Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Another security update for Adobe Flash available

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
kmathern
Forum Veteran
Forum Veteran
Posts: 9415
Joined: Wed Jul 12, 2006 2:26 pm

Re: Another security update for Adobe Flash available

#71 Post by kmathern » Fri May 16, 2014 11:29 pm

Silent Observer wrote:
Stevo wrote:A workaround would be to use the Windows Flash plugin, either in the Windows Firefox with Wine, or in a Linux browser with Pipelight, if you don't want to use Chrome or Chromium with the latest Pepperflash.
It's not that I don't want to use Chrome with Pepper Flash -- but Chrome/Pepper wouldn't install in Mepis 11 last time I tried (a couple months ago), due to a dependency that couldn't be fulfilled, and though it runs fine in antiX and anitX is great on my Core2Quad, Chrome for Linux won't run Java (apparently it does just fine with Java on Windows). I'll have to look at Pipelight; if I could run both current Flash and current Java from my preferred browser (SeaMonkey), without having to boot out of Mepis to antiX, I'd be a pretty happy guy on Internet game nights.

Edit: Ummm... I don't see Pipelight in the Mepis repos. Where might I find it in .deb form, or will I have to install it as a tarball?
I just got a new machine this week so I'm no longer forced to use a older flash version because of the SSE2 issue.

In a MX14 live session as a test I've installed Chromium, SeaMonkey & Firefox for browsers, and PepperFlash & Oracle java, and there's also the Adobe 11.2.202.xxx flash that MX14 comes with.

In Chromium both the older Adobe 11.2.202.359 flash and PepperFlash work okay on Youtube. I only enabled one or the other at a time. I did need to add a extension (YouTubeCenter.crx) to stop Chromium and/or Youtube from automatically using HTML5 instead of Flash.

In Firefox & SeaMonkey the older Adobe 11.2.202.359 flash worked on Youtube.

For java I installed java-package and used it to create a .deb package (oracle-java7-jre) from the jre-7u55-linux-i586.tar.gz tarball that I downloaded. Installed the resulting .deb with gdebi. After installing I ran the `sudo update-java-alternatives --set jre-7-oracle-i586` command to set oracle java7 as the preferred java. (I prefer this method versus using the update-sun-jre package from the http://www.duinsoft.nl repo)

Java works in all three browsers, or at least it does on the tester page (http://java.com/en/download/installed.jsp) where you click on the "Verify Java version" button.

Here's a screenshot of the java test result while running in Chromium
mx14-chromium-java-test.png
You do not have the required permissions to view the files attached to this post.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17044
Joined: Fri Dec 15, 2006 8:07 pm

Re: Another security update for Adobe Flash available

#72 Post by Stevo » Fri May 16, 2014 11:32 pm

Hmmm--it looks like Pipelight can be built on a Squeeze base. I think I kept getting a compile error when I tried it, though. Let me see if that can be fixed through some research. So far, Pipelight is only in the M12 test repo.

Currently, it is possible to install and run the latest Windows Flash Plugin and the Windows Firefox 29.0.1 in M11, using Wine, if the machine supports SSE2. We can't get around that. You have to use the full installer.exe for both, not the little stub that downloads the rest of the packages.

User avatar
tascoast
Forum Guide
Forum Guide
Posts: 1088
Joined: Sat Aug 06, 2011 4:58 am

Re: Another security update for Adobe Flash available

#73 Post by tascoast » Sat May 17, 2014 1:42 am

I have XP in VirtualBox as a potential solution to Flash issues and it delivers things like Google Earth fine for now. Not necessarily a long-term solution or for everyone but it's a lot easier than configuring Wine or other browser versions for me, given the work I've done previously to set it all up.

It's that awkward nexus between open source and propriety commercial interests that seem to spoil it for linux generally in the wider compatibility and popularity stakes. That and peoples' appetite for social media application....
Lenovo ThinkCentre A58 4GBRAM (64-bit), MX17/MX-16/antiX17/Mint 19

User avatar
Silent Observer
Forum Regular
Forum Regular
Posts: 432
Joined: Wed Nov 09, 2011 9:51 pm

Re: Another security update for Adobe Flash available

#74 Post by Silent Observer » Tue May 20, 2014 6:28 am

kmathern, I'm going to have to look at what you've posted again to make sense out of it, but I got that you've got Java working in all three browsers by installing it with a different method than the update-sun-jre package. A couple extra steps (every time there's an update from Oracle), but if it makes Java work in Chrome on antiX, it'll be worth it...
MEPIS 11 64-bit, MSI P6NGM-L motherboard, Core 2 Quad 9400 2.67 GHz, 4 GiB PC2-5300 RAM, 1 GiB nVidia GT520 on PCI Express x16.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17044
Joined: Fri Dec 15, 2006 8:07 pm

Re: Another security update for Adobe Flash available

#75 Post by Stevo » Tue May 20, 2014 9:51 am

It's not ready yet for everyday use, but an extension for Firefox, etc. to use PepperFlash is being developed:

http://www.webupd8.org/2014/05/fresh-pl ... flash.html

We'll need to keep an eye on it.

User avatar
kmathern
Forum Veteran
Forum Veteran
Posts: 9415
Joined: Wed Jul 12, 2006 2:26 pm

Re: Another security update for Adobe Flash available

#76 Post by kmathern » Tue May 20, 2014 10:23 am

Silent Observer wrote:kmathern, I'm going to have to look at what you've posted again to make sense out of it, but I got that you've got Java working in all three browsers by installing it with a different method than the update-sun-jre package. A couple extra steps (every time there's an update from Oracle), but if it makes Java work in Chrome on antiX, it'll be worth it...
I have a script that does it all in one step for me. It downloads the latest Oracle jre tarball, installs java-package -- if not already installed, runs make-jpkg to create a .deb, installs the .deb that was created -- with dpkg, runs update-java-alternatives. The script is on my old machine, so some time when I have it powered up I'll copy it over.

User avatar
kmathern
Forum Veteran
Forum Veteran
Posts: 9415
Joined: Wed Jul 12, 2006 2:26 pm

Re: Another security update for Adobe Flash available

#77 Post by kmathern » Tue May 20, 2014 12:26 pm

Stevo wrote:It's not ready yet for everyday use, but an extension for Firefox, etc. to use PepperFlash is being developed:

http://www.webupd8.org/2014/05/fresh-pl ... flash.html

We'll need to keep an eye on it.
I found that two of the build dependencies, libpangocairo-1.0-0 & libpangoft2-1.0-0, are only available in sid/Jessie. Is the Jessie pango1.0 source backportable to Wheezy?

User avatar
joany
Forum Veteran
Forum Veteran
Posts: 5919
Joined: Mon Feb 12, 2007 1:45 pm

Re: Another security update for Adobe Flash available

#78 Post by joany » Tue May 20, 2014 3:58 pm

Stevo wrote:It's not ready yet for everyday use, but an extension for Firefox, etc. to use PepperFlash is being developed:

http://www.webupd8.org/2014/05/fresh-pl ... flash.html

We'll need to keep an eye on it.
That's encouraging. When I clicked on the article, I saw this quote:
The Adobe Flash Player plugin that's bundled with Google Chrome is in the form of a PPAPI (or Pepper Plugin API) plugin and Mozilla isn't interested in adding support for it.
Mozilla isn't interested in supporting it? Unless Mozilla changes their tune, they will find that users aren't interested in supporting a browser that uses an antiquated plug-in that won't display the newest videos and other content.
kmathern wrote: I have a script that does it all in one step for me. It downloads the latest Oracle jre tarball, installs java-package -- if not already installed, runs make-jpkg to create a .deb, installs the .deb that was created -- with dpkg, runs update-java-alternatives. The script is on my old machine, so some time when I have it powered up I'll copy it over.
Please don't think I mean to be critical -- I'm sure the script works fine -- but the Java update process can also be done very easily manually. The initial setup is a bit of work, but updating Java afterwards is a snap.

The initial setup has three steps:

1. Unpack the jre tarball from Oracle in a directory that has a permanent name. You can create that directory as "/opt/jre-newest" or something like that.

2. For Firefox, set up a symbolic link: /usr/lib/mozilla/plugins/libnpjp2.so --> /opt/jre-newest/lib/i386 libnpjp2.so

3. As root, enter this code: update-alternatives --install /usr/bin/java java /opt/jre-newest/bin/java 1065

That's it. When a Java update comes along, you just have to get rid of the existing /opt/jre-newest directory, download the latest jre tarball from Sun, unpack it, and rename it as /opt/jre-newest, and the update is done. I think the update will also update the plug-in for Qupzilla, which seems to feed from the Mozilla plugin directory.
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver
You didn't slow down because you're old; you're old because you slowed down.

User avatar
kmathern
Forum Veteran
Forum Veteran
Posts: 9415
Joined: Wed Jul 12, 2006 2:26 pm

Re: Another security update for Adobe Flash available

#79 Post by kmathern » Tue May 20, 2014 4:18 pm

joany wrote:
kmathern wrote: I have a script that does it all in one step for me. It downloads the latest Oracle jre tarball, installs java-package -- if not already installed, runs make-jpkg to create a .deb, installs the .deb that was created -- with dpkg, runs update-java-alternatives. The script is on my old machine, so some time when I have it powered up I'll copy it over.
Please don't think I mean to be critical -- I'm sure the script works fine -- but the Java update process can also be done very easily manually. The initial setup is a bit of work, but updating Java afterwards is a snap.

The initial setup has three steps:

1. Unpack the jre tarball from Oracle in a directory that has a permanent name. You can create that directory as "/opt/jre-newest" or something like that.

2. For Firefox, set up a symbolic link: /usr/lib/mozilla/plugins/libnpjp2.so --> /opt/jre-newest/lib/i386 libnpjp2.so

3. As root, enter this code: update-alternatives --install /usr/bin/java java /opt/jre-newest/bin/java 1065

That's it. When a Java update comes along, you just have to get rid of the existing /opt/jre-newest directory, download the latest jre tarball from Sun, unpack it, and rename it as /opt/jre-newest, and the update is done. I think the update will also update the plug-in for Qupzilla, which seems to feed from the Mozilla plugin directory.
And all I have to do, for the initial install & updates, is:

Code: Select all

sudo bash install-oracle-jre
              • or

Code: Select all

su -c 'bash install-oracle-jre' #if you don't want to use sudo
The java plugin works in Firefox, Seamonkey, Chromium & Qupzilla. It should also work with Iceweasel, Google Chrome & Opera, I haven't tried it with them though.

edit: here's the script: https://dl.dropboxusercontent.com/u/184 ... oracle-jre

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17044
Joined: Fri Dec 15, 2006 8:07 pm

Re: Another security update for Adobe Flash available

#80 Post by Stevo » Wed May 21, 2014 9:35 am

kmathern wrote:
I found that two of the build dependencies, libpangocairo-1.0-0 & libpangoft2-1.0-0, are only available in sid/Jessie. Is the Jessie pango1.0 source backportable to Wheezy?
For M12 at least, those modules are contained in the standard libpango-dev package. Debian broke them out as separate packages upstream. I did a test build of freshplayer without those two dependencies and it went fine.

Currently, the path to the pepperflash plugin is to where Chrome installs it, so Chrome or a manual install of the plugin is required, but that hardcoded path can be changed in the source with a patch.

Post Reply

Return to “Security”