Your message dated Sat, 22 Apr 2017 18:49:08 +0000 with message-id <e1d205k-0002j6...@fasolo.debian.org> and subject line Bug#858193: fixed in backintime 1.1.12-2 has caused the Debian Bug report #858193, regarding backintime-common: restore as root can render system unusable to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858193: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858193 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: backintime-common Version: 1.1.12-1 Severity: critical Justification: breaks the whole system Note: this is a summary of an upstream bug report at https://github.com/bit-team/backintime/issues/708, but I'm still reporting this here since the fixed version isn't available anywhere in Debian at the moment and stretch is affected. Restoring a snapshot with preserved permissions from selecting a folder in the shortcuts pane will set / as read-only, breaking the complete system. how to reproduce, DO NOT TRY THIS ON A REAL SYSTEM: 0. create a backup of your VMor prepare to rescue it 1. install backintime-common and backintime-qt4 in version 1.1.12-1 2. open backintime in root mode; create a simple profile, I used /tmp as snapshot target and included /etcfor a quick test. Enable "preserve ACL" and/or "preserve extended attributes" in "expert options" 3. create a snapshot 4. select this snapshot, select a folder in the shortcuts middle pane, click the restorebutton 5. if the system doesn't seem broken yet, try opening a terminal and $ls -la / This has been fixed upstream by a new maintenance release 1.1.14. I built a package of this version myself and can confirm that this bug is gone. Version 1.0.36 from jessie does not seem to be affected. This bug won't hit users using only the default settings and depends a bit on specific usage, but is still more than bad enough. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing'), (150, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: backintime Source-Version: 1.1.12-2 We believe that the bug you reported is fixed in the latest version of backintime, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 858...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire <j...@debian.org> (supplier of updated backintime package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 22 Apr 2017 17:21:03 +0100 Source: backintime Binary: backintime-common backintime-qt4 backintime-gnome backintime-kde Architecture: source all Version: 1.1.12-2 Distribution: unstable Urgency: high Maintainer: Jonathan Wiltshire <j...@debian.org> Changed-By: Jonathan Wiltshire <j...@debian.org> Description: backintime-common - simple backup/snapshot system (common files) backintime-gnome - GNOME front-end for backintime (transitional package) backintime-kde - KDE front-end for backintime (transitional package) backintime-qt4 - simple backup/snapshot system (graphical interface) Closes: 858193 859815 Changes: backintime (1.1.12-2) unstable; urgency=high . * 01-858193-back-up-slash-root-perms.patch: back up permissions of '/' as well (Closes: #858193) * 02-polkit-vuln.patch: fix race condition in polkit privilege authorisation (CVE-2017-7572) (Closes: #859815) * Build-depend on dh-python Checksums-Sha1: 09ae0264cfd87f6bf586adfad87faa29b024ef57 2078 backintime_1.1.12-2.dsc 6cfe7fcb5a356191eec4b1da764f51eccffa9706 6964 backintime_1.1.12-2.debian.tar.xz 733fd5ec9784cf5641720a2df8e710ce6acf6068 247164 backintime-common_1.1.12-2_all.deb f71a7fac0e0fac3c224cf50234132891e0e646f6 16784 backintime-gnome_1.1.12-2_all.deb b4380f6d281b2c86c3a3db37ba81f89e305711a7 16778 backintime-kde_1.1.12-2_all.deb 63161f89474d61af06a56181409f7bc20190f0b0 64706 backintime-qt4_1.1.12-2_all.deb 83d5bebf8d3b498f619b82285f34aa3c524b08c5 6621 backintime_1.1.12-2_amd64.buildinfo Checksums-Sha256: 4f4712f1d09ebcecb8b4d7eb5c2e303180797b3c87fa994bdfe7b58f4efb1cbb 2078 backintime_1.1.12-2.dsc 37685b88554b4619a27fa05bcf73a5b21da9aae0f2f8bab08835a1adcd9d37b7 6964 backintime_1.1.12-2.debian.tar.xz 2e1cf23ec3742bfa7aff68581fe67e3379520166b156ed1650106d5606c36e65 247164 backintime-common_1.1.12-2_all.deb f5c5e6dc8a2320e93394c38dea04e3380bde07a303e7e9685782f9a3eed3f50f 16784 backintime-gnome_1.1.12-2_all.deb 28f05ca96c478fe4bd92b7e5c89558d1b7467e580866933788c9925b923a2b68 16778 backintime-kde_1.1.12-2_all.deb 68fdeef2157da41e9e8eda0181ab9136325b42437d62d313c6cbfa33b102341a 64706 backintime-qt4_1.1.12-2_all.deb 5328a95cdd900bcdfeb37a1211ee77ceced7767ac4424a38f165ce9793d5ac9f 6621 backintime_1.1.12-2_amd64.buildinfo Files: a3447f0684c4dd24305ec9a20c22426c 2078 utils extra backintime_1.1.12-2.dsc ff5b42fb41a969404bd220e59c7dcbd4 6964 utils extra backintime_1.1.12-2.debian.tar.xz 80d750627d1b5c7cbd9e45230f6c128a 247164 utils extra backintime-common_1.1.12-2_all.deb 69e681ce75201df4e27fca157d6c5ebf 16784 oldlibs extra backintime-gnome_1.1.12-2_all.deb 9e7df08b034ab6e44293f5113d777b5c 16778 oldlibs extra backintime-kde_1.1.12-2_all.deb da4da6d8eff4518ce0886c40d27e0455 64706 utils extra backintime-qt4_1.1.12-2_all.deb 9f6092dd5b492a892aef92e9db9a26a7 6621 utils extra backintime_1.1.12-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEADLdyLGMneGYn8dtRNMqtfom+MkFAlj7oDcACgkQRNMqtfom +MnIDg/+JEuFoowdtuAJxGfCPaJ+8JwHoMa3y3em9Ussqroaw3S8c6L/ntzonhja xSS9PqMOQ8Vav18qTX8+ZIjEwnk7Ez3dAkFIVTJ+E/MFUoRpf676tayAXgT3MBqM y2lN0yl4yxa+jETKfIUedDiZHrB+sp3eDJd05waWy+mR87NyUUnR2qA6PQYboRNw Reljc860WLCsipO8Geeqq9YKiACJFZN4aVksJMGjp5rFo3/7BhytFSrA3ZqJQm+a KtNowujqn1+ZXxL5cFufLS8I7vpA4dQt2zLxpKSiOf3k5yP4NUE3Aduo3uExr8Or NLk+YH+pVt8PE59bTxMCz71t/srAOW+AZRj8aF8Khtyl6n+Gdnf1eEn5mdB6QYfA hF23oETpoZG8SrV9GHkw+p8rjHjO86Evlri4VDfdeXXqq9ODAk1/qiIZ1CKf0e5e E2mS81Vz/qEsYM3sRADTGuqIM2yLIAg1Jfij49XUuWlj3/MX0s4eChG3ALX2ucCP 4SflLybPTGZQRheehpjeEEueIzxAnuFN2hktVWp3uGq6SU80caC4LPIzikLh0aFa vlz9y0qc8tkgf/+zR4tIfM8tfIXOSiE80Vh+esyh1mw7SUk+T0t/a7uBqreVgkd8 a0XKCzexUfE8LKT1+ov7YX72Jo1MdgO4KAJC3VGEXpb7LuWibG8= =BW7L -----END PGP SIGNATURE-----
--- End Message ---
