I've just noticed a bug, introduced by upstream's 7.2.010 patch, which essentially makes the command it was trying to fix useless. Because of that and the rather large diff between the current Lenny and Sid packages (which I expect will cause my current request to be rejected anyway), I'll be working on a package specifically targeted at t-p-u. It will contain fixes to the issues quoted below. I'll still need to pull in some updated runtime files, so I don't expect the debdiff to be tiny but it should be much more manageable than the current one. I'll also be uploading 2:7.2.010-2 RSN to fix the bug I mentioned earlier (one line fix) which, if 7.2.010 hasn't already been discounted for Lenny, would be package I'd prefer to see in Lenny. On Wed, Oct 01, 2008 at 03:46:58PM -0400, James Vega wrote: > The following are the issues I strongly think should be included in the > Lenny version of Vim: > > - /etc/vim/vimrc.tiny was moved from vim-common to vim-tiny in > 1:7.1.293-2, but vim-common.preinst didn't exist to remove the > conffile from vim-common's control. (#499451) > > - vim-tiny and vim-runtime install conflicting files (as of 1:7.1-056+1) > which was handled by vim-runtime Replacing vim-tiny. This was changed > to use diversions in 1:7.1.314-1 to avoid losing files if vim-runtime > is later removed by the user. > The maintainer scripts handling the transition to diversions weren't > fully sorted out (and therefore caused potential install/upgrade > issues) until 2:7.2.000-1. (#492540) > > - Vim 7.2 has improved filename escaping issues to address the > possibility of causing Vim to run arbitrary commands by editing files > with specially crafted file names or contents. It also contains > updates to the runtime files to make use of (and correct initial > attempts at using) the new escaping functions. (#492519, #488557, > #500381) > > The following are less important but issues that I'd prefer to have > released in Lenny: > > - In 1:7.1-245+1, after dicussion with upstream, I added a patch which > delayed the effect of using the -N/-C command line options until after > Vim had finished reading all of its config files (#438560). In > further prodding about the status of the patch being included, > upstream decided that this change in behavior really wasn't something > he wanted and the patch was backed out in 2:7.2.000-3. Having > 1:7.1.314-3 released with Lenny would be a regression in this regard. > > - Vim could be made to malloc many GB of memory via specially crafted > spell files, thus causing the system to hang until Vim was killed by > the OOM killer[2]. This was partially patched in 1:7.1-022+1 to address > the problems I knew of but was more thoroughly fixed by upstream in > 7.2. -- James GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan@debian.org>
Attachment:
signature.asc
Description: Digital signature