Main menu:

Sponsoring

Please consider a small donation:

 

Also appreciated: support me by clicking the ads (costs nothing) :-)

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

April 2014
M T W T F S S
« Mar    
 123456
78910111213
14151617181920
21222324252627
282930  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Tag cloud

Meta

Chromium and OpenJDK bugfix releases

Chromium

chromium_iconThere is an update to Chrome/Chromium which arrives in very close succession to the previous update less than two weeks ago. The version number change is minimal, 32.0.1700.77 to 32.0.1700.102, but it addresses several vulnerabilities, so it is advised to update your Chrome and/or chromium packages.

The most important fixes are:

[$1000][330420] High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG.
[$3000][331444] High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler.

I have packages ready for the new chromium:

You can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.

OpenJDK

Pretty quickly after IcedTea 2.4.4, we can now download 2.4.5 from the web site. This is purely a bugfix release (no security issues are addressed) and the new build brings OpenJDK to version “Update 51 Build 31“, thus synchronizing with the upstream’s source tag “u51 b31″. Read GNU/Andrew’s release notes if you want to know what has been fixed.

My functionality tests (jMol and Minecraft) were satisfactory :-) Please note that Firefox and Chrome/Chromium browsers no longer load Java applets (or other plugins) by default and ask you for explicit approval to load and run them.

My new packages have again been compiled on Slackware 13.37.  They are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

New Chromium: 32.0.1700.77

chromium_icon Chromium is the Open Source variant of the Chrome Browser. Both are part of the Chromium project which also has the Chrome OS as a product. Chromium and Chrome share the same codebase, and the closed-source Chrome browser is enhanced with some proprietary features like Adobe’s Pepper Flash plugin.

A new stable release (32.0.1700.77) for the Chrome/Chromium browser has been revealed a few days ago.

It took a little to get the official sources – there was an issue with the Google build bot which creates the source tarballs. I did a successful test build with a tarball I created myself (see below for the recipe if you’re interested) and reported the issue of the missing sources in the packagers Google group. Eventually official sources became available and I rebuilt both packages (i.e. 32-bit and 64-bit) using this tarball.

Get my Chromium packages in one of the usual locations:

You can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.

There are some nice new features in this new “32″ release. The browser tabs will show a small speaker icon if that page is playing audio, and a “play” triangle if video is playing on the page. Another enhancement (not yet experienced here… perhaps I never will :-) ) is that the browser will warn about potentially harmful pages and downloads in a more directly visible way. And if you have kids, now there’s this new feature called “supervised users” where you can define  sub-accounts to your main Chromium account and limit access to sites for those (as well as being able to monitor their browesing history through a new Google control panel).

Apart from all the fancy new stuff, this release is just as much about squashing (security) bugs. You can check out the release page for that, here are the most interesting fixes, quoted directly from the announcement:

  • [$1000][249502High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne.
  • [$1000][326854High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG.
  • [$1000][324969] High CVE-2013-6642: Address bar spoofing in Chrome for Android. Credit to lpilorz.
  • [$5000][321940High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio.
  • [318791] Medium CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani.

If you are new to Chromium and in particular my Slackware-packaged version of it, you should definitely check out my previous post on Chromium where I explain the build requirements and use of API keys that allow you to use the official Google storage for data synchronization and such. That post also mentions more about some extensions to Chromium (PDF viewer and Flash player) which you can extract from the official binary Chrome package.

A few sites to play-test your Chromium browser:

  • http://www.zygotebody.com/ – the Body Browser, using WebGL for fast realtime rendering
  • http://www.quirksmode.org/html5/tests/video.html – HTML5 video tests (several encodings like H.264, WebM and Ogg/Theora)
  • http://www.naclbox.com/ – NaCLBox is an implementation of DOSBox in Chromium’s Native Client, guaranteeing near-native speed of the applications running in the sandbox. NaCLBox offers a lot of good old DOS games which you can play directly in your browser window. Note that my package contains the Native Client (NaCL) whereas the version you can compile using the SlackBuilds.org script will not add NaCl.

Have fun! Eric

PS: this is a script which I wrote as documentation of the manual steps I took to create my own unofficial release source tarball when I got fed up waiting for the official one:

#!/bin/sh
#
# Checking out the sources of an official chromium release,
# by Eric Hameleers
#
# In a working directory, you will create three directories:
# - depot_tools: this contains all the tools needed for creating the tarball
# - checkout: here almost 7 GB of sourcecode will be checked out
# - output: here the chromium-${RELEASE}.tar.xz source tarball will be created.
#
# Some variables:

WORKING_DIR=”${HOME}/chromium_src”

CHROMIUM_REL=”32.0.1700.77″
DT_REPO=”https://chromium.googlesource.com/chromium/tools/depot_tools.git”
RELEASES_URL=”https://src.chromium.org/chrome/releases”

# The actual work (takes a while);
# Checkout 1 GB of source and pack it up:
mkdir -p ${WORKING_DIR}
cd ${WORKING_DIR}

# Clone the depot_tools:
git clone ${DT_REPO}

# Check out the sources:
mkdir ckeckout
cd checkout
PATH=”../depot_tools/:$PATH” gclient config ${RELEASES_URL}/${CHROMIUM_REL}
# At this moment, your config will have been written to a file ‘.gclient’
PATH=”../depot_tools/:$PATH” gclient sync 2>&1 | tee ../sync.log
# The sync will download everything, based on what it found in this file:
# ${CHROMIUM_REL}/DEPS
PATH=”../depot_tools/:$PATH” gclient sync 2>&1 | tee ../sync.2.log

# Pack up the source tarball:
mkdir ../output
python src/tools/export_tarball/export_tarball.py –remove-nonessential-files ../output/chromium-${CHROMIUM_REL}

echo “”
echo “Resulting source tarball is: ${WORKING_DIR}/output/chromium-${CHROMIUM_REL}.tar.xz”
echo “”

It produced a 169MB tarball. I needed a couple of “gclient sync” commands before I finally had all the source code (hopefully all… I have no way of checking if anything is missing).

Flash security updates too (and chromium on the horizon)

adobe_flash_8s600x600_2 I mentioned “Patch Tuesday” in my previous post and also mentioned Adobe in passing. The reason is, they made new versions available of their Flash Player Plugin for web browsers. Several security issues have been addressed, you can read all about those in their bulletin “apsb14-02

I packaged both the flashplayer-plugin 11.2.202.335 for Mozilla based browsers, and the pepperflash plugin 12.0.0.41 for (Chrome and) chromium. The former is well-known (you can use it with your Firefox) and the second one has been extracted from the Chrome RPM and re-packaged as a plugin for my chromium package for Slackware.

Packages are here:

 

chromium_icon I am still working on a new chromium 32.0.1700.77 package (the same version as the latest stable version of Chrome) but since the Chromium team have not (yet) released any official source tarball I had to find out how to create such a tarball. The above pepperflash plugin works perfectly with my current chromium-31.0.1650.67 package!

But the finished 64-bit package works OK so far, still testing:

Old:  chromium_about_31.0.1650.67

New: chrome_about_32.0.1700.77  chromium_about_32.0.1700.77

I’ll start the 32-bit SlackBuild after I finish typing.

Oh yeah if you want to package the new google-chrome yourself, you will have to apply this diff to the google-chrome.SlackBuild in the Slackware tree, else your desktop menu icon is fubar:

--- extra/google-chrome/google-chrome.SlackBuild 2012-08-01 20:48:31.000000000 +0200
+++ google-chrome.SlackBuild 2014-01-15 21:34:38.425845534 +0100
@@ -105,9 +105,6 @@
# Install a .desktop launcher:
 sed -i -e "s#Icon=google-chrome#Icon=/opt/google/chrome/product_logo_256.png#" \
- $PKG/opt/google/chrome/google-chrome.desktop
-mkdir -p $PKG/usr/share/applications
-ln -s /opt/google/chrome/google-chrome.desktop \
 $PKG/usr/share/applications/google-chrome.desktop

 mkdir -p $PKG/install

Have fun! Eric

 

OpenJDK 7u51 (created with IcedTea 2.4.4).

Released today: new versions of IcedTea. It usually takes a while for an announcement to appear on Andrew’s blog, but the mailing list announcement was enough for me. Not quite unexpected, since Oracle was huffing and puffing yesterday when the company joined other security-challenged companies like Microsoft and Adobe in what’s lovingly called “patch tuesday“, so I was kind of expecting an OpenJDK follow-up. The flurry of patches that I saw today was a sure sign.

So I got to compile OpenJDK 7u51 using the IcedTea 2.4.4 framework. As with every Java release, this one fixes a slew of security holes. Let me say in full, ”Update 51 Build 00” of OpenJDK 7  addresses these issues:

* Security fixes
  - S6727821: Enhance JAAS Configuration
  - S7068126, CVE-2014-0373: Enhance SNMP statuses
  - S8010935: Better XML handling
  - S8011786, CVE-2014-0368: Better applet networking
  - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list 
  - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code 
  - S8022904: Enhance JDBC Parsers
  - S8022927: Input validation for byte/endian conversions
  - S8022935: Enhance Apache resolver classes
  - S8022945: Enhance JNDI implementation classes
  - S8023057: Enhance start up image display
  - S8023069, CVE-2014-0411: Enhance TLS connections
  - S8023245, CVE-2014-0423: Enhance Beans decoding
  - S8023301: Enhance generic classes
  - S8023338: Update jarsigner to encourage timestamping
  - S8023672: Enhance jar file validation
  - S8024302: Clarify jar verifications
  - S8024306, CVE-2014-0416: Enhance Subject consistency
  - S8024530: Enhance font process resilience
  - S8024867: Enhance logging start up
  - S8025014: Enhance Security Policy
  - S8025018, CVE-2014-0376: Enhance JAX-P set up
  - S8025026, CVE-2013-5878: Enhance canonicalization
  - S8025034, CVE-2013-5907: Improve layout lookups
  - S8025448: Enhance listening events
  - S8025758, CVE-2014-0422: Enhance Naming management
  - S8025767, CVE-2014-0428: Enhance IIOP Streams
  - S8026172: Enhance UI Management
  - S8026176: Enhance document printing
  - S8026193, CVE-2013-5884: Enhance CORBA stub factories
  - S8026204: Enhance auth login contexts
  - S8026417, CVE-2013-5910: Enhance XML canonicalization
  - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms
  - S8027201, CVE-2014-0376: Enhance JAX-P set up
  - S8029507, CVE-2013-5893: Enhance JVM method processing
  - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains

* Bug fixes
  - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds
  - D729448: 32-bit alignment on mips and mipsel
  - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6

Please update your installed openjdk or openjre packages with this new version! You’ll notice that browsers like Firefox and Chrome/Chromium no longer load Java applets by default and ask you for explicit approval to load and run them.

I tested as usual whether jMol and Minecraft (both standalone Java applications) were still working – they do! And again testing the browser plugin was a challenge. Orcacle’s java checker did not work… after the icedtea-web plugin itself loaded properly:

javacheck

This time the plugin triggered an error “net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Unknown Main-Class. Could not determine the main class for this application.” The test at javatester.org was fine though.

Get my packages – they have been compiled on Slackware 13.37 and are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

KDE 4.12.1 for Slackware-current

Last week I uploaded packages for KDE SC 4.11.5 and those were targeting Slackware 14.1. A solid and safe update of KDE for the stable release of Slackware, a wise choice. Today however, I present the first increment to the newer KDE SC 4.12 series. The two series are being developed in parallel with both delivering their final batch on 29 april 2014 (with releases of KDE 4.11.9 and 4.12.5) . KDE SC 4.12.1 was announced today.

KDE Software Compilation 4.12 focuses on improving and polishing KDE Applications. This package set also features the latest version 4.11.5 of the Plasma Workspaces (aka the kde-workspace package). The Workspaces have been feature-frozen at the end of the 4.11 cycle which is why you won’t find a 4.12.1 version of the package. Starting with KDE SC 4.12.2, the KDE Workspaces 4.11.x releases will be synchronized with those of KDE Applications and Development Platform 4.12.x.

I built these packages on Slackware-current. I have not tested them on Slackware 14.1 but people have reported that the previous KDE release 4.12.0 ran on it without issues.

What’s new in KDE 4.12?

KDE keeps an up-to-date feature plan page for the 4.12 release, as they do for every release past and future. The Kwebkit package has been updated as promised in my previous post. I also updated (lib)kscreen and oxygen-gtk{2,3} packages. A LibRaw package was added as a new dependency for KDE 4.12.0 and of course it’s still there for KDE 4.12.1. An updated version of partitionmanager was added to my repository shortly after the release of KDE 4.12.0 because the version which Slackware ships in its “/extra” package section stopped working. I realize now that I never announced that in the ktown ChangeLog.txt. Due to it being New Year’s Eve at the time I guess.

How to upgrade to KDE 4.12 ?

You will find all the installation/upgrade instructions that you need in the accompanying README file. That README also contains basic information for KDE recompilation using the provided SlackBuild script.

You are strongly advised to read and follow these installation/upgrade instructions!

Where to find packages for KDE 4.12 ?

Download locations are listed below (you will find the sources in ./source/4.12.1/ and packages in /current/4.12.1/ subdirectories). Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric