ID: 20768 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Won\'t fix Bug Type: Compile Failure Operating System: Debian 3.0 Stable / Sparc PHP Version: 4.3.0RC2 New Comment:
It's harmless; just ignore it. The MySQL library uses it in a safe way anyway. Derick Previous Comments: ------------------------------------------------------------------------ [2002-12-02 13:19:49] [EMAIL PROTECTED] When building 4.3.0RC2 against apache 1.3.26 DSO I get an error stating that usage of tempnam() is insecure - line 103 of ext/mysql/libmysql/my_tempnam.c I replaced line 103 with the following code, which builds and should function identically. /* filespec will be dir + '/' + pfx + 'XXXXXX' + null */ res = malloc(strlen(dir) + strlen(pfx) + 8); res[0] = '\0'; strcat(res, dir); strcat(res, "/"); strcat(res, pfx); strcat(res, "XXXXXX"); mkstemp(res); /* res=tempnam((char *)dir, (my_string) pfx); */ Someone who knows the mysql code should check this if it's not a local build problem on my end. Other details: Linux Kernel 2.4.18 / sparc64 libc6 2.2.5-11.2 gcc 2.95.4 20011002 (Debian prerelease) ./configure --with-mysql --with-apxs --prefix=/usr --sysconfdir=/etc --localstatedir=/var/php --with-zlib --with-dom --with-gd --with-mysql --enable-sockets --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-xpm-dir=/usr/X11R6/lib --with-freetype-dir=/usr/lib ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20768&edit=1
