https://bugzilla.suse.com/show_bug.cgi?id=1214060 https://bugzilla.suse.com/show_bug.cgi?id=1214060#c6 --- Comment #6 from Dr. Werner Fink <werner@suse.com> --- (In reply to Bodo Eggert from comment #5)
By the way, using tmpnam is a documented security risk.
That should do the job --- html2ps-1.0b7/html2ps +++ html2ps-1.0b7/html2ps 2024-11-14 08:12:35.973246396 +0000 @@ -355,7 +355,8 @@ EOR use POSIX; $posix = 1; -use File::Temp qw/ :POSIX /; +use File::Temp qw/ :POSIX :mktemp /; +use File::Basename; %extend=('quote',1, 'font',1, 'colour',1, 'hyphenation',1); %fal=("serif","times", "sans_serif","helvetica", "monospace","courier"); @@ -495,11 +496,10 @@ die "Ghostscript is required to generate if($opt_D && !$package{'Ghostscript'}); die "Ghostscript is required to generate cross references\n" if($opt_R && !$package{'Ghostscript'}); -$tmpname=$posix?tmpnam():"h2p_$$"; -sysopen TMP, $tmpname, O_RDWR|O_CREAT|O_EXCL, 0600 or die "$!"; -close TMP; +($tmp, $tmpname) = mkstemp("/tmp/h2p_XXXXXXXX") or die "$!"; +close $tmp; ($scr=$tmpname)=~/\w+$/; -$tempdir=$`; +$tempdir=dirname($tmpname); if($opt_u) {$ulanch="t"}; if(defined $opt_x && $opt_x!~/^[0-2]$/) { -- You are receiving this mail because: You are on the CC list for the bug.