Description of Problem: Building this package on ARM against glibc 2.2.2 reveals the following warning: gcc -O2 -fsigned-char -fomit-frame-pointer -march=armv3 -D_GNU_SOURCE -o mail version.o aux.o cmd1.o cmd2.o cmd3.o cmdtab.o collect.o no_dot_lock.o edit.o fio.o getname.o head.o v7.local.o lex.o list.o main.o names.o popen.o quit.o send.o strings.o temp.o tty.o vars.o flock.o quit.o: In function `edstop': quit.o(.text+0xb0c): the use of `tempnam' is dangerous, better use `mkstemp' Steps to Reproduce: 1. rpm --rebuild mailx-8.1.1-20.src.rpm
Still present in mailx-8.1.1-21.src.rpm
Careful review indicates it always uses the names carefully via open() with the right O_EXCL flags set. It might be better if mailx kept its scratch files elsewhere but its not a security bug. We should update to the newest mailx base code.
Thank you for your notices. The problem was fixed. IV
Quoting mailx-8.1.1-bug44798.patch: +tempname = (char *)malloc(sizeof(char)*(strlen(tmpdir)+10)); +strcpy(tempname, tmpdir); +strcat(tempname, "mboxXXXXXX"); AFAICS, tempname actually uses (strlen(tmpdir) + strlen("mboxXXXXXX") + 1) bytes, which is (strlen(tmpdir) + 11), one more than is allocated.
This problem was fixed. Thank you for your correction. IV
Solved with -40.