Sat Jun 22 12:10:05 PDT 2002 libsafe.tgz: Added libsafe, a library that intercepts and prevents buffer overflow attacks such as the Apache chunking issue. If you are continuing to run a Slackware 7.0 machine that is exposed to the Internet, you would be well advised to install this. ------------------------------ Sat Dec 25 21:22:30 CST 1999 sc.tgz: This updates the sc spreadsheet program to version 7.1. If you use sc, you'll need to upgrade to this package for Y2K compliance. Older versions are unable to accept dates after December 31, 1999. Thanks to Chuck Martin for contributing this fix. :^) ------------------------------ Thu Dec 16 21:34:31 CST 1999 pine.tgz, imapd.tgz: Added from slackware-current. (these were missing) nfs-server.tgz: Fixed silly installation script bug. ------------------------------ Sat Nov 27 18:56:05 CST 1999 bind.tgz: (urgency: high) (* SECURITY FIX *) Upgraded to bind-8.2.2-P5. This fixes a vulnerability in the processing of NXT records that can be used in a DoS attack or (theoretically) be exploited to gain access to the server. It is suggested that everyone running bind upgrade to this package as soon as possible. nfs-server.tgz: (urgency: high) (* SECURITY FIX *) Upgraded to nfs-server-2.2beta47, to fix a security problem with the version that shipped with Slackware 7.0 (nfs-server-2.2beta46). By using a long pathname on a directory NFS mounted read-write, it may be possible for an attacker to execute arbitrary code on the server. It is recommended that everyone running an NFS server upgrade to this package immediately. pine.tgz (urgency: medium), imapd.tgz (urgency: medium): The Pine that shipped with 7.0 had the known issue of pine.conf being looked for in /usr/local/lib, instead of /usr/lib/pine. This package patches that to make it look for pine.conf in /usr/lib/pine, as well as upgrading to Pine 4.21, which includes a non-buggy and non-beta (some users still reported problems with imap 4.7beta) version of imapd. raidtool.tgz: (urgency: high, if you use RAID :) Add missing symbolic links: ln -s /sbin/mdadd /sbin/mdrun ln -s /sbin/mdadd /sbin/mdstop sh_utils.tgz: (urgency: low) Move /usr/bin/sleep to /bin/sleep, make a symlink in /usr/bin to make metamail's audiocompose happy. (sysklogd: Slackware 7.0 is not affected by the recently announced problems with some versions of sysklogd on Linux, so there is no upgrade package required for sysklogd on Slackware 7.0) sysvinit.tgz: (urgency: low) Carry a 512 byte entropy pool between reboots in /etc/random-seed. This improves the security of anything using /dev/urandom as an entropy source. Also, try to shut down RAID devices in /etc/rc.d/rc.6 if we see that an /etc/mdtab exists on the system. write.tgz: (urgency: medium -- fixes /usr/bin/write) There were two versions of write in Slackware 7.0. The one with util-linux and the one with netkit. The netkit one would overwrite the util-linux one since the N series comes after the A series. The one with netkit doesn't so much work right with 7.0, like if you do this: echo "hejaz" | write tad It would produce this error: Where are you? The one with util-linux works just fine, so this package just reinstalls the /usr/bin/write that comes with util.tgz. You could also reinstall that package to get the same fix. wuftpd.tgz: (urgency: low -- fixes ftpwho) wu-ftpd-2.6.0 as shipped in the tcpip1.tgz package included with Slackware 7.0 has a broken version of /usr/bin/ftpwho that produces this sort of output: Service class local: - 0 users ( 20 maximum) Service class remote: 1 ? S 0:02 init [3] - 1 users (100 maximum) Installing this package will fix ftpwho so that the output looks more like this: Service class local: - 0 users ( 20 maximum) Service class remote: 27756 ? S 0:00 ftpd: zap.slackware.com: volkerdi: IDLE - 1 users (100 maximum) ------------------------------