From: Guillem Jover <guillem@debian.org>
Date: Thu, 2 Oct 2014 15:48:13 +0000 (+0200)
Subject: apt-get: Create the temporary downloaded changelog inside tmpdir
X-Git-Tag: 1.1.exp4~12
X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/339bc464875616d214cc3b73f5d41ced10c820b9

apt-get: Create the temporary downloaded changelog inside tmpdir

The code is creating a secure temporary directory, but then creates
the changelog alongside the tmpdir in the same base directory. This
defeats the secure tmpdir creation, making the filename predictable.

Inject a '/' between the tmpdir and the changelog filename.
---

diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 0cea05cb3..13a85d34b 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -1588,7 +1588,7 @@ static bool DoChangelog(CommandLine &CmdL)
    {
       string changelogfile;
       if (downOnly == false)
-	 changelogfile.append(tmpname).append("changelog");
+	 changelogfile.append(tmpname).append("/changelog");
       else
 	 changelogfile.append(Ver.ParentPkg().Name()).append(".changelog");
       if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile) && downOnly == false)