[nagios/el6] Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)

[Jose Pedro Oliveira]

commit ddafe2c84766e80f0f8f6a38ae220d2ebf8d5ca4
Author: Jose Pedro Oliveira <jpo at di.uminho.pt>
Date:   Thu Aug 29 03:14:32 2013 +0100

    Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)

 nagios.spec             |    5 ++++-
 nagios.upgrade_to_v3.sh |    2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/nagios.spec b/nagios.spec
index 8f4f340..c283877 100644
--- a/nagios.spec
+++ b/nagios.spec
@@ -1,6 +1,6 @@
 Name: nagios
 Version: 3.5.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Host/service/network monitoring program
 
 Group: Applications/System
@@ -280,6 +280,9 @@ fi
 
 
 %changelog
+* Thu Aug 29 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.0-2
+- Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)
+
 * Thu Apr 25 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.0-1
 - Update to 3.5.0
 - Patch nagios-3.4.3-spaces-to-plus-signs.patch (#952139)
diff --git a/nagios.upgrade_to_v3.sh b/nagios.upgrade_to_v3.sh
index 26cd4c7..d233e59 100644
--- a/nagios.upgrade_to_v3.sh
+++ b/nagios.upgrade_to_v3.sh
@@ -8,7 +8,7 @@
 nagios_cfg=/etc/nagios/nagios.cfg
 
 
-tmp1=/tmp/nagioscfg.$$.tmp
+tmp1=`mktemp /tmp/nagios.cfg.XXXXXXXX`
 
 # search for and replace the check_result_buffer_slots attribute into a temporary file
 cat $nagios_cfg | sed --regexp-extended "s/^(\s*check_result_buffer_slots\s*=\s*)/# Line Commented out for Nagios v3 Compatibility\n#\1/g" > $tmp1