Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] Suspending and resuming BPF programs
BPF programs can be used to extend many aspects the Linux kernel, but BPF programs must run to completion in the same context that they began. Kumar Kartikeya Dwivedi is working on changing that by allowing BPF programs to be expressed as coroutines. He spoke about his work at the 2026 Linux Storage, Filesystem, Memory-Management and BPF Summit. While still experimental, the change promises to make long-running BPF tasks significantly easier to write.
[$] AURpocalypse now: a look at the recent AUR attacks
The Arch User Repository (AUR) has been subjected to a sustained attack recently. The attacker, or attackers, have spun up a series of new accounts then used them to adopt orphaned packages and push malicious updates that would install malware on users' systems. It is unclear how many users were compromised in the attack, but the maintainers were playing Whac-A-Mole for several days to respond to each newly compromised package. The project has turned off the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes to its existing collaboration model.
[$] The first half of the 7.2 merge window
The 7.2 merge window started with the 7.1 kernel release on June 14. As of this writing, just over 7,000 non-merge changesets have been pulled into the mainline for the next kernel release. Many of the core subsystems have been pulled at this point, meaning that most of the changes that can be expected in 7.2 have now come into focus.
[$] Single-hop block replication with RMR and BRMR
How can cloud providers efficiently supply durable virtual block devices? Remote Direct Memory Access (RDMA) provides a way for servers in a cluster to share chunks of memory, but there still needs to be a protocol that operates on top of RDMA to provide the guarantees expected of a block device. The kernel's RDMA transport library (RTRS) provides a way to send messages via RDMA. I presented about two new components built on top of RTRS at the 2026 Linux Storage, Filesystem, Memory Management and BPF Summit: Reliable Multicast over RTRS (RMR) and Block device over RMR (BRMR). These modules, which I am working on with Jia Li, could be a way for cloud providers to expose durable block devices with as little overhead as possible. To accomplish that, however, we need some discussion and feedback from the community before sending the modules upstream.
[$] LWN.net Weekly Edition for June 18, 2026
Posted Jun 18, 2026 0:55 UTC (Thu)The LWN.net Weekly Edition for June 18, 2026 is available.
Inside this week's LWN.net Weekly Edition
- Front: State of Fedora; mTHP creation; overlayfs; buffer-heads cleanup; 7.1 statistics.
- Briefs: curl summer of bliss; 7.1 kernel; AUR compromise; Fedora election; FairScan 2.0; Firefox 152.0; Homebrew 6.0.0; KDE Plasma 6.7; LWN topic list; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Some buffer-heads cleanup work
Jan Kara has been working on cleaning up how buffer heads are used by some kernel filesystems. In a short filesystem-track session at the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, he gave an update on that work and where it is headed. Topics included generic infrastructure to track buffer heads for metadata, a buffer-head cleanup for the Amiga filesystem, and some planned locking fixes.
[$] The state of Fedora in 2026
On June 15 at Fedora's Flock conference, held in Prague, Fedora Project Leader (FPL) Jef Spaleta delivered a short "State of Fedora" keynote that provided a bit of insight into the status of the project. Topics included the overall growth for Fedora usage, ways to increase contributions, and an alarming decline in the number of active packagers working on the project.
[$] Development statistics for the 7.1 kernel
Linus Torvalds released the 7.1 kernel as expected on June 14. This development cycle brought in a lot of new features — and a lot of new developers as well. The time has come for our traditional look at where the changes in 7.1 came from, with a digression into how our community may be changing in general.
[$] An overlayfs update
In a shortened session in the filesystem track at the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, Amir Goldstein gave an update on the overlayfs union filesystem. There are some new features over the last few years that he wanted to mention, along with looking at the status of nesting overlayfs layers. The composefs use case that was discussed at the summit in 2023 has led to some interesting changes to overlayfs.
[$] Automatic mTHP creation in 7.2
The Linux kernel has long tried to use huge pages as a way to improve performance, sometimes with more success than others. The size of huge pages has traditionally been imposed by the hardware, which typically only offers a couple of relatively large options. In more recent times, though, the use of multi-size transparent huge pages (mTHPs), with more flexible sizing implemented in software, has been growing. If all goes well, the 7.2 development cycle will include the addition of a new feature, contributed by Nico Pache, to make the use of mTHPs even more transparent.
Systemd v261 released
Systemd v261 has been released with a long list of changes, including a new cloud "Instance Metadata Service" (IMDS) subsystem, "boot secret" functionality for use on systems that lack a physical TPM, as well as support for the kernel's Live Update Orchestration (LUO) / Kexec Handover (KHO) systems when they are present and enabled. See the release notes for the full list of changes.
Security updates for Friday
Security updates have been issued by AlmaLinux (dracut), Debian (chromium, firefox-esr, and thunderbird), Fedora (chromium, firefox, nss, ocserv, ongres-scram, ongres-stringprep, perl-Archive-Tar, perl-GD, perl-HTTP-Daemon, perl-Net-Statsd, restic, singularity-ce, util-linux, and vorbis-tools), Mageia (gstreamer1.0-*, libupnp, luajit, opensc, and ruby-rack), SUSE (curl, dnsmasq, ffmpeg-4, frr, google-osconfig-agent, java-1_8_0-ibm, kernel, krb5, kubernetes-old, ldns, liburiparser1, openvswitch, rootlesskit, strongswan, traefik, and trivy), and Ubuntu (ldns, libheif, libnet-cidr-lite-perl, lxd, tomcat11, and vim).
Eight new stable kernels for Friday
Greg Kroah-Hartman has announced the release of the 7.1.1, 7.0.13, 6.18.36, 6.12.94, 6.6.143, 6.1.176, 5.15.210, and 5.10.259 stable kernels. As usual, each contains important fixes. Users are advised to upgrade.
The Software Freedom Conservancy's LLM-backed generative AI recommendations
The Software Freedom Conservancy (SFC) has announced the release of its recommendations for using LLM-backed generative AI systems for FOSS contributions. The recommendations were created by the SFC and volunteers from the free-software community.
The recommendations reflect the extremely difficult dilemmas that these systems pose for FOSS contributors. SFC and its volunteers understand that FOSS developers are approaching LLM-gen-AI from a variety of perspectives. The recommendations offer practical assistance to minimize the damage caused by using proprietary systems, whether FOSS contributors reject LLM-gen-AI or choose (voluntarily or by employer mandate) to use them.
These recommendations are best practices (but not definitions or requirements) that SFC and its volunteers formulated after careful study of the growing LLM-gen-AI use among FOSS contributors. SFC will follow these recommendations with a series of supporting materials, including documents, online tutorials, public Q&As, podcasts, and other community engagement. We will routinely refine our recommendations and continue to support FOSS contributors as they navigate this difficult landscape.
Mastodon 4.6 released
Version 4.6 of the Mastodon fediverse platform has been released.
The headliner of this release is Collections, a way to create and share curated collections of profiles. Part of Mastodon's work ethos is our commitment to trust and safety, so we've put a lot of thought and care into the design of this feature to avoid some of the pitfalls and abuse people have experienced with similar features on other platforms, while focusing on its primary goal: Helping new users discover more of the Fediverse.
Other new features include support for subscribing to posts via email, the ability to generate a "year in review" post, accessibility improvements, and more.
Security updates for Thursday
Security updates have been issued by AlmaLinux (dracut, podman, postfix, rsync, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (atril, firefox-esr, and nginx), Mageia (libcap, perl, and python-pillow), Oracle (firefox, gstreamer-plugins-base and gstreamer-plugins-good, httpd:2.4, kernel, libpng12, libpng15, libxml2, libxslt, opencryptoki, openssl, postfix, rsync, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (bind, libidn, mozilla, and openssl), SUSE (alloy, docker, elemental-system-agent, glibc, grafana, helm, LibVNCServer, openssh8.4, perl-GD, perl-HTTP-Daemon, python-WebOb-doc, python311-google-adk, rustup, traefik2, wireshark, and xwayland), and Ubuntu (dolibarr, golang-go.crypto, graphite2, gst-plugins-bad1.0, kitty, libconfig-inifiles-perl, libnginx-mod-js, and webpy).
Fedora F44 election results
The results are in for Fedora's F44 election cycle for seats on the Fedora Council, Fedora Engineering Steering Committee, Fedora Mindshare Committee, and EPEL Steering Committee.
Miro Hrončok and Aleksandra Fedorova have won seats on the council. Neal Gompa, Fabio Valentini, Michel Lind, Maxwell G, and Simon de Vlieger have been elected to FESCo. Samyak Jain, Akashdeep Dhar, Luis Bazan, and Mat Holmes have all been elected to the Mindshare Committee. The four candidates for the EPEL committee, Carl George, Diego Hererra, Jonathan Wright, and Troy Dawson were all automatically elected as there were an equal number of candidates and seats open. Congratulations to all the winners.
Everything security at PyCon US 2026
The Python Software Foundation blog has a post with a summary of the security-related content at PyCon US 2026 with links to slides from important sessions. The recordings will be published to the PyCon US channel on YouTube, and the post will be updated with links to those videos as they are made available.
FairScan 2.0 released
Version 2.0 of the FairScan document-scanning app for Android has been released. The headline feature for this release is the addition of optical-character-recognition (OCR) support using Tesseract to produce PDFs with searchable text from scans. FairScan developer Pierre-Yves Nicolas has written a detailed blog about adding the feature and explaining why it had not been added previously.
That looks nice, so why didn't FairScan have it before? That's because FairScan wasn't ready for it: I wouldn't be comfortable if FairScan was giving you wrong text half of the time. To get good results from an OCR engine, you need to provide it a readable image. If it's hard to read for a human, it's certainly also hard to read for an OCR engine.
Over the past year, I worked on different parts of FairScan's automatic processing to transform photos of documents into PDFs that are easy for humans to read:
- document detection
- perspective correction
- shadow reduction
- brightness and contrast enhancement
All this work on image processing helped FairScan produce clean PDFs and can now also contribute to making text recognition effective.
FairScan is available via Google Play or F-Droid.
Security updates for Wednesday
Security updates have been issued by AlmaLinux (hplip, kernel, kernel-rt, libpng12, libpng15, libxml2, libxslt, mysql:8.0, mysql:8.4, opencryptoki, openssl, postfix, postgresql:15, rsync, and webkit2gtk3), Debian (asterisk, atril, gsasl, and libreoffice), Fedora (ack, bird, chromium, firefox, ldns, librabbitmq, nextcloud, nss, openslide, perl-Protocol-HTTP2, tig, vorbis-tools, and xen), Mageia (coturn, log4cxx, and python-tornado), SUSE (389-ds, buildah, container-suseconnect, distribution, editorconfig-core-c, elemental-system-agent, glib-networking, google-guest-agent, google-osconfig-agent, kernel, libcaca, libXpm, opensc, openssl-3, openvswitch, perl-Crypt-PBKDF2, python-python-dotenv, python311-aiosmtplib, python311-zeroconf, runc, shim, and sqlite3), and Ubuntu (ca-certificates, keystone, librabbitmq, linux, linux-aws, linux-kvm, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-oracle, linux-azure, linux-azure, linux-gcp, linux-hwe, linux-oracle, linux-azure-6.8, linux-oracle-5.15, nova, openimageio, qemu, and squid).