diff -up cups-1.4.1/cups/tempfile.c.str3382 cups-1.4.1/cups/tempfile.c

--- cups-1.4.1/cups/tempfile.c.str3382	2008-12-10 06:03:11.000000000 +0100

+++ cups-1.4.1/cups/tempfile.c	2009-10-20 15:08:39.000000000 +0200

@@ -35,6 +35,7 @@

 #  include <io.h>

 #else

 #  include <unistd.h>

+#  include <sys/types.h>

 #endif /* WIN32 || __EMX__ */

@@ -56,7 +57,7 @@ cupsTempFd(char *filename,		/* I - Point

   char		tmppath[1024];		/* Windows temporary directory */

   DWORD		curtime;		/* Current time */

 #else

-  struct timeval curtime;		/* Current time */

+  mode_t	old_umask;		/* Old umask before using mkstemp() */

 #endif /* WIN32 */

@@ -107,33 +108,25 @@ cupsTempFd(char *filename,		/* I - Point

     snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir,

              GetCurrentProcessId(), curtime);

-#else

-   /*

-    * Get the current time of day...

-    */

-

-    gettimeofday(&curtime, NULL);

-

-   /*

-    * Format a string using the hex time values...

-    */

-

-    snprintf(filename, len - 1, "%s/%08lx%05lx", tmpdir,

-             (unsigned long)curtime.tv_sec, (unsigned long)curtime.tv_usec);

-#endif /* WIN32 */

    /*

     * Open the file in "exclusive" mode, making sure that we don't

     * stomp on an existing file or someone's symlink crack...

     */

-#ifdef WIN32

     fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY,

               _S_IREAD | _S_IWRITE);

-#elif defined(O_NOFOLLOW)

-    fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600);

 #else

-    fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);

+

+   /*

+    * Use the standard mkstemp() call to make a temporary filename

+    * securely.  -- andrew.wood@jdplc.com

+    */

+    snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir);

+

+    old_umask = umask(0077);

+    fd = mkstemp(filename);

+    umask(old_umask);

 #endif /* WIN32 */

     if (fd < 0 && errno != EEXIST)