Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

October 2014
M T W T F S S
« Sep    
 12345
6789101112
13141516171819
20212223242526
2728293031  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Meta

Fighting spam

In an attempt to fight the ever-growing amounts of spam on this blog (nearly hundred a week that I have to manually delete), I have made a change to the comments section.

I already have a conditional CAPTCHA appearing if a comment seems to be a spam message, and Akismet is checking my posts against their spam database, but the spam texts are increasingly “well-written” so that they are harder to distinguish from bona-fide comments. The actual spam URL is mostly no longer in the text body but in the commenter’s address field.

As of now, everyone who does not yet have an approved comment on one of my articles will end up in the moderation queue where I have to approve or reject the comment manually.

That will stop the spam messages from appearing on the blog and RSS feed, and once you have an approved post on my blog, your next posts will not have to be moderated.

My apologies if you want to comment here for the first time and your text does not appear immediately after hitting “Submit”. I think this is the best for the blog as well as its readers!

Eric

KDE galore

qt-kde-620x350The KDE community now has multiple release tracks for their software. It used to be just the monthly incrementals to the KDE Software Compilation, but part of the transition to Qt5, QML and the new Frameworks, this monolithic release schedule has been abandoned. The Frameworks 5 (successor of kdelibs) and Plasma 5 release schedules are now pretty much disconnected. The new release schedule can be found here for Frameworks 5 and Plasma 5. This complicates things quite a bit for the planning of my Slackware packages. I do not want to get obsessed with providing these packages the day their source code is released. That will be unmanagable at a personal level.

So, during the past week I have been sitting on Slackware package sets for KDE 4.14.1, Frameworks 5.2.0 and Plasma 5.0.2. I have decided not to release these package sets one by one but instead I waited until all three of these were publicly announced to the world. Willy Sudiarto Raharjo tested these packages and he provided valuable feedback on the packages as well as my documentation – thanks again, Willy.

Today, the packages have been made available on my ‘ktown‘ repository and you can grab them!

None of the dependencies for KDE 4 and 5 had to be upgraded since the release of the previous KDE 4 and 5 package sets. The KDE 4.14.1 package set uses the sources of kactivities-4.13.3 (taken from the KDE 4.13 major release) because no new tarball is being made available. For kde-workspace, an update to 4.11.12 was provided.

What to expect from these new packages ?

The KDE 4.14.1 is the first increment of the 4.14 release cycle. It focuses on bug fixing, not feature enhancements. A list of changes is found here. Frameworks 5.2.0 is also a bug fix release. The Frameworks have been in development for a long time and are pretty stable. Plasma 5 software is much younger, and that shows. The release of Plasma 5.0.2 is an ongoing process of fixing annoying bugs. The 5.1.0 release in October will finally see some new functionality – several programs that are part of Plasma 5 have reduced functionality compared to their KDE4 predecessors.

My previous post on Plasma 5 for Slackware has a lot of additional information, tips, known issues and such. You might want to (re-)read it.

 

How to upgrade to KDE 4.14.1 ?

You will find all the installation/upgrade instructions that you need in the accompanying README file. That README also contains basic information for KDE recompilation using the provided SlackBuild script.

You are strongly advised to read and follow these installation/upgrade instructions!

How to upgrade to KDE 5 (frameworks & plasma) ?

If you want to try out KDE 5 (Frameworks & Plasma) please be warned that KDE5 is incomplete. Lots of programs still have to be ported to Qt5 and QML, and therefore your new KDE5 desktop will heavily rely on the availability of KDE4 programs. You need to have already installed my KDE 4.14.1 packages with dependencies, before you install/upgrade to the Frameworks 5 / Plasma 5 packages and their dependencies. Not the other way round please! Some dependencies for KDE5 need to overwrite stuff of the KDE4 dependencies.

I provide a README file for KDE5 as well. Read it carefully!

Once you have installed these packages you can run “xwmconfig” and select “xinitrc.plasma” (if you are in runlevel 3) before running “startx”. If you are in runlevel 4 (graphical login session manager) you should select “KDE Plasma 5” from the KDM session dropdown. You can also use SDDM, a new graphical login manager, which will have been installed as part of the KDE5 packages, but you need to do some editing of “/etc/rc.d/rc.4″ to enable SDDM. See my previous post on Plasma 5 for more details.

Where to find Slackware packages for KDE ?

Download locations are listed below.

You will find the KDE 4.14.1 sources in ./source/4.14.1/ and packages in /current/4.14.1/ subdirectories, whereas KDE 5 (Frameworks 5 and Plasma 5) sources can be downloaded from ./source/5/ and packages from /current/5/ .

Note that I have symlinks in place (useful for users of a package manager and running slackware-current) so that ./current/latest/ will always point to the latest stable KDE release, and ./current/testing/ will always point to the most recent testing release (currently that’s Frameworks 5 and Plasma 5).

Perhaps you noticed the directory name for KDE5 is “5″ and not “5.0.2″ or “5.2.0″. I decided to treat KDE5 as a “rolling release” and in future will probably update parts of it. For instance, when a new Frameworks 5 is released, I will only update the sources in ./source/5/kde/src/frameworks/  and the packages in ./current/5/*/kde/frameworks/ . The toplevel directory name will stay at “5″.

Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric

Updates for Chromium and Flash in sep 14

Chromium and Pepper Flash:

chromium_iconPatch tuesday came and went. We have new Flash from Adobe and as a result, the Google Chrome browser also had a version bump and a new “PepperFlash” Plugin. Time for an update of my own Chromium package (just for Slackware 14.1 & current; the package for 13.37 & 14.0 remains at 37.0.2062.94 but you can of course compile a newer one yourself).

Taken from the Chrome releases blog: Chromium 37.0.2062.120 addresses critical bug fixes, of which these stand out -

  • [$2000][401362High CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
  • [411014] CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives..

I also updated the package for chromium-pepperflash-plugin to version 15.0.0.152. As usual, the flash library is taken from the official Google Chrome binaries and integrates nicely with my Chromium package. Note that Chromium contains a PDF plugin these days, so if you still have an old “chromium-pdf-plugin” package installed, you should ‘removepkg’ that now!

Note: If you had the chromium-pepperflash package already installed, please open the file “/etc/default/chromium” in an editor and change the line:

 flashversion=$(strings $flashso|grep ^LNX|sed -e "s/^LNX //"|sed -e "s/,/./g")

to

 flashversion=$(strings $flashso|grep "LNX "|sed -e "s/.*LNX //"|sed -e "s/,/./g")

in order to fix the plugin version shown in “chrome://plugins

Linux Flash:

adobe_flash_8s600x600_2 The Flash updates are released for all platforms, one of them is the “legacy” Linux NPAPI plugin for Mozilla-compatible browsers. See Adobe’s monthly security bulletin for all the version numbers and vulnerabilities. The Linux flashplayer-plugin went up to 11.2.202.406.

 

 

Pipelight with Windows Flash:

pipelight-logoI do not have a new version of the pipelight browser plugin (see previous article for the how to). You can easily update the Windows plugins (including the Windows Flash player if you use that) by running (as root) the script:

# pipelight-plugin --update

I will see about a soon-ish update of pipelight and wine-pipelight if there are enough enhancements.

Good luck with these updates!

New Chromium now supports Netflix natively without Wine plugins

chromium_icon

The latest update to my Chromium package is an interesting one. It took me many nights, all of last week, to find a solution for a crash that is mentioned in various bug reports and for which I could not find a working fix anywhere. In the end, I just removed the few lines of code which trigger the crash.

Dear Google: I think it is stupid to force a crash in my package just because my build is not an “official build”. If your developers want bug reports, fine, arrange something in your development or beta source code, but do not annoy users of your your stable releases by making your product unfit for Google searches.

Anyway, Chromium 37.0.2062.94 comes with a couple of critical bug fixes:

  • [$30000][386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox.
  • [$2000][369860] High CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer.
  • [$2000][387389] High CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak.
  • [$1000][390624] High CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu.
  • [$4000][390928] High CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer.
  • [$1500][367567] Medium CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey.
  • [$2000][376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar.
  • [$500][389219] Medium CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte Kettunen from OUSPG.

New in Chromium 37:

Two nice things happened in Chromium 37 that I want to write about.

  • A separate PDF plugin is no longer needed. This release of Chromium finally has the PDF library included which in the past would only be released with the binary Chrome builds. PDF’s are now nicely rendered in the browser window without having to install the chromium-pdf-plugin package. In fact, I removed that plugin package from my repository. If anyone still wants or needs the SlackBuild for that, let me know and I will post it somewhere.
  • I have not tried it myself (no Netflix here) but reportedly Chrome 37.0.2062.94 can play Netflix natively in Linux, without the need for Wine plugins that add support for MS SilverLight. The new HTML5 player with DRM which Netflix optionally uses now, is supported thanks to co-operation between Chrome developers and Netflix. I assume that the Chromium package would provide the same support. In any case, newer (developer) versions of Chromium reportedly do support Netflix natively, just not sure of the exact version where this started working. Try it, and tell me what you found! I will release a “chromium-dev” package later this week to allow testing in Slackware of new functionality, that may help too.

How to make Netflix work with Chrome/Chromium?

These are instructions I took from a LinuxQuestions.org thread, again I am unable to verify their value.

  • Install Chromium (Chrome would work too of course)
  • Install a User Agent switcher (apparently Netflix keeps blocking Linux browsers even though they now support them…)
  • Add new User-Agent in User-Agent-plugin with following settings:
    • New User-Agent Name = Netflix
      New User-Agent String = Mozilla/5.0 (Windows NT 6.3; Win 64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.24 Safari/537.36 (looks like 37.x.x.x version numberss do not work; use the latest Chrome (beta) version here).
      Group = Chrome
      Append = Replace
      Indicator Flag = NX (or whatever you want)
  • Add a new Permanent Spoof List
    • Domain = netflix.com
      User-Agent String = Netflix
  • Make sure your mozilla-nss package has at least version 3.16.4 (Pat Volkerding upgraded all mozilla-nss packages in recent Slackware releases for this reason)
  • In Netflix Playback-settings chose HTML5

Have fun! Eric

LibreOffice 4.3.1 packages are ready

On August 28, The Document Foundation announced LibreOffice 4.3.1, the first minor release of LibreOffice 4.3 “fresh” family, with over 100 fixes (including patches for two CVEs). The CVEs that were patched in LibreOffice 4.3.1 (and also in LibreOffice 4.2.6) are CVE-2014-3524 “CSV Command Injection and DDE formulas” and CVE-2014-3575 “Arbitrary File Disclosure using crafted OLE objects“.

If you want to be reminded of the new features in LibreOffice 4.3 then I advise you to read the Release Notes. My previous post on LO 4.3.0 mentions some of these improvements as well.

Note that when I upgraded the LibreOffice packages in my Slackware 14.1/current repository from 4.2.5 to 4.3.0 last month, the result was that there is no 4.2 version to be found anymore  in the repository (I offer LibreOffice 4.1.6 in the Slackware 14.0 repository). I added a build script for LibreOffice 4.2.6 in the sources directory, in case you want to try building 4.2.6 yourself. The two aforementioned CVE’s have been applied to the latest source tarballs of LibreOffice 4.2.6, versioned “4.2.6.3″.

Font compatibility:

With regard to MS Office compatibility, I have another remark. In the 4.2 releases I added copies of two open source TrueType fonts which are metric-compatible with two popular Microsoft fonts. Having these fonts available to LibreOffice means that the layout of MS Office documents when you open them in LibreOffice will be unaltered because the replacement fonts (Carlito for MS Calibri and Caladea for MS Cambria) have the same font metrics as the Microsoft ones. When updating the libreoffice.SlackBuild script I decided that I would rather have these two fonts available to the whole system, not just to LibreOffice. Therefore I created two separate packages for these fonts, and if you do not yet have the (non-free) Microsoft web core fonts installed I advise you strongly to install the open source Carlito and Caladea font packages.

Package availability:

LibreOffice 4.3.1 packages for Slackware 14.1 and -current are ready for download from the usual mirror locations:

A note about KDE integration:

If you are on KDE and simply “upgradepkg” the libreoffice packages, your application may suddenly look very out of style, having switched to a GTK look & feel. All you need to do is “installpkg” the new libreoffice-kde-integration package (I split the KDE support out of the big LO package and into its own separate package for LO 4.2.3, so it’s possible that you already have it). One thing is worth noting, despite the fact that this is called “KDE integration”: due to bugs in Qt4 which have not been patched in Slackware’s version of the Qt4 package, the KDE file picker has been disabled in this package. Here is the relevant piece of build output:

*WARNING: native KDE4 file pickers will be disabled at runtime, Qt4 fixes needed
*WARNING: https://bugreports.qt-project.org/browse/QTBUG-37380 (needed)
*WARNING: https://bugreports.qt-project.org/browse/QTBUG-34614 (needed)
*WARNING: https://bugreports.qt-project.org/browse/QTBUG-38585 (recommended)

If you have a lot of spare time available, you can hunt down those three Qt4 patches, apply them to the Slackware package source and then recompile the qt4 and libreoffice packages…

Eric