-Description: Replace insecure make_temporary_filename with File::Temp::tempfile
-Forwarded: http://lists.example.com/2010/03/1234.html
-Origin: vendor, http://bugs.debian.org/740670
-Author: Don Armstrong <don@debian.org>
-Last-Update: 2010-03-29
---- a/lib/Perl/Tidy.pm
-+++ b/lib/Perl/Tidy.pm
-@@ -76,6 +76,7 @@
- use IO::File;
- use File::Basename;
- use File::Copy;
-+use File::Temp qw(tempfile);
-
- BEGIN {
- ( $VERSION = q($Id: Tidy.pm,v 1.74 2013/09/22 13:56:49 perltidy Exp $) ) =~ s/^.*\s+(\d+)\/(\d+)\/(\d+).*$/$1$2$3/; # all one line for MakeMaker
-@@ -235,35 +236,6 @@
- return undef;
- }
-
--sub make_temporary_filename {
--
-- # Make a temporary filename.
-- # The POSIX tmpnam() function has been unreliable for non-unix systems
-- # (at least for the win32 systems that I've tested), so use a pre-defined
-- # name for them. A disadvantage of this is that two perltidy
-- # runs in the same working directory may conflict. However, the chance of
-- # that is small and manageable by the user, especially on systems for which
-- # the POSIX tmpnam function doesn't work.
-- my $name = "perltidy.TMP";
-- if ( $^O =~ /win32|dos/i || $^O eq 'VMS' || $^O eq 'MacOs' ) {
-- return $name;
-- }
-- eval "use POSIX qw(tmpnam)";
-- if ($@) { return $name }
-- use IO::File;
--
-- # just make a couple of tries before giving up and using the default
-- for ( 0 .. 3 ) {
-- my $tmpname = tmpnam();
-- my $fh = IO::File->new( $tmpname, O_RDWR | O_CREAT | O_EXCL );
-- if ($fh) {
-- $fh->close();
-- return ($tmpname);
-- last;
-- }
-- }
-- return ($name);
--}
-
- # Here is a map of the flow of data from the input source to the output
- # line sink:
-@@ -1324,11 +1296,7 @@
- my ( $fh_stream, $fh_name ) =
- Perl::Tidy::streamhandle( $stream, 'r' );
- if ($fh_stream) {
-- my ( $fout, $tmpnam );
--
-- # TODO: fix the tmpnam routine to return an open filehandle
-- $tmpnam = Perl::Tidy::make_temporary_filename();
-- $fout = IO::File->new( $tmpnam, 'w' );
-+ my ( $fout, $tmpnam ) = tempfile();
-
- if ($fout) {
- $fname = $tmpnam;
-@@ -5159,14 +5127,7 @@
- # Pod::Html requires a real temporary filename
- # If we are making a frame, we have a name available
- # Otherwise, we have to fine one
-- my $tmpfile;
-- if ( $rOpts->{'frames'} ) {
-- $tmpfile = $self->{_toc_filename};
-- }
-- else {
-- $tmpfile = Perl::Tidy::make_temporary_filename();
-- }
-- my $fh_tmp = IO::File->new( $tmpfile, 'w' );
-+ my ($fh_tmp,$tmpfile) = tempfile();
- unless ($fh_tmp) {
- Perl::Tidy::Warn
- "unable to open temporary file $tmpfile; cannot use pod2html\n";