vim-7.4.050 in Slackware 14.1 uses broken Blowfish encryption
Hi,
Current version of vim available in Slackware 14.1 is 7.4.050. This version uses broken implementation of Blowfish encryption algorithm. This has been known for some time. This bug is fixed in vim-7.4.399, but it's not available in Slackware 14.1. I was wondering: is it reasonable to make a request for updating vim in Slackware 14.1 to the version where encryption is fixed? That would be just a micro version update. How do I make this kind of request? Do we have some kind of process for it? |
Hi,
Quote:
|
Initially I thought I'll just build a more recent version from source. But it's not exactly user friendly... I was surprised to see that one has to manually apply hundreds of patches to get to the latest patchlevel from 7.4 branch.
So I thought that maybe it would be worthwile to update the package in the distribution, since Slackware 14.1 is still supported. Especially that it would address a well known issue. |
You could try building the vim and gvim source from 14.2, or from Current if you don't mind moving up to version 8.
|
Quote:
Code:
wget https://github.com/vim/vim/archive/v7.4.399/vim-7.4.399.tar.gz Code:
wget https://github.com/vim/vim/archive/v7.4.2367/vim-7.4.2367.tar.gz |
Quote:
|
There is a "releases" tab on github if you're on the main page. Once I went in there, I started browsing through their releases, but that was a fruitless endeavor, due to how many frickin releases they had. So I then checked your initial post which stated they fixed it in the .399 patch release, and I tried typing that in, which worked. I then checked their patches directory to find their highest patch for the 7.4 series and then plugged that into github, which is what I linked to.
The following is mostly unimportant, but if you download github releases frequently, it might be helpful to learn. That actually isn't the exact link provided by github, but if you use their link (https://github.com/vim/vim/archive/v7.4.2367.tar.gz), you can get different names depending on whether you use a downloader that supports content disposition. Most (all?) browsers do, but wget, without flags, won't. If you download something that supports content disposition, it will take that link and provide you with vim-7.4.2367.tar.gz, but if you use something that doesn't support content disposition, it will use the exact name from the server, in this case, v7.4.2367.tar.gz. So, github provides a fancy way to change the name of the download by adding your own filename after the version. In this case, we want to add the program name and the version, keeping tar.gz at the end. So, we're taking the following and adding the bit in red to make the filename end up with vim-7.4.2367.tar.gz. https://github.com/vim/vim/archive/v7.4.2367.tar.gz https://github.com/vim/vim/archive/v7.4.2367/vim-7.4.2367.tar.gz It should be noted that basically, git will use the repo name and the version (removing an v from before it) for the folder name of the tarball. Basically, if your github release is formatted like: https://github.com/user/repo/v1.2.3, the folder will be called repo-1.2.3/, no matter what filename you put at the end. So, if you put https://github.com/user/repo/v1.2.3/repo-custom-1.2.3.4.tar.gz, the file will be called repo-custom-1.2.3.4.tar.gz, but when you extract it, the folder will just be repo-1.2.3/. If you end up creating a SlackBuild for SBo based on a github release, the above information can help prevent some error reports from users who may or may not being using a downloader with content disposition. It's caught me before on a few of the SlackBuilds I maintain. |
Quote:
|
To build vim 8, you just do this:
Code:
rsync -avP rsync://ftp.osuosl.org/slackware/slackware64-current/source/xap/vim-gvim/ . I'm 100 percent sure that this will work on 14.1. |
Quote:
For example "patch 1274" ("7.4.1274") adds the job functionality of vim8. 7.4.2367 is really 8.0. Quote:
Now compare vim's mess to python - https://github.com/python/cpython/branches/active - python has stable branches and one trunk for playing around (master). |
Quote:
Try to look at this from a different perspective. Vim is a very old project that's still in development (from Wikipedia: "Bram Moolenaar began working on Vim for the Amiga computer in 1988. Moolenaar first publicly released Vim (v1.14) in 1991."). It's been maintained mostly by a single person (with help from others) for more than 25 years without any monetary reward. 25 years is a big chunk of someone's life when you think about it. So try to be more grateful to this person for his ongoing commitment to this project which you seem to care about as well. |
Quote:
I'll skip patching 7.4 and just build version 8.0.x like dugan suggested. It appears to be the most reasonable solution. |
Quote:
Quote:
Personally, I don't care too much about this, because I'm not a vim user, but for someone trying to get a known stable, patched version of vim (not just rolling the dice hoping the latest commit/release fits that criteria)... good luck. |
Quote:
Quote:
|
vim-7.4.399 is now available in Slackware 14.1: ChangeLog.txt
I'm marking thread as solved. Thanks for your helpful replies. :) |
All times are GMT -5. The time now is 03:20 AM. |