This patch fixes an issues where temporary files were created in an insecure
way.

It was first intruduced in version 3.8.3-7 and fixes
http://bugs.debian.org/438540
--- a/src/tag_file.cpp
+++ b/src/tag_file.cpp
@@ -242,8 +242,8 @@
     strcpy(sTempFile, filename.c_str());
     strcat(sTempFile, sTmpSuffix.c_str());
 
-#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
-    // This section is for Windows folk && gcc 3.x folk
+#if !defined(HAVE_MKSTEMP)
+    // This section is for Windows folk
     fstream tmpOut;
     createFile(sTempFile, tmpOut);
 
@@ -257,7 +257,7 @@
       tmpOut.write((char *)tmpBuffer, nBytes);
     }
 
-#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#else //!defined(HAVE_MKSTEMP)
 
     // else we gotta make a temp file, copy the tag into it, copy the
     // rest of the old file after the tag, delete the old file, rename
@@ -270,7 +270,7 @@
       //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
     }
 
-    ofstream tmpOut(fd);
+    ofstream tmpOut(sTempFile);
     if (!tmpOut)
     {
       tmpOut.close();
@@ -285,14 +285,14 @@
     uchar tmpBuffer[BUFSIZ];
     while (file)
     {
-      file.read(tmpBuffer, BUFSIZ);
+      file.read((char *)tmpBuffer, BUFSIZ);
       size_t nBytes = file.gcount();
-      tmpOut.write(tmpBuffer, nBytes);
+      tmpOut.write((char *)tmpBuffer, nBytes);
     }
 
     close(fd); //closes the file
 
-#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#endif ////!defined(HAVE_MKSTEMP)
 
     tmpOut.close();
     file.close();
get' action='/guix/log/tests/guix-time-machine.sh'>
<input type='hidden' name='id' value='5482403f35b2718610a06f906f1b98728dcdae1e'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=5482403f35b2718610a06f906f1b98728dcdae1e'>root</a>/<a href='/guix/log/tests?id=5482403f35b2718610a06f906f1b98728dcdae1e'>tests</a>/<a href='/guix/log/tests/guix-time-machine.sh?id=5482403f35b2718610a06f906f1b98728dcdae1e'>guix-time-machine.sh</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/guix-time-machine.sh?id=5482403f35b2718610a06f906f1b98728dcdae1e&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-03-11 22:12:34 +0100'>2024-03-11</span></td><td><a href='/guix/commit/tests/guix-time-machine.sh?id=a26bce55e60aa3444c4378d3996f3aa41b9661e9'>time-machine: Allow time travels to v0.16.0.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/scripts/time-machine.scm (%oldest-possible-commit): Change to
v0.16.0.
* tests/guix-time-machine.sh: Adjust comment.

Change-Id: I9ad82bd45fee0d172b5348a8ae16e990338a3a97
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2023-11-05 23:23:23 +0100'>2023-11-05</span></td><td><a href='/guix/commit/tests/guix-time-machine.sh?id=9f05fbb67d0de4d577c21a6fb6888cb6be67cd12'>tests: Make ‘guix time-machine’ test effective.</a><span class='msg-avail'>...<span class='msg-tooltip'>The test as added in 79ec651a286c71a3d4c72be33a1f80e76a560031 had no
effect: first because ‘guix time-machine --commit=X’, not followed by a
command, does nothing, and second because the “! COMMAND” shell stanza
does not have the desired effect (see &lt;https://issues.guix.gnu.org/62406&gt;).

This change rewrites the test to make it effective.

* tests/guix-time-machine.sh: Rewrite.

Change-Id: Ib44a11331c8625e346139a236cffa699cdbd02f2
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2023-08-16 21:34:13 -0400'>2023-08-16</span></td><td><a href='/guix/commit/tests/guix-time-machine.sh?id=79ec651a286c71a3d4c72be33a1f80e76a560031'>scripts: time-machine: Error when attempting to visit too old commits.</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/guix.texi (Invoking guix time-machine): Document limitation.
* guix/inferior.scm (cached-channel-instance): New VALIDATE-CHANNELS
argument.  Use it to validate channels when there are no cache hit.
* guix/scripts/time-machine.scm
(%options): Tag the given reference with 'tag-or-commit instead of 'commit.
(%oldest-possible-commit): New variable.
(guix-time-machine) &lt;validate-guix-channel&gt;: New nested procedure.  Pass it to
the 'cached-channel-instance' call.
* tests/guix-time-machine.sh: New test.
* Makefile.am (SH_TESTS): Register it.

Suggested-by: Simon Tournier &lt;zimon.toutoune@gmail.com&gt;
Reviewed-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
Reviewed-by: Simon Tournier &lt;zimon.toutoune@gmail.com&gt;
</span></span></td><td>Maxim Cournoyer</td></tr>
eps.scm (format-configuration,
configuration-&gt;file): Cater for the Hurd.
* gnu/system/hurd.scm (%desktop-services/hurd): New variable.
* gnu/installer/tests.scm (choose-kernel): New procedure.
* gnu/tests/install.scm (gui-test-program): Use it.

Change-Id: Ifafb27b8a2f933944c77223a27ec151757237e36
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>
<tr><td><span title='2024-11-11 07:28:35 +0100'>2024-11-11</span></td><td><a href='/guix/commit/gnu/installer/steps.scm?id=9aeb8e3dee32254a19a68971f26e214c7b717e5b'>installer: Add dry-run?</a><span class='msg-avail'>...<span class='msg-tooltip'>This allows running the installer without root privileges.  Do something like

    ./pre-inst-env guix repl
    ,use (guix)
    ,use (gnu installer)
    (installer-program #:dry-run? #t)
    ,build $1
    =&gt;
    "/gnu/store/...-installer-program"

and run

    /gnu/store/...-installer-program

* gnu/installer/newt.scm (locale-page): Add #:dry-run? parameter.
(keymap-page): Likewise.
* gnu/installer/newt/keymap.scm (run-keymap-page): Likewise.
* gnu/installer/steps.scm (run-installer-steps): Likewise.  Use it to skip
writing to socket.
* gnu/installer/newt/final.scm (run-final-page): Rename to...
(run-final-page-install): ...this.
(dry-run-final-page, run-final-page): New procedures.
* gnu/installer/parted.scm (bootloader-configuration): Cater for empty user
partitions.
* gnu/installer/utils.scm (dry-run-command): New procedure.
* gnu/installer.scm (compute-locale-step): Add #:dry-run? parameter.  Use it
to avoid actually applying locale.
(compute-keymap-step): Add dry-run? parameter.  Pass it to
keymap-page.
(installer-program): Add #:dry-run? parameter.  If #:true
avoid writing to /proc, use dry-run-command, skip sync and reboot, and pass
dry-run? to...
(installer-steps): ...here.  Add #:dry-run? parameter.  Use it to disable
skip network, substitutes, partitioning pages, and pass it to...
compute-locale-step, compute-keymap-step, and final-page.

Change-Id: I0ff4c3b0a0c69539af617c27ba37654beed44619
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>

Age	Commit message (Expand)	Author
2024-03-11	time-machine: Allow time travels to v0.16.0....* guix/scripts/time-machine.scm (%oldest-possible-commit): Change to v0.16.0. * tests/guix-time-machine.sh: Adjust comment. Change-Id: I9ad82bd45fee0d172b5348a8ae16e990338a3a97	Ludovic Courtès
2023-11-05	tests: Make ‘guix time-machine’ test effective....The test as added in 79ec651a286c71a3d4c72be33a1f80e76a560031 had no effect: first because ‘guix time-machine --commit=X’, not followed by a command, does nothing, and second because the “! COMMAND” shell stanza does not have the desired effect (see <https://issues.guix.gnu.org/62406>). This change rewrites the test to make it effective. * tests/guix-time-machine.sh: Rewrite. Change-Id: Ib44a11331c8625e346139a236cffa699cdbd02f2	Ludovic Courtès
2023-08-16	scripts: time-machine: Error when attempting to visit too old commits....* doc/guix.texi (Invoking guix time-machine): Document limitation. * guix/inferior.scm (cached-channel-instance): New VALIDATE-CHANNELS argument. Use it to validate channels when there are no cache hit. * guix/scripts/time-machine.scm (%options): Tag the given reference with 'tag-or-commit instead of 'commit. (%oldest-possible-commit): New variable. (guix-time-machine) <validate-guix-channel>: New nested procedure. Pass it to the 'cached-channel-instance' call. * tests/guix-time-machine.sh: New test. * Makefile.am (SH_TESTS): Register it. Suggested-by: Simon Tournier <zimon.toutoune@gmail.com> Reviewed-by: Ludovic Courtès <ludo@gnu.org> Reviewed-by: Simon Tournier <zimon.toutoune@gmail.com>	Maxim Cournoyer
Janneke Nieuwenhuizen
2024-11-11	installer: Add dry-run?...This allows running the installer without root privileges. Do something like ./pre-inst-env guix repl ,use (guix) ,use (gnu installer) (installer-program #:dry-run? #t) ,build $1 => "/gnu/store/...-installer-program" and run /gnu/store/...-installer-program * gnu/installer/newt.scm (locale-page): Add #:dry-run? parameter. (keymap-page): Likewise. * gnu/installer/newt/keymap.scm (run-keymap-page): Likewise. * gnu/installer/steps.scm (run-installer-steps): Likewise. Use it to skip writing to socket. * gnu/installer/newt/final.scm (run-final-page): Rename to... (run-final-page-install): ...this. (dry-run-final-page, run-final-page): New procedures. * gnu/installer/parted.scm (bootloader-configuration): Cater for empty user partitions. * gnu/installer/utils.scm (dry-run-command): New procedure. * gnu/installer.scm (compute-locale-step): Add #:dry-run? parameter. Use it to avoid actually applying locale. (compute-keymap-step): Add dry-run? parameter. Pass it to keymap-page. (installer-program): Add #:dry-run? parameter. If #:true avoid writing to /proc, use dry-run-command, skip sync and reboot, and pass dry-run? to... (installer-steps): ...here. Add #:dry-run? parameter. Use it to disable skip network, substitutes, partitioning pages, and pass it to... compute-locale-step, compute-keymap-step, and final-page. Change-Id: I0ff4c3b0a0c69539af617c27ba37654beed44619	Janneke Nieuwenhuizen