ProHoster > Blog > internet news > Debian 13 Release

Debian 13 Release

After two years of development, Debian 13 "Trixie" has been released for eight officially supported architectures: Intel IA-32/x86 (i686), AMD64/x86-64, ARM EABI (armel), ARM64, ARMv7 (armhf), RISC-V, PowerPC 64 (ppc64el), and IBM System z (s390x). Debian 13 will continue to receive updates for five years.

Installation images are available for download via HTTP, jigdo or BitTorrent. LiveUSBs are available for the amd64 architecture, with GNOME, KDE, LXDE, Xfce, Cinnamon and MATE variants, as well as a multi-arch DVD that combines packages for the amd64 platform with additional packages for the i386 architecture. The following document should be read before migrating from Debian 12.

The repository contains 69830 binary packages, which is 5411 more than were offered in Debian 12. Compared to Debian 12, 14116 new binary packages were added, 8844 (12%) obsolete or abandoned packages were removed, and 44326 (63%) packages were updated. The total combined size of all source texts offered in the distribution is 1 lines of code. The total size of all packages is 463 GB.

For 96.9% of packages, support for reproducible assemblies is provided, which allows us to confirm that the executable file was built from the declared source texts and does not contain any extraneous changes, the substitution of which, for example, can be made by attacking the assembly infrastructure or a backdoor in the compiler.

Key changes in Debian 13.0:

  • Added official distribution port for systems based on 64-bit RISC-V architecture.
  • Added a "loong64" port for systems based on the LoongArch instruction set architecture used in the Loongson 3 5000 processors and implementing a RISC ISA similar to MIPS and RISC-V. The port is not officially supported.
  • The "mipsel" and "mips64el" ports for MIPS-based systems have been removed. The "mipsel" port was one of the oldest supported Debian ports, older only than the i386 port. The reason for the removal was technical issues, such as the 2Gb user space memory limit and problems with building.
  • Formation of official installation assemblies and kernel packages for 32-bit x86 systems has been discontinued, but the presence of an officially supported package repository and a multi-arch repository, the ability to deploy 32-bit environments in isolated containers, and tools for ensuring the assembly of 32-bit applications are preserved. The i386 architecture in Debian is now limited to support for running 32-bit applications in a 64-bit x86_64 environment (the assembly uses SSE2 instructions, which are not available in most 32-bit processors supported in Debian 12).
  • The year 2038 problem has been completely resolved. All packages have been moved to use the 64-bit time_t type in the distribution ports for 32-bit architectures, which continued to use the 32-bit time_t type (it cannot be used to handle times later than January 19, 2038, due to the counter for seconds elapsed since January 1, 1970 overflowing).
  • The installer has changed the logic of EFI partition management, and added a recovery mode for systems installed in the Btrfs subkey. Excluded firmware that is not required for installation, cannot work without non-free packages, or is useless with the current kernel settings. Discontinued support for grub-legacy and win32-loader. Resumed support for using non-ASCII characters in the full user name. Added support for the following boards and devices: Pine64 Pinebook, MNT Reform 2, AM64x HummingBoard-T, Pine64 Star64, Wandboard rev D1, as well as laptops and tablets based on ARM SoC Snapdragon X Elite.
  • The remote boot mode "HTTP Boot" has been added to the installer and Live builds, in which boot images are delivered using the HTTP protocol (the URL of the ISO image is entered in the UEFI or U-Boot firmware interface).
  • The tmpfs file system is used to store the directory with temporary files /tmp, using a RAM disk located in the RAM, which can be pushed out to the swap partition when there is not enough free memory. Using tmpfs allows you to reduce the number of write operations to the physical drive, reduce the power consumption of hard drives, extend the life of SSD drives, and increase the performance of working with temporary files. To return /tmp storage to a regular FS, you can use the command "systemctl mask tmp.mount".
  • The last, lastb, and lastlog commands have been removed. They were tied to the /var/log/wtmp, /var/log/btmp, /var/run/utmp, and /var/log/lastlog files, which use the 32-bit time_t type, which cannot be replaced with a 64-bit type without changing the Glibc ABI and breaking compatibility with applications. Instead of these utilities, it is recommended to use the wtmpdb, lastlog2, and lslogins utilities.
  • The systemd-cryptsetup package is used to detect and mount encrypted FS.
  • On systems with AMD64 and ARM64 architecture, the Intel CET (Control-flow Enforcement Technology), ARM PAC (Pointer Authentication) and BTI (Branch Target Identification) extensions are used to protect against exploits using return-oriented programming (ROP) methods. When using the ROP technique, the attacker does not try to place his code in memory, but operates with pieces of machine instructions already in the loaded libraries, ending with a control return instruction (usually, these are the ends of library functions). The exploit's work comes down to building a chain of calls to such blocks ("gadgets") to obtain the desired functionality. The essence of the protection is that after transferring control to a function, the return addresses are saved by the processor not only in the regular stack, but also in a separate shadow stack, which cannot be changed directly.
  • Added support for the run0 utility, supplied by systemd for running processes under other user IDs. The utility is implemented as an add-on to the systemd-run command and is presented as a safer replacement for the sudo program.
  • The APT 3.0 branch of the package manager is used, which reworks the user interface, activates the Solver3 dependency resolution engine, adds snapshot support, stops using the apt-key utility, adds a crypto backend for the OpenSSL library, and implements the 'dist-clean' command.
  • Added debian-repro-status command to check the reproducible build status for packages installed on the current system.
  • The distribution has been migrated from using a separate /usr partition to a view in which the /bin, /sbin, and /lib* directories are formatted as symbolic links to the corresponding directories within /usr.
  • The Linux kernel has been updated to version 6.12. New releases of systemd 257, bash 5.2.37, Glibc 2.41, OpenSSL 3.5 are used.
  • The release includes GNOME 48, KDE Plasma 6.3, LXDE 13, LXQt 2.1.0 and Xfce 4.20 desktop environments. The graphics stack has been updated.
  • User applications have been updated, such as LibreOffice 25.2, GIMP 3.0.2, Inkscape 1.4, Vim 9.1.
  • Updated server applications, such as BIND 9.20, Postfix 3.10, Exim 4.98, PostgreSQL 17, MariaDB 11.8, nginx 1.26, OpenJDK 21, OpenSSH 10.0, Samba 4.22, QEMU 10.0, Docker 26.1.5, Xen 4.20.
  • Development tools have been updated, such as GCC 14.2, LLVM/Clang 19, Perl 5.40, PHP 8.4, Python 3.13, Rust 1.85, Go 1.24.

Add a comment