12916
Comment: Add list of hardened packages
|
12852
revert last commit, it contained false data
|
Deletions are marked like this. | Additions are marked like this. |
Line 87: | Line 87: |
* Several security-critical packages have been built with GCC [[Hardening]] features. This includes bind9, nast, postfix, postgresql-8.3, quagga, and strongswan. | * Several security-critical packages have been built with GCC [[Hardening]] features. TODO: list. |
Contents
Kernel and utilities
Linux 2.6.26 (see KernelFAQ#new-features-in-lenny);
- lspci (pciutils 3.0.0) has a -Q option to query the central database.
mount : read-only binds ; --make-shared, --make-slave, --make-private, --make-unbindable
KVM (kernel + qemu-kvm...)
ntfs-3g (i.e R-W support)
- gnome expects ntfs-3g to mount volumes, which isn't installed by default so it fails. Is there a regression here ? (needs testing).
- List of Discontinued/Renamed modules.
Most legacy CD (pre IDE!): aztcd, gscd isp16, mcdx optcd sjcd sonycd535 (Old CD-ROM drivers not SCSI, not IDE)
Removed
- No support for Linux 2.4
Desktop
GNOME 2.22 ( 2.22 release notes http://library.gnome.org/misc/release-notes/2.22)
- many applications now use the new gio library instead of gnome-vfs, leading to important performance improvements
- A handful of packages (namely nautilus, gnome-panel and libgnome) will be shipped in their 2.20 version, as we felt gvfs was not stable and featured enough for a stable Debian release. We include our patched, rock-solid version of gnome-vfs instead, even though it means less performance.
Experimental webkit support (epiphany-webkit)
- gnome-keyring is generalized (including SSH keys support and pam_gnome_keyring)
system-config-printer replaces gnome-cups-manager
Automatic configuration of hotplugged printers (hal-cups-utils)
Improved CD/DVD ISO support (Archive Manager can open an ISO ; nautilus-cd-burner can burn it.)
Improved application evolution, evince, totem (automatic download codecs), gedit (syntax-highlighting), screen-saver (Leave Message feature), Network-manager and power-manager.
- Improved Internationalization.
- Many improvements in accessibility support (new applications, at-spi integration in gecko applications)
gnome-app-install , aka "Add/Remove Applications"
Native Flash support, both in the desktop (swfdec-gnome) and in the browser (swfdec-mozilla)
- LXDE
- Artwork
Debian MoreBlue Orbit is the new desktop artwork.
X.org 7.3 http://www.x.org/wiki/Releases/7.3
Xserver autoconfiguration (most of older xorg.conf becomes unnecessary)
- RandR 1.2 support on Intel, ATI, and some G80 boards (autodetection of available modes, dynamic resizing, placing and rotating of outputs), but no multiple displays anymore
- ATI R5xx and R6xx modesetting and 2D acceleration support
Openoffice.org 2.4, (with .docx from go-oo.org) http://wiki.services.openoffice.org/wiki/New_Features_2.4 ; http://go-oo.org/discover/
- Emacs 22
- Inkscape 0.46
Gimp http://gimp.org/release-notes/gimp-2.4.html, http://developer.gimp.org/NEWS-2.4
- Gecko 1.9
- Rendering uses native widgets
- Iceweasel/Firefox 3
- drag and drop tabs across windows
new places bookmarks system
- gParted 0.36 (can move partitions)
- Qemu(Kvm)
- Fonts
- contains enough fonts in main to give a full set of glyphs for each of the scripts in Unicode 5.1 (except Han)
- Multimedia keys (keyboards) are handled by default (on my thinkpad + external keyboard).
Laptop
- cpu frequency scaling enabled by default.
Server
Default system log daemon changed from sysklogd/klogd to rsyslog
- Nagios3 (removal of nagios2)
- MySQL 5.0.51a
- PostgreSQL 8.3
- FreeRADIUS 2.0
- Horde 3.2 and webmail IMP 4.2
- Virtualization:
Hypervisor independent virtual machine management via libvirt
- supports kvm, xen, qemu, kqemu
- language bindings for python and ocaml
Graphical UI: [virt-manager]
- other tools: virtinst, virt-top
- xen updated to 3.2.1
removed
- EVMS
NAS
Support for Marvell's Orion platform. Specifically, lenny supports the following devices based on the Orion platform: QNAP Turbo Station (TS-109, TS-209, TS-409), HP mv2120, and Buffalo Kurobox Pro.
Security
Besides the regular Debian security support for the full archive, Lenny introduces pro-active security features to preemptively reduce the chance on vulnerabilities:
- Debian Installer now applies any security updates before the first boot.
Several security-critical packages have been built with GCC Hardening features. TODO: list.
- The standard system contains fewer setuid root binaries and fewer open ports.
- Various applications have added hardening improvements specific to their application.
For example, PHP is now built with the Suhosin hardening patch.
Programming
- Python 2.5 as the default Python interpreter
- Tcl/Tk 8.5
- Perl 5.10
- GCC 4.3
- gcc/g++ 4.2/4.3 as default C/C++ compiler depending on architecture
- gfortran 4.3 as default FORTRAN compiler (g77 has been removed)
ROOT data analysis package/toolkit, version 5.18, see DebianScience/ROOT
Debian system
- Support of symbols files (dpkg-gensymbols, dpkg-shlibdeps)
- Support of new source package formats (so that they can be used in lenny+1)
- debhelper 7
- dpkg triggers
- Manual page database updated automatically when installing packages
- apt-get autoremove
- 'aptitude safe-upgrade' replaces 'aptitude upgrade'
- 'aptitude full-upgrade' replaces 'aptitude dist-upgrade'
- Usable cross-building support of Debian packages with Debian tools.
DebianVolatile is official.
- Grub2 uses root=${UUID}, to on new installed systems.
- Other boot changes: kexec+readahead+insserv+dash can give faster boot
Packages
List of New, Removed and Upgraded packages, see
http://www.klabs.be/~fpiat/linux/comp-dist/lenny/
Debian Installer
Only major changes are listed. For details the various release announcements can be checked.
- Support for multiple CDs/DVDs during the installation
- Update of system clock using NTP
- Experimental support for SATA RAID (dmraid)
relatime mount option (see mount(1)).
- isolinux boot menu (i386/amd64)
- Option to install Debian from MS Windows (i386/amd64)
- Various changes affecting automated installs (preseeding)
- New hardware support: ...
- New translations: ...
- Dropped translations: ...
- ...
- Prompts for a media with required non-free firmware, if required.
BluRay installation images for i386 and amd64.
multipath support (multipath-modules)
- possibility to add volatile.debian.org to sources.list (by pre-seeding)
No longer supported in Lenny
Even though the page is called "New" this is probably the best place to track major changes in this category too (after all, the fact that support for something was dropped is new too). -- fjp
- Architecture : sparc32
- Packages :
Debian tools that are removed : Linda.
Removed packages, with no equivalent that "Provides" transition. (a list, as of 2008-05-30)
FlashPlayer only available as a backport, but swfdec-mozilla is installed by default.
Firmware : the following firmwares have been removed from Debian main.
This particularly affects network cards (which might be required for a net-install). In order to activate affected devices, the 'non-free' section has to be enabled.
Todo: add link to documentation for new installations; add list of affected firmware -- jw
Upgrade issues
This section lists (potential) upgrade issues that may need to be documented.
[sparc] 2.6.26 kernel does not work with X.Org 7.0/7.1, but should work with 7.3; see lkml
On system with nfs, nfs-common MUST be upgraded before mount see #493095
As of 2.6.25 (and still in 2.6.26 in lenny), megraid_mbox kernel panics if you have non-RAID devices on the PERC3/DC RAID controller and possibly other Dell PERC3 models, see #490903
Upgrading over ssh when the connection is managed by NetworkManager can lead the upgrade failing/hanging when the NetworkManager service is restarted. If you are lucky, the ssh connection will not drop out; if you are unlucky, the ssh connection will drop out and at the next interactive point in the upgrade (e.g. dpkg "replace this file" or debconf) the entire upgrade is left in a horrible state.
Notes
- a good start would be to review the programs in default tasks + the most installed programs not in tasks.
- New hardware support ; new modules ?
- The layout for this page can have two axes. We'll have to figure out how to write it down at some point :
- New vs dropped feature :
- New stuffs (especially those with high popcon count !)
- Improved stuff since Etch.
- Dropped stuffs
- Deprecated stuffs
- Changes in DFSGfreeness - alpine, openjdk, djbdns, ttf-liberation in main
- Categories
- Infrastructure, Organization, etc.
- Architectures.
Software Theoretically, we should focus on user features (i.e sysadmin feature). However, considering our audience, we should include a few word on technologies
- Common software (kernel)
- Server oriented software.
- Desktop oriented software.
- Developer features (esp. DD ?).
- Other features (embedded, etc.)
- Miscellaneous (the last but not the least) : Debian Installer, Debian Live, LSB, CDD
Releasenotes svn repository
The svn repository for the releasenotes is located at svn://svn.debian.org/svn/ddp/manuals/branches/release-notes/lenny
Due to license incompatibility, the content of the NewInLenny wiki page can't be copied to the release notes. (This isnt fully true anymore, the lenny release notes are GPL2 as is this page.)
So if you write some text, then you should also send a mail to the release-notes maintainers. (We won't repeat that mistake for Squeeze).
(Re)-License
License: |
The license of this page has changed. |
All contributions to this page (since 2008-09-03) are under GPL v2.
- By making a new contribution, you relicense your previous contribution(s) to this page under the new license.
- You can remove your previous contribution(s) if you want.
People who have relicensed their works : FranklinPiat, ?VincentDanjean, ThijsKinkhorst, ?JossMouette, HolgerLevsen, GerfriedFuchs, ?MertDirik, EricVeirasGalisson Add You Name Here