Monthly Archives: September 2019

Chromium critical security update

Earlier this week I already provided a Chromium update in my Slackware repository. That update addressed a critical security issue in the media playback plugin whereby an attacker was able to take over your computer remotely, simply by letting you load an infected page.

But then another critical vulnerability was discovered and two days ago a new Chromium source was released to take care of this security hole in the User Interface code. The new version of Chromium is 77.0.3865.90 and of the four mentioned vulnerabilities on the website, one is a remote-takeover issue.

The packages (for Slackware 14.2 and -current) can be found on my site or any mirror (e.g. http://slackware.uk/people/alien/slackbuilds/chromium/). Please update at your earliest convenience.

Enjoy! Eric

September Edition of Plasma5 for Slackware

After a summer hiatus during which I only released new packages for KDE Frameworks because they addressed a serious security hole, I am now back in business and just released KDE-5_19.09 for Slackware-current.

The packages for KDE-5_19.09 are available for download from my ‘ktown‘ repository. As always, these packages are meant to be installed on a full installation of Slackware-current which has had its KDE4 removed first. These packages will not work on Slackware 14.2. On my laptop with slackware64-current, this new release of Plasma5 runs smooth.

What’s new in the September 2019 release

This month’s KDE Plasma5 for Slackware contains the KDE Frameworks 5.62.0, Plasma 5.16.5 and Applications 19.08.1. All this on top of Qt 5.13.1.

Deps:
The ‘qt5’ and ‘qt5-speech’ packages have been updated to 5.13.1, ‘PyQt5’ was updated to 5.13.0 and there’s a new official ‘polkit-qt5-1’ version too: 0.113.0.
The ‘cryfs’ package was updated to 0.10.2 (the previous version stopped working anyway, after Slackware’s boost upgrade).
The updates to the phonon layer are accompanied by a removal of Qt4 support – phonon is now Qt5-only. Package updates are ‘phonon’ 4.11.0, ‘phonon-gstreamer’ 4.10.0, ‘phonon-vlc’ 0.11.0.
The telepathy deps have two updates: ‘libsignon-glib’ and ‘telepathy-acccounts-signon’. Tell me if you actually use KDE Telepathy! I think it is a heroic but doomed effort to create a voice & video capable IM framework for KDE – it does not work for me and never worked properly for me. I am thinking of completely removing it from my ‘ktown’ package set. Share your thoughts.

Frameworks:
Frameworks 5.62.0 is a regular update release. See: https://www.kde.org/announcements/kde-frameworks-5.62.0.php

Plasma:
Plasma 5.16.5 is the last bug-fix release in the 5.16 cycle, meant to increase the stability of the Desktop part of KDE. See https://www.kde.org/announcements/plasma-5.16.5.php.
Note that the ‘breeze’ and ‘oxygen’ themes in this release of Plasma have removed their support for Qt4 (finally) which means if you still use Qt4/kdelibs based applications, they could start looking weird now. Let me know if I should add a compatibility package containing older breeze/oxygen theme libraries.

Plasma-extra;
I updated ‘kdeconnect-framework’, ‘latte-dock’ and ‘wacomtablet’.

Applications;
Applications 19.08.1 is a stability and bug-fix update for the 19.08 cycle.
Note that due to the summer holidays, I never released the .0 release of this new 19.08 series. For more information, see https://www.kde.org/announcements/announce-applications-19.08.1.php and in particular the release notes for 19.08.0 are full of relevant info.

Applications-extra:
I upgraded ‘krita’, ‘krusader’ and ‘kstars’ to their latest releases.

Where to get it

Download the KDE-5_19.09 from the usual location at https://slackware.nl/alien-kde/current/latest/ . Check out the README file in the root of the repository for detailed installation or upgrade instructions.

Development of Plasma5 is tracked in git: https://git.slackware.nl/ktown/ .
A new Plasma5 Live ISO has been uploaded and you will find it at https://slackware.nl/slackware-live/latest/ (rsync://slackware.nl/mirrors/slackware-live/latest/)

Have fun! Eric

Chromium package updates

There was a new Chromium source release last week, but there were other software releases that had priority to get packages out the door. Therefore I could only chromium packages this weekend.
Chromium 76.0.3809.132 fixes 3 security holes. Note that the version before that (76.0.3809.100) also fixed 4 critical holes but I never packaged that as I went on holiday. So, upgrading now would be a good idea.

The packages (for Slackware 14.2 and -current) can be found on my site or any mirror (e.g. http://slackware.uk/people/alien/slackbuilds/chromium/).

Enjoy! Eric

VLC 3.0.8 packages

largeVLCAlso during my holiday, the VideoLAN developers released version 3.0.8 of their VLC media player.

The Release Notes state that this releases provides fixes for several security issues among wich 11 which are CVE-worthy. Meaning that it’s prudent to upgrade your VLC to 3.0.8 soonest.

I have the new packages available (for Slackware 14.2 and -current) in my repository since a couple of days. I used the opportunity to update the following internal libraries as well: bluray, dav1d, ebml, and matroska.

You will also probably note that there is no “npapi-vlc” package. I decided to retire this VLC based NPAPI webbrowser plugin from my repository. Modern browsers are all moving away from NPAPI plugin support, and relying on HTML5 instead. Chrome/Chromium always only supported PPAPI based plugins anyway.

A note about dependencies for the VLC 3.x packages:

My Slackware packages for VLC are mostly self-contained with all of the supporting libraries compiled into the package. This makes for a minimal dependency on external libraries/packages. But there are some caveats with the new release: most importantly, its interface has switched from Qt4 to Qt5.
While Slackware contains a ‘qt4’ package, it does not contain ‘qt5’ and therefore, the vlc-3.x package introduces some new external dependencies, all related to the Qt5 GUI: SDL_sound, OpenAL, libxkbcommon, qt5. Hopefully Qt5 will get added to Slackware-current sometime in the future.
On Slackware 14.2, two more packages are needed – they have already been incorporated into Slackware-current: libinput and libwacom .

A note on compiling:

When you want to compile VLC 3 yourself, be sure to install java8 and apache-ant or your build will fail.
If you are running Slackware 14.2 you will additionally need the following four packages (required to compile the ‘dav1d‘ decoder): meson, ninja, python3, python3-setuptools .

Where to find the new VLC packages:

Rsync access is offered by the mirror server: rsync://slackware.nl/mirrors/people/alien/restricted_slackbuilds/vlc/ .

For BluRay support, read a previous article for hints about the aacs keys that you’ll need.

My usual warning about patents: versions that can not only DEcode but also ENcode AAC audio can be found in my alternative repository where I keep the packages containing code that might violate stupid US software patents.

Have fun! Eric

LibreOffice updates for Slackware 14.2 and -current

This month, I am building different versions for LibreOffice, for our stable Slackware 14.2 and for the -current testing ground. During my holiday, new versions became available and last week I built packages from those sources.

The 6.2.6 release which was announced by the Document Foundation two weeks ago brings some security fixes to the 6.2 series. Therefore it was important to get rid of the old 6.2.5 packages. I built 6.2.6 for Slackware 14.2 and those packages have been available for download now since early last week. Go get them!

Note: as of this package release, I am no longer including support for KDE4. The “libreoffice-kde-integration” package is no longer available in my repository and you should “removepkg” the older version if you have that installed. The KDE4 support in LibreOffice has been broken for a while and your Office applications will run great on KDE4 without that “KDE integration”. The LibreOffice UI will be based on GTK3 widgets instead and KDE4’s theming engine will make that its User Interface blends in properly.

For Slackware-current I went for the new 6.3 series of LibreOffice instead. The sources for this new release were made public three weeks ago. The release notes state that the 6.3.x office suite should be a lot faster than the previous 6.2.x series with impressively notched-up interoperability support for the Microsoft Office document formats. Go check it out!

The packages for LibreOffice 6.3.0 which are ready for download in my repository, do contain “libreoffice-kde-integration”, yes! Unlike the packages for Slackware 14.2 I have decided to add KDE5 (aka Plasma5) support to my LibreOffice packages for slackware-current from now on.
If you do not have KDE5 packages installed at all, don’t worry. LibreOffice will work great. The KDE integration package will just not add anything useful for you. On the other hand, if you have Plasma5 installed you will benefit from native file selection dialog windows and other integration features. And even if you do not have Plasma5 but you do have Qt5 installed, then you will be able to run LibreOffice with Qt5 User Interface elements instead of defaulting to GTK3.

If you want to compile these Libreoffice 6.3.0 packages yourself, then be aware that by default no KDE5 support will be added. You will have to set the value of the script parameter “ADD_KDE5” to “YES”. Additionally you will have to install the packages that this functionality depends on. Those are: qt5, libxkbcommon, OpenAL, SDL_sound, and all the packages of KDE Frameworks 5. All of these can be  found in my ‘ktown’ repository: https://slackware.nl/alien-kde/current/latest/

Enjoy! Eric