]>
Commit | Line | Data |
---|---|---|
daff4aa3 MV |
1 | #!/bin/sh |
2 | # | |
3 | # Ensure that we do not modify file:/// uris (regression test for | |
4 | # CVE-2014-0487 | |
5 | # | |
6 | set -e | |
7 | ||
8 | TESTDIR=$(readlink -f $(dirname $0)) | |
9 | . $TESTDIR/framework | |
10 | ||
11 | setupenvironment | |
12 | configarchitecture "amd64" | |
846bc058 | 13 | configcompression 'bz2' 'gz' |
daff4aa3 | 14 | |
846bc058 DK |
15 | insertpackage 'unstable' 'foo' 'all' '1' |
16 | insertsource 'unstable' 'foo' 'all' '1' | |
daff4aa3 | 17 | |
daff4aa3 MV |
18 | setupaptarchive --no-update |
19 | ||
20 | # ensure the archive is not writable | |
846bc058 | 21 | addtrap 'prefix' 'chmod 750 aptarchive/dists/unstable/main/binary-amd64;' |
daff4aa3 MV |
22 | chmod 550 aptarchive/dists/unstable/main/binary-amd64 |
23 | ||
846bc058 | 24 | testsuccess aptget update |
448c38bd DK |
25 | |
26 | # the release files aren't an IMS-hit, but the indexes are | |
27 | redatereleasefiles '+1 hour' | |
28 | ||
846bc058 DK |
29 | testsuccess aptget update -o Debug::pkgAcquire::Auth=1 |
30 | cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output | |
23d0a6fb | 31 | |
846bc058 | 32 | # ensure that the hash of the uncompressed file was verified even on a local ims hit |
23d0a6fb | 33 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')" |
846bc058 | 34 | testsuccess grep -- "$canary" rootdir/tmp/update.output |
23d0a6fb | 35 | |
8b451962 MV |
36 | # foo is still available |
37 | testsuccess aptget install -s foo | |
846bc058 DK |
38 | testsuccess aptcache showsrc foo |
39 | testsuccess aptget source foo --print-uris |