> * added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
> tcltags.sh so they use mktemp instead of insecure $$ construction to
> create temporary files (CAN-2005-0069) (closes: #289560)
A few comments and questions regarding this entry:
- the scripts seem to be ancient and no longer supported by either their=20
authors nor vim maintainer and have been removed upstream.
- I understand that Ubuntu's patch might be simpler, but I actually wrote=
=20
the patch based on what's done in vim's tcltutor script. There were some=20
reasons I wrote it which have been disregarded (mostly compatibility=20
reasons for things that don't have mktemp/tempfile)
(I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125)
- no credit is given to me, which I would have appreciated
- Ubuntu's patch for tcltags will remove the temporary file *twice* (once
on exit, once after the trap is called) as the last line of the script has
not been removed (rm $tmp_tagfile) as I did in my patch.
Regards
Javier
--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden> 1?Q?Fern= E1ndez- Sanguino_ Pe=F1a? = <email address hidden> 1?Q?Fern= E1ndez- Sanguino_ Pe=F1a? = <email address hidden>
Date: Wed, 19 Jan 2005 09:08:38 +0100
From: Javier =?iso-8859-
To: <email address hidden>
Cc: Javier =?iso-8859-
Subject: Re: Bug#289560 acknowledged by developer (Bug#289560: fixed in vim 1:6.3-058+1)
--fdj2RfSjLxBAspz7 Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
> * added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
> tcltags.sh so they use mktemp instead of insecure $$ construction to
> create temporary files (CAN-2005-0069) (closes: #289560)
A few comments and questions regarding this entry:
- the scripts seem to be ancient and no longer supported by either their=20
authors nor vim maintainer and have been removed upstream.
- I understand that Ubuntu's patch might be simpler, but I actually wrote=
=20
the patch based on what's done in vim's tcltutor script. There were some=20
reasons I wrote it which have been disregarded (mostly compatibility=20
reasons for things that don't have mktemp/tempfile)
(I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125)
- no credit is given to me, which I would have appreciated
- Ubuntu's patch for tcltags will remove the temporary file *twice* (once
on exit, once after the trap is called) as the last line of the script has
not been removed (rm $tmp_tagfile) as I did in my patch.
Regards
Javier
--fdj2RfSjLxBAspz7 pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
ehJTrj0oRAqDnAK C/VNkaR3c53ic2W JvChz1GVEX1JwCe M+8u AirAXiOY=
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB7hWGi4s
BJ2Ur/vRHN1jeh4
=fC6E
-----END PGP SIGNATURE-----
--fdj2RfSjLxBAs pz7--