Thu Jun 5 20:06:11 PDT 2003 a/e2fsprogs-1.33-i486-1.tgz: Upgraded to e2fsprogs-1.33. ap/most-4.9.4-i486-1.tgz: Added most-4.9.4. ap/jed-0.99_16-i486-1.tgz: Upgraded to jed-0.99-16. d/automake-1.7.5-noarch-1.tgz: Upgraded to automake-1.7.5. d/distcc-2.5.1-i486-1.tgz: Upgraded to distcc-2.5.1. l/slang-1.4.9-i486-1.tgz: Upgraded to slang-1.4.9. n/slrn-0.9.7.4-i486-1.tgz: Added slrn-0.9.7.4. n/uucp-1.07-i486-1.tgz: Upgraded to Taylor UUCP version 1.07. Moved config files to /etc/uucp. xap/fvwm-2.4.16-i486-1.tgz: Upgraded to fvwm-2.4.16. xap/gaim-0.64-i486-1.tgz: Upgraded to gaim-0.64. +--------------------------+ Wed Jun 4 18:51:15 PDT 2003 d/perl-5.8.0-i486-4.tgz: Recompiled for i486/i686 arch. Added DBI and DBD-mysql modules (by popular request). d/python-2.2.3-i486-1.tgz: Upgraded to python-2.2.3. d/python-demo-2.2.3-noarch-1.tgz: Added Python demos. d/python-tools-2.2.3-noarch-1.tgz: Added Python tools, such as idle. Thanks to Rob McGee for the suggestion. :-) l/libxml2-2.5.7-i486-1.tgz: Upgraded to libxml2-2.5.7. l/libxslt-1.0.30-i486-1.tgz: Upgraded to libxslt-1.0.30. xap/gimp-1.2.4-i486-1.tgz: Upgraded to gimp-1.2.4. xap/imagemagick-5.5.7_8-i486-1.tgz: Upgraded to ImageMagick-5.5.7-8. xap/sane-1.0.12-i486-1.tgz: Upgraded to sane-frontends-1.0.11 and sane-backends-1.0.12. xap/xsane-0.91-i486-1.tgz: Upgraded to xsane-0.91. extra/gimp-1.3.14/gimp-1.3.14-i486-1.tgz: Upgraded to gimp-1.3.14. +--------------------------+ Sat May 31 21:34:22 PDT 2003 a/procps-2.0.13-i486-1.tgz: Upgraded to procps-2.0.13. Will the real procps please stand up. ;-) After noticing Robert Love's post on lkml, I realized we've been using the wrong version of procps. This version seems considerably better, requiring only 1 of the 5 patches I usually apply to procps (I'm not a fan of the bold white text in 'top'). a/shadow-4.0.3-i386-7.tgz: /usr/sbin/adduser fixes (from Stuart Winter). Fixed the newgrp patch from Simon Williams so that it applies correctly. a/syslinux-2.04-i386-1.tgz: Upgraded to syslinux-2.04. a/util-linux-2.11z-i486-2.tgz: This package now provides /bin/kill (which is no longer part of the procps package). n/imapd-4.56-i486-1.tgz: Upgraded to IMAP4rev1 2003.338 from pine4.56. n/nfs-utils-1.0.3-i486-1.tgz: Upgraded to nfs-utils-1.0.3. n/php-4.3.2-i486-1.tgz: Upgraded to php-4.3.2. A bit of the information about the release on www.php.net: * Fixes several potentially hazardous integer and buffer overflows. * New "disable_classes" php.ini option to allow administrators to disable certain classes for security reasons. * ..and a HUGE amount of other bug fixes! (* Security fix *) Also enabled --with-gettext=shared,/usr in this PHP build. Thanks to Petr Hostalek for the reminder. n/pine-4.56-i486-1.tgz: Upgraded to pine-4.56. +--------------------------+ Thu May 29 01:01:07 PDT 2003 a/coreutils-5.0-i486-2.tgz: Added symlinks for ginstall in case anything tries to use the old name rather than 'install'. Problem noted by Matias Aguirre. a/etc-5.0-noarch-13.tgz: Make sure the default paths are added to /etc/ld.so.conf, even if the file already exists. Reported by Marin Mitov. a/hotplug-2003_05_01-noarch-1.tgz: Upgraded to hotplug-2003_05_01. a/sysvinit-2.84-i486-27.tgz: Fixed a bug with the use of /etc/fastboot in /etc/rc.d/rc.S. Thanks to Jaroslaw Swierczynski for the patch. ap/dvd+rw-tools-5.5.4.3.4-i486-1.tgz: Added dvd+rw-tools-5.5.4.3.4. d/binutils-2.14.90.0.4-i486-1.tgz: Upgraded to binutils-2.14.90.0.4. Included c++filt, which used to be redundant but is no longer provided by GCC (as of version 3.3). Thanks to Udo A. Steinberg for pointing out that c++filt was missing from the gcc-3.3 packages. extra/cups-1.1.19/cups-1.1.19-i486-1.tgz: Upgraded to cups-1.1.19. A denial of service problem that allowed a CUPS client to hang the CUPS server is now fixed in CUPS 1.1.19. Note that CUPS is not installed by default -- it is shipped as one of the packages in /extra. (* Security fix *) +--------------------------+ Thu May 22 23:28:30 PDT 2003 e/emacs-21.3-i486-1.tgz: Upgraded to GNU Emacs 21.3. e/emacs-info-21.3-noarch-1.tgz: Upgraded to GNU Emacs 21.3. e/emacs-leim-21.3-noarch-1.tgz: Upgraded to GNU Emacs 21.3. e/emacs-lisp-21.3-noarch-1.tgz: Upgraded to GNU Emacs 21.3. e/emacs-misc-21.3-noarch-1.tgz: Upgraded to GNU Emacs 21.3. e/emacs-nox-21.3-i486-1.tgz: Upgraded to GNU Emacs 21.3. +--------------------------+ Wed May 21 16:05:37 PDT 2003 We have free space on the FTP machine again! :-) Thanks to Jorg B. and cwo.com for all their support for this project, including loaning us hardware, hosting our machines (and helping to maintain them), and providing bandwidth for our web and FTP site. You're the greatest! a/coreutils-5.0-i486-1.tgz: This package replaces the GNU fileutils, sh-utils, and textutils packages. Also, edited DIR_COLORS to change video files to use the same colors as image files. Previously they were "bold white", which made them invisible in terminals with a white background. a/cxxlibs-5.1.0-i486-1.tgz: Upgraded to libstdc++ from gcc-3.2.3, moved legacy shared libraries to /usr/i486-slackware-linux/lib/. a/etc-5.0-noarch-12.tgz: In ld.so.conf, remove /usr/i386-slackware-linux/lib and add /usr/i486-slackware-linux/lib. a/glibc-solibs-2.3.1-i486-4.tgz: Patched a buffer overflow in some dead code (xdrmem_getbytes(), which we couldn't find used by anything, but it doesn't hurt to patch it anyway) (* Security fix *) a/glibc-zoneinfo-2.3.1-noarch-4.tgz: Rebuilt. a/hotplug-2002_08_26-noarch-6.tgz: Fix a bug which prevents hotplugged network cards from invoking rc.inet1 to bring up the interface. (Thanks to Mark for the bug report) Blacklist 8139cp driver as it interferes with 8139too. a/pkgtools-9.0.1-i386-1.tgz: Add a --dry-run mode to upgradepkg. a/sed-3.60-i386-1.tgz: Switched to super-sed version 3.60, as recent (4.0.x) versions of GNU sed have regex bugs that slow certain scripts to an absolute crawl. Thanks to Haakon Riiser for reporting the problem and providing benchmark script for testing. We won't be "upgrading" sed again without good cause... a/sysvinit-2.84-i386-26.tgz: Use option m, not M, for quotacheck. Otherwise, the partition might be remounted losing flags like nosuid,nodev,noexec. Thanks to Jem Berkes for pointing this out. (* Security fix *) d/binutils-2.14.90.0.2-i486-1.tgz: Upgraded to binutils-2.14.90.0.2. d/distcc-2.3-i386-1.tgz: Upgraded to distcc-2.3. d/gcc-3.2.3/gcc-3.2.3-i486-1.tgz: Upgraded to GCC 3.2.3. d/gcc-3.2.3/gcc-g++-3.2.3-i486-1.tgz: Upgraded to GCC 3.2.3. d/gcc-3.2.3/gcc-g77-3.2.3-i486-1.tgz: Upgraded to GCC 3.2.3. d/gcc-3.2.3/gcc-gnat-3.2.3-i486-1.tgz: Upgraded to GCC 3.2.3. d/gcc-3.2.3/gcc-java-3.2.3-i486-1.tgz: Upgraded to GCC 3.2.3. d/gcc-3.2.3/gcc-objc-3.2.3-i486-1.tgz: Upgraded to GCC 3.2.3. kde/*.tgz: Upgraded to KDE 3.1.2. kdei/*.tgz: Upgraded KDE i18n packages to KDE 3.1.2. l/arts-1.1.2-i386-1.tgz: Upgraded to arts-1.1.2 from KDE 3.1.2. l/glibc-2.3.1-i486-4.tgz: Patched, recompiled. (* Security fix *) l/glibc-i18n-2.3.1-noarch-4.tgz: Rebuilt. n/apache-1.3.27-i386-3.tgz: Rebuilt with the EAPI patch from mod_ssl-2.8.14_1.3.27. n/bitchx-1.0c19-i486-3.tgz: Patched several potential "evil server" security problems noted by Timo Sirainen. (* Security fix *) n/gnupg-1.2.2-i486-1.tgz: Upgraded to gnupg-1.2.2, which fixes a bug in key validation for keys with more than one user ID. The bug results in all user IDs on a given key being treated with the validity of the most-valid user ID on that key. (* Security fix *) n/mod_ssl-2.8.14_1.3.27-i386-1.tgz: Upgraded to mod_ssl-2.8.14_1.3.27. Includes RSA blinding fixes. (* Security fix *) n/epic4-1.0.1-i386-3.tgz: Patched a buffer overflow in ctcp.c. (* Security fix *) n/imapd-4.55-i386-1.tgz: Upgraded to IMAP4rev1 2003.337 from pine4.55. n/openssh-3.6.1p2-i486-1.tgz: Upgraded to openssh-3.6.1p2. n/pine-4.55-i386-1.tgz: Upgraded to pine-4.55. Added DEBUG= to the build line to eliminate .pine-debug* files, and added support for $HOME/.pine.pwd. (Thanks to Frédéric L. W. Meunier) n/sendmail-8.12.9-i386-2.tgz: Added features to sendmail.cf, supporting the following new configuration files in /etc/mail: domaintable, local-host-names, mailertable, trusted-users, and virtusertable. If there's not already an installed sendmail.cf, we use this new one by default -- there's no longer a selection menu, so UUCP people will have to install the UUCP .cf file from /usr/share/sendmail/ by hand. Added a Makefile to /etc/mail/ to assist with running makemap and newaliases. Thanks to Mike Wilson who suggested these improvements a while back. n/sendmail-cf-8.12.9-noarch-2.tgz: Rebuilt with new sendmail.cf and sendmail-slackware.mc. x/ttf-bitstream-vera-1.10-noarch-1.tgz: Added Bitstream Vera fonts. xap/xap/mozilla-1.3.1-i386-1.tgz: Upgraded to Mozilla 1.3.1. extra/glibc-extra-packages/glibc-debug-2.3.1-i486-4.tgz: Patched, recompiled. (* Security fix *) extra/glibc-extra-packages/glibc-profile-2.3.1-i486-4.tgz: Patched, recompiled. (* Security fix *) Added the following test packages that we're not ready to merge in yet: testing/packages/gcc-3.3/gcc-3.3-i486-1.tgz: This is GCC 3.3, compiled for a minimum CPU target of i486. Why i486 and not i386? Because the shared C++ libraries in gcc-3.2.x will require 486 opcodes even when a 386 target is used (so we already weren't compatible with the i386 for Slackware 9.0 and nobody noticed :-). gcc-3.3 fixes this issue and allows you to build a 386 compiler, but the fix is done in a way that produces binaries that are not compatible with gcc-3.2.x compiled binaries and which suffer a performance hit. To retain compatibility with Slackware 9.0, we'll have to use i486 (or better) as the compiler target for gcc-3.3. Therefore, it is time to say goodbye to i386 support in Slackware. I've surveyed 386 usage online, and the most common thing I see people say when someone asks about running Linux on a 386 is to "run Slackware", but then they also usually go on to say "be sure to get an OLD version, like 4.0, before glibc, because it'll be more efficient." Now, if that's the general advice, then I see no reason to continue 386 support in the latest Slackware (and indeed it's no longer easily possible). People with 386 machines aren't going to have the hard drive space for Slackware 9.1 in any case. testing/packages/gcc-3.3/gcc-g++-3.3-i486-1.tgz testing/packages/gcc-3.3/gcc-g77-3.3-i486-1.tgz testing/packages/gcc-3.3/gcc-gnat-3.3-i486-1.tgz testing/packages/gcc-3.3/gcc-java-3.3-i486-1.tgz testing/packages/gcc-3.3/gcc-objc-3.3-i486-1.tgz testing/packages/glibc-2.3.2/glibc-2.3.2-i486-1.tgz: This is also compiled for a minimum target of i486 (the gcc-3.2.2 i486 compiler was used). Again, if the future plan is to drop support for i386 in the main version of Slackware, then we might as well start doing that soon. Note that this version of glibc fixes some bugs, and could be an interesting upgrade for Slackware 9.0 machines. It's known to fix problems with Qt Designer crashing, and includes the xdrmem_getbytes() fix mentioned above. testing/packages/glibc-2.3.2/glibc-debug-2.3.2-i486-1.tgz testing/packages/glibc-2.3.2/glibc-i18n-2.3.2-noarch-1.tgz testing/packages/glibc-2.3.2/glibc-profile-2.3.2-i486-1.tgz testing/packages/glibc-2.3.2/glibc-solibs-2.3.2-i486-1.tgz testing/packages/glibc-2.3.2/glibc-zoneinfo-2.3.2-noarch-1.tgz +--------------------------+ Mon Apr 28 17:14:20 PDT 2003 Slackware -current (pre-9.1) branched. a/openssl-solibs-0.9.7b-i386-1.tgz: moved from /patches. a/procps-3.1.8-i386-1.tgz: moved from /patches. kde/qt-3.1.2-i386-3.tgz: moved from /patches. kde/koffice-1.2.1-i386-3.tgz: moved from /patches. kde/arts-1.1.1-i386-1.tgz: moved from /patches. kde/kdeaddons-3.1.1-i386-1.tgz: moved from /patches. kde/kdeadmin-3.1.1-i386-1.tgz: moved from /patches. kde/kdeartwork-3.1.1-i386-1.tgz: moved from /patches. kde/kdebase-3.1.1a-i386-1.tgz: moved from /patches. kde/kdebindings-3.1.1-i386-1.tgz: moved from /patches. kde/kdeedu-3.1.1-i386-1.tgz: moved from /patches. kde/kdegames-3.1.1-i386-1.tgz: moved from /patches. kde/kdegraphics-3.1.1a-i386-1.tgz: moved from /patches. kde/kdelibs-3.1.1a-i386-1.tgz: moved from /patches. kde/kdemultimedia-3.1.1-i386-1.tgz: moved from /patches. kde/kdenetwork-3.1.1-i386-1.tgz: moved from /patches. kde/kdepim-3.1.1-i386-1.tgz: moved from /patches. kde/kdesdk-3.1.1-i386-1.tgz: moved from /patches. kde/kdetoys-3.1.1-i386-1.tgz: moved from /patches. kde/kdeutils-3.1.1-i386-1.tgz: moved from /patches. kde/kdevelop-3.0a4a-i386-1.tgz: moved from /patches. kde/quanta-3.1.1-i386-2.tgz: moved from /patches. kdei/kde-i18n-af-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ar-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-bg-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-bs-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ca-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-cs-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-da-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-de-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-el-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-en_GB-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-eo-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-es-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-et-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-eu-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-fa-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-fi-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-fr-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-he-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-hr-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-hu-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-is-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-it-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ja-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-lt-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-mt-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-nb-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-nl-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-nn-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-nso-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-pl-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-pt-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-pt_BR-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ro-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ru-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-se-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-sk-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-sl-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-sr-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ss-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-sv-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ta-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-th-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-tr-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-uk-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-ven-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-vi-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-xh-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-zh_CN-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-zh_TW-3.1.1-noarch-1.tgz: moved from /patches. kdei/kde-i18n-zu-3.1.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-af-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-ar-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-bs-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-ca-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-cs-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-da-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-de-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-el-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-en_GB-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-eo-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-es-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-et-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-fr-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-he-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-hu-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-it-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-ja-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-lt-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-lv-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-mt-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-nb-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-nl-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-nn-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-pl-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-pt-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-pt_BR-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-ru-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-sk-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-sl-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-sv-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-th-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-tr-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-uk-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-ven-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-xh-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-zh_TW-1.2.1-noarch-1.tgz: moved from /patches. kdei/koffice-i18n-zu-1.2.1-noarch-1.tgz: moved from /patches. n/sendmail-8.12.9-i386-1.tgz: moved from /patches. n/sendmail-cf-8.12.9-noarch-1.tgz: moved from /patches. n/mutt-1.4.1i-i386-1.tgz: moved from /patches. n/openssh-3.6.1p1-i386-1.tgz: moved from /patches. n/openssl-0.9.7b-i386-1.tgz: moved from /patches. n/samba-2.2.8a-i386-1.tgz: moved from /patches. +--------------------------+ Sun Apr 20 16:35:57 PDT 2003 patches/packages/openssh-3.6.1p1-i386-1.tgz: Upgraded to openssh-3.6.1p1. patches/packages/openssl-0.9.7b-i386-1.tgz: Upgraded to openssl-0.9.7b. This includes patches for the widely publicized timing attacks against SSL. We've seen no evidence that these attacks have occured in the wild (and suspect it to be unlikely), but recommend that sites using SSL upgrade. (* Security fix *) patches/packages/openssl-solibs-0.9.7b-i386-1.tgz: Upgraded to shared libraries from openssl-0.9.7b. Protects against timing attacks. (* Security fix *) patches/packages/procps-3.1.8-i386-1.tgz: Upgraded to procps-3.1.8. Also upgraded to psmisc-21.2, which fixes a problem with 'killall' sending the wrong signals. (reported by Phil Howard and Phil DeBecker) patches/packages/kde/quanta-3.1.1-i386-2.tgz: Fixed package build. +--------------------------+ Thu Apr 17 15:32:15 PDT 2003 patches/packages/kde/*: Upgraded to KDE 3.1.1a. Also included in this directory are a rebuild of Qt (linked with Xft2 rather than Xft1), an updated aRts package (the aRts sound server is a component of KDE, but ships as part of Slackware's L series), and kdevelop-3.0a4a. Note that this update addresses a security problem with KDE's handling of PostScript documents. This is the overview of the problem from the KDE site: KDE uses Ghostscript software for processing of PostScript (PS) and PDF files in a way that allows for the execution of arbitrary commands that can be contained in such files. An attacker can prepare a malicious PostScript or PDF file which will provide the attacker with access to the victim's account and privileges when the victim opens this malicious file for viewing or when the victim browses a directory containing such malicious file and has file previews enabled. An attacker can provide malicious files remotely to a victim in an e-mail, as part of a webpage, via an ftp server and possible other means. We recommend that sites running KDE install this update. Please note that the change from Xft1 to Xft2 has changed the available fonts in Konsole (and presumably elsewhere), and that Xft2 seems unable to display the Linux Console font that was previously Slackware's default. Also, it doesn't handle gamma correction when displaying fonts against a black background, so we've had to change the default to black fonts on a white background (this is Konsole's default). This creates an additional issue with certain file types displayed as bold white by /etc/DIR_COLORS becoming invisible in CD-ROM ISO FILES - Free Download -Download gratis classicistranieri.coms. A workaround is to comment out these lines (or change to a different color): .mpg 01;37 # movie formats .avi 01;37 .mov 01;37 (* Security fix *) patches/packages/kdei/*: New internationalization packages for KDE 3.1.1a. +--------------------------+ Mon Apr 7 14:26:53 PDT 2003 patches/packages/samba-2.2.8a-i386-1.tgz: Upgraded to samba-2.2.8a. From the samba-2.2.8a WHATSNEW.txt: **************************************** * IMPORTANT: Security bugfix for Samba * **************************************** Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in all stable versions of Samba currently shipping. The Common Vulnerabilities and Exposures (CVE) project has assigned the ID CAN-2003-0201 to this defect. This vulnerability, if exploited correctly, leads to an anonymous user gaining root access on a Samba serving system. All versions of Samba up to and including Samba 2.2.8 are vulnerable. An active exploit of the bug has been reported in the wild. Alpha versions of Samba 3.0 and above are *NOT* vulnerable. (* Security fix *) +--------------------------+ Sat Mar 29 13:46:36 PST 2003 patches/packages/mutt-1.4.1i-i386-1.tgz: Upgraded to mutt-1.4.1i. From www.mutt.org: Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These releases both fix a buffer overflow identified by Core Security Technologies. The only differences between 1.4 and 1.4.1 are bug fixes. If you are currently using 1.4, it's probably a very good idea to update. (* Security fix *) patches/packages/sendmail-8.12.9-i386-1.tgz: Upgraded to sendmail-8.12.9. From sendmail's RELEASE_NOTES: 8.12.9/8.12.9 2003/03/29 SECURITY: Fix a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable. Problem found by Michal Zalewski. Note: an MTA that is not patched might be vulnerable to data that it receives from untrusted sources, which includes DNS. (* Security fix *) patches/packages/sendmail-cf-8.12.9-noarch-1.tgz: Updated config files for sendmail-8.12.9. +--------------------------+ Tue Mar 18 01:44:41 PST 2003 Slackware 9.0 is released... happy release day! bootdisks/*: Patched kmod/ptrace hole. (see below) kernels/*: Patched kmod/ptrace hole. (see below) a/kernel-ide-2.4.20-i486-5.tgz: Patched kmod/ptrace hole. (see below) ap/mysql-3.23.56-i386-1.tgz: Upgraded to mysql-3.23.56. d/ccache-2.2-i386-1.tgz: Added ccache-2.2. d/kernel-headers-2.4.20-i386-5.tgz: Patched ptrace related headers. k/kernel-source-2.4.20-noarch-5.tgz: Patched kmod/ptrace hole. The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.20, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. For additional information and references, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127 (* Security fix *)