Xlockmore - fixed version out

[Alan Cox <alan@cymru.net>]

The new xlockmore is out. The security fix is important to anyone with
a setgid or setuid  (eg shadow) variant of it.

Please can those linux vendors affected upgrade and let me know so I can add
the upgrade info to the cert advisory

>From bagleyd@americas.sun.sed.monmouth.army.mil Thu Apr 24 16:51:14 1997
Return-Path: bagleyd@americas.sun.sed.monmouth.army.mil
Received: from americas (americas-bbone.sun.sed.monmouth.army.mil [192.188.206.34]) by snowcrash.cymru.net (8.8.5-q-beta3/8.7.1) with SMTP id QAA12045 for <alan@cymru.net>; Thu, 24 Apr 1997 16:49:03 +0100
Received: from java.sed.monmouth.army.mil by americas (SMI-8.6/SMI-SVR4)
	id LAA22680; Thu, 24 Apr 1997 11:49:46 -0400
Received: by java.sed.monmouth.army.mil (SMI-8.6/SMI-SVR4)
	id LAA17450; Thu, 24 Apr 1997 11:47:10 -0400
From: bagleyd@americas.sun.sed.monmouth.army.mil (David Bagley x21081)
Message-Id: <199704241547.LAA17450@java.sed.monmouth.army.mil>
Subject: xlockmore-4.02 released
To: alan@cymru.net
Date: Thu, 24 Apr 1997 11:47:10 -0400 (EDT)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Status: RO

Hi

  You asked by way of Dirk (xlockmore maintainer for Debian) to be
informed of the new xlock release... here it is.

If you would like to be informed of future releases just let me know.


xlockmore-4.02 released


I am attempting to put it on ftp.x.org in the  /contrib/INCOMING later
to be moved out to /contrib/applications  I have problems getting in
at the momment.

I put it sunsite.unc.edu, and it is easier to get into.  Its in the
/incoming/Linux later to be moved out to /pub/Linux/X11/xutils/screensavers

Currently its also at my web site.
Unfortunately I don't have enough disk space there to keep it there.
Tomorrow's  ( :) ) new alpha version will cause me to delete this.

GL modes will bomb out after running a while (about an hour and a half)
  please note that "-duration 1" stress tests it...  This is due to a memory
  leak that _may_ be from MesaGL.
./xlock -mode random -modelist allgl -duration 1


New since BETA
  Logout patch for SUNOS4, galaxy & life3d leak fix thanks to Tom Schmidt.
     (life3d still has a leak... there is a fix in the works)
  inline and seteuid patches for configure and xlock.h.
  flag-freebsd.h added.
  ant and demon patches
  GL fix for bomb on 101st time a GL mode is run in random mode.
  demon patches again.
  -sequential option for random mode.
  morph3d a little more random at start

4.02
  Logout patch for SUNOS4, galaxy and life3d leak fix thanks to Tom Schmidt.
  inline and seteuid patches for configure and xlock.h.
  flag-freebsd.h added.
  First mode was not being released in random mode.  Fixed.
  new ellipse code from Dan Stromberg <strombrg@nis.acs.uci.edu> (formerly
    named trig) added to helix  (xlock -mode helix -ellipse).
  -fullrandom option added to make xlock more random.  Thanks to Jouk
    Jansen <joukj@crys.chem.uva.nl>.  So far only drift, helix, hop, &
    spline are set up.  Spline in -erase mode has cycles divided by 64
    so it is compatible with +erase.  New options added to hop (-jong
    and -sine).
  Got SunC++, GnuC++, DECC++ errors and warnings out of xlock.c, passwd.c,
    utils.c, logout.c, cartoon.c, clock.c, galaxy.c, life1d.c, turtle.c,
    worm.c, bomb.c, fract.c, tube.c .  It still does not link.
    GnuC++ was tested on Linux and Solaris.  Thanks to Jouk Jansen
    <joukj@crys.chem.uva.nl> for the DECC++ patches.
  Thanks to Tom Schmidt <tschmidt@micron.com> for his memory leak fixes
    to gears.c, mode.c, & resource.c.  MesaGL 2.1 has some leaks that were
    reported to the MesaGL maintainer and fixed in 2.2.  Also fixed swirl,
    and GL modes so they always default to the best visual.  Also added
    -visual (available with hackers code).  gears and morph3d fixed to be
    more random at start.
  gears and morph3d multiscreen bug fixed by Brian Paul
    <brianp@ra.avid.com> MesaGL creator.
  Thanks to Massimino Pascal <Pascal.Massimon@ens.fr> for ifs and strange.
  Thanks to Marcelo F. Vianna <vianna@cat.cbpf.br> for morph3d and pipes.
  Thanks to Dan Stromberg <strombrg@nis.acs.uci.edu> for tube.
  Thanks to Caleb Cullen <CCullen@hal-pc.org> for lisa.
  On Solaris, initial random mode was not random.  This was fixed by a
    cast for SRAND.  Also updated refrerences for seconds() from long or
    int to unsigned long.  time(NULL) will exceed maximum signed int in
    2038.
  flag jumpiness and gears -mono fixed thanks to Ed Mackey
    <emackey@early.com>  http://www.early.com/~emackey/sproingies/.
    Sproingies and superquadrics GL modes and -wireframe option added.
    "configure --enable-sproingies"    sproingies is not compiled in by
    default since it may run VERY slow on some machines.  Also the -size
    option may help you here (thanks to Tom Schmidt for this option).
  Thanks to Tracy Camp <campt@hurrah.com> for fract with improvements by
    David Hansen <dhansen@metapath.com>.
  "Minor" security hole noticed by David Hedley <hedley@cs.bris.ac.uk>.
    Minor in that the array is in the heap and not the stack, so it would
    be tricky to write an exploit.  Patched up by David Hansen
    <dhansen@metapath.com>.
  Debian bug report fix Bug#8276: xlockmore: xlock -help should output
    to stdout rather stderr, thanks to Heiko Schlittermann
    <heiko@lotte.sax.de> for pointing it out.  xlock -version fixed too.
  Debian bug report fix Bug#8406: app file was not being read when configure
    was used.  Fixed.  Thanks to Herbert Xu <herbert@greathan.apana.org.au>
    and Dirk Eddelbuettel <edd@rosebud.sps.queensu.ca> for pointing it out.
  added allnice, allstandard, allstable to modelist choices for the
    random mode.  Any mode that runs slower than star mode is considered
    not nice.  If gl modes are compiled in, these are considered
    nonstandard modes.  If hackers modes are compiled in, these are
    considered unstable modes.  To get only GL modes try:
      xlock -mode random -modelist allstable-allstandard
    allgl works too if you don'w ant to type that much. :)
  X11 ico added added dodecahedron, tetrahedron, and the star octahedron.
    -face and other options were removed to ease port.
  -resources now prints out the resources for mode options.
  button-logout and auto-logout rearranged.  Also the logout button should
    no longer overwrite your plan.  See "configure --help".  Note: 0 is a
    special case and handled as infinity.
  -icongeometry 1x1 fixes for bug, hop, and triangle .
  fvwm2 menus thanks to James G. Feeney <james@albion.glarp.com>
  Changed pause on multiscreens so that if pausing the second screen will
    not override it.  Its not exactly right but I am happy with it for now.
  Thanks to Charles K. Hines <chuck_hines@vnet.ibm.com> for fixing grav.c
    bug, casts to unsigned int.
  LDFLAGS used if using cc on Solaris.  There could be library problems if
    setuid to root.
  -neighbors 8 & 3 added to ant and  8, 3, 9, & 12 added for demon.
  Fix on FreeBSD with xlock setuid and xdm for $HOME/.Xauthority thanks to
    Thomas Gellekum <thomas@ghpc6.ihf.rwth-aachen.de>.
  -sequential option for random.  Since the random mode is the most easily
    broken... its good to have repeatability.

-- 
Cheers, 
  /X\   David A. Bagley
 // \\  bagleyd@bigfoot.com   http://megahertz.njit.edu/~bagleyd/
((   X  xlockmore, new stuff for xlock @ ftp.x.org//contrib/applications
 \\ //  altris, tetris games for x @ ftp.x.org//contrib/games/altris
  \X/   puzzles, magic cubes for x @ ftp.x.org//contrib/games/puzzles


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .