Chapter 2. What's new in Debian 9

Table of Contents

2.1. Supported architectures
2.2. What's new in the distribution?
2.2.1. CDs, DVDs, and BDs
2.2.2. Security
2.2.3. MariaDB replaces MySQL
2.2.4. Improvements to apt and archive layouts
2.2.5. New deb.debian.org mirror
2.2.6. Move to "Modern" GnuPG
2.2.7. A new archive for debug symbols
2.2.8. New method for naming network interfaces

The Wiki has more information about this topic.

2.1. Supported architectures

Support for 32-bit PCs no longer covers vanilla i586

The 32-bit PC support (known as the Debian architecture i386) now no longer covers a plain i586 processor. The new baseline is the i686, although some i586 processors (e.g. the "AMD Geode") will remain supported.

Please refer to Section 5.1.8, “Minimum requirements for 32-bit Intel is now i686 (with a minor exception)” for more information.

The following are the officially supported architectures for Debian 9:

  • 32-bit PC (i386) and 64-bit PC (amd64)

  • 64-bit ARM (arm64)

  • ARM EABI (armel)

  • ARMv7 (EABI hard-float ABI, armhf)

  • MIPS (mips (big-endian) and mipsel (little-endian))

  • 64-bit little-endian MIPS (mips64el)

  • 64-bit little-endian PowerPC (ppc64el)

  • IBM System z (s390x)

You can read more about port status, and port-specific information for your architecture at the Debian port web pages.

2.2. What's new in the distribution?

 TODO: Make sure you update the numbers in the .ent file 
     using the changes-release.pl script found under ../

This new release of Debian again comes with a lot more software than its predecessor jessie; the distribution includes over 15346 new packages, for a total of over 51687 packages. Most of the software in the distribution has been updated: over 29859 software packages (this is 57% of all packages in jessie). Also, a significant number of packages (over 6739, 13% of the packages in jessie) have for various reasons been removed from the distribution. You will not see any updates for these packages and they will be marked as "obsolete" in package management front-ends; see Section 4.8, “Obsolete packages”.

Debian again ships with several desktop applications and environments. Among others it now includes the desktop environments GNOME 3.22, KDE 5.8, Xfce 4.12, MATE 1.16 and LXDE.

Productivity applications have also been upgraded, including the office suites:

  • LibreOffice is upgraded to version 5.2;

  • Calligra is upgraded to 2.9;

Updates of other desktop applications include the upgrade to Evolution 3.22.

Among many others, this release also includes the following software updates:

PackageVersion in 8 (jessie)Version in 9 (stretch)
BIND DNS Server9.99.10
Emacs24.424.5 and 25.1
Exim default e-mail server4.844.88
Firefox45.5 (AKA Iceweasel)50.0
GNU Compiler Collection as default compiler4.96.3
GnuPG1.42.1
Inkscape0.480.91
the GNU C library2.192.24
Linux kernel image3.16 series4.9 series
MariaDB10.010.1
MySQL5.5removed
Nginx1.61.10
OpenJDK78
OpenSSH6.7p17.4p1
Perl5.205.24
PHP5.67.0
Postfix MTA2.113.1
PostgreSQL9.49.6
Python 33.43.5
Samba4.14.5
Vim78
 TODO: (JFS) List other server software? RADIUS? Streaming ?

Debian supports Linux Standard Base (LSB) version 4.1, with one explicit and Debian-specific derogation from the LSB 4.1 specification: Qt3 is not included.

2.2.1. CDs, DVDs, and BDs

The official Debian distribution now ships on 12 to 14 binary DVDs (depending on the architecture) and 12 source DVDs. Additionally, there is a multi-arch DVD, with a subset of the release for the amd64 and i386 architectures, along with the source code. Debian is also released as Blu-ray (BD) and dual layer Blu-ray (DLBD) images for the amd64 and i386 architectures, and also for source code. Debian used to be released as a very large set of CDs for each architecture, but with the stretch release these have been dropped.

2.2.2. Security

For the stretch release, the Debian version of the GNU GCC 6 compiler now defaults to compiling "position independent executables" (PIE). Accordingly the vast majority of all executables will now have address space layout randomization" (ASLR), which is a mitigation for a number of exploits that are now probabilistic rather than deterministic.

2.2.3. MariaDB replaces MySQL

MariaDB is now the default MySQL variant in Debian, at version 10.1. The Stretch release introduces a new mechanism for switching the default variant, using metapackages created from the mysql-defaults source package. For example, installing the metapackage default-mysql-server will install mariadb-server-10.1. Users who had mysql-server-5.5 or mysql-server-5.6 will have it removed and replaced by the MariaDB equivalent. Similarly, installing default-mysql-client will install mariadb-client-10.1.

[Important]Important

Note that the database binary data file formats are not backwards compatible, so once you have upgraded to MariaDB 10.1 you will not be able to switch back to any previous version of MariaDB or MySQL unless you have a proper database dump. Therefore, before upgrading, please make backups of all important databases with an appropriate tool such as mysqldump.

The virtual-mysql-* and default-mysql-* packages will continue to exist. MySQL continues to be maintained in Debian, in the unstable release. See the Debian MySQL Team wiki page for current information about the mysql-related software available in Debian.

2.2.4. Improvements to apt and archive layouts

The apt package manager has seen a number of improvements since jessie. Most of these apply to aptitude as well. The following is a selected highlight of some of these.

On the security side, apt now rejects weaker checksums by default (e.g. SHA1) and attempts to download as an unprivileged user. Please refer to Section 5.3.2.3, “New requirements for APT repository” and Section 5.3.2.1, “APT now fetches files with an unprivileged user ("_apt")” for more information.

The apt-based package managers have also gotten a number of improvements that will remove the annoying "hash sum mismatch" warning that occurs when running apt during a mirror synchronisation. This happens via the new by-hash layout, which enables apt to download metadata files by their content hash.

If you use third-party repositories, you may still experience these intermittent issues, if the vendor does not provide the by-hash layout. Please recommend them to adopt this layout change. A very short technical description is available in the Repository format description

While possibly mostly interesting for mirror administrators, apt in stretch can use DNS (SRV) records to locate a HTTP backend. This is useful for providing a simple DNS name and then managing backends via DNS rather than using a "redirector" service. This feature is also used by the new Debian mirror described in Section 2.2.5, “New deb.debian.org mirror”.

2.2.5. New deb.debian.org mirror

Debian now provides a new additional service called deb.debian.org. It provides the content of the main archive, the security archive, ports and even our new debug archive (see Section 2.2.7, “A new archive for debug symbols”) under a single easy to remember hostname.

This service relies on the new DNS support in apt, but will fallback to a regular redirect for HTTPS access or older versions of apt. More details are provided on deb.debian.org.

Thanks to Fastly and Amazon CloudFront for sponsoring the CDN backends behind this service.

2.2.6. Move to "Modern" GnuPG

The stretch release is the first version of Debian to feature the "Modern" branch of GnuPG in the gnupg package. This brings with it elliptic curve cryptography, better defaults, a more modular architecture, and improved smartcard support. The modern branch also explicitly does not support some older, known-broken formats (like PGPv3). See /usr/share/doc/gnupg/README.Debian for more information.

We will continue to supply the "classic" branch of GnuPG as gnupg1 for people who need it, but it is now deprecated.

2.2.7. A new archive for debug symbols

[Note]Note

This section is mostly interesting for developers or if you wish to attach a full stack trace to a crash report.

Previously, the main debian archive would include packages containg debug symbols for selected libraries or programs. With stretch, most of these have been moved to a separate archive called the "debian-debug" archive. This archive contains the debug symbol packages for the vast majority of all packages provided by Debian.

If you want to fetch such debug packages, please include the following in your apt sources:

deb http://debug.mirrors.debian.org/debian-debug/ stretch-debug main

Alternatively, you can also fetch them from snapshot.debian.org.

Once enabled, you can now fetch debug symbols for the package in question by installing pkg-dbgsym. Please note that individual packages may still provide a pkg-dbg package in the main archive instead of the new dbgsym.

2.2.8. New method for naming network interfaces

The installer and newly installed systems will use a different naming scheme for network interfaces instead of eth0, eth1 etc. The old naming method suffered from enumeration race conditions that made it possible for interface names to change unexpectedly and is incompatible with mounting the root filesystem read-only. The new enumeration method relies on more sources of information, to produce a more repeatable outcome. It uses the firmware/BIOS provided index numbers and then tries PCI card slot numbers, producing names like ens0 or enp1s1 (ethernet) or wlp3s0 (wlan). USB devices, which can be added to the system at any time, will have names based upon their ethernet MAC addresses.

This change does not apply to upgrades of jessie systems, the naming will continue to be enforced by /etc/udev/rules.d/70-persistent-net.rules. For more information, see /usr/share/doc/udev/README.Debian.gz or the upstream documentation.