test-apt-update-file 921 B

12345678910111213141516171819202122232425262728293031323334353637
  1. #!/bin/sh
  2. #
  3. # Ensure that we do not modify file:/// uris (regression test for
  4. # CVE-2014-0487
  5. #
  6. set -e
  7. TESTDIR=$(readlink -f $(dirname $0))
  8. . $TESTDIR/framework
  9. setupenvironment
  10. configarchitecture "amd64"
  11. configcompression 'bz2' 'gz'
  12. insertpackage 'unstable' 'foo' 'all' '1.0'
  13. umask 022
  14. setupaptarchive --no-update
  15. # ensure the archive is not writable
  16. chmod 550 aptarchive/dists/unstable/main/binary-amd64
  17. testsuccess aptget update -qq
  18. testsuccess aptget update -qq
  19. aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log
  20. # ensure that the hash of the uncompressed file was verified even on a local
  21. # ims hit
  22. canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')"
  23. grep -q "RecivedHash: $canary" output.log
  24. # foo is still available
  25. testsuccess aptget install -s foo
  26. # the cleanup should still work
  27. chmod 750 aptarchive/dists/unstable/main/binary-amd64