LWN.net

Package managers for operating systems and programming languages have beenaround for decades. Each package manager, and its accompanying packaging format,has been shaped by the needs of its respective ecosystem, but there is a growingneed to make use of package metadata for more than software management: forexample, in vulnerability scans, software bills of materials (SBOMs), and more. OnMay19, Damian Vicino spoke at the Open Source Summit North America 2026about his experiences in the past year trying to make sense of the variedmetadata provided by more than 20 package managers.

Version8.3 of Vim Classic has beenreleased. This is the first release of the Vim fork since the projectwas announcedin March.

Security updates have been issued by AlmaLinux (php:8.2 and php:8.3), Debian (gst-plugins-good1.0, symfony, and yelp), Fedora (dovecot, freeipa, hplip, libpng, perl-Catalyst-Plugin-Authentication, postfix, samba, unbound, and vim), Mageia (assimp, libcaca, sdl2_sound, and tar), Slackware (kernel), SUSE (alloy, apache-commons-lang3, apache-commons-text,, apache2, bubblewrap, busybox, chromium, cups, docker-stable, ffmpeg-8, google-osconfig-agent, gsasl, ignition, java-26-openjdk, kernel, libsolv-demo, libsoup, libzypp, localsearch, openjpeg2, postgresql-jdbc, putty, python-mistune, python-Pillow, python-python-multipart, python-Twisted, python3-Twisted, re, roundcubemail, vim, wireshark, and xz), and Ubuntu (evolution-data-server, exim4, gsasl, haveged, lcms2, libreoffice, linux-aws, linux-lts-xenial, linux-lowlatency, linux-nvidia-tegra, nginx, nncp, qtdeclarative-opensource-src, sslh, sssd, and xz-utils).

Over on the AboutCode blog, leadmaintainer Philippe Ombredanne writesabout an agentic LLM system porting the ScanCodeToolkit to Rust. In the process, the LLM (or the people behind it)infringed the ScanCode trademark, stripped copyright and license notices,"and started an outreach campaign, without ever engaging the AboutCodecommunity". Ironically, the toolkit is used to scan source code and binaries inorder to figure out licensing and copyright information; it also reports onpackagedependencies, vulnerabilities, and more.

Optimizing compilers can, under some circumstances, infer when a parameter to afunction is not needed, and remove it. This is all well and good until thekernel's tracing or BPF subsystems need information on how to call the functionor where its arguments are stored.Alan Maguire and Yonghong Song spoke at the 2026LinuxStorage, Filesystem, Memory-Management, and BPF Summit about their work onrecording information regarding changed function signatures in the kernel's BTF debugginginformation, to better support tracing such functions.

Greg Kroah-Hartman has announced the release of the 7.0.11, 6.18.34, 6.12.92, 6.6.142, 6.1.175, 5.15.209, and 5.10.258 stable kernels. As usual, eachcontains important fixes throughout the tree, including a fix for the "CIFSwitch" vulnerability (CVE-2026-46243) which could allow a local-privilege-escalation exploit. Users are advised toupgrade.

The DistroWatch site is celebrating its25th anniversary. "All in all, it has been an incredible ride. Manyof you who read these pages regularly know that downloading and testingdistributions is a highly addictive pastime. I have been an aviddistro-hopper for the last 25 years and I don't see myself abandoning thisactivity for many more years to come." Congratulations to LadislavBodnar and all the others who have kept that resource going for so long.

The x32 ABI was meantto be the best of both worlds, providing the expanded registers andinstruction set of the x86-64 architecture while preserving the lowermemory use of 32-bit systems. The Linux kernel has supported x32 since the3.4 release in 2012. The initial excitement around x32 did not last,though, and kernel developers are considering removing that support - andnot for the first time. Even the most unloved features tend to have a fewusers, though, making removal hard.

StepSecurity is reportingthat a number of npm packages in the @redhat-cloud-servicesscope include malware that runs automatically on every npminstall:

The Fedora Project has publishedinterviews with candidates running for the open seats on the FedoraCouncil, Fedora EngineeringSteering Committee, FedoraMindshare Committee, and EPELSteering Committee. Voting is open through Friday,June 12 at 23:59 UTC.

Security updates have been issued by AlmaLinux (.NET 10.0, .NET 9.0, firefox, flatpak, httpd, and thunderbird), Debian (chromium, corosync, cyborg, dovecot, exim4, git-lfs, imagemagick, kernel, keystone, linux-6.1, php-twig, python-aiohttp, sentry-python, swift, and symfony), Fedora (chromium, djvulibre, docker-compose, giflib, haveged, libsoup3, libssh2, mingw-objfw, netatalk, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, objfw, pdns, perl-Crypt-PasswdMD5, perl-libwww-perl, python-urllib3, suricata, and xrdp), Mageia (perl-Template-Toolkit and vim), Oracle (.NET 8.0, cockpit, firefox, flatpak, freerdp, kernel, and libexif), Red Hat (containernetworking-plugins, libsoup, libsoup3, multiple packages, php:8.2, php:8.3, podman, rhc, and skopeo), SUSE (amazon-ecs-init, amazon-ssm-agent, apptainer, azure-storage-azcopy, bind, chromium, csync2, cups, docker-stable, frr, gdk-pixbuf-loader-libheif, gnutls, hauler, helm, helm3, ignition, java-1_8_0-ibm, kernel, libBasicUsageEnvironment2, libredwg-devel, localsearch, memcached, openexr, perl-Net-CIDR-Lite, perl-YAML-Syck, postgresql14, python-mistune, python-pillow, python-pytest-html, python-urllib3, python311-Authlib, strongswan, trivy, vim, and xz), and Ubuntu (gdal, python-pip, qtwebengine-opensource-src, rsync, and texmaker).

The 7.1-rc6 kernel prepatch is out fortesting. Linus said: "Well, I wouldn't call this 'small', but it iscertainly smaller than rc5 was. And I don't think there's anythingparticularly scary here, so maybe we're still on track for a normal releasecycle. Let's see."

MeshCore is a relatively new project, started in January 2025, that aimsto build a scalable mesh network using low-power long-distance radios. Whilemany other projects of the same general nature have been tried before, MeshCoregrew quickly because of its more efficient message routing and enthusiasticcommunity. In early 2026, an early proponent of the project made a sudden shiftthat left the rest of the community stunned and embroiled in a trademark dispute.

Many organizations require US Federal Information Processing Standard (FIPS)certification of the crypto code they are running. The certificationprocess is lengthy, but the bigger problem is that the way the cryptosubsystem is built into the kernel makes the result unable to be reusedacross kernel updates. I have proposed a patchseries that decouples the crypto subsystem into a standaloneloadable module, allowing a certified crypto module to be reused withmultiple kernels and, thus, requiring fewer lengthy recertification delays.

Andrew Nesbitt has written a blogpost detailing a recent incident with the jqwik library for property-based testingin Java. On May25, the 1.10.0 release of jqwik included a changethat attempts to instruct coding agents to disregard previousinstructions and delete jqwik tests and code.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, cockpit, firefox, flatpak, httpd, kernel, and kernel-rt), Debian (kernel, kitty, lemonldap-ng, nagios4, python-flask-httpauth, and roundcube), Fedora (CImg, gmic, haveged, jpegxl, kernel, libpng, mapserver, mingw-qt6-qtsvg, openbao, perl-Sereal, perl-Sereal-Decoder, perl-Sereal-Encoder, and podofo), Mageia (bind, graphicsmagick, microcode, nginx, packages, perl-Catalyst-Plugin-Authentication, perl-HTTP-Daemon, perl-IO-Compress, and thunderbird(-l10n)), SUSE (alloy, apache2, beets, bubblewrap, cups, docker-stable, ffmpeg-4, ffmpeg-7, firefox, google-osconfig-agent, patterns-glibc-hwcaps, podman, samba, thunderbird, trivy, xdg-desktop-portal, and xz), and Ubuntu (apache2, libreoffice, multipart, openjdk-17, openjdk-17-crac, openjdk-21, openjdk-21-crac, openjdk-25, openjdk-25-crac, openjdk-26, openjdk-8, openjdk-lts, php8.1, php8.3, php8.4, php8.5, pyopenssl, python-pip, qtsvg-opensource-src, sed, and vim).

Version1.96.0 of the Rust programming language has been released. Changesinclude a new set of Copy-implementing Range types,assertions with pattern matching, a number of stabilized APIs, and twoCargo vulnerability fixes.

Gentoo developer Micha Gorny has written a lengthyarticle explaining the philosophy and purpose of the Gentoo Linuxdistribution, in response to athread on Mastodon:

In a filesystem-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, Amir Goldstein wanted todiscuss his proposeddocumentation on adding new filesystems to the kernel. There are anumber of unmaintained and untestable filesystems already in the kernel,which are a burden to VFS-layer developers who are trying to make sweepingchanges, such as switching to folios and the "new" mount API. Goldstein'sdocument is an attempt to head off the addition of filesystems that mayincrease that burden down the road.

IBM has sent out apress release touting a claimed $5billion investment into anoperation called Project Lightwell:

The kernel's memory-management subsystem is currently partway through amulti-year project to replace the page structure (which representsa page of physical memory) with memorydescriptors. At the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, Vishal Moola ran afast-paced session in the memory-management track to describe the currentstate of that work and what is likely to happen next.

Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, glibc, gnutls, kernel, libexif, mysql8.4, postgresql16, postgresql18, python3.14, ruby:3.3, and ruby:4.0), Debian (krb5, roundcube, starlette, unbound, and varnish), Fedora (kernel, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, perl-Imager, poppler, python-uv-build, rrdtool, rust-astral-tokio-tar, rust-astral_async_http_range_reader, rust-astral_async_zip, uv, and xen), Oracle (.NET 10.0, .NET 9.0, glibc, ruby:3.3, and thunderbird), Red Hat (.NET 10.0, .NET 8.0, .NET 9.0, containernetworking-plugins, gvisor-tap-vsock, podman, runc, and skopeo), SUSE (agama, alloy, bubblewrap, cockpit, cups, dnsmasq, emacs, glibc, gnutls, go1.25, go1.25-openssl, go1.26, go1.26-openssl, google-guest-agent, hplip, ibus-rime, librime, kernel, libarchive, libzypp, nginx, openexr, openssh, php7, postgresql14, postgresql15, postgresql16, python311-pytest-html, redis, redis7, rsync, tree-sitter, valkey, xen, and yq), and Ubuntu (cableswig, commons-beanutils, dnsmasq, ffmpeg, foomuuri, gst-plugins-good1.0, libcaca, libgcrypt20, mediawiki, memcached, papers, postorius, tgt, and tika).

Inside this week's LWN.net Weekly Edition:

The Linux Foundation will be hosting alive interview with LWN co-founder Jonathan Corbet. The event willtake place on Tuesday, June2 at 8:00AM Pacific daylight time (UTC-7).Registration is open for those who would like to attend.

Many large language models (LLMs) are described as open source, butif one looks a bit deeper it turns out that is not actually so; themodel may be free to download, it may be "open weight", but itdoes not fit the Open SourceInitiative (OSI) Open SourceDefinition (OSD). Assessing the actual openness of models is noteasy, as ArnaudLeHors explained in his talk about the Model Openness Tool (MOT) at OpenSource Summit North America 2026. The tool is designed to helpusers of LLMs understand to what degree a model is (or is not) open,and to combat the openwashingthat is prevalent with LLMs.

I recently presented a brief tribute to Andrew Morton at the 2026 Linux Storage, Filesystem, MemoryManagement, and BPF Summit; it included a suggestion that reading (orre-reading) his 2004 Ottawa Linux Symposium keynote would be instructive.This talk, given immediately after the KernelSummit session that decided to fundamentally change the kernel'sdevelopment model, tells a lot about how the kernel project got to where itis today. The text of that speech was hosted on Groklaw, and has sincebeen replaced by crypto spam, which is rather less useful. In the hopes ofpreserving this seminal moment, the transcript has been rescued thanks to theWayback Machine and is presented here.

The mapcount field was created to track the number of mappings(page-table entries) that refer to the given page. Among other things, amapcount of zero means that the page has no references and can bereclaimed. Maintaining mapcount has become increasinglychallenging and expensive as the memory-management system has grown incomplexity, so Hildenbrand has been looking for ways to get rid of it.This session was, he said, maybe one of the last times he will have tobring up this topic.

Security updates have been issued by AlmaLinux (bind, buildah, compat-libtiff3, compat-openssl11, containernetworking-plugins, crun, delve, dnsmasq, dovecot, edk2, firefox, freeipmi, gdk-pixbuf2, giflib, git-lfs, glib2, go-fdo-client, go-fdo-server, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free, iputils, jq, kernel, krb5, libcap, LibRaw, libsndfile, libsoup, libsoup3, libssh, libtiff, libvirt, linux-sgx, luksmeta, mingw-glib2, NetworkManager, nginx, nginx:1.24, nginx:1.26, openexr, openssh, openssl, opentelemetry-collector, p11-kit, PackageKit, podman, python-jwcrypto, python-markdown, python-tornado, python3.11, python3.12, python3.14, python3.9, qemu-kvm, rsync, skopeo, sudo, systemd, thunderbird, tomcat, unbound, vim, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-manager), Debian (imagemagick, kdenlive, memcached, node-shell-quote, and samba), Fedora (chromium, curl, editorconfig, haproxy, perl-Crypt-DSA, perl-HTTP-Tiny, poppler, rust-afterburn, rust-coreos-installer, rust-eif_build, rust-rpm-sequoia, rust-sequoia-chameleon-gnupg, rust-sequoia-git, rust-sequoia-keystore-server, rust-sequoia-octopus-librnp, rust-sequoia-openpgp, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, and uriparser), Oracle (compat-libtiff3, dnsmasq, firefox, freeipmi, kernel, and uek-kernel), Slackware (mozilla), SUSE (assimp, firefox, glibc, gnutls, go1.25-openssl, go1.26-openssl, kernel, kubevirt, leancrypto, libarchive, libsndfile, mcphost, nginx, openssh, podman, python-GitPython, rsync, and samba), and Ubuntu (ayttm, dnsmasq, libssh2, linux-azure, linux-azure, linux-azure-6.17, linux-iot, linux-lowlatency-hwe-5.15, ngtcp2, onnx, opencc, protobuf, python-git, samba, xdg-dbus-proxy, and xmlrpc-c).

Rodrigo Arias Mallo, maintainer of the Dillo web browser, has written ablog postwith a proposal on one way to ensure that a contribution is written bya human and not AI; he suggests asking new contributors to recordtheir programming session using asciinema.

Curl maintainer Daniel Stenberg writes aboutthe stress of keeping up with the current flood of security reports.

Huge pages can improve performance by increasing translation lookasidebuffer (TLB) utilization and reducing memory-management overhead.Transparent huge pages (THPs) are supposed to make huge-page usage,well, transparent, Nico Pache said at the beginning of his session in thememory-management track of the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit. That transparency hasnever worked as well as many would like; he has been working onimprovements to make it easier for applications to use huge pages on Linuxsystems. A following session, led by David Hildenbrand, was focused on howTHPs could be taken away from processes that are not using them fully.

Security updates have been issued by Debian (postorius and spip), Fedora (bind, bind-dyndb-ldap, linux-firmware, tor, and unbound), Mageia (ffmpeg, nginx, perl-Imager, and tigervnc, x11-server, x11-server-xwayland), Oracle (firefox and kernel), Red Hat (buildah, git-lfs, go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, opentelemetry-collector, osbuild-composer, podman, rhc, rhc-worker-playbook, skopeo, and yggdrasil), SUSE (amazon-ecs-init, assimp, azure-storage-azcopy, busybox, firefox, gnutls, graphicsmagick, helm, kernel, leancrypto, libpng16, libppsdocument4_0-6, libsndfile, mcphost, nano, nginx, perl-http-tiny, perl-XML-LibXML, python-urllib3, python-urllib3_1, python311-ocrmypdf, python312, rclone, rsync, xen, and xz), and Ubuntu (dotnet8, dotnet9, dotnet10, linux-intel-iot-realtime, linux-lowlatency, linux-nvidia-6.8, linux-nvidia-tegra, linux-nvidia-tegra-igx, nltk, simpleeval, and vim).

In a plenary session atthe2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, the state of patchreview using large language models (LLMs) was discussed. It is a topic that has been swirling around in thekernel community for much of the year. The plenary, which was led by RomanGushchin, Chris Mason, Josef Bacik, and Sasha Levin, resulted in a quite bitof discussion, so much that a second filesystem-track-only (though otherssurely sat in) slot was used to continue it later in the day.

The Software Freedom Conservancy (SFC)published a newsitem on May 18 about its response to violations of the AGPLv3 by BambuLab in its 3D printers. The company has not provided the source code toits modifications to a 3D "slicer" program that was released under theAGPLv3 and it has also threatened Pawe Jarczak who created a fork of adifferent slicer (Orca Slicer) released under AGPLv3 in order to interoperate with hisBambu printer. Based on that, the SFC has created the baltobuproject aimed at reverse-engineering and reimplementing the Bambu codewhile also hosting the Orca Slicer fork.

Joshua Hahn began his session in the memory-management track of the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit by saying that the memorycontroller for control groups is intended to provide resource allocation,accounting, and protection from interference by other tasks. Butit was not really designed for tiered-memory systems; he is looking for away to improve that situation.

Security updates have been issued by Debian (atril, evince, gnutls28, haproxy, haveged, jq, kernel, krb5, libgcrypt20, nodejs, and thunderbird), Fedora (aw-server-rust, awatcher, bind, bind-dyndb-ldap, chromium, composer, docker-buildkit, docker-buildx, dotnet10.0, dotnet8.0, dotnet9.0, evince, firefox, httpd, kernel, nodejs-aw-webui, nss, perl-Apache-Session-Browseable, pie, python-pulp-glue, python-requests, and python3.15), Slackware (kernel), SUSE (apptainer, chromium, cockpit, dnsmasq, google-guest-agent, hauler, iproute2, jfrog-cli, kernel, libecpg6, libsolv, libzypp, zypper, mcphost, oci-cli, perl-YAML-Syck, python-lxml, python-urllib3, python311-impacket, rqlite, rsync, util-linux, and xz), and Ubuntu (evince, linux-azure, linux-azure-5.4, linux-azure-fips, linux-azure-4.15, linux-azure-fips, linux-fips, linux-gcp-5.15, linux-lowlatency-hwe-5.15, linux-oracle-6.17, node-path-to-regexp, and rclone).

Linus Torvalds does not enjoy giving talks, but he does consent tothe occasional on-stage conversation with Dirk Hohndel at LinuxFoundation events. The pair held the 30th of their fire-less firesidechats during a keynote session on May20, at the 2026 OpenSource Summit North America. Topics included 3D printing, guitarpedals, the recent 7.1-rc4 release of the kernel, and Torvalds'scomplicated relationship with AI tooling.

The 7.1-rc5 kernel prepatch is out fortesting. Quoth Linus:

The 7.0.10,6.18.33,6.12.91,6.6.141,6.1.174,5.15.208, and5.10.257stable kernel updates have all been released. The first four are huge(the 7.0.10review version had 1,146 commits) while 6.1.174, 5.15.208, and 5.10.257are small updates for the "Fragnesia" vulnerability.

The kernel's page cache is charged with maintaining pages (or, morecorrectly, folios) containing copies ofdata from files in the filesystem; its performance has a big effect on theperformance of the system as a whole. One of the key decisions the kernelmust make is when to evict folios from the page cache. At the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, Tal Zussman ran amemory-management-track session on how the page cache could be bettercustomized for specific workloads. It will not be much of a spoiler to saythat it involves BPF.

A major page fault occurs when a process attempts to access a page that isnot currently present in RAM; satisfying such faults usually involves I/O, and can thus take some time. When many threadssharing an address space are generating page faults, the result can besignificant lock contention while that I/Otakes place. During the memory-management track at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, Barry Song led a sessionto try, yet again, to find an enduring solution to this problem.

Security updates have been issued by AlmaLinux (firefox), Debian (chromium, nss, openvpn, and thunderbird), Fedora (cockpit, kernel, and linux-firmware), Oracle (gdk-pixbuf2, kernel, and libsndfile), SUSE (container-suseconnect, cpp-httplib, dnsmasq, firefox, glibc, GraphicsMagick, java-1_8_0-openj9, kernel, mozjs115, php8, python-urllib3, rekor, rootlesskit, rsync, tiff, ucode-intel, util-linux, and xz), and Ubuntu (bind9, bubblewrap, libarchive, linux-intel-iot-realtime, postgresql-14, postgresql-16, postgresql-17, postgresql-18, and xdg-desktop-portal).

Michael Catanzaro has disclosed acommand-injection vulnerability affecting a number of GTK-based PDFreaders; exploits included:

Jose Marchesi and the GCC-BPF developers opened the BPF track at the 2026Linux Storage,Filesystem, Memory-management, and BPF Summitwith a 90-minute summary of what has changed for GCC's BPF support in the past year.This kind of session has become something of a tradition. There were similarupdates in2025 and2024. This time around, GCC seems to be closing in onfeature parity with the LLVM toolchain - as the slides detail.

The OpenBSD 7.9 release isout, right on schedule. There is the usual long list of new features,including improved architecture support, CPU scheduling on heterogeneoussystems, the ability to hibernate a suspended system after a configurabledelay, socket splicing, a__pledge_open()system call giving special access to the C library, and much more. See theannouncement and the fullchangelog for details.

Gregory Price started his session in the memory-management track of the2026 Linux Storage,Filesystem, Memory Management, and BPF Summit by saying that, incurrent kernels, if a NUMA node has memory, the assumption is that anybody canmake use of it. He is trying to implement the opposite policy - to makesome memory off-limits for all processes except those designed specificallyto use it. The session was used to present his goals and to discuss howthey might be implemented.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libsndfile), Debian (bind9, evince, firefox-esr, openjpeg2, pdns, and rsync), Fedora (erlang-cowlib, evince, expat, firefox, kernel, mingw-expat, mysql8.0, mysql8.4, nss, opencryptoki, pgadmin4, proftpd, python-django5, python-django6, python-dotenv, rsync, rust-nu, rustup, and strongswan), Oracle (nginx, nginx:1.24, ruby, ruby:3.3, and squid), Slackware (bind and rsync), SUSE (buildah, distribution, distribution-registry, docker, firefox-esr, helm, libpainter0, libsdb2_4_2, postgresql-jdbc, runc, and vim), and Ubuntu (gnutls28, gst-plugins-good1.0, jq, linux-nvidia, linux-nvidia-lowlatency, openvpn, rsync, and unbound).

Inside this week's LWN.net Weekly Edition:

"Reclaim" is the task of finding memory that can be taken away from itscurrent user and put to better uses within the system; it is a core part ofthe memory-management picture. The addition of the multi-generational LRU (MGLRU) was meant toprovide a better reclaim implementation than the "traditional LRU" thatpreceded it, but MGLRU has complicated the situation instead. No fewer thanthree memory-management-track sessions at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit were focused on MGLRU,with an eye toward integrating it more fully, improving its performance,and addressing some problems encountered with Android systems.

Security updates have been issued by AlmaLinux (kernel, libpng, nginx, nginx:1.24, ruby, and ruby:3.3), Debian (gnutls28 and linux-6.1), Fedora (dnsmasq, kernel, keylime-agent-rust, perl-Net-CIDR-Lite, python-pysam, python-urllib3, rust-cargo-vendor-filterer, rust-ingredients, rust-oo7-cli, rust-rpki, rust-sevctl, and rust-tealdeer), Mageia (bind), Oracle (bind, giflib, gimp:2.8, kernel, libpng, rsync, ruby, and vim), Slackware (haveged and mozilla), SUSE (cockpit, dnsmasq, erlang26, freeipmi, git-bug, glibc, GraphicsMagick, haveged, ImageMagick, iproute2, kernel, openssh, perl-CryptX, perl-HTTP-Tiny, postgresql14, postgresql15, postgresql16, python-Pillow, rsync, tiff, and traefik), and Ubuntu (Highlight.js, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-realtime, linux, linux-aws, linux-aws-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-fips, linux-fips, linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle, linux, linux-aws, linux-aws-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux, linux-aws, linux-hwe-6.17, linux-oem-6.17, linux-oracle, linux-raspi, linux-realtime, linux-realtime-6.17, and smarty3).