Details
Description
To reproduce:
- Extract an update using regular tar xf update.mender.
- Open the manifest file and change any of the checksums for the headers, but not the payload (data).
- Try to apply the update with mender -rootfs.
Mender accepts the update even though it shouldn't. This is a serious issue because it allows an attacker to make arbitrary changes to state scripts of a signed update.
Acceptance criteria:
- Mender should not accept wrong checksum on any headers.
- This must be tested in acceptance tests
- The test_signed_updates test might be a good place to add it. It already deals with corrupting checksums and trying to update using those.
- Must update vendored dependency in all repositories that vendor mender-artifact, including the servers.