Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 223 other subscribers

My Favourites

Slackware

Calendar

August 2016
M T W T F S S
« Jul    
1234567
891011121314
15161718192021
22232425262728
293031  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

Meta

Chromium 51 packages available

chromium_iconGoogle updated the stable branch of the Chromium browser to a new major version number: “51”. An overview of the changes since the previous “50” release are found in Google’s git. Updated packages for Slackware 14.1 and -current are now available from my repository, for the download URLs see below.

The announcement on the Google Chrome Releases blog mentions a list of vulnerabilities that were addressed with this release. Here are the ones that got a CVE rating… it sure pays off to be a security researcher and find Google Chrome vulnerabilities:

  • [$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
  • [$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
  • [$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
  • [$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
  • [$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
  • [$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  • [$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
  • [$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
  • [$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
  • [$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
  • [$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
  • [$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  • [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  • [$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
  • [$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  • [$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
  • [$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
  • [$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
  • [$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan
  • [614767] CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives.

 

As always, it is strongly advised to upgrade to this new version of Chromium. Get my chromium packages in one of the usual locations:

The widevine and pepperflash plugin packagess for chromium can be found in the same repository. The 64bit version of the Widevine plugin was updated with new libraries extracted from the official Google Chrome for Linux; the new Chrome does not contain a newer PepperFlash than what I already have in my repository.

Remember, even though I can still provide a 32bit Chromium browser, Google has ceased providing a 32bit version of their own Chrome browser – which means, no more updates to the 32bit PepperFlash and Widevine plugins.

Have fun! Eric

Stable 1.0.0 release of liveslak

blueSW-64pxYesterday on the final day of my short holiday (of sorts) I prepped and released version 1.0.0 of my “liveslak” project. It is stable and the bugs that were reported (plus some more) have been taken care of.

The “1.0.0” marker is not the end of its development of course. It means that I consider the project production-ready.  It will be used to create Live Editions of Slackware 14.2 (64bit and 32bit) when that is released. There’s still some more ideas for liveslak that I want to implement and those will become available as 1.x releases.

For demonstration purposes I have generated a new set of ISO images using liveslak version 1.0.0. There are ISO images for a full Slackware (64bit and 32bit versions), 64bit Plasma5 and MATE variants and the 700MB small XFCE variant (also 64bit). They are based on Slackware-current dated “Thu May 12 01:50:21 UTC 2016“.

This weekend I will “re-write” the original blog post on Slackware Live because it is the page that has had the biggest hit rate for the past months. People reading that original article may think that this project is still immature and not usable. I will re-write it into a landing page for anyone who is interested in a Live Edition of Slackware, and copy the original text to a new article for reference purposes. All previous articles about the liveslak project aka “Slackware Live Edition” are accessible through this shortcut link by the way.

The changes between 0.9.0 and 1.0.0

Not much was changed actually:

  • I added a new “tweaks” boot option to tweak various aspects of the system. As documented in the Wiki, these are the currently implemented tweaks (multiple tweak values can be combined when comma-separated):
    • nga – no glamor 2D acceleration, avoids error “EGL_MESA_drm_image required”. Because we now have “tweaks=nga“, the old boot parameter “nga” which did the same thing has been removed.
    • tpb – enable TrackPoint scrolling while holding down middle mouse button (a TrackPoint is found on IBM/Lenovo laptops but not only there).
    • syn – start the syndaemon for better support of Synaptics touchpads.
    • ssh – start the SSH server (it is disabled by default). 
  • The SSH daemon is disabled by default now. The default login accounts and passwords of Slackware Live Edition are too easy to find out. Imagine what could happen if you booted Slackware Live on a public network like an internet café!
    Note that you can still enable the SSH daemon on boot: by providing the “tweaks=ssh” boot parameter.
  • The few bugs reported since 0.9.0 have been fixed and I found a few bugs and enhancements too, which have also been dealt with. Check out the commit log if you are interested.

Download the ISO images

The ISO variants of Slackware Live Edition are: SLACKWARE, XFCE, PLASMA5 and MATE. These ISO images (with MD5 checksum and GPG signature) were uploaded to the master server (bear) yesterday and should be available by now on the mirror servers.

Have fun! Eric

Updates for LibreOffice, Chromium, Calibre, QBittorrent, Veracrypt

I have been preparing a stable release of liveslak, and I wanted the PLASMA5 ISO to have up-to-date software taken from my own “alien” package repository. So I downloaded the latest sources and have prepared new packages for Slackware-current on which the Live ISOs are based, for the following:

  • LibreOffice:
    LibreOffice 5.1.3 is a minor update, focusing on bug fixes.
  • Chromium:
    Chromium 50.0.2661.102 is a security fix, addressing 5 CVE’s. Some days earlier I already uploaded a newer version of the PepperFlash plugin for Chromium. Note that Google no longer releases 32bit versions of its Chrome browser, so that the PepperFlash and Widevine plugins will see only 64bit updates.
  • Calibre:
    Nothing really exciting about the new 2.56.0 version. Kovid Goyal keeps improving this e-book library management program at a steady rate. Its GUI uses Qt5 so this is a natural inclusion for the Plasma5 Live ISO.
  • QBittorrent:
    Version 3.3.4 is the latest of this great bittorrent client with a Qt4 based GUI (I have not switched to its new Qt5 based GUI yet)
  • Veracrypt:
    The successor of TrueCrypt when that program stopped being developed. VeraCrypt fixes many (security) bugs that were still present in TrueCrypt. Its development continues with the 1.17 release while remaining compatible with older TrueCrypt containers.

Now we just need to cross fingers and hope that there will be a release of Slackware 14.2 soon, so that I can create definitive versions of Slackware Live Edition.

Packages for the aforementioned software can be obtained from these mirror sites and probably others too:

Cheers! Eric

KDE 5_16.05 for Slackware -current

plasma5_startupWhile everyone is waiting for the 14.2 release of our beloved Slackware Linux distribution, those pesky developers keep releasing their own software. So this was the week where KDE Frameworks, Plasma and Applications all had newer versions than I have in my repository. Guess what – I have prepared a new set of Plasma5 packages for the month of May so that I am ready for a new Live ISO… next Slackware release or not.

KDE 5_16.05 is my May release of the combined KDE Frameworks 5.22.0, Plasma 5.6.4 and Applications 16.04.1.

plasma5_about_distro

What’s new in KDE 5_16.05?

  • Frameworks 5.22.0 is an enhancement release with one new framework which was moved here from Plasma: kwayland (we do not yet use this in Slackware). See https://www.kde.org/announcements/kde-frameworks-5.22.0.php
  • Plasma 5.6.4 is another bugfix release of the 5.6 series. See https://www.kde.org/announcements/plasma-5.6.4.php .
  • Applications 16.04.1 is also a maintenance release. See https://www.kde.org/announcements/announce-applications-16.04.1.php .
  • I have fixed the ‘sddm-qt5’ package and now SDDM starts (almost) instantaneously again when entering runlevel 4. Some months ago, the “sddm” user account which is used by SDDM was added to Slackware by Patrick, but it was configured with homedirectory which is not useful (“/var/empty” instead of what my package uses, “/var/lib/sddm”). The “sddm” user account writes its status files to its homedirectory. The ‘sddm-qt5’ package’s post-installation script (doinst.sh) will now modify the homedirectory of the “sddm” user if it already exists on the system. Tip: after upgrading, please check the “sddm” account (using getent passwd sddm” command) and fix the homedirectory manually if for whatever reason, the ‘doinst.sh’ script was not successful in its modification.

All in all, a fairly trivial upgrade if you already have my Plasma 5 packages installed. See below for install/upgrade instructions. If you want to give it a trial run, I hope to have a Live ISO available at http://bear.alienbase.nl/mirrors/slackware-live/ soon. Check the timestamp of the “slackware64-live-plasma5-current.iso” ISO.

Installing or upgrading Frameworks 5, Plasma 5 and Applications

You can skip the remainder of the article if you already have my Plasma 5 installed and are familiar with the upgrade process. Otherwise, stay with me and read the rest.

As always, the accompanying README file contains full installation & upgrade instructions. Note that the packages are available in several subdirectories below “kde”, instead of directly in “kde”. This makes it easier for me to do partial updates of packages. The subdirectories are “kde4”, “kde4-extragear”, “frameworks”, “kdepim”, “plasma”, “plasma-extra”, “applications”, “applications-extra” and “telepathy”.

Upgrading to this KDE 5 is not difficult, especially if you already are running KDE 5_16.04. You will have to remove old KDE 4 packages manually. If you do not have KDE 4 installed at all, you will have to install some of Slackware’s own KDE 4 packages manually.

What I usually do is: download all the ‘ktown’ packages for the new release to a local disk. Then run “upgrade –install-new” on all these packages. Then I check the status of my Slackware-current, upgrading the stock packages where needed. The slackpkg tool is invaluable during this process of syncing the package installation status to the releases.

Note:

If you are using slackpkg+, have already moved to KDE 5_16.04 and are adventurous, you can try upgrading using the following set of commands. This should “mostly” work but you still need to check the package lists displayed by slackpkg to verify that you are upgrading all the right packages. Feel free to send me improved instructions if needed. In below example I am assuming that you tagged my KDE 5 repository with the name “ktown_testing” in the configuration file “/etc/slackpkg/slackpkgplus.conf“):
# slackpkg update
# slackpkg install ktown_testing (to get the newly added packages from my repo)
# slackpkg install-new (to get the new official Slackware packages that were part of my deps previously)
# slackpkg upgrade ktown_testing (upgrade all existing packages to their latest versions)
# removepkg xembed-sni-proxy ktux amor kde-base-artwork kde-wallpapers kdeartwork (they don’t exist in the repo anymore)
# slackpkg upgrade-all (upgrade the remaining dependencies that were part of my repo previously)

And doublecheck that you have not inadvertently blacklisted my packages in “/etc/slackpkg/blacklist“! Check for the existence of a line in that blacklist file that looks like “[0-9]+alien” and remove it if you find it!

Recommended reading material

There have been several posts now about KDE 5 for Slackware-current. All of them contain useful information, tips and gotchas that I do not want to repeat here, but if you want to read them, here they are: http://alien.slackbook.org/blog/tag/kde5/

A note on Frameworks

The KDE Frameworks are extensions on top of Qt 5.x and their usability is not limited to the KDE Software Collection. There are other projects such as LXQT which rely (in part) on the KDE Frameworks, and if you are looking for a proper Frameworks repository which is compatible with Slackware package managers such as slackpkg+, then you can use these URL’s to assure yourself of the latest Frameworks packages for Slackware-current (indeed, this is a sub-tree of my KDE 5 “testing” repository):

Where to get the new packages for Plasma 5

Download locations are listed below (you will find the sources in ./source/5/ and packages in /current/5/ subdirectories). If you are interested in the development of KDE 5 for Slackware, you can peek at my git repository too.

Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric

Slackware Live Edition – final testing please

blueSW-64pxMy gut feeling tells me that I should announce a stable release of my “liveslak” project soon. I have implemented much more than I set out to do from the beginning, and no bugs have surfaced for a while.

So it was time to stamp a final beta number on the liveslak sources and generate new Slackware Live ISO images. I want you to give them a spin and report any bugs that you find. Otherwise there may well be an 1.0.0 release after the weekend.

Official liveslak version number is 0.9.0 (Beta9). The ISO images (full Slackware, Plasma5 and MATE variants as well as the lean XFCE variant) are based on Slackware-current dated “Thu May  5 05:17:19 UTC 2016” with the latest 4.4.9 kernel. Again, I added an ISO of the 32bit variant of full Slackware Live.

By now the ISO images have been uploaded to “bear” and ready for your consumption.

For background info on my project “Slackware Live Edition” please read the previous articles.

What’s new in 0.9.0?

  • A PXE server was added, through a script called “pxeserver”.
    When you boot Slackware Live from a Live media on one computer (the server), and preferably load the Live media into RAM using the “toram” boot parameter and start the “pxeserver” script, you enable every other computer in your (wired) LAN to boot Slackware Live over the network. If the “server” has Internet, then so will the PXE clients because the server will act as a traffic router. See the documentation on how to start and use the PXE server.
  • The ISO image is still a “hybrid” ISO, meaning you can use “cp” or “dd” to transfer the ISO onto a USB stick to make that a bootable Live medium. But I changed the parameters of the “isohybrid” program to match the ones used for the official Slackware ISO images – this fixes the problem where my ISOs failed to boot in VirtualBox when the file was larger than one GB. So, every curious journalist out there who wants to give Slackware Live Edition a try will get her chance without complaining.
  • Many other significant improvements and bug fixes during the past weeks. Check out the commit log if you are interested.

Download the ISO images

As stated above, you can choose between several variants of Slackware Live Edition. There’s ISO images for the SLACKWARE, XFCE, PLASMA5 and MATE flavours using the latest Slackware-current packages available. The Plasma5 variant comes with KDE Frameworks 5.21.0, Plasma 5.6.3 and Applications 16.04.0 on top of Qt5 5.6.0. The Mate 1.14 packages have all beeen recompiled by Willy Sudiarto Raharjo to take away any possibility of issues resulting from recent library updates in Slackware.

The ISO images (with MD5 checksum and GPG signature) are available on the master (bear) and should be available soon on the mirror servers. Check out the “0.9.0” subdirectory for ISOs based on the liveslak-0.9.0 scripts. A symlink called “latest” will always point to the latest set of ISO images.

Things to remember when you boot the ISO

The Slackware Live Edition comes with two user accounts: user ‘root’ (with password ‘root’) and user ‘live’ (with password ‘live’). My advice is to login as user live and use “su” or “sudo” to get root access.
Note: the “su” and “sudo” commands will ask for the ‘live’ user’s password!

Consult the documentation for assistance with the various boot parameters you can use to tailor the Live OS to your needs. The syslinux boot has help screens behind the F2, F3, F4 and F5 function keys and the grub boot screen has a “help on boot parameters” menu entry.

Slackware Live Edition is able to boot both on BIOS-based computers (where syslinux takes care of the boot menu) and UEFI systems (where grub builds the boot menu, which looks quite similar to the syslinux menu):

liveslak-0.9.0-xfce

Have fun! Eric