File ant-CVE-2020-1945-1.patch of Package ant.23494

From 9c1f4d905da59bf446570ac28df5b68a37281f35 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bodewig@apache.org>
Date: Sun, 8 Mar 2020 17:14:44 +0100
Subject: [PATCH] provide a magic property that overrides temp directory

---
 manual/Tasks/cab.html                         |  4 ++
 manual/Tasks/cvstagdiff.html                  |  2 +
 manual/Tasks/ejb.html                         |  3 +
 manual/Tasks/exec.html                        |  2 +
 manual/Tasks/fixcrlf.html                     |  4 +-
 manual/Tasks/ftp.html                         |  7 +-
 manual/Tasks/javadoc.html                     |  6 +-
 manual/Tasks/replaceregexp.html               |  5 +-
 manual/Types/selectors.html                   |  4 ++
 manual/running.html                           | 46 +++++++++++++
 src/main/org/apache/tools/ant/MagicNames.java |  9 +++
 .../apache/tools/ant/taskdefs/FixCRLF.java    |  2 +-
 .../apache/tools/ant/taskdefs/Javadoc.java    |  4 +-
 .../org/apache/tools/ant/taskdefs/Jikes.java  |  2 +-
 .../apache/tools/ant/taskdefs/Replace.java    |  2 +-
 .../apache/tools/ant/taskdefs/TempFile.java   |  2 +-
 .../org/apache/tools/ant/taskdefs/Zip.java    |  2 +-
 .../compilers/DefaultCompilerAdapter.java     |  2 +-
 .../tools/ant/taskdefs/cvslib/CvsTagDiff.java |  2 +-
 .../taskdefs/launcher/VmsCommandLauncher.java | 10 +--
 .../tools/ant/taskdefs/optional/Cab.java      |  4 +-
 .../ant/taskdefs/optional/ReplaceRegExp.java  |  2 +-
 .../taskdefs/optional/junit/JUnitTask.java    |  2 +-
 .../tools/ant/taskdefs/optional/net/FTP.java  |  2 +-
 .../optional/net/FTPTaskMirrorImpl.java       |  2 +-
 .../modifiedselector/ModifiedSelector.java    |  2 +-
 .../org/apache/tools/ant/util/FileUtils.java  | 65 ++++++++++++++-----
 .../apache/tools/ant/util/JavaEnvUtils.java   |  2 +-
 .../tools/ant/util/SymbolicLinkUtils.java     |  7 +-
 .../apache/tools/ant/util/FileUtilsTest.java  | 61 +++++++++++++----
 31 files changed, 214 insertions(+), 58 deletions(-)

Index: apache-ant-1.10.7/manual/Tasks/cab.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/cab.html
+++ apache-ant-1.10.7/manual/Tasks/cab.html
@@ -39,6 +39,10 @@ how the inclusion/exclusion of files wor
 attributes of <code>&lt;fileset&gt;</code> (<var>dir</var> becomes <var>basedir</var>) as well as
 the nested <code>&lt;include&gt;</code>, <code>&lt;exclude&gt;</code>
 and <code>&lt;patternset&gt;</code> elements.</p>
+
+<p>On non-Unix platforms this task writes the list of files to archive
+  to the <a href="../running.html#tmpdir">temporary directory</a>.</p>
+
 <h3>Parameters</h3>
 <table class="attr">
   <tr>
Index: apache-ant-1.10.7/manual/Tasks/cvstagdiff.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/cvstagdiff.html
+++ apache-ant-1.10.7/manual/Tasks/cvstagdiff.html
@@ -31,6 +31,8 @@ execute <kbd>cvs.exe</kbd> from the comm
 Also note that this task assumes that the <kbd>cvs</kbd> executable is compatible with the Unix
 version, this is not completely true for certain other CVS clients&mdash;like CVSNT for
 example&mdash;and some operation may fail when using such an incompatible client.</p>
+<p>This task captures the output of the CVS command in a file inside of
+  the <a href="../running.html#tmpdir">temporary directory</a>.</p>
 <h3>Parameters</h3>
 <table class="attr">
   <tr>
Index: apache-ant-1.10.7/manual/Tasks/ejb.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/ejb.html
+++ apache-ant-1.10.7/manual/Tasks/ejb.html
@@ -1268,6 +1268,9 @@ the <code>ejbjar</code> task (for exampl
 and <var>flatdestdir</var>) as well as the <code>iplanet</code> element (for
 example, <var>suffix</var>).  Refer to the appropriate documentation for more details.</p>
 
+<p>This task creates a directory for scratch data inside of
+  the <a href="../running.html#tmpdir">temporary directory</a>.</p>
+
 <h3>Parameters</h3>
 
 <table class="attr">
Index: apache-ant-1.10.7/manual/Tasks/exec.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/exec.html
+++ apache-ant-1.10.7/manual/Tasks/exec.html
@@ -83,6 +83,8 @@ target="_top">OpenJDK build instructions
 <p>The command specified using <var>executable</var> and <code>&lt;arg&gt;</code> elements is
 executed exactly as specified inside a temporary DCL script.  This has some implications:</p>
 <ul>
+  <li>the DCL script will be created inside
+  the <a href="../running.html#tmpdir">temporary directory</a>.</li>
   <li>paths have to be written in VMS style</li>
   <li>if your <var>executable</var> points to a DCL script remember to prefix it with
     an <q>@</q>-sign (e.g. <var>executable</var>=<q>@[FOO]BAR.COM</q>), just as you would in a DCL
Index: apache-ant-1.10.7/manual/Tasks/fixcrlf.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/fixcrlf.html
+++ apache-ant-1.10.7/manual/Tasks/fixcrlf.html
@@ -42,9 +42,13 @@
     the nested <code>&lt;include&gt;</code>, <code>&lt;exclude&gt;</code>
     and <code>&lt;patternset&gt;</code> elements.</p>
 
-  <p>The output file is only written if it is a new file, or if it differs from the existing file.
-    This prevents spurious rebuilds based on unchanged files which have been regenerated by this
-    task.</p>
+  <p>
+    The output file is only written if it is a new file, or if it
+    differs from the existing file.  This prevents spurious
+    rebuilds based on unchanged files which have been regenerated
+    by this task. In order to assess whether a file has changed, this
+    task will create a pre-processed version of the source file inside of
+    the <a href="../running.html#tmpdir">temporary directory</a>.
 
   <p><em>Since Apache Ant 1.7</em>, this task can be used in
     a <a href="../Types/filterchain.html">filterchain</a>.</p>
Index: apache-ant-1.10.7/manual/Tasks/ftp.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/ftp.html
+++ apache-ant-1.10.7/manual/Tasks/ftp.html
@@ -129,7 +129,12 @@ connection.</p>
     <td>timediffauto</td>
     <td>set to <q>true</q> to make Ant calculate the time difference between client and
     server.<br/><em>requires write access in the remote directory</em><br/><em>Since Ant
-    1.6</em></td>
+    1.6</em><br/>
+    If this is set to <code>true</code> then Ant will create an empty
+    file inside of the <a href="../running.html#tmpdir">temporary
+    directory</a> and transfer it to the remote server - deleting it on
+    both sides once the difference has been determined.
+    </td>
     <td>No</td>
   </tr>
   <tr id="timestampGranularity">
Index: apache-ant-1.10.7/manual/Tasks/javadoc.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/javadoc.html
+++ apache-ant-1.10.7/manual/Tasks/javadoc.html
@@ -436,7 +436,10 @@ with the <var>exclude</var> patterns of
       nested <code>source</code> elements should be written to a temporary file to make the command
       line shorter. Also applies to the package names specified via the <var>packagenames</var>
       attribute or nested <code>package</code> elements.  <em>Since Ant 1.7.0</em>, also applies to
-      all the other command line options.  (<q>yes|no</q>).</td>
+      all the other command line options.  (<q>yes|no</q>).<br/>
+      If enabled, the file will be written to
+      the <a href="../running.html#tmpdir">temporary
+      directory</a>.</td>
     <td>all</td>
     <td>No; default is <q>no</q></td>
   </tr>
Index: apache-ant-1.10.7/manual/Tasks/replaceregexp.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/replaceregexp.html
+++ apache-ant-1.10.7/manual/Tasks/replaceregexp.html
@@ -28,8 +28,12 @@
 <p><code>ReplaceRegExp</code> is a directory based task for replacing the occurrence of a given
 regular expression with a substitution pattern in a selected file or set of files.</p>
 
-<p>The output file is only written if it differs from the existing file.  This prevents spurious
-rebuilds based on unchanged files which have been regenerated by this task.</p>
+<p>The output file is only written if it differs from the existing
+file.  This prevents spurious rebuilds based on unchanged files which
+have been regenerated by this task. In order to assess whether a file
+has changed, this task will create a pre-processed version of the
+source file inside of the <a href="../running.html#tmpdir">temporary
+directory</a>.</p>
 
 <p>Similar to <a href="../Types/mapper.html#regexp-mapper">regexp type mappers</a> this task needs a
 supporting regular expression library and an implementation
Index: apache-ant-1.10.7/manual/Types/selectors.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Types/selectors.html
+++ apache-ant-1.10.7/manual/Types/selectors.html
@@ -619,6 +619,10 @@
     the <code>&lt;modified&gt;</code> selector tries to (<strong>attention!</strong>) copy the
     content into a local file for computing the hashvalue.</p>
 
+    <p>If the source resource is not a filesystem resource the
+    modified selector will download it to
+    the <a href="../running.html#tmpdir">temporary directory</a>.</p>
+
     <table class="attr">
       <tr>
         <th scope="col">Attribute</th>
Index: apache-ant-1.10.7/manual/running.html
===================================================================
--- apache-ant-1.10.7.orig/manual/running.html
+++ apache-ant-1.10.7/manual/running.html
@@ -460,6 +460,22 @@ And I filtered out the <code>getProperty
   <td><code>ant.tstamp.now.iso</code></td>
   <td>ISO-8601 timestamp string like <code>1972-04-17T08:07:00Z</code></td>
 </tr>
+<tr>
+  <td><code>java.io.tmpdir</code></td>
+  <td>Some tasks need to create temporary files and will write them to
+  the directory specified by this property. This property is set by
+  the Java VM but can be overridden when Ant is started.<br/>
+  See also <a href="#tmpdir">Temporary Directories</a>.</td>
+</table>
+<tr>
+  <td><code>ant.tmpdir</code></td>
+  <td><em>Since Ant 1.10.8</em><br/>
+  Some tasks need to create temporary files and will write them to
+  the directory specified by this property. This property takes
+  precedence over <code>java.io.tmpdir</code> if it has been
+  set. Unlike <code>java.io.tmpdir</code> this property can be set
+  from within the build file.<br/>
+  See also <a href="#tmpdir">Temporary Directories</a>.</td>
 </table>
 
 <p>
@@ -477,6 +493,37 @@ return code of the <code>java</code> pro
 returns <q>0</q>, failed builds return other values.
 </p>
 
+<h2 id="tmpdir">Temporary Directories</h2>
+
+<p>Some Ant tasks and types need to create temporary files. By default
+they use the default temporary directory of the Java VM they are
+running in - which can be set by setting the system
+property <code>java.io.tmpdir</code>. The default value of it depends
+on the platform and the JVM implementation.</p>
+
+<p>Setting a system property when invoking Ant is not straight forward
+  as the corresponding command line arguments must be sent to the Java
+  executable rather than Ant's main class. When using
+  the <code>ant(.cmd)</code> wrapper scripts you can do so with the
+  help of the <code>ANT_OPTS</code> environment variable.</p>
+
+<p>Starting with Ant 1.10.8 we've introduced a new Ant
+  property <code>ant.tmpdir</code> that takes precedence
+  over <code>java.io.tmpdir</code> when set. As this is a normal Ant
+  property it can be set via the command line or even from within a
+  build file.</p>
+
+<p>Tasks and types using the temporary directory will state the fact
+  inside of their respective manual page. In addition every execution
+  of an external command on OpenVMS will create a temporary file
+  holding a DCL script that invokes the actual command.</p>
+
+<p>Tasks not provided with the Ant distribution will ignore
+  the <code>ant.tmpdir</code> property and
+  use <code>java.io.tmpdir</code> unless they have been adapted to the
+  changed API of Ant 1.10.8.</p>
+
+
 <h2 id="cygwin">Cygwin Users</h2>
 <p>
 Unix launch script that come with Ant works correctly with Cygwin. You
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/MagicNames.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/MagicNames.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/MagicNames.java
@@ -322,5 +322,13 @@ public final class MagicNames {
      */
     public static final String TSTAMP_NOW_ISO = "ant.tstamp.now.iso";
 
+    /**
+     * Magic property that can be set to override the java.io.tmpdir
+     * system property as the location for Ant's default temporary
+     * directory.
+     * Value: {@value}
+     * @since Ant 1.10.8
+     */
+    public static final String TMPDIR = "ant.tmpdir";
 }
 
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/FixCRLF.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/FixCRLF.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/FixCRLF.java
@@ -354,7 +354,7 @@ public class FixCRLF extends MatchingTas
             fcv = new Vector<>(1);
             fcv.add(fc);
         }
-        File tmpFile = FILE_UTILS.createTempFile("fixcrlf", "", null, true, true);
+        File tmpFile = FILE_UTILS.createTempFile(getProject(), "fixcrlf", "", null, true, true);
         try {
             FILE_UTILS.copyFile(srcFile, tmpFile, null, fcv, true, false,
                 encoding, outputEncoding == null ? encoding : outputEncoding,
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Javadoc.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/Javadoc.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Javadoc.java
@@ -1868,7 +1868,7 @@ public class Javadoc extends Task {
              */
             BufferedWriter srcListWriter = null;
             if (useExternalFile) {
-                tmpList = FILE_UTILS.createTempFile("javadoc", "", null, true, true);
+                tmpList = FILE_UTILS.createTempFile(getProject(), "javadoc", "", null, true, true);
                 toExecute.createArgument()
                     .setValue("@" + tmpList.getAbsolutePath());
                 wr = new FileWriter(tmpList.getAbsolutePath(), true);
@@ -2049,7 +2049,7 @@ public class Javadoc extends Task {
         File optionsTmpFile = null;
         try {
             optionsTmpFile = FILE_UTILS.createTempFile(
-                "javadocOptions", "", null, true, true);
+                getProject(), "javadocOptions", "", null, true, true);
             final String[] listOpt = toExecute.getArguments();
             toExecute.clearArgs();
             toExecute.createArgument().setValue(
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Jikes.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/Jikes.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Jikes.java
@@ -81,7 +81,7 @@ public class Jikes {
             // Windows has a 32k limit on total arg size, so
             // create a temporary file to store all the arguments
             if (Os.isFamily(Os.FAMILY_WINDOWS) && args.length > MAX_FILES_ON_COMMAND_LINE) {
-                tmpFile = FileUtils.getFileUtils().createTempFile("jikes",
+                tmpFile = FileUtils.getFileUtils().createTempFile(project, "jikes",
                         "tmp", null, false, true);
                 try (BufferedWriter out = new BufferedWriter(new FileWriter(tmpFile))) {
                     for (String arg : args) {
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Replace.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/Replace.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Replace.java
@@ -649,7 +649,7 @@ public class Replace extends MatchingTas
         logFilterChain(src.getPath());
 
         try {
-            File temp = FILE_UTILS.createTempFile("rep", ".tmp",
+            File temp = FILE_UTILS.createTempFile(getProject(), "rep", ".tmp",
                     src.getParentFile(), false, true);
             try {
                 try (FileInput in = new FileInput(src);
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/TempFile.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/TempFile.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/TempFile.java
@@ -154,7 +154,7 @@ public class TempFile extends Task {
         if (destDir == null) {
             destDir = getProject().resolveFile(".");
         }
-        File tfile = FILE_UTILS.createTempFile(prefix, suffix, destDir,
+        File tfile = FILE_UTILS.createTempFile(getProject(), prefix, suffix, destDir,
                     deleteOnExit, createFile);
         getProject().setNewProperty(property, tfile.toString());
     }
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Zip.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/Zip.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/Zip.java
@@ -800,7 +800,7 @@ public class Zip extends MatchingTask {
     /** rename the zip file. */
     private File renameFile() {
         final File renamedFile = FILE_UTILS.createTempFile(
-            "zip", ".tmp", zipFile.getParentFile(), true, false);
+            getProject(), "zip", ".tmp", zipFile.getParentFile(), true, false);
         try {
             FILE_UTILS.rename(zipFile, renamedFile);
         } catch (final SecurityException | IOException e) {
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/compilers/DefaultCompilerAdapter.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/compilers/DefaultCompilerAdapter.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/compilers/DefaultCompilerAdapter.java
@@ -545,7 +545,7 @@ public abstract class DefaultCompilerAda
                 && firstFileName >= 0) {
                 try {
                     tmpFile = FILE_UTILS.createTempFile(
-                        "files", "", getJavac().getTempdir(), true, true);
+                        getProject(), "files", "", getJavac().getTempdir(), true, true);
                     try (BufferedWriter out =
                         new BufferedWriter(new FileWriter(tmpFile))) {
                         for (int i = firstFileName; i < args.length; i++) {
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/cvslib/CvsTagDiff.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/cvslib/CvsTagDiff.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/cvslib/CvsTagDiff.java
@@ -260,7 +260,7 @@ public class CvsTagDiff extends Abstract
         try {
             handlePackageNames();
 
-            tmpFile = FILE_UTILS.createTempFile("cvstagdiff", ".log", null,
+            tmpFile = FILE_UTILS.createTempFile(getProject(), "cvstagdiff", ".log", null,
                                                 true, true);
             setOutput(tmpFile);
 
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/launcher/VmsCommandLauncher.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/launcher/VmsCommandLauncher.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/launcher/VmsCommandLauncher.java
@@ -48,7 +48,7 @@ public class VmsCommandLauncher extends
     @Override
     public Process exec(Project project, String[] cmd, String[] env)
         throws IOException {
-        File cmdFile = createCommandFile(cmd, env);
+        File cmdFile = createCommandFile(project, cmd, env);
         Process p =
             super.exec(project, new String[] {cmdFile.getPath()}, env);
         deleteAfter(cmdFile, p);
@@ -76,7 +76,7 @@ public class VmsCommandLauncher extends
     @Override
     public Process exec(Project project, String[] cmd, String[] env,
                         File workingDir) throws IOException {
-        File cmdFile = createCommandFile(cmd, env);
+        File cmdFile = createCommandFile(project, cmd, env);
         Process p = super.exec(project, new String[] {cmdFile.getPath()}, env,
             workingDir);
         deleteAfter(cmdFile, p);
@@ -91,9 +91,9 @@ public class VmsCommandLauncher extends
      * @return the command File.
      * @throws IOException if errors are encountered creating the file.
      */
-    private File createCommandFile(String[] cmd, String[] env)
+    private File createCommandFile(final Project project, String[] cmd, String[] env)
         throws IOException {
-        File script = FILE_UTILS.createTempFile("ANT", ".COM", null, true, true);
+        File script = FILE_UTILS.createTempFile(project, "ANT", ".COM", null, true, true);
         try (BufferedWriter out = new BufferedWriter(new FileWriter(script))) {
 
             // add the environment as logicals to the DCL script
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/Cab.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/Cab.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/Cab.java
@@ -173,7 +173,7 @@ public class Cab extends MatchingTask {
      */
     protected File createListFile(Vector<String> files)
         throws IOException {
-        File listFile = FILE_UTILS.createTempFile("ant", "", null, true, true);
+        File listFile = FILE_UTILS.createTempFile(getProject(), "ant", "", null, true, true);
 
         try (BufferedWriter writer =
             new BufferedWriter(new FileWriter(listFile))) {
@@ -301,7 +301,7 @@ public class Cab extends MatchingTask {
                 exec.setDir(baseDir);
 
                 if (!doVerbose) {
-                    outFile = FILE_UTILS.createTempFile("ant", "", null, true, true);
+                    outFile = FILE_UTILS.createTempFile(getProject(), "ant", "", null, true, true);
                     exec.setOutput(outFile);
                 }
 
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/ReplaceRegExp.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/ReplaceRegExp.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/ReplaceRegExp.java
@@ -350,7 +350,7 @@ public class ReplaceRegExp extends Task
      */
     protected void doReplace(File f, int options)
          throws IOException {
-        File temp = FILE_UTILS.createTempFile("replace", ".txt", null, true, true);
+        File temp = FILE_UTILS.createTempFile(getProject(), "replace", ".txt", null, true, true);
         try {
             boolean changes = false;
 
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junit/JUnitTask.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/junit/JUnitTask.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junit/JUnitTask.java
@@ -1427,7 +1427,7 @@ public class JUnitTask extends Task {
      * @return created file
      */
     private File createTempPropertiesFile(final String prefix) {
-        return FILE_UTILS.createTempFile(prefix, ".properties",
+        return FILE_UTILS.createTempFile(getProject(), prefix, ".properties",
             tmpDir != null ? tmpDir : getProject().getBaseDir(), true, true);
     }
 
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
@@ -2058,7 +2058,7 @@ public class FTP extends Task implements
         FTPFile[] files = null;
         final int maxIterations = 1000;
         for (int counter = 1; counter < maxIterations; counter++) {
-            File localFile = FILE_UTILS.createTempFile(
+            File localFile = FILE_UTILS.createTempFile(getProject(),
                                                        "ant" + Integer.toString(counter), ".tmp",
                                                        null, false, false);
             String fileName = localFile.getName();
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/net/FTPTaskMirrorImpl.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/net/FTPTaskMirrorImpl.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/net/FTPTaskMirrorImpl.java
@@ -1371,7 +1371,7 @@ public class FTPTaskMirrorImpl implement
         FTPFile[] files = null;
         final int maxIterations = 1000;
         for (int counter = 1; counter < maxIterations; counter++) {
-            File localFile = FILE_UTILS.createTempFile(
+            File localFile = FILE_UTILS.createTempFile(task.getProject(),
                                                        "ant" + Integer.toString(counter), ".tmp",
                                                        null, false, false);
             String fileName = localFile.getName();
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/types/selectors/modifiedselector/ModifiedSelector.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/types/selectors/modifiedselector/ModifiedSelector.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/types/selectors/modifiedselector/ModifiedSelector.java
@@ -446,7 +446,7 @@ public class ModifiedSelector extends Ba
             // How to handle non-file-Resources? I copy temporarily the
             // resource to a file and use the file-implementation.
             FileUtils fu = FileUtils.getFileUtils();
-            File tmpFile = fu.createTempFile("modified-", ".tmp", null, true, false);
+            File tmpFile = fu.createTempFile(getProject(), "modified-", ".tmp", null, true, false);
             Resource tmpResource = new FileResource(tmpFile);
             ResourceUtils.copyResource(resource, tmpResource);
             boolean isSelected = isSelected(tmpFile.getParentFile(),
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/util/FileUtils.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/util/FileUtils.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/util/FileUtils.java
@@ -50,6 +50,7 @@ import java.util.jar.JarFile;
 import java.util.stream.Collectors;
 
 import org.apache.tools.ant.BuildException;
+import org.apache.tools.ant.MagicNames;
 import org.apache.tools.ant.PathTokenizer;
 import org.apache.tools.ant.Project;
 import org.apache.tools.ant.launch.Locator;
@@ -891,19 +892,15 @@ public class FileUtils {
      * this method was invoked, any subsequent invocation of this method will
      * yield a different file name.
      * </p>
-     * <p>
-     * The filename is prefixNNNNNsuffix where NNNN is a random number.
-     * </p>
      *
-     * @param prefix
-     *            prefix before the random number.
+     * @param prefix file name prefix.
      * @param suffix
      *            file extension; include the '.'.
      * @param parentDir
      *            Directory to create the temporary file in; java.io.tmpdir used
      *            if not specified.
      *
-     * @deprecated since ant 1.7.1 use createTempFile(String, String, File,
+     * @deprecated since ant 1.7.1 use createTempFile(Project, String, String, File,
      * boolean, boolean) instead.
      * @return a File reference to the new, nonexistent temporary file.
      */
@@ -912,8 +909,6 @@ public class FileUtils {
         return createTempFile(prefix, suffix, parentDir, false, false);
     }
 
-    private static final String NULL_PLACEHOLDER = "null";
-
     /**
      * Create a temporary file in a given directory.
      *
@@ -921,7 +916,7 @@ public class FileUtils {
      * exist before this method was invoked, any subsequent invocation
      * of this method will yield a different file name.</p>
      *
-     * @param prefix prefix before the random number.
+     * @param prefix file name prefix.
      * @param suffix file extension; include the '.'.
      * @param parentDir Directory to create the temporary file in;
      * java.io.tmpdir used if not specified.
@@ -934,13 +929,52 @@ public class FileUtils {
      *
      * @return a File reference to the new temporary file.
      * @since Ant 1.7.1
+     * @deprecated since Ant 1.10.8 use createTempFile(Project, String, String, File,
+     * boolean, boolean) instead.
      */
+    @Deprecated
     public File createTempFile(String prefix, String suffix, File parentDir,
             boolean deleteOnExit, boolean createFile) {
-        File result;
-        String parent = (parentDir == null)
-                ? System.getProperty("java.io.tmpdir")
-                : parentDir.getPath();
+        return createTempFile(null, prefix, suffix, parentDir, deleteOnExit, createFile);
+    }
+
+    private static final String NULL_PLACEHOLDER = "null";
+
+    /**
+     * Create a temporary file in a given directory.
+     *
+     * <p>The file denoted by the returned abstract pathname did not
+     * exist before this method was invoked, any subsequent invocation
+     * of this method will yield a different file name.</p>
+     *
+     * @param project reference to the current Ant project.
+     * @param prefix file name prefix.
+     * @param suffix file extension; include the '.'.
+     * @param parentDir Directory to create the temporary file in;
+     *        if not specified and {@code project} is not null then the value
+     *        of the property {@code ant.tmpdir} is used if set;
+     *        otherwise {@code java.io.tmpdir} is used.
+     * @param deleteOnExit whether to set the tempfile for deletion on
+     *        normal VM exit.
+     * @param createFile true if the file must actually be created. If false
+     * chances exist that a file with the same name is created in the time
+     * between invoking this method and the moment the file is actually created.
+     * If possible set to true.
+     *
+     * @return a File reference to the new temporary file.
+     * @since Ant 1.9.15
+     */
+    public File createTempFile(final Project project, String prefix, String suffix,
+            final File parentDir, final boolean deleteOnExit, final boolean createFile) {
+	File result;
+        final String parent;
+        if (parentDir != null) {
+            parent = parentDir.getPath();
+        } else if (project != null && project.getProperty(MagicNames.TMPDIR) != null) {
+            parent = project.getProperty(MagicNames.TMPDIR);
+        } else {
+            parent = System.getProperty("java.io.tmpdir");
+        }
         if (prefix == null) {
             prefix = NULL_PLACEHOLDER;
         }
@@ -980,12 +1014,8 @@ public class FileUtils {
      * this method was invoked, any subsequent invocation of this method will
      * yield a different file name.
      * </p>
-     * <p>
-     * The filename is prefixNNNNNsuffix where NNNN is a random number.
-     * </p>
      *
-     * @param prefix
-     *            prefix before the random number.
+     * @param prefix file name prefix.
      * @param suffix
      *            file extension; include the '.'.
      * @param parentDir
@@ -994,7 +1024,7 @@ public class FileUtils {
      * @param deleteOnExit
      *            whether to set the tempfile for deletion on normal VM exit.
      *
-     * @deprecated since ant 1.7.1 use createTempFile(String, String, File,
+     * @deprecated since ant 1.7.1 use createTempFile(Project, String, String, File,
      * boolean, boolean) instead.
      * @return a File reference to the new, nonexistent temporary file.
      */
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/util/JavaEnvUtils.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/util/JavaEnvUtils.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/util/JavaEnvUtils.java
@@ -542,7 +542,7 @@ public final class JavaEnvUtils {
      */
     public static File createVmsJavaOptionFile(String[] cmds)
             throws IOException {
-        File script = FILE_UTILS.createTempFile("ANT", ".JAVA_OPTS", null, false, true);
+        File script = FILE_UTILS.createTempFile(null, "ANT", ".JAVA_OPTS", null, false, true);
         try (BufferedWriter out = new BufferedWriter(new FileWriter(script))) {
             for (String cmd : cmds) {
                 out.write(cmd);
Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/util/SymbolicLinkUtils.java
===================================================================
--- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/util/SymbolicLinkUtils.java
+++ apache-ant-1.10.7/src/main/org/apache/tools/ant/util/SymbolicLinkUtils.java
@@ -22,6 +22,7 @@ import java.io.FileNotFoundException;
 import java.io.IOException;
 
 import org.apache.tools.ant.BuildException;
+import org.apache.tools.ant.Project;
 import org.apache.tools.ant.Task;
 import org.apache.tools.ant.taskdefs.Execute;
 
@@ -240,9 +241,9 @@ public class SymbolicLinkUtils {
         if (task == null || target.getParentFile().canWrite()) {
 
             // rename the resource, thus breaking the link:
-            final File temp = FILE_UTILS.createTempFile("symlink", ".tmp",
-                                                  target.getParentFile(), false,
-                                                  false);
+            final Project project = task == null ? null : task.getProject();
+            final File temp = FILE_UTILS.createTempFile(project, "symlink", ".tmp",
+                target.getParentFile(), false, false);
 
             if (FILE_UTILS.isLeadingPath(target, link)) {
                 // link points to a parent directory, renaming the parent
Index: apache-ant-1.10.7/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
===================================================================
--- apache-ant-1.10.7.orig/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
+++ apache-ant-1.10.7/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
@@ -29,6 +29,7 @@ import java.util.Optional;
 
 import org.apache.tools.ant.BuildException;
 import org.apache.tools.ant.MagicTestNames;
+import org.apache.tools.ant.Project;
 import org.apache.tools.ant.taskdefs.condition.Os;
 import org.junit.Before;
 import org.junit.Rule;
@@ -355,9 +356,14 @@ public class FileUtilsTest {
      */
     @Test
     public void testCreateTempFile() throws IOException {
-        // null parent dir
-        File tmp1 = getFileUtils().createTempFile("pre", ".suf", null, false, true);
-        String tmploc = System.getProperty("java.io.tmpdir");
+        final String tmploc = System.getProperty("java.io.tmpdir");
+        final Project projectWithoutTempDir = new Project();
+        final Project projectWithTempDir = new Project();
+        final File projectTmpDir = folder.newFolder("subdir");
+        projectWithTempDir.setProperty("ant.tmpdir", projectTmpDir.getAbsolutePath());
+
+        // null parent dir, null project
+        File tmp1 = getFileUtils().createTempFile(null, "pre", ".suf", null, false, true);
         String name = tmp1.getName();
         assertThat("starts with pre", name, startsWith("pre"));
         assertThat("ends with .suf", name, endsWith(".suf"));
@@ -366,9 +372,29 @@ public class FileUtilsTest {
                 tmp1.getAbsolutePath());
         tmp1.delete();
 
+        // null parent dir, project without magic property
+        tmp1 = getFileUtils().createTempFile(projectWithoutTempDir, "pre", ".suf", null, false, true);
+        name = tmp1.getName();
+        assertTrue("starts with pre", name.startsWith("pre"));
+        assertTrue("ends with .suf", name.endsWith(".suf"));
+        assertTrue("File was created", tmp1.exists());
+        assertEquals((new File(tmploc, tmp1.getName())).getAbsolutePath(), tmp1
+                .getAbsolutePath());
+        tmp1.delete();
+
+        // null parent dir, project with magic property
+        tmp1 = getFileUtils().createTempFile(projectWithTempDir, "pre", ".suf", null, false, true);
+        name = tmp1.getName();
+        assertTrue("starts with pre", name.startsWith("pre"));
+        assertTrue("ends with .suf", name.endsWith(".suf"));
+        assertTrue("File was created", tmp1.exists());
+        assertEquals((new File(projectTmpDir, tmp1.getName())).getAbsolutePath(), tmp1
+                .getAbsolutePath());
+        tmp1.delete();
+
         File dir2 = folder.newFolder("ant-test");
 
-        File tmp2 = getFileUtils().createTempFile("pre", ".suf", dir2, true, true);
+        File tmp2 = getFileUtils().createTempFile(null, "pre", ".suf", dir2, true, true);
         String name2 = tmp2.getName();
         assertThat("starts with pre", name2, startsWith("pre"));
         assertThat("ends with .suf", name2, endsWith(".suf"));
@@ -377,6 +403,25 @@ public class FileUtilsTest {
                 tmp2.getAbsolutePath());
         tmp2.delete();
 
+        tmp2 = getFileUtils().createTempFile(projectWithoutTempDir, "pre", ".suf", dir2, true, true);
+        name2 = tmp2.getName();
+        assertTrue("starts with pre", name2.startsWith("pre"));
+        assertTrue("ends with .suf", name2.endsWith(".suf"));
+        assertTrue("File was created", tmp2.exists());
+        assertEquals((new File(dir2, tmp2.getName())).getAbsolutePath(), tmp2
+                .getAbsolutePath());
+        tmp2.delete();
+
+        tmp2 = getFileUtils().createTempFile(projectWithTempDir, "pre", ".suf", dir2, true, true);
+        name2 = tmp2.getName();
+        assertTrue("starts with pre", name2.startsWith("pre"));
+        assertTrue("ends with .suf", name2.endsWith(".suf"));
+        assertTrue("File was created", tmp2.exists());
+        assertEquals((new File(dir2, tmp2.getName())).getAbsolutePath(), tmp2
+                .getAbsolutePath());
+        tmp2.delete();
+        dir2.delete();
+
         File parent = new File((new File("/tmp")).getAbsolutePath());
         tmp1 = getFileUtils().createTempFile("pre", ".suf", parent, false);
         assertFalse("new file", tmp1.exists());
@@ -388,13 +433,8 @@ public class FileUtilsTest {
                 .getParent());
 
         tmp2 = getFileUtils().createTempFile("pre", ".suf", parent, false);
-        assertNotEquals("files are different", tmp1.getAbsolutePath(), tmp2.getAbsolutePath());
-
-        // null parent dir
-        File tmp3 = getFileUtils().createTempFile("pre", ".suf", null, false);
-        tmploc = System.getProperty("java.io.tmpdir");
-        assertEquals((new File(tmploc, tmp3.getName())).getAbsolutePath(),
-                tmp3.getAbsolutePath());
+        assertTrue("files are different", !tmp1.getAbsolutePath().equals(
+                tmp2.getAbsolutePath()));
     }
 
     /**
openSUSE Build Service is sponsored by