]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-stale
SECURITY UPDATE for CVE-2014-{0488,0487,0489}
[apt.git] / test / integration / test-apt-update-stale
CommitLineData
ca7fd76c
MV
1#!/bin/sh
2#
3# Ensure that a MITM can not stale the Packages/Sources without
4# raising a error message. Note that the Release file is protected
5# via the "Valid-Until" header
6#
7set -e
8
9TESTDIR=$(readlink -f $(dirname $0))
10. $TESTDIR/framework
11
12setupenvironment
13configarchitecture "i386"
14
15insertpackage 'unstable' 'foo' 'all' '1.0'
16
17setupaptarchive
18changetowebserver
19aptget update -qq
20
21# insert new version
22mkdir aptarchive/dists/unstable/main/binary-i386/saved
23cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \
24 aptarchive/dists/unstable/main/binary-i386/saved
25insertpackage 'unstable' 'foo' 'all' '2.0'
26
27# not using compressfile for compat with older apt releases
28gzip -c aptarchive/dists/unstable/main/binary-i386/Packages > \
29 aptarchive/dists/unstable/main/binary-i386/Packages.gz
30generatereleasefiles
31signreleasefiles
32
33# ensure that we do not get a I-M-S hit for the Release file
34touch -d "+1hour" aptarchive/dists/unstable/*Release*
35
36# but now only deliver the previous Packages file instead of the new one
37# (simulating a stale attack)
38cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \
39 aptarchive/dists/unstable/main/binary-i386/
40
41# ensure this raises a error
42testequal "W: Failed to fetch http://localhost:8080/dists/unstable/main/binary-i386/Packages Hash Sum mismatch
43
44E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
45
46