Wed Dec 31 11:35:43 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.19-i686-1.tgz: Upgraded to thunderbird-2.0.0.19. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Fri Dec 26 22:45:51 CST 2008 patches/packages/seamonkey-1.1.14-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.14. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Thu Dec 18 12:44:59 CST 2008 patches/packages/mozilla-firefox-2.0.0.20-i686-1.tgz: Upgraded to firefox-2.0.0.20. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) +--------------------------+ Mon Dec 8 05:15:44 CST 2008 extra/php5/php-5.2.8-i486-1_slack11.0.tgz: Upgraded to php-5.2.8. This is a bugfix release that reverts a change that broke magic_quotes_gpc. +--------------------------+ Fri Dec 5 20:54:22 CST 2008 extra/php5/php-5.2.7-i486-1_slack11.0.tgz: Upgraded to php-5.2.7. In addition to improvements and bug fixes, this new version of PHP also addresses several security issues, including: Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660). rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829). Fixed extraction of zip files or directories when the entry name is a relative path: http://www.sektioneins.de/advisories/SE-2008-06.txt These are the URLs to get more information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 http://www.sektioneins.de/advisories/SE-2008-06.txt (* Security fix *) +--------------------------+ Sat Nov 29 13:37:04 CST 2008 patches/packages/ruby-1.8.6_p287-i486-1_slack11.0.tgz: Upgraded to ruby-1.8.6-p287. This fixes several bugs in the previous Ruby update, including a security issue where the DNS resolver did not randomize the source port and transaction id sufficiently. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Fri Nov 28 16:27:52 CST 2008 patches/packages/samba-3.0.33-i486-1_slack11.0.tgz: Upgraded to samba-3.0.33. This package fixes an important barrier against rogue clients reading from uninitialized memory (though no proof-of-concept is known to exist). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314 (* Security fix *) +--------------------------+ Thu Nov 20 18:14:27 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.18-i686-1.tgz: Upgraded to thunderbird-2.0.0.18. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Wed Nov 19 19:13:12 CST 2008 patches/packages/libxml2-2.6.32-i486-1_slack11.0.tgz: Upgraded to libxml2-2.6.32 and patched. This fixes vulnerabilities including denial of service, or possibly the execution of arbitrary code as the user running a libxml2 linked application if untrusted XML content is parsed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 (* Security fix *) +--------------------------+ Sat Nov 15 19:22:43 CST 2008 patches/packages/mozilla-firefox-2.0.0.18-i686-1.tgz Upgraded to firefox-2.0.0.18. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.13-i486-1_slack11.0.tgz Upgraded to seamonkey-1.1.13. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Mon Oct 13 13:58:21 CDT 2008 patches/packages/glibc-zoneinfo-2.3.6-noarch-11_slack11.0.tgz: Upgraded to tzdata2008h for the latest world timezone changes. +--------------------------+ Fri Sep 26 22:38:32 CDT 2008 patches/packages/mozilla-thunderbird-2.0.0.17-i686-1.tgz: Upgraded to thunderbird-2.0.0.17. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Thu Sep 25 23:24:07 CDT 2008 patches/packages/mozilla-firefox-2.0.0.17-i686-1.tgz: Upgraded to firefox-2.0.0.17. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.12-i486-1_slack11.0.tgz: This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Wed Sep 17 02:28:20 CDT 2008 patches/packages/bind-9.3.5_P2-i486-1_slack11.0.tgz: Upgraded to bind-9.3.5-P2. This version has performance gains over bind-9.3.5-P1. +--------------------------+ Wed Sep 3 19:51:43 CDT 2008 patches/packages/php-4.4.9-i486-1_slack11.0.tgz: Upgraded to php-4.4.9. This upgrades the bundled PCRE library to fix security issues, as well as fixing a few other security related bugs. See the PHP4 ChangeLog for more details: http://www.php.net/ChangeLog-4.php#4.4.9 Please note: PHP4 has been officially discontinued since last year, and reached the announced EOL on 2008-08-08. Sites should consider migrating to a supported release. (* Security fix *) +--------------------------+ Mon Sep 1 21:56:29 CDT 2008 patches/packages/samba-3.0.32-i486-1_slack11.0.tgz: Upgraded to samba-3.0.32. This is a bugfix release. See the WHATSNEW.txt file in the Samba docs for details on what has changed. +--------------------------+ Thu Aug 28 22:48:16 CDT 2008 patches/packages/amarok-1.4.10-i486-1_slack11.0.tgz: Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune online music library support which could be used by malicious local users to overwrite system files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 (* Security fix *) patches/packages/libgpod-0.6.0-i486-1_slack11.0.tgz: Upgraded to libgpod-0.6.0. This new version of libgpod is required for amarok-1.4.10. +--------------------------+ Mon Aug 4 14:03:01 CDT 2008 patches/packages/python-2.4.5-i486-1_slack11.0.tgz: Upgraded to 2.4.5 and patched overflows and other security problems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 (* Security fix *) +--------------------------+ Tue Jul 29 13:32:21 CDT 2008 patches/packages/proftpd-1.3.1-i486-1_slack11.0.tgz: Recompiled against new OpenSSL, since this evidently checks the OpenSSL version and will only run against the libraries it was compiled against. A small patch was also added due to changes in the system includes. Thanks to Martin Schmitz for the info and a pointer to the patch. +--------------------------+ Mon Jul 28 22:05:06 CDT 2008 patches/packages/fetchmail-6.3.8-i486-1_slack11.0.tgz: Patched to fix a possible denial of service when "-v -v" options are used. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711 (* Security fix *) patches/packages/links-2.1-i486-1_slack11.0.tgz: Upgraded to links-2.1. Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329 (* Security fix *) patches/packages/mozilla-thunderbird-2.0.0.16-i686-1.tgz: Upgraded to thunderbird-2.0.0.16. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) patches/packages/openssh-5.1p1-i486-1_slack11.0.tgz: Upgraded to openssh-5.1p1. When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or it is possible to be unable to log back into sshd! patches/packages/openssl-0.9.8h-i486-1_slack11.0.tgz: Upgraded to OpenSSL 0.9.8h. The Codenomicon TLS test suite uncovered security bugs in OpenSSL. If OpenSSL was compiled using non-default options (Slackware's package is not), then a malicious packet could cause a crash. Also, a malformed TLS handshake could also lead to a crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672 When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or it is possible to be unable to log back into sshd! (* Security fix *) patches/packages/openssl-solibs-0.9.8h-i486-1_slack11.0.tgz: Upgraded to OpenSSL 0.9.8h shared libraries (see above). (* Security fix *) patches/packages/vim-7.1.330-i486-1_slack11.0.tgz: Upgraded to vim-7.1.330. This fixes several security issues related to the automatic processing of untrusted files. For more information, see: http://www.rdancer.org/vulnerablevim.html (* Security fix *) patches/packages/vim-gvim-7.1.330-i486-1_slack11.0.tgz: Upgraded to vim-gvim-7.1.330. See "vim" above for details. (* Security fix *) +--------------------------+ Wed Jul 23 16:27:21 CDT 2008 patches/packages/dnsmasq-2.45-i486-1_slack11.0.tgz: Upgraded to dnsmasq-2.45. It was discovered that earlier versions of dnsmasq have DNS cache weaknesses that are similar to the ones recently discovered in BIND. This new release minimizes the risk of cache poisoning. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Wed Jul 16 19:28:25 CDT 2008 patches/packages/mozilla-firefox-2.0.0.16-i686-1.tgz: Upgraded to firefox-2.0.0.16. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.11-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.11. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Wed Jul 9 20:03:57 CDT 2008 patches/packages/bind-9.3.5_P1-i486-1_slack11.0.tgz: Upgraded to bind-9.3.5-P1. This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache Poisoning Issue. This is the summary of the problem from the BIND site: "A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack." It is suggested that sites that run BIND upgrade to one of the new packages in order to reduce their exposure to DNS cache poisoning attacks. For more information, see: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz: Upgraded to firefox-2.0.0.15. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.10-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.10. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Fri Jun 27 23:17:20 CDT 2008 patches/packages/ruby-1.8.6_p230-i486-1_slack11.0.tgz: Upgraded to ruby-1.8.6-p230. This fixes a number of security related bugs in Ruby which could lead to a denial of service (DoS) condition or allow execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 (* Security fix *) +--------------------------+ Wed May 28 19:46:22 CDT 2008 patches/packages/samba-3.0.30-i486-1_slack11.0.tgz: Upgraded to samba-3.0.30. This is a security release in order to address CVE-2008-1105 ("Boundary failure when parsing SMB responses can result in a buffer overrun"). For more information on the security issue, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 (* Security fix *) +--------------------------+ Tue May 27 21:53:32 CDT 2008 patches/packages/rdesktop-1.6.0-i486-1_slack11.0.tgz: Upgraded to rdesktop-1.6.0. According to the rdesktop ChangeLog, this contains a: "* Fix for potential vulnerability against compromised/malicious servers (reported by iDefense)" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 (* Security fix *) +--------------------------+ Wed May 7 15:28:33 CDT 2008 patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz: Upgraded to thunderbird-2.0.0.14. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) extra/php5/php-5.2.6-i486-1_slack11.0.tgz: Upgraded to php-5.2.6. PHP4 was standard in Slackware 11.0, which is why this package is provided "in place" under /extra rather than under /patches (where upgrade tools might mistakenly grab and install it where it would not be desirable.) This version of PHP contains many fixes and enhancements. Some of the fixes are security related, and the PHP release announcement provides this list: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Upgraded bundled PCRE to version 7.6 When last checked, CVE-2008-0599 was not yet open. However, additional information should become available at this URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 The list reproduced above, as well as additional information about other fixes in PHP 5.2.6 may be found in the PHP release announcement here: http://www.php.net/releases/5_2_6.php (* Security fix *) +--------------------------+ Mon Apr 28 23:46:17 CDT 2008 patches/packages/libpng-1.2.27-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.27. This fixes various bugs, the most important of which have to do with the handling of unknown chunks containing zero-length data. Processing a PNG image that contains these could cause the application using libpng to crash (possibly resulting in a denial of service), could potentially expose the contents of uninitialized memory, or could cause the execution of arbitrary code as the user running libpng (though it would probably be quite difficult to cause the execution of attacker-chosen code). We recommend upgrading the package as soon as possible. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt (* Security fix *) +--------------------------+ Sat Apr 19 23:49:25 CDT 2008 patches/packages/xine-lib-1.1.11.1-i686-3_slack11.0.tgz: Recompiled, with --without-speex (we didn't ship the speex library in Slackware anyway, but for reference this issue would be CVE-2008-1686), and with --disable-nosefart (the recently reported as insecurely demuxed NSF format). As before in -2, this package fixes the two regressions mentioned in the release notes for xine-lib-1.1.12: http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655 (* Security fix *) +--------------------------+ Thu Apr 17 16:25:55 CDT 2008 patches/packages/mozilla-firefox-2.0.0.14-i686-1.tgz: Upgraded to firefox-2.0.0.14. This upgrade fixes a potential security bug. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Tue Apr 8 00:17:36 CDT 2008 patches/packages/xine-lib-1.1.11.1-i686-2_slack11.0.tgz: Patched to fix playback failure affecting several media formats accidentally broken in the xine-lib-1.1.11.1 release. Thanks to Diogo Sousa for pointing me to the new release notes on xinehq.de. +--------------------------+ Mon Apr 7 02:04:58 CDT 2008 patches/packages/bzip2-1.0.5-i486-1_slack11.0.tgz: Upgraded to bzip2-1.0.5. Previous versions of bzip2 contained a buffer overread error that could cause applications linked to libbz2 to crash, resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 (* Security fix *) patches/packages/m4-1.4.11-i486-1_slack11.0.tgz: Upgraded to m4-1.4.11. In addition to bugfixes and enhancements, this version of m4 also fixes two issues with possible security implications. A minor security fix with the use of "maketemp" and "mkstemp" -- these are now quoted to prevent the (rather unlikely) possibility that an unquoted string could match an existing macro causing operations to be done on the wrong file. Also, a problem with the '-F' option (introduced with version 1.4) could cause a core dump or possibly (with certain file names) the execution of arbitrary code. For more information on these issues, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688 (* Security fix *) +--------------------------+ Fri Apr 4 12:36:37 CDT 2008 patches/packages/openssh-5.0p1-i486-1_slack11.0.tgz: Upgraded to openssh-5.0p1. This version fixes a security issue where local users could hijack forwarded X connections. Upgrading to the new package is highly recommended. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 (* Security fix *) +--------------------------+ Mon Mar 31 23:33:58 CDT 2008 patches/packages/xine-lib-1.1.11.1-i686-1_slack11.0.tgz: Upgraded to xine-lib-1.1.11.1. Earlier versions of xine-lib suffer from an integer overflow which may lead to a buffer overflow that could potentially be used to gain unauthorized access to the machine if a malicious media file is played back. File types affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 (* Security fix *) +--------------------------+ Sat Mar 29 03:09:17 CDT 2008 patches/packages/mozilla-firefox-2.0.0.13-i686-1.tgz: Upgraded to firefox-2.0.0.13. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.9-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.9. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/xine-lib-1.1.11-i686-1_slack11.0.tgz: Earlier versions of xine-lib suffer from an array index bug that may have security implications if a malicious RTSP stream is played. Playback of other media formats is not affected. If you use RTSP, you should probably upgrade xine-lib. For more information on the security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 (* Security fix *) +--------------------------+ Sun Mar 2 00:15:53 CST 2008 patches/packages/espgs-8.15.3svn185-i486-3_slack11.0.tgz: This patched version of ESP Ghostscript fixes a buffer overflow. For more information on the security issue, please see: http://scary.beasts.org/security/CESA-2008-001.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411 Thanks to Chris Evans and Will Drewry of Google Security for their work on discovering and demonstrating the overflow. (* Security fix *) +--------------------------+ Sat Mar 1 15:55:28 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz: Upgraded to thunderbird-2.0.0.12. This update fixes the following security related issues: MFSA 2008-12: Heap buffer overflow in external MIME bodies MFSA 2008-05: Directory traversal via chrome: URI MFSA 2008-03: Privilege escalation, XSS, Remote Code Execution MFSA 2008-01: Crashes with evidence of memory corruption (rv:1.8.1.12) For more information, see: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-01.html These are the related CVE entries: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 (* Security fix *) +--------------------------+ Thu Feb 14 17:37:38 CST 2008 patches/packages/apache-1.3.41-i486-1_slack11.0.tgz: Upgraded to apache-1.3.41, the last regular release of the Apache 1.3.x series, and a security bugfix-only release. For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 (* Security fix *) patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz: Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41. patches/packages/php-4.4.8-i486-1_slack11.0.tgz: Upgraded to php-4.4.8. This is a security and bugfix release. More information may be found here: http://bugs.php.net/43010 This is the last regular release of PHP-4.4.x. The EOL is scheduled for 2008-08-08. (* Security fix *) +--------------------------+ Tue Feb 12 23:07:34 CST 2008 patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz: Upgraded to firefox-2.0.0.12. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.8-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.8. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Mon Dec 31 18:49:52 CST 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-10_slack11.0.tgz: Some deja vu. ;-) Upgraded to tzdata2007k. A new year should be started with the latest timezone data, so here it is. Happy holidays, and a happy new year to all! :-) +--------------------------+ Mon Dec 24 15:54:26 CST 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-9_slack11.0.tgz: Upgraded to tzdata2007j. A new year should be started with the latest timezone data, so here it is. Happy holidays, and a happy new year to all! :-) +--------------------------+ Fri Dec 14 18:03:59 CST 2007 patches/packages/mysql-5.0.51-i486-1_slack11.0.tgz: Upgraded to mysql-5.0.51. This release fixes several bugs, including some security issues. However, it also includes a potentially incompatible change, so be sure to read the release notes before upgrading. It is possible that some databases will need to be fixed in order to work with this (and future) releases: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 (* Security fix *) +--------------------------+ Mon Dec 10 12:45:35 CST 2007 patches/packages/samba-3.0.28-i486-1_slack11.0.tgz: Upgraded to samba-3.0.28. Samba 3.0.28 is a security release in order to address a boundary failure in GETDC mailslot processing that can result in a buffer overrun leading to possible code execution. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015 http://www.samba.org/samba/history/samba-3.0.28.html http://secunia.com/secunia_research/2007-99/advisory/ (* Security fix *) +--------------------------+ Mon Dec 3 19:58:51 CST 2007 patches/packages/cairo-1.4.12-i486-1_slack11.0.tgz: Upgraded to cairo-1.4.12. This fixes a possible security risk when decoding PNG files that may have been maliciously tampered with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503 (* Security fix *) patches/packages/samba-3.0.27a-i486-1_slack11.0.tgz: Upgraded to samba-3.0.27a. This update fixes a crash bug regression experienced by smbfs clients caused by the fix for CVE-2007-4572. +--------------------------+ Sat Dec 1 16:57:18 CST 2007 patches/packages/rsync-2.6.9-i486-1_slack11.0.tgz: Patched some security bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://lists.samba.org/archive/rsync-announce/2007/000050.html (* Security fix *) patches/packages/mozilla-firefox-2.0.0.11-i686-1.tgz: Upgraded to Firefox 2.0.0.11, which fixed a bug introduced by the 2.0.0.10 update in the feature that affected some web pages and extensions. +--------------------------+ Thu Nov 29 20:19:30 CST 2007 patches/packages/seamonkey-1.1.7-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.7. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Tue Nov 27 16:23:07 CST 2007 patches/packages/mozilla-firefox-2.0.0.10-i686-1.tgz: Upgraded to firefox-2.0.0.10. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed Nov 21 00:55:51 CST 2007 patches/packages/libpng-1.2.23-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.23. Previous libpng versions may crash when loading malformed PNG files. It is not currently known if this vulnerability can be exploited to execute malicious code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 (* Security fix *) +--------------------------+ Tue Nov 20 16:49:58 CST 2007 patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz: Upgraded to thunderbird-2.0.0.9. This update fixes the following security related issues: URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36). Crashes with evidence of memory corruption (MFSA 2007-29). OK, so the first one obviously does not affect us. :-) The second fix has to do with the same JavaScript handling problem fixed before in Firefox. JavaScript is not enabled by default in Thunderbird, and the developers (at least in MFSA 2007-36) do not recommend turning it on. For more information, see: http://www.mozilla.org/security/announce/2007/mfsa2007-36.html http://www.mozilla.org/security/announce/2007/mfsa2007-29.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 (* Security fix *) +--------------------------+ Fri Nov 16 17:22:18 CST 2007 patches/packages/samba-3.0.27-i486-1_slack11.0.tgz: Upgraded to samba-3.0.27. Samba 3.0.27 is a security release in order to address a stack buffer overflow in nmbd's logon request processing, and remote code execution in Samba's WINS server daemon (nmbd) when processing name registration followed name query requests. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 (* Security fix *) +--------------------------+ Mon Nov 12 01:25:34 CST 2007 patches/packages/kdegraphics-3.5.4-i486-2_slack11.0.tgz: Patched xpdf related bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) patches/packages/koffice-1.5.2-i486-5_slack11.0.tgz: Patched xpdf related bugs. For more information, see: http://www.kde.org/info/security/advisory-20071107-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) patches/packages/xpdf-3.02pl2-i486-1_slack11.0.tgz: Upgraded to xpdf-3.02pl2. The pl2 patch fixes a crash in xpdf. Some theorize that this could be used to execute arbitrary code if an untrusted PDF file is opened, but no real-world examples are known (yet). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) +--------------------------+ Sat Nov 10 22:19:02 CST 2007 extra/php5/php-5.2.5-i486-2_slack11.0.tgz: The security/bug fix update for Slackware 11.0 has been reissued to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this out. We appreciate the fast weekend Q/A. :-) This package should be installed rather than the previously released php-5.2.5-i486-1_slack11.0 (unless you do not use /usr/php/php-cgi in which case either package will do.) (* Security fix *) +--------------------------+ Sat Nov 10 15:36:59 CST 2007 patches/packages/mozilla-firefox-2.0.0.9-i686-1.tgz: Upgraded to firefox-2.0.0.9. This upgrade improves the stability of Firefox. For more information, see: http://developer.mozilla.org/devnews/index.php/2007/11/01/firefox-2009-stability-update-now-available-for-download/ extra/php5/php-5.2.5-i486-1_slack11.0.tgz: Upgraded to php-5.2.5. This fixes bugs and security issues. For more information, see: http://www.php.net/releases/5_2_5.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887 (* Security fix *) +--------------------------+ Fri Nov 9 16:34:12 CST 2007 patches/packages/seamonkey-1.1.6-i486-1_slack11.tgz: Upgraded to SeaMonkey 1.1.6. This upgrade fixes SeaMonkey's ability to display certain types of web pages. That's about all we could find about it here: http://www.mozilla.org/projects/seamonkey/ +--------------------------+ Thu Nov 1 22:03:53 CDT 2007 patches/packages/cups-1.2.11-i486-2_slack12.0.tgz: Patched cups-1.2.11. An off-by-one error in ipp.c may allow a remote attacker to crash CUPS resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 (* Security fix *) +--------------------------+ Wed Oct 24 23:02:28 CDT 2007 patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz: Upgraded to firefox-2.0.0.8. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/seamonkey-1.1.5-i486-1_slack12.0.tgz: Upgraded to seamonkey-1.1.5. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) extra/mozilla-2.0.0.6/: Removed. Since the 1.5.0.x branch is no longer supported, there's little point in leaving it up (at least in /extra...) +--------------------------+ Wed Oct 10 11:50:50 CDT 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-8_slack11.0.tgz: Upgraded to timezone data from tzcode2007h and tzdata2007h. This contains the latest timezone data from NIST, including some important changes to daylight savings time in Brasil and New Zealand. +--------------------------+ Wed Sep 12 15:20:06 CDT 2007 patches/packages/openssh-4.7p1-i486-1_slack11.0.tgz: Upgraded to openssh-4.7p1. From the OpenSSH release notes: "Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec." While it's fair to say that we here at Slackware don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry. More information should appear here eventually: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 (* Security fix *) patches/packages/samba-3.0.26a-i486-1_slack11.0.tgz: Upgraded to samba-3.0.26a. This fixes a security issue in all Samba 3.0.25 versions: "Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin." For more information, see: http://www.samba.org/samba/security/CVE-2007-4138.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138 (* Security fix *) extra/php5/php-5.2.4-i486-1_slack11.0.tgz: Upgraded to php-5.2.4. The PHP announcement says this version fixes over 120 bugs as well as "several low priority security bugs." Read more about it here: http://www.php.net/releases/5_2_4.php (* Security fix *) +--------------------------+ Sat Aug 18 15:00:32 CDT 2007 patches/packages/tcpdump-3.9.7-i486-1_slack11.0.tgz: Upgraded to libpcap-0.9.7, tcpdump-3.9.7. This new version fixes an integer overflow in the BGP dissector which could possibly allow remote attackers to crash tcpdump or to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 (* Security fix *) +--------------------------+ Fri Aug 10 22:39:13 CDT 2007 patches/packages/gimp-2.2.17-i486-1_slack11.0.tgz: Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding certain image types. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 (* Security fix *) patches/packages/qt-3.3.8-i486-2_slack11.0.tgz: Patched to fix several format string bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 (* Security fix *) patches/packages/seamonkey-1.1.4-i486-1_slack11.tgz: Upgraded to seamonkey-1.1.4. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/xpdf-3.02pl1-i486-1_slack11.0.tgz: Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly be leveraged to run arbitrary code if a malicious PDF file is processed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 (* Security fix *) +--------------------------+ Fri Aug 3 15:43:35 CDT 2007 patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz: Upgraded to thunderbird-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) +--------------------------+ Wed Aug 1 13:52:51 CDT 2007 extra/mozilla-firefox-2.0.0.6/mozilla-firefox-2.0.0.6-i686-1.tgz: Upgraded to firefox-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Thu Jul 26 15:51:42 CDT 2007 patches/packages/bind-9.3.4_P1-i486-1_slack11.0.tgz: Upgraded to bind-9.3.4_P1 to fix a security issue. The query IDs in BIND9 prior to BIND 9.3.4-P1 are cryptographically weak. For more information on this issue, see: http://www.isc.org/index.pl?/sw/bind/bind-security.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 (* Security fix *) +--------------------------+ Tue Jul 24 12:40:16 CDT 2007 patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz: Upgraded to thunderbird-2.0.0.5. Since Thunderbird shares the browser engine with Firefox it is susceptible to similar vulnerabilities. This update fixes the same issues fixed in the recent Firefox patch. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.1.3-i486-1_slack11.tgz: Upgraded to seamonkey-1.1.3. This is presumably a security update, but the details on the net have been sparse. So far nothing has appeared at the usual URL, but I would treat this as a security update unless it is announced as otherwise. For more information (if/when it appears), see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Thu Jul 19 12:55:48 CDT 2007 extra/mozilla-firefox-2.0.0.5/mozilla-firefox-2.0.0.5-i686-1.tgz: Upgraded to firefox-2.0.0.5. This upgrade fixes a couple of minor security bugs. Nobody here is launching Firefox from Internet Explorer, right? :-) For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed Jun 27 01:11:32 CDT 2007 patches/packages/gd-2.0.35-i486-1_slack11.0.tgz: Upgraded to gd-2.0.35. This fixes a few possible security issues: * Possible infinite loop in the PNG reader * Possible integer overflow in gdImageCreateTrueColor * Possible crash in gdImageCreateXbm * Numerous flaws in the GIF reader (* Security fix *) +--------------------------+ Wed Jun 13 21:43:03 CDT 2007 patches/packages/libexif-0.6.16-i486-1_slack11.0.tgz: Upgraded to libexif-0.6.16. An integer overflow in libexif can crash applications that use the library on malformed images. The upstream advisory indicates that this flaw could also be used to execute arbitrary code in the context of the user, but no exploit is known (by us) to exist among iDefense's researchers or in the wild. But, as a crash bug and heap overflow one must suppose that the possibility exists. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 (* Security fix *) +--------------------------+ Fri Jun 1 21:50:50 CDT 2007 patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz: Upgraded to firefox-1.5.0.12. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz: Upgraded to thunderbird-1.5.0.12. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.1.2-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) extra/mozilla-firefox-2.0.0.4/mozilla-firefox-2.0.0.4-i686-1.tgz: Upgraded to firefox-2.0.0.4. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Fri Jun 1 14:56:51 CDT 2007 extra/php5/php-5.2.3-i486-1_slack11.0.tgz: Upgraded to php-5.2.3. Here's some basic information about the release from php.net: "This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release." For more complete information, see: http://www.php.net/releases/5_2_3.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 (* Security fix *) +--------------------------+ Fri May 25 11:27:02 CDT 2007 patches/packages/samba-3.0.25a-i486-1_slack11.0.tgz: Upgraded to samba-3.0.25a. This fixes some major (non-security) bugs in samba-3.0.25. See the WHATSNEW.txt for details. +--------------------------+ Wed May 16 16:16:59 CDT 2007 patches/packages/libpng-1.2.18-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.18. A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications. This vulnerability has been assigned the identifiers CVE-2007-2445 and CERT VU#684664. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 (* Security fix *) +--------------------------+ Mon May 14 18:22:43 CDT 2007 patches/packages/samba-3.0.25-i486-1_slack11.0.tgz: Upgraded to samba-3.0.25. Security Fixes included in the Samba 3.0.25 release are: o CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation o CVE-2007-2446 Versions: Samba 3.0.0 - 3.0.24 Multiple heap overflows allow remote code execution o CVE-2007-2447 Versions: Samba 3.0.0 - 3.0.24 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447 (* Security fix *) +--------------------------+ Mon May 14 16:39:31 CDT 2007 patches/packages/seamonkey-1.1.1-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.1.1. Removed various symlinks to NSS libraries. If you plan to rebuild the pidgin package in unsupported/pidgin/stable for any reason (you shouldn't need to), first upgrade to this package and then upgradepkg --reinstall the mozilla-nss package. +--------------------------+ Thu May 10 16:14:34 CDT 2007 testing/packages/bash-3.2.017-i486-1_slack11.0.tgz: Upgraded to bash-3.2.017. Moved here from /patches/packages. Honestly, I think /testing may be a better place for bash-3.2 for a while longer -- it's causing trouble with many old scripts. So, we'll give it a while longer to stabilize and for scripts to catch up to any syntax changes which may have occured. +--------------------------+ Tue May 8 22:19:03 CDT 2007 patches/packages/slackpkg-2.60-noarch-1.tgz: Upgraded to slackpkg-2.60. Thanks to Piter Punk! +--------------------------+ Mon May 7 21:55:15 CDT 2007 extra/php5/php-5.2.2-i486-1_slack11.0.tgz: Upgraded to php-5.2.2. This fixes bugs and improves security. For more details, see: http://www.php.net/releases/5_2_2.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 (* Security fix *) patches/packages/php-4.4.7-i486-1_slack11.0.tgz: Upgraded to php-4.4.7. This fixes bugs and improves security. For more details, see: http://www.php.net/releases/4_4_7.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 (* Security fix *) +--------------------------+ Thu May 3 23:02:49 CDT 2007 patches/packages/gnome-icon-theme-2.14.2-noarch-2_slack11.0.tgz: gnome-icon-theme puts its pkgconfig file in the wrong directory, which is (was) breaking compiles. Now it is in the right place. Thanks to Robby Workman for pointing it out. +--------------------------+ Wed Apr 25 15:19:06 CDT 2007 patches/packages/fontconfig-2.4.2-i486-2_slack11.0.tgz: Changed the font paths in /etc/fonts/fonts.conf to point to where the fonts actually are, rather than through a symlink. The symlink (/usr/X11R6/lib/fonts) *should* be made by the aaa_base package, but still it's probably best to point to the real location. Thanks to Zoran Davidovac for the suggestion. Moved man pages to the proper location and gzipped them. Created a /var/cache/fontconfig directory. +--------------------------+ Mon Apr 23 13:32:50 CDT 2007 patches/packages/freetype-2.3.4-i486-2_slack11.0.tgz: Fixed the diffs for the patented algorithms. Thanks to Eric Hameleers. +--------------------------+ Fri Apr 20 13:47:39 CDT 2007 patches/packages/x11-6.9.0-i486-14_slack11.0.tgz: Removed old versions of fc-cache and fc-list. Somehow a couple of old fontconfig binaries snuck into this package, and prevent fc-cache from working properly at boot (or any other time). If you've already installed these upgrades, reinstalling the fontconfig package will fix the issue. If you do that, there's no need to reinstall this new x11 package -- it's been fixed so that there's no longer a problem with the package install order (and because those fc-* binaries didn't belong there). Sorry for any inconvenience... Thanks to Petri Kaukasoina for pointing this out. (* Fix *) +--------------------------+ Thu Apr 19 18:53:08 CDT 2007 patches/packages/fontconfig-2.4.2-i486-1_slack11.0.tgz: Upgraded to the fontconfig-2.4.2 to work better with freetype-2.3.4. patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz: Fixed an overflow parsing BDF fonts. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 (* Security fix *) patches/packages/x11-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-devel-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz: Recompiled. patches/packages/xine-lib-1.1.6-i686-1_slack11.0.tgz: Upgraded to xine-lib-1.1.6. This fixes overflows in xine-lib in some little-used media formats in xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in xine-lib < 1.1.5 could definitely cause an application using xine-lib to crash, and it is theorized that a malicious media file could be made to run arbitrary code in the context of the user running the application. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 (* Security fix *) +--------------------------+ Wed Apr 4 13:25:17 CDT 2007 patches/packages/ktorrent-2.1.3-i486-2_slack11.0.tgz: Changed --prefix from /usr to /opt/kde. (Slackware 11.0 still uses that, right? ;-) Thanks to arny for pointing this out. patches/packages/qca-tls-1.0-i486-4_slack11.0.tgz: Recompiled for qt-3.3.8. Sorry to have forgotten about the 3.3.6 plugin location... thanks to Peter Valky for the reminder. +--------------------------+ Tue Apr 3 15:01:57 CDT 2007 patches/packages/file-4.20-i486-1_slack11.0.tgz: Upgraded to file-4.20. This fixes a heap overflow that could allow code to be executed as the user running file (note that there are many scenarios where file might be used automatically, such as in virus scanners or spam filters). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 (* Security fix *) patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz: Upgraded to ktorrent-2.1.3. A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may allow remote attackers to overwrite the ktorrent user's files. A bug in chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash ktorrent and cause heap corruption by the use of an invalid idx value. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385 (* Security fix *) patches/packages/qt-3.3.8-i486-1_slack11.0.tgz: Patched an issue where the Qt UTF 8 decoder may in some instances fail to reject overlong sequences, possibly allowing "/../" path injection or XSS errors. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 (* Security fix *) +--------------------------+ Mon Mar 26 20:54:55 CDT 2007 patches/packages/libwpd-0.8.9-i486-1_slack11.0.tgz: Upgraded to libwpd-0.8.9. Various overflows may lead to application crashes upon opening a specially crafted WordPerfect file. This vulnerability could also conceivably be used by an attacker to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002 (* Security fix *) patches/packages/mozilla-firefox-1.5.0.11-i686-1.tgz: Upgraded to mozilla-firefox-1.5.0.11. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) extra/mozilla-firefox-2.0.0.3/mozilla-firefox-2.0.0.3-i686-1.tgz: Upgraded to mozilla-firefox-2.0.0.3. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Sat Mar 24 19:08:07 CDT 2007 patches/packages/bash-3.2.015-i486-1_slack11.0.tgz: Upgraded to bash-3.2 patchlevel 15. This is an optional upgrade issued due to some problem reports concerning the use of the old- style backquotes in scripts. For example `ls -l` might fail where $(ls -l) works (though the real-world examples are more complex than these, of course. I'd say if you're not having problems with bash you're better off leaving it alone, but if you're getting an error like "unexpected EOF looking for matching `", you may wish to give this package a try. Thanks much to John Pate for helping with late-night debugging. +--------------------------+ Sat Mar 17 17:41:43 CDT 2007 Happy St. Patrick's Day! patches/packages/gaim-1.5.0-i486-3_slack11.0.tgz: Recompiled against mozilla-nss. Also recompiled the GAIM beta in the /pub/slackware/unsupported/ directory, if anyone is interested. patches/packages/mozilla-nss-3.9.2-i486-1_slack11.0.tgz: Added mozilla-nss to provide a more stable API/ABI for GAIM. +--------------------------+ Wed Mar 14 19:38:47 CDT 2007 patches/packages/libpng-1.2.16-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.16. This fixes some problems with the new ImageMagick package, such as massive memory usage using "convert". Thanks to Michael Johnson for letting me know about this. +--------------------------+ Tue Mar 13 18:22:59 CDT 2007 patches/packages/php-4.4.6-i486-1_slack11.0.tgz: Upgraded to php-4.4.6. This version of PHP fixes a problem introduced with the last PHP release where certain applications using "register_globals" may crash. +--------------------------+ Wed Mar 7 17:57:50 CST 2007 patches/packages/gnupg-1.4.7-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.7. This fixes a security problem that can occur when GnuPG is used incorrectly. Newer versions attempt to prevent such misuse. For more information, see: http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html (* Security fix *) patches/packages/x11-6.9.0-i486-12_slack11.0.tgz: Patched. This update fixes overflows in the dbe and render extensions. This could possibly be exploited to overwrite parts of memory, possibly allowing malicious code to execute, or (more likely) causing X to crash. For information about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103 (* Security fix *) patches/packages/mozilla-firefox-1.5.0.10-i686-1.tgz: Upgraded to firefox-1.5.0.10. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.10-i686-1.tgz: Upgraded to thunderbird-1.5.0.10. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.0.8-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/imagemagick-6.3.3_0-i486-1_slack11.0.tgz: Upgraded to imagemagick-6.3.3-0. The original fix for PALM image handling has been corrected. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456 (* Security fix *) extra/mozilla-firefox-2.0.0.2-i686-1.tgz: Upgraded to firefox-2.0.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Thu Feb 22 21:13:04 CST 2007 patches/packages/php-4.4.5-i486-1_slack11.0.tgz: Upgraded to php-4.4.5 which improves stability and security. For complete details, see http://www.php.net. For imformation about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 (* Security fix *) extra/php5/php-5.2.1-i486-1_slack11.0.tgz: Upgraded to php-5.2.1 which improves stability and security. For imformation about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 (* Security fix *) patches/packages/amarok-1.4.5-i486-1_slack11.0.tgz: Upgraded to amarok-1.4.5, which fixes the last.fm stream breakage after the last upgrade to xine-lib. patches/packages/libgpod-0.4.2-i486-1_slack11.0.tgz: Upgraded to libgpod-0.4.2. This is needed for the amarok package. patches/packages/libmtp-0.1.3-i486-1_slack11.0.tgz: Upgraded to libmtp-0.1.3. This is needed for the amarok package. +--------------------------+ Sun Feb 18 15:20:36 CST 2007 patches/packages/glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz: Updated with tzdata2007b for impending Daylight Savings Time changes in the US. +--------------------------+ Wed Feb 7 12:29:05 CST 2007 patches/packages/samba-3.0.24-i486-1_slack11.0.tgz: Upgraded to samba-3.0.24. From the WHATSNEW.txt file: "Important issues addressed in 3.0.24 include: o Fixes for the following security advisories: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)" Samba is Slackware is vulnerable to the first issue, which can cause smbd to enter into an infinite loop, disrupting Samba services. Linux is not vulnerable to the second issue, and Slackware does not ship the afsacl.so VFS plugin (but it's something to be aware of if you build Samba with custom options). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454 (* Security fix *) +--------------------------+ Fri Jan 26 22:46:30 CST 2007 patches/packages/bind-9.3.4-i486-1_slack11.0.tgz: Upgraded to bind-9.3.4. This update fixes two denial of service vulnerabilities where an attacker could crash the name server with specially crafted malformed data. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 (* Security fix *) +--------------------------+ Wed Jan 24 14:15:07 CST 2007 patches/packages/fetchmail-6.3.6-i486-1_slack11.0.tgz: Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug introduced in fetchmail-6.3.5 could cause fetchmail to crash. However, no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long standing bug (reported by Isaac Wilcox) could cause fetchmail to send a password in clear text or omit using TLS even when configured otherwise. All fetchmail users are encouraged to consider using getmail, or to upgrade to the new fetchmail packages. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 (* Security fix *) +--------------------------+ Sat Dec 23 16:38:26 CST 2006 extra/mozilla-firefox-2.0.0.1/mozilla-firefox-2.0.0.1-i686-1.tgz: Upgraded to Mozilla Firefox 2.0.0.1. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz: Upgraded to firefox-1.5.0.9. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz: Upgraded to thunderbird-1.5.0.9. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.0.7-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/xine-lib-1.1.3-i686-1_slack11.0.tgz: Upgraded to xine-lib-1.1.3 which fixes possible security problems such as a heap overflow in libmms and a buffer overflow in the Real Media input plugin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200 (* Security fix *) +--------------------------+ Wed Dec 6 15:16:06 CST 2006 patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable bug in earlier versions of gnupg. All gnupg users should update to the new packages as soon as possible. For details, see the information concerning CVE-2006-6235 posted on lists.gnupg.org: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235 This update also addresses a more minor security issue possibly exploitable when GnuPG is used in interactive mode. For more information about that issue, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169 (* Security fix *) +--------------------------+ Fri Dec 1 15:03:20 CST 2006 patches/packages/libpng-1.2.14-i486-1_slack11.0.tgz: Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG file could crash applications that use libpng. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 (* Security fix *) patches/packages/proftpd-1.3.0a-i486-1_slack11.0.tgz: Upgraded to proftpd-1.3.0a plus an additional security patch. Several security issues were found in proftpd that could lead to the execution of arbitrary code by a remote attacker, including one in mod_tls that does not require the attacker to be authenticated first. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171 (* Security fix *) patches/packages/tar-1.16-i486-1_slack11.0.tgz: Upgraded to tar-1.16. This fixes an issue where files may be extracted outside of the current directory, possibly allowing a malicious tar archive, when extracted, to overwrite any of the user's files (in the case of root, any file on the system). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097 (* Security fix *) +--------------------------+ Thu Nov 9 18:04:51 CST 2006 extra/mozilla-firefox-2.0/mozilla-firefox-2.0-i686-1.tgz: Moved from /patches, since it was pointed out that this sets LD_LIBRARY_PATH to use the libraries in /usr/lib/firefox-2.0/ which aren't compatible with the SeaMonkey libraries that are used to compile the gxine plugin, breaking it. I'm currently looking for a workaround for this issue, but meanwhile using firefox-1.5.0.8 with the gxine plugin works just fine. Honestly, I hadn't expected to see another firefox-1.x release once 2.0 came out or I might not have added it to Slackware 11.0 after the release... patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz: Upgraded to firefox-1.5.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz: Upgraded to thunderbird-1.5.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.0.6-i486-1_slack11.0.tgz: Upgraded to seamonkey-1.0.6. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Mon Nov 6 21:29:24 CST 2006 patches/packages/bind-9.3.2_P2-i486-1_slack11.0.tgz: Upgraded to bind-9.3.2-P2. This fixes some security issues related to previous fixes in OpenSSL. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named. In addition, the default RSA exponent was changed from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's default) will need to be regenerated to protect against the forging of RRSIGs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) +--------------------------+ Fri Nov 3 23:17:57 CST 2006 extra/php5/php-5.2.0-i486-1.tgz: Upgraded to php-5.2.0. This release "includes a large number of new features, bug fixes and security enhancements." In particular, when the UTF-8 charset is selected there are buffer overflows in the htmlspecialchars() and htmlentities() that may be exploited to execute arbitrary code. More details about the vulnerability may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 Further details about the release can be found in the release announcement: http://www.php.net/releases/5_2_0.php Some syntax has changed since PHP 5.1.x. An upgrading guide may be found at this location: http://www.php.net/UPDATE_5_2.txt This package was placed in /extra rather than /patches to save people from possible surprises with automated upgrade tools, since users of PHP4 and PHP 5.1.x applications may need to make some code changes before things will work again. (* Security fix *) patches/packages/php-4.4.4-i486-4_slack11.0.tgz: Patched the UTF-8 overflow. More details about the vulnerability may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 (* Security fix *) patches/packages/screen-4.0.3-i486-1_slack11.0.tgz: Upgraded to screen-4.0.3. This addresses an issue with the way screen handles UTF-8 character encoding that could allow screen to be crashed (or possibly code to be executed in the context of the screen user) if a specially crafted sequence of pseudo-UTF-8 characters are displayed withing a screen session. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 (* Security fix *) +--------------------------+ Sat Oct 28 23:52:38 CDT 2006 patches/packages/mozilla-firefox-2.0-i686-1.tgz: Upgraded to Mozilla Firefox 2.0. This is a completely optional enhanced feature package update. Usually I'd reserve this space only for security patches (which this is not), but Firefox 2.0 is just so cool that I couldn't resist upgrading it, especially with Slackware 11.0 so recently released. +--------------------------+ Wed Oct 25 15:45:46 CDT 2006 patches/packages/qca-tls-1.0-i486-3_slack11.0.tgz: Rebuilt to place the plugin in /usr/lib/qt-3.3.7/plugins/crypto/. patches/packages/qt-3.3.7-i486-1_slack11.0.tgz: Upgraded to qt-x11-free-3.3.7. This fixes an issue with Qt's handling of pixmap images that causes Qt linked applications to crash if a specially crafted malicious image is loaded. Inspection of the code in question makes it seem unlikely that this could lead to more serious implications (such as arbitrary code execution), but it is recommended that users upgrade to the new Qt package. For more information, see: http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 (* Security fix *) +--------------------------+ Sun Oct 1 23:50:53 CDT 2006 Slackware 11.0 is released. Thanks to everyone who helped out and made this release possible. If I forgot you in the ChangeLog, mea culpa, but you know who you are, and thanks. :-) Enjoy! -P. +--------------------------+ Sun Oct 1 16:45:45 CDT 2006 l/jre-1_5_0_09-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 9. extra/bittornado/bittornado-0.3.15-noarch-1.tgz: Upgraded to bittornado-0.3.15. extra/jdk-1.5.0_09/jdk-1_5_0_09-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 9. +--------------------------+ Sat Sep 30 22:05:20 CDT 2006 extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-3.tgz: This had been named i486 when it's really an i686 arch package. +--------------------------+ Sat Sep 30 19:35:24 CDT 2006 a/etc-11.0-noarch-2.tgz: Added missing comment marks (#) for distcc ports in /etc/services. Thanks to Michiel Broek. n/popa3d-1.0.2-i486-2.tgz: Do better checking of passwd and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. n/sendmail-8.13.8-i486-4.tgz: Do better checking of passwd and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. n/sendmail-cf-8.13.8-noarch-4.tgz: Rebuilt. extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-3.tgz: Recompiled to add missing SMP/SMT support. Thanks to arny for noticing that I'd started with the wrong .config. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-3.tgz: Rebuilt. extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-3.tgz: Recompiled. +--------------------------+ Sat Sep 30 01:52:09 CDT 2006 testing/packages/fontconfig-2.4.1-i486-1.tgz: Upgraded to fontconfig-2.4.1. Thanks to Frédéric L. W. Meunier for pointing this out. l/shared-mime-info-0.19-i486-1.tgz: Upgraded to shared-mime-info-0.19. +--------------------------+ Fri Sep 29 23:41:35 CDT 2006 l/libgpod-0.4.0-i486-1.tgz: Upgraded to libgpod-0.4.0. Thanks to Shilo Bacca. l/pango-1.12.4-i486-1.tgz: Fixed bogus empty GPOS table warning and other minor bugs. extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-2.tgz: Rebuilt SMP kernels setting -smp in CONFIG_LOCALVERSION, not EXTRAVERSION. Thanks to Tom B. for snapping me out of my old-skool ways. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-2.tgz: Rebuilt. extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-2.tgz: Rebuilt. testing/packages/iptables-1.3.6-i486-1.tgz: This one appeared too late to be considered for mainline (not enough test time), but it _should_ be stable. testing/packages/wpa_supplicant-0.4.9-i486-1.tgz: Added wpa_supplicant-0.4.9. Thanks to Eric Hameleers for a good head-start on this one. +--------------------------+ Fri Sep 29 02:10:15 CDT 2006 a/openssl-solibs-0.9.8d-i486-1.tgz: Upgraded to shared libraries from openssl-0.9.8d. See openssl package update below. (* Security fix *) n/openssh-4.4p1-i486-1.tgz: Upgraded to openssh-4.4p1. This fixes a few security related issues. From the release notes found at http://www.openssh.com/txt/release-4.4: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052 After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set the way you want them. Future upgrades will respect the existing permissions settings. Thanks to Manuel Reimer for pointing out that upgrading openssh would enable a previously disabled sshd daemon. Do better checking of passwd, shadow, and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. (* Security fix *) n/openssl-0.9.8d-i486-1.tgz: Upgraded to openssl-0.9.8d. This fixes a few security related issues: During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7) Thanks to Dr S. N. Henson of Open Network Security and NISCC. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940). Thanks to Dr S. N. Henson of Open Network Security and NISCC. A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. (CVE-2006-3738) Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash (CVE-2006-4343). Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 (* Security fix *) zipslack/zipslack.zip: Rebuilt ZipSlack with new openssl-solibs and openssh packages. +--------------------------+ Thu Sep 28 03:33:49 CDT 2006 ap/vorbis-tools-1.1.1-i486-3.tgz: Fixed UTF8 support. Thanks to Igor Pashev for providing a simple patch from Gene Pavlovsky. kernels/huge26.s/*: Added support for USB and IEEE1394 storage devices. kernels/test26.s/*: Added support for USB and IEEE1394 storage devices. Thanks to Tais M. Hansen for pointing out that these kernels lacked support for USB storage devices. Using these kernels with udev may cause a few warnings at boot time as udev attempts to load the already built-in support, but these seem to be harmless. +--------------------------+ Tue Sep 26 05:57:52 CDT 2006 a/aaa_base-11.0.0-noarch-2.tgz: Updated the "Welcome to Slackware" email. Added /media directory, subdirectories, and symbolic links recommended by the FHS, along with README files to help me understand the difference between this directory and /mnt. ;-) a/etc-11.0-noarch-1.tgz: Fixed a bug in /etc/csh.login that caused repeated use of "csh -l" to duplicate search directories in the $path. Clearly /etc/csh.login should set the path just as /etc/profile does. This bug dates back at at least 1997, maybe earlier, so congratulations to Dimitar Zhekov for winning this release's "smite the oldest bug" award. Added distcc port to /etc/services. Thanks to Erik Jan Tromp and Robby Workman for the continual reminders. ;-) a/pkgtools-11.0.0-i486-4.tgz: Made upgradepkg a little bit more gentle -- if it is run on a corrupted .tgz it will no longer remove the original package. Thanks to Ric Anderson for the report. Added rc.scanluns to the services setup menu. a/sysvinit-2.84-i486-69.tgz: Fixed path to /sbin/initscript shown in init.8 (again). Thanks to Robby Workman. Changed rc.S to run rc.serial according to whether the script is executable. a/util-linux-2.12r-i486-5.tgz: Treat /etc/rc.d/rc.serial (to preserve file permissions), /etc/serial.conf, and /etc/fdprm as '.new' config files. ap/lm_sensors-2.10.0-i486-3.tgz: Fixed hardcoded /usr/local paths in sensors-detect. Thanks to Jakub Jankowski. kde/kdebase-3.5.4-i486-7.tgz: Patched to fix media:/ URLs in Konqueror without requiring HAL. Thanks to everyone involved in reporting this issue and seeing that it was addressed: http://bugs.kde.org/show_bug.cgi?id=132281 A big thanks to coolo (Stephan Kulow) for coming up with a patch. :-) zipslack/zipslack.zip: Added ZipSlack. +--------------------------+ Sat Sep 23 03:45:30 CDT 2006 a/sysvinit-2.84-i486-68.tgz: In rc.M, start rc.hplip if found. Fix the path to /sbin/initscript shown in init.8. Thanks to Robby Workman. xap/sane-1.0.18-i486-3.tgz: Added HPLIP backend (hpaio) to dll.conf. testing/packages/cups-1.2.4/cups-1.2.4-i486-1.tgz: Upgraded to cups-1.2.4. The web site says that more problems were fixed. I would still approach this one cautiously, though I'm sure it (or its descendent) will be used in Slackware 11.1. Unless you have a reason to need this now, I'd wait. testing/packages/hplip-1.6.9-i486-1.tgz: Added hplip-1.6.9, a complete print, scan, and fax system for HP devices. This isn't being merged into the AP series as a replacement for hpijs solely because I'd like to see it get more testing first. It is working perfectly here. Thanks to Robby Workman for doing the vast majority of the work on this package. :-) testing/packages/gutenprint-5.0.0-i486-2.tgz: Don't overwrite GIMP's "print" plugin -- instead install the plugin as "gutenprint". Thanks again to Stefano Vesa. +--------------------------+ Fri Sep 22 01:57:52 CDT 2006 n/portmap-5.0-i486-3.tgz: In rc.rpc, fixed restart function. Thanks to Grant. +--------------------------+ Thu Sep 21 04:05:03 CDT 2006 This is still Slackware 11.0 release candidate 5 (for now), and is still the last release candidate, scout's honor. We are nearly there. :-) a/devs-2.3.1-noarch-25.tgz: Added /dev/i2c-* devices. Thanks to Jean Delvare. Just a reminder on devs, as I've had some email about it. As it stands, devs is required to boot even if the machine runs a 2.6+ kernel and uses udev. a/hotplug-2004_09_23-noarch-11.tgz: Don't allow dhcpcd -k to make noise at shutdown time if dhcpcd is not running (as in cases where it was shut down manually, or the lease time was infinite). a/logrotate-3.7.4-i486-1.tgz: Upgraded to logrotate-3.7.4. After reading the diff -u and doing some test rotations, this seems safe to include for 11.0. Suggested by Mateus César Gröess and Rafal Lorenc. Rotate /var/log/btmp. Thanks to James Michael Fultz. a/pkgtools-11.0.0-i486-3.tgz: Stripped /bin/dialog. Thanks to mRgOBLIN for saving us 18K of hard drive space. :-) In setup.services, rename rc.portmap to rc.rpc. This is no longer started by default. Instead you must turn it on (only if you plan on mounting NFS partitions manually). Otherwise, it will be run regardless of exec perms if NFS shares or mounts are detected at boot time. ap/diffstat-1.43-i486-1.tgz: Added Thomas Dickey's diffstat utility. Suggested by Michael Iatrou. ap/lm_sensors-2.10.0-i486-2.tgz: Edited slack-desc since the package contains only the tools for lm_sensors, not the drivers. In the case of the 2.6+ kernel, these are included with the kernel-modules package. For 2.4, the modules would have to be built by the end user. Also, there is still no startup script included for this package, but that's something that will be looked at for the next development cycle. Removed the mkdev.sh after including the i2c devices in the devs package. Thanks again to Jean Delvare for the advice, and for his work maintaining lm_sensors upstream. :-) n/mailx-12.1-i486-1.tgz: Upgraded to mailx-12.1 from nail-11.25 (renamed). Thanks to Gerardo Exequiel Pozzi for pointing this out. n/nfs-utils-1.0.10-i486-3.tgz: Moved rpc.lockd and rpc.statd to /sbin. Reworked rc.nfsd to make use of the rc.rpc script in "portmap". n/portmap-5.0-i486-2.tgz: Replaced /etc/rc.d/rc.portmap with /etc/rc.d/rc.rpc. This script will start rpc.portmap, rpc.lockd, and rpc.statd. All of these are needed to make proper use of NFS from either the server or client side, so this approach should be more likely to work out of the box. Note that nfs-utils will also be required in order to use rc.rpc or NFS, even as a client. If rc.rpc is needed, another script will run it as long as it is readable. The only reason to make rc.rpc executable would be to run it at boot time when there are no shares in /etc/exports and no mounts in /etc/fstab, but you wish to be able to mount NFS partitions manually. Thanks to Arno G. Schielke and Cesar Suga for suggesting this idea. n/tcpip-0.17-i486-39.tgz: Don't allow dhcpcd -k to make noise at shutdown time if dhcpcd is not running (as in cases where it was shut down manually, or the lease time was infinite). Added support in rc.inet1 and rc.inet1.conf for adjustable DHCP_TIMEOUT. Thanks to Eric Hameleers. x/ttf-indic-fonts-0.4.7.1-noarch-1.tgz: Added TTF fonts for displaying Indic scripts. This package supports Bengali, Devanagari, Gujarati, Kannada, Malayalam, Oriya, Punjabi, Tamil, and Telugu. For information about fully enabling Indic support (including input), see: /usr/doc/Linux-HOWTOs/Indic-Fonts-HOWTO. isolinux/initrd.img: Patched installer's network script to look for network26.dsk if 2.6.17.13 (huge26.s) is used to boot/install. Thanks to Piter Punk for work done (long ago) to fix probing for 2.6 modules. Thanks to Eric Hameleers for helping debug loopback mounts in the installer when using the 2.6.17.13 (huge26.s) kernel. NFS installs with the test26.s kernel are not supported by this system, but should work if you put the module(s) you need on a floppy or otherwise make them available and load them manually. isolinux/network26.dsk: Added network26.dsk for NFS installs with huge26.s. Don't try to put this one on a floppy disk, folks. ;-) kernels/huge26.s/*: Added built-in NLS (CONFIG_NLS_CODEPAGE_437, CONFIG_NLS_ISO8859_1, and CONFIG_NLS_UTF8) to allow FAT filesystems to loopback mount for NFS installs. kernels/test26.s/*: Added 2.6.18 test26.s kernel. rootdisks/install.1: Patched installer's network script. rootdisks/install.2: Rebuilt. rootdisks/install.zip: Patched installer's network script. testing/packages/flex-2.5.33-i486-1.tgz: Added flex-2.5.33. Requested by Alberto Simões. testing/packages/gutenprint-5.0.0-i486-1.tgz: Added gutenprint-5.0.0. This package was formerly known as "gimp-print", and will likely take the place of gimp-print in the AP series after going through testing. Suggested by Stefano Vesa. testing/packages/linux-2.6.18/kernel-generic-2.6.18-i486-1.tgz: Added Linux 2.6.18 generic kernel. testing/packages/linux-2.6.18/kernel-headers-2.6.18-i386-1.tgz: Added Linux 2.6.18 kernel headers. testing/packages/linux-2.6.18/kernel-modules-2.6.18-i486-1.tgz Added Linux 2.6.18 kernel modules. testing/packages/linux-2.6.18/kernel-source-2.6.18-noarch-1.tgz Added Linux 2.6.18 kernel source. +--------------------------+ Tue Sep 19 18:13:09 CDT 2006 l/arts-1.5.4-i486-2.tgz: Patched an annoying bug where audio programs such as ogg123 would not work unless KDE had been run first. I took several stabs with me sword at ripping out kdebase's surprise HAL requirement as well, but the best I could achieve was "Internal Error". Aarrr!! +--------------------------+ Tue Sep 19 14:07:49 CDT 2006 a/gzip-1.3.5-i486-1.tgz: Upgraded to gzip-1.3.5, and fixed a variety of bugs. Some of the bugs have possible security implications if gzip or its tools are fed a carefully constructed malicious archive. Most of these issues were recently discovered by Tavis Ormandy and the Google Security Team. Thanks to them, and also to the ALT and Owl developers for cleaning up the patch. For further details about the issues fixed, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 (* Security fix *) n/procmail-3.22-i486-2.tgz: Added support for large (2GB+) mailboxes. Thanks to Dominik L. Borkowski. isolinux/initrd.img: Patched installer to allow splitting a package series over two or more pieces of optical media. If a package directory contains a file named README_SPLIT.TXT, then it will be continued on the next disc. An example of such a file can be found in /isolinux. Thanks very much to Eric Hameleers for the initial patch and testing! rootdisks/install.1: Rebuilt. rootdisks/install.2: Patched to allow a split package series. rootdisks/install.zip: Patched to allow a split package series. +--------------------------+ Mon Sep 18 15:18:07 CDT 2006 l/neon-0.25.5-i486-2.tgz: Enabled missing SSL support. Thanks much to Mircea Baciu! +--------------------------+ Mon Sep 18 05:33:24 CDT 2006 Slackware 11.0 release candidate 5. This is the last one, scout's honor. a/aaa_elflibs-11.0.0-i486-9.tgz: Stripped /lib/libbz2.so.1.0.3, added /lib/libdm.so.0.0.4. a/bzip2-1.0.3-i486-3.tgz: Stripped /lib/libbz2.so.1.0.3. ap/espgs-8.15.3svn185-i486-1.tgz: Upgraded to espgs-8.15.3svn185. OK, I don't like using repo versions at all, much less inserting them at the last second. But, it seems like par for the course for ghostscript and its offshoots where there wasn't much choice about shipping 8.15rc4 in Slackware 10.2. In this case, building from svn fixes two critical problems: missing support for CJK, and not correctly printing Umlauts with certain fonts. Thanks to Shin-ichi Abe and Matthias Bachert. If this version of espgs creates new problems that are worse than these, please let me know as soon as possible. It's tested here and seems stable. ap/vim-7.0.109-i486-1.tgz: Upgraded to vim-7.0.109. d/subversion-1.4.0-i486-1.tgz: After a couple convincing assurances that this was a safe and ABI/API compatible upgrade, I decided to allow this upgrade. Thanks to Malcolm Rowe and Janusz Dziemidowicz. l/desktop-file-utils-0.11-i486-1.tgz: Added desktop-file-utils-0.11. The next XFce will need this freedesktop.org package. Thanks to Robby Workman for the information. l/libexif-0.6.13-i486-2.tgz: Fixed libexif.pc includedir. Thanks to Charles Shannon Hendrix for pointing this out. l/libtheora-1.0alpha7-i486-1.tgz: Added libtheora-1.0alpha7. This links with (as far as I know) optional plugins only and is a safe last-second addition. Furthermore, the Theora team has promised that files encoded with this version of the codec will always be playable. The format is stable and ready for production use, so keeping it out of 11.0 due to the "alpha" would be plain silly. Suggested by Edo Hikmahtiar, and Diogo R. l/libungif-4.1.4-i486-3.tgz: Added the utilities in /usr/bin, some of which are used to detect that annoying image spam that's on the rise... Thanks to Joran Kvalvaag. l/neon-0.25.5-i486-1.tgz: Added neon package, split from subversion-deps-1.4.0. x/dejavu-ttf-2.10-noarch-1.tgz: Upgraded to dejavu-ttf-2.10. xap/vim-gvim-7.0.109-i486-1.tgz: Upgraded to vim-7.0.109. Once again, this is just an add-on for the VIM package in ap. :-) xap/xine-lib-1.1.2-i686-2.tgz: Recompiled against libtheora to include the Theora codec plugin. Theora testsuite passed. xap/xine-ui-0.99.4-i686-3.tgz: Patched an issue where xine-ui could block input to Konsole. Thanks to Nuts Mueller. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz: Fixed slack-desc typo. No actual rebuild, so no -$BUILD bump. Thanks to David Somero. isolinux/initrd.img: Fixed swap setup in the "Cancel" or unselecting all swap partitions case. Thanks to Marcus Moeller. rootdisks/install.1: Rebuilt. rootdisks/install.2: Fixed swap setup. rootdisks/install.zip: Fixed swap setup. +--------------------------+ Sat Sep 16 23:08:49 CDT 2006 l/libgpod-0.3.2-i486-2.tgz: Added --enable-eject-command and --enable-unmount-command. Thanks to Kody K. kde/amarok-1.4.3-i486-4.tgz: Recompiled with a patch to fix non-latin1 playlist corruption by forcing UTF8. Thanks to guilherme and the kind folks on #amarok. Added explicit --emable-libgpod. Thanks to Kody K. kde/kdeutils-3.5.4-i486-2.tgz: Fixed ark crash due to race condition on SMP machines. Thanks to JaguarWan. n/rdesktop-1.5.0-i486-1.tgz: Upgraded to rdesktop-1.5.0. Thanks to Andrew Fuller for pointing it out. x/x11-6.9.0-i486-11.tgz: Fixed an overflow in CID encoded Type1 font parsing. For further reference, see: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740 (* Security fix *) Also, fixed French Canadian keymap variant. Thanks to Patrice Tremblay. x/x11-devel-6.9.0-i486-11.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-11.tgz: Recompiled. x/x11-xnest-6.9.0-i486-11.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-11.tgz: Recompiled. extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-1.tgz: This is an optional kernel with support for SMP (up to 16), dual core optimizations, and SMT (Hyperthreading). Fully tuned and ready to go. extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz Optional kernel headers. There will only be needed to compile a few things, such as apps and libraries that use ALSA (it contains the /usr/include/sound directory that for 2.4.x kernels is supplied in the alsa-driver package). extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-1.tgz: Kernel modules for Linux 2.6.17.13-smp, including ALSA modules. These install into /lib/modules/2.6.17.13-smp/. +--------------------------+ Thu Sep 14 19:41:22 CDT 2006 d/git-1.4.2.1-i486-1.tgz: Upgraded to git-1.4.2.1. xap/mozilla-firefox-1.5.0.7-i686-1.tgz: Upgraded to firefox-1.5.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) xap/mozilla-thunderbird-1.5.0.7-i686-1.tgz: Upgraded to thunderbird-1.5.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) xap/seamonkey-1.0.5-i486-1.tgz: Upgraded to seamonkey-1.0.5. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Thu Sep 14 03:57:37 CDT 2006 a/glibc-solibs-2.3.6-i486-6.tgz: Recompiled. a/glibc-zoneinfo-2.3.6-noarch-6.tgz: Upgraded to tzcode2006k and tzdata2006k. Added "ldconfig -r ." to install script. Thanks to Stuart Winter. a/openssl-solibs-0.9.8b-i486-2.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. The patch is used instead of an upgrade to openssl-0.9.8c as it was issued later with a corrected fix. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) a/udev-097-i486-10.tgz: If there's no udevd daemon, don't allow rc.udev to try to start. Thanks to Eugene Crosser. d/pkgconfig-0.21-i486-3.tgz: Added {curly brackets} around PKG_CONFIG_PATH in /etc/profile.d/pkgconfig.*. Thanks to Rémy Pagniez. l/glibc-2.3.6-i486-6.tgz: Recompiled against 2.4.33.3 and 2.6.17.13 headers. (these kernel versions are now "golden" for release) l/glibc-i18n-2.3.6-noarch-6.tgz: Recompiled. l/glibc-profile-2.3.6-i486-6.tgz: Recompiled. n/openssl-0.9.8b-i486-2.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. The patch is used instead of an upgrade to openssl-0.9.8c as it was issued later with a corrected fix. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) kernels/huge26.s/*: Added NFSv3 support. +--------------------------+ Tue Sep 12 06:29:32 CDT 2006 a/sysvinit-2.84-i486-67.tgz: Sleep 3 seconds before mounting non-root partitions. This was a sleep that I'd removed earlier in the devel cycle to see what it would break (if anything), and the answer is some external hard drives that take a couple seconds to hotplug. Thanks to Fabio Busatto. In rc.M, restart udevd when returning from single user mode. Thanks to James Michael Fultz. Patched initscript.5 man page to show proper /sbin/initscript path. Thanks to Robby Workman. Found another assumption that the kernel has hotplug support in the rc.udev stop function. Thanks again to Gary Hawco for the original bug report. a/udev-097-i486-9.tgz: Uncommented dmsetup rule for LVM2 -- it doesn't seem to hurt anything. Thanks to Dex Filmore. ap/diffutils-2.8.1-i486-3.tgz: Fixed sdiff.1 man page. Thanks to James Michael Fultz. kde/amarok-1.4.3-i486-3.tgz: Recompiled against new libmtp. l/libmtp-0.0.18-i486-1.tgz: Upgraded to libmtp-0.0.18. l/libwpd-0.8.6-i486-1.tgz: Upgraded to libwpd-0.8.6. Thanks to Eugene C. for the CXXFLAGS advice. n/imapd-4.64-i486-3.tgz: Added missing md5.txt mentioned in the imapd man page, plus a note about additional (large) documentation in the sources. The docs directory was also moved to /usr/doc/imapd4.64. Thanks to Mark Flacy for reminding me about this one. n/rdesktop-1.4.1-i486-1.tgz: Added rdesktop-1.4.1. Yes, we're in release candidates, but if this doesn't work at least it is small. :-) I've had many, many requests, and it is needed by krdc, so that's my rationale. Oh -- and thanks to everyone for positive feedback on libgpod. I also fixed the typo in my request for feedback below. I hope that doesn't break too many ChangeLog parsing scripts... n/stunnel-4.17-i486-1.tgz: Upgraded to stunnel-4.17. Thanks to Cal Peake for the notice. +--------------------------+ Mon Sep 11 02:10:19 CDT 2006 a/module-init-tools-3.2.2-i486-2.tgz: In /etc/modprobe.d/, if there's no /etc/modprobe.d/modprobe.conf file, try to make a link to ../modprobe.conf. This will retain legacy support for existing /etc/modprobe.conf files. Thanks very much to Ivan Kalvatchev for persisting with this bug report until I finally saw the light of day. :-) l/libmtp-0.0.16-i486-2.tgz: Fixed hotplug and udev support. Thanks to Carlos Corbacho for the help on this -- I knew it wasn't working yet and was hoping someone would step up. Wow, that was fast! l/libnjb-2.2.5-i486-2.tgz: Fixed hotplug and udev support. Again, thanks to Carlos Corbacho. Now my NJB3 works. :-) Anyone have any yea/nay feedback on libgpod and amaroK? +--------------------------+ Sat Sep 9 14:56:38 CDT 2006 kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.17.13. extra/linux-2.6.17.13/kernel-generic-2.6.17.13-i486-1.tgz: Upgraded to Linux 2.6.17.13 generic kernel. extra/linux-2.6.17.13/kernel-headers-2.6.17.13-i386-1.tgz: Upgraded to Linux 2.6.17.13 kernel headers. extra/linux-2.6.17.13/kernel-modules-2.6.17.13-i486-1.tgz Upgraded to Linux 2.6.17.13 kernel modules. extra/linux-2.6.17.13/kernel-source-2.6.17.13-noarch-1.tgz Upgraded to Linux 2.6.17.13 kernel source. [ Andrea was asleep when I noticed these, and I didn't want to find out what happens when one wakes one's sleeping wife and asks her to start building kernels, so... ] +--------------------------+ Sat Sep 9 01:18:53 CDT 2006 d/ruby-1.8.4-i486-2.tgz: As it would so happen, ruby-1.8.5 fixes a security problem, but also breaks a considerable number of things, including Ruby on Rails (RoR being one of the biggest appeals of Ruby), and other applications that make interesting use of it. So, for now anyway -- back to 1.8.4. kde/amarok-1.4.3-i486-2.tgz: This was the only thing that touched the tainted Ruby. ;-) Seriously, this will all get straightened out, but we have a release to do. Should we wait for everyone to adopt the new Ruby API/ABI? Or must it be: "works" / "secure" -- pick one? :-) It's always best to use the right tool for the job or you can get hurt. Remember shop class? kde/kdesdk-3.5.4-i486-2.tgz: Recompiled with configure flags that allow the apr libraries to be found. Thanks to Giacomo Lozito. y/bsd-games-2.13-i486-8.tgz: "pom" now supports a reasonable number of digits with a command line option, as noted in the man page. Default behavior has not been changed (it is still a rounded integer percentage). My own patch didn't live long enough to see birth in a stable release, but who cares. :-) Thanks to Eric Hameleers (who loves a good time-waster) for the better patch. I knew he wouldn't be able to resist this one. ;-> bootdisks/raid.s: Reverted to the old megaraid driver since regaraid2 is already in the scsi2.s bootdisk. kernels/huge26.s/*: Fixed USB keyboard support in the installer (at least tested on CD/DVD media). Thanks to Bruce Hill, Jr. for pointing out that this was no longer working. Please note that if you install with this you still need kernel-modules from /extra, and that there's no alsa-driver for this kernel because it's all built into kernel-modules and kernel-headers (well, and the kernel :-). ALSA 1.0.11/12 specifically DO NOT support these newer kernels. Check out the SUPPORTED_KERNELS file in the alsa-driver source. Feel free to play with various combinations (many DO work, but without any noticable improvement to me). I try very hard to not break your sound system, but I'm already bending the rules with alsa-driver-1.0.11_2.4.33.3... Also, if you find bugs in stuff I don't ship, contact the appropriate maintainer too, please. I am not the hg repository for everything I ship. (I know, I do look remarkably similar ;-) "Is this the spacecraft assembly building?" kernels/raid.s/*: Moved from the megaraid2 driver to the old megaraid driver, after it was pointed out that megaraid2 is already in scsi2.s. +--------------------------+ Thu Sep 7 22:59:40 CDT 2006 d/ruby-1.8.5-i486-1.tgz: Upgraded to ruby-1.8.5. Honestly, I'm not sure these next three will help at the moment, but we're laying some groundwork for later when HAL will take over (and sing "Daisy"). l/libgpod-0.3.2-i486-1.tgz: Added libgpod-0.3.2. l/libmtp-0.0.16-i486-1.tgz: Added libmtp-0.0.16. l/libnjb-2.2.5-i486-1.tgz: Added libnjb-2.2.5. kde/amarok-1.4.3-i486-1.tgz: Upgraded to amarok-1.4.3. Added plugins linked with libgpod, libmtp, and libnjb. Working status (even with a bit of DYI) is not known (yet). It might require HAL to make it do anything at all. n/bind-9.3.2_P1-i486-1.tgz: Upgraded to bind-9.3.2-P1. This update addresses a denial of service vulnerability. BIND's CHANGES file says this: 2066. [security] Handle SIG queries gracefully. [RT #16300] The best discussion I've found is in FreeBSD's advisory, so here's a link: http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc Also, fixed some missing man pages. (noticed by Xavier Thomassin -- thanks) (* Security fix *) y/bsd-games-2.13-i486-7.tgz: Snipped part of a crufty old patch that wouldn't apply. Added an (unapplied) patch to make pom give you two more digits of accuracy. I didn't apply it since it wasn't quite done; it should have the traditional default (no decimal places) that everyone is used to, and an arbitrary accuracy selectable with a command line switch. Perhaps it should be rewritten to use gmp. Oh, and the man page will then need fixing. Eric? ;-) +--------------------------+ Sun Sep 3 19:59:47 CDT 2006 a/udev-097-i486-8.tgz: Fixed a missing '[' in rc.udev. Thanks to guilherme for pointing out the error, and to J., who found the missing '['. (It had fallen off my desk and ended up under a table) kernels/System.map: Forgot to gzip a bunch of these. Thanks, Steve'o. +--------------------------+ Sun Sep 3 01:46:42 CDT 2006 I wasn't planning a Slackware 11.0 release candidate 4, but here we go. a/kernel-ide-2.4.33.3-i486-1.tgz: Upgraded to Linux 2.4.33.3 sata.i kernel. a/kernel-modules-2.4.33.3-i486-1.tgz Upgraded to Linux 2.4.33.3 kernel modules. a/udev-097-i486-7.tgz: Make sure /proc/sys/kernel/hotplug exists before writing to it. Thanks to Gary Hawco for the bug report. Change log level from "crit" or "err" since udev doesn't support "crit". Silly me, I saw some mention of syslog levels in the docs and assumed it supported all of them. At least in unrecognized cases the default is "err" anyway, so this bug didn't cause ill effects. Accuracy in documentation is, nevertheless, always a good thing to strive for. (I'm referring here to my own inaccurate additions to udev.conf...) Thanks to Chris Vowden for pointing this out. Don't fail to mount tmpfs on /dev because some other tmpfs mount exists. Thanks to Ken Milmore for the patch. Forget standards -- if k3b wants "/dev/writer" then that is good enough justification for me. Try to make a link to the most full-featured burner. Thanks to my good friend Dex Filmore. Relaxed the perms on input events from 600 to 640 so that members of group root can also read events. Mode 644 was suggested, but wouldn't that let anyone on the box set up e.g. a keyboard logger? It didn't seem secure to me, and 640 looks like a decent compromise. Thanks to Jon Anders Skorpen. ap/mysql-5.0.24a-i486-1.tgz: Upgraded to mysql-5.0.24a. Evidently the ABI change in MySQL 5.0.24 was unintentional, so all the packages that were recompiled before need another recompile. Oh well, maybe this little exercise has fixed something else we didn't know about. :-) d/kernel-headers-2.4.33.3-i386-1.tgz: Upgraded to Linux 2.4.33.3 kernel headers. d/perl-5.8.8-i486-3.tgz: Recompiled against libmysqlclient. k/kernel-source-2.4.33.3-noarch-1.tgz Upgraded to Linux 2.4.33.3 kernel source. kde/koffice-1.5.2-i486-4.tgz: Recompiled against libmysqlclient. kde/qt-3.3.6-i486-4.tgz: Recompiled against libmysqlclient. l/alsa-driver-1.0.11_2.4.33.3-i486-1.tgz: Recompiled for Linux 2.4.33.3. By the way, I did try ALSA 1.0.12 and noticed that emu10k1 wasn't compiling for Linux 2.4.33.3. I think we are probably safer sticking with the well tested ALSA 1.0.11 for the release. n/bitchx-1.1-i486-5.tgz: Recompiled against libmysqlclient. n/dhcp-3.0.4-i486-2.tgz: Fixed incorrect man page permissions. Thanks to Jerome Pinot. n/iptables-1.3.5-i486-2.tgz: Updated a rather ancient description file. Thanks to Sean Donner for noticing that. I hope the many folks still running Linux 2.2.x were adequately warned. n/php-4.4.4-i486-3.tgz: Recompiled against libmysqlclient. n/samba-3.0.23c-i486-1.tgz: Upgraded to samba-3.0.23c. n/sendmail-8.13.8-i486-3.tgz: Recompiled with official patch. "(2006-08-30) If sendmail is used with -bs and a mail filter (milter) is configured, an assertion can be triggered. This patch fixes the bug." Thanks much to Jakub Jankowski for the heads up. n/sendmail-cf-8.13.8-noarch-3.tgz extra/ktorrent/ktorrent-2.0.2-i486-1.tgz: Added ktorrent-2.0.2. Thanks to Erik Jan Tromp for showing me this one. I've always used the command line BT clients (usually in "screen"), but this is nice, doesn't require mainline BitTorrent or any non-KDE dependencies, and will work great for downloading (and seeding) Slackware ISO images. :-) extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.3-i486-1.tgz: Recompiled for Linux 2.4.33.3. extra/php5/php-5.1.6-i486-2.tgz: Recompiled against libmysqlclient. bootdisks/*: Upgraded to Linux 2.4.33.3 kernels. kernels/*: Upgraded to Linux 2.4.33.3 kernels, except the huge.s kernel. In raid.s, switch from the megaraid to megaraid2 driver. This should support everything the old driver did and then some. If there are problems, let me know ASAP. Thanks to Michael Johnson. isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. Eric Hameleers and I did a bit more work on the NFS installer (in the install.* rootdisks below, too). Now installing via NFS will attempt to mount the root of the Slackware tree first, rather than only the /slackware directory within. This (if successful), allows choosing a kernel to install later on, just like installing from CD, DVD, or hard drive. If it doesn't work (perhaps only /slackware is exported) then the installer will fall back on the traditional behavior. Thanks to everyone who suggested this idea from time to time, and thanks to Eric for finally making it happen. isolinux/network.dsk: Upgraded network modules to Linux 2.4.33.3. isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.3. rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3. rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33.3. rootdisks/pcmcia.dsk: Upgraded pcmcia network modules to Linux 2.4.33.3. I can be off topic here, right? BIG congratulations to my little sister Jennifer on the birth of her daughter Abigail Jane. Mazel Tov! :-) +--------------------------+ Tue Aug 29 06:24:26 CDT 2006 a/util-linux-2.12r-i486-4.tgz: Fixed incorrect permissions on /var/lock. Thanks to Steven Robson. f/linux-howtos-20060829-noarch-1.tgz: Updated the HOWTOs again. I guess back in February this must have been looking ready to release. ;-) Thanks to Szymczak Artur for noticing the HOWTOs were stale. x/x11-6.9.0-i486-10.tgz: Reverted the ATI hang patch after problem reports. If you were helped by the patch it'll be held in /extra for the release so that hopefully everyone can enjoy a working ATI card. :-) Thanks again to Mark Canter, as this is a real problem but the patch does seem to introduce some new issues of its own. It's good to have an alternate driver just in case, though. x/x11-devel-6.9.0-i486-10.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-10.tgz: Recompiled. x/x11-xnest-6.9.0-i486-10.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-10.tgz: Recompiled. extra/slackpkg/slackpkg-2.09-noarch-1.tgz: Upgraded to slackpkg-2.09-noarch-1. Thanks to Piter Punk. extra/x11-radeon-patched/x11-radeon-patched-6.9.0-i486-1.tgz: Here's the patched radeon module from the -9 X.Org Slackware packages. There's a README file included with it explaining what it is for with references to a discussion of the issue. isolinux/initrd.img: Fixed an installer bug where setup would ask which swap partitions you'd like to use and then conveniently set them all up for you if you selected at least one. Thanks to DEF. rootdisks/install.1: Fixed a bug where libraries that were moved to install.2 to make space on install.1 were needed by /bin/mount. Thanks to David Bray. rootdisks/install.2: Moved a couple of libraries to install.1. Fixed installer swap bug. rootdisks/install.zip: Fixed installer swap bug. +--------------------------+ Sun Aug 27 05:36:53 CDT 2006 ap/vim-7.0.066-i486-2.tgz: Use the default vanilla system vimrc as distributed with the vim sources. Thanks to J for mentioning that using vim with 'crontab -e' was working fine without any additions to the vimrc. d/m4-1.4.6-i486-1.tgz: Upgraded to m4-1.4.6. l/libpng-1.2.12-i486-2.tgz: Recompiled so that libpng.so.* links to libz and libm. This has been a point of contention for a long time with the PNG folks maintaining that you shouldn't have to link libpng this way. Well, just about everyone else builds libpng to link with -lz and -lm automatically, but I've held my ground along with the PNG team (usually I will defer to upstream and will send people there with these kinds of requests). Today Janusz Dziemidowicz pointed out that if you build libpng with ./configure that now it *is* linking to these. Good enough reason to end this problem right now. Thanks Janusz, for pointing out that discrepancy and sending in a patch. :-) n/irssi-0.8.10a-i486-4.tgz: Removed duplicates and unformatted files from docs/help directory. Thanks to James Michael Fultz. x/dejavu-ttf/dejavu-ttf-2.9-noarch-1.tgz: Upgraded to dejavu-ttf-2.9. Moved from /extra into the X series. Thanks to the DejaVu team (http://dejavu.sf.net) for the superb work. x/fontconfig-2.2.3-i486-2.tgz: Patched /etc/fonts.conf to favor the DejaVu fonts over the Vera ones if they are present on the machine. US English users should notice only minor (if any) differences with this patch, but other users could see their language displayed properly out-of-the box for the first time. :-) x/x11-6.9.0-i486-9.tgz: Patched a PCF font parsing bug that could crash X. Fixed the Greek keyboard layout. Thanks to Thanos Kyritsis. Fixed ATI lockup bugs. Thanks to Mark Canter. x/x11-devel-6.9.0-i486-9.tgz: Recompiled. x/x11-xdmx-6.9.0-i486-9.tgz: Recompiled. x/x11-xnest-6.9.0-i486-9.tgz: Recompiled. x/x11-xvfb-6.9.0-i486-9.tgz: Recompiled. xap/seamonkey-1.0.4-i486-3.tgz: Fixed world-writable docs. Thanks to Piter Punk for pointing those out. xap/vim-gvim-7.0.066-i486-2.tgz: Recompiled. extra/lvm2/device-mapper-1.02.09-i486-1.tgz: Upgraded to device-mapper-1.02.09, moved out of /testing. extra/lvm2/lvm2-2.02.09-i486-1.tgz: Upgraded to LVM-2.02.09, moved out of /testing. extra/php5/php-5.1.6-i486-1.tgz: Upgraded to php-5.1.6, moved out of /testing. +--------------------------+ Fri Aug 25 04:35:22 CDT 2006 Here is Slackware 11.0 release candidate 3. I think most of the irresistible upgrades are in here now, and the bug reports have been mostly handled. There may still be a few changes, and possibly another release candidate, but this is pretty close to final with the exception of updating documentation and building ZipSlack. Thanks very much to everyone who is helping to test these release candidates -- I think this is going to be a very up to date and stable release. :-) a/glibc-solibs-2.3.6-i486-5.tgz: Patched an issue with kernel version parsing in ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version parts (such as 2.4.33.2) as if they supported NPTL, leading to a crash at boot. a/glibc-zoneinfo-2.3.6-noarch-5.tgz: Updated timezone information from tzdata2006j. a/kernel-ide-2.4.33.2-i486-1.tgz: Upgraded to 2.4.33.2 sata.i kernel. Enabled support for OOM killer and HIGHMEM4G. a/kernel-modules-2.4.33.2-i486-1.tgz: Upgraded to Linux 2.4.33.2 modules. a/udev-097-i486-6.tgz: Restore ttyUSB access to members of the tty group. Thanks to Eugene Crosser. In rc.udev, ignore lines that start with '#'. Thanks to Ian Bates. Removed hostap and hostap_cs dupes from blacklist. Thanks to giovanni quadriglio. Patched rc.optical-symlinks to avoid error messages with real SCSI devices and the SCSI generic driver. Thanks to Lorenzo Buzzi. ap/lm_sensors-2.10.0-i486-1.tgz: Added lm_sensors-2.10.0, which contains the libsensors library that KDE can use for hardware status monitoring. ap/vim-7.0.066-i486-1.tgz: Upgraded to vim 7.0.066. Added reasonable default vimrc if none exists. Thanks to Eric Hameleers. xap/vim-gvim-7.0.066-i486-1.tgz: Upgraded to gvim 7.0.066 (requires vim). d/kernel-headers-2.4.33.2-i386-1.tgz: Upgraded to Linux 2.4.33.2 headers. d/perl-5.8.8-i486-2.tgz: Upgraded to DBD-mysql-3.0006 and DBI-1.52. Eugene Crosser reported that DBD compiled against an older version of libmysqlclient no longer worked without a recompile. Just to be on the safe side, everything linked with libmysqlclient is getting recompiled. d/pkgconfig-0.21-i486-2.tgz: Export PKG_CONFIG_PATH. k/kernel-source-2.4.33.2-noarch-1.tgz: Upgraded to Linux 2.4.33.2 source. Enabled support for OOM killer and HIGHMEM4G in default .config. kde/amarok-1.4.2-i486-1.tgz: Upgraded to amarok-1.4.2. kde/kdebase-3.5.4-i486-6.tgz: Recompiled to use libsensors with ksysguardd. Fixed location of kdeglobals, removed font defaults but kept the anti-aliasing fixes. kde/koffice-1.5.2-i486-3.tgz: Recompiled against libmysqlclient and libruby. kde/qt-3.3.6-i486-3.tgz: Recompiled against libmysqlclient, added symlink in /usr/lib/pkgconfig to qt-mt.pc. l/alsa-driver-1.0.11_2.4.33.2-i486-1.tgz: Recompiled for Linux 2.4.33.2. l/glibc-2.3.6-i486-5.tgz: Patched an issue with kernel version parsing in ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version parts (such as 2.4.33.2) as if they supported NPTL, leading to a crash at boot. Added sa_IN and ru_RU.CP1251 locale support. Updated timezone information from tzdata2006j. Updated timezone utilities from tzcode2006j. l/glibc-i18n-2.3.6-noarch-5.tgz: Rebuilt. Added sa_IN and ru_RU.CP1251 locale support. l/glibc-profile-2.3.6-i486-5.tgz: Recompiled. l/libmusicbrainz-2.1.4-i486-1.tgz: Upgraded to libmusicbrainz-2.1.4. l/libvisual-0.4.0-i486-1.tgz: Added libvisual-0.4.0. Just the library for now (no plugins), but this should make it much easier to compile and use audio visualization plugins without having to recompile amaroK. n/bitchx-1.1-i486-4.tgz: Recompiled against libmysqlclient. n/openldap-client-2.3.27-i486-1.tgz: Upgraded to openldap-client-2.3.27. n/php-4.4.4-i486-2.tgz: Recompiled against libmysqlclient. t/tetex-3.0-i486-4.tgz: Recompiled against new LessTif to stop warnings from xdvi. t/tetex-doc-3.0-i486-4.tgz: Rebuilt. Moved info pages to /usr/info. Thanks to Kris Karas for pointing out the misplaced info pages. xap/gimp-2.2.13-i486-1.tgz: Upgraded to gimp-2.2.13. extra/3dfx-glide/*: Removed, as it most likely doesn't work. extra/k3b/k3b-0.12.17-i486-1.tgz: Upgraded to k3b-0.12.17. extra/k3b/k3b-i18n-0.12.17-noarch-1.tgz: Upgraded to k3b-i18n-0.12.17. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.2-i486-1.tgz: Recompiled for Linux 2.4.33.2. extra/slackpkg/slackpkg-2.08-noarch-3.tgz: Upgraded to slackpkg-2.08-noarch-3. Thanks to Piter Punk. bootdisks/*: Upgraded to Linux 2.4.33.2 kernels. isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. isolinux/network.dsk: Upgraded network modules to Linux 2.4.33.2. isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.2. rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2. rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33.2. rootdisks/pcmcia.dsk: Upgraded pcmcia network modules to Linux 2.4.33.2. kernels/*: Upgraded to Linux 2.4.33.2 kernels, except the huge.s kernel. After much thought and consultation with developers, it has been decided to move 2.6.17.x out of /testing and into /extra. It runs stable by all reports, has better wireless support, and is not going to be stale as soon. In addition, HIGHMEM4G has been enabled. This caused no problems with my old 486 with 24MB (the one I use for compiling KDE ;-), and Tomas Matejicek has enabled this in SLAX for a long time with no reports of problems, so I believe it is a safe option (and is needed by many modern machines). Thanks again to Andrea for building these kernels and packages. :-) kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.17.11. extra/linux-2.6.17.11/kernel-generic-2.6.17.11-i486-1.tgz: Upgraded to Linux 2.6.17.11 generic kernel. extra/linux-2.6.17.11/kernel-headers-2.6.17.11-i386-1.tgz: Upgraded to Linux 2.6.17.11 kernel headers. extra/linux-2.6.17.11/kernel-modules-2.6.17.11-i486-1.tgz Upgraded to Linux 2.6.17.11 kernel modules. Load PC speaker support in rc.modules. Thanks to NetrixTardis. extra/linux-2.6.17.11/kernel-source-2.6.17.11-noarch-1.tgz Upgraded to Linux 2.6.17.11 kernel source. testing/packages/cairo-1.2.4-i486-1.tgz: Added cairo-1.2.4. testing/packages/fontconfig-2.3.95-i486-1.tgz: Added fontconfig-2.3.95. testing/packages/php-5.1.5/php-5.1.5-i486-2.tgz: Recompiled against libmysqlclient. +--------------------------+ Tue Aug 22 15:10:35 CDT 2006 a/shadow-4.0.3-i486-13.tgz: Fixed deprecated root:bin ownerships. Thanks to Stuart Winter. a/util-linux-2.12r-i486-3.tgz: Fixed file permissions and ownerships in /usr/doc. Thanks to Stuart Winter. +--------------------------+ Mon Aug 21 14:54:08 CDT 2006 a/udev-097-i486-5.tgz: Fixed check in rc.udev for 2.6.15+ kernel. Thanks to Richard Fuller for the fix. +--------------------------+ Sun Aug 20 23:45:58 CDT 2006 a/gpm-1.20.1-i486-2.tgz: Patched to send all non-critical error messages to the system logs rather than to the console. a/pkgtools-11.0.0-i486-2.tgz: Merged in some more xorgsetup patches from Irfan Acar, Daniil Bratashov, and Piter Punk. a/shadow-4.0.3-i486-12.tgz: Patched for gcc-3.4.x. Thanks to Dominik L. Borkowski for the patch. Removed spurious id.1.gz manpage. Thanks to Cal Peake. Removed obsolete options from the passwd program. a/sysvinit-2.84-i486-66.tgz: In rc.M, fixed the nohotplug cmdline option. Thanks to Eric Hameleers. Sleep for a couple seconds after shutting down dhcpcd in rc.6 to allow time for various files in /etc to restore themselves. Thanks to Cal Peake. Don't try to mount usbfs if it's in /proc/mounts already. a/tar-1.15.1-i486-2.tgz: Patched to be less strict about the option order. Thanks to Jonathan A. Irwin for sending me a patch from Sergey Poznyakoff. a/udev-097-i486-4.tgz: Changed default udev log level from err to crit. Refuse to run udev unless the kernel is 2.6.15+. Thanks to Sean Donner. a/util-linux-2.12r-i486-2.tgz: Added schedutils-1.5.0 which is apparently due to be merged into util-linux upstream sometime soon anyway. Thanks to Jonathan Woithe for the suggestion. ap/diffutils-2.8.1-i486-2.tgz: Patched a bug in sdiff. Thanks to James Michael Fultz for the patch and improved build script. ap/vim-7.0.063-i486-1.tgz: Upgraded to vim 7.0.063. Removed unpopular libruby dependency. :-) e/emacs-21.4a-i486-3.tgz: Avoid a package file overlap between Emacs ctags and Exuberant Ctags. Thanks to Michal Kowalski for pointing it out. kde/kdebase-3.5.4-i486-5.tgz: Added /opt/kde/share/kdeglobals to set the Vera fonts with anti-aliasing enabled as the defaults. xap/seamonkey-1.0.4-i486-2.tgz: Added /usr/lib/seamonkey -> /usr/lib/seamonkey-1.0.4 symlink. Thanks to Tsomi. xap/vim-gvim-7.0.063-i486-1.tgz: Upgraded to vim 7.0.063. Removed unpopular libruby dependency. :-) extra/checkinstall/checkinstall-1.6.0-i486-2.tgz: Fixed 640 perms on FAQ. Thanks to Michael Iatrou. rootdisks/pcmcia.dsk,isolinux/pcmcia.dsk: Added ide-cs module. Requested by Zack Smith. +--------------------------+ Sat Aug 19 23:58:27 CDT 2006 This is mostly frozen now unless bugs (or irresistible upgrades) come up, so I'll call this update Slackware 11.0 release candidate 2. :-) a/kernel-ide-2.4.33-i486-2.tgz: Switched to the sata.i kernel which supports both parallel and serial ATA. a/kernel-modules-2.4.33-i486-2.tgz: Recompiled. Upgraded to Linux 2.4.33 kernel modules. d/pkgconfig-0.21-i486-1.tgz: Upgraded to pkg-config-0.21. Set the PKG_CONFIG_PATH to search in /usr/local/lib/pkgconfig and /opt/kde/lib/pkgconfig, too. Thanks, Seb! d/kernel-headers-2.4.33-i386-2.tgz: Rebuilt. k/kernel-source-2.4.33-noarch-2.tgz: Updated the default .config to include SATA support. Oh, and yes I did see 2.4.33.1. Thanks for letting me know ;-), but that kernel does not seem to be booting here so I'll stick with 2.4.33 for now. l/alsa-driver-1.0.11_2.4.33-i486-2.tgz: Recompiled. Upgraded to alsa-driver-1.0.11 compiled for Linux 2.4.33. bootdisks/sata.i: Rebuilt. bootdisks/speakup.s: Added SATA support. kernels/huge26.s/*: Recompiled. kernels/sata.i/*: Recompiled. kernels/speakup.s/*: Added SATA support. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.9. To be consistent, bumped the build number on all of the 2.6.16.27 packages to -5. extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-5.tgz: Recompiled. extra/linux-2.6.16.27/kernel-generic-2.6.16.27-i486-5.tgz: Recompiled. extra/linux-2.6.16.27/kernel-headers-2.6.16.27-i386-5.tgz: Rebuilt. extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-5.tgz: Enabled CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK option so that Piotr Wierzchowski's Thinkpad will run cooler and use less power. :-) extra/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-5.tgz: Rebuilt with CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK=y in .config. extra/slackpkg/slackpkg-2.08-noarch-2.tgz: Upgraded to slackpkg-2.08-noarch-2. Thanks to Piter Punk. testing/packages/linux-2.6.17.9/kernel-generic-2.6.17.9-i486-1.tgz: Upgraded to Linux 2.6.17.9 generic kernel. testing/packages/linux-2.6.17.9/kernel-headers-2.6.17.9-i386-1.tgz: Upgraded to Linux 2.6.17.9 kernel headers. testing/packages/linux-2.6.17.9/kernel-modules-2.6.17.9-i486-1.tgz Upgraded to Linux 2.6.17.9 kernel modules. testing/packages/linux-2.6.17.9/kernel-source-2.6.17.9-noarch-1.tgz Upgraded to Linux 2.6.17.9 kernel source. Thanks to Andrea for building the 2.6.17.9 kernels. rootdisks/install.1: Updated. Thanks to Cal Peake for the idea about how to improve the setup of swap partitions. Updated most of the binaries on the installer, but not busybox. It seems to be working fine, and the idea of messing with it now scares me. ;-) rootdisks/install.2: Updated. rootdisks/install.zip: Updated. rootdisks/network.dsk: Fixed to probe for tg3 cards. Thanks to Eric Hameleers and Bruce Hill, Jr. Fixed module probing to work with 2.6 modules. Thanks to Piter Punk. +--------------------------+ Fri Aug 18 00:20:46 CDT 2006 a/aaa_elflibs-11.0.0-i486-8.tgz: Upgraded to the mm-1.4.2 library, patched libtiff, upgraded to pcre-6.7 libraries, and included the recompiled cups-1.1.23 and slang libraries. a/cups-1.1.23-i486-4.tgz: Fixed broken es and fr man page symlinks. d/git-1.4.2-i486-1.tgz: Upgraded to git-1.4.2. kde/kdenetwork-3.5.4-i486-2.tgz: Patched a bug in kopete that could freeze KDE under certain circumstances. Thanks to JaguarWan and Olivier Goffart. l/libtiff-3.8.2-i486-2.tgz: Patched vulnerabilities in libtiff which were found by Tavis Ormandy of the Google Security Team. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program's user. A low risk command-line overflow in tiffsplit was also patched. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465 (* Security fix *) l/mm-1.4.2-i486-1.tgz: Upgraded to mm-1.4.2. l/pcre-6.7-i486-1.tgz: Upgraded to pcre-6.7. l/slang-2.0.6-i486-2.tgz: Fixed uncompressed manpage. n/php-4.4.4-i486-1.tgz: Upgraded to php-4.4.4. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) testing/packages/cups-1.2.2/cups-1.2.2-i486-2.tgz: Removed /usr/man/man8/disable.8.gz symlink. testing/packages/php-5.1.5/php-5.1.5-i486-1.tgz: Upgraded to php-5.1.5. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5 with realpath cache. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) kernels/sata.i/: Recompiled with Silicon Image PATA support. (there was a conflict before with this and the Sil SATA driver but it was fixed) +--------------------------+ Wed Aug 16 19:11:39 CDT 2006 a/aaa_base-11.0.0-noarch-1.tgz: Added /usr/share/info -> ../info symlink. Bumped /etc/slackware-version number to 11.0.0. Changed version number (but little else yet) in initial email. a/hotplug-2004_09_23-noarch-10.tgz: Corrected typo in rc.hotplug. Thanks to Willy Sudiarto Raharjo. a/pcmcia-cs-3.2.8-i486-3.tgz: Commented out line in config.opts for old Webgear wireless card. chmod 644 /etc/pcmcia/*.opts. a/pcmciautils-014-i486-2.tgz: Commented out line in config.opts for old Webgear wireless card. Moved man pages to /usr/man/man8, compressed with gzip. a/sysvinit-2.84-i486-65.tgz: Don't run /lib/udev/rc.optical-symlinks in a login shell, since the bug that required that kludge is now fixed. a/udev-097-i486-3.tgz: Patched rc.optical-symlinks to be locale friendly. Thanks to everyone who reported the bug, and to Michiel Broek and Eric Hameleers for sending in patches. Updated comments and removed obsolete options in udev.conf. Thanks to Jakub Jankowski. Removed /dev/loop0 and /dev/rtc from udev-script-devices.tar.gz. l/gd-2.0.33-i486-1.tgz: Added gd-2.0.33. Suggested by Cal Peake. l/libidn-0.6.5-i486-1.tgz: Upgraded to libidn-0.6.5. Suggested by Piotr Simon. n/nfs-utils-1.0.10-i486-2.tgz: On 2.6.x kernels, mount nfsd in rc.nfsd. Thanks to Piter Punk, Leonardo Roman, and George Iosif for the suggestion. n/wireless-tools-28-i486-3.tgz: Fixed rc.wireless which contained a few ^M that broke it. I think I did this saving the patch with my mailer -- sorry about that. xap/gnuplot-4.0.0-i486-2.tgz: Recompiled against new gd-2.0.33 package. Thanks to Michael Iatrou for the suggestion. extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33-i486-1.tgz: Recompiled kernel modules for Linux 2.4.33. +--------------------------+ Tue Aug 15 21:45:53 CDT 2006 a/genpower-1.0.5-i486-1.tgz: Upgraded to genpower-1.0.5. Thanks to Bernd Noessler for letting me know about this -- freshmeat.net still points to a much older version of genpower. a/less-394-i486-1.tgz: Upgraded to less-394. Thanks to Haakon Riiser for suggesting this and confirming that less-394 is an official stable release. Added RAR support to lesspipe.sh. Thanks to Manolis Tzanidakis. a/sysvinit-2.84-i486-64.tgz: In rc.M, check better for udev before running rc.optical-symlinks, and run the script in a login shell which might fix the error "-bash: let: expression expected" that some people have reported. Thanks to Michiel Broek for the hint about using a login shell. ap/mt-st-0.9b-i486-1.tgz: Upgraded to mt-st-0.9b. Thanks to Stuart Winter. d/git-1.4.1.1-i486-2.tgz: Replaced hard links with symbolic links, since Stuart Winter hates hard links. (I hope he doesn't find the other ones! ;-) Thanks to Stuart Winter for the patch. kde/kdebase-3.5.4-i486-4.tgz: Patched a bug in ksystraycmd. Thanks to Dirk Mueller for the patch. n/wireless-tools-28-i486-2.tgz: Patched rc.wireless for ESSIDs with spaces. Thanks to Bruneel Michaël and Eric Hameleers. xap/imagemagick-6.2.8_8-i486-2.tgz: Reverted to ImageMagick-6.2.8-8 since the "display" program in ImageMagick-6.2.9-0 crashes. Thanks to Tomasz Luczak for the bug report. +--------------------------+ Tue Aug 15 01:20:55 CDT 2006 a/devs-2.3.1-noarch-24.tgz: Added udev-style /dev/md/* devices to save people who boot between 2.4.x and 2.6.x kernels some trouble. Thanks to Mircea Baciu for pointing out this possibility. Note: Upgrading the devs package while running udev will NOT work. a/sysvinit-2.84-i486-63.tgz: Patched rc.4 to check both /usr/bin and /usr/sbin for gdm. Thanks to Scott J. Harmon. Added a warning in rc.S that if you make an rc.modules.local that the other rc.modules script(s) will not be run. Don't try to start udev if sysfs and tmpfs are not in the kernel. Use grep '-q' option instead of '> /dev/null' in many places. a/udev-097-i486-2.tgz: Don't run rc.udev if tmpfs is not in the kernel. Thanks to Gunnar Florus Johansen. ap/sysstat-7.0.0-i486-1.tgz: Added sysstat-7.0.0. Suggested by grk wng and Jesper Juhl. n/iproute2-2.6.16_060323-i486-1.tgz: Upgraded to iproute2-2.6.16-060323. n/nfs-utils-1.0.10-i486-1.tgz: Upgraded to nfs-utils-1.0.10. t/xfig-3.2.4-i486-1.tgz: Upgraded to xfig-3.2.4. Thanks to Daniil Bratashov for the initial SlackBuild script. xap/gimp-2.2.12-i486-3.tgz: Fixed icon path in gimp-2.2.desktop. Thanks to Nikos Skalkotos for the bug report. xap/imagemagick-6.2.9_0-i486-1.tgz: Upgraded to imagemagick-6.2.9-0. extra