You are of course subscribed to my repository’s RSS feed and/or you are using slackpkg+ . Then you certainly noticed the update of Chromium to the new major version 35 two weeks ago. I really should have written about this update earlier, because Chromium 35 brings some unfortunate side effects to the table.
Chrome and Chromium were updated to version 35.0.1916.114, with “fixes for 23 security issues“. The most important fixes (for high-risk vulnerabilities) are:
- [$3000] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
- [$3000] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
- [$1000] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
- [$1000] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.
- [$1000] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
- [$500] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.
I also updated the accompanying package for chromium-pepperflash-plugin (extracted from the official Chrome binaries) to 18.104.22.168. This is a security update.
The version 35 of Chromium has a major side effect that many people are not going to like. The support for browser plugins that use Mozilla’s NPAPI protocol to communicate with the browser has been removed and only Google’s own PPAPI protocol is supported as of now (MS Windows users still have a bit of time before the same happens to their Chrome browser – removal of NPAPI support in Windows is scheduled for the end of 2014). This step was of course announced long time ago and many reminders were posted, but if you need Java support in your browser, or want to watch Netflix using pipelight, then you are out of luck. PPAPI versions for these browser plugins do not exist and in the case of pipelight, are very hard to create.
You’re forced to switch (back) to Firefox in these cases.
Speaking of Pipelight… there was a new pipelight release a couple of days back, and this is accompanied by a new web site: pipelight.net. These guys really like writing their own CMS-es! The source code to the new CMS is available on github by the way. With the new release of pipelight you’ll get more supported browser plugins, security updates for all relevant plugins such as Flash, and many bug fixes. Also, for people with an AMD graphics card the good news is that hardware acceleration is now supported and enabled by default.Also note that I have enabled support for WoW64 (meaning that apart from the regular 32-bit applications, 64-bit Windows plugins are also supported on Slackware 64-bit)
Luckily this all still works on Slackware-current’s kernel – there were fears that 32-bit Wine applications would stop working on the 3.14.4 and newer kernels.
Remember that you can always get the latest Windows plugin releases (an important feature in case of security fixes) without having to wait for me creating a new package. Just run the command “pipelight-plugin –update” as root. After doing that, the next time your browser loads the pipelight plugin, it will automatically download the newest version of your installed Windows plugin(s).
Together with this pipelight release, the pipelight developers released their latest “wine-compholio patches“, a set of patches for the official Wine sources which are needed for proper Windows plugin support in your Linux browser. Naturally I created new wine-pipelight packages for you, based on Wine 1.7.19.
In my original post about pipelight, you will find full installation and configuration instructions, as well as a troubleshooting section. That blog article is also referred to on the pipelight.net support page.
Have fun! Eric