This is to announce coreutils-9.9, a stable release.
This is primarily a stabilization release,
details of which are summarized in the NEWS below.

There have been 106 commits by 10 people in the 7 weeks since 9.8.
Thanks to everyone who has contributed!
The following people contributed changes to this release:

Bernhard Voelker (4) Mathieu Bordere (1)
Bruno Haible (4) Nicolas Boichat (1)
Collin Funk (28) Paul Eggert (9)
Grisha Levit (1) Pádraig Brady (57)
Hannes Braun (1) Sylvestre Ledru (1)

Pádraig [on behalf of the coreutils maintainers]
==================================================================

Here is the GNU coreutils home page:
https://gnu.org/s/coreutils/

Here are the compressed sources:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.gz (15MB)
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.xz (6.1MB)

Here are the GPG detached signatures:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.gz.sig
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

File: coreutils-9.9.tar.gz
SHA1 sum: c66ec935ab7e0ef32c40153fcf67dcf67579171a
SHA256 sum: 91a719fcf923de686016f2c8d084a8be1f793f34173861273c4668f7c65af94a

File: coreutils-9.9.tar.xz
SHA1 sum: 456b5c69f3ce8fbdbe926a11652673ecf12bfc44
SHA256 sum: 19bcb6ca867183c57d77155eae946c5eced88183143b45ca51ad7d26c628ca75

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify coreutils-9.9.tar.gz.sig

The signature should match the fingerprint of the following key:

pub rsa4096/0xDF6FD971306037D9 2011年09月23日 [SC]
Key fingerprint = 6C37 DC12 121A 5006 BC1D B804 DF6F D971 3060 37D9
uid [ultimate] Pádraig Brady <P@draigBrady.com>
uid [ultimate] Pádraig Brady <pixelbeat@gnu.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key P@draigBrady.com

gpg --recv-keys DF6FD971306037D9

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=coreutils&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify coreutils-9.9.tar.gz.sig

This release is based on the coreutils git repository, available as

git clone https://https.git.savannah.gnu.org/git/coreutils.git

with commit 0ae5bdc7a8311efd3efe43363050710d6ea1c367 tagged as v9.9.

For a summary of changes and contributors, see:

https://gitweb.git.savannah.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v9.9

or run this command from a git-cloned coreutils directory:

git shortlog v9.8..v9.9

This release was bootstrapped with the following tools:
Autoconf 2.72.97-cf8b9
Automake 1.18.1
Gnulib 2025年11月06日 862a81c0e15448adde6a6e7473ec47e3a4bd91a6
Bison 3.8.2

NEWS

* Noteworthy changes in release 9.9 (2025年11月10日) [stable]

** Bug fixes

`basenc --base58` would not operate correctly with input > 15561475 bytes.
[bug introduced with --base58 in coreutils-9.8]

'cksum --check' now supports base64 encoded input in untagged format:
- for all length adjustable algorithms (blake2b, sha2, sha3),
- if that base64 input starts with a tag like "SHA1" etc.
Previously an error was given, about invalid input format.
[bug introduced in coreutils-9.2]

'cksum --check -a sha2' has better support for tagged format. Previously
an unneeded but explicit '-a sha2' did not match standard tags like SHA256.
Also non standard SHA2 tags with a bad length resulted in undefined behavior.
[bug introduced in coreutils-9.8]

'cp' restores performance with transparently compressed files, which
regressed due to the avoidance of copy offload, seen with OpenZFS at least.
[bug introduced in coreutils-9.8]

`env` on macOS, for now only when built with --disable-nls,
will no longer always set a __CF_USER_TEXT_ENCODING environment variable.
[bug introduced in coreutils-9.8]

'nice' now limits the adjusted niceness value to its supported range on
GNU/Hurd.
[This bug was present in "the beginning".]

'numfmt' no longer reads out-of-bounds memory with trailing blanks in input.
[bug introduced with numfmt in coreutils-8.21]

'numfmt' no longer outputs invalid characters with multi-byte blanks in input.
[bug introduced in coreutils-9.5]

'rm -d DIR' no longer fails on Ceph snapshot directories.
Although these directories are nonempty, 'rmdir DIR' succeeds on them.
[bug introduced in coreutils-8.16]

'sort --compress-program' now diagnoses if it can't write more data to an
exited compressor. Previously sort could have exited silently in this case.
[bug introduced in coreutils-6.8]

'tail' outputs the correct number of lines again for non-small -n values.
Previously it may have output too few lines.
[bug introduced in coreutils-9.8]

'unexpand' no longer triggers a heap buffer overflow with --tabs arguments
that use the GNU extension /NUM or +NUM formats.
[bug introduced in coreutils-8.28]

** Changes in behavior

'cp' with default options may again, like with versions before v9.8,
miss opportunities to create holes with file systems that support
SEEK_HOLE only trivially. This change is a consequence of the
abovementioned copy offload fix.

'sort --compress-program' will continue without compressing temporary files
if the specified program cannot be executed. Also malformed shell scripts
without a "shebang line" will no longer be executed.

** New Features

'numfmt' now accepts the --unit-separator=SEP option, to output or accept
a separator between the number and unit. For e.g. "1234 M".

** Improvements

'fmt', 'date', 'nl', and 'pr' will now exit promptly upon receiving a write
error, which is significant when reading large / unbounded inputs.

install, sort, and split now use posix_spawn() to invoke child programs more
efficiently and more independently from their own memory usage.

'numfmt':
- parses numbers with a non-breaking space character before a unit
- parses numbers containing grouping characters from the current locale
- supports a multi-byte --delimiter character
- no longer processes input indefinitely in the presence of write errors

wc -l now operates 10% faster on hosts that support AVX512 instructions.

** Build-related

chcon and runcon are not built by default if selinux headers are not present,
or if the --without-selinux configure option is specified.
This can be overridden with the --with-selinux configure option.

nproc no longer fails to build with Android API level <= 20.
[build issue introduced in coreutils-9.8]

\x1B[38;5;105m and \x1B[38;5;141m are a great combo.

1 November 2025 Unifont 17.0.03 is now available.
This is a minor release aligned with Unicode 17.0.0.

This release updates and adds over 100 Chinese ideographs.


Download this release from GNU server mirrors at:

https://ftpmirror ... /unifont-17.0.03/

or if that fails,

https://ftp.gnu.o ... /unifont-17.0.03/

or, as a last resort,

ftp://ftp.gnu.org ... /unifont-17.0.03/

These files are also available on the unifoundry.com website:

https://unifoundr ... /unifont-17.0.03/

Font files are in the subdirectory

https://unifoundr ... 0.03/font-builds/

A more detailed description of font changes is available at

https://unifoundr ... nifont/index.html

and of utility program changes at

https://unifoundr ... nt-utilities.html


Enjoy!


Paul Hardy
GNU Unifont Maintainer

From Arch:

The dovecot 2.4 release branch has made breaking changes which result in it being incompatible with any <= 2.3 configuration file.

Thus, the dovecot service will no longer be able to start until the configuration file was migrated, requiring manual intervention.

For guidance on the 2.3-to-2.4 migration, please refer to the following upstream documentation: Upgrading Dovecot CE from 2.3 to 2.4

Furthermore, the dovecot 2.4 branch no longer supports their replication feature, it was removed. For users relying on the replication feature or who are unable to perform the 2.4 migration right now, we provide alternative packages available in [extra]:

• dovecot23
• pigeonhole23
• dovecot23-fts-elastic
• dovecot23-fts-xapian

The dovecot 2.3 release branch is going to receive critical security fixes from upstream until stated otherwise.

Hello and welcome to my October free software activities report.

GNU & FSF

• GNU Spotlight: I prepared and sent the October GNU Spotlight to the FSF campaigns team, who will review and publish it on the FSF’s community blog and as part of the next issue of the monthly Free Software Supporter newsletter.

• GNU Emacs:

  • bug#79629: I noticed that I was unable to customize the holiday-other-holidays variable using the setopt macro: my change did not seem to take effect. As Eli Zaretskii helpfully pointed out, this was because customizing holiday-other-holidays did not recompute the value of calendar-holidays, which is computed once, when the package is loaded.

    So I prepared and sent a patch 500a2d0cc55 to recompute calendar-holidays when its components are set.

  • bbabc1db258: While reading about custom-reevaluate-setting in the Startup Summary node of the GNU Emacs Lisp reference manual I noticed a small typo, so I committed a patch to fix it.

Misc

• The Free Software Foundation celebrated its fortieth birthday on 4 October 2025 online and in person in Boston! I was not able to attend the event in person, so I recorded a video for the FSF40 volunteer panel held at the venue.

• This month at work one of our Elasticsearch clusters experienced partial failure, and we needed to extract document IDs from a backup of one of the cluster’s shards. Elasticsearch uses Lucene under the hood and each shard is a standalone Lucene index, so I used Lucene’s Java API to write a little GetIDS class to query the index for all of its documents, and for each document print its _id field, decoding the binary-valued BytesRef as needed. The gotcha was that all of the BytesRefs seemed to have a -1 byte in the beginning, throwing off the recommended BytesRef.utf8ToString() method, so I had to reimplement that method’s logic in my program and have it use an adjusted offset + 1 and length - 1 instead.

That’s about it for this month’s report.

Take care, and so long for now.

GNU Parallel 20251022 ('Goodall') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

idk who built GNU parallel but I owe them a beer
-- ram @h4x0r1ng

New in this release:

• No new features.
• Bug fixes.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

find . -name '*.jpg' |
parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

$ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
fetch -o - http://pi.dk/3 ) > install.sh
$ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
12345678 c555f616 391c6f7c 28bf9380 44f4ec50
$ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
70727536 3428aa9e 9a136b9a 7296dfe4
$ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
$ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

• Give a demo at your local user group/team/colleagues
• Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
• Get the merchandise https://gnuparall ... igns/gnu-parallel
• Request or write a review for your favourite blog or magazine
• Request or build a package for your favourite distribution (if it is not already there)
• Invite me for your next conference

If you use programs that use GNU Parallel for research:

• Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

• (Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

The GNU C Library
=================

The GNU C Library version 2.42 is now available.

The GNU C Library is used as the C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C23 and POSIX.1-2024. It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library website is at http://www.gnu. ... /software/libc/

Packages for the 2.42 release may be downloaded from:
http://ftpmirr ... .gnu.org/libc/
http://ftp.gn ... org/gnu/libc/

The mirror list is at http://www.gnu. ... /order/ftp.html

Distributions are encouraged to track the release/* branches
corresponding to the releases they are using. The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.

NEWS for version 2.42
=====================

Major new features:

• The following ISO C23 function families (introduced in TS

18661-4:2015) are now supported in <math.h>. Each family includes
functions for float, double, long double, _FloatN and _FloatNx, and a
type-generic macro in <tgmath.h>.

- Power and absolute-value functions: compoundn, pown, powr, rootn,
rsqrt.

• On Linux, the pthread_gettid_np function has been added.

• The ISO C2Y family of unsigned abs functions, i.e. uabs, ulabs,

ullabs, and uimaxabs, is now supported.

• On Linux, the <termios.h> interface now supports arbitrary baud rates;

speed_t is redefined to simply be the baud rate specified as an
unsigned int, which matches the kernel interface.

• The thread-local cache in malloc (tcache) now supports caching of

large blocks. This feature can be enabled by setting the tunable
glibc.malloc.tcache_max to a larger value (max 4194304). Tcache is
also significantly faster for small sizes.

• A new configure option, "--enable-sframe", can be used to enable

SFrame support of the GNU C Libraries. SFrame is a new stack trace
information format which can be used by backtrace. It requires
binutils with a minimum version of 2.45.

• Support for lightweight stack guard pages via madvise and the

MADV_GUARD_INSTALL flag has been added to pthread_create.

• Additional optimized and correctly rounded mathematical functions have

been imported from the CORE-MATH project, in particular acospif,
asinpif, atanpif, atan2pif, cospif, sinpif, tanpif.

• The testsuite has been significantly extended, including coverage of

the functionality of the printf and scanf function families in many
variants.

• The manual has been significantly extended and updated, particularly

the threads, terminal, filesystem, resource, and math chapters.

• Code has been added to detect the x86-64 Intel Arrow Lake, Panther

Lake, Clearwater Forest, and Diamond Rapids microarchitectures.

• Regarding S390, support for the new z17 platform has been added.

Deprecated and removed features, and other changes affecting compatibility:

• The glibc.rtld.execstack tunable now supports a compatibility mode to

allow programs that require an executable stack through dynamically
loaded shared libraries.

• On Linux, the <termio.h> header and the definition of struct termio

in <sys/ioctl.h> have been removed. The termio interface has been
obsolete since the very first version of POSIX.1 in 1988, replaced
with <termios.h>.

• The support for TX lock elision of pthread mutexes has been deprecated

on all architectures and will be removed in the next release.

• On AArch64 Linux targets supporting the Scalable Matrix Extension

(SME), setjmp and sigsetjmp will disable the ZA state of SME.

Changes to build and runtime requirements:

• GCC 12.1 or later is now required to build the GNU C Library.

• GNU Binutils 2.39 or later is now required to build the GNU C Library.

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

GLIBC-SA-2025-0001:
assert: Buffer overflow when printing assertion failure message
(CVE-2025-0395)

GLIBC-SA-2025-0003:
power10: strcmp fails to save and restore nonvolatile vector
registers (CVE-2025-5702)

GLIBC-SA-2025-0004:
power10: strncmp fails to save and restore nonvolatile vector
registers (CVE-2025-5745)

GLIBC-SA-2025-0005:
posix: Fix double-free after allocation failure in regcomp
(CVE-2025-8058)

The following bugs were resolved with this release:

[5994] stdio: fflush after ungetc on seekable input stream
[12724] stdio: fclose violates POSIX 2008 on seekable input streams
[25263] dynamic-link: ldd and ld.so fail to resolve $ORIGIN with cross
dir symlink
[27880] nptl: Please provide a pthread pid accessor
[29190] dynamic-link: Symbols with version hash zero lead to crashes,
not matched correctly
[29459] stdio: fwrite does not return EPIPE when underlying write
fails with EPIPE.
[31791] nss: [Regression] nss: memory for >8 elements in nsswitch.conf
is not freed
[32058] libc: qsort leaks memory if C++ exception is thrown from
comparison function
[32269] dynamic-link: RISC-V IFUNC resolver cannot access gp pointer
[32369] stdio: fflush(NULL) doesn't properly flush files opened in
read mode
[32411] math: THREEp96 seems wrong
[32412] dynamic-link: Initial DTV is reallocated using main realloc in
auditing mode
[32483] locale: ctype.h macros segfault in multithreaded programs with
multiple libc.so
[32529] stdio: fseek failure on file opened with "rm" mode after
ungetc
[32535] stdio: fflush failure on file opened with "rm" mode after
ungetc
[32541] libc: getenv cannot be overridden in static builds
[32574] libc: pthread_attr_getstacksize/pthread_attr_getstack return
incorrect main stack size
[32612] dynamic-link: [aarch64 PAC] _dl_tlsdesc_dynamic can't be
unwound through with _Unwind_Backtrace
[32626] math: math: log10p1f is not correctly rounded
[32627] math: math: sinhf is not correctly rounded
[32630] math: math: tanf is not correctly rounded for all rounding
modes
[32653] dynamic-link: Review options for improving both security and
backwards compatibility of glibc 2.41 dlopen / execstack handling
[32694] math: wrong clang version 3.4 prereq checks in bits/floatn.h
for __float128 support, should be 3.9
[32708] libc: Inclusion of sys/mount.h triggers many gcc warnings
using -Wshift-overflow=2 -Wsystem-headers
[32711] math: math: remainder incorrect sign of zero result
[32717] libc: glibc tests fail when bfd is built with --enable-error-
execstack=yes
[32723] math: [2.41 Regression] /usr/include/bits/floatn.h doesn't
work with Intel SYCL compiler
[32763] dynamic-link: Static PIE with more than one PT_LOAD segments
at offset 0 segfault
[32777] crypt: The performance of the rand() function degradation
[32781] libc: Inccorect attribute access for sched_getattr
[32782] nptl: Race conditions in pthread cancellation causing crash
[32786] nptl: pthread_cond_* symbols should probably have had a
version bump in 2.41
[32795] nptl: aio_suspend_time64 confuses CLOCK_MONOTONIC and
CLOCK_REALTIME
[32810] dynamic-link: Immediate crash on x86-64 when running with
GLIBC_TUNABLES=glibc.cpu.hwcaps=-XSAVEC
[32823] libc: make[2]: * [../Rules:248:
/home/dave/gnu/glibc/objdir/elf/tst-origin] Error 1
[32897] dynamic-link: pthread_getattr_np fails when executable stack
tunable is set
[32918] math: math: atanhf triggers UB
[32919] math: math: coshf triggers UB
[32920] math: math: logf triggers UB
[32921] math: math: sinhf triggers UB
[32922] math: math: cbrtf triggers UB
[32923] math: math: cospif triggers UB
[32924] math: math: erfcf triggers UB
[32925] math: math: sinpif triggers UB
[32932] libc: riscv: __riscv_hwprobe function attributes are incorrect
[32947] libc: stdlib: wrong iovec array size on __libc_message_impl
[32980] manual: getopt_long_only does not check long options first, as
the manual claims
[32981] ports: elf/tst-execstack-prog-static-tunable fails on
sparc64-linux-gnu
[32987] libc: New tst-dlopen-sgid test FAILs
[32996] malloc: i386 TLS helper functions don't preserve XMM registers
[33035] libc: [2.27 regression] Linux: __close_nocancel_nostatus
clobbers errno
[33056] string: Power 10 strcmp clobbers nonvolatile vector registers
(CVE-2025-5702)
[33059] string: Power 10 memchr clobbers v20
[33060] string: Power 10 strncmp clobbers nonvolatile vector registers
(CVE-2025-5745)
[33088] dynamic-link: __ehdr_start may need run-time relocation
[33089] build: [2.42 Regression] GCC 14.2.1 failed to build glibc
[33134] libc: mcount_internal shouldn't use vector/r16-r31 registers
nor call memcpy/memset
[33139] stdio: %n after static dlopen is unreliable if file
descriptors are exhausted
[33165] build: [2.42 Regression] FAIL: elf/check-localplt
[33173] math: Wrong IFUNC selector is used for modf/modff
[33185] regex: Double-free after memory allocation failure in regcomp
bracket expression parsing (CVE-2025-8058)
[33224] dynamic-link: _dl_debug_state hook no longer works (since
8329939a37f483a16013dd8af8303cbcb86d92cb)

Release Notes
=============

https://sourcewar ... wiki/Release/2.42

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:

Aaron Merey
Adhemerval Zanella
Andreas K. Hüttel
Andreas Schwab
Andrew Pinski
Arjun Shankar
Aurelien Jarno
Ben Kallus
Carlos O'Donell
Claudiu Zissulescu
Colin Ian King
Collin Funk
Cupertino Miranda
Cœur
DJ Delorie
David Lau
Dylan Fleming
Flavio Cruz
Florian Weimer
Frédéric Bérat
H. Peter Anvin
H.J. Lu
Jakub Jelinek
Jeremy Harris
Jitka Obselkova
John David Anglin
Jonathan Wakely
Joseph Myers
Julian Zhu
Lenard Mollenkopf
Luca Dariz
Luna Lamb
Maciej W. Rozycki
Mark Harris
Mark Wielaard
Martin Coufal
Matteo Croce
Michael Jeanson
Paul Zimmermann
Petr Malat
Pierre Blanchard
Radko Krkos
Ravina Jain
Ronan Pigott
Sachin Monga
Sam James
Samuel Thibault
Samuel Zeter
Sergei Zimmerman
Sergey Bugaev
Sergey Kolosov
Siddhesh Poyarekar
Stefan Liebler
Sunil K Pandey
Tobias Stoeckmann
Tomas Volf
Tulio Magno Quites Machado Filho
Wilco Dijkstra
William Hunt
Xi Ruoyao
YLK
Yangyu Chen
Yat Long Poon
Yury Khrustalev
Zhaoming Luo
gfleury
koraynilay
panzhe0328
zhenwei pi
наб

We would like to call out the following and thank them for their
tireless patch review:

Adhemerval Zanella
Andreas K. Hüttel
Andreas Schwab
Arjun Shankar
Carlos O'Donell
Collin Funk
Cupertino Miranda
DJ Delorie
Florian Weimer
Frédéric Bérat
Geoffrey Thomas
guoce
H.J. Lu
Joseph Myers
Maciej W. Rozycki
Mark Harris
Matthieu Longo
Palmer Dabbelt
Paul Eggert
Peter Bergner
Sachin Monga
Sam James
Samuel Thibault
Stefan Liebler
Sunil K Pandey
Tulio Magno Quites Machado Filho
Wilco Dijkstra
Yury Khrustalev

Dear community

I am happy to announce the release of the GNU Health Hospital Information System 5.0 series image for Raspberry Pi OS (version 6.0).

This image is the latest of our "GNU Health in a Box" project, which provides a is a full Hospital and Laboratory Information System server in Single Board Computers (like the Raspi or Olimex LIME2).

The latest image provides a ready-to-run server with:

* Raspberry Pi OS Desktop
* Debian 13 "trixie"
* GNU Health server HIS 5.0 series server and client
* PostgreSQL 17 database server
* Python 3.13

For more information about the "GNU Health in a box" project, you can visit https://www.gnuhe ... org/embedded.html

For the download and installation instructions, go to our official documentation page:
https://docs.gnuh ... ion/embedded.html

Happy hacking!

18 October 2025 Unifont 17.0.02 is now available. This is a minor release aligned with Unicode 17.0.0.

- This release includes several glyph updates and many new Chinese ideographs; see the ChangeLog file for details.

- src/Makefile now uses CPPFLAGS and LDFLAGS definitions for C program compilation.

Download this release from GNU server mirrors at:

https://ftpmirror ... /unifont-17.0.02/

or if that fails,

https://ftp.gnu.o ... /unifont-17.0.02/

or, as a last resort,

ftp://ftp.gnu.org ... /unifont-17.0.02/

These files are also available on the unifoundry.com website:

https://unifoundr ... /unifont-17.0.02/

Font files are in the subdirectory

https://unifoundr ... 0.02/font-builds/

A more detailed description of font changes is available at

https://unifoundr ... nifont/index.html

and of utility program changes at

https://unifoundr ... nt-utilities.html

Information about Hangul modifications is at

https://unifoundr ... hangul/index.html

and

http://unifoundry ... l-generation.html

Enjoy!


Paul Hardy
GNU Unifont Maintainer

Today I submitted the version 2 of the patch series for the Algol 68 GCC Front-End:

https://gcc.gnu.org/pipermail/gcc-patches/2025-October/697255.html

This is the deal:

 Jose E. Marchesi (47):
 a68: top-level misc files
 a68: build system
 a68: build system (regenerated files)
 a68: documentation
 a68: command-line options
 a68: DWARF language codes
 a68: darwin specific support
 a68: powerpc specific support
 a68: gcc/algol68 misc files
 a68: ga68 compiler driver
 a68: a681 compiler proper
 a68: unicode support routines
 a68: front-end diagnostics
 a68: parser: entry point
 a68: parser: AST nodes attributes/types
 a68: parser: scanner
 a68: parser: keyword tables management
 a68: parser: top-down parser
 a68: parser: parenthesis checker
 a68: parser: bottom-up parser
 a68: parser: syntax check for declarers
 a68: parser: standard prelude definitions
 a68: parser: parsing of modes
 a68: parser: symbol table management
 a68: parser: static scope checker
 a68: parser: debug facilities
 a68: parser: extraction of tags from phrases
 a68: parser: dynamic stack usage in serial clauses
 a68: low: lowering entry point and misc handlers
 a68: low: plain values
 a68: low: stowed values
 a68: low: standard prelude
 a68: low: clauses and declarations
 a68: low: runtime
 a68: low: builtins
 a68: low: ranges
 a68: low: units and coercions
 a68: low: modes
 a68: libga68: sources, spec and misc files
 a68: libga68: build system
 a68: libga68: build system (generated files)
 a68: testsuite: infrastructure
 a68: testsuite: execution tests 1/2
 a68: testsuite: execution tests 2/2
 a68: testsuite: compilation tests
 a68: testsuite: revised MC Algol 68 test set
 a68: testsuite: mcgt tests
 

Celebrate 40 years of FSF!

The Free Software Foundation celebrated its fortieth birthday today online and in person in Boston. Forty years of commitment to software freedom and fighting for the freedoms of all computer users.

As part of the FSF40 celebration, the FSF held a roundtable panel with FSF volunteers both in-person and online. I was not able to attend the event in person, so I prepared a video recording for the volunteer roundtable that was played at the venue. In the video I talk about my free software journey and how I first got involved, some of the issues facing the world of free software today, and how you can get involved and contribute to free software projects and help the free software movement.

Happy 40th birthday, FSF, and here’s to 40+ more years of software freedom. Happy hacking!

The video recording is Copyright © 2025 Amin Bandali, and is licensed under CC BY-SA 4.0.

Guix Fundraising for 2025Today we're launching a fundraising campaign to sustain and strengthen GNU Guix. Guix is completely independent from any company or institution, we rely on the support of our community to fund the project. If you can, please help sustain Guix by making a donation.

Why we need your support

Like many Free Software projects we need financial support because running a project is expensive. We incur costs for development infrastructure, facilitating developer collaboration and supporting the community around the project.

As a package manager and GNU/Linux distribution Guix has some unique needs. As the distribution grows and becomes more popular our costs also grow. Each package that's added to the distribution increases the number of builds. And, as more people use Guix the cost of delivering those packages also grows.

Sustain Guix

To be sustainable we need to match our expenses with our incoming donations. This gives the project certainty that there won't be a sudden funding shortfall.

Currently, shortfalls happen. Even recently individual volunteers have had to step in and fund services from their own pockets. That's risky and unsustainable, so we're aiming for stable financial foundations.

To achieve that goal we need 15,000ドル (roughly 17,500ドル) of donations a year. This would pay for the current infrastructure and project expenses.

To be sustainable recurring donations are critical because they provide a regular stream of income that can pay for the ongoing shared resources that we all use. For example, to have a better build farm we'd need more hosting and bandwidth which is a recurring cost.

So is the goal achievable? Well, it's definitely a big goal. But, it's only 1,250ドル a month - so if 125 people contribute 10ドル a month that would get us to the target and make all the difference!

Strengthen Guix

We would love to do more, and if there's support from the community then we will. There's lots more we could do! If there's more funding then we'll be able strengthen Guix by expanding the infrastructure, investing more to support the project and promote Guix.

With more support we'd be able to do things like:

• Improve the overall resilience of our infrastructure so that services are more reliable.
• Do more to increase the substitute infrastructure's bandwith and distribution.
• Tell more people about Guix by attending events, organising user sprints and conferences.

Donate Now to Sustain Guix

Now's the time where we ask for your help. Please donate to sustain and strengthen Guix.

You can donate through either the FSF or the Guix Foundation using a variety of payment methods.

If you haven't heard of the Guix Foundation it's an EU-based non-profit that's dedicated to supporting the development and promotion of GNU Guix. It's a members-driven association, so by becoming a member you'll be supporting Guix and will have a voice in it's activities.

Every donations helps, Recurring donations are ideal, but we appreciate any support you can give. Every donation gets us a step closer to being sustainable.

Thank you for your support!

Summer has been winding down here in southern Ontario and beautiful fall colours have been slowly appearing around us, and with that, it’s time for my September free software activities report — albeit a very short one, as it turned out to be a busy month and I had few free software contributions.

GNU & FSF

• GNU Spotlight: I prepared and sent the September GNU Spotlight to the FSF campaigns team, who will review and publish it on the FSF’s community blog and as part of the next issue of the monthly Free Software Supporter newsletter.

Debian

• recutils: Last month, I adopted the recutils package in Debian, and uploaded version 1.9-4 to unstable to fix FTBFS bug #1066370. Today, I uploaded 1.9-4~bpo13+1 to trixie-backports to provide an easy way for users of Debian 13 (Trixie) to install recutils. The upload is currently in the backports NEW queue pending review by the backports team, and will appear in the archive if approved.

Misc

• I had a lovely chat with Prot earlier this month for his ‘Prot Asks’ series, where we talked about free software, free knowledge, the importance of community and the commons, and life in Canada.

That’s about it for this month’s report. I hope to have more to share next month.

Take care, and so long for now.

Download from https://ftp.gnu.o ... string-1.4.tar.gz

This is a stable release.

New in this release:

• The data tables and algorithms have been updated to Unicode version 17.0.0.
• Fixed a bug: The functions u*_grapheme_next and u*_grapheme_prev did not work right for strings with Indic characters, Emojis, or regional indicators.

GNU Parallel 20250922 ('Iryna Zarutska') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

GNU parallel is awesome. Use it more often in your scripts!
-- Wade @WadeGrimshire@twitter

New in this release:

• No new features.
• Bug fixes and man page updates.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

find . -name '*.jpg' |
parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

$ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
fetch -o - http://pi.dk/3 ) > install.sh
$ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
12345678 c555f616 391c6f7c 28bf9380 44f4ec50
$ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
70727536 3428aa9e 9a136b9a 7296dfe4
$ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
$ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

• Give a demo at your local user group/team/colleagues
• Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
• Get the merchandise https://gnuparall ... igns/gnu-parallel
• Request or write a review for your favourite blog or magazine
• Request or build a package for your favourite distribution (if it is not already there)
• Invite me for your next conference

If you use programs that use GNU Parallel for research:

• Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

• (Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:
hh
O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

I would like to thank Giuseppe Scrivano for maintaining GNU gcal up to now and I am pleased to take the wheel now.

I am happy to also announce the release of version 4.2.0 of gcal.

Besides making GNU gcal compilable with gcc15, this release is basically a bug fix release. It contains fixes for bugs reported on the bug-gcal mailing list and filed in the Debian BTS (Bug Tracking Sytem).

While becoming the GNU gcal maintainer on savannah went very well, it was not possible to give me upload rights for GNU ftp server. As I am not confident that I get access to the server in the near future, I am publishing the new version at:

https://www.alteh ... gcal-4.2.0.tar.gz
https://www.alteh ... gcal-4.2.0.tar.xz

and the GPG detached signatures using the key 79DED521FD7B916F726130A6250D40F0A6A2C5C8:

https://www.alteh ... -4.2.0.tar.gz.sig
https://www.alteh ... -4.2.0.tar.xz.sig


Major changes in release 4.2

• New entry added for Good Friday as Czech holiday.
• New entry added for Good Friday as Hungarian holiday.
• New entry added for Three Kings Day in Poland since 2011.
• Print note in case of starting-day different from monday and --iso-week-number is set to yes.
• No longer report Christmas day as the 26th in Idaho.
• No longer report Christmas day as the 26th in Ohio.

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.6.0, a alpha release.

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 68 commits by 19 people in the 43 weeks since 2.5.4.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Anthony Mallet (1)
Bruno Haible (2)
Christian Feld (1)
Collin Funk (1)
Elizabeth Figura (1)
Evgeny Grin (1)
Frédéric Bérat (1)
Gleb Popov (1)
Ileana Dumitrescu (47)
Julien ÉLIE (1)
Karl Berry (1)
Kirill Makurin (1)
Manoj Gupta (1)
Martin Storsjö (1)
Michael Haubenwallner (2)
Mintsuki (1)
Mitch (1)
Pierre Ossman (2)
Takashi Yano (1)

Ileana
[on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
https://gnu. ... g/s/libtool/

Here are the compressed sources:
https://alpha.gnu ... tool-2.6.0.tar.gz (2.1MB)
https://alpha.gnu ... tool-2.6.0.tar.xz (1.1MB)

Here are the GPG detached signatures:
https://alpha.gnu ... -2.6.0.tar.gz.sig
https://alpha.gnu ... -2.6.0.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.o ... rg/order/ftp.html

Here are the SHA1 and SHA256 checksums:

File: libtool-2.6.0.tar.gz
SHA1 sum: 681b41409762acb07232d7af7c289cc8a2f851c9
SHA256 sum: ac9d4b8e072aa20d030d5ae039aba3b52bd7967b09e0c21f91f3e3dc1bbb8755

File: libtool-2.6.0.tar.xz
SHA1 sum: dff32acab30a9262d19c3559092c2415b6a2b23e
SHA256 sum: 69e6d28ae880fda08e0dc080ef2e38077ea2765a0d84e1afcfcfe1e605c911ac

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify libtool-2.6.0.tar.gz.sig

The signature should match the fingerprint of the following key:

pub rsa4096 2021年09月23日 [SC]
FA26 CA78 4BE1 8892 7F22 B99F 6570 EA01 146F 7354
uid Ileana Dumitrescu <ileanadumi95@protonmail.com>
uid Ileana Dumitrescu <ileanadumitrescu95@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key ileanadumi95@protonmail.com

gpg --recv-keys 6570EA01146F7354

wget -q -O- 'https://savannah. ... ol&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.o ... u/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify libtool-2.6.0.tar.gz.sig

This release is based on the libtool git repository, available as

git clone https://git.savan ... g/git/libtool.git

with commit e40fdc22cf727fb885f9df7d9affa827e3253d1c tagged as v2.6.0.

For a summary of changes and contributors, see:

https://git.sv.gn ... shortlog;h=v2.6.0

or run this command from a git-cloned libtool directory:

git shortlog v2.5.4..v2.6.0

This release was bootstrapped with the following tools:
Autoconf 2.72e
Automake 1.18.1
Gnulib 2025年07月29日 f0773a994eb75ceeeb44e39145c842044357a1ad

NEWS

• Noteworthy changes in release 2.6.0 (2025年09月18日) [alpha]

** New features:

- Add a new tool, libtool-next-version, to guide users through updating
library versions.

- Add tagging for Objective-C and Objective-C++, OBJC and OBJCXX.

- Increase 5 digit limit on revision value for libraries to 19 digits,
which is referencing Unix epoch time in nanoseconds.

- Add configuration options to choose whether to use '-nostdlib' to let
the compiler frontend decide what standard libraries to link when
building C++ shared libraries and modules, --enable-cxx-stdlib and
--disable-cxx-stdlib.

- Allow statically linking GCC and Clang compiler support libraries
into shared libraries.

- Add linking clang_rt static archives compiler internal libraries by
their absolute path.

- Set 'mklink' as the symlinking tool for MSVC.

- Pass '--target' architecture flag for Clang.

- Support MSYS and MSYS2 file path conversions.

** Bug fixes:

- Fix wrongly deduplicated compiler dependencies on linux.

- Fix NetBSD postdeps for shared libraries.

- Fix statically linking dependencies into shared C++ libraries when
utilizing clang builtins or g++ options like, -static-libstdc++, by
using a new configuration option, --enable-cxx-stdlib.

- Ensure *-linux-mlibc host matches to mlibc userland rather than
matching to GNU/Linux and similar userlands.

- Fix hang with cmd.exe in MSYS.

- For MSVC, fix mishandling compiler flags, symlinking, cl.exe '.exp'
extension collision, symbol names, and numerous testsuite bugs.

- Fix undeclared reference to access on Windows in libltdl.

- Fix flang -Wl flags on FreeBSD.

- Fix reordering '--as-needed' flag.

- Fix libltdl early failures for multi-arch.

** Changes in supported systems or compilers:

- Support additional Intel OneAPI compilers, 'icx', 'icpx', and 'ifx'.

- Support ML64 (Microsoft Macro Assembler).


Enjoy!

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

August 2025

Google's Software is Malware

• Google has announced the inclusion of a "security" measure in Android "smartphones," which will require any software installed in certified Android devices to come from a developer who has gone through Google's new developer verification program.

The problem here is not that there's a system that provides trust on the origin of the software. A system like that might be useful, but the end user should still be able to select which organization provides that service, or maybe set up such an organization or renounce the service altogether.

Making this verification exclusive to Google makes us question which is the threat here. Is it a user installing malware inadvertently? Or is it the user installing software that makes Google lose money?

• Academic researchers have published an attack that led Google's supposed "intelligence" [*] to obey malicious commands to manipulate devices in the user's home.

Giving Google control of your devices, or control of your own computing that you do on their servers, inevitably makes you vulnerable to Google.

This announcement shows that the vulnerability includes third-party crackers [**] too.

The article says that the crack discoverers worked with Google to "mitigate" the danger. What, concretely, does "mitigate" mean here? Probably in this case it is a weasel word to suggest fixing a problem without claiming to have fixed it.

[*] Let's not call these systems "artificial intelligence." Intelligence is something they do not have.

[**] Please note that the article wrongly refers to crackers as "hackers."

July 2025

Malware in Mobile Devices

• Samsung disabled the option to unlock the bootloader in the new version of its proprietary Android distribution, making it impossible for users to install a third-party operating system on their mobile devices. This takes away people's right to run the system of their choice (which we hope is a free/libre system), and to extend the life of their device once Samsung stops supporting its software.

o Fix potential sensor reading miscalculation on systems where a char is defined as unsigned (such as ARM) vs signed (such as x86).
o Fix gcc15 compilation errors.

https://ftp.gnu.o ... pmi-1.6.16.tar.gz

Dear community

The GNU Health Hospital Information System 5.0.2 patchset has been released!

Patchset 5.0.2 is a small, "cosmetic" update to the main 5.0.1 bundle. It basically updates the version number on tryton.conf so it reflects on the modules list.


For completeness sake, I will just copy over the 5.0.1 post in here:

Dear community

I am happy to announce that the GNU Health Hospital Information System 5.0.1 patchset has been released!

Packages updated

• health core
• dentistry

If you use the vanilla / standard installation, you can update the server and the dependencies from the gnuhealth control center (https://docs.gnuh ... ontrolcenter.html)

Backup

As usual, before you upgrade your instance, make sure you have made a backup of your DB instance and "attach" resource !

Note about Matplotlib

We have simplified the dependency list and include matplotlib in it, so no need to look for the package at OS level. That said, Matplotlib is a complex package and we had run into issues installing it in FreeBSD from PyPi in the past. Please report if you find any issue, specially in the update process or in the chart generation context.

Happy hacking ❤️

Changelog for 5.0.2

b3a972cb3 (HEAD -> main, tag: 5.0.2, origin/main, origin/HEAD) Merge branch 'patchset/5.0.2'
510cb4b4f (origin/patchset/5.0.2, patchset/5.0.2) Update Changelog
6486b79b0 Fix bug #144 . Update release version on tryton.conf

Changelog for 5.0.1

a55eb3eed (HEAD -> main, tag: 5.0.1, origin/main, origin/HEAD) Merge branch 'patchset/5.0.1'
a6c6020b3 (origin/patchset/5.0.1, patchset/5.0.1) Update Changelog and patchset version to 5.0.1
c64117947 (bugfix/5.0.1) health: pyproject.toml Unpin pillow and pytz dependencies
9b7ffeb5d tryton/health/pyproject.toml: use pillow>=10.1.0
e3190ac09 Update version in health and health_dentistry. Update Changelog
0a64fa240 Remove pillow dependency from lab and dentistry since it's already core gnuhealth package
82a847af4 Merge pull request 'missing commas' (#140) from joseagrc/his:main into bugfix/5.0.1
2653b45a0 Merge pull request 'Remove unused dependencies from health module' (#133) from ced/his:health-deps into bugfix/5.0.1
c52c673c3 Wrong cursor field teeth
721ff65e7 missing commas
2bee11109 Remove unused dependencies from health module


For a more detailed list, please go to our project page at Codeberg:
https://codeberg. ... eleases/tag/5.0.1

9 September 2025 Unifont 17.0.01 is now available. This is a major release to align with Unicode 17.0.0.

- Updates to synchronize Unifont with Unicode 17.0.0 release, including the addition of new script ranges Sidetic, Sharada Supplement, Tolong Siki, Beria Erfe, Miscellaneous Symbols Supplement, and Tai Yo.

- All Arabic glyphs introduced in Unicode 17.0.0.

- Updates and additions to many ideographs in the first list of the second round of simplified Chinese characters.

- Updates to many other glyphs; see ChangeLog for details.

- All C programs are now configured to compile cleanly with the GCC flags "-std=c99", "-Wall", and "-pedantic". This should allow compilation with all versions of GCC from GCC 4.2.1 (the last version with a GPLv2 license) to the latest. GCC 4.2.1 compiles C99 sources, but not by default and so requires the "-std=c99" flag to compile hex2otf.c.

- The unifont.info Texinfo file is now installed in $(PREFIX)/share/info compressed with "gzip -9" by default.

Download this release from GNU server mirrors at:

https://ftpmirror ... /unifont-17.0.01/

or if that fails,

https://ftp.gnu.o ... /unifont-17.0.01/

or, as a last resort,

ftp://ftp.gnu.org ... /unifont-17.0.01/

These files are also available on the unifoundry.com website:

https://unifoundr ... /unifont-17.0.01/

Font files are in the subdirectory

https://unifoundr ... 0.01/font-builds/

A more detailed description of font changes is available at

https://unifoundr ... nifont/index.html

and of utility program changes at

https://unifoundr ... nt-utilities.html

Information about Hangul modifications is at

https://unifoundr ... hangul/index.html

and

http://unifoundry ... l-generation.html

Enjoy!

Earlier today I joined Prot for an episode of his Prot Asks series, where he talks to folks about Emacs and life in general. We talked about free software, free knowledge, the importance of community and the commons, and life in Canada.

See the episode’s page on Prot’s website for the video recording, Prot’s summary of our chat, and the links I shared after our call. You can also watch the recording embedded below.

I really enjoyed our chat today and time went by very quickly. Thanks again for having me, Prot!

Take care, and so long for now.

The video recording is Copyright © 2025 Protesilaos Stavrou and Amin Bandali, and is licensed under CC BY-SA 4.0.

A security issue, CVE-2025-59378, has been identified in guix-daemon, which allows for a local user to gain the privileges of any of the build users and subsequently use this to manipulate the output of any build. In the case of the rootless daemon, this also means gaining the privileges of guix-daemon. All systems are affected, whether or not guix-daemon is running with root privileges. You are strongly advised to upgrade your daemon now (see instructions below).

The only requirements to exploit this are the ability to create and build an arbitrary derivation that has builtin:download as its builder, and to execute a setuid program on the system in question. As such, this represents an increased risk primarily to multi-user systems, but also more generally to any system in which untrusted code may be able to access guix-daemon's socket, which is usually located at /var/guix/daemon-socket/socket.

Vulnerability

guix-daemon currently supports two so-called built-in builders for derivations: builtin:download and builtin:git-download. Their primary utility is currently to circumvent bootstrapping challenges in code-downloading derivations (that is, "how does one get the programs that are used to download programs?") by using "host-side" programs for this purpose.

In particular, download and git-download are currently implemented in the (guix scripts perform-download) module, which can be run as a standalone program using guix perform-download. At the time that perform-download was written, it was believed to be sufficient for security purposes to ensure that it was run by a build user, and so one of the user-supplied values (the file named by the derivation's content-addressed-mirrors environment variable) was read and evaluated as arbitrary Guile code.

This suffices to protect a regular user from an untrusted derivation they may be building, since all processes owned by the build user will be killed at the end of the build, before any other build can be run that uses the same build user. It does not suffice, however, to protect the daemon's build users – and by extension the integrity of the daemon's builds – from a regular user. In particular, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it even after the build has ended. This is similar in impact to CVE-2025-46416, though using a somewhat different mechanism.

Mitigation

This security issue has been fixed by 3 commits (2a33354, f607aaa, and 9202921) as part of pull request #2419. Users should make sure they have upgraded to commit 1618ca7 or any later commit to be protected from this vulnerability. Upgrade instructions are in the following section.

The fix was accomplished by changing (guix scripts perform-download) to evaluate the content-addressed-mirrors file in a Guile isolated environment, as well as verifying that this file and the others that perform-download reads is neither outside of the store nor a symbolic link to a file outside of the store, so that this cannot be used to cause arbitrary files (such as /proc/PID/fd/N) to be read. Measures were also taken to ensure that calls to read never cause code to be evaluated.

A test for the presence of this vulnerability is available at the end of this post. One can run this code with:

guix repl -- content-addressed-mirrors-vuln-check.scm

This will output whether the current guix-daemon being used is vulnerable or not. If it is not vulnerable, the last line will contain guix-daemon is not vulnerable and guix repl will exit with status code 0, otherwise the last line will contain guix-daemon is VULNERABLE and guix repl will exit with status code 1.

Upgrading

Due to the severity of this security advisory, we strongly recommend all users to upgrade guix-daemon immediately.

For Guix System, the procedure is to reconfigure the system after a guix pull, either restarting guix-daemon or rebooting. For example:

guix pull
sudo guix system reconfigure /run/current-system/configuration.scm
sudo herd restart guix-daemon

where /run/current-system/configuration.scm is the current system configuration but could, of course, be replaced by a system configuration file of a user's choice.

For Guix on another distribution, one needs to guix pull with sudo, as the guix-daemon runs as root, and restart the guix-daemon service, as documented. For example, on a system using systemd to manage services, run:

sudo --login guix pull
sudo systemctl restart guix-daemon.service

Note that for users with their distro's package of Guix (as opposed to having used the install script) you may need to take other steps or upgrade the Guix package as per other packages on your distro. Please consult the relevant documentation from your distro or contact the package maintainer for additional information or questions.

Conclusion

Test for presence of vulnerability

Below is code to check if your guix-daemon is vulnerable to this exploit. Save this file as content-addressed-mirrors-vuln-check.scm and run following the instructions above, in "Mitigation."

(use-modules (guix monads)
 (guix derivations)
 (guix gexp)
 (guix store)
 (guix utils)
 (guix packages)
 (srfi srfi-34))
(define %test-filename
 "/tmp/content-addressed-mirrors-vulnerable")
(define %test-content-addressed-mirrors
 `(begin
 (mkdir ,%test-filename)
 (exit 33)))
(define %test-content-addressed-mirrors-file
 (plain-file "content-addressed-mirrors"
 (object->string %test-content-addressed-mirrors)))
(define (test-content-addressed-mirrors content-addressed-mirrors)
 (mlet %store-monad ((content-addressed-mirrors
 (lower-object content-addressed-mirrors)))
 (raw-derivation "content-addressed-mirrors-vuln-check"
 "builtin:download"
 '()
 #:hash
 (base32
 "dddddddddddddddddddddddddddddddddddddddddddddddddddd")
 #:hash-algo 'sha256
 #:sources (list content-addressed-mirrors)
 #:env-vars `(("url" . "/doesnotexist")
 ("content-addressed-mirrors"
 . ,content-addressed-mirrors))
 #:local-build? #t)))
(with-store store
 (let ((drv (run-with-store store (test-content-addressed-mirrors
 %test-content-addressed-mirrors-file))))
 (guard (c ((and (store-protocol-error? c)
 (string-contains (store-protocol-error-message c) "failed"))
 (cond
 ((file-exists? %test-filename)
 (format #t "content-addressed-mirrors can evaluate arbitrary code, guix-daemon is VULNERABLE~%")
 (exit 1))
 (else
 (format #t "content-addressed-mirrors can't create files, guix-daemon is not vulnerable~%")
 (exit 0)))))
 (build-derivations store (list drv)))))

GNU Parallel 20250822 ('Петропавловск') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

gnuparallel is sacred Unix magic
-- Dr. Dylan Beaudette, Soil Scientis ‪@dylanbeaudette.bsky.social

New in this release:

• No new features.
• Bug fixes and man page updates.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

find . -name '*.jpg' |
parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

$ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
fetch -o - http://pi.dk/3 ) > install.sh
$ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
12345678 c555f616 391c6f7c 28bf9380 44f4ec50
$ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
70727536 3428aa9e 9a136b9a 7296dfe4
$ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
$ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

• Give a demo at your local user group/team/colleagues
• Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
• Get the merchandise https://gnuparall ... igns/gnu-parallel
• Request or write a review for your favourite blog or magazine
• Request or build a package for your favourite distribution (if it is not already there)
• Invite me for your next conference

If you use programs that use GNU Parallel for research:

• Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

• (Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

Muddenahalli, August 17th 2025

Dr. Luis Falcón, author of GNU Health and founder of GNU Solidario, received the One World One Family Humanitarian award in the field of Healthcare from Sri Madhusudan Sai, founder of One World One Family mission.

The award ceremony took place during the World Cultural Festival in Sathya Sai Grama, Muddenahalli, India, this Monday, August 17th.

The award reads:

Citation
ONE WORLD ONE FAMILY
HUMANITARIAN AWARD 2025

in the category of
Healthcare
is hereby conferred on

Dr. Luis Falcón
of Spain
on 17 August 2025 at Sathya Sai Grama, Muddenahalli

A Pioneer in Open Science for Global Healthcare

Dr Luis Falcón is honored for his outstanding contributions to advancing social medicine, ethical research, and healthcare accessibility worldwide. He is the founder of GNU Solidario and creator of GNU Health, a United Nations-adopted, award-winning health information system. His work has transformed hospitals and research institutions across the globe.

Through open-source innovation, compassionate care models, and his advocacy for cruelty-free, human-relevant research, Dr Falcón bridges medicine, technology, and ethics to serve both humanity and the planet. His dedication to integrating genomics, environmental health, and precision medicine continues to inspire efforts toward a more equitable and sustainable future for global health.

His commitment to health equity continues to inspire hope for a future where healthcare is truly ethical, inclusive, and accesible to all.

Sadugru Sri Madhusudan Sai
Founder, One World One Family Mission

At GNU Solidario, we are honored for this award from such a noble Mission as One World One Family, that shares the spirit of delivering universal health and education across the world. In November, the One World One Family mission will inaugurate the largest free hospital in the world, a 600 bed tertiary hospital that will keep on providing universal healthcare, free of charge, for those who need it most, not just in India, but across the globe.


Whether is building hospitals, providing shelter and free education to the underprivileged or writing Free/Libre software to empower health professionals and their patients, we all have a common goal: Freedom and dignity to anyone in this world.

In 2011 – almost fifteen years ago from now – it was Richard Stallman, creator of the GNU Project and the Free Software Foundation, who gave Luis Falcón the award for Social Benefit for the GNU Health project.

Since then, the GNU Health Hospital Information System has been adopted by countries Ministries of Health, multilateral organizations, laboratories, hospitals, health professionals, academic and research institutions across the world.

We are humbled and full of gratitude, joy and commitment to keep on fighting in advancing Social Medicine. In these times of darkness, the One World One Family mission is a beacon of hope, and we are very proud to be part of it.

We want to make this award extensive to all the GNU community, and to any of you around the world that writes Free/Libre software for the betterment of the society.

Much love
The GNU Solidario team

You can read the original post with pictures at GNU Solidario:
https://my.gnusol ... ld-of-healthcare/

La noticia en español:
https://precision ... n-award-en-salud/

Muddenahalli, August 17th 2025

Dr. Luis Falcón, author of GNU Health and founder of GNU Solidario, received the One World One Family Humanitarian award in the field of Healthcare from Sri Madhusudan Sai, founder of One World One Family mission.

The award ceremony took place during the World Cultural Festival in Sathya Sai Grama, Muddenahalli, India, this Monday, August 17th.

The award reads:

Citation
ONE WORLD ONE FAMILY
HUMANITARIAN AWARD 2025

in the category of
Healthcare
is hereby conferred on

Dr. Luis Falcón
of Spain
on 17 August 2025 at Sathya Sai Grama, Muddenahalli

A Pioneer in Open Science for Global Healthcare

Dr Luis Falcón is honored for his outstanding contributions to advancing social medicine, ethical research, and healthcare accessibility worldwide. He is the founder of GNU Solidario and creator of GNU Health, a United Nations-adopted, award-winning health information system. His work has transformed hospitals and research institutions across the globe.

Through open-source innovation, compassionate care models, and his advocacy for cruelty-free, human-relevant research, Dr Falcón bridges medicine, technology, and ethics to serve both humanity and the planet. His dedication to integrating genomics, environmental health, and precision medicine continues to inspire efforts toward a more equitable and sustainable future for global health.

His commitment to health equity continues to inspire hope for a future where healthcare is truly ethical, inclusive, and accesible to all.

Sadugru Sri Madhusudan Sai
Founder, One World One Family Mission

At GNU Solidario, we are honored for this award from such a noble Mission as One World One Family, that shares the spirit of delivering universal health and education across the world. In November, the One World One Family mission will inaugurate the largest free hospital in the world, a 600 bed tertiary hospital that will keep on providing universal healthcare, free of charge, for those who need it most, not just in India, but across the globe.

Whether is building hospitals, providing shelter and free education to the underprivileged or writing Free/Libre software to empower health professionals and their patients, we all have a common goal: Freedom and dignity to anyone in this world.

In 2011 – almost fifteen years ago from now – it was Richard Stallman, creator of the GNU Project and the Free Software Foundation, who gave Luis Falcón the award for Social Benefit for the GNU Health project.

Since then, the GNU Health Hospital Information System has been adopted by countries Ministries of Health, multilateral organizations, laboratories, hospitals, health professionals, academic and research institutions across the world.

We are humbled and full of gratitude, joy and commitment to keep on fighting in advancing Social Medicine. In these times of darkness, the One World One Family mission is a beacon of hope, and we are very proud to be part of it.

We want to make this award extensive to all the GNU community, and to any of you around the world that writes Free/Libre software for the betterment of the society.

Much love

The GNU Solidario team

We are not that happy to announce the release of GNU gprofng-gui, version 2.2.

This release fixes a bug in the short-lived 2.1 that prevents it to be built with very recent versions of the JDK.

gprofng GUI is a full-fledged graphical interface for the gprofng
profiler, which is part of the GNU binutils.

The tarball gprofng-gui-2.2.tar.gz is now available at
https://ftp.gnu.org/gnu/gprofng-gui/gprofng-gui-2.2.tar.gz.

--
Vladimir Mezentsev
Jose E. Marchesi
19 August 2025

Dear community

I am happy to announce that we have released a virtualbox image
containing the GNU Health Hospital Management System 5.0 server
running on a Debian GNU/Linux operating system.

This virtual machine is a GNU Health "plug and play" distribution, with
SSH server, postgreSQL and Tryton services enabled at boot time. It also
provides the GNU Health HIS GTK client.

You can download the latest 5.0 image from:

https://www.gnuhe ... downloads/images/


Users:
- gnuhealth: The admin user for the the HMIS server (passwd: "gnu")
- root: Its password is "gnu"

**PLEASE make sure you change both passwords**

The server uses the official ("vanilla") installation method, so all the links, aliases, logs and documentation are current.

The HIS server is enabled by default. It runs automatically at
operating system boot time.

Demo DB: We have also included the demo DB "health50", same as the one in the community server. The credentials are the same
(admin/gnusolidario)

You can create your own database and customize the server. This is a full blown server and operating system ready to use.

Disk space: In order to save resources and download times this is a very small image. You need to resize the disk and filesystem if you are going to use it in production.

If you need a larger or custom image for your health institution, you can request it by contacting us at health@gnusolidario.org .

The image is compressed in gzip format. Make sure you uncompress it before importing into virtualbox.

For more information, please refer to the official documentation at: https://docs ... nuhealth.org

Some specs:
----------
MD5 hash: a756ac5afe0b93ae705e933e74cbb1c0 GNUHealth-50-debian12.vdi.gz


Debian: 12.0 "Bookworm"
DB: Postgresql 15
Python: 3.11
Tryton: 7.0
Desktop environment : XFCE

Get the latest news from our official GNU Health channel in Mastodon:
https://mastodon. ... social/@gnuhealth

Happy hacking,

--
Dr. Luis Falcon, MD, MSc
Author, GNU Health
Medical Director, PrecisionMed
Founder, GNU Solidario