Puppy Linux Discussion Forum

[Pelo]

Would be nice that the developers record their name somewhere in the ISO. Passengers don't know where to post, to feed back for bugs but not only,
it can be for congratulations :
Linux people generally test how it is done, passengers from Windows test what applications the Puppy provides free of charge, for their leasure, and pleasure.

[8Geee]

After some testing, the 2018 version of Slacko5.7 is available. Its all the same as 01micko's original with security updates, a migration to OpenSSL 1.0.2k (supported), and FireFox 27.0.1 that has been configured towards security/privacy. Printing problems are solved by using a recent BASH 4.1.17 update provided by Uncle Slacky. The "eeePC" version is deprocated. Please see Post #1 on Page #1.

Regards
8Geee

[8Geee]

It figures as soon as the new general updates get U/L for use that two security updates from Uncle Slack are released.

The first one (was) is libxml2 (9/23/17). This does not have a CVE entry, but was discovered internally by Slackware. A symlink is needed after removing the older version. The DOC files can be removed and the .packages file in root can be moved to builtin_files with removal of the most recent version.
----------------------------------------------------
The second is curl7.56 This one has CVE entries and the write up suggests that this one be done.

"Due to a flaw in the string parser for the directory name, a directory name passed without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path."

As with the first update a symlink is needed, and the .packages file moved. Folks that are directly using CURL might want to keep the DOC files.

Regards
8Geee

[Sylvander]

Can this be used to update Slacko-5.7.0-pae?

[8Geee]

32-bit yes

64-bit needs the x86-64 version

Regards
8Geee

[Sylvander]

[8Geee]

This is a non-PAE spin based on a non-PAE distro, however Arching is invoked.

PAE is simply the NX execution bit on the physical CPU die (read/access 4Gb or more RAM-memory).

32-bit is 32-bit.
64-bit is PAE only as far as I am aware, and is 64 bit (x86-64 AMD or i-64 Intel).

Arching allows 64-bit to read/execute 32-bit instructions, and allows 32-bit to read/access up to 4Gb RAM memory (what we call nonPAE is a WINDOWS requirement that limits access to about 3.5Gb RAM)

32-bit cannot read/execute 64-bit instruction.

Arching is a kernel function that is allowed in this spin and 01micko's original

The full title of this distro is Pupply Slacko5.7.i-686-4GnonPAE if I recall correctly. The full tiitle implies arching, so that 32-bit nonPAE can read/acess up to the full 4Gb RAM permitted by 32-bit architecture.

So its 32-bit version regardless of PAE/nonPAE due to Arching IF the CPU is 32-bit.
And if your CPU is 64-bit its PAE, but needs the 64-bit version of the update..

Regards
8Geee

[Sylvander]

OK.
I dare to hope that I have succeeded in comprehending the meaning of what you said.

[8Geee]

The August 2017 version of the FF27 thats installed has a bug/typo in about:config and its an important one...

Change the "4" value in security.tls.version.max to a "3" w/o quotes. It appears that the 4 value DOES NOT imply TLS1.3, but rather recycles to a ZERO setting allowing TLS 1.0 (not secure). And it appears in Edit --> Preferences I left the popup blocker on... thats a nuissance here, and elsewhere when internally re-directing to another page.

Regards
8Geee

[8Geee]

A very important update for wi-fi users... Slackware has published the wpa_supplicant update to mitigate "KRACK" vunerabilities. Its about as mandatory as possible, since this is a global failure of wpa_supplicant.

Note that MENU --> Setup --> Updates from Slackware MUST show version 2.6

If it does not, goto MENU --> System --> Puppy Package Manager and click on the crossed wrench

Make sure only these boxes are checked

puppy-slacko-official
Slackware-14.0-official
Slackware-14.0-patches
Option: Slackware-14.0-salix (European)

When set close both the Wrench window and PPM window.
Reopen the PPM and the wrench window and click on UPDATE NOW
Press enter for all options
When done: close both windows

Now you will have the latest updates available from Uncle Slacky, and can D/L the patch for wpa_supplicant.

I recommend keeping the usr/doc files for this update, and moving the ~/.packages file into the built_in folder.

Regards
8Geee

[8Geee]

Due to the severity off the WPA_supplicant issues, I haave updated the Slacko5.7-2018 version to an "A" revision. Please see 1st Post on 1st Page.

Regards
8Geee

[8Geee]

A reminder that curl and wget have just been patched.
curl --> 7.56-1

3/20/2018: the wget patch has been removed from this thread after discovering it is the cause of problems D/L patches from PPM and slackware

No symlinks are needed, and /usr/doc files can be removed.
The root/.packages files can be moved to built_in

Regards
8Geee

[8Geee]

Slackware has made available an openssl patch from 1.0.2k --> 1.0.2m today. Thiss update proceeds differently than all others due to the 1.0.2 version.

Go to slackware.com --> Security Advisories --> 2017

At or near top of list is the "openssl" update link, click on that.

There are TWO files to D/L, first is the "solibs". It may be underneath the main file.

Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay

When done go back to previous tab and repeat these steps for the "openssl" itself.

When done with both D/L's close the browser and disconnect from internet.

There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in and delete the 1.0.2K files.

At this point, a shutdown and reboot can be done, then connect to internet again.

Regards
8Geee

[8Geee]

Two updates were provided today from slackware.

Curl 7.57 is newest curl patch available. This fixes improper wildcard use, and SSL reads 'out of bounds'. No symlinks are needed, and the package text file can be moved to built_in folder. DOC files may be discarded, though users of curl-ftp should review them.

LibXcursor has not been updated in slacko5.7 since inception. At this time there is need to correct improper sizing of requests for 32-bit systems. Again, no need for symlinks, and DOC files can be reviewed/tossed. Move the /~.package file to built_in.

EDIT*** libXfont did not appear in the Slackware update in MENU... yet libXfont does exist. Go to Slackware.com --> Security Advisories --> 2017. It is near the top. See the "openssl 1.0.2m" update posting just above for parallel instructions to install.

Regards
8Geee

[8Geee]

Theres a new update to Openssl from 1.0.2m --> n.
The proceedure for install:

Go to slackware.com --> Security Advisories --> 2017

At or near top of list is the "openssl" update link, click on that.

There are TWO files to D/L, first is the "solibs". It may be underneath the main file.

Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay

When done go back to previous tab and repeat these steps for the "openssl" itself.

When done with both D/L's close the browser and disconnect from internet.

There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in.

Regards
8Geee