Alien Pastures

My thoughts on Slackware, life and everything

Tag: cve (Page 8 of 21)

Chromium package updates

September 1, 2019 / / 11 Comments

There was a new Chromium source release last week, but there were other software releases that had priority to get packages out the door. Therefore I could only chromium packages this weekend.
Chromium 76.0.3809.132 fixes 3 security holes. Note that the version before that (76.0.3809.100) also fixed 4 critical holes but I never packaged that as I went on holiday. So, upgrading now would be a good idea.

The packages (for Slackware 14.2 and -current) can be found on my site or any mirror (e.g. http://slackware.uk/people/alien/slackbuilds/chromium/).

Enjoy! Eric

VLC 3.0.8 packages

September 1, 2019 / / 13 Comments

largeVLCAlso during my holiday, the VideoLAN developers released version 3.0.8 of their VLC media player.

The Release Notes state that this releases provides fixes for several security issues among wich 11 which are CVE-worthy. Meaning that it’s prudent to upgrade your VLC to 3.0.8 soonest.

I have the new packages available (for Slackware 14.2 and -current) in my repository since a couple of days. I used the opportunity to update the following internal libraries as well: bluray, dav1d, ebml, and matroska.

You will also probably note that there is no “npapi-vlc” package. I decided to retire this VLC based NPAPI webbrowser plugin from my repository. Modern browsers are all moving away from NPAPI plugin support, and relying on HTML5 instead. Chrome/Chromium always only supported PPAPI based plugins anyway.

A note about dependencies for the VLC 3.x packages:

My Slackware packages for VLC are mostly self-contained with all of the supporting libraries compiled into the package. This makes for a minimal dependency on external libraries/packages. But there are some caveats with the new release: most importantly, its interface has switched from Qt4 to Qt5.
While Slackware contains a ‘qt4’ package, it does not contain ‘qt5’ and therefore, the vlc-3.x package introduces some new external dependencies, all related to the Qt5 GUI: SDL_sound, OpenAL, libxkbcommon, qt5. Hopefully Qt5 will get added to Slackware-current sometime in the future.
On Slackware 14.2, two more packages are needed – they have already been incorporated into Slackware-current: libinput and libwacom .

A note on compiling:

When you want to compile VLC 3 yourself, be sure to install java8 and apache-ant or your build will fail.
If you are running Slackware 14.2 you will additionally need the following four packages (required to compile the ‘dav1d‘ decoder): meson, ninja, python3, python3-setuptools .

Where to find the new VLC packages:

Rsync access is offered by the mirror server: rsync://slackware.nl/mirrors/people/alien/restricted_slackbuilds/vlc/ .

For BluRay support, read a previous article for hints about the aacs keys that you’ll need.

My usual warning about patents: versions that can not only DEcode but also ENcode AAC audio can be found in my alternative repository where I keep the packages containing code that might violate stupid US software patents.

Have fun! Eric

Chromium 75 available as Slackware packages (32bit and 64bit)

June 9, 2019 / / 16 Comments

The Chromium 75 sources were released last week by Google, and this new major release contains 42 fixes for security issues. A couple of them are serious enough that you are encouraged to update to the new 75 release ASAP.
In terms of functionality, not much changed in Chromium 75, but there is one interesting addition that you may want to try if you read a lot of content online. It’s called “Reader Mode” and is still disabled by default, You can enable it through the Chrome flag “chrome://flags/#enable-reader-mode“. The reader mode strips away page clutter like buttons, background images and changes the page layout for better readability.
After enabling this feature and re-launching the browser, it can be activated on the page you are currently viewing via Chromium’s top-right menu (the ‘3 vertical dots’) and selecting “Distill page“.
I still need to an in-depth comparison of this new built-in functionality with that of the Chrome extension “Reader View” which I have installed and was using so far. To give an example: this is the Wikipedia page for Slackware.

If you select “Distill page” from the 3-dot menu you will see this un-cluttered reader view:

At the moment I think that the 3rd-party plugin gives more flexibility and capabilities but the built-in functionality at least allows you to get rid of a plugin that you need to authorize to read all your online data.

From a packager’s perspective, upgrading to a new major release always is a mix of hoping and praying that the compilation does not get stuck on too many road blocks thanks to developers who mess with build and installation routines. But I am happy to inform you that even the 32bit package compiled without any issue.
I built the packages for chromium-75.0.3770.80 during the Pentecost weekend and they are now ready for download. Primary site is slackware.com but please use any of its mirrors; they are usually much faster. Try slackware.nl or slackware.uk for instance.
I verified that the Widevine CDM plugin (for Netflix movie streaming) is still working. Time to watch the new season of Happy!

Enjoy! Eric

April ’19 release of OpenJDK 8

May 26, 2019 / / 10 Comments

icedteaEarly May I was confined to my bed, immobilized on my side and under medication, after I had incurred a second back hernia in four months’ time. And so I missed the announcement on the OpenJDK mailing list about the new icedtea-3.12.0.
Why again is that important? Well, the IcedTea framework is a software harness to compile OpenJDK with ease. Andrew Hughes (aka GNU/Andrew) who is the release manager still did not update his blog with this announcment, but nevertheless:  the new Java8 that we will get is OpenJDK 8u212_b04. This release syncs the OpenJDK support in IcedTea to the official April 2019 security fixes for Java.
I built Slackware packages for Java 8 Update 212 so that you do not have to succumb to the official Oracle binaries which are compiled on God-knows what OS.

It’s about JAVA, so I recommended that you upgrade your OpenJDK 8 or OpenJRE 8 packages to the latest version ASAP.

Here is where you can download the Slackware packages for openjdk and openjre:

If you want to compile OpenJDK 8 yourself you will need apache-ant as well, but otherwise the openjdk/openjre packages have no external dependencies.

Note about usage:

My Java 7 and Java 8 packages (e.g. openjdk7 and openjdk… or openjre7 and openjre) can not co-exist on your computer because they use the same installation directory. You must install either Java 7 or Java 8.

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Enjoy! Eric

This week’s updates: Chromium, LibreOffice, Flash

May 25, 2019 / / 13 Comments

There was an update to Chromium browser code this week as announced a few days ago by Google. I built new Slackware packages for Chromium 74.0.3729.169 and uploaded them earlier this week to slackware.com and slackware.nl (or you can use any mirror site of course).
There were two intermediate updates to Chromium 74 which I did not compile & package. Both versions address a couple of security issues (CVE’s), but at the time I was unable to work a computer. It’s therefore a good idea to upgrade to this new package.

 

Also this week, the Document Foundation released version 6.2.4 of their office suite LibreOffice. I have built and uploaded sets of packages for Slackware 14.2 and also for -current, 32bits and 64bits.

I had some issues with the visibility of LibreOffice icons in its toolbar recently (last couple of versions of LibreOffice that I built actually).
I am using LibreOffice on Slackare-current with Plasma5 and in the profile script “/etc/profile.d/libreoffice.sh” I have uncommented this line because the GTK+3 widget set usually gives the best possible interface for LO in a Plasma5 desktop:

export SAL_USE_VCLPLUGIN=gtk3

However, icons would not show unless you moved the mouse across them, or sometimes even that would not work. In other words, it made working with LO impossible unless I switched the widget support to “generic’ by uncommenting “export SAL_USE_VCLPLUGIN=gen” in aformentioned profile script instead. But that results in a butt-ugly interface.

By chance I found out that this is caused by a setting in LibreOffice itself. Go to “Tools > Options > Libreoffice > View > Icon Style” and I noticed that the style was set to “Automatic (Breeze)”. I selected “Elementary” instead and voila, I had a working toolbar with visible icons again. For some reason, the integration of GTK+3 applications in Plasma5′ QT5 based interface using the ‘breeze-gtk” package is not fully compatible with the LibreOffice icon handling.
Just so you know.

And finally, there were fresh security updates on the Adobe website for their Flash player plugin. The new version 32.0.0.192 which was released last week (but I missed it) was announced in a security bulletin. I built the packages for the Chromium-compatible and Mozilla-compatible browsers so that you can visit Flash-based web sites safely again (or of course you abandon the use of Flash entirely).

Who is still using these Flash plugin packages?

 

Where to find my packages? In any case, on these three sites. And slackware.nl as well as slackware.uk also offer rsync access:

Have fun! Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑