Wed Jul 25 02:02:40 UTC 2012
patches/packages/libpng-1.2.50-i386-1_slack8.1.tgz:  Upgraded.
  Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()
  (fixes CVE-2011-3045).
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
  (* Security fix *)
+--------------------------+
Thu Jun 14 05:02:39 UTC 2012
####################################################################
# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
#                                                                  #
# Effective August 1, 2012, security patches will no longer be     #
# provided for the following versions of Slackware (which will all #
# be more than 5 years old at that time):                          #
# Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0.           #
# If you are still running these versions you should consider      #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own        #
# security patches.  If for some reason you are unable to upgrade  #
# or handle your own security patches, limited security support    #
# may be available for a fee.  Inquire at security@slackware.com.  #
####################################################################
patches/packages/bind-9.4_ESV_R5-i386-2_slack8.1.tgz:  Rebuilt.
  This release fixes an issue that could crash BIND, leading to a denial of
  service.  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
  Please note that another CVE (CVE-2012-1033), the so-called "ghost names
  attack", could not be trivially backported to this version of BIND, and
  that the supporting libraries on Slackware 8.1 are not compatible with
  newer versions.  EOL is looming for Slackware 8.1 anyway, so please
  migrate.
  (* Security fix *)
+--------------------------+
Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.2.47-i386-1_slack8.1.tgz:  Upgraded.
  All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
  respectively, fail to correctly validate a heap allocation in
  png_decompress_chunk(), which can lead to a buffer-overrun and the
  possibility of execution of hostile code on 32-bit systems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
  (* Security fix *)
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.4_ESV_R5_P1-i386-1_slack8.1.tgz:  Upgraded.
        --- 9.4-ESV-R5-P1 released ---
3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]
  (* Security fix *)
+--------------------------+
Fri Nov 11 18:58:21 UTC 2011
  Good 11-11-11, everyone!  Enjoy some fresh time.  :)
patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.tgz:  Upgraded.
  New upstream homepage:  http://www.iana.org/time-zones
+--------------------------+
Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.4_ESV_R5-i386-1_slack8.1.tgz:  Upgraded.
  This BIND update addresses a couple of security issues:
  * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
  * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
+--------------------------+
Fri Jul 29 18:22:40 UTC 2011
patches/packages/libpng-1.2.46-i386-1_slack8.1.tgz:  Upgraded.
  Fixed uninitialized memory read in png_format_buffer()
  (Bug report by Frank Busse, related to CVE-2004-0421).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
  (* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i386-1_slack8.1.tgz:  Upgraded.
  This release fixes a denial of service in STARTTLS protocol phases.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
    http://www.fetchmail.info/fetchmail-SA-2011-01.txt
  (* Security fix *)
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.4_ESV_R4_P1-i386-1_slack8.1.tgz:  Upgraded.
  This release fixes security issues:
     * A large RRSET from a remote authoritative server that results in
       the recursive resolver trying to negatively cache the response can
       hit an off by one code error in named, resulting in named crashing.
       [RT #24650] [CVE-2011-1910]
     * Zones that have a DS record in the parent zone but are also listed
       in a DLV and won't validate without DLV could fail to validate. [RT
       #24631]
  For more information, see:
    http://www.isc.org/software/bind/advisories/cve-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
  (* Security fix *)
+--------------------------+
Thu Feb 10 21:19:38 UTC 2011
patches/packages/sudo-1.7.4p6-i386-1_slack8.1.tgz:  Upgraded.
  Fix Runas group password checking.
  For more information, see the included CHANGES and NEWS files, and:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
  (* Security fix *)
+--------------------------+
Thu Dec 16 18:57:05 UTC 2010
patches/packages/bind-9.4_ESV_R4-i386-1_slack8.1.tgz:  Upgraded.
  This update fixes some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  (* Security fix *)
+--------------------------+
Mon Sep 20 18:39:57 UTC 2010
patches/packages/bzip2-1.0.6-i386-1_slack8.1.tgz:  Upgraded.
  This update fixes an integer overflow that could allow a specially
  crafted bzip2 archive to cause a crash (denial of service), or execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
  (* Security fix *)
+--------------------------+
Wed Sep 15 18:51:21 UTC 2010
patches/packages/sudo-1.7.4p4-i386-3_slack8.1.tgz:  Rebuilt.
  Hi folks, since the patches for old systems (8.1 - 10.2) were briefly
  available containing a /var/lib with incorrect permissions, I'm issuing
  these again just to be 100% sure that no systems out there will be left
  with problems due to that.  This should do it (third time's the charm).
+--------------------------+
Wed Sep 15 05:58:55 UTC 2010
patches/packages/sudo-1.7.4p4-i386-2_slack8.1.tgz:  Rebuilt.
  The last sudo packages accidentally changed the permissions on /var from
  755 to 700.  This build restores the proper permissions.
  Thanks to Petri Kaukasoina for pointing this out.
+--------------------------+
Wed Sep 15 00:41:13 UTC 2010
patches/packages/sudo-1.7.4p4-i386-1_slack8.1.tgz:  Upgraded.
  This fixes a flaw that could lead to privilege escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
  (* Security fix *)
+--------------------------+
Wed Jun 30 04:51:49 UTC 2010
patches/packages/libpng-1.2.44-i386-1_slack8.1.tgz:  Upgraded.
  This fixes out-of-bounds memory write bugs that could lead to crashes
  or the execution of arbitrary code, and a memory leak bug which could
  lead to application crashes.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
  (* Security fix *)
+--------------------------+
Sun Jun 27 04:02:55 UTC 2010
patches/packages/bind-9.4.3_P5-i386-2_slack8.1.tgz:  Rebuilt.
  At least some of these updates for 2.4.x systems were built under a
  2.6.x kernel, and didn't work.  Sorry, I think I've fixed the
  issue on this end this time.  If the previous update did not work
  for you, try this one.
+--------------------------+
Fri Jun 25 05:28:02 UTC 2010
patches/packages/bind-9.4.3_P5-i386-1_slack8.1.tgz:  Upgraded.
  This fixes possible DNS cache poisoning attacks when DNSSEC is enabled
  and checking is disabled (CD).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
  (* Security fix *)
+--------------------------+
Sun May 16 20:01:28 UTC 2010
patches/packages/fetchmail-6.3.17-i386-1_slack8.1.tgz:  Upgraded.
  A crafted header or POP3 UIDL list could cause a memory leak and crash
  leading to a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167
  (* Security fix *)
+--------------------------+
Tue Apr 20 14:45:24 UTC 2010
patches/packages/sudo-1.7.2p6-i386-1_slack8.1.tgz:  Upgraded.
  This update fixes security issues that may give a user with permission
  to run sudoedit the ability to run arbitrary commands.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html
  (* Security fix *)
+--------------------------+
Thu Dec 10 00:12:58 UTC 2009
patches/packages/ntp-4.2.2p3-i386-2_slack8.1.tgz:  Rebuilt.
  Prevent a denial-of-service attack involving spoofed mode 7 packets.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
  (* Security fix *)
+--------------------------+
Wed Dec  2 20:51:55 UTC 2009
patches/packages/bind-9.4.3_P4-i386-1_slack8.1.tgz:  Upgraded.
  BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3.  It addresses a
  potential cache poisoning vulnerability, in which data in the additional
  section of a response could be cached without proper DNSSEC validation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://www.kb.cert.org/vuls/id/418861
  (* Security fix *)
+--------------------------+
Thu Aug  6 00:48:30 CDT 2009
patches/packages/fetchmail-6.3.11-i386-1_slack8.1.tgz:  Upgraded.
  This update fixes an SSL NUL prefix impersonation attack through NULs in a
  part of a X.509 certificate's CommonName and subjectAltName fields.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
  (* Security fix *)
+--------------------------+
Wed Jul 29 23:10:01 CDT 2009
patches/packages/bind-9.4.3_P3-i386-1_slack8.1.tgz:  Upgraded.
  This BIND update fixes a security problem where a specially crafted
  dynamic update message packet will cause named to exit resulting in
  a denial of service.
  An active remote exploit is in wide circulation at this time.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
    https://www.isc.org/node/479
  (* Security fix *)
+--------------------------+
Tue Jul 14 18:07:41 CDT 2009
patches/packages/dhcp-3.1.2p1-i386-1_slack8.1.tgz:  Upgraded.
  A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
  (* Security fix *)
+--------------------------+
Fri Jun 19 18:22:20 CDT 2009
patches/packages/libpng-1.2.37-i386-1_slack8.1.tgz:  Upgraded.
  This update fixes a possible security issue.  Jeff Phillips discovered an
  uninitialized-memory-read bug affecting interlaced images that may have
  security implications.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
  (* Security fix *)
+--------------------------+
Wed Jun  3 18:09:52 CDT 2009
patches/packages/ntp-4.2.2p3-i386-1_slack8.1.tgz:
  Patched a stack-based buffer overflow in the cookedprint function in
  ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
  execution by a malicious remote NTP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
  (* Security fix *)
+--------------------------+
Fri Feb 20 17:20:49 CST 2009
patches/packages/libpng-1.2.35-i386-1_slack8.1.tgz:
  Upgraded to libpng-1.2.35.
  This fixes multiple memory-corruption vulnerabilities due to a failure to
  properly initialize data structures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
    ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
  (* Security fix *)
+--------------------------+
Wed Jan 14 20:37:39 CST 2009
patches/packages/bind-9.3.6_P1-i386-1_slack8.1.tgz:
  Upgraded to bind-9.3.6-P1.
  Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
  DSA_do_verify functions to prevent spoofing answers returned from zones using
  the DNSKEY algorithms DSA and NSEC3DSA.
  For more information, see:
    https://www.isc.org/node/373
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
  (* Security fix *)
patches/packages/ntp-4.2.4p6-i386-1_slack8.1.tgz:
  [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
  For more information, see:
    https://lists.ntp.org/pipermail/announce/2009-January/000055.html
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
+--------------------------+
Mon Oct 13 13:58:21 CDT 2008
patches/packages/glibc-zoneinfo-2.2.5-noarch-7_slack8.1.tgz:
  Upgraded to tzdata2008h for the latest world timezone changes.
+--------------------------+
Wed Sep 17 02:28:20 CDT 2008
patches/packages/bind-9.3.5_P2-i386-1_slack8.1.tgz:
  Upgraded to bind-9.3.5-P2.
  This version has performance gains over bind-9.3.5-P1.
+--------------------------+
Mon Jul 28 22:05:06 CDT 2008
patches/packages/fetchmail-6.3.8-i486-1_slack8.1.tgz:
  Patched to fix a possible denial of service when "-v -v" options are used.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
  (* Security fix *)
+--------------------------+
Wed Jul  9 20:03:57 CDT 2008
patches/packages/bind-9.3.5_P1-i386-1_slack8.1.tgz:
  Upgraded to bind-9.3.5-P1.
  This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
  Poisoning Issue.  This is the summary of the problem from the BIND site:
    "A weakness in the DNS protocol may enable the poisoning of caching
     recurive resolvers with spoofed data.  DNSSEC is the only full solution.
     New versions of BIND provide increased resilience to the attack."
  It is suggested that sites that run BIND upgrade to one of the new packages
  in order to reduce their exposure to DNS cache poisoning attacks.
  For more information, see:
    http://www.isc.org/sw/bind/bind-security.php
    http://www.kb.cert.org/vuls/id/800113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+
Mon Apr 28 23:46:17 CDT 2008
patches/packages/libpng-1.2.27-i386-1_slack8.1.tgz:
  Upgraded to libpng-1.2.27.
  This fixes various bugs, the most important of which have to do with the
  handling of unknown chunks containing zero-length data.  Processing a PNG
  image that contains these could cause the application using libpng to crash
  (possibly resulting in a denial of service), could potentially expose the
  contents of uninitialized memory, or could cause the execution of arbitrary
  code as the user running libpng (though it would probably be quite difficult
  to cause the execution of attacker-chosen code).  We recommend upgrading the
  package as soon as possible.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
    ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
  (* Security fix *)
+--------------------------+
Mon Apr  7 02:04:58 CDT 2008
patches/packages/bzip2-1.0.5-i386-1_slack8.1.tgz:  Upgraded to bzip2-1.0.5.
  Previous versions of bzip2 contained a buffer overread error that could cause
  applications linked to libbz2 to crash, resulting in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
  (* Security fix *)
patches/packages/m4-1.4.11-i386-1_slack8.1.tgz:  Upgraded to m4-1.4.11.
  In addition to bugfixes and enhancements, this version of m4 also fixes two
  issues with possible security implications.  A minor security fix with the
  use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
  (rather unlikely) possibility that an unquoted string could match an
  existing macro causing operations to be done on the wrong file.  Also,
  a problem with the '-F' option (introduced with version 1.4) could cause a
  core dump or possibly (with certain file names) the execution of arbitrary
  code.  For more information on these issues, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
  (* Security fix *)
+--------------------------+
Fri Apr  4 12:36:37 CDT 2008
patches/packages/openssh-5.0p1-i386-1_slack8.1.tgz:
Upgraded to openssh-5.0p1.
  This version fixes a security issue where local users could hijack forwarded
  X connections.  Upgrading to the new package is highly recommended.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
  (* Security fix *)
+--------------------------+
Thu Feb 14 17:05:55 CST 2008
patches/packages/apache-1.3.41-i386-1_slack8.1.tgz:
  Upgraded to apache-1.3.41, the last regular release of the
  Apache 1.3.x series, and a security bugfix-only release.
  For more information about the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
  (* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz:
  Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
+--------------------------+
Mon Dec 31 18:49:52 CST 2007
patches/packages/glibc-zoneinfo-2.2.5-noarch-6_slack8.1.tgz:
  Some deja vu.  ;-)
  Upgraded to tzdata2007k.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Mon Dec 24 15:54:26 CST 2007
patches/packages/glibc-zoneinfo-2.2.5-noarch-5_slack8.1.tgz:
  Upgraded to tzdata2007j.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Sat Dec  1 16:57:18 CST 2007
patches/packages/rsync-2.6.9-i386-1_slack8.1.tgz:
  Patched some security bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
    http://lists.samba.org/archive/rsync-announce/2007/000050.html
  (* Security fix *)
+--------------------------+
Wed Nov 21 00:55:51 CST 2007
patches/packages/libpng-1.2.23-i386-1_slack8.1.tgz:
  Upgraded to libpng-1.2.23.
  Previous libpng versions may crash when loading malformed PNG files.
  It is not currently known if this vulnerability can be exploited to
  execute malicious code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
  (* Security fix *)
+--------------------------+
Thu Nov  1 22:03:53 CDT 2007
patches/packages/cups-1.1.19-i386-2_slack8.1.tgz:
  Patched cups-1.1.19.
  Errors in ipp.c may allow a remote attacker to crash CUPS resulting
  in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
  (* Security fix *)
+--------------------------+
Wed Oct 10 11:50:50 CDT 2007
patches/packages/glibc-zoneinfo-2.2.5-i386-4_slack8.1.tgz:
  Upgraded to timezone data from tzcode2007h and tzdata2007h.
  This contains the latest timezone data from NIST, including some important
  changes to daylight savings time in Brasil and New Zealand.
+--------------------------+
Wed Sep 12 15:20:06 CDT 2007
patches/packages/openssh-4.7p1-i386-1_slack8.1.tgz:
  Upgraded to openssh-4.7p1.
  From the OpenSSH release notes:
  "Security bugs resolved in this release:  Prevent ssh(1) from using a
  trusted X11 cookie if creation of an untrusted cookie fails; found and
  fixed by Jan Pechanec."
  While it's fair to say that we here at Slackware don't see how this could
  be leveraged to compromise a system, a) the OpenSSH people (who presumably
  understand the code better) characterize this as a security bug, b) it has
  been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
  network daemons.  Better safe than sorry.
  More information should appear here eventually:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
  (* Security fix *)
+--------------------------+
Thu Jul 26 15:51:42 CDT 2007
patches/packages/bind-9.2.8_P1-i386-1_slack8.1.tgz:
  Upgraded to bind-9.2.8_P1 to fix a security issue.
  The query IDs in BIND9 prior to BIND 9.2.8-P1 are cryptographically weak.
  For more information on this issue, see:
    http://www.isc.org/index.pl?/sw/bind/bind-security.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
  (* Security fix *)
+--------------------------+
Wed May 16 16:16:59 CDT 2007
patches/packages/libpng-1.2.18-i386-1_slack8.1.tgz:
  Upgraded to libpng-1.2.18.
  A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
  libpng applications.  This vulnerability has been assigned the identifiers
  CVE-2007-2445 and CERT VU#684664.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
  (* Security fix *)
+--------------------------+
Tue Apr  3 15:13:56 CDT 2007
patches/packages/file-4.20-i386-1_slack8.1.tgz:
  Upgraded to file-4.20.
  This fixes a heap overflow that could allow code to be executed as the
  user running file (note that there are many scenarios where file might be
  used automatically, such as in virus scanners or spam filters).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
  (* Security fix *)
+--------------------------+
Sun Feb 18 15:20:36 CST 2007
patches/packages/glibc-zoneinfo-2.2.5-i386-3_slack8.1.tgz:
  Updated with tzdata2007b for impending Daylight Savings Time
  changes in the US.
+--------------------------+
Fri Jan 26 22:46:30 CST 2007
patches/packages/bind-9.2.8-i386-1_slack8.1.tgz:
  Upgraded to bind-9.2.8.  This update fixes two denial of service
  vulnerabilities where an attacker could crash the name server with
  specially crafted malformed data.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
  (* Security fix *)
+--------------------------+
Wed Jan 24 14:15:07 CST 2007
patches/packages/fetchmail-6.3.6-i386-1_slack8.1.tgz:
  Upgraded to fetchmail-6.3.6.  This fixes two security issues.  First, a bug
  introduced in fetchmail-6.3.5 could cause fetchmail to crash.  However,
  no stable version of Slackware ever shipped fetchmail-6.3.5.  Second, a long
  standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
  password in clear text or omit using TLS even when configured otherwise.
  All fetchmail users are encouraged to consider using getmail, or to upgrade
  to the new fetchmail packages.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
  (* Security fix *)
+--------------------------+
Fri Dec  1 15:03:20 CST 2006
patches/packages/libpng-1.2.14-i386-1_slack8.1.tgz:
  Upgraded to libpng-1.2.14.  This fixes a bug where a specially crafted PNG
  file could crash applications that use libpng.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
  (* Security fix *)
patches/packages/proftpd-1.3.0a-i386-1_slack8.1.tgz:
  Upgraded to proftpd-1.3.0a plus an additional security patch.  Several
  security issues were found in proftpd that could lead to the execution of
  arbitrary code by a remote attacker, including one in mod_tls that does
  not require the attacker to be authenticated first.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
  (* Security fix *)
patches/packages/tar-1.16-i386-1_slack8.1.tgz:
  Upgraded to tar-1.16.
  This fixes an issue where files may be extracted outside of the current
  directory, possibly allowing a malicious tar archive, when extracted, to
  overwrite any of the user's files (in the case of root, any file on the
  system).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
  (* Security fix *)
+--------------------------+
Mon Nov  6 21:29:24 CST 2006
patches/packages/bind-9.2.6_P2-i386-1_slack8.1.tgz:
  Upgraded to bind-9.2.6-P2.  This fixes some security issues related to
  previous fixes in OpenSSL.  The minimum OpenSSL version was raised to
  OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
  in older versions (these patches were already issued for Slackware).  If you
  have not upgraded yet, get those as well to prevent a potentially exploitable
  security problem in named.  In addition, the default RSA exponent was changed
  from 3 to 65537.  RSA keys using exponent 3 (which was previously BIND's
  default) will need to be regenerated to protect against the forging
  of RRSIGs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Fri Nov  3 23:19:57 CST 2006
patches/packages/screen-4.0.3-i386-1_slack8.1.tgz:  Upgraded to screen-4.0.3.
  This addresses an issue with the way screen handles UTF-8 character encoding
  that could allow screen to be crashed (or possibly code to be executed in the
  context of the screen user) if a specially crafted sequence of pseudo-UTF-8
  characters are displayed withing a screen session.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
  (* Security fix *)
+--------------------------+
Fri Sep 29 00:49:33 CDT 2006
patches/packages/openssh-4.4p1-i386-1_slack8.1.tgz:
  Upgraded to openssh-4.4p1.
  This fixes a few security related issues.  From the release notes found at
  http://www.openssh.com/txt/release-4.4:
    * Fix a pre-authentication denial of service found by Tavis Ormandy,
      that would cause sshd(8) to spin until the login grace time
      expired.
    * Fix an unsafe signal hander reported by Mark Dowd. The signal
      handler was vulnerable to a race condition that could be exploited
      to perform a pre-authentication denial of service. On portable
      OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication
      is enabled, but the likelihood of successful exploitation appears
      remote.
    * On portable OpenSSH, fix a GSSAPI authentication abort that could
      be used to determine the validity of usernames on some platforms.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
    After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
  the way you want them.  Future upgrades will respect the existing permissions
  settings.  Thanks to Manuel Reimer for pointing out that upgrading openssh
  would enable a previously disabled sshd daemon.
    Do better checking of passwd, shadow, and group to avoid adding
    redundant entries to these files.  Thanks to Menno Duursma.
  (* Security fix *)
+--------------------------+
Tue Sep 19 14:07:49 CDT 2006
patches/packages/gzip-1.3.5-i386-1_slack8.1.tgz:
  Upgraded to gzip-1.3.5, and fixed a variety of bugs.
  Some of the bugs have possible security implications if gzip or its tools are
  fed a carefully constructed malicious archive.  Most of these issues were
  recently discovered by Tavis Ormandy and the Google Security Team.  Thanks
  to them, and also to the ALT and Owl developers for cleaning up the patch.
  For further details about the issues fixed, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
  (* Security fix *)
+--------------------------+
Thu Sep 14 05:30:50 CDT 2006
patches/packages/openssl-0.9.6m-i386-3_slack8.1.tgz:  Patched an issue where
  it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
patches/packages/openssl-solibs-0.9.6m-i386-3_slack8.1.tgz:  Patched an issue
  where it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Fri Jul 28 17:37:42 CDT 2006
patches/packages/apache-1.3.37-i386-1_slack8.1.tgz:
  Upgraded to apache-1.3.37.
  From the announcement on httpd.apache.org:
    This version of Apache is security fix release only.  An off-by-one flaw
    exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
    since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
  The Slackware Security Team feels that the vast majority of installations
  will not be configured in a vulnerable way but still suggests upgrading to
  the new apache and mod_ssl packages for maximum security.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
  And see Apache's announcement here:
    http://www.apache.org/dist/httpd/Announcement1.3.html
  (* Security fix *)
patches/packages/mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz:
  Upgraded to mod_ssl-2.8.28-1.3.37.
+--------------------------+
Mon Jul 24 15:44:39 CDT 2006
patches/packages/mutt-1.4.2.2i-i386-1_slack8.1.tgz:
  Upgraded to mutt-1.4.2.2i.
  This release fixes CVE-2006-3242, a buffer overflow that could be triggered
  by a malicious IMAP server.
  [Connecting to malicious IMAP servers must be common, right? -- Ed.]
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
  (* Security fix *)
+--------------------------+
Thu Jun 15 01:58:40 CDT 2006
patches/packages/sendmail-8.13.7-i386-1_slack8.1.tgz:
  Upgraded to sendmail-8.13.7.
  Fixes a potential denial of service problem caused by excessive recursion
  leading to stack exhaustion when attempting delivery of a malformed MIME
  message.  This crashes sendmail's queue processing daemon, which in turn
  can lead to two problems:  depending on the settings, these crashed
  processes may create coredumps which could fill a drive partition; and
  such a malformed message in the queue will cause queue processing to
  cease when the message is reached, causing messages that are later in
  the queue to not be processed.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
  Sendmail has also provided an FAQ about this issue:
    http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
  (* Security fix *)
patches/packages/sendmail-cf-8.13.7-noarch-1_slack8.1.tgz:
  Upgraded to sendmail-8.13.7 configs.
+--------------------------+
Wed May 10 15:07:18 CDT 2006
patches/packages/apache-1.3.35-i386-2_slack8.1.tgz:
  Patched to fix totally broken Include behavior.
  Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+
Tue May  9 00:53:54 CDT 2006
patches/packages/apache-1.3.35-i386-1_slack8.1.tgz:
  Upgraded to apache-1.3.35.
  From the official announcement:
    Of particular note is that 1.3.35 addresses and fixes 1 potential
    security issue: CVE-2005-3352 (cve.mitre.org)
       mod_imap: Escape untrusted referer header before outputting in HTML
       to avoid potential cross-site scripting.  Change also made to
       ap_escape_html so we escape quotes.  Reported by JPCERT
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
  (* Security fix *)
patches/packages/mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz:
  Upgraded to mod_ssl-2.8.26-1.3.35.
  This is an updated version designed for Apache 1.3.35.
+--------------------------+
Wed Mar 22 13:01:23 CST 2006
patches/packages/sendmail-8.13.6-i386-1.tgz:  Upgraded to sendmail-8.13.6.
  This new version of sendmail contains a fix for a security problem
  discovered by Mark Dowd of ISS X-Force.  From sendmail's advisory:
    Sendmail was notified by security researchers at ISS that, under some
    specific timing conditions, this vulnerability may permit a specifically
    crafted attack to take over the sendmail MTA process, allowing remote
    attackers to execute commands and run arbitrary programs on the system
    running the MTA, affecting email delivery, or tampering with other
    programs and data on this system.  Sendmail is not aware of any public
    exploit code for this vulnerability.  This connection-oriented
    vulnerability does not occur in the normal course of sending and
    receiving email.  It is only triggered when specific conditions are
    created through SMTP connection layer commands.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/company/advisory/index.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
  (* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
  Upgraded to sendmail-8.13.6 configuration files.
+--------------------------+
Thu Feb  9 15:09:26 CST 2006
patches/packages/fetchmail-6.3.2-i386-1.tgz:  Upgraded to fetchmail-6.3.2.
  Presumably this replaces all the known security problems with
  a batch of new unknown ones.  (fetchmail is improving, really ;-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321
  (* Security fix *)
patches/packages/openssh-4.3p1-i386-1.tgz:  Upgraded to openssh-4.3p1.
  This fixes a security issue when using scp to copy files that could
  cause commands embedded in filenames to be executed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
  (* Security fix *)
patches/packages/sudo-1.6.8p12-i386-1.tgz:  Upgraded to sudo-1.6.8p12.
  This fixes an issue where a user able to run a Python script through sudo
  may be able to gain root access.
  IMHO, running any kind of scripting language from sudo is still not safe...
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
  (* Security fix *)
+--------------------------+
Mon Nov  7 19:54:57 CST 2005
patches/packages/elm-2.5.8-i386-1.tgz:  Upgraded to elm2.5.8.
  This fixes a buffer overflow in the parsing of the Expires header that
  could be used to execute arbitrary code as the user running Elm.
  Thanks to Ulf Harnhammar for finding the bug and reminding me to get
  out updated packages to address the issue.
  A reference to the original advisory:
    http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
+--------------------------+
Sat Nov  5 22:23:30 CST 2005
patches/packages/apache-1.3.34-i386-1.tgz:  Upgraded to apache-1.3.34.
  Fixes this minor security bug:  "If a request contains both Transfer-Encoding
  and Content-Length headers, remove the Content-Length, mitigating some HTTP
  Request Splitting/Spoofing attacks."
  (* Security fix *)
patches/packages/imapd-4.64-i386-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
patches/packages/lynx-2.8.5rel.5-i386-1.tgz:  Upgraded to lynx-2.8.5rel.5.
  Fixes an issue where the handling of Asian characters when using lynx to
  connect to an NNTP server (is this a common use?) could result in a buffer
  overflow causing the execution of arbitrary code.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
  (* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-i386-1.tgz:
  Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/pine-4.64-i386-1.tgz:  Upgraded to pine-4.64.
patches/packages/wget-1.10.2-i386-1.tgz:  Upgraded to wget-1.10.2.
  This addresses a buffer overflow in wget's NTLM handling function that could
  have possible security implications.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
+--------------------------+
Thu Oct 13 13:57:25 PDT 2005
patches/packages/openssl-0.9.6m-i386-2.tgz:  Patched.
  Fixed a vulnerability that could, in rare circumstances, allow an attacker
  acting as a "man in the middle" to force a client and a server to negotiate
  the SSL 2.0 protocol (which is known to be weak) even if these parties both
  support SSL 3.0 or TLS 1.0.
  For more details, see:
    http://www.openssl.org/news/secadv_20051011.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
  (* Security fix *)
patches/packages/openssl-solibs-0.9.6m-i386-2.tgz:  Patched.
  (* Security fix *)
+--------------------------+
Mon Sep 12 23:38:33 PDT 2005
patches/packages/util-linux-2.11r-i386-3.tgz:  Patched an issue with
  umount where if the umount failed when the '-r' option was used, the
  filesystem would be remounted read-only but without any extra flags
  specified in /etc/fstab.  This could allow an ordinary user able to
  mount a floppy or CD (but with nosuid, noexec, nodev, etc in
  /etc/fstab) to run a setuid binary from removable media and gain
  root privileges.
  Reported to BugTraq by David Watson:
    http://www.securityfocus.com/archive/1/410333
  (* Security fix *)
+--------------------------+
Mon Sep 12 12:49:39 PDT 2005
patches/packages/dhcpcd-1.3.22pl4-i386-2.tgz:  Patched an issue where a
  remote attacker can cause dhcpcd to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
  (* Security fix *)
+--------------------------+
Wed Sep  7 13:33:05 PDT 2005
patches/packages/mod_ssl-2.8.24_1.3.33-i386-1.tgz:  Upgraded to
  mod_ssl-2.8.24-1.3.33.  From the CHANGES file:
    Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was
    not enforced in per-location context if "SSLVerifyClient optional" was
    configured in the global virtual host configuration.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
  (* Security fix *)
+--------------------------+
Tue Aug 30 12:54:39 PDT 2005
patches/packages/pcre-6.3-i386-1.tgz:  Upgraded to pcre-6.3.
  This fixes a buffer overflow that could be triggered by the processing of a
  specially crafted regular expression.  Theoretically this could be a security
  issue if regular expressions are accepted from untrusted users to be
  processed by a user with greater privileges, but this doesn't seem like a
  common scenario (or, for that matter, a good idea).  However, if you are
  using an application that links to the shared PCRE library and accepts
  outside input in such a manner, you will want to update to this new package.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
patches/packages/php-4.3.11-i386-4.tgz:  Relinked with the system PCRE library,
  as the builtin library has a buffer overflow that could be triggered by the
  processing of a specially crafted regular expression.
  Note that this change requires the pcre package to be installed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
  Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
  insecure eval() function.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  (* Security fix *)
+--------------------------+
Fri Jul 29 11:33:52 PDT 2005
patches/packages/tcpip-0.17-i386-13b.tgz:  Patched two overflows in
  the telnet client that could allow the execution of arbitrary code
  when connected to a malicious telnet server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  (* Security fix *)
+--------------------------+
Fri Jul 22 13:52:54 PDT 2005
patches/packages/fetchmail-6.2.5.2-i386-1.tgz:
  Upgraded to fetchmail-6.2.5.2.
  This fixes an overflow by which malicious or compromised POP3 servers
  may overflow fetchmail's stack.
  For more information, see:
    http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
  (* Security fix *)
+--------------------------+
Thu Jul 14 15:22:27 PDT 2005
patches/packages/tcpdump-3.9.3-i386-1.tgz:  Upgraded to libpcap-0.9.3 and
  tcpdump-3.9.3.  This fixes an issue where an invalid BGP packet can
  cause tcpdump to go into an infinate loop, effectively disabling network
  monitoring.
  (* Security fix *)
patches/packages/xv-3.10a-i386-4.tgz:  Upgraded to the latest XV jumbo
  patches, xv-3.10a-jumbo-fix-patch-20050410 and
  xv-3.10a-jumbo-enh-patch-20050501.  These fix a number of format string
  and other possible security issues in addition to providing many other
  bugfixes and enhancements.
  (Thanks to Greg Roelofs)
  (* Security fix *)
+--------------------------+
Mon Jul 11 19:50:20 PDT 2005
patches/packages/php-4.3.11-i386-3.tgz:  Fixed build/packaging bugs.
+--------------------------+
Mon Jul 11 15:02:11 PDT 2005
patches/packages/php-4.3.11-i386-2.tgz:  Upgraded PEAR XML_RPC class.
  This new PHP package fixes a PEAR XML_RPC vulnerability.  Sites that use
  this PEAR class should upgrade to the new PHP package, or as a minimal
  fix may instead upgrade the XML_RPC PEAR class with the following command:
    pear upgrade XML_RPC
  (* Security fix *)
+--------------------------+
Tue Jun 21 22:00:51 PDT 2005
patches/packages/sudo-1.6.8p9-i386-1.tgz:  Upgraded to sudo-1.6.8p9.
  This new version of Sudo fixes a race condition in command pathname handling
  that could allow a user with Sudo privileges to run arbitrary commands.
  For full details, see the Sudo site:
    http://www.courtesan.com/sudo/alerts/path_race.html
  (* Security fix *)
+--------------------------+
Sun May  1 22:09:51 PDT 2005
patches/packages/infozip-5.52-i486-1.tgz:  Upgraded to unzip552.tar.gz and
  zip231.tar.gz.  These fix some buffer overruns if deep directory paths are
  packed into a Zip archive which could be a security vulnerability (for
  example, in a case of automated archiving or backups that use Zip).  However,
  it also appears that these now use certain assembly instructions that might
  not be available on older CPUs, so if you have an older machine you may wish
  to take this into account before deciding whether you should upgrade.
  (* Security fix *)
+--------------------------+
Thu Apr 21 14:25:27 PDT 2005
patches/packages/cvs-1.11.20-i386-1.tgz:  Upgraded to cvs-1.11.20.
  From cvshome.org:  "This version fixes many minor security issues in the
  CVS server executable including a potentially serious buffer overflow
  vulnerability with no known exploit.  We recommend this upgrade for all CVS
  servers!"
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
  (* Security fix *)
patches/packages/python-2.2.3-i386-1.tgz:  Upgraded to python-2.2.3.
  From the python.org site:  "The Python development team has discovered a flaw
  in the SimpleXMLRPCServer library module which can give remote attackers
  access to internals of the registered object or its module or possibly other
  modules. The flaw only affects Python XML-RPC servers that use the
  register_instance() method to register an object without a _dispatch()
  method. Servers using only register_function() are not affected."
  For more details, see:
    http://python.org/security/PSF-2005-001/
  (* Security fix *)
+--------------------------+
Sun Apr  3 21:23:27 PDT 2005
patches/packages/php-4.3.11-i386-1.tgz:  Upgraded to php-4.3.11.
 "This is a maintenance release that in addition to over 70 non-critical bug
  fixes addresses several security issues inside the exif and fbsql extensions
  as well as the unserialize(), swf_definepoly() and getimagesize() functions."
  (* Security fix *)
+--------------------------+
Sun Oct 31 17:54:02 PST 2004
patches/packages/apache-1.3.33-i386-1.tgz:  Upgraded to apache-1.3.33.
  This fixes one new security issue (the first issue, CAN-2004-0492, was fixed
  in apache-1.3.32).  The second bug fixed in 1.3.3 (CAN-2004-0940) allows a
  local user who can create SSI documents to become "nobody".  The amount of
  mischief they could cause as nobody seems low at first glance, but it might
  allow them to use kill or killall as nobody to try to create a DoS.
  (* Security fix *)
patches/packages/libtiff-3.5.7-i386-3.tgz:  Patched several bugs that could
  lead to crashes, or could possibly allow arbitrary code to be executed.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
  (* Security fix *)
patches/packages/mod_ssl-2.8.22_1.3.33-i386-1.tgz:  Upgraded to
  mod_ssl-2.8.22_1.3.33.
patches/packages/php-4.3.9-i386-1.tgz:  Fixed mod_php.conf to refer to
  /usr/libexec rather than /usr/libexec/apache.
+--------------------------+
Mon Oct 25 16:38:32 PDT 2004
patches/packages/apache-1.3.32-i386-1.tgz:  Upgraded to apache-1.3.32.
  This addresses a heap-based buffer overflow in mod_proxy by rejecting
  responses from a remote server with a negative Content-Length.  The
  flaw could crash the Apache child process, or possibly allow code to
  be executed as the Apache user (but only if mod_proxy is actually in
  use on the server).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492
  (* Security fix *)
patches/packages/mod_ssl-2.8.21_1.3.32-i386-1.tgz:
  Upgraded to mod_ssl-2.8.21-1.3.32.
  Don't allow clients to bypass cipher requirements, possibly negotiating
  a connection that the server does not consider secure enough.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
  (* Security fix *)
patches/packages/php-4.3.9-i386-1.tgz:  Upgraded to php-4.3.9.
+--------------------------+
Mon Oct 11 20:07:39 PDT 2004
patches/packages/rsync-2.6.3-i386-1.tgz:  Upgraded to rsync-2.6.3.
  From the rsync NEWS file:
      A bug in the sanitize_path routine (which affects a non-chrooted
      rsync daemon) could allow a user to craft a pathname that would get
      transformed into an absolute path for certain options (but not for
      file-transfer names).  If you're running an rsync daemon with chroot
      disabled, *please upgrade*, ESPECIALLY if the user privs you run
      rsync under is anything above "nobody".
  Note that rsync, in daemon mode, sets the "use chroot" to true by
  default, and (in this default mode) is not vulnerable to this issue.
  I would strongly recommend against setting "use chroot" to false
  even if you've upgraded to this new package.
  (* Security fix *)
+--------------------------+
Sat Aug  7 17:16:19 AKDT 2004
patches/packages/libpng-1.2.5-i486-1.tgz:  Upgraded to libpng-1.2.5
  and patched possible security issues including buffer and integer
  overflows and null pointer references.  These issues could cause
  program crashes, or possibly allow arbitrary code embedded in a
  malicious PNG image to execute.  The PNG library is widely used
  within the system, so all sites should upgrade to the new libpng
  package.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
  (* Security fix *)
patches/packages/sox-12.17.4-i386-3.tgz:  Patched buffer overflows
  that could allow a malicious WAV file to execute arbitrary code.
  (* Security fix *)
+--------------------------+
Sun Jul 25 19:28:19 PDT 2004
patches/packages/mod_ssl-2.8.19_1.3.31-i386-1.tgz:
  Upgraded to mod_ssl-2.8.19-1.3.31.
  This fixes a security hole (ssl_log() related format string
  vulnerability in mod_proxy hook functions), so sites using mod_ssl
  should upgrade to the new version.  Be sure to back up your existing
  key files first.
  (* Security fix *)
patches/packages/samba-2.2.10-i386-1.tgz:  Upgraded to samba-2.2.10.
  A buffer overrun has been located in the code used to support
  the 'mangling method = hash' smb.conf option.  Affected Samba
  2.2 installations can avoid this possible security bug by using
  the hash2 mangling method.  Server installations requiring
  the hash mangling method are encouraged to upgrade to Samba v2.2.10
  or v3.0.5.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
  (* Security fix *)
+--------------------------+
Tue Jul 20 20:51:59 PDT 2004
patches/packages/php-4.3.8-i386-1.tgz:  Upgraded to php-4.3.8.
  This release fixes two security problems in PHP (memory_limit handling and
  a problem in the strip_tags function).  Sites using PHP should upgrade.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595
  (* Security fix *)
+--------------------------+
Tue Jun 15 02:07:58 PDT 2004
patches/packages/kernel-ide-2.4.18-i386-6.tgz:  Patched local DoS
  (CAN-2004-0554).  Without this patch to asm-i386/i387.h a local user
  can crash the kernel.  Also includes all previous patches from -3.
  The new patch can be found here, too:
  patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz
  (* Security fix *)
patches/packages/kernel-source-2.4.18-noarch-7.tgz:  Patched
  local DoS (CAN-2004-0554).
  (* Security fix *)
patches/kernels/*:  Patched local DoS (CAN-2004-0554).
  (* Security fix *)
+--------------------------+
Wed Jun  9 11:41:49 PDT 2004
patches/packages/cvs-1.11.17-i386-1.tgz:  Upgraded to cvs-1.11.17.
  From the cvs NEWS file:
  * Thanks to Stefan Esser & Sebastian Krahmer, several potential security
    problems have been fixed.  The ones which were considered dangerous enough
    to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
    CAN-2004-0418 by the Common Vulnerabilities and Exposures Project.  Please
    see <http://www.cve.mitre.org> for more information.
  * A potential buffer overflow vulnerability in the server has been fixed.
    This addresses the Common Vulnerabilities and Exposures Project's issue
    CAN-2004-0414.  Please see <http://www.cve.mitre.org> for more information.
  (* Security fix *)
+--------------------------+
Wed Jun  2 00:46:45 PDT 2004
patches/packages/apache-1.3.31-i386-1.tgz:  Upgraded to apache-1.3.31, needed
  to use the new mod_ssl.
patches/packages/mod_ssl-2.8.18_1.3.31-i386-1.tgz:  Upgraded to
  mod_ssl-2.8.18-1.3.31.  This fixes a buffer overflow that may allow remote
  attackers to execute arbitrary code via a client certificate with a long
  subject DN, if mod_ssl is configured to trust the issuing CA:
    *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
      if the Subject-DN in the client certificate exceeds 6KB in length.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
  (* Security fix *)
  Other changes:  Make the sample keys .new so as not to overwrite existing
  server keys.  However, any existing mod_ssl package will have these listed
  as non-config files, and will still remove and replace these upon upgrade.
  You'll have to save your config files one more time... sorry).
patches/packages/php-4.3.6-i386-1.tgz:  Upgraded to php-4.3.6.  This is
  compiled with c-client.a in /usr/local/lib/c-client/ to fix a problem in
  previous php packages where linking against the library in a path under
  /tmp caused an ELF rpath to this location to be built into the PHP binaries.
  A local attacker could (by placing shared libraries in this location) either
  crash PHP or cause arbitrary code to be executed as the PHP user (typically
  "nobody").  Thanks to Bryce Nichols for discovering this issue and bringing
  it to my attention.
  (* Security fix *)
+--------------------------+
Wed May 19 15:14:54 PDT 2004
patches/packages/cvs-1.11.16-i386-1.tgz:  Upgraded to cvs-1.11.16.  From
  the NEWS file:
    A potential buffer overflow vulnerability in the server has been fixed.
    Prior to this patch, a malicious client could potentially use carefully
    crafted server requests to run arbitrary programs on the CVS server
    machine.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
  (* Security fix *)
+--------------------------+
Wed May 12 13:17:26 PDT 2004
patches/packages/apache-1.3.29-i386-2.tgz:  Patched four security issues
  in the Apache web server as noted on http://httpd.apache.org.
  These security fixes were backported from Apache 1.3.31:

    In mod_digest, verify whether the nonce returned in the client
    response is one we issued ourselves.  This problem does not affect
    mod_auth_digest. (CAN-2003-0987)

    Escape arbitrary data before writing into the errorlog.  (CAN-2003-0020)

    Fix starvation issue on listening sockets where a short-lived connection
    on a rarely-accessed listening socket will cause a child to hold the
    accept mutex and block out new connections until another connection
    arrives on that rarely-accessed listening socket.  (CAN-2004-0174)

    Fix parsing of Allow/Deny rules using IP addresses without a netmask;
    issue is only known to affect big-endian 64-bit platforms (CAN-2003-0993)

  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993

  (* Security fix *)
+--------------------------+
Tue May  4 15:11:06 PDT 2004
patches/packages/bin-8.3.0-i386-3.tgz:  Fixed buffer overflows and
  directory traversal vulnerabilities in the 'lha' archive utility.  Sites
  using 'lha' should upgrade to the new bin package right away.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235
  (* Security fix *)
+--------------------------+
Sun May  2 19:25:42 PDT 2004
patches/packages/rsync-2.6.2-i386-1.tgz:  Upgraded to rsync-2.6.2.
  Rsync before 2.6.1 does not properly sanitize paths when running a
  read/write daemon without using chroot, allowing remote attackers to
  write files outside of the module's path.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426
  (* Security fix *)
patches/packages/sysklogd-1.4.1-i386-9.tgz:  Patched a bug which could allow
  a user to cause syslogd to write to unallocated memory and crash.
  Thanks to Steve Grubb for finding the bug, and Solar Designer for refining
  the patch.
  (* Security fix *)
+--------------------------+
Sat Apr 17 14:16:22 PDT 2004
patches/packages/cvs-1.11.15-i386-1.tgz:  Upgraded to cvs-1.11.15.
  Fixes two security problems (server creating arbitrary files on a client
  machine, and client viewing files outside of the CVS repository).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405
  (* Security fix *)
+--------------------------+
Sat Apr 17 11:15:13 PDT 2004
patches/packages/tcpdump-3.8.3-i486-1.tgz:  Upgraded to tcpdump-3.8.3 and
  libpcap-0.8.3.  This fixes a couple minor bugs that shouldn't affect
  32-bit ix86 Slackware, but we might as well have the latest.
  According to www.tcpdump.org:

    TCPDUMP version 3.8.3 has been released as of March 30, 2004. 3.8.3 is
    identical to 3.8.2, but the version number has been incremented to
    match libpcap.

    LIBPCAP version 0.8.3 has been released as of March 30, 2004. 0.8.3
    fixes a minor problem with gencode.c on 64-bit architectures. It also
    carries the correct version numbers.
+--------------------------+
Tue Mar 30 22:30:39 PST 2004
patches/packages/tcpdump-3.8.2-i386-1.tgz:  Upgraded to tcpdump-3.8.2
  and libpcap-0.8.2.  Fixes denial-of-service security issues.
  For more details, see:
    http://www.rapid7.com/advisories/R7-0017.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184
  (* Security fix *)
+--------------------------+
Wed Mar 17 16:30:44 PST 2004
patches/packages/openssl-0.9.6m-i386-1.tgz:  Upgraded to openssl-0.9.6m.
patches/packages/openssl-solibs-0.9.6m-i386-1.tgz:  Upgraded to
  openssl-0.9.6m.  This fixes two potential denial-of-service issues in
  earlier versions of OpenSSL.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
  (* Security fix *)
+--------------------------+
Wed Feb 18 03:58:44 PST 2004
patches/packages/metamail-2.7-i386-2.tgz:  Patched two format string
  bugs and two buffer overflows in metamail which could lead to
  unauthorized code execution.  Thanks to Ulf Härnhammar for discovering
  these problems and providing a patch.
  (* Security fix *)
+--------------------------+
Thu Feb 12 09:59:49 PST 2004
patches/packages/mutt-1.4.2i-i386-1.tgz:  Upgraded to mutt-1.4.2i.
  This fixes an overflow that is a potential security hole.  Here's the
  information from www.mutt.org:
    "Mutt 1.4.2 was released on February 11, 2004. This version fixes a buffer
     overflow that can be triggered by incoming messages.  There are reports
     about spam that has actually triggered this problem and crashed mutt. It
     is recommended that users of mutt versions prior to 1.4.2 upgrade to this
     version, or apply the patch included below."
  (* Security fix *)
patches/packages/xfree86-4.2.1-i386-3.tgz:  Patched to fix buffer overflow
  problems with the parsing of 'font.alias' files that could allow
  unauthorized code execution.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
  (* Security fix *)
+--------------------------+
Thu Jan  8 18:21:27 PST 2004
patches/kernels/*:  These are 2.4.18 kernels containing a backported
  fix for a security problem with the kernel's mremap() function.
  A local user could exploit this hole to gain root privileges.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
  After installing the new kernel, be sure to run 'lilo'.
  (* Security fix *)
patches/packages/kernel-ide-2.4.18-i386-5.tgz:  Patched mremap().
  (* Security fix *)
patches/packages/kernel-source-2.4.18-noarch-6.tgz:  This is
  the source code from kernel-source-2.4.18-noarch-5 with the fix
  for mremap().
  (* Security fix *)
+--------------------------+
Fri Dec 12 11:05:33 PST 2003
patches/packages/lftp-2.6.10-i386-1.tgz:  Upgraded to lftp-2.6.10.
  According to the NEWS file, this includes "security fixes in html
  parsing code" which could cause a compromise when using lftp to
  access an untrusted site.
  (* Security fix *)
+--------------------------+
Thu Dec 11 12:38:05 PST 2003
patches/packages/cvs-1.11.10-i386-1.tgz:  Upgraded to cvs-1.11.10.
From the NEWS file:
  SERVER SECURITY ISSUES
    * Malformed module requests could cause the CVS server to attempt to
    create directories and possibly files at the root of the filesystem
    holding the CVS repository.  Filesystem permissions usually prevent
    the creation of these misplaced directories, but nevertheless, the
    CVS server now rejects the malformed requests.
  (* Security fix *)
+--------------------------+
Thu Dec  4 15:39:43 PST 2003
patches/kernels/*:  These are 2.4.18 kernels containing a backported
  fix for a security problem with the kernel's do_brk() function.
  A local user could exploit this hole to gain root privileges.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
  After installing the new kernel, be sure to run 'lilo'.
  (* Security fix *)
patches/packages/kernel-ide-2.4.18-i386-4.tgz:  Patched do_brk().
  (* Security fix *)
patches/packages/kernel-source-2.4.18-noarch-5.tgz:  This is
  2.4.18 source code with do_brk() and an improved version of the
  ptrace fix pre-applied.  The package also contains patches for
  XFS and Speakup (provided in /usr/src, but not pre-applied).
(* Security fix *)
+--------------------------+
Wed Dec  3 22:39:24 PST 2003
patches/packages/rsync-2.5.7-i386-1.tgz:  Upgraded to rsync-2.5.7.
  From the rsync-2.5.7-NEWS file:
    SECURITY:
    * Fix buffer handling bugs.  (Andrew Tridgell, Martin Pool, Paul
      Russell, Andrea Barisani)
  The vulnerability affects sites running rsync in daemon mode (rsync
  servers).  These sites should be upgraded immediately.
  (* Security fix *)
+--------------------------+
Tue Nov  4 14:50:50 PST 2003
patches/packages/apache-1.3.29-i386-1.tgz:  Upgraded to apache-1.3.29.
  This fixes the following local security issue:
    o CAN-2003-0542 (cve.mitre.org)
      Fix buffer overflows in mod_alias and mod_rewrite which occurred if
      one configured a regular expression with more than 9 captures.
  This vulnerability requires the attacker to create or modify certain
  Apache configuration files, and is not a remote hole.  However, it could
  possibly be used to gain additional privileges if access to the Apache
  administrator account can be gained through some other means.  All sites
  running Apache should upgrade.
  (* Security fix *)
patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz:  Upgraded to
  mod_ssl-2.8.16_1.3.29.
patches/packages/php-4.3.3-i386-1.tgz:  Upgraded to php-4.3.3.
+--------------------------+
Wed Oct 22 13:44:11 PDT 2003
patches/packages/fetchmail-6.2.5-i386-1.tgz:  Upgraded to fetchmail-6.2.5.
  This fixes a security issue where a specially crafted message could cause
  fetchmail to crash, preventing the user from retrieving email.
  (* Security fix *)
+--------------------------+
Tue Sep 30 17:44:06 PDT 2003
patches/packages/openssl-0.9.6k-i386-1.tgz:  Upgraded to OpenSSL 0.9.6k.
patches/packages/openssl-solibs-0.9.6k-i386-1.tgz:  Upgraded to OpenSSL 0.9.6k.
  This update fixes problems with OpenSSL's ASN.1 parsing which could lead to
  a denial of service.  It is not known whether the problems could lead to the
  running of malicious code on the server, but it has not been ruled out.
  For detailed information, see OpenSSL's security advisory:
    http://www.openssl.org/news/secadv_20030930.txt
  We recommend sites that use OpenSSL upgrade to the fixed packages right away.
  (* Security fix *)
+--------------------------+
Tue Sep 23 14:02:31 PDT 2003
patches/packages/openssh-3.7.1p2-i386-1.tgz:  Upgraded to openssh-3.7.1p2.
  This fixes security problems with PAM authentication.  It also includes
  several code cleanups from Solar Designer.  Slackware does not use PAM and is
  not vulnerable to any of the fixed problems.
  Please indulge me for this brief aside (as requests for PAM are on the rise):
    If you see a security problem reported which depends on PAM, you can be
    glad you run Slackware.  I think a better name for PAM might be SCAM, for
    Swiss Cheese Authentication Modules, and have never felt that the small
    amount of convenience it provides is worth the great loss of system
    security.  We miss out on half a dozen security problems a year by not
    using PAM, but you can always install it yourself if you feel that
    you're missing out on the fun.  (No, don't do that)
  OK, I'm done ranting here. :-)
  I suppose this is still a:
  (* Security fix *)
patches/packages/proftpd-1.2.8p-i386-1.tgz: Upgraded to proftpd-1.2.8p
  (patched).
  This fixes a security problem in ProFTPD.  From http://www.proftpd.org:

    X-Force Research at ISS has discovered a remote exploit in ProFTPD's
    handling of ASCII translations that an attacker, by downloading a
    carefully crafted file, can exploit and gain a root shell.  The source
    distributions on ftp.proftpd.org have all been replaced with patched
    versions. All ProFTPD users are strongly urged to upgrade to one of
    the patched versions as soon as possible.

  Note that the upgraded package does not change the displayed version
  number to 1.2.8p (it remains 1.2.8), but we've verified the source code
  to make sure that this is in fact the patched version.  We recommend all
  sites running ProFTPD upgrade to the new package right away.
  (* Security fix *)
+--------------------------+
Wed Sep 17 10:14:57 PDT 2003
patches/packages/sendmail-8.12.10-i386-1.tgz:  Upgraded to sendmail-8.12.10.
  This fixes security issues as noted in Sendmail's RELEASE_NOTES:

    "SECURITY: Fix a buffer overflow in address parsing.  Problem
         detected by Michal Zalewski, patch from Todd C. Miller
         of Courtesan Consulting.
     Fix a potential buffer overflow in ruleset parsing.  This problem
         is not exploitable in the default sendmail configuration;
         only if non-standard rulesets recipient (2), final (4), or
         mailer-specific envelope recipients rulesets are used then a
         problem may occur.  Problem noted by Timo Sirainen."

  We recommend that sites running Sendmail upgrade immediately.

  (* Security fix *)
patches/packages/sendmail-cf-8.12.10-noarch-1.tgz:  Upgraded to config files
  for sendmail-8.12.10.
+--------------------------+
Wed Sep 17 01:21:54 PDT 2003
patches/packages/openssh-3.7.1p1-i386-1.tgz:  Upgraded to openssh-3.7.1p1.
  The OpenSSH advisory was updated (http://www.openssh.com/txt/buffer.adv)
  and now says that you need at least version 3.7.1, which fixes some
  more buffer problems like those fixed by 3.7.
  (* Security fix *)
+--------------------------+
Tue Sep 16 11:16:56 PDT 2003
patches/packages/openssh-3.7p1-i386-1.tgz:  Upgraded to openssh-3.7p1.
  From the OpenSSH Security Advisory
  (http://www.openssh.com/txt/buffer.adv):
      "All versions of OpenSSH's sshd prior to 3.7 contain a buffer
       management error.  It is uncertain whether this error is
       potentially exploitable, however, we prefer to see bugs
       fixed proactively."
  (* Security fix *)
+--------------------------+
Wed Sep 10 20:47:53 PDT 2003
patches/packages/pine-4.58-i386-1.tgz:  Upgraded to pine4.58.
  This fixes two vulnerabilities in earlier PINE versions found by iDEFENSE
  Labs (see http://www.idefense.com/advisory/09.10.03.txt).
  (* Security fix *)
+--------------------------+
Mon Sep  8 11:32:55 PDT 2003
patches/packages/inetd-1.79s-i386-2.tgz:  Disable inetd's (stupid)
  connection limiting code which can actually cause a DoS rather than
  preventing it.  The default connections-per-minute is now unlimited.
  -R 0 also removes limiting (this is now mentioned in the man page as
  well).  Thanks to 3APA3A for reporting this issue.
  (* Security fix *)
+--------------------------+
Tue Jul 15 10:42:58 PDT 2003
patches/packages/nfs-utils-1.0.4-i386-2.tgz:  Fixed a bug in the new
nfs-utils which can result in mountd crashing.  Thanks to André Muezerie
for the report.
+--------------------------+
Mon Jul 14 14:15:34 PDT 2003
patches/packages/nfs-utils-1.0.4-i386-1.tgz:  Upgraded to nfs-utils-1.0.4.
  This fixes an off-by-one buffer overflow in xlog.c which could be used
  by an attacker to produce a denial of NFS service, or to execute
  arbitrary code.  All sites providing NFS services should upgrade to
  this new package immediately.
  (* Security fix *)
+--------------------------+
Fri May 30 13:59:46 PDT 2003
patches/packages/apache-1.3.27-i386-2.tgz:  Recompiled.
patches/packages/mod_ssl-2.8.14_1.3.27-i386-1.tgz:  Upgraded to
  mod_ssl-2.8.14-1.3.27.  Includes RSA blinding fixes.
  (* Security fix *)
patches/packages/php-4.3.2-i386-1.tgz:  Upgraded to php-4.3.2.
  A bit of the information about the release on www.php.net:
      * Fixes several potentially hazardous integer and buffer overflows.
      * New "disable_classes" php.ini option to allow administrators to
        disable certain classes for security reasons.
      * ..and a HUGE amount of other bug fixes!
  (* Security fix *)
+--------------------------+
Thu May 29 00:52:30 PDT 2003
patches/packages/cups-1.1.19-i386-1.tgz:  Upgraded to cups-1.1.19.
  A denial of service problem that allowed a CUPS client to hang the CUPS
  server is now fixed in CUPS 1.1.19.  Note that CUPS is not installed by
  default -- it is shipped as one of the packages in /extra.
  (* Security fix *)
+--------------------------+
Wed May 21 15:41:04 PDT 2003
patches/packages/bitchx-1.0c19-i386-3.tgz:  Patched several potential "evil
  server" security problems noted by Timo Sirainen.
  (* Security fix *)
patches/packages/epic4-1.0.1-i386-3.tgz:  Patched a buffer overflow in ctcp.c.
  (* Security fix *)
patches/packages/glibc-2.2.5-i386-4.tgz:  Patched, recompiled.
  (* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-4.tgz:  Patched a buffer overflow in
  some dead code (xdrmem_getbytes(), which we couldn't find used by anything,
  but it doesn't hurt to patch it anyway)
  (* Security fix *)
+--------------------------+
Mon Apr  7 14:26:53 PDT 2003
patches/packages/samba-2.2.8a-i386-1.tgz:  Upgraded to samba-2.2.8a.
  From the samba-2.2.8a WHATSNEW.txt:

            ****************************************
            * IMPORTANT: Security bugfix for Samba *
            ****************************************

  Digital Defense, Inc. has alerted the Samba Team to a serious
  vulnerability in all stable versions of Samba currently shipping.
  The Common Vulnerabilities and Exposures (CVE) project has assigned
  the ID CAN-2003-0201 to this defect.

  This vulnerability, if exploited correctly, leads to an anonymous
  user gaining root access on a Samba serving system. All versions
  of Samba up to and including Samba 2.2.8 are vulnerable. An active
  exploit of the bug has been reported in the wild. Alpha versions of
  Samba 3.0 and above are *NOT* vulnerable.

(* Security fix *)
+--------------------------+
Sat Mar 29 14:54:07 PST 2003
patches/packages/mutt-1.4.1i-i386-1.tgz:  Upgraded to mutt-1.4.1i.
  From www.mutt.org:
    Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These
    releases both fix a buffer overflow identified by Core Security
    Technologies. The only differences between 1.4 and 1.4.1 are bug
    fixes. If you are currently using 1.4, it's probably a very good
    idea to update.
  (* Security fix *)
patches/packages/sendmail-8.12.9-i386-1.tgz:  Upgraded to sendmail-8.12.9.
  From sendmail's RELEASE_NOTES:
    8.12.9/8.12.9   2003/03/29
    SECURITY: Fix a buffer overflow in address parsing due to
              a char to int conversion problem which is potentially
              remotely exploitable.  Problem found by Michal Zalewski.
              Note: an MTA that is not patched might be vulnerable to
              data that it receives from untrusted sources, which
              includes DNS.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.9-noarch-1.tgz:  Updated config files for
  sendmail-8.12.9.
+--------------------------+
Sat Mar 15 13:49:04 PST 2003
patches/packages/samba-2.2.8-i386-1.tgz:  Upgraded to Samba 2.2.8.

  From the Samba web site:

     * (14th Mar, 2003) Security Release - Samba 2.2.8

     A flaw has been detected in the Samba main smbd code which
     could allow an external attacker to remotely and anonymously
     gain Super User (root) privileges on a server running a
     Samba server. This flaw exists in previous versions of Samba
     from 2.0.x to 2.2.7a inclusive. This is a serious problem
     and all sites should either upgrade to Samba 2.2.8
     immediately or prohibit access to TCP ports 139 and 445.

(* Security fix *)
+--------------------------+
Mon Mar  3 10:29:01 PST 2003
patches/packages/sendmail-8.12.8-i386-1.tgz:  Upgraded to sendmail-8.12.8.
  From sendmail's RELNOTES:
    SECURITY: Fix a remote buffer overflow in header parsing by dropping sender
    and recipient header comments if the comments are too long.  Problem noted
    by Mark Dowd of ISS X-Force.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.8-noarch-1.tgz:  Updated config files for
  sendmail-8.12.8.
----------------------------
Tue Feb 18 20:52:43 PST 2003
patches/packages/php-4.3.1-i386-1.tgz:  Upgraded to php-4.3.1  This
  fixes a serious security vulnerability in CGI SAPI.  Most sites
  don't use this mode of operation, but if you do -- upgrade.
  (* Security fix *)
----------------------------
Tue Jan 21 13:12:20 PST 2003
patches/packages/cvs-1.11.5-i386-1.tgz:  Upgraded to cvs-1.11.5.
   This release fixes a major security vulnerability in the CVS server
   by which users with read only access could gain write access.
   Details should be available at this URL (but don't seem to be yet):
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
   (* Security fix *)
----------------------------
Sun Jan 19 11:18:33 PST 2003
patches/packages/dhcp-3.0pl2-i386-1.tgz:  Upgraded to dhcp-3.0pl2,
  which fixes several buffer overflow vulnerabilities, including some
  which may allow remote attackers to execute arbitrary code on affected
  systems, though no exploits are known yet.  For complete information,
  please see:  http://www.cert.org/advisories/CA-2003-01.html
  (* Security fix *)
----------------------------
Mon Jan  6 19:31:37 PST 2003
patches/packages/php-4.3.0-i386-3.tgz:  Fixed files under /usr/lib/php/
  which were accidentally left chmodded 666.
----------------------------
Mon Jan  6 16:27:28 PST 2003
patches/packages/mysql-3.23.54a-i386-1.tgz:  Upgraded to mysql-3.23.54a.
  According to www.mysql.com, this contains some security fixes.
  (* Security fix *)
patches/packages/php-4.3.0-i386-2.tgz:  Switched back to --mysql=/usr
  instead of --mysql=shared (which didn't work).
----------------------------
Sun Jan  5 15:56:56 PST 2003
patches/packages/apache-1.3.27-i386-1.tgz:  Upgraded to apache-1.3.27.
  This fixes a few security problems;  please reference CAN-2002-0839,
  CAN-2002-0840, and CAN-2002-0843 on cve.mitre.org for complete details.
  (* Security fix *)
patches/packages/mod_ssl-2.8.12_1.3.27-i386-1.tgz:  Upgraded to
  mod_ssl-2.8.12-1.3.27.  This fixes a potential cross-site scripting bug.
  (* Security fix *)
patches/packages/php-4.3.0-i386-1.tgz:  Upgraded to php-4.3.0.
patches/packages/yptools-2.8-i386-1.tgz:  Upgraded to yp-tools-2.8.
  This fixes a bug where yppasswd fails to work.  Thanks to Dirk van Deun
  for suggesting the upgrade.
----------------------------
Wed Nov 20 16:51:23 PST 2002
patches/packages/samba-2.2.7-i386-1.tgz:  Upgraded to samba-2.2.7.
  Some details (based on the WHATSNEW.txt file included in samba-2.2.7):
    This fixes a security hole discovered in versions 2.2.2 through 2.2.6 of
    Samba that could potentially allow an attacker to gain root access
    on the target machine.  The word "potentially" is used because there
    is no known exploit of this bug, and the Samba Team has not been able to
    craft one ourselves. However, the seriousness of the problem warrants
    this immediate 2.2.7 release.  There was a bug in the length checking for
    encrypted password change requests from clients. A client could potentially
    send an encrypted password, which, when decrypted with the old hashed
    password could be used as a buffer overrun attack on the stack of smbd. The
    attack would have to be crafted such that converting a DOS codepage string
    to little endian UCS2 unicode would translate into an executable block of
    code.  Thanks to Steve Langasek <vorlon@debian.org> and Eloy Paris
    <peloy@debian.org> for bringing this vulnerability to our notice.
  (* Security fix *)
  An unrelated change to the Slackware package is the addition of libsmbclient.
  Thanks to Marcelo Anton for the suggestion.
----------------------------
Mon Sep 16 13:43:11 PDT 2002
patches/packages/xfree86-4.2.1-i386-2.tgz:  Recompiled with
  4.2.1-mit-shm-security.patch.
  This is an update to 4.2.1 that fixes the shm vulnerability for the
  case where the server is running from xdm.  Also fixed a problem with
  freetype2 where there were two versions of the shared library on the
  system.
  (* Security fix *)
patches/packages/xfree86-devel-4.2.1-i386-2.tgz:  Recompiled with
  4.2.1-mit-shm-security.patch.
  (* Security fix *)
----------------------------
Wed Sep  4 19:20:44 PDT 2002
patches/packages/kernel-modules-2.4.18-i386-5.tgz:  Updated XFree86 DRI
  modules in /lib/modules/2.4.18/kernel/drivers/char/drm/.
patches/packages/xfree86-4.2.1-i386-1.tgz:  Upgraded to XFree86 4.2.1.
patches/packages/xfree86-devel-4.2.1-i386-1.tgz:  Upgraded to XFree86 4.2.1.
patches/packages/xfree86-docs-4.2.1-i386-1.tgz:  Upgraded to XFree86 4.2.1.
patches/packages/xfree86-docs-html-4.2.1-i386-1.tgz:  Upgraded to XFree86 4.2.1.
patches/packages/xfree86-xnest-4.2.1-i386-1.tgz:  Upgraded to XFree86 4.2.1.
patches/packages/xfree86-xprt-4.2.1-i386-1.tgz:  Upgraded to XFree86 4.2.1.
patches/packages/xfree86-xvfb-4.2.1-i386-1.tgz:  Upgraded to XFree86 4.2.1.

These are new XFree86 4.2.1 packages for Slackware 8.1.  Note that among the
changes are these security patches (from the RELNOTES):

  2.1  Security

     o  Fix a zlib bug that may have security implications on some platforms.

     o  MIT-SHM update to not access SHM segments that the client doesn't have
        sufficient privileges to access.

     o  Fix an Xlib problem that made it possible to load (and execute) arbi-
        trary code in privileged clients.

The first issue (zlib) was already patched in Slackware prior to the release
of 8.1, but these other two fixes are new.  The Xlib issue in particular can
be locally exploited to gain root access through setuid root binaries linked
with libX11.

Note that there are no changes to the fonts packages (xfree86-fonts-*.tgz),
and the xfree86-fonts packages released with Slackware 8.1 should continue
to be used.

(* Security fix *)
----------------------------
Tue Jul 30 19:45:52 PDT 2002
patches/packages/apache-1.3.26-i386-2.tgz:  Upgraded the included libmm
  to version 1.2.1.  Versions of libmm earlier than 1.2.0 contain a tmp file
  vulnerability which may allow the local Apache user to gain privileges via
  temporary files or symlinks.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
  This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
  (* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz:  Patched to fix a buffer overflow
  in glibc's DNS resolver functions that look up network addresses.
  Another workaround for this problem is to edit /etc/nsswtich.conf changing:
    networks:       files dns
  to:
    networks:       files
  (* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz:  Patched to fix a buffer
  overflow in glibc's DNS resolver functions that look up network addresses.
  (* Security fix *)
patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz:  This update fixes an
  off-by-one error in earlier versions of mod_ssl that may allow local users to
  execute code as the Apache user.  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
  (* Security fix *)
patches/packages/openssh-3.4p1-i386-2.tgz:  Recompiled against openssl-0.9.6e.
  This update also contains a fix to the installation script to ensure that the
  sshd privsep user is correctly created.
patches/packages/openssl-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e, which
  fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
  (* Security fix *)
patches/packages/openssl-solibs-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e,
  which fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
  (* Security fix *)
patches/packages/php-4.2.2-i386-1.tgz:  Upgraded to php-4.2.2.  Earlier versions
  of PHP 4.2.x contain a security vulnerability, which although not currently
  considered exploitable on the x86 architecture is probably still a good to
  patch.  For details, see:  http://www.cert.org/advisories/CA-2002-21.html
  (* Security fix *)
----------------------------
Wed Jun 26 12:03:06 PDT 2002
patches/packages/openssh-3.4p1-i386-1.tgz:  Upgraded to openssh-3.4p1.
  This version enables privilege separation by default.  The README.privsep file
  says this about it:

     Privilege separation, or privsep, is method in OpenSSH by which operations
     that require root privilege are performed by a separate privileged monitor
     process.  Its purpose is to prevent privilege escalation by containing
     corruption to an unprivileged process.  More information is available at:
       http://www.citi.umich.edu/u/provos/ssh/privsep.html

  Note that ISS has released an advisory on OpenSSH (OpenSSH Remote Challenge
  Vulnerability).  Slackware is not affected by this issue, as we have never
  included AUTH_BSD, S/KEY, or PAM.  Unless at least one of these options is
  compiled into sshd, it is not vulnerable.  Further note that none of these
  options are turned on in a default build from source code, so if you have
  built sshd yourself you should not be vulnerable unless you've enabled one
  of these options.

  Regardless, the security provided by privsep is unquestionably better.
  This time we (Slackware) were lucky, but next time we might not be.
  Therefore we recommend that all sites running the OpenSSH daemon (sshd,
  enabled by default in Slackware 8.1) upgrade to this new openssh package.
  After upgrading the package, restart the daemon like this:

  /etc/rc.d/rc.sshd restart

  We would like to thank Theo and the rest of the OpenSSH team for
  their quick handling of this issue, Niels Provos and Markus Friedl for
  implementing privsep, and Solar Designer for working out issues with
  privsep on 2.2 Linux kernels.
----------------------------
Wed Jun 19 07:02:39 PDT 2002
Slackware 8.1.01-stable is released.
a/sysvinit-2.84-i386-19.tgz:  Added -M to fix quotacheck for reiserfs.
d/cvs-1.11.2-i386-2.tgz:  Added docs in text format.
n/apache-1.3.26-i386-1.tgz:  Upgraded to apache-1.3.26.
  This fixes the issue described in:
  "CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability"
  While the impact of this issue is minimal on 32 bit Linux systems, we felt it
  was important enough to stop the presses and get these fixes in before sending
  the Slackware 8.1 discs in for replication.
  (* Security fix *)
n/mod_ssl-2.8.9_1.3.26-i386-1.tgz:  Upgraded to mod_ssl-2.8.9_1.3.26.
rootdisks/rescue.dsk:  Added network/pcmcia scripts.
----------------------------
Tue Jun 18 10:47:47 PDT 2002
Slackware 8.1-stable is released!  :-)
----------------------------
Sun Jun 16 16:14:16 PDT 2002
ap/quota-3.06-i386-1.tgz:  Upgraded to quota-3.06.
kdei/:  Added koffice-i18n packages.
rootdisks/:  Merged in more ataraid fixes from Alan Miles.
zipslack/:  By default, do not load a keyboard map at boot.
----------------------------
Sat Jun 15 21:56:47 PDT 2002
gnome/evolution-1.0.7-i386-1.tgz:  Upgraded to evolution-1.0.7.
l/lesstif-0.93.34-i386-1.tgz:  Upgraded to lesstif-0.93.34.
----------------------------
Sat Jun 15 02:56:43 PDT 2002
kde/kdelibs-3.0.1-i386-2.tgz:  Patched KHTML.  From the KDE website:
  "KHTML, the html rendering component of Konqueror, allowed webpages to
  initialize the file upload box with a filename. This could cause unwanted
  submit of the file to the remote host."
  The patch also fixes <OBJECT> tags.
  (* Security fix *)
l/libtermcap-1.2.3-i386-2.tgz:  Removed extra /etc/termcap that was
  copying over a better version from the etc package.
extra/sgml-tools-1.0.9/sgml-tools-1.0.9-i386-3.tgz:  Added XML catalog,
  XSL stylesheets, DocBook PNG support.
----------------------------
Fri Jun 14 02:05:15 PDT 2002
a/bin-8.3.0-i386-2.tgz:  Added fbset (suggested by Nicolas Laplante).
a/less-374-i386-2.tgz:  Patched lesspipe.sh to view compressed man pages.
a/util-linux-2.11r-i386-2.tgz:  Edited description to include adjtimex.
ap/mysql-3.23.51-i386-1.tgz:  Upgraded to mysql-3.23.51.
gnome/xscreensaver-4.05_gnome-i386-1.tgz:  Upgraded to xscreensaver-4.05.
xap/xscreensaver-4.05-i386-1.tgz:  Upgraded to xscreensaver-4.05.
rootdisks/:  Fixed a problem with ataraid devices (reported by Alan Miles).
zipslack/:  Updated bin, less, and util-linux packages.
----------------------------
Wed Jun 12 20:12:19 PDT 2002
a/aaa_base-8.1.0-i386-3.tgz:  Make sure the version number will be ready.
a/pkgtools-8.1.1-i386-6.tgz:  Fixed a bug using ROOT= with upgradepkg.
zipslack/:  Updated aaa_base, pkgtools, sysvinit, and util-linux packages.
----------------------------
Wed Jun 12 15:23:14 PDT 2002
a/sysvinit-2.84-i386-18.tgz:  Cleaned up hwclock code in rc.S and rc.6.
  Updated location of Quota mini-HOWTO in rc.M.
  Removed rc.ibcs2 startup, since iBCS does not work with Linux 2.4.x.
a/util-linux-2.11r-i386-2.tgz:  Added adjtimex-1.13 to the package.
extra/cups-1.1.15-i386-2.tgz:  Avoid overwriting existing configuration
  files in future package upgrades.
extra/java2-runtime-environment/j2re-1.4.0_01-i586-1.tgz:
  Upgraded to version 1.4.0_01 of Sun's Java(TM) 2 Runtime Environment.
rootdisks/:  Fixed package series selection bug for real this time.
  (reported by Jurgen Philippaerts again :-)
----------------------------
Tue Jun 11 17:37:58 PDT 2002
a/devs-2.3.1-i386-10.tgz:  Added AMI HyperDisk RAID devices.
a/pkgtools-8.1.1-i386-5.tgz:  Updates in /usr/share/terminfo.
kde/kdepim-3.0.1-i386-2.tgz:  Rebuilt with pilot-link installed so that
  kpilot is built.  (Suggested by Roger Hay)
l/ncurses-5.2-i386-4.tgz:  Cured various color-xterm problems with:
  tic /usr/X11R6/lib/X11/etc/xterm.terminfo
  Thanks to Andrey V. Panov for the suggestion.
xap/imagemagick-5.4.6-i386-1.tgz:  Upgraded to ImageMagick-5.4.6.
  Fixed location of include files (thanks to Brent Cook).
rootdisks/:  Added ataraid support (thanks to Alan Miles).
  Fixed package series selection bug (reported by Jurgen Philippaerts).
----------------------------
Mon Jun 10 15:39:55 PDT 2002
Slackware 8.1rc3 is released for testing...  it won't be long now.
a/devs-2.3.1-i386-9.tgz:  Added more IDE devices, and patched MAKEDEV to do
  the same.  Suggested by Greg Roelofs.
a/shadow-4.0.3-i386-3.tgz:  Patched adduser to reject uppercase in usernames
  so that you don't have to wait for useradd to reject it at the very end.
  Thanks to Stuart Winter and "xcp".
a/sysvinit-2.84-i386-17.tgz:  Edited rc.M to prevent a bogus error message
  when using a UMSDOS root partition.
d/binutils-2.12.90.0.9-i386-1.tgz:  Upgraded to binutils-2.12.90.0.9.
  Added missing /usr/include/libiberty.h.
n/lftp-2.5.4-i386-1.tgz:  Upgraded to lftp-2.5.4.
n/proftpd-1.2.5-i386-1.tgz:  Upgraded to proftpd-1.2.5.
rootdisks/install.zip:  Added a UMSDOS-based installer that might be useful
  in certain situations, such as installing with extremely low memory.
  Thanks to Rob McGee who wrote the install.zip.README.
rootdisks/network.dsk:  Fixed listing of modules with 'L'.
  Thanks to Erik Jan Tromp for sending in a fix.
rootdisks/rescue.dsk:  Added a simple one-floppy rescue disk image.
zipslack/:  The return of ZipSlack.  :-)
----------------------------
Sat Jun  8 19:07:24 PDT 2002
a/kernel-modules-2.4.18-i386-4.tgz:  Added examples for apm, cs4232, maestro3,
  and natsemi to /etc/rc.d/rc.modules.
a/pcmcia-cs-3.1.33-i386-4.tgz:  Changed rc.pcmcia to remove modules more
  cleanly at shutdown.
ap/cdrtools-1.11a24-i386-1.tgz:  Upgraded to cdrtools-1.11a24.
ap/ksh93-20011031-i386-2.tgz:  Fix permissions on /usr/doc directories.
ap/vim-6.1-i386-5.tgz:  Updated with the latest vim patches.
d/perl-5.6.1-i386-3.tgz:  Upgraded the included perl modules to DBI-1.25,
  Digest-MD5-2.20 (this replaces the obsolete MD5 module), TermReadKey-2.20,
  and libnet-1.12.  Also, cleaned up the build process as suggested by
  Cezary Sliwa.
gnome/esound-0.2.27-i386-1.tgz:  Upgraded to esound-0.2.27.
gnome/galeon-1.2.5-i386-1.tgz:  Upgraded to galeon-1.2.5.
l/orbit-0.5.17-i386-1.tgz:  Upgraded to ORBit-0.5.17.
xap/xvim-6.1-i386-5.tgz:  Updated with the latest vim patches.
extra/xcdroast-0.98alpha10/xcdroast-0.98alpha10-i386-1.tgz:
  Added xcdroast-0.98alpha10.
rootdisks/install.?:  Use /dev/scd?, not /dev/sr?.
  (This was changed in devices.txt on Apr 22).
----------------------------
Thu Jun  6 21:30:12 PDT 2002
gnome/evolution-1.0.5-i386-1.tgz:  Correct a typo in install/slack-desc.
gnome/gaim-0.58-i386-3.tgz:  Also include non-applet version.
l/libtiff-3.5.7-i386-2.tgz:  Fix a segfault in fax2tiff.  (thanks to Aleksej)
extra/brltty-2.99.8/brltty-2.99.8-i386-1.tgz:  Added brltty-2.99.8.
extra/emacspeak-16.0/emacspeak-16.0-i386-1.tgz:  Added emacspeak-16.0.
extra/emacspeak-ss-1.9.1/emacspeak-ss-1.9.1-i386-1.tgz:  
  Added emacspeak-ss-1.9.1.
----------------------------
Wed Jun  5 22:31:19 PDT 2002
gnome/abiword-1.0.2-i386-1.tgz:  Upgraded to abiword-1.0.2.
gnome/dia-0.90-i386-1.tgz:  Upgraded to dia-0.90.
gnome/galeon-1.2.3-i386-3.tgz:  Recompiled galeon-1.2.3 against Mozilla 1.0.
gnome/gnome-print-0.36-i386-1.tgz:  Upgraded to gnome-print-0.36.
gnome/gnumeric-1.0.7-i386-1.tgz:  Upgraded to gnumeric-1.0.7.
n/procmail-3.15.2-i386-1.tgz:  Switched to procmail-3.15.2, which is the latest
  stable procmail.  Stuart Winter noticed that the version we were using before
  segfaults if fed a control-C, which is probably not good as it's setuid.
n/yptools-2.7-i386-2.tgz:  Fix /etc/rc.d/rc.yp installation.
  (thanks to Jack S. Lai for reporting the problem and suggesting a fix)
xap/mozilla-1.0-i386-1.tgz:  Upgraded to mozilla-1.0.  :-)
bootdisks/xfs.i:  Recompiled with smbfs included to prevent an Oops.
  (reported by Lucio Maciel)
extra/aumix-2.7/aumix-2.7-i386-1.tgz:  Added aumix-2.7.
extra/cups-1.1.15/cups-1.1.15-i386-1.tgz:  Upgraded to cups-1.1.15.
extra/espgs-7.05.2/espgs-7.05.2_1-i386-1.tgz:  Added espgs-7.05.2-1.
  ESP Ghostscript is a version of GNU Ghostscript with a driver for CUPS.
extra/parted-1.6.1/parted-1.6.1-i386-1.tgz:  Added GNU parted-1.6.1.
pasture/XFree86-3.3.6-servers/xset-3.3.6-i386-2.tgz:  Added SuperProbe, which is
  needed by XF86Setup (reported by Piter Punk).
pasture/wu-ftpd-2.6.2/wu-ftpd-2.6.2-i386-1.tgz:  Added wu-ftpd-2.6.2.
----------------------------
Tue Jun  4 20:47:09 PDT 2002
a/devs-2.3.1-i386-8.tgz:  Added Compaq Next Generation Drive Array devices
  in /dev/cciss/.
a/elflibs-8.1.0-i386-2.tgz:  Added /usr/lib/libgcc_s.so.1 from gcc-3.1.
a/etc-5.0-noarch-7.tgz:  For non-root users, ensure '.' is last in the $PATH.
a/pkgtools-8.1.1-i386-4.tgz:  Don't create /.xinitrc during the installation.
ap/mc-4.5.55-i386-6.tgz:  Patched /etc/profile.d/mc.sh to fix a problem when
  using /bin/ksh (reported by Brad Clarke), and to not use a $HOME/.mc directory
  if we are su'ed to or from root (thanks to Tomas Szepe for noticing the
  problems with the original mc.sh script and proposing a solution).
ap/tmp/workbone-2.40-i386-2.tgz:  Removed empty /usr/doc/WorkBone-2.40 dir.
  (this was noticed by Luis Peralta)
gnome/gaim-0.58-i386-2.tgz:  Recompiled with --enable-panel.
gnome/galeon-1.2.3-i386-2.tgz:  Recompiled against the Mozilla CVS
  MOZILLA_1_0_RELEASE sources (see below).
gnome/xchat-1.8.9-i386-1.tgz:  Upgraded to xchat-1.8.9.
n/sendmail-8.12.4-i386-1.tgz:  Upgraded to sendmail-8.12.4.
n/sendmail-cf-8.12.4-i386-1.tgz:  Upgraded to config files for sendmail-8.12.4.
n/tcpdump-3.7.1-i386-2.tgz:  Recompiled with --enable-ipv6.
n/wireless-tools-24-i386-1.tgz:  Added wireless_tools.24.
xap/mozilla-1.0_cvs-i386-1.tgz:  Upgraded to the MOZILLA_1_0_RELEASE sources
  from the Mozilla CVS repository.  From the release tag announcement:
    "The MOZILLA_1_0_RELEASE branch has been cut and while there is some tiny
     chance that we will need to take further changes, it is highly probable
     that this is the source we will release as Mozilla 1.0."
  However, please note:
    "Mozilla 1.0 has not been released yet. If you look at the user agent or
     the about: page you'll see a browser that claims to be Mozilla 1.0, but
     don't be fooled."
----------------------------
Sun Jun  2 21:27:28 PDT 2002
pkgtools-8.1.1-i386-3.tgz:  Removed zero-length /bin/ipmask that shouldn't
  have been there.  You might need to reinstall the tcpip package if this
  broke your ipmask binary.  (thanks to Mircea Baciu for the report)
----------------------------
Sun Jun  2 17:14:07 PDT 2002
a/cxxlibs-6.2.1-i386-1.tgz:  Added libstdc++.so.4.0.0 from gcc-3.1.
a/elflibs-8.1.0-i386-1.tgz:  Updated all the shared libraries, and added
  libpcre and libglib.
a/kbd-1.06-i386-4.tgz:  Added speakupmap.map.gz and speakup-jfw.map.gz
  keymaps for Speakup.
a/pcmcia-cs-3.1.33-i386-3.tgz:  Don't install /sbin/cardctl setuid root.
a/pkgtools-8.1.1-i386-2.tgz:  Commented out unnecessary bug workaround
  in makebootdisk.
a/syslinux-1.67-i386-1.tgz:  Switched to syslinux-1.67.  It seems the changes
  in 1.70+ ("* Major code restructuring.") have made syslinux unstable, so we
  will use syslinux-1.67 (which seems to work perfectly) for the release.
  The problem with the newer versions is that kernels around 1145000 bytes
  will not load, but smaller or larger ones will.  In fact, I found that
  padding the end of a non-booting kernel with a couple K of zeroes works
  around the bug... maybe something to do with calculating the file size?
ap/ash-0.4.0-i386-1.tgz:  Upgraded to ash-0.4.0.
gnome/gqmpeg-0.16.0-i386-1.tgz:  Added gqmpeg-0.16.0.
l/libungif-4.1.0b1-i386-3.tgz:  Fix docs perms and a world-writable dir.
n/dhcpcd-1.3.22pl1-i386-3.tgz:  Fix docs perms and a world-writable dir.
n/proftpd-1.2.5rc3-i386-1.tgz:  Upgraded to proftpd-1.2.5rc3.
bootdisks/:  Regenerated using syslinux-1.67.
  Added Speakup bootdisks.  (also added the source for Speakup,
  speakup-1.00.tar.gz, to the source/k/ directory)
Some more ham radio upgrades and additions from Arno Verhoeven:
extra/ham/logging/tlfmanual-0.5.2-noarch-1.tgz:  Added tlfmanual-0.5.2.
extra/ham/logging/tlfcwkeyer-0.1-noarch-1.tgz:  Added tlfcwkeyer-0.1.
extra/ham/logging/tlf-0.5.4-i386-1.tgz:  Added tlf-0.5.4.
extra/ham/packet/xastir-1.1.2-i386-3.tgz:  Upgraded to xastir112-20020530.
----------------------------
Sat Jun  1 15:20:00 PDT 2002
a/aaa_base-8.1.0-i386-2.tgz:  Bumped version number to Slackware 8.1-rc2.
a/etc-5.0-i386-6.tgz:  Fix /etc/inputrc values (should be On/Off not on/off).
a/kernel-ide-2.4.18-i386-3.tgz:  Recompiled.
a/kernel-modules-2.4.18-i386-3.tgz:  Recompiled.
  Patched rc.modules.new for the new joystick modules.
a/pkgtools-8.1.1-i386-1.tgz:  In xwmconfig, make sure $HOME/.xwmconfig is
  properly replaced (this was only working for non-root users).
  Added two options to upgradepkg (inspired by a discussion with Alan Brown):
  --install-new:  Install new packages instead of skipping them.
  --reinstall:  Reinstall already installed versions (the default is now
    to skip packages if the exact same name-version-arch-build is installed
    already, which should save a bit of time :-)
a/procps-2.0.7-i386-5.tgz:  Fixed problems with top on multiprocessor machines.
a/syslinux-1.72-i386-1.tgz:  Switched back to syslinux-1.72, as the boot
  floppies made with 1.73 weren't working.
a/sysvinit-2.84-i386-16.tgz:  Fixed typos in rc.S (reported by Naresh Donti).
d/kernel-headers-2.4.18-i386-3.tgz:  Updated autoconf.h from the kernel source
  package.
gnome/gnome-games-1.4.0.4-i386-2.tgz:  Recompiled against the new guile package.
gnome/gnome-utils-1.4.1.2-i386-2.tgz:  Recompiled against the new guile package.
gnome/gnome-vfs-1.0.5-i386-2.tgz:  Don't link libsmb.so with CUPS.
gnome/gnumeric-1.0.6-i386-2.tgz:  Recompiled --without-guile.
gnome/guile-1.4.1-i386-1.tgz:  Upgraded to guile-1.4.1.
k/kernel-source-2.4.18-noarch-4.tgz:  Updated /usr/src/linux/.config to match
  the new bare.i configuration.
kde/kde-i18n-fr-3.0.1-noarch-2.tgz:  Rebuilt using the May 24 version of
  kde-i18n-fr-3.0.1.tar.bz2.
kde/kdenetwork-3.0.1-i386-2.tgz:  Merged in official patch for the ktalkd hole.
  Luckily nobody ever uses this anyway...
  (* Security fix *)
n/inn-2.3.3-i386-1.tgz:  Upgraded to inn-2.3.3.
n/mutt-1.4i-i386-1.tgz:  Upgraded to mutt-1.4i.
n/openssh-3.2.3p1-i386-1.tgz:  Upgraded to openssh-3.2.3p1.
  Configured using --with-ipv4-default to avoid boot timeouts without a net.
n/sendmail-cf-8.12.3-i386-5.tgz:  Updated the README.linux file in
  /usr/share/sendmail (Delian Krustev noticed this was somewhat out of date).
n/sendmail-8.12.3-i386-5.tgz:  Ship an initial (empty) /etc/mail/access and
  /etc/mail/access.db -- without these mail won't flow if the SMTP+ACCESS config
  file is used.  Also, chmod several files in /etc/mail as well as
  /var/run/sendmail.pid to thwart file locking DoS attacks.  (* Security fix *)
n/tcpip-0.17-i386-13.tgz:  Run rc.yp from rc.inet2 instead of starting NIS
  directly.  Don't source rc.firewall -- run it instead.
  In rc.inet1, reduce the timeout for dhcpcd from 60 seconds to 10.  That should
  be more than enough time to get an IP address from any working DHCP server.
  Support DHCP hostname in netconfig (suggested by Dennis Bijwaard).
n/yptools-2.7-i386-1.tgz:  Upgraded to yp-tools-2.7.
  Upgraded to ypbind-mt-1.12.
  Upgraded to ypserv-2.4.
  Added /etc/rc.d/rc.yp init script.
x/xfree86-4.2.0-i386-5.tgz:  In /etc/X11/xdm/Xsession, start xfce and
  wmaker by exec'ing their xinitrc files.
xap/windowmaker-0.80.0-i386-2.tgz:  Valter Ferraz Sanches pointed out that
  WindowMaker uses /usr/bin/cpp for menu processing unless --no-cpp is used, so
  xinitrc.wmaker was patched to use that option if /usr/bin/cpp is missing,
  and was also patched to run wmaker.inst if $HOME/GNUstep is missing.
xap/xfce-3.8.16-i386-2.tgz:  Patched xinitrc.xfce to install xfce config files
  in $HOME/.xfce if they aren't already there.
----------------------------
Wed May 29 23:22:15 PDT 2002
a/bin-8.3.0-i386-1.tgz:  Upgraded to eject-2.0.12, file-3.37, and tree-1.4b2.
a/etc-5.0-i386-5.tgz:  Added Eterm to /etc/termcap (thanks to Roland Dobbins).
  Added missing rpc user/group (thanks to Dominik L. Borkowski).
a/gzip-1.3.3-i386-1.tgz:  Upgraded to gzip-1.3.3.
a/hdparm-5.1-i386-1.tgz:  Upgraded to hdparm-5.1.
a/jfsutils-1.0.18-i386-1.tgz:  Upgraded to jfsutils-1.0.18.
  (also upgraded JFS kernel to jfs-2.4-1.0.18)
a/shadow-4.0.3-i386-2.tgz:  Merged in adduser updates from Stuart Winter.
a/sysklogd-1.4.1-i386-6.tgz:  Start klogd with -x option, which turns off
  broken Oops decoding.  (Reported by Georgi Chorbadzhiyski)
a/syslinux-1.73-i386-1.tgz:  Upgraded to syslinux-1.73.
ap/apsfilter-7.2.2-i386-2.tgz:  Patched HP drivers to use the new IJS syntax.
  (Thanks to Andrey V. Panov for informing me about this)
ap/lsof-4.63-i386-1.tgz:  Upgraded to lsof-4.63.
ap/lvm-1.0.4-i386-1.tgz:  Upgraded to lvm-1.0.4.
ap/rexima-1.2-i386-1.tgz:  Upgraded to rexima-1.2.
n/ncftp-3.1.3-i386-1.tgz:  Upgraded to ncftp-3.1.3.
n/ntp-4.1.1a-i386-1.tgz:  Upgraded to ntp-4.1.1a.
n/wget-1.8.2-i386-1.tgz:  Upgraded to wget-1.8.2.
xap/fvwm-2.4.7-i386-1.tgz:  Upgraded to fvwm-2.4.7.
xap/sane-1.0.8-i386-1.tgz:  Upgraded to sane-1.0.8.
  Moved configuration files to /etc/sane.d/.
xap/xlockmore-5.04-i386-1.tgz:  Upgraded to xlockmore-5.04.
xap/xsane-0.86-i386-1.tgz:  Upgraded to xsane-0.86.
----------------------------
Wed May 29 01:41:47 PDT 2002
a/etc-5.0-i386-4.tgz:  Removed .less/.lesskey from /etc/skel.
  Changed permissions on /tmp/.X11-unix/ to 1777.
a/fileutils-4.1-i386-2.tgz:  Don't link /bin/ln static (we have sln for that).
  Patched /bin/rm to make insecure use (such as 'rm -r' in /tmp) more secure.
a/gettext-0.11.2-i386-1.tgz:  Upgraded to GNU gettext-0.11.2.
a/gpm-1.19.6-i386-2.tgz:  Recompiled using --with-curses.
  gpm-1.20.0 was tried, but it breaks dialog and seems to have other quirks.
a/less-374-i386-1.tgz:  Upgraded to less-374.
a/pcmcia-cs-3.1.33-i386-2.tgz:  Edited rc.pcmcia to probe using yenta_socket if
  the module is found.
a/procps-2.0.7-i386-4.tgz:  chown root:bin /sbin/sysctl.
a/sysvinit-2.84-i386-15.tgz:  Start rc.pcmcia from rc.M rather than rc.S so that
  cardmgr will come back up when returning from single-user mode.
  In rc.6, grep for FAIL in /etc/upsstatus, not /etc/powerstatus.
  Since /sbin/update has been obsolete for some time now, we no longer start it.
  Run '/etc/rc.d/rc.pcmcia stop' when shutting down or going to single user.
ap/diffutils-2.8.1-i386-1.tgz:  Upgraded to GNU diffutils-2.8.1.
ap/ifhp-3.5.8-i386-1.tgz:  Upgraded to ifhp-3.5.8.
ap/man-pages-1.48-noarch-1.tgz:  Upgraded to man-pages-1.48.
ap/mc-4.5.55-i386-5.tgz:  Recompiled with --enable-mcserv-install.
  Added patches from Andrew V. Samoilov to fix --enable-charset.
d/bin86-0.16.3-i386-1.tgz:  Upgraded to bin86-0.16.3.
d/gettext-tools-0.11.2-i386-1.tgz:  Upgraded to GNU gettext-0.11.2.
d/nasm-0.98.33-i386-1.tgz:  Added nasm-0.98.33.
gnome/gnome-games-1.4.0.4-i386-1.tgz:  Upgraded to gnome-games-1.4.0.4.
gnome/gnome-libs-1.4.1.7-i386-1.tgz:  Upgraded to gnome-libs-1.4.1.7.
gnome/gnome-pim-1.4.6-i386-1.tgz:  Upgraded to gnome-pim-1.4.6.
gnome/xscreensaver-4.03_gnome-i386-1.tgz:  Upgraded to xscreensaver-4.03.
l/libxml2-2.4.22-i386-1.tgz:  Upgraded to libxml2-2.4.22.
l/libxslt-1.0.18-i386-1.tgz:  Upgraded to libxslt-1.0.18.
l/orbit-0.5.16-i386-1.tgz:  Upgraded to ORBit-0.5.16.
n/bitchx-1.0c19-i386-1.tgz:  Upgraded to BitchX-1.0c19.
n/links-0.97-i386-1.tgz:  Upgraded to links-0.97.
n/nc-1.10-i386-1.tgz:  Added nc-1.10.
n/nmap-2.54BETA34-i386-1.tgz:  Upgraded to nmap-2.54BETA34.
n/proftpd-1.2.5rc2-i386-1.tgz:  Upgraded to proftpd-1.2.5rc2.
n/tcpip-0.17-i386-12.tgz:  In netconfig, do not autoprobe arlan (needs an
  irq= specified to work), com90io, or com90xx (these taint the kernel).
  Rewrote /etc/rc.d/rc.inet1 to make it easy to set up a second NIC.
  Removed obsolete netconfig.tty.
  Patched netconfig to write out the new version of /etc/rc.d/rc.inet1.
  Added /bin/ipmask utility (this will be removed from pkgtools).
xap/imagemagick-5.4.5-i386-1.tgz:  Upgraded to imagemagick-5.4.5.
xap/xscreensaver-4.03-i386-1.tgz:  Upgraded to xscreensaver-4.03.
extra/ham/:  Added extra ham radio packages from Arno Verhoeven.
rootdisks/network.dsk:  Removed autoprobe for arlan, com90io, and com90xx.
rootdisks/install.?:  Don't add HPFS partitions to /etc/fstab, as NTFS also
  shares these partition IDs, and trying to mount an NTFS partition as HPFS
  can hang the machine.  At this point in time, it might be safer to assume
  partitions using these IDs are actually NTFS (but it's safer still to make
  no assumptions).
isolinux/README.TXT:  Suggest -boot-load-size 32 when mastering the CD with
  mkisofs to ensure the entire isolinux.bin is loaded, otherwise sometimes it
  works... sometimes it doesn't.  Thanks to Janusz Wolanski for noticing that
  this needed to be bigger.
----------------------------
Sun May 26 14:48:28 PDT 2002
gnome/galeon-1.2.3-i386-1.tgz:  Upgraded to galeon-1.2.3.
kde/koffice-1.1.1_kde3-i386-2.tgz:  Added koffice-1.1.1_kde3.
Oh, and thanks to Greg Roelofs for cleaning up the slackware.com site logo
and converting it to PNG.  It looks much better!  :-)
----------------------------
Sat May 25 12:38:52 PDT 2002
Well folks, we are now at Slackware 8.1-rc1.  :-)
Please test and report any problems you might find.
a/aaa_base-8.1.0-i386-1.tgz:  Bumped version number in slackware-version
  and welcome email.
a/lprng-3.8.12-i386-1.tgz:  Upgraded to lprng-3.8.12.
a/slocate-2.6-i386-3.tgz:  Added indexing of type 'auto' filesystems.
gnome/eterm-0.9.1-i386-1.tgz:  Upgraded to eterm-0.9.1.
gnome/galeon-1.2.2-i386-1.tgz:  Upgraded to galeon-1.2.2.
gnome/gnome-games-1.4.0.3-i386-2.tgz:  Fixed to not overwrite existing scores.
gnome/gtm-0.4.11-i386-2.tgz:  Patched for wget >= 1.8.
kde/:  Upgraded to KDE-3.0.1.
  Switched from qt-3.0.4 to qt-copy-3.0.4, which includes several
  improvements to work better with KDE.
  Compiled with --disable-debug for better performance.
  Thanks to Andrey V. Panov for getting me to understand that --enable-debug=no
  is not the same thing as --disable-debug.
kdei/:  KDE language support packages upgraded to 3.0.1.
l/freetype-1.3.1-i386-2.tgz:  Relocated header files from
  /usr/include/freetype to /usr/include/freetype1/freetype.
n/fetchmail-5.9.11-i386-1.tgz:  Upgraded to fetchmail-5.9.11 to fix another
  fetchmail-vulnerable-to-malicious-mail-server hole.  My advice:  if you
  don't trust your mail server, don't use fetchmail with it.  (and get a new
  mail server)
  (* Security fix *)
n/tcpip-0.17-i386-11.tgz:  Patched netconfig to add a probe for Ethernet cards
  based on the National Semiconductor DP8381x chipset (natsemi module).
  Patched ping to handle ping times > 1s correctly (thanks to Jonathan Woithe).
  Added -broadcast to ypbind example in /etc/rc.inet2.  ""
xap/mozilla-1.0rc3-i386-1.tgz:  Upgraded to mozilla-1.0rc3.
xap/xpdf-1.01-i386-1.tgz:  Upgraded to xpdf-1.01.
extra/iproute2-2.4.7-now-ss020116-try/iproute2-2.4.7_now_ss020116_try-i386-2.tgz
  Added missing /var/lib/arpd directory.
----------------------------
Mon May 20 21:34:16 PDT 2002
a/devs-2.3.1-i386-7.tgz:  Added /dev/parport{0,1,2,3}.
n/lftp-2.5.2-i386-1.tgz:  Upgraded to lftp-2.5.2.
  Removed --with-modules from ./configure (this breaks the fish protocol).
  Thanks to Andrey V. Panov for the bug report.
n/php-4.2.1-i386-1.tgz:  Upgraded to php-4.2.1.
xap/gnuplot-3.7.2-i386-3.tgz:  Recompiled using --with-readline, since the
  gnuplot license isn't GPL compatible.  Sorry...
extra/iproute2-2.4.7-now-ss020116-try/iproute2-2.4.7_now_ss020116_try-i386-1.tgz
  Added iproute2-2.4.7-now-ss020116-try.
----------------------------
Sun May 19 22:11:19 PDT 2002
a/devs-2.3.1-i386-6.tgz:  Added /dev/ataraid/ devices.
a/lilo-22.2-i386-5.tgz:  Patched a bug in liloconfig that caused LILO to be
  installed on /dev/hdc instead of /dev/hda.  Thanks to Christian Robert for
  pointing this out and helping to run some tests.
a/pkgtools-8.1.0-i386-1.tgz:  Upgraded to dialog-0.9b-20020519.
ap/mc-4.5.55-i386-4.tgz:  Recompiled without --enable-charsets.
n/htdig-3.1.6-i386-2.tgz:  Improved config file handling.
  Fixed file perms in /usr/doc/htdig-3.1.6.
n/ntp-4.1.1-i386-2.tgz:  Removed obsolete "authenticate" option from ntp.conf.
n/ppp-2.4.1-i386-2.tgz:  Added support for more devices in pppsetup.
n/tcpip-0.17-i386-10.tgz:  Removed automatic probe for com20020 in netconfig.
xap/mozilla-1.0rc2-i386-1.tgz:  Removed Nautilus comment from slack-desc.
xap/skipstone-0.8.1-i386-1.tgz:  This doesn't work with Mozilla > 0.9.9, and
  neither does the newest version of the source (won't compile, and the old
  binary runs but won't accept keyboard input).  Really, skipstone seems to be
  more trouble than it's worth -- when new versions of Mozilla are released I
  don't want to have to choose between breaking skipstone (by upgrading
  Mozilla), or dragging my feet on Mozilla and waiting for a new skipstone
  release that'll work.  Package removed, at least for now.
extra/gcc-3.1/:  Added new gcc-3.1 packages:
  gcc-3.1-i386-1.tgz, gcc-g++-3.1-i386-1.tgz,
  gcc-g77-3.1-i386-1.tgz, gcc-java-3.1-i386-1.tgz,
  gcc-objc-3.1-i386-1.tgz
  # standard disclaimer follows :-)
  If you use these (which I don't personally recommend) be aware that
  all C++ related shared libraries (including anything having to do with
  Qt and KDE) must be recompiled before you can link with them.
  I may stick with gcc-2.95.x until the kernel is officially gcc-3 ready.
rootdisks/network.dsk:  Removed automatic probe for com20020.
----------------------------
Sat May 18 13:48:28 PDT 2002
a/acpid-1.0.1-i386-1.tgz:  Added acpid-1.0.1.
a/bin-8.2.1-i386-5.tgz:  Upgraded to bpe-1.4, indent-2.2.8, lha-114i.
a/devfsd-1.3.25-i386-2.tgz:  Switched to new config file handling.
a/devs-2.3.1-i386-5.tgz:  Added /dev/rawctl and /dev/raw/* devices as specified
  by the Linux Assigned Names And Numbers Authority (LANANA).
a/etc-5.0-i386-3.tgz:  Added /etc/inputrc and patched /etc/profile and
  /etc/csh.login to map it to $INPUTRC if there is no $HOME/.inputrc.
a/gawk-3.1.1-i386-1.tgz:  Upgraded to gawk-3.1.1.
a/glibc-solibs-2.2.5-i386-2.tgz:  Recompiled against kernel-headers-2.4.18.
a/glibc-zoneinfo-2.2.5-i386-2.tgz:  Fixed some formatting bugs in timeconfig.
a/openssl-solibs-0.9.6d-i386-1.tgz:  Upgraded to openssl-0.9.6d.
a/procps-2.0.7-i386-3.tgz:  Added pkill, pgrep, sysctl, and manpages.
a/sysvinit-2.84-i386-14.tgz:  Try to run rc.acpid from rc.M.
a/util-linux-2.11r-i386-1.tgz:  Upgraded to util-linux-2.11r.
  Added pivot_root, raw, and manpages.
ap/mpg321-0.2.10-i386-1.tgz:  Upgraded to mpg321-0.2.10.
d/binutils-2.12.90.0.7-i386-1.tgz:  Upgraded to binutils-2.12.90.0.7.
d/kernel-headers-2.4.18-i386-2.tgz:  include/linux/autoconf.h was left over
  from an old build -- this was replaced to match the current bare.i config.
gnome/gaim-0.58-i386-1.tgz:  Upgraded to gaim-0.58.  This fixes some security
  problems.
gnome/galeon-1.2.1-i386-3.tgz:  Recompiled with --enable-nautilus-view=no.
gnome/nautilus-1.0.6-i386-3.tgz:  Recompiled without the Mozilla view, since this
  crashes with Mozilla > 0.9.9 and will be removed in nautilus-1.0.7 anyway.
  It's possible to compile Galeon with --enable-nautilus-view=yes to replace this
  functionality, but I'm leaning towards _not_ doing that since it causes Galeon
  to link with all the Nautilus libraries.  If you feel strongly that Galeon
  should or should not be compiled with the Nautilus libraries let me know.
k/kernel-source-2.4.18-noarch-3.tgz:  include/linux/autoconf.h was left over
  from an old build -- this was replaced to match the current bare.i config.
  Cleaned compile-time generated files from drivers/net/hamradio/soundmodem.
l/glibc-2.2.5-i386-2.tgz:  Recompiled against kernel-headers-2.4.18.
  Link to the sln in util-linux rather than including another copy.
n/mailx-8.1.1-i386-2.tgz:  Added mail.1.gz -> mailx.1.gz manpage symlink.
n/openssh-3.2.2p1-i386-1.tgz:  Upgraded to openssh-3.2.2p1.
n/openssl-0.9.6d-i386-1.tgz:  Upgraded to openssl-0.9.6d.
n/sendmail-8.12.3-i386-4.tgz:  Fixed access_db in linux.smtp.access.cf.
n/sendmail-cf-8.12.3-i386-4.tgz:  Fixed access_db in linux.smtp.access.cf.
xap/netscape-6.2.3-i686-1.tgz:  Upgraded to netscape-6.2.3.
isolinux/initrd.img:  This can now load pcmcia.dsk and network.dsk directly from
  the CD-ROM in the rootdisks/ or isolinux/ directories.
rootdisks/network.dsk:  Fixed to work if the disk image is mounted read-only.
----------------------------
Mon May 13 19:11:26 PDT 2002
a/procps-2.0.7-i386-2.tgz:  Fixed AIX format descriptors.
ap/bc-1.06-i386-2.tgz:  Added readline support.
ap/cdrtools-1.11a23-i386-1.tgz:  Upgraded to cdrtools-1.11a23.
gnome/evolution-1.0.5-i386-1.tgz:  Upgraded to evolution-1.0.5.
gnome/galeon-1.2.1-i386-2.tgz:  Recompiled against mozilla-1.0rc2.
n/samba-2.2.4-i386-3.tgz:  Added missing /var/cache/samba directory.
xap/mozilla-1.0rc2-i386-1.tgz:  Upgraded to mozilla-1.0rc2.
extra/sdl-1.2.4/sdl-1.2.4-i386-1.tgz:  Added SDL-1.2.4.
----------------------------
Wed May  8 23:03:11 PDT 2002
a/devfsd-1.3.25-i386-1.tgz:  Upgraded to devfsd-1.3.25.
a/etc-5.0-i386-2.tgz:  Added smmsp and pop to /etc/shadow.
a/jfsutils-1.0.17-i386-1.tgz:  Upgraded to jfsutils-1.0.17.
a/lilo-22.2-i386-4.tgz:  Added support for append="" to the simple
  LILO setup menu.
a/kernel-ide-2.4.18-i386-2.tgz:  Rebuilt with kmod (really :-) and
  without devfs (which is still considered experimental, and was
  changing the /proc/partitions output in a way that was complicating
  a lot of things).
a/kernel-modules-2.4.18-i386-2.tgz:  Rebuilt without devfs, and commented
  out most of /etc/rc.d/rc.modules.
a/kernel-scsi-2.4.18-i386-2.tgz:  Removed.  Only the vanilla bare.i
  kernel will be packaged as kernel-ide-*-*.tgz.  Other kernels will have
  to be installed from the CD-ROM or a bootdisk.
a/modutils-2.4.16-i386-1.tgz:  Upgraded to modutils-2.4.16.
  Added /etc/cron.hourly/kmod to autoclean unused kernel modules.
a/reiserfsprogs-3.x.1b-i386-1.tgz:  Upgraded to reiserfsprogs-3.x.1b.
a/syslinux-1.72-i386-1.tgz:  Upgraded to syslinux-1.72.
a/sysvinit-2.84-i386-13.tgz:  It looks like rc.modules has to come after
  setting the clock in rc.S.  Otherwise, depmod may stamp the wrong time
  on modules.dep and other files, which can lead to false warnings that
  modules.dep is too old every time a module utility is used.
  Changed the serial line examples in /etc/inittab to use -L (local, no
  carrier), 9600 baud 8N1.  (suggested by Cameron Kerr)
a/xfsprogs-2.0.3-i386-1.tgz:  Upgraded to xfsprogs-2.0.3.
f/linux-faqs-20020507-noarch-1.tgz:  Linux FAQs updated.
f/linux-howtos-20020507-noarch-1.tgz:  Linux HOWTOs updated.
f/linux-mini-howtos-20020507-noarch-1.tgz:  Linux mini HOWTOs updated.
gnome/abiword-1.0.1-i386-1.tgz:  Upgraded to abiword-1.0.1.
gnome/esound-0.2.26-i386-1.tgz:  Upgraded to esound-0.2.26.
k/kernel-source-2.4.18-noarch-2.tgz:  Changed package arch to 'noarch'.
  Updated /usr/src/linux/.config to match the new bare.i configuration.
kde/qt-3.0.4-i386-1.tgz:  Upgraded to qt-3.0.4.
n/bind-9.2.1-i386-1.tgz:  Upgraded to bind-9.2.1.
n/dhcp-3.0pl1-i386-1.tgz:  Upgraded to dhcp-3.0pl1.  This fixes a remote
  security hole, so if you run dhcpd (this is NOT run by default), then you'll
  want to upgrade this right away.
  (* Security fix *)
n/tcpip-0.17-i386-9.tgz:  In rc.inet2, look for a user-supplied
  /etc/rc.d/rc.firewall before enabling packet forwarding.
bootdisks/:  New bootdisks.
kernels/:  Added some new kernels and rebuilt all the others (+kmod -devfs).
rootdisks/:  New rootdisks. (syslinux and other updates/fixes)
isolinux/:  Use the kernels in the kernels/ directory.  Burn the isolinux
  and kernels directories closer to the beginning of the disc using -sort
  (see isolinux/README.TXT).
----------------------------
Mon May  6 00:26:51 PDT 2002
a/elflibs-8.0.8-i386-2.tgz:  Added libpng.so.3.
a/pkgtools-8.0.99-i386-1.tgz:  Modified installpkg to deal with packages
  created with newer versions of tar that store files as './foo' and './bar'
  rather than 'foo' and 'bar', so that removepkg/upgradepkg can match files
  properly.  Of course, such problems are completely avoidable by using makepkg
  rather than tar or a tool that produces out-of-spec packages, but I realize
  people will do this anyway so I'll fix it before it's a problem. :-)
ap/ghostscript-7.05-i386-1.tgz:  Upgraded to ghostscript-7.05.
ap/gimp-print-4.2.1-i386-1.tgz:  Unbundled from the ghostscript package since
  this now uses the IJS interface and Ghostscript no longer links with
  libgimpprint.  Upgraded to gimp-print-4.2.1.
ap/hpijs-1.1-i386-1.tgz:  Upgraded to hpijs-1.1.
gnome/bonobo-1.0.20-i386-1.tgz:  Upgraded to bonobo-1.0.20.
gnome/esound-0.2.25-i386-1.tgz:  Upgraded to esound-0.2.25.
gnome/gal-0.19.2-i386-1.tgz:  Upgraded to gal-0.19.2.
gnome/gdm-2.2.5.5-i386-2.tgz:  Added xfce session type.
gnome/gedit-0.9.7-i386-1.tgz:  Upgraded to gedit-0.9.7.
gnome/gnome-core-1.4.0.8-i386-1.tgz:  Upgraded to gnome-core-1.4.0.8.
gnome/gnome-libs-1.4.1.6-i386-1.tgz:  Upgraded to gnome-libs-1.4.1.6.
gnome/guppi-0.40.3-i386-1.tgz:  Added guppi-0.40.3.  This supplies a plugin to
  support graphing in gnumeric.
gnome/oaf-0.6.10-i386-1.tgz:  Upgraded to oaf-0.6.10.
gnome/pan-0.11.3-i386-1.tgz:  Upgraded to pan-0.11.3.
gnome/xchat-1.8.8-i386-2.tgz:  Recompiled without MMX and debugging.
kde/kdebase-3.0-i386-2.tgz:  Added xfce session type for kdm.
l/gdk-pixbuf-0.17.0-i386-1.tgz:  Upgraded to gdk-pixbuf-0.17.0.
l/libxml2-2.4.21-i386-1.tgz:  Upgraded to libxml2-2.4.21.
l/libxslt-1.0.17-i386-1.tgz:  Upgraded to libxslt-1.0.17.
n/php-4.2.0-i386-1.tgz:  Upgraded to php-4.2.0.
  Here's a note from the NEWS file:
  ATTENTION!! register_globals defaults to 'off' now !!!
n/rsync-2.5.5-i386-1.tgz:  Upgraded to rsync-2.5.5.
n/samba-2.2.4-i386-2.tgz:  Recompiled without CUPS support since we do not want
  to require libcups.so.
n/sendmail-8.12.3-i386-3.tgz:  Added editmap program and manpage.
  Added a new sample sendmail.cf with /etc/mail/access support.
n/sendmail-cf-8.12.3-i386-3.tgz:  Added a new sample sendmail.cf with
  /etc/mail/access support.
x/xfree86-4.2.0-i386-4.tgz:  Added xfce to /etc/X11/xdm/Xsession.
extra/blackbox-0.62.1/blackbox-0.62.1-i386-1.tgz:  Added blackbox-0.62.1.
extra/cups-1.1.14/cups-1.1.14-i386-2.tgz:  Recompiled against libpng.so.3.
extra/isdn4k-utils/isdn4k-utils-CVS-2002-05-05.tar.gz:  Added isdn4k-utils
  source package.
pasture/libglut-3.7/libglut-3.7-i386-1.tgz:  Some games still need this.
----------------------------
Sat May  4 22:42:01 PDT 2002
a/sysklogd-1.4.1-i386-5.tgz:  Cleaned up /etc/syslog.conf to avoid duplicated
  lines.  Thanks to Michiel Broek for reporting the problem.
a/sysvinit-2.84-i386-12.tgz:  Switched to better config file handling on
  /etc/inittab.  Note that upgrading to this version of the package will still
  replace an existing /etc/inittab, but this will be the last time. :-)
  Add a short delay after running rc.pcmcia to allow network cards to
  initialize before rc.inet1 is run.  (Also suggested by Michiel Broek)
a/util-linux-2.11q-i386-1.tgz:  Upgraded to util-linux-2.11q.
ap/lvm-1.0.3-i386-2.tgz:  Rebuilt without debugging support.
d/gdb-5.2-i386-1.tgz:  Upgraded to gdb-5.2.
n/dhcpcd-1.3.22pl1-i386-2.tgz:  Patched the configure script to stop forcing
  -march=i686, which was causing dhcpcd to fail on older machines.
n/samba-2.2.4-i386-1.tgz:  Upgraded to samba-2.2.4.
n/yptools-2.6-i386-5.tgz:  Rewrote the installation script to handle the
  config files better.
----------------------------
Wed May  1 10:49:10 PDT 2002
ap/vim-6.1-i386-4.tgz:  Fixed perms on /usr/share/vim/vim61/.
  (and, found the bug in my build script that was causing that! ;-)
xap/xvim-6.1-i386-4.tgz:  Fixed perms on /usr/share/vim/vim61/.
----------------------------
Wed May  1 01:13:20 PDT 2002
a/devs-2.3.1-i386-4.tgz:  Added device files for Mylex and Compaq RAID
  controllers.
a/floppy-5.4-i386-3.tgz:  Recompiled with fdutils-5.4-20020222.diff.gz.
a/shadow-4.0.3-i386-1.tgz:  Upgraded to shadow-4.0.3.
a/sysklogd-1.4.1-i386-4.tgz:  Added /etc/rc.d/rc.syslog.
a/sysvinit-2.84-i386-11.tgz:  In rc.M, start syslogd/klogd using rc.syslog;
  start sendmail using rc.sendmail; if rc.cups is found, start CUPS instead
  of lpd.
  LVM fixes in rc.S and rc.6 (lvtab -> lvmtab, mount /proc before scan).
  Remove directories in addition to files from /var/log/setup/tmp.
  Move hwclock section after rc.modules in rc.S (fixes a problem with using
  a modularized real time clock).
ap/vim-6.1-i386-3.tgz:  Added vim-6.1-lang language support.
  Reduced from "huge" to "big".
  Applied the latest patches from ftp.vim.org.
  Thanks to Adrien Beau for pointing me at the vim-6.1-lang package. :-)
gnome/rep-gtk-0.15-i386-2.tgz:  Fixed ownership of files under /usr/doc/.
l/glibc-i18n-2.2.5-i386-1.tgz:  Fixed a typo in the slack-desc file.
l/t1lib-1.3.1-i386-1.tgz:  Added t1lib-1.3.1.
n/epic4-1.0.1-i386-2.tgz:  Fixed ownership of files under /usr/doc/.
n/nmap-2.54BETA33-i386-1.tgz:  Upgraded to nmap-2.54BETA33.
n/popa3d-0.5.1-i386-1.tgz:  Upgraded to popa3d-0.5.1.
n/sendmail-8.12.3-i386-2.tgz:  Fixed the install script to be sure there's an
  /etc/mail/aliases.db.
  Added /etc/rc.d/rc.sendmail.
n/sendmail-cf-8.12.3-i386-2.tgz:  Rebuilt.
n/tcpip-0.17-i386-8.tgz:  In rc.inet2, use rc.syslog to start syslogd/klogd.
n/yptools-2.6-i386-4.tgz:  Upgraded to ypbind-mt-1.11.
  Fixed two manpages that weren't compressed but ended in '.gz'.
xap/gnuplot-3.7.2-i386-2.tgz:  Recompiled with readline (--with-readline=gnu).
xap/xfce-3.8.16-i386-1.tgz:  Upgraded to xfce-3.8.16.
xap/xvim-6.1-i386-3.tgz:  Added vim-6.1-lang language support.
  Reduced from "huge" to "big".
  Applied the latest patches from ftp.vim.org.
xap/xpdf-1.00-i386-3.tgz:  Recompiled against t1lib and freetype2.
----------------------------
Thu Apr 25 12:00:50 PDT 2002
ap/sudo-1.6.6-i386-1.tgz:  Upgraded to sudo-1.6.6.
  This version of sudo fixes a security problem whereby a local user may gain
  root access through corruption of the heap (Off-By-Five).
  This issue was discovered by Global InterSec LLC, and more information may
  be found on their web site:  
  http://www.globalintersec.com/adv/sudo-2002041701.txt
  The discussion on the site indicates that this problem may only be exploitable
  on systems that use PAM, which Slackware does not use.  However, in the 
  absence of proof, it still seems prudent to upgrade sudo immediately.
  (* Security fix *)
----------------------------
Wed Apr 24 21:04:25 PDT 2002
a/pkgtools-8.0.8-i386-5.tgz:  Fixed xfree86setup text formatting.
gnome/abiword-1.0.0-i386-1.tgz:  Upgraded to abiword-1.0.0.
gnome/galeon-1.2.1-i386-1.tgz:  Upgraded to galeon-1.2.1.
gnome/gnumeric-1.0.6-i386-1.tgz:  Upgraded to gnumeric-1.0.6.
xap/mozilla-1.0rc1-i386-1.tgz:  Upgraded to mozilla-1.0rc1.
xap/windowmaker-0.80.0-i386-1.tgz:  This really didn't belong in /gnome.
----------------------------
Thu Apr 18 18:20:19 PDT 2002
d/cvs-1.11.2-i386-1.tgz:  Upgraded to cvs-1.11.2.
----------------------------
Tue Apr 16 21:28:07 PDT 2002
a/loadlin-1.6c-i386-1.tgz:  Upgraded to loadlin-1.6c.  (Thanks Hans!)
ap/mc-4.5.55-i386-3.tgz:  Recompiled with different options that should get
  rid of most of the reported problems.  Thanks to Georgi Chorbadzhiyski for
  helping out with this.
xap/skipstone-0.8.1-i386-1.tgz:  Added skipstone-0.8.1.
extra/java2-runtime-environment/j2re-1.4.0-i486-1.tgz:  Added a symlink
  /usr/bin/ls -> /bin/ls, needed by the ControlPanel script.
----------------------------
Mon Apr 15 23:47:55 PDT 2002
a/dcron-2.3.3-i386-4.tgz:  Modified root's crontab to run package cron scripts
  in /etc/cron.{daily,hourly,monthly,weekly} with the run-parts script that
  was added to the bin package yesterday.  (these cron directories are required
  by the LSB)  Note that upgrading the dcron package will not replace root's
  crontab unless it is deleted manually first.
a/devs-2.3.1-i386-3.tgz:  Updated /dev/fb* devices to use the new numbering
  standard.
a/logrotate-3.6.3-i386-1.tgz:  Upgraded to logrotate-3.6.3.  Added a daily
  cron script in /etc/cron.daily instead of running logrotate directly from
  root's crontab.
a/shadow-19990827-i386-6.tgz:  Fixed config file replacement script.
a/slocate-2.6-i386-2.tgz:  Added an slocate cron script in /etc/cron.daily.
ap/vim-6.1-i386-2.tgz:  Recompile with --with-features=huge.  Thanks again
  to Naresh Donti for the tip.  Since we were recompiling anyway, the
  latest patches from ftp.vim.org were also applied.
kde/qt-3.0.3-i386-2.tgz:  Corrected a couple of minor bugs in the 
  /etc/profile.d/ scripts.  When using qt.sh, ':' should not be added to the
  end of $CPLUS_INCLUDE_PATH.  Use QTDIR=/usr/lib/qt-3.0.3 if found, otherwise
  fall back to QTDIR=/usr/lib/qt.  This prevents some runtime warnings. 
n/lftp-2.5.0a-i386-2.tgz:  Recompiled adding --with-modules.
n/lynx-2.8.4-i386-2.tgz:  Recompiled adding --with-ssl --enable-color-style 
  --enable-prettysrc --enable-source-cache --enable-nsl-fork
  Thanks to Frédéric L. W. Meunier for the lftp and lynx suggestions.
xap/xvim-6.1-i386-2.tgz:  Recompiled with latest patches and
  --with-features=huge.
extra/java2-runtime-environment/j2re-1.4.0-i486-1.tgz:  Added a package
  containing Sun's Java(TM) 2 Runtime Environment.
----------------------------
Sun Apr 14 21:29:14 PDT 2002
a/bin-8.2.1-i386-4.tgz:  Added run-parts script and manpage.
  Upgraded to GNU indent-2.2.7.
  Upgraded to GNU which-2.13.
  Fixed permissions on splitvt docs.
ap/mc-4.5.55-i386-2.tgz:  Recompiled with large file support.
gnome/nautilus-1.0.6-i386-2.tgz:  Added a patch that prevents spawning around
  50 zombie shell processes when 'help' is used.  This is caused by nautilus
  trying to use a feature that will be present in a future scrollkeeper version,
  but that isn't there yet.  Thanks to Naresh Donti for the bug report.
extra/rp-pppoe-3.3/rp-pppoe-3.3-i386-1.tgz:  Added rp-pppoe-3.3.
----------------------------
Sat Apr 13 20:16:42 PDT 2002
a/shadow-19990827-i386-5.tgz:  Added /var/log/faillog.
  Fixed install script to not overwrite existing login.access or login.defs.
l/readline-4.2a-i386-2.tgz:  Remove extra '.old' copies of the shared libraries.
----------------------------
Fri Apr 12 02:01:53 PDT 2002
We'll call this Slackware 8.1-beta2. :-)
a/pkgtools-8.0.8-i386-4.tgz:  Fixed GNOME selection in xwmconfig.
d/gdb-5.1.1-i386-3.tgz:  Fix ownership of /usr/doc/gdb-5.1.1/README.gdbserver.
d/python-2.2.1-i386-1.tgz:  Upgraded to python-2.2.1.
Hey folks, here is the long awaited update to GNOME.  I think you'll find it was
worth the wait while these were tweaked (and retweaked :) to get everything just
exactly perfect.  This GNOME build is based on stable GNOME 1.4.1, and nearly
every package has been recently updated.  There are also several new packages
that have not appeared in Slackware before, such as Evolution.
gnome/abiword-0.99.3-i386-1.tgz:  Added abiword-0.99.3.
gnome/bonobo-1.0.19-i386-1.tgz:  Added bonobo-1.0.19.
gnome/bonobo-conf-0.14-i386-1.tgz:  Added bonobo-conf-0.14.
gnome/bug-buddy-2.0.8-i386-1.tgz:  Added bug-buddy-2.0.8.
gnome/control-center-1.4.0.5-i386-1.tgz:  Added control-center-1.4.0.5.
gnome/dia-0.88.1-i386-1.tgz:  Added dia-0.88.1.
gnome/enlightenment-0.16.5-i386-1.tgz:  Added enlightenment-0.16.5.
gnome/eog-0.6-i386-1.tgz:  Added eog-0.6.
gnome/esound-0.2.24-i386-1.tgz:  Added esound-0.2.24.
gnome/eterm-0.8.10-i386-1.tgz:  Added eterm-0.8.10.
gnome/evolution-1.0.3-i386-1.tgz:  Added evolution-1.0.3.
gnome/fnlib-0.5-i386-1.tgz:  Added fnlib-0.5.
gnome/gaim-0.55-i386-1.tgz:  Added gaim-0.55.
gnome/gal-0.19.1-i386-1.tgz:  Added gal-0.19.1.
gnome/galeon-1.2.0-i386-1.tgz:  Added galeon-1.2.0.
gnome/gconf-1.0.9-i386-1.tgz:  Added gconf-1.0.9.
gnome/gdm-2.2.5.5-i386-1.tgz:  Added gdm-2.2.5.5.
gnome/gedit-0.9.6-i386-1.tgz:  Added gedit-0.9.6.
gnome/gftp-2.0.11-i386-1.tgz:  Added gftp-2.0.11.
gnome/ggv-1.0.2-i386-1.tgz:  Added ggv-1.0.2.
gnome/ghex-1.2.1-i386-1.tgz:  Added ghex-1.2.1.
gnome/glade-0.6.4-i386-1.tgz:  Added glade-0.6.4.
gnome/gnet-1.1.2-i386-1.tgz:  Added gnet-1.1.2.
gnome/gnome-admin-1.0.3-i386-1.tgz:  Added gnome-admin-1.0.3.
gnome/gnome-applets-1.4.0.5-i386-1.tgz:  Added gnome-applets-1.4.0.5.
gnome/gnome-audio-1.4.0-noarch-1.tgz:  Added gnome-audio-1.4.0.
gnome/gnome-core-1.4.0.6-i386-1.tgz:  Added gnome-core-1.4.0.6.
gnome/gnome-games-1.4.0.3-i386-1.tgz:  Added gnome-games-1.4.0.3.
gnome/gnome-libs-1.4.1.4-i386-1.tgz:  Added gnome-libs-1.4.1.4.
gnome/gnome-media-1.2.3-i386-1.tgz:  Added gnome-media-1.2.3.
gnome/gnome-mime-data-1.0.1-i386-1.tgz:  Added gnome-mime-data-1.0.1.
gnome/gnome-network-1.0.2-i386-1.tgz:  Added gnome-network-1.0.2.
gnome/gnome-objc-1.0.40-i386-1.tgz:  Added gnome-objc-1.0.40.
gnome/gnome-pilot-0.1.64-i386-1.tgz:  Added gnome-pilot-0.1.64.
gnome/gnome-pim-1.4.4-i386-1.tgz:  Added gnome-pim-1.4.4.
gnome/gnome-print-0.35-i386-1.tgz:  Added gnome-print-0.35.
gnome/gnome-python-1.4.2-i386-1.tgz:  Added gnome-python-1.4.2.
gnome/gnome-user-docs-1.4.1.1-noarch-1.tgz:  Added gnome-user-docs-1.4.1.1.
gnome/gnome-utils-1.4.1.2-i386-1.tgz:  Added gnome-utils-1.4.1.2.
gnome/gnome-vfs-1.0.5-i386-1.tgz:  Added gnome-vfs-1.0.5.
gnome/gnomeicu-0.98.2-i386-1.tgz:  Added gnomeicu-0.98.2.
gnome/gnomemm-1.2.2-i386-1.tgz:  Added gnomemm-1.2.2.
gnome/gnotepad+-1.3.3-i386-1.tgz:  Added gnotepad+-1.3.3.
gnome/gnumeric-1.0.5-i386-1.tgz:  Added gnumeric-1.0.5.
gnome/gqview-1.0.2-i386-1.tgz:  Added gqview-1.0.2.
gnome/gtk-engines-0.12-i386-1.tgz:  Added gtk-engines-0.12.
gnome/gtkhtml-1.0.2-i386-1.tgz:  Added gtkhtml-1.0.2.
gnome/gtkmm-1.2.8-i386-1.tgz:  Added gtkmm-1.2.8.
gnome/gtm-0.4.11-i386-1.tgz:  Added gtm-0.4.11.
gnome/gtop-1.0.13-i386-1.tgz:  Added gtop-1.0.13.
gnome/guile-1.5.6-i386-1.tgz:  Added guile-1.5.6.
gnome/imlib-1.9.14-i386-1.tgz:  Added imlib-1.9.14.
gnome/libghttp-1.0.9-i386-1.tgz:  Added libghttp-1.0.9.
gnome/libglade-0.17-i386-1.tgz:  Added libglade-0.17.
gnome/libgtop-1.0.13-i386-1.tgz:  Added libgtop-1.0.13.
gnome/libole2-0.2.4-i386-1.tgz:  Added libole2-0.2.4.
gnome/librep-0.15.2-i386-1.tgz:  Added librep-0.15.2.
gnome/libsigc++-1.0.4-i386-1.tgz:  Added libsigc++-1.0.4.
gnome/libunicode-0.4-i386-1.tgz:  Added libunicode-0.4.
gnome/nautilus-1.0.6-i386-1.tgz:  Added nautilus-1.0.6.
gnome/oaf-0.6.8-i386-1.tgz:  Added oaf-0.6.8.
gnome/pan-0.11.2.91-i386-1.tgz:  Added pan-0.11.2.91.
gnome/panelmm-0.3.1-i386-1.tgz:  Added panelmm-0.3.1.
gnome/pilot-link-0.9.5-i386-1.tgz:  Added pilot-link-0.9.5.
gnome/pkgconfig-0.12.0-i386-1.tgz:  Added pkgconfig-0.12.0.
gnome/rep-gtk-0.15-i386-1.tgz:  Added rep-gtk-0.15.
gnome/sawfish-1.0.1-i386-1.tgz:  Added sawfish-1.0.1.
gnome/scrollkeeper-0.2-i386-1.tgz:  Added scrollkeeper-0.2.
gnome/sodipodi-0.24.1-i386-1.tgz:  Added sodipodi-0.24.1.
gnome/windowmaker-0.80.0-i386-1.tgz:  Added windowmaker-0.80.0.
gnome/xalf-0.12-i386-1.tgz:  Added xalf-0.12.
gnome/xchat-1.8.8-i386-1.tgz:  Added xchat-1.8.8.
gnome/xscreensaver-4.02_gnome-i386-1.tgz:  Added xscreensaver-4.02 compiled
  for GNOME.
n/iptables-1.2.6a-i386-1.tgz:  Upgraded to iptables-1.2.6a.
n/mutt-1.2.5.1-i386-3.tgz:  Patched mutt to look in the correct directory
  for charmaps (/usr/share/i18n/charmaps).  Note that mutt still does not
  understand compressed charmaps, which are now default with glibc.  Until
  this can be addressed, if you need to use charmaps with mutt, you'll need
  to go into /usr/share/i18n/charmaps and uncompress them.
  Thanks to Cezary Sliwa for pointing out this problem.
----------------------------
Thu Apr 11 01:47:23 PDT 2002
pasture/XFree86-3.3.6-servers/xwrapper-3.3.6-i386-1.tgz:  Added setuid
  Xwrapper program to allow non-root users to run XFree86 3.3.6 servers
  without requiring them to be made setuid root.  Thanks to Harka Steinhart
  for reminding me that this was required.
a/bin-8.2.1-i386-3.tgz:  Patched /bin/ed to create tmp files more safely.
a/genpower-1.0.1-i386-1.tgz:  Added genpower-1.0.1 (replaces powerd).
a/getty-ps-2.0.7j-i386-3.tgz:  Moved inittab example to the examples
  directory.
a/shadow-19990827-i386-4.tgz:  Fixed a bug in adduser that caused it to
  always use the next available UID no matter what UID was entered.
a/sysvinit-2.84-i386-10.tgz:  Added support for LVM in rc.S and rc.6.
  Removed powerd and rewrote the scripts to use genpowerd instead.  
  Don't try to run crond or atd if they aren't installed on the system.
  Rather than replacing existing scripts in /etc/rc.d/, leave .new ones behind.
  Fix rc.S so that the -f and -F options to /sbin/shutdown work properly.
  Restart /sbin/init after installing the new binary, so that the system can
  unmount its drives at the next shutdown/reboot.
  In rc.6, unmount remote volumes before killing processes.  Fixes a problem
  when using SMB volumes with PCMCIA network cards.  (thanks Nathan England)
  In rc.6, clear /var/lock/subsys.  (thanks Jeff Adams) 
  Change gdm path in rc.4 to /usr/bin/gdm.
----------------------------
Wed Apr 10 14:34:08 PDT 2002
ap/hpijs-1.0.4-i386-1.tgz:  Upgraded to hpijs-1.0.4.
l/gdk-pixbuf-0.16.0-i386-1.tgz:  Added gdk-pixbuf-0.16.0, needed by xfce.
Touched a few packages that were not mirroring out properly.
----------------------------
Wed Apr 10 01:00:21 PDT 2002
Added "install-packages" scripts in the package directories.
a/lilo-22.2-i386-3.tgz:  If XFS is detected, make MBR installation the default
  menu choice.
a/pkgtools-8.0.8-i386-3.tgz:  Fix bug which caused leftover files in
  /var/log/setup/tmp when a package was skipped while using -infobox.
  Return an error code from upgradepkg if the last (or only) package it tried
  to upgrade was not installed.
  Add xfce detection to xwmconfig, and remember previous selection.
a/sysklogd-1.4.1-i386-3.tgz:  Fixed missing /var/log/syslog err/warn logging in
  /etc/syslog.conf.  Add rotation for /var/log/syslog.
ap/rexima-1.1-i386-1.tgz:  Added rexima-1.1.
xap/fvwm-2.4.6-i386-4.tgz:  Don't create an xinitrc symlink.
xap/fvwm95-2.0.43ba-i386-2.tgz:  Don't create an xinitrc symlink.
xap/xfce-3.8.14c-i386-1.tgz:  Added xfce-3.8.14c.  Do you find GNOME and KDE to
  be too slow on your machine?  Then try xfce, "The Cholesterol Free Desktop
  Environment".  This has been added to fill the need for a complete but
  lightweight and _fast_ desktop environment.
----------------------------
Tue Apr  9 01:09:48 PDT 2002
a/dcron-2.3.3-i386-3.tgz:  Patched to report correct version.
n/sendmail-8.12.3-i386-1.tgz:  Upgraded to sendmail-8.12.3.
n/sendmail-cf-8.12.3-i386-1.tgz:  Upgraded to sendmail-8.12.3.
----------------------------
Sun Apr  7 18:15:16 PDT 2002
a/aaa_base-8.0.8-i386-4.tgz:  Moved /etc/slackware-version to here.
a/dcron-2.3.3-i386-2.tgz:  Added logrotate to root's crontab.
  Added updatedb (slocate) to root's crontab.
  Removed nobody's crontab, which used to run GNU findutils updatedb.
a/etc-5.0-i386-1.tgz:  Removed obsolete "filesize" script.
  Added slocate group.
a/findutils-4.1.7-i386-1.tgz:  Upgraded to findutils-4.1.7.
  Removed deprecated locate and updatedb programs -- the new versions
  are in the slocate package.
a/glibc-zoneinfo-2.2.5-i386-1.tgz:  Fixed timeconfig to work better on
  vt100 terminals.  Since it's a minor change, and this _is_ -current, I
  didn't update the build number.
a/grep-2.5-i386-2.tgz:  Compile against the static libpcre.a, since we
  don't want to have to move that into the A series, and it doesn't make
  grep much larger.
a/lprng-3.8.5-i386-2.tgz:  Better config file handling in the install script.
a/logrotate-3.6.2-i386-1.tgz:  Added by popular demand.  ;-)
a/pciutils-2.1.10-i386-1.tgz:  Upgraded to pciutils-2.1.10 and the latest
  version of pci.ids.
a/pkgtools-8.0.8-i386-2.tgz:  Fixed some spelling errors in installpkg and
  pkgtool.  Also fixed many several other spelling mistakes in the installer
  and package descriptions.  Thanks to Jason Byrne for kicking me into editor
  mode.  :-)
  Removed /etc/slackware-version.
  Eliminated use of obsolete filesize script in makepkg.
a/shadow-19990827-i386-3.tgz:  Don't create (obsolete) /var/log/sulog.
a/slocate-2.6-i386-1.tgz:  Added slocate-2.6.
a/sysklogd-1.4.1-i386-2.tgz:  Provide a more complete syslog.conf.
  Add /etc/logrotate.d/syslog.
ap/mysql-3.23.49-i386-2.tgz:  Recompiled with better optimization.
l/gdbm-1.8.0-i386-2.tgz:  Fixed '/usr/local' bug in libgdbm.la.
l/glibc-2.2.5-i386-1.tgz:  Fixed timeconfig script for vt100 terminals.
n/php-4.1.2-i386-4.tgz:  Added IMAP/SSL support.
  Thanks to Miha Verlic for suggesting the mysql and php changes.
xap/fvwm-2.4.6-i386-3.tgz:  Added back a bunch of icons that fvwm doesn't
  include in recent versions.  Thanks to Artur Kedzierski for noticing this.
----------------------------
Fri Apr  5 22:54:17 PST 2002
rootdisks/install.?:  Use /dev/sr?, not /dev/scd? which is deprecated.
  Support a new series KDEI for the kde-i18n packages.
extra/openmotif-2.2.1/openmotif-2.2.1-i386-1.tgz:  Added openmotif-2.2.1.
extra/sgml-tools-1.0.9-i386-2.tgz:  Fixed missing libostyle.
a/gettext-0.11-i386-2.tgz:  Recompiled.
a/grep-2.5-i386-1.tgz:  Upgraded to GNU grep-2.5.
a/lilo-22.2-i386-2.tgz:  Add a warning against installing LILO on the
  superblock of an XFS partition.
a/pkgtools-8.0.8-i386-1.tgz:  Enhanced upgradepkg to handle a sloppy package
  database -- if multiple packages match the old package name, remove all of
  them instead of a random one.
  Made xwmconfig a menu rather than a radiolist.
ap/texinfo-4.2-i386-1.tgz:  Upgraded to GNU texinfo-4.2.
d/autoconf-2.53-i386-1.tgz:  Upgraded to GNU autoconf-2.53.
 (I'm holding off on automake-1.6 until the impact of the renaming of
 /usr/share/aclocal can be assessed.  Really, I'm mostly hoping they change
 their minds, since it really screws things up for packages that want to install
 an .m4 file in there to have /usr/share/aclocal-1.6.  When automake-1.7 comes
 out I don't want to be rerolling dozens of packages just to move the .m4 files
 into /usr/share/aclocal-1.7.)
d/bison-1.35-i386-1.tgz:  Upgraded to GNU bison-1.35.
d/gdb-5.1.1-i386-2.tgz:  Added gdbserver and docs.
d/gettext-tools-0.11-i386-2.tgz:  Fixed libgettextlib.la to indicate that the
  library is installed.
kde/:  Upgraded to KDE-3.0.  (Thanks KDE team for the great work! :-)
kdei/:  New series for the KDE language support packages.
l/audiofile-0.2.3-i386-2.tgz:  Moved here from ../kde.  Even though KDE 3.0rc3
  uses aRts, it seems audiofile is still required, and things outside of KDE
  will require it in the future.
l/freetype-1.3.1-i386-1.tgz:  Split out of the xfree86 packages.  Moved into
  /usr instead of /usr/X11R6, which seems to help prevent programs from
  including the wrong header files (freetype2, which is bundled with XFree86,
  puts its header files under /usr/X11R6/include).
l/libungif-4.1.0b1-i386-2.tgz:  Fixed libungif.la to indicate that the library
  is installed.
l/libxml2-2.4.19-i386-1.tgz:  Upgraded to libxml2-2.4.19.
n/bind-9.2.0-i386-2.tgz:  Added missing rndc-confgen, and patched the install
  script to run it at install time with the -a option.
n/links-0.97pre9-i386-1.tgz:  Upgraded to links-0.97pre9.
n/lftp-2.5.0a-i386-1.tgz:  Added lftp-2.5.0a.
n/pidentd-3.0.12-i386-1.tgz:  Split out from tcpip package, reverted to 3.0.12
  since 3.0.14 was doing this:
    in.identd[6698]: Error while changing user/group privileges
n/tcpip-0.17-i386-7.tgz:  Remove pidentd (now in separate package).
x/xfree86-4.2.0-i386-3.tgz:  Removed freetype-1.3.1 shared library.
x/xfree86-devel-4.2.0-i386-3.tgz:  Removed freetype-1.3.1 headers.
x/xfree86-docs-4.2.0-i386-2.tgz:  Removed freetype-1.3.1 docs.
xap/freefonts-0.10-i386-1.tgz:  Removed.  There were a couple of problems with
  this.  First, it's tricky to install them in the usual (Type1) directory
  without stomping on the existing fonts.dir and fonts.alias.  Second, not all
  of the licenses are as free as the package name might lead you to think.
  If you need these fonts you can find them here:
    ftp://ftp.gimp.org/pub/gimp/fonts/
xap/sane-1.0.7-i386-1.tgz:  Added sane-1.0.7.
xap/xmms-1.2.7-i386-2.tgz:  Added support for ESD and GNOME.
xap/xpdf-1.00-i386-2.tgz:  Fixed xpdfrc to not try to load Type1 fonts.
xap/xsane-0.84-i386-1.tgz:  Added xsane-0.84.
----------------------------
Mon Apr  1 01:31:47 PST 2002
Here are a few updates to slackware-current...  :-)
----------------------------
Sun Mar 31 21:51:27 PST 2002
a/pkgtools-8.0.7-i386-3.tgz:  Edited some text in xwmconfig.
----------------------------
Sun Mar 31 00:45:29 PST 2002
a/sysvinit-2.84-i386-9.tgz:  Add /etc/dhcpc/dhcpcd-eth0.pid to the list of
  files to be removed at boot time in rc.S.
ap/quota-3.04-i386-1.tgz:  Upgraded to quota-3.04.
n/nfs-utils-0.3.3-i386-2.tgz:  Removed rpc.rquotad, which is now maintained
  in the quota package.
----------------------------
Sat Mar 30 20:55:02 PST 2002
a/jfsutils-1.0.16-i386-1.tgz:  Added jfsutils-1.0.16.
a/xfsprogs-2.0.1-i386-1.tgz:  Added xfsprogs-2.0.1.
I've also added mkfs.jfs and mkfs.xfs to the isolinux initrd and rootdisk
images, and patched the installer to allow any of these filesystems if they're
found in the kernel:  ext2, ext3, jfs, reiserfs, and xfs.  In addition, there
are now kernels with jfs and xfs support usable from isolinux.  This is still
just for testing, and the prebuilt JFS/XFS kernels don't contain any support for
SCSI controllers (but it would be easy to rebuild the kernel with the patches
in source/k/kernel-source/... consider that part of your test :)
----------------------------
Sat Mar 30 13:09:38 PST 2002
l/libxml-1.8.17-i386-1.tgz:  Added libxml1.
  Moved some libraries which are bound to see widespread usage outside of KDE:
l/libxml2-2.4.15-i386-1.tgz:  Moved here from kde/.
l/libxslt-1.0.12-i386-1.tgz:  Moved here from kde/.
l/pcre-3.9-i386-1.tgz:  Moved here from kde/.
l/orbit-0.5.15-i386-1.tgz:  Added ORBit, which is needed to build Mozilla.
n/nmap-2.54BETA31-i386-2.tgz:  Put GNOME files under /usr, not /opt/gnome.
xap/mozilla-0.9.9-i386-2.tgz:  Put GNOME files under /usr, not /opt/gnome.
xap/xscreensaver-4.02-i386-2.tgz:  Recompiled against libxml.
----------------------------
Fri Mar 29 00:50:23 PST 2002
n/nmap-2.54BETA31-i386-1.tgz:  Added nmap-2.54BETA31.
xap/imagemagick-5.4.4-i386-1.tgz:  Upgraded to ImageMagick-5.4.4.
----------------------------
Thu Mar 28 20:53:40 PST 2002
a/pkgtools-8.0.7-i386-2.tgz: Fixed a bug that prevented tagfiles from being
  followed correctly.
  In pkgtool "View" mode, jump back to the same place in the list after viewing
  the package.  Suggested by Marek Januszewski.
----------------------------
Thu Mar 28 15:46:08 PST 2002
a/cpio-2.4.2.91-i386-1.tgz:  Upgraded to cpio-2.4.2.91 (which appears to be
  primarily a bugfix version) from alpha.gnu.org because there hasn't been an
  official release of this in over 6 years.
n/mod_ssl-2.8.8_1.3.24-i386-2.tgz:  Fixed the html documentation.
n/openssh-3.1p1-i386-2.tgz:  Edited rc.sshd to allow 'rc.sshd restart' without
  hanging up on existing connections.  Suggested by Pawel Kot.
----------------------------
Wed Mar 27 23:54:51 PST 2002
a/floppy-5.4-i386-2.tgz:  Recompiled, stripped binaries.
a/pkgtools-8.0.7-i386-1.tgz:  Use dynamic resizing for slack-desc windows.
ap/vim-6.1-i386-1.tgz:  Upgraded to vim-6.1.
n/apache-1.3.24-i386-1.tgz:  Upgraded to apache-1.3.24.
n/mod_ssl-2.8.8_1.3.24-i386-1.tgz:  Upgraded to mod_ssl-2.8.8_1.3.24.
x/xfree86-4.2.0-i386-2.tgz:  Rebuilt against system zlib.
x/xfree86-devel-4.2.0-i386-2.tgz:  Rebuilt against system zlib.
  Added "HasZlib YES" to linux.cf.
x/xfree86-xnest-4.2.0-i386-2.tgz:  Rebuilt against system zlib.
x/xfree86-xprt-4.2.0-i386-2.tgz:  Rebuilt against system zlib.
x/xfree86-xvfb-4.2.0-i386-2.tgz:  Rebuilt against system zlib.
xap/xvim-6.1-i386-1.tgz:  Added GTK+ version of vim.
----------------------------
Wed Mar 27 01:33:20 PST 2002
extra/kde-3.0rc3/:  This is a set of packages to test KDE 3.0rc3.  This
  requires (at least) libxml2, libxslt, and pcre from the KDE series (in
  slackware/kde), and lesstif from the L series.  There are other dependencies
  as well, so if you want to test this, I recommend a full install, then remove
  the old packages like this:
    cd /var/log/packages ; removepkg kde* kdoc* koffice* qt*
  Finally, use installpkg to install all the packages in extra/kde-3.0rc3.
xap/netscape-6.2.2-i686-1.tgz:  Upgraded to netscape-6.2.2.
  This build includes the zlib fix.
xap/xmms-1.2.7-i386-1.tgz:  Added xmms-1.2.7.
xap/xscreensaver-4.02-i386-1.tgz:  Added xscreensaver-4.02.
----------------------------
Sun Mar 24 20:01:54 PST 2002
a/pkgtools-8.0.6-i386-1.tgz:  Fix installpkg to handle slack-desc files with
  anywhere from 1 to 13 lines, and add \n to the end of the lines before
  displaying them so that dialog doesn't change the formatting.
----------------------------
Sat Mar 23 23:26:06 PST 2002
a/pkgtools-8.0.5-i386-6.tgz:  In the provided sample XF86Config, increase the
  default color depth from 8 to 24 (most cards should be able to handle it).
a/shadow-19990827-i386-2.tgz:  /usr/sbin/adduser has been rewritten by
  Stuart Winter.  This version accepts the new account name from the command
  line (optionally), and has better input, output, and error checking. 
a/sysvinit-2.84-i386-8.tgz:  In rc.M, don't start smartd by default, as it
  doesn't handle all ATAPI devices well.
d/m4-1.4-i386-2.tgz:  Relocate docs into correct directory.
l/libjpeg-6b-i386-2.tgz:  Add more docs that are included with the source.
n/htdig-3.1.6-i386-1.tgz:  Upgraded to htdig-3.1.6-i386-1.tgz.
----------------------------
Sat Mar 23 00:08:39 PST 2002
a/aaa_base-8.0.8-i386-3.tgz:  Updated welcome email.
a/devfsd-1.3.24-i386-1.tgz:  Upgraded to devfsd-1.3.24.
a/kernel-scsi-2.4.18-i386-1.tgz:  Add a kernel image with support for most
  SCSI controllers.
ap/texinfo-4.1-i386-1.tgz:  Upgraded to texinfo-4.1.
d/binutils-2.12.90.0.1-i386-1.tgz:  Upgraded to binutils-2.12.90.0.1.
n/tcpip-0.17-i386-6.tgz:  Probe for ethernet cards using the 8139cp driver in
  netconfig.
bootdisks/:  Added some bootdisks:  bare.i, adaptec.s, raid.s, and scsi.s.
rootdisks/:  Added floppy rootdisk images.  Due to the size of the compressed
  image finally exceeding 1.44MB (with apparently no way to trim it down below
  that), we have to use a split *uncompressed* rootdisk.  This means there are
  now 5 rootdisk images that the kernel needs to load (not counting the
  network and pcmcia supplemental images).  There are other ways around this
  that might reduce the number to 2 or 3 floppies, but they 1) increase
  complexity, 2) increase RAM usage, and/or 3) require kernel patches.  None
  of these seem like worthwhile tradeoffs.
  Oh well.  It's a shame the floppy disk format never evolved...
----------------------------
Fri Mar 22 00:14:29 PST 2002
a/modutils-2.4.14-i386-1.tgz:  Upgraded to modutils-2.4.14.
a/pkgtools-8.0.5-i386-5.tgz:  Added a syslinux bootdisk option to
  makebootdisk (along with various other cleanups to makebootdisk).
a/smartsuite-2.1-i386-1.tgz:  Added smartsuite-2.1.
a/syslinux-1.67-i386-1.tgz:  Added syslinux-1.67.
a/sysvinit-2.84-i386-7.tgz:  Edit rc.M to start smartd if found.
extra/libsafe-2.0-12/libsafe-2.0.12-i386-1.tgz:  Added libsafe-2.0-12.
----------------------------
Thu Mar 21 21:22:26 PST 2002
n/inetd-1.79s-i386-1.tgz:  Split inetd out of tcpip package.
n/nfs-utils-0.3.3-i386-1.tgz:  Split nfs-utils out of tcpip package.
n/portmap-4.0-i386-1.tgz:  Split portmap out of tcpip package.
n/tcpip-0.17-i386-5.tgz:  Update /etc/protocols and /etc/services, toss out some
  long obsolete config files in /etc (gateways and NETWORKING).  Ported the
  telnet client from OpenBSD, which supports more options.
----------------------------
Wed Mar 20 21:39:43 PST 2002
a/pciutils-2.1.9-i386-2.tgz:  Updated with latest pci.ids from:
  http://pciids.sourceforge.net/pci.ids
a/sysvinit-2.84-i386-6.tgz:  Switch to 'last' included with these sources,
  as it seems to be better (-a option, for example) than the version in
  util-linux.  Thanks again to Stuart Winter for managing to convince me. :)
a/util-linux-2.11o-i386-2.tgz:  Removed /usr/bin/last.
ap/apsfilter-7.2.2-i386-1.tgz:  Upgraded to apsfilter-7.2.2.
ap/hpijs-1.0.3-i386-2.tgz:  I hear -O makes this more stable.  Recompiled.
xap/mozilla-0.9.9-i386-1.tgz:  Added mozilla-0.9.9.
----------------------------
Wed Mar 20 00:49:29 PST 2002
a/devs-2.3.1-i386-1.tgz:  Don't let users write to /dev/vcs*.
  (reported by Stuart Winter -- thanks :-)
a/util-linux-2.11o-i386-1.tgz:  Upgraded to util-linux-2.11o.
ap/ghostscript-6.53-i386-1.tgz:  Upgraded to GNU ghostscript-6.53 with
   gimp-print-4.2.0.  Patched to link with system PNG and zlib libraries.
ap/hpijs-1.0.3-i386-1.tgz:  Added hpijs-1.0.3 (HP inkjet drivers for gs).
xap/gimp-1.2.3-i386-1.tgz:  Upgraded to gimp-1.2.3.
----------------------------
Mon Mar 18 17:45:07 PST 2002
ap/lsof-4.62-i386-1.tgz:  Added lsof-4.62.
emacs-21.2-i386-1.tgz:  Upgraded to GNU Emacs 21.2.
emacs-info-21.2-i386-1.tgz:  Upgraded to GNU Emacs 21.2.
emacs-leim-21.2-i386-1.tgz:  Upgraded to GNU Emacs 21.2.
emacs-lisp-21.2-i386-1.tgz:  Upgraded to GNU Emacs 21.2.
emacs-misc-21.2-i386-1.tgz:  Upgraded to GNU Emacs 21.2.
emacs-nox-21.2-i386-1.tgz:  Upgraded to GNU Emacs 21.2.
l/aalib-1.4rc4-i386-1.tgz:  Added aalib-1.4rc4.
l/mpeg_lib-1.3.1-i386-1.tgz:  Added mpeg_lib-1.3.1.
----------------------------
Sat Mar 16 02:09:32 PST 2002
a/aaa_base-8.0.8-i386-2.tgz:  Removed /cdrom directory, and added /mnt/cdrom,
  /mnt/floppy, and /mnt/hd mount point directories.  This seems to be the
  standard these days.  Also, the installer will add these lines to /etc/fstab:
  /dev/cdrom       /mnt/cdrom       iso9660     noauto,owner,ro  0   0
  /dev/fd0         /mnt/floppy      auto        noauto,owner     0   0
  Originally I thought about using "user" instead of "owner" to allow local
  users to mount CDs and floppies, but this opens up some security problems
  even though setuid bits are suppressed.  You really don't want a normal
  user to be able to log in through the network and mount a disc you've left
  in there.  I've also seen methods of chowning the devices to users as they
  log in at the console, and this also strikes me as insecure.  I've seen that
  chown whole hard drives to a user after hardware has been moved around.
  Anyway, you may want to use "user" on your system if the security risks seem
  low enough for your purposes. :)
a/etc-4.8-i386-1.tgz:  Added pop user/group (90/90) for use by pop servers.
a/pkgtools-8.0.5-i386-4.tgz:  Removed setup.cdrom.
a/sysvinit-2.84-i386-5.tgz:  Removed obsolete rdstop from rc.6.
  Removed /etc/rc.d/rc.cdrom and call to it in rc.M.
n/popa3d-0.5-i386-1.tgz:  Added popa3d-0.5, a small, secure, and reliable POP3
  daemon by Solar Designer.
n/tcpip-0.17-i386-4.tgz:  In the supplied inetd.conf, remove some old cruft
  referring to daemons we no longer ship (or that you shouldn't be running
  anyway ;), and added an example for using popa3d.  Removed traceroute.
  Upgraded to whois-4.5.21.  Upgraded to nfs-utils-0.3.3.  Upgraded to
  pidentd-3.0.14.  Replaced netkit-tftp with tftp-hpa-0.29.  Added more docs.
n/traceroute-1.4a12-i386-1.tgz:  Split into its own package, rebuilt using the
  traceroute-1.4a12 LBL sources.
xap/xpdf-1.00-i386-1.tgz:  Upgraded to xpdf-1.00.
----------------------------
Fri Mar 15 15:19:59 PST 2002
Added Vincent Rivellino's patches for Mylex and Compaq RAID controllers to
makedevs.sh and probe on the installer.  This still doesn't set up LILO
automatically, but should make it much easier to install using one of these
controllers.
----------------------------
Fri Mar 15 02:49:19 PST 2002
xap/gnuchess-4.0.pl80-i386-2.tgz:  Upgraded to use xboard-4.0.7.
----------------------------
Thu Mar 14 23:03:57 PST 2002
a/elflibs-8.0.8-i386-1.tgz:  Updated from the current system libraries.
xap/gnuplot-3.7.2-i386-1.tgz:  Upgraded to gnuplot-3.7.2.
xap/gv-3.5.8-i386-1.tgz:  Recompiled, added slack-desc.
xap/seyon-2.20c-i386-2.tgz:  Removed redundant app-defaults symlink.
----------------------------
Thu Mar 14 19:34:59 PST 2002
d/cvs-1.11.1p1-i386-4.tgz:  Fix dir perms: chmod 755 /usr/share/cvs/contrib/.
n/php-4.1.2-i386-3.tgz:  Rebuilt using a --with-png-dir= flag to build in
  PNG support.  (thanks to christian laubscher for noticing it was missing)
n/rsync-2.5.4-i386-1.tgz:  Upgraded to rsync-2.5.4 (fixes broken -z option).
xap/fvwm-2.4.6-i386-2.tgz:  Fixes to the system.fvwm2rc.
xap/xgames-0.2-i386-1.tgz:  Recompiled, added slack-desc.
xap/xfm-1.4.3-i386-1.tgz:  Upgraded to xfm-1.4.3.
xap/xfractint-20.2.03-i386-1.tgz:  Upgraded to xfractint-20.2.03.
xap/xpaint-2.6.2-i386-1.tgz:  Upgraded to xpaint-2.6.2.
xap/xxgdb-1.12-i386-1.tgz:  Recompiled, added slack-desc.
pasture/xview-3.2p1.4:  XV series retired.
----------------------------
Tue Mar 12 00:12:57 PST 2002
d/cvs-1.11.1p1-i386-3.tgz:  Gzipped the tmp diff so that it applies correctly.
  Thanks to George Georgakis for pointing out the mistake.
  (* Security fix *)
----------------------------
Tue Mar 12 00:11:19 PST 2002
xap/fvwm-2.4.6-i386-1.tgz:  Renamed from fvwm2, upgraded to fvwm-2.4.6.
xap/seyon-2.20c-i386-1.tgz:  Recompiled.  Thought about moving it to pasture,
  but I think I'll leave it until a suitable replacement is nominated.
xap/x3270-3.2.18p11-i386-1.tgz:  Upgraded to x3270-3.2.18p11.
----------------------------
Mon Mar 11 18:56:12 PST 2002
a/e2fsprogs-1.27-i386-1.tgz:  Upgraded to e2fsprogs-1.27.
----------------------------
Mon Mar 11 17:39:02 PST 2002
d/cvs-1.11.1p1-i386-2.tgz:  Patched to link to the shared zlib on the system
  instead of statically linking to the included zlib source.  Also, use mktemp
  to create files in /tmp files more safely.
  (* Security fix *)
----------------------------
Mon Mar 11 15:02:50 PST 2002
n/rsync-2.5.3-i386-1.tgz:  Upgraded to rsync-2.5.3.  This fixes two security
  problems:

  * Make sure that supplementary groups are removed from a server
    process after changing uid and gid. (Ethan Benson) (Debian bug
    #132272, CVE CAN-2002-0080)

  * Fix zlib double-free bug.  (Owen Taylor, Mark J Cox) (CVE CAN-2002-0059)

(* Security fix *)
----------------------------
Mon Mar 11 13:18:30 PST 2002
l/zlib-1.1.4-i386-1.tgz:  Upgraded to zlib-1.1.4.  This fixes a security
  problem which may introduce vulnerabilities into any program that links with
  zlib.  Quoting the advisory on zlib.org:

  "Depending upon how and where the zlib routines are called from the given
   program, the resulting vulnerability may have one or more of the following
   impacts: denial of service, information leakage, or execution of arbitrary
   code."

Sites are urged to upgrade the zlib package immediately.

The complete advisory may be found here:
   http://www.zlib.org/advisory-2002-03-11.txt

(* Security fix *)
----------------------------
Mon Mar 11 12:21:03 PST 2002
a/getty-ps-2.0.7j-i386-2.tgz:  Fixed patch that wasn't getting applied.
ap/mad-0.14.2b-i386-1.tgz:  Added mad-0.14.2b MPEG audio library and decoder.
ap/mpg321-0.2.3-i386-1.tgz:  Added mpg321-0.2.3.  (replacement for mpg123)
n/tcpip-0.17-i386-3.tgz:  Removed gnu-pop3d and pop3d-1.006d.
pasture/gnu-pop3d-0.9.8/gnu-pop3d-0.9.8-i386-1.tgz:  Retired.
pasture/pop3d-1.020i/pop3d-1.020i-i386-1.tgz:  Upgraded, then retired.
----------------------------
Sat Mar  9 23:41:58 PST 2002
a/bin-8.2.1-i386-2.tgz:  Added zisofs.magic to /etc/magic.
a/kernel-ide-2.4.18-i386-1.tgz:  Fixed install script.
y/bsd-games-2.13-i386-1.tgz:  Renamed from bsdgames, upgraded to bsd-games-2.13.
xap/rxvt-2.6.4-i386-1.tgz:  Upgraded to rxvt-2.6.4.
xap/xv-3.10a-i386-1.tgz:  Fixed PNG patch, recompiled, added slack-desc.
----------------------------
Sat Mar  9 18:28:17 PST 2002
a/pkgtools-8.0.5-i386-3.tgz:  Upgraded to dialog-0.9a-20020308a.
n/php-4.1.2-i386-2.tgz:  Relinked against gd-1.8.4.
n/sendmail-8.12.2-i386-3.tgz:  Patch setup.sendmail script.
n/sendmail-cf-8.12.2-i386-3.tgz:  Moved cf files into /usr/share/sendmail.
----------------------------
Sat Mar  9 14:53:57 PST 2002
a/kbd-1.06-i386-3.tgz:  Patched fontconfig script.
a/pkgtools-8.0.5-i386-1.tgz:  Upgraded to dialog-0.9a-20020308.
a/pkgtools-8.0.5-i386-2.tgz:  Patched scripts for changed dialog return codes.
----------------------------
Sat Mar  9 01:59:34 PST 2002
a/lilo-22.2-i386-1.tgz:  Upgraded to lilo-22.2, patched liloconfig to look
  for the kernel in /boot.
a/pcmcia-cs-3.1.33-i386-1.tgz:  Upgraded to pcmcia-cs-3.1.33.
a/kernel-ide-2.4.18-i386-1.tgz:  Upgraded to linux-2.4.18.  Moved kernel to
  the /boot directory.
a/kernel-modules-2.4.18-i386-1.tgz:  Built kernel modules from Linux 2.4.18,
  XFree86 4.2.0, and pcmcia-cs-3.1.33.
a/pkgtools-8.0.4-i386-2.tgz:  Edit pkgtool to look for some busybox links
  to figure out it it's on the install disk.
ap/cdrtools-1.11a16-i386-1.tgz:  Upgraded to cdrtools-1.11a16, added
  zisofs-tools-1.0.3, patched mkisofs for zisofs support.
d/kernel-headers-2.4.18-i386-1.tgz:  Upgraded to linux-2.4.18.
k/kernel-source-2.4.18-i386-1.tgz:  Upgraded to linux-2.4.18.
x/xfree86-drm-2.4.17-i386-1.tgz:  Removed.  The new XFree86 DRM kernel
  are in the kernel-modules- package instead.
----------------------------
Thu Mar  7 21:21:20 PST 2002
l/gmp-4.0.1-i386-1.tgz:  Upgraded to GNU gmp-4.0.1.
n/apache-1.3.23-i386-1.tgz:  Upgraded to apache-1.3.23.
n/mod_ssl-2.8.7_1.3.23-i386-1.tgz:  Upgraded to mod_ssl-2.8.7-1.3.23.
n/php-4.1.2-i386-1.tgz:  Renamed package from mod_php, upgraded to
  php-4.1.2, added standalone interpreter in /usr/bin.
----------------------------
Thu Mar  7 15:11:23 PST 2002
n/openssh-3.1p1-i386-1.tgz:  Upgraded to openssh-3.1p1.

  This fixes a security problem in the openssh package.  All sites running
  OpenSSH should upgrade immediately.

  All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error
  in the channel code.  OpenSSH 3.1 and later are not affected.  This bug can
  be exploited locally by an authenticated user logging into a vulnerable
  OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH
  client.  This bug was discovered by Joost Pol <joost@pine.nl>

(* Security fix *)
----------------------------
Wed Mar  6 23:23:08 PST 2002
l/ncurses-5.2-i386-3.tgz:  Removed empty docs/misc directory.
n/ppp-2.4.1-i386-1.tgz:  Recompiled, added slack-desc.
n/trn-3.6-i386-1.tgz:  Recompiled, added slack-desc.
xap/freefonts-0.10-i386-1.tgz:  Renamed from freefont, added slack-desc.
----------------------------
Wed Mar  6 18:04:00 PST 2002
a/hdparm-4.6-i386-2.tgz:  Fixed permissions on hdparm.
n/links-0.97pre6-i386-1.tgz:  Added links-0.97pre6, another text-based WWW
  browser (like "lynx"), but with support for frames and SSL.
n/yptools-2.6-i386-2.tgz:  Fixed the install script.
----------------------------
Wed Mar  6 16:24:30 PST 2002
a/gpm-1.19.6-i386-1.tgz:  Removed broken curses support that interferes with
  ncurses, upgraded to gpm-1.19.6.  This should restore application mouse
  support for things like mc.  Thanks to Thomas Dickey (and Google) for
  supplying the clues I needed to solve this mystery. :)  Also added a
  description of the setup.mouse script that's seen when reconfiguring with
  pkgtool, removed the suid bit from disable-paste, and patched for <time.h>
  changes in recent glibc.  Fixed rc.gpm to accept "start" and "stop".
  Moved shared library into /lib, since we'll be linking libncurses to it and
  that's where libncurses.so.* is installed.
l/ncurses-5.2-i386-2.tgz:  Linked to /lib/libgpm.so.1.  This automagically
  brings console mouse support to lynx and possibly other apps that use
  libncurses.
n/netatalk-1.4b2-i386-1.tgz:  Patched for compatibility with 2.4.x quota.h,
  recompiled, added slack-desc.
----------------------------
Tue Mar  5 22:28:45 PST 2002
n/elm-2.5.6-i386-1.tgz:  Upgraded to elm-2.5.6.
n/metamail-2.7-i386-1.tgz:  Recompiled, added Hebrew fonts, removed some
  obsolete utilities, added slack.desc.
n/nn-6.6.3-i386-1.tgz:  Renamed from nn_nntp, upgraded to nn-6.6.3.
n/samba-2.2.3a-i386-1.tgz:  Upgraded to samba-2.2.3a.
n/tin-1.5.11-i386-1.tgz:  Upgraded to tin-1.5.11.
n/yptools-2.6-i386-1.tgz:  Upgraded to yp-tools-2.6, ypbind-mt-1.10, and
  ypserv-2.2.
----------------------------
Sun Mar  3 19:45:09 PST 2002
a/bin-8.2.1-i386-1.tgz:  Added tree-1.4b1 to the bin collection.
ap/gnu-gs-fonts-6.0-noarch-1.tgz:  Renamed from "gsfonts".  Upgraded with
   fonts from gnu-gs-fonts-std-6.0.tar.gz and gnu-gs-fonts-other-6.0.tar.gz.
----------------------------
Wed Feb 27 20:59:12 PST 2002
a/lilo-22.1-i386-2.tgz:  Comment out some really old code in liloconfig that
  tries to swap the first two IDE drives if DOS/Win is installed on other
  than the first drive.  This probably hasn't been needed in years.
  Spotted by Laurie Riley (who has Win98 on /dev/hde1 :)
n/ipchains-1.3.10-i386-1.tgz:  Added slack-desc, merged into tree.
n/netpipes-4.2-i386-1.tgz:  Recompiled, added slack-desc.
n/netwatch-0.9g-i386-1.tgz:  Added slack-desc, merged into tree.
n/ntp-4.1.1-i386-1.tgz:  Upgraded to ntp-4.1.1, renamed from "ntp4".
n/dip-:  Doesn't recompile, is obsolete.  Tossed out.  If anyone misses it,
  let me know and I'll work on it.
n/uucp-1.06.2-i386-2.tgz:  Recompiled, patched a buffer overflow in uuxqt.
  On Slackware this is not exploitable since uuxqt is only executable for
  users who are already members of the uucp group.
----------------------------
Tue Feb 26 23:55:10 PST 2002
n/bitchx-1.0c18-i386-1.tgz:  Recompiled, added slack-desc.
n/epic4-1.0.1-i386-1.tgz:  Recompiled, added slack-desc.
n/fetchmail-5.9.8-i386-1.tgz:  Upgraded to fetchmail-5.9.8.
n/lynx-2.8.4-i386-1.tgz:  Upgraded to lynx-2.8.4.
n/mailx-8.1.1-i386-1.tgz:  Recompiled, added slack-desc.
n/tcpdump-3.7.1-i386-1.tgz:  Upgraded to libpcap-0.7.1 and tcpdump-3.7.1.
n/ytalk-3.1.1-i386-1.tgz:  Patched to put ytalkrc in /etc.
----------------------------
Tue Feb 26 20:07:31 PST 2002
n/autofs-3.1.7-i386-1.tgz:  Recompiled, added slack-desc.
n/bind-9.2.0-i386-1.tgz:  Upgraded to ISC bind-9.2.0.
n/bootp-2.4.3-i386-1.tgz:  Recompiled, added slack-desc.
n/dhcp-3.0-i386-1.tgz:  Upgraded to ISC dhcp-3.0.
n/dhcpcd-1.3.22pl1-i386-1.tgz:  Split out of dhcp package, upgraded to
  dhcpcd-1.3.22-pl1.
n/inn-2.3.2-i386-1.tgz:  Recompiled, added slack-desc.
n/wget-1.8.1-i386-1.tgz:  Upgraded to GNU wget-1.8.1.
----------------------------
Tue Feb 26 13:21:13 PST 2002
a/e2fsprogs-1.26-i386-1.tgz:  Upgraded to e2fsprogs-1.26.
ap/oggutils-1.0rc3-i386-1.tgz:  Upgraded to libao-0.8.2, libogg-1.0rc3,
  libvorbis-1.0rc3, and vorbis-tools-1.0rc3.
n/curl-7.9.4-i386-1.tgz:  Added curl-7.9.4.
----------------------------
Mon Feb 25 22:24:05 PST 2002
ap/enscript-1.6.3-i386-1.tgz:  Upgraded to GNU enscript-1.6.3.
ap/mc-4.5.55-i386-1.tgz:  Upgraded to mc-4.5.55.
e/emacs-21.1-i386-2.tgz:  Recompiled to link with libXaw3d.
e/emacs-info-21.1-i386-2.tgz:  Rebuilt.
e/emacs-leim-21.1-i386-2.tgz:  Rebuilt.
e/emacs-lisp-21.1-i386-2.tgz:  Rebuilt.
e/emacs-misc-21.1-i386-2.tgz:  Rebuilt.
e/emacs-nox-21.1-i386-2.tgz:  Rebuilt.
l/xaw3d-1.5-i386-2.tgz:  Recompiled, works.
t/tetex-1.0.7-i386-1.tgz:  Added slack-desc, merged into tree.
t/tetex-bin-1.0.7-i386-1.tgz:  Added slack-desc, merged into tree.
t/tetex-doc-1.0.7-i386-1.tgz:  Added slack-desc, merged into tree.
t/transfig-3.2.3d-i386-1.tgz:  Upgraded to transfig-3.2.3d.
t/xfig-3.2.3d-i386-1.tgz:  Upgraded to xfig-3.2.3d.
tcl/expect-5.34-i386-1.tgz:  Upgraded to expect-5.34.
----------------------------
Mon Feb 25 14:06:20 PST 2002
a/kernel-modules-2.4.17-i386-4.tgz:  Load ide-scsi module by default.  If you
  have an IDE based CD-R, CD-RW, DVD-R, or other IDE/ATAPI burner you need this
  module to allow your IDE device to emulate a SCSI device, since all the Linux
  media-burning applications expect a SCSI device.  This is actually not a
  handicap in any way -- several applications (like cdparanoia in many cases)
  may work better with SCSI emulation than with the native ATAPI CDROM driver.
  Note that you must prevent the ATAPI driver from grabbing the device at boot
  with a kernel parameter like this (perhaps in LILO's append=""): hdc=ide-scsi
ap/cdrtools-1.11a15-i386-1.tgz:  Upgraded to cdrtools-1.11a15, needed for recent
  CD-RW/DVD burners.
ap/jove-4.16-i386-1.tgz:  Recompiled, added slack-desc.
ap/lvm-1.0.3-i386-1.tgz:  Upgraded to lvm_1.0.3.
ap/man-pages-1.47-i386-1.tgz:  Upgraded to man-pages-1.47.
ap/mysql-3.23.49-i386-1.tgz:  Upgraded to mysql-3.23.49.
f/linux-faqs-20020225-i386-1.tgz:  Upgraded to latest FAQs off ibiblio.org.
f/linux-howtos-20020208-i386-1.tgz:  Upgraded to the 2002-02-08 HOWTOs.
f/linux-mini-howtos-20020208-i386-1.tgz:  Upgraded to the 2002-02-08 mini-HOWTOs.
xap/netscape-6.2.1-i686-2.tgz:  Fixed /usr/bin/netscape startup script.
----------------------------
Sun Feb 24 16:24:26 PST 2002
a/bin-8.2-i386-2.tgz:  Rebuilt to remove obsolete makewhatis.
a/devs-2.3.1-i386-1.tgz:  Make sure all the supported IDE devices are present.
  Update MAKEDEV, and patch it further to support all the IDE devices listed
  in the devices.txt in 2.4.17.
a/minicom-2.00.0-i386-1.tgz:  Upgraded to minicom-2.00.0.
ap/a2ps-4.13b-i386-2.tgz:  Recompiled, added slack-desc.
ap/amp-0.7.6-i386-1.tgz:  Recompiled, split out of mp3 package.
ap/groff-1.17.2-i386-1.tgz:  Upgraded to GNU groff-1.17.2.
ap/ispell-3.2.06-i386-1.tgz:  Upgraded to ispell-3.2.06.
ap/joe-2.9.7-i386-1.tgz:  Upgraded to joe-2.9.7.
ap/man-1.5j-i386-1.tgz:  Upgraded to man-1.5j.
ap/mpg123-0.59r-i386-1.tgz:  Recompiled, split out of mp3 package.
ap/mt-st-0.7-i386-1.tgz:  Upgraded to mt-st-0.7.
ap/quota-2.00-i386-2.tgz:  Recompiled, added slack-desc.
ap/raidtools-0.90-i386-2.tgz:  Recompiled, added slack-desc.
ap/sc-7.15-i386-1.tgz:  Upgraded to sc-7.15.
ap/seejpeg-1.10-i386-1.tgz:  Recompiled, added slack-desc.
ap/sox-12.17.3-i386-1.tgz:  Upgraded to sox-12.17.3.
n/imapd-4.44-i386-2.tgz:  Recompiled with SSL support.
n/mutt-1.2.5.1-i386-2.tgz:  Recompiled with SSL support.
n/pine-4.44-i386-2.tgz:  Recompiled with SSL support.
----------------------------
Sat Feb 23 21:33:35 PST 2002
ap/ash-0.2-i386-1.tgz:  Use GNU make, not pmake.  Recompiled, added
  slack-desc.
ap/bc-1.06-i386-1.tgz:  Recompiled, added slack-desc.
ap/cdparanoia-IIIalpha9.8-i386-1.tgz:  Recompiled, added slack-desc.
ap/cdrdao-1.1.5-i386-2.tgz:  Upgraded pccts, recompiled, added slack-desc.
ap/jed-B0.99_15-i386-1.tgz:  Upgraded to jed-B0.99-15.
ap/ksh93-20011031-i386-1.tgz:  Upgraded to the Halloween 2001 release of ksh93.
ap/rpm-4.0.2-i386-2.tgz:  Recompiled, added slack-desc.
ap/screen-3.9.11-i386-1.tgz:  Upgraded to GNU screen-3.9.11.
ap/texinfo-4.0-i386-1.tgz:  Recompiled, added slack-desc.
ap/workbone-2.40-i386-1.tgz:  Recompiled, added slack-desc.
d/perl-5.6.1-i386-2.tgz:  Recompiled, patched DB_File modules to build
  correctly, upgraded modules DBI-1.21 and libnet-1.0704.
  D series completely rebuilt.  Wow. :)
d/pmake-2.1.35-i386-2.tgz:  Fixed path bug.
l/glib-1.2.10-i386-1.tgz:  Recompiled, added slack-desc, moved under /usr.
  The policy from now on for any of these formerly GNOME-related libs is that if
  they don't actually link with a GNOME library then they belong under /usr where
  under things can find them more easily.
l/glibc-2.2.5-i386-1.tgz:  Removed the libndbm.* synlinks in /usr/lib.
  OK, I should have used a new build number, but I didn't want to muck
  with all of these... :)
l/gtk+-1.2.10-i386-2.tgz:  Recompiled, added slack-desc, moved under /usr.
xap/imagemagick-5.4.3_5-i386-1.tgz:  Upgraded to ImageMagick-5.4.3-5.
xap/netscape-6.2.1-i686-1.tgz:  Upgraded to netscape-6.2.1.
xap/xlockmore-5.03-i386-1.tgz:  Upgraded to xlockmore-5.03.
----------------------------
Fri Feb 22 21:10:09 PST 2002
a/bash-2.05a-i386-2.tgz:  Added /usr/bin/bash -> /bin/bash symlink.
a/less-358-i386-2.tgz:  The new version of tar changes the bzip2 option
  from -y to -j, so this needs to change in lesspipe.sh (and probably
  many other places I haven't yet found).  I thought about just patching
  tar to accept -y, but it's better to just accept the new scheme...
d/byacc-1.9-i386-1.tgz:  Recompiled, added slack-desc.
d/cvs-1.11.1p1-i386-1.tgz:  Recompiled, added slack-desc.
d/flex-2.5.4a-i386-1.tgz:  Recompiled, added slack-desc.
d/gcc-2.95.3-i386-2.tgz:  Recompiled, added slack-desc.
d/gcc-g++-2.95.3-i386-2.tgz:  Recompiled, added slack-desc.
d/gcc-g77-2.95.3-i386-2.tgz:  Recompiled, added slack-desc.
d/gcc-objc-2.95.3-i386-2.tgz:  Recompiled, added slack-desc.
d/gcl-2.4.0-i386-1.tgz:  Added slack-desc, merged into tree.
d/gdb-5.1.1-i386-1.tgz:  Upgraded to gdb-5.1.1.
d/p2c-1.21alpha2-i386-1.tgz:  Patched for glibc2, recompiled, added
  slack-desc.
d/pmake-2.1.35-i386-1.tgz:  Upgraded to pmake-2.1.35, added slack-desc.
d/rcs-5.7-i386-1.tgz:  Recompiled, added slack-desc.
d/strace-4.4-i386-1.tgz:  Upgraded to strace-4.4, added slack-desc.
extra/gcc-3.0.4/:  Added new gcc-3.0.4 packages:
  gcc-3.0.4-i386-1.tgz, gcc-g++-3.0.4-i386-1.tgz, 
  gcc-g77-3.0.4-i386-1.tgz, gcc-java-3.0.4-i386-1.tgz,
  gcc-objc-3.0.4-i386-1.tgz
  If you use these (which I don't personally recommend) be aware that
  all C++ related shared libraries (including anything having to do with
  Qt and KDE) must be recompiled before you can link with them.
  I may stick with gcc-2.95.x until the kernel is gcc-3 ready.
----------------------------
Thu Feb 21 22:36:20 PST 2002
a/apmd-3.0.2-i386-1.tgz:  Split out of bin, added slack-desc.
  Upgraded to apmd-3.0.2.
a/bin-8.2-i386-1.tgz:  This is the collection of all the things in the
  old "bin" package for which I could find no upgrades.  As these things
  appear fairly stable, I'll leave them here for now.  I am considering
  moving some of them (like indent and patch to the D series), but that's
  not terribly crucial.
a/cpio-2.4.2-i386-1.tgz:  Recompiled, added slack-desc.
a/cxxlibs-6.2-i386-1.tgz:  Added slack-desc, merged into tree.
a/dcron-2.3.3-i386-1.tgz:  Split out of bin into a separate package.
  Fix problem where user creates /var/spool/cron/crontabs/<user>.new
  using 'crontab -', exits with control-c, and then crontab refuses to
  overwrite the junk file.
a/gawk-3.1.0-i386-1.tgz:  Split out of bin, upgraded to gawk-3.1.0.
a/getty-ps-2.0.7j-i386-1.tgz:  Recompiled, added slack-desc.
a/hdparm-4.6-i386-1.tgz:  Split out of bin, added slack-desc.
a/isapnptools-1.26-i386-1.tgz:  Upgraded to isapnptools-1.26, renamed from
  isapnp, added slack-desc.
a/kernel-modules-2.4.17-i386-3.tgz:  No longer load ppp_deflate.o by
  default in rc.modules, as the new modutils whine that it "taints" the
  kernel.  The module is under a standard BSD license, so I suspect this
  problem will go away in the future.  We'll see.
a/lilo-22.1-i386-1.tgz:  Upgraded to lilo-22.1, fixes to liloconfig
  to work with the new fdisk (where "Linux native" partitions are
  now simply called "Linux" partitions).
a/pciutils-2.1.9-i386-1.tgz:  Upgraded to pciutils-2.1.9.
pkgtools-8.0.4-i386-1.tgz:  Fixed a bug where only the first slack-desc
  would be found when installing multiple packages without .txt files.
  Added --linkadd and --chown options to makepkg.
  Reported/suggested by David Nordenberg.
  Patches to use tar-1.13 if it's around, and to complain if it isn't.
a/tar-1.13.25-i386-1.tgz:  Upgraded to GNU tar-1.13.25.  We still keep a
  tar-1.13 binary around for the Slackware package utilities to use, because
  the new tar wipes out symbolic links to directories when untarring.  (Try
  making /opt a link to /usr/opt and untarring a KDE package and you'll see
  the effect).  Nevertheless, tar-1.13.25 appears better overall.
a/tcsh-6.11-i386-1.tgz:  Upgraded to tcsh-6.11.
a/umsdos-progs-1.13-i386-1.tgz:  Added slack-desc, merged into tree.
a/util-linux-2.11n-i386-2.tgz:  Move /usr/bin/tput into here from bin.tgz
  since it's the /usr/bin/clear included here that needs it.
xap/fvwm95-2.0.43ba-i386-1.tgz:  Moved asapm from the bin package into here
  since it's only used by system.fvwm95rc-apm-battery.  Recompiled (which took
  a lot of #include <time.h> patches).  Added slack-desc.
----------------------------
Tue Feb 19 20:34:45 PST 2002
a/bzip2-1.0.2-i386-1.tgz:  Upgraded to bzip2-1.0.2.
a/elvis-2.1_4-i386-1.tgz:  Recompiled, added slack-desc.
a/fileutils-4.1-i386-1.tgz:  Renamed from fileutls, recompiled, added
  slack-desc.
a/findutils-4.1-i386-1.tgz:  Renamed from "find", recompiled, added slack-desc.
a/grep-2.4.2-i386-1.tgz:  Recompiled, added slack-desc.
a/infozip-5.50-i386-1.tgz:  Recompiled zip-2.3, upgraded to unzip-550, added
  slack-desc.
a/less-358-i386-1.tgz:  Recompiled, added slack-desc.
a/procps-2.0.7-i386-1.tgz:  Recompiled, upgraded to psmisc-20.2, added 
  slack-desc.
a/sh-utils-2.0-i386-1.tgz:  Renamed from sh_utils, recompiled, added slack-desc.
a/textutils-2.0-i386-1.tgz:  Renamed from txtutils, recompiled, added
  slack-desc.
----------------------------
Mon Feb 18 19:33:17 PST 2002
a/floppy-5.4-i386-1.tgz:  Recompiled, upgraded to mtools-3.9.8, first
  versioned (5.4) package, added slack-desc.
a/gettext-0.11-i386-1.tgz:  Upgraded to gettext-0.11, created minimal gettext
  package as recommended in the docs.
a/kbd-1.06-i386-2.tgz:  Don't install a default rc.font.
a/loadlin-1.6b-i386-1.tgz:  Added slack-desc, merged into tree.
a/shadow-19990827-i386-1.tgz:  Recompiled, added slack-desc.
a/sysvinit-2.84-i386-4.tgz:  Edited /etc/rc.d/rc.S to do a better job of
  cleaning up /var/run/.  In particular, get rid of old pppd databases that may
  produce spurious error messages in the logs.  Thanks to Daniel T. Drea for
  helping spot this problem. :)
d/autoconf-2.52-i386-1.tgz:  Upgraded to GNU autoconf-2.52.
d/automake-1.5-i386-1.tgz:  Upgraded to GNU automake-1.5.
d/bison-1.33-i386-1.tgz:  Upgraded to GNU bison-1.33.
d/gettext-tools-0.11-i386-1.tgz:  Upgraded to gettext-0.11, created new
  gettext-tools package for the development tools as recommended in the docs.
d/libtool-1.4.2-i386-1.tgz:  Upgraded to GNU libtool-1.4.2.
d/m4-1.4-i386-1.tgz:  Recompiled, added slack-desc.
n/sendmail-8.12.2-i386-2.tgz:  Fix chown bug in the install script.
n/sendmail-cf-8.12.2-i386-2.tgz:  Automated rebuild.
----------------------------
Sun Feb 17 19:24:30 PST 2002
a/kernel-modules-2.4.17-i386-2.tgz:  Added pcmcia-cs modules for linux-2.2.17.
a/pcmcia-cs-3.1.31-i386-1.tgz:  Upgraded to pcmcia-cs-3.1.31.
----------------------------
Fri Feb 15 01:27:39 PST 2002
a/devfsd-1.3.23-i386-1.tgz:  Upgraded to devfsd-1.3.23.
----------------------------
Thu Feb 14 23:24:29 PST 2002
a/gpm-1.19.3-i386-1.tgz:  Edited mouse setup menu, added slack-desc.
a/sysklogd-1.4.1-i386-1.tgz:  Recompiled, added slack-desc.
a/sysvinit-2.84-i386-3.tgz:  Start lpd later in rc.M.
n/tcpip-0.17-i386-2.tgz:  Remove lpd from rc.inet2, since it's
  already in rc.M.
----------------------------
Thu Feb 14 22:48:13 PST 2002
a/etc-4.7-i386-1.tgz:  Added slack-desc, merged into tree.
  Added smmsp user/group for sendmail, update /etc/services.
----------------------------
Thu Feb 14 22:12:42 PST 2002
a/kbd-1.06-i386-1.tgz:  Added slack-desc, merged into tree.
a/modutils-2.4.13-i386-1.tgz:  Upgraded to modutils-2.4.13.
----------------------------
Thu Feb 14 21:34:15 PST 2002
a/gzip-1.3.2-i386-1.tgz:  Upgraded to gzip-1.3.2.
a/util-linux-2.11n-i386-1.tgz:  Upgraded to util-linux-2.11n.
d/make-3.79.1-i386-1.tgz:  Renamed (was gmake), recompiled, added
  slack-desc.
kde/kdepim-2.2.2-i386-3.tgz:  Removed /usr/lib/python* stuff that
  shouldn't have been there.
l/gdbm-1.8.0-i386-1.tgz:  Added slack-desc, merged into tree.
l/libgr-2.0.13-i386-1.tgz:  Added slack-desc, merged into tree.
l/libjpeg-6b-i386-1.tgz:  Recompiled, renamed (was "jpeg6"), added
  slack-desc file.
l/libpng-1.2.1-i386-1.tgz:  Upgraded to libpng-1.0.12 (.so.2) and
  libpng-1.2.1 (.so.3).
l/libtermcap-1.2.3-i386-1.tgz:  Upgraded to libtermcap-1.2.3.
l/libtiff-3.5.7-i386-1.tgz:  Upgraded to libtiff-3.5.7.
l/ncurses-5.2-i386-1.tgz:  Recompiled, added slack-desc.
l/slang-1.4.5-i386-1.tgz:  Upgraded to slang-1.4.5.
l/svgalib-1.4.3-i386-1.tgz:  Recompiled, added slack-desc.
l/zlib-1.1.3-i386-1.tgz:  Recompiled, added slack-desc.
n/iptables-1.2.5-i386-1.tgz:  Upgraded to iptables-1.2.5.  (Jan Rafaj
  did most of the work building this one... thanks :)
n/rdist-6.1.5-i386-1.tgz:  Recompiled, added slack-desc.
n/tcpip-0.17-i386-1.tgz:  Recompiled, renamed from tcpip1, first
  versioned (0.17) package.  Comment out services telnet, rlogin, rsh,
  netbios-ssn, and netbios-ns in inetd.conf.  Add commented out swat
  example.  Numerous additions to /etc/services.
----------------------------
Thu Feb 14 00:20:32 PST 2002
a/sysvinit-2.84-i386-2.tgz:  In rc.6, stop Samba at shutdown.
  Modify rc.M for sendmail, which now requires separately started MTA
  and queue runner processes.
ap/zsh-4.0.4-i386-1.tgz:  Upgraded to zsh-4.0.4.
d/bin86-0.16.1-i386-1.tgz:  Upgraded to bin86-0.16.1.
d/binutils-2.11.93.0.2-i386-1.tgz:  Upgraded to binutils-2.11.93.0.2.
d/python-2.2-i386-1.tgz:  Upgraded to Python-2.2.
kde/libxml2-2.4.15-i386-1.tgz:  Upgraded to libxml2-2.4.15.
kde/libxslt-1.0.12-i386-1.tgz:  Upgraded to libxslt-1.0.12.
l/readline-4.2a-i386-1.tgz:  Upgraded to readline-4.2a.
tcl/hfsutils-3.2.6-i386-1.tgz:  Added slack-desc, merged into tree.
tcl/tcl-8.3.4-i386-1.tgz:  Upgraded to tcl-8.3.4.
tcl/tclx-8.3-i386-1.tgz:  Recompiled tclx-8.3 against new Tcl/Tk.
tcl/tix-8.1.3-i386-1.tgz:  Upgraded to tix-8.1.3.
tcl/tk-8.3.4-i386-1.tgz:  Upgraded to tk-8.3.4.
----------------------------
Wed Feb 13 16:11:23 PST 2002
Moved to slackware/l (libraries) from slackware/d (devel):
  gdbm-0.0-i386-1.tgz (0.0 are packages unchanged from Slackware 8.0),
  glibc-2.2.5-i386-1.tgz,
  glibc-i18n-2.2.5-i386-1.tgz,
  jpeg6-0.0-i386-1.tgz,
  libgr-0.0-i386-1.tgz,
  libpng-0.0-i386-1.tgz,
  libtiff-0.0-i386-1.tgz,
  ncurses-0.0-i386-1.tgz,
  readline-0.0-i386-1.tgz,
  slang-0.0-i386-1.tgz,
  svgalib-0.0-i386-1.tgz,
  termcap-0.0-i386-1.tgz,
  zlib-0.0-i386-1.tgz
----------------------------
Wed Feb 13 14:35:05 PST 2002
a/aaa_base-8.0.8-i386-1.tgz:  Remove /usr/include/{asm,linux} symlinks.
  Chmod 700 /var/man/cat* since there's no safe way to cache those.
  (IMHO, various attempts to make man a setuid or gid binary are a joke)
a/bash-2.05a-i386-1.tgz:  Upgraded to GNU bash-2.05a.
a/kernel-ide-2.4.17-i386-1.tgz:  Added IDE 2.4.17 Linux kernel image.
a/pkgtools-8.0.3-i386-1.tgz:  Support changes from below (change
  "slakware" directory to "slackware", get rid of the "1" on the end of
  the subdirectories contained within, and change the name of the
  package list in each directory from disk*1 to package-list.txt)
a/reiserfsprogs-3.x.1a-i386-1.tgz:  Upgraded to reiserfsprogs-3.x.1a.
d/kernel-headers-2.4.17-i386-1.tgz:  Added package that puts a copy of
  the kernel headers under /usr/include instead of using symlinks to the
  kernel source in /usr/src/linux.
n/procmail-3.22-i386-1.tgz:  Upgraded to procmail-3.22.
n/rsync-2.5.2-i386-1.tgz:  Upgraded to rsync-2.5.2.
k/kernel-source-2.4.17-i386-1.tgz:  Added 2.4.17 Linux kernel source.
extra/cups-1.1.14/:  Upgraded to CUPS 1.1.14.
----------------------------
Tue Feb 12 13:10:33 PST 2002
Change "slakware" directory to "slackware", get rid of the "1" on the
end of the subdirectories contained within, and change the name of the
package list in each directory from disk*1 to package-list.txt.
e/emacs-lisp-21.1-i386-1.tgz:  Edit slack-desc.
l/lesstif-0.93.18-i386-1.tgz:  Upgraded to lesstif-0.93.18.
----------------------------
Mon Feb 11 16:27:35 PST 2002
ap1/ifhp-3.5.3-i386-1.tgz:  Merged into tree.
n1/proftpd-1.2.5rc1-i386-1.tgz:  Upgraded to proftpd-1.2.5rc1.  This was
  compiled using the --enable-autoshadow feature, and has an example of
  "PersistentPasswd off" usage (must be uncommented) in the proftpd.conf
  which, according to Felix Radensky, should fix the problem of ProFTPD
  not working with NIS/NIS+.  Thanks Felix! :)
l1/libungif-4.1.0b1-i386-1.tgz:  Added libungif-4.1.0b1 package to new
  "L" series.  This new series will contain libraries that don't fit into
  another series.  For example, libungif is being placed here because both
  KDE and GNOME require it;  libraries specific to KDE or GNOME will remain
  in that series.
l1/xaw3d-1.5-i386-1.tgz:  Upgraded to Xaw3d-1.5.
extra/gcc-3.0.3-i386-1.tgz:  Merged into tree.
----------------------------
Sat Feb  9 17:26:25 PST 2002
kde1/audiofile-0.2.3-i386-2.tgz:  Added slack-desc, merged into tree.
  Since GNOME also uses this, we might need a new location for it.
kde1/htdig-3.1.5-i386-3.tgz:  Added slack-desc, merged into tree.
kde1/kde-i18n-*.tgz:  Merged KDE 2.2.2 i18n packages.
kde1/kdeaddons-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdeadmin-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdeartwork-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdebase-2.2.2-i386-2.tgz:  Merged, added (optional) CUPS support.
kde1/kdegames-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdegraphics-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdelibs-2.2.2-i386-2.tgz:  Merged, added (optional) CUPS support.
kde1/kdemultimedia-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdenetwork-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdepim-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdesdk-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdetoys-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdeutils-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdevelop-2.0.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/kdoc-2.2.2-i386-2.tgz:  Added slack-desc, merged into tree.
kde1/koffice-1.1.1-i386-2.tgz:  Edited slack-desc, merged into tree.
kde1/koffice-i18n-*-1.1.1-i386-2.tgz:  Edited slack-desc, merged into tree.
kde1/libxml2-2.4.14-i386-1.tgz:  Upgraded to libxml2-2.4.14.
kde1/libxslt-1.0.11-i386-1.tgz:  Upgraded to libxslt-1.0.11.
kde1/qt-2.3.2-i386-1.tgz:  Upgraded to qt-2.3.2.
extra/cups-1.1.13:  Added CUPS (alternate print spooler) in new /extra
  directory.  This is so nicely integrated into KDE that it has to at
  least be an option. :)
----------------------------
Thu Feb  7 22:18:53 PST 2002
a1/bin-8.0.0-i386-1.tgz:  Merged bin package, with "at" split out.
a1/lprng-3.8.5-i386-1.tgz:  Merged into tree. (replaces lpr)
a1/openssl-solibs-0.9.6c-i386-1.tgz:  Merged into tree.
a1/pkgtools-8.0.2-i386-4.tgz:  Merged into tree. (replaces hdsetup)
a1/sysvinit-2.84-i386-1.tgz:  Upgraded to sysvinit-2.84.
ap1/at-3.1.8-i386-1.tgz:  Merged into tree.
ap1/sudo-1.6.5p1-i386-1.tgz:  Merged into tree.
ap1/vim-6.0-i386-1.tgz:  Added slack-desc, merged into tree.
e1/emacs-21.1-i386-1.tgz:  Added slack-desc, merged into tree.
e1/emacs-info-21.1-i386-1.tgz:  Added slack-desc, merged into tree.
e1/emacs-leim-21.1-i386-1.tgz:  Added slack-desc, merged into tree.
e1/emacs-lisp-21.1-i386-1.tgz:  Added slack-desc, merged into tree.
e1/emacs-misc-21.1-i386-1.tgz:  Added slack-desc, merged into tree.
e1/emacs-nox-21.1-i386-1.tgz:  Added slack-desc, merged into tree.
gtk1/xvim-6.0-i386-1.tgz:  Added slack-desc, merged into tree.
n1/imapd-4.44-i386-1.tgz:  Merged into tree.
n1/mutt-1.2.5.1-i386-1.tgz:  Merged into tree.
n1/openssh-3.0.2p1-i386-1.tgz:  Merged into tree.
n1/openssl-0.9.6c-i386-1.tgz:  Merged into tree.
n1/pine-4.44-i386-1.tgz:  Merged into tree.
x1/xfree86-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-devel-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-docs-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-docs-html-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-drm-2.4.17-i386-1.tgz:  Merged into tree.
x1/xfree86-fonts-100dpi-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-fonts-cyrillic-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-fonts-misc-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-fonts-scale-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-xnest-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-xprt-4.2.0-i386-1.tgz:  Merged into tree.
x1/xfree86-xvfb-4.2.0-i386-1.tgz:  Merged into tree.
----------------------------
*** Begin merging -current packages into an installable tree
----------------------------
Thu Feb  7 17:58:09 PST 2002
pkgtools-8.0.2/packages/pkgtools-8.0.2-i386-4.tgz:  Fixed a bug in
  installpkg which caused it to not actually install packages if the -menu
  option was used.  Pkgtool works again.
----------------------------
Tue Feb  5 19:27:10 PST 2002
XFree86-4.2.0/packages/xfree86-drm-2.4.17-i686-1.tgz:  Added DRM kernel modules
  for linux 2.4.17 compiled for i686 (which should work for any P2 or better
  processor, including Athlon, etc).  The previous set of -i386 modules only
  worked with an i386/i486 kernel.
LPRng-3.8.5/packages/lprng-3.8.5-i386-1.tgz:  Added LPRng-3.8.5, an enhanced
  print spooler system.
ifhp-3.5.3/packages/ifhp-3.5.3-i386-1.tgz:  Added ifhp-3.5.3, an "Almost
  Universal LPRng Print Filter" designed to work with LPRng to print to
  PostScript, PJL, PCL, and text based line printers.  I'm including this as
  an alternate print filter system, but replacing lpr.tgz with the new LPRng
  package worked with my existing APSfilter system right out of the box, too.
  You get to pick. :)
I've also been looking at CUPS, but couldn't get that working with my HP890C
without Foomatic (which requires additional Perl libraries on the system).
So far LPRng+APSfilter has worked best for me, and was the easiest to get up
and running.
----------------------------
Sat Jan 26 13:42:21 PST 2002
XFree86-4.2.0/:  Added XFree86 4.2.0 packages, including DRM kernel modules
  for linux 2.4.17.  I know we don't ship linux 2.4.17, but you're all running
  it, right? ;)
glibc-2.2.5/:  Added glibc-2.2.5 packages.
----------------------------
Mon Jan 21 13:09:29 PST 2002
at-3.1.8/packages/at-3.1.8-i386-1.tgz:  Fixed a buffer overflow.
(* Security fix *)
pine-4.44/packages/pine-4.44-i386-1.tgz:  Upgraded to pine-4.44.
  This fixes a vulnerability viewing URLs.
(* Security fix *)
pine-4.44/packages/imapd-4.44-i386-1.tgz:  Upgraded to the new imapd that comes
  with pine4.44.
sudo-1.6.5p1/packages/sudo-1.6.5p1-i386-1.tgz:  Upgraded to sudo-1.6.5p1.
  This fixes a vulnerability where the mail system could be exploited.  So far,
  the only working examples of this problem require Postfix to be installed,
  but it's possible that exploits involving other mailers could emerge.
(* Security fix *)
xchat-1.8.7/packages/xchat-1.8.7-i386-1.tgz:  Upgraded to xchat-1.8.7.
  This fixes a problem where an attacker could execute IRC server commands as
  the user running xchat.
(* Security fix *)
----------------------------
Tue Jan 15 12:52:25 PST 2002
openssh-3.0.2p1/packages/openssh-3.0.2p1-i386-1.tgz:
  Upgraded to openssh-3.0.2p1.
openssl-0.9.6c/packages/openssl-0.9.6c-i386-1.tgz:
  Upgraded to openssl-0.9.6c.
openssl-0.9.6c/packages/openssl-solibs-0.9.6c-i386-1.tgz:
  Upgraded to openssl-0.9.6c.  New base package name "openssl-solibs"
  instead of "openssl-shlibs".  Use "%" to upgrade:
  upgradepkg openssl-shlibs%openssl-solibs-0.9.6c-i386-1.tgz
----------------------------
Mon Jan 14 22:22:22 PST 2002
glibc-2.2.4/:  Added glibc-2.2.4 packages.  Some of these are named a bit
    differently than before... now all the glibc packages share the base name
    "glibc" for easy identification.  These are the old and new package names:
       glibc ->  glibc
       glibcso -> glibc-solibs
       glocale -> glibc-i18n
       zoneinfo -> glibc-zoneinfo

  To upgrade these with upgradepkg, the "%" operator must be used to give the
  old base package name if the new one is different, like this:

    upgradepkg glibc-2.2.4-i386-1.tgz
    upgradepkg glibcso%glibc-solibs-2.2.4-i386-1.tgz
    upgradepkg glocale%glibc-i18n-2.2.4-i386-1.tgz
    upgradepkg zoneinfo%glibc-zoneinfo-2.2.4-i386-1.tgz

----------------------------
Wed Jan  9 10:01:38 PST 2002
gcc-3.0.3/:  Upgraded to gcc-3.0.3, fixed install script symlink bugs.
----------------------------
Mon Jan  7 12:43:31 PST 2002
mutt-1.2.5.1/:  Upgraded to mutt-1.2.5.1 to fix a security problem in the
  address handling code.  Mutt users are urged to upgrade as soon as
  possible.
  (* Security fix *)
  PS:  thanks for all the email, and it's good to be back. :)
----------------------------
Tue Dec 18 16:25:26 PST 2001
pkgtools-8.0.2/:  Fix a bug in installpkg where a package contains a
  description but no installation script.  Fix a removepkg bug where packages
  complain of a missing "install/" directory.
koffice-1.1.1/:  Upgraded to KOffice 1.1.1.
----------------------------
Sat Dec 15 15:44:07 PST 2001
pkgtools-8.0.2/:  Added a "Setup" menu choice to pkgtool.  This lets you rerun
  any of the post-install scripts again.  A menu is presented where you toggle
  the ones you want, and then it runs them.  This should be an improvement over
  the old "setup" program that would run all of the scripts whether you wanted
  them all or not.
----------------------------
Fri Dec 14 22:22:08 PST 2001
pkgtools-8.0.2/:  More patches to installpkg/removepkg:
  In the /install directory, reserve any files starting with slack-*.  The first
  such file will be slack-desc, an internal description of the package that will
  be used during installation if no external source is found.
    When creating temporary files, use "$$" to make them unique if multiple
  copies happen to be running.  (This doesn't work yet, but I'm looking in that
  direction).
----------------------------
Sat Dec  8 20:16:42 PST 2001
pkgtools-8.0.1/:  Some patches to fix problems using these tools to do the
  initial system installation.
    In installpkg:
  Initialize the database directories if they are not found.
  Remove some bash-specific syntax.
  Search for package descriptions using the package's base name in addition
  to the filename.
  If a package description is found in a package-version-arch-build.txt file,
  use that instead.
  If a tagfile is specified and says "SKP" for a package, don't install it. :)
    In pkgtool:
  Use a better method of determining if pkgtool is running on the rootdisk.
  When building the View/Remove menus, try to be more backwards compatible with
  older versions of installpkg/pkgtool when parsing the descriptions.
Cleaned out the /attic.
----------------------------
Sun Dec  2 17:56:18 PST 2001
pkgtools-8.0/:  Upgraded to dialog-0.9a-20011202.
sysvinit-2.83/:  In rc.S, use 'reboot -f' instead of 'reboot' if the system
  needs to be restarted after a root partition check.
----------------------------
Sat Dec  1 17:21:17 PST 2001
pkgtools-8.0/:  Fixed package_name() function in upgradepkg and removepkg.  The
  buggy function considered any package name with a dash to be the new
  packagename-version-arch-build format, which caused trouble when packages with
  unexpected naming schemes (like program-0.47.999.tgz or mozilla-0.92.tgz) are
  upgraded or removed on the system.  Now the rule is that a package name must
  contain three dashes (or more) to be considered "new", otherwise it's
  considered "old".  Thanks to mRgOBLIN for helping out with this one. :)
  Patched /sbin/installpkg to handle newer gzip. (based on a suggestion
  from Kent Robotti)
  Patched makepkg to parse ls output better (to handle different ls versions).
----------------------------
Wed Nov 28 10:25:31 PST 2001
pkgtools-8.0/:  Fixed pkgtool package removal bug, and made a couple other
   cosmetic cleanups while I was in there.
----------------------------
Tue Nov 27 13:14:57 PST 2001
proftpd-1.2.4/:  Upgraded to proftpd-1.2.4.
----------------------------
Mon Nov 26 20:23:04 PST 2001
e2fsprogs-1.25/:  Upgraded to e2fsprogs-1.25.
libungif-4.1.0b1/:  Upgraded to libungif-4.1.0b1.  This version fixes a
  bug in libungif-4.1.0 that makes emacs crash if GIF support is compiled
  in.  Now that it should work, I'll consider compiling it in. :)
sysvinit-2.83/:  Upgraded to sysvinit-2.83.
  Made changes to fsck handling in /etc/rc.d/rc.S that are required by
  e2fsprogs, since the -A flag to fsck no longer works as advertised in
  the man page.  The workaround is to check the root partition first, and
  then remount / read-write and initialize /etc/mtab before going on to
  check the other partitions.
----------------------------
Sat Nov 24 13:08:13 PST 2001
openssh-3.0.1p1/:  Upgraded to OpenSSH 3.0.1p1.
kde-2.2.2/:  Upgraded to KDE 2.2.2.
             Upgraded to audiofile-0.2.3.
             Upgraded to libxml2-2.4.10.
             Added libxslt-1.0.7 (XML stylesheet parsing engine
                                 used by KDE's help system)
             Upgraded to pcre-3.7.
pkgtools-8.0/:
  This is intended to replace the "hdsetup.tgz" package, and consists of the
  first round of bugfixes and enhancements to the Slackware package handling
  tools.  Evolutionary not revolutionary, so that everything will remain
  completely backward compatible.
  upgradepkg:  Handles both 8.3 and long (name-version-arch-build.tgz)
             package names.  As long as the base package names for the
             installed and new packages are the same, you can upgrade
             specifying only the new package name instead of having to
             use the old%new notation.
  installpkg/removepkg:  Sets $TMP to be under $ROOT.
  installpkg:  Fix some long-standing bugs when package names ended the same
             (like libc.tgz and glibc.tgz).  Add -ask mode.  Other fixes
             to support usage from pkgtool.
  removepkg:  Understand the concept of a base package name.  Now a package
            may be specified either by the full package name (as you'd
            see listed in /var/log/packages/), or by the base package name.
            For example, the package foo-1.0-i386-1.tgz may be removed with
            any of the following commands:
                removepkg foo-1.0-i386-1.tgz
                removepkg foo-1.0-i386-1
                removepkg foo.tgz
                removepkg foo
  pkgtool:  Removed ancient package installation code -- now calls installpkg
          and removepkg to do the work.  Many fixes that make it nicer to use.
  The setup tools were removed, as they really shouldn't be needed again once
  the system is installed.
  Switched to a different version of dialog:  dialog-0.9a-20011111, maintained
  by Thomas Dickey of ncurses fame.
Moved older versions of KDE and OpenSSL to the "attic" directory to let them
rest before removal.
----------------------------
Tue Nov  6 18:24:34 PST 2001
gcc-3.0.2/:  Added GNU gcc-3.0.2.  This is for testing purposes...
             Slackware packages are still being built with gcc-2.95.3.
htdig-3.1.5/:  Added a patch to resist a DoS attack.
kde-2.2.1/:  Recompiled against openssl-0.9.6b, fixed "help" problems.
             Many thanks to George Staikos for helping debug my build. :)
koffice-1.1/:  Rebuilt against rebuilt kde-2.2.1.
openssh-2.9.9p2/:  Upgraded to openssh-2.9.9p2, built against openssl-0.9.6b.
openssl-0.9.6b/:  Upgraded to openssl-0.9.6b.
NOTES:  Before upgrading KDE, first upgrade htdig, openssl and openssh.
----------------------------
Mon Oct 22 13:55:59 PDT 2001
emacs-21.1/:  Added source and packages for GNU Emacs 21.1.
----------------------------
Sun Sep 30 10:30:06 PDT 2001
vim-6.0/:  Added source and packages (standard and GTK+ enabled) for the latest
           version of Vim.
----------------------------
Mon Sep 24 11:43:48 PDT 2001
koffice-1.1/:  Added source and packages for KOffice.  I forgot to upload that
               with the KDE-2.2.1 batch before... sorry.
----------------------------
Fri Sep 21 15:01:21 PDT 2001
Started new -current directory.  For now, this will be used to hold upgrades to
Slackware 8.0, starting with KDE-2.2.1.  I used the long package name format
that's been used in the Slackware ports (name-version-arch-build.tgz) and
which will be the default format in slackware-next.

Have fun!