zsh provides a difflog.pl script in /usr/share/zsh/4.3.4/Util/difflog.pl which uses insecurely created files in /tmp, same kind of issue than bug #198231. Thanks to Elias Pipping for noticing.
Mamoru, do you know if upstream is aware of this? We could modify the feynmf patch, but having an official corrected release from upstream would probably be better. Any opinion?
(In reply to comment #1) > Mamoru, do you know if upstream is aware of this? We could modify the feynmf > patch, but having an official corrected release from upstream would probably be > better. Any opinion? > actually cc'ing maintainer :)
usata announced his retirement recently. zsh devs are aware of the issue: http://www.zsh.org/mla/workers/2007/msg01060.html and follow ups (especially <http://www.zsh.org/mla/workers/2007/msg01065.html>)
Since the decision is going to be not to distribute that file, it should be removed from the ebuild. Anyone in cc on this bug willing to maintain this baby? If not, we should ask the dev community.
I've just added two new ebuilds without difflog.pl (4.3.2-r3 and 4.3.4-r1). (BTW upstream has fixed the issue in their repo.) =app-shells/zsh-4.3.2-r3 should be stabilized again. Removing difflog.pl is the only substantial change.
Arches, please test and mark stable app-shells/zsh-4.3.2-r3. Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
ppc stable
x86 stable
ppc64 stable
Stable for HPPA.
alpha/ia64/sparc stable
amd64 stable
voting time. I tend to vote No since the script usage seems to be extremely unlikely, according to the zsh ml.
voting NO, too. closing.
Does not affect current (2008.0) release. Removing release.