summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorMichael Vogt <egon@debian-devbox>2013-03-14 14:26:43 +0100
committerMichael Vogt <egon@debian-devbox>2013-03-14 14:26:43 +0100
commit55971004215609a02ca19c59bd058da20729ba11 (patch)
tree2cd26c24d0304768750c80d8361d6a031d8f99e4 /test
parentee5505af11ee4708704a296bddac5120314ef37a (diff)
downloadapt-55971004215609a02ca19c59bd058da20729ba11.tar.gz
* SECURITY UPDATE: InRelease verification bypass0.9.7.8
- CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw
Diffstat (limited to 'test')
-rwxr-xr-xtest/integration/test-bug-595691-empty-and-broken-archive-files30
-rwxr-xr-xtest/integration/test-releasefile-verification4
2 files changed, 13 insertions, 21 deletions
diff --git a/test/integration/test-bug-595691-empty-and-broken-archive-files b/test/integration/test-bug-595691-empty-and-broken-archive-files
index 63883b380..4611b8b8e 100755
--- a/test/integration/test-bug-595691-empty-and-broken-archive-files
+++ b/test/integration/test-bug-595691-empty-and-broken-archive-files
@@ -13,7 +13,7 @@ setupflataptarchive
testaptgetupdate() {
rm -rf rootdir/var/lib/apt
aptget update 2>> testaptgetupdate.diff >> testaptgetupdate.diff || true
- sed -i -e '/^Fetched / d' -e '/Ign / d' -e 's#\[[0-9]* [kMGTPY]*B\]#\[\]#' testaptgetupdate.diff
+ sed -i -e '/^Fetched / d' -e '/Ign / d' -e '/Release/ d' -e 's#Get:[0-9]\+ #Get: #' -e 's#\[[0-9]* [kMGTPY]*B\]#\[\]#' testaptgetupdate.diff
GIVEN="$1"
shift
msgtest "Test for correctness of" "apt-get update with $*"
@@ -81,22 +81,18 @@ testoverfile() {
setupcompressor "$1"
createemptyfile 'en'
- testaptgetupdate "Get:1 file: InRelease []
-Reading package lists..." "empty file en.$COMPRESS over file"
+ testaptgetupdate 'Reading package lists...' "empty file en.$COMPRESS over file"
createemptyarchive 'en'
- testaptgetupdate "Get:1 file: InRelease []
-Reading package lists..." "empty archive en.$COMPRESS over file"
+ testaptgetupdate 'Reading package lists...' "empty archive en.$COMPRESS over file"
createemptyarchive 'Packages'
# FIXME: Why omits the file transport the Packages Get line?
#Get:3 file: Packages []
- testaptgetupdate "Get:1 file: InRelease []
-Reading package lists..." "empty archive Packages.$COMPRESS over file"
+ testaptgetupdate 'Reading package lists...' "empty archive Packages.$COMPRESS over file"
createemptyfile 'Packages'
- testaptgetupdate "Get:1 file: InRelease []
-Err file: Packages
+ testaptgetupdate "Err file: Packages
Empty files can't be valid archives
W: Failed to fetch ${COMPRESSOR}:$(readlink -f aptarchive/Packages.$COMPRESS) Empty files can't be valid archives
@@ -107,26 +103,22 @@ testoverhttp() {
setupcompressor "$1"
createemptyfile 'en'
- testaptgetupdate "Get:1 http://localhost InRelease []
-Get:2 http://localhost Packages []
-Get:3 http://localhost Translation-en
+ testaptgetupdate "Get: http://localhost Packages []
+Get: http://localhost Translation-en
Reading package lists..." "empty file en.$COMPRESS over http"
createemptyarchive 'en'
- testaptgetupdate "Get:1 http://localhost InRelease []
-Get:2 http://localhost Packages []
-Get:3 http://localhost Translation-en []
+ testaptgetupdate "Get: http://localhost Packages []
+Get: http://localhost Translation-en []
Reading package lists..." "empty archive en.$COMPRESS over http"
createemptyarchive 'Packages'
- testaptgetupdate "Get:1 http://localhost InRelease []
-Get:2 http://localhost Packages []
+ testaptgetupdate "Get: http://localhost Packages []
Reading package lists..." "empty archive Packages.$COMPRESS over http"
createemptyfile 'Packages'
#FIXME: we should response with a good error message instead
- testaptgetupdate "Get:1 http://localhost InRelease []
-Get:2 http://localhost Packages
+ testaptgetupdate "Get: http://localhost Packages
Err http://localhost Packages
Empty files can't be valid archives
W: Failed to fetch ${COMPRESSOR}:$(readlink -f rootdir/var/lib/apt/lists/partial/localhost:8080_Packages) Empty files can't be valid archives
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index d3ea91de5..01fb2e529 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -184,5 +184,5 @@ runtest2
DELETEFILE="InRelease"
runtest
-DELETEFILE="Release.gpg"
-runtest
+#DELETEFILE="Release.gpg"
+#runtest