> * added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
> tcltags.sh so they use mktemp instead of insecure $$ construction to
> create temporary files (CAN-2005-0069) (closes: #289560)
A few comments and questions regarding this entry:
- the scripts seem to be ancient and no longer supported by either their
authors nor vim maintainer and have been removed upstream.
- I understand that Ubuntu's patch might be simpler, but I actually wrote
the patch based on what's done in vim's tcltutor script. There were some
reasons I wrote it which have been disregarded (mostly compatibility
reasons for things that don't have mktemp/tempfile)
(I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125)
- no credit is given to me, which I would have appreciated
- Ubuntu's patch for tcltags will remove the temporary file *twice* (once
on exit, once after the trap is called) as the last line of the script has
not been removed (rm $tmp_tagfile) as I did in my patch.
> * added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
> tcltags.sh so they use mktemp instead of insecure $$ construction to
> create temporary files (CAN-2005-0069) (closes: #289560)
A few comments and questions regarding this entry:
- the scripts seem to be ancient and no longer supported by either their
authors nor vim maintainer and have been removed upstream.
- I understand that Ubuntu's patch might be simpler, but I actually wrote
the patch based on what's done in vim's tcltutor script. There were some
reasons I wrote it which have been disregarded (mostly compatibility
reasons for things that don't have mktemp/tempfile)
(I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125)
- no credit is given to me, which I would have appreciated
- Ubuntu's patch for tcltags will remove the temporary file *twice* (once
on exit, once after the trap is called) as the last line of the script has
not been removed (rm $tmp_tagfile) as I did in my patch.
Regards
Javier