Slacko5.7-2018A

For talk and support relating specifically to Puppy derivatives
Message
Author
User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

Update "A" available

#121 Post by 8Geee »

The "A" version update is ready. Please see 1st Post on Page 1.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

B version with eeePC included

#122 Post by 8Geee »

Theres been a problem with these two base distros-spins in that printing by foomatic/gutenprint was broken. It took quite a while to hunt this down and fix it, but it is now done.

On the first post Page 1 is the new link to these "B" distros. I will keep the main eeePC version with the main Slacko5.7 updated version together.

In brief, the main culprit here was BASH, the Slackware update to 4.2.53 broke the process. Gutenprint 5.2.9 was suspected, and reloaded to no avail. BASH has been reverted to the original supplied 4.1.0(2) version, and this solves the problem. All other upgrades are installed with no apparent problems. So its the same as the previous spins, but with BASH reverted to allow printing.

I put the eeePC here with the original to simplify maintenance. The MINI, and EONS will remain separate. EONS has been fixed to allow printing, the MINI has not.

Just a word of caution and Caveat Emptor, that the reverting of BASH means that one should always use a firewall when on-line, and that when printing, disconnect fully from the internet. There is a problem with sh+ell%sho*ck.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#123 Post by 8Geee »

bumped due to board-spam.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#124 Post by 8Geee »

There is an update to rxvt in the Slackware updates.
This can be ignored as Slacko5.7 is using Urxvt (unicode-rxvt).
All that is presently installed is a symlink from rxvt to urxvt, and thats all that is needed.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Volhout
Posts: 547
Joined: Sun 28 Dec 2008, 08:41

EONS

#125 Post by Volhout »

Hi 8Geee,

There is a security issue with downloading the last (-B) version. earlier versions download well.

Volhout

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#126 Post by 8Geee »

I did not have this problem. Link on Page 1 of this thread went to D/L no problems.

I would check into your browser security settings. AFAIK, the site uses at least TLS1.1 encryption.

OTOH, do you mean the sums don't match after D/L?

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

expat update

#127 Post by 8Geee »

A reminder that slackware has published an update to expat (XML parser/handler).
This update needs a symlink in usr/lib. Toss the old 1.6.2 version after installation, then make a symlink from 1.6.4 back to 1.6.2. This symlink fix is necessary.

The usr/doc files may be deleted, and root/.packages needs the new version moved to builtin_packages (the old one can be removed).

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

tcpdump repair

#128 Post by 8Geee »

As of today 25/07/17 there is a bugfix at slackware.
It seems that tcpdump's last patch (4.9.0) has a bug that allows a DoS.
The Patch has been fixed as tcpdump4.9.1.

This problem exists in all 4 of my spins, and needs to be serviced.

Upon D/L from Slackware
navigate to usr/sbin and delete tcpdump4.9.0
make a relative link (R-Click on tcpdump4.9.1) and rename the link to tcpdump4.9.0
Click OK (this is all necessary as theres two active tcpdumps)

You may remove the usr/doc files, and MOVE root/.packages/tcpdump4.9.1_files to the "builtin" folder.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Sailor Enceladus
Posts: 1543
Joined: Mon 22 Feb 2016, 19:43

#129 Post by Sailor Enceladus »

Do your spins have /usr/sbin/tcpdump4.9.0? The original Slacko 5.7 doesn't seem to have any tcpdump, even though it is listed in woof-packages, because the tcpdump template in woof-CE only kept /usr/lib (not /usr/sbin). So I think tcpdump in puppy was not vulnerable because it didn't exist when they built the iso in woof-CE? This has been changed recently here though.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#130 Post by 8Geee »

They all had the "original" tcpdump in usr/sbin (This is where Slacko5.7 locates it). In Feb. 2017 Uncle Slacky updated it to 4.9.0. There were many reasons for that,as the link illustrates. I made a few symlinks JIC software called to an incorrect placement. So theres a link in usr/bin and /sbiin. These two point to 4.9.0 in usr/sbin. This new patch corrects a DoS bug in 4.9.0, and a reletive link must be made from 4.9.0 to 4.9.1. As far as woof builds, I'm not so sure, as they are relying on the original, unpatched version from 2013. A lot has happened since then security-wise, and I thought it better to patch the original version.

So, yes, tcpdump 4.9.1 can be installed. Both 4.9.0 and 4.9.1 are not installed in the most recent iso's.

***EDIT*** Edited to show the lengthy DoS problems patched in tcpdump4.9.0.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Pelo

slacko5.7-2017A

#131 Post by Pelo »

These two spins fix broken printing in slacko5.7-2017A and the eeepc version. BASH was reverted to 4.1.0(2) from the Slackware update of 4.2.53 to accomplish this. Therefore there are security concers;
1.) Operate these distros behind an active firewall at all times while using the internet.
2.) Disconnect from the internet when printing.
Downloaded and istalled by ISObototer beside versionmini-eee2.iso: 133 M
I don't have a printer and I never use Firewall. It does not matter.

timeout 10
default 0

title mini-eee2
partnew (hd0,3) 0x00 (hd0,0)/mini-eee2.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/mini-eee2.iso (0xff)
map --hook
root (0xff)
kernel /vmlinuz pmedia=cd psavemark=1 pfix=fsck
initrd /initrd.gz

title s57-2017B
partnew (hd0,3) 0x00 (hd0,0)/s57-2017B.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/s57-2017B.iso (0xff)
map --hook
root (0xff)
kernel /vmlinuz pmedia=cd psavemark=1 pfix=fsck
initrd /initrd.gz

title StretchDog32-2017-07-04
partnew (hd0,3) 0x00 (hd0,0)/StretchDog32-2017-07-04.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/StretchDog32-2017-07-04.iso (0xff)
map --hook
root (0xff)
chainloader (0xff)

title TrunkPup540
partnew (hd0,3) 0x00 (hd0,0)/TrunkPup540.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/TrunkPup540.iso (0xff)
map --hook
root (0xff)
kernel /vmlinuz pmedia=cd psavemark=1 pfix=fsck
initrd /initrd.gz

title More ISOs (see the instructions)
configfile (hd0,x)/menu.lst
commandline
Attachments
Asus.jpg
registered in kennel book OSMO
(85.67 KiB) Downloaded 462 times
Last edited by Pelo on Tue 08 Aug 2017, 04:34, edited 1 time in total.

Pelo

S57GZBOX.iso: 322 M is it yours,8Geee ?

#132 Post by Pelo »

S57GZBOX.iso: 322 M is it yours,8Geee ?
Stored in my Puppytheque for install, i did not fount the topic about it.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

curl update

#133 Post by 8Geee »

Recently there has been an update to curl 7.51 --> 7.55. There are security concerns in how the certificates are handled, and a few errors.

NOTE: if you get a "broken link" error in the Updates Package in Slacko 5.7, please
use this link. Answer "Yes" and the Puppy Package Manager will install the update. You may remove the /usr/doc files, and place the "curl7.55_files" in /root/.config into the built_in folder.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

YouTube misbehaving (again)

#134 Post by 8Geee »

Recently I have noticed that YouTube has refused to play in all four spins.

There is a fix for this with a few quirks;
1.) Videos will not play in a new tab.
2.) Videos are not paused at start.
3.) The gear icon at lower right of video must be used to turn off
annotations and autoplay.

By pausing the Vid, the settings in item 3 can be changed. Then resume play.

To accomplish this;
1.) Disconnect from internet
2.) Open Firefox and click OK in "not connected" dialog.
3.) Click on TOOLS. Select Add-ons. Find YouTube ALL HTML5 2.1.3,
and Click on PREFERENCES.
a.) UNCHECK Disable SPF
b.) CHANGE Internet Explorer to API by clicking on the API option.

4.) Open a new tab using the "+" at top of page, and close the other tab.
5.) In the address bar type about:config and click OK
6.) In the search bar type media
7.) Scroll to media.mediasource.enabled and double-click to "TRUE"
8.) Close Firefox
9.) Goto MENU ---> SHUTDOWN and select "Restart Graphical Server"

Step 9. is needed in case FF hangs on closure (it does sometimes when
there are setting changes).

When you connect to the internet you can try the settings at YouTube.
The unsupported whine can be ignored using the "NO THANKS" button.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#135 Post by 8Geee »

Sorry for late reply PELO.
No, that s57gzbox is not mine.

Working on 2018 version for eeePC, next will be Slacko5.7 update.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Pelo

developers record their name somewhere : idea

#136 Post by Pelo »

Would be nice that the developers record their name somewhere in the ISO. Passengers don't know where to post, to feed back for bugs but not only,
it can be for congratulations :
Linux people generally test how it is done, passengers from Windows test what applications the Puppy provides free of charge, for their leasure, and pleasure.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

slacko5.7-2018 is ready for D/L

#137 Post by 8Geee »

After some testing, the 2018 version of Slacko5.7 is available. Its all the same as 01micko's original with security updates, a migration to OpenSSL 1.0.2k (supported), and FireFox 27.0.1 that has been configured towards security/privacy. Printing problems are solved by using a recent BASH 4.1.17 update provided by Uncle Slacky. The "eeePC" version is deprocated. Please see Post #1 on Page #1.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

2 updates already

#138 Post by 8Geee »

It figures as soon as the new general updates get U/L for use that two security updates from Uncle Slack are released.

The first one (was) is libxml2 (9/23/17). This does not have a CVE entry, but was discovered internally by Slackware. A symlink is needed after removing the older version. The DOC files can be removed and the .packages file in root can be moved to builtin_files with removal of the most recent version.
----------------------------------------------------
The second is curl7.56 This one has CVE entries and the write up suggests that this one be done.

"Due to a flaw in the string parser for the directory name, a directory name passed without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path."

As with the first update a symlink is needed, and the .packages file moved. Folks that are directly using CURL might want to keep the DOC files.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#139 Post by Sylvander »

Can this be used to update Slacko-5.7.0-pae?

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#140 Post by 8Geee »

32-bit yes

64-bit needs the x86-64 version

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Post Reply