Package: backintime-common Version: 1.1.12-1 Severity: critical Justification: breaks the whole system
Note: this is a summary of an upstream bug report at https://github.com/bit-team/backintime/issues/708, but I'm still reporting this here since the fixed version isn't available anywhere in Debian at the moment and stretch is affected. Restoring a snapshot with preserved permissions from selecting a folder in the shortcuts pane will set / as read-only, breaking the complete system. how to reproduce, DO NOT TRY THIS ON A REAL SYSTEM: 0. create a backup of your VMor prepare to rescue it 1. install backintime-common and backintime-qt4 in version 1.1.12-1 2. open backintime in root mode; create a simple profile, I used /tmp as snapshot target and included /etcfor a quick test. Enable "preserve ACL" and/or "preserve extended attributes" in "expert options" 3. create a snapshot 4. select this snapshot, select a folder in the shortcuts middle pane, click the restorebutton 5. if the system doesn't seem broken yet, try opening a terminal and $ls -la / This has been fixed upstream by a new maintenance release 1.1.14. I built a package of this version myself and can confirm that this bug is gone. Version 1.0.36 from jessie does not seem to be affected. This bug won't hit users using only the default settings and depends a bit on specific usage, but is still more than bad enough. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing'), (150, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system)