Chromium 100 out-of-band security update addresses (again) a single vulnerability

I have uploaded new chromium 100 packages for Slackware. The chromium-ungoogled 100 packages are currently being built and will follow shortly.
What’s with all these updates that follow rapidly on each others’ heels? Just like the recent Chromium 99 security update which addressed a single critical vulnerability, last monday Google announced on their official blog the immediate availability of Chromium 100.0.4896.75. This hotfix release plugs a single hole which Google deemed serious enough to warrant the update. See CVE-2022-1232. The difference with last week is that no known exploit of this vulnerability is reported yet.
Still, it’s highly recommended that you upgrade ASAP.

My Chromium 100.0.4896.75 packages can be downloaded from my own repository (or any mirror that has synced up), for instance:

Once I have finished compiling the un-googled version of chromium and uploaded the packages, I will mention it in the comments section below and you can download them from: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

Until I get tired of compiling for Slackware 14.2 (aka once I have migrated my last server to 15.0) these packages will work on Slackware 14.2 and newer. I provide 32bit as well as 64bit variants.

Eric

Libreoffice 7.3.2, Ungoogled-Chromium 100

The latest update for LibreOffice Community Edition, version 7.3.2 was released last week, fixing over 80 bugs (see changelogs for RC1 and RC2).
My repository now contains a new set of libreoffice-7.3.2 packages for Slackware 15.0 and -current.

Get these packages from my own Europe-based server: https://slackware.nl/people/alien/slackbuilds/libreoffice/ or my US-based server: https://us.slackware.nl/people/alien/slackbuilds/libreoffice/ ;or any mirror if you wait a day, for instance https://slackware.uk/people/alien/slackbuilds/libreoffice/ . Rsync access is also available for these servers.

And then there’s the update for Un-Googled Chromium that I promised in my previous blog. It took a little while to get the sources released because of its approval process, but the new chromium-ungoogled-100.0.4896.60 packages for Slackware 14.2 and newer are now also available from mirror servers around the world.
If you are a fresh Slackware user (or never read this blog) and wonder what this un-Googled Chromium is about and whether it is something you’d like, just read some of the older articles on my blog: Google muzzles all Chromium browsers on 15 March 2021, and How to ‘un-google’ your Chromium browser experience.

Enjoy the new releases – Eric

Chromium 100 available

The Chromium version has reached a triple-digit number: I have uploaded new packages for Chromium 100 (Slackware 14.2 and newer, 32bit as well as 64bit). Specifically it is the release 100.0.4896.60 which was announced a few days ago. It fixes a number of vulnerabilities with the criticality label “high” which usually means it can crash your browser but not compromise your computer.

Google currently maintains a release schedule for Chromium where a new major version (98, 99, 100, …) is made available every month. This means that new features are not added with a big bang after being beta-tested for months, but the browser’s feature list will evolve over time.

For instance, this 100 release will be the last release where your UserAgent string mentions details about your OS; now it is still “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36“.

A return to Chromium 100 of a lost feature, is the ability to use the audio indicator in a browser tab to directly mute that tab. When website plays audio in a tab, the tab strip will mention that “audio is playing” when you hover your mouse over it, and it shows a speaker icon. Now, when you explicitly enable it with the flag “chrome://flags/#enable-tab-audio-muting” you can click that speaker icon to mute  the sound immediately instead of having to right-click first and then select “mute this site”.

Get chromium packages here (NL mirror) or here (US mirror). The chromium-ungoogled packages are still waiting for the source code to be released. I expect that to happen any time and then I’ll build and upload those packages too.

Enjoy the weekend, Eric

Chromium 99 critical security fix, upgrade asap

I have uploaded new chromium 99 packages for Slackware. The chromium-ungoogled 99 packages are currently being built and will follow shortly.
These new packages were triggered by a recent Google Chromium update which mentions a fix for a security hole which allows remote attackers to take control of your computer. Opening a malicious advertisement or web page is already sufficient, the vulnerability does not need any interaction to do its work. See CVE-2022-0971.

Get my Chromium packages for version 99.0.4844.74 from my repository or any mirror, and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ or https://us.slackware.nl/people/alien/slackbuilds/chromium/

Links to the un-googled chromium: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

On 32bit Slackware 15.0 and newer, Patrick has updated the profile script as part of a qt5 package upgrade so that Chromium crashes are prevented by automatically disabling the seccomp filter sandbox:

# Unfortunately Chromium and derived projects (including QtWebEngine) seem
# to be suffering some bitrot when it comes to 32-bit support, so we are
# forced to disable the seccomp filter sandbox on 32-bit or else all of these
# applications crash. If anyone has a patch that gets these things running on
# 32-bit without this workaround, please let volkerdi or alienBOB know, or
# post your solution on LQ. Thanks. :-)
if file /bin/cat | grep -wq 32-bit ; then
  export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
fi

Eric

Calibre 5.x available for Slackware 15.0 and -current (finally)

Finally! I have a working package for Calibre 5.38.0, targeting Slackware 15.0 and -current.

As you surely know by now, Calibre is an e-book library management program, probably the best you can get and it surpasses its commercial rivals in terms of feature set and ease of use.

Calibre is not only a library manager, it can act as a content server to make your book library accessible online (on your phone and in web browsers for instance), and it also contains a Qt5-based e-book reader application, as well as a full-fledged e-book editor. If you have online magazine or newspaper subscriptions, Calibre can download these magazines automatically for you and add them to your library.

It is also quite the complex piece of software. It is written in Python, using several modules to enable its features. Calibre creates its graphical user interface using PyQt5 widget libraries. My calibre package for Slackware embeds all these modules, so that the package does not have any external dependencies. It does expect a full Slackware installation however, because that includes Qt5, PyQt5 and related packages. You could slim down your Slackware as long as you keep Qt5 related packages installed.

It took a long time to upgrade my Calibre 4.x package to 5.x, the first release in the 5.x series was on 25 September 2020. The reason is that the developer, Kovid Goyal, switched Calibre from Python 2 to Python3 and that influenced many of the Python modules that are used by the program. I had decided to wait for a Slackware 15.0 release to start working on the calibre.SlackBuild… but then that Slackware 15.0 release got delayed, and delayed, and… I could finally free up some of my time to actually do this, last week.

So here it is: Calibre 5.38.0, get it from my repository or any mirror (like my own US mirror)!

Note that you should either install my calibre4 package, or calibre (now at 5.x) but do not install both at the same time! Their files overlap.

Another note: on 32bit Slackware 15.0 and -current, all Chromium based programs will crash with a seccomp error. This is caused by the changes in glibc with regard to secure computing (seccomp), and the affected versions of glibc can be found in Slackware 15.0 and newer. The Chromium developers have been unable to update their sourcecode to make this work on 32bit Operating Systems. As a result, for instance Falkon on 32bit Slackware 15.0 and newer will crash immediately on startup.
The workaround is to disable the seccomp filter sandbox for your 32bit OS. This is achieved without much effort, you have to make an environment variable available after login: QTWEBENGINE_CHROMIUM_FLAGS needs to be set to “--disable-seccomp-filter-sandbox“.

For bash-compatible shells you would do as follows:

# echo "export QTWEBENGINE_CHROMIUM_FLAGS='--disable-seccomp-filter-sandbox'" > /etc/profile.d/chromium_seccomp.sh
# chmod +x /etc/profile.d/chromium_seccomp.sh

And after logging in again, you should find that calibre works also on 32bit Slackware.

Addendum: even the screenreader works. Right-click the current page in your open e-book text and then click “Read Aloud“. The text-to-speech is provided by an embedded speech-dispatcher program. Unfortunately the configuration button does not work there, but if you don’t like the default espeak voice you can manually pick one of the available alternatives by editing the file “/usr/lib64/calibre/etc/speech-dispatcher/speechd.conf” (on 32bit Slackware the libdir is ‘lib‘ of course).

Have fun! Eric