Alien Pastures

My thoughts on Slackware, life and everything

Month: October 2014

October Flash Dance

October 18, 2014 / / 7 Comments

Chromium and Pepper Flash:

chromium_iconChrome was updated last week (I failed to notice because of the crunch mode at work) with a new Flash from Adobe. I had just updated the Chromium package for Slackware last week, but I decided to apply the micro version upgrade anyway.

More detail on the Chrome releases blog for Chromium 38.0.2125.104 – some bugs were fixed but apart from the Flash upgrade in Chrome, not much exciting there. The real heavy lifting was done for last week’s release.

I took the binaries from that new Chrome RPM and used those to update my Slackware package for chromium-pepperflash-plugin. New version is 15.0.0.189.

Linux Flash:

adobe_flash_8s600x600_2 Adobe releases its Flash updates for all platforms, one of them is the “legacy” Linux NPAPI plugin for Mozilla-compatible browsers. See Adobe’s monthly security bulletin for all the version numbers and vulnerabilities. The Linux flashplayer-plugin went up to 11.2.202.411.

 

 

Pipelight with Windows Flash:

pipelight-logoFor my pipelight package, you can easily update the Windows plugins it installed for you earlier (including the Windows Flash player if you use that) by running (as root) the script:

# pipelight-plugin --update

A new package is not required therefore.

 

Eric

New OpenJDK 7: Update 71 with lots of fixes

October 15, 2014 / / 4 Comments

icedtea Oracle’s patch & release cycle culminated in two updates of their Java (runtime and development kit) since the last release of OpenJDK for which I provided packages. Today, we can enjoy a new IcedTea and therefore an updated OpenJDK which synchronizes to Oracle’s October security patch release (which offers Java 7 Update 71).

IcedTea (my favourite build harness for a spiced-up OpenJDK) went up to version 2.5.3 and it builds OpenJDK 7 “Update 71 Build 14” (resulting in a package openjdk-7u71_b14).

The release announcement is conveniently posted to the release manager’s blog. Read all about it on GNU/Andrew’s site.

Noteworthy is that “alternate virtual machines (e.g. CACAO, JamVM) will be broken by this release, until such a time as they introduce support for JVM_FindClassFromCaller, a new virtual machine interface function added by S8015256” which is bad news for people who want to compile this on ARM. Those are the two which I enable to get some speed into Java on the ARM platform.

Also important to mention is the CVE’s which are addressed by this security update. A pretty bunch and therefore a speedy upgrade is recommended:

openjdk_7u71

Note about usage:

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to nstall one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

The package has one dependency: rhino provides JavaScript support for OpenJDK.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

My Linux Rig

October 14, 2014 / / 11 Comments

An interview for “My Linux Rig” by Steven Ovadia. One of the site’s features is “The Linux Setup”interviews with people about their Linux setups.

Lots of interesting people have been interviewed there in the past, I feel grey and bland in comparison. I returned an email interview early August and it was posted today. I manage to keep quiet about systemd 😉

See http://www.mylinuxrig.com/post/100003933891/the-linux-setup-eric-hameleers-slackware-linux

Have fun! Eric

KDE update: 4.14.2. No KDE5 updates yet – devs need to get their act together

October 14, 2014 / / 28 Comments

qt-kde-620x350Remember when everybody was so excited that the KDE developers abandoned their “monolithic” release schedule where all the software was stamped with the same version number and released as a “Software Compilation”…

There have been a number of releases for the KDE Frameworks 5 and Plasma 5 (which depend on the Frameworks) in decoupled release schedules. To me it is clear  that the developers are not (yet) ready for this. Their workflows appear to be such that they write code which depends on other modules’ code which only exists in a Git repository. With the old “Software Compilation” that was never an issue since all these sources would be released simultaneously. Nowadays we are facing independent release schedules and what is the (expected) result? Software starts breaking down because not all of the git code is being released at the time when the dependent code gets released.

Therefore I refuse to build and release Slackware packages for the latest/pending “KDE 5” software set, consisting of Frameworks 5.3.0 (in part 5.3.1 now, apparently) and Plasma 5.1.0. It is a freaking mess with updates, reverts and apologies all abound on the mailinglists. Get your act together! In emergency and disaster responce training, you’ll learn that it’s all about communication. IT is no different in software development. In the “bazaar” model, it is still required of people to coordinate the joint effort or else you’ll end up with a pile of loose sand instead of something solid and useful. Coordination is communication during, not after the events.

Knowing the KDE community, the future releases of the KDE 5 components will gradually reach mature levels again.

And hey! There still is the good old KDE4. A set of Slackware packages for KDE 4.14.2 is ready for you to download and install as of now. The source release was made public  earlier today. As expected from KDE4, it is all about bugfixes and stability enhancements.

None of the dependencies I maintain for KDE 4 had to be upgraded in comparison with my previous release of KDE 4.14.1 packages. KDE 4.14.2 bundles the sources of kactivities-4.13.3 (taken from the KDE 4.13 major release) because no new tarball is being made available. For kde-workspace, an update to 4.11.13 was provided by the developers. I promise that I will have gstreamer-1 packages done for the KDE 4.14.3 release and build artikulate (fingers crossed)!

How to upgrade to KDE 4.14.2 ?

You will find all the installation/upgrade instructions that you need in the accompanying README file. That README also contains basic information for KDE recompilation using the provided SlackBuild script.

You are strongly advised to read and follow these installation/upgrade instructions! Note that this is only useful for you if you are running slackware-current, i.e. our development version. If you are running SLackware 14.1 then there’s still a fairly recent KDE 4.13.3 for you.

Where to find Slackware packages for KDE ?

Download locations are listed below.

You will find the KDE 4.14.2 sources in ./source/4.14.2/ and packages in /current/4.14.2/ subdirectories.

Note that I have symlinks in place (useful for users of a package manager and running slackware-current) so that ./current/latest/ will always point to the latest stable KDE release, and ./current/testing/ will always point to the most recent testing release (currently that’s Frameworks 5 and Plasma 5). Let’s hope there will be something fresh in that “testing” area soon.

Using a mirror is preferred because you get more bandwidth from a mirror and it’s friendlier to the owners of the master server!

Have fun! Eric

LibreOffice, Chromium news

October 11, 2014 / / 19 Comments

I had a couple of busy weeks at work, and even though I managed to get some updated packages out the door, there was no opportunity to write about them earlier. I bought a ChromeCast and played with that instead to force myself to stay awake after dinner. So, what was new in the last two weeks?

LibreOffice:

Right before LibreOffice turned four years old, The Document Foundation announced LibreOffice 4.3.2. Belated happy birthday to the project! More than 80 fixes went into this minor release, with a focus on interoperability issues when reading or writing Microsoft Office (DOCX, XLSX and PPTX) files.

My previous article which I wrote for LibreOffice 4.3.1 has some additional info on the 4.3 series, should you not have read it before.

LibreOffice 4.3.2 packages for Slackware 14.1 and -current are ready for download from the usual mirror locations:

If there is anyone who has a solution for LibreOffice being incapable to ignore the system harfbuzz library and use an internal version instead… please let me know. It annoys the hell out of me that I can not use the updated harfbuzz in my ‘ktown‘ repository without breaking LibreOffice.

Chromium:

chromium_iconA couple of days ago Chromium stable was updated to 38.0.2125.101. The package which I have built is just for Slackware 14.1 & current. I am pondering an update for the package for Slackware 13.37 & 14.0 but don’t hold your breath. I’ll meet you halfway: I have refreshed the chromium_1337.SlackBuild script in case you want to compile a new one yourself (that script builds the package which I offer for both the older Slackware releases).

Taken from the Chrome releases blog: Chromium 38.0.2125.101 addresses a whopping amount of 159 security fixes, of which these stand out –

  • [$27633.70][416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
  • [$3000][398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [$3000][400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang (demi6od) of NSFOCUS Security Team.
  • [$3000][402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
  • [$2000][403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
  • [$1500][399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
  • [$1500][401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
  • [$4500][403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
  • [$3000][338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
  • [$1500][396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
  • [$1500][415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
  • [$500][395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.

This list shows that there is a healthy interest from external researchers to audit the code and contribute to the security of the browser (not only Chrome, but Chromium and Chrome OS profit from these as well). The biggest bonus of over 27 thousand dollars shows that Google is taking security very seriously. They recently announced that they were going to increase the value of these bonuses… et voilà!

Get my Chromium 38.0.2125.101 packages in one of the usual locations:

Let me remind you again, that you can subscribe to the repository’s RSS feed if you want to be the first to know when new packages are uploaded.
Eric

© 2024 Alien Pastures

Theme by Anders NorenUp ↑