Wed Jul 25 02:02:40 UTC 2012 patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz: Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386 (* Security fix *) +--------------------------+ Wed Jul 18 05:35:26 UTC 2012 patches/packages/libexif-0.6.21-i486-1_slack11.0.tgz: Upgraded. This update fixes a number of remotely exploitable issues in libexif with effects ranging from information leakage to potential remote code execution. For more information, see: http://sourceforge.net/mailarchive/message.php?msg_id=29534027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845 (* Security fix *) +--------------------------+ Mon Jun 25 02:32:37 UTC 2012 patches/packages/freetype-2.4.10-i486-1_slack11.0.tgz: Upgraded. Since freetype-2.4.8 many fixes were made to better handle invalid fonts. Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144 and SA48320) so all users should upgrade. (* Security fix *) +--------------------------+ Thu Jun 14 05:02:39 UTC 2012 #################################################################### # NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS # # # # Effective August 1, 2012, security patches will no longer be # # provided for the following versions of Slackware (which will all # # be more than 5 years old at that time): # # Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0. # # If you are still running these versions you should consider # # migrating to a newer version (preferably as recent as possible). # # Alternately, you may make arrangements to handle your own # # security patches. If for some reason you are unable to upgrade # # or handle your own security patches, limited security support # # may be available for a fee. Inquire at security@slackware.com. # #################################################################### patches/packages/bind-9.7.6_P1-i486-1_slack11.0.tgz: Upgraded. This release fixes an issue that could crash BIND, leading to a denial of service. It also fixes the so-called "ghost names attack" whereby a remote attacker may trigger continued resolvability of revoked domain names. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 IMPORTANT NOTE: This is a upgraded version of BIND, _not_ a patched one. It is likely to be more strict about the correctness of configuration files. Care should be taken about deploying this upgrade on production servers to avoid an unintended interruption of service. (* Security fix *) +--------------------------+ Wed May 23 00:14:52 UTC 2012 patches/packages/libxml2-2.6.32-i486-2_slack11.0.tgz: Upgraded. Patched an off-by-one error in XPointer that could lead to a crash or possibly the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102 (* Security fix *) +--------------------------+ Sat May 19 19:03:37 UTC 2012 patches/packages/openssl-0.9.8x-i486-1_slack11.0.tgz: Upgraded. This is a very minor security fix: o Fix DTLS record length checking bug CVE-2012-2333 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 (* Security fix *) patches/packages/openssl-solibs-0.9.8x-i486-1_slack11.0.tgz: Upgraded. This is a very minor security fix: o Fix DTLS record length checking bug CVE-2012-2333 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 (* Security fix *) +--------------------------+ Fri Apr 27 01:07:23 UTC 2012 patches/packages/openssl-0.9.8w-i486-1_slack11.0.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) patches/packages/openssl-solibs-0.9.8w-i486-1_slack11.0.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) +--------------------------+ Mon Apr 23 18:18:31 UTC 2012 patches/packages/openssl-0.9.8v-i486-1_slack11.0.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) patches/packages/openssl-solibs-0.9.8v-i486-1_slack11.0.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) +--------------------------+ Wed Apr 11 17:16:32 UTC 2012 patches/packages/samba-3.0.37-i486-5_slack11.0.tgz: Rebuilt. This is a security release in order to address a vulnerability that allows remote code execution as the "root" user. All sites running a Samba server should update to the new Samba package and restart Samba. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182 (* Security fix *) +--------------------------+ Sat Apr 7 21:48:42 UTC 2012 patches/packages/libtiff-3.8.2-i486-5_slack11.0.tgz: Rebuilt. Patched overflows that could lead to arbitrary code execution when parsing a malformed image file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173 (* Security fix *) +--------------------------+ Wed Feb 22 18:14:58 UTC 2012 patches/packages/libpng-1.2.47-i486-1_slack11.0.tgz: Upgraded. All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57, respectively, fail to correctly validate a heap allocation in png_decompress_chunk(), which can lead to a buffer-overrun and the possibility of execution of hostile code on 32-bit systems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 (* Security fix *) +--------------------------+ Wed Feb 8 01:21:42 UTC 2012 patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz: Upgraded. This update fixes a use-after-free() memory corruption error, and possibly other unspecified issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130 (* Security fix *) patches/packages/vsftpd-2.3.5-i486-1_slack11.0.tgz: Upgraded. Minor version bump, this also works around a hard to trigger heap overflow in glibc (glibc zoneinfo caching vuln). For there to be any possibility to trigger the glibc bug within vsftpd, the non-default option "chroot_local_user" must be set in /etc/vsftpd.conf. Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-) Nevertheless: (* Security fix *) +--------------------------+ Wed Feb 1 23:14:56 UTC 2012 patches/packages/freetype-2.4.8-i486-1_slack11.0.tgz: Upgraded. Some vulnerabilities in handling CID-keyed PostScript fonts have been fixed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439 (* Security fix *) patches/packages/openssl-0.9.8t-i486-1_slack11.0.tgz: Upgraded. This fixes a bug where DTLS applications were not properly supported. This bug could have allowed remote attackers to cause a denial of service via unspecified vectors. CVE-2012-0050 has been assigned to this issue. For more details see: http://openssl.org/news/secadv_20120118.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050 (* Security fix *) patches/packages/openssl-solibs-0.9.8t-i486-1_slack11.0.tgz: Upgraded. This fixes a bug where DTLS applications were not properly supported. This bug could have allowed remote attackers to cause a denial of service via unspecified vectors. CVE-2012-0050 has been assigned to this issue. For more details see: http://openssl.org/news/secadv_20120118.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050 (* Security fix *) +--------------------------+ Thu Nov 17 02:09:25 UTC 2011 patches/packages/bind-9.4_ESV_R5_P1-i486-1_slack11.0.tgz: Upgraded. --- 9.4-ESV-R5-P1 released --- 3218. [security] Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [RT #26590] (* Security fix *) +--------------------------+ Fri Nov 11 18:58:21 UTC 2011 Good 11-11-11, everyone! Enjoy some fresh time. :) patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.tgz: Upgraded. New upstream homepage: http://www.iana.org/time-zones +--------------------------+ Thu Aug 25 09:10:45 UTC 2011 extra/php5/php-5.3.8-i486-1_slack11.0.tgz: Upgraded. Security fixes vs. 5.3.6 (5.3.7 was not usable): Updated crypt_blowfish to 1.2. (CVE-2011-2483) Fixed crash in error_log(). Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt(). Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483 For those upgrading from PHP 5.2.x, be aware that quite a bit has changed, and it will very likely not 'drop in', but PHP 5.2.x is not supported by php.net any longer, so there wasn't a lot of choice in the matter. We're not able to support a security fork of PHP 5.2.x here either, so you'll have to just bite the bullet on this. You'll be better off in the long run. :) (* Security fix *) +--------------------------+ Fri Aug 12 23:20:00 UTC 2011 patches/packages/bind-9.4_ESV_R5-i486-1_slack11.0.tgz: Upgraded. This BIND update addresses a couple of security issues: * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. [RT #24777] [CVE-2011-2464] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *) +--------------------------+ Fri Jul 29 18:22:40 UTC 2011 patches/packages/libpng-1.2.46-i486-1_slack11.0.tgz: Upgraded. Fixed uninitialized memory read in png_format_buffer() (Bug report by Frank Busse, related to CVE-2004-0421). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421 (* Security fix *) +--------------------------+ Mon Jun 20 00:49:34 UTC 2011 patches/packages/fetchmail-6.3.20-i486-1_slack11.0.tgz: Upgraded. This release fixes a denial of service in STARTTLS protocol phases. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt (* Security fix *) +--------------------------+ Fri May 27 22:56:00 UTC 2011 patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack11.0.tgz: Upgraded. This release fixes security issues: * A large RRSET from a remote authoritative server that results in the recursive resolver trying to negatively cache the response can hit an off by one code error in named, resulting in named crashing. [RT #24650] [CVE-2011-1910] * Zones that have a DS record in the parent zone but are also listed in a DLV and won't validate without DLV could fail to validate. [RT #24631] For more information, see: http://www.isc.org/software/bind/advisories/cve-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 (* Security fix *) +--------------------------+ Wed May 25 20:03:16 UTC 2011 patches/packages/apr-1.4.5-i486-1_slack11.0.tgz: Upgraded. This fixes a possible denial of service due to a problem with a loop in the new apr_fnmatch() implementation consuming CPU. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 (* Security fix *) patches/packages/apr-util-1.3.12-i486-1_slack11.0.tgz: Upgraded. Fix crash because of NULL cleanup registered by apr_ldap_rebind_init(). +--------------------------+ Fri May 13 20:30:07 UTC 2011 patches/packages/apr-1.4.4-i486-1_slack11.0.tgz: Upgraded. This fixes a possible denial of service due to an unconstrained, recursive invocation of apr_fnmatch(). This function has been reimplemented using a non-recursive algorithm. Thanks to William Rowe. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419 (* Security fix *) patches/packages/apr-util-1.3.11-i486-1_slack11.0.tgz: Upgraded. +--------------------------+ Thu Apr 21 03:13:14 UTC 2011 patches/packages/rdesktop-1.6.0-i486-2_slack11.0.tgz: Rebuilt. Patched a traversal vulnerability (disallow /.. requests). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1595 (* Security fix *) +--------------------------+ Mon Apr 18 19:59:50 UTC 2011 patches/packages/acl-2.2.50-i486-1_slack11.0.tgz: Upgraded. Fix the --physical option in setfacl and getfacl to prevent symlink attacks. Thanks to Martijn Dekker for the notification. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411 (* Security fix *) +--------------------------+ Fri Apr 8 06:58:48 UTC 2011 patches/packages/libtiff-3.8.2-i486-4_slack11.0.tgz: Rebuilt. Patched overflows that could lead to arbitrary code execution when parsing a malformed image file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 (* Security fix *) +--------------------------+ Thu Apr 7 04:07:29 UTC 2011 patches/packages/dhcp-3.1_ESV_R1-i486-1_slack11.0.tgz: Upgraded. In dhclient, check the data for some string options for reasonableness before passing it along to the script that interfaces with the OS. This prevents some possible attacks by a hostile DHCP server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 (* Security fix *) +--------------------------+ Tue Apr 5 05:10:33 UTC 2011 patches/packages/proftpd-1.3.3e-i486-1_slack11.0.tgz: Upgraded. Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137 (* Security fix *) +--------------------------+ Mon Feb 28 22:19:08 UTC 2011 patches/packages/samba-3.0.37-i486-4_slack11.0.tgz: Rebuilt. Fix memory corruption denial of service issue. For more information, see: http://www.samba.org/samba/security/CVE-2011-0719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719 (* Security fix *) +--------------------------+ Thu Feb 10 21:19:38 UTC 2011 patches/packages/apr-1.3.12-i486-1_slack11.0.tgz: Upgraded. patches/packages/apr-util-1.3.10-i486-1_slack11.0.tgz: Upgraded. Fixes a memory leak and DoS in apr_brigade_split_line(). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623 (* Security fix *) patches/packages/expat-1.95.8-i486-2_slack11.0.tgz: Upgraded. Fixed various crash and hang bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 (* Security fix *) patches/packages/openssl-0.9.8r-i486-1_slack11.0.tgz: Upgraded. This OpenSSL update fixes an "OCSP stapling vulnerability". For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20110208.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014 (* Security fix *) Patched certwatch to work with recent versions of "file". Thanks to Ulrich Schäfer and Jan Rafaj. patches/packages/openssl-solibs-0.9.8r-i486-1_slack11.0.tgz: Upgraded. (* Security fix *) patches/packages/sudo-1.7.4p6-i486-1_slack11.0.tgz: Upgraded. Fix Runas group password checking. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010 (* Security fix *) +--------------------------+ Mon Jan 10 20:03:00 UTC 2011 extra/php5/php-5.2.17-i486-1_slack11.0.tgz: Upgraded. This update fixes an infinite loop with conversions from string to double that may result in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645 (* Security fix *) +--------------------------+ Fri Dec 24 00:53:19 UTC 2010 extra/php5/php-5.2.16-i486-1_slack11.0.tgz: Upgraded. This fixes many bugs, including some security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150 (* Security fix *) patches/packages/proftpd-1.3.3d-i486-1_slack11.0.tgz: Upgraded. This update fixes an unbounded copy operation in sql_prepare_where() that could be exploited to execute arbitrary code. However, this only affects servers that use the sql_mod module (which Slackware does not ship), and in addition the ability to exploit this depends on an SQL injection bug that was already fixed in proftpd-1.3.2rc2 (this according to upstream). So in theory, this fix should only be of academic interest. But in practice, better safe than sorry. (* Security fix *) +--------------------------+ Thu Dec 16 18:57:05 UTC 2010 patches/packages/bind-9.4_ESV_R4-i486-1_slack11.0.tgz: Upgraded. This update fixes some security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615 (* Security fix *) +--------------------------+ Tue Dec 7 05:01:53 UTC 2010 patches/packages/openssl-0.9.8q-i486-1_slack11.0.tgz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20101202.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252 (* Security fix *) patches/packages/openssl-solibs-0.9.8q-i486-1_slack11.0.tgz: Upgraded. (* Security fix *) +--------------------------+ Mon Nov 22 04:11:40 UTC 2010 patches/packages/openssl-0.9.8p-i486-1_slack11.0.tgz: Rebuilt. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20101116.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 (* Security fix *) patches/packages/openssl-solibs-0.9.8p-i486-1_slack11.0.tgz: Rebuilt. (* Security fix *) +--------------------------+ Sat Nov 20 21:20:27 UTC 2010 patches/packages/xpdf-3.02pl5-i486-1_slack11.0.tgz: Upgraded. This update fixes security issues that could lead to an application crash, or execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 (* Security fix *) +--------------------------+ Mon Nov 1 23:21:39 UTC 2010 patches/packages/proftpd-1.3.3c-i486-1_slack11.0.tgz: Upgraded. Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can allow remote execution of arbitrary code as the user running the ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867 (* Security fix *) +--------------------------+ Mon Sep 20 18:39:57 UTC 2010 patches/packages/bzip2-1.0.6-i486-1_slack11.0.tgz: Upgraded. This update fixes an integer overflow that could allow a specially crafted bzip2 archive to cause a crash (denial of service), or execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 (* Security fix *) +--------------------------+ Wed Sep 15 18:51:21 UTC 2010 patches/packages/sudo-1.7.4p4-i486-3_slack11.0.tgz: Rebuilt. Hi folks, since the patches for old systems (8.1 - 10.2) were briefly available containing a /var/lib with incorrect permissions, I'm issuing these again just to be 100% sure that no systems out there will be left with problems due to that. This should do it (third time's the charm). +--------------------------+ Wed Sep 15 05:58:55 UTC 2010 patches/packages/sudo-1.7.4p4-i486-2_slack11.0.tgz: Rebuilt. The last sudo packages accidentally changed the permissions on /var from 755 to 700. This build restores the proper permissions. Thanks to Petri Kaukasoina for pointing this out. +--------------------------+ Wed Sep 15 00:41:13 UTC 2010 patches/packages/samba-3.0.37-i486-3_slack11.0.tgz: Upgraded. This upgrade fixes a buffer overflow in the sid_parse() function. For more information, see: http://www.samba.org/samba/security/CVE-2010-3069 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069 (* Security fix *) patches/packages/sudo-1.7.4p4-i486-1_slack11.0.tgz: Upgraded. This fixes a flaw that could lead to privilege escalation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956 (* Security fix *) +--------------------------+ Fri Aug 27 00:23:17 UTC 2010 extra/php5/php-5.2.14-i486-1_slack11.0.tgz: Upgraded. Fixed several security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1917 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225 http://www.php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html http://www.php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/index.html (* Security fix *) +--------------------------+ Wed Jun 30 04:51:49 UTC 2010 patches/packages/libtiff-3.8.2-i486-3_slack11.0.tgz: Rebuilt. This fixes image structure handling bugs that could lead to crashes or execution of arbitrary code if a specially-crafted TIFF image is loaded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067 (* Security fix *) patches/packages/libpng-1.2.44-i486-1_slack11.0.tgz: Upgraded. This fixes out-of-bounds memory write bugs that could lead to crashes or the execution of arbitrary code, and a memory leak bug which could lead to application crashes. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 (* Security fix *) +--------------------------+ Sun Jun 27 04:02:55 UTC 2010 patches/packages/bind-9.4.3_P5-i486-2_slack11.0.tgz: Rebuilt. At least some of these updates for 2.4.x systems were built under a 2.6.x kernel, and didn't work. Sorry, I think I've fixed the issue on this end this time. If the previous update did not work for you, try this one. +--------------------------+ Fri Jun 25 05:28:02 UTC 2010 patches/packages/bind-9.4.3_P5-i486-1_slack11.0.tgz: Upgraded. This fixes possible DNS cache poisoning attacks when DNSSEC is enabled and checking is disabled (CD). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 (* Security fix *) +--------------------------+ Fri Jun 18 18:09:28 UTC 2010 patches/packages/samba-3.0.37-i486-2_slack11.0.tgz: Rebuilt. Patched a buffer overflow in smbd that allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063 (* Security fix *) +--------------------------+ Sun May 16 20:01:28 UTC 2010 patches/packages/fetchmail-6.3.17-i486-1_slack11.0.tgz: Upgraded. A crafted header or POP3 UIDL list could cause a memory leak and crash leading to a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167 (* Security fix *) +--------------------------+ Fri Apr 30 01:07:12 UTC 2010 patches/packages/irssi-0.8.15-i486-2_slack11.0.tgz: Rebuilt. Sorry, the perl modules were a mess in that last build on systems that don't use a vendor_perl dir. This should work better. +--------------------------+ Thu Apr 22 19:13:54 UTC 2010 patches/packages/irssi-0.8.15-i486-1_slack11.0.tgz: Upgraded. From the NEWS file: - Check if an SSL certificate matches the hostname of the server we are connecting to. - Fix crash when checking for fuzzy nick match when not on the channel. Reported by Aurelien Delaitre (SATE 2009). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156 (* Security fix *) +--------------------------+ Tue Apr 20 14:45:24 UTC 2010 patches/packages/sudo-1.7.2p6-i486-1_slack11.0.tgz: Upgraded. This update fixes security issues that may give a user with permission to run sudoedit the ability to run arbitrary commands. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163 http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html (* Security fix *) +--------------------------+ Mon Apr 5 03:06:19 UTC 2010 patches/packages/mozilla-thunderbird-2.0.0.24-i686-1.tgz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Wed Mar 31 05:05:47 UTC 2010 patches/packages/openssl-0.9.8n-i486-1_slack11.0.tgz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 (* Security fix *) patches/packages/openssl-solibs-0.9.8n-i486-1_slack11.0.tgz: Upgraded. patches/packages/proftpd-1.3.3-i486-2_slack11.0.tgz: Rebuilt. Recompiled against openssl-0.9.8n. patches/packages/seamonkey-1.1.19-i486-1_slack11.0.tgz: Upgraded. Upgraded to seamonkey-1.1.19. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Tue Mar 9 21:31:21 UTC 2010 patches/packages/openssl-0.9.8m-i486-2_slack11.0.tgz: Rebuilt. patches/packages/openssl-solibs-0.9.8m-i486-2_slack11.0.tgz: Rebuilt. The OpenSSL package has been patched and recompiled to revert a change that broke decrypting some files encrypted with previous versions of OpenSSL. This same fix appears in the latest upstream snapshots. +--------------------------+ Mon Mar 1 05:02:21 UTC 2010 patches/packages/openssl-0.9.8m-i486-1_slack11.0.tgz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 (* Security fix *) patches/packages/openssl-solibs-0.9.8m-i486-1_slack11.0.tgz: Upgraded. patches/packages/proftpd-1.3.3-i486-1_slack11.0.tgz: Upgraded. +--------------------------+ Sun Jan 24 20:22:46 UTC 2010 extra/php5/php-5.2.12-i486-1_slack11.0.tgz: Upgraded. This fixes many bugs, including a few security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 (* Security fix *) +--------------------------+ Thu Dec 10 00:12:58 UTC 2009 patches/packages/ntp-4.2.2p3-i486-3_slack11.0.tgz: Rebuilt. Prevent a denial-of-service attack involving spoofed mode 7 packets. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 (* Security fix *) +--------------------------+ Wed Dec 2 20:51:55 UTC 2009 patches/packages/bind-9.4.3_P4-i486-1_slack11.0.tgz: Upgraded. BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://www.kb.cert.org/vuls/id/418861 (* Security fix *) +--------------------------+ Mon Nov 16 18:56:26 UTC 2009 patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz: Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz: Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) +--------------------------+ Wed Oct 28 01:23:19 UTC 2009 patches/packages/xpdf-3.02pl4-i486-1_slack11.0.tgz: Upgraded. This update fixes several security issues that could lead to an application crash, or execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 (* Security fix *) +--------------------------+ Sat Oct 3 18:19:00 CDT 2009 extra/php5/php-5.2.11-i486-1_slack11.0.tgz: This release fixes some possible security issues, all of which have "unknown impact and attack vectors". For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293 (* Security fix *) patches/packages/samba-3.0.37-i486-1_slack11.0.tgz: This update fixes the following security issues. A misconfigured /etc/passwd with no defined home directory could allow security restrictions to be bypassed. mount.cifs could allow a local user to read the first line of an arbitrary file if installed setuid. (On Slackware, it was not installed setuid) Specially crafted SMB requests could cause a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 (* Security fix *) +--------------------------+ Mon Sep 7 20:57:44 CDT 2009 patches/packages/seamonkey-1.1.18-i486-1_slack11.0.tgz: Upgraded. Upgraded to seamonkey-1.1.18. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Thu Aug 20 22:12:00 CDT 2009 patches/packages/mozilla-thunderbird-2.0.0.23-i686-1.tgz: This upgrade fixes a security bug. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Fri Aug 14 13:42:26 CDT 2009 patches/packages/curl-7.15.5-i486-3_slack11.0.tgz: This update fixes a security issue where a zero byte embedded in an SSL or TLS certificate could fool cURL into validating the security of a connection to a system that the certificate was not issued for. It has been reported that at least one Certificate Authority allowed such certificates to be issued. For more information, see: http://curl.haxx.se/docs/security.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 (* Security fix *) +--------------------------+ Fri Aug 7 14:25:03 CDT 2009 patches/packages/samba-3.0.36-i486-1_slack11.0.tgz: Upgraded. This is a bugfix release. +--------------------------+ Thu Aug 6 19:07:34 CDT 2009 patches/packages/apr-1.3.8-i486-1_slack11.0.tgz: Upgraded. Fix overflow in pools and rmm, where size alignment was taking place. [Matt Lewis , Sander Striker] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 (* Security fix *) patches/packages/apr-util-1.3.9-i486-1_slack11.0.tgz: Upgraded. Fix overflow in rmm, where size alignment was taking place. [Matt Lewis , Sander Striker] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 (* Security fix *) +--------------------------+ Thu Aug 6 00:48:30 CDT 2009 patches/packages/fetchmail-6.3.11-i486-1_slack11.0.tgz: Upgraded. This update fixes an SSL NUL prefix impersonation attack through NULs in a part of a X.509 certificate's CommonName and subjectAltName fields. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666 (* Security fix *) +--------------------------+ Wed Jul 29 23:10:01 CDT 2009 patches/packages/bind-9.4.3_P3-i486-1_slack11.0.tgz: Upgraded. This BIND update fixes a security problem where a specially crafted dynamic update message packet will cause named to exit resulting in a denial of service. An active remote exploit is in wide circulation at this time. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 https://www.isc.org/node/479 (* Security fix *) +--------------------------+ Tue Jul 14 18:07:41 CDT 2009 patches/packages/dhcp-3.1.2p1-i486-1_slack11.0.tgz: Upgraded. A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 (* Security fix *) +--------------------------+ Sat Jul 11 18:29:04 CDT 2009 extra/php5/php-5.2.10-i486-2_slack11.0.tgz: Rebuilt. Installed the pear.php.net.reg and pecl.php.net.reg files from php-5.2.9, since the ones installed by php-5.2.10 are broken. Thanks to Mike Peachey for the bug report. +--------------------------+ Wed Jul 1 14:37:43 CDT 2009 extra/php5/php-5.2.10-i486-1_slack11.0.tgz: Upgraded. +--------------------------+ Sat Jun 27 18:54:07 CDT 2009 patches/packages/mozilla-thunderbird-2.0.0.22-i686-1.tgz: Upgraded to thunderbird-2.0.0.22. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Fri Jun 26 22:05:35 CDT 2009 patches/packages/samba-3.0.35-i486-1_slack11.0.tgz: This upgrade fixes the following security issue: o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 (* Security fix *) +--------------------------+ Wed Jun 24 19:46:28 CDT 2009 patches/packages/seamonkey-1.1.17-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.17. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Fri Jun 19 18:22:20 CDT 2009 patches/packages/libpng-1.2.37-i486-1_slack11.0.tgz: Upgraded. This update fixes a possible security issue. Jeff Phillips discovered an uninitialized-memory-read bug affecting interlaced images that may have security implications. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 (* Security fix *) +--------------------------+ Fri Jun 19 16:26:49 CDT 2009 patches/packages/ruby-1.8.6_p369-i486-1_slack11.0.tgz: Upgraded. This fixes a denial of service issue caused by the BigDecimal method handling large input values improperly that may allow attackers to crash the interpreter. The issue affects most Rails applications. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904 (* Security fix *) +--------------------------+ Mon Jun 15 22:14:45 CDT 2009 patches/packages/apr-1.3.5-i486-1_slack11.0.tgz: Upgraded. patches/packages/apr-util-1.3.7-i486-1_slack11.0.tgz: Upgraded. Fix underflow in apr_strmatch_precompile. Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 (* Security fix *) +--------------------------+ Wed Jun 3 18:09:52 CDT 2009 patches/packages/ntp-4.2.2p3-i486-1_slack11.0.tgz: Patched a stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code execution by a malicious remote NTP server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 (* Security fix *) +--------------------------+ Thu May 14 18:09:26 CDT 2009 patches/packages/cyrus-sasl-2.1.23-i486-1_slack11.0.tgz: Upgraded to cyrus-sasl-2.1.23. This fixes a buffer overflow in the sasl_encode64() function that could lead to crashes or the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688 (* Security fix *) +--------------------------+ Sat May 9 18:03:41 CDT 2009 patches/packages/xpdf-3.02pl3-i486-1_slack11.0.tgz: Upgraded to xpdf-3.02pl3. This update fixes several overflows that may result in crashes or the execution of arbitrary code as the xpdf user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183 (* Security fix *) +--------------------------+ Thu Apr 30 20:56:17 CDT 2009 patches/packages/ruby-1.8.6_p368-i486-1_slack11.0.tgz: Upgraded to ruby-1.8.6-p368. This update fixes a DoS in REXML. For details, see: http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ (* Security fix *) +--------------------------+ Mon Apr 20 23:27:45 CDT 2009 patches/packages/udev-097-i486-11_slack11.0.tgz: This package has been patched to fix a local root hole. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 (* Security fix *) +--------------------------+ Mon Apr 13 16:22:12 CDT 2009 patches/packages/seamonkey-1.1.16-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.16. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Tue Apr 7 16:59:49 CDT 2009 patches/packages/openssl-0.9.8h-i486-3_slack11.0.tgz: Patched (see below). patches/packages/openssl-solibs-0.9.8h-i486-3_slack11.0.tgz: Patched to fix possible crashes as well as a (fairly unlikely) case where an invalid signature might verify as valid. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 (* Security fix *) patches/packages/xine-lib-1.1.16.3-i486-1_slack11.0.tgz: Upgraded to xine-lib-1.1.16.3. - Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385 (* Security fix *) extra/php5/php-5.2.9-i486-1_slack11.0.tgz: Upgraded to php-5.2.9. This update fixes a few security issues: - Fixed a crash on extract in zip when files or directories entry names contain a relative path. - Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. (CVE-2008-5498) Reported by Hamid Ebadi, APA Laboratory. - Fixed a segfault when malformed string is passed to json_decode(). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498 (* Security fix *) +--------------------------+ Tue Mar 24 01:56:10 CDT 2009 patches/packages/lcms-1.18-i486-1_slack11.0.tgz: Upgraded to lcms-1.18. This update fixes security issues discovered in LittleCMS by Chris Evans. These flaws could cause program crashes (denial of service) or the execution of arbitrary code as the user of the lcms-linked program. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733 (* Security fix *) patches/packages/mozilla-thunderbird-2.0.0.21-i686-1.tgz: Upgraded to thunderbird-2.0.0.21. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) patches/packages/seamonkey-1.1.15-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.15. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Mon Mar 9 00:04:05 CDT 2009 patches/packages/curl-7.15.5-i486-2_slack11.0.tgz: Patched curl-7.15.5. This fixes a security issue where automatic redirection could be made to follow file:// URLs, reading or writing a local instead of remote file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037 (* Security fix *) +--------------------------+ Fri Feb 20 17:20:49 CST 2009 patches/packages/libpng-1.2.35-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.35. This fixes multiple memory-corruption vulnerabilities due to a failure to properly initialize data structures. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt (* Security fix *) +--------------------------+ Thu Jan 15 16:48:00 CST 2009 patches/packages/bind-9.3.6_P1-i486-2_slack11.0.tgz: Recompiled. The -1_slack11.0 package was compiled on a Slackware 11.0 system running a 2.6.x kernel, and this caused problems for machines running the default 2.4.33.3 kernel. This package should run correctly. +--------------------------+ Wed Jan 14 20:37:39 CST 2009 patches/packages/bind-9.3.6_P1-i486-1_slack11.0.tgz: Upgraded to bind-9.3.6-P1. Fixed checking on return values from OpenSSL's EVP_VerifyFinal and DSA_do_verify functions to prevent spoofing answers returned from zones using the DNSKEY algorithms DSA and NSEC3DSA. For more information, see: https://www.isc.org/node/373 http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 (* Security fix *) patches/packages/ntp-4.2.4p6-i486-1_slack11.0.tgz: [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value. For more information, see: https://lists.ntp.org/pipermail/announce/2009-January/000055.html http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 (* Security fix *) patches/packages/openssl-0.9.8h-i486-2_slack11.0.tgz: Patched to fix the return value EVP_VerifyFinal, preventing malformed signatures from being considered good. This flaw could possibly allow a 'man in the middle' attack. For more information, see: http://www.openssl.org/news/secadv_20090107.txt http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 (* Security fix *) patches/packages/openssl-solibs-0.9.8h-i486-2_slack11.0.tgz: Patched to fix the return value EVP_VerifyFinal, preventing malformed signatures from being considered good. This flaw could possibly allow a 'man in the middle' attack. For more information, see: http://www.openssl.org/news/secadv_20090107.txt http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 (* Security fix *) +--------------------------+ Wed Dec 31 11:35:43 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.19-i686-1.tgz: Upgraded to thunderbird-2.0.0.19. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Fri Dec 26 22:45:51 CST 2008 patches/packages/seamonkey-1.1.14-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.14. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Thu Dec 18 12:44:59 CST 2008 patches/packages/mozilla-firefox-2.0.0.20-i686-1.tgz: Upgraded to firefox-2.0.0.20. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) +--------------------------+ Mon Dec 8 05:15:44 CST 2008 extra/php5/php-5.2.8-i486-1_slack11.0.tgz: Upgraded to php-5.2.8. This is a bugfix release that reverts a change that broke magic_quotes_gpc. +--------------------------+ Fri Dec 5 20:54:22 CST 2008 extra/php5/php-5.2.7-i486-1_slack11.0.tgz: Upgraded to php-5.2.7. In addition to improvements and bug fixes, this new version of PHP also addresses several security issues, including: Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660). rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829). Fixed extraction of zip files or directories when the entry name is a relative path: http://www.sektioneins.de/advisories/SE-2008-06.txt These are the URLs to get more information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 http://www.sektioneins.de/advisories/SE-2008-06.txt (* Security fix *) +--------------------------+ Sat Nov 29 13:37:04 CST 2008 patches/packages/ruby-1.8.6_p287-i486-1_slack11.0.tgz: Upgraded to ruby-1.8.6-p287. This fixes several bugs in the previous Ruby update, including a security issue where the DNS resolver did not randomize the source port and transaction id sufficiently. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Fri Nov 28 16:27:52 CST 2008 patches/packages/samba-3.0.33-i486-1_slack11.0.tgz: Upgraded to samba-3.0.33. This package fixes an important barrier against rogue clients reading from uninitialized memory (though no proof-of-concept is known to exist). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314 (* Security fix *) +--------------------------+ Thu Nov 20 18:14:27 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.18-i686-1.tgz: Upgraded to thunderbird-2.0.0.18. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Wed Nov 19 19:13:12 CST 2008 patches/packages/libxml2-2.6.32-i486-1_slack11.0.tgz: Upgraded to libxml2-2.6.32 and patched. This fixes vulnerabilities including denial of service, or possibly the execution of arbitrary code as the user running a libxml2 linked application if untrusted XML content is parsed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 (* Security fix *) +--------------------------+ Sat Nov 15 19:22:43 CST 2008 patches/packages/mozilla-firefox-2.0.0.18-i686-1.tgz Upgraded to firefox-2.0.0.18. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.13-i486-1_slack11.0.tgz Upgraded to seamonkey-1.1.13. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Mon Oct 13 13:58:21 CDT 2008 patches/packages/glibc-zoneinfo-2.3.6-noarch-11_slack11.0.tgz: Upgraded to tzdata2008h for the latest world timezone changes. +--------------------------+ Fri Sep 26 22:38:32 CDT 2008 patches/packages/mozilla-thunderbird-2.0.0.17-i686-1.tgz: Upgraded to thunderbird-2.0.0.17. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Thu Sep 25 23:24:07 CDT 2008 patches/packages/mozilla-firefox-2.0.0.17-i686-1.tgz: Upgraded to firefox-2.0.0.17. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.12-i486-1_slack11.0.tgz: This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Wed Sep 17 02:28:20 CDT 2008 patches/packages/bind-9.3.5_P2-i486-1_slack11.0.tgz: Upgraded to bind-9.3.5-P2. This version has performance gains over bind-9.3.5-P1. +--------------------------+ Wed Sep 3 19:51:43 CDT 2008 patches/packages/php-4.4.9-i486-1_slack11.0.tgz: Upgraded to php-4.4.9. This upgrades the bundled PCRE library to fix security issues, as well as fixing a few other security related bugs. See the PHP4 ChangeLog for more details: http://www.php.net/ChangeLog-4.php#4.4.9 Please note: PHP4 has been officially discontinued since last year, and reached the announced EOL on 2008-08-08. Sites should consider migrating to a supported release. (* Security fix *) +--------------------------+ Mon Sep 1 21:56:29 CDT 2008 patches/packages/samba-3.0.32-i486-1_slack11.0.tgz: Upgraded to samba-3.0.32. This is a bugfix release. See the WHATSNEW.txt file in the Samba docs for details on what has changed. +--------------------------+ Thu Aug 28 22:48:16 CDT 2008 patches/packages/amarok-1.4.10-i486-1_slack11.0.tgz: Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune online music library support which could be used by malicious local users to overwrite system files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 (* Security fix *) patches/packages/libgpod-0.6.0-i486-1_slack11.0.tgz: Upgraded to libgpod-0.6.0. This new version of libgpod is required for amarok-1.4.10. +--------------------------+ Mon Aug 4 14:03:01 CDT 2008 patches/packages/python-2.4.5-i486-1_slack11.0.tgz: Upgraded to 2.4.5 and patched overflows and other security problems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 (* Security fix *) +--------------------------+ Tue Jul 29 13:32:21 CDT 2008 patches/packages/proftpd-1.3.1-i486-1_slack11.0.tgz: Recompiled against new OpenSSL, since this evidently checks the OpenSSL version and will only run against the libraries it was compiled against. A small patch was also added due to changes in the system includes. Thanks to Martin Schmitz for the info and a pointer to the patch. +--------------------------+ Mon Jul 28 22:05:06 CDT 2008 patches/packages/fetchmail-6.3.8-i486-1_slack11.0.tgz: Patched to fix a possible denial of service when "-v -v" options are used. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711 (* Security fix *) patches/packages/links-2.1-i486-1_slack11.0.tgz: Upgraded to links-2.1. Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329 (* Security fix *) patches/packages/mozilla-thunderbird-2.0.0.16-i686-1.tgz: Upgraded to thunderbird-2.0.0.16. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) patches/packages/openssh-5.1p1-i486-1_slack11.0.tgz: Upgraded to openssh-5.1p1. When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or it is possible to be unable to log back into sshd! patches/packages/openssl-0.9.8h-i486-1_slack11.0.tgz: Upgraded to OpenSSL 0.9.8h. The Codenomicon TLS test suite uncovered security bugs in OpenSSL. If OpenSSL was compiled using non-default options (Slackware's package is not), then a malicious packet could cause a crash. Also, a malformed TLS handshake could also lead to a crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672 When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or it is possible to be unable to log back into sshd! (* Security fix *) patches/packages/openssl-solibs-0.9.8h-i486-1_slack11.0.tgz: Upgraded to OpenSSL 0.9.8h shared libraries (see above). (* Security fix *) patches/packages/vim-7.1.330-i486-1_slack11.0.tgz: Upgraded to vim-7.1.330. This fixes several security issues related to the automatic processing of untrusted files. For more information, see: http://www.rdancer.org/vulnerablevim.html (* Security fix *) patches/packages/vim-gvim-7.1.330-i486-1_slack11.0.tgz: Upgraded to vim-gvim-7.1.330. See "vim" above for details. (* Security fix *) +--------------------------+ Wed Jul 23 16:27:21 CDT 2008 patches/packages/dnsmasq-2.45-i486-1_slack11.0.tgz: Upgraded to dnsmasq-2.45. It was discovered that earlier versions of dnsmasq have DNS cache weaknesses that are similar to the ones recently discovered in BIND. This new release minimizes the risk of cache poisoning. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Wed Jul 16 19:28:25 CDT 2008 patches/packages/mozilla-firefox-2.0.0.16-i686-1.tgz: Upgraded to firefox-2.0.0.16. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.11-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.11. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Wed Jul 9 20:03:57 CDT 2008 patches/packages/bind-9.3.5_P1-i486-1_slack11.0.tgz: Upgraded to bind-9.3.5-P1. This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache Poisoning Issue. This is the summary of the problem from the BIND site: "A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack." It is suggested that sites that run BIND upgrade to one of the new packages in order to reduce their exposure to DNS cache poisoning attacks. For more information, see: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz: Upgraded to firefox-2.0.0.15. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.10-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.10. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Fri Jun 27 23:17:20 CDT 2008 patches/packages/ruby-1.8.6_p230-i486-1_slack11.0.tgz: Upgraded to ruby-1.8.6-p230. This fixes a number of security related bugs in Ruby which could lead to a denial of service (DoS) condition or allow execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 (* Security fix *) +--------------------------+ Wed May 28 19:46:22 CDT 2008 patches/packages/samba-3.0.30-i486-1_slack11.0.tgz: Upgraded to samba-3.0.30. This is a security release in order to address CVE-2008-1105 ("Boundary failure when parsing SMB responses can result in a buffer overrun"). For more information on the security issue, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 (* Security fix *) +--------------------------+ Tue May 27 21:53:32 CDT 2008 patches/packages/rdesktop-1.6.0-i486-1_slack11.0.tgz: Upgraded to rdesktop-1.6.0. According to the rdesktop ChangeLog, this contains a: "* Fix for potential vulnerability against compromised/malicious servers (reported by iDefense)" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 (* Security fix *) +--------------------------+ Wed May 7 15:28:33 CDT 2008 patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz: Upgraded to thunderbird-2.0.0.14. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) extra/php5/php-5.2.6-i486-1_slack11.0.tgz: Upgraded to php-5.2.6. PHP4 was standard in Slackware 11.0, which is why this package is provided "in place" under /extra rather than under /patches (where upgrade tools might mistakenly grab and install it where it would not be desirable.) This version of PHP contains many fixes and enhancements. Some of the fixes are security related, and the PHP release announcement provides this list: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Upgraded bundled PCRE to version 7.6 When last checked, CVE-2008-0599 was not yet open. However, additional information should become available at this URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 The list reproduced above, as well as additional information about other fixes in PHP 5.2.6 may be found in the PHP release announcement here: http://www.php.net/releases/5_2_6.php (* Security fix *) +--------------------------+ Mon Apr 28 23:46:17 CDT 2008 patches/packages/libpng-1.2.27-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.27. This fixes various bugs, the most important of which have to do with the handling of unknown chunks containing zero-length data. Processing a PNG image that contains these could cause the application using libpng to crash (possibly resulting in a denial of service), could potentially expose the contents of uninitialized memory, or could cause the execution of arbitrary code as the user running libpng (though it would probably be quite difficult to cause the execution of attacker-chosen code). We recommend upgrading the package as soon as possible. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt (* Security fix *) +--------------------------+ Sat Apr 19 23:49:25 CDT 2008 patches/packages/xine-lib-1.1.11.1-i686-3_slack11.0.tgz: Recompiled, with --without-speex (we didn't ship the speex library in Slackware anyway, but for reference this issue would be CVE-2008-1686), and with --disable-nosefart (the recently reported as insecurely demuxed NSF format). As before in -2, this package fixes the two regressions mentioned in the release notes for xine-lib-1.1.12: http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655 (* Security fix *) +--------------------------+ Thu Apr 17 16:25:55 CDT 2008 patches/packages/mozilla-firefox-2.0.0.14-i686-1.tgz: Upgraded to firefox-2.0.0.14. This upgrade fixes a potential security bug. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Tue Apr 8 00:17:36 CDT 2008 patches/packages/xine-lib-1.1.11.1-i686-2_slack11.0.tgz: Patched to fix playback failure affecting several media formats accidentally broken in the xine-lib-1.1.11.1 release. Thanks to Diogo Sousa for pointing me to the new release notes on xinehq.de. +--------------------------+ Mon Apr 7 02:04:58 CDT 2008 patches/packages/bzip2-1.0.5-i486-1_slack11.0.tgz: Upgraded to bzip2-1.0.5. Previous versions of bzip2 contained a buffer overread error that could cause applications linked to libbz2 to crash, resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 (* Security fix *) patches/packages/m4-1.4.11-i486-1_slack11.0.tgz: Upgraded to m4-1.4.11. In addition to bugfixes and enhancements, this version of m4 also fixes two issues with possible security implications. A minor security fix with the use of "maketemp" and "mkstemp" -- these are now quoted to prevent the (rather unlikely) possibility that an unquoted string could match an existing macro causing operations to be done on the wrong file. Also, a problem with the '-F' option (introduced with version 1.4) could cause a core dump or possibly (with certain file names) the execution of arbitrary code. For more information on these issues, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688 (* Security fix *) +--------------------------+ Fri Apr 4 12:36:37 CDT 2008 patches/packages/openssh-5.0p1-i486-1_slack11.0.tgz: Upgraded to openssh-5.0p1. This version fixes a security issue where local users could hijack forwarded X connections. Upgrading to the new package is highly recommended. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 (* Security fix *) +--------------------------+ Mon Mar 31 23:33:58 CDT 2008 patches/packages/xine-lib-1.1.11.1-i686-1_slack11.0.tgz: Upgraded to xine-lib-1.1.11.1. Earlier versions of xine-lib suffer from an integer overflow which may lead to a buffer overflow that could potentially be used to gain unauthorized access to the machine if a malicious media file is played back. File types affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 (* Security fix *) +--------------------------+ Sat Mar 29 03:09:17 CDT 2008 patches/packages/mozilla-firefox-2.0.0.13-i686-1.tgz: Upgraded to firefox-2.0.0.13. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.9-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.9. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/xine-lib-1.1.11-i686-1_slack11.0.tgz: Earlier versions of xine-lib suffer from an array index bug that may have security implications if a malicious RTSP stream is played. Playback of other media formats is not affected. If you use RTSP, you should probably upgrade xine-lib. For more information on the security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 (* Security fix *) +--------------------------+ Sun Mar 2 00:15:53 CST 2008 patches/packages/espgs-8.15.3svn185-i486-3_slack11.0.tgz: This patched version of ESP Ghostscript fixes a buffer overflow. For more information on the security issue, please see: http://scary.beasts.org/security/CESA-2008-001.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411 Thanks to Chris Evans and Will Drewry of Google Security for their work on discovering and demonstrating the overflow. (* Security fix *) +--------------------------+ Sat Mar 1 15:55:28 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz: Upgraded to thunderbird-2.0.0.12. This update fixes the following security related issues: MFSA 2008-12: Heap buffer overflow in external MIME bodies MFSA 2008-05: Directory traversal via chrome: URI MFSA 2008-03: Privilege escalation, XSS, Remote Code Execution MFSA 2008-01: Crashes with evidence of memory corruption (rv:1.8.1.12) For more information, see: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-01.html These are the related CVE entries: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 (* Security fix *) +--------------------------+ Thu Feb 14 17:37:38 CST 2008 patches/packages/apache-1.3.41-i486-1_slack11.0.tgz: Upgraded to apache-1.3.41, the last regular release of the Apache 1.3.x series, and a security bugfix-only release. For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 (* Security fix *) patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz: Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41. patches/packages/php-4.4.8-i486-1_slack11.0.tgz: Upgraded to php-4.4.8. This is a security and bugfix release. More information may be found here: http://bugs.php.net/43010 This is the last regular release of PHP-4.4.x. The EOL is scheduled for 2008-08-08. (* Security fix *) +--------------------------+ Tue Feb 12 23:07:34 CST 2008 patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz: Upgraded to firefox-2.0.0.12. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.8-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.8. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Mon Dec 31 18:49:52 CST 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-10_slack11.0.tgz: Some deja vu. ;-) Upgraded to tzdata2007k. A new year should be started with the latest timezone data, so here it is. Happy holidays, and a happy new year to all! :-) +--------------------------+ Mon Dec 24 15:54:26 CST 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-9_slack11.0.tgz: Upgraded to tzdata2007j. A new year should be started with the latest timezone data, so here it is. Happy holidays, and a happy new year to all! :-) +--------------------------+ Fri Dec 14 18:03:59 CST 2007 patches/packages/mysql-5.0.51-i486-1_slack11.0.tgz: Upgraded to mysql-5.0.51. This release fixes several bugs, including some security issues. However, it also includes a potentially incompatible change, so be sure to read the release notes before upgrading. It is possible that some databases will need to be fixed in order to work with this (and future) releases: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 (* Security fix *) +--------------------------+ Mon Dec 10 12:45:35 CST 2007 patches/packages/samba-3.0.28-i486-1_slack11.0.tgz: Upgraded to samba-3.0.28. Samba 3.0.28 is a security release in order to address a boundary failure in GETDC mailslot processing that can result in a buffer overrun leading to possible code execution. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015 http://www.samba.org/samba/history/samba-3.0.28.html http://secunia.com/secunia_research/2007-99/advisory/ (* Security fix *) +--------------------------+ Mon Dec 3 19:58:51 CST 2007 patches/packages/cairo-1.4.12-i486-1_slack11.0.tgz: Upgraded to cairo-1.4.12. This fixes a possible security risk when decoding PNG files that may have been maliciously tampered with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503 (* Security fix *) patches/packages/samba-3.0.27a-i486-1_slack11.0.tgz: Upgraded to samba-3.0.27a. This update fixes a crash bug regression experienced by smbfs clients caused by the fix for CVE-2007-4572. +--------------------------+ Sat Dec 1 16:57:18 CST 2007 patches/packages/rsync-2.6.9-i486-1_slack11.0.tgz: Patched some security bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://lists.samba.org/archive/rsync-announce/2007/000050.html (* Security fix *) patches/packages/mozilla-firefox-2.0.0.11-i686-1.tgz: Upgraded to Firefox 2.0.0.11, which fixed a bug introduced by the 2.0.0.10 update in the feature that affected some web pages and extensions. +--------------------------+ Thu Nov 29 20:19:30 CST 2007 patches/packages/seamonkey-1.1.7-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.7. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Tue Nov 27 16:23:07 CST 2007 patches/packages/mozilla-firefox-2.0.0.10-i686-1.tgz: Upgraded to firefox-2.0.0.10. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed Nov 21 00:55:51 CST 2007 patches/packages/libpng-1.2.23-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.23. Previous libpng versions may crash when loading malformed PNG files. It is not currently known if this vulnerability can be exploited to execute malicious code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 (* Security fix *) +--------------------------+ Tue Nov 20 16:49:58 CST 2007 patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz: Upgraded to thunderbird-2.0.0.9. This update fixes the following security related issues: URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36). Crashes with evidence of memory corruption (MFSA 2007-29). OK, so the first one obviously does not affect us. :-) The second fix has to do with the same JavaScript handling problem fixed before in Firefox. JavaScript is not enabled by default in Thunderbird, and the developers (at least in MFSA 2007-36) do not recommend turning it on. For more information, see: http://www.mozilla.org/security/announce/2007/mfsa2007-36.html http://www.mozilla.org/security/announce/2007/mfsa2007-29.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 (* Security fix *) +--------------------------+ Fri Nov 16 17:22:18 CST 2007 patches/packages/samba-3.0.27-i486-1_slack11.0.tgz: Upgraded to samba-3.0.27. Samba 3.0.27 is a security release in order to address a stack buffer overflow in nmbd's logon request processing, and remote code execution in Samba's WINS server daemon (nmbd) when processing name registration followed name query requests. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 (* Security fix *) +--------------------------+ Mon Nov 12 01:25:34 CST 2007 patches/packages/kdegraphics-3.5.4-i486-2_slack11.0.tgz: Patched xpdf related bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) patches/packages/koffice-1.5.2-i486-5_slack11.0.tgz: Patched xpdf related bugs. For more information, see: http://www.kde.org/info/security/advisory-20071107-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) patches/packages/xpdf-3.02pl2-i486-1_slack11.0.tgz: Upgraded to xpdf-3.02pl2. The pl2 patch fixes a crash in xpdf. Some theorize that this could be used to execute arbitrary code if an untrusted PDF file is opened, but no real-world examples are known (yet). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) +--------------------------+ Sat Nov 10 22:19:02 CST 2007 extra/php5/php-5.2.5-i486-2_slack11.0.tgz: The security/bug fix update for Slackware 11.0 has been reissued to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this out. We appreciate the fast weekend Q/A. :-) This package should be installed rather than the previously released php-5.2.5-i486-1_slack11.0 (unless you do not use /usr/php/php-cgi in which case either package will do.) (* Security fix *) +--------------------------+ Sat Nov 10 15:36:59 CST 2007 patches/packages/mozilla-firefox-2.0.0.9-i686-1.tgz: Upgraded to firefox-2.0.0.9. This upgrade improves the stability of Firefox. For more information, see: http://developer.mozilla.org/devnews/index.php/2007/11/01/firefox-2009-stability-update-now-available-for-download/ extra/php5/php-5.2.5-i486-1_slack11.0.tgz: Upgraded to php-5.2.5. This fixes bugs and security issues. For more information, see: http://www.php.net/releases/5_2_5.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887 (* Security fix *) +--------------------------+ Fri Nov 9 16:34:12 CST 2007 patches/packages/seamonkey-1.1.6-i486-1_slack11.tgz: Upgraded to SeaMonkey 1.1.6. This upgrade fixes SeaMonkey's ability to display certain types of web pages. That's about all we could find about it here: http://www.mozilla.org/projects/seamonkey/ +--------------------------+ Thu Nov 1 22:03:53 CDT 2007 patches/packages/cups-1.2.11-i486-2_slack12.0.tgz: Patched cups-1.2.11. An off-by-one error in ipp.c may allow a remote attacker to crash CUPS resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 (* Security fix *) +--------------------------+ Wed Oct 24 23:02:28 CDT 2007 patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz: Upgraded to firefox-2.0.0.8. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.5-i486-1_slack12.0.tgz: Upgraded to seamonkey-1.1.5. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) extra/mozilla-2.0.0.6/: Removed. Since the 1.5.0.x branch is no longer supported, there's little point in leaving it up (at least in /extra...) +--------------------------+ Wed Oct 10 11:50:50 CDT 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-8_slack11.0.tgz: Upgraded to timezone data from tzcode2007h and tzdata2007h. This contains the latest timezone data from NIST, including some important changes to daylight savings time in Brasil and New Zealand. +--------------------------+ Wed Sep 12 15:20:06 CDT 2007 patches/packages/openssh-4.7p1-i486-1_slack11.0.tgz: Upgraded to openssh-4.7p1. From the OpenSSH release notes: "Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec." While it's fair to say that we here at Slackware don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry. More information should appear here eventually: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 (* Security fix *) patches/packages/samba-3.0.26a-i486-1_slack11.0.tgz: Upgraded to samba-3.0.26a. This fixes a security issue in all Samba 3.0.25 versions: "Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin." For more information, see: http://www.samba.org/samba/security/CVE-2007-4138.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138 (* Security fix *) extra/php5/php-5.2.4-i486-1_slack11.0.tgz: Upgraded to php-5.2.4. The PHP announcement says this version fixes over 120 bugs as well as "several low priority security bugs." Read more about it here: http://www.php.net/releases/5_2_4.php (* Security fix *) +--------------------------+ Sat Aug 18 15:00:32 CDT 2007 patches/packages/tcpdump-3.9.7-i486-1_slack11.0.tgz: Upgraded to libpcap-0.9.7, tcpdump-3.9.7. This new version fixes an integer overflow in the BGP dissector which could possibly allow remote attackers to crash tcpdump or to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 (* Security fix *) +--------------------------+ Fri Aug 10 22:39:13 CDT 2007 patches/packages/gimp-2.2.17-i486-1_slack11.0.tgz: Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding certain image types. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 (* Security fix *) patches/packages/qt-3.3.8-i486-2_slack11.0.tgz: Patched to fix several format string bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 (* Security fix *) patches/packages/seamonkey-1.1.4-i486-1_slack11.tgz: Upgraded to seamonkey-1.1.4. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/xpdf-3.02pl1-i486-1_slack11.0.tgz: Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly be leveraged to run arbitrary code if a malicious PDF file is processed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 (* Security fix *) +--------------------------+ Fri Aug 3 15:43:35 CDT 2007 patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz: Upgraded to thunderbird-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) +--------------------------+ Wed Aug 1 13:52:51 CDT 2007 extra/mozilla-firefox-2.0.0.6/mozilla-firefox-2.0.0.6-i686-1.tgz: Upgraded to firefox-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Thu Jul 26 15:51:42 CDT 2007 patches/packages/bind-9.3.4_P1-i486-1_slack11.0.tgz: Upgraded to bind-9.3.4_P1 to fix a security issue. The query IDs in BIND9 prior to BIND 9.3.4-P1 are cryptographically weak. For more information on this issue, see: http://www.isc.org/index.pl?/sw/bind/bind-security.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 (* Security fix *) +--------------------------+ Tue Jul 24 12:40:16 CDT 2007 patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz: Upgraded to thunderbird-2.0.0.5. Since Thunderbird shares the browser engine with Firefox it is susceptible to similar vulnerabilities. This update fixes the same issues fixed in the recent Firefox patch. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.1.3-i486-1_slack11.tgz: Upgraded to seamonkey-1.1.3. This is presumably a security update, but the details on the net have been sparse. So far nothing has appeared at the usual URL, but I would treat this as a security update unless it is announced as otherwise. For more information (if/when it appears), see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Thu Jul 19 12:55:48 CDT 2007 extra/mozilla-firefox-2.0.0.5/mozilla-firefox-2.0.0.5-i686-1.tgz: Upgraded to firefox-2.0.0.5. This upgrade fixes a couple of minor security bugs. Nobody here is launching Firefox from Internet Explorer, right? :-) For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed Jun 27 01:11:32 CDT 2007 patches/packages/gd-2.0.35-i486-1_slack11.0.tgz: Upgraded to gd-2.0.35. This fixes a few possible security issues: * Possible infinite loop in the PNG reader * Possible integer overflow in gdImageCreateTrueColor * Possible crash in gdImageCreateXbm * Numerous flaws in the GIF reader (* Security fix *) +--------------------------+ Wed Jun 13 21:43:03 CDT 2007 patches/packages/libexif-0.6.16-i486-1_slack11.0.tgz: Upgraded to libexif-0.6.16. An integer overflow in libexif can crash applications that use the library on malformed images. The upstream advisory indicates that this flaw could also be used to execute arbitrary code in the context of the user, but no exploit is known (by us) to exist among iDefense's researchers or in the wild. But, as a crash bug and heap overflow one must suppose that the possibility exists. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 (* Security fix *) +--------------------------+ Fri Jun 1 21:50:50 CDT 2007 patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz: Upgraded to firefox-1.5.0.12. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz: Upgraded to thunderbird-1.5.0.12. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.1.2-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) extra/mozilla-firefox-2.0.0.4/mozilla-firefox-2.0.0.4-i686-1.tgz: Upgraded to firefox-2.0.0.4. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Fri Jun 1 14:56:51 CDT 2007 extra/php5/php-5.2.3-i486-1_slack11.0.tgz: Upgraded to php-5.2.3. Here's some basic information about the release from php.net: "This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release." For more complete information, see: http://www.php.net/releases/5_2_3.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 (* Security fix *) +--------------------------+ Fri May 25 11:27:02 CDT 2007 patches/packages/samba-3.0.25a-i486-1_slack11.0.tgz: Upgraded to samba-3.0.25a. This fixes some major (non-security) bugs in samba-3.0.25. See the WHATSNEW.txt for details. +--------------------------+ Wed May 16 16:16:59 CDT 2007 patches/packages/libpng-1.2.18-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.18. A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications. This vulnerability has been assigned the identifiers CVE-2007-2445 and CERT VU#684664. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 (* Security fix *) +--------------------------+ Mon May 14 18:22:43 CDT 2007 patches/packages/samba-3.0.25-i486-1_slack11.0.tgz: Upgraded to samba-3.0.25. Security Fixes included in the Samba 3.0.25 release are: o CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation o CVE-2007-2446 Versions: Samba 3.0.0 - 3.0.24 Multiple heap overflows allow remote code execution o CVE-2007-2447 Versions: Samba 3.0.0 - 3.0.24 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447 (* Security fix *) +--------------------------+ Mon May 14 16:39:31 CDT 2007 patches/packages/seamonkey-1.1.1-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.1. Removed various symlinks to NSS libraries. If you plan to rebuild the pidgin package in unsupported/pidgin/stable for any reason (you shouldn't need to), first upgrade to this package and then upgradepkg --reinstall the mozilla-nss package. +--------------------------+ Thu May 10 16:14:34 CDT 2007 testing/packages/bash-3.2.017-i486-1_slack11.0.tgz: Upgraded to bash-3.2.017. Moved here from /patches/packages. Honestly, I think /testing may be a better place for bash-3.2 for a while longer -- it's causing trouble with many old scripts. So, we'll give it a while longer to stabilize and for scripts to catch up to any syntax changes which may have occured. +--------------------------+ Tue May 8 22:19:03 CDT 2007 patches/packages/slackpkg-2.60-noarch-1.tgz: Upgraded to slackpkg-2.60. Thanks to Piter Punk! +--------------------------+ Mon May 7 21:55:15 CDT 2007 extra/php5/php-5.2.2-i486-1_slack11.0.tgz: Upgraded to php-5.2.2. This fixes bugs and improves security. For more details, see: http://www.php.net/releases/5_2_2.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 (* Security fix *) patches/packages/php-4.4.7-i486-1_slack11.0.tgz: Upgraded to php-4.4.7. This fixes bugs and improves security. For more details, see: http://www.php.net/releases/4_4_7.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 (* Security fix *) +--------------------------+ Thu May 3 23:02:49 CDT 2007 patches/packages/gnome-icon-theme-2.14.2-noarch-2_slack11.0.tgz: gnome-icon-theme puts its pkgconfig file in the wrong directory, which is (was) breaking compiles. Now it is in the right place. Thanks to Robby Workman for pointing it out. +--------------------------+ Wed Apr 25 15:19:06 CDT 2007 patches/packages/fontconfig-2.4.2-i486-2_slack11.0.tgz: Changed the font paths in /etc/fonts/fonts.conf to point to where the fonts actually are, rather than through a symlink. The symlink (/usr/X11R6/lib/fonts) *should* be made by the aaa_base package, but still it's probably best to point to the real location. Thanks to Zoran Davidovac for the suggestion. Moved man pages to the proper location and gzipped them. Created a /var/cache/fontconfig directory. +--------------------------+ Mon Apr 23 13:32:50 CDT 2007 patches/packages/freetype-2.3.4-i486-2_slack11.0.tgz: Fixed the diffs for the patented algorithms. Thanks to Eric Hameleers. +--------------------------+ Fri Apr 20 13:47:39 CDT 2007 patches/packages/x11-6.9.0-i486-14_slack11.0.tgz: Removed old versions of fc-cache and fc-list. Somehow a couple of old fontconfig binaries snuck into this package, and prevent fc-cache from working properly at boot (or any other time). If you've already installed these upgrades, reinstalling the fontconfig package will fix the issue. If you do that, there's no need to reinstall this new x11 package -- it's been fixed so that there's no longer a problem with the package install order (and because those fc-* binaries didn't belong there). Sorry for any inconvenience... Thanks to Petri Kaukasoina for pointing this out. (* Fix *) +--------------------------+ Thu Apr 19 18:53:08 CDT 2007 patches/packages/fontconfig-2.4.2-i486-1_slack11.0.tgz: Upgraded to the fontconfig-2.4.2 to work better with freetype-2.3.4. patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz: Fixed an overflow parsing BDF fonts. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 (* Security fix *) patches/packages/x11-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-devel-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/xine-lib-1.1.6-i686-1_slack11.0.tgz: Upgraded to xine-lib-1.1.6. This fixes overflows in xine-lib in some little-used media formats in xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in xine-lib < 1.1.5 could definitely cause an application using xine-lib to crash, and it is theorized that a malicious media file could be made to run arbitrary code in the context of the user running the application. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 (* Security fix *) +--------------------------+ Wed Apr 4 13:25:17 CDT 2007 patches/packages/ktorrent-2.1.3-i486-2_slack11.0.tgz: Changed --prefix from /usr to /opt/kde. (Slackware 11.0 still uses that, right? ;-) Thanks to arny for pointing this out. patches/packages/qca-tls-1.0-i486-4_slack11.0.tgz: Recompiled for qt-3.3.8. Sorry to have forgotten about the 3.3.6 plugin location... thanks to Peter Valky for the reminder. +--------------------------+ Tue Apr 3 15:01:57 CDT 2007 patches/packages/file-4.20-i486-1_slack11.0.tgz: Upgraded to file-4.20. This fixes a heap overflow that could allow code to be executed as the user running file (note that there are many scenarios where file might be used automatically, such as in virus scanners or spam filters). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 (* Security fix *) patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz: Upgraded to ktorrent-2.1.3. A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may allow remote attackers to overwrite the ktorrent user's files. A bug in chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash ktorrent and cause heap corruption by the use of an invalid idx value. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385 (* Security fix *) patches/packages/qt-3.3.8-i486-1_slack11.0.tgz: Patched an issue where the Qt UTF 8 decoder may in some instances fail to reject overlong sequences, possibly allowing "/../" path injection or XSS errors. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 (* Security fix *) +--------------------------+ Mon Mar 26 20:54:55 CDT 2007 patches/packages/libwpd-0.8.9-i486-1_slack11.0.tgz: Upgraded to libwpd-0.8.9. Various overflows may lead to application crashes upon opening a specially crafted WordPerfect file. This vulnerability could also conceivably be used by an attacker to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002 (* Security fix *) patches/packages/mozilla-firefox-1.5.0.11-i686-1.tgz: Upgraded to mozilla-firefox-1.5.0.11. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) extra/mozilla-firefox-2.0.0.3/mozilla-firefox-2.0.0.3-i686-1.tgz: Upgraded to mozilla-firefox-2.0.0.3. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Sat Mar 24 19:08:07 CDT 2007 patches/packages/bash-3.2.015-i486-1_slack11.0.tgz: Upgraded to bash-3.2 patchlevel 15. This is an optional upgrade issued due to some problem reports concerning the use of the old- style backquotes in scripts. For example `ls -l` might fail where $(ls -l) works (though the real-world examples are more complex than these, of course. I'd say if you're not having problems with bash you're better off leaving it alone, but if you're getting an error like "unexpected EOF looking for matching `", you may wish to give this package a try. Thanks much to John Pate for helping with late-night debugging. +--------------------------+ Sat Mar 17 17:41:43 CDT 2007 Happy St. Patrick's Day! patches/packages/gaim-1.5.0-i486-3_slack11.0.tgz: Recompiled against mozilla-nss. Also recompiled the GAIM beta in the /pub/slackware/unsupported/ directory, if anyone is interested. patches/packages/mozilla-nss-3.9.2-i486-1_slack11.0.tgz: Added mozilla-nss to provide a more stable API/ABI for GAIM. +--------------------------+ Wed Mar 14 19:38:47 CDT 2007 patches/packages/libpng-1.2.16-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.16. This fixes some problems with the new ImageMagick package, such as massive memory usage using "convert". Thanks to Michael Johnson for letting me know about this. +--------------------------+ Tue Mar 13 18:22:59 CDT 2007 patches/packages/php-4.4.6-i486-1_slack11.0.tgz: Upgraded to php-4.4.6. This version of PHP fixes a problem introduced with the last PHP release where certain applications using "register_globals" may crash. +--------------------------+ Wed Mar 7 17:57:50 CST 2007 patches/packages/gnupg-1.4.7-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.7. This fixes a security problem that can occur when GnuPG is used incorrectly. Newer versions attempt to prevent such misuse. For more information, see: http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html (* Security fix *) patches/packages/x11-6.9.0-i486-12_slack11.0.tgz: Patched. This update fixes overflows in the dbe and render extensions. This could possibly be exploited to overwrite parts of memory, possibly allowing malicious code to execute, or (more likely) causing X to crash. For information about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103 (* Security fix *) patches/packages/mozilla-firefox-1.5.0.10-i686-1.tgz: Upgraded to firefox-1.5.0.10. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.10-i686-1.tgz: Upgraded to thunderbird-1.5.0.10. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.0.8-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/imagemagick-6.3.3_0-i486-1_slack11.0.tgz: Upgraded to imagemagick-6.3.3-0. The original fix for PALM image handling has been corrected. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456 (* Security fix *) extra/mozilla-firefox-2.0.0.2-i686-1.tgz: Upgraded to firefox-2.0.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Thu Feb 22 21:13:04 CST 2007 patches/packages/php-4.4.5-i486-1_slack11.0.tgz: Upgraded to php-4.4.5 which improves stability and security. For complete details, see http://www.php.net. For imformation about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 (* Security fix *) extra/php5/php-5.2.1-i486-1_slack11.0.tgz: Upgraded to php-5.2.1 which improves stability and security. For imformation about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 (* Security fix *) patches/packages/amarok-1.4.5-i486-1_slack11.0.tgz: Upgraded to amarok-1.4.5, which fixes the last.fm stream breakage after the last upgrade to xine-lib. patches/packages/libgpod-0.4.2-i486-1_slack11.0.tgz: Upgraded to libgpod-0.4.2. This is needed for the amarok package. patches/packages/libmtp-0.1.3-i486-1_slack11.0.tgz: Upgraded to libmtp-0.1.3. This is needed for the amarok package. +--------------------------+ Sun Feb 18 15:20:36 CST 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz: Updated with tzdata2007b for impending Daylight Savings Time changes in the US. +--------------------------+ Wed Feb 7 12:29:05 CST 2007 patches/packages/samba-3.0.24-i486-1_slack11.0.tgz: Upgraded to samba-3.0.24. From the WHATSNEW.txt file: "Important issues addressed in 3.0.24 include: o Fixes for the following security advisories: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)" Samba is Slackware is vulnerable to the first issue, which can cause smbd to enter into an infinite loop, disrupting Samba services. Linux is not vulnerable to the second issue, and Slackware does not ship the afsacl.so VFS plugin (but it's something to be aware of if you build Samba with custom options). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454 (* Security fix *) +--------------------------+ Fri Jan 26 22:46:30 CST 2007 patches/packages/bind-9.3.4-i486-1_slack11.0.tgz: Upgraded to bind-9.3.4. This update fixes two denial of service vulnerabilities where an attacker could crash the name server with specially crafted malformed data. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 (* Security fix *) +--------------------------+ Wed Jan 24 14:15:07 CST 2007 patches/packages/fetchmail-6.3.6-i486-1_slack11.0.tgz: Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug introduced in fetchmail-6.3.5 could cause fetchmail to crash. However, no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long standing bug (reported by Isaac Wilcox) could cause fetchmail to send a password in clear text or omit using TLS even when configured otherwise. All fetchmail users are encouraged to consider using getmail, or to upgrade to the new fetchmail packages. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 (* Security fix *) +--------------------------+ Sat Dec 23 16:38:26 CST 2006 extra/mozilla-firefox-2.0.0.1/mozilla-firefox-2.0.0.1-i686-1.tgz: Upgraded to Mozilla Firefox 2.0.0.1. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz: Upgraded to firefox-1.5.0.9. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz: Upgraded to thunderbird-1.5.0.9. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.0.7-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/xine-lib-1.1.3-i686-1_slack11.0.tgz: Upgraded to xine-lib-1.1.3 which fixes possible security problems such as a heap overflow in libmms and a buffer overflow in the Real Media input plugin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200 (* Security fix *) +--------------------------+ Wed Dec 6 15:16:06 CST 2006 patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable bug in earlier versions of gnupg. All gnupg users should update to the new packages as soon as possible. For details, see the information concerning CVE-2006-6235 posted on lists.gnupg.org: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235 This update also addresses a more minor security issue possibly exploitable when GnuPG is used in interactive mode. For more information about that issue, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169 (* Security fix *) +--------------------------+ Fri Dec 1 15:03:20 CST 2006 patches/packages/libpng-1.2.14-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG file could crash applications that use libpng. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 (* Security fix *) patches/packages/proftpd-1.3.0a-i486-1_slack11.0.tgz: Upgraded to proftpd-1.3.0a plus an additional security patch. Several security issues were found in proftpd that could lead to the execution of arbitrary code by a remote attacker, including one in mod_tls that does not require the attacker to be authenticated first. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171 (* Security fix *) patches/packages/tar-1.16-i486-1_slack11.0.tgz: Upgraded to tar-1.16. This fixes an issue where files may be extracted outside of the current directory, possibly allowing a malicious tar archive, when extracted, to overwrite any of the user's files (in the case of root, any file on the system). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097 (* Security fix *) +--------------------------+ Thu Nov 9 18:04:51 CST 2006 extra/mozilla-firefox-2.0/mozilla-firefox-2.0-i686-1.tgz: Moved from /patches, since it was pointed out that this sets LD_LIBRARY_PATH to use the libraries in /usr/lib/firefox-2.0/ which aren't compatible with the SeaMonkey libraries that are used to compile the gxine plugin, breaking it. I'm currently looking for a workaround for this issue, but meanwhile using firefox-1.5.0.8 with the gxine plugin works just fine. Honestly, I hadn't expected to see another firefox-1.x release once 2.0 came out or I might not have added it to Slackware 11.0 after the release... patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz: Upgraded to firefox-1.5.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz: Upgraded to thunderbird-1.5.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.0.6-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.0.6. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Mon Nov 6 21:29:24 CST 2006 patches/packages/bind-9.3.2_P2-i486-1_slack11.0.tgz: Upgraded to bind-9.3.2-P2. This fixes some security issues related to previous fixes in OpenSSL. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named. In addition, the default RSA exponent was changed from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's default) will need to be regenerated to protect against the forging of RRSIGs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) +--------------------------+ Fri Nov 3 23:17:57 CST 2006 extra/php5/php-5.2.0-i486-1.tgz: Upgraded to php-5.2.0. This release "includes a large number of new features, bug fixes and security enhancements." In particular, when the UTF-8 charset is selected there are buffer overflows in the htmlspecialchars() and htmlentities() that may be exploited to execute arbitrary code. More details about the vulnerability may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 Further details about the release can be found in the release announcement: http://www.php.net/releases/5_2_0.php Some syntax has changed since PHP 5.1.x. An upgrading guide may be found at this location: http://www.php.net/UPDATE_5_2.txt This package was placed in /extra rather than /patches to save people from possible surprises with automated upgrade tools, since users of PHP4 and PHP 5.1.x applications may need to make some code changes before things will work again. (* Security fix *) patches/packages/php-4.4.4-i486-4_slack11.0.tgz: Patched the UTF-8 overflow. More details about the vulnerability may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 (* Security fix *) patches/packages/screen-4.0.3-i486-1_slack11.0.tgz: Upgraded to screen-4.0.3. This addresses an issue with the way screen handles UTF-8 character encoding that could allow screen to be crashed (or possibly code to be executed in the context of the screen user) if a specially crafted sequence of pseudo-UTF-8 characters are displayed withing a screen session. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 (* Security fix *) +--------------------------+ Sat Oct 28 23:52:38 CDT 2006 patches/packages/mozilla-firefox-2.0-i686-1.tgz: Upgraded to Mozilla Firefox 2.0. This is a completely optional enhanced feature package update. Usually I'd reserve this space only for security patches (which this is not), but Firefox 2.0 is just so cool that I couldn't resist upgrading it, especially with Slackware 11.0 so recently released. +--------------------------+ Wed Oct 25 15:45:46 CDT 2006 patches/packages/qca-tls-1.0-i486-3_slack11.0.tgz: Rebuilt to place the plugin in /usr/lib/qt-3.3.7/plugins/crypto/. patches/packages/qt-3.3.7-i486-1_slack11.0.tgz: Upgraded to qt-x11-free-3.3.7. This fixes an issue with Qt's handling of pixmap images that causes Qt linked applications to crash if a specially crafted malicious image is loaded. Inspection of the code in question makes it seem unlikely that this could lead to more serious implications (such as arbitrary code execution), but it is recommended that users upgrade to the new Qt package. For more information, see: http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 (* Security fix *) +--------------------------+ Sun Oct 1 23:50:53 CDT 2006 Slackware 11.0 is released. Thanks to everyone who helped out and made this release possible. If I forgot you in the ChangeLog, mea culpa, but you know who you are, and thanks. :-) Enjoy! -P. +--------------------------+ Sun Oct 1 16:45:45 CDT 2006 l/jre-1_5_0_09-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 9. extra/bittornado/bittornado-0.3.15-noarch-1.tgz: Upgraded to bittornado-0.3.15. extra/jdk-1.5.0_09/jdk-1_5_0_09-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 9. +--------------------------+ Sat Sep 30 22:05:20 CDT 2006 extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-3.tgz: This had been named i486 when it's really an i686 arch package. +--------------------------+ Sat Sep 30 19:35:24 CDT 2006 a/etc-11.0-noarch-2.tgz: Added missing comment marks (#) for distcc ports in /etc/services. Thanks to Michiel Broek. n/popa3d-1.0.2-i486-2.tgz: Do better checking of passwd and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. n/sendmail-8.13.8-i486-4.tgz: Do better checking of passwd and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. n/sendmail-cf-8.13.8-noarch-4.tgz: Rebuilt. extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-3.tgz: Recompiled to add missing SMP/SMT support. Thanks to arny for noticing that I'd started with the wrong .config. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-3.tgz: Rebuilt. extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-3.tgz: Recompiled. +--------------------------+ Sat Sep 30 01:52:09 CDT 2006 testing/packages/fontconfig-2.4.1-i486-1.tgz: Upgraded to fontconfig-2.4.1. Thanks to Frédéric L. W. Meunier for pointing this out. l/shared-mime-info-0.19-i486-1.tgz: Upgraded to shared-mime-info-0.19. +--------------------------+ Fri Sep 29 23:41:35 CDT 2006 l/libgpod-0.4.0-i486-1.tgz: Upgraded to libgpod-0.4.0. Thanks to Shilo Bacca. l/pango-1.12.4-i486-1.tgz: Fixed bogus empty GPOS table warning and other minor bugs. extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-2.tgz: Rebuilt SMP kernels setting -smp in CONFIG_LOCALVERSION, not EXTRAVERSION. Thanks to Tom B. for snapping me out of my old-skool ways. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-2.tgz: Rebuilt. extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-2.tgz: Rebuilt. testing/packages/iptables-1.3.6-i486-1.tgz: This one appeared too late to be considered for mainline (not enough test time), but it _should_ be stable. testing/packages/wpa_supplicant-0.4.9-i486-1.tgz: Added wpa_supplicant-0.4.9. Thanks to Eric Hameleers for a good head-start on this one. +--------------------------+ Fri Sep 29 02:10:15 CDT 2006 a/openssl-solibs-0.9.8d-i486-1.tgz: Upgraded to shared libraries from openssl-0.9.8d. See openssl package update below. (* Security fix *) n/openssh-4.4p1-i486-1.tgz: Upgraded to openssh-4.4p1. This fixes a few security related issues. From the release notes found at http://www.openssh.com/txt/release-4.4: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052 After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set the way you want them. Future upgrades will respect the existing permissions settings. Thanks to Manuel Reimer for pointing out that upgrading openssh would enable a previously disabled sshd daemon. Do better checking of passwd, shadow, and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. (* Security fix *) n/openssl-0.9.8d-i486-1.tgz: Upgraded to openssl-0.9.8d. This fixes a few security related issues: During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7) Thanks to Dr S. N. Henson of Open Network Security and NISCC. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940). Thanks to Dr S. N. Henson of Open Network Security and NISCC. A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. (CVE-2006-3738) Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash (CVE-2006-4343). Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 (* Security fix *) zipslack/zipslack.zip: Rebuilt ZipSlack with new openssl-solibs and openssh packages. +--------------------------+ Thu Sep 28 03:33:49 CDT 2006 ap/vorbis-tools-1.1.1-i486-3.tgz: Fixed UTF8 support. Thanks to Igor Pashev for providing a simple patch from Gene Pavlovsky. kernels/huge26.s/*: Added support for USB and IEEE1394 storage devices. kernels/test26.s/*: Added support for USB and IEEE1394 storage devices. Thanks to Tais M. Hansen for pointing out that these kernels lacked support for USB storage devices. Using these kernels with udev may cause a few warnings at boot time as udev attempts to load the already built-in support, but these seem to be harmless. +--------------------------+ Tue Sep 26 05:57:52 CDT 2006 a/aaa_base-11.0.0-noarch-2.tgz: Updated the "Welcome to Slackware" email. Added /media directory, subdirectories, and symbolic links recommended by the FHS, along with README files to help me understand the difference between this directory and /mnt. ;-) a/etc-11.0-noarch-1.tgz: Fixed a bug in /etc/csh.login that caused repeated use of "csh -l" to duplicate search directories in the $path. Clearly /etc/csh.login should set the path just as /etc/profile does. This bug dates back at at least 1997, maybe earlier, so congratulations to Dimitar Zhekov for winning this release's "smite the oldest bug" award. Added distcc port to /etc/services. Thanks to Erik Jan Tromp and Robby Workman for the continual reminders. ;-) a/pkgtools-11.0.0-i486-4.tgz: Made upgradepkg a little bit more gentle -- if it is run on a corrupted .tgz it will no longer remove the original package. Thanks to Ric Anderson for the report. Added rc.scanluns to the services setup menu. a/sysvinit-2.84-i486-69.tgz: Fixed path to /sbin/initscript shown in init.8 (again). Thanks to Robby Workman. Changed rc.S to run rc.serial according to whether the script is executable. a/util-linux-2.12r-i486-5.tgz: Treat /etc/rc.d/rc.serial (to preserve file permissions), /etc/serial.conf, and /etc/fdprm as '.new' config files. ap/lm_sensors-2.10.0-i486-3.tgz: Fixed hardcoded /usr/local paths in sensors-detect. Thanks to Jakub Jankowski. kde/kdebase-3.5.4-i486-7.tgz: Patched to fix media:/ URLs in Konqueror without requiring HAL. Thanks to everyone involved in reporting this issue and seeing that it was addressed: http://bugs.kde.org/show_bug.cgi?id=132281 A big thanks to coolo (Stephan Kulow) for coming up with a patch. :-) zipslack/zipslack.zip: Added ZipSlack. +--------------------------+ Sat Sep 23 03:45:30 CDT 2006 a/sysvinit-2.84-i486-68.tgz: In rc.M, start rc.hplip if found. Fix the path to /sbin/initscript shown in init.8. Thanks to Robby Workman. xap/sane-1.0.18-i486-3.tgz: Added HPLIP backend (hpaio) to dll.conf. testing/packages/cups-1.2.4/cups-1.2.4-i486-1.tgz: Upgraded to cups-1.2.4. The web site says that more problems were fixed. I would still approach this one cautiously, though I'm sure it (or its descendent) will be used in Slackware 11.1. Unless you have a reason to need this now, I'd wait. testing/packages/hplip-1.6.9-i486-1.tgz: Added hplip-1.6.9, a complete print, scan, and fax system for HP devices. This isn't being merged into the AP series as a replacement for hpijs solely because I'd like to see it get more testing first. It is working perfectly here. Thanks to Robby Workman for doing the vast majority of the work on this package. :-) testing/packages/gutenprint-5.0.0-i486-2.tgz: Don't overwrite GIMP's "print" plugin -- instead install the plugin as "gutenprint". Thanks again to Stefano Vesa. +--------------------------+ Fri Sep 22 01:57:52 CDT 2006 n/portmap-5.0-i486-3.tgz: In rc.rpc, fixed restart function. Thanks to Grant. +--------------------------+ Thu Sep 21 04:05:03 CDT 2006 This is still Slackware 11.0 release candidate 5 (for now), and is still the last release candidate, scout's honor. We are nearly there. :-) a/devs-2.3.1-noarch-25.tgz: Added /dev/i2c-* devices. Thanks to Jean Delvare. Just a reminder on devs, as I've had some email about it. As it stands, devs is required to boot even if the machine runs a 2.6+ kernel and uses udev. a/hotplug-2004_09_23-noarch-11.tgz: Don't allow dhcpcd -k to make noise at shutdown time if dhcpcd is not running (as in cases where it was shut down manually, or the lease time was infinite). a/logrotate-3.7.4-i486-1.tgz: Upgraded to logrotate-3.7.4. After reading the diff -u and doing some test rotations, this seems safe to include for 11.0. Suggested by Mateus César Gröess and Rafal Lorenc. Rotate /var/log/btmp. Thanks to James Michael Fultz. a/pkgtools-11.0.0-i486-3.tgz: Stripped /bin/dialog. Thanks to mRgOBLIN for saving us 18K of hard drive space. :-) In setup.services, rename rc.portmap to rc.rpc. This is no longer started by default. Instead you must turn it on (only if you plan on mounting NFS partitions manually). Otherwise, it will be run regardless of exec perms if NFS shares or mounts are detected at boot time. ap/diffstat-1.43-i486-1.tgz: Added Thomas Dickey's diffstat utility. Suggested by Michael Iatrou. ap/lm_sensors-2.10.0-i486-2.tgz: Edited slack-desc since the package contains only the tools for lm_sensors, not the drivers. In the case of the 2.6+ kernel, these are included with the kernel-modules package. For 2.4, the modules would have to be built by the end user. Also, there is still no startup script included for this package, but that's something that will be looked at for the next development cycle. Removed the mkdev.sh after including the i2c devices in the devs package. Thanks again to Jean Delvare for the advice, and for his work maintaining lm_sensors upstream. :-) n/mailx-12.1-i486-1.tgz: Upgraded to mailx-12.1 from nail-11.25 (renamed). Thanks to Gerardo Exequiel Pozzi for pointing this out. n/nfs-utils-1.0.10-i486-3.tgz: Moved rpc.lockd and rpc.statd to /sbin. Reworked rc.nfsd to make use of the rc.rpc script in "portmap". n/portmap-5.0-i486-2.tgz: Replaced /etc/rc.d/rc.portmap with /etc/rc.d/rc.rpc. This script will start rpc.portmap, rpc.lockd, and rpc.statd. All of these are needed to make proper use of NFS from either the server or client side, so this approach should be more likely to work out of the box. Note that nfs-utils will also be required in order to use rc.rpc or NFS, even as a client. If rc.rpc is needed, another script will run it as long as it is readable. The only reason to make rc.rpc executable would be to run it at boot time when there are no shares in /etc/exports and no mounts in /etc/fstab, but you wish to be able to mount NFS partitions manually. Thanks to Arno G. Schielke and Cesar Suga for suggesting this idea. n/tcpip-0.17-i486-39.tgz: Don't allow dhcpcd -k to make noise at shutdown time if dhcpcd is not running (as in cases where it was shut down manually, or the lease time was infinite). Added support in rc.inet1 and rc.inet1.conf for adjustable DHCP_TIMEOUT. Thanks to Eric Hameleers. x/ttf-indic-fonts-0.4.7.1-noarch-1.tgz: Added TTF fonts for displaying Indic scripts. This package supports Bengali, Devanagari, Gujarati, Kannada, Malayalam, Oriya, Punjabi, Tamil, and Telugu. For information about fully enabling Indic support (including input), see: /usr/doc/Linux-HOWTOs/Indic-Fonts-HOWTO. isolinux/initrd.img: Patched installer's network script to look for network26.dsk if 2.6.17.13 (huge26.s) is used to boot/install. Thanks to Piter Punk for work done (long ago) to fix probing for 2.6 modules. Thanks to Eric Hameleers for helping debug loopback mounts in the installer when using the 2.6.17.13 (huge26.s) kernel. NFS installs with the test26.s kernel are not supported by this system, but should work if you put the module(s) you need on a floppy or otherwise make them available and load them manually. isolinux/network26.dsk: Added network26.dsk for NFS installs with huge26.s. Don't try to put this one on a floppy disk, folks. ;-) kernels/huge26.s/*: Added built-in NLS (CONFIG_NLS_CODEPAGE_437, CONFIG_NLS_ISO8859_1, and CONFIG_NLS_UTF8) to allow FAT filesystems to loopback mount for NFS installs. kernels/test26.s/*: Added 2.6.18 test26.s kernel. rootdisks/install.1: Patched installer's network script. rootdisks/install.2: Rebuilt. rootdisks/install.zip: Patched installer's network script. testing/packages/flex-2.5.33-i486-1.tgz: Added flex-2.5.33. Requested by Alberto Simões. testing/packages/gutenprint-5.0.0-i486-1.tgz: Added gutenprint-5.0.0. This package was formerly known as "gimp-print", and will likely take the place of gimp-print in the AP series after going through testing. Suggested by Stefano Vesa. testing/packages/linux-2.6.18/kernel-generic-2.6.18-i486-1.tgz: Added Linux 2.6.18 generic kernel. testing/packages/linux-2.6.18/kernel-headers-2.6.18-i386-1.tgz: Added Linux 2.6.18 kernel headers. testing/packages/linux-2.6.18/kernel-modules-2.6.18-i486-1.tgz Added Linux 2.6.18 kernel modules. testing/packages/linux-2.6.18/kernel-source-2.6.18-noarch-1.tgz Added Linux 2.6.18 kernel source. +--------------------------+ Tue Sep 19 18:13:09 CDT 2006 l/arts-1.5.4-i486-2.tgz: Patched an annoying bug where audio programs such as ogg123 would not work unless KDE had been run first. I took several stabs with me sword at ripping out kdebase's surprise HAL requirement as well, but the best I could achieve was "Internal Error". Aarrr!! +--------------------------+ Tue Sep 19 14:07:49 CDT 2006 a/gzip-1.3.5-i486-1.tgz: Upgraded to gzip-1.3.5, and fixed a variety of bugs. Some of the bugs have possible security implications if gzip or its tools are fed a carefully constructed malicious archive. Most of these issues were recently discovered by Tavis Ormandy and the Google Security Team. Thanks to them, and also to the ALT and Owl developers for cleaning up the patch. For further details about the issues fixed, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 (* Security fix *) n/procmail-3.22-i486-2.tgz: Added support for large (2GB+) mailboxes. Thanks to Dominik L. Borkowski. isolinux/initrd.img: Patched installer to allow splitting a package series over two or more pieces of optical media. If a package directory contains a file named README_SPLIT.TXT, then it will be continued on the next disc. An example of such a file can be found in /isolinux. Thanks very much to Eric Hameleers for the initial patch and testing! rootdisks/install.1: Rebuilt. rootdisks/install.2: Patched to allow a split package series. rootdisks/install.zip: Patched to allow a split package series. +--------------------------+ Mon Sep 18 15:18:07 CDT 2006 l/neon-0.25.5-i486-2.tgz: Enabled missing SSL support. Thanks much to Mircea Baciu! +--------------------------+ Mon Sep 18 05:33:24 CDT 2006 Slackware 11.0 release candidate 5. This is the last one, scout's honor. a/aaa_elflibs-11.0.0-i486-9.tgz: Stripped /lib/libbz2.so.1.0.3, added /lib/libdm.so.0.0.4. a/bzip2-1.0.3-i486-3.tgz: Stripped /lib/libbz2.so.1.0.3. ap/espgs-8.15.3svn185-i486-1.tgz: Upgraded to espgs-8.15.3svn185. OK, I don't like using repo versions at all, much less inserting them at the last second. But, it seems like par for the course for ghostscript and its offshoots where there wasn't much choice about shipping 8.15rc4 in Slackware 10.2. In this case, building from svn fixes two critical problems: missing support for CJK, and not correctly printing Umlauts with certain fonts. Thanks to Shin-ichi Abe and Matthias Bachert. If this version of espgs creates new problems that are worse than these, please let me know as soon as possible. It's tested here and seems stable. ap/vim-7.0.109-i486-1.tgz: Upgraded to vim-7.0.109. d/subversion-1.4.0-i486-1.tgz: After a couple convincing assurances that this was a safe and ABI/API compatible upgrade, I decided to allow this upgrade. Thanks to Malcolm Rowe and Janusz Dziemidowicz. l/desktop-file-utils-0.11-i486-1.tgz: Added desktop-file-utils-0.11. The next XFce will need this freedesktop.org package. Thanks to Robby Workman for the information. l/libexif-0.6.13-i486-2.tgz: Fixed libexif.pc includedir. Thanks to Charles Shannon Hendrix for pointing this out. l/libtheora-1.0alpha7-i486-1.tgz: Added libtheora-1.0alpha7. This links with (as far as I know) optional plugins only and is a safe last-second addition. Furthermore, the Theora team has promised that files encoded with this version of the codec will always be playable. The format is stable and ready for production use, so keeping it out of 11.0 due to the "alpha" would be plain silly. Suggested by Edo Hikmahtiar, and Diogo R. l/libungif-4.1.4-i486-3.tgz: Added the utilities in /usr/bin, some of which are used to detect that annoying image spam that's on the rise... Thanks to Joran Kvalvaag. l/neon-0.25.5-i486-1.tgz: Added neon package, split from subversion-deps-1.4.0. x/dejavu-ttf-2.10-noarch-1.tgz: Upgraded to dejavu-ttf-2.10. xap/vim-gvim-7.0.109-i486-1.tgz: Upgraded to vim-7.0.109. Once again, this is just an add-on for the VIM package in ap. :-) xap/xine-lib-1.1.2-i686-2.tgz: Recompiled against libtheora to include the Theora codec plugin. Theora testsuite passed. xap/xine-ui-0.99.4-i686-3.tgz: Patched an issue where xine-ui could block input to Konsole. Thanks to Nuts Mueller. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz: Fixed slack-desc typo. No actual rebuild, so no -$BUILD bump. Thanks to David Somero. isolinux/initrd.img: Fixed swap setup in the "Cancel" or unselecting all swap partitions case. Thanks to Marcus Moeller. rootdisks/install.1: Rebuilt. rootdisks/install.2: Fixed swap setup. rootdisks/install.zip: Fixed swap setup. +--------------------------+ Sat Sep 16 23:08:49 CDT 2006 l/libgpod-0.3.2-i486-2.tgz: Added --enable-eject-command and --enable-unmount-command. Thanks to Kody K. kde/amarok-1.4.3-i486-4.tgz: Recompiled with a patch to fix non-latin1 playlist corruption by forcing UTF8. Thanks to guilherme and the kind folks on #amarok. Added explicit --emable-libgpod. Thanks to Kody K. kde/kdeutils-3.5.4-i486-2.tgz: Fixed ark crash due to race condition on SMP machines. Thanks to JaguarWan. n/rdesktop-1.5.0-i486-1.tgz: Upgraded to rdesktop-1.5.0. Thanks to Andrew Fuller for pointing it out. x/x11-6.9.0-i486-11.tgz: Fixed an overflow in CID encoded Type1 font parsing. For further reference, see: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740 (* Security fix *) Also, fixed French Canadian keymap variant. Thanks to Patrice Tremblay. x/x11-devel-6.9.0-i486-11.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-11.tgz: Recompiled. x/x11-xnest-6.9.0-i486-11.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-11.tgz: Recompiled. extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-1.tgz: This is an optional kernel with support for SMP (up to 16), dual core optimizations, and SMT (Hyperthreading). Fully tuned and ready to go. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz Optional kernel headers. There will only be needed to compile a few things, such as apps and libraries that use ALSA (it contains the /usr/include/sound directory that for 2.4.x kernels is supplied in the alsa-driver package). extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-1.tgz: Kernel modules for Linux 2.6.17.13-smp, including ALSA modules. These install into /lib/modules/2.6.17.13-smp/. +--------------------------+ Thu Sep 14 19:41:22 CDT 2006 d/git-1.4.2.1-i486-1.tgz: Upgraded to git-1.4.2.1. xap/mozilla-firefox-1.5.0.7-i686-1.tgz: Upgraded to firefox-1.5.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) xap/mozilla-thunderbird-1.5.0.7-i686-1.tgz: Upgraded to thunderbird-1.5.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) xap/seamonkey-1.0.5-i486-1.tgz: Upgraded to seamonkey-1.0.5. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Thu Sep 14 03:57:37 CDT 2006 a/glibc-solibs-2.3.6-i486-6.tgz: Recompiled. a/glibc-zoneinfo-2.3.6-noarch-6.tgz: Upgraded to tzcode2006k and tzdata2006k. Added "ldconfig -r ." to install script. Thanks to Stuart Winter. a/openssl-solibs-0.9.8b-i486-2.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. The patch is used instead of an upgrade to openssl-0.9.8c as it was issued later with a corrected fix. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) a/udev-097-i486-10.tgz: If there's no udevd daemon, don't allow rc.udev to try to start. Thanks to Eugene Crosser. d/pkgconfig-0.21-i486-3.tgz: Added {curly brackets} around PKG_CONFIG_PATH in /etc/profile.d/pkgconfig.*. Thanks to Rémy Pagniez. l/glibc-2.3.6-i486-6.tgz: Recompiled against 2.4.33.3 and 2.6.17.13 headers. (these kernel versions are now "golden" for release) l/glibc-i18n-2.3.6-noarch-6.tgz: Recompiled. l/glibc-profile-2.3.6-i486-6.tgz: Recompiled. n/openssl-0.9.8b-i486-2.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. The patch is used instead of an upgrade to openssl-0.9.8c as it was issued later with a corrected fix. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) kernels/huge26.s/*: Added NFSv3 support. +--------------------------+ Tue Sep 12 06:29:32 CDT 2006 a/sysvinit-2.84-i486-67.tgz: Sleep 3 seconds before mounting non-root partitions. This was a sleep that I'd removed earlier in the devel cycle to see what it would break (if anything), and the answer is some external hard drives that take a couple seconds to hotplug. Thanks to Fabio Busatto. In rc.M, restart udevd when returning from single user mode. Thanks to James Michael Fultz. Patched initscript.5 man page to show proper /sbin/initscript path. Thanks to Robby Workman. Found another assumption that the kernel has hotplug support in the rc.udev stop function. Thanks again to Gary Hawco for the original bug report. a/udev-097-i486-9.tgz: Uncommented dmsetup rule for LVM2 -- it doesn't seem to hurt anything. Thanks to Dex Filmore. ap/diffutils-2.8.1-i486-3.tgz: Fixed sdiff.1 man page. Thanks to James Michael Fultz. kde/amarok-1.4.3-i486-3.tgz: Recompiled against new libmtp. l/libmtp-0.0.18-i486-1.tgz: Upgraded to libmtp-0.0.18. l/libwpd-0.8.6-i486-1.tgz: Upgraded to libwpd-0.8.6. Thanks to Eugene C. for the CXXFLAGS advice. n/imapd-4.64-i486-3.tgz: Added missing md5.txt mentioned in the imapd man page, plus a note about additional (large) documentation in the sources. The docs directory was also moved to /usr/doc/imapd4.64. Thanks to Mark Flacy for reminding me about this one. n/rdesktop-1.4.1-i486-1.tgz: Added rdesktop-1.4.1. Yes, we're in release candidates, but if this doesn't work at least it is small. :-) I've had many, many requests, and it is needed by krdc, so that's my rationale. Oh -- and thanks to everyone for positive feedback on libgpod. I also fixed the typo in my request for feedback below. I hope that doesn't break too many ChangeLog parsing scripts... n/stunnel-4.17-i486-1.tgz: Upgraded to stunnel-4.17. Thanks to Cal Peake for the notice. +--------------------------+ Mon Sep 11 02:10:19 CDT 2006 a/module-init-tools-3.2.2-i486-2.tgz: In /etc/modprobe.d/, if there's no /etc/modprobe.d/modprobe.conf file, try to make a link to ../modprobe.conf. This will retain legacy support for existing /etc/modprobe.conf files. Thanks very much to Ivan Kalvatchev for persisting with this bug report until I finally saw the light of day. :-) l/libmtp-0.0.16-i486-2.tgz: Fixed hotplug and udev support. Thanks to Carlos Corbacho for the help on this -- I knew it wasn't working yet and was hoping someone would step up. Wow, that was fast! l/libnjb-2.2.5-i486-2.tgz: Fixed hotplug and udev support. Again, thanks to Carlos Corbacho. Now my NJB3 works. :-) Anyone have any yea/nay feedback on libgpod and amaroK? +--------------------------+ Sat Sep 9 14:56:38 CDT 2006 kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.17.13. extra/linux-2.6.17.13/kernel-generic-2.6.17.13-i486-1.tgz: Upgraded to Linux 2.6.17.13 generic kernel. extra/linux-2.6.17.13/kernel-headers-2.6.17.13-i386-1.tgz: Upgraded to Linux 2.6.17.13 kernel headers. extra/linux-2.6.17.13/kernel-modules-2.6.17.13-i486-1.tgz Upgraded to Linux 2.6.17.13 kernel modules. extra/linux-2.6.17.13/kernel-source-2.6.17.13-noarch-1.tgz Upgraded to Linux 2.6.17.13 kernel source. [ Andrea was asleep when I noticed these, and I didn't want to find out what happens when one wakes one's sleeping wife and asks her to start building kernels, so... ] +--------------------------+ Sat Sep 9 01:18:53 CDT 2006 d/ruby-1.8.4-i486-2.tgz: As it would so happen, ruby-1.8.5 fixes a security problem, but also breaks a considerable number of things, including Ruby on Rails (RoR being one of the biggest appeals of Ruby), and other applications that make interesting use of it. So, for now anyway -- back to 1.8.4. kde/amarok-1.4.3-i486-2.tgz: This was the only thing that touched the tainted Ruby. ;-) Seriously, this will all get straightened out, but we have a release to do. Should we wait for everyone to adopt the new Ruby API/ABI? Or must it be: "works" / "secure" -- pick one? :-) It's always best to use the right tool for the job or you can get hurt. Remember shop class? kde/kdesdk-3.5.4-i486-2.tgz: Recompiled with configure flags that allow the apr libraries to be found. Thanks to Giacomo Lozito. y/bsd-games-2.13-i486-8.tgz: "pom" now supports a reasonable number of digits with a command line option, as noted in the man page. Default behavior has not been changed (it is still a rounded integer percentage). My own patch didn't live long enough to see birth in a stable release, but who cares. :-) Thanks to Eric Hameleers (who loves a good time-waster) for the better patch. I knew he wouldn't be able to resist this one. ;-> bootdisks/raid.s: Reverted to the old megaraid driver since regaraid2 is already in the scsi2.s bootdisk. kernels/huge26.s/*: Fixed USB keyboard support in the installer (at least tested on CD/DVD media). Thanks to Bruce Hill, Jr. for pointing out that this was no longer working. Please note that if you install with this you still need kernel-modules from /extra, and that there's no alsa-driver for this kernel because it's all built into kernel-modules and kernel-headers (well, and the kernel :-). ALSA 1.0.11/12 specifically DO NOT support these newer kernels. Check out the SUPPORTED_KERNELS file in the alsa-driver source. Feel free to play with various combinations (many DO work, but without any noticable improvement to me). I try very hard to not break your sound system, but I'm already bending the rules with alsa-driver-1.0.11_2.4.33.3... Also, if you find bugs in stuff I don't ship, contact the appropriate maintainer too, please. I am not the hg repository for everything I ship. (I know, I do look remarkably similar ;-) "Is this the spacecraft assembly building?" kernels/raid.s/*: Moved from the megaraid2 driver to the old megaraid driver, after it was pointed out that megaraid2 is already in scsi2.s. +--------------------------+ Thu Sep 7 22:59:40 CDT 2006 d/ruby-1.8.5-i486-1.tgz: Upgraded to ruby-1.8.5. Honestly, I'm not sure these next three will help at the moment, but we're laying some groundwork for later when HAL will take over (and sing "Daisy"). l/libgpod-0.3.2-i486-1.tgz: Added libgpod-0.3.2. l/libmtp-0.0.16-i486-1.tgz: Added libmtp-0.0.16. l/libnjb-2.2.5-i486-1.tgz: Added libnjb-2.2.5. kde/amarok-1.4.3-i486-1.tgz: Upgraded to amarok-1.4.3. Added plugins linked with libgpod, libmtp, and libnjb. Working status (even with a bit of DYI) is not known (yet). It might require HAL to make it do anything at all. n/bind-9.3.2_P1-i486-1.tgz: Upgraded to bind-9.3.2-P1. This update addresses a denial of service vulnerability. BIND's CHANGES file says this: 2066. [security] Handle SIG queries gracefully. [RT #16300] The best discussion I've found is in FreeBSD's advisory, so here's a link: http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc Also, fixed some missing man pages. (noticed by Xavier Thomassin -- thanks) (* Security fix *) y/bsd-games-2.13-i486-7.tgz: Snipped part of a crufty old patch that wouldn't apply. Added an (unapplied) patch to make pom give you two more digits of accuracy. I didn't apply it since it wasn't quite done; it should have the traditional default (no decimal places) that everyone is used to, and an arbitrary accuracy selectable with a command line switch. Perhaps it should be rewritten to use gmp. Oh, and the man page will then need fixing. Eric? ;-) +--------------------------+ Sun Sep 3 19:59:47 CDT 2006 a/udev-097-i486-8.tgz: Fixed a missing '[' in rc.udev. Thanks to guilherme for pointing out the error, and to J., who found the missing '['. (It had fallen off my desk and ended up under a table) kernels/System.map: Forgot to gzip a bunch of these. Thanks, Steve'o. +--------------------------+ Sun Sep 3 01:46:42 CDT 2006 I wasn't planning a Slackware 11.0 release candidate 4, but here we go. a/kernel-ide-2.4.33.3-i486-1.tgz: Upgraded to Linux 2.4.33.3 sata.i kernel. a/kernel-modules-2.4.33.3-i486-1.tgz Upgraded to Linux 2.4.33.3 kernel modules. a/udev-097-i486-7.tgz: Make sure /proc/sys/kernel/hotplug exists before writing to it. Thanks to Gary Hawco for the bug report. Change log level from "crit" or "err" since udev doesn't support "crit". Silly me, I saw some mention of syslog levels in the docs and assumed it supported all of them. At least in unrecognized cases the default is "err" anyway, so this bug didn't cause ill effects. Accuracy in documentation is, nevertheless, always a good thing to strive for. (I'm referring here to my own inaccurate additions to udev.conf...) Thanks to Chris Vowden for pointing this out. Don't fail to mount tmpfs on /dev because some other tmpfs mount exists. Thanks to Ken Milmore for the patch. Forget standards -- if k3b wants "/dev/writer" then that is good enough justification for me. Try to make a link to the most full-featured burner. Thanks to my good friend Dex Filmore. Relaxed the perms on input events from 600 to 640 so that members of group root can also read events. Mode 644 was suggested, but wouldn't that let anyone on the box set up e.g. a keyboard logger? It didn't seem secure to me, and 640 looks like a decent compromise. Thanks to Jon Anders Skorpen. ap/mysql-5.0.24a-i486-1.tgz: Upgraded to mysql-5.0.24a. Evidently the ABI change in MySQL 5.0.24 was unintentional, so all the packages that were recompiled before need another recompile. Oh well, maybe this little exercise has fixed something else we didn't know about. :-) d/kernel-headers-2.4.33.3-i386-1.tgz: Upgraded to Linux 2.4.33.3 kernel headers. d/perl-5.8.8-i486-3.tgz: Recompiled against libmysqlclient. k/kernel-source-2.4.33.3-noarch-1.tgz Upgraded to Linux 2.4.33.3 kernel source. kde/koffice-1.5.2-i486-4.tgz: Recompiled against libmysqlclient. kde/qt-3.3.6-i486-4.tgz: Recompiled against libmysqlclient. l/alsa-driver-1.0.11_2.4.33.3-i486-1.tgz: Recompiled for Linux 2.4.33.3. By the way, I did try ALSA 1.0.12 and noticed that emu10k1 wasn't compiling for Linux 2.4.33.3. I think we are probably safer sticking with the well tested ALSA 1.0.11 for the release. n/bitchx-1.1-i486-5.tgz: Recompiled against libmysqlclient. n/dhcp-3.0.4-i486-2.tgz: Fixed incorrect man page permissions. Thanks to Jerome Pinot. n/iptables-1.3.5-i486-2.tgz: Updated a rather ancient description file. Thanks to Sean Donner for noticing that. I hope the many folks still running Linux 2.2.x were adequately warned. n/php-4.4.4-i486-3.tgz: Recompiled against libmysqlclient. n/samba-3.0.23c-i486-1.tgz: Upgraded to samba-3.0.23c. n/sendmail-8.13.8-i486-3.tgz: Recompiled with official patch. "(2006-08-30) If sendmail is used with -bs and a mail filter (milter) is configured, an assertion can be triggered. This patch fixes the bug." Thanks much to Jakub Jankowski for the heads up. n/sendmail-cf-8.13.8-noarch-3.tgz extra/ktorrent/ktorrent-2.0.2-i486-1.tgz: Added ktorrent-2.0.2. Thanks to Erik Jan Tromp for showing me this one. I've always used the command line BT clients (usually in "screen"), but this is nice, doesn't require mainline BitTorrent or any non-KDE dependencies, and will work great for downloading (and seeding) Slackware ISO images. :-) extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.3-i486-1.tgz: Recompiled for Linux 2.4.33.3. extra/php5/php-5.1.6-i486-2.tgz: Recompiled against libmysqlclient. bootdisks/*: Upgraded to Linux 2.4.33.3 kernels. kernels/*: Upgraded to Linux 2.4.33.3 kernels, except the huge.s kernel. In raid.s, switch from the megaraid to megaraid2 driver. This should support everything the old driver did and then some. If there are problems, let me know ASAP. Thanks to Michael Johnson. isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. Eric Hameleers and I did a bit more work on the NFS installer (in the install.* rootdisks below, too). Now installing via NFS will attempt to mount the root of the Slackware tree first, rather than only the /slackware directory within. This (if successful), allows choosing a kernel to install later on, just like installing from CD, DVD, or hard drive. If it doesn't work (perhaps only /slackware is exported) then the installer will fall back on the traditional behavior. Thanks to everyone who suggested this idea from time to time, and thanks to Eric for finally making it happen. isolinux/network.dsk: Upgraded network modules to Linux 2.4.33.3. isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.3. rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33.3. rootdisks/pcmcia.dsk: Upgraded pcmcia network modules to Linux 2.4.33.3. I can be off topic here, right? BIG congratulations to my little sister Jennifer on the birth of her daughter Abigail Jane. Mazel Tov! :-) +--------------------------+ Tue Aug 29 06:24:26 CDT 2006 a/util-linux-2.12r-i486-4.tgz: Fixed incorrect permissions on /var/lock. Thanks to Steven Robson. f/linux-howtos-20060829-noarch-1.tgz: Updated the HOWTOs again. I guess back in February this must have been looking ready to release. ;-) Thanks to Szymczak Artur for noticing the HOWTOs were stale. x/x11-6.9.0-i486-10.tgz: Reverted the ATI hang patch after problem reports. If you were helped by the patch it'll be held in /extra for the release so that hopefully everyone can enjoy a working ATI card. :-) Thanks again to Mark Canter, as this is a real problem but the patch does seem to introduce some new issues of its own. It's good to have an alternate driver just in case, though. x/x11-devel-6.9.0-i486-10.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-10.tgz: Recompiled. x/x11-xnest-6.9.0-i486-10.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-10.tgz: Recompiled. extra/slackpkg/slackpkg-2.09-noarch-1.tgz: Upgraded to slackpkg-2.09-noarch-1. Thanks to Piter Punk. extra/x11-radeon-patched/x11-radeon-patched-6.9.0-i486-1.tgz: Here's the patched radeon module from the -9 X.Org Slackware packages. There's a README file included with it explaining what it is for with references to a discussion of the issue. isolinux/initrd.img: Fixed an installer bug where setup would ask which swap partitions you'd like to use and then conveniently set them all up for you if you selected at least one. Thanks to DEF. rootdisks/install.1: Fixed a bug where libraries that were moved to install.2 to make space on install.1 were needed by /bin/mount. Thanks to David Bray. rootdisks/install.2: Moved a couple of libraries to install.1. Fixed installer swap bug. rootdisks/install.zip: Fixed installer swap bug. +--------------------------+ Sun Aug 27 05:36:53 CDT 2006 ap/vim-7.0.066-i486-2.tgz: Use the default vanilla system vimrc as distributed with the vim sources. Thanks to J for mentioning that using vim with 'crontab -e' was working fine without any additions to the vimrc. d/m4-1.4.6-i486-1.tgz: Upgraded to m4-1.4.6. l/libpng-1.2.12-i486-2.tgz: Recompiled so that libpng.so.* links to libz and libm. This has been a point of contention for a long time with the PNG folks maintaining that you shouldn't have to link libpng this way. Well, just about everyone else builds libpng to link with -lz and -lm automatically, but I've held my ground along with the PNG team (usually I will defer to upstream and will send people there with these kinds of requests). Today Janusz Dziemidowicz pointed out that if you build libpng with ./configure that now it *is* linking to these. Good enough reason to end this problem right now. Thanks Janusz, for pointing out that discrepancy and sending in a patch. :-) n/irssi-0.8.10a-i486-4.tgz: Removed duplicates and unformatted files from docs/help directory. Thanks to James Michael Fultz. x/dejavu-ttf/dejavu-ttf-2.9-noarch-1.tgz: Upgraded to dejavu-ttf-2.9. Moved from /extra into the X series. Thanks to the DejaVu team (http://dejavu.sf.net) for the superb work. x/fontconfig-2.2.3-i486-2.tgz: Patched /etc/fonts.conf to favor the DejaVu fonts over the Vera ones if they are present on the machine. US English users should notice only minor (if any) differences with this patch, but other users could see their language displayed properly out-of-the box for the first time. :-) x/x11-6.9.0-i486-9.tgz: Patched a PCF font parsing bug that could crash X. Fixed the Greek keyboard layout. Thanks to Thanos Kyritsis. Fixed ATI lockup bugs. Thanks to Mark Canter. x/x11-devel-6.9.0-i486-9.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-9.tgz: Recompiled. x/x11-xnest-6.9.0-i486-9.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-9.tgz: Recompiled. xap/seamonkey-1.0.4-i486-3.tgz: Fixed world-writable docs. Thanks to Piter Punk for pointing those out. xap/vim-gvim-7.0.066-i486-2.tgz: Recompiled. extra/lvm2/device-mapper-1.02.09-i486-1.tgz: Upgraded to device-mapper-1.02.09, moved out of /testing. extra/lvm2/lvm2-2.02.09-i486-1.tgz: Upgraded to LVM-2.02.09, moved out of /testing. extra/php5/php-5.1.6-i486-1.tgz: Upgraded to php-5.1.6, moved out of /testing. +--------------------------+ Fri Aug 25 04:35:22 CDT 2006 Here is Slackware 11.0 release candidate 3. I think most of the irresistible upgrades are in here now, and the bug reports have been mostly handled. There may still be a few changes, and possibly another release candidate, but this is pretty close to final with the exception of updating documentation and building ZipSlack. Thanks very much to everyone who is helping to test these release candidates -- I think this is going to be a very up to date and stable release. :-) a/glibc-solibs-2.3.6-i486-5.tgz: Patched an issue with kernel version parsing in ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version parts (such as 2.4.33.2) as if they supported NPTL, leading to a crash at boot. a/glibc-zoneinfo-2.3.6-noarch-5.tgz: Updated timezone information from tzdata2006j. a/kernel-ide-2.4.33.2-i486-1.tgz: Upgraded to 2.4.33.2 sata.i kernel. Enabled support for OOM killer and HIGHMEM4G. a/kernel-modules-2.4.33.2-i486-1.tgz: Upgraded to Linux 2.4.33.2 modules. a/udev-097-i486-6.tgz: Restore ttyUSB access to members of the tty group. Thanks to Eugene Crosser. In rc.udev, ignore lines that start with '#'. Thanks to Ian Bates. Removed hostap and hostap_cs dupes from blacklist. Thanks to giovanni quadriglio. Patched rc.optical-symlinks to avoid error messages with real SCSI devices and the SCSI generic driver. Thanks to Lorenzo Buzzi. ap/lm_sensors-2.10.0-i486-1.tgz: Added lm_sensors-2.10.0, which contains the libsensors library that KDE can use for hardware status monitoring. ap/vim-7.0.066-i486-1.tgz: Upgraded to vim 7.0.066. Added reasonable default vimrc if none exists. Thanks to Eric Hameleers. xap/vim-gvim-7.0.066-i486-1.tgz: Upgraded to gvim 7.0.066 (requires vim). d/kernel-headers-2.4.33.2-i386-1.tgz: Upgraded to Linux 2.4.33.2 headers. d/perl-5.8.8-i486-2.tgz: Upgraded to DBD-mysql-3.0006 and DBI-1.52. Eugene Crosser reported that DBD compiled against an older version of libmysqlclient no longer worked without a recompile. Just to be on the safe side, everything linked with libmysqlclient is getting recompiled. d/pkgconfig-0.21-i486-2.tgz: Export PKG_CONFIG_PATH. k/kernel-source-2.4.33.2-noarch-1.tgz: Upgraded to Linux 2.4.33.2 source. Enabled support for OOM killer and HIGHMEM4G in default .config. kde/amarok-1.4.2-i486-1.tgz: Upgraded to amarok-1.4.2. kde/kdebase-3.5.4-i486-6.tgz: Recompiled to use libsensors with ksysguardd. Fixed location of kdeglobals, removed font defaults but kept the anti-aliasing fixes. kde/koffice-1.5.2-i486-3.tgz: Recompiled against libmysqlclient and libruby. kde/qt-3.3.6-i486-3.tgz: Recompiled against libmysqlclient, added symlink in /usr/lib/pkgconfig to qt-mt.pc. l/alsa-driver-1.0.11_2.4.33.2-i486-1.tgz: Recompiled for Linux 2.4.33.2. l/glibc-2.3.6-i486-5.tgz: Patched an issue with kernel version parsing in ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version parts (such as 2.4.33.2) as if they supported NPTL, leading to a crash at boot. Added sa_IN and ru_RU.CP1251 locale support. Updated timezone information from tzdata2006j. Updated timezone utilities from tzcode2006j. l/glibc-i18n-2.3.6-noarch-5.tgz: Rebuilt. Added sa_IN and ru_RU.CP1251 locale support. l/glibc-profile-2.3.6-i486-5.tgz: Recompiled. l/libmusicbrainz-2.1.4-i486-1.tgz: Upgraded to libmusicbrainz-2.1.4. l/libvisual-0.4.0-i486-1.tgz: Added libvisual-0.4.0. Just the library for now (no plugins), but this should make it much easier to compile and use audio visualization plugins without having to recompile amaroK. n/bitchx-1.1-i486-4.tgz: Recompiled against libmysqlclient. n/openldap-client-2.3.27-i486-1.tgz: Upgraded to openldap-client-2.3.27. n/php-4.4.4-i486-2.tgz: Recompiled against libmysqlclient. t/tetex-3.0-i486-4.tgz: Recompiled against new LessTif to stop warnings from xdvi. t/tetex-doc-3.0-i486-4.tgz: Rebuilt. Moved info pages to /usr/info. Thanks to Kris Karas for pointing out the misplaced info pages. xap/gimp-2.2.13-i486-1.tgz: Upgraded to gimp-2.2.13. extra/3dfx-glide/*: Removed, as it most likely doesn't work. extra/k3b/k3b-0.12.17-i486-1.tgz: Upgraded to k3b-0.12.17. extra/k3b/k3b-i18n-0.12.17-noarch-1.tgz: Upgraded to k3b-i18n-0.12.17. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.2-i486-1.tgz: Recompiled for Linux 2.4.33.2. extra/slackpkg/slackpkg-2.08-noarch-3.tgz: Upgraded to slackpkg-2.08-noarch-3. Thanks to Piter Punk. bootdisks/*: Upgraded to Linux 2.4.33.2 kernels. isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. isolinux/network.dsk: Upgraded network modules to Linux 2.4.33.2. isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.2. rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33.2. rootdisks/pcmcia.dsk: Upgraded pcmcia network modules to Linux 2.4.33.2. kernels/*: Upgraded to Linux 2.4.33.2 kernels, except the huge.s kernel. After much thought and consultation with developers, it has been decided to move 2.6.17.x out of /testing and into /extra. It runs stable by all reports, has better wireless support, and is not going to be stale as soon. In addition, HIGHMEM4G has been enabled. This caused no problems with my old 486 with 24MB (the one I use for compiling KDE ;-), and Tomas Matejicek has enabled this in SLAX for a long time with no reports of problems, so I believe it is a safe option (and is needed by many modern machines). Thanks again to Andrea for building these kernels and packages. :-) kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.17.11. extra/linux-2.6.17.11/kernel-generic-2.6.17.11-i486-1.tgz: Upgraded to Linux 2.6.17.11 generic kernel. extra/linux-2.6.17.11/kernel-headers-2.6.17.11-i386-1.tgz: Upgraded to Linux 2.6.17.11 kernel headers. extra/linux-2.6.17.11/kernel-modules-2.6.17.11-i486-1.tgz Upgraded to Linux 2.6.17.11 kernel modules. Load PC speaker support in rc.modules. Thanks to NetrixTardis. extra/linux-2.6.17.11/kernel-source-2.6.17.11-noarch-1.tgz Upgraded to Linux 2.6.17.11 kernel source. testing/packages/cairo-1.2.4-i486-1.tgz: Added cairo-1.2.4. testing/packages/fontconfig-2.3.95-i486-1.tgz: Added fontconfig-2.3.95. testing/packages/php-5.1.5/php-5.1.5-i486-2.tgz: Recompiled against libmysqlclient. +--------------------------+ Tue Aug 22 15:10:35 CDT 2006 a/shadow-4.0.3-i486-13.tgz: Fixed deprecated root:bin ownerships. Thanks to Stuart Winter. a/util-linux-2.12r-i486-3.tgz: Fixed file permissions and ownerships in /usr/doc. Thanks to Stuart Winter. +--------------------------+ Mon Aug 21 14:54:08 CDT 2006 a/udev-097-i486-5.tgz: Fixed check in rc.udev for 2.6.15+ kernel. Thanks to Richard Fuller for the fix. +--------------------------+ Sun Aug 20 23:45:58 CDT 2006 a/gpm-1.20.1-i486-2.tgz: Patched to send all non-critical error messages to the system logs rather than to the console. a/pkgtools-11.0.0-i486-2.tgz: Merged in some more xorgsetup patches from Irfan Acar, Daniil Bratashov, and Piter Punk. a/shadow-4.0.3-i486-12.tgz: Patched for gcc-3.4.x. Thanks to Dominik L. Borkowski for the patch. Removed spurious id.1.gz manpage. Thanks to Cal Peake. Removed obsolete options from the passwd program. a/sysvinit-2.84-i486-66.tgz: In rc.M, fixed the nohotplug cmdline option. Thanks to Eric Hameleers. Sleep for a couple seconds after shutting down dhcpcd in rc.6 to allow time for various files in /etc to restore themselves. Thanks to Cal Peake. Don't try to mount usbfs if it's in /proc/mounts already. a/tar-1.15.1-i486-2.tgz: Patched to be less strict about the option order. Thanks to Jonathan A. Irwin for sending me a patch from Sergey Poznyakoff. a/udev-097-i486-4.tgz: Changed default udev log level from err to crit. Refuse to run udev unless the kernel is 2.6.15+. Thanks to Sean Donner. a/util-linux-2.12r-i486-2.tgz: Added schedutils-1.5.0 which is apparently due to be merged into util-linux upstream sometime soon anyway. Thanks to Jonathan Woithe for the suggestion. ap/diffutils-2.8.1-i486-2.tgz: Patched a bug in sdiff. Thanks to James Michael Fultz for the patch and improved build script. ap/vim-7.0.063-i486-1.tgz: Upgraded to vim 7.0.063. Removed unpopular libruby dependency. :-) e/emacs-21.4a-i486-3.tgz: Avoid a package file overlap between Emacs ctags and Exuberant Ctags. Thanks to Michal Kowalski for pointing it out. kde/kdebase-3.5.4-i486-5.tgz: Added /opt/kde/share/kdeglobals to set the Vera fonts with anti-aliasing enabled as the defaults. xap/seamonkey-1.0.4-i486-2.tgz: Added /usr/lib/seamonkey -> /usr/lib/seamonkey-1.0.4 symlink. Thanks to Tsomi. xap/vim-gvim-7.0.063-i486-1.tgz: Upgraded to vim 7.0.063. Removed unpopular libruby dependency. :-) extra/checkinstall/checkinstall-1.6.0-i486-2.tgz: Fixed 640 perms on FAQ. Thanks to Michael Iatrou. rootdisks/pcmcia.dsk,isolinux/pcmcia.dsk: Added ide-cs module. Requested by Zack Smith. +--------------------------+ Sat Aug 19 23:58:27 CDT 2006 This is mostly frozen now unless bugs (or irresistible upgrades) come up, so I'll call this update Slackware 11.0 release candidate 2. :-) a/kernel-ide-2.4.33-i486-2.tgz: Switched to the sata.i kernel which supports both parallel and serial ATA. a/kernel-modules-2.4.33-i486-2.tgz: Recompiled. Upgraded to Linux 2.4.33 kernel modules. d/pkgconfig-0.21-i486-1.tgz: Upgraded to pkg-config-0.21. Set the PKG_CONFIG_PATH to search in /usr/local/lib/pkgconfig and /opt/kde/lib/pkgconfig, too. Thanks, Seb! d/kernel-headers-2.4.33-i386-2.tgz: Rebuilt. k/kernel-source-2.4.33-noarch-2.tgz: Updated the default .config to include SATA support. Oh, and yes I did see 2.4.33.1. Thanks for letting me know ;-), but that kernel does not seem to be booting here so I'll stick with 2.4.33 for now. l/alsa-driver-1.0.11_2.4.33-i486-2.tgz: Recompiled. Upgraded to alsa-driver-1.0.11 compiled for Linux 2.4.33. bootdisks/sata.i: Rebuilt. bootdisks/speakup.s: Added SATA support. kernels/huge26.s/*: Recompiled. kernels/sata.i/*: Recompiled. kernels/speakup.s/*: Added SATA support. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.9. To be consistent, bumped the build number on all of the 2.6.16.27 packages to -5. extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-5.tgz: Recompiled. extra/linux-2.6.16.27/kernel-generic-2.6.16.27-i486-5.tgz: Recompiled. extra/linux-2.6.16.27/kernel-headers-2.6.16.27-i386-5.tgz: Rebuilt. extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-5.tgz: Enabled CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK option so that Piotr Wierzchowski's Thinkpad will run cooler and use less power. :-) extra/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-5.tgz: Rebuilt with CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK=y in .config. extra/slackpkg/slackpkg-2.08-noarch-2.tgz: Upgraded to slackpkg-2.08-noarch-2. Thanks to Piter Punk. testing/packages/linux-2.6.17.9/kernel-generic-2.6.17.9-i486-1.tgz: Upgraded to Linux 2.6.17.9 generic kernel. testing/packages/linux-2.6.17.9/kernel-headers-2.6.17.9-i386-1.tgz: Upgraded to Linux 2.6.17.9 kernel headers. testing/packages/linux-2.6.17.9/kernel-modules-2.6.17.9-i486-1.tgz Upgraded to Linux 2.6.17.9 kernel modules. testing/packages/linux-2.6.17.9/kernel-source-2.6.17.9-noarch-1.tgz Upgraded to Linux 2.6.17.9 kernel source. Thanks to Andrea for building the 2.6.17.9 kernels. rootdisks/install.1: Updated. Thanks to Cal Peake for the idea about how to improve the setup of swap partitions. Updated most of the binaries on the installer, but not busybox. It seems to be working fine, and the idea of messing with it now scares me. ;-) rootdisks/install.2: Updated. rootdisks/install.zip: Updated. rootdisks/network.dsk: Fixed to probe for tg3 cards. Thanks to Eric Hameleers and Bruce Hill, Jr. Fixed module probing to work with 2.6 modules. Thanks to Piter Punk. +--------------------------+ Fri Aug 18 00:20:46 CDT 2006 a/aaa_elflibs-11.0.0-i486-8.tgz: Upgraded to the mm-1.4.2 library, patched libtiff, upgraded to pcre-6.7 libraries, and included the recompiled cups-1.1.23 and slang libraries. a/cups-1.1.23-i486-4.tgz: Fixed broken es and fr man page symlinks. d/git-1.4.2-i486-1.tgz: Upgraded to git-1.4.2. kde/kdenetwork-3.5.4-i486-2.tgz: Patched a bug in kopete that could freeze KDE under certain circumstances. Thanks to JaguarWan and Olivier Goffart. l/libtiff-3.8.2-i486-2.tgz: Patched vulnerabilities in libtiff which were found by Tavis Ormandy of the Google Security Team. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program's user. A low risk command-line overflow in tiffsplit was also patched. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465 (* Security fix *) l/mm-1.4.2-i486-1.tgz: Upgraded to mm-1.4.2. l/pcre-6.7-i486-1.tgz: Upgraded to pcre-6.7. l/slang-2.0.6-i486-2.tgz: Fixed uncompressed manpage. n/php-4.4.4-i486-1.tgz: Upgraded to php-4.4.4. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) testing/packages/cups-1.2.2/cups-1.2.2-i486-2.tgz: Removed /usr/man/man8/disable.8.gz symlink. testing/packages/php-5.1.5/php-5.1.5-i486-1.tgz: Upgraded to php-5.1.5. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5 with realpath cache. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) kernels/sata.i/: Recompiled with Silicon Image PATA support. (there was a conflict before with this and the Sil SATA driver but it was fixed) +--------------------------+ Wed Aug 16 19:11:39 CDT 2006 a/aaa_base-11.0.0-noarch-1.tgz: Added /usr/share/info -> ../info symlink. Bumped /etc/slackware-version number to 11.0.0. Changed version number (but little else yet) in initial email. a/hotplug-2004_09_23-noarch-10.tgz: Corrected typo in rc.hotplug. Thanks to Willy Sudiarto Raharjo. a/pcmcia-cs-3.2.8-i486-3.tgz: Commented out line in config.opts for old Webgear wireless card. chmod 644 /etc/pcmcia/*.opts. a/pcmciautils-014-i486-2.tgz: Commented out line in config.opts for old Webgear wireless card. Moved man pages to /usr/man/man8, compressed with gzip. a/sysvinit-2.84-i486-65.tgz: Don't run /lib/udev/rc.optical-symlinks in a login shell, since the bug that required that kludge is now fixed. a/udev-097-i486-3.tgz: Patched rc.optical-symlinks to be locale friendly. Thanks to everyone who reported the bug, and to Michiel Broek and Eric Hameleers for sending in patches. Updated comments and removed obsolete options in udev.conf. Thanks to Jakub Jankowski. Removed /dev/loop0 and /dev/rtc from udev-script-devices.tar.gz. l/gd-2.0.33-i486-1.tgz: Added gd-2.0.33. Suggested by Cal Peake. l/libidn-0.6.5-i486-1.tgz: Upgraded to libidn-0.6.5. Suggested by Piotr Simon. n/nfs-utils-1.0.10-i486-2.tgz: On 2.6.x kernels, mount nfsd in rc.nfsd. Thanks to Piter Punk, Leonardo Roman, and George Iosif for the suggestion. n/wireless-tools-28-i486-3.tgz: Fixed rc.wireless which contained a few ^M that broke it. I think I did this saving the patch with my mailer -- sorry about that. xap/gnuplot-4.0.0-i486-2.tgz: Recompiled against new gd-2.0.33 package. Thanks to Michael Iatrou for the suggestion. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33-i486-1.tgz: Recompiled kernel modules for Linux 2.4.33. +--------------------------+ Tue Aug 15 21:45:53 CDT 2006 a/genpower-1.0.5-i486-1.tgz: Upgraded to genpower-1.0.5. Thanks to Bernd Noessler for letting me know about this -- freshmeat.net still points to a much older version of genpower. a/less-394-i486-1.tgz: Upgraded to less-394. Thanks to Haakon Riiser for suggesting this and confirming that less-394 is an official stable release. Added RAR support to lesspipe.sh. Thanks to Manolis Tzanidakis. a/sysvinit-2.84-i486-64.tgz: In rc.M, check better for udev before running rc.optical-symlinks, and run the script in a login shell which might fix the error "-bash: let: expression expected" that some people have reported. Thanks to Michiel Broek for the hint about using a login shell. ap/mt-st-0.9b-i486-1.tgz: Upgraded to mt-st-0.9b. Thanks to Stuart Winter. d/git-1.4.1.1-i486-2.tgz: Replaced hard links with symbolic links, since Stuart Winter hates hard links. (I hope he doesn't find the other ones! ;-) Thanks to Stuart Winter for the patch. kde/kdebase-3.5.4-i486-4.tgz: Patched a bug in ksystraycmd. Thanks to Dirk Mueller for the patch. n/wireless-tools-28-i486-2.tgz: Patched rc.wireless for ESSIDs with spaces. Thanks to Bruneel Michaël and Eric Hameleers. xap/imagemagick-6.2.8_8-i486-2.tgz: Reverted to ImageMagick-6.2.8-8 since the "display" program in ImageMagick-6.2.9-0 crashes. Thanks to Tomasz Luczak for the bug report. +--------------------------+ Tue Aug 15 01:20:55 CDT 2006 a/devs-2.3.1-noarch-24.tgz: Added udev-style /dev/md/* devices to save people who boot between 2.4.x and 2.6.x kernels some trouble. Thanks to Mircea Baciu for pointing out this possibility. Note: Upgrading the devs package while running udev will NOT work. a/sysvinit-2.84-i486-63.tgz: Patched rc.4 to check both /usr/bin and /usr/sbin for gdm. Thanks to Scott J. Harmon. Added a warning in rc.S that if you make an rc.modules.local that the other rc.modules script(s) will not be run. Don't try to start udev if sysfs and tmpfs are not in the kernel. Use grep '-q' option instead of '> /dev/null' in many places. a/udev-097-i486-2.tgz: Don't run rc.udev if tmpfs is not in the kernel. Thanks to Gunnar Florus Johansen. ap/sysstat-7.0.0-i486-1.tgz: Added sysstat-7.0.0. Suggested by grk wng and Jesper Juhl. n/iproute2-2.6.16_060323-i486-1.tgz: Upgraded to iproute2-2.6.16-060323. n/nfs-utils-1.0.10-i486-1.tgz: Upgraded to nfs-utils-1.0.10. t/xfig-3.2.4-i486-1.tgz: Upgraded to xfig-3.2.4. Thanks to Daniil Bratashov for the initial SlackBuild script. xap/gimp-2.2.12-i486-3.tgz: Fixed icon path in gimp-2.2.desktop. Thanks to Nikos Skalkotos for the bug report. xap/imagemagick-6.2.9_0-i486-1.tgz: Upgraded to imagemagick-6.2.9-0. extra/slackpkg/slackpkg-2.07-noarch-5.tgz: Upgraded to slackpkg-2.07-noarch-5. Thanks to Piter Punk. +--------------------------+ Mon Aug 14 02:23:30 CDT 2006 There are still a few changes yet to happen, but let's call this Slackware 11.0 release candidate 1. :-) a/glibc-solibs-2.3.6-i486-4.tgz: Recompiled. a/glibc-zoneinfo-2.3.6-noarch-4.tgz: Updated to tzcode2006i and tzdata2006g. a/kernel-ide-2.4.33-i486-1.tgz: Upgraded to Linux 2.4.33 bare.i kernel. a/kernel-modules-2.4.33-i486-1.tgz: Upgraded to Linux 2.4.33 kernel modules. a/udev-097-i486-1.tgz: Upgraded to udev-097. Updated the rc.optical-symlinks script. Added locking to cdrom-symlinks.sh and nethelper.sh scripts to avoid race conditions at boot time. Thanks to Piter Punk. Fixed bugs in rc.udev where the script attempts to mount devpts and usbfs even if they are already mounted. Thanks to Gunnar Florus Johansen. d/kernel-headers-2.4.33-i386-1.tgz: Upgraded to Linux 2.4.33 kernel headers. k/kernel-source-2.4.33-noarch-1.tgz: Upgraded to Linux 2.4.33 kernel source. l/alsa-driver-1.0.11_2.4.33-i486-1.tgz: Upgraded to alsa-driver compiled for Linux 2.4.33. l/glibc-2.3.6-i486-4.tgz: Recompiled against Linux 2.4.33 and 2.6.16.27 kernel headers. l/glibc-i18n-2.3.6-noarch-4.tgz: Rebuilt. l/glibc-profile-2.3.6-i486-4.tgz: Recompiled. l/jre-1_5_0_08-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 8. n/tcpip-0.17-i486-38.tgz: Upgraded to ethtool-4. Upgraded to tftp-0.42. Relinked /bin/ftp with correct libreadline. Thanks to Udo A. Steinberg. extra/jdk-1.5.0_08/jdk-1_5_0_08-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 8. bootdisks/*: Upgraded to Linux 2.4.33 kernels. isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33. isolinux/network.dsk: Upgraded network modules to Linux 2.4.33. isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33. kernels/*: Upgraded 2.4.x kernels to Linux 2.4.33 kernels. rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33. rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33. rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33. rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33. rootdisks/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33. +--------------------------+ Sat Aug 12 01:14:17 CDT 2006 a/hotplug-2004_09_23-noarch-9.tgz: Skip rc.hotplug if a new enough udev is running on a 2.6 kernel. No wonder the boot time didn't seem faster! :-) a/sysvinit-2.84-i486-62.tgz: If udev hasn't made /dev/cdrom and other symlinks, call a script from rc.M to make them. Added support to rc.K and rc.6 for an /etc/rc.d/rc.local_shutdown script. Thanks to Robert Boucher for the idea. Rob McGee and others have made similar requests before... thanks to all! a/udev-096-i486-4.tgz: Generate network card naming rules in /etc/udev/rules.d/network-devices.rules, but comment them out. I think these additions are not quite reliable enough in all cases to be the default for the Slackware 11 release (of course, you have udev occasionally detecting multiple network cards in a different order, and so on some router machines these rules will be needed). Or, you could run a 2.4.x kernel. ;-) If your system is naming network devices strangely you should delete your existing /etc/udev/rules.d/network-devices.rules and reboot. If that doesn't do the trick you'll probably need to edit the file. Instead of having udev make the CD/DVD symlinks, have a new script called /lib/udev/rc.optical-symlinks do it. If you'd rather use Piter Punk's method (which works better for hotplugging USB optical drives, for example), then just comment/uncomment the appropriate rules in /etc/udev/rules.d/udev.rules. n/whois-4.7.15-i486-1.tgz: Upgraded to whois-4.7.15. Thanks to Gianluca Varisco for pointing out the new release. xap/gimp-2.2.12-i486-2.tgz: Fixed broken gimptool man page symlink. +--------------------------+ Fri Aug 11 03:18:18 CDT 2006 a/aaa_elflibs-11.0.0-i486-7.tgz: Fixed libmm perms and location. Thanks to Fred Emmott. Upgraded libmm to 1.4.1. Reverted to CUPS libraries from 1.1.23. a/cups-1.1.23-i486-3.tgz: Reverted to cups-1.1.23 due to some applications needing time to adjust to no longer having access to the private CUPS functions. ;-) See below for more info. a/etc-5.1-noarch-13.tgz: Upgraded /etc/services to include IPP (for CUPS) and other new services. Thanks to Christophe Legras for reminding me to upgrade this file, and to Two Beans for mailing me a more recent copy. l/hicolor-icon-theme-0.9-noarch-2.tgz: Fixed slack-desc typo. Reported by Willy Sudiarto Raharjo. l/mm-1.4.1-i486-1.tgz: Upgraded to mm-1.4.1. Looks like libmm was split out of the Apache package just in time. ;-) n/samba-3.0.23b-i486-2.tgz: Recompiled against CUPS 1.1.23. n/sendmail-8.13.8-i486-2.tgz: Recompiled with DBROKEN_PTHREAD_SLEEP defined in site.config.m4, which fixes a problem with libmilter.a that can cause sendmail milters to be unstable. Thanks to Jan Rafaj for reporting this bug, the fix, and for testing the problem so throughly. n/sendmail-cf-8.13.8-noarch-2.tgz: Rebuilt. n/tcpip-0.17-i486-37.tgz: Removed redundant copy of /etc/services. testing/packages/cups-1.2.2/cups-1.2.2-i486-1.tgz: It seems as if KDE might still not be 100% ready for CUPS 1.2.x, so we're going to move this into /testing again for the release, but by all means use it if it works for you. It did mostly work here, but the problems with using it with KDE are also reproducable. Thanks to Thomas Hanslík for the information. Anyway, I had my suspicions that *something* was going to have linked with private CUPS functions or that this might break something in some way, but I also knew this package would get better testing in slackware/a than in /testing. :-) So, now we know that it's probably safer to wait on cups-1.2.x. Thomas also mentioned a workaround -- editing cupsd.conf to comment out this line: # Listen /var/run/cups/cups.sock +--------------------------+ Thu Aug 10 02:07:10 CDT 2006 a/aaa_elflibs-11.0.0-i486-6.tgz: Added libmm. a/pkgtools-11.0.0-i486-1.tgz: Fixed xwmconfig to only recommend installed window managers. Thanks to Leandro Toledo. Merged in patches for xorgsetup to support choosing a keyboard model, layout, variant, and even automatically configuring a mouse scroll wheel! :-) Thanks to Ismael Cortes for the patches. l/gnome-icon-theme-2.14.2-noarch-1.tgz: Added gnome-icon-theme-2.14.2. It seems that GTK+ applications such as Thunderbird use these, not just GNOME. l/gtk+2-2.8.20-i486-1.tgz: Upgraded to gtk+-2.8.20. l/hicolor-icon-theme-0.9-noarch-1.tgz: Added hicolor-icon-theme-0.9. l/mm-1.4.0-i486-1.tgz: Moved mm library out of the Apache package so that apps such as the standalone PHP interpreter can use it without installing Apache. Thanks to Robert Easter for the suggestion. l/shared-mime-info-0.18-i486-1.tgz: Upgraded to shared-mime-info-0.18. n/apache-1.3.37-i486-2.tgz: Removed mm-1.4.0 from the build directory and recompiled against the system mm package. This now depends on having the mm package from the L series installed. n/lftp-3.5.4-i486-1.tgz: Upgraded to lftp-3.5.4. n/sendmail-8.13.8-i486-1.tgz: Upgraded to sendmail-8.13.8. That's what I get for trying to patch 8.13.7 myself last night. ;-) n/sendmail-cf-8.13.8-noarch-1.tgz: Upgraded to sendmail-8.13.8 configs. x/x11-6.9.0-i486-8.tgz: More updates to the i945gm chipset support. Thanks to Sergio A. Reyes-Peniche. x/x11-devel-6.9.0-i486-8.tgz: Recompiled and removed fontconfig manpages. x/x11-xdmx-6.9.0-i486-8.tgz: Recompiled. x/x11-xnest-6.9.0-i486-8.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-8.tgz: Recompiled. xap/sane-1.0.18-i486-2.tgz: Added /etc/udev/rules.d/libsane.rules. Thanks to David Somero for pointing out this file. isolinux/initrd.img: Merged in many installer patches from Stuart Winter. pasture/: Some cleanup... rootdisks/install.1: Rebuilt with installer patches. rootdisks/install.2: Rebuilt with installer patches. rootdisks/install.zip: Rebuilt with installer patches. rootdisks/network.dsk: Rebuilt with gcc-3.4.6 compiled modules. rootdisks/pcmcia.dsk: Rebuilt with gcc-3.4.6 compiled modules. testing/packages/php-5.1.4/php-5.1.4-i486-3.tgz: Recompiled with freetype. Fixed FastCGI by removing --enable-discard-path from CGI version. Added pdo_sqlite.so and sqlite.so modules. +--------------------------+ Wed Aug 9 00:25:53 CDT 2006 a/aaa_elflibs-11.0.0-i486-5.tgz: Added new CUPS libraries. a/cups-1.2.2-i486-1.tgz: Upgraded to cups-1.2.2. a/hdparm-6.6-i486-1.tgz: Upgraded to hdparm-6.6. Suggested by Janusz Dziemidowicz. a/udev-096-i486-3.tgz: In /etc/modprobe.d/blacklist, change module name from i810_tco to i8xx_tco. Thanks to Janusz Dziemidowicz. Piter Punk also wants me to remind everyone that this udev package requires a 2.6.15+ kernel or it will not work. ;-) ap/mc-4.6.1-i486-2.tgz: Fixed PHP syntax highlighting. Thanks to Georgi Chorbadzhiyski for the patch. n/samba-3.0.23b-i486-1.tgz: Upgraded to samba-3.0.23b. n/sendmail-8.13.7-i486-2.tgz: Applied two errata patches from sendmail.org. Thanks to Gerardo Exequiel Pozzi for pointing out these patches. n/sendmail-cf-8.13.7-noarch-2.tgz: Rebuilt. x/x11-6.9.0-i486-7.tgz: More updates to the i945gm chipset support. Thanks to Raphaël Prevost for the updated patch. x/x11-devel-6.9.0-i486-7.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-7.tgz: Recompiled. x/x11-xnest-6.9.0-i486-7.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-7.tgz: Recompiled. +--------------------------+ Tue Aug 8 00:55:52 CDT 2006 a/aaa_elflibs-11.0.0-i486-4.tgz: Added new version of libcurl. a/etc-5.1-noarch-12.tgz: Patched /etc/profile and /etc/csh.login to fix a bug where changing to another user with "su - someuser" would produce an error message such as "/dev/pts/2: Operation not permitted". Thanks to Menno Duursma for the fix. a/findutils-4.2.28-i486-1.tgz: Upgraded to findutils-4.2.28. a/gawk-3.1.5-i486-3.tgz: Patched a fieldwidths bug. Thanks to Fabiano Caixeta Duarte for a pointer to the patch. a/lilo-22.7.1-i486-2.tgz: Fixed a typo in liloconfig where installing to the MBR was mentioned twice. Thanks to Keith McGavin for pointing this out. a/udev-096-i486-2.tgz: Added the psmouse module to /etc/modprobe.d/blacklist so that /etc/rc.d/rc.modules can load it using the option "proto=imps". This change restores the mouse options used in Slackware 10.2. At least on my machine, the default module options render the mouse completely unusable, but feel free to remove the module from the blacklist or configure rc.modules to your liking if this is not the ideal default for your machine. ap/mdadm-2.5.3-i486-1.tgz: Upgraded to mdadm-2.5.3. Thanks to James W. Laferriere and Gianluca Varisco for pointing this out. kde/kdebase-3.5.4-i486-3.tgz: Patched a bug involving external taskbars that expand as required to fit contents. Thanks to Dirk Mueller for the patch. n/curl-7.15.5-i486-1.tgz: Upgraded to curl-7.15.5. Thanks to Gianluca Varisco for suggesting this upgrade. n/dnsmasq-2.33-i486-1.tgz: Upgraded to dnsmasq-2.33. Thanks to Gianluca Varisco for suggesting this upgrade. n/ncftp-3.2.0-i486-2.tgz: Fixed permissions in /usr/bin. Thanks to many who noticed this mistake. ;-) n/ntp-4.2.2p3-i486-1.tgz: Upgraded to ntp-4.2.2p3. Thanks to James W. Laferriere for suggesting this upgrade. x/x11-6.9.0-i486-6.tgz: Added support for newer revisions of the i945gm chipset. Thanks to Raphaël Prevost for the patch. x/x11-devel-6.9.0-i486-6.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-6.tgz: Recompiled. x/x11-xnest-6.9.0-i486-6.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-6.tgz: Recompiled. There are a few reports that the newest udev is not friendly to some systems. Well, that's progress for you -- it isn't always a smooth journey. In most cases the problems I've heard about could be fixed with a little bit of fine tuning, such as blacklisting unwanted modules in /etc/modprobe.d/blacklist and loading the desired replacements in /etc/rc.d/rc.modules. However, in case either of these older versions of udev worked better for you, they'll be kept in /extra for a while as alternates. Be aware that new kernels will soon require the latest udev, though... extra/udev-alternate-versions/udev-064-i486-2.tgz: Added alternate udev-064. extra/udev-alternate-versions/udev-071-i486-2.tgz: Added alternate udev-071. testing/packages/linux-2.6.17.8/kernel-generic-2.6.17.8-i486-1.tgz: Upgraded to Linux 2.6.17.8 generic kernel. testing/packages/linux-2.6.17.8/kernel-headers-2.6.17.8-i386-1.tgz: Upgraded to Linux 2.6.17.8 kernel headers. testing/packages/linux-2.6.17.8/kernel-modules-2.6.17.8-i486-1.tgz Upgraded to Linux 2.6.17.8 kernel modules. testing/packages/linux-2.6.17.8/kernel-source-2.6.17.8-noarch-1.tgz Upgraded to Linux 2.6.17.8 kernel source. Thanks again to Andrea Volkerding for building the 2.6.17.8 kernels. +--------------------------+ Mon Aug 7 01:43:38 CDT 2006 a/pcmciautils-014-i486-1.tgz: Added pcmciautils-014, needed to configure PC cards on systems running 2.6.x kernels. a/sysfsutils-2.0.0-i486-2.tgz: Added missing libsysfs.so symlink. a/sysvinit-2.84-i486-61.tgz: Merged Piter Punk's changes for the new udev. Please make sure to move all the .new files in /etc/rc.d/ into place for this to work correctly! a/udev-096-i486-1.tgz: Upgraded to udev-096. Thanks to Piter Punk for his great work to get this just exactly perfect. a/grep-2.5-i486-3.tgz: Improved build script and rebuilt. I considered using grep-2.5.1a, but found some problem reports concerning it and decided such an upgrade would be best left for the next -current. There have been no bug reports here concerning grep-2.5, so I see no reason to fix that which does not appear to be broken. It's more important to have a known to be stable grep than it is to have the latest version, IMHO. a/pciutils-2.2.3-i486-2.tgz: Fixed missing pci/types.h header file. Thanks to Konrad Rzepecki. ap/man-pages-2.39-noarch-1.tgz: Upgraded to man-pages-2.39. n/lftp-3.5.3-i486-1.tgz: Upgraded to lftp-3.5.3. n/ncftp-3.2.0-i486-1.tgz: Upgraded to ncftp-3.2.0. n/popa3d-1.0.2-i486-1.tgz: Upgraded to popa3d-1.0.2. n/vsftpd-2.0.5-i486-1.tgz: Upgraded to vsftpd-2.0.5. xap/imagemagick-6.2.8_8-i486-1.tgz: Upgraded to ImageMagick-6.2.8-8. xap/sane-1.0.18-i486-1.tgz: Upgraded to sane-backends-1.0.18. extra/grub/grub-0.97-i486-2.tgz: Upgraded to grubconfig-1.28. +--------------------------+ Sat Aug 5 23:22:13 CDT 2006 a/usbutils-0.72-i486-1.tgz: Upgraded to usbutils-0.72, patched to add back usbmodules since hotplug will need it for as long as the 2.4.x kernel is supported. ap/mdadm-2.5.2-i486-1.tgz: Upgraded to mdadm-2.5.2. ap/mysql-5.0.24-i486-1.tgz: Upgraded to mysql-5.0.24. Suggested by Willy Sudiarto Raharjo. l/lesstif-0.95.0-i486-1.tgz: Upgraded to lesstif-0.95.0. Suggested by Rene Huber. xap/xpdf-3.01-i486-4.tgz: Fixed a window resizing bug. Thanks to Luis for the patch. +--------------------------+ Sat Aug 5 00:42:09 CDT 2006 a/aaa_elflibs-11.0.0-i486-3.tgz: Added new versions of libattr and libacl. Added lib/libsysfs.so.2.0.0. a/acl-2.2.39_1-i486-1.tgz: Upgraded to acl-2.2.39-1. a/attr-2.4.32_1-i486-1.tgz: Upgraded to attr-2.4.32-1. a/pciutils-2.2.3-i486-1.tgz: Upgraded to pciutils-2.2.3. Thanks to Eric Hameleers for the encouragement. :-) a/pcmcia-cs-3.2.8-i486-2.tgz: Patched /etc/rc.d/rc.pcmcia to work with either pcmcia-cs or pcmciautils. a/sysfsutils-2.0.0-i486-1.tgz: Added sysfsutils-2.0.0. Thanks to Piter Punk. a/xfsprogs-2.8.10_1-i486-1.tgz: Upgraded to xfsprogs-2.8.10-1. Thanks to Marco Berizzi for pointing out the new XFS programs. ap/alsa-utils-1.0.11-i486-2.tgz: Fixed uncompressed manpage. Thanks to Seb. ap/dmapi-2.2.5_1-i486-1.tgz: Upgraded to dmapi-2.2.5-1. ap/xfsdump-2.2.38_1-i486-1.tgz: Upgraded to xfsdump-2.2.38-1. kde/kdebase-3.5.4-i486-2.tgz: Patched to fix video redirects in Konqueror. Thanks to Frédéric L. W. Meunier for the bug report and patch link. l/freetype-2.1.9-i486-1.tgz: Moved from the X to the L series. This makes more sense because freetype does not depend on any X11 libraries, and because PHP has now been built linked to libfreetype. l/libusb-0.1.12-i486-1.tgz: Upgraded to libusb-0.1.12. Thanks to Gunnar Florus Johansen and CJ Johnson for the recommendation. n/links-2.1pre23-i486-1.tgz: Upgraded to links-2.1pre23. n/php-4.4.3-i486-1.tgz: Upgraded to php-4.4.3. From the announcement of the release: The security issues resolved include the following: * Disallow certain characters in session names. * Fixed a buffer overflow inside the wordwrap() function. * Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. * Improved safe_mode check for the error_log() function. * Fixed cross-site scripting inside the phpinfo() function. The PHP 4.4.3 release announcement may be found on their web site: http://www.php.net NOTE: Slackware's PHP package now requires the freetype library. (* Security fix *) xap/xchat-2.6.6-i486-2.tgz: Patched to fix Finnish translation errors. Thanks to C Johnson for pointing out that there was a new official patch. extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-4.tgz: Fixed 2.4 kernel detection for loading the apm module. testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-3.tgz: Fixed 2.4 kernel detection for loading the apm module. +--------------------------+ Fri Aug 4 02:36:54 CDT 2006 xap/mozilla-firefox-1.5.0.6-i686-1.tgz: Upgraded to firefox-1.5.0.6. xap/seamonkey-1.0.4-i486-1.tgz: Upgraded to seamonkey-1.0.4. +--------------------------+ Thu Aug 3 01:26:43 CDT 2006 a/gettext-0.15-i486-1.tgz: Upgraded to gettext-0.15. Thanks to steveo for noticing that this was missing from the ChangeLog. a/lilo-22.7.1-i486-1.tgz: Reverted to lilo-22.7.1 after reports from Aaron Lee and Philip Langdale that versions 22.7.2+ skip the boot menu on some machines. a/sysvinit-2.84-i486-60.tgz: Fixed rc.S to use /etc/rc.d/rc.modules.local properly. Bug reported by Dieter Rauschenberger, Ricardo García, and Luis. Use "/bin/sh" not "." to start rc.modules.local in case someone uses "exit". Merged more LVM changes from Cal Peake in rc.S and rc.M, including removing many uses of "sleep", so if anyone needed those let me know. ap/at-3.1.10-i486-1.tgz: Upgraded to at-3.1.10. Added missing at_allow.5 manpage. Thanks to James Michael Fultz. ap/cdparanoia-IIIalpha9.8-i486-2.tgz: Patched to compile with gcc-3.4.6, and added a batch to the build directory for later that will use the 2.6.x kernel's SG_IO ioctl. Thanks to Bradley Reed. d/gettext-tools-0.15-i486-1.tgz: Upgraded to gettext-tools-0.15. Thanks to steveo for noticing that this was missing from the ChangeLog. l/arts-1.5.4-i486-1.tgz: Upgraded to arts-1.5.4. kde/*: Upgraded to KDE 3.5.4. I know I told at least a few people that I wasn't planning on including this in Slackware 11.0 at the last minute, and there have been a couple of patches needed for it already. Please test quickly. :-) kdei/kde-i18n*: Upgraded kde-i18n packages for KDE 3.5.4. n/dnsmasq-2.32-i486-2.tgz: Rebuilt after build script fixes from Fred Emmott (moving the chown -R), and some more from me. Strangely, none of these fixes seemed to make any difference in the package that was output, but trust me, the build script is much better now. :-) n/gnupg-1.4.5-i486-1.tgz: Upgraded to gnupg-1.4.5. From the gnupg-1.4.5 NEWS file: * Fixed 2 more possible memory allocation attacks. They are similar to the problem we fixed with 1.4.4. This bug can easily be be exploited for a DoS; remote code execution is not entirely impossible. (* Security fix *) +--------------------------+ Tue Aug 1 19:04:52 CDT 2006 a/sysvinit-2.84-i486-59.tgz: In rc.S, give first priority to "rc.modules.local" if it exists. Try to shut down OpenLDAP in rc.6. Thanks to Ricardson Williams. Merged some more LVM fixes into rc.6. Thanks to Cal Peake. d/autoconf-2.60-noarch-1.tgz: Upgraded to autoconf-2.60. kde/qca-tls-1.0-i486-2.tgz: Use the actual Qt installation path and not the /usr/lib/qt symlink or the qca-tls module will be erased if the Qt package is installed after this one (as happens in a new installation). Thanks to Richard Fuller for the bug report. extra/checkinstall/checkinstall-1.6.0-i486-1.tgz: Upgraded to checkinstall-1.6.0. testing/packages/lvm2/device-mapper-1.02.08-i486-1.tgz: Upgraded to device-mapper.1.02.08. testing/packages/lvm2/lvm2-2.02.07-i486-1.tgz: Upgraded to LVM2.2.02.07. +--------------------------+ Tue Aug 1 01:11:11 CDT 2006 a/aaa_elflibs-11.0.0-i486-2.tgz: Added /usr/lib/libslang.so.2.0.6. a/bin-11.0-i486-3.tgz: Removed /sbin/rescan-scsi-bus, which is better packaged along with the /etc/rc.d/rc.scanluns script in the sysvinit package. a/sysvinit-2.84-i486-58.tgz: Added symlinks for lastb. Make the install script create /var/log/btmp if it doesn't already exist. Thanks to Menno Duursma, Tomas Matejicek, and Gerardo Exequiel Pozzi. Upgraded to the latest rescan-scsi-bus script. Thanks to Mircea Baciu for pointing it out. Use "tac" to deactivate LVM partitions in reverse order. Thanks to Luigi Genoni. Make sure usbfs gets mounted if it's in the kernel but hotplug is not used. Thanks to Cal Peake. If rc.M sees an executable rc.openldap, start it. Thanks to Christopher Linnet. In rc.scanluns, show the command that's being executed. ap/jed-0.99_18-i486-3.tgz: Relinked against libslang.so.2.0.6. This does seem to be the path of least resistance. :-) d/subversion-1.3.2-i486-3.tgz: Rebuilt to fix wrong file ownerships in the book included in the documentation. Thanks to Philip Lyons. kde/kdenetwork-3.5.3-i486-3a.tgz: Patched for ICQ protocol changes. kde/qca-1.0-i486-1.tgz: Added qca-1.0. kde/qca-tls-1.0-i486-1.tgz: Added qca-tls-1.0. This and the qca package are needed to support SSL connections with the Jabber(R) protocol in Kopete. Thanks to Eric Hameleers, Markus Stauffer, and "--==HITMAN==--" for suggesting the addition of these QCA packages. l/atk-1.10.3-i486-2.tgz: Fixed slack-desc typo. Thanks to Nick Chorley. l/slang-2.0.6-i486-1.tgz: Added slang-2.0.6. l/slang1-1.4.9-i486-1.tgz: Renamed from slang-1.4.9-i486-1.tgz. n/irssi-0.8.10a-i486-3.tgz: Fixed some strange directory permissions in the documentation directory. Thanks to J. tcl/tcl-8.4.13-i486-2.tgz: Added /usr/include/tcl-private/{generic,unix} headers. Thanks to Sergio Luis for recommending this, as there are some sources out there that require these header files. +--------------------------+ Sun Jul 30 19:16:38 CDT 2006 n/samba-3.0.23a-i486-2.tgz: Fixed bad symlink to "using_samba" in the docs. Thanks to Valentin Avram and William Hunt for reporting this. ap/jed-0.99_18-i486-2.tgz: Reverted to isearch.sl from jed-0.99_16. The version shipped in 0.99_18 seems to have problems unless jed is linked with slang-2, which we're putting off for a little while due to the major version bump and to let code that uses slang have a little time to catch up. Thanks to Luigi Genoni for the bug report and fix. Thanks as well to Petri Kaukasoina who also reported the problem. ap/mysql-5.0.22-i486-2.tgz: Reverted to MySQL-5.0.22. Evidently MySQL-5.0.23 was never officially released due to bugs, but made it to the mirror sites anyway. Beat Vontobel's web site has some additional information about this: http://www.futhark.ch/mysql/148.html Thanks very much to Jakub Jankowski telling me the deal about 5.0.23. ap/vim-7.0.042-i486-2.tgz: Upgraded to ctags-5.6. Thanks to Michael Iatrou for pointing out the new ctags. Fixed a bug in the build script's patchlevel determination if $CWD contains a dot. Thanks to Christophe Legras for the bug report and fix. xap/vim-gvim-7.0.042-i486-2.tgz: Rebuilt. Fixed a bug in the build script's patchlevel determination. Thanks to Christophe Legras. Fixed an undefined variable in the vim-gvim build script. Thanks to Bryan Germann. +--------------------------+ Sun Jul 30 01:05:56 CDT 2006 a/devs-2.3.1-noarch-23.tgz: Fixed /dev/usb/scanner* group. Thanks to Niels Kristian Bech Jensen. Added /dev/fuse device. Thanks to Piter Punk. Added /dev/mapper/control device. a/kernel-modules-2.4.32-i486-5.tgz: Applied a patch to fix the X11 direct rendering support for X.Org versions 6.9.0 and newer. Thanks to Marin Mitov. Specify the kernel version in the install script's depmod. Thanks to Piter Punk. ap/mysql-5.0.23-i486-1.tgz: Upgraded to mysql-5.0.23. Suggested by Willy Sudiarto Raharjo. d/oprofile-0.9.1-i486-2.tgz: Recompiled with gcc-3.4.6. Thanks to Sunil Amitkumar Janki for pointing out that this was the last package in Slackware still linked to libstdc++.so.5. d/subversion-1.3.2-i486-2.tgz: Recompiled against the new apr and apr-util packages. See below for details. k/kernel-source-2.4.32-noarch-2.tgz: Applied a patch to fix the X11 direct rendering support for X.Org versions 6.9.0 and newer. Thanks to Marin Mitov. l/alsa-driver-1.0.11_2.4.32-i486-3.tgz: Specify the kernel version in the install script's depmod. Thanks to Piter Punk. l/apr-1.2.7-i486-1.tgz: Added apr-1.2.7. This is needed by subversion and other projects like Apache2. Thanks to Eugene Crosser for the suggestion and detailed rationale behind not using the apr/apr-util in subversion. l/apr-util-1.2.7-i486-1.tgz: Added apr-util-1.2.7. This is needed by subversion and other projects. n/bind-9.3.2-i486-4.tgz: Recompiled with --enable-threads. Thanks to Marin Mitov for the suggestion. xap/gxine-0.5.7-i486-1.tgz: Upgraded to gxine-0.5.7. xap/imagemagick-6.2.8_7-i486-1.tgz: Upgraded to ImageMagick-6.2.8-7. bootdisks/*: Prepped bootdisk version numbers. extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-2.tgz: Specify the kernel version in the install script's depmod. Thanks to Piter Punk. extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-3.tgz: Specify the kernel version in the install script's depmod. Thanks to Piter Punk. extra/slackpkg/slackpkg-2.06-noarch-1.tgz: Upgraded to slackpkg-2.06-noarch-1. Thanks to Piter Punk. testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-2.tgz: Specify the kernel version in the install script's depmod. Thanks to Piter Punk. +--------------------------+ Fri Jul 28 17:32:54 CDT 2006 n/apache-1.3.37-i486-1.tgz: Upgraded to apache-1.3.37. From the announcement on httpd.apache.org: This version of Apache is security fix release only. An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. The Slackware Security Team feels that the vast majority of installations will not be configured in a vulnerable way but still suggests upgrading to the new apache and mod_ssl packages for maximum security. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 And see Apache's announcement here: http://www.apache.org/dist/httpd/Announcement1.3.html (* Security fix *) n/mod_ssl-2.8.28_1.3.37-i486-1.tgz: Upgraded to mod_ssl-2.8.28-1.3.37. +--------------------------+ Fri Jul 28 02:28:10 CDT 2006 a/bin-11.0-i486-2.tgz: Updated rescan-scsi-bus for 2.6 kernel compatibility. Upgraded to eject-2.1.5. +--------------------------+ Thu Jul 27 16:27:57 CDT 2006 n/nmap-4.11-i486-1.tgz: Upgraded to nmap-4.11. Suggested by Willy Sudiarto Raharjo. xap/mozilla-firefox-1.5.0.5-i686-1.tgz: Upgraded to firefox-1.5.0.5. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) xap/mozilla-thunderbird-1.5.0.5-i686-1.tgz: Upgraded to thunderbird-1.5.0.5. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) xap/seamonkey-1.0.3-i486-1.tgz: Upgraded to seamonkey-1.0.3. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Wed Jul 26 20:51:13 CDT 2006 a/aaa_elflibs-11.0.0-i486-1.tgz: Refreshed libraries, added attr and acl. a/lilo-22.7.2.1-i486-2.tgz: OK, now the patch is actually applied. :-) Thanks to arny -- I'm evidently too used to using "zcat" for patches. a/sysvinit-2.84-i486-57.tgz: Merged the following changes: Try to use a kernel specific rc.modules script if one is found. Added rc.scanluns to look for devices on non-zero LUNs. Shut down sshd in rc.6 so connections don't hang; Thanks to Michael Iatrou and Steven Saner for reporting this issue. Changed how LVM2 is deactivated in rc.6 (thanks to Cal Peake). Previously there were problems since / might have already been remounted as read-only before LVM2 was taken down. Now I suspect there could be problems if the / is on LVM, so perhaps this is not the optimal solution... Umount CIFS filesystems in rc.6 (thanks to Jef Oliver). Umount NFS, SMB, and CIFS filesystems in rc.K; Thanks to Drew, and to Eric Hameleers for the bug reports. Fixed chown root:utmp in rc.S to use ':', not '.' (thanks to Adiel Mittmann). Remove saslauthd.pid (if present) in rc.S (thanks to Andy Preston). Stop saslauthd properly in rc.6 (thanks to Andy Preston). Don't shut down networking in rc.6 if / is on NFS (thanks to Luca Fabbro). Add a one second sleep after starting rc.udev. According to Robby Workman this is just enough time for some slower devices to activate for mount. Load rc.keymap in rc.K (thanks to Ignacio Bermejo). Use "respawn" rather than "wait" for runlevel 4 (thanks to Wayne Marshall). Don't try to mount sysfs twice in rc.S (thanks to Moo). d/python-2.4.3-i486-4.tgz: Fixed build script bugs. Thanks to Fred Emmott. d/ruby-1.8.4-i486-2.tgz: Recompiled with --enable-shared and --enable-install-doc. Thanks to Fernando Lujan. xap/fluxbox-1.0rc2-i486-1.tgz: Upgraded to fluxbox-1.0rc2. Thanks to Andrew Brouwers for letting me know about this. xap/xchat-2.6.6-i486-1.tgz: Upgraded to xchat-2.6.6. Thanks to CJ Johnson. +--------------------------+ Wed Jul 26 01:55:38 CDT 2006 a/lilo-22.7.2.1-i486-1.tgz: Upgraded to lilo-22.7.2.1. Thanks to James W. Laferriere for pointing out the patch. a/kernel-ide-2.4.32-i486-4.tgz: Fixed gzipped System.map. a/udev-071-i486-2.tgz: Applied pty patch from Ken Milmore. Fixed world writable documentation permissions reported by John Jenkins after a discussion about whether that was really the right course of action. ;-) Merged IEEE1394 RAW device handling changes from Christian Casteyde. ap/joe-3.5-i486-1.tgz: Upgraded to joe-3.5. ap/vim-7.0.042-i486-1.tgz: Upgraded to the latest patchlevel. Added many extra features. Thanks to Ricardo García for requesting omni completion for vim, which got me thinking about all kinds of ways to improve this and the (renamed) vim-gvim package. :-) d/clisp-2.39-i486-1.tgz: Upgraded to clisp-2.39 and libsigsegv-2.4. d/git-1.4.1.1-i486-1.tgz: Upgraded to git-1.4.1.1. d/m4-1.4.5-i486-1.tgz: Upgraded to m4-1.4.5. d/mercurial-0.9.1-i486-1.tgz: Upgraded to mercurial-0.9.1. d/python-2.4.3-i486-3.tgz: Merged the python, python-demo, and python-tools packages, bloating the python package by a whopping 2%! d/ruby-1.8.4-i486-1.tgz: Added Ruby since Amarok needs it... kde/amarok-1.4.1-i486-1.tgz: Upgraded to amarok-1.4.1. kde/kdeaccessibility-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdeaddons-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdeadmin-3.5.3-i486-3.tgz: Recompiled. kde/kdeartwork-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdebase-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdebindings-3.5.3-i486-3.tgz: Recompiled. I wasn't able to get the Ruby binding to compile... sorry. kde/kdeedu-3.5.3-i486-3.tgz: Recompiled. kde/kdegames-3.5.3-i486-3.tgz: Recompiled. kde/kdegraphics-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdelibs-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdemultimedia-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdenetwork-3.5.3-i486-3.tgz: Recompiled. kde/kdepim-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3. kde/kdesdk-3.5.3-i486-3.tgz: Recompiled. kde/kdetoys-3.5.3-i486-3.tgz: Recompiled. kde/kdeutils-3.5.3-i486-3.tgz: Recompiled. kde/kdevelop-3.3.3-i486-2.tgz: Recompiled. kde/kdewebdev-3.5.3-i486-3.tgz: Recompiled. kde/koffice-1.5.2-i486-2.tgz: Recompiled to use libpng.so.3. kde/qt-3.3.6-i486-2.tgz: Recompiled with a patch by Lars Knoll to fix Arabic scripts. l/arts-1.5.3-i486-3.tgz: Recompiled to use libpng.so.3. l/aspell-0.60.4-i486-1.tgz: Upgraded to aspell-0.60.4. l/libpng-1.2.12-i486-1.tgz: Upgraded to libpng-1.2.12. The libpng.so has gone .3 -> .0 -> .3. I'll see what I can do about getting everything that's linked to .0 relinked with .3, as that's the major library number Slackware 10.2's libpng.so is using. There is a .0 symlink to keep any code that was compiled while that was the number working just fine, but I will recompile a bunch of things mostly for the sake not using this link. It works either way, but I have an OCD about silly things like this. ;-) l/libwmf-0.2.8.4-i486-2.tgz: Recompiled to use libpng.so.3. l/libwmf-docs-0.2.8.4-noarch-2.tgz: Rebuilt. l/libmusicbrainz-2.1.3-i486-1.tgz: Upgraded to libmusicbrainz-2.1.3. l/sdl-1.2.11-i486-1.tgz: Upgraded to sdl-1.2.11. Thanks to Jesper Juhl for the heads-up. l/libtunepimp-0.4.2-i486-2.tgz: Patched an overflow (CVE-2006-3600). Yes, there is libtunepimp-0.5.0. Probably less supported by the existing codebase, and certainly not tested for as long. We will wait for the next cycle on that, especially as it requires a couple of new dependencies. (* Security fix *) (-current only) n/dhcpcd-2.0.4-i486-2.tgz: Patched to move the pid/config directory back to /etc/dhcpc, since /var may not yet be mounted when dhcpcd is started. Issue noted by John Jenkins. n/links-2.1pre22-i486-2.tgz: Recompiled to use libpng.so.3. n/mutt-1.4.2.2i-i486-1.tgz: Upgraded to mutt-1.4.2.2i. This release fixes CVE-2006-3242, a buffer overflow that could be triggered by a malicious IMAP server. [Connecting to malicious IMAP servers must be common, right? -- Ed.] For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242 (* Security fix *) n/nfs-utils-1.0.9-i486-1.tgz: Upgraded to nfs-utils-1.0.9. n/php-4.4.2-i486-5.tgz: Recompiled to use libpng.so.3. n/samba-3.0.23a-i486-1.tgz: Upgraded to samba-3.0.23a. Removed /sbin/umount.smbfs symlink which was causing problems at shutdown. Thanks to Robby Workman for the bug report. t/tetex-3.0-i486-3.tgz: Recompiled against libpng-1.2.12. t/tetex-doc-3.0-i486-3.tgz: Rebuilt. x/fontconfig-2.2.3-i486-1.tgz: Split fontconfig into a separate package. Look, we're modularizing for ease of maintainance! :-) x/freetype-2.1.9-i486-1.tgz: Split freetype into a separate package. Patched CVE-2006-1861 linux 2.6.x setuid() related bugs. (* Security fix *) x/x11-6.9.0-i486-5.tgz: Rebuilt. Removed fontconfig/freetype files. Patched some more possible linux 2.6.x setuid() related bugs: http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html (* Security fix *) x/x11-devel-6.9.0-i486-5.tgz: Rebuilt. Removed fontconfig/freetype files. Patched with setuid() usage fixes as described above. Again, this issue is only vulnerable on certain 2.6 kernels. (* Security fix *) x/x11-docs-6.9.0-noarch-5.tgz: Rebuilt. Removed fontconfig/freetype files. x/x11-docs-html-6.9.0-noarch-5.tgz: Rebuilt. x/x11-fonts-100dpi-6.9.0-noarch-5.tgz: Rebuilt. x/x11-fonts-cyrillic-6.9.0-noarch-5.tgz: Rebuilt. x/x11-fonts-misc-6.9.0-noarch-5.tgz: Rebuilt. x/x11-fonts-scale-6.9.0-noarch-5.tgz: Rebuilt. x/x11-xdmx-6.9.0-i486-5.tgz: Rebuilt. x/x11-xnest-6.9.0-i486-5.tgz: Rebuilt. x/x11-xvfb-6.9.0-i486-5.tgz: Rebuilt. xap/gimp-2.2.12-i486-1.tgz: Upgraded to gimp-2.2.12. This release fixes a security hole in the XCF parser. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404 (* Security fix *) xap/imagemagick-6.2.8_4-i486-1.tgz: Upgraded to ImageMagick-6.2.8-4. xap/seamonkey-1.0.2-i486-2.tgz: Recompiled to use libpng.so.3. xap/vim-gvim-7.0.042-i486-1.tgz: Renamed from "xvim", now requires the vim package from the AP series. Shared files have been eliminated. xap/xine-lib-1.1.2-i686-1.tgz: Upgraded to xine-lib-1.1.2. According to xinehq.de's announcement: There are three security fixes: - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs); - CVE-2006-2802: possible buffer overflow in the HTTP plugin; - possible buffer overflow via bad indexes in specially-crafted AVI files. (* Security fix *) xap/xsane-0.991-i486-2.tgz: Recompiled to use libpng.so.3. extra/aspell-word-lists/aspell-*tgz: Rebuilt, with several packages upgraded. extra/dejavu-ttf/dejavu-ttf-20060720_995-noarch-1.tgz: Added DejaVu fonts. Thanks to Lukasz Stelmach for the initial build script. extra/k3b/k3b-0.12.16-i486-2.tgz: Recompiled to use libpng.so.3. extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-2.tgz: Made a slight adjustment to rc.modules-2.6.16.27 to attempt to silence it when used on a machine running a 2.4.x kernel and without an activated parallel port. I don't think it helped (or hurt) though... kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.7. testing/packages/linux-2.6.17.7/kernel-generic-2.6.17.7-i486-1.tgz: Upgraded to Linux 2.6.17.7 generic kernel. testing/packages/linux-2.6.17.7/kernel-headers-2.6.17.7-i386-1.tgz: Upgraded to Linux 2.6.17.7 kernel headers. testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-1.tgz Upgraded to Linux 2.6.17.7 kernel modules. testing/packages/linux-2.6.17.7/kernel-source-2.6.17.7-noarch-1.tgz Upgraded to Linux 2.6.17.7 kernel source. +--------------------------+ Tue Jul 18 22:37:26 CDT 2006 a/lilo-22.7.2-i486-1.tgz: Upgraded to lilo-22.7.2. kde/koffice-1.5.2-i486-1.tgz: Upgraded to koffice-1.5.2. Thanks to the KOffice team who did incredible work on this. kdei/koffice-l10n-*-noarch-1.tgz: Upgraded to l10n packages for koffice-1.5.2. n/samba-3.0.23-i486-2.tgz: Patched a problem in nsswitch/wins.c that caused crashes in the wins and/or winbind libraries. Thanks to Mikhail Kshevetskiy for pointing out the issue and offering a reference to the patch in Samba's source repository. Thanks again to Andrea for this batch of kernel packages, and also thanks for compiling all those intermediate kernels that were replaced upstream and went unreleased in Slackware -current... Ah, the things that go on here behind the scenes. ;-) extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.27. extra/linux-2.6.16.27/kernel-generic-2.6.16.27-i486-1.tgz: Upgraded to Linux 2.6.16.27 generic kernel. extra/linux-2.6.16.27/kernel-headers-2.6.16.27-i386-1.tgz: Upgraded to Linux 2.6.16.27 kernel headers. extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-1.tgz Upgraded to Linux 2.6.16.27 kernel modules. extra/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-1.tgz Upgraded to Linux 2.6.16.27 kernel source. kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.16.27. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.6. testing/packages/linux-2.6.17.6/kernel-generic-2.6.17.6-i486-1.tgz: Upgraded to Linux 2.6.17.6 generic kernel. testing/packages/linux-2.6.17.6/kernel-headers-2.6.17.6-i386-1.tgz: Upgraded to Linux 2.6.17.6 kernel headers. testing/packages/linux-2.6.17.6/kernel-modules-2.6.17.6-i486-1.tgz Upgraded to Linux 2.6.17.6 kernel modules. testing/packages/linux-2.6.17.6/kernel-source-2.6.17.6-noarch-1.tgz Upgraded to Linux 2.6.17.6 kernel source. +--------------------------+ Fri Jul 14 18:31:20 CDT 2006 We *are* getting closer to 11.0, friends. I'm hoping for a larger changeset soon, but this should be fun to play with for now as I work on the TODO list; merging, compiling, and initial testing. n/samba-3.0.23-i486-1.tgz: Upgraded to samba-3.0.23. This fixes a minor memory exhaustion DoS in smbd. The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403 (* Security fix *) kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.16.24. The name of the big kernel with many built-in options has been changed from test26.s to huge26.s to reflect that Slackware 11.0 will consider the 2.6.16.x kernel series to be a supported kernel series. However, I'm probably going to leave the bare.i 2.4.32 kernel as the default kernel (or perhaps sata.i?) as it has very good performance and probably better security due to the simpler and longer-tested design. I might apply or at least make available in the kernel-source package for 2.4.32 a patch to fix direct rendering with 2.4.x kernels and X.Org 6.9.0 or newer. Since anyone using Slackware for server use isn't likely to be loading the DRI modules, it's untouched code on those machines and won't affect server stability (well, depending on what, if anything, outside of the module is changed in the kernel). It is probably a safe enough patch to apply. I'd rather ship 100% vanilla kernels (and might, with the patch "on the side"), but DRI does not work without the patch past X.Org 6.8.2. Is this enough text here? Perhaps I should rename this my "ChangeBlog". Thanks to Andrea Volkerding for compiling these kernel packages: :-) extra/linux-2.6.16.24/alsa-driver-1.0.11_2.6.16.24-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.24. extra/linux-2.6.16.24/kernel-generic-2.6.16.24-i486-1.tgz: Upgraded to Linux 2.6.16.24 generic kernel. extra/linux-2.6.16.24/kernel-headers-2.6.16.24-i386-1.tgz: Upgraded to Linux 2.6.16.24 kernel headers. extra/linux-2.6.16.24/kernel-modules-2.6.16.24-i486-1.tgz Upgraded to Linux 2.6.16.24 kernel modules. extra/linux-2.6.16.24/kernel-source-2.6.16.24-noarch-1.tgz Upgraded to Linux 2.6.16.24 kernel source. testing/packages/linux-2.6.17.4/kernel-generic-2.6.17.4-i486-1.tgz: Upgraded to Linux 2.6.17.4 generic kernel. testing/packages/linux-2.6.17.4/kernel-headers-2.6.17.4-i386-1.tgz: Upgraded to Linux 2.6.17.4 kernel headers. testing/packages/linux-2.6.17.4/kernel-modules-2.6.17.4-i486-1.tgz Upgraded to Linux 2.6.17.4 kernel modules. testing/packages/linux-2.6.17.4/kernel-source-2.6.17.4-noarch-1.tgz Upgraded to Linux 2.6.17.4 kernel source. +--------------------------+ Thu Jun 29 02:03:45 CDT 2006 n/ppp-2.4.4-i486-1.tgz: Upgraded to ppp-2.4.4. n/rp-pppoe-3.8-i486-2.tgz: Recompiled with --enable-plugin. Thanks to Frédéric L. W. Meunier for the suggestion. extra/k3b/k3b-0.12.16-i486-1.tgz: Upgraded to k3b-0.12.16. Thanks to Matthew Johnson for pointing out the new release. extra/k3b/k3b-i18n-0.12.16-noarch-1.tgz: Upgraded to k3b-i18n-0.12.16. +--------------------------+ Tue Jun 27 18:18:30 CDT 2006 kde/kdebase-3.5.3-i486-2.tgz: Patched a problem with kdm where it could be abused to read any file on the system. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-1.txt The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 (* Security fix *) Also patched a non-security issue where KDE's screensaver would not activate. l/arts-1.5.3-i486-2.tgz: Patched to fix a possible exploit if artswrapper is setuid root (which, by default, it is not) and the system is running a 2.6 kernel. Systems running 2.4 kernels are not affected. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-2.txt The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 (* Security fix *) n/gnupg-1.4.4-i486-1.tgz: Upgraded to gnupg-1.4.4. This version fixes a memory allocation issue that could allow an attacker to crash GnuPG creating a denial-of-service. The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082 n/nn-6.7.3-i486-1.tgz: Upgraded to nn-6.7.3. Thanks to Aaron Hsu for helping with this package. extra/blackbox-0.70.1/blackbox-0.70.1-i486-1.tgz: Upgraded to blackbox-0.70.1. extra/ham/xastir-1.8.2-i486-2.tgz: Upgraded to xastir-1.8.2. Thanks to Arno Verhoeven for the upgraded package. +--------------------------+ Sun Jun 25 23:59:11 CDT 2006 a/lilo-22.7.1-i486-1.tgz: Upgraded to lilo-22.7.1. Thanks to George Iosif for reporting that this new LILO version is needed to boot a Toshiba Tecra S3 laptop. Thanks to Tomas Matejicek for suggestions on refining the build script. This version was also suggested as an upgrade by Rene Huber and Grant. a/procps-3.2.7-i486-1.tgz: Upgraded to procps-3.2.7 and psmisc-22.2. ap/jed-0.99_18-i486-1.tgz: Upgraded to jed-0.99_18. ap/sox-12.18.1-i486-1.tgz: Upgraded to sox-12.18.1. l/mhash-0.9.7-i486-1.tgz: Upgraded to mhash-0.9.7, which should fix some breakage reported by Bradley Reed. +--------------------------+ Sun Jun 25 00:46:13 CDT 2006 a/coreutils-5.97-i486-1.tgz: Upgraded to coreutils-5.97. a/gettext-0.14.6-i486-1.tgz: Upgraded to gettext-0.14.6. ap/joe-3.4-i486-2.tgz: Fixed permissions on some documentation files. Thanks to Nathan Black for noticing they were wrong. ap/mdadm-2.5.1-i486-1.tgz: Upgraded to mdadm-2.5.1. d/gdb-6.5-i486-1.tgz: Upgraded to gdb-6.5. d/gettext-tools-0.14.6-i486-1.tgz: Upgraded to gettext-tools-0.14.6. d/git-1.4.0-i486-1.tgz: Upgraded to git-1.4.0. Added the man pages. Thanks to Seb for pointing out the git-manpages archive on kernel.org. l/gtk+2-2.8.19-i486-1.tgz: Upgraded to gtk+-2.8.19. Looks like there's a bit more fallout over the PNG -lz debate... Thanks to Jason A Miller and Giacomo Lozito for reporting the problem with PNG images and pointing out the needed patch. testing/packages/php-5.1.4/php-5.1.4-i486-2.tgz: Recompiled with --enable-soap. Thanks to Aleksandar Jevremovic for the suggestion. +--------------------------+ Thu Jun 22 23:10:53 CDT 2006 a/e2fsprogs-1.38-i486-2.tgz: Reverted to e2fsprogs-1.38 due to reports of broken floppy support (e2fsck /dev/fd0). Since there were no bug reports here regarding e2fsprogs-1.38 (other than it not being the latest version), I'm reverting to the last known working version to play it safe. Thanks to Mikhail Zotov for reporting this issue along with an example of how to easily reproduce it. n/getmail-4.6.3-noarch-1.tgz: Upgraded to getmail-4.6.3. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.22. testing/packages/linux-2.6.16.22/alsa-driver-1.0.11_2.6.16.22-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.22. testing/packages/linux-2.6.16.22/kernel-generic-2.6.16.22-i486-1.tgz: Upgraded to Linux 2.6.16.22 generic kernel. I hope everyone had plenty of time to test that last kernel. ;-) testing/packages/linux-2.6.16.22/kernel-headers-2.6.16.22-i386-1.tgz: Upgraded to Linux 2.6.16.22 kernel headers. testing/packages/linux-2.6.16.22/kernel-modules-2.6.16.22-i486-1.tgz Upgraded to Linux 2.6.16.22 kernel modules. testing/packages/linux-2.6.16.22/kernel-source-2.6.16.22-noarch-1.tgz Upgraded to Linux 2.6.16.22 kernel source. +--------------------------+ Thu Jun 22 00:40:30 CDT 2006 l/sdl-1.2.10-i486-3.tgz: Recompiled with --disable-x11-shared to avoid problems with nVidia's drivers. Thanks to Giacomo Lozito for reporting this issue. n/dhcpcd-2.0.4-i486-1.tgz: Switched to dhcpcd version 2.0.4 after receiving some reports of problems with the latest version. There were no reports of problems with dhcpcd-2.0.1 here, and it was only upgraded in order to have the new, shiny version. But, rather than go all the way back to 2.0.1, we'll try 2.0.4 since one report was detailed enough to note that 2.0.4 worked while 2.0.6 didn't. Thanks to christian laubscher, Luca, and Dave Miller for providing useful data about these problems. In case anyone upstream is reading this, one of the problems was dhcpcd failing to work with the DHCP server built into the ZyXEL Prestige 650H-E1 router, and another issue was that after 2.0.4 it would no longer work with token ring. If any of these people have the time to test this new package and report success or failure, it would be appreciated. :-) kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.21. testing/packages/linux-2.6.16.21/alsa-driver-1.0.11_2.6.16.21-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.21. testing/packages/linux-2.6.16.21/kernel-generic-2.6.16.21-i486-1.tgz: Upgraded to Linux 2.6.16.21 generic kernel. testing/packages/linux-2.6.16.21/kernel-headers-2.6.16.21-i386-1.tgz: Upgraded to Linux 2.6.16.21 kernel headers. testing/packages/linux-2.6.16.21/kernel-modules-2.6.16.21-i486-1.tgz Upgraded to Linux 2.6.16.21 kernel modules. testing/packages/linux-2.6.16.21/kernel-source-2.6.16.21-noarch-1.tgz Upgraded to Linux 2.6.16.21 kernel source. +--------------------------+ Mon Jun 19 00:28:53 CDT 2006 xap/xchat-2.6.4-i486-2.tgz: Patched to fix proxy support. Thanks to Bren and Stefan Misch for pointing out the patch. +--------------------------+ Thu Jun 15 00:39:04 CDT 2006 a/e2fsprogs-1.39-i486-1.tgz: Upgraded to e2fsprogs-1.39. ap/man-pages-2.33-noarch-1.tgz: Upgraded to man-pages-2.33. ap/quota-3.13-i486-1.tgz: Upgraded to quota-3.13. d/cvs-1.11.22-i486-1.tgz: Upgraded to cvs-1.11.22. l/fribidi-0.10.7-i486-1.tgz: Upgraded to fribidi-0.10.7. l/libgsf-1.14.1-i486-1.tgz: Upgraded to libgsf-1.14.1. l/librsvg-2.14.4-i486-1.tgz: Upgraded to librsvg-2.14.4. l/libxml2-2.6.26-i486-1.tgz: Upgraded to libxml2-2.6.26. l/libxslt-1.1.17-i486-1.tgz: Upgraded to libxslt-1.1.17. l/libwmf-0.2.8.4-i486-1.tgz: Upgraded to libwmf-0.2.8.4. l/libwmf-docs-0.2.8.4-noarch-1.tgz: Upgraded to libwmf-0.2.8.4 docs. l/libwpd-0.8.5-i486-1.tgz: Upgraded to libwpd-0.8.5. This might require a few things to be recompiled, so please report any compatibility issues here. l/mhash-0.9.6-i486-1.tgz: Upgraded to mhash-0.9.6. n/curl-7.15.4-i486-1.tgz: Upgraded to curl-7.15.4. n/irssi-0.8.10a-i486-2.tgz: Patched to fix a pointer bug that causes irssi to dump core on exit. Thanks to Andrew Brouwers for the bug report and pointers to a discussion and patch. n/lftp-3.4.7-i486-1.tgz: Upgraded to lftp-3.4.7. n/nmap-4.10-i486-1.tgz: Upgraded to nmap-4.10. n/ntp-4.2.2-i486-1.tgz: Upgraded to ntp-4.2.2. n/openldap-client-2.3.24-i486-1.tgz: Upgraded to openldap-2.3.24. n/sendmail-8.13.7-i486-1.tgz: Upgraded to sendmail-8.13.7. Fixes a potential denial of service problem caused by excessive recursion leading to stack exhaustion when attempting delivery of a malformed MIME message. This crashes sendmail's queue processing daemon, which in turn can lead to two problems: depending on the settings, these crashed processes may create coredumps which could fill a drive partition; and such a malformed message in the queue will cause queue processing to cease when the message is reached, causing messages that are later in the queue to not be processed. Sendmail's complete advisory may be found here: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Sendmail has also provided an FAQ about this issue: http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 (* Security fix *) n/sendmail-cf-8.13.7-noarch-1.tgz: Upgraded to sendmail-8.13.7 configs. xap/fluxbox-1.0rc-i486-1.tgz: Upgraded to fluxbox-1.0rc. I considered using --prefix=/usr here since X.Org will be moving from /usr/X11R6 to /usr when Slackware absorbs the modular release, but I think it will be best to wait and make those changes all at once. This, BTW, will be sometime after the 11.0 release. This current to stable cycle has already taken too much time (10.2 is in need of replacement), and introducing changes that might break things at this point would be foolhardy. Although there's still quite a bit in the TODO queue here I'm making my steps carefully as -current is very stable, and I think it should ship as a stable 11.0 soon so that we can get back to the business of breaking things in -current. :-) xap/imagemagick-6.2.8_0-i486-1.tgz: Upgraded to ImageMagick-6.2.8-0. xap/xchat-2.6.4-i486-1.tgz: Upgraded to xchat-2.6.4. xap/xsane-0.991-i486-1.tgz: Upgraded to xsane-0.991. Thanks to Nicolas Friedli for pointing out that I'd had this source ready to compile in source/xap/xsane for a couple of months. :-) +--------------------------+ Mon Jun 12 07:46:26 CDT 2006 d/doxygen-1.4.7-i486-1.tgz: Touched/resynced as this package got mangled in upload somehow. Thanks to Marin Mitov for pointing this out. +--------------------------+ Sun Jun 11 17:27:32 CDT 2006 d/doxygen-1.4.7-i486-1.tgz: Upgraded to doxygen-1.4.7. kde/amarok-1.4.0a-i486-1.tgz: Upgraded to amarok-1.4.0a. Thanks to Steven Robson for pointing out the stealth re-release. l/sdl-1.2.10-i486-2.tgz: Fixed the ./configure options so that SDL does not use dlopen() to link to the shared graphics libraries, as dlopen() wasn't working with the new PNG library. Thanks to François Cojean and Raphaël Prevost for bug report and patch. n/bootp-2.4.3-i486-2.tgz: Patched to work with 2.6.x kernels. Thanks to Simon Munton. n/dhcpcd-2.0.6-i486-1.tgz: Upgraded to dhcpcd-2.0.6. Moved /etc/dhcpc/dhcpcd.exe to /etc/dhcpc/dhcpcd.exe-sample to prevent error messages in the log files. The sources install this as non- executable, and there's little reason that I can see to use it in its default form as it only puts redundant information in the logs. It might be a useful stub for some other purpose though... Thanks to David Houlden and Luis for reporting the issue. n/dnsmasq-2.32-i486-1.tgz: Upgraded to dnsmasq-2.32. extra/slackpkg/slackpkg-2.05-noarch-7.tgz: Upgraded to slackpkg-2.05-noarch-7. Thanks to Piter Punk. +--------------------------+ Thu Jun 8 00:11:35 CDT 2006 a/acl-2.2.34-i486-1.tgz: Moved from AP series since so many binaries require this (or will). Made acl an ADD (required) package in the tagfile. a/attr-2.4.28-i486-1.tgz: Moved from AP series since so many binaries require this (or will). Made attr an ADD (required) package in the tagfile. d/mercurial-0.9-i486-2.tgz: Fixed missing man pages. (thanks to Seb) d/python-2.4.3-i486-2.tgz: Rebuilt with --enable-ipv6. I don't know if this option actually does anything, but it can't hurt. ;-) Suggested by Lukasz Stelmach. d/python-demo-2.4.3-noarch-2.tgz: Rebuilt. d/python-tools-2.4.3-noarch-2.tgz: Rebuilt. n/samba-3.0.22-i486-2.tgz: Recompiled with --with-acl-support=yes. Suggested by Ricardson Williams. +--------------------------+ Mon Jun 5 18:57:15 CDT 2006 a/jfsutils-1.1.11-i486-1.tgz: Upgraded to jfsutils-1.1.11. n/apache-1.3.36-i486-1.tgz: Upgraded to apache-1.3.36. n/mod_ssl-2.8.27_1.3.36-i486-1.tgz: Upgraded to mod_ssl-2.8.27-1.3.36. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.20. testing/packages/linux-2.6.16.20/alsa-driver-1.0.11_2.6.16.20-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.20. testing/packages/linux-2.6.16.20/kernel-generic-2.6.16.20-i486-1.tgz: Upgraded to Linux 2.6.16.20 generic kernel. testing/packages/linux-2.6.16.20/kernel-headers-2.6.16.20-i386-1.tgz: Upgraded to Linux 2.6.16.20 kernel headers. testing/packages/linux-2.6.16.20/kernel-modules-2.6.16.20-i486-1.tgz Upgraded to Linux 2.6.16.20 kernel modules. testing/packages/linux-2.6.16.20/kernel-source-2.6.16.20-noarch-1.tgz Upgraded to Linux 2.6.16.20 kernel source. +--------------------------+ Sun Jun 4 22:17:14 CDT 2006 a/sharutils-4.6.3-i486-1.tgz: Upgraded to sharutils-4.6.3. ap/joe-3.4-i486-1.tgz: Upgraded to joe-3.4. ap/mysql-5.0.22-i486-1.tgz: Upgraded to mysql-5.0.22. This fixes an SQL injection vulnerability. For more details, see the MySQL 5.0.22 release announcement here: http://lists.mysql.com/announce/365 The CVE entry for this issue will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753 (* Security fix *) kde/kdeaccessibility-3.5.3-i486-1.tgz: Upgraded to kdeaccessibility-3.5.3. kde/kdeaddons-3.5.3-i486-1.tgz: Upgraded to kdeaddons-3.5.3. kde/kdeadmin-3.5.3-i486-1.tgz: Upgraded to kdeadmin-3.5.3. kde/kdeartwork-3.5.3-i486-1.tgz: Upgraded to kdeartwork-3.5.3. kde/kdebase-3.5.3-i486-1.tgz: Upgraded to kdebase-3.5.3. kde/kdebindings-3.5.3-i486-1.tgz: Upgraded to kdebindings-3.5.3. kde/kdeedu-3.5.3-i486-1.tgz: Upgraded to kdeedu-3.5.3. kde/kdegames-3.5.3-i486-1.tgz: Upgraded to kdegames-3.5.3. kde/kdegraphics-3.5.3-i486-1.tgz: Upgraded to kdegraphics-3.5.3. kde/kdelibs-3.5.3-i486-1.tgz: Upgraded to kdelibs-3.5.3. kde/kdemultimedia-3.5.3-i486-1.tgz: Upgraded to kdemultimedia-3.5.3. kde/kdenetwork-3.5.3-i486-1.tgz: Upgraded to kdenetwork-3.5.3. kde/kdepim-3.5.3-i486-1.tgz: Upgraded to kdepim-3.5.3. kde/kdesdk-3.5.3-i486-1.tgz: Upgraded to kdesdk-3.5.3. kde/kdetoys-3.5.3-i486-1.tgz: Upgraded to kdetoys-3.5.3. kde/kdeutils-3.5.3-i486-1.tgz: Upgraded to kdeutils-3.5.3. kde/kdevelop-3.3.2-i486-1.tgz: Upgraded to kdevelop-3.3.2. kde/kdewebdev-3.5.3-i486-1.tgz: Upgraded to kdewebdev-3.5.3. kde/koffice-1.5.1-i486-1.tgz: Upgraded to koffice-1.5.1. kdei/kde-i18n-*-3.5.3-noarch-1.tgz: Upgraded to kde-i18n-3.5.3. kdei/koffice-l10n-*-1.5.1-noarch-1.tgz: Upgraded to l10n packages for koffice-1.5.1. l/arts-1.5.3-i486-1.tgz: Upgraded to arts-1.5.3. l/jre-1_5_0_07-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 7. n/getmail-4.6.1-noarch-1.tgz: Upgraded to getmail-4.6.1. n/links-2.1pre22-i486-1.tgz: Upgraded to links-2.1pre22. xap/mozilla-firefox-1.5.0.4-i686-1.tgz: Upgraded to firefox-1.5.0.4. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) xap/mozilla-thunderbird-1.5.0.4-i686-1.tgz: Upgraded to thunderbird-1.5.0.4. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) xap/seamonkey-1.0.2-i486-1.tgz: Upgraded to seamonkey-1.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) xap/xlockmore-5.22-i486-1.tgz: Upgraded to xlockmore-5.22. xap/xscreensaver-5.00-i486-1.tgz: Upgraded to xscreensaver-5.00. extra/jdk-1.5.0_07/jdk-1_5_0_07-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 7. +--------------------------+ Wed May 31 18:37:58 CDT 2006 a/hotplug-2004_09_23-noarch-8.tgz: Patched net.agent to use rc.inet1 to shut down interfaces that use DHCP. Thanks to Lew Pitcher, Ismael Cortes, and Nuts Mueller, who all suggested possible solutions for an issue which arose when dhcpcd's .pid file was shifted from /etc/dhcpc/ to /var/run/. ap/mdadm-2.5-i486-1.tgz: Upgraded to mdadm-2.5. d/subversion-1.3.2-i486-1.tgz: Upgraded to subversion-1.3.2. Added back the HTML book -- thanks to Jan Rafaj for pointing out that this had gone missing in the last subversion package. xap/gkrellm-2.2.9-i486-1.tgz: Upgraded to gkrellm-2.2.9. Suggested by Willy Sudiarto Raharjo. extra/slackpkg/slackpkg-2.04-noarch-6.tgz: Upgraded to slackpkg-2.04-noarch-6. Thanks to Piter Punk. testing/packages/linux-2.6.16.19/alsa-driver-1.0.11_2.6.16.19-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.19. testing/packages/linux-2.6.16.19/kernel-generic-2.6.16.19-i486-1.tgz: Upgraded to Linux 2.6.16.19 generic kernel. testing/packages/linux-2.6.16.19/kernel-headers-2.6.16.19-i386-1.tgz: Upgraded to Linux 2.6.16.19 kernel headers. testing/packages/linux-2.6.16.19/kernel-modules-2.6.16.19-i486-1.tgz Upgraded to Linux 2.6.16.19 kernel modules. Thanks to Nuts Mueller for the rc.modules typo fixes. testing/packages/linux-2.6.16.19/kernel-source-2.6.16.19-noarch-1.tgz Upgraded to Linux 2.6.16.19 kernel source. +--------------------------+ Sat May 27 19:14:31 CDT 2006 a/coreutils-5.96-i486-1.tgz: Upgraded to coreutils-5.96. l/glib2-2.10.3-i486-1.tgz: Upgraded to glib-2.10.3. l/gtk+2-2.8.18-i486-1.tgz: Upgraded to gtk+-2.8.18. l/pango-1.12.3-i486-1.tgz: Upgraded to pango-1.12.3. n/dnsmasq-2.31-i486-1.tgz: Upgraded to dnsmasq-2.31. n/cyrus-sasl-2.1.22-i486-1.tgz: Upgraded to cyrus-sasl-2.1.22. n/openldap-client-2.3.23-i486-1.tgz: Upgraded to openldap-2.3.23. xap/imagemagick-6.2.7_8-i486-1.tgz: Upgraded to ImageMagick-6.2.7-8. extra/parted/parted-1.7.1-i486-1.tgz: Upgraded to parted-1.7.1. +--------------------------+ Mon May 22 21:44:07 CDT 2006 kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.18. testing/packages/linux-2.6.16.18/alsa-driver-1.0.11_2.6.16.18-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.18. testing/packages/linux-2.6.16.18/kernel-generic-2.6.16.18-i486-1.tgz: Upgraded to Linux 2.6.16.18 generic kernel. testing/packages/linux-2.6.16.18/kernel-headers-2.6.16.18-i386-1.tgz: Upgraded to Linux 2.6.16.18 kernel headers. testing/packages/linux-2.6.16.18/kernel-modules-2.6.16.18-i486-1.tgz Upgraded to Linux 2.6.16.18 kernel modules. testing/packages/linux-2.6.16.18/kernel-source-2.6.16.18-noarch-1.tgz Upgraded to Linux 2.6.16.18 kernel source. +--------------------------+ Mon May 22 11:23:48 CDT 2006 a/bin-11.0-i486-1.tgz: Upgraded to ncompress-4.2.4, eject-2.1.4, file-4.17, and tree-1.5.0. Removed sharutils, which are now in a separate package. Patched a security problem in zoo's fullpath() function that was reported by Jean-Sebastien Guay-Leroux. At first this didn't seem like much as zoo is old and hardly used, but there are virus scanning programs that scan zoo archives. It is a possible problem on any system running zoo like this in an automated way, and (of course) could also cause problems if a user were to open a malicious zoo archive manually. (though I'd be pretty suspicious if someone were to mail me anything using "zoo" in 2006...) (* Security fix *) a/coreutils-5.95-i486-1.tgz: Upgraded to coreutils-5.95. a/sharutils-4.6.2-i486-1.tgz: Added new sharutils package, upgraded to sharutils-4.6.2. ap/linuxdoc-tools-0.9.21-i486-2.tgz: Added libsgmls-perl_1.03ii. Upgraded to the latest upstream linuxdoc-tools package. Moved jadetex out of this package and into the tetex package so that "mktexlslr" won't need to be run to find jadetex. Merged some miscellaneous fixes from the armedslack package. Thanks again to Stuart Winter for help on SGML/Docbook issues. :-) d/git-1.3.3-i486-1.tgz: Upgraded to git-1.3.3. kde/amarok-1.4.0-i486-1.tgz: Upgraded to amarok-1.4.0. l/glib2-2.10.2-i486-1.tgz: Upgraded to glib-2.10.2. l/pango-1.12.2-i486-1.tgz: Upgraded to pango-1.12.2. l/sdl-1.2.10-i486-1.tgz: Upgraded to SDL-1.2.10, SDL_image-1.2.5, SDL_mixer-1.2.7, SDL_net-1.2.6, and SDL_ttf-2.0.8. l/libxml2-2.6.24-i486-1.tgz: Upgraded to libxml2-2.6.24. l/libxslt-1.1.16-i486-1.tgz: Upgraded to libxslt-1.1.16. n/dhcp-3.0.4-i486-1.tgz: Upgraded to dhcp-3.0.4. n/nfs-utils-1.0.8-i486-1.tgz: Upgraded to nfs-utils-1.0.8. t/tetex-3.0-i486-2.tgz: Regenerated the etex.fmt files with etex, not pdfetex. This is more appropriate since etex is a binary, not a link to pdfetex. Thanks to John Breckenridge for reporting the issue. Added --disable-a4, and fixed the texconfig for US paper default in the build script. Thanks to Marc Benstein and Jingmin Zhou for reporting this. Merged jadetex into the teTeX package. Moved font build directory (only usable by root anyway) from /var/tmp/texfonts to /var/lib/texmf. Improved /tmp use security. Patched a possible security issue in library code borrowed from xpdf that's used in pdfetex. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 (* Security fix *) t/tetex-doc-3.0-i486-2.tgz: Rebuilt. xap/gxine-0.5.6-i486-1.tgz: Upgraded to gxine-0.5.6. xap/imagemagick-6.2.7_6-i486-1.tgz: Upgraded to ImageMagick-6.2.7-6. xap/seamonkey-1.0.1-i486-2.tgz: Added seamonkey-1.0.1, which replaces the old Mozilla Suite in the XAP series. If Mozilla is not found on the machine, a mozilla -> seamonkey link will be created to handle applications that might still try to use "mozilla" to open URLs. Also, if Mozilla is not installed, then symlinks will be made in /usr/lib/pkgconfig/ from mozilla* -> seamonkey*. This should allow most sources designed for Mozilla to compile. extra/parted/parted-1.7.0-i486-1.tgz: Upgraded to parted-1.7.0. pasture/mozilla-1.7.13-i486-1.tgz: Moved here from XAP series. This won't remain here long, so grab a copy if you want it... kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.17. testing/packages/linux-2.6.16.17/alsa-driver-1.0.11_2.6.16.17-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.17. testing/packages/linux-2.6.16.17/kernel-generic-2.6.16.17-i486-1.tgz: Upgraded to Linux 2.6.16.17 generic kernel. testing/packages/linux-2.6.16.17/kernel-headers-2.6.16.17-i386-1.tgz: Upgraded to Linux 2.6.16.17 kernel headers. testing/packages/linux-2.6.16.17/kernel-modules-2.6.16.17-i486-1.tgz Upgraded to Linux 2.6.16.17 kernel modules. testing/packages/linux-2.6.16.17/kernel-source-2.6.16.17-noarch-1.tgz Upgraded to Linux 2.6.16.17 kernel source. +--------------------------+ Sat May 13 21:00:28 CDT 2006 a/bash-3.1.017-i486-1.tgz: Upgraded to bash-3.1.17. a/openssl-solibs-0.9.8b-i486-1.tgz: Upgraded to openssl-0.9.8b. ap/vim-7.0.017-i486-1.tgz: Upgraded to vim-7.0.017. d/git-1.3.2-i486-1.tgz: Added git-1.3.2. d/mercurial-0.9-i486-1.tgz: Added mercurial-0.9. n/openssh-4.3p2-i486-1.tgz: Upgraded to openssh-4.3p2. n/openssl-0.9.8b-i486-1.tgz: Upgraded to openssl-0.9.8b. xap/xvim-7.0.017-i486-1.tgz: Upgraded to vim-7.0.017 compiled with X11 and GTK+ (version 2) support. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.16. testing/packages/linux-2.6.16.16/alsa-driver-1.0.11_2.6.16.16-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.16. testing/packages/linux-2.6.16.16/kernel-generic-2.6.16.16-i486-1.tgz: Upgraded to Linux 2.6.16.16 generic kernel. testing/packages/linux-2.6.16.16/kernel-headers-2.6.16.16-i386-1.tgz: Upgraded to Linux 2.6.16.16 kernel headers. testing/packages/linux-2.6.16.16/kernel-modules-2.6.16.16-i486-1.tgz Upgraded to Linux 2.6.16.16 kernel modules. Added many missing ISA network card modules (thanks to Marc Rubin). testing/packages/linux-2.6.16.16/kernel-source-2.6.16.16-noarch-1.tgz Upgraded to Linux 2.6.16.16 kernel source. +--------------------------+ Wed May 10 14:23:57 CDT 2006 n/apache-1.3.35-i486-2.tgz: Patched to fix totally broken Include behavior. Thanks to Francesco Gringoli for reporting this bug. +--------------------------+ Tue May 9 16:10:33 CDT 2006 ap/cdrdao-1.2.1-i486-1.tgz: Upgraded to cdrdao-1.2.1. ap/mysql-5.0.21-i486-1.tgz: Upgraded to mysql-5.0.21. This fixes some security issues, including possible information leakage, and execution of arbitrary code. Note that the information leakage bugs require that the attacker have access to an account on the database. Also note that by default, Slackware's rc.mysqld script does *not* allow access to the database through the outside network (it uses the --skip-networking option). If you've enabled network access to MySQL, it is a good idea to filter the port (3306) to prevent access from unauthorized machines. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518 (* Security fix *) l/gmp-4.2.1-i486-1.tgz: Upgraded to gmp-4.2.1. l/libpng-1.2.10-i486-2.tgz: Run ./configure --prefix=/usr to substitute macros into libpng12.pc (even though we compile with the custom makefile.) Thanks to Ian Bennett for the bug report. l/mpfr-2.2.0p10-i486-1.tgz: Added mpfr-2.2.0p10. This used to be part of GMP but is now a separate project (www.mpfr.org). n/apache-1.3.35-i486-1.tgz: Upgraded to apache-1.3.35. From the official announcement: Of particular note is that 1.3.35 addresses and fixes 1 potential security issue: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 (* Security fix *) Upgraded the bundled mm (Shared Memory Allocation) library to mm-1.4.0. n/gnupg-1.4.3-i486-1.tgz: Upgraded to gnupg-1.4.3. n/mod_ssl-2.8.26_1.3.35-i486-1.tgz: Upgraded to mod_ssl-2.8.26-1.3.35. This is an updated version designed for Apache 1.3.35. n/php-4.4.2-i486-4.tgz: Recompiled against mm-1.4.0. Upgraded to Mail-1.1.10 and XML_RPC-1.4.8 PEAR modules. Added /usr/bin/php-cgi (thanks to AthlonRob). testing/packages/php-5.1.4/php-5.1.4-i486-1.tgz: Upgraded to php-5.1.4. Recompiled against mm-1.4.0 (bundled with the new Apache package). Added /usr/bin/php-cgi (thanks to AthlonRob). Added mysqli and pdo-mysql extensions (suggested by Janusz Dziemidowicz). +--------------------------+ Wed May 3 21:48:26 CDT 2006 xap/mozilla-firefox-1.5.0.3-i686-1.tgz: Upgraded to firefox-1.5.0.3. This upgrade fixes a crash bug that could possibly be used to execute code as the Firefox user. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed May 3 00:01:38 CDT 2006 a/smartmontools-5.36-i486-1.tgz: Upgraded to smartmontools-5.36. Thanks to Jonathan Woithe for letting me know that newer 2.6.x kernels need this version to properly support SMART with SATA drives. l/libpng-1.2.10-i486-1.tgz: Upgraded to libpng-1.2.10. n/rsync-2.6.8-i486-1.tgz: Upgraded to rsync-2.6.8. tcl/tcl-8.4.13-i486-1.tgz: Upgraded to tcl-8.4.13. tcl/tk-8.4.13-i486-1.tgz: Upgraded to tk-8.4.13. x/x11-6.9.0-i486-4.tgz: Patched with x11r6.9.0-mitri.diff and recompiled. A typo in the X render extension allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is "root".) The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526 The advisory from X.Org may be found here: http://lists.freedesktop.org/archives/xorg/2006-May/015136.html (* Security fix *) x/x11-devel-6.9.0-i486-4.tgz: Patched and recompiled libXrender. (* Security fix *) The rest of these were rebuilt simply to keep the build number consistent. x/x11-docs-6.9.0-noarch-4.tgz: Rebuilt. x/x11-docs-html-6.9.0-noarch-4.tgz: Rebuilt. x/x11-fonts-100dpi-6.9.0-noarch-4.tgz: Rebuilt. x/x11-fonts-cyrillic-6.9.0-noarch-4.tgz: Rebuilt. x/x11-fonts-misc-6.9.0-noarch-4.tgz: Rebuilt. x/x11-fonts-scale-6.9.0-noarch-4.tgz: Rebuilt. x/x11-xdmx-6.9.0-i486-4.tgz: Rebuilt. x/x11-xnest-6.9.0-i486-4.tgz: Rebuilt. x/x11-xvfb-6.9.0-i486-4.tgz: Rebuilt. +--------------------------+ Sun Apr 30 17:32:22 CDT 2006 a/hotplug-2004_09_23-noarch-7.tgz: Blacklisted the wireless access point modules (hostap*) as they can interfere with normal usage of the interface. Thanks to Piter Punk. ap/espgs-8.15.2-i486-1.tgz: Upgraded to espgs-8.15.2. l/alsa-driver-1.0.11_2.4.32-i486-2.tgz: Patched a problem with the via82xx driver. Thanks to user MysticMgcn for entering the bug report, to Ismael Cortes for getting me a copy of the patch from ALSA's Hg repository, and to ALSA developer Takashi Iwai for the fix itself. l/alsa-lib-1.0.11-i486-1.tgz: Moved from /testing. n/nmap-4.03-i486-1.tgz: Upgraded to nmap-4.03. n/proftpd-1.3.0-i486-1.tgz: Upgraded to proftpd-1.3.0. n/tin-1.8.2-i486-1.tgz: Upgraded to tin-1.8.2. n/wireless-tools-28-i486-1.tgz: Upgraded to wireless_tools.28. Thanks to Eric Hameleers for the new version of rc.wireless. xap/mozilla-thunderbird-1.5.0.2-i686-1.tgz: Upgraded to thunderbird-1.5.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) testing/packages/linux-2.6.16.9/alsa-driver-1.0.11_2.6.16.9-i486-2.tgz: Patched to fix via82xx driver. +--------------------------+ Mon Apr 24 14:29:50 CDT 2006 a/hotplug-2004_09_23-noarch-6.tgz: Patched rc.hotplug. On 2.4 kernels use /sbin/hotplug for hotpluging, but on 2.6 kernels use /sbin/udevsend (if udev is being used) instead. This should work better on systems using 2.6 kernels with udev and HAL. Among the people pushing for this change for a while: Jon Grosshart, Piter Punk, and Eugene Crosser. Blacklisted hw_random after reports that it causes some systems to crash. Note that rc.hotplug is now installed as rc.hotplug.new, but upgradepkg will still replace it for one more package iteration. This will cause hotplug to be made executable on machines where it currently is not, so be aware of that. a/slocate-3.1-i486-1.tgz: Upgraded to slocate-3.1. This uses a new database format, so you'll have to wait for the cron job or run "updatedb -c /etc/updatedb.conf" as root. Thanks to Piotr Simon and Erik Jan Tromp for pointing out that the docs for the previous package were installed with incorrect permissions. a/udev-071-i486-1.tgz: Upgraded to udev-071. Set ttyUSB devices to mode 660 so that users in group tty can use them. Get rid of the 10-udev.hotplug -> /sbin/udevsend symlink in /etc/hotplug.d/default. This fixes a race condition with using the hotplug event handling system now enabled by default in the latest udev.rules. Another nice effect of this is that udevd no longer runs needlessly on 2.4 systems. WARNING: any existing udev.rules file will be overwritten, so save your old file if you have custom rules you'd like to merge in). Based on ideas suggested by Eugene Crosser, Piter Punk, and myself. In /etc/udev/scripts/make_extra_nodes.sh and floppy-extra-devs.sh, use ${udev_root} instead of hardcoding /dev. Thanks to Andreas Schnaiter. In /etc/udev/scripts/make_extra_nodes.sh, fixed a bug that caused a bad cdrom -> pktcdvd/control symlink to be created if the pktcdvd driver was loaded prior to running the make_extra_nodes.sh script. Thanks to Kenneth Pettersen for the bug report and fix, and to Giovanni Quadriglio who also reported the issue. Finally, thanks to Piter Punk for his continued exploration of udev's bleeding edge. What's going on there is quite interesting, but there are still some issues that have led me to decide it's best to take small steps in that direction. For example, it was nice to be able to populate /dev before checking the partitions and mounting them read-write, and it seems that won't be possible any longer. I've had other reports of hardware that wasn't hotplugged correctly, too (and ran into some myself). Mostly it seems to be a question of figuring out the proper place in the boot process to put udev, but there are also a lot of things we're left to figure out concerning the udev rules. We'll get there, but maybe not in the next release. This upgrade to udev-071 meets the minimum requirement in the 2.6.16.9 Documentation/Changes file, and has been heavily tested here and found to work well. udev-090 boot the machine faster, but isn't as reliable (at least in testing here, with how it's called from our init scripts), and I've never been in favor of trading reliability for speed. ap/alsa-utils-1.0.11-i486-1.tgz: Upgraded to alsa-utils-1.0.11. ap/mysql-5.0.20a-i486-1.tgz: Upgraded to mysql-5.0.20a. d/guile-1.8.0-i486-1.tgz: Upgraded to guile-1.8.0. I don't think anything in Slackware depends on guile any more, and that the only thing that ever did was a solitaire game in GNOME. Since the GNOME distributions for Slackware are already including their own guile packages, I'm considering this package for removal. How generally useful is it? Perhaps something like Ruby in the D series instead would be more useful. l/alsa-driver-1.0.11_2.4.32-i486-1.tgz: Upgraded to alsa-driver-1.0.11, compiled for Linux 2.4.32. l/alsa-lib-1.0.11rc4-i486-1.tgz: Upgraded to alsa-lib-1.0.11rc4. The reason for 11rc4 rather than 11 is that there was a new subsystem added (src/pcm_rate_linear.c) in 11rc5, that I suspect causes aRts to break on at least one system using snd-via82xx and/or snd-ac97-codec -- aRts bails with a message about a CPU overload. The exact chipset is: VIA Technologies, Inc. VT8233/A/8235/8237 AC97 Audio Controller (rev 60) It would seem to me that rc4->rc5 was kind of a risky time in the release cycle to introduce such a massive change to the codebase. In any case, I think it's prudent to stick with alsa-lib-1.0.11rc4 as the default alsa-lib version until this gets sorted out upstream. l/alsa-oss-1.0.11-i486-1.tgz: Upgraded to alsa-oss-1.0.11. l/libungif-4.1.4-i486-2.tgz: Fixed libgif.so* symlinks. Thanks to Wim Speekenbrink. xap/imagemagick-6.2.7_0-i486-1.tgz: Upgraded to ImageMagick-6.2.7-0. xap/mozilla-1.7.13-i486-1.tgz: Upgraded to mozilla-1.7.13. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla This release marks the end-of-life of the Mozilla 1.7.x series: http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/ Mozilla Corporation is recommending that users upgrade to Firefox and Thunderbird, but if you're a fan of the style of the Mozilla Suite, I'd recommend SeaMonkey myself. There's a good chance that Mozilla will not ship in the next Slackware release, and SeaMonkey will ship in its place. I'd been wondering which way to go with that, but getting an official EOL statement about the Mozilla Suite makes it seem like the switch to SeaMonkey should happen sooner rather than later. (* Security fix *) extra/slacktrack/slacktrack-1.29-i486-1.tgz: Upgraded to slacktrack-1.29-1. testing/packages/alsa-lib-1.0.11-i486-1.tgz: Added alsa-lib-1.0.11. This is primarily intended for people to verify the issue with VIA sound, look for a similar issue with other chipsets as well (seems possible, since the issue isn't in any VIA specific code in alsa-driver), and report any useful information found to the upstream developers: https://bugtrack.alsa-project.org/alsa-bug/ I reported the issue via (ha;) email, but not through the bug track system. The developer I contacted couldn't reproduce the issue and didn't think it had anything to do with the rate plugin additions. If other folks test alsa-lib-1.0.11 and run into this, and have the time to jump through the hoops needed to report the bug at the URL above, I'd appreciate the help. At least it would demonstrate that it's not just my machine... testing/packages/linux-2.6.16.9/alsa-driver-1.0.11_2.6.16.9-i486-1.tgz: Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.9. testing/packages/linux-2.6.16.9/kernel-generic-2.6.16.9-i486-1.tgz: Upgraded to Linux 2.6.16.9 generic kernel. testing/packages/linux-2.6.16.9/kernel-headers-2.6.16.9-i386-1.tgz: Upgraded to Linux 2.6.16.9 kernel headers. testing/packages/linux-2.6.16.9/kernel-modules-2.6.16.9-i486-1.tgz Upgraded to Linux 2.6.16.9 kernel modules. testing/packages/linux-2.6.16.9/kernel-source-2.6.16.9-noarch-1.tgz Upgraded to Linux 2.6.16.9 kernel source. BTW, I think 2.6.16.x, being the first kernel series in the 2.6 series that has been promised some long-lived support, will be the 2.6 kernel you'll see in the next Slackware release. If/when 2.6.17 (or 18, etc.) come out, don't expect to see me chasing after it immediately. I'm looking for a kernel that can be counted on for stability -- not the bleeding edge. Of course, once 2.6.16.x is considered tested enough to leave /testing (and it does seem close), perhaps a newer kernel might take its place here just for fun. Oh and yes -- I did see that 2.6.16.10 is out, and I know that the test26.s kernel wasn't yet updated. Due to the Mozilla situation, I can't delay this update to be a $SUCKER some more, but you'll see 2.6.16.10 soon. That is, if there isn't a newer one first... +--------------------------+ Mon Apr 17 01:22:15 CDT 2006 kde/koffice-1.5.0-i486-1.tgz: Upgraded to koffice-1.5.0. kdei/koffice-l10n-*.tgz: Upgraded to l10n packages for koffice-1.5.0. l/gtk+2-2.8.17-i486-1.tgz: Upgraded to gtk+-2.8.17. l/lcms-1.15-i486-1.tgz: Upgraded to lcms-1.15. l/libexif-0.6.13-i486-1.tgz: Upgraded to libexif-0.6.13. l/libidl-0.8.6-i486-1.tgz: Upgraded to libIDL-0.8.6. l/libglade-2.5.1-i486-1.tgz: Upgraded to libglade-2.5.1. l/libgsf-1.14.0-i486-1.tgz: Upgraded to libgsf-1.14.0. This has changed the major library version from .1 to .114... l/libidn-0.6.3-i486-1.tgz: Upgraded to libidn-0.6.3. l/librsvg-2.14.3-i486-1.tgz: Upgraded to librsvg-2.14.3. l/libtiff-3.8.2-i486-1.tgz: Upgraded to libtiff-3.8.2. l/libungif-4.1.4-i486-1.tgz: Upgraded to libungif-4.1.4. l/libwpd-0.8.4-i486-2.tgz: Recompiled against libgsf-1.14.0. l/wv2-0.2.2-i486-2.tgz: Recompiled against libgsf-1.14.0. Apparently, this needed a recompile anyway (with or without new dependencies) in order to fix a compiler incompatibility issue between gcc-3.3.x and gcc-3.4.x that was breaking .doc support in KWord. Thanks to Marin Mitov and Andrey V. Panov for reporting this issue. n/fetchmail-6.3.4-i486-1.tgz: Upgraded to fetchmail-6.3.4. n/getmail-4.6.0-noarch-1.tgz: Upgraded to getmail-4.6.0. n/lftp-3.4.4-i486-1.tgz: Upgraded to lftp-3.4.4. xap/fluxbox-0.9.15.1-i486-1.tgz: Upgraded to fluxbox-0.9.15.1. xap/gimp-2.2.11-i486-1.tgz: Upgraded to gimp-2.2.11. xap/mozilla-firefox-1.5.0.2-i686-1.tgz: Upgraded to firefox-1.5.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) extra/k3b/k3b-0.12.15-i486-1.tgz: Upgraded to k3b-0.12.15. extra/k3b/k3b-i18n-0.12.15-noarch-1.tgz: Upgraded to k3b-i18n-0.12.15. testing/packages/seamonkey-1.0.1-i486-1.tgz: Upgraded to seamonkey-1.0.1. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) In other news, I am aware of the expat-2.0 release, but this has a couple of API changes (and a new major library number) and it will take some time for upstream sources to patch for it. Therefore, expat-2.0 will not be used for Slackware 11.0 (but might be included in /testing). There's also a new gmp-4.2, but the shared libraries that are built by this have lower numbers than the ones from gmp-4.1.4, so that's probably not going to make the cut this time around, either. +--------------------------+ Tue Apr 4 18:06:21 CDT 2006 d/make-3.81-i486-1.tgz: Upgraded to make-3.81. Long live make! d/subversion-1.3.1-i486-1.tgz: Upgraded to subversion-1.3.1. xap/xscreensaver-4.24-i486-1.tgz: Upgraded to xscreensaver-4.24. +--------------------------+ Mon Apr 3 21:18:03 CDT 2006 a/findutils-4.2.27-i486-1.tgz: Upgraded to findutils-4.2.27. d/python-2.4.3-i486-1.tgz: Upgraded to python-2.4.3. This now links with Berkeley DB 4.4.x. :-) d/python-demo-2.4.3-noarch-1.tgz: Upgraded to python-2.4.3 demos. d/python-tools-2.4.3-noarch-1.tgz: Upgraded to python-2.4.3 tools. kde/amarok-1.3.9-i486-1.tgz: Added amaroK 1.3.9, a media player for KDE. kde/kdeaccessibility-3.5.2-i486-1.tgz: Upgraded to kdeaccessibility-3.5.2. kde/kdeaddons-3.5.2-i486-1.tgz: Upgraded to kdeaddons-3.5.2. kde/kdeadmin-3.5.2-i486-1.tgz: Upgraded to kdeadmin-3.5.2. kde/kdeartwork-3.5.2-i486-1.tgz: Upgraded to kdeartwork-3.5.2. kde/kdebase-3.5.2-i486-1.tgz: Upgraded to kdebase-3.5.2. kde/kdebindings-3.5.2-i486-1.tgz: Upgraded to kdebindings-3.5.2. kde/kdeedu-3.5.2-i486-1.tgz: Upgraded to kdeedu-3.5.2. kde/kdegames-3.5.2-i486-1.tgz: Upgraded to kdegames-3.5.2. kde/kdegraphics-3.5.2-i486-1.tgz: Upgraded to kdegraphics-3.5.2. kde/kdelibs-3.5.2-i486-1.tgz: Upgraded to kdelibs-3.5.2. kde/kdemultimedia-3.5.2-i486-1.tgz: Upgraded to kdemultimedia-3.5.2. kde/kdenetwork-3.5.2-i486-1.tgz: Upgraded to kdenetwork-3.5.2. kde/kdepim-3.5.2-i486-1.tgz: Upgraded to kdepim-3.5.2. kde/kdesdk-3.5.2-i486-1.tgz: Upgraded to kdesdk-3.5.2. kde/kdetoys-3.5.2-i486-1.tgz: Upgraded to kdetoys-3.5.2. kde/kdeutils-3.5.2-i486-1.tgz: Upgraded to kdeutils-3.5.2. kde/kdevelop-3.3.2-i486-1.tgz: Upgraded to kdevelop-3.3.2. kde/kdewebdev-3.5.2-i486-1.tgz: Upgraded to kdewebdev-3.5.2. kde/qt-3.3.6-i486-1.tgz: Upgraded to qt-x11-free-3.3.6. kdei/kde-i18n-*-3.5.2-noarch-1.tgz: Upgraded to kde-i18n-3.5.2. l/arts-1.5.2-i486-1.tgz: Upgraded to arts-1.5.2. l/libmusicbrainz-2.1.2-i486-1.tgz: Added libmusicbrainz-2.1.2, a library for searching a user-maintained community music metadatabase. This is used to tag media files by libtunepimp. l/libtunepimp-0.4.2-i486-1.tgz: Added libtunepimp-0.4.2. This is a library used to support adding metadata tags to music files using the MusicBrainz client libraries. These libraries are used by several media players to look up track information. (e.g. in Slackware, JuK and amaroK so far) n/rp-pppoe-3.8-i486-1.tgz: Upgraded to rp-pppoe-3.8. xap/abiword-2.2.9-i486-1.tgz: Removed. More recent versions of AbiWord no longer support compiling without GNOME, and it looks like all of the GNOME distributions for Slackware are shipping GNOMEified (and newer) versions of this package anyway. +--------------------------+ Thu Mar 30 21:24:37 CST 2006 n/rsync-2.6.7-i486-1.tgz: Upgraded to rsync-2.6.7. n/samba-3.0.22-i486-1.tgz: Upgraded to samba-3.0.22. This fixes a security issue in previous samba releases where secret machine credentials may be written into a log file that is readable by anyone with a login account on the machine. The issue affects only the samba-3.0.21 series (including patches a, b, and c.) The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059 (* Security fix *) +--------------------------+ Sun Mar 26 20:42:28 CST 2006 a/aaa_base-10.2.0-noarch-4.tgz: Chowned all binary directories to root:root. /media and /svc will not be added at this time, as /mnt (with subdirectory mount points such as /mnt/cdrom and /mnt/tmp) and /var were already perfectly adequate for the purposes for which /media and /svc were proposed. Polluting the root directory is, IMHO, completely pointless. I suppose in the future that at least compatibility symlinks will need to be considered, though... a/bash-3.1.014-i486-1.tgz: Upgraded to bash-3.1 patchlevel 014. a/jfsutils-1.1.10-i486-1.tgz: Upgraded to jfsutils-1.1.10. a/module-init-tools-3.2.2-i486-1.tgz: Upgraded to module-init-tools-3.2.2. This new version of module-init-tools has been patched to look for module configuration information in /etc/modprobe.conf only for 2.4.x kernels. For 2.6.x kernels, files found in the directory /etc/modprobe.d/ are used instead. Eventually, /etc/modprobe.conf will be phased out in favor of the /etc/modprobe.d/ approach. If you have anything in your /etc/modprobe.conf that you need, and you are using a 2.6.x kernel, be sure to copy the configuration to a file (or files) in /etc/modprobe.d/. Hint: ALSA expects sound modules to be configured in /etc/modprobe.d/sound. ap/groff-1.19.2-i486-1.tgz: Upgraded to groff-1.19.2. ap/hpijs-2.1.4-i486-1.tgz: Upgraded to hpijs-2.1.4. Thanks to Giovanni Venturi for the reminder. ap/lsof-4.76-i486-1.tgz: Upgraded to lsof-4.76. ap/most-4.10.2-i486-1.tgz: Upgraded to most-4.10.2. ap/mysql-5.0.19-i486-1.tgz: Upgraded to mysql-5.0.19. ap/sox-12.17.9-i486-1.tgz: Upgraded to sox-12.17.9. ap/vim-6.4.010-i486-1.tgz: Upgraded to VIM 6.4.010. ap/zsh-4.2.6-i486-1.tgz: Upgraded to zsh-4.2.6. d/subversion-1.3.0-i486-2.tgz: Fixed broken apr include file permissions. Thanks to Andreas Schnaiter for pointing this out. n/curl-7.15.3-i486-1.tgz: Upgraded to curl-7.15.3. This release fixes a security issue discovered by Ulf Harnhammar. libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check. This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes. The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above. There is no known exploit at the time of this writing. No stable version of Slackware is affected, as the flaw exists only in the curl-7.15.x series prior to curl-7.15.3. The cURL advisory may be found here: http://curl.haxx.se/docs/adv_20060320.html The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1061 (* Security fix *) n/epic4-2.4-i486-1.tgz: Upgraded to epic4-2.4. n/openldap-client-2.3.20-i486-1.tgz: Upgraded to openldap-2.3.20 client libraries. xap/xvim-6.4.010-i486-1.tgz: Upgraded to VIM 6.4.010 (with X support.) extra/brltty/brltty-3.7.2-i486-1.tgz: Upgraded to brltty-3.7.2. extra/emacspeak/emacspeak-23.0-i486-1.tgz: Upgraded to emacspeak-23.0. extra/inn/inn-2.4.3-i486-1.tgz: Upgraded to inn-2.4.3 compiled against libdb-4.2. Note that this package DOES NOT preserve configuration files, so back them up first! Also, any database files will need to be rebuilt due to the move from db-3.3 to db-4.2. extra/slacktrack/slacktrack-1.28-i486-1.tgz: Upgraded to slacktrack-1.28_1. +--------------------------+ Wed Mar 22 13:01:23 CST 2006 n/sendmail-8.13.6-i486-1.tgz: Upgraded to sendmail-8.13.6. This new version of sendmail contains a fix for a security problem discovered by Mark Dowd of ISS X-Force. From sendmail's advisory: Sendmail was notified by security researchers at ISS that, under some specific timing conditions, this vulnerability may permit a specifically crafted attack to take over the sendmail MTA process, allowing remote attackers to execute commands and run arbitrary programs on the system running the MTA, affecting email delivery, or tampering with other programs and data on this system. Sendmail is not aware of any public exploit code for this vulnerability. This connection-oriented vulnerability does not occur in the normal course of sending and receiving email. It is only triggered when specific conditions are created through SMTP connection layer commands. Sendmail's complete advisory may be found here: http://www.sendmail.com/company/advisory/index.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 (* Security fix *) n/sendmail-cf-8.13.6-noarch-1.tgz: Upgraded to sendmail-8.13.6 configuration files. +--------------------------+ Tue Mar 21 11:17:27 CST 2006 x/x11-6.9.0-i486-3.tgz: Fixed /usr/X11R6/bin/Xorg, which due to being not setuid root could not be used by non-root users. Thanks to the many people who reported this issue. I tracked it down to a new (or rather, back again) behavior of "chown", which is removing the suid/sgid bits from any file that it touches. I remember this same situation from the old days, and it's why many of the older package builds use a package skeleton and then install binaries using "cat" -- this prevents the changing of the permissions. If I recall correctly, "strip" also used to do this. Looking in the kernel source, I see some mention in fs/open.c about doing this as a safety feature. IMO, it doesn't seem like the right thing to do, though. If I want chmod, I'll use it, thank you. However, it looks like the feature was added years ago, and I have no idea why it has just recently kicked in. I've gone back and tested on a Slackware 10.2 box, and it's also showing the same effects with "chown", so it seems to me that this sort of breakage should have been happening when the x11*-6.9.0-i486-1.tgz packages were built, too, but Xorg was properly setuid in that package set. I tried dropping back to the previous coreutils, and this also didn't help. It's a mystery. Anyway, my first thought was to simply move the "chmod 4711" on Xorg to after the last "chown" in the build script, but decided that the best way to handle this is to begin phasing out the use of the "bin" group on binaries and binary directories. There was never any use to this ever, so far as I can tell. I think someone working on the FHS just thought that root:bin looked nicer, or something. ;-) Most distributions install binaries as root:root now anyway, and the latest standards no longer require root:bin. Since it doesn't matter, don't expect everything to change all at once -- don't send bug reports concerning files or directories that "should be" root:bin or root:root. We will move away from root:bin to root:root as new packages are built. I sure hope "strip" doesn't start acting up next... x/x11-devel-6.9.0-i486-3.tgz: Rebuilt. Really, there was no need to rebuild this or the below packages, but I like a consistent build number when it's not too much trouble to have it. x/x11-docs-6.9.0-noarch-3.tgz: Rebuilt. x/x11-docs-html-6.9.0-noarch-3.tgz: Rebuilt. x/x11-fonts-100dpi-6.9.0-noarch-3.tgz: Rebuilt. x/x11-fonts-cyrillic-6.9.0-noarch-3.tgz: Rebuilt. x/x11-fonts-misc-6.9.0-noarch-3.tgz: Rebuilt. x/x11-fonts-scale-6.9.0-noarch-3.tgz: Rebuilt. x/x11-xdmx-6.9.0-i486-3.tgz: Recompiled. x/x11-xnest-6.9.0-i486-3.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-3.tgz: Recompiled. +--------------------------+ Mon Mar 20 09:29:15 CST 2006 x/x11-6.9.0-i486-2.tgz: Patched with x11r6.9.0-geteuid.diff. From the x.org security page: * March 20, 2006 - A security vulnerability has been found in the X.Org server as shipped with X11R6.9.0 and X11R7.0 (xorg-server 1.0.0 and 1.0.1) -- this is CVE-2006-0745. Local users were able to escalate privileges to root and cause a DoS if the Xorg server was installed setuid root (the default). Note that earlier releases are not vulnerable. For more information (eventually), see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745 (* Security fix *) Since this issue does not affect any stable/released version of Slackware, there will no security advisory on the mailing list. Those running -current should keep up with the ChangeLog to stay on top of new developments. x/x11-devel-6.9.0-i486-2.tgz: Recompiled. x/x11-docs-6.9.0-noarch-2.tgz: Rebuilt. x/x11-docs-html-6.9.0-noarch-2.tgz: Rebuilt. x/x11-fonts-100dpi-6.9.0-noarch-2.tgz: Rebuilt. x/x11-fonts-cyrillic-6.9.0-noarch-2.tgz: Rebuilt. x/x11-fonts-misc-6.9.0-noarch-2.tgz: Rebuilt. x/x11-fonts-scale-6.9.0-noarch-2.tgz: Rebuilt. x/x11-xdmx-6.9.0-i486-2.tgz: Recompiled. x/x11-xnest-6.9.0-i486-2.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-2.tgz: Recompiled. testing/packages/linux-2.6.15.6/kernel-source-2.6.15.6-noarch-2.tgz: Removed spurious "asm" symlink in /. Thanks to xgizzmo. +--------------------------+ Fri Mar 17 16:42:40 CST 2006 l/cairo-1.0.4-i486-1.tgz: Upgraded to cairo-1.0.4. l/gtk+2-2.8.16-i486-1.tgz: Upgraded to gtk+-2.8.16. n/dnsmasq-2.27-i486-1.tgz: Upgraded to dnsmasq-2.27. Oh, and happy St. Patrick's day! :-) +--------------------------+ Tue Mar 14 18:01:26 CST 2006 n/stunnel-4.15-i486-2.tgz: Fixed messed up /var/lib perms. Thanks to Adam Dawidowski for the bug report. +--------------------------+ Mon Mar 13 18:53:57 CST 2006 a/aaa_base-10.2.0-noarch-3.tgz: Added /var/empty directory. a/gawk-3.1.5-i486-2.tgz: Applied bugfix from the gawk mailing list to fix a problem with newer glibc versions pulling that "*** free(): invalid pointer" trick we all love. :-) Thanks to Grant for sending in a link to the fix. a/glibc-solibs-2.3.6-i486-3.tgz: Recompiled against 2.4.32 and 2.6.15.6 kernel headers. Yes, I have seen that shiny-looking glibc-2.4 release on ftp.gnu.org, but glibc-2.4 completely drops support for linuxthreads, and therefore will not support vanilla Linux 2.4.x kernels. I don't think we're quite ready for that yet around here. a/glibc-zoneinfo-2.3.6-noarch-3.tgz: Updated timezone data from tzdata2006c. a/kernel-ide-2.4.32-i486-3.tgz: Recompiled with gcc-3.4.6. a/kernel-modules-2.4.32-i486-4.tgz: Recompiled with gcc-3.4.6. Thanks to Piter Punk for all the help revising the default entries in /etc/rc.d/rc.modules.new to be more accurate for 2.6.x kernels. I've tried to make it function in the default state under 2.4.x kernels too, though some of the modules have different names in 2.4 vs. 2.6... Also thanks to Didier Spaier for suggesting an example for DMA usage in the section of rc.modules that loads the parallel-port support. d/gcc-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6. d/gcc-g++-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6. d/gcc-g77-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6. d/gcc-gnat-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6. d/gcc-java-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6. d/gcc-objc-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6. l/alsa-driver-1.0.11rc3_2.4.32-i486-1.tgz: Upgraded to alsa-driver-1.0.11rc3 compiled for Linux 2.4.32. The 2.6.15.6 kernel does not work properly using the modules in alsa-driver-1.0.10, but works fine with these. Although I'm normally against using release candidates, I thought in this case that the version of alsa-driver used by the 2.4 and 2.6 kernels should be the same since the package does install some header files that would overlap. It's worked fine on both 2.4.32 and 2.6.15.6 here, and the other alsa-* packages compile against it without errors (so I don't see a need to update those). I think this will work, but let me know if this upgrade causes any problems. l/db44-4.4.20-i486-1.tgz: For consistency, change the name of this package from db4 to db44, and move the header files into /usr/include/db44/, since that's the directory where the next version of Python will be looking for them. Oh, and on that topic, I've had a few people send in or provide links to patches that fix compiling the latest Python with db-4.4. Thanks, but it's still a more conservative approach to wait until db-4.4 is officially supported upstream. BTW, none of the patches were exactly the same. :-) db-4.3 would also work, but it's probably not worth introducing yet-another already old version of db over. Added the --enable-cxx option. (Suggested by Kevin Brammer) l/glibc-2.3.6-i486-3.tgz: Recompiled against 2.4.32 and 2.6.15.6 kernel headers. Added /var/run/nscd/ directory (thanks to Dirk van Deun). Updated timezone data from tzdata2006c. l/glibc-i18n-2.3.6-noarch-3.tgz: Rebuilt. l/glibc-profile-2.3.6-i486-3.tgz: Recompiled against 2.4.32 and 2.6.15.6 kernel headers. l/gtk+2-2.8.14-i486-1.tgz: Upgraded to gtk+2-2.8.14. n/gnupg-1.4.2.2-i486-1.tgz: Upgraded to gnupg-1.4.2.2. There have been two security related issues reported recently with GnuPG. From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files: Noteworthy changes in version 1.4.2.2 (2006-03-08) * Files containing several signed messages are not allowed any longer as there is no clean way to report the status of such files back to the caller. To partly revert to the old behaviour the new option --allow-multisig-verification may be used. Noteworthy changes in version 1.4.2.1 (2006-02-14) * Security fix for a verification weakness in gpgv. Some input could lead to gpgv exiting with 0 even if the detached signature file did not carry any signature. This is not as fatal as it might seem because the suggestion as always been not to rely on th exit code but to parse the --status-fd messages. However it is likely that gpgv is used in that simplified way and thus we do this release. Same problem with "gpg --verify" but nobody should have used this for signature verification without checking the status codes anyway. Thanks to the taviso from Gentoo for reporting this problem. (* Security fix *) n/popa3d-1.0.1-i486-1.tgz: Upgraded to popa3d-1.0.1. n/stunnel-4.15-i486-1.tgz: Upgraded to stunnel-4.15. bootdisks/*: Rebuilt using the recompiled 2.4.32 kernels. extra/k3b/k3b-0.12.14-i486-1.tgz: Upgraded to k3b-0.12.14. extra/k3b/k3b-i18n-0.12.14-noarch-1.tgz: Upgraded to k3b-i18n-0.12.14. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-3.tgz: Recompiled with gcc-3.4.6. extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.15.6-i486-1.tgz: Recompiled with gcc-3.4.6 for Linux 2.6.15.6. kernels/*.?/*: Recompiled 2.4.32 kernels with gcc-3.4.6, upgraded test26.s kernel to 2.6.15.6. pasture/gnupg-1.2.7-i486-1.tgz: This can rest here for a little while just in case gnupg-1.4.2.2 causes any problems, but I doubt it will. I also think gnupg-1.2.7 is still secure when used securely (if that makes any sense ;-), or I wouldn't even leave it in /pasture... testing/packages/linux-2.6.15.6/alsa-driver-1.0.11rc3_2.6.15.6-i486-1.tgz Upgraded to alsa-driver-1.0.11rc3 compiled for Linux 2.6.15.6. This should fix the "free_hot_cold_page" issue that was occuring with alsa-driver-1.0.10 and the 2.6.15+ kernels. It fixes it here, anyway. :-) testing/packages/linux-2.6.15.6/kernel-generic-2.6.15.6-i486-1.tgz Upgraded to Linux 2.6.15.6 generic kernel. testing/packages/linux-2.6.15.6/kernel-headers-2.6.15.6-i386-1.tgz Upgraded to Linux 2.6.15.6 kernel headers. testing/packages/linux-2.6.15.6/kernel-modules-2.6.15.6-i486-1.tgz Upgraded to Linux 2.6.15.6 kernel modules. testing/packages/linux-2.6.15.6/kernel-source-2.6.15.6-noarch-1.tgz Upgraded to Linux 2.6.15.6 kernel source. +--------------------------+ Sat Mar 4 19:54:26 CST 2006 a/xfsprogs-2.7.11-i486-2.tgz: Fixed .gz.gz double compression on the manpages. Turns out they were already installed compressed. Thanks to Dave Fullerton. Fixed /usr/lib/libhandle.so symlink. Thanks to Luigi Genoni. ap/dmapi-2.2.3-i486-2.tgz: Fixed /usr/lib/libdm.so symlink. Thanks to Luigi Genoni. ap/xfsdump-2.2.33-i486-2.tgz: Recompiled to link with libhandle. d/python-2.4.2-i486-2.tgz: Recompiled against Berkeley DB 4.2.52 to get _bsddb.so and dbm.so to build. Python finds the db-4.2.52 headers fine in /usr/include/db42/, so I guess that's the right place for them. :-) d/python-demo-2.4.2-noarch-2.tgz: Rebuilt. d/python-tools-2.4.2-noarch-2.tgz: Rebuilt. l/db42-4.2.52-i486-3.tgz: Added a db-4.2.52 package (called db42) as a non-default version of Berkeley DB 4.x, since some things still aren't ready for db-4.4.x, and it's probably best not to force the issue until the changes needed for db-4.4.x are made upstream where needed. Oh, I've had a report that subversion-1.3.0 isn't working with db-4.4.x -- can anyone confirm this? I'm not running any kind of test repository here, so feedback on whether subversion could use a recompile against db-4.2 would be helpful. n/proftpd-1.3.0rc4-i486-1.tgz: Upgraded to proftpd-1.3.0rc4. +--------------------------+ Wed Mar 1 20:25:56 CST 2006 a/coreutils-5.94-i486-2.tgz: Restored ginstall -> install symlinks which are still needed to build some things. Thanks to Rich. extra/bash-completion/bash-completion-20060301-noarch-1.tgz: Upgraded to bash-completion-20060301. +--------------------------+ Tue Feb 28 20:50:44 CST 2006 a/bash-3.1-i486-3.tgz: Patched with additional official patches bash31-008 through bash31-011. a/util-linux-2.12r-i486-1.tgz: Upgraded to util-linux-2.12r. a/xfsprogs-2.7.11-i486-1.tgz: Upgraded to xfsprogs-2.7.11. Split acl, attr, dmapi, and xfsdump into separate packages and moved them into the AP series. This location was a bit of a judgement call since acl, attr, and dmapi contain libraries, but so do some other packages outside L. Anyway, it does seem to me that xfsdump should go in AP, and that these packages should all be found in the same place. ap/acl-2.2.34-i486-1.tgz: Upgraded to acl-2.2.34, split out of xfsprogs package. ap/attr-2.4.28-i486-1.tgz: Upgraded to attr-2.4.28, split out of xfsprogs package. ap/dmapi-2.2.3-i486-1.tgz: Upgraded to dmapi-2.2.3, split out of xfsprogs package. ap/xfsdump-2.2.33-i486-1.tgz: Upgraded to xfsdump-2.2.33, split out of xfsprogs package. d/clisp-2.38-i486-2.tgz: Added some additional modules for CLISP. Thanks to Bradley Reed for the hint. f/linux-faqs-20060228-noarch-1.tgz: Updated from ibiblio.org. f/linux-howtos-20060228-noarch-1.tgz: Upgraded to Linux-HOWTOs-20060228. l/gtk+2-2.8.13-i486-1.tgz: Upgraded to gtk+-2.8.13. l/pango-1.10.4-i486-1.tgz: Upgraded to pango-1.10.4. n/bind-9.3.2-i486-3.tgz: Modified rc.bind to try to use rndc to stop the nameserver before resorting to killall, and added some additional comments about loading the "capability" module on 2.6+ kernels. n/samba-3.0.21c-i486-1.tgz: Upgraded to samba-3.0.21c. +--------------------------+ Mon Feb 20 14:20:17 CST 2006 ap/dvd+rw-tools-6.1-i486-1.tgz: Upgraded to dvd+rw-tools-6.1. kdei/kde-i18n-sv-3.5.1-noarch-1a.tgz: Fixed with a rebuild. Thanks to Nille Kungen for pointing out that the -1 package was missing files. n/bind-9.3.2-i486-2.tgz: Patched to remove the use of the obsolete setsockopt SO_BSDCOMPAT that was putting annoying warnings in /var/log/syslog when bind binaries were run under a 2.6.x kernel. Thanks to Marin Glibic. Fixed missing nslookup.1 man page. Thanks to Lior Kadosh. n/tin-1.8.1-i486-1.tgz: Upgraded to tin-1.8.1. +--------------------------+ Thu Feb 16 14:01:26 CST 2006 OK, I think I have everything that used libreadline.so.4 recompiled with the exception of AbiWord, as the --disable-gnome option no longer seems to work with abiword-2.4.2 -- it still demands libgnomeprint and all of its dependencies. Anyone know a way around this one? If not, AbiWord will likely be removed soon. It's included in all of the GNOME distributions for Slackware anyway... a/bash-3.1-i486-2.tgz: Applied official bash patches 006 and 007. a/coreutils-5.94-i486-1.tgz: Upgraded to coreutils-5.94. a/sed-4.1.5-i486-1.tgz: Upgraded to sed-4.1.5. ap/bc-1.06-i486-3.tgz: Recompiled with new libreadline. ap/gimp-print-4.2.7-i486-2.tgz: Recompiled with new libreadline. ap/rzip-2.1-i486-1.tgz: Upgraded to rzip-2.1. d/guile-1.6.7-i486-2.tgz: Recompiled with new libreadline. l/gtk+2-2.8.12-i486-1.tgz: Upgraded to gtk+2-2.8.12. l/pilot-link-0.11.8-i486-3.tgz: Recompiled with new libreadline. n/ntp-4.2.0a-i486-1.tgz: Upgraded to ntp-stable-4.2.0a-20060127 compiled with new libreadline. xap/fvwm-2.4.19-i486-5.tgz: Recompiled with new libreadline. xap/gftp-2.0.18-i486-2.tgz: Recompiled with new libreadline. xap/gnuchess-5.07-i486-2.tgz: Recompiled with new libreadline. xap/xine-ui-0.99.4-i686-2.tgz: Recompiled with new libreadline. extra/parted/parted-1.6.25.1-i486-1.tgz: Upgraded to parted-1.6.25.1, compiled with new libreadline. testing/packages/gnupg-1.4.2.1-i486-1.tgz: Upgraded to gnupg-1.4.2.1. This fixes an issue where gpg could exit with zero in certain cases where a detached "signature" actually contained no signature. However, according to the NEWS file "nobody should have used this for signature verification without checking the status codes" with --status-fd. Considering that (and especially this package's placement in the /testing directory) I'm not going to issue an advisory here, though the NEWS file does admit it is a security weakness. +--------------------------+ Tue Feb 14 16:08:52 CST 2006 n/php-4.4.2-i486-3.tgz: Fixed some more bugs from the 4.4.2 release... hopefully the third time is the charm. Replaced PEAR packages for which the 4.4.2 release contained incorrect md5sums: Archive_Tar-1.3.1, Console_Getopt-1.2, and HTML_Template_IT-1.1.3. (this last one was also not upgraded to the stable version that was released on 2005-11-01) Sorry to have delayed the advisories, but these bugs had to be fixed first. IMHO, the security issues are of dubious severity anyway, or a more agressive approach would have been taken (though this would likely have caused a lot of people to upgrade to the broken -1 or -2 package revisions, so anyone who didn't know about this until now was probably saved a hassle.) Upgraded other PEAR modules to HTTP-1.4.0, Net_SMTP-1.2.8, and XML_RPC-1.4.5. Thanks again to Krzysztof Oledzki for the bug report. testing/packages/php-5.1.2/php-5.1.2-i486-2.tgz: The same junk dotfiles were installed in php-5.1.2, too. Cleaned them out of the root directory of the package. Thanks to Tyler McGrath for reporting this. +--------------------------+ Fri Feb 10 19:07:13 CST 2006 ap/man-1.6c-i486-2.tgz: Reversed man-1.6c change that caused makewhatis to break. Thanks to Robby Workman for the patch. n/php-4.4.2-i486-2.tgz: Rebuilt the package to clean up some junk dotfiles that were installed in the / directory. Harmless, but sloppy... Thanks to Krzysztof Oledzki for pointing this out. +--------------------------+ Thu Feb 9 17:24:25 CST 2006 a/aaa_elflibs-10.2.0-i486-4.tgz: Added /lib/libgcc_s.so.1 -> /usr/lib/libgcc_s.so.1 symlink, needed by Oracle 10g RAC support. Thanks to Luigi Genoni. Upgraded various other libraries. a/bash-3.1-i486-1.tgz: Upgraded to bash-3.1. a/coreutils-5.93-i486-1.tgz: Upgraded to coreutils-5.93. The DEFAULT_POSIX2_VERSION=199209 is set to provide more traditional behavior (thanks to Eric Hameleers), but this may change in the future as the newer standards are accepted. Added the uname patch (suggested by many), and moved color ls setup out of /etc/profile and /etc/csh.login and into scripts in /etc/profile.d/. These scripts also replace some functionality (setting up aliases and defaults) that is no longer part of the dircolors tool. a/cups-1.1.23-i486-2.tgz: Recompiled against new OpenSSL. a/cxxlibs-6.0.3-i486-1.tgz: Upgraded to libstdc++ from gcc-3.4.5. a/etc-5.1-noarch-11.tgz: Removed color ls setup from /etc/profile and /etc/csh.login. Fixed csh.login in cases where $TERM or $MANPATH are not set. (thanks to Jim Diamond) a/gettext-0.14.5-i486-1.tgz: Upgraded to gettext-0.14.5. a/glibc-solibs-2.3.6-i486-2.tgz: Recompiled with gcc-3.4.5 against the 2.4.32 and 2.6.15.3 kernel headers. a/glibc-zoneinfo-2.3.6-noarch-2.tgz: Recompiled. a/gpm-1.20.1-i486-1.tgz: Upgraded to gpm-1.20.1, with many, many patches. a/openssl-solibs-0.9.8a-i486-1.tgz: Upgraded to openssl-0.9.8a. This may require many things to be recompiled. Let me know if I skipped anything that matters. :-) a/pkgtools-10.2.0-i486-6.tgz: Upgraded subset of terminfo database from ncurses-5.5. Upgraded to dialog-1.0-20060126. a/procps-3.2.6-i486-1.tgz: Upgraded to procps-3.2.6. a/tcsh-6.14.00-i486-2.tgz: Patched to remove built-in color ls, as the new coreutils adds an 'su' feature to the shared $LS_COLORS variable that causes tcsh to exit. Perhaps tcsh should use a different variable name or be less strict about using LS_COLORS? The GNU ls version is probably better for most purposes anyway, though. ap/espgs-8.15.1-i486-1.tgz: Upgraded to espgs-8.15.1. ap/linuxdoc-tools-0.9.21-i486-1.tgz: Added linuxdoc-tools-0.9.21. This package replaces the sgml-tools package and should contain the essentials needed to handle modern Linux Docbook/SGML documents. Huge thanks are due to Stuart Winter for doing most of the work on transitioning Slackware from the old sgml-tools system to this one! :-) ap/man-1.6c-i486-1.tgz: Upgraded to man-1.6c. ap/man-pages-2.22-noarch-1.tgz: Upgraded to man-pages-2.22. ap/mdadm-2.3.1-i486-1.tgz: Upgraded to mdadm-2.3.1. ap/mysql-5.0.18-i486-1.tgz: Upgraded to mysql-5.0.18. (this will require everything linked to MySQL libs to be recompiled) ap/sgml-tools-1.0.9-i486-12.tgz: Removed. (replaced with linuxdoc-tools) ap/sudo-1.6.8p12-i486-1.tgz: Upgraded to sudo-1.6.8p12. This fixes an issue where a user able to run a Python script through sudo may be able to gain root access. IMHO, running any kind of scripting language from sudo is still not safe... For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151 (* Security fix *) ap/vorbis-tools-1.1.1-i486-2.tgz: Recompiled. d/automake-1.9.6-noarch-1.tgz: Upgraded to automake-1.9.6. d/bison-2.1-i486-1.tgz: Upgraded to bison-2.1. I think enough of the upstream sources are expecting bison-2.x now, but let me know if you find breakage (for which patches or pointers to upgrades would be welcome.) d/clisp-2.38-i486-1.tgz: Upgraded to clisp-2.38. d/doxygen-1.4.6-i486-1.tgz: Upgraded to doxygen-1.4.6. d/gdb-6.4-i486-1.tgz: Upgraded to gdb-6.4. d/gettext-tools-0.14.5-i486-1.tgz: Upgraded to gettext-0.14.5 tools. d/m4-1.4.4-i486-1.tgz: Upgraded to m4-1.4.4. d/make-3.80-i486-2.tgz: Fixed an out-of-memory bug in make, since nobody upstream seems concerned about putting out a fixed make release any time soon. Is "make" dead? ;-) Reported here by: Mihnea-Costin Grigore, penguinista, and ePAc. d/nasm-0.98.39-i486-1.tgz: Upgraded to nasm-0.98.39. d/perl-5.8.8-i486-1.tgz: Upgraded to perl-5.8.8 and DBI-1.50. d/pkgconfig-0.20-i486-1.tgz: Upgraded to pkgconfig-0.20. d/python-2.4.2-i486-1.tgz: Upgraded to python-2.4.2. The bsddb module didn't build against the new 4.4.x version of Berkeley DB. Does anyone care? Or perhaps have a patch? :-) d/python-demo-2.4.2-noarch-1.tgz: Upgraded to python-2.4.2 demos. d/python-tools-2.4.2-noarch-1.tgz: Upgraded to python-2.4.2 tools. d/strace-4.5.14-i486-1.tgz: Upgraded to strace-4.5.14. kde/k*.tgz: Upgraded to KDE 3.5.1. kde/koffice-1.4.2-i486-1.tgz: Upgraded to koffice-1.4.2. kde/qt-3.3.5-i486-1.tgz: Upgraded to qt-3.3.5. l/arts-1.5.1-i486-1.tgz: Upgraded to arts-1.5.1. l/aspell-0.60.2-i486-2.tgz: Recompiled. l/atk-1.10.3-i486-1.tgz: Upgraded to atk-1.10.3. l/cairo-1.0.2-i486-1.tgz: Added cairo graphics library for GTK+2. l/db4-4.4.20-i486-1.tgz: Upgraded to Berkeley DB 4.4.20. This will require rebuilding any databases that use the older spec as things are recompiled to use this, and I'm planning to do that whereever possible. Just be glad I don't do this with every new BDB release like I used to. :-) l/glib2-2.8.6-i486-1.tgz: Upgraded to glib-2.8.6. l/glibc-2.3.6-i486-2.tgz: Recompiled with gcc-3.4.5 against the 2.4.32 and 2.6.15.3 kernel headers. l/glibc-i18n-2.3.6-noarch-2.tgz: Rebuilt. l/glibc-profile-2.3.6-i486-2.tgz: Recompiled with gcc-3.4.5 against the 2.4.32 and 2.6.15.3 kernel headers. l/gmp-4.1.4-i486-3.tgz: Recompiled. l/gtk+2-2.8.11-i486-1.tgz: Upgraded to gtk+-2.8.11. l/jre-1_5_0_06-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 6. l/libogg-1.1.3-i486-1.tgz: Upgraded to libogg-1.1.3. l/libtiff-3.7.4-i486-1.tgz: Upgraded to libtiff-3.7.4. l/libvorbis-1.1.2-i486-1.tgz: Upgraded to libvorbis-1.1.2. l/libwpd-0.8.4-i486-1.tgz: Upgraded to libwpd-0.8.4. l/libxml2-2.6.23-i486-1.tgz: Upgraded to libxml2-2.6.23. l/ncurses-5.5-i486-1.tgz: Upgraded to ncurses-5.5. l/pango-1.10.3-i486-1.tgz: Upgraded to pango-1.10.3. l/pcre-6.4-i486-2.tgz: Recompiled. l/readline-5.1-i486-1.tgz: Upgraded to readline-5.1. l/sdl-1.2.9-i486-2.tgz: Recompiled. l/taglib-1.4-i486-2.tgz: Recompiled. n/apache-1.3.34-i486-2.tgz: Recompiled against db-4.4. Support for db-3.3 removed. n/bind-9.3.2-i486-1.tgz: Upgraded to bind-9.3.2. n/bitchx-1.1-i486-3.tgz: Recompiled. n/curl-7.15.1-i486-1.tgz: Upgraded to curl-7.15.1. n/dhcpcd-2.0.1-i486-1.tgz: Upgraded to dhcpcd-2.0.1. n/dnsmasq-2.26-i486-1.tgz: Upgraded to dnsmasq-2.26. n/epic4-2.2-i486-1.tgz: Upgraded to epic4-2.2. n/fetchmail-6.3.2-i486-1.tgz: Upgraded to fetchmail-6.3.2. Presumably this replaces all the known security problems with a batch of new unknown ones. (fetchmail is improving, really ;-) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321 (* Security fix *) n/getmail-4.4.4-noarch-1.tgz: Upgraded to getmail-4.4.4. n/imapd-4.64-i486-2.tgz: Recompiled against OpenLDAP client libs. n/iproute2-2.6.15_060110-i486-1.tgz: Upgraded to iproute2-2.6.15-060110. n/iptables-1.3.5-i486-1.tgz: Upgraded to iptables-1.3.5. n/irssi-0.8.10a-i486-1.tgz: Upgraded to irssi-0.8.10a. n/lftp-3.4.0-i486-1.tgz: Upgraded to lftp-3.4.0. n/links-2.1pre20-i486-1.tgz: Upgraded to links-2.1pre20. n/lynx-2.8.5rel.5-i486-2.tgz: Recompiled. n/mod_ssl-2.8.25_1.3.34-i486-2.tgz: Recompiled against new OpenSSL. n/mutt-1.4.2.1i-i486-2.tgz: Recompiled against new OpenSSL. n/nail-11.25-i486-1.tgz: Upgraded to nail-11.25. n/nmap-4.00-i486-1.tgz: Upgraded to nmap-4.00. n/openldap-client-2.3.17-i486-1.tgz: Added client libraries and binaries for LDAP authentication. (Thanks to Eric Hameleers for help with the ./configure options). n/openssh-4.3p1-i486-1.tgz: Upgraded to openssh-4.3p1. This fixes a security issue when using scp to copy files that could cause commands embedded in filenames to be executed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 (* Security fix *) n/openssl-0.9.8a-i486-1.tgz: Upgraded to openssl-0.9.8a. n/php-4.4.2-i486-1.tgz: Upgraded to php-4.4.2. Compiled against db-4.4. Support for db-3.3 removed. Claims to fix "a few small security issues". For more information, see: http://www.php.net/release_4_4_2.php (* Security fix *) n/pidentd-3.0.19-i486-1.tgz: Upgraded to pidentd-3.0.19. n/pine-4.64-i486-2.tgz: Recompiled. n/procmail-3.22-i486-1.tgz: Upgraded to procmail-3.22. n/proftpd-1.3.0rc3-i486-1.tgz: Upgraded to proftpd-1.3.0rc3. Generally I don't like to use release candidates (especially with network services), but this one was needed in order to work with the new OpenSSL. n/rp-pppoe-3.7-i486-1.tgz: Upgraded to rp-pppoe-3.7. n/samba-3.0.21b-i486-1.tgz: Upgraded to samba-3.0.21b linked with OpenLDAP. n/sendmail-8.13.5-i486-1.tgz: Upgraded to sendmail-8.13.5. This has been relinked with db-4.4.20, so any databases in /etc/mail will have to be rebuilt. ( cd /etc/mail ; rm *.db ; make ) n/sendmail-cf-8.13.5-noarch-1.tgz: Upgraded to sendmail-8.13.5 config files. n/slrn-0.9.8.1-i486-2.tgz: Recompiled. n/stunnel-4.14-i486-1.tgz: Upgraded to stunnel-4.14. n/tcpdump-3.9.4-i486-2.tgz: Recompiled. n/tcpip-0.17-i486-36.tgz: Upgraded to vlan.1.9 and tftp-hpa-0.41. Applied Debian's net-tools patch at Cesare Tensi's urging. :-) n/vsftpd-2.0.4-i486-1.tgz: Upgraded to vsftpd-2.0.4. n/wget-1.10.2-i486-2.tgz: Recompiled. n/whois-4.7.11-i486-1.tgz: Upgraded to whois-4.7.11. n/ytalk-3.3.0-i486-1.tgz: Upgraded to ytalk-3.3.0. xap/fluxbox-0.9.14-i486-1.tgz: Upgraded to fluxbox-0.9.14. xap/gaim-1.5.0-i486-2.tgz: Recompiled. xap/gimp-2.2.10-i486-1.tgz: Upgraded to gimp-2.2.10. xap/gxine-0.5.4-i486-1.tgz: Upgraded to gxine-0.5.4. Thanks to Peter Santoro for the heads-up on the Javascript engine issue. xap/imagemagick-6.2.6_1-i486-1.tgz: Upgraded to imagemagick-6.2.6-1. This has a new major library version number and will require anything linked with the ImageMagick shared libraries to be recompiled. Several security issues are fixed in this release. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 (* Security fix *) xap/mozilla-1.7.12-i486-2.tgz: Linked libmozjs.so into /usr/lib since gxine needs to be able to find it. xap/mozilla-firefox-1.5.0.1-i686-1.tgz: Upgraded to firefox-1.5.0.1. This fixes a DoS issue and some other security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.1 (* Security fix *) xap/pan-0.14.2.91-i486-2.tgz: Recompiled, fixed pan.desktop and moved it into the standard .desktop directory. xap/sane-1.0.17-i486-1.tgz: Upgraded to sane-backends-1.0.17 and sane-frontends-1.0.14. xap/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to fix possible security bugs with malformed PDF files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0301 (* Security fix *) xap/xchat-2.6.1-i486-1.tgz: Upgraded to xchat-2.6.1. xap/xfce-4.2.3.2-i486-1.tgz: Upgraded to xfce-4.2.3.2. xap/xine-lib-1.1.1-i686-1.tgz: Upgraded to xine-lib-1.1.1. xap/xscreensaver-4.23-i486-1.tgz: Upgraded to xscreensaver-4.23. extra/bittornado/bittornado-0.3.14-noarch-1.tgz: Upgraded to BitTornado-0.3.14. extra/bittorrent/bittorrent-4.4.0-noarch-1.tgz: Upgraded to BitTorrent-4.4.0. Thanks to Erik Jan Tromp for the doinst.sh to automatically edit /etc/mailcap! extra/jdk-1.5.0_06/jdk-1_5_0_06-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 6. extra/k3b/k3b-0.12.10-i486-1.tgz: Upgraded to k3b-0.12.10. Thanks to Robby Workman for noticing that CXXFLAGS needed to be set. extra/k3b/k3b-i18n-0.12.10-noarch-1.tgz: Upgraded to k3b-i18n-0.12.10. extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.15.3-i486-1.tgz: Recompiled for Linux 2.6.15.3. kernels/test26.s/*: Upgraded to full-featured Linux 2.6.15.3 kernel. pasture/lprng-3.8.28-i486-2.tgz: Recompiled against new OpenSSL. testing/packages/php-5.1.2/php-5.1.2-i486-1.tgz: Upgraded to php-5.1.2. testing/packages/linux-2.6.15.3/alsa-driver-1.0.10_2.6.15.3-i486-1.tgz: Recompiled ALSA modules for Linux 2.6.15.3. testing/packages/linux-2.6.15.3/kernel-generic-2.6.15.3-i486-1.tgz: Upgraded to Linux 2.6.15.3 generic kernel. testing/packages/linux-2.6.15.3/kernel-headers-2.6.15.3-i386-1.tgz: Upgraded to Linux 2.6.15.3 kernel headers. testing/packages/linux-2.6.15.3/kernel-modules-2.6.15.3-i486-1.tgz: Upgraded to Linux 2.6.15.3 kernel modules. testing/packages/linux-2.6.15.3/kernel-source-2.6.15.3-noarch-1.tgz: Upgraded to Linux 2.6.15.3 kernel source. testing/packages/seamonkey-1.0-i486-1.tgz: Added seamonkey-1.0, which will probably be replacing mozilla-1.7.12 in slackware/xap/ soon unless doing so ends up breaking too many things. Hopefully it won't -- please help test it. # Old bison packages from slackware/d and /extra moved to /pasture. # A few sources may still require these unless/until they are updated. pasture/bison-1.35-i386-1.tgz: Moved to /pasture. pasture/bison-1.875d-i486-1.tgz: Moved to /pasture. # We'll see if we can get away with a mass removal of old Berkeley DB # cruft. Yes, I know this will be painful, but it's not my fault that # BDB does not stay compatible with itself. This mess had to be cleaned # up sometime, and in preparation for a .0 release seems as good as any. pasture/db3-3.3.11-i486-4.tgz: Moved to /pasture. pasture/db31-3.1.17-i486-1.tgz: Moved to /pasture. pasture/db4-4.1.25-i386-1.tgz: Moved to /pasture. pasture/db4-4.2.52-i486-2.tgz: Moved to /pasture. +--------------------------+ Sat Jan 14 13:41:26 CST 2006 a/kernel-ide-2.4.32-i486-2.tgz: Recompiled with gcc-3.4.5. Apparently the nVidia driver demands that the kernel be compiled with the same compiler that will be used to compile the kernel module wrapper for the binary nVidia driver (though my guess is that if this restriction were not coded into their installer that it would work fine), so I've recompiled all the 2.4.32 kernels and modules using the new compiler. a/kernel-modules-2.4.32-i486-3.tgz: Recompiled with gcc-3.4.5. l/alsa-driver-1.0.10_2.4.32-i486-2.tgz: Recompiled with gcc-3.4.5. x/x11-docs-html-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0. For those who may not be aware, this is is the exact same code base as X11R7.0.0, but is packaged as the traditional single source archive using the imake build system. Also, note that this still rightly (IMHO) contains freetype-2.1.9. The newer release of freetype (2.1.10) removed some functions that various applications use -- I'm hoping that these will be restored. Finally, the kernel interface for direct rendering (DRI) seems to have changed, and direct rendering with X11R6.9.0 only works on my machines with a 2.6 kernel. I spent several days trying to produce working DRM kernel modules for Linux 2.4.32, but to no avail, so if you're still using a 2.4 kernel you'll want to edit your xorg.conf so that the dri module is not loaded or you'll likely corrupt your display requiring a reboot. I've tested this only with ATI cards and the open source drivers. Perhaps the binary drivers from ATI or nVidia would work. x/x11-fonts-scale-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0. x/x11-devel-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0. x/x11-fonts-100dpi-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0. x/x11-xnest-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0. x/x11-xdmx-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0. x/x11-fonts-misc-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0. x/x11-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0. x/x11-docs-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0. x/x11-fonts-cyrillic-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0. x/x11-xvfb-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0. xap/mozilla-thunderbird-1.5-i686-1.tgz: Upgraded to thunderbird-1.5. bootdisks/*: Rebuilt using the recompiled 2.4.32 kernels. extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.14.6-i486-1.tgz: Recompiled for Linux 2.6.14.6. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-2.tgz: Recompiled with gcc-3.4.5. kernels/*.?/*: Recompiled 2.4.32 kernels with gcc-3.4.5, upgraded test26.s kernel to 2.6.14.6. testing/packages/linux-2.6.14.6/alsa-driver-1.0.10_2.6.14.6-i486-2.tgz: Recompiled for Linux 2.6.14.6. testing/packages/linux-2.6.14.6/kernel-generic-2.6.14.6-i486-1.tgz: Upgraded to Linux 2.6.14.6. testing/packages/linux-2.6.14.6/kernel-headers-2.6.14.6-i386-1.tgz: Upgraded to Linux 2.6.14.6 kernel headers. testing/packages/linux-2.6.14.6/kernel-modules-2.6.14.6-i486-1.tgz: Upgraded to Linux 2.6.14.6 kernel modules. testing/packages/linux-2.6.14.6/kernel-source-2.6.14.6-noarch-1.tgz: Upgraded to Linux 2.6.14.6 kernel source. +--------------------------+ Thu Dec 15 14:37:27 CST 2005 d/gcc-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5. d/gcc-g++-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5. d/gcc-g77-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5. d/gcc-gnat-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5. d/gcc-java-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5. d/gcc-objc-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5. +--------------------------+ Tue Dec 13 14:01:37 CST 2005 a/kernel-modules-2.4.32-i486-2.tgz: That's what I meant to say below, not "l/alsa-driver-1.0.10_2.4.32-i486-1.tgz". I'd been looking at the alsa-driver package to see if it had the same issue (it doesn't), and then listed the wrong package in the ChangeLog. Sorry about that. Oh, and there was really nothing wrong with the modules in the kernel-modules-2.4.32-i486-1 package that a 'depmod -a' wouldn't fix. That's the only change that went into the package -- the modules are the same. Thanks to Victor Keranov for pointing out my mistake. +--------------------------+ Mon Dec 12 14:33:24 CST 2005 l/alsa-driver-1.0.10_2.4.32-i486-1.tgz: Regenerated 'depmod -a' files, as these were referring to uncompressed modules rather than compressed ones. Thanks to Malcolm Rowe for pointing this out. +--------------------------+ Sat Dec 10 23:28:42 CST 2005 It's a girl! :-) I know a lot of you have been wondering what's going on here, and the news is that my wife Andrea delivered our first child, a daughter Briah Cecilia (briah at slackware dot com :-) on 2005-11-22, and that event (and the weeks that led up to it) has had to take priority over the usual tasks of download/compile/test/package/upload. But, things should be getting back to normal here (more or less) over the next couple of weeks, particularly after the holiday season has come and gone. As you might expect, there are a lot of friends and relatives who want to see her. :-) Thanks for your patience, and we now return you to your regularly scheduled ChangeLog... a/bash-3.0-i486-4.tgz: Fixed an obscure bug where suspending the first process started in a new shell would cause it to hang. Thanks to Grant Coady for discovering and fixing this bug. a/bzip2-1.0.3-i486-2.tgz: Patched a minor bug in the libbz2 shared library Makefile to enable support for large files. Thanks to Timothy C. McGrath and Manuel Jose Blanca Molinos both of whom pointed out this problem and provided fixes. a/glibc-solibs-2.3.6-i486-1.tgz: Upgraded to glibc-2.3.6 shared libraries. a/glibc-zoneinfo-2.3.6-noarch-1.tgz: Upgraded to glibc-2.3.6 timezone info. a/kernel-ide-2.4.32-i486-1.tgz: Upgraded to Linux 2.4.32 bare.i kernel. a/kernel-modules-2.4.32-i486-1.tgz: Upgraded to Linux 2.4.32 kernel modules. ap/alsa-utils-1.0.10-i486-1.tgz: Upgraded to alsa-utils-1.0.10. In /etc/rc.d/rc.alsa, load snd-seq-oss. (Thanks to Tomas Matejicek) d/gcc-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4. gcc-4.x isn't ready yet as a prime time compiler yet, IMHO -- still too many things it can't compile, internal compiler errors, and the like. How much of that is the compiler and how much is source needing to be updated is a matter for debate, though. Also, the -mcpu=i686 option used in Slackware to optimize binaries for i686 or Athlon platforms has changed to -mtune=i686 with the gcc-3.4.x compiler series. I'll be updating the SlackBuilds over time as the packages are upgraded. d/gcc-g++-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4. d/gcc-g77-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4. d/gcc-gnat-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4. d/gcc-java-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4. d/gcc-objc-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4. d/kernel-headers-2.4.32-i386-1.tgz: Upgraded to Linux 2.4.32 kernel headers. k/kernel-source-2.4.32-noarch-1.tgz: Upgraded to Linux 2.4.32 kernel source. l/alsa-driver-1.0.10_2.4.32-i486-1.tgz: Upgraded to alsa-driver-1.0.10 for Linux 2.4.32. l/alsa-lib-1.0.10-i486-1.tgz: Upgraded to alsa-lib-1.0.10. l/alsa-oss-1.0.10-i486-1.tgz: Upgraded to alsa-oss-1.0.10. l/glibc-2.3.6-i486-1.tgz: Upgraded to glibc-2.3.6. l/glibc-i18n-2.3.6-noarch-1.tgz: Upgraded to glibc-2.3.6 i18n files. Added files in /usr/share/locale that hadn't previously been included in this package (thanks to Lasse Collin). l/glibc-profile-2.3.6-i486-1.tgz: Upgraded to glibc-2.3.6. n/dnsmasq-2.24-i486-1.tgz: Upgraded to dnsmasq-2.24. Thanks to Simon Kelley (and one of his anonymous testers) for helping to update the SlackBuild. n/php-4.4.1-i486-2.tgz: Recompiled with a patch from PHP CVS that fixes issues with SquirrelMail and possibly other PHP applications. I'd hoped there would be a new PHP out quickly to address this but since there isn't I'm making an exception to the usual policy here on merging patches from CVS as a fair number of users seem to be affected by this issue. Let me know if this doesn't help or if any undesired side effects are noticed. This problem was first reported here by Gerardo Exequiel Pozzi, but was later reported by too many people to list. Thanks, everyone! :-) xap/mozilla-firefox-1.5-i686-1.tgz: Upgraded to firefox-1.5. bootdisks/*: Upgraded to Linux 2.4.32. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-1.tgz: Upgraded to linux-wlan-ng-0.2.1pre25 (for Linux 2.4.32). extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.14.3-i486-1.tgz Upgraded to linux-wlan-ng-0.2.3 (for Linux 2.6.14.3). isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.32. isolinux/network.dsk: Upgraded network modules to Linux 2.4.32. isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.32. kernels/*: Upgraded to Linux 2.4.32 (and test.s to 2.6.14.3). rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.32. rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.32. rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.32. rootdisks/network.dsk: Upgraded network modules to Linux 2.4.32. rootdisks/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.32. testing/packages/linux-2.6.14.3/alsa-driver-1.0.10_2.6.14.3-i486-1.tgz: Upgraded to alsa-driver-1.0.10 for Linux 2.6.14.3. testing/packages/linux-2.6.14.3/kernel-generic-2.6.14.3-i486-1.tgz: Upgraded to Linux 2.6.14.3 (generic kernel). testing/packages/linux-2.6.14.3/kernel-headers-2.6.14.3-i386-1.tgz: Upgraded to kernel headers from Linux 2.6.14.3 (see the README file in testing/packages/linux-2.6.14.3/ for information about why you probably *don't* want to use these headers...) testing/packages/linux-2.6.14.3/kernel-modules-2.6.14.3-i486-1.tgz: Upgraded to kernel modules for Linux 2.6.14.3. testing/packages/linux-2.6.14.3/kernel-source-2.6.14.3-noarch-1.tgz: Upgraded to Linux 2.6.14.3 kernel source. testing/packages/php-5.1.1/php-5.1.1-i486-1.tgz: Upgraded to php-5.1.1. This no longer seems to ship with PEAR, and if anyone knows why this is or how to go about adding it back to the package (if it's still required), I'd be interested to know. testing/packages/thunderbird-1.5rc1/mozilla-thunderbird-1.5rc1-i686-1.tgz: Added thunderbird-1.5rc1. +--------------------------+ Mon Nov 7 19:54:57 CST 2005 n/elm-2.5.8-i486-1.tgz: Upgraded to elm2.5.8. This fixes a buffer overflow in the parsing of the Expires header that could be used to execute arbitrary code as the user running Elm. Thanks to Ulf Harnhammar for finding the bug and reminding me to get out updated packages to address the issue. A reference to the original advisory: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html +--------------------------+ Sat Nov 5 21:55:21 CST 2005 l/libxml2-2.6.22-i486-1.tgz: Upgraded to libxml2-2.6.22. This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE that was already used by the expat headers, causing PHP to fail to compile when using Slackware's combination of ./configure options. n/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer overflow in libcurl's NTLM function that could have possible security implications. For more details, see: http://curl.haxx.se/docs/security.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 (* Security fix *) n/samba-3.0.20b-i486-1.tgz: Upgraded to samba-3.0.20b. This includes various bugfixes. Thanks to Christopher Linnet for reporting that this fixes a problem with printing to a printer on an XP machine from CUPS. If you use such a configuration, you'll want this upgrade for sure. n/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34. n/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2. This addresses a buffer overflow in wget's NTLM handling function that could have possible security implications. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 (* Security fix *) n/php-4.4.1-i486-1.tgz: Upgraded to php-4.4.1. Fixes a number of bugs, including several minor security fixes relating to the overwriting of the GLOBALS array. (* Security fix *) n/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5. Fixes an issue where the handling of Asian characters when using lynx to connect to an NNTP server (is this a common use?) could result in a buffer overflow causing the execution of arbitrary code. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120 (* Security fix *) n/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34. Fixes this minor security bug: "If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks." (* Security fix *) n/pine-4.64-i486-1.tgz: Upgraded to pine-4.64. n/tcpdump-3.9.4-i486-1.tgz: Upgraded to tcpdump-3.9.4. n/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64. A buffer overflow was reported in the mail_valid_net_parse_work function. However, this function in the c-client library does not appear to be called from anywhere in imapd. iDefense states that the issue is of LOW risk to sites that allow users shell access, and LOW-MODERATE risk to other servers. I believe it's possible that it is of NIL risk if the function is indeed dead code to imapd, but draw your own conclusions... (* Security fix *) kde/koffice-1.4.1-i486-2.tgz: Patched. Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971 (* Security fix *) There, now hopefully we can start getting some REAL work done around here again soon... +--------------------------+ Thu Oct 13 13:57:25 PDT 2005 a/openssl-solibs-0.9.7g-i486-2.tgz: Patched. Fixed a vulnerability that could, in rare circumstances, allow an attacker acting as a "man in the middle" to force a client and a server to negotiate the SSL 2.0 protocol (which is known to be weak) even if these parties both support SSL 3.0 or TLS 1.0. For more details, see: http://www.openssl.org/news/secadv_20051011.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969 (* Security fix *) n/openssl-0.9.7g-i486-2.tgz: Patched. (* Security fix *) +--------------------------+ Mon Oct 10 15:14:22 PDT 2005 xap/xine-lib-1.0.3a-i686-1.tgz: Upgraded to xine-lib-1.0.3a. This fixes a format string bug where an attacker, if able to upload malicious information to a CDDB server and then get a local user to play a certain audio CD, may be able to run arbitrary code on the machine as the user running the xine-lib linked application. For more information, see: http://xinehq.de/index.php/security/XSA-2005-1 (* Security fix *) +--------------------------+ Sat Oct 8 18:46:14 PDT 2005 d/cvs-1.11.21-i486-1.tgz: Upgraded to cvs-1.11.21. +--------------------------+ Wed Oct 5 13:04:15 PDT 2005 xap/mozilla-thunderbird-1.0.7-i686-1.tgz: Upgraded to thunderbird-1.0.7. This fixes a security issue where URLs passed on the command line to the thunderbird shell script were not correctly protected against interpretation by the shell. As a result, a malicious URL could contain embedded shell commands which would then be executed as the user running Thunderbird. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird (* Security fix *) +--------------------------+ Sun Sep 25 22:02:46 PDT 2005 x/x11-6.8.2-i486-4.tgz: Rebuilt with a modified patch for an earlier pixmap overflow issue. The patch released by X.Org was slightly different than the one that was circulated previously, and is an improved version. There have been reports that the earlier patch broke WINE and possibly some other programs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495 (* Security fix *) x/x11-xdmx-6.8.2-i486-4.tgz: Patched and rebuilt. x/x11-xnest-6.8.2-i486-4.tgz: Patched and rebuilt. x/x11-xvfb-6.8.2-i486-4.tgz: Patched and rebuilt. xap/mozilla-1.7.12-i486-1.tgz: Upgraded to mozilla-1.7.12. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla (* Security fix *) xap/mozilla-firefox-1.0.7-i686-1.tgz: Upgraded to firefox-1.0.7. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox (* Security fix *) +--------------------------+ Tue Sep 13 12:24:53 PDT 2005 Slackware 10.2 is released. Thanks to everyone to helped make it possible. Enjoy! :-)