Wed Jul 25 02:02:40 UTC 2012
patches/packages/libpng-1.2.50-i486-1_slack9.1.tgz:  Upgraded.
  Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()
  (fixes CVE-2011-3045).
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
  (* Security fix *)
+--------------------------+
Thu Jun 14 05:02:39 UTC 2012
####################################################################
# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
#                                                                  #
# Effective August 1, 2012, security patches will no longer be     #
# provided for the following versions of Slackware (which will all #
# be more than 5 years old at that time):                          #
# Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0.           #
# If you are still running these versions you should consider      #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own        #
# security patches.  If for some reason you are unable to upgrade  #
# or handle your own security patches, limited security support    #
# may be available for a fee.  Inquire at security@slackware.com.  #
####################################################################
patches/packages/bind-9.7.6_P1-i486-1_slack9.1.tgz:  Upgraded.
  This release fixes an issue that could crash BIND, leading to a denial of
  service.  It also fixes the so-called "ghost names attack" whereby a
  remote attacker may trigger continued resolvability of revoked domain names.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
  IMPORTANT NOTE:  This is a upgraded version of BIND, _not_ a patched one.
  It is likely to be more strict about the correctness of configuration files.
  Care should be taken about deploying this upgrade on production servers to
  avoid an unintended interruption of service.
  (* Security fix *)
+--------------------------+
Sat Apr  7 21:48:42 UTC 2012
patches/packages/libtiff-3.8.2-i486-4_slack9.1.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173
  (* Security fix *)
+--------------------------+
Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.2.47-i486-1_slack9.1.tgz:  Upgraded.
  All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
  respectively, fail to correctly validate a heap allocation in
  png_decompress_chunk(), which can lead to a buffer-overrun and the
  possibility of execution of hostile code on 32-bit systems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
  (* Security fix *)
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.4_ESV_R5_P1-i486-1_slack9.1.tgz:  Upgraded.
        --- 9.4-ESV-R5-P1 released ---
3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]
  (* Security fix *)
+--------------------------+
Fri Nov 11 18:58:21 UTC 2011
  Good 11-11-11, everyone!  Enjoy some fresh time.  :)
patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.tgz:  Upgraded.
  New upstream homepage:  http://www.iana.org/time-zones
+--------------------------+
Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.4_ESV_R5-i486-1_slack9.1.tgz:  Upgraded.
  This BIND update addresses a couple of security issues:
  * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
  * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
+--------------------------+
Fri Jul 29 18:22:40 UTC 2011
patches/packages/libpng-1.2.46-i486-1_slack9.1.tgz:  Upgraded.
  Fixed uninitialized memory read in png_format_buffer()
  (Bug report by Frank Busse, related to CVE-2004-0421).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
  (* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i486-1_slack9.1.tgz:  Upgraded.
  This release fixes a denial of service in STARTTLS protocol phases.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
    http://www.fetchmail.info/fetchmail-SA-2011-01.txt
  (* Security fix *)
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack9.1.tgz:  Upgraded.
  This release fixes security issues:
     * A large RRSET from a remote authoritative server that results in
       the recursive resolver trying to negatively cache the response can
       hit an off by one code error in named, resulting in named crashing.
       [RT #24650] [CVE-2011-1910]
     * Zones that have a DS record in the parent zone but are also listed
       in a DLV and won't validate without DLV could fail to validate. [RT
       #24631]
  For more information, see:
    http://www.isc.org/software/bind/advisories/cve-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
  (* Security fix *)
+--------------------------+
Fri Apr  8 06:58:48 UTC 2011
patches/packages/libtiff-3.8.2-i486-3_slack9.1.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
  (* Security fix *)
+--------------------------+
Thu Apr  7 04:07:29 UTC 2011
patches/packages/dhcp-3.1_ESV_R1-i486-1_slack9.1.tgz:  Upgraded.
  In dhclient, check the data for some string options for reasonableness
  before passing it along to the script that interfaces with the OS.
  This prevents some possible attacks by a hostile DHCP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
  (* Security fix *)
+--------------------------+
Thu Feb 10 21:19:38 UTC 2011
patches/packages/sudo-1.7.4p6-i486-1_slack9.1.tgz:  Upgraded.
  Fix Runas group password checking.
  For more information, see the included CHANGES and NEWS files, and:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
  (* Security fix *)
+--------------------------+
Thu Dec 16 18:57:05 UTC 2010
patches/packages/bind-9.4_ESV_R4-i486-1_slack9.1.tgz:  Upgraded.
  This update fixes some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  (* Security fix *)
+--------------------------+
Sat Nov 20 21:20:27 UTC 2010
patches/packages/xpdf-3.02pl5-i486-1_slack9.1.tgz:  Upgraded.
  This update fixes security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
  (* Security fix *)
+--------------------------+
Mon Sep 20 18:39:57 UTC 2010
patches/packages/bzip2-1.0.6-i486-1_slack9.1.tgz:  Upgraded.
  This update fixes an integer overflow that could allow a specially
  crafted bzip2 archive to cause a crash (denial of service), or execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
  (* Security fix *)
+--------------------------+
Wed Sep 15 18:51:21 UTC 2010
patches/packages/sudo-1.7.4p4-i486-3_slack9.1.tgz:  Rebuilt.
  Hi folks, since the patches for old systems (8.1 - 10.2) were briefly
  available containing a /var/lib with incorrect permissions, I'm issuing
  these again just to be 100% sure that no systems out there will be left
  with problems due to that.  This should do it (third time's the charm).
+--------------------------+
Wed Sep 15 05:58:55 UTC 2010
patches/packages/sudo-1.7.4p4-i486-2_slack9.1.tgz:  Rebuilt.
  The last sudo packages accidentally changed the permissions on /var from
  755 to 700.  This build restores the proper permissions.
  Thanks to Petri Kaukasoina for pointing this out.
+--------------------------+
Wed Sep 15 00:41:13 UTC 2010
patches/packages/sudo-1.7.4p4-i486-1_slack9.1.tgz:  Upgraded.
  This fixes a flaw that could lead to privilege escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
  (* Security fix *)
+--------------------------+
Wed Jun 30 04:51:49 UTC 2010
patches/packages/libtiff-3.8.2-i486-2_slack9.1.tgz:  Rebuilt.
  This fixes image structure handling bugs that could lead to crashes or
  execution of arbitrary code if a specially-crafted TIFF image is loaded.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067
  (* Security fix *)
patches/packages/libpng-1.2.44-i486-1_slack9.1.tgz:  Upgraded.
  This fixes out-of-bounds memory write bugs that could lead to crashes
  or the execution of arbitrary code, and a memory leak bug which could
  lead to application crashes.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
  (* Security fix *)
+--------------------------+
Sun Jun 27 04:02:55 UTC 2010
patches/packages/bind-9.4.3_P5-i486-2_slack9.1.tgz:  Rebuilt.
  At least some of these updates for 2.4.x systems were built under a
  2.6.x kernel, and didn't work.  Sorry, I think I've fixed the
  issue on this end this time.  If the previous update did not work
  for you, try this one.
+--------------------------+
Fri Jun 25 05:28:02 UTC 2010
patches/packages/bind-9.4.3_P5-i486-1_slack9.1.tgz:  Upgraded.
  This fixes possible DNS cache poisoning attacks when DNSSEC is enabled
  and checking is disabled (CD).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
  (* Security fix *)
+--------------------------+
Sun May 16 20:01:28 UTC 2010
patches/packages/fetchmail-6.3.17-i486-1_slack9.1.tgz:  Upgraded.
  A crafted header or POP3 UIDL list could cause a memory leak and crash
  leading to a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167
  (* Security fix *)
+--------------------------+
Tue Apr 20 14:45:24 UTC 2010
patches/packages/sudo-1.7.2p6-i486-1_slack9.1.tgz:  Upgraded.
  This update fixes security issues that may give a user with permission
  to run sudoedit the ability to run arbitrary commands.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html
  (* Security fix *)
+--------------------------+
Thu Dec 10 00:12:58 UTC 2009
patches/packages/ntp-4.2.2p3-i486-2_slack9.1.tgz:  Rebuilt.
  Prevent a denial-of-service attack involving spoofed mode 7 packets.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
  (* Security fix *)
+--------------------------+
Wed Dec  2 20:51:55 UTC 2009
patches/packages/bind-9.4.3_P4-i486-1_slack9.1.tgz:  Upgraded.
  BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3.  It addresses a
  potential cache poisoning vulnerability, in which data in the additional
  section of a response could be cached without proper DNSSEC validation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://www.kb.cert.org/vuls/id/418861
  (* Security fix *)
+--------------------------+
Wed Oct 28 01:23:19 UTC 2009
patches/packages/xpdf-3.02pl4-i486-1_slack9.1.tgz:  Upgraded.
  This update fixes several security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
  (* Security fix *)
+--------------------------+
Fri Aug 14 13:42:26 CDT 2009
patches/packages/curl-7.10.7-i486-4_slack9.1.tgz:
  This update fixes a security issue where a zero byte embedded in an SSL
  or TLS certificate could fool cURL into validating the security of a
  connection to a system that the certificate was not issued for.  It has
  been reported that at least one Certificate Authority allowed such
  certificates to be issued.
  For more information, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
  (* Security fix *)
+--------------------------+
Thu Aug  6 00:48:30 CDT 2009
patches/packages/fetchmail-6.3.11-i486-1_slack9.1.tgz:  Upgraded.
  This update fixes an SSL NUL prefix impersonation attack through NULs in a
  part of a X.509 certificate's CommonName and subjectAltName fields.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
  (* Security fix *)
+--------------------------+
Wed Jul 29 23:10:01 CDT 2009
patches/packages/bind-9.4.3_P3-i386-1_slack9.0.tgz:  Upgraded.
  This BIND update fixes a security problem where a specially crafted
  dynamic update message packet will cause named to exit resulting in
  a denial of service.
  An active remote exploit is in wide circulation at this time.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
    https://www.isc.org/node/479
  (* Security fix *)
+--------------------------+
Tue Jul 14 18:07:41 CDT 2009
patches/packages/dhcp-3.1.2p1-i486-1_slack9.1.tgz:  Upgraded.
  A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
  (* Security fix *)
+--------------------------+
Fri Jun 19 18:22:20 CDT 2009
patches/packages/libpng-1.2.37-i486-1_slack9.1.tgz:  Upgraded.
  This update fixes a possible security issue.  Jeff Phillips discovered an
  uninitialized-memory-read bug affecting interlaced images that may have
  security implications.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
  (* Security fix *)
+--------------------------+
Wed Jun  3 18:09:52 CDT 2009
patches/packages/ntp-4.2.2p3-i486-1_slack9.1.tgz:
  Patched a stack-based buffer overflow in the cookedprint function in
  ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
  execution by a malicious remote NTP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
  (* Security fix *)
+--------------------------+
Sat May  9 18:03:41 CDT 2009
patches/packages/xpdf-3.02pl3-i486-1_slack9.1.tgz:
  Upgraded to xpdf-3.02pl3.
  This update fixes several overflows that may result in crashes or the
  execution of arbitrary code as the xpdf user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
(* Security fix *)
+--------------------------+
Mon Mar  9 00:04:05 CDT 2009
patches/packages/curl-7.10.7-i486-3_slack9.1.tgz:
  Patched curl-7.10.7.
  This fixes a security issue where automatic redirection could be made to
  follow file:// URLs, reading or writing a local instead of remote file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
  (* Security fix *)
+--------------------------+
Fri Feb 20 17:20:49 CST 2009
patches/packages/libpng-1.2.35-i486-1_slack9.1.tgz:
  Upgraded to libpng-1.2.35.
  This fixes multiple memory-corruption vulnerabilities due to a failure to
  properly initialize data structures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
    ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
  (* Security fix *)
+--------------------------+
Wed Jan 14 20:37:39 CST 2009
patches/packages/bind-9.3.6_P1-i486-1_slack9.1.tgz:
  Upgraded to bind-9.3.6-P1.
  Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
  DSA_do_verify functions to prevent spoofing answers returned from zones using
  the DNSKEY algorithms DSA and NSEC3DSA.
  For more information, see:
    https://www.isc.org/node/373
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
  (* Security fix *)
patches/packages/ntp-4.2.4p6-i486-1_slack9.1.tgz:
  [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
  For more information, see:
    https://lists.ntp.org/pipermail/announce/2009-January/000055.html
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
+--------------------------+
Mon Oct 13 13:58:21 CDT 2008
patches/packages/glibc-zoneinfo-2.3.2-noarch-6_slack9.1.tgz:
  Upgraded to tzdata2008h for the latest world timezone changes.
+--------------------------+
Wed Sep 17 02:28:20 CDT 2008
patches/packages/bind-9.3.5_P2-i486-1_slack9.1.tgz:
  Upgraded to bind-9.3.5-P2.
  This version has performance gains over bind-9.3.5-P1.
+--------------------------+
Mon Jul 28 22:05:06 CDT 2008
patches/packages/fetchmail-6.3.8-i486-1_slack9.1.tgz:
  Patched to fix a possible denial of service when "-v -v" options are used.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
  (* Security fix *)
+--------------------------+
Wed Jul  9 20:03:57 CDT 2008
patches/packages/bind-9.3.5_P1-i486-1_slack9.1.tgz:
  Upgraded to bind-9.3.5-P1.
  This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
  Poisoning Issue.  This is the summary of the problem from the BIND site:
    "A weakness in the DNS protocol may enable the poisoning of caching
     recurive resolvers with spoofed data.  DNSSEC is the only full solution.
     New versions of BIND provide increased resilience to the attack."
  It is suggested that sites that run BIND upgrade to one of the new packages
  in order to reduce their exposure to DNS cache poisoning attacks.
  For more information, see:
    http://www.isc.org/sw/bind/bind-security.php
    http://www.kb.cert.org/vuls/id/800113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+
Mon Apr 28 23:46:17 CDT 2008
patches/packages/libpng-1.2.27-i486-1_slack9.1.tgz:
  Upgraded to libpng-1.2.27.
  This fixes various bugs, the most important of which have to do with the
  handling of unknown chunks containing zero-length data.  Processing a PNG
  image that contains these could cause the application using libpng to crash
  (possibly resulting in a denial of service), could potentially expose the
  contents of uninitialized memory, or could cause the execution of arbitrary
  code as the user running libpng (though it would probably be quite difficult
  to cause the execution of attacker-chosen code).  We recommend upgrading the
  package as soon as possible.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
    ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
  (* Security fix *)
+--------------------------+
Mon Apr  7 02:04:58 CDT 2008
patches/packages/bzip2-1.0.5-i486-1_slack9.1.tgz:  Upgraded to bzip2-1.0.5.
  Previous versions of bzip2 contained a buffer overread error that could cause
  applications linked to libbz2 to crash, resulting in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
  (* Security fix *)
patches/packages/m4-1.4.11-i486-1_slack9.1.tgz:  Upgraded to m4-1.4.11.
  In addition to bugfixes and enhancements, this version of m4 also fixes two
  issues with possible security implications.  A minor security fix with the
  use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
  (rather unlikely) possibility that an unquoted string could match an
  existing macro causing operations to be done on the wrong file.  Also,
  a problem with the '-F' option (introduced with version 1.4) could cause a
  core dump or possibly (with certain file names) the execution of arbitrary
  code.  For more information on these issues, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
  (* Security fix *)
+--------------------------+
Fri Apr  4 12:36:37 CDT 2008
patches/packages/openssh-5.0p1-i486-1_slack9.1.tgz:
Upgraded to openssh-5.0p1.
  This version fixes a security issue where local users could hijack forwarded
  X connections.  Upgrading to the new package is highly recommended.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
  (* Security fix *)
+--------------------------+
Thu Feb 14 17:05:55 CST 2008
patches/packages/apache-1.3.41-i486-1_slack9.1.tgz:
  Upgraded to apache-1.3.41, the last regular release of the
  Apache 1.3.x series, and a security bugfix-only release.
  For more information about the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
  (* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack9.1.tgz:
  Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
+--------------------------+
Mon Dec 31 18:49:52 CST 2007
patches/packages/glibc-zoneinfo-2.3.2-noarch-5_slack9.1.tgz:
  Some deja vu.  ;-)
  Upgraded to tzdata2007k.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Mon Dec 24 15:54:26 CST 2007
patches/packages/glibc-zoneinfo-2.3.2-noarch-4_slack9.1.tgz:
  Upgraded to tzdata2007j.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Sat Dec  1 16:57:18 CST 2007
patches/packages/rsync-2.6.9-i486-1_slack9.1.tgz:
  Patched some security bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
    http://lists.samba.org/archive/rsync-announce/2007/000050.html
  (* Security fix *)
+--------------------------+
Wed Nov 21 00:55:51 CST 2007
patches/packages/libpng-1.2.23-i486-1_slack9.1.tgz:
  Upgraded to libpng-1.2.23.
  Previous libpng versions may crash when loading malformed PNG files.
  It is not currently known if this vulnerability can be exploited to
  execute malicious code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
  (* Security fix *)
+--------------------------+
Mon Nov 12 01:25:34 CST 2007
patches/packages/xpdf-3.02pl2-i486-1_slack9.1.tgz:
  Upgraded to xpdf-3.02pl2.
  The pl2 patch fixes a crash in xpdf.
  Some theorize that this could be used to execute arbitrary code if an
  untrusted PDF file is opened, but no real-world examples are known (yet).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
  (* Security fix *)
+--------------------------+
Thu Nov  1 22:03:53 CDT 2007
patches/packages/cups-1.1.21-i486-2_slack9.1.tgz:
  Patched cups-1.1.21.
  Errors in ipp.c may allow a remote attacker to crash CUPS resulting
  in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
  (* Security fix *)
+--------------------------+
Wed Oct 10 11:50:50 CDT 2007
patches/packages/glibc-zoneinfo-2.3.2-noarch-3_slack9.1.tgz:
  Upgraded to timezone data from tzcode2007h and tzdata2007h.
  This contains the latest timezone data from NIST, including some important
  changes to daylight savings time in Brasil and New Zealand.
+--------------------------+
Wed Sep 12 15:20:06 CDT 2007
patches/packages/openssh-4.7p1-i486-1_slack9.1.tgz:
  Upgraded to openssh-4.7p1.
  From the OpenSSH release notes:
  "Security bugs resolved in this release:  Prevent ssh(1) from using a
  trusted X11 cookie if creation of an untrusted cookie fails; found and
  fixed by Jan Pechanec."
  While it's fair to say that we here at Slackware don't see how this could
  be leveraged to compromise a system, a) the OpenSSH people (who presumably
  understand the code better) characterize this as a security bug, b) it has
  been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
  network daemons.  Better safe than sorry.
  More information should appear here eventually:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
  (* Security fix *)
Sat Aug 18 15:00:32 CDT 2007
patches/packages/tcpdump-3.9.7-i486-1_slack9.1.tgz:
  Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
  This new version fixes an integer overflow in the BGP dissector which
  could possibly allow remote attackers to crash tcpdump or to execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
  (* Security fix *)
+--------------------------+
Fri Aug 10 22:39:13 CDT 2007
patches/packages/xpdf-3.02pl1-i486-1_slack9.1.tgz:
  Upgraded to xpdf-3.02pl1.  This fixes an integer overflow that could possibly
  be leveraged to run arbitrary code if a malicious PDF file is processed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
  (* Security fix *)
+--------------------------+
Thu Jul 26 15:51:42 CDT 2007
patches/packages/bind-9.2.8_P1-i486-1_slack9.1.tgz:
  Upgraded to bind-9.2.8_P1 to fix a security issue.
  The query IDs in BIND9 prior to BIND 9.2.8-P1 are cryptographically weak.
  For more information on this issue, see:
    http://www.isc.org/index.pl?/sw/bind/bind-security.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
  (* Security fix *)
+--------------------------+
Wed May 16 16:16:59 CDT 2007
patches/packages/libpng-1.2.18-i486-1_slack9.1.tgz:
  Upgraded to libpng-1.2.18.
  A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
  libpng applications.  This vulnerability has been assigned the identifiers
  CVE-2007-2445 and CERT VU#684664.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
  (* Security fix *)
+--------------------------+
Tue Apr  3 15:13:56 CDT 2007
patches/packages/file-4.20-i486-1_slack9.1.tgz:
  Upgraded to file-4.20.
  This fixes a heap overflow that could allow code to be executed as the
  user running file (note that there are many scenarios where file might be
  used automatically, such as in virus scanners or spam filters).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
  (* Security fix *)
+--------------------------+
Wed Mar  7 18:02:55 CST 2007
patches/packages/gnupg-1.4.7-i486-1_slack9.1.tgz:  Upgraded to gnupg-1.4.7.
  This fixes a security problem that can occur when GnuPG is used incorrectly.
  Newer versions attempt to prevent such misuse.
  For more information, see:
    http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
  (* Security fix *)
+--------------------------+
Sun Feb 18 15:20:36 CST 2007
patches/packages/glibc-zoneinfo-2.3.2-noarch-2_slack9.1.tgz:
  Updated with tzdata2007b for impending Daylight Savings Time
  changes in the US.
+--------------------------+
Fri Jan 26 22:46:30 CST 2007
patches/packages/bind-9.2.8-i486-1_slack9.1.tgz:
  Upgraded to bind-9.2.8.  This update fixes two denial of service
  vulnerabilities where an attacker could crash the name server with
  specially crafted malformed data.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
  (* Security fix *)
+--------------------------+
Wed Jan 24 14:15:07 CST 2007
patches/packages/fetchmail-6.3.6-i486-1_slack9.1.tgz:
  Upgraded to fetchmail-6.3.6.  This fixes two security issues.  First, a bug
  introduced in fetchmail-6.3.5 could cause fetchmail to crash.  However,
  no stable version of Slackware ever shipped fetchmail-6.3.5.  Second, a long
  standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
  password in clear text or omit using TLS even when configured otherwise.
  All fetchmail users are encouraged to consider using getmail, or to upgrade
  to the new fetchmail packages.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
  (* Security fix *)
+--------------------------+
Sat Dec 23 16:40:57 CST 2006
patches/packages/xine-lib-1.1.3-i686-1_slack9.1.tgz:
  Upgraded to xine-lib-1.1.3 which fixes possible security problems
  such as a heap overflow in libmms and a buffer overflow in the
  Real Media input plugin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
  (* Security fix *)
+--------------------------+
Wed Dec  6 15:16:06 CST 2006
patches/packages/gnupg-1.4.6-i486-1_slack9.1.tgz:
  Upgraded to gnupg-1.4.6.  This release fixes a severe and exploitable
  bug in earlier versions of gnupg.  All gnupg users should update to the
  new packages as soon as possible.  For details, see the information
  concerning CVE-2006-6235 posted on lists.gnupg.org:
    http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
  This update also addresses a more minor security issue possibly
  exploitable when GnuPG is used in interactive mode.  For more information
  about that issue, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
  (* Security fix *)
+--------------------------+
Fri Dec  1 15:03:20 CST 2006
patches/packages/libpng-1.2.14-i486-1_slack9.1.tgz:
  Upgraded to libpng-1.2.14.  This fixes a bug where a specially crafted PNG
  file could crash applications that use libpng.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
  (* Security fix *)
patches/packages/proftpd-1.3.0a-i486-1_slack9.1.tgz:
  Upgraded to proftpd-1.3.0a plus an additional security patch.  Several
  security issues were found in proftpd that could lead to the execution of
  arbitrary code by a remote attacker, including one in mod_tls that does
  not require the attacker to be authenticated first.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
  (* Security fix *)
patches/packages/tar-1.16-i486-1_slack9.1.tgz:
  Upgraded to tar-1.16.
  This fixes an issue where files may be extracted outside of the current
  directory, possibly allowing a malicious tar archive, when extracted, to
  overwrite any of the user's files (in the case of root, any file on the
  system).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
  (* Security fix *)
+--------------------------+
Mon Nov  6 21:29:24 CST 2006
patches/packages/bind-9.2.6_P2-i486-1_slack9.1.tgz:
  Upgraded to bind-9.2.6-P2.  This fixes some security issues related to
  previous fixes in OpenSSL.  The minimum OpenSSL version was raised to
  OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
  in older versions (these patches were already issued for Slackware).  If you
  have not upgraded yet, get those as well to prevent a potentially exploitable
  security problem in named.  In addition, the default RSA exponent was changed
  from 3 to 65537.  RSA keys using exponent 3 (which was previously BIND's
  default) will need to be regenerated to protect against the forging
  of RRSIGs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Fri Nov  3 23:19:57 CST 2006
patches/packages/screen-4.0.3-i486-1_slack9.1.tgz:  Upgraded to screen-4.0.3.
  This addresses an issue with the way screen handles UTF-8 character encoding
  that could allow screen to be crashed (or possibly code to be executed in the
  context of the screen user) if a specially crafted sequence of pseudo-UTF-8
  characters are displayed withing a screen session.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
  (* Security fix *)
+--------------------------+
Fri Sep 29 00:21:27 CDT 2006
patches/packages/openssl-0.9.7l-i486-1_slack9.1.tgz:
  Upgraded to shared libraries from openssl-0.9.7l.
  See openssl package update below.
  (* Security fix *)
patches/packages/openssh-4.4p1-i486-1_slack9.1.tgz:
  Upgraded to openssh-4.4p1.
  This fixes a few security related issues.  From the release notes found at
  http://www.openssh.com/txt/release-4.4:
    * Fix a pre-authentication denial of service found by Tavis Ormandy,
      that would cause sshd(8) to spin until the login grace time
      expired.
    * Fix an unsafe signal hander reported by Mark Dowd. The signal
      handler was vulnerable to a race condition that could be exploited
      to perform a pre-authentication denial of service. On portable
      OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication
      is enabled, but the likelihood of successful exploitation appears
      remote.
    * On portable OpenSSH, fix a GSSAPI authentication abort that could
      be used to determine the validity of usernames on some platforms.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
    After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
  the way you want them.  Future upgrades will respect the existing permissions
  settings.  Thanks to Manuel Reimer for pointing out that upgrading openssh
  would enable a previously disabled sshd daemon.
    Do better checking of passwd, shadow, and group to avoid adding
    redundant entries to these files.  Thanks to Menno Duursma.
  (* Security fix *)
patches/packages/openssl-0.9.7l-i486-1_slack9.1.tgz:
  Upgraded to openssl-0.9.7l.
  This fixes a few security related issues:
      During the parsing of certain invalid ASN.1 structures an error
    condition is mishandled.  This can result in an infinite loop which
    consumes system memory (CVE-2006-2937).  (This issue did not affect
    OpenSSL versions prior to 0.9.7)
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      Certain types of public key can take disproportionate amounts of
    time to process. This could be used by an attacker in a denial of
    service attack (CVE-2006-2940).
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      A buffer overflow was discovered in the SSL_get_shared_ciphers()
    utility function.  An attacker could send a list of ciphers to an
    application that uses this function and overrun a buffer.
    (CVE-2006-3738)
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
      A flaw in the SSLv2 client code was discovered. When a client
    application used OpenSSL to create an SSLv2 connection to a malicious
    server, that server could cause the client to crash (CVE-2006-4343).
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
  (* Security fix *)
+--------------------------+
Tue Sep 19 14:07:49 CDT 2006
patches/packages/gzip-1.3.5-i486-1_slack9.1.tgz:
  Upgraded to gzip-1.3.5, and fixed a variety of bugs.
  Some of the bugs have possible security implications if gzip or its tools are
  fed a carefully constructed malicious archive.  Most of these issues were
  recently discovered by Tavis Ormandy and the Google Security Team.  Thanks
  to them, and also to the ALT and Owl developers for cleaning up the patch.
  For further details about the issues fixed, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
  (* Security fix *)
+--------------------------+
Thu Sep 14 05:30:50 CDT 2006
patches/packages/openssl-0.9.7d-i486-3_slack9.1.tgz:  Patched an issue where
  it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
patches/packages/openssl-solibs-0.9.7d-i486-3_slack9.1.tgz:  Patched an issue
  where it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Mon Sep 11 20:16:06 CDT 2006
patches/packages/bind-9.2.6_P1-i486-2_slack9.1.tgz:  In the -1_slack9.1
  build, libdns.so was not stripped making the package larger than it should
  have been.  (it still worked, but wasting space like that is no good)
  Thanks to Eef Hartman and Phil Howard for pointing this out.
+--------------------------+
Thu Sep  7 23:41:37 CDT 2006
patches/packages/bind-9.2.6_P1-i486-1_slack9.1.tgz
  Upgraded to bind-9.2.6-P1
  This update addresses a denial of service vulnerability.
  BIND's CHANGES file says this:
    2066.   [security]      Handle SIG queries gracefully. [RT #16300]
  The best discussion I've found is in FreeBSD's advisory, so here's a link:
    http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc
  Also, fixed some missing man pages.  (noticed by Xavier Thomassin -- thanks)
  (* Security fix *)
+--------------------------+
Fri Aug 18 00:27:05 CDT 2006
patches/packages/libtiff-3.8.2-i486-1_slack9.1.tgz:
  Patched vulnerabilities in libtiff which were found by Tavis Ormandy of
  the Google Security Team.  These issues could be used to crash programs
  linked to libtiff or possibly to execute code as the program's user.
  A low risk command-line overflow in tiffsplit was also patched.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
  (* Security fix *)
+--------------------------+
Wed Aug  2 22:03:08 CDT 2006
patches/packages/gnupg-1.4.5-i486-1_slack9.1.tgz:
  Upgraded to gnupg-1.4.5.
  From the gnupg-1.4.5 NEWS file:
    * Fixed 2 more possible memory allocation attacks.  They are
    similar to the problem we fixed with 1.4.4.  This bug can easily
    be be exploited for a DoS; remote code execution is not entirely
    impossible.
(* Security fix *)
+--------------------------+
Fri Jul 28 17:37:42 CDT 2006
patches/packages/apache-1.3.37-i486-1_slack9.1.tgz:
  Upgraded to apache-1.3.37.
  From the announcement on httpd.apache.org:
    This version of Apache is security fix release only.  An off-by-one flaw
    exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
    since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
  The Slackware Security Team feels that the vast majority of installations
  will not be configured in a vulnerable way but still suggests upgrading to
  the new apache and mod_ssl packages for maximum security.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
  And see Apache's announcement here:
    http://www.apache.org/dist/httpd/Announcement1.3.html
  (* Security fix *)
patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack9.1.tgz:
  Upgraded to mod_ssl-2.8.28-1.3.37.
+--------------------------+
Mon Jul 24 15:44:39 CDT 2006
patches/packages/mutt-1.4.2.2i-i486-1_slack9.1.tgz:
  Upgraded to mutt-1.4.2.2i.
  This release fixes CVE-2006-3242, a buffer overflow that could be triggered
  by a malicious IMAP server.
  [Connecting to malicious IMAP servers must be common, right? -- Ed.]
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
  (* Security fix *)
+--------------------------+
Tue Jun 27 18:48:22 CDT 2006
patches/packages/gnupg-1.4.4-i486-1_slack9.1.tgz:
  This version fixes a memory allocation issue that could allow an attacker to
  crash GnuPG creating a denial-of-service.
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
+--------------------------+
Thu Jun 15 02:01:36 CDT 2006
patches/packages/sendmail-8.13.7-i486-1_slack9.1.tgz:
  Upgraded to sendmail-8.13.7.
  Fixes a potential denial of service problem caused by excessive recursion
  leading to stack exhaustion when attempting delivery of a malformed MIME
  message.  This crashes sendmail's queue processing daemon, which in turn
  can lead to two problems:  depending on the settings, these crashed
  processes may create coredumps which could fill a drive partition; and
  such a malformed message in the queue will cause queue processing to
  cease when the message is reached, causing messages that are later in
  the queue to not be processed.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
  Sendmail has also provided an FAQ about this issue:
    http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
  (* Security fix *)
patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.1.tgz:
  Upgraded to sendmail-8.13.7 configs.
+--------------------------+
Sat Jun  3 17:27:34 CDT 2006
patches/packages/mysql-4.0.27-i486-1_slack9.1.tgz:
  Upgraded to mysql-4.0.27.
  This fixes some minor security issues with possible information leakage.
  Note that the information leakage bugs require that the attacker have
  access to an account on the database.  Also note that by default,
  Slackware's rc.mysqld script does *not* allow access to the database
  through the outside network (it uses the --skip-networking option).
  If you've enabled network access to MySQL, it is a good idea to filter
  the port (3306) to prevent access from unauthorized machines.
  For more details, see the MySQL 4.0.27 release announcement here:
    http://lists.mysql.com/announce/359
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
  (* Security fix *)
+--------------------------+
Wed May 10 15:07:18 CDT 2006
patches/packages/apache-1.3.35-i486-2_slack9.1.tgz:
  Patched to fix totally broken Include behavior.
  Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+
Tue May  9 00:51:40 CDT 2006
patches/packages/apache-1.3.35-i486-1_slack9.1.tgz:
  Upgraded to apache-1.3.35.
  From the official announcement:
    Of particular note is that 1.3.35 addresses and fixes 1 potential
    security issue: CVE-2005-3352 (cve.mitre.org)
       mod_imap: Escape untrusted referer header before outputting in HTML
       to avoid potential cross-site scripting.  Change also made to
       ap_escape_html so we escape quotes.  Reported by JPCERT
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
  (* Security fix *)
patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack9.1.tgz:
  Upgraded to mod_ssl-2.8.26-1.3.35.
  This is an updated version designed for Apache 1.3.35.
+--------------------------+
Wed Mar 22 13:01:23 CST 2006
patches/packages/sendmail-8.13.6-i486-1.tgz:  Upgraded to sendmail-8.13.6.
  This new version of sendmail contains a fix for a security problem
  discovered by Mark Dowd of ISS X-Force.  From sendmail's advisory:
    Sendmail was notified by security researchers at ISS that, under some
    specific timing conditions, this vulnerability may permit a specifically
    crafted attack to take over the sendmail MTA process, allowing remote
    attackers to execute commands and run arbitrary programs on the system
    running the MTA, affecting email delivery, or tampering with other
    programs and data on this system.  Sendmail is not aware of any public
    exploit code for this vulnerability.  This connection-oriented
    vulnerability does not occur in the normal course of sending and
    receiving email.  It is only triggered when specific conditions are
    created through SMTP connection layer commands.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/company/advisory/index.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
  (* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
  Upgraded to sendmail-8.13.6 configuration files.
+--------------------------+
Mon Mar 13 20:42:48 CST 2006
patches/packages/gnupg-1.4.2.2-i486-1.tgz:  Upgraded to gnupg-1.4.2.2.
  There have been two security related issues reported recently with GnuPG.
  From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files:
    Noteworthy changes in version 1.4.2.2 (2006-03-08)
    * Files containing several signed messages are not allowed any
      longer as there is no clean way to report the status of such
      files back to the caller.  To partly revert to the old behaviour
      the new option --allow-multisig-verification may be used.
   Noteworthy changes in version 1.4.2.1 (2006-02-14)
    * Security fix for a verification weakness in gpgv.  Some input
      could lead to gpgv exiting with 0 even if the detached signature
      file did not carry any signature.  This is not as fatal as it
      might seem because the suggestion as always been not to rely on
      th exit code but to parse the --status-fd messages.  However it
      is likely that gpgv is used in that simplified way and thus we
      do this release.  Same problem with "gpg --verify" but nobody
      should have used this for signature verification without
      checking the status codes anyway.  Thanks to the taviso from
      Gentoo for reporting this problem.
  (* Security fix *)
+--------------------------+
Thu Feb  9 15:09:26 CST 2006
patches/packages/fetchmail-6.3.2-i486-1.tgz:  Upgraded to fetchmail-6.3.2.
  Presumably this replaces all the known security problems with
  a batch of new unknown ones.  (fetchmail is improving, really ;-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321
  (* Security fix *)
patches/packages/openssh-4.3p1-i486-1.tgz:  Upgraded to openssh-4.3p1.
  This fixes a security issue when using scp to copy files that could
  cause commands embedded in filenames to be executed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
  (* Security fix *)
patches/packages/sudo-1.6.8p12-i486-1.tgz:  Upgraded to sudo-1.6.8p12.
  This fixes an issue where a user able to run a Python script through sudo
  may be able to gain root access.
  IMHO, running any kind of scripting language from sudo is still not safe...
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
  (* Security fix *)
patches/packages/xpdf-3.01-i486-3.tgz:  Recompiled with xpdf-3.01pl2.patch to
  fix integer and heap overflows in xpdf triggered by malformed PDF files.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
  (* Security fix *)
+--------------------------+
Mon Nov  7 19:54:57 CST 2005
patches/packages/elm-2.5.8-i486-1.tgz:  Upgraded to elm2.5.8.
  This fixes a buffer overflow in the parsing of the Expires header that
  could be used to execute arbitrary code as the user running Elm.
  Thanks to Ulf Harnhammar for finding the bug and reminding me to get
  out updated packages to address the issue.
  A reference to the original advisory:
    http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
+--------------------------+
Sat Nov  5 22:19:08 CST 2005
patches/packages/apache-1.3.34-i486-1.tgz:  Upgraded to apache-1.3.34.
  Fixes this minor security bug:  "If a request contains both Transfer-Encoding
  and Content-Length headers, remove the Content-Length, mitigating some HTTP
  Request Splitting/Spoofing attacks."
  (* Security fix *)
patches/packages/curl-7.10.7-i486-2.tgz:  Patched.  This addresses a buffer
  overflow in libcurl's NTLM function that could have possible security
  implications.
  For more details, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
patches/packages/imapd-4.64-i486-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
patches/packages/koffice-1.2.1-i486-6.tgz:  Patched.
  Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
  (* Security fix *)
patches/packages/lynx-2.8.5rel.5-i486-1.tgz:  Upgraded to lynx-2.8.5rel.5.
  Fixes an issue where the handling of Asian characters when using lynx to
  connect to an NNTP server (is this a common use?) could result in a buffer
  overflow causing the execution of arbitrary code.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
  (* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz:
  Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/pine-4.64-i486-1.tgz:  Upgraded to pine-4.64.
patches/packages/wget-1.10.2-i486-1.tgz:  Upgraded to wget-1.10.2.
  This addresses a buffer overflow in wget's NTLM handling function that could
  have possible security implications.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
+--------------------------+
Thu Oct 13 13:57:25 PDT 2005
patches/packages/openssl-0.9.7d-i486-2.tgz:  Patched.
  Fixed a vulnerability that could, in rare circumstances, allow an attacker
  acting as a "man in the middle" to force a client and a server to negotiate
  the SSL 2.0 protocol (which is known to be weak) even if these parties both
  support SSL 3.0 or TLS 1.0.
  For more details, see:
    http://www.openssl.org/news/secadv_20051011.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
  (* Security fix *)
patches/packages/openssl-solibs-0.9.7d-i486-2.tgz:  Patched.
  (* Security fix *)
+--------------------------+
Mon Oct 10 15:14:22 PDT 2005
patches/packages/xine-lib-1rc4-i686-2.tgz:  Patched xine-lib-1-rc4.
  This fixes a format string bug where an attacker, if able to upload malicious
  information to a CDDB server and then get a local user to play a certain
  audio CD, may be able to run arbitrary code on the machine as the user
  running the xine-lib linked application.
  For more information, see:
    http://xinehq.de/index.php/security/XSA-2005-1
  (* Security fix *)
+--------------------------+
Mon Sep 12 23:38:33 PDT 2005
patches/packages/util-linux-2.12-i486-2.tgz:  Patched an issue with
  umount where if the umount failed when the '-r' option was used, the
  filesystem would be remounted read-only but without any extra flags
  specified in /etc/fstab.  This could allow an ordinary user able to
  mount a floppy or CD (but with nosuid, noexec, nodev, etc in
  /etc/fstab) to run a setuid binary from removable media and gain
  root privileges.
  Reported to BugTraq by David Watson:
    http://www.securityfocus.com/archive/1/410333
  (* Security fix *)
+--------------------------+
Mon Sep 12 12:49:39 PDT 2005
patches/packages/dhcpcd-1.3.22pl4-i486-2.tgz:  Patched an issue where a
  remote attacker can cause dhcpcd to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
  (* Security fix *)
+--------------------------+
Wed Sep  7 13:33:05 PDT 2005
patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz:  Upgraded to
  mod_ssl-2.8.24-1.3.33.  From the CHANGES file:
    Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was
    not enforced in per-location context if "SSLVerifyClient optional" was
    configured in the global virtual host configuration.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
  (* Security fix *)
patches/packages/tcpip-0.17-i486-24c.tgz:  Changed to a cleaner telnet patch
  borrowed from OpenBSD.  Two people, both using Slackware 9.1, informed me
  that the previous patch for telnet was causing a segfault when used with
  short hostnames from /etc/hosts (such as localhost).  If anyone is having
  a similar problem with other versions of Slackware, let me know.
  Thanks to Dragan Simic for telling me about the improved patch.
+--------------------------+
Tue Aug 30 12:57:21 PDT 2005
patches/packages/gaim-1.5.0-i486-1.tgz:  Upgraded to gaim-1.5.0.
  This fixes some more security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
  (* Security fix *)
patches/packages/pcre-6.3-i486-1.tgz:  Upgraded to pcre-6.3.
  This fixes a buffer overflow that could be triggered by the processing of a
  specially crafted regular expression.  Theoretically this could be a security
  issue if regular expressions are accepted from untrusted users to be
  processed by a user with greater privileges, but this doesn't seem like a
  common scenario (or, for that matter, a good idea).  However, if you are
  using an application that links to the shared PCRE library and accepts
  outside input in such a manner, you will want to update to this new package.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
patches/packages/php-4.3.11-i486-4.tgz:  Relinked with the system PCRE library,
  as the builtin library has a buffer overflow that could be triggered by the
  processing of a specially crafted regular expression.
  Note that this change requires the pcre package to be installed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
  Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
  insecure eval() function.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  (* Security fix *)
+--------------------------+
Fri Jul 29 11:39:32 PDT 2005
patches/packages/tcpip-0.17-i486-24b.tgz:  Patched two overflows in
  the telnet client that could allow the execution of arbitrary code
  when connected to a malicious telnet server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  (* Security fix *)
+--------------------------+
Fri Jul 22 13:52:54 PDT 2005
patches/packages/fetchmail-6.2.5.2-i486-1.tgz:
  Upgraded to fetchmail-6.2.5.2.
  This fixes an overflow by which malicious or compromised POP3 servers
  may overflow fetchmail's stack.
  For more information, see:
    http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
  (* Security fix *)
+--------------------------+
Thu Jul 14 15:22:27 PDT 2005
patches/packages/tcpdump-3.9.3-i486-1.tgz:  Upgraded to libpcap-0.9.3 and
  tcpdump-3.9.3.  This fixes an issue where an invalid BGP packet can
  cause tcpdump to go into an infinate loop, effectively disabling network
  monitoring.
  (* Security fix *)
patches/packages/xv-3.10a-i486-4.tgz:  Upgraded to the latest XV jumbo
  patches, xv-3.10a-jumbo-fix-patch-20050410 and
  xv-3.10a-jumbo-enh-patch-20050501.  These fix a number of format string
  and other possible security issues in addition to providing many other
  bugfixes and enhancements.
  (Thanks to Greg Roelofs)
  (* Security fix *)
+--------------------------+
Mon Jul 11 19:50:20 PDT 2005
patches/packages/php-4.3.11-i486-3.tgz:  Fixed build/packaging bugs.
+--------------------------+
Mon Jul 11 15:02:11 PDT 2005
patches/packages/php-4.3.11-i486-2.tgz:  Upgraded PEAR XML_RPC class.
  This new PHP package fixes a PEAR XML_RPC vulnerability.  Sites that use
  this PEAR class should upgrade to the new PHP package, or as a minimal
  fix may instead upgrade the XML_RPC PEAR class with the following command:
    pear upgrade XML_RPC
  (* Security fix *)
+--------------------------+
Tue Jun 21 22:32:29 PDT 2005
patches/packages/sudo-1.6.8p9-i486-1.tgz:  Upgraded to sudo-1.6.8p9.
  This new version of Sudo fixes a race condition in command pathname handling
  that could allow a user with Sudo privileges to run arbitrary commands.
  For full details, see the Sudo site:
    http://www.courtesan.com/sudo/alerts/path_race.html
  (* Security fix *)
+--------------------------+
Sat Jun 11 22:04:01 PDT 2005
patches/packages/gaim-1.3.1-i486-1.tgz:  Upgraded to gaim-1.3.1 and
  gaim-encryption-2.38.  This fixes a couple of remote crash bugs, so
  users of the MSN and Yahoo! chat protocols should upgrade to gaim-1.3.1.
  (* Security fix *)
+--------------------------+
Fri May 13 12:48:53 PDT 2005
patches/packages/gaim-1.3.0-i486-1.tgz:  Upgraded to gaim-1.3.0.  This fixes a
  few bugs which could be used by a remote attacker to annoy a GAIM user by
  crashing GAIM and creating a denial of service.
  (* Security fix *)
+--------------------------+
Sun May  1 22:07:25 PDT 2005
patches/packages/infozip-5.52-i486-1.tgz:  Upgraded to unzip552.tar.gz and
  zip231.tar.gz.  These fix some buffer overruns if deep directory paths are
  packed into a Zip archive which could be a security vulnerability (for
  example, in a case of automated archiving or backups that use Zip).  However,
  it also appears that these now use certain assembly instructions that might
  not be available on older CPUs, so if you have an older machine you may wish
  to take this into account before deciding whether you should upgrade.
  (* Security fix *)
+--------------------------+
Thu Apr 21 14:21:51 PDT 2005
patches/packages/cvs-1.11.20-i486-1.tgz:  Upgraded to cvs-1.11.20.
  From cvshome.org:  "This version fixes many minor security issues in the
  CVS server executable including a potentially serious buffer overflow
  vulnerability with no known exploit.  We recommend this upgrade for all CVS
  servers!"
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
  (* Security fix *)
patches/packages/gaim-1.2.1-i486-1.tgz:  Upgraded to gaim-1.2.1.
  According to gaim.sf.net, this fixes a few denial-of-service flaws.
  (* Security fix *)
patches/packages/python-2.3.5-i486-1.tgz:  Upgraded to python-2.3.5.
  From the python.org site:  "The Python development team has discovered a flaw
  in the SimpleXMLRPCServer library module which can give remote attackers
  access to internals of the registered object or its module or possibly other
  modules. The flaw only affects Python XML-RPC servers that use the
  register_instance() method to register an object without a _dispatch()
  method. Servers using only register_function() are not affected."
  For more details, see:
    http://python.org/security/PSF-2005-001/
  (* Security fix *)
patches/packages/python-demo-2.3.5-noarch-1.tgz:  Upgraded to python-2.3.5
  demos.
patches/packages/python-tools-2.3.5-noarch-1.tgz:  Upgraded to python-2.3.5
  tools.
+--------------------------+
Sun Apr  3 21:21:21 PDT 2005
patches/packages/php-4.3.11-i486-1.tgz:  Upgraded to php-4.3.11.
 "This is a maintenance release that in addition to over 70 non-critical bug
  fixes addresses several security issues inside the exif and fbsql extensions
  as well as the unserialize(), swf_definepoly() and getimagesize() functions."
  (* Security fix *)
+--------------------------+
Sat Mar 26 15:04:15 PST 2005
patches/packages/gaim-1.2.0-i486-1.tgz:  Upgraded to gaim-1.2.0 and
  gaim-encryption-2.36 (compiled against mozilla-1.4.4).
patches/packages/mozilla-1.4.4-i486-1.tgz:  Upgraded to mozilla-1.4.4.
  Fixes some security issues.  Please see mozilla.org for a complete list.
  (* Security fix *)
patches/packages/mozilla-plugins-1.4.4-noarch-1.tgz:  Adjusted plugin
  symlinks for Mozilla 1.4.4.
+--------------------------+
Sun Oct 31 19:50:59 PST 2004
patches/packages/apache-1.3.33-i486-1.tgz:  Upgraded to apache-1.3.33.
  This fixes one new security issue (the first issue, CAN-2004-0492, was fixed
  in apache-1.3.32).  The second bug fixed in 1.3.3 (CAN-2004-0940) allows a
  local user who can create SSI documents to become "nobody".  The amount of
  mischief they could cause as nobody seems low at first glance, but it might
  allow them to use kill or killall as nobody to try to create a DoS.
  (* Security fix *)
patches/packages/libtiff-3.5.7-i486-4.tgz:  Patched several bugs that could
  lead to crashes, or could possibly allow arbitrary code to be executed.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
  (* Security fix *)
patches/packages/mod_ssl-2.8.22_1.3.33-i486-1.tgz:  Upgraded to
  mod_ssl-2.8.22_1.3.33.
patches/packages/php-4.3.9-i486-1.tgz:  Fixed mod_php.conf to refer to
  /usr/libexec rather than /usr/libexec/apache.
+--------------------------+
Mon Oct 25 16:37:06 PDT 2004
patches/packages/apache-1.3.32-i486-1.tgz:  Upgraded to apache-1.3.32.
  This addresses a heap-based buffer overflow in mod_proxy by rejecting
  responses from a remote server with a negative Content-Length.  The
  flaw could crash the Apache child process, or possibly allow code to
  be executed as the Apache user (but only if mod_proxy is actually in
  use on the server).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492
  (* Security fix *)
patches/packages/mod_ssl-2.8.21_1.3.32-i486-1.tgz:
  Upgraded to mod_ssl-2.8.21-1.3.32.
  Don't allow clients to bypass cipher requirements, possibly negotiating
  a connection that the server does not consider secure enough.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
  (* Security fix *)
patches/packages/php-4.3.9-i486-1.tgz:  Upgraded to php-4.3.9.
+--------------------------+
Fri Oct 22 16:27:19 PDT 2004
patches/packages/gaim-1.0.2-i486-1.tgz:  Upgraded to gaim-1.0.2
  and gaim-encryption-2.32.  A buffer overflow in the MSN protocol
  handler for GAIM 0.79 to 1.0.1 allows remote attackers to cause
  a denial of service (application crash) and may allow the
  execution of arbitrary code.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891
  (* Security fix *)
+--------------------------+
Mon Oct 11 19:40:18 PDT 2004
patches/packages/rsync-2.6.3-i486-1.tgz:  Upgraded to rsync-2.6.3.
  From the rsync NEWS file:
      A bug in the sanitize_path routine (which affects a non-chrooted
      rsync daemon) could allow a user to craft a pathname that would get
      transformed into an absolute path for certain options (but not for
      file-transfer names).  If you're running an rsync daemon with chroot
      disabled, *please upgrade*, ESPECIALLY if the user privs you run
      rsync under is anything above "nobody".
  Note that rsync, in daemon mode, sets the "use chroot" to true by
  default, and (in this default mode) is not vulnerable to this issue.
  I would strongly recommend against setting "use chroot" to false
  even if you've upgraded to this new package.
  (* Security fix *)
+--------------------------+
Sun Oct  3 15:53:03 PDT 2004
patches/packages/getmail-3.2.5-noarch-1.tgz: Upgraded to
  getmaii-3.2.5.  Earlier versions contained a local security flaw
  when used in an insecure fashion (surprise, running something as
  root that writes to user-controlled files or directories could
  allow the old symlink attack to clobber system files!  :-)
  From the getmail CHANGELOG:
      This vulnerability is not exploitable if the administrator does
      not deliver mail to the maildirs/mbox files of untrusted local
      users, or if getmail is configured to use an external
      unprivileged MDA.  This vulnerability is not remotely exploitable.
  Most users would not use getmail in such as way as to be vulnerable
  to this flaw, but if your site does this package closes the hole.
  Note that getmail-3.2.5 refuses to deliver mail as root, so using
  getmail in this way will not be possible.  Either run it as the
  user that owns the target mailbox, or (in the case of root) deliver
  through an external MDA.  Getmail-4 does not have this restriction,
  but it requires a newer version of python...
  (* Security fix *)
+--------------------------+
Sun Sep 19 18:53:28 PDT 2004
patches/packages/cups-1.1.21-i486-1.tgz:  Upgraded to cups-1.1.21.
  This fixes a flaw where a remote attacker can crash the CUPS
  server causing a denial of service.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
  (* Security fix *)
+--------------------------+
Fri Sep  3 17:06:35 PDT 2004
patches/packages/kdebase-3.1.4-i486-2.tgz: Patched frame injection
  vulnerability in Konqueror.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
  (* Security fix *)
patches/packages/kdelibs-3.1.4-i486-3.tgz: Patched unsafe temporary directory
  usage, cross-domain cookie injection vulnerability for certain country
  specific domains, and frame injection vulnerability in Konqueror.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
  (* Security fix *)
+--------------------------+
Fri Aug 27 14:30:06 PDT 2004
patches/packages/gaim-0.82.1-i486-1.tgz:  Upgraded to gaim-0.82.1 to fix a
  couple of bugs in the gaim-0.82 release.  Also, gaim-encryption-2.29 did
  not work with gaim-0.82 (or 0.82.1), so that has been upgraded to
  gaim-encryption-2.30.
+--------------------------+
Thu Aug 26 17:51:12 PDT 2004
patches/packages/gaim-0.82-i486-1.tgz:
  Upgraded to gaim-0.82 and gaim-encryption-2.29.
  Fixes several security issues:
     Content-length DOS (malloc error) (no CAN ID on this one)
     MSN strncpy buffer overflow (CAN-2004-0500)
     Groupware message receive integer overflow (CAN-2004-0754)
     Smiley theme installation lack of escaping (CAN-2004-0784)
     RTF message buffer overflow, Local hostname resolution buffer overflow,
       URL decode buffer overflow (these 3 are CAN-2004-0785)
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
  (* Security fix *)
+--------------------------+
Mon Aug 23 14:00:34 PDT 2004
patches/packages/qt-3.2.1-i486-2.tgz:  Patched bugs in the image
  loading routines which could be used by an attacker to run
  unauthorized code or create a denial-of-service.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
  (* Security fix *)
+--------------------------+
Mon Aug  9 12:17:35 PDT 2004
patches/packages/mozilla-1.4.3-i486-1.tgz:  Upgraded to Mozilla 1.4.3.
  Unfortunately, this breaks both Galeon and Epiphany and there are
  no new versions that will work with this Mozilla along with the
  Slackware 9.1 version of GNOME.  Sorry about that.
  This fixes a ton of security issues.  If you want to find out about
  all of them, here are the URLs find out more:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0722
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0757
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0759
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0760
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0761
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0762
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0764
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0765
(* Security fix *)
patches/packages/mozilla-plugins-1.4.3-noarch-1.tgz:  Updated
  symlinks to use /usr/lib/mozilla-1.4.3/.
+--------------------------+
Sat Aug  7 17:16:58 AKDT 2004
patches/packages/imagemagick-5.5.7_25-i486-1.tgz:  Upgraded to
  ImageMagick-5.5.7_25.  Fixes PNG security issues.
  (* Security fix *)
patches/packages/libpng-1.2.5-i486-3.tgz:  Patched possible security
  issues including buffer and integer overflows and null pointer
  references.  These issues could cause program crashes, or possibly
  allow arbitrary code embedded in a malicious PNG image to execute.
  The PNG library is widely used within the system, so all sites
  should upgrade to the new libpng package.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
  (* Security fix *)
patches/packages/sox-12.17.4-i486-3.tgz:  Patched buffer overflows
  that could allow a malicious WAV file to execute arbitrary code.
  (* Security fix *)
+--------------------------+
Sun Jul 25 17:50:07 PDT 2004
patches/packages/mod_ssl-2.8.19_1.3.31-i486-1.tgz:
  Upgraded to mod_ssl-2.8.19-1.3.31.
  This fixes a security hole (ssl_log() related format string
  vulnerability in mod_proxy hook functions), so sites using mod_ssl
  should upgrade to the new version.  Be sure to back up your existing
  key files first.
  (* Security fix *)
patches/packages/samba-2.2.10-i486-1.tgz:  Upgraded to samba-2.2.10.
  A buffer overrun has been located in the code used to support
  the 'mangling method = hash' smb.conf option.  Affected Samba
  2.2 installations can avoid this possible security bug by using
  the hash2 mangling method.  Server installations requiring
  the hash mangling method are encouraged to upgrade to Samba v2.2.10
  or v3.0.5.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
  (* Security fix *)
+--------------------------+
Tue Jul 20 20:17:19 PDT 2004
patches/packages/php-4.3.8-i486-1.tgz:  Upgraded to php-4.3.8.
  This release fixes two security problems in PHP (memory_limit handling and
  a problem in the strip_tags function).  Sites using PHP should upgrade.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595
  (* Security fix *)
+--------------------------+
Tue Jun 15 02:11:41 PDT 2004
patches/packages/kernel-ide-2.4.26-i486-3.tgz:  Patched local DoS
  (CAN-2004-0554).  Without this patch to asm-i386/i387.h a local user
  can crash the kernel.
  (* Security fix *)
patches/packages/kernel-source-2.4.26-noarch-2.tgz:  Patched local DoS
  (CAN-2004-0554).  The new patch can be found here, too:
  patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz
  (* Security fix *)
patches/kernels/*:  Patched local DoS (CAN-2004-0554).
  (* Security fix *)
+--------------------------+
Wed Jun  9 11:35:15 PDT 2004
patches/packages/cvs-1.11.17-i486-1.tgz:  Upgraded to cvs-1.11.17.
  From the cvs NEWS file:
  * Thanks to Stefan Esser & Sebastian Krahmer, several potential security
    problems have been fixed.  The ones which were considered dangerous enough
    to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
    CAN-2004-0418 by the Common Vulnerabilities and Exposures Project.  Please
    see <http://www.cve.mitre.org> for more information.
  * A potential buffer overflow vulnerability in the server has been fixed.
    This addresses the Common Vulnerabilities and Exposures Project's issue
    CAN-2004-0414.  Please see <http://www.cve.mitre.org> for more information.
  (* Security fix *)
+--------------------------+
Wed Jun  2 11:28:17 PDT 2004
patches/packages/apache-1.3.31-i486-1.tgz:  Upgraded to apache-1.3.31, needed
  to use the new mod_ssl.  If /usr/sbin/apachectl is a link to mod_ssl's
  apachectl, do not replace it.
patches/packages/mod_ssl-2.8.18_1.3.31-i486-1.tgz:  Upgraded to
  mod_ssl-2.8.18-1.3.31.  This fixes a buffer overflow that may allow remote
  attackers to execute arbitrary code via a client certificate with a long
  subject DN, if mod_ssl is configured to trust the issuing CA:
    *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
      if the Subject-DN in the client certificate exceeds 6KB in length.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
  (* Security fix *)
  Other changes:  Make the sample keys .new so as not to overwrite existing
  server keys.  However, any existing mod_ssl package will have these listed
  as non-config files, and will still remove and replace these upon upgrade.
  You'll have to save your config files one more time... sorry).
patches/packages/php-4.3.6-i486-1.tgz:  Upgraded to php-4.3.6.  This is
  compiled with c-client.a in /usr/local/lib/c-client/ to fix a problem in
  previous php packages where linking against the library in a path under
  /tmp caused an ELF rpath to this location to be built into the PHP binaries.
  A local attacker could (by placing shared libraries in this location) either
  crash PHP or cause arbitrary code to be executed as the PHP user (typically
  "nobody").  Thanks to Bryce Nichols for discovering this issue and bringing
  it to my attention.
  (* Security fix *)
+--------------------------+
Mon May 31 16:42:50 PDT 2004
patches/packages/mc-4.6.0-i486-4.tgz:  Patched to fix some problems with
  hotkeys and php syntax parsing that were caused by the recent changes.
+--------------------------+
Wed May 19 14:16:32 PDT 2004
patches/packages/cvs-1.11.16-i486-1.tgz:  Upgraded to cvs-1.11.16.  From
  the NEWS file:
    A potential buffer overflow vulnerability in the server has been fixed.
    Prior to this patch, a malicious client could potentially use carefully
    crafted server requests to run arbitrary programs on the CVS server
    machine.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
  (* Security fix *)
+--------------------------+
Mon May 17 19:31:12 PDT 2004
patches/packages/kdelibs-3.1.4-i486-2.tgz:  Patched URI security
  issues.  According to www.kde.org:
    The telnet, rlogin, ssh and mailto URI handlers in KDE do not
    check for '-' at the beginning of the hostname passed, which
    makes it possible to pass an option to the programs started
    by the handlers.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
  (* Security fix *)
+--------------------------+
Fri May 14 15:11:37 PDT 2004
patches/packages/mc-4.6.0-i486-2.tgz:  Patched to fix buffer overflow,
  format string, and temporary file creation vulnerabilities found by
  Andrew V. Samoilov and Pavel Roskin.  These could lead to a denial of
  service or the execution of arbitrary code as the user running mc.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232
  (* Security fix *)
+--------------------------+
Wed May 12 13:06:39 PDT 2004
patches/packages/apache-1.3.29-i486-2.tgz:  Patched four security issues
  in the Apache web server as noted on http://httpd.apache.org.
  These security fixes were backported from Apache 1.3.31:

    In mod_digest, verify whether the nonce returned in the client
    response is one we issued ourselves.  This problem does not affect
    mod_auth_digest. (CAN-2003-0987)

    Escape arbitrary data before writing into the errorlog.  (CAN-2003-0020)

    Fix starvation issue on listening sockets where a short-lived connection
    on a rarely-accessed listening socket will cause a child to hold the
    accept mutex and block out new connections until another connection
    arrives on that rarely-accessed listening socket.  (CAN-2004-0174)

    Fix parsing of Allow/Deny rules using IP addresses without a netmask;
    issue is only known to affect big-endian 64-bit platforms (CAN-2003-0993)

  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993

  (* Security fix *)
+--------------------------+
Tue May  4 13:11:26 PDT 2004
patches/packages/bin-8.5.0-i486-2.tgz:  Fixed buffer overflows and
  directory traversal vulnerabilities in the 'lha' archive utility.  Sites
  using 'lha' should upgrade to the new bin package right away.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235
  (* Security fix *)
  Upgraded to dosfstools-2.10.
+--------------------------+
Sun May  2 17:16:41 PDT 2004
patches/packages/libpng-1.2.5-i486-2.tgz:  Patched a problem where
  libpng may access memory that is out of bounds when creating an error
  message, possibly crashing libpng and creating a denial of service.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
  (* Security fix *)
patches/packages/rsync-2.6.2-i486-1.tgz:  Upgraded to rsync-2.6.2.
  Rsync before 2.6.1 does not properly sanitize paths when running a
  read/write daemon without using chroot, allowing remote attackers to
  write files outside of the module's path.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426
  (* Security fix *)
patches/packages/sysklogd-1.4.1-i486-9.tgz:  Patched a bug which could allow
  a user to cause syslogd to write to unallocated memory and crash.
  Thanks to Steve Grubb for finding the bug, and Solar Designer for refining
  the patch.
  (* Security fix *)
patches/packages/xine-lib-1rc4-i686-1.tgz:  Upgraded to xine-lib-1-rc4.
  This fixes an exploit possible when playing Real RTSP streams.
  For more details, see:
    http://www.xinehq.de/index.php/security/XSA-2004-3
  (* Security fix *)
+--------------------------+
Wed Apr 28 10:19:51 PDT 2004
patches/packages/kernel-ide-2.4.26-i486-2.tgz:  The first version of this
  package included one of the old 2.4.22 kernels by mistake.  Thanks to the
  many people who pointed out this error.  Sorry!
  (* Security fix *)
+--------------------------+
Tue Apr 27 15:25:29 PDT 2004
patches/packages/alsa-driver-0.9.8-i486-3.tgz:  Recompiled for Linux 2.4.26.
patches/packages/hotplug-2004_01_05-noarch-1.tgz:  This adds bugfixes for using
  a 2.6.x kernel, and adds the broken via-ircc module to the hotplug blacklist.
  Note that upgrading the package will not replace an existing blacklist, but
  as far as I can tell there are no ill effects from trying to load via-ircc
  other than the ugly mess on the screen at boot time.
patches/packages/kernel-ide-2.4.26-i486-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernel-headers-2.4.26-i386-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernel-modules-2.4.26-i486-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernel-source-2.4.26-noarch-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernels/*:  Upgraded to Linux 2.4.26.
  These 2.4.26 kernel upgrades fix:
    an overflow in ip_setsockopt() [CAN-2004-0424]
    a flaw in do_fork() that could lead to a DoS
    an (unexploitable) overflow in panic() [CAN-2004-0394]
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424
  (* Security fix *)
+--------------------------+
Tue Apr 20 19:01:58 PDT 2004
patches/packages/xine-lib-1rc3c-i686-1.tgz:  Upgraded to xine-lib-1-rc3c.
  This release fixes a security problem where opening a malicious MRL
  could write to system (or other) files.  For detailed information, see:
    http://www.xinehq.de/index.php/security/XSA-2004-1
  Thanks to Dario Nicodemi for the heads-up on this advisory.
  (* Security fix *)
patches/packages/xine-ui-0.99.1-i686-1.tgz:  Upgraded to xine-ui-0.99.1,
  which fixes a similar MRL security issue.  For details, see:
    http://www.xinehq.de/index.php/security/XSA-2004-2
  Thanks again to Dario Nicodemi.
  (* Security fix *)
+--------------------------+
Mon Apr 19 13:51:01 PDT 2004
patches/packages/utempter-1.1.1-i486-1.tgz:  Upgraded to libutempter-1.1.1
  (this is a new version written by Dmitry V. Levin of ALT Linux).
  This upgrade fixes a low-level security issue in utempter-0.5.2 where
  utempter could possibly be tricked into writing through a symlink, and is
  a cleaner implementation all-around.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233
  (* Security fix *)
+--------------------------+
Sat Apr 17 14:09:23 PDT 2004
patches/packages/cvs-1.11.15-i486-1.tgz:  Upgraded to cvs-1.11.15.
  Fixes two security problems (server creating arbitrary files on a client
  machine, and client viewing files outside of the CVS repository).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405
  (* Security fix *)
+--------------------------+
Sat Apr 17 11:03:35 PDT 2004
patches/packages/tcpdump-3.8.3-i486-1.tgz:  Upgraded to tcpdump-3.8.3 and
  libpcap-0.8.3.  This fixes a couple minor bugs that shouldn't affect
  32-bit ix86 Slackware, but we might as well have the latest.
  According to www.tcpdump.org:

    TCPDUMP version 3.8.3 has been released as of March 30, 2004. 3.8.3 is
    identical to 3.8.2, but the version number has been incremented to
    match libpcap.

    LIBPCAP version 0.8.3 has been released as of March 30, 2004. 0.8.3
    fixes a minor problem with gencode.c on 64-bit architectures. It also
    carries the correct version numbers.
+--------------------------+
Tue Mar 30 22:16:38 PST 2004
patches/packages/tcpdump-3.8.2-i486-1.tgz:  Upgraded to tcpdump-3.8.2
  and libpcap-0.8.2.  Fixes denial-of-service security issues.
  For more details, see:
    http://www.rapid7.com/advisories/R7-0017.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184
  (* Security fix *)
patches/packages/kernel-headers-2.4.24-i386-1.tgz:  Added.
+--------------------------+
Wed Mar 17 14:41:42 PST 2004
patches/packages/openssl-0.9.7d-i486-1.tgz:  Upgraded to openssl-0.9.7d.
patches/packages/openssl-solibs-0.9.7d-i486-1.tgz:  Upgraded to
  openssl-0.9.7d.  This fixes two potential denial-of-service issues in
  earlier versions of OpenSSL.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
  (* Security fix *)
+--------------------------+
Wed Feb 18 03:44:42 PST 2004
patches/kernels/:  Recompiled to fix another bounds-checking error in
  the kernel mremap() code.  (this is not the same issue that was fixed
  on Jan 6)  This bug could be used by a local attacker to gain root
  privileges.  Sites should upgrade to a new kernel.  After installing
  the new kernel, be sure to run 'lilo'.
    For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
  Thanks to Paul Starzetz for finding and researching this issue.
  (* Security fix *)
patches/packages/kernel-ide-2.4.24-i486-2.tgz:  Patched, recompiled.
  (* Security fix *)
patches/packages/kernel-source-2.4.24-noarch-2.tgz:  Patched the kernel
  source with a fix for the mremap() problem from Solar Designer, and
  updated the Speakup driver (not pre-applied).
  (* Security fix *)
patches/packages/metamail-2.7-i486-2.tgz:  Patched two format string
  bugs and two buffer overflows in metamail which could lead to
  unauthorized code execution.  Thanks to Ulf Härnhammar for discovering
  these problems and providing a patch.
  (* Security fix *)
+--------------------------+
Thu Feb 12 10:00:37 PST 2004
patches/packages/mutt-1.4.2i-i486-1.tgz:  Upgraded to mutt-1.4.2i.
  This fixes an overflow that is a potential security hole.  Here's the
  information from www.mutt.org:
    "Mutt 1.4.2 was released on February 11, 2004. This version fixes a buffer
     overflow that can be triggered by incoming messages.  There are reports
     about spam that has actually triggered this problem and crashed mutt. It
     is recommended that users of mutt versions prior to 1.4.2 upgrade to this
     version, or apply the patch included below."
  (* Security fix *)
patches/packages/xfree86-4.3.0-i486-6.tgz:  Patched to fix buffer overflow
  problems with the parsing of 'font.alias' files that could allow
  unauthorized code execution.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
  (* Security fix *)
+--------------------------+
Mon Jan 26 15:27:17 PST 2004
patches/packages/gaim-0.75-i486-1.tgz:  Upgraded to gaim-0.75 and patched
  12 overflows that can allow remote compromise.  All GAIM users should
  upgrade.
  (* Security fix *)
+--------------------------+
Wed Jan 14 11:58:58 PST 2004
patches/packages/inn-2.4.1-i486-1.tgz:  Upgraded to inn-2.4.1.
  From the inn-2.4.1 NEWS file:
    * SECURITY: Handle the special filing of control messages into per-type
    newsgroups more robust.  This closes a potentially exploitable buffer
    overflow.  Thanks to Dan Riley for his excellent bug report.
  (* Security fix *)
patches/packages/kdepim-3.1.4-i486-2.tgz:  Recompiled with security patch
  post-3.1.4-kdepim-kfile-plugins.diff.  From the KDE advisory:

    The KDE team has found a buffer overflow in the file information reader
    of VCF files.  A carefully crafted .VCF file potentially enables local
    attackers to compromise the privacy of a victim's data or execute
    arbitrary commands with the victim's privileges.
      By default, file information reading is disabled for remote files.
    However, if previews are enabled for remote files, remote attackers may
    be able to compromise the victim's account.

  For more details, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988
  (* Security fix *)
+--------------------------+
Thu Jan  8 13:31:49 PST 2004
patches/packages/j2sdk-1_4_2_03-i586-1.tgz:  Upgraded to Java(TM) 2 Software
  Development Kit Standard Edition, Version 1.4.2_03.  Among other fixes,
  this updates the Verisign root certificates which expired yesterday in the
  version of Java shipped in Slackware 9.1.
  Thanks to Dominik L. Borkowski for the heads-up.  :-)
+--------------------------+
Tue Jan  6 15:01:54 PST 2004
patches/kernels/:  Upgraded to Linux 2.4.24.  This fixes a bounds-checking
  problem in the kernel's mremap() call which could be used by a local attacker
  to gain root privileges.  Sites should upgrade to the 2.4.24 kernel and
  kernel modules.  After installing the new kernel, be sure to run 'lilo'.
    For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
  Thanks to Paul Starzetz for finding and researching this issue.
  (* Security fix *)
patches/packages/alsa-driver-0.9.8-i486-2.tgz:  Recompiled against
  linux-2.4.24.
patches/packages/cvs-1.11.11-i486-1.tgz:  Upgraded to cvs-1.11.11.
  This version enforces greater security.  Changes include pserver
  refusing to run as root, and logging attempts to exploit the security
  hole fixed in 1.11.10 in the syslog.
patches/packages/kernel-ide-2.4.24-i486-1.tgz:  Upgraded bare.i kernel
  package to Linux 2.4.24.
patches/packages/kernel-modules-2.4.24-i486-1.tgz:  Upgraded to Linux
  2.4.24 kernel modules.
patches/packages/kernel-source-2.4.24-noarch-1.tgz:  Upgraded to Linux
  2.4.24 kernel source, with XFS and Speakup patches included (but not
  pre-applied).  This uses the XFS and Speakup patches for 2.4.23, which
  should be fine since 2.4.24 didn't change much code.  Proper XFS
  patches for 2.4.24 will probably be out soon to fix the one Makefile
  rejection for EXTRAVERSION = -xfs, but likely little else will be
  different since XFS development has already gone ahead to what is now
  the 2.4.25-pre kernel series.
patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-2.tgz:
  Recompiled against linux-2.4.24-xfs.
patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.24-i486-1.tgz:
  Upgraded to Linux 2.4.24 kernel modules for the xfs.s (XFS patched)
  kernel.
+--------------------------+
Fri Dec 12 11:12:05 PST 2003
patches/packages/lftp-2.6.10-i486-1.tgz:  Upgraded to lftp-2.6.10.
  According to the NEWS file, this includes "security fixes in html
  parsing code" which could cause a compromise when using lftp to
  access an untrusted site.
  (* Security fix *)
+--------------------------+
Thu Dec 11 12:29:30 PST 2003
patches/packages/cvs-1.11.10-i486-1.tgz:  Upgraded to cvs-1.11.10.
From the NEWS file:
  SERVER SECURITY ISSUES
    * Malformed module requests could cause the CVS server to attempt to
    create directories and possibly files at the root of the filesystem
    holding the CVS repository.  Filesystem permissions usually prevent
    the creation of these misplaced directories, but nevertheless, the
    CVS server now rejects the malformed requests.
  (* Security fix *)
+--------------------------+
Sat Dec  6 15:39:32 PST 2003
patches/packages/lesstif-0.93.94-i486-1.tgz:  Upgraded to lesstif-0.93.94.
  This should be a more stable version (thanks to Andrea Comerlati, who
  reported a crash with xmgrace compiled against lesstif-0.93.91).
+--------------------------+
Wed Dec  3 22:18:35 PST 2003
patches/packages/rsync-2.5.7-i486-1.tgz:  Upgraded to rsync-2.5.7.
  From the rsync-2.5.7-NEWS file:
    SECURITY:
    * Fix buffer handling bugs.  (Andrew Tridgell, Martin Pool, Paul
      Russell, Andrea Barisani)
  The vulnerability affects sites running rsync in daemon mode (rsync
  servers).  These sites should be upgraded immediately.
  (* Security fix *)
+--------------------------+
Tue Dec  2 12:40:30 PST 2003
patches/packages/gnupg-1.2.3-i486-2.tgz:  Removed support for ElGamal
  keys, since an implementation error has caused many of these to be
  easily compromised.  Any existing sign+encrypt ElGamal keys should
  be revoked (and you'll need to use your existing gpg to do that).
  Fortunately, ElGamal is not used by default in GnuPG, is not widely
  used, and was never a popular choice because it produced larger
  signatures and was more costly to encrypt/decrypt than other
  choices.  If you've been using ElGamal, you will need to select a
  new key cipher type for your replacement key (my suggestion would
  be to go with the GnuPG default).
  (* Security fix *)
+--------------------------+
Mon Dec  1 21:36:30 PST 2003
patches/kernels/:  Upgraded to Linux 2.4.23.  This fixes a bug in the
  kernel's do_brk() function which a local user could exploit to gain
  root privileges.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
  Sites should upgrade to the 2.4.23 kernel and kernel modules.  After
  installing the new kernel, be sure to run 'lilo'.
  (* Security fix *)
patches/packages/alsa-driver-0.9.8-i486-1.tgz:  Upgraded to
  alsa-driver-0.9.8, compiled against linux-2.4.23.
patches/packages/alsa-lib-0.9.8-i486-1.tgz:  Upgraded to alsa-lib-0.9.8.
patches/packages/alsa-oss-0.9.8-i486-1.tgz:  Upgraded to alsa-oss-0.9.8.
patches/packages/alsa-utils-0.9.8-i486-1.tgz:  Upgraded to
  alsa-utils-0.9.8.
patches/packages/kernel-ide-2.4.23-i486-1.tgz:  Upgraded bare.i kernel
  package to Linux 2.4.23.
patches/packages/kernel-modules-2.4.23-i486-1.tgz:  Upgraded to Linux
  2.4.23 kernel modules.
patches/packages/kernel-source-2.4.23-noarch-2.tgz:  Upgraded to Linux
  2.4.23 kernel source, with XFS and Speakup patches included (but not
  pre-applied).
patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz:
  Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23-xfs.
patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz:
  Upgraded to Linux 2.4.23 kernel modules for the xfs.s (XFS patched)
  kernel.
+--------------------------+
Mon Nov  3 20:06:29 PST 2003
patches/packages/apache-1.3.29-i486-1.tgz:  Upgraded to apache-1.3.29.
  This fixes the following local security issue:
    o CAN-2003-0542 (cve.mitre.org)
      Fix buffer overflows in mod_alias and mod_rewrite which occurred if
      one configured a regular expression with more than 9 captures.
  This vulnerability requires the attacker to create or modify certain
  Apache configuration files, and is not a remote hole.  However, it could
  possibly be used to gain additional privileges if access to the Apache
  administrator account can be gained through some other means.  All sites
  running Apache should upgrade.
  (* Security fix *)
patches/packages/mod_ssl-2.8.16_1.3.29-i486-1.tgz:  Upgraded to
  mod_ssl-2.8.16_1.3.29.
+--------------------------+
Wed Oct 22 12:10:11 PDT 2003
patches/packages/fetchmail-6.2.5-i486-1.tgz:  Upgraded to fetchmail-6.2.5.
  This fixes a security issue where a specially crafted message could cause
  fetchmail to crash, preventing the user from retrieving email.
  (* Security fix *)
patches/packages/gdm-2.4.4.5-i486-1.tgz:  Upgraded to gdm-2.4.4.5.  This
  fixes a bug which can allow a local user to crash gdm, preventing
  access until the machine is rebooted.
  (* Security fix *)
+--------------------------+
Sun Oct 12 13:01:53 PDT 2003
patches/packages/rpm-4.2.1-i486-2.tgz:  Fixed /var/tmp with wrong (only
  writable by root) permissions.  RPM really shouldn't have installed its
  own /var/tmp anyway, but now it needs to be corrected before it can be
  removed.  Thanks to Denis A. Kaledin for reporting this permissions bug.
+--------------------------+
Wed Oct  8 13:17:01 PDT 2003
patches/packages/gstreamer-0.6.3-i486-3.tgz:  This adds appropriate
  installation scripts to make sure that gst-register is run.  This
  builds the /var/lib/cache/gstreamer-0.6/registry.xml database which
  is needed for applications using the gstreamer framework to function
  correctly.  Installing this updated package will run gst-register for
  you (or you can simply run it yourself as root).
  Thanks to Eugenia Loli-Queru for the bug report.
patches/packages/rpm-4.2.1-i486-1.tgz:  Upgraded to rpm-4.2.1.
  This fixes problems with the version of RPM shipped with Slackware 9.1.
  After the release, it was discovered that attempting to install packages
  with RPM would cause it to segfault, and that recompiling that version of
  RPM produced a broken binary unable to build SRPMs (this had been
  discovered previously, and was the reason RPM had been compiled statically;
  unfortunately the static binary quit working for unknown reasons).
  The 4.1.x series seems to have the same problems with SRPM building not
  working (an incompatibility with glibc-2.3.2, perhaps?), but the 4.2.1
  version has been tested and found to work.
+--------------------------+
Wed Oct  1 16:57:53 PDT 2003
patches/packages/openssl-solibs-0.9.7c-i486-2.tgz:  Rebuilt.
patches/packages/openssl-0.9.7c-i486-2.tgz:  Some minor bugs in the 0.9.7c
  release caused a few manpages to be incorrectly installed, as well as
  /usr/lib/pkgconfig to be chmoded 644 (which will lead to problems
  compiling things).  These problems are fixed in our -2 build.
  Thanks to Frédéric L. W. Meunier and Mark Post for the bug reports.
+--------------------------+
Tue Sep 30 16:16:35 PDT 2003
patches/packages/openssl-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL 0.9.7c.
patches/packages/openssl-solibs-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL 0.9.7c.
  This update fixes problems with OpenSSL's ASN.1 parsing which could lead to
  a denial of service.  It is not known whether the problems could lead to the
  running of malicious code on the server, but it has not been ruled out.
  For detailed information, see OpenSSL's security advisory:
    http://www.openssl.org/news/secadv_20030930.txt
  We recommend sites that use OpenSSL upgrade to the fixed packages right away.
  (* Security fix *)
+--------------------------+
Thu Sep 25 07:00:08 PDT 2003
Slackware 9.1 is released.  Enjoy!
+--------------------------+
Thu Sep 25 02:31:24 PDT 2003
extra/swaret/swaret-1.3.1-noarch-8.tgz:  Upgraded to swaret-1.3.1-noarch-8.
+--------------------------+
Wed Sep 24 23:57:23 PDT 2003
a/module-init-tools-0.9.14-i486-2.tgz:  Added /bin/lsmod.old -> /sbin/lsmod.old
  symbolic link (thanks to Adrien Beau).
a/slocate-2.7-i486-2.tgz:  Don't add slocate to /etc/group twice.
  (thanks to mRgOBLIN)
a/sysvinit-2.84-i486-36.tgz:  Version 2.85 has a bug parsing the default
  environment, so we'll stick with a stable version for now.
  (noticed by Gerardo Exequiel Pozzi)
d/python-2.3.1-i486-1.tgz:  Upgraded to python-2.3.1.
d/python-demo-2.3.1-noarch-1.tgz:  Upgraded to demos for python-2.3.1.
d/python-tools-2.3.1-noarch-1.tgz:  Upgraded to tools for python-2.3.1.
gnome/eel-2.4.0-i486-2.tgz:  Fix docs perms.  (thanks to mRgOBLIN)
l/imlib-1.9.14-i486-2.tgz:  Fix docs perms.  (thanks to mRgOBLIN)
l/libxml2-2.5.11-i486-2.tgz:  Fix docs dir perms.  (thanks to mRgOBLIN)
n/bind-9.2.2_P3-i486-1.tgz:  Upgraded to bind-9.2.2-P3.
n/ntp-4.1.2-i486-2.tgz:  Fix docs perms.  (thanks to mRgOBLIN)
n/stunnel-4.04-i486-2.tgz:  Fix docs dir perms.  (thanks to mRgOBLIN)
n/tcpip-0.17-i486-24.tgz:  Added ethtool-1.8.  (suggested by Felix Radensky)
extra/bittorrent/bittorrent-3.3-noarch-1.tgz:  Upgraded to BitTorrent-3.3.
rootdisks/network.dsk:  Keep modules available for modprobe until the user hits
  enter to unmount the disk.  (thanks to Piter PUNK)
zipslack/:  Upgraded to module-init-tools-0.9.14-i486-2.tgz,
  sysvinit-2.84-i486-35.tgz, and tcpip-0.17-i486-24.tgz.
+--------------------------+
Tue Sep 23 21:57:32 PDT 2003
In record time, this is Slackware 9.1 release candidate 2.  :-)
gnome/gal2-1.99.10-i486-1.tgz:  Upgraded to gal-1.99.10.
gnome/gdm-2.4.4.2-i486-1.tgz:  Upgraded to gdm-2.4.4.2.
gnome/gnome-applets-2.4.1-i486-1.tgz:  Upgraded to gnome-applets-2.4.1.
n/openssh-3.7.1p2-i486-1.tgz:  Upgraded to openssh-3.7.1p2.
  This fixes security problems with PAM authentication.  It also includes
  several code cleanups from Solar Designer.  Slackware does not use PAM and is
  not vulnerable to any of the fixed problems.
  Please indulge me for this brief aside (as requests for PAM are on the rise):
    If you see a security problem reported which depends on PAM, you can be
    glad you run Slackware.  I think a better name for PAM might be SCAM, for
    Swiss Cheese Authentication Modules, and have never felt that the small
    amount of convenience it provides is worth the great loss of system
    security.  We miss out on half a dozen security problems a year by not
    using PAM, but you can always install it yourself if you feel that
    you're missing out on the fun.  (No, don't do that)
  OK, I'm done ranting here. :-)
  I suppose this is still a:
  (* Security fix *)
n/proftpd-1.2.8p-i486-1.tgz:  Upgraded to proftpd-1.2.8p (patched).
  This fixes a security problem in ProFTPD.  From http://www.proftpd.org:

    X-Force Research at ISS has discovered a remote exploit in ProFTPD's
    handling of ASCII translations that an attacker, by downloading a
    carefully crafted file, can exploit and gain a root shell.  The source
    distributions on ftp.proftpd.org have all been replaced with patched
    versions. All ProFTPD users are strongly urged to upgrade to one of
    the patched versions as soon as possible.

  Note that the upgraded package does not change the displayed version
  number to 1.2.8p (it remains 1.2.8), but we've verified the source code
  to make sure that this is in fact the patched version.  We recommend all
  sites running ProFTPD upgrade to the new package right away.
  (* Security fix *)
extra/kernel-modules-xfs/alsa-driver-xfs-0.9.6-i486-3.tgz:  Renamed.
  Bruno Henrique Collovini wasn't going to leave me alone until I did this. ;-)
extra/kernel-modules-xfs/kernel-modules-xfs-2.4.22-i486-3.tgz:  Renamed.
pasture/dontuse/wu-ftpd/wu-ftpd-2.6.2-i486-3.tgz:  Fixed a security problem in
  /etc/ftpconversions (CVE-1999-0997).  There's also another hole in wu-ftpd
  which may be triggered if the MAIL_ADMIN feature (notifies the admin of
  anonymous uploads) is used, so MAIL_ADMIN has been disabled in this build.
  Also note that we've moved this from /pasture to /pasture/dontuse, which
  should tell you something.
  (* Security fix *)
zipslack/:  Upgraded to openssh-3.7.1p2-i486-1.tgz.
+--------------------------+
Mon Sep 22 22:58:30 PDT 2003
This is Slackware 9.1 release candidate 1.
isolinux/initrd.img, rootdisks/install.*:  Added reiserfsck.
a/pkgtools-9.1.0-i486-4.tgz:  Fixed setup.services to test to see if
  init scripts are present before trying to chmod them.
n/proftpd-1.2.8-i486-4.tgz:  Added support for mod_tls.
  (suggested by Andrey V. Panov)
xap/gxine-0.3.3-i486-1.tgz:  Added gxine-0.3.3.
extra/ham/ax25_apps-0.0.6-i486-3:  Added missing /var/spool/ax25 directory.
extra/swaret/swaret-1.3.1-noarch-7.tgz:  Updated.
zipslack/:  Added an updated ZipSlack.
+--------------------------+
Sun Sep 21 21:38:15 PDT 2003
a/procps-2.0.16-i486-2.tgz:  Fixed missing slabtop.
  (noticed by Gerardo Exequiel Pozzi)
d/automake-1.7.7-noarch-1.tgz:  Upgraded to automake-1.7.7.
d/binutils-2.14.90.0.6-i486-1.tgz:  Upgraded to binutils-2.14.90.0.6.
d/clisp-2.31-i486-1.tgz:  Upgraded to clisp-2.31.
d/guile-1.6.4-i486-1.tgz:  Upgraded to guile-1.6.4.
l/lesstif-0.93.91-i486-1.tgz:  Upgraded to lesstif-0.93.91.
l/pilot-link-0.11.8-i486-2.tgz:  Recompiled, stripped.
n/lftp-2.6.7-i486-1.tgz:  Upgraded to lftp-2.6.7.
n/slrn-0.9.8.0-i486-1.tgz:  Upgraded to slrn-0.9.8.0.  (thanks to Mark Hill)
n/tcpip-0.17-i486-23.tgz:  Minor adjustment to rc.inet1:  Don't use
  modprobe if the device is already up.
n/wireless-tools-26-i486-1.tgz:  Upgraded to wireless-tools-26.
n/yptools-2.8-i486-3.tgz:  Upgraded to ypbind-mt-1.14 and ypserv-2.9.
xap/xchat-2.0.5-i486-1.tgz:  Upgraded to xchat-2.0.5 (for DaMouse :-).
xap/xfce-3.99.4-i486-2.tgz:  Fixed /usr/bin perms.
xap/xpdf-2.02pl1-i486-1.tgz:  Upgraded to xpdf-2.02pl1, added Greek support.
+--------------------------+
Sun Sep 21 12:50:19 PDT 2003
a/pkgtools-9.1.0-i486-3.tgz:  Added rc.bind to services menu (default off).
n/bind-9.2.2_P2-i486-1.tgz:  Upgraded to bind-9.2.2-P2.  Added rc.bind.
n/tcpip-0.17-i486-22.tgz:  Fixed rc.inet1 to work with ethernet modules that
  are aliased in modules.conf (thanks to Artur Kedzierski :)
  In rc.inet2, start BIND through /etc/rc.d/rc.bind.
extra/swaret/swaret-1.3.1-noarch-6.tgz:  Upgraded.
+--------------------------+
Sat Sep 20 23:52:55 PDT 2003
isolinux/initrd.img, rootdisks/install.*:  Updated e2fstools.
a/genpower-1.0.3-i486-1.tgz:  Upgraded to genpower-1.0.3.
ap/hpijs-1.4.1-i486-2.tgz:  Recompiled, fixed ownership/perms.
  (thanks to Adrien Beau).
d/python-2.3-i486-2.tgz:  Recompiled, fixed ownership/perms.
  (thanks to Adrien Beau).
gnome/gcalctool-4.3.3-i486-1.tgz:  Added gcalctool-4.3.3.
  (suggested by Eugenia Loli-Queru)
gnome/gnome-utils-2.4.0-i486-1.tgz:  Fixed slack-desc.
l/expat-1.95.6-i486-2.tgz:  Patched expat.h to retain compatibility with
  earlier versions of expat.
extra/bittorrent/bittorrent-3.2.1b-noarch-1.tgz:  Added BitTorrent-3.2.1b.
extra/swaret/swaret-1.3.1-noarch-3.tgz:  Upgraded to swaret-1.3.1.
+--------------------------+
Thu Sep 18 21:16:12 PDT 2003
a/coreutils-5.0-i486-4.tgz:  Gzipped info page.
a/pcmcia-cs-3.2.5-i486-1.tgz:  Upgraded to pcmcia-cs-3.2.5.
ap/ifhp-3.5.11-i486-1.tgz:  Upgraded to ifhp-3.5.11.
ap/mysql-4.0.15a-i486-1.tgz:  Upgraded to mysql-4.0.15a.
ap/vim-6.2-i486-1.tgz:  Upgraded to vim-6.2 and ctags-5.5.2.
gnome/gnopernicus-0.7.0-i486-2.tgz:  Removed /etc/cups.
xap/xfce-3.99.4-i486-1.tgz:  Upgraded to xfce-3.99.4 (xfce4-rc4).
xap/xvim-6.2-i486-1.tgz:  Upgraded to vim-6.2 and ctags-5.5.2.
+--------------------------+
Wed Sep 17 22:23:43 PDT 2003
a/aaa_base-9.1.0-noarch-1.tgz:  Updated initial mail.
a/elflibs-9.1.0-i486-2.tgz:  Updated PCRE libs, added libcurl.
a/openssl-solibs-0.9.7b-i486-2.tgz:  Recompiled.
a/procps-2.0.16-i486-1.tgz:  Upgraded to procps-2.0.16.
a/sysvinit-2.85-i486-1.tgz:  Upgraded to sysvinit-2.85.
ap/joe-2.9.8-i486-1.tgz:  Upgraded to joe-2.9.8.
d/flex-2.5.4a-i486-2.tgz:  Patched to work with gcc3 and C++.
  (thanks to Doug Asherman)
l/pcre-4.4-i486-1.tgz:  Upgraded to pcre-4.4.
n/bind-9.2.2-i486-2.tgz:  Recompiled with official patch 9.2.2-P1.
  (supports "delegation-only" zones in caching/recursive name servers)
n/nfs-utils-1.0.6-i486-1.tgz:  Upgraded to nfs-utils-1.0.6.
n/openssl-0.9.7b-i486-2.tgz:  Recompiled.
+--------------------------+
Wed Sep 17 09:53:31 PDT 2003
n/sendmail-8.12.10-i486-1.tgz:  Upgraded to sendmail-8.12.10.
  This fixes security issues as noted in Sendmail's RELEASE_NOTES:

    "SECURITY: Fix a buffer overflow in address parsing.  Problem
         detected by Michal Zalewski, patch from Todd C. Miller
         of Courtesan Consulting.
     Fix a potential buffer overflow in ruleset parsing.  This problem
         is not exploitable in the default sendmail configuration;
         only if non-standard rulesets recipient (2), final (4), or
         mailer-specific envelope recipients rulesets are used then a
         problem may occur.  Problem noted by Timo Sirainen."

  We recommend that sites running Sendmail upgrade immediately.

  (* Security fix *)
n/sendmail-cf-8.12.10-noarch-1.tgz:  Upgraded to config files for
  sendmail-8.12.10.
+--------------------------+
Wed Sep 17 02:00:02 PDT 2003
Slackware 9.1-beta2 is ready for testing...
a/elflibs-9.1.0-i486-1.tgz:  Updated.
a/smartmontools-5.1_18-i486-1.tgz:  Upgraded to smartmontools-5.1-18.
  (thanks to Frédéric L. W. Meunier)
gnome/galeon-1.3.9-i486-1.tgz:  Upgraded to galeon-1.3.9.
gnome/gthumb-2.1.6-i486-2.tgz:  Patched to change locale directory from
  /usr/lib/locale to /usr/share/locale (thanks to Adrien Beau).
kde/kdeaddons-3.1.4-i486-1.tgz:  Upgraded to kdeaddons-3.1.4.
kde/kdeadmin-3.1.4-i486-1.tgz:  Upgraded to kdeadmin-3.1.4.
kde/kdeartwork-3.1.4-i486-1.tgz:  Upgraded to kdeartwork-3.1.4.
kde/kdebase-3.1.4-i486-1.tgz:  Upgraded to kdebase-3.1.4.
kde/kdebindings-3.1.4-i486-1.tgz:  Upgraded to kdebindings-3.1.4.
kde/kdeedu-3.1.4-i486-1.tgz:  Upgraded to kdeedu-3.1.4.
kde/kdegames-3.1.4-i486-1.tgz:  Upgraded to kdegames-3.1.4.
kde/kdegraphics-3.1.4-i486-1.tgz:  Upgraded to kdegraphics-3.1.4.
kde/kdelibs-3.1.4-i486-1.tgz:  Upgraded to kdelibs-3.1.4.
kde/kdelinks-1.1-noarch-1.tgz:  Upgraded to kdelinks-1.1.
kde/kdemultimedia-3.1.4-i486-1.tgz:  Upgraded to kdemultimedia-3.1.4.
kde/kdenetwork-3.1.4-i486-1.tgz:  Upgraded to kdenetwork-3.1.4.
kde/kdepim-3.1.4-i486-1.tgz:  Upgraded to kdepim-3.1.4.
kde/kdesdk-3.1.4-i486-1.tgz:  Upgraded to kdesdk-3.1.4.
kde/kdetoys-3.1.4-i486-1.tgz:  Upgraded to kdetoys-3.1.4.
kde/kdeutils-3.1.4-i486-1.tgz:  Upgraded to kdeutils-3.1.4.
kde/kdevelop-3.0.0a6-i486-1.tgz:  Upgraded to kdevelop-3.0.0a6.
kde/koffice-1.2.1-i486-5.tgz:  Recompiled.
kde/qt-3.2.1-i486-1.tgz:  Upgraded to qt-x11-free-3.2.1.
kde/quanta-3.1.4-i486-1.tgz:  Upgraded to quanta-3.1.4.
kdei/*:  Upgraded to KDE 3.1.4 i18n packages.
l/arts-1.1.4-i486-1.tgz:  Upgraded to arts-1.1.4.
l/expat-1.95.6-i486-1.tgz:  Upgraded to expat-1.95.6.
l/libtermcap-1.2.3-i486-6.tgz:  Recompiled, added libtermcap.so.2 to the
  installation script.  (thanks to Marco Berizzi)
n/nmap-3.45-i486-1.tgz:  Upgraded to nmap-3.45.
n/openssh-3.7.1p1-i486-1.tgz:  Upgraded to openssh-3.7.1p1.
  The OpenSSH advisory was updated (http://www.openssh.com/txt/buffer.adv)
  and now says that you need at least version 3.7.1, which fixes some
  more buffer problems like those fixed by 3.7.
  (* Security fix *)
n/pine-4.58-i486-2.tgz:  Don't disable -d completely, but set the default
  debug level to 0 in os-lnx.h.  (thanks to Luke Antins)
x/ttf-bitstream-vera-1.10-noarch-2.tgz:  Don't include fonts.cache-1 files;
  run fc-cache -f in the install script instead.
x/xfree86-4.3.0-i486-5.tgz:  Upgraded to freetype-2.1.5 and fontconfig-2.2.1.
  Updated Savage driver to work with new laptop chipsets.
  Patch integer overflows in the font libraries (thanks to Gerardo Exequiel
  Pozzi for sending in a cleaned-up patch).  These packages will also work
  on Slackware 9.0 with the glibc update in /patches.
  (* Security fix *)
x/xfree86-devel-4.3.0-i486-3.tgz:  Upgraded to freetype-2.1.5 and
  fontconfig-2.2.1.
x/xfree86-docs-4.3.0-noarch-2.tgz:  Updated freetype/fontconfig docs.
x/xfree86-docs-html-4.3.0-noarch-2.tgz:  Rebuilt.
x/xfree86-fonts-100dpi-4.3.0-noarch-2.tgz:  Don't include fonts.cache-1 files;
  run fc-cache -f in the install script instead.
x/xfree86-fonts-cyrillic-4.3.0-noarch-2.tgz:  Don't include fonts.cache-1 files;
  run fc-cache -f in the install script instead.
x/xfree86-fonts-misc-4.3.0-noarch-2.tgz:  Don't include fonts.cache-1 files;
  run fc-cache -f in the install script instead.
x/xfree86-fonts-scale-4.3.0-noarch-2.tgz:  Don't include fonts.cache-1 files;
  run fc-cache -f in the install script instead.
x/xfree86-xnest-4.3.0-i486-3.tgz:  Recompiled.
x/xfree86-xprt-4.3.0-i486-3.tgz:  Recompiled.
x/xfree86-xvfb-4.3.0-i486-3.tgz:  Recompiled.
xap/abiword-2.0.0-i486-1.tgz:  Upgraded to abiword-2.0.0.
+--------------------------+
Tue Sep 16 11:20:30 PDT 2003
a/sysvinit-2.84-i486-35.tgz:  In rc.M, don't use -f with fc-cache.  This is
  just too slow to run at every boot, but it'll be done at install's end
  or when packages with Type1/TTF fonts are installed.
d/libtool-1.4.3-i486-2.tgz:  Recompiled.
gnome/gnumeric-1.2.0-i486-1.tgz:  Upgraded to gnumeric-1.2.0.
l/libxslt-1.0.33-i486-1.tgz:  Upgraded to libxslt-1.0.33.
n/openssh-3.7p1-i486-1.tgz:  Upgraded to openssh-3.7p1.  From the OpenSSH
  Security Advisory (http://www.openssh.com/txt/buffer.adv):
      "All versions of OpenSSH's sshd prior to 3.7 contain a buffer
       management error.  It is uncertain whether this error is
       potentially exploitable, however, we prefer to see bugs
       fixed proactively."
  (* Security fix *)
xap/mozilla-1.4-i486-3.tgz:  Make sure broken leftover rdf files are removed.
bootdisks/:  New or updated scsi.s, scsi2.s, scsi3.s, pportide.i.
kernels/scsi*.s/:  Added scsi3.s to cover the missing SCSI drivers, and
  split things somewhat differently among scsi.s and scsi2.s.  Added back
  pportide.i, since several people have asked for its return.  See
  bootdisks/README.TXT for details about which drivers are in each kernel.
extra/slackpkg-0.99/slackpkg-0.99-noarch-4.tgz:  Added slackpkg, a simple
  tool for keeping a Slackware system up-to-date.  Thanks to Piter Punk for
  quickly fixing a few last-minute bugs, and reminding me that I'd promised
  to add this.  It's only fair, especially as I'm not a big believer in
  automated dependency handling.  :-)
+--------------------------+
Sun Sep 14 21:42:05 PDT 2003
ap/mysql-4.0.15-i486-1.tgz:  Upgraded to mysql-4.0.15.
d/cvs-1.11.6-i486-1.tgz:  Upgraded to cvs-1.11.6 (thanks to Adrian Lee).
n/tcpip-0.17-i486-21.tgz:  Change 'rpc.portmap' in rc.inet2 to 'rc.portmap'.
  (thanks to Dominik L. Borkowski)
extra/swaret-1.3.0/swaret-1.3.0-i386-1.tgz:  Added swaret, a tool for keeping
  a Slackware system up-to-date (perhaps inspired by apt-get).  Thanks to
  Luc Cottyn and Michael G. Manry for the great work, willingness to make
  changes, and overall persistence.  :-)
+--------------------------+
Sun Sep 14 00:51:07 PDT 2003
a/gpm-1.19.6-i486-6.tgz:  Widened setup.mouse menu.
a/pkgtools-9.1.0-i486-2.tgz:  Added rpc.portmap and IP packet forwarding on/off
  options to the setup.services menu.
a/sysvinit-2.84-i486-34.tgz:  In rc.M, use -f option with fc-cache.
ap/sgml-tools-1.0.9-i386-8.tgz:  Moved here from /extra.  Without sgml-tools,
  scrollkeeper-update can take a *long* time to update.  This also avoids
  libxml2 attempting to "phone home" to various DTD catalog sites in a tight
  loop.  I'd be surprised if this broken scrollkeeper/libxml2 wasn't pounding
  some of those sites... clearly it's not robust enough.  I'd like to see a
  setting or config file for these that prevents unauthorized attempts to access
  the network.  Strangely, with *no* network access and no sgml-tools,
  scrollkeeper-update runs reasonably fast and the generated database works
  well enough (although it's not as verbosely tagged).
d/j2sdk-1_4_2_01-i586-1.tgz:  Upgraded to j2sdk-1_4_2_01.
d/strace-4.4.98-i486-2.tgz:  Fixed ownerships in /usr/bin.
gnome/acme-2.4.0-i486-1.tgz:  Upgraded to acme-2.4.0.
gnome/file-roller-2.4.0.1-i486-1.tgz:  Upgraded to file-roller-2.4.0.1.
gnome/gconf-2.4.0.1-i486-1.tgz:  Upgraded to gconf-2.4.0.1.
gnome/gdm-2.4.4.1-i486-1.tgz:  Upgraded to gdm-2.4.4.1.
gnome/gftp-2.0.15-i486-1.tgz:  Upgraded to gftp-2.0.15.
gnome/ggv-2.4.0.1-i486-1.tgz:  Upgraded to ggv-2.4.0.1.
gnome/ghex-2.4.0.1-i486-1.tgz:  Upgraded to ghex-2.4.0.1.
gnome/glade-2.0.0-i486-2.tgz:  Fixed ownerships in /usr/bin.
gnome/gnome-mime-data-2.4.0-noarch-1.tgz:  Upgraded to gnome-mime-data-2.4.0.
gnome/gnome-terminal-2.4.0.1-i486-1.tgz:  Upgraded to gnome-terminal-2.4.0.1.
gnome/gnome-vfs-2.4.0-i486-2.tgz:  Fixed ownerships in /usr/bin.
gnome/gnopernicus-0.7.0-i486-1.tgz:  Upgraded to gnopernicus-0.7.0.
gnome/gthumb-2.1.6-i486-1.tgz:  Upgraded to gthumb-2.1.6.
gnome/gtk-engines-2.2.0-i486-3.tgz:  Removed thinice engine (this is part of
  gnome-themes now), recompiled.
gnome/libgsf-1.8.2-i486-1.tgz:  Upgraded to libgsf-1.8.2.
gnome/libwnck-2.4.0.1-i486-1.tgz:  Upgraded to libwnck-2.4.0.1.
gnome/metacity-2.6.1-i486-1.tgz:  Upgraded to metacity-2.6.1.
gnome/mpeg2dec-0.3.1-i486-2.tgz:  Recompiled.
gnome/nautilus-media-0.3.3.1-i486-1.tgz:  Upgraded to nautilus-media-0.3.3.1.
kde/kdelinks-1.1-noarch-1.tgz:  Add menu links for Galeon, Xine, and a few
  other things.
l/pcre-4.3-i486-1.tgz:  Upgraded to pcre-4.3.
l/gdk-pixbuf-0.22.0-i486-1.tgz:  Upgraded to gdk-pixbuf-0.22.0.
n/portmap-5.0-i486-1.tgz:  Upgraded to portmap5, added /etc/rc.d/rc.portmap.
n/ppp-2.4.1-i486-3.tgz:  Build with HAVE_INET6=y (thanks to Anthony Roos).
n/tcpip-0.17-i486-20.tgz:  In rc.inet2, start rpc.portmap through rc.portmap.
  Added /etc/rc.d/rc.ip_forward to activate/deactivate packet forwarding.
  Both are off (chmod 644) by default, but nfs-utils will still start portmap
  for you if you try to start the NFS server without it running.  If you've
  defined shares in /etc/exports and are running rc.nfsd I see no reason to
  argue simply because /etc/rc.d/rc.portmap isn't executable.
xap/fvwm-2.4.16-i486-2.tgz:  Fixed ownerships in /usr/bin.
  Thanks to Gerardo Exequiel Pozzi for checking root:bin correctness.
extra/emu-tools-0.9.4/emu-tools-0.9.4-i386-2.tgz:  Fixed /usr/local path in
  /usr/etc/emu-script (thanks to Gerardo Exequiel Pozzi).
The Mozilla mystery (won't run after GTK1 Mozilla is ever installed and run) has
been mostly solved.  The problem is caused when the GTK1 Mozilla is run by root.
This causes Mozilla to create several .rdf files under /usr/lib/mozilla-1.4/.
Since these aren't part of the original package, they remain when Mozilla is
upgraded to the GTK2 version, and prevent it from starting.  The solution is
to remove the old Mozilla package, remove /usr/lib/mozilla-1.4 and all its
contents, and then install the GTK2 Mozilla package.  After that, Mozilla should
work for all users.  Thanks to Mark McGrew for providing the crucial clues.
+--------------------------+
Fri Sep 12 14:09:17 PDT 2003
a/module-init-tools-0.9.14-i486-1.tgz:
  Upgraded to module-init-tools-0.9.14.
d/j2sdk-1_4_2-i586-5.tgz:  Change PATH and MANPATH to use
  /usr/lib/java/ instead of /usr/lib/j2sdk1.4.2/.
  (Suggested by Doug Asherman)
Removed extra hotplug package (noticed by Alan Brown).
+--------------------------+
Fri Sep 12 00:47:02 PDT 2003
Here comes Slackware 9.1 beta-1!  (things are looking good, so expect
  a very short beta cycle. :-)  ZipSlack still to come.
a/hotplug-2003_08_05-noarch-3.tgz:  Blacklist i810-tco which crashes
  some Intel motherboards (thanks to Damjan and Piter PUNK).
a/lprng-3.8.22-i486-1.tgz:  Upgraded to lprng-3.8.22.  Removed broken
  /usr/sbin/monitor.  (thanks to Dirk van Deun)
a/pkgtools-9.1.0-i486-1.tgz:  Merged installpkg fixes from the version
  used on the initrd.  Added a menu to select default startup services.
a/sysvinit-2.84-i486-33.tgz:  Uncommented the netatalk block in rc.M,
  so that rc.atalk runs if executable (or otherwise does not).
  Protect /etc/random-seed with chmod 600 (thanks to Daryl Bunce).
gnome/epiphany-1.0-i486-1.tgz:  Added epiphany-1.0.
gnome/galeon-1.3.8-i486-1.tgz:  Welcome back galeon!  :-)
gnome/gdm-2.4.4.0-i486-1.tgz:  Upgraded to gdm-2.4.4.0.
l/libart_lgpl-2.3.16-i486-1.tgz:  Upgraded to libart_lgpl-2.3.16.
  This fixes crashes in GDM, Nautilus, and other apps.  Now if I could
  just figure out why scrollkeeper likes to hang for up to 20 minutes
  when running scrollkeeper-update, then GNOME might be in acceptable
  shape...
n/inetd-1.79s-i486-3.tgz:  Added /etc/rc.d/rc.inetd.
n/nail-10.5-i486-1.tgz:  Upgraded to nail-10.5.
n/netatalk-1.6.3-i486-1.tgz:  Upgraded to netatalk-1.6.3, and
  chmod 644 /etc/rc.d/rc.atalk.
n/nmap-3.30-i486-1.tgz:  Upgraded to nmap-3.30.
n/ntp-4.1.2-i486-1.tgz:  Upgraded to ntp-4.1.2.
n/php-4.3.3-i486-2.tgz:  Added ./configure option --with-iconv.
  (suggested by Jaroslaw Swierczynski)
n/tcpip-0.17-i486-19.tgz:  In rc.inet2, start inetd using rc.inetd.
xap/mozilla-1.4-i486-2.tgz:  Rebuilt with --enable-default-toolkit=gtk2.
  I'm not going to wait forever for this to be declared ready (like the
  old days when everyone was using glibc betas and we refused), because
  more and more I get the feeling it will never get official approval.
  Everyone else is doing it!  ;-)
  I did notice one strange problem where Mozilla just wouldn't start if
  the user had run the previous gtk1-linked version of Mozilla before.
  If you notice this, let me know if you find the cause.
xap/mozilla-plugins-1.4-noarch-1.tgz:  Some symlinks for Mozilla.
extra/bash-completion-20030911/bash-completion-20030911-noarch-1.tgz:
  Upgraded to bash-completion-20030911.
+--------------------------+
Wed Sep 10 20:41:56 PDT 2003
a/devs-2.3.1-noarch-18.tgz:  Added nvidia devices.
  (Suggested by Jaroslaw Swierczynski)
a/procps-2.0.15-i486-1.tgz:  Upgraded to procps-2.0.15.
d/j2sdk-1_4_2-i586-4.tgz:  Set JAVA_HOME in /etc/profile.d/ scripts.
  (Suggested by Doug Asherman and Mircea Baciu)
Upgraded to GNOME-2.4:
gnome/at-spi-1.3.7-i486-1.tgz:  Upgraded to at-spi-1.3.7 and
  gnome-mag-0.10.3 (this was part of previous at-spi releases).
gnome/bonobo-activation-2.2.4-i486-1.tgz:  Removed.
gnome/bug-buddy-2.4.0-i486-1.tgz:  Upgraded to bug-buddy-2.4.0.
gnome/control-center-2.4.0-i486-1.tgz:  Upgraded to control-center-2.4.0.
gnome/eel-2.4.0-i486-1.tgz:  Upgraded to eel-2.4.0.
gnome/eog-2.4.0-i486-1.tgz:  Upgraded to eog-2.4.0.
gnome/file-roller-2.4.0-i486-1.tgz:  Upgraded to file-roller-2.4.0.
gnome/gail-1.4.0-i486-1.tgz:  Upgraded to gail-1.4.0.
gnome/gconf-2.4.0-i486-1.tgz:  Upgraded to gconf-2.4.0.
gnome/gconf-editor-2.4.0-i486-1.tgz:  Upgraded to gconf-editor-2.4.0.
gnome/gdm-2.4.1.6-i486-2.tgz:  Recompiled, switched to standard 'gdmlogin'
  greeter, as the graphical one is crashing.  The newer version (2.4.4.0)
  seems to be even more unstable, and changes the Session handling in a
  way that seems to complicate everything needlessly, so I think this is
  the version to stick with for now.  If anyone knows what is wrong with
  gdmgreeter, please let me know.
gnome/gedit-2.4.0-i486-1.tgz:  Upgraded to gedit-2.4.0.
gnome/ggv-2.4.0-i486-1.tgz:  Upgraded to ggv-2.4.0.
gnome/gnome-applets-2.4.0-i486-1.tgz:  Upgraded to gnome-applets-2.4.0.
gnome/gnome-desktop-2.4.0-i486-1.tgz:  Upgraded to gnome-desktop-2.4.0.
gnome/gnome-games-2.4.0-i486-1.tgz:  Upgraded to gnome-games-2.4.0.
gnome/gnome-icon-theme-1.0.9-noarch-1.tgz:
  Upgraded to gnome-icon-theme-1.0.9.
gnome/gnome-media-2.4.0-i486-1.tgz:  Upgraded to gnome-media-2.4.0.
gnome/gnome-mime-data-2.3.2-noarch-1.tgz:
  Upgraded to gnome-mime-data-2.3.2.
gnome/gnome-panel-2.4.0-i486-1.tgz:  Upgraded to gnome-panel-2.4.0.
gnome/gnome-session-2.4.0-i486-1.tgz:  Upgraded to gnome-session-2.4.0.
gnome/gnome-speech-0.2.7-i486-1.tgz:  Added gnome-speech-0.2.7.
gnome/gnome-system-monitor-2.4.0-i486-1.tgz:
  Upgraded to gnome-system-monitor-2.4.0.
gnome/gnome-terminal-2.4.0-i486-1.tgz:  Upgraded to gnome-terminal-2.4.0.
gnome/gnome-themes-2.4.0-i486-1.tgz:  Upgraded to gnome-themes-2.4.0.
gnome/gnome-utils-2.4.0-i486-1.tgz:  Upgraded to gnome-utils-2.4.0.
gnome/gnome-vfs-2.4.0-i486-1.tgz:  Upgraded to gnome-vfs-2.4.0.
gnome/gnome2-user-docs-2.4.0-noarch-1.tgz:
  Upgraded to gnome2-user-docs-2.4.0.
gnome/gnomeicu-cvs20030910-i486-1.tgz:  Upgraded to a gnomeicu CVS snapshot.
  This was needed since gnomeicu-0.99 doesn't work with the new gnet library.
gnome/gnopernicus-0.3.6-i486-1.tgz:  Added gnopernicus-0.3.6.
gnome/gnumeric-1.1.90-i486-1.tgz:  Upgraded to gnumeric-1.1.90.
gnome/gucharmap-1.0.0-i486-1.tgz:  Upgraded to gucharmap-1.0.0.
gnome/libbonobo-2.4.0-i486-1.tgz:  Upgraded to libbonobo-2.4.0.
gnome/libbonoboui-2.4.0-i486-1.tgz:  Upgraded to libbonoboui-2.4.0.
gnome/libgnome-2.4.0-i486-1.tgz:  Upgraded to libgnome-2.4.0.
gnome/libgnomecanvas-2.4.0-i486-1.tgz:  Upgraded to libgnomecanvas-2.4.0.
gnome/libgnomeprint-2.3.1-i486-1.tgz:  Upgraded to libgnomeprint-2.3.1.
gnome/libgnomeprintui-2.3.1-i486-1.tgz:  Upgraded to libgnomeprintui-2.3.1.
gnome/libgtkhtml-2.4.0-i486-1.tgz:  Upgraded to libgtkhtml-2.4.0.
gnome/libgtop-2.0.5-i486-1.tgz:  Upgraded to libgtop-2.0.5.
gnome/librsvg-2.4.0-i486-1.tgz:  Upgraded to librsvg-2.4.0.
gnome/libwnck-2.4.0-i486-1.tgz:  Upgraded to libwnck-2.4.0.
gnome/metacity-2.6.0-i486-1.tgz:  Upgraded to metacity-2.6.0.
gnome/nautilus-2.4.0-i486-1.tgz:  Upgraded to nautilus-2.4.0.
gnome/nautilus-cd-burner-0.5.3-i486-1.tgz:
  Upgraded to nautilus-cd-burner-0.5.3.
gnome/nautilus-media-0.3.3-i486-1.tgz:  Upgraded to nautilus-media-0.3.3.
gnome/orbit2-2.8.1-i486-1.tgz:  Upgraded to ORBit2-2.8.1.
gnome/vte-0.11.10-i486-1.tgz:  Upgraded to vte-0.11.10.
gnome/yelp-2.4.0-i486-1.tgz:  Upgraded to yelp-2.4.0.
l/esound-0.2.32-i486-1.tgz:  Upgraded to esound-0.2.32.
n/getmail-3.1.8-noarch-1.tgz:  Added getmail-3.1.8, a POP3 mail retrieval tool
  written in Python.  Likely to be more secure and reliable than fetchmail.
n/fetchmail-6.2.4-i486-1.tgz:  Upgraded to fetchmail-6.2.4.
n/imapd-4.58-i486-1.tgz:  Upgraded to imapd from pine4.58.
n/pine-4.58-i486-1.tgz:  Upgraded to pine4.58.
  This fixes two vulnerabilities in earlier PINE versions found by iDEFENSE
  Labs (see http://www.idefense.com/advisory/09.10.03.txt).
  (* Security fix *)
xap/abiword-1.99.6-i486-1.tgz:  Upgraded to abiword-1.99.6.
xap/pan-0.14.2-i486-2.tgz:  Recompiled against new gnet.
extra/inn-2.4.0/inn-2.4.0-i486-1.tgz:  Upgraded to inn-2.4.0, and moved here
  from N (INN probably doesn't need to be part of a default installation).
extra/sgml-tools-1.0.9/sgml-tools-1.0.9-i386-8.tgz:  Added gtk-doc-1.1.
Removed extra extra/extra/ directory.
+--------------------------+
Tue Sep  9 21:04:38 PDT 2003
rootdisks/network.dsk:  Probe for e1000.  (thanks to Dirk van Deun)
isolinux/initrd.img, rootdisks/install.*:  Various bugfixes.
ap/mad-0.14.2b-i386-1.tgz:  Removed (split upstream).
ap/madplay-0.15.0b-i486-1.tgz:  Added madplay-0.15.0b.
ap/mpg321-0.2.10-i486-2.tgz:  Recompiled against new libmad/libid3tag.
ap/sox-12.17.4-i486-2.tgz:  Recompiled against new libmad.
d/j2sdk-1_4_2-i586-3.tgz:  Fixed /usr/lib/java symlink.
  (thanks to Mircea Baciu)
gnome/gst-plugins-0.6.3-i486-2.tgz:  Recompiled against new libmad.
gnome/gstreamer-0.6.3-i486-2.tgz:  Recompiled.
l/arts-1.1.3-i486-3.tgz:  Recompiled against new libmad.
l/atk-1.4.0-i486-1.tgz:  Upgraded to atk-1.4.0.
l/glib2-2.2.3-i486-1.tgz:  Upgraded to glib-2.2.3.
l/gnet-2.0.4-i486-1.tgz:  Upgraded to gnet-2.0.4.
l/gtk+2-2.2.4-i486-1.tgz:  Upgraded to gtk+-2.2.4.
l/libart_lgpl-2.3.15-i486-1.tgz:  Upgraded to libart_lgpl-2.3.15.
l/libid3tag-0.15.0b-i486-1.tgz:  Added libid3tag-0.15.0b.
l/libmad-0.15.0b-i486-1.tgz:  Added libmad-0.15.0b.
l/pango-1.2.5-i486-1.tgz:  Upgraded to pango-1.2.5.
l/libxml2-2.5.11-i486-1.tgz:  Upgraded to libxml2-2.5.11.
More ham radio package updates from Arno Verhoeven:
extra/ham/aprsd-2.2.5_14-i486-1.tgz:  Added aprsd-2.2.5-14.
extra/ham/xastir-1.2.1-i486-3.tgz:  Updated to xastir121-2003-Sep-02.
extra/ham/xfbb-7.04j-i486-1.tgz:  Upgraded to xfbb-7.04j.
  (* Security fix *)
+--------------------------+
Sun Sep  7 23:25:19 PDT 2003
a/jfsutils-1.1.3-i486-1.tgz:  Upgraded to jfsutils-1.1.3.
  (Contains an important fix for using 2.6.x kernels)
a/reiserfsprogs-3.6.11-i486-1.tgz:  Upgraded to reiserfsprogs-3.6.11.
ap/lsof-4.68-i486-1.tgz:  Upgraded to lsof-4.68.
ap/quota-3.09-i486-1.tgz:  Upgraded to quota-3.09.
d/j2sdk-1_4_2-i586-2.tgz:  Added /usr/lib/java symlink.
d/oprofile-0.6-i486-1.tgz:  Added oprofile-0.6.
f/linux-faqs-20030907-noarch-1.tgz:  Upgraded Linux FAQs.
f/linux-howtos-20030907-noarch-1.tgz:  Upgraded Linux HOWTOs, which now
  include the mini-HOWTO collection (these were merged upstream).
n/inetd-1.79s-i486-2.tgz:  Disable inetd's (stupid) connection limiting code
  which can actually cause a DoS rather than preventing it.  The default
  connections-per-minute is now unlimited.  -R 0 also removes limiting (this
  is now mentioned in the man page as well).  Thanks to 3APA3A for reporting
  this issue.
  (* Security fix *)
xap/abiword-1.0.7-i486-1.tgz:  Upgraded to abiword-1.0.7.
xap/gaim-0.68-i486-1.tgz:  Upgraded to gaim-0.68.
xap/pan-0.14.2-i486-1.tgz:  Upgraded to pan-0.14.2.
xap/x3270-3.2.20-i486-1.tgz:  Upgraded to x3270-3.2.20.
xap/xlockmore-5.09-i486-1.tgz:  Upgraded to xlockmore-5.09.
xap/xmms-1.2.8-i486-2.tgz:  Added --enable-simd and --with-ipv6 to ./configure.
  Jaroslaw Swierczynski assures me that --enable-simd won't cause problems for
  machines that don't support it.  :-)
xap/xpaint-2.7.0-i486-1.tgz:  Upgraded to xpaint-2.7.0.
xap/xscreensaver-4.13-i486-1.tgz:  Upgraded to xscreensaver-4.13.
extra/gimp-1.3.20/gimp-1.3.20-i486-1.tgz:  Upgraded to gimp-1.3.20.
+--------------------------+
Fri Sep  5 16:19:19 PDT 2003
ap/man-pages-1.60-noarch-1.tgz:  Upgraded to man-pages-1.60.
ap/sox-12.17.4-i486-1.tgz:  Upgraded to sox-12.17.4.
d/nasm-0.98.37-i386-1.tgz:  Upgraded to nasm-0.98.37.
n/tin-1.6.1-i486-1.tgz:  Upgraded to tin-1.6.1.
xap/xine-lib-1rc0a-i686-2.tgz:  Recompiled with ALSA support.
xap/xmms-1.2.8-i486-1.tgz:  Upgraded to xmms-1.2.8.
+--------------------------+
Thu Sep  4 19:40:01 PDT 2003
bootdisks/xfs.s:  New XFS bootdisk (updated XFS patches).
a/devs-2.3.1-noarch-17.tgz:  Fixed midi device names (midi0? instead of midi?),
  and fixed symlinks to be relative wherever possible.  (thanks to Adrien Beau)
a/module-init-tools-0.9.14pre2-i486-1.tgz:
  Added module-init-tools-0.9.14-pre2.  Also contains modutils-2.4.25 installed
  for compatibility with both Linux 2.4.x and 2.6.x.
  I think we're now 2.6.x ready.  :-)
ap/espgs-7.05.6-i486-2.tgz:  Switched back to espgs-7.05.6 with the patch to
  fix PNG devices, as espgs-7.07.1rc1 seems to have broken PDF.  I should have
  known better than to try an RC, but it is based on a stable GNU version so
  I'll use that as my excuse.  ;-)
  (thanks to Robin B Martin for the bug report)
k/kernel-source-2.4.22-noarch-3.tgz:  Upgraded to official XFS patches.
l/alsa-driver-0.9.6-i486-3.tgz:  rc.alsa rewritten to load the ALSA modules if
  modules.conf has been set up using alsaconf and the machine does not use
  hotplug.  Thanks to Jaroslaw Swierczynski for the initial rewrite.
l/sdl-1.2.6-i486-1.tgz:  Upgraded to sdl-1.2.6.
extra/kernel-modules-2.4.22_xfs/alsa-driver-0.9.6_xfs-i486-3.tgz:  New rc.alsa.
extra/kernel-modules-2.4.22_xfs/kernel-modules-2.4.22_xfs-i486-3.tgz:
  Recompiled from 2.4.22 with official XFS patches.
extra/xcdroast-0.98alpha14/xcdroast-0.98alpha14-i486-1.tgz:
  Upgraded to xcdroast-0.98alpha14.
pasture/modutils-2.4.25/modutils-2.4.25-i486-1.tgz:
  Upgraded to modutils-2.4.25.  Moved here from the A series.
+--------------------------+
Wed Sep  3 20:17:23 PDT 2003
bootdisks/:  Recompiled from patched sources.
kernels/:  Recompiled from patched sources.  Added speakup.s kernel.
a/devs-2.3.1-noarch-16.tgz:  Fixed incorrect perms on /dev/snd/.
  (thanks to Jaroslaw Swierczynski)
a/kernel-ide-2.4.22-i486-2.tgz:  Recompiled from patched sources.
a/kernel-modules-2.4.22-i486-2.tgz:  Recompiled from patched sources.
ap/espgs-7.07.1rc1-i486-1.tgz:  Upgraded to espgs-7.07.1rc1, fixed missing
  PNG devices.  (thanks to Dennis Bijwaard for the bug report)
ap/oggutils-1.0-i386-3.tgz:  Provide an ALSA plugin for libao.
gnome/gst-plugins-0.6.3-i486-1.tgz:  Upgraded to gst-plugins-0.6.3.
gnome/gstreamer-0.6.3-i486-1.tgz:  Upgraded to gstreamer-0.6.3.
k/kernel-source-2.4.22-noarch-2.tgz:  Patched broken masquerade.
  Thanks to Jack S. Lai for the heads-up.
l/alsa-driver-0.9.6-i486-2.tgz:  Added alsaconf, an alternate ALSA
  configurator that's useful for machines not using hotplug.
extra/bash-completion-20030821/bash-completion-20030821-noarch-1.tgz:
  Upgraded to bash-completion-20030821.
extra/extra/brltty-3.3.1/brltty-3.3.1-i486-1.tgz:  Upgraded to brltty-3.3.1.
extra/emacspeak-18.0/emacspeak-18.0-i486-1.tgz:  Upgraded to emacspeak-18.0.
extra/fluxbox-0.9.6pre1/fluxbox-0.9.6pre1-i486-1.tgz:
  Upgraded to fluxbox-0.9.6pre1.
extra/kernel-modules-2.4.22_xfs/alsa-driver-0.9.6_xfs-i486-2.tgz:
  Added alsaconf.
extra/kernel-modules-2.4.22_xfs/kernel-modules-2.4.22_xfs-i486-2.tgz:
  Recompiled from patched sources.
extra/openmotif-2.2.2/openmotif-2.2.2-i486-1.tgz:
  Upgraded to openMotif-2.2.2.
extra/parted-1.6.6/parted-1.6.6-i486-1.tgz:  Upgraded to GNU parted-1.6.6.
+--------------------------+
Tue Sep  2 14:52:18 PDT 2003
bootdisks/:  Regenerated using syslinux-2.06.  All should boot now.
a/devs-2.3.1-noarch-15.tgz:  Corrected major numbers for hdm*, hdn*, and
  patched MAKEDEV to create them properly.  (thanks to Phil DeBecker)
a/syslinux-2.06-i386-1.tgz:  Upgraded to syslinux-2.06.
n/ncftp-3.1.6-i486-1.tgz:  Upgraded to ncftp-3.1.6.
Many ham radio package updates from Slackware ham package maintainer
  Arno Verhoeven.  Thanks Arno!
extra/ham:  Changed directory structure.
extra/ham/7plus-2.25-i486-2.tgz:  Recompiled.
extra/ham/aprsdigi-2.4.3-i486-1.tgz:  Upgraded to aprsdigi-2.4.3.
extra/ham/ax25_apps-0.0.6-i486-2.tgz:  Recompiled.
awznode-0.4_pre2-i386-1.tgz:  Removed. (* Security problem *)
extra/ham/baycomusb-0.10-i486-2.tgz:  Added baycomusb-0.10.
extra/ham/cwdaemon-0.5-i486-1.tgz:  Replaced tlfcwkeyer with cwdaemon-0.5.
extra/ham/fftw-2.1.5-i486-2.tgz:  Added fftw-2.1.5. This package is
  needed by gmfsk-0.5.
extra/ham/gmfsk-0.5-i486-1.tgz: Upgraded to gmfsk-0.5.
extra/ham/hamlib-1.1.4-i486-2.tgz:  Upgraded to hamlib-1.1.4.
extra/ham/libax25-0.0.11-i486-2.tgz:  Upgraded to libax25-0.0.11.
extra/ham/libgeotiff-1.1.4-i486-2.tgz:  Recompiled.
extra/ham/libproj-4.4.7-i486-2.tgz:  Upgraded to libproj-4.4.7.
extra/ham/node-0.3.2-i486-1.tgz.tgz:  Fixed a bug that may allow a remote
 attacker to execute arbitrary code on vulnerable host. The issue is
 reported to exist due to a lack of bounds checking, leading to a buffer
 overflow condition. Thanks to SM6TKY for locating this problem.
 (* Security fix *)
extra/ham/opie_server-2.32-i386-2.tgz:  Removed. It's old.
extra/ham/shapelib-1.2.10-i486-1.tgz:  Added shapelib-1.2.10. This package
  is used by Xastir.
extra/ham/soundmodem-0.7-i486-2.tgz:  Upgraded to soundmodem-0.7.
extra/ham/tlf-0.9.1-i486-1.tgz:  Upgraded to tlf-0.9.1-i486-1.
extra/ham/tlfdoc-0.8.20-noarch-1.tgz:  Replaced tlfmanual with tlfdoc-0.8.20.
extra/ham/xastir-1.2.1-i486-2.tgz:  Upgraded to xastir-1.2.1-2003-aug-20.
extra/ham/xcall-0.15-i486-3.tgz:  Recompiled.
extra/ham/xconvers-0.8.2-i486-2.tgz:  Upgraded to xconvers-0.8.2.
extra/ham/xfbb-7.04h-i486-3.tgz:  Recompiled, removed a BBS specific text
  from Danish language file.
extra/ham/xlog-0.8-i486-1.tgz:  Upgraded to xlog-0.8.
z8530drv_utils-3.0-i486-3.tgz:  Recompiled.
+--------------------------+
Tue Sep  2 00:09:57 PDT 2003
bootdisks/:  Upgraded to Linux 2.4.22.
isolinux/initrd.img, rootdisks/install.*:  Try to install correct symlinks
  for /dev/cdrom and /dev/dvd (although there's only so much that can be done
  when all ATAPI CD devices are reporting themselves as DVD-ROMs...)
  Upgraded USB keyboard modules to 2.4.22.
rootdisks/network.dsk, pcmcia.dsk:  Upgraded to Linux 2.4.22 modules.
a/acpid-1.0.2-i486-1.tgz:  Upgraded to acpid-1.0.2.
a/devs-2.3.1-noarch-14.tgz:  Added ALSA devices.
a/etc-5.1-noarch-5.tgz:  Added /tmp/.ICE-unix (thanks Gerardo Exequiel Pozzi)
a/hotplug-2003_08_05-noarch-2.tgz:  Blacklisted OSS modules so ALSA will load.
a/kernel-ide-2.4.22-i486-1.tgz:  Upgraded to Linux 2.4.22.
a/kernel-modules-2.4.22-i486-1.tgz:  Upgraded to Linux 2.4.22 modules.
  Merged iptables example and NIC fixes for rc.modules from Piter Punk.
  Load agpgart module by default (should be harmless on non-AGP machines, but
  let me know if I'm wrong about that).
a/procps-2.0.14-i486-1.tgz:  Upgraded to procps-2.0.14.
a/sed-3.02-i486-1.tgz:  Switched to sed-3.02 with a patch from IBM to support
  multibyte characters found here:
    http://oss.software.ibm.com/developer/opensource/linux/patches/i18n/
  This was done because both super-sed and the 4.x branch of GNU sed have some
  serious performance and regex bugs.  I'd meant to revert super-sed before,
  and remembered when it caused the lvm build to fail...
a/sysvinit-2.84-i486-32.tgz:  In rc.S, don't write to /proc/sys/kernel/hotplug
  without checking it first.  (thanks giovanni quadriglio)
  In rc.M, run rc.alsa to load the mixer defaults.
a/xfsprogs-2.5.6-i486-1.tgz:  Upgraded to acl-2.2.15, attr-2.4.8, dmapi-2.0.8,
  xfsdump-2.2.13, and xfsprogs-2.5.6.
ap/alsa-utils-0.9.6-i486-1.tgz:  Added alsa-utils-0.9.6.
ap/aumix-2.8-i486-1.tgz:  Added aumix-2.8.
ap/dvd+rw-tools-5.12.4.7.4-i486-1.tgz:  Upgraded to dvd+rw-tools-5.12.4.7.4.
ap/lvm-1.0.7-i486-1.tgz:  Upgraded to lvm-1.0.7 (for 2.4.x kernels).
d/gcc-3.2.3-i486-2.tgz:  Updated headers in 
  /usr/lib/gcc-lib/i486-slackware-linux/3.2.3/include.
d/kernel-headers-2.4.22-i386-1.tgz:  Upgraded to Linux 2.4.22 headers.
k/kernel-source-2.4.22-noarch-1.tgz:  Upgraded to Linux 2.4.22 sources.
  Included XFS patches in usr/src/xfs-2.4.22-unofficial.
l/esound-0.2.29-i486-3.tgz:  Recompiled against ALSA.
l/alsa-driver-0.9.6-i486-1.tgz:  Added alsa-driver-0.9.6.
l/alsa-lib-0.9.6-i486-1.tgz:  Added alsa-lib-0.9.6.
l/alsa-oss-0.9.6-i486-1.tgz:  Added alsa-oss-0.9.6.
l/arts-1.1.3-i486-2.tgz:  Recompiled against ALSA.
n/gnupg-1.2.3-i486-1.tgz:  Upgraded to gnupg-1.2.3.
n/stunnel-4.04-i486-1.tgz:  Added stunnel-4.04.
n/tcpip-0.17-i386-18.tgz:  Fixed typo in rc.inet1 comments.
  Upgraded to whois-4.6.6 and patched a command-line buffer overflow.  (since
  this requires command-line control and whois is not setuid, this overflow
  is useless for gaining root)
  Merged in tools from iputils-ss021109-try, including arping, clockdiff,
  ping (improved version), rarpd, rdisc, tracepath, and traceroute6.  iputils
  also includes several IPsec utilities that rely on apparently broken modified
  glibc headers that are bundled in (these did not compile).
extra/gimp-1.3.19/gimp-1.3.19-i486-1.tgz:  Upgraded to gimp-1.3.19.
  (thanks to Brent Cook for reporting that gimp-1.3 needed at least a recompile
  after the recent GNOME upgrades)
kernel-modules-2.4.22_xfs/alsa-driver-0.9.6_xfs-i486-1.tgz:  ALSA modules for
  the optional XFS kernel.
kernel-modules-2.4.22_xfs/kernel-modules-2.4.22_xfs-i486-1.tgz:  Kernel modules
  for the optional XFS kernel.  You'll need to install these if you use the
  precompiled kernel for XFS.
+--------------------------+
Tue Aug 26 22:47:08 PDT 2003
a/sysvinit-2.84-i486-31.tgz:  In rc.S, detect if rc.hotplug is non-executable
  and if so, echo "/dev/null" > /proc/sys/kernel/hotplug to make sure hotplug
  isn't triggered as modules or devices are accessed.  Clean up rc.M.
  In /etc/rc.d/rc.6, detect SCRAM upsstatus (thanks to Bruce G. Burns).
n/nfs-utils-1.0.5-i486-2.tgz:  In rc.nfsd, start rpc.portmap if it's not
  already running, since it's no longer run by default.
  (Thanks to Marek Januszewski)
n/sendmail-8.12.9-i486-3.tgz:  Recompiled against OpenSSL to provide STARTTLS
  option.  (Thanks to Luigi Genoni for the major help!)
n/sendmail-cf-8.12.9-noarch-3.tgz:  Added additional config files to support
  TLS if the proper certificates are installed (sendmail-slackware-tls.mc and
  sendmail-slackware-tls.cf).  (thanks again, V-man :-)
n/tcpip-0.17-i386-17.tgz:  Upgraded to tftp-hpa-0.34.
  Rewrote rc.inet1 to work better with hotplug (and without).  Moved the
  configuration details to rc.inet1.conf.  Modified netconfig to work with
  this.  In rc.inet2, don't run rpc.portmap unless NFS partitions are found
  in /etc/fstab.  This was a tradeoff -- mounting an NFS partition will hang
  if portmap is not running, so this is likely to be a trap for some users.
  Comments welcome...  it's not as tangled a mess as before, but getting
  everything to work together is tricky.  It seems like all the various
  options work correctly now though, and rc.inet1 is a lot more readable.  :-)
+--------------------------+
Mon Aug 25 19:56:00 PDT 2003
isolinux/initrd.img, rootdisks/install.*:  Support more than one installation
  disc.  In expert or menu mode, run all the menus for each disc, and then
  go on to install the packages from that disc.  Various other bugfixes.
a/cups-1.1.19-i486-3.tgz:  chmod 644 /etc/rc.d/rc.cups.new so that CUPS
  will not run on a default installation until the admin changes the perms.
a/infozip-5.50-i486-2.tgz:  Fixed a bug where a specially crafted archive
  might try to write to ../ or ../../, etc, potentially overwriting system
  files if the user (such as root) has permissions to overwrite them.
  Thanks to jelmer for locating this problem, and Ben Laurie for providing a
  patch.
  (* Security fix *)
a/lilo-22.5.7.2-i386-1.tgz:  Upgraded to lilo-22.5.7.2.  Patched liloconfig
  to understand new fdisk 2.12 partition names (Win95 -> W95).
a/util-linux-2.12-i486-1.tgz:  Upgraded to util-linux-2.12.
d/distcc-2.10-i486-1.tgz:  Upgraded to distcc-2.10.
n/php-4.3.3-i486-1.tgz:  Upgraded to php-4.3.3.
+--------------------------+
Sun Aug 24 14:39:37 PDT 2003
d/strace-4.4.98-i486-1.tgz:  Upgraded to strace-4.4.98.
gnome/gnumeric-1.1.19-i486-1.tgz:  Switched back to gnumeric-1.1.19 because the
  help system in gnumeric-1.1.20 does not work.  Hopefully we'll see a fixed
  gnumeric-1.1.21 soon.
+--------------------------+
Sat Aug 23 21:39:09 PDT 2003
gnome/gnumeric-1.1.20-i486-1.tgz:  Upgraded to gnumeric-1.1.20.
+--------------------------+
Fri Aug 22 02:12:31 PDT 2003
a/sysvinit-2.84-i486-30.tgz:  Fixed rc.M to start rc.cups in a subshell.
Removed old libglut package from /pasture now that it's back in L.
+--------------------------+
Wed Aug 20 15:27:21 PDT 2003
l/glut-3.7-i486-1.tgz:  Restored and recompiled glut-3.7 from /pasture.
l/libexif-0.5.12-i486-1.tgz:  Moved from ../gnome.
kde/kdegraphics-3.1.3-i486-2.tgz:  Compiled with libglut present,
  which allows kpovmodeler to build.  (thanks to Emanuele Vicentini
  for the report)  To do anything with kpovmodeler, you'll first need
  to install POV-Ray from http://www.povray.org.
xap/imagemagick-5.5.7_10-i486-1.tgz:  Upgraded to imagemagick-5.5.7_10.
  (this also needed a recompile against libexif-0.5.12, which was
  pointed out by Markus Stauffer)
Removed old CUPS and JRE packages from /extra.  (thanks, Petr)
+--------------------------+
Tue Aug 19 19:12:45 PDT 2003
a/cups-1.1.19-i486-2.tgz:  Moved some binaries and manpages to
  <name>-cups and created symlinks to the old names to allow LPRng
  and CUPS to coexist.
a/etc-5.1-noarch-4.tgz:  Added an example /etc/printcap.new with no
  active entries (nobody uses a "line printer" in 2003, and the old
  default lp entry from BSD was causing problems with apsfilter).
a/lprng-3.8.21-i486-2.tgz:  Moved some binaries and manpages to
  <name>-lprng and created symlinks to the old names to allow LPRng
  and CUPS to coexist.  Removed old BSD /etc/printcap.
  Added /etc/rc.d/rc.lprng (chmod 644 by default).
a/sysvinit-2.84-i486-29.tgz:  In /etc/rc.d/rc.M, start LPRng through
  /etc/rc.d/rc.lprng instead of running lpd directly.  Also in rc.M,
  start MySQL if /etc/rc.d/rc.mysqld is executable.  In /etc/rc.d/rc.6,
  shutdown MySQL gracefully.
ap/mysql-4.0.14-i486-1.tgz:  Upgraded to mysql-4.0.14.
  Added /etc/rc.d/rc.mysqld (chmod 644 by default).
d/cscope-15.4-i486-1.tgz:  Added some copyrighted SCO code.  :-)
d/perl-5.8.0-i486-5.tgz:  Upgraded to DBD-mysql-2.9002, recompiled
  against new libmysqlclient.
kde/kdelibs-3.1.3a-i486-1.tgz:  Upgraded to kdelibs-3.1.3a.
  (this fixes the horizontal scrollbar bug in Konqueror and other KDE apps)
kde/qt-3.1.2-i486-5.tgz:  Recompiled against new libmysqlclient.
n/apache-1.3.28-i486-2.tgz:  Upgraded to mm-1.3.0.  Made /usr/sbin/apachectl
  a symlink since this location is shared with the mod_ssl package.
n/bitchx-1.0c19-i486-4.tgz:  Recompiled against new libmysqlclient.
  (used by europa plugin)
n/lftp-2.6.6-i486-1.tgz:  Upgraded to lftp-2.6.6.
n/links-2.1pre11-i486-1.tgz:  Upgraded to links-2.1pre11.
n/mod_ssl-2.8.15_1.3.28-i486-2.tgz:  Made /usr/sbin/apachectl a symlink
  since this location is shared with the apache package.
n/php-4.3.2-i486-2.tgz:  Relinked MySQL extension against new libmysqlclient.
x/xfree86-4.3.0-i486-4.tgz:  Added fluxbox to /etc/X11/xdm/Xsession.new.
  Don't replace existing Xsession, xdm-config, or Xservers files.
+--------------------------+
Sun Aug 17 21:03:21 PDT 2003
a/hotplug-2003_08_05-noarch-1.tgz:  Upgraded to hotplug-2003_08_05.
ap/cdrtools-2.00.3-i486-1.tgz:  Upgraded to cdrtools-2.00.3.
d/pkgconfig-0.15.0-i486-1.tgz:  Upgraded to pkgconfig-0.15.0.
d/python-tools-2.3-noarch-2.tgz:  Fixed pynche symlink (thanks V-man :).
gnome/acme-2.0.6-i486-1.tgz:  Upgraded to acme-2.0.6.
gnome/at-spi-1.2.1-i486-1.tgz:  Upgraded to at-spi-1.2.1.
gnome/bonobo-activation-2.2.4-i486-1.tgz:  Upgraded to bonobo-activation-2.2.4.
gnome/bug-buddy-2.2.106-i486-1.tgz:  Upgraded to bug-buddy-2.2.106.
gnome/control-center-2.2.2-i486-1.tgz:  Upgraded to control-center-2.2.2.
gnome/eel-2.2.4-i486-1.tgz:  Upgraded to eel-2.2.4.
gnome/eog-2.2.2-i486-1.tgz:  Upgraded to eog-2.2.2.
gnome/file-roller-2.2.5-i486-1.tgz:  Upgraded to file-roller-2.2.5.
gnome/gail-1.2.2-i486-1.tgz:  Upgraded to gail-1.2.2.
gnome/gal2-1.99.9-i486-1.tgz:  Upgraded to gal2-1.99.9.
gnome/gconf-editor-0.5.0-i486-1.tgz:  Upgraded to gconf-editor-0.5.0.
gnome/gdm-2.4.1.6-i486-1.tgz:  Upgraded to gdm-2.4.1.6.
gnome/gedit-2.2.2-i486-1.tgz:  Upgraded to gedit-2.2.2.
gnome/gftp-2.0.15rc2-i486-1.tgz:  Upgraded to gftp-2.0.15rc2.
gnome/ggv-2.0.1-i486-1.tgz:  Upgraded to ggv-2.0.1.
gnome/ghex-2.2.1-i486-1.tgz:  Upgraded to ghex-2.2.1.
gnome/glade-2.0.0-i486-1.tgz:  Upgraded to glade-2.0.0.
gnome/gnome-applets-2.2.2-i486-1.tgz:  Upgraded to gnome-applets-2.2.2.
gnome/gnome-audio-2.0.0-noarch-1.tgz:  Upgraded to gnome-audio-2.0.0.
gnome/gnome-desktop-2.2.2-i486-1.tgz:  Upgraded to gnome-desktop-2.2.2.
gnome/gnome-games-2.2.1-i486-1.tgz:  Upgraded to gnome-games-2.2.1.
gnome/gnome-icon-theme-1.0.6-noarch-1.tgz:  Upgraded to gnome-icon-theme-1.0.6.
gnome/gnome-mime-data-2.2.1-noarch-1.tgz:  Upgraded to gnome-mime-data-2.2.1.
gnome/gnome-panel-2.2.2.2-i486-1.tgz:  Upgraded to gnome-panel-2.2.2.2.
gnome/gnome-session-2.2.2-i486-1.tgz:  Upgraded to gnome-session-2.2.2.
gnome/gnome-system-monitor-2.0.5-i486-1.tgz:  Upgraded to
  gnome-system-monitor-2.0.5.
gnome/gnome-terminal-2.2.2-i486-1.tgz:  Upgraded to gnome-terminal-2.2.2.
gnome/gnome-themes-2.2.2-i486-1.tgz:  Upgraded to gnome-themes-2.2.2.
gnome/gnome-utils-2.2.3-i486-1.tgz:  Upgraded to gnome-utils-2.2.3.
gnome/gnome-vfs-2.2.5-i486-1.tgz:  Upgraded to gnome-vfs-2.2.5
  and gnome-vfs-extras-0.99.11.
gnome/gnumeric-1.1.19-i486-1.tgz:  Upgraded to gnumeric-1.1.19.
gnome/gthumb-2.1.4-i486-1.tgz:  Upgraded to gthumb-2.1.4.
gnome/gst-plugins-0.6.2-i486-1.tgz:  Upgraded to gst-plugins-0.6.2.
gnome/gstreamer-0.6.2-i486-1.tgz:  Upgraded to gstreamer-0.6.2.
gnome/intltool-0.27.2-noarch-1.tgz:  Added intltool-0.27.2.
gnome/libbonobo-2.2.3-i486-1.tgz:  Upgraded to libbonobo-2.2.3.
gnome/libbonoboui-2.2.4-i486-1.tgz:  Upgraded to libbonoboui-2.2.4.
gnome/libexif-0.5.12-i486-1.tgz:  Upgraded to libexif-0.5.12.
gnome/libgail-gnome-1.0.2-i486-2.tgz:  Recompiled.
gnome/libgnome-2.2.3-i486-1.tgz:  Upgraded to libgnome-2.2.3.
gnome/libgnomecanvas-2.2.1-i486-1.tgz:  Upgraded to libgnomecanvas-2.2.1.
gnome/libgnomeprint-2.2.1.3-i486-1.tgz:  Upgraded to libgnomeprint-2.2.1.3.
gnome/libgnomeprintui-2.2.1.3-i486-1.tgz:  Upgraded to libgnomeprintui-2.2.1.3.
gnome/libgnomeui-2.2.2-i486-1.tgz:  Upgraded to libgnomeui-2.2.2.
gnome/libgsf-1.8.1-i486-1.tgz:  Upgraded to libgsf-1.8.1.
gnome/libgtkhtml-2.2.4-i486-1.tgz:  Upgraded to libgtkhtml-2.2.4.
gnome/libgtop-2.0.3-i486-1.tgz:  Upgraded to libgtop-2.0.3.
gnome/libidl-0.8.2-i486-1.tgz:  Upgraded to libIDL-0.8.2.
gnome/libmikmod-3.1.10-i486-3.tgz:  Recompiled.  (used by xmms)
gnome/librsvg-2.2.5-i486-1.tgz:  Upgraded to librsvg-2.2.5.
gnome/libwnck-2.2.2-i486-1.tgz:  Upgraded to libwnck-2.2.2.
gnome/linc-1.0.3-i486-1.tgz:  Upgraded to linc-1.0.3.
gnome/metacity-2.4.55-i486-1.tgz:  Upgraded to metacity-2.4.55.
gnome/nautilus-2.2.4-i486-1.tgz:  Upgraded to nautilus-2.2.4.
gnome/nautilus-cd-burner-0.5.0-i486-1.tgz:  Upgraded to
  nautilus-cd-burner-0.5.0.
gnome/nautilus-media-0.2.2-i486-1.tgz:  Upgraded to nautilus-media-0.2.2.
gnome/orbit2-2.6.3-i486-1.tgz:  Upgraded to ORBit2-2.6.3.
gnome/pan-0.14.0-i486-1.tgz:  Upgraded to pan-0.14.0.
gnome/gconf-2.2.1-i486-1.tgz:  Upgraded to GConf-2.2.1.
gnome/scrollkeeper-0.3.12-i486-1.tgz:  Upgraded to scrollkeeper-0.3.12.
gnome/startup-notification-0.5-i486-2.tgz:  Recompiled.
gnome/yelp-2.2.3-i486-1.tgz:  Upgraded to yelp-2.2.3.
l/esound-0.2.29-i486-2.tgz:  Recompiled, moved esd.conf to /etc.
l/libart_lgpl-2.3.14-i486-1.tgz:  Upgraded to libart_lgpl-2.3.14.
l/libxml2-2.5.10-i486-1.tgz:  Upgraded to libxml2-2.5.10.
l/libxslt-1.0.32-i486-1.tgz:  Upgraded to libxslt-1.0.32.
n/curl-7.10.7-i486-1.tgz:  Upgraded to curl-7.10.7.
tcl/tcl-8.4.4-i486-1.tgz:  Upgraded to tcl8.4.4.
tcl/tk-8.4.4-i486-1.tgz:  Upgraded to tk8.4.4.
xap/blackbox-0.65.0-i386-1.tgz:  Moved from /extra.
xap/fluxbox-0.1.14-i386-1.tgz:  Moved from /extra.
xap/gaim-0.67-i486-1.tgz:  Upgraded to gaim-0.67.
xap/xchat-2.0.4-i486-1.tgz:  Upgraded to xchat-2.0.4.
extra/fluxbox-0.9.4/fluxbox-0.9.4-i486-1.tgz:  Added fluxbox-0.9.4 (beta).
+--------------------------+
Wed Aug 13 14:52:11 PDT 2003
l/arts-1.1.3-i486-1.tgz:  Upgraded to arts-1.1.3.
kde/kdeaddons-3.1.3-i486-1.tgz:  Upgraded to kdeaddons-3.1.3.
kde/kdeadmin-3.1.3-i486-1.tgz:  Upgraded to kdeadmin-3.1.3.
kde/kdeartwork-3.1.3-i486-1.tgz:  Upgraded to kdeartwork-3.1.3.
kde/kdebase-3.1.3-i486-1.tgz:  Upgraded to kdebase-3.1.3.
kde/kdebindings-3.1.3-i486-1.tgz:  Upgraded to kdebindings-3.1.3.
kde/kdeedu-3.1.3-i486-1.tgz:  Upgraded to kdeedu-3.1.3.
kde/kdegames-3.1.3-i486-1.tgz:  Upgraded to kdegames-3.1.3.
kde/kdegraphics-3.1.3-i486-1.tgz:  Upgraded to kdegraphics-3.1.3.
kde/kdelibs-3.1.3-i486-1.tgz:  Upgraded to kdelibs-3.1.3.
kde/kdemultimedia-3.1.3-i486-1.tgz:  Upgraded to kdemultimedia-3.1.3.
kde/kdenetwork-3.1.3-i486-1.tgz:  Upgraded to kdenetwork-3.1.3.
kde/kdepim-3.1.3-i486-1.tgz:  Upgraded to kdepim-3.1.3.
kde/kdesdk-3.1.3-i486-1.tgz:  Upgraded to kdesdk-3.1.3.
kde/kdetoys-3.1.3-i486-1.tgz:  Upgraded to kdetoys-3.1.3.
kde/kdeutils-3.1.3-i486-1.tgz:  Upgraded to kdeutils-3.1.3.
kde/kdevelop-3.0a5-i486-1.tgz:  Upgraded to kdevelop-3.0a5.
kde/quanta-3.1.3-i486-1.tgz:  Upgraded to quanta-3.1.3.
kdei/kde-i18n-*-3.1.3-noarch-1.tgz:  Upgraded to kde-i18n-3.1.3.
xap/netscape-7.1-i686-1.tgz:  Upgraded to netscape-7.1.
+--------------------------+
Tue Aug 12 12:49:36 PDT 2003
a/aaa_base-9.0.91-noarch-1.tgz:  Bump /etc/slackware-version to 9.1.0 (pre),
  to make it easier to tell a -current box from a 9.0 one now that we're
  upgrading glibc and introducing the usual binary incompatibility.  (symbol
  versioning may cause new -current compiled binaries to fail to run against
  earlier versions of glibc if function semantics have changed)
a/e2fsprogs-1.34-i486-1.tgz:  Upgraded to e2fsprogs-1.34.
a/glibc-solibs-2.3.2-i486-1.tgz:  Upgraded to glibc-2.3.2.
a/glibc-zoneinfo-2.3.2-noarch-1.tgz:  Upgraded to glibc-2.3.2.
d/automake-1.7.6-noarch-1.tgz:  Upgraded to automake-1.7.6.
d/j2sdk-1_4_2-i586-1.tgz:  Added Sun's Java(TM) 2 Software Development Kit,
  Standard Edition, Version 1.4.2 (from j2sdk-1_4_2-linux-i586.bin).
d/python-2.3-i486-1.tgz:  Upgraded to python-2.3.
d/python-demo-2.3-noarch-1.tgz:  Updated to demos from python-2.3.
d/python-tools-2.3-noarch-1.tgz:  Updated to tools from python-2.3.
gnome/vte-0.10.29-i486-1.tgz:  Upgraded to vte-0.10.29.
l/glibc-2.3.2-i486-1.tgz:  Upgraded to glibc-2.3.2.
l/glibc-i18n-2.3.2-noarch-1.tgz:  Upgraded to glibc-2.3.2.
l/imlib-1.9.14-i486-1.tgz:  Added imlib-1.9.14 (for KDE's Kuickshow).
l/lesstif-0.93.49-i486-1.tgz:  Upgraded to lesstif-0.93.49.
l/libmng-1.0.5-i486-1.tgz:  Added libmng-1.0.5.
l/libxml2-2.5.8-i486-1.tgz:  Upgraded to libxml2-2.5.8.
l/libxslt-1.0.31-i486-1.tgz:  Upgraded to libxslt-1.0.31.
l/pilot-link-0.11.8-i486-1.tgz:  Upgraded to pilot-link-0.11.8.
xap/mozilla-1.4-i486-1.tgz:  Upgraded to mozilla-1.4.
xap/xine-lib-1rc0a-i686-1.tgz:  Added xine-lib-1-rc0a.
xap/xine-ui-0.9.22-i686-1.tgz:  Added xine-ui-0.9.22.
extra/glibc-extra-packages/glibc-debug-2.3.2-i486-1.tgz:  Upgraded to
  glibc-2.3.2.
extra/glibc-extra-packages/glibc-profile-2.3.2-i486-1.tgz:  Upgraded to
  glibc-2.3.2.
testing/packages/gcc-3.3.1/gcc-3.3.1-i486-1.tgz:  Upgraded to gcc-3.3.1.
testing/packages/gcc-3.3.1/gcc-g++-3.3.1-i486-1.tgz:  Upgraded to gcc-3.3.1.
testing/packages/gcc-3.3.1/gcc-g77-3.3.1-i486-1.tgz:  Upgraded to gcc-3.3.1.
testing/packages/gcc-3.3.1/gcc-gnat-3.3.1-i486-1.tgz:  Upgraded to gcc-3.3.1.
testing/packages/gcc-3.3.1/gcc-java-3.3.1-i486-1.tgz:  Upgraded to gcc-3.3.1.
testing/packages/gcc-3.3.1/gcc-objc-3.3.1-i486-1.tgz:  Upgraded to gcc-3.3.1.
+--------------------------+
Mon Aug  4 11:53:04 PDT 2003
pasture/wu-ftpd-2.6.2/wu-ftpd-2.6.2-i486-2.tgz:  Fixed off-by-one buffer
  overflow.  Note that things in /pasture and -current are not supported,
  and may be insecure.  Don't assume wu-ftpd is now fixed for good.  :-)
  (* Security fix *)
+--------------------------+
Mon Jul 28 18:00:26 PDT 2003
isolinux/initrd.img, rootdisks/install.*:  Updated USB modules to 2.4.21.
  (Marc Mironescu reminded me to do this :)
pasture/gcl-2.4.4/gcl-2.4.4-i386-1.tgz:  Moved to /pasture because recent
  versions have experienced a 4x size increase, and because CLISP is back.
a/coreutils-5.0-i486-3.tgz:  Added [ -> test symlink.
  (bug report from Patrik Rådman)
a/gawk-3.1.3-i486-1.tgz:  Upgraded to gawk-3.1.3.
ap/dvd+rw-tools-5.10.4.5.4-i486-1.tgz:  Upgraded to dvd+rw-tools-5.10.4.5.4.
d/binutils-2.14.90.0.5-i486-1.tgz:  Upgraded to binutils-2.14.90.0.5.
d/distcc-2.9-i486-1.tgz:  Upgraded to distcc-2.9.
n/apache-1.3.28-i486-1.tgz:  Upgraded to apache-1.3.28.
n/mod_ssl-2.8.15_1.3.28-i486-1.tgz:  Upgraded to mod_ssl-2.8.15-1.3.28.
n/nfs-utils-1.0.5-i486-1.tgz:  Upgraded to nfs-utils-1.0.5.
n/newspost-2.1.1-i486-1.tgz:  Added newspost-2.1.1, a command-line utility for
  posting multi-part binaries to USENET newsgroups.
n/openssh-3.6.1p2-i486-2.tgz:  Fixed slogin man page symbolic link.
  (bug report from Alvaro Figueroa Cabezas)
+--------------------------+
Thu Jul 17 15:14:18 PDT 2003
extra/gimp-1.3.16/gimp-1.3.16-i486-1.tgz:  Upgraded to gimp-1.3.16.
extra/slacktrack-1.12/slacktrack-1.12-i486-1.tgz:  Upgraded to slacktrack-1.12.
d/clisp-2.30-i486-1.tgz:  Added clisp-2.30.
  I'm happy to bring this back, as it was something that was included in the
  Slackware 1.00 release.  It was because I needed a LISP interpreter for an AI
  class that I first got involved with Linux, and CLISP was the implementation
  I used.  Speaking of which, it is now ten years to the day since the Slackware
  1.00 release was announced on comp.os.linux.  :-)
  If Slackware has helped you out over the years, it has been my pleasure.
  Thanks for a great decade!
d/distcc-2.8-i486-1.tgz:  Upgraded to distcc-2.8.
+--------------------------+
Tue Jul 15 10:42:58 PDT 2003
n/nfs-utils-1.0.4-i486-2.tgz:  Fixed a bug in the new nfs-utils which can
  result in mountd crashing.  Thanks to André Muezerie for the report.
+--------------------------+
Mon Jul 14 14:16:12 PDT 2003
n/nfs-utils-1.0.4-i486-1.tgz:  Upgraded to nfs-utils-1.0.4.
  This fixes an off-by-one buffer overflow in xlog.c which could be used
  by an attacker to produce a denial of NFS service, or to execute
  arbitrary code.  All sites providing NFS services should upgrade to
  this new package immediately.
  (* Security fix *)
+--------------------------+
Thu Jun 26 18:05:13 PDT 2003
l/readline-4.3-i486-3.tgz:  Applied more official patches, similar to the
  ones applied previously to bash.  (pointed out by Vitaly Moskovkin)
+--------------------------+
Mon Jun 23 17:19:38 PDT 2003
a/bash-2.05b-i486-3.tgz:  Added official patches bash205b-005, bash205b-006,
  and bash205b-007.  (these were pointed out by Gerardo Exequiel Pozzi)
a/kernel-modules-2.4.21-i486-1.1.tgz:  Fixed the /lib/modules/2.4.21/build
  symlink (it now points to /usr/src/linux-2.4.21 as it should).
a/shadow-4.0.3-i486-8.tgz:  /usr/sbin/shadowconfig now chowns /etc/shadow
  and /etc/gshadow to the shadow group as it should.
  (fix from Gerardo Exequiel Pozzi)
ap/zsh-4.0.7-i486-1.tgz:  Upgraded to zsh-4.0.7.
l/gmp-4.1.2-i486-2.tgz:  Added --enable-cxx and --enable-mpbsd to the
  ./configure options (C++ support suggested by Chris Lumens).
n/iptables-1.2.8-i486-1.tgz:  Upgraded to iptables-1.2.8.
xap/gimp-1.2.5-i486-1.tgz:  Upgraded to gimp-1.2.5.
extra/bash-completion-20030607-noarch-1.tgz:  Upgraded to
  bash-completion-20030607.
extra/gimp-1.3.15/gimp-1.3.15-i486-1.tgz:  Upgraded to gimp-1.3.15.
extra/slacktrack-1.11r2/slacktrack-1.11r2-i486-1.tgz: Added Stuart Winter's
  "slacktrack" utility, a great little command-line utility for creating
  *.tgz packages for Slackware from a simple build script.
pasture/ipchains-1.3.10/ipchains-1.3.10-i386-1.tgz:  Moved to /pasture.
+--------------------------+
Tue Jun 17 16:20:17 PDT 2003
a/etc-5.1-noarch-3.tgz:  Added /etc/shadow entry for sshd user.
a/jfsutils-1.1.2-i486-1.tgz:  Upgraded to jfsutils-1.1.2.
a/kernel-ide-2.4.21-i486-1.tgz:  Upgraded to Linux 2.4.21.
a/kernel-modules-2.4.21-i486-1.tgz:  Upgraded kernel modules to Linux 2.4.21.
a/pkgtools-9.0.1-i386-2.tgz:  In makepkg, use --time-style=full-iso option
  to ls so that the output is the same in any locale.  This fixes a bug
  building the symlink installation script.  (thanks to Andrey V. Panov)
a/xfsprogs-2.3.9-i486-1.tgz:  Upgraded to xfsprogs-2.3.9.
d/distcc-2.7-i486-1.tgz:  Upgraded to distcc-2.7.
d/kernel-headers-2.4.21-i386-1.tgz:  Upgraded to Linux 2.4.21 kernel headers.
k/kernel-source-2.4.21-noarch-1.tgz:  Upgraded to Linux 2.4.21 source.
n/nmap-3.28-i486-1.tgz:  Upgraded to nmap-3.28.
n/proftpd-1.2.8-i486-3.tgz:  Added missing ftptop.
  (noticed by Gerardo Exequiel Pozzi)
bootdisks/:  Upgraded to Linux 2.4.21.
extra/kernel-modules-2.4.21_xfs/kernel-modules-2.4.21_xfs-i486-1.tgz:
  Upgraded the XFS-patched kernel modules package to Linux 2.4.21-xfs.
kernels/:  Upgraded to Linux 2.4.21.
rootdisks/network.dsk, pcmcia.dsk:  Upgraded to Linux 2.4.21 modules.
+--------------------------+
Fri Jun 13 23:02:35 PDT 2003
isolinux/initrd.img, rootdisks/install.*:  Better checks for bad media or
  corrupted packages.  Made some additions in /etc/passwd and /etc/group.
a/etc-5.1-noarch-2.tgz:  Removed 'x' from non-shadowed /etc/group entries.
  Added sshd user to /etc/passwd and sshd group to /etc/group.
  Fixed a bug installing a new /var/run/utmp.
ap/screen-3.9.15-i486-2.tgz:  Added /usr/share/screen/utf8encodings/,
  added additional configure options (--enable-telnet, --enable-locale,
  --enable-colors256, --enable-rxvt_osc).  Suggested by Frédéric L. W. Meunier.
l/atk-1.2.4-i486-1.tgz:  Upgraded to atk-1.2.4.
l/glib2-2.2.2-i486-1.tgz:  Upgraded to glib-2.2.2.
l/gtk+2-2.2.2-i486-1.tgz:  Upgraded to gtk+-2.2.2.
l/pango-1.2.3-i486-1.tgz:  Upgraded to pango-1.2.3.
l/utempter-0.5.2-i486-2.tgz:  Don't include an 'x' if group utmp must be added.
n/popa3d-0.6.3-i486-1.tgz:  Upgraded to popa3d-0.6.3.
+--------------------------+
Tue Jun 10 17:42:37 PDT 2003
a/lprng-3.8.21-i486-1.tgz:  Upgraded to lprng-3.8.21.
a/reiserfsprogs-3.6.8-i486-1.tgz:  Upgraded to reiserfsprogs-3.6.8.
  Added reiserfstune, which had previously been left out by the build script.
  (noticed by Dominik L. Borkowski -- thanks!)
ap/hpijs-1.4.1-i486-1.tgz:  Upgraded to hpijs-1.4.1.
ap/lsof-4.67-i486-1.tgz:  Upgraded to lsof-4.67.
+--------------------------+
Sun Jun  8 20:53:01 PDT 2003
a/e2fsprogs-1.33-i486-2.tgz:  Added the static libraries in addition to the
  shared ones (it didn't take long for larry to report that xfsprogs need this)
a/etc-5.1-noarch-1.tgz:  Added utmp and shadow to /etc/group.
  /etc/shadow is now readable by group shadow, and /var/run/utmp and
  /var/log/wtmp are read-writable by group utmp.
a/logrotate-3.6.8-i486-1.tgz:  Upgraded to logrotate-3.6.8.
  After rotating /var/log/wtmp the new file needs to be writable by group utmp.
a/sysklogd-1.4.1-i486-8.tgz:  Patched /etc/logrotate.d/syslog to rotate all log
  files and then restart syslogd, rather doing a rotate/restart for each of
  them.  Suggested by sverre.
a/sysvinit-2.84-i486-28.tgz:  In /etc/rc.d/rc.S, create utmp file with
  permissions so that the utmp group can write to it.
ap/screen-3.9.15-i486-1.tgz:  Upgraded to screen-3.9.15, linked against
  libutempter.so.0.
kde/kdebase-3.1.2-i486-2.tgz:  Konsole now supports utempter.
l/utempter-0.5.2-i486-1.tgz:  Added utempter-0.5.2, a library for allowing
  terminal programs to write to utmp/wtmp without special permissions.
tcl/tcl-8.4.3-i486-1.tgz:  Upgraded to tcl-8.4.3.
tcl/tk-8.4.3-i486-1.tgz:  Upgraded to tk-8.4.3.
x/xfree86-4.3.0-i486-3.tgz:  Recompiled for i486/i686 arch, linked xterm with
  libutempter.
x/xfree86-devel-4.3.0-i486-2.tgz:  Recompiled, added a /usr/include/freetype ->
  freetype2/freetype symlink (even though compiles should really use
  'freetype-config --cflags' to find that they need -I/usr/include/freetype2)
x/xfree86-xnest-4.3.0-i486-2.tgz:  Recompiled.
x/xfree86-xprt-4.3.0-i486-2.tgz:  Recompiled.
x/xfree86-xvfb-4.3.0-i486-2.tgz:  Recompiled.
xap/rxvt-2.7.10-i486-1.tgz:  Upgraded to rxvt-2.7.10, linked with libutempter.
xap/xlockmore-5.08.2-i486-1.tgz:  Upgraded to xlockmore-5.08.2, setgid shadow
  rather than setuid root.  Moved from /extra.
xap/xscreensaver-4.10-i486-1.tgz:  Upgraded to xscreensaver-4.10, setgid shadow
  rather than setuid root.
+--------------------------+
Thu Jun  5 20:06:11 PDT 2003
a/e2fsprogs-1.33-i486-1.tgz:  Upgraded to e2fsprogs-1.33.
ap/most-4.9.4-i486-1.tgz:  Added most-4.9.4.
ap/jed-0.99_16-i486-1.tgz:  Upgraded to jed-0.99-16.
d/automake-1.7.5-noarch-1.tgz:  Upgraded to automake-1.7.5.
d/distcc-2.5.1-i486-1.tgz:  Upgraded to distcc-2.5.1.
l/slang-1.4.9-i486-1.tgz:  Upgraded to slang-1.4.9.
n/slrn-0.9.7.4-i486-1.tgz:  Added slrn-0.9.7.4.
n/uucp-1.07-i486-1.tgz:  Upgraded to Taylor UUCP version 1.07.
  Moved config files to /etc/uucp.
xap/fvwm-2.4.16-i486-1.tgz:  Upgraded to fvwm-2.4.16.
xap/gaim-0.64-i486-1.tgz:  Upgraded to gaim-0.64.
+--------------------------+
Wed Jun  4 18:51:15 PDT 2003
d/perl-5.8.0-i486-4.tgz:  Recompiled for i486/i686 arch.
  Added DBI and DBD-mysql modules (by popular request).
d/python-2.2.3-i486-1.tgz:  Upgraded to python-2.2.3.
d/python-demo-2.2.3-noarch-1.tgz:  Added Python demos.
d/python-tools-2.2.3-noarch-1.tgz:  Added Python tools, such as idle.
  Thanks to Rob McGee for the suggestion.  :-)
l/libxml2-2.5.7-i486-1.tgz:  Upgraded to libxml2-2.5.7.
l/libxslt-1.0.30-i486-1.tgz:  Upgraded to libxslt-1.0.30.
xap/gimp-1.2.4-i486-1.tgz:  Upgraded to gimp-1.2.4.
xap/imagemagick-5.5.7_8-i486-1.tgz:  Upgraded to ImageMagick-5.5.7-8.
xap/sane-1.0.12-i486-1.tgz:  Upgraded to sane-frontends-1.0.11 and
  sane-backends-1.0.12.
xap/xsane-0.91-i486-1.tgz:  Upgraded to xsane-0.91.
extra/gimp-1.3.14/gimp-1.3.14-i486-1.tgz:  Upgraded to gimp-1.3.14.
+--------------------------+
Sat May 31 21:34:22 PDT 2003
a/procps-2.0.13-i486-1.tgz:  Upgraded to procps-2.0.13.
  Will the real procps please stand up.  ;-)  After noticing Robert Love's
  post on lkml, I realized we've been using the wrong version of procps.
  This version seems considerably better, requiring only 1 of the 5 patches
  I usually apply to procps (I'm not a fan of the bold white text in 'top').
a/shadow-4.0.3-i386-7.tgz:  /usr/sbin/adduser fixes (from Stuart Winter).
  Fixed the newgrp patch from Simon Williams so that it applies correctly.
a/syslinux-2.04-i386-1.tgz:  Upgraded to syslinux-2.04.
a/util-linux-2.11z-i486-2.tgz:  This package now provides /bin/kill (which is
  no longer part of the procps package).
n/imapd-4.56-i486-1.tgz:  Upgraded to IMAP4rev1 2003.338 from pine4.56.
n/nfs-utils-1.0.3-i486-1.tgz:  Upgraded to nfs-utils-1.0.3.
n/php-4.3.2-i486-1.tgz:  Upgraded to php-4.3.2.
  A bit of the information about the release on www.php.net:
      * Fixes several potentially hazardous integer and buffer overflows.
      * New "disable_classes" php.ini option to allow administrators to
        disable certain classes for security reasons.
      * ..and a HUGE amount of other bug fixes!
  (* Security fix *)
  Also enabled --with-gettext=shared,/usr in this PHP build.  Thanks to
  Petr Hostalek for the reminder.
n/pine-4.56-i486-1.tgz:  Upgraded to pine-4.56.
+--------------------------+
Thu May 29 01:01:07 PDT 2003
a/coreutils-5.0-i486-2.tgz:  Added symlinks for ginstall in case anything tries
  to use the old name rather than 'install'.  Problem noted by Matias Aguirre.
a/etc-5.0-noarch-13.tgz:  Make sure the default paths are added to
  /etc/ld.so.conf, even if the file already exists.  Reported by Marin Mitov.
a/hotplug-2003_05_01-noarch-1.tgz:  Upgraded to hotplug-2003_05_01.
a/sysvinit-2.84-i486-27.tgz:  Fixed a bug with the use of /etc/fastboot in
  /etc/rc.d/rc.S.  Thanks to Jaroslaw Swierczynski for the patch.
ap/dvd+rw-tools-5.5.4.3.4-i486-1.tgz:  Added dvd+rw-tools-5.5.4.3.4.
d/binutils-2.14.90.0.4-i486-1.tgz:  Upgraded to binutils-2.14.90.0.4.
  Included c++filt, which used to be redundant but is no longer provided by GCC
  (as of version 3.3).  Thanks to Udo A. Steinberg for pointing out that c++filt
  was missing from the gcc-3.3 packages.
extra/cups-1.1.19/cups-1.1.19-i486-1.tgz:  Upgraded to cups-1.1.19.
  A denial of service problem that allowed a CUPS client to hang the CUPS
  server is now fixed in CUPS 1.1.19.  Note that CUPS is not installed by
  default -- it is shipped as one of the packages in /extra.
  (* Security fix *)
+--------------------------+
Thu May 22 23:28:30 PDT 2003
e/emacs-21.3-i486-1.tgz:  Upgraded to GNU Emacs 21.3.
e/emacs-info-21.3-noarch-1.tgz:  Upgraded to GNU Emacs 21.3.
e/emacs-leim-21.3-noarch-1.tgz:  Upgraded to GNU Emacs 21.3.
e/emacs-lisp-21.3-noarch-1.tgz:  Upgraded to GNU Emacs 21.3.
e/emacs-misc-21.3-noarch-1.tgz:  Upgraded to GNU Emacs 21.3.
e/emacs-nox-21.3-i486-1.tgz:  Upgraded to GNU Emacs 21.3.
+--------------------------+
Wed May 21 16:05:37 PDT 2003
We have free space on the FTP machine again!  :-)
Thanks to Jorg B. and cwo.com for all their support for this project, including
  loaning us hardware, hosting our machines (and helping to maintain them), and
  providing bandwidth for our web and FTP site.  You're the greatest!
a/coreutils-5.0-i486-1.tgz:  This package replaces the GNU fileutils, sh-utils,
  and textutils packages.  Also, edited DIR_COLORS to change video files to use
  the same colors as image files.  Previously they were "bold white", which made
  them invisible in terminals with a white background.
a/cxxlibs-5.1.0-i486-1.tgz:  Upgraded to libstdc++ from gcc-3.2.3, moved legacy
  shared libraries to /usr/i486-slackware-linux/lib/.
a/etc-5.0-noarch-12.tgz:  In ld.so.conf, remove /usr/i386-slackware-linux/lib
  and add /usr/i486-slackware-linux/lib.
a/glibc-solibs-2.3.1-i486-4.tgz:  Patched a buffer overflow in some dead code
  (xdrmem_getbytes(), which we couldn't find used by anything, but it doesn't
  hurt to patch it anyway)
  (* Security fix *)
a/glibc-zoneinfo-2.3.1-noarch-4.tgz:  Rebuilt.
a/hotplug-2002_08_26-noarch-6.tgz:  Fix a bug which prevents hotplugged
  network cards from invoking rc.inet1 to bring up the interface.
  (Thanks to Mark for the bug report)
  Blacklist 8139cp driver as it interferes with 8139too.
a/pkgtools-9.0.1-i386-1.tgz:  Add a --dry-run mode to upgradepkg.
a/sed-3.60-i386-1.tgz:  Switched to super-sed version 3.60, as recent (4.0.x)
  versions of GNU sed have regex bugs that slow certain scripts to an absolute
  crawl.  Thanks to Haakon Riiser for reporting the problem and providing
  benchmark script for testing.  We won't be "upgrading" sed again without good
  cause...
a/sysvinit-2.84-i386-26.tgz:  Use option m, not M, for quotacheck.  Otherwise,
  the partition might be remounted losing flags like nosuid,nodev,noexec.
  Thanks to Jem Berkes for pointing this out.
  (* Security fix *)
d/binutils-2.14.90.0.2-i486-1.tgz:  Upgraded to binutils-2.14.90.0.2.
d/distcc-2.3-i386-1.tgz:  Upgraded to distcc-2.3.
d/gcc-3.2.3/gcc-3.2.3-i486-1.tgz:  Upgraded to GCC 3.2.3.
d/gcc-3.2.3/gcc-g++-3.2.3-i486-1.tgz:  Upgraded to GCC 3.2.3.
d/gcc-3.2.3/gcc-g77-3.2.3-i486-1.tgz:  Upgraded to GCC 3.2.3.
d/gcc-3.2.3/gcc-gnat-3.2.3-i486-1.tgz:  Upgraded to GCC 3.2.3.
d/gcc-3.2.3/gcc-java-3.2.3-i486-1.tgz:  Upgraded to GCC 3.2.3.
d/gcc-3.2.3/gcc-objc-3.2.3-i486-1.tgz:  Upgraded to GCC 3.2.3.
kde/*.tgz:  Upgraded to KDE 3.1.2.
kdei/*.tgz:  Upgraded KDE i18n packages to KDE 3.1.2.
l/arts-1.1.2-i386-1.tgz:  Upgraded to arts-1.1.2 from KDE 3.1.2.
l/glibc-2.3.1-i486-4.tgz:  Patched, recompiled.
  (* Security fix *)
l/glibc-i18n-2.3.1-noarch-4.tgz:  Rebuilt.
n/apache-1.3.27-i386-3.tgz:  Rebuilt with the EAPI patch from
  mod_ssl-2.8.14_1.3.27.
n/bitchx-1.0c19-i486-3.tgz:  Patched several potential "evil server" security
  problems noted by Timo Sirainen.
  (* Security fix *)
n/gnupg-1.2.2-i486-1.tgz:  Upgraded to gnupg-1.2.2, which fixes a bug in key
  validation for keys with more than one user ID.  The bug results in all
  user IDs on a given key being treated with the validity of the most-valid
  user ID on that key.
  (* Security fix *)
n/mod_ssl-2.8.14_1.3.27-i386-1.tgz:  Upgraded to mod_ssl-2.8.14_1.3.27.
  Includes RSA blinding fixes.
  (* Security fix *)
n/epic4-1.0.1-i386-3.tgz:  Patched a buffer overflow in ctcp.c.
  (* Security fix *)
n/imapd-4.55-i386-1.tgz:  Upgraded to IMAP4rev1 2003.337 from pine4.55.
n/openssh-3.6.1p2-i486-1.tgz:  Upgraded to openssh-3.6.1p2.
n/pine-4.55-i386-1.tgz:  Upgraded to pine-4.55.  Added DEBUG= to the build line
  to eliminate .pine-debug* files, and added support for $HOME/.pine.pwd.
  (Thanks to Frédéric L. W. Meunier)
n/sendmail-8.12.9-i386-2.tgz:  Added features to sendmail.cf, supporting the
  following new configuration files in /etc/mail:  domaintable,
  local-host-names, mailertable, trusted-users, and virtusertable.  If there's
  not already an installed sendmail.cf, we use this new one by default --
  there's no longer a selection menu, so UUCP people will have to install the
  UUCP .cf file from /usr/share/sendmail/ by hand.  Added a Makefile to
  /etc/mail/ to assist with running makemap and newaliases.
  Thanks to Mike Wilson who suggested these improvements a while back.
n/sendmail-cf-8.12.9-noarch-2.tgz:  Rebuilt with new sendmail.cf and
  sendmail-slackware.mc.
x/ttf-bitstream-vera-1.10-noarch-1.tgz:  Added Bitstream Vera fonts.
xap/xap/mozilla-1.3.1-i386-1.tgz:  Upgraded to Mozilla 1.3.1.
extra/glibc-extra-packages/glibc-debug-2.3.1-i486-4.tgz:  Patched, recompiled.
  (* Security fix *)
extra/glibc-extra-packages/glibc-profile-2.3.1-i486-4.tgz:  Patched, recompiled.
  (* Security fix *)
Added the following test packages that we're not ready to merge in yet:
testing/packages/gcc-3.3/gcc-3.3-i486-1.tgz:  This is GCC 3.3, compiled for
  a minimum CPU target of i486.  Why i486 and not i386?  Because the shared
  C++ libraries in gcc-3.2.x will require 486 opcodes even when a 386 target
  is used (so we already weren't compatible with the i386 for Slackware 9.0
  and nobody noticed :-).  gcc-3.3 fixes this issue and allows you to build a
  386 compiler, but the fix is done in a way that produces binaries that are
  not compatible with gcc-3.2.x compiled binaries and which suffer a
  performance hit.  To retain compatibility with Slackware 9.0, we'll have to
  use i486 (or better) as the compiler target for gcc-3.3.  Therefore, it is
  time to say goodbye to i386 support in Slackware.  I've surveyed 386 usage
  online, and the most common thing I see people say when someone asks about
  running Linux on a 386 is to "run Slackware", but then they also usually go
  on to say "be sure to get an OLD version, like 4.0, before glibc, because
  it'll be more efficient."  Now, if that's the general advice, then I see no
  reason to continue 386 support in the latest Slackware (and indeed it's no
  longer easily possible).  People with 386 machines aren't going to have the
  hard drive space for Slackware 9.1 in any case.
testing/packages/gcc-3.3/gcc-g++-3.3-i486-1.tgz
testing/packages/gcc-3.3/gcc-g77-3.3-i486-1.tgz
testing/packages/gcc-3.3/gcc-gnat-3.3-i486-1.tgz
testing/packages/gcc-3.3/gcc-java-3.3-i486-1.tgz
testing/packages/gcc-3.3/gcc-objc-3.3-i486-1.tgz
testing/packages/glibc-2.3.2/glibc-2.3.2-i486-1.tgz:  This is also compiled
  for a minimum target of i486 (the gcc-3.2.2 i486 compiler was used).  Again,
  if the future plan is to drop support for i386 in the main version of
  Slackware, then we might as well start doing that soon.
  Note that this version of glibc fixes some bugs, and could be an interesting
  upgrade for Slackware 9.0 machines.  It's known to fix problems with Qt
  Designer crashing, and includes the xdrmem_getbytes() fix mentioned above.
testing/packages/glibc-2.3.2/glibc-debug-2.3.2-i486-1.tgz
testing/packages/glibc-2.3.2/glibc-i18n-2.3.2-noarch-1.tgz
testing/packages/glibc-2.3.2/glibc-profile-2.3.2-i486-1.tgz
testing/packages/glibc-2.3.2/glibc-solibs-2.3.2-i486-1.tgz
testing/packages/glibc-2.3.2/glibc-zoneinfo-2.3.2-noarch-1.tgz
+--------------------------+
Mon Apr 28 17:14:20 PDT 2003
Slackware -current (pre-9.1) branched.
a/openssl-solibs-0.9.7b-i386-1.tgz: moved from /patches.
a/procps-3.1.8-i386-1.tgz: moved from /patches.
kde/qt-3.1.2-i386-3.tgz: moved from /patches.
kde/koffice-1.2.1-i386-3.tgz: moved from /patches.
kde/arts-1.1.1-i386-1.tgz: moved from /patches.
kde/kdeaddons-3.1.1-i386-1.tgz: moved from /patches.
kde/kdeadmin-3.1.1-i386-1.tgz: moved from /patches.
kde/kdeartwork-3.1.1-i386-1.tgz: moved from /patches.
kde/kdebase-3.1.1a-i386-1.tgz: moved from /patches.
kde/kdebindings-3.1.1-i386-1.tgz: moved from /patches.
kde/kdeedu-3.1.1-i386-1.tgz: moved from /patches.
kde/kdegames-3.1.1-i386-1.tgz: moved from /patches.
kde/kdegraphics-3.1.1a-i386-1.tgz: moved from /patches.
kde/kdelibs-3.1.1a-i386-1.tgz: moved from /patches.
kde/kdemultimedia-3.1.1-i386-1.tgz: moved from /patches.
kde/kdenetwork-3.1.1-i386-1.tgz: moved from /patches.
kde/kdepim-3.1.1-i386-1.tgz: moved from /patches.
kde/kdesdk-3.1.1-i386-1.tgz: moved from /patches.
kde/kdetoys-3.1.1-i386-1.tgz: moved from /patches.
kde/kdeutils-3.1.1-i386-1.tgz: moved from /patches.
kde/kdevelop-3.0a4a-i386-1.tgz: moved from /patches.
kde/quanta-3.1.1-i386-2.tgz: moved from /patches.
kdei/kde-i18n-af-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ar-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-bg-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-bs-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ca-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-cs-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-da-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-de-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-el-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-en_GB-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-eo-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-es-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-et-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-eu-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-fa-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-fi-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-fr-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-he-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-hr-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-hu-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-is-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-it-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ja-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-lt-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-mt-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-nb-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-nl-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-nn-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-nso-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-pl-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-pt-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-pt_BR-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ro-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ru-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-se-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-sk-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-sl-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-sr-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ss-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-sv-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ta-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-th-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-tr-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-uk-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-ven-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-vi-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-xh-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-zh_CN-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-zh_TW-3.1.1-noarch-1.tgz: moved from /patches.
kdei/kde-i18n-zu-3.1.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-af-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-ar-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-bs-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-ca-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-cs-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-da-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-de-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-el-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-en_GB-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-eo-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-es-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-et-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-fr-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-he-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-hu-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-it-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-ja-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-lt-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-lv-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-mt-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-nb-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-nl-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-nn-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-pl-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-pt-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-pt_BR-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-ru-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-sk-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-sl-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-sv-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-th-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-tr-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-uk-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-ven-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-xh-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-zh_TW-1.2.1-noarch-1.tgz: moved from /patches.
kdei/koffice-i18n-zu-1.2.1-noarch-1.tgz: moved from /patches.
n/sendmail-8.12.9-i386-1.tgz: moved from /patches.
n/sendmail-cf-8.12.9-noarch-1.tgz: moved from /patches.
n/mutt-1.4.1i-i386-1.tgz: moved from /patches.
n/openssh-3.6.1p1-i386-1.tgz: moved from /patches.
n/openssl-0.9.7b-i386-1.tgz: moved from /patches.
n/samba-2.2.8a-i386-1.tgz: moved from /patches.
+--------------------------+
Sun Apr 20 16:35:57 PDT 2003
patches/packages/openssh-3.6.1p1-i386-1.tgz:  Upgraded to openssh-3.6.1p1.
patches/packages/openssl-0.9.7b-i386-1.tgz:  Upgraded to openssl-0.9.7b.  This
  includes patches for the widely publicized timing attacks against SSL.  We've
  seen no evidence that these attacks have occured in the wild (and suspect it
  to be unlikely), but recommend that sites using SSL upgrade.
  (* Security fix *)
patches/packages/openssl-solibs-0.9.7b-i386-1.tgz:  Upgraded to shared libraries
  from openssl-0.9.7b.  Protects against timing attacks.
  (* Security fix *)
patches/packages/procps-3.1.8-i386-1.tgz:  Upgraded to procps-3.1.8.  Also
  upgraded to psmisc-21.2, which fixes a problem with 'killall' sending the
  wrong signals.  (reported by Phil Howard and Phil DeBecker)
patches/packages/kde/quanta-3.1.1-i386-2.tgz:  Fixed package build.
+--------------------------+
Thu Apr 17 15:32:15 PDT 2003
patches/packages/kde/*:  Upgraded to KDE 3.1.1a.  Also included in
  this directory are a rebuild of Qt (linked with Xft2 rather than
  Xft1), an updated aRts package (the aRts sound server is a
  component of KDE, but ships as part of Slackware's L series), and
  kdevelop-3.0a4a.

  Note that this update addresses a security problem with KDE's
  handling of PostScript documents.  This is the overview of the
  problem from the KDE site:

    KDE uses Ghostscript software for processing of PostScript (PS)
    and PDF files in a way that allows for the execution of arbitrary
    commands that can be contained in such files.

    An attacker can prepare a malicious PostScript or PDF file which will
    provide the attacker with access to the victim's account and privileges
    when the victim opens this malicious file for viewing or when the
    victim browses a directory containing such malicious file and has
    file previews enabled.

    An attacker can provide malicious files remotely to a victim in an
    e-mail, as part of a webpage, via an ftp server and possible other
    means.

We recommend that sites running KDE install this update.

Please note that the change from Xft1 to Xft2 has changed the available
fonts in Konsole (and presumably elsewhere), and that Xft2 seems unable to
display the Linux Console font that was previously Slackware's default.
Also, it doesn't handle gamma correction when displaying fonts against a
black background, so we've had to change the default to black fonts on a
white background (this is Konsole's default).  This creates an additional
issue with certain file types displayed as bold white by /etc/DIR_COLORS
becoming invisible in directory listings.  A workaround is to comment out
these lines (or change to a different color):

.mpg 01;37 # movie formats
.avi 01;37
.mov 01;37

(* Security fix *)

patches/packages/kdei/*:  New internationalization packages for KDE 3.1.1a.
+--------------------------+
Mon Apr  7 14:26:53 PDT 2003
patches/packages/samba-2.2.8a-i386-1.tgz:  Upgraded to samba-2.2.8a.
  From the samba-2.2.8a WHATSNEW.txt:

            ****************************************
            * IMPORTANT: Security bugfix for Samba *
            ****************************************

  Digital Defense, Inc. has alerted the Samba Team to a serious
  vulnerability in all stable versions of Samba currently shipping.
  The Common Vulnerabilities and Exposures (CVE) project has assigned
  the ID CAN-2003-0201 to this defect.

  This vulnerability, if exploited correctly, leads to an anonymous
  user gaining root access on a Samba serving system. All versions
  of Samba up to and including Samba 2.2.8 are vulnerable. An active
  exploit of the bug has been reported in the wild. Alpha versions of
  Samba 3.0 and above are *NOT* vulnerable.

(* Security fix *)
+--------------------------+
Sat Mar 29 13:46:36 PST 2003
patches/packages/mutt-1.4.1i-i386-1.tgz:  Upgraded to mutt-1.4.1i.
  From www.mutt.org:
    Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These
    releases both fix a buffer overflow identified by Core Security
    Technologies. The only differences between 1.4 and 1.4.1 are bug
    fixes. If you are currently using 1.4, it's probably a very good
    idea to update.
  (* Security fix *)
patches/packages/sendmail-8.12.9-i386-1.tgz:  Upgraded to sendmail-8.12.9.
  From sendmail's RELEASE_NOTES:
    8.12.9/8.12.9   2003/03/29
    SECURITY: Fix a buffer overflow in address parsing due to
              a char to int conversion problem which is potentially
              remotely exploitable.  Problem found by Michal Zalewski.
              Note: an MTA that is not patched might be vulnerable to
              data that it receives from untrusted sources, which
              includes DNS.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.9-noarch-1.tgz:  Updated config files for
  sendmail-8.12.9.
+--------------------------+
Tue Mar 18 01:44:41 PST 2003
Slackware 9.0 is released...  happy release day!
bootdisks/*:  Patched kmod/ptrace hole.  (see below)
kernels/*:  Patched kmod/ptrace hole.  (see below)
a/kernel-ide-2.4.20-i486-5.tgz:  Patched kmod/ptrace hole.  (see below)
ap/mysql-3.23.56-i386-1.tgz:  Upgraded to mysql-3.23.56.
d/ccache-2.2-i386-1.tgz:  Added ccache-2.2.
d/kernel-headers-2.4.20-i386-5.tgz:  Patched ptrace related headers.
k/kernel-source-2.4.20-noarch-5.tgz:  Patched kmod/ptrace hole.
  The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x
  before 2.4.20, allows local users to gain root privileges by using ptrace
  to attach to a child process that is spawned by the kernel.
  For additional information and references, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127
  (* Security fix *)