• Select as
  • Restrict to
  • Complex restrict to

  • About DebianTimes
  • Contact: debian-publicity

  • Debian Installer Lenny Beta 2 released
    on 12.06.2008, 15:00
    in news, release
    Debian Installer Lenny Beta 1 released
    on 18.03.2008, 23:24
    in news, release
    Debian 3.1r7 ("sarge") CD/DVD images available
    on 18.01.2008, 19:50
    in news, release
    Debian Edu Skolelinux 3.0 Terra updated to 3.0r1
    on 13.12.2007, 23:45
    in release
    Debian GNU/Linux 4.0 updated
    on 16.08.2007, 00:21
    in news, release
    Debian Installer: Experimental support for Serial ATA RAID
    on 19.07.2007, 23:00
    in news, release
    Debian GNU/Linux 4.0 released
    on 08.04.2007, 12:42
    in news, release
    Debian GNU/Linux 3.1 updated
    on 07.04.2007, 22:17
    in news, release
    win32-loader 0.3.0 has been released
    on 30.03.2007, 08:38
    in news, release
    Debian Installer Etch Release Candidate 2 released
    on 19.03.2007, 14:46
    in news, release
    Debian GNU/Linux 3.1 Sarge updated (r5)
    on 17.02.2007, 20:37
    in news, release
    Key expiry breaks most D-I Etch RC1 images
    on 16.02.2007, 19:30
    in news, release
    Etch Release Update
    on 24.12.2006, 09:52
    in news, release
    Etch frozen
    on 11.12.2006, 10:42
    in news, release
    Release update: Etch+1 = Lenny, Call for Testing, Time shift
    on 16.11.2006, 16:03
    in news, release
    Debian Installer Etch Release Candidate 1 released
    on 14.11.2006, 08:59
    in news, release
    Etch will be LSB 3.1-certified
    on 01.11.2006, 21:17
    in news, release
    BSP Marathon - Munich, 14 - 15 Oct 2006
    on 17.10.2006, 18:54
    in event-reports, release
    Debian Installer - Call for testing
    on 17.10.2006, 12:26
    in news, release

    Debian Installer Lenny Beta 2 released

    contributed by Frans Pop, published on Thu Jun 12 15:00:19 2008 in news, release

    The Debian Installer team is proud to announce the second beta release of the installer for Debian GNU/Linux Lenny.

    Improvements in this release of the installer

    • This new version of the installer uses and installs the 2.6.24 kernel.
    • Support for the armel (arm little endian) architecture, using the new Embedded ABI. Note that none of the currently supported systems support installing from CD images.
    • Installer images for i386 and amd64 have a new boot menu using syslinux's vesamenu. This allows for a more user-friendly selection of for example the regular or graphical installer. For the multi-architecture CD/DVD images this change means the 64-bits version of the installer needs to be selected manually from the menu. See the \ Installation Guide for details on how to use the new menu.
    • The graphical installer now has full support for encrypted partitioning.
    • Support for column alignment in cdebconf resulting in improved language selection in the graphical installer. This will be extended to other installer components (notably the partitioner) in future releases.
    • Many improvements in the component for language, country and locale selection. The most visible are that it's now possible to back up between dialogs within the component and that the overly long full country list has been split into separate dialogs for continent and country.
    • The installer will warn users when the translation of the installer to their language is incomplete and displays which language(s) the installer will fall back to.
    • Improved support for mouse configuration for the graphical installer makes use of a serial mouse possible.
    • The relatime file system mount option is now usable.
    • Issues during installs from CD/DVD due to the addition of support for multiple CDs have been resolved.
    • When using the KDE or Xfce CD images it is now possible to select additional tasks, similar to the normal CD set (which by default installs GNOME).
    • The following additional languages are now supported: Marathi (only in the graphical installer).

    Known issues in this release

    • As a result of a recent switch to Perl 5.10, the installation logs will show some Perl warnings. As far as we know these are harmless and can be ignored.
    • Installations in Russian (and possibly some other languages) may fail due to an error from aptitude; most languages seem unaffected.
    • i386: for this release installation from floppy disk is not supported.
    • i386/amd64:GRUB installation on cpqarray RAID volumes (/dev/ida/cXdX) may fail.
    • arm: this release does not support Netwinder systems.
    • There are still a few issues for some PowerPC subarchitectures.
    • Known issues for the graphical installer:
      • some non-US keymaps are not fully supported (deadkeys and combining characters do not work);
      • keys for accented or special characters may not work correctly; this is a regression compared to previous releases which will hopefully be fixed again soon;
      • touchpads should work, but support may not be optimal; if you experience problems, you should use an external mouse instead;
      • should work on almost all PowerPC systems that have an ATI graphics card, but is unlikely to work on other PowerPC systems.

    See the errata for details and a full list of known issues.

    Our thanks to everybody who has contributed to this release.

    Installation CDs and DVDs, other media, errata, and everything else you'll need are available from our web site.

    Debian Installer Lenny Beta 1 released

    contributed by Frans Pop, published on Tue Mar 18 23:24:52 2008 in news, release

    The Debian Installer team is proud to announce the first beta of Debian Lenny's Installer.

    This is the first release since Etch and the whole team has been hard at work during the past 11 months to make this release full of new features and bugfixes.

    We do need your help to find bugs and further improve the installer, so please try it.

    Improvements in this release of the installer

    A comprehensive changelog of what has changed since the release of Etch is available on the wiki.

    Support for CD/DVD sets is back

    Support for loading additional CDs or DVDs from a set (a feature missing in Etch) has been added again. As language-related packages do not all fit on the first CD, this greatly improves the situation for non-English speakers performing installations without internet connectivity.

    Clock synchronization using NTP

    By default, the installer will now attempt to synchronize the system clock using the Network Time Protocol (NTP) when a network connection has been configured. The hardware clock will be updated before the system is rebooted.

    This ensures a valid system time during installation, preventing odd behaviors with cryptographic signatures or filesystem checks.

    Support for "volatile" has been added

    The installer now supports adding the "volatile.debian.org" repository when adding additional APT sources. In the same way as security.debian.org, it will be configured by default when the "stable" distribution is installed.

    In addition, it is now possible to disable the security and volatile sources when the installer is run in expert mode and security.debian.org will be configured by default for installations of "testing".

    Please read the debian-volatile homepage for more information about the volatile project.

    Starting the installer from Microsoft Windows

    Since the integration of the win32-loader package, it is now possible to start the installer directly from Microsoft Windows without the need to change BIOS settings. Upon insertion of a CD-ROM, DVD-ROM or USB stick, an autorun program will be started, offering a step-by-step process to start the Debian Installer. A few installer settings (including language) will be preconfigured from this process.

    Experimental support for Serial ATA RAID (dmraid)

    As previously announced, the debian-installer now includes experimental support for installing Debian on systems with Serial ATA RAID as supported in Linux via the dmraid utility. Please see the dedicated wiki page for more information.

    Other noteworthy changes

    • The installer has been updated to use Linux 2.6.22
    • Various changes have resulted in reduced memory usage
    • Rescue mode now supports LUKS encrypted partitions
    • Various code cleanups, reorganizations and refactorings have been done
    • A new language, Amharic, has been added (graphical installations only)

    No longer supported

    • DECstation (mipsel) and RiscPC (arm) machines are no longer supported
    • The sparc32 architecture is no longer supported as kernel support for it was dropped.

    Known issues in this release

    • Support for the "relatime" mount option has been added, but is currently broken. See #460824
    • i386: kernel oops during installer startup on Thinkpad T41. See #470522
    • mips: the installer won't start on at least SGI O2 and qemu
    • arm: this release doesn't support Netwinder
    • s390: the "tape" installation method is unusable due to a kernel issue. See #466906

    Plans for next Beta release

    The next beta will be focused mainly on getting an installer version working with Linux 2.6.24.

    Other contributors have nevertheless mentioned working on non-free firmware support, improvements in the partioner, locale support and mirror selection and improvements in the graphical installer.

    The debian-installer team is still looking for active contributors for new features, bug triaging and squashing, improvements on the manual and the developer documentation. If you want Lenny to release on time, please join and help!

    Installation CDs, other media, and everything else you'll need are available from our web site.

    Debian 3.1r7 ("sarge") CD/DVD images available

    contributed by Frans Pop, published on Fri Jan 18 19:50:07 2008 in news, release

    After some delay because of an omission in the 3.1r7 release regarding the Debian Installer images, the Debian CD team is happy to announce that new CD and DVD images for Sarge are now available from the Sarge installation information web page.

    The new CD/DVD images and other installer images solve an issue regarding the use of a network mirror during installation that affected Sarge installs since it became "oldstable". For details see the web page linked above.

    Debian Edu Skolelinux 3.0 Terra updated to 3.0r1

    contributed by andremachado, published on Thu Dec 13 23:45:36 2007 in release

    The Debian Edu / Skolelinux project is proud to announce the 3.0r1 maintainance release!

    The 3.0r1 point release of Debian Edu / Skolelinux is a maintenance update.

    It's including more than 40 bug fixes and security updates that came to our attentention after the 3.0r0 release. It is based on Debian etch 4.0r1. A link to download locations is available at the end of this announcement.

    The most notable change is the much improved documentation, especially the getting started and maintenance chapters are much more complete now and cover everything which needs to be done to get started.

    The translation to German, Norwegian Bokmal and Italian (new) have been updated, the latter two even completed. Both HTML and PDF versions now include images, some localized, and provide internal document links.

    The Information Technology Infrastructure Library (ITIL) documentation in Norwegian is now also available in HTML. Important bugs has been fixed in the LDAP Web-based Administration Tool (lwat).

    A load-balancing feature is included in the thin client system (LTSP.org). New improvements have been selectively introduced after considerable testing, with the emphasis on stability for centrally-operated installations.

    This maintenance release shows that the Debian Edu / Skolelinux delivers updates and releases at a steady phase, confirming the international cooperation and a growing community.

    Finally, to improve communication between Debian Edu / Skolelinux developers and users, the debian-edu-announce mailing list has been created. This is a low traffic list for announcements, such as new releases or package updates, only. Please visit that page to read the archive or to subscribe.

    For a detailed list what's new in the 3.0r1 release please see our release notes.

    More information about Debian Edu / Skolelinux visit its site.

    Skolelinux Download and mirror list.

    Complete list of improvements at the release notes.

    Release manual for the Debian Edu / Skolelinux "Terra" 3.0r1 release.

    Full press release with contact data at here.

    Debian GNU/Linux 4.0 updated

    contributed by aba, published on Thu Aug 16 00:21:36 2007 in news, release

    Debian GNU/Linux 4.0 updated

    The Debian project has updated the stable distribution Debian GNU/Linux 4.0 (codename Etch). This update adds security updates to the stable release, together with a few corrections to serious problems. As always, the first point release also corrects a few issues that have been noticed too late in the release process to stop the release, but still should be fixed.

    This point release for Etch also includes an updated release of the installer, which includes the following changes:

    • kernels used in the installer have been updated to ABI 2.6.18-5; as a result, some "small" images (for example netboot and floppy images) included with the original Etch release will no longer work (but the new images included with the point release will work, as well as the full CD/DVD images from both the original release as well as from this point release)
    • updated mirror list
    • support added for certain USB CD drives that were not being detected
    • incorrect setup of gksu fixed when user chooses to install with the root account disabled; this prevented the execution of administrative tasks in GNOME
    • important translation fixes in partman for Catalan and Romanian

    Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 DVDs/CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images will be available within the next week at the regular locations.

    Upgrading to this revision online is usually done by pointing the aptitude package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

    http://www.debian.org/distrib/ftplist

    Miscellaneous Bugfixes

    This stable update adds a few important corrections to the following packages.

    Package                Reason
    
    apache2                Fix #423653 and #419552; better documentation
    apache2-mpm-itk        Rebuild against apache2 2.2.3-4+etch1.
    apt-setup              Default suite to code name.
    cdrom-detect           Scan also for things that look like USB floppies.
    choose-mirror          Update mirrors list.
    debian-archive-keyring Adding debian volatile keyring
    debian-installer-utils Support scanning for USB sticks and discs that are misdetected as floppies.
    debian-installer       Updates for the 2.6.18-5-kernels and misc fixes
    debootstrap            Add support for lenny.
    desktop-base           Fix kde default wallpaper appearance between kdm to ksplash switch.
    epiphany-browser       Add language to gconf defaults
    fai-kernels            Include arcmsr scsi-driver which is included in the etch kernels
    file                   Fix possible denial of service
    glibc                  Fix CPU hog on 64 bits machines, dependencies of nscd, wrong assertion and unaligned memory access
    gnome-mount            Rebuild against libeel2-2.14
    initramfs-tools        Added missing esp module to scsi modules list so it gets installed in the initrd
    kernel-wedge           Reupload to match packages in r1
    libofa                 Rebuild in a clean environment.
    librsvg                Fix dependency (#403977)
    lifelines              Fix file conflict by versioning a dependency.
    lilo-installer         Support multiple disks when devfs device names are used
    linux-latest-2.6       Assist upgrade to new linux-2.6 ABI
    lsb                    Don't remove PID files of daemons that aren't actually killed
    madwifi                Fix two remote and one local DoS
    mail-notification      Fix uninstallability on sparc
    mixmaster              Fix buffer overflow in mixmaster (#418662)
    mozilla-traybiff       less restrict depends on icedove-dev
    mpop                   fix CVE-2007-1558
    mutt                   Add imap_close_connection to fully reset IMAP state
    nano                   Fix segfaults.
    neon26                 Fix kerberos authentication.
    nfs-utils              Fix memory leaks.
    openoffice.org         Fix crashes when saving files.
    orage                  Memory leak
    orbit2                 Allow non-local IPv4.
    partman-auto           d-i translation update
    partman-partitioning   d-i translation update
    php5                   Fix regression in single quote escaping.
    pppconfig              Fix upgrade issue from sarge, #418350
    rdesktop               Segfault regression caused by libx11-6 security fix prior Etch release
    tetex-base             Ease transition to texlive, #420390
    trac                   Fix CSS and remote exploitable issues.
    user-setup             Fix chroot calls to properly setup gksu alternatives.
    vice                   Regression caused by libx11-6 security fix prior Etch release
    xorg                   Updated conflicts for easier upgrades and corrected dependencies for x11-common.
    

    Removed Package

    This package has been removed due to non-fixable issues:

    vdrift: license issues, #420965
    

    Missing Builds

    One or more missing or out-of-date architectures have been added to these packages in this point release:

    asterisk-chan-capi
    banshee
    codespeak-lib
    democracyplayer
    dfsbuild
    dwm
    dwm-tools
    hpodder
    ivtv
    mercurial
    metar
    ocp
    pekwm
    rlwrap
    setpwc
    slcfitsio
    stalin
    twinkle
    xfce4-session
    xserver-xorg-input-acecad
    xserver-xorg-input-evdev
    xserver-xorg-input-joystick
    xserver-xorg-input-keyboard
    xserver-xorg-input-mouse
    xserver-xorg-input-summa
    xserver-xorg-video-apm
    xserver-xorg-video-ark
    xserver-xorg-video-i128
    xserver-xorg-video-nsc
    xserver-xorg-video-nv
    xserver-xorg-video-rendition
    xserver-xorg-video-s3
    xserver-xorg-video-savage
    xserver-xorg-video-sis
    xserver-xorg-video-tseng
    xserver-xorg-video-via
    xserver-xorg-video-voodoo
    

    Security Updates

    This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.

    Advisory ID   Package(s)               Correction(s)
      DSA 1280    aircrack-ng              Fix remote exploitable buffer overflow
      DSA 1281    clamav                   Fix several remote vulnerabilities
      DSA 1282    php4                     Fix several remote vulnerabilities
      DSA 1283    php5                     Fix several vulnerabilities
      DSA 1284    qemu                     Fix several vulnerabilities
      DSA 1285    wordpress                Fix multiple vulnerabilities
      DSA 1286    linux-2.6                Fix several vulnerabilities (superseded by DSA 1289)
      DSA 1288    pptpd                    Fix denial of service vulnerability
      DSA 1289    linux-2.6                Fix several vulnerabilities
      DSA 1290    squirrelmail             Fix cross-site scripting
      DSA 1291    samba                    Fix multiple vulnerabilities
      DSA 1292    qt4-x11                  Fix missing input validation
      DSA 1293    quagga                   Fix denial of service vulnerability
      DSA 1295    php5                     Fix several vulnerabilities
      DSA 1296    php4                     Fix privilige escalation
      DSA 1297    gforge-plugin-scmcvs     Fix arbitrary shell command execution
      DSA 1298    otrs2                    Fix cross-site scripting
      DSA 1299    ipsec-tools              Fix denial of service vulnerability
      DSA 1300    iceape                   Fix several vulnerabilities
      DSA 1301    gimp                     Fix arbitrary code execution
      DSA 1302    freetype                 Fix integer overflow
      DSA 1303    lighttpd                 Fix denial of service vulnerability
      DSA 1305    icedove                  Fix several vulnerabilities
      DSA 1306    xulrunner                Fix several vulnerabilities
      DSA 1307    openoffice.org           Fix arbitrary code execution
      DSA 1309    postgresql-8.1           Fix privilage escalation.
      DSA 1310    libexif                  Fix integer overflow
      DSA 1311    postgresql-7.4           Fix privilige escalation.
      DSA 1312    libapache-mod-jk         Fix information disclosure
      DSA 1313    mplayer                  Fix arbitrary code execution
      DSA 1314    open-iscsi               Fix several vulnerabilities
      DSA 1315    libphp-phpmailer         Fix arbitrary shell command execution
      DSA 1316    emacs21                  Fix denial of service vulnerability
      DSA 1318    ekg                      Fix denial of service vulnerability
    

    The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:

    http://release.debian.org/stable/4.0/4.0r1/

    URLs

    The complete lists of packages that have changed with this revision:

    http://ftp.debian.org/debian/dists/etch/ChangeLog

    The current stable distribution:

    http://ftp.debian.org/debian/dists/etch

    Proposed updates to the stable distribution:

    http://ftp.debian.org/debian/dists/proposed-updates

    Stable distribution information (release notes, errata etc.):

    http://www.debian.org/releases/etch/

    Security announcements and information:

    http://www.debian.org/security/

    Debian Installer: Experimental support for Serial ATA RAID

    contributed by Frans Pop, published on Thu Jul 19 23:00:00 2007 in news, release

    The Debian Installer team is happy to announce that daily built images of Debian Installer (for Lenny) now include experimental support for installing Debian on systems configured with Serial ATA RAID 1), as supported in Linux by using the dmraid utility.

    The support is experimental because

    • it has not yet had very much testing;
    • only the GRUB bootloader installer supports it, which effectively limits support to i386 and amd64;
    • dmraid devices are currently not really supported by either libparted (partitioning) or any bootloaders; the current support in the installer works around this, but this results in some limitations in usability.

    Users are invited to test this new feature of the installer.
    Installation instructions and an overview of limitations can be found on the Debian Installer Wiki. Please read that page carefully. Installer and CD images are available from the Debian Installer website; you will need one of the "daily built" images.
    Please report any issues by filing an installation report.

    The support for Serial ATA RAID is scheduled to be included in the first Beta release of the installer for Lenny.

    On behalf of the Debian Installer team,
    Frans Pop

    Notes

    1. To confuse the general public, this is also referred to as ATA RAID, BIOS RAID, fake RAID and software RAID, as well as a number of vendor specific terms such as Intel Matrix Storage.

    Debian GNU/Linux 4.0 released

    published on Sun Apr 8 12:42:18 2007 in news, release

    The Debian Project is pleased to announce the official release of Debian GNU/Linux version 4.0, codenamed etch, after 21 months of constant development. Debian GNU/Linux is a free operating system which supports a total of eleven processor architectures and includes the KDE, GNOME and Xfce desktop environments. It also features cryptographic software and compatibility with the FHS v2.3 and software developed for version 3.1 of the LSB.

    Using a now fully integrated installation process, Debian GNU/Linux 4.0 comes with out-of-the-box support for encrypted partitions. This release introduces a newly developed graphical frontend to the installation system supporting scripts using composed characters and complex languages; the installation system for Debian GNU/Linux has now been translated to 58 languages.

    Also beginning with Debian GNU/Linux 4.0, the package management system has been improved regarding security and efficiency. Secure APT allows the verification of the integrity of packages downloaded from a mirror. Updated package indices won't be downloaded in their entirety, but instead patched with smaller files containing only differences from earlier versions.

    Debian GNU/Linux runs on computers ranging from palmtops and handheld systems to supercomputers, and on nearly everything in between. A total of eleven architectures are supported including: Sun SPARC (sparc), HP Alpha (alpha), Motorola/IBM PowerPC (powerpc), Intel IA-32 (i386) and IA-64 (ia64), HP PA-RISC (hppa), MIPS (mips, mipsel), ARM (arm), IBM S/390 (s390) and – newly introduced with Debian GNU/Linux 4.0 – AMD64 and Intel EM64T (amd64).

    Debian GNU/Linux can be installed from various installation media such as DVDs, CDs, USB sticks and floppies, or from the network. GNOME is the default desktop environment and is contained on the first CD. The K Desktop Environment (KDE) and the Xfce desktop can be installed through two new alternative CD images. Also newly available with Debian GNU/Linux 4.0 are multi-arch CDs and DVDs supporting installation of multiple architectures from a single disc.

    Debian GNU/Linux can be downloaded right now via bittorent (the recommended way), jigdo or HTTP; see Debian GNU/Linux on CDs for further information. It will soon be available on DVD and CD-ROM from numerous vendors, too.

    This release includes a number of updated software packages, such as the K Desktop Environment 3.5 (KDE), an updated version of the GNOME desktop environment 2.14, the Xfce 4.4 desktop environment, the GNUstep desktop 5.2, X.Org 7.1, OpenOffice.org 2.0.4a, GIMP 2.2.13, Iceweasel (an unbranded version of Mozilla Firefox 2.0.3), Icedove (an unbranded version of Mozilla Thunderbird 1.5), Iceape (an unbranded version of Mozilla Seamonkey 1.0.8), PostgreSQL 8.1.8, MySQL 5.0.32, GNU Compiler Collection 4.1.1, Linux kernel version 2.6.18, Apache 2.2.3, Samba 3.0.24, Python 2.4.4 and 2.5, Perl 5.8.8, PHP 4.4.4 and 5.2.0, Asterisk 1.2.13, and more than 18,000 other ready to use software packages.

    Upgrades to Debian GNU/Linux 4.0 from the previous release, Debian GNU/Linux 3.1 codenamed sarge, are automatically handled by the aptitude package management tool for most configurations, and to a certain degree also by the apt-get package management tool. As always, Debian GNU/Linux systems can be upgraded quite painlessly, in place, without any forced downtime, but it is strongly recommended to read the release notes for possible issues. For detailed instructions about installing and upgrading Debian GNU/Linux, please see the release notes. Please note that the release notes will be further improved and translated to additional languages in the coming weeks.

    Debian GNU/Linux 3.1 updated

    contributed by aba, published on Sat Apr 7 22:17:00 2007 in news, release

    The Debian project has updated the stable distribution Debian GNU/Linux 3.1 (codename Sarge). This update mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

    In preparation for the upcoming release of Debian GNU/Linux 4.0 (codename Etch), Debian GNU/Linux 3.1 will be moved to the 'oldstable' part of the archive. Users who would like to continue using Debian GNU/Linux 3.1 are advised to update their /etc/apt/sources.list network source to refer to 'sarge' instead of 'stable'.

    Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images will be delayed until after the release of Etch and will be available at the regular locations.

    Upgrading to this revision online is usually done by pointing the 'apt' package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

    http://www.debian.org/distrib/ftplist

    Miscellaneous Bugfixes

    This stable update adds a few important corrections to the following packages.

    Package                Reason
    base-installer         Fix for kernel ABI bump (fix regression from 3.1r5)
    glibc                  Get architectures back in sync
    

    Security Updates

    This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.

    Advisory ID   Package(s)               Correction(s)
    DSA 1240      links2                   Arbitrary shell command execution
    DSA 1262      gnomemeeting             Arbitrary code execution
    DSA 1263      clamav                   Denial of service
    DSA 1264      php4                     Several vulnerabilities
    DSA 1265      mozilla                  Several vulnerabilities
    DSA 1266      gnupg                    Signature forgery
    DSA 1267      webcalendar              Remote file inclusion
    DSA 1268      libwpd                   Arbitrary code execution
    DSA 1269      lookup-el                Insecure temporary file
    DSA 1270      openoffice.org           Several vulnerabilities
    DSA 1271      openafs                  Remote privilege escalation
    DSA 1272      tcpdump                  Denial of service
    DSA 1273      nas                      Multiple remote vulnerabilities
    DSA 1274      file                     Arbitrary code execution
    DSA 1275      zope2.7                  Cross-site scripting flaw
    DSA 1276      krb5                     Several vulnerabilities
    DSA 1277      xmms                     Arbitrary code execution
    DSA 1278      man-db                   Arbitrary code execution
    

    The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:

    http://release.debian.org/stable/3.1/3.1r6/

    URLs

    The complete lists of packages that have changed with this revision:

    http://ftp.debian.org/debian/dists/sarge/ChangeLog

    The current stable distribution:

    http://ftp.debian.org/debian/dists/stable

    Proposed updates to the stable distribution:

    http://ftp.debian.org/debian/dists/proposed-updates

    Stable distribution information (release notes, errata etc.):

    http://www.debian.org/releases/stable/

    Security announcements and information:

    http://www.debian.org/security/

    win32-loader 0.3.0 has been released

    contributed by aba, published on Fri Mar 30 08:38:16 2007 in news, release

    Today the developers announced that win32-loader 0.3.0 has been released and is available from http://goodbye-microsoft.com/

    What's new in 0.3.0:

    • Supports compressed NTFS (by uncompressing individual files needed by GRUB).
    • Supports Windows 9x family. Some peculiarities: - Use wget as fallback since NSISdl segfaults (see http://bugs.debian.org/412285) - No reboot is required. It just runs grub.exe and Windows gives full power automatically.

    Debian Installer Etch Release Candidate 2 released

    contributed by Frans Pop, published on Mon Mar 19 14:46:00 2007 in news, release

    The Debian Installer team is proud to announce the second release candidate (RC2) of the installer for Debian GNU/Linux Etch. Unless release critical issues are discovered, this will be the version of the installer that will be included in the release of Etch.

    There are no real major changes in this release, but we have been able to use the time since RC1 to fix quite a few important and minor issues.

    Improvements in this release of the installer

    • This new version of the installer uses and installs the 2.6.18 kernel.
    • Resizing Windows Vista NTFS partitions is now supported.
    • Both the regular (newt frontend) and graphical (gtk frontend) installer now offer a theme using high-contrast colors and increased font size for visually impaired people. This theme can be activated by adding the parameter theme=dark when booting the installer.
    • There have been several important bug fixes and usability improvements in the graphical installer. Most importantly, it is now possible to switch consoles on amd64.
      Information about the graphical installer and the most important differences between the graphical and regular installer has been added in an appendix in the installation guide.
    • In expert mode or by using preseeding it is possible to select the FTP protocol instead of HTTP to access a Debian mirror. The hostname of an FTP mirror can only be entered manually, selection from a list is not supported.
    • The time-out when searching for a security mirror has been reduced significantly. This may mean that a security mirror will not be found if the network connection is bad, but it also means that the time spent waiting if no security mirror is available at all is now acceptable.
    • It is now possible to blacklist a (driver) module by setting a special parameter when the installer is booted. This may help to work around buggy or conflicting kernel modules. See the installation guide for details.
    • Architecture specific:
      • arm: there have been several improvements for the NSLU2:
        • the kernel now uses the Ethernet driver developed by Christian Hohnstaedt
        • the kernel also adds LED support and fixes real time clock support
        • selection of the correct timezone during installation
      • powerpc: RAID installation with macintosh partition tables should now work
      • s390: most usability issues from RC1 have been fixed
    • The following additional languages are now supported: Belarusian, Kurdish; and only in the graphical installer: Georgian, Malayalam.

    No longer supported as of this release

    • The boot parameter to enable the auto mode for preseeding has been changed from auto-install/enabled to auto-install/enable for consistency with rescue mode. The auto alias and boot option remain valid.

    Known issues in this release

    • The installer is currently not able to resize ext3 partitions that have the dir_index and/or resize_inode features enabled. This includes ext3 partitions created with the Etch installer.
      It is possible to manually resize ext3 partitions from a shell during the installation.
    • The sky2 network driver is known to be broken in kernel version 2.6.18.dfsg.1-11 and may cause kernel panics.
    • There are still a few issues for some PowerPC subarchitectures.
    • For sparc32 CD-ROM support is broken in the esp kernel driver; use the netboot installation method instead.
    • Known issues for the graphical installer:
      • some non-US keymaps are not fully supported (deadkeys and combining characters do not work);
      • touchpads should work, but support may not be optimal; if you experience problems, you should use an external mouse instead;
      • limited support for creating encrypted partitions;
      • should work on almost all PowerPC systems that have an ATI graphics card, but is unlikely to work on other PowerPC systems.

    See the errata for details and a full list of known issues.

    New CD/DVD images

    With this release of the installer, Debian also offers some new types of CD/DVD images:
    • a full CD that installs a KDE desktop environment by default
    • a full CD that installs an Xfce desktop environment by default
    • a multi-architecture CD for i386/amd64/powerpc and one for alpha/hppa/ia64 that effectively behave like a netinst CD (the images contain the base system for all three architectures)
    • a multi-architecture DVD for i386/amd64/powerpc which also includes source packages; this makes the image ideal for promotion purposes at trade shows and other events

    Our thanks to everybody who has contributed to this release. Special thanks to Attilio Fiandrotti, the lead developer behind the graphical installer.

    Installation CDs, other media, errata and everything else you'll need are available from our web site.

    Debian GNU/Linux 3.1 Sarge updated (r5)

    published on Sat Feb 17 20:37:30 2007 in news, release

    The Debian project has updated the stable distribution Debian GNU/Linux 3.1 (codename 'sarge'). This update mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

    Please note that this update is the first version of Debian GNU/Linux signed by the off-line Stable Release Key in addition to the on-line ftp-masters key. This might lead to problems for users who have installed a backported version of apt 0.6, but haven't added the Stable Release Key to apt's keyring.

    This update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images are being built right now and will be available soon at the regular locations.

    Upgrading to this revision online is usually done by pointing the 'apt' package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: http://www.debian.org/distrib/ftplist

    Miscellaneous Bugfixes

    This stable update adds a few important corrections to the following packages.

    Package                Reason
    exim                   Update description to reflect upgrade problems.
    glibc                  Update timezone data.
    openvpn                Fix restart of openvpn in init script.
    pinball                Rebuild to get architectures back in sync.
    

    Security Updates

    This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.

    Advisory ID Package(s)               Correction(s)
    DSA  996    libcrypt-cbc-perl        Cryptographic weakness
    DSA 1193    XFree86                  Several vulnerabilities
    DSA 1196    clamav                   Arbitrary code execution
    DSA 1197    python2.4                Arbitrary code execution
    DSA 1198    python-2.3               Arbitrary code execution
    DSA 1199    webmin                   Input validation problems
    DSA 1200    qt-x11-free              Integer overflow
    DSA 1201    ethereal                 Denial of service
    DSA 1202    screen                   Arbitrary code execution
    DSA 1203    libpam-ldap              Access control bypass
    DSA 1204    ingo1                    Arbitrary shell command execution
    DSA 1205    thttpd                   Insecure temporary file creation
    DSA 1206    php4                     Several vulnerabilities
    DSA 1207    phpmyadmin               Several vulnerabilities
    DSA 1208    bugzilla                 Several vulnerabilities
    DSA 1209    trac                     Cross-site request forgery
    DSA 1210    mozilla-firefox          Several vulnerabilities
    DSA 1211    pdns                     Arbitrary code execution
    DSA 1212    openssh                  Denial of service
    DSA 1213    imagemagick              Several vulnerabilities
    DSA 1214    gv                       Arbitrary code execution
    DSA 1215    xine-lib                 Execution of arbitrary code
    DSA 1216    flexbackup               Denial of service
    DSA 1217    linux-ftpd               Access control bypass
    DSA 1218    proftpd                  Denial of service
    DSA 1219    texinfo                  Multiple vulnerabilities
    DSA 1220    pstotext                 Arbitrary shell command execution
    DSA 1221    libgsf                   Arbitrary code execution
    DSA 1222    proftpd                  Several vulnerabilities
    DSA 1223    tar                      Arbitrary file overwrite
    DSA 1224    mozilla                  Several vulnerabilities
    DSA 1225    mozilla-firefox          Several vulnerabilities
    DSA 1226    links                    Arbitrary shell command execution
    DSA 1227    mozilla-thunderbird      Several vulnerabilities
    DSA 1228    elinks                   Arbitrary shell command execution
    DSA 1229    asterisk                 Arbitrary code execution
    DSA 1230    l2tpns                   Buffer overflow
    DSA 1231    gnupg                    Arbitrary code execution
    DSA 1232    clamav                   Denial of service
    DSA 1233    kernel-source-2.6.8      Several vulnerabilities
    DSA 1234    ruby1.6                  Denial of service
    DSA 1235    ruby1.8                  Denial of service
    DSA 1236    enemies-of-carlotta      Missing sanity checks
    DSA 1237    kernel-source-2.4.27     Several vulnerabilities
    DSA 1238    clamav                   Several vulnerabilities
    DSA 1239    sql-ledger               Arbitrary code execution
    DSA 1241    squirrelmail             Cross-site scripting
    DSA 1242    elog                     Arbitrary code execution
    DSA 1243    evince                   Arbitrary code execution
    DSA 1244    xine-lib                 Arbitrary code execution
    DSA 1245    proftpd                  Denial of service
    DSA 1246    openoffice.org           Arbitrary code execution
    DSA 1247    libapache-mod-auth-kerb  Remote denial of service
    DSA 1248    libsoup                  Denial of service
    DSA 1249    xfree86                  Privilege escalation
    DSA 1250    cacti                    Arbitrary code execution
    DSA 1251    netrik                   Arbitary shell command execution
    DSA 1252    vlc                      Arbitrary code execution
    DSA 1253    mozilla-firefox          Several vulnerabilities
    DSA 1254    bind9                    Denial of service
    DSA 1255    libgtop2                 Arbitrary code execution
    DSA 1256    gtk+2.0                  Denial of service
    DSA 1257    samba                    Several vulnerabilities
    DSA 1258    mozilla-thunderbird      Several vulnerabilities
    DSA 1259    fetchmail                Information disclosure
    DSA 1260    imagemagick              Arbitrary code execution
    DSA 1261    postgresql               Several vulnerabilities
    

    The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:

    http://release.debian.org/stable/3.1/3.1r5/

    URLs

    The complete lists of packages that have changed with this revision:

    http://ftp.debian.org/debian/dists/sarge/ChangeLog

    The current stable distribution:

    http://ftp.debian.org/debian/dists/stable

    Proposed updates to the stable distribution:

    http://ftp.debian.org/debian/dists/proposed-updates

    Stable distribution information (release notes, errata etc.):

    http://www.debian.org/releases/stable/

    Security announcements and information:

    http://www.debian.org/security/

    Key expiry breaks most D-I Etch RC1 images

    published on Fri Feb 16 19:30:00 2007 in news, release

    The expiration of the Debian archive's signing key for 2006 has broken most of the installation media from etch RC1. The only RC1 images that should remain usable are the full installation CDs and DVDs, but only when used without a network mirror.

    Final preparations have begun for the second release candidate of the Debian Installer for Etch, and we hope to get RC2 out as soon as possible to fix this.

    In the meantime, if you need to use one of the other installation methods, use the daily built images. This will also help us with pre-release testing for RC2, so please file installation reports!

    Update

    Full CD and DVD images are now available again from the D-I project homepage, for all architectures (except S/390). The now available images are virtually identical to what will be released as D-I RC2, so testing and installation reports are most welcome.

    Etch Release Update

    published on Sun Dec 24 09:52:09 2006 in news, release

    Andreas Barth from the Debian Release Team posted another release update. He reported that security support for the next stable version 4.0, codename Etch, ist now available. He also gave an overview of the current status of linux-2.6 and the other release blockers. According to his posting also the release notes and the installation manual still needs some love before Etch can be released.

    Etch frozen

    published on Mon Dec 11 10:42:20 2006 in news, release

    The Debian Release Team announced that the next stable version 4.0, codenamed Etch, has been frozen now. This means that only urgent changes will be done to Etch, in order to get the numbers of release critical bugs even more down, and release Etch soon.

    Release update: Etch+1 = Lenny, Call for Testing, Time shift

    published on Thu Nov 16 16:03:04 2006 in news, release

    The Debian Release Team published today a new release update, http://lists.debian.org/debian-devel-announce/2006/11/msg00004.html.

    A few days since the debian-installer has released their Release Candidate 1 for Etch the release team has called for testing the new installer, and also to start with upgrade reports. The draft of the release notes on http://www.debian.org/releases/etch/ together with the current open issues on http://bugs.debian.org/release-notes/ is fairly accurate. However, there is currently no security support. While security support for embargoed issues is not yet available for etch and there are release-critical bugs yet to resolve, the release team is "happy to remind you that even before the freeze, testing is of very high quality; [...] just not quite the perfection we look for in a release".

    The release team also announced that the next release after Etch will be codenamed Lenny.

    Debian Installer Etch Release Candidate 1 released

    published on Tue Nov 14 08:59:01 2006 in news, release

    The Debian Installer team is proud to announce the first release candidate (RC1) of the installer for Debian GNU/Linux Etch.

    Improvements in this release of the installer

    • This new version of the installer uses and installs the 2.6.17 kernel which is now the default for all architectures.
    • The installer will now create ext3 partitions with important options like resize_inode and dir_index enabled by default; the first means that on-line resizing of ext3 partitions is supported.
    • The 2.6.17 kernel should support installing from most CD-ROM/DVD drives in systems with a SATA controller. However, there are known issues in 2.6.17 with some controllers that have been fixed in 2.6.18.
    • Guided partitioning now also supports setting up the system on an encrypted LVM partition.
    • Because of the previous change, the user interface for guided partitioning was modified: users are now asked first for the type of guided partitioning to be done and next for the disk to be used. This change also affects preseeding 1).
    • Improved support for fully automated installations 1).
    • It is now possible to partition multiple disks with software RAID (levels 0, 1 and 5) using preseeding 1).
    • When configuring the network using DHCP, the installer will send vendor-option-string "d-i". Using this the DHCP server can be set up to tell the installer which preconfiguration file to use 1).
    • Because SELinux has been made standard priority, newly installed systems will have SELinux support. However, to actually use SELinux, this needs to be enabled manually after the installation.
    • Architecture specific:
      • i386: installation from floppy disk is supported again
      • arm: the Linksys NSLU2 has switched to the generic ixp4xx kernel and now uses APEX as the 2nd stage boot loader; using APEX allows to work around the NSLU2's 1 MB kernel limit
      • arm: support for the sub-architecture IOP32x has been added; the first device that is supported is the GLAN Tank
    • Added the following languages (for the graphical installer only): Gujarati.

    No longer supported as of this release

    • Installation using a 2.4 kernel.
    • The following languages have been dropped because their translations were not sufficiently complete to be included in the Etch release: Belarusian, Gaelic (Irish), Georgian, Icelandic, Kazakh, Malagasy, Northern Sami, Persian, Welsh, Xhosa.

    Known issues in this release

    • Partition resizing using partman may result in data loss if the starting sector of the partition is not at the start of a cylinder.
      This has been observed in particular for NTFS partitions created during installation of Windows Vista Beta 2. Resizing of NTFS partitions created by earlier Windows versions should still work.
      Because of this resizing of NTFS partitions containing Windows Vista has been blocked.
    • There are some usability issues for S/390 installs.
    • There are still various issues for some powerpc subarchitectures.
    • For sparc32 CD-ROM support is broken in the esp kernel driver; use the netboot installation method instead.
    • For SGI Indigo2 systems (mips) keyboard support may still be broken (#382983).
    • VGA console on TITAN- and TSUNAMI-class systems (alpha) is not supported; this is expected to be fixed for RC2.
    • Known issues for the graphical installer:
      • some tasks (e.g. the File server task) may not install correctly due to bug #282147
      • switching consoles will crash the frontend on amd64
      • support for keymaps other than US has improved, but there are still some issues (deadkeys and combining characters do not work)
      • limited support for creating encrypted partitions
      • touchpads may not work correctly; use an external mouse instead
      • should work on almost all PowerPC systems that have an ATI graphics card, but is unlikely to work on other PowerPC systems.

    See the errata for details and a full list of known issues.

    Note that at least one more release of the installer is expected before Etch is released; this next release of the installer will use the 2.6.18 kernel.

    Our thanks to everybody who has contributed to this release. Special thanks to Sylvain Ferriol for his work on 2.6 based installation floppies for i386.

    Installation CDs, other media, errata and everything else you'll need are available from our web site.

    Notes

    1. These changes are documented in the development version of the installation guide in the appendix "Automating the installation using preseeding".

    Etch will be LSB 3.1-certified

    published on Wed Nov 1 21:17:51 2006 in news, release

    Today, the Debian Release Managers announced in a mail to all developers, http://lists.debian.org/debian-devel-announce/2006/11/msg00000.html that the upcoming stable release 4.0, codename "Etch" will be certified according to the Linux Standard Base (LSB) version 3.1.

    LSB is an important cross-distribution standard for binary compatibility, to ease application vendors development for linux-base binaries.

    Debian is currently busy preparing the next stable release, which is targetted for December 2006.

    Preparations for etch RC1 release will break most beta 3 images

    published on Wed Oct 18 08:10:56 2006 in news, release

    Final preparations have begun for the first release candidate of Debian Installer for Etch. The changes to the Debian archive are known to break most of the installation media from etch beta 3. We hope to get RC1 out as soon as possible to fix this.

    The only images that should remain usable are the full installation CDs and DVDs. The other CD images are possibly still usable, but that is not guaranteed.

    In the meantime, if you need to use one of the other installation methods, use the daily built images. This will also help us with pre-release testing for RC1, so please file installation reports!

    BSP Marathon - Munich, 14 - 15 Oct 2006

    published on Tue Oct 17 18:54:12 2006 in event-reports, release

    The weekend of the 14th-15th October saw my third BSP in as many weekends, this time in Munich. Andreas Barth was in charge of the organisation, and the LiMux development team were kind enough to host us for the weekend at their offices in the centre of the city.

    Andi, Zobel and I headed into the office early on Saturday morning, ready to start hitting RC bugs. Others joined us during the morning, and we got to a total of 10 people working on fixing bugs. Personally I looked through many of the bugs listed on Andreas' page. It was heartening to see that a very large number of the RC bugs were already well in hand, with patches available and in lots of cases uploads already made. I spent some time looking into #389287, #392398, #389375 and #262440. I also helped out several other developers with their own bug fixes, giving out accounts on my wide range of machines at home so that they could debug on different architectures.

    We worked late into the evening, ordering in pizza and then later cooking in the offices. I moved onto some more debian-cd hacking later on, making real progress and getting almost to the point of having my multi-arch CDs working. As always, there was a lot of discussion about the general issues in Debian, especially the 4 GRs that were due to finish that evening.

    On Sunday morning, things started slightly later as we took breakfast at the office. There was more discussion of the GRs, and the results were generally well received by the group. We continued looking into the RC list; I investigated #389434, but struggled to make much progress.

    At lunchtime, we quickly(!) headed into the city to see the famous Glockenspiel at the city hall, and went for a quick tour of the historic city centre so that us non-locals could see something of the city outside of the office. We returned and picked up on the bug-killing for a couple of hours. Then the LiMux guys showed us some of their work, and gave us a demo of the project. More on that later...

    Unfortunately, I had to head back for my flight comparatively early this weekend so I couldn't stay around for very long after the demo. Despite the last-minute attempt by an S-Bahn ticket machine to delay my trip to the airport, I got back without incident and even landed early at Stansted.

    The Germans I met this weekend were very serious about getting work done, and their efforts are much appreciated. With more people helping to reduce the RC bug counts, we should have no problem releasing Etch in December. Let's keep up the good work...! As always, my meagre attempts at photography are online now.

    (Contributed by Steve McIntyre, http://blog.einval.com/2006/10/17#2006_Munich)

    Debian Installer - Call for testing

    published on Tue Oct 17 12:26:48 2006 in news, release

    Preparations for Release Candidate 1 of the installer have now really started. All important functional changes are now included in the daily images.

    In order improve the quality of the release and reduce the number of nasty surprises afterwards, it would be great if we could get some help testing the installer during this week.

    Please make sure you use one of the daily built images available from: http://www.debian.org/devel/debian-installer/ or http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/

    and file an installation report with your findings: http://d-i.alioth.debian.org/manual/en.i386/ch05s03.html#submit-bug

    See this wiki page for a general overview of the planned release, including known issues: http://wiki.debian.org/DebianInstaller/EtchRC1Prep

    Testing the installer for your favorite architecture(s)

    This is the main focus for this call for testing. Please let us know if there are any important issues, especially regressions from previous releases. If you can, try different installation methods.

    Note that the installer still uses 2.6.17. Main reason is that 2.6.18 is not yet ready to migrate to testing and switching to 2.6.18 would therefore block RC1 of d-i. Depending on the kernel team and RMs, we may still switch to 2.6.18 before RC1, but switching immediately afterwards looks more likely.

    Other things to test

    There is a number of other things that could be tested, mostly new functionality that was added recently:

    • graphical installer, especially whether your mouse and touchpad work correctly
    • crypto support in partman: the installer now has crypto support both for guided [1] and manual [2] partitioning; thorough tests, including of the actual security of the installed system, very, very welcome
    • automatic raid partitioning (preseeded only [1])
    • 2.6 based installation floppies for i386
    • support for non-standard filesystems (i.e. anything other than ext3)
    • if you speak a language other than English, consider installing in that language; note that one last round of translation updates is still planned, but reports of issues are still appreciated

    [1]http://d-i.alioth.debian.org/manual/en.i386/ch06s03.html#di-partition [2]http://d-i.alioth.debian.org/manual/en.i386/ch06s03.html#partman-crypto [3]http://d-i.alioth.debian.org/manual/en.i386/apbs04.html#preseed-partman-raid