Chapter 2. What's new in Debian 9

Table of Contents

2.1. Supported architectures
2.2. What's new in the distribution?
2.2.1. CDs, DVDs, and BDs
2.2.2. Security

The Wiki has more information about this topic.

2.1. Supported architectures

Debian 8 introduces two new architectures:

  • arm64, 64-bit port for ARM machines.

  • ppc64el, 64-bit little-endian port for POWER machines.

The following are the officially supported architectures for Debian 9:

  • 32-bit PC ('i386') and 64-bit PC ('amd64')

  • 64-bit ARM ('arm64')

  • ARM EABI ('armel')

  • ARMv7 (EABI hard-float ABI, 'armhf')

  • MIPS ('mips' (big-endian) and 'mipsel' (little-endian))

  • PowerPC ('powerpc')

  • 64-bit little-endian PowerPC ('ppc64el')

  • IBM System z ('s390x')

Three architectures which were part of Debian 8 are not released with stretch.

  • As announced when Debian 8 was released, the 32-bit s390 port is discontinued and replaced with s390x.

  • In addition, the ports to IA-64 and Sparc had to be removed from this release due to insufficient developer support. Sparc had been a supported architecture in Debian since 2.1 (1999), while ia64 was introduced in Debian 3.0 (2002).

Finally, the Debian ports to the FreeBSD kernel, kfreebsd-amd64 and kfreebsd-i386, included as technology previews in Debian 6.0 and Debian 7, are not part of this release.

You can read more about port status, and port-specific information for your architecture at the Debian port web pages.

2.2. What's new in the distribution?

 TODO: Make sure you update the numbers in the .ent file 
     using the script found under ../

This new release of Debian again comes with a lot more software than its predecessor jessie; the distribution includes over 12253 new packages, for a total of over 43512 packages. Most of the software in the distribution has been updated: over 24573 software packages (this is 66% of all packages in jessie). Also, a significant number of packages (over 5441, 14% of the packages in jessie) have for various reasons been removed from the distribution. You will not see any updates for these packages and they will be marked as 'obsolete' in package management front-ends; see Section 4.10, “Obsolete packages”.

Debian again ships with several desktop applications and environments. Among others it now includes the desktop environments GNOME 3.14, KDE 4.11, Xfce 4.10, and LXDE.

Productivity applications have also been upgraded, including the office suites:

  • LibreOffice is upgraded to version 4.3;

  • Calligra is upgraded to 2.8;

  • GNUcash is upgraded to 2.6;

  • GNUmeric is upgraded to 1.12;

  • Abiword is upgraded to 3.0.

Updates of other desktop applications include the upgrade to Evolution 3.12.

Among many others, this release also includes the following software updates:

PackageVersion in 8 (jessie)Version in 9 (stretch)
BIND DNS Server9.89.9
Courier MTA0.680.73
Exim default e-mail server4.804.84
GNU Compiler Collection as default compiler4.7 on PCs, 4.6 elsewhere4.9
the GNU C library2.132.19
Linux kernel image3.2 series3.16 series
Postfix MTA2.92.11
Python 33.23.4
 TODO: (JFS) List other server software? RADIUS? Streaming ?

Debian supports Linux Standard Base (LSB) version 4.1, with one explicit and Debian-specific derogation from the LSB 4.1 specification: Qt3 is not included.

2.2.1. CDs, DVDs, and BDs

The official Debian distribution now ships on 9 to 10 binary DVDs or 75 to 85 binary CDs (depending on the architecture) and 10 source DVDs or 59 source CDs. Additionally, there is a multi-arch DVD, with a subset of the release for the amd64 and i386 architectures, along with the source code. Debian is also released as Blu-ray (BD) images, 2 each for the amd64 and i386 architectures, or 2 for the source code. For size reasons, some very large packages are omitted from the CD builds; these packages fit better in the DVD and BD builds, so are still included there.

2.2.2. Security

The legacy secure sockets layer protocol SSLv3 has been disabled in this release. Many system cryptography libraries as well as servers and client applications have been compiled or configured without support for this protocol.

The Linux kernel features a security mechanism which nullifies many symlink attacks. It is enabled in the Debian Linux kernel by default. /tmp-related bugs which are rendered non-exploitable by this mechanism are not treated as security vulnerabilities. If you use a custom Linux kernel you should enable it using a sysctl setting:

echo 1 > /proc/sys/fs/protected_symlinks

In some rare cases the security support for a package shipped in a Debian release needs to be terminated prior to the end of support for the full distribution. Jessie provides a new package (debian-security-support) which emits a warning if support for a package needs to be terminated in advance. It also documents packages where the scope of security support is limited. As such, it is recommended to install debian-security-support on all security-relevant systems.