#! /bin/sh /usr/share/dpatch/dpatch-run
## 78-insecure-tmp-usage by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix insecure use of temporary file names

@DPATCH@
--- a/fax/faxspool.in
+++ b/fax/faxspool.in
@@ -686,9 +686,9 @@ fi
 #
 # mkdir a directory in $TMP (or /tmp), convert input to G3 in there
 #
-spooldir=${TMP:-/tmp}/$new_seq.$$.`date +%S`
+spooldir=`mktemp -t -d`
 
-if ( umask 077 ; mkdir $spooldir ) ; then
+if [ $? -eq 0 ]; then
     $echo "spooling to $spooldir (->$new_seq)..."
 else
     $echo "ERROR: can't create work dir '$spooldir', giving up" >&2 ; exit 6
@@ -707,10 +707,13 @@ do
 #
     if [ x$file = x- ]
     then
-	$echo "spooling $file (stdin)..."
-	trap "rm /tmp/faxsp.$$" 0
-        cat - >/tmp/faxsp.$$
-	file=/tmp/faxsp.$$
+	file=`mktemp /tmp/faxspool.XXXXXXXXX`
+	if test -z $file
+	then
+		$echo "ERROR: can't create work file, giving up" >&2 ; exit 6
+	fi
+	trap "rm $file" 0
+	cat - >$file
     else
 	$echo "spooling $file..."
     fi
