Debian Bug report logs - #183265
gpm: will hang and cause clients to hang if clients are suspended for long times

version graph

Package: gpm; Maintainer for gpm is Axel Beckert <abe@debian.org>; Source for gpm is src:gpm (PTS, buildd, popcon).

Reported by: Simon Richter <sjr@debian.org>

Date: Mon, 3 Mar 2003 16:33:01 UTC

Severity: important

Found in version 1.19.6-12.1

Fixed in version gpm/1.20.3~pre3-1

Done: Jason D Cormie <jason@wormwood666.demon.co.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, warp@debian.org (Zephaniah E. Hull), gpm@packages.qa.debian.org:
Bug#183265; Package gpm. (full text, mbox, link).

Acknowledgement sent to Simon Richter <sjr@debian.org>:
New Bug report received and forwarded. Copy sent to warp@debian.org (Zephaniah E. Hull), gpm@packages.qa.debian.org. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Simon Richter <sjr@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gpm: will hang and cause clients to hang if clients are suspended for long times
Date: Mon, 03 Mar 2003 17:27:58 +0100
Package: gpm
Version: 1.19.6-12.1
Severity: important
Tags: security

Hi,

during my normal course of work it happens that I suspend an instance of
vim or w3m for a long time. Even though I don't have a mouse (gpm was
pulled in as a dependency), the pipe between the program and /dev/gpmctl
fills up over time, making gpm hang when one of the pipes is full. As a
result, all clients connected to /dev/gpmctl hang, too.

This has security implications, as any user can connect to /dev/gpmctl,
never read the data arriving and cause software of other users to hang
until root kills gpm.

   Simon

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux phobos 2.4.19 #1 Mit Okt 30 13:10:27 CET 2002 i486
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Versions of packages gpm depends on:
ii  debianutils               2.3.1          Miscellaneous utilities specific t
ii  libc6                     2.3.1-14       GNU C Library: Shared libraries an
ii  libncurses5               5.3.20021109-2 Shared libraries for terminal hand

-- no debconf information

Tags removed: security Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GPM Team <pkg-gpm-devel@lists.alioth.debian.org>:
Bug#183265; Package gpm. (Mon, 27 Dec 2010 22:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Jason Cormie <jason@wormwood666.demon.co.uk>:
Extra info received and forwarded to list. Copy sent to Debian GPM Team <pkg-gpm-devel@lists.alioth.debian.org>. (Mon, 27 Dec 2010 22:51:03 GMT) (full text, mbox, link).

Message #12 received at 183265@bugs.debian.org (full text, mbox, reply):

From: Jason Cormie <jason@wormwood666.demon.co.uk>
To: 183265@bugs.debian.org
Subject: [gpm]Already fixed in later version
Date: Mon, 27 Dec 2010 22:47:16 +0000
Package: gpm
Version: 1.20.4-3.3

--- Please enter the report below this line. ---

I've not been able to reproduce this.

In addition, the upstream changelog states :
* From 1.19.6 to 1.20.0: (bugfix/new features/code clean release)
   o gpm clients can't cause gpm do die.

http://www.nico.schottelius.org/software/gpm/browse_source/gpm-1.99.7/doc/changes/gpm-1-before-1.20.4

So I think if this can't be reproduced, the bug should be closed.


--- System information. ---
Architecture: amd64
Kernel:       Linux 2.6.32-5-amd64

Debian Release: squeeze/sid
  900 testing         ftp.debian.org
  850 unstable        ftp.debian.org
  800 stable          www.debian-multimedia.org
  800 stable          security.debian.org
  800 stable          ftp.debian.org
  700 experimental    ftp.debian.org

--- Package information. ---
Depends             (Version) | Installed
=============================-+-=============
libc6                (>= 2.7) | 2.11.2-7
libgpm2           (>= 1.20.4) | 1.20.4-3.3
debconf             (>= 0.5)  | 1.5.36
 OR debconf-2.0               |
dpkg             (>= 1.15.4)  | 1.15.8.5
 OR install-info              | 4.13a.dfsg.1-6
debianutils          (>= 1.7) | 3.4
ucf                 (>= 0.28) | 3.0025+nmu1
lsb-base                      | 3.2-23.1


Package's Recommends field is empty.

Package's Suggests field is empty.

Bug marked as fixed in version 1.20.3~pre3-1, send any further explanations to Simon Richter <sjr@debian.org> Request was from Jason D Cormie <jason@wormwood666.demon.co.uk> to control@bugs.debian.org. (Sun, 24 Apr 2011 12:01:15 GMT) (full text, mbox, link).

No longer marked as found in versions gpm/1.20.4-3.3. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Fri, 01 Nov 2013 01:21:39 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 29 Nov 2013 07:41:25 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Oct 11 00:25:24 2017; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.