diff options
author | Guillem Jover <guillem@debian.org> | 2014-10-02 17:48:13 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2014-10-02 22:05:25 +0200 |
commit | 4c370aad7539b7e3bc0028aa538f34b95a526cff (patch) | |
tree | da1f2fe3d5d10b9597d89a74553664e692830700 | |
parent | e503a4d5ac668d233c11f64a0dd0c6d20f3b2be1 (diff) | |
download | apt-4c370aad7539b7e3bc0028aa538f34b95a526cff.tar.gz |
apt-get: Create the temporary downloaded changelog inside tmpdir
The code is creating a secure temporary directory, but then creates
the changelog alongside the tmpdir in the same base directory. This
defeats the secure tmpdir creation, making the filename predictable.
Inject a '/' between the tmpdir and the changelog filename.
-rw-r--r-- | cmdline/apt-get.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 2e283da5a..cfa79339b 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1563,7 +1563,7 @@ static bool DoChangelog(CommandLine &CmdL) { string changelogfile; if (downOnly == false) - changelogfile.append(tmpname).append("changelog"); + changelogfile.append(tmpname).append("/changelog"); else changelogfile.append(Ver.ParentPkg().Name()).append(".changelog"); if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile) && downOnly == false) |