ThinkServer

OpenSUSE Leap 16.0 Release Notes: Difference between revisions

← Older edit
SAP workloads on Leap 16.0: Fixed numbered list
Added missing publication date, corrected apostrophes and speech marks
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''Publication Date:''' 2025-09-29
openSUSE Leap is a modern, modular operating system suitable for both traditional IT and multimodal workloads. This document highlights major features, updates, and known limitations.
openSUSE Leap is a modern, modular operating system suitable for both traditional IT and multimodal workloads. This document highlights major features, updates, and known limitations.


= About the release notes =
== About the release notes ==


These Release Notes are identical across all architectures, and the most recent version is always available online at https://doc.opensuse.org.
These Release Notes are identical across all architectures, and the most recent version is always available online at https://doc.opensuse.org.
Line 11: Line 13:
However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.
However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.


== Documentation and other information ==
=== Documentation and other information ===


For the most up-to-date version of the documentation for openSUSE Leap, see:
For the most up-to-date version of the documentation for openSUSE Leap, see:
Line 17: Line 19:
* https://doc.opensuse.org.
* https://doc.opensuse.org.


This section describes community-driven enhancements, features, and updates that extend the SUSE Linux Enterprise core. These changes reflect the openSUSE project’s unique contributions, including desktop improvements, additional packages, and new workflows.
This section describes community-driven enhancements, features, and updates that extend the SUSE Linux Enterprise core. These changes reflect the openSUSE project's unique contributions, including desktop improvements, additional packages, and new workflows.


= openSUSE Leap Community Additions =
== openSUSE Leap Community Additions ==


== Lifecycle ==
=== Lifecycle ===


Each openSUSE Leap minor release is published once every 12 months. openSUSE Leap 16 provides maintenance updates over two minor releases, giving each release a full 24 months of community support.
Each openSUSE Leap minor release is published once every 12 months. openSUSE Leap 16 provides maintenance updates over two minor releases, giving each release a full 24 months of community support.
Line 31: Line 33:
For more than 24 months of support for a point release, the openSUSE migration tool makes it simple to move to SUSE Linux Enterprise, which provides decades of support. See [https://www.suse.com/support/policy.html Support Policy] and [https://www.suse.com/support/programs/long-term-service-pack-support.html Long Term Service Pack Support].
For more than 24 months of support for a point release, the openSUSE migration tool makes it simple to move to SUSE Linux Enterprise, which provides decades of support. See [https://www.suse.com/support/policy.html Support Policy] and [https://www.suse.com/support/programs/long-term-service-pack-support.html Long Term Service Pack Support].


== Migration from Leap 15.6 ==
=== Migration from Leap 15.6 ===


The [https://github.com/openSUSE/opensuse-migration-tool openSUSE migration tool] (<code>zypper in opensuse-migration-tool</code>) is included as part of openSUSE Leap 15.6. Users migrating from older releases can run the tool from [https://github.com/openSUSE/opensuse-migration-tool Git repository].
The [https://github.com/openSUSE/opensuse-migration-tool openSUSE migration tool] (<code>zypper in opensuse-migration-tool</code>) is included as part of openSUSE Leap 15.6. Users migrating from older releases can run the tool from [https://github.com/openSUSE/opensuse-migration-tool Git repository].
Line 37: Line 39:
For more information, refer to: [https://en.opensuse.org/SDB:System_upgrade SDB:System_upgrade].
For more information, refer to: [https://en.opensuse.org/SDB:System_upgrade SDB:System_upgrade].


== Installer and Desktop Environments ==
=== Installer and Desktop Environments ===


* openSUSE Leap 16 installer provides only Wayland variants of desktop environments. Xorg-based environments can be installed manually post-installation.
* openSUSE Leap 16 installer provides only Wayland variants of desktop environments. Xorg-based environments can be installed manually post-installation.


=== NVIDIA and Graphics Issues with the Installation Image ===
==== NVIDIA and Graphics Issues with the Installation Image ====


Some users with NVIDIA GPUs may experience graphics-related issues during installation, such as boo#1247670 where X server fails to start. This is due to the fact that openSUSE Leap install image contains <code>kernel-default-optional</code> and <code>kernel-default-extra</code>
Some users with NVIDIA GPUs may experience graphics-related issues during installation, such as boo#1247670 where X server fails to start. This is due to the fact that openSUSE Leap install image contains <code>kernel-default-optional</code> and <code>kernel-default-extra</code>
Line 49: Line 51:
For general graphics boot problems, use the option: <code>nomodeset</code>
For general graphics boot problems, use the option: <code>nomodeset</code>


=== Experimental Xfce Wayland session ===
==== Experimental Xfce Wayland session ====


Experimental Xfce Wayland session is available as an installation option. openSUSE Leap is one of the first distributions to provide Wayland support for [https://en.opensuse.org/Portal:Xfce Xfce]. We use <code>gtkgreet</code> with <code>greetd</code> as a Wayland-ready replacement for LightDM (used in the X11 variant).
Experimental Xfce Wayland session is available as an installation option. openSUSE Leap is one of the first distributions to provide Wayland support for [https://en.opensuse.org/Portal:Xfce Xfce]. We use <code>gtkgreet</code> with <code>greetd</code> as a Wayland-ready replacement for LightDM (used in the X11 variant).


=== LXQt Wayland session available post install ===
==== LXQt Wayland session available post install ====


LXQt Wayland session is included, but will become a full installer option in later releases once LXQt Miriway efforts are further developed: https://code.opensuse.org/leap/features/issue/192.
LXQt Wayland session is included, but will become a full installer option in later releases once LXQt Miriway efforts are further developed: https://code.opensuse.org/leap/features/issue/192.


== Changes to the openSUSE Welcome ==
=== Changes to the openSUSE Welcome ===


openSUSE Leap 16 now uses the <code>opensuse-welcome-launcher</code> to start the appropriate greeter application. This launcher, in combination with <code>gnome-tour</code> and <code>plasma-welcome</code>, replaces the legacy Qt5-based <code>opensuse-welcome</code>, which was previously the default greeter.
openSUSE Leap 16 now uses the <code>opensuse-welcome-launcher</code> to start the appropriate greeter application. This launcher, in combination with <code>gnome-tour</code> and <code>plasma-welcome</code>, replaces the legacy Qt5-based <code>opensuse-welcome</code>, which was previously the default greeter.
Line 63: Line 65:
The launcher also allows the openSUSE release team to update or refresh the displayed greeter via a package update, for example after a major GNOME update. To create a custom appliance without a welcome application, or to deploy a system where the greeter should never appear, remove <code>opensuse-welcome-launcher</code>.
The launcher also allows the openSUSE release team to update or refresh the displayed greeter via a package update, for example after a major GNOME update. To create a custom appliance without a welcome application, or to deploy a system where the greeter should never appear, remove <code>opensuse-welcome-launcher</code>.


== Automated NVIDIA Driver and Repository Setup ==
=== Automated NVIDIA Driver and Repository Setup ===


On supported GPUs, NVIDIA’s open driver is installed by default along with the NVIDIA graphics driver repository. In openSUSE Leap 16, user-space drivers are also automatically installed, enabling graphical acceleration out of the box.
On supported GPUs, NVIDIA's open driver is installed by default along with the NVIDIA graphics driver repository. In openSUSE Leap 16, user-space drivers are also automatically installed, enabling graphical acceleration out of the box.


== Security ==
=== Security ===


=== AppArmor ===
==== AppArmor ====


AppArmor has been updated from version 3.1 to 4.1.
AppArmor has been updated from version 3.1 to 4.1.
Line 75: Line 77:
* Version [https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.0 4.1] introduced the <code>priority=<number></code> rule prefix, which allows overriding rules.
* Version [https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.0 4.1] introduced the <code>priority=<number></code> rule prefix, which allows overriding rules.


=== AppArmor not available by default on new installations ===
==== AppArmor not available by default on new installations ====




Line 86: Line 88:
Users migrating manually from 15.6 will retain AppArmor by default. Users migrating with [https://github.com/openSUSE/opensuse-migration-tool openSUSE migration tool] will be prompted to either switch to SELinux or preserve AppArmor during post-migration.
Users migrating manually from 15.6 will retain AppArmor by default. Users migrating with [https://github.com/openSUSE/opensuse-migration-tool openSUSE migration tool] will be prompted to either switch to SELinux or preserve AppArmor during post-migration.


== Steam ==
=== Steam ===




Line 98: Line 100:
* SELinux users may also need <code>selinux-policy-targeted-gaming</code>. For details, refer to [https://en.opensuse.org/Portal:SELinux/Common_issues#Steam_Proton,_Bottles,_WINE,_Lutris,_not_working SELinux wiki page].
* SELinux users may also need <code>selinux-policy-targeted-gaming</code>. For details, refer to [https://en.opensuse.org/Portal:SELinux/Common_issues#Steam_Proton,_Bottles,_WINE,_Lutris,_not_working SELinux wiki page].


== Wine ==
=== Wine ===


openSUSE Leap includes wine 10.10, available only in the [https://gitlab.winehq.org/wine/wine/-/wikis/Building-Wine#shared-wow64 wow64] flavor. Users requiring 32-bit binary execution should consider using the Flatpak version or a similar solution.
openSUSE Leap includes wine 10.10, available only in the [https://gitlab.winehq.org/wine/wine/-/wikis/Building-Wine#shared-wow64 wow64] flavor. Users requiring 32-bit binary execution should consider using the Flatpak version or a similar solution.


== Networking ==
=== Networking ===


=== Broken libvirt networking when using Docker ===
==== Broken libvirt networking when using Docker ====




Line 123: Line 125:
This restores networking for libvirt VMs while Docker is active.
This restores networking for libvirt VMs while Docker is active.


== GNU Health ==
=== GNU Health ===


[https://www.gnuhealth.org/ GNU Health] has been updated to major release 5.0.2. The underlying ERP framework, Tryton, has been updated to LTS version 7.0. Functional improvements include enhanced medical image workflows and better integration with Orthanc 1.12.9 (PACS server).
[https://www.gnuhealth.org/ GNU Health] has been updated to major release 5.0.2. The underlying ERP framework, Tryton, has been updated to LTS version 7.0. Functional improvements include enhanced medical image workflows and better integration with Orthanc 1.12.9 (PACS server).


== PipeWire replaces PulseAudio ==
=== PipeWire replaces PulseAudio ===


openSUSE Leap 16.0 uses PipeWire by default. Users upgrading from previous releases should be automatically migrated from PulseAudio. <code>opensuse-migration-tool</code> provides a post-migration script if migration does not occur automatically.
openSUSE Leap 16.0 uses PipeWire by default. Users upgrading from previous releases should be automatically migrated from PulseAudio. <code>opensuse-migration-tool</code> provides a post-migration script if migration does not occur automatically.
Line 133: Line 135:
If experiencing audio issues, ensure you are not using the <code>wireplumber-video-only-profile</code>. For details, refer to [https://en.opensuse.org/openSUSE:Pipewire#Installation PipeWire#Installation] for details.
If experiencing audio issues, ensure you are not using the <code>wireplumber-video-only-profile</code>. For details, refer to [https://en.opensuse.org/openSUSE:Pipewire#Installation PipeWire#Installation] for details.


== Hexchat drop ==
=== Hexchat drop ===


Hexchat IRC client has been dropped as the [https://github.com/hexchat/hexchat upstream project] is archived. Alternatives include [https://software.opensuse.org/package/polari Polari] or the Flatpak version: [https://flathub.org/en/apps/io.github.Hexchat Flatpak].
Hexchat IRC client has been dropped as the [https://github.com/hexchat/hexchat upstream project] is archived. Alternatives include [https://software.opensuse.org/package/polari Polari] or the Flatpak version: [https://flathub.org/en/apps/io.github.Hexchat Flatpak].


== Configuring boot entry with serial console ==
=== Configuring boot entry with serial console ===


See https://en.opensuse.org/SDB:SerialConsole for guidance.
See https://en.opensuse.org/SDB:SerialConsole for guidance.
Line 143: Line 145:
This section describes the enterprise-grade foundation of openSUSE Leap, based on SUSE Linux Enterprise. Content here is adapted from the SUSE Linux Enterprise release notes to reflect core functionality, security updates, and enterprise features that openSUSE Leap inherits.
This section describes the enterprise-grade foundation of openSUSE Leap, based on SUSE Linux Enterprise. Content here is adapted from the SUSE Linux Enterprise release notes to reflect core functionality, security updates, and enterprise features that openSUSE Leap inherits.


= SUSE Linux Enterprise Core =
== SUSE Linux Enterprise Core ==


== What's new? ==
=== What's new? ===


=== Package and module changes in 16.0 ===
==== Package and module changes in 16.0 ====


The full list of changed packages compared to 15 SP7 can be seen at this URL:
The full list of changed packages compared to 15 SP7 can be seen at this URL:
Line 157: Line 159:
https://documentation.suse.com/package-lists/sle/16.0/module-changes_SLE-15-SP7-GA_SLE-16.0-GA.txt
https://documentation.suse.com/package-lists/sle/16.0/module-changes_SLE-15-SP7-GA_SLE-16.0-GA.txt


== Support and lifecycle ==
=== Support and lifecycle ===


openSUSE Leap is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.
openSUSE Leap is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.
Line 167: Line 169:
For more information, see the pages [https://www.suse.com/support/policy.html Support Policy] and [https://www.suse.com/support/programs/long-term-service-pack-support.html Long Term Service Pack Support].
For more information, see the pages [https://www.suse.com/support/policy.html Support Policy] and [https://www.suse.com/support/programs/long-term-service-pack-support.html Long Term Service Pack Support].


== Support statement for openSUSE Leap ==
=== Support statement for openSUSE Leap ===


To receive support, you need an appropriate subscription with SUSE. For more information, see https://forums.opensuse.org.
To receive support, you need an appropriate subscription with SUSE. For more information, see https://forums.opensuse.org.
Line 181: Line 183:


For contracted customers and partners, openSUSE Leap is delivered with L3 support for all packages, except for the following:
For contracted customers and partners, openSUSE Leap is delivered with L3 support for all packages, except for the following:
* Technology Previews, see Section 3.4, "Technology previews"
* Technology Previews, see Section "[[#Technology previews|Technology previews]]"
* Sound, graphics, fonts and artwork
* Sound, graphics, fonts and artwork
* Packages that require an additional customer contract, see Section 3.3.2, "Software requiring specific contracts"
* Packages that require an additional customer contract, see Section "[[#Software requiring specific contracts|Software requiring specific contracts]]"
* Some packages shipped as part of the module ''Workstation Extension'' are L2-supported only
* Some packages shipped as part of the module ''Workstation Extension'' are L2-supported only
* Packages with names ending in <code>-devel</code> (containing header files and similar developer resources) will only be supported together with their main packages.
* Packages with names ending in <code>-devel</code> (containing header files and similar developer resources) will only be supported together with their main packages.
Line 189: Line 191:
SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.
SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.


=== General support ===
==== General support ====


To learn about supported features and limitations, refer to the following sections in this document:
To learn about supported features and limitations, refer to the following sections in this document:
* Section 3.16, "Virtualization"
* Section "[[#Virtualization|Virtualization]]"
* Section 3.17, "Removed and deprecated features and packages"
* Section "[[#Removed and deprecated features and packages|Removed and deprecated features and packages]]"


=== Software requiring specific contracts ===
==== Software requiring specific contracts ====


Certain software delivered as part of openSUSE Leap may require an external contract. Check the support status of individual packages using the RPM metadata that can be viewed with <code>rpm</code>, <code>zypper</code>, or <code>YaST</code>.
Certain software delivered as part of openSUSE Leap may require an external contract. Check the support status of individual packages using the RPM metadata that can be viewed with <code>rpm</code>, <code>zypper</code>, or <code>YaST</code>.
Line 202: Line 204:
* PostgreSQL (all versions, including all subpackages)
* PostgreSQL (all versions, including all subpackages)


=== Software under GNU AGPL ===
==== Software under GNU AGPL ====


openSUSE Leap 16.0 (and the SUSE Linux Enterprise modules) includes the following software that is shipped ''only'' under a GNU AGPL software license:
openSUSE Leap 16.0 (and the SUSE Linux Enterprise modules) includes the following software that is shipped ''only'' under a GNU AGPL software license:
Line 213: Line 215:
* ArgyllCMS
* ArgyllCMS


== Technology previews ==
=== Technology previews ===


Technology previews are packages, stacks, or features delivered by SUSE to provide glimpses into upcoming innovations. Technology previews are included for your convenience to give you a chance to test new technologies within your environment. We would appreciate your feedback! If you test a technology preview, contact your SUSE representative and let them know about your experience and use cases. Your input is helpful for future development.
Technology previews are packages, stacks, or features delivered by SUSE to provide glimpses into upcoming innovations. Technology previews are included for your convenience to give you a chance to test new technologies within your environment. We would appreciate your feedback! If you test a technology preview, contact your SUSE representative and let them know about your experience and use cases. Your input is helpful for future development.
Line 223: Line 225:
* Technology previews can be removed from a product at any time. This may be the case, for example, if SUSE discovers that a preview does not meet the customer or market needs, or does not comply with enterprise standards.
* Technology previews can be removed from a product at any time. This may be the case, for example, if SUSE discovers that a preview does not meet the customer or market needs, or does not comply with enterprise standards.


== <code>lklfuse</code> ==
=== <code>lklfuse</code> ===


As technology preview, <code>lklfuse</code> is available in openSUSE Leap 16.0.
As technology preview, <code>lklfuse</code> is available in openSUSE Leap 16.0.
Line 229: Line 231:
<code>lklfuse</code> is intentionally built without Btrfs support. Btrfs filesystems can be multi-device (for example, RAID1) but <code>lklfuse</code> currently only supports a single device per mount.
<code>lklfuse</code> is intentionally built without Btrfs support. Btrfs filesystems can be multi-device (for example, RAID1) but <code>lklfuse</code> currently only supports a single device per mount.


== Changes affecting all architectures ==
=== Changes affecting all architectures ===


* <code>rasdaemon</code> has been updated to version 8.3.0. This version supports machine checks related to CXL memory.
* <code>rasdaemon</code> has been updated to version 8.3.0. This version supports machine checks related to CXL memory.
Line 236: Line 238:
* We now provide a unified image that can be used to install either SLES or SLES for SAP
* We now provide a unified image that can be used to install either SLES or SLES for SAP


=== Userspace live patching ===
==== Userspace live patching ====


Currently, <code>libpulp</code> supports ULP (user space live patching) of <code>glibc</code> and <code>openssl</code> binaries on the following architectures:
Currently, <code>libpulp</code> supports ULP (user space live patching) of <code>glibc</code> and <code>openssl</code> binaries on the following architectures:
Line 244: Line 246:
For more information see https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-ulp.html
For more information see https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-ulp.html


=== Switch to <code>mountfd</code> API in <code>util-linux</code> ===
==== Switch to <code>mountfd</code> API in <code>util-linux</code> ====


The <code>util-linux</code> mount command has switched from the old string-based method to the new kernel <code>mountfd</code> API. This change introduces new features but also comes with some minor incompatibilities.
The <code>util-linux</code> mount command has switched from the old string-based method to the new kernel <code>mountfd</code> API. This change introduces new features but also comes with some minor incompatibilities.
Line 259: Line 261:
This will keep the physical layer read-write, but the virtual file system layer (and the userspace access) read-only.
This will keep the physical layer read-write, but the virtual file system layer (and the userspace access) read-only.


=== Switch to predictable network names ===
==== Switch to predictable network names ====


The persistent network naming scheme used in Leap 15 became legacy with the switch to the systemd predictable network names. For complicated setups, we recommend using <code>systemd.link</code>.
The persistent network naming scheme used in Leap 15 became legacy with the switch to the systemd predictable network names. For complicated setups, we recommend using <code>systemd.link</code>.
Line 275: Line 277:




=== systemd default configurations moved to <code>/usr</code> ===
==== systemd default configurations moved to <code>/usr</code> ====


Main configuration files have been moved from <code>/etc</code> to <code>/usr</code>. This ensures that main configuration files have lower precedence, allowing them to be overriden by package-supplied drop-in snippets.
Main configuration files have been moved from <code>/etc</code> to <code>/usr</code>. This ensures that main configuration files have lower precedence, allowing them to be overriden by package-supplied drop-in snippets.
Line 283: Line 285:
Remove configurations in <code>/etc</code> to restore defaults.
Remove configurations in <code>/etc</code> to restore defaults.


=== Password access as root via SSH disabled ===
==== Password access as root via SSH disabled ====


Previously, it was possible to SSH as root using password-based authentication. In Leap 16.0 only key-based authentication is allowed by default. Systems upgraded to 16.0 from a previous version will carry over the old behavior. New installations will enforce the new behavior.
Previously, it was possible to SSH as root using password-based authentication. In Leap 16.0 only key-based authentication is allowed by default. Systems upgraded to 16.0 from a previous version will carry over the old behavior. New installations will enforce the new behavior.
Line 289: Line 291:
Installing the package <code>openssh-server-config-rootlogin</code> restores the old behavior and allows password-based login for the root user.
Installing the package <code>openssh-server-config-rootlogin</code> restores the old behavior and allows password-based login for the root user.


=== Minimum hardware requirements ===
==== Minimum hardware requirements ====


openSUSE Leap 16.0 requires hardware to meet requirements on these architectures:
openSUSE Leap 16.0 requires hardware to meet requirements on these architectures:
Line 305: Line 307:




=== SHA1 to be disabled or mark unapproved ===
==== SHA1 to be disabled or mark unapproved ====


Due to FIPS 140-3 certification requirements, the SHA1 cryptographic algorithm will be disabled or marked unapproved when running in FIPS mode.
Due to FIPS 140-3 certification requirements, the SHA1 cryptographic algorithm will be disabled or marked unapproved when running in FIPS mode.


=== Added <code>tuned</code> ===
==== Added <code>tuned</code> ====


The <code>tuned</code> package contains a daemon that tunes system settings dynamically.
The <code>tuned</code> package contains a daemon that tunes system settings dynamically.


=== Lightweight guard region support ===
==== Lightweight guard region support ====


This is a new feature in <code>madvise()</code> that installs a lightweight guard region into a specified address range.
This is a new feature in <code>madvise()</code> that installs a lightweight guard region into a specified address range.
Line 319: Line 321:
See [https://manpages.opensuse.org/Leap-16.0/man-pages/madvise.2.en.html#MADV_GUARD_INSTALL madvise() man page] for more information.
See [https://manpages.opensuse.org/Leap-16.0/man-pages/madvise.2.en.html#MADV_GUARD_INSTALL madvise() man page] for more information.


=== Harmless error messages sometimes displayed when launching some applications ===
==== Harmless error messages sometimes displayed when launching some applications ====


The following messages are sometimes displayed when launching specific applications:
The following messages are sometimes displayed when launching specific applications:
Line 334: Line 336:
These messages are harmless and can be ignored.
These messages are harmless and can be ignored.


=== NFS over TLS support ===
==== NFS over TLS support ====


NFS over TLS is now supported for storage traffic.
NFS over TLS is now supported for storage traffic.


=== <code>saptune</code> replaces <code>sapconf</code> ===
==== <code>saptune</code> replaces <code>sapconf</code> ====


In Leap 16.0, <code>sapconf</code> is replaced with <code>saptune</code>. <code>saptune</code> will also be enabled with a base tuning, similar to <code>sapconf</code>. Base tuning only will be enabled if <code>saptune</code> was not configured before (no SAP Notes or Solutions selected).
In Leap 16.0, <code>sapconf</code> is replaced with <code>saptune</code>. <code>saptune</code> will also be enabled with a base tuning, similar to <code>sapconf</code>. Base tuning only will be enabled if <code>saptune</code> was not configured before (no SAP Notes or Solutions selected).


=== Azure Entra ID authentication via <code>himmelblau</code> ===
==== Azure Entra ID authentication via <code>himmelblau</code> ====


The <code>himmelblau</code> package has been added. It provides interoperability with Microsoft Azure Entra ID and Intune. It supports Linux authentication to Microsoft Azure Entra ID via PAM and NSS modules.
The <code>himmelblau</code> package has been added. It provides interoperability with Microsoft Azure Entra ID and Intune. It supports Linux authentication to Microsoft Azure Entra ID via PAM and NSS modules.
Line 348: Line 350:
For more information see https://github.com/himmelblau-idm/himmelblau.
For more information see https://github.com/himmelblau-idm/himmelblau.


=== Legacy BIOS support ===
==== Legacy BIOS support ====


Legacy BIOS is still supported in openSUSE Leap 16.0. However, some features are not available when using it (for example, full-disk encryption with TPM). Finally, support for legacy BIOS will be discontinued in the future. For that reason we recommend switching to UEFI at the nearest opportunity.
Legacy BIOS is still supported in openSUSE Leap 16.0. However, some features are not available when using it (for example, full-disk encryption with TPM). Finally, support for legacy BIOS will be discontinued in the future. For that reason we recommend switching to UEFI at the nearest opportunity.


=== <code>/tmp</code> not persistent ===
==== <code>/tmp</code> not persistent ====


In openSUSE Leap 16.0, <code>/tmp</code> is no longer persistent between reboots but uses <code>tmpfs</code> instead. See https://susedoc.github.io/doc-modular/main/html/SLE-comparison/index.html#sle16-tmp for more information.
In openSUSE Leap 16.0, <code>/tmp</code> is no longer persistent between reboots but uses <code>tmpfs</code> instead. See https://susedoc.github.io/doc-modular/main/html/SLE-comparison/index.html#sle16-tmp for more information.


=== Python update strategy ===
==== Python update strategy ====


* <code>/usr/bin/python3</code> is currently set to use Python 3.13. In a future minor version update this is likely going to be changed to a newer Python version.
* <code>/usr/bin/python3</code> is currently set to use Python 3.13. In a future minor version update this is likely going to be changed to a newer Python version.
Line 362: Line 364:
* We have been working on removing the dependencies of packages and tools on the <code>/usr/bin/python3</code> binary, which means that openSUSE Leap could use a newer version of the Python interpreter in the future. This new Python interpreter will coexist with the previous version that will then be maintained as legacy interpreter for a limited time.
* We have been working on removing the dependencies of packages and tools on the <code>/usr/bin/python3</code> binary, which means that openSUSE Leap could use a newer version of the Python interpreter in the future. This new Python interpreter will coexist with the previous version that will then be maintained as legacy interpreter for a limited time.


=== Removal of 32-bit support ===
==== Removal of 32-bit support ====


openSUSE Leap 16.0 only supports 64-bit binaries. Support for 32-bit binaries (or 31-bit binaries on IBM Z) has been removed.
openSUSE Leap 16.0 only supports 64-bit binaries. Support for 32-bit binaries (or 31-bit binaries on IBM Z) has been removed.


This means that statically-linked 32-bit binaries (or 31-bit binaries on IBM Z) and container images cannot be run anymore. 32-bit syscalls are still enabled by default on arm64, and can be enabled on x86_64 via the kernel parameter <code>ia32_emulation</code>. On other architectures it’s disabled without any option to enable it.
This means that statically-linked 32-bit binaries (or 31-bit binaries on IBM Z) and container images cannot be run anymore. 32-bit syscalls are still enabled by default on arm64, and can be enabled on x86_64 via the kernel parameter <code>ia32_emulation</code>. On other architectures it's disabled without any option to enable it.


=== Compiling kernel uses non-default compiler ===
==== Compiling kernel uses non-default compiler ====


Customers who need to build kernel modules or rebuild the kernel must use the same compiler version the kernel was built with. The kernel is built with <code>gcc</code> version 13, which is not the default compiler. Install the <code>gcc</code> version 13 compiler using the gcc13 package and invoke it with the command <code>gcc-13</code>. This specific compiler version is only supported for building kernel modules and the kernel.
Customers who need to build kernel modules or rebuild the kernel must use the same compiler version the kernel was built with. The kernel is built with <code>gcc</code> version 13, which is not the default compiler. Install the <code>gcc</code> version 13 compiler using the gcc13 package and invoke it with the command <code>gcc-13</code>. This specific compiler version is only supported for building kernel modules and the kernel.


=== Optimized libraries for newer hardware architectures ===
==== Optimized libraries for newer hardware architectures ====


We have added support for the glibc-HWCAPS feature which loads optimized versions of libraries for specific newer CPUs automatically.
We have added support for the glibc-HWCAPS feature which loads optimized versions of libraries for specific newer CPUs automatically.
Line 411: Line 413:
* <code>zstd</code>
* <code>zstd</code>


=== No remote root login with password ===
==== No remote root login with password ====




Line 422: Line 424:
By default, remote password-based <code>root</code> login is disabled. The installer enables the <code>sshd</code> service only when an SSH key for root is configured during setup. To allow remote <code>root</code> login, configure an SSH key for root during installation.
By default, remote password-based <code>root</code> login is disabled. The installer enables the <code>sshd</code> service only when an SSH key for root is configured during setup. To allow remote <code>root</code> login, configure an SSH key for root during installation.


=== Default user group assignment changed ===
==== Default user group assignment changed ====


Previously, all user accounts belonged to a single <code>users</code> group.
Previously, all user accounts belonged to a single <code>users</code> group.
Line 433: Line 435:
:<code>find "$HOME" -group users -exec chgrp myuser {} \;</code> or <code>chgrp -R myuser "$HOME"</code> if you did not use any GID other than <code>users</code>
:<code>find "$HOME" -group users -exec chgrp myuser {} \;</code> or <code>chgrp -R myuser "$HOME"</code> if you did not use any GID other than <code>users</code>


=== SysV init.d scripts support ===
==== SysV init.d scripts support ====


SysV init.d scripts have been [https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP2/index.html#jsc-SLE-7690 deprecated since Leap 15 SP2].
SysV init.d scripts have been [https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP2/index.html#jsc-SLE-7690 deprecated since Leap 15 SP2].
Line 439: Line 441:
In Leap 16.0, support of SysV init.d scripts has been removed.
In Leap 16.0, support of SysV init.d scripts has been removed.


== Changes affecting all architectures (RC1) ==
=== Changes affecting all architectures (RC1) ===


This section contains information specific to RC1. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.
This section contains information specific to RC1. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.


=== <code>/etc/services</code> removal ===
==== <code>/etc/services</code> removal ====


The <code>/etc/services</code> file is just a dummy file that will be removed in the future. Software that appends to it without creating it should have its behavior changed.
The <code>/etc/services</code> file is just a dummy file that will be removed in the future. Software that appends to it without creating it should have its behavior changed.


== Changes affecting all architectures (Beta4) ==
=== Changes affecting all architectures (Beta4) ===


This section contains information specific to Beta4. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.
This section contains information specific to Beta4. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.


=== Configuring network interfaces during installation ===
==== Configuring network interfaces during installation ====


Currently, the installer does not allow for setting up network interfaces using the UI. However, in the meantime you can use dracut-like command-line options, for example:
Currently, the installer does not allow for setting up network interfaces using the UI. However, in the meantime you can use dracut-like command-line options, for example:
Line 460: Line 462:
Additionally, the <code>inst.copy_network</code> is not available in Beta4.
Additionally, the <code>inst.copy_network</code> is not available in Beta4.


=== SAP workloads on Leap 16.0 ===
==== SAP workloads on Leap 16.0 ====


For running SAP workloads on openSUSE Leap 16.0, do the following:
For running SAP workloads on openSUSE Leap 16.0, do the following:
Line 479: Line 481:
</ol>
</ol>


=== FIPS 140-3 not working properly ===
==== FIPS 140-3 not working properly ====


FIPS 140-3 installation has not been fully validated and may cause unexpected software failure or crashes. Therefore, we discourage you from using it on Beta4.
FIPS 140-3 installation has not been fully validated and may cause unexpected software failure or crashes. Therefore, we discourage you from using it on Beta4.


== Changes affecting all architectures (Beta3) ==
=== Changes affecting all architectures (Beta3) ===


This section contains information specific to Beta3. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.
This section contains information specific to Beta3. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.


=== Kernel crash in QEMU ===
==== Kernel crash in QEMU ====


openSUSE Leap 16.0 requires a CPU that supports a so-called "x86-64-v2" microarchitecture. Due to this, running a Leap image using QEMU currently results in a kernel crash.
openSUSE Leap 16.0 requires a CPU that supports a so-called "x86-64-v2" microarchitecture. Due to this, running a Leap image using QEMU currently results in a kernel crash.
Line 493: Line 495:
As a workaround you can run QEMU with the <code>-cpu host</code> argument.
As a workaround you can run QEMU with the <code>-cpu host</code> argument.


=== Missing <code>libnsl.so.1</code> library ===
==== Missing <code>libnsl.so.1</code> library ====


The <code>libnsl.so.1</code> library has been deprecated in SLES 15 and finally removed in openSUSE Leap 16.0.
The <code>libnsl.so.1</code> library has been deprecated in SLES 15 and finally removed in openSUSE Leap 16.0.
Line 499: Line 501:
As a workaround for applications that cannot be installed without it (but presumaly do not use it for anything), we provide the <code>libnsl-stub1</code> package that includes ABI-compatible but otherwise function-less stub of the library file.
As a workaround for applications that cannot be installed without it (but presumaly do not use it for anything), we provide the <code>libnsl-stub1</code> package that includes ABI-compatible but otherwise function-less stub of the library file.


=== <code>firewalld</code> not usable with many interfaces ===
==== <code>firewalld</code> not usable with many interfaces ====


Due to an upstream bug, <code>firewalld</code> might take a long time or time out when adding many interfaces. The error occurs when <code>firewalld</code> is restarted after applying such a configuration. The following message appears in the system logs:
Due to an upstream bug, <code>firewalld</code> might take a long time or time out when adding many interfaces. The error occurs when <code>firewalld</code> is restarted after applying such a configuration. The following message appears in the system logs:
Line 507: Line 509:
See https://github.com/firewalld/firewalld/issues/1399 for more information.
See https://github.com/firewalld/firewalld/issues/1399 for more information.


== Changes affecting all architectures (Beta2) ==
=== Changes affecting all architectures (Beta2) ===


This section contains information specific to Beta2. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.
This section contains information specific to Beta2. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.


=== Switch from YaST to Cockpit ===
==== Switch from YaST to Cockpit ====


openSUSE Leap 16.0 has switched from YaST to Cockpit for manual system administration. We have enhanced Cockpit with new modules with the intention to upstream them later. Despite being functional, bugs might appear and features might be missing.
openSUSE Leap 16.0 has switched from YaST to Cockpit for manual system administration. We have enhanced Cockpit with new modules with the intention to upstream them later. Despite being functional, bugs might appear and features might be missing.
Line 531: Line 533:
Installation of the pattern <code>cockpit</code> will pull in the following modules: <code>cockpit</code>, <code>cockpit-bridge</code>, <code>cockpit-networkmanager</code>, <code>cockpit-packagekit</code>, <code>cockpit-packages</code>, <code>cockpit-repos</code>, <code>cockpit-selinux</code>, <code>cockpit-storaged</code>, <code>cockpit-subscriptions</code>, <code>cockpit-system</code>, <code>cockpit-ws</code>.
Installation of the pattern <code>cockpit</code> will pull in the following modules: <code>cockpit</code>, <code>cockpit-bridge</code>, <code>cockpit-networkmanager</code>, <code>cockpit-packagekit</code>, <code>cockpit-packages</code>, <code>cockpit-repos</code>, <code>cockpit-selinux</code>, <code>cockpit-storaged</code>, <code>cockpit-subscriptions</code>, <code>cockpit-system</code>, <code>cockpit-ws</code>.


=== <code>dovecot 2.4</code> configuration upgrade ===
==== <code>dovecot 2.4</code> configuration upgrade ====


In openSUSE Leap 16.0 <code>dovecot</code> has been upgraded to version 2.4. The configuration of this version is incompatible with the previous versions.
In openSUSE Leap 16.0 <code>dovecot</code> has been upgraded to version 2.4. The configuration of this version is incompatible with the previous versions.
Line 537: Line 539:
Configuration has to be updated manually. For more information see https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html.
Configuration has to be updated manually. For more information see https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html.


== Changes affecting all architectures (Beta1) ==
=== Changes affecting all architectures (Beta1) ===


This section contains information specific to Beta1. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.
This section contains information specific to Beta1. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.


=== Disk configuration UI during installation ===
==== Disk configuration UI during installation ====


Currently, choosing disk configurations other than "An existing disk" (installation to a single disk) suffer from poor usability. This is expected to change in a future update.
Currently, choosing disk configurations other than "An existing disk" (installation to a single disk) suffer from poor usability. This is expected to change in a future update.


=== Non-functioning <code>zypper</code> after installation ===
==== Non-functioning <code>zypper</code> after installation ====


There is currently a known issue that adds a non-functioning <code>zypper</code> repository which prevents <code>zypper</code> from working correctly.
There is currently a known issue that adds a non-functioning <code>zypper</code> repository which prevents <code>zypper</code> from working correctly.
Line 556: Line 558:
# Run <code>zypper refresh</code> to refresh the added repository.
# Run <code>zypper refresh</code> to refresh the added repository.


=== systemd uses cgroup v2 by default ===
==== systemd uses cgroup v2 by default ====


openSUSE Leap 16.0 uses cgroup v2 by default and v1 is unsupported. If you need to use cgroup v1, SLES 15 SP6 can be switched to hybrid mode using a boot parameter.
openSUSE Leap 16.0 uses cgroup v2 by default and v1 is unsupported. If you need to use cgroup v1, SLES 15 SP6 can be switched to hybrid mode using a boot parameter.


== x86-64-specific changes ==
=== x86-64-specific changes ===


Information in this section applies to the x86-64 architecture.
Information in this section applies to the x86-64 architecture.


=== AMD EPYC Turin automonous frequency scaling ===
==== AMD EPYC Turin automonous frequency scaling ====


In Leap 16.0, the default Linux CPU frequency scaling driver for AMD EPYC Turin (and later processors) has shifted to the AMD P-State driver to enable autonomous frequency scaling.
In Leap 16.0, the default Linux CPU frequency scaling driver for AMD EPYC Turin (and later processors) has shifted to the AMD P-State driver to enable autonomous frequency scaling.
Line 570: Line 572:
With the AMD P-State driver, it enables the use of the Energy Performance Preference (EPP) for more granular control over performance versus power efficiency to adjust the CPU frequencies based on workload and hardware feedback dynamically.
With the AMD P-State driver, it enables the use of the Energy Performance Preference (EPP) for more granular control over performance versus power efficiency to adjust the CPU frequencies based on workload and hardware feedback dynamically.


== IBM Z-specific changes (s390x) ==
=== IBM Z-specific changes (s390x) ===


Information in this section applies to openSUSE Leap for IBM Z 16.0. For more information, see https://www.ibm.com/docs/en/linux-on-systems?topic=distributions-suse-linux-enterprise-server
Information in this section applies to openSUSE Leap for IBM Z 16.0. For more information, see https://www.ibm.com/docs/en/linux-on-systems?topic=distributions-suse-linux-enterprise-server


=== Hardware ===
==== Hardware ====


* Support has been added for IBM z17 in <code>kernel</code> providing machine name, kconfig options, new instructions, etc.
* Support has been added for IBM z17 in <code>kernel</code> providing machine name, kconfig options, new instructions, etc.
Line 592: Line 594:
* Upgrade Mellanox (mlx5) driver to latest version
* Upgrade Mellanox (mlx5) driver to latest version


=== Performance ===
==== Performance ====


* LPAR level power consumption reporting is now available in kernel and s390-tools.
* LPAR level power consumption reporting is now available in kernel and s390-tools.


=== Security ===
==== Security ====


==== In-kernel crypto support ====
===== In-kernel crypto support =====


With this service pack are additionally supported:
With this service pack are additionally supported:
Line 607: Line 609:
* MSA 10 XTS crypto PAES support for in-kernel crypto
* MSA 10 XTS crypto PAES support for in-kernel crypto


==== OpenSSL features ====
===== OpenSSL features =====


This release brings these features and improvements:
This release brings these features and improvements:
Line 617: Line 619:
* Upgrade openssl-ibmca to the latest version
* Upgrade openssl-ibmca to the latest version


==== openCryptoki ====
===== openCryptoki =====


* The new version of <code>libica</code> and <code>libzpc</code> is included.
* The new version of <code>libica</code> and <code>libzpc</code> is included.
* The openCryptoki CCA Token is now available on x86_64 and ppc64le architectures.
* The openCryptoki CCA Token is now available on x86_64 and ppc64le architectures.


==== p11-kit =====
===== p11-kit =====


* Add support for IBM specific attributes and mechanisms to the PKCS11 client-server implementation of p11-kit.
* Add support for IBM specific attributes and mechanisms to the PKCS11 client-server implementation of p11-kit.


==== pkey ====
===== pkey =====


* The kernel pkey module can now generate keys AES-XTS keys (MSA 10) and HMAC key (MSA 11) from clear keys.
* The kernel pkey module can now generate keys AES-XTS keys (MSA 10) and HMAC key (MSA 11) from clear keys.
Line 632: Line 634:
* The pkey also supports EP11 API ordinal 6 for secure guests.
* The pkey also supports EP11 API ordinal 6 for secure guests.


==== zcrypt =====
===== zcrypt =====


* The zcrypt extends error recovery to deal with device scans of unavailable devices.
* The zcrypt extends error recovery to deal with device scans of unavailable devices.


=== Virtualization ===
==== Virtualization ====


* KVM guests can exploit z17 & LinuxONE 5 CPU features
* KVM guests can exploit z17 & LinuxONE 5 CPU features
Line 654: Line 656:
* KVM improves memory reclaiming for z15 Secure Execution guests and above (libvirt)
* KVM improves memory reclaiming for z15 Secure Execution guests and above (libvirt)


=== Miscellaneous ===
==== Miscellaneous ====


* <code>plymouth</code> was replaced by <code>blog</code> on s390x, as <code>plymouth</code> couldn't work without graphical display.
* <code>plymouth</code> was replaced by <code>blog</code> on s390x, as <code>plymouth</code> couldn't work without graphical display.
Line 660: Line 662:
* Allow <code>httpd</code> customers to protect their web server identity using HSMs (via CryptoExpress adapters).
* Allow <code>httpd</code> customers to protect their web server identity using HSMs (via CryptoExpress adapters).


==== Enhancements in <code>s390-tools</code> ====
===== Enhancements in <code>s390-tools</code> =====


The latest s390-tool update brings these noticeable changes:
The latest s390-tool update brings these noticeable changes:
Line 666: Line 668:
* A new tool cpacinfo shall provide information on CPACF including the supported MSA levels, instructions, subfunctions per instruction. https://www.ibm.com/docs/en/linux-on-systems?topic=hw-cpacf
* A new tool cpacinfo shall provide information on CPACF including the supported MSA levels, instructions, subfunctions per instruction. https://www.ibm.com/docs/en/linux-on-systems?topic=hw-cpacf


==== <code>parmfile</code> now points to ISO ====
===== <code>parmfile</code> now points to ISO =====


Previously, <code>parmfile</code> would point to a directory of unpacked files.
Previously, <code>parmfile</code> would point to a directory of unpacked files.
Line 677: Line 679:
For more information see https://agama-project.github.io/docs/user/boot_options.
For more information see https://agama-project.github.io/docs/user/boot_options.


==== Disk selection UI problems during installation ====
===== Disk selection UI problems during installation =====


If you want to enable a disk, click on ''Storage'' in the left panel, then ''Install new system on'' and choose "storage techs". Then you can choose a type of disk. This can be avoided if you have defined your <code>parmfile</code> as described in Section 3.13.5.2, "<code>parmfile</code> now points to ISO".
If you want to enable a disk, click on ''Storage'' in the left panel, then ''Install new system on'' and choose "storage techs". Then you can choose a type of disk. This can be avoided if you have defined your <code>parmfile</code> as described in Section "[[#parmfile now points to ISO|<code>parmfile</code> now points to ISO]]".


If you choose DASD, you should see disks based on your <code>parmfile</code> and <code>cio_ignore</code> configuration. Then choose a disk and activate it by clicking ''Perform an action'' and then ''Activate''. This can take a moment. If it is not visible, then you need to click on Storage or refresh the page.
If you choose DASD, you should see disks based on your <code>parmfile</code> and <code>cio_ignore</code> configuration. Then choose a disk and activate it by clicking ''Perform an action'' and then ''Activate''. This can take a moment. If it is not visible, then you need to click on Storage or refresh the page.
Line 685: Line 687:
In the ''zFCP'' section, after activating a disk a gray line will appear. This is just a visual bug, the disk will activate correctly.
In the ''zFCP'' section, after activating a disk a gray line will appear. This is just a visual bug, the disk will activate correctly.


==== Installation failure on zVM ====
===== Installation failure on zVM =====


Due to a change from <code>linuxrc</code> to <code>dracut</code>, the <code>parmfile</code> needs to define not only installation source but also a network and disks.
Due to a change from <code>linuxrc</code> to <code>dracut</code>, the <code>parmfile</code> needs to define not only installation source but also a network and disks.
Line 697: Line 699:
  live.password=linux rd.zdev=dasd,0.0.0160
  live.password=linux rd.zdev=dasd,0.0.0160


== POWER-specific changes (ppc64le) ==
=== POWER-specific changes (ppc64le) ===


Information in this section applies to openSUSE Leap for POWER 16.0.
Information in this section applies to openSUSE Leap for POWER 16.0.


=== KVM guests in LPAR ===
==== KVM guests in LPAR ====


The ability to run KVM Guests in an LPAR is a new feature in PowerVM Firmware 1060.10 release and supported in openSUSE Leap 16.0. This enables users to run KVM guests in a PowerVM LPAR bringing industry standard Linux KVM virtualization stack to IBM PowerVM, which easily integrates with existing Linux virtualization ecosystem. This enables a lot of interesting usecases which were earlier difficult to realize in a PowerVM LPAR.
The ability to run KVM Guests in an LPAR is a new feature in PowerVM Firmware 1060.10 release and supported in openSUSE Leap 16.0. This enables users to run KVM guests in a PowerVM LPAR bringing industry standard Linux KVM virtualization stack to IBM PowerVM, which easily integrates with existing Linux virtualization ecosystem. This enables a lot of interesting usecases which were earlier difficult to realize in a PowerVM LPAR.
Line 707: Line 709:
KVM in a PowerVM LPAR is a new type of LPAR (logical partition) that allows the openSUSE Leap 16.0 kernel to host KVM guests inside an LPAR on PowerVM. A KVM enabled LPAR allows standard Linux KVM tools (for example, <code>virsh</code>) to create and manage lightweight Linux Virtual Machines (VM). A KVM Linux LPAR uses dedicated cores which enables Linux to have full control of when Linux VMs are scheduled to run, just like KVM on other platforms.
KVM in a PowerVM LPAR is a new type of LPAR (logical partition) that allows the openSUSE Leap 16.0 kernel to host KVM guests inside an LPAR on PowerVM. A KVM enabled LPAR allows standard Linux KVM tools (for example, <code>virsh</code>) to create and manage lightweight Linux Virtual Machines (VM). A KVM Linux LPAR uses dedicated cores which enables Linux to have full control of when Linux VMs are scheduled to run, just like KVM on other platforms.


=== Login times out on HMC virtual terminal ===
==== Login times out on HMC virtual terminal ====


If you install openSUSE Leap for POWER with the GNOME desktop on LPAR and try to login via the HMC virtual terminal, the login may time out while entering your credentials.
If you install openSUSE Leap for POWER with the GNOME desktop on LPAR and try to login via the HMC virtual terminal, the login may time out while entering your credentials.
Line 713: Line 715:
To work around this issue, disable the Plymouth graphical boot screen by appending the boot parameter <code>plymouth.enable=0</code> to the kernel command line.
To work around this issue, disable the Plymouth graphical boot screen by appending the boot parameter <code>plymouth.enable=0</code> to the kernel command line.


== Arm-specific changes (AArch64) ==
=== Arm-specific changes (AArch64) ===


=== System-on-Chip driver enablement ===
==== System-on-Chip driver enablement ====


Leap 16.0 includes driver enablement for the following System-on-Chip (SoC) chipsets:
Leap 16.0 includes driver enablement for the following System-on-Chip (SoC) chipsets:
Line 744: Line 746:
Check for SUSE ''YES!'' certified systems, which have undergone compatibility testing.
Check for SUSE ''YES!'' certified systems, which have undergone compatibility testing.


== Virtualization ==
=== Virtualization ===


* iSCSI boot support is disabled in OVMF images.
* iSCSI boot support is disabled in OVMF images.


=== QEMU ===
==== QEMU ====


QEMU has been updated to version 10.0.2, full list of changes are available at https://wiki.qemu.org/ChangeLog/10.0
QEMU has been updated to version 10.0.2, full list of changes are available at https://wiki.qemu.org/ChangeLog/10.0
Line 756: Line 758:
* Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html
* Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html


=== libvirt ===
==== libvirt ====


<code>libvirt</code> has been updated to version 11.4.0, this includes many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-4-0-2025-06-02.
<code>libvirt</code> has been updated to version 11.4.0, this includes many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-4-0-2025-06-02.
Line 762: Line 764:
<code>libvirt</code> provides now a modular daemons.
<code>libvirt</code> provides now a modular daemons.


=== VMware ===
==== VMware ====


==== <code>open-vm-tools</code> ====
===== <code>open-vm-tools</code> =====


<code>open-vm-tools</code> has been updated to version 13.0.0 that addresses a few critical problems and bug fixes. See https://github.com/vmware/open-vm-tools/blob/stable-13.0.0/ReleaseNotes.md.
<code>open-vm-tools</code> has been updated to version 13.0.0 that addresses a few critical problems and bug fixes. See https://github.com/vmware/open-vm-tools/blob/stable-13.0.0/ReleaseNotes.md.


=== Confidential Computing ===
==== Confidential Computing ====


==== <code>sevctl</code> ====
===== <code>sevctl</code> =====


The <code>sevctl</code> package has been updated to version 0.6.0.
The <code>sevctl</code> package has been updated to version 0.6.0.


==== <code>snpguest</code> ====
===== <code>snpguest</code> =====


The <code>snpguest</code> package has been updated to version 0.9.1. Full list of changes is available at: https://github.com/virtee/snpguest/compare/v0.7.1…​v0.9.1
The <code>snpguest</code> package has been updated to version 0.9.1. Full list of changes is available at: https://github.com/virtee/snpguest/compare/v0.7.1…​v0.9.1


==== <code>snphost</code> ====
===== <code>snphost</code> =====


The <code>snphost</code> package version 0.6.0 has been added.
The <code>snphost</code> package version 0.6.0 has been added.


==== Intel TDX Confidential Computing ====
===== Intel TDX Confidential Computing =====


In openSUSE Leap 16.0 the kernel now incorporates the latest upstream Intel Trust Domain Extensions (TDX) patches. This significant update prepares the virtualization toolstack for Intel TDX confidential computing capabilities.
In openSUSE Leap 16.0 the kernel now incorporates the latest upstream Intel Trust Domain Extensions (TDX) patches. This significant update prepares the virtualization toolstack for Intel TDX confidential computing capabilities.
Line 796: Line 798:




==== Enhanced VM Security with AMD SEV-SNP ====
===== Enhanced VM Security with AMD SEV-SNP =====


AMD SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging) is a hardware security feature in AMD EPYC processors that provides a highly secure and confidential environment for virtual machines (VMs). It offers strong memory confidentiality through per-VM encryption keys and AES encryption, and crucially, robust memory integrity protection to prevent tampering from the hypervisor or other threats. It also provides enhanced isolation and remote attestation capabilities, making it ideal for protecting sensitive data and workloads in untrusted environments like cloud computing. This release fully integrates AMD SEV-SNP for KVM-based virtual machines. This means integrated support in our kernel, along with updated QEMU, Libvirt, and OVMF Firmware. To use AMD SEV-SNP, you’ll need, AMD EPYC™ 3rd Gen Processors (Milan) or newer and SEV-SNP enabled in your system’s BIOS/UEFI.
AMD SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging) is a hardware security feature in AMD EPYC processors that provides a highly secure and confidential environment for virtual machines (VMs). It offers strong memory confidentiality through per-VM encryption keys and AES encryption, and crucially, robust memory integrity protection to prevent tampering from the hypervisor or other threats. It also provides enhanced isolation and remote attestation capabilities, making it ideal for protecting sensitive data and workloads in untrusted environments like cloud computing. This release fully integrates AMD SEV-SNP for KVM-based virtual machines. This means integrated support in our kernel, along with updated QEMU, Libvirt, and OVMF Firmware. To use AMD SEV-SNP, you'll need, AMD EPYC™ 3rd Gen Processors (Milan) or newer and SEV-SNP enabled in your system's BIOS/UEFI.


=== Others ===
==== Others ====


==== <code>numatop</code> ====
===== <code>numatop</code> =====


<code>numatop</code> is available in version 2.5, adding support for Intel GNR and SRF platforms.
<code>numatop</code> is available in version 2.5, adding support for Intel GNR and SRF platforms.


==== <code>numactl</code> ====
===== <code>numactl</code> =====


<code>numactl</code> is shipped in version 2.0.19. Full changes at: https://github.com/numactl/numactl/releases/tag/v2.0.19
<code>numactl</code> is shipped in version 2.0.19. Full changes at: https://github.com/numactl/numactl/releases/tag/v2.0.19


==== <code>libguestfs</code> ====
===== <code>libguestfs</code> =====


<code>libguestfs</code> has been updated to version 1.55.13.
<code>libguestfs</code> has been updated to version 1.55.13.


==== <code>virt-v2v</code> ====
===== <code>virt-v2v</code> =====


Update to version 2.7.16. While there are no dedicated release notes, you can review the code changes in Github: https://github.com/libguestfs/virt-v2v/tree/v2.7.16
Update to version 2.7.16. While there are no dedicated release notes, you can review the code changes in Github: https://github.com/libguestfs/virt-v2v/tree/v2.7.16
Line 821: Line 823:
* Various fixes
* Various fixes


==== <code>virtiofsd</code> ====
===== <code>virtiofsd</code> =====


The <code>virtiofsd</code> has been updated to 1.12.0.
The <code>virtiofsd</code> has been updated to 1.12.0.


==== <code>virt-manager</code> ====
===== <code>virt-manager</code> =====


<code>virt-manager</code> is now shipped in version 5.0.0. Its preferable to setup VNC for remote viewing and do all the XML editing using the <code>virsh</code> command. Full list of changes is available at https://github.com/virt-manager/virt-manager/releases/tag/v5.0.0
<code>virt-manager</code> is now shipped in version 5.0.0. Its preferable to setup VNC for remote viewing and do all the XML editing using the <code>virsh</code> command. Full list of changes is available at https://github.com/virt-manager/virt-manager/releases/tag/v5.0.0


==== virt-bridge-setup ====
===== virt-bridge-setup =====


virt-bridge-setup is a script designed to simplify network bridge creation on a specified interface using nmcli. It was developed as a replacement for the automatic "yast2 virtualization" bridge creation and is particularly useful for setting up virtualization environments.
virt-bridge-setup is a script designed to simplify network bridge creation on a specified interface using nmcli. It was developed as a replacement for the automatic "yast2 virtualization" bridge creation and is particularly useful for setting up virtualization environments.
Line 838: Line 840:
* The script should be run locally (not remotely) immediately after installation and before any custom network configurations.
* The script should be run locally (not remotely) immediately after installation and before any custom network configurations.


== Removed and deprecated features and packages ==
=== Removed and deprecated features and packages ===


This section lists features and packages that were removed from openSUSE Leap or will be removed in upcoming versions.
This section lists features and packages that were removed from openSUSE Leap or will be removed in upcoming versions.


=== Removed features and packages ===
==== Removed features and packages ====


The following features and packages have been removed in this release.
The following features and packages have been removed in this release.


* Xorg server has been removed. Only Wayland is supported for graphical display. X11 applications compatibility is provided via XWayland.
* Xorg server has been removed. Only Wayland is supported for graphical display. X11 applications compatibility is provided via XWayland.
* <code>sapconf</code> has been removed. See Section 3.6.7, "<code>saptune</code> replaces <code>sapconf</code>" for more info.
* <code>sapconf</code> has been removed. See Section "[[#saptune replaces sapconf|<code>saptune</code> replaces <code>sapconf</code>]]" for more info.
* YaST has been removed. See Section 3.10.1, "Switch from YaST to Cockpit" for more info.
* YaST has been removed. See Section "[[#Switch from YaST to Cockpit|Switch from YaST to Cockpit]]" for more info.
* WSL1 is not supported anymore
* WSL1 is not supported anymore
* The Xen hypervisor was removed in favor of KVM. You no longer run SLE 16 as Xen host or as paravirtualized guest (PV). Running SLE 16 as fully virtualized Xen guest (HVM) or using using hardware virtualization features (PVH) is still possible.
* The Xen hypervisor was removed in favor of KVM. You no longer run SLE 16 as Xen host or as paravirtualized guest (PV). Running SLE 16 as fully virtualized Xen guest (HVM) or using using hardware virtualization features (PVH) is still possible.
Line 858: Line 860:
* <code>ansible-9</code> and <code>ansible-core-2.16</code>
* <code>ansible-9</code> and <code>ansible-core-2.16</code>
* <code>criu</code>
* <code>criu</code>
* Section 3.6.17, "SysV init.d scripts support"
* Section "[[#SysV init.d scripts support|SysV init.d scripts support]]"
* <code>compat-libpthread-nonshared</code>
* <code>compat-libpthread-nonshared</code>
* <code>crun</code> has been removed. Use <code>runc</code> instead.
* <code>crun</code> has been removed. Use <code>runc</code> instead.


== Deprecated features and packages ==
=== Deprecated features and packages ===


The following features and packages are deprecated and will be removed in a future version of openSUSE Leap.
The following features and packages are deprecated and will be removed in a future version of openSUSE Leap.
* The 2MB OVMF image will be deprecated and removed in openSUSE Leap 16.1.
* The 2MB OVMF image will be deprecated and removed in openSUSE Leap 16.1.


=== nmap deprecation notice ===
==== nmap deprecation notice ====


The nmap project has moved to a new source license that makes future releases of nmap incompatible with our product.
The nmap project has moved to a new source license that makes future releases of nmap incompatible with our product.
Line 873: Line 875:
In Leap 16.0, we are shipping the latest version of nmap released under the old license. In an upcoming release we will switch to an alternative tool.
In Leap 16.0, we are shipping the latest version of nmap released under the old license. In an upcoming release we will switch to an alternative tool.


= Obtaining source code =
== Obtaining source code ==


This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://get.opensuse.org on Medium 2. For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Send requests by e-mail to sle_source_request@suse.com. SUSE may charge a reasonable fee to recover distribution costs.
This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://get.opensuse.org on Medium 2. For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Send requests by e-mail to sle_source_request@suse.com. SUSE may charge a reasonable fee to recover distribution costs.


= Legal notices =
== Legal notices ==


Copyright © 2025-2025 openSUSE contributors and SUSE LLC. All rights reserved.
Copyright © 2025-2025 openSUSE contributors and SUSE LLC. All rights reserved.


Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) Version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”.
Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) Version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled "GNU Free Documentation License".


This document includes content adapted from the SUSE Linux Enterprise release notes, contributed by the SUSE Documentation Team. Portions of the content are maintained by the openSUSE community.
This document includes content adapted from the SUSE Linux Enterprise release notes, contributed by the SUSE Documentation Team. Portions of the content are maintained by the openSUSE community.
Retrieved from "https://thinkserver.freddythechick.net/wiki/OpenSUSE_Leap_16.0_Release_Notes"