From 4c370aad7539b7e3bc0028aa538f34b95a526cff Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Thu, 2 Oct 2014 17:48:13 +0200 Subject: apt-get: Create the temporary downloaded changelog inside tmpdir The code is creating a secure temporary directory, but then creates the changelog alongside the tmpdir in the same base directory. This defeats the secure tmpdir creation, making the filename predictable. Inject a '/' between the tmpdir and the changelog filename. --- cmdline/apt-get.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 2e283da5a..cfa79339b 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1563,7 +1563,7 @@ static bool DoChangelog(CommandLine &CmdL) { string changelogfile; if (downOnly == false) - changelogfile.append(tmpname).append("changelog"); + changelogfile.append(tmpname).append("/changelog"); else changelogfile.append(Ver.ParentPkg().Name()).append(".changelog"); if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile) && downOnly == false) -- cgit v1.2.3-70-g09d2