NEWS

Read hard, get it all caught up :-D

Things are (actually) going on around the community (surprise!), you may find latest news and happenings in and around the community, and of course, latest information for you to better enjoy AOSC OS.

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. -- Linus Torvalds

ALL NEWS

  • AOSA-2016-0027: Update Chromium and Google Chrome to 54.0.2840.100NOVEMBER 18, 2016

    Please update your chromium and/or google-chrome package to version 54.0.2840.100.

    A new version of Chromium/Google Chrome was announced with fixes to the following security vulnerabilities:

    CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202.

    Relevant documentation:

  • AOSA-2016-0026: Update Cryptsetup to 1.7.3NOVEMBER 18, 2016

    Please update your cryptsetup package to version 1.7.3.

    A new version of Cryptsetup was announced with fix to the following security vulnerability:

    CVE-2016-4484.

    More specifically, this is a vulnerability that a large amount of "Enter" keystroke may allow attacker/user to gain root access to the shell. However, at a note of relief - in the case of AOSC OS, an attacker could only get so far before he was prompted for decryption when trying to access files on an encrypted partition - as the attacker may only gain access to the shell of the initialization RAM disk, but not the partition itself (where the system was installed).

    Relevant documentation:

  • Package Update Advisory: Nov. 14, 2016NOVEMBER 14, 2016

    A failed package systemd version 1:232-1 for AMD64/x86_64 was pushed to the repository by mistake, which lacks the set of files for libgudev - a library for providing GObject bindings for UDev.

    This update could result in the following issues:

    • NetworkManager failing to start due to missing runtime libraries.
    • GNOME failing to start or crashing due to missing runtime libraries.

    Results above may be detrimental to the usability of AOSC OS. We advise that you do not update your system within 24 hours of this notice to prevent expected damage to your system.

    If you have already updated your system and ran into issues described above, please download the following package and install the update manually - as root or by using sudo.

    wget https://repo.aosc.io/os-amd64/os3-dpkg/s/systemd_232-1_amd64.deb
    dpkg -i systemd_232-1_amd64.deb

    And restart AOSC OS.

    My sincere apologies to this incident. If you have further questions about this incident or need additional assistance, please contact us at #aosc or find me, JeffBai on Freenode.

    — Mingcong Bai

  • New package additions: Nov. 14, 2016NOVEMBER 14, 2016

    Per users' requests, we have added the following packages to our community repository:

    • ldc - The LLVM-based D compiler.
    • transmission-remote-gtk - GTK+ remote control for the Transmission BitTorrent client.
    • i7z - A better i7 (and now i3, i5) reporting tool for Linux.
    • mat - Metadata anonymisation toolkit.
    • fakeroot - Gives a fake root environment.

    To learn about how to request new packages for addition into our community repository, please check out our "pakreq" guide. Or simply shout out requests with #pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).

  • AOSA-2016-0025: Update MariaDB to 10.1.19NOVEMBER 13, 2016

    Please update your mariadb package to version 10.1.19.

    A new version of MariaDB was announced with fixes to the following security vulnerabilities:

    CVE-2016-7440, CVE-2016-5584.

    Relevant documentation:

  • AOSA-2016-0024: Update Bind to 9.11.0.P1NOVEMBER 4, 2016

    Please update your bind package to version 9.11.0.P1.

    A new version of Bind was announced with fixes to the following security vulnerabilities:

    CVE-2016-8864.

    Relevant documentation:

  • AOSA-2016-0023: Update Django to 1.10.3NOVEMBER 4, 2016

    Please update your django package to version 1.10.3.

    A new version of Django was announced with fixes to the following security vulnerabilities:

    CVE-2016-9013, CVE-2016-9014.

    Relevant documentation:

  • AOSA-2016-0022: Update Chromium and Google Chrome to 54.0.2840.90NOVEMBER 4, 2016

    Please update your chromium and google-chrome package to version 54.0.2840.90.

    A new version of Chromium/Google Chrome was announced with fixes to the following security vulnerabilities:

    CVE-2016-8198.

    Relevant documentation:

  • AOSA-2016-0021: Update cURL to 7.51.0NOVEMBER 4, 2016

    Please update your curl and curl+32 (optenv32, AMD64 only) to version 7.51.0.

    A new version of cURL was announced with fixes to the following security vulnerabilities:

    CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625.

    Relevant documentation:

  • New package additions: Nov. 5, 2016NOVEMBER 4, 2016

    Per users' requests, we have added the following packages to our community repository:

    • synergy - Share a single mouse and keyboard between multiple computers.
    • inxi - A full featured system information script.
    • gt5 - A diff-capable 'du-browser'.
    • rng-tools - Random number generator related utilities.
    • zsync - A file transfer program that's able to connect to rsync servers.
    • freeplane - Free mind mapping and knowledge management software.
    • netselect - An ultrafast intelligent parallelizing binary-search implementation of 'ping'.
    • aesfix - Tool for correcting bit errors in an AES key schedule.
    • aeskeyfind - Tool for locating AES keys in a captured memory image.
    • rsakeyfind - Tool for locating RSA keys in a captured memory image.
    • ncmpc - Fully featured MPD client using ncurses.
    • ncmpcpp - Fully featured MPD client using ncurses (Plus Plus).
    • roboto-fonts - The Roboto family of fonts.
    • droid-fonts - The Droid family of fonts.
    • ncdu - A disk usage analyzer with an ncurses interface.
    • topmenu-gtk - A Gtk+ module and Mate/Xfce panel applets for a global menubar.

    To learn about how to request new packages for addition into our community repository, please check out our "pakreq" guide. Or simply shout out requests with #pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).