Index: b/lib/routines.c
===================================================================
--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
   unlink (filename);
 }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
Index: b/lib/routines.h
===================================================================
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
 /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
 #define tempname_ensure(Str)				\
 do {							\
-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
+  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
 } while (0)
+char * safe_tempnam(const char *);
 
 #endif
dc2312428a9899f0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=8c6114b920507a1104a06d34dc2312428a9899f0'>root</a>/<a href='/guix/log/NEWS?id=8c6114b920507a1104a06d34dc2312428a9899f0'>NEWS</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/NEWS?id=8c6114b920507a1104a06d34dc2312428a9899f0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-04-18 20:46:58 -0400'>2024-04-18</span></td><td><a href='/guix/commit/NEWS?id=e0d920b7db3f71c02627d698676339218e03ad63'>news: Add entry for nss-certs being added to %base-packages.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/news.scm: New entry.
* NEWS: Update news.

Change-Id: I40e0b859f2af0bb0e652925a53d6447ea6fbacfb
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2023-03-28 20:13:59 -0400'>2023-03-28</span></td><td><a href='/guix/commit/NEWS?id=c94a7d41c76f520e56a1304bd7fb3cbf3579fc52'>NEWS: Mention new rpm format.</a><span class='msg-avail'>...<span class='msg-tooltip'>* NEWS (Package management): Mention new rpm format.
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-12-18 01:17:15 +0100'>2022-12-18</span></td><td><a href='/guix/commit/NEWS?id=a8f9579348aae58b68b25004cfd28aa7407db802'>Update NEWS.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-12-17 19:15:50 +0100'>2022-12-17</span></td><td><a href='/guix/commit/NEWS?id=239bfe2ec1fa3b4305500211e6cade6e4bda2a62'>Update NEWS.</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2022-12-02 23:20:54 +0100'>2022-12-02</span></td><td><a href='/guix/commit/NEWS?id=7ef490e3fc94e0b9025c98797fc014f07e21c4cc'>Update NEWS.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-11-23 17:22:11 +0100'>2022-11-23</span></td><td><a href='/guix/commit/NEWS?id=7a2082023ad9c7479bfedf39537606a088222d48'>NEWS: Update it.</a><span class='msg-avail'>...<span class='msg-tooltip'>* NEWS: Shepherd is already at 0.9.3 now.
</span></span></td><td>Jonathan Brielmaier</td></tr>
<tr><td><span title='2022-11-16 14:28:09 -0500'>2022-11-16</span></td><td><a href='/guix/commit/NEWS?id=e06df550e21d596b65dc3e5b3e99152be58372b3'>Update NEWS.</a></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-10-13 10:49:19 +0200'>2022-10-13</span></td><td><a href='/guix/commit/NEWS?id=d2ca9334a304ab5837b62968b77bbbab34af7afe'>NEWS: Update it.</a><span class='msg-avail'>...<span class='msg-tooltip'>* NEWS: Add an entry about 'guix shell' --emulate-fhs option.
</span></span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-10-07 10:11:13 -0400'>2022-10-07</span></td><td><a href='/guix/commit/NEWS?id=6e3dab4737832a78de07dd805a4057eb5f4cfcf3'>Update NEWS.</a><span class='msg-avail'>...<span class='msg-tooltip'>* NEWS: Add new entry for installation script improvements.
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-09-28 09:06:10 +0200'>2022-09-28</span></td><td><a href='/guix/commit/NEWS?id=70a593242e6b288a0348154f09c4ddbc732463d8'>Update NEWS.</a><span class='msg-avail'>...<span class='msg-tooltip'>* NEWS: Add new services for the 1.4.0.
</span></span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-09-26 09:47:10 +0200'>2022-09-26</span></td><td><a href='/guix/commit/NEWS?id=4b551518d0a14a6ac1655bde3d23f6d189f49490'>NEWS: Update it.</a><span class='msg-avail'>...<span class='msg-tooltip'>* NEWS: Add an entry about WSL images.
</span></span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-09-24 18:08:05 +0200'>2022-09-24</span></td><td><a href='/guix/commit/NEWS?id=b814bdf441bf8863b3b6bd846c21f23c2ac2d511'>Update NEWS.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-09-23 00:50:17 -0400'>2022-09-23</span></td><td><a href='/guix/commit/NEWS?id=a57c4eff6bbdcff79294fa15ecb95ab2b3c55bb4'>Update NEWS.</a></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-09-19 09:06:47 +0200'>2022-09-19</span></td><td><a href='/guix/commit/NEWS?id=41b30f40beb74f8d45cff167a8b62b8f88cf26c4'>Update NEWS.</a><span class='msg-avail'>...<span class='msg-tooltip'>* NEWS: Mention Shepherd 0.9.2 upgrade.
</span></span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-09-16 10:01:56 +0200'>2022-09-16</span></td><td><a href='/guix/commit/NEWS?id=c0d25bef71af32dfb98e93ddcb82d0003c8714f8'>Update NEWS.</a><span class='msg-avail'>...<span class='msg-tooltip'>Entries extracted from:
        git log 3eadcdc63..version-1.4.0

* NEWS: Update entries for v1.4.0
</span></span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-09-15 16:57:39 -0400'>2022-09-15</span></td><td><a href='/guix/commit/NEWS?id=011dab59d80690d20875d43e73c3cfd8af95af99'>Update NEWS.</a><span class='msg-avail'>...<span class='msg-tooltip'>This covers the commits made between v1.3.0..3eadcdc6^.

* NEWS: New entries for the 1.4.0 upcoming release.
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-09-14 23:57:56 -0400'>2022-09-14</span></td><td><a href='/guix/commit/NEWS?id=839950c4a9925bf3d7108cb8533be37b185fb8bd'>Update NEWS.</a><span class='msg-avail'>...<span class='msg-tooltip'>These news were extracted from the output of:

   git log --reverse v1.3.0..03eb0b1be2cfedd0d9a66fef0edc53a17f7653a5.

* NEWS: Update entries for v1.4.0.
</span></span></td><td>Maxim Cournoyer</td></tr>

Age	Commit message (Expand)	Author
2024-04-18	news: Add entry for nss-certs being added to %base-packages....* etc/news.scm: New entry. * NEWS: Update news. Change-Id: I40e0b859f2af0bb0e652925a53d6447ea6fbacfb	Maxim Cournoyer
2023-03-28	NEWS: Mention new rpm format....* NEWS (Package management): Mention new rpm format.	Maxim Cournoyer
2022-12-18	Update NEWS.	Ludovic Courtès
2022-12-17	Update NEWS.	Marius Bakke
2022-12-02	Update NEWS.	Ludovic Courtès
2022-11-23	NEWS: Update it....* NEWS: Shepherd is already at 0.9.3 now.	Jonathan Brielmaier
2022-11-16	Update NEWS.	Maxim Cournoyer
2022-10-13	NEWS: Update it....* NEWS: Add an entry about 'guix shell' --emulate-fhs option.	Mathieu Othacehe
2022-10-07	Update NEWS....* NEWS: Add new entry for installation script improvements.	Maxim Cournoyer
2022-09-28	Update NEWS....* NEWS: Add new services for the 1.4.0.	Mathieu Othacehe
2022-09-26	NEWS: Update it....* NEWS: Add an entry about WSL images.	Mathieu Othacehe
2022-09-24	Update NEWS.	Ludovic Courtès
2022-09-23	Update NEWS.	Maxim Cournoyer
2022-09-19	Update NEWS....* NEWS: Mention Shepherd 0.9.2 upgrade.	Mathieu Othacehe
2022-09-16	Update NEWS....Entries extracted from: git log 3eadcdc63..version-1.4.0 * NEWS: Update entries for v1.4.0	Mathieu Othacehe
2022-09-15	Update NEWS....This covers the commits made between v1.3.0..3eadcdc6^. * NEWS: New entries for the 1.4.0 upcoming release.	Maxim Cournoyer
2022-09-14	Update NEWS....These news were extracted from the output of: git log --reverse v1.3.0..03eb0b1be2cfedd0d9a66fef0edc53a17f7653a5. * NEWS: Update entries for v1.4.0.	Maxim Cournoyer