NEWLOG VERSION 1.0.4 IS NOW AVAILABLE

----------------------------------------------------------------------

newlog should be available from:

ftp://ftp.cs.columbia.edu/pub/sos/lib
ftp://ftp.soscorp.com/pub/sos/lib

and other SOS mirrors.

----------------------------------------------------------------------

newlog is a replacement syslog(3) library (which includes snprintf(3))
to fix the vulnerability of standard syslog(3) to a buffer-overflow
attack.  People have constructed exploit programs which use this
vulnerability to break into machines.

Programs which are recompiled using this replacement syslog(3) should
NOT be vulnerable to this attack or any derivative of this attack.

----------------------------------------------------------------------

newlog version 1.0.4 works on SunOS, Solaris, IRIX, BSDI, and NeXT.
It probably works on many other operating systems as well.

----------------------------------------------------------------------
Changes from 1.0.3 to 1.0.4

CERT provided compiler portability fixes (basically for pcc and acc C
compilers).

----------------------------------------------------------------------
Changes from 1.0.2 to 1.0.3

Append [ TRUNCATED ] to provide visable warning of someone trying to
exploit this hole--suggested by CERT.

----------------------------------------------------------------------
Changes from 1.0.1 to 1.0.2

NeXT support, better Irix support for Irix funkiness.

----------------------------------------------------------------------
Change from 1.0 to 1.0.1

Give __dtoa a unique prefix to avoid conflicts.

Various changes to make this a more formal package.

----------------------------------------------------------------------