Slacko5.7-2018A

For talk and support relating specifically to Puppy derivatives
Message
Author
Pelo

developers record their name somewhere : idea

#136 Post by Pelo »

Would be nice that the developers record their name somewhere in the ISO. Passengers don't know where to post, to feed back for bugs but not only,
it can be for congratulations :
Linux people generally test how it is done, passengers from Windows test what applications the Puppy provides free of charge, for their leasure, and pleasure.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

slacko5.7-2018 is ready for D/L

#137 Post by 8Geee »

After some testing, the 2018 version of Slacko5.7 is available. Its all the same as 01micko's original with security updates, a migration to OpenSSL 1.0.2k (supported), and FireFox 27.0.1 that has been configured towards security/privacy. Printing problems are solved by using a recent BASH 4.1.17 update provided by Uncle Slacky. The "eeePC" version is deprocated. Please see Post #1 on Page #1.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

2 updates already

#138 Post by 8Geee »

It figures as soon as the new general updates get U/L for use that two security updates from Uncle Slack are released.

The first one (was) is libxml2 (9/23/17). This does not have a CVE entry, but was discovered internally by Slackware. A symlink is needed after removing the older version. The DOC files can be removed and the .packages file in root can be moved to builtin_files with removal of the most recent version.
----------------------------------------------------
The second is curl7.56 This one has CVE entries and the write up suggests that this one be done.

"Due to a flaw in the string parser for the directory name, a directory name passed without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path."

As with the first update a symlink is needed, and the .packages file moved. Folks that are directly using CURL might want to keep the DOC files.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#139 Post by Sylvander »

Can this be used to update Slacko-5.7.0-pae?

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#140 Post by 8Geee »

32-bit yes

64-bit needs the x86-64 version

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#141 Post by Sylvander »

8Geee wrote:32-bit yes
Since it is pae, it is [must be] 32-bit.
And will it still be pae?
This is a non-pae OS, right?

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#142 Post by 8Geee »

This is a non-PAE spin based on a non-PAE distro, however Arching is invoked.

PAE is simply the NX execution bit on the physical CPU die (read/access 4Gb or more RAM-memory).

32-bit is 32-bit.
64-bit is PAE only as far as I am aware, and is 64 bit (x86-64 AMD or i-64 Intel).

Arching allows 64-bit to read/execute 32-bit instructions, and allows 32-bit to read/access up to 4Gb RAM memory (what we call nonPAE is a WINDOWS requirement that limits access to about 3.5Gb RAM)

32-bit cannot read/execute 64-bit instruction.

Arching is a kernel function that is allowed in this spin and 01micko's original

The full title of this distro is Pupply Slacko5.7.i-686-4GnonPAE if I recall correctly. The full tiitle implies arching, so that 32-bit nonPAE can read/acess up to the full 4Gb RAM permitted by 32-bit architecture.

So its 32-bit version regardless of PAE/nonPAE due to Arching IF the CPU is 32-bit.
And if your CPU is 64-bit its PAE, but needs the 64-bit version of the update..

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#143 Post by Sylvander »

OK.
I dare to hope that I have succeeded in comprehending the meaning of what you said. :D

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

firefox bug/typo

#144 Post by 8Geee »

The August 2017 version of the FF27 thats installed has a bug/typo in about:config and its an important one...

Change the "4" value in security.tls.version.max to a "3" w/o quotes. It appears that the 4 value DOES NOT imply TLS1.3, but rather recycles to a ZERO setting allowing TLS 1.0 (not secure). And it appears in Edit --> Preferences I left the popup blocker on... thats a nuissance here, and elsewhere when internally re-directing to another page.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

wpa_supplicant

#145 Post by 8Geee »

A very important update for wi-fi users... Slackware has published the wpa_supplicant update to mitigate "KRACK" vunerabilities. Its about as mandatory as possible, since this is a global failure of wpa_supplicant.

Note that MENU --> Setup --> Updates from Slackware MUST show version 2.6

If it does not, goto MENU --> System --> Puppy Package Manager and click on the crossed wrench

Make sure only these boxes are checked

puppy-slacko-official
Slackware-14.0-official
Slackware-14.0-patches
Option: Slackware-14.0-salix (European)

When set close both the Wrench window and PPM window.
Reopen the PPM and the wrench window and click on UPDATE NOW
Press enter for all options
When done: close both windows

Now you will have the latest updates available from Uncle Slacky, and can D/L the patch for wpa_supplicant.

I recommend keeping the usr/doc files for this update, and moving the ~/.packages file into the built_in folder.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

s57-2018A revision

#146 Post by 8Geee »

Due to the severity off the WPA_supplicant issues, I haave updated the Slacko5.7-2018 version to an "A" revision. Please see 1st Post on 1st Page.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

curl updates

#147 Post by 8Geee »

A reminder that curl and wget have just been patched.
curl --> 7.56-1

3/20/2018: the wget patch has been removed from this thread after discovering it is the cause of problems D/L patches from PPM and slackware

No symlinks are needed, and /usr/doc files can be removed.
The root/.packages files can be moved to built_in

Regards
8Geee
Last edited by 8Geee on Tue 20 Mar 2018, 04:01, edited 1 time in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

Openssl 1.0.2m update

#148 Post by 8Geee »

Slackware has made available an openssl patch from 1.0.2k --> 1.0.2m today. Thiss update proceeds differently than all others due to the 1.0.2 version.

Go to slackware.com --> Security Advisories --> 2017

At or near top of list is the "openssl" update link, click on that.

There are TWO files to D/L, first is the "solibs". It may be underneath the main file.

Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay

When done go back to previous tab and repeat these steps for the "openssl" itself.

When done with both D/L's close the browser and disconnect from internet.

There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in and delete the 1.0.2K files.

At this point, a shutdown and reboot can be done, then connect to internet again.

Regards
8Geee
Last edited by 8Geee on Thu 30 Nov 2017, 01:08, edited 1 time in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

Curl 7.57 Xfont 1.4.7 and Xcursor 1.15

#149 Post by 8Geee »

Two updates were provided today from slackware.

Curl 7.57 is newest curl patch available. This fixes improper wildcard use, and SSL reads 'out of bounds'. No symlinks are needed, and the package text file can be moved to built_in folder. DOC files may be discarded, though users of curl-ftp should review them.

LibXcursor has not been updated in slacko5.7 since inception. At this time there is need to correct improper sizing of requests for 32-bit systems. Again, no need for symlinks, and DOC files can be reviewed/tossed. Move the /~.package file to built_in.

EDIT*** libXfont did not appear in the Slackware update in MENU... yet libXfont does exist. Go to Slackware.com --> Security Advisories --> 2017. It is near the top. See the "openssl 1.0.2m" update posting just above for parallel instructions to install.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

openssl 1.0.2n

#150 Post by 8Geee »

Theres a new update to Openssl from 1.0.2m --> n.
The proceedure for install:

Go to slackware.com --> Security Advisories --> 2017

At or near top of list is the "openssl" update link, click on that.

There are TWO files to D/L, first is the "solibs". It may be underneath the main file.

Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay

When done go back to previous tab and repeat these steps for the "openssl" itself.

When done with both D/L's close the browser and disconnect from internet.

There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

tommy
Posts: 133
Joined: Tue 04 Oct 2005, 20:21
Location: Italy

#151 Post by tommy »

Hi, I'm using this puplet with my old Hp Pavilion and it works great!

I noticed that it has an auto shutdown feature, if I leave the PC alone for a short period of time, maybe 20 - 30 minutes, then come back I find it shutted down. Even if I'm watching a film, and I use the keyboard to pause and resume it, but no mouse movement is done, after 20 to 30 minutes the 'first shutdown message' appears top layer, over the mplayer window. I have to close the shutdown window to stop it.

Is it possible to disable this feature, or to change the default shutdown timing to a longer interval?

I thought the /usr/local/pup_event/pup_event_frontend_d process was involved, but I killed it and the auto shutdown feature is still present.

Thank you in advance for ideas...

tommy
Posts: 133
Joined: Tue 04 Oct 2005, 20:21
Location: Italy

#152 Post by tommy »

Nevermind, I found the auto shutdown timing in :

menu -> System -> Puppy event manager -> Power tab :oops:

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#153 Post by 8Geee »

Recently, I had a chance to review some of the Firefox problems recently encountered. Two problems stand out, and are sometimes used together.

The first is 'workers' that fetch data among other things. These have historically been a nuisance, but with the recent Meltdown/Spectre problems, their usefullness has ended on these older builds like FF27.

The second is 'indexed DB (database)', Again, its been a nuisance that is now in need of an off button.

So, about:config needs a few changes.

Disconnect from internet and open FF27.
In the address bar type about:config and be careful.
In the search bar type worker
Four entries will appear in FF27,
'FALSE' three of them, and change the numeric entry to 1.

OK, in the search bar type index
There will be numerous entries, but two of them are important right now...

dom.indexedDB.enabled
dom.indexedDB.experimental

Both of these two must be set to false (experimental 'should be' false by default)

Now that these are done, close the browser, wait 5-10 seconds and Goto MENU --> Shutdown --> Restart Graphical Server and click. (This step prevents a hang on normal re-starts of the browser).

Other things related to Meltdown/Spectre usually involve autocomplete, or autofill (because they involve caching predicted data). I have already (for a long time) mitigated these in about:config. Consider resetting them to false if you have enabled these 'conveniences'.

At this point, reconnect to internet as usual.

Regards
8Geee
Last edited by 8Geee on Thu 25 Jan 2018, 05:58, edited 1 time in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

CURL update 7.58

#154 Post by 8Geee »

Curl and Slackware have posted an update for curl -->7.58

Users of curl may wish to read this announcement for a better understanding of the redirection ploy.

The patch is located at slackware.com or in MENU --> Setup --> Slackware Updates

There are no symlinks needed, and usr/DOCS/curl can be removed if not needed. Also, /root/.packages should have the new 7.58 version moved to builtin files with the older file removed.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Sailor Enceladus
Posts: 1543
Joined: Mon 22 Feb 2016, 19:43

#155 Post by Sailor Enceladus »

Thanks 8Geee. Nice to see slackware giving 14.0 more attention again lately. Maybe they found us :)

Post Reply