Debian 12.2 has been released, incorporating the latest security fixes and stable back-ports for Debian 12 Bookworm. This stable point release includes a new version of the Linux 6.1 kernel and the latest linux-firmware/microcode support.

One of the notable updates in Debian 12.2 is the inclusion of mitigations for the AMD Inception (SRSO) vulnerability, which was made public in August. Additionally, the release addresses the Intel Downfall vulnerability, also disclosed in August.

Furthermore, Debian 12.2 includes several other security fixes, enhancing overall system security. For a detailed list of package updates and security fixes, refer to the release announcement on Debian’s website.

Source: Phoronix.

Linux Containers has released Incus 0.1, the first formal release of their community fork of the LXD project. Incus was created after Canonical took control of LXD. Incus 0.1 is similar to the LXD 5.18 release but includes several changes and improvements. The project has dropped unused or problematic features from the LXD codebase and will now focus on backwards compatibility. Notable changes include renaming the project to Incus and replacing /dev/lxd with /dev/incus. More details and downloads can be found at LinuxContainers.org.

Source: Phoronix.

OpenZFS has launched release candidate 5 (rc5) of version v2.2.0.

The release includes several changes and updates, including improvements to ZIL (ZFS Intent Log), rpm fixes, enhancements to zfsconcepts, and updates to ARC (Adaptive Replacement Cache) headers. Additionally, there are compatibility updates for Linux and FreeBSD platforms.

Here are the supported platforms for this release:

• Linux: compatible with 3.10 - 6.5 kernels
• FreeBSD: compatible with releases starting from 12.2-RELEASE

The release candidate includes numerous bug fixes and enhancements to improve stability and performance. It is recommended for users who are interested in testing the latest features and providing feedback to the OpenZFS community.

To learn more and download the release candidate, visit the official OpenZFS GitHub page at https://github.com/openzfs/zfs/releases/tag/zfs-2.2.0-rc5.

Phoronix reports that the latest Linux kernel patches have been released for the Milk-V Pioneer board, a 64-core RISC-V micro-ATX board with impressive features such as two PCIe x16 slots. The board is built around the Sophon SG2042 SoC, which boasts 64 RISC-V CPU cores clocked at up to 2.0GHz, shared 64MB L3 cache, and support for quad-channel DDR4-3200 memory. The Sophon SG2042 has a TDP of 120W.

In addition to its 64-core CPU, the Milk-V Pioneer board offers four DDR4 memory slots, dual M.2 slots, three PCIe x16 slots using x8 lanes, five SATA ports, eight USB 3.2 ports, and dual 2.5Gb Ethernet ports. It is designed for micro-ATX enclosures and works with a conventional 24-pin ATX power supply. Overall, the Milk-V Pioneer is an incredibly interesting RISC-V development board that is currently in the process of being released to the market.

The Milk-V team has been working on upstreaming the Linux kernel support for the Milk-V Pioneer, and the recently published v4 patches enable basic driver support, allowing the kernel to boot to a basic console.

The board, along with a heatsink, is currently priced at $1499 USD and is available for pre-order. Shipping is expected to begin in December.

Source: Phoronix.

GL.iNet has released the Flint2 (also known as GL-MT6000), a new AX6000 router based on the MediaTek MT7986 (Filogic 830) ARM SoC. This router supports VPN speeds of up to 900 Mbps using WireGuard and 190 Mbps with OpenVPN. Compared to previous GL.iNet routers like the Spitz AX and the Beryl AX, which were based on the Filogic 820 (MT7981B) CPU with transfer rates of up to 300 Mbps using WireGuard, the Flint2 is expected to triple the VPN performance.

The GL.iNet Flint2 router comes with the following specifications:

• SoC – MediaTek MT7986 (Filogic 830) quad-core Arm Cortex-A53 processor @ 2.0 GHz with hardware acceleration engines for Wi-Fi offloading and networking
• System Memory – 1GB DDR4
• Storage – 8GB eMMC flash
• Networking:
  • 2x 2.5 Gbps Ethernet ports
  • 4x Gigabit Ethernet LAN ports
  • 802.11b/g/n/ac/ax WiFi 6 with 4x external Wi-Fi antennas
    • Up to 1,148 Mbps @ 2.4 GHz
    • Up to 4,804 Mbps @ 5 GHz
    • DFS (Dynamic Frequency Selection) support
  • VPN – OpenVPN server/client tested up to 190 Mbps, and WireGuard server/client tested up to 900 Mbps (tests over Ethernet in client mode)
• USB – 1x USB 3.0 Type-A port
• Dimensions – 233 x 137 x 57mm

The GL.iNet Flint2 router comes pre-installed with OpenWrt 23.05 (or a fork) with Linux 5.15 and the GL.Inet Admin Panel, which is common to all GL.iNet routers. It supports four different network modes: router, access point, extender, and WDS. The router also includes features such as AdGuard Home, parental controls, and Cloud remote management.

The significant improvement in WireGuard performance, tripling the previous model’s speed, is noteworthy. While the upgrade from a 1.3 GHz dual-core Arm Cortex-A53 CPU to a 2.0 GHz quad-core Cortex-A53 CPU partially explains the increase, the main reason is likely the switch from Linux 5.4 to Linux 5.15. The Filogic 830-based router benefits from in-kernel WireGuard support introduced in Linux 5.6. As a point of comparison, the first Flint router achieves speeds of up to 500 Mbps with WireGuard.

The Filogic 830 SoC used in the Flint2 is also found in other devices, such as the Banana Pi BPI-R3 and BPI-R3 Mini router SBCs.

Source: CNX Software – Embedded Systems News.

Phoronix reports that Linux will now indicate via /proc/cpuinfo if AMD virtualization (SVM) is disabled. This is a quality of life improvement for home lab virtualization when using AMD CPUs. Previously, checking for the presence of Intel virtualization support and its status could easily be done by looking at the flags in /proc/cpuinfo. However, SVM was always shown in /proc/cpuinfo regardless of whether it was disabled in the BIOS. This oversight is finally being corrected in the upcoming Linux 6.7 kernel cycle, with the possibility of back-porting the fix to existing kernel series.

The patch, developed by Red Hat’s Paolo Bonzini, has been queued into TIP’s x86/cpu branch. This patch will now read the appropriate MSR to verify if SVM has been disabled on AMD and Hygon processors. If SVM is disabled, the CPU capability will be cleared, and it will no longer show in /proc/cpuinfo. Previously, the only indication of AMD SVM being disabled was appearing in the kernel log or KVM virtualization failing to work. This small but useful change makes it much easier to check if virtualization is available via the widely-used /proc/cpuinfo interface.

Source: Phoronix.