Chapter 2. What's new in Debian 9

Table of Contents

2.1. Supported architectures
2.2. What's new in the distribution?
2.2.1. CDs, DVDs, and BDs
2.2.2. Security

The Wiki has more information about this topic.

2.1. Supported architectures

Support for 32-bit PCs no longer covers vanilla i586

The 32-bit PC support (known as the Debian architecture i386) now no longer covers a plain i586 processor. The new baseline is the i686, although some i586 processors (e.g. the "AMD Geode") will remain supported.

Please refer to Section 5.1.4, “Minimum requirements for 32-bit Intel is now i686 (with a minor exception)” for more information.

The following are the officially supported architectures for Debian 9:

  • 32-bit PC (i386) and 64-bit PC (amd64)

  • 64-bit ARM (arm64)

  • ARM EABI (armel)

  • ARMv7 (EABI hard-float ABI, armhf)

  • MIPS (mips (big-endian) and mipsel (little-endian))

  • PowerPC (powerpc)

  • 64-bit little-endian PowerPC (ppc64el)

  • IBM System z (s390x)

You can read more about port status, and port-specific information for your architecture at the Debian port web pages.

2.2. What's new in the distribution?

 TODO: Make sure you update the numbers in the .ent file 
     using the changes-release.pl script found under ../

This new release of Debian again comes with a lot more software than its predecessor jessie; the distribution includes over 12253 new packages, for a total of over 43512 packages. Most of the software in the distribution has been updated: over 24573 software packages (this is 66% of all packages in jessie). Also, a significant number of packages (over 5441, 14% of the packages in jessie) have for various reasons been removed from the distribution. You will not see any updates for these packages and they will be marked as "obsolete" in package management front-ends; see Section 4.8, “Obsolete packages”.

Debian again ships with several desktop applications and environments. Among others it now includes the desktop environments GNOME 3.14, KDE 4.11, Xfce 4.10, and LXDE.

Productivity applications have also been upgraded, including the office suites:

  • LibreOffice is upgraded to version 4.3;

  • Calligra is upgraded to 2.8;

  • GNUcash is upgraded to 2.6;

  • GNUmeric is upgraded to 1.12;

  • Abiword is upgraded to 3.0.

Updates of other desktop applications include the upgrade to Evolution 3.12.

Among many others, this release also includes the following software updates:

PackageVersion in 8 (jessie)Version in 9 (stretch)
Apache2.2.222.4.10
BIND DNS Server9.89.9
Courier MTA0.680.73
Dia0.97.20.97.3
Exim default e-mail server4.804.84
GNU Compiler Collection as default compiler4.7 on PCs, 4.6 elsewhere4.9
the GNU C library2.132.19
lighttpd1.4.311.4.35
Linux kernel image3.2 series3.16 series
OpenLDAP2.4.312.4.40
OpenSSH6.0p16.7p1
Perl5.145.20
PHP5.45.6
Postfix MTA2.92.11
PostgreSQL9.19.4
Python 33.23.4
Samba3.64.1
 TODO: (JFS) List other server software? RADIUS? Streaming ?

Debian supports Linux Standard Base (LSB) version 4.1, with one explicit and Debian-specific derogation from the LSB 4.1 specification: Qt3 is not included.

2.2.1. CDs, DVDs, and BDs

The official Debian distribution now ships on 9 to 10 binary DVDs or 75 to 85 binary CDs (depending on the architecture) and 10 source DVDs or 59 source CDs. Additionally, there is a multi-arch DVD, with a subset of the release for the amd64 and i386 architectures, along with the source code. Debian is also released as Blu-ray (BD) images, 2 each for the amd64 and i386 architectures, or 2 for the source code. For size reasons, some very large packages are omitted from the CD builds; these packages fit better in the DVD and BD builds, so are still included there.

2.2.2. Security

The legacy secure sockets layer protocol SSLv3 has been disabled in this release. Many system cryptography libraries as well as servers and client applications have been compiled or configured without support for this protocol.

The Linux kernel features a security mechanism which nullifies many symlink attacks. It is enabled in the Debian Linux kernel by default. /tmp-related bugs which are rendered non-exploitable by this mechanism are not treated as security vulnerabilities. If you use a custom Linux kernel you should enable it using a sysctl setting:

echo 1 > /proc/sys/fs/protected_symlinks

In some rare cases the security support for a package shipped in a Debian release needs to be terminated prior to the end of support for the full distribution. Jessie provides a new package (debian-security-support) which emits a warning if support for a package needs to be terminated in advance. It also documents packages where the scope of security support is limited. As such, it is recommended to install debian-security-support on all security-relevant systems.