Hi,

Current version of vim available in Slackware 14.1 is 7.4.050. This version uses broken implementation of Blowfish encryption algorithm. This has been known for some time. This bug is fixed in vim-7.4.399, but it's not available in Slackware 14.1.

I was wondering: is it reasonable to make a request for updating vim in Slackware 14.1 to the version where encryption is fixed? That would be just a micro version update. How do I make this kind of request? Do we have some kind of process for it?

Hi,

You just did it.

Initially I thought I'll just build a more recent version from source. But it's not exactly user friendly... I was surprised to see that one has to manually apply hundreds of patches to get to the latest patchlevel from 7.4 branch.

So I thought that maybe it would be worthwile to update the package in the distribution, since Slackware 14.1 is still supported. Especially that it would address a well known issue.

You could try building the vim and gvim source from 14.2, or from Current if you don't mind moving up to version 8.

You can just grab the tarball from github for that release.

For the 7.4 branch, they have up to the 2367 patchlevel.

But that is not a very friendly release style. Looks like pretty much every commit is turned into a release. I feel sorry for people who need to keep up with it.

That's a good tip. How did you find that download link? I was looking at the github page of vim before I posted, but I couldn't find it there.

There is a "releases" tab on github if you're on the main page. Once I went in there, I started browsing through their releases, but that was a fruitless endeavor, due to how many frickin releases they had. So I then checked your initial post which stated they fixed it in the .399 patch release, and I tried typing that in, which worked. I then checked their patches directory to find their highest patch for the 7.4 series and then plugged that into github, which is what I linked to.

The following is mostly unimportant, but if you download github releases frequently, it might be helpful to learn.

That actually isn't the exact link provided by github, but if you use their link (https://github.com/vim/vim/archive/v7.4.2367.tar.gz), you can get different names depending on whether you use a downloader that supports content disposition. Most (all?) browsers do, but wget, without flags, won't. If you download something that supports content disposition, it will take that link and provide you with vim-7.4.2367.tar.gz, but if you use something that doesn't support content disposition, it will use the exact name from the server, in this case, v7.4.2367.tar.gz. So, github provides a fancy way to change the name of the download by adding your own filename after the version. In this case, we want to add the program name and the version, keeping tar.gz at the end.

So, we're taking the following and adding the bit in red to make the filename end up with vim-7.4.2367.tar.gz.
https://github.com/vim/vim/archive/v7.4.2367.tar.gz
https://github.com/vim/vim/archive/v7.4.2367/vim-7.4.2367.tar.gz

It should be noted that basically, git will use the repo name and the version (removing an v from before it) for the folder name of the tarball. Basically, if your github release is formatted like: https://github.com/user/repo/v1.2.3, the folder will be called repo-1.2.3/, no matter what filename you put at the end. So, if you put https://github.com/user/repo/v1.2.3/repo-custom-1.2.3.4.tar.gz, the file will be called repo-custom-1.2.3.4.tar.gz, but when you extract it, the folder will just be repo-1.2.3/.

If you end up creating a SlackBuild for SBo based on a github release, the above information can help prevent some error reports from users who may or may not being using a downloader with content disposition. It's caught me before on a few of the SlackBuilds I maintain.

5 members found this post helpful.

This is very informative. I was wondering about these things, but never found the time to investigate the details. Thank you for putting this together.

To build vim 8, you just do this:

And then you upgradepkg to the new vim packages in /tmp.

I'm 100 percent sure that this will work on 14.1.

You wish. There is no 7.4 branch. Just trunk (master).

For example "patch 1274" ("7.4.1274") adds the job functionality of vim8.

7.4.2367 is really 8.0.

vim issue - Where do we see work for v8? #900

Now compare vim's mess to python - https://github.com/python/cpython/branches/active - python has stable branches and one trunk for playing around (master).

Well, that was really disrespectful of you to approach Vim developers in such fashion, I'm not surprised by the outcome of this GitHub issue.

Try to look at this from a different perspective. Vim is a very old project that's still in development (from Wikipedia: "Bram Moolenaar began working on Vim for the Amiga computer in 1988. Moolenaar first publicly released Vim (v1.14) in 1991."). It's been maintained mostly by a single person (with help from others) for more than 25 years without any monetary reward. 25 years is a big chunk of someone's life when you think about it. So try to be more grateful to this person for his ongoing commitment to this project which you seem to care about as well.

That's really a peculiar way of maintaining and releasing software...
I'll skip patching 7.4 and just build version 8.0.x like dugan suggested. It appears to be the most reasonable solution.

Geez, that makes it even worse. That's crazy that they don't keep things separate.

So, just because he's been doing it for 25 years excuses poor coding practice? Good points were brought up that it is almost impossible to distinguish between bug fixes and new (potentially buggy/harmful) additions. Not to mention there are literally 1000s of releases to try and wade through even if they did keep stable and development separate.

Personally, I don't care too much about this, because I'm not a vim user, but for someone trying to get a known stable, patched version of vim (not just rolling the dice hoping the latest commit/release fits that criteria)... good luck.

No, of course anyone's free to criticize the current development model of Vim and suggest ways to make it better, I myself do think it could be better. But telling it in the way it was told ("the way you're doing things is stupid, you should be doing this instead") to someone who's doing it for free and giving his work away for free (and for so many years!) for anyone to use however they like won't be received with much enthusiasm, to say the least.

The way I see it, it's essentially a rolling release development model, with major versions being a snapshots to indicate that some milestones have been accomplished. There, now I put a more trendy term on it.

vim-7.4.399 is now available in Slackware 14.1: ChangeLog.txt

I'm marking thread as solved. Thanks for your helpful replies.

1 members found this post helpful.