Main menu:

Sponsoring

Please consider a small donation:

 

Also appreciated: support me by clicking the ads (costs nothing) :-)

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

April 2014
M T W T F S S
« Mar    
 123456
78910111213
14151617181920
21222324252627
282930  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Tag cloud

Meta

Chromium, LibreOffice, Pipelight, Flashplayer updates

If you are subscribed to my repository’s RSS feed or if you are using slackpkg+ to keep your Slackware system updated, you will already have noticed and are probably already using the new packages – for the rest of you, here is the harvest of last week.

Chromium

chromium_iconChrome and Chromium were updated to version 33.0, bringing fixes for 28 security issues. The new version number is 33.0.1750.117 to be exact.

The most important fixes (for high-risk vulnerabilities) are:

  • [$2000][334897High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
  • [$1000][331790High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani.
  • [$3000][333176High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
  • [$3000][293534High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
  • [$500][331725High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.

I have packages ready for the new chromium (Slackware 14.0, 14.1 and -current):

In the same locations you will also find updated packages for chromium-pepperflash-plugin and chromium-pdf-plugin. Both these packages contain binaries taken from the official Chrome distribution: respectively an Adobe Flash player and a PDF reader plugin. The Flash player is a security update (new version of the Pepper Flash plugin is 12.0.0.70), just like the other Flash player plugins I will mention further down.

LibreOffice

LibreOffice 4.2.1 packages for Slackware 14.1 and -current are ready too. The first minor increment in the 4.2 series took only 3 weeks, solving over 100 bugs which were introduced because of the relatively large amount of new code that was added since the prior 4.1 series. You can read more in the ChangeLog for 4.2.1.

Note that I ship my LibreOffice 4.1 and 4.2 packages with additional “libreoffice-dict-<language>” packages, containing dictionary and spellchecker support! If you are still running Slackware 13.37 there’s LibreOffice 3.6.7 for which I also have packages, and users of Slackware 14.0 are served well with LibreOffice 4.1.4 (I will compile packages for 4.1.5 shortly).

Package locations:

Pipelight

pipelight-logo The new pipelight release brings updates and fixes. More Windows browser plugins are supported, but being able to view Netflix will still be the major benefit for many of its users. Note that the update will also bring you the newest Flash Player version (fixing several security issues as already pointed out when I wrote about Chrome’s PepperFlash update). Together with the newest pipelight, I also created new packages for its wine-pipelight dependency, bringing the version of Wine to 1.7.13.

Let me remind you that in my original post about pipelight, you will find full installation and configuration instructions, as well as a troubleshooting section.

Package location:

 

Linux Flash Player

Of course there is the normal¨ Flash Player plugin for Linux as well – it received an update from Adobe just like its Chrome and Windows pendants. That same Adobe security bulletin mentions that the new version of the Linux browser plugin is 11.2.202.341. Package location:

Have fun! Eric

The week in review

I have not been updating this blog for a couple of days, but that did not mean I was sitting on hy hands.

These are the package updates which landed in my various repositories during the last few days:

Calibre

calibreicoNearly every week I have been updating my Calibre packages whenever Kovid Goyal released a new version. Especially the last couple of releases are really exciting. Perhaps you noticed (if you are an ebook lover or even an ebook writer) that the Sigil EPUB editor’s progress had stalled, in fact the software’s development is dead. I did not really care because Sigil had switched its Qt dependency from 4 to 5 and Slackware does not contain Qt5, so new Slackware packages were out of the question anyway. Now, Calibre has been enhanced with an ebook editor. Visually and functionally the Calibre ebook editor application shows similarities to Sigil, however it is a completely different program, and it integrates perfectly into the Calibre GUI. You can invoke it directly by running “ebook-edit” from a terminal or using the “Edit E-book” menu item in your Desktop Environment.

Calibre can also run as a Web Server with an OPDS interface, ideal for when you have an ebook reader with a Wireless network interface – you can download books directly from your library without the need for a USB cable. But it needs to be hidden behind an Apache reverse proxy to make it safe enough to use on the Internet. I recently installed COPS however, which is built from the ground up to be a replacement Calibre OPDS PHP Server. After some discussion with the developer, I talked him into adding an online web-based EPUB reader which is based on Monocle, so that I can read my ebooks directly on my ChromeBook without the need for downloads or browser plugins.

 

LibreOffice

I already posted about my gripes with building the new LibreOffice 4.2.0. Well, I finally managed to make it work, and the resulting packages (for Slackware 14.1 and -current) are available. A significant bug was rapidly discovered in Calc when using a non-english language pack. It seems that other people suffered from this in earlier releases even, and not just on Slackware. Still, this is a release with many improvements. Read more about the new features and fixes on the announcement page. Interesting tidbit: LibreOffice 4.2 offers a new Start screen, with a cleaner layout that makes better use of the available space – even on small screens – and shows a preview of the last documents you opened.

Focus for the 4.2 cycle is performance and interoperability (yeah, when is it not) with MS Office.

Note that I ship my LibreOffice 4.1 and 4.2 packages with additional “libreoffice-dict-<language>” packages, containing dictionary and spellchecker support! If you are still running Slackware 13.37 there’s LibreOffice 3.6.7 for which I also have packages, and users of Slackware 14.0 are served well with LibreOffice 4.1.4.

Package locations:

 

Chromium

chromium_iconAnother update to Chrome/Chromium brings this open source version of Chrome to 32.0.1700.107, and interestingly enough (but I disregarded this) another update appeared one day later which “upgrades” Chromium to 32.0.1700.103. A comment to that blog announcement questions the effective downgrade but there is no answer yet from the developers.

The SlackBuild was modified a bit (thanks dugan!), in order to solve several bugs in the interaction with vBulletin, which is the software powering LinuxQuestions.org (hoster of the main Slackware user forum on the Internet).

I have packages ready for the new chromium:

 

VideoLAN Player

largeVLCThe VideoLAN team released version 2.1.3 of their VLC player yesterday.

This is another maintenance release of the “Rincewind” release, “fixing numerous bugs, and improves decoders, notably for the new formats (HEVC and VP9). Important fixes involve Audio and Video output management on most platforms“. 2.1.3 also “improves the demuxer and decoders for most formats, and the various interfaces“.

Where to find the new VLC packages:

Rsync acccess is offered by the mirror server: rsync://taper.alienbase.nl/mirrors/people/alien/restricted_slackbuilds/vlc/ .

My usual warning about patents: versions that can not only DEcode but also ENcode mp3 and aac audio can be found in my alternative repository where I keep the packages containing code that might violate stupid US software patents.

 

Adobe’s Flash Player plugin

adobe_flash_8s600x600_2There was a minor version number update today, for Adobe’s Flash Player Plugin for web browsers. The update is accompanied by a security bulletin “apsb14-04

Packages for Mozilla compatible browsers are here (and the update to pepperflash plugin for Chromium should follow shortly):

Icedtea-web

A new release of the web browser plugin for OpenJDK is available since today. Version 1.4.2 finally makes Oracle’s Java version tester page work again (remember that you now have to explicitly allow the plugin to start inside your Firefox or Chromium browser):

java_is_working_7u51_b31

Get the packages at http://slackware.com/~alien/slackbuilds/icedtea-web/

 

 

KDE

The latest  KDE Sofware Compilation is 4.12.2 which is available now and it accompanied by Plasma Workspaces 4.11.6. Mostly bug fix release, you should have no issues upgrading.

Contrary to what I had told before, I have built these packages on Slackware 14.1. I am running them on all my Slackware-current boxes without issues. The difference between Slackware 14.1 and -current is not so big yet, which is the rationale behind my decision to use Slackware 14.1 as the compilation platform this one time (for maximum compatibility)You will find all the installation/upgrade instructions that you need in the accompanying README file. That README also contains basic information for KDE recompilation using the provided SlackBuild script.

You are strongly advised to read and follow these installation/upgrade instructions!

My packages can be found in the ‘ktown’ repository which I maintain for KDE packages:

 

This concludes the week in review. I just finished baking a fresh loaf of bread and the smell makes me mad. Have to wait until the morning (it’s still hot and the time is just past midnight).

loaf-800

Remember:
You can subscribe to the repository’s RSS feed (RSS for ktown and RSS for multilib available too) if you want to be the first to know when new packages are uploaded.

Have fun! Eric

Compiling new LibreOffice sources is a bitch

libreoffce_logo
<rant> After three compilation failures (each setting me back several hours) I must say this:

Whenever I have to bump a LibreOffice package – and perhaps due to moving up from Slackware 14.0 to 14.1 for compiling – it annoys the hell out of me that there are so many unexpected build failures. Not because I cannot fix them, but because every iteration of a LibreOffice compilation attempt costs another few hours. And there’s only so many hours between coming home from work and falling over because of sleep deprivation.

I am afraid that it will take some time before I can produce proper LibreOffice 4.2.0 packages for you. They will be available for Slackware 14.1 and newer . If you are running Slackware 14.0 then you’ll have to stick with LibreOffice 4.1.x (32-bit, 64-bit) for which I will build new packages soon (4.1.5 is around the corner). Users of Slackware 13.37 can still enjoy LibreOffice 3.6.7 (32-bit,64-bit).

In the meantime I am baking a fresh bread for tomorrow morning, so that I get at least something useful out of this frustrating evening.

Eric

Chromium and OpenJDK bugfix releases

Chromium

chromium_iconThere is an update to Chrome/Chromium which arrives in very close succession to the previous update less than two weeks ago. The version number change is minimal, 32.0.1700.77 to 32.0.1700.102, but it addresses several vulnerabilities, so it is advised to update your Chrome and/or chromium packages.

The most important fixes are:

[$1000][330420] High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG.
[$3000][331444] High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler.

I have packages ready for the new chromium:

You can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.

OpenJDK

Pretty quickly after IcedTea 2.4.4, we can now download 2.4.5 from the web site. This is purely a bugfix release (no security issues are addressed) and the new build brings OpenJDK to version “Update 51 Build 31“, thus synchronizing with the upstream’s source tag “u51 b31″. Read GNU/Andrew’s release notes if you want to know what has been fixed.

My functionality tests (jMol and Minecraft) were satisfactory :-) Please note that Firefox and Chrome/Chromium browsers no longer load Java applets (or other plugins) by default and ask you for explicit approval to load and run them.

My new packages have again been compiled on Slackware 13.37.  They are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

New Chromium: 32.0.1700.77

chromium_icon Chromium is the Open Source variant of the Chrome Browser. Both are part of the Chromium project which also has the Chrome OS as a product. Chromium and Chrome share the same codebase, and the closed-source Chrome browser is enhanced with some proprietary features like Adobe’s Pepper Flash plugin.

A new stable release (32.0.1700.77) for the Chrome/Chromium browser has been revealed a few days ago.

It took a little to get the official sources – there was an issue with the Google build bot which creates the source tarballs. I did a successful test build with a tarball I created myself (see below for the recipe if you’re interested) and reported the issue of the missing sources in the packagers Google group. Eventually official sources became available and I rebuilt both packages (i.e. 32-bit and 64-bit) using this tarball.

Get my Chromium packages in one of the usual locations:

You can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.

There are some nice new features in this new “32″ release. The browser tabs will show a small speaker icon if that page is playing audio, and a “play” triangle if video is playing on the page. Another enhancement (not yet experienced here… perhaps I never will :-) ) is that the browser will warn about potentially harmful pages and downloads in a more directly visible way. And if you have kids, now there’s this new feature called “supervised users” where you can define  sub-accounts to your main Chromium account and limit access to sites for those (as well as being able to monitor their browesing history through a new Google control panel).

Apart from all the fancy new stuff, this release is just as much about squashing (security) bugs. You can check out the release page for that, here are the most interesting fixes, quoted directly from the announcement:

  • [$1000][249502High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne.
  • [$1000][326854High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG.
  • [$1000][324969] High CVE-2013-6642: Address bar spoofing in Chrome for Android. Credit to lpilorz.
  • [$5000][321940High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio.
  • [318791] Medium CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani.

If you are new to Chromium and in particular my Slackware-packaged version of it, you should definitely check out my previous post on Chromium where I explain the build requirements and use of API keys that allow you to use the official Google storage for data synchronization and such. That post also mentions more about some extensions to Chromium (PDF viewer and Flash player) which you can extract from the official binary Chrome package.

A few sites to play-test your Chromium browser:

  • http://www.zygotebody.com/ – the Body Browser, using WebGL for fast realtime rendering
  • http://www.quirksmode.org/html5/tests/video.html – HTML5 video tests (several encodings like H.264, WebM and Ogg/Theora)
  • http://www.naclbox.com/ – NaCLBox is an implementation of DOSBox in Chromium’s Native Client, guaranteeing near-native speed of the applications running in the sandbox. NaCLBox offers a lot of good old DOS games which you can play directly in your browser window. Note that my package contains the Native Client (NaCL) whereas the version you can compile using the SlackBuilds.org script will not add NaCl.

Have fun! Eric

PS: this is a script which I wrote as documentation of the manual steps I took to create my own unofficial release source tarball when I got fed up waiting for the official one:

#!/bin/sh
#
# Checking out the sources of an official chromium release,
# by Eric Hameleers
#
# In a working directory, you will create three directories:
# - depot_tools: this contains all the tools needed for creating the tarball
# - checkout: here almost 7 GB of sourcecode will be checked out
# - output: here the chromium-${RELEASE}.tar.xz source tarball will be created.
#
# Some variables:

WORKING_DIR=”${HOME}/chromium_src”

CHROMIUM_REL=”32.0.1700.77″
DT_REPO=”https://chromium.googlesource.com/chromium/tools/depot_tools.git”
RELEASES_URL=”https://src.chromium.org/chrome/releases”

# The actual work (takes a while);
# Checkout 1 GB of source and pack it up:
mkdir -p ${WORKING_DIR}
cd ${WORKING_DIR}

# Clone the depot_tools:
git clone ${DT_REPO}

# Check out the sources:
mkdir ckeckout
cd checkout
PATH=”../depot_tools/:$PATH” gclient config ${RELEASES_URL}/${CHROMIUM_REL}
# At this moment, your config will have been written to a file ‘.gclient’
PATH=”../depot_tools/:$PATH” gclient sync 2>&1 | tee ../sync.log
# The sync will download everything, based on what it found in this file:
# ${CHROMIUM_REL}/DEPS
PATH=”../depot_tools/:$PATH” gclient sync 2>&1 | tee ../sync.2.log

# Pack up the source tarball:
mkdir ../output
python src/tools/export_tarball/export_tarball.py –remove-nonessential-files ../output/chromium-${CHROMIUM_REL}

echo “”
echo “Resulting source tarball is: ${WORKING_DIR}/output/chromium-${CHROMIUM_REL}.tar.xz”
echo “”

It produced a 169MB tarball. I needed a couple of “gclient sync” commands before I finally had all the source code (hopefully all… I have no way of checking if anything is missing).