My thoughts on Slackware, life and everything

Tag: cdm (Page 1 of 3)

Chromium security updates (and fix for 32-bit crash)

I have updated the ‘chromium‘, ‘chromium-ungoogled‘ and ‘chromium-widevine-plugin‘ packages in my repository.

For Chromium (-ungoogled) these are security updates. The new 89.0.4389.90 release addresses several critical vulnerabilities (it’s the third release in the 89 series in rapid succession actually, to fix critical bugs) but in particular it plugs a zero-day exploit that exists in the wild: CVE-2021-21193. You are urged to update your installation of Chromium (-ungoogled) ASAP.

I made chromium-ungoogled also available for Slackware 14.2, I hope that makes some people happy.

Since I had to build packages anyway, I took the opportunity to apply a patch that fixes the crashes on 32-bit systems with glibc-2.33 installed (i.e. on Slackware-current).
In that same chromium-distro-packagers group that is the home of the discussion about Google’s decision to cripple 3rd-party Chromium browsers, I had asked the Chromium team to address the crash Slackware users are experiencing. Google is no longer offering 32-bit binaries which means, issues like these are not likely to be caught in their own tests, but they are listening to the packagers who do build 32-bit binaries. Luckily. And the fix took a while to actually get implemented, but in the end it all worked out. I assume that the patch will end up in the Chromium source code after it passes the internal review process.

The Widevine plugin package for which I provided an update, is meant for chromium-ungoogled only. The ‘real’ Chromium does not need or use it, since Chromium downloads this CDM library automatically for you. The change to the package is small: it adds a compatibility symlink. That is not needed for chromium-ungoogled itself, but I was alerted to the fact that Spotify specifically looks for ‘libwidevinecdm.so’ in the toplevel Chromium library directory. The update takes care of that.

Also, this was the last package which i compiled for Chromium that contains my Google API Key as well as the OAuth client/secret credentials. I noticed that Chromium still works as before, even now after the 15 March deadline has passed, but future builds of my package will only contain my API key. That will leave the Safe Browsing functional, but it removes the Chrome Sync and other features. If you still want Chrome Sync to work with Chromium, I just want to point you to “/etc/chromium/01-apikeys.conf” in my future packages and get inspired by its content.

Have fun!
Eric

Chromium 84 packages available for Slackware

chromium_iconIt took a bit longer than usual to come up with packages for the recently released Chromium 84. Google’s “Stable Channel” blog for Chrome announced the version 84.0.4147.89 just over a week ago, but as I was traveling at the time (without computer) new packages needed to wait.

And just when I uploaded these packages to the mirror server I discovered that Google already released an update yesterday: 84.0.4147.94. That will have to wait since again I am busy at the moment. Enjoy the first 84 release though!

Chromium 84 sees a lot of bugs fixed, of which 38 are security fixes. There’s also the usual UI and engine improvements but there’s really not much visible on the User Interface side. With one exception: the ‘spam’ notification popups which some web sites bothered you with are now hidden by default under a button in the URL bar. By clicking that button you can decide to show the blocked popups (or not). This feature was implemented earlier by Mozilla in their Firefox browser where it was highly valued by its users.
Under the hood, the most notable change is that Google has removed support for the insecure TLS 1.0 and TLS 1.1 ciphers. Web servers which still use these for their HTTPS content will be blocked by default and you’ll see an error.

Slackware packages for Chromium 84.0.4147.89 are in my package repository already. They are available as 64bit versions for both Slackware 14.2 and -current and a 32bit version only for Slackware-current.
There is no new 32bit package for Slackware 14.2 unfortunately, because I have been unsuccessful in my attempts to compile the package. Let’s hope future releases allow me to compile the 32bit package for 14.2 again…

Note that because of the changed status of the Widevine library (which is now automatically downloaded and kept updated by the browser), a separate “chromium-widevine-plugin” package containing the Widevine DRM library is no longer required. Widevine is a Content Decryption Module (CDM) used by companies like Netflix and Disney+ to stream video to your computer in a Chromium browser window.

Also note (to the purists among you): even though support for Widevine CDM plugin has been built into my chromium package, that package is still built from Open Source software only. If you do not want theWidevine DRM library to be downloaded at all, you will have to recompile the chromium package after setting “USE_CDM=0” in the chromium.SlackBuild script. This can not be disabled at run-time.

Chromium packages: https://slackware.nl/people/alien/slackbuilds/chromium/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium/)

Enjoy! Eric

Chromium 83 – packages for Slackware, news about Widevine plugin

chromium_iconThe COVID-19 crisis caused Google to change its release calendar for the Chromium browser sources, and they decided to skip the 82 release altogether, in order to focus on keeping the 81.x versions as safe as possible while working on their upcoming 83 release.
And so this week, Chromium 83.0.4103.61 was introduced to the “Stable Channel” with lots of bugs fixed, of which 38 are security fixes. There’s also a lot of new and improved features which are introduced in this release but it seems that many of those are only available in Google’s official Chrome binaries.
One of the notable changes for Chromium users (as opposed to Google Chrome users for which it has always worked this way) is that the Widevine content decryption module is now an official component of the browser. Like with Mozilla Firefox, the Chromium browser will now automatically download the Widevine library into your personal profile and enable access to DRM-protected content. In the URL “chrome://components/” you’ll see Widevine listed as a component, displaying its current version and a “Check for update” button.

Slackware packages for Chromium 83.0.4103.61 are in my package repository already. They are available as 32bit and 64bit versions for both Slackware 14.2 and -current.

Note that because of the changed status of Widevine, a separate “chromium-widevine-plugin” package containing the Widevine DRM library is no longer required. However…
It seems that there is an issue with the online availability of a 32bit Widevine library of the version that Chromium tries to download. As long as that is not fixed and only if you are using the 32bit Chromium browser, keep using my “chromium-widevine-plugin” please.

You can test whether Widevine works on https://bitmovin.com/demos/drm and validating that the page says “Detected using Widevine” and not “Detected NO DRM“). If you can not immediately get Widevine to work with your 32-bit browser, check that the content of the file in your Chromium profile “${HOME}/ .config/chromium/WidevineCdm/latest-component-updated-widevine-cdm” points to the installed location of the chromium-widevine package, like this:

alien@darkstar:~/.config/chromium/WidevineCdm$ cat latest-component-updated-widevine-cdm 
{"Path":"/usr/lib/chromium/WidevineCdm"}

In the profile of a 64-bit browser you will see instead something like this:

alien@darkstar:~/.config/chromium/WidevineCdm$ cat latest-component-updated-widevine-cdm 
{"Path":"/home/alien/.config/chromium/WidevineCdm/4.10.1610.0"}

For newcomers: Widevine is a Content Decryption Module (CDM) used by companies like Netflix and Disney+ to stream video to your computer in a Chromium browser window.

Also note (to the purists among you): even though support for Widevine CDM plugin has been built into my chromium package, that package is still built from Open Source software only. If you do not want theWidevine DRM library to be downloaded at all, you will have to recompile the chromium package after setting “USE_CDM=0” in the chromium.SlackBuild script. This can not be disabled at run-time.

Chromium packages: https://slackware.nl/people/alien/slackbuilds/chromium/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium/)
Widevine packages: https://slackware.nl/people/alien/slackbuilds/chromium-widevine-plugin/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium-widevine-plugin/)

Chromium 68 with updated Widevine plugin

chromium_iconLast week, Chromium 68 was introduced to the “Stable Channel” with lots of bugs fixed, many of those being security fixes (42 in total). And a few days ago an update was released, so I decided to build Chromium 68 for Slackware.

NOTE: starting with Chromium 68, the browser will show a “Not secure” warning on all HTTP pages. Google announced this in a blog post published on February 8th on Google’s Chromium and Online Security blogs.

You’ll find 32bit as well as 64bit packages for Chromium 68.0.3440.84 in my package repository. They are available for both Slackware 14.2 and -current. I have also updated the Chromium Widevine plugin to version 1.4.9.1088. The older version refused to work with Chromium 68. Note that the Widevine plugin is available for 32bit just as for the 64bit browser, so even those running older computers (or those of you who are in need of a 32bit OS) can enjoy DRM movie playback.

For newcomers: Widevine is a Content Decryption Module (CDM) used by Netflix to stream video to your computer in a Chromium browser window. With my chromium and chromium-widevine-plugin packages you no longer need Chrome (or Firefox if you dislike that browser), to watch Netflix.

Also note (to the purists among you): even though support for Widevine CDM plugin has been built into my chromium package, that package is still built from Open Source software only. As long as you do not install the chromium-widevine-plugin package, your system will not be tainted by closed-source code.

Chromium packages: https://slackware.nl/people/alien/slackbuilds/chromium/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium/)
Widevine packages: https://slackware.nl/people/alien/slackbuilds/chromium-widevine-plugin/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium-widevine-plugin/)

Chromium 59 – a security update

chromium_iconGoogle released chrome/chromium 59.0.3071.86 earlier this week. This was accompanied by a rather big list of security updates.
Taken from the Red Hat Security Advisory: “Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5086, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085)

Otherwise, Chromium did not receive new functionality that immediately jumps out at me, except that the Chrome Settings page has changed its look and feel to Google’s “Material Design“.

Remember when you want to compile Chromium yourself, you will need ninja and nodejs (fortunately ninja and nodejs are only needed for the compilation, not for actually running the browser).

The packages for chromium, and the chromium widevine CDM plugin, are available for Slackware 14.2 and -current in my repository or one of its mirrors:

Have fun! Eric

« Older posts

© 2024 Alien Pastures

Theme by Anders NorenUp ↑