Sat Aug 5 01:23:15 CDT 2006 patches/packages/php-4.4.3-i486-1_slack10.2.tgz: Upgraded to php-4.4.3. From the announcement of the release: The security issues resolved include the following: * Disallow certain characters in session names. * Fixed a buffer overflow inside the wordwrap() function. * Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. * Improved safe_mode check for the error_log() function. * Fixed cross-site scripting inside the phpinfo() function. The PHP 4.4.3 release announcement may be found on their web site: http://www.php.net (* Security fix *) +--------------------------+ Wed Aug 2 22:03:08 CDT 2006 patches/packages/gnupg-1.4.5-i486-1_slack10.2.tgz: Upgraded to gnupg-1.4.5. From the gnupg-1.4.5 NEWS file: * Fixed 2 more possible memory allocation attacks. They are similar to the problem we fixed with 1.4.4. This bug can easily be be exploited for a DoS; remote code execution is not entirely impossible. (* Security fix *) +--------------------------+ Sun Jul 30 21:30:17 CDT 2006 patches/packages/mysql-4.1.21-i486-1_slack10.2.tgz: Upgraded to mysql-4.1.21. This is a bugfix and security release. For more details, see MySQL's news page about MySQL 4.1.21: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html The CVE entry may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469 Thanks to Nino Petkov for pointing out this MySQL release to me. :-) (* Security fix *) +--------------------------+ Fri Jul 28 17:37:42 CDT 2006 patches/packages/apache-1.3.37-i486-1_slack10.2.tgz: Upgraded to apache-1.3.37. From the announcement on httpd.apache.org: This version of Apache is security fix release only. An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. The Slackware Security Team feels that the vast majority of installations will not be configured in a vulnerable way but still suggests upgrading to the new apache and mod_ssl packages for maximum security. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 And see Apache's announcement here: http://www.apache.org/dist/httpd/Announcement1.3.html (* Security fix *) patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz: Upgraded to mod_ssl-2.8.28-1.3.37. +--------------------------+ Thu Jul 27 16:27:14 CDT 2006 patches/packages/mozilla-firefox-1.5.0.5-i686-1.tgz: Upgraded to firefox-1.5.0.5. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.5-i686-1.tgz: Upgraded to thunderbird-1.5.0.5. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) +--------------------------+ Wed Jul 26 15:51:51 CDT 2006 patches/packages/xine-lib-1.1.2-i686-1.tgz: Upgraded to xine-lib-1.1.2. According to xinehq.de's announcement: There are three security fixes: - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs); - CVE-2006-2802: possible buffer overflow in the HTTP plugin; - possible buffer overflow via bad indexes in specially-crafted AVI files. (* Security fix *) +--------------------------+ Tue Jul 25 14:19:42 CDT 2006 patches/packages/gimp-2.2.12-i486-1.tgz: Upgraded to gimp-2.2.12. This release fixes a security hole in the XCF parser. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404 (* Security fix *) patches/packages/mutt-1.4.2.2i-i486-1_slack10.2.tgz: Upgraded to mutt-1.4.2.2i. This release fixes CVE-2006-3242, a buffer overflow that could be triggered by a malicious IMAP server. [Connecting to malicious IMAP servers must be common, right? -- Ed.] For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242 (* Security fix *) patches/packages/x11-6.8.2-i486-6_slack10.2.tgz: Patched some more possible linux 2.6.x setuid() related bugs: http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html Patched CVE-2006-1861 linux 2.6.x setuid() related bugs in freetype2. (* Security fix *) patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz: Patched as above. (* Security fix *) patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz: Rebuilt. patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz: Rebuilt. patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz: Rebuilt. +--------------------------+ Tue Jul 18 22:44:53 CDT 2006 patches/packages/samba-3.0.23-i486-2_slack10.2.tgz: Patched a problem in nsswitch/wins.c that caused crashes in the wins and/or winbind libraries. Thanks to Mikhail Kshevetskiy for pointing out the issue and offering a reference to the patch in Samba's source repository. Also, this version of Samba evidently created a new dependency on libdm.so (found in the xfsprogs package in non -current Slackware versions). This additional dependency was not intentional, and has been corrected. +--------------------------+ Fri Jul 14 17:17:17 CDT 2006 patches/packages/samba-3.0.23-i486-1_slack10.2.tgz: Upgraded to samba-3.0.23. This fixes a minor memory exhaustion DoS in smbd. The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403 (* Security fix *) +--------------------------+ Tue Jun 27 18:48:22 CDT 2006 patches/packages/arts-1.4.2-i486-2_slack10.2.tgz: Patched to fix a possible exploit if artswrapper is setuid root (which, by default, it is not) and the system is running a 2.6 kernel. Systems running 2.4 kernels are not affected. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-2.txt The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 (* Security fix *) patches/packages/gnupg-1.4.4-i486-1_slack10.2.tgz: This version fixes a memory allocation issue that could allow an attacker to crash GnuPG creating a denial-of-service. The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082 patches/packages/kdebase-3.4.2-i486-3_slack10.2.tgz: Patched a problem with kdm where it could be abused to read any file on the system. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-1.txt The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 (* Security fix *) +--------------------------+ Thu Jun 15 02:06:03 CDT 2006 patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz: Upgraded to sendmail-8.13.7. Fixes a potential denial of service problem caused by excessive recursion leading to stack exhaustion when attempting delivery of a malformed MIME message. This crashes sendmail's queue processing daemon, which in turn can lead to two problems: depending on the settings, these crashed processes may create coredumps which could fill a drive partition; and such a malformed message in the queue will cause queue processing to cease when the message is reached, causing messages that are later in the queue to not be processed. Sendmail's complete advisory may be found here: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Sendmail has also provided an FAQ about this issue: http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 (* Security fix *) patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz: Upgraded to sendmail-8.13.7 configs. +--------------------------+ Sat Jun 3 16:53:29 CDT 2006 patches/packages/mozilla-firefox-1.5.0.4-i686-1.tgz: Upgraded to firefox-1.5.0.4. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.4-i686-1.tgz: Upgraded to thunderbird-1.5.0.4. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/mysql-4.1.20-i486-1_slack10.2.tgz: Upgraded to mysql-4.1.20. This fixes an SQL injection vulnerability. For more details, see the MySQL 4.1.20 release announcement here: http://lists.mysql.com/announce/364 The CVE entry for this issue will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753 +--------------------------+ Mon May 22 10:44:28 CDT 2006 patches/packages/bin-10.2-i486-2_10.2.tgz: Upgraded to eject-2.1.4 to fix problems with 2.6 kernels (bugfix). Patched a security problem in zoo's fullpath() function that was reported by Jean-Sebastien Guay-Leroux. At first this didn't seem like much as zoo is old and hardly used, but there are virus scanning programs that scan zoo archives. It is a possible problem on any system running zoo like this in an automated way, and (of course) could also cause problems if a user were to open a malicious zoo archive manually. (though I'd be pretty suspicious if someone were to mail me anything using "zoo" in 2006...) (* Security fix *) patches/packages/tetex-3.0-i486-2_10.2.tgz: Regenerated the etex.fmt files with etex, not pdfetex. This is more appropriate since etex is a binary, not a link to pdfetex. Thanks to John Breckenridge for reporting the issue. Added --disable-a4, and fixed the texconfig for US paper default in the build script. Thanks to Marc Benstein and Jingmin Zhou for reporting this. Improved /tmp use security. Patched a possible security issue in library code borrowed from xpdf that's used in pdfetex. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 (* Security fix *) +--------------------------+ Wed May 10 15:07:18 CDT 2006 patches/packages/apache-1.3.35-i486-2_slack10.2.tgz: Patched to fix totally broken Include behavior. Thanks to Francesco Gringoli for reporting this bug. +--------------------------+ Tue May 9 00:48:46 CDT 2006 patches/packages/apache-1.3.35-i486-1_slack10.2.tgz: Upgraded to apache-1.3.35. From the official announcement: Of particular note is that 1.3.35 addresses and fixes 1 potential security issue: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 (* Security fix *) patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz: Upgraded to mod_ssl-2.8.26-1.3.35. This is an updated version designed for Apache 1.3.35. patches/packages/mysql-4.1.19-i486-1.tgz: Upgraded to mysql-4.1.19. This fixes some minor security issues with possible information leakage. Note that the information leakage bugs require that the attacker have access to an account on the database. Also note that by default, Slackware's rc.mysqld script does *not* allow access to the database through the outside network (it uses the --skip-networking option). If you've enabled network access to MySQL, it is a good idea to filter the port (3306) to prevent access from unauthorized machines. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517 (* Security fix *) +--------------------------+ Wed May 3 21:55:38 CDT 2006 patches/packages/mozilla-firefox-1.5.0.3-i686-1.tgz: Upgraded to firefox-1.5.0.3. This upgrade fixes a crash bug that could possibly be used to execute code as the Firefox user. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed May 3 00:04:31 CDT 2006 patches/packages/x11-6.8.2-i486-5.tgz: Patched with x11r6.9.0-mitri.diff and recompiled. A typo in the X render extension allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is "root".) The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526 The advisory from X.Org may be found here: http://lists.freedesktop.org/archives/xorg/2006-May/015136.html (* Security fix *) patches/packages/x11-devel-6.8.2-i486-5.tgz: Patched and recompiled libXrender. (* Security fix *) +--------------------------+ Sun Apr 30 17:38:15 CDT 2006 patches/packages/mozilla-thunderbird-1.5.0.2-i686-1.tgz: Upgraded to thunderbird-1.5.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) +--------------------------+ Mon Apr 24 14:36:46 CDT 2006 patches/packages/mozilla-1.7.13-i486-1.tgz: Upgraded to mozilla-1.7.13. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla This release marks the end-of-life of the Mozilla 1.7.x series: http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/ Mozilla Corporation is recommending that users think about migrating to Firefox and Thunderbird. (* Security fix *) +--------------------------+ Mon Apr 17 01:31:07 CDT 2006 patches/packages/mozilla-firefox-1.5.0.2-i686-1.tgz: Upgraded to firefox-1.5.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed Mar 22 13:01:23 CST 2006 patches/packages/sendmail-8.13.6-i486-1.tgz: Upgraded to sendmail-8.13.6. This new version of sendmail contains a fix for a security problem discovered by Mark Dowd of ISS X-Force. From sendmail's advisory: Sendmail was notified by security researchers at ISS that, under some specific timing conditions, this vulnerability may permit a specifically crafted attack to take over the sendmail MTA process, allowing remote attackers to execute commands and run arbitrary programs on the system running the MTA, affecting email delivery, or tampering with other programs and data on this system. Sendmail is not aware of any public exploit code for this vulnerability. This connection-oriented vulnerability does not occur in the normal course of sending and receiving email. It is only triggered when specific conditions are created through SMTP connection layer commands. Sendmail's complete advisory may be found here: http://www.sendmail.com/company/advisory/index.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 (* Security fix *) patches/packages/sendmail-cf-8.13.6-noarch-1.tgz: Upgraded to sendmail-8.13.6 configuration files. +--------------------------+ Mon Mar 13 20:42:48 CST 2006 patches/packages/gnupg-1.4.2.2-i486-1.tgz: Upgraded to gnupg-1.4.2.2. There have been two security related issues reported recently with GnuPG. From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files: Noteworthy changes in version 1.4.2.2 (2006-03-08) * Files containing several signed messages are not allowed any longer as there is no clean way to report the status of such files back to the caller. To partly revert to the old behaviour the new option --allow-multisig-verification may be used. Noteworthy changes in version 1.4.2.1 (2006-02-14) * Security fix for a verification weakness in gpgv. Some input could lead to gpgv exiting with 0 even if the detached signature file did not carry any signature. This is not as fatal as it might seem because the suggestion as always been not to rely on th exit code but to parse the --status-fd messages. However it is likely that gpgv is used in that simplified way and thus we do this release. Same problem with "gpg --verify" but nobody should have used this for signature verification without checking the status codes anyway. Thanks to the taviso from Gentoo for reporting this problem. (* Security fix *) +--------------------------+ Tue Feb 14 16:08:52 CST 2006 patches/packages/php-4.4.2-i486-3.tgz: Fixed some more bugs from the 4.4.2 release... hopefully the third time is the charm. Replaced PEAR packages for which the 4.4.2 release contained incorrect md5sums: Archive_Tar-1.3.1, Console_Getopt-1.2, and HTML_Template_IT-1.1.3. (this last one was also not upgraded to the stable version that was released on 2005-11-01) Sorry to have delayed the advisories, but these bugs had to be fixed first. IMHO, the security issues are of dubious severity anyway, or a more agressive approach would have been taken (though this would likely have caused a lot of people to upgrade to the broken -1 or -2 package revisions, so anyone who didn't know about this until now was probably saved a hassle.) Upgraded other PEAR modules to HTTP-1.4.0, Net_SMTP-1.2.8, and XML_RPC-1.4.5. Thanks again to Krzysztof Oledzki for the bug report. +--------------------------+ Fri Feb 10 17:32:28 CST 2006 patches/packages/php-4.4.2-i486-2.tgz: Rebuilt the package to clean up some junk dotfiles that were installed in the / directory. Harmless, but sloppy... Thanks to Krzysztof Oledzki for pointing this out. +--------------------------+ Thu Feb 9 15:09:26 CST 2006 patches/packages/fetchmail-6.3.2-i486-1.tgz: Upgraded to fetchmail-6.3.2. Presumably this replaces all the known security problems with a batch of new unknown ones. (fetchmail is improving, really ;-) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321 (* Security fix *) patches/packages/imagemagick-6.2.3_3-i486-2.tgz: Patched and recompiled. Several security issues have been backported to this release. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 (* Security fix *) patches/packages/kdegraphics-3.4.2-i486-2.tgz: Patched integer and heap overflows in kpdf to fix possible security bugs with malformed PDF files. For more information, see: http://www.kde.org/info/security/advisory-20051207-2.txt http://www.kde.org/info/security/advisory-20060202-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301 (* Security fix *) patches/packages/kdelibs-3.4.2-i486-2.tgz: Patched a heap overflow vulnerability in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. For more information, see: http://www.kde.org/info/security/advisory-20060119-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019 (* Security fix *) patches/packages/mozilla-firefox-1.5.0.1-i686-1.tgz: Upgraded to firefox-1.5.0.1. This fixes a DoS issue and some other security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.1 (* Security fix *) patches/packages/openssh-4.3p1-i486-1.tgz: Upgraded to openssh-4.3p1. This fixes a security issue when using scp to copy files that could cause commands embedded in filenames to be executed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 (* Security fix *) patches/packages/php-4.4.2-i486-1.tgz: Upgraded to php-4.4.2. Claims to fix "a few small security issues". For more information, see: http://www.php.net/release_4_4_2.php (* Security fix *) patches/packages/sudo-1.6.8p12-i486-1.tgz: Upgraded to sudo-1.6.8p12. This fixes an issue where a user able to run a Python script through sudo may be able to gain root access. IMHO, running any kind of scripting language from sudo is still not safe... For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151 (* Security fix *) patches/packages/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to fix integer and heap overflows in xpdf triggered by malformed PDF files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301 (* Security fix *) +--------------------------+ Fri Dec 9 20:19:31 CST 2005 patches/packages/bash-3.0-i486-4.tgz: Fixed an obscure bug where suspending the first process started in a new shell would cause the shell to hang. Thanks to Grant Coady for discovering and fixing this bug. patches/packages/bzip2-1.0.3-i486-2.tgz: Patched a minor bug in the libbz2 shared library Makefile to enable support for large files. Thanks to Timothy C. McGrath and Manuel Jose Blanca Molinos both of whom pointed out this problem and provided fixes. patches/packages/php-4.4.1-i486-2.tgz: Recompiled with a patch from PHP CVS that fixes issues with SquirrelMail and possibly other PHP applications. I'd hoped there would be a new PHP out quickly to address this but since there isn't I'm making an exception to the usual policy here on merging patches from CVS as a fair number of users seem to be affected by this issue. Let me know if this doesn't help or if any undesired side effects are noticed. This problem was first reported here by Gerardo Exequiel Pozzi, but was later reported by too many people to list. Thanks, everyone! :-) +--------------------------+ Mon Nov 7 19:54:57 CST 2005 patches/packages/elm-2.5.8-i486-1.tgz: Upgraded to elm2.5.8. This fixes a buffer overflow in the parsing of the Expires header that could be used to execute arbitrary code as the user running Elm. Thanks to Ulf Harnhammar for finding the bug and reminding me to get out updated packages to address the issue. A reference to the original advisory: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html +--------------------------+ Sat Nov 5 22:05:29 CST 2005 patches/packages/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34. Fixes this minor security bug: "If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks." (* Security fix *) patches/packages/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer overflow in libcurl's NTLM function that could have possible security implications. For more details, see: http://curl.haxx.se/docs/security.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 (* Security fix *) patches/packages/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64. A buffer overflow was reported in the mail_valid_net_parse_work function. However, this function in the c-client library does not appear to be called from anywhere in imapd. iDefense states that the issue is of LOW risk to sites that allow users shell access, and LOW-MODERATE risk to other servers. I believe it's possible that it is of NIL risk if the function is indeed dead code to imapd, but draw your own conclusions... (* Security fix *) patches/packages/koffice-1.4.1-i486-2.tgz: Patched. Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971 (* Security fix *) patches/packages/libxml2-2.6.22-i486-1.tgz: Upgraded to libxml2-2.6.22. This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE that was already used by the expat headers, causing PHP to fail to compile when using Slackware's combination of ./configure options. patches/packages/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5. Fixes an issue where the handling of Asian characters when using lynx to connect to an NNTP server (is this a common use?) could result in a buffer overflow causing the execution of arbitrary code. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120 (* Security fix *) patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34. patches/packages/php-4.4.1-i486-1.tgz: Upgraded to php-4.4.1. Fixes a number of bugs, including several minor security fixes relating to the overwriting of the GLOBALS array. (* Security fix *) patches/packages/pine-4.64-i486-1.tgz: Upgraded to pine-4.64. patches/packages/samba-3.0.20b-i486-1.tgz: Upgraded to samba-3.0.20b. This includes various bugfixes. Thanks to Christopher Linnet for reporting that this fixes a problem with printing to a printer on an XP machine from CUPS. If you use such a configuration, you'll want this upgrade for sure. patches/packages/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2. This addresses a buffer overflow in wget's NTLM handling function that could have possible security implications. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 (* Security fix *) +--------------------------+ Thu Oct 13 13:57:25 PDT 2005 patches/packages/openssl-0.9.7g-i486-2.tgz: Patched. Fixed a vulnerability that could, in rare circumstances, allow an attacker acting as a "man in the middle" to force a client and a server to negotiate the SSL 2.0 protocol (which is known to be weak) even if these parties both support SSL 3.0 or TLS 1.0. For more details, see: http://www.openssl.org/news/secadv_20051011.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969 (* Security fix *) patches/packages/openssl-solibs-0.9.7g-i486-2.tgz: Patched. (* Security fix *) +--------------------------+ Mon Oct 10 15:15:24 PDT 2005 patches/packages/xine-lib-1.0.3a-i686-1.tgz: Upgraded to xine-lib-1.0.3a. This fixes a format string bug where an attacker, if able to upload malicious information to a CDDB server and then get a local user to play a certain audio CD, may be able to run arbitrary code on the machine as the user running the xine-lib linked application. For more information, see: http://xinehq.de/index.php/security/XSA-2005-1 (* Security fix *) +--------------------------+ Wed Oct 5 13:05:39 PDT 2005 patches/packages/mozilla-thunderbird-1.0.7-i686-1.tgz: Upgraded to thunderbird-1.0.7. This fixes a security issue where URLs passed on the command line to the thunderbird shell script were not correctly protected against interpretation by the shell. As a result, a malicious URL could contain embedded shell commands which would then be executed as the user running Thunderbird. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird (* Security fix *) +--------------------------+ Sun Sep 25 22:03:45 PDT 2005 patches/packages/x11-6.8.2-i486-4.tgz: Rebuilt with a modified patch for an earlier pixmap overflow issue. The patch released by X.Org was slightly different than the one that was circulated previously, and is an improved version. There have been reports that the earlier patch broke WINE and possibly some other programs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495 (* Security fix *) patches/packages/x11-xdmx-6.8.2-i486-4.tgz: Patched and rebuilt. patches/packages/x11-xnest-6.8.2-i486-4.tgz: Patched and rebuilt. patches/packages/x11-xvfb-6.8.2-i486-4.tgz: Patched and rebuilt. patches/packages/mozilla-1.7.12-i486-1.tgz: Upgraded to mozilla-1.7.12. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla (* Security fix *) patches/packages/mozilla-firefox-1.0.7-i686-1.tgz: Upgraded to firefox-1.0.7. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox (* Security fix *) +--------------------------+ Tue Sep 13 12:24:53 PDT 2005 Slackware 10.2 is released. Thanks to everyone to helped make it possible. Enjoy! :-) +--------------------------+ Tue Sep 13 10:54:29 PDT 2005 xap/gxine-0.4.8-i486-2.tgz: Fixed gxine.desktop icon path. (Thanks to Peter Eszlari) extra/isdn4k-utils/isdn4k-utils-CVS-2005-08-21.tar.bz2: Upgraded to a recent snapshot of isdn4k-utils. +--------------------------+ Tue Sep 13 02:15:06 PDT 2005 x/x11-6.8.2-i486-3.tgz: Patched an integer overflow in the X server pixmap memory allocation that could potentially allow any X user to execute arbitrary code with root privileges. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495 (* Security fix *) x/x11-devel-6.8.2-i486-3.tgz: Recompiled. x/x11-docs-6.8.2-noarch-3.tgz: Rebuilt. x/x11-docs-html-6.8.2-noarch-3.tgz: Rebuilt. x/x11-fonts-100dpi-6.8.2-noarch-3.tgz: Rebuilt. x/x11-fonts-cyrillic-6.8.2-noarch-3.tgz: Rebuilt. x/x11-fonts-misc-6.8.2-noarch-3.tgz: Rebuilt. x/x11-fonts-scale-6.8.2-noarch-3.tgz: Rebuilt. x/x11-xdmx-6.8.2-i486-3.tgz: Recompiled. x/x11-xnest-6.8.2-i486-3.tgz: Recompiled. x/x11-xvfb-6.8.2-i486-3.tgz: Recompiled. +--------------------------+ Mon Sep 12 22:48:09 PDT 2005 a/util-linux-2.12p-i486-2.tgz: Patched an issue with umount where if the umount failed when the '-r' option was used, the filesystem would be remounted read-only but without any extra flags specified in /etc/fstab. This could allow an ordinary user able to mount a floppy or CD (but with nosuid, noexec, nodev, etc in /etc/fstab) to run a setuid binary from removable media and gain root privileges. Reported to BugTraq by David Watson: http://www.securityfocus.com/archive/1/410333 (* Security fix *) ap/mdadm-2.1-i486-1.tgz: Upgraded to mdadm-2.1. n/dnsmasq-2.23-i486-1.tgz: Upgraded to dnsmasq-2.23. n/nmap-3.93-i486-1.tgz: Upgraded to nmap-3.93. extra/k3b/k3b-0.12.4a-i486-1.tgz: Upgraded to k3b-0.12.4a. extra/k3b/k3b-i18n-0.12.4-noarch-1.tgz: Upgraded to k3b-i18n-0.12.4. +--------------------------+ Mon Sep 12 19:02:13 PDT 2005 a/aaa_elflibs-10.2.0-i486-3.tgz: Upgraded PCRE library. a/dcron-2.3.3-i486-5.tgz: Added a patch to keep dcron from improperly forking extra copies of itself in some circumstances. (Thanks to Henrik Carlqvist) a/mkinitrd-1.0.1-i486-3.tgz: Added tftp support to busybox, updated README.initrd examples to refer to the 2.6.13 kernel. ap/sox-12.17.8-i486-1.tgz: Upgraded to sox-12.17.8. (Thanks to Peter Eszlari) ap/vorbis-tools-1.1.1-i486-1.tgz: Upgraded to vorbis-tools-1.1.1. (Thanks to Peter Eszlari) l/libvorbis-1.1.1-i486-1.tgz: Upgraded to libvorbis-1.1.1. (Thanks to Peter Eszlari) l/libxml2-2.6.21-i486-1.tgz: Upgraded to libxml2-2.6.21. l/libxslt-1.1.15-i486-1.tgz: Upgraded to libxslt-1.1.15. l/pcre-6.4-i486-1.tgz: Upgraded to pcre-6.4. n/dhcpcd-1.3.22pl4-i486-2.tgz: Patched an issue where a remote attacker can cause dhcpcd to crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848 (* Security fix *) n/wget-1.10.1-i486-3.tgz: Install /etc/wgetrc properly. (Thanks to Fred Emmott) xap/gftp-2.0.18-i486-1.tgz: Upgraded to gftp-2.0.18. (Thanks to Peter Eszlari) xap/gxine-0.4.7-i486-1.tgz: Upgraded to gxine-0.4.8. xap/sane-1.0.16-i486-1.tgz: Upgraded to sane-backends-1.0.16. xap/xchat-2.4.5-i486-1.tgz: Upgraded to xchat-2.4.5. xap/xpdf-3.01-i486-2.tgz: Added missing Bulgarian.nameToUnicode. (Thanks to Dimitar Zhekov) xap/xsane-0.97-i486-1.tgz: Upgraded to xsane-0.97. extra/slackpkg/slackpkg-1.5.2-noarch-2.tgz: Upgraded to slackpkg-1.5.2-noarch-2. (Thanks to Piter Punk) +--------------------------+ Sat Sep 10 22:21:22 PDT 2005 OK, everything was set in stone except for these things. ;-) There may still be a couple more changes (maybe), but this is pretty close. a/aaa_base-10.2.0-noarch-2.tgz: Fixed rp-pppoe version number in email to root. (thanks to Piter Punk) a/aaa_elflibs-10.2.0-i486-2.tgz: Upgraded glib libraries to 2.6.6. a/bash-3.0-i486-3.tgz: Added bash patch bash30-016. (suggested by Fredrik Rinnestam and Xavier Thomassin) Added a patch to prevent an issue with newer glibc versions and 2.4.x kernels that leads to a bash hang if bash is recompiled on such a system. (Thanks to Fredrik Rinnestam) a/glibc-solibs-2.3.5-i486-5.tgz: Recompiled against header files from linux 2.4.31 (linuxthreads version) and linux 2.6.13 (NPTL version). a/glibc-zoneinfo-2.3.5-noarch-5.tgz: Rebuilt. ap/vim-6.3.086-i486-1.tgz: Upgraded vim to patchlevel 86, and upgraded to ctags-5.5.4. l/esound-0.2.36-i486-1.tgz: Upgraded to esound-0.2.36. l/glib2-2.6.6-i486-1.tgz: Upgraded to glib-2.6.6. l/glibc-2.3.5-i486-5.tgz: Recompiled. l/glibc-i18n-2.3.5-noarch-5.tgz: Rebuilt. l/glibc-profile-2.3.5-i486-5.tgz: Recompiled. l/gtk+2-2.6.10-i486-1.tgz: Upgraded to gtk+-2.6.10. l/pango-1.8.2-i486-1.tgz: Upgraded to pango-1.8.2. Thanks to Giacomo Lozito for pointing the bugfix releases of glib, gtk+, and pango out. The 2.8 series still needs time to stabilize and may present some compatibility issues (just a guess), and the version bump on atk-1.10.1 makes me want to play it safe on that one as well. We'll get to those in the next -current. l/sdl-1.2.9-i486-1.tgz: Upgraded to SDL-1.2.9, SDL_image-1.2.4, SDL_mixer-1.2.6, and SDL_ttf-2.0.7. n/nmap-3.90-i486-1.tgz: Upgraded to nmap-3.90. (suggested by many :-) n/wget-1.10.1-i486-2.tgz: Change /etc/wgetrc to /etc/wgetrc.new so that it'll be protected from replacement the next time this package is upgraded. Suggested by Luigi Genoni. xap/xvim-6.3.086-i486-1.tgz: Upgraded X version of vim to patchlevel 86, and upgraded to ctags-5.5.4. +--------------------------+ Thu Sep 8 17:48:59 PDT 2005 extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.13-i486-1.tgz: Recompiled for 2.6.13. Thanks to xgizzmo for catching the omission. +--------------------------+ Thu Sep 8 13:24:58 PDT 2005 OK folks, this is just about ready to go. Consider nearly everything to be set in stone at this point, especially the kernels. Zipslack has yet to be built, and some of the documentation needs minor updating, but for the most part this is how Slackware 10.2 is going to look. Expect a release to happen sometime within the next week or so. Also, a bit of advance warning: I'm going to be removing most of the ISO images for old Slackware releases from ftp.slackware.com in order to make room for the new release, so if you're running a mirror site and want to save those, move them elsewhere now before they go. The ISO images at slackware.osuosl.org in /pub/slackware-iso/ will remain, but the ones at ftp.slackware.com and other sites under /pub/slackware are all potentially on the chopping block. a/aaa_base-10.2.0-noarch-1.tgz: Bumped version number to 10.2. Edited initial email. a/aaa_elflibs-10.2.0-i486-1.tgz: Updated initial library collection. a/bin-10.2-i486-1.tgz: Upgraded to file-4.15. a/cxxlibs-5.0.7-i486-1.tgz: Upgraded to libstdc++.so.5.0.7 from gcc-3.3.6. a/gawk-3.1.5-i486-1.tgz: Upgraded to gawk-3.1.5. a/hotplug-2004_09_23-noarch-5.tgz: Fix a minor syntax error in rc.hotplug. (the logging test was always true even if syslogd was not running) Thanks to Luis Castilho. Blacklisted a new framebuffer module (arcfb.ko) in 2.6.13. a/pkgtools-10.2.0-i486-5.tgz: Upgraded to dialog-1.0-20050306, which fixes a bug that prevented the install-packages scripts from working. Thanks to Krzysztof Oledzki for pointing out this bug. a/reiserfsprogs-3.6.19-i486-1.tgz: Upgraded to reiserfsprogs-3.6.19. a/usbutils-0.11-i486-3.tgz: Upgraded to latest usb.ids. Note that newer versions of usbutils no longer include the usbmodules utility, which breaks hotplugging of USB devices on 2.4.x kernels, so until the default kernel is a 2.6.x version, this is the best version of usbutils to include. a/utempter-1.1.3-i486-1.tgz: Upgraded to libutempter-1.1.3. ap/groff-1.19.1-i486-3.tgz: Fixed a /tmp bug in groffer. Groffer is a script to display formatted output on the console or X, and is not normally used in other scripts (for printers, etc) like most groff components are. The risk from this bug is probably quite low. The fix was pulled from the just-released groff-1.19.2. With Slackware 10.2 just around the corner it didn't seem prudent to upgrade to that -- the diff from 1.19.1 to 1.19.2 is over a megabyte compressed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0969 (* Security fix *) ap/zsh-4.2.5-i486-1.tgz: Upgraded to zsh-4.2.5. d/clisp-2.35-i486-1.tgz: Upgraded to clisp-2.35. d/libtool-1.5.20-i486-1.tgz: Upgraded to libtool-1.5.20. d/subversion-1.2.3-i486-1.tgz: Added subversion-1.2.3. This will be the last last-minute addition in this release cycle. Suggested by many. :-) kde/kdebase-3.4.2-i486-2.tgz: Patched a bug in Konqueror's handling of characters such as '*', '[', and '?'. Generated new kdm config files. Added /opt/kde/man to $MANPATH. Patched a security bug in kcheckpass that could allow a local user to gain root privileges. For more information, see: http://www.kde.org/info/security/advisory-20050905-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494 (* Security fix *) l/jre-1_5_0_04-i586-2.tgz: Added /usr/lib/mozilla/plugins directory with a link to the Java plugin. l/t1lib-5.1.0-i486-1.tgz: Upgraded to t1lib-5.1.0. n/dhcp-3.0.3-i486-1.tgz: Upgraded to dhcp-3.0.3. n/iproute2-2.6.11_050330-i486-2.tgz: Fixed symlinks in /sbin. Thanks to Krzysztof Oledzki for the Makefile patch. n/mod_ssl-2.8.24_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.24-1.3.33. From the CHANGES file: Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 (* Security fix *) n/openssh-4.2p1-i486-1.tgz: Upgraded to openssh-4.2p1. From the OpenSSH 4.2 release announcement: SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified. (* Security fix *) n/php-4.4.0-i486-4.tgz: Added --with-dom. Suggested by Joao Carvalho. n/ppp-2.4.4b1-i486-1.tgz: Upgraded to ppp-2.4.4b1. This should fix the issues people were having with demand dialing and persistant connections. n/rp-pppoe-3.6-i486-1.tgz: Upgraded to rp-pppoe-3.6. Thanks to Erik Jan Tromp for the build script improvements. n/samba-3.0.20-i486-2.tgz: Fixed /usr/doc/samba-3.0.20/docs/using_samba symlink. Thanks to Valentin Avram for the bug report. n/tcpip-0.17-i486-35.tgz: Changed to a cleaner telnet patch borrowed from OpenBSD. Two people, both using Slackware 9.1, informed me that the previous patch for telnet was causing a segfault when used with short hostnames from /etc/hosts (such as localhost). If anyone is having a similar problem with other versions of Slackware, let me know. Thanks to Dragan Simic for telling me about the improved patch. Fixed a minor syntax error in rc.inet1 in the test for syslogd.pid. (Thanks to Luis Castilho) Added brctl and vconfig. (suggested by Jan Rafaj) Increased timeout for dhcpcd. Fixed a bit of bad grammar in rc.inet1.conf. ("appending" -> "prepending") Added a new option "DHCP_IPADDR" to rc.inet1.conf to ask the DHCP server for a specific IP address. (Thanks to James Michael Fultz for these last two) n/wget-1.10.1-i486-1.tgz: Upgraded to wget-1.10.1. xap/jre-symlink-1.0.6-noarch-2: Removed. This is obsolete now that the Java packages contain symlinks in /usr/lib/mozilla/plugins and Mozilla and Firefox have been patched to search for plugins in that directory. xap/mozilla-1.7.11-i486-2.tgz: Patched mozilla startup script to search for plugins in /usr/lib/mozilla/plugins after searching in /usr/lib/mozilla-1.7.11/plugins. xap/mozilla-firefox-1.0.6-i686-2.tgz: Patched firefox startup script to search for plugins in /usr/lib/mozilla/plugins after searching in /usr/lib/firefox-1.0.6/plugins. xap/xpdf-3.01-i486-1.tgz: Upgraded to xpdf-3.01. extra/bash-completion/bash-completion-20050721-noarch-1.tgz: Upgraded to bash-completion-20050721. extra/brltty/brltty-3.6.1-i486-1.tgz: Upgraded to brltty-3.6.1. extra/grub/grub-0.97-i486-1.tgz: Upgraded to grub-0.97. Thanks to Kent Robotti for the new version of grubconfig. extra/jdk-1.5.0_04/jdk-1_5_0_04-i586-2.tgz: Added /usr/lib/mozilla/plugins directory with a link to the Java plugin. extra/slackpkg/slackpkg-1.5.1-noarch-2.tgz: Upgraded to slackpkg-1.5.1-noarch-2. (Thanks to Piter Punk) extra/slacktrack/slacktrack-1.26-i486-1.tgz: Upgraded to slacktrack-1.26_1. (Thanks to Stuart Winter) extra/slacktrack/slacktrack-examples-v1.01.tar.gz: Upgraded slacktrack build script examples. kernels/test26.s/: Added a 2.6.13 install kernel. rootdisks/install.*, isolinux/initrd.img: Fixed install size estimate. testing/packages/gnupg-1.4.2-i486-1.tgz: Upgraded to gnupg-1.4.2. testing/packages/linux-2.6.13/alsa-driver-1.0.9b_2.6.13-i486-1.tgz: Recompiled against Linux 2.6.13. testing/packages/linux-2.6.13/kernel-generic-2.6.13-i486-1.tgz: Upgraded to Linux 2.6.13 generic kernel. testing/packages/linux-2.6.13/kernel-headers-2.6.13-i386-1.tgz: Upgraded to Linux 2.6.13 kernel headers for x86. testing/packages/linux-2.6.13/kernel-modules-2.6.13-i486-1.tgz: Upgraded to Linux 2.6.13 kernel modules. testing/packages/linux-2.6.13/kernel-source-2.6.13-noarch-1.tgz: Upgraded to Linux 2.6.13 kernel source. testing/packages/lvm2/device-mapper-1.01.04-i486-1.tgz: Upgraded to device-mapper.1.01.04. testing/packages/lvm2/lvm2-2.01.09-i486-1.tgz: Upgraded to LVM2.2.01.09. testing/packages/php-5.0.5/php-5.0.5-i486-4.tgz: Upgraded to php-5.0.5 with --with-dom and --with-curl options. +--------------------------+ Tue Aug 30 13:01:43 PDT 2005 a/jfsutils-1.1.8-i486-1.tgz: Upgraded to jfsutils-1.1.8. a/pciutils-2.1.11-i486-6.tgz: Updated pci.ids. a/procps-3.2.5-i486-1.tgz: Upgraded to procps-3.2.5. Thanks to Stuart Winter for informing me that newer 2.6 kernels needed this. ap/espgs-8.15rc4-i486-1.tgz: Upgraded to espgs-8.15rc4. ap/mysql-4.1.14-i486-1.tgz: Upgraded to mysql-4.1.14. kde/kdeedu-3.4.2-i486-2.tgz: Fixed a minor /tmp bug in kvoctrain. (* Security fix *) l/pcre-6.3-i486-1.tgz: Upgraded to pcre-6.3. This fixes a buffer overflow that could be triggered by the processing of a specially crafted regular expression. Theoretically this could be a security issue if regular expressions are accepted from untrusted users to be processed by a user with greater privileges, but this doesn't seem like a common scenario (or, for that matter, a good idea). However, if you are using an application that links to the shared PCRE library and accepts outside input in such a manner, you will want to update to this new package. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 (* Security fix *) n/php-4.4.0-i486-3.tgz: Relinked with the system PCRE library, as the builtin library has a buffer overflow that could be triggered by the processing of a specially crafted regular expression. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 (* Security fix *) Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the insecure eval() function. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 (* Security fix *) Recompiled with support for mbstring and cURL. Thanks to Gerardo Exequiel Pozzi for pointing out that the new MySQL uses UTF-8, which in turn requires that PHP support multibyte strings. Also, thanks to Amrit for mentioning that the PHP cURL extentions are useful and should be included. n/samba-3.0.20-i486-1.tgz: Upgraded samba-3.0.20. xap/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0. This fixes some more security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370 (* Security fix *) testing/packages/linux-2.6.12.5/alsa-driver-1.0.9b_2.6.12.5-i486-1.tgz Recompiled against Linux 2.6.12.5. testing/packages/linux-2.6.12.5/kernel-generic-2.6.12.5-i486-1.tgz Upgraded to Linux 2.6.12.5 generic kernel. testing/packages/linux-2.6.12.5/kernel-headers-2.6.12.5-i386-1.tgz Upgraded to Linux 2.6.12.5 kernel headers for x86. testing/packages/linux-2.6.12.5/kernel-modules-2.6.12.5-i486-1.tgz Upgraded to Linux 2.6.12.5 kernel modules. testing/packages/linux-2.6.12.5/kernel-source-2.6.12.5-noarch-1.tgz Upgraded to Linux 2.6.12.5 kernel source. testing/packages/php-5.0.4/php-5.0.4-i486-3.tgz: Relinked with the system PCRE library, as the builtin library has a buffer overflow that could be triggered by the processing of a specially crafted regular expression. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 (* Security fix *) Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the insecure eval() function. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 (* Security fix *) Recompiled with support for mbstring, cURL, and XSLT. Thanks to Den (aka Diesel) for suggesting XSLT. +--------------------------+ Thu Aug 4 22:33:48 PDT 2005 a/e2fsprogs-1.38-i486-2.tgz: Make sure pkgconfig files go to the right place (/usr/lib/pkgconfig). Thanks to Chad Corkrum. n/links-2.1pre18-i486-1.tgz: Upgraded to links-2.1pre18, which fixes some bugs in Javascript handling. Suggested by Roberto Leandrini. extra/bittornado/bittornado-0.3.12-noarch-1.tgz: Upgraded to bittornado-0.3.12. Suggested by Adam Young. +--------------------------+ Thu Aug 4 13:35:29 PDT 2005 a/sysvinit-2.84-i486-56.tgz: Enable swapping again in rc.S after all local filesystems are mounted read-write. This makes sure that swapfiles get activated with 2.6 kernels. Thanks to Jingmin (Jimmy) Zhou. a/e2fsprogs-1.38-i486-1.tgz: Upgraded to e2fsprogs-1.38, needed for new ext2fs boot label support. Thanks to Jerome Pinot for the heads-up. l/taglib-1.4-i486-1.tgz: Upgraded to taglib-1.4, which will be needed by various projects soon. Thanks to Sergei Mutovkin. xap/xmms-1.2.10-i486-3.tgz: Patched a pause bug in XMMS. Thanks to Erik Jan Tromp for the bug report and patch. extra/ham/gmfsk-0.6-i486-2.tgz: Rebuilt to work with hamlib-1.2.4. extra/ham/hamlib-1.2.4-i486-1.tgz: Upgraded to hamlib-1.2.4 . extra/ham/proj-4.4.9-i486-1.tgz: Upgraded to proj-4.4.9. extra/ham/tlf-0.9.23-i486-1.tgz: Upgraded to tlf-0.9.23. extra/ham/xastir-1.6.0-i486-1.tgz: Upgraded to xastir-1.6.0. extra/ham/xconvers-0.8.3-i486-1.tgz: Upgraded to xconvers-0.8.3. extra/ham/xlog-1.2.2-i486-1.tgz: xlog-1.2.2. Thanks to Arno Verhoeven for all the ham radio package updates! +--------------------------+ Tue Aug 2 22:34:49 PDT 2005 n/proftpd-1.2.10-i486-4.tgz: Added mod_ctrls_admin module, which is needed to make use of --enable-ctrls. Thanks again to Roberto Leandrini. +--------------------------+ Tue Aug 2 15:34:18 PDT 2005 Hi folks, I think it's time to consider this to be mostly frozen and concentrate on beta testing in preparation for the Slackware 10.2 release, so there won't be too many more upgrades and additions. Things are going to be pretty busy for me over the next couple of weeks besides working on getting 10.2 finalized, but let me know about any issues that need fixing before the release and I'll get to them just as soon as I can. Have fun! kde/kdepim-3.4.2-i486-2.tgz: Patched a bug in KMail. n/proftpd-1.2.10-i486-3.tgz: Recompiled with --enable-ctrls and --enable-ipv6. Suggested by Roberto Leandrini. xap/xine-lib-1.0.2-i686-1.tgz: Upgraded to xine-lib-1.0.2. xap/xine-ui-0.99.4-i686-1.tgz: Upgraded to xine-ui-0.99.4. extra/blackbox-0.70.0/blackbox-0.70.0-i486-1.tgz: Added blackbox-0.70.0. This isn't in slackware/xap because there were some things about it that struck me as not quite right, like the removal of i18n support, and that the themes didn't seem to work any more (or at least weren't included). If it's something I'm doing wrong, let me know, otherwise this can stay here for now... extra/slackpkg/slackpkg-1.5.0-noarch-3.tgz: Upgraded to slackpkg-1.5.0-noarch-3 (fixed a mirror URL). +--------------------------+ Mon Aug 1 11:25:46 PDT 2005 a/sysvinit-2.84-i486-55.tgz: In rc.6, try to use 'rc.inet1 stop' to bring the network down. Thanks to Eric Hameleers for reminding me that this sort of thing works now. :-) extra/k3b/k3b-0.12.3-i486-2.tgz: Rebuilt to fix missing binaries. I built this on the same machine, no changes to the build script other than bumping the build number to 2... strange, but I'll take it. extra/slackpkg/slackpkg-1.5.0-noarch-2.tgz: Upgraded to slackpkg-1.5.0-noarch-2. Thanks to Piter Punk. +--------------------------+ Sun Jul 31 17:08:43 PDT 2005 a/sysvinit-2.84-i486-54.tgz: In rc.6, try to use 'dhcpcd -k' to kill dhcpcd, otherwise a cache file is left behind which may cause problems. Thanks to Giacomo Rizzo for the bug report. d/clisp-2.34-i486-1.tgz: Upgraded to clisp-2.34. d/doxygen-1.4.4-i486-1.tgz: Upgraded to doxygen-1.4.4. d/oprofile-0.9.1-i486-1.tgz: Upgraded to oprofile-0.9.1. n/iptables-1.3.3-i486-1.tgz: Upgraded to iptables-1.3.3. n/rsync-2.6.6-i486-1.tgz: Upgraded to rsync-2.6.6. n/tcpip-0.17-i486-34.tgz: Upgraded ethtool to ethtool-3. n/yptools-2.9-i486-1.tgz: Upgraded to yp-tools-2.9, ypbind-mt-1.19.1, and ypserv-2.18. xap/jre-symlink-1.0.6-noarch-2.tgz: Upgraded symlink for Mozilla 1.7.11. xap/mozilla-1.7.11-i486-1.tgz: Upgraded to mozilla-1.7.11. extra/k3b/k3b-0.12.3-i486-1.tgz: Upgraded to k3b-0.12.3. extra/k3b/k3b-i18n-0.12.3-noarch-1.tgz: Upgraded to k3b-i18n-0.12.3. +--------------------------+ Sat Jul 30 13:01:25 PDT 2005 a/smartmontools-5.33-i486-1.tgz: Upgraded to smartmontools-5.33. a/udev-064-i486-2.tgz: Commented out the new lines in udev.rules. It seems like these aren't really needed now that the symlink in /etc/hotplug.d/default/ was restored, and having them there causes a race race condition that can cause things like wireless adaptors that need to load firmware to fail to initialize. Thanks to Andreas Liebschner and Philip Langdale for helping debug this. ap/espgs-8.15rc3-i486-2.tgz: Removed libtool file that wasn't supposed to be in the package. Thanks to Mark Post. Also, I had a report that espgs was not printing margins properly with the Epson C64 printer. If you notice issues like that it is best to send the reports directly to the espgs maintainers, as without the hardware in question (or even with, really) there's little that I can do to fix bugs such as that here. ap/joe-3.3-i486-1.tgz: Upgraded to joe-3.3. ap/mc-4.6.1-i486-1.tgz: Upgraded to mc-4.6.1. e/emacs-21.4a-i486-2.tgz: Patched emacs to change the order some X headers are included, which fixes a keyboard problem with some non-US keyboards when running under X.Org. Thanks to Emanuele Vicentini for pointing out the issue and a patch. e/emacs-nox-21.4a-i486-2.tgz: Recompiled. +--------------------------+ Fri Jul 29 10:33:59 PDT 2005 a/etc-5.1-noarch-10.tgz: Added scanner group. a/getty-ps-2.1.0b-i486-1.tgz: Upgraded to getty-ps-2.1.0b. Thanks to Jan Rafaj for providing additional bugfixes for this package. a/hotplug-2004_09_23-noarch-4.tgz: Changed firmware directory from /usr/lib/hotplug/firmware to /lib/firmware. Thanks to Lior Kadosh, Steve Caster, Lawrence Teo, Piter Punk, and Vidar Madsen, all of whom reported this. a/pkgtools-10.2.0-i486-4.tgz: Fixed toggling rc.dnsmasq and rc.saslauthd in setup.services. Thanks to Eric Hameleers. kde/koffice-1.4.1-i486-1.tgz: Upgraded to koffice-1.4.1. kde/kdeaccessibility-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdeaddons-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdeadmin-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdeartwork-3.4.2-i486-2.tgz: Upgraded to KDE 3.4.2. kde/kdebase-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdebindings-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdeedu-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdegames-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdegraphics-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdelibs-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdemultimedia-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdenetwork-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdepim-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdesdk-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdetoys-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdeutils-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdevelop-3.2.2-i486-1.tgz: Upgraded to KDE 3.4.2. kde/kdewebdev-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2. kdei/kde-i18n-*.tgz: Upgraded to KDE 3.4.2 i18n packages. kdei/koffice-l10n-*.tgz: Upgraded to KOffice 1.4.1 l10n packages. l/arts-1.4.2-i486-1.tgz: Upgraded to arts-1.4.2. l/fribidi-0.10.5-i486-1.tgz: Added fribidi-0.10.5, needed by AbiWord and KDE. l/jre-1_5_0_04-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 4. n/links-2.1pre17-i486-2.tgz: Recompiled without SDL, which was causing X libraries to be indirectly linked. Thanks to Kirils Solovjovs. n/tcpip-0.17-i486-33.tgz: Patched rc.inet1 to make sure that an attempt is made to bring up the gateway whenever a new interface is loaded by hotplug. Added support to bring up/down ethernet aliases, like: IFNAME[2]="eth0:1" (Thanks to Andrey V. Panov for the aliases patch) Patched two overflows in the telnet client that could allow the execution of arbitrary code when connected to a malicious telnet server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 (* Security fix *) xap/abiword-2.2.9-i486-1.tgz: Upgraded to abiword-2.2.9, which now links with the new fribidi package. Thanks to Ryan Pavlik for telling me about the new release, and to the AbiWord team for all the great work. extra/j2sdk-1.5.0_04/j2sdk-1_5_0_04-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 4. +--------------------------+ Tue Jul 26 23:35:18 PDT 2005 ap/vim-6.3.085-i486-1.tgz: Upgraded to patchlevel 85. d/distcc-2.18.3-i486-2.tgz: Recompiled distccmon-gnome to use only GTK+ libraries and not GNOME ones. Thanks to Lasse Collin for suggesting --without-gnome --with-gtk. d/guile-1.6.7-i486-1.tgz: Upgraded to guile-1.6.7. n/links-2.1pre17-i486-1.tgz: Upgraded to links-2.1pre17. n/imapd-4.63-i486-1.tgz: Upgraded to imapd from pine-4.63. n/netatalk-2.0.3-i486-1.tgz: Upgraded to netatalk-2.0.3. n/pine-4.63-i486-1.tgz: Upgraded to pine-4.63. xap/mozilla-1.7.10-i486-2.tgz: Fixed a folder switching bug. Thanks to Peter Santoro for pointing out the patch. xap/xvim-6.3.085-i486-1.tgz: Upgraded to patchlevel 85. +--------------------------+ Mon Jul 25 00:21:30 PDT 2005 n/wireless-tools-27-i486-2.tgz: Build against static libiw. (Thanks to Lech Szychowski) +--------------------------+ Sun Jul 24 22:57:27 PDT 2005 n/nail-11.24-i486-1.tgz: Upgraded to nail-11.24. n/ppp-2.4.3-i486-1.tgz: Upgraded to ppp-2.4.3 and radiusclient-0.3.2. +--------------------------+ Sun Jul 24 17:50:37 PDT 2005 a/hotplug-2004_09_23-noarch-3.tgz: Modified net.agent to use the new rc.inet1 syntax (thanks to Eric Hameleers), and added several new framebuffer modules and the eth1394 module to the blacklist. a/pkgtools-10.2.0-i486-3.tgz: Added saslauthd and dnsmasq to the services setup menu. a/sysvinit-2.84-i486-53.tgz: Added support in /etc/rc.d/rc.M for starting /etc/rc.d/rc.dnsmasq and /etc/rc.d/rc.saslauthd. a/udev-064-i486-1.tgz: Upgraded to udev-064. With the help of two new lines in udev.rules, and a symlink added in /etc/hotplug.d/default that used to be added by earlier versions of hotplug, udev-064 appears to be working! Thanks to Piter Punk for the rules and Kris Karas for the link. l/libxml2-2.6.20-i486-1.tgz: Upgraded to libxml-2.6.20. n/cyrus-sasl-2.1.21-i486-1.tgz: Upgraded to cyrus-sasl-2.1.21, added missing /var/state/saslauthd directory and /etc/rc.d/rc.saslauthd startup script. Thanks to Piter Punk for the help. n/iproute2-2.6.11_050330-i486-1.tgz: Upgraded to iproute2-2.6.11-050330. n/lftp-3.2.1-i486-1.tgz: Upgraded to lftp-3.2.1. n/sendmail-8.13.4-i486-1.tgz: Upgraded to sendmail-8.13.4 compiled with SASL support. Added a new cf file that supports SASL (this is not the one installed by default): /usr/share/sendmail/sendmail-slackware-tls-sasl.cf Thanks to Joshua Rubin and Piter Punk for the help with SASL support. n/sendmail-cf-8.13.4-noarch-1.tgz: Upgraded to sendmail-8.13.4, and added a new sendmail-slackware-tls-sasl.mc config file. n/tcpip-0.17-i486-32.tgz: Merged in many improvements to rc.inet1 scripts to allow alternate interface names and better networking support. Thanks to Eric Hameleers for the really great job on this! When starting rc.portmap for NFS clients, also start rpc.lockd and rpc.statd, otherwise some Java applications may have problems due to a lack of locking. Thanks to Dominik L. Borkowski and Piter Punk for pointing out this issue. n/wireless-tools-27-i486-1.tgz: Upgraded to wireless_tools.27. Thanks to Eric Hameleers for the improved rc.wireless scripts. rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk: Fix /dev/urandom device (thanks to Daniel de Kok). Bumped version number to 10.2. +--------------------------+ Fri Jul 22 13:54:50 PDT 2005 ap/alsa-utils-1.0.9a-i486-2.tgz: Patched rc.alsa to try to load the OSS compatibility modules with both 2.4 and 2.6 kernels. Thanks to Cal Peake for the bug report. ap/mysql-4.1.13-i486-1.tgz: Upgraded to mysql-4.1.13. l/zlib-1.2.3-i486-1.tgz: Upgraded to zlib-1.2.3. This fixes an additional crash not fixed by the patch to zlib-1.2.2. (* Security fix *) n/fetchmail-6.2.5.2-i486-1.tgz: Upgraded to fetchmail-6.2.5.2. This fixes an overflow by which malicious or compromised POP3 servers may overflow fetchmail's stack. For more information, see: http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt (* Security fix *) xap/gxine-0.4.6-i486-1.tgz: Upgraded to gxine-0.4.6. This fixes a format string vulnerability that allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692 (* Security fix *) xap/xlockmore-5.18-i486-1.tgz: Upgraded to xlockmore-5.18. +--------------------------+ Fri Jul 22 10:33:41 PDT 2005 a/udev-058-i486-2.tgz: Added a line to udev.rules to (hopefully) help with the ALSA issues: KERNEL="controlC[0-9]", NAME="snd/%k", MODE="0666" Now, it would seem to me that the already-existing line: KERNEL="controlC[0-9]*", NAME="snd/%k", MODE="0666" ...should have already covered this. It works with previous versions of udev just fine, and this seems to me to be a udev bug. Oh well, give it a test and let me know if it's still causing any problems, in which case I'll probably go back to 054 for the Slackware 10.2 release. I'd rather not spend the next couple of months dorking around with udev problems and not getting a Slackware release out because of it. Thanks to Andris Pavenis for the one line udev.rules fix. ap/groff-1.19.1-i486-2.tgz: Fixed missing gxditview man page. Thanks to Stuart Winter. kde/kdenetwork-3.4.1-i486-2.tgz: Patched overflows in libgadu (used by kopete) that can cause a denial of service or arbitrary code execution. For more information, see: http://www.kde.org/info/security/advisory-20050721-1.txt (* Security fix *) xap/abiword-2.2.8-i486-1.tgz: Upgraded to abiword-2.2.8. xap/fluxbox-0.9.13-i486-1.tgz: Upgraded to fluxbox-0.9.13. xap/jre-symlink-1.0.6-noarch-1.tgz: Upgraded for firefox-1.0.6 and Mozilla 1.7.10. xap/mozilla-firefox-1.0.6-i686-1.tgz: Upgraded to firefox-1.0.6. xap/mozilla-1.7.10-i486-1.tgz: Upgraded to mozilla-1.7.10. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla (* Security fix *) xap/mozilla-thunderbird-1.0.6-i686-1.tgz: Upgraded to thunderbird-1.0.6. xap/windowmaker-0.92.0-i486-1.tgz: Upgraded to WindowMaker-0.92.0. testing/packages/php-5.0.4/php-5.0.4-i486-2.tgz: Recompiled against mysql-4.1.12. Thanks to Tyler McGrath for pointing out this needed to be done. +--------------------------+ Wed Jul 20 16:17:08 PDT 2005 a/glibc-solibs-2.3.5-i486-4.tgz: Recompiled, as I forgot that with both linuxthreads and NPTL versions of glibc that the patch would have to be applied twice. Thanks again to Dirk van Deun for pointing out my error. a/glibc-zoneinfo-2.3.5-noarch-4.tgz: Rebuilt. l/glibc-2.3.5-i486-4.tgz: Recompiled. l/glibc-i18n-2.3.5-noarch-4.tgz: Rebuilt. l/glibc-profile-2.3.5-i486-4.tgz: Recompiled. +--------------------------+ Wed Jul 20 09:59:03 PDT 2005 a/glibc-solibs-2.3.5-i486-3.tgz: Recompiled with a patch to fix logging in using NIS netgroups. Thanks to Dirk van Deun for the bug report and patch. a/glibc-zoneinfo-2.3.5-noarch-3.tgz: Rebuilt. a/sysvinit-2.84-i486-52.tgz: In /etc/rc.d/rc.S, try to umount /initrd/proc/ before umounting /initrd/. a/udev-058-i486-1.tgz: Switched to udev-058, as newer versions still have problems (these are probably caused by the elimination of the /etc/hotplug.d/ directory, as this used to contain a link to udevstart). It was pointed out that udev-062 and udev-063 do create the missing devices if you run udevstart after boot (and possibly after plugging in new devices), but udev-058 is working fine without any kludges and seems to be the most stable version to use with 2.6.12.* kernels. Also, made a fix in /etc/udev/scripts/make_extra_nodes to set a default LANG before calling /bin/ls to look for cdrom and dvd devices (not all LANG settings will produce the same number of fields with ls, which can break cd/dvd symlinks). Thanks to Lukasz Stelmach for pointing out this bug. e/emacs-21.4a-i486-1.tgz: Upgraded to emacs-21.4a. This fixes a vulnerability in the movemail utility when connecting to a malicious POP server that may allow the execution of arbitrary code as the user running emacs. (* Security fix *) e/emacs-info-21.4a-noarch-1.tgz: Upgraded to emacs-21.4a. e/emacs-leim-21.4-noarch-1.tgz: Upgraded to leim-21.4. e/emacs-lisp-21.4a-noarch-1.tgz: Upgraded to emacs-21.4a. e/emacs-misc-21.4a-noarch-1.tgz: Upgraded to emacs-21.4a. e/emacs-nox-21.4a-i486-1.tgz: Upgraded to emacs-21.4a. f/linux-howtos-20050718-noarch-1.tgz: Upgraded to Linux-HOWTOs-20050718. l/glibc-2.3.5-i486-3.tgz: Recompiled with NIS netgroups patch. l/glibc-i18n-2.3.5-noarch-3.tgz: Rebuilt. l/glibc-profile-2.3.5-i486-3.tgz Recompiled with NIS netgroups patch. n/dnsmasq-2.22-i486-1.tgz: Upgraded to dnsmasq-2.22. This fixes an off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0877 (* Security fix *) n/getmail-4.3.11-noarch-1.tgz: Upgraded to getmail-4.3.11. kde/koffice-1.4.0b-i486-1.tgz: Upgraded to koffice-1.4.0b. tcl/expect-5.43.0-i486-1.tgz: Upgraded to expect-5.43.0. tcl/tcl-8.4.11-i486-1.tgz: Upgraded to tcl-8.4.11. tcl/tclx-8.3.5-i486-2.tgz: Recompiled. tcl/tix-8.1.4-i486-2.tgz: Recompiled. tcl/tk-8.4.11-i486-1.tgz: Upgraded to tk-8.4.11. xap/xchat-2.4.4-i486-1.tgz: Upgraded to xchat-2.4.4 (and compiled against the new version of perl. Thanks to Steven E. Woolard for pointing out that the old xchat package was still depending on the old perl. I've been known to forget about that one since it doesn't put anything under /usr/lib/perl/...) testing/packages/linux-2.6.12.3/alsa-driver-1.0.9b_2.6.12.3-i486-1.tgz: Recompiled against Linux 2.6.12.3. testing/packages/linux-2.6.12.3/kernel-generic-2.6.12.3-i486-1.tgz: Upgraded to Linux 2.6.12.3 generic kernel. testing/packages/linux-2.6.12.3/kernel-headers-2.6.12.3-i386-1.tgz Upgraded to Linux 2.6.12.3 kernel headers for x86. testing/packages/linux-2.6.12.3/kernel-modules-2.6.12.3-i486-1.tgz Upgraded to Linux 2.6.12.3 kernel modules. testing/packages/linux-2.6.12.3/kernel-source-2.6.12.3-noarch-1.tgz Upgraded to Linux 2.6.12.3 kernel source. +--------------------------+ Fri Jul 15 00:31:30 PDT 2005 testing/packages/gcc-3.4.4/gcc-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4. testing/packages/gcc-3.4.4/gcc-g++-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4. testing/packages/gcc-3.4.4/gcc-g77-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4. testing/packages/gcc-3.4.4/gcc-gnat-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4. testing/packages/gcc-3.4.4/gcc-java-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4. testing/packages/gcc-3.4.4/gcc-objc-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4. +--------------------------+ Thu Jul 14 16:02:40 PDT 2005 a/devs-2.3.1-noarch-22.tgz: Added /dev/ACM* devices. (Thanks to Manolis Tzanidakis) a/pkgtools-10.2.0-i486-2.tgz: Merged in Jim Hawkins' fixed speed optimizations for pkgtool. a/udev-062-i486-1.tgz: Upgraded to udev-062. This seems to be broken with regard to ALSA devices... I'd suggest anyone using a 2.6 kernel "chmod 644 /etc/rc.d/rc.udev" unless you want to help locate and report bugs. It's also possible that this has something to do with the ever-changing syntax used in the udev.rules config file. If you find any problems that can be attributed to that, fixes would be appreciated. For now, rc.udev will be off by default. ap/mysql-4.1.12-i486-1.tgz: Upgraded to mysql-4.1.12. ap/texinfo-4.8-i486-1.tgz: Upgraded to texinfo-4.8. d/perl-5.8.7-i486-1.tgz: Upgraded to perl-5.8.7, DBD-mysql-3.0002, and DBI-1.48. kde/kdebindings-3.4.1-i486-2.tgz: Recompiled against perl-5.8.7 and j2sdk-1_5_0_03. kde/koffice-1.4.0a-i486-2.tgz: Recompiled against mysql-4.1.12. kde/qt-3.3.4-i486-2.tgz: Recompiled against mysql-4.1.12. n/bitchx-1.1-i486-2.tgz: Recompiled against mysql-4.1.12. n/irssi-0.8.9-i486-7.tgz: Recompiled against perl-5.8.7. n/php-4.4.0-i486-2.tgz: Recompiled against mysql-4.1.12. n/popa3d-1.0-i486-1.tgz: Upgraded to popa3d-1.0. n/tcpdump-3.9.3-i486-1.tgz: Upgraded to libpcap-0.9.3 and tcpdump-3.9.3. This fixes an issue where an invalid BGP packet can cause tcpdump to go into an infinate loop, effectively disabling network monitoring. (* Security fix *) n/vsftpd-2.0.3-i486-1.tgz: Upgraded to vsftpd-2.0.3. x/x11-6.8.2-i486-2.tgz: Reverted to the 6.8.1 version of the ATI Rage128 DRI module, as there's an undefined symbol in the newer version that prevents it from loading and breaks direct rendering for these cards. This bug has been reported on the freedesktop,org site but appears to have been closed without a fix... To observe the problem, on a system with a Rage128 card and DRI configured, use this command: LIBGL_DEBUG=verbose glxinfo (Thanks to Andrey V. Panov for the bug report) xap/gaim-1.4.0-i486-1.tgz: Upgraded to gaim-1.4.0. xap/imagemagick-6.2.3_3-i486-1.tgz: Upgraded to ImageMagick-6.2.3-3. xap/jre-symlink-1.0.5-noarch-1.tgz: Upgraded for firefox-1.0.5. xap/mozilla-firefox-1.0.5-i686-1.tgz: Upgraded to mozilla-firefox-1.0.5. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox (* Security fix *) xap/mozilla-thunderbird-1.0.5-i686-1.tgz: Upgraded to thunderbird-1.0.5. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird1.0.5 (* Security fix *) xap/xscreensaver-4.22-i486-2.tgz: Fixed location of man pages. (Thanks to Alak Trakru) xap/xv-3.10a-i486-4.tgz: Upgraded to the latest XV jumbo patches, xv-3.10a-jumbo-fix-patch-20050410 and xv-3.10a-jumbo-enh-patch-20050501. These fix a number of format string and other possible security issues in addition to providing many other bugfixes and enhancements. (Thanks to Greg Roelofs) (* Security fix *) testing/packages/linux-2.6.12.2/alsa-driver-1.0.9b_2.6.12.2-i486-1.tgz: Recompiled for Linux 2.6.12.2. testing/packages/linux-2.6.12.2/kernel-generic-2.6.12.2-i486-1.tgz Upgraded to Linux 2.6.12.2 generic kernel (added loopback). testing/packages/linux-2.6.12.2/kernel-headers-2.6.12.2-i386-1.tgz Upgraded to Linux 2.6.12.2 kernel headers. testing/packages/linux-2.6.12.2/kernel-modules-2.6.12.2-i486-1.tgz Upgraded to Linux 2.6.12.2 kernel modules. testing/packages/linux-2.6.12.2/kernel-source-2.6.12.2-noarch-1.tgz Upgraded to Linux 2.6.12.2 kernel sources. bootdisks/*: Regenerated bootdisks with "Slackware 10.2" label. extra/bittorrent/bittorrent-4.1.3-noarch-1.tgz: Upgraded to bittorrent-4.1.3. extra/slackpkg/slackpkg-1.4.1-noarch-5.tgz: Upgraded to slackpkg-1.4.1-noarch-5. (Thanks to Piter Punk) extra/slacktrack/slacktrack-1.25-i486-1.tgz: Upgraded to slacktrack-1.25_1. (Thanks to Stuart Winter) +--------------------------+ Mon Jul 11 15:06:22 PDT 2005 n/php-4.4.0-i486-1.tgz: Upgraded to php-4.4.0. This new PHP package fixes a PEAR XML_RPC vulnerability. Sites that use this PEAR class should upgrade to the new PHP package, or as a minimal fix may instead upgrade the XML_RPC PEAR class with the following command: pear upgrade XML_RPC (* Security fix *) +--------------------------+ Sun Jul 10 22:33:04 PDT 2005 a/pkgtools-10.2.0-i486-1.tgz: In xorgsetup, don't load the freetype module twice in the outputted xorg.conf file. Also, fix the formatting of the xorg.conf file. Thanks to Jonathan Woithe for the fixes! d/gcc-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6. d/gcc-g++-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6. d/gcc-g77-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6. d/gcc-gnat-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6. d/gcc-java-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6. d/gcc-objc-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6. kde/kdeartwork-3.4.1-i486-2.tgz: Patched to fix using screensavers from xscreensaver >= 4.21. Thanks to Chris Linnet for the fix! l/libtiff-3.7.3-i486-1.tgz: Upgraded to libtiff-3.7.3. n/iptables-1.3.2-i486-1.tgz: Upgraded to iptables-1.3.2. n/rsync-2.6.5-i486-1.tgz: Upgraded to rsync-2.6.5. tcl/hfsutils-3.2.6-i486-3.tgz: Patched to include , and recompiled to fix problems on systems using NPTL. Thanks to Dominik L. Borkowski for pointing out the issue. xap/gkrellm-2.2.7-i486-1.tgz: Upgraded to gkrellm-2.2.7. xap/xscreensaver-4.22-i486-1.tgz: Upgraded to xscreensaver-4.22. +--------------------------+ Fri Jul 8 13:44:53 PDT 2005 l/gnet-2.0.7-i486-3.tgz: Fixed a missing '\' in the ./configure part of the build that was causing the --prefix to be ignored (and which I'd formulated an unnecessary patch to work around). Thanks to orlan. l/libexif-0.6.12-i486-2.tgz: Included a patch from CVS to fix loading of JPEGs from certain digital cameras in GIMP. This fix has been in CVS for months, and many people have pointed it out here. Sorry about the delay in fixing it, but I thought for sure upstream would have issued a new release by now (long ago, really.) l/zlib-1.2.2-i486-2.tgz: Patched an overflow in zlib that could cause applications using zlib to crash. The overflow does not involve user supplied data, and therefore does not allow the execution of arbitrary code. However, it could still be used by a remote attacker to create a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 (* Security fix *) xap/gimp-2.2.8-i486-1.tgz: Upgraded to gimp-2.2.8. +--------------------------+ Thu Jun 23 16:06:53 PDT 2005 ap/groff-1.19.1-i486-1.tgz: Upgraded to groff-1.19.1. I'd been putting this off upgrade off because of problems caused by newer groff versions defaulting to ANSI color output, but found a patch for man.local and mdoc.local that makes man pages render without color by default. Hopefully this new groff version won't contain any other surprises, but I think that was the big one... ap/man-1.5p-i486-1.tgz: Upgraded to man-1.5p. ap/vim-6.3.078-i486-1.tgz: Upgraded to patchlevel 78. kde/koffice-1.4.0a-i486-1.tgz: Upgraded to koffice-1.4.0a. (This requires the new libgsf and libwpd packages) kdei/koffice-l10n-*.tgz: Upgraded to new KOffice translation packages. l/libgsf-1.12.1-i486-1.tgz: Upgraded to libgsf-1.12.1. l/libwpd-0.8.2-i486-1.tgz: Added libwpd-0.8.2 (needed by KWord). n/wget-1.10-i486-1.tgz: Upgraded to wget-1.10. xap/xvim-6.3.078-i486-1.tgz: Upgraded to patchlevel 78. +--------------------------+ Tue Jun 21 21:56:16 PDT 2005 ap/sudo-1.6.8p9-i486-1.tgz: Upgraded to sudo-1.6.8p9. This new version of Sudo fixes a race condition in command pathname handling that could allow a user with Sudo privileges to run arbitrary commands. For full details, see the Sudo site: http://www.courtesan.com/sudo/alerts/path_race.html (* Security fix *) l/gtk+2-2.6.8-i486-1.tgz: Upgraded to gtk+-2.6.8. Fixed /etc/gtk-2.0/gdk-pixbuf.loaders to list the SVG loader (svg_loader.so). (Thanks very much to Alastair Poole for noticing that XFCE was not loading SVG icons correctly, figuring out the problem, and sending in a fix) +--------------------------+ Sun Jun 19 21:45:07 PDT 2005 l/jre-1_5_0_03-i586-1.tgz: This already-issued package fixes some recently announced security issues that could allow applets to read or write to local files. See: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 (* Security fix *) extra/j2sdk-1.5.0_03/j2sdk-1_5_0_03-i586-1.tgz: Fixed the slack-desc to not include the release version to prevent future mishaps. :-) This already-issued package fixes some recently announced security issues that could allow applets to read or write to local files. See: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 (* Security fix *) +--------------------------+ Tue Jun 14 18:40:39 PDT 2005 ap/flac-1.1.2-i486-2.tgz: Patched the XMMS plugin. (thanks to Wim Speekenbrink for the patch) l/glib2-2.6.5-i486-1.tgz: Upgraded to glib-2.6.5. extra/k3b/k3b-0.12-i486-1.tgz: Upgraded to k3b-0.12. extra/k3b/k3b-i18n-0.12-noarch-1.tgz: Upgraded to k3b-i18n-0.12. +--------------------------+ Sun Jun 12 21:48:25 PDT 2005 a/bzip2-1.0.3-i486-1.tgz: Upgraded to bzip2-1.0.3. a/openssl-solibs-0.9.7g-i486-1.tgz: Upgraded to openssl-0.9.7g libraries. a/tcsh-6.14.00-i486-1.tgz: Upgraded to tcsh-6.14.00. ap/espgs-8.15rc3-i486-1.tgz: Upgraded to espgs-8.15rc3, which should fix problems with PNG and PDF while we wait for a final release on this one. ap/flac-1.1.2-i486-1.tgz: Upgraded to flac-1.1.2. Note that the library versions for FLAC have changed, so anything using the FLAC libraries will need to be recompiled. If I've missed anything, let me know. ap/vorbis-tools-1.0.1-i486-4.tgz: Recompiled against new Ogg/FLAC libraries. d/doxygen-1.4.3-i486-1.tgz: Upgraded to doxygen-1.4.3. kde/kdeaccessibility-3.4.1-i486-1.tgz: Upgraded to kdeaccessibility-3.4.1. kde/kdeaddons-3.4.1-i486-1.tgz: Upgraded to kdeaddons-3.4.1. kde/kdeadmin-3.4.1-i486-1.tgz: Upgraded to kdeadmin-3.4.1. kde/kdeartwork-3.4.1-i486-1.tgz: Upgraded to kdeartwork-3.4.1. kde/kdebase-3.4.1-i486-1.tgz: Upgraded to kdebase-3.4.1. kde/kdebindings-3.4.1-i486-1.tgz: Upgraded to kdebindings-3.4.1. kde/kdeedu-3.4.1-i486-1.tgz: Upgraded to kdeedu-3.4.1. kde/kdegames-3.4.1-i486-1.tgz: Upgraded to kdegames-3.4.1. kde/kdegraphics-3.4.1-i486-1.tgz: Upgraded to kdegraphics-3.4.1. kde/kdelibs-3.4.1-i486-1.tgz: Upgraded to kdelibs-3.4.1. kde/kdemultimedia-3.4.1-i486-1.tgz: Upgraded to kdemultimedia-3.4.1. kde/kdenetwork-3.4.1-i486-1.tgz: Upgraded to kdenetwork-3.4.1. kde/kdepim-3.4.1-i486-1.tgz: Upgraded to kdepim-3.4.1. kde/kdesdk-3.4.1-i486-1.tgz: Upgraded to kdesdk-3.4.1. kde/kdetoys-3.4.1-i486-1.tgz: Upgraded to kdetoys-3.4.1. kde/kdeutils-3.4.1-i486-1.tgz: Upgraded to kdeutils-3.4.1. kde/kdevelop-3.2.1-i486-1.tgz: Upgraded to kdevelop-3.2.1. kde/kdewebdev-3.4.1-i486-1.tgz: Upgraded to kdewebdev-3.4.1. kdei/kde-i18n-*-3.4.1-noarch-1.tgz: Upgraded to KDE 3.4.1 i18n packages. l/arts-1.4.1-i486-1.tgz: Upgraded to arts-1.4.1. l/aspell-0.60.2-i486-1.tgz: Upgraded to aspell-0.60.2. Moved aspell data files into /usr/lib/aspell where most things look for them rather than the default of /usr/lib/aspell-. l/aspell-en-6.0_0-noarch-3.tgz: Moved data files into /usr/lib/aspell. l/gnet-2.0.7-i486-2.tgz: Patched ./configure to not put the package into /usr/local. Thanks to orlan for pointing out the problem. l/jre-1_5_0_03-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 3. l/libao-0.8.6-i486-1.tgz: Upgraded to libao-0.8.6. l/libogg-1.1.2-i486-1.tgz: Upgraded to libogg-1.1.2. l/libvorbis-1.1.0-i486-1.tgz: Upgraded to libvorbis-1.1.0. n/openssh-4.1p1-i486-1.tgz: Upgraded to openssh-4.1p1. n/openssl-0.9.7g-i486-1.tgz: Upgraded to openssl-0.9.7g. xap/gaim-1.3.1-i486-1.tgz: Upgraded to gaim-1.3.1 and gaim-encryption-2.38. This fixes a couple of remote crash bugs, so users of the MSN and Yahoo! chat protocols should upgrade to gaim-1.3.1. (* Security fix *) xap/gimp-2.2.7-i486-1.tgz: Upgraded to gimp-2.2.7. xap/gimp-help-2-0.8-noarch-1.tgz: Upgraded to gimp-help-2-0.8. xap/imagemagick-6.2.3_0-i486-1.tgz: Upgraded to ImageMagick-6.2.3-0. xap/xine-lib-1.0.1-i686-2.tgz: Recompiled against new Ogg/FLAC libraries. extra/aspell-word-lists: Updated and added several dictionaries, and moved all data files from /usr/lib/aspell-0.60 to /usr/lib/aspell. extra/j2sdk-1.5.0_03/j2sdk-1_5_0_03-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 3. +--------------------------+ Wed Jun 8 22:25:08 PDT 2005 ap/alsa-utils-1.0.9a-i486-1.tgz: Upgraded to alsa-utils-1.0.9a. l/alsa-driver-1.0.9b_2.4.31-i486-1.tgz: Upgraded to alsa-driver-1.0.9b, which works great with both 2.4 and 2.6 kernels. Big thanks to the ALSA developers for the quick fix! :-) l/alsa-lib-1.0.9-i486-1.tgz: Upgraded to alsa-lib-1.0.9. l/alsa-oss-1.0.9-i486-1.tgz: Upgraded to alsa-oss-1.0.9. l/gnet-2.0.7-i486-1.tgz: Upgraded to gnet-2.0.7. l/lcms-1.14-i486-1.tgz: Upgraded to lcms-1.14. l/lesstif-0.94.4-i486-1.tgz: Upgraded to lesstif-0.94.4. l/libexif-0.6.12-i486-1.tgz: Upgraded to libexif-0.6.12. l/libgsf-1.12.0-i486-1.tgz: Upgraded to libgsf-1.12.0. l/libidn-0.5.17-i486-1.tgz: Upgraded to libidn-0.5.17. l/libieee1284-0.2.10-i486-1.tgz: Upgraded to libieee1284-0.2.10. l/libtiff-3.7.2-i486-1.tgz: Upgraded to tiff-3.7.2. l/libungif-4.1.3-i486-1.tgz: Upgraded to libungif-4.1.3. l/libwmf-0.2.8.3-i486-1.tgz: Upgraded to libwmf-0.2.8.3. l/libwmf-docs-0.2.8.3-noarch-1.tgz: Upgraded to libwmf-0.2.8.3 docs. l/mhash-0.9.2-i486-1.tgz: Upgraded to mhash-0.9.2. n/samba-3.0.14a-i486-1.tgz: Upgraded to samba-3.0.14a. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.31-i486-1.tgz: Recompiled for Linux 2.4.31. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.11.11-i486-1.tgz Recompiled for Linux 2.6.11.11. testing/packages/linux-2.6.11.11/alsa-driver-1.0.9b_2.6.11.11-i486-1.tgz: Upgraded to alsa-driver-1.0.9b (compiled for Linux 2.6.11.11). +--------------------------+ Mon Jun 6 20:23:40 PDT 2005 a/kernel-ide-2.4.31-i486-1.tgz: Upgraded to Linux 2.4.31. a/kernel-modules-2.4.31-i486-1.tgz: Upgraded to Linux 2.4.31 kernel modules. d/kernel-headers-2.4.31-i386-1.tgz: Upgraded to kernel headers from Linux 2.4.31. k/kernel-source-2.4.31-noarch-1.tgz: Upgraded to Linux 2.4.31. l/alsa-driver-1.0.8_2.4.31-i486-1.tgz: Recompiled for Linux 2.4.31. alsa-driver-1.0.9a was tested, but attempting to load snd.o produces some unresolved symbol errors (class_device_destroy and class_device_create). Seems that the new version of ALSA requires some new features of the 2.6.x kernel series. ALSA 1.0.8 works with both 2.4.x and 2.6.x kernels, so for the time being ALSA will stay at 1.0.8. It would be nice to see these features backported in an official 2.4.32 kernel, or an alsa-driver-1.0.9b release that can work with either kernel branch... bootdisks/*: Upgraded to Linux 2.4.31 bootdisks. kernels/*: Upgraded to Linux 2.4.31 kernels. isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk, rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk: Updated kernel modules to 2.4.31. testing/packages/linux-2.6.11.11/alsa-driver-1.0.8_2.6.11.11-i486-1.tgz: Recompiled for Linux 2.6.11.11. testing/packages/linux-2.6.11.11/kernel-generic-2.6.11.11-i486-1.tgz Upgraded to Linux 2.6.11.11. testing/packages/linux-2.6.11.11/kernel-headers-2.6.11.11-i386-1.tgz Upgraded to kernel headers from Linux 2.6.11.11. testing/packages/linux-2.6.11.11/kernel-modules-2.6.11.11-i486-1.tgz Upgraded to kernel modules for Linux 2.6.11.11. testing/packages/linux-2.6.11.11/kernel-source-2.6.11.11-noarch-1.tgz Upgraded to kernel source for Linux 2.6.11.11. +--------------------------+ Tue May 17 17:51:29 PDT 2005 xap/xfce-4.2.2-i486-1.tgz: Upgraded to xfce-4.2.2. +--------------------------+ Mon May 16 15:27:24 PDT 2005 a/glibc-solibs-2.3.5-i486-2.tgz: Recompiled including a patch found in Debian's glibc sources that fixes an issue with TLS that breaks X and XMMS on machines that use nVidia's X drivers. This might also be found in glibc CVS by now, but I'm not sure about that. In any case, if you had problems before and you're using nVidia's drivers, this should fix it. Also, I heard a few reports of trouble with Firefox not working with NPTL -- maybe this will also fix that? a/glibc-zoneinfo-2.3.5-noarch-2.tgz: Rebuilt. l/glibc-2.3.5-i486-2.tgz: Recompiled with TLS fix. l/glibc-i18n-2.3.5-noarch-2.tgz: Rebuilt. l/glibc-profile-2.3.5-i486-2.tgz: Recompiled with TLS fix. +--------------------------+ Sun May 15 20:12:03 PDT 2005 n/ncftp-3.1.9-i486-1.tgz: Upgraded to ncftp-3.1.9. This corrects a vulnerability where a download from a hostile FTP server might be written to an unintended location potentially compromising system security or causing a denial of service. For more details, see: http://www.ncftp.com/ncftp/doc/changelog.html#3.1.5 (* Security fix *) xap/jre-symlink-1.0.4-noarch-1.tgz: Upgraded Java(TM) symlink for new versions of Mozilla Firefox and the Mozilla Suite. xap/mozilla-1.7.8-i486-1.tgz: Upgraded to mozilla-1.7.8. Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow an attacker to run arbitrary code. The Mozilla Suite version 1.7.7 is only partially vulnerable. For more details, see: http://www.mozilla.org/security/announce/mfsa2005-42.html (* Security fix *) xap/mozilla-firefox-1.0.4-i686-1.tgz: Upgraded to firefox-1.0.4. Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow an attacker to run arbitrary code. For more details, see: http://www.mozilla.org/security/announce/mfsa2005-42.html (* Security fix *) +--------------------------+ Fri May 13 12:51:03 PDT 2005 Here's the (I'm sure) long awaited upgrade to Slackware's glibc to include support for NPTL (the Native POSIX Thread Library). NPTL works with newer kernels (meaning 2.6.x, or a 2.4 kernel that is patched to support NPTL, but not an unmodified "vanilla" 2.4 kernel such as Slackware uses) to provide improved performance for threads. This difference can be quite dramatic in some situations. For example, a benchmark test mentioned on Wikipedia started 100,000 threads simultaneously in about 2 seconds on a system using NPTL. The same test using the old Linuxthreads glibc thread support took around 15 minutes to run! For most applications that do not start large numbers of threads the difference will not be so large, but for high traffic servers, databases, or anything that runs large numbers of threads, NPTL should bring big improvements in scalability and performance. For compatibility, the regular (linuxthreads) libraries are installed in /lib, and the new NPTL versions are installed in /lib/tls. Which versions are used depends on the kernel you're using. If it's newer than 2.6.4, then the NPTL libraries in /lib/tls will be used. TLS stands for "thread-local storage", and the directory name /lib/tls is a little bit misleading since now both the linuxthreads and NPTL versions of glibc are compiled with TLS support included (this is needed to produce versions of tools such as ldconfig that can run under either kind of system). Getting all the kinks out of the build script to be able to get this to work with either 2.4 or 2.6 kernels and be able to switch back and forth without issues was quite a challenge, to say the least, and would have been much harder without all the good advice and help folks sent in to help me along and give me important hints. A special thanks goes to Chad Corkrum for sending in some ./configure options that really helped get the ball rolling here. Here's some information about compiling things using these libraries -- by default, if you compile something the headers and shared libraries used to compile and link the binary will be the linuxthreads versions, but when you go to run the binary it will link to the NPTL library versions (and you'll get the NPTL speed improvements) if you are running an NPTL capable kernel. In rare cases you may find that an old binary doesn't work right when run against the NPTL libs, and in this case you can force it to run against the linuxthreads versions by setting the LD_ASSUME_KERNEL variable to assume the use of a 2.4.x (non-NPTL) kernel so that NPTL will not be used. An easy way to see the effect of this is to try something like the following while using an NPTL enabled kernel: volkerdi@tree:~$ ldd /bin/bash linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0xb7fcf000) libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fcb000) libc.so.6 => /lib/tls/libc.so.6 (0xb7eaf000) /lib/ld-linux.so.2 (0xb7feb000) Note that in the example above, the binary is running against the NPTL libraries in /lib/tls. Now, let's try setting LD_ASSUME_KERNEL: volkerdi@tree:~$ LD_ASSUME_KERNEL=2.4.30 ldd /bin/bash linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0xb7fcf000) libdl.so.2 => /lib/libdl.so.2 (0xb7fcb000) libc.so.6 => /lib/libc.so.6 (0xb7eb2000) /lib/ld-linux.so.2 (0xb7feb000) As you can see, now the binary is running against the linuxthreads version of glibc in /lib. If you find old things that won't work with NPTL (which should be rare), this is the method you'll want to use to work around it. Now for a little note about compiling things. In most cases it will be just fine to compile against linuxthreads and run against NPTL, and this approach will produce the most flexible binaries (ones that will run against either linuxthreads or NPTL.) However, in some cases you might want to use some of the new functions that are only available in NPTL, and to do that you'll need to use the NPTL versions of pthread.h and other headers that are different and link against the NPTL versions of the glibc libraries. To do this you'll need to add these compile flags to your build in an appropriate spot: -I/usr/include/nptl -L/usr/lib/nptl (and link with -lpthread, of course) Have fun, and report any problems to volkerdi@slackware.com. a/glibc-solibs-2.3.5-i486-1.tgz: Upgraded to glibc-2.3.5 shared libs. a/glibc-zoneinfo-2.3.5-noarch-1.tgz: Upgraded to time zone files from glibc-2.3.5. l/glibc-2.3.5-i486-1.tgz: Upgraded to glibc-2.3.5. l/glibc-i18n-2.3.5-noarch-1.tgz: Upgraded to glibc-2.3.5 i18n files. l/glibc-profile-2.3.5-i486-1.tgz: Upgraded to glibc-2.3.5 profile libs. xap/gaim-1.3.0-i486-1.tgz: Upgraded to gaim-1.3.0. This fixes a few bugs which could be used by a remote attacker to annoy a GAIM user by crashing GAIM and creating a denial of service. (* Security fix *) extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.11.9-i486-1.tgz: Recompiled linux-wlan-ng-0.2.1pre25 for Linux 2.6.11.9. testing/packages/linux-2.6.11.9/alsa-driver-1.0.8_2.6.11.9-i486-1.tgz: Recompiled for Linux 2.6.11.9. testing/packages/linux-2.6.11.9/kernel-generic-2.6.11.9-i486-1.tgz: Upgraded to Linux 2.6.11.9. Note that as far as these so-called "sucker" kernels go, I won't be intending to follow every one that's released, but I figure I might as well upgrade _occasionallly_, as there's no reason to be testing for bugs that are already well-known. Anyway, I guess my point here is that when 2.6.11.10 comes out (if it's not out already ;-), I won't need everyone to be sending me email saying "new kernel! new kernel!". If, on the other hand, you are personally affected by a kernel bug that's fixed by a new kernel in this series feel free to let me know about it. Thanks! :-) testing/packages/linux-2.6.11.9/kernel-headers-2.6.11.9-i386-1.tgz: Upgraded to kernel headers from Linux 2.6.11.9. testing/packages/linux-2.6.11.9/kernel-modules-2.6.11.9-i486-1.tgz: Upgraded to kernel modules for Linux 2.6.11.9. testing/packages/linux-2.6.11.9/kernel-source-2.6.11.9-noarch-1.tgz: Upgraded to kernel source for Linux 2.6.11.9. +--------------------------+ Sun May 1 22:10:17 PDT 2005 a/hdparm-6.1-i486-1.tgz: Upgraded to hdparm-6.1. a/kernel-ide-2.4.30-i486-1.tgz: Upgraded to Linux 2.4.30. a/kernel-modules-2.4.30-i486-1.tgz: Upgraded to Linux 2.4.30 kernel modules. d/kernel-headers-2.4.30-i386-1.tgz: Upgraded kernel headers from 2.4.30 kernel. k/kernel-source-2.4.30-noarch-1.tgz: Upgraded to Linux 2.4.30 kernel source. l/alsa-driver-1.0.8_2.4.30-i486-1.tgz: Recompiled for Linux 2.4.30. l/gmp-4.1.4-i486-2.tgz: Recompiled with --enable-mpfr. l/libgtkhtml-2.6.3-i486-1.tgz: Added libgtkhtml-2.6.3 (needed for GIMP's help browser plugin). l/librsvg-2.8.1-i486-1.tgz: Added librsvg-2.8.1 (needed for GIMP's SVG support plugin). n/bind-9.3.1-i486-1.tgz: Upgraded to bind-9.3.1. n/getmail-4.3.7-noarch-1.tgz: Upgraded to getmail-4.3.7. xap/gimp-2.2.6-i486-2.tgz: Rebuilt to include SVG and help browser plugins. xap/gimp-help-2-0.7-noarch-1.tgz: Added help files for the GIMP image editor. xap/gxine-0.4.4-i486-1.tgz: Upgraded to gxine-0.4.4. xap/jre-symlink-1.0.3-noarch-2.tgz: Make sure the directories for the symlinks are there. (thanks to Eric Le Bras for the bug report) xap/xine-lib-1.0.1-i686-1.tgz: Upgraded to xine-lib-1.0.1. This fixes some bugs in the MMS and Real RTSP streaming client code. While the odds of this vulnerability being usable to a remote attacker are low (but see the xine advisory), if you stream media from sites using these protocols (and you think the sites might be "hostile" and will try to hack into your xine client), then you might want to upgrade to this new version of xine-lib. Probably the other fixes and enchancements in xine-lib-1.0.1 are a better rationale to do so, though. For more details on the xine-lib security issues, see: http://xinehq.de/index.php/security/XSA-2004-8 (* Security fix *) bootdisks/*: Upgraded to Linux 2.4.30 bootdisks. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.30-i486-1.tgz: Recompiled linux-wlan-ng-0.2.1pre25 for Linux 2.4.30. kernels/*: Upgraded to Linux 2.4.30 kernels. isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk, rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk: Updated kernel modules to 2.4.30. +--------------------------+ Thu Apr 21 14:26:29 PDT 2005 d/binutils-2.15.92.0.2-i486-3.tgz: Upgraded to ksymoops-2.4.11. d/cvs-1.11.20-i486-1.tgz: Upgraded to cvs-1.11.20. From cvshome.org: "This version fixes many minor security issues in the CVS server executable including a potentially serious buffer overflow vulnerability with no known exploit. We recommend this upgrade for all CVS servers!" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 (* Security fix *) d/python-2.4.1-i486-1.tgz: Upgraded to python-2.4.1. From the python.org site: "The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers using only register_function() are not affected." For more details, see: http://python.org/security/PSF-2005-001/ (* Security fix *) d/python-demo-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 demos. d/python-tools-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 tools. kde/kdebase-3.4.0-i486-2.tgz: Recompiled to link with Cyrus SASL. kde/kdepim-3.4.0-i486-2.tgz: Recompiled to link with Cyrus SASL. l/glib2-2.6.4-i486-1.tgz: Upgraded to glib-2.6.4. l/gtk+2-2.6.7-i486-1.tgz: Upgraded to gtk+-2.6.7. l/libxml2-2.6.19-i486-1.tgz: Upgraded to libxml2-2.6.19. l/libxslt-1.1.14-i486-1.tgz: Upgraded to libxslt-1.1.14. n/cyrus-sasl-2.1.20-i486-1.tgz: Added Cyrus SASL library (for Kmail). xap/gaim-1.2.1-i486-1.tgz: Upgraded to gaim-1.2.1. According to gaim.sf.net, this fixes a few denial-of-service flaws. (* Security fix *) xap/gimp-2.2.6-i486-1.tgz: Upgraded to gimp-2.2.6. xap/jre-symlink-1.0.3-noarch-1.tgz: Upgraded Java(TM) symlink for Mozilla Firefox and added an additional link for the Mozilla Suite. xap/mozilla-1.7.7-i486-1.tgz: Upgraded to mozilla-1.7.7. This fixes some security issues. For complete details, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html (* Security fix *) xap/mozilla-firefox-1.0.3-i686-1.tgz: Upgraded to firefox-1.0.3. From the mozilla.org site: "Firefox 1.0.3 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version." For complete details, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html (* Security fix *) xap/xscreensaver-4.21-i486-2.tgz: Patched to fix setgid shadow. +--------------------------+ Tue Apr 5 12:52:00 PDT 2005 n/php-4.3.11-i486-1.tgz: Upgraded to php-4.3.11. "This is a maintenance release that in addition to over 70 non-critical bug fixes addresses several security issues inside the exif and fbsql extensions as well as the unserialize(), swf_definepoly() and getimagesize() functions." (* Security fix *) testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz: Upgraded to php-5.0.4. Fixes various bugs (and security issues.) (* Security fix *) +--------------------------+ Sat Mar 26 23:04:41 PST 2005 a/hotplug-2004_09_23-noarch-2.tgz: Blacklisted a few more modules: snd-atiixp-modem, snd-intel8x0m, snd-via82xx-modem, and intelfb. Thanks to Tomas Matejicek, Piter PUNK, and Tobias Svensson for reporting the problems with hotplug auto-loading these (in the rare event that your machine actually needs them, they can be manually loaded somewhere else in the boot scripts, such as rc.modules.) a/infozip-5.52-i486-1.tgz: Upgraded to unzip-5.52 and zip-2.31. a/gettext-0.14.3-i486-1.tgz: Upgraded to gettext-0.14.3. ap/mysql-4.0.24-i486-1.tgz: Upgraded to mysql-4.0.24. d/automake-1.9.5-noarch-1.tgz: Upgraded to automake-1.9.5. d/gettext-tools-0.14.3-i486-1.tgz: Upgraded to gettext-0.14.3. d/libtool-1.5.14-i486-1.tgz: Upgraded to libtool-1.5.14. gnome/*: Removed from -current, and turned over to community support and distribution. I'm not going to rehash all the reasons behind this, but it's been under consideration for more than four years. There are already good projects in place to provide Slackware GNOME for those who want it, and these are more complete than what Slackware has shipped in the past. So, if you're looking for GNOME for Slackware -current, I would recommend looking at these two projects for well-built packages that follow a policy of minimal interference with the base Slackware system: http://gsb.sf.net http://gware.sf.net There is also Dropline, of course, which is quite popular. However, due to their policy of adding PAM and replacing large system packages (like the entire X11 system) with their own versions, I can't give quite the same sort of nod to Dropline. Nevertheless, it remains another choice, and it's _your_ system, so I will also mention their project: http://www.dropline.net/gnome/ Please do not incorrectly interpret any of this as a slight against GNOME itself, which (although it does usually need to be fixed and polished beyond the way it ships from upstream more so than, say, KDE or XFce) is a decent desktop choice. So are a lot of others, but Slackware does not need to ship every choice. GNOME is and always has been a moving target (even the "stable" releases usually aren't quite ready yet) that really does demand a team to keep up on all the changes (many of which are not always well documented). I fully expect that this move will improve the quality of both Slackware itself, and the quality (and quantity) of the GNOME options available for it. Folks, this is how open source is supposed to work. Enjoy. :-) kde/kdeaccessibility-3.4.0-i486-1.tgz: Upgraded to kdeaccessibility-3.4.0. kde/kdeaddons-3.4.0-i486-1.tgz: Upgraded to kdeaddons-3.4.0. kde/kdeadmin-3.4.0-i486-1.tgz: Upgraded to kdeadmin-3.4.0. kde/kdeartwork-3.4.0-i486-1.tgz: Upgraded to kdeartwork-3.4.0. kde/kdebase-3.4.0-i486-1.tgz: Upgraded to kdebase-3.4.0. kde/kdebindings-3.4.0-i486-1.tgz: Upgraded to kdebindings-3.4.0. kde/kdeedu-3.4.0-i486-1.tgz: Upgraded to kdeedu-3.4.0. kde/kdegames-3.4.0-i486-1.tgz: Upgraded to kdegames-3.4.0. kde/kdegraphics-3.4.0-i486-1.tgz: Upgraded to kdegraphics-3.4.0. kde/kdelibs-3.4.0-i486-1.tgz: Upgraded to kdelibs-3.4.0. kde/kdemultimedia-3.4.0-i486-1.tgz: Upgraded to kdemultimedia-3.4.0. kde/kdenetwork-3.4.0-i486-1.tgz: Upgraded to kdenetwork-3.4.0. kde/kdepim-3.4.0-i486-1.tgz: Upgraded to kdepim-3.4.0. kde/kdesdk-3.4.0-i486-1.tgz: Upgraded to kdesdk-3.4.0. kde/kdetoys-3.4.0-i486-1.tgz: Upgraded to kdetoys-3.4.0. kde/kdeutils-3.4.0-i486-1.tgz: Upgraded to kdeutils-3.4.0. kde/kdevelop-3.2.0-i486-1.tgz: Upgraded to kdevelop-3.2.0. kde/kdewebdev-3.4.0-i486-1.tgz: Upgraded to kdewebdev-3.4.0. kde/koffice-1.3.5-i486-3.tgz: Recompiled. kde/qt-3.3.4-i486-1.tgz: Upgraded to qt-3.3.4 (with -stl). l/atk-1.9.1-i486-1.tgz: Upgraded to atk-1.9.1. l/arts-1.4.0-i486-1.tgz: Upgraded to arts-1.4.0. l/expat-1.95.8-i486-1.tgz: Upgraded to expat-1.95.8. (thanks to Alak Trakru for updating the DESTDIR patch) l/gtk+2-2.6.4-i486-1.tgz: Upgraded to gtk+-2.6.4. l/libart_lgpl-2.3.17-i486-1.tgz: Upgraded to libart_lgpl-2.3.17. l/libglade-2.4.2-i486-1.tgz: Upgraded to libglade-2.4.2. l/libgsf-1.11.1-i486-1.tgz: Upgraded to libgsf-1.11.1. l/libidl-0.8.5-i486-1.tgz: Upgraded to libidl-0.8.5, moved from /gnome. (this is used by Mozilla) l/libmikmod-3.1.11a-i486-1.tgz: Upgraded to libmikmod-3.1.11a, moved from /gnome. (this is used by XMMS) l/libxml2-2.6.18-i486-1.tgz: Upgraded to libxml2-2.6.18. l/libxslt-1.1.13-i486-1.tgz: Upgraded to libxslt-1.1.13. l/orbit-0.5.17-i386-1.tgz: Removed obsolete ORBit. l/pango-1.8.1-i486-1.tgz: Upgraded to pango-1.8.1. l/shared-mime-info-0.16-i486-1.tgz: Upgraded to shared-mime-info-0.16, moved from /gnome. l/startup-notification-0.8-i486-1.tgz: Upgraded to startup-notification-0.8. n/nail-11.22-i486-1.tgz: Upgraded to nail-11.22. n/samba-3.0.13-i486-1.tgz: Upgraded to samba-3.0.13. xap/gaim-1.2.0-i486-1.tgz: Upgraded to gaim-1.2.0 and gaim-encryption-2.36. (compiled against mozilla-1.7.6) xap/gimp-2.2.4-i486-1.tgz: Upgraded to gimp-2.2.4. xap/jre-symlink-1.0.2-noarch-1.tgz: Upgraded Java link for Firefox 1.0.2. xap/mozilla-1.7.6-i486-1.tgz: Replaced Mozilla, upgraded to 1.7.6. While I got surprisingly few negative comments about Mozilla's previous removal from -current, I have decided put it back. Why? Well, it is a good piece of software with a long and respected history. So, why then, would I have removed it before? Did I lose my mind? ;-) My answer at the time was that once the Mozilla Foundation indicated that the primary future direction would be with Firefox and Thunderbird, and that active development on the traditional Mozilla suite would end, then the writing was already on the wall. Slackware does not aim to be a Home for Orphaned Software, and if upstream ceases to support something, then I'll usually follow that lead in fairly short order. However, Mozilla is being restored for now since I know it has a strong following, but also because it provides some features (like the composer) that FF/TB do not, and because the libraries are used in GAIM to provide support for MSN. I am aware that GNUTLS can also be used for this purpose, but after looking that (and its dependencies) over, I'd prefer to not see that enter Slackware at this time. OpenSSL could also be used for this support in GAIM, but unfortunately there is an incompatibility between GAIM's GPL license and OpenSSL's BSD-with-advertising-clause license. This resulting snafu reminds me of a short article by Grigor Gatchev that I recently read on NewsForge, called "Metalicensing". It's still online, and I'd suggest it (and the author's site) for a little additional reading on the topic of free license incompatibilities, and how we might avoid unintentionally setting these kinds of traps for ourselves. I look forward to a world with the least possible restrictions on software development, and I think that step one is to be on guard against accidentally tying our own hands behind our backs. Having a redundant (but differently free) version of every component and needing them _all_ to create a complete system does not strike me as the optimal solution. /* end "pseudo blog" :-) I hope I didn't offend anybody affiliated with any of these fine projects, as that is definately not my intent... */ Back to the topic of _this package_, this Mozilla release fixes more than a dozen security issues (many of which are probably minor and unlikely to occur in real life, but you be the judge.) Please see mozilla.org for a complete list. (* Security fix *) xap/mozilla-firefox-1.0.2-i686-1.tgz: Upgraded to firefox-1.0.2. Fixes a GIF heap overflow and some other security issues. Please see mozilla.org for a complete list. (* Security fix *) xap/mozilla-thunderbird-1.0.2-i686-1.tgz: Upgraded to thunderbird-1.0.2. Fixes a GIF heap overflow and some other security issues. Please see mozilla.org for a complete list. (* Security fix *) xap/xfce-4.2.1.1-i486-1.tgz: Upgraded to xfce-4.2.1.1. xap/xscreensaver-4.21-i486-1.tgz: Upgraded to xscreensaver-4.21. extra/k3b/k3b-0.11.23-i486-1.tgz: Upgraded to k3b-0.11.23. extra/parted/parted-1.6.22-i486-1.tgz: Upgraded to parted-1.6.22. testing/packages/gnupg-1.4.1-i486-1.tgz: Upgraded to gnupg-1.4.1. +--------------------------+ Wed Mar 9 21:15:23 PST 2005 a/udev-054-i486-3.tgz: Fixed make_extra_nodes.sh to not require expr, which is under /usr and might not be available. (thanks to Daniel de Kok) n/nmap-3.81-i486-1.tgz: Upgraded to nmap-3.81. n/openssh-4.0p1-i486-1.tgz: Upgraded to OpenSSH 4.0p1. n/samba-3.0.11-i486-1.tgz: Upgraded to samba-3.0.11. extra/bittornado/bittornado-0.3.10-noarch-1.tgz: Upgraded to BitTornado-0.3.10. extra/bittorrent/bittorrent-4.0.0-noarch-1.tgz: Upgraded to BitTorrent-4.0.0. +--------------------------+ Tue Mar 8 14:23:58 PST 2005 xap/mozilla-firefox-1.0.1-i686-2.tgz: Fixed default mailto: pref to use Thunderbird. (thanks to Steven E. Woolard) xap/mozilla-thunderbird-1.0-i686-2.tgz: Fixed default URL handler to use Firefox for https:// as well as http://. (thanks to Steven E. Woolard) Fixed background transparency of icon used by the thunderbird.desktop file. (thanks to Jason Edson) +--------------------------+ Mon Mar 7 22:16:12 PST 2005 a/udev-054-i486-2.tgz: Removed udev.permissions file and merged the permissions configuration into the udev.rules file. Also, added support for numbering multiple cdrom and dvd devices at boot time (thanks to Michal Kosmulski for sending in the starting diff). Let me know if any permissions bugs remain... sorry about that last batch 'o bugs -- my fault for not reading the instructions carefully. xap/jre-symlink-1.0.1-noarch-1.tgz: Adds a symlink to the Java(TM) plugin. xap/mozilla-firefox-1.0.1-i686-1.tgz: Added Mozilla Firefox (from the official binary distribution.) Thanks to the Mozilla Foundation! :-) xap/mozilla-thunderbird-1.0-i686-1.tgz: Added Mozilla Thunderbird (also from the official binary distribution.) xap/mozilla-1.7.5-i486-1.tgz: Removed. xap/mozilla-plugins-1.7.5-noarch-2.tgz: Removed. xap/netscape-7.2-i686-1.tgz: Removed. testing/packages/linux-2.6.11/alsa-driver-1.0.8_2.6.11-i486-1.tgz: Upgraded to ALSA 1.0.8 for Linux 2.6.11. testing/packages/linux-2.6.11/kernel-generic-2.6.11-i486-1.tgz: Upgraded to Linux 2.6.11 generic x86 kernel. testing/packages/linux-2.6.11/kernel-headers-2.6.11-i386-1.tgz: Upgraded to Linux 2.6.11 kernel headers. testing/packages/linux-2.6.11/kernel-modules-2.6.11-i486-1.tgz: Upgraded to Linux 2.6.11 kernel modules. testing/packages/linux-2.6.11/kernel-source-2.6.11-noarch-1.tgz: Upgraded to Linux 2.6.11 kernel source. +--------------------------+ Mon Feb 28 20:56:58 PST 2005 a/udev-054-i486-1.tgz: Upgraded to udev-054. ap/espgs-8.15rc2-i486-1.tgz: Upgraded to espgs-8.15rc2. d/flex-2.5.4a-i486-3.tgz: Replaced old "lex" script with a symlink. (Thanks to Mike Sullivan) d/gcc-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5. d/gcc-g++-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5. d/gcc-g77-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5. d/gcc-gnat-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5. d/gcc-java-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5. d/gcc-objc-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5. l/glib2-2.6.3-i486-1.tgz: Upgraded to glib-2.6.3. l/gtk+2-2.6.3-i486-1.tgz: Upgraded to gtk+-2.6.3. t/tetex-3.0-i486-1.tgz: Upgraded to teTeX 3.0. t/tetex-doc-3.0-noarch-1.tgz: Upgraded to teTeX 3.0 documentation. xap/gaim-1.1.4-i486-1.tgz: Upgraded to gaim-1.1.4 and gaim-encryption-2.35. +--------------------------+ Mon Feb 14 10:31:43 PST 2005 Upgraded to X11R6.8.2 (these new -current X11 packages will also work just fine on Slackware 10.1 since no libraries have changed since the 10.1 release) x/x11-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2. x/x11-devel-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2. x/x11-docs-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2. x/x11-docs-html-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2. x/x11-fonts-100dpi-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2. x/x11-fonts-cyrillic-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2. x/x11-fonts-misc-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2. x/x11-fonts-scale-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2. x/x11-xdmx-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2. x/x11-xnest-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2. x/x11-xvfb-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2. +--------------------------+ Wed Feb 2 18:22:01 PST 2005 Released Slackware 10.1 stable. Thanks to everyone who helped out with this release, and especially to the folks at GUS-BR and SlackSec who helped (and continue to help) with handling security issues for the last few months, to Andreas Liebschner for keeping the website updated and running smoothly, to Theresa Elam for all her hard work running store.slackware.com, to the folks on alt.os.linux.slackware for pointing out bugs and offering suggestions, to the people on ##slackware that I met on IRC (and some again in later emails), to Justin, Kyle, and Dean from the Linux User Group of Rochester, MN who I got to hang out with while "vacationing" at the Mayo Clinic, to everyone who signed my online Christmas card (one of the nicest things I ever got), and to all the kind and patient members of the Slackware community. I hope all of you will enjoy this new Slackware release. Have fun! :-) Your Slackware Maintainer, Pat PS I'm looking forward to working with all of you towards the next one, too. PPS Sorry if that was too much like an Academy Award speech. I could almost hear that music shoving me off the stage. ;-)