Alien Pastures

My thoughts on Slackware, life and everything

Tag: chromium (Page 15 of 20)

Chromium 56, LibreOffice 5.2.5

February 1, 2017 / / 21 Comments

libreoffce_logoI had rebuilt the libreoffice-5.2.4 packages for Slackware -current last week, because library updates in Slackware had broken the spreadsheet application ‘localc‘. And voila… not long afterwards the Document Foundation blog announced 5.2.5: “all users are invited to update to LibreOffice 5.2.5 from LibreOffice 5.1.6 or previous versions“. Today on the first of february, we can even witness the 5.3 release.

A list of the most significant new features of LibreOffice 5.3 has been published in a separate document (http://tdf.io/lo53features) and you are invited to watch a series of short videos (http://tdf.io/53vids) if you want to get a taste of what’s on the plate. Collaborative editing is the major highlight I guess. A detailed description of these new features is also available as a web page:  http://www.libreoffice.org/discover/new-features/.

I am definitely not building packages right away for 5.3 but I did compile packages for 5.2.5 – albeit only for Slackware -current. I may or may not create these packages for Slackware 14.2 as well and then upgrade the -current package to 5.3. Depends on the other stuff I need to do.

These libreoffice packages are huge in size so please use a mirror for download, and take into account that only the master site and ‘bear’ will have the packages during the first 24 hours.

Note: the LibreOffice browser plugin (NPAPI based) has been removed in LibreOffice 4.4.0:  https://skyfromme.wordpress.com/2014/09/25/killing-the-npapi-plugin/

chromium_iconOn another note, Chromium (and Chrome) 56 ‘stable’ was released. It’s nice to test the HTML5 feature set on a site like HTML5test and see that it is at the top of all the browsers up there (517 points, only Chrome 56 for Windows scores better because it supports speech synthesis).

Packages for Slackware 14.2 and -current are now available from my repository. No ETA for Slackware 14.1 packages, and perhaps it is time for people still using Chromium on 14.1 to upgrade to 14.2?

As always, here are some common download sites:

Have fun! Eric

Chromium 54 packages

November 4, 2016 / / 32 Comments

chromium_iconA new release of the Chromium source code was made available earlier this week. For me this is the first Chromium 54 package and unfortunately the SlackBuild script needed a lot of rework. Google is quite “dynamic” when it comes to developing and discarding in-house tools. The change from “gyp” to “gn” to generate the “ninja” makefiles was not trivial to incorporate into my build script. But I think I did it right, and I hope that no functionality has been lost in the new chromium package.

Packages for Slackware 14.2 and -current are now available from my repository. I’ll try to find time to make packages for Slackware 14.1 too, but a new set of Plasma 5 packages has a higher priority.

I hope to get up to speed after the weekend, and will try to release a new set of Live ISOs containing the new Plasma 5 after I have packaged that.

Cheers, Eric

Chromium 51 packages available

May 27, 2016 / / 25 Comments

chromium_iconGoogle updated the stable branch of the Chromium browser to a new major version number: “51”. An overview of the changes since the previous “50” release are found in Google’s git. Updated packages for Slackware 14.1 and -current are now available from my repository, for the download URLs see below.

The announcement on the Google Chrome Releases blog mentions a list of vulnerabilities that were addressed with this release. Here are the ones that got a CVE rating… it sure pays off to be a security researcher and find Google Chrome vulnerabilities:

  • [$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
  • [$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
  • [$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
  • [$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
  • [$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
  • [$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  • [$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
  • [$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
  • [$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
  • [$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
  • [$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
  • [$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  • [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  • [$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
  • [$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  • [$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
  • [$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
  • [$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
  • [$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan
  • [614767] CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives.

 

As always, it is strongly advised to upgrade to this new version of Chromium. Get my chromium packages in one of the usual locations:

The widevine and pepperflash plugin packagess for chromium can be found in the same repository. The 64bit version of the Widevine plugin was updated with new libraries extracted from the official Google Chrome for Linux; the new Chrome does not contain a newer PepperFlash than what I already have in my repository.

Remember, even though I can still provide a 32bit Chromium browser, Google has ceased providing a 32bit version of their own Chrome browser – which means, no more updates to the 32bit PepperFlash and Widevine plugins.

Have fun! Eric

Security update for Chromium 48

February 15, 2016 / / 11 Comments

chromium_iconGoogle released an update for Chrome/Chromium – their version 48 of the browser is now at “48.0.2564.109“. The chromium sources are still not available six days after the announcement, even though the official Chrome binary distributions were available right from the start. I think that this is inexcusable for a big company like Google, but this is not the first time that their autobots falter and no one cares enough to fix the release process. Notwithstanding some complaints by fellow application packagers.

So for this release I switched to the “chromium source tarball” git repository https://github.com/zcbenz/chromium-source-tarball/releases to get a tarball and compile some Slackware packages.

This chromium release addresses a couple of security issues with the following CVE numbers:

  • [$7500][546677] High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
  • [$7500][577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [$TBD][583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.
  • [$1000][509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
  • [571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP’s Zero Day Initiative.
  • [585517] CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives.

Get my chromium packages in one of the usual locations:

The widevine and pepperflash plugin packagess for chromium can be found in the same repository.

Have fun! Eric

Almost weekend again – what’s in store

February 4, 2016 / / 22 Comments

Just a quick recap of my work during the past week (well… the work that I do besides my paid-for work):

I updated my packages for calibre and chromium with new versions. I updated the set of “compat32” packages for a multilib setup on slackware64-current to match the Slackware packages contained in the new Slackware 14.2 Beta 2.

And I updated the “plasma” package set of my KDE5 (aka Plasma 5) repository on ‘ktown‘; this is also just also for slackware-current. Plasma was upgraded to 5.5.4 which is a new bugfix release.

And there is a bit more, still in the pipeline. I have stamped a “version 0.5.0” onto my liveslak scripts and I am currently in the process of generating new ISO images for my Slackware Live Edition (in full Slackware, Plasma5, Mate and slimmed-down XFCE variants).

After I upload the new ISOs I will update the git repository with liveslak-0.5.0 sources. More about that hopefully tomorrow if my testing yielded good results.

Cheers, Eric

« Older posts Newer posts »

© 2025 Alien Pastures

Theme by Anders NorenUp ↑