Tag Archives: cve

Chromium 75 available as Slackware packages (32bit and 64bit)

The Chromium 75 sources were released last week by Google, and this new major release contains 42 fixes for security issues. A couple of them are serious enough that you are encouraged to update to the new 75 release ASAP.
In terms of functionality, not much changed in Chromium 75, but there is one interesting addition that you may want to try if you read a lot of content online. It’s called “Reader Mode” and is still disabled by default, You can enable it through the Chrome flag “chrome://flags/#enable-reader-mode“. The reader mode strips away page clutter like buttons, background images and changes the page layout for better readability.
After enabling this feature and re-launching the browser, it can be activated on the page you are currently viewing via Chromium’s top-right menu (the ‘3 vertical dots’) and selecting “Distill page“.
I still need to an in-depth comparison of this new built-in functionality with that of the Chrome extension “Reader View” which I have installed and was using so far. To give an example: this is the Wikipedia page for Slackware.

If you select “Distill page” from the 3-dot menu you will see this un-cluttered reader view:

At the moment I think that the 3rd-party plugin gives more flexibility and capabilities but the built-in functionality at least allows you to get rid of a plugin that you need to authorize to read all your online data.

From a packager’s perspective, upgrading to a new major release always is a mix of hoping and praying that the compilation does not get stuck on too many road blocks thanks to developers who mess with build and installation routines. But I am happy to inform you that even the 32bit package compiled without any issue.
I built the packages for chromium-75.0.3770.80 during the Pentecost weekend and they are now ready for download. Primary site is slackware.com but please use any of its mirrors; they are usually much faster. Try slackware.nl or slackware.uk for instance.
I verified that the Widevine CDM plugin (for Netflix movie streaming) is still working. Time to watch the new season of Happy!

Enjoy! Eric

April ’19 release of OpenJDK 8

icedteaEarly May I was confined to my bed, immobilized on my side and under medication, after I had incurred a second back hernia in four months’ time. And so I missed the announcement on the OpenJDK mailing list about the new icedtea-3.12.0.
Why again is that important? Well, the IcedTea framework is a software harness to compile OpenJDK with ease. Andrew Hughes (aka GNU/Andrew) who is the release manager still did not update his blog with this announcment, but nevertheless:  the new Java8 that we will get is OpenJDK 8u212_b04. This release syncs the OpenJDK support in IcedTea to the official April 2019 security fixes for Java.
I built Slackware packages for Java 8 Update 212 so that you do not have to succumb to the official Oracle binaries which are compiled on God-knows what OS.

It’s about JAVA, so I recommended that you upgrade your OpenJDK 8 or OpenJRE 8 packages to the latest version ASAP.

Here is where you can download the Slackware packages for openjdk and openjre:

If you want to compile OpenJDK 8 yourself you will need apache-ant as well, but otherwise the openjdk/openjre packages have no external dependencies.

Note about usage:

My Java 7 and Java 8 packages (e.g. openjdk7 and openjdk… or openjre7 and openjre) can not co-exist on your computer because they use the same installation directory. You must install either Java 7 or Java 8.

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Enjoy! Eric

This week’s updates: Chromium, LibreOffice, Flash

There was an update to Chromium browser code this week as announced a few days ago by Google. I built new Slackware packages for Chromium 74.0.3729.169 and uploaded them earlier this week to slackware.com and slackware.nl (or you can use any mirror site of course).
There were two intermediate updates to Chromium 74 which I did not compile & package. Both versions address a couple of security issues (CVE’s), but at the time I was unable to work a computer. It’s therefore a good idea to upgrade to this new package.

 

Also this week, the Document Foundation released version 6.2.4 of their office suite LibreOffice. I have built and uploaded sets of packages for Slackware 14.2 and also for -current, 32bits and 64bits.

I had some issues with the visibility of LibreOffice icons in its toolbar recently (last couple of versions of LibreOffice that I built actually).
I am using LibreOffice on Slackare-current with Plasma5 and in the profile script “/etc/profile.d/libreoffice.sh” I have uncommented this line because the GTK+3 widget set usually gives the best possible interface for LO in a Plasma5 desktop:

export SAL_USE_VCLPLUGIN=gtk3

However, icons would not show unless you moved the mouse across them, or sometimes even that would not work. In other words, it made working with LO impossible unless I switched the widget support to “generic’ by uncommenting “export SAL_USE_VCLPLUGIN=gen” in aformentioned profile script instead. But that results in a butt-ugly interface.

By chance I found out that this is caused by a setting in LibreOffice itself. Go to “Tools > Options > Libreoffice > View > Icon Style” and I noticed that the style was set to “Automatic (Breeze)”. I selected “Elementary” instead and voila, I had a working toolbar with visible icons again. For some reason, the integration of GTK+3 applications in Plasma5′ QT5 based interface using the ‘breeze-gtk” package is not fully compatible with the LibreOffice icon handling.
Just so you know.

And finally, there were fresh security updates on the Adobe website for their Flash player plugin. The new version 32.0.0.192 which was released last week (but I missed it) was announced in a security bulletin. I built the packages for the Chromium-compatible and Mozilla-compatible browsers so that you can visit Flash-based web sites safely again (or of course you abandon the use of Flash entirely).

Who is still using these Flash plugin packages?

 

Where to find my packages? In any case, on these three sites. And slackware.nl as well as slackware.uk also offer rsync access:

Have fun! Eric

2019 Q1 updates for Flash and Java8

Flash

Adobe released updated versions for their Flash Player plugins halfway February. I missed those initially, but today I fixed that.
The Slackware packages for version 32.0.0.142 of the flashplayer-plugin (NPAPI plugin for Mozilla based browsers) and the chromium-pepperflash-plugin (PPAPI plugin for Chromium based browsers) are available in my repository now.

 

Java

icedteaAlso recently there was a new release for the IcedTea framework: version 3.11.0 compiles the latest Java 8, to be specific you will get OpenJDK 8u201_b08. This release syncs this OpenJDK build to the January 2019 security fixes for Java.
If you want to compile OpenJDK yourself you will need apache-ant as well.

 

Note about java usage:

My Java 7 and Java 8 packages (e.g. openjdk7 and openjdk… or openjre7 and openjre) can not co-exist on your computer because they use the same installation directory. You must install either Java 7 or Java 8.

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Here is where you can download the Slackware packages for Flash (flashplayer-plugin and chromium-pepperflash-plugin) and Java (openjre/openjdk):

Updated multilib, chromium. Arriving soon: new libreoffice

The Chromium 72 code was released a few days ago by Google. I built new Slackware packages for Chromium 72.0.3626.81 during the weekend and they are ready for download now on slackware.com or slackware.nl, or any other mirror of course.
There’s a sizable number of CVE’s mentioned in the ChangeLog that were fixed in this release. Therefore it’s a good idea to upgrade today.
I verified that the Widevine CDM is still working, so your Netflix movie streaming is not affected by the upgrade.

 

 Patrick updated the glibc package in slackware-current to the 2.29 release, so I could not stay behind. A new multilib version of the glibc package (also 2.29) is now available in the ‘multilib‘ package repository. I also updated all the ‘compat32’ packages to their latest Slackware versions. Update and enjoy a hassle-free Slackware environment where everything ‘just works’.

 

The Document Foundation released version 6.1.4 of their office suite Libre Office back on 18 December 2018. I fell ill on the 18th so I missed all the fun. I am working my way back through important software releases and now is the time to start building this version of LibreOffice for Slackware.
I need to compile four sets of packages: for Slackware 14.2 and -current, 32bits and 64bits. That means lots of compile time, so don’t expect new packages in the next few days. They will arrive in the repository eventually. Subscribe to the RSS feed of my ChangeLog if you want to know when.

Have fun! Eric