#! /bin/sh /usr/share/dpatch/dpatch-run
## 78-insecure-tmp-usage by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix insecure use of temporary file names

@DPATCH@
diff -urNad mgetty-1.1.36~/fax/faxspool.in mgetty-1.1.36/fax/faxspool.in
--- mgetty-1.1.36~/fax/faxspool.in	2008-09-13 16:32:53.000000000 +0200
+++ mgetty-1.1.36/fax/faxspool.in	2008-09-13 16:33:11.000000000 +0200
@@ -653,9 +653,9 @@
 #
 # mkdir a directory in $TMP (or /tmp), convert input to G3 in there
 #
-spooldir=${TMP:-/tmp}/$new_seq.$$.`date +%S`
+spooldir=`mktemp -t -d`
 
-if ( umask 077 ; mkdir $spooldir ) ; then
+if [ $? -eq 0 ]; then
     $echo "spooling to $spooldir (->$new_seq)..."
 else
     $echo "ERROR: can't create work dir '$spooldir', giving up" >&2 ; exit 6
@@ -674,10 +674,13 @@
 #
     if [ x$file = x- ]
     then
-	$echo "spooling $file (stdin)..."
-	trap "rm /tmp/faxsp.$$" 0
-        cat - >/tmp/faxsp.$$
-	file=/tmp/faxsp.$$
+	file=`mktemp /tmp/faxspool.XXXXXXXXX`
+	if test -z $file
+	then
+		$echo "ERROR: can't create work file, giving up" >&2 ; exit 6
+	fi
+	trap "rm $file" 0
+	cat - >$file
     else
 	$echo "spooling $file..."
     fi
