Read hard, get it all caught up :-D

Things are (actually) going on around the community (surprise!), you may find latest news and happenings in and around the community, and of course, latest information for you to better enjoy AOSC OS.

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. -- Linus Torvalds


  • Notes on Flash Player SupportOCTOBER 29, 2016

    With the recently released Google Chrome (google-chrome) 54, Pepper API-based Flash Player plugin no longer comes bundled with the browser - however, Adobe has generously released a standalone version of Flash Player plugin for the Pepper API - and released under the terms of LGPL.

    That means we may now ship the Flash Player plugin as a package in our repository, you would need to install the following packages for Flash functionality:

    • Firefox: install flashplayer-ppapi and freshplayerplugin.
    • Chromium and Google Chrome: install flashplayer-ppapi.
  • New package additions: Oct. 29, 2016OCTOBER 29, 2016

    Per users' requests, we have added the following packages to our community repository:

    • httping - Ping with HTTP requests #475.
    • systemc - A set of C++ classes and macros which provide an event-driven simulation interface #478.
    • gifsicle - Create, manipulate, and optimize GIF images and animations #481.
    • giflossy - Lossy GIF compressor #481.
    • pgadmin - Tools for administration of PostgreSQL.
    • zeal - Offline documentation browser.
    • units - Converts between different systems of units.
    • most - A terminal pager similar to 'more' and 'less'.
    • mdbtools - Utilities for viewing data and exporting schema from Microsoft Access database files.
    • txt2man - Converts flat ASCII text to man page format.
    • kdiff3 - A KDE file compare/merge tool.
    • diffuse - Graphical interface for file comparison and merging.
    • deluge - A fully-featured cross-platform ​BitTorrent client.
    • nfs-utils - Support programs for Network File Systems.
    • gssproxy - A gss-proxy protocol to allow proxying of GSSAPI context establishment and channel handling.
    • flashplayer-ppapi - Adobe Flash Player plugin for Pepper API.
    • uim - A multilingual input method framework.
    • pyradio - Command line internet radio player.
    • mp3blaster - An interactive text-based program that plays MP3, Ogg Vorbis, wav, and sid audio files.
    • connman-gtk - GTK+ frontend for Connman.
    • connman-json-client - A ncurses UI for connman.
    • cmst - Qt GUI for Connman with system tray icon.
    • cabal-install - A user interface to the Cabal/Hackage automation and package management system.
    • ofono - A telephony stack for Linux, developed by Intel.

    To learn about how to request new packages for addition into our community repository, please check out our "pakreq" guide. Or simply shout out requests with #pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).

  • AOSA-2016-0020: Update Tar to 1.29-1OCTOBER 29, 2016

    Please update your tar package to version 1.29-1.

    A vulnerability in GNU Tar was recently discovered, now commonly known as the "Pointy Feather" or "POINTYFEATHER" vulnerability.

    "GNU `tar' archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line."

    And a CVE was assigned to this vulnerability:

    CVE-2016-6321 (Reserved but not issued).

    Relevant documentation:

  • System Release Update - Oct. 21st, 2016OCTOBER 21, 2016

    A wave of new system releases are now available to AOSC OS, this time for the AMD64/x86_64 architecture. With this update, all system releases come with AOSC OS Core 4.0.1 and Linux Kernel 4.8.3, while releases with desktop environments comes with:

    • KDE Plasma Destkop 5.8.1 and KDE Applications 16.08.2.
    • GNOME 3.22.1.
    • MATE 1.16.0.
    • Xfce 4.12.

    For each of their respective releases. There are much more to the new system releases apart from basic system software updates:

    • From this release, all system releases are built from the "Base" variant, instead of rolling updates on top of old releases - hopefully providing a cleaner and properly minimalized dependency tree.
    • All system releases with desktop envrionments' apperances have been slightly customized:
      • All releases now uses the new AOSC OS default wallpaper, showcased here.
      • All GTK+ based desktop envrionments now use the Arc Darker GTK+ theme by default.
      • MATE and Xfce releases now use Numix icons by default, replacing the old Vertex icons.
    • All system releases should have higher usability out of the box:
      • Printing and scanning.
      • Network connection, management, and Bluetooth connectivity.
      • Web access, and e-mails.
      • Basic productivity.
      • Multimedia support.

    Take this example of our MATE release, as you can see:


    It now comes with all the appearance customization mentioned above, in addition to bluetooth connectivity support - powered by Blueberry from the Linux Mint Project - everything should function out of the box, so you can jump right into work and entertainment.

    You may now head over to our Download section to get the new system releases, or simply update your existing installation.

    Known issues:

    • When the system release boots for the first time, it may take two or three minutes due to a bug in the Fontconfig caching system, which does not distinguish symbolic links from normal files representing fonts. We are aware of this issue. This should only happen once on the first boot, if this issue still occurs to you in future startups, please do file a complaint.
    • While these releases should boot on Bay Trail devices, the graphical interface may not start or function properly, if that's the case, please append nomodeset to your Linux Kernel parameter (defined in GRUB, our default bootloader) to workaround this issue. There is still an ongoing effort to make AOSC OS work better on theses devices.
    • Surface Pro 3 keyboard may not work properly with AOSC OS, this is not yet confirmed with the newest Kernel updates - but it did not work with 4.7 Kernel release series.
  • AOSA-2016-0019: update Linux Kernel to 4.8.3OCTOBER 21, 2016

    Please update your linux+kernel package to version 55 (which depends on linux-kernel-4.8.3).

    A severe security vulnerability was disclosed for Linux Kernel versions <= 4.8.2 that:

    "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."

    Which was consequently assigned with a CVE:


    Relevant documentation:

  • New package additions: Oct. 18, 2016OCTOBER 18, 2016

    Per users' requests, we have added the following packages to our community repository:

    • dash - Debian Almquist shell.
    • ddrescue - A data recovery tool.
    • hfsutils - A comprehensive software to permit manipulation of HFS volumes.
    • iperf3 - A TCP, UDP, and SCTP network bandwidth measurement tool.
    • moreutils - A growing collection of extra Unix tools.
    • mouseemu - A daemon to emulate mouse buttons on trackpads with only one button.
    • nsd - Fast and lean authoritative DNS Name Server #461.
    • partitionmanager - KDE partition manager.
    • pmac-utils - Utilities for PowerPC-based Macintosh computers.
    • powerpc-utils - Utilities for PowerPC-based systems.
    • qsynth - Qt5 frontend for fluidsynth #457.
    • sway - An i3-compatible window manager for Wayland.
    • yaboot - Yet Another Bootloader (for PowerPC-based Macintosh and IBM CHRP/PReP).

    To learn about how to request new packages for addition into our community repository, please check out our "pakreq" guide. Or simply shout out requests with #pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).

  • AOSA-2016-0018: update libarchive to 1:3.2.1-1OCTOBER 18, 2016

    Please update your libarchive package to version 1:3.2.1-1.

    Three recent Git master commit from libarchive fixed the following three security vulnerabilities:

    CVE-2016-8687, CVE-2016-8688, CVE-2016-8689 (all reserved but not issued).

    Relevant documentation:

  • AOSA-2016-0018: update GD Graphics Library to 2.2.3-1OCTOBER 18, 2016

    Please update your libgd package to version 2.2.3-1.

    A recent commit found in GD Graphics Library's Git master branch fixed a security vulnerability, described as follows:

    Avoid potentially dangerous signed to unsigned conversion
    We make sure to never pass a negative `rlen` as size to memcpy().

    Which is assigned with the following CVE:

    CVE-2016-8670 (reserved but not issued).

    Relevant documentation:

  • AOSA-2016-0017: update Irssi to 0.8.20OCTOBER 18, 2016

    Please update your irssi package to version 0.8.20.

    Irssi has announced a security advisory describing that the following security vulnerabilities were fixed with the newly released Irssi 0.8.20:

    CVE-2016-7044, CVE-2016-7045, CVE-2016-7553 (reserved but not issued).

    Relevant documentation:

  • AOSA-2016-0016: update Guile to 2.0.13OCTOBER 14, 2016

    Please update your guile package to version 2.0.13.

    The GNU Project have recently released version 2.0.13 of Guile which contains security fixes for the following vulnerabilities:

    CVE-2016-8605, CVE-2016-8606.

    Relevant documentation: