From 9df147f44d1a9f1fb245ae085b105ed271170ce8 Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@debian.org>
Date: Thu, 2 Oct 2014 17:48:13 +0200
Subject: [PATCH] apt-get: Create the temporary downloaded changelog inside
 tmpdir
Status: applied

The code is creating a secure temporary directory, but then creates
the changelog alongside the tmpdir in the same base directory. This
defeats the secure tmpdir creation, making the filename predictable.

Inject a '/' between the tmpdir and the changelog filename.
---
 cmdline/apt-get.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 2e283da..cfa7933 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -1563,7 +1563,7 @@ static bool DoChangelog(CommandLine &CmdL)
    {
       string changelogfile;
       if (downOnly == false)
-	 changelogfile.append(tmpname).append("changelog");
+	 changelogfile.append(tmpname).append("/changelog");
       else
 	 changelogfile.append(Ver.ParentPkg().Name()).append(".changelog");
       if (DownloadChangelog(Cache, Fetcher, Ver, changelogfile) && downOnly == false)
-- 
2.1.1.391.g7a54a76