test-apt-update-file 905 B

1234567891011121314151617181920212223242526272829303132333435363738
  1. #!/bin/sh
  2. #
  3. # Ensure that we do not modify file:/// uris (regression test for
  4. # CVE-2014-0487
  5. #
  6. set -e
  7. TESTDIR=$(readlink -f $(dirname $0))
  8. . $TESTDIR/framework
  9. setupenvironment
  10. configarchitecture "amd64"
  11. configcompression 'bz2' 'gz'
  12. insertpackage 'unstable' 'foo' 'all' '1.0'
  13. setupaptarchive --no-update
  14. # ensure the archive is not writable
  15. chmod 550 aptarchive/dists/unstable/main/binary-amd64
  16. testsuccess aptget update -qq
  17. testsuccess aptget update -qq
  18. aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log
  19. # ensure that the hash of the uncompressed file was verified even on a local
  20. # ims hit
  21. canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')"
  22. grep -q -- "- $canary" output.log
  23. # foo is still available
  24. testsuccess aptget install -s foo
  25. # the cleanup should still work
  26. chmod 750 aptarchive/dists/unstable/main/binary-amd64