Read hard, get it all caught up :-D

Things are (actually) going on around the community (surprise!), you may find latest news and happenings in and around the community, and of course, latest information for you to better enjoy AOSC OS.

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. -- Linus Torvalds


  • Winter Distribution Updates (and Looking Ahead)!DECEMBER 8, 2016

    You might have already noticed by looking at the Downloads page that we have expanded our line-up of releases (again). The winter distribution updates is a major update to our AOSC OS releases, and it packs a lot more than just software updates:

    • Cinnamon and LXDE are added as new variants.
    • SD/eMMC images based on the "Base" variant are now available for ARM devices (Raspberry Pi and Allwinner).
    • Desktop variants (variants with pre-configured desktop environments) are now available for multiple architectures (for instance, XFCE is now available for AMD64, ARMv7, ARMv8 64-bit, PowerPC 32-bit, and PowerPC 64-bit *).
    • All system distributions are now assembled using our new *-base collections (for lack of a good name). They are now built from a minimal system release (a "stub" variant, for our own convenience) every time, instead of being "refreshed" by doing a system update on the old one (a more detailed *-base description/explanation is on the way).

    Also, GTK+ based desktop variants are now released with a brand new look, incorporating the elegance of the Arc GTK+ theme, and the simplicity of the Flat-Remix icon theme. As seen in this screenshot of our new GNOME release below.


    Now, looking ahead, there are several things to do between now and our next distribution update - and some changes to our distribution update schedule: we are currently planning to shift the distribution update to a set, seasonal schedule (with the exception of BuildKit and important security updates) - instead of this random and fire-at-will mess we currently have... More on that in a later news post.

    Also, from the next update on, we will no longer set the default password for root with the default distribution. Enabling root user with a default password is quite a bad idea, as some users may forget to disable or reset the password of the root user, potentially making the system defenseless on a open network.

    But for now, please enjoy (or much rather, please, try our) AOSC OS!

    (*) PowerPC ports are big endian only, and are only tested on PowerPC-based Macintosh computers with G3 or newer processors.

  • Raspberry Pi images available!DECEMBER 7, 2016

    Shortly after the release of Allwinner AOSC OS images, the image for Raspberry Pi 2/3 is now available as well. The image is based on the "Base" variant of AOSC OS releases and they can now be obtained in the respective section in the Download page.

    Note that currently the image is based on ARMv7 (therefore 32-bit) userspace, as the official kernel that Raspberry Pi supplies (BSP) is ARMv6/ARMv7 only. We will be releasing separate images for Raspberry Pi 3 soon, as mainline Kernel support will land for this particular board.

    Before then, do a fast SD card burn/dd...

    # dd if=imagefile of=/dev/sdX bs=4M status=progress

    (Where imagefile is the .img file you would obtain after extracting from the .img.xz you would download, and sdX is the device file of your SD card)

    And enjoy AOSC OS on your Pi!


  • Allwinner images available!DECEMBER 7, 2016

    Our ARM/SunXi guru Icenowy Zheng has just released a big batch of system images for ARMv7-based Allwinner boards and tablets. The images are based on the "Base" variant of AOSC OS releases and they can now be obtained in the respective section in the Download page.


    Icenowy Zheng's Orange Pi One runnning on mainline kernel, and of course, AOSC OS.

    And here below is a full list of devices supported by these images, in case you got lost:


    • Colorfly E708 Q1


    • Cubieboard1
    • Cubieboard2
    • Cubietruck


    • NanoPi NEO


    • Banana Pi
    • Banana Pro


    • pcDuino
    • pcDuino2
    • pcDuino3
    • pcDuino3 Nano


    • A10-OLinXino-LIME
    • A10S-OLinuXino-MICRO
    • A13-OLinuXino
    • A13-OLinXino-MICRO
    • A20-SOM-EV
    • A20-OLinuXino-LIME
    • A20-OLinuXino-LIME2
    • A20-OLinuXino-LIME2-eMMC
    • A20-OLinuXino-MICRO


    • SinA31s
    • SinA33


    • Banana Pi M1+
    • Banana Pi M2
    • Banana Pi M2+


    • Orange Pi 2
    • Orange Pi Lite
    • Orange Pi One
    • Orange Pi PC
    • Orange Pi PC Plus
    • Orange Pi Plus
    • Orange Pi Plus 2E
  • AOSA-2016-0033: Update Apache HTTPDDECEMBER 6, 2016

    Please update your httpd package to version 2.4.23-1.

    A 0-day vulnerability was recently announced by Apache, "Server memory can be exhausted and service denied when HTTP/2 is used". And a CVE was consequently assigned for this vulnerability:


    Relevant documentation:

  • AOSA-2016-0032: Update Chromium and Google ChromeDECEMBER 4, 2016

    Please update your chromium and google-chrome package to version 55.0.2883.75.

    A new version of Chromium (and Google Chrome consequently) was released to fix the following security vulnerabilities:

    CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652.

    (And that means "a lot of them", please update soon!)

    Relevant documentation:

  • AOSC OS Repository Mirror at USTC is DownDECEMBER 3, 2016

    Our mirror at USTC is down, due to recurring hard disk array failures.

    That said, you might need to change your APT source lists to install and update packages normally. Use apt-gen-list -l to see your options (avoid 10-ustc for now), and apt-gen-list -e "repo1 repo2 repo3" to enable new mirrors to use.

    We will post another notice when USTC's mirror has resolved this issue.

    Relevant documentation:

  • AOSA-2016-0031: Update Mozilla softwareDECEMBER 3, 2016

    This security advisory suggests the following updates to your system:

    • Please update your firefox package to version 50.0.2; if you are using PowerPC 64-bit port (ppc64, big endian), please update to version 45.5.1esr.
    • Please update your thunderbird package to version 45.5.1.
    • Please update your palemoon package to version 27.0.2.

    Recently, a 0-day software vulnerability was disclosed for various Mozilla-based software packages:

    CVE-2016-9079 (Reserved but not issued).

    Relevant documentation:

  • Core 4.1 is here!DECEMBER 1, 2016


    Core 4.1 was released just now as a major feature update to the Core 4.0 series. Core 4.1 contains:

    • Fixes to issues discovered since the release of Core 4.0.1 (last release in the 4.0 series).
    • Features updates/additions to Core.
    • Performance improvements.
    • Security fixes.

    And most notably, GCC now comes with Go language support, and now you may switch between the Google and the GNU implementation. Many changes were also put into a new Glibc update, like the Unicode 9.0 update. Also, we have disabled any non-Unicode locale by default to save some time and disk space when updating Glibc (you can still enable them by editing /etc/locale.gen).

    Some details were changed in the AOSC OS base definition package (aosc-aaa) as well, /etc/os-release now includes a new field for BUILD_ID, as exposed in GNOME as follows:


    A full changelog for Core 4.1 is available here.

    Note: This version of Core contains security update for Glibc, for AOSA-2016-0030, therefore it it strongly suggested for you to update if you are using ARMv7 (armel) port of AOSC OS!

  • AOSA-2016-0030: Update Glibc to 2.24-2DECEMBER 1, 2016

    Please update your glibc package to version 2.24-2, especially if you are using ARMv7 (armel).

    A fix was recently committed to Glibc's Git master to fix the following vulnerability:


    And the vulnerability states:

    "The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation."

  • AOSA-2016-0029: Update LibTIFF to 4.0.7DECEMBER 1, 2016

    Please update your libtiff package to version 4.0.7.

    A new version of LibTIFF was recently announced to fix the following security vulnerabilities:

    CVE-2016-9448, CVE-2016-9273, CVE-2014-8127, CVE-2016-3658, CVE-2016-3622, CVE-2016-5875, CVE-2016-3623, CVE-2016-3991, CVE-2016-3945, CVE-2016-5321, CVE-2016-5323.

    And the following MSVR (Microsoft Vulnerability Research) indexes:

    MSVR 35105, MSVR 35094, MSVR 35095, MSVR 35092, MSVR 35103, MSVR 35100, MSVR 35093, MSVR 35096, MSVR 35097, MSVR 35098.

    Relevant documentation: