You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

74 lines
2.4 KiB

  1. #!/bin/sh
  2. #
  3. # Ensure that we do not modify file:/// uris (regression test for
  4. # CVE-2014-0487
  5. #
  6. set -e
  7. TESTDIR="$(readlink -f "$(dirname "$0")")"
  8. . "$TESTDIR/framework"
  9. setupenvironment
  10. configarchitecture "amd64"
  11. configcompression 'bz2' 'gz'
  12. confighashes 'SHA512'
  13. insertpackage 'unstable' 'foo' 'all' '1'
  14. insertpackage 'unstable' 'bar' 'amd64' '1'
  15. insertsource 'unstable' 'foo' 'all' '1'
  16. setupaptarchive --no-update
  17. # ensure the archive is not writable
  18. addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
  19. if [ "$(id -u)" = '0' ]; then
  20. # too deep to notice it, but it also unlikely that files in the same repo have different permissions
  21. chmod 500 aptarchive/dists/unstable/main/binary-all
  22. testfailure aptget update
  23. rm -rf rootdir/var/lib/apt/lists
  24. chmod 755 aptarchive/dists/unstable/main/binary-all
  25. testsuccess aptget update
  26. rm -rf rootdir/var/lib/apt/lists
  27. chmod 511 aptarchive/dists/
  28. testsuccess aptget update
  29. rm -rf rootdir/var/lib/apt/lists
  30. chmod 510 aptarchive/dists/
  31. testsuccesswithnotice aptget update
  32. rm -rf rootdir/var/lib/apt/lists
  33. chmod 500 aptarchive/dists/
  34. testsuccesswithnotice aptget update
  35. exit
  36. fi
  37. chmod 555 aptarchive/dists/unstable/main/binary-all
  38. testsuccess aptget update
  39. # the release files aren't an IMS-hit, but the indexes are
  40. redatereleasefiles '+1 hour'
  41. # we don't download the index if it isn't updated
  42. testsuccess aptget update -o Debug::pkgAcquire::Auth=1
  43. # file:/ isn't shown in the log, so see if it was downloaded anyhow
  44. cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
  45. canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
  46. testfailure grep -- "$canary" rootdir/tmp/update.output
  47. testfoo() {
  48. # foo is still available
  49. testsuccess aptget install -s foo
  50. testsuccess aptcache showsrc foo
  51. testsuccess aptget source foo --print-uris
  52. }
  53. testfoo
  54. # the release file is new again, the index still isn't, but it is somehow gone now from disk
  55. redatereleasefiles '+2 hour'
  56. find rootdir/var/lib/apt/lists -name '*_Packages*' -delete
  57. testsuccess aptget update -o Debug::pkgAcquire::Auth=1
  58. # file:/ isn't shown in the log, so see if it was downloaded anyhow
  59. cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
  60. canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
  61. testsuccess grep -- "$canary" rootdir/tmp/update.output
  62. testfoo