The officially official Devuan Forum!

You are not logged in.

#176 Re: Off-topic » DSA-4371-1 apt -- security update » 2019-01-24 07:34:54

golinux wrote:

Yes, it was confusing and I chewed on it for quite some time myself.  I think he recommended pkgmaster because it is the source for all the other pkg mirrors would eliminate exposure to the many mirrors in the round robin.

OK, i switched my sources.list from deb.devuan.org to pkgmaster.devuan.org i did an apt-get update, I've taken all the possible updates. So, i'll keep eyes open in the APT matter on following.

golinux, thank you for your clarification / suggestions.

BR,
Nili

#177 Re: Off-topic » DSA-4371-1 apt -- security update » 2019-01-24 06:38:32

Hello golinux, thanks for pointing the link out. I read it carefully, but I'm a bit unclear.
Please let me start by explaining my information a bit.

I'm on Devuan 1 (jessie) 32bit

Current apt status:

#! nili ~ $ apt-cache policy apt
apt:
  Installed: 1.0.9.8.5
  Candidate: 1.0.9.8.5
  Version table:
 *** 1.0.9.8.5 0
        500 http://deb.devuan.org/merged/ jessie-security/main i386 Packages
        100 /var/lib/dpkg/status
     1.0.9.8.4 0
        500 http://deb.devuan.org/merged/ jessie/main i386 Packages

according to CVE-2019-3462 is noted for "jessie-security" have been patched/fixed

Source Package    Release              Version      Status
apt (PTS)         jessie (security)    1.0.9.8.5    fixed

My sources.list:

deb http://deb.devuan.org/merged jessie main contrib non-free

deb http://deb.devuan.org/merged jessie-updates main contrib non-free

deb http://deb.devuan.org/merged jessie-security main contrib non-free

deb http://deb.devuan.org/merged jessie-backports main contrib non-free

it is said from KatolaZ

The safest way would actually be to manually download the deb packages of apt from the debian-security pool (more information available below), or to use pkgmaster.devuan.org in your sources.list to do the upgrade (pkgmaster.devuan.org is not a rough mirror...).

^This part is that I'm confused.

I've done APT successfully upgraded to version 1.0.9.8.5 2 via "deb http://deb.devuan.org/merged jessie-security"
Is it necessary for me to switch hosts to "pkgmaster.devuan.org" or make other manual interventions?

Forgive me for my lack of understanding on this part.

BR,
Nili

#178 Off-topic » DSA-4371-1 apt -- security update » 2019-01-23 14:45:17

Nili
Replies: 10

Hello! I just received an update for package "apt" on Devuan 1 (Jessie)

Start-Date: 2019-01-23  15:02:58
Commandline: apt-get upgrade
Upgrade: apt:i386 (1.0.9.8.4, 1.0.9.8.5), libudev1:i386 (215-17+deb8u8, 215-17+deb8u9), udev:i386 (215-17+deb8u8, 215-17+deb8u9), libapt-pkg4.12:i386 (1.0.9.8.4, 1.0.9.8.5), apt-utils:i386 (1.0.9.8.4, 1.0.9.8.5), libapt-inst1.5:i386 (1.0.9.8.4, 1.0.9.8.5), libjpeg62-turbo:i386 (1.3.1-12, 1.3.1-12+deb8u1)
End-Date: 2019-01-23  15:03:20

I usually look at DSA for specific packages to read more about the update.
For this APT update, Noticed that an intervention is required:

Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using:

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

I mean, Does it apply to us Devuan users as well?

I ask this question because doing those commands is associated by a notice, (located inside the above DSA link).

So far, I have not done any action except updating APT.
Any advice/info would clarify a bit more about this security advisory.

Thank you for your attention.
BR,
Nili

#179 Re: Off-topic » Show your desktop (rebooted) » 2018-12-27 12:00:17

31545049117_8218daa1f3.jpg
--wallpaper, somewhere from unsplash collection.
My last for this year, Happy Holidays everyone.

P.S. @Ogis1975 i like that Fluxbox thing. Have fun over BSD once again...

#180 Re: Devuan » Desktop Screenshot Contest! » 2018-10-28 15:39:50

^A bunch of good apps you got there, right topic is here.

i3 is very enjoyable WM for too many.

Help with other scrots that you are going to do.

Regards!

#181 Re: Off-topic » Show your desktop (rebooted) » 2018-10-21 14:09:50

siva wrote:

What app are you using for the topbar, and can you post/link to a config?  It looks great.

It's simple conky-std.

Posted on BL Forum. For conky i used:

-Font Iosevka (download)
-hddtemp
-lm-sensors

Thank you siva!

Edit: A few URxvt fake busy + minor color modifications.
31646240938_b61d8a4a02_n.jpg

#182 Re: Off-topic » Show your desktop (rebooted) » 2018-10-04 11:12:15

31218134718_9f167ec825_n.jpg
Devuan 1 (Jessie) | WM: Openbox

#183 Re: Off-topic » Show your desktop (rebooted) » 2018-07-20 17:40:19

zephyr wrote:

@ Nili: STAR and CROWZ both use the JWM setup similar to Manjaro, where the configuration files are in usr/.config/jwm.

Not sure if this was what you were describing as your attempt. smile

cheers

zephyr

@zephyr , please forgive me, just now i've caught your message. Yes, that's what i mean, if STAR/CROWZ have similar JWM configs it must be excellent for those that are looking for minimalistic stack WM also a nice view of JWM.

#185 Devuan » [SOLVED] (Devuan Jessie) libuuid-perl: no longer required » 2018-07-20 14:32:59

Nili
Replies: 0

Hello! Today I found that during the update process libuuid-perl wants to be removed.

#! nili ~ $ update
Hit http://pkgmaster.devuan.org jessie InRelease
Hit http://pkgmaster.devuan.org jessie-updates InRelease
Hit http://pkgmaster.devuan.org jessie-security InRelease
Hit http://pkgmaster.devuan.org jessie-backports InRelease
Hit http://pkgmaster.devuan.org jessie/main i386 Packages
Hit http://pkgmaster.devuan.org jessie-updates/main i386 Packages
Hit http://pkgmaster.devuan.org jessie-security/main i386 Packages
Hit http://pkgmaster.devuan.org jessie-backports/main i386 Packages
Ign http://pkgmaster.devuan.org jessie/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie/main Translation-en
Ign http://pkgmaster.devuan.org jessie-updates/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie-updates/main Translation-en
Ign http://pkgmaster.devuan.org jessie-security/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie-security/main Translation-en
Ign http://pkgmaster.devuan.org jessie-backports/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie-backports/main Translation-en
Reading package lists... Done
#! nili ~ $ upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... The following package was automatically installed and is no longer required:
  libuuid-perl
Use 'apt-get autoremove' to remove it.
Done
The following packages will be upgraded:
  linux-base
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 19.7 kB of archives.
After this operation, 46.1 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

This is my sources list:

deb http://pkgmaster.devuan.org/merged jessie main

deb http://pkgmaster.devuan.org/merged jessie-updates main

deb http://pkgmaster.devuan.org/merged jessie-security main

deb http://pkgmaster.devuan.org/merged jessie-backports main

First time I see such a thing on the stable, A few ago when actively when i used testing, I faced very often similar situations that came out as temporary bug.

Is it a bug that I just have to wait? OR let it go libuuid-perl? To me it seems not look like a simple package that i should let out. From Debian DSA there is no news for this.

Do someone know anything about this case?
Thank you!

System runs...:

Devuan GNU/Linux 1 (jessie)
Linux coeurlinux 3.16.0-4-686-pae #1 SMP Debian 3.16.51-3 (2017-12-13) i686 GNU/Linux

P.S. update/upgrade command shortened it as alias on .bashrc.

alias update="sudo apt-get update"
alias upgrade="sudo apt-get upgrade"

Edit: Found this SECURITY THREAD about this case.
I gave the update linux-base, removed libuuid-perl and installed again. Currently it seems quiet, i'll look at it later.

This thread is solved! Thank you for the attention.

Nili

#186 Re: Off-topic » Show your desktop (rebooted) » 2018-06-24 14:31:52

@Panopticon, Thanks mate smile Font is Iosevka (download) v1.14.3 is the newest.

Regards!

#187 Re: Off-topic » Show your desktop (rebooted) » 2018-06-23 17:24:50

Today i messed with JWM aswell, i was a bit overjoyed. I got something made, but I was not that happy at the end.

I wanted to do something similar to the JWM-Manjaro. Those Manjaro-Guru's are too cool with JWM smile

I'm not very familiar with this stack WM, i even forgotten Openbox config after a long time with tiles.
After wiping out JWM, back on Openbox

42067993775_c157025c0b_n.jpg

Heavy inspired by addy-dclxvi, i even use one of his Openbox theme, slightly modified for my needs.
Qogir Gtk Theme Really great GTK2/3 theme, based on Arc gtk by horst3180.

Rest: tint2, conky-std, compton & obmenu.

Congrat for your scrots big_smile

#188 Re: Devuan » Desktop Screenshot Contest! » 2018-06-23 17:05:15

Damn! i missed this thread, Congrats to the lucky ones smile

#189 Re: News & Announcements » Devuan 2.0 ASCII Stable » 2018-06-09 17:20:04

Congratulation and thanks for everything you have done.

#190 Re: News & Announcements » Devuan 2.0 ASCII Release Candidate » 2018-05-17 10:00:48

@ivanovnegro Hi mate, Welcome! Glad to have you here and thanks for sharing your first impressions smile

Enjoy and Best regards!

#191 Re: News & Announcements » Devuan 2.0 ASCII Release Candidate » 2018-05-10 15:16:38

Congratulation! Thank you for all the dedicated time and efforts!

#192 Re: Devuan Derivatives » [NEW]-FluXuan Linux-[RELEASE] » 2018-05-05 14:31:37

You're absolutely right wdq, Sorry for the noise mate, i was stupid talking general specific infos of my customs on your thread.
Edit: I just cleaned the wasted generated by me.

Congratulation on your OS!
Regards!

#193 Re: Other Issues » [SOLVED] DSA-4187-1 Security Update » 2018-05-03 11:09:47

Indeed i don't have "linux-image-686-pae" installed. I have installed right, got the update itself. Thanks smile

Yes, i use GRUB, but don't have multiple OS's installed.
I only have plain Jessie Devuan NETINS customized that listen fine on GRUB settings.

I consider solved my request regarding Kernel Security Update. Thanks GNUser for explained and suggested smile

#194 Re: Other Issues » [SOLVED] DSA-4187-1 Security Update » 2018-05-03 10:37:24

Thanks for asking GNUser!
Sure...

console-setup-linux 1.123
libselinux1:i386 2.3-2
linux-base 3.5
linux-image-3.16.0-4-686-pae 3.16.51-3
util-linux 2.26.2-6+devuan1
util-linux-locales 2.25.2-6

#195 Other Issues » [SOLVED] DSA-4187-1 Security Update » 2018-05-03 10:22:44

Nili
Replies: 4

Hello!

Debian released an Security Update for Linux Kernel Image on 01 May 2018

I believe we should taken it sometime later, today is the second day but i still see "0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded." on my console.

Debian said :

For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1

While i am still on :

Linux kernel 3.16.0-4-686-pae #1 SMP Debian 3.16.51-3 (2017-12-13) i686 GNU/Linux

This absence has any reason?

This is my sources list

deb http://pkgmaster.devuan.org/merged/ jessie main non-free contrib
deb-src http://pkgmaster.devuan.org/merged/ jessie main non-free contrib

# jessie-security, previously known as 'volatile'
deb http://pkgmaster.devuan.org/merged/ jessie-security main contrib non-free
deb-src http://pkgmaster.devuan.org/merged/ jessie-security main contrib non-free

# jessie-updates, previously known as 'volatile'
deb http://pkgmaster.devuan.org/merged/ jessie-updates main contrib non-free
deb-src http://pkgmaster.devuan.org/merged/ jessie-updates main contrib non-free

# Devuan repositories
deb http://packages.devuan.org/merged jessie main contrib non-free
deb-src http://packages.devuan.org/merged jessie main contrib non-free

Usually i have taken immediately the security updates it never lasted two days.
Thanks for your feedback.

Edited: cleared i686 from title

Nili

#196 Re: Off-topic » Devuan Ascii - NETINST ISO Size » 2018-02-19 09:00:11

Thanks for the explanation that i expected greenjeans.

Thought what they're for? fortunately not pulse, gtk3 or other undesirables imposed by force from Debian campus.
That's good for me.

Quite right when you say, not everything can be installed if we don't want. So we keep the weight under control.
Kernel 4.9 (stretch) can't have the same size as 3.16 (jessie) after so many years. So the size changes is understandable.

In fact, I had imagined a few possibility but I doubted, so I asked smile

I prefer to install the CLI WAY during installation (old method of advanced).
I never select anything on the tasksel. I use startx, window manager and other individual tools required to start and use.

Maybe it's time to look at Refracta-Snapshot to check what can i do with it. Thanks!
I will try to take a look for Devuan Ascii.

You've given me the answers and the suggestions i wanted to know.
Thank you for finding time for me.

All the best,
Regards!

Nili

#197 Off-topic » Devuan Ascii - NETINST ISO Size » 2018-02-17 14:52:11

Nili
Replies: 3

Forgive me for this question but I am obliged to do it to take out my curiosity

What have been changed or added that weight of NETINST ISO? has moved to 70MB more than Jessie? I have no problem with weight, but my concern is things that are inside. So, i want to know what's the difference of

Jessie-ISO

devuan_jessie_1.0.0_i386_NETINST.iso               24-May-2017 00:16    267M

to Ascii-ISO

devuan_ascii_2.0.0-beta_i386_NETINST.iso           13-Feb-2018 11:58    340M

What other support are added, Wayland, Vulkan, GTK3 with those 70MB?
Personally I would like a Devuan ISO 100MB where i can build it myself. 340MB is more heavy than LinuxBBQ, antiX or other minimal distro those two are almost completed distro.

antiX core is only 156.00 MB. NETINST Devuan is core too but 340MB?

If this trend is ever in growing, for me it is not as minimal as it is said. I have a doubt that a python 3 is added, because i remember when i tried Debian stretch month ago was set, maybe i am wrong on Devuan Ascii. No problem with python3 but we're on minimal ISO, if i want something enough to install myself. I think some packages are better to be forced set as rec instead of dep. Or, maybe it's the Debian way to blame for the fat ISO on each release.

You are doing wonderful works preventing many unrighteous things, i am glad to use Devuan Jessie.
A lighter ISO it would be fantastic and ideal.

Thank you!
Best regards!

Nili

#198 Re: DIY » Tips for using Palemoon » 2018-01-27 17:41:30

Panopticon wrote:

I use steve blacks hosts file as well, fantastic resource. Ive not heard of yhonay adblocks hosts, will have to check that out.

I also use a customized user.js and ublockO.

There was a good conversation @StevenBlack/hosts for this host.
Also updated frequently. I was there and caught it. Since then, i regularly use them smile

Of course they do not have the ability to block host on real time like proper ad-block with menu (right/left-click "block it!"),
But we can do pretty much blockages manually @hosts with IP aswell. Also this technique i find lighter for my browser or system resources.

#199 Re: DIY » Tips for using Palemoon » 2018-01-26 13:51:38

Pale Moon for Linux release binaries
http://linux.palemoon.org/download/mainline/
I use ^this host for my copy, of course by choosing the architecture. Extract and run from a $HOME directory.

https://github.com/StevenBlack/hosts
https://github.com/Yhonay/antipopads
StevenBlack & Yhonay adblocks by using hosts@etc. Efficient enough for my purposes.

about:config?filter=/^javascript.enable/

Block javascript with double-click, enough to create a shortcut-link to Bookmar Toolbar.
Navigating with JavaScript disabled by set the value "false".

#200 Re: Other Issues » Question on kernel upgrades » 2017-12-14 10:07:03

#find how many linux images are installed on the system.

dpkg -l | grep linux-image

I use it for many years 3.16 series. Very pleased and I say to go up to end of LTS with it.

ii  linux-image-3.16.0-4-686-pae  3.16.51-2     i386    Linux 3.16 for modern PCs

Board footer

Forum Software