Read hard, get it all caught up :-D

Things are (actually) going on around the community (surprise!), you may find latest news and happenings in and around the community, and of course, latest information for you to better enjoy AOSC OS.

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds


  • GNOME 3.24 is Now Available!MARCH 29, 2017

    GNOME 3.24 was released on March 22nd, 2017 with a large amount of new features and fixes, and here below is a quick summary of changes brought in by the 3.24 release:

    • Night Light is now a part of GNOME 3.24, which reduces blue light emission from the screen after sun down, or during any time period specified by the user.
    • A new application, GNOME Recipes is added to aid our great chefs with community created recipes.
    • GNOME Builder, the IDE (Integrated Development Environment) for GNOME now has better integration with Flatpak, a sandboxed application runtime for Linux.

    And here below are some things we are happy to notice with GNOME 3.24:

    • The applications menu animations are now observed to be slightly smoother.
    • Simplified Chinese and Japanese localization have been greatly improved over 3.22, thanks to significant community effort put in to the 3.24 release.

    For a full list of changes brought in by GNOME 3.24, please read the GNOME Release Notes.

    However, GNOME 3.24 is not without its issues. For now, we have experienced the following issues:

    • GNOME Software will crash (segmentation fault) when a package is installed - please avoid updating your AOSC OS with GNOME Software.
    • When taking a screenshot of the “current window” on a system running proprietary NVIDIA graphics driver, you may experience colour mismatch issue (seems like blue and red colour values are swapped).
    • Budgie will no longer function with the GNOME 3.24 update - and for they are -rewriting Budgie with Qt, they have no intention on fixing Budgie for 3.24. We have already dropped the Budgie package from our repository, and the download for release tarball with Budgie desktop is no longer available.

    We are currently looking into these issues and we are committed to bring fixes to these issues to you as soon as possible.



  • Dev. Updates (Issue #2, 2017)MARCH 29, 2017

    March is approaching its end, and thus time for the second issue of AOSC development update. In general, this has been a relatively quiet period - for our developers are experiencing time constraints, things are recently picking up again so no worries.

    What happened with AOSC OS?

    There have been general updates and security fixes for AOSC OS, but not to neglect the recent GNOME update. GNOME 3.24 is already made available by the time of writing.

    Our MIPS ports has gain extra care from Junde Yhi and Jiaxun Yang, our new developer. Jiaxun Yang has been able to fix the Silicon Motion display driver used by various YeeLoong laptop models - which should boost desktop performance significantly. Junde Yhi has been working on “mainline” or “standard” Kernels (mainline and long-term support flavours) for both the MIPS32el and MIPS64el ports, and they are both tested on Loongson devices running on 2E/2F/3A series processors. Junde Yhi has also said that we could be expecting GNOME 3.24 on MIPS64el in the coming month. Tarballs will be released for the two architectures in the coming month.

    Our ARM ports however, are experiencing a reduction in release line-up. Icenowy Zheng, our ARMv7 and ARMv8 maintainer has decided to drop a large amount of device-specific images - and now only releasing those tested by herself and community members - those images with no real world testing conducted are dropped. If you have an ARM device that you would like to run AOSC OS on, please get in contact with us at the #aosc channel on Freenode, or shoot an e-mail at Icenowy at icenowy at aosc dot io.

    Infrastructure changes

    Several website changes has been put in place since Issue #1:

    • The “People” page is added to the Community Portal to display our (current and historic) developers and contributors, where their homepages are showcased.
    • AOSC WebMail, “Hermes” is now online, thanks to Howard Xiao, or “dargasea” - this mail service is available to all AOSC developers and contributors.

    What you could expect before Issue #3

    In the coming months, as AOSCC closes in, we will start to work on a feature list for AOSC OS Core 5, and begin preparation for AOSCC 2017 - which will be held in Guangzhou, in July of this year.

    There will be extra additions to our community infrastucture:

    • Package information site, currently worked on by Dingyuan Wang, or “gumblex”.
    • Mirror status site, worked on by Xiaoxing Ye, or “yexiaoxing”.

    But before which, we really don’t have much else to tell you. So stay tuned for the third issue, and thanks for coming by.

  • AOSA-2017-0033: Update LibYTNEFMARCH 29, 2017

    Please update your libytnef package to version 1.9.2.

    A recently released version of Yerase’s TNEF Stream Reader Library has addressed the following security vulnerabilities:

    CVE-2017-6306, CVE-2017-6305, CVE-2017-6304, CVE-2017-6303, CVE-2017-6302, CVE-2017-6301, CVE-2017-6300, CVE-2017-6299, CVE-2017-6298.

  • AOSA-2017-0032: Update LXCMARCH 29, 2017

    Please update your lxc package to version 2.0.7-1.

    A commit in the master branch of the LXC (Linux Container) project has addressed the following security vulnerability:


    Relevant documentation:

  • AOSA-2017-0031: Update FirefoxMARCH 29, 2017

  • New package additions: Mar 5th, 2017MARCH 5, 2017

    Per users’ requests, we have added a total of 169 packages to our community repository between today and our last new packages report (Feb. 6th, 2017).

    Some highlights include:

    • MXNET, Flexible and Efficient Library for Deep Learning.
    • Powerline, A statusline plugin for various editors, shells, and desktops.
    • QTractor, Audio/MIDI multi-track sequencer application written in C++ with the Qt framework.
    • Sagemath, a integrated mathematics software system.
    • SciPy, Open-source software for mathematics, science, and engineering.
    • Tensorflow, Computation using data flow graphs for scalable machine learning.
    • Torch7, A scientific computing framework for LuaJIT.

    A full list of packages added this time could be found here.

    To learn about how to request new packages for addition into our community repository, please check out our “pakreq” guide. Or simply shout out requests with #pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).

  • Spring Distribution Updates!MARCH 4, 2017

    Another batch of tarballs are now available for AOSC OS, available to users of the AMD64, ARMv7, ARMv8/AArch64, PowerPC 32/64-bit Big Endian ports. As usual, they contain the newest packages available for AOSC OS, along with some enhancements, changes, and additions:

    • New variants, Budgie and i3wm.
    • The root user is now locked down by default, but you may still enable the root user by setting a password for root, check out our new installation guide for more information.
    • AMD Ryzen support is available (Kernel 4.9.11).

    Here below is the default look to the AOSC OS i3wm variant, powered by the i3 window manager, Conky, and i3blocks - a configuration based on Manjaro’s i3 edition. This is our first i3wm distribution, so this release may still contain some inconsistency and shortcomings in design - tell us what you think!


    Budgie, the “flagship” desktop environment of the Solus Project - this is their own take on the GNOME desktop experience.


    Neofetch is now installed with every AOSC OS distribution to provide you with some basic system information - and a chance to show off your distro!


    You might have noticed that tarballs for MIPS32 are not updated yet, this is because we are currently working on the Kernel port for MIPS32 - and it didn’t happen in time for this wave of updates - we will be releasing updates for MIPS32, along with MIPS64, with full mainline Kernel support on Loongson 2E, 2F, and 3A devices - as they are currently our principle target platform for these two ports (having said that, our MIPS ports are still generic and not specific to Loongson/Godson systems).

    Thanks for stopping by, and we wish you a good experience working with AOSC OS!

  • AOSA-2017-0030: Update cURLMARCH 4, 2017

    Please update your curl and curl+32 package to version 7.53.0.

    A recently released update to cURL has addressed a security vulnerability:

    curl and libcurl support “OCSP stapling”, also known as the TLS Certificate Status Request extension (using the CURLOPT_SSL_VERIFYSTATU option). When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server’s certificate’s validity. If the server doesn’t support the extension, or fails to provide said proof, curl is expected to return an error.

    Due to a coding mistake, the code that checks for a test success or failure, ends up always thinking there’s valid proof, even when there is none or if the server doesn’t support the TLS extension in question. Contrary to how it used to function and contrary to how this feature is documented to work.

    This could lead to users not detecting when a server’s certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality.

    And was assigned CVE-2017-2629.

    Relevant documentation:

  • AOSA-2017-0029: Update Util-LinuxMARCH 4, 2017

    Please update your util-linux package to version 2.29.2.

    A recently released update to Util-Linux has address a security vulnerability, assigned with CVE-2017-2616.

    It is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. SIGKILL can only be sent to processes which were executed after the su process. It is not possible to send SIGKILL to processes which were already running.

    Relevant documentation:

  • AOSA-2017-0028: Update Linux KernelMARCH 4, 2017

    Please update your linux+kernel to versionf 69.

    A security vulnerability was disclosed for the Linux Kernel:

    This is an announcement about CVE-2017-6074 [1] which is a double-free vulnerability I found in the Linux kernel. It can be exploited to gain kernel code execution from an unprivileged processes.

    The oldest version that was checked is 2.6.18 (Sep 2006), which is vulnerable. However, the bug was introduced before that, probably in the first release with DCCP support (2.6.14, Oct 2005).

    The kernel needs to be built with CONFIG_IP_DCCP for the vulnerability to be present. A lot of modern distributions enable this option by default.

    And was assigned CVE-2017-6074.

    Relevant documentation: