Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

December 2014
M T W T F S S
« Nov    
1234567
891011121314
15161718192021
22232425262728
293031  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Meta

New OpenJDK 7: Update 71 with lots of fixes

icedtea Oracle’s patch & release cycle culminated in two updates of their Java (runtime and development kit) since the last release of OpenJDK for which I provided packages. Today, we can enjoy a new IcedTea and therefore an updated OpenJDK which synchronizes to Oracle’s October security patch release (which offers Java 7 Update 71).

IcedTea (my favourite build harness for a spiced-up OpenJDK) went up to version 2.5.3 and it builds OpenJDK 7 “Update 71 Build 14” (resulting in a package openjdk-7u71_b14).

The release announcement is conveniently posted to the release manager’s blog. Read all about it on GNU/Andrew’s site.

Noteworthy is that “alternate virtual machines (e.g. CACAO, JamVM) will be broken by this release, until such a time as they introduce support for JVM_FindClassFromCaller, a new virtual machine interface function added by S8015256” which is bad news for people who want to compile this on ARM. Those are the two which I enable to get some speed into Java on the ARM platform.

Also important to mention is the CVE’s which are addressed by this security update. A pretty bunch and therefore a speedy upgrade is recommended:

openjdk_7u71

Note about usage:

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to nstall one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

The package has one dependency: rhino provides JavaScript support for OpenJDK.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

My Linux Rig

An interview for “My Linux Rig” by Steven Ovadia. One of the site’s features is “The Linux Setup”interviews with people about their Linux setups.

Lots of interesting people have been interviewed there in the past, I feel grey and bland in comparison. I returned an email interview early August and it was posted today. I manage to keep quiet about systemd ;-)

See http://www.mylinuxrig.com/post/100003933891/the-linux-setup-eric-hameleers-slackware-linux

Have fun! Eric

KDE update: 4.14.2. No KDE5 updates yet – devs need to get their act together

qt-kde-620x350Remember when everybody was so excited that the KDE developers abandoned their “monolithic” release schedule where all the software was stamped with the same version number and released as a “Software Compilation”…

There have been a number of releases for the KDE Frameworks 5 and Plasma 5 (which depend on the Frameworks) in decoupled release schedules. To me it is clear  that the developers are not (yet) ready for this. Their workflows appear to be such that they write code which depends on other modules’ code which only exists in a Git repository. With the old “Software Compilation” that was never an issue since all these sources would be released simultaneously. Nowadays we are facing independent release schedules and what is the (expected) result? Software starts breaking down because not all of the git code is being released at the time when the dependent code gets released.

Therefore I refuse to build and release Slackware packages for the latest/pending “KDE 5″ software set, consisting of Frameworks 5.3.0 (in part 5.3.1 now, apparently) and Plasma 5.1.0. It is a freaking mess with updates, reverts and apologies all abound on the mailinglists. Get your act together! In emergency and disaster responce training, you’ll learn that it’s all about communication. IT is no different in software development. In the “bazaar” model, it is still required of people to coordinate the joint effort or else you’ll end up with a pile of loose sand instead of something solid and useful. Coordination is communication during, not after the events.

Knowing the KDE community, the future releases of the KDE 5 components will gradually reach mature levels again.

And hey! There still is the good old KDE4. A set of Slackware packages for KDE 4.14.2 is ready for you to download and install as of now. The source release was made public  earlier today. As expected from KDE4, it is all about bugfixes and stability enhancements.

None of the dependencies I maintain for KDE 4 had to be upgraded in comparison with my previous release of KDE 4.14.1 packages. KDE 4.14.2 bundles the sources of kactivities-4.13.3 (taken from the KDE 4.13 major release) because no new tarball is being made available. For kde-workspace, an update to 4.11.13 was provided by the developers. I promise that I will have gstreamer-1 packages done for the KDE 4.14.3 release and build artikulate (fingers crossed)!

How to upgrade to KDE 4.14.2 ?

You will find all the installation/upgrade instructions that you need in the accompanying README file. That README also contains basic information for KDE recompilation using the provided SlackBuild script.

You are strongly advised to read and follow these installation/upgrade instructions! Note that this is only useful for you if you are running slackware-current, i.e. our development version. If you are running SLackware 14.1 then there’s still a fairly recent KDE 4.13.3 for you.

Where to find Slackware packages for KDE ?

Download locations are listed below.

You will find the KDE 4.14.2 sources in ./source/4.14.2/ and packages in /current/4.14.2/ subdirectories.

Note that I have symlinks in place (useful for users of a package manager and running slackware-current) so that ./current/latest/ will always point to the latest stable KDE release, and ./current/testing/ will always point to the most recent testing release (currently that’s Frameworks 5 and Plasma 5). Let’s hope there will be something fresh in that “testing” area soon.

Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric

LibreOffice, Chromium news

I had a couple of busy weeks at work, and even though I managed to get some updated packages out the door, there was no opportunity to write about them earlier. I bought a ChromeCast and played with that instead to force myself to stay awake after dinner. So, what was new in the last two weeks?

LibreOffice:

Right before LibreOffice turned four years old, The Document Foundation announced LibreOffice 4.3.2. Belated happy birthday to the project! More than 80 fixes went into this minor release, with a focus on interoperability issues when reading or writing Microsoft Office (DOCX, XLSX and PPTX) files.

My previous article which I wrote for LibreOffice 4.3.1 has some additional info on the 4.3 series, should you not have read it before.

LibreOffice 4.3.2 packages for Slackware 14.1 and -current are ready for download from the usual mirror locations:

If there is anyone who has a solution for LibreOffice being incapable to ignore the system harfbuzz library and use an internal version instead… please let me know. It annoys the hell out of me that I can not use the updated harfbuzz in my ‘ktown‘ repository without breaking LibreOffice.

Chromium:

chromium_iconA couple of days ago Chromium stable was updated to 38.0.2125.101. The package which I have built is just for Slackware 14.1 & current. I am pondering an update for the package for Slackware 13.37 & 14.0 but don’t hold your breath. I’ll meet you halfway: I have refreshed the chromium_1337.SlackBuild script in case you want to compile a new one yourself (that script builds the package which I offer for both the older Slackware releases).

Taken from the Chrome releases blog: Chromium 38.0.2125.101 addresses a whopping amount of 159 security fixes, of which these stand out –

  • [$27633.70][416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
  • [$3000][398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [$3000][400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang (demi6od) of NSFOCUS Security Team.
  • [$3000][402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
  • [$2000][403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
  • [$1500][399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
  • [$1500][401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
  • [$4500][403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
  • [$3000][338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
  • [$1500][396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
  • [$1500][415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
  • [$500][395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.

This list shows that there is a healthy interest from external researchers to audit the code and contribute to the security of the browser (not only Chrome, but Chromium and Chrome OS profit from these as well). The biggest bonus of over 27 thousand dollars shows that Google is taking security very seriously. They recently announced that they were going to increase the value of these bonuses… et voilà!

Get my Chromium 38.0.2125.101 packages in one of the usual locations:

Let me remind you again, that you can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.
Eric

Fighting spam

In an attempt to fight the ever-growing amounts of spam on this blog (nearly hundred a week that I have to manually delete), I have made a change to the comments section.

I already have a conditional CAPTCHA appearing if a comment seems to be a spam message, and Akismet is checking my posts against their spam database, but the spam texts are increasingly “well-written” so that they are harder to distinguish from bona-fide comments. The actual spam URL is mostly no longer in the text body but in the commenter’s address field.

As of now, everyone who does not yet have an approved comment on one of my articles will end up in the moderation queue where I have to approve or reject the comment manually.

That will stop the spam messages from appearing on the blog and RSS feed, and once you have an approved post on my blog, your next posts will not have to be moderated.

My apologies if you want to comment here for the first time and your text does not appear immediately after hitting “Submit”. I think this is the best for the blog as well as its readers!

Eric