| | 1 | #!/bin/sh |
| | 2 | # |
| | 3 | # Ensure that we do not modify file:/// uris (regression test for |
| | 4 | # CVE-2014-0487 |
| | 5 | # |
| | 6 | set -e |
| | 7 | |
| | 8 | TESTDIR=$(readlink -f $(dirname $0)) |
| | 9 | . $TESTDIR/framework |
| | 10 | |
| | 11 | setupenvironment |
| | 12 | configarchitecture "amd64" |
| | 13 | configcompression 'bz2' 'gz' |
| | 14 | |
| | 15 | insertpackage 'unstable' 'foo' 'all' '1' |
| | 16 | insertsource 'unstable' 'foo' 'all' '1' |
| | 17 | |
| | 18 | setupaptarchive --no-update |
| | 19 | |
| | 20 | # ensure the archive is not writable |
| | 21 | addtrap 'prefix' 'chmod 750 aptarchive/dists/unstable/main/binary-amd64;' |
| | 22 | chmod 550 aptarchive/dists/unstable/main/binary-amd64 |
| | 23 | |
| | 24 | testsuccess aptget update |
| | 25 | testsuccess aptget update -o Debug::pkgAcquire::Auth=1 |
| | 26 | cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output |
| | 27 | |
| | 28 | # ensure that the hash of the uncompressed file was verified even on a local ims hit |
| | 29 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')" |
| | 30 | testsuccess grep -- "$canary" rootdir/tmp/update.output |
| | 31 | |
| | 32 | # foo is still available |
| | 33 | testsuccess aptget install -s foo |
| | 34 | testsuccess aptcache showsrc foo |
| | 35 | testsuccess aptget source foo --print-uris |
projects / apt.git / blame_incremental