[Group.of.nepali.translators] [Bug 918489] Re: duplicity allows bad passphrase on full backup if archive cache exists

2017-03-06 Thread Vej 
** Also affects: duplicity (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/918489

Title:
  duplicity allows bad passphrase on full backup if archive cache exists

Status in Déjà Dup:
  Fix Released
Status in Duplicity:
  New
Status in deja-dup package in Ubuntu:
  Fix Released
Status in duplicity package in Ubuntu:
  New
Status in deja-dup source package in Trusty:
  Fix Released
Status in duplicity source package in Trusty:
  New
Status in deja-dup source package in Xenial:
  Fix Released
Status in duplicity source package in Xenial:
  New
Status in deja-dup source package in Yakkety:
  Fix Released
Status in duplicity source package in Yakkety:
  New

Bug description:
  when doing a backup for the first time, dejadup verifies your
  passphrase by having you enter it twice.

  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.

  with the periodic 'full' backups that happen from time to time,
  however, any password will be accepted.

  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what
  you typed and have no way to get your files (or do another incremental
  backup on top of it).

  i think this is what happened to me recently.

  clearly, the fix is to explicitly verify the passphrase is correct
  when doing a new full backup.  this may be a duplicity bug.

  === Ubuntu deja-dup SRU information ===

  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.

  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password

  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

  It's possible if a full backup is being resumed, we might delete the
  current progress.  That is a better bug to have than this bug, though.
  A more complicated patch would need to be investigated to prevent
  that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 918489] Re: duplicity allows bad passphrase on full backup if archive cache exists

2016-12-14 Thread Launchpad Bug Tracker 
This bug was fixed in the package deja-dup - 34.2-0ubuntu1.1

---
deja-dup (34.2-0ubuntu1.1) xenial; urgency=medium

  * debian/patches/clear-cache-before-full-backup.patch:
- Fixes a bug that allowed an incorrect password when making a
  new full backup (LP: #918489)

 -- Michael Terry   Fri, 02 Dec 2016 16:07:55 -0500

** Changed in: deja-dup (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

** Changed in: deja-dup (Ubuntu Yakkety)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/918489

Title:
  duplicity allows bad passphrase on full backup if archive cache exists

Status in Déjà Dup:
  Fix Released
Status in Duplicity:
  New
Status in deja-dup package in Ubuntu:
  Fix Released
Status in deja-dup source package in Trusty:
  Fix Released
Status in deja-dup source package in Xenial:
  Fix Released
Status in deja-dup source package in Yakkety:
  Fix Released

Bug description:
  when doing a backup for the first time, dejadup verifies your
  passphrase by having you enter it twice.

  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.

  with the periodic 'full' backups that happen from time to time,
  however, any password will be accepted.

  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what
  you typed and have no way to get your files (or do another incremental
  backup on top of it).

  i think this is what happened to me recently.

  clearly, the fix is to explicitly verify the passphrase is correct
  when doing a new full backup.  this may be a duplicity bug.

  === Ubuntu deja-dup SRU information ===

  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.

  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password

  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

  It's possible if a full backup is being resumed, we might delete the
  current progress.  That is a better bug to have than this bug, though.
  A more complicated patch would need to be investigated to prevent
  that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 918489] Re: duplicity allows bad passphrase on full backup if archive cache exists

2016-12-14 Thread Launchpad Bug Tracker 
This bug was fixed in the package deja-dup - 30.0-0ubuntu4.1

---
deja-dup (30.0-0ubuntu4.1) trusty; urgency=medium

  * debian/patches/clear-cache-before-full-backup.patch:
 - Fixes a bug that allowed an incorrect password when making a
  new full backup (LP: #918489)

 -- Michael Terry   Thu, 08 Dec 2016 10:01:04 -0500

** Changed in: deja-dup (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/918489

Title:
  duplicity allows bad passphrase on full backup if archive cache exists

Status in Déjà Dup:
  Fix Released
Status in Duplicity:
  New
Status in deja-dup package in Ubuntu:
  Fix Released
Status in deja-dup source package in Trusty:
  Fix Released
Status in deja-dup source package in Xenial:
  Fix Released
Status in deja-dup source package in Yakkety:
  Fix Released

Bug description:
  when doing a backup for the first time, dejadup verifies your
  passphrase by having you enter it twice.

  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.

  with the periodic 'full' backups that happen from time to time,
  however, any password will be accepted.

  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what
  you typed and have no way to get your files (or do another incremental
  backup on top of it).

  i think this is what happened to me recently.

  clearly, the fix is to explicitly verify the passphrase is correct
  when doing a new full backup.  this may be a duplicity bug.

  === Ubuntu deja-dup SRU information ===

  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.

  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password

  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

  It's possible if a full backup is being resumed, we might delete the
  current progress.  That is a better bug to have than this bug, though.
  A more complicated patch would need to be investigated to prevent
  that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 918489] Re: duplicity allows bad passphrase on full backup if archive cache exists

2016-12-08 Thread Michael Terry 
** Tags removed: verification-needed
** Tags added: verification-needed-xenial

** Description changed:

  when doing a backup for the first time, dejadup verifies your passphrase
  by having you enter it twice.
  
  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.
  
  with the periodic 'full' backups that happen from time to time, however,
  any password will be accepted.
  
  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what you
  typed and have no way to get your files (or do another incremental
  backup on top of it).
  
  i think this is what happened to me recently.
  
  clearly, the fix is to explicitly verify the passphrase is correct when
  doing a new full backup.  this may be a duplicity bug.
  
  === Ubuntu deja-dup SRU information ===
  
  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.
  
  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password
  
  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.
+ 
+ It's possible if a full backup is being resumed, we might delete the
+ current progress.  That is a better bug to have than this bug, though.
+ A more complicated patch would need to be investigated to prevent that.

** No longer affects: deja-dup (Ubuntu Precise)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/918489

Title:
  duplicity allows bad passphrase on full backup if archive cache exists

Status in Déjà Dup:
  Fix Released
Status in Duplicity:
  New
Status in deja-dup package in Ubuntu:
  Fix Released
Status in deja-dup source package in Trusty:
  New
Status in deja-dup source package in Xenial:
  Fix Committed
Status in deja-dup source package in Yakkety:
  Triaged

Bug description:
  when doing a backup for the first time, dejadup verifies your
  passphrase by having you enter it twice.

  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.

  with the periodic 'full' backups that happen from time to time,
  however, any password will be accepted.

  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what
  you typed and have no way to get your files (or do another incremental
  backup on top of it).

  i think this is what happened to me recently.

  clearly, the fix is to explicitly verify the passphrase is correct
  when doing a new full backup.  this may be a duplicity bug.

  === Ubuntu deja-dup SRU information ===

  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.

  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password

  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

  It's possible if a full backup is being resumed, we might delete the
  current progress.  That is a better bug to have than this bug, though.
  A more complicated patch would need to be investigated to prevent
  that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 918489] Re: duplicity allows bad passphrase on full backup if archive cache exists

2016-12-08 Thread Michael Terry 
** Also affects: deja-dup (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: deja-dup (Ubuntu Trusty)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/918489

Title:
  duplicity allows bad passphrase on full backup if archive cache exists

Status in Déjà Dup:
  Fix Released
Status in Duplicity:
  New
Status in deja-dup package in Ubuntu:
  Fix Released
Status in deja-dup source package in Trusty:
  New
Status in deja-dup source package in Xenial:
  Fix Committed
Status in deja-dup source package in Yakkety:
  Triaged

Bug description:
  when doing a backup for the first time, dejadup verifies your
  passphrase by having you enter it twice.

  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.

  with the periodic 'full' backups that happen from time to time,
  however, any password will be accepted.

  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what
  you typed and have no way to get your files (or do another incremental
  backup on top of it).

  i think this is what happened to me recently.

  clearly, the fix is to explicitly verify the passphrase is correct
  when doing a new full backup.  this may be a duplicity bug.

  === Ubuntu deja-dup SRU information ===

  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.

  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password

  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

  It's possible if a full backup is being resumed, we might delete the
  current progress.  That is a better bug to have than this bug, though.
  A more complicated patch would need to be investigated to prevent
  that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 918489] Re: duplicity allows bad passphrase on full backup if archive cache exists

2016-12-07 Thread Brian Murray 
This seems important enough to fix in Yakkety.  Could you do that
Michael?

** Also affects: deja-dup (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Changed in: deja-dup (Ubuntu Yakkety)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/918489

Title:
  duplicity allows bad passphrase on full backup if archive cache exists

Status in Déjà Dup:
  Fix Released
Status in Duplicity:
  New
Status in deja-dup package in Ubuntu:
  Fix Released
Status in deja-dup source package in Xenial:
  Fix Committed
Status in deja-dup source package in Yakkety:
  Triaged

Bug description:
  when doing a backup for the first time, dejadup verifies your
  passphrase by having you enter it twice.

  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.

  with the periodic 'full' backups that happen from time to time,
  however, any password will be accepted.

  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what
  you typed and have no way to get your files (or do another incremental
  backup on top of it).

  i think this is what happened to me recently.

  clearly, the fix is to explicitly verify the passphrase is correct
  when doing a new full backup.  this may be a duplicity bug.

  === Ubuntu deja-dup SRU information ===

  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.

  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password

  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 918489] Re: duplicity allows bad passphrase on full backup if archive cache exists

2016-12-02 Thread Michael Terry 
** Description changed:

  when doing a backup for the first time, dejadup verifies your passphrase
  by having you enter it twice.
  
  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.
  
  with the periodic 'full' backups that happen from time to time, however,
  any password will be accepted.
  
  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what you
  typed and have no way to get your files (or do another incremental
  backup on top of it).
  
  i think this is what happened to me recently.
  
  clearly, the fix is to explicitly verify the passphrase is correct when
  doing a new full backup.  this may be a duplicity bug.
+ 
+ === Ubuntu deja-dup SRU information ===
+ 
+ [impact]
+ Users may unwittingly re-set their backup password and not be able to restore 
their data.
+ 
+ [test case]
+ - $ deja-dup-preferences # set up a dummy backup
+ - $ deja-dup --backup # complete first encrypted full backup
+ - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
+ - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
+ - $ deja-dup --backup # second backup, enter the wrong password
+ - $ deja-dup --restore # try to restore with original password
+ 
+ [regression potential]
+ Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

** Also affects: deja-dup (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/918489

Title:
  duplicity allows bad passphrase on full backup if archive cache exists

Status in Déjà Dup:
  Fix Released
Status in Duplicity:
  New
Status in deja-dup package in Ubuntu:
  Fix Released
Status in deja-dup source package in Xenial:
  New

Bug description:
  when doing a backup for the first time, dejadup verifies your
  passphrase by having you enter it twice.

  on future incremental backups it doesn't need to do this because
  entering the wrong password will result in the backup failing.

  with the periodic 'full' backups that happen from time to time,
  however, any password will be accepted.

  this can lead to a situation where you accidentally type the wrong
  password once and are left in a situation where you don't know what
  you typed and have no way to get your files (or do another incremental
  backup on top of it).

  i think this is what happened to me recently.

  clearly, the fix is to explicitly verify the passphrase is correct
  when doing a new full backup.  this may be a duplicity bug.

  === Ubuntu deja-dup SRU information ===

  [impact]
  Users may unwittingly re-set their backup password and not be able to restore 
their data.

  [test case]
  - $ deja-dup-preferences # set up a dummy backup
  - $ deja-dup --backup # complete first encrypted full backup
  - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
  - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
  - $ deja-dup --backup # second backup, enter the wrong password
  - $ deja-dup --restore # try to restore with original password

  [regression potential]
  Should be limited?  The fix is to delete the duplicity cache files, which 
ought to be safe to delete.

To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp