Sat Jun 22 12:10:05 PDT 2002

Sat Jun 22 12:10:05 PDT 2002
libsafe.tgz: Added libsafe, a library that intercepts and prevents buffer
overflow attacks such as the Apache chunking issue. If you are
continuing to run a Slackware 7.0 machine that is exposed to the
Internet, you would be well advised to install this.
------------------------------
Sat Dec 25 21:22:30 CST 1999
sc.tgz: This updates the sc spreadsheet program to version 7.1. If you use
sc, you'll need to upgrade to this package for Y2K compliance. Older
versions are unable to accept dates after December 31, 1999.
Thanks to Chuck Martin for contributing this fix. :^)
------------------------------
Thu Dec 16 21:34:31 CST 1999
pine.tgz, imapd.tgz: Added from slackware-current. (these were missing)
nfs-server.tgz: Fixed silly installation script bug.
------------------------------
Sat Nov 27 18:56:05 CST 1999
bind.tgz: (urgency: high) (* SECURITY FIX *)
Upgraded to bind-8.2.2-P5. This fixes a vulnerability in the processing of
NXT records that can be used in a DoS attack or (theoretically) be exploited
to gain access to the server. It is suggested that everyone running bind
upgrade to this package as soon as possible.
nfs-server.tgz: (urgency: high) (* SECURITY FIX *)
Upgraded to nfs-server-2.2beta47, to fix a security problem with the version
that shipped with Slackware 7.0 (nfs-server-2.2beta46). By using a long
pathname on a directory NFS mounted read-write, it may be possible for an
attacker to execute arbitrary code on the server. It is recommended that
everyone running an NFS server upgrade to this package immediately.
pine.tgz (urgency: medium),
imapd.tgz (urgency: medium): The Pine that shipped with 7.0 had the known
issue of pine.conf being looked for in /usr/local/lib, instead of
/usr/lib/pine. This package patches that to make it look for pine.conf in
/usr/lib/pine, as well as upgrading to Pine 4.21, which includes a non-buggy
and non-beta (some users still reported problems with imap 4.7beta) version
of imapd.
raidtool.tgz: (urgency: high, if you use RAID :)
Add missing symbolic links:
ln -s /sbin/mdadd /sbin/mdrun
ln -s /sbin/mdadd /sbin/mdstop
sh_utils.tgz: (urgency: low) Move /usr/bin/sleep to /bin/sleep, make a
symlink in /usr/bin to make metamail's audiocompose happy.
(sysklogd: Slackware 7.0 is not affected by the recently announced problems
with some versions of sysklogd on Linux, so there is no upgrade package
required for sysklogd on Slackware 7.0)
sysvinit.tgz: (urgency: low) Carry a 512 byte entropy pool between reboots in
/etc/random-seed. This improves the security of anything using /dev/urandom
as an entropy source. Also, try to shut down RAID devices in /etc/rc.d/rc.6
if we see that an /etc/mdtab exists on the system.
write.tgz: (urgency: medium -- fixes /usr/bin/write)
There were two versions of write in Slackware 7.0. The one with util-linux
and the one with netkit. The netkit one would overwrite the util-linux one
since the N series comes after the A series. The one with netkit doesn't
so much work right with 7.0, like if you do this:

echo "hejaz" | write tad

It would produce this error:

Where are you?

The one with util-linux works just fine, so this package just reinstalls the
/usr/bin/write that comes with util.tgz. You could also reinstall that
package to get the same fix.
wuftpd.tgz: (urgency: low -- fixes ftpwho)
wu-ftpd-2.6.0 as shipped in the tcpip1.tgz package included with Slackware
7.0 has a broken version of /usr/bin/ftpwho that produces this sort of
output:

Service class local:
- 0 users ( 20 maximum)
Service class remote:
1 ? S 0:02 init [3]
- 1 users (100 maximum)

Installing this package will fix ftpwho so that the output looks more like
this:

Service class local:
- 0 users ( 20 maximum)
Service class remote:
27756 ? S 0:00 ftpd: zap.slackware.com: volkerdi: IDLE
- 1 users (100 maximum)

------------------------------