]>
Commit | Line | Data |
---|---|---|
daff4aa3 MV |
1 | #!/bin/sh |
2 | # | |
3 | # Ensure that we do not modify file:/// uris (regression test for | |
4 | # CVE-2014-0487 | |
5 | # | |
6 | set -e | |
7 | ||
8 | TESTDIR=$(readlink -f $(dirname $0)) | |
9 | . $TESTDIR/framework | |
10 | ||
11 | setupenvironment | |
12 | configarchitecture "amd64" | |
846bc058 | 13 | configcompression 'bz2' 'gz' |
c5ede4ca | 14 | confighashes 'SHA512' |
daff4aa3 | 15 | |
846bc058 | 16 | insertpackage 'unstable' 'foo' 'all' '1' |
514a25cb | 17 | insertpackage 'unstable' 'bar' 'amd64' '1' |
846bc058 | 18 | insertsource 'unstable' 'foo' 'all' '1' |
daff4aa3 | 19 | |
daff4aa3 MV |
20 | setupaptarchive --no-update |
21 | ||
22 | # ensure the archive is not writable | |
30c8107e DK |
23 | addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;' |
24 | if [ "$(id -u)" = '0' ]; then | |
514a25cb DK |
25 | # too deep to notice it, but it also unlikely that files in the same repo have different permissions |
26 | chmod 500 aptarchive/dists/unstable/main/binary-all | |
30c8107e | 27 | testfailure aptget update |
514a25cb DK |
28 | rm -rf rootdir/var/lib/apt/lists |
29 | chmod 755 aptarchive/dists/unstable/main/binary-all | |
30 | testsuccess aptget update | |
31 | rm -rf rootdir/var/lib/apt/lists | |
32 | chmod 511 aptarchive/dists/ | |
33 | testsuccess aptget update | |
34 | rm -rf rootdir/var/lib/apt/lists | |
35 | chmod 510 aptarchive/dists/ | |
87d6947d | 36 | testsuccesswithnotice aptget update |
514a25cb DK |
37 | rm -rf rootdir/var/lib/apt/lists |
38 | chmod 500 aptarchive/dists/ | |
87d6947d | 39 | testsuccesswithnotice aptget update |
514a25cb | 40 | exit |
30c8107e DK |
41 | fi |
42 | chmod 555 aptarchive/dists/unstable/main/binary-all | |
846bc058 | 43 | testsuccess aptget update |
448c38bd DK |
44 | |
45 | # the release files aren't an IMS-hit, but the indexes are | |
46 | redatereleasefiles '+1 hour' | |
47 | ||
8d041b4f | 48 | # we don't download the index if it isn't updated |
846bc058 | 49 | testsuccess aptget update -o Debug::pkgAcquire::Auth=1 |
8d041b4f | 50 | # file:/ isn't shown in the log, so see if it was downloaded anyhow |
846bc058 | 51 | cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output |
1dd20368 | 52 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')" |
8d041b4f DK |
53 | testfailure grep -- "$canary" rootdir/tmp/update.output |
54 | ||
55 | testfoo() { | |
56 | # foo is still available | |
57 | testsuccess aptget install -s foo | |
58 | testsuccess aptcache showsrc foo | |
59 | testsuccess aptget source foo --print-uris | |
60 | } | |
61 | testfoo | |
62 | ||
63 | # the release file is new again, the index still isn't, but it is somehow gone now from disk | |
64 | redatereleasefiles '+2 hour' | |
65 | find rootdir/var/lib/apt/lists -name '*_Packages*' -delete | |
23d0a6fb | 66 | |
8d041b4f DK |
67 | testsuccess aptget update -o Debug::pkgAcquire::Auth=1 |
68 | # file:/ isn't shown in the log, so see if it was downloaded anyhow | |
69 | cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output | |
1dd20368 | 70 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')" |
846bc058 | 71 | testsuccess grep -- "$canary" rootdir/tmp/update.output |
23d0a6fb | 72 | |
8d041b4f | 73 | testfoo |