[Testing Update] 2026-05-01 - Kernels (CVE-2026-31431), NVIDIA, LibreOffice, Mesa, Deepin

Announcements Testing Updates
1

Hello Manjaro user community, here we have another set of package updates. We are continuing our development of the upcoming release of ‘Bian-May’ which can be expected end of May, beginning of June. Development speed may be a little slower the upcoming weeks. However, still let us know any issues you may found thus far. Don’t expect major updates to stable branch anytime soon! Those who want to have a maintained Distro, may switch to testing branch and give needed feedback …

Current Promotions

Recent News

New in Manjaro GNOME!

When choosing an accent color in Settings, the folder colors will now change automatically to match when using the Papirus Dark or Papirus Light icon theme.

To try it out, install gnome-shell-extension-papirus-folders-colorizer from Add/Remove Software, logout / login and enable Papirus Folder Colorizer from Extensions.

Or, if you prefer the command line:

Install:

sudo pacman -Syu gnome-shell-extension-papirus-folders-colorizer

Enable the extension:

 gnome-extensions enable papirus-folders-colorizer@NiffirgkcaJ.github.com

Logout:

gnome-session-quit --logout

Also, when applying accent colors from Layout Switcher settings, it will also set the matching folder color. Requires accent-color-change r172.c761c84-2 or newer.

KDE Plasma users with SDDM can now migrate to Plasma Login Manager

After ensuring plasma-login-manager 6.5.90-1 (or newer) is installed, run the following:

sudo pacman -Syu plasma-login-manager
systemctl disable sddm
systemctl enable plasmalogin
sudo pacman -R sddm-kcm sddm
NVIDIA 590 driver drops Pascal support

With the update to driver version 590, the NVIDIA driver no longer supports Pascal (GTX 10xx) GPUs or older.

Impact: Updating the NVIDIA packages on systems with Pascal, Maxwell, or older cards will fail to load the driver, which may result in a broken graphical environment.

Intervention required for Pascal/older users: Users with GTX 10xx series and older cards must switch to a legacy driver to maintain support:

  • Install the official linuxXXX-nvidia-575xx, linuxXXX-nvidia-570xx, or related DKMS packages.
  • Manjaro 26.0 Anh-Linh released
  • Manjaro Summit public Alpha now available
  • As of Linux 5.4.302, the 5.4 series is now EOL (End Of Life). Please install 5.10 LTS (Long Term Support) or 5.15 LTS.
  • As of Linux 6.16.12, the 6.16 series is now EOL (End Of Life). Please install 6.18 LTS (Long Term Support) and/or 6.12 LTS.
  • As of Linux 6.17.13, the 6.17 series is now EOL (End Of Life). Please install 6.18 LTS (Long Term Support) and/or 6.12 LTS.
  • As of Linux 6.19.14, the 6.19 series is now EOL (End Of Life). Please install 7.0, and/or 6.18 LTS (Long Term Support) and/or 6.12 LTS.
Previous News
Finding information easier about Manjaro

Finding information easier about Manjaro always has been a topic that needed to be solved. With our new search we have put all Manjaro data accessible in one place and divided by sections so it makes it easier to digest: News – Manjaro

image
image679×348 45.7 KB

Notable Package Updates

  • Most Kernels got updated
    • linux619 kernel series got removed from our repos
    • this includes security fixes for CVE-2026-31431
      • patched kernels are: 5.10.254+, 5.15.204+, 6.1.170+, 6.6.137+, 6.12.85+, 6.18.22+, 6.19.12+, 7.0-rc7+
      • affected kernels are: 6.1.167_rt62, 6.6.133_rt73, 6.12.79_rt17, 6.17.5_rt7
      • more info in troubleshoot guide
  • NVIDIA 595.71.05 / 580.159.03
  • Firefox 150.0.1
  • LibreOffice 26.2.3
  • MESA 26.0.6
  • Updates to Deepin and Haskell

Additional Info

Python 3.14 info

:information_source: You will need to rebuild any AUR Python packages that install files to site-packages or link to libpython3.13.so.

Print a list of of packages that have files in /usr/lib/python3.13/ :

pacman -Qoq /usr/lib/python3.13/

Rebuild them all at once:*

pamac build $(pacman -Qoq /usr/lib/python3.13)

Use rebuild-detector to see if anything else needs to be rebuilt:

 checkrebuild

* It’s recommended to clean your build cache first with pamac clean --build-files

Info about AUR packages

:warning: AUR (Arch User Repository) packages are neither supported by Arch nor Manjaro. Posts about them in Announcements topics are off-topic and will be flagged, moved or removed without warning.

For help with AUR packages, please create a new topic in Support > AUR and a helpful volunteer may be able to assist you.

Get our latest daily developer images now from Github: Plasma, GNOME, XFCE. You can get the latest stable releases of Manjaro from CDN77.

Our current supported kernels

  • linux510 5.10.254
  • linux515 5.15.204
  • linux61 6.1.170
  • linux66 6.6.137
  • linux612 6.12.85
  • linux618 6.18.26
  • linux70 7.0.3
  • linux71 7.1.0-rc1
  • linux61-rt 6.1.167_rt62
  • linux66-rt 6.6.133_rt73
  • linux612-rt 6.12.79_rt17
  • linux617-rt 6.17.5_rt7

Package Changes (5/1/26 06:38 CEST)

  • testing core x86_64: 21 new and 23 removed package(s)
  • testing extra x86_64: 1623 new and 1742 removed package(s)
  • testing multilib x86_64: 22 new and 23 removed package(s)

A list of all changes can be found here

  • No issue, everything went smoothly
  • Yes there was an issue. I was able to resolve it myself.(Please post your solution)
  • Yes i am currently experiencing an issue due to the update. (Please post about it)
0 voters

Check if your mirror has already synced:

3 Likes
Mullvad VPN out of date
[Testing Update] 2026-04-28 - Kernels, Thunderbird, QEMU, Octopi, Deepin, Haskell
2

Known issues and solutions

This is a wiki post; please edit as necessary.
Please, consider subscribing to the Testing Updates Announcements RSS feed

Please RTFT (Read This Fine Thread) first before reporting the same issues over and over again!

Note: Do not forget to review your .pacnew files:

:arrow_right: 2026-05-01

On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named “Copy Fail”, was publicly disclosed. The vulnerability affects Manjaro Linux since 2017. A public proof-of-concept exploit has been released.

We have patched most of our kernels and released them to our testing and unstable branches:

  • patched kernels are: 5.10.254+, 5.15.204+, 6.1.170+, 6.6.137+, 6.12.85+, 6.18.22+, 6.19.12+, 7.0-rc7+
  • affected kernels are: 6.1.167_rt62, 6.6.133_rt73, 6.12.79_rt17, 6.17.5_rt7 and lower

Temporary Mitigation

Disable the algif_aead kernel module persistently on all affected systems until a patched kernel is available:

sudo su
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
exit

More Information: CERT-EU - High Vulnerability in the Linux Kernel ("Copy Fail")

2026-04-06

udev-usb-sync and kernel 7.0-rc

If you experience slow transfers to USB attached disks, remove the package udev-usb-sync. It is not known why the 7.0-rc kernel causes this. There may be a regression of some sort. Awaiting the final release of the 7.0 kernel before jumping to conclusions.

See [Unstable Update] April 2026 thread for more info

2026-04-23T22:00:00Z
The issue is solved with the release of 7.0 kernel

Previous testing threads:

1 Like
Copy Fail (CVE-2026-31431)
[Stable Update] 2026-03-23 - Kernels, Mesa, COSMIC, GNOME, Systemd, Plasma
[ALERT] CVE-2026-31431 - Local Privilege Escalation Vulnerability
3

Awesome! Great to see the copy fail kernel fixes flowing through the branches :100:

1 Like
4

Kernel 7 is already upstream patched, is it? Because i do not see it in the list.

5

Well … crypto: algif_aead - Revert to operating out-of-place · torvalds/linux@a664bf3 · GitHub Upstream patches most likely land in linux-mainline first. Most during the merge window and RC-development cycles. Security patches then get backported to stable Kernels. So ya, 7.0.x series was patched since 7.0-rc7.

3 Likes
6

ISOs including these updates: Release 202605010714 · manjaro/release-review · GitHub

1 Like
7

In spite of the scary message telling me my file system isn’t BTRFS, everything went just fine.

I assume there is some post update script that runs, with the assumption that the file system is BTRFS, then fails because it isn’t, then displays a scary error message.

8

Don’t expect major updates to stable branch anytime soon! Those who want to have a maintained Distro, may switch to testing

Can this be clarified, please?

  • is Manjaro stable currently not maintained?
  • is Manjaro stable not getting a fixed kernel soon for copy-fail?

Shouldn’t the quote above be cross-posted to the news or even the stable announcements section so that users on stable get a heads-up via matray?

1 Like
9

Isn’t that clear?

Stable branch needs a higher level of maintenance and checking, and demands the most preparation time, so is more likely to be delayed.

That doesn’t mean security and essential updates won’t be pushed through, just the next ‘big snap’ is likely to be delayed a little.

It’s going to remain stable.

2 Likes
10

I cannot read mind but @philm always say don’t chase Arch Linux

Stable branch is stable… and it is maintained

It will - in the mean time see instructions above

If you - for one reason or another - want to a bigger update of your system before the next stable snap - you are advised to switch to testing.

4 Likes
11

Thanks for the prompt clarification! It reassures a lot!

Ehmm, no. I am not a native speaker, but I tend to take that “Don’t expect major updates to stable branch anytime soon!” as “Manjaro stable is not going to get any major update in the near future” and “Those who want to have a maintained Distro, switch to testing” as “Testing is the maintained option, while Stable is not”.

May I suggest rephrasing as “Manjaro stable is not going to get any major update apart from the regular security fixes in the near future” and “Those who want to have a Distro with more up-to-date features, may switch to testing. Doing that and providing feedback will help progress with the Stable cycle too.”? Providing 6.18.26 in stable asap would also help a lot! The copy-fail vulnerability makes this a very bad time for risking being misinterpreted and I think the sentence as is may hinder the Manjaro reputation.

To double check, I pointed a popular LLM to the annoucement page with the prompt Please look at the announcement in [Testing Update] 2026-05-01 - Kernels (CVE-2026-31431), NVIDIA, LibreOffice, Mesa, Deepin and tell me from it if stable is still fully maintained and will get a fixed kernel for copy-fail asap getting the following answer:

From that announcement alone, I would not conclude that Manjaro Stable is
“still fully maintained” or that Stable will get the Copy Fail fixed kernel “ASAP.”
...
For Stable, the only clearly stated action is the temporary mitigation
1 Like
12

I really didn’t want to switch my main computer to the testing branch, but I needed to add a widget to the panels and place it in the right place. Moving widgets doesn’t work in the stable branch, and I really didn’t want to mess with the configs. So, I updated to the testing branch after taking a system snapshot. After the update, the kernel automatically switched from 6.19 to 7.0, plasma updated, and I finally managed to enable the native plasma-keyboard keyboard, which is designed for plasma 6.6. There were 3.9 GB of updates, which is quite a lot. I updated via pamac-manager, and everything went smoothly. It’s a shame the stable branch update was delayed much later than previously planned. I’ll wait until the stable branch is updated. I really don’t want to run into any problems because of this, but I have no other choice. Thanks for the fairly stable update implementation in the testing branch, I hope it continues.

(Translation using an online translator)

1 Like
13

You may not know what local privilege escalation (LPE) mean. This mean the attacker / hacker needs local access to your machine.

14

Where exactly this quote comes from?

16

For a number of years, since the days of Plasma 5, I have not found Testing to be any less stable.

My feeling is that ‘Stable’ is more broad in it’s ‘stability’ having eliminated more edge cases, and so it’s perfectly possible that you’ll never notice a difference.

However, with this updates, Stable may be further delayed… so you made a good decision and should be fine.

3 Likes
17

Local access to the machine is a typical usage pattern of machines with multiple users, isn’t it? E.g. a computer in a lab with many students all of which have an account, or a remote machine where many users can all ssh on.

18

Does this command work as a normal user or do you have to be root to execute it?

Also if this is important maybe it should be it’s own post pinned somewhere since not everyone will see this small section under the testing update (just a suggestion)

19

The second quote is not perfect, should have been “Those who want to have a maintained Distro, may switch to testing-branch”. It is just before “Current Promotions” in the very announcement.

20

I understand that if you get the testing update you will not need that command, since the testing update gives you a kernel with a fix for the vulnerability. You will definitely need that if you are on stable. So yes, giving this info only to those reading the testing release announcements is sub-optimal. But I believe that it is in fact more practical to install the 6.18.26 kernel package from testing manually on the system that is on stable. Should work with no issue.

21

I meant for people who are on stable, because this command is meant as a temporary measure for them until the patched kernel arrives on stable.