From 128c34c9823340454dbdc16700bb67b40398a997 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dagfinn=20Ilmari=20Manns=C3=A5ker?= <ilmari@ilmari.org>
Date: Mon, 22 May 2017 18:04:28 +0100
Subject: [PATCH 1/2] Use File::Temp::tempdir in UNIX socket test/example
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

POSIX::tmpnam is insecure, and has been removed in Perl 5.26.
Instead, use File::Temp::tempdir() to create a secure tmporary
directory that the server can create its UNIX sockets in.

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 examples/connection_test.pl | 14 ++++++++------
 t/UNIX_test.t               |  6 ++++--
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/examples/connection_test.pl b/examples/connection_test.pl
index 1ec49a1..7d8ff7a 100644
--- a/examples/connection_test.pl
+++ b/examples/connection_test.pl
@@ -20,11 +20,11 @@ connection_test.pl - Test UDP/TCP/UNIX/UNIX_DGRAM connections
 
     # or
 
-    perl connection_test.pl UNIX
+    perl connection_test.pl UNIX <UNIX socket directory>
 
     # or
 
-    perl connection_test.pl UNIX_DGRAM
+    perl connection_test.pl UNIX_DGRAM <UNIX socket directory>
 
 =cut
 
@@ -34,7 +34,8 @@ use strict;
 use warnings;
 use base qw(Net::Server);
 use IO::Socket ();
-use POSIX qw(tmpnam);
+use File::Temp qw(tempdir);
+use File::Spec::Functions qw(catdir);
 use Socket qw(SOCK_DGRAM SOCK_STREAM);
 
 sub post_bind_hook {
@@ -44,13 +45,14 @@ sub post_bind_hook {
   }
 }
 
-my $socket_file  = tmpnam();
-$socket_file =~ s|/[^/]+$|/mysocket.file|;
-my $socket_file2 = $socket_file ."2";
+my $socket_dir  = $ARGV[1] || tempdir();
+my $socket_file = catdir($socket_dir, 'mysocket.file');
+my $socket_file2 = catdir($socket_dir, 'mysocket.file2');
 my $udp_port    = 20204;
 my $tcp_port    = 20204;
 
 print "\$Net::Server::VERSION = $Net::Server::VERSION\n";
+print "UNIX socket directory = $socket_dir\n";
 
 if( @ARGV ){
   if( uc($ARGV[0]) eq 'UDP' ){
diff --git a/t/UNIX_test.t b/t/UNIX_test.t
index b41f2fa..92649f2 100644
--- a/t/UNIX_test.t
+++ b/t/UNIX_test.t
@@ -2,7 +2,8 @@
 
 package Net::Server::Test;
 use strict;
-use POSIX qw(tmpnam);
+use File::Temp qw(tempdir);
+use File::Spec::Functions qw(catfile);
 use English qw($UID $GID);
 use FindBin qw($Bin);
 use lib $Bin;
@@ -22,7 +23,8 @@ sub accept {
     return shift->SUPER::accept(@_);
 }
 
-my $socket_file = tmpnam; # must do before fork
+my $socket_dir = tempdir();
+my $socket_file = catfile($socket_dir, 'socket'); # must do before fork
 my $ok = eval {
     local $SIG{'ALRM'} = sub { die "Timeout\n" };
     alarm $env->{'timeout'};
-- 
2.9.4