diff options
author | Michael Vogt <egon@debian-devbox> | 2013-03-14 14:26:43 +0100 |
---|---|---|
committer | Michael Vogt <egon@debian-devbox> | 2013-03-14 14:26:43 +0100 |
commit | 55971004215609a02ca19c59bd058da20729ba11 (patch) | |
tree | 2cd26c24d0304768750c80d8361d6a031d8f99e4 /test | |
parent | ee5505af11ee4708704a296bddac5120314ef37a (diff) |
* SECURITY UPDATE: InRelease verification bypass0.9.7.8
- CVE-2013-1051
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
Diffstat (limited to 'test')
-rwxr-xr-x | test/integration/test-bug-595691-empty-and-broken-archive-files | 30 | ||||
-rwxr-xr-x | test/integration/test-releasefile-verification | 4 |
2 files changed, 13 insertions, 21 deletions
diff --git a/test/integration/test-bug-595691-empty-and-broken-archive-files b/test/integration/test-bug-595691-empty-and-broken-archive-files index 63883b380..4611b8b8e 100755 --- a/test/integration/test-bug-595691-empty-and-broken-archive-files +++ b/test/integration/test-bug-595691-empty-and-broken-archive-files @@ -13,7 +13,7 @@ setupflataptarchive testaptgetupdate() { rm -rf rootdir/var/lib/apt aptget update 2>> testaptgetupdate.diff >> testaptgetupdate.diff || true - sed -i -e '/^Fetched / d' -e '/Ign / d' -e 's#\[[0-9]* [kMGTPY]*B\]#\[\]#' testaptgetupdate.diff + sed -i -e '/^Fetched / d' -e '/Ign / d' -e '/Release/ d' -e 's#Get:[0-9]\+ #Get: #' -e 's#\[[0-9]* [kMGTPY]*B\]#\[\]#' testaptgetupdate.diff GIVEN="$1" shift msgtest "Test for correctness of" "apt-get update with $*" @@ -81,22 +81,18 @@ testoverfile() { setupcompressor "$1" createemptyfile 'en' - testaptgetupdate "Get:1 file: InRelease [] -Reading package lists..." "empty file en.$COMPRESS over file" + testaptgetupdate 'Reading package lists...' "empty file en.$COMPRESS over file" createemptyarchive 'en' - testaptgetupdate "Get:1 file: InRelease [] -Reading package lists..." "empty archive en.$COMPRESS over file" + testaptgetupdate 'Reading package lists...' "empty archive en.$COMPRESS over file" createemptyarchive 'Packages' # FIXME: Why omits the file transport the Packages Get line? #Get:3 file: Packages [] - testaptgetupdate "Get:1 file: InRelease [] -Reading package lists..." "empty archive Packages.$COMPRESS over file" + testaptgetupdate 'Reading package lists...' "empty archive Packages.$COMPRESS over file" createemptyfile 'Packages' - testaptgetupdate "Get:1 file: InRelease [] -Err file: Packages + testaptgetupdate "Err file: Packages Empty files can't be valid archives W: Failed to fetch ${COMPRESSOR}:$(readlink -f aptarchive/Packages.$COMPRESS) Empty files can't be valid archives @@ -107,26 +103,22 @@ testoverhttp() { setupcompressor "$1" createemptyfile 'en' - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages [] -Get:3 http://localhost Translation-en + testaptgetupdate "Get: http://localhost Packages [] +Get: http://localhost Translation-en Reading package lists..." "empty file en.$COMPRESS over http" createemptyarchive 'en' - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages [] -Get:3 http://localhost Translation-en [] + testaptgetupdate "Get: http://localhost Packages [] +Get: http://localhost Translation-en [] Reading package lists..." "empty archive en.$COMPRESS over http" createemptyarchive 'Packages' - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages [] + testaptgetupdate "Get: http://localhost Packages [] Reading package lists..." "empty archive Packages.$COMPRESS over http" createemptyfile 'Packages' #FIXME: we should response with a good error message instead - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages + testaptgetupdate "Get: http://localhost Packages Err http://localhost Packages Empty files can't be valid archives W: Failed to fetch ${COMPRESSOR}:$(readlink -f rootdir/var/lib/apt/lists/partial/localhost:8080_Packages) Empty files can't be valid archives diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index d3ea91de5..01fb2e529 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -184,5 +184,5 @@ runtest2 DELETEFILE="InRelease" runtest -DELETEFILE="Release.gpg" -runtest +#DELETEFILE="Release.gpg" +#runtest |