LWN.net

Geoff Huston looks at the network time protocol , and efforts to secure it, in detail. NTP operates in the clear, and it is often the case that the servers used by a client are not local. This provides an opportunity for an adversary to disrupt an NTP session, by masquerading as a NTP server, or altering NTP payloads in an effort to disrupt a client's time-of-day clock. Many application-level protocols are time sensitive, including TLS, HTTPS, DNSSEC and NFS. Most Cloud applications rely on a c…

In early February, members of the Fedora Council met in Tirana, Albania to discuss and set the strategic direction for the Fedora Project. The council has published summaries from its strategy summit, and Fedora Project Leader (FPL) Jed Spaleta, as well as some of the council members, held a video meeting to discuss outcomes from the summit on February 25. Topics included a plan to experiment with Open Collective to raise funds for specific Fedora projects, tools to build image-based editions, …

Version 25.12.0 of the OpenWrt router distribution is available; this release has been dedicated to the memory of Dave Täht. Changes include a switch to the apk package manager, the integration of the attended sysupgrade method, and support for a long list of new targets.

Security updates have been issued by Debian (chromium), Fedora (freerdp, libsixel, opensips, and yt-dlp), Mageia (python-django, rsync, and vim), Red Hat (go-rpm-macros and osbuild-composer), SUSE (7zip, assertj-core, autogen, c3p0, cockpit-machines, cockpit, cockpit-repos, containerized-data-importer, cpp-httplib, docker, docker-stable, expat, firefox, gnutls, go1.25-openssl, golang-github-prometheus-prometheus, haproxy, ImageMagick, incus, kernel, kubevirt, libsoup, libsoup2, mchange-commons,…

Version 1.94.0 of the Rust language has been released. Changes include array windows (an iterator for slices), some Cargo enhancements, and a number of newly stabilized APIs.

The grith.ai blog reports on an LLM prompt-injection vulnerability that led to 4,000 installations of a compromised version of the Cline utility. For the next eight hours, every developer who installed or updated Cline got OpenClaw - a separate AI agent with full system access - installed globally on their machine without consent. Approximately 4,000 downloads occurred before the package was pulled. The interesting part is not the payload. It is how the attacker got the npm token in the first p…

Chardet is a Python module that attempts to determine which character set was used to encode a text string. It was originally written by Mark Pilgrim, who is also the author of a number of Python books; the 1.0 release happened in 2006. For many years, this module has been under the maintainership of Dan Blanchard. Chardet has always been licensed under the LGPL, but, with the 7.0.0 release , Blanchard changed the terms to the permissive MIT license. That has led to an extensive (and ongoing) d…

Peter Korsgaard has announced version 2026.02 of Buildroot , a tool for generating embedded Linux systems through cross-compilation. Notable changes include added support for HPPA, use of the 6.19.x kernel headers by default, better SBOM generation, and more. Again a very active cycle with more than 1500 changes from 97 unique contributors. I'm once again very happy to see so many "new" people next to the "oldtimers". See the changelog for full details. Thanks to Julien Olivain for pointing us …

Sasha Levin has announced the release of the 6.12.76 , 6.6.129 , and 6.1.166 stable kernels. These releases address a regression reported by Peter Schneider; Levin said that an upgrade is only necessary for those who have observed a build failure with the 6.12.75, 6.6.128, or 6.1.165 kernels.

The multi-generational LRU (MGLRU) is an alternative memory-management algorithm that was merged for the 6.1 kernel in late 2022. It brought a promise of much-improved performance and simplified code. Since then, though, progress on MGLRU has stalled, and it still is not enabled on many systems. As the 2026 Linux Storage, Filesystem, Memory-Management and BPF Summit (LSFMM+BPF) approaches, several memory-management developers have indicated a desire to talk about the future of MGLRU. While some…

Security updates have been issued by AlmaLinux (go-rpm-macros, libpng, thunderbird, udisks2, and valkey), Fedora (coturn, php-zumba-json-serializer, valkey, and yt-dlp), Red Hat (delve, go-rpm-macros, grafana, grafana-pcp, image-builder, osbuild-composer, and postgresql), Slackware (nvi), SUSE (firefox, glibc, haproxy, kernel, kubevirt, libsoup, libsoup2, libxslt, mozilla-nss, ocaml, python, python-Django, python-pip, util-linux, virtiofsd, wicked2nm,suse-migration-services,suse-migration- sle1…

Inside this week's LWN.net Weekly Edition: Front : Python's bitwise-inversion operator; atomic buffered I/O; keeping open source open; Magit and Majutsu; IIIF; free software and free tools. Briefs : Ad tracking; firmware updates; TCP zero-copy; Motorola GrapheneOS phones; Gram 1.0; groff 1.24.0; Texinfo 7.3; Quotes; ... Announcements : Newsletters, conferences, security updates, patches, and more.

Sasha Levin has announced the release of the 6.19.6 , 6.18.16 , 6.12.75 , 6.6.128 , 6.1.165 , 5.15.202 , and 5.10.252 stable kernels. Each contains important fixes throughout the tree; users of these kernels are advised to upgrade.

Security updates have been issued by AlmaLinux (container-tools:rhel8, firefox, go-rpm-macros, kernel, kernel-rt, mingw-fontconfig, nginx:1.24, thunderbird, and valkey), Debian (gimp), Fedora (apt, avr-binutils, keylime, keylime-agent-rust, perl-Crypt-URandom, python-apt, and rsync), Red Hat (go-rpm-macros and yggdrasil-worker-package-manager), Slackware (python3), SUSE (busybox, cosign, cups, docker, evolution-data-server, freerdp, glibc, gnome-remote-desktop, go1.24-openssl, go1.25-openssl, g…

Jujutsu is an increasingly popular Git-compatible version-control system. It has a focus on simplifying Git's conceptual model to produce a smoother, clearer command-line experience. Some people already have a preferred replacement for Git's usual command-line interface, though: Magit , an Emacs package for working with Git repositories that also tries to make the interface more discoverable. Now, a handful of people are working to implement a Magit-style interface for Jujutsu: Majutsu .