Slacko5.7-2018A
developers record their name somewhere : idea
Would be nice that the developers record their name somewhere in the ISO. Passengers don't know where to post, to feed back for bugs but not only,
it can be for congratulations :
Linux people generally test how it is done, passengers from Windows test what applications the Puppy provides free of charge, for their leasure, and pleasure.
it can be for congratulations :
Linux people generally test how it is done, passengers from Windows test what applications the Puppy provides free of charge, for their leasure, and pleasure.
slacko5.7-2018 is ready for D/L
After some testing, the 2018 version of Slacko5.7 is available. Its all the same as 01micko's original with security updates, a migration to OpenSSL 1.0.2k (supported), and FireFox 27.0.1 that has been configured towards security/privacy. Printing problems are solved by using a recent BASH 4.1.17 update provided by Uncle Slacky. The "eeePC" version is deprocated. Please see Post #1 on Page #1.
Regards
8Geee
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
2 updates already
It figures as soon as the new general updates get U/L for use that two security updates from Uncle Slack are released.
The first one (was) is libxml2 (9/23/17). This does not have a CVE entry, but was discovered internally by Slackware. A symlink is needed after removing the older version. The DOC files can be removed and the .packages file in root can be moved to builtin_files with removal of the most recent version.
----------------------------------------------------
The second is curl7.56 This one has CVE entries and the write up suggests that this one be done.
"Due to a flaw in the string parser for the directory name, a directory name passed without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path."
As with the first update a symlink is needed, and the .packages file moved. Folks that are directly using CURL might want to keep the DOC files.
Regards
8Geee
The first one (was) is libxml2 (9/23/17). This does not have a CVE entry, but was discovered internally by Slackware. A symlink is needed after removing the older version. The DOC files can be removed and the .packages file in root can be moved to builtin_files with removal of the most recent version.
----------------------------------------------------
The second is curl7.56 This one has CVE entries and the write up suggests that this one be done.
"Due to a flaw in the string parser for the directory name, a directory name passed without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path."
As with the first update a symlink is needed, and the .packages file moved. Folks that are directly using CURL might want to keep the DOC files.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
This is a non-PAE spin based on a non-PAE distro, however Arching is invoked.
PAE is simply the NX execution bit on the physical CPU die (read/access 4Gb or more RAM-memory).
32-bit is 32-bit.
64-bit is PAE only as far as I am aware, and is 64 bit (x86-64 AMD or i-64 Intel).
Arching allows 64-bit to read/execute 32-bit instructions, and allows 32-bit to read/access up to 4Gb RAM memory (what we call nonPAE is a WINDOWS requirement that limits access to about 3.5Gb RAM)
32-bit cannot read/execute 64-bit instruction.
Arching is a kernel function that is allowed in this spin and 01micko's original
The full title of this distro is Pupply Slacko5.7.i-686-4GnonPAE if I recall correctly. The full tiitle implies arching, so that 32-bit nonPAE can read/acess up to the full 4Gb RAM permitted by 32-bit architecture.
So its 32-bit version regardless of PAE/nonPAE due to Arching IF the CPU is 32-bit.
And if your CPU is 64-bit its PAE, but needs the 64-bit version of the update..
Regards
8Geee
PAE is simply the NX execution bit on the physical CPU die (read/access 4Gb or more RAM-memory).
32-bit is 32-bit.
64-bit is PAE only as far as I am aware, and is 64 bit (x86-64 AMD or i-64 Intel).
Arching allows 64-bit to read/execute 32-bit instructions, and allows 32-bit to read/access up to 4Gb RAM memory (what we call nonPAE is a WINDOWS requirement that limits access to about 3.5Gb RAM)
32-bit cannot read/execute 64-bit instruction.
Arching is a kernel function that is allowed in this spin and 01micko's original
The full title of this distro is Pupply Slacko5.7.i-686-4GnonPAE if I recall correctly. The full tiitle implies arching, so that 32-bit nonPAE can read/acess up to the full 4Gb RAM permitted by 32-bit architecture.
So its 32-bit version regardless of PAE/nonPAE due to Arching IF the CPU is 32-bit.
And if your CPU is 64-bit its PAE, but needs the 64-bit version of the update..
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
firefox bug/typo
The August 2017 version of the FF27 thats installed has a bug/typo in about:config and its an important one...
Change the "4" value in security.tls.version.max to a "3" w/o quotes. It appears that the 4 value DOES NOT imply TLS1.3, but rather recycles to a ZERO setting allowing TLS 1.0 (not secure). And it appears in Edit --> Preferences I left the popup blocker on... thats a nuissance here, and elsewhere when internally re-directing to another page.
Regards
8Geee
Change the "4" value in security.tls.version.max to a "3" w/o quotes. It appears that the 4 value DOES NOT imply TLS1.3, but rather recycles to a ZERO setting allowing TLS 1.0 (not secure). And it appears in Edit --> Preferences I left the popup blocker on... thats a nuissance here, and elsewhere when internally re-directing to another page.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
wpa_supplicant
A very important update for wi-fi users... Slackware has published the wpa_supplicant update to mitigate "KRACK" vunerabilities. Its about as mandatory as possible, since this is a global failure of wpa_supplicant.
Note that MENU --> Setup --> Updates from Slackware MUST show version 2.6
If it does not, goto MENU --> System --> Puppy Package Manager and click on the crossed wrench
Make sure only these boxes are checked
puppy-slacko-official
Slackware-14.0-official
Slackware-14.0-patches
Option: Slackware-14.0-salix (European)
When set close both the Wrench window and PPM window.
Reopen the PPM and the wrench window and click on UPDATE NOW
Press enter for all options
When done: close both windows
Now you will have the latest updates available from Uncle Slacky, and can D/L the patch for wpa_supplicant.
I recommend keeping the usr/doc files for this update, and moving the ~/.packages file into the built_in folder.
Regards
8Geee
Note that MENU --> Setup --> Updates from Slackware MUST show version 2.6
If it does not, goto MENU --> System --> Puppy Package Manager and click on the crossed wrench
Make sure only these boxes are checked
puppy-slacko-official
Slackware-14.0-official
Slackware-14.0-patches
Option: Slackware-14.0-salix (European)
When set close both the Wrench window and PPM window.
Reopen the PPM and the wrench window and click on UPDATE NOW
Press enter for all options
When done: close both windows
Now you will have the latest updates available from Uncle Slacky, and can D/L the patch for wpa_supplicant.
I recommend keeping the usr/doc files for this update, and moving the ~/.packages file into the built_in folder.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
s57-2018A revision
Due to the severity off the WPA_supplicant issues, I haave updated the Slacko5.7-2018 version to an "A" revision. Please see 1st Post on 1st Page.
Regards
8Geee
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
curl updates
A reminder that curl and wget have just been patched.
curl --> 7.56-1
3/20/2018: the wget patch has been removed from this thread after discovering it is the cause of problems D/L patches from PPM and slackware
No symlinks are needed, and /usr/doc files can be removed.
The root/.packages files can be moved to built_in
Regards
8Geee
curl --> 7.56-1
3/20/2018: the wget patch has been removed from this thread after discovering it is the cause of problems D/L patches from PPM and slackware
No symlinks are needed, and /usr/doc files can be removed.
The root/.packages files can be moved to built_in
Regards
8Geee
Last edited by 8Geee on Tue 20 Mar 2018, 04:01, edited 1 time in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
Openssl 1.0.2m update
Slackware has made available an openssl patch from 1.0.2k --> 1.0.2m today. Thiss update proceeds differently than all others due to the 1.0.2 version.
Go to slackware.com --> Security Advisories --> 2017
At or near top of list is the "openssl" update link, click on that.
There are TWO files to D/L, first is the "solibs". It may be underneath the main file.
Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay
When done go back to previous tab and repeat these steps for the "openssl" itself.
When done with both D/L's close the browser and disconnect from internet.
There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in and delete the 1.0.2K files.
At this point, a shutdown and reboot can be done, then connect to internet again.
Regards
8Geee
Go to slackware.com --> Security Advisories --> 2017
At or near top of list is the "openssl" update link, click on that.
There are TWO files to D/L, first is the "solibs". It may be underneath the main file.
Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay
When done go back to previous tab and repeat these steps for the "openssl" itself.
When done with both D/L's close the browser and disconnect from internet.
There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in and delete the 1.0.2K files.
At this point, a shutdown and reboot can be done, then connect to internet again.
Regards
8Geee
Last edited by 8Geee on Thu 30 Nov 2017, 01:08, edited 1 time in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
Curl 7.57 Xfont 1.4.7 and Xcursor 1.15
Two updates were provided today from slackware.
Curl 7.57 is newest curl patch available. This fixes improper wildcard use, and SSL reads 'out of bounds'. No symlinks are needed, and the package text file can be moved to built_in folder. DOC files may be discarded, though users of curl-ftp should review them.
LibXcursor has not been updated in slacko5.7 since inception. At this time there is need to correct improper sizing of requests for 32-bit systems. Again, no need for symlinks, and DOC files can be reviewed/tossed. Move the /~.package file to built_in.
EDIT*** libXfont did not appear in the Slackware update in MENU... yet libXfont does exist. Go to Slackware.com --> Security Advisories --> 2017. It is near the top. See the "openssl 1.0.2m" update posting just above for parallel instructions to install.
Regards
8Geee
Curl 7.57 is newest curl patch available. This fixes improper wildcard use, and SSL reads 'out of bounds'. No symlinks are needed, and the package text file can be moved to built_in folder. DOC files may be discarded, though users of curl-ftp should review them.
LibXcursor has not been updated in slacko5.7 since inception. At this time there is need to correct improper sizing of requests for 32-bit systems. Again, no need for symlinks, and DOC files can be reviewed/tossed. Move the /~.package file to built_in.
EDIT*** libXfont did not appear in the Slackware update in MENU... yet libXfont does exist. Go to Slackware.com --> Security Advisories --> 2017. It is near the top. See the "openssl 1.0.2m" update posting just above for parallel instructions to install.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
openssl 1.0.2n
Theres a new update to Openssl from 1.0.2m --> n.
The proceedure for install:
Go to slackware.com --> Security Advisories --> 2017
At or near top of list is the "openssl" update link, click on that.
There are TWO files to D/L, first is the "solibs". It may be underneath the main file.
Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay
When done go back to previous tab and repeat these steps for the "openssl" itself.
When done with both D/L's close the browser and disconnect from internet.
There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in.
Regards
8Geee
The proceedure for install:
Go to slackware.com --> Security Advisories --> 2017
At or near top of list is the "openssl" update link, click on that.
There are TWO files to D/L, first is the "solibs". It may be underneath the main file.
Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay
When done go back to previous tab and repeat these steps for the "openssl" itself.
When done with both D/L's close the browser and disconnect from internet.
There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
Hi, I'm using this puplet with my old Hp Pavilion and it works great!
I noticed that it has an auto shutdown feature, if I leave the PC alone for a short period of time, maybe 20 - 30 minutes, then come back I find it shutted down. Even if I'm watching a film, and I use the keyboard to pause and resume it, but no mouse movement is done, after 20 to 30 minutes the 'first shutdown message' appears top layer, over the mplayer window. I have to close the shutdown window to stop it.
Is it possible to disable this feature, or to change the default shutdown timing to a longer interval?
I thought the /usr/local/pup_event/pup_event_frontend_d process was involved, but I killed it and the auto shutdown feature is still present.
Thank you in advance for ideas...
I noticed that it has an auto shutdown feature, if I leave the PC alone for a short period of time, maybe 20 - 30 minutes, then come back I find it shutted down. Even if I'm watching a film, and I use the keyboard to pause and resume it, but no mouse movement is done, after 20 to 30 minutes the 'first shutdown message' appears top layer, over the mplayer window. I have to close the shutdown window to stop it.
Is it possible to disable this feature, or to change the default shutdown timing to a longer interval?
I thought the /usr/local/pup_event/pup_event_frontend_d process was involved, but I killed it and the auto shutdown feature is still present.
Thank you in advance for ideas...
Recently, I had a chance to review some of the Firefox problems recently encountered. Two problems stand out, and are sometimes used together.
The first is 'workers' that fetch data among other things. These have historically been a nuisance, but with the recent Meltdown/Spectre problems, their usefullness has ended on these older builds like FF27.
The second is 'indexed DB (database)', Again, its been a nuisance that is now in need of an off button.
So, about:config needs a few changes.
Disconnect from internet and open FF27.
In the address bar type about:config and be careful.
In the search bar type worker
Four entries will appear in FF27,
'FALSE' three of them, and change the numeric entry to 1.
OK, in the search bar type index
There will be numerous entries, but two of them are important right now...
dom.indexedDB.enabled
dom.indexedDB.experimental
Both of these two must be set to false (experimental 'should be' false by default)
Now that these are done, close the browser, wait 5-10 seconds and Goto MENU --> Shutdown --> Restart Graphical Server and click. (This step prevents a hang on normal re-starts of the browser).
Other things related to Meltdown/Spectre usually involve autocomplete, or autofill (because they involve caching predicted data). I have already (for a long time) mitigated these in about:config. Consider resetting them to false if you have enabled these 'conveniences'.
At this point, reconnect to internet as usual.
Regards
8Geee
The first is 'workers' that fetch data among other things. These have historically been a nuisance, but with the recent Meltdown/Spectre problems, their usefullness has ended on these older builds like FF27.
The second is 'indexed DB (database)', Again, its been a nuisance that is now in need of an off button.
So, about:config needs a few changes.
Disconnect from internet and open FF27.
In the address bar type about:config and be careful.
In the search bar type worker
Four entries will appear in FF27,
'FALSE' three of them, and change the numeric entry to 1.
OK, in the search bar type index
There will be numerous entries, but two of them are important right now...
dom.indexedDB.enabled
dom.indexedDB.experimental
Both of these two must be set to false (experimental 'should be' false by default)
Now that these are done, close the browser, wait 5-10 seconds and Goto MENU --> Shutdown --> Restart Graphical Server and click. (This step prevents a hang on normal re-starts of the browser).
Other things related to Meltdown/Spectre usually involve autocomplete, or autofill (because they involve caching predicted data). I have already (for a long time) mitigated these in about:config. Consider resetting them to false if you have enabled these 'conveniences'.
At this point, reconnect to internet as usual.
Regards
8Geee
Last edited by 8Geee on Thu 25 Jan 2018, 05:58, edited 1 time in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
CURL update 7.58
Curl and Slackware have posted an update for curl -->7.58
Users of curl may wish to read this announcement for a better understanding of the redirection ploy.
The patch is located at slackware.com or in MENU --> Setup --> Slackware Updates
There are no symlinks needed, and usr/DOCS/curl can be removed if not needed. Also, /root/.packages should have the new 7.58 version moved to builtin files with the older file removed.
Regards
8Geee
Users of curl may wish to read this announcement for a better understanding of the redirection ploy.
The patch is located at slackware.com or in MENU --> Setup --> Slackware Updates
There are no symlinks needed, and usr/DOCS/curl can be removed if not needed. Also, /root/.packages should have the new 7.58 version moved to builtin files with the older file removed.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
-
- Posts: 1543
- Joined: Mon 22 Feb 2016, 19:43