(old)Puppy Linux Discussion Forum

The "A" version update is ready. Please see 1st Post on Page 1.

Regards
8Geee

Theres been a problem with these two base distros-spins in that printing by foomatic/gutenprint was broken. It took quite a while to hunt this down and fix it, but it is now done.

On the first post Page 1 is the new link to these "B" distros. I will keep the main eeePC version with the main Slacko5.7 updated version together.

In brief, the main culprit here was BASH, the Slackware update to 4.2.53 broke the process. Gutenprint 5.2.9 was suspected, and reloaded to no avail. BASH has been reverted to the original supplied 4.1.0(2) version, and this solves the problem. All other upgrades are installed with no apparent problems. So its the same as the previous spins, but with BASH reverted to allow printing.

I put the eeePC here with the original to simplify maintenance. The MINI, and EONS will remain separate. EONS has been fixed to allow printing, the MINI has not.

Just a word of caution and Caveat Emptor, that the reverting of BASH means that one should always use a firewall when on-line, and that when printing, disconnect fully from the internet. There is a problem with sh+ell%sho*ck.

Regards
8Geee

bumped due to board-spam.

Regards
8Geee

There is an update to rxvt in the Slackware updates.
This can be ignored as Slacko5.7 is using Urxvt (unicode-rxvt).
All that is presently installed is a symlink from rxvt to urxvt, and thats all that is needed.

Regards
8Geee

Hi 8Geee,

There is a security issue with downloading the last (-B) version. earlier versions download well.

Volhout

I did not have this problem. Link on Page 1 of this thread went to D/L no problems.

I would check into your browser security settings. AFAIK, the site uses at least TLS1.1 encryption.

OTOH, do you mean the sums don't match after D/L?

Regards
8Geee

A reminder that slackware has published an update to expat (XML parser/handler).
This update needs a symlink in usr/lib. Toss the old 1.6.2 version after installation, then make a symlink from 1.6.4 back to 1.6.2. This symlink fix is necessary.

The usr/doc files may be deleted, and root/.packages needs the new version moved to builtin_packages (the old one can be removed).

Regards
8Geee

As of today 25/07/17 there is a bugfix at slackware.
It seems that tcpdump's last patch (4.9.0) has a bug that allows a DoS.
The Patch has been fixed as tcpdump4.9.1.

This problem exists in all 4 of my spins, and needs to be serviced.

Upon D/L from Slackware
navigate to usr/sbin and delete tcpdump4.9.0
make a relative link (R-Click on tcpdump4.9.1) and rename the link to tcpdump4.9.0
Click OK (this is all necessary as theres two active tcpdumps)

You may remove the usr/doc files, and MOVE root/.packages/tcpdump4.9.1_files to the "builtin" folder.

Regards
8Geee

Do your spins have /usr/sbin/tcpdump4.9.0? The original Slacko 5.7 doesn't seem to have any tcpdump, even though it is listed in woof-packages, because the tcpdump template in woof-CE only kept /usr/lib (not /usr/sbin). So I think tcpdump in puppy was not vulnerable because it didn't exist when they built the iso in woof-CE? This has been changed recently here though.

They all had the "original" tcpdump in usr/sbin (This is where Slacko5.7 locates it). In Feb. 2017 Uncle Slacky updated it to 4.9.0. There were many reasons for that,as the link illustrates. I made a few symlinks JIC software called to an incorrect placement. So theres a link in usr/bin and /sbiin. These two point to 4.9.0 in usr/sbin. This new patch corrects a DoS bug in 4.9.0, and a reletive link must be made from 4.9.0 to 4.9.1. As far as woof builds, I'm not so sure, as they are relying on the original, unpatched version from 2013. A lot has happened since then security-wise, and I thought it better to patch the original version.

So, yes, tcpdump 4.9.1 can be installed. Both 4.9.0 and 4.9.1 are not installed in the most recent iso's.

***EDIT*** Edited to show the lengthy DoS problems patched in tcpdump4.9.0.

Regards
8Geee

These two spins fix broken printing in slacko5.7-2017A and the eeepc version. BASH was reverted to 4.1.0(2) from the Slackware update of 4.2.53 to accomplish this. Therefore there are security concers;
1.) Operate these distros behind an active firewall at all times while using the internet.
2.) Disconnect from the internet when printing.
Downloaded and istalled by ISObototer beside versionmini-eee2.iso: 133 M
I don't have a printer and I never use Firewall. It does not matter.

timeout 10
default 0

title mini-eee2
partnew (hd0,3) 0x00 (hd0,0)/mini-eee2.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/mini-eee2.iso (0xff)
map --hook
root (0xff)
kernel /vmlinuz pmedia=cd psavemark=1 pfix=fsck
initrd /initrd.gz

title s57-2017B
partnew (hd0,3) 0x00 (hd0,0)/s57-2017B.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/s57-2017B.iso (0xff)
map --hook
root (0xff)
kernel /vmlinuz pmedia=cd psavemark=1 pfix=fsck
initrd /initrd.gz

title StretchDog32-2017-07-04
partnew (hd0,3) 0x00 (hd0,0)/StretchDog32-2017-07-04.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/StretchDog32-2017-07-04.iso (0xff)
map --hook
root (0xff)
chainloader (0xff)

title TrunkPup540
partnew (hd0,3) 0x00 (hd0,0)/TrunkPup540.iso
map --heads=0 --sectors-per-track=0 (hd0,0)/TrunkPup540.iso (0xff)
map --hook
root (0xff)
kernel /vmlinuz pmedia=cd psavemark=1 pfix=fsck
initrd /initrd.gz

title More ISOs (see the instructions)
configfile (hd0,x)/menu.lst
commandline

S57GZBOX.iso: 322 M is it yours,8Geee ?
Stored in my Puppytheque for install, i did not fount the topic about it.

Recently there has been an update to curl 7.51 --> 7.55. There are security concerns in how the certificates are handled, and a few errors.

NOTE: if you get a "broken link" error in the Updates Package in Slacko 5.7, please
use this link. Answer "Yes" and the Puppy Package Manager will install the update. You may remove the /usr/doc files, and place the "curl7.55_files" in /root/.config into the built_in folder.

Regards
8Geee

Recently I have noticed that YouTube has refused to play in all four spins.

There is a fix for this with a few quirks;
1.) Videos will not play in a new tab.
2.) Videos are not paused at start.
3.) The gear icon at lower right of video must be used to turn off
annotations and autoplay.

By pausing the Vid, the settings in item 3 can be changed. Then resume play.

To accomplish this;
1.) Disconnect from internet
2.) Open Firefox and click OK in "not connected" dialog.
3.) Click on TOOLS. Select Add-ons. Find YouTube ALL HTML5 2.1.3,
and Click on PREFERENCES.
a.) UNCHECK Disable SPF
b.) CHANGE Internet Explorer to API by clicking on the API option.

4.) Open a new tab using the "+" at top of page, and close the other tab.
5.) In the address bar type about:config and click OK
6.) In the search bar type media
7.) Scroll to media.mediasource.enabled and double-click to "TRUE"
8.) Close Firefox
9.) Goto MENU ---> SHUTDOWN and select "Restart Graphical Server"

Step 9. is needed in case FF hangs on closure (it does sometimes when
there are setting changes).

When you connect to the internet you can try the settings at YouTube.
The unsupported whine can be ignored using the "NO THANKS" button.

Regards
8Geee

Sorry for late reply PELO.
No, that s57gzbox is not mine.

Working on 2018 version for eeePC, next will be Slacko5.7 update.

Regards
8Geee

Would be nice that the developers record their name somewhere in the ISO. Passengers don't know where to post, to feed back for bugs but not only,
it can be for congratulations :
Linux people generally test how it is done, passengers from Windows test what applications the Puppy provides free of charge, for their leasure, and pleasure.

After some testing, the 2018 version of Slacko5.7 is available. Its all the same as 01micko's original with security updates, a migration to OpenSSL 1.0.2k (supported), and FireFox 27.0.1 that has been configured towards security/privacy. Printing problems are solved by using a recent BASH 4.1.17 update provided by Uncle Slacky. The "eeePC" version is deprocated. Please see Post #1 on Page #1.

Regards
8Geee

It figures as soon as the new general updates get U/L for use that two security updates from Uncle Slack are released.

The first one (was) is libxml2 (9/23/17). This does not have a CVE entry, but was discovered internally by Slackware. A symlink is needed after removing the older version. The DOC files can be removed and the .packages file in root can be moved to builtin_files with removal of the most recent version.
----------------------------------------------------
The second is curl7.56 This one has CVE entries and the write up suggests that this one be done.

"Due to a flaw in the string parser for the directory name, a directory name passed without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path."

As with the first update a symlink is needed, and the .packages file moved. Folks that are directly using CURL might want to keep the DOC files.

Regards
8Geee

Can this be used to update Slacko-5.7.0-pae?

32-bit yes

64-bit needs the x86-64 version

Regards
8Geee