Main menu:

Sponsoring

Please consider a small donation:

 

Also appreciated: support me by clicking the ads (costs nothing) :-)

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

April 2014
M T W T F S S
« Mar    
 123456
78910111213
14151617181920
21222324252627
282930  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Tag cloud

Meta

LibreOffice 4.2.3 – addresses Heartbleed vulnerability

Last week was a black page in Open Source security with the publication of the Heartbleed vulnerability. For those of you who think the hype is overrated and no one will be able to get at your private keys and passwords, better check out the results of the Cloudflare Challenge (the SSL certificate for that site has been revoked in order to stop it from being abused so that page won’t load).  Cloudflare’s security engineers were unable to exploit the vulnerability and retrieve their server’s private key so they confidently made it a public challenge… and at least three people independently obtained the server’s private key through the exploit! Proof was given by posting messages signed with that same private key. Read all about it on the Cloudflare blog. Don’t take this vulnerability too lightly! Slackware 14.0, 14.1 and -current users should apply the openssl patch packages as soon as possible. And if your machine was exposed to the Internet, running a secure web server (https://) then it is wise to revoke your SSL certificate and create a new one. It may also be a good idea to change the passwords of the accounts on that server.

Not just OpenSSL-protected web sites are affected; regular “client” software can be abused by attacks when these applications contain the vulnerable code because they statically link to the openssl library. I’ll post some more later, but here is the first fix:

The Document Foundation added a fix for Heartbleed to their latest LibreOffice 4.2.3 (codenamed ‘Fresh’) release. It took an additional day for me to get rid of the bugs in my revised SlackBuild script, because I had decided to split the “big” libreoffice package in three sub-packages. The SDK documentation (several hundreds of MB) has now moved into a separate package “libreoffice-sdkdoc” which you will not need unless you are a developer. And the KDE integration libraries have been moved into their own package as well: “libreoffice-kde-integration”. It’s these libraries which give the LibreOffice user interface the “KDE look” when you are running KDE, and make it use the KDE file dialogs. Some people experienced issues in KDE which were solved by removing these KDE libraries, and the new sub-package was born to help you get a better experience out of LibreOffice on Slackware. Note that if you are on KDE and simply “upgradepkg” the libreoffice package, your application will suddenly look very out of style, having switched to a GTK look & feel. All you need to do is “installpkg” the new libreoffice-kde-integration package.

If you are in need of stability, note that the official statement from the Document Foundation is that LibreOffice 4.2.3 is “the most feature rich version of the software, and is suited for early adopters willing to leverage a larger number of innovations. For enterprise deployments and for more conservative users, The Document Foundation suggests the more mature LibreOffice 4.1.5“. You can find Slackware packages for LibreOffice 4.1.5 in my repository onder the “14.0″directory. They were built on Slackware 14.0 and work well on Slackware 14.1 and -current.

Packages for Slackware 14.1 and -current are ready for download from the usual mirror locations:

Eric

KDE SC 4.12.4 for Slackware 14.1 and -current

Yesterday, I uploaded the packages for the new KDE Software Compilation 4.12.4 which brings us updates to the Applications and Development Platform. The Plasma Workspaces are following a separate version numbering scheme – the new workspaces package version is 4.11.8.

The Slackware-current tree has not seen exciting updates other than security fixes and because of that, again I have built my packages for KDE  4.12.4, on Slackware 14.1 for maximum compatibility.

The packages work fine on slackware-current too – of course. When that changes, I will stop using Slackware 14.1 as the build platform.

What’s new in my KDE 4.12.4 packages?

One of the packages has been renamed. The old “kdnssd” package is now called “zeroconf-ioslave”. The README which accompanies my packages has been updated with a “removepkg kdnssd” command.

The kmahjongg package now has the main program script included and you’ll find it in the KDE menu. Kmahjongg will not work out of the box, but you only have to add the “python-twisted” and “zope.interface” packages from my regular repository to make it work. I do not include these add-ons in the ‘ktown’ repository because I do not want to force Patrick’s hand if he does not want them to be part of Slackware in future.

I also updated the kdeconnect-kde package with a git development snapshot. In my previous blog article I wrote how this interesting little program interacts with the kdeconnect-android app. Don’t forget to add the new “KDE Connect” widget to your system tray if you want to try it out.

kdeconnect-applet

How to upgrade to KDE 4.12.4 ?

You will find all the installation/upgrade instructions that you need in the accompanying README file. That README also contains basic information for KDE recompilation using the provided SlackBuild script.

You are strongly encouraged to read and follow these installation/upgrade instructions!

Where to find packages for KDE 4.12.4 ?

Download locations are listed below (you will find the sources in ./source/4.12.4/ and packages in /current/4.12.4/ subdirectories). Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric

More Chromium, LibreOffice and Flash updates

That sounds a heck of a lot like another post I wrote recently on this blog…  a little more than two weeks ago. The big guys made a move again, and this is what you get from me as a result.

Chromium

chromium_iconChromium (and of course Chrome) were updated to version 33.0.1750.149, with 7 security fixes. The Chrome binaries are equipped with an updated Flash Player plugin (12.0.0.77 which is also a security upgrade, see below).  These are the highlighted fixes (aka the biggest bounties paid):

  • [$4000][344881High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
  • [$3000][342618High CVE-2014-1701: UXSS in events. Credit to aidanhs.
  • [$1000][333058High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne.

You will find the chromium packages (Slackware 14.1 and -current) here:

I also provide updated packages for chromium-pepperflash-plugin with the Fpash plugin binary taken from the official Chrome distribution.

LibreOffice

LibreOffice 4.2.2 (codenamed ‘Fresh’) packages for Slackware 14.1 and -current are ready too. The official announcement  considers LibreOffice 4.2.2 to be “the most feature rich version of the software, and is suited for early adopters willing to leverage a larger number of innovations“. However, the announcement continues with “For enterprise deployments, The Document Foundation suggests the more reliable LibreOffice 4.1.5 “Stable”.” Of course I have LibreOffice 4.1.5 packages, they are built on Slackware 14.0 and work well on Slackware 14.1 and -current. It’s your choice!

Package locations:

Linux Flash Player

As mentioned above in the Chromium section, Adobe released security updates of their Flash Player for all platforms. The Adobe security bulletin shows 11.2.202.346 as the new version for native Linux. Package location:

 

Note: a new version of pipelight has not yet been released, but if you want your Wine-installed Windows Flash player to be secure and safe as well, you can run the following command (as root – not as your normal user account like I wrongly advised before):

# pipelight-plugin --update

which will update the “/usr/share/pipelight/install-dependency” script. Next time you open a web page which loads pipelight, it will automatically upgrade your Windows Flash player in the wine-pipelight directory to the latest version.

Have fun! Eric

Barracuda’s Copy cloud storage

copy-clientA while ago I posted a blurb (well… not here but on Google+) about Barracuda‘s  cloud-based backup service analogous to Dropbox. Copy.com is an interesting contender in the playing field of cloudbackup. This is what the company has to say about data protection and security: “Because Copy is the product of network security and backup giant Barracuda, your files are stored on servers we control and manage, not with a 3rd party like most cloud storage services. For increased security, your data is protected by multiple layers of encryption, including top-secret grade AES 256, both during transfer and while at rest on Barracuda’s enterprise-class cloud storage“.

It’s up to you how seriously you take that claim, but let me just give this advice: if you trust your most sensitive files to the cloud, apply your own encryption first! For example, I have a TrueCrypt container in my cloud storage which contains everything private I have on my computers. This encrypted container is replicated to all my computers as well as to the cloud, providing sufficient backup safety and still keeping my data hidden from secret snoopers without supercomputers.

The site advertises that they use a data-deduplication mechanism, therefore I doubt that your files will be stored in such a way that the NSA is unable to access them… still, it’s a lot of storage for a safety copy of your photos. I guess I’ll take their claims at face value.

Back to Copy: this is a free storage solution, although there are business subscriptions. New free accounts get 15 GB cloud storage for free, and that is quite a bit. When you refer someone else to start using this service, both sides get an additional free 5 GB storage. Click on the link below to get your 20 GB for free, it gives me an additional 5 GB too.

Bonus referral link: https://copy.com/?r=zWvkFg

They have an interesting twist to the concept of file-sharing. WIth Dropbox, you can share part of your own dropbox with other Dropbox users. That shared space will count in the quota calculations of everyone who takes part in the share. So for instance, if you have a free 10 GB dropbox quota you will not be able to add your friend’s shared folder if that folder is larger than 10 GB. With Copy on the other hand, the calculation is different. If you share an amount of data with others, then the used quota is divided among the sharers. So, if you are sharing 10 GB with 4 of your friends, everyone in your group of 5 will not be taxed for 10 GB, but only for 10/5 = 2 GB of quota usage. That is nice.

Sync clients are available for many platforms, Linux (32-bit and 64-bit) and Android included. It took a while to deliver on my promise to create a Slackware package for the Linux sync client, because I was not sure how I wanted to wrap the binaries. But finally here it is. I decided to call the package “copy-client” in analogy to my “dropbox-client” package.

A copy-client package for Slackware, 64-bit as well as 32-bit. Working on versions 13.37 and onwards (those are the Slackware versions I tried at least).

Have fun! Don’t forget to claim your 20 GB free storage using my referral link, and make me a happy camper.

Eric

KDE 4.12.3 for Slackware-current (and 14.1) plus some goodies

Sticking nicely to the well-known KDE Release Schedule, here are packages for the latest and greatest KDE Software Compilation.

The new release 4.12.3 is a further step towards stabilizing the 4.12 platform and comes with updates to Plasma Workspaces, which brings that to version 4.11.7. Incidentally I also updated the Plasma Workspaces (aka kde-workplace)  in the KDE package set which I maintain for Slackware 14.1 (the KDE SC 4.11.5 release will keep getting long-term updates to kde-workspace until this summer)

Principally, I am targeting Slackware-current with my bleeding-edge packages for KDE. However – as was the case with the previous KDE release, there is not all that much divergence between the stable release (Slackware 14.1) and the development tree (Slackware-current). That is why I built my packages for KDE  4.12.3, on Slackware 14.1 for maximum compatibility. They work fine on both platforms.

What’s new in my KDE 4.12.3 packages?

Apart from all-new versions for the core applications, I also updated the oxygen-gtk2 and plasma-nm (and libnm-qt, libmm-qt) packages. I was unable to compile the latest oxygen-gtk3 release because Slackware’s GTK+-3 package is too old.

There is one interesting addition! There is a new package called kdeconnect-kde. Together with the kdeconnect-android app for your smartphone or tablet (no iPhone, surely you don’t own one??) it “fuses” your KDE desktop with your mobile device.

kdeconnect-settings

Prominent features of KDE Connect are: battery status display, clipboard share, notifications sync, multimedia remote control, and all of that over secured network connections. Don’t forget to add the new “KDE Connect” widget to your system tray.

kdeconnect-applet

How to upgrade to KDE 4.12.3 ?

You will find all the installation/upgrade instructions that you need in the accompanying README file. That README also contains basic information for KDE recompilation using the provided SlackBuild script.

You are strongly advised to read and follow these installation/upgrade instructions!

Where to find packages for KDE 4.12.3 ?

Download locations are listed below (you will find the sources in ./source/4.12.3/ and packages in /current/4.12.3/ subdirectories). Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric