Read hard, get it all caught up :-D

Things are (actually) going on around the community (surprise!), you may find latest news and happenings in and around the community, and of course, latest information for you to better enjoy AOSC OS.

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. -- Linus Torvalds


  • AOSA-2016-0032: Update Chromium and Google ChromeDECEMBER 4, 2016

    Please update your chromium and google-chrome package to version 55.0.2883.75.

    A new version of Chromium (and Google Chrome consequently) was released to fix the following security vulnerabilities:

    CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652.

    (And that means "a lot of them", please update soon!)

    Relevant documentation:

  • AOSC OS Repository Mirror at USTC is DownDECEMBER 3, 2016

    Our mirror at USTC is down, due to recurring hard disk array failures.

    That said, you might need to change your APT source lists to install and update packages normally. Use apt-gen-list -l to see your options (avoid 10-ustc for now), and apt-gen-list -e "repo1 repo2 repo3" to enable new mirrors to use.

    We will post another notice when USTC's mirror has resolved this issue.

    Relevant documentation:

  • AOSA-2016-0031: Update Mozilla softwareDECEMBER 3, 2016

    This security advisory suggests the following updates to your system:

    • Please update your firefox package to version 50.0.2; if you are using PowerPC 64-bit port (ppc64, big endian), please update to version 45.5.1esr.
    • Please update your thunderbird package to version 45.5.1.
    • Please update your palemoon package to version 27.0.2.

    Recently, a 0-day software vulnerability was disclosed for various Mozilla-based software packages:

    CVE-2016-9079 (Reserved but not issued).

    Relevant documentation:

  • Core 4.1 is here!DECEMBER 1, 2016


    Core 4.1 was released just now as a major feature update to the Core 4.0 series. Core 4.1 contains:

    • Fixes to issues discovered since the release of Core 4.0.1 (last release in the 4.0 series).
    • Features updates/additions to Core.
    • Performance improvements.
    • Security fixes.

    And most notably, GCC now comes with Go language support, and now you may switch between the Google and the GNU implementation. Many changes were also put into a new Glibc update, like the Unicode 9.0 update. Also, we have disabled any non-Unicode locale by default to save some time and disk space when updating Glibc (you can still enable them by editing /etc/locale.gen).

    Some details were changed in the AOSC OS base definition package (aosc-aaa) as well, /etc/os-release now includes a new field for BUILD_ID, as exposed in GNOME as follows:


    A full changelog for Core 4.1 is available here.

    Note: This version of Core contains security update for Glibc, for AOSA-2016-0030, therefore it it strongly suggested for you to update if you are using ARMv7 (armel) port of AOSC OS!

  • AOSA-2016-0030: Update Glibc to 2.24-2DECEMBER 1, 2016

    Please update your glibc package to version 2.24-2, especially if you are using ARMv7 (armel).

    A fix was recently committed to Glibc's Git master to fix the following vulnerability:


    And the vulnerability states:

    "The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation."

  • AOSA-2016-0029: Update LibTIFF to 4.0.7DECEMBER 1, 2016

    Please update your libtiff package to version 4.0.7.

    A new version of LibTIFF was recently announced to fix the following security vulnerabilities:

    CVE-2016-9448, CVE-2016-9273, CVE-2014-8127, CVE-2016-3658, CVE-2016-3622, CVE-2016-5875, CVE-2016-3623, CVE-2016-3991, CVE-2016-3945, CVE-2016-5321, CVE-2016-5323.

    And the following MSVR (Microsoft Vulnerability Research) indexes:

    MSVR 35105, MSVR 35094, MSVR 35095, MSVR 35092, MSVR 35103, MSVR 35100, MSVR 35093, MSVR 35096, MSVR 35097, MSVR 35098.

    Relevant documentation:

  • AOSA-2016-0028: Update Vim and NeovimDECEMBER 1, 2016

    Please update your vim package to version(s) higher than 8.0.0056, and neovim package to version 0.1.7.

    New versions of Vim and Neovim were released recently to fix the following security vulnerability:


    Relevant documentation:

  • Package Update Advisory: Nov. 20, 2016NOVEMBER 20, 2016

    Recent update to Jasper and GpgME (jasper and gpgme, respectively) contained undocumented update to their "so-ver" (version suffix to share libraries) - which we did not perform a rebuild as the result of this oversight.

    • If you have updated AOSC OS between now and November 18th (UTC time), you may experience issue that some applications crashes on launch, or crashes during usage.
    • If not, we advise that you avoid updating system within 24 hours of this advisory to prevent issue described above.

    A batch of updates was pushed earlier today to fix this issue.

    Note: This issue only applies to AOSC OS for the AMD64/x86_64 architecture.

    We apologize for any inconvenience.

  • Trinity Desktop Environment Now Available!NOVEMBER 18, 2016

    A sensible throwback

    Trinity Desktop Environment R14.0.4 was released just earlier this month with support for building with GCC 6 and GStreamer 1.0 - I thought it's about time to bring this classical beast in.

    What is TDE then?

    Trinity Desktop Environment is a continued effort to continue the maintenance of KDE 3.5.10.

    Along the way (since 2010), support for "modern" system features like PulseAudio, HAL-less hardware detection were added to this ancient desktop environment, making it largely usable on even a newer system foundation like AOSC OS.

    Here below are some screenshots taken from my PowerMac G5 (PowerPC64) running TDE - which I happen to use everyday now, since the last weekend.


    First greetings from Trinity.


    A different flavoured panel with Kickoff launcher - more famous on KDE Plasma 4 desktop.


    Get the productivity going!


    Install Trinity Desktop Environment is relatively easy, installing the tdebase package should get you going with a minimal TDE installation.

    A meta-package will be created soon for easier installation.


    — Mingcong Bai

  • New package additions: Nov. 18, 2016NOVEMBER 18, 2016

    Per users' requests, we have added the following packages to our community repository:

    • htdig - Scripts and HTML code needed for using ht://Dig as a web search engine.
    • ibus-uniemoji - Emoji and symbol input support for IBus.
    • ltrace - A debugging program which runs a specified command until the command exits.
    • pwgen - Automatic password generator.
    • siege - An HTTP regression testing and benchmarking utility.
    • devmem2 - Simple program to read/write from/to any location in memory.
    • dislocker - Read BitLocker encrypted volumes under Linux.

    Special changes to existing packages this week:

    • google-chrome is now provided as a binary repack, so there is no need to fight with the downloader in some... less convenient locations.

    To learn about how to request new packages for addition into our community repository, please check out our "pakreq" guide. Or simply shout out requests with #pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).