Table of Contents
Sometimes, changes introduced in a new release have side-effects we cannot reasonably avoid, or they expose bugs somewhere else. This section documents issues we are aware of. Please also read the errata, the relevant packages' documentation, bug reports, and other information mentioned in Section 6.1, “Further reading”.
This section covers items related to the upgrade from buster to bullseye.
For Intel GPUs available with Broadwell and newer, the Video Acceleration
API (VA-API) implementation now defaults to
intel-media-va-driver
for hardware
accelerated video decoding. Systems which have
va-driver-all
installed will
automatically be upgraded to the new driver.
The legacy driver package i965-va-driver
is still available and offers support up to the Cannon Lake micro
architecture. To prefer the legacy driver over the new default one, set
the environment variable LIBVA_DRIVER_NAME
to
i965
, for instance by setting the variable in
/etc/environment
. For more information, please see
the Wiki's page on
hardware
video acceleration.
Support for the barrier
and
nobarrier
mount options has been removed from
the XFS file system. It is recommended to check
/etc/fstab
for the presence of either
keyword and remove it. Partitions using these options will fail
to mount.
For bullseye, the security suite is now named
bullseye-security
instead of
buster/updates
and users should adapt their
APT source-list files accordingly when upgrading.
The security line in your APT configuration may look like:
deb https://deb.debian.org/debian-security bullseye-security main contrib
The default password hash for local system accounts has been changed to yescrypt. This is expected to provide improved security against dictionary-based password guessing attacks, in terms of both the space and time complexity of the attack.
To take advantage of this improved security, change local passwords; for example use the passwd command.
Old passwords will continue to work using whatever password hash was used to create them.
Yescrypt is not supported by Debian 10 (buster). As a result,
shadow password files (/etc/shadow
) cannot be
copied from a bullseye system back to a buster system. If these
files are copied, passwords that have been changed on the bullseye
system will not work on the buster system. Similarly, password
hashes cannot be cut&pasted from a bullseye to a buster system.
If compatibility is required for password hashes between bullseye
and buster, modify
/etc/pam.d/common-password
. Find the line
that looks like:
password [success=1 default=ignore] pam_unix.so obscure yescrypt
and replace yescrypt
with sha512
.
NSS NIS and NIS+ support
has been moved to separate packages called libnss-nis
and libnss-nisplus
. Unfortunately,
glibc
can't depend on
those packages, so they are now only recommended.
On systems using NIS or NIS+, it is therefore recommended to check that those packages are correctly installed after the upgrade.
The DNS resolver unbound
has changed the way it handles configuration file fragments. If
you are relying on an include:
directive to
merge several fragments into a valid configuration, you should
read the
NEWS file.
The rsync
parameters
--copy-devices
and --noatime
have been renamed to --write-devices
and
--open-noatime
. The old forms are no longer
supported; if you are using them you should see the
NEWS file. Transfer processes between systems running different
Debian releases may require the buster side to be upgraded to a version
of rsync
from the backports
repository.
The addons for vim
historically provided by vim-scripts
are now managed by Vim's
native “package” functionality rather than by
vim-addon-manager
. Vim
users should prepare before upgrading by following the
instructions in the
NEWS file.
OpenStack Victoria (released in bullseye) requires cgroup v1 for
block device QoS. Since bullseye also changes to using cgroupv2
by default (see Section 2.2.3, “Control groups v2”), the sysfs tree in
/sys/fs/cgroup
will not include cgroup v1
features such as /sys/fs/cgroup/blkio
, and
as a result cgcreate -g blkio:foo will
fail. For OpenStack nodes running nova-compute
or cinder-volume
, it is strongly
advised to add the parameters
systemd.unified_cgroup_hierarchy=false
and
systemd.legacy_systemd_cgroup_controller=false
to the kernel command line in order to override the default and
restore the old cgroup hierarchy.
The following is a list of known and noteworthy obsolete packages (see Section 4.8, “Obsolete packages” for a description).
The list of obsolete packages includes:
The lilo
package
has been removed from bullseye. The successor of lilo as
boot loader is grub2
.
The Mailman mailing list manager suite version 3 is the only available
version of Mailman in this release. Mailman has been split up into
various components; the core is available in the package mailman3
and the full suite can be
obtained via the mailman3-full
metapackage.
The legacy Mailman version 2.1 is no longer available (this used to be
the package mailman
). This branch
depends on Python 2 which is no longer available in Debian.
For upgrading instructions, please see the project's migration documentation.
The Linux kernel no longer provides
isdn4linux
(i4l) support.
Consequently, the related userland packages isdnutils
, isdnactivecards
, drdsl
and ibod
have been removed from
the archives.
The deprecated libappindicator libraries are no longer
provided. As a result, the related packages libappindicator1
, libappindicator3-1
and
libappindicator-dev
are no
longer available. This is expected to cause dependency
errors for third-party software that still depends on
libappindicator to provide system tray and indicator
support.
Debian is using libayatana-appindicator
as the
successor of libappindicator. For technical background see
this
announcement.
Debian no longer provides chef
. If you use Chef for configuration
management, the best upgrade path is probably to switch to using
the packages provided by Chef
Inc.
For background on the removal, see the removal request.
With the next release of Debian 12 (codenamed bookworm) some features will be deprecated. Users will need to migrate to other alternatives to prevent trouble when updating to Debian 12.
This includes the following features:
Python 2 is already beyond its End Of Life, and will receive
no security updates. It is not supported for running
applications. However, Debian bullseye does still include a
version of Python 2.7, as well as a small number of Python 2
build tools such as python-setuptools
. These are
present only because they are required for a few application
build processes that have not yet been converted to Python
3.
The historical justifications for the filesystem layout with
/bin
, /sbin
, and
/lib
directories separate from their
equivalents under /usr
no longer apply
today; see the Freedesktop.org
summary. Debian bullseye will be the last Debian
release that supports the non-merged-usr layout; for systems
with a legacy layout that have been upgraded without a
reinstall, the usrmerge
package exists to do
the conversion if desired.
There are some packages where Debian cannot promise to provide minimal backports for security issues. These are covered in the following subsections.
In most cases, packages should upgrade smoothly between buster and bullseye. There are a small number of cases where some intervention may be required, either before or during the upgrade; these are detailed below on a per-package basis.
Without a pointing device, there is no direct way to change settings in
the GNOME Settings app provided by gnome-control-center
. As a work-around, you
can navigate from the sidebar to the main content by pressing the
Right Arrow twice. To get back to the sidebar, you can
start a search with Ctrl+F, type
something, then hit Esc to cancel the search. Now you
can use the Up Arrow and Down Arrow to
navigate the sidebar. It is not possible to select search results with
the keyboard.