rlh   img   mp3   nfo   pro  
./nfo/linux/slackware/slackware-11.0.changelog.inc
Slackware-11.0 ChangeLog Sat, 21 Sep 2019 03:46:02 +0200
slackware.no
Wed Jul 25 02:02:40 UTC 2012
patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz:  Upgraded.
  Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()
  (fixes CVE-2011-3045).
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
  (* Security fix *)
+--------------------------+
Wed Jul 18 05:35:26 UTC 2012
patches/packages/libexif-0.6.21-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes a number of remotely exploitable issues in libexif
   with effects ranging from information leakage to potential remote
   code execution.
  For more information, see:
    http://sourceforge.net/mailarchive/message.php?msg_id=29534027
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845
  (* Security fix *)
+--------------------------+
Mon Jun 25 02:32:37 UTC 2012
patches/packages/freetype-2.4.10-i486-1_slack11.0.tgz:  Upgraded.
  Since freetype-2.4.8 many fixes were made to better handle invalid fonts.
  Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144
  and SA48320) so all users should upgrade.
  (* Security fix *)
+--------------------------+
Thu Jun 14 05:02:39 UTC 2012
####################################################################
# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
#                                                                  #
# Effective August 1, 2012, security patches will no longer be     #
# provided for the following versions of Slackware (which will all #
# be more than 5 years old at that time):                          #
# Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0.           #
# If you are still running these versions you should consider      #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own        #
# security patches.  If for some reason you are unable to upgrade  #
# or handle your own security patches, limited security support    #
# may be available for a fee.  Inquire at security@slackware.com.  #
####################################################################
patches/packages/bind-9.7.6_P1-i486-1_slack11.0.tgz:  Upgraded.
  This release fixes an issue that could crash BIND, leading to a denial of
  service.  It also fixes the so-called "ghost names attack" whereby a
  remote attacker may trigger continued resolvability of revoked domain names.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
  IMPORTANT NOTE:  This is a upgraded version of BIND, _not_ a patched one.
  It is likely to be more strict about the correctness of configuration files.
  Care should be taken about deploying this upgrade on production servers to
  avoid an unintended interruption of service.
  (* Security fix *)
+--------------------------+
Wed May 23 00:14:52 UTC 2012
patches/packages/libxml2-2.6.32-i486-2_slack11.0.tgz:  Upgraded.
  Patched an off-by-one error in XPointer that could lead to a crash or
  possibly the execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
  (* Security fix *)
+--------------------------+
Sat May 19 19:03:37 UTC 2012
patches/packages/openssl-0.9.8x-i486-1_slack11.0.tgz:  Upgraded.
  This is a very minor security fix:
  o Fix DTLS record length checking bug CVE-2012-2333
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8x-i486-1_slack11.0.tgz:  Upgraded.
  This is a very minor security fix:
  o Fix DTLS record length checking bug CVE-2012-2333
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
  (* Security fix *)
+--------------------------+
Fri Apr 27 01:07:23 UTC 2012
patches/packages/openssl-0.9.8w-i486-1_slack11.0.tgz:  Upgraded.
  Fixes some potentially exploitable buffer overflows.
  Thanks to Tavis Ormandy, Google Security Team, for discovering this
  issue and to Adam Langley <agl@chromium.org> for fixing it.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8w-i486-1_slack11.0.tgz:  Upgraded.
  Fixes some potentially exploitable buffer overflows.
  Thanks to Tavis Ormandy, Google Security Team, for discovering this
  issue and to Adam Langley <agl@chromium.org> for fixing it.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
  (* Security fix *)
+--------------------------+
Mon Apr 23 18:18:31 UTC 2012
patches/packages/openssl-0.9.8v-i486-1_slack11.0.tgz:  Upgraded.
  Fixes some potentially exploitable buffer overflows.
  Thanks to Tavis Ormandy, Google Security Team, for discovering this
  issue and to Adam Langley <agl@chromium.org> for fixing it.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8v-i486-1_slack11.0.tgz:  Upgraded.
  Fixes some potentially exploitable buffer overflows.
  Thanks to Tavis Ormandy, Google Security Team, for discovering this
  issue and to Adam Langley <agl@chromium.org> for fixing it.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
  (* Security fix *)
+--------------------------+
Wed Apr 11 17:16:32 UTC 2012
patches/packages/samba-3.0.37-i486-5_slack11.0.tgz:  Rebuilt.
  This is a security release in order to address a vulnerability that allows
  remote code execution as the "root" user.  All sites running a Samba
  server should update to the new Samba package and restart Samba.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182
  (* Security fix *)
+--------------------------+
Sat Apr  7 21:48:42 UTC 2012
patches/packages/libtiff-3.8.2-i486-5_slack11.0.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173
  (* Security fix *)
+--------------------------+
Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.2.47-i486-1_slack11.0.tgz:  Upgraded.
  All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
  respectively, fail to correctly validate a heap allocation in
  png_decompress_chunk(), which can lead to a buffer-overrun and the
  possibility of execution of hostile code on 32-bit systems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
  (* Security fix *)
+--------------------------+
Wed Feb  8 01:21:42 UTC 2012
patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes a use-after-free() memory corruption error,
  and possibly other unspecified issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
  (* Security fix *)
patches/packages/vsftpd-2.3.5-i486-1_slack11.0.tgz:  Upgraded.
  Minor version bump, this also works around a hard to trigger heap overflow
  in glibc (glibc zoneinfo caching vuln).  For there to be any possibility
  to trigger the glibc bug within vsftpd, the non-default option
  "chroot_local_user" must be set in /etc/vsftpd.conf.
  Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
    Nevertheless:
  (* Security fix *)
+--------------------------+
Wed Feb  1 23:14:56 UTC 2012
patches/packages/freetype-2.4.8-i486-1_slack11.0.tgz:  Upgraded.
  Some vulnerabilities in handling CID-keyed PostScript fonts have
  been fixed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
  (* Security fix *)
patches/packages/openssl-0.9.8t-i486-1_slack11.0.tgz:  Upgraded.
  This fixes a bug where DTLS applications were not properly supported.  This
  bug could have allowed remote attackers to cause a denial of service via
  unspecified vectors.
  CVE-2012-0050 has been assigned to this issue.
  For more details see:
    http://openssl.org/news/secadv_20120118.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8t-i486-1_slack11.0.tgz:  Upgraded.
  This fixes a bug where DTLS applications were not properly supported.  This
  bug could have allowed remote attackers to cause a denial of service via
  unspecified vectors.
  CVE-2012-0050 has been assigned to this issue.
  For more details see:
    http://openssl.org/news/secadv_20120118.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
  (* Security fix *)
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.4_ESV_R5_P1-i486-1_slack11.0.tgz:  Upgraded.
        --- 9.4-ESV-R5-P1 released ---
3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]
  (* Security fix *)
+--------------------------+
Fri Nov 11 18:58:21 UTC 2011
  Good 11-11-11, everyone!  Enjoy some fresh time.  :)
patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.tgz:  Upgraded.
  New upstream homepage:  http://www.iana.org/time-zones
+--------------------------+
Thu Aug 25 09:10:45 UTC 2011
extra/php5/php-5.3.8-i486-1_slack11.0.tgz:  Upgraded.
  Security fixes vs. 5.3.6 (5.3.7 was not usable):
  Updated crypt_blowfish to 1.2. (CVE-2011-2483)
  Fixed crash in error_log(). Reported by Mateusz Kocielski
  Fixed buffer overflow on overlog salt in crypt().
  Fixed bug #54939 (File path injection vulnerability in RFC1867
  File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
  Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
  Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
  For those upgrading from PHP 5.2.x, be aware that quite a bit has
  changed, and it will very likely not 'drop in', but PHP 5.2.x is not
  supported by php.net any longer, so there wasn't a lot of choice
  in the matter.  We're not able to support a security fork of
  PHP 5.2.x here either, so you'll have to just bite the bullet on
  this.  You'll be better off in the long run.  :)
  (* Security fix *)
+--------------------------+
Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.4_ESV_R5-i486-1_slack11.0.tgz:  Upgraded.
  This BIND update addresses a couple of security issues:
  * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
  * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
+--------------------------+
Fri Jul 29 18:22:40 UTC 2011
patches/packages/libpng-1.2.46-i486-1_slack11.0.tgz:  Upgraded.
  Fixed uninitialized memory read in png_format_buffer()
  (Bug report by Frank Busse, related to CVE-2004-0421).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
  (* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i486-1_slack11.0.tgz:  Upgraded.
  This release fixes a denial of service in STARTTLS protocol phases.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
    http://www.fetchmail.info/fetchmail-SA-2011-01.txt
  (* Security fix *)
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack11.0.tgz:  Upgraded.
  This release fixes security issues:
     * A large RRSET from a remote authoritative server that results in
       the recursive resolver trying to negatively cache the response can
       hit an off by one code error in named, resulting in named crashing.
       [RT #24650] [CVE-2011-1910]
     * Zones that have a DS record in the parent zone but are also listed
       in a DLV and won't validate without DLV could fail to validate. [RT
       #24631]
  For more information, see:
    http://www.isc.org/software/bind/advisories/cve-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
  (* Security fix *)
+--------------------------+
Wed May 25 20:03:16 UTC 2011
patches/packages/apr-1.4.5-i486-1_slack11.0.tgz:  Upgraded.
  This fixes a possible denial of service due to a problem with a loop in
  the new apr_fnmatch() implementation consuming CPU.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
  (* Security fix *)
patches/packages/apr-util-1.3.12-i486-1_slack11.0.tgz:  Upgraded.
  Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().
+--------------------------+
Fri May 13 20:30:07 UTC 2011
patches/packages/apr-1.4.4-i486-1_slack11.0.tgz:  Upgraded.
  This fixes a possible denial of service due to an unconstrained, recursive
  invocation of apr_fnmatch().  This function has been reimplemented using a
  non-recursive algorithm.  Thanks to William Rowe.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
  (* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack11.0.tgz:  Upgraded.
+--------------------------+
Thu Apr 21 03:13:14 UTC 2011
patches/packages/rdesktop-1.6.0-i486-2_slack11.0.tgz:  Rebuilt.
  Patched a traversal vulnerability (disallow /.. requests).
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1595
  (* Security fix *)
+--------------------------+
Mon Apr 18 19:59:50 UTC 2011
patches/packages/acl-2.2.50-i486-1_slack11.0.tgz:  Upgraded.
  Fix the --physical option in setfacl and getfacl to prevent symlink attacks.
  Thanks to Martijn Dekker for the notification.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411
  (* Security fix *)
+--------------------------+
Fri Apr  8 06:58:48 UTC 2011
patches/packages/libtiff-3.8.2-i486-4_slack11.0.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
  (* Security fix *)
+--------------------------+
Thu Apr  7 04:07:29 UTC 2011
patches/packages/dhcp-3.1_ESV_R1-i486-1_slack11.0.tgz:  Upgraded.
  In dhclient, check the data for some string options for reasonableness
  before passing it along to the script that interfaces with the OS.
  This prevents some possible attacks by a hostile DHCP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
  (* Security fix *)
+--------------------------+
Tue Apr  5 05:10:33 UTC 2011
patches/packages/proftpd-1.3.3e-i486-1_slack11.0.tgz:  Upgraded.
  Fixes CVE-2011-1137 (badly formed SSH messages cause DoS).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137
  (* Security fix *)
+--------------------------+
Mon Feb 28 22:19:08 UTC 2011
patches/packages/samba-3.0.37-i486-4_slack11.0.tgz:  Rebuilt.
  Fix memory corruption denial of service issue.
  For more information, see:
    http://www.samba.org/samba/security/CVE-2011-0719
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719
  (* Security fix *)
+--------------------------+
Thu Feb 10 21:19:38 UTC 2011
patches/packages/apr-1.3.12-i486-1_slack11.0.tgz:  Upgraded.
patches/packages/apr-util-1.3.10-i486-1_slack11.0.tgz:  Upgraded.
  Fixes a memory leak and DoS in apr_brigade_split_line().
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
  (* Security fix *)
patches/packages/expat-1.95.8-i486-2_slack11.0.tgz:  Upgraded.
  Fixed various crash and hang bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
  (* Security fix *)
patches/packages/openssl-0.9.8r-i486-1_slack11.0.tgz:  Upgraded.
  This OpenSSL update fixes an "OCSP stapling vulnerability".
  For more information, see the included CHANGES and NEWS files, and:
    http://www.openssl.org/news/secadv_20110208.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014
  (* Security fix *)
  Patched certwatch to work with recent versions of "file".
  Thanks to Ulrich Sch?fer and Jan Rafaj.
patches/packages/openssl-solibs-0.9.8r-i486-1_slack11.0.tgz:  Upgraded.
  (* Security fix *)
patches/packages/sudo-1.7.4p6-i486-1_slack11.0.tgz:  Upgraded.
  Fix Runas group password checking.
  For more information, see the included CHANGES and NEWS files, and:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
  (* Security fix *)
+--------------------------+
Mon Jan 10 20:03:00 UTC 2011
extra/php5/php-5.2.17-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes an infinite loop with conversions from string to
  double that may result in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
  (* Security fix *)
+--------------------------+
Fri Dec 24 00:53:19 UTC 2010
extra/php5/php-5.2.16-i486-1_slack11.0.tgz:  Upgraded.
  This fixes many bugs, including some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
  (* Security fix *)
patches/packages/proftpd-1.3.3d-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes an unbounded copy operation in sql_prepare_where() that
  could be exploited to execute arbitrary code.  However, this only affects
  servers that use the sql_mod module (which Slackware does not ship), and
  in addition the ability to exploit this depends on an SQL injection bug
  that was already fixed in proftpd-1.3.2rc2 (this according to upstream).
  So in theory, this fix should only be of academic interest.
  But in practice, better safe than sorry.
  (* Security fix *)
+--------------------------+
Thu Dec 16 18:57:05 UTC 2010
patches/packages/bind-9.4_ESV_R4-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  (* Security fix *)
+--------------------------+
Tue Dec  7 05:01:53 UTC 2010
patches/packages/openssl-0.9.8q-i486-1_slack11.0.tgz:  Upgraded.
  This OpenSSL update contains some security related bugfixes.
  For more information, see the included CHANGES and NEWS files, and:
    http://www.openssl.org/news/secadv_20101202.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8q-i486-1_slack11.0.tgz:  Upgraded.
  (* Security fix *)
+--------------------------+
Mon Nov 22 04:11:40 UTC 2010
patches/packages/openssl-0.9.8p-i486-1_slack11.0.tgz:  Rebuilt.
  This OpenSSL update contains some security related bugfixes.
  For more information, see the included CHANGES and NEWS files, and:
    http://www.openssl.org/news/secadv_20101116.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
 (* Security fix *)
patches/packages/openssl-solibs-0.9.8p-i486-1_slack11.0.tgz:  Rebuilt.
 (* Security fix *)
+--------------------------+
Sat Nov 20 21:20:27 UTC 2010
patches/packages/xpdf-3.02pl5-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
  (* Security fix *)
+--------------------------+
Mon Nov  1 23:21:39 UTC 2010
patches/packages/proftpd-1.3.3c-i486-1_slack11.0.tgz:  Upgraded.
  Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can
  allow remote execution of arbitrary code as the user running the
  ProFTPD daemon.  Thanks to TippingPoint and the Zero Day Initiative (ZDI).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867
  (* Security fix *)
+--------------------------+
Mon Sep 20 18:39:57 UTC 2010
patches/packages/bzip2-1.0.6-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes an integer overflow that could allow a specially
  crafted bzip2 archive to cause a crash (denial of service), or execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
  (* Security fix *)
+--------------------------+
Wed Sep 15 18:51:21 UTC 2010
patches/packages/sudo-1.7.4p4-i486-3_slack11.0.tgz:  Rebuilt.
  Hi folks, since the patches for old systems (8.1 - 10.2) were briefly
  available containing a /var/lib with incorrect permissions, I'm issuing
  these again just to be 100% sure that no systems out there will be left
  with problems due to that.  This should do it (third time's the charm).
+--------------------------+
Wed Sep 15 05:58:55 UTC 2010
patches/packages/sudo-1.7.4p4-i486-2_slack11.0.tgz:  Rebuilt.
  The last sudo packages accidentally changed the permissions on /var from
  755 to 700.  This build restores the proper permissions.
  Thanks to Petri Kaukasoina for pointing this out.
+--------------------------+
Wed Sep 15 00:41:13 UTC 2010
patches/packages/samba-3.0.37-i486-3_slack11.0.tgz:  Upgraded.
  This upgrade fixes a buffer overflow in the sid_parse() function.
  For more information, see:
    http://www.samba.org/samba/security/CVE-2010-3069
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069
  (* Security fix *)
patches/packages/sudo-1.7.4p4-i486-1_slack11.0.tgz:  Upgraded.
  This fixes a flaw that could lead to privilege escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
  (* Security fix *)
+--------------------------+
Fri Aug 27 00:23:17 UTC 2010
extra/php5/php-5.2.14-i486-1_slack11.0.tgz:  Upgraded.
  Fixed several security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1917
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
    http://www.php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
    http://www.php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/index.html
  (* Security fix *)
+--------------------------+
Wed Jun 30 04:51:49 UTC 2010
patches/packages/libtiff-3.8.2-i486-3_slack11.0.tgz:  Rebuilt.
  This fixes image structure handling bugs that could lead to crashes or
  execution of arbitrary code if a specially-crafted TIFF image is loaded.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067
  (* Security fix *)
patches/packages/libpng-1.2.44-i486-1_slack11.0.tgz:  Upgraded.
  This fixes out-of-bounds memory write bugs that could lead to crashes
  or the execution of arbitrary code, and a memory leak bug which could
  lead to application crashes.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
  (* Security fix *)
+--------------------------+
Sun Jun 27 04:02:55 UTC 2010
patches/packages/bind-9.4.3_P5-i486-2_slack11.0.tgz:  Rebuilt.
  At least some of these updates for 2.4.x systems were built under a
  2.6.x kernel, and didn't work.  Sorry, I think I've fixed the
  issue on this end this time.  If the previous update did not work
  for you, try this one.
+--------------------------+
Fri Jun 25 05:28:02 UTC 2010
patches/packages/bind-9.4.3_P5-i486-1_slack11.0.tgz:  Upgraded.
  This fixes possible DNS cache poisoning attacks when DNSSEC is enabled
  and checking is disabled (CD).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
  (* Security fix *)
+--------------------------+
Fri Jun 18 18:09:28 UTC 2010
patches/packages/samba-3.0.37-i486-2_slack11.0.tgz:  Rebuilt.
  Patched a buffer overflow in smbd that allows remote attackers to cause
  a denial of service (memory corruption and daemon crash) or possibly
  execute arbitrary code via a crafted field in a packet.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063
  (* Security fix *)
+--------------------------+
Sun May 16 20:01:28 UTC 2010
patches/packages/fetchmail-6.3.17-i486-1_slack11.0.tgz:  Upgraded.
  A crafted header or POP3 UIDL list could cause a memory leak and crash
  leading to a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167
  (* Security fix *)
+--------------------------+
Fri Apr 30 01:07:12 UTC 2010
patches/packages/irssi-0.8.15-i486-2_slack11.0.tgz:  Rebuilt.
  Sorry, the perl modules were a mess in that last build on systems that
  don't use a vendor_perl dir.  This should work better.
+--------------------------+
Thu Apr 22 19:13:54 UTC 2010
patches/packages/irssi-0.8.15-i486-1_slack11.0.tgz:  Upgraded.
  From the NEWS file:
    - Check if an SSL certificate matches the hostname of the server we are
      connecting to.
    - Fix crash when checking for fuzzy nick match when not on the channel.
      Reported by Aurelien Delaitre (SATE 2009).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156
  (* Security fix *)
+--------------------------+
Tue Apr 20 14:45:24 UTC 2010
patches/packages/sudo-1.7.2p6-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes security issues that may give a user with permission
  to run sudoedit the ability to run arbitrary commands.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html
  (* Security fix *)
+--------------------------+
Mon Apr  5 03:06:19 UTC 2010
patches/packages/mozilla-thunderbird-2.0.0.24-i686-1.tgz:  Upgraded.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Wed Mar 31 05:05:47 UTC 2010
patches/packages/openssl-0.9.8n-i486-1_slack11.0.tgz:  Upgraded.
  This OpenSSL update contains some security related bugfixes.
  For more information, see the included CHANGES and NEWS files, and:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740
 (* Security fix *)
patches/packages/openssl-solibs-0.9.8n-i486-1_slack11.0.tgz:  Upgraded.
patches/packages/proftpd-1.3.3-i486-2_slack11.0.tgz:  Rebuilt.
  Recompiled against openssl-0.9.8n.
patches/packages/seamonkey-1.1.19-i486-1_slack11.0.tgz:  Upgraded.
  Upgraded to seamonkey-1.1.19.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Tue Mar  9 21:31:21 UTC 2010
patches/packages/openssl-0.9.8m-i486-2_slack11.0.tgz:  Rebuilt.
patches/packages/openssl-solibs-0.9.8m-i486-2_slack11.0.tgz:  Rebuilt.
  The OpenSSL package has been patched and recompiled to revert a change that
  broke decrypting some files encrypted with previous versions of OpenSSL.
  This same fix appears in the latest upstream snapshots.
+--------------------------+
Mon Mar  1 05:02:21 UTC 2010
patches/packages/openssl-0.9.8m-i486-1_slack11.0.tgz:  Upgraded.
  This OpenSSL update contains some security related bugfixes.
  For more information, see the included CHANGES and NEWS files, and:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355
 (* Security fix *)
patches/packages/openssl-solibs-0.9.8m-i486-1_slack11.0.tgz:  Upgraded.
patches/packages/proftpd-1.3.3-i486-1_slack11.0.tgz:  Upgraded.
+--------------------------+
Sun Jan 24 20:22:46 UTC 2010
extra/php5/php-5.2.12-i486-1_slack11.0.tgz:  Upgraded.
  This fixes many bugs, including a few security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143
  (* Security fix *)
+--------------------------+
Thu Dec 10 00:12:58 UTC 2009
patches/packages/ntp-4.2.2p3-i486-3_slack11.0.tgz:  Rebuilt.
  Prevent a denial-of-service attack involving spoofed mode 7 packets.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
  (* Security fix *)
+--------------------------+
Wed Dec  2 20:51:55 UTC 2009
patches/packages/bind-9.4.3_P4-i486-1_slack11.0.tgz:  Upgraded.
  BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3.  It addresses a
  potential cache poisoning vulnerability, in which data in the additional
  section of a response could be cached without proper DNSSEC validation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://www.kb.cert.org/vuls/id/418861
  (* Security fix *)
+--------------------------+
Mon Nov 16 18:56:26 UTC 2009
patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz:  Rebuilt.
  Patched to disable SSL renegotiation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz:  Rebuilt.
  Patched to disable SSL renegotiation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
  (* Security fix *)
+--------------------------+
Wed Oct 28 01:23:19 UTC 2009
patches/packages/xpdf-3.02pl4-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes several security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
  (* Security fix *)
+--------------------------+
Sat Oct  3 18:19:00 CDT 2009
extra/php5/php-5.2.11-i486-1_slack11.0.tgz:
  This release fixes some possible security issues, all of which have
  "unknown impact and attack vectors".
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
  (* Security fix *)
patches/packages/samba-3.0.37-i486-1_slack11.0.tgz:
  This update fixes the following security issues.
  A misconfigured /etc/passwd with no defined home directory could allow
  security restrictions to be bypassed.
  mount.cifs could allow a local user to read the first line of an arbitrary
  file if installed setuid.  (On Slackware, it was not installed setuid)
  Specially crafted SMB requests could cause a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
  (* Security fix *)
+--------------------------+
Mon Sep  7 20:57:44 CDT 2009
patches/packages/seamonkey-1.1.18-i486-1_slack11.0.tgz:  Upgraded.
  Upgraded to seamonkey-1.1.18.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Thu Aug 20 22:12:00 CDT 2009
patches/packages/mozilla-thunderbird-2.0.0.23-i686-1.tgz:
  This upgrade fixes a security bug.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Fri Aug 14 13:42:26 CDT 2009
patches/packages/curl-7.15.5-i486-3_slack11.0.tgz:
  This update fixes a security issue where a zero byte embedded in an SSL
  or TLS certificate could fool cURL into validating the security of a
  connection to a system that the certificate was not issued for.  It has
  been reported that at least one Certificate Authority allowed such
  certificates to be issued.
  For more information, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
  (* Security fix *)
+--------------------------+
Fri Aug  7 14:25:03 CDT 2009
patches/packages/samba-3.0.36-i486-1_slack11.0.tgz:  Upgraded.
  This is a bugfix release.
+--------------------------+
Thu Aug  6 19:07:34 CDT 2009
patches/packages/apr-1.3.8-i486-1_slack11.0.tgz:  Upgraded.
  Fix overflow in pools and rmm, where size alignment was taking place.
  [Matt Lewis <mattlewis@google.com>, Sander Striker]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
  (* Security fix *)
patches/packages/apr-util-1.3.9-i486-1_slack11.0.tgz:  Upgraded.
  Fix overflow in rmm, where size alignment was taking place.
  [Matt Lewis <mattlewis@google.com>, Sander Striker]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
  (* Security fix *)
+--------------------------+
Thu Aug  6 00:48:30 CDT 2009
patches/packages/fetchmail-6.3.11-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes an SSL NUL prefix impersonation attack through NULs in a
  part of a X.509 certificate's CommonName and subjectAltName fields.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
  (* Security fix *)
+--------------------------+
Wed Jul 29 23:10:01 CDT 2009
patches/packages/bind-9.4.3_P3-i486-1_slack11.0.tgz:  Upgraded.
  This BIND update fixes a security problem where a specially crafted
  dynamic update message packet will cause named to exit resulting in
  a denial of service.
  An active remote exploit is in wide circulation at this time.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
    https://www.isc.org/node/479
  (* Security fix *)
+--------------------------+
Tue Jul 14 18:07:41 CDT 2009
patches/packages/dhcp-3.1.2p1-i486-1_slack11.0.tgz:  Upgraded.
  A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
  (* Security fix *)
+--------------------------+
Sat Jul 11 18:29:04 CDT 2009
extra/php5/php-5.2.10-i486-2_slack11.0.tgz:
  Rebuilt.  Installed the pear.php.net.reg and pecl.php.net.reg files from
  php-5.2.9, since the ones installed by php-5.2.10 are broken.
  Thanks to Mike Peachey for the bug report.
+--------------------------+
Wed Jul  1 14:37:43 CDT 2009
extra/php5/php-5.2.10-i486-1_slack11.0.tgz:  Upgraded.
+--------------------------+
Sat Jun 27 18:54:07 CDT 2009
patches/packages/mozilla-thunderbird-2.0.0.22-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.22.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Fri Jun 26 22:05:35 CDT 2009
patches/packages/samba-3.0.35-i486-1_slack11.0.tgz:
  This upgrade fixes the following security issue:
  o CVE-2009-1888:
    In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
    data value can potentially affect access control when "dos filemode"
    is set to "yes".
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
  (* Security fix *)
+--------------------------+
Wed Jun 24 19:46:28 CDT 2009
patches/packages/seamonkey-1.1.17-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.17.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Fri Jun 19 18:22:20 CDT 2009
patches/packages/libpng-1.2.37-i486-1_slack11.0.tgz:  Upgraded.
  This update fixes a possible security issue.  Jeff Phillips discovered an
  uninitialized-memory-read bug affecting interlaced images that may have
  security implications.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
  (* Security fix *)
+--------------------------+
Fri Jun 19 16:26:49 CDT 2009
patches/packages/ruby-1.8.6_p369-i486-1_slack11.0.tgz:  Upgraded.
  This fixes a denial of service issue caused by the BigDecimal method
  handling large input values improperly that may allow attackers to
  crash the interpreter.  The issue affects most Rails applications.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
  (* Security fix *)
+--------------------------+
Mon Jun 15 22:14:45 CDT 2009
patches/packages/apr-1.3.5-i486-1_slack11.0.tgz:  Upgraded.
patches/packages/apr-util-1.3.7-i486-1_slack11.0.tgz:  Upgraded.
  Fix underflow in apr_strmatch_precompile.
  Fix a denial of service attack against the apr_xml_* interface
  using the "billion laughs" entity expansion technique.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
  (* Security fix *)
+--------------------------+
Wed Jun  3 18:09:52 CDT 2009
patches/packages/ntp-4.2.2p3-i486-1_slack11.0.tgz:
  Patched a stack-based buffer overflow in the cookedprint function in
  ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
  execution by a malicious remote NTP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
  (* Security fix *)
+--------------------------+
Thu May 14 18:09:26 CDT 2009
patches/packages/cyrus-sasl-2.1.23-i486-1_slack11.0.tgz:
  Upgraded to cyrus-sasl-2.1.23.
  This fixes a buffer overflow in the sasl_encode64() function that could lead
  to crashes or the execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
  (* Security fix *)
+--------------------------+
Sat May  9 18:03:41 CDT 2009
patches/packages/xpdf-3.02pl3-i486-1_slack11.0.tgz:
  Upgraded to xpdf-3.02pl3.
  This update fixes several overflows that may result in crashes or the
  execution of arbitrary code as the xpdf user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
(* Security fix *)
+--------------------------+
Thu Apr 30 20:56:17 CDT 2009
patches/packages/ruby-1.8.6_p368-i486-1_slack11.0.tgz:
  Upgraded to ruby-1.8.6-p368.
  This update fixes a DoS in REXML.
  For details, see:
    http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
  (* Security fix *)
+--------------------------+
Mon Apr 20 23:27:45 CDT 2009
patches/packages/udev-097-i486-11_slack11.0.tgz:
  This package has been patched to fix a local root hole.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
  (* Security fix *)
+--------------------------+
Mon Apr 13 16:22:12 CDT 2009
patches/packages/seamonkey-1.1.16-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.16.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Tue Apr  7 16:59:49 CDT 2009
patches/packages/openssl-0.9.8h-i486-3_slack11.0.tgz:  Patched (see below).
patches/packages/openssl-solibs-0.9.8h-i486-3_slack11.0.tgz:
  Patched to fix possible crashes as well as a (fairly unlikely) case
  where an invalid signature might verify as valid.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
  (* Security fix *)
patches/packages/xine-lib-1.1.16.3-i486-1_slack11.0.tgz:
  Upgraded to xine-lib-1.1.16.3.
  - Fix another possible int overflow in the 4XM demuxer.
    (ref. TKADV2009-004, CVE-2009-0385)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
  (* Security fix *)
extra/php5/php-5.2.9-i486-1_slack11.0.tgz:  Upgraded to php-5.2.9.
  This update fixes a few security issues:
    - Fixed a crash on extract in zip when files or directories entry names
    contain a relative path.
    - Fixed security issue in imagerotate(), background colour isn't validated
    correctly with a non truecolour image.  (CVE-2008-5498)
    Reported by Hamid Ebadi, APA Laboratory.
    - Fixed a segfault when malformed string is passed to json_decode().
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
  (* Security fix *)
+--------------------------+
Tue Mar 24 01:56:10 CDT 2009
patches/packages/lcms-1.18-i486-1_slack11.0.tgz:  Upgraded to lcms-1.18.
  This update fixes security issues discovered in LittleCMS by Chris Evans.
  These flaws could cause program crashes (denial of service) or the execution
  of arbitrary code as the user of the lcms-linked program.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
  (* Security fix *)
patches/packages/mozilla-thunderbird-2.0.0.21-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.21.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
patches/packages/seamonkey-1.1.15-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.15.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Mon Mar  9 00:04:05 CDT 2009
patches/packages/curl-7.15.5-i486-2_slack11.0.tgz:
  Patched curl-7.15.5.
  This fixes a security issue where automatic redirection could be made to
  follow file:// URLs, reading or writing a local instead of remote file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
  (* Security fix *)
+--------------------------+
Fri Feb 20 17:20:49 CST 2009
patches/packages/libpng-1.2.35-i486-1_slack11.0.tgz:
  Upgraded to libpng-1.2.35.
  This fixes multiple memory-corruption vulnerabilities due to a failure to
  properly initialize data structures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
    ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
  (* Security fix *)
+--------------------------+
Thu Jan 15 16:48:00 CST 2009
patches/packages/bind-9.3.6_P1-i486-2_slack11.0.tgz:
  Recompiled.  The -1_slack11.0 package was compiled on a Slackware 11.0
  system running a 2.6.x kernel, and this caused problems for machines running
  the default 2.4.33.3 kernel.  This package should run correctly.
+--------------------------+
Wed Jan 14 20:37:39 CST 2009
patches/packages/bind-9.3.6_P1-i486-1_slack11.0.tgz:
  Upgraded to bind-9.3.6-P1.
  Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
  DSA_do_verify functions to prevent spoofing answers returned from zones using
  the DNSKEY algorithms DSA and NSEC3DSA.
  For more information, see:
    https://www.isc.org/node/373
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
  (* Security fix *)
patches/packages/ntp-4.2.4p6-i486-1_slack11.0.tgz:
  [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
  For more information, see:
    https://lists.ntp.org/pipermail/announce/2009-January/000055.html
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
patches/packages/openssl-0.9.8h-i486-2_slack11.0.tgz:
  Patched to fix the return value EVP_VerifyFinal, preventing malformed
  signatures from being considered good.  This flaw could possibly allow a
  'man in the middle' attack.
  For more information, see:
    http://www.openssl.org/news/secadv_20090107.txt
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8h-i486-2_slack11.0.tgz:
  Patched to fix the return value EVP_VerifyFinal, preventing malformed
  signatures from being considered good.  This flaw could possibly allow a
  'man in the middle' attack.
  For more information, see:
    http://www.openssl.org/news/secadv_20090107.txt
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
+--------------------------+
Wed Dec 31 11:35:43 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.19-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.19.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Fri Dec 26 22:45:51 CST 2008
patches/packages/seamonkey-1.1.14-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.14.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Thu Dec 18 12:44:59 CST 2008
patches/packages/mozilla-firefox-2.0.0.20-i686-1.tgz:
  Upgraded to firefox-2.0.0.20.
  This fixes some security issues:
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
+--------------------------+
Mon Dec  8 05:15:44 CST 2008
extra/php5/php-5.2.8-i486-1_slack11.0.tgz:
Upgraded to php-5.2.8.
  This is a bugfix release that reverts a change that broke magic_quotes_gpc.
+--------------------------+
Fri Dec  5 20:54:22 CST 2008
extra/php5/php-5.2.7-i486-1_slack11.0.tgz:
Upgraded to php-5.2.7.
  In addition to improvements and bug fixes, this new version of PHP also
  addresses several security issues, including:
  Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
  Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
  Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
  Crash with URI/file..php (filename contains 2 dots).  (Fixes CVE-2008-3660).
  rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829).
  Fixed extraction of zip files or directories when the entry name is a
  relative path:  http://www.sektioneins.de/advisories/SE-2008-06.txt
  These are the URLs to get more information:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
    http://www.sektioneins.de/advisories/SE-2008-06.txt
  (* Security fix *)
+--------------------------+
Sat Nov 29 13:37:04 CST 2008
patches/packages/ruby-1.8.6_p287-i486-1_slack11.0.tgz:
  Upgraded to ruby-1.8.6-p287.
  This fixes several bugs in the previous Ruby update, including a security
  issue where the DNS resolver did not randomize the source port and
  transaction id sufficiently.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+
Fri Nov 28 16:27:52 CST 2008
patches/packages/samba-3.0.33-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.33.
  This package fixes an important barrier against rogue clients reading from
  uninitialized memory (though no proof-of-concept is known to exist).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
  (* Security fix *)
+--------------------------+
Thu Nov 20 18:14:27 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.18-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.18.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Wed Nov 19 19:13:12 CST 2008
patches/packages/libxml2-2.6.32-i486-1_slack11.0.tgz:
  Upgraded to libxml2-2.6.32 and patched.
  This fixes vulnerabilities including denial of service, or possibly the
  execution of arbitrary code as the user running a libxml2 linked application
  if untrusted XML content is parsed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
  (* Security fix *)
+--------------------------+
Sat Nov 15 19:22:43 CST 2008
patches/packages/mozilla-firefox-2.0.0.18-i686-1.tgz
  Upgraded to firefox-2.0.0.18.
  This fixes some security issues:
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
patches/packages/seamonkey-1.1.13-i486-1_slack11.0.tgz
  Upgraded to seamonkey-1.1.13.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Mon Oct 13 13:58:21 CDT 2008
patches/packages/glibc-zoneinfo-2.3.6-noarch-11_slack11.0.tgz:
  Upgraded to tzdata2008h for the latest world timezone changes.
+--------------------------+
Fri Sep 26 22:38:32 CDT 2008
patches/packages/mozilla-thunderbird-2.0.0.17-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.17.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Thu Sep 25 23:24:07 CDT 2008
patches/packages/mozilla-firefox-2.0.0.17-i686-1.tgz:
  Upgraded to firefox-2.0.0.17.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
patches/packages/seamonkey-1.1.12-i486-1_slack11.0.tgz:
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Wed Sep 17 02:28:20 CDT 2008
patches/packages/bind-9.3.5_P2-i486-1_slack11.0.tgz:
  Upgraded to bind-9.3.5-P2.
  This version has performance gains over bind-9.3.5-P1.
+--------------------------+
Wed Sep  3 19:51:43 CDT 2008
patches/packages/php-4.4.9-i486-1_slack11.0.tgz:
  Upgraded to php-4.4.9.  This upgrades the bundled PCRE library to fix
  security issues, as well as fixing a few other security related bugs.
  See the PHP4 ChangeLog for more details:
    http://www.php.net/ChangeLog-4.php#4.4.9
  Please note:  PHP4 has been officially discontinued since last year, and
  reached the announced EOL on 2008-08-08.  Sites should consider migrating
  to a supported release.
  (* Security fix *)
+--------------------------+
Mon Sep  1 21:56:29 CDT 2008
patches/packages/samba-3.0.32-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.32.  This is a bugfix release.  See the WHATSNEW.txt
  file in the Samba docs for details on what has changed.
+--------------------------+
Thu Aug 28 22:48:16 CDT 2008
patches/packages/amarok-1.4.10-i486-1_slack11.0.tgz:
  Upgraded to amarok-1.4.10.  This fixes a security issue in the Magnatune
  online music library support which could be used by malicious local users to
  overwrite system files.  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
  (* Security fix *)
patches/packages/libgpod-0.6.0-i486-1_slack11.0.tgz:
  Upgraded to libgpod-0.6.0.  This new version of libgpod is required for
  amarok-1.4.10.
+--------------------------+
Mon Aug  4 14:03:01 CDT 2008
patches/packages/python-2.4.5-i486-1_slack11.0.tgz:
  Upgraded to 2.4.5 and patched overflows and other security problems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
  (* Security fix *)
+--------------------------+
Tue Jul 29 13:32:21 CDT 2008
patches/packages/proftpd-1.3.1-i486-1_slack11.0.tgz:
  Recompiled against new OpenSSL, since this evidently checks the OpenSSL
  version and will only run against the libraries it was compiled against.
  A small patch was also added due to changes in the system includes.
  Thanks to Martin Schmitz for the info and a pointer to the patch.
+--------------------------+
Mon Jul 28 22:05:06 CDT 2008
patches/packages/fetchmail-6.3.8-i486-1_slack11.0.tgz:
  Patched to fix a possible denial of service when "-v -v" options are used.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
  (* Security fix *)
patches/packages/links-2.1-i486-1_slack11.0.tgz:
  Upgraded to links-2.1.
  Unspecified vulnerability in Links before 2.1, when "only proxies" is
  enabled, has unknown impact and attack vectors related to providing
  "URLs to external programs."
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
  (* Security fix *)
patches/packages/mozilla-thunderbird-2.0.0.16-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.16.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
patches/packages/openssh-5.1p1-i486-1_slack11.0.tgz:
  Upgraded to openssh-5.1p1.
  When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or
  it is possible to be unable to log back into sshd!
patches/packages/openssl-0.9.8h-i486-1_slack11.0.tgz:
  Upgraded to OpenSSL 0.9.8h.
  The Codenomicon TLS test suite uncovered security bugs in OpenSSL.
  If OpenSSL was compiled using non-default options (Slackware's package
  is not), then a malicious packet could cause a crash.  Also, a malformed
  TLS handshake could also lead to a crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
  When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or
  it is possible to be unable to log back into sshd!
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8h-i486-1_slack11.0.tgz:
  Upgraded to OpenSSL 0.9.8h shared libraries (see above).
  (* Security fix *)
patches/packages/vim-7.1.330-i486-1_slack11.0.tgz:
  Upgraded to vim-7.1.330.  This fixes several security issues related to
  the automatic processing of untrusted files.
  For more information, see:
    http://www.rdancer.org/vulnerablevim.html
  (* Security fix *)
patches/packages/vim-gvim-7.1.330-i486-1_slack11.0.tgz:
  Upgraded to vim-gvim-7.1.330.
  See "vim" above for details.
  (* Security fix *)
+--------------------------+
Wed Jul 23 16:27:21 CDT 2008
patches/packages/dnsmasq-2.45-i486-1_slack11.0.tgz:
  Upgraded to dnsmasq-2.45.
  It was discovered that earlier versions of dnsmasq have DNS cache
  weaknesses that are similar to the ones recently discovered in BIND.
  This new release minimizes the risk of cache poisoning.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+
Wed Jul 16 19:28:25 CDT 2008
patches/packages/mozilla-firefox-2.0.0.16-i686-1.tgz:
  Upgraded to firefox-2.0.0.16.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
patches/packages/seamonkey-1.1.11-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.11.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
  (* Security fix *)
+--------------------------+
Wed Jul  9 20:03:57 CDT 2008
patches/packages/bind-9.3.5_P1-i486-1_slack11.0.tgz:
  Upgraded to bind-9.3.5-P1.
  This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
  Poisoning Issue.  This is the summary of the problem from the BIND site:
    "A weakness in the DNS protocol may enable the poisoning of caching
     recurive resolvers with spoofed data.  DNSSEC is the only full solution.
     New versions of BIND provide increased resilience to the attack."
  It is suggested that sites that run BIND upgrade to one of the new packages
  in order to reduce their exposure to DNS cache poisoning attacks.
  For more information, see:
    http://www.isc.org/sw/bind/bind-security.php
    http://www.kb.cert.org/vuls/id/800113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz:
  Upgraded to firefox-2.0.0.15.
  This release closes several possible security vulnerabilities and bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/seamonkey-1.1.10-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.10.
  This release closes several possible security vulnerabilities and bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
+--------------------------+
Fri Jun 27 23:17:20 CDT 2008
patches/packages/ruby-1.8.6_p230-i486-1_slack11.0.tgz:
  Upgraded to ruby-1.8.6-p230.
  This fixes a number of security related bugs in Ruby which could lead to a
  denial of service (DoS) condition or allow execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726
  (* Security fix *)
+--------------------------+
Wed May 28 19:46:22 CDT 2008
patches/packages/samba-3.0.30-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.30.
  This is a security release in order to address CVE-2008-1105 ("Boundary
  failure when parsing SMB responses can result in a buffer overrun").
  For more information on the security issue, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
  (* Security fix *)
+--------------------------+
Tue May 27 21:53:32 CDT 2008
patches/packages/rdesktop-1.6.0-i486-1_slack11.0.tgz:
  Upgraded to rdesktop-1.6.0.
  According to the rdesktop ChangeLog, this contains a:
    "* Fix for potential vulnerability against compromised/malicious servers
     (reported by iDefense)"
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
  (* Security fix *)
+--------------------------+
Wed May  7 15:28:33 CDT 2008
patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.14.
    This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
extra/php5/php-5.2.6-i486-1_slack11.0.tgz:
  Upgraded to php-5.2.6.  PHP4 was standard in Slackware 11.0, which is why
  this package is provided "in place" under /extra rather than under /patches
  (where upgrade tools might mistakenly grab and install it where it would not
  be desirable.)
  This version of PHP contains many fixes and enhancements.  Some of the fixes
  are security related, and the PHP release announcement provides this list:
    * Fixed possible stack buffer overflow in the FastCGI SAPI identified by
      Andrei Nigmatulin.
    * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
    * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
    * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
    * Properly address incomplete multibyte chars inside escapeshellcmd()
      identified by Stefan Esser.
    * Upgraded bundled PCRE to version 7.6
  When last checked, CVE-2008-0599 was not yet open.  However, additional
  information should become available at this URL:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
  The list reproduced above, as well as additional information about other
  fixes in PHP 5.2.6 may be found in the PHP release announcement here:
    http://www.php.net/releases/5_2_6.php
  (* Security fix *)
+--------------------------+
Mon Apr 28 23:46:17 CDT 2008
patches/packages/libpng-1.2.27-i486-1_slack11.0.tgz:
  Upgraded to libpng-1.2.27.
  This fixes various bugs, the most important of which have to do with the
  handling of unknown chunks containing zero-length data.  Processing a PNG
  image that contains these could cause the application using libpng to crash
  (possibly resulting in a denial of service), could potentially expose the
  contents of uninitialized memory, or could cause the execution of arbitrary
  code as the user running libpng (though it would probably be quite difficult
  to cause the execution of attacker-chosen code).  We recommend upgrading the
  package as soon as possible.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
    ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
  (* Security fix *)
+--------------------------+
Sat Apr 19 23:49:25 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-3_slack11.0.tgz:
  Recompiled, with --without-speex (we didn't ship the speex library in
  Slackware anyway, but for reference this issue would be CVE-2008-1686),
  and with --disable-nosefart (the recently reported as insecurely
  demuxed NSF format).  As before in -2, this package fixes the two
  regressions mentioned in the release notes for xine-lib-1.1.12:
    http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
  (* Security fix *)
+--------------------------+
Thu Apr 17 16:25:55 CDT 2008
patches/packages/mozilla-firefox-2.0.0.14-i686-1.tgz:
  Upgraded to firefox-2.0.0.14.
  This upgrade fixes a potential security bug.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Tue Apr  8 00:17:36 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-2_slack11.0.tgz:
  Patched to fix playback failure affecting several media formats
  accidentally broken in the xine-lib-1.1.11.1 release.  Thanks to Diogo Sousa
  for pointing me to the new release notes on xinehq.de.
+--------------------------+
Mon Apr  7 02:04:58 CDT 2008
patches/packages/bzip2-1.0.5-i486-1_slack11.0.tgz:  Upgraded to bzip2-1.0.5.
  Previous versions of bzip2 contained a buffer overread error that could cause
  applications linked to libbz2 to crash, resulting in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
  (* Security fix *)
patches/packages/m4-1.4.11-i486-1_slack11.0.tgz:  Upgraded to m4-1.4.11.
  In addition to bugfixes and enhancements, this version of m4 also fixes two
  issues with possible security implications.  A minor security fix with the
  use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
  (rather unlikely) possibility that an unquoted string could match an
  existing macro causing operations to be done on the wrong file.  Also,
  a problem with the '-F' option (introduced with version 1.4) could cause a
  core dump or possibly (with certain file names) the execution of arbitrary
  code.  For more information on these issues, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
  (* Security fix *)
+--------------------------+
Fri Apr  4 12:36:37 CDT 2008
patches/packages/openssh-5.0p1-i486-1_slack11.0.tgz:
Upgraded to openssh-5.0p1.
  This version fixes a security issue where local users could hijack forwarded
  X connections.  Upgrading to the new package is highly recommended.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
  (* Security fix *)
+--------------------------+
Mon Mar 31 23:33:58 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-1_slack11.0.tgz:
  Upgraded to xine-lib-1.1.11.1.
  Earlier versions of xine-lib suffer from an integer overflow which may lead
  to a buffer overflow that could potentially be used to gain unauthorized
  access to the machine if a malicious media file is played back.  File types
  affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
  (* Security fix *)
+--------------------------+
Sat Mar 29 03:09:17 CDT 2008
patches/packages/mozilla-firefox-2.0.0.13-i686-1.tgz:
  Upgraded to firefox-2.0.0.13.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/seamonkey-1.1.9-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.9.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
patches/packages/xine-lib-1.1.11-i686-1_slack11.0.tgz:
  Earlier versions of xine-lib suffer from an array index bug that
  may have security implications if a malicious RTSP stream is
  played.  Playback of other media formats is not affected.
  If you use RTSP, you should probably upgrade xine-lib.
  For more information on the security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
  (* Security fix *)
+--------------------------+
Sun Mar  2 00:15:53 CST 2008
patches/packages/espgs-8.15.3svn185-i486-3_slack11.0.tgz:
  This patched version of ESP Ghostscript fixes a buffer overflow.
  For more information on the security issue, please see:
    http://scary.beasts.org/security/CESA-2008-001.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411
  Thanks to Chris Evans and Will Drewry of Google Security for their work
  on discovering and demonstrating the overflow.
(* Security fix *)
+--------------------------+
Sat Mar  1 15:55:28 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.12.
  This update fixes the following security related issues:
    MFSA 2008-12:  Heap buffer overflow in external MIME bodies
    MFSA 2008-05:  Directory traversal via chrome: URI
    MFSA 2008-03:  Privilege escalation, XSS, Remote Code Execution
    MFSA 2008-01:  Crashes with evidence of memory corruption (rv:1.8.1.12)
  For more information, see:
    http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
    http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
    http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
    http://www.mozilla.org/security/announce/2008/mfsa2008-01.html
  These are the related CVE entries:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
(* Security fix *)
+--------------------------+
Thu Feb 14 17:37:38 CST 2008
patches/packages/apache-1.3.41-i486-1_slack11.0.tgz:
  Upgraded to apache-1.3.41, the last regular release of the
  Apache 1.3.x series, and a security bugfix-only release.
  For more information about the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
  (* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz:
  Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
patches/packages/php-4.4.8-i486-1_slack11.0.tgz:
  Upgraded to php-4.4.8.  This is a security and bugfix release.
  More information may be found here:
    http://bugs.php.net/43010
  This is the last regular release of PHP-4.4.x.
  The EOL is scheduled for 2008-08-08.
  (* Security fix *)
+--------------------------+
Tue Feb 12 23:07:34 CST 2008
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
  Upgraded to firefox-2.0.0.12.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/seamonkey-1.1.8-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.8.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
+--------------------------+
Mon Dec 31 18:49:52 CST 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-10_slack11.0.tgz:
  Some deja vu.  ;-)
  Upgraded to tzdata2007k.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Mon Dec 24 15:54:26 CST 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-9_slack11.0.tgz:
  Upgraded to tzdata2007j.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Fri Dec 14 18:03:59 CST 2007
patches/packages/mysql-5.0.51-i486-1_slack11.0.tgz:
  Upgraded to mysql-5.0.51.
  This release fixes several bugs, including some security issues.
  However, it also includes a potentially incompatible change, so be sure
  to read the release notes before upgrading.  It is possible that some
  databases will need to be fixed in order to work with this (and future)
  releases:
    http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
  For more information about the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
  (* Security fix *)
+--------------------------+
Mon Dec 10 12:45:35 CST 2007
patches/packages/samba-3.0.28-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.28.
  Samba 3.0.28 is a security release in order to address a boundary failure
  in GETDC mailslot processing that can result in a buffer overrun leading
  to possible code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
    http://www.samba.org/samba/history/samba-3.0.28.html
    http://secunia.com/secunia_research/2007-99/advisory/
  (* Security fix *)
+--------------------------+
Mon Dec  3 19:58:51 CST 2007
patches/packages/cairo-1.4.12-i486-1_slack11.0.tgz:
  Upgraded to cairo-1.4.12.
  This fixes a possible security risk when decoding PNG files that may have
  been maliciously tampered with:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503
  (* Security fix *)
patches/packages/samba-3.0.27a-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.27a.
  This update fixes a crash bug regression experienced by smbfs clients caused
  by the fix for CVE-2007-4572.
+--------------------------+
Sat Dec  1 16:57:18 CST 2007
patches/packages/rsync-2.6.9-i486-1_slack11.0.tgz:
  Patched some security bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
    http://lists.samba.org/archive/rsync-announce/2007/000050.html
  (* Security fix *)
patches/packages/mozilla-firefox-2.0.0.11-i686-1.tgz:  Upgraded to Firefox
  2.0.0.11, which fixed a bug introduced by the 2.0.0.10 update in the
  <canvas> feature that affected some web pages and extensions.
+--------------------------+
Thu Nov 29 20:19:30 CST 2007
patches/packages/seamonkey-1.1.7-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.7.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
+--------------------------+
Tue Nov 27 16:23:07 CST 2007
patches/packages/mozilla-firefox-2.0.0.10-i686-1.tgz:
  Upgraded to firefox-2.0.0.10.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Wed Nov 21 00:55:51 CST 2007
patches/packages/libpng-1.2.23-i486-1_slack11.0.tgz:
  Upgraded to libpng-1.2.23.
  Previous libpng versions may crash when loading malformed PNG files.
  It is not currently known if this vulnerability can be exploited to
  execute malicious code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
  (* Security fix *)
+--------------------------+
Tue Nov 20 16:49:58 CST 2007
patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.9.
  This update fixes the following security related issues:
     URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36).
     Crashes with evidence of memory corruption (MFSA 2007-29).
   OK, so the first one obviously does not affect us.  :-)  The second fix has
   to do with the same JavaScript handling problem fixed before in Firefox.
   JavaScript is not enabled by default in Thunderbird, and the developers
   (at least in MFSA 2007-36) do not recommend turning it on.
  For more information, see:
    http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
    http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
  (* Security fix *)
+--------------------------+
Fri Nov 16 17:22:18 CST 2007
patches/packages/samba-3.0.27-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.27.
  Samba 3.0.27 is a security release in order to address a stack buffer
  overflow in nmbd's logon request processing, and remote code execution in
  Samba's WINS server daemon (nmbd) when processing name registration followed
  name query requests.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
  (* Security fix *)
+--------------------------+
Mon Nov 12 01:25:34 CST 2007
patches/packages/kdegraphics-3.5.4-i486-2_slack11.0.tgz:
  Patched xpdf related bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
  (* Security fix *)
patches/packages/koffice-1.5.2-i486-5_slack11.0.tgz:
  Patched xpdf related bugs.
  For more information, see:
    http://www.kde.org/info/security/advisory-20071107-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
  (* Security fix *)
patches/packages/xpdf-3.02pl2-i486-1_slack11.0.tgz:
  Upgraded to xpdf-3.02pl2.
  The pl2 patch fixes a crash in xpdf.
  Some theorize that this could be used to execute arbitrary code if an
  untrusted PDF file is opened, but no real-world examples are known (yet).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
  (* Security fix *)
+--------------------------+
Sat Nov 10 22:19:02 CST 2007
extra/php5/php-5.2.5-i486-2_slack11.0.tgz:
  The security/bug fix update for Slackware 11.0 has been reissued
  to fix a zero-length /usr/bin/php-cgi.  Thanks to TJ Munro for
  pointing this out.  We appreciate the fast weekend Q/A.  :-)
  This package should be installed rather than the previously
  released php-5.2.5-i486-1_slack11.0 (unless you do not use
  /usr/php/php-cgi in which case either package will do.)
  (* Security fix *)
+--------------------------+
Sat Nov 10 15:36:59 CST 2007
patches/packages/mozilla-firefox-2.0.0.9-i686-1.tgz:
  Upgraded to firefox-2.0.0.9.
  This upgrade improves the stability of Firefox.
  For more information, see:
    http://developer.mozilla.org/devnews/index.php/2007/11/01/firefox-2009-stability-update-now-available-for-download/
extra/php5/php-5.2.5-i486-1_slack11.0.tgz:
  Upgraded to php-5.2.5.
  This fixes bugs and security issues.
  For more information, see:
    http://www.php.net/releases/5_2_5.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
  (* Security fix *)
+--------------------------+
Fri Nov  9 16:34:12 CST 2007
patches/packages/seamonkey-1.1.6-i486-1_slack11.tgz:
  Upgraded to SeaMonkey 1.1.6.
  This upgrade fixes SeaMonkey's ability to display certain types of web pages.
  That's about all we could find about it here:
    http://www.mozilla.org/projects/seamonkey/
+--------------------------+
Thu Nov  1 22:03:53 CDT 2007
patches/packages/cups-1.2.11-i486-2_slack12.0.tgz:
  Patched cups-1.2.11.
  An off-by-one error in ipp.c may allow a remote attacker to crash CUPS
  resulting in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
  (* Security fix *)
+--------------------------+
Wed Oct 24 23:02:28 CDT 2007
patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz:
  Upgraded to firefox-2.0.0.8.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/seamonkey-1.1.5-i486-1_slack12.0.tgz:
  Upgraded to seamonkey-1.1.5.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
extra/mozilla-2.0.0.6/:  Removed.  Since the 1.5.0.x branch is no longer
  supported, there's little point in leaving it up (at least in /extra...)
+--------------------------+
Wed Oct 10 11:50:50 CDT 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-8_slack11.0.tgz:
  Upgraded to timezone data from tzcode2007h and tzdata2007h.
  This contains the latest timezone data from NIST, including some important
  changes to daylight savings time in Brasil and New Zealand.
+--------------------------+
Wed Sep 12 15:20:06 CDT 2007
patches/packages/openssh-4.7p1-i486-1_slack11.0.tgz:
  Upgraded to openssh-4.7p1.
  From the OpenSSH release notes:
  "Security bugs resolved in this release:  Prevent ssh(1) from using a
  trusted X11 cookie if creation of an untrusted cookie fails; found and
  fixed by Jan Pechanec."
  While it's fair to say that we here at Slackware don't see how this could
  be leveraged to compromise a system, a) the OpenSSH people (who presumably
  understand the code better) characterize this as a security bug, b) it has
  been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
  network daemons.  Better safe than sorry.
  More information should appear here eventually:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
  (* Security fix *)
patches/packages/samba-3.0.26a-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.26a.
  This fixes a security issue in all Samba 3.0.25 versions:
  "Incorrect primary group assignment for domain users using the rfc2307
   or sfu winbind nss info plugin."
  For more information, see:
    http://www.samba.org/samba/security/CVE-2007-4138.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
  (* Security fix *)
extra/php5/php-5.2.4-i486-1_slack11.0.tgz:
  Upgraded to php-5.2.4.  The PHP announcement says this version fixes over
  120 bugs as well as "several low priority security bugs."
  Read more about it here:
    http://www.php.net/releases/5_2_4.php
  (* Security fix *)
+--------------------------+
Sat Aug 18 15:00:32 CDT 2007
patches/packages/tcpdump-3.9.7-i486-1_slack11.0.tgz:
  Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
  This new version fixes an integer overflow in the BGP dissector which
  could possibly allow remote attackers to crash tcpdump or to execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
  (* Security fix *)
+--------------------------+
Fri Aug 10 22:39:13 CDT 2007
patches/packages/gimp-2.2.17-i486-1_slack11.0.tgz:
  Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding
  certain image types.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
  (* Security fix *)
patches/packages/qt-3.3.8-i486-2_slack11.0.tgz:
  Patched to fix several format string bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
  (* Security fix *)
patches/packages/seamonkey-1.1.4-i486-1_slack11.tgz:
  Upgraded to seamonkey-1.1.4.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
patches/packages/xpdf-3.02pl1-i486-1_slack11.0.tgz:
  Upgraded to xpdf-3.02pl1.  This fixes an integer overflow that could possibly
  be leveraged to run arbitrary code if a malicious PDF file is processed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
  (* Security fix *)
+--------------------------+
Fri Aug  3 15:43:35 CDT 2007
patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.6.
    This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
+--------------------------+
Wed Aug  1 13:52:51 CDT 2007
extra/mozilla-firefox-2.0.0.6/mozilla-firefox-2.0.0.6-i686-1.tgz:
  Upgraded to firefox-2.0.0.6.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Thu Jul 26 15:51:42 CDT 2007
patches/packages/bind-9.3.4_P1-i486-1_slack11.0.tgz:
  Upgraded to bind-9.3.4_P1 to fix a security issue.
  The query IDs in BIND9 prior to BIND 9.3.4-P1 are cryptographically weak.
  For more information on this issue, see:
    http://www.isc.org/index.pl?/sw/bind/bind-security.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
  (* Security fix *)
+--------------------------+
Tue Jul 24 12:40:16 CDT 2007
patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.5.  Since Thunderbird shares the browser engine
  with Firefox it is susceptible to similar vulnerabilities.  This update fixes
  the same issues fixed in the recent Firefox patch.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
patches/packages/seamonkey-1.1.3-i486-1_slack11.tgz:
  Upgraded to seamonkey-1.1.3.  This is presumably a security update, but the
  details on the net have been sparse.  So far nothing has appeared at the
  usual URL, but I would treat this as a security update unless it is announced
  as otherwise.
  For more information (if/when it appears), see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
+--------------------------+
Thu Jul 19 12:55:48 CDT 2007
extra/mozilla-firefox-2.0.0.5/mozilla-firefox-2.0.0.5-i686-1.tgz:
  Upgraded to firefox-2.0.0.5.
  This upgrade fixes a couple of minor security bugs.  Nobody here is launching
  Firefox from Internet Explorer, right?  :-)
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Wed Jun 27 01:11:32 CDT 2007
patches/packages/gd-2.0.35-i486-1_slack11.0.tgz:
  Upgraded to gd-2.0.35.
    This fixes a few possible security issues:
     * Possible infinite loop in the PNG reader
     * Possible integer overflow in gdImageCreateTrueColor
     * Possible crash in gdImageCreateXbm
     * Numerous flaws in the GIF reader
  (* Security fix *)
+--------------------------+
Wed Jun 13 21:43:03 CDT 2007
patches/packages/libexif-0.6.16-i486-1_slack11.0.tgz:
  Upgraded to libexif-0.6.16.
  An integer overflow in libexif can crash applications that use the library
  on malformed images.  The upstream advisory indicates that this flaw could
  also be used to execute arbitrary code in the context of the user, but no
  exploit is known (by us) to exist among iDefense's researchers or in the
  wild.  But, as a crash bug and heap overflow one must suppose that the
  possibility exists.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
  (* Security fix *)
+--------------------------+
Fri Jun  1 21:50:50 CDT 2007
patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz:
  Upgraded to firefox-1.5.0.12.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.12.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
patches/packages/seamonkey-1.1.2-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.2.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
extra/mozilla-firefox-2.0.0.4/mozilla-firefox-2.0.0.4-i686-1.tgz:
  Upgraded to firefox-2.0.0.4.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Fri Jun  1 14:56:51 CDT 2007
extra/php5/php-5.2.3-i486-1_slack11.0.tgz:
Upgraded to php-5.2.3.
  Here's some basic information about the release from php.net:
    "This release continues to improve the security and the stability of the
    5.X branch as well as addressing two regressions introduced by the
    previous 5.2 releases.  These regressions relate to the timeout handling
    over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in
    certain conditions.  All users are encouraged to upgrade to this release."
  For more complete information, see:
    http://www.php.net/releases/5_2_3.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
  (* Security fix *)
+--------------------------+
Fri May 25 11:27:02 CDT 2007
patches/packages/samba-3.0.25a-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.25a.  This fixes some major (non-security) bugs in
  samba-3.0.25.  See the WHATSNEW.txt for details.
+--------------------------+
Wed May 16 16:16:59 CDT 2007
patches/packages/libpng-1.2.18-i486-1_slack11.0.tgz:
  Upgraded to libpng-1.2.18.
  A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
  libpng applications.  This vulnerability has been assigned the identifiers
  CVE-2007-2445 and CERT VU#684664.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
  (* Security fix *)
+--------------------------+
Mon May 14 18:22:43 CDT 2007
patches/packages/samba-3.0.25-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.25.
  Security Fixes included in the Samba 3.0.25 release are:
  o CVE-2007-2444
        Versions: Samba 3.0.23d - 3.0.25pre2
        Local SID/Name translation bug can result in
        user privilege elevation
  o CVE-2007-2446
        Versions: Samba 3.0.0 - 3.0.24
        Multiple heap overflows allow remote code execution
  o CVE-2007-2447
        Versions: Samba 3.0.0 - 3.0.24
        Unescaped user input parameters are passed as
        arguments to /bin/sh allowing for remote command
        execution
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
  (* Security fix *)
+--------------------------+
Mon May 14 16:39:31 CDT 2007
patches/packages/seamonkey-1.1.1-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.1.1.  Removed various symlinks to NSS libraries.
  If you plan to rebuild the pidgin package in unsupported/pidgin/stable for
  any reason (you shouldn't need to), first upgrade to this package and then
  upgradepkg --reinstall the mozilla-nss package.
+--------------------------+
Thu May 10 16:14:34 CDT 2007
testing/packages/bash-3.2.017-i486-1_slack11.0.tgz:  Upgraded to bash-3.2.017.
  Moved here from /patches/packages.  Honestly, I think /testing may be a
  better place for bash-3.2 for a while longer -- it's causing trouble with
  many old scripts.  So, we'll give it a while longer to stabilize and for
  scripts to catch up to any syntax changes which may have occured.
+--------------------------+
Tue May  8 22:19:03 CDT 2007
patches/packages/slackpkg-2.60-noarch-1.tgz:
  Upgraded to slackpkg-2.60.  Thanks to Piter Punk!
+--------------------------+
Mon May  7 21:55:15 CDT 2007
extra/php5/php-5.2.2-i486-1_slack11.0.tgz:
  Upgraded to php-5.2.2.
  This fixes bugs and improves security.
  For more details, see:
    http://www.php.net/releases/5_2_2.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
  (* Security fix *)
patches/packages/php-4.4.7-i486-1_slack11.0.tgz:
  Upgraded to php-4.4.7.
  This fixes bugs and improves security.
  For more details, see:
    http://www.php.net/releases/4_4_7.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
  (* Security fix *)
+--------------------------+
Thu May  3 23:02:49 CDT 2007
patches/packages/gnome-icon-theme-2.14.2-noarch-2_slack11.0.tgz:
  gnome-icon-theme puts its pkgconfig file in the wrong directory,
  which is (was) breaking compiles.  Now it is in the right place.
  Thanks to Robby Workman for pointing it out.
+--------------------------+
Wed Apr 25 15:19:06 CDT 2007
patches/packages/fontconfig-2.4.2-i486-2_slack11.0.tgz:
  Changed the font paths in /etc/fonts/fonts.conf to point to where the
  fonts actually are, rather than through a symlink.  The symlink
  (/usr/X11R6/lib/fonts) *should* be made by the aaa_base package, but
  still it's probably best to point to the real location.
  Thanks to Zoran Davidovac for the suggestion.
  Moved man pages to the proper location and gzipped them.
  Created a /var/cache/fontconfig directory.
+--------------------------+
Mon Apr 23 13:32:50 CDT 2007
patches/packages/freetype-2.3.4-i486-2_slack11.0.tgz:  Fixed the diffs
  for the patented algorithms.  Thanks to Eric Hameleers.
+--------------------------+
Fri Apr 20 13:47:39 CDT 2007
patches/packages/x11-6.9.0-i486-14_slack11.0.tgz:
  Removed old versions of fc-cache and fc-list.
  Somehow a couple of old fontconfig binaries snuck into this package, and
  prevent fc-cache from working properly at boot (or any other time).
  If you've already installed these upgrades, reinstalling the fontconfig
  package will fix the issue.  If you do that, there's no need to reinstall
  this new x11 package -- it's been fixed so that there's no longer a problem
  with the package install order (and because those fc-* binaries didn't
  belong there).  Sorry for any inconvenience...
  Thanks to Petri Kaukasoina for pointing this out.
  (* Fix *)
+--------------------------+
Thu Apr 19 18:53:08 CDT 2007
patches/packages/fontconfig-2.4.2-i486-1_slack11.0.tgz:
  Upgraded to the fontconfig-2.4.2 to work better with freetype-2.3.4.
patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz:
  Fixed an overflow parsing BDF fonts.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
  (* Security fix *)
patches/packages/x11-6.9.0-i486-13_slack11.0.tgz:
  Recompiled.
patches/packages/x11-devel-6.9.0-i486-13_slack11.0.tgz:
  Recompiled.
patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz:
  Recompiled.
patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz:
  Recompiled.
patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz:
  Recompiled.
patches/packages/xine-lib-1.1.6-i686-1_slack11.0.tgz:
  Upgraded to xine-lib-1.1.6.
  This fixes overflows in xine-lib in some little-used media formats in
  xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6.  The overflows in
  xine-lib < 1.1.5 could definitely cause an application using xine-lib to
  crash, and it is theorized that a malicious media file could be made to run
  arbitrary code in the context of the user running the application.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
  (* Security fix *)
+--------------------------+
Wed Apr  4 13:25:17 CDT 2007
patches/packages/ktorrent-2.1.3-i486-2_slack11.0.tgz:
  Changed --prefix from /usr to /opt/kde.
  (Slackware 11.0 still uses that, right? ;-)
  Thanks to arny for pointing this out.
patches/packages/qca-tls-1.0-i486-4_slack11.0.tgz:
  Recompiled for qt-3.3.8.  Sorry to have forgotten about the 3.3.6
  plugin location...  thanks to Peter Valky for the reminder.
+--------------------------+
Tue Apr  3 15:01:57 CDT 2007
patches/packages/file-4.20-i486-1_slack11.0.tgz:
  Upgraded to file-4.20.
  This fixes a heap overflow that could allow code to be executed as the
  user running file (note that there are many scenarios where file might be
  used automatically, such as in virus scanners or spam filters).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
  (* Security fix *)
patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz:
  Upgraded to ktorrent-2.1.3.
  A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may
  allow remote attackers to overwrite the ktorrent user's files.  A bug in
  chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash
  ktorrent and cause heap corruption by the use of an invalid idx value.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385
  (* Security fix *)
patches/packages/qt-3.3.8-i486-1_slack11.0.tgz:
  Patched an issue where the Qt UTF 8 decoder may in some instances fail to
  reject overlong sequences, possibly allowing "/../" path injection or XSS
  errors.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
  (* Security fix *)
+--------------------------+
Mon Mar 26 20:54:55 CDT 2007
patches/packages/libwpd-0.8.9-i486-1_slack11.0.tgz:
  Upgraded to libwpd-0.8.9.
  Various overflows may lead to application crashes upon opening a specially
  crafted WordPerfect file.  This vulnerability could also conceivably be
  used by an attacker to execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
  (* Security fix *)
patches/packages/mozilla-firefox-1.5.0.11-i686-1.tgz:
  Upgraded to mozilla-firefox-1.5.0.11.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
extra/mozilla-firefox-2.0.0.3/mozilla-firefox-2.0.0.3-i686-1.tgz:
  Upgraded to mozilla-firefox-2.0.0.3.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Sat Mar 24 19:08:07 CDT 2007
patches/packages/bash-3.2.015-i486-1_slack11.0.tgz:
  Upgraded to bash-3.2 patchlevel 15.  This is an optional upgrade
  issued due to some problem reports concerning the use of the old-
  style backquotes in scripts.  For example `ls -l` might fail where
  $(ls -l) works (though the real-world examples are more complex
  than these, of course.  I'd say if you're not having problems with
  bash you're better off leaving it alone, but if you're getting an
  error like "unexpected EOF looking for matching `", you may wish
  to give this package a try.
  Thanks much to John Pate for helping with late-night debugging.
+--------------------------+
Sat Mar 17 17:41:43 CDT 2007
Happy St. Patrick's Day!
patches/packages/gaim-1.5.0-i486-3_slack11.0.tgz:
  Recompiled against mozilla-nss.  Also recompiled the GAIM beta in
  the /pub/slackware/unsupported/ directory, if anyone is interested.
patches/packages/mozilla-nss-3.9.2-i486-1_slack11.0.tgz:
  Added mozilla-nss to provide a more stable API/ABI for GAIM.
+--------------------------+
Wed Mar 14 19:38:47 CDT 2007
patches/packages/libpng-1.2.16-i486-1_slack11.0.tgz:
  Upgraded to libpng-1.2.16.  This fixes some problems with the new
  ImageMagick package, such as massive memory usage using "convert".
  Thanks to Michael Johnson for letting me know about this.
+--------------------------+
Tue Mar 13 18:22:59 CDT 2007
patches/packages/php-4.4.6-i486-1_slack11.0.tgz:
  Upgraded to php-4.4.6.
  This version of PHP fixes a problem introduced with the last PHP release
  where certain applications using "register_globals" may crash.
+--------------------------+
Wed Mar  7 17:57:50 CST 2007
patches/packages/gnupg-1.4.7-i486-1_slack11.0.tgz:
  Upgraded to gnupg-1.4.7.
  This fixes a security problem that can occur when GnuPG is used incorrectly.
  Newer versions attempt to prevent such misuse.
  For more information, see:
    http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
  (* Security fix *)
patches/packages/x11-6.9.0-i486-12_slack11.0.tgz:  Patched.
  This update fixes overflows in the dbe and render extensions.  This could
  possibly be exploited to overwrite parts of memory, possibly allowing
  malicious code to execute, or (more likely) causing X to crash.
  For information about some of the security fixes, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
  (* Security fix *)
patches/packages/mozilla-firefox-1.5.0.10-i686-1.tgz:
  Upgraded to firefox-1.5.0.10.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.10-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.10.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
patches/packages/seamonkey-1.0.8-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.0.8.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
patches/packages/imagemagick-6.3.3_0-i486-1_slack11.0.tgz:
  Upgraded to imagemagick-6.3.3-0.
  The original fix for PALM image handling has been corrected.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
  (* Security fix *)
extra/mozilla-firefox-2.0.0.2-i686-1.tgz:
  Upgraded to firefox-2.0.0.2.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Thu Feb 22 21:13:04 CST 2007
patches/packages/php-4.4.5-i486-1_slack11.0.tgz:
  Upgraded to php-4.4.5 which improves stability and security.
  For complete details, see http://www.php.net.
  For imformation about some of the security fixes, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
  (* Security fix *)
extra/php5/php-5.2.1-i486-1_slack11.0.tgz:
  Upgraded to php-5.2.1 which improves stability and security.
  For imformation about some of the security fixes, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
  (* Security fix *)
patches/packages/amarok-1.4.5-i486-1_slack11.0.tgz:  Upgraded to
  amarok-1.4.5, which fixes the last.fm stream breakage after the
  last upgrade to xine-lib.
patches/packages/libgpod-0.4.2-i486-1_slack11.0.tgz:  Upgraded to
  libgpod-0.4.2.  This is needed for the amarok package.
patches/packages/libmtp-0.1.3-i486-1_slack11.0.tgz:  Upgraded to
  libmtp-0.1.3.  This is needed for the amarok package.
+--------------------------+
Sun Feb 18 15:20:36 CST 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz:
  Updated with tzdata2007b for impending Daylight Savings Time
  changes in the US.
+--------------------------+
Wed Feb  7 12:29:05 CST 2007
patches/packages/samba-3.0.24-i486-1_slack11.0.tgz:
  Upgraded to samba-3.0.24.  From the WHATSNEW.txt file:
    "Important issues addressed in 3.0.24 include:
     o Fixes for the following security advisories:
       - CVE-2007-0452 (Potential Denial of Service bug in smbd)
       - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
         NSS library on Solaris)
       - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
  Samba is Slackware is vulnerable to the first issue, which can cause smbd
  to enter into an infinite loop, disrupting Samba services.  Linux is not
  vulnerable to the second issue, and Slackware does not ship the afsacl.so
  VFS plugin (but it's something to be aware of if you build Samba with
  custom options).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
  (* Security fix *)
+--------------------------+
Fri Jan 26 22:46:30 CST 2007
patches/packages/bind-9.3.4-i486-1_slack11.0.tgz:
  Upgraded to bind-9.3.4.  This update fixes two denial of service
  vulnerabilities where an attacker could crash the name server with
  specially crafted malformed data.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
  (* Security fix *)
+--------------------------+
Wed Jan 24 14:15:07 CST 2007
patches/packages/fetchmail-6.3.6-i486-1_slack11.0.tgz:
  Upgraded to fetchmail-6.3.6.  This fixes two security issues.  First, a bug
  introduced in fetchmail-6.3.5 could cause fetchmail to crash.  However,
  no stable version of Slackware ever shipped fetchmail-6.3.5.  Second, a long
  standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
  password in clear text or omit using TLS even when configured otherwise.
  All fetchmail users are encouraged to consider using getmail, or to upgrade
  to the new fetchmail packages.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
  (* Security fix *)
+--------------------------+
Sat Dec 23 16:38:26 CST 2006
extra/mozilla-firefox-2.0.0.1/mozilla-firefox-2.0.0.1-i686-1.tgz:
  Upgraded to Mozilla Firefox 2.0.0.1.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz:
  Upgraded to firefox-1.5.0.9.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.9.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
patches/packages/seamonkey-1.0.7-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.0.7.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
patches/packages/xine-lib-1.1.3-i686-1_slack11.0.tgz:
  Upgraded to xine-lib-1.1.3 which fixes possible security problems
  such as a heap overflow in libmms and a buffer overflow in the
  Real Media input plugin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
  (* Security fix *)
+--------------------------+
Wed Dec  6 15:16:06 CST 2006
patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:
  Upgraded to gnupg-1.4.6.  This release fixes a severe and exploitable
  bug in earlier versions of gnupg.  All gnupg users should update to the
  new packages as soon as possible.  For details, see the information
  concerning CVE-2006-6235 posted on lists.gnupg.org:
    http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
  This update also addresses a more minor security issue possibly
  exploitable when GnuPG is used in interactive mode.  For more information
  about that issue, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
  (* Security fix *)
+--------------------------+
Fri Dec  1 15:03:20 CST 2006
patches/packages/libpng-1.2.14-i486-1_slack11.0.tgz:
  Upgraded to libpng-1.2.14.  This fixes a bug where a specially crafted PNG
  file could crash applications that use libpng.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
  (* Security fix *)
patches/packages/proftpd-1.3.0a-i486-1_slack11.0.tgz:
  Upgraded to proftpd-1.3.0a plus an additional security patch.  Several
  security issues were found in proftpd that could lead to the execution of
  arbitrary code by a remote attacker, including one in mod_tls that does
  not require the attacker to be authenticated first.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
  (* Security fix *)
patches/packages/tar-1.16-i486-1_slack11.0.tgz:
  Upgraded to tar-1.16.
  This fixes an issue where files may be extracted outside of the current
  directory, possibly allowing a malicious tar archive, when extracted, to
  overwrite any of the user's files (in the case of root, any file on the
  system).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
  (* Security fix *)
+--------------------------+
Thu Nov  9 18:04:51 CST 2006
extra/mozilla-firefox-2.0/mozilla-firefox-2.0-i686-1.tgz:  Moved from /patches,
  since it was pointed out that this sets LD_LIBRARY_PATH to use the libraries
  in /usr/lib/firefox-2.0/ which aren't compatible with the SeaMonkey libraries
  that are used to compile the gxine plugin, breaking it.  I'm currently
  looking for a workaround for this issue, but meanwhile using firefox-1.5.0.8
  with the gxine plugin works just fine.  Honestly, I hadn't expected to see
  another firefox-1.x release once 2.0 came out or I might not have added it to
  Slackware 11.0 after the release...
patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz:
  Upgraded to firefox-1.5.0.8.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.8.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
patches/packages/seamonkey-1.0.6-i486-1_slack11.0.tgz:
  Upgraded to seamonkey-1.0.6.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
+--------------------------+
Mon Nov  6 21:29:24 CST 2006
patches/packages/bind-9.3.2_P2-i486-1_slack11.0.tgz:
  Upgraded to bind-9.3.2-P2.  This fixes some security issues related to
  previous fixes in OpenSSL.  The minimum OpenSSL version was raised to
  OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
  in older versions (these patches were already issued for Slackware).  If you
  have not upgraded yet, get those as well to prevent a potentially exploitable
  security problem in named.  In addition, the default RSA exponent was changed
  from 3 to 65537.  RSA keys using exponent 3 (which was previously BIND's
  default) will need to be regenerated to protect against the forging
  of RRSIGs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Fri Nov  3 23:17:57 CST 2006
extra/php5/php-5.2.0-i486-1.tgz:  Upgraded to php-5.2.0.
  This release "includes a large number of new features, bug fixes and security
  enhancements."  In particular, when the UTF-8 charset is selected there are
  buffer overflows in the htmlspecialchars() and htmlentities() that may be
  exploited to execute arbitrary code.
  More details about the vulnerability may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
  Further details about the release can be found in the release announcement:
    http://www.php.net/releases/5_2_0.php
  Some syntax has changed since PHP 5.1.x.  An upgrading guide may be found at
  this location:
    http://www.php.net/UPDATE_5_2.txt
  This package was placed in /extra rather than /patches to save people from
  possible surprises with automated upgrade tools, since users of PHP4 and
  PHP 5.1.x applications may need to make some code changes before things will
  work again.
  (* Security fix *)
patches/packages/php-4.4.4-i486-4_slack11.0.tgz:  Patched the UTF-8 overflow.
  More details about the vulnerability may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
  (* Security fix *)
patches/packages/screen-4.0.3-i486-1_slack11.0.tgz:  Upgraded to screen-4.0.3.
  This addresses an issue with the way screen handles UTF-8 character encoding
  that could allow screen to be crashed (or possibly code to be executed in the
  context of the screen user) if a specially crafted sequence of pseudo-UTF-8
  characters are displayed withing a screen session.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
  (* Security fix *)
+--------------------------+
Sat Oct 28 23:52:38 CDT 2006
patches/packages/mozilla-firefox-2.0-i686-1.tgz:
  Upgraded to Mozilla Firefox 2.0.  This is a completely optional enhanced
  feature package update.  Usually I'd reserve this space only for security
  patches (which this is not), but Firefox 2.0 is just so cool that I couldn't
  resist upgrading it, especially with Slackware 11.0 so recently released.
+--------------------------+
Wed Oct 25 15:45:46 CDT 2006
patches/packages/qca-tls-1.0-i486-3_slack11.0.tgz:  Rebuilt to place the plugin
  in /usr/lib/qt-3.3.7/plugins/crypto/.
patches/packages/qt-3.3.7-i486-1_slack11.0.tgz:  Upgraded to qt-x11-free-3.3.7.
  This fixes an issue with Qt's handling of pixmap images that causes Qt linked
  applications to crash if a specially crafted malicious image is loaded.
  Inspection of the code in question makes it seem unlikely that this could
  lead to more serious implications (such as arbitrary code execution), but it
  is recommended that users upgrade to the new Qt package.
  For more information, see:
    http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
  (* Security fix *)
+--------------------------+
Sun Oct  1 23:50:53 CDT 2006
Slackware 11.0 is released.  Thanks to everyone who helped out and made this
release possible.  If I forgot you in the ChangeLog, mea culpa, but you know
who you are, and thanks.  :-)
Enjoy!  -P.
+--------------------------+
Sun Oct  1 16:45:45 CDT 2006
l/jre-1_5_0_09-i586-1.tgz:  Upgraded to Java(TM) 2 Platform Standard Edition
  Runtime Environment Version 5.0, Release 9.
extra/bittornado/bittornado-0.3.15-noarch-1.tgz:
  Upgraded to bittornado-0.3.15.
extra/jdk-1.5.0_09/jdk-1_5_0_09-i586-1.tgz:  Upgraded to Java(TM) 2 Platform
  Standard Edition Development Kit Version 5.0, Release 9.
+--------------------------+
Sat Sep 30 22:05:20 CDT 2006
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-3.tgz:
  This had been named i486 when it's really an i686 arch package. 
+--------------------------+
Sat Sep 30 19:35:24 CDT 2006
a/etc-11.0-noarch-2.tgz:  Added missing comment marks (#) for distcc ports
  in /etc/services.  Thanks to Michiel Broek.
n/popa3d-1.0.2-i486-2.tgz:  Do better checking of passwd and group to avoid
  adding redundant entries to these files.  Thanks to Menno Duursma.
n/sendmail-8.13.8-i486-4.tgz:  Do better checking of passwd and group to avoid
  adding redundant entries to these files.  Thanks to Menno Duursma.
n/sendmail-cf-8.13.8-noarch-4.tgz:  Rebuilt.
extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-3.tgz:
  Recompiled to add missing SMP/SMT support.
  Thanks to arny for noticing that I'd started with the wrong .config.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-3.tgz:  Rebuilt.
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-3.tgz:  Recompiled.
+--------------------------+
Sat Sep 30 01:52:09 CDT 2006
testing/packages/fontconfig-2.4.1-i486-1.tgz:  Upgraded to fontconfig-2.4.1.
  Thanks to Fr?d?ric L. W. Meunier for pointing this out.
l/shared-mime-info-0.19-i486-1.tgz:  Upgraded to shared-mime-info-0.19.
+--------------------------+
Fri Sep 29 23:41:35 CDT 2006
l/libgpod-0.4.0-i486-1.tgz:  Upgraded to libgpod-0.4.0.  Thanks to Shilo Bacca.
l/pango-1.12.4-i486-1.tgz:  Fixed bogus empty GPOS table warning and other
  minor bugs.
extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-2.tgz:
  Rebuilt SMP kernels setting -smp in CONFIG_LOCALVERSION, not EXTRAVERSION.
  Thanks to Tom B. for snapping me out of my old-skool ways.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-2.tgz:  Rebuilt.
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-2.tgz:  Rebuilt.
testing/packages/iptables-1.3.6-i486-1.tgz:  This one appeared too late to be
  considered for mainline (not enough test time), but it _should_ be stable.
testing/packages/wpa_supplicant-0.4.9-i486-1.tgz:  Added wpa_supplicant-0.4.9.
  Thanks to Eric Hameleers for a good head-start on this one.
+--------------------------+
Fri Sep 29 02:10:15 CDT 2006
a/openssl-solibs-0.9.8d-i486-1.tgz:  Upgraded to shared libraries from
  openssl-0.9.8d.  See openssl package update below.
  (* Security fix *)
n/openssh-4.4p1-i486-1.tgz:  Upgraded to openssh-4.4p1.
  This fixes a few security related issues.  From the release notes found at
  http://www.openssh.com/txt/release-4.4:
    * Fix a pre-authentication denial of service found by Tavis Ormandy,
      that would cause sshd(8) to spin until the login grace time
      expired.
    * Fix an unsafe signal hander reported by Mark Dowd. The signal
      handler was vulnerable to a race condition that could be exploited
      to perform a pre-authentication denial of service. On portable
      OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication
      is enabled, but the likelihood of successful exploitation appears
      remote.
    * On portable OpenSSH, fix a GSSAPI authentication abort that could
      be used to determine the validity of usernames on some platforms.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
    After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
  the way you want them.  Future upgrades will respect the existing permissions
  settings.  Thanks to Manuel Reimer for pointing out that upgrading openssh
  would enable a previously disabled sshd daemon.
    Do better checking of passwd, shadow, and group to avoid adding
    redundant entries to these files.  Thanks to Menno Duursma.
  (* Security fix *)
n/openssl-0.9.8d-i486-1.tgz:  Upgraded to openssl-0.9.8d.
  This fixes a few security related issues:
      During the parsing of certain invalid ASN.1 structures an error
    condition is mishandled.  This can result in an infinite loop which
    consumes system memory (CVE-2006-2937).  (This issue did not affect
    OpenSSL versions prior to 0.9.7)
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      Certain types of public key can take disproportionate amounts of
    time to process. This could be used by an attacker in a denial of
    service attack (CVE-2006-2940).
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      A buffer overflow was discovered in the SSL_get_shared_ciphers()
    utility function.  An attacker could send a list of ciphers to an
    application that uses this function and overrun a buffer.
    (CVE-2006-3738)
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
      A flaw in the SSLv2 client code was discovered. When a client
    application used OpenSSL to create an SSLv2 connection to a malicious
    server, that server could cause the client to crash (CVE-2006-4343).
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
  (* Security fix *)
zipslack/zipslack.zip:  Rebuilt ZipSlack with new openssl-solibs and
  openssh packages.
+--------------------------+
Thu Sep 28 03:33:49 CDT 2006
ap/vorbis-tools-1.1.1-i486-3.tgz:  Fixed UTF8 support.
  Thanks to Igor Pashev for providing a simple patch from Gene Pavlovsky.
kernels/huge26.s/*:  Added support for USB and IEEE1394 storage devices.
kernels/test26.s/*:  Added support for USB and IEEE1394 storage devices.
  Thanks to Tais M. Hansen for pointing out that these kernels lacked support
  for USB storage devices.  Using these kernels with udev may cause a few
  warnings at boot time as udev attempts to load the already built-in support,
  but these seem to be harmless.
+--------------------------+
Tue Sep 26 05:57:52 CDT 2006
a/aaa_base-11.0.0-noarch-2.tgz:  Updated the "Welcome to Slackware" email.
  Added /media directory, subdirectories, and symbolic links recommended by
  the FHS, along with README files to help me understand the difference
  between this directory and /mnt.  ;-)
a/etc-11.0-noarch-1.tgz:  Fixed a bug in /etc/csh.login that caused repeated
  use of "csh -l" to duplicate search directories in the $path.  Clearly
  /etc/csh.login should set the path just as /etc/profile does.
  This bug dates back at at least 1997, maybe earlier, so congratulations to
  Dimitar Zhekov for winning this release's "smite the oldest bug" award.
  Added distcc port to /etc/services.  Thanks to Erik Jan Tromp and
  Robby Workman for the continual reminders.  ;-)
a/pkgtools-11.0.0-i486-4.tgz:  Made upgradepkg a little bit more gentle -- if
  it is run on a corrupted .tgz it will no longer remove the original package.
  Thanks to Ric Anderson for the report.
  Added rc.scanluns to the services setup menu.
a/sysvinit-2.84-i486-69.tgz:  Fixed path to /sbin/initscript shown in init.8
  (again).  Thanks to Robby Workman.
  Changed rc.S to run rc.serial according to whether the script is executable.
a/util-linux-2.12r-i486-5.tgz:  Treat /etc/rc.d/rc.serial (to preserve file
  permissions), /etc/serial.conf, and /etc/fdprm as '.new' config files.
ap/lm_sensors-2.10.0-i486-3.tgz:  Fixed hardcoded /usr/local paths in
  sensors-detect.  Thanks to Jakub Jankowski.
kde/kdebase-3.5.4-i486-7.tgz:  Patched to fix media:/ URLs in Konqueror without
  requiring HAL.  Thanks to everyone involved in reporting this issue and
  seeing that it was addressed:
    http://bugs.kde.org/show_bug.cgi?id=132281
  A big thanks to coolo (Stephan Kulow) for coming up with a patch.  :-)
zipslack/zipslack.zip:  Added ZipSlack.
+--------------------------+
Sat Sep 23 03:45:30 CDT 2006
a/sysvinit-2.84-i486-68.tgz:  In rc.M, start rc.hplip if found.  Fix the path
  to /sbin/initscript shown in init.8.  Thanks to Robby Workman.
xap/sane-1.0.18-i486-3.tgz:  Added HPLIP backend (hpaio) to dll.conf.
testing/packages/cups-1.2.4/cups-1.2.4-i486-1.tgz:  Upgraded to cups-1.2.4.
  The web site says that more problems were fixed.  I would still approach
  this one cautiously, though I'm sure it (or its descendent) will be used
  in Slackware 11.1.  Unless you have a reason to need this now, I'd wait.
testing/packages/hplip-1.6.9-i486-1.tgz:  Added hplip-1.6.9, a complete print,
  scan, and fax system for HP devices.  This isn't being merged into the AP
  series as a replacement for hpijs solely because I'd like to see it get more
  testing first.  It is working perfectly here.  Thanks to Robby Workman for
  doing the vast majority of the work on this package.  :-)
testing/packages/gutenprint-5.0.0-i486-2.tgz:  Don't overwrite GIMP's "print"
  plugin -- instead install the plugin as "gutenprint".
  Thanks again to Stefano Vesa.
+--------------------------+
Fri Sep 22 01:57:52 CDT 2006
n/portmap-5.0-i486-3.tgz:  In rc.rpc, fixed restart function.
  Thanks to Grant.
+--------------------------+
Thu Sep 21 04:05:03 CDT 2006
This is still Slackware 11.0 release candidate 5 (for now), and is still the
  last release candidate, scout's honor.  We are nearly there.  :-)
a/devs-2.3.1-noarch-25.tgz:  Added /dev/i2c-* devices.
  Thanks to Jean Delvare.
  Just a reminder on devs, as I've had some email about it.  As it stands, devs
  is required to boot even if the machine runs a 2.6+ kernel and uses udev.
a/hotplug-2004_09_23-noarch-11.tgz:  Don't allow dhcpcd -k to make noise at
  shutdown time if dhcpcd is not running (as in cases where it was shut down
  manually, or the lease time was infinite).
a/logrotate-3.7.4-i486-1.tgz:  Upgraded to logrotate-3.7.4.  After reading the
  diff -u and doing some test rotations, this seems safe to include for 11.0.
  Suggested by Mateus C?sar Gr?ess and Rafal Lorenc.
  Rotate /var/log/btmp.  Thanks to James Michael Fultz.
a/pkgtools-11.0.0-i486-3.tgz:  Stripped /bin/dialog.  Thanks to mRgOBLIN for
  saving us 18K of hard drive space.  :-)
  In setup.services, rename rc.portmap to rc.rpc.  This is no longer started
  by default.  Instead you must turn it on (only if you plan on mounting NFS
  partitions manually).  Otherwise, it will be run regardless of exec perms if
  NFS shares or mounts are detected at boot time.
ap/diffstat-1.43-i486-1.tgz:  Added Thomas Dickey's diffstat utility.
  Suggested by Michael Iatrou.
ap/lm_sensors-2.10.0-i486-2.tgz:  Edited slack-desc since the package contains
  only the tools for lm_sensors, not the drivers.  In the case of the 2.6+
  kernel, these are included with the kernel-modules package.  For 2.4, the
  modules would have to be built by the end user.  Also, there is still no
  startup script included for this package, but that's something that will be
  looked at for the next development cycle.  Removed the mkdev.sh after
  including the i2c devices in the devs package.
  Thanks again to Jean Delvare for the advice, and for his work maintaining
  lm_sensors upstream.  :-)
n/mailx-12.1-i486-1.tgz:  Upgraded to mailx-12.1 from nail-11.25 (renamed).
  Thanks to Gerardo Exequiel Pozzi for pointing this out.
n/nfs-utils-1.0.10-i486-3.tgz:  Moved rpc.lockd and rpc.statd to /sbin.
  Reworked rc.nfsd to make use of the rc.rpc script in "portmap".
n/portmap-5.0-i486-2.tgz:  Replaced /etc/rc.d/rc.portmap with /etc/rc.d/rc.rpc.
  This script will start rpc.portmap, rpc.lockd, and rpc.statd.  All of these
  are needed to make proper use of NFS from either the server or client side,
  so this approach should be more likely to work out of the box.  Note that
  nfs-utils will also be required in order to use rc.rpc or NFS, even as a
  client.  If rc.rpc is needed, another script will run it as long as it is
  readable.  The only reason to make rc.rpc executable would be to run it at
  boot time when there are no shares in /etc/exports and no mounts in
  /etc/fstab, but you wish to be able to mount NFS partitions manually.
  Thanks to Arno G. Schielke and Cesar Suga for suggesting this idea.
n/tcpip-0.17-i486-39.tgz:  Don't allow dhcpcd -k to make noise at shutdown
  time if dhcpcd is not running (as in cases where it was shut down manually,
  or the lease time was infinite).
  Added support in rc.inet1 and rc.inet1.conf for adjustable DHCP_TIMEOUT.
  Thanks to Eric Hameleers.
x/ttf-indic-fonts-0.4.7.1-noarch-1.tgz:  Added TTF fonts for displaying Indic
  scripts.  This package supports Bengali, Devanagari, Gujarati, Kannada,
  Malayalam, Oriya, Punjabi, Tamil, and Telugu.
  For information about fully enabling Indic support (including input), see:
    /usr/doc/Linux-HOWTOs/Indic-Fonts-HOWTO.
isolinux/initrd.img:  Patched installer's network script to look for
  network26.dsk if 2.6.17.13 (huge26.s) is used to boot/install.
  Thanks to Piter Punk for work done (long ago) to fix probing for 2.6 modules.
  Thanks to Eric Hameleers for helping debug loopback mounts in the installer
  when using the 2.6.17.13 (huge26.s) kernel.
  NFS installs with the test26.s kernel are not supported by this system,
  but should work if you put the module(s) you need on a floppy or otherwise
  make them available and load them manually.
isolinux/network26.dsk:  Added network26.dsk for NFS installs with huge26.s.
  Don't try to put this one on a floppy disk, folks.  ;-)
kernels/huge26.s/*:  Added built-in NLS (CONFIG_NLS_CODEPAGE_437,
  CONFIG_NLS_ISO8859_1, and CONFIG_NLS_UTF8) to allow FAT filesystems to
  loopback mount for NFS installs.
kernels/test26.s/*:  Added 2.6.18 test26.s kernel.
rootdisks/install.1:  Patched installer's network script.
rootdisks/install.2:  Rebuilt.
rootdisks/install.zip:  Patched installer's network script.
testing/packages/flex-2.5.33-i486-1.tgz:  Added flex-2.5.33.
  Requested by Alberto Sim?es.
testing/packages/gutenprint-5.0.0-i486-1.tgz:  Added gutenprint-5.0.0.
  This package was formerly known as "gimp-print", and will likely take the
  place of gimp-print in the AP series after going through testing.
  Suggested by Stefano Vesa.
testing/packages/linux-2.6.18/kernel-generic-2.6.18-i486-1.tgz:
  Added Linux 2.6.18 generic kernel.
testing/packages/linux-2.6.18/kernel-headers-2.6.18-i386-1.tgz:
  Added Linux 2.6.18 kernel headers.
testing/packages/linux-2.6.18/kernel-modules-2.6.18-i486-1.tgz
  Added Linux 2.6.18 kernel modules.
testing/packages/linux-2.6.18/kernel-source-2.6.18-noarch-1.tgz
  Added Linux 2.6.18 kernel source.
+--------------------------+
Tue Sep 19 18:13:09 CDT 2006
l/arts-1.5.4-i486-2.tgz:  Patched an annoying bug where audio programs such
  as ogg123 would not work unless KDE had been run first.  I took several
  stabs with me sword at ripping out kdebase's surprise HAL requirement as
  well, but the best I could achieve was "Internal Error".  Aarrr!!
+--------------------------+
Tue Sep 19 14:07:49 CDT 2006
a/gzip-1.3.5-i486-1.tgz:  Upgraded to gzip-1.3.5, and fixed a variety of bugs.
  Some of the bugs have possible security implications if gzip or its tools are
  fed a carefully constructed malicious archive.  Most of these issues were
  recently discovered by Tavis Ormandy and the Google Security Team.  Thanks
  to them, and also to the ALT and Owl developers for cleaning up the patch.
  For further details about the issues fixed, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
  (* Security fix *)
n/procmail-3.22-i486-2.tgz:  Added support for large (2GB+) mailboxes.
  Thanks to Dominik L. Borkowski.
isolinux/initrd.img:  Patched installer to allow splitting a package series
  over two or more pieces of optical media.  If a package directory contains
  a file named README_SPLIT.TXT, then it will be continued on the next disc.
  An example of such a file can be found in /isolinux.
  Thanks very much to Eric Hameleers for the initial patch and testing!
rootdisks/install.1:  Rebuilt.
rootdisks/install.2:  Patched to allow a split package series.
rootdisks/install.zip:  Patched to allow a split package series.
+--------------------------+
Mon Sep 18 15:18:07 CDT 2006
l/neon-0.25.5-i486-2.tgz:  Enabled missing SSL support.
  Thanks much to Mircea Baciu!
+--------------------------+
Mon Sep 18 05:33:24 CDT 2006
Slackware 11.0 release candidate 5.  This is the last one, scout's honor.
a/aaa_elflibs-11.0.0-i486-9.tgz:  Stripped /lib/libbz2.so.1.0.3, added
  /lib/libdm.so.0.0.4.
a/bzip2-1.0.3-i486-3.tgz:  Stripped /lib/libbz2.so.1.0.3.
ap/espgs-8.15.3svn185-i486-1.tgz:  Upgraded to espgs-8.15.3svn185.
  OK, I don't like using repo versions at all, much less inserting them at the
  last second.  But, it seems like par for the course for ghostscript and its
  offshoots where there wasn't much choice about shipping 8.15rc4 in Slackware
  10.2.  In this case, building from svn fixes two critical problems:  missing
  support for CJK, and not correctly printing Umlauts with certain fonts.
  Thanks to Shin-ichi Abe and Matthias Bachert.
  If this version of espgs creates new problems that are worse than these,
  please let me know as soon as possible.  It's tested here and seems stable.
ap/vim-7.0.109-i486-1.tgz:  Upgraded to vim-7.0.109.
d/subversion-1.4.0-i486-1.tgz:  After a couple convincing assurances that this
  was a safe and ABI/API compatible upgrade, I decided to allow this upgrade.
  Thanks to Malcolm Rowe and Janusz Dziemidowicz.
l/desktop-file-utils-0.11-i486-1.tgz:  Added desktop-file-utils-0.11.
  The next XFce will need this freedesktop.org package.
  Thanks to Robby Workman for the information.
l/libexif-0.6.13-i486-2.tgz:  Fixed libexif.pc includedir.
  Thanks to Charles Shannon Hendrix for pointing this out.
l/libtheora-1.0alpha7-i486-1.tgz:  Added libtheora-1.0alpha7.  This links with
  (as far as I know) optional plugins only and is a safe last-second addition.
  Furthermore, the Theora team has promised that files encoded with this
  version of the codec will always be playable.  The format is stable and ready
  for production use, so keeping it out of 11.0 due to the "alpha" would be
  plain silly.  Suggested by Edo Hikmahtiar, and Diogo R.
l/libungif-4.1.4-i486-3.tgz:  Added the utilities in /usr/bin, some of which
  are used to detect that annoying image spam that's on the rise...
  Thanks to Joran Kvalvaag.
l/neon-0.25.5-i486-1.tgz:  Added neon package, split from subversion-deps-1.4.0.
x/dejavu-ttf-2.10-noarch-1.tgz:  Upgraded to dejavu-ttf-2.10.
xap/vim-gvim-7.0.109-i486-1.tgz:  Upgraded to vim-7.0.109.
  Once again, this is just an add-on for the VIM package in ap.  :-)
xap/xine-lib-1.1.2-i686-2.tgz:  Recompiled against libtheora to include the
  Theora codec plugin.  Theora testsuite passed.
xap/xine-ui-0.99.4-i686-3.tgz:  Patched an issue where xine-ui could block
  input to Konsole.  Thanks to Nuts Mueller.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz:
  Fixed slack-desc typo.  No actual rebuild, so no -$BUILD bump.
  Thanks to David Somero.
isolinux/initrd.img:  Fixed swap setup in the "Cancel" or unselecting all swap
  partitions case.  Thanks to Marcus Moeller.
rootdisks/install.1:  Rebuilt.
rootdisks/install.2:  Fixed swap setup.
rootdisks/install.zip:  Fixed swap setup.
+--------------------------+
Sat Sep 16 23:08:49 CDT 2006
l/libgpod-0.3.2-i486-2.tgz:  Added --enable-eject-command and
  --enable-unmount-command.  Thanks to Kody K.
kde/amarok-1.4.3-i486-4.tgz:  Recompiled with a patch to fix non-latin1
  playlist corruption by forcing UTF8.
  Thanks to guilherme and the kind folks on #amarok.
  Added explicit --emable-libgpod.  Thanks to Kody K.
kde/kdeutils-3.5.4-i486-2.tgz:  Fixed ark crash due to race condition on SMP
  machines.  Thanks to JaguarWan.
n/rdesktop-1.5.0-i486-1.tgz:  Upgraded to rdesktop-1.5.0.
  Thanks to Andrew Fuller for pointing it out.
x/x11-6.9.0-i486-11.tgz:  Fixed an overflow in CID encoded Type1 font parsing.
  For further reference, see:
    http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
  (* Security fix *)
  Also, fixed French Canadian keymap variant.  Thanks to Patrice Tremblay.
x/x11-devel-6.9.0-i486-11.tgz:  Recompiled.
x/x11-xdmx-6.9.0-i486-11.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-11.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-11.tgz:  Recompiled.
extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-1.tgz:
  This is an optional kernel with support for SMP (up to 16), dual core
  optimizations, and SMT (Hyperthreading).  Fully tuned and ready to go.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz
  Optional kernel headers.  There will only be needed to compile a few things,
  such as apps and libraries that use ALSA (it contains the /usr/include/sound
  directory that for 2.4.x kernels is supplied in the alsa-driver package).
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-1.tgz:
  Kernel modules for Linux 2.6.17.13-smp, including ALSA modules.
  These install into /lib/modules/2.6.17.13-smp/.
+--------------------------+
Thu Sep 14 19:41:22 CDT 2006
d/git-1.4.2.1-i486-1.tgz:  Upgraded to git-1.4.2.1.
xap/mozilla-firefox-1.5.0.7-i686-1.tgz:  Upgraded to firefox-1.5.0.7.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
xap/mozilla-thunderbird-1.5.0.7-i686-1.tgz:  Upgraded to thunderbird-1.5.0.7.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
xap/seamonkey-1.0.5-i486-1.tgz:  Upgraded to seamonkey-1.0.5.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
+--------------------------+
Thu Sep 14 03:57:37 CDT 2006
a/glibc-solibs-2.3.6-i486-6.tgz:  Recompiled.
a/glibc-zoneinfo-2.3.6-noarch-6.tgz:  Upgraded to tzcode2006k and tzdata2006k.
  Added "ldconfig -r ." to install script.  Thanks to Stuart Winter.
a/openssl-solibs-0.9.8b-i486-2.tgz:  Patched an issue where it is possible to
  forge certain kinds of RSA signatures.  The patch is used instead of an
  upgrade to openssl-0.9.8c as it was issued later with a corrected fix.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
a/udev-097-i486-10.tgz:  If there's no udevd daemon, don't allow rc.udev to
  try to start.  Thanks to Eugene Crosser.
d/pkgconfig-0.21-i486-3.tgz:  Added {curly brackets} around PKG_CONFIG_PATH
  in /etc/profile.d/pkgconfig.*.  Thanks to R?my Pagniez.
l/glibc-2.3.6-i486-6.tgz:  Recompiled against 2.4.33.3 and 2.6.17.13 headers.
  (these kernel versions are now "golden" for release)
l/glibc-i18n-2.3.6-noarch-6.tgz:  Recompiled.
l/glibc-profile-2.3.6-i486-6.tgz:  Recompiled.
n/openssl-0.9.8b-i486-2.tgz:  Patched an issue where it is possible to
  forge certain kinds of RSA signatures.  The patch is used instead of an
  upgrade to openssl-0.9.8c as it was issued later with a corrected fix.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
kernels/huge26.s/*:  Added NFSv3 support.
+--------------------------+
Tue Sep 12 06:29:32 CDT 2006
a/sysvinit-2.84-i486-67.tgz:  Sleep 3 seconds before mounting non-root
  partitions.  This was a sleep that I'd removed earlier in the devel cycle to
  see what it would break (if anything), and the answer is some external hard
  drives that take a couple seconds to hotplug.  Thanks to Fabio Busatto.
  In rc.M, restart udevd when returning from single user mode.
  Thanks to James Michael Fultz.
  Patched initscript.5 man page to show proper /sbin/initscript path.
  Thanks to Robby Workman.
  Found another assumption that the kernel has hotplug support in the rc.udev
  stop function.  Thanks again to Gary Hawco for the original bug report.
a/udev-097-i486-9.tgz:  Uncommented dmsetup rule for LVM2 -- it doesn't seem
  to hurt anything.  Thanks to Dex Filmore.
ap/diffutils-2.8.1-i486-3.tgz:  Fixed sdiff.1 man page.
  Thanks to James Michael Fultz.
kde/amarok-1.4.3-i486-3.tgz:  Recompiled against new libmtp.
l/libmtp-0.0.18-i486-1.tgz:  Upgraded to libmtp-0.0.18.
l/libwpd-0.8.6-i486-1.tgz:  Upgraded to libwpd-0.8.6.
  Thanks to Eugene C. for the CXXFLAGS advice.
n/imapd-4.64-i486-3.tgz:  Added missing md5.txt mentioned in the imapd man
  page, plus a note about additional (large) documentation in the sources.
  The docs directory was also moved to /usr/doc/imapd4.64.
  Thanks to Mark Flacy for reminding me about this one.
n/rdesktop-1.4.1-i486-1.tgz:  Added rdesktop-1.4.1.  Yes, we're in release
  candidates, but if this doesn't work at least it is small.  :-)  I've had
  many, many requests, and it is needed by krdc, so that's my rationale.
  Oh -- and thanks to everyone for positive feedback on libgpod.  I also fixed
  the typo in my request for feedback below.  I hope that doesn't break too
  many ChangeLog parsing scripts...
n/stunnel-4.17-i486-1.tgz:  Upgraded to stunnel-4.17.
  Thanks to Cal Peake for the notice.
+--------------------------+
Mon Sep 11 02:10:19 CDT 2006
a/module-init-tools-3.2.2-i486-2.tgz:  In /etc/modprobe.d/, if there's no
  /etc/modprobe.d/modprobe.conf file, try to make a link to ../modprobe.conf.
  This will retain legacy support for existing /etc/modprobe.conf files.
  Thanks very much to Ivan Kalvatchev for persisting with this bug report
  until I finally saw the light of day.  :-)
l/libmtp-0.0.16-i486-2.tgz:  Fixed hotplug and udev support.
  Thanks to Carlos Corbacho for the help on this -- I knew it wasn't
  working yet and was hoping someone would step up.  Wow, that was fast!
l/libnjb-2.2.5-i486-2.tgz:  Fixed hotplug and udev support.
  Again, thanks to Carlos Corbacho.  Now my NJB3 works.  :-)
  Anyone have any yea/nay feedback on libgpod and amaroK?
+--------------------------+
Sat Sep  9 14:56:38 CDT 2006
kernels/huge26.s/*:  Upgraded huge26.s kernel to 2.6.17.13.
extra/linux-2.6.17.13/kernel-generic-2.6.17.13-i486-1.tgz:
  Upgraded to Linux 2.6.17.13 generic kernel.
extra/linux-2.6.17.13/kernel-headers-2.6.17.13-i386-1.tgz:
  Upgraded to Linux 2.6.17.13 kernel headers.
extra/linux-2.6.17.13/kernel-modules-2.6.17.13-i486-1.tgz
  Upgraded to Linux 2.6.17.13 kernel modules.
extra/linux-2.6.17.13/kernel-source-2.6.17.13-noarch-1.tgz
  Upgraded to Linux 2.6.17.13 kernel source.
  [ Andrea was asleep when I noticed these, and I didn't want to find out
    what happens when one wakes one's sleeping wife and asks her to start
    building kernels, so... ]
+--------------------------+
Sat Sep  9 01:18:53 CDT 2006
d/ruby-1.8.4-i486-2.tgz:  As it would so happen, ruby-1.8.5 fixes a security
  problem, but also breaks a considerable number of things, including Ruby on
  Rails (RoR being one of the biggest appeals of Ruby), and other applications
  that make interesting use of it.  So, for now anyway -- back to 1.8.4.
kde/amarok-1.4.3-i486-2.tgz:  This was the only thing that touched the tainted
  Ruby.  ;-)   Seriously, this will all get straightened out, but we have a
  release to do.  Should we wait for everyone to adopt the new Ruby API/ABI?
  Or must it be: "works" / "secure" -- pick one?  :-)  It's always best to use
  the right tool for the job or you can get hurt.  Remember shop class?
kde/kdesdk-3.5.4-i486-2.tgz:  Recompiled with configure flags that allow the
  apr libraries to be found.  Thanks to Giacomo Lozito.
y/bsd-games-2.13-i486-8.tgz:  "pom" now supports a reasonable number of digits
  with a command line option, as noted in the man page.  Default behavior has
  not been changed (it is still a rounded integer percentage).  My own patch
  didn't live long enough to see birth in a stable release, but who cares.  :-)
  Thanks to Eric Hameleers (who loves a good time-waster) for the better patch.
  I knew he wouldn't be able to resist this one.  ;->
bootdisks/raid.s:  Reverted to the old megaraid driver since regaraid2 is
  already in the scsi2.s bootdisk.
kernels/huge26.s/*:  Fixed USB keyboard support in the installer (at least
  tested on CD/DVD media).  Thanks to Bruce Hill, Jr. for pointing out that
  this was no longer working.
    Please note that if you install with this you still need kernel-modules
  from /extra, and that there's no alsa-driver for this kernel because it's
  all built into kernel-modules and kernel-headers (well, and the kernel :-).
  ALSA 1.0.11/12 specifically DO NOT support these newer kernels.  Check out
  the SUPPORTED_KERNELS file in the alsa-driver source.  Feel free to play
  with various combinations (many DO work, but without any noticable
  improvement to me).  I try very hard to not break your sound system, but
  I'm already bending the rules with alsa-driver-1.0.11_2.4.33.3...
  Also, if you find bugs in stuff I don't ship, contact the appropriate
  maintainer too, please.  I am not the hg repository for everything I ship.  
  (I know, I do look remarkably similar ;-)
  "Is this the spacecraft assembly building?"
kernels/raid.s/*:  Moved from the megaraid2 driver to the old megaraid
  driver, after it was pointed out that megaraid2 is already in scsi2.s.
+--------------------------+
Thu Sep  7 22:59:40 CDT 2006
d/ruby-1.8.5-i486-1.tgz:  Upgraded to ruby-1.8.5.
Honestly, I'm not sure these next three will help at the moment, but we're
laying some groundwork for later when HAL will take over (and sing "Daisy").
l/libgpod-0.3.2-i486-1.tgz:  Added libgpod-0.3.2.
l/libmtp-0.0.16-i486-1.tgz:  Added libmtp-0.0.16.
l/libnjb-2.2.5-i486-1.tgz:  Added libnjb-2.2.5.
kde/amarok-1.4.3-i486-1.tgz:  Upgraded to amarok-1.4.3.  Added plugins linked
  with libgpod, libmtp, and libnjb.  Working status (even with a bit of DYI) is
  not known (yet).  It might require HAL to make it do anything at all.
n/bind-9.3.2_P1-i486-1.tgz:  Upgraded to bind-9.3.2-P1.
  This update addresses a denial of service vulnerability.
  BIND's CHANGES file says this:
    2066.   [security]      Handle SIG queries gracefully. [RT #16300]
  The best discussion I've found is in FreeBSD's advisory, so here's a link:
    http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc
  Also, fixed some missing man pages.  (noticed by Xavier Thomassin -- thanks)
  (* Security fix *)
y/bsd-games-2.13-i486-7.tgz:  Snipped part of a crufty old patch that wouldn't
  apply.   Added an (unapplied) patch to make pom give you two more digits of
  accuracy.  I didn't apply it since it wasn't quite done;  it should have the
  traditional default (no decimal places) that everyone is used to, and an
  arbitrary accuracy selectable with a command line switch.  Perhaps it should
  be rewritten to use gmp.  Oh, and the man page will then need fixing.
  Eric?  ;-)
+--------------------------+
Sun Sep  3 19:59:47 CDT 2006
a/udev-097-i486-8.tgz:  Fixed a missing '[' in rc.udev.  Thanks to
  guilherme for pointing out the error, and to J., who found the missing
  '['.  (It had fallen off my desk and ended up under a table)
kernels/System.map:  Forgot to gzip a bunch of these.  Thanks, Steve'o.
+--------------------------+
Sun Sep  3 01:46:42 CDT 2006
  I wasn't planning a Slackware 11.0 release candidate 4, but here we go.
a/kernel-ide-2.4.33.3-i486-1.tgz:
  Upgraded to Linux 2.4.33.3 sata.i kernel.
a/kernel-modules-2.4.33.3-i486-1.tgz
  Upgraded to Linux 2.4.33.3 kernel modules.
a/udev-097-i486-7.tgz:  Make sure /proc/sys/kernel/hotplug exists before
  writing to it.  Thanks to Gary Hawco for the bug report.
  Change log level from "crit" or "err" since udev doesn't support "crit".
  Silly me, I saw some mention of syslog levels in the docs and assumed it
  supported all of them.  At least in unrecognized cases the default is "err"
  anyway, so this bug didn't cause ill effects.  Accuracy in documentation is,
  nevertheless, always a good thing to strive for.  (I'm referring here to
  my own inaccurate additions to udev.conf...)
  Thanks to Chris Vowden for pointing this out.
  Don't fail to mount tmpfs on /dev because some other tmpfs mount exists.
  Thanks to Ken Milmore for the patch.
  Forget standards -- if k3b wants "/dev/writer" then that is good enough
  justification for me.  Try to make a link to the most full-featured burner.
  Thanks to my good friend Dex Filmore.
  Relaxed the perms on input events from 600 to 640 so that members of group
  root can also read events.  Mode 644 was suggested, but wouldn't that let
  anyone on the box set up e.g. a keyboard logger?  It didn't seem secure to
  me, and 640 looks like a decent compromise.
  Thanks to Jon Anders Skorpen.
ap/mysql-5.0.24a-i486-1.tgz:  Upgraded to mysql-5.0.24a.
  Evidently the ABI change in MySQL 5.0.24 was unintentional, so all the
  packages that were recompiled before need another recompile.  Oh well, maybe
  this little exercise has fixed something else we didn't know about.  :-)
d/kernel-headers-2.4.33.3-i386-1.tgz:
  Upgraded to Linux 2.4.33.3 kernel headers.
d/perl-5.8.8-i486-3.tgz:  Recompiled against libmysqlclient.
k/kernel-source-2.4.33.3-noarch-1.tgz
  Upgraded to Linux 2.4.33.3 kernel source.
kde/koffice-1.5.2-i486-4.tgz:  Recompiled against libmysqlclient.
kde/qt-3.3.6-i486-4.tgz:  Recompiled against libmysqlclient.
l/alsa-driver-1.0.11_2.4.33.3-i486-1.tgz:  Recompiled for Linux 2.4.33.3.
  By the way, I did try ALSA 1.0.12 and noticed that emu10k1 wasn't compiling
  for Linux 2.4.33.3.  I think we are probably safer sticking with the well
  tested ALSA 1.0.11 for the release.
n/bitchx-1.1-i486-5.tgz:  Recompiled against libmysqlclient.
n/dhcp-3.0.4-i486-2.tgz:  Fixed incorrect man page permissions.
  Thanks to Jerome Pinot.
n/iptables-1.3.5-i486-2.tgz:  Updated a rather ancient description file.
  Thanks to Sean Donner for noticing that.  I hope the many folks still
  running Linux 2.2.x were adequately warned.
n/php-4.4.4-i486-3.tgz:  Recompiled against libmysqlclient.
n/samba-3.0.23c-i486-1.tgz:  Upgraded to samba-3.0.23c.
n/sendmail-8.13.8-i486-3.tgz:  Recompiled with official patch.
  "(2006-08-30) If sendmail is used with -bs and a mail filter (milter) is
   configured, an assertion can be triggered.  This patch fixes the bug."
  Thanks much to Jakub Jankowski for the heads up.
n/sendmail-cf-8.13.8-noarch-3.tgz
extra/ktorrent/ktorrent-2.0.2-i486-1.tgz:  Added ktorrent-2.0.2.
  Thanks to Erik Jan Tromp for showing me this one.  I've always used the
  command line BT clients (usually in "screen"), but this is nice, doesn't
  require mainline BitTorrent or any non-KDE dependencies, and will work
  great for downloading (and seeding) Slackware ISO images.  :-)
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.3-i486-1.tgz:
  Recompiled for Linux 2.4.33.3.
extra/php5/php-5.1.6-i486-2.tgz:  Recompiled against libmysqlclient.
bootdisks/*:  Upgraded to Linux 2.4.33.3 kernels.
kernels/*:  Upgraded to Linux 2.4.33.3 kernels, except the huge.s kernel.
  In raid.s, switch from the megaraid to megaraid2 driver.  This should
  support everything the old driver did and then some.  If there are
  problems, let me know ASAP.  Thanks to Michael Johnson.  
isolinux/initrd.img:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
  Eric Hameleers and I did a bit more work on the NFS installer (in the
  install.* rootdisks below, too).  Now installing via NFS will attempt
  to mount the root of the Slackware tree first, rather than only the
  /slackware directory within.  This (if successful), allows choosing
  a kernel to install later on, just like installing from CD, DVD, or
  hard drive.  If it doesn't work (perhaps only /slackware is exported)
  then the installer will fall back on the traditional behavior.
  Thanks to everyone who suggested this idea from time to time, and
  thanks to Eric for finally making it happen.
isolinux/network.dsk:  Upgraded network modules to Linux 2.4.33.3.
isolinux/pcmcia.dsk:  Upgraded pcmcia modules to Linux 2.4.33.3.
rootdisks/install.1:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
rootdisks/install.2:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
rootdisks/install.zip:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
rootdisks/network.dsk:  Upgraded network modules to Linux 2.4.33.3.
rootdisks/pcmcia.dsk:  Upgraded pcmcia network modules to Linux 2.4.33.3.
  I can be off topic here, right?
  BIG congratulations to my little sister Jennifer on the birth of her
  daughter Abigail Jane.  Mazel Tov!  :-)
+--------------------------+
Tue Aug 29 06:24:26 CDT 2006
a/util-linux-2.12r-i486-4.tgz:  Fixed incorrect permissions on /var/lock.
  Thanks to Steven Robson.
f/linux-howtos-20060829-noarch-1.tgz:  Updated the HOWTOs again.  I guess back
  in February this must have been looking ready to release.  ;-)
  Thanks to Szymczak Artur for noticing the HOWTOs were stale.
x/x11-6.9.0-i486-10.tgz:  Reverted the ATI hang patch after problem reports.
  If you were helped by the patch it'll be held in /extra for the release so
  that hopefully everyone can enjoy a working ATI card.  :-)
  Thanks again to Mark Canter, as this is a real problem but the patch does
  seem to introduce some new issues of its own.  It's good to have an
  alternate driver just in case, though.
x/x11-devel-6.9.0-i486-10.tgz:  Recompiled.
x/x11-xdmx-6.9.0-i486-10.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-10.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-10.tgz:  Recompiled.
extra/slackpkg/slackpkg-2.09-noarch-1.tgz:  Upgraded to slackpkg-2.09-noarch-1.
  Thanks to Piter Punk.
extra/x11-radeon-patched/x11-radeon-patched-6.9.0-i486-1.tgz:
  Here's the patched radeon module from the -9 X.Org Slackware packages.
  There's a README file included with it explaining what it is for with
  references to a discussion of the issue.
isolinux/initrd.img:  Fixed an installer bug where setup would ask which
  swap partitions you'd like to use and then conveniently set them all up
  for you if you selected at least one.  Thanks to DEF.
rootdisks/install.1:  Fixed a bug where libraries that were moved to install.2
  to make space on install.1 were needed by /bin/mount.  Thanks to David Bray.
rootdisks/install.2:  Moved a couple of libraries to install.1.
  Fixed installer swap bug.
rootdisks/install.zip:  Fixed installer swap bug.
+--------------------------+
Sun Aug 27 05:36:53 CDT 2006
ap/vim-7.0.066-i486-2.tgz:  Use the default vanilla system vimrc as distributed
  with the vim sources.  Thanks to J for mentioning that using vim with
  'crontab -e' was working fine without any additions to the vimrc.
d/m4-1.4.6-i486-1.tgz:  Upgraded to m4-1.4.6.
l/libpng-1.2.12-i486-2.tgz:  Recompiled so that libpng.so.* links to libz and
  libm.  This has been a point of contention for a long time with the PNG folks
  maintaining that you shouldn't have to link libpng this way.  Well, just
  about everyone else builds libpng to link with -lz and -lm automatically,
  but I've held my ground along with the PNG team (usually I will defer to
  upstream and will send people there with these kinds of requests).  Today
  Janusz Dziemidowicz pointed out that if you build libpng with ./configure
  that now it *is* linking to these.  Good enough reason to end this problem
  right now.  Thanks Janusz, for pointing out that discrepancy and sending in
  a patch.  :-)
n/irssi-0.8.10a-i486-4.tgz:  Removed duplicates and unformatted files from
  docs/help directory.  Thanks to James Michael Fultz.
x/dejavu-ttf/dejavu-ttf-2.9-noarch-1.tgz:  Upgraded to dejavu-ttf-2.9.
  Moved from /extra into the X series.
  Thanks to the DejaVu team (http://dejavu.sf.net) for the superb work.
x/fontconfig-2.2.3-i486-2.tgz:  Patched /etc/fonts.conf to favor the DejaVu
  fonts over the Vera ones if they are present on the machine.  US English
  users should notice only minor (if any) differences with this patch,
  but other users could see their language displayed properly out-of-the box
  for the first time.  :-)
x/x11-6.9.0-i486-9.tgz:  Patched a PCF font parsing bug that could crash X.
  Fixed the Greek keyboard layout.  Thanks to Thanos Kyritsis.
  Fixed ATI lockup bugs.  Thanks to Mark Canter.
x/x11-devel-6.9.0-i486-9.tgz:  Recompiled.
x/x11-xdmx-6.9.0-i486-9.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-9.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-9.tgz:  Recompiled.
xap/seamonkey-1.0.4-i486-3.tgz:  Fixed world-writable docs.
  Thanks to Piter Punk for pointing those out.
xap/vim-gvim-7.0.066-i486-2.tgz:  Recompiled.
extra/lvm2/device-mapper-1.02.09-i486-1.tgz:  Upgraded to
  device-mapper-1.02.09, moved out of /testing.
extra/lvm2/lvm2-2.02.09-i486-1.tgz:  Upgraded to LVM-2.02.09,
  moved out of /testing.
extra/php5/php-5.1.6-i486-1.tgz:  Upgraded to php-5.1.6,
  moved out of /testing.
+--------------------------+
Fri Aug 25 04:35:22 CDT 2006
Here is Slackware 11.0 release candidate 3.  I think most of the irresistible
  upgrades are in here now, and the bug reports have been mostly handled.
  There may still be a few changes, and possibly another release candidate,
  but this is pretty close to final with the exception of updating
  documentation and building ZipSlack.  Thanks very much to everyone who is
  helping to test these release candidates -- I think this is going to be a
  very up to date and stable release.  :-)
a/glibc-solibs-2.3.6-i486-5.tgz:  Patched an issue with kernel version parsing
  in ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version
  parts (such as 2.4.33.2) as if they supported NPTL, leading to a crash
  at boot.
a/glibc-zoneinfo-2.3.6-noarch-5.tgz:  Updated timezone information from
  tzdata2006j.
a/kernel-ide-2.4.33.2-i486-1.tgz:  Upgraded to 2.4.33.2 sata.i kernel.
  Enabled support for OOM killer and HIGHMEM4G.
a/kernel-modules-2.4.33.2-i486-1.tgz:  Upgraded to Linux 2.4.33.2 modules.
a/udev-097-i486-6.tgz:  Restore ttyUSB access to members of the tty group.
  Thanks to Eugene Crosser.
  In rc.udev, ignore lines that start with '#'.
  Thanks to Ian Bates.
  Removed hostap and hostap_cs dupes from blacklist.
  Thanks to giovanni quadriglio.
  Patched rc.optical-symlinks to avoid error messages with real SCSI devices
  and the SCSI generic driver.
  Thanks to Lorenzo Buzzi.
ap/lm_sensors-2.10.0-i486-1.tgz:  Added lm_sensors-2.10.0, which contains the
  libsensors library that KDE can use for hardware status monitoring.
ap/vim-7.0.066-i486-1.tgz:  Upgraded to vim 7.0.066.
  Added reasonable default vimrc if none exists.  Thanks to Eric Hameleers.
xap/vim-gvim-7.0.066-i486-1.tgz:  Upgraded to gvim 7.0.066 (requires vim).
d/kernel-headers-2.4.33.2-i386-1.tgz:  Upgraded to Linux 2.4.33.2 headers.
d/perl-5.8.8-i486-2.tgz:  Upgraded to DBD-mysql-3.0006 and DBI-1.52.
  Eugene Crosser reported that DBD compiled against an older version of
  libmysqlclient no longer worked without a recompile.  Just to be on the
  safe side, everything linked with libmysqlclient is getting recompiled.
d/pkgconfig-0.21-i486-2.tgz:  Export PKG_CONFIG_PATH.
k/kernel-source-2.4.33.2-noarch-1.tgz:  Upgraded to Linux 2.4.33.2 source.
  Enabled support for OOM killer and HIGHMEM4G in default .config.
kde/amarok-1.4.2-i486-1.tgz:  Upgraded to amarok-1.4.2.
kde/kdebase-3.5.4-i486-6.tgz:  Recompiled to use libsensors with ksysguardd.
  Fixed location of kdeglobals, removed font defaults but kept the
  anti-aliasing fixes.
kde/koffice-1.5.2-i486-3.tgz:  Recompiled against libmysqlclient and libruby.
kde/qt-3.3.6-i486-3.tgz:  Recompiled against libmysqlclient, added symlink
  in /usr/lib/pkgconfig to qt-mt.pc.
l/alsa-driver-1.0.11_2.4.33.2-i486-1.tgz:  Recompiled for Linux 2.4.33.2.
l/glibc-2.3.6-i486-5.tgz:  Patched an issue with kernel version parsing in
  ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version parts
  (such as 2.4.33.2) as if they supported NPTL, leading to a crash at boot.
  Added sa_IN and ru_RU.CP1251 locale support.
  Updated timezone information from tzdata2006j.
  Updated timezone utilities from tzcode2006j.
l/glibc-i18n-2.3.6-noarch-5.tgz:  Rebuilt.
  Added sa_IN and ru_RU.CP1251 locale support.
l/glibc-profile-2.3.6-i486-5.tgz:  Recompiled.
l/libmusicbrainz-2.1.4-i486-1.tgz:  Upgraded to libmusicbrainz-2.1.4.
l/libvisual-0.4.0-i486-1.tgz:  Added libvisual-0.4.0.  Just the library for
  now (no plugins), but this should make it much easier to compile and use
  audio visualization plugins without having to recompile amaroK.
n/bitchx-1.1-i486-4.tgz:  Recompiled against libmysqlclient.
n/openldap-client-2.3.27-i486-1.tgz:  Upgraded to openldap-client-2.3.27.
n/php-4.4.4-i486-2.tgz:  Recompiled against libmysqlclient.
t/tetex-3.0-i486-4.tgz:  Recompiled against new LessTif to stop warnings
  from xdvi.
t/tetex-doc-3.0-i486-4.tgz:  Rebuilt.  Moved info pages to /usr/info.
  Thanks to Kris Karas for pointing out the misplaced info pages.
xap/gimp-2.2.13-i486-1.tgz:  Upgraded to gimp-2.2.13.
extra/3dfx-glide/*:  Removed, as it most likely doesn't work.
extra/k3b/k3b-0.12.17-i486-1.tgz:  Upgraded to k3b-0.12.17.
extra/k3b/k3b-i18n-0.12.17-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.17.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.2-i486-1.tgz:
  Recompiled for Linux 2.4.33.2.
extra/slackpkg/slackpkg-2.08-noarch-3.tgz:  Upgraded to slackpkg-2.08-noarch-3.
  Thanks to Piter Punk.
bootdisks/*:  Upgraded to Linux 2.4.33.2 kernels.
isolinux/initrd.img:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
isolinux/network.dsk:  Upgraded network modules to Linux 2.4.33.2.
isolinux/pcmcia.dsk:  Upgraded pcmcia modules to Linux 2.4.33.2.
rootdisks/install.1:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
rootdisks/install.2:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
rootdisks/install.zip:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
rootdisks/network.dsk:  Upgraded network modules to Linux 2.4.33.2.
rootdisks/pcmcia.dsk:  Upgraded pcmcia network modules to Linux 2.4.33.2.
kernels/*:  Upgraded to Linux 2.4.33.2 kernels, except the huge.s kernel.

After much thought and consultation with developers, it has been decided to
move 2.6.17.x out of /testing and into /extra.  It runs stable by all reports,
has better wireless support, and is not going to be stale as soon.  In
addition, HIGHMEM4G has been enabled.  This caused no problems with my old
486 with 24MB (the one I use for compiling KDE ;-), and Tomas Matejicek has
enabled this in SLAX for a long time with no reports of problems, so I
believe it is a safe option (and is needed by many modern machines).
Thanks again to Andrea for building these kernels and packages.  :-)

kernels/huge26.s/*:  Upgraded huge26.s kernel to 2.6.17.11.
extra/linux-2.6.17.11/kernel-generic-2.6.17.11-i486-1.tgz:
  Upgraded to Linux 2.6.17.11 generic kernel.
extra/linux-2.6.17.11/kernel-headers-2.6.17.11-i386-1.tgz:
  Upgraded to Linux 2.6.17.11 kernel headers.
extra/linux-2.6.17.11/kernel-modules-2.6.17.11-i486-1.tgz
  Upgraded to Linux 2.6.17.11 kernel modules.
  Load PC speaker support in rc.modules.  Thanks to NetrixTardis.
extra/linux-2.6.17.11/kernel-source-2.6.17.11-noarch-1.tgz
  Upgraded to Linux 2.6.17.11 kernel source.

testing/packages/cairo-1.2.4-i486-1.tgz:  Added cairo-1.2.4.
testing/packages/fontconfig-2.3.95-i486-1.tgz:  Added fontconfig-2.3.95.
testing/packages/php-5.1.5/php-5.1.5-i486-2.tgz:  Recompiled against
  libmysqlclient.
+--------------------------+
Tue Aug 22 15:10:35 CDT 2006
a/shadow-4.0.3-i486-13.tgz:  Fixed deprecated root:bin ownerships.
  Thanks to Stuart Winter.
a/util-linux-2.12r-i486-3.tgz:  Fixed file permissions and ownerships in
  /usr/doc.  Thanks to Stuart Winter.
+--------------------------+
Mon Aug 21 14:54:08 CDT 2006
a/udev-097-i486-5.tgz:  Fixed check in rc.udev for 2.6.15+ kernel.
  Thanks to Richard Fuller for the fix.
+--------------------------+
Sun Aug 20 23:45:58 CDT 2006
a/gpm-1.20.1-i486-2.tgz:  Patched to send all non-critical error messages to
  the system logs rather than to the console.
a/pkgtools-11.0.0-i486-2.tgz:  Merged in some more xorgsetup patches from
  Irfan Acar, Daniil Bratashov, and Piter Punk.
a/shadow-4.0.3-i486-12.tgz:  Patched for gcc-3.4.x.
  Thanks to Dominik L. Borkowski for the patch.
  Removed spurious id.1.gz manpage.  Thanks to Cal Peake.
  Removed obsolete options from the passwd program.
a/sysvinit-2.84-i486-66.tgz:  In rc.M, fixed the nohotplug cmdline option.
  Thanks to Eric Hameleers.
  Sleep for a couple seconds after shutting down dhcpcd in rc.6 to allow time
  for various files in /etc to restore themselves.  Thanks to Cal Peake.
  Don't try to mount usbfs if it's in /proc/mounts already.
a/tar-1.15.1-i486-2.tgz:  Patched to be less strict about the option order.
  Thanks to Jonathan A. Irwin for sending me a patch from Sergey Poznyakoff.
a/udev-097-i486-4.tgz:  Changed default udev log level from err to crit.
  Refuse to run udev unless the kernel is 2.6.15+.  Thanks to Sean Donner.
a/util-linux-2.12r-i486-2.tgz:  Added schedutils-1.5.0 which is apparently due
  to be merged into util-linux upstream sometime soon anyway.
  Thanks to Jonathan Woithe for the suggestion.
ap/diffutils-2.8.1-i486-2.tgz:  Patched a bug in sdiff.
  Thanks to James Michael Fultz for the patch and improved build script.
ap/vim-7.0.063-i486-1.tgz:  Upgraded to vim 7.0.063.
  Removed unpopular libruby dependency.  :-)
e/emacs-21.4a-i486-3.tgz:  Avoid a package file overlap between Emacs ctags and 
  Exuberant Ctags.  Thanks to Michal Kowalski for pointing it out.
kde/kdebase-3.5.4-i486-5.tgz:  Added /opt/kde/share/kdeglobals to set the Vera
  fonts with anti-aliasing enabled as the defaults.
xap/seamonkey-1.0.4-i486-2.tgz:  Added /usr/lib/seamonkey -> 
  /usr/lib/seamonkey-1.0.4 symlink.  Thanks to Tsomi.
xap/vim-gvim-7.0.063-i486-1.tgz:  Upgraded to vim 7.0.063.
  Removed unpopular libruby dependency.  :-)
extra/checkinstall/checkinstall-1.6.0-i486-2.tgz:  Fixed 640 perms on FAQ.
  Thanks to Michael Iatrou.
rootdisks/pcmcia.dsk,isolinux/pcmcia.dsk:  Added ide-cs module.
  Requested by Zack Smith.
+--------------------------+
Sat Aug 19 23:58:27 CDT 2006
This is mostly frozen now unless bugs (or irresistible upgrades) come up, so
I'll call this update Slackware 11.0 release candidate 2.  :-)
a/kernel-ide-2.4.33-i486-2.tgz:
  Switched to the sata.i kernel which supports both parallel and serial ATA.
a/kernel-modules-2.4.33-i486-2.tgz:  Recompiled.
  Upgraded to Linux 2.4.33 kernel modules.
d/pkgconfig-0.21-i486-1.tgz:  Upgraded to pkg-config-0.21.
  Set the PKG_CONFIG_PATH to search in /usr/local/lib/pkgconfig and
  /opt/kde/lib/pkgconfig, too.  Thanks, Seb!
d/kernel-headers-2.4.33-i386-2.tgz:  Rebuilt.
k/kernel-source-2.4.33-noarch-2.tgz:
  Updated the default .config to include SATA support.
  Oh, and yes I did see 2.4.33.1.  Thanks for letting me know ;-), but that
  kernel does not seem to be booting here so I'll stick with 2.4.33 for now.
l/alsa-driver-1.0.11_2.4.33-i486-2.tgz:  Recompiled.
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.4.33.
bootdisks/sata.i:  Rebuilt.
bootdisks/speakup.s:  Added SATA support.
kernels/huge26.s/*:  Recompiled.
kernels/sata.i/*:  Recompiled.
kernels/speakup.s/*:  Added SATA support.
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.17.9.
To be consistent, bumped the build number on all of the 2.6.16.27 packages to -5.
extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-5.tgz:
  Recompiled.
extra/linux-2.6.16.27/kernel-generic-2.6.16.27-i486-5.tgz:
  Recompiled.
extra/linux-2.6.16.27/kernel-headers-2.6.16.27-i386-5.tgz:
  Rebuilt.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-5.tgz:
  Enabled CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK option so that
  Piotr Wierzchowski's Thinkpad will run cooler and use less power.  :-)
extra/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-5.tgz:
  Rebuilt with CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK=y in .config.
extra/slackpkg/slackpkg-2.08-noarch-2.tgz:  Upgraded to slackpkg-2.08-noarch-2.
  Thanks to Piter Punk.
testing/packages/linux-2.6.17.9/kernel-generic-2.6.17.9-i486-1.tgz:
  Upgraded to Linux 2.6.17.9 generic kernel.
testing/packages/linux-2.6.17.9/kernel-headers-2.6.17.9-i386-1.tgz:
  Upgraded to Linux 2.6.17.9 kernel headers.
testing/packages/linux-2.6.17.9/kernel-modules-2.6.17.9-i486-1.tgz
  Upgraded to Linux 2.6.17.9 kernel modules.
testing/packages/linux-2.6.17.9/kernel-source-2.6.17.9-noarch-1.tgz
  Upgraded to Linux 2.6.17.9 kernel source.
  Thanks to Andrea for building the 2.6.17.9 kernels.
rootdisks/install.1:  Updated.  Thanks to Cal Peake for the idea about how to
  improve the setup of swap partitions.
  Updated most of the binaries on the installer, but not busybox.  It seems
  to be working fine, and the idea of messing with it now scares me.  ;-)
rootdisks/install.2:  Updated.
rootdisks/install.zip:  Updated.
rootdisks/network.dsk:  Fixed to probe for tg3 cards.
  Thanks to Eric Hameleers and Bruce Hill, Jr.
  Fixed module probing to work with 2.6 modules.  Thanks to Piter Punk.
+--------------------------+
Fri Aug 18 00:20:46 CDT 2006
a/aaa_elflibs-11.0.0-i486-8.tgz:  Upgraded to the mm-1.4.2 library, patched
  libtiff, upgraded to pcre-6.7 libraries, and included the recompiled
  cups-1.1.23 and slang libraries.
a/cups-1.1.23-i486-4.tgz:  Fixed broken es and fr man page symlinks.
d/git-1.4.2-i486-1.tgz:  Upgraded to git-1.4.2.
kde/kdenetwork-3.5.4-i486-2.tgz:  Patched a bug in kopete that could freeze
  KDE under certain circumstances.  Thanks to JaguarWan and Olivier Goffart.
l/libtiff-3.8.2-i486-2.tgz:  Patched vulnerabilities in libtiff which were
  found by Tavis Ormandy of the Google Security Team.  These issues could
  be used to crash programs linked to libtiff or possibly to execute code
  as the program's user.  A low risk command-line overflow in tiffsplit was
  also patched.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
  (* Security fix *)
l/mm-1.4.2-i486-1.tgz:  Upgraded to mm-1.4.2.
l/pcre-6.7-i486-1.tgz:  Upgraded to pcre-6.7.
l/slang-2.0.6-i486-2.tgz:  Fixed uncompressed manpage.
n/php-4.4.4-i486-1.tgz:  Upgraded to php-4.4.4.
  Some of the security issues fixed in this release include:
    * Added missing safe_mode/open_basedir checks inside the error_log(),
      file_exists(), imap_open() and imap_reopen() functions.
    * Fixed possible open_basedir/safe_mode bypass in cURL extension.
    * Fixed a buffer overflow inside sscanf() function.
  (* Security fix *)
testing/packages/cups-1.2.2/cups-1.2.2-i486-2.tgz:
  Removed /usr/man/man8/disable.8.gz symlink.
testing/packages/php-5.1.5/php-5.1.5-i486-1.tgz:
  Upgraded to php-5.1.5.
  Some of the security issues fixed in this release include:
    * Added missing safe_mode/open_basedir checks inside the error_log(),
      file_exists(), imap_open() and imap_reopen() functions.
    * Fixed possible open_basedir/safe_mode bypass in cURL extension and on
      PHP 5 with realpath cache.
    * Fixed a buffer overflow inside sscanf() function.
  (* Security fix *)
kernels/sata.i/:  Recompiled with Silicon Image PATA support.  (there was
  a conflict before with this and the Sil SATA driver but it was fixed)
+--------------------------+
Wed Aug 16 19:11:39 CDT 2006
a/aaa_base-11.0.0-noarch-1.tgz:  Added /usr/share/info -> ../info symlink.
  Bumped /etc/slackware-version number to 11.0.0.
  Changed version number (but little else yet) in initial email.
a/hotplug-2004_09_23-noarch-10.tgz:  Corrected typo in rc.hotplug.
  Thanks to Willy Sudiarto Raharjo.
a/pcmcia-cs-3.2.8-i486-3.tgz:  Commented out line in config.opts for old
  Webgear wireless card.
  chmod 644 /etc/pcmcia/*.opts.
a/pcmciautils-014-i486-2.tgz:  Commented out line in config.opts for old
  Webgear wireless card.
  Moved man pages to /usr/man/man8, compressed with gzip.
a/sysvinit-2.84-i486-65.tgz:  Don't run /lib/udev/rc.optical-symlinks in a
  login shell, since the bug that required that kludge is now fixed.
a/udev-097-i486-3.tgz:  Patched rc.optical-symlinks to be locale friendly.
  Thanks to everyone who reported the bug, and to Michiel Broek and
  Eric Hameleers for sending in patches.
  Updated comments and removed obsolete options in udev.conf.
  Thanks to Jakub Jankowski.
  Removed /dev/loop0 and /dev/rtc from udev-script-devices.tar.gz.
l/gd-2.0.33-i486-1.tgz:  Added gd-2.0.33.
  Suggested by Cal Peake.
l/libidn-0.6.5-i486-1.tgz:  Upgraded to libidn-0.6.5.
  Suggested by Piotr Simon.
n/nfs-utils-1.0.10-i486-2.tgz:  On 2.6.x kernels, mount nfsd in rc.nfsd.
  Thanks to Piter Punk, Leonardo Roman, and George Iosif for the suggestion.
n/wireless-tools-28-i486-3.tgz:  Fixed rc.wireless which contained a few ^M
  that broke it.  I think I did this saving the patch with my mailer -- sorry
  about that.
xap/gnuplot-4.0.0-i486-2.tgz:  Recompiled against new gd-2.0.33 package.
  Thanks to Michael Iatrou for the suggestion.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33-i486-1.tgz:  Recompiled
  kernel modules for Linux 2.4.33.
+--------------------------+
Tue Aug 15 21:45:53 CDT 2006
a/genpower-1.0.5-i486-1.tgz:  Upgraded to genpower-1.0.5.
  Thanks to Bernd Noessler for letting me know about this -- freshmeat.net
  still points to a much older version of genpower.
a/less-394-i486-1.tgz:  Upgraded to less-394.  Thanks to Haakon Riiser for
  suggesting this and confirming that less-394 is an official stable release.
  Added RAR support to lesspipe.sh.  Thanks to Manolis Tzanidakis.
a/sysvinit-2.84-i486-64.tgz:  In rc.M, check better for udev before running
  rc.optical-symlinks, and run the script in a login shell which might fix the
  error "-bash: let: expression expected" that some people have reported.
  Thanks to Michiel Broek for the hint about using a login shell.
ap/mt-st-0.9b-i486-1.tgz:  Upgraded to mt-st-0.9b.
  Thanks to Stuart Winter.
d/git-1.4.1.1-i486-2.tgz:  Replaced hard links with symbolic links, since
  Stuart Winter hates hard links.  (I hope he doesn't find the other ones! ;-)
  Thanks to Stuart Winter for the patch.
kde/kdebase-3.5.4-i486-4.tgz:  Patched a bug in ksystraycmd.
  Thanks to Dirk Mueller for the patch.
n/wireless-tools-28-i486-2.tgz:  Patched rc.wireless for ESSIDs with spaces.
  Thanks to Bruneel Micha?l and Eric Hameleers.
xap/imagemagick-6.2.8_8-i486-2.tgz:  Reverted to ImageMagick-6.2.8-8 since
  the "display" program in ImageMagick-6.2.9-0 crashes.
  Thanks to Tomasz Luczak for the bug report.
+--------------------------+
Tue Aug 15 01:20:55 CDT 2006
a/devs-2.3.1-noarch-24.tgz:  Added udev-style /dev/md/* devices to save people
  who boot between 2.4.x and 2.6.x kernels some trouble.
  Thanks to Mircea Baciu for pointing out this possibility.
  Note:  Upgrading the devs package while running udev will NOT work.
a/sysvinit-2.84-i486-63.tgz:  Patched rc.4 to check both /usr/bin and /usr/sbin
  for gdm.  Thanks to Scott J. Harmon.
  Added a warning in rc.S that if you make an rc.modules.local that the other
  rc.modules script(s) will not be run.
  Don't try to start udev if sysfs and tmpfs are not in the kernel.
  Use grep '-q' option instead of '> /dev/null' in many places.
a/udev-097-i486-2.tgz:  Don't run rc.udev if tmpfs is not in the kernel.
  Thanks to Gunnar Florus Johansen.
ap/sysstat-7.0.0-i486-1.tgz:  Added sysstat-7.0.0.
  Suggested by grk wng and Jesper Juhl.
n/iproute2-2.6.16_060323-i486-1.tgz:  Upgraded to iproute2-2.6.16-060323.
n/nfs-utils-1.0.10-i486-1.tgz:  Upgraded to nfs-utils-1.0.10.
t/xfig-3.2.4-i486-1.tgz:  Upgraded to xfig-3.2.4.
  Thanks to Daniil Bratashov for the initial SlackBuild script.
xap/gimp-2.2.12-i486-3.tgz:  Fixed icon path in gimp-2.2.desktop.
  Thanks to Nikos Skalkotos for the bug report.
xap/imagemagick-6.2.9_0-i486-1.tgz:  Upgraded to imagemagick-6.2.9-0.
extra/slackpkg/slackpkg-2.07-noarch-5.tgz:  Upgraded to slackpkg-2.07-noarch-5.
  Thanks to Piter Punk.
+--------------------------+
Mon Aug 14 02:23:30 CDT 2006
There are still a few changes yet to happen, but let's call this 
  Slackware 11.0 release candidate 1.  :-)
a/glibc-solibs-2.3.6-i486-4.tgz:  Recompiled.
a/glibc-zoneinfo-2.3.6-noarch-4.tgz:  Updated to tzcode2006i and tzdata2006g.
a/kernel-ide-2.4.33-i486-1.tgz:  Upgraded to Linux 2.4.33 bare.i kernel.
a/kernel-modules-2.4.33-i486-1.tgz:  Upgraded to Linux 2.4.33 kernel modules.
a/udev-097-i486-1.tgz:  Upgraded to udev-097.
  Updated the rc.optical-symlinks script.
  Added locking to cdrom-symlinks.sh and nethelper.sh scripts to avoid race
  conditions at boot time.  Thanks to Piter Punk.
  Fixed bugs in rc.udev where the script attempts to mount devpts and usbfs
  even if they are already mounted.  Thanks to Gunnar Florus Johansen.
d/kernel-headers-2.4.33-i386-1.tgz:  Upgraded to Linux 2.4.33 kernel headers.
k/kernel-source-2.4.33-noarch-1.tgz:  Upgraded to Linux 2.4.33 kernel source.
l/alsa-driver-1.0.11_2.4.33-i486-1.tgz: Upgraded to alsa-driver compiled
  for Linux 2.4.33.
l/glibc-2.3.6-i486-4.tgz:  Recompiled against Linux 2.4.33 and 2.6.16.27
  kernel headers.
l/glibc-i18n-2.3.6-noarch-4.tgz:  Rebuilt.
l/glibc-profile-2.3.6-i486-4.tgz:  Recompiled.
l/jre-1_5_0_08-i586-1.tgz:  Upgraded to Java(TM) 2 Platform Standard Edition
  Runtime Environment Version 5.0, Release 8.
n/tcpip-0.17-i486-38.tgz:  Upgraded to ethtool-4.
  Upgraded to tftp-0.42.
  Relinked /bin/ftp with correct libreadline.  Thanks to Udo A. Steinberg.
extra/jdk-1.5.0_08/jdk-1_5_0_08-i586-1.tgz:  Upgraded to Java(TM) 2
  Platform Standard Edition Development Kit Version 5.0, Release 8.
bootdisks/*:  Upgraded to Linux 2.4.33 kernels.
isolinux/initrd.img:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.
isolinux/network.dsk:  Upgraded network modules to Linux 2.4.33.
isolinux/pcmcia.dsk:  Upgraded pcmcia modules to Linux 2.4.33.
kernels/*:  Upgraded 2.4.x kernels to Linux 2.4.33 kernels.
rootdisks/install.1:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.
rootdisks/install.2:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.
rootdisks/install.zip:  Upgraded USB/IEEE1394 modules to Linux 2.4.33.
rootdisks/network.dsk:  Upgraded network modules to Linux 2.4.33.
rootdisks/pcmcia.dsk:  Upgraded pcmcia modules to Linux 2.4.33.
+--------------------------+
Sat Aug 12 01:14:17 CDT 2006
a/hotplug-2004_09_23-noarch-9.tgz: Skip rc.hotplug if a new enough udev
  is running on a 2.6 kernel.  No wonder the boot time didn't seem faster!  :-)
a/sysvinit-2.84-i486-62.tgz: If udev hasn't made /dev/cdrom and other symlinks,
  call a script from rc.M to make them.
  Added support to rc.K and rc.6 for an /etc/rc.d/rc.local_shutdown script.
  Thanks to Robert Boucher for the idea.
  Rob McGee and others have made similar requests before...  thanks to all!
a/udev-096-i486-4.tgz:  Generate network card naming rules in
  /etc/udev/rules.d/network-devices.rules, but comment them out.  I think
  these additions are not quite reliable enough in all cases to be the default
  for the Slackware 11 release (of course, you have udev occasionally detecting
  multiple network cards in a different order, and so on some router machines
  these rules will be needed).  Or, you could run a 2.4.x kernel. ;-)
  If your system is naming network devices strangely you should delete your
  existing /etc/udev/rules.d/network-devices.rules and reboot.  If that doesn't
  do the trick you'll probably need to edit the file.
  Instead of having udev make the CD/DVD symlinks, have a new script called
  /lib/udev/rc.optical-symlinks do it.  If you'd rather use Piter Punk's method
  (which works better for hotplugging USB optical drives, for example), then
  just comment/uncomment the appropriate rules in /etc/udev/rules.d/udev.rules.
n/whois-4.7.15-i486-1.tgz:  Upgraded to whois-4.7.15.
  Thanks to Gianluca Varisco for pointing out the new release.
xap/gimp-2.2.12-i486-2.tgz:  Fixed broken gimptool man page symlink.
+--------------------------+
Fri Aug 11 03:18:18 CDT 2006
a/aaa_elflibs-11.0.0-i486-7.tgz:  Fixed libmm perms and location.
  Thanks to Fred Emmott.
  Upgraded libmm to 1.4.1.
  Reverted to CUPS libraries from 1.1.23.
a/cups-1.1.23-i486-3.tgz:  Reverted to cups-1.1.23 due to some applications
  needing time to adjust to no longer having access to the private CUPS
  functions.  ;-)  See below for more info.
a/etc-5.1-noarch-13.tgz:  Upgraded /etc/services to include IPP (for CUPS) and
  other new services.  Thanks to Christophe Legras for reminding me to upgrade
  this file, and to Two Beans for mailing me a more recent copy.
l/hicolor-icon-theme-0.9-noarch-2.tgz:  Fixed slack-desc typo.
  Reported by Willy Sudiarto Raharjo.
l/mm-1.4.1-i486-1.tgz:  Upgraded to mm-1.4.1.
  Looks like libmm was split out of the Apache package just in time.  ;-)
n/samba-3.0.23b-i486-2.tgz:  Recompiled against CUPS 1.1.23.
n/sendmail-8.13.8-i486-2.tgz:  Recompiled with DBROKEN_PTHREAD_SLEEP defined
  in site.config.m4, which fixes a problem with libmilter.a that can cause
  sendmail milters to be unstable.  Thanks to Jan Rafaj for reporting this
  bug, the fix, and for testing the problem so throughly.
n/sendmail-cf-8.13.8-noarch-2.tgz:  Rebuilt.
n/tcpip-0.17-i486-37.tgz:  Removed redundant copy of /etc/services.
testing/packages/cups-1.2.2/cups-1.2.2-i486-1.tgz:  It seems as if KDE might
  still not be 100% ready for CUPS 1.2.x, so we're going to move this into
  /testing again for the release, but by all means use it if it works for you.
  It did mostly work here, but the problems with using it with KDE are also
  reproducable.  Thanks to Thomas Hansl?k for the information.  Anyway, I had
  my suspicions that *something* was going to have linked with private CUPS
  functions or that this might break something in some way, but I also knew
  this package would get better testing in slackware/a than in /testing.  :-)
  So, now we know that it's probably safer to wait on cups-1.2.x.
  Thomas also mentioned a workaround -- editing cupsd.conf to comment
  out this line:
    # Listen /var/run/cups/cups.sock
+--------------------------+
Thu Aug 10 02:07:10 CDT 2006
a/aaa_elflibs-11.0.0-i486-6.tgz:  Added libmm.
a/pkgtools-11.0.0-i486-1.tgz:  Fixed xwmconfig to only recommend installed
  window managers.  Thanks to Leandro Toledo.
Merged in patches for xorgsetup to support choosing a keyboard model, layout,
  variant, and even automatically configuring a mouse scroll wheel!  :-)
  Thanks to Ismael Cortes for the patches.
l/gnome-icon-theme-2.14.2-noarch-1.tgz:  Added gnome-icon-theme-2.14.2.  It
  seems that GTK+ applications such as Thunderbird use these, not just GNOME.  
l/gtk+2-2.8.20-i486-1.tgz:  Upgraded to gtk+-2.8.20.
l/hicolor-icon-theme-0.9-noarch-1.tgz:  Added hicolor-icon-theme-0.9.
l/mm-1.4.0-i486-1.tgz:  Moved mm library out of the Apache package so that apps
  such as the standalone PHP interpreter can use it without installing Apache.
  Thanks to Robert Easter for the suggestion.
l/shared-mime-info-0.18-i486-1.tgz:  Upgraded to shared-mime-info-0.18.
n/apache-1.3.37-i486-2.tgz:  Removed mm-1.4.0 from the build directory and
  recompiled against the system mm package.  This now depends on having the
  mm package from the L series installed.
n/lftp-3.5.4-i486-1.tgz:  Upgraded to lftp-3.5.4.
n/sendmail-8.13.8-i486-1.tgz:  Upgraded to sendmail-8.13.8.
  That's what I get for trying to patch 8.13.7 myself last night.  ;-)
n/sendmail-cf-8.13.8-noarch-1.tgz:  Upgraded to sendmail-8.13.8 configs.
x/x11-6.9.0-i486-8.tgz:  More updates to the i945gm chipset support.
  Thanks to Sergio A. Reyes-Peniche.
x/x11-devel-6.9.0-i486-8.tgz:  Recompiled and removed fontconfig manpages.
x/x11-xdmx-6.9.0-i486-8.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-8.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-8.tgz:  Recompiled.
xap/sane-1.0.18-i486-2.tgz:  Added /etc/udev/rules.d/libsane.rules.
  Thanks to David Somero for pointing out this file.
isolinux/initrd.img:  Merged in many installer patches from Stuart Winter.
pasture/:  Some cleanup...
rootdisks/install.1:  Rebuilt with installer patches.
rootdisks/install.2:  Rebuilt with installer patches.
rootdisks/install.zip:  Rebuilt with installer patches.
rootdisks/network.dsk:  Rebuilt with gcc-3.4.6 compiled modules.
rootdisks/pcmcia.dsk:  Rebuilt with gcc-3.4.6 compiled modules.
testing/packages/php-5.1.4/php-5.1.4-i486-3.tgz:  Recompiled with freetype.
  Fixed FastCGI by removing --enable-discard-path from CGI version.
  Added pdo_sqlite.so and sqlite.so modules.
+--------------------------+
Wed Aug  9 00:25:53 CDT 2006
a/aaa_elflibs-11.0.0-i486-5.tgz:  Added new CUPS libraries.
a/cups-1.2.2-i486-1.tgz:  Upgraded to cups-1.2.2.
a/hdparm-6.6-i486-1.tgz:  Upgraded to hdparm-6.6.
  Suggested by Janusz Dziemidowicz.
a/udev-096-i486-3.tgz:  In /etc/modprobe.d/blacklist, change module name from
  i810_tco to i8xx_tco.  Thanks to Janusz Dziemidowicz.
  Piter Punk also wants me to remind everyone that this udev package requires
  a 2.6.15+ kernel or it will not work.  ;-)
ap/mc-4.6.1-i486-2.tgz:  Fixed PHP syntax highlighting.
  Thanks to Georgi Chorbadzhiyski for the patch.
n/samba-3.0.23b-i486-1.tgz:  Upgraded to samba-3.0.23b.
n/sendmail-8.13.7-i486-2.tgz:  Applied two errata patches from sendmail.org.
  Thanks to Gerardo Exequiel Pozzi for pointing out these patches.
n/sendmail-cf-8.13.7-noarch-2.tgz:  Rebuilt.
x/x11-6.9.0-i486-7.tgz:  More updates to the i945gm chipset support.
  Thanks to Rapha?l Prevost for the updated patch.
x/x11-devel-6.9.0-i486-7.tgz:  Recompiled.
x/x11-xdmx-6.9.0-i486-7.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-7.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-7.tgz:  Recompiled.
+--------------------------+
Tue Aug  8 00:55:52 CDT 2006
a/aaa_elflibs-11.0.0-i486-4.tgz:  Added new version of libcurl.
a/etc-5.1-noarch-12.tgz:  Patched /etc/profile and /etc/csh.login to fix a bug
  where changing to another user with "su - someuser" would produce an error
  message such as "/dev/pts/2: Operation not permitted".
  Thanks to Menno Duursma for the fix.
a/findutils-4.2.28-i486-1.tgz:  Upgraded to findutils-4.2.28.
a/gawk-3.1.5-i486-3.tgz:  Patched a fieldwidths bug.
  Thanks to Fabiano Caixeta Duarte for a pointer to the patch.
a/lilo-22.7.1-i486-2.tgz:  Fixed a typo in liloconfig where installing to the
  MBR was mentioned twice.  Thanks to Keith McGavin for pointing this out.
a/udev-096-i486-2.tgz:  Added the psmouse module to /etc/modprobe.d/blacklist
  so that /etc/rc.d/rc.modules can load it using the option "proto=imps".
  This change restores the mouse options used in Slackware 10.2.  At least on
  my machine, the default module options render the mouse completely unusable,
  but feel free to remove the module from the blacklist or configure rc.modules
  to your liking if this is not the ideal default for your machine.  
ap/mdadm-2.5.3-i486-1.tgz:  Upgraded to mdadm-2.5.3.
  Thanks to James W. Laferriere and Gianluca Varisco for pointing this out.
kde/kdebase-3.5.4-i486-3.tgz:  Patched a bug involving external taskbars that
  expand as required to fit contents.  Thanks to Dirk Mueller for the patch.
n/curl-7.15.5-i486-1.tgz:  Upgraded to curl-7.15.5.
  Thanks to Gianluca Varisco for suggesting this upgrade.
n/dnsmasq-2.33-i486-1.tgz:  Upgraded to dnsmasq-2.33.
  Thanks to Gianluca Varisco for suggesting this upgrade.
n/ncftp-3.2.0-i486-2.tgz:  Fixed permissions in /usr/bin.
  Thanks to many who noticed this mistake.  ;-)
n/ntp-4.2.2p3-i486-1.tgz:  Upgraded to ntp-4.2.2p3.
  Thanks to James W. Laferriere for suggesting this upgrade.
x/x11-6.9.0-i486-6.tgz:  Added support for newer revisions of the
  i945gm chipset.  Thanks to Rapha?l Prevost for the patch.
x/x11-devel-6.9.0-i486-6.tgz:  Recompiled.
x/x11-xdmx-6.9.0-i486-6.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-6.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-6.tgz:  Recompiled.
There are a few reports that the newest udev is not friendly to some systems.
Well, that's progress for you -- it isn't always a smooth journey.  In most
cases the problems I've heard about could be fixed with a little bit of fine
tuning, such as blacklisting unwanted modules in /etc/modprobe.d/blacklist
and loading the desired replacements in /etc/rc.d/rc.modules.  However, in
case either of these older versions of udev worked better for you, they'll
be kept in /extra for a while as alternates.  Be aware that new kernels will
soon require the latest udev, though...
extra/udev-alternate-versions/udev-064-i486-2.tgz:  Added alternate udev-064.
extra/udev-alternate-versions/udev-071-i486-2.tgz:  Added alternate udev-071.
testing/packages/linux-2.6.17.8/kernel-generic-2.6.17.8-i486-1.tgz:
  Upgraded to Linux 2.6.17.8 generic kernel.
testing/packages/linux-2.6.17.8/kernel-headers-2.6.17.8-i386-1.tgz:
  Upgraded to Linux 2.6.17.8 kernel headers.
testing/packages/linux-2.6.17.8/kernel-modules-2.6.17.8-i486-1.tgz
  Upgraded to Linux 2.6.17.8 kernel modules.
testing/packages/linux-2.6.17.8/kernel-source-2.6.17.8-noarch-1.tgz
  Upgraded to Linux 2.6.17.8 kernel source.
  Thanks again to Andrea Volkerding for building the 2.6.17.8 kernels.
+--------------------------+
Mon Aug  7 01:43:38 CDT 2006
a/pcmciautils-014-i486-1.tgz:  Added pcmciautils-014, needed to configure PC
  cards on systems running 2.6.x kernels.
a/sysfsutils-2.0.0-i486-2.tgz:  Added missing libsysfs.so symlink.
a/sysvinit-2.84-i486-61.tgz:  Merged Piter Punk's changes for the new udev.
  Please make sure to move all the .new files in /etc/rc.d/ into place for
  this to work correctly!
a/udev-096-i486-1.tgz:  Upgraded to udev-096.
  Thanks to Piter Punk for his great work to get this just exactly perfect.
a/grep-2.5-i486-3.tgz:  Improved build script and rebuilt.  I considered using
  grep-2.5.1a, but found some problem reports concerning it and decided such
  an upgrade would be best left for the next -current.  There have been no
  bug reports here concerning grep-2.5, so I see no reason to fix that which
  does not appear to be broken.  It's more important to have a known to be
  stable grep than it is to have the latest version, IMHO.
a/pciutils-2.2.3-i486-2.tgz:  Fixed missing pci/types.h header file.
  Thanks to Konrad Rzepecki.
ap/man-pages-2.39-noarch-1.tgz:  Upgraded to man-pages-2.39.
n/lftp-3.5.3-i486-1.tgz:  Upgraded to lftp-3.5.3.
n/ncftp-3.2.0-i486-1.tgz:  Upgraded to ncftp-3.2.0.
n/popa3d-1.0.2-i486-1.tgz:  Upgraded to popa3d-1.0.2.
n/vsftpd-2.0.5-i486-1.tgz:  Upgraded to vsftpd-2.0.5.
xap/imagemagick-6.2.8_8-i486-1.tgz:  Upgraded to ImageMagick-6.2.8-8.
xap/sane-1.0.18-i486-1.tgz:  Upgraded to sane-backends-1.0.18.
extra/grub/grub-0.97-i486-2.tgz:  Upgraded to grubconfig-1.28.
+--------------------------+
Sat Aug  5 23:22:13 CDT 2006
a/usbutils-0.72-i486-1.tgz:  Upgraded to usbutils-0.72, patched to add
  back usbmodules since hotplug will need it for as long as the 2.4.x
  kernel is supported.
ap/mdadm-2.5.2-i486-1.tgz:  Upgraded to mdadm-2.5.2.
ap/mysql-5.0.24-i486-1.tgz:  Upgraded to mysql-5.0.24.
  Suggested by Willy Sudiarto Raharjo.
l/lesstif-0.95.0-i486-1.tgz:  Upgraded to lesstif-0.95.0.
  Suggested by Rene Huber.
xap/xpdf-3.01-i486-4.tgz:  Fixed a window resizing bug.
  Thanks to Luis for the patch.
+--------------------------+
Sat Aug  5 00:42:09 CDT 2006
a/aaa_elflibs-11.0.0-i486-3.tgz:  Added new versions of libattr and libacl.
  Added lib/libsysfs.so.2.0.0.
a/acl-2.2.39_1-i486-1.tgz:  Upgraded to acl-2.2.39-1.
a/attr-2.4.32_1-i486-1.tgz:  Upgraded to attr-2.4.32-1.
a/pciutils-2.2.3-i486-1.tgz:  Upgraded to pciutils-2.2.3.
  Thanks to Eric Hameleers for the encouragement.  :-)
a/pcmcia-cs-3.2.8-i486-2.tgz:  Patched /etc/rc.d/rc.pcmcia to work with either
  pcmcia-cs or pcmciautils.
a/sysfsutils-2.0.0-i486-1.tgz:  Added sysfsutils-2.0.0.
  Thanks to Piter Punk.
a/xfsprogs-2.8.10_1-i486-1.tgz:  Upgraded to xfsprogs-2.8.10-1.
  Thanks to Marco Berizzi for pointing out the new XFS programs.
ap/alsa-utils-1.0.11-i486-2.tgz:  Fixed uncompressed manpage.  Thanks to Seb.
ap/dmapi-2.2.5_1-i486-1.tgz:  Upgraded to dmapi-2.2.5-1.
ap/xfsdump-2.2.38_1-i486-1.tgz:  Upgraded to xfsdump-2.2.38-1.
kde/kdebase-3.5.4-i486-2.tgz:  Patched to fix video redirects in Konqueror.
  Thanks to Fr?d?ric L. W. Meunier for the bug report and patch link.
l/freetype-2.1.9-i486-1.tgz:  Moved from the X to the L series.
  This makes more sense because freetype does not depend on any X11 libraries,
  and because PHP has now been built linked to libfreetype.
l/libusb-0.1.12-i486-1.tgz:  Upgraded to libusb-0.1.12.
  Thanks to Gunnar Florus Johansen and CJ Johnson for the recommendation.
n/links-2.1pre23-i486-1.tgz:  Upgraded to links-2.1pre23.
n/php-4.4.3-i486-1.tgz:  Upgraded to php-4.4.3.
  From the announcement of the release:
     The security issues resolved include the following:
     * Disallow certain characters in session names.
     * Fixed a buffer overflow inside the wordwrap() function.
     * Prevent jumps to parent directory via the 2nd parameter of the
       tempnam() function.
     * Improved safe_mode check for the error_log() function.
     * Fixed cross-site scripting inside the phpinfo() function.
  The PHP 4.4.3 release announcement may be found on their web site:
    http://www.php.net
  NOTE:  Slackware's PHP package now requires the freetype library.
  (* Security fix *)
xap/xchat-2.6.6-i486-2.tgz:  Patched to fix Finnish translation errors.
  Thanks to C Johnson for pointing out that there was a new official patch.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-4.tgz:
  Fixed 2.4 kernel detection for loading the apm module.
testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-3.tgz:
  Fixed 2.4 kernel detection for loading the apm module.
+--------------------------+
Fri Aug  4 02:36:54 CDT 2006
xap/mozilla-firefox-1.5.0.6-i686-1.tgz:  Upgraded to firefox-1.5.0.6.
xap/seamonkey-1.0.4-i486-1.tgz:  Upgraded to seamonkey-1.0.4.
+--------------------------+
Thu Aug  3 01:26:43 CDT 2006
a/gettext-0.15-i486-1.tgz:  Upgraded to gettext-0.15.
  Thanks to steveo for noticing that this was missing from the ChangeLog.
a/lilo-22.7.1-i486-1.tgz:  Reverted to lilo-22.7.1 after reports from Aaron Lee
  and Philip Langdale that versions 22.7.2+ skip the boot menu on some machines.
a/sysvinit-2.84-i486-60.tgz:  Fixed rc.S to use /etc/rc.d/rc.modules.local
  properly.  Bug reported by Dieter Rauschenberger, Ricardo Garc?a, and Luis.
  Use "/bin/sh" not "." to start rc.modules.local in case someone uses "exit".
  Merged more LVM changes from Cal Peake in rc.S and rc.M, including removing
  many uses of "sleep", so if anyone needed those let me know.
ap/at-3.1.10-i486-1.tgz:  Upgraded to at-3.1.10.  Added missing at_allow.5
  manpage.  Thanks to James Michael Fultz.
ap/cdparanoia-IIIalpha9.8-i486-2.tgz:  Patched to compile with gcc-3.4.6, and
  added a batch to the build directory for later that will use the 2.6.x
  kernel's SG_IO ioctl.  Thanks to Bradley Reed.
d/gettext-tools-0.15-i486-1.tgz:  Upgraded to gettext-tools-0.15.
  Thanks to steveo for noticing that this was missing from the ChangeLog.
l/arts-1.5.4-i486-1.tgz:  Upgraded to arts-1.5.4.
kde/*:  Upgraded to KDE 3.5.4.  I know I told at least a few people that I
  wasn't planning on including this in Slackware 11.0 at the last minute,
  and there have been a couple of patches needed for it already.
  Please test quickly.  :-)
kdei/kde-i18n*:  Upgraded kde-i18n packages for KDE 3.5.4.
n/dnsmasq-2.32-i486-2.tgz:  Rebuilt after build script fixes from Fred Emmott
  (moving the chown -R), and some more from me.  Strangely, none of these
  fixes seemed to make any difference in the package that was output,
  but trust me, the build script is much better now.  :-)
n/gnupg-1.4.5-i486-1.tgz:  Upgraded to gnupg-1.4.5.
  From the gnupg-1.4.5 NEWS file:
    * Fixed 2 more possible memory allocation attacks.  They are
    similar to the problem we fixed with 1.4.4.  This bug can easily
    be be exploited for a DoS; remote code execution is not entirely
    impossible.
  (* Security fix *)
+--------------------------+
Tue Aug  1 19:04:52 CDT 2006
a/sysvinit-2.84-i486-59.tgz:  In rc.S, give first priority to
  "rc.modules.local" if it exists.
  Try to shut down OpenLDAP in rc.6.  Thanks to Ricardson Williams.
  Merged some more LVM fixes into rc.6.  Thanks to Cal Peake.
d/autoconf-2.60-noarch-1.tgz:  Upgraded to autoconf-2.60.
kde/qca-tls-1.0-i486-2.tgz:  Use the actual Qt installation path and not the
  /usr/lib/qt symlink or the qca-tls module will be erased if the Qt package
  is installed after this one (as happens in a new installation).
  Thanks to Richard Fuller for the bug report.
extra/checkinstall/checkinstall-1.6.0-i486-1.tgz:
  Upgraded to checkinstall-1.6.0.
testing/packages/lvm2/device-mapper-1.02.08-i486-1.tgz:
  Upgraded to device-mapper.1.02.08.
testing/packages/lvm2/lvm2-2.02.07-i486-1.tgz:  Upgraded to LVM2.2.02.07. 
+--------------------------+
Tue Aug  1 01:11:11 CDT 2006
a/aaa_elflibs-11.0.0-i486-2.tgz:  Added /usr/lib/libslang.so.2.0.6.
a/bin-11.0-i486-3.tgz:  Removed /sbin/rescan-scsi-bus, which is better packaged
  along with the /etc/rc.d/rc.scanluns script in the sysvinit package.
a/sysvinit-2.84-i486-58.tgz:  Added symlinks for lastb.  Make the install
  script create /var/log/btmp if it doesn't already exist.
  Thanks to Menno Duursma, Tomas Matejicek, and Gerardo Exequiel Pozzi.
  Upgraded to the latest rescan-scsi-bus script.
  Thanks to Mircea Baciu for pointing it out.
  Use "tac" to deactivate LVM partitions in reverse order.
  Thanks to Luigi Genoni.
  Make sure usbfs gets mounted if it's in the kernel but hotplug is not used.
  Thanks to Cal Peake.
  If rc.M sees an executable rc.openldap, start it.
  Thanks to Christopher Linnet.
  In rc.scanluns, show the command that's being executed.
ap/jed-0.99_18-i486-3.tgz:  Relinked against libslang.so.2.0.6.  This does
  seem to be the path of least resistance.  :-)
d/subversion-1.3.2-i486-3.tgz:  Rebuilt to fix wrong file ownerships in the
  book included in the documentation.  Thanks to Philip Lyons.
kde/kdenetwork-3.5.3-i486-3a.tgz:  Patched for ICQ protocol changes.
kde/qca-1.0-i486-1.tgz:  Added qca-1.0.
kde/qca-tls-1.0-i486-1.tgz:  Added qca-tls-1.0.  This and the qca package are
  needed to support SSL connections with the Jabber(R) protocol in Kopete.
  Thanks to Eric Hameleers, Markus Stauffer, and "--==HITMAN==--" for
  suggesting the addition of these QCA packages.
l/atk-1.10.3-i486-2.tgz:  Fixed slack-desc typo.  Thanks to Nick Chorley.
l/slang-2.0.6-i486-1.tgz:  Added slang-2.0.6.
l/slang1-1.4.9-i486-1.tgz:  Renamed from slang-1.4.9-i486-1.tgz.
n/irssi-0.8.10a-i486-3.tgz:  Fixed some strange directory permissions in the
  documentation directory.  Thanks to J.
tcl/tcl-8.4.13-i486-2.tgz:  Added /usr/include/tcl-private/{generic,unix}
  headers.  Thanks to Sergio Luis for recommending this, as there are some
  sources out there that require these header files.
+--------------------------+
Sun Jul 30 19:16:38 CDT 2006
n/samba-3.0.23a-i486-2.tgz:  Fixed bad symlink to "using_samba" in the docs.
  Thanks to Valentin Avram and William Hunt for reporting this.
ap/jed-0.99_18-i486-2.tgz:  Reverted to isearch.sl from jed-0.99_16.
  The version shipped in 0.99_18 seems to have problems unless jed is linked
  with slang-2, which we're putting off for a little while due to the major
  version bump and to let code that uses slang have a little time to catch up.
  Thanks to Luigi Genoni for the bug report and fix.
  Thanks as well to Petri Kaukasoina who also reported the problem.
ap/mysql-5.0.22-i486-2.tgz:  Reverted to MySQL-5.0.22.  Evidently MySQL-5.0.23
  was never officially released due to bugs, but made it to the mirror sites
  anyway.  Beat Vontobel's web site has some additional information about this:
    http://www.futhark.ch/mysql/148.html
  Thanks very much to Jakub Jankowski telling me the deal about 5.0.23.
ap/vim-7.0.042-i486-2.tgz:  Upgraded to ctags-5.6.
  Thanks to Michael Iatrou for pointing out the new ctags.
  Fixed a bug in the build script's patchlevel determination if $CWD contains
  a dot.  Thanks to Christophe Legras for the bug report and fix.
xap/vim-gvim-7.0.042-i486-2.tgz:  Rebuilt.  Fixed a bug in the build script's
  patchlevel determination.  Thanks to Christophe Legras.
  Fixed an undefined variable in the vim-gvim build script.
  Thanks to Bryan Germann.
+--------------------------+
Sun Jul 30 01:05:56 CDT 2006
a/devs-2.3.1-noarch-23.tgz:  Fixed /dev/usb/scanner* group.
  Thanks to Niels Kristian Bech Jensen.
  Added /dev/fuse device.  Thanks to Piter Punk.
  Added /dev/mapper/control device.
a/kernel-modules-2.4.32-i486-5.tgz:  Applied a patch to fix the X11 direct
  rendering support for X.Org versions 6.9.0 and newer.
  Thanks to Marin Mitov.
  Specify the kernel version in the install script's depmod.
  Thanks to Piter Punk.
ap/mysql-5.0.23-i486-1.tgz:  Upgraded to mysql-5.0.23.
  Suggested by Willy Sudiarto Raharjo.
d/oprofile-0.9.1-i486-2.tgz:  Recompiled with gcc-3.4.6.
  Thanks to Sunil Amitkumar Janki for pointing out that this was the last
  package in Slackware still linked to libstdc++.so.5.
d/subversion-1.3.2-i486-2.tgz:  Recompiled against the new apr and apr-util
  packages.  See below for details.
k/kernel-source-2.4.32-noarch-2.tgz:  Applied a patch to fix the X11 direct
  rendering support for X.Org versions 6.9.0 and newer.
  Thanks to Marin Mitov.
l/alsa-driver-1.0.11_2.4.32-i486-3.tgz:  Specify the kernel version in the
  install script's depmod.  Thanks to Piter Punk.
l/apr-1.2.7-i486-1.tgz:  Added apr-1.2.7.  This is needed by subversion and
  other projects like Apache2.  Thanks to Eugene Crosser for the suggestion
  and detailed rationale behind not using the apr/apr-util in subversion.
l/apr-util-1.2.7-i486-1.tgz:  Added apr-util-1.2.7.
  This is needed by subversion and other projects.
n/bind-9.3.2-i486-4.tgz:  Recompiled with --enable-threads.
  Thanks to Marin Mitov for the suggestion.
xap/gxine-0.5.7-i486-1.tgz:  Upgraded to gxine-0.5.7.
xap/imagemagick-6.2.8_7-i486-1.tgz:  Upgraded to ImageMagick-6.2.8-7.
bootdisks/*:  Prepped bootdisk version numbers.
extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-2.tgz:  Specify the
  kernel version in the install script's depmod.  Thanks to Piter Punk.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-3.tgz:  Specify the
  kernel version in the install script's depmod.  Thanks to Piter Punk.
extra/slackpkg/slackpkg-2.06-noarch-1.tgz:  Upgraded to slackpkg-2.06-noarch-1.
  Thanks to Piter Punk.
testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-2.tgz:  Specify
  the kernel version in the install script's depmod.  Thanks to Piter Punk.
+--------------------------+
Fri Jul 28 17:32:54 CDT 2006
n/apache-1.3.37-i486-1.tgz:  Upgraded to apache-1.3.37.
  From the announcement on httpd.apache.org:
    This version of Apache is security fix release only.  An off-by-one flaw
    exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
    since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
  The Slackware Security Team feels that the vast majority of installations
  will not be configured in a vulnerable way but still suggests upgrading to
  the new apache and mod_ssl packages for maximum security.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
  And see Apache's announcement here:
    http://www.apache.org/dist/httpd/Announcement1.3.html
  (* Security fix *)
n/mod_ssl-2.8.28_1.3.37-i486-1.tgz:  Upgraded to mod_ssl-2.8.28-1.3.37.
+--------------------------+
Fri Jul 28 02:28:10 CDT 2006
a/bin-11.0-i486-2.tgz:  Updated rescan-scsi-bus for 2.6 kernel compatibility.
  Upgraded to eject-2.1.5.
+--------------------------+
Thu Jul 27 16:27:57 CDT 2006
n/nmap-4.11-i486-1.tgz:  Upgraded to nmap-4.11.
  Suggested by Willy Sudiarto Raharjo.
xap/mozilla-firefox-1.5.0.5-i686-1.tgz:  Upgraded to firefox-1.5.0.5.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
xap/mozilla-thunderbird-1.5.0.5-i686-1.tgz:  Upgraded to thunderbird-1.5.0.5.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
xap/seamonkey-1.0.3-i486-1.tgz:  Upgraded to seamonkey-1.0.3.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
+--------------------------+
Wed Jul 26 20:51:13 CDT 2006
a/aaa_elflibs-11.0.0-i486-1.tgz:  Refreshed libraries, added attr and acl.
a/lilo-22.7.2.1-i486-2.tgz:  OK, now the patch is actually applied.  :-)
  Thanks to arny -- I'm evidently too used to using "zcat" for patches.
a/sysvinit-2.84-i486-57.tgz:  Merged the following changes:
  Try to use a kernel specific rc.modules script if one is found.
  Added rc.scanluns to look for devices on non-zero LUNs.
  Shut down sshd in rc.6 so connections don't hang;
  Thanks to Michael Iatrou and Steven Saner for reporting this issue.
  Changed how LVM2 is deactivated in rc.6 (thanks to Cal Peake).
  Previously there were problems since / might have already been remounted as
  read-only before LVM2 was taken down.  Now I suspect there could be problems
  if the / is on LVM, so perhaps this is not the optimal solution...
  Umount CIFS filesystems in rc.6 (thanks to Jef Oliver).
  Umount NFS, SMB, and CIFS filesystems in rc.K;
  Thanks to Drew, and to Eric Hameleers for the bug reports.
  Fixed chown root:utmp in rc.S to use ':', not '.' (thanks to Adiel Mittmann).
  Remove saslauthd.pid (if present) in rc.S (thanks to Andy Preston).
  Stop saslauthd properly in rc.6 (thanks to Andy Preston).
  Don't shut down networking in rc.6 if / is on NFS (thanks to Luca Fabbro).
  Add a one second sleep after starting rc.udev.  According to Robby Workman
  this is just enough time for some slower devices to activate for mount.
  Load rc.keymap in rc.K (thanks to Ignacio Bermejo).
  Use "respawn" rather than "wait" for runlevel 4 (thanks to Wayne Marshall).
  Don't try to mount sysfs twice in rc.S (thanks to Moo).
d/python-2.4.3-i486-4.tgz:  Fixed build script bugs.  Thanks to Fred Emmott.
d/ruby-1.8.4-i486-2.tgz:  Recompiled with --enable-shared
  and --enable-install-doc.  Thanks to Fernando Lujan.
xap/fluxbox-1.0rc2-i486-1.tgz:  Upgraded to fluxbox-1.0rc2.
  Thanks to Andrew Brouwers for letting me know about this.
xap/xchat-2.6.6-i486-1.tgz:  Upgraded to xchat-2.6.6.  Thanks to CJ Johnson.
+--------------------------+
Wed Jul 26 01:55:38 CDT 2006
a/lilo-22.7.2.1-i486-1.tgz:  Upgraded to lilo-22.7.2.1.
  Thanks to James W. Laferriere for pointing out the patch.
a/kernel-ide-2.4.32-i486-4.tgz:  Fixed gzipped System.map.
a/udev-071-i486-2.tgz:  Applied pty patch from Ken Milmore.
  Fixed world writable documentation permissions reported by John Jenkins after
  a discussion about whether that was really the right course of action.  ;-)
  Merged IEEE1394 RAW device handling changes from Christian Casteyde.
ap/joe-3.5-i486-1.tgz:  Upgraded to joe-3.5.
ap/vim-7.0.042-i486-1.tgz:  Upgraded to the latest patchlevel.
  Added many extra features.
  Thanks to Ricardo Garc?a for requesting omni completion for
  vim, which got me thinking about all kinds of ways to improve
  this and the (renamed) vim-gvim package. :-)
d/clisp-2.39-i486-1.tgz:  Upgraded to clisp-2.39 and libsigsegv-2.4.
d/git-1.4.1.1-i486-1.tgz:  Upgraded to git-1.4.1.1.
d/m4-1.4.5-i486-1.tgz:  Upgraded to m4-1.4.5.
d/mercurial-0.9.1-i486-1.tgz:  Upgraded to mercurial-0.9.1.
d/python-2.4.3-i486-3.tgz:  Merged the python, python-demo, and python-tools
  packages, bloating the python package by a whopping 2%!
d/ruby-1.8.4-i486-1.tgz:  Added Ruby since Amarok needs it...
kde/amarok-1.4.1-i486-1.tgz:  Upgraded to amarok-1.4.1.
kde/kdeaccessibility-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdeaddons-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdeadmin-3.5.3-i486-3.tgz:  Recompiled.
kde/kdeartwork-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdebase-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdebindings-3.5.3-i486-3.tgz:  Recompiled.
  I wasn't able to get the Ruby binding to compile...  sorry.
kde/kdeedu-3.5.3-i486-3.tgz:  Recompiled.
kde/kdegames-3.5.3-i486-3.tgz:  Recompiled.
kde/kdegraphics-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdelibs-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdemultimedia-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdenetwork-3.5.3-i486-3.tgz:  Recompiled.
kde/kdepim-3.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
kde/kdesdk-3.5.3-i486-3.tgz:  Recompiled.
kde/kdetoys-3.5.3-i486-3.tgz:  Recompiled.
kde/kdeutils-3.5.3-i486-3.tgz:  Recompiled.
kde/kdevelop-3.3.3-i486-2.tgz:  Recompiled.
kde/kdewebdev-3.5.3-i486-3.tgz:  Recompiled.
kde/koffice-1.5.2-i486-2.tgz:  Recompiled to use libpng.so.3.
kde/qt-3.3.6-i486-2.tgz:  Recompiled with a patch by Lars Knoll to fix
  Arabic scripts.
l/arts-1.5.3-i486-3.tgz:  Recompiled to use libpng.so.3.
l/aspell-0.60.4-i486-1.tgz:  Upgraded to aspell-0.60.4.
l/libpng-1.2.12-i486-1.tgz:  Upgraded to libpng-1.2.12.
  The libpng.so has gone .3 -> .0 -> .3.  I'll see what I can do about getting
  everything that's linked to .0 relinked with .3, as that's the major library
  number Slackware 10.2's libpng.so is using.  There is a .0 symlink to keep
  any code that was compiled while that was the number working just fine, but
  I will recompile a bunch of things mostly for the sake not using this link.
  It works either way, but I have an OCD about silly things like this.  ;-)
l/libwmf-0.2.8.4-i486-2.tgz:  Recompiled to use libpng.so.3.
l/libwmf-docs-0.2.8.4-noarch-2.tgz:  Rebuilt.
l/libmusicbrainz-2.1.3-i486-1.tgz:  Upgraded to libmusicbrainz-2.1.3.
l/sdl-1.2.11-i486-1.tgz:  Upgraded to sdl-1.2.11.
  Thanks to Jesper Juhl for the heads-up.
l/libtunepimp-0.4.2-i486-2.tgz:  Patched an overflow (CVE-2006-3600).
  Yes, there is libtunepimp-0.5.0.  Probably less supported by the existing
  codebase, and certainly not tested for as long.  We will wait for the next
  cycle on that, especially as it requires a couple of new dependencies.
  (* Security fix *)
  (-current only)
n/dhcpcd-2.0.4-i486-2.tgz:  Patched to move the pid/config directory back to
  /etc/dhcpc, since /var may not yet be mounted when dhcpcd is started.
  Issue noted by John Jenkins.
n/links-2.1pre22-i486-2.tgz:  Recompiled to use libpng.so.3.
n/mutt-1.4.2.2i-i486-1.tgz:  Upgraded to mutt-1.4.2.2i.
  This release fixes CVE-2006-3242, a buffer overflow that could be triggered
  by a malicious IMAP server.
  [Connecting to malicious IMAP servers must be common, right? -- Ed.]
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
  (* Security fix *)
n/nfs-utils-1.0.9-i486-1.tgz:  Upgraded to nfs-utils-1.0.9.
n/php-4.4.2-i486-5.tgz:  Recompiled to use libpng.so.3.
n/samba-3.0.23a-i486-1.tgz:  Upgraded to samba-3.0.23a.
  Removed /sbin/umount.smbfs symlink which was causing problems at shutdown.
  Thanks to Robby Workman for the bug report.
t/tetex-3.0-i486-3.tgz:  Recompiled against libpng-1.2.12.
t/tetex-doc-3.0-i486-3.tgz:  Rebuilt.
x/fontconfig-2.2.3-i486-1.tgz:  Split fontconfig into a separate package.
  Look, we're modularizing for ease of maintainance!  :-)
x/freetype-2.1.9-i486-1.tgz:  Split freetype into a separate package.
  Patched CVE-2006-1861 linux 2.6.x setuid() related bugs.
  (* Security fix *)
x/x11-6.9.0-i486-5.tgz:  Rebuilt.  Removed fontconfig/freetype files.
  Patched some more possible linux 2.6.x setuid() related bugs:
  http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
  (* Security fix *)
x/x11-devel-6.9.0-i486-5.tgz:  Rebuilt.  Removed fontconfig/freetype files.
  Patched with setuid() usage fixes as described above.  Again, this issue
  is only vulnerable on certain 2.6 kernels.
  (* Security fix *)
x/x11-docs-6.9.0-noarch-5.tgz:  Rebuilt.  Removed fontconfig/freetype files.
x/x11-docs-html-6.9.0-noarch-5.tgz:  Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-5.tgz:  Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-5.tgz:  Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-5.tgz:  Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-5.tgz:  Rebuilt.
x/x11-xdmx-6.9.0-i486-5.tgz:  Rebuilt.
x/x11-xnest-6.9.0-i486-5.tgz:  Rebuilt.
x/x11-xvfb-6.9.0-i486-5.tgz:  Rebuilt.
xap/gimp-2.2.12-i486-1.tgz:  Upgraded to gimp-2.2.12.
  This release fixes a security hole in the XCF parser.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
  (* Security fix *)
xap/imagemagick-6.2.8_4-i486-1.tgz:  Upgraded to ImageMagick-6.2.8-4.
xap/seamonkey-1.0.2-i486-2.tgz:  Recompiled to use libpng.so.3.
xap/vim-gvim-7.0.042-i486-1.tgz:  Renamed from "xvim", now requires the
  vim package from the AP series.  Shared files have been eliminated.
xap/xine-lib-1.1.2-i686-1.tgz:  Upgraded to xine-lib-1.1.2.
  According to xinehq.de's announcement:
   There are three security fixes:
     - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs);
     - CVE-2006-2802: possible buffer overflow in the HTTP plugin;
     - possible buffer overflow via bad indexes in specially-crafted AVI files.
  (* Security fix *)
xap/xsane-0.991-i486-2.tgz:  Recompiled to use libpng.so.3.
extra/aspell-word-lists/aspell-*tgz:  Rebuilt, with several packages upgraded.
extra/dejavu-ttf/dejavu-ttf-20060720_995-noarch-1.tgz:  Added DejaVu fonts.
  Thanks to Lukasz Stelmach for the initial build script.
extra/k3b/k3b-0.12.16-i486-2.tgz:  Recompiled to use libpng.so.3.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-2.tgz:
  Made a slight adjustment to rc.modules-2.6.16.27 to attempt to silence it
  when used on a machine running a 2.4.x kernel and without an activated
  parallel port.  I don't think it helped (or hurt) though...
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.17.7.
testing/packages/linux-2.6.17.7/kernel-generic-2.6.17.7-i486-1.tgz:
  Upgraded to Linux 2.6.17.7 generic kernel.
testing/packages/linux-2.6.17.7/kernel-headers-2.6.17.7-i386-1.tgz:
  Upgraded to Linux 2.6.17.7 kernel headers.
testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-1.tgz
  Upgraded to Linux 2.6.17.7 kernel modules.
testing/packages/linux-2.6.17.7/kernel-source-2.6.17.7-noarch-1.tgz
  Upgraded to Linux 2.6.17.7 kernel source.
+--------------------------+
Tue Jul 18 22:37:26 CDT 2006
a/lilo-22.7.2-i486-1.tgz:  Upgraded to lilo-22.7.2.
kde/koffice-1.5.2-i486-1.tgz:  Upgraded to koffice-1.5.2.
  Thanks to the KOffice team who did incredible work on this.
kdei/koffice-l10n-*-noarch-1.tgz:
  Upgraded to l10n packages for koffice-1.5.2.
n/samba-3.0.23-i486-2.tgz:  Patched a problem in nsswitch/wins.c that
  caused crashes in the wins and/or winbind libraries.  Thanks to
  Mikhail Kshevetskiy for pointing out the issue and offering a
  reference to the patch in Samba's source repository.
Thanks again to Andrea for this batch of kernel packages, and also thanks
  for compiling all those intermediate kernels that were replaced upstream
  and went unreleased in Slackware -current...
  Ah, the things that go on here behind the scenes.  ;-)
extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.27.
extra/linux-2.6.16.27/kernel-generic-2.6.16.27-i486-1.tgz:
  Upgraded to Linux 2.6.16.27 generic kernel.
extra/linux-2.6.16.27/kernel-headers-2.6.16.27-i386-1.tgz:
  Upgraded to Linux 2.6.16.27 kernel headers.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-1.tgz
  Upgraded to Linux 2.6.16.27 kernel modules.
extra/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-1.tgz
  Upgraded to Linux 2.6.16.27 kernel source.
kernels/huge26.s/*:  Upgraded huge26.s kernel to 2.6.16.27.
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.17.6.
testing/packages/linux-2.6.17.6/kernel-generic-2.6.17.6-i486-1.tgz:
  Upgraded to Linux 2.6.17.6 generic kernel.
testing/packages/linux-2.6.17.6/kernel-headers-2.6.17.6-i386-1.tgz:
  Upgraded to Linux 2.6.17.6 kernel headers.
testing/packages/linux-2.6.17.6/kernel-modules-2.6.17.6-i486-1.tgz
  Upgraded to Linux 2.6.17.6 kernel modules.
testing/packages/linux-2.6.17.6/kernel-source-2.6.17.6-noarch-1.tgz
  Upgraded to Linux 2.6.17.6 kernel source.
+--------------------------+
Fri Jul 14 18:31:20 CDT 2006
We *are* getting closer to 11.0, friends.
I'm hoping for a larger changeset soon, but this should be fun to play with
for now as I work on the TODO list;  merging, compiling, and initial testing.
n/samba-3.0.23-i486-1.tgz:  Upgraded to samba-3.0.23.
  This fixes a minor memory exhaustion DoS in smbd.
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
  (* Security fix *)
kernels/huge26.s/*:  Upgraded huge26.s kernel to 2.6.16.24.
  The name of the big kernel with many built-in options has been changed from
  test26.s to huge26.s to reflect that Slackware 11.0 will consider the
  2.6.16.x kernel series to be a supported kernel series.  However, I'm
  probably going to leave the bare.i 2.4.32 kernel as the default kernel (or
  perhaps sata.i?) as it has very good performance and probably better security
  due to the simpler and longer-tested design.  I might apply or at least make
  available in the kernel-source package for 2.4.32 a patch to fix direct
  rendering with 2.4.x kernels and X.Org 6.9.0 or newer.  Since anyone using
  Slackware for server use isn't likely to be loading the DRI modules, it's
  untouched code on those machines and won't affect server stability (well,
  depending on what, if anything, outside of the module is changed in the
  kernel).  It is probably a safe enough patch to apply.  I'd rather ship 100%
  vanilla kernels (and might, with the patch "on the side"), but DRI does not
  work without the patch past X.Org 6.8.2.  Is this enough text here?
  Perhaps I should rename this my "ChangeBlog".
Thanks to Andrea Volkerding for compiling these kernel packages:  :-)
extra/linux-2.6.16.24/alsa-driver-1.0.11_2.6.16.24-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.24.
extra/linux-2.6.16.24/kernel-generic-2.6.16.24-i486-1.tgz:
  Upgraded to Linux 2.6.16.24 generic kernel.
extra/linux-2.6.16.24/kernel-headers-2.6.16.24-i386-1.tgz:
  Upgraded to Linux 2.6.16.24 kernel headers.
extra/linux-2.6.16.24/kernel-modules-2.6.16.24-i486-1.tgz
  Upgraded to Linux 2.6.16.24 kernel modules.
extra/linux-2.6.16.24/kernel-source-2.6.16.24-noarch-1.tgz
  Upgraded to Linux 2.6.16.24 kernel source.
testing/packages/linux-2.6.17.4/kernel-generic-2.6.17.4-i486-1.tgz:
  Upgraded to Linux 2.6.17.4 generic kernel.
testing/packages/linux-2.6.17.4/kernel-headers-2.6.17.4-i386-1.tgz:
  Upgraded to Linux 2.6.17.4 kernel headers.
testing/packages/linux-2.6.17.4/kernel-modules-2.6.17.4-i486-1.tgz
  Upgraded to Linux 2.6.17.4 kernel modules.
testing/packages/linux-2.6.17.4/kernel-source-2.6.17.4-noarch-1.tgz
  Upgraded to Linux 2.6.17.4 kernel source.
+--------------------------+
Thu Jun 29 02:03:45 CDT 2006
n/ppp-2.4.4-i486-1.tgz:  Upgraded to ppp-2.4.4.
n/rp-pppoe-3.8-i486-2.tgz:  Recompiled with --enable-plugin.
  Thanks to Fr?d?ric L. W. Meunier for the suggestion.
extra/k3b/k3b-0.12.16-i486-1.tgz:  Upgraded to k3b-0.12.16.
  Thanks to Matthew Johnson for pointing out the new release.
extra/k3b/k3b-i18n-0.12.16-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.16.
+--------------------------+
Tue Jun 27 18:18:30 CDT 2006
kde/kdebase-3.5.3-i486-2.tgz:  Patched a problem with kdm where it could be
  abused to read any file on the system.
  The official KDE security advisory may be found here:
    http://www.kde.org/info/security/advisory-20060614-1.txt
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
  (* Security fix *)
  Also patched a non-security issue where KDE's screensaver would not activate.
l/arts-1.5.3-i486-2.tgz:  Patched to fix a possible exploit if artswrapper is
  setuid root (which, by default, it is not) and the system is running a 2.6
  kernel.  Systems running 2.4 kernels are not affected.
  The official KDE security advisory may be found here:
    http://www.kde.org/info/security/advisory-20060614-2.txt
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
  (* Security fix *)
n/gnupg-1.4.4-i486-1.tgz:  Upgraded to gnupg-1.4.4.
  This version fixes a memory allocation issue that could allow an attacker to
  crash GnuPG creating a denial-of-service.
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
n/nn-6.7.3-i486-1.tgz:  Upgraded to nn-6.7.3.
  Thanks to Aaron Hsu for helping with this package.
extra/blackbox-0.70.1/blackbox-0.70.1-i486-1.tgz:  Upgraded to blackbox-0.70.1.
extra/ham/xastir-1.8.2-i486-2.tgz:  Upgraded to xastir-1.8.2.
  Thanks to Arno Verhoeven for the upgraded package.
+--------------------------+
Sun Jun 25 23:59:11 CDT 2006
a/lilo-22.7.1-i486-1.tgz:  Upgraded to lilo-22.7.1.
  Thanks to George Iosif for reporting that this new LILO version is
  needed to boot a Toshiba Tecra S3 laptop.
  Thanks to Tomas Matejicek for suggestions on refining the build script.
  This version was also suggested as an upgrade by Rene Huber and Grant.
a/procps-3.2.7-i486-1.tgz:  Upgraded to procps-3.2.7 and psmisc-22.2.
ap/jed-0.99_18-i486-1.tgz:  Upgraded to jed-0.99_18.
ap/sox-12.18.1-i486-1.tgz:  Upgraded to sox-12.18.1.
l/mhash-0.9.7-i486-1.tgz:  Upgraded to mhash-0.9.7, which should fix
  some breakage reported by Bradley Reed.
+--------------------------+
Sun Jun 25 00:46:13 CDT 2006
a/coreutils-5.97-i486-1.tgz:  Upgraded to coreutils-5.97.
a/gettext-0.14.6-i486-1.tgz:  Upgraded to gettext-0.14.6.
ap/joe-3.4-i486-2.tgz:  Fixed permissions on some documentation files.
  Thanks to Nathan Black for noticing they were wrong.
ap/mdadm-2.5.1-i486-1.tgz:  Upgraded to mdadm-2.5.1.
d/gdb-6.5-i486-1.tgz:  Upgraded to gdb-6.5.
d/gettext-tools-0.14.6-i486-1.tgz:  Upgraded to gettext-tools-0.14.6.
d/git-1.4.0-i486-1.tgz:  Upgraded to git-1.4.0.
  Added the man pages.
  Thanks to Seb for pointing out the git-manpages archive on kernel.org.
l/gtk+2-2.8.19-i486-1.tgz:  Upgraded to gtk+-2.8.19.
  Looks like there's a bit more fallout over the PNG -lz debate...
  Thanks to Jason A Miller and Giacomo Lozito for reporting the problem
  with PNG images and pointing out the needed patch.
testing/packages/php-5.1.4/php-5.1.4-i486-2.tgz:  Recompiled with --enable-soap.
  Thanks to Aleksandar Jevremovic for the suggestion.
+--------------------------+
Thu Jun 22 23:10:53 CDT 2006
a/e2fsprogs-1.38-i486-2.tgz:  Reverted to e2fsprogs-1.38 due to reports of
  broken floppy support (e2fsck /dev/fd0).  Since there were no bug reports
  here regarding e2fsprogs-1.38 (other than it not being the latest version),
  I'm reverting to the last known working version to play it safe.
  Thanks to Mikhail Zotov for reporting this issue along with an example of
  how to easily reproduce it.
n/getmail-4.6.3-noarch-1.tgz:  Upgraded to getmail-4.6.3.
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.16.22.
testing/packages/linux-2.6.16.22/alsa-driver-1.0.11_2.6.16.22-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.22.
testing/packages/linux-2.6.16.22/kernel-generic-2.6.16.22-i486-1.tgz:
  Upgraded to Linux 2.6.16.22 generic kernel.
  I hope everyone had plenty of time to test that last kernel.  ;-)
testing/packages/linux-2.6.16.22/kernel-headers-2.6.16.22-i386-1.tgz:
  Upgraded to Linux 2.6.16.22 kernel headers.
testing/packages/linux-2.6.16.22/kernel-modules-2.6.16.22-i486-1.tgz
  Upgraded to Linux 2.6.16.22 kernel modules.
testing/packages/linux-2.6.16.22/kernel-source-2.6.16.22-noarch-1.tgz
  Upgraded to Linux 2.6.16.22 kernel source.
+--------------------------+
Thu Jun 22 00:40:30 CDT 2006
l/sdl-1.2.10-i486-3.tgz:  Recompiled with --disable-x11-shared to
  avoid problems with nVidia's drivers.
  Thanks to Giacomo Lozito for reporting this issue.
n/dhcpcd-2.0.4-i486-1.tgz:  Switched to dhcpcd version 2.0.4 after
  receiving some reports of problems with the latest version.  There
  were no reports of problems with dhcpcd-2.0.1 here, and it was only
  upgraded in order to have the new, shiny version.  But, rather than
  go all the way back to 2.0.1, we'll try 2.0.4 since one report was
  detailed enough to note that 2.0.4 worked while 2.0.6 didn't.
  Thanks to christian laubscher, Luca, and Dave Miller for providing
  useful data about these problems.
  In case anyone upstream is reading this, one of the problems was
  dhcpcd failing to work with the DHCP server built into the ZyXEL
  Prestige 650H-E1 router, and another issue was that after 2.0.4 it
  would no longer work with token ring.
  If any of these people have the time to test this new package and
  report success or failure, it would be appreciated.  :-)
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.16.21.
testing/packages/linux-2.6.16.21/alsa-driver-1.0.11_2.6.16.21-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.21.
testing/packages/linux-2.6.16.21/kernel-generic-2.6.16.21-i486-1.tgz:
  Upgraded to Linux 2.6.16.21 generic kernel.
testing/packages/linux-2.6.16.21/kernel-headers-2.6.16.21-i386-1.tgz:
  Upgraded to Linux 2.6.16.21 kernel headers.
testing/packages/linux-2.6.16.21/kernel-modules-2.6.16.21-i486-1.tgz
  Upgraded to Linux 2.6.16.21 kernel modules.
testing/packages/linux-2.6.16.21/kernel-source-2.6.16.21-noarch-1.tgz
  Upgraded to Linux 2.6.16.21 kernel source.
+--------------------------+
Mon Jun 19 00:28:53 CDT 2006
xap/xchat-2.6.4-i486-2.tgz:  Patched to fix proxy support.
  Thanks to Bren and Stefan Misch for pointing out the patch.
+--------------------------+
Thu Jun 15 00:39:04 CDT 2006
a/e2fsprogs-1.39-i486-1.tgz:  Upgraded to e2fsprogs-1.39.
ap/man-pages-2.33-noarch-1.tgz:  Upgraded to man-pages-2.33.
ap/quota-3.13-i486-1.tgz:  Upgraded to quota-3.13.
d/cvs-1.11.22-i486-1.tgz:  Upgraded to cvs-1.11.22.
l/fribidi-0.10.7-i486-1.tgz:  Upgraded to fribidi-0.10.7.
l/libgsf-1.14.1-i486-1.tgz:  Upgraded to libgsf-1.14.1.
l/librsvg-2.14.4-i486-1.tgz:  Upgraded to librsvg-2.14.4.
l/libxml2-2.6.26-i486-1.tgz:  Upgraded to libxml2-2.6.26.
l/libxslt-1.1.17-i486-1.tgz:  Upgraded to libxslt-1.1.17.
l/libwmf-0.2.8.4-i486-1.tgz:  Upgraded to libwmf-0.2.8.4.
l/libwmf-docs-0.2.8.4-noarch-1.tgz:  Upgraded to libwmf-0.2.8.4 docs.
l/libwpd-0.8.5-i486-1.tgz:  Upgraded to libwpd-0.8.5.
  This might require a few things to be recompiled, so please report
  any compatibility issues here.
l/mhash-0.9.6-i486-1.tgz:  Upgraded to mhash-0.9.6.
n/curl-7.15.4-i486-1.tgz:  Upgraded to curl-7.15.4.
n/irssi-0.8.10a-i486-2.tgz:  Patched to fix a pointer bug that causes irssi
  to dump core on exit.  Thanks to Andrew Brouwers for the bug report and
  pointers to a discussion and patch.
n/lftp-3.4.7-i486-1.tgz:  Upgraded to lftp-3.4.7.
n/nmap-4.10-i486-1.tgz:  Upgraded to nmap-4.10.
n/ntp-4.2.2-i486-1.tgz:  Upgraded to ntp-4.2.2.
n/openldap-client-2.3.24-i486-1.tgz:  Upgraded to openldap-2.3.24.
n/sendmail-8.13.7-i486-1.tgz:  Upgraded to sendmail-8.13.7.
  Fixes a potential denial of service problem caused by excessive recursion
  leading to stack exhaustion when attempting delivery of a malformed MIME
  message.  This crashes sendmail's queue processing daemon, which in turn
  can lead to two problems:  depending on the settings, these crashed
  processes may create coredumps which could fill a drive partition; and
  such a malformed message in the queue will cause queue processing to
  cease when the message is reached, causing messages that are later in
  the queue to not be processed.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
  Sendmail has also provided an FAQ about this issue:
    http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
  (* Security fix *)
n/sendmail-cf-8.13.7-noarch-1.tgz:  Upgraded to sendmail-8.13.7 configs.
xap/fluxbox-1.0rc-i486-1.tgz:  Upgraded to fluxbox-1.0rc.
  I considered using --prefix=/usr here since X.Org will be moving from
  /usr/X11R6 to /usr when Slackware absorbs the modular release, but I
  think it will be best to wait and make those changes all at once.
  This, BTW, will be sometime after the 11.0 release.  This current to
  stable cycle has already taken too much time (10.2 is in need of
  replacement), and introducing changes that might break things at this
  point would be foolhardy.  Although there's still quite a bit in the
  TODO queue here I'm making my steps carefully as -current is very
  stable, and I think it should ship as a stable 11.0 soon so that we can
  get back to the business of breaking things in -current.  :-)
xap/imagemagick-6.2.8_0-i486-1.tgz:  Upgraded to ImageMagick-6.2.8-0.
xap/xchat-2.6.4-i486-1.tgz:  Upgraded to xchat-2.6.4.
xap/xsane-0.991-i486-1.tgz:  Upgraded to xsane-0.991.
  Thanks to Nicolas Friedli for pointing out that I'd had this source
  ready to compile in source/xap/xsane for a couple of months.  :-)
+--------------------------+
Mon Jun 12 07:46:26 CDT 2006
d/doxygen-1.4.7-i486-1.tgz:  Touched/resynced as this package got mangled
  in upload somehow.  Thanks to Marin Mitov for pointing this out.
+--------------------------+
Sun Jun 11 17:27:32 CDT 2006
d/doxygen-1.4.7-i486-1.tgz:  Upgraded to doxygen-1.4.7.
kde/amarok-1.4.0a-i486-1.tgz:  Upgraded to amarok-1.4.0a.
  Thanks to Steven Robson for pointing out the stealth re-release.
l/sdl-1.2.10-i486-2.tgz:  Fixed the ./configure options so that SDL does not
  use dlopen() to link to the shared graphics libraries, as dlopen() wasn't
  working with the new PNG library.  Thanks to Fran?ois Cojean and
  Rapha?l Prevost for bug report and patch.
n/bootp-2.4.3-i486-2.tgz:  Patched to work with 2.6.x kernels.
  Thanks to Simon Munton.
n/dhcpcd-2.0.6-i486-1.tgz:  Upgraded to dhcpcd-2.0.6.
  Moved /etc/dhcpc/dhcpcd.exe to /etc/dhcpc/dhcpcd.exe-sample to prevent
  error messages in the log files.  The sources install this as non-
  executable, and there's little reason that I can see to use it in its
  default form as it only puts redundant information in the logs.
  It might be a useful stub for some other purpose though...
  Thanks to David Houlden and Luis for reporting the issue.
n/dnsmasq-2.32-i486-1.tgz:  Upgraded to dnsmasq-2.32.
extra/slackpkg/slackpkg-2.05-noarch-7.tgz:  Upgraded to slackpkg-2.05-noarch-7.
  Thanks to Piter Punk.
+--------------------------+
Thu Jun  8 00:11:35 CDT 2006
a/acl-2.2.34-i486-1.tgz:  Moved from AP series since so many binaries require
  this (or will).  Made acl an ADD (required) package in the tagfile.
a/attr-2.4.28-i486-1.tgz:  Moved from AP series since so many binaries require
  this (or will).  Made attr an ADD (required) package in the tagfile.
d/mercurial-0.9-i486-2.tgz:  Fixed missing man pages.  (thanks to Seb)
d/python-2.4.3-i486-2.tgz:  Rebuilt with --enable-ipv6.
  I don't know if this option actually does anything, but it can't hurt.  ;-)
  Suggested by Lukasz Stelmach.
d/python-demo-2.4.3-noarch-2.tgz:  Rebuilt.
d/python-tools-2.4.3-noarch-2.tgz:  Rebuilt.
n/samba-3.0.22-i486-2.tgz:  Recompiled with --with-acl-support=yes.
  Suggested by Ricardson Williams.
+--------------------------+
Mon Jun  5 18:57:15 CDT 2006
a/jfsutils-1.1.11-i486-1.tgz:  Upgraded to jfsutils-1.1.11.
n/apache-1.3.36-i486-1.tgz:  Upgraded to apache-1.3.36.
n/mod_ssl-2.8.27_1.3.36-i486-1.tgz:  Upgraded to mod_ssl-2.8.27-1.3.36.
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.16.20.
testing/packages/linux-2.6.16.20/alsa-driver-1.0.11_2.6.16.20-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.20.
testing/packages/linux-2.6.16.20/kernel-generic-2.6.16.20-i486-1.tgz:
  Upgraded to Linux 2.6.16.20 generic kernel.
testing/packages/linux-2.6.16.20/kernel-headers-2.6.16.20-i386-1.tgz:
  Upgraded to Linux 2.6.16.20 kernel headers.
testing/packages/linux-2.6.16.20/kernel-modules-2.6.16.20-i486-1.tgz
  Upgraded to Linux 2.6.16.20 kernel modules.
testing/packages/linux-2.6.16.20/kernel-source-2.6.16.20-noarch-1.tgz
  Upgraded to Linux 2.6.16.20 kernel source.
+--------------------------+
Sun Jun  4 22:17:14 CDT 2006
a/sharutils-4.6.3-i486-1.tgz:  Upgraded to sharutils-4.6.3.
ap/joe-3.4-i486-1.tgz:  Upgraded to joe-3.4.
ap/mysql-5.0.22-i486-1.tgz:  Upgraded to mysql-5.0.22.
  This fixes an SQL injection vulnerability.
  For more details, see the MySQL 5.0.22 release announcement here:
    http://lists.mysql.com/announce/365
  The CVE entry for this issue will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
  (* Security fix *)
kde/kdeaccessibility-3.5.3-i486-1.tgz:  Upgraded to kdeaccessibility-3.5.3.
kde/kdeaddons-3.5.3-i486-1.tgz:  Upgraded to kdeaddons-3.5.3.
kde/kdeadmin-3.5.3-i486-1.tgz:  Upgraded to kdeadmin-3.5.3.
kde/kdeartwork-3.5.3-i486-1.tgz:  Upgraded to kdeartwork-3.5.3.
kde/kdebase-3.5.3-i486-1.tgz:  Upgraded to kdebase-3.5.3.
kde/kdebindings-3.5.3-i486-1.tgz:  Upgraded to kdebindings-3.5.3.
kde/kdeedu-3.5.3-i486-1.tgz:  Upgraded to kdeedu-3.5.3.
kde/kdegames-3.5.3-i486-1.tgz:  Upgraded to kdegames-3.5.3.
kde/kdegraphics-3.5.3-i486-1.tgz:  Upgraded to kdegraphics-3.5.3.
kde/kdelibs-3.5.3-i486-1.tgz:  Upgraded to kdelibs-3.5.3.
kde/kdemultimedia-3.5.3-i486-1.tgz:  Upgraded to kdemultimedia-3.5.3.
kde/kdenetwork-3.5.3-i486-1.tgz:  Upgraded to kdenetwork-3.5.3.
kde/kdepim-3.5.3-i486-1.tgz:  Upgraded to kdepim-3.5.3.
kde/kdesdk-3.5.3-i486-1.tgz:  Upgraded to kdesdk-3.5.3.
kde/kdetoys-3.5.3-i486-1.tgz:  Upgraded to kdetoys-3.5.3.
kde/kdeutils-3.5.3-i486-1.tgz:  Upgraded to kdeutils-3.5.3.
kde/kdevelop-3.3.2-i486-1.tgz:  Upgraded to kdevelop-3.3.2.
kde/kdewebdev-3.5.3-i486-1.tgz:  Upgraded to kdewebdev-3.5.3.
kde/koffice-1.5.1-i486-1.tgz:  Upgraded to koffice-1.5.1.
kdei/kde-i18n-*-3.5.3-noarch-1.tgz:  Upgraded to kde-i18n-3.5.3.
kdei/koffice-l10n-*-1.5.1-noarch-1.tgz:
  Upgraded to l10n packages for koffice-1.5.1.
l/arts-1.5.3-i486-1.tgz:  Upgraded to arts-1.5.3.
l/jre-1_5_0_07-i586-1.tgz:  Upgraded to Java(TM) 2 Platform Standard Edition
  Runtime Environment Version 5.0, Release 7.
n/getmail-4.6.1-noarch-1.tgz:  Upgraded to getmail-4.6.1.
n/links-2.1pre22-i486-1.tgz:  Upgraded to links-2.1pre22.
xap/mozilla-firefox-1.5.0.4-i686-1.tgz:  Upgraded to firefox-1.5.0.4.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
xap/mozilla-thunderbird-1.5.0.4-i686-1.tgz:  Upgraded to thunderbird-1.5.0.4.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
xap/seamonkey-1.0.2-i486-1.tgz:  Upgraded to seamonkey-1.0.2.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
xap/xlockmore-5.22-i486-1.tgz:  Upgraded to xlockmore-5.22.
xap/xscreensaver-5.00-i486-1.tgz:  Upgraded to xscreensaver-5.00.
extra/jdk-1.5.0_07/jdk-1_5_0_07-i586-1.tgz:  Upgraded to Java(TM) 2
  Platform Standard Edition Development Kit Version 5.0, Release 7.
+--------------------------+
Wed May 31 18:37:58 CDT 2006
a/hotplug-2004_09_23-noarch-8.tgz:  Patched net.agent to use rc.inet1
  to shut down interfaces that use DHCP.  Thanks to Lew Pitcher,
  Ismael Cortes, and Nuts Mueller, who all suggested possible solutions
  for an issue which arose when dhcpcd's .pid file was shifted from
  /etc/dhcpc/ to /var/run/.
ap/mdadm-2.5-i486-1.tgz:  Upgraded to mdadm-2.5.
d/subversion-1.3.2-i486-1.tgz:  Upgraded to subversion-1.3.2.
  Added back the HTML book -- thanks to Jan Rafaj for pointing out that
  this had gone missing in the last subversion package.
xap/gkrellm-2.2.9-i486-1.tgz:  Upgraded to gkrellm-2.2.9.
  Suggested by Willy Sudiarto Raharjo.
extra/slackpkg/slackpkg-2.04-noarch-6.tgz:  Upgraded to
  slackpkg-2.04-noarch-6.  Thanks to Piter Punk.
testing/packages/linux-2.6.16.19/alsa-driver-1.0.11_2.6.16.19-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.19.
testing/packages/linux-2.6.16.19/kernel-generic-2.6.16.19-i486-1.tgz:
  Upgraded to Linux 2.6.16.19 generic kernel.
testing/packages/linux-2.6.16.19/kernel-headers-2.6.16.19-i386-1.tgz:
  Upgraded to Linux 2.6.16.19 kernel headers.
testing/packages/linux-2.6.16.19/kernel-modules-2.6.16.19-i486-1.tgz
  Upgraded to Linux 2.6.16.19 kernel modules.
  Thanks to Nuts Mueller for the rc.modules typo fixes.
testing/packages/linux-2.6.16.19/kernel-source-2.6.16.19-noarch-1.tgz
  Upgraded to Linux 2.6.16.19 kernel source.
+--------------------------+
Sat May 27 19:14:31 CDT 2006
a/coreutils-5.96-i486-1.tgz:  Upgraded to coreutils-5.96.
l/glib2-2.10.3-i486-1.tgz:  Upgraded to glib-2.10.3.
l/gtk+2-2.8.18-i486-1.tgz:  Upgraded to gtk+-2.8.18.
l/pango-1.12.3-i486-1.tgz:  Upgraded to pango-1.12.3.
n/dnsmasq-2.31-i486-1.tgz:  Upgraded to dnsmasq-2.31.
n/cyrus-sasl-2.1.22-i486-1.tgz:  Upgraded to cyrus-sasl-2.1.22.
n/openldap-client-2.3.23-i486-1.tgz:  Upgraded to openldap-2.3.23.
xap/imagemagick-6.2.7_8-i486-1.tgz:  Upgraded to ImageMagick-6.2.7-8.
extra/parted/parted-1.7.1-i486-1.tgz:  Upgraded to parted-1.7.1.
+--------------------------+
Mon May 22 21:44:07 CDT 2006
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.16.18.
testing/packages/linux-2.6.16.18/alsa-driver-1.0.11_2.6.16.18-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.18.
testing/packages/linux-2.6.16.18/kernel-generic-2.6.16.18-i486-1.tgz:
  Upgraded to Linux 2.6.16.18 generic kernel.
testing/packages/linux-2.6.16.18/kernel-headers-2.6.16.18-i386-1.tgz:
  Upgraded to Linux 2.6.16.18 kernel headers.
testing/packages/linux-2.6.16.18/kernel-modules-2.6.16.18-i486-1.tgz
  Upgraded to Linux 2.6.16.18 kernel modules.
testing/packages/linux-2.6.16.18/kernel-source-2.6.16.18-noarch-1.tgz
  Upgraded to Linux 2.6.16.18 kernel source.
+--------------------------+
Mon May 22 11:23:48 CDT 2006
a/bin-11.0-i486-1.tgz:  Upgraded to ncompress-4.2.4, eject-2.1.4, file-4.17,
  and tree-1.5.0.  Removed sharutils, which are now in a separate package.
  Patched a security problem in zoo's fullpath() function that was reported by
  Jean-Sebastien Guay-Leroux.  At first this didn't seem like much as zoo is
  old and hardly used, but there are virus scanning programs that scan zoo
  archives.  It is a possible problem on any system running zoo like this in
  an automated way, and (of course) could also cause problems if a user were
  to open a malicious zoo archive manually.  (though I'd be pretty suspicious
  if someone were to mail me anything using "zoo" in 2006...)
  (* Security fix *)
a/coreutils-5.95-i486-1.tgz:  Upgraded to coreutils-5.95.
a/sharutils-4.6.2-i486-1.tgz:  Added new sharutils package,
  upgraded to sharutils-4.6.2.
ap/linuxdoc-tools-0.9.21-i486-2.tgz:  Added libsgmls-perl_1.03ii.
  Upgraded to the latest upstream linuxdoc-tools package.
  Moved jadetex out of this package and into the tetex package so that
  "mktexlslr" won't need to be run to find jadetex.
  Merged some miscellaneous fixes from the armedslack package.
  Thanks again to Stuart Winter for help on SGML/Docbook issues.  :-)
d/git-1.3.3-i486-1.tgz:  Upgraded to git-1.3.3.
kde/amarok-1.4.0-i486-1.tgz:  Upgraded to amarok-1.4.0.
l/glib2-2.10.2-i486-1.tgz:  Upgraded to glib-2.10.2.
l/pango-1.12.2-i486-1.tgz:  Upgraded to pango-1.12.2.
l/sdl-1.2.10-i486-1.tgz:  Upgraded to SDL-1.2.10, SDL_image-1.2.5,
  SDL_mixer-1.2.7, SDL_net-1.2.6, and SDL_ttf-2.0.8.
l/libxml2-2.6.24-i486-1.tgz:  Upgraded to libxml2-2.6.24.
l/libxslt-1.1.16-i486-1.tgz:  Upgraded to libxslt-1.1.16.
n/dhcp-3.0.4-i486-1.tgz:  Upgraded to dhcp-3.0.4.
n/nfs-utils-1.0.8-i486-1.tgz:  Upgraded to nfs-utils-1.0.8.
t/tetex-3.0-i486-2.tgz:  Regenerated the etex.fmt files with etex, not pdfetex.
  This is more appropriate since etex is a binary, not a link to pdfetex.
  Thanks to John Breckenridge for reporting the issue.
  Added --disable-a4, and fixed the texconfig for US paper default in the
  build script.  Thanks to Marc Benstein and Jingmin Zhou for reporting this.
  Merged jadetex into the teTeX package.
  Moved font build directory (only usable by root anyway) from
  /var/tmp/texfonts to /var/lib/texmf.
  Improved /tmp use security.
  Patched a possible security issue in library code borrowed from xpdf that's
  used in pdfetex.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
  (* Security fix *)
t/tetex-doc-3.0-i486-2.tgz:  Rebuilt.
xap/gxine-0.5.6-i486-1.tgz:  Upgraded to gxine-0.5.6.
xap/imagemagick-6.2.7_6-i486-1.tgz:  Upgraded to ImageMagick-6.2.7-6.
xap/seamonkey-1.0.1-i486-2.tgz:  Added seamonkey-1.0.1, which replaces the old
  Mozilla Suite in the XAP series.  If Mozilla is not found on the machine, a
  mozilla -> seamonkey link will be created to handle applications that might
  still try to use "mozilla" to open URLs.  Also, if Mozilla is not installed,
  then symlinks will be made in /usr/lib/pkgconfig/ from mozilla* ->
  seamonkey*.  This should allow most sources designed for Mozilla to compile.
extra/parted/parted-1.7.0-i486-1.tgz:  Upgraded to parted-1.7.0.
pasture/mozilla-1.7.13-i486-1.tgz:  Moved here from XAP series.
  This won't remain here long, so grab a copy if you want it...
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.16.17.
testing/packages/linux-2.6.16.17/alsa-driver-1.0.11_2.6.16.17-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.17.
testing/packages/linux-2.6.16.17/kernel-generic-2.6.16.17-i486-1.tgz:
  Upgraded to Linux 2.6.16.17 generic kernel.
testing/packages/linux-2.6.16.17/kernel-headers-2.6.16.17-i386-1.tgz:
  Upgraded to Linux 2.6.16.17 kernel headers.
testing/packages/linux-2.6.16.17/kernel-modules-2.6.16.17-i486-1.tgz
  Upgraded to Linux 2.6.16.17 kernel modules.
testing/packages/linux-2.6.16.17/kernel-source-2.6.16.17-noarch-1.tgz
  Upgraded to Linux 2.6.16.17 kernel source.
+--------------------------+
Sat May 13 21:00:28 CDT 2006
a/bash-3.1.017-i486-1.tgz:  Upgraded to bash-3.1.17.
a/openssl-solibs-0.9.8b-i486-1.tgz:  Upgraded to openssl-0.9.8b.
ap/vim-7.0.017-i486-1.tgz:  Upgraded to vim-7.0.017.
d/git-1.3.2-i486-1.tgz:  Added git-1.3.2.
d/mercurial-0.9-i486-1.tgz:  Added mercurial-0.9.
n/openssh-4.3p2-i486-1.tgz:  Upgraded to openssh-4.3p2.
n/openssl-0.9.8b-i486-1.tgz:  Upgraded to openssl-0.9.8b.
xap/xvim-7.0.017-i486-1.tgz:  Upgraded to vim-7.0.017 compiled with
  X11 and GTK+ (version 2) support.
kernels/test26.s/*:  Upgraded test26.s kernel to 2.6.16.16.
testing/packages/linux-2.6.16.16/alsa-driver-1.0.11_2.6.16.16-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.16.
testing/packages/linux-2.6.16.16/kernel-generic-2.6.16.16-i486-1.tgz:
  Upgraded to Linux 2.6.16.16 generic kernel.
testing/packages/linux-2.6.16.16/kernel-headers-2.6.16.16-i386-1.tgz:
  Upgraded to Linux 2.6.16.16 kernel headers.
testing/packages/linux-2.6.16.16/kernel-modules-2.6.16.16-i486-1.tgz
  Upgraded to Linux 2.6.16.16 kernel modules.
  Added many missing ISA network card modules (thanks to Marc Rubin).
testing/packages/linux-2.6.16.16/kernel-source-2.6.16.16-noarch-1.tgz
  Upgraded to Linux 2.6.16.16 kernel source.
+--------------------------+
Wed May 10 14:23:57 CDT 2006
n/apache-1.3.35-i486-2.tgz:  Patched to fix totally broken Include behavior.
  Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+
Tue May  9 16:10:33 CDT 2006
ap/cdrdao-1.2.1-i486-1.tgz:  Upgraded to cdrdao-1.2.1.
ap/mysql-5.0.21-i486-1.tgz:  Upgraded to mysql-5.0.21.
  This fixes some security issues, including possible information leakage, and
  execution of arbitrary code.  Note that the information leakage bugs require
  that the attacker have access to an account on the database.  Also note that
  by default, Slackware's rc.mysqld script does *not* allow access to the
  database through the outside network (it uses the --skip-networking option).
  If you've enabled network access to MySQL, it is a good idea to filter the
  port (3306) to prevent access from unauthorized machines.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518
  (* Security fix *)
l/gmp-4.2.1-i486-1.tgz:  Upgraded to gmp-4.2.1.
l/libpng-1.2.10-i486-2.tgz:  Run ./configure --prefix=/usr to substitute macros
  into libpng12.pc (even though we compile with the custom makefile.)
  Thanks to Ian Bennett for the bug report.
l/mpfr-2.2.0p10-i486-1.tgz:  Added mpfr-2.2.0p10.  This used to be part of GMP
  but is now a separate project (www.mpfr.org).
n/apache-1.3.35-i486-1.tgz:  Upgraded to apache-1.3.35.
  From the official announcement:
    Of particular note is that 1.3.35 addresses and fixes 1 potential
    security issue: CVE-2005-3352 (cve.mitre.org)
       mod_imap: Escape untrusted referer header before outputting in HTML
       to avoid potential cross-site scripting.  Change also made to
       ap_escape_html so we escape quotes.  Reported by JPCERT
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
  (* Security fix *)
  Upgraded the bundled mm (Shared Memory Allocation) library to mm-1.4.0.
n/gnupg-1.4.3-i486-1.tgz:  Upgraded to gnupg-1.4.3.
n/mod_ssl-2.8.26_1.3.35-i486-1.tgz:  Upgraded to mod_ssl-2.8.26-1.3.35.
  This is an updated version designed for Apache 1.3.35.
n/php-4.4.2-i486-4.tgz:  Recompiled against mm-1.4.0.
  Upgraded to Mail-1.1.10 and XML_RPC-1.4.8 PEAR modules.
  Added /usr/bin/php-cgi (thanks to AthlonRob).
testing/packages/php-5.1.4/php-5.1.4-i486-1.tgz:  Upgraded to php-5.1.4.
  Recompiled against mm-1.4.0 (bundled with the new Apache package).
  Added /usr/bin/php-cgi (thanks to AthlonRob).
  Added mysqli and pdo-mysql extensions (suggested by Janusz Dziemidowicz).
+--------------------------+
Wed May  3 21:48:26 CDT 2006
xap/mozilla-firefox-1.5.0.3-i686-1.tgz:  Upgraded to firefox-1.5.0.3.
  This upgrade fixes a crash bug that could possibly be used to
  execute code as the Firefox user.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Wed May  3 00:01:38 CDT 2006
a/smartmontools-5.36-i486-1.tgz:  Upgraded to smartmontools-5.36.
  Thanks to Jonathan Woithe for letting me know that newer 2.6.x kernels
  need this version to properly support SMART with SATA drives.
l/libpng-1.2.10-i486-1.tgz:  Upgraded to libpng-1.2.10.
n/rsync-2.6.8-i486-1.tgz:  Upgraded to rsync-2.6.8.
tcl/tcl-8.4.13-i486-1.tgz:  Upgraded to tcl-8.4.13.
tcl/tk-8.4.13-i486-1.tgz:  Upgraded to tk-8.4.13.
x/x11-6.9.0-i486-4.tgz:  Patched with x11r6.9.0-mitri.diff and recompiled.
  A typo in the X render extension allows an X client to crash the server
  and possibly to execute arbitrary code as the X server user (typically
  this is "root".)  
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526
  The advisory from X.Org may be found here:
    http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
  (* Security fix *)
x/x11-devel-6.9.0-i486-4.tgz:  Patched and recompiled libXrender.
  (* Security fix *)
The rest of these were rebuilt simply to keep the build number consistent.
x/x11-docs-6.9.0-noarch-4.tgz:  Rebuilt.
x/x11-docs-html-6.9.0-noarch-4.tgz:  Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-4.tgz:  Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-4.tgz:  Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-4.tgz:  Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-4.tgz:  Rebuilt.
x/x11-xdmx-6.9.0-i486-4.tgz:  Rebuilt.
x/x11-xnest-6.9.0-i486-4.tgz:  Rebuilt.
x/x11-xvfb-6.9.0-i486-4.tgz:  Rebuilt.
+--------------------------+
Sun Apr 30 17:32:22 CDT 2006
a/hotplug-2004_09_23-noarch-7.tgz:  Blacklisted the wireless access point
  modules (hostap*) as they can interfere with normal usage of the interface.
  Thanks to Piter Punk.
ap/espgs-8.15.2-i486-1.tgz:  Upgraded to espgs-8.15.2.
l/alsa-driver-1.0.11_2.4.32-i486-2.tgz:  Patched a problem with the
  via82xx driver.  Thanks to user MysticMgcn for entering the bug report,
  to Ismael Cortes for getting me a copy of the patch from ALSA's Hg
  repository, and to ALSA developer Takashi Iwai for the fix itself.
l/alsa-lib-1.0.11-i486-1.tgz:  Moved from /testing.
n/nmap-4.03-i486-1.tgz:  Upgraded to nmap-4.03.
n/proftpd-1.3.0-i486-1.tgz:  Upgraded to proftpd-1.3.0.
n/tin-1.8.2-i486-1.tgz:  Upgraded to tin-1.8.2.
n/wireless-tools-28-i486-1.tgz:  Upgraded to wireless_tools.28.
  Thanks to Eric Hameleers for the new version of rc.wireless.
xap/mozilla-thunderbird-1.5.0.2-i686-1.tgz:  Upgraded to thunderbird-1.5.0.2.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
testing/packages/linux-2.6.16.9/alsa-driver-1.0.11_2.6.16.9-i486-2.tgz:
  Patched to fix via82xx driver.
+--------------------------+
Mon Apr 24 14:29:50 CDT 2006
a/hotplug-2004_09_23-noarch-6.tgz:  Patched rc.hotplug.
  On 2.4 kernels use /sbin/hotplug for hotpluging, but on 2.6 kernels use
  /sbin/udevsend (if udev is being used) instead.  This should work better
  on systems using 2.6 kernels with udev and HAL.  Among the people pushing
  for this change for a while:  Jon Grosshart, Piter Punk, and Eugene Crosser.
  Blacklisted hw_random after reports that it causes some systems to crash.
  Note that rc.hotplug is now installed as rc.hotplug.new, but upgradepkg
  will still replace it for one more package iteration.  This will cause
  hotplug to be made executable on machines where it currently is not, so
  be aware of that.
a/slocate-3.1-i486-1.tgz:  Upgraded to slocate-3.1.
  This uses a new database format, so you'll have to wait for the cron job or
  run "updatedb -c /etc/updatedb.conf" as root.  Thanks to Piotr Simon and 
  Erik Jan Tromp for pointing out that the docs for the previous package were
  installed with incorrect permissions.
a/udev-071-i486-1.tgz:  Upgraded to udev-071.
  Set ttyUSB devices to mode 660 so that users in group tty can use them.
  Get rid of the 10-udev.hotplug -> /sbin/udevsend symlink in
  /etc/hotplug.d/default.  This fixes a race condition with using the hotplug
  event handling system now enabled by default in the latest udev.rules.
  Another nice effect of this is that udevd no longer runs needlessly on 2.4
  systems.  WARNING: any existing udev.rules file will be overwritten, so save
  your old file if you have custom rules you'd like to merge in).
  Based on ideas suggested by Eugene Crosser, Piter Punk, and myself.
  In /etc/udev/scripts/make_extra_nodes.sh and floppy-extra-devs.sh, use
  ${udev_root} instead of hardcoding /dev.  Thanks to Andreas Schnaiter.
  In /etc/udev/scripts/make_extra_nodes.sh, fixed a bug that caused a bad
  cdrom -> pktcdvd/control symlink to be created if the pktcdvd driver was
  loaded prior to running the make_extra_nodes.sh script.
  Thanks to Kenneth Pettersen for the bug report and fix, and to Giovanni
  Quadriglio who also reported the issue.
  Finally, thanks to Piter Punk for his continued exploration of udev's
  bleeding edge.  What's going on there is quite interesting, but there are
  still some issues that have led me to decide it's best to take small steps
  in that direction.  For example, it was nice to be able to populate /dev
  before checking the partitions and mounting them read-write, and it seems
  that won't be possible any longer.  I've had other reports of hardware that
  wasn't hotplugged correctly, too (and ran into some myself).  Mostly it
  seems to be a question of figuring out the proper place in the boot process
  to put udev, but there are also a lot of things we're left to figure out
  concerning the udev rules.  We'll get there, but maybe not in the next
  release.  This upgrade to udev-071 meets the minimum requirement in the
  2.6.16.9 Documentation/Changes file, and has been heavily tested here and
  found to work well.  udev-090 boot the machine faster, but isn't as
  reliable (at least in testing here, with how it's called from our init
  scripts), and I've never been in favor of trading reliability for speed.
ap/alsa-utils-1.0.11-i486-1.tgz:  Upgraded to alsa-utils-1.0.11.
ap/mysql-5.0.20a-i486-1.tgz:  Upgraded to mysql-5.0.20a.
d/guile-1.8.0-i486-1.tgz:  Upgraded to guile-1.8.0.
  I don't think anything in Slackware depends on guile any more, and that the
  only thing that ever did was a solitaire game in GNOME.  Since the GNOME
  distributions for Slackware are already including their own guile packages,
  I'm considering this package for removal.  How generally useful is it?
  Perhaps something like Ruby in the D series instead would be more useful.
l/alsa-driver-1.0.11_2.4.32-i486-1.tgz:  Upgraded to alsa-driver-1.0.11,
  compiled for Linux 2.4.32.
l/alsa-lib-1.0.11rc4-i486-1.tgz:  Upgraded to alsa-lib-1.0.11rc4.
  The reason for 11rc4 rather than 11 is that there was a new subsystem added
  (src/pcm_rate_linear.c) in 11rc5, that I suspect causes aRts to break on
  at least one system using snd-via82xx and/or snd-ac97-codec -- aRts bails
  with a message about a CPU overload.  The exact chipset is:
  VIA Technologies, Inc. VT8233/A/8235/8237 AC97 Audio Controller (rev 60)
  It would seem to me that rc4->rc5 was kind of a risky time in the release
  cycle to introduce such a massive change to the codebase.  In any case,
  I think it's prudent to stick with alsa-lib-1.0.11rc4 as the default
  alsa-lib version until this gets sorted out upstream.
l/alsa-oss-1.0.11-i486-1.tgz:  Upgraded to alsa-oss-1.0.11.
l/libungif-4.1.4-i486-2.tgz:  Fixed libgif.so* symlinks.
  Thanks to Wim Speekenbrink.
xap/imagemagick-6.2.7_0-i486-1.tgz:  Upgraded to ImageMagick-6.2.7-0.
xap/mozilla-1.7.13-i486-1.tgz:  Upgraded to mozilla-1.7.13.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
  This release marks the end-of-life of the Mozilla 1.7.x series:
    http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
  Mozilla Corporation is recommending that users upgrade to Firefox and
  Thunderbird, but if you're a fan of the style of the Mozilla Suite, I'd
  recommend SeaMonkey myself.  There's a good chance that Mozilla will not
  ship in the next Slackware release, and SeaMonkey will ship in its place.
  I'd been wondering which way to go with that, but getting an official
  EOL statement about the Mozilla Suite makes it seem like the switch to
  SeaMonkey should happen sooner rather than later.
  (* Security fix *)
extra/slacktrack/slacktrack-1.29-i486-1.tgz:  Upgraded to slacktrack-1.29-1.
testing/packages/alsa-lib-1.0.11-i486-1.tgz:  Added alsa-lib-1.0.11.  This is
  primarily intended for people to verify the issue with VIA sound, look for
  a similar issue with other chipsets as well (seems possible, since the issue
  isn't in any VIA specific code in alsa-driver), and report any useful
  information found to the upstream developers:
    https://bugtrack.alsa-project.org/alsa-bug/
  I reported the issue via (ha;) email, but not through the bug track system.
  The developer I contacted couldn't reproduce the issue and didn't think it
  had anything to do with the rate plugin additions.  If other folks test
  alsa-lib-1.0.11 and run into this, and have the time to jump through the
  hoops needed to report the bug at the URL above, I'd appreciate the help.
  At least it would demonstrate that it's not just my machine...
testing/packages/linux-2.6.16.9/alsa-driver-1.0.11_2.6.16.9-i486-1.tgz:
  Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.9.
testing/packages/linux-2.6.16.9/kernel-generic-2.6.16.9-i486-1.tgz:
  Upgraded to Linux 2.6.16.9 generic kernel.
testing/packages/linux-2.6.16.9/kernel-headers-2.6.16.9-i386-1.tgz:
  Upgraded to Linux 2.6.16.9 kernel headers.
testing/packages/linux-2.6.16.9/kernel-modules-2.6.16.9-i486-1.tgz
  Upgraded to Linux 2.6.16.9 kernel modules.
testing/packages/linux-2.6.16.9/kernel-source-2.6.16.9-noarch-1.tgz
  Upgraded to Linux 2.6.16.9 kernel source.
  BTW, I think 2.6.16.x, being the first kernel series in the 2.6 series that
  has been promised some long-lived support, will be the 2.6 kernel you'll see
  in the next Slackware release.  If/when 2.6.17 (or 18, etc.) come out, don't
  expect to see me chasing after it immediately.  I'm looking for a kernel
  that can be counted on for stability -- not the bleeding edge.  Of course,
  once 2.6.16.x is considered tested enough to leave /testing (and it does
  seem close), perhaps a newer kernel might take its place here just for fun.
  Oh and yes -- I did see that 2.6.16.10 is out, and I know that the test26.s
  kernel wasn't yet updated.  Due to the Mozilla situation, I can't delay this
  update to be a $SUCKER some more, but you'll see 2.6.16.10 soon.  That is,
  if there isn't a newer one first...
+--------------------------+
Mon Apr 17 01:22:15 CDT 2006
kde/koffice-1.5.0-i486-1.tgz:  Upgraded to koffice-1.5.0.
kdei/koffice-l10n-*.tgz:  Upgraded to l10n packages for koffice-1.5.0.
l/gtk+2-2.8.17-i486-1.tgz:  Upgraded to gtk+-2.8.17.
l/lcms-1.15-i486-1.tgz:  Upgraded to lcms-1.15.
l/libexif-0.6.13-i486-1.tgz:  Upgraded to libexif-0.6.13.
l/libidl-0.8.6-i486-1.tgz:  Upgraded to libIDL-0.8.6.
l/libglade-2.5.1-i486-1.tgz:  Upgraded to libglade-2.5.1.
l/libgsf-1.14.0-i486-1.tgz:  Upgraded to libgsf-1.14.0.
  This has changed the major library version from .1 to .114...
l/libidn-0.6.3-i486-1.tgz:  Upgraded to libidn-0.6.3.
l/librsvg-2.14.3-i486-1.tgz:  Upgraded to librsvg-2.14.3.
l/libtiff-3.8.2-i486-1.tgz:  Upgraded to libtiff-3.8.2.
l/libungif-4.1.4-i486-1.tgz:  Upgraded to libungif-4.1.4.
l/libwpd-0.8.4-i486-2.tgz:  Recompiled against libgsf-1.14.0.
l/wv2-0.2.2-i486-2.tgz:  Recompiled against libgsf-1.14.0.
  Apparently, this needed a recompile anyway (with or without new
  dependencies) in order to fix a compiler incompatibility issue
  between gcc-3.3.x and gcc-3.4.x that was breaking .doc support
  in KWord.  Thanks to Marin Mitov and Andrey V. Panov for reporting
  this issue.
n/fetchmail-6.3.4-i486-1.tgz:  Upgraded to fetchmail-6.3.4.
n/getmail-4.6.0-noarch-1.tgz:  Upgraded to getmail-4.6.0.
n/lftp-3.4.4-i486-1.tgz:  Upgraded to lftp-3.4.4.
xap/fluxbox-0.9.15.1-i486-1.tgz:  Upgraded to fluxbox-0.9.15.1.
xap/gimp-2.2.11-i486-1.tgz:  Upgraded to gimp-2.2.11.
xap/mozilla-firefox-1.5.0.2-i686-1.tgz:  Upgraded to firefox-1.5.0.2.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
extra/k3b/k3b-0.12.15-i486-1.tgz:  Upgraded to k3b-0.12.15.
extra/k3b/k3b-i18n-0.12.15-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.15.
testing/packages/seamonkey-1.0.1-i486-1.tgz:  Upgraded to seamonkey-1.0.1.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  (* Security fix *)
In other news, I am aware of the expat-2.0 release, but this has a couple of
API changes (and a new major library number) and it will take some time for
upstream sources to patch for it.  Therefore, expat-2.0 will not be used for
Slackware 11.0 (but might be included in /testing).
There's also a new gmp-4.2, but the shared libraries that are built by this
have lower numbers than the ones from gmp-4.1.4, so that's probably not going
to make the cut this time around, either.
+--------------------------+
Tue Apr  4 18:06:21 CDT 2006
d/make-3.81-i486-1.tgz:  Upgraded to make-3.81.  Long live make!
d/subversion-1.3.1-i486-1.tgz:  Upgraded to subversion-1.3.1.
xap/xscreensaver-4.24-i486-1.tgz:  Upgraded to xscreensaver-4.24.
+--------------------------+
Mon Apr  3 21:18:03 CDT 2006
a/findutils-4.2.27-i486-1.tgz:  Upgraded to findutils-4.2.27.
d/python-2.4.3-i486-1.tgz:  Upgraded to python-2.4.3.
  This now links with Berkeley DB 4.4.x.  :-)
d/python-demo-2.4.3-noarch-1.tgz:  Upgraded to python-2.4.3 demos.
d/python-tools-2.4.3-noarch-1.tgz:  Upgraded to python-2.4.3 tools.
kde/amarok-1.3.9-i486-1.tgz:  Added amaroK 1.3.9, a media player for KDE.
kde/kdeaccessibility-3.5.2-i486-1.tgz:  Upgraded to kdeaccessibility-3.5.2.
kde/kdeaddons-3.5.2-i486-1.tgz:  Upgraded to kdeaddons-3.5.2.
kde/kdeadmin-3.5.2-i486-1.tgz:  Upgraded to kdeadmin-3.5.2.
kde/kdeartwork-3.5.2-i486-1.tgz:  Upgraded to kdeartwork-3.5.2.
kde/kdebase-3.5.2-i486-1.tgz:  Upgraded to kdebase-3.5.2.
kde/kdebindings-3.5.2-i486-1.tgz:  Upgraded to kdebindings-3.5.2.
kde/kdeedu-3.5.2-i486-1.tgz:  Upgraded to kdeedu-3.5.2.
kde/kdegames-3.5.2-i486-1.tgz:  Upgraded to kdegames-3.5.2.
kde/kdegraphics-3.5.2-i486-1.tgz:  Upgraded to kdegraphics-3.5.2.
kde/kdelibs-3.5.2-i486-1.tgz:  Upgraded to kdelibs-3.5.2.
kde/kdemultimedia-3.5.2-i486-1.tgz:  Upgraded to kdemultimedia-3.5.2.
kde/kdenetwork-3.5.2-i486-1.tgz:  Upgraded to kdenetwork-3.5.2.
kde/kdepim-3.5.2-i486-1.tgz:  Upgraded to kdepim-3.5.2.
kde/kdesdk-3.5.2-i486-1.tgz:  Upgraded to kdesdk-3.5.2.
kde/kdetoys-3.5.2-i486-1.tgz:  Upgraded to kdetoys-3.5.2.
kde/kdeutils-3.5.2-i486-1.tgz:  Upgraded to kdeutils-3.5.2.
kde/kdevelop-3.3.2-i486-1.tgz:  Upgraded to kdevelop-3.3.2.
kde/kdewebdev-3.5.2-i486-1.tgz:  Upgraded to kdewebdev-3.5.2.
kde/qt-3.3.6-i486-1.tgz:  Upgraded to qt-x11-free-3.3.6.
kdei/kde-i18n-*-3.5.2-noarch-1.tgz:  Upgraded to kde-i18n-3.5.2.
l/arts-1.5.2-i486-1.tgz:  Upgraded to arts-1.5.2.
l/libmusicbrainz-2.1.2-i486-1.tgz:  Added libmusicbrainz-2.1.2, a library for
  searching a user-maintained community music metadatabase.  This is used
  to tag media files by libtunepimp.
l/libtunepimp-0.4.2-i486-1.tgz:  Added libtunepimp-0.4.2.  This is a library
  used to support adding metadata tags to music files using the MusicBrainz
  client libraries.  These libraries are used by several media players to look
  up track information.  (e.g. in Slackware, JuK and amaroK so far)
n/rp-pppoe-3.8-i486-1.tgz:  Upgraded to rp-pppoe-3.8.
xap/abiword-2.2.9-i486-1.tgz:  Removed.  More recent versions of AbiWord no
  longer support compiling without GNOME, and it looks like all of the GNOME
  distributions for Slackware are shipping GNOMEified (and newer) versions of 
  this package anyway.
+--------------------------+
Thu Mar 30 21:24:37 CST 2006
n/rsync-2.6.7-i486-1.tgz:  Upgraded to rsync-2.6.7.
n/samba-3.0.22-i486-1.tgz:  Upgraded to samba-3.0.22.
  This fixes a security issue in previous samba releases where secret machine
  credentials may be written into a log file that is readable by anyone with
  a login account on the machine.  The issue affects only the samba-3.0.21
  series (including patches a, b, and c.)
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059
  (* Security fix *)
+--------------------------+
Sun Mar 26 20:42:28 CST 2006
a/aaa_base-10.2.0-noarch-4.tgz:  Chowned all binary directories to root:root.
  /media and /svc will not be added at this time, as /mnt (with subdirectory
  mount points such as /mnt/cdrom and /mnt/tmp) and /var were already
  perfectly adequate for the purposes for which /media and /svc were proposed.
  Polluting the root directory is, IMHO, completely pointless.  I suppose in
  the future that at least compatibility symlinks will need to be considered,
  though...
a/bash-3.1.014-i486-1.tgz:  Upgraded to bash-3.1 patchlevel 014.
a/jfsutils-1.1.10-i486-1.tgz:  Upgraded to jfsutils-1.1.10.
a/module-init-tools-3.2.2-i486-1.tgz:  Upgraded to module-init-tools-3.2.2.
  This new version of module-init-tools has been patched to look for module
  configuration information in /etc/modprobe.conf only for 2.4.x kernels.
  For 2.6.x kernels, files found in the directory /etc/modprobe.d/ are used
  instead.  Eventually, /etc/modprobe.conf will be phased out in favor of
  the /etc/modprobe.d/ approach.  If you have anything in your
  /etc/modprobe.conf that you need, and you are using a 2.6.x kernel, be sure
  to copy the configuration to a file (or files) in /etc/modprobe.d/.
  Hint:  ALSA expects sound modules to be configured in /etc/modprobe.d/sound.
ap/groff-1.19.2-i486-1.tgz:  Upgraded to groff-1.19.2.
ap/hpijs-2.1.4-i486-1.tgz:  Upgraded to hpijs-2.1.4.
  Thanks to Giovanni Venturi for the reminder.
ap/lsof-4.76-i486-1.tgz:  Upgraded to lsof-4.76.
ap/most-4.10.2-i486-1.tgz:  Upgraded to most-4.10.2.
ap/mysql-5.0.19-i486-1.tgz:  Upgraded to mysql-5.0.19.
ap/sox-12.17.9-i486-1.tgz:  Upgraded to sox-12.17.9.
ap/vim-6.4.010-i486-1.tgz:  Upgraded to VIM 6.4.010.
ap/zsh-4.2.6-i486-1.tgz:  Upgraded to zsh-4.2.6.
d/subversion-1.3.0-i486-2.tgz:  Fixed broken apr include file permissions.
  Thanks to Andreas Schnaiter for pointing this out.
n/curl-7.15.3-i486-1.tgz:  Upgraded to curl-7.15.3.
  This release fixes a security issue discovered by Ulf Harnhammar.
  libcurl uses the given file part of a TFTP URL in a manner that allows a
  malicious user to overflow a heap-based memory buffer due to the lack of
  boundary check.  This overflow happens if you pass in a URL with a TFTP
  protocol prefix ("tftp://"), using a valid host and a path part that is
  longer than 512 bytes.  The affected flaw can be triggered by a redirect,
  if curl/libcurl is told to follow redirects and an HTTP server points
  the client to a tftp URL with the characteristics described above.
  There is no known exploit at the time of this writing.
  No stable version of Slackware is affected, as the flaw exists only in
  the curl-7.15.x series prior to curl-7.15.3.  
  The cURL advisory may be found here:
    http://curl.haxx.se/docs/adv_20060320.html
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1061
  (* Security fix *)
n/epic4-2.4-i486-1.tgz:  Upgraded to epic4-2.4.
n/openldap-client-2.3.20-i486-1.tgz:  Upgraded to openldap-2.3.20 client
  libraries.
xap/xvim-6.4.010-i486-1.tgz:  Upgraded to VIM 6.4.010 (with X support.)
extra/brltty/brltty-3.7.2-i486-1.tgz:  Upgraded to brltty-3.7.2.
extra/emacspeak/emacspeak-23.0-i486-1.tgz:  Upgraded to emacspeak-23.0.
extra/inn/inn-2.4.3-i486-1.tgz:  Upgraded to inn-2.4.3 compiled against
  libdb-4.2.  Note that this package DOES NOT preserve configuration
  files, so back them up first!  Also, any database files will need to
  be rebuilt due to the move from db-3.3 to db-4.2.
extra/slacktrack/slacktrack-1.28-i486-1.tgz:  Upgraded to slacktrack-1.28_1.
+--------------------------+
Wed Mar 22 13:01:23 CST 2006
n/sendmail-8.13.6-i486-1.tgz:  Upgraded to sendmail-8.13.6.
  This new version of sendmail contains a fix for a security problem
  discovered by Mark Dowd of ISS X-Force.  From sendmail's advisory:
    Sendmail was notified by security researchers at ISS that, under some
    specific timing conditions, this vulnerability may permit a specifically
    crafted attack to take over the sendmail MTA process, allowing remote
    attackers to execute commands and run arbitrary programs on the system
    running the MTA, affecting email delivery, or tampering with other
    programs and data on this system.  Sendmail is not aware of any public
    exploit code for this vulnerability.  This connection-oriented
    vulnerability does not occur in the normal course of sending and
    receiving email.  It is only triggered when specific conditions are
    created through SMTP connection layer commands.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/company/advisory/index.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
  (* Security fix *)
n/sendmail-cf-8.13.6-noarch-1.tgz:  Upgraded to sendmail-8.13.6 configuration
  files.
+--------------------------+
Tue Mar 21 11:17:27 CST 2006
x/x11-6.9.0-i486-3.tgz:  Fixed /usr/X11R6/bin/Xorg, which due to being not
  setuid root could not be used by non-root users.  Thanks to the many people
  who reported this issue.  I tracked it down to a new (or rather, back again)
  behavior of "chown", which is removing the suid/sgid bits from any file that
  it touches.  I remember this same situation from the old days, and it's
  why many of the older package builds use a package skeleton and then install
  binaries using "cat" -- this prevents the changing of the permissions.
  If I recall correctly, "strip" also used to do this.  Looking in the kernel
  source, I see some mention in fs/open.c about doing this as a safety feature.
  IMO, it doesn't seem like the right thing to do, though.  If I want chmod,
  I'll use it, thank you.  However, it looks like the feature was added years
  ago, and I have no idea why it has just recently kicked in.  I've gone back
  and tested on a Slackware 10.2 box, and it's also showing the same effects
  with "chown", so it seems to me that this sort of breakage should have
  been happening when the x11*-6.9.0-i486-1.tgz packages were built, too,
  but Xorg was properly setuid in that package set.  I tried dropping back
  to the previous coreutils, and this also didn't help.  It's a mystery.
  Anyway, my first thought was to simply move the "chmod 4711" on Xorg to
  after the last "chown" in the build script, but decided that the best way
  to handle this is to begin phasing out the use of the "bin" group on
  binaries and binary directories.  There was never any use to this ever, so
  far as I can tell.  I think someone working on the FHS just thought that
  root:bin looked nicer, or something.  ;-)  Most distributions install
  binaries as root:root now anyway, and the latest standards no longer
  require root:bin.  Since it doesn't matter, don't expect everything to
  change all at once -- don't send bug reports concerning files or 
  directories that "should be" root:bin or root:root.  We will move away
  from root:bin to root:root as new packages are built.
  I sure hope "strip" doesn't start acting up next...
x/x11-devel-6.9.0-i486-3.tgz:  Rebuilt.  Really, there was no need to rebuild
  this or the below packages, but I like a consistent build number when it's
  not too much trouble to have it.
x/x11-docs-6.9.0-noarch-3.tgz:  Rebuilt.
x/x11-docs-html-6.9.0-noarch-3.tgz:  Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-3.tgz:  Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-3.tgz:  Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-3.tgz:  Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-3.tgz:  Rebuilt.
x/x11-xdmx-6.9.0-i486-3.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-3.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-3.tgz:  Recompiled.
+--------------------------+
Mon Mar 20 09:29:15 CST 2006
x/x11-6.9.0-i486-2.tgz:  Patched with x11r6.9.0-geteuid.diff.
  From the x.org security page:
     * March 20, 2006 - A security vulnerability has been found in the X.Org
       server as shipped with X11R6.9.0 and X11R7.0 (xorg-server 1.0.0 and
       1.0.1) -- this is CVE-2006-0745.  Local users were able to escalate
       privileges to root and cause a DoS if the Xorg server was installed
       setuid root (the default).  Note that earlier releases are not
       vulnerable.
  For more information (eventually), see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745
  (* Security fix *)
  Since this issue does not affect any stable/released version of Slackware,
  there will no security advisory on the mailing list.  Those running -current
  should keep up with the ChangeLog to stay on top of new developments.
x/x11-devel-6.9.0-i486-2.tgz:  Recompiled.
x/x11-docs-6.9.0-noarch-2.tgz:  Rebuilt.
x/x11-docs-html-6.9.0-noarch-2.tgz:  Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-2.tgz:  Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-2.tgz:  Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-2.tgz:  Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-2.tgz:  Rebuilt.
x/x11-xdmx-6.9.0-i486-2.tgz:  Recompiled.
x/x11-xnest-6.9.0-i486-2.tgz:  Recompiled.
x/x11-xvfb-6.9.0-i486-2.tgz:  Recompiled.
testing/packages/linux-2.6.15.6/kernel-source-2.6.15.6-noarch-2.tgz:
  Removed spurious "asm" symlink in /.  Thanks to xgizzmo.
+--------------------------+
Fri Mar 17 16:42:40 CST 2006
l/cairo-1.0.4-i486-1.tgz:  Upgraded to cairo-1.0.4.
l/gtk+2-2.8.16-i486-1.tgz:  Upgraded to gtk+-2.8.16.
n/dnsmasq-2.27-i486-1.tgz:  Upgraded to dnsmasq-2.27.
Oh, and happy St. Patrick's day!  :-)
+--------------------------+
Tue Mar 14 18:01:26 CST 2006
n/stunnel-4.15-i486-2.tgz:  Fixed messed up /var/lib perms.
  Thanks to Adam Dawidowski for the bug report.
+--------------------------+
Mon Mar 13 18:53:57 CST 2006
a/aaa_base-10.2.0-noarch-3.tgz:  Added /var/empty directory.
a/gawk-3.1.5-i486-2.tgz:  Applied bugfix from the gawk mailing list to fix a
  problem with newer glibc versions pulling that "*** free(): invalid pointer"
  trick we all love.  :-)  Thanks to Grant for sending in a link to the fix.
a/glibc-solibs-2.3.6-i486-3.tgz:  Recompiled against 2.4.32 and 2.6.15.6
  kernel headers.  Yes, I have seen that shiny-looking glibc-2.4 release on
  ftp.gnu.org, but glibc-2.4 completely drops support for linuxthreads, and
  therefore will not support vanilla Linux 2.4.x kernels.  I don't think
  we're quite ready for that yet around here.
a/glibc-zoneinfo-2.3.6-noarch-3.tgz:  Updated timezone data from tzdata2006c.
a/kernel-ide-2.4.32-i486-3.tgz:  Recompiled with gcc-3.4.6.
a/kernel-modules-2.4.32-i486-4.tgz:  Recompiled with gcc-3.4.6.
  Thanks to Piter Punk for all the help revising the default entries in 
  /etc/rc.d/rc.modules.new to be more accurate for 2.6.x kernels.  I've tried
  to make it function in the default state under 2.4.x kernels too, though
  some of the modules have different names in 2.4 vs. 2.6...
  Also thanks to Didier Spaier for suggesting an example for DMA usage in the 
  section of rc.modules that loads the parallel-port support.
d/gcc-3.4.6-i486-1.tgz:  Upgraded to gcc-3.4.6.
d/gcc-g++-3.4.6-i486-1.tgz:  Upgraded to gcc-3.4.6.
d/gcc-g77-3.4.6-i486-1.tgz:  Upgraded to gcc-3.4.6.
d/gcc-gnat-3.4.6-i486-1.tgz:  Upgraded to gcc-3.4.6.
d/gcc-java-3.4.6-i486-1.tgz:  Upgraded to gcc-3.4.6.
d/gcc-objc-3.4.6-i486-1.tgz:  Upgraded to gcc-3.4.6.
l/alsa-driver-1.0.11rc3_2.4.32-i486-1.tgz:  Upgraded to alsa-driver-1.0.11rc3
  compiled for Linux 2.4.32.  The 2.6.15.6 kernel does not work properly using
  the modules in alsa-driver-1.0.10, but works fine with these.  Although I'm
  normally against using release candidates, I thought in this case that the
  version of alsa-driver used by the 2.4 and 2.6 kernels should be the same
  since the package does install some header files that would overlap.  It's
  worked fine on both 2.4.32 and 2.6.15.6 here, and the other alsa-* packages
  compile against it without errors (so I don't see a need to update those).
  I think this will work, but let me know if this upgrade causes any problems.
l/db44-4.4.20-i486-1.tgz:  For consistency, change the name of this package from
  db4 to db44, and move the header files into /usr/include/db44/, since that's
  the directory where the next version of Python will be looking for them.
  Oh, and on that topic, I've had a few people send in or provide links to
  patches that fix compiling the latest Python with db-4.4.  Thanks, but it's
  still a more conservative approach to wait until db-4.4 is officially
  supported upstream.  BTW, none of the patches were exactly the same.  :-)
  db-4.3 would also work, but it's probably not worth introducing yet-another
  already old version of db over.
  Added the --enable-cxx option.  (Suggested by Kevin Brammer)
l/glibc-2.3.6-i486-3.tgz:  Recompiled against 2.4.32 and 2.6.15.6 kernel
  headers.  Added /var/run/nscd/ directory (thanks to Dirk van Deun).
  Updated timezone data from tzdata2006c.
l/glibc-i18n-2.3.6-noarch-3.tgz:  Rebuilt.
l/glibc-profile-2.3.6-i486-3.tgz:  Recompiled against 2.4.32 and 2.6.15.6
  kernel headers.
l/gtk+2-2.8.14-i486-1.tgz:  Upgraded to gtk+2-2.8.14.
n/gnupg-1.4.2.2-i486-1.tgz:  Upgraded to gnupg-1.4.2.2.
  There have been two security related issues reported recently with GnuPG.
  From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files:
    Noteworthy changes in version 1.4.2.2 (2006-03-08)
    * Files containing several signed messages are not allowed any
      longer as there is no clean way to report the status of such
      files back to the caller.  To partly revert to the old behaviour
      the new option --allow-multisig-verification may be used.
   Noteworthy changes in version 1.4.2.1 (2006-02-14)
    * Security fix for a verification weakness in gpgv.  Some input
      could lead to gpgv exiting with 0 even if the detached signature
      file did not carry any signature.  This is not as fatal as it
      might seem because the suggestion as always been not to rely on
      th exit code but to parse the --status-fd messages.  However it
      is likely that gpgv is used in that simplified way and thus we
      do this release.  Same problem with "gpg --verify" but nobody
      should have used this for signature verification without
      checking the status codes anyway.  Thanks to the taviso from
      Gentoo for reporting this problem.
  (* Security fix *)
n/popa3d-1.0.1-i486-1.tgz:  Upgraded to popa3d-1.0.1.
n/stunnel-4.15-i486-1.tgz:  Upgraded to stunnel-4.15.
bootdisks/*:  Rebuilt using the recompiled 2.4.32 kernels.
extra/k3b/k3b-0.12.14-i486-1.tgz:  Upgraded to k3b-0.12.14.
extra/k3b/k3b-i18n-0.12.14-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.14.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-3.tgz:
  Recompiled with gcc-3.4.6.
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.15.6-i486-1.tgz:
  Recompiled with gcc-3.4.6 for Linux 2.6.15.6.
kernels/*.?/*:  Recompiled 2.4.32 kernels with gcc-3.4.6, upgraded
  test26.s kernel to 2.6.15.6.
pasture/gnupg-1.2.7-i486-1.tgz:  This can rest here for a little while
  just in case gnupg-1.4.2.2 causes any problems, but I doubt it will.
  I also think gnupg-1.2.7 is still secure when used securely (if that
  makes any sense ;-), or I wouldn't even leave it in /pasture...
testing/packages/linux-2.6.15.6/alsa-driver-1.0.11rc3_2.6.15.6-i486-1.tgz
  Upgraded to alsa-driver-1.0.11rc3 compiled for Linux 2.6.15.6.
  This should fix the "free_hot_cold_page" issue that was occuring with
  alsa-driver-1.0.10 and the 2.6.15+ kernels.  It fixes it here,
  anyway.  :-)
testing/packages/linux-2.6.15.6/kernel-generic-2.6.15.6-i486-1.tgz
  Upgraded to Linux 2.6.15.6 generic kernel.
testing/packages/linux-2.6.15.6/kernel-headers-2.6.15.6-i386-1.tgz
  Upgraded to Linux 2.6.15.6 kernel headers.
testing/packages/linux-2.6.15.6/kernel-modules-2.6.15.6-i486-1.tgz
  Upgraded to Linux 2.6.15.6 kernel modules.
testing/packages/linux-2.6.15.6/kernel-source-2.6.15.6-noarch-1.tgz
  Upgraded to Linux 2.6.15.6 kernel source.
+--------------------------+
Sat Mar  4 19:54:26 CST 2006
a/xfsprogs-2.7.11-i486-2.tgz:  Fixed .gz.gz double compression on
  the manpages.  Turns out they were already installed compressed.
  Thanks to Dave Fullerton.
  Fixed /usr/lib/libhandle.so symlink.
  Thanks to Luigi Genoni.
ap/dmapi-2.2.3-i486-2.tgz:  Fixed /usr/lib/libdm.so symlink.
  Thanks to Luigi Genoni.
ap/xfsdump-2.2.33-i486-2.tgz:  Recompiled to link with libhandle.
d/python-2.4.2-i486-2.tgz:  Recompiled against Berkeley DB 4.2.52
  to get _bsddb.so and dbm.so to build.  Python finds the db-4.2.52
  headers fine in /usr/include/db42/, so I guess that's the right
  place for them.  :-)
d/python-demo-2.4.2-noarch-2.tgz:  Rebuilt.
d/python-tools-2.4.2-noarch-2.tgz:  Rebuilt.
l/db42-4.2.52-i486-3.tgz:  Added a db-4.2.52 package (called db42)
  as a non-default version of Berkeley DB 4.x, since some things
  still aren't ready for db-4.4.x, and it's probably best not to
  force the issue until the changes needed for db-4.4.x are made
  upstream where needed.  Oh, I've had a report that subversion-1.3.0
  isn't working with db-4.4.x -- can anyone confirm this?  I'm not
  running any kind of test repository here, so feedback on whether
  subversion could use a recompile against db-4.2 would be helpful.
n/proftpd-1.3.0rc4-i486-1.tgz:  Upgraded to proftpd-1.3.0rc4.
+--------------------------+
Wed Mar  1 20:25:56 CST 2006
a/coreutils-5.94-i486-2.tgz:  Restored ginstall -> install symlinks
  which are still needed to build some things.  Thanks to Rich.
extra/bash-completion/bash-completion-20060301-noarch-1.tgz:
  Upgraded to bash-completion-20060301.
+--------------------------+
Tue Feb 28 20:50:44 CST 2006
a/bash-3.1-i486-3.tgz:  Patched with additional official patches
  bash31-008 through bash31-011.
a/util-linux-2.12r-i486-1.tgz:  Upgraded to util-linux-2.12r.
a/xfsprogs-2.7.11-i486-1.tgz:  Upgraded to xfsprogs-2.7.11.
  Split acl, attr, dmapi, and xfsdump into separate packages and
  moved them into the AP series.  This location was a bit of a judgement
  call since acl, attr, and dmapi contain libraries, but so do some other
  packages outside L.  Anyway, it does seem to me that xfsdump should go
  in AP, and that these packages should all be found in the same place.
ap/acl-2.2.34-i486-1.tgz:  Upgraded to acl-2.2.34, split out of xfsprogs
  package.
ap/attr-2.4.28-i486-1.tgz:  Upgraded to attr-2.4.28, split out of xfsprogs
  package.
ap/dmapi-2.2.3-i486-1.tgz:  Upgraded to dmapi-2.2.3, split out of xfsprogs
  package.
ap/xfsdump-2.2.33-i486-1.tgz:  Upgraded to xfsdump-2.2.33, split out of
  xfsprogs package.
d/clisp-2.38-i486-2.tgz:  Added some additional modules for CLISP.
  Thanks to Bradley Reed for the hint.
f/linux-faqs-20060228-noarch-1.tgz:  Updated from ibiblio.org.
f/linux-howtos-20060228-noarch-1.tgz:  Upgraded to Linux-HOWTOs-20060228.
l/gtk+2-2.8.13-i486-1.tgz:  Upgraded to gtk+-2.8.13.
l/pango-1.10.4-i486-1.tgz:  Upgraded to pango-1.10.4.
n/bind-9.3.2-i486-3.tgz:  Modified rc.bind to try to use rndc to stop the
  nameserver before resorting to killall, and added some additional comments
  about loading the "capability" module on 2.6+ kernels.
n/samba-3.0.21c-i486-1.tgz:  Upgraded to samba-3.0.21c.
+--------------------------+
Mon Feb 20 14:20:17 CST 2006
ap/dvd+rw-tools-6.1-i486-1.tgz:  Upgraded to dvd+rw-tools-6.1.
kdei/kde-i18n-sv-3.5.1-noarch-1a.tgz:  Fixed with a rebuild.  Thanks to
  Nille Kungen for pointing out that the -1 package was missing files.
n/bind-9.3.2-i486-2.tgz:  Patched to remove the use of the obsolete setsockopt
  SO_BSDCOMPAT that was putting annoying warnings in /var/log/syslog when bind
  binaries were run under a 2.6.x kernel.  Thanks to Marin Glibic.
  Fixed missing nslookup.1 man page.  Thanks to Lior Kadosh.
n/tin-1.8.1-i486-1.tgz:  Upgraded to tin-1.8.1.
+--------------------------+
Thu Feb 16 14:01:26 CST 2006
OK, I think I have everything that used libreadline.so.4 recompiled
with the exception of AbiWord, as the --disable-gnome option no
longer seems to work with abiword-2.4.2 -- it still demands
libgnomeprint and all of its dependencies.  Anyone know a way around
this one?  If not, AbiWord will likely be removed soon.  It's
included in all of the GNOME distributions for Slackware anyway...
a/bash-3.1-i486-2.tgz:  Applied official bash patches 006 and 007.
a/coreutils-5.94-i486-1.tgz:  Upgraded to coreutils-5.94.
a/sed-4.1.5-i486-1.tgz:  Upgraded to sed-4.1.5.
ap/bc-1.06-i486-3.tgz:  Recompiled with new libreadline.
ap/gimp-print-4.2.7-i486-2.tgz:  Recompiled with new libreadline.
ap/rzip-2.1-i486-1.tgz:  Upgraded to rzip-2.1.
d/guile-1.6.7-i486-2.tgz:  Recompiled with new libreadline.
l/gtk+2-2.8.12-i486-1.tgz:  Upgraded to gtk+2-2.8.12.
l/pilot-link-0.11.8-i486-3.tgz:  Recompiled with new libreadline.
n/ntp-4.2.0a-i486-1.tgz:  Upgraded to ntp-stable-4.2.0a-20060127
  compiled with new libreadline.
xap/fvwm-2.4.19-i486-5.tgz:  Recompiled with new libreadline.
xap/gftp-2.0.18-i486-2.tgz:  Recompiled with new libreadline.
xap/gnuchess-5.07-i486-2.tgz:  Recompiled with new libreadline.
xap/xine-ui-0.99.4-i686-2.tgz:  Recompiled with new libreadline.
extra/parted/parted-1.6.25.1-i486-1.tgz:  Upgraded to parted-1.6.25.1,
  compiled with new libreadline.
testing/packages/gnupg-1.4.2.1-i486-1.tgz:  Upgraded to gnupg-1.4.2.1.
  This fixes an issue where gpg could exit with zero in certain cases
  where a detached "signature" actually contained no signature.
  However, according to the NEWS file "nobody should have used this
  for signature verification without checking the status codes" with
  --status-fd.  Considering that (and especially this package's placement
  in the /testing directory) I'm not going to issue an advisory here,
  though the NEWS file does admit it is a security weakness.
+--------------------------+
Tue Feb 14 16:08:52 CST 2006
n/php-4.4.2-i486-3.tgz:  Fixed some more bugs from the 4.4.2 release...
  hopefully the third time is the charm.
  Replaced PEAR packages for which the 4.4.2 release contained incorrect
  md5sums:  Archive_Tar-1.3.1, Console_Getopt-1.2, and HTML_Template_IT-1.1.3.
  (this last one was also not upgraded to the stable version that was released
  on 2005-11-01)  Sorry to have delayed the advisories, but these bugs had to
  be fixed first.  IMHO, the security issues are of dubious severity anyway,
  or a more agressive approach would have been taken (though this would likely
  have caused a lot of people to upgrade to the broken -1 or -2 package
  revisions, so anyone who didn't know about this until now was probably saved
  a hassle.)
  Upgraded other PEAR modules to HTTP-1.4.0, Net_SMTP-1.2.8, and XML_RPC-1.4.5.
  Thanks again to Krzysztof Oledzki for the bug report.
testing/packages/php-5.1.2/php-5.1.2-i486-2.tgz:  The same junk
  dotfiles were installed in php-5.1.2, too.  Cleaned them out
  of the root directory of the package.  Thanks to Tyler McGrath
  for reporting this.
+--------------------------+
Fri Feb 10 19:07:13 CST 2006
ap/man-1.6c-i486-2.tgz:  Reversed man-1.6c change that caused
  makewhatis to break.  Thanks to Robby Workman for the patch.
n/php-4.4.2-i486-2.tgz:  Rebuilt the package to clean up some junk
  dotfiles that were installed in the / directory.  Harmless, but
  sloppy...  Thanks to Krzysztof Oledzki for pointing this out.
+--------------------------+
Thu Feb  9 17:24:25 CST 2006
a/aaa_elflibs-10.2.0-i486-4.tgz:  Added /lib/libgcc_s.so.1 ->
  /usr/lib/libgcc_s.so.1 symlink, needed by Oracle 10g RAC support.
  Thanks to Luigi Genoni.
  Upgraded various other libraries.
a/bash-3.1-i486-1.tgz:  Upgraded to bash-3.1.
a/coreutils-5.93-i486-1.tgz:  Upgraded to coreutils-5.93.
  The DEFAULT_POSIX2_VERSION=199209 is set to provide more
  traditional behavior (thanks to Eric Hameleers), but this may change
  in the future as the newer standards are accepted.  Added
  the uname patch (suggested by many), and moved color ls setup
  out of /etc/profile and /etc/csh.login and into scripts in
  /etc/profile.d/.  These scripts also replace some functionality
  (setting up aliases and defaults) that is no longer part of the
  dircolors tool.
a/cups-1.1.23-i486-2.tgz:  Recompiled against new OpenSSL.
a/cxxlibs-6.0.3-i486-1.tgz:  Upgraded to libstdc++ from gcc-3.4.5.
a/etc-5.1-noarch-11.tgz:  Removed color ls setup from /etc/profile
  and /etc/csh.login.  Fixed csh.login in cases where $TERM or $MANPATH
  are not set.  (thanks to Jim Diamond)
a/gettext-0.14.5-i486-1.tgz:  Upgraded to gettext-0.14.5.
a/glibc-solibs-2.3.6-i486-2.tgz:  Recompiled with gcc-3.4.5
  against the 2.4.32 and 2.6.15.3 kernel headers.
a/glibc-zoneinfo-2.3.6-noarch-2.tgz:  Recompiled.
a/gpm-1.20.1-i486-1.tgz:  Upgraded to gpm-1.20.1, with many, many patches.
a/openssl-solibs-0.9.8a-i486-1.tgz:  Upgraded to openssl-0.9.8a.
  This may require many things to be recompiled.  Let me know if I
  skipped anything that matters.  :-)
a/pkgtools-10.2.0-i486-6.tgz:  Upgraded subset of terminfo database from
  ncurses-5.5.  Upgraded to dialog-1.0-20060126.
a/procps-3.2.6-i486-1.tgz:  Upgraded to procps-3.2.6.
a/tcsh-6.14.00-i486-2.tgz:  Patched to remove built-in color ls, as the new
  coreutils adds an 'su' feature to the shared $LS_COLORS variable that
  causes tcsh to exit.  Perhaps tcsh should use a different variable name or
  be less strict about using LS_COLORS?  The GNU ls version is probably
  better for most purposes anyway, though.
ap/espgs-8.15.1-i486-1.tgz:  Upgraded to espgs-8.15.1.
ap/linuxdoc-tools-0.9.21-i486-1.tgz:  Added linuxdoc-tools-0.9.21.
  This package replaces the sgml-tools package and should contain the
  essentials needed to handle modern Linux Docbook/SGML documents.  Huge
  thanks are due to Stuart Winter for doing most of the work on transitioning
  Slackware from the old sgml-tools system to this one!  :-)
ap/man-1.6c-i486-1.tgz:  Upgraded to man-1.6c.
ap/man-pages-2.22-noarch-1.tgz:  Upgraded to man-pages-2.22.
ap/mdadm-2.3.1-i486-1.tgz:  Upgraded to mdadm-2.3.1.
ap/mysql-5.0.18-i486-1.tgz:  Upgraded to mysql-5.0.18.
  (this will require everything linked to MySQL libs to be recompiled)
ap/sgml-tools-1.0.9-i486-12.tgz:  Removed.  (replaced with linuxdoc-tools)
ap/sudo-1.6.8p12-i486-1.tgz:  Upgraded to sudo-1.6.8p12.
  This fixes an issue where a user able to run a Python script through sudo
  may be able to gain root access.
  IMHO, running any kind of scripting language from sudo is still not safe...
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
  (* Security fix *)
ap/vorbis-tools-1.1.1-i486-2.tgz:  Recompiled.
d/automake-1.9.6-noarch-1.tgz:  Upgraded to automake-1.9.6.
d/bison-2.1-i486-1.tgz:  Upgraded to bison-2.1.
  I think enough of the upstream sources are expecting bison-2.x now, but let
  me know if you find breakage (for which patches or pointers to upgrades
  would be welcome.)
d/clisp-2.38-i486-1.tgz:  Upgraded to clisp-2.38.
d/doxygen-1.4.6-i486-1.tgz:  Upgraded to doxygen-1.4.6.
d/gdb-6.4-i486-1.tgz:  Upgraded to gdb-6.4.
d/gettext-tools-0.14.5-i486-1.tgz:  Upgraded to gettext-0.14.5 tools.
d/m4-1.4.4-i486-1.tgz:  Upgraded to m4-1.4.4.
d/make-3.80-i486-2.tgz:  Fixed an out-of-memory bug in make, since
  nobody upstream seems concerned about putting out a fixed make
  release any time soon.  Is "make" dead?  ;-)
  Reported here by:  Mihnea-Costin Grigore, penguinista, and ePAc.
d/nasm-0.98.39-i486-1.tgz:  Upgraded to nasm-0.98.39.
d/perl-5.8.8-i486-1.tgz:  Upgraded to perl-5.8.8 and DBI-1.50.
d/pkgconfig-0.20-i486-1.tgz:  Upgraded to pkgconfig-0.20.
d/python-2.4.2-i486-1.tgz:  Upgraded to python-2.4.2.
  The bsddb module didn't build against the new 4.4.x version of
  Berkeley DB.  Does anyone care?  Or perhaps have a patch?  :-)
d/python-demo-2.4.2-noarch-1.tgz:  Upgraded to python-2.4.2 demos.
d/python-tools-2.4.2-noarch-1.tgz:  Upgraded to python-2.4.2 tools.
d/strace-4.5.14-i486-1.tgz:  Upgraded to strace-4.5.14.
kde/k*.tgz:  Upgraded to KDE 3.5.1.
kde/koffice-1.4.2-i486-1.tgz:  Upgraded to koffice-1.4.2.
kde/qt-3.3.5-i486-1.tgz:  Upgraded to qt-3.3.5.
l/arts-1.5.1-i486-1.tgz:  Upgraded to arts-1.5.1.
l/aspell-0.60.2-i486-2.tgz:  Recompiled.
l/atk-1.10.3-i486-1.tgz:  Upgraded to atk-1.10.3.
l/cairo-1.0.2-i486-1.tgz:  Added cairo graphics library for GTK+2.
l/db4-4.4.20-i486-1.tgz:  Upgraded to Berkeley DB 4.4.20.  This will
  require rebuilding any databases that use the older spec as things
  are recompiled to use this, and I'm planning to do that whereever
  possible.  Just be glad I don't do this with every new BDB release
  like I used to.  :-)
l/glib2-2.8.6-i486-1.tgz:  Upgraded to glib-2.8.6.
l/glibc-2.3.6-i486-2.tgz:  Recompiled with gcc-3.4.5
  against the 2.4.32 and 2.6.15.3 kernel headers.
l/glibc-i18n-2.3.6-noarch-2.tgz:  Rebuilt.
l/glibc-profile-2.3.6-i486-2.tgz:  Recompiled with gcc-3.4.5
  against the 2.4.32 and 2.6.15.3 kernel headers.
l/gmp-4.1.4-i486-3.tgz:  Recompiled.
l/gtk+2-2.8.11-i486-1.tgz:  Upgraded to gtk+-2.8.11.
l/jre-1_5_0_06-i586-1.tgz:  Upgraded to Java(TM) 2 Platform Standard Edition
  Runtime Environment Version 5.0, Release 6.
l/libogg-1.1.3-i486-1.tgz:  Upgraded to libogg-1.1.3.
l/libtiff-3.7.4-i486-1.tgz:  Upgraded to libtiff-3.7.4.
l/libvorbis-1.1.2-i486-1.tgz:  Upgraded to libvorbis-1.1.2.
l/libwpd-0.8.4-i486-1.tgz:  Upgraded to libwpd-0.8.4.
l/libxml2-2.6.23-i486-1.tgz:  Upgraded to libxml2-2.6.23.
l/ncurses-5.5-i486-1.tgz:  Upgraded to ncurses-5.5.
l/pango-1.10.3-i486-1.tgz:  Upgraded to pango-1.10.3.
l/pcre-6.4-i486-2.tgz:  Recompiled.
l/readline-5.1-i486-1.tgz:  Upgraded to readline-5.1.
l/sdl-1.2.9-i486-2.tgz:  Recompiled.
l/taglib-1.4-i486-2.tgz:  Recompiled.
n/apache-1.3.34-i486-2.tgz:  Recompiled against db-4.4.
  Support for db-3.3 removed.
n/bind-9.3.2-i486-1.tgz:  Upgraded to bind-9.3.2.
n/bitchx-1.1-i486-3.tgz:  Recompiled.
n/curl-7.15.1-i486-1.tgz:  Upgraded to curl-7.15.1.
n/dhcpcd-2.0.1-i486-1.tgz:  Upgraded to dhcpcd-2.0.1.
n/dnsmasq-2.26-i486-1.tgz:  Upgraded to dnsmasq-2.26.
n/epic4-2.2-i486-1.tgz:  Upgraded to epic4-2.2.
n/fetchmail-6.3.2-i486-1.tgz:  Upgraded to fetchmail-6.3.2.
  Presumably this replaces all the known security problems with
  a batch of new unknown ones.  (fetchmail is improving, really ;-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321
  (* Security fix *)
n/getmail-4.4.4-noarch-1.tgz:  Upgraded to getmail-4.4.4.
n/imapd-4.64-i486-2.tgz:  Recompiled against OpenLDAP client libs.
n/iproute2-2.6.15_060110-i486-1.tgz:  Upgraded to iproute2-2.6.15-060110.
n/iptables-1.3.5-i486-1.tgz:  Upgraded to iptables-1.3.5.
n/irssi-0.8.10a-i486-1.tgz:  Upgraded to irssi-0.8.10a.
n/lftp-3.4.0-i486-1.tgz:  Upgraded to lftp-3.4.0.
n/links-2.1pre20-i486-1.tgz:  Upgraded to links-2.1pre20.
n/lynx-2.8.5rel.5-i486-2.tgz:  Recompiled.
n/mod_ssl-2.8.25_1.3.34-i486-2.tgz:  Recompiled against new OpenSSL.
n/mutt-1.4.2.1i-i486-2.tgz:  Recompiled against new OpenSSL.
n/nail-11.25-i486-1.tgz:  Upgraded to nail-11.25.
n/nmap-4.00-i486-1.tgz:  Upgraded to nmap-4.00.
n/openldap-client-2.3.17-i486-1.tgz:  Added client libraries and
  binaries for LDAP authentication.  (Thanks to Eric Hameleers for
  help with the ./configure options).
n/openssh-4.3p1-i486-1.tgz:  Upgraded to openssh-4.3p1.
  This fixes a security issue when using scp to copy files that could
  cause commands embedded in filenames to be executed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
  (* Security fix *)
n/openssl-0.9.8a-i486-1.tgz:  Upgraded to openssl-0.9.8a.
n/php-4.4.2-i486-1.tgz: Upgraded to php-4.4.2.
  Compiled against db-4.4.
  Support for db-3.3 removed.
  Claims to fix "a few small security issues".
  For more information, see:
    http://www.php.net/release_4_4_2.php
  (* Security fix *)
n/pidentd-3.0.19-i486-1.tgz:  Upgraded to pidentd-3.0.19.
n/pine-4.64-i486-2.tgz:  Recompiled.
n/procmail-3.22-i486-1.tgz:  Upgraded to procmail-3.22.
n/proftpd-1.3.0rc3-i486-1.tgz:  Upgraded to proftpd-1.3.0rc3.  Generally I
  don't like to use release candidates (especially with network services),
  but this one was needed in order to work with the new OpenSSL.
n/rp-pppoe-3.7-i486-1.tgz:  Upgraded to rp-pppoe-3.7.
n/samba-3.0.21b-i486-1.tgz:  Upgraded to samba-3.0.21b linked with OpenLDAP.
n/sendmail-8.13.5-i486-1.tgz:  Upgraded to sendmail-8.13.5.
  This has been relinked with db-4.4.20, so any databases in /etc/mail will
  have to be rebuilt. ( cd /etc/mail ; rm *.db ; make )
n/sendmail-cf-8.13.5-noarch-1.tgz:  Upgraded to sendmail-8.13.5 config files.
n/slrn-0.9.8.1-i486-2.tgz:  Recompiled.
n/stunnel-4.14-i486-1.tgz:  Upgraded to stunnel-4.14.
n/tcpdump-3.9.4-i486-2.tgz:  Recompiled.
n/tcpip-0.17-i486-36.tgz:  Upgraded to vlan.1.9 and tftp-hpa-0.41.
  Applied Debian's net-tools patch at Cesare Tensi's urging.  :-)
n/vsftpd-2.0.4-i486-1.tgz:  Upgraded to vsftpd-2.0.4.
n/wget-1.10.2-i486-2.tgz:  Recompiled.
n/whois-4.7.11-i486-1.tgz:  Upgraded to whois-4.7.11.
n/ytalk-3.3.0-i486-1.tgz:  Upgraded to ytalk-3.3.0.
xap/fluxbox-0.9.14-i486-1.tgz:  Upgraded to fluxbox-0.9.14.
xap/gaim-1.5.0-i486-2.tgz:  Recompiled.
xap/gimp-2.2.10-i486-1.tgz:  Upgraded to gimp-2.2.10.
xap/gxine-0.5.4-i486-1.tgz:  Upgraded to gxine-0.5.4.
  Thanks to Peter Santoro for the heads-up on the Javascript engine issue.
xap/imagemagick-6.2.6_1-i486-1.tgz:  Upgraded to imagemagick-6.2.6-1.
  This has a new major library version number and will require anything
  linked with the ImageMagick shared libraries to be recompiled.
  Several security issues are fixed in this release.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082
  (* Security fix *)
xap/mozilla-1.7.12-i486-2.tgz:  Linked libmozjs.so into /usr/lib since gxine
  needs to be able to find it.
xap/mozilla-firefox-1.5.0.1-i686-1.tgz:  Upgraded to firefox-1.5.0.1.
  This fixes a DoS issue and some other security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.1
  (* Security fix *)
xap/pan-0.14.2.91-i486-2.tgz:  Recompiled, fixed pan.desktop and moved it
  into the standard .desktop directory.
xap/sane-1.0.17-i486-1.tgz:  Upgraded to sane-backends-1.0.17 and
  sane-frontends-1.0.14.
xap/xpdf-3.01-i486-3.tgz:  Recompiled with xpdf-3.01pl2.patch to fix
  possible security bugs with malformed PDF files.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3624
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3625
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3626
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3627
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3628
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0301
    (* Security fix *)
xap/xchat-2.6.1-i486-1.tgz:  Upgraded to xchat-2.6.1.
xap/xfce-4.2.3.2-i486-1.tgz:  Upgraded to xfce-4.2.3.2.
xap/xine-lib-1.1.1-i686-1.tgz:  Upgraded to xine-lib-1.1.1.
xap/xscreensaver-4.23-i486-1.tgz:  Upgraded to xscreensaver-4.23.
extra/bittornado/bittornado-0.3.14-noarch-1.tgz:  Upgraded to
  BitTornado-0.3.14.
extra/bittorrent/bittorrent-4.4.0-noarch-1.tgz:  Upgraded to
  BitTorrent-4.4.0.  Thanks to Erik Jan Tromp for the doinst.sh
  to automatically edit /etc/mailcap!
extra/jdk-1.5.0_06/jdk-1_5_0_06-i586-1.tgz:  Upgraded to Java(TM) 2
  Platform Standard Edition Development Kit Version 5.0, Release 6.
extra/k3b/k3b-0.12.10-i486-1.tgz:  Upgraded to k3b-0.12.10.
  Thanks to Robby Workman for noticing that CXXFLAGS needed to be set.
extra/k3b/k3b-i18n-0.12.10-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.10.
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.15.3-i486-1.tgz:
  Recompiled for Linux 2.6.15.3.
kernels/test26.s/*:  Upgraded to full-featured Linux 2.6.15.3 kernel.
pasture/lprng-3.8.28-i486-2.tgz:  Recompiled against new OpenSSL.
testing/packages/php-5.1.2/php-5.1.2-i486-1.tgz:  Upgraded to php-5.1.2.
testing/packages/linux-2.6.15.3/alsa-driver-1.0.10_2.6.15.3-i486-1.tgz:
  Recompiled ALSA modules for Linux 2.6.15.3.
testing/packages/linux-2.6.15.3/kernel-generic-2.6.15.3-i486-1.tgz:
  Upgraded to Linux 2.6.15.3 generic kernel.
testing/packages/linux-2.6.15.3/kernel-headers-2.6.15.3-i386-1.tgz:
  Upgraded to Linux 2.6.15.3 kernel headers.
testing/packages/linux-2.6.15.3/kernel-modules-2.6.15.3-i486-1.tgz:
  Upgraded to Linux 2.6.15.3 kernel modules.
testing/packages/linux-2.6.15.3/kernel-source-2.6.15.3-noarch-1.tgz:
  Upgraded to Linux 2.6.15.3 kernel source.
testing/packages/seamonkey-1.0-i486-1.tgz:  Added seamonkey-1.0, which
  will probably be replacing mozilla-1.7.12 in slackware/xap/ soon unless
  doing so ends up breaking too many things.  Hopefully it won't -- please
  help test it.
# Old bison packages from slackware/d and /extra moved to /pasture.
# A few sources may still require these unless/until they are updated.
pasture/bison-1.35-i386-1.tgz:  Moved to /pasture.
pasture/bison-1.875d-i486-1.tgz:  Moved to /pasture.
# We'll see if we can get away with a mass removal of old Berkeley DB
# cruft.  Yes, I know this will be painful, but it's not my fault that
# BDB does not stay compatible with itself.  This mess had to be cleaned
# up sometime, and in preparation for a .0 release seems as good as any.
pasture/db3-3.3.11-i486-4.tgz:  Moved to /pasture.
pasture/db31-3.1.17-i486-1.tgz:  Moved to /pasture.
pasture/db4-4.1.25-i386-1.tgz:  Moved to /pasture.
pasture/db4-4.2.52-i486-2.tgz:  Moved to /pasture.
+--------------------------+
Sat Jan 14 13:41:26 CST 2006
a/kernel-ide-2.4.32-i486-2.tgz:  Recompiled with gcc-3.4.5.
  Apparently the nVidia driver demands that the kernel be compiled with the
  same compiler that will be used to compile the kernel module wrapper for the
  binary nVidia driver (though my guess is that if this restriction were not
  coded into their installer that it would work fine), so I've recompiled all
  the 2.4.32 kernels and modules using the new compiler.
a/kernel-modules-2.4.32-i486-3.tgz:  Recompiled with gcc-3.4.5.
l/alsa-driver-1.0.10_2.4.32-i486-2.tgz:  Recompiled with gcc-3.4.5.
x/x11-docs-html-6.9.0-noarch-1.tgz:  Upgraded to X11R6.9.0.
  For those who may not be aware, this is is the exact same code base as
  X11R7.0.0, but is packaged as the traditional single source archive using
  the imake build system.  Also, note that this still rightly (IMHO) contains
  freetype-2.1.9.  The newer release of freetype (2.1.10) removed some functions
  that various applications use -- I'm hoping that these will be restored.
  Finally, the kernel interface for direct rendering (DRI) seems to have changed,
  and direct rendering with X11R6.9.0 only works on my machines with a 2.6
  kernel.  I spent several days trying to produce working DRM kernel modules
  for Linux 2.4.32, but to no avail, so if you're still using a 2.4 kernel
  you'll want to edit your xorg.conf so that the dri module is not loaded
  or you'll likely corrupt your display requiring a reboot.  I've tested this
  only with ATI cards and the open source drivers.  Perhaps the binary drivers
  from ATI or nVidia would work.
x/x11-fonts-scale-6.9.0-noarch-1.tgz:  Upgraded to X11R6.9.0.
x/x11-devel-6.9.0-i486-1.tgz:  Upgraded to X11R6.9.0.
x/x11-fonts-100dpi-6.9.0-noarch-1.tgz:  Upgraded to X11R6.9.0.
x/x11-xnest-6.9.0-i486-1.tgz:  Upgraded to X11R6.9.0.
x/x11-xdmx-6.9.0-i486-1.tgz:  Upgraded to X11R6.9.0.
x/x11-fonts-misc-6.9.0-noarch-1.tgz:  Upgraded to X11R6.9.0.
x/x11-6.9.0-i486-1.tgz:  Upgraded to X11R6.9.0.
x/x11-docs-6.9.0-noarch-1.tgz:  Upgraded to X11R6.9.0.
x/x11-fonts-cyrillic-6.9.0-noarch-1.tgz:  Upgraded to X11R6.9.0.
x/x11-xvfb-6.9.0-i486-1.tgz:  Upgraded to X11R6.9.0.
xap/mozilla-thunderbird-1.5-i686-1.tgz:  Upgraded to thunderbird-1.5.
bootdisks/*:  Rebuilt using the recompiled 2.4.32 kernels.
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.14.6-i486-1.tgz:
  Recompiled for Linux 2.6.14.6.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-2.tgz:
  Recompiled with gcc-3.4.5.
kernels/*.?/*:  Recompiled 2.4.32 kernels with gcc-3.4.5, upgraded
  test26.s kernel to 2.6.14.6.
testing/packages/linux-2.6.14.6/alsa-driver-1.0.10_2.6.14.6-i486-2.tgz:
  Recompiled for Linux 2.6.14.6.
testing/packages/linux-2.6.14.6/kernel-generic-2.6.14.6-i486-1.tgz:
  Upgraded to Linux 2.6.14.6.
testing/packages/linux-2.6.14.6/kernel-headers-2.6.14.6-i386-1.tgz:
  Upgraded to Linux 2.6.14.6 kernel headers.
testing/packages/linux-2.6.14.6/kernel-modules-2.6.14.6-i486-1.tgz:
  Upgraded to Linux 2.6.14.6 kernel modules.
testing/packages/linux-2.6.14.6/kernel-source-2.6.14.6-noarch-1.tgz:
  Upgraded to Linux 2.6.14.6 kernel source.
+--------------------------+
Thu Dec 15 14:37:27 CST 2005
d/gcc-3.4.5-i486-1.tgz:  Upgraded to gcc-3.4.5.
d/gcc-g++-3.4.5-i486-1.tgz:  Upgraded to gcc-3.4.5.
d/gcc-g77-3.4.5-i486-1.tgz:  Upgraded to gcc-3.4.5.
d/gcc-gnat-3.4.5-i486-1.tgz:  Upgraded to gcc-3.4.5.
d/gcc-java-3.4.5-i486-1.tgz:  Upgraded to gcc-3.4.5.
d/gcc-objc-3.4.5-i486-1.tgz:  Upgraded to gcc-3.4.5.
+--------------------------+
Tue Dec 13 14:01:37 CST 2005
a/kernel-modules-2.4.32-i486-2.tgz:  That's what I meant to say below,
  not "l/alsa-driver-1.0.10_2.4.32-i486-1.tgz".  I'd been looking at the
  alsa-driver package to see if it had the same issue (it doesn't), and
  then listed the wrong package in the ChangeLog.  Sorry about that.
  Oh, and there was really nothing wrong with the modules in the
  kernel-modules-2.4.32-i486-1 package that a 'depmod -a' wouldn't fix.
  That's the only change that went into the package -- the modules are
  the same.  Thanks to Victor Keranov for pointing out my mistake.
+--------------------------+
Mon Dec 12 14:33:24 CST 2005
l/alsa-driver-1.0.10_2.4.32-i486-1.tgz:  Regenerated 'depmod -a' files,
  as these were referring to uncompressed modules rather than compressed
  ones.  Thanks to Malcolm Rowe for pointing this out.
+--------------------------+
Sat Dec 10 23:28:42 CST 2005

It's a girl!  :-)

I know a lot of you have been wondering what's going on here, and the news
is that my wife Andrea delivered our first child, a daughter Briah Cecilia
(briah at slackware dot com :-) on 2005-11-22, and that event (and the weeks
that led up to it) has had to take priority over the usual tasks of
download/compile/test/package/upload.  But, things should be getting back to
normal here (more or less) over the next couple of weeks, particularly after
the holiday season has come and gone.  As you might expect, there are a lot of
friends and relatives who want to see her.  :-)

Thanks for your patience, and we now return you to your regularly scheduled
ChangeLog...

a/bash-3.0-i486-4.tgz:  Fixed an obscure bug where suspending the first process
  started in a new shell would cause it to hang.
  Thanks to Grant Coady for discovering and fixing this bug.
a/bzip2-1.0.3-i486-2.tgz:  Patched a minor bug in the libbz2 shared library
  Makefile to enable support for large files.  Thanks to Timothy C. McGrath
  and Manuel Jose Blanca Molinos both of whom pointed out this problem and
  provided fixes.
a/glibc-solibs-2.3.6-i486-1.tgz:  Upgraded to glibc-2.3.6 shared libraries.
a/glibc-zoneinfo-2.3.6-noarch-1.tgz:  Upgraded to glibc-2.3.6 timezone info.
a/kernel-ide-2.4.32-i486-1.tgz:  Upgraded to Linux 2.4.32 bare.i kernel.
a/kernel-modules-2.4.32-i486-1.tgz:  Upgraded to Linux 2.4.32 kernel modules.
ap/alsa-utils-1.0.10-i486-1.tgz:  Upgraded to alsa-utils-1.0.10.
  In /etc/rc.d/rc.alsa, load snd-seq-oss.  (Thanks to Tomas Matejicek)
d/gcc-3.4.4-i486-2.tgz:  Upgraded to gcc-3.4.4.  gcc-4.x isn't ready yet as
  a prime time compiler yet, IMHO -- still too many things it can't compile,
  internal compiler errors, and the like.  How much of that is the compiler
  and how much is source needing to be updated is a matter for debate,
  though.  Also, the -mcpu=i686 option used in Slackware to optimize
  binaries for i686 or Athlon platforms has changed to -mtune=i686 with the
  gcc-3.4.x compiler series.  I'll be updating the SlackBuilds over time as
  the packages are upgraded.
d/gcc-g++-3.4.4-i486-2.tgz:  Upgraded to gcc-3.4.4.
d/gcc-g77-3.4.4-i486-2.tgz:  Upgraded to gcc-3.4.4.
d/gcc-gnat-3.4.4-i486-2.tgz:  Upgraded to gcc-3.4.4.
d/gcc-java-3.4.4-i486-2.tgz:  Upgraded to gcc-3.4.4.
d/gcc-objc-3.4.4-i486-2.tgz:  Upgraded to gcc-3.4.4.
d/kernel-headers-2.4.32-i386-1.tgz:  Upgraded to Linux 2.4.32 kernel headers.
k/kernel-source-2.4.32-noarch-1.tgz:  Upgraded to Linux 2.4.32 kernel source.
l/alsa-driver-1.0.10_2.4.32-i486-1.tgz:  Upgraded to alsa-driver-1.0.10 for
  Linux 2.4.32.
l/alsa-lib-1.0.10-i486-1.tgz:  Upgraded to alsa-lib-1.0.10.
l/alsa-oss-1.0.10-i486-1.tgz:  Upgraded to alsa-oss-1.0.10.
l/glibc-2.3.6-i486-1.tgz:  Upgraded to glibc-2.3.6.
l/glibc-i18n-2.3.6-noarch-1.tgz:  Upgraded to glibc-2.3.6 i18n files.
  Added files in /usr/share/locale that hadn't previously been included in
  this package (thanks to Lasse Collin).
l/glibc-profile-2.3.6-i486-1.tgz:  Upgraded to glibc-2.3.6.
n/dnsmasq-2.24-i486-1.tgz:  Upgraded to dnsmasq-2.24.  Thanks to Simon Kelley
  (and one of his anonymous testers) for helping to update the SlackBuild.
n/php-4.4.1-i486-2.tgz:  Recompiled with a patch from PHP CVS that fixes issues
  with SquirrelMail and possibly other PHP applications.  I'd hoped there would
  be a new PHP out quickly to address this but since there isn't I'm making an
  exception to the usual policy here on merging patches from CVS as a fair
  number of users seem to be affected by this issue.  Let me know if this
  doesn't help or if any undesired side effects are noticed.
  This problem was first reported here by Gerardo Exequiel Pozzi, but was
  later reported by too many people to list.  Thanks, everyone!  :-)
xap/mozilla-firefox-1.5-i686-1.tgz:  Upgraded to firefox-1.5.
bootdisks/*:  Upgraded to Linux 2.4.32.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-1.tgz:
  Upgraded to linux-wlan-ng-0.2.1pre25 (for Linux 2.4.32).
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.14.3-i486-1.tgz
  Upgraded to linux-wlan-ng-0.2.3 (for Linux 2.6.14.3).
isolinux/initrd.img:  Upgraded USB/IEEE1394 modules to Linux 2.4.32.
isolinux/network.dsk:  Upgraded network modules to Linux 2.4.32.
isolinux/pcmcia.dsk:  Upgraded pcmcia modules to Linux 2.4.32.
kernels/*:  Upgraded to Linux 2.4.32 (and test.s to 2.6.14.3).
rootdisks/install.1:  Upgraded USB/IEEE1394 modules to Linux 2.4.32.
rootdisks/install.2:  Upgraded USB/IEEE1394 modules to Linux 2.4.32.
rootdisks/install.zip:  Upgraded USB/IEEE1394 modules to Linux 2.4.32.
rootdisks/network.dsk:  Upgraded network modules to Linux 2.4.32.
rootdisks/pcmcia.dsk:  Upgraded pcmcia modules to Linux 2.4.32.
testing/packages/linux-2.6.14.3/alsa-driver-1.0.10_2.6.14.3-i486-1.tgz:
  Upgraded to alsa-driver-1.0.10 for Linux 2.6.14.3.
testing/packages/linux-2.6.14.3/kernel-generic-2.6.14.3-i486-1.tgz:
  Upgraded to Linux 2.6.14.3 (generic kernel).
testing/packages/linux-2.6.14.3/kernel-headers-2.6.14.3-i386-1.tgz:
  Upgraded to kernel headers from Linux 2.6.14.3 (see the README
  file in testing/packages/linux-2.6.14.3/ for information about
  why you probably *don't* want to use these headers...)
testing/packages/linux-2.6.14.3/kernel-modules-2.6.14.3-i486-1.tgz:
  Upgraded to kernel modules for Linux 2.6.14.3.
testing/packages/linux-2.6.14.3/kernel-source-2.6.14.3-noarch-1.tgz:
  Upgraded to Linux 2.6.14.3 kernel source.
testing/packages/php-5.1.1/php-5.1.1-i486-1.tgz:  Upgraded to php-5.1.1.
  This no longer seems to ship with PEAR, and if anyone knows why this is or
  how to go about adding it back to the package (if it's still required), I'd
  be interested to know.
testing/packages/thunderbird-1.5rc1/mozilla-thunderbird-1.5rc1-i686-1.tgz:
  Added thunderbird-1.5rc1.
+--------------------------+
Mon Nov  7 19:54:57 CST 2005
n/elm-2.5.8-i486-1.tgz:  Upgraded to elm2.5.8.
  This fixes a buffer overflow in the parsing of the Expires header that
  could be used to execute arbitrary code as the user running Elm.
  Thanks to Ulf Harnhammar for finding the bug and reminding me to get
  out updated packages to address the issue.
  A reference to the original advisory:
    http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
+--------------------------+
Sat Nov  5 21:55:21 CST 2005
l/libxml2-2.6.22-i486-1.tgz:  Upgraded to libxml2-2.6.22.
  This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE
  that was already used by the expat headers, causing PHP to fail to compile
  when using Slackware's combination of ./configure options.
n/curl-7.12.2-i486-2.tgz:  Patched.  This addresses a buffer overflow in
  libcurl's NTLM function that could have possible security implications.
  For more details, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
n/samba-3.0.20b-i486-1.tgz:  Upgraded to samba-3.0.20b.
  This includes various bugfixes.  Thanks to Christopher Linnet for reporting
  that this fixes a problem with printing to a printer on an XP machine from
  CUPS.  If you use such a configuration, you'll want this upgrade for sure.
n/mod_ssl-2.8.25_1.3.34-i486-1.tgz:  Upgraded to mod_ssl-2.8.25-1.3.34.
n/wget-1.10.2-i486-1.tgz:  Upgraded to wget-1.10.2.
  This addresses a buffer overflow in wget's NTLM handling function that could
  have possible security implications.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
n/php-4.4.1-i486-1.tgz:  Upgraded to php-4.4.1.
  Fixes a number of bugs, including several minor security fixes relating to
  the overwriting of the GLOBALS array.
  (* Security fix *)
n/lynx-2.8.5rel.5-i486-1.tgz:  Upgraded to lynx-2.8.5rel.5.
  Fixes an issue where the handling of Asian characters when using lynx to
  connect to an NNTP server (is this a common use?) could result in a buffer
  overflow causing the execution of arbitrary code. 
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
  (* Security fix *)
n/apache-1.3.34-i486-1.tgz:  Upgraded to apache-1.3.34.
  Fixes this minor security bug:  "If a request contains both Transfer-Encoding
  and Content-Length headers, remove the Content-Length, mitigating some HTTP
  Request Splitting/Spoofing attacks."
  (* Security fix *)
n/pine-4.64-i486-1.tgz:  Upgraded to pine-4.64.
n/tcpdump-3.9.4-i486-1.tgz:  Upgraded to tcpdump-3.9.4.
n/imapd-4.64-i486-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
kde/koffice-1.4.1-i486-2.tgz:  Patched.
  Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
  (* Security fix *)

  There, now hopefully we can start getting some REAL work done around here
  again soon...
+--------------------------+
Thu Oct 13 13:57:25 PDT 2005
a/openssl-solibs-0.9.7g-i486-2.tgz:  Patched.
  Fixed a vulnerability that could, in rare circumstances, allow an attacker
  acting as a "man in the middle" to force a client and a server to negotiate
  the SSL 2.0 protocol (which is known to be weak) even if these parties both
  support SSL 3.0 or TLS 1.0.
  For more details, see:
    http://www.openssl.org/news/secadv_20051011.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
  (* Security fix *)
n/openssl-0.9.7g-i486-2.tgz:  Patched.
  (* Security fix *)
+--------------------------+
Mon Oct 10 15:14:22 PDT 2005
xap/xine-lib-1.0.3a-i686-1.tgz:  Upgraded to xine-lib-1.0.3a.
  This fixes a format string bug where an attacker, if able to upload malicious
  information to a CDDB server and then get a local user to play a certain
  audio CD, may be able to run arbitrary code on the machine as the user
  running the xine-lib linked application.
  For more information, see:
    http://xinehq.de/index.php/security/XSA-2005-1
  (* Security fix *)
+--------------------------+
Sat Oct  8 18:46:14 PDT 2005
d/cvs-1.11.21-i486-1.tgz:  Upgraded to cvs-1.11.21.
+--------------------------+
Wed Oct  5 13:04:15 PDT 2005
xap/mozilla-thunderbird-1.0.7-i686-1.tgz:  Upgraded to thunderbird-1.0.7.
  This fixes a security issue where URLs passed on the command line to the
  thunderbird shell script were not correctly protected against
  interpretation by the shell.  As a result, a malicious URL could contain
  embedded shell commands which would then be executed as the user running
  Thunderbird.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird
  (* Security fix *)
+--------------------------+
Sun Sep 25 22:02:46 PDT 2005
x/x11-6.8.2-i486-4.tgz:  Rebuilt with a modified patch for an earlier pixmap
  overflow issue.  The patch released by X.Org was slightly different than
  the one that was circulated previously, and is an improved version.  There
  have been reports that the earlier patch broke WINE and possibly some
  other programs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
  (* Security fix *)
x/x11-xdmx-6.8.2-i486-4.tgz:  Patched and rebuilt.
x/x11-xnest-6.8.2-i486-4.tgz:  Patched and rebuilt.
x/x11-xvfb-6.8.2-i486-4.tgz:  Patched and rebuilt.
xap/mozilla-1.7.12-i486-1.tgz:  Upgraded to mozilla-1.7.12.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
  (* Security fix *)
xap/mozilla-firefox-1.0.7-i686-1.tgz:  Upgraded to firefox-1.0.7.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
  (* Security fix *)
+--------------------------+
Tue Sep 13 12:24:53 PDT 2005
Slackware 10.2 is released.
Thanks to everyone to helped make it possible.
Enjoy!  :-)