diff --git a/CHANGELOG b/CHANGELOG
index 99c8dff51..ea4a04718 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,9 +2,9 @@
 
 4.69BETA1
 
-o Removed the nselib-bin directory. The last remaining shared NSE
-  module, bit, has been made static. Shared modules were broken for
-  static builds of Nmap, such as those in the RPMS. [David]
+o zenmap scan inventory place holder.
+
+o zenmap radialnet integration place holder.
 
 o Expanded nmap-services to include information on how frequently each
   port number is found open.  The results were generated by scanning
@@ -28,6 +28,36 @@ o The --top-ports option lets you specify the number of ports you wish
   (out of 65,536 possible) finds roughly 93% of the open TCP ports and
   more than 95% of the open UDP ports. [Fyodor]
 
+o David integrated all of your OS detection fingerprint and correction
+  submissions from March 11 until mid-July.  In the process we reached
+  the 1500-signature milestone for the 2nd generation OS detection
+  system. We can now detect the newest iPhones, Linux 2.6.25, OS X
+  Darwin 9.2.2, Windows Vista SP1, and even the Nintendo Wii. Nmap now
+  has 1,503 signatures, vs. 1,320 in 4.68. Integration is now faster
+  and more pleasant thanks to the new OSassist application developed
+  by Nmap SoC student Michael Pattrick. See
+  http://seclists.org/nmap-dev/2008/q3/0089.html and
+  http://seclists.org/nmap-dev/2008/q3/0139.html for more details.
+
+o Nmap now works with Windows 2000 again, after version 4.68 was
+  broken on that platform due to the Windows IPv6 support added in
+  4.65.  A couple new dependencies are required to run on Win2K, as
+  described at http://nmap.org/book/inst-windows.html#inst-win2k .
+
+o Added a context-sensitive help system to the Zenmap Profile Editor.
+  You can now mouse-over options to learn more about what they are
+  used for and the proper argument syntax. [Jurand Nogiec]
+
+o When Nmap finds a probe during ping scan which elicits a response,
+  it now saves that information for the port scan and later phases.
+  It can then "ping" the host with that probe as necessary to collect
+  timing information even if the host is not responding to the normal
+  port scan packets. A number of other "port scan ping" system
+  improvements were made at the same time to improve performance
+  against firewalled hosts. For full details, see
+  http://seclists.org/nmap-dev/2008/q3/0647.html [David, Michael,
+  Fyodor]
+
 o Added dns-safe-recursion-port and dns-safe-recursion-txid (non
   default NSE scripts) which use the 3rd party dns-oarc.net lookup to
   test the source port and transaction ID randomness of discovered DNS
@@ -35,10 +65,6 @@ o Added dns-safe-recursion-port and dns-safe-recursion-txid (non
   which test for the "Kaminsky" DNS bugs, were contributed by Brandon
   Enright.
 
-o Added a context-sensitive help system to the Zenmap Profile Editor.
-  You can now mouse-over options to learn more about what they are
-  used for and the proper argument syntax. [Jurand Nogiec]
-  
 o Fyodor made a number of performance tweaks, such as:
   o increase host group sizes in many cases, so Nmap will now commonly
     scan 64 hosts at a time rather than 30
@@ -50,6 +76,33 @@ o Fyodor made a number of performance tweaks, such as:
     receiving enough responses to normal scan to properly calculate
     timing variables and detect packet drops.
 
+o Added a new NSE binlib library, which offers bin.pack() and
+  bin.unpack() functions for dealing with storing values in and
+  extracting them from binary strings.  For details, see
+  http://nmap.org/book/nse-library.html#nse-binlib . [Philip
+  Pickering]
+
+o Added a new NSE DNS library. See this thread:
+  http://seclists.org/nmap-dev/2008/q3/0310.html [Philip Pickering]
+
+o Added new NSE libraries for base64 encoding, SNMP, and POP3 mail
+  operations.  They are described at
+  http://seclists.org/nmap-dev/2008/q3/0233.html . [Philip Pickering]
+
+o Added NSE scripts popcapa (retrieves POP3 server capabilities) and
+  brutePOP3 (brute force POP3 authentication cracker) which make use
+  of the new POP3 library. [Philip Pickering]
+
+o Added the SNMPcommunitybrute NSE script, which is a brute force
+  community string cracker. Also modified SNMPsysdescr to use the new
+  SNMP library. [Philip Pickering]
+
+o Fixed the SMTPcommands script so that it can't return multiple
+  values (which was causing problems). Thanks to Jah for tracking down
+  the problem and sending a fix for SMTPcommands. Then Patrick fixed
+  NSE so it can handle misbehaving scripts like this without causing
+  mysterious side effects.
+
 o Added a new NSE Unpwdb (username/password database) library for
   easily obtaining usernames or passwords from a list.  The functions
   usernames() and passwords() return a closure which returns a new
@@ -64,10 +117,6 @@ o A new --max-rate option was added, which complements --min-rate. It
   allows you to specify the maximum byte rate that Nmap is allowed to
   send packets. [David]
 
-o Enabled nmap to switch between multiple types of timing pings during
-  port scanning. The order preferences of timing probes were also
-  improved.  This speeds up scans against certain firewalled hosts. [Michael]
-
 o Added --ip-options support for the connect() scan (-sT). [Kris]
 
 o Nsock now supports binding to a local address and setting IPv4
@@ -86,6 +135,12 @@ o Improve the nebtios-smb-os-discovery NSE script to improve target
   port selection and to also decode the system's timestamp from an SMB
   response. [Ron at SkullSecurity]
 
+o Nmap now avoids collapsing large numbers of ports in open|filtered
+  state (e.g. just printing that 500 ports are in that state rather
+  than listing them individually) if verbosity or debugging levels are
+  greater than two.  See this thread:
+  http://seclists.org/nmap-dev/2008/q3/0312.html . [Fyodor]
+
 o The NSE http library now supports chunked encoding. [Sven Klemm]
 
 o The NSE datafiles library now has generic file parsing routines, and
@@ -97,14 +152,26 @@ o The NSE datafiles library now has generic file parsing routines, and
 o Added some Windows and MinGW compatibility patches submitted by
   Gisle Vanem.
 
+o Improved nse_init so that compilation/runtime errors in NSE scripts
+  no longer cause the script engine to abort. [Patrick]
+
 o Fix a cosmetic bug in --script-trace hex dump output which resulting
   in bytes with the highest bit set being prefixed with ffffff. [Sven
   Klemm]
 
+o Removed the nselib-bin directory. The last remaining shared NSE
+  module, bit, has been made static by Patrick. Shared modules were
+  broken for static builds of Nmap, such as those in the RPMS. We also
+  had the compilation problems (particularly on OpenBSD) with shared
+  modules which lead us to make PCRE static a while back. [David]
+
 o Updated rpcinfo NSE script to use the new pack/unpack (binlib)
   functions, use the new tab library, include better documentation, and
   fix some bugs. [Sven Klemm]
 
+o Add useful details to the error message printed when an NSE script
+  fails to load (due to syntax error, etc.) [Patrick]
+
 o Fix a bug in the NSE http library which would cause some scripts to
   give the error: SCRIPT ENGINE: C:\Program
   Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil
@@ -118,6 +185,10 @@ o Added new addrow() function to NSE tab library.  It allows
   developers to add a whole row at once rather than doing a separate
   add() call for each column in a row. [Sven Klemm]
 
+o Completion time estimates provided in verbose mode or when you hit a
+  key during scanning are now more accurate thanks to algorithm
+  improvements by David.
+
 o Fixed a number of NSE scripts which used print_debug()
   incorrectly. See
   http://seclists.org/nmap-dev/2008/q3/0470.html. [Sven Klemm].
@@ -162,7 +233,17 @@ o [NSE] Each thread for a script now gets its own action closure (and
 o [NSE] The script_scan_result structure has been changed to a class,
   ScriptResult, which now holds a Script's output in an std::string.
   This removes the need to use malloc and free to manage this memory.
-  A similar change was made to the runlevel structure. [Patrick]
+  A similar change was made to the run_record structure. [Patrick]
+
+o [NSE] Fixed a socket exhaustion deadlock which could prevent a
+  script scan from ever finishing. Now, rather than limit the total
+  number of sockets which can be open, we limit the number of scripts
+  which can have sockets open at once.  And once a script has one
+  socket opened, it is permitted to open as many more as it
+  needs. [Patrick]
+
+o A hashing library (code from OpenSSL) was added to NSE.  hashlib
+  contains md5 and sha1 routines. [Philip Pickering]
 
 o Fixed host discovery probe matching when looking at the returned TCP
   data in an ICMP error message.  This could formerly lead to
@@ -191,6 +272,10 @@ o Some Zenmap crashes have been fixed: trying to "refresh" the output
 o The file selector in Zenmap now remembers what directory it was last
   looking at. [David]
 
+o Added an extra layer of validity checking to received packets
+  (readip_pcap), just to be extra safe. See
+  http://seclists.org/nmap-dev/2008/q3/0644.html . [Kris]
+
 o Zenmap defaults to showing files matching both *.xml and *.usr in
   the file selector. Previously it only showed those matching *.usr.
   The new combined format will be XML and .usr will be deprecated.
@@ -202,10 +287,14 @@ o Nmap avoids printing the sending rate in bytes per second during a
   0.00 bytes / s.  Now it will print simply print rates like "11248.85
   packets / s". [David]
 
-o Nmap's installation process now install menu items for launching
-  zenmap as a privileged or non-privileged process on Linux. This will
-  mainly effect people who install nmap and zenmap directly from the
-  source code. [Michael]
+o Nmap's installation process now include .desktop files which install
+  menu items for launching Zenmap as a privileged or non-privileged
+  process on Linux. This will mainly effect people who install nmap
+  and zenmap directly from the source code. [Michael]
+
+o Improved performance of IP protocol scan by fixing a bug related to
+  timing calculations on ICMP probe responses.  See r8754 svn log for
+  full details. [David]
 
 o Nmap no longer misreports a localhost-response during -PN scans
   [Michael]
@@ -228,16 +317,29 @@ o The loading of the nmap-services file has been made much
   for the new (much larger) frequency augmented nmap-services
   file. [David]
 
+o Added a script (ASN.nse) which uses Team Cymru's DNS interface to
+  determine the routing AS numbers of scanned IP addresses.  They even
+  set up a special domain just for Nmap queries.  The script is still
+  experimental and non-default. [Michael]
+
 o The shtool build helper script has been updated to version 2.0.8. An
   older version of shutil caused installation to fail when the locale
   was set to et_EE. Thanks to Michal Januszewski for the bug
   report. [David]
 
+o Unprintable characters in NSE script output (which really shouldn't
+  happen anyway) are now printed like \xHH, where HH is the
+  hexadecimal representation of the character. See
+  http://seclists.org/nmap-dev/2008/q3/0180.html . [Patrick]
+
 o Nmap sometimes sent packets with incorrect IP checksums,
   particularly when sending the UDP probes in OS detection. This has
   been fixed. Thanks to Gisle Vanem for reporting and investigating the
   bug. [David]
 
+o Fixed the --without-liblua configure option so that it works
+  again. [David]
+
 o In the interest of forward compatibility, the xmloutputversion
   attribute in Nmap XML output is no longer constrained to be a
   certain string ("1.02"). The xmloutputversion should be taken as