LWN.net

Inside this week's LWN.net Weekly Edition:

The resultsare in for Fedora's F44 election cycle for seats on the FedoraCouncil, Fedora EngineeringSteering Committee, FedoraMindshare Committee, and EPELSteering Committee.Miro Hronok and Aleksandra Fedorova have wonseats on the council. Neal Gompa, Fabio Valentini, Michel Lind,Maxwell G, and Simon de Vlieger have been elected to FESCo. SamyakJain, Akashdeep Dhar, Luis Bazan, and Mat Holmes have all been electedto the Mindshare Committee. The four candidates for the EPELcommittee, Carl George, Diego Hererra, Jonathan Wright, and TroyDawson were all automatically elected as there were an equal number ofcandidates and seats open. Congratulations to all the winners.

The Python Software Foundation blog has a postwith a summary of the security-related content at PyCon US 2026 with links toslides from important sessions. The recordings will be published tothe PyCon US channel onYouTube, and the post will be updated with links to those videos asthey are made available.

Jan Kara has been workingon cleaning up how bufferheads are used by some kernel filesystems. In a shortfilesystem-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, he gave an update onthat work and where it is headed. Topics included generic infrastructureto track buffer heads for metadata, a buffer-head cleanup for the Amigafilesystem, and some planned locking fixes.

Version2.0 of the FairScan document-scanning app for Android has beenreleased. The headline feature for this release is the addition ofoptical-character-recognition (OCR) support using Tesseract to produce PDFswith searchable text from scans. FairScan developer Pierre-YvesNicolas has written a detailedblog about adding the feature and explaining why it had not been addedpreviously.

Security updates have been issued by AlmaLinux (hplip, kernel, kernel-rt, libpng12, libpng15, libxml2, libxslt, mysql:8.0, mysql:8.4, opencryptoki, openssl, postfix, postgresql:15, rsync, and webkit2gtk3), Debian (asterisk, atril, gsasl, and libreoffice), Fedora (ack, bird, chromium, firefox, ldns, librabbitmq, nextcloud, nss, openslide, perl-Protocol-HTTP2, tig, vorbis-tools, and xen), Mageia (coturn, log4cxx, and python-tornado), SUSE (389-ds, buildah, container-suseconnect, distribution, editorconfig-core-c, elemental-system-agent, glib-networking, google-guest-agent, google-osconfig-agent, kernel, libcaca, libXpm, opensc, openssl-3, openvswitch, perl-Crypt-PBKDF2, python-python-dotenv, python311-aiosmtplib, python311-zeroconf, runc, shim, and sqlite3), and Ubuntu (ca-certificates, keystone, librabbitmq, linux, linux-aws, linux-kvm, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-oracle, linux-azure, linux-azure, linux-gcp, linux-hwe, linux-oracle, linux-azure-6.8, linux-oracle-5.15, nova, openimageio, qemu, and squid).

Part of running LWN is keeping a list of potentially interesting topicsthat may merit the effort to turn into articles. As an experiment, we arenow exposing that list to our subscribers at theProject Leader and Supporter levels. The hope is that this list willprovide useful insights into what is on our radar and which might be comingto LWN in the near future.

On June 15 at Fedora's Flock conference, held inPrague, Fedora Project Leader (FPL) Jef Spaleta delivered a short "State ofFedora" keynote that provided a bit of insight into the status of theproject. Topics included the overall growth for Fedora usage, ways to increasecontributions, and an alarming decline in the number of active packagers workingon the project.

Version152.0 of the Firefox web browser has been released. Notablechanges in this release include a brand-new look for the FirefoxSettings interface, the ability to disable tracker blocking in privatebrowsing tabs, a feature to mute browser sound from the address bar,experimental support for the JPEGXL image format, and more.

Version6.7 of KDE's Plasma desktop has been released. Notable changes inthis release include per-screen virtual desktops, faster desktopswitching, introduction of the Uniontheming system as a tech preview, as well as many other improvements and bugfixes. The release is dedicated to Eric Laffoon, a longtime KDEsupporter, who passed away in May.See the KDEwiki for a full list of new features, and the Changelogfor a list of all commits in this release.

Security updates have been issued by AlmaLinux (mod_http2, postfix, and webkit2gtk3), Debian (bird2, libgd-perl, and libreoffice), Fedora (7zip, ack, hugo, and perl-Mojo-JWT), Mageia (atril, evince, xreader, emacs, lcms2, libgcrypt, libinput, libsndfile, putty, and sudo), Red Hat (openssl and osbuild-composer), SUSE (cheat, chromedriver, containerized-data-importer, cyrus-imapd, freeipmi, graphicsmagick, java-11-openj9, java-17-openj9, kitty, kubevirt, kubevirt-1.6, libcaca, libopenssl-3-devel, librav1e0_8, neonmodem, opensc, openssh, openssl-1_0_0, openssl-1_1, openssl-3, perl-HTTP-Daemon, perl-XML-LibXML, python-python-dotenv, python311-paramiko, python311-PyJWT, python311-starlette, python311-tornado6, qemu, restic, and trivy), and Ubuntu (adsys, cups, fastnetmon, freerdp2, freerdp3, mesa, nginx, rsync, ruby2.3, ruby2.5, and tmux).

Linus Torvalds releasedthe 7.1 kernel as expected on June14. This development cyclebrought in a lot of new features - and a lot of new developers as well.The time has come for our traditional look at where the changes in 7.1 camefrom, with a digression into how our community may be changing in general.

Daniel Stenberg has announcedthat curl will not be accepting vulnerability reports from July1through August3, unless the submitter has a paid supportcontract. He is calling it the "curl summer of bliss".

Security updates have been issued by AlmaLinux (.NET 9.0), Debian (apache2, chromium, jpeg-xl, librabbitmq, and openssl), Fedora (apptainer, bind9-next, chezmoi, chromium, collectd, composer, dnsdist, gh, python-django5, python-python-multipart, varnish, varnish-modules, vmod-querystring, vmod-uuid, weasyprint, and xorg-x11-server-Xwayland), Mageia (cups, expat, libpng, libssh, memcached, nghttp2, openimageio, packages, proftpd, and radare2), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, and firefox), Red Hat (postfix and valkey), and SUSE (afl, alloy, ansible-core, apache-pdfbox, chromedriver, chromium, cpp-httplib-devel, dpkg, elemental-operator, elemental-toolkit, enc, erlang, ffmpeg-7, firewalld, git-bug, golang-github-prometheus-prometheus, grafana, GraphicsMagick, graphite2, kernel, kernel-devel, lcms2, ldns, libsoup, libyang, libzypp, logback, mariadb, NetworkManager, openssh, openvswitch, perl-GD, perl-XML-LibXML, polkit, postgresql-jdbc, postgresql18, python, python-django, python-M2Crypto-doc, python-Pygments, python-pygments, python-requests, python313-Django6, qemu, rpcbind, samba, strongswan, tmux, uriparser, and xdg-dbus-proxy).

Linus has released the 7.1 kernel."So it's only Sunday morning back home, but it's Sunday afternoon whereI am right now, so I'm doing the 7.1 release at the regular time -just not in the regular timezone."Significant changes in 7.1 includethe removal of support for some old 486-based architectures,some new clone() flags makingprocess management easier,BPF support for io_uring,zero-copy-I/O support for the ublk user-space blockdriver,initial (incomplete) sub-scheduler supportin sched_ext,more swapping improvements,a completely rewritten NTFSimplementation,and much more. See the LWN merge-window summaries (part1, part2) for details.

In a shortened session in the filesystem track at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, Amir Goldstein gave anupdate on the overlayfsunion filesystem. There are some new features over the last few yearsthat he wanted to mention, along with looking at the status of nestingoverlayfs layers. The composefs use casethat was discussed at the summit in 2023has led to some interesting changes to overlayfs.

Hundreds of orphaned packages hosted by the Arch User Repository (AUR) havebeen compromised by an attacker who has added a malicious npmpackage (atomic-lockfile) that can exfiltrate sensitivedata. The project is currently workingon cleaning up the mess. There is a list of affected packagesand post (possibly NSFW domain) by"sodiboo" with additional information. Arch Linux users (or users ofArch-based distributions) that use AUR packages may wish to see if theyhave installed any of the compromised updates.

Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, bind, expat, httpd:2.4, kernel, kernel-rt, mod_http2, openssl, poppler, redis, redis:7, samba, and unbound), Debian (ironic, kernel-wedge, libinput, linux-base, and neutron), Fedora (kernel, openssl, vaultwarden, and vaultwarden-web), Mageia (erlang-hex_core, erlang-rebar3, gnupg2, and sqlite3), Red Hat (buildah, podman, and skopeo), SUSE (flannel, gdk-pixbuf-loader-libheif, gnutls, google-cloud-sap-agent, grafana, graphite2, hplip, libIex-3_4-33, libzypp, nginx, openssh, perl-DBI, perl-Git-Repository, perl-Protocol-HTTP2, python-Pygments, python-simpleeval, python311-Django4, rclone, roundcubemail, strongswan, tomcat10, tomcat11, unbound, and webkit2gtk3), and Ubuntu (apache2, dotnet8, dotnet9, dotnet10, gst-plugins-base1.0, ironic, linux-azure-5.15, linux-azure-fips, lwip, mistral, and ubuntu-kylin-software-center).

Version6.0.0 of the Homebrewpackage-management system has been released. Notable changes in thisrelease include the introduction of tap trust to improvesupply-chain security, improvements in sandboxing on Linux, a numberof performance tweaks, and many other changes.See the changelogfor a full list. LWN covered Homebrew inNovember 2025.

The Linux kernel has long tried to use huge pages as a way to improveperformance, sometimes with more success than others. The size of hugepages has traditionally been imposed by the hardware, which typically onlyoffers a couple of relatively large options. In more recent times, though,the use of multi-size transparent huge pages (mTHPs), with more flexiblesizing implemented in software, has been growing. If all goes well, the7.2 development cycle will include the addition of a new feature,contributed by Nico Pache, to make the use of mTHPs even more transparent.

Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, podman, poppler, and postgresql-jdbc), Debian (chromium, jackson-core, libdbi-perl, and libinput), Fedora (httpd, rust, and xmlstarlet), Mageia (openssh, postfix, and roundcubemail), Oracle (frr, kernel, libyang, n, postgresql-jdbc, and unbound), Red Hat (.NET 10.0, .NET 8.0, .NET 9.0, redis, and redis:7), SUSE (agama-web-ui, cockpit, cosign, glibc, google-cloud-sap-agent, google-osconfig-agent, kanidm, kernel, kubernetes, kubernetes1.23, kubernetes1.24, kubernetes1.25, kubernetes1.27, kubernetes1.28, libpodofo-devel, libyang, NetworkManager-libreswan, openCryptoki, python311-pypdf, rclone, steampipe, wicked, and xen), and Ubuntu (exim4, libcrypt-saltedhash-perl, libhttp-daemon-perl, samba, and uriparser).

Inside this week's LWN.net Weekly Edition:

Seth Larson, the Python Software Foundation's securitydeveloper-in-residence, has writtenabout the difficulty in classifying insecure code completion inthe PyCharm IDE usingits FullLine code completion plugin. Larson discovered that the plugin,which uses a local "deep learning module" to offer code completions,suggests code that would lead to severe vulnerabilities. He was unsurewhether it warranted a CVE or not, however:

Agentic AI systems can be used to do a variety of thingsautonomously on behalf of a human user: open or manage bugs, generatecode, submit pull-requests, and (apparently) even complain aboutrejection. In May, a Fedora developer discovered that an allegedlyrogue agent had been pestering the project in a number of ways:reassigning bugs, fabricating unhelpful replies to bugs, and evenpersuading maintainers to merge questionable code into the Anacondainstaller. It also submitted a number of pull requests (PRs),some accepted, to several upstream projects. The Fedora accountassociated with the agent has had its group privileges revoked and themesses have been mopped up, but the motive behind the agent's actions is stilla mystery.

Version2026.05 of the Buildroot toolhas been released. Buildroot simplifies and automates the process ofbuilding embedded Linux systems using cross-compilation. Notablechanges in this release include support for Arm Neoverse cores,addition of XFS rootfs generation, as well as many package updates andbug fixes. See the CHANGESfile for the full list.

Security updates have been issued by AlmaLinux (poppler), Debian (dnsmasq, mistral, okular, openssl, poppler, and strongswan), Fedora (exim, firefox, pcs, putty, and xorg-x11-server), Mageia (freeciv, golang-x-net, jq, libssh, libxmp, libxpm, minetest, ruby-net-ssh, tor, and wireshark), SUSE (389-ds, ack, agama-web-ui, amazon-ssm-agent, avahi, dpkg, elemental-register, elemental-system-agent, elemental-toolkit, ggml-devel-9500, go1.25, go1.26, kernel, kubernetes1.23, kubernetes1.24, kubernetes1.26, libsoup, mariadb, netty, netty-tcnative, NetworkManager, nginx, perl-CryptX, perl-XML-LibXML, podofo, polkit, python-Django, python-requests, samba, strongswan, vim, and xen), and Ubuntu (cyborg, gdk-pixbuf, golang-golang-x-net-dev, nginx, node-lodash, openssl, openssl, openssl1.0, qemu, tomcat9, tomcat10, and vim).

Thomas Ward has publishedan update about the future of the Ubuntu MATE project, which did not have a26.04release with the other Ubuntu flavors inApril:

Trustedpublishing is an authentication mechanism that relies onshort-lived credentials to reduce the risk of supply-chain attacks. Atthe 2026 OpenSource Summit North America, Mike Fiedler walked the audiencethrough why trusted publishing exists, how it works, and made the casefor its adoption. It is not a silver bullet against all attacks, butit does offer protection against theft of long-lived credentials usedto publish to package registries.

The Asahi Linux project,which brings Linux support to Apple Arm-based Macs, has warnedits users not to upgrade to the macOS27 "Golden Gate"beta.

The BPF verifier has, in the course of wrestling with the difficult problem ofstatically analyzing loops, grown special support for many kinds of loops over itshistory, but its fundamental approach to simple for loops has notchanged.When it encounters a loop, it evaluates it, iteration by iteration, until reachingan exit condition - a process that can cause the verifier to mistakenly hit thelimit on the number of allowed instructions where a better implementationwould not.Eduard Zingermanspoke at the 2026Linux Storage, Filesystem, Memory-Management, and BPF Summitabout his in-progress work on improving the verifier's treatment of loops, especially nestedloops.

Security updates have been issued by AlmaLinux (bind and libyang), Debian (keystone and openssl), Fedora (mingw-objfw, objfw, sentencepiece, and tailscale), Mageia (packagekit and suricata), Oracle (bind, bind9.16, go-toolset:ol8, ImageMagick, kernel, samba, and vim), SUSE (apache-commons-lang3, apache-commons-text, apache-commons- configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec, avahi, busybox, chromedriver, chromium, csync2, firewalld, frr, gleam, helm, kernel-devel, keybase-client, libmozjs-140-0, libopenvswitch-3_7-0, libsoup, memcached, mutt, openjpeg2, ovmf, perl-HTML-Parser, perl-Net-CIDR-Set, perl-Protocol-HTTP2, postgresql-jdbc, postgresql17, python-CairoSVG, python-Flask, python-pip, python-pyOpenSSL, python-python-multipart, python-Twisted, python-urllib3, python-urllib3_1, python-uv, python311, rsync, tomcat, and tree-sitter), and Ubuntu (alsa-lib, cups, inetutils, isc-kea, jpeg-xl, libnet-cidr-lite-perl, netatalk, netty, nginx, node-shell-quote, php-twig, pillow, poppler, rsync, strongswan, systemd, and transmission).

Heise is carrying areport from the Linux App Summit, held in Berlin in May.

Greg Kroah-Hartman has announced the release of the 7.0.12, 6.18.35, and 6.12.93 stable kernels. Each containsimportant fixes throughout the tree. Users are advised to upgrade.

In a filesystem-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, Amir Goldstein updatedattendees on the fanotifyfilesystem-event monitoring subsystem. He wanted to describe changes that had come in the last year orso, as well as upcoming features and some remaining challenges in hisefforts to use fanotify for hierarchicalstorage management (HSM). Fanotify is the user-space API for monitoringfiles, directories, and filesystems for events of various sorts(e.g. opening or deleting a file).

Andrew Tridgell has announcedthe release of rsync 3.4.4 withfixes for the regressions introduced in the 3.4.3 release. He alsonotes there will be an rsync 3.5.0 soon, with many more securityupdates:

Security updates have been issued by AlmaLinux (bind, bind9.16, frr, kernel, kernel-rt, libexif, mysql, php, and unbound), Debian (apache2, chromium, glibc, gsasl, jackson-core, libxml2, nginx, request-tracker4, request-tracker5, tomcat10, tomcat11, and tomcat9), Fedora (chromium, firefox, haveged, keylime, libinput, libssh2, nasm, perl-CryptX, rust, thunderbird, and webkitgtk), Mageia (cockpit, golang-x-crypto, golang-x-sys-devel, kernel, kmod-virtualbox, kmod-xtables-addons, kernel-linus, perl-DBIx-Class-EncodedColumn, perl-Crypt-URandom-Token, xdg-dbus-proxy, and xmlrpc-c), Slackware (samba), and SUSE (7zip, amazon-ssm-agent, ansible-13, ansible-core, assimp-devel, bind, cacti, chromium, dpkg, epiphany, erlang27, evince, ffmpeg-4, freerdp, frr, git-bug, google-guest-agent, grafana, hauler, ignition, jq, kanidm, kernel, keybase-client, libjxl, libmariadbd-devel, libmozjs-115-0, libopenbabel8, libsoup2, mariadb, mcphost, networkmanager, openssh, perl-HTTP-Daemon, perl-HTTP-Tiny, perl-IO-Compress, perl-Sereal-Decoder, perl-xml-libxml, postgresql18, python-pyopenssl, python311-pip, tomcat, tomcat10, tomcat11, tor, trivy, unbound, uriparser, vifm, weblate, xorg-x11-server, and yq).

The 7.1-rc7 kernel prepatch is out fortesting. Linus said: "Anyway, as things look now this is the lastrc. Something can obviously always come up and force us to change that, butplease give rc7 a whirl and keep testing for one more week."

Since the earliest days of Unix, two of the core process-oriented systemcalls have been fork(), which creates a child process as a copy ofthe parent, and exec(), which runs a new program in the place ofthe current one. In Linux kernels, those system calls are better known asclone()and execve(),but the core functionality remains the same. While there is elegance tothis process-creation model, there are shortcomings as well. A recent proposal fromLi Chen to add "spawn templates" to the kernel will not be accepted in itscurrent form, but it may point the way toward a new process-creationprimitive in the future.

Version4.0.13 of Ruby's Bundlerpackage-manager has addeddependency cooldowns in order to help mitigate the effect ofsupply-chain attacks:

Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, exim4, frr, and haveged), Fedora (cockpit, freeipa, jpegxl, libre, nextcloud, perl-Cpanel-JSON-XS, perl-Crypt-Argon2, perl-Dist-Build, perl-ExtUtils-Builder, perl-ExtUtils-Builder-Compiler, perl-HTTP-Tiny, perl-libwww-perl, python-starlette, rubygem-yard, rust-sequoia-cert-store, rust-sequoia-chameleon-gnupg, rust-sequoia-octopus-librnp, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-wot, samba, and transmission), Red Hat (image-builder), Slackware (dnsmasq and libinput), SUSE (evince, glibc, google-guest-agent, hplip, ignition, LibVNCServer, libzypp, libsolv, python-Pillow, salt, thunderbird, and vim), and Ubuntu (apache2, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-realtime, linux, linux-aws, linux-aws-fips, linux-azure, linux-azure-5.4, linux-azure-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-azure, linux-azure-4.15, linux-azure-fips, linux-fips, linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle, linux-aws-5.4, linux-hwe-5.4, linux-azure-fips, linux-fips, linux-raspi, linux-raspi-5.4, nano, postfix, robocode, tomcat6, tomcat7, and yard).

The Software Engineering Radio podcast has put up aninterview with graphics maintainer Dave Airlie. Much of what is inthere will not be news to LWN readers, but it is an interesting overview ofthe life of a large-subsystem maintainer.

The splice()and vmsplice()system calls are meant to improve performance for certain data-movementtasks by minimizing (or avoiding altogether) system calls and the copyingof data. They also have a long history of security problems. The recentflood of LLM-discovered vulnerabilities has drawn attention, once again, tosplice() and vmsplice(); as a result, they may end upbeing removed altogether.

The EFF has a blogpost looking at a new bill in California that would exemptopen-source operating systems from the Digital Age Assurance Actpassed last year, but has problems of its own:

Security updates have been issued by AlmaLinux (.NET 10.0, compat-openssl10, compat-openssl11, delve, expat, httpd:2.4, libexif, mod_http2, openssl, ruby4.0, samba, thunderbird, unbound, and vim), Debian (ceph and sudo), Fedora (libsoup3, pie, roundcubemail, and xorg-x11-server-Xwayland), Mageia (lxc), Oracle (expat, gnutls, kernel, php:8.2, thunderbird, and uek-kernel), Slackware (httpd, net, proftpd, tigervnc, and xorg), SUSE (apache-sshd, apptainer, atril, bind, busybox, cloudflared, evolution-data-server, golang-github-prometheus-prometheus, golang-github-v2fly-v2ray-core, grafana, helm, kernel, libgphoto2-6, libjxl-devel, libsoup, libsoup-2_4-1, libsoup-3_0-0, memcached, ovmf, python-cairosvg, python-flask, python-pip, python-pymupdf, python-pyOpenSSL, python-urllib3, python-urllib3_1, python3-pyOpenSSL, restic, rsync, salt, sdbootutil, tor, tree-sitter, vorbis-tools, and yq), and Ubuntu (exim4, frr, gst-plugins-base1.0, libtemplate-perl, libwww-perl, mysql-8.0, nginx, python-pip, python-urllib3, and twisted).

Inside this week's LWN.net Weekly Edition:

Over time, many open-source maintainers face the same problem: theylack the time to do all of the work that their project needs, and noone else is stepping up to provide adequate help. Maintainers, though,are often reluctant to throw in the towel. The result is suboptimalall around; the maintainer is stressed out, project quality suffers,and users face security risks that they may not be fully aware of. Atthe 2026 OpenSource Summit North America, Robin BenderGinn spoke about thisproblem, when it might be time for maintainers to pass the torch, andthe responsibilities of users.

Alexei Starovoitov gave "less of a presentation, more of a scream ofrealization" at the BPF track of the 2026Linux Storage, Filesystem,Memory-Management, and BPF Summit. He shared a set of ideas for how BPF couldchange to avoid being swept away by the sea-change in programming represented by modernlarge language models (LLMs) and the coding agents based on them.In a follow-up session, the discussion coveredmore problems with how coding agents use tools like bpftrace, and the current deluge ofpatches in need of review in the BPF subsystem.

Andrew Tridgell has written a blogpost responding to complaints that he has begun using LLM tools inhis work maintaining rsync:

Security updates have been issued by Debian (php-twig), Fedora (hplip, python-wsgidav, roundcubemail, and xorg-x11-server), Oracle (compat-openssl10, httpd:2.4, and kernel), Red Hat (osbuild-composer), SUSE (busybox, cloudflared, cockpit, cups, ffmpeg-4, gnutls, google-osconfig-agent, helm, hplip, kernel, kubelogin, libjxl, libsoup, libunbound8, LibVNCServer-devel, mapserver, nvidia-open-driver-G06-signed, nvidia-open-driver-G07-signed, openssh, python-idna, qemu, rqlite, shadowsocks-v2ray-plugin, ucode-intel, unbound, vim, vorbis-tools, and xorg-x11-server), and Ubuntu (age, dovecot, editorconfig-core, gobgp, libapache-mod-jk, libcommons-lang-java, libcommons-lang3-java, libeconf, linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux, linux-aws, linux-azure, linux-azure-6.17, linux-hwe-6.17, linux-nvidia-6.17, linux-oem-6.17, linux-oracle, linux-oracle-6.17, linux-raspi, linux-realtime, linux-realtime-6.17, linux, linux-aws, linux-gcp, linux-ibm, linux-nvidia, linux-oracle, linux-raspi, linux-realtime, linux-aws-6.17, linux-gcp, linux-gcp-6.17, luanti, mysql-8.0, mysql-8.4, node-tar-fs, and unbound).

Extendedattributes (xattrs) provide a way to attach key/value metadata toinodes-files, directories, and the like-in a filesystem. As with manyLinux filesystems, the FUSE filesystemsupports xattrs. In a filesystem-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, FUSE maintainer MiklosSzeredi led a discussion about caching xattrs in kernel memory; he wouldlike to create some common infrastructure that could be used by FUSE andshared with other filesystems.