AOSC

 

Welcome to Anthon Open Source Community! We are a group of free and open technology enthusiasts working hard for improvements.

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds

LATEST NEWS

  • Progress Report: AOSC OS, "Meltdown" and "Spectre"JANUARY 13, 2018

    Since our last progress report, the following progress has been accomplished in our effort to mitigate the “Meltdown” and “Spectre” vulnerabilities for our users:

    • Browsers. With the recently released WebKit2GTK+ 2.18.5, which addressed “Spectre”-related issues - at the present moment, it should be safe to use browsers and applications based on this engine: Midori, Epiphany (GNOME Web), Yelp (GNOME Help/Manual Browser), etc.
    • Microcode. Intel has released version 20180108 of their Microcode update package to further the mitigation of both vulnerabilities. However, there are reports announced by Lenovo and Intel regarding the update resulting in unexpected reboots. Please notify us if you encountered such issue.
    • Applications. Wireshark has recently released version 2.4.4 which mitigated one of the variants of “Spectre”, Kernel-Side Attack.

    Please update your AOSC OS as soon as possible.

    — Mingcong Bai

  • Core 5.1.1, "Meltdown", and "Spectre"JANUARY 10, 2018

    For the past several days we have been continuing our work on the mitigation of “Meltdown” and “Spectre” - though at this point, we are focusing on the latter.

    One of the more important progress is the release of AOSC OS Core 5.1.1, while containing some bugfixes and updates, comes with an updated GCC (GNU Compiler Collection) containing Clear Linux’s implementation/backport of Retpoline patch set to the 7.2 branch (which we are currently shipping). The patch set has the target to avoid “generating code which contains an indirect branch that could have its prediction poisoned by an attacker” - as described by an LLVM contributor. While it could take some serious reading to fully understand what is going on, this is a step towards a more complete mitigation of possible impacts of the “Spectre” vulnerability.

    Apart from that, we have the following updates since our last report:

    • Kernels. With the introduction of Retpoline patches to GCC, the 4.14 branch of Kernels (“Mainline” and “Libre”) has been rebulit with the patches from Clear Linux to include similar fixes in the Kernels. No patch had been made available for our 4.9 branch of Kernel yet.
    • NVIDIA. A new driver release, version 390.12 has been released to address the Spectre-related vulnerabilities. No statement from NVIDIA about the 340 branch for older cards has been issued, though question has been raised in the NVIDIA DevTalk Forum.

    That’s all for now. We’ll continue the progress reports in the coming weeks, possibly.

    — Mingcong Bai

  • Daily Progress Report: AOSC OS, "Meltdown" and "Spectre"JANUARY 7, 2018

    Here’s a follow up to yesterday’s Progress Report on the fixing of “Meltdown” and “Spectre” for AOSC OS. Several events have taken place in the past 24 hours:

    • Kernels. We have been able to produce and test both “LTS” and “Main” Kernels to address these security concerns. Please update to 4.9.75 (for “LTS”) and 4.14.12 (for “Main”) as soon as possible.
    • Browsers. A statement from our resident vulnerability tracker Zero King cited a link from Google Support:

    "Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it [from this link].

    “Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.”

    At this moment, no other progress has been made on other issues stated on the last report.

    — Mingcong Bai

  • Progress Report: AOSC OS, "Meltdown" and "Spectre"JANUARY 6, 2018

    It’s been more than 24 hours since our last post, and I would like to offer an as-is progress report on our fixes for the “Meltdown” and “Spectre” bug, affecting Intel - potentially AMD and some ARM processors. To make this easy to read, I’ll list everything known at this point in bullet points:

    • Linux Kernel fixes. We have been able to produce a working build on the 4.9 branch (LTS current), with backported fixes; while for our 4.14 branch (Main), we are having some issues with DKMS, where kernel modules would fail to build indicating missing objtool. The issue with 4.14 is known to be a result of an added feature between 4.14.7 and 4.14.11 (for some reason, on a patch channel?), and we are currently working on a finalised solution.
    • Browsers. At this moment, not to be a “shill”, but we would not recommend any Web browser but Firefox. At this point, only Firefox 57.0.4 was released containing fixes for the “Spectre” security issue. Google has announced that they will make a release with the fixes on the 23rd. Nothing is known with the other browsers.
    • Compilers. GCC and LLVM/Clang have already implemented and proposed at least a partial fix, but neither have finalised a patch set for the current stable branch. GCC’s fix is not yet mainline, and LLVM/Clang has a patch for the current master.
    • Qemu and LibVirt. Qemu stated that “there are no public patches to KVM that expose the new CPUID bits and MSRs to the virtual machines, therefore there is no urgent need to update QEMU”. However, version 2.11.1 with “Spectre” fixes should be released in the coming days. We are yet to be able to pinpoint the exact fix commit for LibVirt - however, a security advisory was released by Red Hat.
    • Microcode updates. We have not been able to observe any updates from Intel or AMD, we will notify you with a security mail - if you haven’t subscribed to our security notification list, please do so here.

    At this point, only the Firefox 57.0.4 update has been pushed to the stable repository. I will post another news article here on the Portal tomorrow with (hopefully) some progress.

    Please update your AOSC OS at your earliest convenience, and adjust your software selection (highly recommended).

    — Mingcong Bai

  • AOSC OS End-of-2017 Wave of Updates!JANUARY 5, 2018

    First of all, a late Happy New Year…

    So, after two months of radio silence, here’s a (huge) batch of updates for AOSC OS - again, now for AMD64, and later for other ports. We have two major objectives for this wave of updates:

    • Processing package addition/update requests.
    • Introduce Deepin Desktop Environment.

    And indeed… We are able to push through with the two objectives:

    • Obviously, a full suite of Deepin Desktop Environment and its default applications are now available from the community repository.
    • We have been able to clear out all update requests from the list.
    • 261 new packages have been introduced to the repository as a result of the requests and their dependencies. However, some still remained to be processed for various reasons.

    EDIT: One of our community members pointed out that also as a part of this Wave of updates, a large collection of GIS (Geographic Information System/Science) software packages. All names of the packages added could be found here.


    aosc-os-deepin-201801

    AOSC OS running the Deepin Desktop Environment!


    I’m currently on a New Year’s trip so I will spare you of long paragraphs of details!

    For the rest of January, we will continue to work on synchronising updates on all our ports (apart from the MIPS ports, for their still questionable state), and to produce a new wave of tarball releases - it’s been almost one year since the last batch and it’s getting increasingly unpractical to download and update with.

    Apart from that I would like to drop a note about the recent Intel (and possibly AMD and ARM) Kernel/Compiler security issue, “Meltdown” and “Spectre”. Kernel updates are currently in the works, and will be pushed to the stable channel in 24 hours, as for compilers, they will be made available in roughly the same time frame (LLVM), and parts of them in the upcoming Core 5.1 update (probably the day after).

    I will leave a list of recommended sources for you to read up about the details. But for now, enjoy the updates and thank you for your continued support for AOSC OS!



    — Mingcong Bai

  • Today... Marks Our 6th Year!

  • October Wave is Here!

  • Kudos to KoDDoS!

  • Read more...

PROJECTS OVERVIEW

COMMON SERVICES

  • AOSC OS Packages

    A catalog of packages available for AOSC OS.

  • Community Repository

    Our community repository server, where AOSC OS installation medias, tarballs, packages, project documentation, etc. are stored.

  • Mirror Status

    Take a look at current mirror synchronization and availability information.

  • Mailing Lists

    Community mailing lists for discussions, advisories, and announcements.

  • IRC Channel

    Get in touch with the community.

  • Google+

    Learn about newest news and happenings in and around AOSC.

  • Hermes WebMail

    Our WebMail service for AOSC developers and contributors.

  • Public Clipboard

    Our public clipboard service (or pastebin) that you can use for all your clippy needs.