Heya folks! It's sync day, and that means it's time for the weekly Solus roundup!
We've updated our glibc package this week. This update resolves some security issues with glibc. At the same time, we decided that now would be a good time to bump the kernel baseline version to 6.1, up from 5.15. This means that the minimum kernel version that can be used on Solus is 6.1. Since our LTS kernel is on 6.12, this would only affect anyone building and using their own kernel.
As of this sync, Solus now uses wheel as the default privileged group for users. Since Solus 2, sudo has been the privileged group. This has caused issues over the years because the sudo group is really only used by Debian, and most software expects wheel, meaning we've had to patch several packages to get them to work. Making this transition is something that has been on our to-do list since 2022. One known issue this resolves is the issue with Flatpak history not working, and journalctl can now be run without using sudo. Existing admin users will not be removed from the sudo group until we are confident that we have found all of the packages using it.
Note: Admins are still part of the sudo group to allow for administrators to update their configurations files. For example, if you have overridden the default /usr/share/defaults/etc/sudo/sudoers config by copying it to /etc/sudo/sudoers, please re-copy the vendor provided config then reapply your changes!
Important: The sudo command will not work until the system is rebooted! Admin users will only be added to the wheel group on the next boot.
The ROCm stack has been upgraded to version 7.0.2. This bring performance improvements across the board, with better support for RDNA3 and RDNA4 GPUs.
A new package has appeared in the Solus repository this week. Jujutsu is a Git-compatible VCS with a much more lightweight and flexible mental model, being simple, powerful, and expressive. It only takes a few minutes to get started. If you use Git, definitely check this out!
A couple of packages have been deprecated this week. Kotlin has been removed since the package no longer builds, and attempts to update it failed. Only one package in the repository used Kotlin, and it has also been deprecated. Wraith Master also does not build, and also cannot be built using downloaded Kotlin runtimes.
Security updates
We have several security updates for you this week. As always, make sure to install all available updates for the latest vulnerability fixes.
- freerdp was updated to 3.20.2-45 (@EbonJaeger). Includes security fixes for CVE-2026-22854, CVE-2026-22857, CVE-2026-22852, CVE-2026-22851, CVE-2026-22856, CVE-2026-22858, CVE-2026-22855, CVE-2026-22853, CVE-2026-22859.
- glibc was updated to 2.42-137 (@EbonJaeger). Includes security fixes for CVE-2026-0861, CVE-2025-15281, CVE-2026-0915.
- taglib was updated to 2.1.1-10 (@Jaredy899). Includes security fixes for CVE-2023-47466.
- tlp was updated to 1.9.1-23 (@EbonJaeger). Includes security fixes for CVE-2025-67859.
General updates
The full list of updated packages can be found here.
For the list of currently known issues, see the dedicated thread for it. If you begin experiencing a bug, please look for an issue on our issue tracker, and open a new one if one does not exist.
That’s all for this week, folks! We'll be here same time, same place next week for another roundup of the news!
