cmdline/apt-get.cc: create the mkdtemp dir in /tmp

[apt.git] / cmdline / apt-get.cc

diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 0d67585a7616ab9377e8239db05619012f197372..53def383de0071279dfd4f18e23bac2e5cb75f8c 100644 (file)
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -2735,14 +2735,15 @@ bool DoBuildDep(CommandLine &CmdL)
                                                                        /*}}}*/
 // DownloadChangelog - Download the changelog                          /*{{{*/
 // ---------------------------------------------------------------------
-string DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, pkgCache::VerIterator V)
+bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, pkgCache::VerIterator V, string targetfile)
 {
-   string uri;
    string srcpkg;
    string prefix;
    string descr;
    string src_section;
    string verstr;
+   string server;
+   string path;
 
    // data structures we need
    pkgRecords Recs(CacheFile);
@@ -2767,29 +2768,20 @@ string DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, pkgCache::Ve
    if(verstr.find(':')!=verstr.npos)
       verstr=string(verstr, verstr.find(':')+1);
 
-   strprintf(uri, "http://packages.debian.org/changelogs/pool/%s/%s/%s/%s_%s/changelog", src_section.c_str(), prefix.c_str(), srcpkg.c_str(), srcpkg.c_str(), verstr.c_str());
-
-   AcqTextStatus Stat(ScreenWidth, _config->FindI("quiet",0));
-   Fetcher.Setup(&Stat);
-
-   // temp file
-   char *tmpdir = mkdtemp(strdup("apt-changelog-XXXXXX"));
-   if (tmpdir == NULL) {
-      _error->Errno("mkdtemp", "mkdtemp failed");
-      return "";
-   }
-   string targetfile = string(tmpdir) + "changelog";
-
+   // make the server configurable
+   server = _config->Find("Apt::Changelogs::Server",
+                          "http://packages.debian.org/");
+   // ... but not the format string to avoid all possible attacks
+   strprintf(path, "/changelogs/pool/%s/%s/%s/%s_%s/changelog", src_section.c_str(), prefix.c_str(), srcpkg.c_str(), srcpkg.c_str(), verstr.c_str());
    // get it
-   new pkgAcqFile(&Fetcher, uri, "", 0, descr, srcpkg, tmpdir);
+   new pkgAcqFile(&Fetcher, server+path, "", 0, descr, srcpkg, "ignored", targetfile);
    int res = Fetcher.Run();
-   free(tmpdir);
 
    if (FileExists(targetfile))
-      return targetfile;
+      return true;
 
    // error
-   return "";
+   return _error->Error("changelog download failed");
 }
                                                                        /*}}}*/
 // DisplayFileInPager - Display File with pager                                /*{{{*/
@@ -2822,22 +2814,29 @@ bool DoChangelog(CommandLine &CmdL)
    APT::VersionSet verset = APT::VersionSet::FromCommandLine(Cache,
                CmdL.FileList + 1, APT::VersionSet::CANDIDATE, helper);
    pkgAcquire Fetcher;
+   AcqTextStatus Stat(ScreenWidth, _config->FindI("quiet",0));
+   Fetcher.Setup(&Stat);
 
    if (verset.empty() == true)
       return false;
+   char *tmpdir = mkdtemp(strdup("/tmp/apt-changelog-XXXXXX"));
+   if (tmpdir == NULL) {
+      return _error->Errno("mkdtemp", "mkdtemp failed");
+   }
+   
    for (APT::VersionSet::const_iterator Ver = verset.begin(); 
         Ver != verset.end(); 
         ++Ver) 
    {
-      string changelogfile = DownloadChangelog(Cache, Fetcher, Ver);
-      if (changelogfile.size() > 0)
-      {
+      string changelogfile = string(tmpdir) + "changelog";
+      if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile))
          DisplayFileInPager(changelogfile);
-         // cleanup
-         unlink(changelogfile.c_str());
-         rmdir(flNotFile(changelogfile).c_str());
-      }
+      // cleanup temp file
+      unlink(changelogfile.c_str());
    }
+   // clenaup tmp dir
+   rmdir(tmpdir);
+   free(tmpdir);
    return true;
 }
                                                                        /*}}}*/