Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 181 other subscribers

My Favourites

Slackware

Calendar

April 2016
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
252627282930  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

Meta

KDE 5_16.03 for Slackware-current

plasma5_startup KDE 5_16.03 is available. I used the latest KDE releases: Frameworks 5.20.0, Plasma 5.5.5 and Applications 15.12.3. You’ll find this also as part of the Slackware Live Edition ISO images based on liveslak-0.7.0 (the PLASMA5 variant) which I uploaded a day earlier.

What’s new in KDE 5_16.03?

  • Frameworks 5.20.0 is an enhancement release and no new Frameworks were added. See https://www.kde.org/announcements/kde-frameworks-5.20.0.php .
  • Plasma 5.5.5 is the last release of the 5.5 series; since there is an interdependency between development of Frameworks and Plasma, two packages were added as ‘plasma-extra’ to cover for the period between release of Frameworks 5.20.0 and release of Plasma 5.6.0: kactivities-workspace and kactivitymanagerd. Their content will be split into Frameworks 5.21.0 and Plasma 5.6 so the two packages will be removed from the ‘ktown’ repository in the next round. See https://www.kde.org/announcements/plasma-5.5.5.php .
  • The Applications 15.12.3 is a bugfix release. For a full list of changes to applications, read this page.

Not much else to mention at this time, but I would like to hear from people who experience a strange screenlock behaviour. I managed to get this once in a virtual machine after leaving the Plasma5 session idle for prolonged time after which the screenlocker activated. WTF!!!! Slackware does not have a steenking systemd you crazy KDE developer:

kscreenlocker_broken_plasma-5.5.5_20160312

Installing or upgrading Frameworks 5, Plasma 5 and Applications

You can skip the remainder of the article if you already have my Plasma 5 installed and are familiar with the upgrade process. Otherwise, stay with me and read the rest.

As always, the accompanying README file contains full installation & upgrade instructions. Note that the packages are available in several subdirectories below “kde”, instead of directly in “kde”. This makes it easier for me to do partial updates of packages. The subdirectories are “kde4”, “kde4-extragear”, “frameworks”, “kdepim”, “plasma”, “plasma-extra”, “applications”, “applications-extra” and “telepathy”.

Upgrading to this KDE 5 is not difficult, especially if you already are running KDE 5_16.02. You will have to remove old KDE 4 packages manually. If you do not have KDE 4 installed at all, you will have to install some of Slackware’s own KDE 4 packages manually.

Note:

If you are using slackpkg+, have already moved to KDE 5_16.01 and are adventurous, you can try upgrading using the following set of commands. This should “mostly” work but you still need to check the package lists displayed by slackpkg to verify that you are upgrading all the right packages. Feel free to send me improved instructions if needed. In below example I am assuming that you tagged my KDE 5 repository with the name “ktown_testing” in the configuration file “/etc/slackpkg/slackpkgplus.conf“):
# slackpkg update
# slackpkg install ktown_testing (to get the newly added packages from my repo)
# slackpkg install-new (to get the new official Slackware packages that were part of my deps previously)
# slackpkg upgrade ktown_testing (upgrade all existing packages to their latest versions)
# removepkg xembed-sni-proxy ktux amor kde-base-artwork kde-wallpapers kdeartwork (they don’t exist in the repo anymore)
# slackpkg upgrade-all (upgrade the remaining dependencies that were part of my repo previously)

And doublecheck that you have not inadvertently blacklisted my packages in “/etc/slackpkg/blacklist“! Check for the existence of a line in that blacklist file that looks like “[0-9]+alien” and remove it if you find it!

Recommended reading material

There have been several posts now about KDE 5 for Slackware-current. All of them contain useful information, tips and gotchas that I do not want to repeat here, but if you want to read them, here they are: http://alien.slackbook.org/blog/tag/kde5/

A note on Frameworks

The KDE Frameworks are extensions on top of Qt 5.x and their usability is not limited to the KDE Software Collection. There are other projects such as LXQT which rely (in part) on the KDE Frameworks, and if you are looking for a proper Frameworks repository which is compatible with Slackware package managers such as slackpkg+, then you can use these URL’s to assure yourself of the latest Frameworks packages for Slackware-current (indeed, this is a sub-tree of my KDE 5 “testing” repository):

Where to get the new packages for Plasma 5

Download locations are listed below (you will find the sources in ./source/5/ and packages in /current/5/ subdirectories). If you are interested in the development of KDE 5 for Slackware, you can peek at my git repository too.

Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric

New ISO images for Slackware Live Edition (beta 7)

blueSW-64pxI finished the compilation of new KDE 5_16.03 packages (64-bit) and that was a good point to stamp a new version on the liveslak scripts and build Live ISO images based on liveslak-0.7.0. This update of the Live ISOs is using Slackware64-current dated “Mon Mar 14 02:18:20 UTC 2016” as the base.

In the meantime the upload of the new ISO images for Slackware Live Edition, release “0.7.0” to slackware.uk has completed.

As always, I encourage new readers to visit my previous articles on Slackware Live Edition for more background information.

What’s new in 0.7.0?

I could not spare as much time as for the previous betas (work comes first because it pays for food and shelter). So the new ISO images are primarily meant to be a showcase of both Slackware -current and the new Plasma 5 version. Still, there are a few things to mention.

  • The scope of the boot parameter “livemedia” has been extended. It will now also accept an ISO file (containing Slackware Live Edition of course) as parameter value, so that you can more easily test a freshly downloaded ISO without having to copy it to a USB stick or burn it to a DVD first. It’s use is quite versatile:
    • livemedia=/dev/sdX1:/path/to/live.iso” points to an ISO file on partition “/dev/sdX1”.
    • livemedia=DATA:/path/to/liveslak.iso” points to an ISO file on a filesystem with label “DATA”.
    • livemedia=”7550954e-3d40-4e46-ae91-d02dce1d52a4:/your/live.iso” points to an ISO file on a partition with a specific UUID.
  • A new boot parameter “nga” was added. It stands for “no glamor acceleration” and should be useful on hardware (including QEMU virtual hardware) where X.Org refuses to start with the error “EGL_MESA_drm_image required; (EE) modeset(0): glamor initialization failed“. It adds a file to /etc/X11/xorg.conf.d/ to disable glamor 2D acceleration, something which used to be off by default and since X.Org 1.18 seems to be on by default.
  • The “setup2hd” hard disk installer was polished a little bit.
  • A wiki-fied version of the README.txt documentation was added to the Slackware Documentation Project. See http://docs.slackware.com/slackware:liveslak.
  • Documentation on how to customize the Live Edition for your own Slackware derivative was added. This is a work in progress – I still need to separate the syslinux and grub theming from the menu content.
  • Lots of small improvements and bug fixes were applied to liveslak. Check out the commit log if you are interested.

Download the ISO images

I have created ISO images for the SLACKWARE, XFCE, PLASMA5 and MATE flavours using the latest Slackware64-current packages available (Mon Mar 14 02:18:20 UTC 2016) as well as the latest Plasma 5 release  which I yet have to upload to ‘ktown‘… you will see it first on Slackware Live Edition!

You can find the ISO images plus their MD5 checksum and GPG signature at any of the following locations – look in the “0.7.0” subdirectory for ISOs based on the liveslak-0.7.0 scripts. I made a symlink called “latest” which will always point to the latest set of ISO images:

These mirror servers will sync up in the next 24 hours – slackware.uk is already uptodate.

Good to know when you boot the ISO

Slackware Live Edition knows two user accounts: root (with password ‘root’) and live (with password ‘live’). My advice: login as user live and use “su” or “sudo” to get root access.
Note: the “su” and “sudo” commands will want the ‘live’ user’s password!

Slackware Live Edition is able to boot both on BIOS-based computers (where syslinux takes care of the boot menu) and UEFI systems (where grub builds the boot menu, which looks quite similar to the syslinux menu):

slackwarelive-0.4.0_syslinux

Let me know if you are creating a custom Live distro based on liveslak. I may be able to help with scripting adjustments if necessary. There’s a reboot of FluxFlux by Manfred Müller using these scripts for instance.

Have fun! Eric

March ’16 security fixes for Adobe Flash

adobe_flash_8s600x600_2Adobe’s Flash player  security update for March showed an updated Flash player which addresses several vulnerabilities. I packaged the Linux Flash Player plugin for you as usual – on friday. However, Google did not release an updated binary for Linux Chrome until this moment, instead having people rely on Chrome’s internal auto-update feature which takes care of downloading the latest PepperFlash library. That would leave Chromium users in the cold, so I took a different approach: I installed the latest Google Chrome in a virtual machine and started the program, then went away to do other stuff. After a while, Chrome had indeed downloaded a new version of the Flash library and put that in the ~/.config/google-chrome/PepperFlash/ directory. I have used a copy of this downloaded library to create the new chromium-pepperflash-plugin package.

The new plugin for the Chromium browser (chromium-pepperflash-plugin) has the version number 21.0.0.182. The plugin for Mozilla browsers (flashplayer-plugin) has version 11.2.202.577.

My download locations for the Flash plugin packages are as always:

If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg upgrade flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.

Eric

Chromium 49 packages address security issues; no more 32-bit binary plugins

chromium_iconChromium 49 was announced on the Google Chrome Releases blog. I needed some time to compile package for my ‘ktown’ repository containing the KDE Plasma 5 environment. In fact it took more time than anticipated because I had upgraded my QEMU from 1.2.0 to 2.5.0 and that had unepected side effects: it severely affected the performance of the host server (running Slackware64 13.37 and a 2.6.37.6 kernel) and decreased the Virtual Machine speed to almost half. And when the VM froze while I was compiling chromium in it, I had enough. I reverted to QEMU 1.2.0 and all is well again.

Anyway, the new chromium 49.0.2623.75 release addresses a couple of security issues – some of these have a CVE number:

  • [$8000][560011] High CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
  • [$5000][549986] High CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
  • [$3000][572537] High CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
  • [$3000][559292] High CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
  • [$2000][585268] High CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
  • [$2000][584155] High CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan.
  • [$500][560291] High CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann.
  • [$2000][555544] Medium CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
  • [$1000][585282] Medium CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
  • [$1000][572224] Medium CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
  • [$1000][550047] Medium CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera.
  • [$500][583718] Medium CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
  • [591402] CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives.

It is advised to upgrade to this version of Chromium.

Please note that Google has stopped providing 32-bit versions of Chrome for Linux. This means that I will no longer be able to supply 32-bit plugins for Pepper Flash and for Widevine CDM support. The 32-bit plugins currently in my repository are taken from the Chrome 48 RPM and they will probably just keep functioning for a while. However I have no idea when they break, and particularly the Pepper Flash plugin will age pretty fast, considering the fact that Adobe releases security updates for Flash almost every month. YMMV.

Get my chromium packages in one of the usual locations:

The widevine and pepperflash plugin packagess for chromium can be found in the same repository.

Have fun! Eric

Package recompilation effort underway

alienHey folks! Two things recently happened to Slackware-current that you need to be aware of if you are using my Plasma5 packages from the ‘ktown‘ repository.

  1. libical was upgraded. The new shared library has a different version number, breaking several applications in my Plasma 5 package set. Mostly these are KDEPIM related.
  2. the openssl upgrade  dropped support for the obsolete OpenSSL SSLv2 protocol (by eliminating the ‘SSLv2_client_method’ symbol) in order to address the “DROWN” vulnerability. This broke applications that are linking against openssl using this symbol.

This means I have to recompile several packages; the PIM related ones are kcalcore, kcalutils, kblog, ktnef, kalarmcal, akonadi-calendar, kdepim-runtime, kdepim and kdepimlibs4 (I did kdepimlibs earlier this week). Packages linking to the removed SSLv2 symbol are qt5 and qca-qt5.

This will take some time on my trusty old build-box. The 64-bit PIM packages are done, Qt5 is compiling, qca-qt5 is next. Then I need to repeat for 32-bit and be aware that compiling Qt5 is quite a lengthy process… I won’t have new packages to upload until friday evening probably.

Then I intend to compile new Plasma 5.5.5 (just released, it’s the last in the 5.5 series) and generate new Slackware Live ISO images. Don’t stay up for those… will probably be on the other side of the weekend before you see those, because I need to test some updates to the liveslak scripts first.

Somewhere inbetween I should also take care of the new Chromium sources which were just released, addressing several vulnerabilities. By the way, this new 49.0.2623.75 release is the first where Google is only releasing 64-bit binaries for Linux, so I am afraid that at some point the 32-bit plugins I used to extract from the Chrome binaries (pepperflash and widevine plugins) will stop working for the 32-bit chromium packages which I will of course keep compiling for you. The most recent versions of these binary-only plugins remain in my repository until they break.