Alien Pastures

My thoughts on Slackware, life and everything

Tag: flash (Page 10 of 13)

Updates for Chromium and Flash in sep 14

September 11, 2014 / / 11 Comments

Chromium and Pepper Flash:

chromium_iconPatch tuesday came and went. We have new Flash from Adobe and as a result, the Google Chrome browser also had a version bump and a new “PepperFlash” Plugin. Time for an update of my own Chromium package (just for Slackware 14.1 & current; the package for 13.37 & 14.0 remains at 37.0.2062.94 but you can of course compile a newer one yourself).

Taken from the Chrome releases blog: Chromium 37.0.2062.120 addresses critical bug fixes, of which these stand out –

  • [$2000][401362High CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
  • [411014] CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives..

I also updated the package for chromium-pepperflash-plugin to version 15.0.0.152. As usual, the flash library is taken from the official Google Chrome binaries and integrates nicely with my Chromium package. Note that Chromium contains a PDF plugin these days, so if you still have an old “chromium-pdf-plugin” package installed, you should ‘removepkg’ that now!

Note: If you had the chromium-pepperflash package already installed, please open the file “/etc/default/chromium” in an editor and change the line:

 flashversion=$(strings $flashso|grep ^LNX|sed -e "s/^LNX //"|sed -e "s/,/./g")

to

 flashversion=$(strings $flashso|grep "LNX "|sed -e "s/.*LNX //"|sed -e "s/,/./g")

in order to fix the plugin version shown in “chrome://plugins

Linux Flash:

adobe_flash_8s600x600_2 The Flash updates are released for all platforms, one of them is the “legacy” Linux NPAPI plugin for Mozilla-compatible browsers. See Adobe’s monthly security bulletin for all the version numbers and vulnerabilities. The Linux flashplayer-plugin went up to 11.2.202.406.

 

 

Pipelight with Windows Flash:

pipelight-logoI do not have a new version of the pipelight browser plugin (see previous article for the how to). You can easily update the Windows plugins (including the Windows Flash player if you use that) by running (as root) the script:

# pipelight-plugin --update

I will see about a soon-ish update of pipelight and wine-pipelight if there are enough enhancements.

Good luck with these updates!

Updates for Chromium and Flash

August 13, 2014 / / 8 Comments

Adobe did their monthly security dance and as a result, Google also updated their Chrome browser with the new PepperFlash Plugin. That Chrome release meant that I could compile a new Chromium from the updated sources.

Chromium and Pepper Flash:

chromium_icon The update to my Chromium package was not just triggered by the update (in Chrome) of the Pepper Flash plugin. Chromium 36.0.1985.143 comes with a couple of critical bug fixes:

  • [$2000][390174] High CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne.
  • [398925] High CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-Lavaud.
  • [400950] CVE-2014-3167: Various fixes from internal audits, fuzzing and other initiatives.

Note that I also updated the package for chromium-pepperflash-plugin to version 14.0.0.177- it contains the newest library, taken from the official Google Chrome binaries and is a recommended companion for the new Chromium package.

Linux Flash:

adobe_flash_8s600x600_2 The Flash updates are released for all platforms, one of them is the “legacy” Linux NPAPI plugin for Mozilla-compatible browsers. See Adobe’s monthly security bulletin for all the version numbers and vulnerabilities. The Linux flashplayer-plugin went up to 11.2.202.400.

Last week: new Chromium, Flash, OpenJDK

June 15, 2014 / / 10 Comments

Real life is taking precedence these days, and I have not been able to work on Slackware so much lately. I did release some updated packages last week.

Chromium:

chromium_icon The update to my Chromium package came pretty shortly after the previous one. Major driver was the update (in Chrome) of the Pepper Flash plugin. Chromium 35.0.1916.153 comes with this list of critical bug fixes:

  • [$1000][369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
  • [$1000][369539] High CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook.
  • [$500][369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen of OUSPG.

 

Flash:

adobe_flash_8s600x600_2 The Flash update which triggered the new Chrome/Chromium release was announced along with a security bulletin by Adobe. My pepperflash-plugin package which I extracted from the official Chrome binaries (for use with Chromium) is now at version 14.0.0.125 while the accompanying Linux flashplayer-plugin (for Mozilla-compatible browsers) went up to 11.2.202.378.

 

 

OpenJDK:

icedtea Oracle released their Update 60 to Java7 a week or so ago, and it took a while to get the icedtea framework synced up to Oracle’s new OpenJDK drop. The icedtea bug tracker saw many bugfixes being applied in recent days. The icedtea version went up in minor release number: from 2.4 to 2.5.
The icedtea-2.5.0 release will compile OpenJDK 7 “Update 60 Build 30” (resulting in a package openjdk-7u60_b30).

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to nstall one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

The package has one dependency: rhino provides JavaScript support for OpenJDK.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

New pipelight release, accompanied by wine-pipelight. And what about chromium?

June 5, 2014 / / 5 Comments

You are of course subscribed to my repository’s RSS feed and/or you are using slackpkg+ . Then you certainly noticed the update of Chromium to the new major version 35 two weeks ago. I really should have written about this update earlier, because Chromium 35 brings some unfortunate side effects to the table.

Chromium

chromium_iconChrome and Chromium were updated to version 35.0.1916.114, with “fixes for 23 security issues“. The most important fixes (for high-risk vulnerabilities) are:

  • [$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
  • [$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
  • [$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
  • [$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.
  • [$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
  • [$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.

I also updated the accompanying package for chromium-pepperflash-plugin (extracted from the official Chrome binaries) to 13.0.0.214. This is a security update.

The version 35 of Chromium has a major side effect that many people are not going to like. The support for browser plugins that use Mozilla’s NPAPI protocol to communicate with the browser has been removed and only Google’s own PPAPI protocol is supported as of now (MS Windows users still have a bit of time before the same happens to their Chrome browser – removal of NPAPI support in Windows is scheduled for the end of 2014). This step was of course announced long time ago and many reminders were posted, but if you need Java support in your browser, or want to watch Netflix using pipelight, then you are out of luck. PPAPI versions for these browser plugins do not exist and in the case of pipelight, are very hard to create.

You’re forced to switch (back) to Firefox in these cases.

Pipelight

pipelight-logo Speaking of Pipelight… there was a new pipelight release a couple of days back, and this is accompanied by a new web site: pipelight.net. These guys really like writing their own CMS-es! The source code to the new CMS is available on github by the way. With the new release of pipelight you’ll get more supported browser plugins, security updates for all relevant plugins such as Flash, and many bug fixes. Also, for people with an AMD graphics card the good news is that hardware acceleration is now supported and enabled by default.Also note that I have enabled support for WoW64 (meaning that apart from the regular 32-bit applications, 64-bit Windows plugins are also supported on Slackware 64-bit)

Luckily this all still works on Slackware-current’s kernel – there were fears that 32-bit Wine applications would stop working on the 3.14.4 and newer kernels.

Remember that you can always get the latest Windows plugin releases (an important feature in case of security fixes) without having to wait for me creating a new package. Just run the command “pipelight-plugin –update” as root. After doing that, the next time your browser loads the pipelight plugin, it will automatically download the newest version of your installed Windows plugin(s).

Together with this pipelight release, the pipelight developers released their latest “wine-compholio patches“, a set of patches for the official Wine sources which are needed for proper Windows plugin support in your Linux browser. Naturally I created new wine-pipelight packages for you, based on Wine 1.7.19.

In my original post about pipelight, you will find full installation and configuration instructions, as well as a troubleshooting section. That blog article is also referred to on the pipelight.net support page.

Package location:

 

Have fun! Eric

New Flash player – security fix

April 29, 2014 / / 3 Comments

Adobe released security updates of their Flash Player for all platforms. The latest Adobe security bulletin shows 11.2.202.356 as the new version for native Linux and 13.0.0.206 for the Chrome PepperFlash. Package locations:

Perfom the update today if you are using Flash! And if you are using Windows (I know some of you do) – mind the advice of US and UK governments to stop using MS Internet Explorer since it contains an unpatched zero-day vulnerability which uses a Flash vulnerability in turn to wreck havoc on your Windows computer.

Eric

 

« Older posts Newer posts »

© 2025 Alien Pastures

Theme by Anders NorenUp ↑