My thoughts on Slackware, life and everything

Tag: cdm (Page 2 of 3)

Update for Chromium 45

chromium_iconGoogle updated their Chrome/Chromium with mention of some security fixes. I had to finish compiling LibreOffice first, and also it takes a while for the official chromium source tarball to appear on Google’s servers. But the weekend started uneventful so it was easy to build you some new packages for the chromium browser inbetween baking some tasty sourdough bread. Accompanied by packages for the widevine plugin (a closed-source non-free plugin which allows you to watch Netflix in particular).

The security fixes in chromium 45.0.2454.101 have CVE numbers:

  • [$TBD][530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [$TBD][531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.

Get my chromium (and widevine plugin) packages in one of the usual locations:

Have fun! Eric

Stable channel for Chromium hits 43

chromium_iconBuilding on my experiences with chromium-dev (the development channel of the Chromium browser which is currently at version 44), I have made similar changes to my latest package for the chromium browser and its widevine and pepperflash plugins.

This means that I have said goodbye to the single configuration file (/etc/default/chromium) and switched to a configuration directory, which is “/etc/chromium/” for the chromium package. Each package (Chromium as well as any plugin or extension) can add its own configuration file to that directory. The new packages for chromium, chromium-pepperflash-plugin and chromium-widevine-plugin are now using this new setup.

I made one other change: I have applied a patch taken from an Ubuntu PPA. That patch is based on a blog post which explains how to enable VAAPI (aka hardware video decoding) on Linux. The chromium sources disable this functionality by default if you are not compiling for ChromeOS. Tell me your experiences with playback of H.264 video!

The new chromium packages have the version number 43.0.2357.65. The first release of the “43” series brings a total of 37 published security fixes, and here are the CVE’s:

  • [$16337][474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
  • [$7500][464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
  • [$3000][444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to Armin Razmdjou.
  • [$3000][473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
  • [$2000][478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
  • [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP’s Zero Day Initiative
  • [$1500][468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
  • [$1000][450939] Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
  • [$1000][468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
  • [$1000][474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
  • [$500][466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
  • [$500][476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
  • [$500][479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
  • [$500][481015] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.

Get my chromium packages in one of the usual locations:

Change the URL a bit to get the widevine-plugin and pepperflash-plugin packages.

Have fun! Eric

New chromium-dev package and plugins

chromium_iconI have been working on some changes for the chromium package, and what’s better than to first test those changes on a Chromium Development release?

I have not really been happy with the choice I made to have a single configuration file (/etc/default/chromium) which would then have to be re-written by any plugins that you would install. For instance, the PepperFlash plugin modifies that file so that Chromium learns of the pathname and version of that plugin when it starts. Unfortunately, some people would accidentally wipe those modifications with every update to the Chromium main package (the “/etc/default/chromium.new” file would overwrite the “/etc/default/chromium” file if you were not paying attention).

So what I did was change the single configuration file into a configuration directory, which is “/etc/chromium-dev/” for the Chromium Dev package. Each package (Chromium as well as any plugin or extension) can add its own configuration file to that directory. As an example of how that works, I have created packages for chromium-dev, chromium-dev-pepperflash-plugin and chromium-dev-widevine-plugin that use this new setup. Those are Slackware packages  for -current only by the way – when a new version of Chromium Stable is released  I will also add this new configuration setup and then the packages will be released for Slackware 14.1 as well.

What else is there to say about my chromium-dev packages? Chromium-dev is the development release of the browser (there’s also a “beta” channel but I don’t care about that too much). Testing the development release from time to time is preparing me well in advance for major (or subtle) changes in the compilation process and functionality, so that when the stable channel jumps to a higher major release it won’t take me long to come up with a set of packages.

The new chromium-dev packages have the version number 44.0.2398.0. So what changed with this new major release 44 compared to the previous 43 (or even the stable 42)? One important change is that it is no longer necessary to extract the Widevine CDM library from an official Google Chrome RPM in order to compile the Open Source Widevine adapter library which is the piece of code that interfaces between the browser and the closed-source Content Decryption Module. Therefore even the Open Source purists should be at peace now with the new process. If you do want to use Widevine CDM, for instance when you want to stream Netflix in your Chromium browser, you simply install my widevine-plugin package (the version it reports will be 1.4.8.823). The browser itself will not be tainted.

The PepperFlash plugin package which I added as well (first time for my Chromium Dev releases) has a change as well, compared to the package for Chromium Stable. The PepperFlash directory is installed to “/usr/lib64/chromium-dev/” instead of “/usr/lib64/” (it’s “lib” for 32bit Slackware of course) so that the pepperflash-plugin package’s files will not clash with the pepperflash-plugin for Chromium Stable. The plugin for Chromium Dev reports itself as version 18.0.0.114 by the way. This version is not even listed yet on Adobe’s Flash test page. I assume that this too, is a development version.

Get my Chromium Development packages in one of the usual locations:

Change the URL a bit to get the widevine-plugin and pepperflash-plugin packages.

Eric

Chromium: the answer to life, the universe and everything

Chromium and Widevine:

chromium_iconGeeks and Sci-Fi fans, as well as otherwise properly educated people, will recognize the blog title for what it is.

Chrome 42 is released. Big jump: a major version change. Mostly changes under the hood again it seems. The Chrome binaries for this version contain a new version of the PepperFlash plugin, which I have extracted for use with the chromium browser – see my earlier blog. The packages for Slackware 14.1 and -current are available for download so that you can enjoy the latest Chromium browser (and its optional Widevine plugin) in your trustworthy Slackware environment.

In the  Chrome Releases blog you can read the announcement for Chrome/Chromium 42 to the Stable Channel (full version is 42.0.2311.90).

The new packages for my chromium and chromium-widevine-plugin packages both have version 42.0.2311.90 – indicating that they should be used together. The Widevine plugin reports itself as version “1.4.7.796” in chrome://plugins – same version as in my chromium-dev 43 package.

You don’t have to install the Widevine plugin. Chromium without Widevine plugin is a pure and open source browser, even the Widevine “adapter module” inside the Chromium package is open source. The Widevine library itself is a closed-source Content Decryption Module (CDM) which therefore is not part of the Chromium package but separately packaged (after extracting it from Google’s binary download of the Chrome browser with the same version number). You would typically want to install the plugin if you have a Netflix subscription and want to watch your movies in a Chromium browser.

Download locations:

Have fun! Next on the blog: new packages for VLC, the VideoLAN media player!

Eric

Update for Chromium and another Flash security fix

Chromium (and Widevine):

chromium_iconI built new Slackware Chromium packages for the latest update in the Chrome Stable Channel.  The new version is 40.0.2214.111  and comes with several security fixes (among which, a Flash Player update, see below) Both chromium and chromium-widevine-plugin have version 40.0.2214.111 actually – use the matching version numbers as a sign that they will work together. The Widevine plugin reports itself as version “1.4.6.738” in chrome://plugins .

Repeat message: Widevine is a Content Decryption Module (CDM) used by Netflix to stream video to your computer in a Chromium browser window. With my chromium and chromium-widevine-plugin packages you no longer need Chrome, or Firefox with Pipelight, to watch Netflix. The chrome-widevine-plugin is optional. If you don’t need it, then don’t install it. It is closed-source which for some is enough reason to stay away from it. The Chromium package on the other hand, is built from open source software only.

Flash browser plugins:

adobe_flash_8s600x600_2 With Flash it seems to be like my central heating. Last year I needed to connect the waterhose once a month and regulate the pressure in the pipes… it got worse to the point that I needed to re-pressurize every day. Until I called the maintenance guy who fixed a leak permanently. There is yet another leak in the Flash from Adobe and security updates have been added to my repository yesterday: the plugins for chromium (PPAPI) and for mozilla-compatible browsers (NPAPI).

The new Slackware package for chromium-pepperflash-plugin has version 16.0.0.305. The new Slackware package for flashplayer-plugin has version 11.2.202.442.

The update for pipelight can be done manually. As root, run the script:

# pipelight-plugin --update

Next time the pipelight plugin is loaded in your browser, it will update your Windows plugins to their latest versions where needed.

Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑