Heya folks! It's sync day, and that means it's time for the weekly Solus roundup!
We are excited to bring you a brand-new version of eopkg this week. Version 5.0.0 overhauls how remote resources, like repository indices and package archives, are downloaded. We now use the requests module to handle HTTP connections, instead of manually rolling our own. This opened up several big improvements, including re-using the same HTTP session for multiple fetches, and concurrent downloads of files. All of this results in cleaner code for us, and a nicer experience for all of you.
Reworking how eopkg downloads files also meant we had to rework the UI. We now use rich to display the progress for file downloads, and added a global progress bar to show the total progress when multiple files are being fetched at the same time.
Another result of the rework is that we accurately report download progress with our PackageKit backend, meaning that the UI in GNOME Software and KDE Discover correctly show the progress of install and update operations.
Our kernel packages have been updated this week. The mainline kernel is now at version 7.0.14, and the LTS kernel is now at version 6.18.37.
KDE Plasma has been updated to 6.7.2. This is a bugfix release for the Plasma 6.7 series. Check out the changelog for more information.
The libboost libraries have been updated to 1.91.0, and has been split into subpackages. Individual runtime subpackages let people install only the shared libraries they link against, while the development files stay together, because libboost headers and build metadata are interconnected, and not cleanly separable per library. The changelog can be found here.
Security updates
We have a lot of security updates this week. As always, be sure to install all available updates for the latest vulnerability fixes.
- acl was updated to 2.4.0-23 (@clintre). Includes security fixes for CVE-2026-54369, CVE-2026-54370.
- attr was updated to 2.6.0-27 (@clintre). Includes security fixes for CVE-2026-54371.
- buildkit was updated to 0.31.1-11 (@Jaredy899). Includes security fixes for GHSA-7236-3392-c5c6, GHSA-72x6-4j93-7w86.
- calibre was updated to 9.10.0-236 (@Jaredy899). Includes security fixes for CVE-2026-53511.
- firefox was updated to 152.0.4-411 (@HarveyDevel, @HarveyDevel, @HarveyDevel). Includes security fixes for CVE-2026-14241.
- github-cli was updated to 2.96.0-97 (@EbonJaeger). Includes security fixes for GHSA-8cg3-r6g9-fpg2.
- imagemagick was updated to 7.1.2.26-221 (@EbonJaeger, @Jaredy899). Includes security fixes for CVE-2026-55595, CVE-2026-55594, CVE-2026-53467, CVE-2026-53466, CVE-2026-55577, CVE-2026-55597, CVE-2026-55510.
- libevent was updated to 2.1.13-15 (@EbonJaeger). Includes security fixes for GHSA-cvq5-vrvr-j338, GHSA-c2pj-cg4r-88c8, GHSA-2gmv-p5m7-98p6, GHSA-58rx-7448-jw47, GHSA-fj29-64w6-73h6, GHSA-jcwh-pvf2-73p2, GHSA-45c6-qx49-89m8, GHSA-5rgj-2c58-7jrc, GHSA-q39v-w2g7-gr8j.
- libheif was updated to 1.23.1-63 (@Jaredy899). Includes security fixes for CVE-2026-50142, GHSA-xpw3-9rhw-482x, GHSA-jc8f-p23p-5hjg, GHSA-46rp-pcq2-rpmr, GHSA-9ww4-9v47-m7pj, GHSA-73p7-m7gg-w2jv.
- libidn was updated to 1.44-13 (@Jaredy899). Includes security fixes for CVE-2026-57053.
- libseccomp was updated to 2.6.1-13 (@EbonJaeger). Includes security fixes for GHSA-4q85-33p6-j5g6, GHSA-46fr-jh49-xvhx, GHSA-2hqh-5c36-grrm.
- moby was updated to 29.6.1-34 (@Jaredy899). Includes security fixes for GHSA-mjcv-p78q-w5fw.
- mupdf was updated to 1.28.0-15 (@Jaredy899). Includes security fixes for CVE-2026-7233.
- openscad was updated to 20260621-25 (@Jaredy899). Includes security fixes for CVE-2022-0496, CVE-2020-28599, CVE-2022-0497.
- python-jupyter-server was updated to 2.20.0-11 (@Jaredy899). Includes security fixes for CVE-2026-44727.
- python-ujson was updated to 5.13.0-19 (@Jaredy899). Includes security fixes for CVE-2026-54911.
- socat was updated to 1.8.1.3-13 (@Jaredy899). Includes security fixes for CVE-2026-56123.
General updates
The full list of updated packages can be found here.
For the list of currently known issues, see the dedicated thread for it. If you begin experiencing a bug, please look for an issue on our issue tracker, and open a new one if one does not exist.
That’s all for this week, folks! We'll be here same time, same place next week for another roundup of the news!