diff options
Diffstat (limited to 'cmdline/apt-get.cc')
-rw-r--r-- | cmdline/apt-get.cc | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index a61bcc62b..a5e3ad454 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -2737,12 +2737,13 @@ bool DoBuildDep(CommandLine &CmdL) // --------------------------------------------------------------------- bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, pkgCache::VerIterator V, string targetfile) { - string uri; string srcpkg; string prefix; string descr; string src_section; string verstr; + string server; + string path; // data structures we need pkgRecords Recs(CacheFile); @@ -2767,15 +2768,16 @@ bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, pkgCache::VerI if(verstr.find(':')!=verstr.npos) verstr=string(verstr, verstr.find(':')+1); - string fmt = _config->Find("Apt::Changelogs::Server", - "http://packages.debian.org/changelogs/pool/%s/%s/%s/%s_%s/changelog"); - strprintf(uri, fmt.c_str(), src_section.c_str(), prefix.c_str(), srcpkg.c_str(), srcpkg.c_str(), verstr.c_str()); - + // make the server configurable + server = _config->Find("Apt::Changelogs::Server", + "http://packages.debian.org/"); + // ... but not the format string to avoid all possible attacks + strprintf(path, "/changelogs/pool/%s/%s/%s/%s_%s/changelog", src_section.c_str(), prefix.c_str(), srcpkg.c_str(), srcpkg.c_str(), verstr.c_str()); AcqTextStatus Stat(ScreenWidth, _config->FindI("quiet",0)); Fetcher.Setup(&Stat); // get it - new pkgAcqFile(&Fetcher, uri, "", 0, descr, srcpkg, "ignored", targetfile); + new pkgAcqFile(&Fetcher, server+path, "", 0, descr, srcpkg, "ignored", targetfile); int res = Fetcher.Run(); if (FileExists(targetfile)) |