Mon Jul 28 22:05:06 CDT 2008 patches/packages/fetchmail-6.3.8-i486-1_slack8.1.tgz: Patched to fix a possible denial of service when "-v -v" options are used. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711 (* Security fix *) +--------------------------+ Wed Jul 9 20:03:57 CDT 2008 patches/packages/bind-9.3.5_P1-i386-1_slack8.1.tgz: Upgraded to bind-9.3.5-P1. This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache Poisoning Issue. This is the summary of the problem from the BIND site: "A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack." It is suggested that sites that run BIND upgrade to one of the new packages in order to reduce their exposure to DNS cache poisoning attacks. For more information, see: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Mon Apr 28 23:46:17 CDT 2008 patches/packages/libpng-1.2.27-i386-1_slack8.1.tgz: Upgraded to libpng-1.2.27. This fixes various bugs, the most important of which have to do with the handling of unknown chunks containing zero-length data. Processing a PNG image that contains these could cause the application using libpng to crash (possibly resulting in a denial of service), could potentially expose the contents of uninitialized memory, or could cause the execution of arbitrary code as the user running libpng (though it would probably be quite difficult to cause the execution of attacker-chosen code). We recommend upgrading the package as soon as possible. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt (* Security fix *) +--------------------------+ Mon Apr 7 02:04:58 CDT 2008 patches/packages/bzip2-1.0.5-i386-1_slack8.1.tgz: Upgraded to bzip2-1.0.5. Previous versions of bzip2 contained a buffer overread error that could cause applications linked to libbz2 to crash, resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 (* Security fix *) patches/packages/m4-1.4.11-i386-1_slack8.1.tgz: Upgraded to m4-1.4.11. In addition to bugfixes and enhancements, this version of m4 also fixes two issues with possible security implications. A minor security fix with the use of "maketemp" and "mkstemp" -- these are now quoted to prevent the (rather unlikely) possibility that an unquoted string could match an existing macro causing operations to be done on the wrong file. Also, a problem with the '-F' option (introduced with version 1.4) could cause a core dump or possibly (with certain file names) the execution of arbitrary code. For more information on these issues, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688 (* Security fix *) +--------------------------+ Fri Apr 4 12:36:37 CDT 2008 patches/packages/openssh-5.0p1-i386-1_slack8.1.tgz: Upgraded to openssh-5.0p1. This version fixes a security issue where local users could hijack forwarded X connections. Upgrading to the new package is highly recommended. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 (* Security fix *) +--------------------------+ Thu Feb 14 17:05:55 CST 2008 patches/packages/apache-1.3.41-i386-1_slack8.1.tgz: Upgraded to apache-1.3.41, the last regular release of the Apache 1.3.x series, and a security bugfix-only release. For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 (* Security fix *) patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz: Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41. +--------------------------+ Mon Dec 31 18:49:52 CST 2007 patches/packages/glibc-zoneinfo-2.2.5-noarch-6_slack8.1.tgz: Some deja vu. ;-) Upgraded to tzdata2007k. A new year should be started with the latest timezone data, so here it is. Happy holidays, and a happy new year to all! :-) +--------------------------+ Mon Dec 24 15:54:26 CST 2007 patches/packages/glibc-zoneinfo-2.2.5-noarch-5_slack8.1.tgz: Upgraded to tzdata2007j. A new year should be started with the latest timezone data, so here it is. Happy holidays, and a happy new year to all! :-) +--------------------------+ Sat Dec 1 16:57:18 CST 2007 patches/packages/rsync-2.6.9-i386-1_slack8.1.tgz: Patched some security bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://lists.samba.org/archive/rsync-announce/2007/000050.html (* Security fix *) +--------------------------+ Wed Nov 21 00:55:51 CST 2007 patches/packages/libpng-1.2.23-i386-1_slack8.1.tgz: Upgraded to libpng-1.2.23. Previous libpng versions may crash when loading malformed PNG files. It is not currently known if this vulnerability can be exploited to execute malicious code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 (* Security fix *) +--------------------------+ Thu Nov 1 22:03:53 CDT 2007 patches/packages/cups-1.1.19-i386-2_slack8.1.tgz: Patched cups-1.1.19. Errors in ipp.c may allow a remote attacker to crash CUPS resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 (* Security fix *) +--------------------------+ Wed Oct 10 11:50:50 CDT 2007 patches/packages/glibc-zoneinfo-2.2.5-i386-4_slack8.1.tgz: Upgraded to timezone data from tzcode2007h and tzdata2007h. This contains the latest timezone data from NIST, including some important changes to daylight savings time in Brasil and New Zealand. +--------------------------+ Wed Sep 12 15:20:06 CDT 2007 patches/packages/openssh-4.7p1-i386-1_slack8.1.tgz: Upgraded to openssh-4.7p1. From the OpenSSH release notes: "Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec." While it's fair to say that we here at Slackware don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry. More information should appear here eventually: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 (* Security fix *) +--------------------------+ Thu Jul 26 15:51:42 CDT 2007 patches/packages/bind-9.2.8_P1-i386-1_slack8.1.tgz: Upgraded to bind-9.2.8_P1 to fix a security issue. The query IDs in BIND9 prior to BIND 9.2.8-P1 are cryptographically weak. For more information on this issue, see: http://www.isc.org/index.pl?/sw/bind/bind-security.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 (* Security fix *) +--------------------------+ Wed May 16 16:16:59 CDT 2007 patches/packages/libpng-1.2.18-i386-1_slack8.1.tgz: Upgraded to libpng-1.2.18. A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications. This vulnerability has been assigned the identifiers CVE-2007-2445 and CERT VU#684664. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 (* Security fix *) +--------------------------+ Tue Apr 3 15:13:56 CDT 2007 patches/packages/file-4.20-i386-1_slack8.1.tgz: Upgraded to file-4.20. This fixes a heap overflow that could allow code to be executed as the user running file (note that there are many scenarios where file might be used automatically, such as in virus scanners or spam filters). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 (* Security fix *) +--------------------------+ Sun Feb 18 15:20:36 CST 2007 patches/packages/glibc-zoneinfo-2.2.5-i386-3_slack8.1.tgz: Updated with tzdata2007b for impending Daylight Savings Time changes in the US. +--------------------------+ Fri Jan 26 22:46:30 CST 2007 patches/packages/bind-9.2.8-i386-1_slack8.1.tgz: Upgraded to bind-9.2.8. This update fixes two denial of service vulnerabilities where an attacker could crash the name server with specially crafted malformed data. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 (* Security fix *) +--------------------------+ Wed Jan 24 14:15:07 CST 2007 patches/packages/fetchmail-6.3.6-i386-1_slack8.1.tgz: Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug introduced in fetchmail-6.3.5 could cause fetchmail to crash. However, no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long standing bug (reported by Isaac Wilcox) could cause fetchmail to send a password in clear text or omit using TLS even when configured otherwise. All fetchmail users are encouraged to consider using getmail, or to upgrade to the new fetchmail packages. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 (* Security fix *) +--------------------------+ Fri Dec 1 15:03:20 CST 2006 patches/packages/libpng-1.2.14-i386-1_slack8.1.tgz: Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG file could crash applications that use libpng. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 (* Security fix *) patches/packages/proftpd-1.3.0a-i386-1_slack8.1.tgz: Upgraded to proftpd-1.3.0a plus an additional security patch. Several security issues were found in proftpd that could lead to the execution of arbitrary code by a remote attacker, including one in mod_tls that does not require the attacker to be authenticated first. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171 (* Security fix *) patches/packages/tar-1.16-i386-1_slack8.1.tgz: Upgraded to tar-1.16. This fixes an issue where files may be extracted outside of the current directory, possibly allowing a malicious tar archive, when extracted, to overwrite any of the user's files (in the case of root, any file on the system). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097 (* Security fix *) +--------------------------+ Mon Nov 6 21:29:24 CST 2006 patches/packages/bind-9.2.6_P2-i386-1_slack8.1.tgz: Upgraded to bind-9.2.6-P2. This fixes some security issues related to previous fixes in OpenSSL. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named. In addition, the default RSA exponent was changed from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's default) will need to be regenerated to protect against the forging of RRSIGs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) +--------------------------+ Fri Nov 3 23:19:57 CST 2006 patches/packages/screen-4.0.3-i386-1_slack8.1.tgz: Upgraded to screen-4.0.3. This addresses an issue with the way screen handles UTF-8 character encoding that could allow screen to be crashed (or possibly code to be executed in the context of the screen user) if a specially crafted sequence of pseudo-UTF-8 characters are displayed withing a screen session. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 (* Security fix *) +--------------------------+ Fri Sep 29 00:49:33 CDT 2006 patches/packages/openssh-4.4p1-i386-1_slack8.1.tgz: Upgraded to openssh-4.4p1. This fixes a few security related issues. From the release notes found at http://www.openssh.com/txt/release-4.4: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052 After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set the way you want them. Future upgrades will respect the existing permissions settings. Thanks to Manuel Reimer for pointing out that upgrading openssh would enable a previously disabled sshd daemon. Do better checking of passwd, shadow, and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. (* Security fix *) +--------------------------+ Tue Sep 19 14:07:49 CDT 2006 patches/packages/gzip-1.3.5-i386-1_slack8.1.tgz: Upgraded to gzip-1.3.5, and fixed a variety of bugs. Some of the bugs have possible security implications if gzip or its tools are fed a carefully constructed malicious archive. Most of these issues were recently discovered by Tavis Ormandy and the Google Security Team. Thanks to them, and also to the ALT and Owl developers for cleaning up the patch. For further details about the issues fixed, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 (* Security fix *) +--------------------------+ Thu Sep 14 05:30:50 CDT 2006 patches/packages/openssl-0.9.6m-i386-3_slack8.1.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 patches/packages/openssl-solibs-0.9.6m-i386-3_slack8.1.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) +--------------------------+ Fri Jul 28 17:37:42 CDT 2006 patches/packages/apache-1.3.37-i386-1_slack8.1.tgz: Upgraded to apache-1.3.37. From the announcement on httpd.apache.org: This version of Apache is security fix release only. An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. The Slackware Security Team feels that the vast majority of installations will not be configured in a vulnerable way but still suggests upgrading to the new apache and mod_ssl packages for maximum security. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 And see Apache's announcement here: http://www.apache.org/dist/httpd/Announcement1.3.html (* Security fix *) patches/packages/mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz: Upgraded to mod_ssl-2.8.28-1.3.37. +--------------------------+ Mon Jul 24 15:44:39 CDT 2006 patches/packages/mutt-1.4.2.2i-i386-1_slack8.1.tgz: Upgraded to mutt-1.4.2.2i. This release fixes CVE-2006-3242, a buffer overflow that could be triggered by a malicious IMAP server. [Connecting to malicious IMAP servers must be common, right? -- Ed.] For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242 (* Security fix *) +--------------------------+ Thu Jun 15 01:58:40 CDT 2006 patches/packages/sendmail-8.13.7-i386-1_slack8.1.tgz: Upgraded to sendmail-8.13.7. Fixes a potential denial of service problem caused by excessive recursion leading to stack exhaustion when attempting delivery of a malformed MIME message. This crashes sendmail's queue processing daemon, which in turn can lead to two problems: depending on the settings, these crashed processes may create coredumps which could fill a drive partition; and such a malformed message in the queue will cause queue processing to cease when the message is reached, causing messages that are later in the queue to not be processed. Sendmail's complete advisory may be found here: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Sendmail has also provided an FAQ about this issue: http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 (* Security fix *) patches/packages/sendmail-cf-8.13.7-noarch-1_slack8.1.tgz: Upgraded to sendmail-8.13.7 configs. +--------------------------+ Wed May 10 15:07:18 CDT 2006 patches/packages/apache-1.3.35-i386-2_slack8.1.tgz: Patched to fix totally broken Include behavior. Thanks to Francesco Gringoli for reporting this bug. +--------------------------+ Tue May 9 00:53:54 CDT 2006 patches/packages/apache-1.3.35-i386-1_slack8.1.tgz: Upgraded to apache-1.3.35. From the official announcement: Of particular note is that 1.3.35 addresses and fixes 1 potential security issue: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 (* Security fix *) patches/packages/mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz: Upgraded to mod_ssl-2.8.26-1.3.35. This is an updated version designed for Apache 1.3.35. +--------------------------+ Wed Mar 22 13:01:23 CST 2006 patches/packages/sendmail-8.13.6-i386-1.tgz: Upgraded to sendmail-8.13.6. This new version of sendmail contains a fix for a security problem discovered by Mark Dowd of ISS X-Force. From sendmail's advisory: Sendmail was notified by security researchers at ISS that, under some specific timing conditions, this vulnerability may permit a specifically crafted attack to take over the sendmail MTA process, allowing remote attackers to execute commands and run arbitrary programs on the system running the MTA, affecting email delivery, or tampering with other programs and data on this system. Sendmail is not aware of any public exploit code for this vulnerability. This connection-oriented vulnerability does not occur in the normal course of sending and receiving email. It is only triggered when specific conditions are created through SMTP connection layer commands. Sendmail's complete advisory may be found here: http://www.sendmail.com/company/advisory/index.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 (* Security fix *) patches/packages/sendmail-cf-8.13.6-noarch-1.tgz: Upgraded to sendmail-8.13.6 configuration files. +--------------------------+ Thu Feb 9 15:09:26 CST 2006 patches/packages/fetchmail-6.3.2-i386-1.tgz: Upgraded to fetchmail-6.3.2. Presumably this replaces all the known security problems with a batch of new unknown ones. (fetchmail is improving, really ;-) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321 (* Security fix *) patches/packages/openssh-4.3p1-i386-1.tgz: Upgraded to openssh-4.3p1. This fixes a security issue when using scp to copy files that could cause commands embedded in filenames to be executed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 (* Security fix *) patches/packages/sudo-1.6.8p12-i386-1.tgz: Upgraded to sudo-1.6.8p12. This fixes an issue where a user able to run a Python script through sudo may be able to gain root access. IMHO, running any kind of scripting language from sudo is still not safe... For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151 (* Security fix *) +--------------------------+ Mon Nov 7 19:54:57 CST 2005 patches/packages/elm-2.5.8-i386-1.tgz: Upgraded to elm2.5.8. This fixes a buffer overflow in the parsing of the Expires header that could be used to execute arbitrary code as the user running Elm. Thanks to Ulf Harnhammar for finding the bug and reminding me to get out updated packages to address the issue. A reference to the original advisory: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html +--------------------------+ Sat Nov 5 22:23:30 CST 2005 patches/packages/apache-1.3.34-i386-1.tgz: Upgraded to apache-1.3.34. Fixes this minor security bug: "If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks." (* Security fix *) patches/packages/imapd-4.64-i386-1.tgz: Upgraded to imapd-4.64. A buffer overflow was reported in the mail_valid_net_parse_work function. However, this function in the c-client library does not appear to be called from anywhere in imapd. iDefense states that the issue is of LOW risk to sites that allow users shell access, and LOW-MODERATE risk to other servers. I believe it's possible that it is of NIL risk if the function is indeed dead code to imapd, but draw your own conclusions... (* Security fix *) patches/packages/lynx-2.8.5rel.5-i386-1.tgz: Upgraded to lynx-2.8.5rel.5. Fixes an issue where the handling of Asian characters when using lynx to connect to an NNTP server (is this a common use?) could result in a buffer overflow causing the execution of arbitrary code. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120 (* Security fix *) patches/packages/mod_ssl-2.8.25_1.3.34-i386-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34. patches/packages/pine-4.64-i386-1.tgz: Upgraded to pine-4.64. patches/packages/wget-1.10.2-i386-1.tgz: Upgraded to wget-1.10.2. This addresses a buffer overflow in wget's NTLM handling function that could have possible security implications. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 (* Security fix *) +--------------------------+ Thu Oct 13 13:57:25 PDT 2005 patches/packages/openssl-0.9.6m-i386-2.tgz: Patched. Fixed a vulnerability that could, in rare circumstances, allow an attacker acting as a "man in the middle" to force a client and a server to negotiate the SSL 2.0 protocol (which is known to be weak) even if these parties both support SSL 3.0 or TLS 1.0. For more details, see: http://www.openssl.org/news/secadv_20051011.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969 (* Security fix *) patches/packages/openssl-solibs-0.9.6m-i386-2.tgz: Patched. (* Security fix *) +--------------------------+ Mon Sep 12 23:38:33 PDT 2005 patches/packages/util-linux-2.11r-i386-3.tgz: Patched an issue with umount where if the umount failed when the '-r' option was used, the filesystem would be remounted read-only but without any extra flags specified in /etc/fstab. This could allow an ordinary user able to mount a floppy or CD (but with nosuid, noexec, nodev, etc in /etc/fstab) to run a setuid binary from removable media and gain root privileges. Reported to BugTraq by David Watson: http://www.securityfocus.com/archive/1/410333 (* Security fix *) +--------------------------+ Mon Sep 12 12:49:39 PDT 2005 patches/packages/dhcpcd-1.3.22pl4-i386-2.tgz: Patched an issue where a remote attacker can cause dhcpcd to crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848 (* Security fix *) +--------------------------+ Wed Sep 7 13:33:05 PDT 2005 patches/packages/mod_ssl-2.8.24_1.3.33-i386-1.tgz: Upgraded to mod_ssl-2.8.24-1.3.33. From the CHANGES file: Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 (* Security fix *) +--------------------------+ Tue Aug 30 12:54:39 PDT 2005 patches/packages/pcre-6.3-i386-1.tgz: Upgraded to pcre-6.3. This fixes a buffer overflow that could be triggered by the processing of a specially crafted regular expression. Theoretically this could be a security issue if regular expressions are accepted from untrusted users to be processed by a user with greater privileges, but this doesn't seem like a common scenario (or, for that matter, a good idea). However, if you are using an application that links to the shared PCRE library and accepts outside input in such a manner, you will want to update to this new package. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 (* Security fix *) patches/packages/php-4.3.11-i386-4.tgz: Relinked with the system PCRE library, as the builtin library has a buffer overflow that could be triggered by the processing of a specially crafted regular expression. Note that this change requires the pcre package to be installed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 (* Security fix *) Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the insecure eval() function. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 (* Security fix *) +--------------------------+ Fri Jul 29 11:33:52 PDT 2005 patches/packages/tcpip-0.17-i386-13b.tgz: Patched two overflows in the telnet client that could allow the execution of arbitrary code when connected to a malicious telnet server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 (* Security fix *) +--------------------------+ Fri Jul 22 13:52:54 PDT 2005 patches/packages/fetchmail-6.2.5.2-i386-1.tgz: Upgraded to fetchmail-6.2.5.2. This fixes an overflow by which malicious or compromised POP3 servers may overflow fetchmail's stack. For more information, see: http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt (* Security fix *) +--------------------------+ Thu Jul 14 15:22:27 PDT 2005 patches/packages/tcpdump-3.9.3-i386-1.tgz: Upgraded to libpcap-0.9.3 and tcpdump-3.9.3. This fixes an issue where an invalid BGP packet can cause tcpdump to go into an infinate loop, effectively disabling network monitoring. (* Security fix *) patches/packages/xv-3.10a-i386-4.tgz: Upgraded to the latest XV jumbo patches, xv-3.10a-jumbo-fix-patch-20050410 and xv-3.10a-jumbo-enh-patch-20050501. These fix a number of format string and other possible security issues in addition to providing many other bugfixes and enhancements. (Thanks to Greg Roelofs) (* Security fix *) +--------------------------+ Mon Jul 11 19:50:20 PDT 2005 patches/packages/php-4.3.11-i386-3.tgz: Fixed build/packaging bugs. +--------------------------+ Mon Jul 11 15:02:11 PDT 2005 patches/packages/php-4.3.11-i386-2.tgz: Upgraded PEAR XML_RPC class. This new PHP package fixes a PEAR XML_RPC vulnerability. Sites that use this PEAR class should upgrade to the new PHP package, or as a minimal fix may instead upgrade the XML_RPC PEAR class with the following command: pear upgrade XML_RPC (* Security fix *) +--------------------------+ Tue Jun 21 22:00:51 PDT 2005 patches/packages/sudo-1.6.8p9-i386-1.tgz: Upgraded to sudo-1.6.8p9. This new version of Sudo fixes a race condition in command pathname handling that could allow a user with Sudo privileges to run arbitrary commands. For full details, see the Sudo site: http://www.courtesan.com/sudo/alerts/path_race.html (* Security fix *) +--------------------------+ Sun May 1 22:09:51 PDT 2005 patches/packages/infozip-5.52-i486-1.tgz: Upgraded to unzip552.tar.gz and zip231.tar.gz. These fix some buffer overruns if deep directory paths are packed into a Zip archive which could be a security vulnerability (for example, in a case of automated archiving or backups that use Zip). However, it also appears that these now use certain assembly instructions that might not be available on older CPUs, so if you have an older machine you may wish to take this into account before deciding whether you should upgrade. (* Security fix *) +--------------------------+ Thu Apr 21 14:25:27 PDT 2005 patches/packages/cvs-1.11.20-i386-1.tgz: Upgraded to cvs-1.11.20. From cvshome.org: "This version fixes many minor security issues in the CVS server executable including a potentially serious buffer overflow vulnerability with no known exploit. We recommend this upgrade for all CVS servers!" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 (* Security fix *) patches/packages/python-2.2.3-i386-1.tgz: Upgraded to python-2.2.3. From the python.org site: "The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers using only register_function() are not affected." For more details, see: http://python.org/security/PSF-2005-001/ (* Security fix *) +--------------------------+ Sun Apr 3 21:23:27 PDT 2005 patches/packages/php-4.3.11-i386-1.tgz: Upgraded to php-4.3.11. "This is a maintenance release that in addition to over 70 non-critical bug fixes addresses several security issues inside the exif and fbsql extensions as well as the unserialize(), swf_definepoly() and getimagesize() functions." (* Security fix *) +--------------------------+ Sun Oct 31 17:54:02 PST 2004 patches/packages/apache-1.3.33-i386-1.tgz: Upgraded to apache-1.3.33. This fixes one new security issue (the first issue, CAN-2004-0492, was fixed in apache-1.3.32). The second bug fixed in 1.3.3 (CAN-2004-0940) allows a local user who can create SSI documents to become "nobody". The amount of mischief they could cause as nobody seems low at first glance, but it might allow them to use kill or killall as nobody to try to create a DoS. (* Security fix *) patches/packages/libtiff-3.5.7-i386-3.tgz: Patched several bugs that could lead to crashes, or could possibly allow arbitrary code to be executed. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 (* Security fix *) patches/packages/mod_ssl-2.8.22_1.3.33-i386-1.tgz: Upgraded to mod_ssl-2.8.22_1.3.33. patches/packages/php-4.3.9-i386-1.tgz: Fixed mod_php.conf to refer to /usr/libexec rather than /usr/libexec/apache. +--------------------------+ Mon Oct 25 16:38:32 PDT 2004 patches/packages/apache-1.3.32-i386-1.tgz: Upgraded to apache-1.3.32. This addresses a heap-based buffer overflow in mod_proxy by rejecting responses from a remote server with a negative Content-Length. The flaw could crash the Apache child process, or possibly allow code to be executed as the Apache user (but only if mod_proxy is actually in use on the server). For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 (* Security fix *) patches/packages/mod_ssl-2.8.21_1.3.32-i386-1.tgz: Upgraded to mod_ssl-2.8.21-1.3.32. Don't allow clients to bypass cipher requirements, possibly negotiating a connection that the server does not consider secure enough. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 (* Security fix *) patches/packages/php-4.3.9-i386-1.tgz: Upgraded to php-4.3.9. +--------------------------+ Mon Oct 11 20:07:39 PDT 2004 patches/packages/rsync-2.6.3-i386-1.tgz: Upgraded to rsync-2.6.3. From the rsync NEWS file: A bug in the sanitize_path routine (which affects a non-chrooted rsync daemon) could allow a user to craft a pathname that would get transformed into an absolute path for certain options (but not for file-transfer names). If you're running an rsync daemon with chroot disabled, *please upgrade*, ESPECIALLY if the user privs you run rsync under is anything above "nobody". Note that rsync, in daemon mode, sets the "use chroot" to true by default, and (in this default mode) is not vulnerable to this issue. I would strongly recommend against setting "use chroot" to false even if you've upgraded to this new package. (* Security fix *) +--------------------------+ Sat Aug 7 17:16:19 AKDT 2004 patches/packages/libpng-1.2.5-i486-1.tgz: Upgraded to libpng-1.2.5 and patched possible security issues including buffer and integer overflows and null pointer references. These issues could cause program crashes, or possibly allow arbitrary code embedded in a malicious PNG image to execute. The PNG library is widely used within the system, so all sites should upgrade to the new libpng package. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 (* Security fix *) patches/packages/sox-12.17.4-i386-3.tgz: Patched buffer overflows that could allow a malicious WAV file to execute arbitrary code. (* Security fix *) +--------------------------+ Sun Jul 25 19:28:19 PDT 2004 patches/packages/mod_ssl-2.8.19_1.3.31-i386-1.tgz: Upgraded to mod_ssl-2.8.19-1.3.31. This fixes a security hole (ssl_log() related format string vulnerability in mod_proxy hook functions), so sites using mod_ssl should upgrade to the new version. Be sure to back up your existing key files first. (* Security fix *) patches/packages/samba-2.2.10-i386-1.tgz: Upgraded to samba-2.2.10. A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Affected Samba 2.2 installations can avoid this possible security bug by using the hash2 mangling method. Server installations requiring the hash mangling method are encouraged to upgrade to Samba v2.2.10 or v3.0.5. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686 (* Security fix *) +--------------------------+ Tue Jul 20 20:51:59 PDT 2004 patches/packages/php-4.3.8-i386-1.tgz: Upgraded to php-4.3.8. This release fixes two security problems in PHP (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595 (* Security fix *) +--------------------------+ Tue Jun 15 02:07:58 PDT 2004 patches/packages/kernel-ide-2.4.18-i386-6.tgz: Patched local DoS (CAN-2004-0554). Without this patch to asm-i386/i387.h a local user can crash the kernel. Also includes all previous patches from -3. The new patch can be found here, too: patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz (* Security fix *) patches/packages/kernel-source-2.4.18-noarch-7.tgz: Patched local DoS (CAN-2004-0554). (* Security fix *) patches/kernels/*: Patched local DoS (CAN-2004-0554). (* Security fix *) +--------------------------+ Wed Jun 9 11:41:49 PDT 2004 patches/packages/cvs-1.11.17-i386-1.tgz: Upgraded to cvs-1.11.17. From the cvs NEWS file: * Thanks to Stefan Esser & Sebastian Krahmer, several potential security problems have been fixed. The ones which were considered dangerous enough to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, & CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please see for more information. * A potential buffer overflow vulnerability in the server has been fixed. This addresses the Common Vulnerabilities and Exposures Project's issue CAN-2004-0414. Please see for more information. (* Security fix *) +--------------------------+ Wed Jun 2 00:46:45 PDT 2004 patches/packages/apache-1.3.31-i386-1.tgz: Upgraded to apache-1.3.31, needed to use the new mod_ssl. patches/packages/mod_ssl-2.8.18_1.3.31-i386-1.tgz: Upgraded to mod_ssl-2.8.18-1.3.31. This fixes a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is configured to trust the issuing CA: *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation if the Subject-DN in the client certificate exceeds 6KB in length. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488 (* Security fix *) Other changes: Make the sample keys .new so as not to overwrite existing server keys. However, any existing mod_ssl package will have these listed as non-config files, and will still remove and replace these upon upgrade. You'll have to save your config files one more time... sorry). patches/packages/php-4.3.6-i386-1.tgz: Upgraded to php-4.3.6. This is compiled with c-client.a in /usr/local/lib/c-client/ to fix a problem in previous php packages where linking against the library in a path under /tmp caused an ELF rpath to this location to be built into the PHP binaries. A local attacker could (by placing shared libraries in this location) either crash PHP or cause arbitrary code to be executed as the PHP user (typically "nobody"). Thanks to Bryce Nichols for discovering this issue and bringing it to my attention. (* Security fix *) +--------------------------+ Wed May 19 15:14:54 PDT 2004 patches/packages/cvs-1.11.16-i386-1.tgz: Upgraded to cvs-1.11.16. From the NEWS file: A potential buffer overflow vulnerability in the server has been fixed. Prior to this patch, a malicious client could potentially use carefully crafted server requests to run arbitrary programs on the CVS server machine. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 (* Security fix *) +--------------------------+ Wed May 12 13:17:26 PDT 2004 patches/packages/apache-1.3.29-i386-2.tgz: Patched four security issues in the Apache web server as noted on http://httpd.apache.org. These security fixes were backported from Apache 1.3.31: In mod_digest, verify whether the nonce returned in the client response is one we issued ourselves. This problem does not affect mod_auth_digest. (CAN-2003-0987) Escape arbitrary data before writing into the errorlog. (CAN-2003-0020) Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. (CAN-2004-0174) Fix parsing of Allow/Deny rules using IP addresses without a netmask; issue is only known to affect big-endian 64-bit platforms (CAN-2003-0993) For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993 (* Security fix *) +--------------------------+ Tue May 4 15:11:06 PDT 2004 patches/packages/bin-8.3.0-i386-3.tgz: Fixed buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235 (* Security fix *) +--------------------------+ Sun May 2 19:25:42 PDT 2004 patches/packages/rsync-2.6.2-i386-1.tgz: Upgraded to rsync-2.6.2. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allowing remote attackers to write files outside of the module's path. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426 (* Security fix *) patches/packages/sysklogd-1.4.1-i386-9.tgz: Patched a bug which could allow a user to cause syslogd to write to unallocated memory and crash. Thanks to Steve Grubb for finding the bug, and Solar Designer for refining the patch. (* Security fix *) +--------------------------+ Sat Apr 17 14:16:22 PDT 2004 patches/packages/cvs-1.11.15-i386-1.tgz: Upgraded to cvs-1.11.15. Fixes two security problems (server creating arbitrary files on a client machine, and client viewing files outside of the CVS repository). For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405 (* Security fix *) +--------------------------+ Sat Apr 17 11:15:13 PDT 2004 patches/packages/tcpdump-3.8.3-i486-1.tgz: Upgraded to tcpdump-3.8.3 and libpcap-0.8.3. This fixes a couple minor bugs that shouldn't affect 32-bit ix86 Slackware, but we might as well have the latest. According to www.tcpdump.org: TCPDUMP version 3.8.3 has been released as of March 30, 2004. 3.8.3 is identical to 3.8.2, but the version number has been incremented to match libpcap. LIBPCAP version 0.8.3 has been released as of March 30, 2004. 0.8.3 fixes a minor problem with gencode.c on 64-bit architectures. It also carries the correct version numbers. +--------------------------+ Tue Mar 30 22:30:39 PST 2004 patches/packages/tcpdump-3.8.2-i386-1.tgz: Upgraded to tcpdump-3.8.2 and libpcap-0.8.2. Fixes denial-of-service security issues. For more details, see: http://www.rapid7.com/advisories/R7-0017.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184 (* Security fix *) +--------------------------+ Wed Mar 17 16:30:44 PST 2004 patches/packages/openssl-0.9.6m-i386-1.tgz: Upgraded to openssl-0.9.6m. patches/packages/openssl-solibs-0.9.6m-i386-1.tgz: Upgraded to openssl-0.9.6m. This fixes two potential denial-of-service issues in earlier versions of OpenSSL. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 (* Security fix *) +--------------------------+ Wed Feb 18 03:58:44 PST 2004 patches/packages/metamail-2.7-i386-2.tgz: Patched two format string bugs and two buffer overflows in metamail which could lead to unauthorized code execution. Thanks to Ulf Härnhammar for discovering these problems and providing a patch. (* Security fix *) +--------------------------+ Thu Feb 12 09:59:49 PST 2004 patches/packages/mutt-1.4.2i-i386-1.tgz: Upgraded to mutt-1.4.2i. This fixes an overflow that is a potential security hole. Here's the information from www.mutt.org: "Mutt 1.4.2 was released on February 11, 2004. This version fixes a buffer overflow that can be triggered by incoming messages. There are reports about spam that has actually triggered this problem and crashed mutt. It is recommended that users of mutt versions prior to 1.4.2 upgrade to this version, or apply the patch included below." (* Security fix *) patches/packages/xfree86-4.2.1-i386-3.tgz: Patched to fix buffer overflow problems with the parsing of 'font.alias' files that could allow unauthorized code execution. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106 (* Security fix *) +--------------------------+ Thu Jan 8 18:21:27 PST 2004 patches/kernels/*: These are 2.4.18 kernels containing a backported fix for a security problem with the kernel's mremap() function. A local user could exploit this hole to gain root privileges. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985 After installing the new kernel, be sure to run 'lilo'. (* Security fix *) patches/packages/kernel-ide-2.4.18-i386-5.tgz: Patched mremap(). (* Security fix *) patches/packages/kernel-source-2.4.18-noarch-6.tgz: This is the source code from kernel-source-2.4.18-noarch-5 with the fix for mremap(). (* Security fix *) +--------------------------+ Fri Dec 12 11:05:33 PST 2003 patches/packages/lftp-2.6.10-i386-1.tgz: Upgraded to lftp-2.6.10. According to the NEWS file, this includes "security fixes in html parsing code" which could cause a compromise when using lftp to access an untrusted site. (* Security fix *) +--------------------------+ Thu Dec 11 12:38:05 PST 2003 patches/packages/cvs-1.11.10-i386-1.tgz: Upgraded to cvs-1.11.10. From the NEWS file: SERVER SECURITY ISSUES * Malformed module requests could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Filesystem permissions usually prevent the creation of these misplaced directories, but nevertheless, the CVS server now rejects the malformed requests. (* Security fix *) +--------------------------+ Thu Dec 4 15:39:43 PST 2003 patches/kernels/*: These are 2.4.18 kernels containing a backported fix for a security problem with the kernel's do_brk() function. A local user could exploit this hole to gain root privileges. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961 After installing the new kernel, be sure to run 'lilo'. (* Security fix *) patches/packages/kernel-ide-2.4.18-i386-4.tgz: Patched do_brk(). (* Security fix *) patches/packages/kernel-source-2.4.18-noarch-5.tgz: This is 2.4.18 source code with do_brk() and an improved version of the ptrace fix pre-applied. The package also contains patches for XFS and Speakup (provided in /usr/src, but not pre-applied). (* Security fix *) +--------------------------+ Wed Dec 3 22:39:24 PST 2003 patches/packages/rsync-2.5.7-i386-1.tgz: Upgraded to rsync-2.5.7. From the rsync-2.5.7-NEWS file: SECURITY: * Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul Russell, Andrea Barisani) The vulnerability affects sites running rsync in daemon mode (rsync servers). These sites should be upgraded immediately. (* Security fix *) +--------------------------+ Tue Nov 4 14:50:50 PST 2003 patches/packages/apache-1.3.29-i386-1.tgz: Upgraded to apache-1.3.29. This fixes the following local security issue: o CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. This vulnerability requires the attacker to create or modify certain Apache configuration files, and is not a remote hole. However, it could possibly be used to gain additional privileges if access to the Apache administrator account can be gained through some other means. All sites running Apache should upgrade. (* Security fix *) patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz: Upgraded to mod_ssl-2.8.16_1.3.29. patches/packages/php-4.3.3-i386-1.tgz: Upgraded to php-4.3.3. +--------------------------+ Wed Oct 22 13:44:11 PDT 2003 patches/packages/fetchmail-6.2.5-i386-1.tgz: Upgraded to fetchmail-6.2.5. This fixes a security issue where a specially crafted message could cause fetchmail to crash, preventing the user from retrieving email. (* Security fix *) +--------------------------+ Tue Sep 30 17:44:06 PDT 2003 patches/packages/openssl-0.9.6k-i386-1.tgz: Upgraded to OpenSSL 0.9.6k. patches/packages/openssl-solibs-0.9.6k-i386-1.tgz: Upgraded to OpenSSL 0.9.6k. This update fixes problems with OpenSSL's ASN.1 parsing which could lead to a denial of service. It is not known whether the problems could lead to the running of malicious code on the server, but it has not been ruled out. For detailed information, see OpenSSL's security advisory: http://www.openssl.org/news/secadv_20030930.txt We recommend sites that use OpenSSL upgrade to the fixed packages right away. (* Security fix *) +--------------------------+ Tue Sep 23 14:02:31 PDT 2003 patches/packages/openssh-3.7.1p2-i386-1.tgz: Upgraded to openssh-3.7.1p2. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware does not use PAM and is not vulnerable to any of the fixed problems. Please indulge me for this brief aside (as requests for PAM are on the rise): If you see a security problem reported which depends on PAM, you can be glad you run Slackware. I think a better name for PAM might be SCAM, for Swiss Cheese Authentication Modules, and have never felt that the small amount of convenience it provides is worth the great loss of system security. We miss out on half a dozen security problems a year by not using PAM, but you can always install it yourself if you feel that you're missing out on the fun. (No, don't do that) OK, I'm done ranting here. :-) I suppose this is still a: (* Security fix *) patches/packages/proftpd-1.2.8p-i386-1.tgz: Upgraded to proftpd-1.2.8p (patched). This fixes a security problem in ProFTPD. From http://www.proftpd.org: X-Force Research at ISS has discovered a remote exploit in ProFTPD's handling of ASCII translations that an attacker, by downloading a carefully crafted file, can exploit and gain a root shell. The source distributions on ftp.proftpd.org have all been replaced with patched versions. All ProFTPD users are strongly urged to upgrade to one of the patched versions as soon as possible. Note that the upgraded package does not change the displayed version number to 1.2.8p (it remains 1.2.8), but we've verified the source code to make sure that this is in fact the patched version. We recommend all sites running ProFTPD upgrade to the new package right away. (* Security fix *) +--------------------------+ Wed Sep 17 10:14:57 PDT 2003 patches/packages/sendmail-8.12.10-i386-1.tgz: Upgraded to sendmail-8.12.10. This fixes security issues as noted in Sendmail's RELEASE_NOTES: "SECURITY: Fix a buffer overflow in address parsing. Problem detected by Michal Zalewski, patch from Todd C. Miller of Courtesan Consulting. Fix a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration; only if non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients rulesets are used then a problem may occur. Problem noted by Timo Sirainen." We recommend that sites running Sendmail upgrade immediately. (* Security fix *) patches/packages/sendmail-cf-8.12.10-noarch-1.tgz: Upgraded to config files for sendmail-8.12.10. +--------------------------+ Wed Sep 17 01:21:54 PDT 2003 patches/packages/openssh-3.7.1p1-i386-1.tgz: Upgraded to openssh-3.7.1p1. The OpenSSH advisory was updated (http://www.openssh.com/txt/buffer.adv) and now says that you need at least version 3.7.1, which fixes some more buffer problems like those fixed by 3.7. (* Security fix *) +--------------------------+ Tue Sep 16 11:16:56 PDT 2003 patches/packages/openssh-3.7p1-i386-1.tgz: Upgraded to openssh-3.7p1. From the OpenSSH Security Advisory (http://www.openssh.com/txt/buffer.adv): "All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." (* Security fix *) +--------------------------+ Wed Sep 10 20:47:53 PDT 2003 patches/packages/pine-4.58-i386-1.tgz: Upgraded to pine4.58. This fixes two vulnerabilities in earlier PINE versions found by iDEFENSE Labs (see http://www.idefense.com/advisory/09.10.03.txt). (* Security fix *) +--------------------------+ Mon Sep 8 11:32:55 PDT 2003 patches/packages/inetd-1.79s-i386-2.tgz: Disable inetd's (stupid) connection limiting code which can actually cause a DoS rather than preventing it. The default connections-per-minute is now unlimited. -R 0 also removes limiting (this is now mentioned in the man page as well). Thanks to 3APA3A for reporting this issue. (* Security fix *) +--------------------------+ Tue Jul 15 10:42:58 PDT 2003 patches/packages/nfs-utils-1.0.4-i386-2.tgz: Fixed a bug in the new nfs-utils which can result in mountd crashing. Thanks to André Muezerie for the report. +--------------------------+ Mon Jul 14 14:15:34 PDT 2003 patches/packages/nfs-utils-1.0.4-i386-1.tgz: Upgraded to nfs-utils-1.0.4. This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code. All sites providing NFS services should upgrade to this new package immediately. (* Security fix *) +--------------------------+ Fri May 30 13:59:46 PDT 2003 patches/packages/apache-1.3.27-i386-2.tgz: Recompiled. patches/packages/mod_ssl-2.8.14_1.3.27-i386-1.tgz: Upgraded to mod_ssl-2.8.14-1.3.27. Includes RSA blinding fixes. (* Security fix *) patches/packages/php-4.3.2-i386-1.tgz: Upgraded to php-4.3.2. A bit of the information about the release on www.php.net: * Fixes several potentially hazardous integer and buffer overflows. * New "disable_classes" php.ini option to allow administrators to disable certain classes for security reasons. * ..and a HUGE amount of other bug fixes! (* Security fix *) +--------------------------+ Thu May 29 00:52:30 PDT 2003 patches/packages/cups-1.1.19-i386-1.tgz: Upgraded to cups-1.1.19. A denial of service problem that allowed a CUPS client to hang the CUPS server is now fixed in CUPS 1.1.19. Note that CUPS is not installed by default -- it is shipped as one of the packages in /extra. (* Security fix *) +--------------------------+ Wed May 21 15:41:04 PDT 2003 patches/packages/bitchx-1.0c19-i386-3.tgz: Patched several potential "evil server" security problems noted by Timo Sirainen. (* Security fix *) patches/packages/epic4-1.0.1-i386-3.tgz: Patched a buffer overflow in ctcp.c. (* Security fix *) patches/packages/glibc-2.2.5-i386-4.tgz: Patched, recompiled. (* Security fix *) patches/packages/glibc-solibs-2.2.5-i386-4.tgz: Patched a buffer overflow in some dead code (xdrmem_getbytes(), which we couldn't find used by anything, but it doesn't hurt to patch it anyway) (* Security fix *) +--------------------------+ Mon Apr 7 14:26:53 PDT 2003 patches/packages/samba-2.2.8a-i386-1.tgz: Upgraded to samba-2.2.8a. From the samba-2.2.8a WHATSNEW.txt: **************************************** * IMPORTANT: Security bugfix for Samba * **************************************** Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in all stable versions of Samba currently shipping. The Common Vulnerabilities and Exposures (CVE) project has assigned the ID CAN-2003-0201 to this defect. This vulnerability, if exploited correctly, leads to an anonymous user gaining root access on a Samba serving system. All versions of Samba up to and including Samba 2.2.8 are vulnerable. An active exploit of the bug has been reported in the wild. Alpha versions of Samba 3.0 and above are *NOT* vulnerable. (* Security fix *) +--------------------------+ Sat Mar 29 14:54:07 PST 2003 patches/packages/mutt-1.4.1i-i386-1.tgz: Upgraded to mutt-1.4.1i. From www.mutt.org: Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These releases both fix a buffer overflow identified by Core Security Technologies. The only differences between 1.4 and 1.4.1 are bug fixes. If you are currently using 1.4, it's probably a very good idea to update. (* Security fix *) patches/packages/sendmail-8.12.9-i386-1.tgz: Upgraded to sendmail-8.12.9. From sendmail's RELEASE_NOTES: 8.12.9/8.12.9 2003/03/29 SECURITY: Fix a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable. Problem found by Michal Zalewski. Note: an MTA that is not patched might be vulnerable to data that it receives from untrusted sources, which includes DNS. (* Security fix *) patches/packages/sendmail-cf-8.12.9-noarch-1.tgz: Updated config files for sendmail-8.12.9. +--------------------------+ Sat Mar 15 13:49:04 PST 2003 patches/packages/samba-2.2.8-i386-1.tgz: Upgraded to Samba 2.2.8. From the Samba web site: * (14th Mar, 2003) Security Release - Samba 2.2.8 A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445. (* Security fix *) +--------------------------+ Mon Mar 3 10:29:01 PST 2003 patches/packages/sendmail-8.12.8-i386-1.tgz: Upgraded to sendmail-8.12.8. From sendmail's RELNOTES: SECURITY: Fix a remote buffer overflow in header parsing by dropping sender and recipient header comments if the comments are too long. Problem noted by Mark Dowd of ISS X-Force. (* Security fix *) patches/packages/sendmail-cf-8.12.8-noarch-1.tgz: Updated config files for sendmail-8.12.8. ---------------------------- Tue Feb 18 20:52:43 PST 2003 patches/packages/php-4.3.1-i386-1.tgz: Upgraded to php-4.3.1 This fixes a serious security vulnerability in CGI SAPI. Most sites don't use this mode of operation, but if you do -- upgrade. (* Security fix *) ---------------------------- Tue Jan 21 13:12:20 PST 2003 patches/packages/cvs-1.11.5-i386-1.tgz: Upgraded to cvs-1.11.5. This release fixes a major security vulnerability in the CVS server by which users with read only access could gain write access. Details should be available at this URL (but don't seem to be yet): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015 (* Security fix *) ---------------------------- Sun Jan 19 11:18:33 PST 2003 patches/packages/dhcp-3.0pl2-i386-1.tgz: Upgraded to dhcp-3.0pl2, which fixes several buffer overflow vulnerabilities, including some which may allow remote attackers to execute arbitrary code on affected systems, though no exploits are known yet. For complete information, please see: http://www.cert.org/advisories/CA-2003-01.html (* Security fix *) ---------------------------- Mon Jan 6 19:31:37 PST 2003 patches/packages/php-4.3.0-i386-3.tgz: Fixed files under /usr/lib/php/ which were accidentally left chmodded 666. ---------------------------- Mon Jan 6 16:27:28 PST 2003 patches/packages/mysql-3.23.54a-i386-1.tgz: Upgraded to mysql-3.23.54a. According to www.mysql.com, this contains some security fixes. (* Security fix *) patches/packages/php-4.3.0-i386-2.tgz: Switched back to --mysql=/usr instead of --mysql=shared (which didn't work). ---------------------------- Sun Jan 5 15:56:56 PST 2003 patches/packages/apache-1.3.27-i386-1.tgz: Upgraded to apache-1.3.27. This fixes a few security problems; please reference CAN-2002-0839, CAN-2002-0840, and CAN-2002-0843 on cve.mitre.org for complete details. (* Security fix *) patches/packages/mod_ssl-2.8.12_1.3.27-i386-1.tgz: Upgraded to mod_ssl-2.8.12-1.3.27. This fixes a potential cross-site scripting bug. (* Security fix *) patches/packages/php-4.3.0-i386-1.tgz: Upgraded to php-4.3.0. patches/packages/yptools-2.8-i386-1.tgz: Upgraded to yp-tools-2.8. This fixes a bug where yppasswd fails to work. Thanks to Dirk van Deun for suggesting the upgrade. ---------------------------- Wed Nov 20 16:51:23 PST 2002 patches/packages/samba-2.2.7-i386-1.tgz: Upgraded to samba-2.2.7. Some details (based on the WHATSNEW.txt file included in samba-2.2.7): This fixes a security hole discovered in versions 2.2.2 through 2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine. The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release. There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attack would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Thanks to Steve Langasek and Eloy Paris for bringing this vulnerability to our notice. (* Security fix *) An unrelated change to the Slackware package is the addition of libsmbclient. Thanks to Marcelo Anton for the suggestion. ---------------------------- Mon Sep 16 13:43:11 PDT 2002 patches/packages/xfree86-4.2.1-i386-2.tgz: Recompiled with 4.2.1-mit-shm-security.patch. This is an update to 4.2.1 that fixes the shm vulnerability for the case where the server is running from xdm. Also fixed a problem with freetype2 where there were two versions of the shared library on the system. (* Security fix *) patches/packages/xfree86-devel-4.2.1-i386-2.tgz: Recompiled with 4.2.1-mit-shm-security.patch. (* Security fix *) ---------------------------- Wed Sep 4 19:20:44 PDT 2002 patches/packages/kernel-modules-2.4.18-i386-5.tgz: Updated XFree86 DRI modules in /lib/modules/2.4.18/kernel/drivers/char/drm/. patches/packages/xfree86-4.2.1-i386-1.tgz: Upgraded to XFree86 4.2.1. patches/packages/xfree86-devel-4.2.1-i386-1.tgz: Upgraded to XFree86 4.2.1. patches/packages/xfree86-docs-4.2.1-i386-1.tgz: Upgraded to XFree86 4.2.1. patches/packages/xfree86-docs-html-4.2.1-i386-1.tgz: Upgraded to XFree86 4.2.1. patches/packages/xfree86-xnest-4.2.1-i386-1.tgz: Upgraded to XFree86 4.2.1. patches/packages/xfree86-xprt-4.2.1-i386-1.tgz: Upgraded to XFree86 4.2.1. patches/packages/xfree86-xvfb-4.2.1-i386-1.tgz: Upgraded to XFree86 4.2.1. These are new XFree86 4.2.1 packages for Slackware 8.1. Note that among the changes are these security patches (from the RELNOTES): 2.1 Security o Fix a zlib bug that may have security implications on some platforms. o MIT-SHM update to not access SHM segments that the client doesn't have sufficient privileges to access. o Fix an Xlib problem that made it possible to load (and execute) arbi- trary code in privileged clients. The first issue (zlib) was already patched in Slackware prior to the release of 8.1, but these other two fixes are new. The Xlib issue in particular can be locally exploited to gain root access through setuid root binaries linked with libX11. Note that there are no changes to the fonts packages (xfree86-fonts-*.tgz), and the xfree86-fonts packages released with Slackware 8.1 should continue to be used. (* Security fix *) ---------------------------- Tue Jul 30 19:45:52 PDT 2002 patches/packages/apache-1.3.26-i386-2.tgz: Upgraded the included libmm to version 1.2.1. Versions of libmm earlier than 1.2.0 contain a tmp file vulnerability which may allow the local Apache user to gain privileges via temporary files or symlinks. For details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658 This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26. (* Security fix *) patches/packages/glibc-2.2.5-i386-3.tgz: Patched to fix a buffer overflow in glibc's DNS resolver functions that look up network addresses. Another workaround for this problem is to edit /etc/nsswtich.conf changing: networks: files dns to: networks: files (* Security fix *) patches/packages/glibc-solibs-2.2.5-i386-3.tgz: Patched to fix a buffer overflow in glibc's DNS resolver functions that look up network addresses. (* Security fix *) patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz: This update fixes an off-by-one error in earlier versions of mod_ssl that may allow local users to execute code as the Apache user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653 (* Security fix *) patches/packages/openssh-3.4p1-i386-2.tgz: Recompiled against openssl-0.9.6e. This update also contains a fix to the installation script to ensure that the sshd privsep user is correctly created. patches/packages/openssl-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e, which fixes 4 potentially remotely exploitable bugs. For details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 (* Security fix *) patches/packages/openssl-solibs-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e, which fixes 4 potentially remotely exploitable bugs. For details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 (* Security fix *) patches/packages/php-4.2.2-i386-1.tgz: Upgraded to php-4.2.2. Earlier versions of PHP 4.2.x contain a security vulnerability, which although not currently considered exploitable on the x86 architecture is probably still a good to patch. For details, see: http://www.cert.org/advisories/CA-2002-21.html (* Security fix *) ---------------------------- Wed Jun 26 12:03:06 PDT 2002 patches/packages/openssh-3.4p1-i386-1.tgz: Upgraded to openssh-3.4p1. This version enables privilege separation by default. The README.privsep file says this about it: Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process. More information is available at: http://www.citi.umich.edu/u/provos/ssh/privsep.html Note that ISS has released an advisory on OpenSSH (OpenSSH Remote Challenge Vulnerability). Slackware is not affected by this issue, as we have never included AUTH_BSD, S/KEY, or PAM. Unless at least one of these options is compiled into sshd, it is not vulnerable. Further note that none of these options are turned on in a default build from source code, so if you have built sshd yourself you should not be vulnerable unless you've enabled one of these options. Regardless, the security provided by privsep is unquestionably better. This time we (Slackware) were lucky, but next time we might not be. Therefore we recommend that all sites running the OpenSSH daemon (sshd, enabled by default in Slackware 8.1) upgrade to this new openssh package. After upgrading the package, restart the daemon like this: /etc/rc.d/rc.sshd restart We would like to thank Theo and the rest of the OpenSSH team for their quick handling of this issue, Niels Provos and Markus Friedl for implementing privsep, and Solar Designer for working out issues with privsep on 2.2 Linux kernels. ---------------------------- Wed Jun 19 07:02:39 PDT 2002 Slackware 8.1.01-stable is released. a/sysvinit-2.84-i386-19.tgz: Added -M to fix quotacheck for reiserfs. d/cvs-1.11.2-i386-2.tgz: Added docs in text format. n/apache-1.3.26-i386-1.tgz: Upgraded to apache-1.3.26. This fixes the issue described in: "CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability" While the impact of this issue is minimal on 32 bit Linux systems, we felt it was important enough to stop the presses and get these fixes in before sending the Slackware 8.1 discs in for replication. (* Security fix *) n/mod_ssl-2.8.9_1.3.26-i386-1.tgz: Upgraded to mod_ssl-2.8.9_1.3.26. rootdisks/rescue.dsk: Added network/pcmcia scripts. ---------------------------- Tue Jun 18 10:47:47 PDT 2002 Slackware 8.1-stable is released! :-) ---------------------------- Sun Jun 16 16:14:16 PDT 2002 ap/quota-3.06-i386-1.tgz: Upgraded to quota-3.06. kdei/: Added koffice-i18n packages. rootdisks/: Merged in more ataraid fixes from Alan Miles. zipslack/: By default, do not load a keyboard map at boot. ---------------------------- Sat Jun 15 21:56:47 PDT 2002 gnome/evolution-1.0.7-i386-1.tgz: Upgraded to evolution-1.0.7. l/lesstif-0.93.34-i386-1.tgz: Upgraded to lesstif-0.93.34. ---------------------------- Sat Jun 15 02:56:43 PDT 2002 kde/kdelibs-3.0.1-i386-2.tgz: Patched KHTML. From the KDE website: "KHTML, the html rendering component of Konqueror, allowed webpages to initialize the file upload box with a filename. This could cause unwanted submit of the file to the remote host." The patch also fixes tags. (* Security fix *) l/libtermcap-1.2.3-i386-2.tgz: Removed extra /etc/termcap that was copying over a better version from the etc package. extra/sgml-tools-1.0.9/sgml-tools-1.0.9-i386-3.tgz: Added XML catalog, XSL stylesheets, DocBook PNG support. ---------------------------- Fri Jun 14 02:05:15 PDT 2002 a/bin-8.3.0-i386-2.tgz: Added fbset (suggested by Nicolas Laplante). a/less-374-i386-2.tgz: Patched lesspipe.sh to view compressed man pages. a/util-linux-2.11r-i386-2.tgz: Edited description to include adjtimex. ap/mysql-3.23.51-i386-1.tgz: Upgraded to mysql-3.23.51. gnome/xscreensaver-4.05_gnome-i386-1.tgz: Upgraded to xscreensaver-4.05. xap/xscreensaver-4.05-i386-1.tgz: Upgraded to xscreensaver-4.05. rootdisks/: Fixed a problem with ataraid devices (reported by Alan Miles). zipslack/: Updated bin, less, and util-linux packages. ---------------------------- Wed Jun 12 20:12:19 PDT 2002 a/aaa_base-8.1.0-i386-3.tgz: Make sure the version number will be ready. a/pkgtools-8.1.1-i386-6.tgz: Fixed a bug using ROOT= with upgradepkg. zipslack/: Updated aaa_base, pkgtools, sysvinit, and util-linux packages. ---------------------------- Wed Jun 12 15:23:14 PDT 2002 a/sysvinit-2.84-i386-18.tgz: Cleaned up hwclock code in rc.S and rc.6. Updated location of Quota mini-HOWTO in rc.M. Removed rc.ibcs2 startup, since iBCS does not work with Linux 2.4.x. a/util-linux-2.11r-i386-2.tgz: Added adjtimex-1.13 to the package. extra/cups-1.1.15-i386-2.tgz: Avoid overwriting existing configuration files in future package upgrades. extra/java2-runtime-environment/j2re-1.4.0_01-i586-1.tgz: Upgraded to version 1.4.0_01 of Sun's Java(TM) 2 Runtime Environment. rootdisks/: Fixed package series selection bug for real this time. (reported by Jurgen Philippaerts again :-) ---------------------------- Tue Jun 11 17:37:58 PDT 2002 a/devs-2.3.1-i386-10.tgz: Added AMI HyperDisk RAID devices. a/pkgtools-8.1.1-i386-5.tgz: Updates in /usr/share/terminfo. kde/kdepim-3.0.1-i386-2.tgz: Rebuilt with pilot-link installed so that kpilot is built. (Suggested by Roger Hay) l/ncurses-5.2-i386-4.tgz: Cured various color-xterm problems with: tic /usr/X11R6/lib/X11/etc/xterm.terminfo Thanks to Andrey V. Panov for the suggestion. xap/imagemagick-5.4.6-i386-1.tgz: Upgraded to ImageMagick-5.4.6. Fixed location of include files (thanks to Brent Cook). rootdisks/: Added ataraid support (thanks to Alan Miles). Fixed package series selection bug (reported by Jurgen Philippaerts). ---------------------------- Mon Jun 10 15:39:55 PDT 2002 Slackware 8.1rc3 is released for testing... it won't be long now. a/devs-2.3.1-i386-9.tgz: Added more IDE devices, and patched MAKEDEV to do the same. Suggested by Greg Roelofs. a/shadow-4.0.3-i386-3.tgz: Patched adduser to reject uppercase in usernames so that you don't have to wait for useradd to reject it at the very end. Thanks to Stuart Winter and "xcp". a/sysvinit-2.84-i386-17.tgz: Edited rc.M to prevent a bogus error message when using a UMSDOS root partition. d/binutils-2.12.90.0.9-i386-1.tgz: Upgraded to binutils-2.12.90.0.9. Added missing /usr/include/libiberty.h. n/lftp-2.5.4-i386-1.tgz: Upgraded to lftp-2.5.4. n/proftpd-1.2.5-i386-1.tgz: Upgraded to proftpd-1.2.5. rootdisks/install.zip: Added a UMSDOS-based installer that might be useful in certain situations, such as installing with extremely low memory. Thanks to Rob McGee who wrote the install.zip.README. rootdisks/network.dsk: Fixed listing of modules with 'L'. Thanks to Erik Jan Tromp for sending in a fix. rootdisks/rescue.dsk: Added a simple one-floppy rescue disk image. zipslack/: The return of ZipSlack. :-) ---------------------------- Sat Jun 8 19:07:24 PDT 2002 a/kernel-modules-2.4.18-i386-4.tgz: Added examples for apm, cs4232, maestro3, and natsemi to /etc/rc.d/rc.modules. a/pcmcia-cs-3.1.33-i386-4.tgz: Changed rc.pcmcia to remove modules more cleanly at shutdown. ap/cdrtools-1.11a24-i386-1.tgz: Upgraded to cdrtools-1.11a24. ap/ksh93-20011031-i386-2.tgz: Fix permissions on /usr/doc directories. ap/vim-6.1-i386-5.tgz: Updated with the latest vim patches. d/perl-5.6.1-i386-3.tgz: Upgraded the included perl modules to DBI-1.25, Digest-MD5-2.20 (this replaces the obsolete MD5 module), TermReadKey-2.20, and libnet-1.12. Also, cleaned up the build process as suggested by Cezary Sliwa. gnome/esound-0.2.27-i386-1.tgz: Upgraded to esound-0.2.27. gnome/galeon-1.2.5-i386-1.tgz: Upgraded to galeon-1.2.5. l/orbit-0.5.17-i386-1.tgz: Upgraded to ORBit-0.5.17. xap/xvim-6.1-i386-5.tgz: Updated with the latest vim patches. extra/xcdroast-0.98alpha10/xcdroast-0.98alpha10-i386-1.tgz: Added xcdroast-0.98alpha10. rootdisks/install.?: Use /dev/scd?, not /dev/sr?. (This was changed in devices.txt on Apr 22). ---------------------------- Thu Jun 6 21:30:12 PDT 2002 gnome/evolution-1.0.5-i386-1.tgz: Correct a typo in install/slack-desc. gnome/gaim-0.58-i386-3.tgz: Also include non-applet version. l/libtiff-3.5.7-i386-2.tgz: Fix a segfault in fax2tiff. (thanks to Aleksej) extra/brltty-2.99.8/brltty-2.99.8-i386-1.tgz: Added brltty-2.99.8. extra/emacspeak-16.0/emacspeak-16.0-i386-1.tgz: Added emacspeak-16.0. extra/emacspeak-ss-1.9.1/emacspeak-ss-1.9.1-i386-1.tgz: Added emacspeak-ss-1.9.1. ---------------------------- Wed Jun 5 22:31:19 PDT 2002 gnome/abiword-1.0.2-i386-1.tgz: Upgraded to abiword-1.0.2. gnome/dia-0.90-i386-1.tgz: Upgraded to dia-0.90. gnome/galeon-1.2.3-i386-3.tgz: Recompiled galeon-1.2.3 against Mozilla 1.0. gnome/gnome-print-0.36-i386-1.tgz: Upgraded to gnome-print-0.36. gnome/gnumeric-1.0.7-i386-1.tgz: Upgraded to gnumeric-1.0.7. n/procmail-3.15.2-i386-1.tgz: Switched to procmail-3.15.2, which is the latest stable procmail. Stuart Winter noticed that the version we were using before segfaults if fed a control-C, which is probably not good as it's setuid. n/yptools-2.7-i386-2.tgz: Fix /etc/rc.d/rc.yp installation. (thanks to Jack S. Lai for reporting the problem and suggesting a fix) xap/mozilla-1.0-i386-1.tgz: Upgraded to mozilla-1.0. :-) bootdisks/xfs.i: Recompiled with smbfs included to prevent an Oops. (reported by Lucio Maciel) extra/aumix-2.7/aumix-2.7-i386-1.tgz: Added aumix-2.7. extra/cups-1.1.15/cups-1.1.15-i386-1.tgz: Upgraded to cups-1.1.15. extra/espgs-7.05.2/espgs-7.05.2_1-i386-1.tgz: Added espgs-7.05.2-1. ESP Ghostscript is a version of GNU Ghostscript with a driver for CUPS. extra/parted-1.6.1/parted-1.6.1-i386-1.tgz: Added GNU parted-1.6.1. pasture/XFree86-3.3.6-servers/xset-3.3.6-i386-2.tgz: Added SuperProbe, which is needed by XF86Setup (reported by Piter Punk). pasture/wu-ftpd-2.6.2/wu-ftpd-2.6.2-i386-1.tgz: Added wu-ftpd-2.6.2. ---------------------------- Tue Jun 4 20:47:09 PDT 2002 a/devs-2.3.1-i386-8.tgz: Added Compaq Next Generation Drive Array devices in /dev/cciss/. a/elflibs-8.1.0-i386-2.tgz: Added /usr/lib/libgcc_s.so.1 from gcc-3.1. a/etc-5.0-noarch-7.tgz: For non-root users, ensure '.' is last in the $PATH. a/pkgtools-8.1.1-i386-4.tgz: Don't create /.xinitrc during the installation. ap/mc-4.5.55-i386-6.tgz: Patched /etc/profile.d/mc.sh to fix a problem when using /bin/ksh (reported by Brad Clarke), and to not use a $HOME/.mc directory if we are su'ed to or from root (thanks to Tomas Szepe for noticing the problems with the original mc.sh script and proposing a solution). ap/tmp/workbone-2.40-i386-2.tgz: Removed empty /usr/doc/WorkBone-2.40 dir. (this was noticed by Luis Peralta) gnome/gaim-0.58-i386-2.tgz: Recompiled with --enable-panel. gnome/galeon-1.2.3-i386-2.tgz: Recompiled against the Mozilla CVS MOZILLA_1_0_RELEASE sources (see below). gnome/xchat-1.8.9-i386-1.tgz: Upgraded to xchat-1.8.9. n/sendmail-8.12.4-i386-1.tgz: Upgraded to sendmail-8.12.4. n/sendmail-cf-8.12.4-i386-1.tgz: Upgraded to config files for sendmail-8.12.4. n/tcpdump-3.7.1-i386-2.tgz: Recompiled with --enable-ipv6. n/wireless-tools-24-i386-1.tgz: Added wireless_tools.24. xap/mozilla-1.0_cvs-i386-1.tgz: Upgraded to the MOZILLA_1_0_RELEASE sources from the Mozilla CVS repository. From the release tag announcement: "The MOZILLA_1_0_RELEASE branch has been cut and while there is some tiny chance that we will need to take further changes, it is highly probable that this is the source we will release as Mozilla 1.0." However, please note: "Mozilla 1.0 has not been released yet. If you look at the user agent or the about: page you'll see a browser that claims to be Mozilla 1.0, but don't be fooled." ---------------------------- Sun Jun 2 21:27:28 PDT 2002 pkgtools-8.1.1-i386-3.tgz: Removed zero-length /bin/ipmask that shouldn't have been there. You might need to reinstall the tcpip package if this broke your ipmask binary. (thanks to Mircea Baciu for the report) ---------------------------- Sun Jun 2 17:14:07 PDT 2002 a/cxxlibs-6.2.1-i386-1.tgz: Added libstdc++.so.4.0.0 from gcc-3.1. a/elflibs-8.1.0-i386-1.tgz: Updated all the shared libraries, and added libpcre and libglib. a/kbd-1.06-i386-4.tgz: Added speakupmap.map.gz and speakup-jfw.map.gz keymaps for Speakup. a/pcmcia-cs-3.1.33-i386-3.tgz: Don't install /sbin/cardctl setuid root. a/pkgtools-8.1.1-i386-2.tgz: Commented out unnecessary bug workaround in makebootdisk. a/syslinux-1.67-i386-1.tgz: Switched to syslinux-1.67. It seems the changes in 1.70+ ("* Major code restructuring.") have made syslinux unstable, so we will use syslinux-1.67 (which seems to work perfectly) for the release. The problem with the newer versions is that kernels around 1145000 bytes will not load, but smaller or larger ones will. In fact, I found that padding the end of a non-booting kernel with a couple K of zeroes works around the bug... maybe something to do with calculating the file size? ap/ash-0.4.0-i386-1.tgz: Upgraded to ash-0.4.0. gnome/gqmpeg-0.16.0-i386-1.tgz: Added gqmpeg-0.16.0. l/libungif-4.1.0b1-i386-3.tgz: Fix docs perms and a world-writable dir. n/dhcpcd-1.3.22pl1-i386-3.tgz: Fix docs perms and a world-writable dir. n/proftpd-1.2.5rc3-i386-1.tgz: Upgraded to proftpd-1.2.5rc3. bootdisks/: Regenerated using syslinux-1.67. Added Speakup bootdisks. (also added the source for Speakup, speakup-1.00.tar.gz, to the source/k/ directory) Some more ham radio upgrades and additions from Arno Verhoeven: extra/ham/logging/tlfmanual-0.5.2-noarch-1.tgz: Added tlfmanual-0.5.2. extra/ham/logging/tlfcwkeyer-0.1-noarch-1.tgz: Added tlfcwkeyer-0.1. extra/ham/logging/tlf-0.5.4-i386-1.tgz: Added tlf-0.5.4. extra/ham/packet/xastir-1.1.2-i386-3.tgz: Upgraded to xastir112-20020530. ---------------------------- Sat Jun 1 15:20:00 PDT 2002 a/aaa_base-8.1.0-i386-2.tgz: Bumped version number to Slackware 8.1-rc2. a/etc-5.0-i386-6.tgz: Fix /etc/inputrc values (should be On/Off not on/off). a/kernel-ide-2.4.18-i386-3.tgz: Recompiled. a/kernel-modules-2.4.18-i386-3.tgz: Recompiled. Patched rc.modules.new for the new joystick modules. a/pkgtools-8.1.1-i386-1.tgz: In xwmconfig, make sure $HOME/.xwmconfig is properly replaced (this was only working for non-root users). Added two options to upgradepkg (inspired by a discussion with Alan Brown): --install-new: Install new packages instead of skipping them. --reinstall: Reinstall already installed versions (the default is now to skip packages if the exact same name-version-arch-build is installed already, which should save a bit of time :-) a/procps-2.0.7-i386-5.tgz: Fixed problems with top on multiprocessor machines. a/syslinux-1.72-i386-1.tgz: Switched back to syslinux-1.72, as the boot floppies made with 1.73 weren't working. a/sysvinit-2.84-i386-16.tgz: Fixed typos in rc.S (reported by Naresh Donti). d/kernel-headers-2.4.18-i386-3.tgz: Updated autoconf.h from the kernel source package. gnome/gnome-games-1.4.0.4-i386-2.tgz: Recompiled against the new guile package. gnome/gnome-utils-1.4.1.2-i386-2.tgz: Recompiled against the new guile package. gnome/gnome-vfs-1.0.5-i386-2.tgz: Don't link libsmb.so with CUPS. gnome/gnumeric-1.0.6-i386-2.tgz: Recompiled --without-guile. gnome/guile-1.4.1-i386-1.tgz: Upgraded to guile-1.4.1. k/kernel-source-2.4.18-noarch-4.tgz: Updated /usr/src/linux/.config to match the new bare.i configuration. kde/kde-i18n-fr-3.0.1-noarch-2.tgz: Rebuilt using the May 24 version of kde-i18n-fr-3.0.1.tar.bz2. kde/kdenetwork-3.0.1-i386-2.tgz: Merged in official patch for the ktalkd hole. Luckily nobody ever uses this anyway... (* Security fix *) n/inn-2.3.3-i386-1.tgz: Upgraded to inn-2.3.3. n/mutt-1.4i-i386-1.tgz: Upgraded to mutt-1.4i. n/openssh-3.2.3p1-i386-1.tgz: Upgraded to openssh-3.2.3p1. Configured using --with-ipv4-default to avoid boot timeouts without a net. n/sendmail-cf-8.12.3-i386-5.tgz: Updated the README.linux file in /usr/share/sendmail (Delian Krustev noticed this was somewhat out of date). n/sendmail-8.12.3-i386-5.tgz: Ship an initial (empty) /etc/mail/access and /etc/mail/access.db -- without these mail won't flow if the SMTP+ACCESS config file is used. Also, chmod several files in /etc/mail as well as /var/run/sendmail.pid to thwart file locking DoS attacks. (* Security fix *) n/tcpip-0.17-i386-13.tgz: Run rc.yp from rc.inet2 instead of starting NIS directly. Don't source rc.firewall -- run it instead. In rc.inet1, reduce the timeout for dhcpcd from 60 seconds to 10. That should be more than enough time to get an IP address from any working DHCP server. Support DHCP hostname in netconfig (suggested by Dennis Bijwaard). n/yptools-2.7-i386-1.tgz: Upgraded to yp-tools-2.7. Upgraded to ypbind-mt-1.12. Upgraded to ypserv-2.4. Added /etc/rc.d/rc.yp init script. x/xfree86-4.2.0-i386-5.tgz: In /etc/X11/xdm/Xsession, start xfce and wmaker by exec'ing their xinitrc files. xap/windowmaker-0.80.0-i386-2.tgz: Valter Ferraz Sanches pointed out that WindowMaker uses /usr/bin/cpp for menu processing unless --no-cpp is used, so xinitrc.wmaker was patched to use that option if /usr/bin/cpp is missing, and was also patched to run wmaker.inst if $HOME/GNUstep is missing. xap/xfce-3.8.16-i386-2.tgz: Patched xinitrc.xfce to install xfce config files in $HOME/.xfce if they aren't already there. ---------------------------- Wed May 29 23:22:15 PDT 2002 a/bin-8.3.0-i386-1.tgz: Upgraded to eject-2.0.12, file-3.37, and tree-1.4b2. a/etc-5.0-i386-5.tgz: Added Eterm to /etc/termcap (thanks to Roland Dobbins). Added missing rpc user/group (thanks to Dominik L. Borkowski). a/gzip-1.3.3-i386-1.tgz: Upgraded to gzip-1.3.3. a/hdparm-5.1-i386-1.tgz: Upgraded to hdparm-5.1. a/jfsutils-1.0.18-i386-1.tgz: Upgraded to jfsutils-1.0.18. (also upgraded JFS kernel to jfs-2.4-1.0.18) a/shadow-4.0.3-i386-2.tgz: Merged in adduser updates from Stuart Winter. a/sysklogd-1.4.1-i386-6.tgz: Start klogd with -x option, which turns off broken Oops decoding. (Reported by Georgi Chorbadzhiyski) a/syslinux-1.73-i386-1.tgz: Upgraded to syslinux-1.73. ap/apsfilter-7.2.2-i386-2.tgz: Patched HP drivers to use the new IJS syntax. (Thanks to Andrey V. Panov for informing me about this) ap/lsof-4.63-i386-1.tgz: Upgraded to lsof-4.63. ap/lvm-1.0.4-i386-1.tgz: Upgraded to lvm-1.0.4. ap/rexima-1.2-i386-1.tgz: Upgraded to rexima-1.2. n/ncftp-3.1.3-i386-1.tgz: Upgraded to ncftp-3.1.3. n/ntp-4.1.1a-i386-1.tgz: Upgraded to ntp-4.1.1a. n/wget-1.8.2-i386-1.tgz: Upgraded to wget-1.8.2. xap/fvwm-2.4.7-i386-1.tgz: Upgraded to fvwm-2.4.7. xap/sane-1.0.8-i386-1.tgz: Upgraded to sane-1.0.8. Moved configuration files to /etc/sane.d/. xap/xlockmore-5.04-i386-1.tgz: Upgraded to xlockmore-5.04. xap/xsane-0.86-i386-1.tgz: Upgraded to xsane-0.86. ---------------------------- Wed May 29 01:41:47 PDT 2002 a/etc-5.0-i386-4.tgz: Removed .less/.lesskey from /etc/skel. Changed permissions on /tmp/.X11-unix/ to 1777. a/fileutils-4.1-i386-2.tgz: Don't link /bin/ln static (we have sln for that). Patched /bin/rm to make insecure use (such as 'rm -r' in /tmp) more secure. a/gettext-0.11.2-i386-1.tgz: Upgraded to GNU gettext-0.11.2. a/gpm-1.19.6-i386-2.tgz: Recompiled using --with-curses. gpm-1.20.0 was tried, but it breaks dialog and seems to have other quirks. a/less-374-i386-1.tgz: Upgraded to less-374. a/pcmcia-cs-3.1.33-i386-2.tgz: Edited rc.pcmcia to probe using yenta_socket if the module is found. a/procps-2.0.7-i386-4.tgz: chown root:bin /sbin/sysctl. a/sysvinit-2.84-i386-15.tgz: Start rc.pcmcia from rc.M rather than rc.S so that cardmgr will come back up when returning from single-user mode. In rc.6, grep for FAIL in /etc/upsstatus, not /etc/powerstatus. Since /sbin/update has been obsolete for some time now, we no longer start it. Run '/etc/rc.d/rc.pcmcia stop' when shutting down or going to single user. ap/diffutils-2.8.1-i386-1.tgz: Upgraded to GNU diffutils-2.8.1. ap/ifhp-3.5.8-i386-1.tgz: Upgraded to ifhp-3.5.8. ap/man-pages-1.48-noarch-1.tgz: Upgraded to man-pages-1.48. ap/mc-4.5.55-i386-5.tgz: Recompiled with --enable-mcserv-install. Added patches from Andrew V. Samoilov to fix --enable-charset. d/bin86-0.16.3-i386-1.tgz: Upgraded to bin86-0.16.3. d/gettext-tools-0.11.2-i386-1.tgz: Upgraded to GNU gettext-0.11.2. d/nasm-0.98.33-i386-1.tgz: Added nasm-0.98.33. gnome/gnome-games-1.4.0.4-i386-1.tgz: Upgraded to gnome-games-1.4.0.4. gnome/gnome-libs-1.4.1.7-i386-1.tgz: Upgraded to gnome-libs-1.4.1.7. gnome/gnome-pim-1.4.6-i386-1.tgz: Upgraded to gnome-pim-1.4.6. gnome/xscreensaver-4.03_gnome-i386-1.tgz: Upgraded to xscreensaver-4.03. l/libxml2-2.4.22-i386-1.tgz: Upgraded to libxml2-2.4.22. l/libxslt-1.0.18-i386-1.tgz: Upgraded to libxslt-1.0.18. l/orbit-0.5.16-i386-1.tgz: Upgraded to ORBit-0.5.16. n/bitchx-1.0c19-i386-1.tgz: Upgraded to BitchX-1.0c19. n/links-0.97-i386-1.tgz: Upgraded to links-0.97. n/nc-1.10-i386-1.tgz: Added nc-1.10. n/nmap-2.54BETA34-i386-1.tgz: Upgraded to nmap-2.54BETA34. n/proftpd-1.2.5rc2-i386-1.tgz: Upgraded to proftpd-1.2.5rc2. n/tcpip-0.17-i386-12.tgz: In netconfig, do not autoprobe arlan (needs an irq= specified to work), com90io, or com90xx (these taint the kernel). Rewrote /etc/rc.d/rc.inet1 to make it easy to set up a second NIC. Removed obsolete netconfig.tty. Patched netconfig to write out the new version of /etc/rc.d/rc.inet1. Added /bin/ipmask utility (this will be removed from pkgtools). xap/imagemagick-5.4.5-i386-1.tgz: Upgraded to imagemagick-5.4.5. xap/xscreensaver-4.03-i386-1.tgz: Upgraded to xscreensaver-4.03. extra/ham/: Added extra ham radio packages from Arno Verhoeven. rootdisks/network.dsk: Removed autoprobe for arlan, com90io, and com90xx. rootdisks/install.?: Don't add HPFS partitions to /etc/fstab, as NTFS also shares these partition IDs, and trying to mount an NTFS partition as HPFS can hang the machine. At this point in time, it might be safer to assume partitions using these IDs are actually NTFS (but it's safer still to make no assumptions). isolinux/README.TXT: Suggest -boot-load-size 32 when mastering the CD with mkisofs to ensure the entire isolinux.bin is loaded, otherwise sometimes it works... sometimes it doesn't. Thanks to Janusz Wolanski for noticing that this needed to be bigger. ---------------------------- Sun May 26 14:48:28 PDT 2002 gnome/galeon-1.2.3-i386-1.tgz: Upgraded to galeon-1.2.3. kde/koffice-1.1.1_kde3-i386-2.tgz: Added koffice-1.1.1_kde3. Oh, and thanks to Greg Roelofs for cleaning up the slackware.com site logo and converting it to PNG. It looks much better! :-) ---------------------------- Sat May 25 12:38:52 PDT 2002 Well folks, we are now at Slackware 8.1-rc1. :-) Please test and report any problems you might find. a/aaa_base-8.1.0-i386-1.tgz: Bumped version number in slackware-version and welcome email. a/lprng-3.8.12-i386-1.tgz: Upgraded to lprng-3.8.12. a/slocate-2.6-i386-3.tgz: Added indexing of type 'auto' filesystems. gnome/eterm-0.9.1-i386-1.tgz: Upgraded to eterm-0.9.1. gnome/galeon-1.2.2-i386-1.tgz: Upgraded to galeon-1.2.2. gnome/gnome-games-1.4.0.3-i386-2.tgz: Fixed to not overwrite existing scores. gnome/gtm-0.4.11-i386-2.tgz: Patched for wget >= 1.8. kde/: Upgraded to KDE-3.0.1. Switched from qt-3.0.4 to qt-copy-3.0.4, which includes several improvements to work better with KDE. Compiled with --disable-debug for better performance. Thanks to Andrey V. Panov for getting me to understand that --enable-debug=no is not the same thing as --disable-debug. kdei/: KDE language support packages upgraded to 3.0.1. l/freetype-1.3.1-i386-2.tgz: Relocated header files from /usr/include/freetype to /usr/include/freetype1/freetype. n/fetchmail-5.9.11-i386-1.tgz: Upgraded to fetchmail-5.9.11 to fix another fetchmail-vulnerable-to-malicious-mail-server hole. My advice: if you don't trust your mail server, don't use fetchmail with it. (and get a new mail server) (* Security fix *) n/tcpip-0.17-i386-11.tgz: Patched netconfig to add a probe for Ethernet cards based on the National Semiconductor DP8381x chipset (natsemi module). Patched ping to handle ping times > 1s correctly (thanks to Jonathan Woithe). Added -broadcast to ypbind example in /etc/rc.inet2. "" xap/mozilla-1.0rc3-i386-1.tgz: Upgraded to mozilla-1.0rc3. xap/xpdf-1.01-i386-1.tgz: Upgraded to xpdf-1.01. extra/iproute2-2.4.7-now-ss020116-try/iproute2-2.4.7_now_ss020116_try-i386-2.tgz Added missing /var/lib/arpd directory. ---------------------------- Mon May 20 21:34:16 PDT 2002 a/devs-2.3.1-i386-7.tgz: Added /dev/parport{0,1,2,3}. n/lftp-2.5.2-i386-1.tgz: Upgraded to lftp-2.5.2. Removed --with-modules from ./configure (this breaks the fish protocol). Thanks to Andrey V. Panov for the bug report. n/php-4.2.1-i386-1.tgz: Upgraded to php-4.2.1. xap/gnuplot-3.7.2-i386-3.tgz: Recompiled using --with-readline, since the gnuplot license isn't GPL compatible. Sorry... extra/iproute2-2.4.7-now-ss020116-try/iproute2-2.4.7_now_ss020116_try-i386-1.tgz Added iproute2-2.4.7-now-ss020116-try. ---------------------------- Sun May 19 22:11:19 PDT 2002 a/devs-2.3.1-i386-6.tgz: Added /dev/ataraid/ devices. a/lilo-22.2-i386-5.tgz: Patched a bug in liloconfig that caused LILO to be installed on /dev/hdc instead of /dev/hda. Thanks to Christian Robert for pointing this out and helping to run some tests. a/pkgtools-8.1.0-i386-1.tgz: Upgraded to dialog-0.9b-20020519. ap/mc-4.5.55-i386-4.tgz: Recompiled without --enable-charsets. n/htdig-3.1.6-i386-2.tgz: Improved config file handling. Fixed file perms in /usr/doc/htdig-3.1.6. n/ntp-4.1.1-i386-2.tgz: Removed obsolete "authenticate" option from ntp.conf. n/ppp-2.4.1-i386-2.tgz: Added support for more devices in pppsetup. n/tcpip-0.17-i386-10.tgz: Removed automatic probe for com20020 in netconfig. xap/mozilla-1.0rc2-i386-1.tgz: Removed Nautilus comment from slack-desc. xap/skipstone-0.8.1-i386-1.tgz: This doesn't work with Mozilla > 0.9.9, and neither does the newest version of the source (won't compile, and the old binary runs but won't accept keyboard input). Really, skipstone seems to be more trouble than it's worth -- when new versions of Mozilla are released I don't want to have to choose between breaking skipstone (by upgrading Mozilla), or dragging my feet on Mozilla and waiting for a new skipstone release that'll work. Package removed, at least for now. extra/gcc-3.1/: Added new gcc-3.1 packages: gcc-3.1-i386-1.tgz, gcc-g++-3.1-i386-1.tgz, gcc-g77-3.1-i386-1.tgz, gcc-java-3.1-i386-1.tgz, gcc-objc-3.1-i386-1.tgz # standard disclaimer follows :-) If you use these (which I don't personally recommend) be aware that all C++ related shared libraries (including anything having to do with Qt and KDE) must be recompiled before you can link with them. I may stick with gcc-2.95.x until the kernel is officially gcc-3 ready. rootdisks/network.dsk: Removed automatic probe for com20020. ---------------------------- Sat May 18 13:48:28 PDT 2002 a/acpid-1.0.1-i386-1.tgz: Added acpid-1.0.1. a/bin-8.2.1-i386-5.tgz: Upgraded to bpe-1.4, indent-2.2.8, lha-114i. a/devfsd-1.3.25-i386-2.tgz: Switched to new config file handling. a/devs-2.3.1-i386-5.tgz: Added /dev/rawctl and /dev/raw/* devices as specified by the Linux Assigned Names And Numbers Authority (LANANA). a/etc-5.0-i386-3.tgz: Added /etc/inputrc and patched /etc/profile and /etc/csh.login to map it to $INPUTRC if there is no $HOME/.inputrc. a/gawk-3.1.1-i386-1.tgz: Upgraded to gawk-3.1.1. a/glibc-solibs-2.2.5-i386-2.tgz: Recompiled against kernel-headers-2.4.18. a/glibc-zoneinfo-2.2.5-i386-2.tgz: Fixed some formatting bugs in timeconfig. a/openssl-solibs-0.9.6d-i386-1.tgz: Upgraded to openssl-0.9.6d. a/procps-2.0.7-i386-3.tgz: Added pkill, pgrep, sysctl, and manpages. a/sysvinit-2.84-i386-14.tgz: Try to run rc.acpid from rc.M. a/util-linux-2.11r-i386-1.tgz: Upgraded to util-linux-2.11r. Added pivot_root, raw, and manpages. ap/mpg321-0.2.10-i386-1.tgz: Upgraded to mpg321-0.2.10. d/binutils-2.12.90.0.7-i386-1.tgz: Upgraded to binutils-2.12.90.0.7. d/kernel-headers-2.4.18-i386-2.tgz: include/linux/autoconf.h was left over from an old build -- this was replaced to match the current bare.i config. gnome/gaim-0.58-i386-1.tgz: Upgraded to gaim-0.58. This fixes some security problems. gnome/galeon-1.2.1-i386-3.tgz: Recompiled with --enable-nautilus-view=no. gnome/nautilus-1.0.6-i386-3.tgz: Recompiled without the Mozilla view, since this crashes with Mozilla > 0.9.9 and will be removed in nautilus-1.0.7 anyway. It's possible to compile Galeon with --enable-nautilus-view=yes to replace this functionality, but I'm leaning towards _not_ doing that since it causes Galeon to link with all the Nautilus libraries. If you feel strongly that Galeon should or should not be compiled with the Nautilus libraries let me know. k/kernel-source-2.4.18-noarch-3.tgz: include/linux/autoconf.h was left over from an old build -- this was replaced to match the current bare.i config. Cleaned compile-time generated files from drivers/net/hamradio/soundmodem. l/glibc-2.2.5-i386-2.tgz: Recompiled against kernel-headers-2.4.18. Link to the sln in util-linux rather than including another copy. n/mailx-8.1.1-i386-2.tgz: Added mail.1.gz -> mailx.1.gz manpage symlink. n/openssh-3.2.2p1-i386-1.tgz: Upgraded to openssh-3.2.2p1. n/openssl-0.9.6d-i386-1.tgz: Upgraded to openssl-0.9.6d. n/sendmail-8.12.3-i386-4.tgz: Fixed access_db in linux.smtp.access.cf. n/sendmail-cf-8.12.3-i386-4.tgz: Fixed access_db in linux.smtp.access.cf. xap/netscape-6.2.3-i686-1.tgz: Upgraded to netscape-6.2.3. isolinux/initrd.img: This can now load pcmcia.dsk and network.dsk directly from the CD-ROM in the rootdisks/ or isolinux/ directories. rootdisks/network.dsk: Fixed to work if the disk image is mounted read-only. ---------------------------- Mon May 13 19:11:26 PDT 2002 a/procps-2.0.7-i386-2.tgz: Fixed AIX format descriptors. ap/bc-1.06-i386-2.tgz: Added readline support. ap/cdrtools-1.11a23-i386-1.tgz: Upgraded to cdrtools-1.11a23. gnome/evolution-1.0.5-i386-1.tgz: Upgraded to evolution-1.0.5. gnome/galeon-1.2.1-i386-2.tgz: Recompiled against mozilla-1.0rc2. n/samba-2.2.4-i386-3.tgz: Added missing /var/cache/samba directory. xap/mozilla-1.0rc2-i386-1.tgz: Upgraded to mozilla-1.0rc2. extra/sdl-1.2.4/sdl-1.2.4-i386-1.tgz: Added SDL-1.2.4. ---------------------------- Wed May 8 23:03:11 PDT 2002 a/devfsd-1.3.25-i386-1.tgz: Upgraded to devfsd-1.3.25. a/etc-5.0-i386-2.tgz: Added smmsp and pop to /etc/shadow. a/jfsutils-1.0.17-i386-1.tgz: Upgraded to jfsutils-1.0.17. a/lilo-22.2-i386-4.tgz: Added support for append="" to the simple LILO setup menu. a/kernel-ide-2.4.18-i386-2.tgz: Rebuilt with kmod (really :-) and without devfs (which is still considered experimental, and was changing the /proc/partitions output in a way that was complicating a lot of things). a/kernel-modules-2.4.18-i386-2.tgz: Rebuilt without devfs, and commented out most of /etc/rc.d/rc.modules. a/kernel-scsi-2.4.18-i386-2.tgz: Removed. Only the vanilla bare.i kernel will be packaged as kernel-ide-*-*.tgz. Other kernels will have to be installed from the CD-ROM or a bootdisk. a/modutils-2.4.16-i386-1.tgz: Upgraded to modutils-2.4.16. Added /etc/cron.hourly/kmod to autoclean unused kernel modules. a/reiserfsprogs-3.x.1b-i386-1.tgz: Upgraded to reiserfsprogs-3.x.1b. a/syslinux-1.72-i386-1.tgz: Upgraded to syslinux-1.72. a/sysvinit-2.84-i386-13.tgz: It looks like rc.modules has to come after setting the clock in rc.S. Otherwise, depmod may stamp the wrong time on modules.dep and other files, which can lead to false warnings that modules.dep is too old every time a module utility is used. Changed the serial line examples in /etc/inittab to use -L (local, no carrier), 9600 baud 8N1. (suggested by Cameron Kerr) a/xfsprogs-2.0.3-i386-1.tgz: Upgraded to xfsprogs-2.0.3. f/linux-faqs-20020507-noarch-1.tgz: Linux FAQs updated. f/linux-howtos-20020507-noarch-1.tgz: Linux HOWTOs updated. f/linux-mini-howtos-20020507-noarch-1.tgz: Linux mini HOWTOs updated. gnome/abiword-1.0.1-i386-1.tgz: Upgraded to abiword-1.0.1. gnome/esound-0.2.26-i386-1.tgz: Upgraded to esound-0.2.26. k/kernel-source-2.4.18-noarch-2.tgz: Changed package arch to 'noarch'. Updated /usr/src/linux/.config to match the new bare.i configuration. kde/qt-3.0.4-i386-1.tgz: Upgraded to qt-3.0.4. n/bind-9.2.1-i386-1.tgz: Upgraded to bind-9.2.1. n/dhcp-3.0pl1-i386-1.tgz: Upgraded to dhcp-3.0pl1. This fixes a remote security hole, so if you run dhcpd (this is NOT run by default), then you'll want to upgrade this right away. (* Security fix *) n/tcpip-0.17-i386-9.tgz: In rc.inet2, look for a user-supplied /etc/rc.d/rc.firewall before enabling packet forwarding. bootdisks/: New bootdisks. kernels/: Added some new kernels and rebuilt all the others (+kmod -devfs). rootdisks/: New rootdisks. (syslinux and other updates/fixes) isolinux/: Use the kernels in the kernels/ directory. Burn the isolinux and kernels directories closer to the beginning of the disc using -sort (see isolinux/README.TXT). ---------------------------- Mon May 6 00:26:51 PDT 2002 a/elflibs-8.0.8-i386-2.tgz: Added libpng.so.3. a/pkgtools-8.0.99-i386-1.tgz: Modified installpkg to deal with packages created with newer versions of tar that store files as './foo' and './bar' rather than 'foo' and 'bar', so that removepkg/upgradepkg can match files properly. Of course, such problems are completely avoidable by using makepkg rather than tar or a tool that produces out-of-spec packages, but I realize people will do this anyway so I'll fix it before it's a problem. :-) ap/ghostscript-7.05-i386-1.tgz: Upgraded to ghostscript-7.05. ap/gimp-print-4.2.1-i386-1.tgz: Unbundled from the ghostscript package since this now uses the IJS interface and Ghostscript no longer links with libgimpprint. Upgraded to gimp-print-4.2.1. ap/hpijs-1.1-i386-1.tgz: Upgraded to hpijs-1.1. gnome/bonobo-1.0.20-i386-1.tgz: Upgraded to bonobo-1.0.20. gnome/esound-0.2.25-i386-1.tgz: Upgraded to esound-0.2.25. gnome/gal-0.19.2-i386-1.tgz: Upgraded to gal-0.19.2. gnome/gdm-2.2.5.5-i386-2.tgz: Added xfce session type. gnome/gedit-0.9.7-i386-1.tgz: Upgraded to gedit-0.9.7. gnome/gnome-core-1.4.0.8-i386-1.tgz: Upgraded to gnome-core-1.4.0.8. gnome/gnome-libs-1.4.1.6-i386-1.tgz: Upgraded to gnome-libs-1.4.1.6. gnome/guppi-0.40.3-i386-1.tgz: Added guppi-0.40.3. This supplies a plugin to support graphing in gnumeric. gnome/oaf-0.6.10-i386-1.tgz: Upgraded to oaf-0.6.10. gnome/pan-0.11.3-i386-1.tgz: Upgraded to pan-0.11.3. gnome/xchat-1.8.8-i386-2.tgz: Recompiled without MMX and debugging. kde/kdebase-3.0-i386-2.tgz: Added xfce session type for kdm. l/gdk-pixbuf-0.17.0-i386-1.tgz: Upgraded to gdk-pixbuf-0.17.0. l/libxml2-2.4.21-i386-1.tgz: Upgraded to libxml2-2.4.21. l/libxslt-1.0.17-i386-1.tgz: Upgraded to libxslt-1.0.17. n/php-4.2.0-i386-1.tgz: Upgraded to php-4.2.0. Here's a note from the NEWS file: ATTENTION!! register_globals defaults to 'off' now !!! n/rsync-2.5.5-i386-1.tgz: Upgraded to rsync-2.5.5. n/samba-2.2.4-i386-2.tgz: Recompiled without CUPS support since we do not want to require libcups.so. n/sendmail-8.12.3-i386-3.tgz: Added editmap program and manpage. Added a new sample sendmail.cf with /etc/mail/access support. n/sendmail-cf-8.12.3-i386-3.tgz: Added a new sample sendmail.cf with /etc/mail/access support. x/xfree86-4.2.0-i386-4.tgz: Added xfce to /etc/X11/xdm/Xsession. extra/blackbox-0.62.1/blackbox-0.62.1-i386-1.tgz: Added blackbox-0.62.1. extra/cups-1.1.14/cups-1.1.14-i386-2.tgz: Recompiled against libpng.so.3. extra/isdn4k-utils/isdn4k-utils-CVS-2002-05-05.tar.gz: Added isdn4k-utils source package. pasture/libglut-3.7/libglut-3.7-i386-1.tgz: Some games still need this. ---------------------------- Sat May 4 22:42:01 PDT 2002 a/sysklogd-1.4.1-i386-5.tgz: Cleaned up /etc/syslog.conf to avoid duplicated lines. Thanks to Michiel Broek for reporting the problem. a/sysvinit-2.84-i386-12.tgz: Switched to better config file handling on /etc/inittab. Note that upgrading to this version of the package will still replace an existing /etc/inittab, but this will be the last time. :-) Add a short delay after running rc.pcmcia to allow network cards to initialize before rc.inet1 is run. (Also suggested by Michiel Broek) a/util-linux-2.11q-i386-1.tgz: Upgraded to util-linux-2.11q. ap/lvm-1.0.3-i386-2.tgz: Rebuilt without debugging support. d/gdb-5.2-i386-1.tgz: Upgraded to gdb-5.2. n/dhcpcd-1.3.22pl1-i386-2.tgz: Patched the configure script to stop forcing -march=i686, which was causing dhcpcd to fail on older machines. n/samba-2.2.4-i386-1.tgz: Upgraded to samba-2.2.4. n/yptools-2.6-i386-5.tgz: Rewrote the installation script to handle the config files better. ---------------------------- Wed May 1 10:49:10 PDT 2002 ap/vim-6.1-i386-4.tgz: Fixed perms on /usr/share/vim/vim61/. (and, found the bug in my build script that was causing that! ;-) xap/xvim-6.1-i386-4.tgz: Fixed perms on /usr/share/vim/vim61/. ---------------------------- Wed May 1 01:13:20 PDT 2002 a/devs-2.3.1-i386-4.tgz: Added device files for Mylex and Compaq RAID controllers. a/floppy-5.4-i386-3.tgz: Recompiled with fdutils-5.4-20020222.diff.gz. a/shadow-4.0.3-i386-1.tgz: Upgraded to shadow-4.0.3. a/sysklogd-1.4.1-i386-4.tgz: Added /etc/rc.d/rc.syslog. a/sysvinit-2.84-i386-11.tgz: In rc.M, start syslogd/klogd using rc.syslog; start sendmail using rc.sendmail; if rc.cups is found, start CUPS instead of lpd. LVM fixes in rc.S and rc.6 (lvtab -> lvmtab, mount /proc before scan). Remove directories in addition to files from /var/log/setup/tmp. Move hwclock section after rc.modules in rc.S (fixes a problem with using a modularized real time clock). ap/vim-6.1-i386-3.tgz: Added vim-6.1-lang language support. Reduced from "huge" to "big". Applied the latest patches from ftp.vim.org. Thanks to Adrien Beau for pointing me at the vim-6.1-lang package. :-) gnome/rep-gtk-0.15-i386-2.tgz: Fixed ownership of files under /usr/doc/. l/glibc-i18n-2.2.5-i386-1.tgz: Fixed a typo in the slack-desc file. l/t1lib-1.3.1-i386-1.tgz: Added t1lib-1.3.1. n/epic4-1.0.1-i386-2.tgz: Fixed ownership of files under /usr/doc/. n/nmap-2.54BETA33-i386-1.tgz: Upgraded to nmap-2.54BETA33. n/popa3d-0.5.1-i386-1.tgz: Upgraded to popa3d-0.5.1. n/sendmail-8.12.3-i386-2.tgz: Fixed the install script to be sure there's an /etc/mail/aliases.db. Added /etc/rc.d/rc.sendmail. n/sendmail-cf-8.12.3-i386-2.tgz: Rebuilt. n/tcpip-0.17-i386-8.tgz: In rc.inet2, use rc.syslog to start syslogd/klogd. n/yptools-2.6-i386-4.tgz: Upgraded to ypbind-mt-1.11. Fixed two manpages that weren't compressed but ended in '.gz'. xap/gnuplot-3.7.2-i386-2.tgz: Recompiled with readline (--with-readline=gnu). xap/xfce-3.8.16-i386-1.tgz: Upgraded to xfce-3.8.16. xap/xvim-6.1-i386-3.tgz: Added vim-6.1-lang language support. Reduced from "huge" to "big". Applied the latest patches from ftp.vim.org. xap/xpdf-1.00-i386-3.tgz: Recompiled against t1lib and freetype2. ---------------------------- Thu Apr 25 12:00:50 PDT 2002 ap/sudo-1.6.6-i386-1.tgz: Upgraded to sudo-1.6.6. This version of sudo fixes a security problem whereby a local user may gain root access through corruption of the heap (Off-By-Five). This issue was discovered by Global InterSec LLC, and more information may be found on their web site: http://www.globalintersec.com/adv/sudo-2002041701.txt The discussion on the site indicates that this problem may only be exploitable on systems that use PAM, which Slackware does not use. However, in the absence of proof, it still seems prudent to upgrade sudo immediately. (* Security fix *) ---------------------------- Wed Apr 24 21:04:25 PDT 2002 a/pkgtools-8.0.8-i386-5.tgz: Fixed xfree86setup text formatting. gnome/abiword-1.0.0-i386-1.tgz: Upgraded to abiword-1.0.0. gnome/galeon-1.2.1-i386-1.tgz: Upgraded to galeon-1.2.1. gnome/gnumeric-1.0.6-i386-1.tgz: Upgraded to gnumeric-1.0.6. xap/mozilla-1.0rc1-i386-1.tgz: Upgraded to mozilla-1.0rc1. xap/windowmaker-0.80.0-i386-1.tgz: This really didn't belong in /gnome. ---------------------------- Thu Apr 18 18:20:19 PDT 2002 d/cvs-1.11.2-i386-1.tgz: Upgraded to cvs-1.11.2. ---------------------------- Tue Apr 16 21:28:07 PDT 2002 a/loadlin-1.6c-i386-1.tgz: Upgraded to loadlin-1.6c. (Thanks Hans!) ap/mc-4.5.55-i386-3.tgz: Recompiled with different options that should get rid of most of the reported problems. Thanks to Georgi Chorbadzhiyski for helping out with this. xap/skipstone-0.8.1-i386-1.tgz: Added skipstone-0.8.1. extra/java2-runtime-environment/j2re-1.4.0-i486-1.tgz: Added a symlink /usr/bin/ls -> /bin/ls, needed by the ControlPanel script. ---------------------------- Mon Apr 15 23:47:55 PDT 2002 a/dcron-2.3.3-i386-4.tgz: Modified root's crontab to run package cron scripts in /etc/cron.{daily,hourly,monthly,weekly} with the run-parts script that was added to the bin package yesterday. (these cron directories are required by the LSB) Note that upgrading the dcron package will not replace root's crontab unless it is deleted manually first. a/devs-2.3.1-i386-3.tgz: Updated /dev/fb* devices to use the new numbering standard. a/logrotate-3.6.3-i386-1.tgz: Upgraded to logrotate-3.6.3. Added a daily cron script in /etc/cron.daily instead of running logrotate directly from root's crontab. a/shadow-19990827-i386-6.tgz: Fixed config file replacement script. a/slocate-2.6-i386-2.tgz: Added an slocate cron script in /etc/cron.daily. ap/vim-6.1-i386-2.tgz: Recompile with --with-features=huge. Thanks again to Naresh Donti for the tip. Since we were recompiling anyway, the latest patches from ftp.vim.org were also applied. kde/qt-3.0.3-i386-2.tgz: Corrected a couple of minor bugs in the /etc/profile.d/ scripts. When using qt.sh, ':' should not be added to the end of $CPLUS_INCLUDE_PATH. Use QTDIR=/usr/lib/qt-3.0.3 if found, otherwise fall back to QTDIR=/usr/lib/qt. This prevents some runtime warnings. n/lftp-2.5.0a-i386-2.tgz: Recompiled adding --with-modules. n/lynx-2.8.4-i386-2.tgz: Recompiled adding --with-ssl --enable-color-style --enable-prettysrc --enable-source-cache --enable-nsl-fork Thanks to Frédéric L. W. Meunier for the lftp and lynx suggestions. xap/xvim-6.1-i386-2.tgz: Recompiled with latest patches and --with-features=huge. extra/java2-runtime-environment/j2re-1.4.0-i486-1.tgz: Added a package containing Sun's Java(TM) 2 Runtime Environment. ---------------------------- Sun Apr 14 21:29:14 PDT 2002 a/bin-8.2.1-i386-4.tgz: Added run-parts script and manpage. Upgraded to GNU indent-2.2.7. Upgraded to GNU which-2.13. Fixed permissions on splitvt docs. ap/mc-4.5.55-i386-2.tgz: Recompiled with large file support. gnome/nautilus-1.0.6-i386-2.tgz: Added a patch that prevents spawning around 50 zombie shell processes when 'help' is used. This is caused by nautilus trying to use a feature that will be present in a future scrollkeeper version, but that isn't there yet. Thanks to Naresh Donti for the bug report. extra/rp-pppoe-3.3/rp-pppoe-3.3-i386-1.tgz: Added rp-pppoe-3.3. ---------------------------- Sat Apr 13 20:16:42 PDT 2002 a/shadow-19990827-i386-5.tgz: Added /var/log/faillog. Fixed install script to not overwrite existing login.access or login.defs. l/readline-4.2a-i386-2.tgz: Remove extra '.old' copies of the shared libraries. ---------------------------- Fri Apr 12 02:01:53 PDT 2002 We'll call this Slackware 8.1-beta2. :-) a/pkgtools-8.0.8-i386-4.tgz: Fixed GNOME selection in xwmconfig. d/gdb-5.1.1-i386-3.tgz: Fix ownership of /usr/doc/gdb-5.1.1/README.gdbserver. d/python-2.2.1-i386-1.tgz: Upgraded to python-2.2.1. Hey folks, here is the long awaited update to GNOME. I think you'll find it was worth the wait while these were tweaked (and retweaked :) to get everything just exactly perfect. This GNOME build is based on stable GNOME 1.4.1, and nearly every package has been recently updated. There are also several new packages that have not appeared in Slackware before, such as Evolution. gnome/abiword-0.99.3-i386-1.tgz: Added abiword-0.99.3. gnome/bonobo-1.0.19-i386-1.tgz: Added bonobo-1.0.19. gnome/bonobo-conf-0.14-i386-1.tgz: Added bonobo-conf-0.14. gnome/bug-buddy-2.0.8-i386-1.tgz: Added bug-buddy-2.0.8. gnome/control-center-1.4.0.5-i386-1.tgz: Added control-center-1.4.0.5. gnome/dia-0.88.1-i386-1.tgz: Added dia-0.88.1. gnome/enlightenment-0.16.5-i386-1.tgz: Added enlightenment-0.16.5. gnome/eog-0.6-i386-1.tgz: Added eog-0.6. gnome/esound-0.2.24-i386-1.tgz: Added esound-0.2.24. gnome/eterm-0.8.10-i386-1.tgz: Added eterm-0.8.10. gnome/evolution-1.0.3-i386-1.tgz: Added evolution-1.0.3. gnome/fnlib-0.5-i386-1.tgz: Added fnlib-0.5. gnome/gaim-0.55-i386-1.tgz: Added gaim-0.55. gnome/gal-0.19.1-i386-1.tgz: Added gal-0.19.1. gnome/galeon-1.2.0-i386-1.tgz: Added galeon-1.2.0. gnome/gconf-1.0.9-i386-1.tgz: Added gconf-1.0.9. gnome/gdm-2.2.5.5-i386-1.tgz: Added gdm-2.2.5.5. gnome/gedit-0.9.6-i386-1.tgz: Added gedit-0.9.6. gnome/gftp-2.0.11-i386-1.tgz: Added gftp-2.0.11. gnome/ggv-1.0.2-i386-1.tgz: Added ggv-1.0.2. gnome/ghex-1.2.1-i386-1.tgz: Added ghex-1.2.1. gnome/glade-0.6.4-i386-1.tgz: Added glade-0.6.4. gnome/gnet-1.1.2-i386-1.tgz: Added gnet-1.1.2. gnome/gnome-admin-1.0.3-i386-1.tgz: Added gnome-admin-1.0.3. gnome/gnome-applets-1.4.0.5-i386-1.tgz: Added gnome-applets-1.4.0.5. gnome/gnome-audio-1.4.0-noarch-1.tgz: Added gnome-audio-1.4.0. gnome/gnome-core-1.4.0.6-i386-1.tgz: Added gnome-core-1.4.0.6. gnome/gnome-games-1.4.0.3-i386-1.tgz: Added gnome-games-1.4.0.3. gnome/gnome-libs-1.4.1.4-i386-1.tgz: Added gnome-libs-1.4.1.4. gnome/gnome-media-1.2.3-i386-1.tgz: Added gnome-media-1.2.3. gnome/gnome-mime-data-1.0.1-i386-1.tgz: Added gnome-mime-data-1.0.1. gnome/gnome-network-1.0.2-i386-1.tgz: Added gnome-network-1.0.2. gnome/gnome-objc-1.0.40-i386-1.tgz: Added gnome-objc-1.0.40. gnome/gnome-pilot-0.1.64-i386-1.tgz: Added gnome-pilot-0.1.64. gnome/gnome-pim-1.4.4-i386-1.tgz: Added gnome-pim-1.4.4. gnome/gnome-print-0.35-i386-1.tgz: Added gnome-print-0.35. gnome/gnome-python-1.4.2-i386-1.tgz: Added gnome-python-1.4.2. gnome/gnome-user-docs-1.4.1.1-noarch-1.tgz: Added gnome-user-docs-1.4.1.1. gnome/gnome-utils-1.4.1.2-i386-1.tgz: Added gnome-utils-1.4.1.2. gnome/gnome-vfs-1.0.5-i386-1.tgz: Added gnome-vfs-1.0.5. gnome/gnomeicu-0.98.2-i386-1.tgz: Added gnomeicu-0.98.2. gnome/gnomemm-1.2.2-i386-1.tgz: Added gnomemm-1.2.2. gnome/gnotepad+-1.3.3-i386-1.tgz: Added gnotepad+-1.3.3. gnome/gnumeric-1.0.5-i386-1.tgz: Added gnumeric-1.0.5. gnome/gqview-1.0.2-i386-1.tgz: Added gqview-1.0.2. gnome/gtk-engines-0.12-i386-1.tgz: Added gtk-engines-0.12. gnome/gtkhtml-1.0.2-i386-1.tgz: Added gtkhtml-1.0.2. gnome/gtkmm-1.2.8-i386-1.tgz: Added gtkmm-1.2.8. gnome/gtm-0.4.11-i386-1.tgz: Added gtm-0.4.11. gnome/gtop-1.0.13-i386-1.tgz: Added gtop-1.0.13. gnome/guile-1.5.6-i386-1.tgz: Added guile-1.5.6. gnome/imlib-1.9.14-i386-1.tgz: Added imlib-1.9.14. gnome/libghttp-1.0.9-i386-1.tgz: Added libghttp-1.0.9. gnome/libglade-0.17-i386-1.tgz: Added libglade-0.17. gnome/libgtop-1.0.13-i386-1.tgz: Added libgtop-1.0.13. gnome/libole2-0.2.4-i386-1.tgz: Added libole2-0.2.4. gnome/librep-0.15.2-i386-1.tgz: Added librep-0.15.2. gnome/libsigc++-1.0.4-i386-1.tgz: Added libsigc++-1.0.4. gnome/libunicode-0.4-i386-1.tgz: Added libunicode-0.4. gnome/nautilus-1.0.6-i386-1.tgz: Added nautilus-1.0.6. gnome/oaf-0.6.8-i386-1.tgz: Added oaf-0.6.8. gnome/pan-0.11.2.91-i386-1.tgz: Added pan-0.11.2.91. gnome/panelmm-0.3.1-i386-1.tgz: Added panelmm-0.3.1. gnome/pilot-link-0.9.5-i386-1.tgz: Added pilot-link-0.9.5. gnome/pkgconfig-0.12.0-i386-1.tgz: Added pkgconfig-0.12.0. gnome/rep-gtk-0.15-i386-1.tgz: Added rep-gtk-0.15. gnome/sawfish-1.0.1-i386-1.tgz: Added sawfish-1.0.1. gnome/scrollkeeper-0.2-i386-1.tgz: Added scrollkeeper-0.2. gnome/sodipodi-0.24.1-i386-1.tgz: Added sodipodi-0.24.1. gnome/windowmaker-0.80.0-i386-1.tgz: Added windowmaker-0.80.0. gnome/xalf-0.12-i386-1.tgz: Added xalf-0.12. gnome/xchat-1.8.8-i386-1.tgz: Added xchat-1.8.8. gnome/xscreensaver-4.02_gnome-i386-1.tgz: Added xscreensaver-4.02 compiled for GNOME. n/iptables-1.2.6a-i386-1.tgz: Upgraded to iptables-1.2.6a. n/mutt-1.2.5.1-i386-3.tgz: Patched mutt to look in the correct directory for charmaps (/usr/share/i18n/charmaps). Note that mutt still does not understand compressed charmaps, which are now default with glibc. Until this can be addressed, if you need to use charmaps with mutt, you'll need to go into /usr/share/i18n/charmaps and uncompress them. Thanks to Cezary Sliwa for pointing out this problem. ---------------------------- Thu Apr 11 01:47:23 PDT 2002 pasture/XFree86-3.3.6-servers/xwrapper-3.3.6-i386-1.tgz: Added setuid Xwrapper program to allow non-root users to run XFree86 3.3.6 servers without requiring them to be made setuid root. Thanks to Harka Steinhart for reminding me that this was required. a/bin-8.2.1-i386-3.tgz: Patched /bin/ed to create tmp files more safely. a/genpower-1.0.1-i386-1.tgz: Added genpower-1.0.1 (replaces powerd). a/getty-ps-2.0.7j-i386-3.tgz: Moved inittab example to the examples directory. a/shadow-19990827-i386-4.tgz: Fixed a bug in adduser that caused it to always use the next available UID no matter what UID was entered. a/sysvinit-2.84-i386-10.tgz: Added support for LVM in rc.S and rc.6. Removed powerd and rewrote the scripts to use genpowerd instead. Don't try to run crond or atd if they aren't installed on the system. Rather than replacing existing scripts in /etc/rc.d/, leave .new ones behind. Fix rc.S so that the -f and -F options to /sbin/shutdown work properly. Restart /sbin/init after installing the new binary, so that the system can unmount its drives at the next shutdown/reboot. In rc.6, unmount remote volumes before killing processes. Fixes a problem when using SMB volumes with PCMCIA network cards. (thanks Nathan England) In rc.6, clear /var/lock/subsys. (thanks Jeff Adams) Change gdm path in rc.4 to /usr/bin/gdm. ---------------------------- Wed Apr 10 14:34:08 PDT 2002 ap/hpijs-1.0.4-i386-1.tgz: Upgraded to hpijs-1.0.4. l/gdk-pixbuf-0.16.0-i386-1.tgz: Added gdk-pixbuf-0.16.0, needed by xfce. Touched a few packages that were not mirroring out properly. ---------------------------- Wed Apr 10 01:00:21 PDT 2002 Added "install-packages" scripts in the package directories. a/lilo-22.2-i386-3.tgz: If XFS is detected, make MBR installation the default menu choice. a/pkgtools-8.0.8-i386-3.tgz: Fix bug which caused leftover files in /var/log/setup/tmp when a package was skipped while using -infobox. Return an error code from upgradepkg if the last (or only) package it tried to upgrade was not installed. Add xfce detection to xwmconfig, and remember previous selection. a/sysklogd-1.4.1-i386-3.tgz: Fixed missing /var/log/syslog err/warn logging in /etc/syslog.conf. Add rotation for /var/log/syslog. ap/rexima-1.1-i386-1.tgz: Added rexima-1.1. xap/fvwm-2.4.6-i386-4.tgz: Don't create an xinitrc symlink. xap/fvwm95-2.0.43ba-i386-2.tgz: Don't create an xinitrc symlink. xap/xfce-3.8.14c-i386-1.tgz: Added xfce-3.8.14c. Do you find GNOME and KDE to be too slow on your machine? Then try xfce, "The Cholesterol Free Desktop Environment". This has been added to fill the need for a complete but lightweight and _fast_ desktop environment. ---------------------------- Tue Apr 9 01:09:48 PDT 2002 a/dcron-2.3.3-i386-3.tgz: Patched to report correct version. n/sendmail-8.12.3-i386-1.tgz: Upgraded to sendmail-8.12.3. n/sendmail-cf-8.12.3-i386-1.tgz: Upgraded to sendmail-8.12.3. ---------------------------- Sun Apr 7 18:15:16 PDT 2002 a/aaa_base-8.0.8-i386-4.tgz: Moved /etc/slackware-version to here. a/dcron-2.3.3-i386-2.tgz: Added logrotate to root's crontab. Added updatedb (slocate) to root's crontab. Removed nobody's crontab, which used to run GNU findutils updatedb. a/etc-5.0-i386-1.tgz: Removed obsolete "filesize" script. Added slocate group. a/findutils-4.1.7-i386-1.tgz: Upgraded to findutils-4.1.7. Removed deprecated locate and updatedb programs -- the new versions are in the slocate package. a/glibc-zoneinfo-2.2.5-i386-1.tgz: Fixed timeconfig to work better on vt100 terminals. Since it's a minor change, and this _is_ -current, I didn't update the build number. a/grep-2.5-i386-2.tgz: Compile against the static libpcre.a, since we don't want to have to move that into the A series, and it doesn't make grep much larger. a/lprng-3.8.5-i386-2.tgz: Better config file handling in the install script. a/logrotate-3.6.2-i386-1.tgz: Added by popular demand. ;-) a/pciutils-2.1.10-i386-1.tgz: Upgraded to pciutils-2.1.10 and the latest version of pci.ids. a/pkgtools-8.0.8-i386-2.tgz: Fixed some spelling errors in installpkg and pkgtool. Also fixed many several other spelling mistakes in the installer and package descriptions. Thanks to Jason Byrne for kicking me into editor mode. :-) Removed /etc/slackware-version. Eliminated use of obsolete filesize script in makepkg. a/shadow-19990827-i386-3.tgz: Don't create (obsolete) /var/log/sulog. a/slocate-2.6-i386-1.tgz: Added slocate-2.6. a/sysklogd-1.4.1-i386-2.tgz: Provide a more complete syslog.conf. Add /etc/logrotate.d/syslog. ap/mysql-3.23.49-i386-2.tgz: Recompiled with better optimization. l/gdbm-1.8.0-i386-2.tgz: Fixed '/usr/local' bug in libgdbm.la. l/glibc-2.2.5-i386-1.tgz: Fixed timeconfig script for vt100 terminals. n/php-4.1.2-i386-4.tgz: Added IMAP/SSL support. Thanks to Miha Verlic for suggesting the mysql and php changes. xap/fvwm-2.4.6-i386-3.tgz: Added back a bunch of icons that fvwm doesn't include in recent versions. Thanks to Artur Kedzierski for noticing this. ---------------------------- Fri Apr 5 22:54:17 PST 2002 rootdisks/install.?: Use /dev/sr?, not /dev/scd? which is deprecated. Support a new series KDEI for the kde-i18n packages. extra/openmotif-2.2.1/openmotif-2.2.1-i386-1.tgz: Added openmotif-2.2.1. extra/sgml-tools-1.0.9-i386-2.tgz: Fixed missing libostyle. a/gettext-0.11-i386-2.tgz: Recompiled. a/grep-2.5-i386-1.tgz: Upgraded to GNU grep-2.5. a/lilo-22.2-i386-2.tgz: Add a warning against installing LILO on the superblock of an XFS partition. a/pkgtools-8.0.8-i386-1.tgz: Enhanced upgradepkg to handle a sloppy package database -- if multiple packages match the old package name, remove all of them instead of a random one. Made xwmconfig a menu rather than a radiolist. ap/texinfo-4.2-i386-1.tgz: Upgraded to GNU texinfo-4.2. d/autoconf-2.53-i386-1.tgz: Upgraded to GNU autoconf-2.53. (I'm holding off on automake-1.6 until the impact of the renaming of /usr/share/aclocal can be assessed. Really, I'm mostly hoping they change their minds, since it really screws things up for packages that want to install an .m4 file in there to have /usr/share/aclocal-1.6. When automake-1.7 comes out I don't want to be rerolling dozens of packages just to move the .m4 files into /usr/share/aclocal-1.7.) d/bison-1.35-i386-1.tgz: Upgraded to GNU bison-1.35. d/gdb-5.1.1-i386-2.tgz: Added gdbserver and docs. d/gettext-tools-0.11-i386-2.tgz: Fixed libgettextlib.la to indicate that the library is installed. kde/: Upgraded to KDE-3.0. (Thanks KDE team for the great work! :-) kdei/: New series for the KDE language support packages. l/audiofile-0.2.3-i386-2.tgz: Moved here from ../kde. Even though KDE 3.0rc3 uses aRts, it seems audiofile is still required, and things outside of KDE will require it in the future. l/freetype-1.3.1-i386-1.tgz: Split out of the xfree86 packages. Moved into /usr instead of /usr/X11R6, which seems to help prevent programs from including the wrong header files (freetype2, which is bundled with XFree86, puts its header files under /usr/X11R6/include). l/libungif-4.1.0b1-i386-2.tgz: Fixed libungif.la to indicate that the library is installed. l/libxml2-2.4.19-i386-1.tgz: Upgraded to libxml2-2.4.19. n/bind-9.2.0-i386-2.tgz: Added missing rndc-confgen, and patched the install script to run it at install time with the -a option. n/links-0.97pre9-i386-1.tgz: Upgraded to links-0.97pre9. n/lftp-2.5.0a-i386-1.tgz: Added lftp-2.5.0a. n/pidentd-3.0.12-i386-1.tgz: Split out from tcpip package, reverted to 3.0.12 since 3.0.14 was doing this: in.identd[6698]: Error while changing user/group privileges n/tcpip-0.17-i386-7.tgz: Remove pidentd (now in separate package). x/xfree86-4.2.0-i386-3.tgz: Removed freetype-1.3.1 shared library. x/xfree86-devel-4.2.0-i386-3.tgz: Removed freetype-1.3.1 headers. x/xfree86-docs-4.2.0-i386-2.tgz: Removed freetype-1.3.1 docs. xap/freefonts-0.10-i386-1.tgz: Removed. There were a couple of problems with this. First, it's tricky to install them in the usual (Type1) directory without stomping on the existing fonts.dir and fonts.alias. Second, not all of the licenses are as free as the package name might lead you to think. If you need these fonts you can find them here: ftp://ftp.gimp.org/pub/gimp/fonts/ xap/sane-1.0.7-i386-1.tgz: Added sane-1.0.7. xap/xmms-1.2.7-i386-2.tgz: Added support for ESD and GNOME. xap/xpdf-1.00-i386-2.tgz: Fixed xpdfrc to not try to load Type1 fonts. xap/xsane-0.84-i386-1.tgz: Added xsane-0.84. ---------------------------- Mon Apr 1 01:31:47 PST 2002 Here are a few updates to slackware-current... :-) ---------------------------- Sun Mar 31 21:51:27 PST 2002 a/pkgtools-8.0.7-i386-3.tgz: Edited some text in xwmconfig. ---------------------------- Sun Mar 31 00:45:29 PST 2002 a/sysvinit-2.84-i386-9.tgz: Add /etc/dhcpc/dhcpcd-eth0.pid to the list of files to be removed at boot time in rc.S. ap/quota-3.04-i386-1.tgz: Upgraded to quota-3.04. n/nfs-utils-0.3.3-i386-2.tgz: Removed rpc.rquotad, which is now maintained in the quota package. ---------------------------- Sat Mar 30 20:55:02 PST 2002 a/jfsutils-1.0.16-i386-1.tgz: Added jfsutils-1.0.16. a/xfsprogs-2.0.1-i386-1.tgz: Added xfsprogs-2.0.1. I've also added mkfs.jfs and mkfs.xfs to the isolinux initrd and rootdisk images, and patched the installer to allow any of these filesystems if they're found in the kernel: ext2, ext3, jfs, reiserfs, and xfs. In addition, there are now kernels with jfs and xfs support usable from isolinux. This is still just for testing, and the prebuilt JFS/XFS kernels don't contain any support for SCSI controllers (but it would be easy to rebuild the kernel with the patches in source/k/kernel-source/... consider that part of your test :) ---------------------------- Sat Mar 30 13:09:38 PST 2002 l/libxml-1.8.17-i386-1.tgz: Added libxml1. Moved some libraries which are bound to see widespread usage outside of KDE: l/libxml2-2.4.15-i386-1.tgz: Moved here from kde/. l/libxslt-1.0.12-i386-1.tgz: Moved here from kde/. l/pcre-3.9-i386-1.tgz: Moved here from kde/. l/orbit-0.5.15-i386-1.tgz: Added ORBit, which is needed to build Mozilla. n/nmap-2.54BETA31-i386-2.tgz: Put GNOME files under /usr, not /opt/gnome. xap/mozilla-0.9.9-i386-2.tgz: Put GNOME files under /usr, not /opt/gnome. xap/xscreensaver-4.02-i386-2.tgz: Recompiled against libxml. ---------------------------- Fri Mar 29 00:50:23 PST 2002 n/nmap-2.54BETA31-i386-1.tgz: Added nmap-2.54BETA31. xap/imagemagick-5.4.4-i386-1.tgz: Upgraded to ImageMagick-5.4.4. ---------------------------- Thu Mar 28 20:53:40 PST 2002 a/pkgtools-8.0.7-i386-2.tgz: Fixed a bug that prevented tagfiles from being followed correctly. In pkgtool "View" mode, jump back to the same place in the list after viewing the package. Suggested by Marek Januszewski. ---------------------------- Thu Mar 28 15:46:08 PST 2002 a/cpio-2.4.2.91-i386-1.tgz: Upgraded to cpio-2.4.2.91 (which appears to be primarily a bugfix version) from alpha.gnu.org because there hasn't been an official release of this in over 6 years. n/mod_ssl-2.8.8_1.3.24-i386-2.tgz: Fixed the html documentation. n/openssh-3.1p1-i386-2.tgz: Edited rc.sshd to allow 'rc.sshd restart' without hanging up on existing connections. Suggested by Pawel Kot. ---------------------------- Wed Mar 27 23:54:51 PST 2002 a/floppy-5.4-i386-2.tgz: Recompiled, stripped binaries. a/pkgtools-8.0.7-i386-1.tgz: Use dynamic resizing for slack-desc windows. ap/vim-6.1-i386-1.tgz: Upgraded to vim-6.1. n/apache-1.3.24-i386-1.tgz: Upgraded to apache-1.3.24. n/mod_ssl-2.8.8_1.3.24-i386-1.tgz: Upgraded to mod_ssl-2.8.8_1.3.24. x/xfree86-4.2.0-i386-2.tgz: Rebuilt against system zlib. x/xfree86-devel-4.2.0-i386-2.tgz: Rebuilt against system zlib. Added "HasZlib YES" to linux.cf. x/xfree86-xnest-4.2.0-i386-2.tgz: Rebuilt against system zlib. x/xfree86-xprt-4.2.0-i386-2.tgz: Rebuilt against system zlib. x/xfree86-xvfb-4.2.0-i386-2.tgz: Rebuilt against system zlib. xap/xvim-6.1-i386-1.tgz: Added GTK+ version of vim. ---------------------------- Wed Mar 27 01:33:20 PST 2002 extra/kde-3.0rc3/: This is a set of packages to test KDE 3.0rc3. This requires (at least) libxml2, libxslt, and pcre from the KDE series (in slackware/kde), and lesstif from the L series. There are other dependencies as well, so if you want to test this, I recommend a full install, then remove the old packages like this: cd /var/log/packages ; removepkg kde* kdoc* koffice* qt* Finally, use installpkg to install all the packages in extra/kde-3.0rc3. xap/netscape-6.2.2-i686-1.tgz: Upgraded to netscape-6.2.2. This build includes the zlib fix. xap/xmms-1.2.7-i386-1.tgz: Added xmms-1.2.7. xap/xscreensaver-4.02-i386-1.tgz: Added xscreensaver-4.02. ---------------------------- S