| 12345678910111213141516171819202122232425262728293031323334353637 |
- #!/bin/sh
- #
- # Ensure that we do not modify file:/// uris (regression test for
- # CVE-2014-0487
- #
- set -e
- TESTDIR=$(readlink -f $(dirname $0))
- . $TESTDIR/framework
- setupenvironment
- configarchitecture "amd64"
- configcompression 'bz2' 'gz'
- insertpackage 'unstable' 'foo' 'all' '1.0'
- umask 022
- setupaptarchive --no-update
- # ensure the archive is not writable
- chmod 550 aptarchive/dists/unstable/main/binary-amd64
- testsuccess aptget update -qq
- testsuccess aptget update -qq
- aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log
- # ensure that the hash of the uncompressed file was verified even on a local
- # ims hit
- canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')"
- grep -q "RecivedHash: $canary" output.log
- # foo is still available
- testsuccess aptget install -s foo
- # the cleanup should still work
- chmod 750 aptarchive/dists/unstable/main/binary-amd64
|