.cifs has been the subject of several security bugs that have arisen due to some of the users using it as a setuid root program. For e.g., tools like smb4k on the distribution require mount.cifs setuid root. So there is a chance that users of such tools set the setuid bit. This program has not been properly audited for security and the Samba team strongly recommends that it not be installed as a setuid root program at this time.

To make that very clear, this release forcibly disables the ability for mount.cifs to run as a setuid root program. People are welcome to trivially patch this out, by setting CIFS_DISABLE_SETUID_CHECK to 1, but they do so at their own peril.

Bezpečnostný audit a redizajn tohto programu prebieha podľa Samba tímu.

SSH Public Key Authentication

In /etc/ssh/sshd_config relative paths are no longer allowed. When pointing to the authorized_keys file, use %h/ in front of the path. Otherwise logging in using SSH Public Key Authentication will fail with openSSH 5.4 and later.

Example:

PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys