From: Guillem Jover <guillem@debian.org>
Date: Thu, 2 Oct 2014 15:48:13 +0000 (+0200)
Subject: apt-get: Create the temporary downloaded changelog inside tmpdir
X-Git-Tag: 1.0.9.2~1
X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/4c370aad7539b7e3bc0028aa538f34b95a526cff?ds=sidebyside

apt-get: Create the temporary downloaded changelog inside tmpdir

The code is creating a secure temporary directory, but then creates
the changelog alongside the tmpdir in the same base directory. This
defeats the secure tmpdir creation, making the filename predictable.

Inject a '/' between the tmpdir and the changelog filename.
---

diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 2e283da5a..cfa79339b 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -1563,7 +1563,7 @@ static bool DoChangelog(CommandLine &CmdL)
    {
       string changelogfile;
       if (downOnly == false)
-	 changelogfile.append(tmpname).append("changelog");
+	 changelogfile.append(tmpname).append("/changelog");
       else
 	 changelogfile.append(Ver.ParentPkg().Name()).append(".changelog");
       if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile) && downOnly == false)