NEWS

Read hard, get it all caught up :-D

Things are (actually) going on around the community (surprise!), you may find latest news and happenings in and around the community, and of course, latest information for you to better enjoy AOSC OS.

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds

ALL NEWS

  • AOSA-2017-0034: OpenSSH in Tarballs Shipped Identical Host KeysAPRIL 18, 2017

    This is an issue of great emergency, please update your system with the newest openssh package to workaround this security vulnerability!

    In our traditional way of generating AOSC OS release tarballs, SSH Daemon host keys were generated only once across any AOSC OS install because the tarballs were built from a single stub tarball, then to a Base variant - which already contains a copy of OpenSSH (with keys generated) - then all other variants were generated from the Base tarball with extra sets of packages. The result was - due to our ignorance - that all SSH Daemon host keys are generated only once, a great security threat to all AOSC OS users with their SSH Daemon or sshd.service enabled.

    To workaround this for all existing users, (once again) please update your system with the latest openssh package, if you see the following message when installing the update…

    Regenerating SSH Keys for AOSA-2017-0034...
    removed '/etc/ssh/ssh_host_dsa_key'
    removed '/etc/ssh/ssh_host_dsa_key.pub'
    removed '/etc/ssh/ssh_host_ecdsa_key'
    removed '/etc/ssh/ssh_host_ecdsa_key.pub'
    removed '/etc/ssh/ssh_host_ed25519_key'
    removed '/etc/ssh/ssh_host_ed25519_key.pub'
    removed '/etc/ssh/ssh_host_rsa_key'
    ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
    

    Then your SSH Daemon host keys are regenerated, and they are expected to be unique across any device. You would not need to restart your sshd.service, but when clients connect to your device, they may receive a warning…

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.
    The fingerprint for the ECDSA key sent by the remote host is
    <ECSDA key here>
    Please contact your system administrator.
    

    Please remove the line (or inform users of your AOSC OS host with SSH enabled to do so) from your ~/.ssh/known_host file containing the key described above - another method is to identify the host you are attempting to connect to, and remove the line containing the host.

    Updates to openssh are now available for amd64, arm64, armel, mipsel, powerpc, and ppc64.

  • Manual Input Needed with Upcoming iana-etc UpdateAPRIL 17, 2017

    A recent change to the iana-etc package has addressed an issue where it could be impossible to initiate telnet connections on AOSC OS.

    However, the file /etc/services - contained within iana-etc has been marked as a configuration file, therefore, DPKG could ask if the file should be replaced with the one provided with the package (which contain the fix to this issue). Please choose “Yes”, or press the i key when prompted.

    We apologize for your inconvenience.

  • Repository De-Dup CompleteAPRIL 15, 2017

    As mentioned in the announcement last week, a repository de-duplication (removing old version s of all packages in the repository) is planned for this weekend - and now, the process is complete.

    Ideally, as an user who regularly updates their copy of AOSC OS, they would/should not notice the changes taken place this weekend. But we do anticipate removals of some packages may lead to dependency issues, and that our bulk removal of files on the repository server may cause error on our mirror partners (due to rsync's delete threshold, or --max-delete settings).

    If unfortunately you run into issue with updating or installing packages, please first try and switch to our source server…

    sudo apt-gen-list -e "40-source"
    

    And contact us at the IRC channel #aosc to report this incident - we will then try and get into contact with our mirror servers to solve the issue.

  • AArch64/ARM64 Images Update for Allwinner DevicesAPRIL 15, 2017

    Icenowy Zheng has recently uploaded a new batch of AArch64/ARM64 SD card images for compatible Allwinner devices, with Linux Kernel Updated to 4.11-rc6. Along with the Kernel update, two new devices are now supported:

    • Xunlong Orange Pi Prime
    • FriendlyARM Nano Pi NEO2

    Please head over to the download page for more downloads and more information.

  • Firmware Package SplitAPRIL 10, 2017

    With today’s newest changes to AOSC OS packages, we have decided to split the firmware-nonfree package to free and non-free portions, with the firmware-nonfree packages (pre-installed with any system release) containing only non-free firmware files, and a new firmware-free package containing “free” firmware files.

    A normal system upgrade may not install the new firmware-free package automatically. If you started encountering issues regarding missing firmware after you upgraded your system, please check if you have installed firmware-free.

    Both packages will be pre-installed with future system releases.

  • Repository De-Dup to Take Place Next WeekAPRIL 9, 2017

    Since 2014, our community repository has been growing in size due to our (essentially) permissive policy on keeping all old versions of all our packages.

    As we stand today, the repository is roughly 500GiB in size. This is abnormal even when considering all of our architectural ports, as Debian, the largest binary-based *nix distribution requires just over 1TiB in size. This continuing growth in repository size has brought storage challenges to both our mirror hosts and our own repository server.

    Therefore, it is decided that starting at midnight of next Friday (April 14th, UTC time) that we will be starting to remove all packages that are not the newest provided across all architectures. We expect this operation to be finished by the weekend of April 16th.

    Users (like you) should not be concerned about this operation, nor would impact your experience with AOSC OS. Removal of old packages only removes the possibility for developers to backtrack onto older revisions of a packages for comparative and regression testing.

  • GNOME 3.24 is Now Available!MARCH 29, 2017

    GNOME 3.24 was released on March 22nd, 2017 with a large amount of new features and fixes, and here below is a quick summary of changes brought in by the 3.24 release:

    • Night Light is now a part of GNOME 3.24, which reduces blue light emission from the screen after sun down, or during any time period specified by the user.
    • A new application, GNOME Recipes is added to aid our great chefs with community created recipes.
    • GNOME Builder, the IDE (Integrated Development Environment) for GNOME now has better integration with Flatpak, a sandboxed application runtime for Linux.

    And here below are some things we are happy to notice with GNOME 3.24:

    • The applications menu animations are now observed to be slightly smoother.
    • Simplified Chinese and Japanese localization have been greatly improved over 3.22, thanks to significant community effort put in to the 3.24 release.

    For a full list of changes brought in by GNOME 3.24, please read the GNOME Release Notes.


    However, GNOME 3.24 is not without its issues. For now, we have experienced the following issues:

    • GNOME Software will crash (segmentation fault) when a package is installed - please avoid updating your AOSC OS with GNOME Software.
    • When taking a screenshot of the “current window” on a system running proprietary NVIDIA graphics driver, you may experience colour mismatch issue (seems like blue and red colour values are swapped).
    • Budgie will no longer function with the GNOME 3.24 update - and for they are -rewriting Budgie with Qt, they have no intention on fixing Budgie for 3.24. We have already dropped the Budgie package from our repository, and the download for release tarball with Budgie desktop is no longer available.

    We are currently looking into these issues and we are committed to bring fixes to these issues to you as soon as possible.


    gnome-3.24

    Enjoy!

  • Dev. Updates (Issue #2, 2017)MARCH 29, 2017

    March is approaching its end, and thus time for the second issue of AOSC development update. In general, this has been a relatively quiet period - for our developers are experiencing time constraints, things are recently picking up again so no worries.

    What happened with AOSC OS?

    There have been general updates and security fixes for AOSC OS, but not to neglect the recent GNOME update. GNOME 3.24 is already made available by the time of writing.

    Our MIPS ports has gain extra care from Junde Yhi and Jiaxun Yang, our new developer. Jiaxun Yang has been able to fix the Silicon Motion display driver used by various YeeLoong laptop models - which should boost desktop performance significantly. Junde Yhi has been working on “mainline” or “standard” Kernels (mainline and long-term support flavours) for both the MIPS32el and MIPS64el ports, and they are both tested on Loongson devices running on 2E/2F/3A series processors. Junde Yhi has also said that we could be expecting GNOME 3.24 on MIPS64el in the coming month. Tarballs will be released for the two architectures in the coming month.

    Our ARM ports however, are experiencing a reduction in release line-up. Icenowy Zheng, our ARMv7 and ARMv8 maintainer has decided to drop a large amount of device-specific images - and now only releasing those tested by herself and community members - those images with no real world testing conducted are dropped. If you have an ARM device that you would like to run AOSC OS on, please get in contact with us at the #aosc channel on Freenode, or shoot an e-mail at Icenowy at icenowy at aosc dot io.

    Infrastructure changes

    Several website changes has been put in place since Issue #1:

    • The “People” page is added to the Community Portal to display our (current and historic) developers and contributors, where their homepages are showcased.
    • AOSC WebMail, “Hermes” is now online, thanks to Howard Xiao, or “dargasea” - this mail service is available to all AOSC developers and contributors.

    What you could expect before Issue #3

    In the coming months, as AOSCC closes in, we will start to work on a feature list for AOSC OS Core 5, and begin preparation for AOSCC 2017 - which will be held in Guangzhou, in July of this year.

    There will be extra additions to our community infrastucture:

    • Package information site, currently worked on by Dingyuan Wang, or “gumblex”.
    • Mirror status site, worked on by Xiaoxing Ye, or “yexiaoxing”.

    But before which, we really don’t have much else to tell you. So stay tuned for the third issue, and thanks for coming by.

  • AOSA-2017-0033: Update LibYTNEFMARCH 29, 2017

    Please update your libytnef package to version 1.9.2.

    A recently released version of Yerase’s TNEF Stream Reader Library has addressed the following security vulnerabilities:

    CVE-2017-6306, CVE-2017-6305, CVE-2017-6304, CVE-2017-6303, CVE-2017-6302, CVE-2017-6301, CVE-2017-6300, CVE-2017-6299, CVE-2017-6298.

  • AOSA-2017-0032: Update LXCMARCH 29, 2017

    Please update your lxc package to version 2.0.7-1.

    A commit in the master branch of the LXC (Linux Container) project has addressed the following security vulnerability:

    CVE-2017-5985.

    Relevant documentation: