| | 1 | #!/bin/sh |
| | 2 | # |
| | 3 | # Ensure that we do not modify file:/// uris (regression test for |
| | 4 | # CVE-2014-0487 |
| | 5 | # |
| | 6 | set -e |
| | 7 | |
| | 8 | TESTDIR="$(readlink -f "$(dirname "$0")")" |
| | 9 | . "$TESTDIR/framework" |
| | 10 | |
| | 11 | setupenvironment |
| | 12 | configarchitecture "amd64" |
| | 13 | configcompression 'bz2' 'gz' |
| | 14 | confighashes 'SHA512' |
| | 15 | |
| | 16 | insertpackage 'unstable' 'foo' 'all' '1' |
| | 17 | insertpackage 'unstable' 'bar' 'amd64' '1' |
| | 18 | insertsource 'unstable' 'foo' 'all' '1' |
| | 19 | |
| | 20 | setupaptarchive --no-update |
| | 21 | logcurrentarchivedirectory |
| | 22 | |
| | 23 | # ensure the archive is not writable |
| | 24 | addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;' |
| | 25 | if [ "$(id -u)" = '0' ]; then |
| | 26 | # too deep to notice it, but it also unlikely that files in the same repo have different permissions |
| | 27 | chmod 500 aptarchive/dists/unstable/main/binary-all |
| | 28 | testfailure aptget update |
| | 29 | rm -rf rootdir/var/lib/apt/lists |
| | 30 | chmod 755 aptarchive/dists/unstable/main/binary-all |
| | 31 | testsuccess aptget update |
| | 32 | rm -rf rootdir/var/lib/apt/lists |
| | 33 | chmod 511 aptarchive/dists/ |
| | 34 | testsuccess aptget update |
| | 35 | rm -rf rootdir/var/lib/apt/lists |
| | 36 | chmod 510 aptarchive/dists/ |
| | 37 | testsuccesswithnotice aptget update |
| | 38 | rm -rf rootdir/var/lib/apt/lists |
| | 39 | chmod 500 aptarchive/dists/ |
| | 40 | testsuccesswithnotice aptget update |
| | 41 | chmod 755 aptarchive/dists/ |
| | 42 | else |
| | 43 | testsuccess aptget update |
| | 44 | fi |
| | 45 | mv rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial |
| | 46 | chmod 555 aptarchive/dists/unstable/main/binary-all |
| | 47 | testsuccess aptget update -o Debug::pkgAcquire::Worker=1 |
| | 48 | cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output |
| | 49 | testsuccess grep '%0aAlt-Filename:%20' rootdir/tmp/update.output |
| | 50 | |
| | 51 | # the release files aren't an IMS-hit, but the indexes are |
| | 52 | redatereleasefiles '+1 hour' |
| | 53 | |
| | 54 | # we don't download the index if it isn't updated |
| | 55 | testsuccess aptget update -o Debug::pkgAcquire::Auth=1 |
| | 56 | # file:/ isn't shown in the log, so see if it was downloaded anyhow |
| | 57 | cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output |
| | 58 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')" |
| | 59 | testfailure grep -- "$canary" rootdir/tmp/update.output |
| | 60 | |
| | 61 | testfoo() { |
| | 62 | # foo is still available |
| | 63 | testsuccess aptget install -s foo |
| | 64 | testsuccess aptcache showsrc foo |
| | 65 | testsuccess aptget source foo --print-uris |
| | 66 | } |
| | 67 | testfoo |
| | 68 | |
| | 69 | # the release file is new again, the index still isn't, but it is somehow gone now from disk |
| | 70 | redatereleasefiles '+2 hour' |
| | 71 | find rootdir/var/lib/apt/lists -name '*_Packages*' -delete |
| | 72 | |
| | 73 | testsuccess aptget update -o Debug::pkgAcquire::Auth=1 |
| | 74 | # file:/ isn't shown in the log, so see if it was downloaded anyhow |
| | 75 | cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output |
| | 76 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')" |
| | 77 | testsuccess grep -- "$canary" rootdir/tmp/update.output |
| | 78 | |
| | 79 | testfoo |
projects / apt.git / blame_incremental