We are pleased to announce the release of GNU Guix version 1.5.0!

The release comes with ISO-9660 installation images, virtual machine images, and with tarballs to install the package manager on top of your GNU/Linux distro, either from source or from binaries—check out the download page. Guix users can update by running guix pull.

It’s been 3 years since the previous release. That’s a lot of time, reflecting both the fact that, as a rolling release, users continuously get new features and update by running guix pull; but it also shows a lack of processes, something that we had to address before another release could be made.

During that time, Guix received about 71,338 commits by 744 people, which include many new features; the project also got a new decision-making process, migrated to Codeberg and started a fundraising campaign. That’s just the surface among so many great changes, so keep reading!

Illustration by Luis Felipe, published under CC-BY-SA 4.0.

This post provides highlights for all the hard work that went into this release. There’s a lot to talk about so make yourself comfortable, relax, and enjoy.

Guix ecosystem

To start with, the Guix ecosystem has seen many exciting developments to the way we collaborate and make decisions!

Firstly, the project adopted with unanimity a new consensus-based decision making process. This process fills a need to be able to gather consensus on significant changes to the project, something that was getting very complicated with the growing number of contributors to the project.

Now, the process provides a clear framework for any contributor to propose and implement important changes. These can be submitted as Guix Consensus Documents (GCDs), each GCD goes through the multiple steps of consensus decision making before being accepted or withdrawn.

Secondly, using this process, the project was able to collectively migrate to Codeberg. This means that all repositories, and bug trackers are now at the same place on Codeberg and that contributions are now made with pull requests instead of patch series.

Thirdly, a new release process was adopted to bring an annual release cycle to Guix. This release is the first to follow this process, with hopefully many others to come!

Lastly, a “Planet� website for Guix is now available at https://planet.guix.gnu.org. It aggregates blogs from various Guix hackers and contributors to bring you the latest and greatest in Guix news.

Stronger distribution

Three years is a long time for free and open source software! Enough time for 12,525 new packages and 29,932 package updates to the Guix repository. Here are the best highlights:

To start, KDE Plasma 6.5 is now available with the new plasma-desktop-service-type!

Continuing on desktops; GNOME has been updated from version 42 to 46 and now uses Wayland by default. The gnome-desktop-service-type was made more modular to better customize the default set of GNOME applications.

Guix System is now using version 1.0 of the GNU Shepherd, which now supports timed services, kexec reboot and has new services for system logs and log rotation which are now used by Guix System instead of Rottlog and syslogd.

There are around 40 new system services to choose from, including Forgejo Runner, RabbitMQ, iwd, and dhcpcd to name a few.

setuid-programs has been replaced with privileged-programs in operating-system definitions to support giving specific Linux capabilities. Additonally, the nss-certs package is now included in %base-packages.

More than 12,500 packages were added, keeping Guix in the top-ten biggest distributions according to Repology! Among the many noteworthy updates, we now have GCC 15.2.0, Emacs 30.2, Icecat and Librewolf 140, LLVM 21.1.8 and Linux-libre 6.17.12.

Team activity

In the last release, we introduced structured cooperation using teams. There are now 50 teams distributing the many aspects of the distribution. We have per-language teams like python, rust and zig ensuring updates for packages and build systems as well as thematic teams like electronics, hpc and bioinformatics working on specific application domains. Here are what some of these teams have been up to:

The HPC team published their annual activity report 2024, showing the exciting developments of Guix in High-Performance Computing.

The electronics team is maintaining free software based Electronic Design Automation (EDA) packages to cover the needs of professionals and hobbyists in the domain with tools such as KiCad, LibrePCB, Xschem, Qucs-S and Ringdove EDA, as well as Verilog, SystemVerilog and VHDL compilers and a toolchain for programmable designs on GateMate FPGAs. They are also collaborating with the Free Silicon Foundation (F-Si) to push free software in the EDA space!

The science team has been able to add a myriad of Astronomy related packages, accompanied by the Python team bringing the move to the new pyproject.toml-based build system as well as the NumPy 2 update.

Finally, the rust team created a new packaging model to efficiently package rust crates, and was able to migrate the Rust collection, 150+ packages with 3,600+ libraries, in just under two weeks; making the Rust packaging process much easier for everyone.

Full source bootstraps

Full-source bootstraps of the Zig and Mono compilers are now available, and the existing bootstrap of Guix has been reduced once again!

Full-source bootstraps are Guix’s solution to the trusting trust problem: compilers are usually compiled by themselves, so how can you build a compiler without trusting an existing binary? Read these posts to learn more about this fascinating problem:

• The Full-Source Bootstrap: Building from source all the way down
• Zig reproduced without binaries
• Restoring Zig bootstrap chain in Guix (in Traditional Chinese)
• Adding a fully bootstrapped Mono

Improved CLI

The guix graph command has new backends for GraphML and CycloneDX JSON, meaning Guix can now be used to generate complete Software Bill of Material (SBOM) down to the first bootstrap binary!

guix shell containers have been improved with a --nesting option to use Guix within the container and a --emulate-fhs option that can be used to run software expecting a Filesystem Hierarchy Standard (FHS) compliant filesystem.

The guix pack command also received new backends to create RPM packages and AppImages that can be used to publish your Guix packages to non-Guix users.

Lastly, a new guix locate command is now available to find which packages provide a given file.

Security improvements

It is now possible to run the Guix daemon without root privileges, reducing the impact of privilege escalation vulnerabilities.

This “rootlessâ€� mode is now the default when installing Guix 1.5.0 on distros other than Guix System; on Guix System, it currently has to be explicitly enabled by setting (privileged? #f) in guix-configuration. Existing installation on distros other than Guix System can also be migrated to “rootlessâ€�.

This is possible thanks to the user namespaces. It might be possible that on your system, the user namespaces are not allowed for guix due to the lack of an AppArmor profile. Because of that, we’ve also included AppArmor profiles that are installed by default on foreign systems.

Finally, the Guix daemon received security fixes for CVE-2024-27297, CVE-2024-52867, CVE-2025-46415, CVE-2025-46416 and CVE-2025-59378.

Widened architecture support

Release tarballs are now available for the RISC-V 64-bit architecture (riscv64-linux).

The x86_64 architecture saw some development as well, with the experimental support of the GNU Hurd kernel (x86_64-gnu), aiming to be another significant step in the adoption and development of the Hurd. Overall support for the Hurd was greatly improved, it is now an option in the installer, childhurds can be automatically created with a system service and it can even run on a Thinkpad X60!

Fundraising campaign

Surprisingly, making a completely free software distribution does not come for free! The Guix project needs your help to pay the infrastructure costs of build farms, web servers and QA tools that are essential to making this release happen.

If you appreciate all of the work that is done to bring you this one-of-a-kind distro: please donate to the Guix Foundation!

Acknowledgments

For the release, thanks to all the release team members: Rutherther, Rodion Goritskov, Efraim Flashner, and Noé Lopez. Thanks as well to the release helpers: Andreas Enge, Mothacehe, Dariqq and Ludovic Courtès.

For creating the release process, thanks to Steve George.

For their Guix contributions, thanks to the 744 wonderful people who contributed and whose names we don’t list here (it would be a bit long). They can be listed with git log --oneline v1.4.0..v1.5.0 --format="%an" | sort -u. Every commit counts and is always appreciated ğŸ˜�

About GNU Guix

GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, AArch64, RISC-V and POWER9 machines.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.

Join the FSF and friends on Friday, January 23 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

The Springer journal "Digital Finance" has recently published "The proposed design of the digital euro: A critical analysis" by Mikolai Gütschow and Bernd Lucke. They describe serious flaws in the digital euro design as proposed by the European Commission and propose GNU Taler as an alternative technology for a potential CBDC with tangible benefits for Europeans.

Join the FSF and friends on Friday, January 16 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

Ian Kelling, FSF senior systems administrator, and also our president, outlines the complex steps the FSF tech team goes through to ensure the software we use is free. The tech team — currently just two people — is vital to our collective work for software freedom, which itself helps guarantee many of our other basic freedoms. We depend on people just like you to support our work: we have an associate membership drive to welcome 100 new members by January 16. Please join the FSF and help keep this work going.

Dear GNU CCT:

Here is summary of GNU website from GNU:

2025 had a splash of activity; a few teams who were dormant in 2024 made
a notable progress, in terms of new translations or updating the existing ones.

      General Statistics

About 2/3 new translations were made by the Chinese (zh-cn) team this year;
then the Greek and Albanian teams followed.  The Polish and Dutch teams
considerably reduced the amount of their outdated translations.

Currently, the total amount of translations is over 3400; the overall percentage
of outdated translations was about 5% lower than in 2024.

The table below shows the number and size of newly translated articles
in important directories and typical number of outdated GNUNified
translations throughout the year.

+-team--+------new-----+--outdated--+
|  el   |  5 ( 81.9Ki) |  19 (41%)  |
+-------+--------------+------------+
| eo *  |  1 ( 33.6Ki) |            |
+-------+--------------+------------+
|  es   |  4 ( 34.2Ki) | 2.0 (0.9%) |
+-------+--------------+------------+
|  fr   |  1 (  7.9Ki) | 1.4 (0.4%) |
+-------+--------------+------------+
|  ml   |  1 ( 11.2Ki) |  29 (88%)  |
+-------+--------------+------------+
|  nl   |  0 (  0.0Ki) |  26 (20%)  |
+-------+--------------+------------+
|  pl   |  1 (  9.9Ki) |  16 (10%)  |
+-------+--------------+------------+
|  ru   |  2 ( 26.9Ki) | 2.2 (0.7%) |
+-------+--------------+------------+
|  sq   |  4 ( 73.9Ki) | 9.0 (10%)  |
+-------+--------------+------------+
|  tr   |  4 ( 52.5Ki) | 1.9 (1.4%) |
+-------+--------------+------------+
| zh-cn | 39 (797.9Ki) | 1.3 (0.5%) |
+-------+--------------+------------+
+-------+--------------+
| total | 62 (1130Ki)  |
+-------+--------------+

• The Esperanto translation was installed by GNU Translation Managers

  without establishing a new team.

For the reference: 2 new articles were added, amounting to 27Ki (vs. 4 articles
and 44Ki in 2024); the number of commits (about 500 changes in approximately
90 English files) was almost twice as many as in 2024.

      Orphaned Teams, New and Reformed Teams

No teams were orphaned, and no new teams were established.  Greek and Dutch
teams changed their status to active without a reorganization.  A volunteer
requested creating the Georgian team, with no further progress.


Thank you for your contribution.
I wish you all a happy and successful 2026.

Happy hacking.
wxie

The P15 CoNetWorking Space in Biel/Bienne right next to the train station (and the BFH) is the first shop to accept GNU Taler payments in Swiss francs (eCHF) issued by Taler Operations AG and thus the first merchant accepting Taler payments in fiat currency. P15 is a great space to net-work, so go check it out!

Sixteen new GNU releases in the last month (as of December 31, 2025):

Mikolai Gütschow and signum gave a talk at the 39th Chaos Communication Congress (39C3) in Hamburg, Germany, where they reported on their good experiences with offering GNU Taler as a local payment system at LugCamp 2024 and Datenspuren 2024 and 2025.

GNU Emacs has been my primary computing environment of choice for over a decade. Emacs has enabled me to perform a wide array of tasks involving human and computer languages, such as reading and writing notes, emails, chats, programs, and more, all in a cohesive and consistent environment that I can tailor exactly to my needs and liking.

Coming from a Vim background, I started my Emacs journey trying some configuration frameworks that provided vi-like key bindings, and after a few Emacs bankruptcies, ended up with my current homegrown configuration that I wrote from scratch gradually over the last 7 years, with inspiration from the configurations of some folks who shared theirs publicly. Though my configuration has been mostly stable for a few years now and I consciously keep the number of external packages I use very small, I occasionally add small bits and pieces to my configuration when I’m inspired after learning about a neat feature or package on the blogs aggregated on Planet Emacslife, the messages sent to the Emacs mailing lists, or the videos from the annual EmacsConf conference.

I like getting a glimpse of other people’s worlds through the lens of their creative works such as writings, be it prose or Emacs Lisp. That’s only possible when people share freely, free as in freedom. I’m thankful to Richard Stallman for his foresight to imbue GNU Emacs with that freedom from the very beginning and for his lifelong fight for computer user freedom, and to the many other folks who have joined the free software movement since then and have fought the good fight.

I’ve been inspired and encouraged by many awesome Emacs people through the years. People like Corwin Brust with his joyful creative energy around Emacs and the road to software freedom, Sacha Chua and her philosophy of leading a life of learning, sharing, and scaling, Gopar and his enthusiasm for Emacs and its intersection with the Python world, folks like Protesilaos Stavrou and Greg Farough who discovered Emacs initially as non-programmers yet were enamoured by its embodiment of software freedom in practice and went on to integrate it into their everyday lives, and shoshin of the Cicadas cooperative at the intersection of humanity and technology sharing his passion for the human element and community by developing and contributing input methods for his ancestral language of Lakota to GNU Emacs. I’m deeply inspired by each of these wonderful people, and grateful for having known them and for each of their unique perspectives and life stories with which they have enriched my experience in Emacs and the free software world.

As wonderful and impactful as Emacs has been in the lives of the many who have come to know it throughout the decades that it’s been around, it would not have become what it has been, what it is today, and what it may become in the future without its community of passionate users and contributors. The People of Emacs are all of us. Here’s to many more of us, enjoying many more years of Emacs and software freedom together even if spread far apart.

Take care, and so long for now.

Inspired by the Emacs Carnival theme for this month, The People of Emacs. Thanks to George Jones for hosting.

BOSTON, Massachusetts, USA (December 29, 2025) — The Free Software Foundation (FSF) announced today that Eko K. A. Owen will follow in Ian Kelling's footsteps by becoming the second union staff-elected board member on the organization's board of directors.

Recently I have been using Gemini, a sort of a modernized Gopher, more and more, and have finally decided to create and maintain my own Gemini capsule, that you can find at

gemini://jemarch.srht.site.

The plan, moving forward, is to publish basically the same contents in both www and gemini versions of this homepage.

Salud!

Boston, Massachusetts, USA (Wednesday, December 24, 2025) -- The Free Software Foundation (FSF) today announced it received two major contributions totaling around $900,000 USD.

GNU Parallel 20251222 ('Bondi') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  Used?  gnu parallel is my new favorite toy
    -- Eytan Adar @eytan.adar.prof

New in this release:

• No new features.
• Bug fixes.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
    12345678 c555f616 391c6f7c 28bf9380 44f4ec50
    $ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
    70727536 3428aa9e 9a136b9a 7296dfe4
    $ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
    83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
    b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
    $ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

• Give a demo at your local user group/team/colleagues
• Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
• Get the merchandise https://gnuparall ... igns/gnu-parallel
• Request or write a review for your favourite blog or magazine
• Request or build a package for your favourite distribution (if it is not already there)
• Invite me for your next conference

If you use programs that use GNU Parallel for research:

• Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

• (Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

We are happy to announce the release of GNU Taler v1.3.

GNUnet 0.26.2

This is a bugfix release for gnunet 0.26.1. It fixes some regressions and minor bugs.

Links

• Tarball download (tar.gz) ( signature )

You can find a detailed list of changes in the git log and noteworthy changes in the NEWS file.

The GPG key used to sign is: D842 3BCB 326C 7907 0339 29C7 939E 6BE1 E29F C3CC

Note that due to mirror synchronization, not all links may be functional early after the release. For direct access try https://ftp.gnu.org/gnu/gnunet/

Dear community

I am happy to announce that since patchset 5.0.5, GNU Health Information system is ready for Python 3.14.

All GNU Health HIS packages have been updated so they allow Python 3.14. The GNU Health GTK client and GNU Health control installation and instance manager have also been upgraded.

Operating systems like Void Linux already upgraded to Python 3.14, and now you can enjoy this Pi.thon release in GNUHealth.

As usual, backup your database, local modules/packages and GNU Health filesystem before upgrading, and report any issue you may find.

For detailed information and changes, please visit the GNU Health HIS repositories at Codeberg (https://codeberg. ... org/gnuhealth/his)

You can download the source code directly from GNU.org and the packages from PyPI.

Happy hacking ❤️

GNU mailutils version 3.21 is available for download.  Short list of changes in this version follows. Refer to its NEWS file for a detailed discussion.

• Optionally create intermediate directories when creating mailboxes.
• New configuration section homedir controls creation of home directories.
• Imap4d configuration statements create-home-dir and home-dir-mode declared obsolete. Use homedir section, instead.
• Changes in sieve language
  • Fileinto action: new option :interdir
  • New commands in string expansions: localuser and detail.
  • Immediate values allowed in ldap.field_map configuration statement.
• Bugfixes
  • Sieve: fix coredump on parsing fileinto :permission action.
  • Sieve: fix optimizer.
  • Library: fix parsing ls-compatible permission strings.
  • Library: fix mu_sieve_machine_clone function.
  • Configuration: use backslash to escape delimiters in some statements.
  • Library: fix localized help output.

Version 1.7 of GNU radius is available for download.

This is a maintenance release.

Noteworthy changes:

• Support for Guile 3.x.
• Code cleanup.
• Improved testsuite.
• Improved documentation.
• Various bugfixes.

BOSTON, Massachusetts, USA (Tuesday, December 9, 2025) — The Free Software Foundation (FSF) announced today the recipients of the 2024 Free Software Awards, which are given annually by the FSF to groups and individuals in the free software community who have made significant contributions to the cause for software freedom.

I am pleased to announce the availability of Planet Guix, an Atom and RSS aggregator covering all things Guix. You can browse posts on the website or use your favourite feed reader to subscribe to the aggregate feed.

Planet Guix already has subscriptions to 19 blogs from around the community; if you write about Guix (no matter how infrequently) and would like your blog to be included, or if you would like to suggest another blog I missed, please create a pull request against the repository in Codeberg — you'll see that the subscriptions are simply configured as association lists in planet/config.scm.

Background

Back in September, Sébastien Gendre asked on the help-guix mailing list if there were any plans to create a Planet website for Guix. The discussion drifted into how this might be implemented in Guile, and I thought it sounded like an interesting project for the dark autumn evenings.

The original Planet aggregator was written in Python and many Planet websites are still using its successor, Venus. The Venus code base has not seen much activity in the last decade and still uses Python 2, which was sunset in 2020. This was all the incentive I needed to implement a new Planet aggregator and static site generator in Guile.

Implementation

We already know from the likes of Haunt that Guile has all the tools needed to generate a static web site. Both Atom and RSS are XML formats, and Guile also has great support for working with XML. The Guile Planet implementation uses the following built-in modules:

• (web client) to fetch the feeds.
• (sxml simple) for reading the Atom/RSS feeds and writing the aggregate Atom feed.
• (sxml xpath) for searching the feeds to extract the data of interest.
• (sxml transform) for sanitizing HTML in the entry summaries.

Many feeds include HTML content in the entry summary, which we need to parse. This is where htmlprag from guile-lib comes in. I used this both to parse HTML embedded in feeds and to generate the static content from an SXML data structure.

With these libraries to hand the code for the planet aggregator almost wrote itself!

I was trying to keep dependencies to a minimum, but guile-filesystem is too useful to do without and, later in the development process, I pulled in guile-srfi-235 which provides some useful combinators. At the moment I'm only using apply-chain to build a function for post-processing one of the feeds, but why re-invent the wheel?

Deployment

I initially deployed the Planet to a test site running on one of my servers, but the idea was received enthusiastically by the Guix maintainers and I was happy that they wanted to host it on their infrastructure.

Of course they are using Guix to manage their virtual machines in Hetzner cloud! While they could have picked up the Planet code and run with it, instead they pointed me at the server configuration and invited me to make a pull request against hydra/guix-hetzner-2.scm.

They suggested I base the configuration on their existing static-web-site-configuration so I started reading the code which proved very educational (I admit that I had to sleep on it for a week before coming up with a plan!)

The static-web-site-configuration did almost everything needed to build the Planet aggregator, only the build step runs like a Guix package build in an isolated environment with no network - so we cannot fetch the feeds in this build step.

Luckily, I had already implemented functionality in the Planet code base to build the static site from feeds cached on disk. So it was simply a case of adding support for a pre-build script to the static-web-site-configuration and using this step to download the feeds.

The pull request was merged after some short discussion, and a few days later the site was live in its new home.

Community

This was my second time contributing to the Guix project and I'm pleased to report that it was a smooth experience both times. When it came to the deployment, I was glad that I was encouraged to add the service configuration myself instead of being spoon-fed: working with computers, you learn best by doing.

I'd like to give a shout-out to @civodul, @cbaines, and @apteryx for their help with the deployment, and to the several people who sent merge requests to add their blogs before I even got around to writing this announcement.

I think the Planet site is already a great place to discover people writing about Guix, and I hope it grows and becomes an asset to the community. Happy reading!

I am delighted to announce a new release of GNU a2ps, the “anything to
PostScript” system.

This is to announce a2ps-4.15.8, a stable release. This release fixes a
buffer overflow, and a failure to build on some older systems.

There have been 13 commits by 1 people in the 21 weeks since 4.15.7.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Reuben Thomas (13)

Reuben
 [on behalf of the a2ps maintainers]
==================================================================

Here is the GNU a2ps home page:
    https://gnu.org/s/a2ps/

Here are the compressed sources and a GPG detached signature:
  https://ftpmirror.gnu.org/a2ps/a2ps-4.15.8.tar.gz
  https://ftpmirror.gnu.org/a2ps/a2ps-4.15.8.tar.gz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

  File: a2ps-4.15.8.tar.gz
  SHA256 sum:   8d13915a36ebbfa8e7b236b350cc81adc714acb217a18e8d8c60747c0ad353f9
  SHA3-256 sum: 0dce19c25df3be0ce1fc2b92710c33a724595b3617686cbb904ab60dcdd15b34

Verify the SHA256 checksum with either sha256sum, sha256, or
shasum -a 256.

Verify the SHA3-256 checksum with cksum -a sha3 --check
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify a2ps-4.15.8.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   rsa2048 2013-12-11 [SC]
        2409 3F01 6FFE 8602 EF44  9BB8 4C8E F3DA 3FD3 7230
  uid   Reuben Thomas <rrt@sc3d.org>
  uid   keybase.io/rrt <rrt@keybase.io>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key rrt@sc3d.org

  gpg --recv-keys 4C8EF3DA3FD37230

  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=a2ps&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify a2ps-4.15.8.tar.gz.sig

This release is based on the a2ps git repository, available as

  git clone https://https.git.savannah.gnu.org/git/a2ps.git

with commit c41304d1745017322adb12ba40e7f06984e7f14e tagged as v4.15.8.

For a summary of changes and contributors, see:

  https://gitweb.git.savannah.gnu.org/gitweb/?p=a2ps.git;a=shortlog;h=v4.15.8

or run this command from a git-cloned a2ps directory:

  git shortlog v4.15.7..v4.15.8

This release was bootstrapped with the following tools:
  Autoconf 2.72
  Automake 1.18.1
  Gnulib 2025-12-04 481064c5c22c8137188eecb6662ebea03fc6d0b8

NEWS

* Noteworthy changes in release 4.15.8 (2025-12-04) [stable]
 * Bug fixes:
   - Fix a buffer overflow when a long value supplied to -E.
   - Include some header files with system paths, not user paths.
 * Build system:
   - Fix building on systems that need gnulib's malloc wrapper.
   - Remove a generated file from git.
   - Update the version of gettext used.
 * Documentation:
   - Update copyright notices to point to GPL online.

We are pleased to announce the release of GNU Guile 3.0.11! This release is mainly a bug-fix release, though it does include a number of new features, including support for SRFI 197: Pipeline Operators, support for SRFI 207: String-notated bytevectors (bytestrings), and JIT (just-in-time) compilation for the RISC-V architecture.

It also overhauls SRFI-64 (testing) and includes many other improvements. For full details, see the release notes and check out the download page.

Happy Guile hacking!

Hello and welcome to my November free software activities report. I’ve been working on a number of things throughout this month but they’re not quite ready for reporting yet, so this month’s report will be quite short.

GNU & FSF

• EmacsConf: I recorded the video for my Gnus talk for this year’s conference. The video will be available along with the the other EmacsConf talks from the conference website, but if you’re feeling particularly impatient you can sneak a peek at it. :)

  https://archive.org/details/emacsconf-2025-gnus

• GNU Spotlight: I prepared and sent the November GNU Spotlight to the FSF campaigns team for publication on the FSF’s community blog and the monthly Free Software Supporter newsletter.

Take care, and so long for now.

I am very happy to announce that, after almost a year in the works, today the Algol 68 front-end has been merged in GCC proper in its development trunk branch. This means that we are no longer off-tree, and that GCC 16 will be featuring a full-fledged and modern Algol 68 compiler once it gets released.

This doesn't mean the work is done. The modules system, which is already functional, needs to be completed and polished, parallel clauses are still to be implemented, and the quality of the generated code should be generally improved. We also want to replace the boehm GC with a tightly integrated customized, exact one, and to continue modernizing and expanding the language, always carefully and respectfully, via GNU extensions: exception handling, FFI, etc.

At this point I would like to thank Marcel van der Veer, Pietro Monteiro, Mohammad-Reza Nabipoor, Thomas Schwinge, Sam James, Matthias Klose, Iain Buclaw, Andrew Pinski, Segher Boessenkool, Iain Sandoe, the GCC global reviewers and the overall GCC community. Without their help, and Marcel's nifty Algol 68 parser, this front-end would simply not exist.

And now, the real fun starts... ;)
Happy algoling!

The debian-with-guix-container project build and publish container images of Debian GNU/Linux stable with GNU Guix installed.

The images are like normal Debian stable containers but have the guix tool and a reasonable fresh guix pull.

Supported architectures include amd64 and arm64. The multi-arch container is called:

registry.gitlab.com/debdistutils/guix/debian-with-guix-container:stable

It may also be accessed via debian-with-guix at Docker Hub as:

docker.io/jas4711/debian-with-guix:stable

The container images may be used like this:

$ podman run --privileged -it --hostname guix --rm registry.gitlab.com/debdistutils/guix/debian-with-guix-container:stable
root@guix:/# hello
bash: hello: command not found
root@guix:/# guix describe
  guix c9eb69d
    repository URL: https://gitlab.com/debdistutils/guix/mirror.git
    branch: master
    commit: c9eb69ddbf05e77300b59f49f4bb5aa50cae0892
root@guix:/# LC_ALL=C.UTF-8 /root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild &
[1] 21
root@guix:/# GUIX_PROFILE=/root/.config/guix/current; . "$GUIX_PROFILE/etc/profile"
root@guix:/# guix describe
Generation 2    Nov 28 2025 10:14:11    (current)
  guix c9eb69d
    repository URL: https://gitlab.com/debdistutils/guix/mirror.git
    branch: master
    commit: c9eb69ddbf05e77300b59f49f4bb5aa50cae0892
root@guix:/# guix install --verbosity=0 hello
accepted connection from pid 55, user root
The following package will be installed:
   hello 2.12.2

hint: Consider setting the necessary environment variables by running:

     GUIX_PROFILE="/root/.guix-profile"
     . "$GUIX_PROFILE/etc/profile"

Alternately, see `guix package --search-paths -p "/root/.guix-profile"'.

root@guix:/# GUIX_PROFILE="/root/.guix-profile"
root@guix:/# . "$GUIX_PROFILE/etc/profile"
root@guix:/# hello
Hello, world!
root@guix:/# 

Below is an example GitLab pipeline job that demonstrate how to run guix install to install additional dependencies, and then download and build a package that pick up the installed package from the system.

test-wget-configure-make-libksba-amd64:
  image: registry.gitlab.com/debdistutils/guix/debian-with-guix-container:stable
  before_script:
  - env LC_ALL=C.UTF-8 /root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild $GUIX_DAEMON_ARG &
  - GUIX_PROFILE=/root/.config/guix/current; . "$GUIX_PROFILE/etc/profile"
  - guix describe
  - guix install libgpg-error
  - GUIX_PROFILE="/root/.guix-profile"; . "$GUIX_PROFILE/etc/profile"
  - apt-get install --update -y --no-install-recommends build-essential wget ca-certificates bzip2
  script:
  - wget https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2
  - tar xfa libksba-1.6.7.tar.bz2
  - cd libksba-1.6.7
  - ./configure
  - make V=1
  - make check VERBOSE=t V=1

The images were initially created for use in GitLab CI/CD Pipelines but should work for any use.

The images are built in a GitLab CI/CD pipeline, see .gitlab-ci.yml.

The containers are derived from official Debian stable images with Guix installed and a successful run of guix pull, built using buildah invoked from build.sh using image/Containerfile that runs image/setup.sh.

The pipeline also push images to the GitLab container registry, and then also to Docker Hub.

Guix binaries are downloaded from the Guix binary tarballs project because of upstream download site availability and bandwidth concerns.

Enjoy these images! Hopefully they can help you overcome the loss of Guix in Debian which made it a mere apt-get install guix away before.

There are several things that may be improved further. An alternative to using podman --privileged is to use --security-opt seccomp=unconfined --cap-add=CAP_SYS_ADMIN,CAP_NET_ADMIN which may be slightly more fine-grained.

For ppc64el support I ran into an error message that I wasn’t able to resolve:

guix pull: error: while setting up the build environment: cannot set host name: Operation not permitted

For riscv64, I can’t even find a Guix riscv64 binary tarball for download, is there one anywhere?

For arm64 containers, it seems that you need to start guix-daemon with --disable-chroot to get something to work, at least on GitLab.com’s shared runners, otherwise you will get this error message:

guix install: error: clone: Invalid argument

Building the images themselves also require disabling some security functionality, and I was not able to build images with buildah without providing --cap-add=CAP_SYS_ADMIN,CAP_NET_ADMIN otherwise there were errors like this:

guix pull: error: cloning builder process: Operation not permitted
guix pull: error: clone: Operation not permitted
guix pull: error: while setting up the build environment: cannot set loopback interface flags: Operation not permitted

Finally on amd64 it seems --security-opt seccomp=unconfined is necessary, otherwise there is an error message like this, even if you use --disable-chroot:

guix pull: error: while setting up the child process: in phase setPersonality: cannot set personality: Function not implemented

This particular error is discussed upstream, but I think generally that these error suggest that guix-daemon could use more optional use of features: if some particular feature is not available, gracefully fall back to another mode of operation, instead of exiting with an error. Of course, it should never fall back to an insecure mode of operation, unless the user requests that.

Happy Hacking!

The 24th release of GNU Astronomy Utilities (Gnuastro) is now available. See the full announcement for all the new features in this release and the many bugs that have been found and fixed: https://lists.gnu ... -11/msg00001.html

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

October 2025

Apple's Operating Systems Are Malware

• Apple repeatedly sabotaged Beeper Mini, a client to replace its iMessage instant messaging service, interfering with people's ability to use their installed software just to keep a dominant position in that market by avoiding competition.

Malware In Cars

• Jeep forced a software change into certain cars. In addition to being unjust, this one was dangerous too.

Google's Software is Malware

• Motorola ships Android phones with a locked bootloader, offering a method to unlock the devices. The method involves creating an account, which requires running nonfree JavaScript and disclosing personal data as well as identifying at least your phone's model.

This puts users in danger of privacy breaches in exchange for permission to modify the software that runs in a device they own. Users should be free to modify this and all software as they wish, without interference from the manufacturer or developer.

Back in 2013 (when the company was owned by Google) someone found a way to crack the bootloader restrictions. Android developers also provide a lock/unlock method.

September 2025

Malware in Appliances

• Echelon forcefully downgraded the firmware of its home gym equipment so that the devices will provide their full capabilities only if connected to Echelon's servers and only with a paid subscription, all the while breaking compatibility with third party apps that offer additional functionalities. Efforts to restore offline functionality were successful, but the fix can't be released due to section 1201 of the DMCA.

Note that those articles mention “open source”; the GNU Project recommends the expression free/libre software instead.

Google's Software is Malware

• Google has announced the inclusion of a “security” measure in Android “smartphones,” which will require any software installed in certified Android devices to come from a developer who has gone through Google's new developer verification program.

The problem here is not that there's a system that provides trust on the origin of the software. A system like that might be useful, but the end user should still be able to select which organization provides that service, or maybe set up such an organization or renounce the service altogether.

Making this verification exclusive to Google makes us question which is the threat here. Is it a user installing malware inadvertently? Or is it the user installing software that makes Google lose money?

This will also kill projects such as F-Droid that promote privacy and freedom by distributing free (as in freedom) apps.

Does your Linux box take forever to boot? The command you’re looking for is systemd-analyze blame

GNU Parallel 20251122 ('Mamdani') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  ainda não inventaram palavras capazes de expressar minha gratidão aos desenvolvedores do GNU Parallel
    -- @nueidris.kawaii.social

New in this release:

• No new features.
• Bug fixes.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
    12345678 c555f616 391c6f7c 28bf9380 44f4ec50
    $ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
    70727536 3428aa9e 9a136b9a 7296dfe4
    $ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
    83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
    b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
    $ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

• Give a demo at your local user group/team/colleagues
• Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
• Get the merchandise https://gnuparall ... igns/gnu-parallel
• Request or write a review for your favourite blog or magazine
• Request or build a package for your favourite distribution (if it is not already there)
• Invite me for your next conference

If you use programs that use GNU Parallel for research:

• Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

• (Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

Today I submitted the version 6 of the patch series for the Algol 68 GCC Front-End:

https://gcc.gnu.org/pipermail/gcc-patches/2025-November/701589.html

Since last submission we have added a modules system based on the Modules and Separate Compilation Facility designed by Charles Lindsey and Hendrik Boom and released by the IFIP Working Group 2.1 Standing Subcommittee on ALGOL 68 Support. To our knowledge, this is the first time the modules facility ever gets implemented.

This is the deal:

  Jose E. Marchesi (50):
    a68: top-level misc files
    a68: build system
    a68: build system (regenerated files)
    a68: documentation
    a68: command-line options
    a68: DWARF language codes
    a68: darwin specific support
    a68: powerpc specific support
    a68: gcc/algol68 misc files
    a68: ga68 compiler driver
    a68: a681 compiler proper
    a68: unicode support routines
    a68: front-end diagnostics
    a68: modules exports
    a68: modules imports
    a68: parser: entry point
    a68: parser: AST nodes attributes/types
    a68: parser: scanner
    a68: parser: keyword tables management
    a68: parser: top-down parser
    a68: parser: parenthesis checker
    a68: parser: bottom-up parser
    a68: parser: syntax check for declarers
    a68: parser: standard prelude definitions
    a68: parser: parsing of modes
    a68: parser: symbol table management
    a68: parser: static scope checker
    a68: parser: debug facilities
    a68: parser: extraction of tags from phrases
    a68: parser: dynamic stack usage in serial clauses
    a68: parser: pragmats infrastructure
    a68: low: lowering entry point and misc handlers
    a68: low: plain values
    a68: low: stowed values
    a68: low: standard prelude
    a68: low: clauses and declarations
    a68: low: runtime
    a68: low: builtins
    a68: low: ranges
    a68: low: units and coercions
    a68: low: modes
    a68: libga68: sources, spec and misc files
    a68: libga68: build system
    a68: libga68: build system (generated files)
    a68: testsuite: infrastructure
    a68: testsuite: execution tests 1/2
    a68: testsuite: execution tests 2/2
    a68: testsuite: compilation tests
    a68: testsuite: revised MC Algol 68 test set
    a68: testsuite: mcgt tests
      

https://www.theve ... d-data-collection

GNUnet 0.26.1

This is a bugfix release for gnunet 0.26.0. It fixes some regressions and minor bugs.

Links

• Source: https://ftpmirror.gnu.org/gnunet/gnunet-0.26.1.tar.gz ( https://ftpmirror.gnu.org/gnunet/gnunet-0.26.1.tar.gz.sig )
• Detailed list of changes: https://git.gnunet.org/gnunet.git/log/?h=v0.26.1
• NEWS: https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.26.1

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links may be functional early after the release. For direct access try https://ftp.gnu.org/gnu/gnunet/

The Debian Libre Live Images allows you to run and install Debian GNU/Linux without non-free software.

The general goal is to provide a way to use Debian without reliance on non-free software, to the extent possible within the Debian project.

One challenge are the official Debian live and installer images. Since the 2022 decision on non-free firmware, the official images for bookworm and trixie contains non-free software.

The Debian Libre Live Images project provides Live ISO images for Intel/AMD-compatible 64-bit x86 CPUs (amd64) built without any non-free software, suitable for running and installing Debian. The images are similar to the Debian Live Images distributed as Debian live images.

One advantage of Debian Libre Live Images is that you do not need to agree to the distribution terms and usage license agreements of the non-free blobs included in the official Debian images. The rights to your own hardware won’t be crippled by the legal restrictions that follows from relying on those non-free blobs. The usage of your own machine is no longer limited to what the non-free firmware license agreements allows you to do. This improve your software supply-chain situation, since you no longer need to consider their implication on your computing environment for your liberty, privacy or security. Inclusion of non-free firmware is a vehicle for xz-style attacks. For more information about the advantages of free software, see the FSF’s page on What is Free Software?.

Enough talking, show me the code! Err, binaries! Download images:

wget https://gitlab.com/api/v4/projects/74667529/packages/generic/debian-libre-live/main/live-image-amd64.hybrid.iso
wget https://gitlab.com/api/v4/projects/74667529/packages/generic/debian-libre-live/main/live-image-amd64.hybrid.iso.SHA256SUMS
sha256sum -c live-image-amd64.hybrid.iso.SHA256SUMS

Run in a virtual machine:

kvm -cdrom live-image-amd64.hybrid.iso -m 8G

Burn to an USB drive for installation on real hardware:

sudo dd if=live-images-amd64.hybrid.iso of=/dev/sdX # use sdX for USB drive

Images are built using live-build from the Debian Live Team. Inspiration has been taken from Reproducible Live Images and Kali Live.

The images are built by GitLab CI/CD shared runners. The pipeline .gitlab-ci.yml container job creates a container with live-build installed, defined in container/Containerfile. The build job then invokes run.sh that includes a run to lb build, and then upload the image to the package registry.

This is a first initial public release, calibrate your expectations! The primary audience are people already familiar with Debian. There are known issues. I have performed successful installations on a couple of different machines including laptops like Lenovo X201, Framework AMD Laptop 13″ etc.

Are you able to install Debian without any non-free software on some hardware using these images?

Happy Hacking!

GNUnet 0.26.0 released

We are pleased to announce the release of GNUnet 0.26.0.
GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.

This is a new major release. Major versions may break protocol compatibility with the 0.25.X versions. Please be aware that Git master is thus henceforth (and has been for a while) INCOMPATIBLE with the 0.25.X GNUnet network, and interactions between old and new peers will result in issues. In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.26.0 release is still only suitable for early adopters with some reasonable pain tolerance .

If it were not for compatibility-breaking changes in the crypto API of libgnunetutil this would only be a maintenance release. The changes hopefully protect users of the library from misuse of GNUnet's cryptographic key objects in ways that may be detrimental to security. Since this change breaks backwards compatibility, this is a new major release.

Download links

• gnunet-0.26.0.tar.gz ( signature )
• gnunet-fuse-0.26.0.tar.gz ( signature )

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links might be functional early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/

Changes

A detailed list of changes can be found in the git log , the NEWS .

Known Issues

• There are known major issues with the TRANSPORT subsystem.
• There may be some regressions in the new CORE subsystem.
• There are known moderate implementation limitations in CADET that negatively impact performance.
• There are known moderate design issues in FS that also impact usability and performance.
• There are minor implementation limitations in SET that create unnecessary attack surface for availability.
• The RPS subsystem remains experimental.

In addition to this list, you may also want to consult our bug tracker at bugs.gnunet.org which lists about 190 more specific issues.

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Christian Grothoff, Florian Dold, TheJackiMonster, ch3, and Martin Schanzenbach.

We are happy to announce the release of GNU Taler v1.2.

The GNU Health Conference 2025 will take place December 20th, and it will be online!

Join us and get the latest on Free Software in healthcare and social medicine!

#GHCon2025

More info and registration:
https://www.gnuhe ... h.org/ghcon/2025/

This is to announce coreutils-9.9, a stable release.
This is primarily a stabilization release,
details of which are summarized in the NEWS below.

There have been 106 commits by 10 people in the 7 weeks since 9.8.
Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Bernhard Voelker (4)    Mathieu Bordere (1)
  Bruno Haible (4)        Nicolas Boichat (1)
  Collin Funk (28)        Paul Eggert (9)
  Grisha Levit (1)        Pádraig Brady (57)
  Hannes Braun (1)        Sylvestre Ledru (1)

Pádraig [on behalf of the coreutils maintainers]
==================================================================

Here is the GNU coreutils home page:
    https://gnu.org/s/coreutils/

Here are the compressed sources:
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.gz   (15MB)
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.xz   (6.1MB)

Here are the GPG detached signatures:
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.gz.sig
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

  File: coreutils-9.9.tar.gz
  SHA1 sum:   c66ec935ab7e0ef32c40153fcf67dcf67579171a
  SHA256 sum: 91a719fcf923de686016f2c8d084a8be1f793f34173861273c4668f7c65af94a

  File: coreutils-9.9.tar.xz
  SHA1 sum:   456b5c69f3ce8fbdbe926a11652673ecf12bfc44
  SHA256 sum: 19bcb6ca867183c57d77155eae946c5eced88183143b45ca51ad7d26c628ca75

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify coreutils-9.9.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   rsa4096/0xDF6FD971306037D9 2011-09-23 [SC]
        Key fingerprint = 6C37 DC12 121A 5006 BC1D  B804 DF6F D971 3060 37D9
  uid                   [ultimate] Pádraig Brady <P@draigBrady.com>
  uid                   [ultimate] Pádraig Brady <pixelbeat@gnu.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key P@draigBrady.com

  gpg --recv-keys DF6FD971306037D9

  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=coreutils&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify coreutils-9.9.tar.gz.sig

This release is based on the coreutils git repository, available as

  git clone https://https.git.savannah.gnu.org/git/coreutils.git

with commit 0ae5bdc7a8311efd3efe43363050710d6ea1c367 tagged as v9.9.

For a summary of changes and contributors, see:

  https://gitweb.git.savannah.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v9.9

or run this command from a git-cloned coreutils directory:

  git shortlog v9.8..v9.9

This release was bootstrapped with the following tools:
  Autoconf 2.72.97-cf8b9
  Automake 1.18.1
  Gnulib 2025-11-06 862a81c0e15448adde6a6e7473ec47e3a4bd91a6
  Bison 3.8.2

NEWS

* Noteworthy changes in release 9.9 (2025-11-10) [stable]

** Bug fixes

  `basenc --base58` would not operate correctly with input > 15561475 bytes.
  [bug introduced with --base58 in coreutils-9.8]

  'cksum --check' now supports base64 encoded input in untagged format:
    - for all length adjustable algorithms (blake2b, sha2, sha3),
    - if that base64 input starts with a tag like "SHA1" etc.
  Previously an error was given, about invalid input format.
  [bug introduced in coreutils-9.2]

  'cksum --check -a sha2' has better support for tagged format.  Previously
  an unneeded but explicit '-a sha2' did not match standard tags like SHA256.
  Also non standard SHA2 tags with a bad length resulted in undefined behavior.
  [bug introduced in coreutils-9.8]

  'cp' restores performance with transparently compressed files, which
  regressed due to the avoidance of copy offload, seen with OpenZFS at least.
  [bug introduced in coreutils-9.8]

  `env` on macOS, for now only when built with --disable-nls,
  will no longer always set a __CF_USER_TEXT_ENCODING environment variable.
  [bug introduced in coreutils-9.8]

  'nice' now limits the adjusted niceness value to its supported range on
  GNU/Hurd.
  [This bug was present in "the beginning".]

  'numfmt' no longer reads out-of-bounds memory with trailing blanks in input.
  [bug introduced with numfmt in coreutils-8.21]

  'numfmt' no longer outputs invalid characters with multi-byte blanks in input.
  [bug introduced in coreutils-9.5]

  'rm -d DIR' no longer fails on Ceph snapshot directories.
  Although these directories are nonempty, 'rmdir DIR' succeeds on them.
  [bug introduced in coreutils-8.16]

  'sort --compress-program' now diagnoses if it can't write more data to an
  exited compressor.  Previously sort could have exited silently in this case.
  [bug introduced in coreutils-6.8]

  'tail' outputs the correct number of lines again for non-small -n values.
  Previously it may have output too few lines.
  [bug introduced in coreutils-9.8]

  'unexpand' no longer triggers a heap buffer overflow with --tabs arguments
  that use the GNU extension /NUM or +NUM formats.
  [bug introduced in coreutils-8.28]

** Changes in behavior

  'cp' with default options may again, like with versions before v9.8,
  miss opportunities to create holes with file systems that support
  SEEK_HOLE only trivially.  This change is a consequence of the
  abovementioned copy offload fix.

  'sort --compress-program' will continue without compressing temporary files
  if the specified program cannot be executed.  Also malformed shell scripts
  without a "shebang line" will no longer be executed.

** New Features

  'numfmt' now accepts the --unit-separator=SEP option, to output or accept
  a separator between the number and unit.  For e.g. "1234 M".

** Improvements

  'fmt', 'date', 'nl', and 'pr' will now exit promptly upon receiving a write
  error, which is significant when reading large / unbounded inputs.

  install, sort, and split now use posix_spawn() to invoke child programs more
  efficiently and more independently from their own memory usage.

  'numfmt':
   - parses numbers with a non-breaking space character before a unit
   - parses numbers containing grouping characters from the current locale
   - supports a multi-byte --delimiter character
   - no longer processes input indefinitely in the presence of write errors

  wc -l now operates 10% faster on hosts that support AVX512 instructions.

** Build-related

  chcon and runcon are not built by default if selinux headers are not present,
  or if the --without-selinux configure option is specified.
  This can be overridden with the --with-selinux configure option.

  nproc no longer fails to build with Android API level <= 20.
  [build issue introduced in coreutils-9.8]

\x1B[38;5;105m and \x1B[38;5;141m are a great combo.

BOSTON, Massachusetts, USA (Thursday, November 6, 2025) — The Free Software Foundation (FSF) today announced the winning photo submissions in the FSF40 Photo Contest held in August.

We're on our way

It's been a month since we started the fundraising campaign to Sustain and Strengthen Guix. So far we've raised €6562 which is around 40% of our €15000 annual goal. If you'd like to support the project's fundraiser there's still time, pop over to the donate page now!

There have been a range of donations, both one-off and recurring. A few people have made large one-off donations, one of over €2150!There have been a couple between €500-€250 and a few more in the €100 range. These are big contributions to our goal, so I want to thank those individuals for helping out so generously.

Just over 100 people (115 right now) have stepped forward to become recurring supporters, pledging a monthly amount to help the project. This is key because it means the project knows there's a regular stream of donations that can pay for the shared resources that we all use. There's been great support with a few people donating €30-€50 a month which is fantastic, the rest at the €10-€15 a month - and one person managed to use the recurring button multiple times to get precisely the amount they wanted to donate monthly!

The result is that Open Collective estimates €657.50 a month of recurring donations, and Stripe estimates €720 a month of recurring donations. This is significant because if each person is able to continue giving monthly then annually we'd estimate around €16500 of donations. The maths is simple, the impact significant - a recurring donation of €10 a month is worth €120 a year, that's why recurring donations make such a difference!

Of course, people's situations change and they may stop supporting Guix - we've had a couple of cancellations already. So in terms of the actual money we've received we're at ~40% of the €15000 target which I think is pretty good!

Thanks to everyone who's supported Guix by donating, you're making a difference and we really appreciate it!

If you haven't done it yet, and would like to jump in to support the project then now's a great time! A recurring donation is ideal, but we appreciate any support you can give and every donation gets us a bit closer!

Spreading the word

Guix is a global community of people, we've had donations from so many places. Where ever you are, it's amazing to think of so many people enjoying, supporting and contributing to Guix.

As we're distributed all over the globe we don't have that many ways to keep people informed about the project. I'm sure there are many Guix users who don't know the project needs support. You can help spread the word that Guix is running a fundraiser by talking about it and using this badge. Put it on your social media, your web site or your Git forge account! Thanks to Luis Felipe for creating it.

What's next

The next few weeks will tell us how many people are able to donate to Guix and the annual budget the project has so that it's sustainable.Then we'll be able plan where we can sustain Guix and where we can do new things to strengthen the project.

My goal is for the next blog post is to provide an update on both our fundraising campaign and how we're using the donations that we've received.

1 November 2025 Unifont 17.0.03 is now available.
This is a minor release aligned with Unicode 17.0.0.

This release updates and adds over 100 Chinese ideographs.


Download this release from GNU server mirrors at:

     https://ftpmirror ... /unifont-17.0.03/

or if that fails,

     https://ftp.gnu.o ... /unifont-17.0.03/

or, as a last resort,

     ftp://ftp.gnu.org ... /unifont-17.0.03/

These files are also available on the unifoundry.com website:

     https://unifoundr ... /unifont-17.0.03/

Font files are in the subdirectory

     https://unifoundr ... 0.03/font-builds/

A more detailed description of font changes is available at

      https://unifoundr ... nifont/index.html

and of utility program changes at

      https://unifoundr ... nt-utilities.html


Enjoy!


Paul Hardy
GNU Unifont Maintainer

From Arch:

The dovecot 2.4 release branch has made breaking changes which result in it being incompatible with any <= 2.3 configuration file.

Thus, the dovecot service will no longer be able to start until the configuration file was migrated, requiring manual intervention.

For guidance on the 2.3-to-2.4 migration, please refer to the following upstream documentation: Upgrading Dovecot CE from 2.3 to 2.4

Furthermore, the dovecot 2.4 branch no longer supports their replication feature, it was removed. For users relying on the replication feature or who are unable to perform the 2.4 migration right now, we provide alternative packages available in [extra]:

• dovecot23
• pigeonhole23
• dovecot23-fts-elastic
• dovecot23-fts-xapian

The dovecot 2.3 release branch is going to receive critical security fixes from upstream until stated otherwise.

Hello and welcome to my October free software activities report.

GNU & FSF

• GNU Spotlight: I prepared and sent the October GNU Spotlight to the FSF campaigns team, who will review and publish it on the FSF’s community blog and as part of the next issue of the monthly Free Software Supporter newsletter.

• GNU Emacs:

  • bug#79629: I noticed that I was unable to customize the holiday-other-holidays variable using the setopt macro: my change did not seem to take effect. As Eli Zaretskii helpfully pointed out, this was because customizing holiday-other-holidays did not recompute the value of calendar-holidays, which is computed once, when the package is loaded.

    So I prepared and sent a patch 500a2d0cc55 to recompute calendar-holidays when its components are set.

  • bbabc1db258: While reading about custom-reevaluate-setting in the Startup Summary node of the GNU Emacs Lisp reference manual I noticed a small typo, so I committed a patch to fix it.

Misc

• The Free Software Foundation celebrated its fortieth birthday on 4 October 2025 online and in person in Boston! I was not able to attend the event in person, so I recorded a video for the FSF40 volunteer panel held at the venue.

• This month at work one of our Elasticsearch clusters experienced partial failure, and we needed to extract document IDs from a backup of one of the cluster’s shards. Elasticsearch uses Lucene under the hood and each shard is a standalone Lucene index, so I used Lucene’s Java API to write a little GetIDS class to query the index for all of its documents, and for each document print its _id field, decoding the binary-valued BytesRef as needed. The gotcha was that all of the BytesRefs seemed to have a -1 byte in the beginning, throwing off the recommended BytesRef.utf8ToString() method, so I had to reimplement that method’s logic in my program and have it use an adjusted offset + 1 and length - 1 instead.

That’s about it for this month’s report.

Take care, and so long for now.

GNU Parallel 20251022 ('Goodall') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  idk who built GNU parallel but I owe them a beer
    -- ram @h4x0r1ng

New in this release:

• No new features.
• Bug fixes.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
    12345678 c555f616 391c6f7c 28bf9380 44f4ec50
    $ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
    70727536 3428aa9e 9a136b9a 7296dfe4
    $ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
    83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
    b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
    $ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

• Give a demo at your local user group/team/colleagues
• Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
• Get the merchandise https://gnuparall ... igns/gnu-parallel
• Request or write a review for your favourite blog or magazine
• Request or build a package for your favourite distribution (if it is not already there)
• Invite me for your next conference

If you use programs that use GNU Parallel for research:

• Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

• (Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

The GNU C Library
=================

The GNU C Library version 2.42 is now available.

The GNU C Library is used as the C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C23 and POSIX.1-2024.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library website is at http://www.gnu. ... /software/libc/

Packages for the 2.42 release may be downloaded from:
        http://ftpmirr ... .gnu.org/libc/
        http://ftp.gn ... org/gnu/libc/

The mirror list is at http://www.gnu. ... /order/ftp.html

Distributions are encouraged to track the release/* branches
corresponding to the releases they are using.  The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.

NEWS for version 2.42
=====================

Major new features:

• The following ISO C23 function families (introduced in TS

  18661-4:2015) are now supported in <math.h>.  Each family includes
  functions for float, double, long double, _FloatN and _FloatNx, and a
  type-generic macro in <tgmath.h>.

  - Power and absolute-value functions: compoundn, pown, powr, rootn,
    rsqrt.

• On Linux, the pthread_gettid_np function has been added.

• The ISO C2Y family of unsigned abs functions, i.e. uabs, ulabs,

  ullabs, and uimaxabs, is now supported.

• On Linux, the <termios.h> interface now supports arbitrary baud rates;

  speed_t is redefined to simply be the baud rate specified as an
  unsigned int, which matches the kernel interface.

• The thread-local cache in malloc (tcache) now supports caching of

  large blocks.  This feature can be enabled by setting the tunable
  glibc.malloc.tcache_max to a larger value (max 4194304). Tcache is
  also significantly faster for small sizes.

• A new configure option, "--enable-sframe", can be used to enable

  SFrame support of the GNU C Libraries.  SFrame is a new stack trace
  information format which can be used by backtrace.  It requires
  binutils with a minimum version of 2.45.

• Support for lightweight stack guard pages via madvise and the

  MADV_GUARD_INSTALL flag has been added to pthread_create.

• Additional optimized and correctly rounded mathematical functions have

  been imported from the CORE-MATH project, in particular acospif,
  asinpif, atanpif, atan2pif, cospif, sinpif, tanpif.

• The testsuite has been significantly extended, including coverage of

  the functionality of the printf and scanf function families in many
  variants.

• The manual has been significantly extended and updated, particularly

  the threads, terminal, filesystem, resource, and math chapters.

• Code has been added to detect the x86-64 Intel Arrow Lake, Panther

  Lake, Clearwater Forest, and Diamond Rapids microarchitectures.

• Regarding S390, support for the new z17 platform has been added.

Deprecated and removed features, and other changes affecting compatibility:

• The glibc.rtld.execstack tunable now supports a compatibility mode to

  allow programs that require an executable stack through dynamically
  loaded shared libraries.

• On Linux, the <termio.h> header and the definition of struct termio

  in <sys/ioctl.h> have been removed. The termio interface has been
  obsolete since the very first version of POSIX.1 in 1988, replaced
  with <termios.h>.

• The support for TX lock elision of pthread mutexes has been deprecated

  on all architectures and will be removed in the next release.

• On AArch64 Linux targets supporting the Scalable Matrix Extension

  (SME), setjmp and sigsetjmp will disable the ZA state of SME.

Changes to build and runtime requirements:

• GCC 12.1 or later is now required to build the GNU C Library.

• GNU Binutils 2.39 or later is now required to build the GNU C Library.

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

  GLIBC-SA-2025-0001:
    assert: Buffer overflow when printing assertion failure message
    (CVE-2025-0395)

  GLIBC-SA-2025-0003:
    power10: strcmp fails to save and restore nonvolatile vector
    registers (CVE-2025-5702)

  GLIBC-SA-2025-0004:
    power10: strncmp fails to save and restore nonvolatile vector
    registers (CVE-2025-5745)

  GLIBC-SA-2025-0005:
    posix: Fix double-free after allocation failure in regcomp
    (CVE-2025-8058)

The following bugs were resolved with this release:

  [5994] stdio: fflush after ungetc on seekable input stream
  [12724] stdio: fclose violates POSIX 2008 on seekable input streams
  [25263] dynamic-link: ldd and ld.so fail to resolve $ORIGIN with cross
    dir symlink
  [27880] nptl: Please provide a pthread pid accessor
  [29190] dynamic-link: Symbols with version hash zero lead to crashes,
    not matched correctly
  [29459] stdio: fwrite does not return EPIPE when underlying write
    fails with EPIPE.
  [31791] nss: [Regression] nss: memory for >8 elements in nsswitch.conf
    is not freed
  [32058] libc: qsort leaks memory if C++ exception is thrown from
    comparison function
  [32269] dynamic-link: RISC-V IFUNC resolver cannot access gp pointer
  [32369] stdio: fflush(NULL) doesn't properly flush files opened in
    read mode
  [32411] math: THREEp96 seems wrong
  [32412] dynamic-link: Initial DTV is reallocated using main realloc in
    auditing mode
  [32483] locale: ctype.h macros segfault in multithreaded programs with
    multiple libc.so
  [32529] stdio: fseek failure on file opened with "rm" mode after
    ungetc
  [32535] stdio: fflush failure on file opened with "rm" mode after
    ungetc
  [32541] libc: getenv cannot be overridden in static builds
  [32574] libc: pthread_attr_getstacksize/pthread_attr_getstack return
    incorrect main stack size
  [32612] dynamic-link: [aarch64 PAC] _dl_tlsdesc_dynamic can't be
    unwound through with _Unwind_Backtrace
  [32626] math: math: log10p1f is not correctly rounded
  [32627] math: math: sinhf is not correctly rounded
  [32630] math: math: tanf is not correctly rounded for all rounding
    modes
  [32653] dynamic-link: Review options for improving both security and
    backwards compatibility of glibc 2.41 dlopen / execstack handling
  [32694] math: wrong clang version 3.4 prereq checks in bits/floatn.h
    for __float128 support, should be 3.9
  [32708] libc: Inclusion of sys/mount.h triggers many gcc warnings
    using -Wshift-overflow=2 -Wsystem-headers
  [32711] math: math: remainder incorrect sign of zero result
  [32717] libc: glibc tests fail when bfd is built with --enable-error-
    execstack=yes
  [32723] math: [2.41 Regression] /usr/include/bits/floatn.h doesn't
    work with Intel SYCL compiler
  [32763] dynamic-link: Static PIE with more than one PT_LOAD segments
    at offset 0 segfault
  [32777] crypt: The performance of the rand() function degradation
  [32781] libc: Inccorect attribute access for sched_getattr
  [32782] nptl: Race conditions in pthread cancellation causing crash
  [32786] nptl: pthread_cond_* symbols should probably have had a
    version bump in 2.41
  [32795] nptl: aio_suspend_time64 confuses CLOCK_MONOTONIC and
    CLOCK_REALTIME
  [32810] dynamic-link: Immediate crash on x86-64 when running with
    GLIBC_TUNABLES=glibc.cpu.hwcaps=-XSAVEC
  [32823] libc: make[2]: * [../Rules:248:
    /home/dave/gnu/glibc/objdir/elf/tst-origin] Error 1
  [32897] dynamic-link: pthread_getattr_np fails when executable stack
    tunable is set
  [32918] math: math: atanhf triggers UB
  [32919] math: math: coshf triggers UB
  [32920] math: math: logf triggers UB
  [32921] math: math: sinhf triggers UB
  [32922] math: math: cbrtf triggers UB
  [32923] math: math: cospif triggers UB
  [32924] math: math: erfcf triggers UB
  [32925] math: math: sinpif triggers UB
  [32932] libc: riscv: __riscv_hwprobe function attributes are incorrect
  [32947] libc: stdlib: wrong iovec array size on __libc_message_impl
  [32980] manual: getopt_long_only does not check long options first, as
    the manual claims
  [32981] ports: elf/tst-execstack-prog-static-tunable fails on
    sparc64-linux-gnu
  [32987] libc: New tst-dlopen-sgid test FAILs
  [32996] malloc: i386 TLS helper functions don't preserve XMM registers
  [33035] libc: [2.27 regression] Linux: __close_nocancel_nostatus
    clobbers errno
  [33056] string: Power 10 strcmp clobbers nonvolatile vector registers
    (CVE-2025-5702)
  [33059] string: Power 10 memchr clobbers v20
  [33060] string: Power 10 strncmp clobbers nonvolatile vector registers
    (CVE-2025-5745)
  [33088] dynamic-link: __ehdr_start may need run-time relocation
  [33089] build: [2.42 Regression] GCC 14.2.1 failed to build glibc
  [33134] libc: mcount_internal shouldn't use vector/r16-r31 registers
    nor call memcpy/memset
  [33139] stdio: %n after static dlopen is unreliable if file
    descriptors are exhausted
  [33165] build: [2.42 Regression] FAIL: elf/check-localplt
  [33173] math: Wrong IFUNC selector is used for modf/modff
  [33185] regex: Double-free after memory allocation failure in regcomp
    bracket expression parsing (CVE-2025-8058)
  [33224] dynamic-link: _dl_debug_state hook no longer works (since
    8329939a37f483a16013dd8af8303cbcb86d92cb)

Release Notes
=============

https://sourcewar ... wiki/Release/2.42

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Aaron Merey
Adhemerval Zanella
Andreas K. Hüttel
Andreas Schwab
Andrew Pinski
Arjun Shankar
Aurelien Jarno
Ben Kallus
Carlos O'Donell
Claudiu Zissulescu
Colin Ian King
Collin Funk
Cupertino Miranda
Cœur
DJ Delorie
David Lau
Dylan Fleming
Flavio Cruz
Florian Weimer
Frédéric Bérat
H. Peter Anvin
H.J. Lu
Jakub Jelinek
Jeremy Harris
Jitka Obselkova
John David Anglin
Jonathan Wakely
Joseph Myers
Julian Zhu
Lenard Mollenkopf
Luca Dariz
Luna Lamb
Maciej W. Rozycki
Mark Harris
Mark Wielaard
Martin Coufal
Matteo Croce
Michael Jeanson
Paul Zimmermann
Petr Malat
Pierre Blanchard
Radko Krkos
Ravina Jain
Ronan Pigott
Sachin Monga
Sam James
Samuel Thibault
Samuel Zeter
Sergei Zimmerman
Sergey Bugaev
Sergey Kolosov
Siddhesh Poyarekar
Stefan Liebler
Sunil K Pandey
Tobias Stoeckmann
Tomas Volf
Tulio Magno Quites Machado Filho
Wilco Dijkstra
William Hunt
Xi Ruoyao
YLK
Yangyu Chen
Yat Long Poon
Yury Khrustalev
Zhaoming Luo
gfleury
koraynilay
panzhe0328
zhenwei pi
наб

We would like to call out the following and thank them for their
tireless patch review:

Adhemerval Zanella
Andreas K. Hüttel
Andreas Schwab
Arjun Shankar
Carlos O'Donell
Collin Funk
Cupertino Miranda
DJ Delorie
Florian Weimer
Frédéric Bérat
Geoffrey Thomas
guoce
H.J. Lu
Joseph Myers
Maciej W. Rozycki
Mark Harris
Matthieu Longo
Palmer Dabbelt
Paul Eggert
Peter Bergner
Sachin Monga
Sam James
Samuel Thibault
Stefan Liebler
Sunil K Pandey
Tulio Magno Quites Machado Filho
Wilco Dijkstra
Yury Khrustalev