File CVE-2014-1934-mktemp.patch of Package python-eyeD3

Index: eyeD3-0.7.4/src/eyed3/id3/tag.py
===================================================================
--- eyeD3-0.7.4.orig/src/eyed3/id3/tag.py	2014-04-28 14:14:05.635445665 +0200
+++ eyeD3-0.7.4/src/eyed3/id3/tag.py	2014-04-28 14:59:03.022541899 +0200
@@ -946,10 +946,10 @@
                       "padding" % (len(tag_data), len(padding)))
             if rewrite_required:
                 # Open tmp file
-                tmp_name = tempfile.mktemp()
-                with open(tmp_name, "wb") as tmp_file:
+                tmp_fd, tmp_name = tempfile.mkstemp()
+                try:
+                    tmp_file = os.fdopen(tmp_fd, 'w+b')
                     tmp_file.write(tag_data + padding)
-
                     # Copy audio data in chunks
                     with open(self.file_info.name, "rb") as tag_file:
                         if curr_tag_size != 0:
@@ -960,6 +960,8 @@
                                   "byte %d (%x)" % (seek_point, seek_point))
                         tag_file.seek(seek_point)
                         chunkCopy(tag_file, tmp_file)
+                finally:
+                    tmp_file.close()
 
                 # Move tmp to orig.
                 shutil.copyfile(tmp_name, self.file_info.name)
@@ -1118,9 +1120,12 @@
                     tag_file.seek(tag.file_info.tag_size)
 
                     # Open tmp file
-                    tmp_name = tempfile.mktemp()
-                    with open(tmp_name, "wb") as tmp_file:
+                    tmp_fd, tmp_name = tempfile.mkstemp()
+                    try:
+                        tmp_file = os.fdopen(tmp_fd, 'w+b')
                         chunkCopy(tag_file, tmp_file)
+                    finally:
+                        tmp_file.close()
 
                     # Move tmp to orig
                     shutil.copyfile(tmp_name, filename)