Main menu:


Please consider a small donation:



Or you can donate bitcoin:


Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank


FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.


My Favourites



October 2015
« Sep    

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages


Another big update in slackware-current

Fire in the hole! Damn the torpedoes.

With 281 new lines in the ChangeLog.txt, this update to slackware-currrent can be called a big one.

But the real interesting stuff is not just those sheer number of updated packages – it’s the new 4.1.6 Linux kernel, the gcc 4.9.3 compiler suite, glibc 2.22 C libraries, mesa 10.6.4,  a new libepoxy package which was required to get glamor 1.0.0 into the xorg-server… exciting times for the adventurous who are running slackware-current!

A note about mesa: it refuses to compile on 32-bit Slackware unless the ARCH is set to i586… gone is the i486 compatibility. Well, if you had watched the ChangeLog.txt these past months you’d already have noticed that updated packages  switched from i486 to i586, but that was voluntary. Mesa is the first real stumbling block.

I am in the process of upgrading my slackware64-current virtual machine and will compile new packages for the multilib gcc and glibc versions… you have to be patient a bit. You can of course go ahead and upgrade to the latest slackware-current, overwriting gcc and glibc with the official versions. All you lose is the ability to run 32-bit programs until my packages are ready. Should not take more than a day.

Pat also warned me about the upgrades to nettle and gnutls. They are likely to break many 3rd party packages because of the change in library version. Please report any broken package from my own repository, so that I can release rebuilt and fixed versions ASAP. Also, libelf was replaced with elfutils but a copy of was added to the aaa_elflibs package to keep the breakage to a minimum.

All this info is thanks to Pat who commented on this upgrade verbosely – it is background information MoZes needs for his slackwarearm, and important for my multilib.

Have fun! Eric

August ’15 security fixes for Adobe Flash

adobe_flash_8s600x600_2In their “tuesday is patch day” routine, Adobe released updated Flash player plugins which adddress many new vulnerabilities (as usual).

For your information: The updated Slackware package for chromium-pepperflash-plugin (to be used together with my chromium package) has version The updated flashplayer-plugin has version

The Chromium plugin was extracted from the official Google Chrome 44.0.2403.155 RPM which was released yesterday. New packages for my own chromium package based on the sources of that same version are being compiled at the moment… it always takes half a day for the sources to become available for download.

My download locations for the Flash plugin packages are unchanged:

If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg update flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.


Rebuilt multilib gcc compiler suite for slackware-current

There were many updates for Slackware-current last night. One of them was a rebuilt gcc compiler suite, and therefore an updated multilib compiler set was due as well.

The new multilib gcc packages are now online, The set of 32-bit “compat32″ packages for slackware64-current has also been refreshed. The gcc packages had to be rebuilt because of other package updates causing library version bumps, but Pat took the opportunity to add two shell scripts “c89” and “c99” that are part of POSIX standard – they call the compiler with additional compatibility parameters. This was necessitated by the fact that recent git checkouts of the VLC mediaplayer would not compile on Slackware because the VLC developers started enforcing a check on the availability of the “c99″ command.

You can obtain the updated multilib packages from the URLs below or from any other mirror near you that carries copies of my repositories:

A refresher on “multilib” for new users of Slackware: if you want to use (binary-only) 32-bit software on a 64-bit Slackware installation then that is not possible out of the box, because Slackware64 is a pure 64-bit OS. You need to expand the OS with “multilib capability” so that the OS can run (and compile) 32-bit programs as well. Examples of 32-bit (closed-source) programs are Skype, Valve’s Steam Client, the WINE emulator, the Pipelight browser plugin, Citrix client etc.

Instructions on how to add or update multilib on your 64-bit Slackware can be found on the Slackware Documentation Project. Also, the slackpkg+ extension to Slackware’s own slackpkg contains the script “” which can help you in setting up multilib properly. With slackpkg+ it is then trivial to keep your multilib installation up to date when updates occur.

Security tip:

One note on the side about last night’s Slackware -current update. The work on this update was supposed to take a while longer because Pat wants to update additional packages and a proper integration is important so that things don’t break due to library incompatibilities. But the update to the mozilla-firefox package addresses a serious and critical security issue. This security fix needed to get out to you people as fast as possible. The exploit (which was found in the wild by an attentive Firefox user and then reported to Mozilla) uses Firefox’s internal PDF viewer implementation to gain access to your local files, and uploads e.g. your ssh configuration and keys, the password file, pidgin and psi configuration files to a Russian server – pretty sensitive things.

If you have been using Firefox 38 or 39 (normal or ESR versions) on your Linux computer and visited dodgy sites recently, and you have ssh keys for accessing remote servers without a password, you may want to consider replacing these ssh keys with fresh ones.

Enjoy! Eric

LibreOffice 5.0.0 and 4.4.5 for your Slackware box

libreoffce_logoWeekend treat: new LibreOffice packages for the latest releases from the Document Foundation.

For our stable Slackware (which is 14.1 of course) I have packaged LibreOffice 4.4.5 which was announced at the end of July. Actually, these packages were already available in my repository for the past couple of days but I wanted to wait with writing about it here until I could bake packages for LibreOffice 5.0.0 as well. Note that “LibreOffice 4.4.5 is replacing LibreOffice 4.3.7 as the ‘still’ version for more conservative users and enterprise deployments” according to the official announcement. Therefore I decided to be conservative and stick with 4.4.5 instead of packaging 5.0.0 for Slackware 14.1.

And then LibreOffice 5.0.0 has finally been released in a stable version. I have shared with you the last few Release Candidates to experiment with on slackware-current and therefore I’m happy to tell you that the stable LibreOffice 5.0.0 is packaged and ready for all of you who are running our development version of Slackware. If you are curious about the new features that LO 5 has to offer, I advise you to visit this overview page. Of course, there are numerous improvements all over the board compared to LO 4 – with a strong focus on the User Interface and interoperability with Microsoft’s and Apple’s office suites.

Get the packages from my server or any mirror closer to you:

Note that you can use slackpkg+ to manage your 3rd party packages if those are maintained in Slackware-compatible repositories (like mine). The “slackpkgplus.conf” configuration file for slackpkg+ already has example entries for my repositories – it will be a matter of “slackpkg update && slackpkg upgrade libreoffice” to upgrade to my latest versions.

Have fun! Eric

Chromium 44 available (Netflix still works)

chromium_iconI have made new packages for the chromium browser and its widevine plugin. Chromium version 44 was released a bit earlier this week, and it took me a while to compile, because the new OpenJDK 7u85 and LibreOffice 5.0.0.rc3 packages were ahead of it in the build queue. Guess what… now that I am writing this blog article after uploading the packages for chromium-44.0.2403.89, I notice that there was a second release of Chromium 44 Stable… today. Which makes me wonder if there was a regression in the earlier source release.

That updated version 44.0.2403.107 may have to wait, because I will be unable to do a lot of Slackware related stuff until august; real life is catching up with me. If there are real useability issues with 44.0.2403.89, let me know and I will see if I can shift priorities or make the older 43.x packages available again. My initial (not exhaustive) testing showed no weirdness at least.

Regardless, it took a few iterations before I got the Widevine CDM adapter to compile properly. I had to look at my chromium-dev package’s history to remember what had changed in version 44. Once I applied that knowledge to the stable sources, it all began to come together. Netflix still works :-) … well, after you’ve installed/upgraded my chromium-widevine-plugin package of course. which contains the proprietary Content Decryption Module.

The new chromium source I compiled into a package, comes with several security fixes, and here are the CVE’s:

  • [$3000][446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
  • [$3000][459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
  • [$TBD][461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to  andrewm.bpi.
  • [$7500][462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.
  • [$TBD][472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
  • [$5500][483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
  • [$5000][486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
  • [$1000][487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
  • [$TBD][487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
  • [$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.
  • [$2000][493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.
  • [$7500][504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.
  • [$1337][419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
  • [$1000][444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.
  • [$500][451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.
  • [479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
  • [$500][482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
  • [$1337][498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
  • [$500][479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to
  • [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.

Get my chromium packages in one of the usual locations:

Change the URL a bit to get the chromium-widevine-plugin  package.

Have fun! Eric