Troubleshooting common issues
Could not read EFI vars under RT kernel
Due to high latency, EFI variable access is apparently disabled by default on RT kernel (see patch). You could enable things by passing kernel command line efi=runtime
How to tell if you’ve booted via UEFI
The Debian installer splash screen will say it’s the UEFI installer, and will look slightly different to the equivalent screen in BIOS mode. BIOS boot is done via isolinux/syslinux, but UEFI boot is done using grub.
|
BIOS boot in d-i |
UEFI boot in d-i |
Later on, the thing to look for is the directory /sys/firmware/efi. If that exists, the system is running in UEFI mode.
Diagnosing problems with boot order
efibootmgr is your friend. Run it without parameters to simply list the boot options and boot order on your system, or add -v for more detail of where each boot entry points.
After that, check to see if you have Secure Boot enabled — we didn’t support Secure Boot until version 10.0 (Buster).
If that still doesn’t help, you may have a buggy firmware implementation. Try installing to the removable media path — see above for instructions.
grub-install unable to set up boot variables
There are a few circumstances that can cause this problem.
A common cause on x86 PC-type systems is using an EFI System Partition that is not accessible to the firmware (e.g by using ). This will show errors like the following:
Installing for x86_64-efi platform. grub-install: warning: efivarfs_get_variable: open(/sys/firmware/efi/efivars/blk0-47c7b225-c42a-11d2-8e57-00a0c969723b): No such file or directory. grub-install: warning: efi_get_variable: ops->get_variable failed: No such file or directory. grub-install: warning: efi_va_generate_file_device_path_from_esp: could not open device for ESP: Bad address. grub-install: warning: efi_generate_file_device_path_from_esp: could not generate File DP from ESP: Bad address. grub-install: error: failed to register the EFI boot entry: Bad address. Failed: grub-install --target=x86_64-efi --force-extra-removable WARNING: Bootloader is not properly installed, system may not be bootable
Another common cause for failure here is firmware that supports some of the UEFI interfaces needed for boot, but not runtime setting of UEFI boot variables. This is (currently) most commonly seen on smaller arm64 systems that use U-Boot, e.g. the Rock64. This will look something like:
Installing for arm64-efi platform. grub-install: warning: Cannot set EFI variable Boot0000. grub-install: warning: efivarfs_set_variable: failed to open /sys/firmware/efi/efivars/Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c for writing: Read-only file system. grub-install: warning: _efi_set_variable_mode: ops->set_variable() failed: Read-only file system. grub-install: error: failed to register the EFI boot entry: Read-only file system.
In both cases, the easiest workaround is to tweak configuration for grub-efi-ARCH using dpkg-reconfigure. As already mentioned , it is possible to configure Debian’s grub-efi packages to install to the removable media path. It’s also possible to tell them to not attempt to update UEFI boot variables in the NVRAM:
Doing both of these will stop the errors here. We hope that in future these workarounds will not be necessary, at least for most users.
Missing features
Although Debian releases since Wheezy (7.0) have included general UEFI support, there were some features that have were not implemented immediately.
UEFI support in live images
Since the first release of Stretch (9.0), UEFI has been supported on both installation and live images.
In previous releases UEFI support existed only in Debian’s installation images. The accompanying live images did not have support for UEFI boot.
UEFI Secure Boot
Debian has supported UEFI Secure Boot from Buster (10.0) onwards for amd64, i386 and arm64. See SecureBoot for more details on how this works. It is supported for all the installation media and live media that we create for these three platforms.
RAID for the EFI System Partition
This is arguably a mis-design in the UEFI specification — the ESP is a single point of failure on one disk. For systems with hardware RAID, that will provide some backup in case of disk failure. But for software RAID systems there is currently no support for putting the ESP on two separate disks in RAID. There might be a way to do something useful with fallback options, but this will need some investigation…
Security Updates
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
| Advisory ID | Package |
|---|---|
| DSA-4509 | apache2 |
| DSA-4511 | nghttp2 |
| DSA-4512 | qemu |
| DSA-4514 | varnish |
| DSA-4515 | webkit2gtk |
| DSA-4516 | firefox-esr |
| DSA-4517 | exim4 |
| DSA-4518 | ghostscript |
| DSA-4519 | libreoffice |
| DSA-4520 | trafficserver |
| DSA-4521 | docker.io |
| DSA-4523 | thunderbird |
| DSA-4524 | dino-im |
| DSA-4525 | ibus |
| DSA-4526 | opendmarc |
| DSA-4527 | php7.3 |
| DSA-4528 | bird |
| DSA-4530 | expat |
| DSA-4531 | linux-signed-amd64 |
| DSA-4531 | linux-signed-i386 |
| DSA-4531 | linux |
| DSA-4531 | linux-signed-arm64 |
| DSA-4532 | spip |
| DSA-4533 | lemonldap-ng |
| DSA-4534 | golang-1.11 |
| DSA-4535 | e2fsprogs |
| DSA-4536 | exim4 |
| DSA-4538 | wpa |
| DSA-4539 | openssl |
| DSA-4539 | openssh |
| DSA-4541 | libapreq2 |
| DSA-4542 | jackson-databind |
| DSA-4543 | sudo |
| DSA-4544 | unbound |
| DSA-4545 | mediawiki |
| DSA-4547 | tcpdump |
| DSA-4549 | firefox-esr |
| DSA-4550 | file |
| DSA-4551 | golang-1.11 |
| DSA-4553 | php7.3 |
| DSA-4554 | ruby-loofah |
| DSA-4555 | pam-python |
| DSA-4556 | qtbase-opensource-src |
| DSA-4557 | libarchive |
| DSA-4558 | webkit2gtk |
| DSA-4559 | proftpd-dfsg |
| DSA-4560 | simplesamlphp |
| DSA-4561 | fribidi |
| DSA-4562 | chromium |
Booting from removable media
If there are no boot variables pointing to a bootloader program in the ESP, or if the user has told the system appropriately, it will look for bootloaders in certain specific paths too. On each device, it will look for FAT32 filesystems. Within each of those, it will look for a specifically-named bootloader file, again with a different name per architecture:
|
Architecture |
Path |
|
amd64 |
\EFI\boot\bootx64.efi |
|
i386 |
\EFI\boot\bootia32.efi |
|
arm64 |
\EFI\boot\bootaa64.efi |
|
armhf |
\EFI\boot\bootarm.efi |
The different names are deliberate — it allows for one disk or CD to contain boot files for multiple architectures with no clashes.
On Debian installation media, each of these files is again a copy of grub-efi with sufficient built-in code and configuration to find the rest of the system from there.
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
| Package | Reason |
|---|---|
| base-files | Update for the point release |
| choose-mirror | Update mirror list |
| cups | Fix ‘printer-alert’ invalid free |
| dav4tbsync | New upstream release, compatible with newer Thunderbird versions |
| debian-installer | Use 4.19.0-13 Linux kernel ABI; add grub2 to Built-Using |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| distro-info-data | Add Ubuntu 21.04, Hirsute Hippo |
| dpdk | New upstream stable release; fix remote code execution issue , TOCTOU issues , buffer overflow , buffer over read and integer underflow ; fix armhf build with NEON |
| eas4tbsync | New upstream release, compatible with newer Thunderbird versions |
| edk2 | Fix integer overflow in DxeImageVerificationHandler |
| efivar | Add support for nvme-fabrics and nvme-subsystem devices; fix uninitialized variable in parse_acpi_root, avoiding possible segfault |
| enigmail | Introduce migration assistant to Thunderbird’s built-in GPG support |
| espeak | Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed |
| fastd | Fix memory leak when receiving too many invalid packets |
| fish | Ensure TTY options are restored on exit |
| freecol | Fix XML External Entity vulnerability |
| gajim-omemo | Use 12-byte IV, for better compatibility with iOS clients |
| glances | Listen only on localhost by default |
| iptables-persistent | Don’t force-load kernel modules; improve rule flushing logic |
| lacme | Use upstream certificate chain instead of an hardcoded one, easing support for new Let’s Encrypt root and intermediate certificates |
| libdatetime-timezone-perl | Update included data to tzdata 2020d |
| libimobiledevice | Add partial support for iOS 14 |
| libjpeg-turbo | Fix denial of service , buffer over read , possible remote code execution , buffer over read |
| libxml2 | Fix denial of service , NULL pointer dereference , infinite loop , memory leak , infinite loop |
| linux | New upstream stable release |
| linux-latest | Update for 4.19.0-13 kernel ABI |
| linux-signed-amd64 | New upstream stable release |
| linux-signed-arm64 | New upstream stable release |
| linux-signed-i386 | New upstream stable release |
| lmod | Change architecture to any— required due to LUA_PATH and LUA_CPATH being determined at build time |
| mariadb-10.3 | New upstream stable release; security fixes |
| mutt | Ensure IMAP connection is closed after a connection error |
| neomutt | Ensure IMAP connection is closed after a connection error |
| node-object-path | Fix prototype pollution in set() |
| node-pathval | Fix prototype pollution |
| okular | Fix code execution via action link |
| openjdk-11 | New upstream release; fix JVM crash |
| partman-auto | Increase /boot sizes in most recipes to between 512 and 768M, to better handle kernel ABI changes and larger initramfses; cap RAM size as used for swap partition calculations, resolving issues on machines with more RAM than disk space |
| pcaudiolib | Cap cancellation latency to 10ms |
| plinth | Apache: Disable mod_status |
| puma | Fix HTTP injection and HTTP smuggling issues |
| ros-ros-comm | Fix integer overflow |
| ruby2.5 | Fix potential HTTP request smuggling vulnerability in WEBrick |
| sleuthkit | Fix stack buffer overflow in yaffsfs_istat |
| sqlite3 | Fix division by zero , NULL pointer dereference , mishandling of NULL pathname during an update of a ZIP archive , mishandling of embedded NULs in filenames , possible crash (unwinding WITH stack) , integer overflow , segmentation fault , use-after-free issue , NULL pointer dereference , heap overflow |
| systemd | Basic/cap-list: parse/print numerical capabilities; recognise new capabilities from Linux kernel 5.8; networkd: do not generate MAC for bridge device |
| tbsync | New upstream release, compatible with newer Thunderbird versions |
| tcpdump | Fix untrusted input issue in the PPP printer |
| tigervnc | Properly store certificate exceptions in native and java VNC viewer |
| tor | New upstream stable release; multiple security, usability, portability, and reliability fixes |
| transmission | Fix memory leak |
| tzdata | New upstream release |
| ublock-origin | New upstream version; split plugin to browser-specific packages |
| vips | Fix use of uninitialised variable |
Booting a UEFI machine normally
Regular UEFI boot has several lists of possible boot entries, stored in UEFI config variables (normally in NVRAM), and boot order config variables stored alongside them. It allows for many different boot options, and a properly-defined fallback order. In many cases, you can even list and choose which OS / boot loader to use from the system boot menu (similar to the boot device menu implemented in many BIOSes). Unfortunately, a lot of PC UEFI implementations have got this wrong and so don’t work properly.
The correct way for this to work when booting off local disk is for a boot variable to point to a vendor-specific bootloader program in
\EFI\$vendor\$bootloader.efi
on the EFI System Partition (ESP), a specially tagged partition which is normally formatted using FAT32.
Debian installs grub-efi for its EFI bootloader, as:
|
Architecture |
Path |
|
amd64 |
\EFI\debian\grubx64.efi |
|
i386 |
\EFI\debian\grubia32.efi |
|
arm64 |
\EFI\debian\grubaa64.efi |
|
armhf |
\EFI\debian\grubarm.efi |
Each version of GRUB here contains all the code and configuration that GRUB needs to work from that point.
By using separate vendor directories like this, UEFI allows for clean interoperability between vendors. If only the firmware developers were competent… Some implementations ignore the boot order altogether, some filter it and will only run things that claim to be «Windows», etc. See below for tips on how to work around some of the known bugs in broken UEFI implementations.
Security Updates
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
| Advisory ID | Package |
|---|---|
| DSA-4797 | webkit2gtk |
| DSA-4801 | brotli |
| DSA-4802 | thunderbird |
| DSA-4803 | xorg-server |
| DSA-4804 | xen |
| DSA-4805 | trafficserver |
| DSA-4806 | minidlna |
| DSA-4807 | openssl |
| DSA-4808 | apt |
| DSA-4809 | python-apt |
| DSA-4810 | lxml |
| DSA-4811 | libxstream-java |
| DSA-4812 | xen |
| DSA-4813 | firefox-esr |
| DSA-4814 | xerces-c |
| DSA-4815 | thunderbird |
| DSA-4816 | mediawiki |
| DSA-4817 | php-pear |
| DSA-4818 | sympa |
| DSA-4819 | kitty |
| DSA-4820 | horizon |
| DSA-4821 | roundcube |
| DSA-4822 | p11-kit |
| DSA-4823 | influxdb |
| DSA-4824 | chromium |
| DSA-4825 | dovecot |
| DSA-4827 | firefox-esr |
| DSA-4828 | libxstream-java |
| DSA-4829 | coturn |
| DSA-4830 | flatpak |
| DSA-4831 | ruby-redcarpet |
| DSA-4832 | chromium |
| DSA-4833 | gst-plugins-bad1.0 |
| DSA-4834 | vlc |
| DSA-4835 | tomcat9 |
| DSA-4837 | salt |
| DSA-4838 | mutt |
| DSA-4839 | sudo |
| DSA-4840 | firefox-esr |
| DSA-4841 | slurm-llnl |
| DSA-4843 | linux-latest |
| DSA-4843 | linux-signed-amd64 |
| DSA-4843 | linux-signed-arm64 |
| DSA-4843 | linux-signed-i386 |
| DSA-4843 | linux |
History and naming
UEFI started life as Intel’s EFI specification. It was first seen in the wild on Itanium (ia64) machines and that’s where Debian’s first support started too.
Later, Intel passed control over the EFI specification to the UEFI Forum and they continued developing newer versions of the specification. The U for Unified was added to the name at this point. In most references here and elsewhere on the net, EFI and UEFI are interchangeable terms to describe the same thing.
There are multiple further bits of terminology here, and things are often confused. So let’s explain!
-
UEFI is actually a set of interface specifications, nothing more.
-
The reference implementation of the UEFI specifications is called edk2 or EDK II (EFI Development Kit, version 2). Code can be found at https://github.com/tianocore/edk2 .
-
Tianocore is the name of the upstream development group working on the Open Source EDK II project — see https://www.tianocore.org/ for more information.
-
OVMF (Open Virtual Machine Firmware) is a build of edk2 designed to be used as firmware for a virtual machine.
Many commercial UEFI firmware implementations are built on top of edk2, with changes commonly being made to add platform initialisation and a pretty GUI on the front end.
Security Updates
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
| Advisory ID | Package |
|---|---|
| DSA-4259 | ruby2.3 |
| DSA-4332 | ruby2.3 |
| DSA-4341 | mariadb-10.1 |
| DSA-4373 | coturn |
| DSA-4374 | qtbase-opensource-src |
| DSA-4377 | rssh |
| DSA-4385 | dovecot |
| DSA-4387 | openssh |
| DSA-4388 | mosquitto |
| DSA-4389 | libu2f-host |
| DSA-4390 | flatpak |
| DSA-4391 | firefox-esr |
| DSA-4392 | thunderbird |
| DSA-4393 | systemd |
| DSA-4394 | rdesktop |
| DSA-4396 | ansible |
| DSA-4397 | ldb |
| DSA-4398 | php7.0 |
| DSA-4399 | ikiwiki |
| DSA-4400 | openssl1.0 |
| DSA-4401 | wordpress |
| DSA-4402 | mumble |
| DSA-4403 | php7.0 |
| DSA-4405 | openjpeg2 |
| DSA-4406 | waagent |
| DSA-4407 | xmltooling |
| DSA-4408 | liblivemedia |
| DSA-4409 | neutron |
| DSA-4410 | openjdk-8 |
| DSA-4411 | firefox-esr |
| DSA-4412 | drupal7 |
| DSA-4413 | ntfs-3g |
| DSA-4414 | libapache2-mod-auth-mellon |
| DSA-4415 | passenger |
| DSA-4416 | wireshark |
| DSA-4417 | firefox-esr |
| DSA-4418 | dovecot |
| DSA-4419 | twig |
| DSA-4420 | thunderbird |
| DSA-4422 | apache2 |
| DSA-4423 | putty |
| DSA-4424 | pdns |
| DSA-4425 | wget |
| DSA-4426 | tryton-server |
| DSA-4427 | samba |
| DSA-4428 | systemd |
| DSA-4429 | spip |
| DSA-4430 | wpa |
| DSA-4431 | libssh2 |
| DSA-4432 | ghostscript |
| DSA-4433 | ruby2.3 |
| DSA-4434 | drupal7 |
Как обновить Debian 9 до 10
1. Очистка системы
Первое правило безопасного обновления — чем меньше программного обеспечения установлено в вашей системе, тем выше шансы, что обновление пройдет без проблем. Сторонние пакеты, а тем более PPA и другие репозитории очень сильно уменьшают шансы того, что обновление пройдет без проблем. Поэтому перед обновлением лучше удалить все пакеты из системы.
Вы можете найти все сторонние пакеты с помощью утилиты aptitude:
Эта команда выведет все пакеты, которых больше нет в официальном репозитории потому, что они были удалены, а также пакеты, установленные вручную. Такие пакеты желательно удалить.
2. Обновление существующей системы
Второе правило для выполнения максимально безопасного обновления — ваша система должна быть обновлена до самой последней версии. Для этого выполните:
Если все прошло хорошо, выполните проверку целостности базы данных:
Затем проверьте нет ли отложенных пакетов:
Отложенные пакеты не могут быть обновлены, они могут стать проблемой при обновлении до Debian 10. Прежде чем пойти дальше исправьте все проблемы, эта команда может вам помочь:
3. Настройка репозиториев
Теперь наша система полностью обновлена и готова к переходу на новую версию и вот ответ на вопрос как обновить debian 9 до debian 10. Для этого нужно отредактировать файл /etc/apt/sources.list и заменить в нем все репозитории stretch на buster. Сначала создайте резервную копию существующего файла:
![Oбновление debian gnu/linux 8 "jessie" до debian 9 "stretch" методом in-place upgrade [вики it-kb]](https://smartshop124.ru/wp-content/uploads/8/5/c/85cd936e3c16b77266966307d3cbfb0c.jpeg)
![Oбновление debian gnu/linux 8 "jessie" до debian 9 "stretch" методом in-place upgrade [вики it-kb]](https://smartshop124.ru/wp-content/uploads/3/2/0/320f347c922f59495da079a8093e8a3c.jpeg)
Затем откройте файл для редактирования, с помощью vim или apt edit sources и замените все вхождения слова stretch на buster:
#БЫЛО:
#СТАЛО:
Вместо ручного редактирования вы можете использовать команду sed, но лучше сделать вручную:
Далее сохраните изменения если использовали редактор и обновите список репозиториев:
Следующей командой вы можете посмотреть список пакетов для обновления:
4. Обновление до Debian 10
Все подготовительные шаги завершены и нам остался последний — обновить Debian 9 до 10. Для этого выполните команды:
Во время обновления установщик может попросить разрешение на перезапуск нескольких системных служб. Это приостановит процесс установки и чтобы его продолжить вам придется согласится. Обновление займет некоторое время, в зависимости от скорости вашего интернета и производительности процессора. Теперь вы знаете как обновиться до Debian 10.
5. Проверка версии системы
После завершения обновления перезагрузите компьютер. Далее вы можете проверить насколько все успешно прошло с помощью команды:
Здесь вы должны увидеть, что у вас установлена десятая версия системы.
Disk partitioning: MS-DOS and GPT
Historically, the most common method of partitioning disks on PC platforms has been the MS-DOS standard using a Master Boot Record (MBR) and a tiny limited partition table with space to describe only 4 «primary» partitions. This is what BIOS systems still use to date. There are several important limitations that come with this scheme, but the most obvious one is the size limit of 2TB per disk. Back when this partitioning format was invented, a 100MB disk was large. Today, multi-terabyte disks are the norm.
UEFI also includes support for a newer partitioning format: the GUID Partition Table (GPT). It’s much more flexible than the MS-DOS option, including:
- many more partitions (up to 128 per disk)
- much larger disks (up to 8ZB: 8,000,000,000 TB)
- much better definitions of what each partition might be used for
Removed packages
The following packages were removed due to circumstances beyond our control:
| Package | Reason |
|---|---|
| adblock-plus-element-hiding-helper | Incompatible with newer firefox-esr versions |
| all-in-one-sidebar | Incompatible with newer firefox-esr versions |
| autofill-forms | Incompatible with newer firefox-esr versions |
| automatic-save-folder | Incompatible with newer firefox-esr versions |
| classic-theme-restorer | Incompatible with newer firefox-esr versions |
| colorfultabs | Incompatible with newer firefox-esr versions |
| custom-tab-width | Incompatible with newer firefox-esr versions |
| dactyl | Incompatible with newer firefox-esr versions |
| downthemall | Incompatible with newer firefox-esr versions |
| dvips-fontdata-n2bk | Empty package |
| firebug | Incompatible with newer firefox-esr versions |
| firegestures | Incompatible with newer firefox-esr versions |
| firexpath | Incompatible with newer firefox-esr versions |
| flashgot | Incompatible with newer firefox-esr versions |
| form-history-control | Incompatible with newer firefox-esr versions |
| foxyproxy | Incompatible with newer firefox-esr versions |
| gitlab | Open security issues, hard to backport fixes |
| greasemonkey | Incompatible with newer firefox-esr versions |
| intel-processor-trace | Only useful on Intel architectures |
| itsalltext | Incompatible with newer firefox-esr versions |
| knot-resolver | Security issues, hard to backport fixes |
| lightbeam | Incompatible with newer firefox-esr versions |
| livehttpheaders | Incompatible with newer firefox-esr versions |
| lyz | Incompatible with newer firefox-esr versions |
| npapi-vlc | Incompatible with newer firefox-esr versions |
| nukeimage | Incompatible with newer firefox-esr versions |
| openinbrowser | Incompatible with newer firefox-esr versions |
| perspectives-extension | Incompatible with newer firefox-esr versions |
| pwdhash | Incompatible with newer firefox-esr versions |
| Broken due to upstream changes | |
| python-tvrage | Useless after tvrage.com shutdown |
| reloadevery | Incompatible with newer firefox-esr versions |
| sage-extension | Incompatible with newer firefox-esr versions |
| scrapbook | Incompatible with newer firefox-esr versions |
| self-destructing-cookies | Incompatible with newer firefox-esr versions |
| spdy-indicator | Incompatible with newer firefox-esr versions |
| status-4-evar | Incompatible with newer firefox-esr versions |
| stylish | Incompatible with newer firefox-esr versions |
| tabmixplus | Incompatible with newer firefox-esr versions |
| tree-style-tab | Incompatible with newer firefox-esr versions |
| ubiquity-extension | Incompatible with newer firefox-esr versions |
| uppity | Incompatible with newer firefox-esr versions |
| useragentswitcher | Incompatible with newer firefox-esr versions |
| video-without-flash | Incompatible with newer firefox-esr versions |
| webdeveloper | Incompatible with newer firefox-esr versions |
| xul-ext-monkeysphere | Incompatible with newer firefox-esr versions |
PC platform: BIOS, UEFI, CSM etc.
On the PC architectures (amd64 and i386), UEFI-based firmware is a relatively new replacement for the ancient BIOS (Basic Input/Output System) that has existed ever since the PC was first developed in the 1980s. The old BIOS systems have strict limitations due to their ancient design, running in 16-bit mode with access to only 1MB of memory, and limited access to other resources like disks. UEFI firmware is normally fully native and so should be able to access all the system memory and all the devices.
For the sake of backwards compatibility, many current PCs using UEFI also include a Compatibility Support Module (CSM), extra support code that will continue to boot in the old BIOS style. Over time, this support will most likely be phased out. Some systems were already being sold UEFI-only (i.e. with no CSM) in 2014.
x86 virtual machines can be run using qemu with either BIOS or UEFI firmware. qemu will default to BIOS using SeaBIOS, but it can also run OVMF. Debian includes builds of OVMF for amd64 in the ovmf package.
Security Updates
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
| Advisory ID | Package |
|---|---|
| DSA-4074 | imagemagick |
| DSA-4103 | chromium-browser |
| DSA-4182 | chromium-browser |
| DSA-4237 | chromium-browser |
| DSA-4242 | ruby-sprockets |
| DSA-4243 | cups |
| DSA-4244 | thunderbird |
| DSA-4245 | imagemagick |
| DSA-4246 | mailman |
| DSA-4247 | ruby-rack-protection |
| DSA-4248 | blender |
| DSA-4249 | ffmpeg |
| DSA-4250 | wordpress |
| DSA-4251 | vlc |
| DSA-4252 | znc |
| DSA-4253 | network-manager-vpnc |
| DSA-4254 | slurm-llnl |
| DSA-4256 | chromium-browser |
| DSA-4257 | fuse |
| DSA-4258 | ffmpeg |
| DSA-4260 | libmspack |
| DSA-4261 | vim-syntastic |
| DSA-4262 | symfony |
| DSA-4263 | cgit |
| DSA-4264 | python-django |
| DSA-4265 | xml-security-c |
| DSA-4266 | linux |
| DSA-4267 | kamailio |
| DSA-4268 | openjdk-8 |
| DSA-4269 | postgresql-9.6 |
| DSA-4270 | gdm3 |
| DSA-4271 | samba |
| DSA-4272 | linux |
| DSA-4273 | intel-microcode |
| DSA-4274 | xen |
| DSA-4275 | keystone |
| DSA-4276 | php-horde-image |
| DSA-4277 | mutt |
| DSA-4278 | jetty9 |
| DSA-4279 | linux |
| DSA-4279 | linux-latest |
| DSA-4280 | openssh |
| DSA-4281 | tomcat8 |
| DSA-4282 | trafficserver |
| DSA-4283 | ruby-json-jwt |
| DSA-4284 | lcms2 |
| DSA-4285 | sympa |
| DSA-4286 | curl |
| DSA-4287 | firefox-esr |
| DSA-4288 | ghostscript |
| DSA-4289 | chromium-browser |
| DSA-4290 | libextractor |
| DSA-4291 | mgetty |
| DSA-4292 | kamailio |
| DSA-4293 | discount |
| DSA-4294 | ghostscript |
| DSA-4295 | thunderbird |
| DSA-4296 | mbedtls |
| DSA-4297 | chromium-browser |
| DSA-4298 | hylafax |
| DSA-4299 | texlive-bin |
| DSA-4300 | libarchive-zip-perl |
| DSA-4301 | mediawiki |
| DSA-4302 | openafs |
| DSA-4303 | okular |
| DSA-4304 | firefox-esr |
| DSA-4305 | strongswan |
| DSA-4306 | python2.7 |
| DSA-4307 | python3.5 |
| DSA-4308 | linux |
| DSA-4309 | strongswan |
| DSA-4310 | firefox-esr |
| DSA-4311 | git |
| DSA-4312 | tinc |
| DSA-4313 | linux |
| DSA-4314 | net-snmp |
| DSA-4315 | wireshark |
| DSA-4316 | imagemagick |
| DSA-4317 | otrs2 |
| DSA-4318 | moin |
| DSA-4319 | spice |
| DSA-4320 | asterisk |
| DSA-4321 | graphicsmagick |
| DSA-4322 | libssh |
| DSA-4323 | drupal7 |
| DSA-4324 | firefox-esr |
| DSA-4325 | mosquitto |
| DSA-4326 | openjdk-8 |
| DSA-4327 | thunderbird |
| DSA-4328 | xorg-server |
| DSA-4329 | teeworlds |
| DSA-4331 | curl |
Обновление Debian через терминал
Этот способ создан для тех, кто не любит возиться с техникой слишком долго, но и не пускает всё на самотек. Прежде чем обновлять систему, следует убедиться в том, что ваши репозитории находятся в полном порядке. К примеру, ранее вы подключили репозиторий testing для установки пакета, не выключив его по завершению процесса. В данном случае любые вмешательства могут вызвать еще больше проблем.
Откроем файл sources.list редактором nano, внимательно смотрим на список репозиториев.
Нормально: в нем наличествуют основные хранилища операционной системы (stretch), репозиторий стандартных обновлений, а также хранилище обновлений безопасности.
Плохо: в файле наличествуют testing, sid, back ports.
Установленные репозитории можно посмотреть и другим способом. Например, воспользовавшись дополнением «Программы и обновления».
Отключите галочки напротив тех репозиториев, которые помешают обновлению ОС. Их названия упоминались чуть выше.
Для обновления системы нам потребуются права супер пользователя root, поэтому перейдем в режим «#».
По аналогии с убунту, астра линукс, списки пакетов обновляются по команде:
Для запуска обновления в терминале вводим:
Даем согласие на установку. Апгрейд пакетов Debian займет некоторое время. На сроки влияет производительность ПК и скорость Интернет-соединения. Если система обновлялась давно, на это потребуется больше времени.
Обновление Дебиан в графическом интерфейсе
Данный способ обновления также не обойдется без графического дополнения «Программы и обновления». Осуществите проверку обновлений в одноименной вкладке, активируйте уведомление о найденных обновах.
Графическая утилита найдет возможные обновления и предложит их вам. Если вас устраивают автоматические обновления, воспользуйтесь данной опцией здесь же. Утилит начнет делать апгрейд ежедневно.
Чтобы установить обновления, также можно воспользоваться программой «Центр приложений» (открывается через главное меню). Далее перешагните в подраздел «Обновления».
Найдите на экране значок «Обновить», нажмите на него. Это позволит произвести обмен данными. После этого вам предстоит закончить установку выявленных обновлений.
Debian также обновляется при помощи установки популярного софта под названием Synaptic Она не является базовой утилитой, однако ее можно установить.
Новый софт появится в меню устройства. ПО работает без перебоев, а потому пользуется большим спросом среди пользователей. Откройте Synaptic, кликните на кнопку «Обновить». Далее произойдет обмен данными между списками пакетов хранилищ.
Следующий шаг: кликните на кнопку «Отметить…». Актуальные апгрейды попадут в список необходимых установок. Программа выдаст запланированные модернизации.
Нажатие на клавишу «Применить» запустит процесс обновление. Не прерывайте его до полного завершения.
Заключение
Беспроблемная и безопасная работа компьютера возможна лишь при бережном обращении. С новой версией ОС устройство работает быстрее и без лагов. К тому же, это минимизирует вероятность попадания вирусов на ПК и сервер. Мошенникам будет сложнее взломать обновленную версию Debian, а значит, пользователь может не беспокоиться за сохранность и конфиденциальность личных данных.
Обновление операционной системы Debian осуществляется многообразными способами и неважно какая версия стоит 9, 8,7. Каждый пользователь может избрать для себя самый удобный и понятный вариант установки обновлений системы
Как видите, процесс установки обновлений – это то, с чем может справиться даже новичок. В этой статье даны все необходимые инструкции для реализации задуманного. И помните, что обновление ОС нужно выполнять регулярно (вручную или посредством включенного автоматического режима).
Removed packages
The following packages were removed due to circumstances beyond our control:
| Package | Reason |
|---|---|
| adblock-plus | Incompatible with newer firefox-esr versions |
| calendar-exchange-provider | incompatible with newer Thunderbird versions |
| cookie-monster | Incompatible with newer firefox-esr versions |
| corebird | Broken by Twitter API changes |
| debian-buttons | Incompatible with newer firefox-esr versions |
| debian-parl | Depends on broken / removed Firefox plugins |
| firefox-branding-iceweasel | Incompatible with newer firefox-esr versions |
| firefox-kwallet5 | Incompatible with newer firefox-esr versions |
| flashblock | Incompatible with newer firefox-esr versions |
| flickrbackup | Incompatible with current Flickr API |
| imap-acl-extension | Incompatible with newer firefox-esr versions |
| libwww-topica-perl | Useless due to Topica site closure |
| mozilla-dom-inspector | Incompatible with newer firefox-esr versions |
| mozilla-noscript | Incompatible with newer firefox-esr versions |
| mozilla-password-editor | Incompatible with newer firefox-esr versions |
| mozvoikko | Incompatible with newer firefox-esr versions |
| personaplus | Incompatible with newer firefox-esr versions |
| python-formalchemy | Unusable, fails to import in Python |
| refcontrol | Incompatible with newer firefox-esr versions |
| requestpolicy | Incompatible with newer firefox-esr versions |
| spice-xpi | Incompatible with newer firefox-esr versions |
| toggle-proxy | Incompatible with newer firefox-esr versions |
| y-u-no-validate | Incompatible with newer firefox-esr versions |
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
| Package | Reason |
|---|---|
| avahi | Remove avahi-daemon-check-dns mechanism, which is no longer needed |
| base-files | Update /etc/debian_version for the 10.9 point release |
| cloud-init | Avoid logging generated passwords to world-readable log files |
| debian-archive-keyring | Add bullseye keys; retire jessie keys |
| debian-installer | Use 4.19.0-16 Linux kernel ABI |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| exim4 | Fix use of concurrent TLS connections under GnuTLS; fix TLS certificate verification with CNAMEs; README.Debian: document the limitation/extent of server certificate verification in the default configuration |
| fetchmail | No longer report System error during SSL_connect(): Success; remove OpenSSL version check |
| fwupd | Add SBAT support |
| fwupd-amd64-signed | Add SBAT support |
| fwupd-arm64-signed | Add SBAT support |
| fwupd-armhf-signed | Add SBAT support |
| fwupd-i386-signed | Add SBAT support |
| fwupdate | Add SBAT support |
| fwupdate-amd64-signed | Add SBAT support |
| fwupdate-arm64-signed | Add SBAT support |
| fwupdate-armhf-signed | Add SBAT support |
| fwupdate-i386-signed | Add SBAT support |
| gdnsd | Fix stack overflow with overly-large IPv6 addresses |
| groff | Rebuild against ghostscript 9.27 |
| hwloc-contrib | Enable support for the ppc64el architecture |
| intel-microcode | Update various microcode |
| iputils | Fix ping rounding errors; fix tracepath target corruption |
| jquery | Fix untrusted code execution vulnerabilities |
| libbsd | Fix out-of-bounds read issue |
| libpano13 | Fix format string vulnerability |
| libreoffice | Do not load encodings.py from current directoy |
| linux | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| linux-latest | Update to -15 kernel ABI; update for -16 kernel ABI |
| linux-signed-amd64 | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| linux-signed-arm64 | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| linux-signed-i386 | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| lirc | Normalize embedded ${DEB_HOST_MULTIARCH} value in /etc/lirc/lirc_options.conf to find unmodified configuration files on all architectures; recommend gir1.2-vte-2.91 instead of non-existent gir1.2-vte |
| m2crypto | Fix test failure with recent OpenSSL versions |
| openafs | Fix outgoing connections after unix epoch time 0x60000000 (14 January 2021) |
| portaudio19 | Handle EPIPE from alsa_snd_pcm_poll_descriptors, fixing crash |
| postgresql-11 | New upstream stable release; fix information leakage in constraint-violation error messages ; fix CREATE INDEX CONCURRENTLY to wait for concurrent prepared transactions |
| privoxy | Security issues |
| python3.7 | Fix CRLF injection in http.client ; fix buffer overflow in PyCArg_repr in _ctypes/callproc.c |
| redis | Fix a series of integer overflow issues on 32-bit systems |
| ruby-mechanize | Fix command injection issue |
| systemd | core: make sure to restore the control command id, too, fixing a segfault; seccomp: allow turning off of seccomp filtering via an environment variable |
| uim | libuim-data: Perform symlink_to_dir conversion of /usr/share/doc/libuim-data in the resurrected package for clean upgrades from stretch |
| xcftools | Fix integer overflow vulnerability |
| xterm | Correct upper-limit for selection buffer, accounting for combining characters |
