From 339bc464875616d214cc3b73f5d41ced10c820b9 Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Thu, 2 Oct 2014 17:48:13 +0200 Subject: [PATCH 1/1] apt-get: Create the temporary downloaded changelog inside tmpdir The code is creating a secure temporary directory, but then creates the changelog alongside the tmpdir in the same base directory. This defeats the secure tmpdir creation, making the filename predictable. Inject a '/' between the tmpdir and the changelog filename. --- cmdline/apt-get.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 0cea05cb3..13a85d34b 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1588,7 +1588,7 @@ static bool DoChangelog(CommandLine &CmdL) { string changelogfile; if (downOnly == false) - changelogfile.append(tmpname).append("changelog"); + changelogfile.append(tmpname).append("/changelog"); else changelogfile.append(Ver.ParentPkg().Name()).append(".changelog"); if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile) && downOnly == false) -- 2.45.2