Please update your
google-chrome package to version
A new version of Chromium (and Google Chrome consequently) was released to fix the following security vulnerabilities:
CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652.
(And that means "a lot of them", please update soon!)
Our mirror at USTC is down, due to recurring hard disk array failures.
That said, you might need to change your APT source lists to install and update packages normally. Use
apt-gen-list -l to see your options (avoid
10-ustc for now), and
apt-gen-list -e "repo1 repo2 repo3" to enable new mirrors to use.
We will post another notice when USTC's mirror has resolved this issue.
This security advisory suggests the following updates to your system:
firefoxpackage to version
50.0.2; if you are using PowerPC 64-bit port (
ppc64, big endian), please update to version
thunderbirdpackage to version
palemoonpackage to version
Recently, a 0-day software vulnerability was disclosed for various Mozilla-based software packages:
CVE-2016-9079 (Reserved but not issued).
Core 4.1 was released just now as a major feature update to the Core 4.0 series. Core 4.1 contains:
And most notably, GCC now comes with Go language support, and now you may switch between the Google and the GNU implementation. Many changes were also put into a new Glibc update, like the Unicode 9.0 update. Also, we have disabled any non-Unicode locale by default to save some time and disk space when updating Glibc (you can still enable them by editing
Some details were changed in the AOSC OS base definition package (aosc-aaa) as well,
/etc/os-release now includes a new field for
BUILD_ID, as exposed in GNOME as follows:
A full changelog for Core 4.1 is available here.
Note: This version of Core contains security update for Glibc, for AOSA-2016-0030, therefore it it strongly suggested for you to update if you are using ARMv7 (
armel) port of AOSC OS!
Please update your
glibc package to version
2.24-2, especially if you are using ARMv7 (
A fix was recently committed to Glibc's Git master to fix the following vulnerability:
And the vulnerability states:
"The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation."
Please update your
libtiff package to version
A new version of LibTIFF was recently announced to fix the following security vulnerabilities:
And the following MSVR (Microsoft Vulnerability Research) indexes:
MSVR 35105, MSVR 35094, MSVR 35095, MSVR 35092, MSVR 35103, MSVR 35100, MSVR 35093, MSVR 35096, MSVR 35097, MSVR 35098.
Recent update to Jasper and GpgME (
gpgme, respectively) contained undocumented update to their "so-ver" (version suffix to share libraries) - which we did not perform a rebuild as the result of this oversight.
A batch of updates was pushed earlier today to fix this issue.
Note: This issue only applies to AOSC OS for the AMD64/x86_64 architecture.
We apologize for any inconvenience.
Trinity Desktop Environment R14.0.4 was released just earlier this month with support for building with GCC 6 and GStreamer 1.0 - I thought it's about time to bring this classical beast in.
Trinity Desktop Environment is a continued effort to continue the maintenance of KDE 3.5.10.
Along the way (since 2010), support for "modern" system features like PulseAudio, HAL-less hardware detection were added to this ancient desktop environment, making it largely usable on even a newer system foundation like AOSC OS.
Here below are some screenshots taken from my PowerMac G5 (PowerPC64) running TDE - which I happen to use everyday now, since the last weekend.
First greetings from Trinity.
A different flavoured panel with Kickoff launcher - more famous on KDE Plasma 4 desktop.
Get the productivity going!
Install Trinity Desktop Environment is relatively easy, installing the
tdebase package should get you going with a minimal TDE installation.
A meta-package will be created soon for easier installation.
— Mingcong Bai
Per users' requests, we have added the following packages to our community repository:
htdig- Scripts and HTML code needed for using ht://Dig as a web search engine.
ibus-uniemoji- Emoji and symbol input support for IBus.
ltrace- A debugging program which runs a specified command until the command exits.
pwgen- Automatic password generator.
siege- An HTTP regression testing and benchmarking utility.
devmem2- Simple program to read/write from/to any location in memory.
dislocker- Read BitLocker encrypted volumes under Linux.
Special changes to existing packages this week:
google-chromeis now provided as a binary repack, so there is no need to fight with the downloader in some... less convenient locations.
To learn about how to request new packages for addition into our community repository, please check out our "pakreq" guide. Or simply shout out requests with
#pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).