Differences between revisions 130 and 131
Revision 130 as of 2009-03-16 16:23:45
Size: 12916
Editor: ?TobiasQuathamer
Comment: Add list of hardened packages
Revision 131 as of 2009-03-17 08:55:21
Size: 12852
Editor: RhondaDVine
Comment: revert last commit, it contained false data
Deletions are marked like this. Additions are marked like this.
Line 87: Line 87:
 * Several security-critical packages have been built with GCC [[Hardening]] features. This includes bind9, nast, postfix, postgresql-8.3, quagga, and strongswan.  * Several security-critical packages have been built with GCC [[Hardening]] features. TODO: list.

Kernel and utilities

  • Linux 2.6.26 (see KernelFAQ#new-features-in-lenny);

  • lspci (pciutils 3.0.0) has a -Q option to query the central database.
  • mount : read-only binds ; --make-shared, --make-slave, --make-private, --make-unbindable

  • KVM (kernel + qemu-kvm...)

  • ntfs-3g (i.e R-W support)

    • gnome expects ntfs-3g to mount volumes, which isn't installed by default so it fails. Is there a regression here ? (needs testing).
  • List of Discontinued/Renamed modules.
    • Most legacy CD (pre IDE!): aztcd, gscd isp16, mcdx optcd sjcd sonycd535 (Old CD-ROM drivers not SCSI, not IDE)

Removed

  • No support for Linux 2.4

Desktop

  • GNOME 2.22 ( 2.22 release notes http://library.gnome.org/misc/release-notes/2.22)

    • many applications now use the new gio library instead of gnome-vfs, leading to important performance improvements
    • A handful of packages (namely nautilus, gnome-panel and libgnome) will be shipped in their 2.20 version, as we felt gvfs was not stable and featured enough for a stable Debian release. We include our patched, rock-solid version of gnome-vfs instead, even though it means less performance.
    • Experimental webkit support (epiphany-webkit)

    • gnome-keyring is generalized (including SSH keys support and pam_gnome_keyring)
    • system-config-printer replaces gnome-cups-manager

    • mlocate replace locate, content is now indexed.

    • Automatic configuration of hotplugged printers (hal-cups-utils)

    • Improved CD/DVD ISO support (Archive Manager can open an ISO ; nautilus-cd-burner can burn it.)

    • new apps : cheese, vinagre, sabayon

    • Improved application evolution, evince, totem (automatic download codecs), gedit (syntax-highlighting), screen-saver (Leave Message feature), Network-manager and power-manager.

    • Improved Internationalization.
    • Many improvements in accessibility support (new applications, at-spi integration in gecko applications)
    • pidgin replace gaim

    • gnome-app-install , aka "Add/Remove Applications"

    • Native Flash support, both in the desktop (swfdec-gnome) and in the browser (swfdec-mozilla)

  • LXDE
  • Artwork
  • X.org 7.3 http://www.x.org/wiki/Releases/7.3

    • Xserver autoconfiguration (most of older xorg.conf becomes unnecessary)

    • RandR 1.2 support on Intel, ATI, and some G80 boards (autodetection of available modes, dynamic resizing, placing and rotating of outputs), but no multiple displays anymore
    • ATI R5xx and R6xx modesetting and 2D acceleration support
  • Openoffice.org 2.4, (with .docx from go-oo.org) http://wiki.services.openoffice.org/wiki/New_Features_2.4 ; http://go-oo.org/discover/

  • Emacs 22
  • Inkscape 0.46
  • Gimp http://gimp.org/release-notes/gimp-2.4.html, http://developer.gimp.org/NEWS-2.4

  • Gecko 1.9
    • Rendering uses native widgets
  • Iceweasel/Firefox 3
    • drag and drop tabs across windows
    • new places bookmarks system

  • gParted 0.36 (can move partitions)
  • Qemu(Kvm)
    • New frontends (qtemu and qemulator)

    • qemu can now use hardware-based virtualization (KVM)

    • qemu can netboot, using etherboot ROM (or the newer gPXE which is ITP 474034)

  • Fonts
    • contains enough fonts in main to give a full set of glyphs for each of the scripts in Unicode 5.1 (except Han)
  • Multimedia keys (keyboards) are handled by default (on my thinkpad + external keyboard).

Laptop

  • cpu frequency scaling enabled by default.

Server

  • Default system log daemon changed from sysklogd/klogd to rsyslog

  • Nagios3 (removal of nagios2)
  • MySQL 5.0.51a
  • PostgreSQL 8.3
  • FreeRADIUS 2.0
  • Horde 3.2 and webmail IMP 4.2
  • Virtualization:
    • Hypervisor independent virtual machine management via libvirt

      • supports kvm, xen, qemu, kqemu
      • language bindings for python and ocaml
      • Graphical UI: [virt-manager]

      • other tools: virtinst, virt-top
    • xen updated to 3.2.1

removed

  • EVMS

NAS

Security

Besides the regular Debian security support for the full archive, Lenny introduces pro-active security features to preemptively reduce the chance on vulnerabilities:

  • Debian Installer now applies any security updates before the first boot.
  • Several security-critical packages have been built with GCC Hardening features. TODO: list.

  • The standard system contains fewer setuid root binaries and fewer open ports.
  • Various applications have added hardening improvements specific to their application.
    • For example, PHP is now built with the Suhosin hardening patch.

Programming

  • Python 2.5 as the default Python interpreter
  • Tcl/Tk 8.5
  • Perl 5.10
  • GCC 4.3
    • gcc/g++ 4.2/4.3 as default C/C++ compiler depending on architecture
    • gfortran 4.3 as default FORTRAN compiler (g77 has been removed)
  • ROOT data analysis package/toolkit, version 5.18, see DebianScience/ROOT

Debian system

  • Support of symbols files (dpkg-gensymbols, dpkg-shlibdeps)
  • Support of new source package formats (so that they can be used in lenny+1)
  • debhelper 7
  • dpkg triggers
    • Manual page database updated automatically when installing packages
  • apt-get autoremove
  • 'aptitude safe-upgrade' replaces 'aptitude upgrade'
  • 'aptitude full-upgrade' replaces 'aptitude dist-upgrade'
  • Usable cross-building support of Debian packages with Debian tools.
  • DebianVolatile is official.

  • ?Kernel/Oops / kerneloops.org (pic)

  • Grub2 uses root=${UUID}, to on new installed systems.
  • Other boot changes: kexec+readahead+insserv+dash can give faster boot

Packages

Debian Installer

Only major changes are listed. For details the various release announcements can be checked.

  • Support for multiple CDs/DVDs during the installation
  • Update of system clock using NTP
  • Experimental support for SATA RAID (dmraid)
  • relatime mount option (see mount(1)).

  • isolinux boot menu (i386/amd64)
  • Option to install Debian from MS Windows (i386/amd64)
  • Various changes affecting automated installs (preseeding)
  • New hardware support: ...
  • New translations: ...
  • Dropped translations: ...
  • ...
  • Prompts for a media with required non-free firmware, if required.
  • BluRay installation images for i386 and amd64.

  • multipath support (multipath-modules)

  • possibility to add volatile.debian.org to sources.list (by pre-seeding)

No longer supported in Lenny

Even though the page is called "New" this is probably the best place to track major changes in this category too (after all, the fact that support for something was dropped is new too). -- fjp

  • Architecture : sparc32
  • Packages :
    • Debian tools that are removed : Linda.

    • Removed packages, with no equivalent that "Provides" transition. (a list, as of 2008-05-30)

    • apache v1 (superseded by apache2)

    • xmms v1 (superseded by xmms2)

    • FlashPlayer only available as a backport, but swfdec-mozilla is installed by default.

  • Firmware : the following firmwares have been removed from Debian main.
    This particularly affects network cards (which might be required for a net-install). In order to activate affected devices, the 'non-free' section has to be enabled.
    Todo: add link to documentation for new installations; add list of affected firmware -- jw

Upgrade issues

This section lists (potential) upgrade issues that may need to be documented.

  • [sparc] 2.6.26 kernel does not work with X.Org 7.0/7.1, but should work with 7.3; see lkml

  • On system with nfs, nfs-common MUST be upgraded before mount see #493095

  • As of 2.6.25 (and still in 2.6.26 in lenny), megraid_mbox kernel panics if you have non-RAID devices on the PERC3/DC RAID controller and possibly other Dell PERC3 models, see #490903

  • Upgrading over ssh when the connection is managed by NetworkManager can lead the upgrade failing/hanging when the NetworkManager service is restarted. If you are lucky, the ssh connection will not drop out; if you are unlucky, the ssh connection will drop out and at the next interactive point in the upgrade (e.g. dpkg "replace this file" or debconf) the entire upgrade is left in a horrible state.

Notes

  • a good start would be to review the programs in default tasks + the most installed programs not in tasks.
  • New hardware support ; new modules ?


  • The layout for this page can have two axes. We'll have to figure out how to write it down at some point :
  • New vs dropped feature :
    • New stuffs (especially those with high popcon count !)
    • Improved stuff since Etch.
    • Dropped stuffs
    • Deprecated stuffs
    • Changes in DFSGfreeness - alpine, openjdk, djbdns, ttf-liberation in main
  • Categories
    • Infrastructure, Organization, etc.
    • Architectures.
    • Software Theoretically, we should focus on user features (i.e sysadmin feature). However, considering our audience, we should include a few word on technologies

      • Common software (kernel)
      • Server oriented software.
      • Desktop oriented software.
      • Developer features (esp. DD ?).
      • Other features (embedded, etc.)
    • Miscellaneous (the last but not the least) : Debian Installer, Debian Live, LSB, CDD

Releasenotes svn repository

The svn repository for the releasenotes is located at svn://svn.debian.org/svn/ddp/manuals/branches/release-notes/lenny

Due to license incompatibility, the content of the NewInLenny wiki page can't be copied to the release notes. (This isnt fully true anymore, the lenny release notes are GPL2 as is this page.)

So if you write some text, then you should also send a mail to the release-notes maintainers. (We won't repeat that mistake for Squeeze).

(Re)-License

License:

The license of this page has changed.
Please, relicense your contributions to this page.
Note: By making a new contribution, you agree to relicense your previous contribution(s) to this page under the new license.

  • All contributions to this page (since 2008-09-03) are under GPL v2.

  • By making a new contribution, you relicense your previous contribution(s) to this page under the new license.
  • You can remove your previous contribution(s) if you want.

People who have relicensed their works : FranklinPiat, ?VincentDanjean, ThijsKinkhorst, ?JossMouette, HolgerLevsen, GerfriedFuchs, ?MertDirik, EricVeirasGalisson Add You Name Here


CategoryPermalink