X-Slacko-4.4 with Xfce

[rg66]

Picked up a small problem with X slacko full install on a HP Elitebook 8440p
with i5 and 2GB RAM.

Every now and again, it will not shutdown.
It drops down to the cli then just sits there with the log in screen.
Tried going back into X then shutting down, does the same thing.
Typing "shutdown" in the cli does nothing even though the command is accepted.

Any pointers, suggestions?

Sorry for the long delay in replying. Type wmpoweroff in console to see error messages. If none, open /usr/bin/wmexit in editor and add -x to top line so it looks like #!/bin/sh -x and try wmpoweroff from terminal again to see if there are errors.

[rg66]

Hi @rg66 I tried to apply Redmond-Delta theme on xfce appearance of X-slacko 4.2. But it does not work. The appearance return to fallback. But the its window manager theme works. This theme works fine on x-slacko 4.1. Can you help me to fix this problem?

Redmond-Delta Theme: http://www.murga-linux.com/puppy/viewto ... h&id=98485

You probably need to install gtk-engines-1.0.pet.

http://smokey01.com/rg66/X-common-packa ... es-1.0.pet

Edit: If that doesn't work then try gtk-engines-2.20.2-i486-1gv.txz from ppm.

[mistfire]

@rg66 thank you Redmond-Delta theme is now working. By the way how to change the name/username that appears on whiskermenu. I want to change X-Slacko 4.2 on whiskermenu to FOO

[Geoffrey]

@rg66 thank you Redmond-Delta theme is now working. By the way how to change the name/username that appears on whiskermenu. I want to change X-Slacko 4.2 on whiskermenu to FOO

You will need to either recompile it or use a hex editor, the name is hard coded.

Hex editor is the easiest way, though you will be limited to the same number of characters, at a glance it looks to be 13 characters.

[mistfire]

@rg66 thank you Redmond-Delta theme is now working. By the way how to change the name/username that appears on whiskermenu. I want to change X-Slacko 4.2 on whiskermenu to FOO

You will need to either recompile it or use a hex editor, the name is hard coded.

Hex editor is the easiest way, though you will be limited to the same number of characters, at a glance it looks to be 13 characters.

@Geoffrey and @rg66 can you modify the source code to non-hard coded name by reading on a text file and recompile into package?

[Pete]

Sorry for the long delay in replying. Type wmpoweroff in console to see error messages. If none, open /usr/bin/wmexit in editor and add -x to top line so it looks like #!/bin/sh -x and try wmpoweroff from terminal again to see if there are errors.

Hi rg66

Thanks will give it a go and report back.
Only problem is that it only happens now and again (seems to be random), but at least I now know what to try.

Thanks.

[rg66]

@Geoffrey and @rg66 can you modify the source code to non-hard coded name by reading on a text file and recompile into package?

I don't think that's possible.

[Geoffrey]

@Geoffrey and @rg66 can you modify the source code to non-hard coded name by reading on a text file and recompile into package?

I don't think that's possible.

It maybe, I'm looking into it, just need to learn how to program glib stuff, might take my a while though as I have a short attention span these day's.

mistfire this is the code in the window.cpp that needs to change to be able to read from a text file.

Code: Select all

// Create the username label
	const gchar* name = g_get_real_name();
	if (g_strcmp0(name, "Unknown") == 0)
	{
		name = g_get_user_name();
	}
	gchar* username = g_markup_printf_escaped("<b><big>%s</big></b>", name);
	m_username = GTK_LABEL(gtk_label_new(NULL));
	gtk_label_set_markup(m_username, username);
	gtk_misc_set_alignment(GTK_MISC(m_username), 0.0f, 0.5f);
	g_free(username);

I'm thinking along the lines of

Code: Select all

name = g_key_file_get_string(keyfile,"??????","??????",NULL);

will be whats needed, or I'm barking up the wrong tree.

[rg66]

@Geoffrey and @rg66 can you modify the source code to non-hard coded name by reading on a text file and recompile into package?

I don't think that's possible.

It maybe, I'm looking into it, just need to learn how to program glib stuff, might take my a while though as I have a short attention span these day's.

mistfire this is the code in the window.cpp that needs to change to be able to read from a text file.

Code: Select all

// Create the username label
	const gchar* name = g_get_real_name();
	if (g_strcmp0(name, "Unknown") == 0)
	{
		name = g_get_user_name();
	}
	gchar* username = g_markup_printf_escaped("<b><big>%s</big></b>", name);
	m_username = GTK_LABEL(gtk_label_new(NULL));
	gtk_label_set_markup(m_username, username);
	gtk_misc_set_alignment(GTK_MISC(m_username), 0.0f, 0.5f);
	g_free(username);

I'm thinking along the lines of

Code: Select all

name = g_key_file_get_string(keyfile,"??????","??????",NULL);

will be whats needed, or I'm barking up the wrong tree.

Geoffrey, I'm sure we discussed this some time ago and decided we couldn't do it. Hopefully I'm wrong and you figure it out, it would be a lot easier than compiling every time.

[Geoffrey]

Geoffrey, I'm sure we discussed this some time ago and decided we couldn't do it. Hopefully I'm wrong and you figure it out, it would be a lot easier than compiling every time.

Yeah, I thought I'd have a dig around, it has to be possible, just a new learning curve for me, If I can find some examples then I should be able to figure it out.

Yes, changing the name would be easier than recompiling all the time if it were simply read from file.

This guy got it wrong, but the guts of it may be whats needed http://stackoverflow.com/questions/1744 ... using-glib

g_key_file_get_string may be the answer.

[belham2]

Hi rg66n & everyone,

Have a question: I just booted up my X-Slacko-4.2 with XFCE, and noticed the openssl was still running openssl-1.0.1t.

So I opened Puppy Package Manager, updated, repos, and Slacko (14.1) had the openssl-1.0.1u patches. I installed them.

But I noticed the repository (14.1) doesn't have the latest openssl update from ~ 3 weeks ago, the openssl-1.0.1v. I went to the openssl website (been doing this alot recently, trying to get my & my family's pups up-to-date and secure), and this is what it says, among other things:

"Downloads

Our development is maintained in a git repository, which is accessible over the network and cloned on GitHub, at https://github.com/openssl/openssl. Please familiarize yourself with the license.

The table below lists the latest releases for every branch. (For an explanation of the numbering, see our release strategy.) All releases can be found at /source/old. A list of mirror sites can be found here.

Note: The latest stable version is the 1.1.0 series of releases. Also available is the 1.0.2 series. This is also our Long Term Support (LTS) version (support will be provided until 31st December 2019). The 1.0.1 version is currently only receiving security bug fixes and all support will be discontinued for this version on 31st December 2016. The 0.9.8 and 1.0.0 versions are now out of support and should not be used....."


Um, what are we users supposed to do? I assume (at least I was told today by peebee and sailor in another post) that up-to-date openssl's are in the slacko 14.2 repo, but I guess not here in the 14.1 repo. Do i have to delete my X-slacko XFCE install and wait for a new, updated ISO?? I know I can try to compile the openssl myself and install it, but my experiments (with other pup's, like peebee's xenial stuff and barry's quirky 8.0) at compiling over the last few days have been hit or miss.

Can I have some advice about this?? Rg66? Or, maybe, Geoffrey----any chance you could do an openssl-1.0.1v compile & upload?? (I hate asking you 'cause you already do so freaking much for Carolina-related things )

I just know openssl stuff is nothing to fool around with, especially with family members zooming all over the web, chatting, uploading, downloading, and into heavens-knows-what websites.....I figure it is wise to at least keep openssl (and the browsers) up-to-date.

I'm just not sure where to turn on the Murga forums anymore as no one, not even builders (except a few like Slavvo and Watchdog), seem to be keeping up-to-date with this very important component. They just say "check the repo!", and of it isn't there, you're out of luck, sucka !

[mistfire]

@rg66 here is the modified whisker-menu source code. It reads the username from file. This source code failed to compile on x-slacko 4.2. Can you please compile it and debug it?

Thank you

[Geoffrey]

@rg66 here is the modified whisker-menu source code. It reads the username from file. This source code failed to compile on x-slacko 4.2. Can you please compile it and debug it?

Thank you

I'm none the wiser, need help with this one.

[rufwoof]

Hi rg66n & everyone,

Have a question: I just booted up my X-Slacko-4.2 with XFCE, and noticed the openssl was still running openssl-1.0.1t.

So I opened Puppy Package Manager, updated, repos, and Slacko (14.1) had the openssl-1.0.1u patches. I installed them.

But I noticed the repository (14.1) doesn't have the latest openssl update from ~ 3 weeks ago, the openssl-1.0.1v. I went to the openssl website (been doing this alot recently, trying to get my & my family's pups up-to-date and secure), and this is what it says, among other things:

"Downloads

Our development is maintained in a git repository, which is accessible over the network and cloned on GitHub, at https://github.com/openssl/openssl. Please familiarize yourself with the license.

The table below lists the latest releases for every branch. (For an explanation of the numbering, see our release strategy.) All releases can be found at /source/old. A list of mirror sites can be found here.

Note: The latest stable version is the 1.1.0 series of releases. Also available is the 1.0.2 series. This is also our Long Term Support (LTS) version (support will be provided until 31st December 2019). The 1.0.1 version is currently only receiving security bug fixes and all support will be discontinued for this version on 31st December 2016. The 0.9.8 and 1.0.0 versions are now out of support and should not be used....."


Um, what are we users supposed to do? I assume (at least I was told today by peebee and sailor in another post) that up-to-date openssl's are in the slacko 14.2 repo, but I guess not here in the 14.1 repo. Do i have to delete my X-slacko XFCE install and wait for a new, updated ISO?? I know I can try to compile the openssl myself and install it, but my experiments (with other pup's, like peebee's xenial stuff and barry's quirky 8.0) at compiling over the last few days have been hit or miss.

Can I have some advice about this?? Rg66? Or, maybe, Geoffrey----any chance you could do an openssl-1.0.1v compile & upload?? (I hate asking you 'cause you already do so freaking much for Carolina-related things )

I just know openssl stuff is nothing to fool around with, especially with family members zooming all over the web, chatting, uploading, downloading, and into heavens-knows-what websites.....I figure it is wise to at least keep openssl (and the browsers) up-to-date.

I'm just not sure where to turn on the Murga forums anymore as no one, not even builders (except a few like Slavvo and Watchdog), seem to be keeping up-to-date with this very important component. They just say "check the repo!", and of it isn't there, you're out of luck, sucka !

I'm running Debian Stable with the security repository included in the updates set and currently that's running with openssl 1.0.1t

# openssl version
OpenSSL 1.0.1t 3 May 2016

Synaptic shows update 5 (1.0.1t-1+deb8u5) and a (first part of) changelog of

Code: Select all

openssl (1.0.1t-1+deb8u5) jessie-security; urgency=medium

  * The patch for CVE-2016-2182 was missing a fix.  (Closes: #838652, #838659)

 -- Kurt Roeckx <kurt@roeckx.be>  Fri, 23 Sep 2016 19:48:42 +0200

openssl (1.0.1t-1+deb8u4) jessie-security; urgency=medium

  * Fix CVE-2016-2177
  * Fix CVE-2016-2178
  * Fix CVE-2016-2179
  * Fix CVE-2016-2180
  * Fix CVE-2016-2181
  * Fix CVE-2016-2182
  * Fix CVE-2016-2183
  * Fix CVE-2016-6302
  * Fix CVE-2016-6303
  * Fix CVE-2016-6304
  * Fix CVE-2016-6306

 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 21 Sep 2016 21:58:48 +0200

openssl (1.0.1t-1+deb8u3) jessie; urgency=medium

  [ Kurt Roeckx ]
  * Fix length check for CRLs. (Closes: #826552)

Looks to me that 1.0.1t has been updated to account for the security issues that affected the prior version. Version 1.0.1u is only required in certain cases. From the openssl maintainers recent fixes only applied to 1.1.0a ... etc. https://www.openssl.org/news/vulnerabilities.html

So running with a 1.0.1t looks as though that may be acceptable and updated to latest patches, depending upon the version that was previously being used/run, and according to what other programs may be installed (as I recall, when update 5 was installed a couple of weeks back there were a few other updated programs that came with that (that appeared to be related from what I briefly saw, but didn't take a great deal of interest/notice of)).

One of the main reasons I switched from pup to deb (frugally booted) is because of the easy eradication of updates/security patch concerns. apt-get update (to update the local repository), apt-get upgrade (to apply updates) ... and you're done. And running with the top of the tree (Debian in my case) best ensures whatever they're updating for the current stable/official version is most likely (very) ok. The downside being more (for me relatively inexpensive) disk space being used (full documentation set, full locale for 100's of locales ...etc).

[belham2]

Hi rg66n & everyone,

Have a question: I just booted up my X-Slacko-4.2 with XFCE, and noticed the openssl was still running openssl-1.0.1t.

So I opened Puppy Package Manager, updated, repos, and Slacko (14.1) had the openssl-1.0.1u patches. I installed them.

But I noticed the repository (14.1) doesn't have the latest openssl update from ~ 3 weeks ago, the openssl-1.0.1v. I went to the openssl website (been doing this alot recently, trying to get my & my family's pups up-to-date and secure), and this is what it says, among other things:

"Downloads

Our development is maintained in a git repository, which is accessible over the network and cloned on GitHub, at https://github.com/openssl/openssl. Please familiarize yourself with the license.

The table below lists the latest releases for every branch. (For an explanation of the numbering, see our release strategy.) All releases can be found at /source/old. A list of mirror sites can be found here.

Note: The latest stable version is the 1.1.0 series of releases. Also available is the 1.0.2 series. This is also our Long Term Support (LTS) version (support will be provided until 31st December 2019). The 1.0.1 version is currently only receiving security bug fixes and all support will be discontinued for this version on 31st December 2016. The 0.9.8 and 1.0.0 versions are now out of support and should not be used....."


Um, what are we users supposed to do? I assume (at least I was told today by peebee and sailor in another post) that up-to-date openssl's are in the slacko 14.2 repo, but I guess not here in the 14.1 repo. Do i have to delete my X-slacko XFCE install and wait for a new, updated ISO?? I know I can try to compile the openssl myself and install it, but my experiments (with other pup's, like peebee's xenial stuff and barry's quirky 8.0) at compiling over the last few days have been hit or miss.

Can I have some advice about this?? Rg66? Or, maybe, Geoffrey----any chance you could do an openssl-1.0.1v compile & upload?? (I hate asking you 'cause you already do so freaking much for Carolina-related things )

I just know openssl stuff is nothing to fool around with, especially with family members zooming all over the web, chatting, uploading, downloading, and into heavens-knows-what websites.....I figure it is wise to at least keep openssl (and the browsers) up-to-date.

I'm just not sure where to turn on the Murga forums anymore as no one, not even builders (except a few like Slavvo and Watchdog), seem to be keeping up-to-date with this very important component. They just say "check the repo!", and of it isn't there, you're out of luck, sucka !

I'm running Debian Stable with the security repository included in the updates set and currently that's running with openssl 1.0.1t

# openssl version
OpenSSL 1.0.1t 3 May 2016

Synaptic shows update 5 (1.0.1t-1+deb8u5) and a (first part of) changelog of

Code: Select all

openssl (1.0.1t-1+deb8u5) jessie-security; urgency=medium

  * The patch for CVE-2016-2182 was missing a fix.  (Closes: #838652, #838659)

 -- Kurt Roeckx <kurt@roeckx.be>  Fri, 23 Sep 2016 19:48:42 +0200

openssl (1.0.1t-1+deb8u4) jessie-security; urgency=medium

  * Fix CVE-2016-2177
  * Fix CVE-2016-2178
  * Fix CVE-2016-2179
  * Fix CVE-2016-2180
  * Fix CVE-2016-2181
  * Fix CVE-2016-2182
  * Fix CVE-2016-2183
  * Fix CVE-2016-6302
  * Fix CVE-2016-6303
  * Fix CVE-2016-6304
  * Fix CVE-2016-6306

 -- Kurt Roeckx <kurt@roeckx.be>  Wed, 21 Sep 2016 21:58:48 +0200

openssl (1.0.1t-1+deb8u3) jessie; urgency=medium

  [ Kurt Roeckx ]
  * Fix length check for CRLs. (Closes: #826552)

Looks to me that 1.0.1t has been updated to account for the security issues that affected the prior version. Version 1.0.1u is only required in certain cases. From the openssl maintainers recent fixes only applied to 1.1.0a ... etc. https://www.openssl.org/news/vulnerabilities.html

So running with a 1.0.1t looks as though that may be acceptable and updated to latest patches, depending upon the version that was previously being used/run, and according to what other programs may be installed (as I recall, when update 5 was installed a couple of weeks back there were a few other updated programs that came with that (that appeared to be related from what I briefly saw, but didn't take a great deal of interest/notice of)).

One of the main reasons I switched from pup to deb (frugally booted) is because of the easy eradication of updates/security patch concerns. apt-get update (to update the local repository), apt-get upgrade (to apply updates) ... and you're done. And running with the top of the tree (Debian in my case) best ensures whatever they're updating for the current stable/official version is most likely (very) ok. The downside being more (for me relatively inexpensive) disk space being used (full documentation set, full locale for 100's of locales ...etc).

Hi rufwoof,

Debian-based builds are a totally different thing----I don't even consider them in the same conversation with all other pup & pup-related builds when it comes to maintenance & ease of critical updates (as I have posted before & again posted in Fred's threads).

What is hard to understand is all the other pups. Builders, who do a fantastic job, intimate (when these questions are brought up, like I am doing now) intimate and/or tell everyone to "go look what is in the respository...and if it's not there, you're SOL unless you want to compile it yourself". Too many builds I have seen (and personall used/tried) just shrug this stuff off, then all of a sudden you see some posters (concerned since openssl stuff is nothing to ever ignore) jump to life, like slavvo, like watchdog, like 8geee, rushing to get the openssl update (plus the GLIBC if it is necessary) patches out. You don't ever see this from other builders. There's never even a notification in their threads unless people like me start clamoring about it.

Understand I am not trying to be negative to the builders/maintainers. They do an incredible job and we'd have no pups in the first place without them. But that said, not everyone (like you and me, rufwoof) will download, say, a debian-live standard, and build our own system going forward from there---and never, ever have to worry about this security stuff. But since that isn't the case, I believe there needs to be some kind of thread warning system on murga by builders, warning people who come to builder's threads about critical security updates. Maybe put a large, colored alert notice in the first thread of that build, talking about the critical updates that the user should stay on top of if the builder can't do it, or of they can, this is what you do. Anybody remember the "bugfix" in Pup Tahr 6.0.5-----that was awesome!! Why can't that be continued and push throughout all large puppy & pup-related builds??

Instead, what you find on murga, is that many builders/ maintainers pass this responsibility off by saying it is the responsibility of both the user and--this is what kills me--it is the responsiblity of "the repo". Christ, repos do not have responsibilities. And users? Here we are wanting to attract new users to puppy's overall and this is what is occurring?

I know I am going to be hated and reviled for bringing this up, but I believe builders (especially the big ones on murga here) should follow the examples of other smaller ones (again, 8Geee, Slavvo and even Fred) that do this. I started a thread in the "Security" section some weeks back, and you can tell which builders who care (the ones who responded) and which who don't (the ones who didn't and still don't).

Anyway, rg66's Xslacko-XFCE build is great, and I was just posting here in hopes we could figure out what to do as the latest patch is the "v" version, but the slacko 14.1 repository only has the "u". So, I was asking whether we should just wait for a new ISO from rg66 (if he is doing one), or is it possible he can get an update out for this. After all, any and all openssl versions relying on "1.0.1" will be officially ended as end of this december. This is going to affect about, in my estimation, ~80% (possibly higher) of the pups in existence today.

To wit, asking peebee about getting the latest openssl in LXPupXenial32 yesterday, he answered with the "repo" response. Well, unless I am mistaken, it is impossible to update his Xenial builds UNLESS you pull down the updated openssl (and/or patch), re-compile it yourself, and install it. The Puppy Package Manager in LxPupXenial32, even with Xenial respositories checked, would not show the last two latest revisions of openssl as being offered (even with ubuntu's crazy way in how they update an existing openssl build, they actually do denote what that re-built build date is: but in PPM, as of today, that build date is two removed from the lastest).

How is that being secure? And how are users supposed to be aware??

There is so much time spent on compiling other things in the Murga puppy distros, even things to help arcane issues, yet when it comes to this security stuff that affects every user (especially security stuff like openssl and GLIBC----which I know, for GLIBC, is a b!tch to re-compile correctly, updating it without the update destroying a pup's current workings)....I just think something needs to change on murga.

Security has taken a back seat, and the attitude that seems to be intimated towards users is: "well, as a user, if you can't stay on top of it yourself, then you shouldn't be using a pup..."

Like I said, I will be hated for bringing this up. But somebody has to...otherwise pup's will never expand into the great, wild known yonder of those multitudes of users who need a bit of help. I'm not asking for the world here, just asking that any pup builder/maintainer stay on top of the critical system updates for their users. And openssl should one of the ones at the very, very top. Unless, of course, if, no user of any pup distro ever uses it for browsing the Internet... which in that case (or alternative world), since every pup user is a builder/coder/etc with no need for the Web, then there's zippo use to keep anything like openssl & other critical web-facing components up to date.

[Sage]

What an interesting blast. It's clear what this fellow wants. What is he prepared to pay for it all?! Perhaps if he doesn't have the ability (like me) he should post some very polite & brief enquiries, possibly PMs? And learn patience? Or send a cq for a couple of $m to Redmond? No, make that $bn...

[Sailor Enceladus]

@belham2: I think openssl v1.0.1u is currently the newest in that branch, and Menu -> Setup -> Updates Manager in Slacko is up to date. v1.0.1v sounds like an unofficial version, or a virus maybe? It's not 2017 yet so no use making future claims about security. When Firefox 38esr support ended, Slackware 14.1 switched to Firefox 45esr, they might do the same with v1.0.1 to v1.0.2 when needed, probably depends on how many things it breaks. By then maybe Slacko 7 (14.2) will be stable anyway.

You can help test and debug Slacko 7 Beta here right now: http://www.murga-linux.com/puppy/viewtopic.php?t=108017

[belham2]

@belham2: I think openssl v1.0.1u is currently the newest in that branch, and Menu -> Setup -> Updates Manager in Slacko is up to date. v1.0.1v sounds like an unofficial version, or a virus maybe? It's not 2017 yet so no use making future claims about security. When Firefox 38esr support ended, Slackware 14.1 switched to Firefox 45esr, they might do the same with v1.0.1 to v1.0.2 when needed, probably depends on how many things it breaks. By then maybe Slacko 7 (14.2) will be stable anyway.

You can help test and debug Slacko 7 Beta here right now: http://www.murga-linux.com/puppy/viewtopic.php?t=108017

Sailor,

As I had mentioned in my answer to Peebee, I am solving the problem of trying to stay on top of critical updates (on my end) by forcing myself & everyone in the family to move onto his Slacko-versions...for the very reason Peebee noted to me in his thread. All last night and today, I stuck Peebee's/Micko's LxPupSC Slacko 16.101R on the rest of the family's usb sticks they grab (setting up Firefox's correctly, especially in about:config, taking stuff out, and adding other things particular to that family member). That way, I have a better chance of knowing there stuff is up-to-date with the Slacko 14.2 repo enabled.

The 2nd way I--for my own personal use--- am handling this is by sticking with the fantastic DebianDog/XenialDog pups from Fred (and Toni) & also the Barry/Slavvo's Quirky 8.0 stuff (Slavvo compiles the lastest security updates and uploads them quickly, from what I've seen). Speaking of the DebianDog/XenialDogs, the gobsmacking easiness of being able to open Synpatic Package Manager, type in any update you're looking for, click and have it hit instantly, downloading & installing, is just wunderbar. It's like having full distros Debian-Jessie-8.5/Fedora-24, which I have used and still use for certain critical things, in a bottle


The other pup distros I have (I've an SSD with 28 partitions, all loaded with various pups and big distros that I like to look at & test), well, they will get used (and further tested), but for now the use (for at least the other pups) will be nowhere near like the secure pups above that I mentioned. Among those, I do have a fondness for rg66's creations, as he always creates a nice distro (too many small touches to point out)....thus why I was posting here in the first place wondering what we users of X-Slacko-4.2XFCE should do since the 14.1 vs 14.2 slacko repo thing is already happening

[8Geee]

There are certain bug-fixes that only apply to openssl 1.0.2 versions. The most current authorized openssl 1.0.1 version is U. For 1.0.2 it is J. Recently only openssl 1.0.2I got updated because of an error during migration from H --> I... The J version fixes the error not found in 1.0.1 versions.

Carry On
8Geee

[rg66]

I tried to compile openssl-1.0.1u but end up without the libs, not sure what I'm doing wrong. 1.0.1u is in the slackware patches repo, you can dl through PPM.