Hide Forgot
The ispell macro in joerc has several problems. First, since we actually have aspell instead of ispell, it's using aspell in compatibility mode. The main negative effect of this is that it leaves ispell.tmp.bak files laying around (ispell wouldn't create those, so the macro doesn't know to remove them). Second, the 'ispell.tmp' name itself is problematic. Instead, it should use mktemp. I'm goin gto attach a patch to joerc.in to fix this. The specfile should also be updated to require mktemp, of course.
Created attachment 100603 [details] patch to use mktemp (and aspell)
Pushed upstream. http://sourceforge.net/mailarchive/forum.php?forum_id=2185&max_rows=25&style=ultimate&viewmonth=200405
I suggested it to the author as well. However, I'm not sure that this one will be accepted upstream, because some places where joe is in use probably actually *do* have ispell. Changing to use aspell is a distro-dependent config. Likewise, not everywhere will have "mktemp -t", but that's the right thing to do for Fedora / Red Hat. And, I'm not sure how long it will be until upstream would accept and release a new version, even if they do. The mktemp issue is a security vulnerability (admitably minor) and could be used as a symlink attack, so I'd like to see that included sooner rather than later. And while doing that, might as well change to using aspell to clean up the .bak file problem.
Yeah, a bit of this seems to have gone into 3.1 --it now uses my "SPLTMP" variable, but sets it explicitly to "ispell.tmp". Using mktemp -t is better. I think also that the upstream change has made it so aspell is a buildprereq for the package -- if aspell isn't found, it'll assume ispell.
joe-3.1-1.2 should appear in rawhide soon.
Cool. Will you patch it to use the mktemp thing?
Yes.
Cool. Best Editor Ever. :) Thanks!