Slackware ChangeLogs
Slackware Logo


Security Advisories



General Info

Get Slack

Install Help






Other Sites



Mailing Lists


Current (pre-release) ChangeLog for S/390
Mon Sep 28 18:49:31 EDT 2009
       This update fixes a security issue where a zero byte embedded in an SSL
       or TLS certificate could fool cURL into validating the security of a
       connection to a system that the certificate was not issued for. It has
       been reported that at least one Certificate Authority allowed such
       certificates to be issued.
       For more information, see:
       (* Security fix *)

Sun Aug 9 15:36:29 EDT 2009
patches/packages/bind-9.4.3_P3-s390-1_slack10.1.tgz: Upgraded.
       This BIND update fixes a security problem where a specially crafted
       dynamic update message packet will cause named to exit resulting in
       a denial of service.
       An active remote exploit is in wide circulation at this time.
       For more information, see:
       (* Security fix *)
patches/packages/dhcp-3.1.2p1-s390-1_slack10.1.tgz: Upgraded.
       A stack overflow vulnerability was fixed in dhclient that could allow
       remote attackers to execute arbitrary commands as root on the system,
       or simply terminate the client, by providing an over-long subnet-mask
       For more information, see:
       (* Security fix *)
patches/packages/fetchmail-6.3.11-s390-1_slack10.1.tgz: Upgraded.
       This update fixes an SSL NUL prefix impersonation attack through NULs in a
       part of a X.509 certificate's CommonName and subjectAltName fields.
       For more information, see:
       (* Security fix *)
patches/packages/samba-3.0.36-s390-1_slack10.1.tgz: Upgraded.
       This is a bugfix release.

Sun Jun 28 13:22:34 EDT 2009
       This upgrade fixes the following security issue:
       o CVE-2009-1888:
       In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
       data value can potentially affect access control when "dos filemode"
       is set to "yes".
       For more information, see:
       (* Security fix *)
patches/packages/libpng-1.2.37-s390-1_slack10.1.tgz: Upgraded.
       This update fixes a possible security issue. Jeff Phillips discovered an
       uninitialized-memory-read bug affecting interlaced images that may have
       security implications.
       For more information, see:
       (* Security fix *)

Sun Jun 7 19:06:22 EDT 2009
       Patched a stack-based buffer overflow in the cookedprint function in
       ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
       execution by a malicious remote NTP server.
       For more information, see:
       (* Security fix *)

Fri May 29 15:08:19 EDT 2009
       Upgraded to xpdf-3.02pl3.
       This update fixes several overflows that may result in crashes or the
       execution of arbitrary code as the xpdf user.
       For more information, see:
(* Security fix *)

Tue Apr 28 14:46:22 EDT 2009
patches/packages/lcms-1.18-s390-1_slack10.1.tgz: Upgraded to lcms-1.18.
       This update fixes security issues discovered in LittleCMS by Chris Evans.
       These flaws could cause program crashes (denial of service) or the execution
       of arbitrary code as the user of the lcms-linked program.
       For more information, see:
       (* Security fix *)

Sun Mar 22 16:53:15 EDT 2009
       Upgraded to apache-1.3.41, the last regular release of the
       Apache 1.3.x series, and a security bugfix-only release.
       For more information about the security issues fixed, see:
       (* Security fix *)
       Upgraded to bind-9.3.6-P1.
       Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
       DSA_do_verify functions to prevent spoofing answers returned from zones using
       the DNSKEY algorithms DSA and NSEC3DSA.
       For more information, see:
       (* Security fix *)
patches/packages/bzip2-1.0.5-s390-1_slack10.1.tgz: Upgraded to bzip2-1.0.5.
       Previous versions of bzip2 contained a buffer overread error that could cause
       applications linked to libbz2 to crash, resulting in a denial of service.
       For more information, see:
       (* Security fix *)
       Patched cups-1.1.23.
       Errors in ipp.c may allow a remote attacker to crash CUPS resulting
       in a denial of service.
       For more information, see:
       (* Security fix *)
       Patched curl-7.12.2.
       This fixes a security issue where automatic redirection could be made to
       follow file:// URLs, reading or writing a local instead of remote file.
       For more information, see:
       (* Security fix *)
       Upgraded to dnsmasq-2.45.
       It was discovered that earlier versions of dnsmasq have DNS cache
       weaknesses that are similar to the ones recently discovered in BIND.
       This new release minimizes the risk of cache poisoning.
       For more information, see:
       (* Security fix *)
       Patched to fix a possible denial of service when "-v -v" options are used.
       For more information, see:
       (* Security fix *)
       Upgraded to tzdata2008h for the latest world timezone changes.
       Upgraded to libpng-1.2.35.
       This fixes multiple memory-corruption vulnerabilities due to a failure to
       properly initialize data structures.
       For more information, see:
       (* Security fix *)
       Upgraded to libxml2-2.6.32 and patched.
       This fixes vulnerabilities including denial of service, or possibly the
       execution of arbitrary code as the user running a libxml2 linked application
       if untrusted XML content is parsed.
       For more information, see:
       (* Security fix *)
patches/packages/m4-1.4.11-s390-1_slack10.1.tgz: Upgraded to m4-1.4.11.
       In addition to bugfixes and enhancements, this version of m4 also fixes two
       issues with possible security implications. A minor security fix with the
       use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
       (rather unlikely) possibility that an unquoted string could match an
       existing macro causing operations to be done on the wrong file. Also,
       a problem with the '-F' option (introduced with version 1.4) could cause a
       core dump or possibly (with certain file names) the execution of arbitrary
       code. For more information on these issues, see:
       (* Security fix *)
       Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
       [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
       For more information, see:
       (* Security fix *)
       Upgraded to openssh-5.0p1.
       This version fixes a security issue where local users could hijack forwarded
       X connections. Upgrading to the new package is highly recommended.
       For more information on this security issue, please see:
       (* Security fix *)
       Upgraded to 2.4.5 and patched overflows and other security problems.
       For more information, see:
       (* Security fix *)
patches/packages/python-demo-2.4.5-noarch-1_slack10.1.tgz: Upgraded.
patches/packages/python-tools-2.4.5-noarch-1_slack10.1.tgz: Upgraded.
       Patched some security bugs.
       For more information, see:
       (* Security fix *)
       Upgraded to samba-3.0.33.
       This package fixes an important barrier against rogue clients reading from
       uninitialized memory (though no proof-of-concept is known to exist).
       For more information, see:
       (* Security fix *)
       Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
       This new version fixes an integer overflow in the BGP dissector which
       could possibly allow remote attackers to crash tcpdump or to execute
       arbitrary code.
       For more information, see:
       (* Security fix *)
       Recompiled, with --without-speex (we didn't ship the speex library in
       Slackware anyway, but for reference this issue would be CVE-2008-1686),
       and with --disable-nosefart (the recently reported as insecurely
       demuxed NSF format). As before in -2, this package fixes the two
       regressions mentioned in the release notes for xine-lib-1.1.12:
       (* Security fix *)
       Upgraded to xpdf-3.02pl2.
       The pl2 patch fixes a crash in xpdf.
       Some theorize that this could be used to execute arbitrary code if an
       untrusted PDF file is opened, but no real-world examples are known (yet).
       For more information, see:
       (* Security fix *)

Mon May 28 04:33:54 EDT 2007
       Upgraded to samba-3.0.25a. This fixes some major (non-security) bugs in
       samba-3.0.25. See the WHATSNEW.txt for details.

Thu May 17 02:30:53 EDT 2007
       Upgraded to libpng-1.2.18.
       A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
       libpng applications. This vulnerability has been assigned the identifiers
       CVE-2007-2445 and CERT VU#684664.
       For more information, see:
       (* Security fix *)
       Upgraded to samba-3.0.25.
       Security Fixes included in the Samba 3.0.25 release are:
       o CVE-2007-2444
       Versions: Samba 3.0.23d - 3.0.25pre2
       Local SID/Name translation bug can result in
       user privilege elevation
       o CVE-2007-2446
       Versions: Samba 3.0.0 - 3.0.24
       Multiple heap overflows allow remote code execution
       o CVE-2007-2447
       Versions: Samba 3.0.0 - 3.0.24
       Unescaped user input parameters are passed as
       arguments to /bin/sh allowing for remote command
       For more information, see:
       (* Security fix *)
patches/packages/x11-6.8.1-s390-7_slack10.1.tgz: Fixed some bugs in the
       fontconfig upgrade... Put cache files in /var/cache/fontconfig, not
       /var/X11R6/var/cache/fontconfig. Properly locate and compress fontconfig
       man pages. Thanks to Eef Hartman for pointing these out.
       Replaced freetype library with freetype-2.3.4.
       This fixes an overflow parsing BDF fonts.
       For more information, see:
       (* Security fix *)
       Upgraded to fontconfig-2.4.2.
       Replaced freetype library with freetype-2.3.4.
       This fixes an overflow parsing BDF fonts.
       For more information, see:
       (* Security fix *)
       Upgraded to fontconfig-2.4.2.
patches/packages/x11-xdmx-6.8.1-s390-7_slack10.1.tgz: Recompiled.
patches/packages/x11-xnest-6.8.1-s390-7_slack10.1.tgz: Recompiled.
patches/packages/x11-xvfb-6.8.1-s390-7_slack10.1.tgz: Recompiled.
       Upgraded to xine-lib-1.1.6.
       This fixes overflows in xine-lib in some little-used media formats in
       xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in
       xine-lib < 1.1.5 could definitely cause an application using xine-lib to
       crash, and it is theorized that a malicious media file could be made to run
       arbitrary code in the context of the user running the application.
       For more information, see:
       (* Security fix *)

Wed Apr 4 13:55:57 EDT 2007
       Upgraded to file-4.20.
       This fixes a heap overflow that could allow code to be executed as the
       user running file (note that there are many scenarios where file might be
       used automatically, such as in virus scanners or spam filters).
       For more information, see:
       (* Security fix *)

Sat Mar 17 11:44:49 EDT 2007
       Upgraded to bind-9.3.4. This update fixes two denial of service
       vulnerabilities where an attacker could crash the name server with
       specially crafted malformed data.
       For more information, see:
       (* Security fix *)
       Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug
       introduced in fetchmail-6.3.5 could cause fetchmail to crash. However,
       no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long
       standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
       password in clear text or omit using TLS even when configured otherwise.
       All fetchmail users are encouraged to consider using getmail, or to upgrade
       to the new fetchmail packages.
       For more information, see:
       (* Security fix *)
       Updated with tzdata2007b for impending Daylight Savings Time
       changes in the US.
patches/packages/gnupg-1.4.7-s390-1_slack10.1.tgz: Upgraded to gnupg-1.4.7.
       This fixes a security problem that can occur when GnuPG is used incorrectly.
       Newer versions attempt to prevent such misuse.
       For more information, see:
       (* Security fix *)
       Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
       "Important issues addressed in 3.0.24 include:
       o Fixes for the following security advisories:
       - CVE-2007-0452 (Potential Denial of Service bug in smbd)
       - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
       NSS library on Solaris)
       - CVE-2007-0454 (Format string bug in VFS plugin)"
       Samba is Slackware is vulnerable to the first issue, which can cause smbd
       to enter into an infinite loop, disrupting Samba services. Linux is not
       vulnerable to the second issue, and Slackware does not ship the
       VFS plugin (but it's something to be aware of if you build Samba with
       custom options).
       For more information, see:
       (* Security fix *)

Sun Jan 14 17:48:08 EST 2007
       Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable
       bug in earlier versions of gnupg. All gnupg users should update to the
       new packages as soon as possible. For details, see the information
       concerning CVE-2006-6235 posted on
       The CVE entry for this issue may be found here:
       This update also addresses a more minor security issue possibly
       exploitable when GnuPG is used in interactive mode. For more information
       about that issue, see:
       (* Security fix *)
       Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG
       file could crash applications that use libpng.
       For more information, see:
       (* Security fix *)
       Upgraded to proftpd-1.3.0a plus an additional security patch. Several
       security issues were found in proftpd that could lead to the execution of
       arbitrary code by a remote attacker, including one in mod_tls that does
       not require the attacker to be authenticated first.
       For more information, see:
       (* Security fix *)
       Upgraded to tar-1.16.
       This fixes an issue where files may be extracted outside of the current
       directory, possibly allowing a malicious tar archive, when extracted, to
       overwrite any of the user's files (in the case of root, any file on the
       For more information, see:
       (* Security fix *)
       Upgraded to xine-lib-1.1.3 which fixes possible security problems
       such as a heap overflow in libmms and a buffer overflow in the
       Real Media input plugin.
       For more information, see:
       (* Security fix *)

Mon Nov 13 13:52:10 EST 2006
       Upgraded to bind-9.3.2-P2. This fixes some security issues related to
       previous fixes in OpenSSL. The minimum OpenSSL version was raised to
       OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
       in older versions (these patches were already issued for Slackware). If you
       have not upgraded yet, get those as well to prevent a potentially exploitable
       security problem in named. In addition, the default RSA exponent was changed
       from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's
       default) will need to be regenerated to protect against the forging
       of RRSIGs.
       For more information, see:
       (* Security fix *)
patches/packages/infozip-5.52-s390-2.tgz: Updated the SlackBuild script to
       specify linux_noasm on the unzip build. This allows it to actually build.

Sat Nov 4 23:19:00 EST 2006
patches/packages/qt-3.3.3-s390-4_slack10.1.tgz: Patched.
       This fixes an issue with Qt's handling of pixmap images that causes Qt linked
       applications to crash if a specially crafted malicious image is loaded.
       Inspection of the code in question makes it seem unlikely that this could
       lead to more serious implications (such as arbitrary code execution), but it
       is recommended that users upgrade to the new Qt package.
       For more information, see:
       (* Security fix *)
patches/packages/screen-4.0.3-s390-1_slack10.1.tgz: Upgraded to screen-4.0.3.
       This addresses an issue with the way screen handles UTF-8 character encoding
       that could allow screen to be crashed (or possibly code to be executed in the
       context of the screen user) if a specially crafted sequence of pseudo-UTF-8
       characters are displayed withing a screen session.
       For more information, see:
       (* Security fix *)

Sat Sep 30 00:31:52 EDT 2006
       Upgraded to shared libraries from openssl-0.9.7l.
       See openssl package update below.
       (* Security fix *)
       Upgraded to openssh-4.4p1.
       This fixes a few security related issues. From the release notes found at
       * Fix a pre-authentication denial of service found by Tavis Ormandy,
       that would cause sshd(8) to spin until the login grace time
       * Fix an unsafe signal hander reported by Mark Dowd. The signal
       handler was vulnerable to a race condition that could be exploited
       to perform a pre-authentication denial of service. On portable
       OpenSSH, this vulnerability could theoretically lead to
       pre-authentication remote code execution if GSSAPI authentication
       is enabled, but the likelihood of successful exploitation appears
       * On portable OpenSSH, fix a GSSAPI authentication abort that could
       be used to determine the validity of usernames on some platforms.
       Links to the CVE entries will be found here:
       After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
       the way you want them. Future upgrades will respect the existing permissions
       settings. Thanks to Manuel Reimer for pointing out that upgrading openssh
       would enable a previously disabled sshd daemon.
       Do better checking of passwd, shadow, and group to avoid adding
       redundant entries to these files. Thanks to Menno Duursma.
       (* Security fix *)
       Upgraded to openssl-0.9.7l.
       This fixes a few security related issues:
       During the parsing of certain invalid ASN.1 structures an error
       condition is mishandled. This can result in an infinite loop which
       consumes system memory (CVE-2006-2937). (This issue did not affect
       OpenSSL versions prior to 0.9.7)
       Thanks to Dr S. N. Henson of Open Network Security and NISCC.
       Certain types of public key can take disproportionate amounts of
       time to process. This could be used by an attacker in a denial of
       service attack (CVE-2006-2940).
       Thanks to Dr S. N. Henson of Open Network Security and NISCC.
       A buffer overflow was discovered in the SSL_get_shared_ciphers()
       utility function. An attacker could send a list of ciphers to an
       application that uses this function and overrun a buffer.
       Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
       A flaw in the SSLv2 client code was discovered. When a client
       application used OpenSSL to create an SSLv2 connection to a malicious
       server, that server could cause the client to crash (CVE-2006-4343).
       Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
       Links to the CVE entries will be found here:
       (* Security fix *)

Mon Sep 25 02:35:09 EDT 2006
patches/packages/glibc-2.3.4-s390-2.tgz: Patched dl-load.c to fix a problem
       with OpenSSH not allowing connections on some systems where privilege
       separation and UseDNS were both set to "yes," which is the default for
patches/packages/glibc-profile-2.3.4-s390-2.tgz: Rebuilt.
patches/packages/glibc-solibs-2.3.4-s390-2.tgz: Rebuilt

Sat Sep 23 19:46:27 EDT 2006
       Upgraded to gzip-1.3.5, and fixed a variety of bugs.
       Some of the bugs have possible security implications if gzip or its tools are
       fed a carefully constructed malicious archive. Most of these issues were
       recently discovered by Tavis Ormandy and the Google Security Team. Thanks
       to them, and also to the ALT and Owl developers for cleaning up the patch.
       For further details about the issues fixed, please see:
       (* Security fix *)

Tue Sep 19 16:02:25 EDT 2006
patches/packages/openssl-0.9.7e-s390-5_slack10.1.tgz: Patched an issue where
       it is possible to forge certain kinds of RSA signatures.
       For more information, see:
patches/packages/openssl-solibs-0.9.7e-s390-5_slack10.1.tgz: Patched an issue
       where it is possible to forge certain kinds of RSA signatures.
       For more information, see:
       (* Security fix *)

Sat Sep 9 21:20:13 EDT 2006
       Upgraded to bind-9.3.2_P1.
       This update addresses a denial of service vulnerability.
       BIND's CHANGES file says this:
       2066. [security] Handle SIG queries gracefully. [RT #16300]
       The best discussion I've found is in FreeBSD's advisory, so here's a link:
       Also, fixed some missing man pages. (noticed by Xavier Thomassin -- thanks)
       (* Security fix *)
       Rebuilt bootshell as static, not dynamic. If your /usr file
       system isn't available, you still want to be able to log in
       to your system so you can fix it. ;)

Sun Aug 27 14:40:37 EDT 2006
       Upgraded to gnupg-1.4.5.
       From the gnupg-1.4.5 NEWS file:
       * Fixed 2 more possible memory allocation attacks. They are
       similar to the problem we fixed with 1.4.4. This bug can easily
       be be exploited for a DoS; remote code execution is not entirely
(* Security fix *)
       Patched vulnerabilities in libtiff which were found by Tavis Ormandy of
       the Google Security Team. These issues could be used to crash programs
       linked to libtiff or possibly to execute code as the program's user.
       A low risk command-line overflow in tiffsplit was also patched.
       For more details, see:
       (* Security fix *)

Sun Aug 6 17:16:38 EDT 2006
slackware/n/iproute2-2.6.9_ss040831-s390-1.tgz: Finally figured out how to
       get this package to build (it was getting glibc double free errors during
       the make process), by taking the tc/normal.c and tc/paretonormal.c code
       from a newer version.

Sun Jul 30 01:45:17 EDT 2006
       Upgraded to apache-1.3.37.
       From the announcement on
       This version of Apache is security fix release only. An off-by-one flaw
       exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
       since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
       The Slackware Security Team feels that the vast majority of installations
       will not be configured in a vulnerable way but still suggests upgrading to
       the new apache and mod_ssl packages for maximum security.
       For more details, see:
       And see Apache's announcement here:
       (* Security fix *)
       Upgraded to mod_ssl-2.8.28-1.3.37.
       Upgraded to mutt-
       This release fixes CVE-2006-3242, a buffer overflow that could be triggered
       by a malicious IMAP server.
       [Connecting to malicious IMAP servers must be common, right? -- Ed.]
       For more details, see:
       (* Security fix *)
       Patched a problem in nsswitch/wins.c that caused crashes in the wins
       and/or winbind libraries.
       Thanks to Mikhail Kshevetskiy for pointing out the issue and offering
       a reference to the patch in Samba's source repository.
       Also, this version of Samba evidently created a new dependency on
       (found in the xfsprogs package in non -current Slackware versions). This
       additional dependency was not intentional, and has been corrected.
       Repatched the telnet client with the official OpenBSD patch that had
       already replaced the original security fix in Slackware 9.1, 10.2 and
       -current. Thanks to Dragan Simic for reporting the issue, and my
       apologies for taking so long to address the insufficiencies of the
       original patch in Slackware 10.0 and 10.1.

Sun Jul 16 17:07:16 EDT 2006
       Upgraded to samba-3.0.23.
       This fixes a minor memory exhaustion DoS in smbd.
       The CVE entry for this issue may be found here:
       (* Security fix *)

Sun Jul 2 17:41:43 EDT 2006
       Patched to fix a possible exploit if artswrapper is setuid root (which,
       by default, it is not) and the system is running a 2.6 kernel.
       Systems running 2.4 kernels are not affected.
       The official KDE security advisory may be found here:
       The CVE entry for this issue may be found here:
       (* Security fix *)
       This version fixes a memory allocation issue that could allow an attacker to
       crash GnuPG creating a denial-of-service.
       The CVE entry for this issue may be found here:
       Patched a problem with kdm where it could be abused to read any file
       on the system.
       The official KDE security advisory may be found here:
       The CVE entry for this issue may be found here:
       (* Security fix *)

Thu Jun 15 14:33:56 EDT 2006
       Upgraded to sendmail-8.13.7.
       Fixes a potential denial of service problem caused by excessive recursion
       leading to stack exhaustion when attempting delivery of a malformed MIME
       message. This crashes sendmail's queue processing daemon, which in turn
       can lead to two problems: depending on the settings, these crashed
       processes may create coredumps which could fill a drive partition; and
       such a malformed message in the queue will cause queue processing to
       cease when the message is reached, causing messages that are later in
       the queue to not be processed.
       Sendmail's complete advisory may be found here:
       Sendmail has also provided an FAQ about this issue:
       The CVE entry for this issue may be found here:
       (* Security fix *)
       Upgraded to sendmail-8.13.7 configs.

Sat Jun 10 18:53:23 EDT 2006
a/bash-3.0-s390-1.tgz: Downgraded to bash-3.0-s390-1, since the -2 version
seems to hang after the very first command issued.

Thu Jun 8 20:52:03 EDT 2006
a/s390-tools-1.2.4-s390-1.tgz: Moved s390-tools-1.2.4-s390-1.tgz from the
       slackware/k directory to slackware/a. This is so that more people will
       install it by default, since it contains zipl, which is a pretty
       necessary package for any install.
       Upgraded to mysql-4.0.27.
       This fixes some minor security issues with possible information leakage.
       Note that the information leakage bugs require that the attacker have
       access to an account on the database. Also note that by default,
       Slackware's rc.mysqld script does *not* allow access to the database
       through the outside network (it uses the --skip-networking option).
       If you've enabled network access to MySQL, it is a good idea to filter
       the port (3306) to prevent access from unauthorized machines.
       For more details, see the MySQL 4.0.27 release announcement here:
       For more information, see:
       (* Security fix *)

Tue May 30 16:55:00 EDT 2006
       Upgraded to apache-1.3.35.
       Patched to fix totally broken Include behavior.
       From the official announcement:
       Of particular note is that 1.3.35 addresses and fixes 1 potential
       security issue: CVE-2005-3352 (
       mod_imap: Escape untrusted referer header before outputting in HTML
       to avoid potential cross-site scripting. Change also made to
       ap_escape_html so we escape quotes. Reported by JPCERT
       For more information, see:
       (* Security fix *)
patches/packages/gnupg- Upgraded to gnupg-
       There have been two security related issues reported recently with GnuPG.
       From the GnuPG and NEWS files:
       Noteworthy changes in version (2006-03-08)
       * Files containing several signed messages are not allowed any
       longer as there is no clean way to report the status of such
       files back to the caller. To partly revert to the old behaviour
       the new option --allow-multisig-verification may be used.
       Noteworthy changes in version (2006-02-14)
       * Security fix for a verification weakness in gpgv. Some input
       could lead to gpgv exiting with 0 even if the detached signature
       file did not carry any signature. This is not as fatal as it
       might seem because the suggestion as always been not to rely on
       th exit code but to parse the --status-fd messages. However it
       is likely that gpgv is used in that simplified way and thus we
       do this release. Same problem with "gpg --verify" but nobody
       should have used this for signature verification without
       checking the status codes anyway. Thanks to the taviso from
       Gentoo for reporting this problem.
       (* Security fix *)
       Upgraded to mod_ssl-2.8.26-1.3.35.
       This is an updated version designed for Apache 1.3.35.
patches/packages/mozilla-1.7.13-s390-1.tgz: Upgraded to mozilla-1.7.13.
       This upgrade fixes several possible security bugs.
       For more information, see:
       This release marks the end-of-life of the Mozilla 1.7.x series:
       Mozilla Corporation is recommending that users think about
       migrating to Firefox and Thunderbird.
       (* Security fix *)
       Updated for mozilla-1.7.13.
patches/packages/sendmail-8.13.6-s390-1.tgz: Upgraded to sendmail-8.13.6.
       This new version of sendmail contains a fix for a security problem
       discovered by Mark Dowd of ISS X-Force. From sendmail's advisory:
       Sendmail was notified by security researchers at ISS that, under some
       specific timing conditions, this vulnerability may permit a specifically
       crafted attack to take over the sendmail MTA process, allowing remote
       attackers to execute commands and run arbitrary programs on the system
       running the MTA, affecting email delivery, or tampering with other
       programs and data on this system. Sendmail is not aware of any public
       exploit code for this vulnerability. This connection-oriented
       vulnerability does not occur in the normal course of sending and
       receiving email. It is only triggered when specific conditions are
       created through SMTP connection layer commands.
       Sendmail's complete advisory may be found here:
       The CVE entry for this issue may be found here:
       (* Security fix *)
       Upgraded to sendmail-8.13.6 configuration files.
       Patched with x11r6.9.0-mitri.diff and recompiled.
       A typo in the X render extension allows an X client to crash the server
       and possibly to execute arbitrary code as the X server user (typically
       this is "root".)
       The CVE entry for this issue may be found here:
       The advisory from X.Org may be found here:
       (* Security fix *)
       Patched and recompiled libXrender.
       (* Security fix *)

Mon Apr 03 01:16:00 EST 2006
patches/packages/fetchmail-6.3.2-s390-1.tgz: Upgraded to fetchmail-6.3.2.
       Presumably this replaces all the known security problems with
       a batch of new unknown ones. (fetchmail is improving, really ;-)
       For more information, see:
       (* Security fix *)
patches/packages/kdegraphics-3.3.2-s390-5.tgz: Patched integer and
       heap overflows in kpdf to fix possible security bugs with malformed
       PDF files.
       For more information, see:
       (* Security fix *)
patches/packages/kdelibs-3.3.2-s390-3.tgz: Patched a heap overflow
       vulnerability in kjs, the JavaScript interpreter engine used by
       Konqueror and other parts of KDE.
       For more information, see:
       (* Security fix *)
patches/packages/openssh-4.3p1-s390-1.tgz: Upgraded to openssh-4.3p1.
       This fixes a security issue when using scp to copy files that could
       cause commands embedded in filenames to be executed.
       For more information, see:
       (* Security fix *)
patches/packages/sudo-1.6.8p12-s390-1.tgz: Upgraded to sudo-1.6.8p12.
       This fixes an issue where a user able to run a Python script through sudo
       may be able to gain root access.
       IMHO, running any kind of scripting language from sudo is still not safe...
       For more information, see:
       (* Security fix *)
patches/packages/xpdf-3.01-s390-3a.tgz: Recompiled with xpdf-3.01pl2.patch to
       fix integer and heap overflows in xpdf triggered by malformed PDF files.
       Included --with-Xm-includes option given to ./configure.
       For more information, see:
       (* Security fix *)

Sat Dec 17 14:05:00 EST 2005
patches/packages/apache-1.3.34-s390-1.tgz: Upgraded to apache-1.3.34.
       Fixes this minor security bug: "If a request contains both Transfer-Encoding
       and Content-Length headers, remove the Content-Length, mitigating some HTTP
       Request Splitting/Spoofing attacks."
       (* Security fix *)
patches/packages/curl-7.12.2-s390-2.tgz: Patched. This addresses a buffer
       overflow in libcurl's NTLM function that could have possible security
       For more details, see:
       (* Security fix *)
patches/packages/elm-2.5.8-s390-1.tgz: Upgraded to elm2.5.8.
       This fixes a buffer overflow in the parsing of the Expires header that
       could be used to execute arbitrary code as the user running Elm.
       Thanks to Ulf Harnhammar for finding the bug and reminding me to get
       out updated packages to address the issue.
       A reference to the original advisory:
patches/packages/imapd-4.64-s390-1.tgz: Upgraded to imapd-4.64.
       A buffer overflow was reported in the mail_valid_net_parse_work function.
       However, this function in the c-client library does not appear to be called
       from anywhere in imapd. iDefense states that the issue is of LOW risk to
       sites that allow users shell access, and LOW-MODERATE risk to other servers.
       I believe it's possible that it is of NIL risk if the function is indeed
       dead code to imapd, but draw your own conclusions...
       (* Security fix *)
patches/packages/koffice-1.3.5-s390-3.tgz: Patched.
       Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
       For more details, see:
       (* Security fix *)
patches/packages/lynx-2.8.5rel.5-s390-1.tgz: Upgraded to lynx-2.8.5rel.5.
       Fixes an issue where the handling of Asian characters when using lynx to
       connect to an NNTP server (is this a common use?) could result in a buffer
       overflow causing the execution of arbitrary code.
       For more details, see:
       (* Security fix *)
       Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/pine-4.64-s390-1.tgz: Upgraded to pine-4.64.
patches/packages/wget-1.10.2-s390-1.tgz: Upgraded to wget-1.10.2.
       This addresses a buffer overflow in wget's NTLM handling function that could
       have possible security implications.
       For more details, see:
       (* Security fix *)

Sat Dec 17 01:13:00 EST 2005
patches/packages/dhcpcd-1.3.22pl4-s390-2.tgz: Patched an issue where a
       remote attacker can cause dhcpcd to crash.
       For more information, see:
       (* Security fix *)
patches/packages/gaim-1.5.0-s390-1.tgz: Upgraded to gaim-1.5.0.
       This fixes some more security issues.
       For more information, see:
       (* Security fix *)
patches/packages/kdebase-3.3.2-s390-2.tgz: Patched a security bug in
       kcheckpass that could allow a local user to gain root privileges.
       For more information, see:
       (* Security fix *)
patches/packages/mozilla-1.7.12-s390-1.tgz: Upgraded to mozilla-1.7.12.
       This fixes several security issues. For more information, see:
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.12-noarch-1.tgz: Rebuilt.
patches/packages/openssl-0.9.7e-s390-2.tgz: Patched.
       Fixed a vulnerability that could, in rare circumstances, allow an attacker
       acting as a "man in the middle" to force a client and a server to negotiate
       the SSL 2.0 protocol (which is known to be weak) even if these parties both
       support SSL 3.0 or TLS 1.0.
       For more details, see:
       (* Security fix *)
patches/packages/openssl-solibs-0.9.7e-s390-2.tgz: Patched.
       (* Security fix *)
patches/packages/pcre-6.3-s390-1.tgz: Upgraded to pcre-6.3.
       This fixes a buffer overflow that could be triggered by the processing of a
       specially crafted regular expression. Theoretically this could be a security
       issue if regular expressions are accepted from untrusted users to be
       processed by a user with greater privileges, but this doesn't seem like a
       common scenario (or, for that matter, a good idea). However, if you are
       using an application that links to the shared PCRE library and accepts
       outside input in such a manner, you will want to update to this new package.
       For more information, see:
       (* Security fix *)
patches/packages/php-4.3.11-s390-3.tgz: Relinked with the system PCRE library,
       as the builtin library has a buffer overflow that could be triggered by the
       processing of a specially crafted regular expression.
       Note that this change requires the pcre package to be installed.
       For more information, see:
       (* Security fix *)
       Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
       insecure eval() function.
       For more information, see:
       (* Security fix *)
patches/packages/util-linux-2.12p-s390-2.tgz: Patched an issue with
       umount where if the umount failed when the '-r' option was used, the
       filesystem would be remounted read-only but without any extra flags
       specified in /etc/fstab. This could allow an ordinary user able to
       mount a floppy or CD (but with nosuid, noexec, nodev, etc in
       /etc/fstab) to run a setuid binary from removable media and gain
       root privileges.
       Reported to BugTraq by David Watson:
       (* Security fix *)
patches/packages/x11-6.8.1-s390-4.tgz: Patched a pixmap overflow issue.
       For more information, see:
       (* Security fix *)
patches/packages/x11-xdmx-6.8.1-s390-4.tgz: Patched and rebuilt.
patches/packages/x11-xnest-6.8.1-s390-4.tgz: Patched and rebuilt.
patches/packages/x11-xvfb-6.8.1-s390-4.tgz: Patched and rebuilt.
patches/packages/xine-lib-1.0.3a-s390-1.tgz: Upgraded to xine-lib-1.0.3a.
       This fixes a format string bug where an attacker, if able to upload malicious
       information to a CDDB server and then get a local user to play a certain
       audio CD, may be able to run arbitrary code on the machine as the user
       running the xine-lib linked application.
       For more information, see:
       (* Security fix *)
testing/packages/php-5.0.5/php-5.0.5-s390-1.tgz: Upgraded to
       php-5.0.5, which fixes security issues with XML-RPC and PCRE.
       This new package now links with the system's shared PCRE library,
       so be sure you have the new PCRE package from patches/packages/
       Ordinarily packages in /testing are not considered supported, but
       several people have written Pat to say that they are using php5
       from /testing in a production environment and would like to see an
       updated package, so here it is. The package in /testing was
       replaced in /testing rather than putting it under /patches to
       avoid any problems with automatic upgrade tools replacing php-4
       packages with this one.
       For more information on the security issues fixed, see:
       (* Security fix *)

Sat Jul 30 01:56:13 EDT 2005
patches/packages/dnsmasq-2.22-s390-1.tgz: Upgraded to dnsmasq-2.22.
       This fixes an off-by-one overflow vulnerability may allow a DHCP
       client to create a denial of service condition. Additional code was
       also added to detect and defeat attempts to poison the DNS cache.
       For more information, see:
       (* Security fix *)
patches/packages/emacs-21.4a-s390-1.tgz: Upgraded to emacs-21.4a.
       This fixes a vulnerability in the movemail utility when connecting to a
       malicious POP server that may allow the execution of arbitrary code as
       the user running emacs.
       (* Security fix *)
patches/packages/emacs-info-21.4a-s390-1.tgz: Upgraded to emacs-21.4a.
patches/packages/emacs-leim-21.4-s390-1.tgz: Upgraded to leim-21.4.
patches/packages/emacs-lisp-21.4a-s390-1.tgz: Upgraded to emacs-21.4a.
patches/packages/emacs-misc-21.4a-s390-1.tgz: Upgraded to emacs-21.4a.
patches/packages/emacs-nox-21.4a-s390-1.tgz: Upgraded to emacs-21.4a.c
       Upgraded to fetchmail-
       This fixes an overflow by which malicious or compromised POP3 servers
       may overflow fetchmail's stack.
       For more information, see:
       (* Security fix *)
patches/packages/kdenetwork-3.3.2-s390-2.tgz: Patched overflows in
       libgadu (used by kopete) that can cause a denial of service or
       arbitrary code execution.
       For more information, see:
       (* Security fix *)
patches/packages/mozilla-1.7.10-s390-2.tgz: Fixed a folder switching bug.
       Thanks to Peter Santoro for pointing out the patch.
patches/packages/tcpip-0.17-s390-31b.tgz: Patched two overflows in
       the telnet client that could allow the execution of arbitrary code
       when connected to a malicious telnet server.
       For more information, see:
       (* Security fix *)
patches/packages/zlib-1.2.3-s390-1.tgz: Upgraded to zlib-1.2.3.
       This fixes an additional crash not fixed by the patch to zlib-1.2.2.
       (* Security fix *)

Tue Jul 26 01:53:00 EDT 2005
These GTK+ related packages fix some bugs that affect Firefox and
Acrobat Reader. Thanks to Helmut Schmid for the bug report. :-)
patches/packages/atk-1.9.1-s390-1.tgz: Upgraded to atk-1.9.1.
patches/packages/glib2-2.6.4-s390-1.tgz: Upgraded to glib-2.6.4.
patches/packages/gtk+2-2.6.7-s390-1.tgz: Upgraded to gtk+-2.6.7.
patches/packages/pango-1.8.1-s390-1.tgz: Upgraded to pango-1.8.1.

patches/packages/mozilla-1.7.10-s390-1.tgz: Upgraded to mozilla-1.7.10.
       This fixes several security issues. For more information, see:
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.10-noarch-1.tgz: Upgraded Java(TM)
       symlink for Mozilla.
patches/packages/ncftp-3.1.9-s390-1.tgz: Upgraded to ncftp-3.1.9.
       This corrects a vulnerability where a download from a hostile FTP server
       might be written to an unintended location potentially compromising system
       security or causing a denial of service.
       For more details, see:
       (* Security fix *)
patches/packages/php-4.3.11-s390-1.tgz: Upgraded to php-4.3.11.
       "This is a maintenance release that in addition to over 70 non-critical bug
       fixes addresses several security issues inside the exif and fbsql extensions
       as well as the unserialize(), swf_definepoly() and getimagesize() functions."
       (* Security fix *)
patches/packages/php-4.3.11-s390-2.tgz: Upgraded PEAR XML_RPC class.
       This new PHP package fixes a PEAR XML_RPC vulnerability. Sites that use
       this PEAR class should upgrade to the new PHP package, or as a minimal
       fix may instead upgrade the XML_RPC PEAR class with the following command:
       pear upgrade XML_RPC
       (* Security fix *)
patches/packages/sudo-1.6.8p9-s390-1.tgz: Upgraded to sudo-1.6.8p9.
       This new version of Sudo fixes a race condition in command pathname handling
       that could allow a user with Sudo privileges to run arbitrary commands.
       For full details, see the Sudo site:
       (* Security fix *)
patches/packages/tcpdump-3.9.3-s390-1.tgz: Upgraded to libpcap-0.9.3 and
       tcpdump-3.9.3. This fixes an issue where an invalid BGP packet can
       cause tcpdump to go into an infinate loop, effectively disabling network
       (* Security fix *)

Sun Jul 24 23:00:00 EDT 2005
patches/packages/cvs-1.11.20-s390-1.tgz: Upgraded to cvs-1.11.20.
       From "This version fixes many minor security issues in the
       CVS server executable including a potentially serious buffer overflow
       vulnerability with no known exploit. We recommend this upgrade for all CVS
       For more information, see:
       (* Security fix *)
patches/packages/gaim-1.3.1-s390-1.tgz: Upgraded to gaim-1.3.1 and
       gaim-encryption-2.38. This fixes a couple of remote crash bugs, so
       users of the MSN and Yahoo! chat protocols should upgrade to gaim-1.3.1.
       (* Security fix *)
patches/packages/gxine-0.4.6-s390-1.tgz: Upgraded to gxine-0.4.6.
       This fixes a format string vulnerability that allows remote attackers to
       execute arbitrary code via a ram file with a URL whose hostname contains
       format string specifiers.
       For more information, see:
       (* Security fix *)
patches/packages/infozip-5.52-s390-1.tgz: Upgraded to unzip552.tar.gz and
       zip231.tar.gz. These fix some buffer overruns if deep directory paths are
       packed into a Zip archive which could be a security vulnerability (for
       example, in a case of automated archiving or backups that use Zip). However,
       it also appears that these now use certain assembly instructions that might
       not be available on older CPUs, so if you have an older machine you may wish
       to take this into account before deciding whether you should upgrade.
       (* Security fix *)
patches/packages/python-2.4.1-s390-1.tgz: Upgraded to python-2.4.1.
       From the site: "The Python development team has discovered a flaw
       in the SimpleXMLRPCServer library module which can give remote attackers
       access to internals of the registered object or its module or possibly other
       modules. The flaw only affects Python XML-RPC servers that use the
       register_instance() method to register an object without a _dispatch()
       method. Servers using only register_function() are not affected."
       For more details, see:
       (* Security fix *)
patches/packages/python-demo-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1
patches/packages/python-tools-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1
patches/packages/xine-lib-1.0.1-s390-1.tgz: Upgraded to xine-lib-1.0.1.
       This fixes some bugs in the MMS and Real RTSP streaming client code.
       While the odds of this vulnerability being usable to a remote attacker are
       low (but see the xine advisory), if you stream media from sites using these
       protocols (and you think the sites might be "hostile" and will try to hack
       into your xine client), then you might want to upgrade to this new version
       of xine-lib. Probably the other fixes and enchancements in xine-lib-1.0.1
       are a better rationale to do so, though.
       For more details on the xine-lib security issues, see:
       (* Security fix *)
patches/packages/xv-3.10a-s390-2.tgz: Upgraded to the latest XV jumbo
       patches, xv-3.10a-jumbo-fix-patch-20050410 and
       xv-3.10a-jumbo-enh-patch-20050501. These fix a number of format string
       and other possible security issues in addition to providing many other
       bugfixes and enhancements.
       (Thanks to Greg Roelofs)
       (* Security fix *)

Sun Apr 10 18:48:07 EDT 2005
patches/packages/php-4.3.11-s390-1.tgz: Upgraded to php-4.3.11.
       "This is a maintenance release that in addition to over 70 non-critical bug
       fixes addresses several security issues inside the exif and fbsql extensions
       as well as the unserialize(), swf_definepoly() and getimagesize() functions."
       (* Security fix *)

Wed Mar 30 18:41:02 EST 2005
patches/packages/gaim-1.2.0-s390-1.tgz: Upgraded to gaim-1.2.0 and
       gaim-encryption-2.36 (compiled against mozilla-1.7.6).
patches/packages/mozilla-1.7.6-s390-1.tgz: Upgraded to mozilla-1.7.6.
       Fixes some security issues. Please see for a complete list.
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz: Adjusted plugin
       symlinks for Mozilla 1.7.6.

Sat Feb 19 17:24:00 EST 2005
a/pkgtools-10.1.0-s390-2: Reverted /sbin/pkgtool to the version used in
       Slackware 10.0. While this version is slower to build the list of packages
       when viewing or removing packages, it is far more forgiving of a slightly
       corrupted or out of spec package database. There are many tools (like
       checkinstall) that do not build packages the same way that Slackware's
       makepkg does, and when these packages are installed the optimized version of
       pkgtool runs into problems. These problems are caused by installing broken
       packages, and should not be blamed on pkgtool (there are many ways to build a
       tar+gz package that does not conform to the rules as defined by a makepkg
       built tgz package, and it would be impossible to "fix" pkgtool to handle all
       of them properly). Perhaps these optimizations will be looked at again for
       Slackware 11, but IMHO a faster way to get a list of packages is to go into
       /var/log/packages and use "ls" and "less", and a better way to remove them
       is with removepkg. In any case, this version of pkgtool works better so
       that's what will ship with Slackware 10.1.

       Fixed a couple bugs and sped up pkgtool more.
       Thanks to Jim Hawkins and Lasse Collin for the pkgtool patches.
       Add a patch for removepkg to rmdir directories containing spaces.
       Thanks to Thomas Pfaff for this patch.
l/esound-0.2.35-s390-1: Upgraded to esound-0.2.35.
l/imlib-1.9.15-s390-1: Upgraded to imlib-1.9.15. This fixes an image
       decoder overflow in the BMP handling routines which could possibly be
       exploited if a specially crafted BMP image is loaded. This seems like an
       unlikely situation, but better safe than sorry...
       (* Security fix *)
xap/rxvt-2.7.10-s390-2: Added --enable-xgetdefault to ./configure.
       Thanks to Corvin for the suggestion. :-)
xap/xfce-4.2.0-s390-2: Fixed /etc/X11/xdg/xfce4/xinitrc perms.
       (Thanks to Roberto Di Girolamo)
       In xinitrc.xfce, make the /tmp/xrdb file in a more secure fashion.

Thu Feb 17 01:36:10 EST 2005
n/nfs-utils-1.0.7-s390-1.tgz: Upgraded to nfs-utils-1.0.7.

Mon Feb 7 14:37:00 EST 2004
a/glibc-solibs-2.3.4-s390-1.tgz: Upgraded to glibc-2.3.4.
a/glibc-zoneinfo-2.3.4-noarch-1.tgz: Upgraded to glibc-2.3.4.
l/glibc-2.3.4-s390-1.tgz: Upgraded to glibc-2.3.4.
l/glibc-i18n-2.3.4-noarch-1.tgz: Upgraded to glibc-2.3.4.
l/glibc-profile-2.3.4-s390-1.tgz: Upgraded to glibc-2.3.4.

Sun Feb 6 12:42:00 EST 2004
n/irssi-0.8.9-s390-4.tgz: Removed obsolete "botti" program.

Fri Feb 4 00:39:00 EST 2004
d/j2sdk-1.4.2-s390-1: Upgraded to IBM Java SDK 1.4.2.
kde/kdeedu-3.3.2-s390-2.tgz: Rebuilt, fixed incorrect permissions.
kde/kdelibs-3.3.2-s390-2.tgz: Rebuilt to work with Python 2.4.
       Added kioslave patch.
kde/koffice-1.3.5-s390-2.tgz: Rebuilt to work with Python 2.4.
       Patched kpdf crash.
l/sdl-1.2.8-s390-1.tgz: Upgraded to sdl-1.2.8.
n/bind-9.3.0-s390-2.tgz: Patched a possible denial of service in BIND's
       validator code. The risk level on this bug is rather low, as the flaw
       only affects BIND if DNSSEC is used. This is not the default setting.
       (* Security fix *)
xap/mozilla-plugins-1.7.5-noarch-1.tgz: Upgraded to mozilla-plugins-1.7.5.
testing/packages/gcc-3.4.3/gcc-*.tgz: Upgraded to gcc-3.4.3.

Sun Jan 30 22:58:00 EST 2004
a/hdparm-5.8-s390-1.tgz: Upgraded to hdparm-5.8.
ap/mysql-4.0.23a-s390-1.tgz: Upgraded to mysql-4.0.23a.
       I know there are newer production branches than 4.0.x, but don't think
       such a change would be good at the last minute. It will be one of the
       first orders of pre-11-current business, though.
ap/sudo-1.6.8p6-s390-1.tgz: Upgraded to sudo-1.6.8p6.
gnome/gthumb-2.6.3-s390-1.tgz: Upgraded to gthumb-2.6.3.
n/imapd-4.62-s390-1.tgz: Upgraded to imapd from pine-4.62.
n/nail-11.20-s390-1.tgz: Upgraded to nail-11.20.
n/pine-4.62-s390-1.tgz: Upgraded to pine-4.62.
n/popa3d- Upgraded to popa3d-
n/tcpip-0.17-s390-3.tgz: Applied a couple of netconfig patches.
xap/xfce-4.2.0-s390-1.tgz: Upgraded to xfce-4.2.0. Fixed
       /etc/X11/xdg/xfce4/xinitrc perms.
extra/slackpkg/slackpkg-1.4-noarch-9.tgz: Upgraded to slackpkg-1.4-noarch-9.

Sun Jan 30 01:38:00 EST 2004
l/libtiff-3.7.1-s390-1.tgz: Upgraded to libtiff-3.7.1, and patched a
       transparency bug.
n/dnsmasq-2.20-s390-1.tgz: Upgraded to dnsmasq-2.20.
n/sendmail-8.13.3-s390-1.tgz: Upgraded to sendmail-8.13.3.
n/sendmail-cf-8.13.3-noarch-1.tgz: Upgraded to sendmail-8.13.3 config files.
x/x11-6.8.1-s390-3.tgz: Applied CAN-2004-0914 patch to libXpm. Unlikely to
       ever be used in the real world other than (also unlikely) through a crash,
       but I'm trying to pay attention to detail. :-)
       (* Security fix *)
x/x11-devel-6.8.1-s390-3.tgz: Applied CAN-2004-0914 patch to libXpm.
xap/mozilla-1.7.5-s390-1.tgz: Upgraded to mozilla-1.7.5.
xap/xpdf-3.00-s390-3.tgz: Added three patches that prevent xpdf crashes.

Thu Jan 27 22:54:00 EST 2004
a/cups-1.1.23-s390-1.tgz: Upgraded to cups-1.1.23.
a/kernel-default-2.4.29-s390-1.tgz: Upgraded to Linux 2.4.29 kernel.
a/kernel-modules-2.4.29-s390-1.tgz: Upgraded to Linux 2.4.29 kernel modules.
a/udev-050-s390-1.tgz: Upgraded to udev-050.
ap/alsa-utils-1.0.8-s390-1.tgz: Upgraded to alsa-utils-1.0.8.
d/kernel-headers-2.4.29-s390-1.tgz: Upgraded to kernel-headers-2.4.29.
gnome/gdm- Upgraded to gdm-
k/kernel-source-2.4.29-s390-1.tgz: Upgraded to Linux 2.4.29 kernel source.
kde/kdebindings-3.3.2-s390-1.tgz: Patched to work with Python 2.4.
l/alsa-lib-1.0.8-s390-1.tgz: Upgraded to alsa-lib-1.0.8.
l/alsa-oss-1.0.8-s390-1.tgz: Upgraded to alsa-oss-1.0.8.
n/gnupg-1.2.7-s390-1.tgz: Upgraded to gnupg-1.2.7.
n/stunnel-4.07-s390-1.tgz: Upgraded to stunnel-4.07.
xap/fluxbox-0.9.12-s390-1.tgz: Upgraded to fluxbox-0.9.12.
xap/gimp-2.2.3-s390-1.tgz: Upgraded to gimp-2.2.3.
xap/imagemagick-6.1.9_0-s390-1.tgz: Upgraded to ImageMagick-6.1.9-0.
xap/sane-1.0.15-s390-1.tgz: Upgraded to sane-backends-1.0.15.
xap/xchat-2.4.1-s390-1.tgz: Upgraded to xchat-2.4.1.
xap/xine-lib-1.0-s390-1.tgz: Upgraded to xine-lib-1.0.
xap/xscreensaver-4.19-s390-1.tgz: Upgraded to xscreensaver-4.19.
extra/bittornado/bittornado-0.3.9b-noarch-1.tgz: Upgraded to bittornado-0.3.9b
extra/bittorrent/bittorrent-3.9.1-noarch-1.tgz: Upgraded to bittorrent-3.9.1.
       This is a beta, but the stable version does not work with Python 2.4, so
       it seems prudent to switch.
extra/cpint-1.1.6/cpint-1.1.6_2.4.29-s390-1.tgz: Rebuilt against kernel 2.4.29 headers.
extra/inn/inn-2.4.2-s390-1.tgz: Upgraded to inn-2.4.2.
extra/slackpkg/slackpkg-1.3.1-noarch-3.tgz: Upgraded to slackpkg-1.3.1-noarch-3.
testing/packages/gnupg-1.4.0-s390-1.tgz: Upgraded to gnupg-1.4.0.
testing/packages/php-5.0.3/php-5.0.3-s390-1.tgz: Upgraded to php-5.0.3.

Thu Jan 27 01:57:00 EST 2004
a/module-init-tools-3.1-s390-1.tgz: Upgraded to module-init-tools-3.1 and
a/util-linux-2.12p-s390-1.tgz: Upgraded to util-linux-2.12p.
d/binutils- Upgraded to ksymoops-2.4.10.
       Tried the newer binutils, but it couldn't compile ksymoops due to missing
       symbols in we'll stick with for now...
d/cvs-1.11.18-s390-1.tgz: Upgraded to cvs-1.11.18.
d/doxygen-1.4.0-s390-1.tgz: Upgraded to doxygen-1.4.0.
d/perl-5.8.6-s390-1.tgz: Upgraded to perl-5.8.6.
d/python-2.4-s390-1.tgz: Upgraded to python-2.4.
d/python-demo-2.4-noarch-1.tgz: Upgraded to python-2.4 demos.
d/python-tools-2.4-noarch-1.tgz: Upgraded to python-2.4 tools.
kde/kdegraphics-3.3.2-s390-2.tgz: Patched post-3.3.2 kpdf problems.
       (* Security fix *)
l/libxml2-2.6.16-s390-1.tgz: Upgraded to libxml2-2.6.16.
l/libxslt-1.1.12-s390-1.tgz: Upgraded to libxslt-1.1.12.
l/taglib-1.3.1-s390-1.tgz: Upgraded to taglib-1.3.1.
n/getmail-4.2.5-noarch-1.tgz: Upgraded to getmail-4.2.5.
n/irssi-0.8.9-s390-3.tgz: Recompiled for perl-5.8.6.
xap/gaim-1.1.2-s390-1.tgz: Upgraded to gaim-1.1.1.

Wed Jan 26 01:33:00 EST 2004
a/openssl-solibs-0.9.7e-s390-1.tgz: Upgraded to openssl-0.9.7e.
d/automake-1.9.4-noarch-1.tgz: Upgraded to automake-1.9.4.
n/nfs-utils-1.0.7-s390-1.tgz: Upgraded to nfs-utils-1.0.7.
n/openssl-0.9.7e-s390-1.tgz: Upgraded to openssl-0.9.7e.

Fri Jan 21 17:16:00 EST 2004
a/tar-1.15.1-s390-1.tgz: Upgraded to tar-1.15.1.

Thu Jan 20 16:51:00 EST 2004
d/distcc-2.18.3-s390-1.tgz: Upgraded to distcc-2.18.3.
l/atk-1.9.0-s390-1.tgz: Upgraded to atk-1.9.0.
l/libpng-1.2.8-s390-1.tgz: Upgraded to libpng-1.2.8.
n/lftp-3.0.13-s390-1.tgz: Upgraded to lftp-3.0.13.
n/php-4.3.10-s390-1.tgz: Upgraded to php-4.3.10.
xap/gxine-0.4.1-s390-1.tgz: Upgraded to gxine-0.4.1.
xap/xine-ui-0.99.3-s390-1.tgz: Upgraded to xine-ui-0.99.3.

Thu Jan 20 00:23:00 EST 2004
kde/kdeaddons-3.3.2-s390-1.tgz: Upgraded to kdeaddons-3.3.2.
kde/kdepim-3.3.2-s390-1.tgz: Upgraded to kdepim-3.3.2.
kde/kdewebdev-3.3.2-s390-1.tgz: Upgraded to kdewebdev-3.3.2.
l/glib2-2.6.1-s390-1.tgz: Upgraded to glib2-2.6.1.
l/gtk+2-2.6.1-s390-1.tgz: Upgraded to gtk+2-2.6.1.
l/pango-1.8.0-s390-1.tgz: Upgraded to pango-1.8.0.
n/samba-3.0.10-s390-1.tgz: Upgraded to samba-3.0.10.
       A possible buffer overrun in smbd could lead to code execution by a remote
       user. For more details, see:
       (* Security fix *)
xap/gimp-2.2.1-s390-1.tgz: Upgraded to gimp-2.2.1.

Wed Jan 19 00:55:00 EST 2004
kde/kdeaccessibility-3.3.2-s390-1.tgz: Upgraded to kdeaccessibility-3.3.2.
kde/kdeadmin-3.3.2-s390-1.tgz: Upgraded to kdeadmin-3.3.2.
kde/kdeartwork-3.3.2-s390-1.tgz: Upgraded to kdeartwork-3.3.2.
kde/kdebase-3.3.2-s390-1.tgz: Upgraded to kdebase-3.3.2.
kde/kdeedu-3.3.2-s390-1.tgz: Upgraded to kdeedu-3.3.2.
kde/kdegames-3.3.2-s390-1.tgz: Upgraded to kdegames-3.3.2.
kde/kdegraphics-3.3.2-s390-1.tgz: Upgraded to kdegraphics-3.3.2.
kde/kdelibs-3.3.2-s390-1.tgz: Upgraded to kdelibs-3.3.2.
kde/kdemultimedia-3.3.2-s390-1.tgz: Upgraded to kdemultimedia-3.3.2.
kde/kdenetwork-3.3.2-s390-1.tgz: Upgraded to kdenetwork-3.3.2.
kde/kdesdk-3.3.2-s390-1.tgz: Upgraded to kdesdk-3.3.2.
kde/kdetoys-3.3.2-s390-1.tgz: Upgraded to kdetoys-3.3.2.
kde/kdeutils-3.3.2-s390-1.tgz: Upgraded to kdeutils-3.3.2.
kde/kdevelop-3.1.2-s390-1.tgz: Upgraded to kdevelop 3.1.2.

Mon Jan 17 23:46:00 EST 2004
a/kernel-default-2.4.28-s390-1.tgz: Upgraded to Linux 2.4.28 kernel.
a/kernel-modules-2.4.28-s390-1.tgz: Upgraded to Linux 2.4.28 kernel modules.
ap/alsa-utils-1.0.7-s390-1.tgz: Upgraded to alsa-utils-1.0.7.
ap/sudo-1.6.8p5-s390-1.tgz: Upgraded to sudo-1.6.8p5.
d/gdb-6.3-s390-1.tgz: Upgraded to gdb-6.3.
d/kernel-headers-2.4.28-s390-1.tgz: Upgraded to kernel-headers-2.4.28.
k/kernel-source-2.4.28-s390-1.tgz: Upgraded to Linux 2.4.28 kernel source.
kde/arts-1.3.2-s390-1.tgz: Upgraded to arts-1.3.2.
l/alsa-lib-1.0.7-s390-1.tgz: Upgraded to alsa-lib-1.0.7.
l/alsa-oss-1.0.7-s390-1.tgz: Upgraded to alsa-oss-1.0.7.
extra/cpint-1.1.6/cpint-1.1.6_2.4.28-s390-1.tgz: Rebuilt against kernel 2.4.28 headers.

Wed Dec 29 12:48:00 EST 2004
kde/koffice-1.3.5-s390-1.tgz: Upgraded to koffice-1.3.5.
kdei/koffice*.tgz: Upgraded to koffice-i18n-1.3.5.

Fri Nov 19 13:32:00 EST 2004
n/ppp-2.4.2-s390-2.tgz: Rebuilt without autconf and automake installed.
       This allowed the Radius client piece to build.

Wed Nov 17 20:38:00 EST 2004
a/acpid-1.0.4-s390-2.tgz: Fixed perms of /usr/doc/acpid-1.0.4/samples/

Tue Nov 9 16:45:00 EST 2004
a/bash-3.0-s390-2.tgz: Applied official bash-3.0 patches 1-15, then reverted
       to bash-3.0-s390-1. Apparently the new version of glibc causes bash
       to hang after any command is issued. Pat got around this by compiling
       this under a previous version of Slackware. I'm going to just not do
       anything until glibc gets fixed, or enough people complain about the
       bugs that got fixed in patches 1-15 to do what Pat did.
a/hotplug-2004_09_23-noarch-1.tgz: Upgraded to hotplug-2004_09_23.
a/pkgtools-10.1.0-s390-1.tgz: Patched pkgtools to dramatically improve the
       speed of the "View" option. The patch was written by Jim Hawkins.
       Fixed a typo in pkgtool.8. (thanks to "ldconfig")
a/util-linux-2.12h-s390-1.tgz: Upgraded to util-linux-2.12h.
ap/mdadm-1.8.0-s390-1.tgz: Upgraded to mdadm-1.8.0.
kde/koffice-1.3.4-s390-2.tgz: Patched a bug in xpdf-based code that could
       cause a crash.
l/libexif-0.6.11-s390-1.tgz: Upgraded to libexif-0.6.11 (but retained from libexif-0.5.12 to give third party packages
       a chance to be recompiled).
n/lftp-3.0.11-s390-1.tgz: Upgraded to lftp-3.0.11.
n/samba-3.0.7-s390-2.tgz: Applied a patch from Samba CVS needed to fix smbtree
       on systems using a recent glibc (such as the one here in Slackware -current).
n/tcpip-0.17-s390-2.tgz: Upgraded to ethtool-2 and tftp-hpa-0.40.
       Fixed a DoS bug in ntalkd.
xap/gimp-2.0.6-s390-1.tgz: Upgraded to gimp-2.0.6.
extra/bison-1.875d/bison-1.875d-s390-1.tgz: Upgraded to bison-1.875d.
extra/slackpkg/slackpkg-1.3-noarch-4.tgz: Upgraded to slackpkg-1.3-noarch-4.
pasture/fvwm95-2.0.43ba-s390-1.tgz: Moved to /pasture.
pasture/ifhp-3.5.18-s390-1.tgz: Upgraded to ifhp-3.5.18.
pasture/lprng-3.8.28-s390-1.tgz: Upgraded to LPRng-3.8.28.

Mon Nov 8 22:07:00 EST 2004
a/udev-042-s390-1.tgz: Upgraded to udev-042.
kde/kdegraphics-3.3.1-s390-2.tgz: Patched a crash bug in kpdf.

Sun Nov 7 23:48:00 EST 2004
a/cups-1.1.22-s390-1.tgz: Upgraded to cups-1.1.22.
ap/mysql-4.0.22-s390-1.tgz: Upgraded to mysql-4.0.22.
d/binutils- Upgraded to binutils-
n/apache-1.3.33-s390-1.tgz: Upgraded to apache-1.3.33.
       This fixes one new security issue (the first issue, CAN-2004-0492, was fixed
       in apache-1.3.32). The second bug fixed in 1.3.3 (CAN-2004-0940) allows a
       local user who can create SSI documents to become "nobody". The amount of
       mischief they could cause as nobody seems low at first glance, but it might
       allow them to use kill or killall as nobody to try to create a DoS.
       Mention PHP's mhash dependency in httpd.conf (thanks to Jakub Jankowski).
       (* Security fix *)
n/mod_ssl-2.8.22_1.3.33-s390-1.tgz: Upgraded to mod_ssl-2.8.22_1.3.33.

Thu Nov 4 10:12:00 EST 2004
n/nail-11.13-s390-1.tgz: Upgraded to nail-11.13.
n/netatalk-2.0.1-s390-1.tgz: Upgraded to netatalk-2.0.1.
l/libxml2-2.6.15-s390-1.tgz: Upgraded to libxml2-2.6.15.
xap/imagemagick-6.1.2_4-s390-1.tgz: Upgraded to ImageMagick-6.1.2-4.
xap/windowmaker-0.91.0-s390-1.tgz: Upgraded to WindowMaker-0.91.0.

Wed Nov 3 18:48:00 EST 2004
libtiff-3.7.0-s390-1.tgz: Upgraded to libtiff-3.7.0.
       This fixes several bugs that could lead to crashes, or could possibly allow
       arbitrary code to be executed. For more details, see:
       (* Security fix *)
xap/gnuchess-5.07-s390-1.tgz: Upgraded to gnuchess-5.07.
       This package also contains Sjeng-Free-11.2, eboard-0.9.5, and xboard-4.2.7.

Tue Oct 26 17:55:00 EDT 2004
n/apache-1.3.32-s390-1.tgz: Upgraded to apache-1.3.32.
       This addresses a heap-based buffer overflow in mod_proxy by
       rejecting responses from a remote server with a negative
       Content-Length. The flaw could crash the Apache child process,
       or possibly allow code to be executed as the Apache user (but
       only if mod_proxy is actually in use on the server).
       For more details, see:
       (* Security fix *)
n/mod_ssl-2.8.21_1.3.32-s390-1.tgz: Upgraded to mod_ssl-2.8.21-1.3.32.
       Don't allow clients to bypass cipher requirements, possibly negotiating
       a connection that the server does not consider secure enough.
       For more details, see:
       (* Security fix *)

Sun Oct 24 00:12:00 EDT 2004
xap/gaim-1.0.2-s390-1.tgz: .tgz: Upgraded to gaim-1.0.2 and gaim-encryption-2.32.
       A buffer overflow in the MSN protocol handler for GAIM 0.79 to 1.0.1
       allows remote attackers to cause a denial of service (application
       crash) and may allow the execution of arbitrary code.
       For more details, see:
       (* Security fix *)

Thu Oct 21 10:19:00 EDT 2004
xap/abiword-2.0.12-s390-1.tgz: Upgraded to abiword-2.0.12.

Thu Oct 21 01:23:00 EDT 2004
a/acpid-1.0.4-s390-1.tgz: Upgraded to acpid-1.0.4.
a/sysvinit-2.84-s390-2.tgz: In rc.S, make sure /tmp/.ICE-unix and
       /tmp/.X11-unix exist and have proper permissions. X.Org no longer
       creates these if they are missing which is a problem for users who
       are using a tmpfs on /tmp.
       In rc.S and rc.6, check /proc/ioports to make sure that the RTC lists
       ports, and if so use a workaround to prevent hwclock from hanging.
       In rc.M, don't start acpid if apmd is already running regardless of
       the perms on rc.acpid.
ap/hpijs-1.7-s390-1.tgz: Upgraded to hpijs-1.7.
ap/lsof-4.72-s390-1.tgz: Upgraded to lsof-4.72.
ap/sox-12.17.6-s390-1.tgz: Upgraded to sox-12.17.6.
kde/kdeaddons-3.3.1-s390-1.tgz: Upgraded to kdeaddons-3.3.1.
kde/kdebindings-3.3.1-s390-1.tgz: Upgraded to kdebindings-3.3.1.
kde/kdepim-3.3.1-s390-1.tgz: Upgraded to kdepim-3.3.1.
kde/kdewebdev-3.3.1-s390-1.tgz: Upgraded to kdewebdev-3.3.1.
kde/koffice-1.3.4-s390-1.tgz: Upgraded to koffice-1.3.4.
l/libao-0.8.5-s390-1.tgz: Upgraded to libao-0.8.5.
n/curl-7.12.2-s390-1.tgz: Upgraded to curl-7.12.2.
n/dnsmasq-2.15-s390-1.tgz: Upgraded to dnsmasq-2.15.
n/nmap-3.75-s390-1.tgz: Upgraded to nmap-3.75.
       Fixed nmapfe.desktop to follow specs and
       moved it to /usr/share/applications.
x/x11-6.8.1-s390-2.tgz: Rebuilt. X.Org made a few minor slient fixes to
       the X11R6.8.1 (like the version number), so it seemed like a good idea
       to rebuild.
x/x11-devel-6.8.1-s390-2.tgz: Rebuilt.
x/x11-docs-6.8.1-noarch-2.tgz: Rebuilt.
x/x11-docs-html-6.8.1-noarch-2.tgz: Rebuilt.
x/x11-fonts-100dpi-6.8.1-noarch-2.tgz: Rebuilt.
x/x11-fonts-cyrillic-6.8.1-noarch-2.tgz: Rebuilt.
x/x11-fonts-misc-6.8.1-noarch-2.tgz: Rebuilt.
x/x11-fonts-scale-6.8.1-noarch-2.tgz: Rebuilt.
x/x11-xdmx-6.8.1-s390-2.tgz: Rebuilt.
x/x11-xnest-6.8.1-s390-2.tgz: Patched to prevent an xnest crash.
x/x11-xvfb-6.8.1-s390-2.tgz: Rebuilt.
xap/gftp-2.0.17-s390-2.tgz: Build with .SlackBuild, not .build.
       Fixed gftp.desktop.
xap/gucharmap-1.4.1-s390-2.tgz: Moved from /gnome.
xap/sane-1.0.14-s390-3.tgz: Upgraded to sane-frontends-1.0.13.
       Build with .SlackBuild, not .build.
xap/xine-ui-0.99.2-s390-2.tgz: Fixed xine.desktop.

Tue Oct 19 22:37:00 EDT 2004
kde/kdeaccessibility-3.3.1-s390-1.tgz: Upgraded to kdeaccessibility-3.3.1.
kde/kdeadmin-3.3.1-s390-1.tgz: Upgraded to kdeadmin-3.3.1.
kde/kdeartwork-3.3.1-s390-1.tgz: Upgraded to kdeartwork-3.3.1.
kde/kdebase-3.3.1-s390-1.tgz: Upgraded to kdebase-3.3.1.
kde/kdeedu-3.3.1-s390-1.tgz: Upgraded to kdeedu-3.3.1.
kde/kdegames-3.3.1-s390-1.tgz: Upgraded to kdegames-3.3.1.
kde/kdegraphics-3.3.1-s390-1.tgz: Upgraded to kdegraphics-3.3.1.
kde/kdelibs-3.3.1-s390-1.tgz: Upgraded to kdelibs-3.3.1.
kde/kdemultimedia-3.3.1-s390-1.tgz: Upgraded to kdemultimedia-3.3.1.
kde/kdenetwork-3.3.1-s390-1.tgz: Upgraded to kdenetwork-3.3.1.
kde/kdesdk-3.3.1-s390-1.tgz: Upgraded to kdesdk-3.3.1.
kde/kdetoys-3.3.1-s390-1.tgz: Upgraded to kdesdk-3.3.1.
kde/kdeutils-3.3.1-s390-1.tgz: Upgraded to kdeutils-3.3.1.
kde/kdevelop-3.1.1-s390-1.tgz: Upgraded to kdevelop-3.1.1.

Mon Oct 18 22:20:00 EDT 2004
gnome/gst-plugins-0.8.5-s390-1.tgz: Upgraded to gst-plugins-0.8.5.
gnome/gstreamer-0.8.7-s390-1.tgz: Upgraded to gstreamer-0.8.7.
kde/qt-3.3.3-s390-2.tgz: Recompiled. Note that this includes the change
       previously in /testing where the -> symlinks have
       been removed. (this shouldn't affect any recent binaries, but might
       break some old ones)
l/arts-1.3.1-s390-1.tgz: Upgraded to arts-1.3.1.
l/glib2-2.4.7-s390-1.tgz: Upgraded to glib-2.4.7.
l/gtk+2-2.4.13-s390-1.tgz: Upgraded to gtk+-2.4.13.
l/lesstif-0.93.96-s390-1.tgz: Upgraded to lesstif-0.93.96.
l/libidn-0.5.8-s390-1.tgz: Added libidn-0.5.8.
l/libxml2-2.6.14-s390-1.tgz: Upgraded to libxml2-2.6.14.
l/libxslt-1.1.11-s390-1.tgz: Upgraded to libxslt-1.1.11.
l/pango-1.6.0-s390-1.tgz: Upgraded to pango-1.6.0.
l/pcre-5.0-s390-1.tgz: Upgraded to pcre-5.0.
xap/imagemagick-6.1.0_5-s390-1.tgz: Upgraded to ImageMagick-6.1.0-5.
xap/xine-lib-1rc6a-s390-2.tgz: Recompiled against new libFLAC.

Tue Oct 12 22:03:00 EDT 2004
a/glibc-solibs-2.3.3-s390-2.tgz: Updated from CVS. Added the files
       in /usr/lib/gconv to glibc-solibs.
a/glibc-zoneinfo-2.3.3-noarch-2.tgz: Updated from CVS.
a/udev-035-s390-1.tgz: Upgraded to udev-035.
a/util-linux-2.12g-s390-2.tgz: Put the adjtimex docs in the
       proper directory.
d/doxygen- Upgraded to doxygen-
l/glibc-2.3.3-s390-2.tgz: Updated from CVS.
l/glibc-i18n-2.3.3-noarch-2.tgz: Updated from CVS.
n/getmail-4.2.2-noarch-1.tgz: Upgraded to getmail-4.2.2.
n/netatalk-2.0.0-s390-1.tgz: Upgraded to netatalk-2.0.0.
n/rsync-2.6.3-s390-1.tgz: Upgraded to rsync-2.6.3.
       From the rsync NEWS file:
       A bug in the sanitize_path routine (which affects a non-chrooted
       rsync daemon) could allow a user to craft a pathname that would get
       transformed into an absolute path for certain options (but not for
       file-transfer names). If you're running an rsync daemon with chroot
       disabled, *please upgrade*, ESPECIALLY if the user privs you run
       rsync under is anything above "nobody".
       Note that rsync, in daemon mode, sets the "use chroot" to true by
       default, and (in this default mode) is not vulnerable to this issue.
       I would strongly recommend against setting "use chroot" to false
       even if you've upgraded to this new package.
       (* Security fix *)
n/sendmail-8.13.1-s390-2.tgz: Recompiled with -DSOCKETMAP.
n/sendmail-cf-8.13.1-noarch-2.tgz: Rebuilt.
xap/fvwm-2.4.19-s390-1.tgz: Upgraded to fvwm-2.4.19.
xap/gaim-1.0.1-s390-1.tgz: Upgraded to gaim-1.0.1.

Fri Oct 8 02:15:00 EDT 2004
a/util-linux-2.12g-s390-1.tgz: Upgraded to util-linux-2.12g,
       adjtimex-1.20, and ziptool-1.4.0.
d/doxygen-1.3.9-s390-1.tgz: Upgraded to doxygen-1.3.9.
d/guile-1.6.5-s390-1.tgz: Upgraded to guile-1.6.5.
n/slrn- Upgraded to slrn-

Mon Oct 4 19:04:00 EDT 2004
ap/flac-1.1.1-s390-1.tgz: Upgraded to flac-1.1.1.
ap/vorbis-tools-1.0.1-s390-2.tgz: Recompiled against new libFLAC.
gnome/gst-plugins-0.8.1-s390-2.tgz: Recompiled against new libFLAC.
l/zlib-1.2.2-s390-1.tgz: Upgraded to zlib-1.2.2. This fixes a
       possible DoS in earlier versions of zlib-1.2.x.
       (* Security fix *)
n/dhcp-3.0.1-s390-1.tgz: Upgraded to dhcp-3.0.1.
n/getmail-4.2.0-noarch-1.tgz: Upgraded to getmail-4.2.0. Earlier
       versions contained a local security flaw when used in an insecure
       fashion (surprise, running something as root that writes to user-
       controlled files or directories could allow the old symlink attack
       to clobber system files! :-) From the getmail CHANGELOG:
       This vulnerability is not exploitable if the administrator does
       not deliver mail to the maildirs/mbox files of untrusted local
       users, or if getmail is configured to use an external
       unprivileged MDA. This vulnerability is not remotely exploitable.
       Most users would not use getmail in such as way as to be vulnerable
       to this flaw, but if your site does this package closes the hole.
       I'd also recommend not using getmail like this. Either run it as the
       user that owns the target mailbox, or deliver through an external MDA.
       (* Security fix *)
n/sendmail-8.13.1-s390-1.tgz: Upgraded to sendmail-8.13.1.
n/sendmail-cf-8.13.1-noarch-1.tgz: Upgraded to sendmail-8.13.1 configs.
xap/xmms-1.2.10-s390-2.tgz: Added arts_output-0.7.1 aRts output plugin.

Tue Sep 28 21:25:00 EDT 2004
a/gawk-3.1.4-s390-1.tgz: Upgraded to GNU gawk-3.1.4.
ap/mdadm-1.7.0-s390-1.tgz: Upgraded to mdadm-1.7.0.
xap/gkrellm-2.2.4-s390-1.tgz: Upgraded to gkrellm-2.2.4.

Mon Sep 27 14:25:00 EDT 2004
xap/gimp-2.0.5-s390-1.tgz: Upgraded to gimp-2.0.5

Sat Sep 25 14:30:00 EDT 2004
n/php-4.3.9-s390-1.tgz: Upgraded to php-4.3.9.
testing/packages/php-5.0.2/php-5.0.2-s390-1.tgz: Upgraded to php-5.0.2.

Fri Sep 24 17:40:00 EDT 2004
d/automake-1.9.2-noarch-1.tgz: Upgraded to GNU automake-1.9.2.
d/kernel-headers-2.4.27-s390-1.tgz: Upgraded to Linux 2.4.27 kernel headers.
d/libtool-1.5.10-s390-1.tgz: Upgraded to GNU libtool-1.5.10.
kde/koffice-1.3.3-s390-1.tgz: Upgraded to koffice-1.3.3.
l/gmp-4.1.4-s390-1.tgz: Upgraded to GNU gmp-4.1.4.
l/gtk+2-2.4.10-s390-1.tgz: Upgraded to gtk+-2.4.10. This fixes security
       issues in the image loader routines that can crash applications.
       (* Security fix *)
n/bind-9.3.0-s390-1.tgz: Upgraded to bind-9.3.0.
x/x11*6.8.1-s390-1.tgz: Upgraded to X.Org's X11R6.8.1 release.
xap/gaim-1.0.0-s390-1.tgz: Upgraded to gaim-1.0.0.
xap/mozilla-plugins-1.7.3-noarch-1.tgz: Changed plugin symlinks for
       Mozilla 1.7.3.
xap/xine-lib-1rc6a-s390-1.tgz: Upgraded to xine-lib-1-rc6a.
       This release fixes a few overflows that could have security implications.
       (* Security fix *)
xap/xsane-0.96-s390-1-1.tgz: Upgraded to xsane-0.96.
extra/k3b/k3b-i18n-0.11-noarch-2.tgz: Fixed path for locale files.
extra/k3b/k3b-0.11.17-s390-1.tgz: Upgraded to k3b-0.11.17.

Thu Sep 23 17:24:00 EDT 2004
a/pkgtools-10.0.0-s390-2.tgz: Changed the keyboard driver in the sample
       /etc/X11/xorg.conf files from "Keyboard" to "kbd".
ap/cups-1.1.21-s390-1-.tgz: Upgraded to cups-1.1.21. This fixes a flaw
       where a remote attacker can crash the CUPS server causing a denial of
       For more details, see:
       (* Security fix *)
ap/sudo-1.6.8p1-s390-1.tgz: Upgraded to sudo-1.6.8p1.
n/nail-11.7-s390-1.tgz: Upgraded to nail-11.7.
n/php-4.3.8-s390-2.tgz: Recompiled using --enable-exif in addition to
n/proftpd-1.2.10-s390-2.tgz: Fixed slack-desc.

Wed Sep 22 22:45:00 EDT 2004
a/kernel-default-2.4.27-s390-1.tgz: Upgraded to Linux 2.4.27 kernel.
a/kernel-modules-2.4.27-s390-1.tgz: Upgraded to Linux 2.4.27 kernel modules.
a/glibc-solibs-2.3.3-s390-1.tgz: Upgraded to glibc-2.3.3. This is from
       a CVS snapshot taken in early August. The official glibc-2.3.3 tarball
       was released in such an obsolete condition (a snapshot from 8 months ago)
       that I'd be surprised if any Linux distributions actually package it.
a/glibc-zoneinfo-2.3.3-noarch-1.tgz: Upgraded to glibc-2.3.3.
l/glibc-2.3.3-s390-1.tgz: Upgraded to glibc-2.3.3.
l/glibc-profile-2.3.3-s390-1.tgz: Upgraded to glibc-2.3.3 profile libs.
l/glibc-i18n-2.3.3-noarch-1.tgz: Upgraded to glibc-2.3.3 i18n files.
k/kernel-source-2.4.27-s390-1.tgz: Upgraded to Linux 2.4.27 kernel source.
extra/cpint-1.1.6_2.4.27-s390-1: Rebuilt against kernel 2.4.27 headers.

Tue Sep 21 19:44:00 EDT 2004
n/nmap-3.70-s390-2.tgz: Fixed missing docs translations.
xap/xlockmore-5.13-s390-1.tgz: Upgraded to xlockmore-5.13.
xap/xscreensaver-4.18-s390-1.tgz: Upgraded to xscreensaver-4.18.
xap/mozilla-1.7.3-s390-1.tgz: Upgraded to mozilla-1.7.3.
       The Mozilla page says this fixes some "minor security holes".
       It also breaks Galeon and Epiphany, and new versions of these have
       still not appeared. In light of this, I think it's time to remove
       these Gecko-based browsers. The future is going to be Firefox and
       Thunderbird anyway, and I don't believe Galeon and Epiphany can be
       compiled against Firefox's libraries.
       (* Security fix *)
xap/imagemagick-6.0.8_1-s390-1.tgz: Upgraded to ImageMagick-6.0.8-1.
       Removed spurious libtool library.

Sat Sep 18 19:00:00 EDT 2004
extra/kernel-default-2.4.21/kernel-default-2.4.21-s390-1.tgz: Moved from a/.
extra/kernel-modules-2.4.21/kernel-modules-2.4.21-s390-1.tgz: Moved from a/.
extra/kernel-source-2.4.21/kernel-source-2.4.21-s390-1.tgz: Moved from k/.

Fri Sep 17 17:59:00 EDT 2004
x/x11-6.7.0-s390-1.tgz: Upgraded to x11-6.7.0.
x/x11-devel-6.7.0-s390-1.tgz: Upgraded to x11-devel-6.7.0.
x/x11-docs-6.7.0-noarch-1.tgz: Upgraded to x11-docs-6.7.0.
x/x11-docs-html-6.7.0-noarch-1.tgz: Upgraded to x11-docs-html.
x/x11-fonts-100dpi-6.7.0-noarch-1.tgz: Upgraded to x11-fonts-100dpi-6.7.0.
x/x11-fonts-cyrillic-6.7.0-noarch-1.tgz: Upgraded to x11-fonts-cyrillic-6.7.0.
x/x11-fonts-misc-6.7.0-noarch-1.tgz: Upgraded to x11-fonts-misc-6.7.0.
x/x11-fonts-scale-6.7.0-noarch-1.tgz: Upgraded to x11-fonts-scale-6.7.0.
x/x11-xnest-6.7.0-s390-1.tgz: Upgraded to x11-xnest-6.7.0.
x/x11-xprt-6.7.0-s390-1.tgz: Upgraded to x11-xprt-6.7.0.
x/x11-xvfb-6.7.0-s390-1.tgz: Upgraded to x11-xvfb-6.7.0.

Wed Sep 15 22:05:00 EDT 2004

a/bash-3.0-s390-1.tgz: Upgraded to GNU bash-3.0.
a/reiserfsprogs-3.6.18-s390-1.tgz: Upgraded to reiserfsprogs-3.6.18.
ap/mysql-4.0.21-s390-1.tgz: Upgraded to mysql-4.0.21.
d/ccache-2.4-s390-1.tgz: Upgraded to ccache-2.4.
d/gdb-6.2.1-s390-1.tgz: Upgrade to gdb-6.2.1.
gnome/gnumeric-1.2.13-s390-1.tgz: Upgraded to gnumeric-1.2.13.
kde/kdeaccessibility-3.2.3-s390-1.tgz: Upgraded to kdeaccessibility-3.2.3.
kde/kdeaddons-3.2.3-s390-1.tgz: Upgraded to kdeaddons-3.2.3.
kde/kdeadmin-3.2.3-s390-1.tgz: Upgraded to kdeadmin-3.2.3.
kde/kdeartwork-3.2.3-s390-1.tgz: Upgraded to kdeartwork-3.2.3.
kde/kdebase-3.2.3-s390-1.tgz: Upgraded to kdebase-3.2.3.
kde/kdebindings-3.2.3-s390-1.tgz: Upgraded to kdebindings-3.2.3.
kde/kdeedu-3.2.3-s390-1.tgz: Upgraded to kdeedu-3.2.3.
kde/kdegames-3.2.3-s390-1.tgz: Upgraded to kdegames-3.2.3.
kde/kdegraphics-3.2.3-s390-1.tgz: Upgraded to kdegraphics-3.2.3.
kde/kdelibs-3.2.3-s390-1.tgz: Upgraded to kdelibs-3.2.3.
kde/kdemultimedia-3.2.3-s390-1.tgz: Upgraded to kdemultimedia-3.2.3.
kde/kdenetwork-3.2.3-s390-1.tgz: Upgraded to kdenetwork-3.2.3.
kde/kdepim-3.2.3-s390-1.tgz: Upgraded to kdepim-3.2.3.
kde/kdesdk-3.2.3-s390-1.tgz: Upgraded to kdesdk-3.2.3.
kde/kdetoys-3.2.3-s390-1.tgz: Upgraded to kdetoys-3.2.3.
kde/kdeutils-3.2.3-s390-1.tgz: Upgraded to kdeutils-3.2.3.
kde/kdevelop-3.0.4-s390-1.tgz: Upgraded to kdevelop-3.0.4.
kde/koffice-1.3.2-s390-1.tgz: Upgraded to koffice-1.3.2.
kde/quanta-3.2.3-s390-1.tgz: Upgraded to quanta-3.2.3.
l/arts-1.2.3-s390-2.tgz: Rebuilt.
l/libpng-1.2.7-s390-1.tgz: Upgraded to libpng-1.2.7.
l/taglib-1.3-s390-1.tgz: Upgraded to taglib-1.3.
n/dnsmasq-2.14-s390-1.tgz: Upgraded to dnsmasq-2.14.
n/getmail-4.1.5-noarch-1.tgz: Upgraded to getmail-4.1.5.
n/samba-3.0.7-s390-1.tgz: Upgraded to samba-3.0.7.
       This fixes two Denial of Service vulnerabilities.
       For more details, see:
       (* Security fix *)
xap/imagemagick-6.0.7_3-s390-1.tgz: Upgraded to ImageMagick-6.0.7-3.
testing/packages/kde-3.3/kdepim-3.3.0-s390-1.tgz: Upgraded to kdepim-3.3.0.
testing/packages/kde-3.3/kdeaddons-3.3.0-s390-1.tgz: Upgraded to kdeaddons-3.3.0.
testing/packages/kde-3.3/kdebindings-3.3.0-s390-1.tgz: Upgraded to kdebindings-3.3.0.
testing/packages/kde-3.3/kdewebdev-3.3.0-s390-2.tgz: Upgraded to kdewebdev-3.3.0.
testing/packages/kde-3.3/qt-3.3.3-s390-1.tgz: Removed the -> symlinks. These were a kludge added to help
       run third party binaries that link with libqt rather than libqt-mt,
       but now it's breaking things like the kdebindings build. The symlinks
       were meant to allow some time to transition to the threaded Qt without
       breaking existing apps. Hopefully not many broken apps are still left.

Wed Sep 15 01:10:00 EDT 2004
testing/packages/kde-3.3/kde/*.tgz: Rebuilt all KDE packages, and
       fixed a couple build problems with kdemultimedia and kdebindings.
testing/packages/gcc-3.4.2/gcc*-3.4.2-s390-1.tgz: Upgraded to gcc-3.4.2.

Sun Sep 12 23:50:00 EDT 2004
ap/cdrtools-2.01-s390-1.tgz: Upgraded to cdrtools-2.01 and
ap/dvd+rw-tools- Upgraded to
l/aspell-0.60-s390-1.tgz: Upgraded to GNU aspell-0.60
l/aspell-en-6.0_0-noarch-2.tgz: Upgraded to aspell6-en-6.0-0.
       (Since all the word list packages needed to be rebuilt, but not
       all had upgraded versions, they were all given a build of '2')
n/openssh-3.9p1-s390-1.tgz: Upgraded to openssh-3.9p1.
xap/fluxbox-0.9.10-s390-1.tgz: Upgraded to fluxbox-0.9.10.
       This is the development version, but they say it's stable, so
       I'll defer to upstream judgement.
extra/aspell-word-lists/: Rebuilt all word lists, and added many
       new ones.
       Upgraded to bash-completion-20040711.

Sun Sep 12 01:35:00 EDT 2004
kde/qt-3.3.3-s390-1.tgz: Upgraded to qt-3.3.3.
       This fixes bugs in the image loading routines which could be
       used by an attacker to run unauthorized code or create a
       For more details, see:
       (* Security fix *)
l/arts-1.3.0-s390-1.tgz: Upgraded to arts-1.3.0.
pasture/fluxbox-0.1.14-s390-1.tgz: Moved to /pasture.
       This is still officially the current stable version, but the
       developers say it's old and unmaintained, so off to /pasture it goes.
testing/packages/kde-3.3/: Added KDE 3.3. This is in testing/ because of
       a few problems Pat had with it (like crashes on logout, and no anti-
       aliased fonts no matter what kpersonalizer settings are chosen).
       I think it's a good idea to test it for a while and wait for patches
       (or for kde-3.3.1). Oh, I'm also getting requests to add libidn, which
       kde-3.3 apparently can use for jabber support, but libidn contains the
       following warning in README-alpha:
       As a result, I haven't added libidn yet. I haven't ruled it out entirely
       either, but it's hard to get past a warning like that...

Fri Sep 10 21:10:00 EDT 2004
a/glibc-solibs-2.3.2-s390-2.tgz: Recompiled using 'strip -g' rather than
       'strip --strip-unneeded' to avoid stripping symbols that are needed for
       debugging threads.
a/glibc-zoneinfo-2.3.2-s390-2.tgz: Rebuilt.
d/m4-1.4.2-s390-1.tgz: Upgraded to GNU m4-1.4.2.
l/glib2-2.4.6-s390-1.tgz: Upgraded to glib-2.4.6.
l/glibc-2.3.2-s390-2.tgz: Recompiled using 'strip -g'.
l/glibc-i18n-2.3.2-s390-2.tgz: Recompiled.
l/gtk+2-2.4.9-s390-1.tgz: Upgraded to gtk+-2.4.9.
n/gnupg-1.2.6-s390-1.tgz: Upgraded to gnupg-1.2.6.
n/inetd-1.79s-s390-2.tgz: Added a vsftpd example to /etc/inetd.conf.
n/lftp-3.0.7-s390-1.tgz: Upgraded to lftp-3.0.7.
n/nmap-3.70-s390-1.tgz: Upgraded to nmap-3.70.
n/vsftpd-2.0.1-s390-1.tgz: Added vsftpd as Slackware's new default ftpd.
       This may not have the rich feature set of ProFTPD, but simple is
       probably more secure.
extra/glibc-extra-packages/glibc-debug-2.3.2-s390-2.tgz: Recompiled.
extra/glibc-extra-packages/glibc-profile-2.3.2-s390-2.tgz: Recompiled.

Wed Sep 8 01:45:00 EDT 2004
ap/alsa-utils-1.0.6-s390-1.tgz: Upgraded to alsa-utils-1.0.6.
ap/zsh-4.2.1-s390-1.tgz: Upgraded to zsh-4.2.1.
l/alsa-lib-1.0.6-s390-1.tgz: Upgraded to alsa-lib-1.0.6.
l/alsa-oss-1.0.6-s390-1.tgz: Upgraded to alsa-oss-1.0.6.
l/glibc-2.3.2-s390-1.tgz: Upgraded to glibc-2.3.2.
n/iptables-1.2.11-s390-1.tgz: Upgraded to iptables-1.2.11.

Mon Sep 6 00:15:00 EDT 2004
a/hdparm-5.7-s390-1.tgz: Upgraded to hdparm-5.7.
a/procps-3.2.3-s390-1.tgz: Upgraded to procps-3.2.3.
d/automake-1.9.1-noarch-1.tgz: Upgraded to automake-1.9.1.
d/gdb-6.2-s390-1-upgraded.tgz: Upgraded to gdb-6.2.
d/libtool-1.5.8-s390-1.tgz: libtool-1.5.8.
kde/kdebindings-3.2.1-s390-3.tgz: Recompiled for perl-5.8.5.
l/libpng-1.2.6-s390-1.tgz: Upgraded to libpng-1.2.6.
l/pango-1.4.1-s390-1.tgz: Upgraded to pango-1.4.1.
n/curl-7.12.1-s390-1.tgz: Upgraded to curl-7.12.1.
n/dnsmasq-2.10-s390-1.tgz: Upgraded to dnsmasq-2.10.
n/irssi-0.8.9-s390-2.tgz: Recompiled for perl-5.8.5.
n/nail-11.3-s390-1.tgz: Upgraded to nail-11.3.
n/ncftp-3.1.8-s390-1.tgz: Upgraded to ncftp-3.1.8.
xap/imagemagick-6.0.6_2-s390-1.tgz: Upgraded to ImageMagick-6.0.6-2.
xap/xchat-2.0.10-s390-1.tgz: Upgraded to xchat-2.0.10.

Sun Sep 5 02:00:00 EDT 2004
d/perl-5.8.5-s390-1.tgz: Upgraded to perl-5.8.5.
gnome/galeon-1.3.17-s390-1.tgz: Upgraded to galeon-1.3.17.

Sat Sep 4 18:50:00 EDT 2004
gnome/totem- Upgraded to totem-
xap/xfce-4.0.6-s390-1.tgz: Upgraded to xfce-4.0.6.
xap/xine-lib-1rc5-s390-1.tgz: Upgraded to xine-lib-1-rc5.
xap/xine-ui-0.99.2-s390-1.tgz: Upgraded to xine-ui-0.99.2.

Mon Aug 30 16:52:00 EDT 2004
n/samba-3.0.6-s390-1.tgz: Upgraded to samba-3.0.6.
xap/gimp-2.0.4-s390-1.tgz: Upgraded to gimp-2.0.4.
xap/xsane-0.94-s390-1.tgz: Upgraded to xsane-0.94.

Sun Aug 29 22:19:00 EDT 2004
ap/gimp-print-4.2.7-s390-1.tgz: Upgraded to gimp-print-4.2.7.
d/distcc-2.17.1-s390-1.tgz: Upgraded to distcc-2.16.
d/doxygen-1.3.8-s390-1.tgz: Upgraded to doxygen-1.3.8.
l/glib2-2.4.5-s390-1.tgz: Upgraded to glib-2.4.4.
l/gtk+2-2.4.4-s390-1.tgz: Upgraded to gtk+-2.4.4.
n/getmail-4.1.1-noarch-1.tgz: Upgraded to getmail-4.0.0.
n/mod_ssl-2.8.19_1.3.31-s390-1.tgz: Upgraded to mod_ssl-2.8.19-1.3.31.
       This fixes a security hole (ssl_log() related format string
       vulnerability in mod_proxy hook functions), so sites using mod_ssl
       should upgrade to the new version. Be sure to back up your existing
       key files first.
       (* Security fix *)

Sat Aug 28 22:13:00 EDT 2004
xap/gaim-0.82.1-s390-1.tgz: Upgraded to gaim-0.82.1-s390-1.

Thu Aug 26 12:37:21 EDT 2004
kde/koffice-1.3.2-s390-1.tgz: Upgraded to koffice-1.3.2.
kdei/koffice-i18n-*.tgz: Upgraded to koffice-i18n-1.3.2.

Tue Aug 24 19:39:23 EDT 2004
n/imapd-4.61-s390-1.tgz: Upgraded to IMAP4rev1 2004.352 from pine4.61.
n/php-4.3.8-s390-1.tgz: Upgraded to php-4.3.8.
       This release fixes two security problems in PHP (memory_limit handling and
       a problem in the strip_tags function). Sites using PHP should upgrade.
       For more details, see:
       (* Security fix *)
n/pine-4.61-s390-1.tgz: Upgraded to pine4.61.
xap/gaim-0.81-s390-1.tgz: Upgraded to gaim-0.81 and gaim-encryption-2.28.
testing/packages/php-5.0.0/php-5.0.0-s390-1.tgz: Added php-5.0.0.

Sun Aug 22 17:45:00 EDT 2004
ap/sox-12.17.4-s390-2.tgz: Patched buffer overflows that could allow
       a malicious WAV file to execute arbitrary code.
       (* Security fix *)
l/libpng-1.2.5-s390-2.tgz: Patched possible security issues including
       buffer and integer overflows and null pointer references. These
       issues could cause program crashes, or possibly allow arbitrary code
       embedded in a malicious PNG image to execute. The PNG library is
       widely used within the system, so all sites should upgrade to the
       new libpng package.
       For more details, see:
       (* Security fix *)
n/samba-3.0.5-s390-1.tgz: Upgraded to samba-3.0.5.
       This fixes a buffer overflow in SWAT and another in the code supporting
       the 'mangling method = hash' smb.conf option (which is not the default).
       For more details, see:
       (* Security fix *)
xap/imagemagick-6.0.4_3-s390-1.tgz: Upgraded to ImageMagick-6.0.4-3.
       Fixes PNG security issues.
       (* Security fix *)
xap/mozilla-1.7.2-s390-1.tgz: Upgraded to Mozilla 1.7.2. This fixes three
       security vulnerabilities. For details, see:
       (* Security fix *)
xap/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks for Mozilla

Wed Jul 07 10:34:56 EDT 2004
Slackware 10.0 (Intel) is released. Thanks to everyone who helped out!

Slackware™ is a trademark of Patrick Volkerding.