> * added a new patch (stolen from Ubuntu) which modifies vimspell.sh and > tcltags.sh so they use mktemp instead of insecure $$ construction to > create temporary files (CAN-2005-0069) (closes: #289560)
A few comments and questions regarding this entry: - the scripts seem to be ancient and no longer supported by either their authors nor vim maintainer and have been removed upstream. - I understand that Ubuntu's patch might be simpler, but I actually wrote the patch based on what's done in vim's tcltutor script. There were some reasons I wrote it which have been disregarded (mostly compatibility reasons for things that don't have mktemp/tempfile) (I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125) - no credit is given to me, which I would have appreciated - Ubuntu's patch for tcltags will remove the temporary file *twice* (once on exit, once after the trap is called) as the last line of the script has not been removed (rm $tmp_tagfile) as I did in my patch. Regards Javier
signature.asc
Description: Digital signature
