My thoughts on Slackware, life and everything

Month: January 2014 (Page 1 of 2)

Compiling new LibreOffice sources is a bitch

libreoffce_logo
<rant> After three compilation failures (each setting me back several hours) I must say this:

Whenever I have to bump a LibreOffice package – and perhaps due to moving up from Slackware 14.0 to 14.1 for compiling – it annoys the hell out of me that there are so many unexpected build failures. Not because I cannot fix them, but because every iteration of a LibreOffice compilation attempt costs another few hours. And there’s only so many hours between coming home from work and falling over because of sleep deprivation.

I am afraid that it will take some time before I can produce proper LibreOffice 4.2.0 packages for you. They will be available for Slackware 14.1 and newer . If you are running Slackware 14.0 then you’ll have to stick with LibreOffice 4.1.x (32-bit, 64-bit) for which I will build new packages soon (4.1.5 is around the corner). Users of Slackware 13.37 can still enjoy LibreOffice 3.6.7 (32-bit,64-bit).

In the meantime I am baking a fresh bread for tomorrow morning, so that I get at least something useful out of this frustrating evening.

Eric

Chromium and OpenJDK bugfix releases

Chromium

chromium_iconThere is an update to Chrome/Chromium which arrives in very close succession to the previous update less than two weeks ago. The version number change is minimal, 32.0.1700.77 to 32.0.1700.102, but it addresses several vulnerabilities, so it is advised to update your Chrome and/or chromium packages.

The most important fixes are:

[$1000][330420] High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG.
[$3000][331444] High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler.

I have packages ready for the new chromium:

You can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.

OpenJDK

Pretty quickly after IcedTea 2.4.4, we can now download 2.4.5 from the web site. This is purely a bugfix release (no security issues are addressed) and the new build brings OpenJDK to version “Update 51 Build 31“, thus synchronizing with the upstream’s source tag “u51 b31”. Read GNU/Andrew’s release notes if you want to know what has been fixed.

My functionality tests (jMol and Minecraft) were satisfactory 🙂 Please note that Firefox and Chrome/Chromium browsers no longer load Java applets (or other plugins) by default and ask you for explicit approval to load and run them.

My new packages have again been compiled on Slackware 13.37.  They are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

New Chromium: 32.0.1700.77

chromium_icon Chromium is the Open Source variant of the Chrome Browser. Both are part of the Chromium project which also has the Chrome OS as a product. Chromium and Chrome share the same codebase, and the closed-source Chrome browser is enhanced with some proprietary features like Adobe’s Pepper Flash plugin.

A new stable release (32.0.1700.77) for the Chrome/Chromium browser has been revealed a few days ago.

It took a little to get the official sources – there was an issue with the Google build bot which creates the source tarballs. I did a successful test build with a tarball I created myself (see below for the recipe if you’re interested) and reported the issue of the missing sources in the packagers Google group. Eventually official sources became available and I rebuilt both packages (i.e. 32-bit and 64-bit) using this tarball.

Get my Chromium packages in one of the usual locations:

You can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.

There are some nice new features in this new “32” release. The browser tabs will show a small speaker icon if that page is playing audio, and a “play” triangle if video is playing on the page. Another enhancement (not yet experienced here… perhaps I never will 🙂 ) is that the browser will warn about potentially harmful pages and downloads in a more directly visible way. And if you have kids, now there’s this new feature called “supervised users” where you can define  sub-accounts to your main Chromium account and limit access to sites for those (as well as being able to monitor their browesing history through a new Google control panel).

Apart from all the fancy new stuff, this release is just as much about squashing (security) bugs. You can check out the release page for that, here are the most interesting fixes, quoted directly from the announcement:

  • [$1000][249502High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne.
  • [$1000][326854High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG.
  • [$1000][324969] High CVE-2013-6642: Address bar spoofing in Chrome for Android. Credit to lpilorz.
  • [$5000][321940High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio.
  • [318791] Medium CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani.

If you are new to Chromium and in particular my Slackware-packaged version of it, you should definitely check out my previous post on Chromium where I explain the build requirements and use of API keys that allow you to use the official Google storage for data synchronization and such. That post also mentions more about some extensions to Chromium (PDF viewer and Flash player) which you can extract from the official binary Chrome package.

A few sites to play-test your Chromium browser:

  • http://www.zygotebody.com/ – the Body Browser, using WebGL for fast realtime rendering
  • http://www.quirksmode.org/html5/tests/video.html – HTML5 video tests (several encodings like H.264, WebM and Ogg/Theora)
  • http://www.naclbox.com/ – NaCLBox is an implementation of DOSBox in Chromium’s Native Client, guaranteeing near-native speed of the applications running in the sandbox. NaCLBox offers a lot of good old DOS games which you can play directly in your browser window. Note that my package contains the Native Client (NaCL) whereas the version you can compile using the SlackBuilds.org script will not add NaCl.

Have fun! Eric

PS: this is a script which I wrote as documentation of the manual steps I took to create my own unofficial release source tarball when I got fed up waiting for the official one:

#!/bin/sh
#
# Checking out the sources of an official chromium release,
# by Eric Hameleers
#
# In a working directory, you will create three directories:
# - depot_tools: this contains all the tools needed for creating the tarball
# - checkout: here almost 7 GB of sourcecode will be checked out
# - output: here the chromium-${RELEASE}.tar.xz source tarball will be created.
#
# Some variables:

WORKING_DIR=”${HOME}/chromium_src”

CHROMIUM_REL=”32.0.1700.77″
DT_REPO=”https://chromium.googlesource.com/chromium/tools/depot_tools.git”
RELEASES_URL=”https://src.chromium.org/chrome/releases”

# The actual work (takes a while);
# Checkout 1 GB of source and pack it up:
mkdir -p ${WORKING_DIR}
cd ${WORKING_DIR}

# Clone the depot_tools:
git clone ${DT_REPO}

# Check out the sources:
mkdir ckeckout
cd checkout
PATH=”../depot_tools/:$PATH” gclient config ${RELEASES_URL}/${CHROMIUM_REL}
# At this moment, your config will have been written to a file ‘.gclient’
PATH=”../depot_tools/:$PATH” gclient sync 2>&1 | tee ../sync.log
# The sync will download everything, based on what it found in this file:
# ${CHROMIUM_REL}/DEPS
PATH=”../depot_tools/:$PATH” gclient sync 2>&1 | tee ../sync.2.log

# Pack up the source tarball:
mkdir ../output
python src/tools/export_tarball/export_tarball.py –remove-nonessential-files ../output/chromium-${CHROMIUM_REL}

echo “”
echo “Resulting source tarball is: ${WORKING_DIR}/output/chromium-${CHROMIUM_REL}.tar.xz”
echo “”

It produced a 169MB tarball. I needed a couple of “gclient sync” commands before I finally had all the source code (hopefully all… I have no way of checking if anything is missing).

Flash security updates too (and chromium on the horizon)

adobe_flash_8s600x600_2 I mentioned “Patch Tuesday” in my previous post and also mentioned Adobe in passing. The reason is, they made new versions available of their Flash Player Plugin for web browsers. Several security issues have been addressed, you can read all about those in their bulletin “apsb14-02

I packaged both the flashplayer-plugin 11.2.202.335 for Mozilla based browsers, and the pepperflash plugin 12.0.0.41 for (Chrome and) chromium. The former is well-known (you can use it with your Firefox) and the second one has been extracted from the Chrome RPM and re-packaged as a plugin for my chromium package for Slackware.

Packages are here:

 

chromium_icon I am still working on a new chromium 32.0.1700.77 package (the same version as the latest stable version of Chrome) but since the Chromium team have not (yet) released any official source tarball I had to find out how to create such a tarball. The above pepperflash plugin works perfectly with my current chromium-31.0.1650.67 package!

But the finished 64-bit package works OK so far, still testing:

Old:  chromium_about_31.0.1650.67

New: chrome_about_32.0.1700.77  chromium_about_32.0.1700.77

I’ll start the 32-bit SlackBuild after I finish typing.

Oh yeah if you want to package the new google-chrome yourself, you will have to apply this diff to the google-chrome.SlackBuild in the Slackware tree, else your desktop menu icon is fubar:

--- extra/google-chrome/google-chrome.SlackBuild 2012-08-01 20:48:31.000000000 +0200
+++ google-chrome.SlackBuild 2014-01-15 21:34:38.425845534 +0100
@@ -105,9 +105,6 @@
# Install a .desktop launcher:
 sed -i -e "s#Icon=google-chrome#Icon=/opt/google/chrome/product_logo_256.png#" \
- $PKG/opt/google/chrome/google-chrome.desktop
-mkdir -p $PKG/usr/share/applications
-ln -s /opt/google/chrome/google-chrome.desktop \
 $PKG/usr/share/applications/google-chrome.desktop

 mkdir -p $PKG/install

Have fun! Eric

 

OpenJDK 7u51 (created with IcedTea 2.4.4).

Released today: new versions of IcedTea. It usually takes a while for an announcement to appear on Andrew’s blog, but the mailing list announcement was enough for me. Not quite unexpected, since Oracle was huffing and puffing yesterday when the company joined other security-challenged companies like Microsoft and Adobe in what’s lovingly called “patch tuesday“, so I was kind of expecting an OpenJDK follow-up. The flurry of patches that I saw today was a sure sign.

So I got to compile OpenJDK 7u51 using the IcedTea 2.4.4 framework. As with every Java release, this one fixes a slew of security holes. Let me say in full, “Update 51 Build 00” of OpenJDK 7  addresses these issues:

* Security fixes
  - S6727821: Enhance JAAS Configuration
  - S7068126, CVE-2014-0373: Enhance SNMP statuses
  - S8010935: Better XML handling
  - S8011786, CVE-2014-0368: Better applet networking
  - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list 
  - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code 
  - S8022904: Enhance JDBC Parsers
  - S8022927: Input validation for byte/endian conversions
  - S8022935: Enhance Apache resolver classes
  - S8022945: Enhance JNDI implementation classes
  - S8023057: Enhance start up image display
  - S8023069, CVE-2014-0411: Enhance TLS connections
  - S8023245, CVE-2014-0423: Enhance Beans decoding
  - S8023301: Enhance generic classes
  - S8023338: Update jarsigner to encourage timestamping
  - S8023672: Enhance jar file validation
  - S8024302: Clarify jar verifications
  - S8024306, CVE-2014-0416: Enhance Subject consistency
  - S8024530: Enhance font process resilience
  - S8024867: Enhance logging start up
  - S8025014: Enhance Security Policy
  - S8025018, CVE-2014-0376: Enhance JAX-P set up
  - S8025026, CVE-2013-5878: Enhance canonicalization
  - S8025034, CVE-2013-5907: Improve layout lookups
  - S8025448: Enhance listening events
  - S8025758, CVE-2014-0422: Enhance Naming management
  - S8025767, CVE-2014-0428: Enhance IIOP Streams
  - S8026172: Enhance UI Management
  - S8026176: Enhance document printing
  - S8026193, CVE-2013-5884: Enhance CORBA stub factories
  - S8026204: Enhance auth login contexts
  - S8026417, CVE-2013-5910: Enhance XML canonicalization
  - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms
  - S8027201, CVE-2014-0376: Enhance JAX-P set up
  - S8029507, CVE-2013-5893: Enhance JVM method processing
  - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains

* Bug fixes
  - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds
  - D729448: 32-bit alignment on mips and mipsel
  - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6

Please update your installed openjdk or openjre packages with this new version! You’ll notice that browsers like Firefox and Chrome/Chromium no longer load Java applets by default and ask you for explicit approval to load and run them.

I tested as usual whether jMol and Minecraft (both standalone Java applications) were still working – they do! And again testing the browser plugin was a challenge. Orcacle’s java checker did not work… after the icedtea-web plugin itself loaded properly:

javacheck

This time the plugin triggered an error “net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Unknown Main-Class. Could not determine the main class for this application.” The test at javatester.org was fine though.

Get my packages – they have been compiled on Slackware 13.37 and are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

« Older posts

© 2024 Alien Pastures

Theme by Anders NorenUp ↑