diff options
author | Guillem Jover <guillem@debian.org> | 2014-10-02 17:48:13 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2014-10-03 00:44:47 +0200 |
commit | 339bc464875616d214cc3b73f5d41ced10c820b9 (patch) | |
tree | 6337fc7828189e80d215f5d746e87eb5553e5494 /cmdline/apt-get.cc | |
parent | e3a4cde86155548d9779aa4e827a0a2a6b598c44 (diff) |
apt-get: Create the temporary downloaded changelog inside tmpdir
The code is creating a secure temporary directory, but then creates
the changelog alongside the tmpdir in the same base directory. This
defeats the secure tmpdir creation, making the filename predictable.
Inject a '/' between the tmpdir and the changelog filename.
Diffstat (limited to 'cmdline/apt-get.cc')
-rw-r--r-- | cmdline/apt-get.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 0cea05cb3..13a85d34b 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1588,7 +1588,7 @@ static bool DoChangelog(CommandLine &CmdL) { string changelogfile; if (downOnly == false) - changelogfile.append(tmpname).append("changelog"); + changelogfile.append(tmpname).append("/changelog"); else changelogfile.append(Ver.ParentPkg().Name()).append(".changelog"); if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile) && downOnly == false) |