From 03af77d4ca60a21f3dca1ab10ef2ba17ec2f96c9 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 9 Apr 2018 15:32:09 +0200 Subject: Import Debian version 1.0.1ubuntu2.18 apt (1.0.1ubuntu2.18) trusty; urgency=medium * ExecFork: Use /proc/self/fd to determine which files to close (Closes: #764204) (LP: #1332440). apt (1.0.1ubuntu2.17) trusty-security; urgency=high * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) apt (1.0.1ubuntu2.15) trusty; urgency=medium * Fixes failure to download the Package index file when using mirror:// URL in sources.list and the archive fails to profile a file. APT would try the next archive in the list for .deb packages but did not retry when the index file failed to download. (LP: #1625667) apt (1.0.1ubuntu2.14) trusty; urgency=medium * When using the https transport mechanism, $no_proxy is ignored if apt is getting it's proxy information from $https_proxy (as opposed to Acquire::https::Proxy somewhere in apt config). If the source of proxy information is Acquire::https::Proxy set in apt.conf (or apt.conf.d), then $no_proxy is honored. This patch makes the behavior similar for both methods of setting the proxy. (LP: #1575877) apt (1.0.1ubuntu2.13) trusty; urgency=medium * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured Pre-Depends (which dpkg later fails on). Fixes upgrade failures of systemd, util-linux, and other packages with Pre-Depends. Many thanks to David Kalnischkies for figuring out the patch and Winfried PLappert for testing! Patch taken from Debian git. (LP: #1560797) apt (1.0.1ubuntu2.12) trusty; urgency=medium [ Colin Watson ] * Fix lzma write support to handle "try again" case (closes: #751688, LP: #1553770). [ David Kalnischkies ] * Handle moved mmap after UniqFindTagWrite call (closes: #753941, LP: #1445436). apt (1.0.1ubuntu2.11) trusty; urgency=medium * apt-pkg/packagemanager.cc: - fix incorrect configure ordering in the SmartConfigure step by skipping packages that do not need immediate action. (LP: #1347721, #1497688) apt (1.0.1ubuntu2.10) trusty; urgency=medium * Fix regression from the previous upload by ensuring we're actually testing for the right member before iterating on it (LP: #1480592) apt (1.0.1ubuntu2.9) trusty; urgency=medium * Fix regression in the Never-MarkAuto-Sections feature caused by the previous auto-removal fix, with inspiration drawn from the patches and conversation from http://bugs.debian.org/793360 (LP: #1479207) apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low * fix crash for packages that have no section in their instVersion (LP: #1449394) apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low * fix auto-removal behavior (thanks to Adam Conrad) LP: #1429041 apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium * apt-pkg/deb/dpkgpm.cc: - update string matching for dpkg I/O errors. (LP: #1363257) - properly parse the dpkg status line so that package name is properly set and an apport report is created. Thanks to Anders Kaseorg for the patch. (LP: #1353171) apt (1.0.1ubuntu2.5) trusty-security; urgency=low * SECURITY UPDATE: - cmdline/apt-get.cc: fix insecure tempfile handling in apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low * SECURITY UPDATE: - fix potential buffer overflow, thanks to the Google Security Team (CVE-2014-6273) * Fix regression from the previous upload when file:/// sources are used and those are on a different partition than the apt state directory * Fix regression when Dir::state::lists is set to a relative path * Fix regression when cdrom: sources got rewriten by apt-cdrom add apt (1.0.1ubuntu2.3) trusty-security; urgency=low * SECURITY UPDATE: - incorrect invalidating of unauthenticated data (CVE-2014-0488) - incorect verification of 304 reply (CVE-2014-0487) - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489) --- test/integration/cachedb-lp1274466-old-format.db | Bin 8192 -> 0 bytes test/integration/deb-lp1274466-cachedb.deb | Bin 1270 -> 0 bytes test/integration/framework | 8 +- test/integration/test-apt-ftparchive-cachedb | 100 ----------- .../test-apt-ftparchive-cachedb-lp1274466 | 50 ------ test/integration/test-apt-ftparchive-src-cachedb | 193 --------------------- test/integration/test-apt-http-overflow | 35 ++++ test/integration/test-apt-update-file | 36 ++++ test/integration/test-apt-update-stale | 46 +++++ test/integration/test-apt-update-unauth | 48 +++++ .../test-bug-747261-arch-specific-conflicts | 51 ------ test/integration/test-bug-762160-relpath | 17 ++ test/integration/test-failing-maintainer-scripts | 2 +- test/integration/test-hashsum-verification | 14 +- 14 files changed, 196 insertions(+), 404 deletions(-) delete mode 100644 test/integration/cachedb-lp1274466-old-format.db delete mode 100644 test/integration/deb-lp1274466-cachedb.deb delete mode 100755 test/integration/test-apt-ftparchive-cachedb delete mode 100755 test/integration/test-apt-ftparchive-cachedb-lp1274466 delete mode 100755 test/integration/test-apt-ftparchive-src-cachedb create mode 100755 test/integration/test-apt-http-overflow create mode 100755 test/integration/test-apt-update-file create mode 100755 test/integration/test-apt-update-stale create mode 100755 test/integration/test-apt-update-unauth delete mode 100755 test/integration/test-bug-747261-arch-specific-conflicts create mode 100755 test/integration/test-bug-762160-relpath (limited to 'test') diff --git a/test/integration/cachedb-lp1274466-old-format.db b/test/integration/cachedb-lp1274466-old-format.db deleted file mode 100644 index 88da5f1ee..000000000 Binary files a/test/integration/cachedb-lp1274466-old-format.db and /dev/null differ diff --git a/test/integration/deb-lp1274466-cachedb.deb b/test/integration/deb-lp1274466-cachedb.deb deleted file mode 100644 index 43d7ee6f1..000000000 Binary files a/test/integration/deb-lp1274466-cachedb.deb and /dev/null differ diff --git a/test/integration/framework b/test/integration/framework index 4f0a69994..3b900a960 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -36,7 +36,7 @@ msgndebug() { echo -n "${CDEBUG}D: $1${CNORMAL}"; } msgtest() { while [ -n "$1" ]; do echo -n "${CINFO}$1${CCMD} " - echo -n "$(echo "$2" | sed -e 's#^apt\([cgfs]\)#apt-\1#')${CINFO} " + echo -n "$(echo "$2" | sed -e 's/^aptc/apt-c/' -e 's/^aptg/apt-g/' -e 's/^aptf/apt-f/')${CINFO} " shift if [ -n "$1" ]; then shift; else break; fi done @@ -114,7 +114,6 @@ aptget() { runapt apt-get "$@"; } aptftparchive() { runapt apt-ftparchive "$@"; } aptkey() { runapt apt-key "$@"; } aptmark() { runapt apt-mark "$@"; } -aptsortpkgs() { runapt apt-sortpkgs "$@"; } apt() { runapt apt "$@"; } apthelper() { runapt "${APTHELPERBINDIR}/apt-helper" "$@"; } aptwebserver() { runapt "${APTWEBSERVERBINDIR}/aptwebserver" "$@"; } @@ -129,10 +128,7 @@ dpkgcheckbuilddeps() { } gdb() { echo "gdb: run »$*«" - CMD="$1" - shift - - APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${LIBRARYPATH} command gdb ${BUILDDIRECTORY}/$CMD --args ${BUILDDIRECTORY}/$CMD "$@" + APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${LIBRARYPATH} command gdb ${BUILDDIRECTORY}/$1 --args "$@" } gpg() { # see apt-key for the whole trickery. Setup is done in setupenvironment diff --git a/test/integration/test-apt-ftparchive-cachedb b/test/integration/test-apt-ftparchive-cachedb deleted file mode 100755 index 147272a2c..000000000 --- a/test/integration/test-apt-ftparchive-cachedb +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh -set -e - -ensure_correct_packages_file() { - testequal "Package: foo -Priority: optional -Section: others -Installed-Size: 29 -Maintainer: Joe Sixpack -Architecture: i386 -Version: 1 -Filename: pool/main/foo_1_i386.deb" head -n8 ./aptarchive/dists/test/main/binary-i386/Packages -} - -ensure_correct_contents_file() { - testequal "usr/bin/foo-i386 others/foo -usr/share/doc/foo/FEATURES others/foo -usr/share/doc/foo/changelog others/foo -usr/share/doc/foo/copyright others/foo" cat ./aptarchive/dists/test/Contents-i386 -} - -# -# main() -# -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework -setupenvironment -configarchitecture "i386" - -mkdir -p aptarchive/dists/test/main/i18n/ -mkdir -p aptarchive/dists/test/main/source/ -mkdir -p aptarchive/dists/test/main/binary-i386 -mkdir -p aptarchive/pool/main - -mkdir aptarchive-overrides -mkdir aptarchive-cache -cat > ftparchive.conf <<"EOF" -Dir { - ArchiveDir "./aptarchive"; - OverrideDir "./aptarchive-overrides"; - CacheDir "./aptarchive-cache"; -}; - -Default { - Packages::Compress ". gzip bzip2"; - Contents::Compress ". gzip bzip2"; - LongDescription "false"; -}; - -TreeDefault { - BinCacheDB "packages-$(SECTION)-$(ARCH).db"; - - Directory "pool/$(SECTION)"; - SrcDirectory "pool/$(SECTION)"; - - Packages "$(DIST)/$(SECTION)/binary-$(ARCH)/Packages"; - Contents "$(DIST)/Contents-$(ARCH)"; -}; - -Tree "dists/test" { - Sections "main"; - Architectures "i386"; - -}; -EOF - -# build one pacakge -buildsimplenativepackage 'foo' 'i386' '1' 'test' -mv incoming/* aptarchive/pool/main/ - -# generate (empty cachedb) -aptftparchive generate ftparchive.conf -o APT::FTPArchive::ShowCacheMisses=1 2> stats-out.txt -ensure_correct_packages_file -ensure_correct_contents_file -testequal " Misses in Cache: 2 - dists/test/Contents-i386: New 402 B Misses in Cache: 0" grep Misses stats-out.txt - -# generate again -aptftparchive generate ftparchive.conf -o APT::FTPArchive::ShowCacheMisses=1 2> stats-out.txt -ensure_correct_packages_file -ensure_correct_contents_file -testequal " Misses in Cache: 0 - dists/test/Contents-i386: Misses in Cache: 0" grep Misses stats-out.txt - -# and again (with removing the Packages file) -rm -f ./aptarchive/dists/test/main/binary-i386/* -rm -f ./aptarchive/dists/test/Contents-i386 -aptftparchive generate ftparchive.conf -o APT::FTPArchive::ShowCacheMisses=1 2> stats-out.txt -ensure_correct_packages_file -ensure_correct_contents_file -testequal " Misses in Cache: 0 - dists/test/Contents-i386: New 402 B Misses in Cache: 0" grep Misses stats-out.txt - -# and clean -rm -rf aptarchive/pool/main/* -testequal "packages-main-i386.db" aptftparchive clean ftparchive.conf -aptftparchive clean ftparchive.conf -o Debug::APT::FTPArchive::Clean=1 > clean-out.txt 2>&1 -testequal "0 Number of unique keys in the tree" grep unique clean-out.txt -testequal "packages-main-i386.db" grep packages-main-i386.db clean-out.txt - diff --git a/test/integration/test-apt-ftparchive-cachedb-lp1274466 b/test/integration/test-apt-ftparchive-cachedb-lp1274466 deleted file mode 100755 index f26a19d83..000000000 --- a/test/integration/test-apt-ftparchive-cachedb-lp1274466 +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -set -e - - -# -# main() -# -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework -setupenvironment -configarchitecture "i386" - -# gather the db and the deb, ensure mtime is not modfied as its saved in the DB -cp -p $TESTDIR/deb-lp1274466-cachedb.deb foo_1_i386.deb -cp $TESTDIR/cachedb-lp1274466-old-format.db old-format.db - -# verify that the format is different -testsuccess aptftparchive --db new-format.db packages . -db_dump new-format.db > new-format.dump -db_dump old-format.db > old-format.dump -testfailure diff -u old-format.dump new-format.dump - -# ensure the new format as the sha512 -testsuccess grep 7da58ff901a40ecf42a730dc33198b182e9ba9ec98799fc2c2b6fabeeee40cc12a0e7cadb4b66764235c56e1009dbfe8a9a566fb1eedf47a992d1fff2cc3332c new-format.dump -# but the old format does not -testfailure grep 7da58ff901a40ecf42a730dc33198b182e9ba9ec98799fc2c2b6fabeeee40cc12a0e7cadb4b66764235c56e1009dbfe8a9a566fb1eedf47a992d1fff2cc3332c old-format.dump - -# regression test for corruption with previous generation of cachedb -testequal "Package: foo -Priority: optional -Section: others -Installed-Size: 29 -Maintainer: Joe Sixpack -Architecture: i386 -Version: 1 -Filename: ./foo_1_i386.deb -Size: 1270 -MD5sum: 85d0e908c1a897700e2c5dea72d7e3c0 -SHA1: 858b09169032b7925a0e463f46b6634243fc40ce -SHA256: 3750a2c9c6b5beee7f307564be3d51d3ec7cbb78fa4f0b47f84a7c41477bff59 -SHA512: 7da58ff901a40ecf42a730dc33198b182e9ba9ec98799fc2c2b6fabeeee40cc12a0e7cadb4b66764235c56e1009dbfe8a9a566fb1eedf47a992d1fff2cc3332c -Description: an autogenerated dummy foo=1/test - If you find such a package installed on your system, - something went horribly wrong! They are autogenerated - und used only by testcases and surf no other propose… -" aptftparchive --db old-format.db packages . - -# ensure that the db is updated -db_dump old-format.db > old-format.dump -testsuccess grep 7da58ff901a40ecf42a730dc33198b182e9ba9ec98799fc2c2b6fabeeee40cc12a0e7cadb4b66764235c56e1009dbfe8a9a566fb1eedf47a992d1fff2cc3332c old-format.dump diff --git a/test/integration/test-apt-ftparchive-src-cachedb b/test/integration/test-apt-ftparchive-src-cachedb deleted file mode 100755 index adcca6217..000000000 --- a/test/integration/test-apt-ftparchive-src-cachedb +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/sh -set -e - -assert_correct_sources_file() { - testequal "Package: bar -Architecture: all -Version: 1.0 -Binary: bar -Format: 3.0 (native) -Directory: pool/main -Files: - 7b57dd065e51de5905288a5104d4bef5 406 bar_1.0.dsc - d41d8cd98f00b204e9800998ecf8427e 0 bar_1.0.tar.gz -Package-List: - bar deb admin extra -Checksums-Sha1: - 17a40b76715f393ab7fd6485c9392a02f1adf903 406 bar_1.0.dsc - da39a3ee5e6b4b0d3255bfef95601890afd80709 0 bar_1.0.tar.gz -Checksums-Sha256: - d9d7507f66a89258b6920aca47747d7a30e0e64b09ecabbf02b2efbdabf840a9 406 bar_1.0.dsc - e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 bar_1.0.tar.gz -Checksums-Sha512: - ee0a9bfb6614159b45203fc29487d4f37387993ca0e6d6f27b80010498f3731d75753188ece307508ae9af0259bd11a6af15a1a38f0b87dbd5ea1273b7a7d53e 406 bar_1.0.dsc - cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e 0 bar_1.0.tar.gz - -Package: foo -Architecture: all -Version: 1.0 -Binary: foo -Format: 3.0 (native) -Directory: pool/main -Files: - d144826e6f02831c1933e910c92cd7e0 171 foo_1.0.dsc - d41d8cd98f00b204e9800998ecf8427e 0 foo_1.0.tar.gz -Package-List: - foo deb admin extra -Checksums-Sha1: - 979306aa3ccff3d61bba062bb6977e2493c6f907 171 foo_1.0.dsc - da39a3ee5e6b4b0d3255bfef95601890afd80709 0 foo_1.0.tar.gz -Checksums-Sha256: - 8c780af8b5a6d5b3c2e2f9518940beebea52ac6d6ad7b52c082dc925cfe5b532 171 foo_1.0.dsc - e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 foo_1.0.tar.gz -Checksums-Sha512: - 3da0240fd764657c2f3661b4d750578a9a99b0580591b133756379d48117ebda87a5ed2467f513200d6e7eaf51422cbe91c15720eef7fb4bba2cc8ff81ebc547 171 foo_1.0.dsc - cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e 0 foo_1.0.tar.gz -" aptsortpkgs ./aptarchive/dists/test/main/source/Sources -} - -create_source_files() { - NAME="$1" - REQUEST_CLEARSIGN="$2" - - TARFILE="aptarchive/pool/main/${NAME}_1.0.tar.gz" - DSC_FILE="aptarchive/pool/main/${NAME}_1.0.dsc" - touch $TARFILE - if [ "$REQUEST_CLEARSIGN" = "CLEARSIGN" ]; then - printf -- "-----BEGIN PGP SIGNED MESSAGE-----\n\n" > $DSC_FILE - fi - cat >> $DSC_FILE << EOF -Format: 3.0 (native) -Source: $NAME -Binary: $NAME -Architecture: all -Version: 1.0 -Package-List: - $NAME deb admin extra -Files: - $(md5sum $TARFILE|cut -f1 -d' ') $(stat --print="%s" $TARFILE) ${NAME}_1.0.tar.gz -EOF - if [ "$REQUEST_CLEARSIGN" = "CLEARSIGN" ]; then - cat >> $DSC_FILE < dists/test/main/source/Sources \ - 2> stats-out.txt - testequal " Misses in Cache: 2" grep Misses stats-out.txt -) -assert_correct_sources_file - -# generate with --db option (again to ensure its in the cache) -(cd aptarchive && aptftparchive --db ./test.db sources pool/main/ \ - -o APT::FTPArchive::ShowCacheMisses=1 \ - > dists/test/main/source/Sources \ - 2> stats-out.txt - testequal " Misses in Cache: 0" grep Misses stats-out.txt -) -assert_correct_sources_file - - - -# get ready for the "apt-ftparchive generate" command -cat > apt-ftparchive.conf <<"EOF" -Dir { - ArchiveDir "./aptarchive"; - OverrideDir "./aptarchive-overrides"; - CacheDir "./aptarchive-cache"; -}; - -Default { - Packages::Compress ". gzip bzip2"; - Contents::Compress ". gzip bzip2"; - LongDescription "false"; -}; - -TreeDefault { - BinCacheDB "packages-$(SECTION)-$(ARCH).db"; - SrcCacheDB "sources-$(SECTION).db"; - - Directory "pool/$(SECTION)"; - SrcDirectory "pool/$(SECTION)"; - - Sources "$(DIST)/$(SECTION)/source/Sources"; -}; - -Tree "dists/test" { - Sections "main"; - Architectures "source"; - -}; -EOF - -# generate (empty cachedb) -aptftparchive generate apt-ftparchive.conf -o APT::FTPArchive::ShowCacheMisses=1 2> stats-out.txt -testequal " Misses in Cache: 2" grep Misses stats-out.txt -assert_correct_sources_file - - -# generate again out of the cache -rm -f ./aptarchive/dists/test/main/source/Sources -aptftparchive generate apt-ftparchive.conf -o APT::FTPArchive::ShowCacheMisses=1 2> stats-out.txt -testequal " Misses in Cache: 0" grep Misses stats-out.txt -assert_correct_sources_file - - - -# generate invalid files -mkdir aptarchive/pool/invalid -printf "meep" > aptarchive/pool/invalid/invalid_1.0.dsc -testequal " -E: Could not find a Source entry in the DSC 'aptarchive/pool/invalid/invalid_1.0.dsc'" aptftparchive sources aptarchive/pool/invalid -rm -f aptarchive/pool/invalid/invalid_1.0.dsc - -dd if=/dev/zero of="aptarchive/pool/invalid/toobig_1.0.dsc" bs=1k count=129 2>/dev/null -testequal " -E: DSC file 'aptarchive/pool/invalid/toobig_1.0.dsc' is too large!" aptftparchive sources aptarchive/pool/invalid - -# ensure clean works -rm -f aptarchive/pool/main/* -aptftparchive clean apt-ftparchive.conf -o Debug::APT::FTPArchive::Clean=1 > clean-out.txt 2>&1 -testequal "0 Number of unique keys in the tree" grep unique clean-out.txt -testequal "sources-main.db" grep sources-main.db clean-out.txt - - diff --git a/test/integration/test-apt-http-overflow b/test/integration/test-apt-http-overflow new file mode 100755 index 000000000..b58b79cf4 --- /dev/null +++ b/test/integration/test-apt-http-overflow @@ -0,0 +1,35 @@ +#!/bin/sh +# +# Ensure we do not crash on long urls +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "amd64" +configcompression '.' 'gz' + +insertpackage 'unstable' 'foo' 'all' '1.0' + +setupaptarchive --no-update +changetowebserver + +rm -f rootdir/var/cache/apt/*.bin +sed -i 's#Filename: pool/main/foo/foo_1.0_all.deb#Filename: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx#' \ + aptarchive/dists/unstable/main/binary-amd64/Packages +gzip -c aptarchive/dists/unstable/main/binary-amd64/Packages > \ + aptarchive/dists/unstable/main/binary-amd64/Packages.gz +bzip2 -c aptarchive/dists/unstable/main/binary-amd64/Packages > \ + aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 + +generatereleasefiles +signreleasefiles + +testsuccess aptget update +msgmsg "Ensure http does not segfault" + +aptget install foo -qq 2> output.log || true +grep -q 'Unable to fetch some archives, ' output.log && msgpass || msgfail + diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file new file mode 100755 index 000000000..fbcd473cc --- /dev/null +++ b/test/integration/test-apt-update-file @@ -0,0 +1,36 @@ +#!/bin/sh +# +# Ensure that we do not modify file:/// uris (regression test for +# CVE-2014-0487 +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "amd64" +configcompression 'bz2' 'gz' + +insertpackage 'unstable' 'foo' 'all' '1.0' + +umask 022 +setupaptarchive --no-update + +# ensure the archive is not writable +chmod 550 aptarchive/dists/unstable/main/binary-amd64 + +testsuccess aptget update -qq +testsuccess aptget update -qq +aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log + +# ensure that the hash of the uncompressed file was verified even on a local +# ims hit +canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')" +grep -q "RecivedHash: $canary" output.log + +# foo is still available +testsuccess aptget install -s foo + +# the cleanup should still work +chmod 750 aptarchive/dists/unstable/main/binary-amd64 diff --git a/test/integration/test-apt-update-stale b/test/integration/test-apt-update-stale new file mode 100755 index 000000000..780ff79af --- /dev/null +++ b/test/integration/test-apt-update-stale @@ -0,0 +1,46 @@ +#!/bin/sh +# +# Ensure that a MITM can not stale the Packages/Sources without +# raising a error message. Note that the Release file is protected +# via the "Valid-Until" header +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +insertpackage 'unstable' 'foo' 'all' '1.0' + +setupaptarchive +changetowebserver +aptget update -qq + +# insert new version +mkdir aptarchive/dists/unstable/main/binary-i386/saved +cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \ + aptarchive/dists/unstable/main/binary-i386/saved +insertpackage 'unstable' 'foo' 'all' '2.0' + +# not using compressfile for compat with older apt releases +gzip -c aptarchive/dists/unstable/main/binary-i386/Packages > \ + aptarchive/dists/unstable/main/binary-i386/Packages.gz +generatereleasefiles +signreleasefiles + +# ensure that we do not get a I-M-S hit for the Release file +touch -d "+1hour" aptarchive/dists/unstable/*Release* + +# but now only deliver the previous Packages file instead of the new one +# (simulating a stale attack) +cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \ + aptarchive/dists/unstable/main/binary-i386/ + +# ensure this raises a error +testequal "W: Failed to fetch http://localhost:8080/dists/unstable/main/binary-i386/Packages Hash Sum mismatch + +E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + + diff --git a/test/integration/test-apt-update-unauth b/test/integration/test-apt-update-unauth new file mode 100755 index 000000000..13487603c --- /dev/null +++ b/test/integration/test-apt-update-unauth @@ -0,0 +1,48 @@ +#!/bin/sh +# +# Ensure that when going from unauthenticated to authenticated all +# files are checked again +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +insertpackage 'unstable' 'foo' 'all' '1.0' +insertsource 'unstable' 'foo' 'all' '1.0' + +setupaptarchive +changetowebserver + +runtest() { + # start unauthenticated + find rootdir/var/lib/apt/lists/ -type f | xargs rm -f + rm -f aptarchive/dists/unstable/*Release* + aptget update -qq + + # become authenticated + generatereleasefiles + signreleasefiles + + # and ensure we do download the data again + msgtest "Check that the data is check when going to authenticated" + if aptget update |grep -q Hit; then + msgfail + else + msgpass + fi +} + +for COMPRESSEDINDEXES in 'false' 'true'; do + echo "Acquire::GzipIndexes \"$COMPRESSEDINDEXES\";" > rootdir/etc/apt/apt.conf.d/compressindexes + if $COMPRESSEDINDEXES; then + msgmsg 'Run tests with GzipIndexes enabled' + else + msgmsg 'Run tests with GzipIndexes disabled' + fi + + runtest +done diff --git a/test/integration/test-bug-747261-arch-specific-conflicts b/test/integration/test-bug-747261-arch-specific-conflicts deleted file mode 100755 index be971b89e..000000000 --- a/test/integration/test-bug-747261-arch-specific-conflicts +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -set -e - -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework -setupenvironment -configarchitecture 'amd64' 'sparc' 'armel' - -msgtest 'Check that dpkg supports' 'arch-specific dependencies' -set +e -# this fails always, the question is just how it fails -dpkg-checkbuilddeps -d 'foobar:barfoo' /dev/null 2>/dev/null >/dev/null -RETURNCODE=$? -set -e -if [ "$RETURNCODE" != '1' ]; then - dpkg-checkbuilddeps -d 'foobar:barfoo' /dev/null || true - echo "Command had returncode: $RETURNCODE" - msgskip - exit 0 -else - msgpass -fi - -buildsimplenativepackage 'libc6' 'amd64,sparc,armel' '1' 'stable' 'Multi-Arch: same' -buildsimplenativepackage 'libc6-i386' 'amd64' '1' 'stable' 'Conflicts: libc6:sparc' - -setupaptarchive - -testsuccess aptget install 'libc6:amd64' 'libc6:sparc' -y -testdpkginstalled 'libc6:amd64' 'libc6:sparc' -testdpkgnotinstalled 'libc6-i386' 'libc6:armel' - -testsuccess aptget install libc6-i386 -y -testdpkginstalled 'libc6:amd64' 'libc6-i386' -testdpkgnotinstalled 'libc6:sparc' 'libc6:armel' - -testsuccess aptget install libc6:armel -y -testdpkginstalled 'libc6:amd64' 'libc6:armel' 'libc6-i386' -testdpkgnotinstalled 'libc6:sparc' - -testsuccess aptget install libc6:sparc -y -testdpkginstalled 'libc6:amd64' 'libc6:armel' 'libc6:sparc' -testdpkgnotinstalled 'libc6-i386' - -testsuccess aptget purge 'libc6:*' 'libc6-i386' -y -testdpkgnotinstalled 'libc6:amd64' 'libc6:armel' 'libc6:sparc' 'libc6-i386' - -# check that (the actually simpler) single arch is fine, too -configarchitecture 'amd64' -testfailure aptget install libc6:sparc -s -testsuccess aptget install libc6 libc6-i386 -y diff --git a/test/integration/test-bug-762160-relpath b/test/integration/test-bug-762160-relpath new file mode 100755 index 000000000..204587727 --- /dev/null +++ b/test/integration/test-bug-762160-relpath @@ -0,0 +1,17 @@ +#!/bin/sh +# regresion test for bug #762160 where apt-get update fails when a +# relative directory is given +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'amd64' + +insertpackage 'unstable' 'foo' 'all' '1' +setupaptarchive +changetowebserver + +testsuccess aptget update -o Dir=./rootdir +testsuccess aptget update -o Dir=./rootdir \ No newline at end of file diff --git a/test/integration/test-failing-maintainer-scripts b/test/integration/test-failing-maintainer-scripts index 3dd7d643e..cb82ebc7a 100755 --- a/test/integration/test-failing-maintainer-scripts +++ b/test/integration/test-failing-maintainer-scripts @@ -86,7 +86,7 @@ testmyfailure() { testfailure "$@" -o APT::Status-Fd=3 msgtest 'Test for failure message of maintainerscript in' 'console log' local TEST='rootdir/tmp/testfailure.output' - if grep -q 'exit status 29' "$TEST"; then + if grep -q 'exit status 29$' "$TEST"; then msgpass else cat $TEST diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification index e77efb46e..2a400dcb4 100755 --- a/test/integration/test-hashsum-verification +++ b/test/integration/test-hashsum-verification @@ -64,7 +64,7 @@ runtest() { msgtest 'No package from the source available' [ "$(aptcache show apt 2>&1)" = "E: No packages found" ] && msgpass || msgfail msgtest 'No Packages file in /var/lib/apt/lists' - [ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null)" = "" ] && msgpass || msgfail + [ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null | grep -v FAILED 2>/dev/null)" = "" ] && msgpass || msgfail # now with the unsigned Release file rm -rf rootdir/var/lib/apt/lists @@ -75,5 +75,13 @@ runtest() { } -runtest - +for COMPRESSEDINDEXES in 'false' 'true'; do + echo "Acquire::GzipIndexes \"$COMPRESSEDINDEXES\";" > rootdir/etc/apt/apt.conf.d/compressindexes + if $COMPRESSEDINDEXES; then + msgmsg 'Run tests with GzipIndexes enabled' + else + msgmsg 'Run tests with GzipIndexes disabled' + fi + + runtest +done -- cgit v1.2.3