HCoop / ntk / apt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix regression for file:/// uris from CVE-2014-0487
[ntk/apt.git] / test / integration / test-apt-update-file
diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file
new file mode 100755 (executable)
index 0000000..069f8ba
--- /dev/null
+++ b/test/integration/test-apt-update-file
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# Ensure that we do not modify file:/// uris (regression test for
+# CVE-2014-0487
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "amd64"
+configcompression 'bz2' 'gz' 
+
+insertpackage 'unstable' 'foo' 'all' '1.0'
+
+umask 022
+setupaptarchive --no-update
+
+# ensure the archive is not writable
+chmod 550 aptarchive/dists/unstable/main/binary-amd64
+
+testsuccess aptget update -qq
+testsuccess aptget update -qq
+
+# the cleanup should still work
+chmod 750 aptarchive/dists/unstable/main/binary-amd64
ntk's bugfix for apt