Greg Kroah-Hartman's patch, dated 8 Jan 2001.
diff -aur apache_1.3.14/src/support/htdigest.c apache_1.3.14-mkstemp/src/support/htdigest.c
--- apache_1.3.14/src/support/htdigest.c	Tue Jan 25 23:36:53 2000
+++ apache_1.3.14-mkstemp/src/support/htdigest.c	Tue Jan  9 20:42:42 2001
@@ -93,7 +93,7 @@
 
 #define MAX_STRING_LEN 256
 
-char *tn;
+char tn[MAX_STRING_LEN];
 
 
 static void getword(char *word, char *line, char stop)
@@ -156,7 +156,7 @@
     ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
     if (strcmp(pwin, pwv) != 0) {
 	fprintf(stderr, "They don't match, sorry.\n");
-	if (tn) {
+	if (strlen(tn)) {
 	    unlink(tn);
 	}
 	exit(1);
@@ -187,7 +187,7 @@
 static void interrupted(void)
 {
     fprintf(stderr, "Interrupted.\n");
-    if (tn)
+    if (strlen(tn))
 	unlink(tn);
     exit(1);
 }
@@ -215,8 +215,9 @@
     char x[MAX_STRING_LEN];
     char command[MAX_STRING_LEN];
     int found;
+    int tfd;
 
-    tn = NULL;
+    strcpy (tn, "/tmp/htdigest-XXXXXX");
     signal(SIGINT, (void (*)(int)) interrupted);
     if (argc == 5) {
 	if (strcmp(argv[1], "-c"))
@@ -235,8 +236,12 @@
     else if (argc != 4)
 	usage();
 
-    tn = tmpnam(NULL);
-    if (!(tfp = fopen(tn, "w"))) {
+    tfd = mkstemp (tn);
+    if (tfd == -1) {
+	fprintf(stderr, "Could not open temp file.\n");
+	exit(1);
+    }
+    if (!(tfp = fdopen(tfd, "w"))) {
 	fprintf(stderr, "Could not open temp file.\n");
 	exit(1);
     }
diff -aur apache_1.3.14/src/support/htpasswd.c apache_1.3.14-mkstemp/src/support/htpasswd.c
--- apache_1.3.14/src/support/htpasswd.c	Thu Jun  1 19:42:33 2000
+++ apache_1.3.14-mkstemp/src/support/htpasswd.c	Tue Jan  9 20:41:36 2001
@@ -125,7 +125,7 @@
  * This needs to be declared statically so the signal handler can
  * access it.
  */
-static char *tempfilename;
+static char tempfilename[MAX_STRING_LEN];
 /*
  * If our platform knows about the tmpnam() external buffer size, create
  * a buffer to pass in.  This is needed in a threaded environment, or
@@ -285,7 +285,7 @@
 static void interrupted(void)
 {
     fprintf(stderr, "Interrupted.\n");
-    if (tempfilename != NULL) {
+    if (strlen(tempfilename) > 0) {
 	unlink(tempfilename);
     }
     exit(ERR_INTERRUPTED);
@@ -377,8 +377,10 @@
     int noninteractive = 0;
     int i;
     int args_left = 2;
+    int tfd;
+
+    memset (tempfilename, 0x00, sizeof(tempfilename));
 
-    tempfilename = NULL;
     signal(SIGINT, (void (*)(int)) interrupted);
 
     /*
@@ -560,8 +562,9 @@
      * to add or update.  Let's do it..
      */
     errno = 0;
-    tempfilename = tmpnam(tname_buf);
-    if ((tempfilename == NULL) || (*tempfilename == '\0')) {
+    strcpy(tempfilename, "/tmp/htpasswd-XXXXXX");
+    tfd = mkstemp(tempfilename);
+    if (tfd == -1) {
 	fprintf(stderr, "%s: unable to generate temporary filename\n",
 		argv[0]);
 	if (errno == 0) {
@@ -570,7 +573,7 @@
 	perror("tmpnam");
 	exit(ERR_FILEPERM);
     }
-    ftemp = fopen(tempfilename, "w+");
+    ftemp = fdopen(tfd, "w+");
     if (ftemp == NULL) {
 	fprintf(stderr, "%s: unable to create temporary file '%s'\n", argv[0],
 		tempfilename);