blob: fbcd473ccb70cdb96167d58b02451dbb852daa26 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#!/bin/sh
#
# Ensure that we do not modify file:/// uris (regression test for
# CVE-2014-0487
#
set -e
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
setupenvironment
configarchitecture "amd64"
configcompression 'bz2' 'gz'
insertpackage 'unstable' 'foo' 'all' '1.0'
umask 022
setupaptarchive --no-update
# ensure the archive is not writable
chmod 550 aptarchive/dists/unstable/main/binary-amd64
testsuccess aptget update -qq
testsuccess aptget update -qq
aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log
# ensure that the hash of the uncompressed file was verified even on a local
# ims hit
canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')"
grep -q "RecivedHash: $canary" output.log
# foo is still available
testsuccess aptget install -s foo
# the cleanup should still work
chmod 750 aptarchive/dists/unstable/main/binary-amd64
|
