My thoughts on Slackware, life and everything

Tag: cve (Page 9 of 21)

2019 Q1 updates for Flash and Java8

Flash

Adobe released updated versions for their Flash Player plugins halfway February. I missed those initially, but today I fixed that.
The Slackware packages for version 32.0.0.142 of the flashplayer-plugin (NPAPI plugin for Mozilla based browsers) and the chromium-pepperflash-plugin (PPAPI plugin for Chromium based browsers) are available in my repository now.

 

Java

icedteaAlso recently there was a new release for the IcedTea framework: version 3.11.0 compiles the latest Java 8, to be specific you will get OpenJDK 8u201_b08. This release syncs this OpenJDK build to the January 2019 security fixes for Java.
If you want to compile OpenJDK yourself you will need apache-ant as well.

 

Note about java usage:

My Java 7 and Java 8 packages (e.g. openjdk7 and openjdk… or openjre7 and openjre) can not co-exist on your computer because they use the same installation directory. You must install either Java 7 or Java 8.

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Here is where you can download the Slackware packages for Flash (flashplayer-plugin and chromium-pepperflash-plugin) and Java (openjre/openjdk):

Updated multilib, chromium. Arriving soon: new libreoffice

The Chromium 72 code was released a few days ago by Google. I built new Slackware packages for Chromium 72.0.3626.81 during the weekend and they are ready for download now on slackware.com or slackware.nl, or any other mirror of course.
There’s a sizable number of CVE’s mentioned in the ChangeLog that were fixed in this release. Therefore it’s a good idea to upgrade today.
I verified that the Widevine CDM is still working, so your Netflix movie streaming is not affected by the upgrade.

 

 Patrick updated the glibc package in slackware-current to the 2.29 release, so I could not stay behind. A new multilib version of the glibc package (also 2.29) is now available in the ‘multilib‘ package repository. I also updated all the ‘compat32’ packages to their latest Slackware versions. Update and enjoy a hassle-free Slackware environment where everything ‘just works’.

 

The Document Foundation released version 6.1.4 of their office suite Libre Office back on 18 December 2018. I fell ill on the 18th so I missed all the fun. I am working my way back through important software releases and now is the time to start building this version of LibreOffice for Slackware.
I need to compile four sets of packages: for Slackware 14.2 and -current, 32bits and 64bits. That means lots of compile time, so don’t expect new packages in the next few days. They will arrive in the repository eventually. Subscribe to the RSS feed of my ChangeLog if you want to know when.

Have fun! Eric

New VLC and Flash

Time for an update of Adobe’s Flash Player plugins folks! I uploaded Slackware packages for the version 32.0.0.114 of the flashplayer-plugin (NPAPI plugin for Mozilla based browsers) and the chromium-pepperflash-plugin (PPAPI plugin for Chromium based browsers) to my repository. This release does not address security issues and instead resolves feature and performance bugs.

The VideoLAN media player, VLC, saw a new release a few days ago. I skipped 3.0.5 which is a lucky streak I guess according to the release notes for 3.0.6: “… fixes an important regression that appeared on 3.0.5 for DVD subtitles“.

Noteworthy to tell is that I added the ‘dav1d‘ decoder for AV1 video to this VLC package.
AV1 is a new video codec by the Alliance for Open Media, composed of most of the important Web companies (Google, Facebook, Netflix, Amazon, Microsoft, Mozilla…). AV1 has the potential to be up to 20% better than the HEVC codec, but the patents license is totally free. VLC supports AV1 since version 3.0.0 but I never added the ‘aom‘ decoder/encoder to my vlc package, since ‘aom’ is the reference implementation of the video format and it does not really perform.
The VideoLAN and FFmpeg communities are collaborating on ‘dav1d’ to make this a reference optimized decoder for AV1. Now that ‘dav1d’ has an official release I thought it would be cool to have in the VLC package. Mozilla and Google browsers already have the support for AV1 video playback built-in, so… overdue here.

Remember that this VLC package depends on Qt5 – you’ll need libxkbcommon, qt5 and qt5-webkit packages, and on Slackware 14.2 additionally libinput and libwacom (those two are already part of -current).

Have fun! Eric

July security updates: Chromium and Flash

I have uploaded new packages for Chromium. The version 67.0.3396.99 was released a month ago but the source remained unavailable for a while and then I “went under” for a while. Now that I finally built and uploaded it, I noticed there’s a new version up today (68.0.3440.75) but I will wait a bit with that one and focus on Plasma5 next.

Get these chromium-67.0.3396.99 packages for Slackware 14.2 and -current overhere:

And then there’s the July security update for Adobe’s Flash Player plugins, which is already two weeks old – also released when I was indisposed.
The version 30.0.0.134 of the flashplayer-plugin (NPAPI plugin for Mozilla based browsers) and the chromium-pepperflash-plugin (PPAPI plugin for Chromium based browsers) is now available as a Slackware package in my repository.

Cheers, Eric

Security updates for Java and Flash

Flash

Adobe released the June updates for their Flash Player plugins.
The Slackware packages for version 30.0.0.113 of the flashplayer-plugin (NPAPI plugin for Mozilla based browsers) and the chromium-pepperflash-plugin (PPAPI plugin for Chromium based browsers have been uploaded to my repository already.
Upgrade please, if you are still in need of Flash.

And another ‘controversial’ technology had security updates in the last few weeks:

Java

icedteaThere have been new releases for the IcedTea framework: the version 2.6.14 compiles Java 7 and version 3.8.0 compiles Java 8.
The new Java7 is OpenJDK 7u181_b01 and for Java8 I have OpenJDK 8u171_b11. These releases sync OpenJDK to the April 2018 security fixes for Java.
Again, please do upgrade your OpenJDK or OpenJRE packages.

Note that the “rhino” package (implementation of the JavaScript engine used by OpenJDK) is an external dependency for OpenJDK 7, you can find a package in my repository.

If you want to compile OpenJDK (Java 7 or 8) yourself you will need apache-ant as well.

Note about java usage:

My Java 7 and Java 8 packages (e.g. openjdk7 and openjdk… or openjre7 and openjre) can not co-exist on your computer because they use the same installation directory. You must install either Java 7 or Java 8.

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Here is where you can download the Slackware packages for Flash (flashplayer-plugin and chromium-pepperflash-plugin) and Java (openjre/openjdk and openjre7/openjdk7):

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑