Alpine Linux has recently announced the release of Alpine Linux 3.19.1, a maintenance release of the 3.19 series. This release includes a range of bug fixes and security updates, specifically addressing several vulnerabilities in OpenSSL.

The following OpenSSL security vulnerabilities have been fixed in this release:

• CVE-2023-6129
• CVE-2023-6237
• CVE-2024-0727

To delve deeper into the details and changes made, the complete list of modifications can be found in the git log for version 3.19.1.

In addition to Alpine Linux 3.19.1, older stable versions of Alpine Linux, including 3.16.9, 3.17.7, and 3.18.6, have also been released to address the identified OpenSSL vulnerabilities.

In the latest monthly update for openSUSE Tumbleweed in January 2024, the distribution unveils a new format to better communicate major changes, improvements, and key issues. This update is now recommended by contributors involved in openSUSE’s marketing efforts.

Kernel and Hardware Support

The Linux Kernel receives updates to versions 6.6.7, 6.6.9, 6.6.10, 6.6.11, and 6.7.1, addressing memory management and security vulnerabilities. Notable enhancements include PCI updates for Zhaoxin Root Ports, contributing to improved compatibility and performance for Zhaoxin’s CPUs and motherboards.

Browser and Graphics Updates

Mozilla Firefox is updated to version 121.0 and 121.0.1, resolving issues such as hanging when loading sites with column-based layouts. The KDE Frameworks update to version 5.114.0 brings significant improvements, including fixes in Extra CMake Modules, holiday additions for Kenya, and adjustments for AVIF in KImageFormats.

The Mesa update to version 23.3.3 introduces a new Vulkan driver for NVIDIA hardware (NVK) in the experimental phase. This marks a step forward in support for NVIDIA GPUs, accompanied by enhancements in graphics performance and compatibility for Asahi and RADV.

System Management and PHP Enhancements

Systemd sees updates to version 254.8, focusing on the cautious resolution of reported bugs and ensuring stability in device management systems. PHP is updated from version 8.2.14 to 8.2.15, bringing fixes for SSA integrity verification, improvements in CLI built-in web server timeouts, and resolving issues with stream wrapper registration.

Multimedia and Networking

GStreamer is updated to version 1.22.8, addressing vulnerabilities in the AV1 video codec parser and making improvements in reverse playback and seeking in qtdemux. Samba sees updates to version 4.19.4, resolving issues related to the machine account password, improving documentation generation, and addressing critical vulnerabilities and bugs.

Security and Bug Fixes

The update includes critical security patches across various packages, with notable improvements in Firefox, systemd, Samba, and PHP. Multiple Common Vulnerabilities and Exposures (CVEs) are addressed in packages like xorg-x11-server, xwayland, gnutls, java-11-openjdk, and samba, enhancing overall security and stability.

The Incus team has announced the release of Incus 0.5, the first release of 2024. This release brings several improvements to the Incus CLI, new virtual machine features, additional options for handling cluster evacuations and host shutdowns, and various bugfixes and performance improvements.

Highlights of the release include:

Ansible, Terraform/OpenTofu, and Packer
Incus now has support for Ansible, Terraform/OpenTofu, and Packer. This means that users can now find a connection plugin for Incus in Ansible, an official provider for Terraform and OpenTofu, and a Packer plugin for Incus.

Linux distribution packages Additional packages for Incus are now available for Arch Linux, Debian (testing/unstable), Ubuntu (noble), and Void Linux. Detailed installation instructions can be found in the Incus documentation.

Translations
The Incus team has spent time cleaning up translations and setting up Weblate for Incus. This makes it easier than ever for users to log into Weblate and translate the Incus CLI into their language.

New features
Some of the new features introduced in Incus 0.5 include:

• New incus file create command: This command allows users to create empty files, symlinks, and directories without transferring an existing local directory tree.
• New incus snapshot show command: This command allows users to view the configuration data included in an Incus instance snapshot.
• More shell completion options: Incus is transitioning to a more dynamic way of handling shell completion, and users can now retrieve initial shell completion profiles for Bash, Fish, PowerShell, and Zsh.
• Support for multiple VM agent binaries: Incus now supports providing multiple agent binaries to virtual machines, which is useful for handling multiple operating systems and architectures.
• Support for virtio-blk as a disk io.bus: After adding NVME support in Incus 0.2, Incus now offers virtio-blk as a disk I/O bus option in virtual machines.
• Support for USB network device pass-through in VMs: Incus now detects when the parent network device of a virtual machine is connected over the USB bus and converts it into a USB device pass-through.
• New cluster evacuation options: Two new cluster evacuation options, force-stop and stateful-stop, have been added to Incus. These options can be selected on a per-instance basis and provide different ways to handle the evacuation of instances in a cluster.
• Ability to configure the host instance shutdown action: Users can now configure the action to be taken when the host instance shuts down. The options include stop, force-stop, and stateful-stop.
• Ability to start instances as part of creation: Instances can now be started as part of the creation request, saving an API call and making it easier for users scripting the Incus API.
• Configurable Loki instance name: Incus now allows users to provide a cluster name to be used as the Loki event source instance, making it easier to filter events from multiple clusters using the same Loki instance.
• Extended HEAD support on files: The HEAD method on the Incus instance file API now returns the file size, allowing for the display of file sizes in addition to names and types.
• Use of /run/incus for runtime data: Incus now stores runtime data in /run/incus, keeping /var/log/incus only for actual log files.

For the complete list of changes in Incus 0.5, refer to the changelog.

To try Incus for yourself, visit the Incus documentation for installation instructions and more information.

Armbian, a popular Linux distribution for single-board computers (SBCs), has recently released a comprehensive update to enhance the user experience. The latest updates include improvements to the Armbian Build Framework, kernel upgrades, merging of Rockchip kernel families, and device-specific updates.

The Armbian Build Framework now includes official Github Action scripts, making it easier for users to re-compile images for their hardware. These scripts allow users to choose different configurations with or without customization. The framework can be accessed through the GitHub Marketplace.

Kernel upgrades have been completed for the current kernel selection, with the default upcoming kernel on most platforms now based on the most recent LTS kernel base 6.6.y. Additionally, EDGE kernels are already distributed with the latest 6.7.y.

Efforts are also underway to merge disassociated Rockchip kernel families, which will streamline maintenance and provide a more cohesive user experience.

In terms of device-specific updates, LicheePi 4A now has current kernel support, although it is still a work in progress (WIP). The old 32-bit Marvell kernel has also been successfully updated, ensuring that the popular NAS, Helios4, will continue to receive updates and maintainer support.

Several bug fixes and improvements have been made, including fixing a significant bug that affected network speed on RockPi S, applying numerous patches to address issues with display, wireless, Bluetooth, and DVFS on H616/H618 Zero2 and Zero3 series, and changing the default CPU governor to schedutil to optimize performance and responsiveness.

Changes to KVM virtualization in the upcoming 6.8 version of the Linux kernel include many new features and improvements. These changes are set to enhance the support for confidential VMs and bring various enhancements for KVM on different architectures.

Some of notable changes in the Linux 6.8 KVM include:

• Improved support for confidential VMs: With the introduction of the KVM_SET_MEMORY_ATTRIBUTES ioctl, user-space can now specify per-page attributes for guest memory. This feature is particularly useful for confidential and secure VMs that utilize technologies such as AMD SEV-SNP, TDX, and ARM pKVM.
• Software-protected VMs on x86: The KVM on x86 architecture now supports “software-protected VMs,” which allows for testing new interfaces related to guest_memfd and page attributes.
• Flush-by-ASID support: KVM now unconditionally advertises flush-by-ASID support for nSVM, enabling the latest versions of VMware Workstation to run smoothly on KVM.
• Linear Address Masking (LAM) for KVM guests: Linux 6.8 introduces support for LAM in KVM guests, enhancing the performance and security of virtualized environments.
• CONFIG_KVM_HYPERV option: A new Kconfig option, CONFIG_KVM_HYPERV, allows users to disable KVM support for Microsoft Hyper-V emulation during the build process.
• ARM64 LPA2 support: KVM now includes support for ARM64 LPA2, further expanding its capabilities on the ARM architecture.
• LSX/LAX SIMD CPU instructions on LoongArch: KVM on LoongArch architecture now allows for the LSX/LAX SIMD CPU instructions within KVM guest VMs.

Source: Phoronix.

Sipeed has introduced the Longan Pi3H, a single board computer (SBC) that is similar in size to the Raspberry Pi Zero. Powered by an Allwinner H618 quad-core Cortex-A53 processor, the board features full-size connectors including an HDMI 2.0 video output, two USB 2.0 Type-A ports, and a gigabit Ethernet RJ45 jack. It also offers WiFi 6 and Bluetooth 5.4 connectivity, a 40-pin GPIO header, and a USB OTG Type-C port for power. The board is composed of a carrier board and a replaceable LM3H CPU module with the Allwinner H618 SoC, RAM, and eMMC flash.

The Sipeed Longan Pi3H specifications include:

• SoC – Allwinner H618 with a quad-core Arm Cortex-A53 processor, up to 1.5GHz, and 1MB L2 cache
• GPU – Arm Mali-G31 MP2 GPU with support for OpenGL ES 1.0/2.0/3.2, OpenCL 2.0, Vulkan 1.1
• VPU with support for various video formats
• System Memory – 2GB or 4GB LPDDR4
• Storage options include a microSD card slot and optional 32GB eMMC flash
• Video & Audio Output – HDMI 2.0a up to 4Kp60
• Networking features a gigabit Ethernet RJ45 port and dual-band WiFi 6 and Bluetooth 5.4 with a ceramic antenna
• USB ports include 2x USB 2.0 Type-A ports and 1x USB 2.0 OTG Type-C port
• Expansion options include a 40-pin Raspberry Pi-compatible GPIO header with I2C, SPI, UART, and a variety of GPIOs
• Debugging features a 4-pin debug UART (3.3V)
• Additional features include FEL and Reset buttons, 2x user LEDs
• Power supply options include 5V via USB Type-C port or 4-pin Debug UART header
• Dimensions: SBC – 65 x 30.8 x 23.6 mm, LM3H module – 46.1 x 25 x 2.9mm

Mainline Linux support for the board is expected to be merged in Q1 2024. While the documentation page is not currently working, hardware documentation such as schematics and mechanical drawings are available.

Pre-orders for the Sipeed Longan Pi3H are available on Aliexpress, with prices ranging from $17.90 for the 2GB RAM variant (without eMMC flash) to $34.90 for the 4GB RAM variant with 32GB eMMC flash. Shipping is expected to start on February 11, and the product will be available for European customers in a few days.

Source: CNX Software – Embedded Systems News.