Version in base suite: 19.01+ds-2 Base version: timeshift_19.01+ds-2 Target version: timeshift_19.01+ds-2+deb10u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/t/timeshift/timeshift_19.01+ds-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/t/timeshift/timeshift_19.01+ds-2+deb10u1.dsc changelog | 10 ++ control | 2 patches/0006-Change-TEMP_DIR-permissions-and-path-Cleanup-on-exit.patch | 48 ++++++++++ patches/series | 1 4 files changed, 60 insertions(+), 1 deletion(-) diff -Nru timeshift-19.01+ds/debian/changelog timeshift-19.01+ds/debian/changelog --- timeshift-19.01+ds/debian/changelog 2019-02-28 04:03:15.000000000 +0000 +++ timeshift-19.01+ds/debian/changelog 2020-03-12 21:24:24.000000000 +0000 @@ -1,3 +1,13 @@ +timeshift (19.01+ds-2+deb10u1) buster; urgency=medium + + * Team upload. + * debian/control: Use new homepage. (Closes: #952685) + * debian/patches/0006: Backport upstream fix on predictable + location of temporary directory. + (Closes: #953385, CVE-2020-10174) + + -- Boyuan Yang Thu, 12 Mar 2020 17:24:24 -0400 + timeshift (19.01+ds-2) unstable; urgency=medium * d/control: Add missing dependency: psmisc (Closes: #919760). diff -Nru timeshift-19.01+ds/debian/control timeshift-19.01+ds/debian/control --- timeshift-19.01+ds/debian/control 2019-02-28 04:03:09.000000000 +0000 +++ timeshift-19.01+ds/debian/control 2020-03-12 21:24:24.000000000 +0000 @@ -10,7 +10,7 @@ libjson-glib-dev, libvte-2.91-dev, Standards-Version: 4.3.0 -Homepage: http://teejeetech.blogspot.in/ +Homepage: https://teejeetech.in/timeshift/ Vcs-Git: https://salsa.debian.org/yanhao-guest/timeshift.git Vcs-Browser: https://salsa.debian.org/yanhao-guest/timeshift diff -Nru timeshift-19.01+ds/debian/patches/0006-Change-TEMP_DIR-permissions-and-path-Cleanup-on-exit.patch timeshift-19.01+ds/debian/patches/0006-Change-TEMP_DIR-permissions-and-path-Cleanup-on-exit.patch --- timeshift-19.01+ds/debian/patches/0006-Change-TEMP_DIR-permissions-and-path-Cleanup-on-exit.patch 1970-01-01 00:00:00.000000000 +0000 +++ timeshift-19.01+ds/debian/patches/0006-Change-TEMP_DIR-permissions-and-path-Cleanup-on-exit.patch 2020-03-12 21:24:24.000000000 +0000 @@ -0,0 +1,48 @@ +From: Tony George +Date: Thu, 5 Mar 2020 08:57:24 +0530 +Subject: Change TEMP_DIR permissions and path; Cleanup on exit; + +--- + src/Core/Main.vala | 2 ++ + src/Utility/TeeJee.Process.vala | 11 +++++++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/Core/Main.vala b/src/Core/Main.vala +index 7ff094c..4f460e1 100644 +--- a/src/Core/Main.vala ++++ b/src/Core/Main.vala +@@ -4229,6 +4229,8 @@ public class Main : GLib.Object{ + + app_lock.remove(); + ++ dir_delete(TEMP_DIR); ++ + exit(exit_code); + + //Gtk.main_quit (); +diff --git a/src/Utility/TeeJee.Process.vala b/src/Utility/TeeJee.Process.vala +index 70dd934..7153d15 100644 +--- a/src/Utility/TeeJee.Process.vala ++++ b/src/Utility/TeeJee.Process.vala +@@ -36,14 +36,17 @@ namespace TeeJee.ProcessHelper{ + public static void init_tmp(string subdir_name){ + string std_out, std_err; + +- TEMP_DIR = Environment.get_tmp_dir() + "/" + subdir_name + "/" + random_string(); ++ TEMP_DIR = Environment.get_tmp_dir() + "/" + random_string(); + dir_create(TEMP_DIR); ++ chmod(TEMP_DIR, "0750"); + + exec_script_sync("echo 'ok'",out std_out,out std_err, true); +- if ((std_out == null)||(std_out.strip() != "ok")){ +- TEMP_DIR = Environment.get_home_dir() + "/.temp/" + subdir_name + "/" + random_string(); +- exec_sync("rm -rf '%s'".printf(TEMP_DIR), null, null); ++ ++ if ((std_out == null) || (std_out.strip() != "ok")){ ++ ++ TEMP_DIR = Environment.get_home_dir() + "/.temp/" + random_string(); + dir_create(TEMP_DIR); ++ chmod(TEMP_DIR, "0750"); + } + + //log_debug("TEMP_DIR=" + TEMP_DIR); diff -Nru timeshift-19.01+ds/debian/patches/series timeshift-19.01+ds/debian/patches/series --- timeshift-19.01+ds/debian/patches/series 2019-02-26 10:01:52.000000000 +0000 +++ timeshift-19.01+ds/debian/patches/series 2020-03-12 21:24:24.000000000 +0000 @@ -3,3 +3,4 @@ 0004-select-etc-timeshift-as-the-default-config-dir.patch 0005-build-with-debug-info.patch 0005-Fix-build-errors-with-new-version-of-vala.patch +0006-Change-TEMP_DIR-permissions-and-path-Cleanup-on-exit.patch