Alien Pastures

My thoughts on Slackware, life and everything

Month: February 2013 (Page 1 of 3)

OpenJDK 7u15 bugfix release ready

February 20, 2013 / / 4 Comments

Quite rapidly, new versions of the icedtea “build harness” have been released, which create an updated OpenJDK 7u15. The 15th update to Java7 addresses several vulnerabilities.

Read all about it on Andrew John Hughes‘s blog article. GNU/Andrew is the release manager for Icedtea.

Here is the list (taken from that page) of the vulnerabilities which have been plugged and their CVE numbers:

Packages for OpenJDK, compiled on Slackware 13.37 (and useable on 13.37 as well as 14.0 and -current!), can be found at the usual locations. Here are a few:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

 

Steam client for Linux is out of Beta

February 14, 2013 / / 23 Comments

steamThe Steam client for Linux is finally out of Beta! This is being celebrated by offering large discounts on all 54 Linux games which are currently available on the Steam platform. So if you wanted to play the Original Half-Life natively on Slackware, you only have to shell out a measly few bucks. If there is enough interest I will open up my Half-Life Dedicated Server “Eindhoven Aliens” from time to time when I am online and willing to get slaughtered. Which reminds me that I still have to write my blog article on how I setup that HLDS – it was not trivial.

I updated my steamclient package to version 1.0.0.27. Join the Slackware group on Steam Community if you use it.

Cheers, Eric

OpenJDK 7u13_b20 available: a security update

February 13, 2013 / / 0 Comments

The icedtea “build harness” which I use to compile my OpenJDK and icedtea-web packages had a series of updates past week. Icedtea is available in several flavours, and it is able to build OpenJDK versions of Java 6 and 7 (and pre-release versions of Java 8 even, but that is beside the point here).

Several updates for icedtea 1.x (the version which creates OpenJDK 6 binaries) were released last week, mainly because it had been a year since the last release and updates were long overdue.

Andrew John Hughes, the release manager for Icedtea, had originally planned for icedtea 2.x releases as well, last week, but apparently the patches submitted by Oracle caused regressions which took their time to be fixed. Eventually, there is a new release: icedtea-2.3.6 builds an OpenJDK 7u13_b20. That version number (Java 7 Update 13) brings OpenJDK back in line with the versioning of Oracle’s binary-only Java. Note that this “update 13” does not really mean OpenJDK is equal to the Oracle release. Icedtea adds a lot of patches and additional functionality to the OpenJDK. Icedtea also allows for the compilation of an open-source equivalent of Oracle’s closed-source Java Browser Applet: icedtea-web.

An impressive lists of vulnerabilities which have been plugged by the OpenJDK 7u13 release:

 * S6563318, CVE-2013-0424: RMI data sanitization
* S6664509, CVE-2013-0425: Add logging context
* S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
* S6776941: CVE-2013-0427: Improve thread pool shutdown
* S7141694, CVE-2013-0429: Improving CORBA internals
* S7173145: Improve in-memory representation of splashscreens
* S7186945: Unpack200 improvement
* S7186946: Refine unpacker resource usage
* S7186948: Improve Swing data validation
* S7186952, CVE-2013-0432: Improve clipboard access
* S7186954: Improve connection performance
* S7186957: Improve Pack200 data validation
* S7192392, CVE-2013-0443: Better validation of client keys
* S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
* S7192977, CVE-2013-0442: Issue in toolkit thread
* S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
* S7200491: Tighten up JTable layout code
* S7200493, CVE-2013-0444: Improve cache handling
* S7200499: Better data validation for options
* S7200500: Launcher better input validation
* S7201064: Better dialogue checking
* S7201066, CVE-2013-0441: Change modifiers on unused fields
* S7201068, CVE-2013-0435: Better handling of UI elements
* S7201070: Serialization to conform to protocol
* S7201071, CVE-2013-0433: InetSocketAddress serialization issue
* S8000210: Improve JarFile code quality
* S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
* S8000539, CVE-2013-0431: Introspect JMX data handling
* S8000540, CVE-2013-1475: Improve IIOP type reuse management
* S8000631, CVE-2013-1476: Restrict access to class constructor
* S8001235, CVE-2013-0434: Improve JAXP HTTP handling
* S8001242: Improve RMI HTTP conformance
* S8001307: Modify ACC_SUPER behavior
* S8001972, CVE-2013-1478: Improve image processing
* S8002325, CVE-2013-1480: Improve management of images

But this version of IcedTea supposedly also brings a fix for building on ARM architectures using Zero’s HotSpot – all patches apply again. I hope Stuart Winter will be happy.

Packages for OpenJDK, compiled on Slackware 13.37 (and useable on 13.37 as well as 14.0 and -current!), can be found at the usual locations.  Here are a few:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

I will repeat these notes:

  • You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (smaller) openjre package instead.
  • If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation, so that you will get the proper Java environment.
  • Test your java browser plugin online: http://javatester.org/version.html or http://www.java.com/en/download/testjava.jsp .

After upgrading you should see this when running java or javac:

$ java -version
java version “1.7.0_13”
OpenJDK Runtime Environment (IcedTea7 2.3.6) (Slackware)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
$ javac -version
javac 1.7.0_13

I tested the new packages with a short game of MineCraft and running JMol… and had no issues.

Eric

 

Update to Flash Player plugs vulnerabilities

February 12, 2013 / / 2 Comments

Adobe issued a security bulletin for their Adobe Flash Player. On APSB13-04 two CVE’s are mentioned – CVE-2013-0633 and CVE-2013-0634. Of those two, CVE-2013-0634 is the vulnerability which affects Linux users, because it is being exploited “in the wild” in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox.

There is an update available for Chrome browser (update to the latest release please) and for the Flash Player plugin for Firefox. I have a package for that flashplayer-plugin and therefore I pushed an update so that you can “safely” use Flash content again in Firefox.

Mind you – if you are using the beta Steam Client for Linux (i.e. the client for Valve Software’s gaming platform) you will have a package for that flash player because it is used to display the video content in the Steam client. If you use Steam on multilib Slackware64 then you will have a “compat32” package of that flashplayer-plugin – do not forget to update that one as well!

Packages for flashplayer-plugin 11.2.202.270 can be obtained (and used on Slackware 13.37 and higher, and perhaps even older releases) in the following places:

After the package upgrade, restart Firefox and visit this website to verify that your Flash Player Plugin is indeed the correct version: http://www.adobe.com/software/flash/about/

Eric

Slackware-current adopts KDE SC 4.10

February 12, 2013 / / 15 Comments

It happened faster than I had thought, considering the slow pace at which slackware-current has been evolving these past months. But there is a massive flurry of activity and Patrick Volkerding has pushed lots of updates to the development branch of Slackware lately. Quite interesting was the addition of the elilo and gnu-efi packages of course, which indicate future support in Slackware for UEFI-based hardware (UEFI being the sucessor to the good old BIOS). Slackware already supported GPT partition tables (successor of the good old MBR) so this looks promising for buyers of “Secure Boot” computers. Don’t forget to wipe that awful Windows 8 first! It would not make any sense to keep it on a computer if you can install Slackware on it in its place.

But anyway, that was a side-step. I actually wanted to talk about the update of KDE Software Compilation. Slackware-current has now KDE SC 4.10, essentially the same packages that I am offering on my ktown repository, with the same patches and using the same KDE.SlackBuild framework, but then built on Slackware-current as opposed to my Slackware 14 based build. Hooray!

I guess some of you who are running slackware-current, have been wondering how you can most elegantly upgrade from the “alien” packages to the official Slackware KDE packages plus dependencies. Well, here is how I did it today, using slackpkg:

  1. Edit your “/etc/slackpkg/blacklist” and comment the line out that says “[0-9]+alien“. This will allow slackpkg to touch my packages (those that have the “alien” build tag) Note that this should still keep your multilib packages blacklisted, because those have a build tag that ends on “compat32” and for which you have the line “[0-9]+compat32” in the blacklist. Note that the exceptions are the multilib gcc and glibc packages!
  2. Run “slackpkg update” to refresh slackpkg’s knowledge of the Slackware version you are running
  3. Run “slackpkg install-new” to install any new packages like elilo and gnu-efi which were recently added
  4. Run “slackpkg upgrade-all”, and carefully check the list of package upgrades which slackpkg proposes. This step will upgrade KDE and iots dependencies, making the switch from my packages to the official Slackware versions. Make sure that you DE-select the gcc and glibc packages if you are running a multilib 64-bit Slackware-current!
  5. Edit “/etc/slackpkg/blacklist” again, and remove the comment in front of the line “[0-9]+alien“.
  6. Now run “slackpkg clean-system” and carefully inspect the list of packages which slackpkg offers to remove from your computer. Only leave packages selected which you want to get rid of! De-select all other packages (usually those would be 3rd-party packages you want to keep)
  7. Do a final check for remaining KDE packages you may have missed. Run the following two commands to check for left-over Slackware original KDE 4.8.5 packages and my own KDE 4.10 packages – and remove packages which you see listed: “ls /var/log/packages/*4.8.5*” and “ls /var/log/packages/*4.10.0*alien

That’s it! Reboot the computer and enjoy KDE 4.10!

Remember, if you just upgraded to KDE 4.10 and experience weird problems in the Plasma workspace, this can be related to KDE caches of an older release. Log out of KDE, and run the following commands to get rid of old cache data – don’t worry, these directories will be automatically re-created and re-populated (The “$USER” environment variable is actually your login username):

$ rm -r /tmp/kde-$USER/
$ rm -r /tmp/ksocket-$USER/
$ rm -r /var/tmp/kdecache-$USER/

Cheers, Eric

« Older posts

© 2024 Alien Pastures

Theme by Anders NorenUp ↑