Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#59314 - Wrong environment usage in archlinux.vim

Attached to Project: Arch Linux
Opened by Ivan Gut (ivanarch) - Thursday, 12 July 2018, 23:16 GMT
Task Type Bug Report
Category Packages: Extra
Status Unconfirmed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:
The source file "archlinux.vim" in trunk contains a reference to the XDG_CACHE_HOME environment variable.
This variable should be used only for the storage of non-essential data. See: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
The cached data files may be deleted without any problem, but vim swap files should not be considered non-essential data, as they may be used for recovering data from vim or system crashes.

Instead use the variable XDG_DATA_HOME and the default directory ".local/share" as shown below:

------------------------ ORIGINAL ------------------------------
" Move the swap file location to protect against CVE-2017-1000382
if exists('$XDG_CACHE_HOME')
let &g:directory=$XDG_CACHE_HOME
else
let &g:directory=$HOME . '/.cache'
endif

------------------------ REPLACEMENT ------------------------------
" Move the swap file location to protect against CVE-2017-1000382
if exists('$XDG_DATA_HOME')
let &g:directory=$XDG_DATA_HOME
else
let &g:directory=$HOME . '/.cache'
endif


Additional info:
* package version(s) 8.1.0022
* config and/or log files: archlinux.vim


Steps to reproduce:
Not applicable.
This task depends upon

Comment by Ivan Gut (ivanarch) - Thursday, 12 July 2018, 23:21 GMT
Errata in replacement lines:

------------------------ REPLACEMENT ------------------------------
" Move the swap file location to protect against CVE-2017-1000382
if exists('$XDG_DATA_HOME')
let &g:directory=$XDG_DATA_HOME
else
let &g:directory=$HOME . '/.local/share'
endif
Comment by Eli Schwartz (eschwartz) - Friday, 13 July 2018, 01:29 GMT
I think the motivation for using the cache directory was that if you need to recover from a system crash you will do so immediately, whereas the cache is something you in the general course of things don't mind deleting.

FWIW I separately reimplemented XDG for vim, by putting viminfo, swap, and undo files in the cache. None of this is stuff I consider fundamentally data -- it's useful in the event of a crash, but it's all stuff I wouldn't lose sleep over if I lost -- mostly because most of it is many-times redundant.

Loading...