ProHoster > Ibhulogi > iindaba ze-intanethi > Debian 13 Ukukhutshwa

Debian 13 Ukukhutshwa

Emva kweminyaka emibini yophuhliso, i-Debian 13 "Trixie" iye yakhululwa kwii-architecture ezisibhozo ezixhaswa ngokusemthethweni: Intel IA-32 / x86 (i686), AMD64 / x86-64, ARM EABI (armel), ARM64, ARMv7 (armhf), RISC-V, PowerPC 64 (ppc64 Systemz), PowerPC 390 (ppc13 Systemz) . I-Debian 5 iya kuqhubeka ifumana uhlaziyo iminyaka emihlanu.

Imifanekiso yokufakela iyafumaneka ukukhuphela ngeHTTP, jigdo okanye BitTorrent. I-LiveUSBs iyafumaneka kwi-amd64 ye-architecture, kunye ne-GNOME, i-KDE, i-LXDE, i-Xfce, i-Cinnamon kunye ne-MATE ezahlukeneyo, kunye ne-multi-arch DVD edibanisa iipakethi zeqonga le-amd64 kunye neepakethe ezongezelelweyo ze-i386 architecture. Olu xwebhu lulandelayo kufuneka lufundwe ngaphambi kokufuduka kwi-Debian 12.

I-repository iqulethe i-69830 iipakethi ze-binary, eziyi-5411 ngaphezulu kunokuba zinikezelwe kwi-Debian 12. Xa kuthelekiswa ne-Debian 12, i-14116 iipakethi ezintsha ze-binary zongezwa, i-8844 (12%) iipakethi eziphelelwe yisikhathi okanye ezishiyiweyo zasuswa, kwaye i-44326 (63%) iiphakheji zahlaziywa. Itotali yobungakanani obudityanisiweyo bayo yonke imibhalo yomthombo enikezelwayo ekuhanjisweni yi-1 imigca yekhowudi. Ubungakanani obupheleleyo bazo zonke iiphakheji yi-463 GB.

Kwi-96.9% yeepakethi, inkxaso yeendibano eziveliswayo zinikezelwa, ezisivumela ukuba siqinisekise ukuba ifayile ephunyeziweyo yakhiwe kwimibhalo yomthombo ochaziweyo kwaye ayiquki naluphi na utshintsho olungaphandle, ukutshintshwa kwayo, umzekelo, kunokwenziwa ngokuhlaselwa kweziseko zendibano okanye i-backdoor kwi-compiler.

Utshintsho oluphambili kwiDebian 13.0:

  • Kongezwe izibuko lokuhambisa elisemthethweni kwiinkqubo ezisekelwe kwi-64-bit ye-RISC-V ye-architecture.
  • Kongezwe i-port "loong64" yeenkqubo ezisekelwe kwi-LoongArch imiyalelo esetyenzisiweyo kwi-prosesa ye-Loongson 3 5000 kunye nokuphumeza i-RISC ISA efana ne-MIPS kunye ne-RISC-V. Izibuko alixhaswanga ngokusemthethweni.
  • I-"mipsel" kunye ne "mips64el" izibuko ze-MIPS-based systems zisusiwe. Izibuko le "mipsel" lelinye lawona machweba amadala eDebian axhaswayo, amadala kuphela kunezibuko i386. Isizathu sokususwa kwakuyimiba yezobuchwepheshe, njenge-2Gb yememori yendawo yomsebenzisi kunye neengxaki zokwakha.
  • Ukuqulunqwa kweendibano zofakelo olusemthethweni kunye neepakethe zekernel kwiinkqubo ze-32-bit x86 ziye zayekwa, kodwa ubukho bendawo yokugcina ipakethe exhaswa ngokusemthethweni kunye ne-multi-arch repository, ukukwazi ukuhambisa iindawo ze-32-bit kwizikhongozeli ezizimeleyo, kunye nezixhobo zokuqinisekisa ukuhlanganiswa kwezicelo ze-32-bit zigciniwe. Uyilo lwe-i386 kwi-Debian ngoku lulinganiselwe kwinkxaso yokuqhuba izicelo ze-32-bit kwindawo ye-64-bit x86_64 (indibano isebenzisa imiyalelo ye-SSE2, engafumanekiyo kwiiprosesa ezininzi ze-32-bit ezixhaswa kwi-Debian 12).
  • Ingxaki yonyaka ka-2038 isonjululwe ngokupheleleyo. Zonke iipakethe zisusiwe ukuze kusetyenziswe uhlobo lwe-64-bit time_t kumazibuko okusasazwa kwe-32-bit architectures, eqhubekileyo isebenzisa uhlobo lwe-32-bit time_t (ayinakusetyenziselwa ukuphatha amaxesha asemva koJanuwari 19, 2038, ngenxa yekhawuntara yemizuzwana edlulileyo ukususela nge-1 kaJanuwari 1970 ephuphumayo).
  • Umfaki utshintshe ingqiqo yolawulo lwe-EFI yokwahlula, kwaye yongeza indlela yokubuyisela kwiinkqubo ezifakwe kwi-subkey ye-Btrfs. I-firmware ekhutshiweyo engadingekiyo yokufakela, ayikwazi ukusebenza ngaphandle kweepakethe ezingekho simahla, okanye ayinamsebenzi kunye nezicwangciso zekernel zangoku. Iyekiwe inkxaso ye-grub-legacy kunye ne-win32-loader. Iqale kwakhona inkxaso yokusebenzisa amagama angengo-ASCII kwigama elipheleleyo lomsebenzisi. Inkxaso eyongeziweyo yeebhodi kunye nezixhobo ezilandelayo: I-Pine64 Pinebook, i-MNT Reform 2, i-AM64x HummingBoard-T, i-Pine64 Star64, i-Wandboard rev D1, kunye neelaptops kunye neetafile ezisekelwe kwi-ARM SoC Snapdragon X Elite.
  • Indlela yokuqalisa ekude "i-HTTP Boot" yongezwe kwi-installer kunye ne-Live builds, apho imifanekiso yesiqalo ihanjiswa kusetyenziswa iprotocol ye-HTTP (i-URL yomfanekiso we-ISO ifakwe kwi-UEFI okanye i-U-Boot firmware interface).
  • Inkqubo yefayile ye-tmpfs isetyenziselwa ukugcina uvimba weefayile zexeshana /tmp, usebenzisa idiski ye-RAM ebekwe kwi-RAM, enokuthi ikhutshelwe ngaphandle kwisahlulelo sokutshintsha xa kungekho memori yaneleyo yasimahla. Ukusebenzisa i-tmpfs kukuvumela ukuba unciphise inani lemisebenzi yokubhala kwi-drive ebonakalayo, ukunciphisa ukusetyenziswa kwamandla okuqhuba nzima, ukwandisa ubomi bee-SSD drives, kunye nokwandisa ukusebenza kokusebenza ngeefayile zexeshana. Ukubuyisela / ukugcinwa kwetmp kwiFS eqhelekileyo, ungasebenzisa umyalelo othi "systemctl mask tmp.mount".
  • Eyokugqibela, yokugqibela, kunye nemiyalelo yokugqibela isusiwe. Zazibotshelelwe kwi/var/log/wtmp,/var/log/btmp,/var/run/utmp, kunye/var/log/lastlog iifayile, ezisebenzisa uhlobo lwe-32-bit time_t, olungenakutshintshwa ngohlobo lwe-64-bit ngaphandle kokutshintsha i-Glibc ABI kunye nokuphula ukuhambelana nezicelo. Endaweni yezi zinto ziluncedo, kuyacetyiswa ukuba usebenzise i-wtmpdb, lastlog2, kunye ne-lslogins eziluncedo.
  • I-systemd-cryptsetup package isetyenziselwa ukubona kunye nokunyuswa kweFS efihliweyo.
  • Kwiinkqubo ezine-AMD64 kunye ne-ARM64 ye-architecture, i-Intel CET (i-Control-flow Enforcement Technology), i-ARM PAC (i-Pointer Authentication) kunye ne-BTI (i-Branch Target Identification) izandiso zisetyenziselwa ukukhusela ukuxhaphazwa kusetyenziswa iindlela zokubuyela kwiprogram (ROP). Xa usebenzisa ubuchule be-ROP, umhlaseli akazami ukubeka ikhowudi yakhe kwimemori, kodwa usebenza kunye neziqwenga zemiyalelo yomatshini esele ifakwe kwiilayibrari ezilayishiweyo, ephela ngomyalelo wokubuyisela ulawulo (ngokuqhelekileyo, ezi ziphelo zemisebenzi yethala leencwadi). Umsebenzi we-exploit wehla ekwakhiweni kwekhonkco leefowuni kwiibhloko ezinjalo ("igajethi") ukufumana umsebenzi ofunekayo. Ingundoqo yokukhusela kukuba emva kokudlulisa ulawulo kumsebenzi, iidilesi zokubuyisela zigcinwa yiprosesa kungekhona nje kwi-stack eqhelekileyo, kodwa nakwi-stack shadow stack, engenakuguqulwa ngokuthe ngqo.
  • Inkxaso eyongeziweyo ye-run0 eluncedo, ebonelelwa yi-systemd yeenkqubo ezisebenzayo phantsi kwezinye ii-ID zabasebenzisi. Usetyenziso luphunyezwa njenge-add-on kumyalelo we-systemd-run kwaye iboniswe njengokutshintshwa okukhuselekileyo kwenkqubo ye-sudo.
  • Isebe le-APT 3.0 lomphathi wephakheji liyasetyenziswa, eliphinda lisebenze ujongano lomsebenzisi, lisebenze i-Solver3 yokuxhomekeka kwe-injini yokuxhomekeka, yongeza inkxaso ye-snapshot, iyeke ukusebenzisa i-apt-key utility, yongeza i-crypto backend yelayibrari ye-OpenSSL, kwaye iphumeze umyalelo 'wokucoceka'.
  • Umyalelo wongeziweyo we-debian-repro-status ukujonga ubume bokwakha obuphinda-phindayo kwiipakethe ezifakwe kwinkqubo yangoku.
  • Unikezelo lususiwe ekusebenziseni isahlulelo esahlukileyo /usr ukuya kwimboniselo apho i/bin,/sbin, kunye/lib* abalawuli bafomathiweyo njengophawu lwekhonkco kubalawuli abahambelanayo ngaphakathi/usr.
  • I-Linux kernel ihlaziywe kuguqulelo lwe-6.12. Ukukhutshwa okutsha kwe-systemd 257, i-bash 5.2.37, i-Glibc 2.41, i-OpenSSL 3.5 isetyenziswa.
  • Ukukhutshwa kubandakanya i-GNOME 48, i-KDE Plasma 6.3, i-LXDE 13, i-LXQt 2.1.0 kunye ne-Xfce 4.20 i-desktop environments. Isitaki segrafiki sihlaziyiwe.
  • Izicelo zabasebenzisi zihlaziyiwe, ezifana ne-LibreOffice 25.2, i-GIMP 3.0.2, i-Inkscape 1.4, i-Vim 9.1.
  • Izicelo ezihlaziyiweyo zeseva, ezifana ne-BIND 9.20, Postfix 3.10, Exim 4.98, PostgreSQL 17, MariaDB 11.8, nginx 1.26, OpenJDK 21, OpenSSH 10.0, Samba 4.22, QEMU 10.0, Docker 26.1.5.
  • Izixhobo zophuhliso zihlaziywe, ezifana ne-GCC 14.2, LLVM/Clang 19, Perl 5.40, PHP 8.4, Python 3.13, Rust 1.85, Go 1.24.

Yongeza izimvo